Difference between revisions of "Parrot Bebop"
Jump to navigation
Jump to search
m (→Security) |
m (→netstat -ltun) |
||
| Line 269: | Line 269: | ||
Active Internet connections (only servers) |
Active Internet connections (only servers) |
||
Proto Recv-Q Send-Q Local Address Foreign Address State |
Proto Recv-Q Send-Q Local Address Foreign Address State |
||
| − | tcp 0 0 127.0.0.1:23059 0.0.0.0:* LISTEN |
+ | tcp 0 0 127.0.0.1:23059 0.0.0.0:* LISTEN |
| − | tcp 0 0 0.0.0.0:51 0.0.0.0:* LISTEN |
+ | tcp 0 0 0.0.0.0:51 0.0.0.0:* LISTEN |
| − | tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN |
+ | tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN |
| − | tcp 0 0 0.0.0.0:44444 0.0.0.0:* LISTEN |
+ | tcp 0 0 0.0.0.0:44444 0.0.0.0:* LISTEN |
| − | tcp 0 0 :::23 :::* LISTEN |
+ | tcp 0 0 :::23 :::* LISTEN |
| − | udp 0 0 0.0.0.0:5353 0.0.0.0:* |
+ | udp 0 0 0.0.0.0:5353 0.0.0.0:* |
| − | udp 0 0 0.0.0.0:67 0.0.0.0:* |
+ | udp 0 0 0.0.0.0:67 0.0.0.0:* |
| − | udp 0 0 :::5353 :::* |
+ | udp 0 0 :::5353 :::* |
</pre> |
</pre> |
||
Revision as of 00:11, 17 October 2015
Weight
Bebop 275g bat 1200 117g bat 1600 135g bat 2500 189g hull/carene 24g cache-cam 6g
Links
Officials
ARDroneSDK 3
- http://blog.parrot.com/2014/11/28/ardronesdk3-for-bebop-drone-and-minidrones-has-been-released/
- https://github.com/Parrot-Developers/ARSDKBuildUtils
- https://github.com/Parrot-Developers/Samples
- https://github.com/Parrot-Developers/bybop in python
Community
- http://www.bebopdrone.org/
- http://forum.parrot.com/usa/viewtopic.php?id=29088
- http://bebob.wikia.com/wiki/Bebob_Community_Drone_Hacking_Wiki
Hacks
- https://github.com/matthewlloyd/bebop Code repo disappeared but clones here:
- http://robotika.cz/robots/katarina/en
- https://github.com/hybridgroup/node-bebop control in node.js
Paparazzi
- http://wiki.paparazziuav.org/wiki/Main_Page
- http://wiki.paparazziuav.org/wiki/Bebop
- https://github.com/paparazzi/paparazzi
- https://github.com/paparazzi/paparazzi/tree/master/sw/airborne/boards/bebop
Security
Too easy to crash
http://securityaffairs.co/wordpress/39363/hacking/hacking-parrot-drones.html
telnet 192.168.42.1 ps | grep dragon kill -9 ###
Actually there is even quicker:
telnet 192.168.42.1 kk
WEP?
Apparently possible to setup WEP, or even WPA?
bcmwl addwep 0 1234567890 bcmwl wsec 1
Permanent (! reset wouldn't clean it, maybe flashing from USB?)
vi /sbin/broadcom_setup.sh At the end of the create_access_point Before the print out of success add the two lines: ------------- bcmwl addwep 0 1234567890 bcmwl wsec 1
Problem is that it may impact link quality and anyway it's incompatible with a SkyController...
