Encrypt your FPV WiFi

[RPA]

I originally thought the app/wifi link was purely for camera control but now the app has ground station functionality this opens a whole new can of worms.

I can cope with someone wiping my camera card or buggering about with camera settings but taking control of my phantom.......

Or have I misunderstood?

Has this tipped the encrypt or not scales further towards doing it?

I'm not sure yet but your instincts are spot on. The new ground station functionality certainly seems to imply that there's a control path in the Wifi link. I have a hunch as to how it's done but won't post hunches. Keep your head up and watch the boards. Other's more skilled at hacking these things are surely hard at work.

I've just conducted a packet capture and am in the middle of analyzing it...

The good news is that all of the control traffic appears to be going over a ser2net connection on TCP port 2001. Further, TCP port 2001 won't accept but 1 connection at a time. This means that as long as *YOU* have your DJI App running, no foreign influence can connect and muck w/ things.

This still won't prevent someone from wiping your wifi config and turning your P2V+ into an equivalent P2 w/ GoPro (since you can start a record on the ground via the camera button)... So, IMO.. either encrypting your wifi or changing your root password would still be advised based on this..

Still looking into the protocol...
LK

Well that's somewhat reassuring.

It's so ridiculously unlikely where I currently fly that someone would a) be there watching b) know what make/model I was flying c) have the knowledge to deliberately screw things up for me.

So I really don't think I need to worry but it's good to know that once I'm hooked up, no one else can.

 

[jumanoc]

It's so ridiculously unlikely where I currently fly that someone would a) be there watching b) know what make/model I was flying c) have the knowledge to deliberately screw things up for me.

So I really don't think I need to worry but it's good to know that once I'm hooked up, no one else can.

Warning, once you connect, no one else can connect to Video Stream, but anyone still can connect to the network, and mess it, reboot, etc

 

[brushlesheaven]

Is 192.168.1.2 and password same as RE-500 when connecting to RE-700?

 

[linuxkidd]

Is 192.168.1.2 and password same as RE-500 when connecting to RE-700?

The password for both repeaters and the Phantom Vision / Vision+ are all the same at this time (at least, they come from the factory the same).

 

[Eason]

can i ask you if i change ht mode to 40mhz ，and next should i check up the "force 40mhz mode" option ?

This HowTo will advise on how to enable encryption on the FPV WiFi, but ONLY the one between the repeater and your FPV device! (Encrypting P2V+ to Repeater comms takes a bit more juggling, but I'll write it up tomorrow.)

Via Command Line:
Please use the WebUI method below. There are too many ways to mess up the only means (your wifi connection) you have of fixing the Repeater/Drone if you're on the CLI.

Via WebUI:

1. Install the WebUI per THIS THREAD
2. Log into the WebUI at http://192.168.1.2 with Username root and password 19881209
3. Click 'Network' -> 'WiFi'
   
   
4. Click on 'Edit' next to your 'Phantom_XXXXXX' WiFi
   
   
5. Scroll to the bottom, Under 'Interface Configuration' click on 'Wireless Security'
   
   
6. Select the Encryption of your choice from the 'Encryption' drop down (I strongly recommend WPA2+PSK)
7. Select the Cypher of your choice from the 'Cypher' drop down (I strongly recommend Force CCMP (AES))
8. Type in the password of your choice in the 'Key' area
   
   
9. Click the 'Save & Apply' Button
10. Wait for the WiFi Repeater to reboot, and reconnect with your newly encrpyted WiFi network
11. After the Repeater boots, re-connect to your newly encrypted FPV Repeater WiFi using the encryption standard and password you picked!

Enjoy!
LK

 

[linuxkidd]

can i ask you if i change ht mode to 40mhz ，and next should i check up the "force 40mhz mode" option ?

I personally wouldn't. Leaving this unchecked is a bit of a safety net in case you need to connect with a device that doesn't support the 40mhz channel width. Any item that does support it should negotiate the higher bandwidth connection automatically.

LK

 

[BioTeq]

Hi Guys,
Can someone please confirm that the disabling of encryption in the exact reverse of the steps described here will safely decrypt the connections? I wouldn't want to be left with a locked-out extender, or worse - phantom

This is my sequence of events that I assume is logical and correct:
Decrypting repeater-phantom connection:

1. Connect to the Phantom hidden network FC200_XXXX
- disable encryption on FC200_XXXXX, save/apply

2. Connect to repeater network - Phantom_XXXXX
- disable encryption for FC200_XXXXXX, save/apply

Sorry if it's a silly question, better safe then sorry

 

[HunterSK]

Hi BioTeq,

I would disable encryption on the repeater first. aircraft second.

This is because as soon as you change encryption settings, it will break connection between the repeater and the aircraft. once this occurs you will find it hard to connect the repeater. So it makes sense to do the repeater initially.

The Phantom aircraft can be connected directly via it's IP address (192.168.1.1). I assume you know this already, but I'll mention that you will need to assign a manual IP on your computer if you connect to the aircraft directly as the aircraft does not run a DHCP server.

 

[BioTeq]

I would disable encryption on the repeater first. aircraft second.

This is because as soon as you change encryption settings, it will break connection between the repeater and the aircraft. once this occurs you will find it hard to connect the repeater. So it makes sense to do the repeater initially.

The Phantom aircraft can be connected directly via it's IP address (192.168.1.1). I assume you know this already, but I'll mention that you will need to assign a manual IP on your computer if you connect to the aircraft directly as the aircraft does not run a DHCP server.

Thanks for that HunterSK, I remember losing the connection when encrypting.
Yes I remember about the static IP - I did have the reconnection problem when encrypting

So the correct order would be:
1. Connect to repeater network - Phantom_XXXXX
- disable encryption for FC200_XXXXXX, save/apply

2. Connect to the Phantom hidden network FC200_XXXX
- disable encryption on FC200_XXXXX, save/apply

Edit: OK guys, a small update. Since I didn't want to tinker around my P2V+ with the encryption enabled, I've tested this, and confirm it works in this sequence. Definitely a good idea to do the repeater first. Thanks again @HunterSK.