Skip to content

ibndias/dji-drone-hijacking

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
drone.py
drone.py
 
 
puppet.c
puppet.c
 
 
puppeteer.py
puppeteer.py
 
 

Repository files navigation

DJI Drone Hijacking PoC

This is a repository for proof of concept of DJI Mini SE Hijacking explained in our paper:

Behind The Wings: The Case of Reverse Engineering and Drone Hijacking in DJI Enhanced Wi-Fi Protocol

Getting Started

[ Linux PC ]      [ Router ]     [ DRONE ]
puppeteer.py <---> puppet.c <---> DJI Mini SE
  • In drone.py change the src_mac, dst_mac, bssid_mac according to the victim controller and drone, also change the key to the correct key obtained. The arp and beacon is the raw unmodified UDP packet sent from remote to the drone collected from sniffing the communication.
  • Compile puppet.c and run it at OpenWRT router that has Ath9K chip with 5Mhz monitor mode support.
  • Run puppeteer.py, make sure c_host variable is the address of the router.
  • Hijack and control the drone with keyboard input, see pupeteer.py.

About

DJI Drone Control Hijacking

Resources

Readme
Activity

Stars

24 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages