Drafted by Garrett 6/2/17, updated by Yingfei 6/3/17
1. Complete packet capture for WiFi control models (Garrett Johnson & Hualiang Li):
a) 3DR Solo - mostly complete. Need to scrutinize .pcap files
(YINGFEI: we need both versions (plaintext and WPA2 encrypted). So, we can have a better idea what they may exchanged at certain time with certain size or frequency.)
YINGFEI: 6/10. We need to capture the plaintext version too, in order to understand how the control commands/protocols work. So, we can easily compare with WPA2 version.
b) Intel Aero - need to capture traffic to identify unique identifiers.
(YINGFEI: we need at least two versions (plaintext and WPA2 encrypted)
c) Parrot BeBop - need to capture traffic to identify unique identifiers.
(YINGFEI: we need both versions (plaintext and WPA2 encrypted).
YINGFEI: Goal: we need to find
(0) basic control packet formats of each type pf drones: from source code, or reverse engineering
(1) static patterns, such as packet size, probe frequency, SSID, channel, etc.
(2) dynamic patterns: more useful for encrypted frames because we cannot see the payload. Such as a sequence of packets: a sequence of sizes, their timing, interval, probe/response patterns, etc.
(3) Garrett, I don't think Maverick and Tallas is ready to work on hacking part. They probably need to learn the sniffing and network related issues first.
** Need to highlight system vulnerabilities so that we can exploit them in phase 2 of the project.
2) Investigate Wifi Drone Hacking (Dallas and Garrett):
* Attempt hacking/control of the three wifi control models we posses. Document the projects on Professor Dong's UAS webpage to include: A writeup of methodology and a YouTube video showing the entire process.
a) Document hacking of Parrot BeBop (Dallas and Garrett)
YINGFEI: Garrett, Dallas has put some related info on the page. Please organize the thoughts into a presentation style. So, we can present to external audience. For example, I like to do a recruiting talk at the beginning of the Fall to get more good students join us. We also will have 6 to 8 ROTC cadets like Maverick and Tallas join us.
b) Investigate possibility of intercepting firmware update for DJI Phantom 3 and 4 using a curl listener.
YINGFEI: Garrett, please add a link here if you found some resources. I didn't follow up on this.
3) Attempt decompiling of LightBridge Protocol (Dallas and Garrett).
a) A GREAT read on light bridge (https://www.dedrone.com/en/newsroom/blog-detail/dedrones-dronetracker-software-platform-detects-entire-dji-product-line-through-lightbridge-1-2-and-ocusync)
b) Potential to use an FTDI cable to hack into DJI system hardware to intercept comms.
4) Build automated profiling database based on unique identifiers of drones indentified (for field use). Use a decision tree.
a) continue where Hualiang left of with his C++ program to reformat .pcap files.