https://emlid.com/reachrs2/?utm_source=phantompilots&utm_medium=banner&utm_campaign=rs2_phantom_feb2021_leaderboard

root access password

Joined
May 3, 2014
Messages
15
Reaction score
0
Hi all,

you can ssh to both the drone and the wifi extender as root using passwod 19881209

enjoy and let me know what you find out.
 
Joined
Apr 18, 2014
Messages
4
Reaction score
0
this is huge! oooo the possibilities now!!!!

I can confirm this information

[email protected]'s password:


BusyBox v1.19.4 (2013-04-22 22:41:57 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

-----------------------------------------------------
DJI-INNOVATIONS
-----------------------------------------------------
* FC200-Vision+ RE
* [email protected]
* 02/21/2014
* Version 1.01
* ART / DHCP down / ping
-----------------------------------------------------
[email protected]:~#

[email protected]:/# cat /etc/shadow
root:$1$7jwZJyj/$qdwVW7zOZLr9H.bGXmWWV1:15807:0:99999:7:::
daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7:::
network:*:0:0:99999:7:::
nobody:*:0:0:99999:7:::
[email protected]:/#

-------------------------------------------------------

let the fun begin! ;)

first peice of advice... dont upgrade anytime soon.. i am sure dji will be changing this with future firmware upgrades...
think iphone hacking
 
Joined
Mar 27, 2014
Messages
515
Reaction score
170
While I have rooted my Galaxy 4S , I'm not sure what you are talking about here. Could you give us a step by step?
 
Joined
Mar 4, 2014
Messages
2,589
Reaction score
1,233
Location
Dublin Ireland
Im just wondering could this open a way to connect a gopro app on your phone to the wifi repeater and in turn control a gopro on its 2.4ghz wifi connected to a pv2 or pv2+
 
Joined
Dec 16, 2013
Messages
554
Reaction score
3
Location
Denmark
Mal_PV2_Ireland said:
Im just wondering could this open a way to connect a gopro app on your phone to the wifi repeater and in turn control a gopro on its 2.4ghz wifi connected to a pv2 or pv2+

Maybe: http://youtu.be/qIY7M8lD6CM
 

mfp

Joined
May 31, 2014
Messages
35
Reaction score
0
We need to secure the network.

This should be the first task of any P2V+ wifi hack.

I worry about rogue hackers out there trying to commandeer my equipment.
 
Joined
Mar 4, 2014
Messages
2,589
Reaction score
1,233
Location
Dublin Ireland
DKDarkness said:
Mal_PV2_Ireland said:
Im just wondering could this open a way to connect a gopro app on your phone to the wifi repeater and in turn control a gopro on its 2.4ghz wifi connected to a pv2 or pv2+

Maybe: http://youtu.be/qIY7M8lD6CM

Excellent stuff mate! They've already done it, COOL!!!
 
Joined
May 4, 2014
Messages
137
Reaction score
19
Change your root password!

Hi Everyone,

I did some basic tests today and this is a serious security issue.

Using another computer (I used my iPad running a SSH terminal software), I was able to log into the Phantom and WiFi Repeater and do things like shutdown the WiFi connection mid flight. This instantly cuts the connection between the Phantom to your smart device, however the controller link is still fine.

I advise those of you who are concerned about your network security to change your root password immediately. I've done this on both my Phantom and the WiFi repeater and it doesn't affect the operation of the Vision iOS app or the controller link.

What it will affect is that PVFyer's V+ Booster app will not work, as it can't log in. Presumably that app was logging in your Phantom drone over WiFi as Root and making network changes. I have PM PVFlyer to update the app to allow a user-specified root password to be supplied to allow it to log in.

To change your root password:

1. Connect to your Phantom over WiFi using any computer
2. Run your favourite SSH client.
3. Log into either:

- 192.168.1.1 (FC200-Vision+)
- 192.168.1.2 (WiFi repeater)

4. Type 'passwd root'
5. Enter your new password twice
6. Password is now changed.
7. Type 'exit' to disconnect from SSH session
8. Repeat step 3-7 for the other device.
 

4wd

Joined
Mar 31, 2014
Messages
2,532
Reaction score
430
Location
North York Moors
Re: Change your root password!

