Messages in ios_ipa_reversing
[2017-08-08 03:49:16]
hostile :
@hostile has joined the channel
[2017-08-08 03:49:17]
hostile :
set the channel description: Apple stuff!
[2017-08-08 03:49:35]
czokie :
@czokie has joined the channel
[2017-08-08 03:49:39]
hostile :
Ok mate...
[2017-08-08 03:49:40]
hostile :
<https://github.com/KJCracks/Clutch>
[2017-08-08 03:51:14]
ripko :
@ripko has joined the channel
[2017-08-08 03:51:48]
hostile :
This is a previously decrypted .ipa... someoen would have used something like "Clutch" above. <http://www.filehosting.org/file/details/680053/DJI%20GO%204For%20Spark%20P4%20Series%20Mavic%20and%20Inspire%202%20[DJI]%20(v4.1.3%20v2903%20Univ%20FW%20DY%20LP%20os90).rc336_1001.ipa>
[2017-08-08 03:55:05]
fldatatek :
@fldatatek has joined the channel
[2017-08-08 04:05:55]
czokie :
I guess that is your way of giving me a gentle nudge along.... but thanks @hostile
[2017-08-08 04:05:57]
czokie :
:slightly_smiling_face:
[2017-08-08 04:10:39]
goof :
@goof has joined the channel
[2017-08-08 04:17:25]
jcarlo :
@jcarlo has joined the channel
[2017-08-08 04:25:38]
pure3d :
@pure3d has joined the channel
[2017-08-08 04:35:46]
czokie :
OK. I had a chat to @hostile - I am up for learning how to pull apart IOS app's beginning to end. So far: I have 1. Downloaded all IPA's using the charlesproxy method. 2. Installed Clutch from the git link provided by hostile. 3. Started following build instructions at <https://github.com/KJCracks/Clutch/blob/master/README.md> ... but the xcode clean build is failing. I am guessing its due to the Disable SDK code signing requirement not functioning as expected in the instructions.
[2017-08-08 04:36:14]
czokie :
=== BUILD TARGET Clutch OF PROJECT Clutch WITH THE DEFAULT CONFIGURATION (Release) ===
Check dependencies
No profiles for 'kjc.Clutch' were found: Xcode couldn't find a provisioning profile matching 'kjc.Clutch'.
Code signing is required for product type 'Application' in SDK 'iOS 10.3'
*** BUILD FAILED ***
The following build commands failed:
Check dependencies
(1 failure)
[2017-08-08 04:36:31]
pure3d :
will these decrypted IPAs only work on jailbroken devices?
[2017-08-08 04:37:02]
czokie :
First time playing with this for me.... but decryption is required to dig into the innards...
[2017-08-08 04:37:46]
czokie :
what I do know - there are instructions in various parts of the net that tell people how to side load self signed apps on IOS - so hypothetically if we decrypt, tweak, and provide a "user guide" on how to self sign and install, that is possible....
[2017-08-08 04:40:03]
hostile :
@pure3d sure
[2017-08-08 04:40:12]
hostile :
<https://github.com/Naituw/IPAPatch>
[2017-08-08 04:40:25]
pure3d :
Ooo interesting
[2017-08-08 04:41:47]
czokie :
@hostile - will xcode read SDKSettings.plist from ~ or from cwd during build process? I tried tweaking in both locations, but still failing to build Clutch.
[2017-08-08 04:41:56]
hostile :
get it from Cydia...
[2017-08-08 04:42:00]
hostile :
I've never compiled it
[2017-08-08 04:42:08]
czokie :
hheheheh
[2017-08-08 04:42:14]
hostile :
cydia...
[2017-08-08 04:42:18]
hostile :
fuck compiling it
[2017-08-08 04:42:29]
hostile :
I don't fuck with iOS dev man too much headache
[2017-08-08 04:43:02]
hostile :
<https://github.com/KJCracks/Clutch/releases>
[2017-08-08 04:43:09]
hostile :
or use the Releases .ipa
[2017-08-08 04:43:15]
mavicbreak :
@mavicbreak has joined the channel
[2017-08-08 04:43:53]
exculpo :
@exculpo has joined the channel
[2017-08-08 04:44:05]
hostile :
<https://github.com/KJCracks/Clutch/releases/download/2.0.4/Clutch-2.0.4>
[2017-08-08 04:49:01]
mavicbreak :
@czokie correct. Cydia Impactor is the way.
[2017-08-08 04:50:28]
czokie :
OK. Back in a bit - distracted...
[2017-08-08 05:11:42]
bjoneseying :
@bjoneseying has joined the channel
[2017-08-08 05:14:23]
goof :
<https://youtu.be/mzjRNvv69M8>
as someone eluded to yesterday, 10.3.2 **may** have a point and click consumer jailbreak coming soon.
if you want to play with cydia and already have a device on 10.3.3, downgrade to 10.3.2 while Apple are still signing it
[2017-08-08 05:22:29]
tylkologin :
@tylkologin has joined the channel
[2017-08-08 05:36:43]
czokie :
I had 10.3.2 - but already upgraded to 10.3.3 because of some instability issues in 10.3.2 ... Jailbreak was next on my list...
[2017-08-08 05:39:15]
czokie :
but might need to downgrade :disappointed:
[2017-08-08 05:39:56]
funkyjunky :
@funkyjunky has joined the channel
[2017-08-08 05:40:04]
pure3d :
disable find my phone first
[2017-08-08 05:40:56]
pure3d :
shutdown your device, then hold home button, connect to PC, open itunes, shift+click on update/check upgrade then select the 10.3.2 ipsw for your device
[2017-08-08 05:41:06]
pure3d :
this way, it does a downgrade without wiping your phone
[2017-08-08 05:47:04]
goof :
yeah the 10.3.2 jailbreak isn't here yet, but with userland debugging confirmed working it'll be a bit easier for someone to find a kernel exploit, if it exists
[2017-08-08 05:47:33]
goof :
and if people are stuck on 10.3.3 and apple stops signing 10.3.2 it'll be tricky to downgrade later
[2017-08-08 05:48:55]
pure3d :
all jailbreaks now are tethered jailbreaks, not untethered
[2017-08-08 05:49:03]
pure3d :
haven't seen an untethered jailbreak since ios 9
[2017-08-08 05:49:13]
pure3d :
or was it ios 8
[2017-08-08 06:02:09]
luccavento :
@luccavento has joined the channel
[2017-08-08 06:03:05]
jan2642 :
@jan2642 has joined the channel
[2017-08-08 06:03:42]
goof :
9.1 was last untethered I think
[2017-08-08 06:03:44]
goof :
<https://canijailbreak.com/>
[2017-08-08 06:07:12]
jayemdee :
@jayemdee has joined the channel
[2017-08-08 06:11:20]
czokie :
@pure3d - Shift click keeps offering 10.3.3 - not offering downgrade
[2017-08-08 06:11:21]
czokie :
sigh
[2017-08-08 06:13:44]
czokie :
Nvm. Found it.
[2017-08-08 06:18:14]
czokie :
You will need to special click on “Restore iPhone…”. That is a alt/option click on Mac or a Shift click in Windows. Hold the key and then click. This will open up a prompt so that you can search for the iOS 10.3.2 ipsw file you downloaded.
[2017-08-08 06:18:53]
pure3d :
I didn't click on restore
[2017-08-08 06:19:03]
pure3d :
restore downgrades and wipes your device
[2017-08-08 06:19:15]
czokie :
Just that from the instructions I was reading - its alt/option click - not shift click
[2017-08-08 06:19:21]
czokie :
Bloody windows users.
[2017-08-08 06:20:09]
pure3d :
there are 2 buttons to shift+click/option+click: check for update/update or restore
[2017-08-08 06:20:27]
pure3d :
I option+clicked on the check for update (left of the restore button)
[2017-08-08 06:20:35]
pure3d :
then I was able to choose the ipsw for my phone
[2017-08-08 06:20:44]
czokie :
Just gonna do a backup first... Save some pain.
[2017-08-08 06:20:45]
pure3d :
it downgraded without wiping then restoring from backup
[2017-08-08 06:20:58]
czokie :
Yep - gotcha - I tried shift before.... but wasnt doing anything.
[2017-08-08 06:21:11]
pure3d :
I hate how restoring from backup doesn't restore your music
[2017-08-08 06:21:33]
pure3d :
if you manually manage your music, you have to copy the songs to the device again
[2017-08-08 06:21:48]
czokie :
I have got borked itunes library anyway.... Need to fix one day. I have the raw files and an old itunes database. Just never got around to fixing it.
[2017-08-08 06:21:51]
goof :
I used to use checkmarks for that
[2017-08-08 06:22:17]
goof :
check anything I manually copied, then have a playlist matching all checked music
[2017-08-08 06:22:32]
goof :
so I could just copy that playlist over after a restore
[2017-08-08 06:22:47]
pure3d :
@goof that's because you're smart
[2017-08-08 06:22:52]
goof :
:stuck_out_tongue:
[2017-08-08 06:22:58]
pure3d :
dumb people like me have to suffer lol
[2017-08-08 06:43:35]
opcode :
@opcode has joined the channel
[2017-08-08 06:46:24]
kilrah :
@kilrah has joined the channel
[2017-08-08 06:47:07]
czokie :
OK. Going back to 10.3.2 now - On the dark side of the moon.
[2017-08-08 07:05:06]
the_lord :
@the_lord has joined the channel
[2017-08-08 07:12:24]
goof :
Yeah, might be worth saving the sh blobs for your current iOS + 10.3.2 incase there's a kernel hole found on 10.3.2. If such an exploit is discovered Apple will likely stop signing 10.3.2 and you'll have missed the boat so to speak.
[2017-08-08 07:12:42]
kilrah :
ok, ipad pro downgraded to 10.3.2 jsut in case...
[2017-08-08 07:12:55]
goof :
Can you use blobs from another device to unofficially upgrade or do they have to be saved from your own device?
[2017-08-08 07:19:40]
goof :
<https://ios.gadgethacks.com/how-to/save-your-iphones-shsh2-blobs-so-you-can-downgrade-ios-for-future-jailbreak-methods-0177464/>
you can save the shsh2 once you're on 10.3.2 and then update back to latest if you need it for stability / security / whatever
the shsh2 can be used to install 10.3.2 later even after Apple stops signing it
[2017-08-08 07:21:24]
goof :
hmm
[2017-08-08 07:21:41]
goof :
apparently Prometheus only works on jailbroken devices
[2017-08-08 07:22:24]
goof :
so even if you have the 10.3.2 blobs, it still relies on Apple's signing to work if the device isn't jailbroken :confused:
[2017-08-08 07:24:01]
kilrah :
<https://www.youtube.com/watch?v=BIMx2Y13Ukc>
[2017-08-08 07:24:12]
kilrah :
that seems to work without jailbreak
[2017-08-08 07:24:20]
kilrah :
in my case i'm already jailbroken so easy
[2017-08-08 07:25:24]
goof :
Also seems to work later if you save the shsh2 with the Prometheus suite
[2017-08-08 07:26:10]
goof :
since it sets up something in either the device or the shsh2 to make the collision guaranteed, even without a jailbreak :smile:
[2017-08-08 07:27:13]
baboom :
@baboom has joined the channel
[2017-08-08 07:32:25]
kilrah :
<http://www.idownloadblog.com/2017/02/22/prometheus-2-use-futurerestore/>
[2017-08-08 07:33:54]
rulppa :
@rulppa has joined the channel
[2017-08-08 07:35:21]
kilrah :
has to be from the particular device
[2017-08-08 07:48:46]
tylkologin :
honestly... I'm afraid of jailbreaking. Last time I did it 2 years ago on IOS9. But now I have my financial data (apple pay), health data on my phone. I decided not to jailbreak. An alternative is to have separate device with differente apple ID, but I don't want to spend my money on additional phone :slightly_smiling_face:
[2017-08-08 07:50:17]
kilrah :
I don't care for those payment/health stuff, always disabled
[2017-08-08 10:11:31]
czokie :
So - Yalu Jailbreak Beta 9 [ Under Development ] – iOS 10.3.2 Supported was the closest I could find - but not yet available. Is that the consensus for 10.3.2 - not yet?
[2017-08-08 10:21:05]
kilrah :
as said by @goof earlier "10.3.2 **may** have a point and click consumer jailbreak coming soon."
[2017-08-08 10:27:33]
czokie :
So assume that those are script jailbreaks .... Gee those guys are slow - we're faster getting our point and click stuff out :slightly_smiling_face:
[2017-08-08 10:30:11]
kilrah :
not many people left in the jailbreak scene, don't go piss off the few that remain...
[2017-08-08 10:30:23]
kilrah :
most got bored of it
[2017-08-08 10:31:29]
czokie :
Dont worry - was not going to go anywhere near em - I'm guessing a bit of a clique community....
[2017-08-09 06:20:34]
czokie :
So - family and work commitments for next 24 hours. Summary of where I am. 10.3.2 = no jailbreak, so no decrypting till one comes. On that basis, when I get some more time - will play with the one decrypted ipa file - Fun to come...
[2017-08-09 07:03:02]
kilrah :
all versions 4.0.0-4.1.5 are posted BTW
[2017-08-09 07:58:44]
kilrah :
believe that was the link <http://www.filehosting.org/file/details/685546/ios_400-415.zip>
[2017-08-09 13:18:42]
hostile :
those are all decrypted?
[2017-08-09 13:42:59]
kilrah :
yes
[2017-08-09 15:26:38]
jcarlo :
@kilrah can I use those files without my device being jail broken
[2017-08-09 15:36:02]
opcode :
@jcarlo no.
[2017-08-09 15:36:48]
opcode :
files downloaded from the AppStore get signed to your personal account. no side installation without jailbreak possible.
[2017-08-09 15:56:12]
jcarlo :
Thanks. Dam I need get a used iPhone to jailbreak
[2017-08-09 16:44:05]
kilrah :
Yes you can use them using cydia impactor as explained in ~general a day or 2 ago, search it
[2017-08-09 16:53:37]
sbpoole :
Don't you have to re-sign the cracked apps every seven days when using impactor?
[2017-08-09 17:32:46]
kilrah :
yep
[2017-08-09 17:32:50]
kilrah :
price to pay…
[2017-08-10 15:34:05]
tylkologin :
AFAIK nobody found any suspicious code in IPA version of DJI Go. During last two days I made some test and it looks like someting strange is going on. I repeated these steps several times and always had the same result. Steps:
1. Turn off automatic app updates on iPhone.
2. Remove any DJI apps.
3. Install DJI Go 4.0.8.
4. Fly :slightly_smiling_face:
5. After some time update information appears in App Store. Ignore it.
6. After 24hours update information disappears. In App Store you can find DJI Go app on already updated list!!!
What is very interesting is that normally I the application updates itself you can see small blue dot near app icon. I didn't have any information near DJI Go app. When I found out that it has been updated I just run it and... WOW... it is 4.1.5.
[2017-08-10 15:34:13]
tylkologin :
How they did it???!
[2017-08-10 15:34:47]
hostile :
"AFAIK nobody found any suspicious code in IPA version of DJI Go." not sure that is a factual statement FWIW. =] Just no tinker.
[2017-08-10 15:39:14]
tylkologin :
Will check one time more. DJI app will be downloaded with different account (apple id).
[2017-08-10 17:31:07]
jcarlo :
My app update is off. In cellular settings the dji go app is off. Never have a problem. Fw 400 go4 4.0.4 or fw 700 go4 4.0.8
[2017-08-11 18:12:57]
hostile :
does anyone @here have the files from <http://www.filehosting.org/file/details/685546/ios_400-415.zip> ? I can't get the damn things to download.
[2017-08-11 18:27:54]
kilrah :
@hostile that seems to be the direct link, jsut worked for me <http://www.filehosting.org/file/download/685546/a3rPUFhbKQXxUMU6>
[2017-08-11 18:28:12]
kilrah :
fuck they invalidate direct links
[2017-08-11 18:28:19]
kilrah :
anyway it worked...
[2017-08-11 18:28:23]
kilrah :
wait a sec
[2017-08-11 18:31:56]
hostile :
thanks. the damn thing refused to email ANY of my addresses. =]
[2017-08-11 18:32:28]
kilrah :
yeah it seems ot doesn't want the trash addresses for downloads... normal one does work
[2017-08-11 18:32:45]
kilrah :
will make a torrent
[2017-08-11 18:43:01]
kilrah :
@cs2000 maybe you can add to your page
[2017-08-11 18:43:05]
cs2000 :
@cs2000 has joined the channel
[2017-08-11 18:45:13]
kilrah :
@hostile :arrow_up:
[2017-08-12 22:34:49]
fldatatek :
@hostile Did you get that file? If not I am downloading it and can upload it where you can get it
[2017-08-12 22:47:38]
czokie :
Thanks to @kilrah for the torrent....
[2017-08-12 22:48:43]
czokie :
Did you do the decrypt, or find the files elsewhere?
[2017-08-13 09:03:17]
czokie :
OK - Still downloading from torrent :slightly_smiling_face:
[2017-08-13 12:53:16]
hostile :
@fldatatek nope... my computer was like FUCK you Torrent! I've decided to not worry about it for the time being
[2017-08-13 13:08:52]
czokie :
Mine is still trying to download....
[2017-08-13 18:45:20]
kilrah :
meh sorry for the slow seed, rebooted router and it's much better now :disappointed:
[2017-08-13 21:01:34]
hostile :
<https://twitter.com/d0tslash/status/896839017567793153>
[2017-08-13 21:19:02]
opcode :
Could you find out, what these tencent dB tables in iOS mean? Remember them? I uploaded them here some time ago.
[2017-08-13 21:19:33]
opcode :
I suspected NFZ updates in the Background via Tinker.
[2017-08-13 21:43:20]
hostile :
JSPatch just found...
[2017-08-13 23:22:59]
czokie :
Did you ever get a response from Google? Is it time to play the apple takedown game? Considering the strong PR that apple has put on hotpatching
[2017-08-14 00:04:57]
hostile :
This could be bad news.... needs more confirmation
$ grep jspatch DJI\ GO\ 4For\ *1 -ri
Binary file DJI GO 4For Phantom 4 Series Mavic and Inspire 2 [DJI] (v4.1.0 v2874 Univ FW DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
Binary file DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.0.0 v2753 Univ DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
Binary file DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.0.1 v2774 Univ DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
Binary file DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.0.2 v2776 Univ DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
Binary file DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.0.3 v2825 Univ FW DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
Binary file DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.0.4 v2821 Univ FW DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
Binary file DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.0.5 v2836 Univ FW DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
Binary file DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.0.6 v2855 Univ FW DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
Binary file DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.0.7 v2860 Univ FW DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
<https://github.com/bang590/JSPatch>
[2017-08-14 00:05:34]
hostile :
@here JSPatch is nasty shit.... just like Tinker.
[2017-08-14 00:31:28]
fldatatek :
Oh fun.. :disappointed:
[2017-08-14 01:03:43]
hostile :
Hot or Not? The Benefits and Risks of iOS Remote Hot Patching: Episode 1: JSPatch - <https://www.fireeye.com/blog/threat-research/2016/01/hot_or_not_the_bene.html>
[2017-08-14 01:11:15]
hostile :
“JSPatch can be used to update a faulty iOS app on his blog” - <http://blog.cnbang.net/works/2767/>
[2017-08-14 01:12:00]
hostile :
@freaky123 @martinbogo .... -^
[2017-08-14 01:12:08]
freaky123 :
@freaky123 has joined the channel
[2017-08-14 01:12:08]
martinbogo :
@martinbogo has joined the channel
[2017-08-16 19:47:20]
martinbogo :
Indeed.
[2017-08-16 19:52:37]
hostile :
never mind the Cake Playground I found after ward....
[2017-08-16 19:53:04]
hostile :
<https://twitter.com/d0tslash/status/897319280672428032>
[2017-08-17 18:11:07]
hostile :
@jan2642 you are in here right?
[2017-08-17 18:11:54]
hostile :
can you help @aerialeyes track down how some of these tables are used?
[2017-08-17 18:11:56]
hostile :
$ sqlite3 /Users/kfinisterre/Desktop/datastore.sqlite
SQLite version 3.16.2 2017-01-06 16:32:41
Enter ".help" for usage hints.
sqlite> .tables
ZDBPHOTO ZDBVIDEO ZLOCALRES ZTEMPLATEINFO Z_MODELCACHE
ZDBUSER ZEXPLORECACHE ZREMOTERES Z_METADATA Z_PRIMARYKEY
[2017-08-17 18:11:59]
aerialeyes :
@aerialeyes has joined the channel
[2017-08-17 18:13:01]
aerialeyes :
Thanks @hostile
[2017-08-17 18:32:27]
tylkologin :
@aerialeyes I have never seen anything in these tables. Except Z_METADATA and Z_MODELCACHE. I did some test (take photo, remove photo, create video, remove video). All of them were empty.
[2017-08-17 18:32:29]
tylkologin :
sqlite> .schema Z_MODELCACHE
CREATE TABLE Z_MODELCACHE (Z_CONTENT BLOB);
sqlite> .schema Z_METADATA
CREATE TABLE Z_METADATA (Z_VERSION INTEGER PRIMARY KEY, Z_UUID VARCHAR(255), Z_PLIST BLOB);
[2017-08-17 18:32:41]
tylkologin :
These two contain only one raw
[2017-08-17 18:36:05]
aerialeyes :
@tylkologin Thanks.
Did you test using the upload flight log option?
[2017-08-17 18:37:53]
tylkologin :
What do you mean by 'upload flight' option?
[2017-08-17 18:38:00]
tylkologin :
Can't find it
[2017-08-17 18:41:33]
aerialeyes :
Using the app, the "Sync flight records" UI
[2017-08-17 18:43:03]
hostile :
@tylkologin have you gone back in and played the videos from the video editor?
[2017-08-17 18:43:19]
aerialeyes :
My focus is on determining the exact content that is uploaded both when triggered and behind the scens
[2017-08-17 18:43:21]
hostile :
also you'd need to realtime monitor the file... stuff could go in and instantly get deleted
[2017-08-17 18:43:45]
tylkologin :
Yes. I did. I played them and create some new using internal editor/wizard.
[2017-08-17 18:44:08]
hostile :
$ grep MODELCACHE . -ri
Binary file ./Payload/DJI GO 4.app/DJI GO 4 matches
[2017-08-17 18:44:15]
hostile :
you need to open the file in hopper @aerialeyes
[2017-08-17 18:44:39]
tylkologin :
@aerialeyes I understand. Will do some tests and come back to you.
[2017-08-17 18:45:17]
tylkologin :
Will have some free time 'cause my wife is leaving for a party on Saturday :smile:
[2017-08-17 18:45:37]
aerialeyes :
I appreciate it !
[2017-08-17 18:46:02]
hostile :
modelCache
T@"ASSStorageModel",&,V_modelCache
[2017-08-17 18:46:24]
aerialeyes :
I only have free tools for binary review
[2017-08-17 18:46:47]
hostile :
well... man up
[2017-08-17 18:47:00]
hostile :
we've all spent loads of loot here to bring the scene up to the minute shit
[2017-08-17 18:47:09]
hostile :
my JEB license costs me $180 a month
[2017-08-17 18:47:18]
hostile :
<https://sites.fastspring.com/hopperapp/product/hopperdisassemblerv4>
[2017-08-17 18:47:23]
hostile :
hopper costs you $99 **once**
[2017-08-17 18:47:33]
hostile :
many here have bricked PILES of boards heh for the cause. =]
[2017-08-17 18:47:40]
hostile :
come to the darkside... we have cookies.
[2017-08-17 18:47:46]
aerialeyes :
HAHA!
[2017-08-17 18:48:40]
aerialeyes :
Ive always stayed away from the deep dive...I leave it to experts like you
[2017-08-17 18:48:41]
hostile :
may wanna go the "Try it free" route...
[2017-08-17 18:48:45]
hostile :
don't
[2017-08-17 18:48:50]
hostile :
if you've come here to learn
[2017-08-17 18:48:56]
hostile :
then learn... this is no where near DEEP
[2017-08-17 18:49:00]
hostile :
feed your brain sir
[2017-08-17 18:49:17]
hostile :
many of the guys here will tell you I am a hard ass about pushing people to learn...
[2017-08-17 18:49:40]
hostile :
the guy that wrote pyduml
[2017-08-17 18:49:54]
aerialeyes :
exactly! you know what I do everyday.
This is starting to get more of my time day by day
[2017-08-17 18:49:56]
hostile :
that was his "2nd python script ever"
[2017-08-17 18:50:10]
hostile :
tell us about it.. we work, and stay up till 4am =]
[2017-08-17 18:50:20]
hostile :
type "sleep" into the search bar for a laugh lol
[2017-08-17 18:50:42]
aerialeyes :
Yup...I get about 3-5 a night if Im lucky!
[2017-08-17 18:50:51]
hostile :
cool...
[2017-08-17 18:50:56]
hostile :
tonight... you spend an hour in Hopper
[2017-08-17 18:50:57]
hostile :
=]
[2017-08-17 18:51:30]
hostile :
"I took the app and opened with 7zip.. Been plist reading with PLIST editor pro and decompiling with PE" from your PM... will get you so far. Let me tell you why
[2017-08-17 18:51:44]
hostile :
number 1: Pe explorer is for windows apps, dlls, 32 bit things generically speaking
[2017-08-17 18:51:54]
hostile :
this is not a .exe, or a .dll, or otherwise
[2017-08-17 18:52:02]
hostile :
which is why I am pushing you to get the right tool in hand
[2017-08-17 18:52:08]
aerialeyes :
I only work on windows..thats why i didnt download hopper.. I only saw MAC versions
[2017-08-17 18:52:09]
hostile :
you are trying to chop down a tree with a spoon right now
[2017-08-17 18:52:38]
hostile :
• Hopper Disassembler v3 for Linux requires Debian 8.0, Ubuntu 14.04, Arch Linux, Fedora 20 or higher, and a 64 bits processor.
[2017-08-17 18:52:42]
hostile :
you can run it in a VM
[2017-08-17 18:52:43]
hostile :
easily
[2017-08-17 18:53:25]
hostile :
<https://www.hex-rays.com/products/ida/support/download_demo.shtml>
[2017-08-17 18:53:31]
hostile :
this MAY out of box demo work on .ipa file
[2017-08-17 18:55:41]
aerialeyes :
"The demo version is not available for the moment, sorry!"
[2017-08-17 19:00:27]
hostile :
let me just say.... I don't think it is hard to get one of these two solutions up and running... either **find** you a copy of IDA pro (insert scruples statement here), or Put linux on a VM and run Hopper... but what ever you do... PE explorer has its limits in your ability to learn from it.
[2017-08-17 19:00:45]
hostile :
you are peering in through the window of the car... I'm giving you the key to get inside.
[2017-08-17 19:00:56]
hostile :
if you don't know linux... for hopper... time to learn
[2017-08-17 19:01:13]
hostile :
hell... @the_lord literally bought a Mac... to code on RedHerring, etc.
[2017-08-17 19:01:23]
hostile :
he's not even a Mac user
[2017-08-17 19:02:40]
hostile :
in 2 seconds I was able to google an old demo... <https://out7.hex-rays.com/files/idademo69_windows.exe>
[2017-08-17 19:02:56]
hostile :
anyway... use / feed your brain. Get either IDA pro, or Hopper...
[2017-08-17 19:03:03]
hostile :
spend your time wisely, not in PE Explorer
[2017-08-17 19:27:46]
aerialeyes :
I really do appreciate the support and push to learn!
I will get the tools that I need!
[2017-08-17 19:28:16]
aerialeyes :
I'm working on something for our buddy in S.A at the moment.
[2017-08-17 19:36:09]
hostile :
take your time! This place will be here. we are all used to asynchrony in our interaction.
[2017-08-17 20:17:51]
hostile :
for anyone trying to packet capture on your iOS device... <https://useyourloaf.com/blog/remote-packet-capture-for-ios-devices/>
[2017-08-17 21:53:18]
tylkologin :
@hostile thanks for this link. good to know.
[2017-08-18 02:11:13]
hostile :
good for debugging... <https://github.com/nabla-c0d3/ssl-kill-switch2>
[2017-08-18 06:13:16]
jan2642 :
About those tables: version, uuid & metadata are way too generic to pinpoint… modelCache is there but I haven’t found a direct relation with SQLite, References to modelCache seem to have something to do with the SDK (ASSSecurityManager getApdidToken() and friends)
[2017-08-18 06:14:35]
jan2642 :
I guess the android app also has Google’s Firebase built-in ?
[2017-08-18 14:15:24]
hostile :
@aerialeyes --^
[2017-08-18 14:16:01]
hostile :
@jan2642 I need to go back across all the versions and see if <https://dji-rev.slack.com/archives/C6KG1UDRS/p1502993516000332> is just an artifact from older times
[2017-08-18 14:16:29]
hostile :
I also found that JSPatch was most certainly in use in the older 2.x version... I just need decrypted .ipa files
[2017-08-18 16:17:58]
hostile :
btw @jan2642 THIS article IMHO is the root of the controversy around said database... <https://www.suasnews.com/2017/05/global-information-gathering-network-uas-dji-data-collection/>
[2017-08-18 16:52:30]
kilrah :
Need a specific version? Didn't grab all the GO3, that's a mere 76 versions...
[2017-08-18 17:27:23]
hostile :
any of em you want to decrypt... I'll take
[2017-08-18 17:27:54]
hostile :
@kilrah I should get an old iPhone soon... just gotta find a reasonbly priced one
[2017-08-18 17:28:01]
kilrah :
oldest I have here is DJI GO 3.1.10
[2017-08-18 17:28:19]
kilrah :
need to go back the the proxy stuff if I want to grab older
[2017-08-18 17:29:49]
hostile :
cool... decrypt it... I'll take it
[2017-08-18 17:29:50]
hostile :
=]
[2017-08-18 17:38:06]
kilrah :
<https://dji-rev.slack.com/files/kilrah/F6RNTA70X/dji_go_for_phantom_3_inspire1_osmo_and_matrice__dji___v3.1.10_v2790_univ_dy_lp_os80_.rc336_1001.ipa>
[2017-08-18 17:54:10]
hostile :
thx!
[2017-08-18 17:56:08]
kilrah :
dang you're not having much success downloading anything do you? :stuck_out_tongue:
[2017-08-18 17:58:53]
hostile :
lol I think that is a prviate file of yours
[2017-08-18 18:01:25]
kilrah :
try that? <https://slack-files.com/T60D095A7-F6RP6A2H5-5a339f45ee>
[2017-08-18 18:03:49]
hostile :
muuuch better
[2017-08-18 18:28:02]
kilrah :
meh it seems 3 is the sweet spot for the number of releases under the same version number for DJI
[2017-08-18 18:47:49]
kilrah :
<https://slack-files.com/T60D095A7-F6QJZN2D9-f04d49dcc0>
[2017-08-18 18:47:57]
kilrah :
<https://slack-files.com/T60D095A7-F6QM7FGHG-d614f1b99e>
[2017-08-18 18:49:30]
kilrah :
<https://slack-files.com/T60D095A7-F6QK285L3-4c1b2ada20>
[2017-08-18 19:09:35]
hostile :
meh. I can't get torrents for some reason :confused: my network had all that shit closed down long ago
[2017-08-18 19:10:04]
hostile :
I need a bastion host for that shit
[2017-08-19 02:40:38]
fldatatek :
@hostile give me a few to upload and I'll send you a DL link.
[2017-08-19 03:18:34]
hostile :
you rock dude
[2017-08-19 03:20:37]
fldatatek :
:slightly_smiling_face: I try and help any way I can.
[2017-08-21 06:45:33]
kilrah :
2 2.x ipas just above
[2017-08-21 11:38:01]
aerialeyes :
@
[2017-08-21 12:44:02]
dkovar :
@hostile Kevin claims "Using a simple Google search the data mined by DJI from your provided flights (imagery, position and flight logs) and your audio can be accessed without your knowing consent." So, is DJI exposing customer data in a manner that allows Google to index it?
[2017-08-21 12:51:14]
hostile :
Kevin is here... and I've encouraged him to share facts :) cc @aerialeyes
[2017-08-21 13:04:37]
dkovar :
@aerialeyes Using a simple Google search the data mined by DJI from your provided flights (imagery, position and flight logs) and your audio can be accessed without your knowing consent." So, is DJI exposing customer data in a manner that allows Google to index it? Can you demonstrate this? Thanks.
[2017-08-21 13:15:31]
kilrah :
@hostile did you grav the 2 2.x ipas? so I can free some space
[2017-08-21 13:17:26]
hostile :
lemme double check I pretty sure I did
[2017-08-21 13:17:44]
hostile :
yeh
[2017-08-21 13:17:55]
hostile :
they were weird... didn't have many strings in them
[2017-08-21 13:18:17]
kilrah :
strange
[2017-08-22 09:13:53]
aerialeyes :
@dkovar @hostile The Verge used a typo and published without checking with me.
The actual thought is if you created an account with your actual name and address, the dataset that they have, with a Google search of your name, provides everything about YOU. Career (LinkedIn) Personal (FB, whatever) Public records. A portfolio of leverage.
[2017-08-22 09:58:40]
kilrah :
@hostile <https://www.dropbox.com/s/pg4qf0d50txemf6/DJI%20GO%204For%20Spark%20P4%20Series%20Mavic%20and%20Inspire%202%20%5BDJI%5D%20%28v4.1.7%20v2956%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2017-08-22 11:56:24]
dkovar :
@aerialeyes You've made this claim twice, misquoted twice? Ben Popper specifically states:
"SUAS News published a piece back in May of this year that made a number of serious accusations about data gathered by DJI drones. Author Kevin Pomaski starts out writing, “Using a simple Google search the data mined by DJI from your provided flights (imagery, position and flight logs) and your audio can be accessed without your knowing consent.” However, he never follows up with evidence to demonstrate how this data becomes public or can be found through a Google search."
It appears he asked you to support the claim and you were unable to do so.
You wrote it again in sUAS news. Did you misquote yourself somehow?
<https://www.suasnews.com/2017/05/global-information-gathering-network-uas-dji-data-collection/>
Even if misquoted, it is nothing. We give up account information all the time. And, if you're concerned, easy to avoid, which is what the military and cyber people I know do.
You keep claiming not to be sensationalizing. I'd argue that you are.
[2017-08-22 14:11:43]
hostile :
I'd certainly like to see the skills increment, and get you hammering on actual verifiable claims FWIW.
[2017-08-23 18:23:55]
kilrah :
@hostile did you grab the 417 ipa above?
[2017-08-23 18:28:36]
hostile :
missed it... lemme grab now
[2017-08-23 18:28:49]
hostile :
we had an IEP meeting at school today for my son
[2017-08-31 08:25:51]
kilrah :
<https://www.dropbox.com/s/vyyyw5q8v1ac7ak/DJI%20GO%204For%20Spark%20P4%20Series%20Mavic%20and%20Inspire%202%20%5BDJI%5D%20%28v4.1.9%20v2958%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2017-08-31 09:03:56]
giacomo.parmeggiani :
@giacomo.parmeggiani has joined the channel
[2017-08-31 10:05:02]
giacomo.parmeggiani :
Hello and thanks @czokie. Has anybody here tried to self re-sign the ipa? I’ve been looking at the dji.configs section of the code and it seems it perform a check on the aircraft model. It could easily be patched out
[2017-08-31 10:59:16]
kilrah :
resigning with cydia impactor works
[2017-08-31 14:13:03]
hostile :
nice
[2017-08-31 19:35:51]
ryan19 :
@kilrah Thanks
[2017-08-31 20:11:29]
hostile :
I'd love to see you guys patch and resign a binary ... please do!
[2017-09-02 18:26:07]
capo :
@hostile @ryan19
question I'm currently flying offline. iOS app version .3 and spark firmware .300 no issues as of today 9/2 . Never had a warning to upgrade either since I don't fly with internet or cellular . In assuming I'll be good, however , is anyone working on a work around for those that are currently modded to delete the embedded self destruct lock out . I'm assuming it's within the app ? Can you roll back the date ? Or remove the line completely ..
Specifically for iOS people.
Thanks for all the work here you guys are the real deal... It's appreciated!
[2017-09-02 18:29:53]
capo :
I'm new to this Chanel so forgive me if this is answered. Appreciate any direction you can provide me.
[2017-09-04 17:48:52]
guson :
Killrah: in the ipa version linked to dropbox here, what is disabled, tweaked etc? And the one linked from torrent jere, same file?
[2017-09-04 17:51:28]
hostile :
these are not modded...
[2017-09-04 17:51:34]
hostile :
they are decrypted, so that modders can work
[2017-09-04 17:51:53]
hostile :
No IOS modders have stepped up to the plate
[2017-09-04 18:12:32]
jan2642 :
There are close to 700 people in this slack, surely some of them are familiar with iOS development...
[2017-09-04 19:14:24]
mavpac :
I'm gonna ask a friend who is developing iOS Apps.
[2017-09-04 19:14:47]
invernomuto :
hi all!
[2017-09-04 19:41:57]
nemesit :
hi guys
[2017-09-06 18:57:58]
vasek_r :
Just an idea - would'nt be easier to create an ios firewall which blocks the mother ship traffic and lets the goapp load maps only?
[2017-09-07 04:43:49]
kilrah :
if jailbroken that works…
[2017-09-07 05:56:49]
czokie :
<https://dji.retroroms.info/howto/iosmod>
[2017-09-07 05:56:51]
czokie :
Guys.
[2017-09-07 05:56:56]
czokie :
Starting to write a page....
[2017-09-07 05:57:18]
tylkologin :
@vasek_r @kilrah @czokie On devices without jailbreak there is another solution. Setup your own Linux server with VPN, setup some firewall rules that will block access to DJI-related sites. After that you can launch VPN connection on your iDevice and use firewall rules you created. Because you can force that all traffic will go through created VPN tunnel, all traffic generated by DJI Go app will be blocked.
[2017-09-07 06:05:13]
czokie :
Yep - but its time to do more than block shit :slightly_smiling_face:
[2017-09-07 07:22:15]
kilrah :
yup, i proposed that solution a while ago
[2017-09-07 07:22:31]
kilrah :
but that’s a bit harder for your average guy to set up :smile:
[2017-09-07 08:28:32]
tylkologin :
@kilrah do you still have decrypted 4.1.7? dropbox link expired :disappointed:
[2017-09-07 08:29:35]
kilrah :
yeah removed it… let me check if i have it around, i’m on the move
[2017-09-07 08:29:50]
tylkologin :
thx
[2017-09-07 08:38:19]
kilrah :
<https://www.dropbox.com/s/31j24xoyz5s28fh/DJI%20GO%204For%20Spark%20P4%20Series%20Mavic%20and%20Inspire%202%20%5BDJI%5D%20%28v4.1.7%20v2956%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2017-09-07 08:38:31]
kilrah :
still had it on my ipad
[2017-09-07 08:42:34]
czokie :
Have we got the IPA's on a git somewhere? Should we look at that? @hostile???
[2017-09-07 08:53:49]
tylkologin :
@czokie i can put them somewhere (in my github account).
[2017-09-07 08:54:00]
czokie :
Sounds good
[2017-09-07 08:55:21]
tylkologin :
will do it within 30 minutes and update wiki
[2017-09-07 09:59:30]
czokie :
OK....
[2017-09-07 09:59:42]
czokie :
I've had a long day @ work - gonna chill a bit -
[2017-09-07 09:59:54]
czokie :
talk more later when I wake up (more meetings at 10 pm and midnight )
[2017-09-07 11:28:22]
tylkologin :
@czokie almost done. will describe ipa structure later today. have to go because exactly 1 year ago I got married in NYC. so… party time :D:D:D
[2017-09-07 11:50:49]
hostile :
I don't @czokie and yes.. we should!
[2017-09-07 12:33:45]
czokie :
@tylkologin was creating one :slightly_smiling_face:
[2017-09-07 14:30:55]
vasek_r :
Thanks for advice @kilrah @tylkologin @czokie I expect the VPN could run even on Rapsberry at home. One question - the VPN on ios will always go through this server even in case I am outside on mobile LTE network? I agree the "block" option is not elegant one but might work for many who have to add "Airplane mode" on preflight checklist..
[2017-09-07 17:20:52]
tylkologin :
@vasek_r yes. It will work. And of course you.can you RaspPi device.
[2017-09-07 18:59:22]
vasek_r :
Thanks, @tylkologin, found meanwhile my router is able to set the vpn itself. Is there a list of servers/ip addresses that should be blocked while still leaving the maps available?
[2017-09-07 19:38:36]
joker_x3 :
@vasek_r in here are the links which have been patched in 4.1.3 . <https://github.com/Bin4ry/deejayeye-modder/blob/master/patches/4.1.3-1024454/removeOnlinefunction.patch>
[2017-09-07 19:42:39]
hostile :
note... they may and very well do differ for IOS
[2017-09-07 19:46:59]
vasek_r :
thanks, found it, i am using ios 4.0.8 and fw.700 might there be a difference between 4.0.8 and 4.1.3 too?
[2017-09-07 19:47:23]
tylkologin :
@vasek_r I will extract it from my firewall
[2017-09-07 19:47:58]
vasek_r :
@tylkologin Thanks a lot
[2017-09-07 20:16:10]
vasek_r :
have mikrotik too :+1::beers:
[2017-09-08 11:47:37]
tylkologin :
@vasek_r so change disabled=yes to disabled=no
[2017-09-09 07:35:54]
hostile :
which version is $latest for iOS ?
[2017-09-09 07:37:05]
hostile :
Is there something after: DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.1.7 v2956 Univ FW DY LP os90).rc336_1001
[2017-09-09 07:44:09]
hostile :
looks like the ios hot_update has been around for a while.
[2017-09-09 07:44:10]
hostile :
$ grep hot_update DJI*1 -r
Binary file DJI GO (v3.1.11 v2792 Univ DY LP os80).rc336_1001/Payload/DJI GO.app/DJI GO matches
Binary file DJI GO 4For Phantom 4 Series Mavic and Inspire 2 [DJI] (v4.1.0 v2874 Univ FW DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
Binary file DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.0.6 v2855 Univ FW DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
Binary file DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.0.7 v2860 Univ FW DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
Binary file DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.0.8 v2857 Univ FW DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
Binary file DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.1.2 v2901 Univ FW DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
Binary file DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.1.3 v2903 Univ FW DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
Binary file DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.1.4 v2951 Univ FW DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
Binary file DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.1.5 v2952 Univ FW DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
Binary file DJI GO 4For Spark P4 Series Mavic and Inspire 2 [DJI] (v4.1.7 v2956 Univ FW DY LP os90).rc336_1001/Payload/DJI GO 4.app/DJI GO 4 matches
[2017-09-09 07:44:14]
jan2642 :
4.1.9 is latest
[2017-09-09 07:44:24]
hostile :
can you send me that decrypted?
[2017-09-09 07:44:31]
hostile :
going to bed now, would like to eyeball when I wake
[2017-09-09 07:45:48]
jan2642 :
Don't have it but I think it has been posted before. I'll take a look. GN.
[2017-09-09 07:46:58]
jan2642 :
<https://dji-rev.slack.com/archives/C6KG1UDRS/p1504167951000118>
[2017-09-09 07:54:29]
jan2642 :
@hostile Kilrah already posted this a while back, check the previous post. The dropbox link is still valid.
[2017-09-09 10:47:37]
tylkologin :
@hostile you can find all decrypted ipas here <https://dji.retroroms.info/howto/iosmod>
[2017-09-09 10:48:05]
czokie :
@hostile - you should know to go to wiki
[2017-09-09 14:06:05]
hostile :
LOLOLOL
[2017-09-09 14:06:32]
hostile :
thanks mates
[2017-09-09 14:07:01]
hostile :
I knew there was instructions on the technique, just not aware you all archived em all!
[2017-09-09 14:07:04]
hostile :
nice work
[2017-09-13 10:35:01]
tylkologin :
Just for information. Stay away from iTunes 12.7 - you won’t be able to upload IPA file from Mac/PC to iDevice. This option has been removed by Apple forcing you to redownload IPA directly from iDevice. Programs section is no longer available in iTunes and you can’t download IPA directly into your Mac. If you still want to download previous versions of any program stay with iTunes 12.6.
[2017-09-13 10:40:34]
tylkologin :
and wiki updated
[2017-09-13 10:50:23]
kilrah :
indeed, good to know
[2017-09-13 10:50:34]
kilrah :
made a copy of the app before updating on my mac
[2017-09-13 10:51:03]
kilrah :
and will keep my pc on which I work on 12.6
[2017-09-13 10:51:20]
kilrah :
always load ipa's with ifunbox though
[2017-09-14 12:32:50]
jcarlo :
I updated iTunes before I saw this. Anyone has or know where I can download iTunes 12.6?
[2017-09-14 12:55:40]
czokie :
Use iFunbox
[2017-09-14 13:36:23]
kilrah :
<https://support.apple.com/kb/DL1934>
[2017-09-14 13:40:05]
jcarlo :
@kilrah thanks.
[2017-09-14 13:41:32]
jcarlo :
So what is the reason behind this change?
[2017-09-14 13:42:38]
hostile :
lol Iphone X just came out.
[2017-09-14 13:42:47]
hostile :
every new iphone needs new itunes always been like that
[2017-09-14 13:52:45]
kilrah :
they consider it makes no sense dealing with apps on the computer anymore, so they clean up
[2017-09-14 14:08:19]
hostile :
there are some security ramifications for that choice as well
[2017-09-14 14:08:25]
hostile :
prevents fuckery to some extent
[2017-09-14 15:52:07]
jcarlo :
I thought they were trying to go the other route every apple device apps synced
[2017-09-14 15:53:32]
jcarlo :
I may have to switch back to android on my next phone
[2017-09-14 16:11:34]
kilrah :
to be fair, until it was to play with and "backup" the DJI app I hadn't touched the iTunes app panel for about 3 years - just makes no sense at all for "normal" purposes
[2017-09-14 16:11:48]
kilrah :
app thinning etc,...
[2017-09-14 17:16:47]
jcarlo :
Same here. Only installed it to get older versions of dji go 4 app
[2017-09-14 17:22:16]
jcarlo :
I'm not familiar with this. I'll check it out. Thanks
[2017-09-14 17:22:51]
jcarlo :
Sorry I keep clicking the share button.
[2017-09-14 18:14:22]
tylkologin :
But it will be still possible to upload .DJI.configs with new iTunes 12.7. Just connect iDevice, select it and you will find Application Sharing option on the left panel.
[2017-09-14 18:14:42]
tylkologin :
But no IPA redownloading using iTunes.
[2017-09-14 18:28:34]
kilrah :
I saved the installers for 12.6 on win and mac just in case, and not updating my pc I typically use
[2017-09-14 18:28:40]
kilrah :
and the mac has both apps
[2017-09-14 18:30:11]
jcarlo :
@kilrah I need the one for Win. Can you share or point me to a link
[2017-09-14 18:31:31]
jcarlo :
@tylkologin so you can still upload but not download right. I have a pc
[2017-09-14 18:33:06]
tylkologin :
You can only download/upload application data. Not applications
[2017-09-14 18:34:03]
jcarlo :
Ok
[2017-09-14 18:34:16]
kilrah :
I posted the link earlier...
[2017-09-14 18:37:43]
jcarlo :
It's DMG file when I download it
[2017-09-14 18:42:58]
kilrah :
use a PC to go to that link and you'll get the win version
[2017-09-14 18:43:30]
kilrah :
or trick the user agent...
[2017-09-14 18:48:34]
jcarlo :
I'm using PC. But never mind I found another way:grin:
[2017-09-15 05:23:07]
vasek_r :
Could the ifunbox also "extract" the ipa out of the ios device to pc? Thx
[2017-09-18 08:42:32]
kilrah :
<https://www.dropbox.com/s/185t4rhft4pdkr3/DJI%20GO%204%20%5BDJI%5D%20%28v4.1.10%20v2959%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2017-09-18 13:04:24]
hostile :
thanks as always @kilrah!
[2017-09-19 05:25:25]
mavpac :
Can you install the decryptet .ipa posted above with e.g. ifunbox on a jailed phone or do you always need a jailbreaked phone? Or apple dev account to sign it?
[2017-09-19 06:20:22]
mavicbreak :
@mavpac without jailbreak use Cydia Impactor.
[2017-09-19 07:19:13]
pure3d :
if you have a dev account, signing the IPA with those credentials will last 1 year; if you self-sign using a normal apple ID, it'll be good for only 7 days (sucks)
[2017-09-20 15:52:25]
jcarlo :
Anyone updated to iOS 11. I'm wondering if I do the update will I have problems syncing my iPhones be to my iTunes 12.6.2
[2017-09-20 15:54:09]
hostile :
I JUST updated
[2017-09-20 15:56:13]
jcarlo :
Thanks
[2017-09-20 16:39:24]
kilrah :
me too on my ipad pro
[2017-09-20 16:40:12]
kilrah :
seems to work normally on 12.6.2
[2017-09-20 18:57:19]
cs2000 :
I’ve been in ios11 since the beta stage. Never had any issues with the Go apps or indeed sticking with the older iTunes versions. AFAIK, there’s never been a forced upgrade to iTunes, could be wrong though
[2017-09-21 10:13:31]
giacomo.parmeggiani :
Which tool would you use to sign the ipa with a dev certificate? Still Cydia impactor?
[2017-09-21 11:30:14]
kilrah :
4.1.11 ios is out…
[2017-09-21 12:12:41]
cs2000 :
Whyyyyyyy, they update that bloody app once a week lately!
[2017-09-21 12:40:19]
bin4ry :
Too many bugs maybe? :joy:
[2017-09-21 12:47:41]
kilrah :
more like twice in 2 days
[2017-09-21 12:47:47]
kilrah :
and yep most likely that :stuck_out_tongue:
[2017-09-21 12:47:53]
kilrah :
no new release notes...
[2017-09-21 12:49:14]
kilrah :
<https://www.dropbox.com/s/oaikl9uynm6waw7/DJI%20GO%204%20%5BDJI%5D%20%28v4.1.11%20v2961%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2017-09-21 13:19:11]
cs2000 :
Torrent file now available & is listed on the Wiki :slightly_smiling_face:
<http://dji.polybotes.feralhosting.com/GO4/IPK/DJI%20GO%204%20%5bDJI%5d%20(v4.1.11%20v2961%20Univ%20FW%20DY%20LP%20os90).rc336_1001.ipa.torrent>
[2017-09-22 10:55:47]
cs2000 :
Right, ive done some testing now regarding Quickshots on the Mavic pro using the latest 4.1.11 iOS app, with Mavic firmware 1.03.0700 flashed by DUMLdore.
[2017-09-22 10:56:23]
cs2000 :
I could be barking up the wrong tree/looking in the wrong place, but it does NOT work, or even is not available. This is using an iPhone 7.
[2017-09-22 10:59:57]
cs2000 :
What i can confirm IS working, is that this phone was factory restored yesterday, the latest Go4 app was installed which was 4.1.10 at the time and the .DJI-configs file put onto this fresh app. The FCC mode is enabled (at least judging by the distance i got today compared to previous runs with it enabled).
[2017-09-22 11:06:14]
cs2000 :
Next task is to charge up 2 batteries (i only had one charged) upgrade to the latest and greatest (lol) firmware, thereby removing all of my mods (sport+, NFZ dissable etc) and see if the modes then become available.
[2017-09-22 11:09:13]
carlcox89 :
@cs2000 on Android I can at least see the quickshot option , enable it and then draw the square for targeting..but then I can't see the dronie/helix/rocket options on the bottom like I saw on the videos demonstrating the feature
[2017-09-22 11:11:57]
cs2000 :
Weird. I need someone else to test it really to verify my findings, im charging the other batteries now, so in a hour or two i should have some more answers.
We know the apps do behave differently though, perhaps on Android thjey just show it regardless because in official DJI land, theres no way you'd be using a FW that old. but on iOS for whatever reason they check the FW version....
[2017-09-22 11:34:58]
carlcox89 :
And whatever height the aircraft is, the app always days subject too close.. may be the options only show it at correct height ..but tried like 10 times at different heights and no luck
[2017-09-22 12:51:59]
hostile :
we really need to try patching the iOS app and using the binary patched version
[2017-09-22 12:53:08]
cs2000 :
OK Dokey, Flight just done with AC upgraded to 1.04.0000 and the same app version (4.1.11) confirmed the flight modes are there. Now im going to downgrade back to .700 AC FW and fully expect them to be gone again. Looks l;ike they're definitely looking at the AC FW version and just removing the option if its not the right version
[2017-09-22 12:55:42]
baldo81 :
With fw .700 what do you suggest, stay with DJI go 4.1.5 or update to 4.1.11 and keep the FCC mod?
[2017-09-22 12:57:09]
cs2000 :
Its personal choice, i personally like .700 as its nice and stable and also because it lets me dissable the NFZ's. I have used the FCC mod on all the last 4-5 versions of the iOS app and it works just fine on them all.
[2017-09-22 13:01:07]
cs2000 :
@hostile From what understand (not following too closely due to not having an android device capable of running Go4), @bin4ry's patched Go4 versions allow the option for Quickshots to appear in the lower SW versions of the app, the option ALWAYS appears on 4.1.10 or 4.1.11 regardless of the FW version on the AC on android, but unless you're on the right FW version on the AC, you cant use them properly, i believe @carlcox89 has been testing that in the ~android_apk_patching channel.
[2017-09-22 13:02:26]
cs2000 :
Conversely, the iOS app appears to be doing a check on the FW of the AC and not showing the option if you're not on the right FW.
It looks to me that the quick shots is actually therefore both Go4 and AC FW dependant, and you'd need both patched for it to function on either a lower AC FW or a lower Go4 version
[2017-09-22 13:06:06]
baldo81 :
Yes, I’m not moving from .700 for the same reasons, I was just taking in consideration to update or not the DJI app, but I want to maintain the fcc mod
[2017-09-22 13:06:39]
cs2000 :
Its fine, as per my earlier message <https://dji-rev.slack.com/archives/C6KG1UDRS/p1506077997000292>
[2017-09-22 13:18:31]
carlcox89 :
@cs2000 on 0700 could you please confirm that you have all the options on the camera settings menu?
[2017-09-22 13:18:54]
carlcox89 :
0700 and 4.1.10/.11 iOS
[2017-09-22 13:36:12]
cs2000 :
@carlcox89 Which options? Just charging batteries now, im flashed back to .700. Send me a screenshot if youd like
[2017-09-22 13:41:18]
bin4ry :
fwiw: the patched apk kills the fwupgradeservice, so i cannot read the firmware version at all :wink:
[2017-09-22 13:43:50]
cs2000 :
Lol fair play, i was just guessing/trying to figure out why we would see 2 different behaviours
[2017-09-22 14:25:08]
bin4ry :
One would need to test if this is only with my mod or general on android
[2017-09-22 14:36:41]
cs2000 :
@bin4ry perhaps ask in the android channel, i would test but i dont have an android device that can run Go4, too heavy duty for my 2013 nexus 7!
[2017-09-22 14:39:49]
cs2000 :
Also, just got a battery charged after downgrading to .700 on the AC and RC and can confirm that quickshots disappear from the intelligent flight modes option, thereby confirming my original statement. At least in iOS, you must be on the FW 01.04.0000 to get quickshots to even appear.
[2017-09-22 14:43:36]
bin4ry :
Yeah that would make sense. My opinion is that you need the FW implementation for sure!
[2017-09-22 14:50:49]
cs2000 :
yeah agreed, posted in the android channel to verify, but at least me answering the iOS side should quieten down half the chat, im assuming its going to be exactly the same for android, just interesting to know if the options even appear.
[2017-09-22 14:52:44]
hostile :
who will be the first man to binary patch IOS app?
[2017-09-22 14:52:58]
hostile :
or use ~frida !?
[2017-09-22 14:53:29]
hostile :
<https://dji-rev.slack.com/archives/C6AUDEBND/p1500569155194603>
[2017-09-22 14:53:43]
cs2000 :
sadly not me, i tried to see what it would take, but so far looks above my head. Im veeeeeeery surprised we dont have one iOS dev in here, there must be over 700 people in this slack!
[2017-09-22 15:01:05]
carlcox89 :
@cs2000 I'm running go4 on my Nexus 7 2013 fine :+1:
[2017-09-22 15:01:53]
carlcox89 :
@cs2000 picture options , like photo bracketing , jpg+raw output....I can only see 3 options
[2017-09-22 15:04:16]
cs2000 :
Really, mine absolutly hated it, il try again, maybe i can answer my own questions in ~android_apk_patching
[2017-09-22 15:04:27]
cs2000 :
let me whack in a battery and il grab you a few screenshots
[2017-09-22 15:05:51]
carlcox89 :
Yes.. I bought it used after reading it would work fine and indeed it works. I had a Samsung tab S octacore and 3gb ram , loaded dji go and it lagged , bought the Nexus 7 2gm ram quadcore and it works flawlessly , almost as good as my S7 edge
[2017-09-22 19:54:03]
kilrah :
@cs2000 did you try .1000?
[2017-09-22 20:21:26]
carlcox89 :
I think he did
[2017-09-22 20:46:05]
cs2000 :
Sorry @kilrah I didn’t, only .0000, is it likely to make any difference?
Let me know if you’re talking about 1000 or the 1000b that we have and il try it when I can do. I thought quickshot was intro’d on the mavic with .0000
[2017-09-22 20:46:35]
cs2000 :
Likely be tomorrow at some stage, is too late for me to be bothered at this time :sweat_smile:
[2017-09-22 20:47:19]
kilrah :
thing is you say “you must be on the FW 01.04.0000 to get quickshots to even appear”, but some people said they worked on 1000
[2017-09-22 20:48:11]
kilrah :
and the whole issue of the last few days is people saying things without testing which is why we still don’t know exactly which versions support them :wink:
[2017-09-23 09:46:31]
cs2000 :
Ok, fair point, lol il give it a shot now. Give me a bit of time
[2017-09-23 10:12:16]
cs2000 :
@kilrah - OK, tested and confirmed that quickshots are enabled and do function on FW 1.03.1000, aswell as 1.04.0000. they are not available on 1.03.0900 however. This is on iOS 11 using the latest Go4 app :slightly_smiling_face: so now we know definitely !
[2017-09-23 10:14:37]
kilrah :
Great, thanks!
[2017-09-23 10:15:01]
cs2000 :
No probs, mystery solved anyway for now :wink:
[2017-09-23 10:15:10]
cs2000 :
flashing back to trusty old .700 now haha
[2017-09-23 10:17:45]
kilrah :
:stuck_out_tongue:
[2017-09-23 10:56:41]
czokie :
There were firmware pages created in the wiki where it is designed for people to document this kind of stuff - @cs2000 or @kilrah - feel free to tweak away :slightly_smiling_face:
[2017-09-23 10:57:20]
czokie :
<http://dji.retroroms.info/faq/version/start>
[2017-09-23 11:16:12]
cs2000 :
Thanks mate, editing it now.
[2017-09-23 11:16:57]
czokie :
Thanks - I have limited slow access @ the moment - so updates from me will be scarce for a bit :slightly_smiling_face:
[2017-09-23 11:17:10]
czokie :
but loving time off work and visiting family
[2017-09-23 11:25:28]
cs2000 :
Glad youre having fun :slightly_smiling_face: Wiki is edited, added firmware V01.03.1000 and V01.04.0000 details, along with a note under the .900 FW saying:
NB: Despite what the firmware release notes actually say, this is the minimum firmware version that will enable you to use the new Quickshots function when using android or iOS app version 4.1.10 or greater.
[2017-09-23 11:29:01]
carlcox89 :
:disappointed: now if only i could have NFZ and Height limit disabled on .1000
[2017-09-23 11:33:11]
cs2000 :
Yeah, i want quickshots because who doesnt want more features, but no way in hell am i giving up the freedoms that .700 offers
[2017-09-23 11:33:48]
cs2000 :
@czokie i dont know if its the right place, but ive added a few notes on some FW versions detailing the config options that were removes/restricted from those versions
[2017-09-23 11:39:22]
carlcox89 :
@cs2000 since you're at 0700 too, did you ever changed & tested g_config_landing_auto_landing_vel_L1 and L2 ?
[2017-09-23 12:25:28]
cs2000 :
@carlcox89 no i havnt tried those. Last time io heard them mentioned was literally months back when nobody was quite sure of what tweaking nthem actually did, reports of it doing certain things were unverified etc
[2017-09-23 12:32:31]
carlcox89 :
quad808 is doing some tests and i'll also run them too
[2017-09-23 12:33:34]
carlcox89 :
do you happen to know if forced auto-land occurs always at 10% ?
[2017-09-23 12:44:14]
cs2000 :
Ermmm, it depends on what you mean.
[2017-09-23 12:45:17]
cs2000 :
When the AC complains that there’s only enough battery to come home, if you cancel it you only have a small amount of time before it will ignore you and land, that time mostly depends on the height you’re flying as it will land in the spot it’s currently at, so this won’t be 10%
[2017-09-23 12:46:37]
cs2000 :
If, when it’s landing, landing protection halts the landing it will hover just above the landing spot until (I think) 8% when you then get a series of very rapid beeps and it lands in the exact spot regardless or what’s below it, at quite a pace too
[2017-09-23 12:47:03]
carlcox89 :
There are two settings at DJI Go, the Low batt warning % and the critical low batt warning %
[2017-09-23 12:47:10]
cs2000 :
That’s the AC’s last ditch attempt to avoid a crash. At that stage you have absolutely 0 control over it
[2017-09-23 12:47:18]
carlcox89 :
these only define visual warnings, and don't force anything, correct ?
[2017-09-23 12:47:24]
cs2000 :
Yes
[2017-09-23 12:47:54]
carlcox89 :
the first low batt warning prompts pilot if he wants to RTH, if one cancels it, normal flight continues
[2017-09-23 12:48:10]
cs2000 :
The low battery auto lands and RTH features are all intelligent and cannot be controlled by the app. Those are just visual.
[2017-09-23 12:48:20]
carlcox89 :
until it reaches critical low battery, that still only displays visual warnings
[2017-09-23 12:48:26]
cs2000 :
Yep
[2017-09-23 12:48:49]
carlcox89 :
but then if AC determines that based on distance/height the remaining battery is only good for landing, it will land, that is it, right ?
[2017-09-23 12:50:35]
cs2000 :
However, by the time you’re getting the critical landing, RTH would have already kicked in anyway unless you’re hovering very close to the home point.
And yes. That’s right. If when you see the prompt that the remaining battery is only enough for RTH, and you cancel it, shortly afterwards a forced landing will occur. You do still have control of the AC, you just can’t climb in altitude. The last stage when the craft is on 8% takes away all control ability and lands rapidly
[2017-09-23 12:51:22]
cs2000 :
Regardless of the suitability of the terrain for landing. The AC has a choice of land, or smash to the ground at this stage lol
[2017-09-23 12:52:33]
carlcox89 :
too bad this isn't well documented in the manual
[2017-09-23 12:53:52]
carlcox89 :
in the manual it says: "when the critical low batt level warning is triggered and the aircraft begins to land automatically, push the left stick upward to make the aircraft hover at is current altitude, giving you an opportunity to navigate to a more appropriate landing location"
[2017-09-23 12:54:06]
carlcox89 :
but from what you tell, this isn't true
[2017-09-23 12:56:51]
carlcox89 :
there's a setting "Smart return-to-home" that checks if remaining battery is only good for safe return home
[2017-09-23 12:57:26]
carlcox89 :
if I disable that, it will let me continue flying until it reaches the point of 'forced landing' , right ?
[2017-09-23 12:58:31]
cs2000 :
Yep, I’ve done several height tests in the past, when the auto land kicks in, the craft comes down, I can control it’s direction but not it’s height.
Hmmmmm. Potentially. I’ve never disabled it...
[2017-09-23 13:00:16]
carlcox89 :
ok so with that disabled it wont RTH by itself, but forced auto-land still kicks in , and if you push left stick up (like the manual says) it wont let you 'hover' ?
[2017-09-23 13:03:26]
carlcox89 :
it's too confusing... DJI fucked with this too
[2017-09-23 13:04:34]
carlcox89 :
wouldn't it be easier if they had two % values:
Low batt warning %: Prompt RTH or Ignore (continue flying)
Critical low batt warning %: Land in place or Ignore (at your own risk)
[2017-09-23 13:05:42]
cs2000 :
No from what I remember, I think I could slow the decent speed a tiny bit, but definitely couldn’t hover.
Yeah it would do lol
[2017-09-23 13:06:50]
carlcox89 :
allowing user to set a % for warning but then using internal AC parameters to force-land... wtf they were thinking.
[2017-09-23 15:54:46]
kilrah :
It is, the forced land with no control is a step further you should never hit (and I never have even when trying).
[2017-09-23 15:55:06]
kilrah :
BUT that has also changed with firmware versions, and the doc hasn't been updated as often.
[2017-09-23 16:20:56]
carlcox89 :
Im going to the field right now and do some tests
[2017-09-23 16:21:06]
carlcox89 :
I need to be sure when exactly it occurs
[2017-09-26 01:14:20]
czokie :
<http://www.moneycontrol.com/news/business/companies/wechat-confirms-that-it-makes-all-private-user-data-available-to-the-chinese-government-2391847.html>
[2017-09-26 01:14:20]
czokie :
OK. Time to play. I was looking at the article posted by opcode in ~general ...
[2017-09-26 01:14:41]
czokie :
It got me to thinking about "What is chattering away in the latest DJI go app"
[2017-09-26 01:14:48]
hostile :
nailed it!
[2017-09-26 01:15:16]
czokie :
I spun up charles, and found out that DJI is doing certificate pinning.... meaning, we cannot use charles root ca installed on mobile device any more to peer inside traffic.
[2017-09-26 01:15:24]
czokie :
which kinda sux.
[2017-09-26 01:15:56]
czokie :
And of course @hostile immediately pointed me to frida again :slightly_smiling_face:
[2017-09-26 01:16:10]
hostile :
this also confirmed they failed to do certificate pinning after I warned them in previous version of GO years ago :wink:
[2017-09-26 01:16:46]
czokie :
So.... lets start with the basics - and see if anyone wants to pull up their skirt and play
[2017-09-26 01:17:24]
czokie :
My environment = IOS 10.3.2 on an iPhone 6 Plus
[2017-09-26 01:17:36]
czokie :
Macbook pro
[2017-09-26 01:17:54]
czokie :
I'm gonna get started and share here - love others to play along and/or guide / help
[2017-09-26 01:19:02]
czokie :
And one other thing - GO is still talking to qq - we know that... and we know its owned by tencent who of course own wechat - which is still a concern in my books
[2017-09-26 01:20:00]
czokie :
Hostile's pointer - <https://www.frida.re/docs/ios/#without-jailbreak>
[2017-09-26 01:31:53]
czokie :
<https://dji.retroroms.info/howto/iosfrida>
[2017-09-26 01:31:57]
czokie :
The beginnings...
[2017-09-26 01:40:25]
czokie :
distracted - back in a bit - someone here :slightly_smiling_face:
[2017-09-26 02:07:40]
czokie :
Downloading IPA - very slow here .....
[2017-09-26 02:34:57]
czokie :
Found this while exploring - <https://github.com/dpnishant/appmon>
[2017-09-26 03:07:28]
hostile :
nice
[2017-09-26 03:08:48]
czokie :
The nice thing about that - is it works with multiple platforms
[2017-09-26 03:09:08]
czokie :
Imagine a single app tweaker that worked across android, ios, etc :slightly_smiling_face:
[2017-09-26 03:09:15]
czokie :
(Yes, I am dreaming a bit)
[2017-09-26 03:09:28]
hostile :
IFDEF statements are a wonderful thing
[2017-09-26 03:39:05]
czokie :
Downloading the dylib - damm this is slow internet when you're not in your own country.
[2017-09-26 03:41:24]
czokie :
20 mins to download a 16 meg file
[2017-09-26 04:08:43]
czokie :
OK. Got to the point where dylib is inside an IPA file ready to try to work out impactor now
[2017-09-26 04:09:07]
hostile :
yeahhh buddy
[2017-09-26 04:09:17]
hostile :
with MY version of IOS.. I HAD to have a legit dev account
[2017-09-26 04:09:29]
hostile :
I was NOT able to get current impactor to install it kept giving me fucked up errors
[2017-09-26 04:13:21]
czokie :
Huh?
[2017-09-26 04:14:24]
czokie :
Ah. Maybe because I have 2FA turned on
[2017-09-26 04:15:08]
czokie :
Nope - There is actually something there for app specific passwords....
[2017-09-26 04:17:43]
czokie :
Ouch
[2017-09-26 04:20:04]
czokie :
Never mind - that was my stupidity - now next error
[2017-09-26 04:20:21]
czokie :
And hopefully thats just "uninstall the current app"
[2017-09-26 04:22:28]
czokie :
But lunch time first - back l8r
[2017-09-26 04:26:13]
hostile :
wtf that is a new error
[2017-09-26 04:26:15]
hostile :
not seen that one
[2017-09-26 04:26:26]
hostile :
maybe need to uninistall some previous impacting>
[2017-09-26 04:50:56]
czokie :
Uninstall the old app :slightly_smiling_face:
[2017-09-26 04:51:00]
czokie :
But its working
[2017-09-26 04:52:10]
czokie :
Bugger
[2017-09-26 04:56:10]
czokie :
Aparantly - that is normal :slightly_smiling_face:
[2017-09-26 04:57:40]
hostile :
oh yeah I got that one too
[2017-09-26 04:57:43]
hostile :
and it was a non issue
[2017-09-26 04:57:50]
hostile :
the app was already installed at that point
[2017-09-26 05:05:54]
czokie :
OK
[2017-09-26 05:06:04]
czokie :
So - just enabled developer trust - and got past that point
[2017-09-26 05:06:17]
czokie :
but the app does the splash screen and nothing more - dies in the ass...
[2017-09-26 05:17:27]
czokie :
And now looking for frida-ps .... its not installed with the pip install for frida :disappointed:
[2017-09-26 05:31:53]
czokie :
so - installed that stuff from <https://build.frida.re/frida/macos/bin/> which is fine....
[2017-09-26 05:32:39]
czokie :
Trying to find out if the app was dying in the ass because of missing something on the OSX end from a frida perspective.... so ran frida-ps and got...
[2017-09-26 05:32:53]
czokie :
python frida-ps.dms -U
Failed to enumerate processes: unable to connect to remote frida-server: Unable to connect (connection refused)
[2017-09-26 05:33:05]
czokie :
but without the -U .... works fine locally....
[2017-09-26 05:33:19]
czokie :
I have NFI about IOS debugging :slightly_smiling_face:
[2017-09-26 05:38:40]
hostile :
you are the only one to man up and blaze a trail thus far
[2017-09-26 05:38:54]
hostile :
others will hopefully follow closely behind
[2017-09-26 05:39:02]
hostile :
I’ll be running down your path when I can.
[2017-09-26 05:39:07]
czokie :
*looks around expectantly*
[2017-09-26 05:39:09]
hostile :
still lots of loose ends for me!
[2017-09-26 06:10:19]
czokie :
<https://dji.retroroms.info/howto/iosfrida>
[2017-09-26 06:10:31]
czokie :
Thats the current status for anyone who wants to tag along
[2017-09-26 06:21:19]
czokie :
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Description: DYLD, Library not loaded: Payload/DJI GO 4.app/FridaGadget.dylib | Referenced from: /var/containers/Bundle/Application/41F52A62-84C7-49A6-9AFE-A6D4FC93C9DA/DJI GO 4.app/DJI GO 4 | Reason: image not found
Triggered by Thread: 0
[2017-09-26 06:21:33]
czokie :
Think its the path Payload etc... thats causing it.
[2017-09-26 07:42:32]
czokie :
Got rid of that error
[2017-09-26 07:42:39]
czokie :
but found another one :disappointed:
[2017-09-26 07:43:24]
czokie :
Exception Type: EXC_CRASH (SIGKILL - CODESIGNING)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace SPRINGBOARD, Code 0x8badf00d
Triggered by Thread: 0
[2017-09-26 07:43:45]
czokie :
Basically - springboard is killing it - because I am guessing it thinks it is dead.... but not sure why
[2017-09-26 09:30:14]
czokie :
OK. More data - and I am at a dead end
[2017-09-26 09:30:16]
czokie :
Sep 26 17:24:13 Czokie-iPhone amfid(libmis.dylib)[10269] <Error>: unrecognized status -67068 from codesigning library
Sep 26 17:24:13 Czokie-iPhone amfid(libmis.dylib)[10269] <Notice>: Could not copy code signature (error 0xe8008001).
Sep 26 17:24:13 Czokie-iPhone amfid[10269] <Notice>: /private/var/mobile/Containers/Data/Application/<UUID>/tmp/frida-KgDTsi.dylib not valid: 0xe8008001: An unknown error has occurred.
Sep 26 17:24:13 Czokie-iPhone kernel(AppleMobileFileIntegrity)[0] <Notice>: AMFI: code signature validation failed.
[2017-09-26 09:31:01]
czokie :
I'd love input at this point - I know its signing related, but I thought that was all handled by impactor?
[2017-09-26 09:51:21]
czokie :
UPDATE: Its 100% related to the frida tweak - I installed the IPA using Impactor without doing any mods or changes - and it works. Its only when I am doing the addition of the dylib that it fails - so somewhere in there....
[2017-09-26 13:17:58]
hostile :
yeah I was going to say “CODESIGNING” problem in the first message
[2017-09-26 13:18:11]
hostile :
we need to figure how to get that dylib signed I guess?
[2017-09-26 15:14:02]
umbr4 :
I am trying <https://github.com/nowsecure/node-applesign>, one needs to use it on an ipa, so if you have just a .app directory you need to move it into Payload zip it up and rename it
[2017-09-26 15:14:20]
umbr4 :
I'll let you know if it works if no one beats me to it :slightly_smiling_face:
[2017-09-26 17:26:23]
umbr4 :
@czokie node-applesign will sign the injected library for you
[2017-09-26 17:29:46]
umbr4 :
I guess the nowsecure people wrote the tool as they had the same need :slightly_smiling_face:
[2017-09-26 17:33:58]
umbr4 :
it will also just insert the dynlib for you with -I so I would probably rebase the instructions on that tool alone
[2017-09-26 17:35:36]
umbr4 :
also just run npm install as there are more dependencies than are listed in the README.
[2017-09-26 17:39:17]
kilrah :
`0x8badf00d` really? :joy:
[2017-09-26 20:48:51]
umbr4 :
OMG <https://github.com/sensepost/objection>
[2017-09-26 22:32:10]
czokie :
I thought the whole point of impactor is that it is meant to sign shit - which is why I didnt look at other stuff before
[2017-09-26 23:14:08]
czokie :
Objection was the one thing that was at the top of my list today... I avoided it yesterday, because it wanted pip3 ... and pip3 was failing for me on osx... some weird ssl shit... now trying to get that sorted....
[2017-09-26 23:14:59]
czokie :
@hostile - as an osx user - do you have pip and pip3 both installed via homebrew? Wouldnt mind getting you to do a test?
[2017-09-26 23:36:21]
czokie :
error: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)>
[2017-09-26 23:37:11]
czokie :
pip3 errors installing multiple components .... and I have no more hair to pull out
[2017-09-27 02:04:46]
hostile :
yeah I have both installed as I have code that uses both Python2 and Python3 depending on what I am working on
[2017-09-27 02:04:55]
hostile :
some boxes I keep it pure to only what I am working on
[2017-09-27 02:05:06]
hostile :
check that pip and pip2 and pip3 are not symlinks…
[2017-09-27 02:05:11]
czokie :
I gave up - I downloaded the egg file - and installed that way.
[2017-09-27 02:05:36]
czokie :
Its not a problem with pip3 - it was a problem with a setup component that was trying to use some osx braindead ssl shit
[2017-09-27 02:10:21]
czokie :
And now objection installed first go - where it was complaining about frida before.
[2017-09-27 02:10:42]
czokie :
Sigh. Now to go and look at how it instruments the IPA file - see if it works better than how I was doing it
[2017-09-27 06:33:49]
czokie :
Woo hoo. Got frida running on DJI GO.
[2017-09-27 06:34:23]
hostile :
YESSSSS!
[2017-09-27 06:34:33]
czokie :
It was a ****ing nightmare tho
[2017-09-27 06:34:43]
czokie :
Undocumented shit
[2017-09-27 06:35:04]
czokie :
Now just gotta work out how to use it :slightly_smiling_face:
[2017-09-27 06:38:26]
czokie :
Mission 1 - Disable pinning :slightly_smiling_face:
[2017-09-27 06:40:00]
czokie :
Connecting to remote debug server
-------------------------
(lldb) command source -s 0 '/tmp/AB67FF81-D092-4C5D-ACFB-EB9C99F9D246/fruitstrap-lldb-prep-cmds-8214a27c8b208f5db68467f187b89b15bffd20fe'
Executing commands in '/tmp/AB67FF81-D092-4C5D-ACFB-EB9C99F9D246/fruitstrap-lldb-prep-cmds-8214a27c8b208f5db68467f187b89b15bffd20fe'.
(lldb) platform select remote-ios --sysroot '/Users/gregk/Library/Developer/Xcode/iOS DeviceSupport/10.3.2 (14F89)/Symbols'
Platform: remote-ios
[2017-09-27 06:41:12]
czokie :
2017-09-27 14:40:33.858862+0800 DJI GO 4[11762:3323650] [Firebase/Analytics][I-ACS005000] The AdSupport Framework is not currently linked. Some features will not function properly. Learn more at <http://goo.gl/9vSsPb>
[2017-09-27 06:41:26]
czokie :
Just on starting objection - a bunch of errors including this .....
[2017-09-27 07:12:35]
czokie :
Mission accomplished. SSL pinning bypass for DJI GO functioning as expected.
[2017-09-27 07:15:31]
hostile :
well played @czokie
[2017-09-27 07:15:38]
hostile :
good job powering through like a man !
[2017-09-27 07:15:48]
czokie :
Hey - still learning
[2017-09-27 07:16:02]
czokie :
Now just gotta work out how to relaunch the app without re deploying
[2017-09-27 07:16:05]
czokie :
:slightly_smiling_face:
[2017-09-27 07:34:43]
czokie :
Done that - now listing the classes available in this thing. And its scary. Now I know what @bin4ry has against bloatware. This is insane
[2017-09-27 07:35:30]
hostile :
paste em as snippets!
[2017-09-27 07:35:45]
czokie :
I mean REAL massive
[2017-09-27 07:37:13]
czokie :
That enuf for you?
[2017-09-27 07:37:14]
hostile :
whoots
[2017-09-27 07:37:31]
czokie :
Let alone looking at the methods in each of those classes
[2017-09-27 07:39:28]
czokie :
I noticed some stuff on Flurry - about them being a payment provider? And I saw some payment methods? I gather they're the payment provider.... But why put this in DJI GO - there is a seperate DJI store app
[2017-09-27 07:42:11]
czokie :
23328 classes....
[2017-09-27 07:43:37]
czokie :
OK - Wife wants me - Play later. Next mission - Execute debug over wifi instead of USB so I can connect usb to RC.... Otherwise a pain in the ass.
[2017-09-27 14:19:53]
czokie :
OK. Back home now
[2017-09-27 14:20:06]
czokie :
That was a "short shopping trip" for my wife :slightly_smiling_face:
[2017-09-28 00:18:20]
czokie :
Morning world
[2017-09-28 00:19:39]
czokie :
My morning today i hope will be some frida magic - Iterating over the class list, getting the methods for each class, and then querying the parameters for each method, putting the output in some wiki pages... Thats the plan
[2017-09-28 00:21:14]
czokie :
Obstacles: 1. Too many classes - Need a way to know which ones are generally available with any IOS app, and 2. A bit of syntax - When querying the parameters ... there is a + or - that is specified - Dont know what that is meant to be yet
[2017-09-28 00:30:27]
czokie :
Git knows all - will try to match against known IOS classes here <https://github.com/JaviSoto/iOS10-Runtime-Headers> and ignore those....
[2017-09-28 01:03:22]
czokie :
OK. Script in progress...
[2017-09-28 01:03:32]
hostile :
beast mode
[2017-09-28 01:03:36]
czokie :
Now iterating over all of the classes in the IOS app
[2017-09-28 01:03:53]
czokie :
and the script is auto generating the output in wiki markup :slightly_smiling_face:
[2017-09-28 01:04:36]
czokie :
and auto excluding known apple classes
[2017-09-28 01:08:41]
czokie :
Damm - my list of classes was not complete... Oh well - let it run anyway
[2017-09-28 01:09:32]
czokie :
But I broke frida... :slightly_smiling_face:
[2017-09-28 01:09:33]
czokie :
===== AVContentKeySessionInternal =====
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.6/bin/objection", line 11, in <module>
load_entry_point('objection==1.1.7', 'console_scripts', 'objection')()
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/click/core.py", line 722, in __call__
return self.main(*args, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/click/core.py", line 697, in main
rv = self.invoke(ctx)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/click/core.py", line 895, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/click/core.py", line 535, in invoke
return callback(*args, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/objection/console/cli.py", line 122, in run
Repl().run_command(command)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/objection/console/repl.py", line 199, in run_command
exec_method(arguments)
File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/objection/commands/ios/hooking.py", line 192, in show_ios_class_methods
for method in response.data:
TypeError: 'NoneType' object is not iterable
[2017-09-28 01:15:56]
hostile :
TypeError: ‘NoneType’ object is not iterable
[2017-09-28 01:16:02]
hostile :
you need to check for null objects
[2017-09-28 01:16:03]
czokie :
I know
[2017-09-28 01:16:05]
hostile :
and not try to print them
[2017-09-28 01:16:48]
czokie :
I was just laughing at the objection code trying to iterate over a class with no methods
[2017-09-28 01:18:03]
czokie :
My iphone and laptop are both heating up as this iterates :slightly_smiling_face:
[2017-09-28 01:58:32]
czokie :
Taking too long
[2017-09-28 01:58:40]
czokie :
Gonna get some more library headers from git and restart
[2017-09-28 01:59:08]
czokie :
<https://github.com/nst/iOS-Runtime-Headers> has some more :slightly_smiling_face:
[2017-09-28 01:59:50]
czokie :
Need to filter that shit out
[2017-09-28 02:00:41]
czokie :
Trying to decide if I make one file with all content, or a class index with one page per class....
[2017-09-28 02:10:50]
czokie :
Decided to do that - one page per class - one master index. The master index will contain all classes found, and only provide links to the classes that were not "standard" ones ...
[2017-09-28 04:35:29]
czokie :
36% complete
[2017-09-28 04:35:49]
czokie :
still in the middle of the DJI specific classes
[2017-09-28 04:39:47]
czokie :
Sneak preview
[2017-09-28 04:39:48]
czokie :
<http://dji.retroroms.info/documentation/djigo4classes/start2>
[2017-09-28 04:53:02]
hostile :
nice fucking work dude
[2017-09-28 04:56:42]
czokie :
But its so slow
[2017-09-28 04:56:49]
czokie :
<https://img.memecdn.com/watching-paint-dry_o_478690.gif>
[2017-09-28 05:53:38]
czokie :
67%
[2017-09-28 05:56:39]
czokie :
70.... skipping standard stuff now
[2017-09-28 06:04:53]
hostile :
lord
[2017-09-28 06:05:08]
hostile :
so we just got DJI their full repost on pwnage and they responsded
[2017-09-28 06:05:11]
hostile :
and now we wait
[2017-09-28 06:05:38]
czokie :
Repost?
[2017-09-28 06:06:10]
czokie :
Or report?
[2017-09-28 06:10:00]
hostile :
report
[2017-09-28 06:10:20]
czokie :
So - you sent them the report - and they said...?
[2017-09-28 06:10:25]
czokie :
2 weeks? :slightly_smiling_face:
[2017-09-28 06:10:27]
hostile :
LOL
[2017-09-28 06:10:37]
hostile :
no they’ve been working on it all day based on scraps
[2017-09-28 06:10:46]
hostile :
several bits of the issue been fixed
[2017-09-28 06:10:51]
hostile :
and I’m going to bed
[2017-09-28 06:11:01]
hostile :
will see what I wake up to cuz it is like noon in china
[2017-09-28 06:11:07]
hostile :
so they have time to work all day on it
[2017-09-28 06:11:21]
czokie :
Any hint before you sleep on their "tone"?
[2017-09-28 06:11:26]
hostile :
I waited till midnight to send
[2017-09-28 06:11:37]
hostile :
they are freaked out and willing to work with us
[2017-09-28 06:11:46]
hostile :
eggshells on both ends as we learn to dance
[2017-09-28 06:11:59]
hostile :
WOWOWOWOWOW
[2017-09-28 06:12:06]
hostile :
HOLY SHIT HOLY SHIT HOLY SHIT
[2017-09-28 06:12:15]
hostile :
was the two private reactions from my friends there
[2017-09-28 06:12:33]
hostile :
and the 3rd was investigative and helpful
[2017-09-28 06:12:39]
czokie :
Any indications of others exploiting it?
[2017-09-28 06:12:49]
czokie :
or not known yet?
[2017-09-28 06:12:56]
hostile :
likely but really can’t say much more
[2017-09-28 06:13:05]
czokie :
fair 'nuff
[2017-09-28 06:13:51]
czokie :
79%
[2017-09-28 06:13:57]
hostile :
man
[2017-09-28 06:13:58]
hostile :
!
[2017-09-28 06:14:01]
hostile :
well done on that btw dude
[2017-09-28 06:14:07]
hostile :
I know what it is like to be the lone ranger
[2017-09-28 06:14:19]
czokie :
Now - i just found <https://github.com/nst/RuntimeBrowser>
[2017-09-28 06:14:28]
czokie :
Would have been good to know that before!
[2017-09-28 06:15:06]
czokie :
Another toy to look at next
[2017-09-28 06:18:04]
czokie :
82%
[2017-09-28 06:18:21]
hostile :
bed++
[2017-09-28 06:18:28]
czokie :
nite
[2017-09-28 06:33:43]
czokie :
89%
[2017-09-28 06:34:05]
czokie :
The rest will be fast - its all stock classes
[2017-09-28 06:55:28]
czokie :
OK. All done
[2017-09-28 06:55:32]
czokie :
And...
[2017-09-28 06:55:34]
czokie :
"I broke it"
[2017-09-28 06:55:52]
czokie :
The wiki needs to have its memory limits for PHP increased :slightly_smiling_face:
[2017-09-28 06:59:07]
czokie :
<http://www.lifeonthehook.com/wp-content/uploads/2015/03/ScottyMorePower.jpg>
[2017-09-28 07:00:35]
czokie :
Hmm. Doubled the ram - and still not enough
[2017-09-28 07:02:43]
czokie :
<http://www.velocitypartners.net/blog/wp-content/uploads/2016/11/Picture5-570x420.png>
[2017-09-28 07:03:11]
czokie :
<https://dji.retroroms.info/documentation/djigo4classes/start>
[2017-09-28 07:03:44]
czokie :
And so it was born. Please find below a list of the classes in the DJI GO 4 application. extracted by frida... Hope its useful :slightly_smiling_face:
[2017-09-28 08:10:25]
carlcox89 :
Nice work @czokie !
[2017-09-28 14:12:31]
umbr4 :
hey @czokie any luck making frida work over the network !usb and disabling ssl key pinning un-tethered?
[2017-09-28 14:13:31]
czokie :
Not yet. But I did get some more useful data in SSL streams while unpinned but still tethered.
[2017-09-28 14:13:39]
czokie :
Was just about to post about it....
[2017-09-28 14:14:07]
czokie :
(after some google fu)
[2017-09-28 14:14:14]
czokie :
[sentry.io](http://sentry.io) ... curious what it is
[2017-09-28 14:14:45]
czokie :
Ah. Just crash reporting
[2017-09-28 14:14:46]
umbr4 :
Cool. I looked but could not find the network thing documented, so probably will have to dig into the code/build custom frida
[2017-09-28 14:15:01]
czokie :
The frida bit is the easy bit....
[2017-09-28 14:15:29]
umbr4 :
ya "crash reporting" is just cover for a whole bunch of other telemetry and analytics usually.
[2017-09-28 14:15:34]
czokie :
Use objection....
[2017-09-28 14:15:36]
czokie :
$ objection --help
Usage: objection [OPTIONS] COMMAND [ARGS]...
_ _ _ _
___| |_ |_|___ ___| |_|_|___ ___
| . | . | | | -_| _| _| | . | |
|___|___|_| |___|___|_| |_|___|_|_|
|___|(object)inject(ion)
Runtime Mobile Exploration
by: @leonjza from @sensepost
By default, communications will happen over USB, unless the --network
option is provided.
Options:
-N, --network Connect using a network connection instead of USB.
[default: False]
-h, --host TEXT [default: 127.0.0.1]
-p, --port INTEGER [default: 27042]
-g, --gadget TEXT Name of the Frida Gadget/Process to connect to.
[default: Gadget]
--help Show this message and exit.
Commands:
device_type Get information about an attached device.
explore Start the objection exploration REPL.
patchapk Patch an APK with the frida-gadget.so.
patchipa Patch an IPA with the FridaGadget dylib.
run Run a single objection command.
version Prints the current version and exists.
[2017-09-28 14:15:55]
czokie :
That will get a connection to the frida port in the app at the address specified.
[2017-09-28 14:16:09]
umbr4 :
just need to figure out how to make frida bind/listen to non localhost
[2017-09-28 14:16:18]
czokie :
-N
[2017-09-28 14:16:32]
czokie :
But thats not the issue
[2017-09-28 14:16:42]
czokie :
Think of this
[2017-09-28 14:16:54]
czokie :
we have two windows open - one with lldb where it launches the app....
[2017-09-28 14:16:59]
czokie :
and the other window is our frida window
[2017-09-28 14:17:37]
czokie :
The lldb window in my guide is called by... ios-deploy
[2017-09-28 14:17:49]
czokie :
There is probably another way to get it to do the same thing ... but thats the missing piece.
[2017-09-28 14:18:07]
czokie :
The frida connection is really easy over network - its just the lldb initial app launch that I need to get over network
[2017-09-28 14:18:15]
umbr4 :
ah
[2017-09-28 14:18:40]
umbr4 :
frida maybe does not pause and wait for hooks if it not launched in debug / lldb mode
[2017-09-28 14:19:01]
czokie :
Frida works fine over network.
[2017-09-28 14:19:16]
czokie :
But if I disconnect USB, app crashes
[2017-09-28 14:19:34]
czokie :
I can see the traffic over IP .... just the debug / lldb connection that is the issue
[2017-09-28 14:20:10]
czokie :
But what would be interesting is a mini frida instance running in a backgroundable IOS app.
[2017-09-28 14:20:48]
czokie :
Imagine - that could have custom hooks that could then change the behaviour of the normal app - without needing to do any other mods other than adding the Frida gadget dylib
[2017-09-28 14:21:15]
umbr4 :
ya that is why I am thinking custom frida build
[2017-09-28 14:21:43]
czokie :
But - its not frida that is causing grief.
[2017-09-28 14:21:59]
czokie :
Its "how do we launch an app in local debugging mode"
[2017-09-28 14:22:02]
czokie :
or
[2017-09-28 14:22:10]
czokie :
"how do we launch an app in network debugging mode"
[2017-09-28 14:22:19]
czokie :
If we can solve either of them - we can do lots more
[2017-09-28 14:22:31]
czokie :
Frida - works as it is now already ..... works perfectly
[2017-09-28 14:23:53]
umbr4 :
probably just inject the hook scripts into the app along with the frida gadget and any other glue needed
[2017-09-28 14:24:39]
czokie :
Next steps could be to develop our own hooks that will for example 1. Login to DJI servers with any user/password, without really sending any network traffic. 2. Unlock any NFZ request without sending any network traffic.... or whatever we want. IOS version of android patching
[2017-09-28 14:25:00]
czokie :
but without patching at all - which is what makes it elegant - Side hooks
[2017-09-28 14:25:47]
czokie :
What would be SO COOL is if DJI could just include the Frida gadget dylib in their standard build. That would be nice of them
[2017-09-28 14:26:05]
umbr4 :
lol
[2017-09-28 14:28:36]
czokie :
I just added the final step - cant believe I missed it before - of launching objection.
[2017-09-28 14:28:41]
czokie :
Have you tried any of the steps yet?
[2017-09-28 14:32:56]
umbr4 :
no I am behind let me check it out
[2017-09-28 14:35:35]
czokie :
<https://medium.com/swiftist/wireless-debugging-xcode-b6e98e26e022>
[2017-09-28 14:35:52]
czokie :
Guessing wireless debugging is not possible unless using XCode 9 and IOS 11 .....
[2017-09-28 14:35:55]
czokie :
and I aint got IOS 11
[2017-09-28 14:36:44]
czokie :
Been sticking back a bit - waiting for a jailbreak - will keep that iphone 6 plus as my jailbroken phone for dev, and get a new one later this year for normal use
[2017-09-28 14:37:14]
umbr4 :
not sure if you need it, looking at frida-core it looks like you can tell it to connect out to a server vs listening on localhost.
[2017-09-28 14:38:13]
czokie :
Thats not the point - Frida will indeed work over network
[2017-09-28 14:38:32]
czokie :
Just I launch the mod'd app - and it crashes unless I launch it via ios-deploy
[2017-09-28 14:38:36]
czokie :
over usb
[2017-09-28 14:39:34]
czokie :
Hmm. Might try debug that first - perhaps that will be an easier one to fix - try to launch locally with gadget, but without LLDB debugging - if that works, the rest is easy
[2017-09-28 14:54:24]
umbr4 :
I think what happens when you launch normally not via ios_deploy with debugging is the frida gadget waits for hooks and closes the app after a short time if it does not get any
[2017-09-28 14:56:32]
czokie :
Nope
[2017-09-28 14:56:34]
czokie :
I tried that.
[2017-09-28 14:57:17]
czokie :
I am connecting to the gadget via network - just fine - but it fails if I launch via springboard - even if connected still over USB
[2017-09-28 14:57:32]
czokie :
Will save that one for tomorrow to find out what is in the crash logs.
[2017-09-28 14:57:41]
czokie :
11 pm here - time for bed.
[2017-09-28 14:57:59]
czokie :
*czokie has low battery :)*
[2017-09-28 15:03:55]
umbr4 :
lol night
[2017-09-28 15:30:47]
hostile :
<https://dji-rev.slack.com/archives/C6KG1UDRS/p1506608679000282>
[2017-09-28 15:30:57]
hostile :
I love that you are actualizing things that I spoke about months ago
[2017-09-28 15:30:59]
hostile :
well done sir
[2017-09-28 15:31:01]
hostile :
hats off to you
[2017-09-28 15:31:12]
hostile :
Frida is powerful AF
[2017-09-29 01:34:54]
czokie :
Now - to work out how to start the app without being "tethered" so I can watch what happens during flight
[2017-09-29 01:35:39]
czokie :
If anyone has secret sauce on that - I'd be stoked
[2017-09-29 01:39:04]
czokie :
Looking at the frida doco page - it says "Launch your app with Xcode" ... and with my version of IOS, that is only supported over USB
[2017-09-29 02:32:30]
czokie :
so no way to actually do frida mods with my aircraft connected unless there is a way around that :disappointed:
[2017-09-29 03:21:49]
hostile :
always a work around…
[2017-09-29 07:15:08]
kilrah :
<https://www.dropbox.com/s/1n49dg4f2h3nf2g/DJI%20GO%204%20%5BDJI%5D%20%28v4.1.12%20v2964%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2017-09-29 07:16:01]
kilrah :
really dropbox, you need 70% cpu to upload a file? grr
[2017-09-29 07:48:31]
czokie :
Whats that @kilrah?
[2017-09-29 08:23:33]
czokie :
Bugga. 4.1.12
[2017-09-29 08:23:39]
czokie :
All we need now is another IPA
[2017-09-29 10:17:23]
czokie :
Anyone else had a chance to follow my guide for objection? When I start the app via my mac it works. Still getting signing errors if I open via springboard. On my way to dinner now but love some input from others on this.
[2017-09-29 13:39:23]
hostile :
not yet!
[2017-09-29 13:39:26]
hostile :
in due time
[2017-09-29 13:39:32]
hostile :
you are straight up hustling bro
[2017-09-29 23:17:29]
czokie :
2017-09-30 07:16:30.287245+0800 DJI GO 4[14233:4019393] CFNetwork SSLHandshake failed (-9807)
[2017-09-29 23:18:05]
czokie :
The SSL pinning bypass is working on the common methods - but there are the CF classes that it appears are not properly disabled.
[2017-09-29 23:18:17]
czokie :
Interesting.....
[2017-09-29 23:19:00]
czokie :
Time to look for common framework hooks :slightly_smiling_face:
[2017-09-29 23:43:28]
czokie :
Or not?
[2017-09-29 23:43:28]
czokie :
<https://www.jamf.com/jamf-nation/discussions/20901/cfnetwork-sslhandshake-failed-9807>
[2017-09-30 00:44:55]
czokie :
:disappointed:
[2017-09-30 00:45:22]
czokie :
IDA - after a day and a half of work - wanting to save some shit.
[2017-09-30 00:48:44]
hostile :
Oh no! Always frequently save your .ida files
[2017-09-30 00:49:20]
czokie :
That was a decompile of the entire app - I got the C file - but neglected to save other shit
[2017-09-30 00:51:09]
czokie :
com.dji.go on (iPhone: 10.3.2) [usb] # ios hooking list class_methods DJIAFSecurityPolicy
+ defaultPinnedCertificates
+ policyWithPinningMode:
+ keyPathsForValuesAffectingPinnedPublicKeys
+ supportsSecureCoding
+ defaultPolicy
- evaluateServerTrust:forDomain:
- setSSLPinningMode:
- setPinnedCertificates:
- setValidatesDomainName:
- pinnedCertificates
- setPinnedPublicKeys:
- allowInvalidCertificates
- validatesDomainName
- SSLPinningMode
- revokeCertificates
- pinnedPublicKeys
- setAllowInvalidCertificates:
- setRevokeCertificates:
- evaluateServerTrust:
- init
- .cxx_destruct
- initWithCoder:
- encodeWithCoder:
- copyWithZone:
[2017-09-30 00:51:26]
czokie :
But in other news - this is of interest to me now....
[2017-09-30 02:15:21]
hostile :
So glad you are learning the intervals!
[2017-09-30 02:44:46]
czokie :
errSSLXCertChainInvalid = -9807, /* invalid certificate chain */
[2017-09-30 02:44:51]
czokie :
<https://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/SecureTransport.h>
[2017-09-30 02:45:20]
czokie :
Maybe those connections were signed with a cert that has been revoked??? :slightly_smiling_face:
[2017-09-30 02:45:58]
czokie :
(Kidding - thats a different code)
[2017-09-30 07:06:12]
baboom :
I wonder... would a usb hub work?
[2017-09-30 08:59:16]
czokie :
There has to be a way to launch a custom app without a USB cable. Just need to find what I am doing wrong.
[2017-09-30 12:15:41]
czokie :
New frida gadget - 10.6.4 - will build the new IOS app with that gadget and see if it is more friendly :slightly_smiling_face:
[2017-09-30 13:26:47]
czokie :
Nope - same deal
[2017-09-30 13:30:36]
hostile :
Try modifying the routine to not care?
[2017-09-30 13:36:30]
czokie :
What I was trying to do is get go working with frida gadget without USB. Otherwise we cannot connect rc for anything more serious. I will do some more ssl stuff later. But right now my challenge is I cannot fly without uninstalling this debug version. Which is a pain while I am on holidays.
[2017-10-01 23:29:41]
czokie :
OK. Time to press the st00pid button. I found it. There is a frida config file. I had been searching google for ages, but it turns out this was WELL and truely documented by the Frida team - I just looked in the wrong place. <https://www.frida.re/docs/gadget/>
[2017-10-02 00:09:34]
hostile :
yes yes yes!
[2017-10-02 00:09:54]
czokie :
even better - it supports stand-alone mode with hooks that can be added into the app.
[2017-10-02 00:10:05]
czokie :
no need for even networked connection
[2017-10-02 00:10:07]
hostile :
I was waiting for you to get there
[2017-10-02 00:10:17]
czokie :
So - you knew it all along?
[2017-10-02 00:12:01]
hostile :
I’ve known **OF** it… but sooooo far out of the friday game
[2017-10-02 00:12:10]
hostile :
I was not sure what was current, or even able to spot check where you were
[2017-10-02 00:12:15]
hostile :
I’m flat out burried
[2017-10-02 00:12:33]
hostile :
I figured nothign I said would be any better than your googling was gonna try to catch up
[2017-10-02 00:12:36]
hostile :
just haven’t got there
[2017-10-02 00:12:37]
hostile :
:confused:
[2017-10-02 01:08:44]
czokie :
OK. Two steps forward.... one step back. I now know there is a config file. The question, where to put it in the IPA file. I tried putting it in "Payload/DJI GO 4.app" and I tried putting it in "Payload/DJI GO 4.app/Frameworks/" .... Neither worked :disappointed:
[2017-10-02 01:42:38]
czokie :
Again - st00pid .... filename ends in .config not .conf
[2017-10-02 01:42:56]
hostile :
lol
[2017-10-02 01:56:30]
czokie :
OK. Tried "Payload/DJI GO 4.app" again - still no go... Sigh
[2017-10-02 01:56:36]
czokie :
Trying frameworks now
[2017-10-02 02:04:34]
czokie :
Progress... 2017-10-02 10:01:59.153193+0800 DJI GO 4[1025:380187] Frida: Listening on 0.0.0.0 TCP port 27042 instead of 127.0.0.1
[2017-10-02 02:04:39]
czokie :
w00t
[2017-10-02 02:04:57]
czokie :
But - unable to connect to it from off the device still (unknown why)
[2017-10-02 02:25:53]
hostile :
firewall?
[2017-10-02 02:26:02]
czokie :
on IOS?
[2017-10-02 02:26:09]
czokie :
Not that I know of
[2017-10-02 02:26:30]
czokie :
But, where I am - it is possible there is some wifi wickedness providing client isolation
[2017-10-02 02:26:38]
hostile :
ahh word
[2017-10-02 02:26:44]
hostile :
im afk was just passin gby
[2017-10-02 02:27:21]
czokie :
So - this is a time where I need someone with non weird wifi to replicate - and confirm if they can connect to the app via network (not USB)
[2017-10-02 02:27:37]
czokie :
This SHOULD be working now
[2017-10-02 13:05:50]
czokie :
*czokie is in the middle of no-where right now in the philippines listening to crickets outside my room :)*
[2017-10-02 13:10:56]
hostile :
that is a very pleasant feeling
[2017-10-02 13:40:47]
cs2000 :
@czokie Ive been passively watching your progress. If you need something verifying i will help if i can, drop me a PM with what/how to get set-up, and il see what i can do. Top work so far :thumbsup:
[2017-10-02 13:53:42]
czokie :
@cs2000 love you to give it a go
[2017-10-02 13:54:19]
cs2000 :
Cool, let me know what i need, more than happy to assist
[2017-10-02 13:54:31]
czokie :
The wiki page is as far as I get
[2017-10-02 13:54:35]
czokie :
You have a mac?
[2017-10-02 13:55:09]
cs2000 :
WIndows primerally, i have a macbook air (works one) i can use, sat by me right now, im "working" technically lol
[2017-10-02 13:55:34]
czokie :
Basically - we need a mac, with xcode... and pip3 installed
[2017-10-02 13:55:38]
czokie :
The rest is per the doco
[2017-10-02 13:56:23]
czokie :
just need to see if u get further
[2017-10-02 13:57:09]
cs2000 :
OK, let me see what i can do, booting on to mac now and will get those parts installed. Is the wiki updated Re that config file from earlier?
[2017-10-02 13:57:38]
czokie :
its 100% up to date
[2017-10-02 13:57:40]
czokie :
I cleaned it up a lot
[2017-10-02 13:58:42]
czokie :
Its 10 pm here - I can stay up a bit and walk you through it to see what we find if its a good time for you...
[2017-10-02 13:59:52]
cs2000 :
yeah all good for me, im just following step 1! i saw the sneaky edit there bit suddenly became lot lol
[2017-10-02 14:01:37]
cs2000 :
just installing Brew so i can use things like wget
[2017-10-02 14:07:35]
cs2000 :
Brew and pip3 installed, just rebooting as wget still wasnt a valid command apparently
[2017-10-02 14:09:07]
czokie :
brew install wget :slightly_smiling_face:
[2017-10-02 14:09:20]
cs2000 :
typed that literally as you sent that :wink:
[2017-10-02 14:15:03]
cs2000 :
grr, need up upgrade my xcode, i only have command line options installed, and predicably i need to upgrade my OS, lol, ive got as far as step 14 on the xcodebuild step so far
[2017-10-02 14:15:22]
cs2000 :
updates installing
[2017-10-02 14:15:42]
czokie :
:slightly_smiling_face:
[2017-10-02 14:28:57]
cs2000 :
Just read through the rest of the doc whilst im waiting. WHich step am i likely to stumble on if i get the same issuie as you, step 6.3?
[2017-10-02 14:29:27]
hostile :
I love seeing OGs cooperate and make shit happen!
[2017-10-02 14:30:38]
czokie :
Basically - you get to 6 ... you can try 6.2 .... and then instead of following the rest .... do a telnet to your phone's ip on the frida port. If you get a connect - you've got further than me
[2017-10-02 14:32:26]
cs2000 :
OK, well maybe no point in you waiting, im having to upgrade to OSX high siera to be allowed to get the current version of xcode, almost done the OS download, but then gotta upgrade and then grab the 5GB of Xcode
[2017-10-02 14:32:36]
cs2000 :
il continue through and report in here how i do
[2017-10-02 14:32:48]
cs2000 :
maybe hook up in a few days as im AFK tomorrow
[2017-10-02 14:33:32]
czokie :
Understood...
[2017-10-02 14:34:26]
cs2000 :
But il keep plugging away, ive been feeling bad for you working on this alone! haha, just no point you sitting there waiting, im probably at least 45 mins from doing anything fun yet, updates....
[2017-10-02 14:34:33]
hostile :
my upgrade to High Sierra went seamless fwiw @cs2000
[2017-10-02 14:34:55]
czokie :
I am still on sierra - but I already had xcode loaded.
[2017-10-02 14:35:19]
cs2000 :
Ahhh, i didnt haha, i had it half installed, but never completed it.
[2017-10-02 14:35:35]
cs2000 :
thanks @hostile MAC upgrades usually do tbh, just takes time :slightly_smiling_face:
[2017-10-02 14:37:37]
czokie :
By the way - been speaking to the author of frida in IRC - His suggestion at this point - is to try to bind frida manually to the IP on wifi - and if that works and 0.0.0.0 fails to get back in touch.
[2017-10-02 14:37:46]
czokie :
Will be trying that tomorrow my time
[2017-10-02 14:39:07]
cs2000 :
OK sounds good, does that require any ammendments from whats documented, such as editing the Frida gadget?
[2017-10-02 14:41:29]
czokie :
The frida gadget config file - just replace 0.0.0.0 with local wireless ip address.
[2017-10-02 14:41:35]
czokie :
Everything else is unchanged
[2017-10-02 14:41:52]
cs2000 :
yeah thats what i assumed. And were talking about the phones wifi address?
[2017-10-02 14:42:01]
czokie :
yuppers
[2017-10-02 14:42:07]
cs2000 :
:thumbsup:
[2017-10-02 14:42:54]
hostile :
@czokie ” been speaking to the author of frida in IRC ” ut oh… now you are working on my territory… cat wrangling! well done sir
[2017-10-02 15:26:09]
cs2000 :
High Sierra installed, now grabbing Xcode and then i can carry on. Ive probably got 30-60 mins before i need to go out though
[2017-10-02 15:44:30]
martinbogo :
*is installing High Sierra*
[2017-10-02 15:45:08]
cs2000 :
install on my 2014 Air took about 40 mins, no problems though :slightly_smiling_face:
[2017-10-02 15:57:02]
jan2642 :
Overhere it’s scaring as hell. It already stopped twice with obscure errors, rebooted and automatically restarted the upgrade. Now it seems progressing but it looks like I’m warped into Microsoft time: “about x minutes remaining” took half an hour to go from 40 to 30. So still 90 minutes to go I guess ?
[2017-10-02 15:57:55]
hotelzululima :
you kids DID take a backup first I hope :slightly_smiling_face:
[2017-10-02 15:58:25]
hostile :
Time Machine!
[2017-10-02 15:59:33]
cs2000 :
haha who takes backups! lol. Instalation went fine for me :slightly_smiling_face: Xcode is now installed, just progressing with the documented steps
[2017-10-02 15:59:50]
cs2000 :
really hoping the issue stopping @czokie is just weird wifi at his hotel. Would be a major step!
[2017-10-02 16:20:12]
cs2000 :
@czokie i know youre probably not here, but just jotting my steps. In step 4, on the last line
[2017-10-02 16:20:13]
cs2000 :
objection patchipa -s "DJI GO 4.ipa" --codesign-signature <your signature>
[2017-10-02 16:20:31]
cs2000 :
I take it you enter your apple email address as thats what my dev certificate is registered to
[2017-10-02 16:36:36]
cs2000 :
Yeah stuck on step 4... gets to Codesigning patched IPA, then a whole bunch of errors essentially saying it cant find the IPA its supposed to have created, il keep trying various things...
[2017-10-02 17:40:54]
cs2000 :
Googling around showed 2 potential things i can do, firstly "brew install gcc@5" which has been going for literally an hour. Secondly, "pip3 install xgboost", but im waiting for the other strep to finish first
[2017-10-02 18:03:08]
cs2000 :
OK, got it. A couple of edits to the Wiki. Firstly, to clarify, you need a decrypted Go4 app, using the latest one from iTunes doesnt work. And second, yes, <your signature> is your itunes login basically as thats who the signature is allocated to, ok, moving on.
Oh, and those extra bits of software may or may not be needed, il add it to the wiki TBC
[2017-10-02 18:16:23]
cs2000 :
OK! so, running
"ios-deploy --bundle Payload/*.app -m -L"
connects to the phone, everything says OK, fantastic in the terminal, the app launches but quite about 15 seconds later
[2017-10-02 18:17:19]
umbr4 :
I think it closes if it does not get any hooks
[2017-10-02 18:17:42]
umbr4 :
so fire up <https://github.com/sensepost/objection>
[2017-10-02 18:18:33]
cs2000 :
Hmmmmmm, thats odd too. If i match my timings, wait till the app is fired up and then try to telnet to 192.168.0.7, on the frida port of 27042, Putty sits there... and then quits at the exact same time the modified go4 app closes...
[2017-10-02 18:19:26]
cs2000 :
Going to try modifying the frida gadget as per the earlier suggestion
[2017-10-02 18:19:55]
umbr4 :
objection with the network option might actually pump some data into the gadget
[2017-10-02 18:20:17]
umbr4 :
telnet or putty would exit right away if the port was closed, so that is a good sign
[2017-10-02 18:21:05]
cs2000 :
thats what i thought, let me modify the binding IP, 2 mins
[2017-10-02 18:22:57]
cs2000 :
Deploying now
[2017-10-02 18:25:28]
cs2000 :
hmm, same behaviour
[2017-10-02 18:26:36]
cs2000 :
It can clearly see _something_ as it quits the same time the app does though. DOnt know if this is the same or further then @czokie has managed to get. Feels very close!
[2017-10-02 18:28:28]
cs2000 :
Launching with debugging means the app is staying open, console/terminal confirms "Frida listening on 192.168.0.7 TCP port 27042"
[2017-10-02 18:30:30]
hostile :
any other logs?
[2017-10-02 18:31:22]
cs2000 :
Il copy what i can see
[2017-10-02 18:35:46]
cs2000 :
Thats everything from the connect with debug enabled. Its so weird, it sits there waiting for commands forever at this point. Without debug, it quits after a short period. But it doesnt seem to respond when you telnet to it, not properly anyway. Putty does quit at the same time the port/app is closed however
[2017-10-02 18:38:01]
cs2000 :
If you enter any command on the telnet window, it closes immediatly, logs on the mac terminal dont show anything has happened though. The app still stays running
[2017-10-02 18:48:26]
hostile :
do you have to “continue” it?
[2017-10-02 18:48:36]
hostile :
in gdb when you were connected you’d have to “c”
[2017-10-02 18:48:40]
hostile :
to get the process to continue running
[2017-10-02 18:48:48]
hostile :
when it was at (gdb) prompt
[2017-10-02 18:48:52]
hostile :
I’ve not used lldb in a long time
[2017-10-02 18:49:18]
cs2000 :
in the debug/terminal window? Il try, just cooking another IPA. Appreciate the assistance though :slightly_smiling_face:
[2017-10-02 18:50:24]
umbr4 :
the gadget pauses execution of the app on load and waits for either a client to connect and pass in some "hooks" or if there is a script with hooks embedded in the app it loads those
[2017-10-02 18:51:06]
umbr4 :
hooks could be like the ssl key pinning bypass ones in objection
[2017-10-02 18:51:35]
cs2000 :
so, entering C yields...
[2017-10-02 18:51:58]
umbr4 :
you need a frida client
[2017-10-02 18:52:39]
umbr4 :
I think anyway, that's how I got it to work
[2017-10-02 18:52:50]
umbr4 :
(with usb)
[2017-10-02 18:54:02]
cs2000 :
error: process is running. use 'process interrupt' to pause executioin
[2017-10-02 18:57:54]
cs2000 :
Objection doesnt want to connect either
[2017-10-02 19:02:37]
hostile :
[usb]
[2017-10-02 19:02:40]
hostile :
see that
[2017-10-02 19:03:01]
cs2000 :
Yaa, reading the objection docs now :wink:
[2017-10-02 19:04:01]
umbr4 :
-N
[2017-10-02 19:04:53]
cs2000 :
yep, trying to figure out the commands to tell it the IP and port "-N explore didnt lead anywhere"
[2017-10-02 19:05:09]
umbr4 :
(going from memory here) I should probably crack out a mac
[2017-10-02 19:06:39]
umbr4 :
-N -h <host/IP> -p <port> explore
[2017-10-02 19:08:14]
cs2000 :
:disappointed:
[2017-10-02 19:08:16]
cs2000 :
Chriss-MacBook-Air:Documents Chris$ objection -N -h 192.168.0.7 -p 27042 explore
Error: unable to connect to remote frida-server
_ _ _ _
___| |_ |_|___ ___| |_|_|___ ___
| . | . | | | -_| _| _| | . | |
|___|___|_| |___|___|_| |_|___|_|_|
|___|(object)inject(ion) v1.1.10
Runtime Mobile Exploration
by: @leonjza from @sensepost
[tab] for command suggestions
unknown application [net] #
[2017-10-02 19:08:46]
umbr4 :
maybe IOS does not let apps set listening sockets?
[2017-10-02 19:09:20]
cs2000 :
perhaps. IOS security can be a PITA, the app does think its listening on that port though...
[2017-10-02 19:09:40]
hostile :
is there a netstat command you can run to verify it is listening proper?
[2017-10-02 19:10:20]
cs2000 :
from inside the phone, doubtful, im just doing a scan at the moment from the outside, see what ports are open.
[2017-10-02 19:10:29]
cs2000 :
Rememer, iOS :lock:
[2017-10-02 19:10:31]
cs2000 :
lol
[2017-10-02 19:13:28]
hostile :
I assumed rooted / Jailbroken
[2017-10-02 19:13:41]
cs2000 :
sadly not, IOS 11.01 for me
[2017-10-02 19:18:15]
umbr4 :
maybe change the "on_load": "wait" to resume
[2017-10-02 19:18:37]
umbr4 :
in the config file. then the app will startup and you can attach later.
[2017-10-02 19:19:13]
umbr4 :
(less than ideal) as I would want to be able to hook it right away
[2017-10-02 19:19:26]
cs2000 :
OK, cooking that IPA now. Thing is, i know this should work! look...
[2017-10-02 19:19:27]
cs2000 :
<https://github.com/sensepost/objection/wiki/Patching-iOS-Application-Sources>
[2017-10-02 19:19:39]
cs2000 :
lol same thing you linked to earlier (i think)
[2017-10-02 19:19:50]
umbr4 :
ha
[2017-10-02 19:19:54]
cs2000 :
done slightly differently with that dylib file, but same principle
[2017-10-02 19:21:03]
umbr4 :
I have not seen much about using objection to connect over the network to iOS with a frida dynlib grafted on non-jailbroken device,
[2017-10-02 19:22:21]
umbr4 :
(but) you can always hook it right away by injecting a script into the IPA and not need the usb connection
[2017-10-02 19:26:14]
cs2000 :
Yeah, it could just be that im not jailbroken. I have the IPA ready, but im on the phone so cant upload yet
[2017-10-02 19:40:58]
cs2000 :
:joy: god only knows whats wrong now lol
[2017-10-02 19:41:17]
cs2000 :
Chriss-MacBook-Air:Documents Chris$ ios-deploy --bundle ~/Documents/Payload/*.app -W -d -m
[....] Waiting for iOS device to be connected
[....] Using 727abdef489975db2ad3d7e900b336a7dc959d82 (D101AP, iPhone 7, iphoneos, arm64) a.k.a. 'IPhone 7 - Chris Hawkins'.
------ Debug phase ------
Starting debug of 727abdef489975db2ad3d7e900b336a7dc959d82 (D101AP, iPhone 7, iphoneos, arm64) a.k.a. 'IPhone 7 - Chris Hawkins' connected through USB...
[ 0%] Looking up developer disk image
[ 95%] Developer disk image mounted successfully
Assertion failed: (app_dict != NULL), function copy_device_app_url, file /usr/local/lib/node_modules/ios-deploy/src/ios-deploy/ios-deploy.m, line 579.
Abort trap: 6
[2017-10-02 19:45:35]
hostile :
closer!
[2017-10-02 19:47:16]
cs2000 :
weird, a reboot of the phone and mac fixed that
[2017-10-02 19:52:29]
cs2000 :
@umbr4 Now ive got it to run again, changing "on_load": "wait" to resume has gotten me further into the app, rather than getting stuck at the splash screen, im at the page where the Go4 app asks you to login
[2017-10-02 19:57:04]
hostile :
sounds like you making some progress
[2017-10-02 19:57:47]
cs2000 :
Potentially, im not a developer though so kinda stuck now. Hopefully when @czokie wakes up, this will help him out a little?
[2017-10-02 19:57:47]
hostile :
I’d say frida was funning as soon as this hit
[2017-10-02 19:57:48]
hostile :
(lldb) command script import "/tmp/E875CDEC-C290-43A1-BEC6-C30DBE612905/fruitstrap_727abdef489975db2ad3d7e900b336a7dc959d82.py"
[2017-10-02 19:57:49]
hostile :
“
”
[2017-10-02 19:58:52]
hostile :
which version of iosdeploy are you using?
[2017-10-02 19:59:07]
hostile :
<https://github.com/ghughes/fruitstrap> is oooooold =]
[2017-10-02 19:59:17]
hostile :
<https://github.com/phonegap/ios-deploy>
[2017-10-02 19:59:21]
hostile :
ios-deploy is a fork IIRC
[2017-10-02 19:59:27]
cs2000 :
haha, its whatever was pulled down following the wiki
[2017-10-02 19:59:33]
cs2000 :
<http://dji.retroroms.info/howto/iosfrida>
[2017-10-02 20:00:17]
umbr4 :
I am still behind, can't get the config file to deploy to the device
[2017-10-02 20:00:35]
cs2000 :
in the wiki, which step?
[2017-10-02 20:00:46]
cs2000 :
2.2?
[2017-10-02 20:00:58]
umbr4 :
4
[2017-10-02 20:01:14]
umbr4 :
I have a different method than the wiki, so goona switch
[2017-10-02 20:01:20]
cs2000 :
ok cool
[2017-10-02 20:01:29]
umbr4 :
I guess there is some plist that needs to list that config file
[2017-10-02 20:01:55]
cs2000 :
it worked fine for me until this point, im essentially on 6.x
[2017-10-02 20:02:08]
umbr4 :
might as well check that I am using a new version of frida too as the config file is a new feature.
[2017-10-02 20:04:22]
cs2000 :
@hostile Ios-Deploy reports its V1.9.2
[2017-10-02 20:05:30]
cs2000 :
was installed with "npm install -g ios-deploy" which is listed as the current way to install from their Github page
[2017-10-02 20:26:43]
cs2000 :
holy crap
[2017-10-02 20:26:45]
cs2000 :
im in
[2017-10-02 20:29:37]
cs2000 :
com.dji.go on (iPhone: 11.0.1) [usb] # ios sslpinning disable
Job: b5bdf820-8c35-4012-8001-a0b02a1ed631 - Starting
[a0b02a1ed631] [ios-ssl-pinning-bypass] Found AFNetworking 3.0 library
[a0b02a1ed631] [ios-ssl-pinning-bypass] Found +[AFSecurityPolicy policyWithPinningMode:]
[a0b02a1ed631] [ios-ssl-pinning-bypass] [NSURLSession] Found 16 matches for URLSession:didReceiveChallenge:completionHandler:
[a0b02a1ed631] [ios-ssl-pinning-bypass] [NSURLConnection] Found 10 matches for connection:willSendRequestForAuthenticationChallenge:
[a0b02a1ed631] [ios-ssl-pinning-bypass] Hooking lower level methods: SSLSetSessionOption, SSLCreateContext, SSLHandshake and tls_helper_create_peer_trust
Job: b5bdf820-8c35-4012-8001-a0b02a1ed631 - Started
com.dji.go on (iPhone: 11.0.1) [usb] #
[2017-10-02 20:31:33]
cs2000 :
Intresting, USB connection only works if the server binds to 0.0.0.0, if you set an address it seems neither network or USB work, in my testing anyway
[2017-10-02 20:38:06]
hostile :
whoot
[2017-10-02 20:47:06]
kilrah :
_has installed high sierra yesterday after finding out installing without switching to APFS was possible_
[2017-10-02 20:47:55]
kilrah :
otherwise wouldn't have, i need read/write access to mac partition from bootcamp
[2017-10-02 20:48:17]
cs2000 :
Aww crap, i use Bootcamp :joy:
[2017-10-02 20:48:22]
kilrah :
obviously no tools will exist to do that before months/years with APFS
[2017-10-02 20:48:51]
kilrah :
lol
[2017-10-02 20:50:43]
cs2000 :
Im done testing for the day anyway, i think @czokie has quite enough to catch up on :wink: my brain is fried! lol
[2017-10-02 22:53:27]
czokie :
Morning all
[2017-10-02 22:54:25]
czokie :
So @cs2000 - You replicated by dead end :disappointed:
[2017-10-02 22:57:15]
czokie :
Yeah. I played with that. But it was a dead end too. Resume lets the app continue - but still no frida gadget over net work... I left it at wait, so that I could load my hooks before it did stuff....
[2017-10-02 23:49:00]
czokie :
Wrote to oleavr to see what we get back from there...
[2017-10-03 00:50:49]
czokie :
Other stuff - App mod and signing - i've pulled out some of the extra bits - I think the missing piece was what I've added in 2.3 .... getting your code signing value....
[2017-10-03 00:50:54]
czokie :
That should make it clearer
[2017-10-03 11:37:36]
cs2000 :
Yeah sadly i got stuck down the same dead end as you. I got as far as the USB connection, but not via a network. all the tests i ran confirmed Frada is there and listening, but something seems to fail between the connection part.
[2017-10-03 11:37:54]
cs2000 :
If we could get the dev in here that would be amazingly useful....
[2017-10-03 11:38:14]
cs2000 :
:gift:
[2017-10-03 11:46:13]
czokie :
Dont think he will come here - but I have gone to him in IRC (his world)
[2017-10-03 11:51:49]
cs2000 :
ahh OK, thats fine, shame as if he comes here he could have 2 people testing things out :slightly_smiling_face:
[2017-10-03 11:52:36]
cs2000 :
well written wiki though mate, there werent any major hiccups that werent my fault/i couldnt easilly rectify. I dont know if @umbr4 got any further in his testing?
[2017-10-03 11:53:17]
czokie :
I made some changes after the stuff that you guys did...
[2017-10-03 11:53:42]
cs2000 :
taking a look now
[2017-10-03 11:54:08]
czokie :
I think this is now pretty damm good - no more gaps
[2017-10-03 11:54:27]
cs2000 :
Ahh yeah, prettying up what i added :slightly_smiling_face:
[2017-10-03 11:54:39]
czokie :
and I took out the extra stuff on signing
[2017-10-03 11:54:53]
czokie :
its not needed - if you use the correct hash value...
[2017-10-03 11:54:59]
czokie :
I added 2.3 to make that clearer
[2017-10-03 11:55:45]
cs2000 :
Yeah, looks good :wink:
[2017-10-03 11:56:32]
cs2000 :
Sooooooo annoying, 7.1 is go, 7.2 fail :disappointed:
[2017-10-03 11:56:44]
czokie :
Yep
[2017-10-03 11:57:36]
czokie :
My last message in IRC: "Hi again - still after any help on this IPA / IOS question - I've had others try and test, and same result. Unable to run frida gadget on IOS un-tethered... Is this a known limitation, or should I open an issue in github?"
[2017-10-03 11:59:21]
cs2000 :
Seems fine to me. I dont know if you read my screenshots and bits, but frida is 100000% running, listening and waiting for a connection. The fact that Putty will connect, and then sit and wait there is proof that it has some kind of connection, but there appears to be no data or communication between the two. Im sure its not something you have missed otherwise i dont think we would have gotten to this point
[2017-10-03 11:59:52]
czokie :
Yep - 100% confirmed... but wait - putty? You can connect to the frida port on your iphone?
[2017-10-03 12:00:00]
czokie :
I didnt get that
[2017-10-03 12:00:08]
cs2000 :
Yeah
[2017-10-03 12:00:30]
cs2000 :
You know Putty's usual behaviour is that if it cannot connect, it will throw an error and close, right?
[2017-10-03 12:00:42]
czokie :
I didnt use putty - I just did a telnet from my mac
[2017-10-03 12:00:51]
czokie :
Here is the weird thing
[2017-10-03 12:00:59]
czokie :
App is not open = "Host unreachable"
[2017-10-03 12:01:11]
czokie :
App is open = timeout ... no error until about 5 mins
[2017-10-03 12:01:13]
cs2000 :
In this case, it would physically stay open. If i force closed the app on the iphone, or ended the debug session from the mac, Putty would throw the error and close at the same time, so its connected as far as i can tell
[2017-10-03 12:01:15]
czokie :
BUT - it is NOT connected
[2017-10-03 12:01:27]
czokie :
I would like to confirm that
[2017-10-03 12:01:36]
czokie :
You still have the patched app on your phone?
[2017-10-03 12:02:25]
cs2000 :
yeah i do
[2017-10-03 12:02:54]
czokie :
Can you open a terminal window on your mac
[2017-10-03 12:03:01]
czokie :
and just telnet to the ip
[2017-10-03 12:03:11]
cs2000 :
If i just opened the hacked app, and didnt try ro connect, the app would close after 15 seconds or so
[2017-10-03 12:03:16]
cs2000 :
yeah, give me a few mins
[2017-10-03 12:03:21]
cs2000 :
im booted into windows at the moment
[2017-10-03 12:03:32]
cs2000 :
so il be back :wink:
[2017-10-03 12:04:07]
czokie :
OK
[2017-10-03 12:38:16]
cs2000 :
Wow, mac issues, finally in OSX
[2017-10-03 12:40:19]
cs2000 :
it connects, kinda
[2017-10-03 12:41:31]
cs2000 :
For some reason, my hostname are screwed, it think I'm called "fran spectre" and my phone is "windows phone", but i have verified its me by pinging, then turning off wifi and making sure the connection drops, which it does
[2017-10-03 12:41:38]
cs2000 :
qdos-franspectre:~ Chris$ telnet 10.0.16.140 27042
Trying 10.0.16.140...
Connected to windows-phone.qdos.local.
Escape character is '^]'.
[2017-10-03 12:42:27]
cs2000 :
objection still fails via network however
[2017-10-03 12:42:54]
cs2000 :
works through USB
[2017-10-03 12:44:12]
cs2000 :
The issue is the same as Putty though, it seems to connect, but if you enter ANY command, Putty exist, Telnet on the mac says "Connection closed by foreign host"
[2017-10-03 13:32:36]
umbr4 :
hum, I wonder @czokie if network connections to the frida gadget are expected to work, did you ever ask the author?
[2017-10-03 14:45:54]
czokie :
I was distracted by family... I am on holidays theoretically. You got "Connected". Thats awesome. I've never got that result. I am guessing the network where I am is doing some funky things... which is a pain coz I am the network admin. (My family owns a small hotel that has been built on our family farm)
[2017-10-03 14:48:42]
czokie :
Guessing it has client isolation built in - but I didnt turn it on as far as I can recall. Either way, thats progress. I am still waiting for some answers from author
[2017-10-03 14:50:18]
hostile :
try an Ad-Hoc wifi
[2017-10-03 14:50:30]
hostile :
instead of using the hotel AP… likely have client to client isloation turned on
[2017-10-03 14:51:15]
czokie :
Might take a bit - now 11pm - and I have a full day planned tomorrow.
[2017-10-03 14:51:35]
czokie :
Even tho on holidays - I am cutting over the hotel internet from LTE to Fiber if things go to plan
[2017-10-03 14:52:10]
czokie :
but I'll try to include some frida stuff when I get some time.
[2017-10-03 14:52:26]
czokie :
(Except when my wife hears me talking about frida - she gets jealous - thinks its another bird)
[2017-10-03 14:56:19]
hostile :
LOL
[2017-10-03 15:29:01]
cs2000 :
:joy: thats fine @czokie im here when you need something else testing, we will get there, it feels so close!
[2017-10-03 15:58:54]
umbr4 :
So... after some updates to the various python packages, I can connect with frida-ps and frida-trace over the network.
[2017-10-03 15:59:08]
umbr4 :
objection appears to not work.
[2017-10-03 16:01:05]
umbr4 :
and it only works when the app is launched via ios deploy
[2017-10-03 16:38:30]
czokie :
Umbr4. So you launch over iOS deploy using option 2. Then disconnect USB. And then frida works? That's confusing since objection is just frida with a bunch of built in hooks.
[2017-10-03 17:28:21]
umbr4 :
ios deploy in debug mode with usb connected seems to work with the frida tools over the network, just not objection. If I launch from the device itself it crashes with a codesigning error in the logs when I try to connect with frida-trace
[2017-10-03 18:11:03]
umbr4 :
So now I need to figure out entitlements :disappointed:
[2017-10-03 21:28:25]
czokie :
The code signing stuff I thought I had worked out. Note that I updated the wiki from yesterday. Some of the stuff you added was not necessary I believe. Have you codesigned correctly?
[2017-10-03 21:29:05]
czokie :
Note section 2.3
[2017-10-03 22:07:16]
czokie :
Be keen for you to review the current wiki page - and comment on what is different now....
[2017-10-03 22:07:50]
czokie :
ie - what python packages you updated and why.... need to understand that
[2017-10-03 22:08:39]
czokie :
especially why you can connect to the gadget via tcp - when both @cs2000 and I could not - The python packages should not have changed that
[2017-10-04 13:42:31]
umbr4 :
I noticed that there were updates over the last few days to objection and frida so I updated those.
[2017-10-04 13:44:53]
umbr4 :
When running in debug mode with ios deploy and connected via USB the process seems to get the network.server entitlement probably because the debugger needs this. But as far as I can tell iOS apps cannot have this entitlement when run outside the debugger. iOS refuses to install an app with this set from my tests.
[2017-10-04 13:47:20]
czokie :
I am taking a guess - but the provisioning profile that we build earlier on - if we follow the steps here.... <https://developer.apple.com/library/content/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/EnablingAppSandbox.html#//apple_ref/doc/uid/TP40011195-CH4-SW9> we may get this sorted... since the app install uses the same profile???? Just a guess
[2017-10-04 13:50:12]
umbr4 :
Maybe, I tried setting the entitlement and it didn't work. The furthest I got was the the vlc-ios app has a web server built in so maybe that would provide an example to copy from.
[2017-10-04 13:54:03]
czokie :
where do you set it?
[2017-10-04 13:54:06]
czokie :
I am new to xcode
[2017-10-04 14:03:36]
czokie :
found capabilities
[2017-10-04 14:03:43]
czokie :
but no network server there for me
[2017-10-04 14:07:10]
umbr4 :
you can try setting it in the app package, appname.entitlements file
[2017-10-04 14:07:51]
umbr4 :
copy the file out of the app package, change it and then when you call applesign pass -e with the file you changed as the argument
[2017-10-04 14:07:51]
czokie :
I am guessing that without a developer account this is not available
[2017-10-04 14:08:17]
umbr4 :
ya maybe but even with a developer account that may not be allowed
[2017-10-04 14:08:18]
czokie :
<https://developer.apple.com/support/app-capabilities/>
[2017-10-04 14:08:32]
czokie :
its not listed there either
[2017-10-04 14:09:04]
umbr4 :
the only other thing I can think of is that one of the other capabilities could include network.server
[2017-10-04 17:29:53]
cs2000 :
Sorry guys been out of the loop for a few days. From just catching up are we saying we’re effectively 1 step forward (in understanding) but no actually further forward in implementation? Just so I’m caught up :+1:
[2017-10-04 17:33:13]
cs2000 :
Im assuming none of us has an active apple dev account to test the theory. You could sign upto a UDID registration service however which effectively allows you access to a legit developer certificate, this websites gold package should cover it.
<https://www.udidregistrations.com/buy>
[2017-10-04 22:47:36]
czokie :
Not sure if I will get a chance to play before I get back home next week.... And even when I get back - I have a week long video conference marathon with 8 hour sessions :slightly_smiling_face:
[2017-10-05 08:53:11]
kilrah :
I also lack time but gave it a quick try and got stuck at the "deploying a blank app with xcode to get the cert stuff right" step. Which is kinda stupid since I have a jailbroken device and thus don't need to care about signing, but objection seems to want to sign in all cases
[2017-10-05 14:25:46]
umbr4 :
I don't think we need network.server though it would be nice. Is there another way to connect the app to the aircraft?
[2017-10-05 14:27:34]
hostile :
@cs2000 be careful giving UDID out… I think this can open you up to malware from them too
[2017-10-05 14:32:14]
umbr4 :
looks dodgy, I don't know for sure that developer account/certificate will get you that entitlement. Maybe just use wifi for now
[2017-10-05 15:52:55]
czokie :
I have a P4P - I cant use wifi
[2017-10-07 12:27:52]
czokie :
<https://twitter.com/C2RIBS/status/916350297894801409>
[2017-10-07 12:28:07]
czokie :
DJI are claiming that the CPU fully loaded message is a "new feature"..... Sigh
[2017-10-07 13:13:18]
bin4ry :
lol
[2017-10-07 13:13:20]
bin4ry :
iOS ?
[2017-10-07 13:14:03]
bin4ry :
dji seem to fully use your CPU :wink: that just mean they use the full potential of your hardware, you should be happy they do so :wink:
[2017-10-07 13:26:09]
czokie :
yes. ios
[2017-10-07 14:35:21]
bin4ry :
they developed on iphone9 :wink: more cpu power :smile:
[2017-10-13 20:27:22]
czokie :
OK. Back in Oz - and ready to get back to frida and friends :slightly_smiling_face:
[2017-10-13 20:29:55]
czokie :
Possible updates to Frida and/or objection may help - so later today my time - I will give this another go - using latest files...
[2017-10-13 20:51:37]
hostile :
man I been wondering how things been here
[2017-10-13 20:51:51]
hostile :
I just have so much shit going on I can’t keep active in any one area
[2017-10-13 21:25:15]
umbr4 :
ya @czokie lots of recent updates. I was going to look into how developers are supposed to debug USB devices attached, maybe using wifi debugging is ios-deploy if it gets changed to support it.
[2017-10-13 21:34:28]
czokie :
If I remember correctly - wifi debugging only works on IOS 11.x using lldb - but Frida SHOULD work via wifi - but last time I tried - it failed. You confirmed you were able to get the TCP port open and connection to it. Now that I am not on enterprise wifi - I will try to replicate later today to see if I can get TCP connect - and see if I can proceed beyond that
[2017-10-14 00:29:45]
czokie :
OK.
[2017-10-14 00:29:48]
czokie :
I've woken up now
[2017-10-14 00:29:52]
czokie :
(Needed more sleep)
[2017-10-14 00:30:01]
czokie :
Time to play - so if anyone wants to play along - lets get into it
[2017-10-14 00:59:21]
czokie :
IT WORKS
[2017-10-14 01:00:42]
czokie :
Changes in Frida since my first tests mean it works now (possibly due to my earlier bug report and dialogue with Frida developers) ...
[2017-10-14 01:01:06]
czokie :
w00t
[2017-10-14 01:01:53]
czokie :
Next test - look @ network traffic - reconfirm ssl pinning is working - for basic stuff - then next - work on the "enhanced" stuff where DJI is doing some custom shit.
[2017-10-14 01:09:37]
czokie :
Page updated - <https://dji.retroroms.info/howto/iosfrida>
[2017-10-14 03:32:42]
hostile :
fuck yeah mate! good job @czokie
[2017-10-14 03:33:21]
czokie :
Keen to get your take on <https://dji.retroroms.info/howto/iosfrida#what_s_next>
[2017-10-14 03:34:09]
hostile :
I’m out of state in a hotel room
[2017-10-14 03:34:16]
hostile :
sleeping kid and wife.
[2017-10-14 03:34:26]
hostile :
about to sleep myself! will check it sunday
[2017-10-14 18:14:54]
hotelzululima :
where are you at??
[2017-10-14 18:43:29]
czokie :
Hi @hotelzululima
[2017-10-14 18:44:07]
czokie :
Next task - understand why SSL pinning works on MOST of the connections, but not on a couple.
[2017-10-14 18:44:17]
czokie :
and how to get that working for those connections.
[2017-10-14 18:47:47]
czokie :
To quote from the SSL pinning bypass code...
[2017-10-14 18:47:47]
czokie :
// Many apps implement the SSL pinning in interesting ways, if this hook fails, all
// is not lost yet. Sometimes, there is a method that just checks some configuration
// item somewhere, and returns a BOOL, indicating whether pinning is applicable or
// not. So, hunt that method and hook it :slightly_smiling_face:
[2017-10-14 19:04:11]
czokie :
What would be helpful to me - is a way to know what methods are getting called - so I can start to then explore what data is going in and out of those methods.... but not yet familiar with lldb
[2017-10-14 20:05:39]
czokie :
<https://github.com/gm281/lldb-trace>
[2017-10-14 20:05:45]
czokie :
This looks like it may be interesting
[2017-10-14 20:54:13]
hostile :
@hotelzululima Ann Arbor...
[2017-10-14 20:54:37]
hostile :
And as an Ohioan I have to say “is a whore” after that.
[2017-10-14 20:57:21]
czokie :
Huh?
[2017-10-14 20:58:28]
czokie :
Ah. I dont think he was literally asking where you are :slightly_smiling_face:
[2017-10-14 20:58:34]
czokie :
:slightly_smiling_face:
[2017-10-14 21:01:56]
czokie :
Process 6208 stopped
* thread #44, stop reason = breakpoint 1.1
frame #0: 0x000000019124764c Security`SSLHandshake
Security`SSLHandshake:
-> 0x19124764c <+0>: ldr x16, #0x8 ; <+8>
0x191247650 <+4>: br x16
0x191247654 <+8>: .long 0x0730c200 ; unknown opcode
0x191247658 <+12>: .long 0x00000001 ; unknown opcode
Target 0: (DJI GO 4) stopped.
(lldb) c
Process 6208 resuming
Process 6208 stopped
* thread #44, stop reason = breakpoint 1.1
frame #0: 0x000000019124764c Security`SSLHandshake
Security`SSLHandshake:
-> 0x19124764c <+0>: ldr x16, #0x8 ; <+8>
0x191247650 <+4>: br x16
0x191247654 <+8>: .long 0x0730c200 ; unknown opcode
0x191247658 <+12>: .long 0x00000001 ; unknown opcode
Target 0: (DJI GO 4) stopped.
(lldb) c
Process 6208 resuming
Process 6208 stopped
* thread #44, stop reason = breakpoint 1.1
frame #0: 0x000000019124764c Security`SSLHandshake
Security`SSLHandshake:
-> 0x19124764c <+0>: ldr x16, #0x8 ; <+8>
0x191247650 <+4>: br x16
0x191247654 <+8>: .long 0x0730c200 ; unknown opcode
0x191247658 <+12>: .long 0x00000001 ; unknown opcode
Target 0: (DJI GO 4) stopped.
(lldb) c
Process 6208 resuming
Process 6208 stopped
* thread #44, stop reason = breakpoint 1.1
frame #0: 0x000000019124764c Security`SSLHandshake
Security`SSLHandshake:
-> 0x19124764c <+0>: ldr x16, #0x8 ; <+8>
0x191247650 <+4>: br x16
0x191247654 <+8>: .long 0x0730c200 ; unknown opcode
0x191247658 <+12>: .long 0x00000001 ; unknown opcode
Target 0: (DJI GO 4) stopped.
(lldb) c
Process 6208 resuming
2017-10-15 08:01:32.495330+1100 DJI GO 4[6208:2172846] CFNetwork SSLHandshake failed (-9807)
[2017-10-14 21:02:18]
czokie :
OK - worked out how to set a breakpoint on SSLHandshake....
[2017-10-14 21:02:50]
czokie :
and above - continuing each time it is called - but dont know why its failing in the last one in the dump above
[2017-10-14 23:58:43]
hostile :
Nice work @czokie !
[2017-10-15 03:38:13]
czokie :
Something each time DJI GO starts up out of interest...
[2017-10-15 03:38:15]
czokie :
objc[6594]: Class CaptureDelegate is implemented in both /private/var/containers/Bundle/Application/<UUID>/DJI GO 4.app/Frameworks/BokehFramework.framework/BokehFramework (0xation/<UUID>/DJI GO 4.app/Frameworks/DJIPanoramaKit.framework/DJIPanoramaKit (0x10394e1a0). One of the two will be used. Which one is undefined.
objc[6594]: Class CaptureDelegate is implemented in both /private/var/containers/Bundle/Application/<UUID>/DJI GO 4.app/Frameworks/BokehFramework.framework/BokehFramework (<UUID>/DJI GO 4.app/DJI GO 4 (0x102e5e070). One of the two will be used. Which one is undefined.
objc[6594]: Class CvAbstractCamera is implemented in both /private/var/containers/Bundle/Application/<UUID>/DJI GO 4.app/Frameworks/DJIPanoramaKit.framework/DJIPanoramaKit (<UUID>/DJI GO 4.app/DJI GO 4 (0x102e5e0c0). One of the two will be used. Which one is undefined.
objc[6594]: Class CvPhotoCamera is implemented in both /private/var/containers/Bundle/Application/<UUID>/DJI GO 4.app/Frameworks/DJIPanoramaKit.framework/DJIPanoramaKit (0x10394e240) and /var/containers/Bundle/Application/<UUID>/DJI GO 4.app/DJI GO 4 (0x102e5e110). One of the two will be used. Which one is undefined.
objc[6594]: Class CvVideoCamera is implemented in both /private/var/containers/Bundle/Application/<UUID>/DJI GO 4.app/Frameworks/DJIPanoramaKit.framework/DJIPanoramaKit (<UUID>/DJI GO 4.app/DJI GO 4 (0x102e5e160). One of the two will be used. Which one is undefined.
[2017-10-15 03:38:45]
czokie :
A few classes are implemented in two places - lldb is basically saying "Hey - You've got two versions of this class name - lets toss a coin as to which one gets used"
[2017-10-15 03:40:05]
czokie :
We've been patient about DJI application instability for a while. Perhaps the "gambling" with duplicate classes might contribute to that - particularly if they behave differently....
[2017-10-15 04:07:44]
hostile :
I think it is usually the one first in path
[2017-10-15 11:49:56]
czokie :
Team - More work here today... <https://dji.retroroms.info/howto/iosfrida>
[2017-10-15 11:50:32]
czokie :
with some notes @ the bottom - just my scratchpad as I am teaching myself this shit.
