A screenshot of the drone monitoring application, showing spoofed drones and their coordinates

Can’t Disable DJI Drone ID? Spoof It With An ESP!

We have been alerted to a fun tool, a DJI DroneID spoofer software for ESP8266/ESP32 and some other popular MCUs. Last year, we’ve told you about DJI DroneID — a technology DJI added to their drones, which broadcasts data including the drone operator’s GPS position, which, in turn, appears to have resulted in Ukrainian casualties in the Ukraine war. The announcement tweet states that DJI has added mechanisms from downgrading firmware. Hence, the spoofer.

There’s no other hardware needed, well other than an ESP8266 or ESP32 devboard, anyway. After the break you can find a video tutorial from [Joshua Bardwell] that shows you how to upload the code using Arduino IDE, and even going through coordinate tweaks. If you ever reminisced about the concept of throwies and were wondering what kind of useful, well, there’s your answer: clone the Git repo, compile it, program some interesting coordinates in, and witness the imaginary drones fly.

All in all, we get a lovely addition to our shenanigan toolkits. Surely, someone could use a neural network to distinguish real drones from fake ones, but it’s nothing that can’t be solved with a bit of code. Looking for a less daring hack? Well, you can always add some automation to your DJI drone by poking at the RGB LED signals.

Continue reading “Can’t Disable DJI Drone ID? Spoof It With An ESP!”

Patent Spat Leaves DJI Owing Textron $279M

Patents are the murky waters where technical jargon and legalese meet, and in this vast grey area of interpretation, DJI now owes Textron $279M.

At issue in the case were two patents issued to Textron (#8,014,909 and #9,162,752) regarding aircraft control systems for relative positioning to other vehicles and automatic hovering. The jury found that Textron’s intellectual property (IP) had been infringed and that damages amounted to $279M. DJI asserts that Textron’s patents are not valid and will appeal the decision. Appeals in patent trials are handled by the Federal Circuit and can be kicked up to the US Supreme Court, so don’t expect a final decision in the case anytime soon.

We’re not lawyers, so we won’t comment on the merits of the case, but, while it was a jury trial, it was one of many cases decided in the court of Judge Alan Albright, who has been the focus of scrutiny despite efforts to assign fewer cases to his docket amid wider efforts to stymie venue shopping in patent cases. Despite these efforts, the Western District of Texas is such a popular venue for patent cases that Berkeley offers a CEU on going to trial in Waco.

If you’re curious about more IP shenanigans, checkout the Honda mass takedown, the legality of making something similar, or why E3D patents some of their work.

Screenshot of the SDR software in action, with decoded data in a terminal, and a map that shows the location received from the decoded data

Loudmouth DJI Drones Tell Everyone Where You Are

Back when commercial quadcopters started appearing in the news on the regular, public safety was a talking point. How, for example, do we keep them away from airports? Well, large drone companies didn’t want the negative PR, so some voluntarily added geofencing and tracking mechanisms to their own drones.

When it comes to DJI, one such mechanism is DroneID: a beacon on the drone itself, sending out a trove of data, including its operator’s GPS location. DJI also, of course, sells the Aeroscope device that receives and decodes DroneID data, declared to be for government use. As it often is with privacy-compromising technology, turns out it’s been a bigger compromise than we expected.

Questions started popping up last year, as off-the-shelf quadcopters (including those made by DJI) started to play a part in the Russo-Ukrainian War. It didn’t take long for Ukrainian forces to notice that launching a DJI drone led to its operators being swiftly attacked, and intel was that Russia got some Aeroscopes from Syria. DJI’s response was that their products were not meant to be used this way, and shortly thereafter cut sales to both Russia and Ukraine.

But security researchers have recently discovered the situation was actually worse than we expected. Back in 2022, DJI claimed that the DroneID data was encrypted, but [Kevin Finisterre]’s research proved that to be a lie — with the company finally admitting to it after Verge pushed them on the question. It wouldn’t even be hard to implement a worse-than-nothing encryption that holds up mathematically. However, it seems, DroneID doesn’t even try: here’s a GitHub repository with a DroneID decoder you can use if you have an SDR dongle.

Sadly, the days of companies like DJI standing up against the anti-copter talking points seem to be over, Now they’re setting an example on how devices can subvert their owners’ privacy without reservation. Looks like it’s up to hackers on the frontlines to learn how to excise DroneID, just like we’ve done with the un-nuanced RF power limitations, or the DJI battery DRM, or transplanting firmware between hardware-identical DJI flight controller models.

Continue reading “Loudmouth DJI Drones Tell Everyone Where You Are”

LED Hack Teaches DJI Mini 2 Drone New Tricks

Despite its diminutive proportions, the thrust to weight ratio of the DJI Mini 2 is high enough that it can carry a considerable amount of baggage. So it’s no surprise that there’s a cottage industry of remotely controlled payload releases that can be bolted onto the bottom of this popular quadcopter. But [tterev3] wanted something that would integrate better with DJI’s software instead of relying on a separate transmitter.

As explained in the video below, his solution was to tap into the signals that control the RGB LED on the front of the drone. Since the user can change the color of the LED at any time with the official DJI smartphone application, decoding this signal to determine which color had been selected is like adding several new channels to the transmitter. In this case [tterev3] just needed to decode a single color to use as a “drop” signal, but it’s not hard to imagine how this concept could be expanded to trigger several different actions with a few more lines of code.

