Difference between revisions of "Parrot Bebop"
Jump to navigation
Jump to search
m (→Security) |
m (→Tools) |
||
| Line 77: | Line 77: | ||
=Tools= |
=Tools= |
||
* https://github.com/Zepheus/ardrone3-pcap sniffing protocol |
* https://github.com/Zepheus/ardrone3-pcap sniffing protocol |
||
| + | =Misc data= |
||
| + | ==ps ax== |
||
| + | <pre> |
||
| + | PID USER TIME COMMAND |
||
| + | 1 root 0:02 init |
||
| + | 2 root 0:00 [kthreadd] |
||
| + | 3 root 0:00 [ksoftirqd/0] |
||
| + | 4 root 0:00 [kworker/0:0] |
||
| + | 5 root 0:00 [kworker/u:0] |
||
| + | 6 root 0:00 [migration/0] |
||
| + | 7 root 0:00 [watchdog/0] |
||
| + | 8 root 0:00 [migration/1] |
||
| + | 9 root 0:00 [kworker/1:0] |
||
| + | 10 root 0:00 [ksoftirqd/1] |
||
| + | 11 root 0:00 [watchdog/1] |
||
| + | 12 root 0:00 [khelper] |
||
| + | 13 root 0:00 [kdevtmpfs] |
||
| + | 14 root 0:00 [netns] |
||
| + | 15 root 0:00 [irq/1-p7mu] |
||
| + | 16 root 0:00 [sync_supers] |
||
| + | 17 root 0:00 [bdi-default] |
||
| + | 18 root 0:00 [kblockd] |
||
| + | 19 root 0:00 [khubd] |
||
| + | 20 root 0:00 [rpciod] |
||
| + | 21 root 0:00 [kworker/0:1] |
||
| + | 22 root 0:00 [khungtaskd] |
||
| + | 23 root 0:00 [kswapd0] |
||
| + | 24 root 0:00 [fsnotify_mark] |
||
| + | 25 root 0:00 [nfsiod] |
||
| + | 26 root 0:00 [cifsiod] |
||
| + | 27 root 0:00 [crypto] |
||
| + | 37 root 0:00 [ubi_bgt0d] |
||
| + | 38 root 0:00 [ubi_bgt1d] |
||
| + | 39 root 0:00 [ubi_bgt2d] |
||
| + | 40 root 0:00 [ci_otg] |
||
| + | 41 root 0:00 [ci_otg] |
||
| + | 42 root 0:00 [f_mtp] |
||
| + | 43 root 0:00 [file-storage] |
||
| + | 44 root 0:00 [kworker/1:1] |
||
| + | 45 root 0:00 [deferwq] |
||
| + | 46 root 0:00 [kworker/u:1] |
||
| + | 54 root 0:00 [ubifs_bgt1_0] |
||
| + | 80 root 0:00 [flush-ubifs_1_0] |
||
| + | 103 root 0:00 /usr/bin/gpio_monitor /sys/devices/platform/user_gpio/USER_ON_OFF /bin/onoffbutton |
||
| + | 170 root 0:00 [ubifs_bgt0_0] |
||
| + | 171 root 0:00 [ubifs_bgt2_1] |
||
| + | 172 root 0:00 [ubifs_bgt2_0] |
||
| + | 201 root 0:00 udevd --daemon |
||
| + | 210 root 0:00 udevd --daemon |
||
| + | 211 root 0:00 udevd --daemon |
||
| + | 228 root 0:00 [usb-thread] |
||
| + | 232 root 0:00 [wl-thread] |
||
| + | 342 root 0:00 udhcpd /etc/udhcpd.conf.eth0 |
||
| + | 351 root 0:00 {rcS} /bin/sh /etc/init.d/rcS |
||
| + | 353 root 0:00 /usr/bin/ujubaclient |
||
| + | 354 root 0:00 logger -t ujubaclient -p user.info |
||
| + | 394 root 0:00 [irq/44-mmc0] |
||
| + | 395 root 0:00 [kworker/u:2] |
||
| + | 412 root 0:00 [mmcqd/0] |
||
| + | 413 root 0:00 [mmcqd/0boot0] |
||
| + | 414 root 0:00 [mmcqd/0boot1] |
||
| + | 416 root 0:00 [spi1] |
||
| + | 456 root 0:00 [jbd2/mmcblk0-8] |
||