[2017-10-15 11:56:34]
hostile :
@czokie it could be related to the SSL version?
[2017-10-15 11:56:36]
hostile :
<https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html>
[2017-10-15 11:56:44]
hostile :
scroll to Requirements for Connecting Using ATS
[2017-10-15 11:58:05]
hostile :
do you get the same results I do?
[2017-10-15 11:58:59]
hostile :
“An important note should be made on the
// implementation changes from iOS9 to iOS10 as detailed here[2]. This hook also tries
// to implement those for iOS10.”
[2017-10-15 11:59:03]
hostile :
you on ios10?
[2017-10-15 11:59:27]
hostile :
// [1] <https://github.com/nabla-c0d3/ssl-kill-switch2/blob/master/SSLKillSwitch/SSLKillSwitch.m>
// [2] <https://nabla-c0d3.github.io/blog/2017/02/05/ios10-ssl-kill-switch/>
// Many apps implement the SSL pinning in interesting ways, if this hook fails, all
// is not lost yet. Sometimes, there is a method that just checks some configuration
// item somewhere, and returns a BOOL, indicating whether pinning is applicable or
// not. So, hunt that method and hook it :slightly_smiling_face:
[2017-10-15 11:59:38]
hostile :
that is from your frida script…
[2017-10-15 12:00:25]
hostile :
any idea why this is commented out here?
[2017-10-15 12:00:27]
hostile :
<https://github.com/sensepost/objection/blob/master/objection/hooks/ios/pinning/disable.js#L185>
[2017-10-15 12:00:42]
hostile :
also tried filling an issue on the sensepost github?
[2017-10-15 12:00:53]
hostile :
<https://github.com/sensepost/objection/issues>
[2017-10-15 12:02:45]
czokie :
yup
[2017-10-15 12:02:56]
hostile :
’Apple has significantly changed the network stack on iOS 10:
On iOS 9, an HTTPS connection iniitiated via NSURLSession involves CFNetwork’s SocketStream, SecureTransport and libsystem_coretls.dylib.
On iOS 10, the same connection involves CFNetwork’s TCPIOConnection, libnetwork.dylib and libsystem_coretls.dylib'
[2017-10-15 12:02:59]
czokie :
ios 10
[2017-10-15 12:03:05]
czokie :
and no idea why commented out....
[2017-10-15 12:03:10]
hostile :
makes me wonder if there is something missing in the code, like that commented out stuff’
’
[2017-10-15 12:03:45]
hostile :
this is an interesting read. <https://nabla-c0d3.github.io/blog/2017/02/05/ios10-ssl-kill-switch/>
[2017-10-15 12:03:48]
czokie :
Possibly... But what I was alsk thinking about - DJI made their own classes with similar names
[2017-10-15 12:03:54]
czokie :
Yep - been reading that shit as well
[2017-10-15 12:04:17]
hostile :
have you have @jan2642 or others run the DJI Go through IDA / Hopper for you yet?
[2017-10-15 12:04:49]
czokie :
Nope... But thats another story. Getting it running with OSX / IOS would be a little different...
[2017-10-15 12:05:05]
hostile :
IDA doesn’t run on ios
[2017-10-15 12:05:14]
czokie :
No - but it can do remote debugging of IOS
[2017-10-15 12:05:16]
hostile :
they have a mac version of IDA tho… warez floating around too
[2017-10-15 12:05:24]
czokie :
But - you need to build/install
[2017-10-15 12:05:39]
czokie :
I can get it going on jailbroken I think - not sure about non jailbroken
[2017-10-15 12:05:47]
hostile :
it may be worth dumping the code for the call to the stats server
[2017-10-15 12:05:56]
czokie :
but thats on my todo list.
[2017-10-15 12:06:10]
hostile :
you can also just IDA / hopper the binary without jailbreak on a completely different machine =]
[2017-10-15 12:08:56]
czokie :
Yep - I have IDA'd it - but I want to actually interrupt the execution.... and the architecture of the chip is not the same as running it in an IOS emulator on my mac
[2017-10-15 12:10:53]
hostile :
I mean to get the pesudo code
[2017-10-15 12:10:58]
hostile :
to figure out what to basically nop out
[2017-10-15 12:11:07]
hostile :
or cause to return true
[2017-10-15 12:11:27]
czokie :
Yep
[2017-10-15 12:11:33]
czokie :
I am still getting my head around some of that too
[2017-10-15 12:11:49]
czokie :
My C days were before object oriented :slightly_smiling_face:
[2017-10-15 12:12:01]
czokie :
or just in the early days ... still taught plain old berkley c
[2017-10-15 12:14:28]
czokie :
So - some weird things I have noticed:
[2017-10-15 12:14:48]
czokie :
1. PodsDummy_AFNetworking is a class that might replciate the functionality of the base afnetworking class - but of course that is not pinned...
[2017-10-15 12:16:15]
czokie :
2. There were other similarly weird named classes - that I remember seeing before - that may be doing similar shit in parallel - but cant remember the details now
[2017-10-15 12:16:32]
czokie :
which is why I want to debug execution flow
[2017-10-15 12:18:18]
czokie :
DJILogEvent **__cdecl -[DJILogEvent init](DJILogEvent **self, SEL a2)
{
DJILogEvent *v2; // x19
void *v3; // x0
void *v4; // x0
void *v5; // x0
void *v6; // x0
void *v7; // x0
DJILogEvent *v9; // [xsp+0h] [xbp-30h]
__objc2_class *v10; // [xsp+8h] [xbp-28h]
v9 = self;
v10 = &OBJC_CLASS___DJILogEvent;
v2 = (DJILogEvent *)objc_msgSendSuper2(&v9, "init", self, &OBJC_CLASS___DJILogEvent);
if ( v2 )
{
v3 = objc_msgSend(&OBJC_CLASS___NSMutableArray, "alloc");
v4 = objc_msgSend(v3, "initWithCapacity:", 1LL);
-[DJILogEvent set_loggers:](v2, "set_loggers:", v4);
objc_release();
objc_msgSend(&OBJC_CLASS___NSNotificationCenter, "defaultCenter");
v5 = (void *)objc_retainAutoreleasedReturnValue();
objc_msgSend(
v5,
"addObserver:selector:name:object:",
v2,
"applicationWillTerminate:",
CFSTR("UIApplicationWillTerminateNotification"),
0LL);
objc_release();
-[DJILogEvent setNeedReportDeviceAndVersion:](v2, "setNeedReportDeviceAndVersion:", 0LL);
-[DJILogEvent setUrl_log_event:](
v2,
"setUrl_log_event:",
CFSTR("<https://statistical-report.djiservice.org/api/report/>"));
-[DJILogEvent setSession_init_succeed:](v2, "setSession_init_succeed:", 0LL);
v6 = objc_msgSend(&OBJC_CLASS___NSMutableDictionary, "alloc");
v7 = objc_msgSend(v6, "init");
-[DJILogEvent setTimeEventArray:](v2, "setTimeEventArray:", v7);
objc_release();
+[CommonDataConstantValue sharedInstance](&OBJC_CLASS___CommonDataConstantValue, "sharedInstance");
objc_retainAutoreleasedReturnValue();
objc_release();
}
return v2;
}
// 102781AA8: using guessed type __CFString cfstr_Uiapplicationw;
// 102781AC8: using guessed type __CFString cfstr_HttpsStatistic;
// 102D88FF0: using guessed type __objc2_ivar stru_102D88FF0;
// 102E50F18: using guessed type __objc2_class OBJC_CLASS___DJILogEvent;
// 102E50F40: using guessed type __objc2_class OBJC_CLASS___CommonDataConstantValue;
[2017-10-15 12:18:33]
czokie :
I'll be buggered if I can read that shit!
[2017-10-16 03:53:28]
czokie :
<https://github.com/sensepost/objection/releases/tag/1.1.15>
[2017-10-16 03:53:44]
czokie :
New objection code - Not sure if its in PIP yet - but encourage those digging to update once its available.
[2017-10-16 03:54:16]
czokie :
Also: **BIG NEWS**: <https://dji.retroroms.info/howto/iosfrida#our_find>
[2017-10-16 03:54:50]
czokie :
I was working with @jezzab earlier today ... and we think we know why some of the pinning disable stuff is not working.
[2017-10-16 07:29:14]
czokie :
wish me luck
[2017-10-16 07:29:24]
czokie :
trying a custom ssl pinning script
[2017-10-16 07:34:33]
czokie :
1 word. BUGGA
[2017-10-16 07:35:10]
czokie :
Still failing - but I know more now than I knew before
[2017-10-16 07:39:53]
jezzab :
Which parts are you patching?
[2017-10-16 07:40:07]
jezzab :
Are you just renaming to the DJIAFSecurity from the AFSecurity in that script?
[2017-10-16 07:40:25]
jezzab :
as in:
[2017-10-16 07:40:28]
jezzab :
```[DJIAFSecurityPolicy policyWithPinningMode:]
[AFSecurityPolicy policyWithPinningMode:]```
[2017-10-16 07:40:40]
jezzab :
Those two are the code identical ones
[2017-10-16 07:43:04]
jezzab :
Did you do it to original and the DJI one at the same time?
[2017-10-16 07:43:56]
jezzab :
```id __cdecl +[DJIAFSecurityPolicy defaultPolicy](DJIAFSecurityPolicy_meta *self, SEL a2)
{
void *v2; // x0
void *v3; // x19
v2 = objc_msgSend(self, "alloc");
v3 = objc_msgSend(v2, "init");
objc_msgSend(v3, "setSSLPinningMode:", 0LL);
return (id)objc_autoreleaseReturnValue(v3);
}```
[2017-10-16 07:44:22]
jezzab :
```oid __cdecl -[DJIAFSecurityPolicy setSSLPinningMode:](DJIAFSecurityPolicy *self, SEL a2, unsigned __int64 a3)
{
self->_SSLPinningMode = a3;
}```
[2017-10-16 07:48:41]
czokie :
```
// DJIAFNetworking START
if (ObjC.classes.AFHTTPSessionManager && ObjC.classes.DJIAFSecurityPolicy) {
send({
status: 'success',
error_reason: NaN,
type: 'ios-ssl-pinning-bypass',
data: 'Found DJIAFNetworking 3.0 library'
});
var DJIAFSecurityPolicy_policyWithPinningMode = {};
resolver.enumerateMatches('+[DJIAFSecurityPolicy policyWithPinningMode:]', {
onMatch: function (match) {
DJIAFSecurityPolicy_policyWithPinningMode.name = match.name;
DJIAFSecurityPolicy_policyWithPinningMode.address = match.address;
},
onComplete: function () { }
});
if (DJIAFSecurityPolicy_policyWithPinningMode.address) {
send({
status: 'success',
error_reason: NaN,
type: 'ios-ssl-pinning-bypass',
data: 'Found +[DJIAFSecurityPolicy policyWithPinningMode:]'
});
Interceptor.attach(DJIAFSecurityPolicy_policyWithPinningMode.address, {
onEnter: function (args) {
// typedef NS_ENUM(NSUInteger, AFSSLPinningMode) {
// AFSSLPinningModeNone,
// AFSSLPinningModePublicKey,
// AFSSLPinningModeCertificate,
// };
if (args[2] != '0x0') {
send({
status: 'success',
error_reason: NaN,
type: 'ios-ssl-pinning-bypass',
data: '[DJIAFNetworking 3.0] setting AFSSLPinningModeNone for policyWithPinningMode:'
});
args[2] = '0x0';
}
}
});
}
var DJIAFSecurityPolicy_policyWithPinningModewithPinnedCertificates = {};
resolver.enumerateMatches('+[DJIAFSecurityPolicy policyWithPinningMode:withPinnedCertificates:]', {
onMatch: function (match) {
DJIAFSecurityPolicy_policyWithPinningModewithPinnedCertificates.name = match.name;
DJIAFSecurityPolicy_policyWithPinningModewithPinnedCertificates.address = match.address;
},
onComplete: function () { }
});
if (DJIAFSecurityPolicy_policyWithPinningModewithPinnedCertificates.address) {
send({
status: 'success',
error_reason: NaN,
type: 'ios-ssl-pinning-bypass',
data: 'Found +[DJIAFSecurityPolicy policyWithPinningMode:withPinnedCertificates:]'
});
Interceptor.attach(DJIAFSecurityPolicy_policyWithPinningModewithPinnedCertificates.address, {
onEnter: function (args) {
// typedef NS_ENUM(NSUInteger, AFSSLPinningMode) {
// AFSSLPinningModeNone,
// AFSSLPinningModePublicKey,
// AFSSLPinningModeCertificate,
// };
if (args[2] != '0x0') {
send({
status: 'success',
error_reason: NaN,
type: 'ios-ssl-pinning-bypass',
data: '[DJIAFNetworking 3.0] setting AFSSLPinningModeNone for policyWithPinningMode:withPinnedCertificates:'
});
args[2] = '0x0';
}
}
});
}
}
// DJIAFNetworking END
```
[2017-10-16 07:49:25]
czokie :
I just kept the original hook
[2017-10-16 07:49:32]
czokie :
and made the new hook with the new names
[2017-10-16 07:49:41]
jezzab :
PS throw three ``` before and after the code block :wink:
[2017-10-16 07:50:41]
jezzab :
Ohh pretty :slightly_smiling_face:
[2017-10-16 07:50:44]
czokie :
Pedantic :slightly_smiling_face:
[2017-10-16 07:50:49]
jezzab :
:stuck_out_tongue:
[2017-10-16 07:50:55]
jezzab :
You know you love it
[2017-10-16 07:51:01]
czokie :
I am not a markdown dude
[2017-10-16 07:51:04]
czokie :
I am a wiki dude
[2017-10-16 07:51:08]
jezzab :
hehe
[2017-10-16 07:51:13]
czokie :
If it worked with wiky syntax - I'd be set
[2017-10-16 07:51:36]
jezzab :
Right so this script you run for the hook
[2017-10-16 07:51:45]
jezzab :
do you just run it and thats it
[2017-10-16 07:51:53]
jezzab :
or can you run one and then another ?
[2017-10-16 07:52:01]
czokie :
1. Edit existing script... add the new content
[2017-10-16 07:52:09]
czokie :
2. Load it @ objection prompt
[2017-10-16 07:52:25]
jezzab :
Ok so you run the first SSL one and then the DJI SSL one?
[2017-10-16 07:52:41]
jezzab :
Coz looking at that script it wont apply the first SSL one
[2017-10-16 07:52:45]
czokie :
I added both to one script - loading with one command
[2017-10-16 07:52:58]
czokie :
Huh?
[2017-10-16 07:53:01]
jezzab :
Just trying to feel my way around how this works so bare with me. Im a frida n00b
[2017-10-16 07:53:11]
czokie :
That makes two of us
[2017-10-16 07:53:53]
jezzab :
Where is ` resolver.enumerateMatches('+[AFSecurityPolicy policyWithPinningMode:]`
[2017-10-16 07:53:54]
jezzab :
?
[2017-10-16 07:54:00]
czokie :
```
Job: * - Starting
[*] [ios-ssl-pinning-bypass] Found DJIAFNetworking 3.0 library
[*] [ios-ssl-pinning-bypass] Found +[DJIAFSecurityPolicy policyWithPinningMode:]
[*] [ios-ssl-pinning-bypass] Found AFNetworking 3.0 library
[*] [ios-ssl-pinning-bypass] Found +[AFSecurityPolicy policyWithPinningMode:]
```
[2017-10-16 07:54:08]
jezzab :
ok
[2017-10-16 07:54:27]
jezzab :
Just couldnt see it in the code you posted up
[2017-10-16 07:54:29]
jezzab :
Cool
[2017-10-16 07:54:41]
czokie :
I only posted the new shit
[2017-10-16 07:54:55]
jezzab :
OK im with you now
[2017-10-16 07:55:10]
jezzab :
And to test its "working" you have a change in a file or something?
[2017-10-16 07:56:04]
czokie :
The logs show the hooks are loaded.
[2017-10-16 07:56:14]
czokie :
But in log files, not seeing it being called.
[2017-10-16 07:56:24]
czokie :
Ah
[2017-10-16 07:56:24]
jezzab :
ah k
[2017-10-16 07:56:27]
czokie :
yes i did
[2017-10-16 07:56:33]
jezzab :
last line shows it found it?
[2017-10-16 07:56:35]
czokie :
[ios-ssl-pinning-bypass] [DJIAFNetworking 3.0] setting AFSSLPinningModeNone for policyWithPinningMode:
[2017-10-16 07:56:42]
jezzab :
:slightly_smiling_face:
[2017-10-16 07:56:45]
jezzab :
shwoit
[2017-10-16 07:57:15]
czokie :
So we have it hooked, and the hook is being executed.
[2017-10-16 07:57:22]
czokie :
But still - CFNetwork SSLHandshake failed (-9807)
[2017-10-16 07:57:47]
jezzab :
What if we try one of the other ones above i posted
[2017-10-16 07:58:05]
czokie :
Gonna try something
[2017-10-16 07:58:09]
czokie :
breakpoint on the DJI class
[2017-10-16 07:58:15]
czokie :
see if that alligns to the errors
[2017-10-16 07:58:19]
jezzab :
hmm thought it was a bool
[2017-10-16 07:58:21]
jezzab :
ok
[2017-10-16 08:00:47]
czokie :
[*] [ios-ssl-pinning-bypass] [DJIAFNetworking 3.0] setting AFSSLPinningModeNone for policyWithPinningMode:
[2017-10-16 08:00:51]
czokie :
Thats the key I think
[2017-10-16 08:00:59]
czokie :
wrong variable name
[2017-10-16 08:07:21]
jezzab :
ahh how about this
[2017-10-16 08:07:39]
jezzab :
`connection:willSendRequestForAuthenticationChallenge`
[2017-10-16 08:07:59]
jezzab :
in the hook its
```// NSURLConnection
var search = resolver.enumerateMatchesSync('-[* connection:willSendRequestForAuthenticationChallenge:]');```
[2017-10-16 08:08:28]
jezzab :
There is the normal AF one and the DJIAF one as well
[2017-10-16 08:08:59]
jezzab :
so i think the hook tricks the auth system into seeing what it wants to see
[2017-10-16 08:09:08]
jezzab :
just trying to understand the script
[2017-10-16 08:11:12]
jezzab :
ok so they are the same function params. Need to compare the code
[2017-10-16 08:11:16]
jezzab :
```void __cdecl -[DJIAFURLConnectionOperation connection:willSendRequestForAuthenticationChallenge:](DJIAFURLConnectionOperation *self, SEL, id, id)
void __cdecl -[AFURLConnectionOperation connection:willSendRequestForAuthenticationChallenge:](AFURLConnectionOperation *self, SEL, id, id);```
[2017-10-16 08:11:56]
czokie :
Taking daughter to music
[2017-10-16 08:12:06]
jezzab :
ok
[2017-10-16 08:13:05]
jezzab :
once again those two functions are code identical :wink:
[2017-10-16 08:14:55]
jezzab :
do you ever get: `[NSURLConnection] Found '1' matches for connection:willSendRequestForAuthenticationChallenge:`? in the log
[2017-10-16 08:15:14]
czokie :
Will check that when I get home
[2017-10-16 08:15:29]
czokie :
For now sitting in the car outside waiting :)
[2017-10-16 08:15:41]
jezzab :
All good man im just blurting
[2017-10-16 08:15:58]
jezzab :
Actually
[2017-10-16 08:16:13]
jezzab :
that script searches for ALL of those references and changes them
[2017-10-16 08:16:32]
jezzab :
so it should be `[NSURLConnection] Found '2' matches for connection:willSendRequestForAuthenticationChallenge:` in this situation
[2017-10-16 08:16:56]
jezzab :
So should already be patching it so dont have to worry
[2017-10-16 08:17:39]
jezzab :
But thats just the comment. The variable looked ok
[2017-10-16 08:19:05]
jezzab :
The ` data: '[DJIAFNetworking 3.0] setting AFSSLPinningModeNone for policyWithPinningMode:'` is just text echo'd back on debug?
[2017-10-16 08:26:34]
czokie :
Yes
[2017-10-16 08:31:42]
jezzab :
ok so `URLSession:didReceiveChallenge:completionHandler` is patches as well
[2017-10-16 08:31:57]
jezzab :
there is only DJI stuff for that.
[2017-10-16 08:32:53]
jezzab :
Should show `[NSURLSession] Found ' 3' matches for URLSession:didReceiveChallenge:completionHandler:' i think being there are 3 DJI ones
[2017-10-16 08:34:04]
jezzab :
Think im understanding this more now. Frida looks pretty cool!
[2017-10-16 08:34:47]
czokie :
Way cool
[2017-10-16 08:35:02]
czokie :
After dinner, I will desktop share so u can see
[2017-10-16 08:36:30]
jezzab :
A full log of it firing up when you try and hooks would be awesome when you can. Would like to see what is actually found and called
[2017-10-16 08:36:42]
jezzab :
coz there is a few fallbacks in the script
[2017-10-16 08:42:40]
bin4ry :
I like what you do here. Sadly I dont have an iOS device to help, but my fingers itch .... :joy:
[2017-10-16 08:43:17]
jezzab :
Im trying to avoid firing up the Macbook Pro lol
[2017-10-16 08:43:25]
jezzab :
And just look at the code
[2017-10-16 08:59:26]
jezzab :
`[DJIAFSecurityPolicy initWithCoder:]` seems to be the entry point
[2017-10-16 09:03:18]
jezzab :
``` v3 = self;
v4 = (void *)objc_retain(a3);
v5 = -[DJIAFSecurityPolicy init](v3, "init");
if ( v5 )
{
v6 = objc_msgSend(&OBJC_CLASS___NSNumber, "class");
v7 = NSStringFromSelector("SSLPinningMode");
v8 = objc_retainAutoreleasedReturnValue(v7);
v9 = v8;
v10 = objc_msgSend(v4, "decodeObjectOfClass:forKey:", v6, v8);
v11 = (void *)objc_retainAutoreleasedReturnValue(v10);
v12 = v11;
v13 = objc_msgSend(v11, "unsignedIntegerValue");
-[DJIAFSecurityPolicy setSSLPinningMode:](v5, "setSSLPinningMode:", v13);
objc_release(v12);
objc_release(v9);
v14 = NSStringFromSelector("allowInvalidCertificates");
v15 = objc_retainAutoreleasedReturnValue(v14);
v16 = v15;
v17 = objc_msgSend(v4, "decodeBoolForKey:", v15);
-[DJIAFSecurityPolicy setAllowInvalidCertificates:](v5, "setAllowInvalidCertificates:", v17);
objc_release(v16);
v18 = NSStringFromSelector("validatesDomainName");
v19 = objc_retainAutoreleasedReturnValue(v18);
v20 = v19;
v21 = objc_msgSend(v4, "decodeBoolForKey:", v19);
-[DJIAFSecurityPolicy setValidatesDomainName:](v5, "setValidatesDomainName:", v21);
objc_release(v20);
v22 = objc_msgSend(&OBJC_CLASS___NSArray, "class");
v23 = NSStringFromSelector("pinnedCertificates");
v24 = objc_retainAutoreleasedReturnValue(v23);
v25 = v24;
v26 = objc_msgSend(v4, "decodeObjectOfClass:forKey:", v22, v24);
v27 = objc_retainAutoreleasedReturnValue(v26);
-[DJIAFSecurityPolicy setPinnedCertificates:](v5, "setPinnedCertificates:", v27);
objc_release(v27);
objc_release(v25);
v28 = (DJIAFSecurityPolicy *)objc_retain(v5);
}
else
{
v28 = 0LL;
}
objc_release(v4);
objc_release(v5);
return v28;
}```
[2017-10-16 09:04:26]
jezzab :
the `init` then does the `setValidatesDomainName:`
[2017-10-16 09:04:57]
jezzab :
```DJIAFSecurityPolicy **__cdecl -[DJIAFSecurityPolicy init](DJIAFSecurityPolicy **self, SEL a2)
{
void *v2; // x0
void *v3; // x19
DJIAFSecurityPolicy *v4; // x20
DJIAFSecurityPolicy *v6; // [xsp+0h] [xbp-20h]
__objc2_class *v7; // [xsp+8h] [xbp-18h]
v6 = self;
v7 = &OBJC_CLASS___DJIAFSecurityPolicy;
v2 = objc_msgSendSuper2(&v6, "init", self, &OBJC_CLASS___DJIAFSecurityPolicy);
v3 = v2;
if ( v2 )
{
objc_msgSend(v2, "setValidatesDomainName:", 1LL);
v4 = (DJIAFSecurityPolicy *)objc_retain(v3);
}
else
{
v4 = 0LL;
}
objc_release(v3);
return v4;
}```
[2017-10-16 09:05:30]
jezzab :
I assume if it returns zero then the first if statement in `[DJIAFSecurityPolicy initWithCoder:]` will jump all of the checks
[2017-10-16 09:05:45]
jezzab :
`if ( v5 )`
[2017-10-16 09:06:57]
jezzab :
and `v28 = (DJIAFSecurityPolicy *)objc_retain(v5);` would just become ` v28 = 0LL;`
[2017-10-16 09:14:39]
jezzab :
Hmm think it might break it though as its never setting the pinning mode etc. Then again the pinning mode should default to 0x00 which is None in the struct anyway lol
[2017-10-16 09:46:11]
czokie :
@bin4ry . As @hostile would say, pull up your skirt. I'd love us to be doing frida for both platforms simultaneously. The hooks can b merged into a patched app.
[2017-10-16 09:52:53]
bin4ry :
Yah no I want to hack iOS too. Not ultimately with Frida
[2017-10-16 09:54:42]
czokie :
What u have against frida?
[2017-10-16 09:57:45]
bin4ry :
Nothing in particular
[2017-10-16 10:05:31]
czokie :
So give it a go. Imagine patches that work on both platforms.
[2017-10-16 10:45:59]
czokie :
OK @jezzab - where did we get?
[2017-10-16 10:47:27]
czokie :
Still .....
[2017-10-16 10:47:30]
czokie :
SLOW!
[2017-10-16 11:13:55]
jezzab :
lol
[2017-10-16 11:21:56]
czokie :
Late here - and early meeting tomorrow am - nite all
[2017-10-16 11:31:15]
jezzab :
Night mate.
[2017-10-16 11:35:46]
jezzab :
Ahh thats VERY good log. Ill look a bit deeper in tomorrow.
[2017-10-16 14:51:21]
hostile :
damn guys. you plowed ahead quite a bit. slow and steady wins the race!
[2017-10-16 18:54:45]
czokie :
The decompiled source helped some what
[2017-10-16 18:55:55]
hostile :
=]
[2017-10-16 18:55:55]
hostile :
as expected!
[2017-10-16 18:59:05]
czokie :
I just did .12 overnight
[2017-10-16 19:35:26]
czokie :
Is it useful for anyone else to get a copy of the c reversed source for other purposes?
[2017-10-16 19:43:12]
hostile :
sure
[2017-10-16 19:43:15]
hostile :
share away!
[2017-10-16 19:43:16]
hostile :
github?
[2017-10-17 02:23:37]
jezzab :
:slightly_smiling_face:
[2017-10-17 02:23:58]
jezzab :
It didnt take much modding of the script
[2017-10-17 02:24:11]
jezzab :
And it had a chunk of unused shit at the bottom I chopped as well
[2017-10-17 02:24:17]
jezzab :
AND its a hell of a lot easier to read lol
[2017-10-17 02:24:30]
jezzab :
So, whats the next step boss?
[2017-10-17 02:25:37]
czokie :
Documenting in wiki
[2017-10-17 02:27:32]
czokie :
So - that was <http://dji.retroroms.info/howto/iosfrida#implement_enhanced_ssl_pinning_hook>
[2017-10-17 02:27:51]
czokie :
Now - next on the hit list...
[2017-10-17 02:28:20]
czokie :
In the background - we can look at traffic - and specifically find out what DJI was trying to hide from us..... but thats a trivial task.
[2017-10-17 02:28:25]
czokie :
What is more interesting
[2017-10-17 02:28:25]
czokie :
<http://dji.retroroms.info/howto/iosfrida#build_our_first_hook>
[2017-10-17 02:29:14]
czokie :
I want to work out how to build hooks for EVERYTHING that we want to change.... and because Frida is new to me - I thought - lets start with the "Have you accepted the terms and conditions" popup
[2017-10-17 02:37:12]
czokie :
So a question to @bin4ry - You're more familiar with the Android rev-eng'd source - Got any hints as to what procedure/method is called when the terms and conditions are popped up? My goal - is to find the "Have terms been accepted" fundtion, with something that always says yes.
[2017-10-17 02:42:26]
jezzab :
Just installing this toolchain (between work) hopefully can start playing soon
[2017-10-17 05:28:51]
jezzab :
Toolchain all setup :slightly_smiling_face: that was a mission lol
[2017-10-17 10:15:38]
jezzab :
Think im Frida'd out for one night but I get the gist of it and tried a couple of my own hooks. Just need to go through the function list a bit more for what you can do
[2017-10-17 10:16:02]
czokie :
You are "Fried" ??? :slightly_smiling_face:
[2017-10-17 10:16:29]
jezzab :
One thing thats niggling me though. How do we apply these untethered?
[2017-10-17 10:16:42]
jezzab :
As in after we have implemented things
[2017-10-17 10:16:51]
czokie :
Good question.
[2017-10-17 10:17:01]
jezzab :
Otherwise its pointless
[2017-10-17 10:17:02]
czokie :
There is a capability with Frida to enclose a .js file with our app
[2017-10-17 10:17:11]
czokie :
and - update the frida config file to point to it
[2017-10-17 10:17:12]
jezzab :
GREAT for RE and finding stuff but yeah
[2017-10-17 10:17:19]
jezzab :
ok
[2017-10-17 10:17:23]
czokie :
and disable the WAIT mode that is in the current config file
[2017-10-17 10:17:41]
jezzab :
Just wanted to know before I invested any more time in it if its just a debugger
[2017-10-17 10:17:44]
czokie :
End result - standalone app - that is hooked the way we want.
[2017-10-17 10:17:57]
czokie :
Actually - that might be an interesting intermediate step - to prevent us wasting our time
[2017-10-17 10:18:10]
czokie :
Take the pinning disable - package it with the app and disable wait mode
[2017-10-17 10:18:20]
jezzab :
I think that would be a very good idea
[2017-10-17 10:18:29]
czokie :
Its documented that it is meant to work
[2017-10-17 10:18:45]
czokie :
:slightly_smiling_face:
[2017-10-17 10:19:02]
czokie :
But since we can validate (using a proxy) if its working, that'd be a good test case
[2017-10-17 10:19:32]
jezzab :
I'll try it tomorrow. I cannot look at it any more lol. But I have the MBP setup with all my windows and terminals so im set to pick it up again now. And im not fucking up where Control is as much now (been a while lol)
[2017-10-17 10:20:04]
czokie :
:slightly_smiling_face:
[2017-10-17 10:20:31]
jezzab :
oh and the context for the Terms and Conditions; look at DJITermsNotificationController
[2017-10-17 10:21:49]
czokie :
Just gotta find the if statement we care about first that links to that
[2017-10-17 10:21:50]
jezzab :
I have intercepted but I need to work out how to use my own function and then pass back the bool/result I want it to see. Ie Has the T&C been accepted? Run check (insert my hook/function). Pass back yes.
[2017-10-17 10:23:03]
jezzab :
I can only intercept params sent TO a function atm and these are called and need a reply back.
[2017-10-17 10:29:08]
czokie :
So - hooking ... DJITermsNotificationController shouldShowTerms
[2017-10-17 10:29:10]
czokie :
yes?
[2017-10-17 10:29:52]
czokie :
A hook to replace that method, and just return false all the time?
[2017-10-17 10:31:29]
czokie :
This was cute too...
[2017-10-17 10:31:30]
czokie :
if ( (unsigned __int64)objc_msgSend(v4, "hasPrefix:", CFSTR("zh-"), v4) & 1 )
LOBYTE(v5) = 0;
else
v5 = (unsigned __int64)objc_msgSend(v4, "hasPrefix:", CFSTR("ru")) ^ 1;
[2017-10-17 10:31:59]
czokie :
China is exempt?
[2017-10-17 10:33:05]
czokie :
and whats the deal with russia?
[2017-10-17 10:33:24]
czokie :
if its or'd with 1 .//
[2017-10-17 10:45:29]
jezzab :
It will choose the correct language file I think
[2017-10-17 10:46:04]
jezzab :
We wanna call the one that sets the terms as accepted when the terms box is loaded
[2017-10-17 10:46:25]
jezzab :
Well there is a few ways really
[2017-10-17 10:46:53]
jezzab :
But that way will set the accepted permanently
[2017-10-17 10:47:39]
czokie :
Nope
[2017-10-17 10:47:43]
czokie :
There is one language file
[2017-10-17 10:47:46]
czokie :
its a URL
[2017-10-17 10:47:56]
czokie :
and its only in english if I remember correctly...
[2017-10-17 10:48:15]
czokie :
I could be wrong - check another day....
[2017-10-17 10:48:40]
czokie :
But again - reading that code
[2017-10-17 10:48:53]
czokie :
if its ZH ... V5 = 0 (false)
[2017-10-17 10:49:00]
czokie :
V5 is the return value from that function
[2017-10-17 10:49:06]
czokie :
and if its false, no display of terms.
[2017-10-17 10:51:19]
jezzab :
Set ya tablet to Chinese snd test it lol
[2017-10-17 10:51:36]
czokie :
Nah... but I dare you to :slightly_smiling_face:
[2017-10-17 10:52:49]
jezzab :
The language is logged with s Chinese prefix and then en_AU
[2017-10-17 10:55:06]
czokie :
It may be a combination of language and location
[2017-10-17 10:55:31]
czokie :
objc_msgSend(v2, "objectForKey:", CFSTR("AppleLanguages"));
[2017-10-17 10:56:24]
czokie :
Anyway - updated notes
[2017-10-17 10:56:25]
czokie :
<http://dji.retroroms.info/howto/iosfrida#build_our_first_hook>
[2017-10-17 11:20:48]
jezzab :
Someone had to man up and do it. Chinese (Simplified) language and Russian both bypass the T&C :wink:
[2017-10-17 11:22:17]
jezzab :
Cool, ill screw with that tomorrow
[2017-10-17 12:33:53]
bin4ry :
@czokie I am currently not with my laptop since we were in Berlin prepping our new flat. Could take a look next days when I am back home
[2017-10-17 13:56:37]
hostile :
you guys are fucking killing it now
[2017-10-17 22:55:34]
jezzab :
Amazing what you can do after some sleep :slightly_smiling_face:
[2017-10-17 22:56:10]
jezzab :
``` //Terms and Conditions Bypass - Only needs to be called once and then is set permanantly - jezzab
var hook = ObjC.classes.NSString["- hasPrefix:"];
Interceptor.attach(hook.implementation, {
onEnter: function(args) {
var r1 = new ObjC.Object(args[0]);
var r2 = ObjC.selectorAsString(args[1]);
var r3 = ObjC.Object(args[2]);
if(r1 == "en-AU")
{
args[0] = ObjC.classes.NSString.stringWithString_("ru");
var obj = ObjC.Object(args[0]);
console.log("Hook line and sinker. Terms and Conditions bypassed");
}
}
});```
[2017-10-17 22:57:31]
jezzab :
Give that a crack @czokie. Once its run you will never need to accept the T&C again as if you had accepted them in the first place
[2017-10-17 22:57:44]
jezzab :
Slowly getting the gist of how this works
[2017-10-17 22:59:34]
jezzab :
basically it looks for the call for the `ru` and then sets the response back as `ru` instead of `en-AU`. Obviously this wont work with another country code but could be fixed easy enough. Ive tested and it works.
[2017-10-17 23:00:38]
jezzab :
DJI Go then sets the "Don't show agreement again" flag
[2017-10-17 23:03:10]
jezzab :
```Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing SecTrustEvaluate
Relacing SecTrustEvaluate
Agreement loaded... [ <DJITermsNotificationController: 0x1154c6b10> shouldShowTerms ]
Hooking...
Hook line and sinker. Terms and Conditions bypassed
Hook line and sinker. Terms and Conditions bypassed
Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing SecTrustEvaluate
Relacing SecTrustEvaluate
```
[2017-10-17 23:58:01]
czokie :
Woo ho!
[2017-10-17 23:58:14]
czokie :
I have not tested yet - but looks like it hits the mark.
[2017-10-17 23:59:23]
czokie :
but
[2017-10-17 23:59:46]
czokie :
thinking out loud - that is not a generic hook - it depends on en AU
[2017-10-17 23:59:53]
jezzab :
i said that lol
[2017-10-18 00:00:05]
jezzab :
im working on the login page so ill see if i can backport it
[2017-10-18 00:00:24]
czokie :
Instead of hooking there...
[2017-10-18 00:00:32]
czokie :
can we hook to replace the bool that the function returns
[2017-10-18 00:00:40]
jezzab :
yeah but im working on that
[2017-10-18 00:01:21]
jezzab :
you basically make a function AROUND their function. Then their result is returned back into yours and then yours you mod what ever to send back to the system
[2017-10-18 00:01:33]
jezzab :
but its a bitch to find info. working on it now
[2017-10-18 00:03:39]
jezzab :
Thats first hook was more of a test case for searching for strings etc. Which im sure will come in handy :wink:
[2017-10-18 00:08:01]
jezzab :
Still getting my head around it all
[2017-10-18 00:37:49]
hostile :
Boom and the DJI Go IOS scene is officially created
[2017-10-18 00:38:04]
hostile :
Hats off fellas
[2017-10-18 00:43:48]
jezzab :
the email `[djiapp@dji.com](mailto:djiapp@dji.com)` in reference to `checkIsAdminUser` is interesting :wink:
[2017-10-18 00:58:22]
czokie :
B00m!
[2017-10-18 01:04:27]
jezzab :
Oh yeah baby :slightly_smiling_face:
[2017-10-18 01:04:49]
jezzab :
Got returning stuff working now. Its aaaaaall gonna happen now
[2017-10-18 01:05:05]
nocommie :
Good job guys!
[2017-10-18 01:07:32]
jezzab :
Need to reinstall the app and test again
[2017-10-18 01:10:03]
jezzab :
w00t
[2017-10-18 01:10:05]
jezzab :
100%
[2017-10-18 01:10:20]
jezzab :
``` //Terms and Conditions Bypass - jezzab
var hook = ObjC.classes.DJITermsNotificationController["- shouldShowTerms"];
Interceptor.attach(hook.implementation, {
onLeave: function(retval) {
console.log("Bypassing Terms and Conditions Dialog");
retval.replace(0);
}
});```
[2017-10-18 02:24:40]
jezzab :
We need to find out if frida can pull hooks from the ipa stand alone. I can't find any info on this yet with a non jailbroken device
[2017-10-18 02:25:04]
czokie :
What do you mean "pull"
[2017-10-18 02:25:11]
jezzab :
load
[2017-10-18 02:25:12]
jezzab :
pull
[2017-10-18 02:25:13]
jezzab :
run
[2017-10-18 02:25:21]
czokie :
In the frida gadget config - we can reference a locally available js file
[2017-10-18 02:25:23]
jezzab :
ie without the USB cable
[2017-10-18 02:25:27]
czokie :
yep
[2017-10-18 02:25:28]
czokie :
100%
[2017-10-18 02:25:32]
czokie :
let me find a reference
[2017-10-18 02:25:33]
jezzab :
any instructions you have?
[2017-10-18 02:25:42]
jezzab :
I wanna test this now before I do any more
[2017-10-18 02:25:57]
czokie :
I would help - but the day job workload makes it not possible today
[2017-10-18 02:26:08]
jezzab :
Thats ok. I have some time today
[2017-10-18 02:26:18]
czokie :
<https://www.frida.re/docs/gadget/>
[2017-10-18 02:26:18]
jezzab :
That translates to im ignoring the phone...
[2017-10-18 02:26:32]
czokie :
Supported interaction types - Listen, Script, ScriptDirectory
[2017-10-18 02:26:46]
czokie :
Script = fully autonomous manner
[2017-10-18 02:27:16]
czokie :
Not sure I yet understand the difference between script and script directory
[2017-10-18 02:28:02]
czokie :
Ah. Script directory I think is for jailbroken devices - for system wide tweaks in a directory - one per app - not applicable to us
[2017-10-18 02:28:45]
czokie :
{
"interaction": {
"type": "script",
"path": "/home/oleavr/explore.js"
}
}
[2017-10-18 02:29:11]
czokie :
Just need to work out the relative path..., add the file into the IPA, and give it a burl
[2017-10-18 02:48:40]
sbpoole :
A little off topic, but what was DJI using that could silently hot patch iOS devices without users awareness? Couldn’t we use the same method? Thanks for all of your hard work for us iOS users!
[2017-10-18 03:00:30]
czokie :
They removed that...
[2017-10-18 03:11:58]
hostile :
" for system wide tweaks in a directory - one per app - not applicable to us” I wonder if you can use iOS iCloud drive path
[2017-10-18 03:12:16]
hostile :
JSPatch @sbpoole
[2017-10-18 03:12:22]
czokie :
Cheeky
[2017-10-18 03:13:02]
czokie :
The path uses one filename per application. Since we only have the frida gadget hooked into this app, no other app will look for any files.
[2017-10-18 03:13:19]
czokie :
The only benefit is a different method of updating
[2017-10-18 03:13:40]
czokie :
but before we get ahead of ourself - we need to know - can we find a method of signing that will not expire in 7 days.
[2017-10-18 03:13:49]
czokie :
If the answer is no - there is no benefit to this
[2017-10-18 03:14:35]
hostile :
‘can we find a method of signing that will not expire in 7 days.’ just need a dev certificate, eh?
[2017-10-18 03:14:51]
hostile :
even having to regen ever week isn’t **awful**
[2017-10-18 03:15:01]
hostile :
it can be easily automated
[2017-10-18 03:16:15]
jezzab :
^^dev account. But problem is who ever does it for the 100 people is signing it themselves
[2017-10-18 03:16:35]
jezzab :
Or you pay the cash and get one and just do your own. But its per year
[2017-10-18 03:16:46]
czokie :
I did read some stuff about a method of people "extending" the 7 days in perpetuity without re-install.
[2017-10-18 03:17:04]
czokie :
I cant remember the details - but lets walk before we run.
[2017-10-18 03:17:23]
czokie :
Build the stand-alone patch script that will get our custom hook onto an IOS device, and working.
[2017-10-18 03:17:39]
czokie :
If that works - we have motivation to take that to the next level - how can we keep it on there longer than 7 days
[2017-10-18 03:17:40]
jezzab :
Need to test the stand alone.
[2017-10-18 03:17:43]
czokie :
yep
[2017-10-18 03:18:21]
jezzab :
I started delving into the login bypass etc but I REALLY dont wanna spend the time if this is temporary
[2017-10-18 03:18:32]
czokie :
So - lets do this
[2017-10-18 03:18:36]
czokie :
Standaone
[2017-10-18 03:18:39]
czokie :
Then 7 day
[2017-10-18 03:18:42]
czokie :
then more hooks
[2017-10-18 03:19:00]
hostile :
yeah 7 day limit would not be something that I let hold me back as it were
[2017-10-18 03:19:07]
hostile :
seems like a temporary issue
[2017-10-18 03:19:14]
czokie :
Agree
[2017-10-18 03:19:26]
czokie :
but it is something we should research before going full steam into more work
[2017-10-18 03:19:39]
czokie :
If there is a achievable fix - that will get others interested
[2017-10-18 03:19:48]
czokie :
and that will get more people exploring and hopefully coding hooks :slightly_smiling_face:
[2017-10-18 03:19:58]
hostile :
<https://github.com/Matchstic/Extender-Installer>
[2017-10-18 03:20:09]
hostile :
“Automatic re-signing of locally provisioned applications”
[2017-10-18 03:20:15]
czokie :
You have a link for every occasion.
[2017-10-18 03:20:27]
hostile :
OCD is a wonderful thing
[2017-10-18 03:20:39]
czokie :
You know Zottero?
[2017-10-18 03:20:40]
jezzab :
Its like a tie rack i bet. just spins it around lol
[2017-10-18 03:20:45]
czokie :
zotero
[2017-10-18 03:20:46]
hostile :
it can be downloaded via Cydia by adding the following repo:
<http://repo.incendo.ws>
[2017-10-18 03:21:01]
czokie :
cool tool - kind of like a private research library
[2017-10-18 03:21:09]
czokie :
when viewing a web page - tag it - later searchable
[2017-10-18 03:21:13]
czokie :
Awesome tool
[2017-10-18 03:22:09]
hostile :
interesting for sure. <https://www.zotero.org/groups/>
[2017-10-18 03:22:26]
czokie :
Came across it when at one point I was thinking of an MBA
[2017-10-18 03:22:30]
czokie :
But work got in the way
[2017-10-18 03:22:35]
czokie :
Did a semester
[2017-10-18 04:50:27]
jezzab :
been thinking about this script file
[2017-10-18 04:50:42]
jezzab :
what if we upload i with iTunes into the DJI Documents dir
[2017-10-18 04:50:50]
jezzab :
then link it with frida?
[2017-10-18 04:50:59]
jezzab :
Then we could change it at any time?
[2017-10-18 04:52:43]
jezzab :
I need to know the exact location though. So i need to know where in the file system the DJI Go 4 Documents folder is
[2017-10-18 04:54:45]
czokie :
Good question - The script will be put in the IPA the same way we create the Frida gadget config - part of the existing process... But, I think we are locked out of those directories. We are jailed to config data areas only - and wouldnt be able to see that file.
[2017-10-18 04:55:19]
jezzab :
But why not?
[2017-10-18 04:55:29]
jezzab :
the DJI App holds all its info there
[2017-10-18 04:55:32]
jezzab :
i dont mean the App dir
[2017-10-18 04:55:58]
jezzab :
I mean the DJI Documents dir. The one that holds your flight logs, where you put that DJIconfig file
[2017-10-18 04:56:01]
jezzab :
In there
[2017-10-18 04:58:49]
jezzab :
What im saying is we leave the ipa as is BUT with the FridaGadget.dynlib.Config modded so it looks for the script at a path
[2017-10-18 04:59:16]
jezzab :
```{
"interaction": {
"type": "script",
"path": "/home/oleavr/explore.js"
}
}```
[2017-10-18 04:59:56]
jezzab :
as per that but the dir is the DJI apps Documents dir
[2017-10-18 05:00:20]
jezzab :
then we just fire up iTunes and pop the `exploit.js` file in there
[2017-10-18 05:01:16]
jezzab :
I assume Frida is running with and as the same permissions as the DJI app so it should be able to access it
[2017-10-18 05:05:08]
jezzab :
Shit
[2017-10-18 05:05:20]
jezzab :
the UUID would change
[2017-10-18 05:05:26]
jezzab :
`/var/mobile/Applications/F71BA910-A1F0-4B39-85CB-775806ACFF62/Documents/`
[2017-10-18 05:05:34]
jezzab :
When you updated the app
[2017-10-18 05:33:59]
jezzab :
veeeeeeery interesting
[2017-10-18 05:34:38]
jezzab :
ok so i put my .js file in the frameworks dir. then repackaged it all up again and change the .config file so that it wasnt listen anymore and script. I set the script with no path but just the file name
[2017-10-18 05:35:10]
czokie :
And?
[2017-10-18 05:35:19]
czokie :
*czokie is waiting with baited breath*
[2017-10-18 05:35:23]
jezzab :
I cannot run the app with the springboard like before BUT
[2017-10-18 05:35:24]
jezzab :
BUT
[2017-10-18 05:35:37]
jezzab :
if i just use the deploy with NO objection.....
[2017-10-18 05:35:38]
jezzab :
BOOM
[2017-10-18 05:35:49]
jezzab :
runs and bypassed the T&C straight up :wink:
[2017-10-18 05:35:52]
jezzab :
AND
[2017-10-18 05:36:00]
czokie :
OK. Cool.
[2017-10-18 05:36:05]
czokie :
What I was possibly expecting.
[2017-10-18 05:36:12]
jezzab :
lldb shows the Frida console comments :slightly_smiling_face:
[2017-10-18 05:36:19]
czokie :
Was not sure - but expected it may be the case
[2017-10-18 05:36:38]
czokie :
So - out of interest - I had been speaking to the objection people....
[2017-10-18 05:36:43]
jezzab :
Dunno why it wont launch from the springboard though
[2017-10-18 05:36:54]
czokie :
First of all - out of interest - they will do a fix with the new pinning stuff in it.
[2017-10-18 05:37:04]
czokie :
For your test - did you merge the pinning and terms bypass to one file?
[2017-10-18 05:37:10]
jezzab :
yes
[2017-10-18 05:37:17]
czokie :
Just curious - and you have a proxy you can test with?
[2017-10-18 05:37:23]
jezzab :
not really
[2017-10-18 05:37:40]
czokie :
Charles proxy is available for eval - strongly suggest a play.
[2017-10-18 05:38:32]
czokie :
30 days - you will see lots of stuff in there.
[2017-10-18 05:39:50]
czokie :
But - the interesting point - no objection stuff - now just native fridagadget
[2017-10-18 05:40:10]
czokie :
speaking of which - objection is just a frida front end and a bunch of packed frida scripts
[2017-10-18 05:40:21]
czokie :
just makes it easy to play
[2017-10-18 05:40:36]
jezzab :
yup
[2017-10-18 05:40:55]
czokie :
So - the next task
[2017-10-18 05:41:04]
czokie :
For your current app - find out why it crashes from springboard.
[2017-10-18 05:41:24]
czokie :
There are debug logs you can get at either via xcode - or in profiles under general on the phone
[2017-10-18 05:41:35]
czokie :
That will tell you why it bombed out.
[2017-10-18 05:42:11]
czokie :
I have a feeling - its signing. My testing - I was getting signing errors - Something wrong in the build process I think
[2017-10-18 05:44:52]
jezzab :
No General/Profiles on this iPad2 mini :confused: iOS 11
[2017-10-18 05:46:37]
jezzab :
maybe thats the problem
[2017-10-18 05:46:42]
czokie :
My bad
[2017-10-18 05:46:43]
czokie :
Tired
[2017-10-18 05:47:07]
czokie :
Privacy -> Analytics -> Analytics Data
[2017-10-18 05:47:15]
czokie :
Its a whole heap of shit - including app crash logs.
[2017-10-18 05:47:38]
czokie :
Look for recent stuff from DJI GO 4
[2017-10-18 05:48:34]
czokie :
Select all - cut and paste - email it to yourself - Find out why it crashed :slightly_smiling_face:
[2017-10-18 05:49:55]
jezzab :
EXC_BAD_ACCESS (SIGKILL - CODESIGNING)
[2017-10-18 05:51:34]
jezzab :
FridaGadget.dynlib crashed
[2017-10-18 05:52:16]
czokie :
Bingo
[2017-10-18 05:52:55]
jezzab :
And the fix is? lol
[2017-10-18 05:53:03]
czokie :
You want magic?
[2017-10-18 05:53:09]
jezzab :
Please :slightly_smiling_face:
[2017-10-18 05:53:29]
czokie :
Google knows all
[2017-10-18 05:53:34]
jezzab :
Unless you wanna bring your MacBook with you before you fly :stuck_out_tongue:
[2017-10-18 05:53:40]
jezzab :
Then problem solved lol
[2017-10-18 05:55:57]
jezzab :
<https://github.com/sensepost/objection/wiki/Running-Patched-iOS-Applications>
[2017-10-18 05:56:37]
jezzab :
"Running patched applications on iOS devices require us to side load and run them using external tools."
[2017-10-18 05:57:40]
czokie :
So - Time to challenge that thinking.
[2017-10-18 05:57:50]
czokie :
Time to talk to the frida people....
[2017-10-18 05:57:54]
czokie :
and ask them about why that is so.
[2017-10-18 05:58:12]
czokie :
If the app is properly signed during push - there should be no reason to need to start it via a debugserver.
[2017-10-18 05:58:49]
czokie :
We just need to know how the frida gadget to stop spewing stuff at the debug interface
[2017-10-18 05:59:46]
czokie :
Ah.
[2017-10-18 05:59:57]
czokie :
Looking at this <https://github.com/sensepost/objection/wiki/Patching-iOS-Application-Sources>
[2017-10-18 06:00:12]
czokie :
Is it possible that the current default codesigning stuff we have is not signing the gadget
[2017-10-18 06:00:20]
czokie :
but because its in debug mode - it ignores that?
[2017-10-18 06:00:41]
czokie :
If we sign it - perhaps that will fix the error, which of course is a code-signing error
[2017-10-18 06:01:59]
czokie :
Hmm - reading the other page - patching an ipa
[2017-10-18 06:02:06]
czokie :
Creating Frameworks directory for FridaGadget...
Codesigning 1 .dylib's with signature 0C2E8200D4XXXX
Code signing: FridaGadget.dylib
[2017-10-18 06:02:06]
czokie :
when objection patches - it outputs stuff like
[2017-10-18 06:02:25]
czokie :
if its doing what it tells us - it should work - but .....
[2017-10-18 06:09:50]
jezzab :
think i know the problem
[2017-10-18 06:09:51]
jezzab :
testing now
[2017-10-18 06:12:40]
jezzab :
Nope
[2017-10-18 06:17:07]
czokie :
<http://www.vantagepoint.sg/blog/85-patching-and-re-signing-ios-apps>
[2017-10-18 06:17:23]
czokie :
but still using ios-deploy
[2017-10-18 06:17:29]
czokie :
but a different method of signing etc
[2017-10-18 06:25:00]
czokie :
let me see if I can get the frida guy on irc
[2017-10-18 08:07:03]
czokie :
Talking in IRC on their channel.
[2017-10-18 08:07:07]
czokie :
Will see what we get back
[2017-10-18 08:47:20]
jezzab :
ok
[2017-10-18 08:48:54]
jezzab :
Looks like ill have some time now. This ECMs toast. That will teach the workshop for trying to flash a car with <12v
[2017-10-18 08:54:29]
jezzab :
Im just gonna test that the Test app will run stand alone
[2017-10-18 09:51:46]
jezzab :
Dunno what the go is. Tried to sign it by hand and still no good
[2017-10-18 09:55:04]
jezzab :
And the Test app runs stand alone fine
[2017-10-18 10:16:33]
czokie :
<https://github.com/steakknife/unsign>
[2017-10-18 10:16:58]
czokie :
We are decrypted - but is our native app code stripped of existing signatures in the existing app? If not, that might be our problem...
[2017-10-18 10:23:41]
jezzab :
Try it
[2017-10-18 10:24:04]
czokie :
I am getting ready for a couple of days in hospital.... so just now chilling out
[2017-10-18 10:24:29]
czokie :
The question is - do we strip from the dylib, the ios app, or both?
[2017-10-18 10:25:11]
jezzab :
I know know why nothing has been mentioned about it though?
[2017-10-18 10:25:37]
czokie :
Its not a widely discussed topic
[2017-10-18 10:26:34]
jezzab :
When I tried by hand it said it was overwriting the old signing
[2017-10-18 10:26:44]
czokie :
Reading some documents
[2017-10-18 10:26:47]
czokie :
Currently reading <https://www.blackhat.com/docs/us-15/materials/us-15-Diquet-TrustKit-Code-Injection-On-iOS-8-For-The-Greater-Good.pdf>
[2017-10-18 10:27:00]
jezzab :
Yeah read that one
[2017-10-18 10:27:10]
czokie :
Anything good?
[2017-10-18 10:27:15]
jezzab :
He’s th one that makes the software
[2017-10-18 10:27:22]
jezzab :
Right at the bottom
[2017-10-18 10:27:44]
czokie :
yep
[2017-10-18 10:27:53]
jezzab :
We use for ssl pinning
[2017-10-18 10:27:53]
czokie :
Interesting point - I might see if he still works there.
[2017-10-18 10:31:43]
czokie :
Whats his name?
[2017-10-18 10:31:52]
czokie :
Do we know?
[2017-10-18 10:32:11]
czokie :
Alban Diquet?
[2017-10-18 10:32:45]
czokie :
nope - angela chow
[2017-10-18 10:32:49]
czokie :
might try and find her...
[2017-10-18 10:33:01]
czokie :
Bzzt
[2017-10-18 10:56:50]
czokie :
This looks cool...
[2017-10-18 10:56:50]
czokie :
<https://github.com/chaitin/passionfruit>
[2017-10-18 10:56:58]
czokie :
Unrelated to the problem - but cool for exploring
[2017-10-18 11:03:01]
czokie :
Also useful
[2017-10-18 11:03:02]
czokie :
<https://codeshare.frida.re/@mrmacete/objc-method-observer/>
[2017-10-18 11:09:01]
jezzab :
Passion fruit looks cool
[2017-10-18 12:17:11]
czokie :
Talking to author of Frida.
[2017-10-18 12:17:35]
czokie :
He is talking about using swizzling instead of interceptor hooks
[2017-10-18 12:17:53]
czokie :
claims that if we do that - we can load frida gadget without the crash
[2017-10-18 12:18:20]
czokie :
Referred us to <https://www.frida.re/docs/javascript-api/#objc>
[2017-10-18 12:27:33]
czokie :
And wait for it
[2017-10-18 12:27:38]
czokie :
<https://gist.github.com/oleavr/777d7d88727ae0d99cfd2932f03517a1>
[2017-10-18 12:28:25]
czokie :
```
var DJITermsNotificationController = ObjC.classes.DJITermsNotificationController;
var shouldShowTerms = DJITermsNotificationController.shouldShowTerms;
shouldShowTerms.implementation = ObjC.implement(shouldShowTerms, function (handle, selector) {
return false;
});
```
[2017-10-18 12:28:41]
czokie :
Code straight from the author of Frida
[2017-10-18 12:31:22]
czokie :
And - an alternate version
[2017-10-18 12:31:33]
czokie :
```
var DJITermsNotificationController = ObjC.classes.DJITermsNotificationController;
var shouldShowTerms = DJITermsNotificationController.shouldShowTerms;
var shouldShowTermsImpl = shouldShowTerms.implementation;
shouldShowTerms.implementation = ObjC.implement(shouldShowTerms, function (handle, selector) {
var originalResult = shouldShowTermsImpl(handle, selector);
console.log('Original says:', originalResult, 'we say: false');
return false;
});
```
[2017-10-18 12:31:39]
czokie :
showing the original value...
[2017-10-18 12:31:41]
czokie :
:slightly_smiling_face:
[2017-10-18 12:45:46]
czokie :
Also talking to author of objection
[2017-10-18 12:46:09]
czokie :
He tried our instructions - but using Burp instead of Charles - and he had different results
[2017-10-18 12:59:08]
jezzab :
Awesome. I’ll give This a crack tomorrow
[2017-10-18 13:09:05]
jezzab :
Re: previous convo
[2017-10-18 13:09:37]
jezzab :
In IDA you are going to the asm view and selecting Xref To and From right?
[2017-10-18 13:09:48]
jezzab :
For the function your interested in?
[2017-10-18 13:44:02]
jan2642 :
You could highlight it and press ‘x’
[2017-10-18 13:44:43]
jezzab :
Haven’t tried x before. What’s that one @jan2642 ?
[2017-10-18 13:45:02]
jan2642 :
Show the Xrefs of the highlighted thing
[2017-10-18 13:45:38]
jezzab :
So the same as right click xrefs to and from but both ways?
[2017-10-18 13:46:06]
jan2642 :
I’m not sure about the ‘both ways’
[2017-10-18 13:46:36]
jezzab :
I’ll give it a crack tomorrow. Always keen for new short cuts. Thanks
[2017-10-18 13:47:28]
jezzab :
Find with the DJI app the best I get is two functions back and hit the main function or what ever
[2017-10-18 13:47:48]
jezzab :
Annoying
[2017-10-18 18:42:09]
czokie :
Note: @jezzab - Frida (today) will not launch from springboard even if we use this new hook - The author of Frida however has agreed to do a mod to the gadget - which:
[2017-10-18 18:42:42]
czokie :
if ((device is IOS) && (device is jailbroken) && (not launched via debug)) {
[2017-10-18 18:42:54]
czokie :
Bypass stuff that will break springboard launch;
[2017-10-18 18:43:12]
czokie :
also - disable methods that will not work if not launched via debug;
[2017-10-18 18:43:13]
czokie :
}
[2017-10-18 19:03:23]
haloweenhamster :
Sounds like a helpful chap
[2017-10-18 19:11:02]
czokie :
Really helpful... Author of Objection also helpful... He's been doing some work to find out why his original sslpinning disable scripts didnt work for us... He was unable to replicate.... but he is using burp - not charles
[2017-10-18 21:09:57]
jezzab :
I’ll have to check how to do the swizzling the other way. Modding the data sent to the original function. 5e equivalent of the onEnter I’ve been using.
[2017-10-18 22:05:37]
jezzab :
Awesome they are involved. Based on this we should continue :slightly_smiling_face:
[2017-10-18 22:13:00]
jezzab :
It shows the Xref to ungraphed. Cool
[2017-10-19 01:40:29]
czokie :
Woken up from general anaesthetic. Love the sleep
[2017-10-19 01:41:41]
czokie :
Agree. Should continue. Our next goal will be the link from hostile. On 7 day bypass
[2017-10-19 01:44:31]
czokie :
Oh yeah. I forgot. The Frida author liked the idea of a js file in document storage. He will also make some changes to allow this
[2017-10-19 02:47:28]
jezzab :
Awesome!
[2017-10-19 02:47:45]
jezzab :
That will make adding script so easy
[2017-10-19 02:47:49]
czokie :
Ya know one thing that'd be better...
[2017-10-19 02:48:12]
czokie :
Imagine if DJI added the frida gadget dylib and made it available via testflite (how ironic the name)....
[2017-10-19 02:48:22]
jezzab :
Lol
[2017-10-19 02:48:30]
czokie :
to those people that are legit tinkerers
[2017-10-19 02:48:59]
czokie :
@hostile and @bin4ry - i think that is a reasonable request for "VIP's"?
[2017-10-19 02:49:08]
czokie :
:slightly_smiling_face:
[2017-10-19 02:49:57]
czokie :
Its not like we are asking for anything we dont have already - other than convenience
[2017-10-19 04:13:28]
jezzab :
Lets see what happens if im an admin user....
[2017-10-19 04:13:59]
czokie :
W00T!
[2017-10-19 04:14:46]
jezzab :
Ok its checked when I go into the flight records
[2017-10-19 04:14:53]
jezzab :
ill take a before and after shot
[2017-10-19 04:18:33]
czokie :
Interesting...
[2017-10-19 04:18:49]
hostile :
oh shit
[2017-10-19 04:18:51]
jezzab :
According to the profile pic you smile if your an Admin lol
[2017-10-19 04:18:53]
hostile :
wtf does that do?
[2017-10-19 04:19:02]
hostile :
what happens in the search bar?
[2017-10-19 04:19:08]
jezzab :
About to test it
[2017-10-19 04:20:45]
jezzab :
Both GetData and goggle display the Sync your flight records dialog
[2017-10-19 04:20:59]
hostile :
example?
[2017-10-19 04:21:15]
hostile :
and what happens when you do?
[2017-10-19 04:21:19]
hostile :
or are you avoiding a sync?
[2017-10-19 04:21:36]
czokie :
and - I wonder if there is a cool konami code? :slightly_smiling_face:
[2017-10-19 04:22:02]
jezzab :
I have never synced a flight log but I have none on this iPad anyway
[2017-10-19 04:22:27]
jezzab :
ok so
[2017-10-19 04:22:32]
jezzab :
goggle syncs ok
[2017-10-19 04:22:40]
jezzab :
but GetData fails to sync
[2017-10-19 04:22:43]
jezzab :
so its trying something else
[2017-10-19 04:23:11]
hostile :
you all are killing it now
[2017-10-19 04:23:13]
jezzab :
GetData when the text field is blank does nothing
[2017-10-19 04:23:18]
hostile :
making this app your bitch
[2017-10-19 04:23:20]
czokie :
wonder if the search field allows you to specify userid for someone else?
[2017-10-19 04:23:25]
jezzab :
Workin on it :wink:
[2017-10-19 04:23:38]
jezzab :
ive got one in mind....
[2017-10-19 04:23:40]
hostile :
you should hunt for the backdoor dialog for the CC / power settings
[2017-10-19 04:23:43]
hostile :
=]
[2017-10-19 04:24:03]
hostile :
login bypass if you haven’t already
[2017-10-19 04:24:09]
jezzab :
ive found all of the functions for the fcc etc
[2017-10-19 04:24:28]
jezzab :
and one for PowerBoostLevel
[2017-10-19 04:24:32]
czokie :
yep - fcc on other aircraft = high demand
[2017-10-19 04:24:45]
jezzab :
which i think chooses the level (not the normal boost, thats there as well)
[2017-10-19 04:24:53]
czokie :
as per recent chat in other channel = currently only working for mavic
[2017-10-19 04:25:05]
jezzab :
Really.
[2017-10-19 04:25:13]
czokie :
yep
[2017-10-19 04:25:14]
jezzab :
the DJI.configs?
[2017-10-19 04:25:20]
jezzab :
on all versions of the app?
[2017-10-19 04:25:25]
czokie :
yep - djiconfigs gets parsed ok
[2017-10-19 04:25:30]
czokie :
but only executes fcc for mavic
[2017-10-19 04:25:36]
jezzab :
riiiight
[2017-10-19 04:25:45]
jezzab :
hmm thats explains a LOT with my P4
[2017-10-19 04:25:56]
jezzab :
When i was using iPad
[2017-10-19 04:26:04]
hostile :
<https://www.youtube.com/watch?v=r2pt2-F2j2g>
[2017-10-19 04:26:07]
jezzab :
I just figured it didnt work
[2017-10-19 04:26:27]
jezzab :
[djiapp.dji.com](http://djiapp.dji.com) <-GetData | failed lol
[2017-10-19 04:26:29]
jezzab :
oh well
[2017-10-19 04:26:39]
czokie :
specifically
[2017-10-19 04:26:40]
czokie :
if ( +[DJIProductManager currentProductCode](&OBJC_CLASS___DJIProductManager, "currentProductCode") == (void *)13
|| +[DJIProductManager currentProductCode](&OBJC_CLASS___DJIProductManager, "currentProductCode") == (void *)21 )
[2017-10-19 04:26:53]
czokie :
Product code 13 = mavic pro ... and I am guessing 21 = mavic platinum
[2017-10-19 04:26:57]
jezzab :
tryed with my email and no go
[2017-10-19 04:27:29]
hostile :
not sure if this is of use to you guys… but it was last thing I typed in ~frida <https://codeshare.frida.re/browse>
[2017-10-19 04:27:30]
hostile :
btw…
[2017-10-19 04:27:41]
hostile :
you realize you now also posess the technique to modify Assistant.app too
[2017-10-19 04:27:47]
hostile :
Friday works on OSX also…
[2017-10-19 04:27:52]
hostile :
that is why I started on it originally
[2017-10-19 04:28:04]
hostile :
if you scroll in ~frida at my early failures
[2017-10-19 04:28:05]
jezzab :
Ah yes
[2017-10-19 04:28:32]
czokie :
There is a catch with some of those...
[2017-10-19 04:28:35]
hostile :
<https://dji-rev.slack.com/archives/C6AUDEBND/p1500577406998518>
[2017-10-19 04:28:39]
hostile :
anyway
[2017-10-19 04:28:44]
czokie :
We want shit that will work untethered
[2017-10-19 04:28:46]
hostile :
just a friendly reminder, and congrats!
[2017-10-19 04:28:49]
hostile :
you fuckers are rocking it
[2017-10-19 04:29:05]
hostile :
does frida-trace work?
[2017-10-19 04:29:14]
hostile :
cuz that shit is sick AF
[2017-10-19 04:29:29]
czokie :
I tried it before
[2017-10-19 04:29:32]
czokie :
Bzzt
[2017-10-19 04:29:32]
jezzab :
There is more but I have to see where else its called
[2017-10-19 04:29:54]
czokie :
but - might be good to re-try now that we've got other shit looking better
[2017-10-19 04:29:56]
hostile :
lol damn…. you all have come a long way since I did this shit. <https://dji-rev.slack.com/archives/C6AUDEBND/p1500569166201231>
[2017-10-19 04:30:16]
hostile :
heh also now that you have the damn devs on tap for you
[2017-10-19 04:30:17]
hostile :
=]
[2017-10-19 04:30:31]
czokie :
For reversing - its OK - but our longer term shit - we want swizzling :slightly_smiling_face:
[2017-10-19 04:30:48]
hostile :
yeah we used to method swizzle back in the day
[2017-10-19 04:30:57]
czokie :
but still - didnt work with frida-trace when I first tried it
[2017-10-19 04:30:59]
hostile :
I made on of the first mac viruses using a similar technique
[2017-10-19 04:31:18]
jezzab :
Unless yesterday I thought swizzling was just a name I called a move in bed with my ex :confused:
[2017-10-19 04:31:19]
czokie :
Arent mac's virus proof? :slightly_smiling_face:
[2017-10-19 04:31:24]
hostile :
<https://www.f-secure.com/v-descs/inqtana_a.shtml>
[2017-10-19 04:31:30]
hostile :
shit bro that is why I did MOAB lol
[2017-10-19 04:31:42]
hostile :
<http://projects.info-pull.com/moab/>
[2017-10-19 04:31:55]
hostile :
<https://arstechnica.com/gadgets/2007/02/6850/>
[2017-10-19 04:32:31]
hostile :
god a decade ago
[2017-10-19 04:32:37]
hostile :
*says get off my lawn*
[2017-10-19 04:32:51]
czokie :
I still remember writing a virus back when I had pimples - for a Sega SC-3000
[2017-10-19 04:33:11]
czokie :
Only ever gave it to a friend... - never let it out
[2017-10-19 04:33:12]
hostile :
ya old bastard
[2017-10-19 04:33:38]
hostile :
I think we all counted grey hairs and @hotelzululima was amongst the oldest
[2017-10-19 04:33:48]
czokie :
Had some code that read a floppy disk and executed some code on disk insertion.
[2017-10-19 04:34:03]
czokie :
to allow funky stuff .... but made it TOTALLY easy for virii
[2017-10-19 04:34:16]
czokie :
Boot sector stuff - but dont need to boot it to execute
[2017-10-19 04:34:45]
jezzab :
Just seeing if any other options in the main part open up isAdmin
[2017-10-19 04:34:56]
czokie :
And - funny other bit...
[2017-10-19 04:35:00]
czokie :
3 inch disk ...
[2017-10-19 04:35:03]
czokie :
Ever seen them?
[2017-10-19 04:35:14]
czokie :
not 3.5
[2017-10-19 04:35:15]
jezzab :
The function isnt being called though, only in your account stuff
[2017-10-19 04:35:19]
czokie :
just 3 inch
[2017-10-19 04:35:25]
jezzab :
which makes sense coz its that context
[2017-10-19 04:35:47]
hostile :
I’ve seen the big ass 8 inchers
[2017-10-19 04:36:05]
jezzab :
might test this one `DJIFlightRecordReaderBinary checkIsAdminUser`
[2017-10-19 04:36:14]
czokie :
Yeah - I had them too in a "System One" computer, which ran my BBS for many years - together with a 10 meg HDD
[2017-10-19 04:36:34]
czokie :
that might link to the search
[2017-10-19 04:36:46]
jezzab :
yeah
[2017-10-19 04:36:47]
czokie :
read flight records - allow it to accept other userid's
[2017-10-19 04:37:04]
jezzab :
actually
[2017-10-19 04:37:10]
jezzab :
that CALLS the other check function
[2017-10-19 04:38:43]
jezzab :
`[DJIFlightRecordReaderBinary checkIsAdminUser] -> [DJIGoFlightRecordHelper getAccountManagerCheckIsAdminUser] -> [DJIAccountManager checkIsAdminUser]`
[2017-10-19 04:39:38]
czokie :
ok
[2017-10-19 04:39:46]
jezzab :
ohh ohhh
[2017-10-19 04:40:01]
jezzab :
My spidey senses are tingling
[2017-10-19 04:40:12]
czokie :
My brain is not up to reading code today....
[2017-10-19 04:41:36]
czokie :
My spidey sense is tingling too - for another funny reason. You know how we have been playing with the TOS thing - I have a daily script that looks for changes and sends me a diff.
[2017-10-19 04:41:39]
jezzab :
I might need to make a flight record on the bench
[2017-10-19 04:41:49]
czokie :
Wasnt anything interesting.... but....
[2017-10-19 04:41:56]
jezzab :
Just changed lol?
[2017-10-19 04:42:16]
czokie :
Just tag's .... but still got me going before I read the content
[2017-10-19 04:43:43]
czokie :
yes - your picture would get a spidey sense tingling....
[2017-10-19 04:45:05]
jezzab :
Do you have to take off to get a flight record on the app?
[2017-10-19 04:45:48]
czokie :
Just try a take-off with no prop's. That'll do it :slightly_smiling_face:
[2017-10-19 04:46:35]
jezzab :
BRB in 10. Just gotta do a quick post office drop off and then im done for the day and I'l l dig my heels in
[2017-10-19 04:58:58]
jezzab :
shit
[2017-10-19 04:59:24]
jezzab :
cant do a flight log as if you pull out the USB the app quits
[2017-10-19 04:59:26]
jezzab :
dammit
[2017-10-19 04:59:48]
czokie :
Do a debugger launch without debug mode
[2017-10-19 04:59:55]
czokie :
that will let u disconnect USB
[2017-10-19 05:00:30]
czokie :
<http://dji.retroroms.info/howto/iosfrida#just_launch_with_no_debugger_active>
[2017-10-19 05:00:34]
czokie :
```ios-deploy --bundle ~/Documents/Payload/*.app -m -L```
[2017-10-19 05:01:54]
czokie :
The catch is - your frida hook must be swizzle only - but even then - it MAY need the extra stuff in the gadget to be fixed first - not sure
[2017-10-19 05:02:03]
czokie :
you using intercept?
[2017-10-19 05:05:25]
jezzab :
ok got a log. lets see
[2017-10-19 05:05:31]
jezzab :
atm yes
[2017-10-19 05:05:38]
jezzab :
easily changed later
[2017-10-19 05:06:17]
jezzab :
whoa
[2017-10-19 05:06:47]
jezzab :
Extra box
[2017-10-19 05:06:51]
jezzab :
shows ALL the info
[2017-10-19 05:07:03]
hostile :
screenie?
[2017-10-19 05:07:07]
czokie :
Screenshot?
[2017-10-19 05:07:19]
jezzab :
hard to read it. shotting now
[2017-10-19 05:07:27]
czokie :
Chenglish? :slightly_smiling_face:
[2017-10-19 05:07:32]
jezzab :
three pages of it
[2017-10-19 05:07:41]
hostile :
I can get it translated tomorrow
[2017-10-19 05:07:49]
jezzab :
4 pages sorry
[2017-10-19 05:07:53]
hostile :
lawl
[2017-10-19 05:07:53]
czokie :
I can get it today perhaps
[2017-10-19 05:08:14]
jezzab :
i will just view it on the screen and the phone with GoogleTranslate. I have it on Chinese by default now days lmao
[2017-10-19 05:10:01]
jezzab :
I wanna checkout the `specialCount: 1`
[2017-10-19 05:10:23]
hostile :
that should be damn satisfying bro!
[2017-10-19 05:10:27]
hostile :
good fucking job fellas
[2017-10-19 05:10:57]
jezzab :
It says:
[2017-10-19 05:11:20]
jezzab :
specialValue: 1 (greater than 25 to determine the aircraft broken, rc not broken)
[2017-10-19 05:11:25]
jezzab :
:wink:
[2017-10-19 05:13:47]
hostile :
you guys clearly have the keys to the city now
[2017-10-19 05:13:58]
jezzab :
Looks like it! w00t
[2017-10-19 05:14:02]
hostile :
just a mater of time and practice
[2017-10-19 05:14:18]
jezzab :
Yeah. Gonna take a while to go through it all
[2017-10-19 05:15:48]
jezzab :
It funny coz ive just had this vision of the iOS DJI guys taking the piss out of the DJI Android dev team coz @bin4ry hacked it all up. Now I think there will be a bit of silence and sweating in the DJI iOS Dev dept :wink:
[2017-10-19 05:20:24]
jezzab :
LOL its not encrypt its encypt
[2017-10-19 05:20:34]
jezzab :
been DJI'ed
[2017-10-19 05:23:55]
czokie :
Ouch - Was getting itchy - Just realised they forgot to take off the heart monitor sticky tabs. Good bye chest hair
[2017-10-19 05:24:25]
jezzab :
LOL ouch
[2017-10-19 05:24:38]
jezzab :
Hmm I wanna know what DJPlacemark is
[2017-10-19 05:25:48]
jezzab :
it sets alllll your details :confused:
[2017-10-19 05:26:20]
jezzab :
Country, City, POI, Name, Locality
[2017-10-19 05:30:16]
czokie :
Just a guess - home point set?
[2017-10-19 05:31:25]
jezzab :
Maybe
[2017-10-19 05:31:29]
jezzab :
Or a pin
[2017-10-19 05:31:56]
czokie :
pin for circle flight mode for example
[2017-10-19 05:32:21]
czokie :
and - hypothetically - a moving pin for track of your subject...
[2017-10-19 05:32:57]
czokie :
I said I was not going to read source today, but you got me interested
[2017-10-19 05:33:00]
czokie :
bugger you
[2017-10-19 05:35:08]
czokie :
So - from mkmapitem...
[2017-10-19 05:36:26]
bin4ry :
Good thing this is, what you guys find is ofc very similar to what I found in android. But you guys can see real function names, no obfuscation. So this is gold also for me, finally I know their spelling errors, lol. No serious this makes it easier for me too in the long run as the logic is the same
[2017-10-19 05:36:55]
czokie :
There are some annoying names ... Not all get decompiled
[2017-10-19 05:37:05]
czokie :
unfortunately
[2017-10-19 05:37:26]
czokie :
@bin4ry - you want our repo for .c source? Or did I already add u
[2017-10-19 05:37:42]
bin4ry :
I did not get an email
[2017-10-19 05:37:47]
bin4ry :
Would like to see yes.
[2017-10-19 05:38:14]
jezzab :
Much easier to just do the source on the fly in IDA
[2017-10-19 05:38:22]
jezzab :
You can see the xrefs then too
[2017-10-19 05:39:32]
jezzab :
Oh and @czokie Remember the source code on the wiki for the ce/fcc stuff from the Russian site. Its from the iOS app lol
[2017-10-19 05:39:48]
jezzab :
even the decompiled variables match
[2017-10-19 05:40:00]
czokie :
yep
[2017-10-19 05:40:08]
czokie :
Recognised that immediately
[2017-10-19 05:40:31]
jezzab :
thats what I wanted to check out: `[DJIOsdController setSdrPowerBoostLogic:]`
[2017-10-19 05:40:49]
jezzab :
and its not the force_boost.
[2017-10-19 05:41:48]
jezzab :
ahh yes
[2017-10-19 05:41:55]
jezzab :
what you quoted earlier
[2017-10-19 05:42:10]
jezzab :
`if ( (unsigned int)objc_msgSend(v3, "sdr_force_fcc") )`
[2017-10-19 05:42:16]
czokie :
sent u invite - assuming github username = bin4ry
[2017-10-19 05:42:52]
bin4ry :
@czokie got it thanks :grinning:
[2017-10-19 05:45:04]
czokie :
FYI - Nothing in master branch - pick an ios app version ... Only 4.1.12 there now - will add others later
[2017-10-19 05:46:23]
bin4ry :
I saw :wink:
[2017-10-19 05:46:40]
czokie :
I only just updated readme to make it clear :slightly_smiling_face:
[2017-10-19 05:47:03]
bin4ry :
Once the move here is done I think I will start with Frida on android too. But first I need to finish a secret patch I am working on :wink:
[2017-10-19 05:47:20]
czokie :
:smile:
[2017-10-19 05:47:52]
czokie :
That will be a future task - instrument frida hooks for each one of your tweaks
[2017-10-19 05:48:01]
czokie :
At the moment - its just exploring
[2017-10-19 05:48:32]
czokie :
Also - I have to work out NIB files one day.... how we can reverse them - and rebuild them - thus we could potentially build our own new UI screen(s) that allow toggling of stuff we want to toggle.
[2017-10-19 05:48:38]
czokie :
But that is WAY ahead of us now
[2017-10-19 05:48:48]
czokie :
BUT:
[2017-10-19 05:49:18]
bin4ry :
I first have to wrap my head around this, need to patch the final version too to be useable for everyone
[2017-10-19 05:50:00]
czokie :
We SHOULD think about this in the context of hook architecture - Creating a single "on load" hook that defines our own data structures which get read by hooks some how - and create some NIB files for IOS (and you do whatever you need to do for Android).... to create UI to manipulate our custom settings.
[2017-10-19 05:50:55]
bin4ry :
Yah but you need root for that
[2017-10-19 05:51:10]
bin4ry :
I would love to have a diff file to patch the APK / IPA
[2017-10-19 05:51:16]
bin4ry :
:wink:
[2017-10-19 05:51:31]
czokie :
Thats the beauty of frida - dont need to patch.
[2017-10-19 05:51:44]
czokie :
Frida = hook that replaces existing function calls...
[2017-10-19 05:51:55]
czokie :
and the gadget does the magic
[2017-10-19 05:52:18]
bin4ry :
Yes, but it is not useable for an enduser
[2017-10-19 05:52:23]
bin4ry :
Since it needs root access
[2017-10-19 05:52:42]
czokie :
No root access needed on IOS - why would it be needed for Android?
[2017-10-19 05:53:30]
czokie :
I have not researched - but I just assumed there would be the same level of functionality available in a similar manner
[2017-10-19 05:53:50]
bin4ry :
That's what the docu said
[2017-10-19 05:54:23]
bin4ry :
<https://www.frida.re/docs/android/>
[2017-10-19 05:56:15]
bin4ry :
Different security architecture on android and iOS. So I assumed you had to use a jailbroken device as I only looked on the android tut :joy:
[2017-10-19 05:56:30]
czokie :
Nah man.
[2017-10-19 05:56:36]
czokie :
We're running a clean phone
[2017-10-19 05:56:44]
czokie :
But
[2017-10-19 05:56:53]
czokie :
Thats assuming installing frida server
[2017-10-19 05:57:05]
czokie :
we dont need that ... i assume there is a frida gadget available for android
[2017-10-19 05:57:07]
czokie :
let me look
[2017-10-19 05:57:29]
czokie :
<https://koz.io/using-frida-on-android-without-root/>
[2017-10-19 05:58:10]
czokie :
Now you see why I was excited and wanted you to play along
[2017-10-19 05:58:30]
czokie :
One set of js hooks for both platforms = a winning proposition
[2017-10-19 05:59:35]
bin4ry :
I see :grinning:
[2017-10-19 05:59:37]
czokie :
And even better - you dont have to re patch for a new APK version. Just re-instrument the new APK with a gadget, merge the .js file, add a config file - and roll it out
[2017-10-19 05:59:45]
czokie :
And even better still
[2017-10-19 05:59:53]
bin4ry :
Will read that
[2017-10-19 06:00:17]
czokie :
I am working with @oleavr on the concept of a capability to modify the .js file in user space via itunes - so user can install a newer/later .js file without re-rolling app if required
[2017-10-19 06:00:18]
bin4ry :
Saturday I am moving to Berlin. When done I will have some time again :blush:
[2017-10-19 06:00:34]
bin4ry :
Bookmarked your link
[2017-10-19 06:02:58]
jezzab :
Does the DJISDRBoostLogic only apply to to the .DJI.Config file?
[2017-10-19 06:03:26]
jezzab :
Must be or fcc mode would never be called even if you were in US on a P4 for example
[2017-10-19 06:03:51]
bin4ry :
Look for the check I patch at android
[2017-10-19 06:04:44]
bin4ry :
But boost is the additional power right ? Not fcc
[2017-10-19 06:04:58]
jezzab :
Going to be a bit more interesting with Frida. You are basically making a wrapper around the function you like and you can mod the input to it or the output from it when you hook it
[2017-10-19 06:05:48]
jezzab :
thats the thing
[2017-10-19 06:06:04]
jezzab :
this is the function that applies all the modes
[2017-10-19 06:06:18]
bin4ry :
I see
[2017-10-19 06:06:44]
jezzab :
Ill find the DJI.Config parsing function again
[2017-10-19 06:07:26]
bin4ry :
One sex
[2017-10-19 06:07:27]
bin4ry :
Sec
[2017-10-19 06:07:27]
jezzab :
its the canUserIllegalChannels one
[2017-10-19 06:08:55]
jezzab :
this passed a bool so it RIPE for the picking:
`[DJIAppSettings setCanUseIllegalChannels:]`
[2017-10-19 06:09:10]
jezzab :
```void __cdecl -[DJIAppSettings setCanUseIllegalChannels:](DJIAppSettings *self, SEL a2, bool a3)
{
self->_canUseIllegalChannels = a3;
}```
[2017-10-19 06:09:34]
jezzab :
ill hack a test hook and see if the function is called at all
[2017-10-19 06:10:03]
bin4ry :
firing up the android app, i would like to see if you can find smth similar in android
[2017-10-19 06:10:07]
bin4ry :
will pm you soon
[2017-10-19 06:10:10]
jezzab :
k
[2017-10-19 06:10:13]
jezzab :
thx
[2017-10-19 06:11:16]
jezzab :
actually no thats no good as it will be called if its true the check
[2017-10-19 06:13:28]
czokie :
Why is that bad?
[2017-10-19 06:13:45]
czokie :
This is an on-off switch that makes those channels available....
[2017-10-19 06:13:52]
czokie :
so we want that function to return true
[2017-10-19 06:14:58]
czokie :
If that is implemented - it is the same as the equivalent config file....
[2017-10-19 06:15:55]
jezzab :
Nah that function is the one to set it but we cant call it. We need to trick the function that DOES call it
[2017-10-19 06:16:15]
jezzab :
God i WISH we could just directly call functions.
[2017-10-19 06:16:27]
czokie :
Doh - you're right - wait a sec
[2017-10-19 06:17:01]
jezzab :
[DJIAppSettings loadDJICfg]
[2017-10-19 06:17:13]
jezzab :
that is the function that does all the work
[2017-10-19 06:17:25]
czokie :
bool __cdecl -[DJIAppSettings canUseIllegalChannels](DJIAppSettings *self, SEL a2)
{
return self->_canUseIllegalChannels;
}
[2017-10-19 06:17:31]
czokie :
Hook that :slightly_smiling_face:
[2017-10-19 06:29:45]
jezzab :
Hm
[2017-10-19 06:30:04]
jezzab :
I have no way of knowing it was called when I have the RC plugged in lol
[2017-10-19 06:30:35]
jezzab :
Its in there and it should log but I cant log lol
[2017-10-19 06:30:41]
jezzab :
grrr this is frustrating
[2017-10-19 06:39:35]
czokie :
Ah.
[2017-10-19 06:39:38]
czokie :
There is a fix for that.
[2017-10-19 06:39:49]
czokie :
I found something we can inject that will display a popup dialog box from within java
[2017-10-19 06:39:53]
czokie :
Let me go find it
[2017-10-19 06:40:07]
jezzab :
I saw something about a popup box too
[2017-10-19 06:40:17]
jezzab :
I need beer.
[2017-10-19 06:41:09]
bin4ry :
keep going :wink: we all watch ya
[2017-10-19 06:41:09]
bin4ry :
:smile:
[2017-10-19 06:41:16]
jezzab :
lol
[2017-10-19 06:42:31]
jezzab :
the canUseIllegalChannels hook wont work
[2017-10-19 06:42:40]
jezzab :
its called in the bool one I posted above
[2017-10-19 06:43:05]
jezzab :
so you call the function with setCanUserIllChanells(true)
[2017-10-19 06:43:16]
czokie :
Forget the set ...
[2017-10-19 06:43:23]
czokie :
Let me explain
[2017-10-19 06:43:29]
czokie :
Config parse will read config file
[2017-10-19 06:43:32]
czokie :
it will call set
[2017-10-19 06:43:35]
jezzab :
Please do
[2017-10-19 06:43:43]
czokie :
set will update data struct
[2017-10-19 06:43:45]
jezzab :
IF its correct
[2017-10-19 06:43:53]
czokie :
we ignore that
[2017-10-19 06:43:59]
czokie :
let it store what it wants
[2017-10-19 06:44:18]
czokie :
but - when other code READS the data - if we always return TRUE on read - it should be BOOM
[2017-10-19 06:44:46]
czokie :
So the code I posted - is called in the other method that actually does the SDR stuff
[2017-10-19 06:45:08]
czokie :
if our swizzle function returns true.... turn it on!
[2017-10-19 06:45:18]
czokie :
(ie turn it on to RC / AC)
[2017-10-19 06:45:35]
jezzab :
Hold up
[2017-10-19 06:45:46]
jezzab :
cant I run objection with IP address?
[2017-10-19 06:46:01]
czokie :
You can - but not when you have the local hook
[2017-10-19 06:46:14]
czokie :
You have to go back to the previous config file
[2017-10-19 06:46:21]
jezzab :
fucked in the arse with the swizzle stick again
[2017-10-19 06:46:23]
czokie :
which might be better / faster for debugging / creating
[2017-10-19 06:46:27]
jezzab :
Know where they get the name now
[2017-10-19 06:46:56]
jezzab :
im not running it on the device
[2017-10-19 06:47:01]
jezzab :
ive gone back to the other way
[2017-10-19 06:47:14]
czokie :
ok
[2017-10-19 06:47:20]
jezzab :
it would take me ages to make a single change and then resign and package and upload otherwise
[2017-10-19 06:47:28]
czokie :
true
[2017-10-19 06:48:28]
czokie :
Back to my point
[2017-10-19 06:48:29]
czokie :
v11 = (unsigned __int64)objc_msgSend(v10, "canUseIllegalChannels");
[2017-10-19 06:48:46]
jezzab :
Ive made the hook
[2017-10-19 06:48:49]
czokie :
This is where it sends a message to the rc / bird IF can use illegal channels is true
[2017-10-19 06:48:55]
jezzab :
we can test the theory the moment I can log
[2017-10-19 06:49:13]
jezzab :
cannot connect to frida-server
[2017-10-19 06:49:14]
czokie :
and here for non mavic
[2017-10-19 06:49:15]
jezzab :
hmmm
[2017-10-19 06:49:15]
czokie :
v25 = (unsigned __int64)objc_msgSend(v24, "canUseIllegalChannels");
[2017-10-19 06:50:15]
czokie :
1. Ping
[2017-10-19 06:50:19]
czokie :
2. Telnet to frida port
[2017-10-19 06:50:37]
czokie :
Does your frida config have 0.0.0.0 set?
[2017-10-19 06:50:44]
jezzab :
yeah
[2017-10-19 06:50:55]
jezzab :
it does
[2017-10-19 06:51:27]
czokie :
When u start lldb - does it report 0.0.0.0 correctly?
[2017-10-19 06:51:45]
czokie :
in the debug?
[2017-10-19 06:53:39]
jezzab :
woohoo
[2017-10-19 06:53:48]
jezzab :
DJI go app was pissed off
[2017-10-19 06:54:50]
jezzab :
hmm hasnt tripped it yet
[2017-10-19 06:54:54]
jezzab :
might have to connect the AC
[2017-10-19 06:56:10]
jezzab :
nope, not called :confused:
[2017-10-19 06:56:42]
czokie :
For sake of argument - did u get debug message for the existing hook? Was it activated too?
[2017-10-19 06:57:01]
jezzab :
Yeah the T&C one
[2017-10-19 06:57:05]
czokie :
yep
[2017-10-19 06:57:29]
jezzab :
```Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
Bypassing Terms and Conditions Dialog...
Relacing SecTrustEvaluate
Relacing SecTrustEvaluate
Relacing SecTrustEvaluate
Relacing SecTrustEvaluate
Relacing SecTrustEvaluate
Relacing SecTrustEvaluate
Relacing SecTrustEvaluate
Relacing SecTrustEvaluate
Relacing SecTrustEvaluate
Relacing SecTrustEvaluate
Relacing SecTrustEvaluate
Relacing SecTrustEvaluate
Relacing SecTrustEvaluate
Relacing SSLCreateContext
Relacing SSLSetSessionOption```
[2017-10-19 06:57:36]
czokie :
And how are you loading that from Objection? Merging into one of their methods - or have you worked out the dir structure thing we talked about?
[2017-10-19 06:57:52]
jezzab :
just using the disable.js
[2017-10-19 06:58:00]
czokie :
OK.
[2017-10-19 06:58:11]
czokie :
And you're calling disable.js on the objection command line?
[2017-10-19 06:58:18]
jezzab :
take onto the end
[2017-10-19 06:58:26]
czokie :
OK
[2017-10-19 06:58:30]
czokie :
Send .js
[2017-10-19 06:58:33]
jezzab :
yes because its the ios pinning disable
[2017-10-19 06:58:48]
jezzab :
the whole thing?
[2017-10-19 06:58:55]
czokie :
just the non ssl shit
[2017-10-19 06:59:44]
jezzab :
``` //Terms and Conditions Bypass - jezzab
var hook = ObjC.classes.DJITermsNotificationController["- shouldShowTerms"];
Interceptor.attach(hook.implementation, {
onLeave: function(retval) {
console.log("Bypassing Terms and Conditions Dialog...");
retval.replace(0);
}
});
var hook = ObjC.classes.DJIAppSettings["- canUseIllegalChannels"];
Interceptor.attach(hook.implementation, {
onEnter: function(args) {
console.log("canUseIllegalChannels Called...");
//args[2] = 0;
}
});
//checkIsAdminUser
var hook = ObjC.classes.DJIAccountManager["- checkIsAdminUser"];
Interceptor.attach(hook.implementation, {
onLeave: function(retval) {
console.log("Setting Admin User...");
retval.replace(1);
}
});
```
[2017-10-19 07:03:53]
czokie :
Only obvious difference is onenter versus onleave....
[2017-10-19 07:04:10]
czokie :
can I suggest tho - why not swizzle - its a simple bool - it should be quick to try
[2017-10-19 07:04:25]
czokie :
and helps us validate that method too
[2017-10-19 07:05:36]
jezzab :
All the others load
[2017-10-19 07:05:47]
jezzab :
the function was parsed of objection would fail on error
[2017-10-19 07:05:50]
jezzab :
its not called
[2017-10-19 07:06:10]
jezzab :
every single other function I have tested that is called works
[2017-10-19 07:06:36]
czokie :
But will never work long term - due to the codesigning
[2017-10-19 07:06:54]
czokie :
so rather than investing time in something we need to kill - lets get fluent with what we can keep
[2017-10-19 07:07:18]
czokie :
I said I would not read code today - i changed my mind.... I said I would not run DJI go 4 - I just connected iphone. :slightly_smiling_face:
[2017-10-19 07:14:00]
czokie :
OK. The code he provided needs to be wrapped in something at a guess....
[2017-10-19 07:14:15]
czokie :
?
[2017-10-19 07:21:09]
czokie :
Nope
[2017-10-19 07:52:41]
czokie :
OK. I will go on a mission to look at this overnight
[2017-10-19 07:52:48]
czokie :
Need some rest now tho.
[2017-10-19 08:49:55]
jezzab :
I reckon hacking iOS apps is like trying to rebuild a car engine thru the exhaust pipe
[2017-10-19 08:50:09]
czokie :
Had some rest.
[2017-10-19 08:50:20]
czokie :
Talking to oleavr
[2017-10-19 08:51:22]
jezzab :
..or building a boat in a bottle
[2017-10-19 08:51:25]
jezzab :
Ok cool
[2017-10-19 09:01:04]
czokie :
OK.
[2017-10-19 09:01:21]
czokie :
So - we have the original hook working now as a swizzle - had you done this before first?
[2017-10-19 09:01:23]
czokie :
Just checking
[2017-10-19 09:02:11]
czokie :
Coz there was a prob in his code.... now fixed
[2017-10-19 09:02:15]
czokie :
(he said untested!)
[2017-10-19 09:03:08]
jezzab :
Never tried it
[2017-10-19 09:04:14]
czokie :
OK.
[2017-10-19 09:04:21]
bin4ry :
@jezzab found the CC function we think :wink:
[2017-10-19 09:04:39]
czokie :
for which one?
[2017-10-19 09:04:55]
jezzab :
Its the best place to hook for FCC
[2017-10-19 09:05:01]
jezzab :
fake US
[2017-10-19 09:05:38]
czokie :
Understood - But thats for FCC only - if we want to make available boost - thats another ball game later.
[2017-10-19 09:05:40]
jezzab :
except its a lot more work then the 'droid one coz you cant just nop them lol
[2017-10-19 09:05:52]
jezzab :
correct
[2017-10-19 09:06:12]
czokie :
So - let me try my original plan. I'd like to do it that way if I can....
[2017-10-19 09:06:44]
czokie :
let me first get my head around the swizzle way of doing things
[2017-10-19 09:07:08]
czokie :
I think this is working now - about to erase / redeploy / confirm
[2017-10-19 09:08:12]
jezzab :
need to find out how to see the data passed to the function
[2017-10-19 09:08:22]
jezzab :
an example
[2017-10-19 09:08:32]
czokie :
Ack
[2017-10-19 09:08:37]
czokie :
Damm - dinner is ready
[2017-10-19 09:08:42]
czokie :
wife is "bellowing"
[2017-10-19 09:09:16]
jezzab :
I need that before i change over. I would rather spend time later porting then stop when im close already to the stuff im finding
[2017-10-19 09:38:30]
czokie :
Got it @jezzab - just trying to save some rework.
[2017-10-19 09:38:45]
czokie :
So - firstly - 1. Confirmed the existing swizzle works for bypass terms
[2017-10-19 09:39:39]
czokie :
com.dji.go on (iPhone: 10.3.2) [net] # Original says: 1 we say: false
[2017-10-19 09:40:01]
czokie :
2. Working on parameters next...
[2017-10-19 10:07:02]
czokie :
I have some notes from olevar that I have added into wiki on this topic.
[2017-10-19 10:07:12]
czokie :
on how to access parameters - but needs more thinking first.
[2017-10-19 10:07:25]
czokie :
but before we do that - I'd like to instrument this as a swizzle..
[2017-10-19 10:07:30]
czokie :
```
bool __cdecl -[DJIAppSettings sdr_force_fcc](DJIAppSettings *self, SEL a2)
{
return self->_sdr_force_fcc;
}
```
[2017-10-19 10:07:53]
czokie :
Thats my personal goal to return TRUE to that - and I think I can do that. Back in a bit
[2017-10-19 10:08:26]
jezzab :
```DJI Country Code Manager called: countryCodeValue
Keys: (
"CountryCodePriority<1>",
"CountryCodePriority<2>",
"CountryCodePriority<3>",
"CountryCodePriority<0>"
)
Values: (
AU,
"",
"",
""
)
```
[2017-10-19 10:09:44]
czokie :
Yeah. I've seen it - that will not make a difference if I can do this - and it should be simpler. Your code talks about the conditions required to set a variable, which is later accessed by a method. I am talking about replacing that method, that is later used by the logic in the SDR calls.
[2017-10-19 10:11:12]
jezzab :
so you have set a simple hook to print "Hello World" when that function is called and it does?
[2017-10-19 10:11:22]
czokie :
Yes
[2017-10-19 10:11:24]
czokie :
and it worked
[2017-10-19 10:11:24]
jezzab :
`[DJIAppSettings sdr_force_fcc]`
[2017-10-19 10:11:28]
czokie :
wait
[2017-10-19 10:15:56]
jezzab :
Your right, its called when you press Enter
[2017-10-19 10:18:08]
jezzab :
I returned false but how do you know it worked lol
[2017-10-19 10:18:53]
czokie :
```
var DJIAppSettings = ObjC.classes.DJIAppSettings;
var sdr_force_fcc = DJIAppSettings['- sdr_force_fcc'];
var sdr_force_fccImpl = sdr_force_fcc.implementation;
sdr_force_fcc.implementation = ObjC.implement(sdr_force_fcc, function (handle, selector) {
var originalResult = sdr_force_fccImpl(handle, selector);
console.log('DJIAppSettings:sdr_force_fcc Original says:', originalResult, 'we say: false');
return false;
});
```
[2017-10-19 10:18:56]
czokie :
Can you try that.
[2017-10-19 10:19:02]
czokie :
I dont have an RC or bird here to test with
[2017-10-19 10:19:17]
czokie :
(Wife in bed - and already hassling me for coding)
[2017-10-19 10:20:12]
jezzab :
once sec
[2017-10-19 10:20:19]
czokie :
or better still
[2017-10-19 10:20:22]
czokie :
let me give you one more
[2017-10-19 10:20:57]
czokie :
```
var DJITermsNotificationController = ObjC.classes.DJITermsNotificationController;
var shouldShowTerms = DJITermsNotificationController['- shouldShowTerms'];
var shouldShowTermsImpl = shouldShowTerms.implementation;
shouldShowTerms.implementation = ObjC.implement(shouldShowTerms, function (handle, selector) {
var originalResult = shouldShowTermsImpl(handle, selector);
console.log('Original says:', originalResult, 'we say: false');
return false;
});
var DJIAppSettings = ObjC.classes.DJIAppSettings;
var sdr_force_fcc = DJIAppSettings['- sdr_force_fcc'];
var sdr_force_fccImpl = sdr_force_fcc.implementation;
sdr_force_fcc.implementation = ObjC.implement(sdr_force_fcc, function (handle, selector) {
var originalResult = sdr_force_fccImpl(handle, selector);
console.log('DJIAppSettings:sdr_force_fcc Original says:', originalResult, 'we say: false');
return false;
});
```
[2017-10-19 10:21:19]
czokie :
That is the working terms and conditions hook swizzled - Put that in as well to see the log message - just so you know where it appears.
[2017-10-19 10:21:40]
czokie :
And the good news
[2017-10-19 10:21:46]
czokie :
we can view that debug - via objection
[2017-10-19 10:22:00]
czokie :
we can launch without debug mode in ios-deploy
[2017-10-19 10:22:03]
czokie :
then disconnect usb
[2017-10-19 10:22:08]
czokie :
and then connect objection via network
[2017-10-19 10:22:12]
czokie :
and see the debug - to confirm
[2017-10-19 10:22:49]
czokie :
And: Another one we can do - is the 40 channel hack
[2017-10-19 10:22:57]
bin4ry :
I don't know
[2017-10-19 10:23:04]
czokie :
because - for that one - we see the channels in the gui for a P4P
[2017-10-19 10:23:10]
bin4ry :
This settings should reset oncd the bird is connected
[2017-10-19 10:23:21]
bin4ry :
When I added this force SDR FCC I. Android
[2017-10-19 10:23:22]
czokie :
But one more thing - I just realised - if you are NOT testing with a mavic - it will NOT set FCC
[2017-10-19 10:23:33]
bin4ry :
I added it to terms and conditions
[2017-10-19 10:23:42]
bin4ry :
And it got resetted once the bird connect
[2017-10-19 10:23:50]
bin4ry :
Maybe it's different on ios
[2017-10-19 10:23:59]
czokie :
Reason - the code that pushes shit to bird wont push it to bird unless its mavic
[2017-10-19 10:24:06]
bin4ry :
That's why ive done it the other way
[2017-10-19 10:24:17]
czokie :
@jezzab - you will never solve for FCC for phantom - just yet
[2017-10-19 10:24:32]
czokie :
we will look at that next - but if you are testing phantom - lets try the illegal channels next
[2017-10-19 10:26:10]
jezzab :
Ill try your code in a minute. I had already coded it up but I had it as false and it should be true
[2017-10-19 10:26:25]
jezzab :
```Relacing AFSecurityPolicy setSSLPinningMode = 0 was 0x0
<----------------Called! ----------------->
Value returned was: 0x0
Setting to true
Relacing SSLCreateContext```
[2017-10-19 10:26:37]
czokie :
Are you testing with mavic or with phantom?
[2017-10-19 10:26:47]
jezzab :
mavic
[2017-10-19 10:26:53]
czokie :
OK - Good
[2017-10-19 10:27:15]
jezzab :
but you still don't truely know if its working lol
[2017-10-19 10:27:41]
bin4ry :
I am interested if this works differently than on android
[2017-10-19 10:27:51]
jezzab :
I need a way to test it
[2017-10-19 10:27:53]
czokie :
Thats why I am doing illegal channels. Coz I have a P4P - the code currently wont check for fcc on a p4p
[2017-10-19 10:28:06]
czokie :
and - with my p4p - the gui changes with 32ch hack
[2017-10-19 10:28:07]
czokie :
so
[2017-10-19 10:28:11]
czokie :
delete .dji configs file
[2017-10-19 10:28:15]
czokie :
implement hack
[2017-10-19 10:28:19]
czokie :
watch debug
[2017-10-19 10:28:23]
czokie :
view gui
[2017-10-19 10:28:48]
bin4ry :
Doesn't it have an connect listener which fires once the aircraft is connected?
[2017-10-19 10:29:03]
czokie :
Nope
[2017-10-19 10:29:11]
czokie :
can connect frida to ac via tcp
[2017-10-19 10:29:23]
czokie :
only need usb for debug
[2017-10-19 10:29:25]
bin4ry :
But you get the go fly ?
[2017-10-19 10:29:35]
czokie :
one way to try
[2017-10-19 10:29:36]
bin4ry :
From dead to active
[2017-10-19 10:30:00]
bin4ry :
Because THAT is the moment the parameters are set
[2017-10-19 10:30:10]
bin4ry :
Last time I looked
[2017-10-19 10:30:13]
bin4ry :
:joy:
[2017-10-19 10:30:13]
czokie :
```
var DJITermsNotificationController = ObjC.classes.DJITermsNotificationController;
var shouldShowTerms = DJITermsNotificationController['- shouldShowTerms'];
var shouldShowTermsImpl = shouldShowTerms.implementation;
shouldShowTerms.implementation = ObjC.implement(shouldShowTerms, function (handle, selector) {
var originalResult = shouldShowTermsImpl(handle, selector);
console.log('Original says:', originalResult, 'we say: false');
return false;
});
var DJIAppSettings = ObjC.classes.DJIAppSettings;
var sdr_force_fcc = DJIAppSettings['- sdr_force_fcc'];
var sdr_force_fccImpl = sdr_force_fcc.implementation;
sdr_force_fcc.implementation = ObjC.implement(sdr_force_fcc, function (handle, selector) {
var originalResult = sdr_force_fccImpl(handle, selector);
console.log('DJIAppSettings:sdr_force_fcc Original says:', originalResult, 'we say: false');
return true;
});
var DJIAppSettings = ObjC.classes.DJIAppSettings;
var canUseIllegalChannels = DJIAppSettings['- canUseIllegalChannels'];
var canUseIllegalChannelsImpl = canUseIllegalChannels.implementation;
canUseIllegalChannels.implementation = ObjC.implement(canUseIllegalChannels, function (handle, selector) {
var originalResult = canUseIllegalChannelsImpl(handle, selector);
console.log('DJIAppSettings:canUseIllegalChannels Original says:', originalResult, 'we say: false');
return true;
});
```
[2017-10-19 10:30:30]
czokie :
That is my current 3 hooks - had a mistake before - was meant to return true in #2 and #3 :slightly_smiling_face:
[2017-10-19 10:30:35]
bin4ry :
Ok
[2017-10-19 10:30:41]
bin4ry :
Hope it works
[2017-10-19 10:31:04]
jezzab :
I seriously don't know how to test it
[2017-10-19 10:31:12]
jezzab :
I can't use debug
[2017-10-19 10:31:17]
czokie :
Frida debug?
[2017-10-19 10:31:19]
czokie :
Really?
[2017-10-19 10:31:21]
jezzab :
I have to run it stand alone for the usb
[2017-10-19 10:31:25]
czokie :
not lldb debug
[2017-10-19 10:31:41]
jezzab :
objection is running and loggins my console stuff
[2017-10-19 10:31:50]
jezzab :
over tcp
[2017-10-19 10:32:33]
czokie :
OK - launched objection
[2017-10-19 10:32:36]
czokie :
disconnecting usb
[2017-10-19 10:32:44]
czokie :
still running
[2017-10-19 10:32:49]
jezzab :
Yes
[2017-10-19 10:32:50]
czokie :
getting rc
[2017-10-19 10:33:03]
jezzab :
and it shows the SSL stuff and my hook comments
[2017-10-19 10:33:37]
jezzab :
just coz i set the variable to true doesn't mean it will stick later based on bin4rys comments
[2017-10-19 10:33:45]
jezzab :
so i need a way to check this :confused:
[2017-10-19 10:34:06]
jezzab :
lldb would be good. atlas give an idea
[2017-10-19 10:34:23]
jezzab :
but from memory it didn't show that country being set
[2017-10-19 10:34:25]
czokie :
we can check debug in frida
[2017-10-19 10:34:52]
czokie :
DJIAppSettings:canUseIllegalChannels Original says: 0 we say: false
[2017-10-19 10:35:03]
czokie :
So - its calling it
[2017-10-19 10:35:04]
jezzab :
just gonna check with lldb if there is any comments
[2017-10-19 10:35:07]
jezzab :
cool
[2017-10-19 10:35:19]
czokie :
now the question - what is in the gui - I dont have AC powered up - so not sure if I can see
[2017-10-19 10:35:20]
jezzab :
didn't do it here for some reason
[2017-10-19 10:35:44]
jezzab :
wait, don't you want that to be true?
[2017-10-19 10:35:46]
jezzab :
not false
[2017-10-19 10:35:58]
czokie :
Yeah
[2017-10-19 10:36:01]
czokie :
Just saw that :slightly_smiling_face:
[2017-10-19 10:36:04]
czokie :
Let me look
[2017-10-19 10:36:25]
czokie :
Ah.
[2017-10-19 10:36:30]
czokie :
Thats just my debug line
[2017-10-19 10:36:34]
czokie :
The actual return value is true
[2017-10-19 10:36:46]
jezzab :
let me try the Illegal channels here again
[2017-10-19 10:37:37]
czokie :
Restarting the app
[2017-10-19 10:37:44]
czokie :
with fixed debug :slightly_smiling_face:
[2017-10-19 10:38:27]
jezzab :
doesn't call it still
[2017-10-19 10:38:30]
jezzab :
interesting
[2017-10-19 10:38:39]
jezzab :
got an idea
[2017-10-19 10:39:05]
jezzab :
nope still won't call it hmm
[2017-10-19 10:39:16]
czokie :
Thats weird.
[2017-10-19 10:39:20]
czokie :
I didnt get the debug this time
[2017-10-19 10:39:23]
czokie :
DUH
[2017-10-19 10:39:26]
czokie :
Not connected RC yet
[2017-10-19 10:39:50]
czokie :
As soon as I connected RC
[2017-10-19 10:39:51]
czokie :
DJIAppSettings:canUseIllegalChannels Original says: 0 we say: true
[2017-10-19 10:39:53]
czokie :
BOOM
[2017-10-19 10:39:54]
jezzab :
I don't know why yours is calling it and mine isnt
[2017-10-19 10:40:34]
czokie :
But - the part I dont like - I think the call to where it builds the GUI is done earlier....
[2017-10-19 10:40:42]
czokie :
maybe?
[2017-10-19 10:40:55]
czokie :
coz gui is still showing small channels - unless I need bird turned on to validate.
[2017-10-19 10:41:01]
czokie :
And wife in bed = not good idea.
[2017-10-19 10:42:07]
czokie :
What I am trying to do - is confirm / validate that swizzling works for IOS - it MUST work for us - otherwise, we cannot ever deploy anything that will be available to users, without doing ios-deploy boot up.
[2017-10-19 10:42:13]
czokie :
Thats why this is important to me
[2017-10-19 10:42:27]
jezzab :
I'm trying your canuseillegal now
[2017-10-19 10:42:31]
jezzab :
first go crashed
[2017-10-19 10:42:34]
jezzab :
checking again
[2017-10-19 10:43:06]
czokie :
just to be clear
[2017-10-19 10:43:12]
czokie :
springboard launch wont work TODAY....
[2017-10-19 10:43:23]
czokie :
Author of Frida needs to do a tweak
[2017-10-19 10:43:38]
jezzab :
still not called
[2017-10-19 10:43:38]
czokie :
so that if not jailbroken and not in debug mode, he will disable the shit that is causing crash.
[2017-10-19 10:43:44]
czokie :
For now:
[2017-10-19 10:43:51]
jezzab :
got me fucked
[2017-10-19 10:43:55]
czokie :
1. ios deploy without debug - with USB connected
[2017-10-19 10:43:59]
czokie :
2. Frida network launch
[2017-10-19 10:44:04]
czokie :
3. Connect RC
[2017-10-19 10:44:07]
jezzab :
you must have the .DJI.Config file on your device
[2017-10-19 10:44:07]
czokie :
4. Enjoy
[2017-10-19 10:44:22]
czokie :
Nope
[2017-10-19 10:44:37]
czokie :
That is DEBUG where OUR function is called and returns a new value
[2017-10-19 10:44:45]
jezzab :
well mine will no load canUseIllegalChannels with my code or your swizzle
[2017-10-19 10:45:06]
czokie :
u wanna see my screen?
[2017-10-19 10:45:13]
jezzab :
wanna see mine lol
[2017-10-19 10:45:20]
jezzab :
I'm just telling you mate that it wont
[2017-10-19 10:45:25]
czokie :
so you can replicate what is working
[2017-10-19 10:45:27]
jezzab :
I've tested it 4 times now 4 ways
[2017-10-19 10:45:30]
czokie :
not so I can see what is not working :smile:
[2017-10-19 10:45:33]
jezzab :
it is not working
[2017-10-19 10:45:49]
jezzab :
the set sdr bcc did when i did it and no doubt your swizzle will as well
[2017-10-19 10:45:55]
jezzab :
but the illegal channels doesnt
[2017-10-19 10:46:54]
bin4ry :
On android the UI settings (where it shows channels etc) are build up from the bird values. So it might indeed be a timing thing
[2017-10-19 10:47:13]
czokie :
Thats what I am thinking
[2017-10-19 10:47:21]
bin4ry :
Or most parts of it
[2017-10-19 10:47:41]
jezzab :
weird. it just doesn't load the function at all
[2017-10-19 10:47:46]
jezzab :
its not called
[2017-10-19 10:47:59]
czokie :
<https://join.me/349-582-061>
[2017-10-19 10:48:10]
czokie :
I will show you guys what happens for me
[2017-10-19 10:48:21]
jezzab :
you showed the log
[2017-10-19 10:48:25]
jezzab :
its loading the function then
[2017-10-19 10:48:32]
czokie :
Not just the log
[2017-10-19 10:48:52]
czokie :
the process end to end of how I am starting - in case there is something we are doing differently
[2017-10-19 10:49:29]
czokie :
is that u or binary?
[2017-10-19 10:49:35]
jezzab :
me
[2017-10-19 10:49:40]
czokie :
ok
[2017-10-19 10:50:22]
czokie :
DAMM
[2017-10-19 10:50:40]
jezzab :
tthat is the exact same process i have done for the last 70 tests
[2017-10-19 10:51:15]
czokie :
Sigh
[2017-10-19 10:51:21]
jezzab :
Got me fucked
[2017-10-19 10:51:36]
jezzab :
Why yours works and mine doesnt. every other function does but not that one
[2017-10-19 10:51:43]
jezzab :
and i even tried setting it to P4
[2017-10-19 10:52:22]
jezzab :
ipad/phone unlocked?
[2017-10-19 10:52:30]
czokie :
The process crashed as soon as I connected to it
[2017-10-19 10:52:32]
czokie :
reboot iphone
[2017-10-19 10:52:57]
czokie :
Ah.
[2017-10-19 10:53:06]
czokie :
Question - do you still have your other code talking to the same functions?
[2017-10-19 10:53:10]
jezzab :
nope
[2017-10-19 10:53:13]
jezzab :
all remarked out
[2017-10-19 10:53:16]
czokie :
OK
[2017-10-19 10:53:16]
czokie :
If we are trying two methods of instrumenting the same functions -
[2017-10-19 10:53:48]
jezzab :
Only 2 left sorry bar the illegal
[2017-10-19 10:54:03]
jezzab :
term one and the isadmin (which is never called unless i go into flightlogs)
[2017-10-19 10:54:22]
czokie :
Booting....
[2017-10-19 10:54:48]
czokie :
Are you getting debug log for the terms bypass when u do it with this hook?
[2017-10-19 10:55:02]
jezzab :
I havent put it in yet
[2017-10-19 10:55:15]
czokie :
Thats why I said put it in before - its a SIMPLE case....
[2017-10-19 10:55:22]
czokie :
confirm that before we do the other one :slightly_smiling_face:
[2017-10-19 10:55:32]
jezzab :
yeah but my code and your code BOTH dont do that function
[2017-10-19 10:55:45]
jezzab :
i said it 2 hours ago when i tested it.
[2017-10-19 10:55:54]
jezzab :
it is not being called on my device
[2017-10-19 10:56:03]
czokie :
Dont do what function. The terms code is not getting called?
[2017-10-19 10:56:05]
jezzab :
2 different ways, same result
[2017-10-19 10:56:24]
jezzab :
the canUseIllegalChannels
[2017-10-19 10:56:54]
czokie :
And?
[2017-10-19 10:57:13]
czokie :
The terms bypass - you get that yes?
[2017-10-19 10:57:17]
czokie :
my code?
[2017-10-19 10:57:26]
czokie :
in debug?
[2017-10-19 10:59:13]
czokie :
OK
[2017-10-19 10:59:16]
czokie :
Didnt crash this time
[2017-10-19 10:59:22]
jezzab :
Terms: My code works, Your swizzle works
FCC: My code works, Your swizzle works
IllegalChannels: My code does not work, Your code does not work
[2017-10-19 10:59:50]
czokie :
And you are saying it doesnt work why? Debug message or no debug message?
[2017-10-19 11:00:02]
jezzab :
No message at all
[2017-10-19 11:00:12]
jezzab :
therefor, the function is not being called
[2017-10-19 11:00:32]
czokie :
You know it is only called when you connect the IOS device to the RC ?
[2017-10-19 11:00:42]
jezzab :
Every other function i have ever used works.
[2017-10-19 11:00:44]
czokie :
with it powered on?
[2017-10-19 11:00:50]
jezzab :
I have done that
[2017-10-19 11:01:04]
czokie :
and click enter device
[2017-10-19 11:01:07]
jezzab :
yes
[2017-10-19 11:01:15]
jezzab :
3 times
[2017-10-19 11:01:31]
czokie :
So - I am at the point now where I have started up, disconnected USB... about to reconnect RC
[2017-10-19 11:02:03]
czokie :
which RC are you connecting it to?
[2017-10-19 11:02:38]
jezzab :
Mavic
[2017-10-19 11:02:45]
jezzab :
ill test the P4 one now
[2017-10-19 11:02:48]
czokie :
And therein lies the problem.
[2017-10-19 11:03:07]
czokie :
different test case
[2017-10-19 11:03:26]
jezzab :
right. testing with Big Bertha now
[2017-10-19 11:03:49]
czokie :
I was so getting frustrated just now
[2017-10-19 11:04:00]
czokie :
about to blow a gasket
[2017-10-19 11:04:10]
jezzab :
You tell me. I said this was a problem 2 hours ago lol
[2017-10-19 11:04:38]
jezzab :
testing
[2017-10-19 11:04:38]
czokie :
Gimme a break - I just came out of general anesthetic today.
[2017-10-19 11:06:14]
jezzab :
straight up
[2017-10-19 11:06:16]
jezzab :
works
[2017-10-19 11:06:25]
czokie :
QED
[2017-10-19 11:06:29]
czokie :
So - conclusions:
[2017-10-19 11:06:40]
jezzab :
now the question is the product is WM100 or WM6X0?
[2017-10-19 11:06:52]
czokie :
1. Swizzle methods work, and (after olevar makes changes) will work with springboard launch
[2017-10-19 11:07:03]
czokie :
2. We have FCC and 32ch and terms bypasses
[2017-10-19 11:07:12]
czokie :
3. The world is our oyster as @hostile would say
[2017-10-19 11:07:24]
czokie :
4. I have a note in the wiki about input variables - should we ever need to dig there
[2017-10-19 11:07:35]
jezzab :
Have to verify the FCC WORKS though
[2017-10-19 11:07:43]
jezzab :
...somehow
[2017-10-19 11:08:10]
czokie :
Was it u that got the test kit for radio spectrum analys? :slightly_smiling_face:
[2017-10-19 11:08:14]
czokie :
I forget who got it
[2017-10-19 11:08:20]
jezzab :
Ive got a HackRF
[2017-10-19 11:08:23]
jezzab :
thats it
[2017-10-19 11:08:26]
czokie :
Exactly
[2017-10-19 11:08:38]
jezzab :
I was gonna try and see if the signal took a jump
[2017-10-19 11:08:45]
jezzab :
but its not really perfect lol
[2017-10-19 11:08:53]
jezzab :
fuck it ill set it up
[2017-10-19 11:09:08]
czokie :
You should have two config files
[2017-10-19 11:09:13]
czokie :
one enabled - one disabled
[2017-10-19 11:09:26]
czokie :
and compare two clean boots of app and rc and ac
[2017-10-19 11:09:31]
jezzab :
Left it on the other day, all day at full power broadcasting fake GPS ....... oops
[2017-10-19 11:09:49]
czokie :
Stuffed up a few pizza deliveries?
[2017-10-19 11:09:51]
jezzab :
ill just remark the code out
[2017-10-19 11:09:57]
czokie :
Dont remark
[2017-10-19 11:10:01]
czokie :
change it to false
[2017-10-19 11:10:12]
jezzab :
same shit different smell lol
[2017-10-19 11:10:28]
jezzab :
Not my first rodeo lol
[2017-10-19 11:10:31]
jezzab :
got this far
[2017-10-19 11:10:45]
czokie :
got it - but be aware - it may write it to a dji config at some point
[2017-10-19 11:10:56]
czokie :
so remarking it out is not a guarantee of the alternate datapoint
[2017-10-19 11:11:37]
czokie :
<https://c1.staticflickr.com/3/2882/11418078615_7292149343_b.jpg>
[2017-10-19 11:11:45]
czokie :
Before you ask - this is not me
[2017-10-19 11:11:50]
jezzab :
LOL
[2017-10-19 11:11:56]
czokie :
but its what I look like - got the funky nose bandage today
[2017-10-19 11:12:05]
czokie :
sinus surgery
[2017-10-19 11:12:09]
czokie :
5th time ...
[2017-10-19 11:12:09]
jezzab :
ouch
[2017-10-19 11:12:26]
czokie :
The anethestist calls me a frequent flyer...
[2017-10-19 11:12:38]
czokie :
and I said - hey should I call you a knockout?
[2017-10-19 11:25:08]
jezzab :
hmm the same
[2017-10-19 11:25:27]
jezzab :
gonna fire up the 'droid and compare
[2017-10-19 11:34:15]
czokie :
Dont forget - the radios will not necessarily use the available power - unless the devices are at a decent range
[2017-10-19 11:34:28]
czokie :
others have found that before with SDR testing
[2017-10-19 11:39:22]
jezzab :
i dont think we are gonna really get results with this test
[2017-10-19 11:39:44]
czokie :
Put some obstacles between bird and rc
[2017-10-19 11:40:04]
czokie :
some steel plates, walls, whatever you can find..... that might help show a difference
[2017-10-19 11:40:50]
jezzab :
Im gonna pack it up. Ive had enough for one day lol
[2017-10-19 11:42:39]
czokie :
hehehehehe
[2017-10-19 11:42:49]
czokie :
I am building a hook library page in wiki
[2017-10-19 11:42:53]
czokie :
will share the link soon
[2017-10-19 11:43:17]
czokie :
including source + commentary of how/why/what to expect from each hook
[2017-10-19 11:48:00]
czokie :
<https://dji.retroroms.info/howto/fridahooklibrary>
[2017-10-19 11:48:02]
czokie :
very draft
[2017-10-19 11:48:13]
czokie :
added tests for ObjC - and will only include if it is detected
[2017-10-19 11:48:22]
czokie :
later - we can add "else" clause for Android equivalent hooks
[2017-10-19 11:53:56]
jezzab :
Cool, looks good
[2017-10-19 11:54:52]
jezzab :
Momentous occasion, after my flight log admin testing it now shows on the DJI forum my distance as....... 1
[2017-10-19 11:54:56]
jezzab :
Lol
[2017-10-19 12:36:59]
cs2000 :
Very impressed with the steps you guys have made in here over the last couple of weeks. Top work lol
[2017-10-19 12:56:08]
dreadwing007 :
Awesome, following this closely
[2017-10-19 13:08:19]
hostile :
bad ass <https://dji-rev.slack.com/archives/C6KG1UDRS/p1508392817000233>
[2017-10-19 13:14:48]
czokie :
Now I just gotta teach myself to sleep again. Sleept during the op today - feel a little tired now but cannot sleep
[2017-10-19 13:14:53]
czokie :
youtube = my friend
[2017-10-19 13:20:34]
hostile :
LOL <https://dji-rev.slack.com/archives/C6KG1UDRS/p1508411078000003>
[2017-10-19 13:28:22]
czokie :
It has a weird effect - During my day, I feel not tired - in fact, so envigorated - but my thinking it sometimes a little scattered.
[2017-10-19 13:28:43]
czokie :
Starting to feel drowsy now
[2017-10-19 13:28:49]
hostile :
you all gonna need a git repo for them .js files
[2017-10-19 13:28:50]
hostile :
=]
[2017-10-19 13:28:59]
czokie :
possibly
[2017-10-19 13:29:05]
czokie :
but for now - there is a seperate wiki page
[2017-10-19 13:29:08]
hostile :
indeed
[2017-10-19 13:29:23]
czokie :
<https://dji.retroroms.info/howto/fridahooklibrary>
[2017-10-19 13:30:54]
czokie :
Those 3 are confirmed being activated - but not yet confirmed 2 and 3 on aircraft
[2017-10-19 13:31:13]
czokie :
for illegal channels - i will power up ac tomorrow and test
[2017-10-19 13:31:26]
czokie :
for FCC - the elusive "How do we know its working" question
[2017-10-19 13:32:00]
czokie :
And in other news - FCC is 100% confirmed mavic only in DJI GO - but it is my intent to try to bypass that and see how the P4P firmware likes the extra juice
[2017-10-19 13:32:32]
czokie :
and likewise - we confirmed can use illegal channels - is not effective on mavic - but again, we will see later what we can do on that later
[2017-10-19 13:33:09]
czokie :
it'd be nice if it allowed channel roaming across 2.3 2.4 2.5 for example
[2017-10-19 19:44:32]
czokie :
Morning all
[2017-10-19 19:46:31]
czokie :
OK - Tried the frida 32ch hook on p4p - and the gui did not reflect the tweak.... which is kinda disappointing. Just gotta work our why now. What I do know however, is that the function was called. What I am thinking is it may be a true/false thing. We said to return TRUE.... but what is the app comparing to? What is the numerical value of true that the Java passed back? I might have a look at that next
[2017-10-19 19:51:14]
czokie :
Fail.
[2017-10-19 19:51:23]
czokie :
putting in a djiconfig file to see what I get
[2017-10-19 19:54:26]
czokie :
Interesting.
[2017-10-19 19:54:44]
czokie :
The gui now shows 32 channels... so whatever is setting the gui needs something else....
[2017-10-19 19:54:48]
czokie :
Time to dig some more
[2017-10-19 20:10:26]
czokie :
```
bool __cdecl -[DJIRadioLogic canUseIllegalChannels](DJIRadioLogic *self, SEL a2)
{
void *v2; // x0
__int64 v3; // x19
void *v4; // x20
void *v5; // x0
__int64 v6; // x0
void *v7; // x0
bool v8; // w21
+[DJIFileHelper fetchDocumentPath](&OBJC_CLASS___DJIFileHelper, "fetchDocumentPath");
v2 = (void *)objc_retainAutoreleasedReturnValue();
objc_msgSend(v2, "stringByAppendingPathComponent:", CFSTR(".DJI.configs"));
v3 = objc_retainAutoreleasedReturnValue();
objc_release();
objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:", v3);
v4 = (void *)objc_retainAutoreleasedReturnValue();
if ( !v4 )
{
+[DJIBundleRedirect mainBundle](&OBJC_CLASS___DJIBundleRedirect, "mainBundle");
v5 = (void *)objc_retainAutoreleasedReturnValue();
objc_msgSend(v5, "pathForResource:", CFSTR(".DJI.configs"));
v6 = objc_retainAutoreleasedReturnValue();
objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:", v6);
v4 = (void *)objc_retainAutoreleasedReturnValue();
objc_release();
objc_release();
objc_msgSend(v4, "writeToFile:atomically:", v3, 1LL);
}
v8 = 0;
if ( (unsigned __int64)objc_msgSend(v4, "length") >= 0x29 )
{
v7 = (void *)objc_retainAutorelease();
if ( **((_BYTE **)objc_msgSend(v7, "bytes") + 39) == 1 )
v8 = 1;
}
objc_release();
objc_release();
return v8;
}
// 1027425C8: using guessed type __CFString cfstr_DjiConfigs;
// 102D88FF0: using guessed type __objc2_ivar stru_102D88FF0;
// 102E51A58: using guessed type __objc2_class OBJC_CLASS___DJIBundleRedirect;
// 102E8C298: using guessed type __objc2_class OBJC_CLASS___DJIFileHelper;
```
[2017-10-19 20:10:42]
czokie :
Another function .... that is reading the DJI config file independently of the other config object.
[2017-10-19 20:10:45]
czokie :
What a crock of shit
[2017-10-19 20:11:02]
czokie :
Why process the file if there is already a config class
[2017-10-19 20:19:39]
czokie :
Boom!
[2017-10-19 20:19:45]
czokie :
A combination of both things works.
[2017-10-19 20:20:07]
czokie :
Firstly, their true is not true .... we need to explicitly set a return value to 1 so that we can return not false :slightly_smiling_face:
[2017-10-19 20:20:26]
czokie :
Also - there are two can use illegal channels functions.
[2017-10-19 20:20:48]
czokie :
First one is in dji config class - the other is in DJI Radio Logic. Both parse the config file
[2017-10-19 20:21:01]
czokie :
(which is dumb). Why not reference the existing config object
[2017-10-19 20:41:41]
hostile :
yeahhhh boy
[2017-10-19 20:41:52]
hostile :
<https://www.youtube.com/watch?v=CeRoi43azds>
[2017-10-19 20:59:05]
czokie :
I have a question about these two code blocks
[2017-10-19 20:59:26]
czokie :
One uses OBJC_CLASS___DJISDRParamWritePack and the other uses OBJC_CLASS___DJIOFDMPack
[2017-10-19 20:59:36]
czokie :
I've dug a little - but cant work out why or what?
[2017-10-19 21:07:51]
jezzab :
What does DJIBasePack initRequest do?
[2017-10-19 21:08:50]
jezzab :
I’m not in front of the computer
[2017-10-19 21:10:28]
czokie :
I started to read it - but didnt work it out
[2017-10-19 21:11:19]
jezzab :
The vibe I’m getting from the names is exactly what bin4ary was saying.
[2017-10-19 21:13:01]
jezzab :
As in the params being set. But I don’t know the method they use to write those params. By this (without seeing the rest of the code) maybe they push a config pack to the device to set it up. Or they just “pack” an array and roll through it to set it up
[2017-10-19 21:14:18]
czokie :
It feels like basepack is a universal toolkit - also contains encrypt / decrypt methods and lots of other crap
[2017-10-19 21:15:42]
jezzab :
Wasn’t there some param send/recv encryption added in the later Assist2?
[2017-10-19 21:16:46]
czokie :
It feels like this may be the duml piece
[2017-10-19 21:19:03]
jezzab :
0x3FF or 0x400 is the max packet payload size you are able to send over TCP from memory.
[2017-10-19 21:19:28]
jezzab :
As in the Spark RC flashing, this is the max size
[2017-10-19 21:19:54]
czokie :
Anyway. Time for shower and breakie
[2017-10-19 21:19:57]
czokie :
Catch u l8r
[2017-10-19 21:20:01]
czokie :
By the way.
[2017-10-19 21:20:03]
jezzab :
Will do mate
[2017-10-19 21:20:05]
czokie :
One small goal for the day...
[2017-10-19 21:20:17]
czokie :
is to re-rest the original frida hooks - if possible with burp.
[2017-10-19 21:20:44]
czokie :
The objection author is keen to find out why his hooks werent working for ssl pinning bypass
[2017-10-19 21:20:55]
czokie :
He took the time to download the IPA, instrument it, and test it
[2017-10-19 21:20:59]
czokie :
and he didnt have any SSL errors
[2017-10-19 21:21:17]
jezzab :
I feel it’s because of the DJI ones being in there
[2017-10-19 21:21:20]
jezzab :
Hmmm ok
[2017-10-19 21:21:25]
jezzab :
Weird
[2017-10-19 21:21:44]
czokie :
Would be good of us to give him some feedback - we're getting some good background assistance from him and the frida author
[2017-10-19 21:22:38]
jezzab :
Actually. I think in the original code it didn’t touch the trust certificates
[2017-10-19 21:22:46]
jezzab :
As in allow invalid
[2017-10-19 21:23:23]
jezzab :
Still don’t understand why it worked for him. Maybe he has a Mavic RC :p
[2017-10-19 21:37:03]
jezzab :
yup DJIBasePack is nice :slightly_smiling_face: @bin4ry
[2017-10-19 21:37:22]
jezzab :
```result = (DJIBasePack *)objc_msgSendSuper2(&v4, "init", self, &OBJC_CLASS___DJIBasePack);
if ( result )
{
v3 = &result->_header;
v3->SOF = 85;
**(_WORD **)((char **)v3 + 1) = **(_WORD **)((char **)&result->_header + 1) & 0x3FF | 0x400;
**((_BYTE **)&result->_extHeader.sender + 1) = **((_BYTE **)&result->_extHeader.sender + 1) & 0xE0 | 1;
result->_sendDate = 0LL;
result->_retryTime = 0x4000000000000000LL;
**(_QWORD **)&result->_cmdID = 0LL;
**(_QWORD **)&result->_extHeader.cmdType = 0LL;
HIDWORD(result->_retryType) = 0;
BYTE3(result->_body) = 1;
BYTE1(result->_retryType) = 1;
LOBYTE(result->_retryType) = 1;
}```
[2017-10-20 11:39:42]
dkovar :
G'morning. @hostile mentioned something on Twitter about an "encrypt" toggle. If you have before/after logs I should be able to quickly tell if they're encrypted, if that'd help.
[2017-10-20 12:57:12]
czokie :
Just a heads up - I am doing the decompile thing for all past DJI GO versions - one at a time, to build a historical archive of c files.... find out what has really changed over time. More hooking stuff in a few days - brain needs a rest
[2017-10-20 13:19:51]
jezzab :
@dkovar I have to do a compare of clean and admin mode logged files and all files. I'll give you a yell when I have more info
[2017-10-20 14:28:22]
dkovar :
Cool, thanks, no rush.
[2017-10-21 01:55:52]
jezzab :
So does this mean it can run stand alone now?
[2017-10-21 01:58:24]
czokie :
Yep. I have built it. Later today. I need to work out where objection funds it from and get it to use that version instead.
[2017-10-21 02:08:15]
jezzab :
I'm stuck doing a bathroom reno :/
[2017-10-21 02:20:26]
czokie :
I got kitchen coming soon... :slightly_smiling_face:
[2017-10-21 02:20:40]
czokie :
and have a list of stuff the other half wants me to do today...
[2017-10-21 02:20:46]
czokie :
but - nothing like a little distraction
[2017-10-21 02:34:19]
jezzab :
I wish. Every year I get roped into something when The Block TV show is on. Folks see it and get ideas. Then call Jezza the ex chippy :(
[2017-10-21 07:10:57]
jezzab :
Oh and did he add the ability to load the .js file from the apps document dir?
[2017-10-21 07:14:52]
jezzab :
Do you have the build files @czokie of the new frida?
[2017-10-21 07:28:47]
czokie :
Bottom of wiki page has build instructions
[2017-10-21 07:29:03]
jezzab :
I think hes rebuilt the binary
[2017-10-21 07:29:08]
czokie :
But I haven't yet confirmed where objection expects the Dublin to come from
[2017-10-21 07:29:15]
jezzab :
FridaGadget.dynlib
[2017-10-21 07:29:21]
jezzab :
its been updated today
[2017-10-21 07:29:27]
czokie :
Damm iPhone. Dylib
[2017-10-21 07:29:38]
czokie :
Ok. Cool.
[2017-10-21 07:29:55]
jezzab :
playing with it now. Just have a quick dinner and see how it goes
[2017-10-21 07:30:02]
jezzab :
if it doesnt work ill compile it
[2017-10-21 07:30:18]
czokie :
Js from document for will be later.
[2017-10-21 07:30:25]
jezzab :
i have to edit the config file and add in the extra param for it
[2017-10-21 07:30:32]
jezzab :
ok
[2017-10-21 07:31:04]
czokie :
It will expect document in build but will let you upload your own with same name to document which will take priority
[2017-10-21 08:08:11]
jezzab :
Hmm
[2017-10-21 08:08:38]
jezzab :
The SSL de-pinning code uses all intercepts?
[2017-10-21 08:09:04]
jezzab :
So not swizzled. Surely this will break it?
[2017-10-21 08:09:38]
czokie :
Yes. And we need to rewrite it one day :(
[2017-10-21 08:09:51]
jezzab :
But im about to test it stand alone
[2017-10-21 08:10:25]
jezzab :
If you say I cant use intercepts in the stuff we are doing and have to swizzle but they have intercepts in the SSL stuff.... how will this work?
[2017-10-21 08:10:25]
czokie :
So leave the proxy stuff out for now
[2017-10-21 08:11:22]
czokie :
SSL later. Just do the new swizzle hooks standalone
[2017-10-21 08:11:52]
jezzab :
Righto. I assumed we needed the SSL stuff so we could run our own stuff
[2017-10-21 08:13:16]
czokie :
No. That was just my starting point for exploring traffic.
[2017-10-21 08:29:47]
jezzab :
hmm it works BUT its not loading my .js anymore stand alone
[2017-10-21 08:35:22]
jezzab :
I see the problem. Typo, testing again.
[2017-10-21 08:42:07]
jezzab :
shit
[2017-10-21 08:42:09]
jezzab :
no go
[2017-10-21 08:42:12]
jezzab :
crashes
[2017-10-21 08:42:39]
jezzab :
Just using a simple swizzle for I agree on T&C
[2017-10-21 08:42:59]
jezzab :
works if I load it with iosdeploy over USB
[2017-10-21 08:43:04]
jezzab :
stand alone is like before
[2017-10-21 08:43:13]
jezzab :
checking crashlog now
[2017-10-21 08:43:58]
jezzab :
Code signing still :disappointed:
[2017-10-21 08:45:05]
jezzab :
current `FridaGadget.config`:
```{
"interaction": {
"type": "script",
"path": "disable.js",
"code_signing": "required"
}
}```
[2017-10-21 08:49:30]
jezzab :
new `FridaGadget.dylib` was copied over `~/.objection/ios/FridaGadget.dylib`
[2017-10-21 08:50:01]
czokie :
The question is - where does it get it from - I have seen Objection download it before - it is possible the objection gadget is not the newest one
[2017-10-21 08:50:31]
jezzab :
from above
[2017-10-21 08:50:50]
jezzab :
i copied it over and it has remained the same as the source I used
[2017-10-21 08:51:42]
jezzab :
then when its in `/Payload/DJI Go 4/Frameworks/` its a couple of hundred bytes bigger after its signed. Which I assume is the code signing
[2017-10-21 08:55:51]
czokie :
So - it might be worthwhile doing a git pull and build of the dylib to make sure its current...
[2017-10-21 08:57:49]
jezzab :
was sourced from here and the date matched :confused: `<https://build.frida.re/frida/ios/lib/>`
[2017-10-21 09:00:07]
jezzab :
Just going to make a bullshit param in the Frida config file. if it parses it with no problems then I will rebuild the source
[2017-10-21 09:00:31]
jezzab :
If it fails I know the version is the latest or it would error with the new `code_signing` param
[2017-10-21 09:03:02]
jezzab :
it parsed it
[2017-10-21 09:03:05]
jezzab :
gonna make it
[2017-10-21 09:19:38]
jezzab :
compiled....
[2017-10-21 09:19:58]
jezzab :
EXACTLY the same file size as the binary I downloaded :disappointed:
[2017-10-21 09:29:41]
czokie :
I can get on the irc to olevar later tonight
[2017-10-21 09:30:13]
jezzab :
Gonna try it with my compiled one but im not optimistic at all
[2017-10-21 09:33:08]
jezzab :
Nope. Borked
[2017-10-21 09:33:18]
jezzab :
:cry:
[2017-10-21 09:33:30]
jezzab :
Really need to sort this before we do any more
[2017-10-21 09:36:23]
jezzab :
If the `FridaGadget.config` file is invalid (say you leave a comma out after a param) it will run stand alone. As soon as it loads a correct file it wont run
[2017-10-21 09:36:45]
czokie :
If this is not working, next is to look at objection signipa method. Perhaps that is borked
[2017-10-21 09:37:11]
jezzab :
Thats the thing
[2017-10-21 09:37:19]
jezzab :
as above, it runs
[2017-10-21 09:37:31]
jezzab :
So its resigning signing the rest ok in my eyes
[2017-10-21 09:37:44]
jezzab :
But im no iOS guru
[2017-10-21 09:42:39]
czokie :
But. Is it double signed. I have read some stuff where a component is signed and then is resigned and causes issues.
[2017-10-21 09:44:52]
jezzab :
But if there was an issue, wouldnt the app not run?
[2017-10-21 09:45:07]
jezzab :
When Frida doesnt load a config it runs fine
[2017-10-21 09:46:01]
czokie :
I will ask
[2017-10-21 09:46:07]
jezzab :
ok
[2017-10-21 09:46:58]
czokie :
But. It may only check the dylib when it's executed. Who knows. The whole iOS stuff is black magic
[2017-10-21 09:47:02]
jezzab :
I thought it worked first off is all as it was starting and running but the hook wasnt working. Then i launched it wiht the lldb and saw Frida had an error loading the config file. Checked and was missing a comma. I fixed that and then the app would no longer run stand alone
[2017-10-21 09:47:27]
jezzab :
Dont look at me lol I have NFI how the thing works.
[2017-10-21 09:47:51]
czokie :
That makes two of us
[2017-10-21 09:51:24]
jezzab :
And just to confirm the test was just the swizzle he provided
[2017-10-21 09:51:28]
jezzab :
Terms one
[2017-10-21 09:51:34]
jezzab :
nothing else. No SSL etc
[2017-10-21 09:54:50]
jezzab :
Oh and a simple swizzle example to change an incoming variable and return it would be very helpful
[2017-10-21 09:55:01]
jezzab :
:)
[2017-10-21 09:55:47]
jezzab :
Would tick all the boxes then and I can nut it the rest. I have an idea how to do it I just wanna confirm
[2017-10-21 10:47:20]
czokie :
Got a crash log? oleavr wanted a look
[2017-10-21 11:05:51]
jezzab :
The disable.js doesn’t have to be signed does it? Is in the /Frameworks dir with the FridaGadget.dylib
[2017-10-21 11:06:16]
jezzab :
Objections doesn’t seem to touch it. Just got me thinking
[2017-10-21 11:22:32]
jezzab :
He got any ideas?
[2017-10-21 20:10:48]
czokie :
He got it working....
[2017-10-21 20:59:16]
jezzab :
Woohoo! What needs changin?
[2017-10-21 21:07:47]
czokie :
Check out our wiki pages.
[2017-10-21 21:07:55]
czokie :
Its all there :slightly_smiling_face:
[2017-10-21 21:08:06]
czokie :
<http://dji.retroroms.info/howto/fridahooklibrary>
[2017-10-21 21:08:06]
czokie :
Most notably
[2017-10-21 21:08:10]
czokie :
The config file :slightly_smiling_face:
[2017-10-21 21:08:42]
czokie :
Also - he confirmed the feature to change JS in document space is implemented
[2017-10-21 21:13:30]
jezzab :
Ah the param in the config is seperate.
