Parrot Bebop
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Weight
Bebop 275g bat 1200 117g bat 1600 135g bat 2500 189g hull/carene 24g cache-cam 6g
Links
Officials
ARDroneSDK 3
- http://blog.parrot.com/2014/11/28/ardronesdk3-for-bebop-drone-and-minidrones-has-been-released/
- https://github.com/Parrot-Developers/ARSDKBuildUtils
- https://github.com/Parrot-Developers/Samples
- https://github.com/Parrot-Developers/bybop in python
Community
- http://www.bebopdrone.org/
- http://forum.parrot.com/usa/viewtopic.php?id=29088
- http://bebob.wikia.com/wiki/Bebob_Community_Drone_Hacking_Wiki
Hacks
- https://github.com/matthewlloyd/bebop Code repo disappeared but clones here:
- http://robotika.cz/robots/katarina/en
- https://github.com/hybridgroup/node-bebop control in node.js
Paparazzi
- http://wiki.paparazziuav.org/wiki/Main_Page
- http://wiki.paparazziuav.org/wiki/Bebop
- https://github.com/paparazzi/paparazzi
- https://github.com/paparazzi/paparazzi/tree/master/sw/airborne/boards/bebop
Security
Too easy to crash
http://securityaffairs.co/wordpress/39363/hacking/hacking-parrot-drones.html
telnet 192.168.42.1 ps | grep dragon kill -9 ###
Actually there is even quicker:
telnet 192.168.42.1 kk
WEP?
Apparently possible to setup WEP, or even WPA?
bcmwl addwep 0 1234567890 bcmwl wsec 1
Permanent (! reset wouldn't clean it, maybe flashing from USB?)
vi /sbin/broadcom_setup.sh At the end of the create_access_point Before the print out of success add the two lines: ------------- bcmwl addwep 0 1234567890 bcmwl wsec 1
Problem is that it may impact link quality and anyway it's incompatible with a SkyController...
telnet password
That's the minimum we can do:
telnet 192.168.42.1 # choose a new password passwd # fix bug in /etc/passwd (trailing spaces after /bin/sh) sed -i 's/ *$//' /etc/passwd # redirect root home to /home (where there is already a .bashrc) sed -i 's#/home/root#/home#' /etc/passwd # move shell history mv /.ash_history /home/ # redirect telnet login to /bin/login sed -i 's/sh -l/login/' /bin/login.sh # reboot /bin/ardrone3_shutdown.sh
open ports
- TCP port 21: ftp via inetd, serves /data/ftp
- TCP port 23: telnetd
- TCP port 51: ftp via inetd, serves /update
- TCP port 44444: dragon-prog
- UDP port 67: udhcpd
- UDP port 5353: avahi (mDNS)
ftp://192.168.42.1/internal_000/ ftp://192.168.42.1:51/ telnet 192.168.42.1
avahi
apt-get install avahi-utils
avahi-browse -a --resolve
+ wlan1 IPv6 WifiFonHotspot [xx:xx:xx:xx:xx:xx] Workstation local
hostname = [WifiFonHotspot.local]
address = [192.168.42.1]
+ wlan1 IPv6 WifiFonHotspot _arsdk-0901._udp local
hostname = [WifiFonHotspot.local]
address = [192.168.42.1]
port = [44444]
txt = ["{"device_id":"PIXXXXXXXXXXXXXXXX"}"]
Tips
Get info
BLDC_Test_Bench -I
### Motor Test Bench For Mykonos3 project
### BLDC firmware: 1.21.R for 4 motors
###
*** MTB will control 4 motors ***
*** Warning: the BLDC firmware has not been compiled in test bench mode this will disable some options ! ***
*** Warning: the BLDC firmware has not been compiled to manage motor settings ! ***
>> I
Get BLDC infos.
* Version is: '1.21.R.4'
* Flight infos:
Number of flights: 33
Previous flight time: 56 seconds (0 days, 0 hours, 0 min, 56 s)
Total flight time: 2200 seconds (0 days, 0 hours, 36 min, 40 s)
Last error: 'No error detected'
Read battery
BLDC_Test_Bench -n -O|cut -d" " -f 5 116
=> 11.6V
9.5V is considered as low battery level and drone will shut down.
