We have been alerted to a fun tool, a DJI DroneID spoofer software for ESP8266/ESP32 and some other popular MCUs. Last year, we’ve told you about DJI DroneID — a technology DJI added to their drones, which broadcasts data including the drone operator’s GPS position, which, in turn, appears to have resulted in Ukrainian casualties in the Ukraine war. The announcement tweet states that DJI has added mechanisms from downgrading firmware. Hence, the spoofer.
There’s no other hardware needed, well other than an ESP8266 or ESP32 devboard, anyway. After the break you can find a video tutorial from [Joshua Bardwell] that shows you how to upload the code using Arduino IDE, and even going through coordinate tweaks. If you ever reminisced about the concept of throwies and were wondering what kind of useful, well, there’s your answer: clone the Git repo, compile it, program some interesting coordinates in, and witness the imaginary drones fly.
All in all, we get a lovely addition to our shenanigan toolkits. Surely, someone could use a neural network to distinguish real drones from fake ones, but it’s nothing that can’t be solved with a bit of code. Looking for a less daring hack? Well, you can always add some automation to your DJI drone by poking at the RGB LED signals.
I wonder how many drones one could emulate with something more capable, like a WiFi Pinapple for instance…
Interesting, I wonder how many Russian positions could be victim to ‘friendly fire’ with faked DJI DroneID broadcasts
i was having this exact thought.
I shall try this at the white house, with ssid cccp_bug
Better surely to hack your drone so it doesn’t make any broadcasts that could reveal your (or for that matter its) location to the soldiers who’ve invaded your country.
yep, something like that, or better still, stop using those DJI drones and get busy making your own that have all the features you need and are (hopefully) a lot cheaper as well.
This wont help in Ukraine, DJI drones also transmit unencrypted pilot coordinates on LTE band. Requires SDR or special DJI basestation to decode it.
The amazing part for me is that these drones are apparently uses with stock firmware.
Mind boggingly stupid. But also, It’s a war. There are likely to be glitches and all sorts of problems (including logistics) everywhere. And I guess these drones get into Ukraine though a lot of different paths. From big batches to individual donations.
Not with fw1001 they dont
Is that a part of that hacked ios app one can but for $40 to unlock FCC mode or something else entirely? Does it disable Aerscope on both drone and remote radio?
ps: some info about low level radio link: https://github.com/proto17/dji_droneid
These situations always leave me conflicted.
If I’m honest I would not want a civilian device I created used for military purposes even by “the good guys”.
If you want me to make military gear, pay me those big military bucks. (Which I wouldn’t accept because I wouldn’t want it on my conscience).
In a sense DJI telling them to stop using it’s gear is something I respect. Drones have a sketchy rep as it is.
Starlink is borderline case as military funds it’s development in effect AFAIK.
But you do know DJI has extensive military contracts with PLA? and civilian DJI drones are just the way for them to fund military research? Same deal with https://www.robomaster.com/en-US DJI organized University competition where you build driving/flying drone team, code aimbots, and fight in the arena trying to kill your opponents/conquer enemy base.
EVERY civilian company/business and even Chinese nationals anywhere are REQUIRED to cooperate with the State agencies if asked:
China’s National Intelligence Law
The Intelligence Law… repeatedly obliges individuals, organizations, and institutions to assist Public Security and State Security officials in carrying out a wide array of “intelligence” work. Article Seven stipulates that “any organization or citizen shall support, assist, and cooperate with state intelligence work according to law.”
If RoboMaster is aimed at training college students for future robotic warfare, what do you call BattleBots on Discovery Channel?
Not to be taken seriously… There’s so many rules and restrictions that capabilities are seriously limited.
You’ve got to fight for your right…to your DATA. I am so sick and tired of being invaded on every single vector. This is why we can’t have nice things anymore.
so if you turn this on near an airport, the airport gets shutdown?
If they really afraid of such signals. I guess security can be involved into investigation. But again if they are listening and take it seriously.
Well, I’m never updating my firmware ever again
The author of the post does not have any idea about what he is writing about. This has nothing to do with DJI drone ID which is not like Bluetooth or WiFi-based “Remote ID/Open Drone ID”. For some reason he even put the link named “DJI DroneID spoofer” that points to a site that has nothing to do with DJI DroneID.