[2017-10-21 21:14:17]
jezzab :
So the .js file is checked for in cwd then documents?
[2017-10-21 21:15:19]
czokie :
documents priority
[2017-10-21 21:26:32]
jezzab :
Cool!
[2017-10-21 21:33:51]
jezzab :
You tried it?
[2017-10-21 21:34:18]
czokie :
still in bed - watching some fights via an IOS app - so my phone is "otherwise occupied"
[2017-10-21 21:34:45]
czokie :
but - the news is that he actually built and executed it himself - so should not be an issue.
[2017-10-21 21:37:05]
jezzab :
Ok. Just havin my first coffee. Will give it a test in a bit when I can see
[2017-10-21 21:37:35]
czokie :
I am confident.
[2017-10-21 21:37:40]
czokie :
The question today - what next?
[2017-10-21 21:37:51]
czokie :
Be keen to know what you've played with so far - and then pick a plan
[2017-10-21 21:38:44]
jezzab :
Lots of things lol. It’s been a bit eclectic but I wanted to ask you what things are most wanted and a priority list
[2017-10-21 21:49:29]
jezzab :
w00t! WORKS! Standalone running of patches :slightly_smiling_face:
[2017-10-21 21:49:37]
jezzab :
*does a little dance*
[2017-10-21 21:49:52]
czokie :
hehehehe
[2017-10-21 21:51:08]
jezzab :
<https://media.giphy.com/media/OKXxEPNjzocx2/giphy.gif>
[2017-10-21 21:51:34]
jezzab :
just going to do a quick test with the documents to make sure it reloads it
[2017-10-21 21:51:40]
czokie :
He's also keen for us to try to get it on the bird later....
[2017-10-21 21:51:44]
czokie :
That'd be way cool
[2017-10-21 21:51:57]
czokie :
but using frida-server instead of the gadget
[2017-10-21 21:51:59]
jezzab :
Just compile our own code and run on it
[2017-10-21 21:52:13]
jezzab :
Dont really sort need hooks
[2017-10-21 21:53:09]
czokie :
Yes and no... The reason why frida = good - not everyone in the scene has code compile capabilities.... If we provided a generic method of tweaking - that'd be helpful for a wider community.
[2017-10-21 22:39:16]
jezzab :
updating of .js in documents works :slightly_smiling_face:
[2017-10-21 22:46:59]
jezzab :
```var DJIAccountManager = ObjC.classes.DJIAccountManager;
var checkIsAdminUser = DJIAccountManager['- checkIsAdminUser'];
var checkIsAdminUserImpl = checkIsAdminUser.implementation;
checkIsAdminUser.implementation = ObjC.implement(checkIsAdminUser, function (handle, selector) {
var originalResult = checkIsAdminUserImpl(handle, selector);
console.log('DJIAccountManager:checkIsUserAdmin. Changing from: ', originalResult, 'to: 1');
return 1;
});```
[2017-10-21 22:47:08]
jezzab :
Just the admin one from before but swizzled
[2017-10-21 22:47:41]
jezzab :
Ill look at this more later. Need to do some more reno crap and sand plaster dammit.
[2017-10-22 00:33:11]
hostile :
fucking amazing fellas. good job working with the author to wrangle cats and make magic
[2017-10-22 00:33:38]
czokie :
I am about to do a flight test after pushing some hooks....
[2017-10-22 00:49:28]
jezzab :
Gonna test the FCC one @czokie?
[2017-10-22 00:51:23]
czokie :
Can try - but I dont have much faith in that - because I didnt previously see debug console lines on the p4p
[2017-10-22 00:51:24]
jezzab :
Your normal get pretty damn good range on your test spot on CE anyway dont you?
[2017-10-22 00:51:35]
jezzab :
mmm
[2017-10-22 00:51:39]
czokie :
I use 32ch on the p4p - and that does enough for me
[2017-10-22 00:51:43]
jezzab :
Forgot about that
[2017-10-22 00:51:57]
czokie :
I dont think its even trying to load FCC for me - but thats another job for another day.
[2017-10-22 00:52:13]
czokie :
Truth be told - its more about "Shit - I havnt flown in ages" rather than seriously wanting to flight test :slightly_smiling_face:
[2017-10-22 00:52:22]
jezzab :
hehe
[2017-10-22 00:52:45]
czokie :
It was the inconvenience of haing to reload stock DJI go before to fly
[2017-10-22 00:52:49]
czokie :
(or start with debugging)
[2017-10-22 00:53:16]
czokie :
This will be my first time flying with mod'd app from springboard - which is a big step forward
[2017-10-22 00:54:10]
jezzab :
Not any more. Take your pick of your swizzle stick :slightly_smiling_face:
[2017-10-22 00:54:36]
czokie :
I cannot get something out of my head "Wanna see you jiggle it... just a little bit".... but replaced with Swizzle it.... just a little bit
[2017-10-22 00:55:22]
jezzab :
lol
[2017-10-22 00:55:49]
czokie :
Just about to try it with load of custom js via ifunbox
[2017-10-22 00:56:04]
jezzab :
Loads in iTunes as well
[2017-10-22 00:56:09]
jezzab :
"File Sharing"
[2017-10-22 00:56:14]
czokie :
Future test - try to get debug console via frida port while using onboard .js
[2017-10-22 00:56:15]
czokie :
yep
[2017-10-22 00:56:30]
jezzab :
Yup it works
[2017-10-22 00:56:36]
jezzab :
just launch from CLI
[2017-10-22 00:56:52]
jezzab :
or you mean TCP?
[2017-10-22 00:56:52]
czokie :
So - you had 0.0.0.0 for network comms?
[2017-10-22 00:56:56]
czokie :
tcp
[2017-10-22 00:56:58]
jezzab :
ahh
[2017-10-22 00:57:00]
jezzab :
hmm
[2017-10-22 00:57:04]
jezzab :
Didnt test
[2017-10-22 00:57:10]
czokie :
Challenge - go play with that while I go fly :slightly_smiling_face:
[2017-10-22 00:57:20]
czokie :
My thumbs are itchy for the controls
[2017-10-22 00:57:25]
jezzab :
hehe
[2017-10-22 00:58:30]
jezzab :
I will be mainly testing with objection loading and TCP
[2017-10-22 00:58:48]
jezzab :
More time consuming uploading the .js all the time
[2017-10-22 00:59:03]
czokie :
Yep.
[2017-10-22 00:59:10]
czokie :
Anyway - I'm outa here. "It's time to fly"
[2017-10-22 00:59:20]
jezzab :
Enjoy! Talk later
[2017-10-22 00:59:50]
jezzab :
<https://www.youtube.com/watch?v=nrEXnizgt9c>
[2017-10-22 01:54:46]
czokie :
Had fun. No issues. 32ch worked as expected with no .config file.
[2017-10-22 02:02:07]
czokie :
Its not like it was a rocket mission to the moon - but its good to see the concept now locked in.
[2017-10-22 02:02:21]
czokie :
But - we need to develop next steps strategy...
[2017-10-22 02:04:33]
czokie :
My 9 point plan:
[2017-10-22 02:04:35]
czokie :
1. Bypass 7 day limit
2. Build a persistant data config structure
3. Build init hook to pull in our config into memory
4. Build procedures to return config values
5. Reference the config interface in our hooks
6. Build GUI to edit config items
7. Make it scalable
8. Make more hooks...
9. Make a build process that is rock solid
[2017-10-22 02:05:59]
hostile :
fuuuuuuuck yeah bro
[2017-10-22 02:06:06]
nocommie :
Great job man
[2017-10-22 02:06:39]
czokie :
I have the plan - but not all of the skills tho.
[2017-10-22 02:06:50]
hostile :
need to make a video, loading the frida mod, then flying
[2017-10-22 02:07:10]
czokie :
I have zero java skills - so the config item is where we need most help
[2017-10-22 02:07:27]
czokie :
And @hostile you provided a link before on the 7 day bypass shit. I need to find that again
[2017-10-22 02:11:29]
czokie :
<https://github.com/Matchstic/Extender-Installer>
[2017-10-22 02:11:34]
czokie :
Thats the one
[2017-10-22 02:15:51]
haloweenhamster :
Yeah I've never worked with Java, some parts of the hooks you've been posting makes sense but other bits I'm like what's that for and do
although I'm not an apple person and would never have an apple device I've been watching your progress with interest to the point that I'm going to try frida when I've finished my night shifts
[2017-10-22 02:18:11]
czokie :
So. The bit that needs the most java is a config registry persistent bit. We can use node.js for this component, which will work with android frida as well.
[2017-10-22 02:18:52]
czokie :
One top level config component for either platform
[2017-10-22 07:28:59]
jezzab :
Right. First thing that had to go that was pissing me off was the upgrade notification on the splash screen
[2017-10-22 07:29:04]
jezzab :
```//Bypass upgrade notification on splash screen - jezzab
var DJIUpgradeNotifyViewModel = ObjC.classes.DJIUpgradeNotifyViewModel;
var notifyHidden = DJIUpgradeNotifyViewModel['- notifyHidden'];
var notifyHiddenImpl = notifyHidden.implementation;
notifyHidden.implementation = ObjC.implement(notifyHidden, function (handle, selector) {
var originalResult = notifyHiddenImpl(handle, selector);
console.log("[*] Disabling Upgrade Notification");
return 1;
});```
[2017-10-22 07:31:14]
jezzab :
Much better now :slightly_smiling_face:
[2017-10-22 07:54:35]
czokie :
Chuck em in the library :slightly_smiling_face:
[2017-10-22 07:54:51]
czokie :
I am currently reading C source - looking at anything with http in it .... :slightly_smiling_face:
[2017-10-22 07:55:30]
czokie :
Later - Will replace all of those methods that do shit we dont want with simple returns
[2017-10-22 07:56:25]
czokie :
Now reading DJIActivationManager
[2017-10-22 07:57:05]
czokie :
```
+[DJIHttpHelper createRequestWithParameters:usedHashString:securityKey:baseURLString:usedForm:](
&OBJC_CLASS___DJIHttpHelper,
"createRequestWithParameters:usedHashString:securityKey:baseURLString:usedForm:",
v4,
v20,
CFSTR("vkfzXO6hJnPj58zLM4TdzTjTNpSp"),
CFSTR("<https://active.dji.com/verify>"),
1LL);
```
[2017-10-22 07:57:36]
czokie :
Need to look @ that more later - but interesting. (This is old 4.0.0 code).
[2017-10-22 07:57:51]
czokie :
I am reversing all versions, to compare over time what they've done / changed.
[2017-10-22 08:06:03]
czokie :
bool __cdecl -[DJINetworkConst shouldUseBetaURL](DJINetworkConst *self, SEL a2)
{
return 0;
}
[2017-10-22 08:06:19]
czokie :
That one looked interesting - lots of URL's toggle to other shit if that is true...
[2017-10-22 08:06:36]
czokie :
(again - still reading old code - starting with older code)
[2017-10-22 08:10:25]
czokie :
but just checked newer stuff - and its still available as a flag....
[2017-10-22 08:36:29]
jezzab :
``` _ _ _ _
___| |_ |_|___ ___| |_|_|___ ___
| . | . | | | -_| _| _| | . | |
|___|___|_| |___|___|_| |_|___|_|_|
|___|(object)inject(ion) v1.1.15
Runtime Mobile Exploration
by: @leonjza from @sensepost
[tab] for command suggestions
com.dji.go on (iPad: 11.0.1) [net] #
[*] Disabling Upgrade Notification
[*] Bypassing Terms and Conditions
[*] Disabling Upgrade Notification
[*] Disabling Upgrade Notification
[*] Disabling Upgrade Notification
[*] Disabling Upgrade Notification
[*] Disabling Upgrade Notification
[*] Setting Forced FCC Mode
[*] Disabling Upgrade Notification
[*] Disabling Upgrade Notification
[*] Disabling App Upgrade Check
[*] Setting user to Admin for Flight Records
[*] Setting user to Admin for Flight Records```
[2017-10-22 08:41:07]
jezzab :
Just been going for low hanging fruit with bools atm
[2017-10-22 08:41:18]
czokie :
its a good place to play.
[2017-10-22 08:41:25]
czokie :
Atomic = no failure.
[2017-10-22 08:41:52]
czokie :
I'd like to try to find out - which specific hook in the SSL pinning bypass file was the one that got us under the covers
[2017-10-22 08:41:54]
czokie :
and replicate that hook
[2017-10-22 08:41:57]
czokie :
as a swizzle
[2017-10-22 08:43:46]
czokie :
Especially since the objection dude was interested in finding out why his stuff was broken.
[2017-10-22 08:50:48]
czokie :
Did u put "address": "0.0.0.0", in when in standalone mode?
[2017-10-22 08:51:08]
czokie :
I tried launching from debugger - and wanted to watch some shit - but it didnt work for me
[2017-10-22 08:51:31]
czokie :
Unable to launch objection over usb/debug port
[2017-10-22 09:06:37]
czokie :
Back to earlier topic:
```
void __cdecl -[AFSecurityPolicy setSSLPinningMode:](AFSecurityPolicy *self, SEL a2, unsigned __int64 a3)
{
self->_SSLPinningMode = a3;
}
```
[2017-10-22 09:07:02]
czokie :
This is the C code in DJI go that we can swizzle to bypass <https://statistical-report.djiservice.org>
[2017-10-22 09:07:10]
czokie :
just gotta replace with 0
[2017-10-22 09:25:47]
czokie :
After dinner. Will find which method is used for the other URL.
[2017-10-22 10:17:22]
jezzab :
@dkovar I have checked with admin mode and the exported CSV files are different. On a normal export there is only 4 fields: `count latitude longitude and battery%` on the admin file they have these fields:
```count(10HZ) latitude longtitude GPSsignal appTime Xspeed(m/s) Yspeed(m/s) Zspeed(m/s) batteryPercent(%) Volt(mV) batteryCell1(mV) batteryCell2(mV) batteryCell3(mV) batteryCell4(mV) batteryCell5(mV) batteryCell6(mV) batteryI(mA) rcA rcE rcT rcR```
[2017-10-22 10:17:44]
jezzab :
Haven't compared DAT files etc yet
EDIT: It wont let you sync down log files in admin mode hmm
[2017-10-22 11:33:57]
d95gas :
You guys are doing an awesome job, eagerly watching this thread..... I see there is also a new version of NLD out......
[2017-10-22 12:09:31]
jezzab :
Missed this one. Nah I didn’t try it. I just went back to no lldb and logging over tcp with objection.
[2017-10-22 12:22:50]
czokie :
The objection guy has provided feedback fyi - his ssl pinning bypass hooks were written for afnetworking 3.x ... DJI is using 2.x ... He'll get it sorted in a future update
[2017-10-22 12:58:52]
czokie :
he's coding an update now.... so standard objection hooks will work soon
[2017-10-22 14:24:54]
hostile :
you guys need your own ASCII art for the startup . =]
[2017-10-22 14:25:17]
hostile :
maybe @coldflake can get the iOS stuff integrated for non Android users.
[2017-10-22 16:03:08]
freaky123 :
really nice work done here guys! :smile:
[2017-10-22 16:03:23]
freaky123 :
:+1:
[2017-10-22 16:13:01]
jcarlo :
Great work guys!
[2017-10-22 20:37:45]
czokie :
More news for you @jezzab...
[2017-10-22 20:38:52]
czokie :
Two new proposed features for Frida.... (a) TCP listener port while in script mode that will provide log debug data, and (2) The ability to provide a frida config file in documents
[2017-10-22 20:39:08]
czokie :
Objection: He did a patch but it didnt fix our issue - still working on it
[2017-10-22 21:37:37]
jezzab :
Nice
[2017-10-22 21:41:56]
digdat0 :
hey guys - im gonna try and get my macos setup for ios, hope to help out
[2017-10-22 21:48:33]
czokie :
Awesome @digdat0....
[2017-10-22 21:48:56]
czokie :
To the sound of an Australian beer commercial "I can feel a video coming on..."
[2017-10-22 21:49:36]
czokie :
<https://www.youtube.com/watch?v=EjANSGRwoCM>
[2017-10-22 22:17:26]
jezzab :
You know what its called XXXX? Coz they couldnt spell beer :stuck_out_tongue:
[2017-10-22 22:17:34]
jezzab :
Actually I drink XXXX Gold lol
[2017-10-22 22:18:46]
jezzab :
I need to look more closely at the Objection suppiled hooks etc. There is a wealth of info with those and would save a lot of time working out which function is which for example. Most are injection but thats ok for testing and finding things
[2017-10-22 22:42:04]
czokie :
Ys - the objection supplied code is good. What I really want to work out is how to do a -self->datacomponent update instead of a return true
[2017-10-22 22:44:42]
jezzab :
What the type of the return?
[2017-10-22 22:44:55]
jezzab :
NSString, NSDictionary etc
[2017-10-22 22:45:53]
czokie :
There are some procedures that have no return value - void methods - but they update _self
[2017-10-22 22:46:55]
czokie :
It would be good to work out how to do that type of tweak as a swizzle...
[2017-10-22 22:49:44]
jezzab :
If you wrapped around that function you could be able to modify the last argument (a3) input
[2017-10-22 22:50:04]
jezzab :
The older was it was OnEnter
[2017-10-22 22:50:50]
jezzab :
i havent tried but using his supplied variables you may be able to do it with `selector[1] = 2` or what ever value
[2017-10-22 22:51:04]
jezzab :
just try and echo it to the debug
[2017-10-22 22:51:28]
jezzab :
`console.log('Value is: '+selector[1]);`
[2017-10-22 22:52:14]
czokie :
I like the wrap idea - simpler
[2017-10-22 22:53:02]
jezzab :
Then `self->_SSLPinningMode = a3;` will be called with what ever value you put into `selector[1]`
[2017-10-22 22:54:38]
czokie :
```if (ObjC.available) {
var AFSecurityPolicy = ObjC.classes.AFSecurityPolicy;
var setSSLPinningMode = AFSecurityPolicy['- setSSLPinningMode'];
var setSSLPinningModeImpl = setSSLPinningMode.implementation;
setSSLPinningMode.implementation = ObjC.implement(setSSLPinningMode, function (handle, selector, originalResult) {
setSSLPinningModeImpl(handle, selector, 0);
console.log('AFSecurityPolicy:setSSLPinningMode. Changing from: ', originalResult, 'to: 0');
});
}
```
[2017-10-22 22:54:44]
czokie :
Something like this perhaps?
[2017-10-22 22:56:08]
jezzab :
Might do it it yeah
[2017-10-22 22:57:45]
czokie :
Will try tonite
[2017-10-22 22:57:52]
jezzab :
This is the example I was trying to get you to get from him
[2017-10-22 22:57:54]
jezzab :
Just need one
[2017-10-22 22:58:00]
czokie :
Catching up on stuff after being off work last week
[2017-10-22 22:58:06]
jezzab :
I can do it the old way but need a swizzlin example
[2017-10-22 22:59:39]
czokie :
This one I think is good to go - just need to try it
[2017-10-22 23:09:29]
czokie :
I just tried it
[2017-10-22 23:09:33]
czokie :
appears to be working
[2017-10-22 23:09:36]
czokie :
will check charles proxy
[2017-10-22 23:09:55]
jezzab :
nice one
[2017-10-22 23:12:34]
czokie :
That works.
[2017-10-22 23:12:38]
czokie :
Nice and simple and clean
[2017-10-22 23:12:44]
czokie :
and no pinning at all with just one small hook
[2017-10-22 23:13:30]
jezzab :
whoot
[2017-10-23 04:02:22]
jezzab :
I think im going to wear out the USB port on my RC lol
[2017-10-23 05:04:43]
jezzab :
@hostile This 7 day resigning stuff isnt looking good.
[2017-10-23 05:10:08]
hostile :
sooo someone pay for a damn dev license lol
[2017-10-23 05:10:23]
jezzab :
HAHA that gets 100 from memory
[2017-10-23 05:10:36]
jezzab :
Just seeing if there is cheap signing services
[2017-10-23 05:10:39]
hostile :
plenty for our crew
[2017-10-23 05:10:56]
jezzab :
People could try with 7 day and then if they want pay the $4 - $15
[2017-10-23 05:10:57]
hostile :
I would not trust giving my ID to anyone but someone here
[2017-10-23 05:11:05]
jezzab :
:wink:
[2017-10-23 05:11:12]
jezzab :
truetrue
[2017-10-23 05:12:17]
jezzab :
hmm maybe I should renew my Dev account lol
[2017-10-23 05:13:07]
czokie :
But if we get a dev account - do we then distribute patched IPA's?
[2017-10-23 05:13:25]
czokie :
Starts to get messy.
[2017-10-23 05:15:22]
hostile :
someone like @coldflake could take on the burden
[2017-10-23 05:15:29]
coldflake :
@coldflake has joined the channel
[2017-10-23 05:15:48]
jezzab :
Ahhhhh
[2017-10-23 05:15:49]
jezzab :
:wink:
[2017-10-23 05:16:17]
hostile :
else… man up and deal with a license for your own .ipas, or the inconvenience of 7 day signings =]
[2017-10-23 05:16:33]
jezzab :
I use Android lol
[2017-10-23 05:16:38]
hostile :
haha
[2017-10-23 05:16:51]
hostile :
but really ColdFlake’s shit would be perfect for this
[2017-10-23 05:18:15]
czokie :
The good news - is that IPA's once built won't need rebuilding to use new .js files ... so we can update our hooks without re-distribute....
[2017-10-23 05:19:09]
jezzab :
Coldflake handling the dev account would be doable
[2017-10-23 05:21:20]
jezzab :
Small signing fee. Covers you for a year. Or like @hostile said, man up and just DIY every 7 days
[2017-10-23 07:47:05]
czokie :
**Our plan...**
1. **Standard Patched App**
- Build process for a patched app
- Want to wait for frida gadget update, that will support document directory config file
- Signed and distributed
2. **Persistent Config Structure**
- We should try to create a persistant config structure and associated methods
- Suggested Node.js
3. **Hook Template**
- Lock down templates for standard types of hooks
- Logging format and structure
- Can we reference a persistent config structure
4. **Hooks**
- Wish List Page
- Build Hooks
5. **User Interface**
- User interface to manipulate the persistent config structure
[2017-10-23 08:10:01]
jezzab :
76292 DJI functions in the Go app.... I like to gamble and see if I find a good one lol
[2017-10-23 08:29:37]
czokie :
76292?
[2017-10-23 08:29:59]
czokie :
:)
[2017-10-23 08:30:39]
czokie :
Another good place to start is to turn off lots of chatter.
[2017-10-23 08:37:17]
jezzab :
```bool __cdecl -[DJIBatteryManager isIllegalBattery](DJIBatteryManager *self, SEL a2)
{
return self->_isIllegalBattery;
}```
[2017-10-23 08:38:19]
czokie :
:)
[2017-10-23 08:38:29]
czokie :
Which is related to chatter
[2017-10-23 08:38:45]
czokie :
We should also disable the hash download for that file
[2017-10-23 08:39:03]
czokie :
Which will mean there are no illegal batteries
[2017-10-23 08:39:19]
jezzab :
Problem is every time I get into this I get distracted and go "ooooooooh THATS cool!"
[2017-10-23 08:40:18]
czokie :
How bout this. I will make a bash script that when provided the name of what it is we are tweaking and one of two template names, it can auto build our hook
[2017-10-23 08:41:26]
jezzab :
Making the hooks is easier then finding cool shit lol
[2017-10-23 08:42:07]
czokie :
Yeah. But we can industrialise the making of hooks. And then get others to help find cool shit with us
[2017-10-23 08:42:57]
jezzab :
bash it and go for everything that has a bool return lol should be a quick exercise
[2017-10-23 08:49:14]
kilrah :
LOL
[2017-10-23 08:50:38]
jezzab :
`bool __cdecl -[DJINFZUnlimitLogicManager shouldUnlimit]`
[2017-10-23 08:50:53]
jezzab :
:stuck_out_tongue:
[2017-10-23 08:51:07]
kilrah :
ooooooooooh
[2017-10-23 08:51:27]
jezzab :
`bool __cdecl -[DJINFZUnlimitLogicManager supportNFZ](DJINFZUnlimitLogicManager *self, SEL a2)`
[2017-10-23 08:51:40]
jezzab :
`bool __cdecl -[DJINFZUnlimitLogicManager shouldCreateAppLogic]`
[2017-10-23 08:51:54]
jezzab :
`bool __cdecl -[DJINFZUnlimitLogicManager shouldCreate1860Logic]`
[2017-10-23 08:51:59]
jezzab :
4 of my faves tonight
[2017-10-23 08:52:48]
opcode :
heh, great finding
[2017-10-23 08:53:04]
opcode :
"NFZ" and "logic" in one sentence ... lol
[2017-10-23 08:53:27]
coldflake :
That seem...unlogic lol
[2017-10-23 08:53:42]
jezzab :
guess i can try and set false on all and fire up the HackRF on the bench and pretend im at the airport. See if the props fire
[2017-10-23 08:53:58]
coldflake :
I guess you could
[2017-10-23 08:54:12]
coldflake :
I guess I could do the same if the fucking thing would work
[2017-10-23 08:54:19]
coldflake :
lol
[2017-10-23 08:54:28]
coldflake :
I can only get a fix on my tablet
[2017-10-23 08:54:42]
jezzab :
bird wont??
[2017-10-23 08:54:48]
coldflake :
...but I get it within 30 sec every time
[2017-10-23 08:54:49]
jezzab :
bird was the easy one
[2017-10-23 08:54:51]
coldflake :
Nöp
[2017-10-23 08:54:56]
coldflake :
Birds are pissed
[2017-10-23 08:55:16]
coldflake :
...as you know
[2017-10-23 08:55:31]
jezzab :
*breaks out the Al Foil.... sorry, Faraday cage*
[2017-10-23 08:55:58]
coldflake :
I have also tried it on a different laptop at a different location, far away from interfering devices
[2017-10-23 08:56:04]
coldflake :
Yes
[2017-10-23 08:56:22]
coldflake :
I will probably have to make myself a F cage
[2017-10-23 08:56:30]
coldflake :
But what a stinker
[2017-10-23 08:56:44]
jezzab :
Dammit. Gotta go through all the NASA files bullshit again
[2017-10-23 08:57:06]
coldflake :
Yes it also has a lot to do with that file as well
[2017-10-23 08:57:25]
coldflake :
Read somewhere that it was best to use data from the previous day
[2017-10-23 08:57:58]
jezzab :
had to be an N file not a G from memory?
[2017-10-23 08:58:03]
coldflake :
That also improved the lock on the tablet to insta lock every time
[2017-10-23 08:58:09]
jezzab :
[17.nZ](http://17.nZ)
[2017-10-23 08:58:13]
jezzab :
k
[2017-10-23 08:58:40]
coldflake :
The g files often don't show sat info when generating the bin file
[2017-10-23 08:58:50]
coldflake :
And the bin file is empty
[2017-10-23 08:59:01]
coldflake :
Completely borked
[2017-10-23 08:59:11]
jezzab :
yeah
[2017-10-23 08:59:42]
coldflake :
No the sleek hack is to capture it real-time instead of that file shit
[2017-10-23 09:10:41]
jezzab :
You used the joystick/keyboard one?
[2017-10-23 09:10:55]
coldflake :
Yes tried that one shortly
[2017-10-23 09:11:03]
coldflake :
Did it work better for you?
[2017-10-23 09:13:16]
jezzab :
works well just have to remember its FULL power lmao
[2017-10-23 09:14:33]
coldflake :
lol
[2017-10-23 09:40:46]
jezzab :
still more smarts. its stopping me
[2017-10-23 09:41:04]
jezzab :
but NFZ fuctions 2. 3 amd 4 of what i posted were called
[2017-10-23 14:26:25]
umbr4 :
@czokie so regarding the signing of the app, there is an install time validation that fails if the dev cert is >7days old or expired. But I wanted to test if the execution of the app still works after the 7 days if it is installed during the valid time.
[2017-10-23 14:28:14]
kilrah :
it won’t
[2017-10-23 14:28:52]
kilrah :
iDevice automatically revokes/wipes the cert after the 7 days
[2017-10-23 14:29:49]
kilrah :
have to deal with it regularly with my current jailbreak…
[2017-10-23 14:56:08]
umbr4 :
sigh, ya the code signing on iOS looks tight. Back to the frida debugging without USB, thinking about it and the problem we have with not being able to run a TCP listener on the idevice when the app is not launched in the debugger, the solution is to reverse the connection, have the frida dynlib initiate a client connection to a server running on the desktop, to objection for example.
[2017-10-23 19:33:28]
czokie :
@umbr4 The frida author agrees the TCP listener is a valid use case, and he will add this in a future frida release.
[2017-10-23 19:37:07]
hostile :
DJI hacking just advanced the possibilities in IOS hacking
[2017-10-23 19:37:08]
hostile :
=]
[2017-10-24 00:20:26]
jezzab :
```[*] Disabling Upgrade Notification
[*] Enabling Illegal Channels (32 Channels)
[*] Setting Forced FCC Mode```
[2017-10-24 00:23:06]
jezzab :
need to work out how to run a hook only once
[2017-10-24 00:26:40]
jezzab :
testing global vars now
[2017-10-24 00:51:03]
hostile :
set a global flag somewhere?
[2017-10-24 00:52:07]
jezzab :
globals work but problems
[2017-10-24 00:52:14]
jezzab :
im just trying to run a hook once
[2017-10-24 00:52:31]
jezzab :
basically I can get the FCC to work on P4 by tricking it to think its a Mavic product number lol
[2017-10-24 00:52:33]
jezzab :
BUT
[2017-10-24 00:52:43]
hostile :
that is what I mean set a global… FCChasRun…
[2017-10-24 00:52:48]
hostile :
and make the function check it
[2017-10-24 00:52:53]
hostile :
if flagged… do not run
[2017-10-24 00:52:57]
jezzab :
I need to change it back to P4 because when you go into the channels screen it shows as Mavic style and not P4 and gets shitty
[2017-10-24 00:53:04]
jezzab :
Did that
[2017-10-24 00:53:27]
jezzab :
but I think the issue is the hooks are implemented in the system
[2017-10-24 00:53:33]
jezzab :
so it doesnt go back to them
[2017-10-24 00:54:10]
jezzab :
So my plan was:
Change to mavic
Set FCC
Change back to P4 (or original code)
[2017-10-24 00:54:27]
jezzab :
ive done that and used an if statement for fcc_enabled = 1 etc
[2017-10-24 00:54:43]
jezzab :
and the hook will be selected to return original product code or mavic
[2017-10-24 00:54:50]
jezzab :
BUT it dosent work like that :disappointed:
[2017-10-24 00:55:19]
jezzab :
simple `if() else`
[2017-10-24 00:56:39]
jezzab :
gonna try something else
[2017-10-24 01:01:54]
jezzab :
w00t!
[2017-10-24 01:02:01]
jezzab :
overthought it and also a typo lol
[2017-10-24 01:04:48]
jezzab :
I have no idea what 32chan and FCC at the same time does lol
[2017-10-24 01:04:54]
jezzab :
But its on apparently
[2017-10-24 01:05:34]
jezzab :
Got a RF power meter coming so im gonna test some of this stuff
[2017-10-24 01:05:41]
jezzab :
..as best i can
[2017-10-24 01:08:08]
jezzab :
@czokie
[2017-10-24 01:11:42]
jezzab :
God I hate using xcode to format this .js, Tabs are all over the place and I have to use spaces instead. Glad im not working with a mate of mine, there would be a punch up when he opens it and finds out I used spaces not tabs
[2017-10-24 01:12:15]
hostile :
try jsbeautifier
[2017-10-24 01:12:32]
jezzab :
its the bloody auto formatting its doing
[2017-10-24 01:13:03]
jezzab :
shoots it half way across the fucking page. wont align with previous brackets. driving me nuts
[2017-10-24 01:13:28]
jezzab :
then i cut and paste one ive formatted and BOOM all screwed up
[2017-10-24 01:13:34]
jezzab :
*shakes fist*
[2017-10-24 01:15:02]
jezzab :
Right. Lets see if this debug just shows once now instead of streaming as its checked all the time
[2017-10-24 01:20:35]
jezzab :
Yeah baby!
```[*] Faking product code for FCC
[*] Disabling Upgrade Notification
[*] Bypassing Terms and Conditions
[*] Bypassing Terms and Conditions
[*] Disabling App Upgrade Check
[*] Disabling App Upgrade Check
[*] Disabling App Upgrade Check
[*] Disabling Upgrade Notification
[*] Disabling Upgrade Notification
[*] Disabling Upgrade Notification
[*] Disabling Upgrade Notification
[*] Disabling Upgrade Notification
[*] Disabling Upgrade Notification
[*] Enabling Illegal Channels (32 Channels)
[*] Setting Forced FCC Mode```
[2017-10-24 01:32:22]
czokie :
Like the faked product code.
[2017-10-24 01:32:39]
czokie :
That is one that I want to try on my p4p ...
[2017-10-24 01:36:46]
hostile :
you guys need to make a video
[2017-10-24 01:36:51]
hostile :
even of the basic functionality
[2017-10-24 01:38:05]
jezzab :
Ive got a face for radio :stuck_out_tongue:
[2017-10-24 01:38:48]
jezzab :
Be good if you could try it @czokie
Everything seems ok. Shows the full 32 channels and the FCC setting code was 100% called
[2017-10-24 01:46:07]
hostile :
I mean record the iphone screen lol
[2017-10-24 01:46:08]
jezzab :
Oh and ive forgotten but stand alone Frida. Does it take the apps document dir over the Frameworks dir? re the .js file. Just working out you could package a 'stock' exploit.js file in the Frameworks dir. And then drop in a replacement later to upgrade it
[2017-10-24 01:46:09]
hostile :
not your ugly grill
[2017-10-24 01:46:14]
jezzab :
I know I was jokin lol
[2017-10-24 01:46:17]
jezzab :
:stuck_out_tongue:
[2017-10-24 01:46:21]
hostile :
heh
[2017-10-24 03:52:24]
czokie :
Yes, it takes app documents dir as a priority... and yes, you can package a standard .js file...
[2017-10-24 03:52:34]
czokie :
and user uploads with same name in documents and it will cutover to that.
[2017-10-24 03:52:48]
jezzab :
excellent
[2017-10-24 05:54:15]
jezzab :
@czokie ive just added extra functions to the wiki and fixed a bit up. Hopefully I didnt screw it up lol. You can shuffle if needed. Ive tried to keep the debug output constant (even though only we will see it) and function that are 100% known working to no input/output printing. Looks pretty :stuck_out_tongue:
[2017-10-24 05:55:55]
jezzab :
The force_fcc is a duplicate but the one I added will do all aircraft not just Mavic
[2017-10-24 06:06:47]
czokie :
I am finished my draft of the function generator
[2017-10-24 06:07:08]
czokie :
once it is finished - I will replace that page... with two files... the bash script and a config file for it
[2017-10-24 06:08:02]
czokie :
the function also parses the reverse'd c source for some of what it does currently - not sure if I need that or I can remove it - but will see soon
[2017-10-24 06:09:02]
jezzab :
umm here do the hooks go? The ones that are there now?
[2017-10-24 06:10:03]
czokie :
the ones that are there now will be generated automatically by the script
[2017-10-24 06:10:21]
czokie :
just update the config and it will auto update / generate our hooks :slightly_smiling_face:
[2017-10-24 06:10:53]
jezzab :
Not following but Ill check out the end result.
[2017-10-24 06:11:33]
jezzab :
If that kills my formatting there will be hell to pay lol
[2017-10-24 06:11:41]
czokie :
Relax.
[2017-10-24 06:11:58]
czokie :
The good outcome - we can have really funky formatting - and it will be standardised funky formatting
[2017-10-24 06:12:59]
czokie :
Just add classname and method together with "our" value in a csv file - run the script, and it will produce js code that will do what we want....
[2017-10-24 06:13:33]
jezzab :
And how will that do global variables?
[2017-10-24 06:14:17]
jezzab :
```//Force FCC Mode
var shown=0;
var fcc_enabled;
var DJIAppSettings = ObjC.classes.DJIAppSettings;
var sdr_force_fcc = DJIAppSettings['- sdr_force_fcc'];
var sdr_force_fccImpl = sdr_force_fcc.implementation;
sdr_force_fcc.implementation = ObjC.implement(sdr_force_fcc, function (handle, selector) {
var originalResult = sdr_force_fccImpl(handle, selector);
console.log('[*] Setting Forced FCC Mode');
fcc_enabled = 1;
return 1;
});
//Fake Mavic for P4 FCC
var DJIProductManager = ObjC.classes.DJIProductManager;
var currentProductCode = DJIProductManager['+ currentProductCode'];
var currentProductCodeImpl = currentProductCode.implementation;
currentProductCode.implementation = ObjC.implement(currentProductCode, function (handle, selector) {
var originalResult = currentProductCodeImpl(handle, selector);
if(shown==0) {
console.log('[*] Faking product code for FCC');
shown=1;
}
if(fcc_enabled==0)
return 13; //mavic
else
return originalResult
});```
[2017-10-24 06:14:35]
czokie :
I have not seen your code yet - nor have I dont globals - but the idea is that we will be able to define variable names in the CSV as well - trust me - we can make it funky... but make it scalable too
[2017-10-24 06:46:38]
jezzab :
And @hostile, I have renewed my Dev account so if any of the OGs wanna have a play/test before @coldflake sets stuff up I just need the UDID of the phone/tablet and thats it (not your AppleID). 1 year signed.
[2017-10-24 08:07:14]
jezzab :
What do you think this is for? `[DJIWifiLogic isInCEAera:]`
[2017-10-24 08:07:23]
jezzab :
Spark?
[2017-10-24 08:39:33]
czokie :
Nope
[2017-10-24 08:39:37]
czokie :
is in a CE area
[2017-10-24 08:39:39]
czokie :
:slightly_smiling_face:
[2017-10-24 08:39:49]
czokie :
ie - not FCC
[2017-10-24 08:40:14]
jezzab :
I know that lol
[2017-10-24 08:40:22]
jezzab :
But this is WIFI
[2017-10-24 08:40:44]
czokie :
True
[2017-10-24 08:40:48]
czokie :
Spark makes most sense
[2017-10-24 08:41:05]
czokie :
but mavic can do wifi too
[2017-10-24 08:42:21]
jezzab :
Yeah true
[2017-10-24 08:42:39]
jezzab :
just weird with the whole FCC/CE and wifi thing
[2017-10-24 09:28:35]
czokie :
OK. Some updates... Just going to share the input and output of the current tweak-o-matic ... but still want more time to clean up the source before I share it - Keen for feedback on the current output. Yes, there is more work to do to handle complex functions - but I'll do that soon.
[2017-10-24 09:31:26]
czokie :
csv has template name, class, method, overwrite-value, tweaked-log-message, un-tweaked-log-message.
[2017-10-24 09:31:44]
jezzab :
looks good
[2017-10-24 09:31:49]
jezzab :
but the code results a bit out
[2017-10-24 09:32:00]
jezzab :
`originalResult === {1}`
[2017-10-24 09:32:12]
jezzab :
==
[2017-10-24 09:32:15]
jezzab :
no { }
[2017-10-24 09:32:40]
czokie :
gimme a bit :slightly_smiling_face:
[2017-10-24 09:32:58]
czokie :
Also had bad input data in csv - just saw it - editing
[2017-10-24 09:36:23]
czokie :
OK. Edited it above
[2017-10-24 09:36:36]
jezzab :
still too many `===`
[2017-10-24 09:36:39]
jezzab :
`==`
[2017-10-24 09:36:49]
czokie :
=== is valid
[2017-10-24 09:37:01]
jezzab :
its not normal code
[2017-10-24 09:37:03]
jezzab :
at all
[2017-10-24 09:37:07]
jezzab :
its = or ==
[2017-10-24 09:37:15]
jezzab :
= sets to the value
== tests it
[2017-10-24 09:37:42]
czokie :
And === is the same as == but it is only equal if the types are identical.... preventing bugs with type conversion and casting
[2017-10-24 09:38:46]
czokie :
I knew about it in other languages - and I googled before doing === in js.... and the site I found commented that == is evil :slightly_smiling_face:
[2017-10-24 09:41:43]
jezzab :
I’m used to C. === is bizarre to me but whatever
[2017-10-24 09:42:08]
czokie :
=== is in C too if I remember correctly
[2017-10-24 09:42:11]
jezzab :
Didn’t think we would have problems with ints
[2017-10-24 09:42:57]
czokie :
yeah - but since this is a code generator - we could have other comparisons later - with quoted strings in the csv file for example
[2017-10-24 09:43:03]
jezzab :
Not in C
[2017-10-24 09:43:10]
czokie :
true for that
[2017-10-24 09:43:13]
czokie :
for strings
[2017-10-24 09:43:47]
czokie :
but still for pointers versus integers
[2017-10-24 09:44:09]
czokie :
C does support ===
[2017-10-24 09:44:14]
czokie :
for java - <https://stackoverflow.com/questions/359494/which-equals-operator-vs-should-be-used-in-javascript-comparisons>
[2017-10-24 09:44:57]
jezzab :
That’s java
[2017-10-24 09:45:07]
czokie :
Yeah - thats java...
[2017-10-24 09:45:26]
jezzab :
Which has === there is no === in C
[2017-10-24 09:45:28]
jezzab :
Anyway
[2017-10-24 09:46:52]
jezzab :
So the bash script pulls the csv file and generates the output .js?
[2017-10-24 09:46:58]
czokie :
yep
[2017-10-24 09:47:29]
jezzab :
Ok cool
[2017-10-24 09:47:45]
jezzab :
So a GUI is simple then
[2017-10-24 09:48:14]
czokie :
I stand corrected
[2017-10-24 09:48:15]
czokie :
<https://stackoverflow.com/questions/20930470/is-triple-equal-to-a-valid-operator-in-c>
[2017-10-24 09:48:30]
czokie :
Might have been perl
[2017-10-24 09:49:39]
jezzab :
So the bash script can run under what in Win?
[2017-10-24 09:50:38]
czokie :
But we wont run this bash script on our IOS device... The idea is just to make it easy to add new hooks in a standard way.... Later, will add an extra field to the CSV which will be the "dictionary" name and "config datatype" fields... which will hook into a config class (to be created)... and a gui class.... (to be created)... but it will be heaps easy with standard architecture like this....
[2017-10-24 09:51:02]
jezzab :
Yeah
[2017-10-24 09:51:27]
czokie :
I dont have IOS device with me on laptop (watching tv with wife)
[2017-10-24 09:51:37]
jezzab :
Nah I was just thinking about creating the csv file and running the bash script from win to punch out a .js
[2017-10-24 09:51:41]
czokie :
Could you test the JS it generated - and let me know if its got any issues?
[2017-10-24 09:51:59]
jezzab :
Give me a sec
[2017-10-24 09:58:19]
jezzab :
Works but there is something missing
[2017-10-24 09:58:30]
jezzab :
The firmware update message came up
[2017-10-24 09:58:49]
jezzab :
and the debug lines arnt showing the first one
[2017-10-24 09:59:01]
czokie :
Did you get ANY debug logs?
[2017-10-24 09:59:07]
jezzab :
Yup
[2017-10-24 09:59:09]
jezzab :
one sec
[2017-10-24 09:59:22]
jezzab :
ahh
[2017-10-24 09:59:25]
jezzab :
this is missing
[2017-10-24 09:59:28]
jezzab :
```//Bypass upgrade notification on splash screen
var DJIUpgradeNotifyViewModel = ObjC.classes.DJIUpgradeNotifyViewModel;
var notifyHidden = DJIUpgradeNotifyViewModel['- notifyHidden'];
var notifyHiddenImpl = notifyHidden.implementation;
notifyHidden.implementation = ObjC.implement(notifyHidden, function (handle, selector) {
var originalResult = notifyHiddenImpl(handle, selector);
console.log('[*] Disabling Upgrade Notification');
return 1;
});```
[2017-10-24 09:59:44]
czokie :
Yeah - Not all are in the CSV yet.
[2017-10-24 09:59:49]
czokie :
It was just a sample...
[2017-10-24 09:59:52]
jezzab :
Thats ok
[2017-10-24 09:59:53]
czokie :
I need to review your newer stuff
[2017-10-24 10:00:21]
jezzab :
```unknown application [net] # import test.js
Job: e5bee5ad-bde7-43ca-86a8-6840e1912ed5 - Starting
Job: e5bee5ad-bde7-43ca-86a8-6840e1912ed5 - Started
unknown application [net] # [*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] Terms and conditions already accepted
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] Terms and conditions already accepted
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] Upgrade Check: Already checked
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] Upgrade Check: Already checked
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] Upgrade Check: Already checked
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] Forced FCC mode already active
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] Flight Records admin user already enabled
[*] Flight Records admin user already enabled```
[2017-10-24 10:00:55]
jezzab :
See its always showing our result
[2017-10-24 10:01:37]
jezzab :
I see why
[2017-10-24 10:02:16]
czokie :
possibly the ===
[2017-10-24 10:02:28]
czokie :
there may be a type conversion if the original variable is not an int or whatever
[2017-10-24 10:02:41]
jezzab :
nah i think they are the other way
[2017-10-24 10:02:45]
jezzab :
just running thru it
[2017-10-24 10:03:11]
jezzab :
So if force FCC was 0
[2017-10-24 10:03:20]
jezzab :
it would say its already active
[2017-10-24 10:03:24]
jezzab :
then we set it to 1
[2017-10-24 10:03:36]
jezzab :
and if it was hit again it would say ACTIVATED
[2017-10-24 10:03:48]
jezzab :
but its not called again for example
[2017-10-24 10:05:22]
jezzab :
The pinning will only show BYPASSED if it sent a 0
[2017-10-24 10:06:08]
czokie :
Fixing two things
[2017-10-24 10:06:09]
czokie :
one sec
[2017-10-24 10:06:53]
jezzab :
Just set it to what its doing. You can't really read the state unless the main app is calling it with that state
[2017-10-24 10:07:02]
czokie :
Edited the post above
[2017-10-24 10:07:11]
czokie :
(rather than having bad code here)
[2017-10-24 10:07:13]
czokie :
Try that one
[2017-10-24 10:07:59]
czokie :
(And I added your new method)
[2017-10-24 10:10:27]
jezzab :
```com.dji.go on (iPad: 11.0.1) [net] # [*] Terms and conditions BYPASSED
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] Upgrade Check: DISABLED
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] Upgrade Check: DISABLED
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] Upgrade Check: DISABLED
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] Upgrade Check: DISABLED
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] Upgrade Notification already disabled
[*] Upgrade Notification already disabled
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] SSL Pinning not used this time
[*] Upgrade Notification already disabled
[*] Upgrade Notification already disabled
[*] Forced FCC Mode ACTIVATED
```
[2017-10-24 10:10:52]
jezzab :
That was the code block you edited
[2017-10-24 10:10:59]
jezzab :
is the .js you just posted different?
[2017-10-24 10:11:06]
czokie :
Its the same - it was just a comment to it
[2017-10-24 10:11:12]
jezzab :
ok
[2017-10-24 10:11:14]
czokie :
to make it easier to find
[2017-10-24 10:11:32]
czokie :
So that debug was from my code Yes?
[2017-10-24 10:11:38]
jezzab :
yes
[2017-10-24 10:11:45]
czokie :
AWESOME
[2017-10-24 10:12:42]
czokie :
So - I will look at the other more complex ones in your batch - to see if I can find commonality that can be re-used...
[2017-10-24 10:13:07]
czokie :
and build templates for that tomorrow
[2017-10-24 10:13:49]
jezzab :
And please... please remove the space before the [*] on the SSL lmao
[2017-10-24 10:13:51]
jezzab :
its killing me
[2017-10-24 10:14:34]
jezzab :
be we do need to code in a bit to suppress some stuff
[2017-10-24 10:15:02]
czokie :
I was thinking - in the CSV - we can define "" as the log message - and suppress it in that case
[2017-10-24 10:15:06]
czokie :
but thats up to us.
[2017-10-24 10:15:22]
jezzab :
yeah something like that
[2017-10-24 10:15:33]
czokie :
brb
[2017-10-24 10:15:36]
jezzab :
I had to do it in the newer stuff for the product version
[2017-10-24 10:16:07]
jezzab :
it was streaming. You could implement the same very easily for others
[2017-10-24 10:16:30]
jezzab :
Hit, Flag, if flag set, dont display
[2017-10-24 10:17:25]
jezzab :
Im Frida'd out for one day. Ive ripped through 4 mavic batterys and 2 P4 ones
[2017-10-24 10:17:30]
jezzab :
Beer and TV time
[2017-10-24 10:18:25]
czokie :
watching a show with wife - and she wants me to watch this bit - back l8r
[2017-10-24 10:47:13]
jezzab :
Well things are coming along nicely. Bit of work to catch up to the Android crew but getting there
[2017-10-24 10:47:42]
czokie :
Wadda ya mean - They need to catch up with us and get Frida in their APK
[2017-10-24 10:47:58]
czokie :
They've admitted that the obsfuscation is a pain it the ass - perhaps Frida might help there :slightly_smiling_face:
[2017-10-24 10:53:11]
jezzab :
I mean the features
[2017-10-24 10:53:31]
jezzab :
But yeah we are using the latest app which is good. So one up there
[2017-10-24 11:51:07]
cs2000 :
@czokie @jezzab You guys have made so much progress since i was testing your initial musings Czokie, very well done but you're now FAR out of my league. I can offer 2 things though, If you guys need server space for anything, more than happy to give you access, but probably more importantly, do we need an iOS dev account? Part of the reason i stopped testing was having to keep resigning and reloading different app versions. Im happy to renew my dev account, this will allow (i think) up-to 100 devices to be running the modified app. Obviously if this app ever gets released commercially, there will have to be some element of costs covered, but for now im happy to foot the bill. let me know.
[2017-10-24 12:09:29]
jezzab :
I’ve renewed my dev account, which like you said, will do up to 100 of iPad and 100 iPhone but it would mostly be for testing with the locals around here (including yourself of course). The idea is NLD will provide the service of providing th dev account and adding UDIDs and what not. Then it’s all out of everyone’s hands and we can just provide the .js patch file and update it from then on ;)
[2017-10-24 13:04:32]
cs2000 :
Cool, sounds good :slightly_smiling_face:
[2017-10-26 03:40:14]
jezzab :
@czokie flew with the standalone patched app, didnt have any problems :slightly_smiling_face:
[2017-10-26 03:51:42]
nocommie :
Out of curiosity (I use android myself) what app version are you guys currently working on? Is it the latest? What patches are likely to be available? (login bypass etc?)
[2017-10-26 03:52:34]
jezzab :
latest .12
[2017-10-26 03:52:50]
jezzab :
Still have to work on the login bypass
[2017-10-26 03:53:14]
nocommie :
what patches are currently being worked on?
[2017-10-26 03:58:17]
jezzab :
These are done and work:
FCC on P4 and Mavic (DJIConfig file hack to make FCC on P4 doesnt work)
32 Channel on P4
No auto app upgrades
No firmware upgrade notification
Skip term agreement (was really just a test)
Admin mode in flight logs (not really useful. shows info in chinese in the map screen and saves more info in the exported CSV logs)
Baby steps. Still lots to find/do :slightly_smiling_face:
[2017-10-26 03:58:43]
nocommie :
Wow awesome job man!
[2017-10-26 03:58:55]
jezzab :
We're getting there
[2017-10-26 03:59:16]
nocommie :
Seems you may be bypassing the android app patches soon.
[2017-10-26 03:59:31]
czokie :
How did u validate FCC on p4?
[2017-10-26 03:59:35]
nocommie :
I may switch to apple if you get the login bypass on teh latest app :slightly_smiling_face:
[2017-10-26 03:59:51]
czokie :
measuring gear? or range test?
[2017-10-26 04:00:11]
jezzab :
I couldnt. The fucktards that sold me the RF meter decided to send it regular post instead of the express post I paid for. Better turn up tomorrow
[2017-10-26 04:00:25]
czokie :
Im keen to see the result of that.
[2017-10-26 04:00:43]
jezzab :
Couldnt test the range, its blowing a gale. i mainly wanted to see if the bird was ok with the newer FW and older flight controller (it was)
[2017-10-26 04:00:47]
jezzab :
Me too
[2017-10-26 04:01:15]
jezzab :
If it wasnt so windy I would have given it a crack, My P4 has always dropped out very quick in the test area
[2017-10-26 04:01:24]
jezzab :
like circa 800m
[2017-10-26 04:02:16]
jezzab :
I dont think ive flown it in that area with the Android app patched for FCC.
[2017-10-26 04:03:01]
jezzab :
Actually i have..... up. And the range was about the same....
[2017-10-26 04:04:01]
jezzab :
You would know the range of yours pretty well. You should give it a crack.
[2017-10-26 04:07:00]
jezzab :
I forgot how loud the P4 is
[2017-10-26 04:09:12]
jezzab :
@nocommie im going to start working on the offline login again. Ive looked at it and their claws run deep. But need to find just the right function
[2017-10-26 05:22:52]
arrvodesign :
@jezzab I updated removeLogin and removeUpdateForce for 4.1.10 Android
[2017-10-26 06:38:09]
czokie :
Aircraft is now on the way to DJI - to fix my gimbal flop problem....
[2017-10-26 06:38:22]
czokie :
This weekend - will do more on the template hook generator....
[2017-10-26 06:38:32]
czokie :
just got a bit of "non-drone" stuff to deal with at the moment
[2017-10-26 06:41:06]
jezzab :
I forgot about that
[2017-10-26 08:21:41]
czokie :
Love it
[2017-10-26 08:47:36]
jezzab :
Hmm thought I bypassed the login. Put in a test email address and password and went in
[2017-10-26 08:47:50]
jezzab :
Turns out it was a real login and i guessed the pw lol
[2017-10-26 09:12:10]
jezzab :
[test@test.com](mailto:test@test.com)
[2017-10-26 09:12:14]
jezzab :
who would have thought lol
[2017-10-26 09:12:42]
cs2000 :
lol, nice way to bypass login, just use that as a hardcoded username and password combo (joking)
[2017-10-26 09:16:17]
jezzab :
i considered it lol it has one no gps log lol
[2017-10-26 09:16:22]
jezzab :
a burner id say
[2017-10-26 09:26:42]
haloweenhamster :
What would be stranger is if someone use my usual I@dont.know
[2017-10-26 13:05:14]
nocommie :
@jezzab sweet. That is the biggest thing keeping me from running the latest official android with the mixed modules. I just hate doing that. Who knows what they are capturing when you log in. Wouldnt surprise me if they decide to brick devices with unofficial FW. I do have a ipad mini I can test with if you need something tested with the mav or spark (both have mix matched modules. I guess I would have to jailbreak it first though.
[2017-10-26 13:07:20]
nocommie :
LOL I have used [fucku@fucku.com](mailto:fucku@fucku.com) quite a few times.
[2017-10-26 13:31:56]
hostile :
<https://dji-rev.slack.com/archives/C6KG1UDRS/p1508827598000141>
[2017-10-26 13:32:05]
hostile :
@jezzab happy to guinnea pig some stuff soon
[2017-10-26 13:39:37]
umbr4 :
Ya we should also note that if you sign the app yourself or use someone here's dev membership with UDID then no jailbroken device is required.
[2017-10-27 18:59:50]
kilrah :
4.1.14: <https://www.dropbox.com/s/fevy0hvpe1ah3gn/DJI%20GO%204%20%5BDJI%5D%20%28v4.1.14%20v3005%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2017-10-27 21:37:36]
cs2000 :
Thanks mate. Just what we need, another damn update!!
[2017-10-27 21:42:12]
czokie :
Hi @kilrah - Someone already posted links at <https://dji.retroroms.info/howto/iosmod>
[2017-10-27 21:42:14]
czokie :
:slightly_smiling_face:
[2017-10-27 21:43:06]
czokie :
Whoops - stand corrected - that was .12
[2017-10-27 21:47:29]
jcarlo :
Those IPA files can just be loaded to iTunes to non jail broken iPhone?
[2017-10-27 21:48:06]
czokie :
They are decrypted - you can install with various tools like ifunbox - but 7 day life span then reinstall
[2017-10-27 21:48:16]
czokie :
unless you get your own developer account
[2017-10-27 22:04:30]
jcarlo :
What about just regular 12.6 iTunes version?
[2017-10-27 22:19:27]
umbr4 :
the ipa's delivered via itunes are encrypted for specific devices using apple's drm.
[2017-10-27 22:22:17]
umbr4 :
but there are instructions in the wiki for using the unencrypted ipas and applying the patches that folks have worked out, it is a bit of work to setup an environment to sign and run them, but not too much :slightly_smiling_face:
[2017-10-27 22:25:29]
jcarlo :
Ok thanks
[2017-10-28 10:20:46]
haloweenhamster :
Apparently now on 4.1.15
[2017-10-28 10:23:08]
jezzab :
That was quick
[2017-10-28 10:25:16]
jezzab :
Is there a decrypted version? I'll run it thru IDA tomorrow
[2017-10-28 10:26:23]
jezzab :
And what's new in 4.1.14 and 4.1.15?
[2017-10-28 10:50:29]
haloweenhamster :
On mavic pilots
"There was a problem with viewing the flight log files and GO4 app crashing with ver 4.1.14 that appears to be fixed with ver 4.1.15. I talked to DJI support yesterday and informed them of the issue with ver 4.1.14 and he was going to talk to their developer about the problem. Looks like he did."
[2017-10-28 14:27:08]
kilrah :
dang, they're quick
[2017-10-28 14:28:18]
jcarlo :
Thank god for Charles Proxy!
[2017-10-28 14:40:09]
kilrah :
4.1.15 (wait 10 minutes or so for transfer to complete) <https://www.dropbox.com/s/7vxcg9im99olr46/DJI%20GO%204%20%5BDJI%5D%20%28v4.1.15%20v3008%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2017-10-29 00:01:54]
jezzab :
IDA is churning away....
[2017-10-29 00:02:36]
czokie :
I finished all 4.0.x - will start 4.1.x next day or two - to complete the archive.
[2017-10-29 00:02:42]
czokie :
I just needed a bit of downtime :slightly_smiling_face:
[2017-10-29 00:03:11]
czokie :
And the fact that my home network needed a bit of TLC - Spent a lot of time on that yesterday.
[2017-10-29 00:21:14]
czokie :
OK - so I lied - starting 4.1.0 in IDA now :slightly_smiling_face:
[2017-10-29 00:21:26]
czokie :
May as well have the computer doing something
[2017-10-29 00:22:10]
czokie :
I gather there is a CLI for IDA - I’d love a CLI that takes IPA input, and does the initial parsing, and then generate .h and .c files
[2017-10-29 00:22:19]
czokie :
Then I’d script the whole damm thing
[2017-10-29 00:22:39]
jezzab :
Could probably just make a script in IDA. Never tried that
[2017-10-29 00:23:14]
czokie :
Anyway. I’m gonna let it run and I’ll go clean up my “bomb site” where I pulled half of my house apart while doing network upgrades :slightly_smiling_face:
[2017-10-29 00:36:18]
jezzab :
When does the quiz get loaded? Its in .12 as well.
<http://staticpage.djiservice.org/quiz/>
[2017-10-29 01:45:39]
jezzab :
```void __cdecl -[DJIAppSettings loadDJICfg](DJIAppSettings *self, SEL a2)
{
self->_canUseIllegalChannels = 0;
self->_mfiDisable = 0;
self->_firmwareServiceType = 0;
self->_limitCameraRecordingTime = 1;
self->_simulatorInternalDisable = 0;
}```
[2017-10-29 01:45:53]
jezzab :
4.1.15
Think someones watching
[2017-10-29 02:01:43]
czokie :
Doesnt matter any more
[2017-10-29 02:02:33]
hostile :
watch away !
[2017-10-29 02:02:43]
czokie :
This is why I am doing old versions
[2017-10-29 02:02:44]
hostile :
You could have binoculars, but you can’t see the OGs!
[2017-10-29 02:02:48]
czokie :
to diff what they are doing :slightly_smiling_face:
[2017-10-29 02:02:59]
czokie :
or more importantly - what they have already done
[2017-10-29 02:03:10]
czokie :
They might be watching, but we are watching MORE
[2017-10-29 02:03:16]
jezzab :
this is the old function:
[2017-10-29 02:03:19]
jezzab :
```void __cdecl -[DJIAppSettings loadDJICfg](DJIAppSettings *self, SEL a2)
{
DJIAppSettings *v2; // x19
void *v3; // x0
__int64 v4; // x20
void *v5; // x0
void *v6; // x21
void *v7; // x0
void *v8; // x0
void *v9; // x0
__int64 v10; // x8
void *v11; // x0
void *v12; // x0
void *v13; // x0
char v14; // w22
v2 = self;
+[DJIFileHelper fetchDocumentPath](&OBJC_CLASS___DJIFileHelper, "fetchDocumentPath");
v3 = (void *)objc_retainAutoreleasedReturnValue();
objc_msgSend(v3, "stringByAppendingPathComponent:", CFSTR(".DJI.configs"));
v4 = objc_retainAutoreleasedReturnValue();
objc_release();
objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:", v4);
v5 = (void *)objc_retainAutoreleasedReturnValue();
v6 = v5;
if ( v5 )
{
v2->_canUseIllegalChannels = 0;
v2->_mfiDisable = 0;
v2->_firmwareServiceType = 0;
v2->_limitCameraRecordingTime = 1;
v2->_simulatorInternalDisable = 0;
if ( (unsigned __int64)objc_msgSend(v5, "length") >= 0x29 )
{
v7 = (void *)objc_retainAutorelease();
if ( **((_BYTE **)objc_msgSend(v7, "bytes") + 39) == 1 )
{
v2->_canUseIllegalChannels = 1;
}
}
if ( (unsigned __int64)objc_msgSend(v6, "length") >= 0x2A )
{
v8 = (void *)objc_retainAutorelease();
if ( **((_BYTE **)objc_msgSend(v8, "bytes") + 40) == 1 )
{
v2->_mfiDisable = 1;
}
}
if ( (unsigned __int64)objc_msgSend(v6, "length") >= 0x2D )
{
v9 = (void *)objc_retainAutorelease();
v10 = **((unsigned __int8 **)objc_msgSend(v9, "bytes") + 43);
if ( (_DWORD)v10 == 2 )
{
v2->_firmwareServiceType = 2;
}
else
{
v2->_firmwareServiceType = v10 == 1;
}
}
if ( (unsigned __int64)objc_msgSend(v6, "length") >= 0x2E )
{
v11 = (void *)objc_retainAutorelease();
if ( **((_BYTE **)objc_msgSend(v11, "bytes") + 44) == 1 )
{
v2->_limitCameraRecordingTime = 0;
}
}
if ( (unsigned __int64)objc_msgSend(v6, "length") >= 0x2F )
{
v12 = (void *)objc_retainAutorelease();
if ( **((_BYTE **)objc_msgSend(v12, "bytes") + 45) == 1 )
{
v2->_simulatorInternalDisable = 1;
}
}
if ( (unsigned __int64)objc_msgSend(v6, "length") >= 0x31 )
{
v13 = (void *)objc_retainAutorelease();
v14 = **((_BYTE **)objc_msgSend(v13, "bytes") + 48);
if ( v14 & 1 )
{
-[DJIAppSettings setSdr_force_fcc:](v2, "setSdr_force_fcc:", 1LL);
}
if ( v14 & 2 )
{
-[DJIAppSettings setSdr_force_boost:](v2, "setSdr_force_boost:", 1LL);
}
if ( v14 & 4 )
{
-[DJIAppSettings setSdr_force_2_3_G:](v2, "setSdr_force_2_3_G:", 1LL);
}
if ( v14 & 8 )
{
-[DJIAppSettings setSdr_force_2_5_G:](v2, "setSdr_force_2_5_G:", 1LL);
}
}
}
objc_release();
objc_release();
}```
[2017-10-29 02:03:48]
hostile :
dude with FRIDA… they are fucked… not much they can do about you guys now.
[2017-10-29 02:03:50]
hostile :
Its game over
[2017-10-29 02:04:06]
czokie :
So - .config file support is no longer native…
[2017-10-29 02:04:11]
jezzab :
yup
[2017-10-29 02:04:19]
czokie :
So what
[2017-10-29 02:04:45]
czokie :
.hook support - I would LOVE it if they included the frida gadget in standard build - it’d save us a lot of effort….
[2017-10-29 02:04:53]
czokie :
but fact is - we can do it….
[2017-10-29 02:05:04]
czokie :
and more importantly - we can hook whatever we want
[2017-10-29 02:05:34]
czokie :
But yes - They are looking.
[2017-10-29 02:06:04]
czokie :
They are listening…
[2017-10-29 02:06:05]
czokie :
<https://www.youtube.com/watch?v=OPwPo-IAQ-E>
[2017-10-29 02:06:35]
czokie :
HEY DJI - CAN YOU HEAR ME NOW?
[2017-10-29 02:06:37]
hostile :
:joy:
[2017-10-29 02:07:01]
czokie :
Whoops. I was shouting ….. Sorry if I deafened you DJI
[2017-10-29 02:08:01]
jezzab :
Just signing the new .15 and installing it
[2017-10-29 02:14:37]
jezzab :
Nothing to see here. As you were
[2017-10-29 02:14:43]
jezzab :
Everything works as before
[2017-10-29 02:15:16]
czokie :
<https://ci.memecdn.com/10197555.jpg>
[2017-10-29 02:15:55]
hostile :
DJI… you gonna have to come correct to stop the crew… best investigate some encryption so we can fuck that up for you like we did on Android :wink:
[2017-10-29 02:16:03]
czokie :
I am writing some code at the moment to build some VPN’s using weird custom shit - after I finish that - I will come back and have a look at my hook generator
[2017-10-29 02:16:21]
jezzab :
I am most curious about one function and key
[2017-10-29 02:16:38]
czokie :
Encryption? Its already DRM encrypted…. and we get the IPA’s like a few moments after release…. Give up DJI
[2017-10-29 02:17:13]
hostile :
I meant like StringFog… and poor attempts at obfuscation. =]
[2017-10-29 02:17:57]
jezzab :
`[DJIUserBehaviorEvent updateFirmwareSign]`
[2017-10-29 02:18:32]
czokie :
The above was a lame meme - this is a little better
[2017-10-29 02:18:43]
czokie :
<http://apollo-na-uploads.s3.amazonaws.com/1439853186/8n1h0u.jpg>
[2017-10-29 02:18:53]
czokie :
We’re already in the chocolate room!
[2017-10-29 02:19:09]
czokie :
And yes, update firmware sign would be a cool one to look at.
[2017-10-29 02:19:29]
jezzab :
[DJIUserBehaviorEvent AESEncode:]
[2017-10-29 02:19:32]
jezzab :
:wink:
[2017-10-29 03:27:01]
jezzab :
BWAHAHAHA @hostile
[2017-10-29 03:29:05]
czokie :
This is new - or been around for a while? And is that un-changed source? :slightly_smiling_face:
[2017-10-29 03:29:22]
jezzab :
Its in the old .12 source
[2017-10-29 03:29:30]
jezzab :
and that snippet is from .15
[2017-10-29 03:29:49]
jezzab :
Unchanged source direct from the 4.1.15 app in IDA lol
[2017-10-29 03:30:23]
czokie :
Thats probably how they set their IV in other code … they just dont know what it is….
[2017-10-29 03:37:09]
jcarlo :
This channel is so exciting!
[2017-10-29 03:42:14]
jezzab :
<https://github.com/bang590/JSPatch/blob/master/Loader/libs/RSA.m>
[2017-10-29 03:56:47]
jezzab :
```//a tag to read/write keychain storage
NSString *tag = @"RSAUtil_PubKey";
NSData *d_tag = [NSData dataWithBytes:[tag UTF8String] length:[tag length]];```
[2017-10-29 04:04:26]
hostile :
Beahahahahahahahaah @jezzab
[2017-10-29 04:04:46]
hostile :
Jspatch is how they push silent update btw
[2017-10-29 06:03:31]
czokie :
DJI - Its not too late is it? We dont mind if you put jspatch back in…. Really we dont!
[2017-10-29 15:09:01]
hostile :
@czokie <https://github.com/bang590/JSPatch/blob/master/Loader/libs/RSA.m#L78>
[2017-10-29 15:09:45]
hostile :
is that stuff still in $current?
[2017-10-29 15:17:18]
hostile :
hah… looks like I ran across that a month ago. <https://twitter.com/d0tslash/status/896887402211311616>
[2017-10-29 15:18:01]
hostile :
so you could patch JSPatch to use our own HotPatch URL, and we could push hot patches. lol.
[2017-10-29 21:20:24]
jezzab :
I think it might just be the RSA function left over. I’ll have to take mor of a look
[2017-10-29 21:26:14]
hostile :
That would be kinda weird in and of itself… either remove the library, or don’t. =]
[2017-10-29 21:36:51]
jezzab :
ok so that function is called by `[dji_RSASHA256VerifyWithSignature:publicKey:]`
[2017-10-29 21:37:29]
jezzab :
and that is called by `[DJIAreaCodeManager readAreaCodeDataFromFilePath:]`
[2017-10-29 21:38:19]
jezzab :
and another sub function: `sub_10180F944(__int64 a1)`
[2017-10-29 21:38:28]
jezzab :
which is doing NFZ stuff
[2017-10-29 21:38:43]
jezzab :
`objc_msgSend(v6, "objectForKey:", CFSTR("X-Flysafe-Signature"));`
[2017-10-29 21:41:48]
jezzab :
and this `[DJIFlySafeAppLimitDB loadFlySafeStaticLimitDB]`
[2017-10-29 22:54:52]
hostile :
could be for the unlock requests… @opcode you paying attention?
[2017-10-29 22:58:07]
the_lord :
the response of the unlock contains keys as well
[2017-10-29 23:36:49]
tazdavid98 :
Hi guys, quick question. I’m trying to replace the default .DJI.configs in the decrypted iOS app 4.1.15. Here is the default file:
[2017-10-29 23:37:18]
jezzab :
the 4.1.15 app doesnt load the .DJIconfig file
[2017-10-29 23:37:52]
jezzab :
How it is now in 4.1.15
[2017-10-29 23:38:02]
tazdavid98 :
I mean, default config found here: “DJI\ GO\ 4.app/DJIPilotResources.bundle/plist/.DJI.configs”
[2017-10-29 23:38:34]
tazdavid98 :
then replace it, and resigned the ipa.
[2017-10-29 23:39:54]
tazdavid98 :
(using the hack from <http://dji.retroroms.info/howto/iosmod>)
[2017-10-29 23:40:29]
tazdavid98 :
@jezzab so you mean, there is no way to force FCC by replacing the default config file using this hack ?
[2017-10-29 23:56:14]
jezzab :
I think you will find its completely ignored now. The main `[DJIAppSettings init]` function goes through everything and then runs the `[DJIAppSettings loadDJICfg]` above. which is hard coded values now. In .12 and below that function parsed the `.DJI.configs` file. And depending on the values would set the values
[2017-10-30 00:01:10]
jezzab :
I posted the old function ^^^^ there further
[2017-10-30 00:41:26]
czokie :
Was that only in .15 ??? We should post details of the last supported version.
[2017-10-30 00:41:30]
czokie :
In wiki
[2017-10-30 00:49:28]
jezzab :
Never checked .14
[2017-10-30 00:49:42]
jezzab :
So some time after .12
[2017-10-30 00:50:10]
czokie :
Was there a .13 ? Guessing they skipped that in case birds started dropping from the sky?
[2017-10-30 00:57:30]
jezzab :
.14 had busted flight logs anyway didnt it, thats why they brought out .15 so quickly?
[2017-10-30 04:25:06]
jezzab :
Also the `canUseIllegalChannels` stuff is gone too. Where it used to also check the `.dji.configs` file
[2017-10-30 04:25:29]
jezzab :
`return 0`
[2017-10-30 07:59:03]
opcode :
looks like when enrypted flysafe db updates get pulled and merged in the local db.
[2017-10-30 10:53:24]
tazdavid98 :
ah :cry:, so no way to force FCC with ipa reversing in 4.1.15 app ...
[2017-10-30 11:11:08]
jezzab :
Not the way your doing it no. As I posted earlier, we can do it with our hooks/Frida :) tested and works
[2017-10-30 11:27:02]
jezzab :
Dive in, the waters warm
[2017-10-30 22:30:33]
prelator :
So what is the last version of the IOS app that you could use the DJI.configs files with?
[2017-10-30 22:31:53]
jezzab :
.12 works
[2017-10-30 22:31:56]
jezzab :
.15 wont work
[2017-10-30 22:32:14]
jezzab :
.14 is unknown but it wasnt around for long and had issues apparently with flight logs and crashing
[2017-10-30 22:34:42]
prelator :
ah, thanks
[2017-10-30 22:41:02]
prelator :
Good thing I just updated to .12 this weekend and hadn't updated to .15 yet.
[2017-10-30 22:42:10]
jezzab :
what bird you flying with?
[2017-10-30 22:43:41]
prelator :
Mavic. I just did the trick with updating everything except the flight controller modules to the latest firmware and updating the IOS app to .12 so I could get quickshots while still being able to disable to altitude limit etc.
[2017-10-30 22:43:50]
jezzab :
ok
[2017-10-30 22:44:20]
prelator :
I also just tried the boost config for the first time and noticed slight improvements flying around my very RF noisy neighborhood
[2017-10-30 22:44:36]
prelator :
So glad to hear that was actually working and wasn't just placeebo.
[2017-10-30 22:45:04]
jezzab :
Its loaded. Just if you have a P4/P4P its skipped for the forceFCC stuff
[2017-10-30 22:45:34]
prelator :
Yeah I knew that. I only have a Mavic so I'm glad it works on that.
[2017-10-30 23:08:35]
jcarlo :
@prelator any NFZ warnings showing?
[2017-10-30 23:27:32]
prelator :
Haven’t tried a red zone but I have gotten the notice that I’m in a warning zone when flying from the park by my house.
[2017-10-30 23:28:23]
prelator :
Every time I take off I get the flight limited to 30 meters message but it has no effect.
[2017-10-30 23:28:48]
jezzab :
I get that with the Android app .700
[2017-10-30 23:30:36]
haloweenhamster :
I'm sure there will be a hook for that soon
[2017-10-30 23:59:18]
jezzab :
Hate when your searching for something and you cant find it because its spelt wrong in the code
[2017-10-31 00:45:59]
jcarlo :
I'm just too lazy to uninstall my iTunes again to get go4 app iOS 4.1.10 using Charles proxy
[2017-10-31 02:12:54]
jezzab :
ffs `return self->_isChineaseUser;`
[2017-10-31 02:12:57]
jezzab :
I rest my case
[2017-10-31 02:13:08]
czokie :
I found that before
[2017-10-31 02:13:16]
jezzab :
cool
[2017-10-31 02:13:23]
czokie :
shared @ the time - Is hilarious
[2017-10-31 04:34:48]
jezzab :
Well i got 2km in the usually test area with the iOS app and P4
[2017-10-31 04:34:55]
jezzab :
usually its around 700m ish
[2017-10-31 04:35:11]
jezzab :
Thats with the FCC applied and 32 chan
[2017-10-31 04:35:20]
jezzab :
P4 is always shit in that spot
[2017-10-31 04:35:27]
jezzab :
So thats a good sign
[2017-10-31 08:56:14]
czokie :
Put the txt and shell script in a directory. Execute. Output is a set of hooks. Easy to add new items to CSV and keep code relatively uniform
[2017-10-31 08:56:56]
czokie :
jhg = JavascriptHookGenerator in case you wondered :slightly_smiling_face:
[2017-10-31 09:23:23]
jezzab :
dammit. I was hoping for `prettywoman.sh`
[2017-10-31 09:23:32]
jezzab :
She was a hooker
[2017-10-31 09:47:00]
czokie :
Like it - renamed :slightly_smiling_face:
[2017-10-31 09:52:31]
czokie :
I googed pretty woman meme - and found this <https://i.imgflip.com/18jp4t.jpg> … Dont know thats quite the look I was after….
[2017-10-31 13:16:33]
hostile :
nice work @czokie! Lol Pretty Woman. =]
[2017-10-31 13:36:05]
cs2000 :
Added the 4.1.15 app as a torrent and updated the wiki too. Thanks for the file :slightly_smiling_face:
@jcarlo 4.1.10 is available decripted here <https://mega.nz/#!57g2lJoa!rOfVDNPB4ccWmu8ZE05VUXFaNo1p7VYbaTJPRTKukaE> or <http://dji.polybotes.feralhosting.com/GO4/IPK/4.1.10.torrent>
Im guessing they saw how easy we were manipulating the app with the .dji_Configs and decided to pull it. To late we already have the keys to the castle :wink:
[2017-11-01 02:18:57]
czokie :
Debugged the hooks (and PrettyWoman) ... Resulting hook that I loaded is attached below
[2017-11-01 02:20:58]
hostile :
I’m not aware of any app that is this well tooled up!
[2017-11-01 02:21:02]
hostile :
hats off , jolly good show
[2017-11-01 02:23:00]
czokie :
Simple message: When we find new stuff we want to tweak, its just another line in the CSV file, and PrettyWoman brings all the hooks together. And the DJI GO app is well and truely ____ed
[2017-11-02 00:54:44]
jcarlo :
So what is the difference between the decrypted IPA vs regular. Can I use this forever? I download that app above 4.1.10
[2017-11-02 00:55:15]
czokie :
Decrypted IPA needs to be signed before installing….
[2017-11-02 00:55:31]
czokie :
If you are not modding it - you can just do that with something like cydia impactor
[2017-11-02 00:55:49]
czokie :
But that lasts 7 days before you need to resign
[2017-11-02 00:56:13]
czokie :
If you will be modding it - you can do the same thing - but using other tools - like those listed on our frida page.
[2017-11-02 00:56:32]
czokie :
If you pay $100 to Apple each year for a dev account - you dont need to reinstall every week.
[2017-11-02 00:56:59]
czokie :
BUT: Some time in the future - when we get our shit together, you may find a pre-signed app appear via one of the OG websites to make life easy
[2017-11-02 00:57:51]
czokie :
What I will say - the person in question said they’d be buying a mac mini for the purpose of building and signing.
[2017-11-02 00:57:55]
czokie :
Not sure on that status.
[2017-11-02 00:58:24]
czokie :
but in parallel - we’re refining the build and tweak process….
[2017-11-02 00:58:49]
czokie :
search for “pretty woman” in here for what I’ve been playing with
[2017-11-02 01:04:09]
jcarlo :
Thanks it's time play
[2017-11-02 01:05:33]
jcarlo :
But do I need a jail broken iPhone?
[2017-11-02 03:01:35]
czokie :
Nope
[2017-11-02 03:01:46]
czokie :
but if u have one - it means you dont need to worry about the resigning
[2017-11-02 03:19:18]
jcarlo :
Last time I jailbrake phone was iPhone 3G
[2017-11-02 14:02:42]
cs2000 :
Hopefully sooner rather than later seeing as 4.1.15 has nuked the dji_configs, stupid CE mode :disappointed:
[2017-11-02 19:45:43]
haloweenhamster :
@jezzab do you use <https://github.com/dpnishant/appmon> ?
[2017-11-02 20:50:10]
jezzab :
Actually no. I completely forgot about it! Thanks for the reminder, I wanna check it out coz it looks the goods
[2017-11-02 21:29:02]
haloweenhamster :
i went to try it but got a page full of errors, it requires python, downloading kali at the moment
[2017-11-02 22:03:41]
jezzab :
works, nice
[2017-11-02 22:08:13]
czokie :
Screenshot?
[2017-11-02 22:09:44]
jezzab :
Very slow
[2017-11-02 22:10:03]
jezzab :
Was reading and its stopped. Have to startit again but its great to see the functions called and data
[2017-11-02 22:10:06]
jezzab :
need more playing
[2017-11-02 22:10:18]
czokie :
Indeed.
[2017-11-02 22:10:27]
czokie :
It was on my todo list for a long time too.
[2017-11-02 22:10:40]
jezzab :
Think i need to work out though is a faster way to run it. It deploys and code signs it every fucking time
[2017-11-02 22:13:27]
jezzab :
ahh i think i can just run the launch script
[2017-11-02 22:15:48]
jezzab :
Ill have to play with it another time. Cant get past the terms screen its breaking with SSL certs
[2017-11-03 23:01:36]
jezzab :
Ok so it was the way I was firing it up. Should be like this on non jailbroken:
`python appmon.py -a Gadget -p ios -s scripts/iOS/JSON/NSJSONSerialization_JSONObjectWithData.js`
[2017-11-03 23:01:57]
jcarlo :
They just released a new version
[2017-11-03 23:02:04]
jezzab :
Its nice to see all of the data that comes back from the APIs too :wink:
[2017-11-03 23:02:06]
jezzab :
LOL
[2017-11-03 23:03:43]
jezzab :
Whats "new" in this version?
[2017-11-03 23:03:47]
jezzab :
.16 I assume
[2017-11-03 23:05:49]
jcarlo :
Weird it's still .15 but dated today. Must be revision changed
[2017-11-03 23:11:04]
jezzab :
Becoming a joke
[2017-11-03 23:12:05]
jcarlo :
Yup.
[2017-11-04 08:17:47]
kilrah :
not offered anything new here
[2017-11-04 09:16:27]
kilrah :
actually it's weird, itunes sees no update but my ipad sees 4.1.16
[2017-11-04 09:21:39]
czokie :
Using a different upstream cache of some ind…
[2017-11-04 14:12:44]
vasek_r :
Seems the 4.1.5 caused problems with iOS 11.1 thats might be the reason why the 4.1.16 appeared
<https://mavicpilots.com/threads/iphone-ios-11-1.28089/>
[2017-11-04 14:13:20]
vasek_r :
Oops 4.1.15 not 4.1.5
[2017-11-04 14:42:41]
jcarlo :
I was downloading previous iOS last night using Charles proxy. There are two versions of 4.1.15 and just now I see 4.1.16
[2017-11-04 15:54:29]
jcarlo :
So what are the thing can we mod?
[2017-11-04 16:03:24]
hostile :
@kilrah “actually it’s weird, itunes sees no update but my ipad sees 4.1.16” this is the point at which you guys start looking at those “hot_update” features. :wink:
[2017-11-04 16:09:46]
kilrah :
Lol I mean the app store is offering the update, doubt dji have THAT much power :sweat_smile:
[2017-11-04 16:46:30]
kilrah :
ah found the reason, had logged out of my itunes account, seems it doesn't check for updates then
[2017-11-04 17:01:03]
kilrah :
<https://www.dropbox.com/s/1sh6o8q377ducpy/DJI%20GO%204%20%5BDJI%5D%20%28v4.1.16%20v3014%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2017-11-04 17:29:38]
hostile :
I’d love to know more about “api/static_resources/hot_update” and how it is used if you guys get bored
[2017-11-05 16:54:03]
cs2000 :
@kilrah just checking, is this decrypted? I’m assuming the answer is yes :+1:
[2017-11-05 20:59:27]
hostile :
yes
[2017-11-05 21:36:29]
kilrah :
yup as usual
[2017-11-05 22:43:20]
jezzab :
Can someone <!here> please test the install of the re-signed IPA? I need your UDID of your device and I will add it to my dev account.
[2017-11-05 22:44:00]
jezzab :
I have externally tested it by codesigning the ipa and then loading it in with iTunes on another PC and its fine but obviously thats MY device I signed it for
[2017-11-05 23:45:29]
jcarlo :
Ooooh I'll volunteer.
[2017-11-05 23:47:40]
jezzab :
shoot me a PM.
[2017-11-05 23:49:28]
jezzab :
I think I have worked it out now.
[2017-11-05 23:52:06]
jezzab :
Hmm maybe not
[2017-11-06 02:56:15]
jezzab :
What a mission! I think it might work now lol. F**king Apple and their bullshit blackmagic signing crap. Provision, certificates blah blah.
[2017-11-06 04:51:05]
jezzab :
we're on a winner. Thanks @jcarlo for testing :slightly_smiling_face:
[2017-11-06 04:52:36]
jcarlo :
Thank you very much @jezzab and everyone working on this iOS
[2017-11-06 07:41:23]
jezzab :
Frida will be a no go in Android at the moment on the newer versions. Because it requires the repacking of the apk after the Frida .so file is added, secneo detects the repacking and kills it.
[2017-11-06 08:27:53]
haloweenhamster :
How about 4.1.9? From what @bin4ry said its the last one that wasn't encrypted
[2017-11-06 08:28:53]
bin4ry :
4.1.9 is possible to add Frida
[2017-11-06 08:29:04]
bin4ry :
But would not help much since we can also patch it
[2017-11-06 08:29:50]
czokie :
Can we rip out secneo ?
[2017-11-06 08:30:34]
czokie :
There will be a call to secneo. First frida hook will be "yep. Nothing to see here. All secure boss"
[2017-11-06 08:34:38]
bin4ry :
Secneo works like this: I encrypts all dex and stores it into the APK. Then calls to the secneo lib are put into the class constructor, dex will be decrypted in memory. Also it encrypts all assets. So if I just rip it out we don't have the classes only thing to do is either reverse the lib of secneo to find the decrypt key or dump the decrypted files from memory. After you have that you can just assemble and APK without secneo
[2017-11-06 10:40:34]
czokie :
Add frida. Then Hook the secneo calls. During init , it may be possible to get a key which can then be used to do full decrypt.
[2017-11-06 10:59:58]
bin4ry :
Already tried. Not possible because secneo detects the tamper and quits
[2017-11-06 11:01:18]
cs2000 :
Sorry if this is a stupid question, but why in particular would there be a difference between iOS and Android app, as far as this secneo goes I mean.
[2017-11-06 11:03:19]
jezzab :
It’s like packing a Exe on a pc.
[2017-11-06 11:03:46]
jezzab :
They use secneo to encrypt and protect their apk
[2017-11-06 11:05:51]
jezzab :
<https://www.secneo.com/Product>
[2017-11-06 11:05:57]
jezzab :
AppShield
[2017-11-06 11:06:30]
jezzab :
iOS signing policies are more intense
[2017-11-06 11:08:35]
jezzab :
Secneo is android only
[2017-11-06 11:12:50]
jezzab :
And say I resign an app and someone downloads it, I have to add their UDID to my iOS dev provisioning profile and embed it into that ipa or they try and install it and it I’ll fail at 70% with a signing error. Because it checks the codesigning, provisioning profile/certificate and UDID of the device on install.
[2017-11-06 11:14:50]
jezzab :
I wish I didn’t blow over 6 hours today learning and hating this god damn process lol
[2017-11-06 11:20:19]
jezzab :
But then again you can just sign it yourself for free and use your own 7 day only provisioning
[2017-11-06 11:24:54]
czokie :
Binary. Share your secneo hooks. Maybe we can share some love with what we've already learnt.
[2017-11-06 11:26:38]
jezzab :
You can’t even just unpack and repack the apk untouched
[2017-11-06 11:27:22]
jezzab :
It fails
[2017-11-06 11:32:08]
bin4ry :
Correct. A simple repacking breaks secneo. I need to remove it completely to make it work again. It is possible I think but it is not noob friendly
[2017-11-06 11:32:39]
bin4ry :
If I had an iPhone I would join the ipa reversing team to help out here
[2017-11-06 12:55:40]
tazdavid98 :
I'll try the Frida mod with prettywoman tonight on my iPhone SE. (<http://dji.retroroms.info/howto/iosfrida>) No Apple dev license.
I'll let you know of anyhing goes wrong.
[2017-11-06 22:23:17]
jcarlo :
Any one here on the latest iOS 11? Does it still work on the older iTunes?
[2017-11-06 22:23:46]
jcarlo :
I have been holding it off. Still on 10.3.2
[2017-11-06 22:24:30]
jezzab :
My iPad is on 11.01 and using iTunes 12.6
[2017-11-06 22:31:58]
jcarlo :
Thanks jezzab.
[2017-11-06 23:02:10]
czokie :
PrettyWoman uploaded to wiki <https://dji.retroroms.info/howto/fridahooklibrary>
[2017-11-06 23:04:40]
jezzab :
Everything still working with 4.1.16
[2017-11-06 23:04:43]
czokie :
Enjoy @tazdavid98
[2017-11-06 23:04:47]
czokie :
Of course.
[2017-11-06 23:04:53]
czokie :
why wouldnt it be?
[2017-11-06 23:04:54]
czokie :
:slightly_smiling_face:
[2017-11-06 23:05:02]
jezzab :
So you looked at the code and tested it?
[2017-11-06 23:05:29]
czokie :
I thought your comment was a statement, not a question.
[2017-11-06 23:05:43]
czokie :
My bird is being shipped back to me this week - so can test soon.
[2017-11-06 23:05:51]
jezzab :
I just tested it. I ran it though IDA yesterday and did some checking
[2017-11-06 23:31:12]
jezzab :
Lots of these vision modes like quick movies and stuff check the product but also the camera fw version
[2017-11-06 23:31:32]
czokie :
yep - Expected that.
[2017-11-06 23:32:08]
jezzab :
Well ive confirmed it lol
[2017-11-06 23:32:42]
jezzab :
Nailed down a few of the product codes so far
[2017-11-06 23:52:25]
jcarlo :
Thank you guys for working on the iOS app. Very much appreciated!
[2017-11-07 00:59:00]
czokie :
Any other new hook ideas that would fit into the CSV?
[2017-11-07 09:53:07]
opcode :
@czokie did you see any camera related stuff? Still looking to change AEB Value from 0.7 to 1.0 and timed shot in .dng down to 1 second.
[2017-11-07 09:55:20]
opcode :
and warnings pop-up "Remote Controller Right Dial Locked. Lightly press it to adjust." Couldnt find it in the Android APK
[2017-11-07 23:56:23]
jcarlo :
Lol. Did they revised 4.1.16
[2017-11-07 23:56:48]
jcarlo :
It showing a released date of today
[2017-11-08 16:37:46]
tazdavid98 :
aaannnndddd 4.1.17 is out
[2017-11-08 19:14:36]
kilrah :
crap, ipad's gone flat
[2017-11-08 19:53:03]
kilrah :
<https://www.dropbox.com/s/xcojdgpg26k0x7g/DJI%20GO%204%20%5BDJI%5D%20%28v4.1.17%20v3015%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2017-11-08 19:55:49]
czokie :
Just a wild guess - the flurry of firmware might be related to that new flighthub product?
[2017-11-08 19:56:32]
kilrah :
app you mean?
[2017-11-08 19:56:56]
kilrah :
haven't seen much in terms of new FWs lately...
[2017-11-08 20:10:55]
czokie :
<http://www.dji.com/flighthub>
[2017-11-08 20:11:26]
czokie :
They'd need to get data into this new "soc2" us soil based platform
[2017-11-08 20:11:47]
czokie :
so assume there must be a config in DJI go...
[2017-11-10 10:09:07]
cs2000 :
Just loading 4.1.14 into torrents. Thanks Kilrah
[2017-11-10 17:01:54]
kilrah :
there's 16 too already :wink:
[2017-11-10 20:55:42]
coldflake :
They just keeps spewing them out, is it anythning else than bug fixes?
[2017-11-10 21:04:07]
haloweenhamster :
17 is out isn't it?
[2017-11-10 21:17:52]
jezzab :
DJI Go 4.1.17-nightly.ipa
[2017-11-11 08:40:44]
kilrah :
LOL
[2017-11-11 08:40:59]
kilrah :
it's getting to that indeed :sweat_smile:
[2017-11-11 08:41:41]
kilrah :
yup 17 was above too, even forgot about it lol
[2017-11-11 08:50:07]
czokie :
OK. Good news people. Just wanted to share two things.
[2017-11-11 08:50:20]
czokie :
Firstly, no adverse effects from flying with the tweak’d app.
[2017-11-11 08:50:40]
czokie :
However, I did get an inconsistent firmware popup and it tried to upgrade something - I did a cancel, reboot RC, and all worked. Not sure why yet
[2017-11-11 08:50:54]
czokie :
Did some sports mode flying - no more gimbal flop’s
[2017-11-11 08:51:44]
czokie :
Actually - I had one flop - but only one - and it corresponded with an alert max gimball movement or whatever - the wind was high at that moment, so I’ll call that expected behaviour.
[2017-11-11 08:51:47]
czokie :
Overall - for the first time, I have an aircraft without any hardware defects. Woo Hoo!
[2017-11-11 08:52:05]
czokie :
Tomorrow - intend to do range test - will verify the FCC aspects if thats all good.
[2017-11-11 09:01:54]
czokie :
Oh - and it also asked for a NFZ update - will look at that and the inconsistent firmware later tonight or tomorrow
[2017-11-11 09:10:46]
jezzab :
I haven't patched the NFZ DB update dialogue yet.
[2017-11-11 09:11:00]
czokie :
Yeah
[2017-11-11 09:11:08]
czokie :
I was just starting to read c code again :slightly_smiling_face:
[2017-11-11 09:11:18]
czokie :
Couldnt find the inconsistent firmware stuff
[2017-11-11 09:11:20]
jezzab :
Did your batteries match the AC fw?
[2017-11-11 09:11:36]
czokie :
Good question
[2017-11-11 09:11:44]
jezzab :
That would cause an inconsistent fw
[2017-11-11 09:12:05]
czokie :
U know - I didnt even think to check AC firmware version - I just assumed it was the most recent - reason why - I flew earlier in the day with no issues. AC came back with same serial#
[2017-11-11 09:12:12]
czokie :
just replaced gimbal motor
[2017-11-11 09:12:20]
jezzab :
Put me down for its an old version
[2017-11-11 09:12:32]
czokie :
will check tomorrow
[2017-11-11 09:15:47]
jezzab :
Where did the Inconsistent Fw show?
[2017-11-11 09:16:26]
jezzab :
In the main flying screen? Ie where it shows thr NFZ update message
[2017-11-11 09:17:12]
jezzab :
Because if the firmware is out of date it will be suppressed on thr entry screen.
[2017-11-11 09:17:33]
jezzab :
Which works 110% and both my AC are out of date
[2017-11-11 09:19:14]
jezzab :
It will show in the sidebar there is an update though. Where you get flight warnings etc
[2017-11-11 09:26:33]
czokie :
not in sidebar
[2017-11-11 09:26:39]
czokie :
was a popup dialogue
[2017-11-11 09:30:56]
jezzab :
Yup
[2017-11-11 09:31:01]
jezzab :
Figured
[2017-11-11 16:52:25]
hostile :
I have a question @jezzab @czokie do you think it is possible for me to talk you into looking at the hot_update mechanism a bit? I keep wondering about patching the JSPatch or hot_update to accept patches from our own server for a few reasons.
[2017-11-11 16:52:48]
hostile :
one we can push users fixes… two we may be able to demonstrate potential DJI capability to push out malicious packages IF they decided to
[2017-11-11 16:53:12]
hostile :
<https://dji-rev.slack.com/archives/C6KG1UDRS/p1509816578000046>
[2017-11-11 17:03:59]
hostile :
also <!here> app_limit.db onboard_limit.db app.db and onboard.db may be worth eyeballing
[2017-11-11 17:04:16]
hostile :
DJILImitDBUpdateLogic() I think is the function
[2017-11-11 19:31:39]
jcarlo :
@jezzab I tested your 4.1.15 app today using latest firmware with 700 fc and factory NFZ. I didn't mod any parameters. I'm withing five miles so I'm close to yellow zone and NFZ. So yellow zone and near nfz warning are showing. I also got the update nfz fllysafe warning on the app but hit ignore. The only thing I see wrong with the app is the quick shots is not showing.
[2017-11-11 20:11:01]
czokie :
That doesnt make sense. Are you saying you have no patch file loaded but have a frida mod'd app and quickshots failed?
[2017-11-11 20:54:32]
jcarlo :
The only patch was his exploit js
[2017-11-11 21:18:22]
jcarlo :
I just tried it with regular app from App Store and it's not showing also. Maybe it's the combination of my firmware that is not making it show
[2017-11-11 21:40:06]
czokie :
Think that it more likely.
[2017-11-11 21:48:06]
jcarlo :
Last week I tried it with 400fc and quick shots is there. But I was using regular app that time. Time to flash again and see if it works with jezzab app
[2017-11-11 22:27:21]
jezzab :
I’ll have a sniff around
[2017-11-11 23:16:55]
jezzab :
`“api/static_resources/hot_update` is used in `[AppDelegate prepareForDynamicLocalization]` but that function is never called
[2017-11-11 23:19:00]
jezzab :
The Bugly stuff does have some hotfix functions but they have been nopped out, `;`
[2017-11-11 23:24:37]
jezzab :
I dont think I would want to be running this app in China based on the things I've seen......
[2017-11-12 00:18:18]
jezzab :
I forgot I had actually done this a while ago but had the code remarked out in another file
[2017-11-12 00:18:38]
jezzab :
```//Remove NFZ DB Upgrade
var DJILImitDBUpdateLogic = ObjC.classes.DJILImitDBUpdateLogic;
var needUpdateType = DJILImitDBUpdateLogic['- needUpdateType'];
var needUpdateTypeImpl = needUpdateType.implementation;
needUpdateType.implementation = ObjC.implement(needUpdateType, function (handle, selector) {
var originalResult = needUpdateTypeImpl(handle, selector);
console.log('[*] Removing NFZ DB Update Message');
return 0;
});
```
[2017-11-12 00:18:59]
jezzab :
That should fix your NFZ DB upgrade message @czokie @jcarlo
[2017-11-12 00:26:57]
jezzab :
Ill sign up .17 and give it a go. Plus run it though IDA now
[2017-11-12 01:20:08]
jezzab :
@jcarlo the Quick Movie should be defined by the camera firmware:
[2017-11-12 01:20:54]
jezzab :
```void __cdecl -[DJIVisionCapabilityCheckModel checkSupportMavicQuickMovie](DJIVisionCapabilityCheckModel *self, SEL a2)
{
DJIVisionCapabilityCheckModel *v2; // x19
signed __int64 v3; // x2
DJIVisionCapabilityCheckModel *v4; // x0
v2 = self;
if ( +[DJIProductManager currentProductCode](&OBJC_CLASS___DJIProductManager, "currentProductCode") != Mavic_Pro
&& +[DJIProductManager currentProductCode](&OBJC_CLASS___DJIProductManager, "currentProductCode") != Mavic_Plat
|| (unsigned int)-[DJIVisionCapabilityCheckModel visionFirmwareVersion](v2, "visionFirmwareVersion") < 0x1020060 )
{
v4 = v2;
v3 = 0LL;
}
else
{
v3 = 1LL;
v4 = v2;
}
-[DJIVisionCapabilityCheckModel setSupportMavicQuickMovie:](v4, "setSupportMavicQuickMovie:", v3);
}```
[2017-11-12 02:07:49]
hostile :
@jezzab I did some hunting, and it looks like a legacy function. There are even refrences to it in the Android code.
[2017-11-12 02:08:11]
hostile :
“I dont think I would want to be running this app in China based on the things I’ve seen......” I suspect you are correct.
[2017-11-12 09:42:17]
czokie :
I will add the NFZ check you posted before @jezzab to PrettyWoman
[2017-11-12 09:43:41]
czokie :
This one line of CSV replicates that :slightly_smiling_face:
[2017-11-12 09:43:42]
czokie :
jsfunction,DJILImitDBUpdateLogic,needUpdateType,-,0,[*] Removing NFZ DB Update Message,,0
[2017-11-12 09:45:15]
czokie :
And output hook code also updated
[2017-11-12 09:45:37]
jezzab :
?
[2017-11-12 09:45:42]
czokie :
//
// DJILImitDBUpdateLogic needUpdateType jsfunction
//
var DJILImitDBUpdateLogic = ObjC.classes.DJILImitDBUpdateLogic;
var needUpdateType = DJILImitDBUpdateLogic['- needUpdateType'];
var needUpdateTypeImpl = needUpdateType.implementation;
needUpdateType.implementation = ObjC.implement(needUpdateType, function (handle, selector) {
var originalResult = needUpdateTypeImpl(handle, selector);
if ( originalResult != 0 ) {
if ( 00 == 0 || DJILImitDBUpdateLogicneedUpdateTypeSeenReplace == 0 ) {
console.log("[*] Removing NFZ DB Update Message");
DJILImitDBUpdateLogicneedUpdateTypeSeenReplace = 1;
}
} else {
if ( 00 == 0 || DJILImitDBUpdateLogicneedUpdateTypeSeenHit == 0 ) {
console.log("");
DJILImitDBUpdateLogicneedUpdateTypeSeenHit = 1;
}
}
return 0;
});
[2017-11-12 09:45:48]
czokie :
auto generated code in the wiki page
[2017-11-12 09:45:52]
jezzab :
Yeah cool
[2017-11-12 09:46:07]
czokie :
Some time - I want to do two tweaks to PrettyWoman
[2017-11-12 09:46:18]
czokie :
Will omit console log if empty
[2017-11-12 09:46:20]
jezzab :
Can it find the functions too? lol
[2017-11-12 09:46:29]
jezzab :
Coz thats the killer. Not the code
[2017-11-12 09:46:47]
czokie :
and also - want to get it to not send to console log - if launched via springboard with no remote frida connection
[2017-11-12 09:46:50]
czokie :
Yeah. Tell me about it
[2017-11-12 09:47:05]
czokie :
I've been otherwise occupied (Fixing car).
[2017-11-12 09:47:36]
czokie :
Bloody electric window. Part cost about $100 on ebay - MUCH more if I had purchased at dealer - and fitting - well lets not go there
[2017-11-12 09:47:49]
jezzab :
Got your AC back now so your set
[2017-11-12 09:47:58]
czokie :
Yep.
[2017-11-12 09:48:04]
czokie :
I did a distance test today.
[2017-11-12 09:48:30]
czokie :
At max range that I usually fly - I usually dont descend below 120m ... but today, descended to 55 meters before I was close to loss of signal
[2017-11-12 09:49:30]
jezzab :
So your flying from an elevated position?
[2017-11-12 09:49:40]
czokie :
yep - same usual elevated position
[2017-11-12 09:49:48]
czokie :
mega obstacles in my path
[2017-11-12 09:50:03]
czokie :
before - could not descend
[2017-11-12 09:50:09]
jezzab :
Ok, always thought you were on a lake but.. flat/same level
[2017-11-12 09:50:17]
czokie :
river.
[2017-11-12 09:50:26]
jezzab :
Knew it was something with water lol
[2017-11-12 09:50:34]
czokie :
But - to this farthest point - need to go around a corner so to speak
[2017-11-12 09:50:41]
jezzab :
ah yeah
[2017-11-12 09:51:23]
jezzab :
Good stuff. Showing the same results I saw with my P4 and the FCC test.
[2017-11-12 09:52:58]
jezzab :
Your mate took his Mav out for a fly too. Went from 2.5km to 4.3km :wink: No doubt he told you already
[2017-11-12 09:54:13]
czokie :
yep
[2017-11-12 09:54:28]
czokie :
fyi - I am still doing IDA of old versions
[2017-11-12 09:54:30]
czokie :
building up the library
[2017-11-12 09:54:36]
czokie :
just had other shit taking up my time too
[2017-11-12 09:55:17]
jezzab :
Seems the last couple are stability fixes and things. Plus I think they had issues with the iPhone X for some reason
[2017-11-12 10:05:18]
jezzab :
Guess we will see how many versions that come out this week lol
[2017-11-12 10:13:18]
czokie :
yep
[2017-11-12 17:34:48]
jcarlo :
@jezzab app works great. Upgrade NFZ flysafe is not showing anymore. I tested rth and failsafe and dronie. All worked well. Again I'm using latest fw with 700fc and factory NFZ
[2017-11-12 21:03:55]
czokie :
So - Next task: Some tweaks that pull the NFZ database from somewhere else... but it might just have to be "modified" a little :slightly_smiling_face:
[2017-11-12 21:06:15]
czokie :
Me personally - I dont have a problem with NFZ data - but I'd like a way for self unlock. I want to know when I am flying somewhere dangerous - but I dont need an company in a foreign country to become the enforcer.
[2017-11-12 22:28:37]
czokie :
But one bit of feedback - having had some thoughts on this (over breakfast). How do we manage balance in this area. I know that Binary for example pulled his NFZ patch from the APK… and without wanting to put words in his mouth, this is a complicated issue. How do we manage a balance between freedom, safety, and stupidity. For example. I understand that the NFZ blocks flights in locations with military action. How should the balance be maintained?
[2017-11-12 22:30:56]
jezzab :
I personally won't be adding any hooks to do that. If people would like to do it, then there are other methods around now to do it. By mixing and matching modules, params etc
[2017-11-12 22:41:12]
czokie :
yeah. I am in two minds… Like I said - for me - I’d like to not be hindered as a licensed commercial operator.
[2017-11-12 22:42:01]
czokie :
but how do we walk the tightrope to give flexibility to people like me, but still keeping some sanity and stupidity protection in there.
[2017-11-12 22:42:55]
jezzab :
You mean give something away for free and then have to authorise certain people to use it/bypass it? Sounds familiar lol
[2017-11-12 22:44:50]
jezzab :
You can only just unlock it all and hope for the best
[2017-11-12 22:46:57]
jezzab :
Based on the video I saw the other day of a Mavic at a height of 10,000m+. People are gonna do dumb shit
[2017-11-12 22:46:58]
haloweenhamster :
if you have an external file can't you comment it out and people need to enable it themselves?
[2017-11-12 22:47:13]
jezzab :
Yup. You could do that
[2017-11-12 22:48:26]
haloweenhamster :
Most people will just follow a video and do dumb stuff, if you have to look and think you probably have some sense
[2017-11-12 22:49:14]
hostile :
“I understand that the NFZ blocks flights in locations with military action. How should the balance be maintained?” with CUAS platforms and common sense that says ANYONE with basic skill and access to HobbyKing can do just the same. This is you guys baby…draw straws… do what you want.
[2017-11-12 22:49:44]
hostile :
I for example LIVE in a no fly zone… but know the airport operator
[2017-11-12 22:49:59]
hostile :
minor annoyances prevent me from getting proper sign off
[2017-11-12 22:50:32]
hostile :
@jezzab enable a power user menu? / console?
[2017-11-12 22:50:37]
hostile :
and make them hand type in some haxx
[2017-11-12 22:50:38]
hostile :
=]
[2017-11-12 22:50:43]
the_lord :
You will find someone like Danny who'll make it available for anyone
[2017-11-12 22:50:55]
hostile :
IDKFA (god mode)
[2017-11-12 22:51:08]
jezzab :
↑↑↓↓←→←→BA
[2017-11-12 22:51:10]
hostile :
I think most of them are lost… even with the free info =]
[2017-11-12 22:51:20]
hostile :
Konami Kode would be hillarious
[2017-11-12 22:51:27]
hostile :
can you sense the input on the sticks from the app?
[2017-11-12 22:51:42]
hostile :
you could use the virtual sticks too lol
[2017-11-12 22:51:53]
jezzab :
haha
[2017-11-12 22:52:04]
hostile :
I can see the headline now. Konami code allows NFZ bypass
[2017-11-12 22:53:56]
czokie :
Ironic - the retroroms connection :slightly_smiling_face:
[2017-11-12 23:00:36]
jcarlo :
I do like the warning. I only enable NFZ cause I don't want the extra steps for just flying in yellow zones. I think calling the airport is enough. But yeah don't fly in NFZ airport. But I do like the warning on my app to let me know what dangers are around me. But I can't answer if it's safe to have NFZ patch out there for everyone. If you do put that patch out there you just have to rely on faith that the person do the right thing or be safe out there
[2017-11-12 23:03:13]
jcarlo :
I do see more people do illegal flying outside of NFZ area than inside.
[2017-11-12 23:04:54]
hostile :
luckily here the big stop gap is the ios hurdle of signed apps and device ID’s.
[2017-11-12 23:04:59]
hostile :
it is harder to proliferate.
[2017-11-12 23:11:10]
jezzab :
When my Spark rocks up I will be able to start trying to integrate some of the 'roid patchs for Spark in. There are a couple more I've found but I cant test until I get it. And there are a few more I want to test on Mavic but I have to actually take off to do it
[2017-11-12 23:12:19]
jezzab :
I have also made a patch that will stop the app from grounding the AC at all because of fw (ie Spark 1st Sept Lockout)
[2017-11-12 23:12:41]
jezzab :
Have to test that as well.
[2017-11-12 23:13:46]
jezzab :
Wont turn up for 3 weeks :disappointed: RC though should be here this week
[2017-11-12 23:14:25]
haloweenhamster :
If its quick shot related I think you need GPS & vision sensors working
[2017-11-12 23:15:42]
hostile :
I’m still very impressed with you all’s work
[2017-11-12 23:15:44]
hostile :
hats off for sure
[2017-11-12 23:15:57]
hostile :
any luck getting an automated backend submition of device id and spit out of .ipa?
[2017-11-12 23:16:02]
jezzab :
The quick video stuff on Mavic still checks if you have a Mavic and if you vision fw is > xxxxxx
[2017-11-12 23:17:25]
jezzab :
Working on that and nearly there. @coldflake is crook/sick atm but we sorted most of it so far
[2017-11-12 23:18:52]
jezzab :
I found a way to update the provisioning profile when a UDID is added instead of having to use xcode
[2017-11-12 23:19:19]
jezzab :
only bit will be he needs to run objection on the ipa. Which will take a Mac
[2017-11-12 23:19:33]
czokie :
i will be doing some of that this week
[2017-11-12 23:20:47]
hostile :
could do something like this .<https://www.macincloud.com/pricing/payg>
[2017-11-12 23:21:07]
czokie :
he may have found a way to do it without mac - standby :slightly_smiling_face:
[2017-11-12 23:21:19]
jezzab :
Cool
[2017-11-12 23:21:52]
jezzab :
But either way you dont need an iPad/iPhone plugged in anymore. just need to sign and patch in Frida into the header
[2017-11-12 23:22:31]
haloweenhamster :
Can't you just dual boot?
[2017-11-12 23:22:49]
hostile :
this would be a dedicated **service** online @haloweenhamster
[2017-11-12 23:22:56]
jezzab :
And ive tested re-signing an ipa that I had signed before just with an updated provisioning profile. Works fine
[2017-11-12 23:23:40]
jezzab :
coldflake doesnt own any "fruit" based devices
[2017-11-12 23:24:34]
jezzab :
So yeah unless its dedicated online service, hackintosh or another way to run it without a Mac
[2017-11-12 23:25:34]
haloweenhamster :
I've never owned any fruit based products either but run snow leopard dual boot several years ago on a dell
[2017-11-12 23:26:44]
haloweenhamster :
Thought mac os was basically Ubuntu
[2017-11-12 23:26:51]
jezzab :
Coz you can re-sign with a PC but the thing is objection runs `insert_dylib' so you would have to try and run that
[2017-11-12 23:27:16]
jezzab :
It patches the ipa so it runs the FridaGadget.
[2017-11-12 23:27:29]
jcarlo :
@haloweenhamster let me guess the old dell mini 9 hackintosh
[2017-11-12 23:28:32]
haloweenhamster :
E6400 atg, got it in front of me now
[2017-11-12 23:29:32]
jezzab :
I had OSX running perfectly on my old Surface Pro except it could not use the internal network card. Needed a stick :disappointed:
[2017-11-12 23:30:18]
haloweenhamster :
Mine needed a USB keyboard everything else worked
[2017-11-12 23:30:44]
jcarlo :
@jezzab have you tried using VMware with OSX. When I had surface pro 2 that's what I did.
[2017-11-12 23:33:26]
jezzab :
No i was running it directly on the SP. Touch screen worked etc. Everything was great bar the need to use an external wifi stick
[2017-11-12 23:35:36]
jcarlo :
Well if it's stable then wifi stick is no problem.
[2017-11-12 23:36:23]
jezzab :
o.O
[2017-11-12 23:36:43]
jcarlo :
Whoa I've never seen anything like that before
[2017-11-12 23:36:58]
haloweenhamster :
Nor me
[2017-11-12 23:37:22]
jezzab :
Liquid Crystal Display is one thing but thats pushing the Liquid bit to the max lol
[2017-11-12 23:38:09]
jezzab :
Is there a screen in front of the panel or thats actually IN the panel??
[2017-11-12 23:38:22]
jcarlo :
I have HP pro book dual boot via clover. I need to reinstall it again. It crashed my win 10 partition.
[2017-11-12 23:39:04]
jezzab :
ie between the polarising filter
[2017-11-12 23:39:23]
haloweenhamster :
My guess is that they have used a sheet of glass to protect the panel and the bonding has broken down
[2017-11-12 23:40:03]
jcarlo :
Guys I'm wondering why do I have to restart the app after in connects to Mavic before I see quick shots in there.
[2017-11-12 23:41:01]
haloweenhamster :
Have you tried turning mavic on first?
[2017-11-12 23:42:05]
jezzab :
What version app?
[2017-11-12 23:42:09]
jezzab :
4.1.17?
[2017-11-12 23:44:44]
jcarlo :
Yes and I think also 15 and 16. No I haven't tried turning on the Mavic first. I always turn on controller > app> Mavic
[2017-11-12 23:45:19]
haloweenhamster :
Try app last
[2017-11-12 23:46:47]
jcarlo :
Ok. I'll try it later. I also tried turning on the location on my phone on. But it's tested that I only see it appears after I restart the app
[2017-11-13 02:53:52]
jcarlo :
I can confirm. Turning the controller >Mavic>App on in sequence does show quick shots right away. But turning on controller >app>Mavic will not and you have to restart the app to show quick shots
[2017-11-13 07:32:01]
haloweenhamster :
that's my normal sequence, I tried your original way by recommendation from binary to get FCC to work which it didn't, probably go back to doing it this way, thanks for checking
[2017-11-13 07:44:56]
jezzab :
The App does check the drone for its capabilites
[2017-11-14 23:45:24]
jezzab :
Im nearly there with this ruby script. I had to modify one that was similar (the link I sent you @czokie) as it wasnt quite what we wanted. It will auto add a UDID and what ever name you call that device (NLD username?) and then download the private key and certificate, add the UDID to the provisioning profile, rebuild the link (coz it was broken and that script didnt fix it) then your good to sign.
[2017-11-14 23:46:11]
czokie :
I have been playing with all sorts of dependencies to get that one built and working - reliably (with all of its dependencies)
[2017-11-14 23:46:20]
czokie :
You looking at another URL in particular?
[2017-11-14 23:46:27]
jezzab :
nah
[2017-11-14 23:46:52]
jezzab :
I just installed with their guide but had to tweak a few thigns because they missed things like the dev packages out etc
[2017-11-14 23:47:29]
jezzab :
then i had a look at the `genProvisioningProfileDev.rb` and it was creating a new provisioning profile every time ending in the time as the name
[2017-11-14 23:48:09]
jezzab :
and doing other things
[2017-11-14 23:49:15]
czokie :
I was having problems with fastlane
[2017-11-14 23:49:21]
czokie :
so having to upgrade ruby etc
[2017-11-14 23:49:32]
jezzab :
so I have butchered it.
[2017-11-14 23:49:48]
jezzab :
Plus all the UDIDs added had the name `iDevice`
[2017-11-14 23:50:05]
jezzab :
you will need `ruby-dev`
[2017-11-14 23:50:13]
jezzab :
as the header files are missing
[2017-11-14 23:52:57]
czokie :
I am installing ruby via rvm - so should have devel crap
[2017-11-14 23:53:24]
jezzab :
cool well then you should have any issues if it in there.
[2017-11-14 23:57:32]
czokie :
Got a lot further - no errors with the gem install of fastlane - but its hanging :disappointed: ….
[2017-11-14 23:57:53]
czokie :
Ah - spoke too soon - progressing
[2017-11-14 23:58:13]
czokie :
Stopped forever on “Parsing documentation for google-api-client-0.13.6”
[2017-11-15 00:01:39]
jezzab :
keep waiting
[2017-11-15 00:01:57]
czokie :
It worked
[2017-11-15 00:02:21]
czokie :
but now - because I was doing things to work out the shit - going back to clean vm and making sure I’ve got the end to end process documented.
[2017-11-15 00:02:32]
czokie :
(Yes, I am pedantic)
[2017-11-15 00:12:57]
hostile :
@jezzab Ruby! I done corrupted you. Let me know if you need some help… I do have a few spare cycles.
[2017-11-15 00:20:22]
jezzab :
Haha yeah. Its a bit of a cut and shut so I have something to work with thank god. Getting there
[2017-11-15 00:20:26]
jezzab :
Thanks
[2017-11-15 00:21:08]
jezzab :
Just some of the documentation on `spaceship` ie Apple Dev API is lacking
[2017-11-15 00:23:46]
jezzab :
Hmm and just realised im 3" from the screen now because I dont have contacts in. Might help...
[2017-11-15 00:23:57]
czokie :
Ouch
[2017-11-15 01:24:12]
czokie :
OK. IPA build server complete with all required components - The only question, what are you cooking up in your ruby pot @jezzab? :slightly_smiling_face:
[2017-11-15 01:24:55]
jezzab :
just found the problem thats plagued me for 2 fucking hours
[2017-11-15 01:40:53]
jezzab :
```jez@plex:~/iInject$ ruby genProvisioningProfile-test.rb
Usage : ./genProvisionProfile.rb <user> <password> <iDevice UUID> <iDevice Name>
jez@plex:~/iInject$ ruby genProvisioningProfile-test.rb [dev@apple.com](mailto:dev@apple.com) passw0rd af1234567890abcdef12341234567890abcdefa6 MyiPhone
Removing exisitng private key
Writing new private key
Removing exisitng certificate
Writing new certificate
Adding UDID: af1234567890abcdef12341234567890abcdefa6 Name: 'MyiPhone'
Deleting old provisioning profile
Creating a new provisioning profile will all UDIDs
Repairing provisioning profiles and certificates
Downloading new provisioning profile
jez@plex:~/iInject$
jez@plex:~/iInject$ ./iInject-test.sh test.ipa FridaGadget.dylib
Uncompressing test in /tmp/iInject
File test uncompressed correctly in /tmp/iInject
Patching Binary /tmp/iInject/test/Payload/DJI
GO
4.app/DJI
GO
4
Binary /tmp/iInject/test/Payload/DJI
GO
4.app/DJI
GO
4 patched sucessfully
Coping local gadget FridaGadget.dylib to /tmp/iInject/test/Payload/DJI GO 4.app/
Gadget copied sucessfully
Creating new IPA file in /tmp/iInject/test/test-patched.ipa
/tmp/iInject/test/test-patched.ipa created sucessfully
Signing IPA file /tmp/iInject/test/test-patched.ipa
/tmp/iInject/test/test-patched-isigned.ipa created sucessfully
Cleaning up work directory /tmp/iInject/test
rm -rf /tmp/iInject/test
jez@plex:~/iInject$```
[2017-11-15 01:41:53]
jezzab :
obviously the `FridaGadget.config` needs to be added too
[2017-11-15 01:42:00]
czokie :
Yep
[2017-11-15 01:42:11]
czokie :
Looking good.
[2017-11-15 01:42:18]
jezzab :
Works
[2017-11-15 01:42:46]
jezzab :
so what is does is it added the UDID and then it deletes the current provisioning profile and then adds every device to new one with the same name
[2017-11-15 01:42:52]
jezzab :
`NLD Users`
[2017-11-15 01:42:58]
jezzab :
or what ever if you wanna tweak the script
[2017-11-15 01:43:27]
jezzab :
You could use objection if you wanted too i guess after that
[2017-11-15 01:43:45]
czokie :
True - but since we’ve got this done without objection - keep it uniform
[2017-11-15 01:44:01]
czokie :
How does it handle:
[2017-11-15 01:44:06]
czokie :
1. Different device types?
[2017-11-15 01:44:13]
jezzab :
Irrelevate
[2017-11-15 01:44:17]
czokie :
2. Change of UDID
[2017-11-15 01:44:24]
jezzab :
you cant change a UDID
[2017-11-15 01:44:29]
czokie :
Really? I thought there was a limit of 100 x iphone and 100 x ipad
[2017-11-15 01:44:29]
jezzab :
they are added for one year
[2017-11-15 01:44:42]
jezzab :
yes there is but its automatically added
[2017-11-15 01:44:45]
czokie :
I read in some apple doco - that each UDID could be changed ONCE
[2017-11-15 01:44:50]
jezzab :
this line:
[2017-11-15 01:44:55]
jezzab :
You cant even delete
[2017-11-15 01:45:10]
jezzab :
have to wait until the next year and then you can clean up
[2017-11-15 01:45:11]
jezzab :
joy
[2017-11-15 01:45:43]
czokie :
Perhaps that is a limitation of their implementation - I had read it was possible with xcode to change each entry once only
[2017-11-15 01:45:59]
jezzab :
There is no max checking though. Even the guys that did the original script had a TODO lol
[2017-11-15 01:46:13]
jezzab :
You mean the name of the UDID?
[2017-11-15 01:46:41]
czokie :
Yep - Keep same device name - remove old UDID and replace with new UDID for that user - is meant to be supported ONCE per year
[2017-11-15 01:46:51]
jezzab :
nah nah
[2017-11-15 01:46:54]
jezzab :
the names mean nothing
[2017-11-15 01:46:59]
jezzab :
its all about the UDID
[2017-11-15 01:47:02]
jezzab :
the device
[2017-11-15 01:47:07]
czokie :
Just tellin ya what I’d read
[2017-11-15 01:47:09]
jezzab :
They are just a reference for yourself
[2017-11-15 01:47:15]
jezzab :
I can change the name
[2017-11-15 01:47:24]
jezzab :
and I can have 5 devices the same name
[2017-11-15 01:47:39]
czokie :
But perhaps - apple counting of 100 allows devices to be removed …..
[2017-11-15 01:47:43]
jezzab :
its linked to a device not a user
[2017-11-15 01:47:58]
czokie :
as long as the total is not above 200 per device type perhaps?
[2017-11-15 01:48:04]
czokie :
with 100 max at any one point
[2017-11-15 01:48:36]
czokie :
What about the 100 x ipad 100 x iphone - how is that accounted for - or its not?
[2017-11-15 01:49:40]
jezzab :
Thats the only info you know from the UDID and thats the only thing you can edit
[2017-11-15 01:49:57]
jezzab :
It is auto sorted on their end into device groups
[2017-11-15 01:51:03]
jezzab :
its 100 of each device added for that year
[2017-11-15 01:51:38]
czokie :
So - in spaceship ui - can it find device type by UDID - so we can xref that later - to manage utilisation by device type?
[2017-11-15 01:51:41]
jezzab :
if you use them or not or if they are disabled etc. 100 UDIDs of each device only for the year to be registered. They cannot be deleted only disabled but still count to the quota
[2017-11-15 01:52:04]
jezzab :
Dunno
[2017-11-15 01:53:06]
czokie :
Put it this way - in the pic above - where did xcode get the device type?
[2017-11-15 01:53:26]
jezzab :
This is in the portal
[2017-11-15 01:53:40]
jezzab :
web dev portal
[2017-11-15 01:53:42]
czokie :
OK.
[2017-11-15 01:54:24]
jezzab :
typo
[2017-11-15 01:58:44]
jezzab :
Ahh thats better
[2017-11-15 02:24:06]
hostile :
@czokie ” that each UDID could be changed ONCE” NO **normal** user will be doing this… those that would don’t need us…
[2017-11-15 03:05:43]
hostile :
You guys <!here> may enjoy this code… <https://github.com/devttys0/ida/tree/master/plugins/alleycat>
[2017-11-15 03:06:18]
czokie :
You and your cat wrangling
[2017-11-15 09:34:59]
jezzab :
This works but needs work maybe. Or its just Apple being a prick which ive had with just Xcode before. Someone can have a crack at it. I need to step away from it for a while.
It will unpack, copy Frida and the Frida config file, patch and sign.
The original copied the FridaGadget to a diff dir, would auto deploy to an attached device, etc
[2017-11-15 09:38:20]
jezzab :
`sudo ./iInject.sh <IPA File> FridaGadget.dylib`
output will be in cwd: `<ipa_name>-patched-isigned.ipa`
[2017-11-15 09:50:59]
czokie :
So - we can disable the auto deploy fairly easy
[2017-11-15 09:55:11]
jezzab :
It’s already done mate.
[2017-11-15 09:55:57]
jezzab :
As I said the output will be in the cwd now
[2017-11-15 09:56:21]
czokie :
Ah. I was out at daughter soccer match. Didnt see that update above
[2017-11-15 22:23:34]
czokie :
I have to share - an epiphany while having my morning shower… When our custom DJI go app comes to life… what do we all it? Well, we have the frida GADGET on board, and we are talking about dji GO …. and we have INSPECTED the source code by reverse engineering. “Inspector Gadget”
[2017-11-15 22:24:19]
czokie :
And perhaps - even an app mod to bring on board the inspector gadget song during startup? :slightly_smiling_face:
[2017-11-15 22:37:20]
czokie :
And DJI is doctor claw?
[2017-11-15 22:39:05]
czokie :
<https://www.youtube.com/watch?v=EcF2LOaLgA0>
[2017-11-15 22:47:19]
jcarlo :
Lol. That inspector gadget song is now stuck in my head
[2017-11-16 01:07:02]
hostile :
yes!
[2017-11-16 01:44:42]
jezzab :
I give up. iSign doesnt work correctly. Even when I export the cert directly from a Mac.
[2017-11-16 01:45:44]
jezzab :
Everything is where it should be but will not install from iTunes
[2017-11-16 01:46:51]
jezzab :
And it wont let me sign with just a fingerprint (which objection is going with codesign) which I can easily get from the certs. Only allows to do that on an adhoc profile, not a dev profile
[2017-11-16 01:47:20]
jezzab :
Make an OSX VM, do it in there lol
[2017-11-16 03:06:08]
jezzab :
...im testing just that. If it works then I should be able to integrate the auto UDID adding and mobile.provisioning creation easy enough with what ive already done and just use objection
[2017-11-16 03:23:59]
czokie :
Instead of using objection - it just calls applesign….
[2017-11-16 03:24:15]
czokie :
might be able to work out the CLI for that and do it natively - to make it a bit simpler
[2017-11-16 03:32:08]
jezzab :
yeah i can just call it manually as well
[2017-11-16 03:33:02]
jezzab :
ive hand signed the ipa's on the mac to test a while ago and it was fine
[2017-11-16 03:34:44]
jezzab :
just want setup the signing chain I have on the real mac in the VM (nearly there) and get it working. Then I can pull in the other linux stuff ^^ and tweak for the osx stuff
[2017-11-16 06:26:15]
jezzab :
Done
[2017-11-16 06:26:33]
jezzab :
Then run:
[2017-11-16 06:27:23]
jezzab :
`applesign -i 3123456789597A043652A6F4ECF1234567895665 -m embedded.mobileprovision "DJI GO 4.ipa"`
[2017-11-16 06:28:59]
jezzab :
You only have to add one profile to start it. Then it will be self supporting and just update with the same name. No need to do certs or anything. Just adds a new UDID, adds ALL the UDIDs to the current provisioning profile and updates. Then downloads the new profile. Then you resign the same signed ipa (or what ever)
[2017-11-16 06:29:17]
jezzab :
Works. Tested and installs etc.
[2017-11-16 06:30:11]
jezzab :
file will be saved as `filename-resigned.ipa`
[2017-11-16 06:46:19]
jezzab :
@coldflake
[2017-11-16 06:58:58]
jezzab :
Just be careful with the <iDevice Name> it might not like spaces
[2017-11-16 11:04:14]
cs2000 :
Nice work mate :wink:
[2017-11-18 06:18:34]
haloweenhamster :
2 people said the go nightly has been released, 4.1.18 is out
[2017-11-18 06:21:54]
hostile :
watch for booby traps!
[2017-11-18 06:22:48]
jezzab :
It’s a trap! Nah I’ll take a look tomorrow
[2017-11-18 06:23:11]
jezzab :
If @kilrah can work his magic on the ipa
[2017-11-18 06:27:22]
jcarlo :
I still see 4.1.17 on App Store and just download it
[2017-11-18 07:59:18]
kilrah :
got the update on my PC but i forgot my iPad at a friend's, will be a few days until I have it back :disappointed:
[2017-11-18 08:08:45]
jezzab :
All good. It can wait. Probably a cupcake with a razor blade inside
[2017-11-19 01:00:43]
czokie :
OK.
[2017-11-19 01:00:52]
czokie :
Updates on IPA stuff …
[2017-11-19 01:01:27]
czokie :
Flying today with patched IPA - Observed that it was complaining about rf interference.
[2017-11-19 01:01:41]
czokie :
this is with a P4P, 32ch hack.
[2017-11-19 01:02:07]
czokie :
plus fcc
[2017-11-19 01:02:24]
czokie :
My gut feeling -the FCC mod on p4p is what is causing the pain - will need to test more later.
[2017-11-19 01:02:39]
czokie :
I was on channel 1 - no interference at all.
[2017-11-19 01:02:45]
jezzab :
You flew last time with the exact same setup and was able to get "lower" you said?
[2017-11-19 01:02:51]
czokie :
but still no video at all. Totally blank
[2017-11-19 01:02:53]
czokie :
Yes…
[2017-11-19 01:03:01]
czokie :
This is similar to what my mate had.
[2017-11-19 01:03:09]
czokie :
I restarted the app a few times - and it came good.
[2017-11-19 01:03:10]
jezzab :
No video??
[2017-11-19 01:03:15]
czokie :
No video at all.
[2017-11-19 01:03:38]
czokie :
He rebound the controller - which kicked it and got it working - I dont think that was the correct solution., but it had the desired effect.
[2017-11-19 01:03:58]
czokie :
Will try later without FCC and just 32ch and see how that goes.
[2017-11-19 01:04:10]
jezzab :
Very strange
[2017-11-19 01:04:41]
czokie :
Beyond that - I was going to do some stuff with u (if u had time today) on “inspector gadget” ….
[2017-11-19 01:04:48]
czokie :
Build script / process.
[2017-11-19 01:05:07]
czokie :
What was your most recent status? Last I recall - it was not fully working?
[2017-11-19 01:05:25]
czokie :
ie - you tried applesign natively instead of the other tool - but still had issues?
[2017-11-19 01:05:26]
jezzab :
Everything works with the Mac VM
[2017-11-19 01:06:10]
jezzab :
Adds UDID, updates the profile (not delete) and downloads the new provisioning file then resigns the ipa with the new PP
[2017-11-19 01:06:34]
czokie :
And the sign uses what command?
[2017-11-19 01:06:37]
czokie :
applesign or the other one?
[2017-11-19 01:06:40]
jezzab :
applesign
[2017-11-19 01:06:54]
czokie :
So - we have applesign built for linux.
[2017-11-19 01:07:11]
czokie :
I’d be interested to compare where its failing….
[2017-11-19 01:07:17]
jezzab :
applesign can use the original apple security method to sign (which objection calls the same way) or it can use openssl (which is how isign does it)
[2017-11-19 01:07:45]
czokie :
On a mac versus linux
[2017-11-19 01:07:58]
czokie :
Is the provisioning profile script stuff identical? (in terms of output)
[2017-11-19 01:08:26]
jezzab :
the PP is pulled from Apple dev. The signing of the ipa is the one thats failing
[2017-11-19 01:08:29]
jezzab :
when using isign
[2017-11-19 01:08:38]
czokie :
Have u tried applesign on linux?
[2017-11-19 01:08:49]
jezzab :
No
[2017-11-19 01:08:53]
czokie :
OK.
[2017-11-19 01:09:07]
czokie :
I had previously got that built and running - but pulled it out of the process when u showed me isign
[2017-11-19 01:09:12]
czokie :
but happy to get it up again :slightly_smiling_face:
[2017-11-19 01:09:21]
jezzab :
You can test it even with a free dev account
[2017-11-19 01:09:38]
czokie :
Let me get my build script tweaked and get it all together - and talk in about 15 mins
[2017-11-19 01:09:50]
jezzab :
Im heading out for a quick fly. Ill be back soon
[2017-11-19 01:09:56]
czokie :
ok
[2017-11-19 01:10:10]
jezzab :
it like 28oC and its 2km/h winds :stuck_out_tongue:
[2017-11-19 01:10:13]
jezzab :
be mad if i didnt
[2017-11-19 01:10:23]
czokie :
Yeah - I had a nice fly - 2 batteries.
[2017-11-19 01:10:34]
czokie :
But - I had a lot of “green screen” shit happening
[2017-11-19 01:10:41]
czokie :
Has anyone here found the root cause of that shit?
[2017-11-19 01:10:50]
jezzab :
Im just gonna go close. I wanna test out the new stock mavic remote I bought. So the range will be more limited lol
[2017-11-19 01:10:52]
czokie :
and the mobile device cpu loaded shit
[2017-11-19 01:11:07]
jezzab :
tried turning off the video cache?
[2017-11-19 01:11:11]
czokie :
yep
[2017-11-19 01:11:16]
czokie :
still happens intermittantly
[2017-11-19 01:11:21]
czokie :
(tho I was live streaming to facebook)
[2017-11-19 01:11:26]
jezzab :
ah right
[2017-11-19 01:11:37]
jezzab :
ahhhh
[2017-11-19 01:11:43]
jezzab :
so THATS the difference to last time
[2017-11-19 01:11:57]
czokie :
Two flights - first one with video cache on
[2017-11-19 01:12:03]
czokie :
2nd flight with fb streaming
[2017-11-19 01:12:06]
jezzab :
no the facebook streaming
[2017-11-19 01:12:29]
czokie :
not fb streaming first flight
[2017-11-19 01:12:33]
jezzab :
to the last flight you tested and was able to get further/lower
[2017-11-19 01:12:36]
jezzab :
not today
[2017-11-19 01:12:47]
czokie :
This was before any of that shit
[2017-11-19 01:12:51]
czokie :
Turn on RC and GO
[2017-11-19 01:12:53]
czokie :
No video
[2017-11-19 01:13:02]
czokie :
Warning on screen: RF interference
[2017-11-19 01:13:24]
czokie :
Checked HD section - My channel was “blue” so should have been good - but still no video
[2017-11-19 01:13:52]
jezzab :
Ok. fuck knows lol. nothing changed patch wise on our else. just the ipa version
[2017-11-19 01:14:27]
czokie :
I think compared to mavic - that the hardware is not as well “tuned” to handle the extra power output - Just my gut feeling.
[2017-11-19 01:14:41]
jezzab :
And you even had the same patch file intact coz you upgraded not deleted
[2017-11-19 01:14:42]
czokie :
so next fly will be without FCC patch but others loaded
[2017-11-19 01:14:48]
czokie :
Correct
[2017-11-19 01:14:56]
jezzab :
but how did it work last time error free?
[2017-11-19 01:15:00]
czokie :
Remember - this is the exact same symptoms for my friend.
[2017-11-19 01:15:05]
czokie :
First time - luck
[2017-11-19 01:15:16]
czokie :
Same for my mate - but he had issues subsequently on multiple a/c
[2017-11-19 01:21:10]
czokie :
Theoretically - the patching could just be insert_dylib
[2017-11-19 01:21:13]
czokie :
and then applesign
[2017-11-19 01:21:20]
czokie :
no need for a lot of the other guff perhaps
[2017-11-19 01:21:40]
czokie :
ie inject
[2017-11-19 01:21:58]
czokie :
Anyway - will leave em there for now
[2017-11-19 02:20:57]
jcarlo :
4.1.18 is out
[2017-11-19 02:21:07]
czokie :
yep
[2017-11-19 02:21:09]
czokie :
we know
[2017-11-19 02:21:20]
czokie :
just waiting on our local IPA decryption service :slightly_smiling_face:
[2017-11-19 02:21:29]
jcarlo :
Lol
[2017-11-19 02:21:47]
jcarlo :
It's weird It just showed up for me
[2017-11-19 02:22:09]
jcarlo :
I'm gonna try the official one. I want pano
[2017-11-19 02:22:14]
czokie :
also known as Kilrah
[2017-11-19 02:22:53]
jcarlo :
So the only way I can share my IPA is if I have a jail broken iPhone?
[2017-11-19 02:24:58]
czokie :
Your IPA is encrypted.
[2017-11-19 02:25:07]
czokie :
Need a jailbroken phone to get it decrypted
[2017-11-19 02:26:39]
jcarlo :
Ok since I joined the club of iPhone owners who has a crack glass I'm thinking of jail breaking it. Since I'm still on 10.3.2
[2017-11-19 02:37:38]
hostile :
living on the edge
[2017-11-19 02:39:02]
jcarlo :
Livin in the fast lane
[2017-11-19 02:45:30]
czokie :
Not sure there is an untethered jailbreak available for that version
[2017-11-19 02:45:50]
czokie :
and the tethered jailbreaks I have seen appear to be beta last time I checked a few weeks ago
[2017-11-19 02:57:04]
jcarlo :
I'm gonna check. The only iPhone I jailbreak is 3G
[2017-11-19 08:18:03]
kilrah :
that jailbreak is what I use, works even if a bit wonky sometimes
[2017-11-20 04:47:18]
czokie :
Update on the IPA scene. Previously, @jezzab managed to sign some IPA’s using a developer account... and that works well. However, that required a Mac to sign the IPA’s and the process was not scalable. Today, I bit the bullet and got a developer account. I have been working on a linux VM and tools that will automate the signing of an IPA using a provided UDID. Good news. I signed my first IPA today without a MAC involved in the signing process. This is early days, and it was not a “tweaked” IPA file yet. That is still to come. But the good news is that this was done without MacOS, so this can run on Linux in the cloud. Stay tuned.
[2017-11-20 11:17:05]
cs2000 :
Top work mate :slightly_smiling_face:
[2017-11-20 11:21:02]
czokie :
By the way @jezzab - That isign and iinject code - yes, I do want to "pour petrol on it and light a match". I feel your frustration.
[2017-11-20 11:21:17]
bin4ry :
which ios devices do you guys have ?
[2017-11-20 11:21:33]
czokie :
iphone 6 plus and ipad pro
[2017-11-20 11:21:41]
cs2000 :
just iphones here, 5s and 7
[2017-11-20 11:21:47]
bin4ry :
i mean to develop
[2017-11-20 11:21:55]
bin4ry :
which development devices
[2017-11-20 11:21:56]
bin4ry :
:smile:
[2017-11-20 11:21:57]
czokie :
I am rewriting my own iinject scripts to replace that
[2017-11-20 11:22:00]
czokie :
None.
[2017-11-20 11:22:06]
czokie :
Thats it
[2017-11-20 11:22:09]
bin4ry :
ok
[2017-11-20 11:22:11]
czokie :
No rooted devices
[2017-11-20 11:22:13]
bin4ry :
so this one is rooted ?
[2017-11-20 11:22:15]
bin4ry :
no ?
[2017-11-20 11:22:24]
czokie :
dont need rooted to do what we're doing
[2017-11-20 11:22:38]
bin4ry :
so the gadget is enough right?
[2017-11-20 11:22:44]
czokie :
The only rooted device that is needed is to decrypt - and Kilrah is our local "decryption service"
[2017-11-20 11:22:48]
czokie :
yep
[2017-11-20 11:22:50]
bin4ry :
ok
[2017-11-20 11:22:51]
bin4ry :
i see
[2017-11-20 11:23:43]
bin4ry :
i saw some iphone x available
[2017-11-20 11:24:29]
bin4ry :
but they seem to have problems with the displays
[2017-11-20 11:24:37]
bin4ry :
from what news say
[2017-11-20 11:40:48]
czokie :
Yep - so I hear
[2017-11-20 11:41:11]
czokie :
Wife has one on order - I was holding my order back to let the production bugs get sorted
[2017-11-20 11:41:52]
jezzab :
Bar the big chunk of the screen missing :p
[2017-11-20 11:42:27]
bin4ry :
@jezzab i like the design. tbh it is the first apple design it like
[2017-11-20 11:42:43]
bin4ry :
only thing i find a bit sad is that the backside feels really cheap
[2017-11-20 11:43:12]
jezzab :
I don’t like the camera section where the screen gets chopped out
[2017-11-20 11:43:22]
bin4ry :
why not? looks nice i think
[2017-11-20 11:43:34]
jezzab :
Only because I keep comparing it to my S8 lol
[2017-11-20 11:43:38]
bin4ry :
lol
[2017-11-20 11:43:49]
bin4ry :
i have an s7 edge, but i hate the deisgn of that
[2017-11-20 11:43:58]
bin4ry :
i only bought it due to the edge screen which i like very much
[2017-11-20 11:44:14]
bin4ry :
feels good holding it
[2017-11-20 11:44:20]
bin4ry :
not useful but feels good :smile:
[2017-11-20 11:44:25]
jezzab :
Lol
[2017-11-20 11:44:34]
bin4ry :
and the size of the phone overall is good
[2017-11-20 11:44:42]
bin4ry :
i had sony phones like forever, since i got them for free
[2017-11-20 11:44:55]
bin4ry :
but the s7 edge was the first phone i bought after a long time
[2017-11-20 11:45:06]
bin4ry :
since it felt very very good in my hand, perfect size for me
[2017-11-20 11:47:01]
jezzab :
I was all Apple until I sold my iPhone 7and got an S8. I’d had enough and was mor into the Google eco. Plus was disappointed in the lack of innovation anymore. But I still like th fluidness of and iPhone/iPad. And the S8 is dual sim lol
[2017-11-20 11:47:32]
jezzab :
Kinda got a mixed bag of apple and android now
[2017-11-20 11:47:49]
bin4ry :
yah, both have good and bad sides for sure
[2017-11-20 11:48:04]
bin4ry :
i had the first iphone
[2017-11-20 11:48:10]
bin4ry :
and an android
[2017-11-20 11:48:14]
bin4ry :
both at the same time
[2017-11-20 11:48:19]
bin4ry :
and i did not like the iphone at all
[2017-11-20 11:48:24]
bin4ry :
so i went the android way
[2017-11-20 11:48:31]
bin4ry :
and took a look and iOS regulary
[2017-11-20 11:48:48]
bin4ry :
i think they came a long way and they are useable nowadays for what i want them to do
[2017-11-20 11:49:07]
bin4ry :
but to be honest here, an stock android is not very useable for me too
[2017-11-20 11:49:17]
bin4ry :
but on android i can do what i like and make it like i want it to be :wink:
[2017-11-20 11:49:24]
bin4ry :
but i got bored
[2017-11-20 11:49:28]
bin4ry :
and i want to see smth new
[2017-11-20 11:49:41]
bin4ry :
so i might get some new device to play and test again :slightly_smiling_face:
[2017-11-20 11:50:17]
jezzab :
:)
[2017-11-20 11:50:21]
bin4ry :
i was so sad the WindowsPhone died so quick. i hope for another mobile OS to get the innovations going
[2017-11-20 11:52:27]
bin4ry :
btw is there any Jailbreak for the X available yet ?
[2017-11-20 11:52:40]
bin4ry :
or maybe an general one for the new iOS ?
[2017-11-20 11:55:54]
jezzab :
AFAIK the jailbreak scene has died in the ass on newer iOS
[2017-11-20 11:56:06]
jezzab :
But I haven’t really kept up with it
[2017-11-20 11:58:05]
bin4ry :
oh really? too much payments from blackmarket i guess
[2017-11-20 11:58:50]
jezzab :
And I think Apple pretty much implemented everything that everyone jailbreaked to do lol
[2017-11-20 11:59:19]
bin4ry :
i don't think that :smile: :stuck_out_tongue:
[2017-11-20 12:00:34]
bin4ry :
to easily move data around would be the #1 reason for me my android is a mix of a pendrive and phone to me :smile:
[2017-11-20 12:01:01]
bin4ry :
but anyway i am interested in the new phone
[2017-11-20 12:01:10]
bin4ry :
i just want to see smth new
[2017-11-20 12:01:18]
jezzab :
Hell froze over .....