Button
- Short press: shut down
- Long press: switch wifi band (will light orange LED for 2 secs)
- Very long press: (how much?): factory reset? (will light red LED)
Music
Bebop can play music with its motors :)
Try e.g. changing the following setting in /etc/debug.conf:
#play bebop-a-lula at start up play_startup_sound=1
"Music" is controlled by BLDC_Test_Bench -M
- Normal startup:
BLDC_Test_Bench -M 1
- Short blip:
BLDC_Test_Bench -M 2
- Bebop-a-lula:
BLDC_Test_Bench -M 3
- Loop play normal startup:
BLDC_Test_Bench -M -1
- Stop loop play:
BLDC_Test_Bench -M 0
Light
- Green LED:
BLDC_Test_Bench -G 0 1 0
- Red LED:
BLDC_Test_Bench -G 1 0 0
- Orange LED:
BLDC_Test_Bench -G 1 1 0
Shutdown
Proper shutdown via telnet:
ardrone3_shutdown.sh
sniffing protocol
- https://github.com/Zepheus/ardrone3-pcap sniffing protocol
Misc data
ps ax
PID USER TIME COMMAND
1 root 0:02 init
2 root 0:00 [kthreadd]
3 root 0:00 [ksoftirqd/0]
4 root 0:00 [kworker/0:0]
5 root 0:00 [kworker/u:0]
6 root 0:00 [migration/0]
7 root 0:00 [watchdog/0]
8 root 0:00 [migration/1]
9 root 0:00 [kworker/1:0]
10 root 0:00 [ksoftirqd/1]
11 root 0:00 [watchdog/1]
12 root 0:00 [khelper]
13 root 0:00 [kdevtmpfs]
14 root 0:00 [netns]
15 root 0:00 [irq/1-p7mu]
16 root 0:00 [sync_supers]
17 root 0:00 [bdi-default]
18 root 0:00 [kblockd]
19 root 0:00 [khubd]
20 root 0:00 [rpciod]
21 root 0:00 [kworker/0:1]
22 root 0:00 [khungtaskd]
23 root 0:00 [kswapd0]
24 root 0:00 [fsnotify_mark]
25 root 0:00 [nfsiod]
26 root 0:00 [cifsiod]
27 root 0:00 [crypto]
37 root 0:00 [ubi_bgt0d]
38 root 0:00 [ubi_bgt1d]
39 root 0:00 [ubi_bgt2d]
40 root 0:00 [ci_otg]
41 root 0:00 [ci_otg]
42 root 0:00 [f_mtp]
43 root 0:00 [file-storage]
44 root 0:00 [kworker/1:1]
45 root 0:00 [deferwq]
46 root 0:00 [kworker/u:1]
54 root 0:00 [ubifs_bgt1_0]
80 root 0:00 [flush-ubifs_1_0]
103 root 0:00 /usr/bin/gpio_monitor /sys/devices/platform/user_gpio/USER_ON_OFF /bin/onoffbutton
170 root 0:00 [ubifs_bgt0_0]
171 root 0:00 [ubifs_bgt2_1]
172 root 0:00 [ubifs_bgt2_0]
201 root 0:00 udevd --daemon
210 root 0:00 udevd --daemon
211 root 0:00 udevd --daemon
228 root 0:00 [usb-thread]
232 root 0:00 [wl-thread]
342 root 0:00 udhcpd /etc/udhcpd.conf.eth0
351 root 0:00 {rcS} /bin/sh /etc/init.d/rcS
353 root 0:00 /usr/bin/ujubaclient
354 root 0:00 logger -t ujubaclient -p user.info
394 root 0:00 [irq/44-mmc0]
395 root 0:00 [kworker/u:2]
412 root 0:00 [mmcqd/0]
413 root 0:00 [mmcqd/0boot0]
414 root 0:00 [mmcqd/0boot1]
416 root 0:00 [spi1]
456 root 0:00 [jbd2/mmcblk0-8]
457 root 0:00 [ext4-dio-unwrit]
465 root 0:00 [kworker/0:2]
480 root 0:00 syslogd -s 1024 -b 4
493 root 0:00 eRide_aiding /data/ftp/internal_000/gps_data/eRide_data.bin
504 root 0:00 /usr/bin/usb_mode /sys/devices/platform/user_gpio/HOST_MODE_3V3 /sys/devices/platform/user_gpio/USB0_OC
508 root 0:00 {mtp_server.sh} /bin/sh /bin/mtp_server.sh start
519 root 0:00 inetd
524 root 0:00 avahi-daemon: running [WifiFonHotspot.local]