telnet password
That's the minimum we can do:
telnet 192.168.42.1 # choose a new password passwd # fix bug in /etc/passwd (trailing spaces after /bin/sh) sed -i 's/ *$//' /etc/passwd # redirect root home to /home (where there is already a .bashrc) sed -i 's#/home/root#/home#' /etc/passwd # move shell history mv /.ash_history /home/ # redirect telnet login to /bin/login sed -i 's/sh -l/login/' /bin/login.sh # reboot /bin/ardrone3_shutdown.sh
open ports
- TCP port 21: ftp via inetd, serves /data/ftp
- TCP port 23: telnetd
- TCP port 51: ftp via inetd, serves /update
- TCP port 44444: dragon-prog
- UDP port 67: udhcpd
- UDP port 5353: avahi (mDNS)
avahi
apt-get install avahi-utils
avahi-browse -a --resolve
+ wlan1 IPv6 WifiFonHotspot [xx:xx:xx:xx:xx:xx] Workstation local
hostname = [WifiFonHotspot.local]
address = [192.168.42.1]
+ wlan1 IPv6 WifiFonHotspot _arsdk-0901._udp local
hostname = [WifiFonHotspot.local]
address = [192.168.42.1]
port = [44444]
txt = ["{"device_id":"PIXXXXXXXXXXXXXXXX"}"]
Tools
- https://github.com/Zepheus/ardrone3-pcap sniffing protocol
Misc data
ps ax
PID USER TIME COMMAND
1 root 0:02 init
2 root 0:00 [kthreadd]
3 root 0:00 [ksoftirqd/0]
4 root 0:00 [kworker/0:0]
5 root 0:00 [kworker/u:0]
6 root 0:00 [migration/0]
7 root 0:00 [watchdog/0]
8 root 0:00 [migration/1]
9 root 0:00 [kworker/1:0]
10 root 0:00 [ksoftirqd/1]
11 root 0:00 [watchdog/1]
12 root 0:00 [khelper]
13 root 0:00 [kdevtmpfs]
14 root 0:00 [netns]
15 root 0:00 [irq/1-p7mu]
16 root 0:00 [sync_supers]
17 root 0:00 [bdi-default]
18 root 0:00 [kblockd]
19 root 0:00 [khubd]
20 root 0:00 [rpciod]
21 root 0:00 [kworker/0:1]
22 root 0:00 [khungtaskd]
23 root 0:00 [kswapd0]
24 root 0:00 [fsnotify_mark]
25 root 0:00 [nfsiod]
26 root 0:00 [cifsiod]
27 root 0:00 [crypto]
37 root 0:00 [ubi_bgt0d]
38 root 0:00 [ubi_bgt1d]
39 root 0:00 [ubi_bgt2d]
40 root 0:00 [ci_otg]
41 root 0:00 [ci_otg]
42 root 0:00 [f_mtp]
43 root 0:00 [file-storage]
44 root 0:00 [kworker/1:1]
45 root 0:00 [deferwq]
46 root 0:00 [kworker/u:1]
54 root 0:00 [ubifs_bgt1_0]
80 root 0:00 [flush-ubifs_1_0]
103 root 0:00 /usr/bin/gpio_monitor /sys/devices/platform/user_gpio/USER_ON_OFF /bin/onoffbutton
170 root 0:00 [ubifs_bgt0_0]
171 root 0:00 [ubifs_bgt2_1]
172 root 0:00 [ubifs_bgt2_0]
201 root 0:00 udevd --daemon
210 root 0:00 udevd --daemon
211 root 0:00 udevd --daemon
228 root 0:00 [usb-thread]
232 root 0:00 [wl-thread]
342 root 0:00 udhcpd /etc/udhcpd.conf.eth0
351 root 0:00 {rcS} /bin/sh /etc/init.d/rcS
353 root 0:00 /usr/bin/ujubaclient
354 root 0:00 logger -t ujubaclient -p user.info
394 root 0:00 [irq/44-mmc0]
395 root 0:00 [kworker/u:2]
412 root 0:00 [mmcqd/0]
413 root 0:00 [mmcqd/0boot0]
414 root 0:00 [mmcqd/0boot1]
416 root 0:00 [spi1]
456 root 0:00 [jbd2/mmcblk0-8]
457 root 0:00 [ext4-dio-unwrit]
465 root 0:00 [kworker/0:2]
480 root 0:00 syslogd -s 1024 -b 4
493 root 0:00 eRide_aiding /data/ftp/internal_000/gps_data/eRide_data.bin
504 root 0:00 /usr/bin/usb_mode /sys/devices/platform/user_gpio/HOST_MODE_3V3 /sys/devices/platform/user_gpio/USB0_OC