[2017-11-20 12:01:27]
jezzab :
:p
[2017-11-20 12:01:46]
bin4ry :
nah, i am always curious and i've never been a fanboy
[2017-11-20 12:01:58]
bin4ry :
i just happen to slide into the sony stuff and got phone for free :smile:
[2017-11-20 12:02:13]
jezzab :
Hehe
[2017-11-20 12:02:21]
bin4ry :
al lbecause i like android better in the start
[2017-11-20 12:02:34]
bin4ry :
but IMHO android became a big blob of useless shit on top
[2017-11-20 12:02:45]
bin4ry :
it first gets useable once you removed all the shit OEMs add
[2017-11-20 12:02:59]
jezzab :
Yeah
[2017-11-20 12:03:01]
bin4ry :
biggest android problem ever
[2017-11-20 12:03:56]
jezzab :
I was actually going to swap it to the Pixel 2 when it came out when I got the S8 but not now. Disappointed
[2017-11-20 12:04:04]
bin4ry :
what i dislike about apple is the menu concept and the control concept of the OS. i never like it, one of the things which pissed me off so much on the first iphone was the control concept. too unnatural for me.
[2017-11-20 12:04:11]
bin4ry :
i am looking at hte pixel 2 too
[2017-11-20 12:04:16]
bin4ry :
i like the "kinda blue" one
[2017-11-20 12:04:21]
bin4ry :
but i think it is too small
[2017-11-20 12:04:25]
bin4ry :
feels weird
[2017-11-20 12:05:31]
bin4ry :
and the XL is not available in this color
[2017-11-20 12:05:37]
bin4ry :
for whatever reasons ...
[2017-11-20 12:05:44]
bin4ry :
and due to the latest problems people report
[2017-11-20 12:05:50]
bin4ry :
it would not have been a wise choice at all
[2017-11-20 12:05:51]
bin4ry :
:smile:
[2017-11-20 12:06:39]
jezzab :
Lol
[2017-11-20 12:07:31]
bin4ry :
feels there is no perfect phone on the market atm
[2017-11-20 12:19:14]
jezzab :
Like u said. Need more competition and something different
[2017-11-20 13:51:34]
jcarlo :
Go try iPhone se. Inexpensive and it feels like it's still Steve Jobs innovation. Basically a boosted iPhone 5s
[2017-11-20 14:05:05]
bin4ry :
iphone se is pretty old as i saw it
[2017-11-20 14:05:06]
bin4ry :
:smile:
[2017-11-20 14:05:25]
kilrah :
too small :stuck_out_tongue:
[2017-11-20 14:05:32]
bin4ry :
and too small yes i saw that now too
[2017-11-20 14:08:31]
jcarlo :
Lol. You will get use to it. That's what I'm using now
[2017-11-20 14:09:21]
jcarlo :
It has IPhone 6s components except for front facing camera and screen
[2017-11-20 14:12:41]
bin4ry :
no i don't like this small phones, i tried several 4.x" phones. no go for me. 5.5" is good. I would take 6" if any nice phone would have it :smile:
[2017-11-20 14:23:43]
jcarlo :
The last 6" phone I had was Nokia 1520
[2017-11-20 14:24:02]
jcarlo :
Windows phone
[2017-11-20 14:24:07]
bin4ry :
hehe
[2017-11-20 14:24:10]
bin4ry :
nice one
[2017-11-20 14:25:02]
jcarlo :
I do like the s8. Looks so smooth on overall appearance
[2017-11-20 14:25:59]
bin4ry :
i have an XZ Premium here
[2017-11-20 14:26:03]
bin4ry :
this fucker is smooth as hell
[2017-11-20 14:27:16]
jcarlo :
Nice
[2017-11-20 14:27:49]
bin4ry :
but i am a bit bored of all this, thats why i want to take a look at apple. something new for me again ;
[2017-11-20 14:27:50]
bin4ry :
:wink:
[2017-11-20 14:28:48]
jcarlo :
I like the iPhone se. Fits in my pocket very well. Yeah that's what happened to me plus it works better with my Mavic
[2017-11-20 14:32:25]
bin4ry :
ah 6" fits my pockets easy
[2017-11-20 14:32:26]
bin4ry :
:smile:
[2017-11-20 20:37:41]
jezzab :
Some people find it hard to take that last inch @bin4ry
[2017-11-20 20:41:42]
hostile :
LOL
[2017-11-20 22:05:21]
jcarlo :
Lmao
[2017-11-20 22:33:47]
czokie :
<https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcT0czycXodIHl68vQAlNXNR5P_hQnAbWNLT46D1CR0twpFxHo4U>
[2017-11-21 00:25:07]
czokie :
Hmm. No-one liked that one :disappointed:
[2017-11-21 00:29:42]
jcarlo :
Hehehe. Not going to touch that:smile:
[2017-11-21 01:00:23]
czokie :
Update: Just solved that with a cheat. The problem was the frida gadget file I was using. I was getting a current one. Instead, I tried one from the iInject project - and that worked. Problem is - it may not have all the current bells and whistles we want. Either way, its progress.
[2017-11-21 02:30:21]
czokie :
Anyone that might like to help with this… two files. <https://build.frida.re/frida/ios/lib/FridaGadget.dylib> and <https://github.com/LeanVel/iInject/blob/master/FridaGadget.dylib> … The iInject one works… the one from the official frida site doesnt. Challenge: I’d like to know why :slightly_smiling_face:
[2017-11-21 02:34:13]
czokie :
Actually - disregard - It may have been (shock horror) my code. I think I fixed it.
[2017-11-21 02:34:27]
czokie :
Might have deleted #code_wall_of_shame too soon
[2017-11-21 03:18:56]
jcarlo :
So can I use cydia impactor also to install non decrypted ipa without going through iTunes?
[2017-11-21 03:31:35]
czokie :
That is now rock solid - bullet proof for unpack, tweak, repack, and sign.
[2017-11-21 03:31:51]
czokie :
Next steps - Start to play with provisioning profiles
[2017-11-21 03:37:06]
jezzab :
just change the \end to `isign.mobileprovision` if thats the name you are using
[2017-11-21 03:37:31]
jezzab :
and the "Test Profile" to your profile name
[2017-11-21 03:38:05]
czokie :
That next bit might be tomorrow
[2017-11-21 03:38:45]
jezzab :
^^ works and is "non evasive" as it will not delete the PP. it just the same as going into the portal and clicking Edit and adding a UDID/Name from your list and save
[2017-11-21 03:39:20]
jezzab :
then downloads it obviously
[2017-11-21 05:06:54]
czokie :
Hmm. Spoke too soon. Something with the frida gadget causing issues during install…. This process is so slow when I am testing on a server at the other end of the planet. Time to build a build server in a vm ….
[2017-11-21 05:55:15]
czokie :
*czokie is tired of building servers and provisioning profiles, and certificates, and keys, and fastlane, and spaceship…. Sigh*
[2017-11-21 06:00:56]
czokie :
OK. So built a test VM with the same stuff I had on my USA server - so can do and test more rapidly at home… but my head hurts today. To be continued
[2017-11-21 09:48:08]
bin4ry :
quick question for the iOS guys here, as i am still thinking to try out an iPhone. Is it true that one canot set an default browser / keyboard etc ? There is always the apple one started automatically ?
[2017-11-21 09:48:42]
jezzab :
Welcome to iOS
[2017-11-21 09:48:43]
bin4ry :
googling came up with this, and i want to make sure the info is correct, so i here
[2017-11-21 09:48:54]
bin4ry :
so it's true ?
[2017-11-21 09:48:56]
bin4ry :
wow
[2017-11-21 09:49:11]
bin4ry :
i would have never thought of that, i accidently found this fact
[2017-11-21 09:49:53]
jezzab :
Been a while since I’ve played with it on iOS but this was the issue with swift key on iOS
[2017-11-21 09:51:03]
bin4ry :
oh bummer, the browser is the worst thing for me. i like to choose per click which browser should be used
[2017-11-21 09:51:28]
jezzab :
Browser I have never tried to change the default and always just use safari
[2017-11-21 09:51:46]
jezzab :
So not sure on that but I would believe it
[2017-11-21 09:52:02]
jezzab :
Very locked down mate
[2017-11-21 09:52:13]
jezzab :
Leave your freedoms at the door lol
[2017-11-21 09:53:32]
bin4ry :
so might be not the thing for me ...
[2017-11-21 09:53:38]
bin4ry :
peeking at sailfish OS too
[2017-11-21 09:58:09]
czokie :
U can change keyboarfd
[2017-11-21 09:58:12]
czokie :
not sure abotu browser
[2017-11-21 09:58:21]
czokie :
never tried
[2017-11-21 10:16:54]
kvn :
I'm using googlekeyboard on my iphone and it works just great
[2017-11-21 10:17:22]
bin4ry :
but whats with browser and other standard apps? is one able to change them?
[2017-11-21 10:19:28]
kvn :
There is no way to define the default apps
[2017-11-21 10:19:34]
kvn :
however I'm using all the google suite
[2017-11-21 10:19:48]
kvn :
Each app will decide what browser to open
[2017-11-21 10:19:55]
kvn :
ex: in hangout, it opens chrome
[2017-11-21 10:20:01]
kvn :
in whatsapp it opens safari
[2017-11-21 10:20:15]
kvn :
but you can define which browser to open in the app itself most of the time
[2017-11-21 10:20:34]
czokie :
Correct kvn
[2017-11-21 10:20:50]
czokie :
each app can have its own favourite app for key functions.
[2017-11-21 10:21:17]
bin4ry :
uff, i see again why i walked away from apple on the 2g. seems they still hold onto this principles
[2017-11-21 10:21:30]
czokie :
There is nothing stopping you from having chrome on your home page, and gmail there too.... and you can set gmail to open web links in chrome, and chrome to open mail links in gmail. That covers 99% of the use cases
[2017-11-21 10:21:36]
kvn :
these are the settings in hangout for example
[2017-11-21 10:22:22]
kvn :
yep, I use only google tools...so I'm basically staying within the G environment
[2017-11-21 10:22:42]
bin4ry :
nah, i like to have an browser launcher, this launches an menu where i can choose which browser to use for this link. This also prevents me from certain sort of attacks to phish me. I can just open shit in my sandbox browser and check etc .
[2017-11-21 10:23:05]
bin4ry :
which is my default for all requests to a browser
[2017-11-21 10:23:16]
kvn :
well...that wont be possible on ios
[2017-11-21 10:23:17]
bin4ry :
so i can nicely choose for every link as it comes up every time
[2017-11-21 10:23:54]
jezzab :
iOS users be like: come brother! Come to the dark side. Come on in, just lock the door when you do
[2017-11-21 10:23:55]
czokie :
You could be sneaky ....
[2017-11-21 10:23:59]
czokie :
send all traffic to a proxy
[2017-11-21 10:24:08]
czokie :
and have the proxy do one of those "open in" things....
[2017-11-21 10:24:19]
bin4ry :
well, i don't think iOS is for me then ... :wink:
[2017-11-21 10:24:27]
bin4ry :
this is one standard usecase
[2017-11-21 10:24:32]
jezzab :
Does this smell like chloroform.....
[2017-11-21 10:24:41]
bin4ry :
i think if i start using it i get crazy bcs most stuff i do does not work
[2017-11-21 10:24:43]
bin4ry :
^^
[2017-11-21 10:25:14]
kvn :
iOS is good for "users" not powerusers
[2017-11-21 10:25:29]
bin4ry :
another example. i like to keep some files on storage on my phone in a secure folder. can i share this folder over usb ? like a pendrive?
[2017-11-21 10:25:36]
kvn :
on a day to day basis I'm happy with it. But I always have and android phone not too far
[2017-11-21 10:25:52]
bin4ry :
i use that pretty much a few times a day
[2017-11-21 10:25:55]
kvn :
NEUP you can't
[2017-11-21 10:25:57]
bin4ry :
is this possible ?
[2017-11-21 10:26:04]
kvn :
not easily
[2017-11-21 10:26:05]
bin4ry :
ok
[2017-11-21 10:26:13]
bin4ry :
hm
[2017-11-21 10:26:14]
kvn :
Or not that I know of
[2017-11-21 10:26:20]
czokie :
Yes there are
[2017-11-21 10:26:20]
bin4ry :
thats why i ask
[2017-11-21 10:26:24]
czokie :
There are apps for that
[2017-11-21 10:26:27]
bin4ry :
i could google , but you guys know better
[2017-11-21 10:26:30]
czokie :
:slightly_smiling_face:
[2017-11-21 10:26:32]
bin4ry :
:slightly_smiling_face:
[2017-11-21 10:26:32]
bin4ry :
and you know the pitfalls too
[2017-11-21 10:26:47]
czokie :
I dont do it - but I've seen dozens of apps that do that
[2017-11-21 10:27:04]
kvn :
There are apps, but I think in the end it's just not worth switching to iOS if this is the kinda needs you have
[2017-11-21 10:27:28]
bin4ry :
well. i keep the files there and i need to access this files form other software
[2017-11-21 10:27:35]
bin4ry :
simple example
[2017-11-21 10:27:40]
bin4ry :
imagine i have an encrypted folder
[2017-11-21 10:27:52]
bin4ry :
and sometimes i need to decrypt it and edit a textfile in it
[2017-11-21 10:27:54]
bin4ry :
from the phone
[2017-11-21 10:28:12]
kvn :
forget about iOS
[2017-11-21 10:28:20]
bin4ry :
same time this folder needs to be accessable from usb , like a pendrive. so i can also load it to a PC / linux software and edit file inside
[2017-11-21 10:28:26]
kvn :
I can tell you right now, it's gonna be a nightmare
[2017-11-21 10:28:30]
bin4ry :
ok
[2017-11-21 10:28:31]
kvn :
I guess everything is possible
[2017-11-21 10:28:38]
bin4ry :
since this is one thing i use my phone for
[2017-11-21 10:28:40]
kvn :
you can jailbreak it etc
[2017-11-21 10:28:50]
kvn :
but you're better off in Android
[2017-11-21 10:28:51]
bin4ry :
i would be fine with rooting
[2017-11-21 10:29:11]
jezzab :
He’s looking at iPhone X
[2017-11-21 10:29:29]
bin4ry :
exactly
[2017-11-21 10:29:36]
bin4ry :
sexy thing i think :wink:
[2017-11-21 10:29:40]
czokie :
Yeah - @bin4ry - we need you. Find root for the latest IOS please.... and do it within the next month
[2017-11-21 10:29:42]
kvn :
beeeeh
[2017-11-21 10:29:47]
czokie :
if you dont mind
[2017-11-21 10:30:18]
kvn :
The only good thing about the X is that all our clients will come back to us to change the design of the app as there is this black box on top of it now
[2017-11-21 10:30:53]
jezzab :
What’s exploits worth for Apple now black market? $1000000 was it
[2017-11-21 10:31:15]
bin4ry :
yah
[2017-11-21 10:31:26]
bin4ry :
maybe i should just get one X to root it and sell the exploit
[2017-11-21 10:31:33]
bin4ry :
:joy:
[2017-11-21 10:31:35]
jezzab :
Yup lol
[2017-11-21 10:31:38]
kvn :
definitly
[2017-11-21 10:31:41]
czokie :
Bring it on
[2017-11-21 10:32:02]
czokie :
@jezzab and I can get you up to speed with signing :slightly_smiling_face:
[2017-11-21 10:32:40]
bin4ry :
i think an RCE root might be worth the most $
[2017-11-21 10:32:40]
kvn :
Guys I have a Spark related question
[2017-11-21 10:32:49]
jezzab :
Up to speed with signing?
[2017-11-21 10:33:01]
czokie :
code signing - how it all fits together :slightly_smiling_face:
[2017-11-21 10:33:14]
kvn :
Off-topic. I heard 4.1.18 on android removes the Wlan settings forcing you back in CE based on the GPS position. can one of you confirm? And I ask this in iOS chan' because I'm an iphone user and I'm affraid this will come on the next ios IPA.
[2017-11-21 10:34:27]
bin4ry :
really? i did not read that yet. and i did not look at 4.1.18 yet, but certainly it is possible for them to do that sure. Also it is possible for us (atleast for the iOS guys) to force FCC too
[2017-11-21 10:34:35]
bin4ry :
stock app can for sure reset you if wanted
[2017-11-21 10:35:15]
kvn :
I didn't get your last sentence
[2017-11-21 10:35:55]
kvn :
You mean that if it's possible for us to force fcc, then it's possible to stock app to set it back
[2017-11-21 10:36:05]
kvn :
(totally logique tho)
[2017-11-21 10:36:08]
kvn :
but that sucks
[2017-11-21 10:36:17]
bin4ry :
yeah that is waht i meant, sorry for my confusing sentence
[2017-11-21 10:36:22]
kvn :
I like to force FCC with Android and then use the stock iOs app
[2017-11-21 10:36:35]
kvn :
I really feel the app is more stable
[2017-11-21 10:36:57]
bin4ry :
if you use stock app they COULD add a check which forces you again to the region you are
[2017-11-21 10:37:06]
kvn :
yep
[2017-11-21 10:37:06]
bin4ry :
then use the patch from this guys here
[2017-11-21 10:37:15]
kvn :
I didn't dive into this yet
[2017-11-21 10:37:38]
bin4ry :
you should :wink:
[2017-11-21 10:37:41]
kvn :
My computer skills is too low to understand what's happening here so I didn't read that much latel
[2017-11-21 10:37:43]
kvn :
y
[2017-11-21 10:37:56]
kvn :
and as it was working fine until that new news, it was ok
[2017-11-21 10:38:17]
bin4ry :
yeah. maybe rollback to a earlier version then?
[2017-11-21 10:38:26]
bin4ry :
as a short term solution
[2017-11-21 10:38:28]
kvn :
I didn't update yet on iOs
[2017-11-21 10:38:34]
kvn :
and probably it's not rolled out yet
[2017-11-21 10:38:43]
kvn :
I only "heard" that on 4.1.18 Android app
[2017-11-21 10:38:47]
bin4ry :
ah ok
[2017-11-21 10:38:52]
kvn :
and was anticipating the iOs same prob
[2017-11-21 10:38:57]
bin4ry :
i did not look into 18 on android yet
[2017-11-21 10:39:02]
bin4ry :
and prolly wont have time too soon
[2017-11-21 10:39:09]
kvn :
I heard that on a facebook group
[2017-11-21 10:39:22]
kvn :
what uses your deejayeye mod
[2017-11-21 10:39:44]
bin4ry :
this info about the forcing back came from the FB group ?
[2017-11-21 10:39:52]
kvn :
<https://www.facebook.com/groups/145395996058649/>
[2017-11-21 10:39:54]
kvn :
yes
[2017-11-21 10:40:10]
bin4ry :
i do not want to join, can you screenshot ?
[2017-11-21 10:40:18]
kvn :
doing it
[2017-11-21 10:40:47]
kvn :
The guy is the admin and has a huge pinned post on how to install an APK he built based on your hack
[2017-11-21 10:40:53]
kvn :
mentionning your github etc
[2017-11-21 10:41:02]
bin4ry :
ah ok
[2017-11-21 10:41:18]
bin4ry :
i left the group after a few days i was in there
[2017-11-21 10:42:13]
bin4ry :
the problem with you screenshot is that there is no proof of this claim he makes there, it might be true, but it might not. I would test myself
[2017-11-21 10:42:14]
kvn :
There is even a pdf that explains how to
[2017-11-21 10:42:30]
kvn :
Yep, that's why I asked here if you knew
[2017-11-21 10:42:32]
bin4ry :
cool show it :smile:
[2017-11-21 10:42:37]
bin4ry :
i am intersted
[2017-11-21 10:42:37]
kvn :
but the guy seems to know what he is doing
[2017-11-21 10:42:44]
bin4ry :
might be true yes
[2017-11-21 10:42:50]
kvn :
It is really for novice ppl
[2017-11-21 10:43:36]
kvn :
(We might be in the wrong chan tho)
[2017-11-21 10:44:39]
bin4ry :
ok nice, he keeps the info that the patches come from my github etc.
[2017-11-21 10:44:54]
bin4ry :
i am fine with that pdf and tutorial
[2017-11-21 10:45:04]
bin4ry :
thats why i put the stuff on github, anyone can use it
[2017-11-21 10:45:47]
kvn :
Yes yes, that's why I didn't tell you anything as it seems the guy is fair
[2017-11-21 10:46:03]
kvn :
I asked him questions about the size of his APK which is bigger than yours
[2017-11-21 10:46:17]
kvn :
he took time to explain that it's about media folder/cloning etc
[2017-11-21 10:46:33]
kvn :
I don't use his app tho. Just wanted to "test" the guy a bit. He seems ok
[2017-11-21 10:46:43]
jezzab :
Removing fcc of what AC.?
[2017-11-21 10:46:55]
jezzab :
I heard the wifi change trick was removed
[2017-11-21 10:47:01]
bin4ry :
Cool. Yeah all fine. Could be he is legit. Could be he just noticed it by testing then. I personally did not look at version 18 yet
[2017-11-21 10:47:03]
jezzab :
On Spark
[2017-11-21 10:48:05]
jezzab :
If they mean dji.config, that’s long gone
[2017-11-21 10:48:12]
kvn :
no no
[2017-11-21 10:48:25]
kvn :
They mean using deejayeye mod
[2017-11-21 10:48:32]
jezzab :
Ohh
[2017-11-21 10:51:49]
bin4ry :
There is no mod for that version yet
[2017-11-21 10:57:23]
kvn :
I didn't explain myself clearly
[2017-11-21 10:57:54]
kvn :
They are talking about the stock 4.1.18. Apparently it resets back to CE without prompting the Wlan settings
[2017-11-21 10:59:02]
jezzab :
So you mean the Spark trick?
[2017-11-21 10:59:55]
kvn :
I mean if you use a modded apk to switch to FCC and the want to fly with the latest stock APK, it will reset your AC to CE
[2017-11-21 11:00:13]
jezzab :
Ah right
[2017-11-21 11:00:14]
kvn :
(It's not confirmed yet, it hear-say for now)
[2017-11-21 11:00:32]
bin4ry :
Might be true
[2017-11-21 11:00:42]
bin4ry :
Needs tests to confirm
[2017-11-21 11:00:57]
kvn :
The admin of the group asked for the APK and will be testing it now
[2017-11-21 11:01:08]
kvn :
(He is in UK and apparently in UK it's not released yet)
[2017-11-21 11:01:13]
kvn :
I'll keep you posted
[2017-11-21 11:01:25]
bin4ry :
Isn't danny the admin of that group?
[2017-11-21 11:01:39]
bin4ry :
Or is this another group (if yes I mixed them)
[2017-11-21 11:02:28]
jezzab :
Waiting to get iOS .18 decrypted.
[2017-11-21 11:05:32]
jezzab :
I reckon our iOS fcc hook will still work lol
[2017-11-21 11:05:45]
jezzab :
Dem hooks run deeeeeeeeep
[2017-11-21 12:42:26]
kvn :
He is named Damo Renn on facebook
[2017-11-21 12:42:36]
kvn :
But Dani sounds possible
[2017-11-21 12:42:56]
bin4ry :
isn't this this MyDJI FB group ?
[2017-11-21 12:43:02]
kvn :
FYI
[2017-11-21 12:43:19]
kvn :
iOS seems to be working still. Android seems to not work
[2017-11-21 12:43:26]
bin4ry :
might be anoither Fb group i think
[2017-11-21 12:43:30]
kvn :
DJI Mods - The Spark Side!
[2017-11-21 12:43:34]
kvn :
that's the group
[2017-11-21 12:43:43]
bin4ry :
the versioning between android an iOS is different
[2017-11-21 12:43:50]
bin4ry :
18 android != 18 iOS
[2017-11-21 12:43:57]
bin4ry :
it may come to next iOS version then
[2017-11-21 12:46:48]
kvn :
Probably
[2017-11-21 12:47:09]
kvn :
however they just released an update (got it an hour ago) on iOS and it's 4.1.18 also
[2017-11-21 12:47:53]
bin4ry :
ok
[2017-11-21 12:48:43]
kvn :
(well 3 days ago :slightly_smiling_face: I should check my updates more often)
[2017-11-22 00:20:11]
czokie :
@jezzab - Do you get this error?
[2017-11-22 00:20:58]
czokie :
That is just with a small 2 line piecce of code to include fastlane… I get the same in the genProvisioningProfile stuff as well
[2017-11-22 00:21:56]
czokie :
Not a big issue - just a warning - just curious if you had it to
[2017-11-22 00:32:55]
jezzab :
you sure that fastlane and ruby installed correctly?
[2017-11-22 00:33:32]
jezzab :
I remember I did have to do some fuckery with that
[2017-11-22 00:33:35]
czokie :
If I run it “ruby <filename> it works OK - only get the warning if I execute directly in shell.
[2017-11-22 00:33:48]
czokie :
Busy for a bit - will try more later
[2017-11-22 01:33:13]
czokie :
Spaceship::Portal.device.create!(name: iName, udid: iDevice)
[2017-11-22 01:33:19]
czokie :
Fails on this line @jezzab
[2017-11-22 01:33:46]
czokie :
```
/usr/local/rvm/gems/ruby-2.4.2/gems/fastlane-2.66.2/spaceship/lib/spaceship/base.rb:214:in `initialize': undefined method `each' for nil:NilClass (NoMethodError)
from /usr/local/rvm/gems/ruby-2.4.2/gems/fastlane-2.66.2/spaceship/lib/spaceship/portal/device.rb:158:in `new'
from /usr/local/rvm/gems/ruby-2.4.2/gems/fastlane-2.66.2/spaceship/lib/spaceship/portal/device.rb:158:in `create!'
from genProvisioningProfile.rb:22:in `<main>'
```
[2017-11-22 01:33:49]
jezzab :
you logged in?
[2017-11-22 01:33:54]
czokie :
Yuppers
[2017-11-22 01:34:08]
czokie :
I did a test by running “fastlane spaceship” and logged in that way
[2017-11-22 01:35:07]
jezzab :
im trying to think what version of ruby I was running as I tested it on a mac and I had to upgrade bcause it wouldnt even install
[2017-11-22 01:35:30]
czokie :
$ ruby --version
ruby 2.4.2p198 (2017-09-14 revision 59899) [x86_64-linux]
[2017-11-22 01:35:37]
czokie :
I did the same
[2017-11-22 01:35:44]
czokie :
installed via RVM to get a later version on board
[2017-11-22 01:36:47]
jezzab :
its either ruby or fastlane
[2017-11-22 01:47:15]
czokie :
All I know is - my “spaceship” is crashing and burning.
[2017-11-22 02:06:04]
jezzab :
and you used `sudo gem install fastlane` to install and there were no issues?
[2017-11-22 02:12:35]
jezzab :
Ok I gotta fly. Have the joy of spending the rest of the arvo on the Dyno tuning, in a old HZ they have shoe horned a new skool 6.2L V8 with a supercharger in. Not what I wanted to do on a 33oC day :confused:
Good luck
[2017-11-22 02:47:43]
czokie :
News.
[2017-11-22 02:48:11]
czokie :
genProvisioningProfile worked - I had a program that got my UDID supposedly without iTunes. The string it returned was a load of crap. After I gave a legit UDID, it worked fine first go
[2017-11-22 02:58:40]
hostile :
fuck yes!
[2017-11-22 03:36:50]
czokie :
```
[build@localhost ~]$ ruby genProvisionProfile.rb [user@example.com](mailto:user@example.com) passw0rd 1234567890abcdef1234567890abcdef12345678 user
Logging into Dev portal
Downloading new provisioning profile
[build@localhost ~]$
```
[2017-11-22 03:37:01]
czokie :
Just so you can see something real :slightly_smiling_face:
[2017-11-22 03:37:08]
hostile :
good job mate
[2017-11-22 03:38:04]
czokie :
This is currently dependent on manual stuff up front to get certs and keys happening - but the framework is solid. Love the title of the ruby module “Spaceship”
[2017-11-22 05:27:28]
jezzab :
What was changed with the genProvisioningProfile.rb?
[2017-11-22 05:31:58]
hostile :
you need that shit in a git repo!
[2017-11-22 05:31:59]
hostile :
:wink:
[2017-11-22 05:32:04]
hostile :
so you can track your learning
[2017-11-22 05:32:09]
hostile :
3 months from now
[2017-11-22 06:05:46]
czokie :
Very little changed I think… but I have some planned. Like said - the problem was the wrong UDID
[2017-11-22 06:05:59]
czokie :
But the next phase will be to think about the end to end process.
[2017-11-22 06:07:04]
czokie :
When we get a “No more slots available” for a device error - we can overflow to the next appleid
[2017-11-22 06:07:38]
czokie :
The first time we use a new appleid - we can generate a CSR, submit, get a cert, and add the other objects automatically….
[2017-11-22 06:08:10]
czokie :
But before we get there - I just want to do a few more simple commands to pull down the cert data from apple - instead of how I did it by hand so far….
[2017-11-22 21:35:16]
belkone :
Hi guys, i’m new here. I have a question about force FCC on iOS (.djiconfigs seems to doesn’t work with Spark). I know it is possible to enable FCC via Android app, but it is technically possible to do the patch for iOS app that will be works for Spark? Anyone succeed?
[2017-11-22 21:36:45]
czokie :
Dji config sis dead. They removed it
[2017-11-22 21:38:43]
belkone :
Yeah, They recently removed many improvements :(
[2017-11-22 21:42:49]
belkone :
Probably because lot od tweaks were publicly available. That's why I do not ask how to do it, only want to know if someone has succeeded or knows (knowing the code) that it is possible? I see djigo on ios has underground here, so i think it is a good place for question like this;)
[2017-11-22 21:43:04]
belkone :
Lots of*
[2017-11-22 21:43:50]
belkone :
I will try do it by myself of course, but it, nice to know that it is possible or not:)
[2017-11-22 21:44:37]
belkone :
but it is* sry for my phone’s dictionary
[2017-11-22 21:56:07]
spufmonkeyd :
Cheers for the shout out @kvn anyone is welcome to join the Facebook group :+1: just mention slack when joining so I know who's who :grin:
[2017-11-22 22:01:35]
jezzab :
Ill take squiz @spufmonkeyd;)
[2017-11-22 22:03:35]
jcarlo :
What's the name of the FB group?
[2017-11-22 22:04:52]
jezzab :
Wanna click on the Approve button?
[2017-11-22 22:05:47]
spufmonkeyd :
@jezzab DJI Mods - The Spark side is the group. It's based on @bin4ry's hard work and work of a few others in the group. We have all sorts going on from people pulling sparks apart and bolting batteries to em to extend flights to a distance competition with the leader at nearly a 5km flight!
[2017-11-22 22:11:46]
spufmonkeyd :
Your in @jezzab :+1:
[2017-11-22 22:46:53]
czokie :
@belkone Search for "PrettyWoman" on the wiki
[2017-11-23 00:39:53]
spufmonkeyd :
@jcarlo sorry bud just seen your request :+1:
[2017-11-23 02:13:22]
belkone :
@czokie thanks :-)
[2017-11-23 05:54:31]
czokie :
Questions: I am working on the workflow for the end to end management of certs and other nick-nacks associated with signing apps.
[2017-11-23 05:55:01]
czokie :
Question to @jezzab @hostile and @bin4ry - Lets say we start with 1 dev account, and add another one later (for capacity reasons). Should we either:
[2017-11-23 05:55:23]
czokie :
a: Use the same private key for both (and if so - we need to script private key creation and CSR generation outside fastlane), or
[2017-11-23 05:55:36]
czokie :
b: Use fastlane for generating private key (which is unique per CSR request).
[2017-11-23 05:55:41]
czokie :
Which would you pick and why?
[2017-11-23 05:56:03]
jezzab :
Id use the same lol and because its easier
[2017-11-23 05:56:39]
czokie :
Cool
[2017-11-23 05:57:29]
jezzab :
I think there should be a setup.py
[2017-11-23 05:57:36]
jezzab :
for each new dev account
[2017-11-23 05:57:45]
jezzab :
to create the key, cert and PP
[2017-11-23 05:58:19]
czokie :
Im looking at having all of this shit dynamic in a db…
[2017-11-23 05:58:37]
czokie :
and have it do the orchestration under the hood - Just simple admin gui
[2017-11-23 05:58:42]
jezzab :
Better way to go to keep up with the UDIDs
[2017-11-23 05:58:56]
jezzab :
and sorting iPad vs iPhone
[2017-11-23 05:59:11]
czokie :
There is a fastlane method to query by udid
[2017-11-23 05:59:21]
czokie :
we can get the device type back from apple I think
[2017-11-23 05:59:33]
jezzab :
It iffy that
[2017-11-23 05:59:46]
jezzab :
Ive had ones ive added before and its had no info for a couple of days
[2017-11-23 06:00:03]
czokie :
Never had that issue.
[2017-11-23 06:00:04]
jezzab :
I dont know why. @jcarlo was one
[2017-11-23 06:00:07]
czokie :
It was instant
[2017-11-23 06:00:17]
jezzab :
And how many UDIDs have you added before lol?
[2017-11-23 06:00:18]
czokie :
But not doing too many yet
[2017-11-23 06:00:23]
czokie :
Yeppers
[2017-11-23 06:00:30]
czokie :
Want to get this shit built before I add too many.
[2017-11-23 06:00:34]
czokie :
I need udid’s to test with
[2017-11-23 06:00:41]
jezzab :
It was almost like that it wasnt until the cert was verified by the device
[2017-11-23 06:00:42]
czokie :
after I build shit - not before :slightly_smiling_face:
[2017-11-23 06:00:47]
jezzab :
but that in itself is strange
[2017-11-23 06:01:02]
jezzab :
because others ive added are instant and i KNOW that the user isnt onine
[2017-11-23 06:01:07]
jezzab :
weird
[2017-11-23 06:01:15]
jezzab :
But yeah you could pull the info down
[2017-11-23 06:01:35]
jezzab :
IMHO though I would just use a DB and do the whole thing locally
[2017-11-23 06:02:47]
hostile :
sorry…. semi AFK for Thanks Giving
[2017-11-23 06:03:46]
jezzab :
We also dont know if the Apple API will get pissed if its smashed too much lol
[2017-11-23 06:17:49]
czokie :
I am not too worried about that.
[2017-11-23 06:18:03]
czokie :
There will be many companies doing continuous integration and smashing it
[2017-11-23 06:18:20]
czokie :
That can be another attribute against an account - which proxy to use :slightly_smiling_face:
[2017-11-23 06:18:42]
czokie :
if proxying is supported by spaceship - might look at that later
[2017-11-23 06:47:47]
jcarlo :
Yo someone looking for me lol
[2017-11-23 06:49:14]
jezzab :
All good mate
[2017-11-23 09:35:47]
czokie :
Starting to build out data structures associated with “Inspector Gadget”…
[2017-11-23 09:36:38]
czokie :
I wish there were more hours in the day … Sigh
[2017-11-23 16:38:33]
kilrah :
<https://www.dropbox.com/s/s6eaahwxhuuoc3h/DJI%20GO%204%20%5BDJI%5D%20%28v4.1.18%20v3018%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2017-11-23 17:01:19]
tylkologin :
@kilrah do you have jailbroken ipad? is it possible to have decrypted dji ground station pro ipa?
[2017-11-23 17:05:38]
sanxexevc :
hi all
[2017-11-23 17:05:51]
sanxexevc :
is anyone need 4.1.18 patched?
[2017-11-23 17:06:52]
sanxexevc :
its not problem coz all needed code is not removed yet
[2017-11-23 17:19:05]
sanxexevc :
only problem is to force US location
[2017-11-23 17:19:16]
sanxexevc :
may be somebody worked on it?
[2017-11-23 17:19:49]
kilrah :
@tylkologin <https://www.dropbox.com/s/g0c3o6hrvol2q7g/DJI%20GS%20Pro%20%5BDJI%20JAPAN%5D%20%28v1.8.0%20v3628%20iPad%20FW%20LP%20os93%29.rc336_1001.ipa?dl=1>
[2017-11-23 17:20:21]
tylkologin :
THX!!!!!! :D:D:D
[2017-11-23 17:30:44]
baldo81 :
hi, which is the fb group?
[2017-11-27 03:48:15]
czokie :
Heya sanx.
[2017-11-27 03:48:38]
sanxexevc :
)
[2017-11-27 03:48:48]
czokie :
Am I correct in my assumptions from the other channel? 7 days limit?
[2017-11-27 03:48:57]
sanxexevc :
yes, only 7 days
[2017-11-27 03:49:11]
sanxexevc :
after that need to reinstall
[2017-11-27 03:49:17]
sanxexevc :
or buy dev acc
[2017-11-27 03:49:22]
czokie :
FYI - Our frida process will work on unjailed iphone as well
[2017-11-27 03:49:38]
sanxexevc :
it's one more step with frida )
[2017-11-27 03:50:11]
czokie :
Ah. But the building of the IPA is something that can be automated…. Then, your tweaking is just in java - much more accessible - and updatable without rebuilding a binary.
[2017-11-27 03:50:39]
czokie :
Not trying to criticise your work - just trying to see how we can collaborate
[2017-11-27 03:51:11]
sanxexevc :
it's not problem
[2017-11-27 03:51:19]
sanxexevc :
where i can see your frida scripts?
[2017-11-27 03:51:28]
czokie :
All in the wiki
[2017-11-27 03:51:36]
sanxexevc :
maybe i will understand what are you doing with it )
[2017-11-27 03:51:37]
czokie :
search for PrettyWoman
[2017-11-27 03:51:43]
czokie :
“She was a hooker”
[2017-11-27 03:51:52]
czokie :
and we’re hooking the calls in DJI GO :slightly_smiling_face:
[2017-11-27 03:52:18]
czokie :
FYI also - we’re looking at an automated process of build, sign, provisioning profile with UDID etc…
[2017-11-27 03:53:04]
sanxexevc :
DNS-адрес сервера [dji.retroroms.info](http://dji.retroroms.info).
[2017-11-27 03:53:26]
sanxexevc :
my browser cant find DNS of it )
[2017-11-27 03:53:31]
czokie :
What country you in?
[2017-11-27 03:53:34]
sanxexevc :
RU
[2017-11-27 03:53:39]
czokie :
Thats why :slightly_smiling_face:
[2017-11-27 03:53:47]
czokie :
I had too much shit from RU - so I turned it off
[2017-11-27 03:53:51]
czokie :
:smile:
[2017-11-27 03:54:02]
czokie :
But - if we’ve got a legit participant there - I’ll turn it back on.
[2017-11-27 03:54:43]
sanxexevc :
no need
[2017-11-27 03:54:51]
sanxexevc :
im used proxy and it's works )
[2017-11-27 03:55:06]
czokie :
Yeah. But I can turn it on to make it easier anyway.
[2017-11-27 03:56:07]
czokie :
Now removing RU ip’s from blacklist :slightly_smiling_face:
[2017-11-27 03:56:11]
czokie :
Will take a bit ….
[2017-11-27 03:56:13]
sanxexevc :
sorry need to go )
[2017-11-27 03:56:37]
jezzab :
What hes has done is precisly what we have done. Same functions (ive just referrenced the locations he posted)
[2017-11-27 03:56:45]
jezzab :
its canUseIllegalChannels = 1
[2017-11-27 03:56:51]
jezzab :
and DJIAppSettings sdr_force_boost returns 1
[2017-11-27 03:57:03]
czokie :
yep
[2017-11-27 06:26:43]
sanxexevc :
yes
[2017-11-27 06:26:46]
sanxexevc :
nothing new )))
[2017-11-27 06:27:23]
sanxexevc :
jsfunction,DJIAppSettings,sdr_force_fcc,-,1,[*] Forced FCC Mode ACTIVATED,[*] Forced FCC mode already active,0
[2017-11-27 06:27:31]
sanxexevc :
you added only fcc
[2017-11-27 06:27:46]
sanxexevc :
need to add boost, force 2.3 and 2.5 options
[2017-11-27 06:27:49]
sanxexevc :
also
[2017-11-27 06:28:04]
sanxexevc :
we need to work on spoof country detection
[2017-11-27 06:28:17]
sanxexevc :
there is too hard for patching
[2017-11-27 06:28:17]
jezzab :
The way you did it you did it the same as us?
[2017-11-27 06:28:22]
jezzab :
When checking the function
[2017-11-27 06:28:33]
jezzab :
and you enabled 32 channel hack as well
[2017-11-27 06:28:34]
sanxexevc :
sorry dont understand
[2017-11-27 06:29:08]
jezzab :
ahh see what you did
[2017-11-27 06:30:00]
jezzab :
`DJIAppSettings sdr_force_boost](DJIAppSettings]`
[2017-11-27 06:30:24]
jezzab :
The reason we went for the fcc only was because of the reports of problems with boost?
[2017-11-27 06:30:37]
sanxexevc :
bool __cdecl -[DJIAppSettings sdr_force_fcc](DJIAppSettings *self, SEL a2)
{
return 1;
}
[2017-11-27 06:30:39]
sanxexevc :
and so on
[2017-11-27 06:30:45]
jezzab :
yes
[2017-11-27 06:30:58]
sanxexevc :
boost no problems
[2017-11-27 06:31:03]
jezzab :
ok
[2017-11-27 06:31:08]
sanxexevc :
im flying with it from jule
[2017-11-27 06:31:14]
jezzab :
problem is P4 it wont be applied?
[2017-11-27 06:31:16]
sanxexevc :
when i found this hack )
[2017-11-27 06:31:31]
sanxexevc :
dont know about p4
[2017-11-27 06:31:35]
sanxexevc :
im mavic user
[2017-11-27 06:31:50]
jezzab :
Because the force_fcc and force_boost isnt called if its not a Mavic
[2017-11-27 06:31:58]
jezzab :
does a `Product Code` check
[2017-11-27 06:32:21]
czokie :
Indeed.
[2017-11-27 06:32:22]
sanxexevc :
not only mavic
[2017-11-27 06:32:30]
czokie :
We tried spoofing product code.
[2017-11-27 06:32:38]
czokie :
which worked - but there were side effects.
[2017-11-27 06:32:43]
sanxexevc :
2 codes im see
[2017-11-27 06:32:48]
jezzab :
yes
[2017-11-27 06:32:48]
czokie :
Video on p4p works only sometimes.
[2017-11-27 06:33:10]
czokie :
Guessing that the model might be detected when it tries to find out what video protocol - occusync versus lightbridge
[2017-11-27 06:33:22]
czokie :
and if it sets that up before we stop spoofing the product, we’re screwed.
[2017-11-27 06:33:52]
sanxexevc :
if ( +[DJIProductManager currentProductCode](&OBJC_CLASS___DJIProductManager, "currentProductCode") == (void *)0xD
|| +[DJIProductManager currentProductCode](&OBJC_CLASS___DJIProductManager, "currentProductCode") == (void *)0x15 )
[2017-11-27 06:34:13]
czokie :
On our to-do list to tweak the java to set a flag that will tell the other product code spoofer “I am checking FCC now”
[2017-11-27 06:34:18]
czokie :
and only spoof when that flag is true
[2017-11-27 06:35:19]
jezzab :
I dont know what 0x15 is
[2017-11-27 06:35:33]
jezzab :
0xD = Mavic (13)
[2017-11-27 06:35:51]
jezzab :
```Mavic Pro 13
P4 4
Spark 26
Mavic Plat 21?```
[2017-11-27 06:35:57]
sanxexevc :
im dont know too )))
[2017-11-27 06:36:02]
sanxexevc :
unsigned __int64 __cdecl +[DJIProductManager currentProductCode](DJIProductManager_meta *self, SEL a2)
{
DJIProductManager *v2; // x0
void *v3; // x0
void *v4; // x19
void *v5; // x0
void *v6; // x20
void *v7; // x21
v2 = +[DJIProductManager sharedInstance](&OBJC_CLASS___DJIProductManager, "sharedInstance");
v3 = (void *)objc_retainAutoreleasedReturnValue(v2);
v4 = v3;
v5 = objc_msgSend(v3, "currentProductType");
v6 = (void *)objc_retainAutoreleasedReturnValue(v5);
v7 = objc_msgSend(v6, "type");
objc_release(v6);
objc_release(v4);
return (unsigned __int64)v7;
}
[2017-11-27 06:36:13]
sanxexevc :
it can be changed easily here
[2017-11-27 06:36:23]
jezzab :
yes but its called all the time
[2017-11-27 06:36:24]
jezzab :
over and over
[2017-11-27 06:36:37]
sanxexevc :
ahh, it may produce bugs )
[2017-11-27 06:36:55]
jezzab :
see I look for the check while running and change it to 0xD then it goes through the force_fcc function and then the moment its called i switch back
[2017-11-27 06:37:08]
jezzab :
but yes. can cause many problems if you changed it all the time
[2017-11-27 06:37:19]
jezzab :
would load the wrong screen and many many more things
[2017-11-27 06:37:29]
bin4ry :
Hey
[2017-11-27 06:37:32]
bin4ry :
Just lurking here
[2017-11-27 06:37:34]
jezzab :
ello
[2017-11-27 06:37:40]
bin4ry :
I patched smth similar
[2017-11-27 06:37:45]
jezzab :
:wink:
[2017-11-27 06:37:47]
jezzab :
I saw
[2017-11-27 06:37:58]
jezzab :
The equiv in android
[2017-11-27 06:38:03]
bin4ry :
You cannot patch all positions. Only remove the check on one function
[2017-11-27 06:38:11]
bin4ry :
Since they reuuse product checks
[2017-11-27 06:38:15]
jezzab :
yup
[2017-11-27 06:38:17]
bin4ry :
So remove the call to that
[2017-11-27 06:38:37]
bin4ry :
Same was on spark, they checked for spark to disable some stuff
[2017-11-27 06:38:40]
jezzab :
if i debug it then write console everytime its called its called continuously. Streams the page
[2017-11-27 06:39:03]
bin4ry :
Once we activated it we had strange behaviours , I I just removed that one check and all worked:joy:
[2017-11-27 06:39:11]
jezzab :
lol
[2017-11-27 06:39:17]
bin4ry :
Or add a specific model to the check list
[2017-11-27 06:39:35]
bin4ry :
But I have not looked in the posted code tbh just telling from android
[2017-11-27 06:41:26]
sanxexevc :
__objc_methname:000000010226064B 00000014 C getCountryCodeByMMC
__objc_methname:000000010226065F 00000014 C getCountryCodeByMCC
__objc_methname:0000000102260673 00000015 C getCountryCodeFromIP
__objc_methname:00000001022605ED 00000021 C getCountryCodeFromMobileLocation
__objc_methname:000000010226092C 0000001F C getCountryCodeFromSDKAndLocal:
__objc_methname:00000001023AA7C1 0000001E C getCountryCodeUAV:completion:
[2017-11-27 06:41:36]
sanxexevc :
need to spoof these functions also
[2017-11-27 06:41:45]
sanxexevc :
to return always US
[2017-11-27 06:42:48]
sanxexevc :
it will be always in FCC mode if we will done this
[2017-11-27 06:43:08]
sanxexevc :
with patch its not easy
[2017-11-27 06:43:15]
sanxexevc :
but with frida - yes )
[2017-11-27 06:49:19]
sanxexevc :
hmm
[2017-11-27 06:49:27]
sanxexevc :
maybe setCountryCode:withSource: will be enough
[2017-11-27 06:51:34]
sanxexevc :
spoof a3 to US and may be it will works )
[2017-11-27 09:09:04]
czokie :
Thinking of rails for this ruby stuff - never played with it before - but learning :slightly_smiling_face:
[2017-11-27 14:41:46]
adrian :
rails is kewl
[2017-11-27 14:41:54]
adrian :
rails is smooth
[2017-11-27 14:42:05]
adrian :
rails is a mature framework
[2017-11-27 14:42:13]
adrian :
good for you for trying it
[2017-11-27 18:38:09]
czokie :
Yeah... I can do with some help from the peanut gallery soon :slightly_smiling_face:
[2017-11-27 19:46:57]
belkone :
Hello guyz, what are you using as dissassembler? Hopper or maybe something better?
[2017-11-27 19:47:51]
belkone :
And.. any updates of tweaks for a spark user or only mavic users here?:p
[2017-11-27 20:19:38]
czokie :
IOS tweaks work on all DJI products… People are using a variety of disassemblers including hopper, ida, and probably others
[2017-11-28 06:29:21]
sanxexevc :
IDA with hexrays is the best variant
[2017-11-28 06:32:55]
czokie :
ya
[2017-11-28 12:09:47]
cs2000 :
Right, im back!, been moving house and had no internet! boo! I cant find it through search, could some link me to @kilrah's 4.1.18 decrypted file so i can get the torrent sorted please?
[2017-11-28 12:12:09]
jezzab :
[2017-11-28 12:13:57]
kilrah :
welcome back
[2017-11-28 12:14:05]
kilrah :
i noticed that in your bins folder the mavic rc ones are missing
[2017-11-28 12:14:52]
cs2000 :
There should be 10 files in there? Should be everything that is/was on the GitHub repo unless ive missed some
[2017-11-28 12:15:01]
cs2000 :
and thanks :slightly_smiling_face:
[2017-11-28 12:17:27]
kilrah :
ah didn’t see the rc subfolder, was expecting it at the level above like the goggles
[2017-11-28 12:18:42]
cs2000 :
Ahh sorry lol. Yeah for the 2 models with RC firmware (Spark and Mavic) they have their own RC directory :wink:
[2017-11-28 12:21:29]
cs2000 :
4.1.18 torrent now up, thanks for the link :slightly_smiling_face: I saw it days ago on my phone, but had no way if doing anything with it
[2017-11-28 13:33:47]
haloweenhamster :
Have people been looking at or using the 4.1,18 app? do pano / sphere export to camera roll? Can you see where the stitched files are kept if not?
[2017-11-28 13:48:12]
bin4ry :
<!here> could anyone be so kind and upload the assets from the ios app for me?
[2017-11-28 13:48:23]
bin4ry :
i want to compare them to the android one
[2017-11-28 13:48:24]
bin4ry :
:slightly_smiling_face:
[2017-11-28 13:57:20]
cs2000 :
@bin4ry the assets.car file? or the whole app?
[2017-11-28 13:57:58]
bin4ry :
only the assets would be enough. as i am an iOS noob, what is a car file? can it be extracted easily?
[2017-11-28 14:32:11]
cs2000 :
Just extracting on the Mac, give me a few mins
[2017-11-28 14:58:30]
cs2000 :
Uploading them now, that took forever!
[2017-11-28 15:01:40]
bin4ry :
thx
[2017-11-28 15:04:58]
cs2000 :
<http://dji.polybotes.feralhosting.com/4.1.18_Assets/>
There is a ZIP file (4.1.18_Assets.zip) with them all in, or they're uploaded individually too.
[2017-11-28 15:05:38]
bin4ry :
thank you very much
[2017-11-28 15:05:48]
bin4ry :
got them
[2017-11-28 15:05:59]
cs2000 :
no probs, wow that was fast !
[2017-11-28 15:06:09]
bin4ry :
yah, download speed was pretty high
[2017-11-28 15:06:10]
bin4ry :
:wink:
[2017-11-28 15:09:07]
bin4ry :
so only pngs inside that
[2017-11-28 15:09:24]
bin4ry :
i hoped for the others too like on android, but seems it is different on ios
[2017-11-28 15:09:38]
cs2000 :
yeah, that was the largest of 4 asset files
[2017-11-28 15:09:50]
cs2000 :
the others were like 96KB and things
[2017-11-28 15:09:59]
bin4ry :
yah no prob
[2017-11-28 15:10:06]
bin4ry :
i was seraching for product_XX files
[2017-11-28 15:10:11]
bin4ry :
or IF there are any on ios
[2017-12-04 08:18:56]
czokie :
Just to confirm - Playing is still on my to-do list and finishing the tools for generating IPA's... Just been unwell lately... but one interesting observation from my sick bed. I got a new iPhone. I had a self signed app (signed with a DEV cert) that had my UDID for my old device in it. Nothing unusual. What is unusual is when I restored from iTunes backup to my new phone - and I was able to run the copy of DJI GO 4... Interesting. I am gathering that the installer is what checks the cert and if its a DEV cert, it checks UDID only during install. Execution signing checks it would appear don't care about the UDID...
[2017-12-04 08:19:19]
czokie :
But back to the other topic - intend to do this over the holiday break...
[2017-12-04 11:52:21]
invernomuto :
I have a question to ask: can I install DJI GO versions modified on IOS? sorry for the inconvenience
[2017-12-04 11:56:51]
kilrah :
!wiki
[2017-12-04 16:53:45]
umbr4 :
@czokie I didn't think IPA were stored in the backup anymore since they started thinning them on the device.
[2017-12-04 16:58:53]
umbr4 :
but maybe that is only for "production" IPAs delivered from the app store.
[2017-12-04 19:22:46]
czokie :
@umbr4 There are ways of still getting the IPA files... That old iTunes version still works for proxy SSL pinning bypass for example
[2017-12-04 20:13:32]
ltlasset :
What is the best version of go to run on iOS?
[2017-12-04 20:24:38]
czokie :
Depends on your requirements... but personally, I run .18 modded with Frida and the PrettyWoman script :slightly_smiling_face:
[2017-12-04 21:55:34]
ltlasset :
How do you mod an iOS version?
[2017-12-04 21:55:49]
ltlasset :
Jail breaking is effectively dead
[2017-12-04 21:58:41]
kilrah :
!wiki
[2017-12-04 22:05:19]
cs2000 :
I run the same as czokie (as far as I know)
[2017-12-04 22:05:58]
cs2000 :
The IPA solution is available to “home build” on info from the wiki, but not available to purchase as a service. Yet.
[2017-12-04 22:48:39]
czokie :
Maybe will be available in time for Christmas
[2017-12-04 22:48:47]
czokie :
:)
[2017-12-04 22:51:50]
cs2000 :
Will be amazing when released. Works so well !!
[2017-12-05 02:50:24]
ltlasset :
Where can I find the PrettyWoman Script?
[2017-12-05 02:50:33]
czokie :
!wiki
[2017-12-05 02:50:44]
czokie :
:slightly_smiling_face:
[2017-12-05 02:51:02]
ltlasset :
Ignore, found
[2017-12-05 02:51:12]
ltlasset :
was overlooking it for a second
[2017-12-05 02:51:42]
czokie :
You dont actually need to run it - you can just use the JS file it creates if you prefer
[2017-12-05 02:52:13]
ltlasset :
I do have one question i can't find a clear answer for on the wiki.... if I do a firmware downgrade on the spark to 300, and remove the NFZ and Altitude limit by changing it in the parameters on the drone, I still need to have a modded iOS or Android Go app correct?
[2017-12-05 02:52:26]
czokie :
Later - ther ewill be a self serve tool where you get to turn on or off options - and it will create your IPA for you - when I get time
[2017-12-05 02:52:40]
czokie :
Depends on what yo want
[2017-12-05 02:52:41]
ltlasset :
that sounds awesome. lol
[2017-12-05 02:52:46]
czokie :
modded app does other things
[2017-12-05 02:52:52]
czokie :
for example FCC
[2017-12-05 02:53:03]
ltlasset :
yeah I get that, I am in the US so don't really need that unless i go on vacation
[2017-12-05 02:53:03]
czokie :
or "admin mode" access to data
[2017-12-05 02:53:24]
ltlasset :
i also know it adds the Mavic modes to Spark, which I do like (on the APK one, not sure if we can do that on the iOS version)
[2017-12-05 02:53:31]
czokie :
Eventually - we will have a boost mode as well
[2017-12-05 02:53:38]
czokie :
or for p4p - we have 32ch mode
[2017-12-05 02:53:54]
ltlasset :
my Sport+ mods seem to work on the drone without a modded iOS app
[2017-12-05 02:54:00]
czokie :
yep
[2017-12-05 02:54:06]
ltlasset :
I just don't know if the height limit will
[2017-12-05 02:54:23]
czokie :
Modded app is not about limit tweaks - it is about changing the app - totally seperate
[2017-12-05 02:54:23]
ltlasset :
i removed it in the Spark parameters, but I am going to assume the go app, as is, will still limit me to 120m
[2017-12-05 02:54:40]
ltlasset :
i see
[2017-12-05 02:55:11]
ltlasset :
will I still be able to take off and land in a arbitrary NFZ, or do I need to mod the app for that?
[2017-12-05 02:55:31]
czokie :
Suggest read the page - it shows you what calls it makes.
[2017-12-05 02:55:45]
czokie :
The csv is a summary of everything
[2017-12-05 02:55:53]
czokie :
for example - block updates etc
[2017-12-05 02:56:24]
ltlasset :
the pretty woman page?
[2017-12-05 02:56:30]
czokie :
yes
[2017-12-05 02:56:35]
czokie :
<http://dji.retroroms.info/howto/fridahooklibrary?s[]=prettywoman>
[2017-12-05 02:56:38]
ltlasset :
yeah I have seen that others have removed the NFZ database from the app, which is great
[2017-12-05 02:56:59]
ltlasset :
I'm just unsure why there is even a firmware/parameter on the drone if the NFZ is controlled from the app
[2017-12-05 02:56:59]
czokie :
The CSV is a list of all supported mods so far - Others will come - but for now, I'm sick in bed.... so another time :slightly_smiling_face:
[2017-12-05 02:58:22]
ltlasset :
Hope you feel better
[2017-12-05 06:57:23]
kilrah :
Yes you do otherwise the app will lock your spark for not being on >=600
[2017-12-06 01:24:08]
ensjesse :
@ltlasset There is a NFZ on AC itself and then the one inside of the app. I do not know if it is changed when the application connects to DJI or if it is bundled with the application. I do know that my P4P will refuse to fly more than 30M on my Ipad running 4.1.12 and only after trying to start in a NFZ and not accepting their agreement. The application now gives a flight controller error and tells me to restart
[2017-12-06 01:24:48]
ensjesse :
My iphone is on 4.1.2 and I do not have this issue with NFZ mod
[2017-12-06 01:25:26]
ensjesse :
Have not tested outside of 500M for altitude so I can not confirm if the application will still limit that.
[2017-12-06 01:27:46]
ensjesse :
I wonder what version that checking started. Maybe because I did not accept the agreement that I was flying at my own risk when starting in that NFZ it flagged the app to do that. If I delete the app I need to download new version or roll back
[2017-12-06 01:28:54]
ensjesse :
Problem is the new version not only has that mandatory quiz before flight but worried it might detect the mods straight on. Either way while It was going to let me take off in the NFZ the app didnt like it .12. And tried to limit flight as much as possible.
[2017-12-06 19:23:28]
ensjesse :
Per the wiki NFZ update from the server in the application was added in version 4.1.0
[2017-12-06 19:23:43]
ensjesse :
Not sure if the same for IOS and Android but I al guessing so
[2017-12-12 15:56:24]
hostile :
hey @czokie is the Pretty Woman stuff in the Wiki, I was trying to point someone to it, and my searching is failing!
[2017-12-12 15:56:47]
hostile :
<http://dji.retroroms.info/start?do=search&id=pretty>
[2017-12-12 15:56:47]
hostile :
so weird!
[2017-12-12 15:56:55]
hostile :
cuz I know pretty womain is refrenced on the FRIDA hooks page.
[2017-12-12 15:57:11]
hostile :
<http://dji.retroroms.info/howto/fridahooklibrary?s%5B%5D=prettywoman>
[2017-12-12 18:06:41]
czokie :
<http://dji.retroroms.info/start?do=search&id=prettywoman>
[2017-12-12 18:07:03]
czokie :
@hostile That worked for me. prettywoman is one word - it does not hit on partial word matches
[2017-12-12 18:12:39]
hostile :
“it does not hit on partial word matches” explains it!
[2017-12-12 18:12:43]
hostile :
thx mate
[2017-12-12 18:42:45]
czokie :
I had been meaning to tweak the search results - It was returning “wiki text” before. I’ve now installed a text renderer that works with search - looks pretty now :slightly_smiling_face: …. Still full word matches, but looks nicer
[2017-12-16 21:50:58]
czokie :
OK. I’m starting to feel better health wise… Still not 100% but playing with the bird again. Had a fly yesterday… New phone (iPhone X). Interesting observations. When I did a “restore” from my old phone, it didnt complain about the patched GO4 app… Now I think I know why. The app on the phone didnt appear to have patches installed when I flew… so it probably got a copy online instead of using the itunes backup. Fair enough. But, what was interesting was that the version installed appears to be crashing… Not sure if its due to this magic date bug or not - but this is what I get….
[2017-12-16 21:51:08]
czokie :
```
Dec 17 08:44:11 My-iPhone DJI GO 4(CFNetwork)[5842] <Notice>: Task <4AE5B652-9EF3-4A9A-82A5-777A5C7FD2D8>.<0> received response, status 201 content K
Dec 17 08:44:11 My-iPhone DJI GO 4(CFNetwork)[5842] <Notice>: Task <4AE5B652-9EF3-4A9A-82A5-777A5C7FD2D8>.<0> response ended
Dec 17 08:44:12 My-iPhone DJI GO 4(JavaScriptCore)[5842] <Notice>: Got memory pressure notification (critical)
Dec 17 08:44:12 My-iPhone DJI GO 4(JavaScriptCore)[5842] <Notice>: Memory pressure relief: Total: res = 306053120/306216960/163840, res+swap = 1350585008/1350601392/16384
Dec 17 08:44:12 My-iPhone DJI GO 4(UIKit)[5842] <Notice>: Received memory warning.
Dec 17 08:44:12 My-iPhone DJI GO 4(JavaScriptCore)[5842] <Notice>: Got memory pressure notification (critical)
Dec 17 08:44:12 My-iPhone DJI GO 4(JavaScriptCore)[5842] <Notice>: Memory pressure relief: Total: res = 314621952/314621952/0, res+swap = 1345784496/1345784496/0
Dec 17 08:44:12 My-iPhone DJI GO 4(UIKit)[5842] <Notice>: Received memory warning.
Dec 17 08:44:12 My-iPhone DJI GO 4(JavaScriptCore)[5842] <Notice>: Got memory pressure notification (critical)
Dec 17 08:44:12 My-iPhone DJI GO 4(JavaScriptCore)[5842] <Notice>: Memory pressure relief: Total: res = 319488000/319488000/0, res+swap = 1350634160/1350634160/0
Dec 17 08:44:12 My-iPhone DJI GO 4(UIKit)[5842] <Notice>: Received memory warning.
Dec 17 08:44:12 My-iPhone DJI GO 4(JavaScriptCore)[5842] <Notice>: Got memory pressure notification (critical)
Dec 17 08:44:12 My-iPhone DJI GO 4(JavaScriptCore)[5842] <Notice>: Memory pressure relief: Total: res = 319602688/319602688/0, res+swap = 1350585008/1350585008/0
Dec 17 08:44:12 My-iPhone DJI GO 4(UIKit)[5842] <Notice>: Received memory warning.
Dec 17 08:44:15 My-iPhone kernel[0] <Notice>: EXC_RESOURCE -> DJI GO 4[5842] exceeded mem limit: ActiveHard 1400 MB (fatal)
Dec 17 08:44:15 My-iPhone kernel[0] <Notice>: 183775.580 memorystatus: killing_specific_process pid 5842 [DJI GO 4] (per-process-limit 10) - memorystatus_available_pages: 19522
Dec 17 08:44:15 My-iPhone locationd[5451] <Notice>: Client com.dji.go disconnected
```
[2017-12-16 21:53:16]
czokie :
Just googled a bit. This happens while trying to do a flight record sync. Current IOS is 11.1.1 - Update to 11.2.1 is available… and it appears 11.1.1 is the affected version… Just sharing for others that might see this.
[2017-12-16 21:56:01]
czokie :
Interesting observation. This bug is only meant to affect apps that do “local notifications” if I remember correctly.
[2017-12-16 22:18:33]
hostile :
interesting
[2017-12-17 07:51:06]
kilrah :
yup it's known that GO failed to run on 11.1.1, 11.2 fixed it
[2017-12-17 07:51:50]
kilrah :
and yes it's been years since apps were last backed up, all it does is keep a list of what's installed and grabs them from the store again on a restore.
[2017-12-17 18:35:53]
p :
RE: Frida/PrettyWoman, the wiki article says both:
`In the near future, this type of hook method will be able to be run on a modified app launched from Springboard.`
`The config below can be used for stand-alone hooks, allowing you to open DJI GO 4 from springboard.`
[2017-12-17 18:36:30]
p :
Does that mean that it is, or is not possible to launch a patched version from Springboard?
[2017-12-17 18:36:49]
p :
Just attempting the process for the first time...
[2017-12-17 18:56:37]
p :
Also, how can I get a decrypted copy of the ipa without jailbreaking?
[2017-12-17 19:02:00]
tylkologin :
<http://dji.retroroms.info/howto/firmware>
[2017-12-17 19:02:07]
tylkologin :
at the very bottom of the page
[2017-12-17 19:04:14]
p :
@tylkologin Thanks, I'm assuming they were taken from jailbroken devices?
[2017-12-17 19:04:46]
p :
Just like to understand the process end-to-end, so was trying to do it all myself if possible
[2017-12-17 19:05:48]
tylkologin :
yes. these images are from jailbroken device. you have to sign them before you install one of them on your device.
[2017-12-17 19:57:40]
p :
Right, so starting with one of the unencrypted IPAs, I:
* Patch it with Frida using `insert_dylib`
* Sign it with `applesign` and my own `embedded.mobileprovision`
* Deploy it with `ios-deploy`
?
[2017-12-17 20:11:13]
czokie :
@p You can do it yourself... but code signing limits you to 1 week unless you get an apple developer account - which extends that to 1 year
[2017-12-17 20:13:43]
p :
@czokie That's ok, I have a Developer Account
[2017-12-17 20:35:00]
czokie :
If you like - the simpler way is with Objection - It will do the patch / sign / deploy in one simple step
[2017-12-17 20:36:47]
p :
Thanks, will have a look at that as well
[2017-12-17 20:38:54]
czokie :
Its funny - I’ve been away from it all for a bit - Went to patch .18 the other day - needed to add a new UDID … Nothing magical. Stuff I had done before. But I got e8008019 this time - Will play some more soon. Let me know if you have any roadblocks
[2017-12-17 20:39:18]
p :
I did:
```
$ applesign -i 3D62096F812A46BEE702E189E1595EDDD765CAA3 -m embedded.mobileprovision -I FridaGadget.dylib -b info.p8952.DJI-GO-4-FCC DJI\ GO\ 4.ipa
$ unzip DJI\ GO\ 4-resigned.ipa -d DJI\ GO\ 4-resigned
$ ios-deploy --bundle DJI\ GO\ 4-resigned/Payload/DJI\ GO\ 4.app --id e86a3f6c41a6bc8bb1e826a7bfed79d0e308e02e
```
But seem to have an entitlements issue:
```
2017-12-17 20:33:43.892 ios-deploy[7824:188544] [ !! ] Error 0xe8008016: The executable was signed with invalid entitlements. AMDeviceSecureInstallApplication(0, device, url, options, install_callback, 0)
```
[2017-12-17 20:39:37]
czokie :
FYI - <http://docwiki.appmethod.com/appmethod/1.16/topics/en/RunIOSDeviceFailedHelpPage> has been a great resource :slightly_smiling_face:
[2017-12-17 20:40:33]
czokie :
Thats why objection is good - it handles a lot of that shit for you automagically
[2017-12-17 20:40:47]
czokie :
I assume you’re on OSX
[2017-12-17 20:40:53]
czokie :
and using xcode
[2017-12-17 20:41:23]
czokie :
to build your provisioning profile?
[2017-12-17 20:41:27]
p :
Yeah, High Sierra, XCode 9.2
[2017-12-17 20:42:21]
czokie :
Give objection a shot - will save a lot of time
[2017-12-17 20:43:25]
p :
Ah, does `embedded.mobileprovision` contain entitlements as well as signing info? Might explain my issue
[2017-12-17 20:43:32]
p :
Ok, will give Objection a go
[2017-12-17 20:44:36]
czokie :
Also - I dont see you injecting objection
[2017-12-17 20:44:45]
czokie :
insert_dylib is needed as well…
[2017-12-17 20:44:51]
czokie :
but objection will do that for you
[2017-12-17 20:45:43]
czokie :
<https://dji.retroroms.info/howto/iosfrida>
[2017-12-17 20:45:48]
czokie :
That page is your friend
[2017-12-17 20:46:05]
p :
Injecting Frida? Looking at the docs for applesign I figured that could handle injection using `-I`
[2017-12-17 20:46:13]
p :
Thanks, not seen that page before, will go over it now
[2017-12-17 20:46:21]
czokie :
Its a step by step
[2017-12-17 20:46:55]
p :
That should make it easier :slightly_smiling_face: I was mostly following this before: <https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/october/ios-instrumentation-without-jailbreak/>
[2017-12-17 20:48:13]
czokie :
Yeah. That was part of the source material when the page was written - but no single page had everything we wanted that worked reliably. This method works 100%
[2017-12-17 20:49:06]
czokie :
But fyi - I am doing a different method that is failing for me - I am doing some stuff using Fastlane Spaceship to interact with the apple developer portal - to make it scalable - but I’ve been away for a bit - and need to re-learn what I previously had working
[2017-12-17 22:11:22]
p :
@czokie Do you know if Objection can change the bundle id? With applesign I was using `--bundleid info.p8952.djipatched` so it wouldn't conflict with my stock DJI app.
[2017-12-17 22:14:01]
p :
Hmm, looks like it just shells out to applesign so should be able to do it there <https://github.com/sensepost/objection/blob/master/objection/utils/patchers/ios.py#L397>
[2017-12-17 22:44:25]
cs2000 :
@czokie & @jezzab, since (i think) were running the same app, modified in the same way, can you guys try something. Im using DJI GO 4.1.17-frida-codesigned2 and was trying to show someone so recorded video in the app, but after X amount of seconds it kept crashing. Using the latest iOS so cant be that, wondering if its a consequence of our meddling in the app? or just something weird on my device.
[2017-12-17 22:45:28]
czokie :
@cs2000 - I am seeing some weird stuff in my iphone running latest IOS in debug logs - They’re scrolling faster than the stock exchange ticker for all stocks :slightly_smiling_face:
[2017-12-17 22:46:34]
czokie :
I have a feeling that the current IOS fix helped (it was crashing DJI go repeatably)…. Not sure that is 100% stable yet tho.
[2017-12-17 23:18:07]
p :
Making good progress, got some Frida swizzle hooks running in debug mode
[2017-12-17 23:18:21]
czokie :
Well done!
[2017-12-17 23:19:31]
p :
When would I expect sdr_force_fcc to get called? If I log the value of shouldShowTerms I get that on app start and then multiple times after, but nothing for sdr_force_fcc even after connecting to RC, and clicking "Start Flight". Do you know if I need to take off before that gets checked?
[2017-12-17 23:20:13]
jcarlo :
@cs2000 I'm using the same app too. Flew this morning. No crashes.
[2017-12-17 23:20:33]
cs2000 :
@jcarlo The app itself worked fine for flight
[2017-12-17 23:20:56]
cs2000 :
It was replaying the video thats stored in the app where i got crashing issues. Maybe after 1-2 mind of playback
[2017-12-17 23:21:01]
cs2000 :
on multiple occasions
[2017-12-17 23:21:07]
p :
Hmm, probably an issue with my hook
[2017-12-17 23:23:07]
jcarlo :
@cs2000Ok I haven't tried replaying.
[2017-12-17 23:24:53]
cs2000 :
I know most people probably havnt, and there's only a few of us using this app, hence the question :slightly_smiling_face:
[2017-12-17 23:26:18]
czokie :
@cs2000 - Assuming you have a mac - fire up xcode, and have a look at the debug logs….
[2017-12-17 23:26:31]
jezzab :
@p it is call thed moment you press on "Start Flight"
[2017-12-17 23:26:41]
jezzab :
it will also be called even if you just have the RC on there
[2017-12-17 23:28:41]
jezzab :
What is your AC @p?
[2017-12-17 23:29:43]
czokie :
@p - Check out <http://dji.retroroms.info/howto/fridahooklibrary#tweakjs> for a working hook file…
[2017-12-17 23:30:18]
czokie :
But - note: There is one known problem with that file if you are not running a mavic … Let me know if you have something else - Just need to remove some bits
[2017-12-17 23:31:34]
jezzab :
If your not running a Mavic then that function will not be called
[2017-12-17 23:34:00]
p :
@czokie I have a Spark
[2017-12-17 23:34:33]
p :
I tried that but neither of the messages log, even during/after take off
[2017-12-17 23:46:56]
jezzab :
there is a product code check of `21 || 13` for calling the `sdr_forcefcc` function
[2017-12-17 23:47:09]
jezzab :
Spark = 26
[2017-12-17 23:48:27]
p :
@jezzab In DJI GO? Not the hook?
[2017-12-17 23:48:40]
jezzab :
In the app mate
[2017-12-17 23:48:42]
jezzab :
Thats the flow
[2017-12-17 23:51:50]
jezzab :
In earlier version (<4.1.13) the `djiConfig` file was read in if there. Then it was parsed and the `sdr_force_fcc` was called with the byte in the `djiConfig` file. Later versions this was removed (the loading and parsing) and the `sdr_force_fcc` was hard coded to 0
[2017-12-17 23:52:14]
jezzab :
Which is fine and the hook will work but there is a check of the product code of the AC
[2017-12-17 23:53:03]
jezzab :
If its not Mavic and Mavic Plat (unconfirmed) then it wont call the `sdr_force_fcc` function at all
[2017-12-17 23:56:12]
p :
@jezzab Thanks for the explanation. So does that mean if I start poking around with a disassembler I should be able to identify the function doing the product code check, and then using Frida patch that to also check for the Spark product code?
[2017-12-17 23:56:29]
czokie :
@p - The existing code in the hook at the link I sent does that
[2017-12-17 23:56:30]
czokie :
BUT
[2017-12-17 23:56:34]
czokie :
there is a side effect.
[2017-12-17 23:56:54]
czokie :
We are “spoofing” the product code… That fixes FCC - but that function is also used elsewhere.
[2017-12-17 23:57:07]
czokie :
I found on my P4P that sometimes (not all the time) I had no vision at all….
[2017-12-17 23:57:29]
czokie :
I am guessing that somewhere else - it called the function - and set the vision protocol to occusync instead of LB2 ….
[2017-12-17 23:58:29]
czokie :
What we need to do - (when I have time) is…. inject some more code - at the start of the FCC checking - that will set a flag - that flag will get used by the model spoofer - and only spoof the model while we are checking the FCC stuff
[2017-12-17 23:58:39]
p :
@czokie That would be `DJIProductManager currentProductCode jsfunctioniffcc`?
[2017-12-17 23:59:16]
p :
I wonder why they only use sdr_force_fcc on a Mavic... As I assuming it's there for debugging and the spark also has an FCC mode which would need debugging
[2017-12-18 00:12:35]
czokie :
Code was added by mavic team.
[2017-12-18 00:13:01]
czokie :
P4P team already had “can use illegal channels” … which worked for them - but mavic team I guess wanted more :slightly_smiling_face:
[2017-12-18 00:34:08]
p :
@jezzab Is this the bit you are talking about?
[2017-12-18 00:36:20]
p :
Anyway I'm off for the day, thank you both very much for your help
[2017-12-18 00:49:37]
czokie :
That is boost - not FCC - but same principle yes. Suggestion - try FCC first - get that working before you try BOOST.
[2017-12-18 00:58:30]
jezzab :
In your snippet: `if (([DJIProductManager currentProductCode] == 0xd) || ([DJIProductManager currentProductCode] == 0x15)) goto loc_10094da10;`
[2017-12-18 00:58:48]
czokie :
Thats the one
[2017-12-18 00:58:52]
jezzab :
or to rewrite it `if (([DJIProductManager currentProductCode] == Mavic) || ([DJIProductManager currentProductCode] == Mavic_Platinum)) goto loc_10094da10;`
[2017-12-18 14:49:45]
hostile :
This may be useful for you guys <!here> <https://codeshare.frida.re/@mrmacete/objc-method-observer/>
[2017-12-18 15:33:51]
kilrah :
<https://www.dropbox.com/s/ko3yu3p72ijapon/DJI%20GO%204%20%5BDJI%5D%20%28v4.1.20%20v3034%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2017-12-18 15:50:28]
p :
@czokie Are you sure FCC and BOOST aren't handled in the same place? I can't see anywhere else that `sdr_force_fcc` is called and it reads to me as if line `10` does the product check and then line `20` calls enables FCC mode if `sdr_force_fcc` returns true.
[2017-12-18 18:47:49]
p :
@czokie I seem to have it working without spoofing the product id:
[2017-12-18 18:48:50]
p :
So according to Frida I should now be in FCC mode, but I'm unsure how I go about verifying that without a flight test
[2017-12-18 19:30:06]
hostile :
everyone else does flight tests =]
[2017-12-18 19:50:56]
p :
Guess I’ll have to wait until the end of February when it stops raining then :sob:
[2017-12-18 20:01:34]
hostile :
lol
[2017-12-18 20:20:22]
czokie :
Or come to the sunny country down under!
[2017-12-18 20:27:38]
czokie :
@p Binary patching instead of frida patching... It works, but I was trying for an approach of all frida hooks to allow wider participation in the whole tweak scene... but I first need to complete my patch-o-matic code signer thing .... to make it more wide-spread for people without their own dev account
[2017-12-18 20:31:17]
opcode :
patch-o-matic :smile::+1::skin-tone-2:
[2017-12-18 20:47:48]
p :
@czokie I was trying to come up with a way to do it via Frida, but unless you can work out the name/address of the calling function I don't know how you could make currentProductCode return `21|13` only in selective cases
[2017-12-18 20:52:12]
czokie :
Global variable - set to true at the start of our FCC check function which is then read later during the product code checker, and reset at the end of our FCC check function.
[2017-12-18 20:52:53]
czokie :
Risk - if there are multiple threads checking at the same time - we have a small risk of a wrong answer - but its worth trying it - I have it worked out in my head - just focussing on the auto patching stuff...
[2017-12-18 20:54:16]
czokie :
Web UI = built. Workflow logic in my head. Interface to rails = not so good - was going to use an sql UDF to trigger to rails - but didnt work with mariadb - will try again with native mysql. I have rails installed - but un-tested. I have methods roughed out for the various actions - but then need to get them into rails.
[2017-12-18 20:56:51]
p :
I did think of swapping the product code back post-fcc check, but wouldn't that mean any calls to get the product code pre-fcc check would still return an incorrect code? I suppose if you could verify that it always runs in one thread you could only return an incorrect product code on the n-th request
[2017-12-18 21:09:50]
czokie :
Ah. We already do that
[2017-12-18 21:10:03]
czokie :
The problem is as you say the pre calls
[2017-12-18 21:10:27]
invernomuto :
Hi all
[2017-12-18 21:10:43]
czokie :
We can set a variable at the start pre swizzle at the start of fcc check… which can be read by the product code spoofer, and reset after spoofing
[2017-12-18 23:02:25]
czokie :
Edited last comment - was jibberish when I first wrote it from a mobile :slightly_smiling_face:
[2017-12-20 11:27:55]
czokie :
<https://dji.retroroms.info/faq/version/djigo4#dec_18_17>
[2017-12-20 11:28:04]
czokie :
@kilrah - Go do your thing :slightly_smiling_face:
[2017-12-20 15:30:42]
tylkologin :
he did it :slightly_smiling_face:
[2017-12-20 15:30:44]
tylkologin :
<https://mega.nz/#!4ihkgIBS!cve4lHyksWLOjl739Cal0E-xY4MzE0w1cksjAEP2PCo>
[2017-12-20 16:05:21]
czokie :
Too fast :slightly_smiling_face:
[2017-12-20 16:05:37]
czokie :
OK - over to you @cs2000
[2017-12-21 04:46:24]
hdizzle :
Hi :)
[2017-12-21 04:46:57]
jcarlo :
sup
[2017-12-21 04:49:48]
hdizzle :
You guys patch ipa? I thought only apk was patched
[2017-12-21 04:49:58]
hdizzle :
I use iphone so this is good news if true
[2017-12-21 05:11:57]
czokie :
@hdizzle - Yes...
[2017-12-21 05:12:27]
czokie :
Go to the !wiki for details - or - eventually, we will have an online patch-o-matic
[2017-12-21 05:42:03]
hdizzle :
@czokie thanks, I've looked at the wiki but I don't really understand it. However reading through here, I can download the latest unencrypted ipa and I can use the PrettyWoman script to patch it yes? Then what? Do I use cydia impactor to push the ipa onto my device?
[2017-12-21 05:44:25]
hdizzle :
Or do you guys patch the ipa and I can dl it and use impactor to put on my device?
[2017-12-21 06:38:45]
hdizzle :
How do I generate tweak.js? I have ran the PrettyWoman.sh script but there is no .js file output?
[2017-12-21 06:39:41]
czokie :
You on a Mac?
[2017-12-21 06:41:34]
hdizzle :
Yes
[2017-12-21 06:41:52]
hdizzle :
looking at it I think I need to >> the output to file yes?
[2017-12-21 06:42:23]
czokie :
This is the page you want
[2017-12-21 06:42:58]
czokie :
The JS file is actually on the pretty woman page ready for you to download. PrettyWoman is there - to make it easy to add new things to the JS file without too much efort - but you wont need that
[2017-12-21 06:43:53]
hdizzle :
Oh ok, I thought PrettyWoman created the JS file. So do I set 1 instead of 0 for each tweak I want in the JS file is that right6?
[2017-12-21 06:44:42]
czokie :
What are you wanting to achieve with tweaking?
[2017-12-21 06:45:45]
hdizzle :
Mostly I want to enable FCC because I'm in Australia, Boost to 1.5w would be nice if doable too.
[2017-12-21 06:45:55]
czokie :
What aircraft?
[2017-12-21 06:46:02]
hdizzle :
Spark
[2017-12-21 06:46:34]
czokie :
FCC works for Mavic guaranteed - No guarantee for others at the moment - It MAY work - but give it a go.
[2017-12-21 06:46:42]
czokie :
Just use the existing js file - no need to run the script
[2017-12-21 06:47:03]
jezzab :
What state @hdizzle?
[2017-12-21 06:47:17]
czokie :
@jezzab and I are also aussies
[2017-12-21 06:47:40]
czokie :
Aussie Aussie Aussie.....
[2017-12-21 06:47:56]
hdizzle :
Ok, I noticed it changes product ID to Mavic, that means I will loose the Panorama and Spark specific features doesn't it? Oh sweet fellow Aussies I hate how they force the CE power on us!
[2017-12-21 06:48:18]
jezzab :
Its the aussie way. We started quietly here with mainly @czokie and I. Slowly our numbers are increasing as we infiltrate lol
[2017-12-21 06:48:44]
czokie :
Thats the chalenge. The code only enables FCC for mavic. LATER - we will eventually get around to a new JS that will keep your other spark related features - just not there yet
[2017-12-21 06:49:17]
jezzab :
I havent played with my Spark and FCC hooking yet. Im on holidays starting now for a couple of weeks so Ill take a look
[2017-12-21 06:49:50]
czokie :
Yeah... you and I hooking all the time - does that make @hostile pimp daddy?
[2017-12-21 06:51:32]
czokie :
By the way @jezzab - I have made progress recently. but tied up with work. Over the quiet period - will get some more done soon
[2017-12-21 07:01:34]
hdizzle :
Ok so I guess if I just want to boost FCC for now my best option would be install the patched Android apk onto an old android phone I have and that will force FCC mode and then I just cancel the region change on my iPhone all the time yah?
[2017-12-21 12:58:42]
cs2000 :
@czokie 4.1.20 on torrents now :slightly_smiling_face:
[2017-12-21 13:57:52]
p :
Doesn't look like my binary patch worked... Did a test flight in both stock 4.1.20 and patched 4.1.20 and both RTH after ~450m.
[2017-12-21 13:58:13]
p :
Interestingly on the patched 4.1.20 I had "Weak transmission signal" at all times
[2017-12-21 14:08:53]
p :
This was my change: <https://www.diffchecker.com/KhItrKiL>
[2017-12-21 15:15:57]
hostile :
LOL @czokie <https://dji-rev.slack.com/archives/C6KG1UDRS/p1513838990000050>
[2017-12-21 15:16:53]
coldflake :
lol
[2017-12-23 23:20:00]
czokie :
OK. Time to code.
[2017-12-24 05:43:18]
bjoneseying :
has anyone looked at the DJI GO app on ios (not GO4) ?
[2017-12-24 05:44:35]
bjoneseying :
Apparently DJI introduced CE mode after 3.1.18 for the phantom3 SE - while there's some options for Android with older APKs, no such luck for iOS devices
[2017-12-24 05:48:37]
czokie :
Never looked at it before - but the same principles for hooking should work...
[2017-12-24 07:49:54]
kilrah :
interesting
[2017-12-24 07:50:42]
czokie :
I recently got an osmo. So that’s an excuse to look at it one day.
[2017-12-24 08:43:13]
bjoneseying :
ok cool
[2017-12-24 08:44:02]
bjoneseying :
in its time it was only available in china, there was no regulating the pwoer but once they started selling in europe, they enacted the transmission power limits
[2017-12-24 09:03:20]
bjoneseying :
<https://4pda.ru/forum/index.php?showtopic=830131&st=1600#entry68147083>
[2017-12-24 09:03:31]
bjoneseying :
wonder if this works for Go4
[2017-12-24 12:27:18]
czokie :
@bjoneseying - You know we have done FCC for Go4 dont you?
[2017-12-24 12:28:27]
czokie :
And those links are to a patched version of DJI firmware that was accidentally published without encryption - and subsequently patched (go3 only)….
[2017-12-24 18:50:08]
bjoneseying :
Yup you're right.
[2017-12-25 10:25:44]
jcarlo :
Weird go4 4.0.3 has a quiz test?!? I just hit skip
[2017-12-25 18:41:08]
jcarlo :
4.1.20 is out
[2017-12-25 19:03:51]
jcarlo :
Never mind it wasn't a quiz test it's the tutorial
[2017-12-29 16:53:35]
p :
Ok, after a fair amount of testing with a mix of Frida and/or binary patching I'm pretty convinced that the sdr_force_fcc code has no effect when run for a Spark. Either that setting only affects OccuSync not whatever WiFi-Hybrid protocol the Spark uses, or the Spark resets itself to CE later in the control flow.
Has anyone attempted to patch the FCC/CE geo lookups rather than enabling DJI debug code? That seems like it would be more reliable and is probably what I'm going to try and track down next. Would be a big help if anyone already knows function names/locations for this code.
[2018-01-02 00:40:49]
coldflake :
You could try and ask @bin4ry, he is da man
[2018-01-02 07:44:02]
per :
!wiki
[2018-01-02 07:44:17]
per :
hey guys, no-one know about any FCC hack for DJI Go 4 (latest) or any way of rollback for iOS? :confused:
love my Mavic but it’s extremely annoying not being able to fly longer distances
[2018-01-02 07:45:03]
per :
read on link above ^^ far as I can see, there’s official .ipa’s with lower versions?
[2018-01-02 07:45:50]
jezzab :
You could do it via the Frida way on any version or you could roll back to 4.1.12 and use DJIconfigs
[2018-01-02 07:46:12]
per :
Frida?
[2018-01-02 07:46:39]
per :
oh
[2018-01-02 07:46:47]
jezzab :
@tylkologin just send you 2 links in ~general
[2018-01-02 07:46:47]
per :
<http://dji.retroroms.info/howto/iosfrida> ?
[2018-01-02 07:47:06]
per :
cheers, I’m blind
[2018-01-02 07:49:01]
per :
the config files is all that’s needed for fcc? nothing new in how to bypass on 4.1.20?
[2018-01-02 07:50:03]
jezzab :
"You could do it via the Frida way on any version"
[2018-01-02 07:51:31]
jezzab :
<http://dji.retroroms.info/howto/firmware#dji_go_4>
[2018-01-02 07:53:57]
tylkologin :
@per config files work for DJI Go4 4.1.12 and lower
[2018-01-02 07:54:20]
tylkologin :
if you want to use 4.1.13 and higher choose frida way :slightly_smiling_face:
[2018-01-02 07:54:22]
per :
so wait, Frida let me install earlier versions, right? what do you mean by “You could do it via the Frida way on any version”
[2018-01-02 07:54:36]
jezzab :
Did you read the frida page?
[2018-01-02 07:55:03]
per :
I’m going through <http://dji.retroroms.info/howto/iosfrida>
[2018-01-02 07:55:46]
jezzab :
Frida allows you to kinda patch on the fly an app without having to jailbreak
[2018-01-02 07:55:53]
jezzab :
It is a little indepth
[2018-01-02 07:56:26]
per :
..which allows me to upload configs on 4.1.20?
[2018-01-02 07:56:27]
jezzab :
If your looking for a "quick fix" just roll back to 4.1.12 and use the DJIConfigs
[2018-01-02 07:56:31]
per :
ok
[2018-01-02 07:56:31]
jezzab :
NO
[2018-01-02 07:56:36]
jezzab :
Its instead
[2018-01-02 07:56:43]
jezzab :
Because you are patching directly
[2018-01-02 07:56:51]
per :
I see
[2018-01-02 07:57:28]
jezzab :
DJIConfig -> config file for FCC etc
This was removed after 4.1.12
Frida -> trick what DJIconfig loaded to run in memory (plus more)
[2018-01-02 07:58:15]
per :
ah. alright, downloading 4.1.12 now
[2018-01-02 07:59:09]
per :
is it Apple restricting me to install 4.1.12 .ipa or is it some setting?
[2018-01-02 07:59:36]
jezzab :
Dude
[2018-01-02 07:59:37]
jezzab :
<http://dji.retroroms.info/howto/iosrollback>
[2018-01-02 08:01:00]
per :
damn it.. I knew about that. sorry taking your time :slightly_smiling_face:
[2018-01-02 08:06:46]
per :
suggestion on where to download iTunes 12.3.1?
[2018-01-02 08:07:43]
tylkologin :
<http://dji.retroroms.info/howto/iosrollback>
[2018-01-02 08:07:53]
tylkologin :
You have links in the middle of the page
[2018-01-02 08:08:05]
tylkologin :
choose proper system and download
[2018-01-02 08:11:40]
per :
..except that eshareload has a bunch of chrome warnings/404 :grin:
[2018-01-02 08:19:05]
jezzab :
Come on man. I spent 2 secs searching for the filename it was trying to download and found this:
[2018-01-02 08:19:06]
jezzab :
<https://www.theiphonewiki.com/wiki/ITunes>
[2018-01-02 15:11:46]
per :
lol, sorry @jezzab, you’re so right, I’m just frustrated!
[2018-01-02 15:12:34]
per :
alright so I’ve messed around with Charles all day. got iTunes 12.3.1, everything in order with versions. trying to follow <https://www.youtube.com/watch?v=g9rUKUCil6k> but “XML Text” doesn’t show up in Charles. ideas?
[2018-01-02 23:12:01]
hdizzle :
iOS 4.1.22 is out
[2018-01-02 23:26:17]
kilrah :
ios app is growing like mad... 50MB more than .20
[2018-01-02 23:29:25]
kilrah :
<https://www.dropbox.com/s/6dmc1v965b9qj3e/DJI%20GO%204%20%5BDJI%5D%20%28v4.1.22%20v3037%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2018-01-02 23:33:33]
hdizzle :
@kilrah has a stack of new visual assets for the iPhone X screen I’d reckon
[2018-01-02 23:34:36]
kilrah :
could be
[2018-01-02 23:37:19]
kilrah :
ah yep people confirmed iphone x views now there
[2018-01-03 00:21:47]
hdizzle :
Yip
[2018-01-04 08:44:23]
per :
wow I think I got the downgrade (iOS to 4.1.12) successful, aswell as installing FCC hack-config. how can I see the FCC actually is enabled? :slightly_smiling_face:
[2018-01-05 16:38:01]
invernomuto :
Hi guys,i have a question for all channel.
I have DJI go 4 4.1.17 for enable DJI.configs??
[2018-01-05 16:39:02]
ben_lin :
doesn't work as of right now
[2018-01-05 16:39:14]
ben_lin :
use patched go app
[2018-01-07 03:40:58]
czokie :
Been a while since I played here - Lots of distractions. Just rolling up a .22 patched … testing that my code is still good….
[2018-01-07 03:41:10]
czokie :
Had you played wit it @jezzab?
[2018-01-07 03:41:32]
jezzab :
Nah I havent
[2018-01-07 03:41:52]
czokie :
Fair nuff … Will report back :slightly_smiling_face:
[2018-01-07 03:42:56]
jezzab :
i dont use the MBP a lot and ive moved it from the desk for space lol
[2018-01-07 06:11:37]
czokie :
OK. The build process is fine - but the install process is a problem.
[2018-01-07 06:11:57]
czokie :
Failing for some reason - but not sure why - Time to get some debugging
[2018-01-07 06:15:59]
czokie :
e8008019: This error happens when you try to run an application built using the Application Store platform configuration on an iOS device. To run your application on an iOS device, you must use the Debug or Ad hoc platform configuration instead. To generate your application package for submission to the App Store, you must deploy your application.
[2018-01-07 06:16:59]
jezzab :
Oh
[2018-01-07 06:17:11]
jezzab :
But you set it up for Debug not App Store on your certs/provisions?
[2018-01-07 06:17:23]
czokie :
Thought so
[2018-01-07 06:17:25]
czokie :
checking now
[2018-01-07 06:17:54]
czokie :
Provisioning profile: IOS Development
[2018-01-07 06:18:23]
czokie :
Certificate = Development
[2018-01-07 06:18:26]
jezzab :
Should be fine
[2018-01-07 06:18:34]
jezzab :
Very strange
[2018-01-07 06:18:52]
czokie :
Installing with ifunbox
[2018-01-07 06:18:58]
czokie :
trying to emulate what a user would be doing
[2018-01-07 06:19:00]
czokie :
not via scripts.
[2018-01-07 06:20:47]
czokie :
What are app groups?
[2018-01-07 06:21:25]
jezzab :
been a while
[2018-01-07 06:21:31]
jezzab :
ill log into the dev portal and check :confused:
[2018-01-07 06:21:55]
jezzab :
ah f**k need ipad
[2018-01-07 06:21:59]
jezzab :
damn 2 step
[2018-01-07 06:22:02]
jezzab :
gotta turn that off
[2018-01-07 06:22:58]
jezzab :
Never used App Groups
[2018-01-07 06:23:02]
jezzab :
mine are all blank
[2018-01-07 06:23:08]
czokie :
OK - Will kill the ones I see
[2018-01-07 06:23:16]
jezzab :
`App Groups allow access to group containers that are shared among multiple related apps, and allows certain additional interprocess communication between apps.`
[2018-01-07 06:23:36]
jezzab :
Apps sharing data by the looks
[2018-01-07 06:24:05]
czokie :
Fpimd ot
[2018-01-07 06:24:12]
czokie :
Damm
[2018-01-07 06:24:13]
czokie :
Found it
[2018-01-07 06:24:20]
czokie :
Maybe related to deleting the groups
[2018-01-07 06:24:31]
czokie :
now shows as “Invalid” in status
[2018-01-07 06:24:54]
czokie :
Ah. Thats coz the groups were deleted - just regenerate
[2018-01-07 06:25:27]
jezzab :
k
[2018-01-07 06:27:07]
czokie :
Downloading profile and re running inject / sign
[2018-01-07 06:27:21]
jezzab :
Must have confused it with the groups
[2018-01-07 06:27:39]
czokie :
I didnt make em
[2018-01-07 06:27:42]
czokie :
dont know where they came from
[2018-01-07 06:27:48]
jezzab :
wtf?
[2018-01-07 06:28:08]
czokie :
One was a some cydia group and one was a dji group.
[2018-01-07 06:28:17]
jezzab :
Thats weird
[2018-01-07 06:28:25]
czokie :
Possibly ifunbox doing silly bugger games
[2018-01-07 06:28:53]
jezzab :
OT: Hows Ken Heron? saw the show. Well what you tried to do anyway. Bummer
[2018-01-07 06:29:01]
czokie :
But dont know how - it doesnt have my appleid
[2018-01-07 06:29:15]
czokie :
I posted another video instead on my own yt space…
[2018-01-07 06:29:25]
czokie :
It was a train wreck.
[2018-01-07 06:29:25]
jezzab :
ah right
[2018-01-07 06:29:37]
jezzab :
Oh well. You gave it a go
[2018-01-07 06:29:50]
czokie :
Fucking wirecast crashes whenever you do deletes of shots and/or move shots around and then use a midi controller.
[2018-01-07 06:30:20]
czokie :
The start of the show with no audio for me - I fixed that, but forgot to save the shot - and wirecast crashed - and it reverted back to an earlier set of settings.
[2018-01-07 06:30:34]
czokie :
And later - it was basic internet lag combined with some stupid wirecast design flaws
[2018-01-07 06:31:41]
czokie :
Same error
[2018-01-07 06:32:09]
jezzab :
hmmm
[2018-01-07 06:32:49]
czokie :
Deleting appid and recreating it
[2018-01-07 06:33:19]
jezzab :
yeah. its clearly 'out of whack'
[2018-01-07 06:33:57]
jezzab :
thing is xcode will show some errors with certs and provs and dev portal wont
[2018-01-07 06:34:01]
jezzab :
its really annoying
[2018-01-07 06:34:48]
czokie :
That deleted the provisioning profile
[2018-01-07 06:34:52]
czokie :
as well
[2018-01-07 06:35:03]
czokie :
trying to rememer - IOS App Development or Ad Hoc ???
[2018-01-07 06:35:32]
jezzab :
Dev
[2018-01-07 06:35:35]
jezzab :
NOT adhoc
[2018-01-07 06:35:41]
jezzab :
AdHoc = PAIN
[2018-01-07 06:35:55]
czokie :
Is that the TestFlight setting?
[2018-01-07 06:36:09]
jezzab :
Yeah
[2018-01-07 06:36:44]
czokie :
OK
[2018-01-07 06:36:48]
czokie :
Downloading profile….
[2018-01-07 06:36:56]
czokie :
Rebuilding IPA next…
[2018-01-07 06:39:08]
czokie :
Copying from VM to MAC
[2018-01-07 06:39:12]
czokie :
ready to install
[2018-01-07 06:39:42]
jezzab :
Got something to punch lol
[2018-01-07 06:39:48]
jezzab :
...just incase
[2018-01-07 06:40:09]
czokie :
Same error
[2018-01-07 06:40:16]
czokie :
He’s talking in another room - jcase :slightly_smiling_face:
[2018-01-07 06:40:50]
czokie :
The mobile provision file - is it meant to be installed on a device first? If so - how?
[2018-01-07 06:41:32]
jezzab :
lol
[2018-01-07 06:41:38]
czokie :
Yeah
[2018-01-07 06:41:42]
jezzab :
it should be IN the package
[2018-01-07 06:41:47]
czokie :
It IS
[2018-01-07 06:41:50]
czokie :
Just thinking out loud
[2018-01-07 06:41:57]
jezzab :
if it there its fine
[2018-01-07 06:42:04]
jezzab :
the other shit isnt needed in later iOS
[2018-01-07 06:42:25]
jezzab :
has to be a cert/prov error. i know i know you will say no but its fucking Apple and I have it plenty of times
[2018-01-07 06:42:38]
jezzab :
shit gets all screwed up and you literally have to start again
[2018-01-07 06:43:02]
czokie :
Fuc that today
[2018-01-07 06:43:07]
czokie :
I’d rather go fly for a bit :slightly_smiling_face:
[2018-01-07 06:43:10]
jezzab :
This is what kills me
[2018-01-07 06:43:24]
jezzab :
With this iOS. If I play with something and come back to it, its screwed
[2018-01-07 06:43:29]
jezzab :
VERY annoying
[2018-01-07 06:43:29]
czokie :
Its more mature in terms of build process now for the patch-o-matic
[2018-01-07 06:43:36]
jezzab :
yeah
[2018-01-07 06:43:41]
jezzab :
setup should be fine again
[2018-01-07 06:43:49]
czokie :
OK.
[2018-01-07 06:43:55]
czokie :
Time to fly before sundown
[2018-01-07 06:44:07]
jezzab :
Sounds good!
[2018-01-07 06:45:14]
czokie :
the main thing I want it for is 32ch hack
[2018-01-07 06:45:21]
czokie :
but native will have to do today
[2018-01-07 06:45:33]
jezzab :
Ah you upgraded to the latest. Right
[2018-01-07 06:45:39]
czokie :
yep
[2018-01-07 06:45:43]
czokie :
no choice
[2018-01-07 06:45:44]
czokie :
new phone
[2018-01-07 06:45:48]
jezzab :
Wanna try the pano stuff?
[2018-01-07 06:45:50]
jezzab :
ahhhhhhhh
[2018-01-07 06:45:51]
jezzab :
ok
[2018-01-07 06:45:52]
jezzab :
doh
[2018-01-07 06:45:57]
czokie :
Anyway - cu
[2018-01-07 06:46:01]
jezzab :
Cya
[2018-01-07 07:12:50]
czokie :
Too windy to fly;(
[2018-01-07 07:13:01]
czokie :
Will try ipa again in a bit
[2018-01-07 07:13:11]
jezzab :
ah crap
[2018-01-07 10:04:41]
czokie :
OK.
[2018-01-07 10:04:48]
czokie :
Back in the saddle - and time to do this again :slightly_smiling_face:
[2018-01-07 10:40:12]
tylkologin :
hi guys :slightly_smiling_face:
[2018-01-07 10:40:18]
tylkologin :
jsfunction,DJILImitDBUpdateLogic,needUpdateType,-,0,[*] Removing NFZ DB Update Message,,0
[2018-01-07 10:40:45]
tylkologin :
I had to replace first 0 with 1 in ^^ line
[2018-01-07 10:41:01]
tylkologin :
or I will have upgrade message forever
[2018-01-07 10:41:04]
tylkologin :
with 4.1.22
[2018-01-07 10:41:05]
czokie :
Feel free to go edit on the wiki :slightly_smiling_face:
[2018-01-07 10:41:10]
czokie :
Thats why its there ….
[2018-01-07 10:41:27]
czokie :
Are you using developer certificate or just normal appleid free?
[2018-01-07 10:41:34]
tylkologin :
devs
[2018-01-07 10:41:38]
czokie :
Fair nuff
[2018-01-07 10:41:46]
czokie :
Using xcode?
[2018-01-07 10:42:13]
tylkologin :
a little bit :wink:
[2018-01-07 10:42:50]
czokie :
I am working on the patch-o-matic again today… Was really annoyed when it was giving me errors earlier today. So blew it away - and deleting everything in my dev account - and will start that build out again
[2018-01-07 10:42:59]
czokie :
I’ve been away from it for a bit
[2018-01-07 10:43:55]
czokie :
Basically - an end to end build for IPA’s that are signed with a dev account - without ANY of the code running on a mac.
[2018-01-07 10:44:30]
tylkologin :
patch-o-matic? what exactly you would like to achieve with this stuff?
[2018-01-07 10:44:40]
tylkologin :
aha
[2018-01-07 10:44:44]
tylkologin :
sorry
[2018-01-07 10:44:58]
tylkologin :
i understand
[2018-01-07 10:44:58]
czokie :
It will eventually be in the NLD website online - just like the existing NLD app - but for IOS users
[2018-01-07 10:45:11]
tylkologin :
great idea!
[2018-01-07 10:45:43]
tylkologin :
so the idea is the have patched IPA that everyone can install
[2018-01-07 10:45:46]
tylkologin :
or
[2018-01-07 10:46:07]
czokie :
provide UDID and a few bucks - and you get access to an IPA you can install (with valid dev cert)
[2018-01-07 10:46:10]
tylkologin :
to allow user to upload own IPA to website and get patched one?
[2018-01-07 10:46:48]
czokie :
Been thinking about that one - Sensitive from a copyright perspective - I was thinking - upload the torrent file for it - No need to actually upload an IPA (waste of time)
[2018-01-07 10:47:30]
tylkologin :
but you need developer profile for company not for personal use
[2018-01-07 10:47:49]
czokie :
NLD supplied dev profile is the idea
[2018-01-07 10:48:02]
tylkologin :
personal developer profile does allow you to register up to 99 devices
[2018-01-07 10:48:12]
czokie :
and everyone is part of the NLD “company” :slightly_smiling_face:
[2018-01-07 10:48:17]
tylkologin :
hehehe
[2018-01-07 10:48:21]
tylkologin :
sound good
[2018-01-07 10:49:58]
tylkologin :
ok. see you later. going to fly with new patched IPA :slightly_smiling_face:
[2018-01-07 10:50:09]
czokie :
let me know how u go
[2018-01-07 14:40:01]
tylkologin :
so... i made 2 (20 minutes each) flights and it seems that everything is good. no application crashes, no video transmission problems. awesome! my setup was: dpi go4 v4.1.22 and ac/rc/gl on 1.04.0100 (rooted)
[2018-01-07 15:29:01]
jan2642 :
@tylkologin with frida patches ?
[2018-01-07 15:32:14]
tylkologin :
yes... thats's why I wrote it in ~ios_ipa_reversing :slightly_smiling_face:
[2018-01-07 18:46:51]
czokie :
Any ruby / rails gurus out there. Finally taking the plunge… and trying to create a rails app. but unable to get rails server to start after making a generic app template
[2018-01-07 18:47:13]
czokie :
```
mkdir rails
cd rails/
rails new gadget
cd gadget/
rails server
```
[2018-01-07 18:48:10]
czokie :
and error is:
[2018-01-07 18:48:16]
czokie :
```/home/build/.rbenv/versions/2.5.0/lib/ruby/gems/2.5.0/gems/bundler-1.16.1/lib/bundler/runtime.rb:84:in `rescue in block (2 levels) in require': There was an error while trying to load the gem 'uglifier'. (Bundler::GemRequireError)```
[2018-01-07 18:48:47]
czokie :
I am guessing just install that gem? :slightly_smiling_face:
[2018-01-07 18:49:30]
czokie :
(if only it was that easy)
[2018-01-07 19:14:49]
tylkologin :
yes... sudo gem install bundler is required on osx
[2018-01-07 19:16:09]
tylkologin :
you will have errors @ rails new gadget without bundler
[2018-01-07 19:29:50]
czokie :
Got past that, found other stuff - was looking for javascript - will continue soon
[2018-01-07 23:52:36]
czokie :
Tried again overnight…
[2018-01-07 23:52:40]
czokie :
```[build@localhost gadget]$ rails server
=> Booting WEBrick
=> Rails 4.2.5 application starting in development on <http://localhost:3000>
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
/home/build/.rbenv/versions/2.5.0/lib/ruby/gems/2.5.0/gems/activesupport-4.2.5/lib/active_support/core_ext/numeric/conversions.rb:121: warning: constant ::Fixnum is deprecated
/home/build/.rbenv/versions/2.5.0/lib/ruby/gems/2.5.0/gems/activesupport-4.2.5/lib/active_support/core_ext/numeric/conversions.rb:121: warning: constant ::Bignum is deprecated
Exiting
Traceback (most recent call last):
4398: from bin/rails:3:in `<main>'
4397: from bin/rails:3:in `load'
4396: from /home/build/rails/gadget/bin/spring:15:in `<top (required)>'
4395: from /home/build/.rbenv/versions/2.5.0/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:70:in `require'
4394: from /home/build/.rbenv/versions/2.5.0/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:70:in `require'
4393: from /home/build/.rbenv/versions/2.5.0/lib/ruby/gems/2.5.0/gems/spring-2.0.2/lib/spring/binstub.rb:31:in `<top (required)>'
4392: from /home/build/.rbenv/versions/2.5.0/lib/ruby/gems/2.5.0/gems/spring-2.0.2/lib/spring/binstub.rb:31:in `load'
4391: from /home/build/.rbenv/versions/2.5.0/lib/ruby/gems/2.5.0/gems/spring-2.0.2/bin/spring:49:in `<top (required)>'
... 4386 levels...
4: from /home/build/.rbenv/versions/2.5.0/lib/ruby/gems/2.5.0/gems/activesupport-4.2.5/lib/active_support/core_ext/numeric/conversions.rb:131:in `block (2 levels) in <class:Numeric>'
3: from /home/build/.rbenv/versions/2.5.0/lib/ruby/gems/2.5.0/gems/activesupport-4.2.5/lib/active_support/core_ext/numeric/conversions.rb:131:in `block (2 levels) in <class:Numeric>'
2: from /home/build/.rbenv/versions/2.5.0/lib/ruby/gems/2.5.0/gems/activesupport-4.2.5/lib/active_support/core_ext/numeric/conversions.rb:131:in `block (2 levels) in <class:Numeric>'
1: from /home/build/.rbenv/versions/2.5.0/lib/ruby/gems/2.5.0/gems/activesupport-4.2.5/lib/active_support/core_ext/numeric/conversions.rb:131:in `block (2 levels) in <class:Numeric>'
/home/build/.rbenv/versions/2.5.0/lib/ruby/gems/2.5.0/gems/activesupport-4.2.5/lib/active_support/core_ext/numeric/conversions.rb:131:in `block (2 levels) in <class:Numeric>': stack level too deep (SystemStackError)
```
[2018-01-07 23:53:23]
czokie :
This is as simple as it gets
[2018-01-07 23:53:25]
czokie :
```cd ~
mkdir rails
cd rails
rails new gadget
cd gadget
rails server```
[2018-01-08 00:16:37]
czokie :
Hmm - might have found it
[2018-01-08 00:16:37]
czokie :
<https://stackoverflow.com/questions/44476001/ruby-2-4-1-warning-constant-fixnum-is-deprecated>
[2018-01-08 03:03:56]
czokie :
OK. That worked - The install of ruby and rails didnt work without a little help - I’ll go back and work out why … but at least I’m past that bit. Next goal - a simple rails method that will generate a RSA key that will be later used for apple signing etc (in case anyone wondered WTF rails has to do with IOS)
[2018-01-08 15:43:04]
hostile :
%x[openssl command goes here]
[2018-01-08 19:01:44]
czokie :
I worked that bit out in raw ruby - I was able to do that - but integrating that into rails? I tried a simple hello world in rails - and couldnt get that to work :disappointed:
[2018-01-08 19:57:26]
czokie :
<http://iridakos.com/tutorials/2013/11/24/saying-hello-world-with-ruby-on-rails.html>
[2018-01-08 19:57:38]
czokie :
The problem is in the routing - once I activate that - it goes pear shaped….
[2018-01-08 19:57:59]
czokie :
root to: ‘pages#home’
[2018-01-08 19:58:33]
czokie :
```/home/build/.rbenv/versions/2.5.0/lib/ruby/gems/2.5.0/gems/actionpack-5.0.6/lib/action_dispatch/routing/mapper.rb:314:in `block (2 levels) in check_controller_and_action': 'pages@' is not a supported controller name. This can lead to potential routing problems. See <http://guides.rubyonrails.org/routing.html#specifying-a-controller-to-use> (ArgumentError)
```
[2018-01-08 20:00:45]
hostile :
don't call it "pages"
[2018-01-08 20:00:47]
hostile :
call it something else
[2018-01-08 20:00:55]
hostile :
like "deeznuts"
[2018-01-08 20:01:10]
czokie :
DUH
[2018-01-08 20:01:24]
czokie :
We need a !troutslap command
[2018-01-08 20:01:31]
czokie :
Reading the error - its kind of obvious
[2018-01-08 20:01:32]
czokie :
:slightly_smiling_face:
[2018-01-08 20:01:53]
hostile :
!xddc list
[2018-01-08 20:02:00]
hostile :
should list all the ! options =]
[2018-01-08 20:02:40]
czokie :
:slightly_smiling_face:
[2018-01-08 20:06:07]
czokie :
OK. Hello world said hello
[2018-01-08 20:06:57]
czokie :
To be continued…. but next would be to spit out a key
[2018-01-08 20:07:02]
czokie :
Previously, I had done…
[2018-01-08 20:07:04]
czokie :
```#!/home/build/.rbenv/shims/ruby
require 'openssl'
require 'fileutils'
rsa_key = OpenSSL::PKey::RSA.new(2048)
private_key = rsa_key.public_key.export
#Create Directory
FileUtils.mkdir_p "#{Dir.home}/.isign"
#Save private key
if (File.exists? "#{Dir.home}/.isign/key.pem")
print "Removing exisitng private key\n"
File.delete("#{Dir.home}/.isign/key.pem")
end
print "Writing new private key\n"
File.write("#{Dir.home}/.isign/key.pem", private_key)```
[2018-01-08 20:07:30]
czokie :
Instead of creating a key - I want to just spit it out as text with no html crap….
[2018-01-08 20:07:38]
czokie :
so thats my next item to play with.
[2018-01-08 20:11:40]
hostile :
I'm sure there is a way to ascii armor it
[2018-01-08 23:13:13]
czokie :
OK. Its done. My first rails method (other than hello world) that generates a new private key. Woo hoo!
[2018-01-08 23:13:53]
czokie :
Next task: Work out how the routing stuff works - to have different URL’s that do different things. :slightly_smiling_face:
[2018-01-09 00:35:50]
hostile :
hooooo ray!
[2018-01-09 23:32:17]
jcarlo :
Are those the nfz files I want to delete in the app?
[2018-01-10 23:06:41]
p :
`DJIRCSetCEFCCPack packWithCertificationType` seems like it's probably relevant on some ACs, never appears to be called on the Spark though
[2018-01-11 11:59:00]
chucken1 :
Is it possible to have two versions of dji GO on one IOS unit? I would like to have an old version like 4.1.12 so I can you use the .dji.configs file and new version for the new flight modes
[2018-01-11 18:13:34]
per :
good question, asking the same.
[2018-01-12 15:33:50]
umbr4 :
you would just need to change the package/app name and resign it
[2018-01-12 15:34:25]
umbr4 :
with free developer keys the signature would be good for only 7 days
[2018-01-15 09:34:26]
jcarlo :
I’m having no luck on my modded iOS. I deleted the NFZ files and then installed it using cydia. But when I open it, it crashes. It only goes as far as when it ask permission
[2018-01-15 11:42:02]
chucken1 :
Ok, thanx :slightly_smiling_face:
[2018-01-15 14:29:14]
hostile :
pull the crash dump down with Xcode
[2018-01-15 14:29:19]
hostile :
and paste it here
[2018-01-15 14:29:28]
hostile :
@jcarlo
[2018-01-15 20:59:12]
jcarlo :
@hostile will do as soon I get home. Thanks
[2018-01-16 22:19:19]
cs2000 :
<!here> I know its a long shot, but does anyone have Go4 4.1.15 but the un-encrypted version, like youd get from itunes? Trying to acquire it through Charles Proxy, but not having much luck...
[2018-01-16 22:21:28]
jezzab :
The one you get from iTunes will be encrypted?
[2018-01-16 22:22:49]
jezzab :
But if you want unencrypted then yes I have a copy here. Or you can try <https://dji.retroroms.info/howto/firmware#dji_go_4>
[2018-01-16 22:22:56]
cs2000 :
ahha sorry its late
[2018-01-16 22:23:01]
cs2000 :
i meant encrypted lol
[2018-01-16 22:23:31]
jezzab :
Ahh
[2018-01-16 22:24:02]
cs2000 :
feel like an idiot now lol, yeah after the "OEM" app lol
[2018-01-16 22:24:13]
jezzab :
All good
[2018-01-17 08:02:22]
kilrah :
then only you can get it… well unless you’re OK to give someone your apple id/pw :smile:
[2018-01-17 09:22:21]
cs2000 :
haha ok, i just thought it was the same encrypted file for all, not signed individually for you only. Il give Charles another go today :slightly_smiling_face:
[2018-01-17 12:20:45]
chucken1 :
What's your problem with Charles?
[2018-01-17 15:20:18]
cs2000 :
Got it working now :slightly_smiling_face: Just that many of the guides are from 2015 or earlier and the location of buttons and the exact procedures have changed just enough to make it not make sense, fudged my way through it however and got 4.1.15. It is a shame if the apps are signed for just my device however, would be good to distribute that IPA otherwise for others who want to use the .DJI.configs hack still (my reason for getting it again). Ive also deleted the iTunesMetaData.plist file so the app wont bitch and moan that it wants an update constantly
[2018-01-17 15:25:59]
chucken1 :
@cs2000 Can you update the !wiki so it's make more sense? :slightly_smiling_face:
[2018-01-17 15:29:26]
hostile :
@chucken1 anyone can update wiki...
[2018-01-17 15:29:54]
hostile :
if you have an alternate way of describing the process... create an account... sign in... update the topic, and add to it.
[2018-01-17 16:13:48]
chucken1 :
@hostile I don't know what problem cs2000 had and I don't know how he fixed it. But if I find out I will update :slightly_smiling_face:
[2018-01-17 17:07:22]
hostile :
haha magic!
[2018-01-17 17:16:43]
cs2000 :
True, il run through it again when i have some time and screenshot/wikify it. I didnt actually use the wiki this time, didnt know there was an article on it TBH.
[2018-01-17 17:17:45]
cs2000 :
Todays work was done behind my actual window of work i was supposed to be doing... :sleuth_or_spy:
[2018-01-18 11:57:06]
cs2000 :
Have updated the wiki pages for Charles now, the text guide was (no offence to who wrote it) next to useless as it was too high level lol, re-written now :slightly_smiling_face:
[2018-01-18 20:48:05]
czokie :
Lets just say I transcribed stuff that was found elsewhere - I cant remember the source :slightly_smiling_face:
[2018-01-18 21:16:28]
cs2000 :
Haha yeah exactly, it was all kinda there, but just needed loads more detail adding to help people who've never used it before (me!)
[2018-01-19 19:23:02]
chucken1 :
@cs2000 Did you download from itunes using app-specific passwords or with 2factor authentication disabled?
[2018-01-19 19:39:12]
cs2000 :
@chucken1 disabled 2fa mate. To be honest, the apps still didn’t work, but I think it’s something to do with my phone
[2018-01-19 19:39:46]
cs2000 :
The custom frida signed one by Jezzab has stopped working for me too so something odd is up
[2018-01-19 19:56:36]
chucken1 :
@cs2000 Ok, then i wait with my download. Maybe frida is the way to go :thinking_face: Have you tried frida?
[2018-01-19 19:58:00]
cs2000 :
I would be keen to know if you tried it whether it would work, follow the info on the wiki.
[2018-01-19 19:58:19]
cs2000 :
The whole process appeared to work just fine, but the app wouldn’t launch
[2018-01-19 19:58:53]
cs2000 :
And yes I’ve tried frida
[2018-01-19 20:05:31]
chucken1 :
I'm not shure but i think i read that you deleted the iTunesMetadata.plist file? Have you tried installing the with that file untouched?
[2018-01-19 20:05:56]
chucken1 :
* installing the app
[2018-01-19 20:34:09]
cs2000 :
Yeah, I kept both, a copy and a edited one.
[2018-01-19 20:34:43]
cs2000 :
Tried it again last night with everything fresh setup, following the video and got 4.14 instead of .15, same result.
[2018-01-19 20:35:22]
cs2000 :
Like I said, the frida modified .17 which was working fine also stopped, so I don’t think it’s a problem with my process, but something with my phone
[2018-01-19 20:46:42]
chucken1 :
Humm, then if get some time over this weekend i will give it another chance :slightly_smiling_face: Will report back with progress
[2018-01-19 21:09:19]
jcarlo :
@chucken1 not sure what is the problem your facing but I use the old Charles proxy 3.11.7 version, ITunes 12.3.1 version, and use this steps in the video. Also after you’ve downloaded the version of the app you want. You need to upgrade your iTunes to 12.6.2 (not higher) to install it to your device
<https://youtu.be/qromSkEQKAc>
[2018-01-19 21:20:10]
chucken1 :
@jcarlo My problem now is that turning off 2fa mess up all my other units and homekit setup. But i will do it when i have the time :slightly_smiling_face:
[2018-01-19 21:21:05]
jcarlo :
Yeah I hate that 2fa
[2018-01-19 21:21:39]
jcarlo :
I just leave it on and get a one time password in appleid
[2018-01-19 21:22:32]
chucken1 :
One time password didn't work for me :disappointed:
[2018-01-23 18:26:50]
kilrah :
<https://www.dropbox.com/s/0il065j6pojlksa/DJI%20GO%204%20%5BDJI%5D%20%28v4.2.4%20v3066%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2018-01-24 00:26:27]
dragonflyer :
Is this just the naked IPA or is it modified @kilrah?
[2018-01-24 00:57:36]
hostile :
naked
[2018-01-24 00:57:41]
hostile :
mods are done with PrettyWoman
[2018-01-24 10:53:34]
cs2000 :
Thanks Kilrah, making torrent available as per :slightly_smiling_face:
[2018-01-24 10:53:57]
cs2000 :
Cant beleive how fast this app has grown in size...
[2018-01-24 14:01:34]
hostile :
<!here> time to look for more malware in it ! =]
[2018-01-24 15:34:28]
jcarlo :
FYI- I was able to put NFZ files from 4.0.3 to 4.0.5 and opened the app without crashing. My goal is to remove the NFZ update message.
[2018-01-24 15:34:55]
jcarlo :
NFZ update message is still there
[2018-01-24 16:45:07]
cs2000 :
Mainly addressed @jezzab and @czokie but really anyone participating here. Since we have had a kinda minor version change 4.1.x to 4.2.x, is it worth trying Prettywoman/frida hacks on this new version to ensure what we have been playing with is even still possible?
[2018-01-24 17:12:16]
jan2642 :
Is the wiki still up to date on PrettyWoman/frida ? I’ll give it a go this evening. Can the official Go and a frida augmented one co-exist on the same phone ? I tried it a while back and the patched one just showed the splash screen and died...
[2018-01-24 17:13:55]
cs2000 :
Unlike Android, i dont _think_ they can coexist. i beleive @czokie has kept everything important up to date
[2018-01-24 17:14:37]
cs2000 :
i think all the recent work he has been doing was to automate the process, not to improve/change anything
[2018-01-24 19:21:03]
kilrah :
someone mentioned changing the package identifier could work like on android
[2018-01-24 21:27:03]
dragonflyer :
Yeah Im not at all familiar with what you guys are doing on the frida end (just reading up on it), but i would think with bundle IDs we could create a different app title/ID and have it be treated completely separately on-device
[2018-01-24 21:27:25]
dragonflyer :
So thank you for your answer, @hostile. Is there a wiki link to prettywoman? That’s a new one to me…
[2018-01-24 21:30:59]
jezzab :
@cs2000 ill run it thru IDA now. Been a while since ive looked at it. It became a joke and was updated daily so I stopped
[2018-01-24 21:31:36]
jezzab :
@jan2642 not sure about the 2 at the same time. Starting and crashing sounds like code signing
[2018-01-24 21:32:16]
dragonflyer :
Starting / crashing should be easy enough to detect by watching the device console @ laumch
[2018-01-24 21:33:04]
jezzab :
You can also go into the General/Privacy and it will show the crash logs
[2018-01-24 21:36:10]
dragonflyer :
Would someone mind pointing me in the direction of this PrettyWoman tool?
[2018-01-24 21:36:12]
jezzab :
<https://dji.retroroms.info/howto/fridahooklibrary>
[2018-01-24 21:37:06]
dragonflyer :
TYSM, @jezzab
[2018-01-24 21:39:40]
dragonflyer :
What I’m shooting for is the ability to leverage the newer iOS app to take advantage of the iPhone X screen, but at the same time not put myself in a bad position w/r/t forced firmware updates (currently @ .550 on my A/C and Remote). Looks like you lot are already way down that road. Thank you very much from an enthusiast who can code and hack away, but haven’t hooked up w/ this community until now
[2018-01-24 21:41:16]
jezzab :
Gonna take a bit (circa 15 mins for 175000+ functions) to decompile this new version and check but Ill report back if the functions/arguments are the same still
[2018-01-24 21:42:07]
jezzab :
I want to see if they have added any phone home/malware stuff as @hostile mentioned.
[2018-01-24 21:42:25]
dragonflyer :
I have the 4.2.4 IPA as well - sure you folks have it but just in case you need it…
[2018-01-24 21:42:50]
jezzab :
Its posted up 18 posts ^^^
[2018-01-24 21:42:53]
jezzab :
decrypted
[2018-01-24 21:43:17]
dragonflyer :
….as he realizes that’s exactly where he got it in the first place.Doh. Sorry/thanks :slightly_smiling_face:
[2018-01-24 22:06:51]
jezzab :
Looks like the 32 channel hack should still work @czokie and FCC on Mavic
[2018-01-24 22:10:33]
jezzab :
Based on what I can see, all the hooks should still work fine
[2018-01-24 22:15:17]
tylkologin :
@kilrah @cs2000 you can change CFBundleIdentifier ([com.dji.com](http://com.dji.com)) to your own. Just remember to have proper provisioning profile generated via [developer.apple.com](http://developer.apple.com)
[2018-01-24 22:16:51]
tylkologin :
than you will be able to have both apps at the same time on the same device
[2018-01-24 22:17:08]
tylkologin :
one with frida hooks, another stock dji
[2018-01-24 22:21:10]
jezzab :
I dont see any Boomerang references lol
[2018-01-24 22:21:32]
jezzab :
I see Planet and Comet
[2018-01-24 22:22:31]
jezzab :
```void __cdecl -[DJIVisionCapabilityCheckModel checkSupportQuickMoviePlanetAndComet](DJIVisionCapabilityCheckModel *self, SEL a2)
{
DJIVisionCapabilityCheckModel *v2; // x19
signed __int64 v3; // x2
DJIVisionCapabilityCheckModel *v4; // x0
v2 = self;
if ( +[DJIProductManager currentProductCode](&OBJC_CLASS___DJIProductManager, "currentProductCode") != (void *)38
|| (unsigned int)-[DJIVisionCapabilityCheckModel visionFirmwareVersion](v2, "visionFirmwareVersion") < 0x1000110 )
{
v4 = v2;
v3 = 0LL;
}
else
{
v3 = 1LL;
v4 = v2;
}
-[DJIVisionCapabilityCheckModel setSupportQuickMoviePlanetAndComet:](v4, "setSupportQuickMoviePlanetAndComet:", v3);
}```
[2018-01-24 22:22:51]
jezzab :
Not sure what Product 38 is. But it cant do it
[2018-01-24 23:53:48]
dragonflyer :
Assuming those are code names for products. What’s boom, planet and comet map to?
[2018-01-25 06:20:17]
bin4ry :
This are not product names but quickshots
[2018-01-25 06:21:30]
bin4ry :
Maybe planet is like orbiting the POI and rotating around the own axis during the rotation mimicing how planets travel
[2018-01-25 06:22:04]
bin4ry :
And comet could be start far and come closer / travel past the POI while having it in focus
[2018-01-25 06:22:49]
bin4ry :
Or does anyone know how they work for sure? I have not googled yet :joy::joy::joy:
[2018-01-25 06:22:53]
jezzab :
Bloody physicist....
[2018-01-25 06:23:03]
jezzab :
Always the planets.....
[2018-01-25 06:23:05]
jezzab :
:stuck_out_tongue:
[2018-01-25 06:23:49]
jezzab :
Think your right though with the planet thing. I did see the boomerang video and its not like a boomerang. Its more like a planet orbit (elliptical )
[2018-01-25 06:27:37]
bin4ry :
Will look for some yt videos after work :grin:
[2018-01-25 06:28:43]
jezzab :
Then again ive only thrown a couple of boomerangs. Its not like you just go and buy one at the corner store lol. And most of the time they didnt come back lmao
[2018-01-25 06:30:31]
bin4ry :
Hehe
[2018-01-26 00:07:49]
zule :
figured I'd say hello. I got my drone at 1.03.0700 with no NFZ files and wondered if it's safe to use the stock up to date app in airplane mode?
[2018-01-26 00:08:19]
zule :
I'll plan to get a android for safely playing with the patched apks, but figured you all might know for sure. :slightly_smiling_face:
[2018-01-26 00:20:38]
sebastian :
I'm curious about this as well. i've been using Litchi instead for now
[2018-01-26 00:28:23]
zule :
what is litchi? I have much to learn.
[2018-01-26 00:30:49]
zule :
sounds like a 3rd party control app?
[2018-01-26 00:41:23]
jakub :
indeed
[2018-01-26 07:30:55]
kilrah :
at some point the app stopped letting you start motors if no nfz files present
[2018-01-26 09:09:51]
cs2000 :
@zule as Kilrah said, no probably not, but you can use the latest app if you just flash back to "stock" .700 and use the websockets commands to disable the NFZ
[2018-01-26 09:10:11]
cs2000 :
no need to delete the NFZ database files on that version to get out of the NFZ restrictions
[2018-01-26 09:12:01]
cs2000 :
(is exactly what im doing/running on my AC currently)
[2018-01-29 00:34:42]
paulpaws :
@cs2000 Websocket commands to rid the nfz? Are you taking about the go app or the AC firmware
[2018-01-29 08:59:31]
kilrah :
hm lets give this a try again
[2018-01-29 09:02:14]
kilrah :
no macosx version :confused: <https://pypi.python.org/pypi/frida>
[2018-01-29 09:04:57]
kilrah :
ok, prev version has them, just not the latest for some reason… <https://pypi.python.org/pypi/frida/10.6.41>
[2018-01-29 09:07:37]
kilrah :
uh but no 10.13 :disappointed:
[2018-01-29 09:33:26]
kilrah :
hmm updating objection seems to update frida
[2018-01-29 09:41:34]
kilrah :
but it wants 10.6.42 which doesn’t exist so updating objection fails. kinda works hackishly by downloading the .41, renaming it as .42 and putting it in home dir…
[2018-01-29 10:43:16]
cs2000 :
@paulpaws Im talking about make sure your AC firmware is on 1.03.0700 or < and then you can disable NFZ through websockets commands, independent of the Go4 app version, but youll have to do some research on that. NFZ is a touchy subject to share info on and not wanting to sound like an ass, i dont know who you are/dont recognise your username as being around here for a while. Not really the channel for this though ~ios_ipa_reversing
[2018-01-29 18:12:26]
idronenl :
With 'objection patchipa' I got a 'Unable to determine URL to download the dylib' and 'Exception: Unable to determine URL for iOS gadget download' error message. Do anyone know how to solve this?
[2018-01-29 21:30:24]
paulpaws :
@cs2000 thanks anyway
[2018-01-30 19:06:10]
kilrah :
<https://www.dropbox.com/s/vmpc7u8onh7xv90/DJI%20GO%204%20%5BDJI%5D%20%28v4.2.5%20v3072%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2018-01-31 08:12:09]
fredz :
how do you remove your Apple login from the IPAs here?
[2018-01-31 08:21:25]
kilrah :
jailbroken device
[2018-01-31 08:32:07]
fredz :
that's cool. I am now testing if the Mavic Air somehow works with older builds than 4.2.4
[2018-01-31 09:13:50]
jezzab :
Issue is there product ID is checked all the time for things
[2018-01-31 09:14:34]
kilrah :
didn't work on android, threw you in the "inspire 1 detected, need go3 app"
[2018-01-31 09:14:41]
jezzab :
Unless you could maybe Frida spoof it to Spark. That might work
[2018-01-31 09:14:49]
kilrah :
on 4.1.14
[2018-01-31 09:15:02]
kilrah :
i tried having a go at frida the other day but ran into issues
[2018-01-31 09:15:44]
jezzab :
It can be a little bit of a pita to setup
[2018-01-31 09:15:57]
jezzab :
I did it on a Mac though
[2018-01-31 09:16:08]
kilrah :
i think it might have been in a middle of an update
[2018-01-31 09:16:10]
kilrah :
me too
[2018-01-31 09:16:27]
kilrah :
but <https://pypi.python.org/pypi/frida> had no macos builds, they're there now
[2018-01-31 09:16:40]
kilrah :
faked the thing by renaming an older version
[2018-01-31 09:16:51]
jezzab :
I remember something I had to google and found you can do like. —ignore and it would ignore the version dependence that was wrong
[2018-01-31 09:16:59]
jezzab :
But don’t ask me what it was lol
[2018-01-31 09:17:14]
kilrah :
but then got the same issue as @idronenl where no ios gadget was found, and it seems it's again an issue on frida side that it was not up yet
[2018-01-31 09:17:28]
kilrah :
maybe ok today
[2018-01-31 10:58:52]
cs2000 :
Jeez, 420Mb now for this app.... thanks for the new version @kilrah
[2018-01-31 15:59:05]
idronenl :
@kilrah, today i had not an issue anymore. Think you're right it was a frida side issue. Now app is installed with frida. Not tested yet. How did you solve the 7-day certificate issue?
[2018-01-31 16:00:13]
cs2000 :
Registering as an iOS developer is the only way to do that, that gives you 365 days
[2018-01-31 16:00:23]
cs2000 :
something like $99/year
[2018-01-31 17:08:38]
kilrah :
well my ipad is jailbroken, so...
[2018-01-31 17:10:12]
kilrah :
unless i have an unexpected reboot i'm good (once it does i have the same problem that the jb needs the 7day cert too, usually get 30-60 days uptime before it crashes lol)
[2018-02-01 20:49:14]
dragonflyer :
Thanks for the build @kilrah. So with this, I can load it into xcode, sign it with my developer ID, change the bundle ID, and install it to my iPhone. taking advantage of all new app features (assuming I have flashed/hacked firmware updated on my bird)?
[2018-02-05 03:48:31]
hdizzle :
<https://github.com/Naituw/IPAPatch>
[2018-02-05 17:53:37]
kilrah :
interesting!
[2018-02-05 18:58:24]
dragonflyer :
I’m guessing that the answer to my last Q is “not quite”? :slightly_smiling_face: Is that 4.2.5 IPA just an unencrypted IPA file without any modifications?
[2018-02-05 19:15:14]
kilrah :
correct, just decrypted.
[2018-02-05 19:29:10]
dragonflyer :
Thanks :slightly_smiling_face:
[2018-02-08 10:59:23]
tazdavid98 :
ipa!
[2018-02-10 16:37:16]
hostile :
@channel any of you Frida ninjas up for helping with Assistant.app ?
[2018-02-10 16:39:41]
tylkologin :
@hostile what is the problem with Assistant?
[2018-02-10 16:40:38]
hostile :
no "problem"... but we should be able to mod it just the same as we have everything else...
[2018-02-10 16:40:45]
hostile :
explore the hidden features, etc.
[2018-02-10 16:41:09]
tylkologin :
aaaaa….
[2018-02-10 16:41:22]
tylkologin :
ok i can look at it
[2018-02-10 16:42:51]
tylkologin :
so… what do we know at the current moment
[2018-02-10 16:44:20]
hostile :
```Kevins-iMac:~ kfinisterre$ frida-ps | grep Assis
84226 Assistant
213 VDCAssistant
Kevins-iMac:~ kfinisterre$ frida-trace -i "*dji*" -i "*Dji*" -i "*DJI*" 84226
Instrumenting functions...
dji_image_key_init: Auto-generated handler at "/Users/kfinisterre/__handlers__/libDJINetPlatform.dylib/dji_image_key_init.js"
dji_image_verify_update: Auto-generated handler at "/Users/kfinisterre/__handlers__/libDJINetPlatform.dylib/dji_image_verify_update.js"
dji_image_key_init_ex: Auto-generated handler at "/Users/kfinisterre/__handlers__/libDJINetPlatform.dylib/dji_image_key_init_ex.js"
dji_image_verify_init: Auto-generated handler at "/Users/kfinisterre/__handlers__/libDJINetPlatform.dylib/dji_image_verify_init.js"
dji_image_verify_final: Auto-generated handler at "/Users/kfinisterre/__handlers__/libDJINetPlatform.dylib/dji_image_verify_final.js"
dji_image_get_chunk_by_index: Auto-generated handler at "/Users/kfinisterre/__handlers__/libDJINetPlatform.dylib/dji_image_get_chunk_by_index.js"
dji_image_get_chunk: Auto-generated handler at "/Users/kfinisterre/__handlers__/libDJINetPlatform.dylib/dji_image_get_chunk.js"
dji_image_verify: Auto-generated handler at "/Users/kfinisterre/__handlers__/libDJINetPlatform.dylib/dji_image_verify.js"
dji_image_key_init: Auto-generated handler at "/Users/kfinisterre/__handlers__/libSnailEscService.dylib/dji_image_key_init.js"
dji_image_verify_update: Auto-generated handler at "/Users/kfinisterre/__handlers__/libSnailEscService.dylib/dji_image_verify_update.js"
dji_image_key_init_ex: Auto-generated handler at "/Users/kfinisterre/__handlers__/libSnailEscService.dylib/dji_image_key_init_ex.js"
dji_image_verify_init: Auto-generated handler at "/Users/kfinisterre/__handlers__/libSnailEscService.dylib/dji_image_verify_init.js"
dji_image_verify_final: Auto-generated handler at "/Users/kfinisterre/__handlers__/libSnailEscService.dylib/dji_image_verify_final.js"
dji_image_get_chunk_by_index: Auto-generated handler at "/Users/kfinisterre/__handlers__/libSnailEscService.dylib/dji_image_get_chunk_by_index.js"
dji_image_get_chunk: Auto-generated handler at "/Users/kfinisterre/__handlers__/libSnailEscService.dylib/dji_image_get_chunk.js"
dji_image_verify: Auto-generated handler at "/Users/kfinisterre/__handlers__/libSnailEscService.dylib/dji_image_verify.js"
_ZN3DJI17dji_data_link_pro11qt_metacallEN11QMetaObject4CallEiPPv: Auto-generated handler at "/Users/kfinisterre/__handlers__/libZT300.dylib/_ZN3DJI17dji_data_link_pro11qt_m_-582f06f4.js"
dji_image_key_init: Auto-generated handler at "/Users/kfinisterre/__handlers__/libZT300.dylib/dji_image_key_init.js"
```
[2018-02-10 16:44:36]
hostile :
Start here. <https://www.frida.re/docs/installation/>
[2018-02-10 16:46:23]
tylkologin :
I’ve read this :slightly_smiling_face: I will try it today
[2018-02-11 08:30:29]
kilrah :
<https://www.dropbox.com/s/blm1ihl2pw6xba4/DJI%20GO%204%20%5BDJI%5D%20%28v4.2.6%20v3084%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2018-03-07 11:12:14]
cs2000 :
So much tumbleweed in here :disappointed: Im guessing everyone's stopped on the iOS side. Patch-O-Matic not going so well ?
[2018-03-07 14:21:34]
hostile :
$life
[2018-03-07 14:21:37]
hostile :
everyone been busy!
[2018-03-07 14:21:45]
hostile :
this place is a fucking beast now
[2018-03-07 14:21:51]
hostile :
sooooooo many mouths that want fed.
[2018-03-07 14:22:06]
hostile :
where did you leave off on the patcher @jezzab?
[2018-03-07 16:00:30]
cs2000 :
Yeah, i know real life comes first and all :slightly_smiling_face: just curious how the players were getting on in this particular game :wink:
[2018-03-07 16:04:50]
hostile :
I had all but forgotten personally!
[2018-03-11 04:28:59]
sanxexevc :
!apk
[2018-03-11 05:19:29]
jcarlo :
@sanxexevc I think you’re in the wrong channel
[2018-03-11 05:29:13]
hostile :
lol
[2018-03-11 05:30:25]
jezzab :
I kinda forgot about this lol I don't fly with my iPad (it's more of p0rnPad). @czokie was finishing off the whole Patch0matic and playing with ruby on rails last I heard.
[2018-03-11 06:33:15]
jezzab :
I'll have to test the old hook patches with 4.2.6 and Mavic Air as well
[2018-03-11 07:49:34]
czokie :
And life distracted me too. Lots of things. I don't have time right now but forecast I will in the future
[2018-03-11 14:51:29]
ender :
Toooooo much Details, :tongue:
[2018-03-12 03:24:38]
sanxexevc :
Who can share DJI GO 4 iOS latest version decrypted? Thanks!
[2018-03-12 10:34:35]
cs2000 :
@sanxexevc <https://dji.retroroms.info/howto/firmware#dji_go_4>
[2018-03-12 10:34:47]
cs2000 :
we have 4.2.6 as the latest, only torrent available at thois time however
[2018-03-12 12:05:58]
sanxexevc :
@cs2000 thanks!
[2018-03-17 07:55:17]
per :
heya all. no easier way of activating FCC on Mavic Pro than downgrading on iOS?
[2018-03-17 09:26:47]
sanxexevc :
@per i'm patched current version: <https://yadi.sk/d/Mt8Q5AZ53TJPDE> . sign it with developer certificate (you can buy it on [theux.ru](http://theux.ru) for a 5$ only) and install via itunes
[2018-03-17 09:28:42]
per :
@sanxexevc thanks. really required dev cert? doesn’t it just require XCode / registered Apple dev (which is free on their website)?
[2018-03-17 09:28:49]
per :
anyone else can confirm above btw? ^^
[2018-03-17 09:29:15]
sanxexevc :
@per dji go uses special permissions that's not granted by trial cert. if you dont believe me - try to install it with cydiaimpactor. this version was shared by me only on russian forum. so nobody here will confirm
[2018-03-17 09:30:48]
jezzab :
Even if it did u would have to resign weekly
[2018-03-17 09:31:21]
sanxexevc :
@jezzab devcert on theux issued for a year
[2018-03-17 09:32:20]
jezzab :
Yeah I was just saying about the trial personal certs.
[2018-03-17 09:32:32]
jezzab :
Someone's making a tidy profit on selling their provisioning lol
[2018-03-17 09:32:41]
jezzab :
100 x 5
[2018-03-17 09:33:01]
jezzab :
Ans that's 100 PER each device
[2018-03-17 09:33:33]
sanxexevc :
@jezzab for me it's better to pay 5 instead of 100 )
[2018-03-17 09:33:48]
jezzab :
Yup for thr end user it's good
[2018-03-17 09:34:07]
sanxexevc :
@jezzab so i dont mind about their business )))
[2018-03-17 09:34:34]
jezzab :
Should start selling mine from my dev account lmao
[2018-03-17 09:35:28]
sanxexevc :
)))
[2018-03-17 09:41:01]
per :
that’s awful. why has dji go some sort of own user special permission? :smile:
[2018-03-17 09:42:17]
sanxexevc :
@per they trying to stop installing patched versions of dji go
[2018-03-17 09:42:52]
per :
:open_mouth:
[2018-03-17 09:45:30]
per :
wow that site, <https://theux.ru> - russian isn’t my prior language :smile:
[2018-03-17 09:45:36]
per :
seems “legit” lol
[2018-03-17 09:46:44]
sanxexevc :
@per use translator or buy from apple for a 100$ - it's your choice.
[2018-03-17 13:30:54]
hostile :
@jezzab just make a burner dev account and fuck it
[2018-03-17 14:00:44]
bin4ry :
i think we can do a burner dev account
[2018-03-17 14:00:52]
bin4ry :
and raise the costs through the community
[2018-03-17 14:02:14]
bin4ry :
i think ppl will be willing to donate smth if they get a year of signed ipa
[2018-03-17 14:04:34]
bin4ry :
@sanxexevc can you tell me what patches you applied to the IPA my friend? only fcc or something else too?
[2018-03-17 17:11:05]
sanxexevc :
@bin4ry im enabled illegalchannels, force_fcc and force_boost
[2018-03-17 18:17:57]
dragonflyer :
Here’s my situation: AC FW .550, iOS App 4.0.8, iPhone X on 11.2.6.
[2018-03-17 18:18:13]
dragonflyer :
haven’t flown in a while and i go to fly today and the app is crashing/freezing/unresponsive
[2018-03-17 18:18:47]
dragonflyer :
I used assistant beta months ago to unlock max altitude restriction but nothing else, really. not a fan of the NFZ direction, etc, and don’t want to update the app / FW to let DJI lock things down
[2018-03-17 18:19:45]
dragonflyer :
Will that patched 4.2.6 IPA 1. force me to upgrade my FW? and 2. if so, can i upgrade it to the latest without losing my unlocked altitude and not allow NFZ force?
[2018-03-17 18:40:00]
dragonflyer :
!ipa
[2018-03-17 18:42:58]
cs2000 :
You can go to .700 and not lose any of those things
[2018-03-17 18:43:28]
dragonflyer :
And then update to the latest GO4 version as well?
[2018-03-17 18:43:29]
cs2000 :
App version can go to 4.0.13 and again not lose any of that functionality
[2018-03-17 18:43:40]
dragonflyer :
Ah, ok. So I’ll have to dig up 4.0.13 from the wikis
[2018-03-17 18:43:47]
dragonflyer :
@cs2000 that is great info, thank you
[2018-03-17 18:44:03]
cs2000 :
You’ll have to use the Charles proxy rollback method
[2018-03-17 18:44:29]
cs2000 :
The versions on the wiki are decrypted so won’t just run on your phone mate, each app is signed to your device :blush:
[2018-03-17 18:44:30]
dragonflyer :
Even if i havent already updated?