| + | 457 root 0:00 [ext4-dio-unwrit] |
||
| + | 465 root 0:00 [kworker/0:2] |
||
| + | 480 root 0:00 syslogd -s 1024 -b 4 |
||
| + | 493 root 0:00 eRide_aiding /data/ftp/internal_000/gps_data/eRide_data.bin |
||
| + | 504 root 0:00 /usr/bin/usb_mode /sys/devices/platform/user_gpio/HOST_MODE_3V3 /sys/devices/platform/user_gpio/USB0_OC |
||
| + | 508 root 0:00 {mtp_server.sh} /bin/sh /bin/mtp_server.sh start |
||
| + | 519 root 0:00 inetd |
||
| + | 524 root 0:00 avahi-daemon: running [WifiFonHotspot.local] |
||
| + | 618 root 0:00 {ckcmd_redirect.} /bin/sh /usr/bin/ckcmd_redirect.sh |
||
| + | 619 root 0:00 tail -F /var/log/messages |
||
| + | 620 root 0:00 /usr/bin/awk -f /usr/bin/ckcmd_redirect.awk |
||
| + | 622 root 0:00 /usr/bin/ulogger -t syslog -p I |
||
| + | 623 root 0:00 telnetd -l /bin/login.sh |
||
| + | 631 root 0:00 ulogcat -v ckcm |
||
| + | 664 root 0:00 [flush-ubifs_2_1] |
||
| + | 665 root 0:00 [flush-ubifs_0_0] |
||
| + | 666 root 0:00 [flush-ubifs_2_0] |
||
| + | 667 root 0:00 [flush-179:0] |
||
| + | 675 root 0:00 poll_file -w /sys/devices/platform/ci_hdrc.0/udc/ci_hdrc.0/state |
||
| + | 684 root 0:00 /usr/bin/bcm-watchdog |
||
| + | 687 root 0:00 {DragonStarter.s} /bin/sh - /usr/bin/DragonStarter.sh -out2null |
||
| + | 689 root 0:00 macgyverd -f |
||
| + | 695 root 0:35 //usr/bin/dragon-prog |
||
| + | 703 root 0:00 init |
||
| + | 704 root 0:00 init |
||
| + | 705 root 0:00 /sbin/klogd -n |
||
| + | </pre> |
||
| + | ==pstree== |
||
| + | <pre> |
||
| + | init-+-DragonStarter.s-+-dragon-prog-+-{Behaviour} |
||
| + | | | |-{CKCM SERVER} |
||
| + | | | |-{Mario} |
||
| + | | | |-{MassStorage} |
||
| + | | | |-{NavdataSend} |
||
| + | | | |-{NetworkMonitor} |
||
| + | | | |-{Ntwk msgbox} |
||
| + | | | |-{NtwkDiscConnec} |
||
| + | | | |-2*[{ParrotAL_TIMER}] |
||
| + | | | |-{Photo Capture} |
||
| + | | | |-{Photo Record} |
||
| + | | | |-{Thread leds} |
||
| + | | | |-{Thread ms5607} |
||
| + | | | |-3*[{VideoMain}] |
||
| + | | | |-{colibry} |
||
| + | | | |-2*[{h264_venc}] |
||
| + | | | |-{hal} |
||
| + | | | |-{libgps_thread} |
||
| + | | | |-{thread_dxo} |
||
| + | | | |-{thread_us} |
||
| + | | | |-{thread_videoWi} |
||
| + | | | |-{thread_video_l} |
||
| + | | | |-3*[{v4l2:/dev/vide}] |
||
| + | | | |-{video_fix} |
||
| + | | | `-{video_rec} |
||
| + | | `-macgyverd |
||
| + | |-avahi-daemon |
||
| + | |-bcm-watchdog |
||
| + | |-ckcmd_redirect.-+-awk |
||
| + | | |-tail |
||
| + | | `-ulogger |
||
| + | |-eRide_aiding |
||
| + | |-gpio_monitor |
||
| + | |-inetd |
||
| + | |-2*[init] |
||
| + | |-klogd |
||
| + | |-mtp_server.sh---poll_file |
||
| + | |-rcS-+-logger |
||
| + | | `-ujubaclient-+-{Juba monitor} |
||
| + | | `-{jbd_run} |
||
| + | |-syslogd |
||
| + | |-telnetd |
||
| + | |-udevd---2*[udevd] |
||
| + | |-udhcpd |
||
| + | |-ulogcat |
||
| + | `-usb_mode |
||
| + | </pre> |
||
| + | ==mount== |
||
| + | <pre> |
||
| + | rootfs on / type rootfs (rw) |
||
| + | proc on /proc type proc (rw,relatime) |
||
| + | dev on /dev type devtmpfs (rw,relatime,size=165664k,nr_inodes=41416,mode=755) |
||
| + | tmp on /tmp type tmpfs (rw,relatime) |
||
| + | sys on /sys type sysfs (rw,relatime) |
||
| + | debug on /sys/kernel/debug type debugfs (rw,relatime) |
||
| + | devpts on /dev/pts type devpts (rw,relatime,mode=600) |
||
| + | none on /dev/cpuctl type cgroup (rw,relatime,cpu) |
||
| + | |||
| + | ubi0:factory on /factory type ubifs (rw,relatime) |
||
| + | ubi1:system on / type ubifs (rw,relatime) |
||
| + | ubi2:data on /data type ubifs (rw,relatime) |
||
| + | ubi2:update on /update type ubifs (rw,sync,relatime) |
||
| + | |||
| + | /dev/mmcblk0 on /data/ftp/internal_000 type ext4 (rw,noatime,discard,nobarrier,data=writeback) |
||
| + | </mount> |
||
| + | ==df -h== |
||
| + | <pre> |
||
| + | Filesystem Size Used Available Use% Mounted on |
||
| + | ubi1:system 42.2M 29.4M 10.7M 73% / |
||
| + | ubi0:factory 4.8M 100.0K 4.4M 2% /factory |
||
| + | ubi2:data 9.0M 96.0K 8.4M 1% /data |
||
| + | ubi2:update 28.0M 32.0K 26.5M 0% /update |
||
| + | /dev/mmcblk0 7.2G 2.2G 5.0G 30% /data/ftp/internal_000 |
||
| + | dev 161.8M 0 161.8M 0% /dev |
||
| + | tmp 161.9M 48.0K 161.8M 0% /tmp |
||
| + | </pre> |
||
Revision as of 00:03, 17 October 2015
Weight
Bebop 275g bat 1200 117g bat 1600 135g bat 2500 189g hull/carene 24g cache-cam 6g
Links
Officials
ARDroneSDK 3
- http://blog.parrot.com/2014/11/28/ardronesdk3-for-bebop-drone-and-minidrones-has-been-released/
- https://github.com/Parrot-Developers/ARSDKBuildUtils
- https://github.com/Parrot-Developers/Samples
- https://github.com/Parrot-Developers/bybop in python
Community
- http://www.bebopdrone.org/
- http://forum.parrot.com/usa/viewtopic.php?id=29088
- http://bebob.wikia.com/wiki/Bebob_Community_Drone_Hacking_Wiki
Hacks
- https://github.com/matthewlloyd/bebop Code repo disappeared but clones here:
- http://robotika.cz/robots/katarina/en
- https://github.com/hybridgroup/node-bebop control in node.js
Paparazzi
- http://wiki.paparazziuav.org/wiki/Main_Page
- http://wiki.paparazziuav.org/wiki/Bebop
- https://github.com/paparazzi/paparazzi
- https://github.com/paparazzi/paparazzi/tree/master/sw/airborne/boards/bebop
Security
Too easy to crash
http://securityaffairs.co/wordpress/39363/hacking/hacking-parrot-drones.html
telnet 192.168.42.1 ps | grep dragon kill -9 ###
Actually there is even quicker:
telnet 192.168.42.1 kk
WEP?
Apparently possible to setup WEP, or even WPA?
bcmwl addwep 0 1234567890 bcmwl wsec 1
Permanent (! reset wouldn't clean it, maybe flashing from USB?)
vi /sbin/broadcom_setup.sh At the end of the create_access_point Before the print out of success add the two lines: ------------- bcmwl addwep 0 1234567890 bcmwl wsec 1
Problem is that it may impact link quality and anyway it's incompatible with a SkyController...
telnet password
That's the minimum we can do:
telnet 192.168.42.1 # choose a new password passwd # fix bug in /etc/passwd (trailing spaces after /bin/sh) sed -i 's/ *$//' /etc/passwd # redirect root home to /home (where there is already a .bashrc) sed -i 's#/home/root#/home#' /etc/passwd # redirect telnet login to /bin/login sed -i 's/sh -l/login/' /bin/login.sh # reboot /bin/ardrone3_shutdown.sh
Tools
- https://github.com/Zepheus/ardrone3-pcap sniffing protocol
Misc data
ps ax
PID USER TIME COMMAND
1 root 0:02 init
2 root 0:00 [kthreadd]
3 root 0:00 [ksoftirqd/0]
4 root 0:00 [kworker/0:0]
5 root 0:00 [kworker/u:0]
6 root 0:00 [migration/0]
7 root 0:00 [watchdog/0]
8 root 0:00 [migration/1]
9 root 0:00 [kworker/1:0]
10 root 0:00 [ksoftirqd/1]
11 root 0:00 [watchdog/1]
12 root 0:00 [khelper]
13 root 0:00 [kdevtmpfs]
14 root 0:00 [netns]
15 root 0:00 [irq/1-p7mu]
16 root 0:00 [sync_supers]
17 root 0:00 [bdi-default]
18 root 0:00 [kblockd]
19 root 0:00 [khubd]
20 root 0:00 [rpciod]
21 root 0:00 [kworker/0:1]
22 root 0:00 [khungtaskd]
23 root 0:00 [kswapd0]
24 root 0:00 [fsnotify_mark]
25 root 0:00 [nfsiod]
26 root 0:00 [cifsiod]
27 root 0:00 [crypto]
37 root 0:00 [ubi_bgt0d]
38 root 0:00 [ubi_bgt1d]
39 root 0:00 [ubi_bgt2d]
40 root 0:00 [ci_otg]
41 root 0:00 [ci_otg]
42 root 0:00 [f_mtp]
43 root 0:00 [file-storage]
44 root 0:00 [kworker/1:1]
45 root 0:00 [deferwq]
46 root 0:00 [kworker/u:1]
54 root 0:00 [ubifs_bgt1_0]
80 root 0:00 [flush-ubifs_1_0]
103 root 0:00 /usr/bin/gpio_monitor /sys/devices/platform/user_gpio/USER_ON_OFF /bin/onoffbutton
170 root 0:00 [ubifs_bgt0_0]
171 root 0:00 [ubifs_bgt2_1]
172 root 0:00 [ubifs_bgt2_0]
201 root 0:00 udevd --daemon
210 root 0:00 udevd --daemon
211 root 0:00 udevd --daemon
228 root 0:00 [usb-thread]
232 root 0:00 [wl-thread]
342 root 0:00 udhcpd /etc/udhcpd.conf.eth0
351 root 0:00 {rcS} /bin/sh /etc/init.d/rcS
353 root 0:00 /usr/bin/ujubaclient
354 root 0:00 logger -t ujubaclient -p user.info
394 root 0:00 [irq/44-mmc0]
395 root 0:00 [kworker/u:2]
412 root 0:00 [mmcqd/0]
413 root 0:00 [mmcqd/0boot0]
414 root 0:00 [mmcqd/0boot1]
416 root 0:00 [spi1]
456 root 0:00 [jbd2/mmcblk0-8]
457 root 0:00 [ext4-dio-unwrit]
465 root 0:00 [kworker/0:2]
480 root 0:00 syslogd -s 1024 -b 4
493 root 0:00 eRide_aiding /data/ftp/internal_000/gps_data/eRide_data.bin
504 root 0:00 /usr/bin/usb_mode /sys/devices/platform/user_gpio/HOST_MODE_3V3 /sys/devices/platform/user_gpio/USB0_OC
508 root 0:00 {mtp_server.sh} /bin/sh /bin/mtp_server.sh start
519 root 0:00 inetd
524 root 0:00 avahi-daemon: running [WifiFonHotspot.local]
618 root 0:00 {ckcmd_redirect.} /bin/sh /usr/bin/ckcmd_redirect.sh
619 root 0:00 tail -F /var/log/messages
620 root 0:00 /usr/bin/awk -f /usr/bin/ckcmd_redirect.awk
622 root 0:00 /usr/bin/ulogger -t syslog -p I
623 root 0:00 telnetd -l /bin/login.sh
631 root 0:00 ulogcat -v ckcm
664 root 0:00 [flush-ubifs_2_1]
665 root 0:00 [flush-ubifs_0_0]
666 root 0:00 [flush-ubifs_2_0]
667 root 0:00 [flush-179:0]
675 root 0:00 poll_file -w /sys/devices/platform/ci_hdrc.0/udc/ci_hdrc.0/state
684 root 0:00 /usr/bin/bcm-watchdog
687 root 0:00 {DragonStarter.s} /bin/sh - /usr/bin/DragonStarter.sh -out2null
689 root 0:00 macgyverd -f
695 root 0:35 //usr/bin/dragon-prog
703 root 0:00 init
704 root 0:00 init
705 root 0:00 /sbin/klogd -n
pstree
init-+-DragonStarter.s-+-dragon-prog-+-{Behaviour}
| | |-{CKCM SERVER}
| | |-{Mario}
| | |-{MassStorage}
| | |-{NavdataSend}
| | |-{NetworkMonitor}
| | |-{Ntwk msgbox}
| | |-{NtwkDiscConnec}
| | |-2*[{ParrotAL_TIMER}]
| | |-{Photo Capture}
| | |-{Photo Record}
| | |-{Thread leds}
| | |-{Thread ms5607}
| | |-3*[{VideoMain}]
| | |-{colibry}
| | |-2*[{h264_venc}]
| | |-{hal}
| | |-{libgps_thread}
| | |-{thread_dxo}
| | |-{thread_us}
| | |-{thread_videoWi}
| | |-{thread_video_l}
| | |-3*[{v4l2:/dev/vide}]
| | |-{video_fix}
| | `-{video_rec}
| `-macgyverd
|-avahi-daemon
|-bcm-watchdog
|-ckcmd_redirect.-+-awk
| |-tail
| `-ulogger
|-eRide_aiding
|-gpio_monitor
|-inetd
|-2*[init]
|-klogd
|-mtp_server.sh---poll_file
|-rcS-+-logger
| `-ujubaclient-+-{Juba monitor}
| `-{jbd_run}
|-syslogd
|-telnetd
|-udevd---2*[udevd]
|-udhcpd
|-ulogcat
`-usb_mode
mount
rootfs on / type rootfs (rw) proc on /proc type proc (rw,relatime) dev on /dev type devtmpfs (rw,relatime,size=165664k,nr_inodes=41416,mode=755) tmp on /tmp type tmpfs (rw,relatime) sys on /sys type sysfs (rw,relatime) debug on /sys/kernel/debug type debugfs (rw,relatime) devpts on /dev/pts type devpts (rw,relatime,mode=600) none on /dev/cpuctl type cgroup (rw,relatime,cpu) ubi0:factory on /factory type ubifs (rw,relatime) ubi1:system on / type ubifs (rw,relatime) ubi2:data on /data type ubifs (rw,relatime) ubi2:update on /update type ubifs (rw,sync,relatime) /dev/mmcblk0 on /data/ftp/internal_000 type ext4 (rw,noatime,discard,nobarrier,data=writeback) </mount> ==df -h== <pre> Filesystem Size Used Available Use% Mounted on ubi1:system 42.2M 29.4M 10.7M 73% / ubi0:factory 4.8M 100.0K 4.4M 2% /factory ubi2:data 9.0M 96.0K 8.4M 1% /data ubi2:update 28.0M 32.0K 26.5M 0% /update /dev/mmcblk0 7.2G 2.2G 5.0G 30% /data/ftp/internal_000 dev 161.8M 0 161.8M 0% /dev tmp 161.9M 48.0K 161.8M 0% /tmp