DJI-Rev Mattermost Archive

Public Channels

3d

accidental_mishaps

aeroscope-droneid

anafi

android

android_apk_patching

archived_fw_flashing

asfaf

autel

b3yond

cic

configs

crystalsky_rooting

d3vl

dankdronedownloader

DJI T40

dji-15

dji-fly

dji-go

dji-mini-se

dji-nfz

dji-rev

dji-reverse-engineering

djifaq

djifpv

dji_retroroms_wiki

drone-scene

dronehacks

drone_news

EnhancedWifi

evo

fc_sd_card_work

fimi

firm_cache

flylusive

frida

general

general

general

general

goggles_rooting

grey-arrows-drone-club

H6

hardware

inspire2

ios_ipa_install

ios_ipa_reversing

justnoinlaws

litchi

m2_reversing

mattermost_migration

mavic2

mavic2zoom

mavicair

mavicmini

mavicmininfz

mavic_air_2

mavic_rooting

mimo

mini3pro

mini4pro firmware decode

msdk_reversing

naza3-lightbridge2

nfz-kurdistan

nld

p4p

p4_yaw_centering

parameter_settings

random

RemoteID

remove altitude

SDR Hardware

software_dji_gimbal

spark

spoon-feeding

starbuck_release

UK

venting

Messages in mimo

[2024-02-07 12:16:59] jcase : jcase joined the channel.
[2024-02-07 12:17:14] jcase : konraditurbe added to the channel by jcase.
[2024-02-07 12:17:27] jcase : uskve added to the channel by jcase.
[2024-02-07 12:17:36] jcase : since you both seem to have interest in it
[2024-02-07 12:17:41] konraditurbe : yep!
[2024-02-07 12:18:12] jcase : 1705547887964-DJI-Mimo-official-release-227159_sec.apk
[2024-02-07 12:18:17] jcase : is what i have on hand
[2024-02-07 12:18:20] jcase : and what ill unpack
[2024-02-07 12:19:04] konraditurbe : nice, latest one from https://www.dji.com/es/downloads/djiapp/dji-mimo
[2024-02-07 12:23:52] jcase :
[2024-02-07 12:24:01] jcase : base address 0x75d5ef3000
[2024-02-07 12:24:08] jcase : you will see a jump for jni_onload
[2024-02-07 12:24:11] jcase : 0 dont have that code atm
[2024-02-07 12:24:24] jcase : this is post self unpacking +_ rebuild
[2024-02-07 12:24:30] jcase : however i never implemented rebuild of the onload
[2024-02-07 12:26:28] jcase : note of interest, the obfuscated functions do not starte as p{hash value}
[2024-02-07 12:26:31] jcase : but as something else
[2024-02-07 12:26:37] jcase : pS$SISI5SSlS55$5S5_SIS$5ISlSlS_SI5_S0SISI5I5lSISlSISISIS5SlSlS0S0
[2024-02-07 12:26:39] jcase : like pS$SISI5SSlS55$5S5_SIS$5ISlSlS_SI5_S0SISI5I5lSISlSISISIS5SlSlS0S0
[2024-02-07 12:26:47] jcase : this is new to me for secneo
[2024-02-07 12:26:56] jcase : however this particular version does not have the new anti analaysis code in it
[2024-02-07 12:27:26] jcase : to get the unpacked lib, you have to dump the memory after execyution of dji_onload, like immediately after
[2024-02-07 12:27:30] jcase : then you can rebuild the lib
[2024-02-07 12:27:52] jcase : ok so now, i need to enumated all the functrions, because im not going to do the hard route like quarkslab lol
[2024-02-07 12:27:59] jcase : im going to let some code auto analyze it all for me
[2024-02-07 12:28:01] jcase : as im lazy
[2024-02-07 12:33:24] jcase : i need to learn to use jyupiter notebooks, i think it would be valuable for the repeatiative work i do
[2024-02-07 12:34:15] jcase : also need to finish and publish my disassembler/decompiler
[2024-02-07 12:34:26] jcase : i need to find a UI for it, because its clear i cant fucking make one worth using lol
[2024-02-07 12:34:30] jcase : binary ninja might be a good option
[2024-02-07 13:45:43] uskve : im mostahead with plugins for ghidra but its arm implenetations is extremly buggy
[2024-02-07 13:48:29] uskve : I never really understood why dji so heavily protects the mimo app but i guess they share large portions of codebase with the drone control stuff
[2024-02-07 14:21:15] jcase : @uskve https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