HunterSK said:
I advise those of you who are concerned about your network security to change your root password immediately. I've done this on both my Phantom and the WiFi repeater and it doesn't affect the operation of the Vision iOS app or the controller link.
Seems rather paranoid, wouldn't they have to hack you between turning it on and your own device locking on since it only allows one connection?
I'd be too worried this would cause other hard to resolve problems sooner or later, apart from immediately blocking the boost app.

I can see interesting developments in third party custom firmware with all manner of useful changes though.
 
Joined
May 4, 2014
Messages
137
Reaction score
19
You're vulnerable whenever your WiFi network is on.

Only one Vision app can connect at the same time, but I found out tonight that multiple computers can join the Phantom WiFi network. I had both my Mac and iPad SSH'ing into my Phantom at the same time.

So someone could hack your drone system with their phone at any time your Phantom is in the air.
 
Joined
Apr 18, 2014
Messages
4
Reaction score
0
just image... your flying your phantom... bad guy with an iphone and issh installed on his phone..
he could
ssh into your phantom while your flying..
then they type the reboot command..
and baammmm your phantom reboots mid air.... which means its gonna come crashing to the ground!
technically could blame all crashs on dji now!! "someone hacked my phantom and crashed it!"
its DJI security negligence that caused the crash! :)
 
Joined
Apr 30, 2014
Messages
264
Reaction score
0
Location
Philly
rsauron said:
just image... your flying your phantom... bad guy with an iphone and issh installed on his phone..
he could
ssh into your phantom while your flying..
then they type the reboot command..
and baammmm your phantom reboots mid air.... which means its gonna come crashing to the ground!
technically could blame all crashs on dji now!! "someone hacked my phantom and crashed it!"
its DJI security negligence that caused the crash! :)

That's not really the case is it? They could reboot your camera or muck with what the camera is sending to the app but I don't think they could make your phantom fall from the sky.

Now if there's a command-able two way path from the camera shell to the running flight control code, which is a real possibility since telemetry is sent over a serial port to the camera, then we should be concerned.
 
Joined
Mar 21, 2014
Messages
908
Reaction score
11
Location
Brooklyn, NY
Cool right?

I would love for someone to confirm if they can get the fc40 can connected to the extender.I would love to minimize my equipment by getting rid of my Linksys repeater and using the DJI extender
 
Joined
Nov 21, 2013
Messages
49
Reaction score
1
hi all,

first of all - I do agree it is a bit paranoid to encrypt the camera connection - the only thing obviously possible is a reboot of the FPV and that's not really a crucial thing for most people.

I'm away from my phantom now so can't check it out but could someone see how the telemetry is hooked up to the camera system? is it both ways tty? other serial solution? this would be good to know - if there's any way to connect to the mainboard via telemetry connection then we have a problem - otherwise a non issue

cheers!
 
Joined
Jun 12, 2014
Messages
79
Reaction score
2
Location
Anywhere USA - Fulltime RV'er
rnrnrn said:
...first of all - I do agree it is a bit paranoid to encrypt the camera connection - the only thing obviously possible is a reboot of the FPV and that's not really a crucial thing for most people...

Keep in mind that the config details are in /etc/config. Anyone with access could wipe a config file, put non-sense in your /etc/config/wireless (for example) and wham... No wifi.. EVER.. Until at least DJI releases full firmware for the WiFi control board/camera.. If they do this on the repeater, you're also SOL.. The microUSB port doesn't have a data connection.. So, there's no recovering it by the consumer. A trip to DJI for repair and the long wait associated there-with.

Think this is paranoid? Quads are all over the news recently. Especially with the guy loosing his on-top of the Dallas Cowboy's Stadium. There's a lot of 'paranoid' people who think we're out to do nothing but invade their privacy and take away their guns.. Some of them can play on computers and a thread like this is perfect to teach them how to muck w/ our $1300 investment with complete anonymity.

Whether we're being paranoid or not... an ounce of prevention is worth an 8 week DJI repair cure...

I've got a couple of threads in my signature for enabling encryption.. but at least.. the very least.. change your root password.

LK
 

New Threads

Forum statistics

Threads
140,276
Messages
1,446,115
Members
102,047
Latest member
blueberry85