[2018-03-17 18:45:05]
cs2000 :
Yeah cos you can’t say “yeah il update but only to X version”, you’d just get the latest one
[2018-03-17 18:45:21]
dragonflyer :
Right, I thought id grab an IPA and sideload it but yes, true point. :slightly_smiling_face:
[2018-03-17 18:45:34]
cs2000 :
In all honesty, if you’re not using the .dji.configs to force fcc mode, you can use the latest app available
[2018-03-17 18:45:48]
dragonflyer :
I’m in the USA - so - that would be moot, right?
[2018-03-17 18:45:57]
cs2000 :
Correct
[2018-03-17 18:46:07]
dragonflyer :
And 4.2.6 (latest) will allow me to fly .700?
[2018-03-17 18:46:14]
cs2000 :
So just update to the latest version, job done :blush: yeah it will do
[2018-03-17 18:46:39]
dragonflyer :
Man, THANK YOU. You just saved me a whole **ton** of reading. Not that I’m deliberately lazy; i just had other plans for this saturday :slightly_smiling_face:
[2018-03-17 18:47:34]
cs2000 :
lol that’s fine mate, all the info is there, but if I can help, why not.
[2018-03-17 19:13:05]
dragonflyer :
So I installed the latest on another iPhone I have, (havent done AC firmware yet due to struggles with dronezbreak - is this thing forcing me to upgrade my FW before I can fky?
[2018-03-17 19:13:43]
dragonflyer :
Tells me cannot take off, and if i tap details it shows AC status normal with a red ! > then says requires update, download it from the DJI GO homepage. And then says aircraft upgrading, check for completion on home page.
[2018-03-17 19:14:32]
dragonflyer :
Whoops. I had it plugged into my system still via USB :slightly_smiling_face:
[2018-03-17 19:16:41]
dragonflyer :
Is it even necessary to go to .700 from .550 right now?
[2018-03-17 19:30:46]
cs2000 :
Probably not, but no reason not to really
[2018-03-18 09:24:35]
per :
so, using the FCC-patched .IPA (as mentioned above), I need a dev account on Apple, correct? I got a couple of friends being iOS-developers as a living, can I use theirs in some way?
[2018-03-18 10:30:58]
jezzab :
Yes if they resign it for you with their account and add your devices UDID to the provisioning profile
[2018-03-18 10:31:49]
jezzab :
It then would be signed for 1yr
[2018-03-18 18:02:03]
per :
how would that technically work out? any description somewhere who could help me out?
[2018-03-19 10:52:03]
chucken1 :
@sanxexevc How did you install the ipa? Was it with cydia impactor?
[2018-03-19 12:39:36]
mavpac :
he used dev account to sign it for one year i think
[2018-03-19 16:35:42]
chucken1 :
When I try to install the app with cydia I get "can not find .app/Info.plist"
[2018-03-19 16:35:53]
chucken1 :
What is that?
[2018-03-19 18:10:03]
joker_x3 :
Info.plist is some kind of configuration or project overview of an XCode Project ... like a .sln for Visual Studio projects @chucken1
[2018-03-19 18:12:34]
ender :
nope more like a mix of windows manifest and rc.
[2018-03-19 18:12:52]
ender :
Xcode project is .xcode bundle
[2018-03-19 18:13:13]
ender :
but maybe the “.app” part is the problem: cant find the right name ?!
[2018-03-19 18:29:05]
chucken1 :
@joker_x3 @ender Have you tried to install an ipa file from <http://dji.retroroms.info/howto/firmware#dji_go_4> ?
[2018-03-19 18:29:26]
joker_x3 :
Not yet @chucken1
[2018-03-19 18:29:37]
ender :
nope, actualy i just earn money with iOS, dont fly with it…
[2018-03-19 18:30:09]
ender :
sorry for sounding too smart but that part i actually know about :slightly_smiling_face:
[2018-03-19 18:30:51]
chucken1 :
Haha I only spend money on ios :laughing:
[2018-03-19 18:32:03]
jcarlo :
@chucken1 I’ve tried it with cydia impactor.
[2018-03-19 18:32:58]
chucken1 :
@jcarlo Did you try with go4 4.2.6? I can't get it to work :disappointed:
[2018-03-19 18:34:22]
jcarlo :
Not with 4.2.6. Earlier version. What’s the error message?
[2018-03-19 18:34:42]
chucken1 :
"can not find .app/Info.plist"
[2018-03-19 18:35:40]
chucken1 :
Downloaded from Mega, not torrent
[2018-03-19 18:48:28]
chucken1 :
@chucken1 uploaded a file: [Now when I try again I get a new error.](https://dji-rev.slack.com/files/U7APRJKNJ/F9RS2Q1UH/image.png)
[2018-03-19 20:29:53]
chucken1 :
I think I wait for @czokie patch0matic :slightly_smiling_face:
[2018-03-19 22:22:42]
kilrah :
that issue's documented online, remember having the same problem and solved by a search
[2018-03-20 07:02:08]
sanxexevc :
@chucken1 as i wrote before, you need to sign it with devcert and install via itunes
[2018-03-20 08:58:16]
chucken1 :
@sanxexevc Ahh ok. Let's hops the patch0matic will be released soon :slightly_smiling_face: The russian dev cert site didn't work with my card.
[2018-03-20 22:23:43]
czokie :
just fyi - not working on it at the moment - but intend to get back to it - Damm health is one factor at the moment... plus some other work stuff...
[2018-03-21 04:12:39]
sanxexevc :
@czokie what is patch0matic ?
[2018-03-21 04:13:06]
czokie :
Something I had been working on - that will sign and patch an IPA using a dev cert ....
[2018-03-21 04:13:30]
czokie :
end user will pay a small say $5 charge (to cover cert cost etc)... and get a custom IPA
[2018-03-21 04:13:59]
czokie :
Kind of like the nolimitdronez stuff for Android - but this will be server side patching - and probably hosted by NLD
[2018-03-21 04:16:06]
sanxexevc :
@czokie russians already have something like this ([theux.ru](http://theux.ru)) :)))
[2018-03-21 04:16:26]
czokie :
including the frida stuff?
[2018-03-21 04:16:39]
sanxexevc :
no, only signing with devcert )
[2018-03-21 04:17:00]
czokie :
Yeah - our one will add frida gadget and patch files....
[2018-03-21 04:17:26]
czokie :
Purpose built for DJI GO 4
[2018-03-21 04:17:35]
sanxexevc :
why do you need frida? djigo can be patched easily
[2018-03-21 04:18:10]
czokie :
Patching in this way allows more flexibility
[2018-03-21 04:18:17]
czokie :
you seen the existing frida patches?
[2018-03-21 04:18:38]
czokie :
also - the same patch will work on future versions, without having to reinvent
[2018-03-21 04:19:09]
sanxexevc :
sorry, im dont understand how frida gadget works
[2018-03-21 04:19:21]
sanxexevc :
it can be used with encrypted djigo?
[2018-03-21 04:19:30]
czokie :
<http://dji.retroroms.info/howto/fridahooklibrary>
[2018-03-21 04:19:42]
czokie :
There is a standard process to install frida gadget to the existing binary.
[2018-03-21 04:20:08]
czokie :
Thereafter, the patches can be updated without any further changes as JS files
[2018-03-21 04:20:19]
czokie :
No need to binary patch
[2018-03-21 04:20:48]
sanxexevc :
but you need decrypted app also?
[2018-03-21 04:20:56]
czokie :
Yes
[2018-03-21 04:21:20]
czokie :
But - once you have a signed patched app - you can update the js without resigning if you want
[2018-03-21 04:22:20]
sanxexevc :
yep it's cool
[2018-03-21 04:22:39]
sanxexevc :
where is tutorial how to install frida gadget?
[2018-03-21 04:22:58]
czokie :
<http://dji.retroroms.info/howto/iosfrida>
[2018-03-21 04:23:15]
sanxexevc :
thanx, i'll read )
[2018-03-21 04:23:18]
czokie :
But - the automated server side one is different - very different.
[2018-03-21 04:23:37]
czokie :
Server side one wuns on linux end to end - whereas the above is generally mac oriented
[2018-03-21 04:26:31]
sanxexevc :
frida gadget needs jailbreak?
[2018-03-21 04:48:23]
jezzab :
no jailbreak needed :slightly_smiling_face:
[2018-03-21 04:48:33]
jezzab :
you just have to insert the gadget and resign
[2018-03-21 04:48:44]
jezzab :
then you can update you patches anytime without resigning etc
[2018-03-21 04:48:58]
jezzab :
just add the new config to the documents dir of the device and restart the app
[2018-03-21 04:49:26]
jezzab :
the "patches" are hooks
[2018-03-21 04:49:44]
jezzab :
so they hook into the function and change the input or out from/to the original function
[2018-03-21 04:49:57]
jezzab :
so in all essence the app is 100% stock untouched
[2018-03-21 05:11:12]
sanxexevc :
@jezzab thnx!
[2018-03-21 07:45:41]
chucken1 :
@czokie Thanx for the heads-up! :slightly_smiling_face:
[2018-03-21 17:36:05]
kilrah :
<https://www.dropbox.com/s/osexp0o5penokip/DJI%20GO%204%20%5BDJI%5D%20%28v4.2.8%20v3094%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2018-03-22 17:08:16]
sanxexevc :
hi all!
[2018-03-22 17:08:21]
sanxexevc :
please explain
[2018-03-22 17:08:24]
sanxexevc :
{
"interaction": {
"type": "script",
"path": "Tweak.js",
"on_change": "reload"
},
"code_signing": "required"
}
[2018-03-22 17:08:34]
sanxexevc :
where it will search tweak.js?
[2018-03-22 17:08:49]
sanxexevc :
in DJI GO's documents dir?
[2018-03-22 17:11:01]
hostile :
LOL what is that from?
[2018-03-22 17:16:55]
sanxexevc :
yep, i'm tried by yourself )
[2018-03-22 17:17:06]
sanxexevc :
@hostile frida gadget
[2018-03-22 18:05:39]
per :
sorry guys, I’m extremely new to this :slightly_smiling_face:
but can I read this as you _don’t_ have to buy a cert using that IPA?
[2018-03-22 18:51:43]
czokie :
Hey
[2018-03-22 18:51:54]
czokie :
tweak.js can be loaded to the app via itunes
[2018-03-22 18:52:03]
czokie :
just normal app document sharing
[2018-03-22 18:52:45]
czokie :
BUT, there is also a copy available in another directory that can be pre-loaded with the app - i forget the directory now - its different to the doc sharing one - but will be used if nothing is shared via doc sharing
[2018-03-22 18:53:57]
czokie :
And par - you need to either use 7 day cert's - or buy a cert - or get someone else to sign an IPA for you
[2018-03-22 19:14:23]
per :
@czokie ok so how would I get someone else sign an IPA for me? I do have a couple of friends being iOS devs
[2018-03-22 20:37:49]
kilrah :
just the original 4.2.8 decrypted.
[2018-03-22 21:37:51]
jezzab :
Follow the steps in the !wiki @mavpac
[2018-03-22 21:39:48]
jezzab :
@sanxexevc if you put the `Tweak.js` or what ever you want to call it in the `FridaGadget.config` file in the same dir as the gadget it will auto load it. If you then put another one in the apps Documents dir it will use that one instead. If u have none at all, it will run completely stock
[2018-03-22 21:40:04]
jezzab :
The bloke from Frida added it for us (the Docs dir). Great bloke
[2018-03-23 10:09:55]
tylkologin :
4.2.8 is 100Mb smaller than previous version :slightly_smiling_face:
[2018-03-28 05:43:57]
per :
anyone? anyone knows how I can let a certified developer signing the FCC patched IPA for me..? :confused:
[2018-03-28 08:07:59]
per :
damn it - lost the IPA force FCC. anyone knows where to find it?
[2018-03-28 08:09:45]
per :
<!here>
[2018-03-28 08:13:50]
per :
!wiki
[2018-03-28 08:14:12]
jezzab :
What IPA force FCC??
[2018-03-28 08:15:15]
per :
this one @jezzab :
[2018-03-28 08:15:23]
per :
@per uploaded a file: [Skärmavbild 2018-03-28 kl. 10.15.08.png](https://dji-rev.slack.com/files/U8K9S7ZQV/F9XEY8AJZ/ska__rmavbild_2018-03-28_kl._10.15.08.png)
[2018-03-28 08:15:53]
jezzab :
And you went to the link?
[2018-03-28 08:16:01]
per :
yes, 404
[2018-03-28 08:16:16]
jezzab :
Well send him a message then. Not everyone here
[2018-03-28 08:16:18]
per :
here’s the link in plain text: <https://yadi.sk/d/Mt8Q5AZ53TJPDE>
[2018-03-28 08:16:24]
jezzab :
Since he posted it and made it
[2018-03-28 08:16:28]
per :
I thought the IPA was a little bit more official than that :slightly_smiling_face:
[2018-03-28 08:16:32]
jezzab :
no
[2018-03-28 08:16:37]
per :
really, alright
[2018-03-28 08:17:10]
jezzab :
Only "offical" is using Frida and PrettyWoman script
[2018-03-28 08:17:18]
jezzab :
Which is in the wiki
[2018-03-28 08:18:22]
per :
not activating FCC, though?
[2018-03-28 08:18:31]
per :
or forcing, I should rather say
[2018-03-28 08:19:24]
jezzab :
What AC do you have?
[2018-03-28 08:19:28]
per :
Mavic Pro
[2018-03-28 08:19:33]
jezzab :
It will force it
[2018-03-28 08:19:41]
jezzab :
<https://dji.retroroms.info/howto/fridahooklibrary>
[2018-03-28 08:19:47]
per :
seriously? I must’ve missed this totally…
[2018-03-28 08:19:53]
jezzab :
its in the wiki lol
[2018-03-28 08:20:36]
jezzab :
Will not notify you to upgrade either
[2018-03-28 08:20:52]
per :
that’s so .. wonderful.
[2018-03-28 08:21:56]
jezzab :
<https://dji.retroroms.info/howto/iosfrida>
[2018-03-28 08:22:15]
jezzab :
You can self sign but you will have to do it once a week.
[2018-03-28 08:22:23]
jezzab :
Or dev account for 1 year
[2018-03-28 08:22:30]
jezzab :
Or someone else sign it for you
[2018-03-28 08:23:15]
per :
yeah but I talked to a couple of friends of mine about certifying.. and he sent me this link: <https://coderwall.com/p/cea3fw/resign-ipa-with-new-distribution-certificate>
[2018-03-28 08:23:25]
per :
and said it’s not necessary certing apps any longer
[2018-03-28 08:23:26]
jezzab :
Read step 2.1
[2018-03-28 08:23:43]
jezzab :
of the iosfrida i posted
[2018-03-28 08:24:36]
jezzab :
But i would suggest reading it all. But that applies to a free account. And your dev mates should be able to work out how to sign it for you easy enough. I suggest they dont use AdHoc and use Dev provisioning
[2018-03-28 08:25:05]
jezzab :
Then you just supply them your UDID of the device you are going to run it on
[2018-03-28 08:25:06]
per :
ok
[2018-03-28 08:25:21]
per :
that’s what one of my dev colleagues where saying aswell, UDID
[2018-03-28 08:25:27]
per :
sorry about my noobish behavour here
[2018-03-28 08:25:39]
jezzab :
The UDID is basically the serial or ID of your device
[2018-03-28 08:25:42]
per :
yeah
[2018-03-28 08:25:57]
jezzab :
Then they sign it then it embeds the certificate and provision of WHAT UDIDs it can run on
[2018-03-28 08:26:11]
per :
yeah exactly
[2018-03-28 08:26:22]
jezzab :
If your not on that list thats in the App, then it wont install or best case crash instantly with a signing error
[2018-03-28 08:26:57]
per :
so when I do this, anyway. what am I expecting as an end result? an ipa transferrable to my phone or what?
[2018-03-28 08:27:06]
jezzab :
You should be able to self sign ^^ as well btw
[2018-03-28 08:27:09]
per :
“illegalchannels” lol
[2018-03-28 08:27:17]
jezzab :
That is for P4
[2018-03-28 08:27:24]
jezzab :
ie 32 channel hack
[2018-03-28 08:27:32]
sanxexevc :
@per man you are so laughy
[2018-03-28 08:27:39]
per :
sorry
[2018-03-28 08:27:39]
jezzab :
out of band channels
[2018-03-28 08:27:51]
jezzab :
lol
[2018-03-28 08:28:40]
per :
@jezzab yeah so? it should work with mavic too shouldn’t it?
[2018-03-28 08:28:55]
jezzab :
yes for sure
[2018-03-28 08:29:02]
jezzab :
there was a glitch in it for P4
[2018-03-28 08:29:06]
ben_lin :
wait
[2018-03-28 08:29:09]
jezzab :
because I was doing a switch
[2018-03-28 08:29:19]
jezzab :
Because youi cant have 32chan AND FCC
[2018-03-28 08:29:42]
ben_lin :
iOS 11 jailbreak is already out
[2018-03-28 08:29:56]
jezzab :
so i was faking the Product code in it to Mavic Pro and then forcing it. So on P4, sometimes you would have no video because it was trying to flick to OcuSync lol
[2018-03-28 08:30:05]
jezzab :
You dont need to JB
[2018-03-28 08:30:18]
ben_lin :
I mean if i do job
[2018-03-28 08:30:34]
ben_lin :
Do I still need dev account?
*jb
[2018-03-28 08:30:48]
jezzab :
so.... TL;DR @per, it will work perfectly.
[2018-03-28 08:30:59]
per :
@jezzab cheers for that man, thanks
[2018-03-28 08:31:01]
jezzab :
Nah you wouldnt
[2018-03-28 08:31:40]
jezzab :
I havent tested it on the latest and greatest but I feel it would still work. @sanxexevc would know if those functions are still the same
[2018-03-28 08:31:59]
jezzab :
I havent run it thru IDA since about .24 or something
[2018-03-28 08:32:15]
jezzab :
They will be I bet ya
[2018-03-28 08:32:24]
ben_lin :
Is the iOS patch list on wiki?
[2018-03-28 08:32:40]
jezzab :
Frida patches?
[2018-03-28 08:32:48]
ben_lin :
Yeah
[2018-03-28 08:32:51]
jezzab :
Read ^^
[2018-03-28 08:32:58]
jezzab :
I posted 2 links
[2018-03-28 08:33:13]
ben_lin :
:) will do
[2018-03-28 08:33:25]
jezzab :
One to setup the toolchain and the other with the PrettyWoman script (basically just makes a patch file for you)
[2018-03-28 08:34:02]
ben_lin :
lol I am happy with force fcc
[2018-03-28 08:34:22]
jezzab :
The `Tweaks.js` can live in your Docs dir and you can upload it with iTunes. Because it all dynamic your app is STOCK
[2018-03-28 08:34:23]
jezzab :
untouched
[2018-03-28 08:34:48]
jezzab :
and you can add or remove patches just by editing that file and reuploading with itunes (no resigning again etc)
[2018-03-28 08:34:57]
jezzab :
or just delete it and it will be a stock app again :slightly_smiling_face:
[2018-03-28 08:35:12]
ben_lin :
Sounds pretty neat
[2018-03-28 08:35:26]
ben_lin :
I am still hesitant to fly mp with cs
[2018-03-28 08:35:33]
per :
why isn’t the fcc force ipa official? :slightly_smiling_face: just curious..
[2018-03-28 08:36:24]
jezzab :
You mean distribute an unchecked IPA that isnt signed and has been decrypted (every IPA you download on your device is encrypted to YOUR device)
[2018-03-28 08:37:42]
ben_lin :
Wonder why your phone lags?
[2018-03-28 08:37:55]
ben_lin :
Cuz it is mining!
[2018-03-28 08:38:00]
jezzab :
haha
[2018-03-28 08:38:37]
ben_lin :
And soon your credit card is being used in some 3rd world countries
[2018-03-28 08:39:33]
jezzab :
The reason for Frida was because you dont need to patch, update, resign, reupload etc the IPA every time there is a change
If a new IPA comes out you just literally run your toolchain script on the new one, copy your patch file over. if a new patch for that version comes out (or any version) you jsut update your `Tweaks.js` file
[2018-03-28 08:39:52]
jezzab :
@sanxexevc's way is easier as its hard coded
[2018-03-28 08:40:03]
jezzab :
he makes a change you have to download a new IPA
[2018-03-28 08:40:46]
jezzab :
Friday works with hooks. So it intercepts the input to a function for example, twists that and then pumps it back into the original
[2018-03-28 08:40:50]
jezzab :
or the same for the output
[2018-03-28 08:41:10]
jezzab :
Is FCC -> Check FCC -> No -> Return
[2018-03-28 08:41:29]
ben_lin :
Hence no need for ipa reinstalls
[2018-03-28 08:41:40]
jezzab :
so Frida goes
Is FCC -> Check FCC -> No -> Frida_Hook-> Yes -> Return
[2018-03-28 08:42:17]
ben_lin :
In theory we can disable fc limits with frida right?
[2018-03-28 08:42:37]
ben_lin :
Given r&d effort
[2018-03-28 08:42:43]
jezzab :
`.....fc limits.....`
[2018-03-28 08:43:05]
ben_lin :
Hmm?
[2018-03-28 08:43:16]
jezzab :
Flight Controller limits
[2018-03-28 08:43:21]
jezzab :
Not App limits
[2018-03-28 08:43:39]
ben_lin :
I mean the app limit…
[2018-03-28 08:43:43]
ben_lin :
On nfz
[2018-03-28 08:43:54]
ben_lin :
App determines nfz
[2018-03-28 08:43:58]
jezzab :
Does it?
[2018-03-28 08:44:03]
ben_lin :
Yes
[2018-03-28 08:44:19]
jezzab :
so whats `/amt/nfz/nfz.db` for then?
[2018-03-28 08:44:20]
ben_lin :
Or how do you unlock nfz with dji go?
[2018-03-28 08:44:29]
jezzab :
`fc_db.db`?
[2018-03-28 08:44:36]
ben_lin :
For nfz locations?
[2018-03-28 08:44:37]
jezzab :
It send to the FC and another program
[2018-03-28 08:44:46]
jezzab :
The cert, data, co-ords
[2018-03-28 08:45:32]
ben_lin :
Another program in the rc or ac?
[2018-03-28 08:45:41]
jezzab :
AC
[2018-03-28 08:45:54]
ben_lin :
Then I am not sure
[2018-03-28 08:45:55]
ben_lin :
But
[2018-03-28 08:46:25]
ben_lin :
Ever since 4.1.0 on android I can’t fly with stock app with internet when in nfz
[2018-03-28 08:46:42]
ben_lin :
They added dynamic nfz update with that
[2018-03-28 08:46:57]
ben_lin :
Even parameter changes won’t work
[2018-03-28 08:47:07]
ben_lin :
So it has to be the app
[2018-03-28 08:47:15]
jezzab :
So you can take off with just your RC and no App with the latest NFZ db installed on the AC?
[2018-03-28 08:47:24]
ben_lin :
Yep
[2018-03-28 08:47:28]
jezzab :
What fw
[2018-03-28 08:47:44]
ben_lin :
P4p 1.05.0600
[2018-03-28 08:47:44]
jezzab :
Stock modules?
[2018-03-28 08:47:56]
ben_lin :
Mp.0100
[2018-03-28 08:48:04]
ben_lin :
No, mixed
[2018-03-28 08:48:09]
ben_lin :
But my point is
[2018-03-28 08:48:10]
jezzab :
I cant take off with my MP on .100
[2018-03-28 08:48:18]
jezzab :
Yes its 2 parts
[2018-03-28 08:48:22]
jezzab :
App and AC
[2018-03-28 08:48:24]
ben_lin :
With mixed and stock+internet it won’t work
[2018-03-28 08:49:05]
jezzab :
Yes but the system wont even take off with just the RC on .0100 for example
[2018-03-28 08:49:14]
jezzab :
Yes the app can force it
[2018-03-28 08:49:32]
jezzab :
Anyway. I think thats enough NFZ talk
[2018-03-28 08:49:36]
ben_lin :
Try
[2018-03-28 08:49:41]
jezzab :
Mate
[2018-03-28 08:49:42]
ben_lin :
True
[2018-03-28 08:49:52]
jezzab :
I have certainly tried with my GPS spoofer
[2018-03-28 08:49:53]
ben_lin :
iOS keyboard excuses me
[2018-03-28 08:50:02]
jezzab :
I cannot take off with just RC
[2018-03-28 08:50:15]
jezzab :
the big words IN NFZ are on the remote too
[2018-03-28 08:50:18]
jezzab :
STOCK firmware
[2018-03-28 08:50:20]
jezzab :
not mixed
[2018-03-28 08:50:27]
ben_lin :
Never happened on p4p
[2018-03-28 08:50:47]
ben_lin :
Mp rc is different from all others I think
[2018-03-28 08:50:47]
jezzab :
My P4 they didnt HAVE the nfz stuff in there properly before 2.0
[2018-03-28 08:51:08]
jezzab :
Hence it would never ask in Assistant2 to "Update NFZ DB"
[2018-03-28 08:51:27]
jezzab :
Which is why RedHerring wouldnt work unless I upgraded as it was a hack for the NFZ upload
[2018-03-28 08:52:21]
ben_lin :
Still though… I can arm motors on all my drones with just rc…
[2018-03-28 08:52:32]
ben_lin :
That’s even before I came here
[2018-03-28 08:52:46]
ben_lin :
But dji fucked us in later fw
[2018-03-28 08:53:19]
ben_lin :
lol DJI is on national TV now in China
[2018-03-28 08:53:22]
jezzab :
So the AC didnt fully support it and they use the App to enforce it.
[2018-03-28 08:53:35]
jezzab :
Different to AC fully supporting and App
[2018-03-28 08:53:44]
jezzab :
Anyway
[2018-03-28 08:53:58]
ben_lin :
The tv program is complaining about their customer service
[2018-03-28 08:54:00]
ben_lin :
Lmao
[2018-03-28 08:54:14]
jezzab :
You cant complain about the service. There is none
[2018-03-28 08:54:29]
ben_lin :
True…
[2018-03-28 08:54:52]
ben_lin :
But at least even the Chinese government can’t stand it anymore
[2018-03-28 08:55:09]
ben_lin :
I bet Dji fucked up some government unit repairs
[2018-03-28 08:57:46]
ender :
Maybe Kim wasn’t able to fly with his new Mavic Air when he met Xi for boy-talk as they met in a NFZ. So now Xi is mad at DJI that his favourite can’t use his toys even after they called DJI Service to get rid of that NFZ crap…
[2018-03-28 08:58:01]
jezzab :
lol
[2018-03-28 08:58:50]
ben_lin :
Rofl
[2018-03-28 08:59:18]
ender :
GO BOYS GO, Kim & Xi for freedom, what could go wrong :slightly_smiling_face:
[2018-03-28 08:59:27]
ben_lin :
Pretty sure Kim forgot to download DUMLdore and Deejayeye modder
[2018-03-28 08:59:52]
ben_lin :
You see… Kim has some nuclear bang sticks…
[2018-03-28 08:59:59]
ender :
yeah, Kims brother used to patch stuff for him but…
[2018-03-28 09:00:12]
ben_lin :
Kim killed him tho
[2018-03-28 09:00:21]
ender :
yeah, Lifehack…
[2018-03-28 09:00:45]
ben_lin :
Fucking koreans lol
[2018-03-28 09:01:07]
ender :
Listen Lin, i like my South-Korean Samsung, so watch it ! :stuck_out_tongue:
[2018-03-28 09:01:22]
ben_lin :
Oof
[2018-03-28 09:01:22]
ender :
*%$§# Apple keyboard
[2018-03-28 09:01:28]
ben_lin :
Oof
[2018-03-28 09:01:50]
ben_lin :
Apple keyboard needs to be nuked
[2018-03-28 09:02:04]
per :
@jezzab alright so I’m going through the wiki & frida.. so basically there’s a hook somewhere enabling fcc?
[2018-03-28 09:02:11]
ender :
I always have some “fire & fury” reserved for my Apple keyboard !
[2018-03-28 09:02:26]
ben_lin :
TAKE THIS TIM COOK
[2018-03-28 09:02:33]
ender :
BTW. i LOVE that prettywoman <--> Hook thingy, jezzab !
[2018-03-28 09:02:36]
ben_lin :
**sends nuke**
[2018-03-28 09:02:48]
ender :
**launch failed**
[2018-03-28 09:03:00]
ben_lin :
Rip
[2018-03-28 09:03:01]
ender :
(due to Apple keyboard error)
[2018-03-28 09:03:12]
ben_lin :
**wrong password**
[2018-03-28 09:03:56]
ben_lin :
All these r&d money still fails to make a non-retarded keyboard
[2018-03-28 09:04:05]
ben_lin :
Ffs
[2018-03-28 09:07:00]
jezzab :
@per the PrettyWoman script creates the Tweaks.js file for u. @czokie made it so you can choose which hooks u wish to apply. Kinda like the android patcher. Then spits out the Tweaks.js file
[2018-03-28 09:08:56]
jezzab :
The wiki shows what a hook looks like in the Tweaks.js. The first one I did I think Is in there. It just disables showing the DJI Agreement when u first install the app and run it for the first time.
[2018-03-28 09:39:47]
per :
cheers @jezzab!
[2018-04-05 23:07:41]
hdizzle :
!wiki
[2018-04-05 23:17:40]
hdizzle :
!ipa
[2018-04-05 23:18:03]
hdizzle :
Anyone got link for decrypted ipa? thx
[2018-04-05 23:19:01]
jezzab :
Which one?
[2018-04-05 23:19:23]
hdizzle :
latest GO 4 plz
[2018-04-05 23:20:18]
hdizzle :
i’ll have a crack at the hooking
[2018-04-05 23:21:13]
jezzab :
you just did the wiki link
[2018-04-05 23:21:19]
jezzab :
they are on the wiki
[2018-04-05 23:21:33]
jezzab :
<https://dji.retroroms.info/howto/firmware#dji_go_4>
[2018-04-05 23:21:48]
hdizzle :
oh ok thanks
[2018-04-05 23:21:55]
jezzab :
you really looked hard lol
[2018-04-05 23:24:03]
hdizzle :
I wouldn’t think to look in firmware for an ipa tbf tho
[2018-04-05 23:24:18]
jezzab :
It was in iOS rollback
[2018-04-05 23:24:27]
jezzab :
Then the links to the IPA in there
[2018-04-05 23:24:29]
jezzab :
and then the list
[2018-04-05 23:26:02]
hdizzle :
oh ok that’s why I missed it then I saw roll back but knew wasn’t what I wanted so searched pretetywoman and found frida stuff
[2018-04-05 23:26:19]
jezzab :
:slightly_smiling_face:
[2018-04-05 23:27:05]
hdizzle :
I should have searched ipa too I guess
[2018-04-07 06:43:23]
per :
so I got a patched IPA (from SaNX) and got it signed by a dev. got it in iTunes, installed it to my phone. but yet, the icon has the “blueprint”-icon, and when I click it, it says something like it _can’t be opened at the moment, please try again_ or something like that.
suggestions?
[2018-04-09 04:19:12]
hostile :
anyone @Here have the file djiFMDB.db from the iOS storage for DJI go? I am curious about entries in the table: DJIMediaUploadTaskTable
[2018-04-09 05:09:57]
paulpaws :
I have iPhone, with go4 app. Do I need Jailbreak to access this file?
[2018-04-09 13:05:42]
hostile :
no I just used iExplorer @paulpaws
[2018-04-09 13:05:57]
hostile :
<https://macroplant.com/iexplorer>
[2018-04-09 22:56:22]
jcarlo :
Is anyone on iOS 11.3? Any issues?
[2018-04-09 22:56:46]
jcarlo :
Any issues with running earlier DJI go 4 versions on 11.3?
[2018-04-10 06:06:52]
kilrah :
<https://www.dropbox.com/s/292d5ecu0p5iajm/DJI%20GO%204%20%5BDJI%5D%20%28v4.2.12%20v3110%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2018-04-10 08:07:59]
cs2000 :
God another update, cheers @kilrah
[2018-04-10 08:08:46]
cs2000 :
@jcarlo im on latest iOS with Go4 4.1.12, no issues at all
[2018-04-10 12:40:56]
jcarlo :
Cool thanks
[2018-04-11 12:46:41]
chucken1 :
What do I need to sign a fcc modded app so i can install it? Do I sign it with xcode? I'm thinking of getting a apple developer account just for this :nerd_face:
[2018-04-11 13:49:14]
cs2000 :
Should all be in the wiki, but yes youll need xcode to sign it with your developer account
[2018-04-11 13:57:57]
chucken1 :
Ok thanx :slightly_smiling_face:
[2018-04-13 11:22:43]
jakub :
fast question :stuck_out_tongue: is there a way to get FCC on Mavic Air ?
[2018-04-13 11:24:01]
validat0r :
does the air work with go 4 4.1.22?
[2018-04-13 11:24:13]
jakub :
@ilovemynexus4 I bet it's not
[2018-04-13 11:25:22]
validat0r :
release notes say 4.2.4 is the first ver to support air
[2018-04-13 11:25:44]
jakub :
@ilovemynexus4 mhm, and there's no boosted version of 4.2.4?
[2018-04-13 11:25:51]
validat0r :
afaik not
[2018-04-13 11:26:10]
validat0r :
but i'm not into air nor into iOS
[2018-04-13 11:27:10]
jakub :
me too, just checking things out
[2018-04-13 11:27:13]
jakub :
thanks though :slightly_smiling_face:
[2018-04-13 11:29:10]
jakub :
is this modded version? or just base?
[2018-04-13 11:30:01]
czokie :
Hey… Just advance notice to channel - After 25 April - I am officially finishing up at previous job. That means a couple of things. Looking for new work - but also time to do shit on the IPA stuff again. I’d really like to get a few colaborators together for a bit of a hack-a-thon to just pull this together. Just sharing in advance for anyone that ight be interested
[2018-04-13 13:07:43]
kilrah :
Always base
[2018-04-13 16:35:53]
ben_lin :
I am afraid that noobs here aren’t up to your level lol
[2018-04-20 18:50:57]
hostile :
@czokie we do need to finish that up man I was just thinking about it a few days ago
[2018-04-20 18:51:06]
hostile :
also wanted to spoof the entire back end server that Assistant talked to
[2018-04-20 18:51:09]
hostile :
just too much $life
[2018-04-20 18:51:10]
hostile :
lol
[2018-05-04 06:26:54]
kilrah :
<https://www.dropbox.com/s/2zf59fuksvh18ee/DJI%20GO%204%20%5BDJI%5D%20%28v4.2.14%20v3118%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2018-05-04 07:42:08]
cs2000 :
Thanks @kilrah
[2018-05-05 02:11:44]
aram :
Hi, @kilrah I downloaded your latest IPA file. I signed and installed on my iPhone. I couldn't understand what is the benefit this file. How can I use FCC and other feature my this IPA? Please help me with that. I am a new user in this place
[2018-05-05 07:57:27]
kilrah :
It is the stock app, just decrypted. No modifications, but people who develop mods need that to work with.
[2018-05-05 17:46:28]
per :
hey mate. FCC enabled? it’s just plugnplay? no other settings I need to do before flight?
[2018-05-08 13:12:11]
hostile :
cheers brother
[2018-05-09 17:29:38]
dan5000 :
@kilrah can this be used to connect to the NLD app if I was, for example, to install it with Cydia Impactor?
[2018-05-09 17:34:21]
dan5000 :
Ah, I think it’s possibly too new for that
[2018-05-09 20:09:48]
kilrah :
don't even have the slightest idea of what you mean by "connect to the NLD app"... AFAIK it's completely unrelated.
[2018-05-10 07:44:12]
dan5000 :
the NoLimitDronez modifier app that needs a certain IOS version to run on… I wondered if that was a prepackaged IPA of the correct version :slightly_smiling_face:
[2018-05-10 07:51:47]
kilrah :
no idea then, don't know about it so don't know what it needs
[2018-05-10 08:07:13]
ben_lin :
on wiki there is tutorial about how to install the earlier version from itunes
[2018-05-10 12:53:45]
dan5000 :
ok thanks
[2018-05-13 07:18:33]
sanxexevc :
hi all
[2018-05-13 07:18:55]
sanxexevc :
seems that on latest mavic pro firmware fcc and boost commands not worked anymore
[2018-05-13 07:19:31]
sanxexevc :
by .configs or tweak.js - it's no matter
[2018-05-13 07:19:45]
sanxexevc :
seems that it's blocked by firmware
[2018-05-13 07:20:10]
sanxexevc :
so, i think that we can enable fcc by spoofing country code
[2018-05-13 07:21:31]
sanxexevc :
@sanxexevc uploaded a file: [Untitled](https://dji-rev.slack.com/files/U84V9F5QD/FANKHE9TN/-.txt)
[2018-05-13 07:22:02]
sanxexevc :
we need to hook this functions to always return US code ) who can write code for tweak.js?
[2018-05-13 07:37:43]
bin4ry :
hey sanx
[2018-05-13 07:38:01]
bin4ry :
yesterday someone said that they cannot spoof gps anymore on ios
[2018-05-13 07:38:29]
bin4ry :
i think they use aircraft gps coords to decide which country and not phone coords on the ios app
[2018-05-13 07:38:52]
bin4ry :
on android my fcc patch still works as before and i only send the county code
[2018-05-13 07:39:03]
bin4ry :
do this should still work
[2018-05-19 07:55:21]
kilrah :
<https://www.dropbox.com/s/cypgl8yksuuul04/DJI%20GO%204%20%5BDJI%5D%20%28v4.2.16%20v3138%20Univ%20FW%20DY%20LP%20os90%29.rc336_1001.ipa?dl=1>
[2018-05-19 08:03:39]
mr.vibez :
Is that just decrypted, no mods yeah?
[2018-05-19 08:17:32]
jezzab :
Yes. Stock
[2018-05-19 08:19:27]
mr.vibez :
Thanks
[2018-05-19 08:54:16]
per :
..which means?
[2018-05-19 10:22:36]
jakub :
ios development is not shiny as Android... Kinda weird that there's no FCC mod already
[2018-05-19 10:27:12]
jezzab :
There has been for a long time
[2018-05-19 10:27:27]
jezzab :
PrettyWoman/Frida
[2018-05-19 10:29:12]
jezzab :
But on android u can just sign with a test key. iOS you can sign for a week with a personal dev key
[2018-05-19 10:29:21]
jezzab :
Then have to resign again
[2018-05-19 10:32:10]
jezzab :
A few guys have put in the effort to apply our hooks but @czokie and I did this hmm well over 6 months ago. Just seems “too hard” for people to wanna apply it. I bet all the hooks will still work on the latest iOS app
[2018-05-19 10:33:10]
jezzab :
It’s how Apple do their signing that makes it harder
[2018-05-19 11:34:59]
cs2000 :
Patch-o-matic development must have stalled :cry:
[2018-05-19 22:31:43]
chucken1 :
Is .configs file working with go 4.1.12 or is just versions before that?
[2018-05-20 09:08:24]
jezzab :
@chucken1.config will work ON 4.1.12 and all versions before that, but not after
[2018-05-21 16:41:12]
chucken1 :
Is there different dji go apps for iphone and ipad? I have rolled back to 4.1.12 (823800300) on an iphone without problems but is it the "823800300" version number the same for ipad app?
[2018-05-21 17:11:59]
kilrah :
only one app.
[2018-05-21 19:02:15]
chucken1 :
Thanx :slightly_smiling_face: @kilrah
[2018-05-27 11:18:08]
czokie :
@cs2000. Its stalled but not forgotten. I got a redundancy from the day job, and now doing big server upgrade project for my own business. Its on the list after that :)
[2018-05-27 18:46:12]
cs2000 :
@czokie good to hear it mate, glad it’s still progressing!
[2018-05-28 02:58:51]
czokie :
Let me just say its in the backlog.
[2018-05-28 08:19:28]
chucken1 :
@czokie Will Patch-o-matic be part of NLD or standalone?
[2018-05-28 22:59:01]
czokie :
Unsure @chucken1 - lets build it first :)
[2018-06-04 15:03:14]
dan5000 :
Can you not use Flex in order to apply patches in RAM?
[2018-06-04 18:07:07]
mr.vibez :
Good question
[2018-06-05 09:00:45]
dan5000 :
I was surprised when I loaded up Flex and saw no user-submitted patches online. Sadly app processing in Flex is a bit broken under IOS11
[2018-06-05 09:02:54]
jezzab :
Dont you need to jailbreak to run Flex?
[2018-06-05 09:25:13]
dan5000 :
Absolutely!
[2018-06-05 09:25:41]
dan5000 :
I realise that reduces the number of potential users, but I figured if you were into hacking drones you’d be into hacking phones too
[2018-06-05 09:26:23]
dan5000 :
That said I’m currently sat on 11.3.1 without JB, waiting for the new invulnerability to drop
[2018-06-05 09:36:44]
jezzab :
If I was going to run it jail broken I would just patch the app at a byte level
[2018-06-05 09:43:45]
dan5000 :
indeed
[2018-06-05 09:44:05]
dan5000 :
what do folks do usually, install an older version of the IPA from Apple via a proxy?
[2018-06-05 09:44:15]
dan5000 :
or sideload?
[2018-06-05 09:50:10]
jezzab :
!wiki
[2018-06-05 09:55:59]
dan5000 :
what do you do personally? :slightly_smiling_face:
[2018-06-05 10:08:47]
jezzab :
If using iOS, Frida
[2018-06-05 10:11:14]
jezzab :
But I don’t really use iOS much now days for flying, so haven’t bothered to make any more hooks.
[2018-06-05 10:12:28]
dan5000 :
fair enough
[2018-06-05 10:12:45]
dan5000 :
IOS is pissing me off in more areas than this one… might get an android instead of the next iphone
[2018-06-05 12:23:21]
coldflake :
IOS is a shit show along with all other apple devices. Their policies makes it shit and sometimes I wonder why the fuck their customers tolerate that. Hey we fuck you in the ass with hardware that were top notch...2 years ago! Then we cram it into a fancy casing and boom, fanbois rips shit off the shelves. Completely disregarding that it's under speced compared to any similar Samsung or similar Android device.
[2018-06-05 12:23:30]
coldflake :
Grotesque to say the least
[2018-06-05 12:38:43]
dan5000 :
I do like the style of their products though. Mac and iphone are a joy to use - I’ve tried some androids where the OS feels like something someone came up with on a friday afternoon - that was a while ago though
[2018-06-06 05:06:36]
ben_lin :
iPhones have the best hardware in every generation
[2018-06-06 05:07:13]
ben_lin :
Faced ID/Cameras/COP/A11 SoC
[2018-06-06 05:07:43]
ben_lin :
Mac is the real shitshow
[2018-06-06 05:07:54]
ben_lin :
iOS is awesome as it is
[2018-06-06 05:08:03]
ben_lin :
Except the gay App Store
[2018-06-06 05:39:13]
paulpaws :
Didnt know and App Store has a gender :slightly_smiling_face:
[2018-06-06 09:01:21]
ender :
Hardware is top notch (pun intended) but Apples policies are the problem. Bought the first iPhone the classy style: travelled to NYC for it. but from then on all went wayyyy downhill in terms of “make the user stupid so he can use our stuff”. iPhone 4 was my last private iOS device, have them all for work but not in private…
[2018-06-06 09:12:53]
w4t3r :
Guys, just jailbreak 'em. Then you get great hardware, the benefits of iOS and can play around as you want
[2018-06-06 09:14:09]
w4t3r :
Only thing is you can't upgrade. I'm jailbroken on iOS 10.2 with my iPhone SE since I bought it and it's plain awesome.
[2018-06-06 09:16:15]
ender :
Obviously i did jailbreak all my iOS devices :wink:
[2018-06-06 09:16:41]
ender :
Went from NYC APple store straight to Hotel room to get that done :slightly_smiling_face:
[2018-06-06 10:23:28]
dan5000 :
Waiting for the 11.3.1 JB after happily using the 11.1.2 one
[2018-06-06 10:39:55]
ben_lin :
I thought 11.3.1 has JB?
[2018-06-06 11:23:52]
dan5000 :
the invulnerability got released yesterday, still waiting on Coolstar to make the tools, test etc
[2018-06-06 11:24:01]
dan5000 :
most of the working parts are there though.
[2018-06-08 05:32:56]
per :
hi. anyone got the latest .ipa, FCC-patched?
[2018-06-08 23:54:55]
739461411 :
If you succeed, remember to share how the IOS device opens the FCC
[2018-06-09 07:22:48]
per :
@739461411 hm?
[2018-06-10 03:42:17]
jezzab :
ObjC, burn it with fire
[2018-06-10 03:42:30]
jezzab :
Then again a cult should have its own language :thinking_face:
[2018-06-15 09:58:00]
739461411 :
Did you use the IOS system to open the FCC successfully?
[2018-06-19 05:32:17]
per :
no it didn’t work, I believe
[2018-07-09 08:15:30]
cs2000 :
<!here> Just so you guys are aware, IOS 11.3.1 is now jailbroken with Electra <https://coolstar.org/electra/>
Its not the absolute latest firmware, but tons of people still use it, me included and the guy who's developed it has a 0day in hand for iOS12, so looks like potentially we could start playing with the iOS app like we do with the android one. I ran the app on Saturday and confirmed it works
[2018-07-09 08:47:37]
d95gas :
Nice one, shall have to play at the weekend :slightly_smiling_face:
[2018-07-09 09:26:38]
cs2000 :
Just give the JB some time, its NOT bulletproof getting it to install. For what its worth, the way i got it to work was adding a 3rd partuy appstore called Ignition from [ignition.fun](http://ignition.fun) and then searching for Electra in there and using their copy. It has a few extra tweaks in it and i got it working after 2 tries
[2018-07-09 09:27:13]
cs2000 :
Plus, their copy is signed with their dev certificate, meaning the package is valid for 1 year rather than 7 days with Cydia impactor
[2018-07-09 09:28:21]
cs2000 :
its a untethered jailbreak, but gets removed if your phone reboots, but then you just load Electra and tap Enable Jailbreak again to get it back. Kinda handy really as if you want to run an app that checks for jailbreaks, you just reboot, run it and then can just re-enable the jailbreak afterwards
[2018-07-09 09:28:58]
d95gas :
Ok cool, will take a look and see how I get on. Cannot remember the last time I rebooted it anyway so no biggie. Always interested to see how these JB's work :slightly_smiling_face:
[2018-07-09 09:31:43]
makingthisnameup :
Me either I suppose here I go
[2018-07-09 09:40:36]
cs2000 :
good luck! hopefully this will spur some IOS app hacking
[2018-07-09 14:36:40]
cs2000 :
@czokie thought you may wana know about the above ^^
[2018-07-11 15:32:39]
makingthisnameup :
I know it's been said over and over but the amount of hoops we have been forced to jump through to get even just iOS to play nice is incredible
[2018-07-11 15:33:06]
makingthisnameup :
Evil eye at apple
[2018-07-11 15:35:58]
makingthisnameup :
Drones KitKat buuuuut "made for iPhone" :face_with_rolling_eyes:
[2018-07-13 16:02:05]
per :
..still looking for a proper FCC hack for iOS :disappointed:
[2018-07-14 08:49:17]
cs2000 :
Well, since we now have jailbreak, hopefully this will spur on development. Maybe
[2018-07-14 08:49:36]
cs2000 :
Can still use Frida for hooks, but we have lots more room to play
[2018-07-14 08:58:17]
jezzab :
I'll try and JB tomorrow if I get a chance. Then I will try and port our old Frida stuff to a patch system like deejayeye modder maybe
[2018-07-14 09:00:52]
jezzab :
I don't use iOS much now days
[2018-07-16 11:40:32]
ddzobov :
hello! i am running dji go 4 with frida and want to modify Tweak.js. Where placed output logs (console.log)? In device console no frida strings
[2018-07-16 11:41:17]
ddzobov :
i am not sure that frida tweak is running, but if i am remove Tweak.js in console appears message "file not found Tweak.js"
[2018-07-16 11:41:21]
ddzobov :
Jul 16 14:40:58 iPhone-7-Plus DJI GO 4(FridaGadget.dylib)[6510] <Notice>: Frida: Failed to load /var/containers/Bundle/Application/723BC934-E1E3-4D7D-8201-4F11065609B9/DJI GO 4.app/Frameworks/Tweak.js: Failed to open file \M-b\M^@\M^\/var/containers/Bundle/Application/723BC934-E1E3-4D7D-8201-4F11065609B9/DJI GO 4.app/Frameworks/Tweak.js\M-b\M^@\M^]: No such file or directory
[2018-07-16 11:41:38]
ddzobov :
but if file presents i see no any console messages
[2018-07-16 11:44:38]
jezzab :
if the file is placed in the applications Documents directory with something like iTunes, it will override the Tweaks.js if its added to the app package
[2018-07-16 11:45:01]
ddzobov :
i know it, i want to modify Tweak.js and see console.log messages
[2018-07-16 11:45:12]
ddzobov :
but i can not find them anywhere
[2018-07-16 11:45:30]
jezzab :
ill leave you to it then
[2018-07-16 11:47:18]
jezzab :
i would suggest running Frida with the debugger. Then you will see what your lookin for
[2018-07-16 11:47:47]
ddzobov :
may be you have decrypted dji go 4 4.2.22 (latest)?
[2018-07-16 11:48:08]
jezzab :
read the wiki
[2018-07-16 11:48:22]
jezzab :
it has all abou frida and even links to the go ios apps
[2018-07-16 11:48:24]
ddzobov :
i will inject frida in it. I have already injected version, but my frida version differs
[2018-07-16 11:48:26]
jezzab :
!wiki
[2018-07-16 11:49:42]
ddzobov :
4.2.14 latest in wiki
[2018-07-16 11:49:50]
ddzobov :
but 4.2.22 latest in App Store
[2018-07-16 11:50:46]
ddzobov :
i have encrypted ipa, but for decrypt i need jailbroken device(
[2018-07-16 11:50:53]
ddzobov :
all my devices with latest fw
[2018-07-16 11:51:43]
jezzab :
yup
[2018-07-16 11:56:22]
jezzab :
you will have to use 4.2.14 for your testing then
[2018-07-16 12:08:24]
cs2000 :
You can JB 11.3.1 now if it helps, not that we as a group have done any work on this.
[2018-07-16 12:09:03]
cs2000 :
i have a JB device now, but dunno what app @kilrah uses to create the decrypted packages
[2018-07-16 12:13:11]
ddzobov :
iMazing is great app for it
[2018-07-16 12:13:26]
ddzobov :
two clicks and encrypted app in your hands
[2018-07-16 12:13:46]
ddzobov :
but for decryption need to run something in memory)
[2018-07-16 12:20:15]
cs2000 :
Looks pretty easy to do if i had a linux/mac handy
[2018-07-16 12:20:15]
cs2000 :
<https://github.com/BishopFox/bfdecrypt>
[2018-07-16 12:20:24]
cs2000 :
compatible with the new electra JB too
[2018-07-16 12:34:25]
kilrah :
hey, been a long time
[2018-07-16 12:34:28]
kilrah :
i use rasticrac
[2018-07-16 12:39:00]
cs2000 :
Now that we can Jailbreak, we can also just use AppSync Unified which means we can install unsigned stuff without having to use dev accounts/cydia impactor. Its the same tweak that back in the day let you download random cracked APK files and just install them, but now works with ios11
[2018-07-16 12:39:25]
cs2000 :
available on Cydia <https://cydia.angelxwind.net/>
[2018-07-16 12:41:07]
kilrah :
did i miss something? is there a jailbreak for current ios?
[2018-07-16 12:43:10]
cs2000 :
yes mate
[2018-07-16 12:43:22]
cs2000 :
My original message
[2018-07-16 12:43:23]
cs2000 :
Just so you guys are aware, IOS 11.3.1 is now jailbroken with Electra <https://coolstar.org/electra/>
Its not the absolute latest firmware, but tons of people still use it, me included and the guy who's developed it has a 0day in hand for iOS12, so looks like potentially we could start playing with the iOS app like we do with the android one. I ran the app on Saturday and confirmed it works
[2018-07-16 12:43:42]
cs2000 :
Just give the JB some time, its NOT bulletproof getting it to install. For what its worth, the way i got it to work was adding a 3rd partuy appstore called Ignition from [ignition.fun](http://ignition.fun) and then searching for Electra in there and using their copy. It has a few extra tweaks in it and i got it working after 2 tries
Plus, their copy is signed with their dev certificate, meaning the package is valid for 1 year rather than 7 days with Cydia impactor
its a untethered jailbreak, but gets removed if your phone reboots, but then you just load Electra and tap Enable Jailbreak again to get it back. Kinda handy really as if you want to run an app that checks for jailbreaks, you just reboot, run it and then can just re-enable the jailbreak afterwards
[2018-07-16 12:45:26]
kilrah :
ok, not current
[2018-07-16 12:45:44]
kilrah :
still can't upgrade then :disappointed:
[2018-07-16 12:54:03]
cs2000 :
ahh, youre on 11.1.4? There is a 11.4 beta 3 which the JB works on i think
[2018-07-16 12:54:24]
kilrah :
no i'm on 10.0.something
[2018-07-16 12:54:28]
kilrah :
really shitty release
[2018-07-16 12:54:44]
cs2000 :
ahh damn, you just missed the signing window for 11.3.1
[2018-07-16 12:54:50]
kilrah :
yea :disappointed:
[2018-07-16 12:55:03]
cs2000 :
Does something like Future restore work?
[2018-07-16 12:55:03]
kilrah :
well i should have my shsh2 but i have no idea how that works nowadays
[2018-07-16 12:55:14]
cs2000 :
or do you have to have some blobs saves?
[2018-07-16 12:56:28]
cs2000 :
This is an old thing, but still works i beleive
[2018-07-16 12:56:29]
cs2000 :
<https://www.reddit.com/r/jailbreak/comments/5vjl5s/tutorial_how_to_restore_to_ios_102_with/>
[2018-07-16 12:59:27]
cs2000 :
Plus the guy has a 0day for ios12, so hopefully it wont be detected and be exploitable in later firmware
[2018-07-16 13:03:07]
cs2000 :
If you wanna keep an eye on things, this is the developer <https://twitter.com/coolstarorg>
[2018-07-16 13:05:21]
kilrah :
nice
[2018-07-16 13:05:58]
kilrah :
yup i have my blobs
[2018-07-16 13:06:07]
kilrah :
but no idea of the procedure to flash with them
[2018-07-16 13:06:28]
cs2000 :
Any good ? <https://www.reddit.com/r/jailbreak/comments/8nuzzy/tutorialwindowsosx_use_blobs_to_install_ios_1131/>
[2018-07-16 13:06:41]
kilrah :
yay
[2018-07-16 13:06:57]
kilrah :
will look at that and see if i dare attempting
[2018-07-16 13:07:03]
cs2000 :
give it a shot, would be amazing to get some progress made on the ios side :slightly_smiling_face:
[2018-07-16 13:07:10]
cs2000 :
Theirs some youtube videos about it too :slightly_smiling_face:
[2018-07-16 13:48:49]
kilrah :
just would not be happy if it somehow fails and i can't go back to my current jailbroken status
[2018-07-16 13:48:56]
kilrah :
but yeah sounds much better
[2018-07-16 14:06:58]
kilrah :
need to find a café with a good internet connection now :smile:
[2018-07-16 14:07:04]
kilrah :
i'm on a work trip abroad
[2018-07-16 14:33:46]
cs2000 :
ahhh, anywhere nice?
[2018-07-16 14:35:06]
kilrah :
spain
[2018-07-16 14:37:37]
cs2000 :
:sunglasses: hope you get to enjoy some sun on your downtime? That said, its been absolutly baking here in the UK for about 3-4 weeks now
[2018-07-16 14:37:52]
cs2000 :
most days are 26c + which is very unusual lol
[2018-07-16 14:41:26]
kilrah :
sun for sure, enjoying not too much, way too hot lol
[2018-07-16 14:41:35]
kilrah :
this morning's thunderstorm was too short :smile:
[2018-07-16 14:43:49]
d95gas :
and forecast to stay for 40 days :slightly_smiling_face: the sunshine that is, but I wish everyone would stop calling it a heatwave and call it SUMMER
[2018-07-16 14:44:06]
cs2000 :
yeah i know, but we love to complain here, you know that
[2018-07-16 14:44:14]
cs2000 :
its ALWAYS too cold, or too hot
[2018-07-16 14:51:15]
kilrah :
exactly :laughing:
[2018-07-16 20:30:22]
ddzobov :
anyone know how can i get offline logs from frida gadget?
[2018-07-16 20:30:46]
ddzobov :
i rewritten tweak.js and i want to know enabling fcc and boost working or not
[2018-07-16 20:31:18]
ddzobov :
because i can not debug device and fly at one time
[2018-07-16 20:31:48]
ddzobov :
i tried writting to file with js api File - operation not permitted(
[2018-07-16 21:03:43]
ddzobov :
This config can enable fcc, boost, 2.3G, 2.5G, illegal channels. Anyone can help me to test it?
[2018-07-16 21:05:33]
ddzobov :
Manually allowed editing all params except force_fcc, force_boost and illegal_channels - they filled in iOS pop-ups
[2018-07-17 20:48:25]
kilrah :
@cs2000 i'm now on 11.3.1 and re-jailbroken, thanks for pushing :grinning: much less broken than my "initial release" 10.0.1...
[2018-07-18 04:17:01]
per :
..but still, no-one got a superb idea how to activate FCC for DJI Go latest version? :disappointed:
[2018-07-18 04:38:27]
jezzab :
Well done
[2018-07-18 05:03:55]
per :
what the hell! :open_mouth:
[2018-07-18 05:04:00]
per :
how when where what? :smile:
[2018-07-18 06:40:48]
d95gas :
and where can we get this devilish applications for IOS :slightly_smiling_face:
[2018-07-18 07:19:39]
per :
yeah what the hell - I want that! :slightly_smiling_face:
[2018-07-18 07:52:45]
cs2000 :
Amazing, glad it all worked for you!
[2018-07-18 07:53:45]
cs2000 :
Make sure to add "<https://cydia.angelxwind.net/>" and install AppSync Unified, it will let us/you install apps without having to deal with developer certificates or cydia impactor
[2018-07-18 07:54:43]
cs2000 :
Wonder how that guy has the app modified like that?
[2018-07-18 07:59:43]
rickysuper :
so excited to see such app but Im Android user....... :disappointed:
[2018-07-18 08:00:25]
cs2000 :
Lol, then you already have all the freedoms
[2018-07-18 08:19:01]
per :
in terms of, if I understand you correctly: if I install AppSync Unified, I would be able to install a FCC modded .IPA without being bothered by dev certs?
[2018-07-18 08:34:37]
per :
correct?
[2018-07-18 10:37:18]
kilrah :
@cs2000 i have appsync installed from appcake :wink:
[2018-07-18 10:38:06]
kilrah :
has been a pain to find a way to decrypt apps on ios11 though. Rasticrac I was using doesn't work on 11 yet :disappointed:
[2018-07-18 10:42:14]
cs2000 :
I found one earlier that workes with this jailbreak. hang on
[2018-07-18 10:42:50]
cs2000 :
@kilrah <https://github.com/BishopFox/bfdecrypt>
[2018-07-18 10:43:04]
kilrah :
yup that's what i found and used
[2018-07-18 10:43:14]
kilrah :
works, but not this one, a fork of it
[2018-07-18 10:43:33]
cs2000 :
yeah i found the fork too the other day :slightly_smiling_face:
[2018-07-18 10:44:20]
kilrah :
will upload latest go4 when i get a good enough connection to see if people can use it...
[2018-07-18 10:44:40]
kilrah :
don't have a working terminal on the pad itself though, annoying
[2018-07-18 10:44:43]
kilrah :
need to ssh from a pc
[2018-07-18 10:48:42]
cs2000 :
hope we can get some hacking progress made a-la Bin4ry's modder for Android, that would be sweet
[2018-07-18 11:12:29]
ddzobov :
Need an dji go 4 patched with frida and signed. No JB needed
[2018-07-18 11:25:03]
kilrah :
<https://www.dropbox.com/s/fzmr2jrma7yn40n/DJI%20GO%204%204.2.22%20%28decrypted%29.ipa?dl=1>
[2018-07-18 11:26:22]
kilrah :
btw it looks like bfdecrypt can probably do some of the injection people have been doing here...
[2018-07-18 12:08:44]
ddzobov :
2 minutes
[2018-07-18 12:08:52]
ddzobov :
i'll send link to patched
[2018-07-18 12:08:58]
ddzobov :
thank you for 4.2.22!)
[2018-07-18 12:10:50]
ddzobov :
<https://yadi.sk/d/OZFE4tMX3ZJsEA>
[2018-07-18 12:43:08]
cs2000 :
@ddzobov ahh, is that your video?
[2018-07-18 12:49:10]
ddzobov :
Yes
[2018-07-18 12:59:49]
cs2000 :
Nice work!
[2018-07-18 13:01:06]
cs2000 :
So it works "as is" dont need to do anything else in terns of loading other tweak.js files etc?
[2018-07-18 13:21:39]
ddzobov :
yes, it works as is
[2018-07-18 13:21:51]
ddzobov :
tweak.js already inside ipa
[2018-07-18 13:33:09]
cs2000 :
Nice work, wonder what other goodies we can play with now we have JB access too
[2018-07-18 13:34:01]
ddzobov :
[theux.ru](http://theux.ru) - here you can buy developer certificate and sign this ipa
[2018-07-18 13:45:35]
cs2000 :
Not needed if you have Appsync Unified installed
[2018-07-18 13:46:51]
cs2000 :
"AppSync Unified is a tweak that patches installd to allow for the installation of unsigned, fakesigned, or ad-hoc signed IPA packages on an iOS device."
[2018-07-18 13:47:04]
cs2000 :
basically just drop the IPA file into iTunes and it will sync, done
[2018-07-18 13:47:04]
ddzobov :
for jailbroken devices
[2018-07-18 13:47:12]
cs2000 :
yeah for JB devices i mean
[2018-07-18 13:47:56]
cs2000 :
but since thats now possible on 11.3.1 and you can use Futurerestore to get to 11.3.1 (even though its no longer signed), everyone can have jailbreak
[2018-07-18 13:48:08]
cs2000 :
<https://www.reddit.com/r/jailbreak/comments/8nuzzy/tutorialwindowsosx_use_blobs_to_install_ios_1131/>
[2018-07-18 14:00:53]
cs2000 :
@ddzobov just installed it with 3uTools, confirmed it works on iOS with JB and no need to sign that way, awesome work!
[2018-07-18 14:06:30]
ddzobov :
Good :)
[2018-07-18 14:11:20]
paulpaws :
Very nice
[2018-07-18 14:11:36]
paulpaws :
I will download and try
[2018-07-18 14:12:01]
cs2000 :
Just need to wrap that in something like Bin4ry's Android like thing so we can select patches, apply things selectively etc and we will be golden
[2018-07-18 14:12:19]
paulpaws :
I need to look into my phone now and see if I can jailbreak. I have JB my phone for ages
[2018-07-18 14:12:30]
cs2000 :
Fingers crossed you can
[2018-07-18 14:12:54]
cs2000 :
need to be on 11.3.1 or 11.4 beta 3, OR try a Future restore from the above URL to get there :slightly_smiling_face:
[2018-07-18 14:13:32]
paulpaws :
I’m on 11.1.2
[2018-07-18 14:13:47]
cs2000 :
ahh, then you definitely can
[2018-07-18 14:14:16]
cs2000 :
<https://coolstar.org/electra/>
[2018-07-18 14:14:32]
paulpaws :
Need to look up on how too. Haven’t do for ages
[2018-07-18 14:14:38]
cs2000 :
This is the version for your firmware
[2018-07-18 14:14:39]
cs2000 :
<https://coolstar.org/electra1112/>
[2018-07-18 14:14:59]
cs2000 :
Just grab that IPA, sign it with Cydia Impactor and press the Jailbreak button in the app
[2018-07-18 14:15:06]
paulpaws :
Okay cool is it full JB or part JB
[2018-07-18 14:15:37]
cs2000 :
full jailbreak but is semi untethered, so if you reboot, youd need to open the app and press the button to re-enable the jailbreak
[2018-07-18 14:15:59]
cs2000 :
but that can also be handy for running apps that detect a JB and fail to work (banking apps often do that)
[2018-07-18 14:16:23]
paulpaws :
Okay cool I look it up
[2018-07-18 14:18:10]
paulpaws :
Okay off to bed maybe do in the morning
[2018-07-18 14:20:22]
paulpaws :
I do have the modded android app already. But I have to say I do like how the iOS version. Let you chose your setting very cool
[2018-07-18 16:30:54]
ddzobov :
Anyone can test, enabling 5.8 working or not?
[2018-07-18 16:31:09]
ddzobov :
I have mavic pro and i can not test it on real device
[2018-07-18 17:14:05]
digdat0 :
Daniil i'll test later - im charging batts, I got it loaded. ty sir
[2018-07-18 17:16:29]
kilrah :
@cs2000 "everyone can have jailbreak" is NOT correct! If you're not on those versions only those who have been actively waiting for it and have saved their blobs while they were being signed can up or downgrade - aka not your random person
[2018-07-18 17:17:44]
kilrah :
even though who do commonly forget to save each and every version
[2018-07-18 17:18:09]
kilrah :
i have mine becasue i've been paying for the service "just in case" for a while
[2018-07-18 17:20:22]
per :
ok so if I’d like to sign my .IPA with Appsync Unified - what’s the most simplest way of jailbreaking my phone?
[2018-07-18 17:23:49]
kilrah :
you do not "sign with appsync". appsync allows you to run unsigned app.
[2018-07-18 17:24:13]
kilrah :
read up, all links were given 2-3 days ago
[2018-07-18 17:30:52]
per :
oh yes of course, run unsigned apps is what I meant (of course).
[2018-07-18 19:43:56]
digdat0 :
all that i did was download electra via [ignition.fun](http://ignition.fun), trust the certs in settings, then run jailbreak on the electra app. After that, copied over the IPA and i'm running it.
[2018-07-18 19:44:13]
digdat0 :
i did also install appsync unified, but didnt need to do anything to run the ipa
[2018-07-18 19:54:55]
aciid :
I just installed electra today, whats all the fun we are having with DJI GO 4 ? I'm at 11.0
[2018-07-18 21:59:49]
digdat0 :
Danill showed a cool vid of Go 4 on iOS asking for fcc, boost, freq, channel mode. ipa link was above, gonna try out here soon
[2018-07-18 22:36:51]
digdat0 :
id say boost worked, i did a screen recording here .. about 4300 feet out, rth. came back, killed go, reloaded with boost .. then 7300 with boost before rth.
[2018-07-18 22:37:00]
digdat0 :
same path
[2018-07-18 23:20:14]
paulpaws :
@digdat0 re the jailbreaking via [ignition.fun](http://ignition.fun), do i need to don anything special? or just as did in your comments above?
[2018-07-18 23:45:13]
digdat0 :
i did the jb, loaded the ipa Daniil posted up in the thread here and then used boost in it
[2018-07-19 00:00:07]
paulpaws :
no my question was regarding JB
[2018-07-19 00:01:12]
paulpaws :
you didnt have to do anything special right , just ran the JB from the [ignition.fun](http://ignition.fun) site right?
[2018-07-19 00:06:36]
digdat0 :
correct. i did trust certs in settings
[2018-07-19 00:21:38]
paulpaws :
thanks @digdat0 btw love your youtube vidoes very helpful
[2018-07-19 09:00:55]
aciid :
I installed unified appsync how do i do this basic thing
[2018-07-19 09:10:12]
aciid :
nevermind installed Filza and got the ipa to isntall
[2018-07-19 09:12:54]
aciid :
IMO iPhone jailbroken is more stable than any android phone using DJI Go
[2018-07-19 13:21:12]
aciid :
@ddzobov some feedback login skipping doesnt work
[2018-07-19 13:23:57]
ddzobov :
In this tweak this feature not listed
[2018-07-19 13:47:39]
aciid :
weird it skips for me the whole login if im anonymous
[2018-07-19 13:47:48]
aciid :
then out of the blue while flying it asks to login
[2018-07-19 13:47:53]
aciid :
maybe a DJI bug
[2018-07-19 22:50:09]
daguz66 :
Many thanks ! Successfully installed dji go 4 4.2.22-frida.ipa on jailbroken Iphone 11.3.1 (with appsync 30 installed) using Ifunbox 4.0 preview v406 .. it works! :grinning:
[2018-07-19 22:51:02]
daguz66 :
at iphonex
[2018-07-19 22:58:58]
aciid :
ill never jailbreak my daily. my bank has too much money and focus on mobile so they detect all that shit
[2018-07-19 22:59:46]
aciid :
also apple pay which I use daily
[2018-07-19 23:01:56]
aciid :
but yeah I have a 6splus for jb flyin it werks
[2018-07-20 00:04:47]
digdat0 :
i agree there aciid, i did my ipad i'l leave my iphone alone
[2018-07-20 00:04:58]
digdat0 :
i had another good ios boost flight today, im liking it
[2018-07-20 03:26:14]
digdat0 :
@ddzobov do you mind if i share link to the IPA? few guys at our fb goup would love to test
[2018-07-20 05:27:20]
ddzobov :
No problem
[2018-07-20 10:52:31]
ddzobov :
anyone have much experience with frida?
[2018-07-20 10:58:13]
aciid :
learning everyday more, sadly my targets are heavily obfuscated.
[2018-07-20 10:58:41]
aciid :
i can check DJI GO 4 today if its less, i'm pretty fond with Hopper and IDA though
[2018-07-20 10:59:30]
cs2000 :
@czokie and @jezzab are two of the main people who compiled the frida hooks that are on the wiki
[2018-07-20 11:00:23]
aciid :
also theres ~frida
[2018-07-20 11:00:31]
aciid :
but you probably alrady knew
[2018-07-20 11:06:27]
ddzobov :
i need trace and change countryCode with Tweak.js
Probably these:
DJICountryCodeManager
- countryCodeForGPS
- countryCodeForMCC
- countryCodeForIP
But these are getters, i need setters for them for change values to US. NSTaggedPointerString - value types
i think that in setter runs other logic that enables FCC and 5.8
[2018-07-20 11:11:12]
ddzobov :
In setters of DJICountryCodeManager probably fills
[*] Value DJICountryCodeProviderLogic[- countryCodeValue] - 0x1c422e460
[*] Kind instance
[*] ClassName __NSDictionaryM
[*] Value {
"DJICountryCodeSource<0>" = "";
"DJICountryCodeSource<1>" = RU;
"DJICountryCodeSource<2>" = RU;
"DJICountryCodeSource<3>" = RU;
}
Source 1 2 3 may be GPS MCC and IP?
[2018-07-20 12:31:05]
aciid :
I can verify once im at home with my macbook in max 2 hours
[2018-07-20 16:24:25]
ddzobov :
Ok, thank you
[2018-07-20 16:41:53]
aciid :
this binary is really taxing on Hopper
[2018-07-20 16:42:03]
aciid :
I use it for debugging and search for methods, as Frida usually fails
[2018-07-20 16:42:09]
aciid :
binary is like 60mb
[2018-07-20 17:06:22]
aciid :
@aciid uploaded a file: [Untitled](https://dji-rev.slack.com/files/U6AD6A1QU/FBU2R1BU4/-.txt)
[2018-07-20 17:06:38]
aciid :
@ddzobov ^
[2018-07-20 17:09:02]
ddzobov :
Maybe you know how to call or hook this setter in Tweak.js?
[2018-07-20 17:10:18]
aciid :
i traversed the manager for a bit I didn't find the updater yet that would use three values
[2018-07-20 17:10:30]
aciid :
I did not identify
[2018-07-20 17:10:32]
aciid :
its there
[2018-07-20 17:11:03]
aciid :
what's MCC abbrevation of?
[2018-07-20 17:13:10]
aciid :
Main Controller
[2018-07-20 17:17:25]
aciid :
I'm moving locations soon again to my mates house gonna continue tracing
[2018-07-20 17:18:10]
aciid :
when you hop into controls of any drone it does this
```
10940 ms -[DJICountryCodeManager currentCountryCode]
10940 ms | -[DJICountryCodeManager countryCodeForGPS]
10940 ms | -[DJICountryCodeManager countryCodeForMCC]
10940 ms | -[DJICountryCodeManager countryCodeForIP]
```
[2018-07-20 17:18:34]
aciid :
i dont have networked frida so cant try with usb RC
[2018-07-20 17:18:59]
aciid :
also my drone is in the garage coz it has the infrared camera attached
[2018-07-20 17:48:30]
ddzobov :
MCC may be sim card region
[2018-07-20 17:48:48]
ddzobov :
<https://ru.m.wikipedia.org/wiki/Mobile_Country_Code>
[2018-07-21 11:25:04]
aciid :
@perdario1
[2018-07-21 11:25:08]
perdario1 :
@perdario1 has joined the channel
[2018-07-21 12:53:39]
perdario1 :
Thx
[2018-07-21 13:00:35]
aciid :
yea we have some information here and if you have the skills you can join in the mayhem
[2018-07-21 13:10:53]
d95gas :
Anyway this latest IOS version can be sideloaded on a non jailbreak device? Currently stuck on 11.4.1 as there are no earlier signed IPSW's to rollback to
[2018-07-21 13:15:49]
aciid :
if you can sign in xcode that way you can load apps in if I recall correctly
[2018-07-21 13:16:01]
aciid :
its $20 / year.
[2018-07-21 13:17:50]
aciid :
it makes so many processes easier that I'd recommend getting a dev account.
[2018-07-21 13:20:28]
d95gas :
I have a mac sat here doing nothing. Will have a read up on xcode
[2018-07-21 13:21:00]
aciid :
well depends very much on your technical intuition
[2018-07-21 13:21:12]
d95gas :
:slightly_smiling_face:
[2018-07-21 13:21:13]
aciid :
that is it for you to do these things theres lots of studying
[2018-07-21 13:21:19]
d95gas :
willing to give anything a go
[2018-07-21 14:12:00]
aciid :
gesus its boring to traverse dji go binary with hopper
[2018-07-21 14:19:26]
aciid :
has anyone sucesfully interfaced with DJIServicePort? looks really interesting even tho we don't probably have libraries for it. it can setup servers and stream video, you can run commands. do actually anything that os can. but It's kinda dev shelll with ready speciific commands
[2018-07-21 21:16:41]
ddzobov :
Today tested, astreroid mode not working on mavic pro. Mode starts but mavic stays at one place
[2018-07-21 21:17:08]
ddzobov :
So, it’s impossible to activate mavic air features on pro :(
[2018-07-22 19:44:59]
ddzobov :
Anybody knows how to call method in frida js?
[2018-07-22 19:45:23]
ddzobov :
May be some examples
[2018-07-22 19:48:22]
aciid :
<https://github.com/0xdea/frida-scripts/blob/master/ios-snippets/raptor_frida_ios_call.js>
[2018-07-22 21:19:36]
ddzobov :
Interceptor works only with JB(
[2018-07-23 01:02:40]
umbr4 :
fwiw I only use objection (which uses frida) now for iOS testing…
[2018-07-24 08:43:12]
ddzobov :
anyone have drone with 5.8 supported and 5.8 not enabled?
[2018-07-24 08:43:21]
ddzobov :
and tested my tweak?
[2018-07-24 09:02:46]
ddzobov :
<https://yadi.sk/d/GSPIGrPd3ZWZTb>
[2018-07-24 09:02:57]
aciid :
new verison?
[2018-07-24 09:03:13]
ddzobov :
yes, tried to change country code to us
[2018-07-24 09:03:23]
aciid :
oh yeh the three part thing?
[2018-07-24 09:03:45]
jezzab :
Should just release the `Tweak.js`. People can then drop the latest in their Doc dir
[2018-07-24 09:03:52]
ddzobov :
spoofing only root DJICountryCodeManager currentCountryCode
[2018-07-24 09:04:14]
aciid :
release the buttons Tweak.js and ill help you add persistance to this ( so it wont prompt for every fucking start about each setting ) ( can't skip the loading now and it causes my own tracing work just to slowdown to click them each time
[2018-07-24 09:21:01]
jezzab :
Well once you have the app installed with Friday. You just slap the `Tweaks.js` in the Docs dir in iTunes and it will take it from there. Then if @ddzobov makes new one you just drop the new one in there. No need to share the IPA again or re-install
[2018-07-24 09:21:56]
aciid :
I didn't even realize that, auto updater commence xD
[2018-07-24 09:22:47]
jezzab :
The author of Frida actually added that feature for us when we requested/suggested it
[2018-07-24 09:23:22]
jezzab :
If it doesnt exist in the Docs dir then it just defaults back to the one packed in
[2018-07-24 09:42:26]
perdario1 :
what is this feature?
[2018-07-24 09:54:21]
perdario1 :
What is the use of changing country?
[2018-07-24 10:11:28]
perdario1 :
Where is the file tweaks.js? can I copy it directly from the device using filza?
[2018-07-24 10:13:16]
ddzobov :
in my ipa this file already injected. No need to upload it
[2018-07-24 10:14:36]
perdario1 :
How to download?
[2018-07-24 10:17:48]
perdario1 :
@perdario1 uploaded a file: [yesterday's test without mod](https://dji-rev.slack.com/files/UBTS1R316/FBV4XTQTS/image_from_ios.jpg)
[2018-07-24 10:18:48]
perdario1 :
With mod start with a notch less
[2018-07-24 10:19:26]
perdario1 :
but it gets farther
[2018-07-24 12:40:37]
d95gas :
@ddzobov @aciid Guys - IOS Virgin ....... Will the Tweak.js only worked on Jailbroken device with the original hacked app that was posted? I am assuming it wont work on standard IOS with genuine app ?
[2018-07-24 12:42:01]
jezzab :
Stock App + Frida. Frida uses a config file which in this case is called Tweak.js
[2018-07-24 12:42:19]
jezzab :
When you touch any ios app you need to resign it
[2018-07-24 12:42:29]
aciid :
you can install the IPA file with something called "IMPACTOR"
[2018-07-24 12:42:37]
jezzab :
if you dont you have to jailbreak to run unsigned
[2018-07-24 12:42:46]
aciid :
<http://www.cydiaimpactor.com>
[2018-07-24 12:43:27]
jezzab :
or you resign yourself with a dev account for a year (or free and every week)
[2018-07-24 12:43:28]
aciid :
jezzab may know alternative options, this is the only one I know
[2018-07-24 12:43:41]
d95gas :
Yep tried that over the weekend and just wouldnt have it, even setup a sep apple account, and just continually failed
[2018-07-24 12:43:50]
d95gas :
Oh the Dev account sounds interesting
[2018-07-24 12:44:06]
d95gas :
All because I stupidly forgot to turn auto update off and now its on 11.4
[2018-07-24 12:44:29]
jezzab :
but you have to resign it. its all in the PrettyWoman/Frida shit in the wiki man
[2018-07-24 12:44:44]
jezzab :
this is ALL the same stuff as back then
[2018-07-24 12:45:14]
jezzab :
but a different Tweak.js
[2018-07-24 12:45:35]
ddzobov :
and newer dji go 4 with newer frida injected
[2018-07-24 12:45:43]
jezzab :
yup
[2018-07-24 12:45:54]
jezzab :
you know better Frida then i did back then
[2018-07-24 12:46:00]
jezzab :
i was new to it and did my best
[2018-07-24 12:46:22]
jezzab :
and i had to swizzle
[2018-07-24 12:46:31]
jezzab :
to not screw up the signing
[2018-07-24 12:46:59]
ddzobov :
you are author of previous tweak js?
[2018-07-24 12:47:07]
jezzab :
lots of it yes
[2018-07-24 12:47:25]
aciid :
not to sound like an ass, but can you modify the tweak.js so that only your copyright is obfuscated somewhere
[2018-07-24 12:47:31]
aciid :
I'd like to pitch in to develop this further but its so heavily obfuscated that cant help
[2018-07-24 12:47:45]
ddzobov :
i worked with frida for two hours before i made tweak :grin:
[2018-07-24 12:48:02]
ddzobov :
i will release sources after all tests to github
[2018-07-24 12:48:16]
aciid :
yeah Im just saying if you develop something here, it doesn't essentially be encrypted. people will eventually pass it around, so add your credits to mainscrene like Android NLDAPP does
[2018-07-24 12:48:39]
jezzab :
you did well. i had nothing to go with and the author of Frida had to add i soem stuff
[2018-07-24 12:48:44]
aciid :
it has larger blue text that its NLDAPP modified binary
[2018-07-24 12:49:17]
jezzab :
tbh, the way its used. i would just byte patch it and setup a patch system the same as Android
[2018-07-24 12:49:26]
jezzab :
since you guys arnt caring about signing
[2018-07-24 12:49:30]
jezzab :
there is no gain
[2018-07-24 12:50:35]
jezzab :
since you dont keep updating the Tweak.js and handing it out
[2018-07-24 12:50:46]
jezzab :
if you did. by all means keep using Frida
[2018-07-24 12:51:06]
jezzab :
save people downloading the same ipa 50 times
[2018-07-24 12:51:14]
jezzab :
that was the original plan
[2018-07-24 12:51:57]
aciid :
I can provide hosting if we add auto-update for tweak.js
[2018-07-24 12:52:07]
aciid :
on Amazon
[2018-07-24 12:52:25]
aciid :
inb4 DMCA xD
[2018-07-24 12:53:06]
ddzobov :
okay, i will send tweak js without ipa. But at this moment it will be obfuscated. After all tests i will release it at github and we all can contribute. At this moment i want that people will use tweak as-is without modifications.
[2018-07-24 12:53:54]
jezzab :
just remeber that you got to look at the stuff we had done Unobscured
[2018-07-24 12:54:25]
jezzab :
that why you called it Tweak,js as thats what @czokie called it. I has Patch.js
[2018-07-24 12:54:44]
jezzab :
Frida doesnt default to that. thats how i know you looked at the stuff we did
[2018-07-24 12:55:05]
aciid :
yeah I mean most of what you learned was opensource
[2018-07-24 12:55:09]
aciid :
it would be best to keep it that way
[2018-07-24 12:55:35]
jezzab :
hes ok
[2018-07-24 12:55:43]
aciid :
ok , just funny
[2018-07-24 12:56:03]
jezzab :
hes shared heaps of binaries and things to DDD now days
[2018-07-24 12:56:12]
aciid :
thought he was ripping
[2018-07-24 12:56:15]
aciid :
but i guess not then
[2018-07-24 12:56:17]
jezzab :
like gigabytes and gigabytes of weird and wonderful
[2018-07-24 12:56:39]
jezzab :
he does his thing.but yeah he was into it from the start man and hardware solutions
[2018-07-24 12:56:45]
ddzobov :
Today i dumped classes of fresh dji go 4, may be you find some interesting there
[2018-07-24 12:57:25]
jezzab :
there are circa 174000 functions in the ipa last time i looked
[2018-07-24 12:57:44]
ddzobov :
i found 90k
[2018-07-24 12:57:54]
jezzab :
IDA?
[2018-07-24 12:58:36]
jezzab :
IDA will decompile to ObjC beautifully
[2018-07-24 12:58:41]
jezzab :
with full fuction names
[2018-07-24 12:58:47]
jezzab :
etc
[2018-07-24 12:59:36]
ddzobov :
no, enumerated class in ObjC.classes then method in class.$ownMethods
[2018-07-24 13:01:05]
ddzobov :
how you suggest to release autoupdate?
[2018-07-24 13:01:21]
ddzobov :
for hosting we can use github repo
[2018-07-24 13:03:23]
aciid :
well since it can probably be hosted in userfiles rite?
[2018-07-24 13:03:29]
aciid :
its writable by app and itunes
[2018-07-24 13:04:07]
jezzab :
the reason the PrettyWoman script on the wiki is written like that is so that it actully created the Tweak.js file for you based on the options you want
[2018-07-24 13:04:26]
jezzab :
was a different way to kinda do the android style patching
[2018-07-24 13:06:17]
ddzobov :
i tried to write in Documents dir with JS api but i got error
[2018-07-24 13:11:51]
d95gas :
@jezzab Thanks for that...... Just happen to have 4 Apple Mac's sat doing nothing at home, so will have a play this weekend. Be interested to hear if anyone else has managed to sideload that app on a non-jailbroken device using Impactor ........ I tried everything and it just spat back at me
[2018-07-24 13:12:37]
jezzab :
Just release the Frida added ipa and a separate one for the Tweak.js. but be careful. Your giving out a modded ipa (copywrite)
[2018-07-24 13:14:23]
jezzab :
but then again the wiki tells you how to add in Frida to any ipa lol
[2018-07-24 13:14:29]
jezzab :
with Objection
[2018-07-24 13:14:39]
jezzab :
this is a circle
[2018-07-24 13:15:05]
ddzobov :
what you want from me now?
[2018-07-24 13:17:20]
jezzab :
just work out a place to pop your Tweak.js dude. probably github and maybe hit up @cs2000 to host the frida modded ipa. then they can download and use that and then when you add in extra features they grab the latest Tweaks.js from ur github
[2018-07-24 13:17:20]
aciid :
@ddzobov cant press custom button in settings ios
[2018-07-24 13:17:22]
jezzab :
easy
[2018-07-24 13:17:23]
aciid :
its locked to AUTO
[2018-07-24 13:17:51]
jezzab :
AND then people can help with your Tweaks,js and do pull requests
[2018-07-24 13:18:14]
jezzab :
like Android
[2018-07-24 13:19:15]
ddzobov :
in previous version this button was unlocked?
[2018-07-24 13:19:24]
aciid :
@aciid uploaded a file: [Image from iOS](https://dji-rev.slack.com/files/U6AD6A1QU/FBVUR58SW/image_from_ios.jpg)
[2018-07-24 13:19:36]
aciid :
Also this check needs to be removed, dangerous as fuck
[2018-07-24 13:19:46]
ddzobov :
wtf?
[2018-07-24 13:19:50]
ddzobov :
what is this?
[2018-07-24 13:20:00]
aciid :
my drone is undercover
[2018-07-24 13:20:09]
aciid :
I have not and will never activate it to DJI
[2018-07-24 13:20:09]
jezzab :
you offine activated with an old DUMLdore didnt you
[2018-07-24 13:20:18]
aciid :
yes. it's not a problem
[2018-07-24 13:20:22]
jezzab :
use the latest
[2018-07-24 13:20:25]
jezzab :
hit activate
[2018-07-24 13:20:27]
aciid :
ahh
[2018-07-24 13:20:30]
jezzab :
and its bye bye
[2018-07-24 13:20:34]
jezzab :
i fixed that bug
[2018-07-24 13:20:40]
aciid :
I wonder if dumbldore works since I have fw 0.0.0.0
[2018-07-24 13:20:43]
jezzab :
i wasnt activating the camera as well
[2018-07-24 13:20:53]
jezzab :
and they knew so started checking
[2018-07-24 13:21:02]
aciid :
NLDapp stoped working for me, but I don't need it for now
[2018-07-24 13:21:02]
jezzab :
so i fixed :p
[2018-07-24 13:21:22]
jezzab :
u have a problem
[2018-07-24 13:21:33]
jezzab :
0.0.0.0 is damaged
[2018-07-24 13:21:40]
jezzab :
not just mixed
[2018-07-24 13:21:51]
jezzab :
reflash one more time
[2018-07-24 13:22:12]
aciid :
oh yeah wasn't in the readme, but I know its common knowlede
[2018-07-24 13:22:17]
aciid :
which I didn't just think about
[2018-07-24 13:23:00]
aciid :
@ddzobov also the NFZ update db hits me
[2018-07-24 13:23:26]
aciid :
even tho DJIAppForceUpdateManager, DJIUpgradeNotifyViewModel, DJILImitDBUpdateLogic are ran
[2018-07-24 13:23:42]
aciid :
ahh theres a bug
[2018-07-24 13:23:45]
aciid :
[*] Hooking for modify DJILImitDBUpdateLogic[- needUpdateType]
[!] Error while hooking DJILImitDBUpdateLogic [- needUpdateType] TypeError: cannot read property '- needUpdateType' of undefined
[2018-07-24 13:23:45]
jezzab :
what fw mix are u running?
[2018-07-24 13:24:49]
ddzobov :
yes, this class removed in 4.2.22
[2018-07-24 13:25:12]
ddzobov :
i added this for older versions of dji go
[2018-07-24 13:25:27]
jezzab :
looks like the one i added
[2018-07-24 13:27:41]
ddzobov :
<https://github.com/ddzobov/dji-frida-tweak>
[2018-07-24 13:27:52]
ddzobov :
you are welcome to contribute
[2018-07-24 13:28:16]
jezzab :
good work mate
[2018-07-24 13:28:32]
aciid :
@ddzobov good choice mate
[2018-07-24 13:28:51]
ddzobov :
i said it earlier that i will publish sources
[2018-07-24 13:29:49]
ddzobov :
so i will wait for PR's from you)
[2018-07-24 13:30:44]
aciid :
ill start developing this now with frida
[2018-07-24 13:30:52]
aciid :
ive already explored a bunch
[2018-07-24 13:31:01]
aciid :
but didn't have a good skeleton before
[2018-07-24 13:31:11]
jezzab :
haha i seriously dont use my iPad much. Especially to fly. but if i get some time i will pop i open again and have a play. i will have too sign mine thought coz its on 11.4. but i have a dev account so thats fine
[2018-07-24 13:33:59]
jezzab :
is the Admin page still there?
[2018-07-24 13:34:12]
czokie :
Hey all. Yeah, I've been away a lot - but see some good stuff.... @ddzobov - I'll share some other magic with you that was draft for me - in case its useful...
[2018-07-24 13:34:42]
ddzobov :
:+1:
[2018-07-24 13:35:48]
czokie :
I had two tasks to finish before getting back to this whole IPA thing - but more tasks keep getting added ahead.... but I made a start today on one server upgrade.... almost finished. That leaves one remaining - then a lot more free :slightly_smiling_face:
[2018-07-24 13:57:22]
aciid :
@ddzobov we need to use frida-compile to compile native download functionalities via a module and use frida-fs to write it to file
[2018-07-24 16:31:28]
ddzobov :
I think now important to find a way to enable 5.8
[2018-07-24 16:31:43]
aciid :
it didn't enable yet?
[2018-07-24 16:31:51]
aciid :
I have a SDR which I can check things with
[2018-07-24 16:32:03]
aciid :
I just checked Anafi's channel usage with it
[2018-07-24 16:32:47]
aciid :
doesn't enabling 5.8ghz require using wifi-mode?
[2018-07-24 16:33:28]
aciid :
it should use 5.8ghz for video in normal conditions anyway as I've understood it
[2018-07-24 16:51:46]
rickysuper :
heard someone said FCC will be use 5.8
[2018-07-24 16:53:07]
rickysuper :
close FF6 (and all others applications)
get the phone in Airplane mode
turn off Localization (both GPS and WIFI)
set default Android language English US
open RC
connect the phone with RC by USB cable
open FF6 (if not automatically when USB pluged in)
turn on ANAFI and wait fo connection
set/change WIFI channel to 5G manually
turn on back Localization in Android Settings
[2018-07-24 16:54:17]
rickysuper :
from Google, I haven't got Anafi and cannot test it
[2018-07-24 16:56:26]
aciid :
hmm i can try that, but i dont have android
[2018-07-24 16:57:01]
aciid :
i think it uses applestore locale in ios
[2018-07-24 16:57:09]
aciid :
now
[2018-07-24 16:57:09]
aciid :
ill check the dji go 4 patch does it work
[2018-07-24 17:05:02]
aciid :
didn't detect iOS with mods on 5.8ghz
[2018-07-24 17:16:28]
ddzobov :
one tester with inspire said that change to US working but 5.8 not working. App shown to him US Laws :slightly_smiling_face:
[2018-07-24 17:22:13]
aciid :
I can probably trace some functions that tell which country its in
[2018-07-24 18:01:08]
ddzobov :
Check it please in channels menu
[2018-07-24 18:02:49]
aciid :
the camera channels?
[2018-07-24 18:04:03]
aciid :
@ddzobov which menu
[2018-07-24 18:07:30]
aciid :
yeah that says 2.4
[2018-07-24 18:07:32]
aciid :
and is on auto
[2018-07-24 18:07:33]
aciid :
locked to auto
[2018-07-24 18:08:46]
aciid :
@aciid uploaded a file: [Image from iOS](https://dji-rev.slack.com/files/U6AD6A1QU/FBVUFP1L4/image_from_ios.jpg)
[2018-07-24 18:14:21]
ddzobov :
Maybe there is country code check?
[2018-07-24 18:14:46]
aciid :
must be additional checks to unlock the Custom button
[2018-07-24 18:15:05]
aciid :
its locked even when drone is disconnected
[2018-07-24 18:15:11]
aciid :
so it's not a config "protection"
[2018-07-24 18:15:14]
aciid :
its a full on lock
[2018-07-24 18:32:29]
aciid :
you gonna get your pull request soon
[2018-07-24 18:35:04]
ddzobov :
You found it?
[2018-07-24 18:41:14]
aciid :
I think so, but im working on cast
[2018-07-24 18:41:22]
aciid :
gotta learn something
[2018-07-24 18:41:55]
aciid :
@aciid uploaded a file: [Untitled](https://dji-rev.slack.com/files/U6AD6A1QU/FBXGBS9JA/-.pl)
[2018-07-24 18:42:11]
aciid :
see if you can cast it
[2018-07-24 18:42:22]
aciid :
i'm still trying to learn how to do that
[2018-07-24 18:42:40]
aciid :
o wait thats wrong one
[2018-07-24 18:42:41]
aciid :
sorry
[2018-07-24 18:42:52]
aciid :
*** entered -[DJICountryCodeHelper setCountryCode:] ***
arg 1 type: NSTaggedPointerString NSTaggedPointerString
arg 1 value: FI
retval type: NSTaggedPointerString NSTaggedPointerString
retval value: FI
*** exiting -[DJICountryCodeHelper setCountryCode:] ***
[2018-07-24 18:42:54]
aciid :
heres correct
[2018-07-24 18:44:50]
ddzobov :
setCountryCode
[2018-07-24 18:44:57]
ddzobov :
I will try
[2018-07-24 18:45:02]
aciid :
you need to cast it
[2018-07-24 18:45:06]
aciid :
probably
[2018-07-24 18:45:21]
aciid :
modify_value('DJICountryCodeHelper', '- setCountryCode', "US");
this doesn't work
[2018-07-24 19:03:46]
ddzobov :
yes, need other modification, i can try to do it in one hour
[2018-07-24 19:10:56]
aciid :
got it
[2018-07-24 19:11:02]
aciid :
will make pull
[2018-07-24 19:11:12]
aciid :
but I have to just check did this actually change anything
[2018-07-24 19:15:21]
aciid :
it didn't change anything on the client so i'll just paste the code for you here
[2018-07-24 19:15:27]
aciid :
@aciid uploaded a file: [Untitled](https://dji-rev.slack.com/files/U6AD6A1QU/FBX8R0BB9/-.js)
[2018-07-24 19:16:00]
aciid :
but there are dozen classes that read the country
[2018-07-24 19:16:07]
aciid :
sadly "custom" channels is not using that
[2018-07-24 19:20:03]
aciid :
classes that reference to DJICountryCodeHelper
DATA XREF=
-[DJIVersionLogic init]+1912,
-[DJIVersionLogic init]+2024, sub_10016d33c+16,
-[DJIPopupNotificationHandleLogic commonInit]+40,
-[DJIUpgradeRollBackViewControllerModel filterFirmwarepask:]+68,
-[DJIFullPageUpgradeViewControllerModel shouldShowUpgradeTerms]+24,
-[DJIInnerVersionConfigVersionChecker shouldLockByCountryEnfoceWithDeviceInfo:serviceInfoModel:]+60
[2018-07-24 19:20:20]
aciid :
@ddzobov do you have Hopper or IDA?
[2018-07-24 19:22:46]
ddzobov :
No
[2018-07-24 19:22:50]
ddzobov :
It works?
[2018-07-24 19:23:50]
aciid :
I'm just thinking what you use to trace funcitonality
[2018-07-24 19:24:02]
aciid :
you have a mac?
[2018-07-24 19:25:44]
aciid :
i just want help i can recommend you tools
[2018-07-24 19:28:27]
aciid :
don't take this the wrong way.
[2018-07-24 19:55:43]
aciid :
@aciid uploaded a file: [Untitled](https://dji-rev.slack.com/files/U6AD6A1QU/FBX9JR3K9/-.txt)
[2018-07-24 19:56:14]
aciid :
@ddzobov ^ trace of mavic in wifi mode and when I open app, look at stream, go into settings change wifi into 5.8ghz
[2018-07-24 19:57:08]
aciid :
<https://bpaste.net/show/9cf753d2b8a1>
[2018-07-24 20:36:15]
aciid :
<https://bpaste.net/show/6deeb74baf6a> just found this DJIFlightControllerAbstraction getCharacteristicsInfoDictionary, **ACCESSTYPE**, SETTERS AND GETTERS
[2018-07-24 20:44:32]
aciid :
@ddzobov why are we trying to patch something that has already been documented xD
<https://dji.retroroms.info/howto/mcc>
[2018-07-25 06:46:42]
ddzobov :
i think neet to find how fills this value
[2018-07-25 06:46:43]
ddzobov :
'DJICountryCodeManager', '- countryCodeValue'
[2018-07-25 06:46:47]
ddzobov :
can you trace it?
[2018-07-25 06:47:13]
jezzab :
There is a check on IP addr, MCC, device lang, etc and it compares them. its a pain in the arse
[2018-07-25 06:47:49]
ddzobov :
yes, but i modify values
- countryCodeForGPS
- countryCodeForMCC
- countryCodeForIP
and my values not affected to value above
[2018-07-25 06:48:08]
ddzobov :
this var fills different way
[2018-07-25 06:56:34]
jezzab :
@jezzab uploaded a file: [Capture.PNG](https://dji-rev.slack.com/files/U65113Z43/FBVQ7EQ72/capture.png)
[2018-07-25 06:57:41]
aciid :
I traced around those functions yesterday and ended up with fixing the countryCode there. it didn't change anything in the UI
[2018-07-25 06:58:11]
aciid :
var _setCountry = ObjC.classes.DJICountryCodeHelper["- setCountryCode:"];
Interceptor.attach(_setCountry.implementation, {
onEnter: function(args) {
args[2] = ObjC.classes.NSString.stringWithString_('US');
}
});
[2018-07-25 06:59:11]
aciid :
I think the referenced methods should be checked that use "countryCode" get
[2018-07-25 06:59:23]
jezzab :
```void __cdecl -[DJICountryCodeConfigLogic setCountryCode:](DJICountryCodeConfigLogic *self, SEL a2, id a3)
{
DJICountryCodeConfigLogic *v3; // x20
NSString *v4; // x19
NSString *v5; // x0
NSString *v6; // x0
NSString *v7; // x8
NSString *v8; // x0
v3 = self;
v4 = (NSString *)objc_retain(a3, a2);
v5 = v3->_countryCode;
if ( v5 != v4 && (!v5 || !((unsigned __int64)objc_msgSend(v5, "isEqualToString:", v4) & 1)) )
{
if ( v4 )
{
v6 = (NSString *)objc_msgSend(v4, "copy");
v7 = v3->_countryCode;
v3->_countryCode = v6;
v8 = v7;
}
else
{
v8 = v3->_countryCode;
v3->_countryCode = 0LL;
}
objc_release(v8);
-[DJICountryCodeConfigLogic checkConfig](v3, "checkConfig");
}
objc_release(v4);
}```
[2018-07-25 06:59:47]
ddzobov :
var countryCode = ObjC.classes.NSString.stringWithString_('US');
ObjC.classes.DJICountryCodeConfigLogic.instance().setCountryCode_(ptr(countryCode));
[2018-07-25 06:59:53]
ddzobov :
for me it changes nothing
[2018-07-25 06:59:58]
ddzobov :
try it yourself
[2018-07-25 07:02:42]
jezzab :
tried `[DJICountryCodeProviderLogic setCountryCodeValue:]`?
[2018-07-25 07:06:58]
jezzab :
Haha the `-[DJICountryCodeConfigLogic checkConfig](v3, "checkConfig");` thats called in ^^
[2018-07-25 07:07:13]
jezzab :
@jezzab uploaded a file: [Untitled](https://dji-rev.slack.com/files/U65113Z43/FBVQBUE1W/-.cpp)
[2018-07-25 07:07:30]
jezzab :
once again `CN` checks:
`v19 = objc_msgSend(v18, "isEqualToString:", CFSTR("CN"));`
[2018-07-25 07:08:27]
aciid :
*** entered -[DJICountryCodeConfigLogic checkConfig] ***
retval type: __NSSingleObjectArrayI __NSSingleObjectArrayI
retval value: (
38
)
[2018-07-25 07:08:36]
aciid :
?? :smile:
[2018-07-25 07:11:42]
ddzobov :
i think that [DJICountryCodeProviderLogic setCountryCodeValue:] accepts dictonary and i can not find class DJICountryCodeSource
{
"DJICountryCodeSource<0>" = "";
"DJICountryCodeSource<1>" = RU;
"DJICountryCodeSource<2>" = RU;
"DJICountryCodeSource<3>" = "";
}
[2018-07-25 07:16:28]
ddzobov :
modify_value('DJICountryCodeManager', '- countryCodeForGPS', 'US');
modify_value('DJICountryCodeManager', '- countryCodeForIP', 'US');
modify_value('DJICountryCodeManager', '- countryCodeForMCC', 'US');
modify_value('DJICountryCodeHelper', '- countryCode', 'US');
no effect
[2018-07-25 07:21:37]
aciid :
thats why you need to trace around
```
*** entered -[DJICountryCodeHelper countryCodeUpdated:] ***
arg 1 type: NSConcreteNotification NSConcreteNotification
arg 1 value: NSConcreteNotification 0x1c08521e0 {name = DJICountryCodeUpdateNotification; userInfo = {
DJICountryCodeInfoKeyCountryCode = FI;
DJICountryCodeInfoKeyCountryCodeSource = 1;
}}
retval type: __NSDictionaryI __NSDictionaryI
retval value: {
DJICountryCodeInfoKeyCountryCode = FI;
DJICountryCodeInfoKeyCountryCodeSource = 1;
}
*** exiting -[DJICountryCodeHelper countryCodeUpdated:] ***
```
[2018-07-25 07:22:59]
aciid :
@aciid uploaded a file: [Screen Shot 2018-07-25 at 10.22.36.png](https://dji-rev.slack.com/files/U6AD6A1QU/FBW90D5QC/screen_shot_2018-07-25_at_10.22.36.png)
[2018-07-25 07:23:10]
aciid :
HOPS HOPS
[2018-07-25 07:39:34]
aciid :
```
*** entered -[DJICountryCodeProviderLogic fetchCountryCodeForGps:source:withCompletion:] ***
arg 1 type: nil nil
arg 1 value: nil
arg 2 type: __NSStackBlock__ __NSStackBlock__
arg 2 value: <__NSStackBlock__: 0x16f1be9c8>
arg 3 type: __NSCFString __NSCFString
arg 3 value: <http://certificates.godaddy.com/repository/gdig2.crt>
retval type: __NSStackBlock__ __NSStackBlock__
retval value: <__NSStackBlock__: 0x16f1be9c8>
*** exiting -[DJICountryCodeProviderLogic fetchCountryCodeForGps:source:withCompletion:] ***
*** entered -[DJICountryCodeProviderLogic mobileCoordinate] ***
retval type: DJILBSEngine DJILBSEngine
retval value: <DJILBSEngine: 0x1c403d5e0>
*** exiting -[DJICountryCodeProviderLogic mobileCoordinate] ***
*** entered -[DJICountryCodeProviderLogic setCountryCode:withSource:] ***
arg 1 type: NSTaggedPointerString NSTaggedPointerString
arg 1 value: FI
arg 2 value: 0x1
retval type: __NSCFString __NSCFString
retval value: DJICountryCodeSource<1>
*** exiting -[DJICountryCodeProviderLogic setCountryCode:withSource:] ***
*** entered -[DJICountryCodeHelper countryCodeUpdated:] ***
arg 1 type: NSConcreteNotification NSConcreteNotification
arg 1 value: NSConcreteNotification 0x1c48433c0 {name = DJICountryCodeUpdateNotification; userInfo = {
DJICountryCodeInfoKeyCountryCode = FI;
DJICountryCodeInfoKeyCountryCodeSource = 1;
}}
retval type: __NSDictionaryI __NSDictionaryI
retval value: {
DJICountryCodeInfoKeyCountryCode = FI;
DJICountryCodeInfoKeyCountryCodeSource = 1;
}
*** exiting -[DJICountryCodeHelper countryCodeUpdated:] ***
*** entered -[DJICountryCodeProviderLogic fcKeyWithParam:] ***
arg 1 type: __NSCFConstantString __NSCFConstantString
arg 1 value: AircraftLocation
retval type: DJISDKCacheKey DJISDKCacheKey
retval value: COMPONENT: flightController INDEX: 0 PARAM KEY: AircraftLocation
*** exiting -[DJICountryCodeProviderLogic fcKeyWithParam:] ***
*** entered -[DJICountryCodeProviderLogic fcKeyWithParam:] ***
arg 1 type: __NSCFConstantString __NSCFConstantString
arg 1 value: AircraftLocation
retval type: DJISDKCacheKey DJISDKCacheKey
retval value: COMPONENT: flightController INDEX: 0 PARAM KEY: AircraftLocation
```
[2018-07-25 07:39:52]
aciid :
I don't think it's possible to patch this via just some string fiddling
[2018-07-25 07:40:02]
aciid :
this thing goes and makes a HTTPS request
[2018-07-25 07:43:54]
aciid :
@ddzobov <https://www.hopperapp.com>
[2018-07-25 07:44:31]
aciid :
it's "affordable' comparing to the tool jezzab uses :smile:
[2018-07-25 07:46:10]
czokie :
Change where it makes the HTTPS request to :slightly_smiling_face:
[2018-07-25 07:47:34]
perdario1 :
do not you think it's better to load the tweak file on a source to load on cydia? so as to install it and update it directly from there? it's complicated?
[2018-07-25 07:48:28]
aciid :
we are updating it so often that it's not vice to add a Cydia repo
[2018-07-25 07:48:34]
aciid :
its just testing at this phase what works and what not
[2018-07-25 07:48:39]
czokie :
Tweaking the tweak file works just fine using itunes or ifunbox or whatever...
[2018-07-25 07:48:55]
czokie :
I gotta get around to playing with this shit again :slightly_smiling_face:
[2018-07-25 07:49:09]
aciid :
aint playing with shit a toddlers thing
[2018-07-25 07:49:42]
aciid :
I keep hearing at age 27 that everyone of my friends remember smearing shit on mirrors as toddlers
[2018-07-25 07:49:49]
czokie :
My one thing that I need is 40ch mod for p4p - Someone nearby has recently started broadcasting on the normal frequencies where I fly - and keep getting wifi interference errors
[2018-07-25 07:50:17]
czokie :
Come on - I am an Aussie - we smear vegemite - looks like shit :slightly_smiling_face:
[2018-07-25 08:08:16]
aciid :
:DDd
[2018-07-25 08:38:57]
aciid :
@ddzobov any luck?
[2018-07-25 08:41:46]
aciid :
```
if (ObjC.available) {
var _setCountry1 = ObjC.classes.DJICountryCodeProviderLogic["- setCountryCode:withSource:"];
Interceptor.attach(_setCountry1.implementation, {
onEnter: function(args) {
args[2] = ObjC.classes.NSString.stringWithString_('US');
}
});
} else {
send("error: Objective-C Runtime is not available!");
}
````
[2018-07-25 08:41:50]
aciid :
this should work
[2018-07-25 08:44:04]
ddzobov :
you tested it?
[2018-07-25 08:44:24]
aciid :
it works for it's purpose, but it's not unlocking anything in the UI
[2018-07-25 08:44:42]
aciid :
can some north american say for granted what is so different in the UI?
[2018-07-25 08:45:24]
aciid :
@aciid uploaded a file: [Untitled](https://dji-rev.slack.com/files/U6AD6A1QU/FBVRR18NL/-.php)
[2018-07-25 08:50:05]
cs2000 :
Just going back a bit, if anything needs some hosting, im happy to put it on the DDD servers. As for a cydia repo, may be a good thing, but the current app works without (and with) a jailbreak, so wouldn't want to restrict this to JB devices only.
[2018-07-25 08:51:14]
aciid :
if you could host the IPA file and Tweak.js there it would be great, yandex/dropbox are probaably pulling them time to time
[2018-07-25 08:51:26]
aciid :
or only IPA
[2018-07-25 08:51:29]
aciid :
cant host IPA in github
[2018-07-25 08:51:34]
aciid :
but Tweak.js is hosted on github
[2018-07-25 08:51:42]
aciid :
since its now collab effort
[2018-07-25 08:52:25]
cs2000 :
dont mind hosting anything required, as long as the author @ddzobov is happy with it.
[2018-07-25 08:52:44]
cs2000 :
the servers i rent are technically torrent seedboxes, so they dont _really_ care what you host on them
[2018-07-25 08:54:08]
czokie :
Servers are not an issue :slightly_smiling_face: .... I can spin up new VM's if needed :slightly_smiling_face:
[2018-07-25 08:55:31]
aciid :
I want a framed apple DMCA letter on my wall
[2018-07-25 08:55:57]
ddzobov :
patched ipa may be hosted anywhere, raw Tweak.js can be downloaded from github <https://raw.githubusercontent.com/ddzobov/dji-ios-frida-tweak/master/Tweak.js>
[2018-07-25 08:56:38]
aciid :
yea
[2018-07-25 08:57:17]
ddzobov :
i want too, this shit is will be good part of my CV
[2018-07-25 08:58:32]
vasek_r :
Did a short test today iPad mini 4 32GB iOS 11.4.1 no JB MavicPro fw.700 signed with dev cert. Works smoothly, in the future would be fine to skip Quiz and NFZ update check. 2.5km open area full bars RC&HD.. Good luck Daniil&Co :slightly_smiling_face:
[2018-07-25 08:59:27]
ddzobov :
what is quiz? can you show screenshot?
[2018-07-25 09:01:14]
vasek_r :
If you are in US you have to fill Quiz or you cannot fly you can skip it 2x i think. Will try to make screenshot and post it.brb.
[2018-07-25 09:01:35]
cs2000 :
@ddzobov do you have the patched IPA without the tweak.js bundled with it. Think it would be best if we can provide a "stock" (but patched with Frida Support) app, then users just have to add the tweak.js which they can get from your Github.
[2018-07-25 09:01:54]
cs2000 :
That bloody quiz! it randomly just comes up sometimes in the middle of a flight
[2018-07-25 09:02:14]
cs2000 :
i also had no Skip option, so had to fill it out when the bird was in the air
[2018-07-25 09:05:21]
ddzobov :
try to add
modify_value('DJIQuizModel', '- showwithskip', 1);
modify_value('DJIQuizModel', '- shouldShow', 0);
[2018-07-25 09:20:25]
ddzobov :
try this code please
[2018-07-25 09:20:27]
ddzobov :
var countryCodeUS = ObjC.classes.NSString.stringWithString_('US');
var methodObj = ObjC.classes.DJICountryCodeProviderLogic['- setCountryCode:withSource:'];
var old_implementation = methodObj.implementation;
methodObj.implementation = ObjC.implement(methodObj, function (handle, selector, srcCountryCode, srcSource) {
var countryCode = ptr(countryCodeUS);
var source = srcSource;
return old_implementation(handle, selector, countryCode, source);
});
[2018-07-25 09:20:36]
ddzobov :
will it change anything
[2018-07-25 09:21:58]
ddzobov :
i will wrap it in my code later if it works
[2018-07-25 09:22:00]
jezzab :
Im unsure if these tweaks would run if it was signed. So I dont think I can play until there is a JB for 11.4. I remember now I was doing it like this and then there was an issue and had to start using Swizzling
[2018-07-25 09:22:14]
jezzab :
you remember that @czokie. Been a while
[2018-07-25 09:22:14]
ddzobov :
with interceptor will not work
[2018-07-25 09:22:21]
ddzobov :
my variant working without JB
[2018-07-25 09:22:32]
jezzab :
yeah thats what i though. because its not swizzled. its direct
[2018-07-25 09:22:37]
jezzab :
which is SOOOO much easier
[2018-07-25 09:22:47]
jezzab :
and how I started doing it. But when i signed it, it was broken
[2018-07-25 09:22:49]
ddzobov :
what is swizzle?
[2018-07-25 09:23:01]
ddzobov :
i can not find this word in translator :slightly_smiling_face:
[2018-07-25 09:23:11]
vasek_r :
Here are the screenshots hope it works..
<https://www.dropbox.com/sh/r3zgkfpkos8b19k/AACJlHw8F9Ik3NhSFWgI7suTa?dl=0>
[2018-07-25 09:23:45]
ddzobov :
omg
[2018-07-25 09:23:57]
aciid :
I can try
[2018-07-25 09:24:15]
aciid :
@ddzobov do you have iOS and Mavic yourself?
[2018-07-25 09:24:21]
aciid :
or just missing jailbreak?
[2018-07-25 09:24:23]
ddzobov :
mavic pro
[2018-07-25 09:24:37]
aciid :
but iOS not jailbreaked?
[2018-07-25 09:24:40]
ddzobov :
yes
[2018-07-25 09:24:47]
aciid :
yes or no? :smile:
[2018-07-25 09:24:52]
ddzobov :
not JB
[2018-07-25 09:24:56]
aciid :
ok that explains
[2018-07-25 09:24:58]
aciid :
no problem
[2018-07-25 09:25:00]
jezzab :
hm ok
[2018-07-25 09:25:04]
cs2000 :
FWIW, @ddzobov if you did want to allow users to load the file from Cydia you can use GitHub as a Cydia repo <http://h6nry.github.io/tutorial-cydia-repo.html>
[2018-07-25 09:25:27]
aciid :
ill test your JS now
[2018-07-25 09:25:29]
aciid :
dani
[2018-07-25 09:25:34]
ddzobov :
thx
[2018-07-25 09:25:43]
jezzab :
I will have to try signing then. Im surprised it works. But I may be reading your code incorrectly (its been a looong time man)
[2018-07-25 09:25:57]
ddzobov :
this shit is very interesting but i want to work on my work :joy:
[2018-07-25 09:26:08]
jezzab :
haha
[2018-07-25 09:26:15]
aciid :
work on your own?
[2018-07-25 09:26:20]
aciid :
or work your realjob?
[2018-07-25 09:26:24]
ddzobov :
realjob)
[2018-07-25 09:26:25]
cs2000 :
Lets hope iOS12 gets a full JB, then we can all play with unlocked devices
[2018-07-25 09:26:26]
aciid :
oh
[2018-07-25 09:26:52]
aciid :
yeah, I usually do hobbies on side, im atm in a train going to my job, have to go and rewire VW Passat CANbus
[2018-07-25 09:27:06]
ddzobov :
i working with BMW :wink:
[2018-07-25 09:27:14]
ddzobov :
with e-sys and other stuff
[2018-07-25 09:27:29]
jezzab :
You have turned the old dimming coals back into a fire mate. Im sure you will have a few people looking for more stuff now. and adding
[2018-07-25 09:27:32]
ddzobov :
it is my hobby
[2018-07-25 09:27:50]
ddzobov :
my hobby are drones and bmw
[2018-07-25 09:27:56]
ddzobov :
coding is my job
[2018-07-25 09:28:05]
aciid :
@jezzab true, soon well have NLDapp iOS builds
[2018-07-25 09:28:12]
aciid :
with a working scriptable installer from NLDapp for iOS
[2018-07-25 09:29:17]
aciid :
can some American user say is the CUSTOM button unlocked ?
[2018-07-25 09:29:33]
aciid :
what are we trying to even achieve with this, if I cannot make up when it's "working"
[2018-07-25 09:29:38]
jezzab :
Is this why you want to change the CC?
[2018-07-25 09:29:46]
jezzab :
I didnt think there was any difference
[2018-07-25 09:30:00]
ddzobov :
we want to change CC for FCC and 5.8
[2018-07-25 09:30:03]
jezzab :
ah
[2018-07-25 09:30:06]
aciid :
CC already changes
[2018-07-25 09:30:06]
jezzab :
that makes more sense
[2018-07-25 09:30:26]
ddzobov :
for remove force fcc option that not working on inspire for example
[2018-07-25 09:30:40]
jezzab :
yes coz it would be LB2
[2018-07-25 09:30:45]
jezzab :
like P4
[2018-07-25 09:31:09]
ddzobov :
i think that latest variant will be good because it affects on countryCodeValue (which is dict) and currentCountryCode
[2018-07-25 09:31:14]
jezzab :
and like how forceBoost doesnt work on P4 you use 32Chan
[2018-07-25 09:31:28]
aciid :
that is because Inspire has it's own countryCode methods
[2018-07-25 09:31:31]
ddzobov :
i tested that now
[2018-07-25 09:31:37]
ddzobov :
[*] Value DJICountryCodeManager[- currentCountryCode] - 0xa000000000053552
[*] Kind instance
ssName NSTaggedPointerString
[*] Value US
[*] Methods
[2018-07-25 09:31:53]
ddzobov :
[*] Kind instance
[*] ClassName __NSDictionaryM
[*] Value {
"DJICountryCodeSource<0>" = "";
"DJICountryCodeSource<1>" = US;
"DJICountryCodeSource<2>" = US;
"DJICountryCodeSource<3>" = "";
}
[2018-07-25 09:31:55]
jezzab :
this is also like Wifi (MA, Spark) how the CC is pushed
[2018-07-25 09:32:01]
jezzab :
via DUML
[2018-07-25 09:32:05]
aciid :
yeah WM100 has its own too
[2018-07-25 09:32:07]
jezzab :
its very diffferent
[2018-07-25 09:32:36]
aciid :
@ddzobov I'd start this from FCC restrictor class and see references to trace it back
[2018-07-25 09:32:48]
jezzab :
Your not packing the SDR packet, you are literally settting the CC like a router (OpenWRT)
[2018-07-25 09:33:17]
ddzobov :
i think that this FlightController class, not FCC restrictor
[2018-07-25 09:33:32]
jezzab :
You can root in to MA (and Spark) and set the power higher and CC. Ive setup scripts to auto do that. But havent set it to do it on the RC. have to push the DUML manualy
[2018-07-25 09:33:41]
jezzab :
because its loaded in one go
[2018-07-25 09:34:36]
aciid :
*** entered -[DJIAppSettings sdr_force_fcc] ***
retval type: nil nil
retval value: nil
*** exiting -[DJIAppSettings sdr_force_fcc] ***
also this doesn't work like this
[2018-07-25 09:34:54]
aciid :
it works via
setSdr_force_fcc
[2018-07-25 09:34:59]
jezzab :
yes
[2018-07-25 09:35:15]
jezzab :
the set is the final
[2018-07-25 09:37:35]
jezzab :
@jezzab uploaded a file: [Tweak.js](https://dji-rev.slack.com/files/U65113Z43/FBVSK9K4Y/tweak_js.js)
[2018-07-25 09:37:46]
jezzab :
very old one i did. (had to fire up the MBP to find it)
[2018-07-25 09:38:35]
jezzab :
I know i have another one somewhere, where i tried a lot of testing on.. weird stuff
[2018-07-25 09:38:37]
jezzab :
cant find it
[2018-07-25 09:41:33]
ddzobov :
//Fake Mavic for P4 FCC - what this means?
[2018-07-25 09:42:30]
czokie :
We were setting the model to Mavic - even if it was not - to allow later parts of code that would otherwise be bypassed. It only allows FCC when model is mavic.
[2018-07-25 09:42:46]
czokie :
But to be honest, I think only the 40ch mod had real effect
[2018-07-25 09:42:56]
jezzab :
it was a race
[2018-07-25 09:43:13]
aciid :
wonder if it just patched now
[2018-07-25 09:43:18]
ddzobov :
maybe with CC spoofing FCC will be enabled on all birds?
[2018-07-25 09:43:30]
jezzab :
most likely
[2018-07-25 09:43:37]
ddzobov :
and force_fcc setting can be removed
[2018-07-25 09:43:57]
czokie :
Country code wont do FCC on other than mavic.
[2018-07-25 09:44:24]
aciid :
yeah that is also a problem that this code is now MP focused
[2018-07-25 09:44:32]
aciid :
we need to try and make more JS classes per bird
[2018-07-25 09:44:37]
aciid :
and a general class for general settings
[2018-07-25 09:44:40]
aciid :
so we can make this universal
[2018-07-25 09:44:42]
czokie :
I remember reading the disassembled source - it will just bypass that - but I am not convinced that the hardware will do anything if we send FCC command to p4
[2018-07-25 09:44:58]
jezzab :
the forceFCC didnt work
[2018-07-25 09:45:07]
jezzab :
but FCC countries do run more
[2018-07-25 09:45:15]
jezzab :
as per the DJI product page
[2018-07-25 09:45:16]
aciid :
how do you determine when it works? whats the indicator
[2018-07-25 09:45:28]
jezzab :
patched Android runs FCC
[2018-07-25 09:45:42]
jezzab :
just the `.djiConfigs` files to FORCE FCC wont work on P4
[2018-07-25 09:45:42]
czokie :
on p4p? @jezzab?
[2018-07-25 09:46:11]
czokie :
Does the hardware SDR actually support it?
[2018-07-25 09:46:38]
jezzab :
@jezzab uploaded a file: [Capture.PNG](https://dji-rev.slack.com/files/U65113Z43/FBWJBNMGA/capture.png)
[2018-07-25 09:46:47]
jezzab :
Android is patched differently
[2018-07-25 09:46:57]
jezzab :
we were jumping on the end of the `.djiConfigs` stuff
[2018-07-25 09:47:04]
jezzab :
which wont trip for P4P
[2018-07-25 09:47:10]
czokie :
True...
[2018-07-25 09:47:27]
aciid :
I exposed the FLYC yesteday via iOS
[2018-07-25 09:47:28]
czokie :
In which case, country spoof should work by itself.
[2018-07-25 09:47:38]
jezzab :
forceBoost 110% will not work on P4x
[2018-07-25 09:47:39]
ddzobov :
configs only enables force_fcc option, but not changes country with other features like quiz, 5.8 etc
[2018-07-25 09:47:45]
jezzab :
yup
[2018-07-25 09:47:51]
aciid :
<https://bpaste.net/show/6deeb74baf6a> just found this DJIFlightControllerAbstraction getCharacteristicsInfoDictionary, **ACCESSTYPE**, SETTERS AND GETTERS
[2018-07-25 09:47:54]
ddzobov :
i think boost is very bad option
[2018-07-25 09:47:54]
aciid :
this
[2018-07-25 09:48:09]
ddzobov :
it brokes chips
[2018-07-25 09:48:12]
jezzab :
Android rides the country code
[2018-07-25 09:48:14]
jezzab :
to do the work
[2018-07-25 09:48:20]
czokie :
Agree @ddzobov :slightly_smiling_face:
[2018-07-25 09:48:48]
jezzab :
But the trick is getting around the CC logic
[2018-07-25 09:49:00]
jezzab :
something i never cracked when trying with Frida
[2018-07-25 09:49:49]
czokie :
So - lets rewind for a bit - IPA version that works - are you all working these days on jailbroken phones, or signed IPA's?
[2018-07-25 09:50:01]
aciid :
I have it figured out almost completely
[2018-07-25 09:50:02]
jezzab :
but i was trying to get 32 channel AND FCC on P4x with the Mavic trick ^^
[2018-07-25 09:50:09]
jezzab :
which did sometimes work
[2018-07-25 09:50:26]
jezzab :
but being a race it wasnt reliable
[2018-07-25 09:51:14]
jezzab :
So you would end up with no video sometimes
[2018-07-25 09:51:36]
ddzobov :
no difference - JB or signed
[2018-07-25 09:51:42]
ddzobov :
it works perfectly both
[2018-07-25 09:51:51]
jezzab :
thats good. very good
[2018-07-25 09:52:21]
cs2000 :
@czokie, Daniil and Jezzab is on a non JB device. Me and kilrah are JB, dont know about others
[2018-07-25 09:52:42]
czokie :
But how is it working on non JB - if not using swizzling?
[2018-07-25 09:52:54]
jezzab :
this is what i dont understand lol
[2018-07-25 09:53:03]
jezzab :
but @ddzobov says its all good
[2018-07-25 09:53:11]
jezzab :
fuck i could have done this 8 months ago
[2018-07-25 09:53:12]
ddzobov :
i dont know how, but it works
[2018-07-25 09:53:15]
ddzobov :
frida magic
[2018-07-25 09:53:17]
cs2000 :
Magic! But it does work, tested with it at the weekend
[2018-07-25 09:53:21]
jezzab :
(not to this quality he has done though)
[2018-07-25 09:53:32]
czokie :
Possibly - Frida enhancements that didnt work before
[2018-07-25 09:53:36]
jezzab :
@cs2000 he means SIGNED and non Swizzled
[2018-07-25 09:53:51]
ddzobov :
what is swizzle guys?
[2018-07-25 09:53:55]
ddzobov :
i dont understand)
[2018-07-25 09:54:04]
czokie :
Swizzle is a different method of tweaking ...
[2018-07-25 09:54:25]
czokie :
<https://www.nowsecure.com/blog/2015/11/23/ios-instrumentation-without-jailbreak/>
[2018-07-25 09:54:25]
ddzobov :
hooking implementation and replaces it?
[2018-07-25 09:54:27]
jezzab :
its like this. I was doing it like Daniil does. And then when you would sign it, it was broken. We were told we had to Swizzle it (not touch the stuff in memory just pass it thru the hook) and then it was fine
[2018-07-25 09:55:06]
jezzab :
It limited it a lot
[2018-07-25 09:55:16]
jezzab :
as you couldnt just set something
[2018-07-25 09:56:01]
czokie :
Possibly - Frida might be updated - to detect if signed, and if not swizzling - it might automatically emulate swizzle under the hood
[2018-07-25 09:56:04]
d95gas :
I am on Ipad Mini4 IOS 11.4 and tried using impactor to push the patched file last weekend, and no matter what I tried it would not work
[2018-07-25 09:56:17]
jezzab :
How did it fail?
[2018-07-25 09:56:27]
jezzab :
Did you check the logs @d95gas?
[2018-07-25 09:56:50]
jezzab :
Im guessing it ran maybe, splash screen then crash best case?
[2018-07-25 09:57:44]
jezzab :
something has definitely changed
[2018-07-25 09:58:20]
jezzab :
coz i could run the old way fine with the debugger etc but sign and install.... craaaash
[2018-07-25 09:58:26]
jezzab :
with a signing error in the app logs
[2018-07-25 10:00:21]
czokie :
If @ddzobov wants to add some UDID's and sign - lets all of us test and validate that non swizzled IPA's work...
[2018-07-25 10:00:22]
d95gas :
I will see if I can access my home laptop, it didnt even get a far as installing on the device, got to the last 15% on impactor and then failed..... it related to 2 certificates, unfortunately didnt get any screen shots, but back home tomorrow and will do so
[2018-07-25 10:00:53]
czokie :
I can sign - but I have not done this shit in ages - and have to re learn :slightly_smiling_face:
[2018-07-25 10:01:11]
jezzab :
that sounds like a signing problem (not Frida related)
[2018-07-25 10:01:18]
jezzab :
same @czokie lmao
[2018-07-25 10:01:44]
jezzab :
I still have it all setup on the MBP but cant remember how to actually run the toolchain again haha
[2018-07-25 10:01:48]
czokie :
SO - who claims it works signed - only @ddzobov - or someone else as well?
[2018-07-25 10:01:58]
d95gas :
And that was the version that Danii posted
[2018-07-25 10:02:02]
ddzobov :
i bought cert at [theux.ru](http://theux.ru)
[2018-07-25 10:02:15]
jezzab :
hmm ok
[2018-07-25 10:02:26]
ddzobov :
and at russian forum many people flights with this ipa
[2018-07-25 10:02:37]
czokie :
@ddzobov - @jezzab and I both have dev accounts....
[2018-07-25 10:02:38]
ddzobov :
so it works without JB
[2018-07-25 10:03:05]
jezzab :
Ok cool. Since it can be signed and run non Swizzled. Happy days and game on :slightly_smiling_face:
[2018-07-25 10:04:02]
jezzab :
Just made patching a shitload easier
[2018-07-25 10:04:45]
czokie :
and how are you managing the UDID's @ddzobov??? To get other people to add their ID's to that IPA?
[2018-07-25 10:04:59]
jezzab :
its a signing service
[2018-07-25 10:05:04]
jezzab :
all the .ru guys use it
[2018-07-25 10:05:26]
czokie :
OK. So each person is signing their own IPA
[2018-07-25 10:05:27]
d95gas :
Just translated site..... So Cert works out at just under £5 which seems stupidly cheap
[2018-07-25 10:05:29]
jezzab :
yup
[2018-07-25 10:05:52]
aciid :
or dev cert for 100€
[2018-07-25 10:05:53]
ddzobov :
5$ for one UDID
[2018-07-25 10:05:56]
aciid :
and all your problems are solved
[2018-07-25 10:06:02]
aciid :
thats what I use
[2018-07-25 10:06:07]
ddzobov :
or 100$ per 100 UDID's
[2018-07-25 10:06:07]
d95gas :
all seems to easy :slightly_smiling_face:
[2018-07-25 10:06:09]
aciid :
I develop for iOS anyways
[2018-07-25 10:06:15]
jezzab :
100 UDID PER device
[2018-07-25 10:06:22]
jezzab :
so 100 iPhone and 100 iPad
[2018-07-25 10:06:52]
ddzobov :
i bought cert 5 years ago and it was 100 UDID's
[2018-07-25 10:07:07]
ddzobov :
may be rules changed
[2018-07-25 10:07:08]
jezzab :
it still is but its actually per category
[2018-07-25 10:07:19]
ddzobov :
good
[2018-07-25 10:07:19]
jezzab :
when you dig deeper
[2018-07-25 10:10:48]
d95gas :
So rather than having to setup one of their payment methods, as they dont have standard, could one of you guys who already has multiple certs, not do the necessary and user pays you?
[2018-07-25 10:11:37]
czokie :
@d95gas - that was the idea a long time ago - to build something to manage the signing - I half built it, but hit a wall, and distractions took me away from it
[2018-07-25 10:12:09]
jezzab :
That was the plan @d95gas
[2018-07-25 10:12:49]
czokie :
But le me ask a dumb question - for @jezzab - with a lot of the work that has happened on aircraft side - do we still need to patch IPA to do some of the big things we want... For example. How possible would it be to do the 40ch mod on a p4p on aircraft instead of in IPA ?
[2018-07-25 10:13:43]
czokie :
Just thinking out loud - that would be a cool one to add to NLD...
[2018-07-25 10:14:19]
jezzab :
wheres this 40 coming from? it used to be 32??
[2018-07-25 10:14:23]
jezzab :
lol
[2018-07-25 10:14:28]
czokie :
sorry - brain fart
[2018-07-25 10:14:41]
czokie :
Must be thinking CB radio or something
[2018-07-25 10:14:54]
jezzab :
haha all good
[2018-07-25 10:15:20]
daguz66 :
@ddzobov Please how else can I get this new version? as the Yandex has reached its download limit..
[2018-07-25 10:16:30]
jezzab :
just install the new `Tweak.js`
[2018-07-25 10:16:44]
jezzab :
and THIS ^^ is why you just use the `Tweak.js` to update lol
[2018-07-25 10:25:11]
cs2000 :
@daguz66 i have put the original file @ddzobov shared on the DDD servers <http://polybotes.feralhosting.com/dji/Go4_Frida/> but i dont have his new version
[2018-07-25 10:26:41]
jezzab :
that the thing .you technically dont need a new version
[2018-07-25 10:26:46]
jezzab :
they IPA will never change
[2018-07-25 10:26:59]
jezzab :
you just drop a new `Tweak.js` in iTunes into your DJI Go4 Docs dir (like the old `.djiConfig`
[2018-07-25 10:27:03]
jezzab :
and it will use that
[2018-07-25 10:28:34]
jezzab :
if it doesnt exist it uses the one that is pre-packaged into the IPA
[2018-07-25 10:28:53]
czokie :
Dumb question @jezzab - If I remember correctly, Tweak.js inside the package is not signed as it is not binary? (I could be wrong). Therefore, might be possible for @cs2000 to repack / mod on the DDD server
[2018-07-25 10:29:09]
daguz66 :
@jezzab ok, I understood, many thanks
[2018-07-25 10:29:15]
jezzab :
thats a good point
[2018-07-25 10:29:37]
jezzab :
think it would just be easier though if guys just grab the latest from his github
[2018-07-25 10:29:45]
jezzab :
then also others can do pull req's etc
[2018-07-25 10:29:52]
czokie :
Agree.
[2018-07-25 11:05:43]
ddzobov :
grab from github latest version and test it please
[2018-07-25 11:07:46]
ddzobov :
<https://raw.githubusercontent.com/ddzobov/dji-ios-frida-tweak/master/Tweak.js>
[2018-07-25 11:17:50]
vasek_r :
@ddzobov found this in tested ipa in flight records
<https://www.dropbox.com/s/i95jrizojpdl6ye/IMG_0284.PNG?dl=0>
[2018-07-25 11:18:28]
ddzobov :
Yes, removed that in new version
[2018-07-25 11:19:40]
vasek_r :
you mean in the new tweak.js?
[2018-07-25 11:19:51]
ddzobov :
yes, link above
[2018-07-25 11:20:08]
vasek_r :
will try let you know thx
[2018-07-25 11:22:05]
vasek_r :
It works! Thanks. Did you manage to skip the Quiz too?
[2018-07-25 11:22:26]
ddzobov :
What works?
[2018-07-25 11:22:52]
czokie :
@vasek_r - That is some stuff in flight records due to one of the tweaks - perfectly normal - but you can remove it if you dont like it :slightly_smiling_face:
[2018-07-25 11:23:00]
chucken1 :
With what program do I sign a IPA the simplest way? Is't with xcode? I run on windows.
[2018-07-25 11:23:11]
perdario1 :
When i click i see only vista reeder. How to download the file?
[2018-07-25 11:23:58]
vasek_r :
@ddzobov the top left google getdata messaage
[2018-07-25 11:27:16]
perdario1 :
how do I update the tweack file? do I copy and paste the text?
[2018-07-25 11:34:29]
perdario1 :
I can not find the tweak file from appstore ...
[2018-07-25 11:34:44]
perdario1 :
Sorry from itunes
[2018-07-25 11:38:20]
vasek_r :
Quickly checked with new tweak, quiz disappeared but do not know if the quiz jumps randomly.. The nfz update reminder is still there just pressed ignore...
[2018-07-25 11:39:10]
ddzobov :
Nfz and quiz not in this tweak at now
[2018-07-25 11:39:26]
ddzobov :
Concentrated on CC modification
[2018-07-25 11:39:36]
czokie :
So - reading the code - interaction - Where is that linked in the UI ?
[2018-07-25 11:40:25]
ddzobov :
See alert func
[2018-07-25 11:40:34]
ddzobov :
above
[2018-07-25 11:41:35]
czokie :
Yep - but when is this UI called? You appear to have some custom settings - but where is that in the ui?
[2018-07-25 11:42:08]
jezzab :
popups
[2018-07-25 11:42:13]
jezzab :
dialogs
[2018-07-25 11:42:18]
czokie :
That happen when? On load?
[2018-07-25 11:42:29]
jezzab :
when the hook is hit
[2018-07-25 11:42:29]
perdario1 :
@ddzobov can you explain how to download the tweack.js file? when I click on the link I only open the text
[2018-07-25 11:42:31]
czokie :
I am going to go look at this shortly :slightly_smiling_face:
[2018-07-25 11:42:46]
jezzab :
so like when we used to do the switcheroo
[2018-07-25 11:42:56]
czokie :
OK. So first time its hit, or every time?
[2018-07-25 11:43:04]
jezzab :
instead its a yes no popup
[2018-07-25 11:43:14]
czokie :
Ah. Got it
[2018-07-25 11:43:39]
ddzobov :
You can copy text and insert in yourself
[2018-07-25 11:46:33]
perdario1 :
@ddzobov I did not understand where I should paste the text
[2018-07-25 11:46:35]
czokie :
I had been meaning to jailbreak a phone - just did it - 10.3.2 ... I cannot be stuffed with signing shit
[2018-07-25 11:47:10]
czokie :
@perdario1 - Managing tweak files I think is covered in the !wiki
[2018-07-25 11:47:22]
czokie :
Have you browsed there yet?
[2018-07-25 11:48:17]
czokie :
And if its not there - it will be soon I am sure :slightly_smiling_face:
[2018-07-25 11:49:59]
perdario1 :
<https://s22.postimg.cc/f6bvtnyht/Schermata_2018-07-25_alle_13.48.47.png>
[2018-07-25 11:50:22]
perdario1 :
this is what I see
[2018-07-25 11:50:28]
czokie :
<https://dji.retroroms.info/howto/dji_configs#apply_the_config_ios>
[2018-07-25 11:50:44]
czokie :
This applied to something slightly different - but same basic stuff - push it in with itunes.
[2018-07-25 11:51:10]
perdario1 :
ok but i can't download the file
[2018-07-25 11:51:17]
perdario1 :
i see only text
[2018-07-25 11:51:24]
czokie :
Yes. It is text.
[2018-07-25 11:51:33]
czokie :
Save it to your computer
[2018-07-25 11:51:39]
czokie :
and push it in via itunes
[2018-07-25 11:53:19]
perdario1 :
I did it.
[2018-07-25 11:53:59]
czokie :
I just realised - I still have an old DJI GO 4 that was installed a LONG time ago. on my old phone. I am curious if the non swizzle stuff will work on that version.
[2018-07-25 11:55:28]
perdario1 :
I entered the file but now I do not get more poup to activate the tweak
[2018-07-25 11:55:54]
aciid :
do you have the patched dji go installed?
[2018-07-25 11:55:59]
aciid :
that contains the FRIDA framework?
[2018-07-25 11:56:43]
perdario1 :
yes i have the patched
[2018-07-25 11:57:11]
czokie :
Interesting... DJI GO was already running (It is syncing flight records). I pushed across the Tweak.js across to my phone, and I had popup's. Nice. Even live patching while the app is live
[2018-07-25 11:57:28]
aciid :
@perdario1 ah Tweak.js is loaded from wrong folder for non jailbreak updates
[2018-07-25 11:57:43]
aciid :
thats why it wont load for you we must patch it differently to load again from user location
[2018-07-25 11:58:00]
aciid :
its trying to find Tweak.js from Frameworks/ folder which doesn't show for you
[2018-07-25 11:59:04]
perdario1 :
i can try whith filza from the device
[2018-07-25 11:59:38]
perdario1 :
n which folder should it be inserted?
[2018-07-25 12:00:16]
aciid :
DJI GO 4.app/Frameworks
[2018-07-25 12:00:34]
aciid :
but I'm sure that wont show up without jailbreak, so it needs to be fixed so that you can insert the file with any file browser
[2018-07-25 12:01:07]
jezzab :
no it will load from docs second even if not JB. doesnt matter
[2018-07-25 12:01:21]
jezzab :
@czokie just showed that
[2018-07-25 12:01:31]
jezzab :
running a very old signed ipa
[2018-07-25 12:01:38]
perdario1 :
my iphone is jailbroken
[2018-07-25 12:02:26]
czokie :
@perdario1: 1. Install the CUSTOM ipa file using Impactor. 2. Copy Tweak.js onto phone using iTunes or iFunbox.
[2018-07-25 12:02:28]
czokie :
Thats it
[2018-07-25 12:02:31]
czokie :
No other magic
[2018-07-25 12:02:52]
perdario1 :
ok
[2018-07-25 12:02:57]
aciid :
your phone is jailbreaken? just install it to the ocrrect folder then
[2018-07-25 12:03:15]
jezzab :
and if there is an update in the future just copy the new Tweaks.js over in the docs with itunes. no need to get a new ipa
[2018-07-25 12:03:18]
czokie :
Doesnt matter - even on a jailbroken phone - can still copy it using itunes
[2018-07-25 12:03:43]
perdario1 :
I'm looking for the framework folder
[2018-07-25 12:03:49]
jezzab :
once a Frida patched ipa is installed u never need to install an ipa again to update
[2018-07-25 12:03:54]
jezzab :
..patches
[2018-07-25 12:04:33]
aciid :
cd /var/containers/Bundle/Application/EE802799-2B4E-4511-BF41-489C861B94C9/DJI\ GO\ 4.app/Frameworks/
[2018-07-25 12:04:40]
aciid :
hash may be different for you
[2018-07-25 12:04:47]
jezzab :
why does he need to to that
[2018-07-25 12:04:53]
jezzab :
there is no need
[2018-07-25 12:04:56]
jezzab :
install as is
[2018-07-25 12:04:57]
aciid :
use I dont know i had the file there myself
[2018-07-25 12:05:06]
jezzab :
then copy the tweaks.js with itunes
[2018-07-25 12:05:07]
czokie :
Exactly - @aciid - Keep it simple... Upload via itunes
[2018-07-25 12:05:10]
aciid :
do as you please i'm not following what is trying to be done here
[2018-07-25 12:05:11]
jezzab :
simple
[2018-07-25 12:12:45]
perdario1 :
i copy but not work
[2018-07-25 12:13:10]
perdario1 :
i try to reinstall ipa
[2018-07-25 12:20:01]
perdario1 :
I think using safari to save the tweak.js file is saved in a wrong format.
[2018-07-25 13:16:35]
hostile :
oh lord help us @aciid is in here too =]
[2018-07-25 13:23:15]
aciid :
@hostile I'm here to cause havoc , is your insurance premium?
[2018-07-25 13:26:18]
jakub :
ACID is good for you
[2018-07-25 13:33:04]
hostile :
@aciid you fit right in mate
[2018-07-25 13:33:20]
hostile :
we've had no major "claims" on our insurance in the past year lol.
[2018-07-25 13:33:44]
hostile :
DJI on the other hand... their deductible is probablay higher now due to frequent claims.
[2018-07-25 14:23:35]
ddzobov :
Yeah
[2018-07-25 14:23:49]
ddzobov :
my friend with i2 confirmed that 5.8 unlocked with latest tweak
[2018-07-25 14:23:52]
ddzobov :
good job!
[2018-07-25 20:43:19]
aciid :
@ddzobov is there a new release?
[2018-07-25 20:45:24]
andrwho25 :
wow, did we make a revelation in the last day ?
[2018-07-25 20:56:07]
ddzobov :
yes
[2018-07-25 20:56:19]
ddzobov :
latest commit in github
[2018-07-25 21:00:26]
aciid :
how much boost does the boost option apply?
[2018-07-25 21:00:36]
aciid :
in mW's
[2018-07-25 21:01:33]
ddzobov :
i dont know :disappointed:
[2018-07-25 21:01:47]
ddzobov :
i think that use boost is bad idea
[2018-07-25 21:03:14]
aciid :
well yeah if it's not configurable it's just pure guessing
[2018-07-25 21:03:23]
aciid :
that shit can fry the RC
[2018-07-25 21:03:34]
chucken1 :
Any one that can sign the ipa for me? :hugging_face:
[2018-07-25 21:04:09]
chucken1 :
anyone
[2018-07-25 21:04:16]
ddzobov :
<https://rink.hockeyapp.net/apps/d0fa86b30414449d88bd6bb217e1d3ad/app_versions/1>
[2018-07-25 21:04:22]
ddzobov :
try this link
[2018-07-25 21:04:28]
ddzobov :
register in hockeyapp first
[2018-07-25 21:04:41]
ddzobov :
now i trying to download it
[2018-07-25 21:08:14]
chucken1 :
Ok will try :slightly_smiling_face:
[2018-07-25 21:10:33]
aciid :
isn't hockeyapp something like a beta app distirbution service? :smile:
[2018-07-25 21:10:37]
aciid :
nice use if it works for this
[2018-07-25 21:10:38]
aciid :
lol
[2018-07-25 21:11:38]
ddzobov :
yes
[2018-07-25 21:12:02]
ddzobov :
i uploaded dji go there and now i downloading signed application
[2018-07-25 21:12:27]
ddzobov :
but very interesting - what certificate they using - single-day or enterprise?
