If you expect a final report-worthy summary, spaning several paragraphs, the reality might hit you hard. Enough words have been lost in my Master Thesis “DJI Wi-Fi Protocol Reverse Engineering”, covering everything on this blog and beyond, such that we offer you a publicly available link to the thesis instead. You might find conspicuous definition …
Author: Thomas Christof
Hands-on MAUI
MAUI isn’t out yet – thus don’t cite any of this in the future. However, with Preview 9 some groundbreaking, innovative, industry-changing features came to life: Borders, Shadows, and Corners. </sarcasm> But let’s be real, I just want to take a look at the current development state and the new Windows App SDK. Sooooooooo Architecture …
NGINX with Blazor Server-Side
If you do have a TLS certificate (strongly recommended) you can force each connecting client to switch from HTTP to HTTPS. There are various ways to do so, however, I find it pretty easy to apply the following config to each server configuration. Furthermore, the return value does not statically include any destination URL, but …
DJI Protocol – Day 8 – Progress Report
It is official now – After weeks of full-time investigating the Dji Low-Level Wifi Protocol I had my first dream featuring HEX numbers. I had an operation years ago and within the dream I did explain my pain on a HEX scale to the doctor, whereas 0xFF represented severe pain and 0x00 no pain. Well,… …
DJI Protocol – Day 7 – Progress Report
As we were capable of reconstructing the CRC target and XOR parameters last time for the connection handshake, we will re-review the 0x21 packet and try to apply the same strategy. Maybe there are some CRC values hidden behind the bytes which we weren’t able to categorize. 0x07 seems to be a CRC checksum of …
DJI Protocol – Day 6 – Progress Report
After some flights and live investigations with our custom network monitoring tool we did generate a lot of data, ready for further offline analysis. However, one strength of the live investigation tool is its capability to sort and filter network traffic, which isn’t available anymore after the application has been closed, resulting in the need …
DJI Protocol – Drone – Connection Establishment
Identifier Description Payload length 0x08 After the operator has sent a connection establishment packet, the drone’s response is a connection establishment confirmation. 8 Address Bytes Findings 0x00 – 0x01 2 Packet Length – ((0x01 & 0x0F) << 8) + 0x00 0x02 – 0x03 2 Session Identifier – Value retrieved by Handshake at position 0x02 – 0x03 0x04 – 0x06 3 Padding …
DJI Protocol – Operator – Connection Establishment
Identifier Description Payload length 0x30 Once the operator enters the wireless network, the first packet sent is Connection Establishment. As far as we could conclude, the operator also sends this packet once the connection has been lost. This still requires further investigation. 48 Address Bytes Findings 0x00 – 0x01 2 Packet Length – ((0x01 & 0x0F) …
DJI Protocol – Day 5 – Progress Report
We already got some hints and clues within our last packet inspection about a possible drone-rotation command. However, the reverse-engineering process is quite intense as too many unknown variables are in the game. Thus, we require a better overall strategy for this project. The DJI Protocol – Packet Types page will fully feature all known …