Drone Hacking Part 1: Dumping Firmware and Bruteforcing ECC

https://neodyme.io/en/blog/drone_hacking_part_1/

155•tripdout•3w ago

Comments

nerdsniper•3w ago

What a beautiful write-up! This is such a lovely resource for anyone who ever has the curiosity of "I'm interested in getting a firmware dump".

purplehat_•3w ago

For anyone else who got a little too excited at the title, ECC here is error correction codes, not elliptic curve crypto.

Very cool writeup, thanks for digging into all those data sheets and sharing it with us! I feel like the hands-on electronics stuff has always been a little bit inaccessible to me, but posts like these always make me a little more excited to start doing little projects myself. So thanks for posting.

eimrine•3w ago

Drane Hacking next: bypassing Radio Electronic Warfare.

speed_spread•2w ago

Dead Reckoning + Physical Media + Return to Base

eimrine•2w ago

What a laugher, of course it is not like that. Especially funny sounds the return to base function.

Multi-frequency communication, a lot of retranslators making you to be able to fly inside of caves, refusing to use Starlink in the areas having a bleeding-edge anti-starlink antennas deployed. Or just receiving Netflix-grade picture from the optical cable while reducing to zero anything emitting radio-signals.

aenis•3w ago

Fantastic and inspiring write up, big thanks!

Here is to hoping someone will do something similar for DRM'ed BOSCH ebike motors.

stavros•3w ago

Be the change you want to see in the world.

mschuster91•3w ago

> Here is to hoping someone will do something similar for DRM'ed BOSCH ebike motors.

Please not. Bike thieves are already annoying as they are (a ring in the rural city I live in managed to steal over 400 k€ worth of bikes in a matter of months, in my case they only stole the control unit), and so are people modding their bikes to run (way) faster than the legal limit, leading to more and more calls for them being banned off of normal bike tracks.

[1] https://www.idowa.de/regionen/landshut/landkreis-landshut/se...

gessha•2w ago

Is people stealing bikes and parts a technological problem or a people problem?

Palomides•2w ago

you could compare with apple locking down iphones and parts, which I understand significantly reduced theft

IshKebab•2w ago

I seriously doubt any kind of DRM is going to dissuade bike thieves. It hasn't really worked for phones has it?

mschuster91•2w ago

It has. Yes people still steal iPhones but not even close to levels pre-Activation Lock.

fc417fc802•2w ago

If you can't fence the product then there's no motivation to steal it in the first place.

Naturally, this is why we should add GPS and a network connection to every device in existence. /s

IshKebab•2w ago

> If you can't fence the product then there's no motivation to steal it in the first place.

Couple of big problems with this thought:

* You have to know you can't fence it. Do you think bike thieves are following exactly which e-bike models have DRM, whether it has been broken etc? I doubt it.

* It assumes that the DRM is so amazing that nobody figures out how to defeat it.

So it might be true, but it also might not.

aenis•2w ago

I am not interested in either, I just want to have control over the hardware I purchased with my own money.

As for thieves, they apparently have ways of bypassing bosch drm via hardware - bosch bikes get stolen all the time. As for speed unlocks, they are trivially possible with hardware bypasses. I doubt open source firmware would do harm.

oulipo2•3w ago

We do it at https://infinite-battery.com :) our battery is compatible with Gen2/Gen3/Gen4 (we haven't yet tested on smart systems though)

aenis•2w ago

I started doing some research over the holidays and the smart system seems to be designed to prevent reversing - fuses blown both ways, so didn't even manage to read the firmware, and communication with the client software relies on what seems to be decent encryption. And from the design of the hardware bypasses it seems that the firmware does not trust its own peripheries. Good design, no doubt - will try to take it apart when i switch bikes and won't mind bricking my unit.

mschuster91•3w ago

And as usual... something that looks like it uses Linux, but has absolutely zero Google search results on how to obtain the GPL sources.

We desperately need some large ass legal fund that takes the GPL violators to court.

smokel•3w ago

If they use unmodified Linux, then they only have to provide (a link to) the source code to that kernel on request. No source code is required for proprietary add-ons, unless they are kernel modifications.

The GPL also does not state that the source code should be easy to find. In the early days, one had to write a letter, send it by mail, in hopes of getting a tape or CD-ROM with the source code. For which you then had to pay as well.

wuschel•2w ago

What could be the potential risk of not being compliant to the software license at hand e.g. let us say we would sue a GPL violator?

ofrzeta•2w ago

There have been several trials, all of them won, I think

https://gpl-violations.org/about/

MPSimmons•3w ago

Damn, I really enjoyed reading this. Great writeup!

vachina•3w ago

Now do DJI next

Neywiny•2w ago

Great work.

Seems like a typo when covering inversion. They claim parity(0) = 0 but still use the equation with != from before.

It's nice to see that they, like me, subscribe to "an hour of experimenting can save 5 minutes of reading the documentation." Of course what people often fail to realize is that until you've found the answer, you often don't realize what the documentation was saying, such as the 16-bit thing. Management may ask "was that not in the manual?" But it's more nebulous than that.

gessha•2w ago

I bet you that one hour was full of excitement, where’s the fun in reading the documentation :P

Another great to look at it is possibly as a TDD approach vs analyzing the problem at a deeper level.

dextrous•2w ago

Thanks very much for this awesome write up! It’s detailed labor-of-love work like this that helps others (like me!) make great jumps in learning. So appreciated.

syntaxing•2w ago

Fun read! How long does the script take to run? I’m curious if you would have noticed any performance increase if you wrote it in C++.

duttybear•2w ago

Bruteforcing ecc is the Services may subject to the contrary. My vision of brutforcing is droning below sea levels, .

Start all of your commands with a comma (2009)

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

The Waymo World Model

Hoot: Scheme on WebAssembly

How we made geo joins 400× faster with H3 indexes

Unseen Footage of Atari Battlezone Arcade Cabinet Production

Vocal Guide – belt sing without killing yourself

Jeffrey Snover: "Welcome to the Room"

ga68, the GNU Algol 68 Compiler – FOSDEM 2026 [video]

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox

Monty: A minimal, secure Python interpreter written in Rust for use by AI

Where did all the starships go?

Show HN: I spent 4 years building a UI design tool with only the features I use

Hackers (1995) Animated Experience

Sheldon Brown's Bicycle Technical Info

Show HN: If you lose your memory, how to regain access to your computer?

Microsoft open-sources LiteBox, a security-focused library OS

UK infants ill after drinking contaminated baby formula of Nestle and Danone

An Update on Heroku

PC Floppy Copy Protection: Vault Prolok

Dark Alley Mathematics

Was Benoit Mandelbrot a hedgehog or a fox?

The AI boom is causing shortages everywhere else

How to effectively write quality code with AI

Delimited Continuations vs. Lwt for Threads

Introducing the Developer Knowledge API and MCP Server

I now assume that all ads on Apple news are scams

Female Asian Elephant Calf Born at the Smithsonian National Zoo

Understanding Neural Network, Visually

I spent 5 years in DevOps – Solutions engineering gave me what I was missing