[2018-07-25 21:18:26]
chucken1 :
Now i'm registered as chucken
[2018-07-25 21:24:37]
chucken1 :
@ddzobov your link don't work. Just says it can't find the app
[2018-07-25 21:24:49]
ddzobov :
i uploading new version
[2018-07-25 21:24:56]
chucken1 :
Ahh ok :slightly_smiling_face:
[2018-07-25 21:25:11]
ddzobov :
previous was uploaded with my cert
[2018-07-25 21:25:52]
ddzobov :
it will work only if hockeyapp injected his cert
[2018-07-25 21:27:37]
chucken1 :
So I have to get dev cert?
[2018-07-25 21:43:16]
ddzobov :
not working without mobileprovision file
[2018-07-25 21:43:20]
vasek_r :
My friend use these steps:
From this manual -> do points 1., 2., 3. and 4.: <https://dji.retroroms.info/howto/iosfrida>
...may be you do not need everything installed, but install it just to be sure
At first, you need to make your first "BlankMagic" app compiled and running via XCode (step 2.2.) this is essential, after this step you will have succesfully generated provision profile and certificate inside your iPhone/iPad
Then download this tool: <https://dantheman827.github.io/ios-app-signer/>
Here you will select DJI GO 4 .IPA file (I recommend latest version - 4.2.22 at this moment), then you will select signing certificate (Personal valid for one week or you can buy Developer valid for 365 days)
...and finally the provisioning profile
After signing, the tool gives you signed .IPA file - now open the XCode, click Window -> Devices and Simulators
in the new window click on small "+" sign and select that signed .IPA file, XCode will push it to your device
[2018-07-25 21:43:43]
ddzobov :
so you need dev cert
[2018-07-25 21:44:22]
ddzobov :
last step - ifunbox will be better
[2018-07-25 21:45:23]
chucken1 :
Ok, to bad my mastercard don't work on .ru site you linked to :disappointed: Have to think about getting it from apple then.
[2018-07-25 21:46:30]
vasek_r :
@ddzobov never tried ifunbox yet, I just wanted to have as little apps installed as possible :slightly_smiling_face:
[2018-07-25 21:52:21]
aciid :
if people are serious about jailbreaking and shit I suggest getting a apple developer certificate
[2018-07-25 21:52:45]
aciid :
it might feel expensive, but if saves you from so much of headache
[2018-07-25 22:16:16]
czokie :
@vasek_r - ifunbox is good ... Its one of the ones that I'd get - even if u want to have "as little apps installed as possible"
[2018-07-25 22:47:48]
czokie :
Well - I am going to go fly this am - and validate the current Tweak.js file... Should be fun!
[2018-07-25 22:49:33]
aciid :
it seems to work a bunch
[2018-07-25 23:08:22]
czokie :
Fail. But that was the new JS on old app. I will go install new app. It all loads and does pop ups but will not connect to aircraft.
[2018-07-25 23:09:02]
czokie :
Tested with stock app and worked fine.
[2018-07-25 23:29:55]
czokie :
Ok. Nuked the old app. Installing new ipa.
[2018-07-26 00:09:27]
czokie :
Hmm. And thats where it all went bad.
[2018-07-26 00:10:37]
czokie :
Im wanting to do it on a jailbroken phone (instead of worrying about signing). I kept an old phone back on an old IOS. Installed g0blin jailbreak. Worked fine first time... but now - failing. I needed to install AppSync, which needed reboot. After reboot, g0blin is not playing nice
[2018-07-26 00:29:26]
czokie :
OK. Jailbreak back - but still unable to install IPA on this device :disappointed: .... Will play some more
[2018-07-26 01:31:36]
czokie :
got it on eventually
[2018-07-26 01:31:38]
czokie :
time to play
[2018-07-26 01:56:31]
czokie :
No go. Will not connect to aircraft. Something in the is doesn’t like a P4Pro
[2018-07-26 02:07:44]
jezzab :
what if you remove the tweak from the ipa (and the docs dir)?
[2018-07-26 02:07:47]
jezzab :
does it connect?
[2018-07-26 02:08:34]
jezzab :
what options did you set yes to?
[2018-07-26 02:36:46]
czokie :
I tried a few combinations of the options - all failed.
[2018-07-26 02:36:56]
czokie :
I am back home - so now intending to remove the files etc.
[2018-07-26 02:46:13]
czokie :
The one in the IPA appears looks interesting...??? The IPA I used was from DDD server...
[2018-07-26 02:55:30]
czokie :
OK. No javascript - and still wont connect.
[2018-07-26 02:55:43]
czokie :
app runs - just no comms to controller
[2018-07-26 02:57:11]
jezzab :
hmm
[2018-07-26 02:57:20]
czokie :
Removing and doing native appstore copy to test
[2018-07-26 03:35:59]
czokie :
OK. Update for all: I tried the new IPA from DDD server. That failed. App installs, does the popup’s etc. All good. But would not connect to P4P remote control. I tried reverting to native appstore version. That too fails. Weird thing. I was previously running an old custom version that I built a LONG time ago - and it has been solid. But I dont know where that IPA is now to reinstall….
[2018-07-26 04:10:49]
czokie :
Rebooted phone - didnt jailbreak - factory appstore IPA worked… Getting ready to jailbreak with factory IPA and test that - then try custom again…
[2018-07-26 04:38:03]
czokie :
Good news - Reinstalled again - and all good - Can connect to RC…
[2018-07-26 06:49:50]
czokie :
and it flew well…
[2018-07-26 06:51:01]
jezzab :
Right, so where is it at now?
[2018-07-26 06:51:08]
jezzab :
(sorry ive gotten lost in the end)
[2018-07-26 06:51:12]
czokie :
OK.
[2018-07-26 06:51:17]
czokie :
1. Jailbroken
[2018-07-26 06:51:25]
czokie :
2. Installed a couple of Cydia apps - to help do the IPA load
[2018-07-26 06:51:29]
jezzab :
JB, app from DDD, tweak from github?
[2018-07-26 06:51:39]
czokie :
3. Installed IPA from DDD, Tweak from Github
[2018-07-26 06:51:40]
czokie :
4. Flew
[2018-07-26 06:51:49]
jezzab :
which options?
[2018-07-26 06:52:14]
czokie :
Observations: I have only just upgraded my aircraft firmware recently - With 32ch and FCC, it didnt feel that much better….
[2018-07-26 06:52:37]
czokie :
But the question is - with the recent firmware, it does not feel as good as older firmware - in terms of longer distances.
[2018-07-26 06:53:11]
czokie :
I was two versions behind - but updated to current
[2018-07-26 06:54:41]
jezzab :
ok
[2018-07-26 06:55:28]
czokie :
Did you ever get a meter? TO measure signal? I recall you were getting one…???
[2018-07-26 06:55:51]
jezzab :
Yeah ive got one. But i dont have any SMA connectors on my P4 RC
[2018-07-26 06:56:11]
jezzab :
TBH i haven't tested just with an antenna on P4
[2018-07-26 06:56:29]
jezzab :
MP I found the test "iffy" that way. SMA direct in was clear as day though
[2018-07-26 06:57:22]
jezzab :
if the CC kicks correctly it should push FCC
[2018-07-26 06:57:32]
jezzab :
`forceFCC` wont cut it (as you know)
[2018-07-26 06:58:01]
jezzab :
the only time i remember is when the race worked for me (and you) and you did a BIG flight on it compared to normal with 32chan and FCC at the same time
[2018-07-26 06:58:30]
jezzab :
in your usual test area. And i had a similar result in mine
[2018-07-26 06:59:17]
jezzab :
@sanxexevc should be checking this all out. His are all byte patched though
[2018-07-26 07:00:59]
jezzab :
@mathieu.peyrega mentioned that on Android the 32Chan actually pushed FCC as well?
[2018-07-26 07:01:03]
mathieu.peyrega :
@mathieu.peyrega has joined the channel
[2018-07-26 07:59:38]
czokie :
OK. Shopping complete.
[2018-07-26 08:08:48]
mathieu.peyrega :
@jezzab: right, some code related to 32 channels to also force FCC, but this is only for P4 series, and I'm not sure if it is actually run and if run if it has effect
[2018-07-26 15:58:09]
hostile :
I love how this room has just had a slow smouldering fire compared to the android scene
[2018-07-26 15:58:27]
hostile :
every once in a while a new log is tossed on
[2018-07-26 17:08:16]
d95gas :
Just spent the last couple of hours trying to get the patched application onto my non-jailbroken Ipad min4 on IOS 11.4. Tried all sorts of various applications and finally succeded with an application called "SuperImpactor" <http://superimpactor.net/> Took about 8mins to complete, and thought it had frozen at one stage, but it was busy signing the application. Then just did the Trust element on the Ipad after the install, and copy over Tweak.js. Over the moon as I thought I had stuffed it with the IOS update.
[2018-07-26 17:08:49]
aciid :
impactor is bestttt
[2018-07-26 17:09:46]
aciid :
if you want a jailbroken iphone for flying go to aliexpress. they have all the models stock firmwares
[2018-07-26 17:10:02]
aciid :
so you just throwin the exploit per fw
[2018-07-26 17:11:29]
aciid :
they seem to have only 6s models :<
[2018-07-26 17:12:15]
d95gas :
Impactor would not work at all, had to keep reverting to previous version to dump certs as there is a bug in the latest version, but everytime I tried to install it would fail
[2018-07-26 17:13:11]
aciid :
ok, well good that you got it working, if there was something you had to do differently can you write about it on the wiki :smiley:
[2018-07-26 17:13:50]
d95gas :
App is running great on iPad Mini4. Might try the 7plus tomorrow. Is there any possibility that the patches may get rid of the necessity to login to DJI, or with Fake ID like Android ?
[2018-07-26 17:14:25]
d95gas :
I have fully documented and will add to the Wiki, more of a spoon feeding walkthrough, but includes the issues I had and how I got it to work
[2018-07-26 17:14:48]
d95gas :
Next purchase "Anafi" :slightly_smiling_face:
[2018-07-26 17:18:25]
aciid :
we havent figured out how to skip login permanently yet, but its probably not impossible. just have to skip the profile buttons othervice the app will crash
[2018-07-26 17:23:20]
aciid :
@d95gas i can recommend Anafi its great fun
[2018-07-26 17:23:30]
aciid :
probably as anyone elese here can too
[2018-07-26 18:15:11]
d95gas :
Yes was torn between the Evo or the Anafi ..... I think the Anafi is going to have a better development following from the likes of here. In addition having spoken to Autel, they are saying they will not sell in EU until they have a good support system in place within the EU...... which is fair enough. Parrot has been around a long time, so not going to disappear overnight. Just after a bit of fun with it, not really into the serious photography/video, and it certainly looks fun
[2018-07-26 18:50:49]
quad808 :
@d95gas I think my Evo will come in today, then I can thrash it a bit...will give a review on what I like or don't like, and if it is any louder than the Pro. To me tests have been about the same level of noise, with of course, the Anafi being much quieter.
[2018-07-26 19:04:20]
d95gas :
That would be superb Quad808....... decisions..decisions. Their head office told me they would not fulfil an EU order but advised which dealers to speak.......but take a risk!
[2018-07-26 20:15:21]
aciid :
@quad808 fw dump :333
[2018-07-26 20:15:54]
aciid :
@d95gas tried amazon yet ?
[2018-07-26 20:30:38]
czokie :
Interesting observation: WHen we were hooking before, we went from this method to swizzling to deal with IOS protections when not debugging. At the time, we asked the author of Frida if they could automatically emulate swizzling if we did a non swizzle call if it detected it was not in debug mode. I am only guessing that they have implemented this, because the non swizzle calls work now - even if not in debug mode. This makes life much easier for us now...
[2018-07-26 21:00:55]
perdario1 :
I still ask, would not it be better to create a tweak to install with cydia?
[2018-07-26 21:09:31]
aciid :
no, because we are not going to update it, it will be more like people whining in the comments all the time
[2018-07-27 07:00:32]
d95gas :
Wiki Updated with Walkthrough using "SuperImpactor" <http://dji.retroroms.info/howto/apple_ios_patched_dji_go4>
[2018-07-27 07:03:15]
d95gas :
@aciid No Autel Evo on Amazon UK. Anafi on £629 same price direct from Parrot...... Now to decide whether to go Amazon (Pretty good at refunds/returns) or Direct with Parrot
[2018-07-27 07:03:52]
aciid :
I bought mine from parrot eu site directly,was the only place you could get batteries a few weeks back
[2018-07-27 07:06:39]
aciid :
and if you really want a Autel evo, when you buy from a GSP shipping retailer from ebay. it cuts out the shipping restrictions
[2018-07-27 07:10:23]
aciid :
@d95gas
[2018-07-27 07:19:28]
d95gas :
Will you stop throwing temptation in my way :slightly_smiling_face: Going to hang on as Quad808 will have his in the next day or so (Evo) and I know he will give a truthful and frank review of the Evo ..... Now back to Anafi
[2018-07-27 07:24:11]
aciid :
check parrot eu store :smiley:
[2018-07-27 12:01:14]
d95gas :
Hey guys, I notice in the download of "Tweak.js" there is also a file "FridaGadget.config" - Can I assume that BOTH files need to move copied over to the iPad/iPhone ? Thanks
[2018-07-27 12:02:49]
jezzab :
no
[2018-07-27 12:03:16]
jezzab :
it will be packed in the ipa
[2018-07-27 12:03:26]
jezzab :
its just a setup for frida. it does no patching etc
[2018-07-27 12:23:02]
d95gas :
Ok cook, thanks Jezzab
[2018-07-27 12:23:09]
d95gas :
I mean cool not bloody cook
[2018-07-27 12:23:22]
d95gas :
dyslexic fingers today
[2018-07-27 13:05:40]
perdario1 :
I installed the ipa directly from my iphone. jailbroken using filza. it works!!
[2018-07-27 13:05:56]
perdario1 :
Now i upload a video
[2018-07-27 13:20:42]
perdario1 :
<https://youtu.be/lKiFjkS0Jw4>
[2018-07-27 13:20:47]
perdario1 :
you can only watch the video because it is not listed
[2018-07-27 13:35:27]
perdario1 :
@d95gas
Ps
To fix Application-Specific Password” for the installs, just remove 2-factor authentication from apple's id settings ...
[2018-07-27 14:07:53]
d95gas :
@perdario1 Yes I agree about 2FA..... but for me that's a no go ..... Since my Corporate credit card got cloned, I live by 2FA and secure keys :grinning: which is all a bit ironic when we do what we do here..... But in deference ..... DJI brought it on themselves by failing to abide by GPL
[2018-07-27 14:10:37]
will042082 :
Has anyone else confirmed if any of the recent changes on the tweak.js working for the Air? I have 0.20 and 0.21 and neither appear to alter config for my air
[2018-07-27 14:11:06]
perdario1 :
I have only mavic pro
[2018-07-27 14:12:58]
d95gas :
I only have MP ....... still cannot decide to go Anafi or Evo :slightly_smiling_face:
[2018-07-27 14:13:35]
will042082 :
The Anafi is Parrot but the evo is?
[2018-07-27 14:14:47]
ender :
Autel
[2018-07-27 14:15:07]
ender :
@d95gas Evo is better in almost any respect except noise
[2018-07-27 14:15:11]
ender :
and price…
[2018-07-27 14:15:37]
ender :
For me noise counts very much. I simply dont wanna fly if people are bothered and heads are turned :disappointed:
[2018-07-27 14:16:10]
will042082 :
I’ll have to check it out AuTel Evo? But I just got the Air!!!
[2018-07-27 14:18:23]
ender :
MP2 > Evo > MP
[2018-07-27 14:18:35]
ender :
Anafi <--> Air
[2018-07-27 14:18:42]
ender :
different peer Group :slightly_smiling_face:
[2018-07-27 14:20:51]
will042082 :
Holy shit the evo has a 4300mah battery. No 5.8 tho
[2018-07-27 14:21:16]
will042082 :
Is it bout the size of the air, or pro?
[2018-07-27 14:22:13]
ender :
pro
[2018-07-27 14:22:36]
will042082 :
It’s kinda ugly tho
[2018-07-27 14:23:42]
d95gas :
@ender Yes I think the Anafi wins hands down when it comes to being quiet..... never used Spark or Air so not familiar with them. But I agree, the noise seems to attract the "Haters" like bees to honey ....... or jcarlo to dji :slightly_smiling_face:
[2018-07-27 14:24:00]
will042082 :
The air is loud
[2018-07-27 14:24:09]
will042082 :
Can confirm. 100%
[2018-07-27 14:24:27]
will042082 :
Granted it don’t bother me too much, I wish it was quieter
[2018-07-27 14:24:54]
ender :
Anafi < Bebop 2 < MPP < MP < Spark < Air
[2018-07-27 14:25:22]
validat0r :
spark can be heard as high as 250m if you listen closely
[2018-07-27 14:25:43]
will042082 :
The air also. I know for sure it’s not hard to hear it 2-300ft in the air
[2018-07-27 14:25:55]
validat0r :
tested it yesterday since we were talking about that a couple of times
[2018-07-27 14:26:31]
will042082 :
Does the app config stuff work with the spark?
[2018-07-27 14:26:34]
validat0r :
depends on the area and wind of course.
[2018-07-27 14:26:37]
validat0r :
yup
[2018-07-27 14:26:48]
validat0r :
but i'm a android guy
[2018-07-27 14:26:50]
will042082 :
Man, wtf
[2018-07-27 14:26:59]
will042082 :
I want that 1.5boost
[2018-07-27 14:27:07]
validat0r :
get a mavic
[2018-07-27 14:27:33]
will042082 :
I’m ok without everything else. I’m in the US already :white_frowning_face:
[2018-07-27 14:27:37]
validat0r :
does the MA rc has a fan?
[2018-07-27 14:27:53]
will042082 :
Hmmm. Maybe a small one?
[2018-07-27 14:27:55]
validat0r :
if not, boost will most likely fry the board
[2018-07-27 14:27:59]
ender :
@ilovemynexus4 yes
[2018-07-27 14:28:02]
validat0r :
ah, ok
[2018-07-27 14:28:07]
ender :
@will042082 Spark is as open as the MP
[2018-07-27 14:28:16]
will042082 :
But why not the air?
[2018-07-27 14:28:25]
will042082 :
That piece I can’t figure out
[2018-07-27 14:29:29]
validat0r :
came out a couple of months ago. spark a year ago, mavic is there forever. earlier firmwares were not as tightly secured as the air's
[2018-07-27 14:32:41]
d95gas :
My MP still sat on original 400 firmware, when I got it I immediately contacted the DJI Safe Skies team as I needed to fly in a military area, I got a pm back from one of the guys and literally all it said was "Do not update your current firmware"!!
[2018-07-27 14:32:47]
d95gas :
and look where we are now
[2018-07-27 14:32:50]
cs2000 :
Not only the firmware sadly though is it :disappointed: The MA has a trustzone on it, other AC's dont have
[2018-07-27 14:33:04]
d95gas :
Trustzone??
[2018-07-27 14:34:04]
cs2000 :
secure area on the chip that cant be written to or read without correct keys
[2018-07-27 14:34:25]
cs2000 :
(unless im mistaken) but im sure it has a trust zone. lack wont let me search far enough back
[2018-07-27 14:35:04]
cs2000 :
<https://github.com/MAVProxyUser/TrashFire> (read down to the TrustZone section)
[2018-07-27 14:35:38]
will042082 :
Was actually reading that yesterday
[2018-07-27 14:36:37]
will042082 :
And ended up following all you guys I think on github. So let’s not make it weird I’m cyber stalking all of you lol. In a tech way of course, not a weird “it puts the lotion on its skin” kinda way
[2018-07-27 14:37:00]
will042082 :
And hopefully you get the reference otherwise that makes it so much worse lol
[2018-07-27 14:40:02]
d95gas :
Better understanding of this Trusted Zone now, just another way of DJI trying to hide and not conform to GPL!!
[2018-07-27 14:41:42]
will042082 :
So some sort of cert or key?
[2018-07-27 14:47:36]
d95gas :
I went on to read: <https://www.arm.com/products/security-on-arm/trustzone> Which gave more insight
[2018-07-27 15:03:18]
will042082 :
So looking through tweak.js, I know for sure all of the Air parameters I’ve looked at are named differently I wonder if I find the corresponding correct parameter name and update accordingly it would work.
[2018-07-27 15:13:16]
cs2000 :
Give it a shot, it all depends if the parameter is editable, it may be locked out (nothing can change it apart from patching the flight controller, no public way to do this yet)
[2018-07-27 15:13:32]
cs2000 :
Worst it will do is absolutly nothing
[2018-07-27 15:24:13]
will042082 :
The way you keep saying no public way gets me very excited
[2018-07-27 15:24:59]
will042082 :
I’ll try to go through them today.
[2018-07-27 15:27:00]
cs2000 :
haha reading between the lines, i like it
[2018-07-27 15:29:36]
fredmicrowave :
It´s not between the lines, its right in our face! Eventually frustrating when you are not a programmer... :stuck_out_tongue:
[2018-07-27 15:30:00]
ender :
@will042082: if there is only one way to get into the Air you better save that for bad times. If there are two you can publish one. This is even more important on the Air as the MP2 could very well base on the same platform and having an immediate lever “into” it would be … NICE :slightly_smiling_face:
[2018-07-27 15:30:02]
cs2000 :
*is staying silent, sorry lol*
[2018-07-27 15:31:01]
cs2000 :
@ender id be surprised if the MP2 is designed (hardware wise) _anything_ like the MA. Its definitely an odd child of the family
[2018-07-27 15:31:20]
ender :
Just platform wise… Should we bet on it ? :wink:
[2018-07-27 15:32:02]
cs2000 :
then again, they did pull their reveal event, and still no news on its new date yet, so... That said, they would have had to have been manufacturing the hardware for several months now to have stock ready around the world for their original release/reveal date.
[2018-07-27 15:32:15]
ender :
Like: if the MP2 is closer to the Mp than to the MA there is a free VR360 somewhere ? :stuck_out_tongue:
[2018-07-27 15:32:41]
cs2000 :
:joy:
[2018-07-27 15:32:47]
ender :
and if not there is a double price :slightly_smiling_face:
[2018-07-27 15:33:29]
will042082 :
@ender my only “in” for the AIR if somehow my dumb brain is right and updating the parameter names to the corresponding air names works
[2018-07-27 15:34:10]
cs2000 :
@ender its been mentioned before. Notice how the MA isnt an Ocusync device, despite being in the Mavic family?
[2018-07-27 15:35:30]
cs2000 :
Ocusync is way to tightly coupled to the hardware and chip choices on the MP, the ultra secure chip on the MA simply wont work with ocusync. So if they want to keep it without totally redesigning Ocusync from scratch, they have to stick with theor "old" SOC choices
[2018-07-27 15:37:27]
ender :
yeah you are right on that one. You should have taken that bet :wink:
[2018-07-27 15:37:36]
ender :
But Ma also != Spark
[2018-07-27 15:38:22]
cs2000 :
Correct, hence why people refer to the MA as the Spark Air lol, it fits so much more closely with the spark family
[2018-07-27 17:11:39]
validat0r :
True
[2018-07-27 18:50:57]
will042082 :
Family = red headed step child that just wants to be loved! And modded :sunglasses:
[2018-07-27 18:51:30]
will042082 :
Bout to get outta work. Really hope updating my parameter names in tweak.js and corresponding files works.
[2018-07-27 18:51:37]
will042082 :
Keep you guys posted.
[2018-07-27 20:37:33]
czokie :
Turn off 2FA temporarily only - you can re-enable once app is installed
[2018-07-27 21:26:16]
will042082 :
The mans correct sadly. Is there a way to export the list of parameters from DJI a2?
[2018-07-27 21:30:57]
will042082 :
@fred I’m an engineer with background in QA automation using python and a couple frameworks. But cracking firmware is past me. Although I’m a helluva test subject and can tinker with the best of em :yum:
[2018-07-27 23:09:48]
andrwho25 :
tempted to play with Tweak.js over the weekend
[2018-07-27 23:13:36]
aciid :
its good shit
[2018-07-27 23:13:42]
aciid :
easy to learn iOS hacking
[2018-07-27 23:26:23]
andrwho25 :
feels like hex editing games back in the day
[2018-07-27 23:45:36]
aciid :
yea flash games were the shit
[2018-07-27 23:45:45]
aciid :
Artmoney .exe was the tool of the trade back then
[2018-07-27 23:46:15]
aciid :
if you didn't get 100 porno viruess from downloading random memory editors from shady russian sites for firefox, you have not lived
[2018-07-27 23:57:31]
digdat0 :
@aciid lmfao, i worked for norton doing tech support early 2000's when every person got a virus and ihad to remove them. some dudes were very explicit on the websites they visited and what they were _trying _ to watch. things you cant unlisten to.
[2018-07-27 23:58:11]
aciid :
cakefarts ?
[2018-07-28 00:02:43]
czokie :
Back in the early 2000's - I was working as security director for a telco - one of my sub functions was "abuse" on the network... Had a big spam complaint about "[barnyardchicks.com](http://barnyardchicks.com)" .... Will never forget that name... just too funny
[2018-07-28 00:30:54]
will042082 :
@andrwho25 would PayPal if you get boost and defaulting to 5.8 to work on the air
[2018-07-28 00:31:03]
will042082 :
Or 1 or the other!
[2018-07-28 00:32:35]
jezzab :
Spark/MavicAir work differently. For a start they are wifi and the commandset of both is totally different to the SDR on Mavic Pro
[2018-07-28 00:34:13]
jezzab :
So for example the app sends the new Country Code (say US) the OpenWRT config saves it and then reboots the controller
[2018-07-28 00:34:50]
jezzab :
Not like that on MP/P4x etc
[2018-07-28 00:35:06]
will042082 :
Ya. I reboot the air when switching between 2.4/5.8. I’d love to just get it to default to 5.8
[2018-07-28 00:36:31]
will042082 :
I’ve successfully changed ATTI tilt, vel up/down, fly height to 500 and I’m looking at comparisons between the air and mavic for speed
[2018-07-28 00:36:46]
will042082 :
Engine idle and the gimbal on landing
[2018-07-28 00:37:41]
will042082 :
Config control horiz vel p gain I THINK might be speed
[2018-07-28 00:38:01]
will042082 :
Config engine idle
[2018-07-28 00:38:25]
will042082 :
Not sure on the gimble level on landing just yet tho
[2018-07-28 01:40:03]
will042082 :
Can confirm that g_config_control_horiz_vel_p_gain is NOT it
[2018-07-28 12:19:50]
will042082 :
Can I ask a stupid question regarding editing files within the Frida modded 4.2.22? On the wiki it mentions that anything in Payload/DJI\ GO\ 4.app/DJIPilotResources.bundle/plist/ParamList.plist can be altered over the DJI config. So far I haven’t managed to get any of the common stuff like boost, etc to work with the AIR. My air is hardware modded with 5.8ghz mushroom antennas so I have to switch to 5.8 every time and it’s annoying I can’t default it to 5.8 on startup. I noticed inside DJIHandleSettingDict.plist there is an array that has the WiFi frequencies listed, 2.4 and 5.8. Is it possible in some fashion to change the order so that 5.8 is Item 0 and not Item 1? Goal would be to get 5.8 as default so I don’t need to switch every damn time. Thoughts?
[2018-07-28 12:31:00]
aciid :
That is in the firmware, becuase the phone is not connected whn you start the drone
[2018-07-28 12:32:33]
aciid :
you could probably make a script in the drone to change the freq
[2018-07-28 12:32:43]
aciid :
but it needs to run certain DJI CMD
[2018-07-28 12:33:26]
will042082 :
Which again, isn’t publicly available lol :disappointed:
[2018-07-28 12:34:13]
aciid :
some commands are decrypted, it's the same commands that DJI Assistant uses to set values and whatnot, and same values RC and phoneapp communicate to the drone with
[2018-07-28 12:34:24]
aciid :
but I haven't been that deep for no reason yet
[2018-07-28 12:37:41]
will042082 :
Could I write something within tweak.js to have the app send said command at startup
[2018-07-28 12:39:22]
aciid :
you could make it switch via the way the phone does it yea
[2018-07-28 12:39:24]
will042082 :
Not sure what that “something” is as of yet, but the app does it obviously so just thinking out loud it may be technically possible. Wouldn’t need it to force fcc or anything as I’m already in the US
[2018-07-28 12:39:39]
aciid :
you can find the references via the settingsviews
[2018-07-28 12:39:52]
aciid :
you need to install Frida on you pc/mac first tho
[2018-07-28 12:39:56]
aciid :
and to your phone
[2018-07-28 12:42:51]
will042082 :
Ok, I have that repo already saved so I can install and see where I can get. Where is said settingsview when I get setup?
[2018-07-28 12:43:03]
aciid :
do you know how to use frida?
[2018-07-28 12:44:30]
will042082 :
Never have, but can read readme.md like a champ :upside_down_face:
[2018-07-28 12:45:51]
will042082 :
Always been the guy smart enough to figure shit out with a lil help and dumb enough to try and fail spectacularly
[2018-07-28 12:46:26]
will042082 :
It’s worked well professionally lol. I’m in QA so I love breaking stuff
[2018-07-28 12:47:34]
aciid :
once you have everything set up
frida-ps -U
will give you running processses over usb-cable
[2018-07-28 12:48:39]
aciid :
frida-trace -U -f "app.name.running" -m "-[SomeClass* *]"
will trace all methods of SomeClass
[2018-07-28 12:49:43]
aciid :
the frida website has a tutorial for ios that has best basic examples
[2018-07-28 12:50:33]
will042082 :
Thank you.
[2018-07-28 17:10:50]
perdario1 :
someone knows how to remove the nfz
[2018-07-28 17:50:13]
hans112 :
Yes, many people know
[2018-07-28 17:50:26]
hans112 :
:laughing: why do you ask ?
[2018-07-28 17:52:33]
ender :
Just friendly conversation :wink:
[2018-07-28 17:54:48]
hans112 :
Hehehe
[2018-07-28 17:55:02]
hans112 :
@perdario1 did you see the wiki ?
[2018-07-28 17:55:14]
hans112 :
!wiki
[2018-07-28 18:03:16]
ender :
@perdario1 And its quite important which bird you fly...
[2018-07-28 18:06:39]
aciid :
And if you dont learn you wont understand
[2018-07-28 18:07:17]
aciid :
Its bad to do stuff without understanding ok, could lose your drone because of misconfiguratiln
[2018-07-28 19:24:12]
will042082 :
@aciid I have Frida successfully setup and can trace and tested doing they’re example on crypto, but how do I know what to trace in order to capture the request that switched the WiFi frequency?
[2018-07-28 19:25:01]
aciid :
@will042082 you on macOS too right?
[2018-07-28 19:25:10]
will042082 :
Win10
[2018-07-28 19:25:17]
aciid :
its fine too
[2018-07-28 19:25:26]
aciid :
do you know reversing?
[2018-07-28 19:25:31]
aciid :
IDA could help you
[2018-07-28 19:25:34]
aciid :
see the classes
[2018-07-28 19:25:59]
will042082 :
I don’t
[2018-07-28 19:26:36]
will042082 :
But given context googlefu is strong
[2018-07-28 19:27:14]
aciid :
cough IDA 7.0
[2018-07-28 19:27:39]
will042082 :
:+1::skin-tone-2:
[2018-07-28 19:38:43]
aciid :
@will042082 then extract the IPA, it's a zip file.
[2018-07-28 19:39:05]
aciid :
inside there should be folders. you need to load DJI GO 4 binary to IDA64
[2018-07-28 19:39:23]
aciid :
it will automatically detect it's ios binary and proceed with defaults
[2018-07-28 19:39:37]
aciid :
it will take something like 20minutes once it generates a local database about everyhting
[2018-07-28 19:39:43]
aciid :
and graphs all funcitonality
[2018-07-28 19:39:57]
will042082 :
God I love technology
[2018-07-28 19:40:33]
will042082 :
Is it funny I’m doing all this so I don’t have to switch WiFi frequency every time lol
[2018-07-28 19:47:57]
aciid :
have you pulled the filesystem from the drone already?
[2018-07-28 19:48:13]
aciid :
you can browser for those files and read shit while your IDA is indexing
[2018-07-28 19:48:43]
will042082 :
It didn’t think I could do much since I have the air so I havnt bothered
[2018-07-28 19:48:56]
aciid :
air has a filesystem too if you have root
[2018-07-28 19:49:30]
aciid :
and there could be a file to do that switch even easier, but I don't have an air
[2018-07-28 19:49:33]
will042082 :
Which isn’t publicly available. Lol. But I’m not public! I’m me!
[2018-07-28 19:49:47]
aciid :
oh I confused air and spark
[2018-07-28 19:49:48]
aciid :
lol
[2018-07-28 19:50:11]
aciid :
but yeah you can probably add this via frida-script into the ios app
[2018-07-28 19:50:11]
will042082 :
Yep. Red headed step child owner here
[2018-07-28 19:50:26]
will042082 :
That’s what I’m hoping.
[2018-07-28 19:50:34]
aciid :
where you live
[2018-07-28 19:50:47]
will042082 :
Just append it to tweak.js
[2018-07-28 19:50:57]
will042082 :
Kentucky
[2018-07-28 19:50:59]
aciid :
we need more people to spend money on autel EVO
[2018-07-28 19:51:03]
will042082 :
US
[2018-07-28 19:51:09]
aciid :
that american drone shit
[2018-07-28 19:51:17]
aciid :
or so they say, its as chinese as dji
[2018-07-28 19:51:22]
aciid :
i pulled the firmware already open
[2018-07-28 19:51:25]
aciid :
they dont ship to EU
[2018-07-28 19:51:33]
aciid :
<https://www.autelrobotics.com/evo/>
[2018-07-28 19:52:56]
guson :
With the patched IPA available, is there any way to install the IPA on an 11.4.1 iOS device? I have Cydia, zjailbreak, Anzhuang installed with “profiles” , but of course no true root yet. Like some app loading the ipa directly on the phone to install it. Know it was possible on 11.3.x with Filzajailed. But not available for 11.4.x yet.
[2018-07-28 19:54:28]
will042082 :
Looks like a nicely specd drone
[2018-07-28 19:55:35]
will042082 :
I love my air tho. Just wish it had more air time
[2018-07-28 19:57:30]
aciid :
@guson hi, yes you can use CYDIA IMPACTOR
[2018-07-28 19:57:45]
aciid :
usb cable in, open IMPACTOR, drag IPA file to IMPACTOR
[2018-07-28 19:58:07]
aciid :
there are other guides on this channel too and in !wiki
[2018-07-28 20:01:30]
guson :
@aciid thanks will check it out. Does it overcome the 7day certificate issue that way? And do I need to uninstall the legit DJI go 4 or can they co-exist like on android systems?
[2018-07-28 20:02:27]
aciid :
probably can't coexistssame namespace for app.
[2018-07-28 20:02:49]
aciid :
buy the apple developer certificate 99€ year,
[2018-07-28 20:03:08]
aciid :
you get all beta ios and macos shits and no need to update certificates
[2018-07-28 20:03:10]
aciid :
all the time
[2018-07-29 16:30:18]
will042082 :
@aciid so I’m attempting to load the DJI Go 4 binary to IDA, but I don’t see a DJI Go 4 binary within the payload. Plenty of AC_AD_signed.binaries and other letters like that but not a DJI go4 one
[2018-07-29 16:30:47]
aciid :
Payload folder
DJI GO4.IPA
[2018-07-29 16:30:52]
aciid :
thats a folder too
[2018-07-29 16:31:08]
aciid :
the one file inside the Payload folder is a folder
[2018-07-29 16:31:13]
aciid :
you can do it man
[2018-07-29 16:31:41]
will042082 :
Yep. After typing that I just tried the ipa itself and boom
[2018-07-29 16:32:36]
aciid :
wrongg
[2018-07-29 16:33:02]
aciid :
do I need to show you somehow
[2018-07-29 16:34:22]
aciid :
ill pack you the inside of the folder
[2018-07-29 16:35:32]
will042082 :
[2018-07-29 16:35:42]
aciid :
correct
[2018-07-29 16:35:44]
aciid :
its a one file there
[2018-07-29 16:35:48]
will042082 :
Inside of payload. I have tons of bundles but don’t see a binary
[2018-07-29 16:35:57]
aciid :
its named DJI GO 4
[2018-07-29 16:36:05]
aciid :
just scroll down
[2018-07-29 16:36:30]
aciid :
do you have some silly file type restriction
[2018-07-29 16:36:45]
aciid :
just drag it into ida once you find see it in explorer
[2018-07-29 16:37:47]
will042082 :
That guy?
[2018-07-29 16:37:55]
will042082 :
Son of a bitch. It was filtered
[2018-07-29 16:38:02]
aciid :
that
[2018-07-29 16:38:12]
will042082 :
Loaded, then select binary
[2018-07-29 16:38:29]
will042082 :
Rather than Mach-o file execute
[2018-07-29 16:38:46]
will042082 :
64bit I assume
[2018-07-29 16:39:00]
aciid :
yes
[2018-07-29 16:39:08]
aciid :
go with default settings
[2018-07-29 16:39:10]
aciid :
then brew coffee
[2018-07-29 16:39:17]
aciid :
it takes quite a while to generate the index
[2018-07-29 16:39:19]
aciid :
automatically
[2018-07-29 16:39:21]
will042082 :
[2018-07-29 16:39:32]
aciid :
hmm
[2018-07-29 16:39:32]
aciid :
weirdd
[2018-07-29 16:39:57]
aciid :
i can upload you my index
[2018-07-29 16:40:08]
aciid :
maybe the app is botched somehow
[2018-07-29 16:40:25]
will042082 :
This is the Frida build. Should I try the default?
[2018-07-29 16:41:18]
will042082 :
Just clicking ok I get here
[2018-07-29 16:41:37]
aciid :
does it start indexing?
[2018-07-29 16:41:46]
will042082 :
[2018-07-29 16:41:54]
aciid :
yea doesnt seem to work
[2018-07-29 16:41:55]
aciid :
ill upload mine
[2018-07-29 16:42:25]
aciid :
takesw hile tho
[2018-07-29 16:45:46]
will042082 :
Ok. Yell
[2018-07-29 16:45:55]
will042082 :
I’m gonna test these parameters out
[2018-07-29 17:59:51]
aciid :
@will042082 nice to get new people to work and learn
[2018-07-29 18:00:32]
will042082 :
Ima break something, but that’s the fun part
[2018-07-29 18:01:11]
aciid :
its runtime only
[2018-07-29 18:01:14]
aciid :
you wont break anything
[2018-07-29 18:01:22]
aciid :
just restart app if it crashes
[2018-07-29 18:01:48]
d95gas :
Secretly in the background have been watching and doing what you have been teaching Will042082. But got to load the go file and it tells me I cannot use ARM...... I only downloaded the personal version of IDA, which I am assuming will not cover this
[2018-07-29 18:02:10]
aciid :
you need the **cough** version
[2018-07-29 18:03:31]
d95gas :
:wink: I shall have a look tomorrow, sure I will find it "somewhere"
[2018-07-29 18:03:52]
d95gas :
Yes this was the Freeware version, and doesnt cover the Arm processor
[2018-07-29 18:04:06]
d95gas :
Actually bugger it, I will go hunting now :slightly_smiling_face:
[2018-07-29 18:04:22]
will042082 :
Dear god thank you for the universal ctrlF search feature lol
[2018-07-29 18:05:22]
aciid :
go to view- open subview- strings
[2018-07-29 18:05:25]
aciid :
or shift+f12
[2018-07-29 18:05:34]
aciid :
d95gas check pm
[2018-07-29 18:05:41]
d95gas :
cheers buddy
[2018-07-29 18:06:57]
will042082 :
That’s a lot more stuff
[2018-07-29 18:09:58]
will042082 :
This looks promising
[2018-07-29 18:10:12]
will042082 :
Djilogicwifibandselection
[2018-07-29 18:19:42]
will042082 :
Ok. So let’s say I think I found the class I’m looking for
[2018-07-29 18:21:36]
will042082 :
Do I even need to trace with Frida
[2018-07-29 18:22:07]
aciid :
probably so you can see which types and values go through the methods you are looking at
[2018-07-29 18:22:19]
aciid :
just pasting to persistent tweak.js aint good
[2018-07-29 18:22:25]
aciid :
you gotta test alot first
[2018-07-29 18:23:02]
aciid :
also remove the tweak.js interaction line when you test
[2018-07-29 18:23:06]
aciid :
so it doesnt spawn the popups
[2018-07-29 18:23:18]
aciid :
or rename it when you use frida
[2018-07-29 18:24:00]
aciid :
<https://bpaste.net/show/ec4236942e6a> heres a script file
[2018-07-29 18:24:09]
will042082 :
Ya already did that piece
[2018-07-29 18:24:10]
aciid :
I use that for tracing
[2018-07-29 18:24:28]
aciid :
frida -U -f "dji.go.app.name.i.cannot.remember" -l autointercept.js --no-pause
[2018-07-29 18:32:42]
will042082 :
unknown to frontboard
[2018-07-29 18:33:18]
aciid :
wut
[2018-07-29 18:33:31]
aciid :
-f "dji.go.app.name.i.cannot.remember
[2018-07-29 18:36:13]
will042082 :
ya i'm trying to figure out exactly which name it's looking for.
[2018-07-29 18:36:39]
will042082 :
com.dji.go
[2018-07-29 18:36:44]
aciid :
frida-ps -U
[2018-07-29 18:36:49]
aciid :
that will show you running processes names
[2018-07-29 18:37:06]
will042082 :
ya i tried PID and even just the name DJI GO 4 which is what's listed from that
[2018-07-29 18:37:08]
will042082 :
but it didn't like it
[2018-07-29 18:40:31]
will042082 :
frida -U -f com.dji.go -l autointercept.js --no-pause
[2018-07-29 18:41:28]
johnenglish5599 :
Hi guy I’ve used superimpactor to install iOS modded app DJI go 4 4.2.22 and I’ve done the dji-iOS-Frida tweak master update my question is do I add file fridagadget.config as well as the tweak file
Seams to be ok on iPhone X and iPad 4 running ios12
[2018-07-29 18:44:20]
will042082 :
the js runs, and looks to attempt to launch Go4, but errors. (task_info returned '(os/kern) invalid argument')
[2018-07-29 18:56:13]
will042082 :
i'm in
[2018-07-29 18:56:29]
will042082 :
frida -U -f com.dji.go -l autointercept.js --no-pause
[2018-07-29 18:56:35]
will042082 :
always crashes tho
[2018-07-29 18:56:57]
will042082 :
i can run frida -U -f com.dji.go and itlaunches after resume
[2018-07-29 19:14:32]
will042082 :
winner winner chicken dinner
[2018-07-29 19:19:03]
will042082 :
ok, so I got the js running and autointercepting a few things. now to figure out HOW to trace the wifi settings stuff while my phone is connected to the PC, and without the phone connected to the drone, if i go into camera view it shows all athe settings stuff, but not in full detail, like the 5.8 info
[2018-07-29 19:43:51]
will042082 :
if i want to autoIntercept all of DJIWifiHomeSettingView and not just a single function, how can that be done
[2018-07-29 20:18:18]
aciid :
autointercept with type and value printing doesn't support wildcard. but you can frida-trace -U ........ -m "-[DJIWifiHomeSettingView* *]"
[2018-07-29 20:18:44]
aciid :
see the wildcards
[2018-07-29 20:32:12]
ddzobov :
Any news guys?
[2018-07-29 20:32:37]
ddzobov :
Now i’m preparing to my wedding :)
[2018-07-29 20:32:57]
ddzobov :
So i can continue research later
[2018-07-29 21:00:48]
aciid :
@ddzobov you have started something here :fire: :fire: :fire: :fire:
[2018-07-29 21:02:10]
aciid :
@will042082 hows it going
[2018-07-29 21:08:47]
will042082 :
had to pause, wife break
[2018-07-29 21:31:35]
will042082 :
REALLY stupid question
[2018-07-29 21:32:01]
will042082 :
how can I connect the phone to the drone/RC, while connected to my pc
[2018-07-29 21:32:23]
will042082 :
without being connected to the drone, the wifi views etc aren't there
[2018-07-29 21:34:57]
aciid :
@will042082 you need to start frida-server with listening to all interfaces . this can be done via SSh
[2018-07-29 21:35:16]
aciid :
you need to log into your iphone with putty for example
[2018-07-29 21:35:48]
aciid :
frida-server -l 0.0.0.0 -D
[2018-07-29 21:36:40]
aciid :
then you use frida like so
frida -h 169.123.123.1 -f com.dji.go -l autointercept.js --no-pause
[2018-07-29 21:36:46]
aciid :
-h where is iphone ip
[2018-07-29 21:39:07]
will042082 :
ty
[2018-07-29 21:50:29]
aciid :
@will042082 great to see new people stepping up and learning. IDA will be a great tool to do stuff with you can rename and make comments and annotations in there. its a powerful tool
[2018-07-29 21:56:48]
jezzab :
All happening in here
[2018-07-29 21:58:12]
will042082 :
hey jezz
[2018-07-29 21:59:14]
jezzab :
So you got it running and debugging over tcp?
[2018-07-29 22:00:13]
jezzab :
And disassembling/decompiling in IDA
[2018-07-29 22:01:11]
will042082 :
setting up frida-server now, but yes IDA and frida all good to go
[2018-07-29 22:01:25]
will042082 :
dumb i can't install frida-server via pip
[2018-07-29 22:02:11]
aciid :
you want to run frida-server on windows now?
[2018-07-29 22:02:13]
aciid :
whats up?
[2018-07-29 22:02:20]
aciid :
frida-server should be on the phone already
[2018-07-29 22:04:32]
jezzab :
How long did it take you to load it into IDA and it do it's initial analysis @will042082?
[2018-07-29 22:04:59]
aciid :
I sent him my database :smile:
[2018-07-29 22:05:06]
jezzab :
Naw u cheated lol
[2018-07-29 22:05:24]
aciid :
his app was encrypted
[2018-07-29 22:05:31]
aciid :
thats why i had to send it
[2018-07-29 22:05:51]
jezzab :
Sucks coz IDA doesn't do multi threading
[2018-07-29 22:06:25]
jezzab :
Watching one thread max out and the rest idle blows
[2018-07-29 22:07:54]
will042082 :
naw, just missing shit apparently aciid
[2018-07-29 22:08:06]
will042082 :
so when i attempt to start frida-server
[2018-07-29 22:08:29]
will042082 :
Wills-iPhone:~ root# frida-server -l 0.0.0.0 -D
2018-07-29 18:07:36.336 frida-server[6784:1731706] Frida: Unable to check in with launchd: are we running standalone?
Unable to start server: Error binding to address: Address already in use
[2018-07-29 22:09:50]
aciid :
ye its already running
[2018-07-29 22:09:52]
aciid :
you need to kill it first
[2018-07-29 22:10:08]
aciid :
killall -9 frida-server
[2018-07-29 22:10:22]
aciid :
or just check actually is it already working via the hostname thing
[2018-07-29 22:10:26]
aciid :
I doubt tho
[2018-07-29 22:11:46]
aciid :
@jezzab python-2.7.15.amd64.msi
[2018-07-29 22:12:02]
will042082 :
do i need the 169 or was that representative of the phones actual IP also?
[2018-07-29 22:12:09]
aciid :
phones actual ip
[2018-07-29 22:12:13]
aciid :
i don't know your phones ip
[2018-07-29 22:12:38]
will042082 :
```
Wills-iPhone:~ root# killall -9 frida-server
Wills-iPhone:~ root# frida-server -l 0.0.0.0 -D
2018-07-29 18:12:27.898 frida-server[6790:1733573] Frida: Unable to check in with launchd: are we running standalone?
```
[2018-07-29 22:13:17]
will042082 :
```K:\DRONES\1. MODS\Frida>frida 192.168.1.28 -f com.dji.go -l autointercept.js --no-pause
____
/ _ | Frida 12.0.7 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at <http://www.frida.re/docs/home/>
Failed to spawn: unable to find executable at 'com.dji.go'```
[2018-07-29 22:14:31]
aciid :
-f com.dji.go
[2018-07-29 22:14:38]
aciid :
you should know what to write in this section
[2018-07-29 22:14:48]
aciid :
im just pulling these lines out of my ass right now
[2018-07-29 22:14:56]
aciid :
I don't know the package name or the pid
[2018-07-29 22:18:37]
will042082 :
What about the server error
[2018-07-29 22:20:35]
aciid :
Your fridaserver did not die
[2018-07-29 22:20:44]
aciid :
Its provably not issue
[2018-07-29 22:20:49]
aciid :
Since it connected
[2018-07-29 22:20:54]
aciid :
Fix the package name
[2018-07-29 22:22:09]
aciid :
ilarilind at Acer 2400 in ~/bin/dji-go
$ frida-trace -H 192.168.1.78 -f com.dji.go ......................
[2018-07-29 22:22:13]
aciid :
has worked for me
[2018-07-29 22:40:14]
will042082 :
-H vs -h
[2018-07-29 22:40:21]
will042082 :
com.dji.go is right
[2018-07-29 23:03:08]
will042082 :
using this as an example
[2018-07-29 23:03:10]
will042082 :
```*** entered -[DJIMCHomeSettingView setLimitDistance:] ***
arg 1 value: 0x16fa95ebc
retval type: DJIMCHomeSettingView DJIMCHomeSettingView
retval value: <DJIMCHomeSettingView: 0x12d405390; frame = (0 0; 527 370); layer = <CALayer: 0x1d3e25900>>```
[2018-07-29 23:03:36]
will042082 :
what do I then do with that value?
[2018-07-29 23:07:30]
will042082 :
actually, got my trace to work
[2018-07-29 23:07:45]
will042082 :
looking through all these js handlers now
[2018-07-29 23:08:43]
aciid :
great
[2018-07-29 23:08:48]
aciid :
should be a double value
[2018-07-29 23:09:02]
aciid :
double is almost same as float
[2018-07-29 23:09:04]
aciid :
but not the same
[2018-07-29 23:11:08]
will042082 :
I did the wildcard on wifi
[2018-07-29 23:11:24]
will042082 :
generated 35 js files for handlers
[2018-07-29 23:11:30]
will042082 :
reading through those now
[2018-07-29 23:19:31]
aciid :
when it says "hooked 35 methods" and generates those files. don't quit frida
[2018-07-29 23:19:42]
aciid :
run the app and go through testing of the rc in wifi mode
[2018-07-29 23:19:45]
aciid :
it will trace shit there
[2018-07-29 23:19:47]
aciid :
in cli
[2018-07-29 23:20:16]
aciid :
check the tutorials on frida website on how to modify those vaklues with genrated js files
[2018-07-29 23:21:32]
will042082 :
that makes sense, but backing up just a little. so say for example
[2018-07-29 23:21:49]
will042082 :
i know what I WANT to do, but how do I do what to search for/trace to look for it
[2018-07-29 23:26:52]
will042082 :
well, I DEFINITELY just found what I was looking for
[2018-07-29 23:30:35]
will042082 :
now to understand what I'm looking at and how to manipulate
[2018-07-30 00:53:06]
will042082 :
Getting my learn in to figure out how to edit the js from the traces I’ve captured. I know I’ve captured what I need. Now to figure out how to manipulate it
[2018-07-30 13:39:49]
rickw001 :
@rickw001 has joined the channel
[2018-07-30 14:59:29]
will042082 :
Time to get back at it
[2018-07-30 15:37:32]
will042082 :
anyone around to annoy?
[2018-07-30 15:41:45]
cs2000 :
depends who you're after :slightly_smiling_face:
[2018-07-30 15:42:09]
will042082 :
anyone that has a lil in depth on retval
[2018-07-30 15:43:33]
cs2000 :
*scurries away*
[2018-07-30 15:43:34]
cs2000 :
lol
[2018-07-30 15:45:25]
will042082 :
hehe
[2018-07-30 15:51:09]
aciid :
@will042082 if you know JS you can unpack and pack values in frida
[2018-07-30 15:51:26]
will042082 :
kinda
[2018-07-30 15:51:28]
will042082 :
so
[2018-07-30 15:51:47]
will042082 :
-[DJIWM100WiFiSettingView hitTest:0x1d411e0f0 withEvent:0x1]
[2018-07-30 15:51:55]
will042082 :
wanna add that guy to my autointercept
[2018-07-30 15:52:03]
will042082 :
but i can't figure out the context
[2018-07-30 15:52:14]
will042082 :
since it has 2 sets of arg
[2018-07-30 15:53:09]
aciid :
you need to probably read that in memory I havent done that myself yet
[2018-07-30 15:53:22]
will042082 :
ok, i can pass on that then for now
[2018-07-30 15:54:03]
will042082 :
```*** entered -[DJIWM100WiFiSettingView onWifiChannelNumberChanged:] ***
arg 1 type: UIButton UIButton
arg 1 value: <UIButton: 0x11341b670; frame = (600 0; 40 27.6667); opaque = NO; tag = 50165; layer = <CALayer: 0x1c0c34a00>>
*** entered -[DJIWM100WiFiSettingView checkAirAlertView]: ***
retval type: nil nil
retval value: nil
*** exiting -[DJIWM100WiFiSettingView checkAirAlertView]: ***
*** entered -[DJIWM100WiFiSettingView rebootAlertViewWithCompletion:] ***
arg 1 type: __NSStackBlock__ __NSStackBlock__
arg 1 value: <__NSStackBlock__: 0x16ae41008>
retval type: DJIAlertView DJIAlertView
retval value: <DJIAlertView: 0x114b1efa0; frame = (228 144.5; 280 125); clipsToBounds = YES; animations = { pop_animation=<CASpringAnimation: 0x1c8e29aa0>; alpha_animation=<CABasicAnimation: 0x1c8e29a00>; }; layer = <CALayer: 0x1c843a0a0>>
*** exiting -[DJIWM100WiFiSettingView rebootAlertViewWithCompletion:] ***
retval type: UIButton UIButton
retval value: <UIButton: 0x11341b670; frame = (600 0; 40 27.6667); opaque = NO; tag = 50165; layer = <CALayer: 0x1c0c34a00>>
*** exiting -[DJIWM100WiFiSettingView onWifiChannelNumberChanged:] ***```
[2018-07-30 15:54:21]
will042082 :
traced/captured etc this. now
[2018-07-30 15:54:27]
aciid :
<https://www.frida.re/docs/examples/ios/> check datastructures, midway on the page
[2018-07-30 15:56:05]
will042082 :
awesome, was looking for that i believe
[2018-07-30 15:56:23]
will042082 :
can u confirm with datatype 0x11341b670 is
[2018-07-30 16:06:09]
aciid :
arg 1 value: <UIButton: 0x11341b670; frame = (600 0; 40 27.6667); opaque = NO; tag = 50165; layer = <CALayer: 0x1c0c34a00>>
[2018-07-30 16:06:12]
aciid :
uibutton
[2018-07-30 16:06:28]
will042082 :
*** entered -[DJIWM100WiFiSettingView onWifiChannelNumberChanged:] ***
arg 1 type: UIButton UIButton
arg 1 value: <UIButton: 0x11341b670; frame = (600 0; 40 27.6667); opaque = NO; tag = 50165; layer = <CALayer: 0x1c0c34a00>>
[2018-07-30 16:06:28]
aciid :
onWifiChannelNumberChanged is hooked to button
button is "sender"
[2018-07-30 16:06:31]
will042082 :
ya
[2018-07-30 16:06:45]
aciid :
if you fiddle around with objc + swift these will come like water
[2018-07-30 16:09:16]
will042082 :
wish there was a working example of editing a traced js to retval a value
[2018-07-30 16:11:09]
aciid :
it rarely can be done automatically
[2018-07-30 16:11:26]
aciid :
I can show you how we changed some value that was typed
[2018-07-30 16:11:57]
aciid :
```
var _setCountry1 = ObjC.classes.DJICountryCodeProviderLogic["- setCountryCode:withSource:"];
Interceptor.attach(_setCountry1.implementation, {
onEnter: function(args) {
args[2] = ObjC.classes.NSString.stringWithString_('US');
}
});
`
```
[2018-07-30 16:15:01]
will042082 :
so when I click my button, I get the above, among a few other things
[2018-07-30 16:15:39]
will042082 :
how do i figure out this piece
[2018-07-30 16:15:39]
will042082 :
NSString.stringWithString_
[2018-07-30 16:16:19]
aciid :
<https://developer.apple.com/documentation/foundation/nsstring>
[2018-07-30 16:16:23]
aciid :
well it was from there
[2018-07-30 16:16:32]
aciid :
i saw that the hooked method was typed in nsstring
[2018-07-30 16:16:48]
will042082 :
as what about my example?
[2018-07-30 16:16:51]
aciid :
thne i just googled "how to cast nsstring pragmatically"
[2018-07-30 16:17:03]
aciid :
*** entered -[DJIWM100WiFiSettingView onWifiChannelNumberChanged:] ***
arg 1 type: UIButton UIButton
arg 1 value: <UIButton: 0x11341b670; frame = (600 0; 40 27.6667); opaque = NO; tag = 50165; layer = <CALayer: 0x1c0c34a00>>
[2018-07-30 16:17:07]
aciid :
this doesn't change anything
[2018-07-30 16:17:11]
aciid :
its monitoring for changes
[2018-07-30 16:17:28]
aciid :
does this event come when you press 5.8ghz?
[2018-07-30 16:17:57]
will042082 :
```*** entered -[DJIWM100WiFiSettingView onWifiChannelNumberChanged:] ***
arg 1 type: UIButton UIButton
arg 1 value: <UIButton: 0x11341b670; frame = (600 0; 40 27.6667); opaque = NO; tag = 50165; layer = <CALayer: 0x1c0c34a00>>
*** entered -[DJIWM100WiFiSettingView checkAirAlertView]: ***
retval type: nil nil
retval value: nil
*** exiting -[DJIWM100WiFiSettingView checkAirAlertView]: ***
*** entered -[DJIWM100WiFiSettingView rebootAlertViewWithCompletion:] ***
arg 1 type: __NSStackBlock__ __NSStackBlock__
arg 1 value: <__NSStackBlock__: 0x16ae41008>
retval type: DJIAlertView DJIAlertView
retval value: <DJIAlertView: 0x114b1efa0; frame = (228 144.5; 280 125); clipsToBounds = YES; animations = { pop_animation=<CASpringAnimation: 0x1c8e29aa0>; alpha_animation=<CABasicAnimation: 0x1c8e29a00>; }; layer = <CALayer: 0x1c843a0a0>>
*** exiting -[DJIWM100WiFiSettingView rebootAlertViewWithCompletion:] ***
retval type: UIButton UIButton
retval value: <UIButton: 0x11341b670; frame = (600 0; 40 27.6667); opaque = NO; tag = 50165; layer = <CALayer: 0x1c0c34a00>>
*** exiting -[DJIWM100WiFiSettingView onWifiChannelNumberChanged:] ***```
[2018-07-30 16:18:07]
will042082 :
that there occurrs when I click 165
[2018-07-30 16:18:19]
will042082 :
a popup then happens saying it needs to restart wifi
[2018-07-30 16:18:27]
will042082 :
click ok and this comes through:
[2018-07-30 16:18:35]
aciid :
ok hmm
[2018-07-30 16:18:40]
will042082 :
```*** entered -[DJIWM100WiFiSettingView setScrollContentOffset:] ***
arg 1 value: 0x10e
retval type: DJIWM100WiFiSettingView DJIWM100WiFiSettingView
retval value: <DJIWM100WiFiSettingView: 0x13a812000; frame = (0 0; 527 414); layer = <CALayer: 0x1d78296c0>>
*** exiting -[DJIWM100WiFiSettingView setScrollContentOffset:] ***```
[2018-07-30 16:19:03]
will042082 :
it's very possible that I'm missing part of the action
[2018-07-30 16:19:11]
aciid :
ill check with ida if I can see the callgraph
[2018-07-30 16:19:33]
will042082 :
been watching videos all morning, so I'm going trace everything and see if I'm missing the actual call that sets the value
[2018-07-30 16:19:45]
will042082 :
instead of just the UI stuff
[2018-07-30 16:19:47]
aciid :
there is "rebootWIFI" method
[2018-07-30 16:19:55]
aciid :
you havent seen that yet?
[2018-07-30 16:20:13]
aciid :
-{DJIWM100WiFiSettingView rebootWIFI]
[2018-07-30 16:20:22]
aciid :
that will most likely show you what values goes into that
[2018-07-30 16:20:35]
aciid :
that can then be called with the values to reboot the wifi with
[2018-07-30 16:22:01]
will042082 :
Ya. Just a ton of knowledge to sort through and figure out
[2018-07-30 16:22:22]
aciid :
if these things would be easy, everyone would do them
[2018-07-30 16:22:48]
will042082 :
Don’t want it to be easy. Just take time to process and put together all the pieces for me
[2018-07-30 16:23:04]
aciid :
1 like 1 prayer 1 share 1 frida call
[2018-07-30 16:23:10]
aciid :
facebook commerces
[2018-07-30 16:36:57]
will042082 :
```Spawned `com.dji.go`. Resuming main thread!
TypeError: cannot read property 1 of null
at [anon] (duk_hobject_props.c:2385)
at autoIntercept (repl1.js:68)
at repl1.js:39```
[2018-07-30 16:37:07]
will042082 :
autoIntercept("-{DJIWM100WiFiSettingView rebootWIFI]");
[2018-07-30 16:38:10]
will042082 :
fixed it to autoIntercept("-[DJIWM100WiFiSettingView rebootWIFI]:"); and autoIntercept("-[DJIWM100WiFiSettingView rebootWIFI:]");
[2018-07-30 16:38:40]
will042082 :
but neither appear to work, now I have
[2018-07-30 16:38:47]
will042082 :
TypeError: cannot read property 'implementation' of undefined
at [anon] (duk_hobject_props.c:2385)
at autoIntercept (repl7.js:76)
at repl7.js:39
[2018-07-30 16:52:17]
aciid :
autoIntercept("-[DJIWM100WiFiSettingView rebootWiFi]:");
[2018-07-30 16:52:18]
aciid :
works for me
[2018-07-30 16:52:25]
aciid :
```
autoIntercept("-[DJIWM100WiFiSettingView rebootWiFi]:");
```
[2018-07-30 17:34:21]
ddzobov :
What you want to do?
[2018-07-30 17:55:50]
will042082 :
@ddzobov Hey, the man, the myth, the legend
[2018-07-30 17:56:09]
will042082 :
well, I'm looking to make the app set my frequency to 5.8 auto
[2018-07-30 17:56:38]
will042082 :
i don't need it to force FCC or country code etc to do so as I'm in the US and its there, I just hate doing so every damn time
[2018-07-30 17:59:31]
will042082 :
so right now I'm basically hunting for the methods etc to do so
[2018-07-30 18:06:36]
ddzobov :
Try to hook what method called when you choose custom 1xx channel
[2018-07-30 18:12:12]
will042082 :
Is there a way to get Frida-trace to trace all within the app? Cuz I’ve traced quite a bit but I don’t know for certain I’m tracing the correct method
[2018-07-30 18:58:57]
aciid :
-m "-{* *]"
[2018-07-30 19:51:39]
will042082 :
feel like i'm going in circles here lol
[2018-07-30 19:54:13]
aciid :
did you get the intecept to work on rebootWIFI?
[2018-07-30 19:54:20]
aciid :
autoIntercept("-[DJIWM100WiFiSettingView rebootWiFi]:");
[2018-07-30 20:00:25]
will042082 :
[2018-07-30 20:06:42]
will042082 :
im doing something stupid but don't know what
[2018-07-30 20:07:05]
will042082 :
1/2 the time i get this os/kernel error when trying to launch and have to just keep retrying
[2018-07-30 20:11:15]
will042082 :
but trying that rebootWiFi and one found in DJIWifiLogic neither come back with anything as I flip frequencies
[2018-07-30 20:13:06]
aciid :
wm100 is probably a differnt drone :smile:
[2018-07-30 20:13:13]
will042082 :
figured out which is auto/custom
[2018-07-30 20:13:24]
aciid :
oh you did
[2018-07-30 20:13:27]
aciid :
which
[2018-07-30 20:13:33]
aciid :
I ve been looking for that one
[2018-07-30 20:14:01]
will042082 :
DJIWifiFrequencySetAutoSelectPack
[2018-07-30 20:14:15]
will042082 :
can you walk me through toggling that guy back n forth
[2018-07-30 20:14:20]
will042082 :
so that piece actually clicks
[2018-07-30 20:14:36]
aciid :
need to trace it first myself
[2018-07-30 20:14:51]
will042082 :
```*** entered -[DJIWifiFrequencySetAutoSelectPack init] ***
retval type: DJIWifiFrequencySetAutoSelectPack DJIWifiFrequencySetAutoSelectPack
retval value: <DJIWifiFrequencySetAutoSelectPack: 0x1c42e4000>
*** exiting -[DJIWifiFrequencySetAutoSelectPack init] ***```
[2018-07-30 20:14:55]
will042082 :
example switch
[2018-07-30 20:15:44]
aciid :
packWithFreqMode is what we are interested in
[2018-07-30 20:15:53]
aciid :
but it wont work for me at all since I live in EU
[2018-07-30 20:17:54]
aciid :
+[DJILogicWiFiBandSelection isEnabledForActivation]:
[2018-07-30 20:18:44]
aciid :
+[DJILogicWiFiBandSelection setIsEnabledForActivation:]:
[2018-07-30 20:19:00]
aciid :
ah need to connect my MP
[2018-07-30 20:19:26]
will042082 :
*** entered -[DJIWifiFrequencySetAutoSelectPack init] ***
retval type: DJIWifiFrequencySetAutoSelectPack DJIWifiFrequencySetAutoSelectPack
retval value: <DJIWifiFrequencySetAutoSelectPack: 0x1c82e5900>
*** exiting -[DJIWifiFrequencySetAutoSelectPack init] ***
*** entered -[DJIWifiFrequencySetAutoSelectPack requestBodyLength] ***
retval value: 0x4
*** exiting -[DJIWifiFrequencySetAutoSelectPack requestBodyLength] ***
*** entered -[DJIWifiFrequencySetAutoSelectPack setRequestBody:] ***
arg 1 value: 0x1cc018d80
retval type: DJIWifiFrequencySetAutoSelectPack DJIWifiFrequencySetAutoSelectPack
retval value: <DJIWifiFrequencySetAutoSelectPack: 0x1c82e5900>
*** exiting -[DJIWifiFrequencySetAutoSelectPack setRequestBody:] ***
*** entered -[DJIWifiFrequencySetAutoSelectPack requestBody] ***
retval value: 0x1cc018d80
*** exiting -[DJIWifiFrequencySetAutoSelectPack requestBody] ***
*** entered -[DJIWifiFrequencySetAutoSelectPack requestBodyLength] ***
retval value: 0x4
*** exiting -[DJIWifiFrequencySetAutoSelectPack requestBodyLength] ***
*** entered -[DJIWifiFrequencySetAutoSelectPack requestBodyLength] ***
retval value: 0x4
*** exiting -[DJIWifiFrequencySetAutoSelectPack requestBodyLength] ***
*** entered -[DJIWifiFrequencySetAutoSelectPack init] ***
retval type: DJIWifiFrequencySetAutoSelectPack DJIWifiFrequencySetAutoSelectPack
retval value: <DJIWifiFrequencySetAutoSelectPack: 0x1c42e5e80>
*** exiting -[DJIWifiFrequencySetAutoSelectPack init] ***
[2018-07-30 20:19:55]
will042082 :
there's the change right there
[2018-07-30 20:20:39]
will042082 :
autoIntercept("-[DJIWifiFrequencySetAutoSelectPack init]");
autoIntercept("-[DJIWifiFrequencySetAutoSelectPack requestBody]");
autoIntercept("-[DJIWifiFrequencySetAutoSelectPack setRequestBody:]");
autoIntercept("-[DJIWifiFrequencySetAutoSelectPack requestBodyLength]");
[2018-07-30 20:21:34]
aciid :
im trying the bandselector
[2018-07-30 20:22:00]
will042082 :
so if i have this value: 0x1cc018d80, what do I do now with it?
[2018-07-30 20:22:57]
will042082 :
i think this guys triggers it all
[2018-07-30 20:23:01]
will042082 :
```-[DJIWifiFrequencySetAutoSelectPack init]````
[2018-07-30 20:26:51]
aciid :
mine doesnt do anything with those
[2018-07-30 20:26:55]
aciid :
even when I cahnge channels
[2018-07-30 20:27:36]
will042082 :
maybe air?
[2018-07-30 20:27:43]
aciid :
yeah MP doesn't do anything
[2018-07-30 20:28:04]
will042082 :
so how do i do something to change the value?
[2018-07-30 20:28:13]
aciid :
im still tracing, you need more data
[2018-07-30 20:28:14]
will042082 :
i did find some stuff in here specific to the air
[2018-07-30 20:28:36]
aciid :
try this "*[DJIWiFi* *]*"
[2018-07-30 20:28:39]
aciid :
ffs.fs...
[2018-07-30 20:28:43]
will042082 :
toggling between custom and auto results in this:
[2018-07-30 20:28:47]
will042082 :
```*** entered -[DJIWifiFrequencySetAutoSelectPack init] ***
retval type: DJIWifiFrequencySetAutoSelectPack DJIWifiFrequencySetAutoSelectPack
retval value: <DJIWifiFrequencySetAutoSelectPack: 0x1c82e0780>
*** exiting -[DJIWifiFrequencySetAutoSelectPack init] ***
*** entered -[DJIWifiFrequencySetAutoSelectPack requestBodyLength] ***
retval value: 0x4
*** exiting -[DJIWifiFrequencySetAutoSelectPack requestBodyLength] ***
*** entered -[DJIWifiFrequencySetAutoSelectPack setRequestBody:] ***
arg 1 value: 0x1c801f890
retval type: DJIWifiFrequencySetAutoSelectPack DJIWifiFrequencySetAutoSelectPack
retval value: <DJIWifiFrequencySetAutoSelectPack: 0x1c82e0780>
*** exiting -[DJIWifiFrequencySetAutoSelectPack setRequestBody:] ***```
[2018-07-30 20:29:04]
aciid :
```
-m "*[DJIWifi* *]*"
```
[2018-07-30 20:29:06]
will042082 :
so that 1st method initilizes the others
[2018-07-30 20:29:21]
will042082 :
trace that?
[2018-07-30 20:29:51]
aciid :
yea
[2018-07-30 20:29:55]
aciid :
ill try to find setautoselect now
[2018-07-30 20:30:00]
aciid :
from that trace
[2018-07-30 20:30:02]
aciid :
its huge
[2018-07-30 20:30:25]
will042082 :
ya, i traced like everything that has DJI and wifi
[2018-07-30 20:31:29]
will042082 :
frida-trace -H 192.168.1.28 -f com.dji.go -m "*[DJIWifi* *]*"
[2018-07-30 20:33:28]
will042082 :
i SHOULD already have everything in this trace
[2018-07-30 20:33:51]
will042082 :
so on these large traces, i often see Failed to start tracing: script is destroyed
[2018-07-30 20:33:57]
will042082 :
after it doing like 100s
[2018-07-30 20:38:03]
aciid :
```
| | | | | | | | | | | | | | | | <UISegmentedControl: 0x13cd8eef0; frame = (322 10; 183 29); opaque = NO; autoresize = RM+BM; tintColor = UIExtendedSRGBColorSpace 1 1 1 1; gestureRecognizers = <NSArray: 0x1c6642670>; layer = <CALayer: 0x13cd930c0>>
| | | | | | | | | | | | | | | | | <UISegment: 0x1404294f0; frame = (122 0; 61 29); opaque = NO; layer = <CALayer: 0x13a3f7bc0>>
| | | | | | | | | | | | | | | | | | <UISegmentLabel: 0x14046dda0; frame = (17 6.66667; 27.3333 15.6667); text = 'Dual'; opaque = NO; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1c1299500>>
| | | | | | | | | | | | | | | | | | <UIImageView: 0x140429270; frame = (61 0; 1 29); alpha = 0; opaque = NO; autoresize = LM; userInteractionEnabled = NO; tag = -1030; layer = <CALayer: 0x13a3c7020>>
| | | | | | | | | | | | | | | | | <UISegment: 0x13a3ed320; frame = (61 0; 60 29); opaque = NO; layer = <CALayer: 0x13a3e9320>>
| | | | | | | | | | | | | | | | | | <UISegmentLabel: 0x14042b8a0; frame = (15.6667 6.66667; 29 15.6667); text = '5.8G'; opaque = NO; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1c1297610>>
| | | | | | | | | | | | | | | | | | <UIImageView: 0x14045d240; frame = (60 0; 1 29); opaque = NO; autoresize = LM; userInteractionEnabled = NO; tag = -1030; layer = <CALayer: 0x140420580>>
| | | | | | | | | | | | | | | | | <UISegment: 0x13cddae80; frame = (0 0; 60 29); opaque = NO; layer = <CALayer: 0x1c4229b20>>
| | | | | | | | | | | | | | | | | | <UISegmentLabel: 0x13cddbee0; frame = (15.6667 6.66667; 29 15.6667); text = '2.4G'; opaque = NO; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1c529c840>>
| | | | | | | | | | | | | | | | | | <UIImageView: 0x14045fc70; frame = (60 0; 1 29); opaque = NO; autoresize = LM; userInteractionEnabled = NO; tag = -1030; layer = <CALayer: 0x13a3c9e90>>
| | | | | | | | | | | | | | | | <DJILabel: 0x13cd941a0; baseClass = UILabel; frame = (22 15.6667; 113.667 17); text = 'Available Channel'; clipsToBounds = YES; opaque = NO; autoresize = RM+BM; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1c52956d0>>
| | | | | | | | | | | | | | | <_UITableViewCellSeparatorView: 0x13cd8c3d0; frame = (15 43.5; 443 0.5); layer = <CALayer: 0x13cd925c0>>
```
[2018-07-30 20:38:52]
aciid :
DJIKumquatWifiSettingView
[2018-07-30 20:39:03]
aciid :
-[DJIKumquatWifiSettingView is5GAllowed]:
[2018-07-30 20:39:07]
aciid :
-[DJIKumquatWifiSettingView setIs5GAllowed:]:
[2018-07-30 20:39:09]
aciid :
here be
[2018-07-30 20:39:18]
aciid :
-[DJIKumquatWifiSettingView setChannelType:]:
[2018-07-30 20:39:30]
aciid :
-[DJIKumquatWifiSettingView setChannelNumber:]:
[2018-07-30 20:39:46]
will042082 :
-[DJIWifiLogic changeWifiFrequency_sky:callBack:]
[2018-07-30 20:41:01]
aciid :
40689 ms -[DJIKumquatWifiSettingView hitTest:0x1c41139e0 withEvent:0x1]
40689 ms | -[DJIKumquatWifiSettingView pointInside:0x1c41139e0 withEvent:0x16d5c043c]
40690 ms -[DJIKumquatWifiSettingView hitTest:0x1c41139e0 withEvent:0x1]
40690 ms | -[DJIKumquatWifiSettingView pointInside:0x1c41139e0 withEvent:0x16d5c081c]
40878 ms -[DJIKumquatWifiSettingView onWifiSupportBandChanged:0x151d500d0]
40878 ms | -[DJIKumquatWifiSettingView checkAirAlertView]
40878 ms | -[DJIKumquatWifiSettingView rebootAlertViewWithCompletion:0x16d5c1a18]
[2018-07-30 20:41:07]
aciid :
this came now when I pressed 5.8gh
[2018-07-30 20:41:33]
will042082 :
ya, i was seeing that earlier today
[2018-07-30 20:42:52]
will042082 :
but saw something like
[2018-07-30 20:42:54]
aciid :
ill check that method you pasted
[2018-07-30 20:43:08]
will042082 :
```SELECTED CUSTOM 165
*** entered -[DJIWM100WiFiSettingView onWifiChannelNumberChanged:] ***
arg 1 type: UIButton UIButton
arg 1 value: <UIButton: 0x11341b670; frame = (600 0; 40 27.6667); opaque = NO; tag = 50165; layer = <CALayer: 0x1c0c34a00>>
*** entered -[DJIWM100WiFiSettingView checkAirAlertView]: ***
retval type: nil nil
retval value: nil
*** exiting -[DJIWM100WiFiSettingView checkAirAlertView]: ***
*** entered -[DJIWM100WiFiSettingView rebootAlertViewWithCompletion:] ***
arg 1 type: __NSStackBlock__ __NSStackBlock__
arg 1 value: <__NSStackBlock__: 0x16ae41008>
retval type: DJIAlertView DJIAlertView
retval value: <DJIAlertView: 0x114b1efa0; frame = (228 144.5; 280 125); clipsToBounds = YES; animations = { pop_animation=<CASpringAnimation: 0x1c8e29aa0>; alpha_animation=<CABasicAnimation: 0x1c8e29a00>; }; layer = <CALayer: 0x1c843a0a0>>
*** exiting -[DJIWM100WiFiSettingView rebootAlertViewWithCompletion:] ***
retval type: UIButton UIButton
retval value: <UIButton: 0x11341b670; frame = (600 0; 40 27.6667); opaque = NO; tag = 50165; layer = <CALayer: 0x1c0c34a00>>
*** exiting -[DJIWM100WiFiSettingView onWifiChannelNumberChanged:] ***
CLICKED OK
*** entered -[DJIWM100WiFiSettingView setScrollContentOffset:] ***
arg 1 value: 0x10e
retval type: DJIWM100WiFiSettingView DJIWM100WiFiSettingView
retval value: <DJIWM100WiFiSettingView: 0x13a812000; frame = (0 0; 527 414); layer = <CALayer: 0x1d78296c0>>
*** exiting -[DJIWM100WiFiSettingView setScrollContentOffset:] ***```
[2018-07-30 20:45:17]
aciid :
this is when I change to 5.8ghz
-[DJIKumquatWifiSettingView setSupportBand:0x1]
this is when I change to 2.4ghz
-[DJIKumquatWifiSettingView setSupportBand:0x0]
[2018-07-30 20:45:26]
will042082 :
pretty sure I need these guys for auto:
[2018-07-30 20:45:30]
will042082 :
```autoIntercept("-[DJIWifiFrequencySetAutoSelectPack init]");
autoIntercept("-[DJIWifiFrequencySetAutoSelectPack requestBody]");
autoIntercept("-[DJIWifiFrequencySetAutoSelectPack setRequestBody:]");
autoIntercept("-[DJIWifiFrequencySetAutoSelectPack requestBodyLength]");```
[2018-07-30 20:45:50]
aciid :
oh yeah, that
[2018-07-30 20:45:55]
aciid :
i dont know how it looks like with custom enabled
[2018-07-30 20:46:02]
aciid :
is it not auto by default?
[2018-07-30 20:46:29]
will042082 :
no because u have to switch to custom in order to select 5.8, click a channel, then switch back to auto
[2018-07-30 20:48:09]
will042082 :
think i got it 1 sec
[2018-07-30 20:48:25]
will042082 :
well, the methods, i'll do a intercept and see
[2018-07-30 20:48:31]
will042082 :
then help me change the values
[2018-07-30 20:52:47]
will042082 :
-[DJISetWifiFrequencySupportPack init]
+[DJISetWifiFrequencySupportPack initPackWithFreqValue:]
-[DJISetWifiFrequencySupportPack setRequestBody:]
-[DJISetWifiFrequencySupportPack requestBody]
-[DJISetWifiFrequencySupportPack requestBodyLength]
-[DJIWifiFrequencySetAutoSelectPack init]
-[DJIWifiFrequencySetAutoSelectPack requestBody]
-[DJIWifiFrequencySetAutoSelectPack requestBodyLength]
-[DJIWifiFrequencySetAutoSelectPack setRequestBody:]
[2018-07-30 20:52:57]
will042082 :
pretty sure that's what I'm looking for right there
[2018-07-30 20:55:58]
will042082 :
i just need to learn/be shown how to manipulate the data, once i found it and have it
[2018-07-30 21:04:33]
aciid :
do you have Tweak.js? that has basic sets, but the example I gave you is probably better for casting
[2018-07-30 21:05:02]
aciid :
I don't know why you are getting hex addresses' there is a possibility to read memory from those regions
[2018-07-30 21:11:31]
will042082 :
found one
[2018-07-30 21:11:33]
will042082 :
-[DJIWifiLogic isInCEAera:]
[2018-07-30 21:11:37]
will042082 :
that's interesting
[2018-07-30 21:11:44]
will042082 :
also funny it's misspelled
[2018-07-30 21:12:08]
will042082 :
can you PM me the example?
[2018-07-30 21:16:15]
aciid :
thers ton of silly misspellings
[2018-07-30 21:16:22]
aciid :
like Distance -> Distace
[2018-07-30 21:28:37]
will042082 :
I’ve compiled a huge list from my traces. I know for sure I have the auto select stuff from my last intercept. There’s no way I don’t capture what I need on this next intercept. Heh. Is there a limit on how many :sunglasses:
[2018-07-30 21:30:35]
will042082 :
Then I need to figure out how to cram it in the scripts
[2018-07-30 21:31:40]
will042082 :
So through all this it does seem they literally reinvented the wheel for the air
[2018-07-30 22:07:54]
jezzab :
Your trying to find the flow and the simplest function to call and it's correct parameter to achieve your result
[2018-07-30 22:08:09]
jezzab :
Not replay your GUI movements
[2018-07-30 22:08:53]
jezzab :
So you want to auto set 5.8ghz on app start? or show the auto?
[2018-07-30 22:27:54]
jezzab :
`[DJIWM100WiFiSettingView isSupportAutoMode]` return true
[2018-07-30 22:28:34]
jezzab :
Same as @aciid said but his was KumquatX which is Mavic Pro. Yours all seem to route thru as a Spark for the Air (WM100)
[2018-07-30 22:29:22]
will042082 :
ya, basically on start I want it to switch to 5.8 then auto
[2018-07-30 22:29:38]
will042082 :
so I have to set 5.8, set auto, and reboot both
[2018-07-30 22:32:39]
will042082 :
I'm still missing the frequency/channel change I think along with the restart.
[2018-07-30 22:33:57]
will042082 :
```*** entered -[DJIWM100WiFiSettingView isSupportAutoMode]: ***
retval value: 0x1
*** exiting -[DJIWM100WiFiSettingView isSupportAutoMode]: ***```
[2018-07-30 22:37:19]
jezzab :
so you dont have a log from when you actually apply 5.8ghz and reboot?
[2018-07-30 22:41:21]
jezzab :
Ahh i see now
[2018-07-30 22:41:36]
jezzab :
This is what you posted ealier
[2018-07-30 22:41:38]
jezzab :
```retval type: DJIWifiFrequencySetAutoSelectPack DJIWifiFrequencySetAutoSelectPack
retval value: <DJIWifiFrequencySetAutoSelectPack: 0x1c82e0780>
*** exiting -[DJIWifiFrequencySetAutoSelectPack init] ***```
[2018-07-30 22:41:52]
jezzab :
this is the DUML sent to the wifi
[2018-07-30 22:41:54]
jezzab :
`0x1c82e0780`
[2018-07-30 22:42:17]
jezzab :
its usual DUML with LSB first, so its `80 07 2E C8 01`
[2018-07-30 22:43:27]
jezzab :
which means a response and its 07 cmd set (wifi) and its 2E cmd (SetWifiFreq5GMode) and the 01 is the bool/switch
[2018-07-30 22:54:06]
jezzab :
but it looks like its hard coded into the body
[2018-07-30 22:54:13]
jezzab :
```DJIWifiFrequencySetAutoSelectPack **__cdecl -[DJIWifiFrequencySetAutoSelectPack init](DJIWifiFrequencySetAutoSelectPack **self, SEL a2)
{
DJIWifiFrequencySetAutoSelectPack *result; // x0
DJIWifiFrequencySetAutoSelectPack *v3; // [xsp+0h] [xbp-10h]
__objc2_class *v4; // [xsp+8h] [xbp-8h]
v3 = self;
v4 = &OBJC_CLASS___DJIWifiFrequencySetAutoSelectPack;
result = objc_msgSendSuper2(&v3, "init", self, &OBJC_CLASS___DJIWifiFrequencySetAutoSelectPack);
if ( result )
{
*(&result->super.super._extHeader.receiver + 2) = 22;
BYTE3(result->super.super._body) = 1;
}
return result;
}```
[2018-07-30 22:54:18]
jezzab :
hmm
[2018-07-30 22:57:05]
will042082 :
-[DJIWifiUpgradeHandler deleteFirmwareInCameraFtp:]
[2018-07-30 22:57:56]
jezzab :
`+[DJIWifiFrequencySetAutoSelectPack packWithFreqMode:]`
[2018-07-30 22:57:59]
jezzab :
log that ^^ curious about the arg sent to it as it will default to `0` or the int its called with. what you would like to see is its called on startup with say nothing and then called again when you switch with one. You could then use this for your hook
[2018-07-30 23:12:05]
jezzab :
anyway, im outta time. have fun and goodluck
[2018-07-30 23:12:28]
will042082 :
sorry, thanks man. tinkering going through all these traces lol
[2018-07-30 23:12:36]
will042082 :
wish to god autoint accepted wildcards...
[2018-07-30 23:12:54]
will042082 :
gotta be an easier way for me to copy/paste all these damn methods etc
[2018-07-30 23:16:14]
jezzab :
all good. have a play and report back. dump some data here
[2018-07-30 23:17:11]
jezzab :
its kinda like a Rube Goldberg machine sometimes. You wanna trip one from another.
[2018-07-30 23:17:57]
jezzab :
but you cant just go and call the function, you need it to be called and intercept it.
[2018-07-30 23:18:09]
will042082 :
absolutely
[2018-07-30 23:18:17]
will042082 :
will report back
[2018-07-30 23:18:42]
will042082 :
intercepting like 80_+
[2018-07-30 23:18:51]
will042082 :
already have the auto/custom switch for frequency
[2018-07-30 23:19:02]
will042082 :
just need the actual setting of it and channel
[2018-07-31 00:22:56]
will042082 :
May have found it
[2018-07-31 00:54:03]
will042082 :
<DJIWifiCapabilityCheckModel: 0x1d02086b0>
[2018-07-31 00:54:13]
will042082 :
how do I read that value
[2018-07-31 09:23:01]
jezzab :
whats your logic in using that function?
[2018-07-31 10:09:31]
will042082 :
Truthfully it was just an example of the data types I see come across however it’s interesting to see that and several others come across prior to allowing any form of WiFi changes. I think I’ve captured enough to try and script the changes so hopefully today I can knock that out. The iffy part is if you capture everything required for the change. Granted you obviously know that lol
[2018-07-31 10:16:28]
jezzab :
thing is there isnt much needed
[2018-07-31 10:17:07]
jezzab :
you have a 5.8g set, and the auto set (which you might not even need if you do the 5.8g set)
[2018-07-31 10:17:27]
jezzab :
the actual function is above but i would log the one i suggested
[2018-07-31 10:17:38]
jezzab :
as i feel that could be th key you want
[2018-07-31 10:18:33]
jezzab :
hopefully its called some time before you chnage the freq and then called again when you change (with the flag changed to say a 1 or true) then your set.
[2018-07-31 10:19:25]
jezzab :
you will probably find it will reboot automatically to apply the 5.8
[2018-07-31 10:19:53]
jezzab :
this happens with the setting of FCC on Spark/MA RC when you send the DUML
[2018-07-31 10:20:17]
jezzab :
so the reboot they warn about is most likely just before the moment they send the packet (call the function)
[2018-07-31 10:27:58]
jezzab :
Keep at it mate :)
[2018-07-31 12:15:37]
will042082 :
Oh I am. Having some fun. Once this is tackled I’m going to figure out some other things.
[2018-07-31 12:20:38]
will042082 :
Sent you a DM also
[2018-07-31 15:34:09]
mathieu.peyrega :
shit, seems the iOS reversing is moving forward when secneo is killing all motivation on android side...
[2018-07-31 15:34:11]
mathieu.peyrega :
:slightly_smiling_face:
[2018-07-31 15:49:50]
aciid :
isn't the android app pretty complete?
[2018-07-31 16:08:50]
ender :
well bin4ry is occupied with real life as is diff it seems. afair they were the hope against secneo…
[2018-07-31 16:46:52]
mathieu.peyrega :
@aciid: android app is not hackable after 4.1.22 and therefore no support for Mavic Air and drones that came after (P4P V2, Mavic 2 ...)
[2018-07-31 18:07:13]
johnenglish5599 :
Can anyone tell me wot the Fridagadget.config file is and is it need in the tweek js
[2018-07-31 19:45:15]
will042082 :
Ive got the frequency/channel change and the auto/custom. Will work on writing the script and testing tonight. @jezzab it appears that 0x1 for packWithFreqMode triggers the init which then triggers several functions which run asynchronously setting everything. I’ll be able to start writing the script and testing tonight. I have the functions for the auto/custom switch also but I don’t think they’ll be needed. @aciid thanks for all your help brother.
[2018-07-31 19:46:36]
aciid :
yw, ill try to be of more help, i just dont have air and I live in eu so most of the things don't show up the same way to me its harder to trace and test.
[2018-07-31 19:51:37]
will042082 :
Could you help me with this next step. Say I have this snippet. ‘’’*** entered -[DJIWifiFrequencySetAutoSelectPack setRequestBody:] ***
arg 1 value: 0x1cc01ba40’’’. How do I convert that into something readable/understandable? So I can learn what is exactly being sent.
[2018-07-31 19:59:10]
aciid :
you need to study the method in IDA
[2018-07-31 22:12:19]
jezzab :
@will042082 did log the function I posted? `+[DJIWifiFrequencySetAutoSelectPack packWithFreqMode:]`
[2018-07-31 22:12:32]
jezzab :
this calls the one you are looking at
[2018-07-31 22:13:29]
will042082 :
I did. I had already traced it in part of my hunt. When I get back to the house I’ll post it.
[2018-07-31 22:21:49]
will042082 :
Less cleaned up than the one I was gonna post, but this is the entire frequency change, there’s another similar for auto/custom
[2018-07-31 22:22:02]
jezzab :
```Flow. Building DUML packet to send:
-[DJIWifiFrequencySetAutoSelectPack init] <-- Set Destination and True flag
-[DJIWifiFrequencySetAutoSelectPack requestBodyLength] <-- Set the payload packet size to 4 bytes
+[DJIWifiFrequencySetAutoSelectPack packWithFreqMode:] <-- if True build packet, if not make it build with False```
[2018-07-31 22:22:23]
will042082 :
‘’’entered +[DJIWifiFrequencySetAutoSelectPack packWithFreqMode:] ***
arg 1 value: 0x1
*** entered -[DJIWifiFrequencySetAutoSelectPack init] ***
retval type: DJIWifiFrequencySetAutoSelectPack DJIWifiFrequencySetAutoSelectPack
retval value: <DJIWifiFrequencySetAutoSelectPack: 0x1c40f4c00>
*** exiting -[DJIWifiFrequencySetAutoSelectPack init] ***
*** entered -[DJIWifiFrequencySetAutoSelectPack setRequestBody:] ***
arg 1 value: 0x1cc01ba40
retval type: DJIWifiFrequencySetAutoSelectPack DJIWifiFrequencySetAutoSelectPack
retval value: <DJIWifiFrequencySetAutoSelectPack: 0x1c40f4c00>
*** exiting -[DJIWifiFrequencySetAutoSelectPack setRequestBody:] ***
retval type: DJIWifiFrequencySetAutoSelectPack DJIWifiFrequencySetAutoSelectPack
retval value: <DJIWifiFrequencySetAutoSelectPack: 0x1c40f4c00>
*** exiting +[DJIWifiFrequencySetAutoSelectPack packWithFreqMode:] ***
‘’’
[2018-07-31 22:23:00]
jezzab :
```entered +[DJIWifiFrequencySetAutoSelectPack packWithFreqMode:] ***
arg 1 value: 0x1```
[2018-07-31 22:23:04]
jezzab :
see ^^
[2018-07-31 22:23:11]
will042082 :
What is flow?
[2018-07-31 22:23:18]
jezzab :
the flow of the operation dude
[2018-07-31 22:23:36]
jezzab :
thats the whole point of logging so you can narrow it down to a single function you can exploit
[2018-07-31 22:23:48]
will042082 :
Ya. 1 triggers the unit. Then u send the arguments
[2018-07-31 22:23:56]
will042082 :
Then another
[2018-07-31 22:24:06]
jezzab :
is this even called BEFORE you set it
```entered +[DJIWifiFrequencySetAutoSelectPack packWithFreqMode:] ***
arg 1 value: 0x1```
[2018-07-31 22:24:09]
jezzab :
?
[2018-07-31 22:24:22]
jezzab :
with an arg 1 value of 0???
[2018-07-31 22:24:29]
jezzab :
_crosses fingers_
[2018-07-31 22:25:16]
will042082 :
So I know on reboot I see this
[2018-07-31 22:25:24]
will042082 :
entered +[DJIWifiFrequencySetAutoSelectPack packWithFreqMode:] ***
arg 1 type: nil nil
arg 1 value: nil
[2018-07-31 22:25:37]
jezzab :
i thought that might be the case
[2018-07-31 22:26:00]
jezzab :
said all this yesterday lol
[2018-07-31 22:26:03]
will042082 :
But not 100% sure if it happens at initial launch
[2018-07-31 22:26:09]
jezzab :
thats yours hook
[2018-07-31 22:26:31]
jezzab :
make a hook, popup dialog and make sure you always pump in `1`
[2018-07-31 22:27:07]
jezzab :
I even sent the code snippet yesterday
[2018-07-31 22:27:08]
will042082 :
However there is a function that happens at launch I think I can have call that
[2018-07-31 22:27:32]
jezzab :
you can see it defaults to 0 if the param is nothing or the value thats passed to it
[2018-07-31 22:27:33]
aciid :
```
var _setCountry1 = ObjC.classes.DJICountryCodeProviderLogic["- setCountryCode:withSource:"];
Interceptor.attach(_setCountry1.implementation, {
onEnter: function(args) {
args[2] = ObjC.classes.NSString.stringWithString_('US');
}
});
`
```
[2018-07-31 22:27:35]
will042082 :
I have a trace of it. But not here on my phone driving
[2018-07-31 22:27:38]
aciid :
snippet for casting
[2018-07-31 22:28:00]
will042082 :
It’s the last piece of the WiFi boot up
[2018-07-31 22:28:17]
aciid :
casting is class based, each class needs to be inspected how class can be casted
[2018-07-31 22:28:37]
will042082 :
Figured once that finished I’d just have it trigger my script
[2018-07-31 22:28:42]
jezzab :
yes but it called @will042082 and then you will force it to be hit with a `1` ie enable 5.8g and it will auto reboot when it applies
[2018-07-31 22:29:41]
jezzab :
[2018-07-31 22:30:00]
will042082 :
Ya were saying the same thing I believe. But sending the one isn’t enough.
[2018-07-31 22:30:09]
will042082 :
U have to send the other
[2018-07-31 22:31:22]
will042082 :
U need the set request body too
[2018-07-31 22:32:07]
jezzab :
```id __cdecl +[DJIWifiFrequencySetAutoSelectPack packWithFreqMode:](DJIWifiFrequencySetAutoSelectPack_meta *self, SEL a2, int a3)
{
int v3; // w19
DJIWifiFrequencySetAutoSelectPack *v4; // x0
id v5; // x0
id v6; // x20
__int64 v7; // x1
__int64 v8; // x19
v3 = a3;
v4 = objc_msgSend(&OBJC_CLASS___DJIWifiFrequencySetAutoSelectPack, "alloc");
v5 = (objc_msgSend)(&v4->super.super, "initRequest");
v6 = v5;
if ( v5 )
{
*objc_msgSend(v5, "requestBody") = v3;
v8 = objc_retain(v6, v7);
}
else
{
v8 = 0LL;
}
objc_release(v6);
return objc_autoreleaseReturnValue(v8);
}```
[2018-07-31 22:32:20]
jezzab :
see this line in that function:
[2018-07-31 22:32:21]
jezzab :
`*objc_msgSend(v5, "requestBody") = v3;`
[2018-07-31 22:32:42]
jezzab :
that CALLS it
[2018-07-31 22:33:07]
will042082 :
[2018-07-31 22:34:40]
will042082 :
How did u get this code here? I’m missing knowledge on this exact step
[2018-07-31 22:35:06]
jezzab :
decompile the function in IDA
[2018-07-31 22:35:45]
will042082 :
Ok I’ve done that. Can u tell me where in the app to find? Only used it once
[2018-07-31 22:36:08]
jezzab :
Assuming you have the decompiler. Press F5
[2018-07-31 22:37:04]
will042082 :
I’ve got ida7.0 cracked so I assume so. Just havnt learned how to use it completely yet. I’m learning here lol
[2018-07-31 22:37:11]
jezzab :
You could do the same with the SupportPack
[2018-07-31 22:37:27]
jezzab :
its identical code flow (different functions)
[2018-07-31 22:37:44]
jezzab :
but is it called on App start?
[2018-07-31 22:38:06]
will042082 :
Ya I noticed that too. But it defaults to auto and doing it this way I won’t need to change it
[2018-07-31 22:40:44]
will042082 :
It’s not called until you try to change. But I have the trace of the app with the drone booting and going through all the WiFi setup and authorization. There’s a final function that runs when it’s finished loading all the config based on location, fcc, drone type etc. my thought was to simply add to that functions onLeave calling the setFreq
[2018-07-31 22:42:20]
will042082 :
Cuz that function happens every time
[2018-07-31 22:51:43]
jezzab :
you cant call it
[2018-07-31 22:51:51]
jezzab :
you have to intercept
[2018-07-31 22:54:43]
jezzab :
or something else that will call it with the right param/args and intercept that
[2018-07-31 22:54:49]
aciid :
I found an example of ios call
[2018-07-31 22:55:07]
aciid :
i havent tried it
[2018-07-31 22:55:20]
aciid :
<https://raw.githubusercontent.com/0xdea/frida-scripts/master/ios-snippets/raptor_frida_ios_call.js>
[2018-07-31 23:06:15]
aciid :
@sami.keskinen
[2018-07-31 23:06:17]
sami.keskinen :
@sami.keskinen has joined the channel
[2018-07-31 23:21:27]
will042082 :
isn't called at startup
[2018-07-31 23:21:30]
will042082 :
+[DJIWifiFrequencySetAutoSelectPack packWithFreqMode:]
[2018-07-31 23:21:56]
jezzab :
pity
[2018-07-31 23:22:10]
jezzab :
what about the other one? `+[DJISetWifiFrequencySupportPack initPackWithFreqValue:]`
[2018-07-31 23:22:18]
jezzab :
im guessing not
[2018-07-31 23:23:22]
will042082 :
nope
[2018-07-31 23:23:39]
will042082 :
it just does a stay alive type call checking for wifi stuff until the app connects
[2018-07-31 23:24:06]
will042082 :
*** entered -[DJIWifi init] ***
retval type: DJIWifi DJIWifi
retval value: <DJIWifi: 0x1d011ea80>
*** exiting -[DJIWifi init] ***
[2018-07-31 23:24:36]
will042082 :
once the app connects to the drone it goes through several functions checking compatibility etc
[2018-07-31 23:25:45]
will042082 :
i couldn't add something to the js for onLeave for this guy?
[2018-07-31 23:25:49]
will042082 :
```*** entered -[DJIWifiLogic capability] ***
retval type: DJIWifiCapabilityCheckModel DJIWifiCapabilityCheckModel
retval value: <DJIWifiCapabilityCheckModel: 0x1d4200450>
*** exiting -[DJIWifiLogic capability] ***```
[2018-07-31 23:25:59]
will042082 :
to call it?
[2018-08-03 20:20:26]
jcarlo :
Another dji go app update.
[2018-08-03 20:25:13]
rickw001 :
where
[2018-08-03 20:38:53]
rickw001 :
never mind,guess you mean stock
[2018-08-03 22:12:27]
jcarlo :
Yes. I’m probably the only guy who use a stock app
[2018-08-03 22:53:28]
739461411 :
It seems that version 0.2 does not apply to 4p 2.0.
[2018-08-03 22:53:44]
739461411 :
@ddzobov
[2018-08-05 03:22:47]
739461411 :
@aciid
[2018-08-05 11:36:11]
ddzobov :
What i need to see on your video?
1) Get latest version
2) Choose custom channel for 5.8G
[2018-08-05 11:37:02]
ddzobov :
@739461411 <https://github.com/ddzobov/dji-ios-frida-tweak>
[2018-08-05 11:40:45]
739461411 :
yes,it was the latest version.but the phantom 4p 2.0 can't open fcc.
[2018-08-05 11:41:12]
aciid :
totally different modem?
[2018-08-05 11:41:28]
aciid :
I'm not sure what is happening here, not familiar with Phantoms
[2018-08-05 13:46:14]
perdario1 :
is there already the ipa with the latest version of tweak already installed?
[2018-08-05 13:57:32]
chipmangini :
@perdario1 <http://dji.retroroms.info/howto/apple_ios_patched_dji_go4>
[2018-08-05 14:02:32]
perdario1 :
This is whitout nfz?
[2018-08-05 14:06:20]
d95gas :
Stops NFZ and Firmware update, but does not remove NFZ
[2018-08-05 20:12:30]
per :
heya, reading <http://dji.retroroms.info/howto/apple_ios_patched_dji_go4> - any mac-suggestion for Superimpactor?
[2018-08-06 20:27:59]
digdat0 :
hey guys, in IDA what processor type do i want? ARM?
[2018-08-06 20:28:31]
digdat0 :
trying to get into the ipa so i can decompile, it comes and wants me to pick somewhere to decompile, i can get .. stuff to show up, but ts no the o bjection c code some ofyou guys have shown
[2018-08-06 20:30:55]
digdat0 :
<https://i.imgur.com/QIqXIsu.png>
[2018-08-06 20:32:10]
digdat0 :
<https://i.imgur.com/ct7W4iD.png>
[2018-08-06 20:36:54]
digdat0 :
seems like some neat things to poke around in
[2018-08-06 20:36:54]
digdat0 :
<https://i.imgur.com/2tWWfut.png>
[2018-08-06 21:16:18]
jezzab :
Extract DJI Go 4 from the IPA @digdat0 and load that.
Use 64bit IDA
[2018-08-06 21:26:37]
digdat0 :
oh snap that looks a whoooole lot different
[2018-08-06 21:26:38]
digdat0 :
ty
[2018-08-06 21:29:53]
jezzab :
will take a fair while to do the analysis the first time. just make sure you save/pack the DB when it asked you when you quit IDA. then you can just get straight back into it next time
[2018-08-07 13:58:33]
ddzobov :
my friend tested - changing country code to US not enabling FCC but enabling 5.8
[2018-08-07 13:58:38]
ddzobov :
need more research
[2018-08-07 14:00:13]
ddzobov :
anyone can trace, what methods calling after 'DJIAppSettings', '- sdr_force_fcc'?
[2018-08-07 14:00:32]
ddzobov :
may be they similar to methods calling after country code changing??
[2018-08-07 14:03:00]
will042082 :
I’m still tinkering, but work is killing me. I can trace after lunch @ddzobov
[2018-08-07 14:03:41]
will042082 :
Cuz the force fcc, boost etc doesn’t work for me either but that’s cuz I have an air and I assume I need to find the different calls for it
[2018-08-07 14:04:32]
will042082 :
Right now I’m working on simply setting 5.8ghz Auto instead of 2.4ghz Auto at start up.
[2018-08-07 14:04:59]
will042082 :
Again thank you @aciid @jezzab and others while I’ve learned
[2018-08-07 15:20:37]
perdario1 :
How to remove nfz? Is it possible?
[2018-08-07 16:58:46]
rickw001 :
@ddzobov,what new treats are you working on? any progress?Thanks for your great work
[2018-08-07 19:06:45]
ddzobov :
at now i'm preparing for my wedding
[2018-08-07 19:08:15]
mathieu.peyrega :
you mean training to resist all the alcohol you'll have to drink and still look decent :slightly_smiling_face:
[2018-08-07 19:33:26]
ddzobov :
new dji go 4 released, anyone can rip it from app store?
[2018-08-07 19:33:48]
ddzobov :
rip and decrypt in JB device
[2018-08-07 20:07:10]
rickw001 :
Congrats,enjoy yourself
[2018-08-08 03:48:32]
ben_lin :
You guys are insane.
[2018-08-08 03:48:46]
ben_lin :
iOS app is now awesome
[2018-08-08 03:49:10]
ben_lin :
And you guys managed to make it noob-friendly
[2018-08-08 03:49:20]
ben_lin :
1000000 Thanks to whoever did it
[2018-08-08 03:50:44]
ben_lin :
@ddzobov
[2018-08-08 03:51:05]
ben_lin :
I got a JB iPhone X running 11.3.1
[2018-08-08 03:51:13]
ben_lin :
Should be able to help
[2018-08-08 03:51:23]
ben_lin :
Need some instructions tho
[2018-08-08 04:57:57]
ddzobov :
<https://github.com/BishopFox/bfdecrypt>
[2018-08-08 06:48:53]
per :
no-one can suggest a better app than Cydiaimpactor / Superimpactor? Cydiaimpactor is just too buggy for me anyway…
[2018-08-08 06:48:58]
per :
and yeah I’m on mac
[2018-08-08 08:27:52]
aciid :
it works as it should I think, just drag and drop the file?
[2018-08-08 08:27:58]
aciid :
how buggy can it be
[2018-08-08 10:38:17]
per :
..and it’s supposed to give me 7 days certified?
[2018-08-08 10:41:10]
cs2000 :
Cydiaimpactor is yet
[2018-08-08 13:23:32]
cs2000 :
Anyone here that missed the iOS 11.3.1 signing window and so arent jailbroken, iOS10 is now vulnerable too between 10.0 and 10.3.3. <https://meridian.sparkes.zone/>
[2018-08-08 14:05:23]
aciid :
lololololololol
[2018-08-09 22:29:05]
will042082 :
WOOHOO!
[2018-08-09 22:29:21]
will042082 :
i finally fucking did it, well, finally got back around to getting at it
[2018-08-09 22:30:19]
will042082 :
No matter what channel or mode, I can set it to 5.8ghz Ch165 and in auto mode
[2018-08-09 22:30:56]
will042082 :
now to just get it to set those values at load, and one thing I notice, the UI doesn't show the change, until I background/resume
[2018-08-10 00:03:35]
aciid :
@will042082 congratz it took a while , but it was a great leraning experience wasnt it?
[2018-08-10 00:04:10]
will042082 :
Yep. And figured out a lot. Right now I’m working on setting up a call
[2018-08-10 00:04:24]
aciid :
you don't need the UI , you can create function in the code and call it on load like it does when it calls interactive() in the bottom .
[2018-08-10 00:04:31]
will042082 :
As I can intercept them, but the functions aren’t natively called on startup
[2018-08-10 00:05:04]
will042082 :
So I’m playing with how to call them and set the values now
[2018-08-10 00:05:52]
will042082 :
All ears if you have an example. Right now I’m trying the raptor_ios_call.js script
[2018-08-10 00:06:30]
aciid :
once you get familiar with autogenerated handlers, in _handler_ folder which come from frida-trace.
you can start implementing "modified functions" so that you have for example, the first action that comes after the drone has connected (fly button changes to blue color) like "connection ready" style function i dont know the name
try to find this method and it's handler file from th folder
in this file you add your code, this is then autoran after that funciton. and not in load
[2018-08-10 00:07:09]
will042082 :
Learning process. While I’ve been at it. I figured out how to fix the terms and it looks like FW updates too for me
[2018-08-10 00:07:27]
will042082 :
What I’m doing right now would work for that. That’s a good idea
[2018-08-10 00:07:42]
aciid :
current tweak.js is doing things wrong when it's not properly assessing dji go's state on where it should call interactive mode, this is why I just modified the settings in tweakjs first rows, to my liking. boost: false, fcc: true .... then just skip the dialogs and it sets them always on
[2018-08-10 00:08:20]
aciid :
you should be able to find he handler file and copypaste append it to tweak.js
it looks something like
attach.interceptor ( longass clsasname long ass method name )))
on.attach
callingSet5ghz (true)
on.leave
[2018-08-10 00:08:43]
aciid :
there you just add your "go into 5.8ghz" and it doesn't modify the code it originally has
[2018-08-10 00:08:45]
aciid :
it just adds to that
[2018-08-10 00:10:12]
will042082 :
thx
[2018-08-10 00:12:21]
will042082 :
so dumb question. In my intercept, I'm setting the arg value in OnEnter like this: args[2] = ptr("0x1");
[2018-08-10 00:13:14]
will042082 :
in this script im trying to use it sets a var for it like this var arg2_1 = ObjC.classes.NSString.stringWithString_("0x1");
[2018-08-10 00:14:09]
will042082 :
doing it that way does that include my pointer? or do I need to do ar arg2_1 = ObjC.classes.NSString.stringWithString_("ptr("0x1")");
[2018-08-10 03:49:42]
ddzobov :
0x1 already pointer
[2018-08-10 03:50:15]
ddzobov :
If you need new string and return pointer - see example in country change sectiob
[2018-08-10 03:50:20]
ddzobov :
Section*
[2018-08-10 04:38:44]
will042082 :
@ddzobov I need to call a function from another. I can’t intercept it as it is not called on load. Is your example above doing that?
[2018-08-10 06:39:06]
ddzobov :
You dont need to intercept it. See tweak js for examples
[2018-08-10 12:35:34]
will042082 :
so looking at your tweak.js and the country change
[2018-08-10 12:35:39]
will042082 :
my target:
[2018-08-10 12:35:42]
will042082 :
+[DJIWifiSDRFrequencySetPack packWithFrequency:channel:]
[2018-08-10 12:36:20]
will042082 :
intercepting and setting the arg values in onEnter to:
args[2] = ptr("0x1");
args[3] = ptr("0xa5");
[2018-08-10 12:36:53]
will042082 :
that works
[2018-08-10 12:37:09]
will042082 :
looking at the tweak.js example i've created:
[2018-08-10 12:37:40]
will042082 :
``` /* Change country code to US */
modify_arguments('DJICountryCodeProviderLogic', '- setCountryCode:withSource:', function(args){
args[2] = ptr(ObjC.classes.NSString.stringWithString_('US'));
}, function(){ return config.country_code_us; });
/* Set 5.8ghz Auto*/
modify_arguments('DJIWifiSDRFrequencySetPack', '+ packWithFrequency:channel:', function(args){
args[2] = ptr(ObjC.classes.NSString.stringWithString_('0x1'));
args[3] = ptr(ObjC.classes.NSString.stringWithString_('0xa5'));
}, function(){ return config.auto_58; });```
[2018-08-10 12:38:18]
will042082 :
I've removed the original tweak.js and I'm running my version in debug
[2018-08-10 12:39:21]
will042082 :
log
[2018-08-10 12:39:27]
will042082 :
[2018-08-10 12:40:58]
will042082 :
when the config hits and I select 5.8 = true it logs as though it happens, but I don't see the change
[2018-08-10 12:41:51]
will042082 :
when I actually attempt to change via the UI I crash due to an invalid argument seen in the pic which is var result = old_implementation.apply(null, args);
[2018-08-10 12:46:33]
will042082 :
even setting it to true in the config, it's never actually hit
[2018-08-10 12:48:25]
jezzab :
umm could be wrong and havent read the rest but your sending 2 bytes as strings?
[2018-08-10 12:49:02]
will042082 :
valid point
[2018-08-10 12:49:33]
will042082 :
i don't need to change it, so would I just have the ObjC.classes
[2018-08-10 12:49:40]
will042082 :
removing the nssstring.str.......
[2018-08-10 12:52:01]
will042082 :
nope, that don't work, didn't think it would
[2018-08-10 13:03:12]
will042082 :
well since i have string I can just use 1 and 165 instead
[2018-08-10 13:03:20]
will042082 :
still not working though
[2018-08-10 13:03:45]
will042082 :
so close, least my intercept works, just this piece trying to set it without intercepting
[2018-08-10 14:28:08]
will042082 :
think I know my problem, but still unclear how to fix it. talking out loud here and can't figure this out at the moment.
[2018-08-10 14:28:12]
will042082 :
```Error: access violation accessing 0x0
at repl1.js:85```
[2018-08-10 14:28:33]
will042082 :
which is
var result = old_implementation.apply(NULL, args);
[2018-08-10 14:29:27]
will042082 :
I figured that would be SEL or SELF but I'm guessing having NULL there simply carries the previous value. but for the life of me i can't figure out why I'm getting my errro
[2018-08-10 23:49:02]
will042082 :
@aciid really wish this would of clicked when I read that earlier today...
[2018-08-11 18:34:55]
aciid :
@sami.keskinen
[2018-08-11 18:58:27]
will042082 :
the problem is NULL
[2018-08-11 19:09:16]
will042082 :
trying to understand it, but in Tweak.js
[2018-08-11 19:09:20]
will042082 :
```getViewController().presentViewController_animated_completion_(alert, true, NULL);```
[2018-08-11 19:09:51]
will042082 :
and in the modify_implementation
[2018-08-11 19:10:05]
will042082 :
```var result = old_implementation.apply(null, args);```
[2018-08-11 19:10:16]
will042082 :
from reading, NSString doesn't like NULL
[2018-08-11 19:10:21]
will042082 :
and causes a crash
[2018-08-11 19:10:41]
will042082 :
so I'm trying to understand what they're talking about to fix that
[2018-08-11 19:11:31]
will042082 :
I'm also questioning why the flow is taking me through the function modify_implementation instead of the function modify_arguments
[2018-08-11 19:12:11]
will042082 :
as my code clear shows i'm using the modify_arguments function
[2018-08-11 19:12:14]
will042082 :
```modify_arguments('DJIWifiSDRFrequencySetPack', '+ packWithFrequency:channel:', function(args){
//args[1] = ObjC.Object;
args[1] = ObjC.Object.NSNull;
args[2] = "0x1";
args[3] = "0xa5";
}, function(){ return config.auto_58; });
```
[2018-08-11 19:12:36]
will042082 :
ignore the args, that's after way too many hours of trying shit to get it to work
[2018-08-12 06:14:57]
will042082 :
did you guys know there's no less than a billion fucking methods for NSString... Jesus Christ
[2018-08-15 00:52:04]
will042082 :
Ok. I’m convinced that Tweak.js is broken in the modify_implementation function. Specifically the slicing piece. When I use the modify_argument, it steps into m_i, when I pass my values I get an error for invalid argument on the line in m_i:
```var result = old_implementation.apply(null, args);```
I have thrown so much time trying to figure it out and trying to work within the context of the framework he has built. I can intercept my values and place the args in the onEnter function of the call so it always sets them however that requires me to do the functionality anyways in order to intercept it. I’ve read and read and read and I KNOW it’s possible to call a function within an arbitrary function but I can’t find something comprehensive enough to understand. Someone please help me.
[2018-08-15 19:36:59]
ddzobov :
you try to modify all args?
[2018-08-15 19:37:10]
ddzobov :
try to modify only single argument
[2018-08-15 19:37:20]
ddzobov :
like
[2018-08-15 19:38:13]
ddzobov :
```
modify_arguments('DJIWifiSDRFrequencySetPack', '+ packWithFrequency:channel:', function(args){
args[2] = "0x1";
args[3] = "0xa5";
// or this variant
//args[2] = ptr("0x1");
//args[3] = ptr("0xa5");
}, function(){ return config.auto_58; });
```
[2018-08-15 19:43:46]
ddzobov :
@will042082 ping
[2018-08-15 19:46:01]
will042082 :
Almost home. Going to retry that above. I’m positive I’ve tried both of those through testing and the code crashes due to an invalid argument.
[2018-08-15 19:47:40]
ddzobov :
you dont need to modify args[0] and args[1]
[2018-08-15 19:47:51]
ddzobov :
you can try to use pointers like hexadecimal in js
[2018-08-15 19:48:13]
ddzobov :
```
args[2] = 0x1;
args[3] = 0xa5;
```
[2018-08-15 19:48:24]
ddzobov :
i think this will work
[2018-08-15 19:50:04]
will042082 :
loading up now
[2018-08-15 19:50:26]
ddzobov :
try these 3 variants
[2018-08-15 19:50:49]
ddzobov :
i can not now debug this because i'm very busy and i haven't drone with 5.8
[2018-08-15 19:51:10]
will042082 :
will do, super easy to test
[2018-08-15 19:58:54]
will042082 :
TEST 1:
``` modify_arguments('DJIWifiSDRFrequencySetPack', '+ packWithFrequency:channel:', function(args){
args[2] = "0x1";
args[3] = "0xa5";
}, function(){ return config.auto_58; });```
[2018-08-15 19:59:09]
will042082 :
```Error: invalid argument value
at repl1.js:83
Process terminated```
[2018-08-15 19:59:22]
will042082 :
which is : var result = old_implementation.apply(null, args);
[2018-08-15 20:02:42]
will042082 :
mother fucker
[2018-08-15 20:02:51]
will042082 :
``` modify_arguments('DJIWifiSDRFrequencySetPack', '+ packWithFrequency:channel:', function(args){
args[2] = 0x1;
args[3] = 0xa5;
}, function(){ return config.auto_58; });```
[2018-08-15 20:02:53]
will042082 :
works
[2018-08-15 20:02:55]
will042082 :
HOWEVER
[2018-08-15 20:03:41]
will042082 :
I never see the console log of "[*] Modified DJIUpgradeNotifyViewModel[- notifyHidden] value from 0 to 1" for the change of it
[2018-08-15 20:04:05]
will042082 :
obviously replace the words above with my DJIWifiSDRFrequencySetPack blah blah
[2018-08-15 20:04:39]
will042082 :
but past that, the UI doesn't refresh and show that it's on 5.8ghz unless I background/resume the app
[2018-08-15 20:05:19]
will042082 :
so now my biggest question is how can I make this call, without having to intercept it?
[2018-08-15 20:13:55]
will042082 :
something else I noticed was when playing with null, from the line: var result = old_implementation.apply(null, args);
[2018-08-15 20:14:49]
will042082 :
depending on the functions strict/non-strict null had different impacts, and I was able to get or see the illegal channels trigger when backgrounding/resuming my app
[2018-08-15 20:15:09]
will042082 :
only the appsettings portion though, never the radio logic
[2018-08-15 20:16:24]
will042082 :
so I'm curious if there's a way to change that to handle both strict/non-strict
[2018-08-15 20:16:44]
will042082 :
you guys are smarter than me, but I'm learning here. Got that info from here: <https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function/apply>
[2018-08-15 20:17:25]
will042082 :
I think some functions are strict, and some aren't which is causing some of the changes to work and some to fail
[2018-08-16 10:51:51]
ddzobov :
jsobject
//
var AFSecurityPolicy = ObjC.classes.AFSecurityPolicy;
var setSSLPinningMode = AFSecurityPolicy['- setSSLPinningMode:'];
var setSSLPinningModeImpl = setSSLPinningMode.implementation;
setSSLPinningMode.implementation = ObjC.implement(setSSLPinningMode, function (handle, selector, originalResult) {
setSSLPinningModeImpl(handle, selector, 0);
if ( originalResult != 0 ) {
if ( 00 == 0 || AFSecurityPolicysetSSLPinningModeSeenReplace == 0 ) {
console.log("[*] SSL Pinning BYPASSED");
AFSecurityPolicysetSSLPinningModeSeenReplace = 1;
}
} else {
if ( 00 == 0 || AFSecurityPolicysetSSLPinningModeSeenHit == 0 ) {
console.log(" [*] SSL Pinning not used this time");
AFSecurityPolicysetSSLPinningModeSeenHit = 1;
}
}
});
[2018-08-16 10:52:15]
ddzobov :
This example from <https://dji.retroroms.info/howto/fridahooklibrary>
[2018-08-16 10:52:41]
ddzobov :
Try to use it for your tests
[2018-08-16 10:55:48]
ddzobov :
<https://www.frida.re/docs/javascript-api/#objc>
[2018-08-16 10:55:57]
ddzobov :
Javascript api objc
[2018-08-16 10:56:06]
ddzobov :
See examples for objc.implement
[2018-08-16 14:35:07]
will042082 :
I've looked over the PrettyWoman stuff and had asked if you were using similar. I'm placing the pinning stuff in Tweak.js now and playing around.
[2018-08-19 09:12:56]
per :
copying signed .ipa via Xcode to my iPhone. suddenly the error “There was an internal API error” is approaching me, no matter what choices I’m doing.. anyone knows why this keeps popping up for me?
[2018-08-21 20:25:00]
andrwho25 :
Where to find the NLD iOS builds ?
[2018-08-21 21:44:32]
chipmangini :
@andrwho25 <http://dji.retroroms.info/howto/apple_ios_patched_dji_go4>
[2018-08-23 16:12:12]
kilrah :
<https://www.dropbox.com/s/of3wzs7vn8tr0sx/DJI%20GO%204%204.3.0%20%28decrypted%29.ipa?dl=1>
[2018-08-24 02:01:40]
andrwho25 :
Ohhj what's this ?!
[2018-08-24 02:06:23]
jezzab :
Go4 4.3.0 decrypted IPA
[2018-08-24 02:11:16]
ben_lin :
So am iOS is the future…
[2018-08-24 02:11:38]
ben_lin :
Before @diff can release the highly anticipated nosecneo
[2018-08-24 02:11:45]
diff :
@diff has joined the channel
[2018-08-24 06:47:45]
ddzobov :
now i'm patching with frida 4.3.0
[2018-08-24 06:49:31]
ddzobov :
needquote = (" " in arg) or ("\t" in arg) or not arg
TypeError: argument of type 'NoneType' is not iterable
[2018-08-24 06:49:35]
ddzobov :
i got error
[2018-08-24 06:49:41]
d95gas :
Ooohhhhh Nice Danii ..... Did you get any further with the "No Sign in Options" at all?
[2018-08-24 06:54:05]
ddzobov :
?
[2018-08-24 06:57:06]
d95gas :
Sorry thought you were doing more work on your patching in order to get No sign in on the GO app like we have on Android
[2018-08-24 07:07:04]
ddzobov :
<https://yadi.sk/d/wzelURAL3aWtkR>
[2018-08-24 08:03:46]
vasek_r :
Thanks @ddzobov seems this version 4.4.3.0 should handle the Mavic 2 too. Any info about it? Thanks
[2018-08-24 08:47:15]
saleem941 :
well after installing this version seems to me its not modded , i cant see the 32ch and the range i got very low..!
[2018-08-24 09:06:36]
kilrah :
yep that's the whole point for it
[2018-08-24 09:09:45]
jezzab :
There are many references to WM240 in the IPA.
[2018-08-24 09:10:15]
jezzab :
Think you will find the MA and MP2 very much the same..... :(
[2018-08-24 09:11:30]
kilrah :
:confused:
[2018-08-24 09:12:35]
jezzab :
They point to the Eagle (Mavic Air) functions. So yeah. Not good
[2018-08-24 22:34:33]
perdario1 :
sorry, I was absent because on vacation. I installed the latest version put by @ddzobov but I do not see the mod ... someone can give me the link of the .ipa file with the mod?
[2018-08-24 22:40:33]
chipmangini :
@perdario1 <https://dji-rev.slack.com/messages/C6KG1UDRS/>
[2018-08-24 22:43:55]
perdario1 :
@chipmangini the link open this page...
[2018-08-24 22:46:59]
perdario1 :
@chipmangini i need the file .ipa i install the app directly from my device jailbroken...
[2018-08-24 22:47:42]
chipmangini :
@perdario1 <http://dji.retroroms.info/howto/apple_ios_patched_dji_go4>
[2018-08-24 22:48:57]
perdario1 :
ok i try from this link..:heart:
[2018-08-24 22:49:38]
chipmangini :
:+1:
[2018-08-24 23:02:36]
perdario1 :
Perfect!!! Installed in my new iphone 8 plus!!! :grin::grin::grin: @chipmangini txs
[2018-08-24 23:09:47]
chipmangini :
:+1:
[2018-08-25 03:09:18]
andrwho25 :
What can one do with the 4.3.0 decrypted release ?
[2018-08-25 06:41:11]
kilrah :
@ddzobov version doesn't pop up anything, tweaks probably need recoding for new version...
[2018-08-25 06:43:07]
jezzab :
Did you add the `Tweaks.js` to the docs directory? Not sure if hes embedded it or just the Frida gadget @kilrah
[2018-08-25 06:43:36]
jezzab :
I took a quick look at the IPA stock code and i cant see why any of them wouldnt work
[2018-08-25 06:43:48]
jezzab :
Even the force boost stuff is still in the code
[2018-08-25 06:44:02]
soddy :
Need to add Tweaks.js manually
[2018-08-25 06:44:47]
kilrah :
aaah
[2018-08-25 06:44:54]
kilrah :
no didn't add the file
[2018-08-25 06:45:11]
kilrah :
previousl tweaked version i had had it in directly
[2018-08-25 06:45:12]
jezzab :
maybe just check the Frameworks dir in the ipa
[2018-08-25 06:45:20]
jezzab :
will know if its embedded or not
[2018-08-25 06:45:41]
jezzab :
I havent looked. Only at the stock ipa you uploaded
[2018-08-25 06:47:11]
kilrah :
yup that's it
[2018-08-25 06:48:00]
jezzab :
Thats good though, means it will always up to date.
[2018-08-25 06:59:02]
soddy :
I didn't install the previous version, no pop up without adding Tweaks.js!
[2018-08-25 07:00:57]
jezzab :
Is better. It makes people used to downloading the Tweaks.js, so if there a problem or newer features added they just grab the file (and already know where to get it)
[2018-08-25 07:01:01]
kilrah :
hmm when adding the one from the repo, or copying over the one from the old app i also have nothing
[2018-08-25 07:01:13]
jezzab :
hmm
[2018-08-25 07:01:24]
kilrah :
lemme try to include it in...
[2018-08-25 07:01:36]
kilrah :
could be that i ran the app without first
[2018-08-25 07:01:49]
kilrah :
going to remove and reinstall
[2018-08-25 07:02:44]
kilrah :
i haven't signed the app though since i'm jailbroken
[2018-08-25 07:02:57]
kilrah :
will try "by the book" if still doesn't work
[2018-08-25 07:13:32]
ddzobov :
Tweak js not embedded
[2018-08-25 07:13:43]
ddzobov :
After upload you will see menu
[2018-08-25 07:14:57]
kilrah :
yep when doing "by the book" it's ok
[2018-08-25 07:23:16]
jezzab :
Maybe its because the gadget is set to code signing
[2018-08-25 07:23:37]
jezzab :
Ive never tried frida on a JB device
[2018-08-25 22:16:37]
andrwho25 :
replaced my stock go app with this one <http://dji.retroroms.info/howto/apple_ios_patched_dji_go4> but I don't get the popup? (confirmed that tweaks.js is in `/frameworks/`
[2018-08-26 11:46:07]
rickw001 :
did you load jar ida file also?
[2018-08-26 11:48:31]
rickw001 :
sorry,just saw he embedded and don't have to
[2018-08-26 19:00:18]
andrwho25 :
weird, it goes into an `unable to install dji go` `please try again later` staate
[2018-08-26 19:00:25]
andrwho25 :
am i missing something trivial
[2018-08-26 19:01:17]
andrwho25 :
oh, do i have to install it with superimpactor?
[2018-08-26 19:19:25]
kilrah :
there's a reason there's a whole page of instructions, it's so you follow them...
[2018-08-26 19:45:13]
andrwho25 :
Sorry. World has trained me with instant gratification :(
[2018-08-26 22:44:04]
freddyk_1234 :
I have 4.3.0 Frida and tweak.js v.21 working nicely on P4P and IPad mini with 32 ch and fcc enabled. Above is tweak.js .22. Wiki/GitHub links to .21 only. Is .22 avbl? What is difference? Tks.
[2018-08-27 01:24:20]
andrwho25 :
.net
[2018-08-27 09:37:59]
ddzobov :
no released yet
[2018-08-27 09:38:06]
ddzobov :
v21 latest public
[2018-08-27 12:21:41]
sclark6389 :
hi
[2018-08-27 12:22:11]
sclark6389 :
I am looking for decrypted IPA :slightly_smiling_face:
[2018-08-27 12:22:38]
sclark6389 :
go app 4 ones :slightly_smiling_face:
[2018-08-27 12:22:50]
kilrah :
read up a bit in the history...
[2018-08-27 12:23:59]
sclark6389 :
ohhh ok I was wondering what ya meant :slightly_smiling_face: thanks
[2018-08-27 12:31:28]
sclark6389 :
hummm are you referring to the decrypted app or a link to download ipa files that are alreay decrypted :slightly_smiling_face:
[2018-08-27 12:31:56]
sclark6389 :
I meant already decryted
[2018-08-27 12:32:07]
kilrah :
there's a link to the latest decrypted app about 2 pages up
[2018-08-27 12:33:20]
sclark6389 :
you mean latest as in the newest version of go app 4?
[2018-08-27 12:34:17]
kilrah :
yes...
[2018-08-27 12:34:40]
sclark6389 :
ahh ok any links for older version?
[2018-08-27 12:40:15]
kilrah :
either further up in history
[2018-08-27 12:40:28]
kilrah :
or as someone directed you, on the wiki
[2018-08-27 12:40:44]
kilrah :
<http://dji.retroroms.info/howto/firmware>
[2018-08-27 12:41:00]
sclark6389 :
ok and how many days does the history go back too?
[2018-08-27 12:41:36]
kilrah :
depends on activity
[2018-08-27 12:44:04]
sclark6389 :
ok and that link you posted is firmware not ipa's unless I missed something?
[2018-08-27 12:45:18]
sclark6389 :
never mind I see :slightly_smiling_face: thanks
[2018-08-27 15:53:59]
sclark6389 :
hi
[2018-08-27 20:26:12]
sclark6389 :
I am going to leave a msg here :slightly_smiling_face: what zip program is a better one to repack files into a ipa? thanks I am on a windows machine just a fyi :slightly_smiling_face:
[2018-08-27 21:10:00]
freddyk_1234 :
Ok. Tks.
[2018-08-27 23:33:41]
diff :
any zip program will work
[2018-08-27 23:43:51]
sclark6389 :
hummm that's what I thought to I will re-install zip program
[2018-08-27 23:44:30]
sclark6389 :
do you know a lot about insert_dylib?
[2018-08-28 04:56:29]
ddzobov :
This things described in HowToHack
[2018-08-28 04:56:56]
ddzobov :
Fresh ipa already prepared by me for tweaking
[2018-08-28 17:14:19]
diff :
`insert_dylib` just adds a new load command
[2018-08-28 17:14:24]
diff :
which points to a dylib you want
[2018-08-28 17:14:32]
diff :
but it will remove the code signing blob in the binary
[2018-08-28 18:41:46]
saleem941 :
do we have ETA for desktop modded ipa 4.3.0?
[2018-08-28 19:13:24]
johnenglish5599 :
I believe it’s already out look above just add tweak js file in iTunes
[2018-08-28 19:33:33]
w4t3r :
I installed the app with my jb btw, works amazingly, thank you!
[2018-08-28 23:55:00]
rickw001 :
can anyone get me 4.3.0 ,been trying to login on Yandex for 30 mins,lol
[2018-08-29 00:31:16]
rickw001 :
found the other d/l above
[2018-08-29 04:00:40]
saleem941 :
i mean the version that i can install from pc .. my device is JB
[2018-08-29 04:17:28]
saleem941 :
ok thanks:grin:
[2018-08-29 06:20:30]
sclark6389 :
danill Zobov - were you talking to me? if so yes I did read that but I need more info I want to do it to older go ap4 version because some of the older version run better on the older iPhone,ipad,etc :slightly_smiling_face:
[2018-08-29 07:07:40]
kilrah :
it's all on the wiki
[2018-08-29 07:09:48]
johnenglish5599 :
@ddzobov do you mind if I share frida 4.3.0 ipa thank you
[2018-08-29 07:13:16]
jezzab :
Should get @cs2000 to throw it on DankDroneDownloader !ddd and then link to @ddzobovs repo for the `Tweak.js`
[2018-08-29 07:13:51]
jezzab :
Then again, there will be a new version out every other day
[2018-08-29 08:39:43]
cs2000 :
@jezzab, @ddzobov's old IPA is already on the DDD server, obviously you also need his tweak.js file too. new one has its Yandex download limit exceeded so cant get the new one.
[2018-08-29 08:40:13]
czokie :
@cs2000 - I have the new one if you want me to put it somewhere for you to fetch…
[2018-08-29 08:40:26]
cs2000 :
Yeah, anywhere thats good for you :slightly_smiling_face:
[2018-08-29 08:40:51]
cs2000 :
Mega or something, i dont really mind :slightly_smiling_face:
[2018-08-29 08:40:57]
czokie :
Just have to remember where I put it.
[2018-08-29 08:41:03]
czokie :
I’ll throw it on the wiki temporarily
[2018-08-29 08:41:10]
cs2000 :
cool :slightly_smiling_face:
[2018-08-29 08:41:18]
jezzab :
Doesnt DDD have an uploader now :thinking_face:
[2018-08-29 08:41:26]
cs2000 :
It does :wink:
[2018-08-29 08:41:36]
cs2000 :
could use that @czokie whatever you want tbh :slightly_smiling_face:
[2018-08-29 08:41:40]
czokie :
I’m a MAC user :slightly_smiling_face:
[2018-08-29 08:41:45]
jezzab :
it runs in Mono
[2018-08-29 08:41:50]
jezzab :
(apparently)
[2018-08-29 08:42:01]
czokie :
Well - let me find the damm thing first
[2018-08-29 08:42:35]
jezzab :
And isnt it a php @cs2000 just throw him the web link lol
[2018-08-29 08:43:01]
cs2000 :
<http://dankdronedownloader.co.uk/upload_parser>
[2018-08-29 08:44:14]
czokie :
Wont let me select that file - assume you’re restricting extensions
[2018-08-29 08:44:27]
cs2000 :
Yeah i am, just rename it to bin
[2018-08-29 08:44:29]
cs2000 :
or tar
[2018-08-29 08:44:34]
cs2000 :
and il figure it out :slightly_smiling_face:
[2018-08-29 08:44:48]
czokie :
Will do - but would be good to allow ipa as well :slightly_smiling_face:
[2018-08-29 08:44:53]
jezzab :
`;sudo reboot;file.bin`
[2018-08-29 08:44:58]
jezzab :
just name it that
[2018-08-29 08:45:05]
jezzab :
:stuck_out_tongue:
[2018-08-29 08:45:28]
cs2000 :
haha, try it, i dare ya! From reading the source code this morning, the server will be safe :wink:
[2018-08-29 08:45:40]
jezzab :
pffft ruin all my fun
[2018-08-29 08:45:43]
cs2000 :
_shrug_ plus its not my server so...
[2018-08-29 08:45:49]
cs2000 :
lol
[2018-08-29 08:45:54]
czokie :
Inbound - It’ll be there tomorrow (TELSTRA)
[2018-08-29 08:45:59]
jezzab :
lmao
[2018-08-29 08:46:18]
czokie :
Back to VOIP configuration. Task I’ve been putting off for too long
[2018-08-29 09:20:21]
czokie :
About 50% complete
[2018-08-29 09:20:29]
czokie :
(upload - not voip stuff)
[2018-08-29 09:24:36]
cs2000 :
damn, your internet is S L O W ! lol
[2018-08-29 09:25:33]
jezzab :
Just burn it to CD and mail it
[2018-08-29 09:38:19]
jan2642 :
“Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway.”
_Andrew S. Tanenbaum — Computer Networks, 3rd ed., p. 83. (paraphrasing Dr. Warren Jackson, Director, University of Toronto Computing Services (UTCS) circa 1985)_
[2018-08-29 09:40:04]
czokie :
Hmm. Tanenbaum. Bringing back memories…
[2018-08-29 09:41:08]
czokie :
Gary S. Stafford - He was my operating systems lecturer at Uni…
[2018-08-29 09:41:52]
czokie :
I still remember him being a “program counter / message bus” walking around the lecture theatre, with students fulfilling different functions - “Lets go talk to the IO bus to send a command to the printer”
[2018-08-29 09:42:37]
czokie :
I also remember one other time “I have cut down on coffee this semester. Only one cup per lecture”. He reaches under the lecturn and brings out a massive coffee cup complete with lead to keep it warm for the 3 hour lecture
[2018-08-29 09:49:52]
czokie :
Upload appears to have finished. No error, and progress bar gone
[2018-08-29 10:23:20]
kilrah :
<https://aws.amazon.com/snowmobile/?nc1=h_ls>
[2018-08-29 10:27:09]
cs2000 :
i bet that costs a few $'s
[2018-08-29 10:38:12]
freddyk_1234 :
@cs2000 4.3.0 frida for DDD or anyone else who wants it <https://we.tl/t-tom73fmUwg>
[2018-08-29 10:43:39]
cs2000 :
<http://polybotes.feralhosting.com/dji/Go4_Frida/>
[2018-08-29 10:43:57]
cs2000 :
Still needs the .js file from @ddzobov but the files are here now :slightly_smiling_face:
[2018-08-29 10:48:02]
cs2000 :
@czokie just a heads up (for the wiki) Im removing the .torrent files for the ios IPA files, il now just be offering the IPA's directly from the same folder the torrents are currently in. Dont know if the wiki script needs updating to reflect that new file type being in the directory?
[2018-08-29 10:58:26]
cs2000 :
Or i may offer both, I dont know what to do!
[2018-08-29 11:21:50]
czokie :
Finally. Got my VOIP gateway working. My REALLY OLD documentation that I wrote years ago sucked BADLY
[2018-08-29 11:22:25]
czokie :
@cs2000 - Give it a try - and see how it behaves. I cant remember if that cronjob is hourly or daily - see what happens, and let me know if we need to tweak.
[2018-08-29 11:23:32]
kilrah :
isn't it best to point to the repo for the .js file? maybe add a link on that page?
[2018-08-29 11:32:38]
jezzab :
Yup. Do not host the .js file.
[2018-08-29 11:32:44]
jezzab :
Link to his repo
[2018-08-30 14:52:50]
perdario1 :
This version is modded?
[2018-08-30 14:53:04]
perdario1 :
Dji 4 4.3.0?
[2018-08-30 15:24:15]
ddzobov :
Yes
[2018-08-30 18:47:01]
perdario1 :
Bro you are the best...
[2018-08-30 18:52:33]
perdario1 :
@ddzobov how work this mod? there are no banners to select fcc or boost ...
[2018-08-30 20:09:31]
kilrah :
!wiki
[2018-08-30 20:09:55]
kilrah :
there's a whole page guide for installing it.
[2018-08-30 20:13:55]
mathieu.peyrega :
this is discrimination from DJI.... letting Apple suers hack and not android ones...
[2018-08-30 21:27:17]
perdario1 :
I have a jailbroken device, so I install the app directly from the phone using filza ... I thought that in this file ipa was already loaded the tweak ...
[2018-08-31 06:40:42]
kilrah :
it didn't work for me that way, something must need the signature
[2018-08-31 08:48:16]
perdario1 :
someone can turn the ipa file last version with the tweak already inside?
[2018-08-31 09:56:44]
jezzab :
Download the ipa and download the tweak from the repo
[2018-08-31 09:57:16]
jezzab :
Then you will aways link to the original and if there are updates you dont have to download the entire ipa again or anyone have to make another ipa. Just download a new tweak file, copy in the docs dir in itunes and your done
[2018-08-31 09:58:24]
jezzab :
If you can jailbreak the phone, you can drag one file into itunes
[2018-08-31 13:36:55]
rickw001 :
can't log in to his site,can't get past typing in security letters,no way to d/l
[2018-09-01 08:59:38]
kilrah :
What site? It's just a github repo...
[2018-09-01 12:37:06]
rickw001 :
was trying to get modded 4 4.3.0 and tweak file
[2018-09-01 14:05:27]
rickw001 :
I want for mavic 1 pro
[2018-09-01 15:15:34]
rickw001 :
I'm using 44.2.22 frida,is there an advatage to 44.3.0 ?
[2018-09-01 15:17:28]
vasek_r :
4.3.0 works with mavic 2 while 4.2.22 not I think
[2018-09-01 15:56:13]
dreaded.dragon :
Is the iOS app just as good as the Android one?
[2018-09-02 01:45:14]
sclark6389 :
hi - I am looking for more info on how to add the lib (library) file to other go ap4 version. Does any one have other links :slightly_smiling_face: thanks
[2018-09-02 01:46:59]
sclark6389 :
I do have the version I want to do this to decrypted ( the ipa files that is)
[2018-09-02 05:14:50]
stevencarreramail :
Usually I am good at following instructions for these mods but it seems I cannot get this Frida modded DJI GO APP to install successfully. Can someone help me out with installing this app successfully? I have watched a video on YouTube numerous times, read the wiki how to do it numerous times and have no idea what I am doing wrong. I am running latest Windows 10, iTunes version 12.6.2, my iPad Air 2 is running iOS version 10.3.2. I have done everything on SuperImpacter (except the "Revoke Certificate" part as it is skipped in the video and when I try to login it won't let me so I skip to install the modded app) and after trying installing twice, it installs (always fails the first time, no clue why). I then add the required files (tweak and FridaGadget.config) via iTunes and then allow developer access via Device Manager on iPad. When I go to open the app, it opens for like a second and then closes. It does it every time I try to open it. Can someone help me out on what I might be doing wrong? Highly appreciate any help.
[2018-09-02 12:40:00]
rickw001 :
I had the same thing happen but I had been flying 2 weeks with the app,went out to use and that same thing happened to me,would start and then vanish,I had to wipe everything clean from mini4 and do everything over,still don't know why
[2018-09-02 13:02:50]
stevencarreramail :
@rickw001 Hey Rick, thanks for the reply. Just out of curiosity, what iOS version are you running? I am trying to narrow down the solution to this problem.
[2018-09-02 13:34:38]
vasek_r :
Im using ios 11.4.1 with modded goapp 4.3.0 works well but was installed with dev account.
[2018-09-02 13:39:57]
rickw001 :
11.2.2
[2018-09-02 16:28:40]
perdario1 :
@jezzab can someone explain how to download the tweak.js file? when i save it i sauce it in .html format and loading it with itunes does not work ... can someone help me? I installed dji go 4 4.3 frida directly from my phone whit jb
[2018-09-02 16:39:37]
perdario1 :
ok solved. I tried to download the file without having a github account. I created an account and downloaded the .zip file. everything works perfectly now.
[2018-09-02 16:41:31]
andrwho25 :
i saw some settings in .22 to silence the rc, but it seems the option went missing
[2018-09-02 21:47:25]
stevencarreramail :
@rickw001 @vasek_r Thank you both! I think the problem is the iOS version I am running is too low. I tried on my wife's iPhone running iOS 11.4.1 and it worked! I did not want to update the iPad but it looks like that is the only way it would work.
[2018-09-02 22:28:02]
stevencarreramail :
Worked! Thank you so much, everyone!
[2018-09-03 11:06:07]
rickw001 :
only way to silence rc is Silencio
[2018-09-03 11:33:20]
cantrepeat :
Silencio is well worth the $6
[2018-09-03 12:31:24]
perdario1 :
does any of you know how I can modify the application and translate it into Italian? @ddzobov ?
[2018-09-03 14:05:13]
rickw001 :
when you update from .22 to 4.4.3 frida why doesn't it ask for mods you want?
[2018-09-03 14:06:18]
rickw001 :
PS: I used jar file from .22
[2018-09-03 15:17:03]
andrwho25 :
@rickw001 does silencio work on mavic air?
[2018-09-03 15:23:33]
cantrepeat :
I'm not sure but you can download it, hook up your RC and it will tell you.
