[P4] Firmware Jailbreak

[DanielMyst777]

I have not found many/any threads related to accessing Phantom 3-4 firmware parameters or re-flashing. I am thinking either the people who are interested in accessing DJI-locked firmware parameters such as NFZ restrictions, max flight altitude, and engine performance options haven't had much luck bypassing communication/encryption on the firmware or there simply isn't enough motivation or interest in achieving this.

If anyone knows any progress or groups interested in this undertaking let me know as I have not found any. This is a touchy subject so I am sure this thread will have troll and grief posts, but I want those who are genuinely curious or interested to post or help.

 

[John Locke]

There was a thread on this subject in the P3P section. It turned into a membership only club I believe. I'm unsure if any progress was made. Maybe someone will invite you. I gotta believe there are holes in the code since it seems to be so poorly written and tested in the first place. It's gotta be hackable.

 

[Chopstix Kid]

It turned into a membership only club I believe. I'm unsure if any progress was made. Maybe someone will invite you.

Like the movie Tomorrowland?

 

[sandman259]

The mighty iPhone was hacked years ago so I would think it would be pretty easy for someone that knows how to do that sort of thing. And an iPhone is way more complicated and protected compared to our phantoms. I've been curious about this as well...


Sent from my iPhone using PhantomPilots mobile app

 

[Ibmftw]

Once you have physical access most, if not ALL software/firmware can be reverse enginered embedded or not, its just a matter of finding the exploitable code (vulnerabilities), once you have the boot loader extracted and or its kernal and file system, provided you can read and write the languages the system uses, its all over, long story short if you really know what you are doing, and looking for, its usually only a matter of time and not a matter of if or not its possible. Im 99.9% sure I could crack it even if the system used a custom bootloader and a custom file system, it would just take alot lot .... lot longer, i.e. running searches against a hex dump and looking for familiar strings (to give us hints as to what bootloader was used, what the file system maybe written in, what some parts of the code are compiled with or even compressed with) wouldnt be easy, some companies will even go as far to use custom compression software to throw us off and make sure we dont see anything obviousley important in the hex. I have made a good living doing the very thing you are asking and have spent around 14 years working mostly around embedded device security (among other things), I am pretty good at my job I think and I can garuntee you if I couldnt get the phantom to take a custom firmware, SOMEONE else could. Lastly the leagiality of reverse engineering software differs from country to country even region to region and is very complex to the point of if you engineer the software on a device that communicates with another device that you might not own (even over the air for example) you could be breaking laws so be careful.

 

[N017RW]

I have not found many/any threads related to accessing Phantom 3-4 firmware parameters or re-flashing. I am thinking either the people who are interested in accessing DJI-locked firmware parameters such as NFZ restrictions, max flight altitude, and engine performance options haven't had much luck bypassing communication/encryption on the firmware or there simply isn't enough motivation or interest in achieving this.

If anyone knows any progress or groups interested in this undertaking let me know as I have not found any. This is a touchy subject so I am sure this thread will have troll and grief posts, but I want those who are genuinely curious or interested to post or help.

This has been going on since the P2 some 2+ years now and no one has yet to succeed.
(initially to bypass the proprietary battery IIRC)

There are other 'groups' on other forums as well.

If anyone has learned anything it's DJI as the participants have provided them with a lot of information and details on their efforts.

 

[xgaul]

There's the thing you can plug in... Coptersafe


Sent from my iPhone using PhantomPilots mobile app

 

[Sinisalo]

I have not found many/any threads related to accessing Phantom 3-4 firmware parameters or re-flashing. I am thinking either the people who are interested in accessing DJI-locked firmware parameters such as NFZ restrictions, max flight altitude, and engine performance options haven't had much luck bypassing communication/encryption on the firmware or there simply isn't enough motivation or interest in achieving this.

If anyone knows any progress or groups interested in this undertaking let me know as I have not found any. This is a touchy subject so I am sure this thread will have troll and grief posts, but I want those who are genuinely curious or interested to post or help.

I have seen this for the P3S:
Phantom 3 Standard range mod , let's do it together...
The final video tutorial linked in that thread lists this as a possibility for the P4, I am out of my return period otherwise I would test. I recommend you read the entire above thread before attempting anything: