Case 1. Default setting with WPA.
All 2.4 GHz communications utilize Channel 1. Channel is static and does not 'hop' through multiple iterations.
Source address = 00:c2:c6:d3:11:a7
SSID: CR_AP-00C2C6D311A7
Filter Wireshark capture channel to solely capture traffic on Channel 1 using the following command (in terminal on Mac):
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport -I -c 1
Every packet transmitted for the entire capture session was 226 bytes in length. Approximately every 7.742 seconds, the controller sends a probe request to the drone to ensure connectivity, in which the drone returns a 38 byte acknowledgement.
To filter out any noise/unwanted devices in Wireshark, apply the display filter wlan.addr == 00:c2:c6:d3:11:a7
Method 1. (Dallas). Examine their default firmware to figure out a basic attack.
- Intel Aero has a default IP of 192.168.1.1 in Access Point (AP) mode.
- WPA2 PSK: 1234567890
Method 2. Examine their source code to see if we can confirm we learn from the firmware.
Case 2. Disable WPA. So, we can see what commends and packets they exchange.