Parrot Bebop

From YobiWiki
Jump to: navigation, search

Contents

Weight

Bebop            275g
bat 1200         117g
bat 1600         135g
bat 2500         189g
hull/carene       24g
cache-cam          6g

Links

Officials

ARDroneSDK 3

Community

Hacks

Paparazzi

Security

Too easy to crash

http://securityaffairs.co/wordpress/39363/hacking/hacking-parrot-drones.html

telnet 192.168.42.1
ps | grep dragon
kill -9 ###

Actually there is even quicker:

telnet 192.168.42.1
kk

WEP?

Apparently possible to setup WEP, or even WPA?

bcmwl addwep 0 1234567890
bcmwl wsec 1

Permanent (! reset wouldn't clean it, maybe flashing from USB?)

vi /sbin/broadcom_setup.sh
At the end of the create_access_point
Before the print out of success
add the two lines:
-------------
bcmwl addwep 0 1234567890
bcmwl wsec 1

Problem is that it may impact link quality and anyway it's incompatible with a SkyController...

telnet password

That's the minimum we can do:

telnet 192.168.42.1
# choose a new password
passwd
# fix bug in /etc/passwd (trailing spaces after /bin/sh)
sed -i 's/ *$//' /etc/passwd
# redirect root home to /home (where there is already a .bashrc)
sed -i 's#/home/root#/home#' /etc/passwd 
# move shell history
mv /.ash_history /home/
# redirect telnet login to /bin/login
sed -i 's/sh -l/login/' /bin/login.sh
# reboot
/bin/ardrone3_shutdown.sh

open ports

  • TCP port 21: ftp via inetd, serves /data/ftp
  • TCP port 23: telnetd
  • TCP port 51: ftp via inetd, serves /update
  • TCP port 44444: dragon-prog
  • UDP port 67: udhcpd
  • UDP port 5353: avahi (mDNS)
ftp://192.168.42.1/internal_000/
ftp://192.168.42.1:51/
telnet 192.168.42.1

avahi

apt-get install avahi-utils
avahi-browse -a --resolve
+  wlan1 IPv6 WifiFonHotspot [xx:xx:xx:xx:xx:xx]            Workstation          local
   hostname = [WifiFonHotspot.local]
   address = [192.168.42.1]
+  wlan1 IPv6 WifiFonHotspot                                _arsdk-0901._udp     local
   hostname = [WifiFonHotspot.local]
   address = [192.168.42.1]
   port = [44444]
   txt = ["{"device_id":"PIXXXXXXXXXXXXXXXX"}"]

Tips

Get info

BLDC_Test_Bench -I
### Motor Test Bench For Mykonos3 project
###   BLDC firmware: 1.21.R for 4 motors
###
  *** MTB will control 4 motors ***
  *** Warning: the BLDC firmware has not been compiled in test bench mode this will disable some options ! ***
  *** Warning: the BLDC firmware has not been compiled to manage motor settings ! ***
>> I
Get BLDC infos.
    * Version is: '1.21.R.4'
    * Flight infos:
        Number of flights:        33
        Previous flight time:     56 seconds (0 days, 0 hours, 0 min, 56 s)
        Total flight time:      2200 seconds (0 days, 0 hours, 36 min, 40 s)
        Last error: 'No error detected'

Read battery

BLDC_Test_Bench -n -O|cut -d" " -f 5
116

=> 11.6V
9.5V is considered as low battery level and drone will shut down.

Button

  • Short press: shut down
  • Long press: switch wifi band (will light orange LED for 2 secs)
  • Very long press: (how much?): factory reset? (will light red LED)

Music

Bebop can play music with its motors :)
Try e.g. changing the following setting in /etc/debug.conf:

#play bebop-a-lula at start up
play_startup_sound=1

"Music" is controlled by BLDC_Test_Bench -M

  • Normal startup:
BLDC_Test_Bench -M 1 
  • Short blip:
BLDC_Test_Bench -M 2 
  • Bebop-a-lula:
BLDC_Test_Bench -M 3 
  • Loop play normal startup:
BLDC_Test_Bench -M -1
  • Stop loop play:
BLDC_Test_Bench -M 0

Light

  • Green LED:
BLDC_Test_Bench -G 0 1 0
  • Red LED:
BLDC_Test_Bench -G 1 0 0
  • Orange LED:
BLDC_Test_Bench -G 1 1 0

Shutdown

Proper shutdown via telnet:

ardrone3_shutdown.sh

sniffing protocol

Misc data

ps ax

PID   USER     TIME   COMMAND
    1 root       0:02 init
    2 root       0:00 [kthreadd]
    3 root       0:00 [ksoftirqd/0]
    4 root       0:00 [kworker/0:0]
    5 root       0:00 [kworker/u:0]
    6 root       0:00 [migration/0]
    7 root       0:00 [watchdog/0]
    8 root       0:00 [migration/1]
    9 root       0:00 [kworker/1:0]
   10 root       0:00 [ksoftirqd/1]
   11 root       0:00 [watchdog/1]
   12 root       0:00 [khelper]
   13 root       0:00 [kdevtmpfs]
   14 root       0:00 [netns]
   15 root       0:00 [irq/1-p7mu]
   16 root       0:00 [sync_supers]
   17 root       0:00 [bdi-default]
   18 root       0:00 [kblockd]
   19 root       0:00 [khubd]
   20 root       0:00 [rpciod]
   21 root       0:00 [kworker/0:1]
   22 root       0:00 [khungtaskd]
   23 root       0:00 [kswapd0]
   24 root       0:00 [fsnotify_mark]
   25 root       0:00 [nfsiod]
   26 root       0:00 [cifsiod]
   27 root       0:00 [crypto]
   37 root       0:00 [ubi_bgt0d]
   38 root       0:00 [ubi_bgt1d]
   39 root       0:00 [ubi_bgt2d]
   40 root       0:00 [ci_otg]
   41 root       0:00 [ci_otg]
   42 root       0:00 [f_mtp]
   43 root       0:00 [file-storage]
   44 root       0:00 [kworker/1:1]
   45 root       0:00 [deferwq]
   46 root       0:00 [kworker/u:1]
   54 root       0:00 [ubifs_bgt1_0]
   80 root       0:00 [flush-ubifs_1_0]
  103 root       0:00 /usr/bin/gpio_monitor /sys/devices/platform/user_gpio/USER_ON_OFF /bin/onoffbutton
  170 root       0:00 [ubifs_bgt0_0]
  171 root       0:00 [ubifs_bgt2_1]
  172 root       0:00 [ubifs_bgt2_0]
  201 root       0:00 udevd --daemon
  210 root       0:00 udevd --daemon
  211 root       0:00 udevd --daemon
  228 root       0:00 [usb-thread]
  232 root       0:00 [wl-thread]
  342 root       0:00 udhcpd /etc/udhcpd.conf.eth0
  351 root       0:00 {rcS} /bin/sh /etc/init.d/rcS
  353 root       0:00 /usr/bin/ujubaclient
  354 root       0:00 logger -t ujubaclient -p user.info
  394 root       0:00 [irq/44-mmc0]
  395 root       0:00 [kworker/u:2]
  412 root       0:00 [mmcqd/0]
  413 root       0:00 [mmcqd/0boot0]
  414 root       0:00 [mmcqd/0boot1]
  416 root       0:00 [spi1]
  456 root       0:00 [jbd2/mmcblk0-8]
  457 root       0:00 [ext4-dio-unwrit]
  465 root       0:00 [kworker/0:2]
  480 root       0:00 syslogd -s 1024 -b 4
  493 root       0:00 eRide_aiding /data/ftp/internal_000/gps_data/eRide_data.bin
  504 root       0:00 /usr/bin/usb_mode /sys/devices/platform/user_gpio/HOST_MODE_3V3 /sys/devices/platform/user_gpio/USB0_OC
  508 root       0:00 {mtp_server.sh} /bin/sh /bin/mtp_server.sh start
  519 root       0:00 inetd
  524 root       0:00 avahi-daemon: running [WifiFonHotspot.local]
  618 root       0:00 {ckcmd_redirect.} /bin/sh /usr/bin/ckcmd_redirect.sh
  619 root       0:00 tail -F /var/log/messages
  620 root       0:00 /usr/bin/awk -f /usr/bin/ckcmd_redirect.awk
  622 root       0:00 /usr/bin/ulogger -t syslog -p I
  623 root       0:00 telnetd -l /bin/login.sh
  631 root       0:00 ulogcat -v ckcm
  664 root       0:00 [flush-ubifs_2_1]
  665 root       0:00 [flush-ubifs_0_0]
  666 root       0:00 [flush-ubifs_2_0]
  667 root       0:00 [flush-179:0]
  675 root       0:00 poll_file -w /sys/devices/platform/ci_hdrc.0/udc/ci_hdrc.0/state
  684 root       0:00 /usr/bin/bcm-watchdog
  687 root       0:00 {DragonStarter.s} /bin/sh - /usr/bin/DragonStarter.sh -out2null
  689 root       0:00 macgyverd -f
  695 root       0:35 //usr/bin/dragon-prog
  703 root       0:00 init
  704 root       0:00 init
  705 root       0:00 /sbin/klogd -n