Examining the LED control signal.

[tterev3] wrote some software to decode the 48 bits of data being sent to the LED with a PIC18F26K40 microcontroller, which in turn uses an L9110H H-Bridge to control a tiny gear motor. To get feedback, he’s using a small magnet glued to the release arm and a Hall-effect sensor.

Concerned about how much power he could realistically pull from a connection that was intended for an LED, he gave the release its own battery that is slowly charged while the drone is running. You could argue that since the motor only needs to fire up once to drop the payload, [tterev3] probably could have gotten away with not recharging it at all during the flight. But as with the ability to decode additional color signals, the techniques being demonstrated here hold a lot of promise for future development.

Folks have been strapping additional hardware to commercial quadcopters for years, but modifications like this one that actually let the craft release its payload and fly away hold particular promise for environmental monitoring and building mesh communication networks.

Continue reading “LED Hack Teaches DJI Mini 2 Drone New Tricks”

Web Tool Cranks Up The Power On DJI’s FPV Drone

Apparently, if the GPS on your shiny new DJI FPV Drone detects that it’s not in the United States, it will turn down its transmitter power so as not to run afoul of the more restrictive radio limits elsewhere around the globe. So while all the countries that have put boots on the Moon get to enjoy the full 1,412 mW of power the hardware is capable of, the drone’s software limits everyone else to a paltry 25 mW. As you can imagine, that leads to a considerable performance penalty in terms of range.

But not anymore. A web-based tool called B3YOND promises to reinstate the full power of your DJI FPV Drone no matter where you live by tricking it into believing it’s in the USA. Developed by the team at [D3VL], the unlocking tool uses the new Web Serial API to send the appropriate “FCC Mode” command to the drone’s FPV goggles over USB. Everything is automated, so this hack is available to anyone who’s running a recent version of Chrome or Edge and can click a button a few times.

There’s no source code available yet, though the page does mention they will be putting up a GitHub repository soon. In the meantime, [D3VL] have documented the command packet that needs to be sent to the drone over its MODBUS-like serial protocol for others who might want to roll their own solution. There’s currently an offline Windows-only tool up for download as well, and it sounds like stand-alone versions for Mac and Android are also in the works.

It should probably go without saying that if you need to use this tool, you’ll potentially be violating some laws. In many European countries, 25 mW is the maximum unlicensed transmitter power allowed for UAVs, so that’s certainly something to keep in mind before you flip the switch. Hackaday isn’t in the business of dispensing legal advice, but that said, we wouldn’t want to be caught transmitting at nearly 60 times the legal limit.

Even if you’re not interested in fiddling with drone radios, it’s interesting to see another practical application of the Web Serial API. From impromptu oscilloscopes to communicating with development boards and conference badges, clever developers are already finding ways to make hardware hacking easier with this new capability.

[Thanks to Jules for the tip.]

How To Run Alternative Batteries On The DJI Mavic Mini

Rechargeable batteries are ubiquitous these days, freeing us from the expense and hassle of using disposable cells. However, this has come with the caveat that many manufacturers demand their equipment only be used with their own official batteries. [aeropic] wasn’t a fan of this, so built a circuit to allow his DJI Mavic Mini to fly with any batteries he pleased.

The Mavic Mini uses I2C to communicate with official packs, making the hack relatively straightforward. [aeropic] built a board nicknamed B0B, which tells the drone what it wants to hear and lets it boot up with unofficial batteries installed. The circuit uses a PIC12F1840 to speak to the drone, including reporting voltage on the cells installed. Notably, it only monitors the whole pack, before dividing the voltage to represent the value of individual cells, but it shouldn’t be a major problem in typical use. Combined with a few 3D printed components to hold everything together, it allows you to build your own cheap pack for the Mavic Mini with little more than a PCB and a few 18650 cells.

It’s always good to see hackers getting out and doing the bread and butter work to get around restrictive factory DRM measures, whether its on music, printer cartridges, or drone batteries. We’ve even seen the scourge appear on litter boxes, too. Video after the break.

Continue reading “How To Run Alternative Batteries On The DJI Mavic Mini”

Mavic Mini Gets Custom Clear Case

Apparently, in the drone scene, sticker wraps are popular for a custom aesthetic. [Useless Mod] wanted to go a little further, however, and decided to build a full crystal enclosure for his Mavic Mini, facing some hurdles along the way. (Video, embedded below.)

The first stage of the build was disassembly, with the compact 249 gram drone requiring a deft touch to avoid damaging the delicate ribbon cables and mechanisms inside. With the drone stripped down to its bare components, a silicone mould was made of each individual piece of the case, with new parts being cast in clear epoxy. It’s not a job for the faint of heart, with many undercuts and complex features to contend with. However, [Useless Mod] managed to produce the parts and get it all back together.

An initial test flight ended poorly, when the drone entered an uncontrollable wobble due to the case not being fully assembled. However, with fresh internals and with everything properly put together, everything worked! It’s not a build we’d suggest for the inexperienced, as the moulds required are complex and the electronics quite fragile. The final result is a good one though, and it even weighs 10 grams less than the original casing!

For those in the US, the world of drones is set to change drastically in short order.

Continue reading “Mavic Mini Gets Custom Clear Case”