508 root 0:00 {mtp_server.sh} /bin/sh /bin/mtp_server.sh start
519 root 0:00 inetd
524 root 0:00 avahi-daemon: running [WifiFonHotspot.local]
618 root 0:00 {ckcmd_redirect.} /bin/sh /usr/bin/ckcmd_redirect.sh
619 root 0:00 tail -F /var/log/messages
620 root 0:00 /usr/bin/awk -f /usr/bin/ckcmd_redirect.awk
622 root 0:00 /usr/bin/ulogger -t syslog -p I
623 root 0:00 telnetd -l /bin/login.sh
631 root 0:00 ulogcat -v ckcm
664 root 0:00 [flush-ubifs_2_1]
665 root 0:00 [flush-ubifs_0_0]
666 root 0:00 [flush-ubifs_2_0]
667 root 0:00 [flush-179:0]
675 root 0:00 poll_file -w /sys/devices/platform/ci_hdrc.0/udc/ci_hdrc.0/state
684 root 0:00 /usr/bin/bcm-watchdog
687 root 0:00 {DragonStarter.s} /bin/sh - /usr/bin/DragonStarter.sh -out2null
689 root 0:00 macgyverd -f
695 root 0:35 //usr/bin/dragon-prog
703 root 0:00 init
704 root 0:00 init
705 root 0:00 /sbin/klogd -n
pstree
init-+-DragonStarter.s-+-dragon-prog-+-{Behaviour}
| | |-{CKCM SERVER}
| | |-{Mario}
| | |-{MassStorage}
| | |-{NavdataSend}
| | |-{NetworkMonitor}
| | |-{Ntwk msgbox}
| | |-{NtwkDiscConnec}
| | |-2*[{ParrotAL_TIMER}]
| | |-{Photo Capture}
| | |-{Photo Record}
| | |-{Thread leds}
| | |-{Thread ms5607}
| | |-3*[{VideoMain}]
| | |-{colibry}
| | |-2*[{h264_venc}]
| | |-{hal}
| | |-{libgps_thread}
| | |-{thread_dxo}
| | |-{thread_us}
| | |-{thread_videoWi}
| | |-{thread_video_l}
| | |-3*[{v4l2:/dev/vide}]
| | |-{video_fix}
| | `-{video_rec}
| `-macgyverd
|-avahi-daemon
|-bcm-watchdog
|-ckcmd_redirect.-+-awk
| |-tail
| `-ulogger
|-eRide_aiding
|-gpio_monitor
|-inetd
|-2*[init]
|-klogd
|-mtp_server.sh---poll_file
|-rcS-+-logger
| `-ujubaclient-+-{Juba monitor}
| `-{jbd_run}
|-syslogd
|-telnetd
|-udevd---2*[udevd]
|-udhcpd
|-ulogcat
`-usb_mode
mount
rootfs on / type rootfs (rw) proc on /proc type proc (rw,relatime) dev on /dev type devtmpfs (rw,relatime,size=165664k,nr_inodes=41416,mode=755) tmp on /tmp type tmpfs (rw,relatime) sys on /sys type sysfs (rw,relatime) debug on /sys/kernel/debug type debugfs (rw,relatime) devpts on /dev/pts type devpts (rw,relatime,mode=600) none on /dev/cpuctl type cgroup (rw,relatime,cpu) ubi0:factory on /factory type ubifs (rw,relatime) ubi1:system on / type ubifs (rw,relatime) ubi2:data on /data type ubifs (rw,relatime) ubi2:update on /update type ubifs (rw,sync,relatime) /dev/mmcblk0 on /data/ftp/internal_000 type ext4 (rw,noatime,discard,nobarrier,data=writeback)
df -h
Filesystem Size Used Available Use% Mounted on ubi1:system 42.2M 29.4M 10.7M 73% / ubi0:factory 4.8M 100.0K 4.4M 2% /factory ubi2:data 9.0M 96.0K 8.4M 1% /data ubi2:update 28.0M 32.0K 26.5M 0% /update /dev/mmcblk0 7.2G 2.2G 5.0G 30% /data/ftp/internal_000 dev 161.8M 0 161.8M 0% /dev tmp 161.9M 48.0K 161.8M 0% /tmp
netstat -ltun
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:23059 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:51 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:44444 0.0.0.0:* LISTEN tcp 0 0 :::23 :::* LISTEN udp 0 0 0.0.0.0:5353 0.0.0.0:* udp 0 0 0.0.0.0:67 0.0.0.0:* udp 0 0 :::5353 :::*