pstree

init-+-DragonStarter.s-+-dragon-prog-+-{Behaviour}
     |                 |             |-{CKCM SERVER}
     |                 |             |-{Mario}
     |                 |             |-{MassStorage}
     |                 |             |-{NavdataSend}
     |                 |             |-{NetworkMonitor}
     |                 |             |-{Ntwk msgbox}
     |                 |             |-{NtwkDiscConnec}
     |                 |             |-2*[{ParrotAL_TIMER}]
     |                 |             |-{Photo Capture}
     |                 |             |-{Photo Record}
     |                 |             |-{Thread leds}
     |                 |             |-{Thread ms5607}
     |                 |             |-3*[{VideoMain}]
     |                 |             |-{colibry}
     |                 |             |-2*[{h264_venc}]
     |                 |             |-{hal}
     |                 |             |-{libgps_thread}
     |                 |             |-{thread_dxo}
     |                 |             |-{thread_us}
     |                 |             |-{thread_videoWi}
     |                 |             |-{thread_video_l}
     |                 |             |-3*[{v4l2:/dev/vide}]
     |                 |             |-{video_fix}
     |                 |             `-{video_rec}
     |                 `-macgyverd
     |-avahi-daemon
     |-bcm-watchdog
     |-ckcmd_redirect.-+-awk
     |                 |-tail
     |                 `-ulogger
     |-eRide_aiding
     |-gpio_monitor
     |-inetd
     |-2*[init]
     |-klogd
     |-mtp_server.sh---poll_file
     |-rcS-+-logger
     |     `-ujubaclient-+-{Juba monitor}
     |                   `-{jbd_run}
     |-syslogd
     |-telnetd
     |-udevd---2*[udevd]
     |-udhcpd
     |-ulogcat
     `-usb_mode

mount

rootfs on / type rootfs (rw)
proc on /proc type proc (rw,relatime)
dev on /dev type devtmpfs (rw,relatime,size=165664k,nr_inodes=41416,mode=755)
tmp on /tmp type tmpfs (rw,relatime)
sys on /sys type sysfs (rw,relatime)
debug on /sys/kernel/debug type debugfs (rw,relatime)
devpts on /dev/pts type devpts (rw,relatime,mode=600)
none on /dev/cpuctl type cgroup (rw,relatime,cpu)

ubi0:factory on /factory type ubifs (rw,relatime)
ubi1:system on / type ubifs (rw,relatime)
ubi2:data on /data type ubifs (rw,relatime)
ubi2:update on /update type ubifs (rw,sync,relatime)

/dev/mmcblk0 on /data/ftp/internal_000 type ext4 (rw,noatime,discard,nobarrier,data=writeback)

df -h

Filesystem                Size      Used Available Use% Mounted on
ubi1:system              42.2M     29.4M     10.7M  73% /
ubi0:factory              4.8M    100.0K      4.4M   2% /factory
ubi2:data                 9.0M     96.0K      8.4M   1% /data
ubi2:update              28.0M     32.0K     26.5M   0% /update
/dev/mmcblk0              7.2G      2.2G      5.0G  30% /data/ftp/internal_000
dev                     161.8M         0    161.8M   0% /dev
tmp                     161.9M     48.0K    161.8M   0% /tmp

netstat -ltun

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 127.0.0.1:23059         0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:51              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:44444           0.0.0.0:*               LISTEN
tcp        0      0 :::23                   :::*                    LISTEN
udp        0      0 0.0.0.0:5353            0.0.0.0:*                     
udp        0      0 0.0.0.0:67              0.0.0.0:*                     
udp        0      0 :::5353                 :::*                          
Personal tools
Namespaces

Variants
Actions
Navigation
Tools