618 root 0:00 {ckcmd_redirect.} /bin/sh /usr/bin/ckcmd_redirect.sh
619 root 0:00 tail -F /var/log/messages
620 root 0:00 /usr/bin/awk -f /usr/bin/ckcmd_redirect.awk
622 root 0:00 /usr/bin/ulogger -t syslog -p I
623 root 0:00 telnetd -l /bin/login.sh
631 root 0:00 ulogcat -v ckcm
664 root 0:00 [flush-ubifs_2_1]
665 root 0:00 [flush-ubifs_0_0]
666 root 0:00 [flush-ubifs_2_0]
667 root 0:00 [flush-179:0]
675 root 0:00 poll_file -w /sys/devices/platform/ci_hdrc.0/udc/ci_hdrc.0/state
684 root 0:00 /usr/bin/bcm-watchdog
687 root 0:00 {DragonStarter.s} /bin/sh - /usr/bin/DragonStarter.sh -out2null
689 root 0:00 macgyverd -f
695 root 0:35 //usr/bin/dragon-prog
703 root 0:00 init
704 root 0:00 init
705 root 0:00 /sbin/klogd -n
pstree
init-+-DragonStarter.s-+-dragon-prog-+-{Behaviour}
| | |-{CKCM SERVER}
| | |-{Mario}
| | |-{MassStorage}
| | |-{NavdataSend}
| | |-{NetworkMonitor}
| | |-{Ntwk msgbox}
| | |-{NtwkDiscConnec}
| | |-2*[{ParrotAL_TIMER}]
| | |-{Photo Capture}
| | |-{Photo Record}
| | |-{Thread leds}
| | |-{Thread ms5607}
| | |-3*[{VideoMain}]
| | |-{colibry}
| | |-2*[{h264_venc}]
| | |-{hal}
| | |-{libgps_thread}
| | |-{thread_dxo}
| | |-{thread_us}
| | |-{thread_videoWi}
| | |-{thread_video_l}
| | |-3*[{v4l2:/dev/vide}]
| | |-{video_fix}
| | `-{video_rec}
| `-macgyverd
|-avahi-daemon
|-bcm-watchdog
|-ckcmd_redirect.-+-awk
| |-tail
| `-ulogger
|-eRide_aiding
|-gpio_monitor
|-inetd
|-2*[init]
|-klogd
|-mtp_server.sh---poll_file
|-rcS-+-logger
| `-ujubaclient-+-{Juba monitor}
| `-{jbd_run}
|-syslogd
|-telnetd
|-udevd---2*[udevd]
|-udhcpd
|-ulogcat
`-usb_mode
mount
rootfs on / type rootfs (rw) proc on /proc type proc (rw,relatime) dev on /dev type devtmpfs (rw,relatime,size=165664k,nr_inodes=41416,mode=755) tmp on /tmp type tmpfs (rw,relatime) sys on /sys type sysfs (rw,relatime) debug on /sys/kernel/debug type debugfs (rw,relatime) devpts on /dev/pts type devpts (rw,relatime,mode=600) none on /dev/cpuctl type cgroup (rw,relatime,cpu) ubi0:factory on /factory type ubifs (rw,relatime) ubi1:system on / type ubifs (rw,relatime) ubi2:data on /data type ubifs (rw,relatime) ubi2:update on /update type ubifs (rw,sync,relatime) /dev/mmcblk0 on /data/ftp/internal_000 type ext4 (rw,noatime,discard,nobarrier,data=writeback)
df -h
Filesystem Size Used Available Use% Mounted on ubi1:system 42.2M 29.4M 10.7M 73% / ubi0:factory 4.8M 100.0K 4.4M 2% /factory ubi2:data 9.0M 96.0K 8.4M 1% /data ubi2:update 28.0M 32.0K 26.5M 0% /update /dev/mmcblk0 7.2G 2.2G 5.0G 30% /data/ftp/internal_000 dev 161.8M 0 161.8M 0% /dev tmp 161.9M 48.0K 161.8M 0% /tmp
netstat -ltun
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:23059 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:51 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:44444 0.0.0.0:* LISTEN tcp 0 0 :::23 :::* LISTEN udp 0 0 0.0.0.0:5353 0.0.0.0:* udp 0 0 0.0.0.0:67 0.0.0.0:* udp 0 0 :::5353 :::*