[2018-09-03 15:23:35]
cantrepeat :
<https://dufo.be/silencio/>
[2018-09-03 15:54:23]
rickw001 :
sorry,don't have an air
[2018-09-03 16:05:47]
kilrah :
no
[2018-09-03 16:10:18]
kilrah :
the answer to anything about mavic air is always no :smile:
[2018-09-03 16:11:22]
cantrepeat :
seems legit
[2018-09-03 16:14:01]
rickw001 :
got 4.3 to work on mavic 1,when I deleted old app it also deleted jar file,after adding back in with itunes it's working fine
[2018-09-03 16:19:42]
cantrepeat :
any new features in 4.3?
[2018-09-03 16:30:47]
rickw001 :
not sure,just got it loaded
[2018-09-03 16:38:33]
rickw001 :
this is Danill Zobov version
[2018-09-03 18:37:11]
andrwho25 :
anyone have issues with the app crashing ? was using .22 successfully until today
[2018-09-03 18:45:02]
andrwho25 :
damn it. it’s because i switched to satellite view that it crashes. now have to reinstall .22 when i get home. bummer
[2018-09-04 16:48:56]
rickw001 :
Installed Zobov 4.3 frida yesterday(9/3),just checked it says expires tomorrow(9/5) WTF ?
[2018-09-04 17:35:45]
kilrah :
you will need to resign with impactor, see the guide...
[2018-09-04 17:47:09]
rickw001 :
Thanks,I knew about resigning,just didn't think 2 days sounded right
[2018-09-04 17:47:51]
rickw001 :
and it won't resign until it expires
[2018-09-04 17:51:36]
kilrah :
did you sign it when you installed? otherwise the cert dates back from when he posted it aka about 5 days ago logically
[2018-09-04 17:59:13]
rickw001 :
no I didn't,just tried to resign and it won't resign right now
[2018-09-04 18:36:45]
kilrah :
did you use superimpactor or the "normal" impactor?
[2018-09-04 18:44:23]
rickw001 :
super
[2018-09-04 18:46:38]
kilrah :
I just deleted the app from ipad, reinstalled it with super and it signed it with my account. Where did you even see the expiry date?
[2018-09-04 18:48:56]
cantrepeat :
On the side of he milk jug?
[2018-09-04 18:52:26]
rickw001 :
when you bring it up to renew it shows you the expire date
[2018-09-04 19:02:26]
rickw001 :
sorry,resign,lol
[2018-09-05 05:22:52]
rickysuper :
I installed the 4.3.0 frida app using superimpactor, sign the app and copied the Tweaks.js to the Go4 documents folder. But the Tweaks prompt doesn't show up when launch the app. Do I need to uninstall the original Go4 ?
[2018-09-05 06:06:10]
kilrah :
yes
[2018-09-05 06:06:23]
kilrah :
uninstall everything before loading
[2018-09-05 06:34:12]
rickysuper :
oh thanks a not !
[2018-09-05 07:46:55]
rickysuper :
Still no prompt
[2018-09-05 07:50:10]
rickysuper :
I uninstall the original Go4 and install everything again, still no prompt
The Tweaks.js and 4.3 frida app was download from <http://dji.retroroms.info/howto/apple_ios_patched_dji_go4>
[2018-09-05 07:57:05]
massimo.ardizzone :
enable interaction by remove comment in file
[2018-09-05 08:02:33]
rickysuper :
will try, thanks
[2018-09-05 10:11:18]
saleem941 :
/
[2018-09-05 10:19:41]
cantrepeat :
What new features?
[2018-09-05 11:07:07]
ender :
As always every “version history” entry is like a press conference of SHS in the white house :slightly_smiling_face: Deception, lies and a grain of truth…
[2018-09-05 11:26:22]
capra_vecinului :
Overheating :smile: (there are several reports, and frankly it is not a surprise to me, seeing how they managed to install & place the vents on the M2P body)
[2018-09-05 11:46:09]
kilrah :
<https://www.dropbox.com/s/7cs9rmzq1n7faxx/DJI%20GO%204%204.3.1%20%28decrypted%29.ipa?dl=1>
[2018-09-05 12:28:35]
massimo.ardizzone :
hi all, with frida 4.3 app, mavic 2 work to fcc boosted?
[2018-09-05 12:31:41]
massimo.ardizzone :
what is? 4.3.1 frida?
[2018-09-05 12:58:15]
rickysuper :
I tried FCC work, but not try boost mode
[2018-09-05 12:59:47]
rickysuper :
@massimo.ardizzone Tweak installed successfully. Thanks
[2018-09-05 13:10:18]
rickw001 :
think I might remove Zobov's 4.3 and go back to 4.0.6,I like to grab mavic in an instant if I want to use to catch something,because if I forget to resign in 7 days have to get to pc and redo
[2018-09-05 13:11:55]
soddy :
Not work with Tweak.js put in, no pop-up!
[2018-09-05 13:12:47]
kilrah :
This is just decrypted, not modded... as usual.
[2018-09-05 13:15:15]
massimo.ardizzone :
with ce of mavic 2 i think to remain on stock go4
[2018-09-05 13:20:31]
rickysuper :
CE in my country was little bit suck in urban area. only 2-3km
[2018-09-05 13:53:36]
jezzab :
you can get a dev account and sign for a year @rickw001
[2018-09-05 13:54:44]
rickw001 :
thanks jezzab,does it cost much?
[2018-09-05 13:55:39]
rickysuper :
99US per year
[2018-09-05 13:56:28]
rickw001 :
might consider that,it's a shame NLD doesn't support IOS
[2018-09-05 13:57:07]
rickysuper :
CE ~ 70µW/cm,FCC ~ 94µW/cm,Boost ~ 120µW/cm
Mavic 2 Pro.
Alientech Duo antenna (no signal amplify)
[2018-09-05 14:00:57]
jezzab :
It would still have to be signed. Thats Apple and no way around it
[2018-09-05 14:02:22]
rickw001 :
thanks again jezzab :+1:
[2018-09-05 14:10:25]
rickysuper :
I got error when click the revoke certificate in Superimpactor and need to quit the software, any clue ? Thanks
Window10
[2018-09-05 16:23:48]
puckquentin :
you don't need to revoke the cert , just resign
[2018-09-05 21:43:54]
massimo.ardizzone :
can you explain how to activate fcc and boost on mavic 2? wich version of go4?
[2018-09-06 00:31:21]
rickysuper :
Thanks @puckquentin
[2018-09-07 04:00:54]
rickysuper :
Will the Apple APP-SPECIFIC PASSWORDS expire in 7 days and need to resign?
If I join the Apple Developer program will prevent expire ? Can I install the app to multi-IOS device and prevent expire if I pay US100 yearly?
Thanks
[2018-09-07 04:25:34]
vasek_r :
@rickysuper as an Appple developer program member you get the cert to load your own programs and have one year till they expire. It is valid for 100 devices of each kind IMO.
[2018-09-07 04:38:13]
rickysuper :
Thanks @vasek_r
[2018-09-07 11:57:28]
soddy :
The frida 4.3.0 app crashes when choose to import pics from Editor>Album>{top left import icon}!
[2018-09-07 12:01:37]
jezzab :
so you tested the stock non frida app for the same issue?
[2018-09-07 13:44:36]
soddy :
Yes, stock app runs well!
[2018-09-07 16:45:17]
rickysuper :
Follow
<http://dji.retroroms.info/howto/apple_ios_patched_dji_go4>
[2018-09-07 21:50:29]
dreaded.dragon :
What would cause the app to show the splash screen then go back to the home screen immediately?
[2018-09-07 22:06:40]
kilrah :
not properly signed?
[2018-09-07 22:15:33]
dreaded.dragon :
Was working before
[2018-09-07 22:17:27]
kilrah :
cert expired then
[2018-09-07 22:17:35]
dreaded.dragon :
I just reinstalled, and it’s working now...
[2018-09-07 22:17:38]
kilrah :
only valid for 7 days
[2018-09-07 22:17:43]
dreaded.dragon :
Really?
[2018-09-07 22:17:45]
kilrah :
then you have to redo the whole process
[2018-09-07 22:17:52]
dreaded.dragon :
Interesting
[2018-09-07 22:18:16]
dreaded.dragon :
Cool, thanks for the info @kilrah
[2018-09-08 17:13:45]
rickw001 :
do any of newer ios go4 apps have updates for Glonass and Galileo for mavic pro 1 ?
[2018-09-09 09:11:17]
ddzobov :
First mavic pro have galileo and glonass?
[2018-09-09 09:11:26]
ddzobov :
And disabled by default?
[2018-09-09 09:19:52]
cantrepeat :
If you use FC Patcher and an NLD apk I believe it is on. You can turn logging on to make sure it's on.
[2018-09-09 09:21:59]
cantrepeat :
I'm not 100% but I believe you can only get galileo sats while using an NLD apk client.
[2018-09-09 09:22:29]
cantrepeat :
@mathieu.peyrega is probably the one to ask.
[2018-09-09 09:27:36]
mathieu.peyrega :
@ddzobov: Mavic Pro and Pro platinium features a ublox M8 gnss receiver which can handle Galileo. DJI disabled (not enabled) it
[2018-09-09 09:27:46]
mathieu.peyrega :
FC patcher and NLD app allows you to enable it
[2018-09-09 09:28:29]
mathieu.peyrega :
the <https://github.com/o-gs/DJI_FC_Patcher> part is the most important one
[2018-09-09 09:35:41]
ddzobov :
How can i know that gnss and galileo was enabled?
[2018-09-09 09:36:54]
mathieu.peyrega :
read this : <https://github.com/o-gs/DJI_FC_Patcher/issues/3>
[2018-09-09 09:37:01]
mathieu.peyrega :
got rather detailled instructions
[2018-09-09 14:27:50]
rickw001 :
the reason I asked I read that all dji drones were being shipped with it,that was before mavic 2 was released
[2018-09-11 17:55:45]
massimo.ardizzone :
hey boys... we can assume Assist 4.3.0 frida works in FCC Boost with Mavic 2 ? anyone has tested the signal power?
[2018-09-11 19:32:05]
mr.vibez :
Apologies, is there a link to the 4.3.0 FCC ipa?
[2018-09-11 19:32:10]
mr.vibez :
!ipa
[2018-09-11 20:11:19]
rickw001 :
guess you got answer from other thread,nothing works for mavic 2 yet
[2018-09-11 20:16:21]
mr.vibez :
Wait, I thought it works for the mavic2?
[2018-09-11 22:39:21]
739461411 :
i have already tested it .i will tell you, yes,it works.let's thank @ddzobov .
[2018-09-12 01:55:11]
rickysuper :
Yes, FCC and Boost mode works on M2 buy measuring by signal meter. But I only did the fly test using FCC, amazing range I got.
CE ~ 50µW/cm, FCC ~ 94µW/cm, Boost ~ 124µW/cm
2.4Ghz signal meter
[2018-09-12 02:03:55]
cantrepeat :
@rickysuper what model of RF meter are you using to measure with?
[2018-09-12 02:09:23]
rickysuper :
[2018-09-12 02:09:58]
rickysuper :
FCC mode. The antenna was a dual band DBS without signal amplify
[2018-09-12 02:12:50]
rickysuper :
Boost mode
[2018-09-12 02:16:38]
rickysuper :
sadly that this meter was only 2.4Ghz - 5.0Ghz. 5.8Ghz not work
[2018-09-12 06:33:30]
massimo.ardizzone :
very thanks
[2018-09-12 06:44:36]
massimo.ardizzone :
ricky is ok 4.3.0 version for mavic 2, any important changes? if you say is ok i remove normal 4.3.1 and install 4.3.0 frida
[2018-09-12 07:05:38]
rickysuper :
Yes its 4.3.0 frida for Mavic 2 (look at the remote control, its grey in colour). We had used the FCC mode only for several times and no "major" issues. Some minor issues I don't know if it was the same in original IOS app as I use Android version before.
[2018-09-12 07:07:29]
rickysuper :
We only use the M2 to test different antenna mod, take photos, Time lapse or do range fly but no other flight mode.
[2018-09-12 07:24:43]
mr.vibez :
Which option do you select in the configure for the band?
[2018-09-12 07:25:29]
rickysuper :
I use dual band DBS antenna, of course I choose dual band option
[2018-09-12 07:26:08]
mr.vibez :
That wasn't an option for me in the Frida tweak popup
[2018-09-12 07:27:00]
mr.vibez :
[2018-09-12 07:27:17]
rickysuper :
choose the first one
[2018-09-12 07:27:30]
mr.vibez :
Thanks
[2018-09-12 07:28:25]
rickysuper :
I had hard corded the force_fcc to true. I always skip the config
[2018-09-12 07:28:46]
rickysuper :
other options not work except boost mode
[2018-09-12 07:28:58]
mr.vibez :
I'll take a look how to do that too
[2018-09-12 07:29:31]
rickysuper :
I use Mac, open the Tweak.js in TextEdit and you can edit the parameters
[2018-09-12 11:37:46]
ddzobov :
Anyone have 4.3.1 ipa?
[2018-09-12 11:37:49]
ddzobov :
Decrypted
[2018-09-12 12:08:49]
freddyk_1234 :
@ddzobov @kilrah posted this. <https://www.dropbox.com/s/7cs9rmzq1n7faxx/DJI%20GO%204%204.3.1%20%28decrypted%29.ipa?dl=1>
[2018-09-12 12:10:14]
ddzobov :
Okay, i’ll patch it
[2018-09-12 12:15:45]
cs2000 :
@ddzobov For future reference, all decrypted IPA's are also stored on my server <http://polybotes.feralhosting.com/dji/GO4/IPA/> and linked in the wiki
[2018-09-12 14:56:06]
mr.vibez :
Any good frida tutorials? I'm used to android patching
[2018-09-12 15:11:41]
mr.vibez :
I assume the methods will still be the same
[2018-09-12 15:13:57]
kilrah :
the frida libs need to be injected in the ipa, they're what will read the tweak.js...
[2018-09-12 15:15:24]
kilrah :
<http://dji.retroroms.info/howto/iosfrida>
[2018-09-12 18:35:37]
mr.vibez :
Great tutorial, thanks
[2018-09-13 07:16:28]
kilrah :
Thx
[2018-09-13 07:40:27]
rickysuper :
Thx
[2018-09-13 07:42:08]
mr.vibez :
Thanks
[2018-09-13 07:49:42]
739461411 :
wow!!!!
[2018-09-13 08:10:35]
vasek_r :
@ddzobov Spasibo bolshoe :slightly_smiling_face:
[2018-09-13 10:32:39]
massimo.ardizzone :
thanks !!
[2018-09-13 12:04:44]
massimo.ardizzone :
can’t install ... sign failed don’t undestrand.. anyone has tryed 4.3.1 ?
[2018-09-13 12:05:52]
massimo.ardizzone :
daniil you can write md5 i test is is corrupted
[2018-09-13 12:26:25]
739461411 :
maybe you need resign
[2018-09-13 14:03:42]
massimo.ardizzone :
i dont have any frida installed
[2018-09-13 14:04:33]
cantrepeat :
I use to day a chick named Frida!
[2018-09-13 14:41:29]
cantrepeat :
date* damn, try and make a joke and mess it up!
[2018-09-13 15:45:09]
ddzobov :
[2018-09-13 15:45:21]
ddzobov :
signed and installed now
[2018-09-13 15:50:08]
ddzobov :
MD5 (DJI GO 4 4.3.1-frida.ipa) = 06f4ef8ecaeb0cbb79e85666e187bea2
[2018-09-13 15:52:46]
mr.vibez :
@ddzobov could you upload elsewhere? the download limit is reached for me and I don't have a yandex account
[2018-09-13 15:57:27]
massimo.ardizzone :
thank u download corrupted now works
[2018-09-13 16:00:10]
mr.vibez :
I cant get past the verification code
[2018-09-13 16:00:23]
mr.vibez :
It's in russian
[2018-09-13 16:04:02]
mr.vibez :
Ah found the English page. Cheers
[2018-09-13 16:07:15]
ddzobov :
ok
[2018-09-13 16:07:28]
ddzobov :
i tried to upload to slack - very slow
[2018-09-13 16:07:45]
ddzobov :
uploading 30% about 15 minutes
[2018-09-13 16:08:27]
mr.vibez :
Yandex is predicted 2hrs to download lol
[2018-09-13 16:41:53]
rickysuper :
do the Tweak.js need update to match the 4.3.1 Frida ?
[2018-09-13 19:08:37]
vasek_r :
@ddzobov just tested 4.3.1 with mavic 2 zoom succesfully. Mavic 2 pro tomorrow. Thanks again
[2018-09-13 20:32:22]
mr.vibez :
@rickysuper shouldn't need it
[2018-09-14 01:09:12]
rickysuper :
Thanks @mr.vibez
[2018-09-14 19:04:45]
andrwho25 :
is that 4.3.1 already signed? and all I do is install it ?
[2018-09-14 19:59:18]
vasek_r :
@andrwho25 the app is ready to install but you have sign it with your personal or developer certificate or use superimpactor check !wiki
[2018-09-14 20:00:28]
andrwho25 :
thanks !
[2018-09-14 22:16:28]
czokie :
Interesting observation. I had a P4P replaced under DJI care. (Dont ask why). When I got it, activation was not completing. Being a geek, I got out Charles proxy to have a look at the network traffic. (Have not looked at it in a long time). DJI has upped their game in terms of certificate pinning. A lot more stuff that was previously visible with charles was now failing. Might have to get out a hook file to see if the previous pinning bypass still works or not….
[2018-09-15 07:32:42]
mr.vibez :
Just reading <http://dji.retroroms.info/howto/iosfrida> how do we find the method names from the ipa, such as bool __cdecl -[DJITermsNotificationController shouldShowTerms](DJITermsNotificationController *self, SEL a2)
[2018-09-15 07:32:44]
mr.vibez :
?
[2018-09-15 08:18:02]
jezzab :
IDA or other tools
[2018-09-15 08:48:50]
mr.vibez :
I used to use flex when my iphone was jailbroken
[2018-09-15 08:52:28]
mr.vibez :
:disappointed:
[2018-09-15 15:48:04]
per :
anyone have any idea why I’m getting the “API Error” in XCode when trying to install the resigned .IPA?
[2018-09-15 18:02:13]
mr.vibez :
Anyone have a classdump of dji go? i'm really struggling to generate one myself
[2018-09-16 04:56:16]
jezzab :
Its 170000+ classes. I think czokie decompiled some of the older versions. Usually i just use it as is in IDA and decompile the class on the fly @mr.vibez
[2018-09-16 07:17:04]
mr.vibez :
This app name was picked by Jezzab because “PrettyWoman - She was a hooker”.
[2018-09-16 07:17:07]
mr.vibez :
love it
[2018-09-16 07:59:13]
andrwho25 :
i signed the app with my dev certificate, but its still grayed on my iphone, any idea?
[2018-09-16 08:47:39]
kilrah :
you approved in settings?
[2018-09-16 09:00:25]
andrwho25 :
ah nevermind, i’m such a noob. i created the wrong certificate
[2018-09-16 09:00:36]
andrwho25 :
created an adhoc instead of dev certificate
[2018-09-17 20:27:35]
andrwho25 :
anyone know if ios 12 will be an issue?
[2018-09-17 21:35:05]
andrwho25 :
nope, no issues here with 4.3.1
[2018-09-18 12:07:54]
saleem941 :
@ddzobov
[2018-09-18 12:33:51]
kilrah :
decrypted: <https://www.dropbox.com/s/77cr1v9c6l7js9h/DJI%20GO%204%204.3.2%20%28decrypted%29.ipa?dl=1>
[2018-09-18 12:38:15]
mr.vibez :
Looking forward to speed adjustments in hyper lapses
[2018-09-18 13:02:59]
cantrepeat :
@kilrah is it just me or are IPAs easier to decrypt then APKs?
[2018-09-18 13:21:46]
sotiris.tripolitsioti :
@kilrah Super! Now waiting to be patched..
[2018-09-18 13:22:25]
kilrah :
they are
[2018-09-18 13:23:35]
kilrah :
because it's "only" Apple's security at play there, they don't have their own layers of packing
[2018-09-18 13:23:45]
kilrah :
not sure apple actually allows those at all
[2018-09-18 13:23:55]
cantrepeat :
ah, well that sucks for android users
[2018-09-18 13:42:19]
ddzobov :
<https://yadi.sk/d/ubY0zJapQgiVcw>
[2018-09-18 13:46:52]
saleem941 :
already patched?
[2018-09-18 13:47:56]
ddzobov :
yes
[2018-09-18 13:48:19]
saleem941 :
Well done !
[2018-09-18 13:48:37]
cantrepeat :
Does frida bypass app activation?
[2018-09-18 15:14:08]
sotiris.tripolitsioti :
Thanks @ddzobov!
[2018-09-18 16:06:39]
mr.vibez :
Thanks @ddzobov you really need to show us how to do this in case you ever get hit by a bus lol.
[2018-09-18 16:07:26]
ddzobov :
:confused:
[2018-09-18 16:08:33]
mr.vibez :
is it all the steps here @ddzobov? <http://dji.retroroms.info/howto/iosfrida>
[2018-09-18 16:08:34]
saleem941 :
A Russian Brain never get hit !
[2018-09-18 16:10:33]
saleem941 :
@ddzobov any luck with 5.8ghz hack?
[2018-09-18 18:56:04]
vasek_r :
just downloading ios 12 will test it tomorrow with the 4.4.3 ipa and thursday with the new 4.4.3.2 will report asap
[2018-09-18 19:17:26]
mr.vibez :
Damn the hyperlapse speed adjustment seems broken, can't see how one would change the speed
[2018-09-18 19:29:28]
trollspeed :
Worked with 4.3 and 12
[2018-09-18 19:35:31]
andyca57 :
Hello Team
[2018-09-18 19:36:50]
andyca57 :
im able to roll back my firmware with no problem but im having problems
rolling back the DJI App in IOS currently i updated to 4.3.2 cause im not able to roll back to a ealier
Ver GO 4.1.3 the app the NLD supports. i notice GO 4.3.2 is asking to update my FW witch i don’t want to
Do.
my Question is if i use DJI GO 4.3.2 with FW my current AC FW 04.602 will i be able to Fly with the
Parameters Sport and Alt +500 .any suggestion or web links would be appreciate ,
keep up the great work.
My setup
AC P4pro FW 04.0602 modded with NDL MOD Client v1.7.0.4
Go 4 4.3.2
iPad IOS 11
[2018-09-18 20:20:24]
andyca57 :
Hi L Sith what AC you have and FW Parameters u have changed thanks
[2018-09-19 07:59:48]
vasek_r :
Confirmed ios12 & goapp 4.3.1 on iphoneX works just fine with M2Pro
[2018-09-19 08:00:51]
vasek_r :
(@ddzobov ) frida modded
[2018-09-19 08:01:26]
ddzobov :
4.3.2 already patched :slightly_smiling_face:
[2018-09-19 08:08:10]
vasek_r :
Will test and report friday on pro and zoom as well. Im confident it will work as well. Thanks Daniil
[2018-09-19 08:13:56]
ddzobov :
:+1:
[2018-09-19 10:40:24]
ddzobov :
@channel DJI GO 4 4.3.2-frida released
<https://yadi.sk/d/ubY0zJapQgiVcw>
[2018-09-19 10:52:03]
sotiris.tripolitsioti :
@ddzobov is this release the same as the above?
[2018-09-19 10:56:45]
kilrah :
just look at the link, it's the same...
[2018-09-19 10:57:07]
kilrah :
he jsut posted again because people can't look up a page and don't see it's there...
[2018-09-19 11:05:38]
ddzobov :
Yes
[2018-09-19 11:10:53]
sotiris.tripolitsioti :
Ok, will try this with ios 12 and M2Z later today. Thanks for all :slightly_smiling_face:
[2018-09-19 11:18:13]
aciid :
remember to archive all work!
[2018-09-19 12:08:15]
mr.vibez :
anyone know what causes this?
[2018-09-19 12:08:15]
mr.vibez :
Warning: Payload folder has more than one file, this is unexpected.
[2018-09-19 12:27:11]
mr.vibez :
uh now I get "Sign failed" in super impactor
[2018-09-19 12:30:12]
ddzobov :
hm
[2018-09-19 12:30:16]
ddzobov :
one moment
[2018-09-19 12:30:37]
mr.vibez :
This is when I try to patch my own version
[2018-09-19 12:30:43]
ddzobov :
i have no problem with it - in payload folder only one file
[2018-09-19 12:31:37]
vasek_r :
here it works ok with standard apple dev account
[2018-09-19 12:31:59]
mr.vibez :
this is what my payload looks like /Users/lee/Documents/Payload/DJI GO 4.app/Frameworks/FridaGadget.config
[2018-09-19 12:32:19]
mr.vibez :
does that seem ok?
[2018-09-19 12:32:40]
mr.vibez :
I didn't add the tweak.js file as indicated by the wiki as we add that later it seems
[2018-09-19 12:33:25]
ddzobov :
you downloaded IPA?
[2018-09-19 12:33:46]
ddzobov :
you only need to sign this and add with ifunbox Tweak.js later
[2018-09-19 12:33:55]
mr.vibez :
I downloaded the decrypted version. I'm trying to frida patch it myself
[2018-09-19 12:34:14]
mr.vibez :
ah may have solved
[2018-09-19 12:34:32]
ddzobov :
maybe you have hidden files near DJI GO 4.app?
[2018-09-19 12:34:35]
ddzobov :
added by OS
[2018-09-19 12:36:10]
vasek_r :
@mr.vibez no, we have apple developer account and install it with apple tools ... With the dev account you can sign your own app for a one year... No impactor
[2018-09-19 12:36:40]
mr.vibez :
I have a dev account and use impactor to install.
[2018-09-19 12:37:04]
mr.vibez :
Turns out I had to uninstall @ddzobov version before I could install mine
[2018-09-19 12:38:32]
mr.vibez :
Woohoo, managed to patch frida myself :slightly_smiling_face:
[2018-09-19 12:40:08]
mr.vibez :
OK so am I correct in thinking that if I want to patch for example, the dialog that shows the high wind warning, I just need to swizzle the correct method via tweak.js. There is nothing else I need to do?
[2018-09-19 12:47:07]
ddzobov :
<https://github.com/ddzobov/dji-ios-frida-tweak>
[2018-09-19 12:47:12]
ddzobov :
pushed new sh file
[2018-09-19 12:47:28]
ddzobov :
ipa_patch.sh
[2018-09-19 12:48:04]
ddzobov :
it makes ready to sign ipa with injected Tweak.js
[2018-09-19 12:48:08]
ddzobov :
try it yourself
[2018-09-19 13:01:25]
mr.vibez :
@ddzobov works prefect thanks :slightly_smiling_face:
[2018-09-19 13:01:55]
mr.vibez :
I just need to swizzle the correct method via tweak.js. There is nothing else I need to do to any other file if I want to create my own?
[2018-09-19 13:05:36]
ddzobov :
pushed new version of Tweak.js, trying to remove Quiz popup
[2018-09-19 13:11:02]
mr.vibez :
nice
[2018-09-19 13:27:33]
rickysuper :
Removed Force FCC options means default was forced FCC ?
Thanks
[2018-09-19 13:30:21]
ddzobov :
no, force fcc not needs - country code US does all job
[2018-09-19 13:30:38]
ddzobov :
and force fcc only works on mavic
[2018-09-19 13:32:01]
rickysuper :
Thanks
[2018-09-19 13:33:03]
rickysuper :
And the 0.21 still works, I already install and put the old Tweak.js
[2018-09-19 13:38:44]
mr.vibez :
so if we comment out interaction or skip configure, FCC will still work?
[2018-09-19 13:47:40]
ddzobov :
if interaction will be commented you need to set country_code_us to true
[2018-09-19 13:47:53]
ddzobov :
if you skip configure you will get stock app
[2018-09-19 13:57:04]
mr.vibez :
Thanks
[2018-09-19 14:40:55]
andyca57 :
good morning team, question to install DJI GO 4 4.3.2-frida.ipa can i install it Via iTunes ? thanks
[2018-09-19 14:42:08]
ddzobov :
first, you need to sign it
[2018-09-19 14:42:32]
ddzobov :
after that you can install via iTunes or iFunBox
[2018-09-19 14:43:13]
ddzobov :
or if you have jailbroken device you can install it without signing
[2018-09-19 14:44:26]
andyca57 :
sign it ? sorry i been out the drone mode scene for a while.
[2018-09-19 14:44:34]
andyca57 :
err mod
[2018-09-19 14:45:39]
ddzobov :
for install on not jailbroken device you need to sign file with developer certificate
[2018-09-19 14:46:36]
andyca57 :
my iPad or iPhone are not jailbroken
[2018-09-19 14:46:37]
acorchia :
Andy you need the cydia impactor tool
[2018-09-19 14:47:05]
andyca57 :
ok im a ware of cydia impactor tool
[2018-09-19 14:47:09]
ddzobov :
cydia impactor (mac) or superimpactor (win) signs app only for 1 day
[2018-09-19 14:47:27]
ddzobov :
this will be good if you just want to test it once
[2018-09-19 14:47:33]
acorchia :
@ddzobov they took it down to 1 day? :open_mouth:
[2018-09-19 14:47:53]
acorchia :
usually its good for 7 days no?
[2018-09-19 14:48:04]
ddzobov :
i forgot, 7 days
[2018-09-19 14:48:12]
ddzobov :
i havent tested it myself
[2018-09-19 14:48:16]
ddzobov :
i use dev cert
[2018-09-19 14:48:17]
acorchia :
phew! :smile: don't scare me like that man
[2018-09-19 14:48:22]
andyca57 :
lol
[2018-09-19 14:48:56]
acorchia :
so yea andy, just like that, cydia impactor tool will sign it up for you, and you can install it through itunes after I think :thinking_face:
[2018-09-19 14:49:02]
andyca57 :
hey team any links where i can read up on DJI GO 4 4.3.2-frida.ipa
[2018-09-19 14:49:13]
acorchia :
or through some other third party app that throws it into the phone, like iAmazing
[2018-09-19 14:49:34]
andyca57 :
K avielc
[2018-09-19 14:49:59]
andyca57 :
k
[2018-09-19 14:50:37]
acorchia :
welcome :slightly_smiling_face:
[2018-09-19 14:51:04]
acorchia :
i would really love a dev friend :thinking_face:
[2018-09-19 14:51:38]
andyca57 :
ok so ones i install DJI GO 4 4.3.2-frida.ipa i can fly my P4pro with any firmware with out been ask to update?
[2018-09-19 14:54:04]
acorchia :
i'm actually thinking about the forced fcc part, if i can specify it within the app, sounds like an awesome option, Thank you for that @ddzobov
and andy, you might be asked for anyways, why not create a mixed firmware and upload it to your p4pro?
[2018-09-19 14:56:44]
andyca57 :
afield do you have any link where i can how to "create a mixed firmware "
[2018-09-19 14:58:52]
sotiris.tripolitsioti :
Super Impactor produces also for me a login error but retrying this without changing anything works fine. Maybe a bug in the app?
[2018-09-19 15:03:22]
acorchia :
cydia impactor should be available for windows too
[2018-09-19 15:03:40]
acorchia :
there is a video by the good guy in general
[2018-09-19 15:03:46]
acorchia :
let me look it up for you
[2018-09-19 15:03:52]
andyca57 :
thanks
[2018-09-19 15:04:16]
acorchia :
<https://www.youtube.com/results?search_query=digdat0+custom+firmware>
[2018-09-19 15:04:59]
acorchia :
the first few results are by him, so you can look into it and find where you create that version, the concept is the same even if its a different drone model
[2018-09-19 15:06:41]
andyca57 :
digdat0 makes some great how to Vid's
[2018-09-19 15:06:51]
acorchia :
yep
[2018-09-19 16:16:05]
sotiris.tripolitsioti :
Patched 4.3.2 frida works fine on iPhone X iOS 12. Just tested it. Perfect work @ddzobov ! Will also try the new tweak.js
[2018-09-19 16:23:07]
rickysuper :
Tweak.js 0.22 FCC seems not work on 4.3.2 or 4.3.0. I revert back to Tweak.js 0.21 and no problem
[2018-09-19 16:29:16]
sotiris.tripolitsioti :
And for me too, .022 does not work. Back to .021
[2018-09-19 16:32:41]
andyca57 :
any one here using DJI GO 4 4.3.2-frida.ipa on a p4pro im new to the group and trying to catch up with DJI mods on my P4rpo thank you
[2018-09-19 16:34:21]
mr.vibez :
How are you proving Tweak.js 0.22 FCC does not work?
[2018-09-19 16:43:25]
mr.vibez :
It at least pops up the quiz for me
[2018-09-19 16:54:35]
rickysuper :
First the 4Km line of the signal status does not rise up, second my signal meter value FCC was 110 µW/cm in Tweak.js 0.21 but 0.22 was only 90 µW/cm
[2018-09-19 17:00:01]
mr.vibez :
Ah I never checked that. I use my own simplified tweak.js that just enables FCC
[2018-09-19 17:13:31]
mr.vibez :
Now to figure out how to patch litchi too or any app that uses the SDK
[2018-09-19 21:45:33]
andyca57 :
getting error while installing DJI GO 4 4.3.i-frida.ipa with impactor file: installation.cpp; line: 42; what:
Failed to verify code signature of /private/var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.T6cJWC/extracted/Payload/DJI GO 4.app/Frameworks/BokehFramework.framework : 0xe8008016 (The executable was signed with invalid entitlements.)
[2018-09-19 21:48:23]
andyca57 :
not sure what to to my setup MacBook air to iPhone iso 11.4.1
[2018-09-19 22:52:44]
andrwho25 :
what are you signing it with ?
[2018-09-19 22:57:14]
andyca57 :
cydia impactor
[2018-09-20 01:12:58]
andyca57 :
sorry I'm new to this group my setup is P4pro FW .0602 moded with NDL question if I install installing DJI GO 4 4.3.i-frida.ipa is the app all ready pached ?
[2018-09-20 08:20:32]
trollspeed :
Didn't get the question
[2018-09-20 09:00:47]
massimo.ardizzone :
there is a way for bypass 7 days certificate exipration without jailbreak?
[2018-09-20 09:02:05]
rickysuper :
join and pay the US99 (per year) Apple Developer program
[2018-09-20 09:08:11]
cantrepeat :
I'd rather pay the 99 bucks then use any tool from coolstart
[2018-09-20 10:01:56]
andyca57 :
morning Team question I'm new to this group my setup is P4pro FW .0602 moded with NLD. question if I install installing DJI GO 4 4.3.1-frida.ipa is the app all ready patched?
[2018-09-20 10:06:58]
cantrepeat :
Patched for what?
[2018-09-20 10:10:00]
andyca57 :
morning is the app (DJI GO 4 4.3.1-frida.ipa) ready to be used no tweak needed to be added ?
[2018-09-20 10:10:57]
andyca57 :
im a bit confused im reading the how to in [dji.retroroms.info](http://dji.retroroms.info)
[2018-09-20 10:12:14]
andyca57 :
How to install the Patched DJI GO4 App on iPad or iPhone
[2018-09-20 10:42:06]
kilrah :
everything is there really... <http://dji.retroroms.info/howto/apple_ios_patched_dji_go4>
[2018-09-20 10:50:06]
andyca57 :
sorry using my work wifi not the best .kilrah thanks if i want to make changes how to i run tweak.js ?
[2018-09-20 11:03:02]
kilrah :
<https://github.com/ddzobov/dji-ios-frida-tweak/>
[2018-09-20 11:06:17]
andyca57 :
thanks kilrah sorry for the 10,000 questions, but how do i edit the file to make those changes ie BOOST ....
[2018-09-20 11:08:28]
kilrah :
it's literally written on the page i just linked you to.
[2018-09-20 11:09:26]
andyca57 :
thanks for the great help will check out
[2018-09-20 12:25:30]
cantrepeat :
@kilrah I read through the howto but didn't see if the frida patches for anon login on the app, does it?
[2018-09-20 12:26:25]
kilrah :
nobody's made any afaik
[2018-09-20 13:16:31]
andyca57 :
just installed DJI GO 4 4.3.1-frida.ipa but tweak.js is not coming up, after i start GO 4 not sure what i did wrong any suggestions thanks.
[2018-09-20 13:19:34]
vasek_r :
@andyca57 did you add it in itunes to goapp files?
[2018-09-20 13:20:22]
andyca57 :
yes
[2018-09-20 13:21:09]
andyca57 :
im going to reinstall it again see what happens
[2018-09-20 13:23:09]
andyca57 :
im using SuperImpactor for some reason it will NOT install using iOS Impactor
[2018-09-20 14:29:14]
ddzobov :
file name Tweak.js - not tweak.js
[2018-09-20 14:31:12]
ddzobov :
and latest DJI GO 4 is 4.3.2
[2018-09-20 16:23:16]
rickysuper :
I reverted back to Tweak.js 0.21
[2018-09-20 16:41:19]
massimo.ardizzone :
i think need to enable country=us and force_fcc = enable
[2018-09-20 17:06:07]
andyca57 :
where can i get a ver of Tweak.js 0.21 thanks
[2018-09-20 17:17:22]
mr.vibez :
<https://github.com/ddzobov/dji-ios-frida-tweak/blob/0df4ccc5b38d38e073347aff4d11ef13cc924c41/Tweak.js>
[2018-09-20 17:18:39]
andyca57 :
right on thank you L Smith
[2018-09-20 20:55:28]
andyca57 :
just installed DJI GO 4 4.3.2-frida.ipa To my iPhone, but Tweak.js is not coming up, after i start GO 4, not sure what i did wrong
[2018-09-20 20:59:41]
mr.vibez :
can you upload your tweak.js here
[2018-09-20 20:59:52]
mr.vibez :
it might be corrupted
[2018-09-20 21:00:51]
andyca57 :
sure lee please walk me how to upload
[2018-09-20 21:05:34]
mr.vibez :
click the + icon
[2018-09-20 21:07:12]
andyca57 :
[2018-09-20 21:07:37]
andyca57 :
ok tthanks
[2018-09-20 21:07:47]
mr.vibez :
That isn't 0.21
[2018-09-20 21:08:21]
andyca57 :
no Sir is not
[2018-09-20 21:10:27]
mr.vibez :
hmm, are you certain you have uploaded it to the correct place?
[2018-09-20 21:11:09]
andyca57 :
yes i believe so one sec let me get the link
[2018-09-20 21:11:22]
mr.vibez :
[2018-09-20 21:11:31]
mr.vibez :
Should look like that^
[2018-09-20 21:11:55]
andyca57 :
<https://github.com/ddzobov/dji-ios-frida-tweak>
[2018-09-20 21:12:09]
andyca57 :
yes that correct im there now
[2018-09-20 21:12:29]
andyca57 :
let me try again
[2018-09-20 21:15:31]
andyca57 :
question My AC is the P4pro is that going to be a issue?
[2018-09-20 21:16:25]
mr.vibez :
Hmm, not sure, I have the MP2
[2018-09-20 21:16:56]
andyca57 :
hmm
[2018-09-20 21:17:18]
mr.vibez :
Try this version too, it's 0.21
[2018-09-20 21:17:30]
andyca57 :
ok
[2018-09-20 21:18:28]
andyca57 :
ok copy and paste with Xcode ?
[2018-09-20 21:19:20]
mr.vibez :
itunes
[2018-09-20 21:19:59]
mr.vibez :
Download the file I uploaded
[2018-09-20 21:20:07]
mr.vibez :
connect your phone to itunes
[2018-09-20 21:20:12]
mr.vibez :
go to file sharing
[2018-09-20 21:20:21]
mr.vibez :
select DJI GO 4
[2018-09-20 21:20:29]
mr.vibez :
click the add file button
[2018-09-20 21:20:41]
mr.vibez :
select the file you tweak.js file
[2018-09-20 21:21:00]
freddie-bruer :
0.22 dosent work right?
[2018-09-20 21:21:17]
mr.vibez :
apparently not
[2018-09-20 21:21:40]
andyca57 :
ok Lee d/l from <https://github.com/ddzobov/dji-ios-frida-tweak>
[2018-09-20 21:22:30]
mr.vibez :
d/l what?
[2018-09-20 21:23:04]
mr.vibez :
d/l this <https://files.slack.com/files-pri/T60D095A7-FCXPQ15M2/download/tweak.js>
[2018-09-20 21:24:17]
andyca57 :
ok got it d/l complete brb
[2018-09-20 21:27:47]
mr.vibez :
got to go, good luck
[2018-09-20 21:32:37]
andyca57 :
ok Lee you been a GREAT help
[2018-09-20 23:00:59]
andyca57 :
Lee thank you for all your help , it worked. i missed one step i forgot to restart the device
[2018-09-21 05:40:46]
saleem941 :
TWEAK 0.21 <https://mega.nz/#!6zBWjITA!dnt20w2wlTmBFNN1bmaW7l3DMvhj1YaHSuWIP3PxnD4>
[2018-09-21 16:32:31]
tumik :
@tumik has joined the channel
[2018-09-22 15:18:34]
ddzobov :
How you used enabling fcc? Force fcc or us region?
[2018-09-22 15:20:27]
ddzobov :
Try to disable interaction (how to - see Github) and set country_code_us to true
[2018-09-25 06:32:15]
rickysuper :
I0S 4.3.3 released
[2018-09-25 06:56:11]
kilrah :
@ddzobov decrypted <https://www.dropbox.com/s/3mlpvf9rcpmebkv/DJI%20GO%204%204.3.3%20%28decrypted%29.ipa?dl=1>
[2018-09-25 06:56:21]
kilrah :
damn, 112MB larger than previous
[2018-09-25 07:59:19]
mr.vibez :
I'll patch later if @ddzobov isn't around
[2018-09-25 08:00:46]
mr.vibez :
Change log anywhere?
[2018-09-25 08:03:41]
kilrah :
<https://itunes.apple.com/us/app/dji-go-4/id1170452592?mt=8>
[2018-09-25 08:05:11]
739461411 :
wow
[2018-09-25 08:53:31]
rickysuper :
anyone success using the Tweak.js 0.22 ?
[2018-09-25 08:54:18]
czokie :
I havnt updated the JS recently - but mine works just fine - Cant remember what date it was pulled from github...
[2018-09-25 08:54:44]
czokie :
Whats your issue?
[2018-09-25 08:55:31]
rickysuper :
updated and was release to the githbu. But I found not work for me and still using the 0.21. New update removed the force FCC and changed to country=US
[2018-09-25 08:56:06]
czokie :
Let me diff it and have a look
[2018-09-25 08:58:21]
rickysuper :
My friend hard coded the parameter and work. I use the config prompt but not work
[2018-09-25 08:58:46]
czokie :
Does the menu come up? What happens?
[2018-09-25 09:00:36]
kilrah :
many reports that 0.22 doesn't work
[2018-09-25 09:00:48]
kilrah :
use 0.21
[2018-09-25 09:00:55]
rickysuper :
Yes config prompt came up but after enable the country=US the 4k line in the Signal status not raise up. Signal Meter value lower than 0.21 force FCC
[2018-09-25 09:01:25]
czokie :
The big change is that I see it is not doing the SDR command any more - it is theoretically relying on the country bypass...
[2018-09-25 09:01:29]
rickysuper :
Yes but my friend works if hard coded the country=US to true. Strange
[2018-09-25 09:03:33]
czokie :
Stick with 21 for now then - I dont see any other major benefits of 22
[2018-09-25 09:03:58]
rickysuper :
Thanks !
[2018-09-25 09:04:00]
czokie :
Almost everythign else is cosmetic.
[2018-09-25 09:04:19]
czokie :
The other thing he added was the quiz stuff....
[2018-09-25 09:04:47]
rickysuper :
force 5.8 was useful when travel to 2.4 only countries
[2018-09-25 09:25:33]
mr.vibez :
Chang log is pretty poor, hopefully they fixed the hyperlapse speed. Maybe they just removed it....
[2018-09-25 09:33:25]
cantrepeat :
Best way to fix a broken feature you might ask, DJI, remove it!
[2018-09-25 10:01:21]
saleem941 :
/
[2018-09-25 10:53:15]
mr.vibez :
I don't get what has changed as that is a partial list from the previous update. Do the devs have no pride?
[2018-09-25 11:07:35]
kilrah :
just the first one
[2018-09-25 12:37:49]
ddzobov :
<https://yadi.sk/d/xOuW0m25KJusgA> uploading here 4.3.3-frida
[2018-09-25 12:39:46]
ddzobov :
with 0.22 try to open application, choose settings and after that plug the RC to phone
[2018-09-25 12:41:26]
vasek_r :
@ddzobov it links to older versions but not to the last one pls check thx
[2018-09-25 12:42:09]
ddzobov :
yes
[2018-09-25 12:42:14]
ddzobov :
moved to this folder
[2018-09-25 15:24:28]
mr.vibez :
Ah so the new features in 4.3.2 do require a fw update after all lol
[2018-09-25 17:06:59]
vasek_r :
@mr.vibez new fw? I have M2P 1.00.00.00 and see no new upd...
[2018-09-25 17:08:05]
mr.vibez :
It's not out yet, hence why the new features don't work yet.
[2018-09-25 17:11:24]
vasek_r :
As long as there is no way fw roll back ATM I’d no hurry....
[2018-09-25 20:35:48]
mr.vibez :
4.3.3 fcc works fine with my mp2 (using tweak 0.21)
[2018-09-26 01:23:22]
doubleohasian :
jailbreak reputable source link?
[2018-09-26 01:29:00]
doubleohasian :
NM I got it.
[2018-09-26 15:45:48]
vasek_r :
@ddzobov Late reply to your question from September 22nd: Me and my friend both use Tweak.js v0.21 with GOApp v4.3.2. Transmition power is untouched and sticks at FCC level no matter the choice of "Force FCC" or "Skip". So we suspect that "force_fcc" function do not work and all FCC enabling was done via country code US which is set at all times in the script.
[2018-09-26 15:55:01]
wass :
I suspect the same, I.e. Power is in FCC all the time because looks like 32 ch mode is not available for FCC and if I "Skip" I still do not see 32ch.
[2018-09-26 16:07:56]
rickw001 :
any one know of auto sign app for jailbroken mini 4 ?
[2018-09-26 16:12:47]
cs2000 :
theirs a few of them in cydia
[2018-09-26 17:05:32]
rickw001 :
thanks cs2000,I will check that out,I'm new to anything with IOS
[2018-09-26 17:09:17]
cantrepeat :
You might try on reddit @ /r/jailbreak has a pretty big following too
[2018-09-26 17:14:05]
kilrah :
well you don't need to sign in the first place if you're jailbroken, no?
[2018-09-26 17:18:14]
cantrepeat :
I believe you are correct. The only thing I ever had to sign was the JB
[2018-09-26 17:18:40]
cantrepeat :
They do have some sideloading over there as well if he's not JB yet
[2018-09-26 17:19:12]
rickw001 :
I have to resign my app every 7 days
[2018-09-26 17:19:31]
cantrepeat :
I gave up JB when coolstar started putting BS in electra
[2018-09-26 17:25:14]
rickw001 :
I'm using super impactor and have to resign every 7 days,maybe I'm doing something wrong,like I said I know nothing about ios
[2018-09-26 17:27:51]
cantrepeat :
Nope, that's the way it works, 7 days. I know people have already said that if you buy a apple developer account the signing period is for 1 year
[2018-09-26 17:28:35]
cantrepeat :
A lot of semi tethered jailbreaks only had 7 day signing which pushed a lot of people to dev accounts.
[2018-09-26 17:30:30]
kilrah :
electra is signed by dev accounts but since they keep being revoked it's a bit like self-sign :laughing:
[2018-09-26 17:37:25]
cantrepeat :
Yeah, coolstar hasn't done much good for JB as a whole. Between puttin crap in elextra and arguing with saurik it's just a mess.
[2018-09-26 17:37:54]
cantrepeat :
Last JB I used was double helix
[2018-09-26 18:44:27]
vasek_r :
We checked it by flight distance in well known terrain. The difference is very noticeable. We just installed Tweak v0.22 so I will give you know how it works soon.
[2018-09-27 01:25:58]
rickysuper :
4.3.2 and 4.3.3 frida with Tweak.js 0.21 force FCC definitely work. We test by using signal meter and test the distance many times
[2018-09-27 08:56:54]
wass :
Did some homework: 0.21 works to switch power between CE and FCC if at least if set "country_code_us: false" you will be able to choose "Force FCC" or "Skip" and it will work. below you can see screenshots ( sorry for blurry ones). So difference is about 5db i.e. ~ 3 times in power. BUT! 32 channels mode still doesn't work even though i skip FCC and turn 32ch on! @ddzobov please help! :slightly_smiling_face:
[2018-09-27 08:57:52]
wass :
[2018-09-28 04:59:54]
739461411 :
hi, friends.i want to change the ipa file 's ico,then i change ipa to zip, and unzip it .put new ico to replace old ico. zip the file ,change zip to ipa.and resign the app, but ,can't install .it says i need jailbreak.but i already resign .does anyone can help me or give me some guide link?thanks.
[2018-09-28 07:46:19]
cs2000 :
@rickw001 in Cydia, add the repo "<https://cydia.angelxwind.net/> " and then find the package AppSync Unified
[2018-09-28 07:46:28]
cs2000 :
that will disable the requirement for 7 day re-signs
[2018-09-28 10:24:42]
rickw001 :
wow,will see if I can handle that-thanks cs2000
[2018-09-28 10:37:03]
kilrah :
ah yeah, forgot about that - for me it's the first thing you install after jailbreaking, didn't think it wasn't there by default :smile:
[2018-09-28 10:38:40]
cs2000 :
me neither :wink:
[2018-10-01 15:34:20]
rickw001 :
does this get done straight to mini 4 or with pc ?
[2018-10-01 15:36:44]
kilrah :
on ipad, in cydia...
[2018-10-01 15:41:54]
rickw001 :
kk,thank you
[2018-10-03 20:20:27]
rickw001 :
I feel as stupid as a 2 yr old,I think it's installed but can't figure out how to add repo's or anything
[2018-10-03 20:20:45]
rickw001 :
I'm a dumb old android guy
[2018-10-03 20:22:04]
rickw001 :
damn,it says I have demo version and must contribute
[2018-10-03 20:24:07]
rickw001 :
and when I try to delete with icons it doesn't give me a box to check like other apps,I'm lost
[2018-10-04 05:41:09]
mr.vibez :
You have to uninstall within cydia
[2018-10-04 12:16:56]
rickw001 :
do I need to purchase cydia? I don't have a problem doing that,just confused,lol
[2018-10-04 12:20:28]
kilrah :
uh no...
[2018-10-04 12:22:57]
kilrah :
you said you had a jailbroken device. If you have a jailbroken device then you now have a Cydia app on your device
[2018-10-04 12:24:01]
kilrah :
and that's where you manage most of the jailbreak-related tweaks.
[2018-10-04 12:24:29]
rickw001 :
I think I jailbroke it with super impactor,is there a way to check
[2018-10-04 12:24:49]
kilrah :
superimpactor does NOT jailbreak your device...
[2018-10-04 12:25:13]
kilrah :
anyway precisely the way to check is if you have a Cydia app somewhere in your home screens...
[2018-10-04 12:26:10]
rickw001 :
I have a cydia app icon,but when I press it it comes up and then vanishes
[2018-10-04 12:28:04]
kilrah :
then your device isn't currently jailbroken
[2018-10-04 12:28:24]
kilrah :
you need to know what you used to jailbreak and check how that works
[2018-10-04 12:28:38]
kilrah :
different jailbreaks work in different manners
[2018-10-04 12:28:50]
kilrah :
some need to be redone after a reboot for example
[2018-10-04 12:30:30]
rickw001 :
maybe electra,thats on app screen also,sorry I'm so stupid with ios
[2018-10-04 12:30:46]
kilrah :
yup, then that has to be redone after each reboot
[2018-10-04 12:30:48]
cantrepeat :
Yeah, what iOS are you on
[2018-10-04 12:31:00]
rickw001 :
11.2.2
[2018-10-04 12:31:19]
cantrepeat :
@kilrah didn't coolstar do something to disable cydia in his first electra?
[2018-10-04 12:31:28]
kilrah :
that was long ago
[2018-10-04 12:31:41]
kilrah :
while cydia was compeltely broken on ios11
[2018-10-04 12:32:21]
kilrah :
i JB mine in august and it was all good with cydia in
[2018-10-04 12:32:42]
rickw001 :
all I was trying to do was not having to resign go4 every 7 days,lol
[2018-10-04 12:32:58]
kilrah :
yes and as you see it's not trivial at all
[2018-10-04 12:33:01]
cantrepeat :
dev account your phone?
[2018-10-04 12:33:35]
cantrepeat :
it was worth the 99 bucks when I was on 9.3.3 pangu before the auto signing was done
[2018-10-04 12:35:03]
cantrepeat :
oh wait
[2018-10-04 12:35:07]
rickw001 :
being a retired old man on fixed income I try to watch every dollar
[2018-10-04 12:35:33]
cantrepeat :
if you have electra and cydia keeps disappearing then it's possible the phone has rebooted and is not in a jb state
[2018-10-04 12:35:44]
cantrepeat :
run electra again and try cydia
[2018-10-04 12:36:31]
rickw001 :
trying electra now and it also vanishes after touch
[2018-10-04 12:37:20]
kilrah :
then you have to resintall electra becasue it's also subject to the 7day thing
[2018-10-04 12:37:30]
kilrah :
remove it first
[2018-10-04 12:38:10]
rickw001 :
does that mean something has to be resigned every 7 days?
[2018-10-04 12:38:42]
kilrah :
possibly electra depending on the way you installed it
[2018-10-04 12:38:56]
kilrah :
BUT you only need to launch it when you reboot, so if you don't then it can last longer
[2018-10-04 12:39:31]
kilrah :
and there are electra distributions with dev accounts so they have a year... except that apple tends to keep revoking those certs so they also don't last more than a couple of weeks anyway
[2018-10-04 12:40:54]
rickw001 :
wow,so I guess it's just as easy just to resign go4 every 7 days with super impactor
[2018-10-04 12:41:15]
cantrepeat :
@kilrah are they doing anything to the dev account as well or just revoking electra cert?
[2018-10-04 12:43:35]
kilrah :
probably killing the dev account
[2018-10-04 12:43:45]
cantrepeat :
All of the iOS signing and cert revoking along with Saurkia and Coolstar drama pushed me over to android. Well, all that and the fact that NLD supported android.
[2018-10-04 12:43:54]
kilrah :
when you reload it's a completely different one again
[2018-10-04 12:44:05]
kilrah :
usually some random chinese company
[2018-10-04 12:44:30]
kilrah :
must be throwaways
[2018-10-04 12:45:51]
rickw001 :
thanks soo much guys for your help,I've tried a few android devices with bad luck(I have NLD also)but went with mini4 and it's been flawless
[2018-10-04 12:49:45]
kilrah :
arrrgh i need new hard drives :disappointed:
[2018-10-04 12:50:52]
cantrepeat :
SSDs?
[2018-10-04 12:51:15]
kilrah :
nah
[2018-10-04 12:51:25]
kilrah :
for the bulk storage
[2018-10-04 12:51:34]
kilrah :
current 12TB is full...
[2018-10-04 12:52:01]
kilrah :
unless you offer me 20TB of SSDs :smile:
[2018-10-04 12:52:03]
cantrepeat :
I don't know how many hours I have on my NAS box but it could use an upgrade. lol, I only have like 3 TB
[2018-10-04 12:52:52]
ender :
have 12 as well. Was nearing 100%. Decided to look for trash. 50% now :stuck_out_tongue:
[2018-10-04 12:53:01]
kilrah :
LOL
[2018-10-04 12:53:23]
kilrah :
i could free a couple of TB but it takes time, too much time
[2018-10-04 12:54:08]
cantrepeat :
@kilrah rm -r /porn 75% free space now!!
[2018-10-04 12:54:13]
kilrah :
lolz
[2018-10-04 12:56:12]
cantrepeat :
OT but what are you using for storage? I've got a thecus atm
[2018-10-04 12:56:22]
ender :
QNAP
[2018-10-04 12:57:05]
ender :
it also runs USBCam stuff for security and Octoprint for my 3D printer
[2018-10-04 12:58:07]
cantrepeat :
yeah, thecus has an IPcam module
[2018-10-04 12:58:28]
cantrepeat :
was thinking about an N5810pro to replace my 3200pro
[2018-10-04 12:58:43]
cantrepeat :
lots of user made modules for it.
[2018-10-04 13:00:36]
kilrah :
just deleted 66GB lol
[2018-10-04 13:01:10]
kilrah :
internal RAID0 of 2 6TB WD Blacks
[2018-10-04 13:01:43]
kilrah :
then 2 backup copies in external dual drive enclosures, also with 2x6TB each
[2018-10-04 13:02:58]
kilrah :
hmm i have half a TB of installed Steam games I almost never play, could get rid of them and reinstall if needed lol
[2018-10-04 13:12:12]
ender :
well, i have straight 4x4GB, one is redundancy…
[2018-10-04 13:12:47]
ender :
+ 4GByte Backup just for the important stuff, i dont need a backup of my pirated movies :slightly_smiling_face:
[2018-10-04 13:16:30]
kilrah :
got too tired of managing what to backup and what not to, with impacts on organization etc so I just backup everything and that's it
[2018-10-04 13:17:05]
kilrah :
also since I regularly travel for extended periods of time i can just take a backup set and have everything with me
[2018-10-04 13:17:29]
kilrah :
and work on it, and resync when back
[2018-10-04 13:24:17]
ender :
i use that qnap cloud service for that but of course not as fast, granted…
[2018-10-04 13:24:38]
ender :
OR my VPN of course… But the QNAP mobile client is pretty IMO.
[2018-10-04 13:31:33]
kilrah :
no good when you're on a 5Mbps connection...
[2018-10-04 13:38:24]
ender :
thats what i said :slightly_smiling_face: but for that poor place everyone got microSD’s and 2.5" HDD’s
[2018-10-04 13:39:16]
kilrah :
means you have to choose what to put on the 2.5"HDD, aka predict what you're going to need one month down the road...
[2018-10-04 13:40:48]
ender :
no as i always have access to the full thing via net. Portable stuff is for dumping data and maybe for taking important stuff to travel but obviously it depends on your usage profile.
[2018-10-04 13:42:19]
kilrah :
net useless, can't wait a day to download a file...
[2018-10-04 13:43:08]
kilrah :
let alone decide "hey i'll work on sorting these photos on this slow day, let's grab these 100GB... NOT"
[2018-10-04 13:49:24]
cantrepeat :
I had faster internet speed in 2000 in Korea then I can get at my house in nowadays
[2018-10-04 13:49:56]
cantrepeat :
almost 20 years and it's still the same. 18down1meg up
[2018-10-04 13:50:09]
cantrepeat :
and that is 70 bucks a month
[2018-10-04 13:50:33]
cantrepeat :
I had 25dn5up in 93 and it was only 45 a month
[2018-10-04 13:50:47]
cantrepeat :
2000*
[2018-10-04 13:50:57]
cantrepeat :
93 was like 5 and 768
[2018-10-04 14:08:48]
d95gas :
200mb down and 20m up here :slightly_smiling_face: (Virgin)
[2018-10-04 14:10:12]
ender :
200 up & down here…
[2018-10-04 14:10:33]
d95gas :
nice :slightly_smiling_face:
[2018-10-04 14:10:39]
ender :
Lucky as hell, small village but near a Backbone wire… usually it would be more like 5/1
[2018-10-04 14:11:04]
d95gas :
to be honest its wasted on me.... Mainly emails and forum's. Dont do facebook or anything like that, very occassionally a movie :wink:
[2018-10-04 14:11:48]
ender :
Well i work at home so everything has to go through that pipeline. WOuld kill myself with < 10/10 i guess :slightly_smiling_face:
[2018-10-04 14:11:51]
d95gas :
To think what we had to pay back in the day when we were configuring T1 lines for banks etc. Was so expensive, several banks shared a T1 line
[2018-10-04 14:12:40]
d95gas :
I am officially home worker, but I much prefer to work in the office and fortunate enough to have 2 very nice sites nearby that I can use
[2018-10-04 14:12:54]
d95gas :
although the house is still full of I.T gear
[2018-10-04 14:21:55]
cantrepeat :
yeah it seems that if you are in metro area with 25000+ subs they will fiber but anything less then that it's twisted copper
[2018-10-04 14:22:28]
cantrepeat :
I can get cable to 100 down but it's shit, like 500+ ms pings to everything and drops all the time
[2018-10-04 14:22:37]
cantrepeat :
I only have the two choices
[2018-10-04 23:35:50]
toskol_xxx :
i tried to resign go4 app with super impactor and always got install error!!!! anyone has same problem pls help thnx so much
[2018-10-04 23:48:46]
rickw001 :
I get that sometimes,just hit start again and away it goes
[2018-10-05 01:11:26]
rickysuper :
I got error at every first installation, just install again and was OK.
[2018-10-05 02:22:54]
toskol_xxx :
yea i did hit start so many times still wont resign i dont have this problem before it just weird !!!thanx for your reply guys
[2018-10-05 06:14:09]
kurdi80 :
I removed database for ios v4.3.3
[2018-10-05 06:14:33]
kurdi80 :
[2018-10-05 06:14:49]
kurdi80 :
[2018-10-05 06:43:38]
kurdi80 :
Any one need help
[2018-10-05 07:22:52]
mr.vibez :
Pls
[2018-10-05 08:12:39]
makingthisnameup :
my ipad4 install is basically in there by strings. no idea how I got it working. I question it. should probably remove the wind warning
[2018-10-05 08:13:38]
makingthisnameup :
but WORKS
[2018-10-05 08:13:48]
makingthisnameup :
... today so far
[2018-10-05 08:35:40]
mr.vibez :
I really want rid of the wind and altitude warnings
[2018-10-05 08:47:11]
jezzab :
Patches welcome :)
[2018-10-05 09:45:20]
per :
so ok, again: totally noobish here. I need help! I’ve got the patched .IPA from you guys here, but I can’t sign it. running on mac. help! :disappointed:
[2018-10-05 09:47:12]
mr.vibez :
I tried to port the wind warning patch from Android but the iOS version doesn't have the same method. I'll keep looking
[2018-10-05 09:50:08]
mr.vibez :
Currently using classdump to search for interesting method names. Must be a better way
[2018-10-05 18:22:55]
ddzobov :
If you have tweak.js patch for dji go 4 you can send code for me or open pull request at github
[2018-10-06 18:24:46]
sclark6389 :
anyone have any ideas why I get these errors? thanks
[2018-10-07 19:15:07]
pete.collins :
hey guys, trying to sideload the DJI Go4 app and getting a 1200 error. Side loaded quite alot of apps before and had no problem (including on my iPhone XS Max) but this won't go. Am I being an idiot?
[2018-10-07 19:17:24]
pete.collins :
the "you are not allowed to perform this operation" error :disappointed:
[2018-10-07 21:07:39]
pete.collins :
ok managed to install it on an Iphone 6+ with alot of fiddling but the Iphone XS Max wont have it on either MacOS or Windows with Cydia/Xcode direct or Superimpactor - I await a guru to tell me what I'm doing wrong lol
[2018-10-08 07:55:00]
sclark6389 :
ok thanks I think I found the problem I thought my ipad was connecting to xcode to generate the sigurtures but its not so of course without it doing that it wont make the mobileprovison file
[2018-10-09 21:42:34]
abdo054 :
Hey everyone.. is there a how to for installing a modded Go4 on IOS 12?
[2018-10-10 01:46:48]
rickysuper :
@abdo054 <http://dji.retroroms.info/howto/apple_ios_patched_dji_go4>
[2018-10-10 01:47:19]
abdo054 :
Thanks @rickysuper
[2018-10-10 06:22:27]
abdo054 :
Hey guys so I was able to download a modded app to the iphone .. my question now is to use my account to sign in with?
[2018-10-10 06:23:19]
abdo054 :
I tried "a" "b" it didn;t work
[2018-10-10 06:25:36]
abdo054 :
never mind my question
[2018-10-10 07:21:53]
d95gas :
You need to use either your own account details or a burner account. The IOS app did'nt not have the option to use the "a" and "b" option..... but I'm sure it will come
[2018-10-10 07:37:00]
abdo054 :
Thanks @d95gas
[2018-10-10 07:40:11]
abdo054 :
is this solution permanent or only valid for 7 days? <http://dji.retroroms.info/howto/apple_ios_patched_dji_go4>
[2018-10-10 07:40:24]
abdo054 :
Since I don't have a developer account
[2018-10-10 08:21:59]
rickysuper :
7 days only
[2018-10-10 08:22:20]
rickysuper :
You have to resign the app through Superimposer
[2018-10-10 08:31:50]
abdo054 :
Is it a weekly process or only once?
[2018-10-10 08:33:31]
abdo054 :
Never mind
[2018-10-10 08:33:49]
abdo054 :
Thanks
[2018-10-10 08:41:31]
rickysuper :
Weekly
[2018-10-10 08:41:46]
rickysuper :
or you root your iphone
[2018-10-10 16:56:38]
d95gas :
Not sure rooting is an option on IOS12 at the moment :wink:
[2018-10-10 22:53:29]
abdo054 :
<https://www.redmondpie.com/block-apple-7-day-app-revokes-on-ios-11-without-jailbreak-heres-how/>
[2018-10-10 22:54:00]
abdo054 :
Anyone tried this?
[2018-10-10 22:59:37]
cantrepeat :
Did not click.
[2018-10-11 05:22:42]
kilrah :
"There's no need to use this , this was made when there was no iOS 11 jailbreak , please use ElectraJB"
[2018-10-11 05:40:56]
abdo054 :
what if i just want to sideload for an infinite period without jailbreaking?
[2018-10-11 05:42:22]
kilrah :
well this is kind of a partial jailbreak, so...
[2018-10-11 05:42:32]
abdo054 :
I see
[2018-10-11 05:42:45]
abdo054 :
I was just wondering is someone gave it a try
[2018-10-11 05:43:00]
kilrah :
the sentence i pasted above is what the author said
[2018-10-11 05:43:13]
abdo054 :
Yeah i saw that :+1:
[2018-10-12 06:22:16]
sclark6389 :
any idea where I can download xcode 9?? I cant get older verisons from apple cause I am not a paying delvoper :disappointed:
[2018-10-12 06:43:29]
sclark6389 :
never mind I think I found a site that has older version :slightly_smiling_face: I will know later if it works :slightly_smiling_face:
[2018-10-19 00:15:29]
cantrepeat :
There is a new j/b for iOS 11.0-11.4 beta 3
[2018-10-19 00:15:31]
cantrepeat :
<https://www.reddit.com/r/jailbreak/>
[2018-10-19 00:15:45]
cantrepeat :
might be a group that you can trust more then coolstar
[2018-10-19 04:54:06]
sclark6389 :
Codesigning patched IPA...
{ Error: not found: 7z
at getNotFoundError (/usr/local/lib/node_modules/applesign/node_modules/which/which.js:13:12)
at F (/usr/local/lib/node_modules/applesign/node_modules/which/which.js:68:19)
at E (/usr/local/lib/node_modules/applesign/node_modules/which/which.js:80:29)
at /usr/local/lib/node_modules/applesign/node_modules/which/which.js:89:16
at /usr/local/lib/node_modules/applesign/node_modules/isexe/index.js:42:5
at /usr/local/lib/node_modules/applesign/node_modules/isexe/mode.js:8:5
at FSReqWrap.oncomplete (fs.js:154:21) code: 'ENOENT' }
Cannot find entitlements in binary. Using defaults.
[2018-10-19 04:56:35]
sclark6389 :
any ideas? on this error? thanks
[2018-10-19 05:56:40]
sclark6389 :
never mind I think I figure it out :slightly_smiling_face:
[2018-10-19 06:04:02]
sclark6389 :
well I got the errors fixed I think but I still cant side load it I get verification failed :disappointed: any ideas on why I get that?
[2018-10-19 06:05:45]
sclark6389 :
I still get this mgs tho Cannot find entitlements in binary. Using defaults
[2018-10-19 15:13:53]
martinbogo :
Wow, surprised they found one at all.
[2018-10-19 15:14:06]
martinbogo :
But 12.0.1 is in general deployment now
[2018-10-20 06:45:14]
sclark6389 :
hi - I am having problems installing a ipa file I get verification failed :disappointed: I did sign the ipa file so I am not sure if its a signing problem or?? any ideas would be great thanks :slightly_smiling_face:
[2018-10-21 05:57:03]
sclark6389 :
hum even a decrypted Go4 app with no mods fails verification when installing what I am missing or doing wrong ? :slightly_smiling_face:
[2018-10-21 06:15:22]
jezzab :
It sounds like a signing problem
[2018-10-21 15:15:50]
chipmangini :
Are there different Tweak.js for a P4P?
[2018-10-21 16:15:12]
sclark6389 :
yes that is what i am thinking too but even the decrypted Go4 app I download from web site do that error too are they not signed? the ones I mod I am signing them how can I check to see if its a signing problem?
[2018-10-21 16:18:23]
sclark6389 :
also when I do security find-identity -p codesigning -v command it does come back with the signing info
[2018-10-21 21:04:01]
rickw001 :
does the Zobov Go app or tweak.js patch have the extra gps sats? thanks
[2018-10-21 21:04:27]
rickw001 :
for mavic 1 pro
[2018-10-21 21:31:47]
chipmangini :
@rickw001 Yes, 32 sats
[2018-10-21 21:33:33]
rickw001 :
damn,I'm only getting 19 at most,which version has it?
[2018-10-21 21:50:21]
rickw001 :
mavic is still on 700 fw
[2018-10-21 22:13:49]
chipmangini :
@rickw001 4.1.22 from my understanding. <http://dji.retroroms.info/howto/apple_ios_patched_dji_go4>
[2018-10-21 23:34:46]
cantrepeat :
4.1.22 but FC patcher is the important part.
[2018-10-21 23:35:15]
cantrepeat :
1.04.0300 FC Patcher
[2018-10-22 00:23:49]
rickw001 :
I thought 4.1.22 was android?
[2018-10-22 03:40:19]
sclark6389 :
yes looks like its a signing problem :disappointed: I get Product identifiers don't match error :disappointed: any idea on how to fix that :slightly_smiling_face:
[2018-10-22 03:43:22]
sclark6389 :
well I am having a signing problem :disappointed: I get Product identifiers don't match error :disappointed: any ideas on how to fix that :slightly_smiling_face:
[2018-10-22 07:59:54]
ddzobov :
32 channels, not galileo sats
[2018-10-22 08:00:04]
ddzobov :
For galileo need to patch fw
[2018-10-22 09:34:06]
rickw001 :
that's what I thought,thanks
[2018-10-22 09:35:57]
cs2000 :
Coming soon to NLD :crossed_fingers:
[2018-10-22 09:37:10]
rickw001 :
that will be super,thanks
[2018-10-22 09:39:21]
cantrepeat :
32 chan is in the app, 32 sats needs FC
[2018-10-22 09:47:47]
rickw001 :
I will wait for NLD lol,scared to patch,don't won't to brick my toy
[2018-10-22 09:48:31]
cs2000 :
current FC patching method is proven and indeed public, but its rather in depth. if youre even a little scared of it, id also wait, smart choice.
[2018-10-22 09:48:43]
cantrepeat :
It really is a great investment.
[2018-10-22 09:49:33]
cs2000 :
Trust me, once the website issues are sorted and support system is back online, our next tasks are bug fixing, a small change to the firmware flashing procedure to improve reliability and then custom FC stuff. I know we say "soon" a lot, but stick with it, NLD is a small team :wink:
[2018-10-22 09:49:54]
cantrepeat :
I've done the FC already, but when the point and clicky come out I'll be making a FW there too.
[2018-10-22 09:50:19]
cantrepeat :
Soom™
[2018-10-22 09:50:38]
cs2000 :
from the Valve school of development
[2018-10-22 09:50:53]
cantrepeat :
Soon™
[2018-10-22 09:50:57]
cantrepeat :
lol fat fingered it
[2018-10-22 09:51:20]
rickw001 :
NLD was the best money ever spent on my mavics,just wish it supported ios
[2018-10-22 09:51:52]
cs2000 :
me too haha, its just not there im afraid, the hoops apple make you jump through are _insane_
[2018-10-22 09:52:25]
cs2000 :
we did start looking at it in summer last year, @czokie started work on the "Patch-O-Matic" but i think time and the stupid restrictions killed it
[2018-10-22 09:53:27]
cantrepeat :
I wonder what the angle would be to patching an app already on your phone. Sounds like something apple would stop dead in its tracks
[2018-10-22 09:53:44]
rickw001 :
I don't mind the 7day resign too much with Zobov,so it's ok
[2018-10-22 09:54:44]
cantrepeat :
personally, I think iPads are too big for drone screens. There are some nice, cheap galaxy tabs that are perfect fit for flying
[2018-10-22 09:54:57]
cantrepeat :
and iphones are too small for my old eyes
[2018-10-22 09:56:34]
rickw001 :
I use mini4,works great no problems,I'm an old man so my eyes are leaving me,I tried a few android and always had problems
[2018-10-22 09:59:14]
cs2000 :
@catalinaskirace well...DJI was doing it originally...
[2018-10-22 09:59:39]
cs2000 :
The issue is that these backdoors for patching look at a URL, of course this is owned by the app developer and we cant just change it
[2018-10-22 10:00:28]
cantrepeat :
yeah, apple shutdown the back door patching didn't they.
[2018-10-22 10:00:45]
cs2000 :
well, its always been "not allowed", but many companies have snuck it in
[2018-10-22 10:01:18]
cantrepeat :
yeah, I don't like it either. If I want a new version of something I'll download it.
[2018-10-22 10:01:52]
cs2000 :
and apps run "sandboxed" so we cant do something like, develop and NLD app where you open our app, tap a button and it applies mods to the standard Go4. They cant see each other or mess with memory that isnt allocated to them
[2018-10-22 10:02:23]
cs2000 :
its great in some ways, but terrible in others (like this)
[2018-10-22 10:06:17]
cantrepeat :
I guess the only way other then j/b would be to write an entire app from the ground up but what a task that is for such a small community. You'd have to be cross platform and have a lot of new stuff to support such a project.
[2018-10-22 10:07:44]
rickw001 :
I bet a lot of people would pay $25 for just such an app
[2018-10-22 10:09:10]
cantrepeat :
Yeah define a "lot" -- the amount of work that would go into something like that might not support 200 people paying 25 bucks.
[2018-10-22 10:10:09]
rickw001 :
I bet litchi or however you spell it has sold a lot more than 200,lol
[2018-10-22 10:13:16]
cantrepeat :
I agree
[2018-10-22 10:13:46]
cantrepeat :
That's why I say it has to be more then just an alternate app with some patching in it.
[2018-10-22 10:14:03]
cs2000 :
But litchi is a good boy, uses all the official DJI API's
[2018-10-22 10:14:21]
cs2000 :
If we had our app on the store, DJI would copyright takedown that thing so fast..
[2018-10-22 10:14:44]
cs2000 :
Plus none of the DJI devs are iOS coders
[2018-10-22 21:34:08]
chipmangini :
I just got my iPad jailbroken with Cydia installed, but am crap on ios. I already figured out, and used SuperImpactor to install the 4.3.3.IPA, and it works fine. My question is do any of you know how to sign the DJI Go 4 4.3.3.IPA for more than a week? I know that I can get a Dev account, but if I don't need to spend a hundred bux that I may not have to, I would like to learn how. Any help???
[2018-10-22 22:01:15]
cantrepeat :
I think, at this point, it's either a dev account or wait for someone to write some sort of auto signer like they had in the 9.3.3 days
[2018-10-22 22:56:44]
chipmangini :
@catalinaskirace K thanks!
[2018-10-23 00:49:15]
sclark6389 :
the problem I am having is signing a ipa file that I compiled I either get verification failed or APIInternalError and I am not sure why right now :disappointed:
[2018-10-23 00:50:27]
sclark6389 :
and yes I have ios developer cert ( 7 days) and a mobileprovision file
[2018-10-23 00:56:02]
sclark6389 :
I get thoses errors when I try ti install the ipa onto my ipad :disappointed:
[2018-10-23 02:09:07]
sclark6389 :
Technically speaking, ( unless I am wrong) if I have a ios developer cert I should be able to load a ipa I signed without using cydia impactor?
[2018-10-23 07:34:00]
kilrah :
@chipmangini you need to install appsync, then as long as you're jailbroken there will be no need for any signature at all
[2018-10-23 09:59:35]
chipmangini :
@kilrah Thanks!
[2018-10-23 10:17:59]
cantrepeat :
@kilrah appsync does signing?
[2018-10-23 10:32:13]
sotiris.tripolitsioti :
@sclark6389 After itunes version 12.7 you cannot install ipas directly to an idevice. So you must use either Testflight (an app that allows beta apps to be installed) or use itunes up to version 12.7 or Superimpactor :slightly_smiling_face:
[2018-10-23 11:46:23]
sclark6389 :
yes I get one of thoses errors when I use superimpactor :disappointed: and I am not sure why I do :disappointed:
[2018-10-23 13:14:16]
rickw001 :
@chipmangini let me know how that works out,might have you walk me thru it,lol
[2018-10-23 13:19:50]
chipmangini :
@sclark6389 I got 4.3.3.ipa installed using SuperImpactor, and got errors all along the way. I just kept telling it to install, and every time it went a little bit farther, until it was installed. Works fine, but needs to be resigned every 7 days :stuck_out_tongue_winking_eye::face_with_rolling_eyes:
[2018-10-23 14:38:15]
cantrepeat :
ah nice
[2018-10-23 15:32:19]
sclark6389 :
hum I thought when I got any type of error superimpactor would stop hum I will have to try again later when I get home
[2018-10-24 04:39:03]
kokd2001-123 :
use "Reprovision" if want to auto resigning
[2018-10-24 06:32:17]
sotiris.tripolitsioti :
@kokd2001-123 Reprovision is available only for jaibroken i-devices though...
[2018-10-24 07:18:45]
kokd2001-123 :
he asking jailboren device resigning
[2018-10-24 10:56:15]
cs2000 :
@chipmangini as has been mentioned before, add "<https://cydia.angelxwind.net>" as a repo in cydia and install AppSync Unified
[2018-10-24 10:56:30]
cs2000 :
Then you never need to sign any apps, the signing checks are just bypassed
[2018-10-24 11:10:01]
cantrepeat :
^^ Makes me want to j/b something!
[2018-10-24 11:17:24]
chipmangini :
@cs2000 Thanks for the info on AppSync Unified. I just installed the repo and app, but it doesn't show up as a app. Is it just an extension that has no front end? I tried to reinstall it, and same thing...
[2018-10-24 11:18:46]
chipmangini :
@sotiris.tripolitsioti I tried Reprovision, and it just seems to crash without doing anything. Any ideas?
[2018-10-24 12:08:18]
cs2000 :
@chipmangini their is no frontend for it :slightly_smiling_face:
[2018-10-24 12:08:44]
cs2000 :
You just load the app by dropping it into iTunes (the old version, 12.6 was it?) and it will install and just work
[2018-10-24 12:13:21]
chipmangini :
@cs2000 Ahhh, thanks for the info! I'll give it a try when I get home, and let you know....:+1:
[2018-10-24 16:40:07]
rickw001 :
just rooted mini4,installed angelxwind and AppSync,do I need to do anything else?renew root or anything,thanks guys for info
[2018-10-24 20:37:06]
chipmangini :
@cs2000 After installing AppSync Unified, and using iTunes 12.6.3, the 4.3.3.ipa installed and works perfectly! Thanks a bunch for your help! :smirk::+1:
[2018-10-26 08:47:15]
bnene2003 :
Can someone tell me if I got Dev a/c how to put the cert to the 4.3.3 ipa? Thanks in advance.:slightly_smiling_face:
[2018-10-26 09:39:52]
kilrah :
superimpactor...
[2018-10-28 07:10:27]
sclark6389 :
what is the best way to RENEW an developer cert ( 7 days) and a mobileprovision file using xcode or keychain? and how? thanks
[2018-10-30 21:07:56]
sclark6389 :
hi do you know where I can download a decrypted version of go 4 4.3.3 at? thanks
[2018-10-31 15:02:55]
rickw001 :
hey guys,do I have to unzip appsync before I put in itunes?thanks
[2018-10-31 15:20:51]
cs2000 :
nooo, lol, appsync isnt an IPA, its a DEB package that comes through cydia anyway
[2018-10-31 15:21:18]
cs2000 :
add "<https://cydia.angelxwind.net>" as a repo in cydia and install AppSync Unified
Then you never need to sign any apps, the signing checks are just bypassed. You cant do it on an non jailbroken device
[2018-10-31 15:23:38]
rickw001 :
I tried that and this morning nothing would open,like everything expired?
[2018-10-31 15:24:22]
rickw001 :
cydia won't open,electra won't open
[2018-10-31 15:25:01]
cs2000 :
Ahh OK, then yeah the 7 day signing has expired, theirs a better way
[2018-10-31 15:26:21]
cs2000 :
On your phone, go to "<https://ignition.fun/>" and add it to your home screen
[2018-10-31 15:26:29]
rickw001 :
I jailbroke my mini4,installed cydia and angewind before,now nothing
[2018-10-31 15:27:51]
cs2000 :
Then select Electra from there
[2018-10-31 15:28:12]
cs2000 :
These guys's version of electra is signed with their dev cert so it will need trusting, but it doesnt expire every 7 days
[2018-10-31 15:49:07]
rickw001 :
great,I will try that
[2018-10-31 15:49:33]
rickw001 :
thanks,thought I was screwing something up again,lol
[2018-10-31 17:29:24]
kilrah :
the dev cert still gets revoked regularly so you have to reinstall it every couple of weeks anyway lol
[2018-10-31 17:47:26]
rickw001 :
that's fine,thanks for info
[2018-11-01 01:17:22]
rickysuper :
dev. cert would not expire within one year contact period. You have to use Xcode to embed the cert to the frida app and deploy to your IOS device.
[2018-11-01 07:43:32]
kilrah :
dev cert can be revoked by apple when they consider there's a TOS violation, and that's what happens
[2018-11-01 07:49:45]
kilrah :
installing an app with a valid dev cert doesn't mean the device will consider it good for a year
[2018-11-01 07:50:01]
kilrah :
it's the cert that's valiidated for a year on apple's servers
[2018-11-01 07:50:30]
kilrah :
the device still regularly checks online that the certs for the installed dev mode apps are still valid
[2018-11-01 07:50:57]
kilrah :
and only allows the app to run if it's been successfully checked in the last X days
[2018-11-04 11:23:06]
saleem941 :
[2018-11-04 13:11:32]
cyril94440 :
Hey guys, I am an iOS developer and I am interested in hacking the DJI app to easily stay in FCC Mode with Mavic Air by avoiding the annoying popup. Any idea where to start from? I don't know much about iOS reverse engineering
[2018-11-04 13:13:09]
jezzab :
Frida, and IDA (or your disassembler of choice)
[2018-11-04 13:14:04]
jezzab :
Being an iOS developer you should have no problems reading the decompiled ObjC output from IDA :)
[2018-11-04 13:16:09]
cyril94440 :
No need to jailbreak?
[2018-11-04 13:16:45]
jezzab :
Self sign7 days, dev cert 1 year or JB
[2018-11-04 13:18:11]
cyril94440 :
I meant to reverse engineer the current DJI app, not install it
[2018-11-04 13:19:35]
jezzab :
What has JB got to do with that?
[2018-11-04 13:19:40]
jezzab :
Just RE the IPA
[2018-11-04 13:20:26]
jezzab :
And you downloaded the frida one so you already have it decrypted
[2018-11-04 13:29:09]
cyril94440 :
Sounds good, thanks for your help
[2018-11-05 05:43:11]
sclark6389 :
cyril94440 - it would be easier to just modify the tweak.js file ( i.e remove popup windows and just have it go to FCC mode using the var) then just upload the tweak file using itools4, etc :slightly_smiling_face:
[2018-11-05 05:45:09]
sclark6389 :
or just force a boost :slightly_smiling_face:
[2018-11-05 05:50:39]
sclark6389 :
if anyone knows where I can download a crack or serial number file for hopper please let me know :slightly_smiling_face:
[2018-11-05 06:48:45]
jezzab :
@sclark6389 if you look at the `Tweak.js` file for FCC it actually piggybacking on the old `.DJIconfigs` code which was used for Mavic Pro ForceFCC, Boost and P4 32 Channel
-Force Boost wont work on anything other then an Ocusync device for a start
-Its not tricking the country code its tapping into that check and then it forces the app to send the SDR config packets for the extra power (FCC or Boost)
-32 Channel is different packets again and only for LightBridge devices
[2018-11-05 06:50:13]
jezzab :
The Mavic Air doesnt have an SDR its just wifi. For it to kick in FCC it needs to be sent the DUML packet for US (same as Spark). And that script on the actual AC does `iw reg set US` and the reboots
[2018-11-05 06:52:18]
jezzab :
Also the Force FCC code in the IPA specifically checks the product code for `Mavic` or `Mavic Pro`
[2018-11-05 06:56:40]
jezzab :
If you made a hook to set the country code to US then it would work on _all_ aircraft (you wouldnt need the Force FCC)
But due to the logic of how its checked:
DNS
IP
GPS
MCC
etc
It is difficult. Android is a bit easier because you can patch in and edit vs having to hook the actual running functions (and finding the right one to hook)
[2018-11-05 07:04:14]
rickysuper :
Don't know why 0.22 Tweak FCC always revert back to CE
[2018-11-05 07:52:08]
sclark6389 :
jezzab - ahhhh ok I forgot mavic air is different then mavic pro
[2018-11-05 10:04:28]
sclark6389 :
what decrypted program are you guys using? rasticrac don't work on 11 :disappointed:
[2018-11-05 10:29:22]
ddzobov :
Anyone have 4.3.4 pure ipa?
[2018-11-05 10:32:29]
ddzobov :
My tweak already changes country code to us
[2018-11-05 10:32:43]
ddzobov :
And bypasses all checks
[2018-11-05 10:36:35]
cs2000 :
Normally @kilrah sends them out, ive only got up to 4.3.3
[2018-11-05 10:45:33]
kilrah :
I have it but can't upload until a bit later
[2018-11-05 11:53:01]
sclark6389 :
pure as in decrypted or no?
[2018-11-05 11:56:07]
cs2000 :
yes
[2018-11-05 11:57:01]
sclark6389 :
I don't have a decrypted one :disappointed: mater of fact what are you guys using to decrypted?
[2018-11-05 15:28:44]
kilrah :
bfinject
[2018-11-05 15:33:53]
kilrah :
@ddzobov <https://www.dropbox.com/s/7no2j31iljngs3i/DJI%20GO%204%204.3.4%20%28decrypted%29.ipa?dl=1>
[2018-11-05 15:57:53]
cs2000 :
Thanks @kilrah
[2018-11-05 15:58:12]
cs2000 :
555Mb, holy crap these things are inflated nowadays
[2018-11-05 15:58:20]
kilrah :
aye
[2018-11-05 16:02:55]
cs2000 :
for reference:
DJI Go4 4.0.0 was 175,500,627 bytes.
DJI Go4 4.3.4 is 581,604,590 bytes.
What other app of any kind do you know that has grown over 3x its original size within the same major version number :joy:
[2018-11-05 16:07:05]
kilrah :
lol
[2018-11-05 16:08:52]
rickw001 :
can I just add this one in to superimpactor?
[2018-11-05 16:09:57]
rickw001 :
do I have to delete old ones?
[2018-11-05 16:10:23]
cs2000 :
yeah they wont stack ontop one another or live side by side, one version at a time :slightly_smiling_face:
[2018-11-05 16:10:46]
rickw001 :
kk,thank you
[2018-11-05 16:23:37]
kilrah :
this gives you nothing other than the stock app
[2018-11-05 16:23:47]
kilrah :
apart from the need to resign every 7 days...
[2018-11-05 16:27:57]
rickw001 :
even with Zobov patch?
[2018-11-05 16:37:08]
cs2000 :
yeah, its an apple thing
[2018-11-05 16:37:24]
cs2000 :
7 day personal signing, 1 year developer cert signing
[2018-11-05 16:37:30]
cs2000 :
or jailbreak and disable all signing
[2018-11-05 16:42:15]
rickw001 :
that's what I've been doing with 4.3.0
[2018-11-05 21:19:16]
chipmangini :
@kilrah Is this patched yet?
[2018-11-06 04:54:35]
kilrah :
No...
[2018-11-06 04:54:56]
kilrah :
I cannot patch, and what's patched will have frida in the name, like always.
[2018-11-06 05:35:38]
sclark6389 :
damnn windows!!! I miss windows 3.1!!! well for that matter dos!!! lol lol lol
[2018-11-06 05:37:09]
sclark6389 :
yup iam old!!! ha ha ha lol
[2018-11-06 18:51:45]
mr.vibez :
I'll patch it in a moment. Best place to upload to?
[2018-11-06 20:33:30]
rickw001 :
where ever,just tell me where,lol
[2018-11-06 20:46:13]
sclark6389 :
Rickw - what version are you looking for?
[2018-11-06 20:46:53]
rickw001 :
the newest patched 44.3.4
[2018-11-06 20:47:23]
sclark6389 :
I have my version that I patched if you want it that is?
[2018-11-06 20:47:58]
rickw001 :
same as Zobov?
[2018-11-06 20:48:53]
sclark6389 :
yes BUT my you can install side by side with other version that was download from app store if that makes any sense?
[2018-11-06 20:49:12]
rickw001 :
that would be great
[2018-11-06 20:50:21]
rickw001 :
it will work standalone,right?
[2018-11-06 20:50:47]
sclark6389 :
what you mean by standalone?
[2018-11-06 20:51:07]
rickw001 :
I'm using patched 4.3.0 right now
[2018-11-06 20:51:17]
rickw001 :
by itself
[2018-11-06 20:51:42]
sclark6389 :
yes and it should install side by side with that version to :slightly_smiling_face:
[2018-11-06 20:51:48]
sclark6389 :
<http://files.vultureaerialphoto.com/droneuser/modipa/tweak%20DJI%20GO%204%20(4.3.4).ipa>
[2018-11-06 20:52:34]
rickw001 :
d/l ing now,thanks
[2018-11-06 20:52:59]
sclark6389 :
no problem let me know how to goes for ya :slightly_smiling_face:
[2018-11-06 20:53:50]
rickw001 :
sure will,raining here at east coast right now,soon as it clears I will give it a try
[2018-11-06 20:54:40]
sclark6389 :
I also patch older version 4.0.8 too :slightly_smiling_face: that version seems to work well with older iphones and ipad mini's just a fyi :slightly_smiling_face: and yes its raining here too :disappointed:
[2018-11-06 20:55:32]
rickw001 :
that's the one I liked but my copy screwed up,I'm running mini4
[2018-11-06 20:55:59]
sclark6389 :
of coruse that version is PRE mavic pro 2
[2018-11-06 20:56:07]
rickw001 :
yep
[2018-11-06 20:56:33]
sclark6389 :
<http://files.vultureaerialphoto.com/droneuser/modipa/tweak%20DJI%20GO%204%20(4.0.8).ipa>
[2018-11-06 20:56:47]
sclark6389 :
yup you can install that one side by side too :slightly_smiling_face:
[2018-11-06 20:56:59]
rickw001 :
haha,you read my mine,thank you very much
[2018-11-06 20:57:14]
sclark6389 :
no problem :slightly_smiling_face:
[2018-11-06 20:57:44]
rickw001 :
how does the newest version work with overlay?
[2018-11-06 20:59:40]
sclark6389 :
I my self don't run the newer version my ipad mini gets to laggy so I cant answer your question to that sorry :disappointed: it should be fine???
[2018-11-06 21:00:07]
rickw001 :
so I might have lag problems?
[2018-11-06 21:00:44]
sclark6389 :
it seems some do some don't so you will have to try it and see
[2018-11-06 21:01:48]
rickw001 :
will let you know,I would love the extra satellites but I'm too pc stupid to do it,lol
[2018-11-06 21:02:22]
sclark6389 :
yes please do, and some day iam too!! lol lol
[2018-11-06 21:03:04]
rickw001 :
thanks again,will try loading it now
[2018-11-06 21:03:20]
sclark6389 :
np :slightly_smiling_face:
[2018-11-06 21:23:11]
rickw001 :
done,is there a way to select imperial or metric on this version?
[2018-11-06 21:26:45]
sclark6389 :
there should be in the app menu I would have to look it up to tell you where its at
[2018-11-06 21:27:10]
rickw001 :
I've been looking,can't find it,lol
[2018-11-06 21:28:22]
sclark6389 :
push the three dots should be on top
[2018-11-06 21:28:46]
rickw001 :
did that
[2018-11-06 21:29:18]
sclark6389 :
under general setting you may have to scholl up
[2018-11-06 21:29:31]
sclark6389 :
or scholl down I mean
[2018-11-06 21:29:46]
rickw001 :
doesn't show like older apps
[2018-11-06 21:30:28]
sclark6389 :
what you mean?
[2018-11-06 21:30:55]
rickw001 :
don't see anywhere to change it
[2018-11-06 21:31:20]
rickw001 :
use to be on top of screen
[2018-11-06 21:31:55]
sclark6389 :
I see it three dots up on top then its right on top
[2018-11-06 21:32:36]
sclark6389 :
I am thinking you have to scholl the page down then it will be on the top
[2018-11-06 21:33:10]
rickw001 :
main controller settings?
[2018-11-06 21:33:46]
sclark6389 :
no at the bottom three more dots
[2018-11-06 21:33:58]
sclark6389 :
under camera
[2018-11-06 21:34:54]
rickw001 :
about?
[2018-11-06 21:35:11]
sclark6389 :
now scholl up
[2018-11-06 21:35:23]
sclark6389 :
don't selected about
[2018-11-06 21:35:39]
rickw001 :
lmfao,dumb ass me,got it
[2018-11-06 21:35:46]
sclark6389 :
:slightly_smiling_face:
[2018-11-06 21:36:33]
rickw001 :
sorry,that's what happens when you get old(69)
[2018-11-06 21:36:58]
sclark6389 :
no worries :slightly_smiling_face: I am getting there myself
[2018-11-06 21:37:50]
rickw001 :
don't think rain is going to quit tonight,hope to fly in the morning,thanks much
[2018-11-06 21:38:09]
sclark6389 :
np did it install side by side?
[2018-11-06 21:38:16]
rickw001 :
yep
[2018-11-06 21:38:23]
sclark6389 :
good :slightly_smiling_face:
[2018-11-06 21:38:45]
rickw001 :
and the overlay looks nice
[2018-11-06 21:40:05]
sclark6389 :
yes should work good :slightly_smiling_face:
[2018-11-06 21:41:02]
sclark6389 :
I am sure as you know you will have to reinstall it in 7 days :disappointed:
[2018-11-06 21:41:15]
sclark6389 :
unless your ipad is jailbroken
[2018-11-06 21:42:32]
rickw001 :
I'm j/b,not sure if it's set up right
[2018-11-06 21:43:32]
sclark6389 :
ahh ok well in 7 days you will find out.. I am kinda of jail broken lol meaning I haven't play with it yet..lol
[2018-11-06 21:43:46]
sclark6389 :
what jail break did you used?
[2018-11-06 21:44:25]
rickw001 :
haha,after I did it it skipped the signing last week,electra from on here
[2018-11-06 21:45:02]
rickw001 :
ignition installer
[2018-11-06 21:45:04]
sclark6389 :
where are the files for here?
[2018-11-06 21:45:16]
sclark6389 :
maybe I will play with that version
[2018-11-06 21:45:58]
rickw001 :
ignition installer first,electra in that
[2018-11-06 21:46:30]
sclark6389 :
where you get ignition installer at?
[2018-11-06 21:47:03]
rickw001 :
scroll up in this thread
[2018-11-06 21:47:40]
rickw001 :
Ignition Installer
[2018-11-06 21:47:57]
sclark6389 :
how far up?
[2018-11-06 21:48:32]
rickw001 :
oct 31
[2018-11-06 21:50:48]
sclark6389 :
ok cool thanks
[2018-11-06 21:51:09]
rickw001 :
then angelwind,then appsync
[2018-11-06 21:51:23]
sclark6389 :
ok thanks
[2018-11-06 21:52:03]
rickw001 :
guess I will find out next week if it still works,lol
[2018-11-06 21:53:22]
sclark6389 :
lol lol damn apple! this signing bs is just dumb!
[2018-11-06 21:54:44]
sclark6389 :
I thought about buying the dev so I wont have to deal with this
[2018-11-06 21:55:43]
sclark6389 :
then I would have my own signing cert
[2018-11-06 21:58:00]
rickw001 :
I would,but nowdays I have to watch every dollar
[2018-11-06 21:58:26]
sclark6389 :
ohh yes I know what you mean there! :disappointed:
[2018-11-06 21:58:58]
sclark6389 :
perhaps if everyone in the channel chipped in for one :slightly_smiling_face:
[2018-11-06 21:59:27]
rickw001 :
when using the modded 4.06 I didn't have to resign
[2018-11-06 22:00:22]
sclark6389 :
really hum
[2018-11-06 22:01:19]
sclark6389 :
you mean 4.0.6 version?
[2018-11-06 22:01:42]
rickw001 :
yes
[2018-11-06 22:02:07]
sclark6389 :
well I will have to mod that version now to see :slightly_smiling_face:
[2018-11-06 22:02:29]
sclark6389 :
I would assume you wasn't jailbroken correct?
[2018-11-06 22:02:55]
rickw001 :
only reason I used it was 4.08 messed up,got them from Steve,digdat0
[2018-11-06 22:03:09]
rickw001 :
correct
[2018-11-06 22:03:30]
rickw001 :
drag them over in itunes
[2018-11-06 22:03:59]
sclark6389 :
older version of iTunes or no?
[2018-11-06 22:04:04]
rickw001 :
yes
[2018-11-06 22:04:14]
sclark6389 :
what version?
[2018-11-06 22:04:34]
rickw001 :
let me check
[2018-11-06 22:04:42]
sclark6389 :
ok
[2018-11-06 22:05:34]
rickw001 :
12.3.1 I think
[2018-11-06 22:07:01]
sclark6389 :
ok I will mod 4.0.6 but you being jailbroken now we wont be able to tell
[2018-11-06 22:11:34]
jezzab :
Im guessing it was just a stock app and you added the `.DJIconfigs` file in iTunes to the apps documents folder. This is how you could do it before they removed it.
[2018-11-06 22:12:00]
sclark6389 :
ahh that is a good point
[2018-11-06 22:12:33]
rickw001 :
digdat0 gave them to me and I dragged them in itunes,lol
[2018-11-06 22:12:47]
rickw001 :
they were modded
[2018-11-06 22:13:23]
sclark6389 :
what did you drag in? one file or two?
[2018-11-06 22:13:50]
rickw001 :
just whichever I wanted,4.06,4.08
[2018-11-06 22:13:55]
rickw001 :
1
[2018-11-06 22:15:16]
sclark6389 :
hummm the way jezzab is talking about I think there would be two files you would have to drag in unless you had 4.0.6 install already then there would be just one
[2018-11-06 22:15:30]
sclark6389 :
one file I mean
[2018-11-06 22:16:04]
rickw001 :
he might have dragged 2,but whenever I wanted to change I would drag 1
[2018-11-06 22:16:39]
rickw001 :
told you I was pc stupid,lol
[2018-11-06 22:18:09]
jezzab :
Any stock iOS version 4.1.12 and below you just installed like normal and copied a `.DJI.configs` file into the apps Docs directory in iTunes and the file was enabled for ForceFCC or what ever
[2018-11-06 22:18:21]
jezzab :
<https://dji.retroroms.info/howto/dji_configs>
[2018-11-06 22:18:42]
sclark6389 :
yup I think that is why rickw it didn't expire
[2018-11-06 22:19:09]
jezzab :
Because the signing has never changed. Its an Apple thing
[2018-11-06 22:19:16]
rickw001 :
Steve did it for me when he had flyfly
[2018-11-06 22:19:41]
sclark6389 :
ya damn apple! lol
[2018-11-06 22:21:45]
sclark6389 :
hummm even if you drag the 4.0.6 over that should still expire if it wasn't was download from your iTunes acct
[2018-11-06 22:22:06]
rickw001 :
you drag it in your account
[2018-11-06 22:22:54]
rickw001 :
older itunes allowed that
[2018-11-06 22:23:21]
sclark6389 :
right but wont that still make it 7 day cause it wasn't install from your acct?
[2018-11-06 22:23:43]
sclark6389 :
I meant download and install from your acct
[2018-11-06 22:23:56]
rickw001 :
I think it believes it was from your account
[2018-11-06 22:24:14]
sclark6389 :
hum jezzab?
[2018-11-06 22:25:10]
sclark6389 :
jezzab shouldn't it still expire cause it wasn't download AND installed from the same acct?
[2018-11-06 22:27:27]
sclark6389 :
I would think it would or should still expire?? but I am not sure on that
[2018-11-06 22:28:26]
rickw001 :
I used an itunes for devs,it was either 12.3 or 12.4 that allowed it
[2018-11-06 22:29:57]
sclark6389 :
if you think about it this is why if you download it AND install an app from app store it don't expire in 7 days cause it was download and install from the same acct
[2018-11-06 22:30:31]
sclark6389 :
if that makes any sense..lol
[2018-11-06 22:33:42]
sclark6389 :
so if you drag 4.0.6 over to iTunes and install it I would think it would/should expire in 7 days
[2018-11-06 22:36:17]
sclark6389 :
what the hell I will mod 4.0.6
[2018-11-06 22:38:04]
rickw001 :
lol
[2018-11-06 22:38:15]
sclark6389 :
lol :slightly_smiling_face:
[2018-11-06 22:38:29]
rickw001 :
4.08 was the same
[2018-11-06 22:38:34]
rickw001 :
way
[2018-11-06 22:39:22]
sclark6389 :
ahh you did say that well that version I done already :slightly_smiling_face:
[2018-11-06 22:39:32]
rickw001 :
right
[2018-11-06 22:40:13]
sclark6389 :
I think I have iTunes 12.3 install already I think
[2018-11-06 22:41:27]
sclark6389 :
as for my ipad I want to unjailbreak it anyways
[2018-11-06 22:42:41]
sclark6389 :
but I think if every one in the channel chipped in 10-15 dollars then we could just buy a dev cert :slightly_smiling_face:
[2018-11-06 22:43:29]
rickw001 :
I would do 10,but can everyone use same dev cert?
[2018-11-06 22:44:58]
sclark6389 :
the person who gets the cert would have to sign the ipa with it THEN other can install it without 7 day if I understand this right :slightly_smiling_face:
[2018-11-06 22:48:28]
sclark6389 :
this is my understanding BUT I haven't read up on it yet
[2018-11-06 22:48:34]
chipmangini :
If you're jailbroken and install angelwing and appsync you don't need to resign. I Jailbroke my iPad Pro 11.3.1 with unb0ken. Worked awesome! <http://www.ignition.fun/#!/view-app.php?bundleID=funignitionunc0ver>
[2018-11-06 22:49:33]
sclark6389 :
this is true but what about others in the channel who cant jail break easier to install a sign ipa
[2018-11-06 22:49:49]
rickw001 :
I should be good to go then
[2018-11-06 22:50:27]
sclark6389 :
and wont that jailbreak cert get revoked?
[2018-11-06 22:51:01]
sclark6389 :
I would think if apple gets wind they will revoke that cert?
[2018-11-06 22:51:38]
chipmangini :
<https://www.reddit.com/r/jailbreak/comments/9nwxei/release_unc0ver_the_most_advanced_jailbreak_tool/>
[2018-11-06 22:51:42]
rickw001 :
I think I read it overlooks the sig
[2018-11-06 22:52:18]
sclark6389 :
ohhhhh nice!!!! I will have to check that out thanks :slightly_smiling_face:
[2018-11-06 22:54:30]
chipmangini :
Apps are fine, and I've never had to re-sign in weeks. Just use the "older" version of iTunes ( 12.6.3 in my case) and install the "indemicus.ipa" FTW!
[2018-11-06 22:55:48]
sclark6389 :
so just install that ipa for the jailbreak?
[2018-11-06 22:57:39]
chipmangini :
@sclark6389, as long as you're on 12.3b4 or earlier, it's a piece of cake...
[2018-11-06 22:58:00]
sclark6389 :
11.2.1 :slightly_smiling_face:
[2018-11-06 22:58:22]
chipmangini :
@sclark6389 Brilliant!
[2018-11-06 22:59:21]
sclark6389 :
do you have a direct download link for that ipa :slightly_smiling_face: fyi I never updated my ipad cause you never know :slightly_smiling_face:
[2018-11-06 23:00:06]
rickw001 :
I used ignition with electra,should I switch?
[2018-11-06 23:04:48]
chipmangini :
If you follow this: <https://www.reddit.com/r/jailbreak/comments/9nwxei/release_unc0ver_the_most_advanced_jailbreak_tool/>, it's what I did and it just works perfectly! Make sure that after you're jailbroken to use Cydia to install angelwing and appsync.
[2018-11-06 23:05:01]
sclark6389 :
I think I found the download link on that page I would assume its the newest version :slightly_smiling_face:
[2018-11-06 23:05:17]
sclark6389 :
ok doctor thanks :slightly_smiling_face:
[2018-11-06 23:06:04]
chipmangini :
Actually, it's not, but you can find his Git, and there's a slightly newer version. This "older one" works fine for me though...
[2018-11-06 23:06:29]
chipmangini :
@sclark6389 :+1:
[2018-11-06 23:06:48]
sclark6389 :
should rickw switch?
[2018-11-06 23:08:13]
sclark6389 :
also will I have to re-jailbreak when I power it off? like the others version are?
[2018-11-06 23:08:37]
chipmangini :
@rickw001 If you're already jailbroken, you should be good as long as its stable on your device, but if not, it works perfectly on my iPad 10.5 Pro 2018....:stuck_out_tongue_winking_eye:
[2018-11-06 23:10:05]
rickw001 :
I installed angelwing and appsync,does j/b leave when you power down?
[2018-11-06 23:10:57]
rickw001 :
how do I check?
[2018-11-06 23:13:07]
chipmangini :
@rickw001 JB leaves after a reboot. Just do it again...
[2018-11-06 23:13:47]
rickw001 :
ok,so everytime I turn on reuse electra?
[2018-11-06 23:14:08]
chipmangini :
Yup
[2018-11-06 23:14:25]
rickw001 :
kk,thank you much for your help
[2018-11-06 23:15:15]
chipmangini :
Mine has been running for weeks and have never had to reboot. or shut down, so it's a no-brainer...
[2018-11-06 23:15:40]
rickw001 :
haha,just leave it turned on
[2018-11-06 23:15:44]
chipmangini :
@rickw001 Anytime!
[2018-11-06 23:18:31]
sclark6389 :
thanks doctor
[2018-11-06 23:18:55]
sclark6389 :
damn apple! lol
[2018-11-06 23:19:04]
rickw001 :
this has been educational,lol
[2018-11-06 23:19:23]
sclark6389 :
lol
[2018-11-06 23:20:07]
rickw001 :
been great chatting with you,must go to dinner
[2018-11-06 23:21:49]
chipmangini :
@sclark6389 @rickw001 You're welcome, and it's time for my dinner too!
[2018-11-06 23:22:52]
rickw001 :
:+1:
[2018-11-06 23:52:38]
sclark6389 :
where is the best place to download older iTunes at?
[2018-11-07 00:17:40]
rickw001 :
I think I just google it,look for 12.3 or 12.4 dev edition
[2018-11-07 00:20:53]
rickw001 :
<https://developers.whatismybrowser.com/useragents/parse/282396-itunes-windows-webkit>
[2018-11-07 00:37:01]
sclark6389 :
ok thanks
[2018-11-07 01:24:23]
hin.lai :
@sclark6389, is the IPA patch by you is same as frida? necessary to implement the tweak file into the apps root folder as well? thanks,
[2018-11-07 01:27:45]
sclark6389 :
yes it is but my lets you install it side by side with other versions I am not sure what are you asking? you want tweak file in main folder root?
[2018-11-07 01:30:00]
rickw001 :
were you able to get 12.4.1 ?
[2018-11-07 01:30:42]
sclark6389 :
yes I found 12.3 that should work :slightly_smiling_face:
[2018-11-07 01:31:08]
rickw001 :
<https://www.filehorse.com/download-itunes-64/26344/>
[2018-11-07 01:31:30]
rickw001 :
12.4.1 is dev edition
[2018-11-07 01:31:51]
sclark6389 :
ahh ok
[2018-11-07 01:32:43]
sclark6389 :
I got it now :slightly_smiling_face: thanks
[2018-11-07 01:32:54]
rickw001 :
:+1:
[2018-11-07 01:33:29]
rickw001 :
guess I will leave mini4 on all the time,lol
[2018-11-07 01:34:15]
sclark6389 :
lol yes I know what you mean there! lol
[2018-11-07 01:35:32]
sclark6389 :
I have electra installed now so I have to figure out the best way to uninstall it before I try the other one
[2018-11-07 01:36:13]
rickw001 :
I think the new one overwrites it?
[2018-11-07 01:36:55]
sclark6389 :
well that's what it sounds like BUT I am reading mixed results on that :disappointed:
[2018-11-07 01:37:26]
rickw001 :
oh,ok,thought I read that in install instructions
[2018-11-07 01:38:11]
rickw001 :
I think you have to delete inside electra
[2018-11-07 01:39:54]
sclark6389 :
hummm I will have to look but I been reading there is an app to remove it? but I have to check into it more yet
[2018-11-07 01:40:32]
rickw001 :
I know you just can't remove it
[2018-11-07 01:41:12]
sclark6389 :
that is correct that would be to easy! lol lol
[2018-11-07 01:44:24]
sclark6389 :
damn apple! lol
[2018-11-07 01:46:24]
rickw001 :
<https://besttechinfo.com/delete-jailb>
[2018-11-07 01:48:06]
hin.lai :
@sclark6389 the original tweak from frida after install the IPA file, need to copy the tweak configuration file into the app folder as well, i would like to ask is it the same?
[2018-11-07 01:49:16]
sclark6389 :
i will check that out
[2018-11-07 01:49:59]
sclark6389 :
you know i am still going to say damn apple!! lol lol
[2018-11-07 01:50:14]
rickw001 :
lmfao
[2018-11-07 01:50:43]
rickw001 :
there's also youtube video on it
[2018-11-07 01:51:50]
chipmangini :
I just did a factory reset on my iPad, and then started new. No problems so far....:stuck_out_tongue_winking_eye:
[2018-11-07 01:52:02]
sclark6389 :
you asking if you have to copy the tweak file over? that what you mean?
[2018-11-07 01:52:56]
rickw001 :
that's what I would do as my mini 4 is dedicated to mavic,nothing else on it
[2018-11-07 01:53:03]
sclark6389 :
with my you dont have to copy/change/move the tweak file just install and go :slightly_smiling_face:
[2018-11-07 01:53:50]
chipmangini :
I did it before JB...
[2018-11-07 01:53:51]
hin.lai :
<https://github.com/ddzobov/dji-ios-frida-tweak>
i means do i need follow the above instruction? if i using your patched version ipa?
[2018-11-07 01:54:25]
sclark6389 :
well i could do a factory reset BUT i dont want to loose whats on it
[2018-11-07 01:55:12]
chipmangini :
Yeah, I'm just using this for flying
[2018-11-07 01:55:24]
sclark6389 :
no just install my ipa and fly :slightly_smiling_face:
[2018-11-07 01:55:47]
chipmangini :
Keep it lean & clean...
[2018-11-07 01:56:24]
sclark6389 :
and you dont have to delete any other version you may have installed already
[2018-11-07 01:56:52]
rickw001 :
I tried a few android and had problems with all,that's why I went ios
[2018-11-07 01:57:15]
chipmangini :
G'night....
[2018-11-07 01:57:32]
sclark6389 :
jut install using cydia impactor drag ipa over and thats all
[2018-11-07 01:57:35]
rickw001 :
thanks again for all your help
[2018-11-07 01:57:55]
sclark6389 :
<http://www.cydiaimpactor.com/>
[2018-11-07 01:58:39]
rickysuper :
4.3.4 frida ipa was release ? someone claim that he got the patched 4.3.4 from this group... :open_mouth:
DJI GO 4 V4.3.4 Modded IPA
Latest Apple iOS FCC Modded App
File Name: tweak DJI GO 4 (4.3.4).ipa
File Size: 575.7 MB
Author: @sclark6389 By DJI Reverse Engineering Slack Group (~ios_ipa_reversing)
Release Date: 2018/11/07
[2018-11-07 01:58:42]
sclark6389 :
yes thanks doc for the help and gmite
[2018-11-07 01:59:32]
sclark6389 :
yes i post a link here for rickw
[2018-11-07 01:59:49]
sclark6389 :
but thats all i did
[2018-11-07 02:00:38]
sclark6389 :
i am not sure where you got all that from??
[2018-11-07 02:00:53]
sclark6389 :
ohh np :slightly_smiling_face:
[2018-11-07 02:01:14]
rickw001 :
wasn't me,lol lol
[2018-11-07 02:01:37]
sclark6389 :
lol no worries i have no idea what that came from
[2018-11-07 02:02:10]
rickysuper :
from FB group
[2018-11-07 02:02:30]
sclark6389 :
unless when a link is posted does it automatically do that??
[2018-11-07 02:02:55]
rickysuper :
this guy always gather different informations and post to groups without testing or verify.....
[2018-11-07 02:03:14]
sclark6389 :
ohhh ok
[2018-11-07 02:04:02]
sclark6389 :
my version is little different you can install side by side
[2018-11-07 02:04:48]
hin.lai :
oh, thanks,
[2018-11-07 02:06:09]
sclark6389 :
np :slightly_smiling_face:
[2018-11-07 02:08:30]
rickysuper :
was patched ? Thanks
[2018-11-07 02:09:38]
sclark6389 :
if you are asking if its patch yes it is
[2018-11-07 02:10:28]
sclark6389 :
its patch with being able to be installed side by side
[2018-11-07 02:12:35]
rickysuper :
Noted and thanks
[2018-11-07 02:12:51]
rickw001 :
you still need the jar file
[2018-11-07 02:13:02]
sclark6389 :
np
[2018-11-07 02:13:08]
sclark6389 :
jar file?
[2018-11-07 02:13:32]
sclark6389 :
rickw jar file for?
[2018-11-07 02:14:22]
rickw001 :
my bad,wrong thought,it's getting late,lol
[2018-11-07 02:14:35]
sclark6389 :
lol no worries
[2018-11-07 02:15:59]
sclark6389 :
rickysuper - i ddint mean for it to be a relase from the group it wasnt meant to be but i dont care if it was just a fyi
[2018-11-07 02:17:00]
sclark6389 :
errr release
[2018-11-07 02:17:07]
rickysuper :
got it ! thanks @sclark6389
[2018-11-07 02:17:17]
sclark6389 :
np
[2018-11-07 02:17:50]
rickw001 :
screw this election crap,I'm going to bed,thanks again for all your help tonight,I learned a lot-nite
[2018-11-07 02:18:42]
sclark6389 :
you are welcome nite :slightly_smiling_face:
[2018-11-07 02:29:46]
sclark6389 :
rickysuper fyi I also patch 4.0.8 version too ( seems to work good on older devices) however that version is pre mavic pro 2...I posted a link for that version too just a fyi if you see anything about that
[2018-11-07 02:34:16]
rickysuper :
Thanks @sclark6389 my drone was M2Pro
[2018-11-07 02:35:26]
sclark6389 :
np and ahh ok
[2018-11-07 02:36:15]
sclark6389 :
was?? as in you crashed it? :slightly_smiling_face:
[2018-11-07 02:38:12]
rickysuper :
sorry, wrong gramma ,. :smile:
[2018-11-07 02:38:27]
sclark6389 :
lol no problem :slightly_smiling_face:
[2018-11-07 02:38:29]
rickysuper :
happy with my M2P
[2018-11-07 02:38:57]
sclark6389 :
I just have a mavic pro 1 well for the time being...lol
[2018-11-07 02:41:44]
sclark6389 :
:slightly_smiling_face:
[2018-11-07 04:36:28]
sclark6389 :
ohh ok humm how? every time i tried it wont install
[2018-11-07 04:36:48]
sclark6389 :
i had to delete the other version first :disappointed:
[2018-11-07 04:40:32]
sclark6389 :
ohh ok humm how? it wouldnt let me when i tried :disappointed:
[2018-11-07 04:41:27]
kilrah :
well i only noticed yesterday, i had 4.3.3-frida installed and intended to install the official over it but I ended up with both.
[2018-11-07 04:42:10]
sclark6389 :
oh ok mine is setup to do it just drag it over to cydia thats all :slightly_smiling_face:
[2018-11-07 04:43:09]
sclark6389 :
mine dont need superimpactor to do that i could never get that to work
[2018-11-07 04:43:37]
kilrah :
"drag it over to cydia"?
[2018-11-07 04:44:07]
sclark6389 :
drop and drag
[2018-11-07 04:44:15]
sclark6389 :
the ipa file
[2018-11-07 04:44:31]
kilrah :
that would mean you need a jailbroken device which most don't have to be able to use your version
[2018-11-07 04:44:43]
sclark6389 :
no
[2018-11-07 04:45:11]
kilrah :
You only have cydia if jailbroken...
[2018-11-07 04:45:29]
sclark6389 :
<http://www.cydiaimpactor.com/>
[2018-11-07 04:45:55]
kilrah :
ah cydia impactor and cydia are VERY different things
[2018-11-07 04:46:03]
sclark6389 :
sorry i meant cydia impactor
[2018-11-07 04:46:23]
kilrah :
superimpactor is jsut an enhanced version of cydia impactor, same thing
[2018-11-07 04:46:31]
sclark6389 :
i think faster then i can type lol
[2018-11-07 04:46:36]
kilrah :
just cydia impactor breaks for many and super is more reliable
[2018-11-07 04:46:45]
sclark6389 :
yes i could never get that to work
[2018-11-07 04:46:53]
kilrah :
so again nothing different with yours
[2018-11-07 04:47:55]
sclark6389 :
when i would drag other version over it wouldnt install casue i had a dji stock version installed
[2018-11-07 04:52:16]
sclark6389 :
does other version install next to a stock version?
[2018-11-07 04:56:15]
kilrah :
that's what i just told you yes...
[2018-11-07 04:56:21]
kilrah :
but i noticed it the other way
[2018-11-07 04:56:30]
kilrah :
installed official while frida version was already on
[2018-11-07 04:57:19]
sclark6389 :
ohhh that could be all i know if a stock version was installed from the app store i couldnt install other version :disappointed:
[2018-11-07 05:01:56]
sclark6389 :
to tell ya the truth i am surprised you was able to install it the way you did from what i see it shouldnt have
[2018-11-07 05:08:28]
sclark6389 :
Do you know why it shouldnt of have?
[2018-11-07 05:09:24]
kilrah :
package name not changed?
[2018-11-07 05:09:40]
kilrah :
it could be superimpactor changed it on the fly
[2018-11-07 05:10:02]
sclark6389 :
ya if a person can get that to work
[2018-11-07 05:10:12]
kilrah :
it does have the facilty to change it directly in the UI
[2018-11-07 05:10:18]
sclark6389 :
ya cant have the same Identifier
[2018-11-07 05:10:37]
kilrah :
it's more reliable than the other! that's the reason why it's recommended, cydia impactor jsut gives random errors 90% of the time
[2018-11-07 05:10:54]
kilrah :
super will always fail the fist try, but always works on second
[2018-11-07 05:11:04]
sclark6389 :
really i always had good luck with cydia impactor
[2018-11-07 05:11:07]
kilrah :
much less annoying than having to try 20 times
[2018-11-07 05:11:19]
sclark6389 :
i could never get super to work no matter what i tried :disappointed:
[2018-11-07 05:13:26]
sclark6389 :
mine people can just use the regular old cydia impactor
[2018-11-07 05:13:34]
sclark6389 :
if they want to
[2018-11-07 05:14:39]
sclark6389 :
just renaming zip file wont let you install other version next to each other
[2018-11-07 05:14:49]
sclark6389 :
ipa file i mean
[2018-11-07 05:14:59]
sclark6389 :
well ipa is a zip lol lol
[2018-11-07 05:25:12]
sclark6389 :
so mine is just a little different nothing big i came up with the idea cause one day i grab the drone drove 45 mins away to fly i realized i couldnt fly!!! damn app expired! i forgot all about it! and no i couldn t download an app :disappointed: yes i should of check it when i left but i forgot all about it :disappointed: or jailbreak the ipad
[2018-11-07 05:26:54]
sclark6389 :
but not everyone wants to jb there device anyways live and learn..lol lol
[2018-11-07 05:35:56]
sclark6389 :
and the funny thing is i dont own a mac! ya which make all of this twice as hard!
[2018-11-07 05:36:46]
sclark6389 :
but i have a pc now that is a mac...lol
[2018-11-07 05:38:44]
sclark6389 :
i guess i am talking to myself :disappointed:
[2018-11-07 05:48:28]
sclark6389 :
or for that matter some people cant jb there device :disappointed:
[2018-11-07 05:57:24]
rickysuper :
my iPhone still not jb, I use superimposer
[2018-11-07 05:57:48]
sclark6389 :
ya i wish i could get that to work :disappointed:
[2018-11-07 05:58:35]
sclark6389 :
i even tried to pc's two
[2018-11-07 05:58:42]
sclark6389 :
two i mean
[2018-11-07 05:58:43]
rickysuper :
usually first install with error, press install again will be ok. Remember use app generate pass code not apple id password
[2018-11-07 05:59:34]
sclark6389 :
ya my would not install it no mater what i did :disappointed: cydia impactor works perfect for me
[2018-11-07 06:00:04]
sclark6389 :
maybe something to do with my usb ports?? not sure
[2018-11-07 06:00:48]
rickysuper :
strange
[2018-11-07 06:01:30]
sclark6389 :
it is i give up with that and just tweak the app BUT that end up being more involved then i thought it would be..lol
[2018-11-07 06:02:27]
sclark6389 :
and i wanted 4.0.8 too lol
[2018-11-07 06:04:57]
sclark6389 :
i cant be the only one in the world with this problem so i hope the app will help someone
[2018-11-07 06:05:02]
sclark6389 :
:slightly_smiling_face:
[2018-11-07 06:19:47]
sclark6389 :
@rickysuper - who normaly does the tweaks for the channel? is it just zobov?
[2018-11-07 06:20:10]
sclark6389 :
or patching i should say
[2018-11-07 06:20:37]
rickysuper :
all from :
<http://dji.retroroms.info/howto/apple_ios_patched_dji_go4>
[2018-11-07 06:21:15]
rickysuper :
should be from Zobov
[2018-11-07 06:22:09]
sclark6389 :
ohhh ok well i wasnt trying to do it for the channel per say
[2018-11-07 06:22:57]
sclark6389 :
sorry about that :disappointed:
[2018-11-07 06:23:14]
hin.lai :
as i remember the channel is for the old bird like P3
[2018-11-07 06:24:07]
hin.lai :
from M1 will no function, i guess zobov has let user choose the necessary options when launch the apps.
[2018-11-07 06:25:04]
hin.lai :
for me, M1 and M2, i will just enable the Country code = US.
[2018-11-07 06:25:26]
sclark6389 :
i didnt know if posted a link for one person that wanted it :disappointed: it would of went out as from this channel :disappointed:
[2018-11-07 06:26:31]
sclark6389 :
but now i know i will msg links privately again sorry about that :disappointed:
[2018-11-07 06:32:52]
rickysuper :
for me, and my friends got issues with the tweak 0.22, we had to revert back to 0.21
[2018-11-07 06:33:39]
sclark6389 :
ohhh what issues? with mavic pro 2 i would assume?
[2018-11-07 06:34:16]
rickysuper :
yes with M2P sometimes jump back to CE instead of FCC
[2018-11-07 06:34:32]
rickysuper :
with 0.21 (forceFCC) no problems
[2018-11-07 06:35:07]
sclark6389 :
ohhh humm what about 32 channel issues?
[2018-11-07 06:36:05]
rickysuper :
Mavic services not work with 32 channels, its for P4 serious only
[2018-11-07 06:37:13]
sclark6389 :
ok thats what i thought
[2018-11-07 06:40:15]
sclark6389 :
a couple of people have gotten it to work however i dont think they tried flying tho
[2018-11-07 06:41:37]
sclark6389 :
is that just with the newer dji go 4 apps? or all??
[2018-11-07 06:43:00]
sclark6389 :
i only had my mavic pro for about 10 months so i am trying to keep up with all of this..lol
[2018-11-07 06:44:41]
rickysuper :
both new and old Go 4, 32 channels not work with MP or M2
[2018-11-07 06:44:55]
sclark6389 :
ok good to know thanks
[2018-11-07 06:46:37]
rickysuper :
heard that 32 channels for lightbridge and Boost mode for OcuSync
[2018-11-07 06:47:15]
sclark6389 :
ok
[2018-11-07 06:49:27]
sclark6389 :
what about freqs/.
[2018-11-07 06:49:48]
sclark6389 :
2.3, 2.5
[2018-11-07 06:51:05]
sclark6389 :
i run wifi amps so i dont really need boost per se :slightly_smiling_face:
[2018-11-07 06:51:06]
rickysuper :
choose 2.4
[2018-11-07 06:51:24]
rickysuper :
not tried 2.3, 2.5
[2018-11-07 06:51:28]
sclark6389 :
no i mean does 2.3 or 2.5 work with the mavic?
[2018-11-07 06:51:42]
rickysuper :
haven't tried yet
[2018-11-07 06:52:01]
sclark6389 :
i used to have a freq counter damn :disappointed:
[2018-11-07 06:52:41]
rickysuper :
As all default only enable FCC M2 can fly beyond 4K, no reason to try other tweaks
[2018-11-07 06:53:30]
sclark6389 :
true but more helps to cut thru bad wifi areas
[2018-11-07 06:53:46]
sclark6389 :
i run 4 watts
[2018-11-07 06:53:51]
sclark6389 :
:slightly_smiling_face:
[2018-11-07 06:54:19]
rickysuper :
I mean urban areas. Yes MP you have to use amplify but M2 don't need
[2018-11-07 06:54:33]
sclark6389 :
ahh ok
[2018-11-07 06:55:09]
rickysuper :
all default including antenna can fly 3-4k in urban area, only with FCC
[2018-11-07 06:56:02]
sclark6389 :
yes but as you know people like to push it even further humm like i do..lol lol
[2018-11-07 06:56:41]
rickysuper :
:grimacing:
[2018-11-07 06:56:46]
sclark6389 :
:slightly_smiling_face:
[2018-11-07 06:57:23]
sclark6389 :
i have been so damn far i thought ohhh damn i hope i can make it back..lol
[2018-11-07 06:57:42]
sclark6389 :
nope had to land and walk..lol
[2018-11-07 06:58:32]
sclark6389 :
trees kill me signal tho :disappointed:
[2018-11-07 07:01:10]
sclark6389 :
as rickysuper said it should come from you sorry about that :disappointed:
[2018-11-07 07:01:33]
ddzobov :
Ok, i will patch it today
[2018-11-07 07:01:48]
sclark6389 :
ok thanks
[2018-11-07 07:18:42]
mr.vibez :
Here you go, DJI GO 4 4.3.4-frida.ipa created using @ddzobov’s patch script <https://mega.nz/#!dwpQFCJJ!Jp3E3GJ-dwE69aLRdEtjaqgeRQ0vzymuxEiCcBdwPjk>
[2018-11-07 07:21:25]
sclark6389 :
@ddzobov - i would assume its for others to patch for the channel as long as none thing is changed?
[2018-11-07 07:22:52]
sclark6389 :
i mean ok that is
[2018-11-07 07:25:52]
sclark6389 :
:slightly_smiling_face:
[2018-11-07 07:26:03]
sclark6389 :
thanks lee :slightly_smiling_face:
[2018-11-07 07:30:32]
sclark6389 :
yes or no or maybe lol :slightly_smiling_face:
[2018-11-07 12:14:16]
ddzobov :
<https://disk.yandex.ru/d/xOuW0m25KJusgA>
[2018-11-07 12:14:44]
ddzobov :
tweak updated - i returned force_fcc function after some reports
[2018-11-07 12:15:00]
ddzobov :
and 4.3.4-frida at yandex disk
[2018-11-07 12:39:16]
chipmangini :
@ddzobov I just installed on my J/B iPad and it just hangs on the 1st screen, and then crashes. It could be my device, but I wanted to let you know!
[2018-11-07 13:00:38]
chipmangini :
@ddzobov I uninstalled yours and installed the one posted by @mr.vibez above, and it works fine. Yours was also 4mb smaller for what it's worth....
[2018-11-07 13:04:24]
ddzobov :
Hm, maybe because i installed latest objection and frida?
[2018-11-07 13:04:48]
ddzobov :
Can you check versions of frida and objection?
[2018-11-07 13:25:06]
kilrah :
I never patch, I'm not equipped
[2018-11-07 13:26:13]
kilrah :
downloading, will try
[2018-11-07 13:38:06]
kilrah :
@ddzobov yep hangs and crashes too
[2018-11-07 13:40:21]
ddzobov :
I trying to find crash reason
[2018-11-07 13:48:49]
ddzobov :
@mr.vibez version really works
[2018-11-07 13:49:21]
ddzobov :
Can you check versions of all software for sign?
[2018-11-07 13:52:39]
mr.vibez :
@ddzobov I just ran your bash script in the reoo
[2018-11-07 13:58:57]
ddzobov :
Very strange
[2018-11-07 14:06:17]
ddzobov :
Uploaded fixed version
[2018-11-07 14:08:52]
ddzobov :
check please
[2018-11-07 15:18:23]
kilrah :
yep it's ok, thanks!
[2018-11-07 17:24:15]
mr.vibez :
What caused the error?
[2018-11-07 18:36:12]
ddzobov :
I dont know.
I reinstalled on my new macbook all software and error gone...
[2018-11-07 19:45:39]
sclark6389 :
there's the problem!......its an apple! now if it was windows a reboot and its fixed! lol lol :slightly_smiling_face:
[2018-11-07 20:02:55]
mr.vibez :
Great, i'll remove my version
[2018-11-07 22:10:16]
chipmangini :
@ddzobov I just installed your updated version, and can confirm that it starts up fine. :+1:
[2018-11-07 22:10:25]
chipmangini :
I haven't flown yet, but I expect that it will fly fine just like all your previous releases!
[2018-11-08 04:11:05]
sclark6389 :
anyone recall what year did the mavic pro 1 came out?
[2018-11-08 04:53:55]
abdo054 :
Last quarter of 2016
[2018-11-08 04:59:24]
sclark6389 :
ohhh ok thanks
[2018-11-08 05:12:00]
kilrah :
mine will be 2 years old in 3 days lol
[2018-11-08 05:15:52]
sclark6389 :
wow mine will be 1 year in a couple of months :slightly_smiling_face: so far no crashes now watch I will crash now..lol
[2018-11-08 05:33:44]
ddzobov :
I flown on my mavic pro about 10 times :sweat_smile:
[2018-11-08 05:38:02]
sclark6389 :
yea I know what you mean there between work,weather,family etc :disappointed:
[2018-11-08 06:02:37]
sclark6389 :
<https://www.youtube.com/watch?v=AUaJ8pDlxi8>
[2018-11-08 06:07:19]
sclark6389 :
<https://www.youtube.com/watch?v=0eEG5LVXdKo>
[2018-11-08 06:07:25]
sclark6389 :
lol
[2018-11-08 14:35:57]
sclark6389 :
has anyone got bfinject to work with ios 11.2.1?
[2018-11-08 14:48:43]
ddzobov :
Anyone tested 4.3.4? Fcc and 5.8 works?
[2018-11-08 14:59:54]
sclark6389 :
been raining :disappointed: so I cant sorry :disappointed:
[2018-11-08 15:01:10]
sclark6389 :
@ddzobov what do you used to decrypted ipa's?
[2018-11-08 15:18:34]
kilrah :
he takes mine
[2018-11-08 15:39:15]
sclark6389 :
@kilrah - ohhh ok what ios version are you running with bfinject
[2018-11-08 15:40:49]
kilrah :
11.3.1
[2018-11-08 15:41:08]
sclark6389 :
hummmm k
[2018-11-08 15:42:07]
sclark6389 :
what jailbreak you using?
[2018-11-08 15:43:26]
sclark6389 :
Electra or ?
[2018-11-08 15:54:27]
cantrepeat :
Electra is by coolstar and I'd never use a program he puts out. At least two apps/tools he has released have had malware in them
[2018-11-08 16:15:20]
kilrah :
yup electra
[2018-11-08 19:29:25]
sclark6389 :
@kilrah - did you have to make some changes to it and recompile it? or you just install it and it worked fine? if that is the case what source did you install it from?
[2018-11-08 19:30:51]
sclark6389 :
@catalinaskirace - ohh I didn't know that. what apps?
[2018-11-08 19:31:25]
kilrah :
theres a bfinject version patched for electra / 11.3.1
[2018-11-08 19:32:52]
sclark6389 :
yes there is and that's why I thought I got you have a link that you download it from?
[2018-11-08 19:33:03]
sclark6389 :
what I mean
[2018-11-08 19:33:37]
kilrah :
that was like 4 months ago, haven't kept link, you'll need to search
[2018-11-08 19:35:00]
sclark6389 :
ok
[2018-11-08 19:35:19]
kilrah :
hmm google is good, could be this <https://github.com/klmitchell2/bfinject/blob/electra-1.0.4/bfinject.tar>
[2018-11-08 19:35:54]
sclark6389 :
that's the one I am using now :disappointed:
[2018-11-08 19:36:05]
sclark6389 :
or I should say trying to
[2018-11-08 19:36:10]
kilrah :
it is
[2018-11-08 19:36:26]
kilrah :
have you read the output of it?
[2018-11-08 19:36:32]
kilrah :
guess is you haven't
[2018-11-08 19:38:22]
sclark6389 :
the one I got was from [GitHub.com](http://GitHub.com) so I thought it was the same so I will have to look now
[2018-11-08 19:39:29]
kilrah :
umm github hosts millions of things...
[2018-11-08 19:40:13]
sclark6389 :
that's why I thought it was the same :slightly_smiling_face:
[2018-11-08 19:45:58]
sclark6389 :
humm so why is it when I ask what jailibreak you was using if it was electra or ? you said yup electra that all you said why didn't you just tell me yes but …….. :slightly_smiling_face:
[2018-11-08 19:47:08]
kilrah :
?
[2018-11-08 19:47:56]
kilrah :
because i didn't even remember there was something special needed until you asked whether i had to make changes to it
[2018-11-08 19:48:28]
sclark6389 :
ahh ya I just found that out right before you said something
[2018-11-08 19:48:42]
kilrah :
set it up 4 months ago and just works since so forgot about it
[2018-11-08 19:48:55]
sclark6389 :
well I was reading about how it has to be chnaged
[2018-11-08 19:49:34]
sclark6389 :
no worries I am just giving ya a hard time :slightly_smiling_face: lol
[2018-11-08 19:51:37]
sclark6389 :
when you run it or you running it thru mobile terminal or thu mac terminal?
[2018-11-08 19:57:08]
kilrah :
ssh
[2018-11-08 19:57:59]
kilrah :
bfinject needs electra tweaks off, and newterm crashes unless they're on...
[2018-11-08 19:58:39]
kilrah :
mobileterminal didn't work on 11.3.1 back then, haven't checked since
[2018-11-08 19:59:56]
sclark6389 :
ok that's what I thought just making sure I was reading that right are you using a windows program or ssh it or a real mac?
[2018-11-08 20:00:23]
kilrah :
usually use putty on win
[2018-11-08 20:00:32]
kilrah :
anything goes
[2018-11-08 20:00:51]
kilrah :
don't usually use my mac for that stuff
[2018-11-08 20:01:26]
sclark6389 :
ok that's what iam using just want to make sure it CAN work with that way..lol
[2018-11-08 20:04:13]
sclark6389 :
ohhhhh that guthub link has different steps to!!!
[2018-11-08 20:04:28]
sclark6389 :
interesting
[2018-11-08 20:09:46]
sclark6389 :
humm I am the only one that don't have a real mac for this stuff..lol lol
[2018-11-08 20:19:08]
sclark6389 :
still don't work humm maybe I am using to old of electra version humm
[2018-11-08 20:22:40]
sclark6389 :
same error its got to be my electra version what else could it be! damn apple!
[2018-11-08 20:36:06]
sclark6389 :
ohhhh a different error now! I am making progress lol
[2018-11-08 20:37:29]
sclark6389 :
the day is looking up now..lol damn apple
[2018-11-08 20:42:53]
sclark6389 :
its saying I have Tweaks" being enabled in Electra but I don't :disappointed:
[2018-11-08 21:22:41]
cantrepeat :
check the reddit /r/jailbreak for coolstar's BS stuff. You can also find info on the unc0ver j/b
[2018-11-08 22:06:35]
sclark6389 :
ok but news and bad news lol good news is I got it to finally work bad news is I cant get the decrypted ipa off tablet! damn netcat shows an error but I cant read error cause the damn window close to fast
[2018-11-08 22:07:00]
sclark6389 :
I mean good news and bad news
[2018-11-08 22:07:30]
sclark6389 :
@catalinaskirace ok thanks
[2018-11-08 23:00:27]
sclark6389 :
@kilrah ncat -l 10.0.0.8 31336 > decrypted.ipa <- is this correct? 10.0.0.8 = computer ip 31336 = port
[2018-11-08 23:11:53]
rickw001 :
@sclark6389 has your mini4 ever locked up?
[2018-11-08 23:20:00]
sclark6389 :
nope well so far that is lol
[2018-11-08 23:22:33]
rickw001 :
had my first today,went to try your f/w unplugged from charger and it stayed showing 100%,wouldn't turn off reboot,nothing then it rebooted,had to jb again,lol
[2018-11-08 23:23:21]
rickw001 :
forgot to mention had a power outage just earlier,may have caused it,power surge
[2018-11-08 23:24:16]
sclark6389 :
ahhh ok however I should add this week is the first time my unit is jb so we will see! lol lol
[2018-11-08 23:25:43]
rickw001 :
me too,had it about 14 months first time it happened,also first time I have left on charger.PS-your software worked great
[2018-11-08 23:27:13]
sclark6389 :
cool good to know! :slightly_smiling_face: yup I had mine for awhile and didn't jb lol
[2018-11-08 23:28:08]
rickw001 :
I've only been jb for about week and a half,lol
[2018-11-08 23:36:26]
sclark6389 :
ya damn apple! we shouldn't have to do this we should beable to install what we want
[2018-11-08 23:46:51]
rickw001 :
I'm trying to delete ios update and it won't allow me to do it
[2018-11-08 23:48:05]
rickw001 :
maybe because I'm jb ?
[2018-11-08 23:51:02]
sclark6389 :
when I would do that I would have to reboot to see it gone
[2018-11-08 23:51:26]
rickw001 :
I will try that
[2018-11-08 23:52:51]
sclark6389 :
that should do it let me know
[2018-11-08 23:56:10]
rickw001 :
haha,that did it,didn't think I had to reboot before,thanks for the tip:grinning:
[2018-11-08 23:56:44]
rickw001 :
now I have to jb again,lmfao
[2018-11-08 23:59:28]
sclark6389 :
lol yup damn apple! lol
[2018-11-09 01:53:43]
rickysuper :
4.3.4 Frida yesterday test ok. FCC can keep. 5.8 cannot try as HK was dual 2.4 and 5.8 channels
[2018-11-09 04:15:42]
sclark6389 :
I am beginning to hate netcat!!!!!!!!!!!!!!
[2018-11-09 04:19:37]
sclark6389 :
I have a decrypted ipa and I cant get to it!!! :disappointed:
[2018-11-09 04:26:58]
kilrah :
why do you use that?
[2018-11-09 04:27:19]
kilrah :
just grab it from itunes file share, it gets put in the app's documents folder...
[2018-11-09 04:32:57]
sclark6389 :
ya I don't want to install iTunes on this machine but its looking like I am going to have to damn it
[2018-11-09 04:40:26]
sclark6389 :
I could install itools4 but I think that is a trial version
[2018-11-09 04:41:07]
sclark6389 :
I mean trial version type of software
[2018-11-09 04:45:36]
sclark6389 :
I think ifunbox is free? hum I thought there was something like that, that is free I will have to check aroundd
[2018-11-09 05:29:19]
kilrah :
ifunbox works, at least old versions do
[2018-11-09 05:30:24]
kilrah :
inbetween crashes
[2018-11-09 05:35:51]
sclark6389 :
ohhh ok that is good to know
[2018-11-09 06:30:51]
cat.db :
who has the moded dji go app about ios .
[2018-11-09 06:31:03]
cat.db :
now,just go4
[2018-11-09 06:39:48]
sclark6389 :
are you asking if there is a mod older version of Go app? that was before the go 4 ones?
[2018-11-09 06:46:18]
sclark6389 :
the go 3 versions? that what you are asking?
[2018-11-09 07:05:53]
sclark6389 :
I don't right now however I am playing with one what version you looking for?
[2018-11-09 07:07:03]
sclark6389 :
ohh I thought you said yes? I don't see the msg now
[2018-11-09 07:08:13]
sclark6389 :
hum weird my eyes must be playing tricks lol
[2018-11-11 07:29:12]
sclark6389 :
@orangeclassmate
[2018-11-11 07:29:19]
sclark6389 :
DJI GO 3 (3.1.47) version
For inspire,phantom,matrice series only!!!
what new (from DJI) 3.1.47
adapts to iOS 12
supports iphone xs,iphone xs max,iphone xr
my tweak you can install side by side with another DJI Go 3 and/or DJI GO 4 versions
I dont own a any of these models so i can test sorry :disappointed:
Let me know :slightly_smiling_face:
<http://files.vultureaerialphoto.com/droneuser/modipa/Tweak%20DJI%20GO%203%20(3.1.47).ipa>
[2018-11-11 07:39:02]
jezzab :
Dumb question but what does it do @sclark6389? Is it a hard patched IPA (patched binary) or Frida hooking?
[2018-11-11 07:40:17]
sclark6389 :
he wanted that version patch
[2018-11-11 07:40:32]
jezzab :
How is it patched?
[2018-11-11 07:40:40]
jezzab :
What are the patches?
[2018-11-11 07:40:57]
sclark6389 :
ohh Frida hooking
[2018-11-11 07:41:08]
sclark6389 :
fcc,boost,freq etc
[2018-11-11 07:41:19]
sclark6389 :
BUT I cant test I don't have that model
[2018-11-11 07:41:23]
sclark6389 :
:disappointed:
[2018-11-11 07:41:26]
jezzab :
Ah k cool. Nice
[2018-11-11 07:41:54]
sclark6389 :
:slightly_smiling_face:
[2018-11-11 16:54:02]
sclark6389 :
does anyone in the channel have a P3P, P3A, P4P ?
[2018-11-11 17:07:57]
sclark6389 :
if anyone one does you are welcome to test the o 3 app version I posted and let me know Thanks
[2018-11-11 17:25:54]
sclark6389 :
I mean dji go 3 app
[2018-11-11 19:21:30]
chipmangini :
@sclark6389 I have a P4P, but it runs on Go 4. Are you sure it will run on Go3? If it will, I'll be happy to test for you.
[2018-11-11 20:45:06]
sclark6389 :
I thought I saw that model in the list of drones? I don't have my tablet in front of me to check :disappointed:
[2018-11-11 20:55:03]
sclark6389 :
nope inspire 1, phantom 3, matrice
[2018-11-11 20:55:22]
sclark6389 :
anyone have one of thoses lol lol
[2018-11-11 22:06:20]
ddzobov :
You are using modified tweak for it?
