Drone Hacking Part 1: Dumping Firmware and Bruteforcing ECC

https://neodyme.io/en/blog/drone_hacking_part_1/

155•tripdout•3w ago

Comments

nerdsniper•3w ago

What a beautiful write-up! This is such a lovely resource for anyone who ever has the curiosity of "I'm interested in getting a firmware dump".

purplehat_•3w ago

For anyone else who got a little too excited at the title, ECC here is error correction codes, not elliptic curve crypto.

Very cool writeup, thanks for digging into all those data sheets and sharing it with us! I feel like the hands-on electronics stuff has always been a little bit inaccessible to me, but posts like these always make me a little more excited to start doing little projects myself. So thanks for posting.

eimrine•3w ago

Drane Hacking next: bypassing Radio Electronic Warfare.

speed_spread•2w ago

Dead Reckoning + Physical Media + Return to Base

eimrine•2w ago

What a laugher, of course it is not like that. Especially funny sounds the return to base function.

Multi-frequency communication, a lot of retranslators making you to be able to fly inside of caves, refusing to use Starlink in the areas having a bleeding-edge anti-starlink antennas deployed. Or just receiving Netflix-grade picture from the optical cable while reducing to zero anything emitting radio-signals.

aenis•3w ago

Fantastic and inspiring write up, big thanks!

Here is to hoping someone will do something similar for DRM'ed BOSCH ebike motors.

stavros•3w ago

Be the change you want to see in the world.

mschuster91•2w ago

> Here is to hoping someone will do something similar for DRM'ed BOSCH ebike motors.

Please not. Bike thieves are already annoying as they are (a ring in the rural city I live in managed to steal over 400 k€ worth of bikes in a matter of months, in my case they only stole the control unit), and so are people modding their bikes to run (way) faster than the legal limit, leading to more and more calls for them being banned off of normal bike tracks.

[1] https://www.idowa.de/regionen/landshut/landkreis-landshut/se...

gessha•2w ago

Is people stealing bikes and parts a technological problem or a people problem?

Palomides•2w ago

you could compare with apple locking down iphones and parts, which I understand significantly reduced theft

IshKebab•2w ago

I seriously doubt any kind of DRM is going to dissuade bike thieves. It hasn't really worked for phones has it?

mschuster91•2w ago

It has. Yes people still steal iPhones but not even close to levels pre-Activation Lock.

fc417fc802•2w ago

If you can't fence the product then there's no motivation to steal it in the first place.

Naturally, this is why we should add GPS and a network connection to every device in existence. /s

IshKebab•2w ago

> If you can't fence the product then there's no motivation to steal it in the first place.

Couple of big problems with this thought:

* You have to know you can't fence it. Do you think bike thieves are following exactly which e-bike models have DRM, whether it has been broken etc? I doubt it.

* It assumes that the DRM is so amazing that nobody figures out how to defeat it.

So it might be true, but it also might not.

aenis•2w ago

I am not interested in either, I just want to have control over the hardware I purchased with my own money.

As for thieves, they apparently have ways of bypassing bosch drm via hardware - bosch bikes get stolen all the time. As for speed unlocks, they are trivially possible with hardware bypasses. I doubt open source firmware would do harm.

oulipo2•2w ago

We do it at https://infinite-battery.com :) our battery is compatible with Gen2/Gen3/Gen4 (we haven't yet tested on smart systems though)

aenis•2w ago

I started doing some research over the holidays and the smart system seems to be designed to prevent reversing - fuses blown both ways, so didn't even manage to read the firmware, and communication with the client software relies on what seems to be decent encryption. And from the design of the hardware bypasses it seems that the firmware does not trust its own peripheries. Good design, no doubt - will try to take it apart when i switch bikes and won't mind bricking my unit.

mschuster91•3w ago

And as usual... something that looks like it uses Linux, but has absolutely zero Google search results on how to obtain the GPL sources.

We desperately need some large ass legal fund that takes the GPL violators to court.

smokel•2w ago

If they use unmodified Linux, then they only have to provide (a link to) the source code to that kernel on request. No source code is required for proprietary add-ons, unless they are kernel modifications.

The GPL also does not state that the source code should be easy to find. In the early days, one had to write a letter, send it by mail, in hopes of getting a tape or CD-ROM with the source code. For which you then had to pay as well.

wuschel•2w ago

What could be the potential risk of not being compliant to the software license at hand e.g. let us say we would sue a GPL violator?

ofrzeta•2w ago

There have been several trials, all of them won, I think

https://gpl-violations.org/about/

MPSimmons•2w ago

Damn, I really enjoyed reading this. Great writeup!

vachina•2w ago

Now do DJI next

Neywiny•2w ago

Great work.

Seems like a typo when covering inversion. They claim parity(0) = 0 but still use the equation with != from before.

It's nice to see that they, like me, subscribe to "an hour of experimenting can save 5 minutes of reading the documentation." Of course what people often fail to realize is that until you've found the answer, you often don't realize what the documentation was saying, such as the 16-bit thing. Management may ask "was that not in the manual?" But it's more nebulous than that.

gessha•2w ago

I bet you that one hour was full of excitement, where’s the fun in reading the documentation :P

Another great to look at it is possibly as a TDD approach vs analyzing the problem at a deeper level.

dextrous•2w ago

Thanks very much for this awesome write up! It’s detailed labor-of-love work like this that helps others (like me!) make great jumps in learning. So appreciated.

syntaxing•2w ago

Fun read! How long does the script take to run? I’m curious if you would have noticed any performance increase if you wrote it in C++.

duttybear•2w ago

Bruteforcing ecc is the Services may subject to the contrary. My vision of brutforcing is droning below sea levels, .

When Albert Einstein Moved to Princeton

Agents.md as a Dark Signal

System time, clocks, and their syncing in macOS

McCLIM and 7GUIs – Part 1: The Counter

So whats the next word, then? Almost-no-math intro to transformer models

Ed Zitron: The Hater's Guide to Microsoft

UK infants ill after drinking contaminated baby formula of Nestle and Danone

Show HN: Android-based audio player for seniors – Homer Audio Player

Starter Template for Ory Kratos

LLMs are powerful, but enterprises are deterministic by nature

Make your iPad 3 a touchscreen for your computer

Internationalization and Localization in the Age of Agents

Building a Custom Clawdbot Workflow to Automate Website Creation

Why the "Taiwan Dome" won't survive a Chinese attack

Xkcd: Game AIs

Windows 11 is finally killing off legacy printer drivers in 2026

From Offloading to Engagement (Study on Generative AI)

AI for People

Rome is studded with cannon balls (2022)

8-piece tablebase development on Lichess (op1 partial)

US to bankroll far-right think tanks in Europe against digital laws

Ask HN: Have AI companies replaced their own SaaS usage with agents?

pi-nes

Show HN: Crew – Multi-agent orchestration tool for AI-assisted development

New hire fixed a problem so fast, their boss left to become a yoga instructor

Four horsemen of the AI-pocalypse line up capex bigger than Israel's GDP

A free Dynamic QR Code generator (no expiring links)

nextTick but for React.js

Show HN: I Built an AI-Powered Pull Request Review Tool

Git-am applies commit message diffs