[2024-02-07 14:21:25] jcase : fwiw konrad just shared that today
[2024-02-07 14:21:40] jcase : viue got a lot of unexpected things today but ill lkeep pushing throug hit
[2024-02-07 14:58:40] uskve : just wow thanks
[2024-02-07 16:03:23] uskve : kudos to the author on that! Well documented
[2024-02-07 23:57:22] jcase : Had a real bad stressful day, legs numb as a result
[2024-02-08 00:13:04] uskve : I wish you a speedy recovery!
[2024-02-08 11:37:57] jcase : Getting going, will spend some time
[2024-02-08 22:59:06] jcase : This weekend perhaps, had a flare up
[2024-02-09 11:46:20] konraditurbe : Hoping for the best jcase
[2024-02-09 12:45:53] jcase : Ah fuck man
[2024-02-09 12:46:01] jcase : O man o man
[2024-02-09 12:46:11] jcase : I slept 8hr
[2024-02-09 12:46:21] jcase : If I sleep more than 4 it's really bad
[2024-02-09 14:51:56] uskve : fkc. recovery & regen. takes time. Also hope for the best. Get better.
[2024-02-10 03:22:26] accountfrompl : accountfrompl joined the channel.
[2024-02-12 20:44:56] lining-preps.0u : lining-preps.0u joined the channel.
[2024-02-12 20:46:06] lining-preps.0u : @lining-preps.0u left the channel.
[2024-02-18 09:36:38] jcase : sorry, but rough week, im up at 2am today sick :/ however that means im writing a custom arm emulator so i can fully strip these native libs
[2024-02-18 10:00:47] konraditurbe : Oh man, hope you get better
[2024-02-18 13:19:30] jcase : me too man
[2024-02-18 13:19:41] jcase : week after next
[2024-02-18 13:19:58] jcase : im playing with unicorn engine atm
[2024-02-18 13:20:30] jcase : i have working unpacking of the native libs, but its not back to "original" just working
[2024-02-18 13:20:42] jcase : i want to write an article about bringing the native libs back to original state
[2024-02-19 05:23:34] rameezahmed1998 : rameezahmed1998 joined the channel.
[2024-02-19 17:46:25] theufodroner : theufodroner joined the channel.
[2024-02-19 17:47:04] theufodroner : @theufodroner left the channel.
[2024-02-20 20:27:04] jcase : ok going to give shit another go in a bit
[2024-02-20 20:28:07] jcase : this was my weekend, i wrote a Binary ninja plugin that uses qemu/unicorn engine ot emulate ARM instructions
[2024-02-20 20:28:23] jcase : and lets the library unpack itself right into binary ninja
[2024-02-20 20:28:23] jcase : lol
[2024-02-20 20:28:32] jcase : i had to implement syscalls etc
[2024-02-20 20:28:37] jcase : its not perfect but its working
[2024-02-20 23:33:57] jcase : and now its working on mimo lol
[2024-02-20 23:56:08] uskve : wow congratulations man!
[2024-02-21 02:27:16] jcase : @uskve @konraditurbe either of you have binary ninja?
[2024-02-21 02:27:33] uskve : I do.
[2024-02-21 02:40:34] jcase : what version?
[2024-02-21 18:36:48] jcase : i got tentative approval to publish some of my dji deobfuscators
[2024-02-21 18:37:01] jcase : dji has used a few obfuscators, secneo, stringfog, pluto and another one
[2024-02-21 18:37:14] jcase : pluto is hte only one i havent written a deobfuscator for, and im working it now
[2024-03-19 09:38:32] jcase : fuck me
[2024-03-19 09:38:38] jcase : dont look at the agras app
[2024-03-19 09:38:43] jcase : its react native
[2024-03-19 09:38:50] jcase : 53mb obfuscated javascript
[2024-03-19 09:38:56] jcase : lolololl im not touching it
[2024-03-19 09:39:19] jcase : im giong to try and finish the libdexjni thing
[2024-03-19 09:39:21] jcase : soon
[2024-03-19 09:39:28] jcase : back acting up again an work shit
[2024-07-01 17:30:14] mrsmith : mrsmith joined the channel.
[2024-07-26 15:53:41] ogini_ayotanom : ogini_ayotanom joined the channel.
[2024-09-09 14:41:58] ar2rgo : ar2rgo joined the channel.
[2024-10-14 16:01:44] user1 : user1 joined the channel.
[2025-01-06 18:41:53] trunk2 : trunk2 joined the channel.