[2018-11-11 22:13:16]
sclark6389 :
no but looking it over I may have to but with that version you cant even get into the camera mod without a drone hooked up :disappointed: like you can with the dji go 4 version
[2018-11-11 22:14:09]
sclark6389 :
err I mean camera mode
[2018-11-11 22:15:09]
sclark6389 :
so with that said I cant even check the 32 channel :disappointed: like you can with the dji go 4
[2018-11-11 22:15:18]
sclark6389 :
it that makes any sense
[2018-11-11 22:15:21]
sclark6389 :
lol
[2018-11-11 22:16:46]
sclark6389 :
abel said he will try it and let me know
[2018-11-11 22:20:19]
sclark6389 :
so eaither he will see the 32 channel ( when he selects that) if not then I will know :slightly_smiling_face:
[2018-11-11 22:24:59]
chipmangini :
@sclark6389 OK, because it won't work with the P4 series...:slightly_frowning_face:
[2018-11-11 22:25:32]
sclark6389 :
yes I thought it did that BUT its only 3 ones :disappointed:
[2018-11-11 22:26:26]
sclark6389 :
I got it install and everything comes up BUT that is all I can check without a drone :disappointed:
[2018-11-11 22:27:48]
sclark6389 :
if I could get into camera mode I could check the 32 channel that would tell me
[2018-11-11 22:27:56]
sclark6389 :
but I cant :disappointed:
[2018-11-11 22:31:14]
sclark6389 :
so it may work or it may not don't know intill a person tries :slightly_smiling_face:
[2018-11-11 22:34:09]
sclark6389 :
@ddzobov have you tried it with a DJI GO 3?
[2018-11-12 14:21:34]
kilrah :
<https://www.dropbox.com/s/10o1q8iwh9jjj4h/DJI%20Pilot%201.0%20%28decrypted%29.ipa?dl=1>
[2018-11-12 14:21:38]
kilrah :
iphone ui only, no ipad layout at this point... ugly
[2018-11-12 20:07:33]
sclark6389 :
@kilrah - is there something you want do with this? or is this for abel to try?
[2018-11-12 20:07:41]
sclark6389 :
err done I mean
[2018-11-13 03:35:51]
kilrah :
it's for whoever wants to have a go at that one.
[2018-11-13 03:56:54]
sclark6389 :
ahhh ok I would assume you mean tweak? and/or the ipad layout out or both lol
[2018-11-13 04:52:48]
sclark6389 :
if all goes well I will have a decrypted ipa of Netflix (newest version of Netflix as of today)
[2018-11-13 04:53:43]
sclark6389 :
if anyone wants to play with that let me know :slightly_smiling_face:
[2018-11-13 04:55:00]
sclark6389 :
fyi
[2018-11-13 04:59:10]
sclark6389 :
fyi PID name is [argo.app](http://argo.app) not netflix
[2018-11-13 05:05:24]
sclark6389 :
damn Netflix! and apple too! lol lol
[2018-11-13 05:43:43]
sclark6389 :
ohhh @kilrah for the hell of it did you try it with the stock tweak?
[2018-11-13 05:44:59]
sclark6389 :
I would assume you did and it didn't work?
[2018-11-13 08:45:20]
nabelo :
Can anyone explain please what "angelwing" is??
[2018-11-13 12:22:53]
kilrah :
I didn't try anything, as I said multiple times I'm not set up for patching
[2018-11-13 12:23:40]
kilrah :
but app is completely different
[2018-11-13 12:45:07]
sclark6389 :
ahh ok I didn't know you wasn't set up for that and/or I didn't see you say that before and yes it sure is wow
[2018-11-13 12:59:17]
nabelo :
Anyone here who have some tips for me to get a setup for patching?
[2018-11-13 13:00:01]
nabelo :
I have a Mac and xcode...what i have todo to patch the decrypted .ipa myselfe?
[2018-11-13 13:14:36]
nabelo :
# Usage:
# 1) Put file DJI GO 4 4.3.2.ipa and mobileprovision file near ipa_patch.sh
# 2) Find signature: security find-identity -p codesigning -v (ex: 857219800D661A7B2BBDA3C8AFDD710C3EFC18A2)
# 3) Run: ./ipa_patch.sh "DJI GO 4 4.3.2" [Signature] [Mobileprovision File]
# 4) Output file: DJI GO 4 4.3.2-frida.ipa
[2018-11-13 13:15:07]
nabelo :
Can anyone explain me the points 2 and 3 please?
[2018-11-13 13:15:37]
nabelo :
huum sorry i mean point 1 and 2
[2018-11-13 13:15:56]
nabelo :
where can i find my mobileprovision file ?
[2018-11-13 13:16:05]
mingtao :
buy it
[2018-11-13 13:16:29]
nabelo :
i am using an the free apple account...
[2018-11-13 13:16:41]
nabelo :
i dont have an dev account
[2018-11-13 13:19:25]
sclark6389 :
the mobileprovision you have to create
[2018-11-13 13:20:07]
sclark6389 :
<https://github.com/sensepost/objection/wiki/Patching-iOS-Applications#preparations---mobileprovision>
[2018-11-13 13:20:59]
nabelo :
must i also create this codesign identity?
[2018-11-13 13:21:14]
nabelo :
2) Find signature: security find-identity -p codesigning -v
[2018-11-13 13:21:15]
nabelo :
?
[2018-11-13 13:21:23]
sclark6389 :
when you create that file you will have that for that
[2018-11-13 13:22:00]
nabelo :
you mean when i create the mobileprovision file i also habe an codesign signature?
[2018-11-13 13:22:10]
sclark6389 :
correct
[2018-11-13 13:22:40]
nabelo :
okay..i will try :smile:
[2018-11-13 13:22:47]
sclark6389 :
:slightly_smiling_face:
[2018-11-13 13:24:20]
sclark6389 :
also you will need a decrypted ipa file before you can patch just a fyi
[2018-11-13 13:24:48]
nabelo :
yes...i allready got this
[2018-11-13 13:24:56]
sclark6389 :
ok
[2018-11-13 13:27:30]
sclark6389 :
the goods news for you is that you have a real mac so you wont have to mess around as much
[2018-11-13 13:28:30]
sclark6389 :
well when you said you have a mac I am assuming its a real one..lol
[2018-11-13 13:31:29]
cantrepeat :
mac n cheese maybe?
[2018-11-13 13:31:51]
nabelo :
:slightly_smiling_face:
[2018-11-13 13:33:05]
nabelo :
okay..as is allready have sideloades some apps i allready have my mobileprovisipn files and also the code signing certificate...
[2018-11-13 13:33:35]
nabelo :
i just dont know where the mobileproviion file is located...
[2018-11-13 13:33:58]
nabelo :
but thanks to @sclark6389 i know it now :smile:
[2018-11-13 13:34:29]
nabelo :
thanks for the guide buddy
[2018-11-13 13:35:00]
nabelo :
can i also decrypt the .ipa myselfe?
[2018-11-13 13:35:03]
sclark6389 :
when you run the script it will find it IF the file is there it not it will say not found or something to that effect
[2018-11-13 13:35:42]
sclark6389 :
yes however your device needs to be jailbroken
[2018-11-13 13:36:49]
nabelo :
oh, i thought i have to put the mobileprovision file into the same folder as the script?
[2018-11-13 13:37:04]
nabelo :
1) Put file DJI GO 4 4.3.2.ipa and mobileprovision file near ipa_patch.sh
[2018-11-13 13:37:32]
nabelo :
so if i have the file in my xcode location and dont put it in the script folder it will work anyway?
[2018-11-13 13:37:58]
sclark6389 :
yes it should find it if I recall right
[2018-11-13 13:39:00]
sclark6389 :
run it if not it will tell you an error :slightly_smiling_face:
[2018-11-13 13:40:45]
nabelo :
humm...ok no jailbreak for me ..Im on latest ios
[2018-11-13 13:41:02]
nabelo :
so i have to get the decrypted .ipa from somewere else
[2018-11-13 13:41:13]
sclark6389 :
yes that is correct
[2018-11-13 13:41:30]
nabelo :
do you know any good sources for the latest decrypted .ipas if a newer version gets out?
[2018-11-13 13:42:13]
sclark6389 :
someone will usually post one in channel :slightly_smiling_face:
[2018-11-13 13:42:24]
sclark6389 :
a decrypted version that us
[2018-11-13 13:42:27]
sclark6389 :
err is
[2018-11-13 13:43:04]
nabelo :
ahhh okay..
[2018-11-13 13:43:17]
nabelo :
so i just keep watching this channel ...cool
[2018-11-13 13:43:34]
sclark6389 :
yes
[2018-11-13 13:43:52]
nabelo :
nice...and agoin many thanks for your help
[2018-11-13 13:44:05]
sclark6389 :
no problem
[2018-11-13 13:44:30]
nabelo :
but its really a pain in the ass to resign the .ipa every 7 days....
[2018-11-13 13:44:52]
sclark6389 :
yes that's also where jailbraking come handy to
[2018-11-13 13:45:05]
sclark6389 :
err jailbreaking
[2018-11-13 13:46:17]
nabelo :
i need an ipad4 mini with ios 11 :smile:
[2018-11-13 13:48:17]
sclark6389 :
yup that's what I have :slightly_smiling_face:
[2018-11-13 13:50:32]
nabelo :
do you have the wifi+cellular version or just the wifi?
[2018-11-13 13:52:10]
sclark6389 :
I have wifi+cellualar one now
[2018-11-13 15:46:40]
sotiris.tripolitsioti :
Regarding the frida tweak, I have noticed that when changing batteries, it reverts back to default settings and needs restart and retweak to get applied. Any hints?
[2018-11-13 15:46:56]
sotiris.tripolitsioti :
Restart everything, I mean phone, controller and drone...
[2018-11-13 16:45:34]
rickw001 :
you know you have to resign app every 7 days?
[2018-11-13 16:45:56]
rickw001 :
unless you're jb
[2018-11-13 16:54:52]
rickysuper :
Thats why so many shops and FB groups selling their Apple developer certificate app, for about US$25 one time installation.
[2018-11-13 17:36:42]
sotiris.tripolitsioti :
@rickw001 of course I do! It’s my weekly habit by now:slightly_smiling_face:
[2018-11-13 17:38:18]
sotiris.tripolitsioti :
I don’t care too much about it but starting over on every battery change, is sort of time and battery wasting
[2018-11-13 17:39:02]
sotiris.tripolitsioti :
Am I the only one with such symptoms?
[2018-11-13 17:39:30]
rickw001 :
I've not heard of it
[2018-11-13 17:41:11]
rickw001 :
did it just start?
[2018-11-14 02:48:46]
sclark6389 :
does anyone have a crack version of hopper!!! I hate ida!!!
[2018-11-14 06:02:08]
ddzobov :
You can sign it with dev cert and app will work up to 1 year
[2018-11-14 07:35:10]
nabelo :
@sclark6389 I can provide Version 4.0.8
[2018-11-14 08:28:52]
sclark6389 :
@nabelo ok with crack?? if so yes please :slightly_smiling_face:
[2018-11-14 08:29:07]
nabelo :
yes
[2018-11-14 08:29:11]
nabelo :
with crack
[2018-11-14 08:29:16]
nabelo :
sec
[2018-11-14 08:29:22]
sclark6389 :
ok cool :slightly_smiling_face:
[2018-11-14 08:30:42]
nabelo :
@sclark6389 <https://uploaded.net/file/r9l93wl6>
[2018-11-14 08:31:05]
sclark6389 :
thanks
[2018-11-14 08:54:39]
sclark6389 :
@nabelo no crack file need for that version its a stand alone?
[2018-11-14 08:56:27]
nabelo :
There is a patcher in the dmg
[2018-11-14 08:56:33]
nabelo :
you have to patch the app
[2018-11-14 08:59:25]
sclark6389 :
ahh ok thanks
[2018-11-14 09:23:09]
nabelo :
@sclark6389 Im still struggling with the patch script
[2018-11-14 09:24:01]
nabelo :
i now have all dependencies for the patching script installed
[2018-11-14 09:31:03]
nabelo :
I run the script with the following command:
[2018-11-14 09:31:04]
nabelo :
./ipa_patch.sh "4.3.4-frida" 5EB95595F8FBD345106A45A84FD774F90866809E embedded.mobileprovision
[2018-11-14 09:31:21]
nabelo :
it begins its magic
[2018-11-14 09:31:34]
nabelo :
and after about 5-7 minutes I get the following
[2018-11-14 09:32:13]
nabelo :
adding: Payload/DJI GO 4.app/DJILBRadioAerialView_iPhone5.nib (deflated 61%)
adding: Payload/DJI GO 4.app/DJIPlayBackController.nib (deflated 50%)
adding: Payload/DJI GO 4.app/navigation_poi_tutorial_gps_lock_location_1_video.mp4 (deflated 10%)
Using latest Github gadget version: 12.2.24
Patcher will be using Gadget version: 12.2.24
Working with app: DJI GO 4.app
Bundle identifier is: com.dji.go
./ipa_patch.sh: line 45: 44617 Killed: 9 objection patchipa -s "$TMP_NAME" -c $SIGNATURE -p $MOBILEPROVISION_NAME
unzip: cannot find or open 4.3.4-frida-tmp-frida-codesigned.ipa, 4.3.4-frida-tmp-frida-codesigned.ipa.zip or 4.3.4-frida-tmp-frida-codesigned.ipa.ZIP.
rm: 4.3.4-frida-tmp-frida-codesigned.ipa: No such file or directory
rm: Payload/DJI GO 4.app/embedded.mobileprovision: No such file or directory
zip warning: name not matched: Payload
zip error: Nothing to do! (try: zip -r 4.3.4-frida-frida.ipa . -i Payload)
[2018-11-14 09:33:05]
nabelo :
why I get this:
[2018-11-14 09:33:07]
nabelo :
./ipa_patch.sh: line 45: 44617 Killed: 9 objection patchipa -s "$TMP_NAME" -c $SIGNATURE -p $MOBILEPROVISION_NAME
[2018-11-14 09:45:47]
sclark6389 :
when you made the moblieprovision file did you run an "test" app on the ipad/iPhone device?
[2018-11-14 09:52:15]
sclark6389 :
looking at that more check your paths in the script and file name in script too
[2018-11-14 09:55:28]
sclark6389 :
looks to be an error line 45 in script ipa_patch
[2018-11-14 10:01:19]
nabelo :
@sclark6389 when you made the moblieprovision file did you run an "test" app on the ipad/iPhone device?
[2018-11-14 10:01:23]
nabelo :
yes I do
[2018-11-14 10:01:44]
nabelo :
and I copied the provision file into the same path as the script
[2018-11-14 10:02:00]
nabelo :
@sclark6389 ooking at that more check your paths in the script and file name in script too
[2018-11-14 10:02:14]
sclark6389 :
also after the ./ipa_patch would the name of the decrypted ipa file you have
[2018-11-14 10:02:25]
nabelo :
Line 45 in the script is the following:
[2018-11-14 10:02:37]
nabelo :
objection patchipa -s "$TMP_NAME" -c $SIGNATURE -p $MOBILEPROVISION_NAME
[2018-11-14 10:03:44]
nabelo :
# Usage:
# 1) Put file DJI GO 4 4.3.2.ipa and mobileprovision file near ipa_patch.sh
# 2) Find signature: security find-identity -p codesigning -v (ex: 857219800D661A7B2BBDA3C8AFDD710C3EFC18A2)
# 3) Run: ./ipa_patch.sh "DJI GO 4 4.3.2" [Signature] [Mobileprovision File]
# 4) Output file: DJI GO 4 4.3.2-frida.ipa
[2018-11-14 10:04:10]
nabelo :
Point 1 check
[2018-11-14 10:04:22]
nabelo :
Point 2 check
[2018-11-14 10:04:55]
sclark6389 :
point 3 that ipa file is a decrypted one correct?
[2018-11-14 10:05:15]
nabelo :
point 3 --> ./ipa_patch.sh "4.3.4-frida" 5EB95595F8FBD345106A45A84FD774F90866809E embedded.mobileprovision
[2018-11-14 10:05:43]
nabelo :
yes
[2018-11-14 10:05:58]
nabelo :
I used the decrypted one...yes
[2018-11-14 10:06:17]
sclark6389 :
./ipa_patch.sh "name of decrtryed ipa this not modfify" 5EB95595F8FBD345106A45A84FD774F90866809E embedded.mobileprovision
[2018-11-14 10:06:25]
sclark6389 :
correct?
[2018-11-14 10:07:44]
nabelo :
yes
[2018-11-14 10:07:59]
nabelo :
the name of my decrypted .ipa is 4.3.4-frida.ipa
[2018-11-14 10:07:59]
sclark6389 :
ok just want to make sure
[2018-11-14 10:08:22]
nabelo :
im the script folder I have the following files:
[2018-11-14 10:09:09]
nabelo :
embedded.mobileprovision
4.3.4-frida.ipa
ipa_patch.sh
[2018-11-14 10:11:57]
sclark6389 :
in the script under APP_FOLDER what you have there?
[2018-11-14 10:15:15]
nabelo :
APP_FOLDER="$PAYLOAD_FOLDER/DJI GO 4.app"
[2018-11-14 10:15:25]
nabelo :
i dident change anything in the script
[2018-11-14 10:15:47]
sclark6389 :
ok also mobileprovision would be a name unless you rename it?
[2018-11-14 10:16:06]
sclark6389 :
meaning xxxxxxxx.mobileprovision
[2018-11-14 10:16:46]
sclark6389 :
the name is what you gave the "test" app when you ran it on the device
[2018-11-14 10:16:47]
nabelo :
my provision file is called: embedded.mobileprovision
[2018-11-14 10:17:15]
sclark6389 :
did you rename it? cause its normall the name you gave the test app
[2018-11-14 10:17:47]
nabelo :
yes i renamed it...But you have to put this file in the script folder
[2018-11-14 10:18:12]
sclark6389 :
ok I just want to make sure that is what you did
[2018-11-14 10:18:25]
nabelo :
the first lines in the script are the following:
[2018-11-14 10:18:47]
nabelo :
Put file DJI GO 4 4.3.2.ipa and mobileprovision file near ipa_patch.sh
[2018-11-14 10:19:15]
nabelo :
so I put my decrypted .ipa and the .mobileprovision file in the folder
[2018-11-14 10:19:49]
sclark6389 :
yes
[2018-11-14 10:20:48]
nabelo :
so my .ipa is called 4.3.4-frida.ipa any my provision file is called embedded.mobileprovision
[2018-11-14 10:21:05]
nabelo :
./ipa_patch.sh "4.3.4-frida" 5EB95595F8FBD345106A45A84FD774F90866809E embedded.mobileprovision
[2018-11-14 10:21:12]
nabelo :
should be right
[2018-11-14 10:21:40]
nabelo :
the script is also unpacking everything at first
[2018-11-14 10:21:58]
nabelo :
the error occurs every time after some minutes
[2018-11-14 10:22:48]
sclark6389 :
and I know you are in the right dir when you run script otherwise it wouldn't run at all
[2018-11-14 10:22:52]
sclark6389 :
humm
[2018-11-14 10:24:34]
sclark6389 :
meaning in terminal you cd to the dir when the script is then run the command if that was wrong it wouldn't run at all so I know that is right
[2018-11-14 10:25:11]
sclark6389 :
what macos you ruuning and xcode version?
[2018-11-14 10:25:32]
nabelo :
macOS high Sierra and latest Xcode
[2018-11-14 10:26:00]
nabelo :
high Sierra version 10.13.6
[2018-11-14 10:26:01]
sclark6389 :
k hummm
[2018-11-14 10:26:20]
nabelo :
xcode 10.1
[2018-11-14 10:26:58]
nabelo :
did you install all the other depencies with "brew" ?
[2018-11-14 10:27:01]
sclark6389 :
ok the thing is I think I have had that error before and I am trying to rember what I did to fix it....
[2018-11-14 10:27:07]
sclark6389 :
yes
[2018-11-14 10:27:16]
nabelo :
me too
[2018-11-14 10:27:33]
nabelo :
I followed the guide you send me yesterday
[2018-11-14 10:28:10]
nabelo :
<https://github.com/sensepost/objection/wiki/Installation>
[2018-11-14 10:29:17]
sclark6389 :
I dont think I send that to you I sent
[2018-11-14 10:29:44]
sclark6389 :
<https://github.com/sensepost/objection/wiki/Patching-iOS-Applications#preparations---mobileprovision>
[2018-11-14 10:30:05]
sclark6389 :
someone else perhaps sent you that link?
[2018-11-14 10:31:00]
nabelo :
yes
[2018-11-14 10:31:03]
nabelo :
its the same
[2018-11-14 10:31:20]
nabelo :
you send me just the link to the mobileprovision part
[2018-11-14 10:31:33]
nabelo :
but if you klick on wiki you see the complete guide
[2018-11-14 10:31:41]
nabelo :
you link is just one part of it
[2018-11-14 10:32:13]
sclark6389 :
hum damn I am sure ( I think) I had that error before hummm
[2018-11-14 10:32:44]
sclark6389 :
let me think humm
[2018-11-14 10:34:25]
sclark6389 :
for the hell of it double check everything meaning what was installed
[2018-11-14 10:37:41]
nabelo :
its really strange :disappointed:
[2018-11-14 10:38:17]
sclark6389 :
yes cuase it starts to go for a few mins
[2018-11-14 10:38:43]
nabelo :
python 3.xx is installed
[2018-11-14 10:38:48]
nabelo :
pip3 install -U objection
[2018-11-14 10:38:54]
nabelo :
worked without errors
[2018-11-14 10:39:33]
nabelo :
applesign - from: <https://github.com/nowsecure/node-applesign>
insert_dylib - from: <https://github.com/Tyilo/insert_dylib>
security, codesign, xcodebuild` - macOS/XCode commands
zip & unzip - builtin, or just installed using homebrew
7z - installed using homebrew with brew install p7zip
[2018-11-14 10:39:34]
sclark6389 :
do you have the flowing installed:
[2018-11-14 10:39:39]
nabelo :
all is installed
[2018-11-14 10:40:09]
nabelo :
@sclark6389 do you have the flowing installed:
[2018-11-14 10:40:11]
nabelo :
what?
[2018-11-14 10:40:32]
nabelo :
applesign
Install with: npm install -g applesign. If you dont have npm, then brew install npm can sort you out quickly.
insert_dylib
This utility will be compiled from source and installed. To do that:
git clone <https://github.com/Tyilo/insert_dylib>
cd insert_dylib
xcodebuild
cp build/Release/insert_dylib /usr/local/bin/insert_dylib
[2018-11-14 10:40:40]
nabelo :
all done and working
[2018-11-14 10:40:53]
sclark6389 :
ok I see that now
[2018-11-14 10:40:58]
sclark6389 :
hummm
[2018-11-14 10:43:06]
sclark6389 :
let me look to see what all I have installed give me a sec
[2018-11-14 10:44:32]
nabelo :
okay
[2018-11-14 10:47:04]
sclark6389 :
Xcode
Brew
Python 3
wget
NPM
Frida
objection
applesign
insert_dylib
ios-deploy
[2018-11-14 10:47:15]
sclark6389 :
this is what I have installed
[2018-11-14 10:48:11]
sclark6389 :
I think that is everything
[2018-11-14 10:51:47]
nabelo :
Frida get installes together with objection
[2018-11-14 10:51:59]
nabelo :
everything above i have installed also
[2018-11-14 10:53:22]
sclark6389 :
ok just thought to double check hummm
[2018-11-14 10:53:56]
sclark6389 :
are you running this on a real mac?
[2018-11-14 10:55:49]
sclark6389 :
or you trying to run this on a VM?
[2018-11-14 10:57:28]
nabelo :
running on a real mac
[2018-11-14 10:57:35]
sclark6389 :
ok hum
[2018-11-14 10:59:37]
sclark6389 :
when it errrors out is there a payload folder left over?
[2018-11-14 11:02:43]
sclark6389 :
from what it looks like from your error there should be
[2018-11-14 11:49:52]
nabelo :
nope...its get deletet automaticaly
[2018-11-14 11:50:00]
nabelo :
but i will try something now
[2018-11-14 11:51:50]
nabelo :
i will keep you informed :smile:
[2018-11-14 13:09:43]
nabelo :
i am such an idiot :smile: :smile:
[2018-11-14 13:09:50]
nabelo :
everything is working now
[2018-11-14 13:10:52]
ender :
So you cant be SUCH a big idiot at all! :slightly_smiling_face:
[2018-11-14 13:14:25]
sclark6389 :
@nabelo glad you got it working :slightly_smiling_face:
[2018-11-14 13:15:17]
sclark6389 :
its always the little things that gets us :slightly_smiling_face:
[2018-11-14 13:15:28]
sclark6389 :
damn apple!
[2018-11-14 13:15:58]
sclark6389 :
lol :slightly_smiling_face:
[2018-11-14 14:13:55]
nabelo :
@sclark6389 I was using the already patched .ipa instead of the “pure” decrypted .ipa in the script….
[2018-11-14 14:14:09]
nabelo :
that caused the error….
[2018-11-14 14:14:15]
nabelo :
sorry for the hassle
[2018-11-14 14:44:03]
rickw001 :
guess jb on mini 4 worked,just checked go app ,Still Working,yeah,expired yesterday
[2018-11-14 15:35:38]
nabelo :
i wish i had an jailbreak also :disappointed:
[2018-11-14 15:46:44]
ddzobov :
I’m updated patch script, reduced steps count by using 7z
[2018-11-14 15:46:51]
ddzobov :
Will upload it later
[2018-11-14 16:23:57]
nabelo :
sounds cool
[2018-11-14 16:24:18]
nabelo :
will u update on github?
[2018-11-14 19:01:35]
ddzobov :
Yes
[2018-11-14 20:21:25]
sclark6389 :
@nabelo ahhh that's what I was asking you about :slightly_smiling_face: lol its ok we all been there :slightly_smiling_face:
[2018-11-14 21:56:36]
chipmangini :
@ddzobov Can this method be run on an iPad, or Linux?
[2018-11-14 22:10:44]
sclark6389 :
@chipmangini - you mean to patch?
[2018-11-14 22:11:08]
chipmangini :
@sclark6389 Yes!
[2018-11-14 22:12:06]
chipmangini :
I have Windoze 10, and an iPad Pro, and another laptop that I can run Linux on...
[2018-11-14 22:12:33]
chipmangini :
No "Apple Computers" per say....
[2018-11-14 22:22:10]
sclark6389 :
as for running it on the device you cant cause xcode has to be install ( unless there is a way I don't know of)
[2018-11-14 22:22:52]
sclark6389 :
however depending on your pc you can make it into a fake mac per se :slightly_smiling_face:
[2018-11-14 22:24:14]
sclark6389 :
I run windows 10 and high sirra macos
[2018-11-14 22:24:23]
sclark6389 :
dual boot set up
[2018-11-14 22:25:15]
sclark6389 :
but it was a bitch to get working ( wifi drivers ,etc) well for my system it was
[2018-11-14 22:26:12]
sclark6389 :
A VM setup might work But that setup can cause usb issues
[2018-11-14 22:26:37]
jezzab :
You can sign/patch the IPA in linux but its a bitch to setup. Talk to @czokie about it. The original idea was a Patch0matic and signing box for NLD. Which got mostly built
[2018-11-14 22:27:13]
sclark6389 :
so for me boot dual boot ( VM I had usb issues when trying that)
[2018-11-14 22:28:19]
sclark6389 :
dual boot means I can boot into windows OR macos when I start pc up
[2018-11-14 22:29:22]
sclark6389 :
but it was a nightmare getting macos to work will for me sytem it was
[2018-11-14 22:29:47]
sclark6389 :
damn apple and their BS!!!
[2018-11-14 22:31:28]
sclark6389 :
problem I had was drivers :disappointed: finding them and getting them to work you may have to buy another usb wifi, etc
[2018-11-14 22:32:12]
sclark6389 :
and the installing of the macos didn't go smoothly!!! of course it wouldn't..lol
[2018-11-14 22:32:47]
jezzab :
Welcome to the world of a Hackintosh
[2018-11-14 22:33:08]
sclark6389 :
lol for sure!!! a nightmare!!
[2018-11-14 22:33:44]
sclark6389 :
damn apple!!!
[2018-11-14 22:33:53]
sclark6389 :
lol
[2018-11-14 22:35:02]
jezzab :
I did a couple. I turned my Surface Pro 1 into a Hackintosh a few years ago. Did need a wifi stick though because the Intel one wasnt compatible but the rest was ok.
[2018-11-14 22:35:10]
jezzab :
And a HP Laptop
[2018-11-14 22:35:45]
sclark6389 :
yup not many drivers for wifi cards it seems :disappointed:
[2018-11-14 22:36:20]
sclark6389 :
it was a long road that's for sure!!! lots of swearing..lol
[2018-11-14 22:37:00]
sclark6389 :
I had to flash my bios :disappointed: to get it to work :disappointed:
[2018-11-14 22:38:03]
sclark6389 :
ohh damn just thinking about it is getting me a headach ..lol
[2018-11-14 22:39:31]
sclark6389 :
I hope that answer your question @chipmangini :slightly_smiling_face:
[2018-11-14 22:45:33]
chipmangini :
@sclark6389 @jezzab Thanks, but that's what I figured. With all the other gear I've bought to get into this hobby, I just can't justify a "real" Mac too! I really wanted to learn, but I guess I'll just rely on the group to keep me up to date. Always watching and learning, and sharing too! :+1:
[2018-11-14 22:46:13]
chipmangini :
Thanx @sclark6389 @jezzab!
[2018-11-14 22:46:28]
sclark6389 :
I know what you mean there!!! ya that's why I did It that way :slightly_smiling_face: no problem :slightly_smiling_face:
[2018-11-14 22:49:28]
jezzab :
Surface Pro 1
[2018-11-14 22:50:10]
jezzab :
It actually worked really well. Touchscreen etc
[2018-11-14 22:52:29]
chipmangini :
@jezzab Really? I have a very hi end laptop running W10, what are you doing to get MacOS on UR PC? (forgive me, but I've not lQQked at Mac's for years...
[2018-11-14 23:06:19]
jezzab :
I dont bother now days. Ive got an old MacBook Pro I fire up now and then if I need it.
[2018-11-14 23:22:12]
chipmangini :
@jezzab What is the Surface running?
[2018-11-14 23:23:46]
jezzab :
Its long gone but it was running OSX (cant remember the version i had on it). Proper Hackintosh I made up.
[2018-11-15 01:44:07]
rickysuper :
Hey guys are you mind someone making money using your frida app ? Seems many people doing this
[2018-11-15 01:45:04]
rickysuper :
They join the Apple developer programe and selling the installation service at around $30 per installation
[2018-11-15 01:51:14]
sclark6389 :
it's the nature of the beast I don't think there is no way to really stop it and with everything being on line (Frida,etc) it going to happen. people will do that no matter what it is
[2018-11-15 02:07:27]
rickysuper :
got it
[2018-11-15 02:07:29]
rickysuper :
thanks
[2018-11-15 02:11:28]
sclark6389 :
:slightly_smiling_face:
[2018-11-15 02:15:13]
sclark6389 :
i would assume the 30 install is so people can install it OTA? (without using cydia) if so i know that dev cert not cheap :disappointed:
[2018-11-15 02:15:42]
sclark6389 :
i would assume that is how they are installing it
[2018-11-15 02:52:12]
rickysuper :
up to 100 devices per year @ US$99 and people selling at US$25 per installation/per year. That means if Go4 update and you have to pay for the app update, same amount.
[2018-11-15 02:56:51]
sclark6389 :
I don't think the 100 price does ota
[2018-11-15 02:57:29]
sclark6389 :
so people they would have still use cydia to install
[2018-11-15 03:01:56]
rickysuper :
No. he use can Xcode to deploy to the client, up to 99 people
My friend bought developer program and delay the app to me using Xcode.
[2018-11-15 03:02:23]
sclark6389 :
ahhh ok I see what ya mean
[2018-11-15 03:02:54]
sclark6389 :
I forgot xcode has that
[2018-11-15 03:03:27]
rickysuper :
Xcode was one of the method, also can use Dropbox
[2018-11-15 03:03:40]
sclark6389 :
yup download link
[2018-11-15 03:03:54]
sclark6389 :
well download and install
[2018-11-15 03:04:17]
rickysuper :
yes, or generate a barcode
[2018-11-15 03:04:28]
sclark6389 :
yup scan code
[2018-11-15 03:05:54]
sclark6389 :
ya installing it that way is sooooo much nicer
[2018-11-15 03:06:03]
sclark6389 :
no 3 party app
[2018-11-15 03:06:15]
sclark6389 :
like cydia, etc
[2018-11-15 03:19:14]
rickysuper :
:+1:
[2018-11-15 05:26:41]
dreaded.dragon :
I’m having issues signing the app again. I am on iOS 12.1 iPad 2017 model... tried uninstalling and installing from ipa again, no luck. Any ideas?
[2018-11-15 06:09:19]
sclark6389 :
what are you using to install the app? what program?
[2018-11-15 13:12:45]
dreaded.dragon :
Super impactor
[2018-11-15 17:42:54]
nabelo :
@ddzobov Are you ready with the new scipt?
[2018-11-15 18:06:09]
ddzobov :
?
[2018-11-15 18:46:15]
nabelo :
@ddzobov Daniil Zobov [16:46 Uhr]
I’m updated patch script, reduced steps count by using 7z
Will upload it later
[2018-11-15 20:43:50]
rickw001 :
NOBODY ASK dev's WHEN THERE STUFF IS READY OR COMING OUT
[2018-11-15 20:47:36]
cantrepeat :
Soon! tm
[2018-11-15 21:04:41]
sclark6389 :
@dreaded.dragon do you get an error when you try? or does the app open and close right away?
[2018-11-15 21:05:59]
dreaded.dragon :
@sclark6389 , it gets to the signing step, then fails to sign.
[2018-11-15 21:07:12]
dreaded.dragon :
First time I’ve had this issue. I’ve signed the same version for at least a month or 2 and only recently the issue came about....
[2018-11-15 21:08:26]
sclark6389 :
in super impactor under tools you should see your apple id click remove and try it did you try that?
[2018-11-15 21:09:23]
dreaded.dragon :
Gonna have to try it when I get home. Seems the impactor also had issues on iOS 12 as well
[2018-11-15 21:09:49]
dreaded.dragon :
Might also reinstall impactor to ensure newest version
[2018-11-15 21:10:08]
sclark6389 :
I have heard that from a few people and yes make sure its the newest version
[2018-11-15 21:11:20]
sclark6389 :
also reboot your iPhone/ipad before you try it that is if you leave it on all the time
[2018-11-15 21:12:22]
dreaded.dragon :
Good to know! Thanks @sclark6389
[2018-11-15 21:12:36]
sclark6389 :
np let me know how it goes
[2018-11-15 21:12:42]
dreaded.dragon :
Will do
[2018-11-15 21:40:05]
nabelo :
Today i buyed an ipastore-light subscription for 20 bucks and signed the Frida.ipa through their app. Now I'm set for one year.
[2018-11-15 21:40:11]
nabelo :
Worth the money
[2018-11-15 21:41:26]
nabelo :
No more resign every week for me now :blush:
[2018-11-15 21:51:32]
sclark6389 :
that's not a bad price do they sign it or give you the cert?
[2018-11-15 21:53:32]
sclark6389 :
I should say how does that work with them?
[2018-11-16 05:25:57]
dreaded.dragon :
@sclark6389 tried all those, sign still failed
[2018-11-16 05:33:08]
sclark6389 :
hummm
[2018-11-16 05:33:15]
sclark6389 :
try this
[2018-11-16 05:33:19]
sclark6389 :
<http://www.cydiaimpactor.com/>
[2018-11-16 05:33:49]
sclark6389 :
this is not the super version
[2018-11-16 05:36:06]
dreaded.dragon :
[2018-11-16 05:39:15]
sclark6389 :
ok
[2018-11-16 05:39:34]
sclark6389 :
•Open Cydia Impactor
•Click on the Xcode menu and choose Revoke Certificates
[2018-11-16 05:39:45]
dreaded.dragon :
Did that, same error
[2018-11-16 05:40:15]
sclark6389 :
with that version not super
[2018-11-16 05:40:27]
dreaded.dragon :
Yeah
[2018-11-16 05:42:18]
sclark6389 :
ok did you drag the ipa file over or use the install?
[2018-11-16 05:43:10]
sclark6389 :
does that make sense?
[2018-11-16 05:44:01]
dreaded.dragon :
Both
[2018-11-16 05:45:40]
sclark6389 :
hum create a NEW apple id and try the new apple id
[2018-11-16 05:48:02]
sclark6389 :
damn apple and their BS
[2018-11-16 05:57:16]
dreaded.dragon :
That was it, it was the ID
[2018-11-16 05:57:28]
sclark6389 :
:slightly_smiling_face:
[2018-11-16 05:57:43]
dreaded.dragon :
So stupid... why?!
[2018-11-16 05:57:43]
sclark6389 :
hopefully that one will work for awhile :slightly_smiling_face:
[2018-11-16 05:58:01]
sclark6389 :
why? cause its an apple! lol lol :slightly_smiling_face:
[2018-11-16 05:58:13]
dreaded.dragon :
True story
[2018-11-16 05:58:37]
sclark6389 :
damn apple and their BS
[2018-11-16 05:59:17]
sclark6389 :
so if it happens again hopefully it wont you know what to do :slightly_smiling_face:
[2018-11-16 06:01:24]
dreaded.dragon :
Thanks again
[2018-11-16 06:01:41]
sclark6389 :
no problem
[2018-11-16 06:49:18]
nabelo :
@sclark6389 you wont get the certs yourselfe, they manage it for you.
[2018-11-16 06:50:22]
nabelo :
after you buy ipastore-light on the site, youll get an URL you open on your idevice.
[2018-11-16 06:50:33]
nabelo :
the an app gets installed on your device
[2018-11-16 06:50:52]
nabelo :
within this app you can import your own .ipa's
[2018-11-16 06:52:15]
nabelo :
after the import the ipa gets signed on their servers and it will install on your device
[2018-11-16 06:52:27]
nabelo :
very userfriendly
[2018-11-16 06:52:59]
nabelo :
you can also download an windows application for free to sign and install the ipas on your own
[2018-11-16 06:54:06]
nabelo :
<https://ipastore.me/ipastore-lite/?doing_wp_cron=1542351230.4169039726257324218750>
[2018-11-16 06:54:47]
nabelo :
<https://ipastore.me/ipastore-windows-free-for-all/>
[2018-11-16 06:59:09]
sclark6389 :
@nabelo thanks for the info I will check it out
[2018-11-16 07:04:57]
nabelo :
@sclark6389 your welcome
[2018-11-16 07:05:11]
nabelo :
@sclark6389 Do you never sleep ? :smile:
[2018-11-16 07:08:12]
sclark6389 :
only when I cant keep my eyes open..lol lol
[2018-11-16 07:08:31]
nabelo :
@sclark6389 where do you come from?
[2018-11-16 07:11:24]
sclark6389 :
what you mean?
[2018-11-16 07:11:50]
sclark6389 :
come from as in?
[2018-11-16 07:12:28]
nabelo :
where dou you live
[2018-11-16 07:12:59]
sclark6389 :
ohhh ok..lol WI you?
[2018-11-16 07:13:51]
nabelo :
what is WI?
[2018-11-16 07:14:00]
nabelo :
im from germany :smile:
[2018-11-16 07:14:12]
nabelo :
a Kraut :smile:
[2018-11-16 07:14:29]
sclark6389 :
ohh ok I am in wisconsin
[2018-11-16 07:15:54]
sclark6389 :
:slightly_smiling_face:
[2018-11-16 13:59:40]
nabelo :
fyi: If anyone is interesed in the lastes beta version of Litchi.
[2018-11-16 13:59:42]
nabelo :
<https://flylitchi.com/beta>
[2018-11-16 14:00:32]
nabelo :
Just send them an E-mail with your Apple-ID and you'l recieve the beta for free...
[2018-11-16 14:01:07]
nabelo :
Did this 1 hour ago and just recieved my beta
[2018-11-16 14:01:56]
nabelo :
you have to install "Testflight" from the appstore to redeem your beta code
[2018-11-16 14:02:26]
nabelo :
Litchi is FCC "friendly" and will not set you back to CE
[2018-11-16 14:02:45]
nabelo :
and it supports waypoints on the Spark
[2018-11-16 14:15:08]
validat0r :
We have a waypoint solution for spark for months now. Just fyi
[2018-11-16 14:34:01]
sclark6389 :
@nabelo thanks for the info :slightly_smiling_face: I will see if I can get a beta copy perhaps I will decrypted it for all :slightly_smiling_face:
[2018-11-16 14:36:38]
nabelo :
@ilovemynexus4 Huh? Am i missing something?
[2018-11-16 14:36:49]
nabelo :
Can you please tell me the solution?
[2018-11-16 15:05:51]
validat0r :
@nabelo I use the dji mission app
[2018-11-16 15:06:26]
validat0r :
Dev is here.
[2018-11-16 15:07:20]
validat0r :
Together with fc patcher and a app tweak I do 6km+ / 15 m/s missions with my spark
[2018-11-16 15:38:26]
sclark6389 :
if anyone wants to play here is Litchi 2.6.3 beta decrypted :slightly_smiling_face:
[2018-11-16 15:38:30]
sclark6389 :
<https://clk.sh/vqO6Dgb>
[2018-11-16 15:39:28]
sclark6389 :
:slightly_smiling_face:
[2018-11-16 15:40:08]
sclark6389 :
also if anyone wants any ipa's decrypted let me know
[2018-11-16 15:43:51]
nabelo :
@ilovemynexus4 can you please give me some more infos on this app?
[2018-11-16 15:43:57]
nabelo :
where can i get it?
[2018-11-16 15:44:39]
nabelo :
and what fc patcher you are talking about? Firmware patcher?
[2018-11-16 15:46:02]
sclark6389 :
@nabelo - I didn't see that app in the app store :disappointed: so I am thinking its an android version?
[2018-11-16 15:46:25]
validat0r :
It's android all right
[2018-11-16 15:46:33]
sclark6389 :
:disappointed:
[2018-11-16 15:47:19]
sclark6389 :
I figure as much :disappointed:
[2018-11-16 15:47:38]
validat0r :
If you're still interested, pm me
[2018-11-16 15:48:11]
validat0r :
@igor.kaist is the dev, but he's rarely here any more sadly
[2018-11-16 15:49:06]
sclark6389 :
ohh ok
[2018-11-16 16:48:37]
nabelo :
@sclark6389 So did they accept your beta invitation too?
[2018-11-16 16:58:21]
sclark6389 :
yes so I thought I would grab the ipa and decrypted it so we have it for later to play with it or to install it and use it :slightly_smiling_face:
[2018-11-16 17:17:35]
sclark6389 :
So I guess technically its kinda a free version per se a person can just sign it with cydia and use it unless a beta version expires a different way I don't think so but I never had a beta version before so I don't know for sure
[2018-11-17 08:34:56]
sclark6389 :
if anyone is interested here is Netflix decrypted
[2018-11-17 08:34:59]
sclark6389 :
<https://clk.sh/kPone>
[2018-11-17 08:48:50]
cat.db :
@sclark6389 does this app have some new feature? doesn't need vip or what ?
[2018-11-17 09:02:25]
sclark6389 :
which app?
[2018-11-17 09:05:15]
sclark6389 :
@orangeclassmate I posted a couple of links sorry I don't know which app you are talking about?
[2018-11-17 09:08:42]
sclark6389 :
if anyone wants to hack facebook or add whatever here is the decrypted version (newest version of facebook as of today
[2018-11-17 09:08:48]
sclark6389 :
<https://www.megaupload.us/Tm1/facebook_(decrypted).ipa>
[2018-11-17 09:35:00]
sclark6389 :
here is Hulu decrypted if anyone wants it
[2018-11-17 09:35:05]
sclark6389 :
<https://www.megaupload.us/Tm2/Hulu(v5.36)decrypted.ipa>
[2018-11-17 09:41:12]
sclark6389 :
if anyone wants an app decrypted let me know :slightly_smiling_face:
[2018-11-19 05:29:56]
ddzobov :
:confused:
[2018-11-19 05:34:46]
ddzobov :
This is why tweak for DJI Pilot app will be obfuscated and source code will be private
[2018-11-19 08:15:56]
cantrepeat :
bad mojo I see.
[2018-11-19 14:50:24]
cantrepeat :
Do I understand this correctly? Droneuser took Daniil's source code, change a couple of bytes and then put his name and website on it asking for donations?
[2018-11-19 15:01:07]
cs2000 :
yep, thats exactly what happened. Does he have a facebook group we can abuse?
[2018-11-19 15:07:18]
vasek_r :
Its mean
[2018-11-19 15:08:07]
cs2000 :
That screenshot is terrible. But his website is <http://files.vultureaerialphoto.com/droneuser/> and email is [goapps4hacks@yahoo.com](mailto:goapps4hacks@yahoo.com)
[2018-11-19 15:08:25]
cs2000 :
his mailbox will be pretty "angry" when its bursting at the seams....
[2018-11-19 15:10:12]
cs2000 :
He's even using one of those URL shortners that injects adds (like [adf.ly](http://adf.ly)) to host his IPA's
[2018-11-19 15:10:22]
cantrepeat :
I looked at his website and saw no credit given to anyone for the code.
[2018-11-19 15:10:41]
cantrepeat :
total bitch move
[2018-11-19 15:10:48]
cs2000 :
He is a Mavic Pilots user too. <https://mavicpilots.com/members/droneuser.14753/>
[2018-11-19 15:12:02]
cs2000 :
i dont have an account there to send him a message though
[2018-11-19 15:14:37]
cs2000 :
And i wonder where his IPA files come from.... <http://files.vultureaerialphoto.com/droneuser/stockdji/index.html> My servers possibly? I dont know anyone else that has them all stored an publicly available...
[2018-11-19 15:15:12]
cs2000 :
Blow up his video about "his new mod"...
[2018-11-19 15:20:52]
cs2000 :
Im sure he will delete it, but hey
[2018-11-19 15:26:43]
cantrepeat :
looks like it's already done
[2018-11-19 15:26:46]
cantrepeat :
gone*
[2018-11-19 15:26:57]
cs2000 :
haha thought sa much
[2018-11-19 15:28:51]
cantrepeat :
see how long mine last
[2018-11-19 15:31:55]
cantrepeat :
I added your message to his thread on mavicpilots @kilrah
[2018-11-19 15:32:20]
cantrepeat :
I did not credit you but I did ask for donations :smile:
[2018-11-19 15:37:45]
cantrepeat :
MF ruining shit for everyone else.
[2018-11-19 15:43:11]
cs2000 :
im still filling up his mailbox
[2018-11-19 15:48:57]
d95gas :
Presume his account on this channel has been locked out........
[2018-11-19 16:06:20]
cantrepeat :
Ban his entire subnet!!
[2018-11-19 16:25:51]
rickw001 :
I agree 100%
[2018-11-19 16:30:36]
cantrepeat :
He removed the my tweak video from his youtube channel
[2018-11-19 16:31:02]
cs2000 :
lol so were making progress
[2018-11-19 16:31:06]
cs2000 :
lets see what else he does
[2018-11-19 16:37:59]
cantrepeat :
is it still on his website?
[2018-11-19 16:38:51]
cs2000 :
his website is still up at least and showing the (add supported link protected) URl to his youtube
[2018-11-19 16:39:14]
rickw001 :
I just reported him on mavic pilots asking to ban him from site
[2018-11-19 16:41:00]
rickw001 :
is he banned from here?
[2018-11-19 16:41:13]
cs2000 :
no, and still in this channel
[2018-11-19 16:41:48]
kilrah :
i think he got the message.
[2018-11-19 16:41:57]
cantrepeat :
This dude is going to say he was clueless and didn't know it was bad to remove the developers credits from a source code and then pass it off as his own
[2018-11-19 16:43:55]
rickw001 :
who is in charge to ban him from here?
[2018-11-19 16:47:55]
kilrah :
Well he is... I go with Hanlon's razor in this case, always shown not to be the brightest light in the shed in his posts.
[2018-11-19 16:48:09]
rickw001 :
thread has been removed from mavic pilots
[2018-11-19 16:55:36]
cantrepeat :
Hopefully a lesson learned.
[2018-11-19 16:56:14]
cs2000 :
hopefully
[2018-11-19 16:56:54]
sclark6389 :
ya it was my bad I remove it :disappointed: I am sorry
[2018-11-19 16:57:12]
sclark6389 :
not the thread but everything else I mean
[2018-11-19 16:57:43]
cs2000 :
well done for owning up to it at least. Sorry if we seemed a little twitchy, but we have had people take credit for this groups work before so were pretty protective, even if it is all free
[2018-11-19 16:58:05]
sclark6389 :
nooo I had it coming its ok :slightly_smiling_face:
[2018-11-19 16:58:33]
cs2000 :
Like i said on the youtube comments. feel free to make videos showing people how to use the software and even tweak things, you can ask for donations for that
[2018-11-19 16:59:01]
sclark6389 :
ok
[2018-11-19 16:59:10]
cs2000 :
but just not passing off work as your own. If you made a small tweak thats actually valuable, im sure @ddzobov would mind you adding your credits to his either
[2018-11-19 16:59:30]
sclark6389 :
I will keep that in mind :slightly_smiling_face:
[2018-11-19 22:47:34]
chipmangini :
"Ruiz David" on FaceBook. I already questioned him on it telling him that I've paid for two NLD licences for my drones. Why are you giving them away?
[2018-11-19 22:49:19]
chipmangini :
He seems to think it's ok because he "gives it away" Sheesh!
[2018-11-19 22:51:50]
chipmangini :
They also deleted all of my posts complaining about it!
[2018-11-19 22:52:04]
chipmangini :
He is "Drone User"....
[2018-11-19 23:58:58]
sclark6389 :
I don't have any type of NLD stuff I never used or for that matter play with it.. its not me...when I did wrong I fess up but that is not me
[2018-11-20 00:22:43]
cantrepeat :
The plot thickens!!
[2018-11-20 03:45:38]
kilrah :
some guys make contests to gain popularity?
[2018-11-20 03:56:46]
cat.db :
@sclark6389 can you get dji gsp pro decrypted app?
[2018-11-20 06:46:21]
sclark6389 :
@orangeclassmate I think you mean dji gs pro? if so try this
[2018-11-20 06:46:25]
sclark6389 :
<https://www.megaupload.us/To7/DJI_GS_Pro(v2.0.0)decrypted.ipa>
[2018-11-20 10:49:35]
nabelo :
@cs2000 Where can i download the IPA's on your server?
[2018-11-20 10:54:32]
cantrepeat :
!DDD
[2018-11-20 10:55:48]
nabelo :
sorry...im looking for the decrypted .ipa files
[2018-11-20 10:55:59]
nabelo :
!help
[2018-11-20 11:33:42]
nabelo :
anyone here with a clean DJI Go 4 4.1.3.ipa ?
[2018-11-20 11:42:04]
sclark6389 :
I have one but its not decrypted I would assume clean you mean decrypted
[2018-11-20 12:12:32]
kilrah :
links are on wiki
[2018-11-20 12:26:06]
nabelo :
links for the .ipa?
[2018-11-20 12:26:13]
nabelo :
hmmmm sorry i cant find it
[2018-11-20 12:28:51]
nabelo :
sorry
[2018-11-20 12:28:56]
nabelo :
i found it :smile:
[2018-11-20 12:29:05]
nabelo :
<https://dji.retroroms.info/howto/firmware#dji_go_4>
[2018-11-20 12:55:57]
nabelo :
@kilrah Thnx for the heads up
[2018-11-20 15:12:38]
rickw001 :
hey guys,is there any new fw that receives glonass and galileo sats without patching tiles?
[2018-11-20 15:13:22]
rickw001 :
I thought nld was going to do it
[2018-11-20 15:17:17]
cantrepeat :
I believe the tiles just give you DTM height and don’t have anything to do with galileo function.
[2018-11-20 15:18:04]
rickw001 :
kk,didn't need that anyway,just trying to get newer sats,lol
[2018-11-20 15:19:09]
rickw001 :
I'm still on 700,didn't know if newer versions already have it
[2018-11-20 15:20:22]
cantrepeat :
MP?
[2018-11-20 15:20:28]
rickw001 :
yes
[2018-11-20 15:21:50]
cantrepeat :
I thought galileo functions is a product FC Patcher and as such would need the 4.0300 patched
[2018-11-20 15:23:20]
rickw001 :
I'm lost when it comes to that,wasn't really sure,a while back dji said it was included innewer fw
[2018-11-20 15:28:27]
cantrepeat :
I'm not sure what dji has done in reference to adding galileo support, but Matioupi added it to FC Patcher.
[2018-11-20 15:28:52]
cantrepeat :
But I believe you are correct, it needs NLDs patched apk to work.
[2018-11-20 15:30:02]
rickw001 :
thats just android?
[2018-11-20 15:33:37]
cantrepeat :
yes
[2018-11-21 05:47:33]
saleem941 :
NEW update For dji go 4 ....
[2018-11-21 06:11:44]
cat.db :
<https://drive.google.com/file/d/1hzQg0ZigpWkrALu3TudNLa7Pk4T0pJ8k/view?usp=sharing>
[2018-11-21 06:12:17]
cat.db :
i want to know ,does anybody can mod this app?:rolling_on_the_floor_laughing:
[2018-11-21 08:51:06]
cat.db :
this website is very slow.:rolling_on_the_floor_laughing:
[2018-11-21 08:51:41]
cat.db :
mega or googledrive?
[2018-11-21 08:58:25]
sclark6389 :
I think its to big for google drive :disappointed:
[2018-11-21 08:59:15]
sclark6389 :
let me check something
[2018-11-21 09:05:32]
sclark6389 :
radiashare no longer around? and ya its to big for mega :disappointed: @orangeclassmate if you want to upload it else where feel free to :slightly_smiling_face:
[2018-11-21 09:05:34]
cat.db :
google can upload
[2018-11-21 09:09:23]
nabelo :
@sclark6389 Do you also have the newest Litchi beta decrypted? there was an beta update yesterday
[2018-11-21 09:09:48]
sclark6389 :
no I can tho give me a min or two
[2018-11-21 09:10:00]
nabelo :
thnx mate
[2018-11-21 09:10:06]
sclark6389 :
np
[2018-11-21 09:12:28]
nabelo :
anyone already can confirm if the newest DJI Go version is working with frida patch?
[2018-11-21 09:12:40]
nabelo :
will everything (FCC) still work?
[2018-11-21 09:14:40]
cat.db :
seems nobody share dji go mod patch.
[2018-11-21 09:19:45]
sclark6389 :
@orangeclassmate Daniil Zobov will patch it when he can
[2018-11-21 09:20:34]
cat.db :
Mabe,He's great.:grinning:
[2018-11-21 09:22:43]
sclark6389 :
@nabelo looks like they kept the same version number so I named file update just a fyi
[2018-11-21 09:22:48]
sclark6389 :
<https://www.megaupload.us/Tpo/update_Litchi_beta(v2.6.3)decrypted.ipa>
[2018-11-21 09:24:52]
nabelo :
thnx
[2018-11-21 09:24:59]
sclark6389 :
np
[2018-11-21 16:47:11]
nabelo :
Anyone got the new Frida patched go4 .IPA already?
[2018-11-21 17:08:25]
rickw001 :
something wrong with the old one?
[2018-11-21 17:36:00]
nabelo :
Of course there is nothing wrong with the old one. Im just curious if the new version dont break anything.
[2018-11-21 21:00:05]
nabelo :
@sclark6389 The decrypted Go 4 ipa you uploaded this morning is not working. If you look at the filesize you can see it's way to small. Something went wrong with the decryption I guess.
[2018-11-21 21:13:35]
mr.vibez :
I can patch if you want?
[2018-11-21 21:15:26]
nabelo :
First we need someone who can decrypt it
[2018-11-21 21:15:55]
mr.vibez :
Ah just noticed the one uploaded earlier is corrupted
[2018-11-21 21:16:02]
nabelo :
Yes
[2018-11-21 21:16:11]
nabelo :
I can patch it too
[2018-11-21 21:16:18]
nabelo :
But I can't decrypt
[2018-11-21 21:16:40]
mr.vibez :
Me either, no jailbreak here
[2018-11-21 22:59:55]
sclark6389 :
hum wired works here maybe it didn't upload right or when you download it
[2018-11-21 23:00:06]
sclark6389 :
err wierd
[2018-11-21 23:19:21]
sclark6389 :
@nabelo - I am re-uploading it
[2018-11-21 23:38:53]
sclark6389 :
just a fyi only Daniil zobov can post the link in channel
[2018-11-21 23:39:01]
sclark6389 :
after its patched I mean
[2018-11-21 23:40:44]
sclark6389 :
@ddzobov - need dji go 4 update can you please patch..thanks
[2018-11-21 23:40:52]
sclark6389 :
err new I mean
[2018-11-22 06:12:53]
nabelo :
@sclark6389 Its the same file you uploaded. same filesize and not working.
[2018-11-22 06:13:19]
nabelo :
i just tried it. It is way to small
[2018-11-22 06:34:57]
sclark6389 :
hum what size does it show when you download it?
[2018-11-22 06:35:19]
sclark6389 :
very weird the file works here hummm
[2018-11-22 06:38:22]
sclark6389 :
also the above link my download it as a zip file just rename it to ipa
[2018-11-22 06:50:21]
sclark6389 :
let me re-decrypted it and I will install the decytred version give me a min or two
[2018-11-22 07:10:03]
sclark6389 :
I think I may have found the problem give me a couple mins
[2018-11-22 07:12:00]
nabelo :
ok
[2018-11-22 07:12:26]
sclark6389 :
re-downloading dji 4 so a few more mins
[2018-11-22 07:25:08]
sclark6389 :
@nabelo hum I keep getting the same file size...hummm
[2018-11-22 07:25:39]
nabelo :
there is something missing with your dump
[2018-11-22 07:26:05]
nabelo :
If i resign it only and install it afterwards it will not show any icon and will not start
[2018-11-22 07:26:53]
sclark6389 :
well here is whats weird I ran that dump thru Frida and it installed just fine
[2018-11-22 07:27:42]
sclark6389 :
can you run it thru Frida to see what you get?
[2018-11-22 07:27:44]
nabelo :
thats strange
[2018-11-22 07:27:58]
nabelo :
how big is your decrypted .ipa?
[2018-11-22 07:28:23]
sclark6389 :
let me look
[2018-11-22 07:29:37]
sclark6389 :
I got 363,528kb
[2018-11-22 07:33:43]
sclark6389 :
let me reboot and reload jail break give me a few mins
[2018-11-22 07:38:33]
sclark6389 :
yea I am jail broken cydia loads let me play around with this
[2018-11-22 07:43:49]
sclark6389 :
ok I reboot, re-jailbreak , let me re-dump it now to see what I get
[2018-11-22 07:49:13]
sclark6389 :
I still get the same file size
[2018-11-22 07:50:27]
nabelo :
did u install the patched frida .ipa?
[2018-11-22 07:51:28]
sclark6389 :
not with this dump I didn't let me try give me a few mins
[2018-11-22 07:51:59]
nabelo :
if it installs fine can you please upload it for me?
[2018-11-22 07:52:05]
nabelo :
will try it then
[2018-11-22 07:52:37]
sclark6389 :
you mean after I Frida it?
[2018-11-22 07:53:59]
nabelo :
yes
[2018-11-22 07:54:28]
nabelo :
yust do plain frida script
[2018-11-22 07:54:45]
sclark6389 :
yup
[2018-11-22 07:54:59]
sclark6389 :
give me a few mins tho
[2018-11-22 07:55:10]
sclark6389 :
20 mins or so
[2018-11-22 07:55:13]
nabelo :
np
[2018-11-22 07:55:32]
nabelo :
the new frida script is much much more faster now
[2018-11-22 07:56:22]
nabelo :
Zobrow have done some updates to it
[2018-11-22 07:56:37]
nabelo :
<https://github.com/ddzobov/dji-ios-frida-tweak>
[2018-11-22 07:56:43]
sclark6389 :
I don't use that but the out come will be a stock Frida
[2018-11-22 07:57:05]
nabelo :
what do you use?
[2018-11-22 08:27:57]
sclark6389 :
installing it now......few more mins
[2018-11-22 08:37:17]
nabelo :
how do you patch the decrypted.ipa to get the stock frida.ipa?
[2018-11-22 08:37:38]
nabelo :
you don't use the script from zobrow??
[2018-11-22 08:37:50]
sclark6389 :
I just use command line I think it may be in that link I sent you
[2018-11-22 08:38:08]
sclark6389 :
ok seems to work fine
[2018-11-22 08:38:11]
nabelo :
<https://github.com/ddzobov/dji-ios-frida-tweak>
[2018-11-22 08:38:23]
nabelo :
this is the correct script you have to use
[2018-11-22 08:38:42]
sclark6389 :
yes I used that tweek
[2018-11-22 08:38:44]
nabelo :
ipa_patch.sh
[2018-11-22 08:39:04]
nabelo :
do you use the latest version of this script?
[2018-11-22 08:39:25]
cat.db :
does somebody can make a video about how to patch it ?
[2018-11-22 08:39:25]
sclark6389 :
yes :slightly_smiling_face: seems to load and run fine :slightly_smiling_face:
[2018-11-22 08:39:49]
sclark6389 :
I didn't go fly but everything runs just fine
[2018-11-22 08:39:54]
nabelo :
Run: ./ipa_patch.sh "DJI GO 4 4.3.2" [Signature] [Mobileprovision File]
[2018-11-22 08:40:11]
nabelo :
did you try it with the latest script?
[2018-11-22 08:40:24]
nabelo :
zobrow changed it 4 days ago
[2018-11-22 08:40:38]
sclark6389 :
yes ,23
[2018-11-22 08:40:45]
sclark6389 :
.23 I mean
[2018-11-22 08:40:55]
nabelo :
sec...
[2018-11-22 08:41:27]
sclark6389 :
I just installed it on my ipad mini 4 seems to run just fine
[2018-11-22 08:41:49]
nabelo :
hmmmmmmm
[2018-11-22 08:41:57]
sclark6389 :
try it your self
[2018-11-22 08:42:15]
nabelo :
ipa_patch.sh patch script update 4 days ago
[2018-11-22 08:42:27]
nabelo :
are you sure you are using the latest script?
[2018-11-22 08:43:04]
sclark6389 :
yes i download everything from that site when you posted the link
[2018-11-22 08:43:34]
nabelo :
please go to his github page and click on the button "Clone or download"
[2018-11-22 08:43:58]
nabelo :
then "Download ZIP"
[2018-11-22 08:44:22]
sclark6389 :
i did that's how i just patch it why does it not work for you?
[2018-11-22 08:44:23]
nabelo :
you should get a file called "dji-ios-frida-tweak-master.zip"
[2018-11-22 08:45:03]
nabelo :
can you please upload the frida patched .ipa you just installed?
[2018-11-22 08:45:11]
nabelo :
i will try it again then
[2018-11-22 08:45:33]
sclark6389 :
yes i cant post link in channel so send me a pm
[2018-11-22 08:49:51]
ddzobov :
i'll make frida ipa after kilrah send me decrypted one
[2018-11-22 08:58:48]
sclark6389 :
what file size was the decrypted file?
[2018-11-22 08:59:28]
sclark6389 :
ohh you mean you haven't yet?
[2018-11-22 09:44:42]
nabelo :
maybe ist because you decrypt it on an ipad in i habv an iphone
[2018-11-22 09:45:27]
nabelo :
ipad is using different assets
[2018-11-22 09:45:53]
nabelo :
that also will explain the much smaler filesize of the decrypted .ipa
[2018-11-22 09:58:08]
kilrah :
he hasn't undertstood that apps you want to decrypt need to be downloaded using iTunes, if you download from device they are thinned and incomplete
[2018-11-22 09:59:39]
kilrah :
will provide if i can manage to jailbreak again, ran out of battery...
[2018-11-22 10:00:35]
kilrah :
App is 588MB
[2018-11-22 10:00:59]
nabelo :
@kilrah Thank you so much
[2018-11-22 10:02:05]
sclark6389 :
ohh shit that is right i download it from app store sorry about the last one i must of download from iTunes sorry i will have to try to rember that
[2018-11-22 11:25:15]
soddy :
Someone said the FCC mod 4.3.4 not work on latest released FW of Mavic 2
[2018-11-22 11:29:41]
nabelo :
I can only say that on my Spark FCC mod is working fine
[2018-11-22 11:29:57]
nabelo :
Dont know if its work with the Mavic 2
[2018-11-22 11:57:05]
sclark6389 :
@kilrah if i understood this correctly....i think i have the right one now :slightly_smiling_face: do you want me to post a link? or you want to? it don't matter to but though i would ask first :slightly_smiling_face:
[2018-11-22 11:57:37]
kilrah :
go ahead, can't manage to jailbreak right now
[2018-11-22 11:57:59]
sclark6389 :
ok make sure i got it right this time
[2018-11-22 11:58:09]
sclark6389 :
<http://files.vultureaerialphoto.com/droneuser/DJI%20GO%204(v4.3.5)decrypted.ipa>
[2018-11-22 11:59:17]
sclark6389 :
please double check it thanks
[2018-11-22 12:21:20]
rickysuper :
FCC mod did work with 4.3.4 frida and latest firmware on M2P, with 0.23 Tweak.js
[2018-11-22 12:48:54]
sclark6389 :
ohhh i forgot to say you may have to rename file from zip to ipa depending on how a person downloads it...
[2018-11-22 14:23:16]
rickw001 :
above link with new Tweak gives me modded new go4 ?
[2018-11-22 14:25:49]
rickw001 :
or above link just allow modding of new go4 ?
[2018-11-22 14:32:40]
kilrah :
the latter
[2018-11-22 14:35:50]
rickw001 :
thank you
[2018-11-22 14:37:30]
rickw001 :
will wait for Zobov :grinning:
[2018-11-22 16:54:17]
cantrepeat :
@kilrah are both electra and uncover broken now? Seems apple is forcing a lot of older iOS to update by unauthorizing the phones/OS thus a lot of people losing j/b (kind of O/T)
[2018-11-22 16:57:12]
kilrah :
it's not the jb being broken it's the platform supplying it at the moment
[2018-11-22 16:57:45]
kilrah :
simply can't install the electra1131mptcp from ignition
[2018-11-22 16:57:54]
kilrah :
can install the other electra variants but they never worked for me
[2018-11-22 16:58:42]
kilrah :
never tried unc0ver
[2018-11-22 16:58:48]
kilrah :
dunno if i can go from one to the other
[2018-11-22 17:04:36]
rickw001 :
took me about 6 or 7 tries couple hrs ago to get mine jb again
[2018-11-22 17:05:47]
rickw001 :
used uncover
[2018-11-22 17:35:10]
sclark6389 :
I could never get uncover to work. you can go from one to another as long as you undo it first I think I read that on uncover site.
[2018-11-22 17:40:26]
sclark6389 :
I think if I recall right I read that on here
[2018-11-22 17:40:32]
sclark6389 :
<https://www.reddit.com/r/jailbreak/comments/9nwxei/release_unc0ver_the_most_advanced_jailbreak_tool/>
[2018-11-22 17:42:44]
rickw001 :
there are 2 uncovers,first one wouldn't work for me second one did
[2018-11-22 17:43:14]
sclark6389 :
ohhh the link I posted is that first one or second one?
[2018-11-22 17:43:38]
rickw001 :
not sure,got it from mini4
[2018-11-22 17:44:31]
sclark6389 :
hum I don't know what you mean by mini4 is that a site?
[2018-11-22 17:46:23]
rickw001 :
my ipad,when I used ignition there were 2 versions there,first one I tried didn't work,second did
[2018-11-22 17:46:44]
sclark6389 :
ohh ok I see what you mean ok
[2018-11-22 17:48:21]
sclark6389 :
I know the one at the link I posted didn't work for me I will have to find another version only if I need to so far mine is working so I don't want to mess with it..lol
[2018-11-22 17:53:16]
sclark6389 :
I do know every time I have to reboot I pray! lol ...I try not to reboot unless something is not working right
[2018-11-22 21:43:45]
chipmangini :
underc0ver works great 4 me on my iPad Pro 11.3.1. If i reboot, I just install it again, FTW!
[2018-11-22 23:06:11]
cantrepeat :
Haxs!!
[2018-11-23 00:42:42]
rickw001 :
when I checked my mini 4 this morning my undercOver jb was broken and I had to redo it
[2018-11-23 06:36:09]
mr.vibez :
I'll just put there here until @ddzobov uploads <https://mega.nz/#!0wxSnKgJ!QnUAAShItDkU95H1b9x1Iy0I-jcRbXzPifD0ihp992A>
[2018-11-23 06:36:38]
mr.vibez :
^^ DJI GO 4 4.3.5-frida.ipa ^^
[2018-11-23 07:47:41]
nabelo :
@sclark6389 I tried out your new decrypted .ipa...This time everything is working
[2018-11-23 07:48:04]
nabelo :
i can patch this .ipa without problems and it installs and runs fine
[2018-11-23 07:48:18]
nabelo :
still have to test if FCC is really working :smile:
[2018-11-23 07:51:17]
sclark6389 :
@nabelo ok good :slightly_smiling_face: and thanks for letting me know :slightly_smiling_face:
[2018-11-23 07:56:21]
nabelo :
np
[2018-11-23 07:56:37]
nabelo :
thanks for decrypting the .ipa
[2018-11-23 08:01:44]
sclark6389 :
np
[2018-11-23 20:00:22]
nabelo :
@ddzobov I have a Spark
[2018-11-24 03:54:17]
rickysuper :
M2Pro 4.3.5 frida, Tweak 0.23 with latest firmware FCC hold.
PS: Many people claimed that latest firmware would revert to CE but I don't know what version of Go4 frida and Tweak they are using.
[2018-11-24 03:56:47]
rickysuper :
But FCC cheat using two versions of Go4 not work with the latest firmware and frida.
[2018-11-24 08:59:23]
nabelo :
Did you try this with the version @mr.vibez uploaded?
[2018-11-24 08:59:39]
nabelo :
@rickysuper
[2018-11-24 09:00:38]
mr.vibez :
I'm just trying it now, I suspect it's the tweak.js file
[2018-11-24 09:01:55]
nabelo :
Can you please explain this? i dont fully understand
[2018-11-24 09:39:20]
mr.vibez :
Hmm, I cant get past the popup, the buttons do nothing
[2018-11-24 09:40:47]
mr.vibez :
Ah, restarting the app and the buttons now work
[2018-11-24 09:45:37]
mr.vibez :
can confirm FCC no longer working
[2018-11-24 09:46:29]
czokie :
I've been away for a bit... @mr.vibez - Not working on what aircraft?
[2018-11-24 09:49:40]
mr.vibez :
MP2
[2018-11-24 09:49:48]
mr.vibez :
I think the tweak.sj is at fault
[2018-11-24 09:50:04]
czokie :
Have you tried earlier tweak files?
[2018-11-24 09:50:12]
mr.vibez :
Try my version, it still works (just enables FCC automatically)
[2018-11-24 09:50:40]
mr.vibez :
[2018-11-24 09:50:59]
hin.lai :
MP2 + Lee Smith upload version Frida, + 0.23 with Interaction disabled, US_COUNTRY_CODE TRUE, seem FCC working.
[2018-11-24 09:50:59]
czokie :
OK. Just JS issue - I was worried that DJI had done some stuff to bypass our tweaks...
[2018-11-24 09:51:10]
czokie :
If its just JS, I am happy :slightly_smiling_face:
[2018-11-24 09:52:18]
mr.vibez :
Still happy days :slightly_smiling_face:
[2018-11-24 09:55:35]
mr.vibez :
Hmm, not getting a prompt to update batteries, is that due to the tweak?
[2018-11-24 10:19:33]
rickysuper :
Yes
[2018-11-24 17:27:17]
nabelo :
Spark
[2018-11-25 00:52:07]
rickw001 :
did Zobov update newest go 4 yet?
[2018-11-25 01:10:30]
cantrepeat :
Probably not blame Droneusre for that
[2018-11-25 16:06:38]
ddzobov :
Tomorrow i will make new ipa
[2018-11-25 16:30:40]
rickw001 :
thank you soo much
[2018-11-25 16:31:08]
rickw001 :
:grinning:
[2018-11-25 17:19:00]
diy :
Hi. With the previous firmware i was able to get FCC while i was on official dji go 4 after closing the frida ipa. Now with the latest firmware, i can still get FCC on ipa but when i switch to official dji app it directly kicks me to CE. Is there a solution to this?
[2018-11-26 01:54:39]
rickysuper :
Actually whats wrong with the latest frida or the Tweak.js ? I got no issues but others have.
[2018-11-26 08:40:12]
ddzobov :
<https://yadi.sk/d/xOuW0m25KJusgA>
[2018-11-26 08:50:24]
rickysuper :
@ddzobov New Frida any changes ?
[2018-11-26 08:57:11]
ddzobov :
no
[2018-11-26 08:57:26]
ddzobov :
maybe small bugfixes
[2018-11-26 08:57:31]
ddzobov :
size same
[2018-11-26 09:01:54]
rickysuper :
Thanks @ddzobov
[2018-11-26 13:23:18]
rickw001 :
SUPER THANKS @ddzobov :+1:
[2018-11-26 13:24:06]
nabelo :
Thank you @ddzobov
[2018-11-26 14:39:17]
chipmangini :
Thanks @ddzobov!
[2018-11-26 20:28:10]
mr.vibez :
Can anyone confirm the latest fw version for the MP2 batteries
[2018-11-29 01:07:19]
pete.collins :
Thanks @ddzobov! - Anyone know if this works with the latest M2P FW? - not that I have upgraded yet
[2018-11-29 01:21:42]
rickysuper :
M2Pro 4.3.5 frida, Tweak 0.23 with latest firmware FCC hold.
[2018-11-30 05:06:34]
ddzobov :
Anyone tested with p4p?
[2018-11-30 05:06:51]
ddzobov :
We tested yesterday - no 5.8 and fcc
[2018-11-30 05:47:48]
rickysuper :
Which Tweak.js you use? 0.22 or 0.23 ?
[2018-11-30 06:22:10]
soddy :
Someone said that boost not work with latest fw(200) on M2 but can downgrade RC back to fw 100 to keep the boost mode while lossing new features!
[2018-11-30 09:01:04]
rickysuper :
Mind and my friends all work on latest M2 firmware, with 4.3.5 frida using Tweak.js 0.23, FCC hold but not tried Boost mode.
[2018-12-01 20:35:34]
paoloone :
@channel I’m looking for a IOS developer with DJI mobile SDK experience, it is a job offer as freelancer, hourly based or project based rates.
[2018-12-01 20:36:13]
paoloone :
Contact me if interested
[2018-12-04 21:23:58]
nabelo :
Anyone here already decrypted the latest DJI Go 4 IPA?
[2018-12-04 21:24:22]
nabelo :
4.3.8
[2018-12-04 21:42:42]
kilrah :
this? <https://www.dropbox.com/s/mrvirbydnwf4ihu/DJI%20GO%204%204.3.8%20%28decrypted%29.ipa?dl=1>
[2018-12-04 21:43:47]
kilrah :
@ddzobov :arrow_up:
[2018-12-05 01:56:45]
dronepilot :
Tested today Phantom 4 Pro 4.3.5 frida 0.23 tweak 1.5 boost, 32ch, 2.4ghz didn't like it.
[2018-12-05 02:01:42]
dronepilot :
Forgot to mention found some bugs c1 and c2 works some times on frida 4.3.5.
[2018-12-05 02:27:28]
dronepilot :
Is there any way to download 0.23 tweak to use with frida 4.3.3 instead of the 0.22?
[2018-12-05 02:47:29]
hin.lai :
Forgot to mention found some bugs c1 and c2 works some times on frida 4.3.5<-- i found this issues from 4.3.0 original apps already persist, seem not related with the mod apps, not only c1 c2, even click on screen for the corresponding feature also not response at all.
[2018-12-05 07:39:57]
nabelo :
@kilrah thnx
[2018-12-06 11:33:07]
nabelo :
Isn't the patched Frida IPA supposed to force FCC? I still get Everytime a pop-up in DJI Go4 if I want to change my Wifi region and I have to select "Cancel" in this pop-up to stay in FCC mode.
[2018-12-06 11:33:35]
nabelo :
It this the supposed way with the patched Frida IPA?
[2018-12-06 11:34:29]
nabelo :
why i still get this pop-up every time?
[2018-12-06 11:34:42]
nabelo :
Im using a Spark btw.
[2018-12-06 15:55:52]
kilrah :
current frida tweaks are only for ocusync things
[2018-12-06 17:44:08]
avunduk :
can anybody help me where to start, I only know how to sideload ipa apps but they are expired on every 7 days
[2018-12-06 17:44:16]
avunduk :
Noob here :(
[2018-12-06 17:45:22]
diy :
Yes. Same for me. Is there a way?
[2018-12-06 17:46:38]
avunduk :
In retroroms Page it is mentioning a method where you replace some of the filws through iTunes, how ever I think it is not working with latest Version of DJI go app in IOS
[2018-12-06 17:47:19]
avunduk :
I am even thinking to replace my ipad 5th gen to xiaomi mipad 4 to have less problems with APK
[2018-12-06 19:20:00]
rickw001 :
unless you jailbreak your device you have to resign app every 7 days
[2018-12-06 21:38:02]
nabelo :
Rally? I thought the patched Frida IPA also works for the Spark??
[2018-12-06 22:32:18]
kurdi80 :
How to buy any links @ddzobov
[2018-12-06 22:42:20]
kilrah :
really?
[2018-12-06 22:46:37]
chipmangini :
<https://developer.apple.com/programs/enroll/> :arrow_up::arrow_up::arrow_up::arrow_up:
[2018-12-06 22:51:26]
kilrah :
don't believe so, but could be mistaken. You do have the tweak.js installed, right?
[2018-12-06 23:05:28]
avunduk :
Lets assume that I jailbroke ( which I will do for my ipad) then what else do I need to install? :face_with_rolling_eyes:
[2018-12-06 23:05:55]
avunduk :
Costs 100 usd per year, doesnt worth it
[2018-12-07 06:45:37]
nabelo :
I patched the decrypted ipa myself. But I don't copy the tweak.js file via iTunes because the "quiz" questions are already in place. Do I really have to copy the tweak.js in place??
[2018-12-07 07:56:26]
kilrah :
Uh yeah, without tweak.js it just does nothing
[2018-12-07 07:56:45]
kilrah :
unless you built it in
[2018-12-07 14:58:07]
nabelo :
But I already get the questions when I start the app. Will I get the questions also if I don't copy the tweak.js?
[2018-12-07 14:58:53]
nabelo :
I simply run the patcher script to build the patched IPA with the the decrypted IPA.
[2018-12-07 15:05:23]
nabelo :
So the standard script to build the patched IPA don't build in the tweak.js?
[2018-12-07 15:05:31]
kilrah :
ok then maybe, never tried myself
[2018-12-07 15:06:45]
nabelo :
Hmm that's strange. Maybe @ddzobov can give us a heads up.
[2018-12-07 15:13:46]
kilrah :
should be easy to just read the script and find out.
[2018-12-07 15:14:44]
nabelo :
Is you look into the script you can see that it will download the tweak.js and include it automatically
[2018-12-07 15:15:17]
nabelo :
So I think it is not necessary to copy it over manually after installation
[2018-12-07 15:17:22]
kilrah :
okay
[2018-12-07 15:17:32]
kilrah :
weird that he does it differently for the version he distributes then
[2018-12-07 15:17:38]
kilrah :
or he changed that too
[2018-12-07 20:33:00]
ddzobov :
Mavic 2 FCC 5.8
[2018-12-08 08:32:14]
rickysuper :
can fly more range. 6.5 should be fine
[2018-12-08 14:29:22]
nabelo :
@ddzobov do you have time patch the new decrypted version @kilrah provided?
[2018-12-08 14:35:21]
rickysuper :
True
[2018-12-08 15:59:49]
rickw001 :
after loading 4 4.3.8 says tweek not supported ?
[2018-12-08 17:32:14]
ddzobov :
Now me with team building new tweak version, now it private and paid.
In new versions loader for new tweak injected.
New features:
- stable and 100% fcc and 5.8
- support p4p, i2 and other drones
All described here: <https://t.me/dji_tweak>
If you want change bundle id you can set it only to com.dji.go-tweakbox
[2018-12-08 17:36:05]
ddzobov :
For use with public tweak you can patch ipa yourself
[2018-12-08 17:36:41]
ddzobov :
All tools you need at github
[2018-12-08 18:07:58]
rickw001 :
patched tweek has to be purchased now?
[2018-12-08 18:22:40]
d95gas :
Yep looks like 50 euro per device
[2018-12-08 18:23:53]
d95gas :
per year
[2018-12-08 18:30:15]
rickw001 :
oh well,not for this old man,sorry
[2018-12-08 18:31:35]
d95gas :
Nor me at the moment, seem to be spending more time with the Anafi than the MP these days
[2018-12-08 18:33:22]
rickw001 :
I'm retired,fixed income with a large family,they need it more than me,lol
[2018-12-08 18:37:11]
d95gas :
Not retired, but I know the feeling, still have to watch the pennies..... Drones are costing me enough as it is
[2018-12-08 19:38:54]
nabelo :
@ddzobov Can you confirm is will work with Spark. If yes I will buy it for sure.
[2018-12-08 20:26:22]
avunduk :
Anybody here able to jailbreak ipad 5th gen on ios 12.0 and bypass 7 days limitation? It really pisses me off
[2018-12-09 02:54:16]
rickysuper :
I paid 99 Apple Developer program....... Now 50 euro.
I know the feeling but its too much to me
[2018-12-09 02:57:15]
rickysuper :
business fxxking guys ruined the game....
[2018-12-09 07:30:18]
vasek_r :
As far as I remember its not long time ago someone tried make his own business with @ddzobov work he did for everyone here for free.....
[2018-12-09 08:42:54]
bnene2003 :
The new tweak support P4P, is it FCC Boost or just FCC 0.4W?
[2018-12-09 10:30:27]
rickysuper :
I mean those use yours free tweak and Frida to make money guys. Not you and sorry for the confuse I made
[2018-12-09 10:32:45]
rickysuper :
Exactly what I mean.....
[2018-12-10 10:06:42]
dronepilot :
Has anyone tested out the new Go 4.3.8, now only give force fcc on tweak option. Doesn’t have boost or frequency change 2.3 and 2.5ghz. What are your thoughts?
[2018-12-10 13:49:42]
ddzobov :
Yes, i removed these options due research
[2018-12-10 13:50:04]
ddzobov :
In this tweak will be only stable options
[2018-12-10 14:44:03]
nabelo :
@ddzobov What about BundleID changes in your paid IPA version?
[2018-12-10 14:44:08]
nabelo :
Is it possible now
[2018-12-10 14:53:02]
ddzobov :
Yes, you can change it
[2018-12-10 18:30:31]
avunduk :
Did anybody tried <https://www.udidregistrations.com> and sideload ipa through this service?
[2018-12-10 21:29:36]
nabelo :
@avunduk If you get the cert and prov. Profile it should be no problem to sideload
[2018-12-10 21:30:06]
nabelo :
I'm using IPAstore lite. Works like a charm
[2018-12-11 03:40:32]
nicky429 :
Hello everyone, I am a newbie. I already have "mobileprovison" and "P12" and "DJI GO 4 4.3.3.ipa". How do I generate a DJI GO 4 that can be used to open the FCC and use it for a long time? I hope I can help me step by step, thank you all.
[2018-12-11 04:46:48]
nicky429 :
Where did something go wrong?
[2018-12-11 06:54:11]
hin.lai :
should start with .\ipa_patch.sh instead of run:....
[2018-12-11 08:38:58]
nabelo :
New DJI Go4 is released
[2018-12-11 11:49:44]
kilrah :
<https://www.dropbox.com/s/isogo3yf4pvtj6p/DJI%20GO%204%204.3.9%20%28decrypted%29.ipa?dl=1>
[2018-12-11 13:17:34]
hin.lai :
:+1::100:
[2018-12-12 18:04:09]
ddzobov :
t.me/dji_tweak
[2018-12-12 18:04:17]
ddzobov :
4.3.9-frida here
[2018-12-14 01:52:15]
nicky429 :
thanks,sir.But I want to know if this option is available for this TWEAK version 0.21
[2018-12-16 20:52:10]
mavpac :
That means 50 bucks for one year per device right?
Just want fcc for some flights... got iphone 6 and ipad mini... that means two devices, totaling in 100 bucks plus another 100 for signing? Correct?
[2018-12-17 06:07:11]
ddzobov :
For slack users price 50 eur per two devices.
[2018-12-17 07:08:02]
rickysuper :
We together 10 people share the Apple Developer program $100. Can the cert holder deploy the frida ipa as usual and the user pay to you separately ?
[2018-12-17 11:44:49]
czokie :
@rickysuper - I had an idea previously to have a dev cert, and a "factory" that would sign IPA's ... I got a decent way into it, but I got stuck on some languages that I was unfamiliar with. I have a cert, just no way to industrialise it yet.
[2018-12-17 12:37:17]
ddzobov :
<https://github.com/saucelabs/isign/blob/master/README.rst>
[2018-12-17 16:26:00]
avunduk :
Friends, I installed latest frida, should I sign with my dji go account?
[2018-12-17 16:26:25]
avunduk :
And what should be the best option for 2.3 / 2.5 / 5.8
[2018-12-17 17:29:27]
dronepilot :
@avunduk fcc + boost + 2.4/5.8ghz mavic 1 and 2.
Phantom 4 Pro fcc + boost + 32ch + 2.4/5.8ghz.
Mavic air fcc + 2.4/5.8ghz same as the spark.
[2018-12-17 17:37:19]
dronepilot :
@ddzobov payed today everting working great, got the 7 days trial free and boom this thing got on me. :joy::joy::joy:
Hope to se new improvements on .31 tweak start up.
And please share best settings over the tweak, me and some people have this questions.
[2018-12-17 17:45:48]
avunduk :
So I dont need 32ch for Mavic Air?
[2018-12-17 18:32:52]
webmaster :
I've heard Boost is useless for Lightbridge (P4P)
[2018-12-17 21:03:58]
avunduk :
So I asked a developer friend of mine to register my udid to his developer account, and installed the dji go frida app via superimpactor, still says I need to resign every 7 days? why?
[2018-12-17 21:06:02]
avunduk :
Do I also need to sign the app?
[2018-12-17 21:49:34]
kilrah :
you'd need to log in to superimpactor with his account.
[2018-12-17 21:49:50]
kilrah :
otherwise he needs to build an app for you
[2018-12-18 20:40:13]
mavpac :
So if my friend adds my uuid to his dev account, can he create an app specific password which I can use with superimpactor to sign the ipa and it will be fine for one year?
[2018-12-18 22:13:15]
kilrah :
no
[2018-12-18 22:13:45]
kilrah :
you don't use superimpactor at all
[2018-12-20 17:46:22]
mavpac :
Ok... instead?
[2018-12-20 17:46:35]
mavpac :
Wanted to have the easiest way for him.
[2018-12-20 18:02:11]
ddzobov :
He can install ios app signer
[2018-12-20 18:02:25]
ddzobov :
And sign ipa for you
[2018-12-21 10:24:31]
ddzobov :
anyone can dump application for me with jailbroken iphone?
[2018-12-21 21:51:20]
chipmangini :
@ddzobov I have an iPad 10.5 pro jailbroken and would be happy to help if you can tell me exactly how to do it on Win 10 Pro..
[2018-12-21 21:54:22]
chipmangini :
I have one of your Frida apps running on it now, but I forget which one...
[2018-12-21 22:07:23]
lod108 :
is it normal, that it will reset settings on the mavic 2 when going into the menu option for Channel selection it will display just a few seconds 2.4 and then switch back to national settings where i cannot select the channel?
[2018-12-22 09:42:33]
cs2000 :
For anyone that curious still. Im rewriting the iOS rollback stuff on the wiki totally as I’ve found that it is possible still to do a rollback and side load the IPA into iTunes on versions after 12.6 (which we didn’t think it used to be possible to do). Sadly the wiki has just fell over again in the middle of my edits ! But il hopefully get it done once it comes back up.
[2018-12-22 10:03:23]
cantrepeat :
that site needs a bigger pipe
[2018-12-22 10:03:36]
cantrepeat :
any idea where it is hosted?
[2018-12-22 14:22:51]
mavpac :
And if I jailbrake my ipad i dont need dev account to sign? So ipa installed through imazing or ifunbox will stay valid even after 7 days?
[2018-12-22 14:37:50]
rickw001 :
no
[2018-12-22 15:41:30]
mavpac :
Ok thx. I thought with jailbreak I will be able to install any ipa...
[2018-12-22 16:15:44]
cantrepeat :
you can install any ipa, that doesn't mean it wont expire
[2018-12-22 16:17:07]
ddzobov :
When i jb last time i need to install appsync after jb for install any ipa without sign
[2018-12-22 19:57:02]
kilrah :
jailbroken runs unsigned apps just fine.
[2018-12-22 19:57:40]
kilrah :
jailbreak, install appsync, and as long as you're jailbroken you don't need any signature, and no expiry obviously.
[2018-12-23 02:12:22]
rickysuper :
Is the new tweak of paid frida not have boost mode ?
[2018-12-23 02:14:02]
rickysuper :
I want to have boost and FCC and latest Go 4 version.
[2018-12-23 02:15:33]
rickysuper :
The paid Tweak mentioned that the boost mode was under research
[2018-12-23 08:01:36]
ddzobov :
I returned all options back, so new tweak supports all previous features
[2018-12-23 08:45:05]
rickysuper :
Thanks @ddzobov. I will ask our Apple Developer Programme owner to deploy the Frida to me and send email to purchase the license.
[2018-12-23 08:45:47]
rickysuper :
We together have 4-5 members
[2018-12-23 09:22:32]
mavpac :
Thx @kilrah and @ddzobov appsync is the missing link. Didnt jailbreak since ios9 orso so i didnt remember :-)
[2018-12-23 11:32:31]
cs2000 :
@czokie can you check the wiki please? Its fell over again i think :disappointed:
[2018-12-23 11:33:34]
cs2000 :
Hade made edits to <https://dji.retroroms.info/howto/iosrollback> and <https://dji.retroroms.info/howto/dji_configs> and im in the process of creating <https://dji.retroroms.info/howto/applesideload> to show the app loading process.
[2018-12-23 11:36:36]
cantrepeat :
loading for me
[2018-12-23 11:38:17]
cs2000 :
perhaps its thinking my (lots of) edits are some kind of attack and is temp IP banning me, i think @czokie did mention it has some pretty harsh rules on it
[2018-12-23 11:39:16]
cantrepeat :
lol I just registered there and it then shit the bed
[2018-12-23 11:40:09]
cs2000 :
yep, its an IP Ban, just VPN'd to a UK server (im already in the UK) and it worked fine
[2018-12-23 11:40:18]
cs2000 :
Anyway, all edits are now live :slightly_smiling_face:
[2018-12-24 16:27:56]
rickw001 :
MERRY CHRISTMAS guys
[2018-12-25 10:01:18]
ddzobov :
:champagne:
[2018-12-25 10:11:43]
cantrepeat :
cheers!
[2018-12-25 10:17:51]
d95gas :
Merry Christmas all ........ Hope everyone has a wonderful time
[2018-12-25 10:19:23]
cantrepeat :
5:20 am, waiting on the rest of the family to wake up. Coffee is good though
[2018-12-25 10:21:45]
d95gas :
10:21am here, no grandkids this year, house it tidy and peaceful, just enjoying coffee and toast
[2018-12-25 10:23:34]
cantrepeat :
UK?
[2018-12-25 10:24:59]
d95gas :
Yep UK? and its horrible out there this morning, very foggy up here in the Northeast
[2018-12-25 10:26:15]
cantrepeat :
34 now supposed to warm up to 62f this afternoon so not bad.
[2018-12-25 10:26:46]
d95gas :
Ooohh nice .... where are you
[2018-12-25 10:28:10]
cantrepeat :
US Alabama
[2018-12-25 10:31:43]
d95gas :
Nice...... Good flying weather for you today then
[2018-12-25 10:32:13]
cantrepeat :
yeah, we don't get really cold until Feb March time frame
[2018-12-25 10:34:26]
d95gas :
lucky for you ...... We are now in cold spell till around end of April start of May IF we are lucky, our weather system is so unpredictable ...... Couple of years back we had snow in July
[2018-12-25 10:36:40]
cantrepeat :
July and Aug here is 90f with 98% humidity. The air is so thick you can actually cut it with a knife :smile:
[2018-12-25 10:39:44]
d95gas :
that would be very uncomfortable, similar conditions to what my sister had in Hong Kong ,,,,, showering 4 times a day
[2018-12-25 13:02:28]
dronepilot :
Chears from Brazil.
[2018-12-25 13:35:59]
chipmangini :
Merry Christmas to all!
[2018-12-25 13:50:32]
rickysuper :
Merry Christmas from Hong Kong.
[2018-12-26 09:56:45]
mavpac :
Merry Christmas everyone!
[2018-12-27 17:56:10]
mavpac :
I am still struggling signing ipa files with dev acc. A friend has a dev account, however he lives 10 hours by plane away so I cant connect my phone to his Mac.
I am sure there is a solution using my uuid. Can anyone point me in the right direction what software he will need to achieve signing ipa without physical access to my phone?
[2018-12-27 17:57:17]
mavpac :
And without him giving me his appleid and password. App-specific password would be possible if that helps.
Thanks!
[2018-12-28 00:55:39]
rickysuper :
My friend embedd the cert. using Xcode. Deploy the IPA through Dropbox and send me a qr code or the URL. Details you can search from Google.
[2018-12-28 09:19:13]
ddzobov :
1) You need to send to him UDID ([getudid.io](http://getudid.io))
2) He must add it to his developer account
3) He need to export .mobileprovision file with your udid
4) With iOS App Sign he need to select ipa, his certificate and mobileprovision file
5) Result will be your ready to install ipa
[2018-12-28 19:43:43]
mavpac :
Thanks alot guys! This should be doable :grin:
[2019-01-03 20:38:26]
avunduk :
Hi friends, do you know what is the model of RF meter used in this photo?
[2019-01-03 20:38:57]
avunduk :
We wanted to test with different drones
[2019-01-03 22:38:42]
pawelsky :
Hard to guess with photo deleted :slightly_smiling_face:
[2019-01-03 23:14:12]
chipmangini :
This one....
[2019-01-05 10:25:35]
bin4ry :
anyone got the decrypted 4.3.9 ipa for me?
[2019-01-05 14:27:28]
cantrepeat :
All I have is bacon and a screwdriver.
[2019-01-05 15:00:50]
ddzobov :
<https://t.me/dji_tweak>
[2019-01-05 15:39:39]
bin4ry :
@ddzobov what is that? i really don't want to join some telegram channel. Just want to get my hands around the new app version decrypted to create my own patched version, i only don't have a jailbreaked iOS device
[2019-01-05 15:42:09]
ddzobov :
No join - no ipa ;)
[2019-01-05 15:43:07]
bin4ry :
very nice of you
[2019-01-05 15:44:13]
ddzobov :
You’re welcome
[2019-01-05 15:45:49]
bin4ry :
so, anyone else <!here> able to help out with a decrpyted ipa ?
[2019-01-05 15:46:01]
bin4ry :
maybe someone who is not promoting own stuff
[2019-01-05 16:03:20]
bin4ry :
got it thx
[2019-01-05 16:28:10]
rickw001 :
not very good using this channel for commerial purposes
[2019-01-05 16:28:49]
cantrepeat :
indeed
[2019-01-05 16:29:27]
rickw001 :
it was nice when he was helping people,not nice anymore
[2019-01-05 16:29:51]
ddzobov :
You can download my ipa and inject your own tweak
[2019-01-05 16:30:17]
ddzobov :
I think there is no problem
[2019-01-05 16:30:38]
rickw001 :
you can advertise on youtube also
[2019-01-05 17:12:49]
cantrepeat :
hold on @rickw001 it's his work and he can do what ever he wants with it to include charging for it. There is nothing wrong with that.
[2019-01-05 17:19:15]
rickw001 :
I agree
[2019-01-05 17:28:44]
rickw001 :
he was wanting to charge for ipa
[2019-01-05 18:13:48]
avunduk :
This one
[2019-01-05 18:13:58]
avunduk :
[2019-01-05 20:41:13]
ddzobov :
I just sent link where he can download frida-patched ipa
[2019-01-05 20:41:28]
ddzobov :
Yes, tweak injected in it
[2019-01-05 20:42:05]
ddzobov :
But anyone can overwrite it and use how he wants
[2019-01-05 23:42:14]
jezzab :
@kilrah has always decrypted the stock IPAs and posted them here @bin4ry
[2019-01-06 05:51:38]
rickysuper :
Many people use his frida and tweak to make money, charge was a only step to stop it, although I have to pay for it as I cannot find free frida IPA anymore in this channel.
[2019-01-06 06:47:21]
bin4ry :
@rickysuper i was asking for an decrypted ipa (NOT the modded one)
[2019-01-06 07:23:16]
rickysuper :
Sorry I mean the modded one also I haven't seen decrypted one for a while
[2019-01-06 07:44:29]
kilrah :
@bin4ry <https://dji-rev.slack.com/archives/C6KG1UDRS/p1544528984095800>
[2019-01-06 10:06:22]
kilrah :
lol, they have a custom version
[2019-01-06 10:06:50]
ddzobov :
This version was easier to buy for me :confused:
[2019-01-06 11:07:50]
bin4ry :
@rickysuper iirc the tweaks was developed here OS in the beginning? Atleast the tweaks i have saved from the time this channel (or its first version) was still private. The "patches" are no real deal to create, very easy to change some variables with frida. of course everyone is free to charge for such things and the signing. so sure @ddzobov is free to charge for his mod and he is welcome to do so, i JUST asked for the fucking decrypted IPA, everything i do here i do for free and i personally hate to to get comments back like "no join - no ipa". why should i joind some untrusted telegram channel when we have a community here already? i think we will start to give out patched IPAs here too, and most likely publish signed versions through the NLD structure.
[2019-01-06 11:11:05]
ddzobov :
You can use fucking search
[2019-01-06 11:12:26]
bin4ry :
i should have done that, true. a slight remark that the file has been posted recently would have been enough mate
[2019-01-06 11:12:48]
bin4ry :
but instead you choose to promote your stuff
[2019-01-06 11:14:13]
ddzobov :
Yes, i promoting my own stuff
[2019-01-06 11:14:23]
ddzobov :
For other things you can use search
[2019-01-06 11:14:34]
ddzobov :
I can help to people
[2019-01-06 11:15:03]
ddzobov :
But not to rude and stupid one
[2019-01-06 11:15:36]
bin4ry :
are you saying i am rude and stupid ?
[2019-01-06 11:16:02]
ddzobov :
:confused:
[2019-01-06 11:17:32]
bin4ry :
the only rude person here is you, you could have pointed me that there was a file recently posted. i stopped using the search function as it does not go back very long due to space limitation issues since we are runnign the free slack.
[2019-01-06 11:18:01]
bin4ry :
instead you promoted your telegram channel for you paid patched version
[2019-01-06 11:18:12]
bin4ry :
and said "no join - no ipa"
[2019-01-06 11:18:21]
bin4ry :
no tell me again i am rude, (and stupid)
[2019-01-06 11:18:26]
rickysuper :
sorry guys...
[2019-01-06 11:18:34]
ddzobov :
You came recently and started to make noise in channel
[2019-01-06 11:18:39]
ddzobov :
Please stop doing it
[2019-01-06 11:18:41]
bin4ry :
i came recently ?
[2019-01-06 11:18:49]
bin4ry :
oh wow
[2019-01-06 11:19:02]
bin4ry :
:smile:
[2019-01-06 11:20:00]
bin4ry :
you have no idea that i am one of the first people in this slack right? and only because i did a mistake (not using search) which i admitted i should go? maybe you should go and promoted your paid stuff somewhere else
[2019-01-06 11:20:16]
ddzobov :
May be you can shut up
[2019-01-06 11:20:31]
ddzobov :
And stop making noise
[2019-01-06 11:20:54]
ddzobov :
What you made for this channel?
[2019-01-06 11:26:24]
bin4ry :
did it came to your mind that i asked for the IPA to start contributing? or is that out of scope for you?
[2019-01-06 11:28:02]
bin4ry :
and i think i made enough for this community to be not scrutinized by some guy selling stuff here
[2019-01-06 11:30:31]
diy :
I think he may be afraid because you will contribute for free.
[2019-01-06 11:31:30]
ddzobov :
No, my github is open for PRs
[2019-01-06 11:31:42]
ddzobov :
But no one contributed yet
[2019-01-06 11:32:22]
ddzobov :
But many guys selling my work
[2019-01-06 11:32:35]
bin4ry :
dude let's start over
[2019-01-06 11:32:58]
ddzobov :
I sent link to you because i dont want to upload it here for you
[2019-01-06 11:33:29]
ddzobov :
You can use search or download from place that comfortable to use for me
[2019-01-06 11:33:34]
ddzobov :
It is telegram channel
[2019-01-06 11:33:39]
bin4ry :
i asked this group
[2019-01-06 11:33:43]
bin4ry :
not some telegram channel
[2019-01-06 11:33:46]
bin4ry :
we have a communtiy here
[2019-01-06 11:33:53]
bin4ry :
that i funded with and i am proud of
[2019-01-06 11:34:00]
bin4ry :
why should i join some telegram channel ?
[2019-01-06 11:34:25]
bin4ry :
i COULD have used the search true, only mistake i made
[2019-01-06 11:35:38]
bin4ry :
already said that, if you are more comfortable in the telegram group then fine for you, your answer "no join - no ipa" seems to focus only to get ppl join your group and that is not what we do here
[2019-01-06 11:35:49]
bin4ry :
we help each other here
[2019-01-06 11:36:01]
bin4ry :
and if ppl upsell your shit then you could have easily asked for help of the community
[2019-01-06 11:36:14]
bin4ry :
and you would have received help
[2019-01-06 11:36:25]
bin4ry :
it was done before and it can be done again
[2019-01-06 11:36:36]
czokie :
OK.
[2019-01-06 11:36:42]
czokie :
Lets go to neutral corners :slightly_smiling_face:
[2019-01-06 11:37:13]
czokie :
@bin4ry - Meet @ddzobov - @ddzobov - meet @bin4ry
[2019-01-06 11:37:14]
czokie :
:slightly_smiling_face:
[2019-01-06 11:38:05]
bin4ry :
feel free to leave here if you are not comfortable here
[2019-01-06 11:38:08]
kilrah :
@ddzobov @bin4ry is one of the first people in the community and developed most of the Android app modding stuff among many other things.
[2019-01-06 11:39:07]
kurdi80 :
@ddzobov True, your words are true. Many people have sold their work and tired people
[2019-01-06 11:39:57]
webmaster :
I'm not here to take sides, but I do not see the need of gathering a second community in a telegram channel...
[2019-01-06 11:41:05]
ddzobov :
Telegram is only single-way info channel
[2019-01-06 11:41:52]
ddzobov :
I have no different community in telegram - for me main one here.
[2019-01-06 11:42:53]
rickysuper :
Yes many people selling his works for 40US per installation !
[2019-01-06 11:43:09]
aciid :
where is this , i crave to know
[2019-01-06 11:43:59]
kurdi80 :
@ddzobov I know there are a bunch of people I do not want to mention their names to not like sophisticated people who do not like themselves when they see a developer who dislikes them and they drive them out or say bad words to him
[2019-01-06 11:44:27]
czokie :
So. Back to the point. @bin4ry was after a decrypted IPA. Nothing more. Should I say !wiki ? :slightly_smiling_face:
[2019-01-06 11:45:06]
ddzobov :
Guys, i want to stop this bad conversation
[2019-01-06 11:45:19]
ddzobov :
Please add decrypted ipa’s in wiki
[2019-01-06 11:45:29]
czokie :
Its there.
[2019-01-06 11:45:31]
czokie :
<https://dji.retroroms.info/howto/firmware>
[2019-01-06 11:45:56]
czokie :
Torrent links are at the bottom of the page - auto updates daily.
[2019-01-06 11:46:24]
ddzobov :
If someone wants to contribute - <https://github.com/ddzobov/dji-ios-frida-tweak>
[2019-01-06 11:49:24]
bin4ry :
i already said i could have take a closer look :wink: admitted my mistake there :smile: the whole frida stuff was already there as this was still a private channel and we played with it. i did the android stuff and IIRC @jezzab and some others (sorry i cannot remember, but i have some patched of @jezzab on my hdd) tried iOS patches. fcc, US, skip dialogs etc. etc. was around the time dji put secneo into the apk and we needed a way around it, then it was opened public and some people worked on it. i really do not care who had done what, but i care how someone reacts to a fucking question i ask him. also in the latter how the person responds to me being pissed about that said reaction. and that he failed.
[2019-01-06 11:52:21]
aciid :
if someone wants to steal stuff from the community that is their loss, they will never bother supporting their endusers like we do here.
[2019-01-06 11:52:46]
aciid :
thats what we are all about, I remember in the summer when we had a active frida learning vibe here. lets bring that back the next holiday = )
[2019-01-06 11:53:33]
bin4ry :
for me this is done now, like i said will start from scratch on my own (and the wiki :smile: )
[2019-01-06 11:55:23]
cantrepeat :
holy fuck, did he ask what @bin4ry has done "What you made for this channel?"
[2019-01-06 11:55:52]
cantrepeat :
gezz the hell I'm new here but it ain't to hard to see who has done what
[2019-01-06 11:57:18]
cantrepeat :
---------> <https://github.com/Bin4ry/deejayeye-modder> it's even got his name in it.
[2019-01-06 11:57:36]
cantrepeat :
and it's still free
[2019-01-06 12:03:34]
cantrepeat :
what? that's pretty immature.
[2019-01-06 12:04:18]
bin4ry :
you really did not read anything and even worse you still don't understand why i am pissed at you. stay leave i don't care, do as you feel like you need to do. as you said you feel like part of this community, so act like it and man up and don't act like a baby. anyway sorry for posting agian after saying i am done
[2019-01-06 12:07:28]
czokie :
OK. A little late, but updating the wiki page firmware auto update script - the IPA links will be accurate for at least the current version. Older ones might be broken - but its a start.
[2019-01-06 12:08:54]
kilrah :
dang once again i spent a couple of mins wondering why itunes updated my dji go app but version was still the same... go, not go4 :man-facepalming:
[2019-01-06 12:09:16]
bin4ry :
:smile:
[2019-01-06 14:31:32]
zobov_danila :
You can always contact to me [ddzobov@gmail.com](mailto:ddzobov@gmail.com)
Someone banned me here, so it is last my message here
[2019-01-06 14:31:34]
zobov_danila :
Good luck
[2019-01-06 14:33:44]
cantrepeat :
You said you were leaving after you talked smack to the guy that pays the bills and now you are evading a ban.
[2019-01-06 15:56:43]
rickysuper :
unhappy day
[2019-01-06 16:01:04]
rickysuper :
GitHub Tweak page was taken down
[2019-01-06 16:03:43]
kilrah :
all of that because while @zobov_danila was quick to jump on people who "reappropriated" his contributions, he's doing exactly the same to those who actually contributed what he's built upon.
[2019-01-06 16:04:28]
kilrah :
he wasn't posting anything new there anyway now that he moved "commercial".
[2019-01-06 16:09:37]
rickw001 :
I got jumped first for condemming him
[2019-01-06 16:09:58]
cantrepeat :
jumped? lol
[2019-01-06 16:10:56]
rickw001 :
yeah,when I said it wasn't right when he tried charging for ipa here
[2019-01-06 16:13:24]
cantrepeat :
charging for the ipa isn't an issue
[2019-01-06 16:14:42]
rickw001 :
it is when he wanted to charge just for decrypted ipa
[2019-01-06 16:15:43]
cantrepeat :
if he does the work he can charge anything he wants
[2019-01-06 16:16:22]
cantrepeat :
I'm not saying I agree with his behavior at all.
[2019-01-06 16:17:08]
rickw001 :
when he started charging,that's when I ordered a new M5
[2019-01-06 16:18:06]
cantrepeat :
ok, well regardless he's taken his ball home.
[2019-01-06 16:21:01]
rickw001 :
don't get me wrong,I love all you guys,for guys like me that don't know shit about computers,you guys give free help,I try to donate when I can,and I can't thank you all enough
[2019-01-06 16:23:52]
rickw001 :
thought he was banned?now he is pming me!
[2019-01-06 16:25:50]
zobov_danila :
You are lying
[2019-01-06 16:26:04]
zobov_danila :
I wanted to know where i wanted to charge for ipa
[2019-01-06 16:27:42]
cantrepeat :
I though you were leaving?
[2019-01-06 16:28:58]
zobov_danila :
No, i said that i can leave if community want it
[2019-01-06 16:29:28]
zobov_danila :
I made paid tweak, NLD currently no have working mod for M2
[2019-01-06 16:29:35]
zobov_danila :
Money, money)₽
[2019-01-06 16:30:04]
zobov_danila :
Android is impossible for them, so they wanted to do something with ios
[2019-01-06 16:30:11]
cantrepeat :
No you said you were leaving because we had better guys here and then you deleted it.
[2019-01-06 16:35:03]
zobov_danila :
I’m not going to idolize someone for his older solutions like you
[2019-01-06 16:35:34]
rickw001 :
Oh shit
[2019-01-06 16:45:35]
hostile :
@zobov_danila where has your github donations page gone?
[2019-01-06 16:46:05]
hostile :
can you put this back up for me to donate? <https://github.com/ddzobov/dji-ios-frida-tweak>
[2019-01-06 16:46:14]
zobov_danila :
Github repo removed completely
[2019-01-06 16:46:49]
hostile :
ya think?
[2019-01-06 16:46:52]
hostile :
how can I donate now?
[2019-01-06 16:47:06]
hostile :
we both know you didn't remove it completely, you only marked it hidden
[2019-01-06 16:47:16]
hostile :
how much donation you need bruh?
[2019-01-06 16:47:42]
hostile :
@zobov_danila your work to this community is very valuable I'd hate to see you go
[2019-01-06 16:48:29]
zobov_danila :
I havent paid github account so it really removed
[2019-01-06 16:48:38]
zobov_danila :
I have backup on my mac
[2019-01-06 16:48:50]
zobov_danila :
Will send it to you later
[2019-01-06 16:48:54]
hostile :
ahh I just need your ethereum address so I can show my appreciation
[2019-01-06 16:49:25]
hostile :
need a third?
[2019-01-06 16:49:30]
zobov_danila :
:joy:
[2019-01-06 16:49:49]
zobov_danila :
Write to [ddzobov@gmail.com](mailto:ddzobov@gmail.com), will send backup to you
[2019-01-06 16:49:56]
hostile :
hows the Telegram channel going?
[2019-01-06 16:49:59]
hostile :
you guys finding new hacks?
[2019-01-06 16:50:04]
hostile :
doing anything leading edge?
[2019-01-06 16:50:20]
hostile :
our just like repackaging the sweat off my hommies balls ? and adding a bit of obfuscation?
[2019-01-06 16:50:58]
hostile :
what IS the big "djisecret" ? That your folks thrive off techniques this place pioneered? <tg://resolve?domain=djisecret>
[2019-01-06 16:51:23]
hostile :
186 members with 24 online is a pretty amazing presence you folks have.
[2019-01-06 16:51:37]
hostile :
any new releases from you guys on the horizon @zobov_danila?
[2019-01-06 16:52:31]
hostile :
maybe we could help with those ethereum / bitcoin donations? you seem to be a bit slim on em... having a hard time showing folks your value?
[2019-01-06 16:53:09]
hostile :
let me know how I can help @zobov_danila. Maybe you should donate to the NLD bounty program, and we will allow you to reskin some of our work when it comes out, and we'll just pretend it is your work?
[2019-01-06 16:54:55]
hostile :
@zobov_danila let me know how your third account works out...
[2019-01-06 16:55:54]
cantrepeat :
Now I feel as if I should delete my github
[2019-01-06 16:58:27]
hostile :
do you boo!
[2019-01-06 16:58:43]
hostile :
you one of DZ's boys in here jocking our nuts?
[2019-01-06 16:58:49]
hostile :
if so delete away playboy!
[2019-01-06 16:59:03]
hostile :
if not... nothing to worry about =] It's all gravy baby !
[2019-01-06 17:00:22]
cantrepeat :
a sign of solidarity lol
[2019-01-06 17:01:21]
cantrepeat :
someone should just delete github if it makes him feel better
[2019-01-06 17:01:26]
hostile :
its cool, I deleted mine the other day
[2019-01-06 17:01:39]
hostile :
all those DJI firmware files were getting expensive to host month after month
[2019-01-06 17:01:40]
hostile :
lol
[2019-01-06 17:01:56]
hostile :
I was surprised no one complained louder
[2019-01-06 17:02:02]
hostile :
only ONE complaint about the Tello repo
[2019-01-06 17:02:45]
cantrepeat :
apple lost like 75 billion so I smashed all my iDevices
[2019-01-06 17:11:16]
mefisto :
I did wanted to check something there; i did noticed it's gone. but instead of complaining, I used google cache.
[2019-01-06 17:51:10]
chipmangini :
From his Telegram Channel.... "Get 10% discount with promocode “NLD Sucks” ;)"
[2019-01-06 17:56:54]
rickw001 :
WTF
[2019-01-06 18:20:59]
cantrepeat :
wow, talk about toxic
[2019-01-06 18:32:59]
webmaster :
<https://webcache.googleusercontent.com/search?q=cache:https://github.com/ddzobov/dji-ios-frida-tweak>
[2019-01-06 21:41:39]
cantrepeat :
all your githubs are belong to us
[2019-01-07 05:34:08]
rickysuper :
May be @DZ post his work here again for free ? but how to prevent a large amount of business guys selling your work ?
[2019-01-07 09:12:12]
cs2000 :
@hostile thanks for getting the ban hammer out, hopefully that clown wont return. What he was doing originally was great, he was taking the work done bya few key members in this channel using Frida and updating it a little, no issues with that. But when someone tries selling OUR work for some ridiculous figure like $50/time, that shit doesn't fly. To add on top of that, being a top class asshat to respected members like @bin4ry then it was only a matter of time.
FWIW, NLD is working **stupidly** hard on M2/air progress, and has tens of thousands of $ "in the game", work is also being made on iOS, but were obviously severely limited by the apple walled garden, but we will do what we can. I dont need to say this, anyone worth their salt knows NLD, knows the determination the whole team has and also knows its the only "OG Approved" source of paid hacks. Everything NLD does is available for free elsewhere, but the authors of the hacks have agreed (and are often compensated) to allow NLD to use their tools/methods in the app to make it easier for the average joe, plus thounsands of $ in revenue is pumped back to contribute to hardware/software needed to make new hacks for these drones. People that abuse what we as a community dish out really piss me off </rantmode>
[2019-01-07 11:55:50]
czokie :
Without trying to get "petty" about this... I didn't complain to Danny about the fact that the his stuff was based on the research and foundations inside "PrettyWoman" that were already published in the wiki. I didn't ask for any credits or whatever. He added a couple of nerd knobs and UI tweaks that make it sexy, but ultimately, it was the same foundation underneath. I was trying to "bridge the gap" to pull him back from the cliff, but walking over the edge was just too attractive for him. Sigh.
[2019-01-07 12:16:57]
cantrepeat :
What's worse yet, is he went nuclear over the fact that NLD might put out an iOS app. I didn't get this until @chipmangini posted what his discount code was. It became very clear what his issues were. He basically lost his shit over work derived by others research and development.
[2019-01-07 12:18:34]
cantrepeat :
When he acted as if @bin4ry was a nobody and that deejayeye modder was an old solution it got bad.
[2019-01-07 13:57:05]
nabelo :
So there IS a chance that an iOS app will be released by NLD?
[2019-01-07 13:57:12]
nabelo :
That sounds awesome
[2019-01-07 13:58:29]
cantrepeat :
I never said.
[2019-01-07 13:59:04]
cantrepeat :
Some guy lost his mind over thinking it.
[2019-01-07 13:59:11]
nabelo :
"he went nuclear over the fact that NLD might put out an iOS app."
[2019-01-07 13:59:16]
nabelo :
so there is a chance?
[2019-01-07 13:59:21]
cantrepeat :
Gezz
[2019-01-07 14:00:20]
cantrepeat :
Some guy lost his mind thinking it, not I nor anyone else said it was going to or might happen.
[2019-01-07 14:04:27]
nabelo :
ahhh..okay
[2019-01-07 14:04:33]
nabelo :
sorry for my misunderstanding :smile:
[2019-01-07 14:05:27]
rickw001 :
NLD has said they would love to have an OG to work on ios
[2019-01-07 15:37:18]
hostile :
@cs2000 **salute**
[2019-01-07 15:38:20]
hostile :
When folks say something "might happen" I always remind them that monkeys might fly out of my butt too... <https://www.youtube.com/watch?v=QOKociU8t_Q>
[2019-01-07 16:40:41]
cs2000 :
There will pretty certain be an iOS app of some sorts coming. It’s being worked on right now. No timeline and no promises, but just some info.
[2019-01-07 16:46:48]
cantrepeat :
great, now I have to delete my github again!!!
[2019-01-07 17:05:17]
hostile :
lol
[2019-01-07 17:13:22]
bin4ry :
for the fact that he pissed me we will release an app for sure
[2019-01-07 17:13:26]
bin4ry :
promise from me
[2019-01-07 17:13:34]
bin4ry :
if nld doesn’t i will on my own
[2019-01-07 17:14:00]
cs2000 :
via telegram of course
[2019-01-07 17:30:09]
quad808 :
bwahahahahahaha!
[2019-01-07 17:31:58]
quad808 :
bitches need stiches...bu bye iOS dude. Mess with the bull. (papa @hostile) you get the horns and whatever else you deserve. I am floored by the disrespect dished out to @bin4ry!! What an asshat.
[2019-01-07 18:01:59]
cantrepeat :
acted as if he had the monopoly on iOS go app
[2019-01-08 03:29:17]
rickysuper :
Then waiting for the IOS app for my M2 FCC and boost
[2019-01-08 06:05:11]
czokie :
raw app files are now available online via wiki - <https://dji.retroroms.info/howto/firmware>
[2019-01-08 06:05:27]
czokie :
I had been meaning to clean up that script - its done now.
[2019-01-08 06:18:46]
jezzab :
Sheez I dont stop in for a while and every body be kung fu fighting in here
[2019-01-08 06:18:56]
czokie :
Tell me bout it
[2019-01-08 08:59:24]
jan2642 :
@jezzab You know, those kids are fast as lightning.
[2019-01-08 09:00:47]
jezzab :
In fact @jan2642, they were a little bit frightening
[2019-01-08 09:01:19]
jan2642 :
Yeah, luckily they had expert timing.
[2019-01-08 09:01:23]
jezzab :
lmao
[2019-01-08 09:01:44]
jezzab :
Dana na na nu nu naaaa
[2019-01-08 11:20:17]
cantrepeat :
They were chopping them up pretty badly.
[2019-01-08 13:28:12]
saleem941 :
<https://www.youtube.com/watch?v=x4Y2zVscTq4>
[2019-01-08 13:30:32]
saleem941 :
any planes to hack this new mavic controller which has build in screen ?
[2019-01-08 13:31:37]
kilrah :
it's android, wrong channel
[2019-01-08 13:31:49]
kilrah :
likely very similar to crystalsky.
[2019-01-08 13:33:17]
cantrepeat :
yeah like the smaller CS built into a controller
[2019-01-08 13:35:40]
kilrah :
blah, 649€
[2019-01-08 13:35:46]
kilrah :
they just put the page up
[2019-01-08 13:35:47]
kilrah :
<https://store.dji.com/product/dji-smart-controller?site=brandsite&from=buy_now_bar>
[2019-01-08 13:36:03]
kilrah :
better get a CS on the remote...
[2019-01-08 13:36:09]
kilrah :
can at least use it for other stuff then
[2019-01-08 22:13:50]
chipmangini :
Way too expensive, especially with only a 5.5" display...
[2019-01-08 22:19:19]
wouter :
i wonder what CPU/GPU package is used on this controller, the CS is pretty underpowered
[2019-01-09 00:07:01]
cantrepeat :
Raspberry Pi 3b+
[2019-01-10 00:26:36]
dji-rev-slack :
Cost to produce one: $10. :smile:
[2019-01-10 01:01:47]
czokie :
OK. Together with @kilrah and help from @cs2000 - the firmware page on the wiki is now up to date for all IPA files. See <https://dji.retroroms.info/howto/firmware#dji_go_4> ... It also includes appextvrsid id's for all GO 4 versions... Its updated hourly should there be anything new and shiny :slightly_smiling_face:
[2019-01-10 01:02:34]
cat.db :
dji go 4 upgrade to 4.3.10, does somebody can share the tweaked go4?
[2019-01-10 01:03:45]
czokie :
So - the process requires 1. Get the file, 2. Someone to decrypt, 3. Upload to wiki, 4. Patch. 5 Provide patched ipa
[2019-01-10 01:04:26]
czokie :
The wiki contains decrypted but unpatched files...
[2019-01-10 01:04:31]
czokie :
In other words, give it some time
[2019-01-10 06:38:27]
soddy :
The patched 4.3.9 ipa (with tweak 0.31) from wiki works. Only some of the settings for C1/C2 are not functioning!
[2019-01-10 06:41:37]
rickysuper :
Already Patched ?
[2019-01-10 06:42:49]
rickysuper :
Yes I got it. Thanks
[2019-01-10 06:43:54]
rickysuper :
Tweak 0.31 was embedded inside ?
[2019-01-10 06:45:47]
czokie :
Its better to include your own tweak.js always
[2019-01-10 06:45:56]
bin4ry :
at the weekend i will start porting the OG patches and publish them regularly for new versions
[2019-01-10 06:46:07]
czokie :
That way, you can trust it
[2019-01-10 06:46:39]
czokie :
IPA should always (in my opinion) be distributed without a tweak.js - Tweak file should be loaded by the user.
[2019-01-10 06:46:55]
bin4ry :
same as the apk modder
[2019-01-10 06:50:17]
rickysuper :
Tweak 0.23 works ? 0.31 may be from DZ
[2019-01-10 06:50:41]
rickysuper :
I use 0.23 with 4.3.5 frida without issue
[2019-01-10 06:51:31]
czokie :
I have not seen 0.31 personally....
[2019-01-10 06:53:36]
rickysuper :
Then I try 0.23 first. Thanks @czokie
[2019-01-10 06:53:56]
czokie :
Have you diff'd it to see what the changes are?
[2019-01-10 06:54:30]
rickysuper :
Will do tonight after I extract the tweak from 4.3.9 frida
[2019-01-10 06:55:39]
czokie :
@rickysuper - you said you got that IPA from the wiki? Where? I'll diff it to see whats new
[2019-01-10 06:57:18]
rickysuper :
Yes
[2019-01-10 06:57:28]
czokie :
Link?
[2019-01-10 06:57:50]
rickysuper :
<http://dji.retroroms.info/howto/apple_ios_patched_dji_go4>
[2019-01-10 06:58:01]
rickysuper :
buttom
[2019-01-10 06:58:03]
rickysuper :
IOS GO 4 Patched Application: <http://polybotes.feralhosting.com/dji/Go4_Frida/>
[2019-01-10 06:58:23]
rickysuper :
I don't know who's upload to here
[2019-01-10 06:58:31]
rickysuper :
something strange
[2019-01-10 06:59:06]
rickysuper :
@soddy said and I found it here
[2019-01-10 06:59:32]
czokie :
It may be OK - let me diff the js file
[2019-01-10 06:59:44]
rickysuper :
thanks
[2019-01-10 07:00:11]
czokie :
It may be OK, I have been out of the scene for a while :slightly_smiling_face:
[2019-01-10 07:01:12]
rickysuper :
But... people again will make money using the new patch ipa
[2019-01-10 07:01:15]
rickysuper :
many !
[2019-01-10 07:02:18]
czokie :
One thing I will say - Anything that happens via NLD - that $$$ gets routed back into more reverse engineering - sending boards to people who do the serious work. If people instead want to pay the russian, go right ahead.
[2019-01-10 07:02:35]
soddy :
Other tweaks not work on patched 4.3.9, only embedded (0.31) works with some problems on C1/C2!
[2019-01-10 07:03:18]
czokie :
Unzipping...
[2019-01-10 07:03:25]
rickysuper :
I don't mean NLD. I mean others from Facebook, shop and etc.
[2019-01-10 07:03:50]
czokie :
I dont see a js file in that ipa.
[2019-01-10 07:04:39]
czokie :
Ah. Loader.js
[2019-01-10 07:04:42]
czokie :
He changed the name
[2019-01-10 07:05:17]
soddy :
I found some evening selling translated previous patched ipa in China!
[2019-01-10 07:05:21]
czokie :
And majorly obsfucated.
[2019-01-10 07:05:43]
rickysuper :
They just earn money but no give back
[2019-01-10 07:05:44]
czokie :
I would not under ANY circumstances use that .js file
[2019-01-10 07:07:42]
czokie :
This is what was in that file...
[2019-01-10 07:08:10]
czokie :
How long has he been doing this shit?
[2019-01-10 07:08:22]
czokie :
ie non plaintext js?
[2019-01-10 07:08:54]
rickysuper :
wow.....
[2019-01-10 07:09:47]
czokie :
so - that filename is loader.js instead of Tweak.js that was used previously.
[2019-01-10 07:10:07]
czokie :
I have not dug further - if you upload .23 and name it loader.js - that might work - but no promises
[2019-01-10 07:11:45]
czokie :
I am downloading 4.3.8 to see whats in there.
[2019-01-10 07:12:04]
rickysuper :
I will try tonight. Thanks
[2019-01-10 07:14:28]
czokie :
4.3.8 - Also obsfuscated crap
[2019-01-10 07:19:42]
soddy :
I think he use diff js name from 4.3.8 onward when he starts charging $$
[2019-01-10 07:20:01]
czokie :
Possibly.
[2019-01-10 07:20:41]
czokie :
His actions of pissing off the OG's will have the reverse effect on his income when there is a simple alternative available.
[2019-01-10 07:21:05]
nabelo :
i also think it only runs for seven days as trial. after that you have to pay
[2019-01-10 07:21:36]
czokie :
Thats just code signing @nabelo
[2019-01-10 07:21:41]
czokie :
different topic.
[2019-01-10 07:22:04]
nabelo :
the loader.js will some sort of verify you UUID or phone if you are activated
[2019-01-10 07:22:19]
nabelo :
nono im talking about DZ tweak
[2019-01-10 07:22:31]
czokie :
Really.
[2019-01-10 07:22:33]
czokie :
Sigh
[2019-01-10 07:22:35]
nabelo :
it will do autoupdate stuff and all sort of odd things
[2019-01-10 07:23:01]
czokie :
Time to de obfuscate that loader
[2019-01-10 07:23:10]
rickysuper :
It safe if i replace back the Tweak 0.23 ?
[2019-01-10 07:23:35]
nabelo :
Key Features:
1) Changing mode from CE to FCC - increases RC and Video transmission power
2) Unlocking 5.8G frequensy for safe flight in cities and connect slave RC (if your drone supports it)
…) Other things like boost, 32ch now is under research
Tweak has self-updating feature, so if we release new things you don’t do anything with your device - just launch application and enjoy :wink:
Pricing:
50 € per iOS device per year
For purchase please email to [tweakbox.access@gmail.com](mailto:tweakbox.access@gmail.com)
Updates of DJI GO 4 will be published here.
[2019-01-10 07:23:45]
czokie :
Should be OK Ricky - but let me see if I can provide that IPA with that loader removed.
[2019-01-10 07:24:03]
czokie :
Its in .5 as well
[2019-01-10 07:24:05]
rickysuper :
Thanks
[2019-01-10 07:24:19]
nabelo :
Tweak activation:
After installation application will ask you for activation.
Please send this code to [tweakbox.access@gmail.com](mailto:tweakbox.access@gmail.com).
What about trial before payment?
You can try our solution - we can offer to you 7-days free trial after installation :slightly_smiling_face:
[2019-01-10 07:24:53]
nabelo :
thats from his telegramm channel where you can get those odd ipa's
[2019-01-10 07:25:05]
nabelo :
after 7 days youll have to pay....
[2019-01-10 07:25:08]
rickysuper :
haha
[2019-01-10 07:25:11]
nabelo :
what a dickhead
[2019-01-10 07:25:21]
rickysuper :
Luckly that I haven't pay yet
[2019-01-10 07:27:07]
czokie :
OK. I just had a first pass at deobsfuscating that code - Yep - I would steer clear of it
[2019-01-10 07:27:18]
nabelo :
so his loader must connect to some sort of server and do autoupdate and verify stuff
[2019-01-10 07:30:01]
nabelo :
@czokie I am very interested what kind of odd stuff he does with this loader
[2019-01-10 07:31:20]
czokie :
Before looking at that in any more detail - I want to find out when it changed... to get a series of diff's to look at how it evolved.
[2019-01-10 07:33:54]
nabelo :
the first .ipa DZ published with this strange loader was 4.3.5-frida,ipa
[2019-01-10 07:34:42]
czokie :
Nope - Even back as far as 4.4.2 was obsfuscated - Perhaps not nasty - but still obsfuscating his shit.
[2019-01-10 07:35:19]
nabelo :
you download them from: <http://polybotes.feralhosting.com/dji/Go4_Frida/> ?
[2019-01-10 07:35:26]
czokie :
Yep
[2019-01-10 07:35:53]
nabelo :
okay
[2019-01-10 07:36:38]
czokie :
OK. Its official. If you upload .23 with filename "loader.js" where you previously used Tweak.js - it should work.
[2019-01-10 07:37:44]
nabelo :
do you have to remove the embeded file first?
[2019-01-10 07:38:24]
czokie :
Removing the file is desirable - but not essential - as long as you give the new file the correct filename. Frida will see the new file and ignore the embedded file.
[2019-01-10 07:38:55]
czokie :
A long time ago, that was a feature request of mine that was added into frida - to make it easier to do this type of update without rebuilding.
[2019-01-10 07:40:32]
nabelo :
and i can simply put this file to the phone via itunes, correct?
[2019-01-10 07:40:41]
czokie :
yep
[2019-01-10 07:40:44]
nabelo :
okay
[2019-01-10 07:40:46]
czokie :
Just make sure it is all lower case
[2019-01-10 07:40:53]
nabelo :
loader.js
[2019-01-10 07:41:13]
nabelo :
not tweak.js anymore, correct?
[2019-01-10 07:41:24]
czokie :
Well - you can do it two ways.
[2019-01-10 07:41:32]
czokie :
If you also replace the frida config - that will be better.
[2019-01-10 07:41:51]
czokie :
Put it this way - if you guys are not in a hurry, we'll get the existing file updated in a day or two
[2019-01-10 07:42:12]
hostile :
btw... the JohnD dude is [tweakbox.access@gmail.com](mailto:tweakbox.access@gmail.com)
[2019-01-10 07:43:07]
nabelo :
@czokie where i can fint this "existing file" ?
[2019-01-10 07:43:14]
hostile :
Hey fucker... just saw you come active
[2019-01-10 07:43:41]
czokie :
There is no hiding from @hostile
[2019-01-10 07:43:45]
hostile :
just went ahead and diced that one off
[2019-01-10 07:43:49]
hostile :
I was gonna let it slide last week
[2019-01-10 07:43:56]
hostile :
you just connected the final dot
[2019-01-10 07:44:24]
czokie :
Back in a bit guys - Joining some more dots
[2019-01-10 07:44:29]
hostile :
bed time for me
[2019-01-10 07:44:31]
hostile :
nice seeing you mate
[2019-01-10 07:44:40]
czokie :
:slightly_smiling_face:
[2019-01-10 07:44:50]
hostile :
tried sayign that via dm a few days ago
[2019-01-10 07:44:58]
czokie :
Crazy thing - if he didnt do that crap - he could have partnered with NLD - and shared in the benefits.
[2019-01-10 07:46:22]
nabelo :
any source where i can download the latest frida.config an tweak.js?
[2019-01-10 07:46:43]
nabelo :
sincd DZ's repo i s down i cant find it anywere
[2019-01-10 07:47:10]
nabelo :
or i will just w8 till you guys are provide some new stuff :smile:
[2019-01-10 07:48:40]
webmaster :
<https://webcache.googleusercontent.com/search?q=cache:https://github.com/ddzobov/dji-ios-frida-tweak>
[2019-01-10 07:49:03]
rickysuper :
<https://www.sendspace.com/file/z0cm4q>
[2019-01-10 07:49:32]
rickysuper :
I copied most stuffs before
[2019-01-10 07:52:28]
nabelo :
thnx @rickysuper
[2019-01-10 07:52:56]
rickysuper :
only little help i can do...
[2019-01-10 07:55:37]
nabelo :
@rickysuper better than nothing mate
[2019-01-10 07:56:56]
aciid :
it's great to see people participating anyway they can
[2019-01-10 07:58:36]
nabelo :
OG/NLD guys, if you wanted to partner with me you can just ask me for it.
But you are chosen wrong way to communicate with me. I just protected my work against chinese sellers.
If you can not write your own solution - good luck with reverse my tweak, i predicted your moves from DJI GO 4 4.3.5.
So... Your turn, OG’s :wink:
P.S. You can always write to me and we can find a pacific communication way.
[2019-01-10 07:58:58]
nabelo :
he just posted this in his telegramm channel
[2019-01-10 07:59:19]
rickysuper :
Many people still selling your stuffs
[2019-01-10 08:00:12]
rickysuper :
from US$20-40 per installations (1year but no free version upgrade)
[2019-01-10 08:00:34]
czokie :
No-one was interested in competing till he shot himself in the foot.
[2019-01-10 08:02:05]
czokie :
He went off the mouth at @bin4ry - not a good move
[2019-01-10 08:02:32]
rickysuper :
Yes !
[2019-01-10 08:03:24]
czokie :
OK. DJI GO 4.3.5 is the first version where he changed name to loader.js
[2019-01-10 08:03:40]
czokie :
That was his petty attempt to stop people loading Tweak.js into his ipa
[2019-01-10 08:03:42]
rickysuper :
I tried to help him but he continue bah bah bah.......... :smile:
[2019-01-10 08:04:36]
czokie :
I see three .js versions in the ipa's...
1. 4.2.22 / 4.3.3 are the same js
2. 4.3.5 / 4.3.8 are the same js
3. 4.3.9 is a different js
[2019-01-10 08:08:54]
kilrah :
4.3.10 ipa is up, will see if @czokie’s script works :stuck_out_tongue:
[2019-01-10 08:09:13]
czokie :
Want me to run it now? :slightly_smiling_face:
[2019-01-10 08:09:29]
soddy :
Is he using developer ac to make 4.3.9?
[2019-01-10 08:09:32]
kilrah :
nah, tests the hourly thing then :stuck_out_tongue:
[2019-01-10 08:09:34]
czokie :
Running...
[2019-01-10 08:09:39]
czokie :
Too late...
[2019-01-10 08:09:41]
czokie :
Downloading IPA
[2019-01-10 08:09:57]
czokie :
The hourly thing is already working 100% :slightly_smiling_face:
[2019-01-10 08:09:59]
kilrah :
ok
[2019-01-10 08:10:11]
czokie :
Still downloading...
[2019-01-10 08:10:27]
czokie :
Only 100m download from that server :disappointed:
[2019-01-10 08:10:48]
czokie :
And we're done
[2019-01-10 08:11:33]
kilrah :
awesome, worked perfect
[2019-01-10 08:11:48]
czokie :
Now - time to look at his damm js
[2019-01-10 08:12:25]
kilrah :
BTW in `DJI Pilot/IPA` i've put the 2 versions so far of that one, with metadata as well
[2019-01-10 08:12:44]
czokie :
I am not scraping that directory - I can add that another day ...
[2019-01-10 08:12:53]
kilrah :
yep
[2019-01-10 08:20:40]
czokie :
_0x299adf = decodeURIComponent(_0x2f44f6);
[2019-01-10 08:20:57]
czokie :
Looks like he is pulling stuff down.... Sigh
[2019-01-10 08:21:05]
czokie :
Gotta go - dinner
[2019-01-10 08:30:59]
nabelo :
sould be his autoupdate stuff
[2019-01-10 08:52:50]
u23806 :
@czokie so...why don't install 4.3.9 frida?
any alternative?
[2019-01-10 08:53:15]
czokie :
Because we cannot at this time certify that it is safe.
[2019-01-10 08:53:20]
u23806 :
btw, i am mavic2 user
[2019-01-10 08:53:24]
u23806 :
...ok
[2019-01-10 08:53:43]
u23806 :
for all frida app?
[2019-01-10 08:54:00]
czokie :
Wait a day or two
[2019-01-10 08:54:07]
czokie :
The IPA's will be updated online.
[2019-01-10 08:54:24]
rickysuper :
Will wait, not hurry and many thanks
[2019-01-10 08:54:50]
u23806 :
how about pervious version?
[2019-01-10 08:54:53]
u23806 :
4.3.8?
[2019-01-10 08:59:22]
czokie :
This is what we know at the moment. Think of this as an "official statement". What we know: DZ who built the js files that are in the pre-packeged IPA's has deliberately obfuscated the packaged js code to deliberately make it unreadable. This practice is against the principles that the main participants here believe in. The code is not subject to security review or scrutiny. If you use it, do so at your own risk. This applies to all versions that include pre-packaged JS. Tomorrow, when I get in touch with the server owner - we will get the online files patched to remove any risk. Until then, if you use those IPA's - do so at your own risk.
[2019-01-10 09:01:48]
soddy :
you may use patched 4.3.4 (not DZ's) since there's nothing new on ipa thereafter!
[2019-01-10 09:05:44]
rames.d :
4.3.4 patched by DZ but not obfuscated yet
[2019-01-10 09:06:08]
czokie :
We will have a new file uploaded in a few minutes.
[2019-01-10 09:06:47]
rames.d :
he just released 4.3.10... this is not safe?
[2019-01-10 09:07:16]
czokie :
Give us a few minutes please.
[2019-01-10 09:08:21]
nabelo :
@soddy where you can get this 4.3.4?
[2019-01-10 09:09:12]
rickysuper :
4.3.10 not patched yet, wait please
[2019-01-10 09:11:08]
soddy :
There's another one patched 4.3.4 from Droneuser as I remeberred
[2019-01-10 09:11:27]
czokie :
Guys - STOP. Trust me
[2019-01-10 09:11:33]
czokie :
It is being done right now.
[2019-01-10 09:11:55]
rickysuper :
DZ release 4.3.10., very confused and I will delete the telegram
[2019-01-10 09:12:39]
soddy :
Never join his tg
[2019-01-10 09:16:46]
rames.d :
why you are hate his telegram?
[2019-01-10 09:18:27]
czokie :
Do you know how to read obsfuscated javascript?
[2019-01-10 09:19:35]
rames.d :
i need to use tweak, i need to know how to read javascript for it?
[2019-01-10 09:19:48]
czokie :
Do you know what his code is doing? Do you trust it?
[2019-01-10 09:20:19]
rames.d :
i think that it enables fcc and 5.8
[2019-01-10 09:20:53]
rames.d :
4.3.9 works perfectly on my iPad Mini 4
[2019-01-10 09:21:15]
rickysuper :
You paid ?
[2019-01-10 09:23:56]
czokie :
OK.
[2019-01-10 09:24:02]
czokie :
<http://polybotes.feralhosting.com/dji/Go4_Frida/DJI%20GO%204%204.3.10-frida.ipa>
[2019-01-10 09:24:16]
czokie :
This file is frida patched but does NOT contain any javascript.
[2019-01-10 09:24:28]
czokie :
You will need to get a .js file and upload that via itunes.
[2019-01-10 09:25:28]
rames.d :
yes, paid
[2019-01-10 09:26:07]
rames.d :
he offered me subscription for two devices because i'm a slack user
[2019-01-10 09:26:29]
czokie :
The last known safe Tweak.js file - Enjoy
[2019-01-10 09:26:48]
rickysuper :
Thanks @czokie
[2019-01-10 09:28:58]
nabelo :
thnx @czokie
[2019-01-10 09:29:53]
czokie :
Thanks also to @kilrah for his excellent decryption of the raw IPA's - there would be nothing without his help
[2019-01-10 09:31:13]
soddy :
that's 0.23! I use it with FCC and 32 channel preset and dialogue box removed
[2019-01-10 09:32:04]
czokie :
Soddy - You can remove the dialogue box if you like - just read the code - it aint that hard.
[2019-01-10 09:32:26]
soddy :
Yep! I already removed
[2019-01-10 09:32:30]
czokie :
:slightly_smiling_face:
[2019-01-10 09:41:13]
u23806 :
Thanks!
but I got the same error...
> file: provision.cpp; line: 81; what:
>
> ios/addAppId =1200
> You are not allowed to perform this operation. Please check with one of your Team Admins, or, if you need further assistance, please contact Apple Developer Program Support. <https://developer.apple.com/support>
What is you guys ios version?
[2019-01-10 09:42:12]
czokie :
Ronald - I had intermittant success with superimpactor previously - I now run a jailbroken phone, so that does not impact me any more :slightly_smiling_face:
[2019-01-10 09:43:35]
nabelo :
@u23806 Your problem is not related to the actual .ipa
[2019-01-10 09:43:51]
nabelo :
Its related to Cydia- or Superimpactor
[2019-01-10 09:45:42]
nabelo :
you can try to revoke your certs in Cydia- or Superimpactor. If you have activated two factor authentication on your AppleID you have to provide a application password.
[2019-01-10 09:46:16]
nabelo :
And if nothing works, please try to make a new apple id just for Cydia- or Superimpactor and use this one
[2019-01-10 09:47:06]
nabelo :
I dont recomend Superimpactor at all, because nobody knows what it will do with your given data, since is is from some untrusted chinese developers.
[2019-01-10 09:47:49]
rames.d :
use shared developer certificate, it costs about $8
[2019-01-10 09:48:50]
nabelo :
or use [ipastore.me](http://ipastore.me)
[2019-01-10 09:49:30]
nabelo :
iPASTORE Lite works fine
[2019-01-10 09:49:44]
czokie :
<http://sideloadios.com>
[2019-01-10 09:50:10]
czokie :
**In case you were worried, your Apple ID and password is not sent to anyone but Apple. The tool was created by Saurik, a prominent and trusted contributor of the jailbreaking community.
[2019-01-10 09:50:20]
czokie :
Impactor was created by a trusted guy - its just old now :slightly_smiling_face:
[2019-01-10 09:51:18]
nabelo :
exact
[2019-01-10 09:51:59]
nabelo :
But if you use the chinese Superimpactor you never know where your password will be stored :smile:
[2019-01-10 09:53:11]
nabelo :
I personaly use : <https://ipastore.me/ipastore-lite/>
[2019-01-10 09:53:25]
nabelo :
very userfreindly and easy
[2019-01-10 09:53:43]
nabelo :
and i don't have to resign every 7 days
[2019-01-10 09:54:26]
nabelo :
$19.99 a year is a fair price compared to 99.-
[2019-01-10 09:57:32]
u23806 :
I already using a separate iphone and apple id with app password to install, still got the error.
also tried to install `tweak DJI GO 4 (4.3.4).ipa`, with a success...
[2019-01-10 10:00:07]
u23806 :
tweak DJI GO 4 (4.3.4).ipa sha1: `7a10e1c8da22ec2d515117af723bafc7187b51a5`
[2019-01-10 10:01:16]
nabelo :
where did you download tweak DJI GO 4 (4.3.4) ?
[2019-01-10 10:17:47]
kilrah :
The place @czokie posted earlier now has all the frida ipas without obfuscated tweaks
[2019-01-10 10:20:19]
nabelo :
@kilrah those are all without prinjected .js files, right?
[2019-01-10 10:21:23]
u23806 :
@nabelo
<https://www.dropbox.com/sh/fhf5y8xie7mcazi/AADU2FpkucId9K098EWNkD1aa/v4.3.4?dl=0&subfolder_nav_tracking=1>
[2019-01-10 10:22:36]
nabelo :
@kilrah we have get a .js file and upload that via itunes, right?
[2019-01-10 10:25:57]
kilrah :
yup
[2019-01-10 10:26:20]
kilrah :
a few have a preloaded 0.23 (4.3.2-4.3.7)
[2019-01-10 10:26:44]
kilrah :
those are as provided by DZ before he started obfuscating stuff.
[2019-01-10 10:27:10]
kilrah :
those before had no preloaded tweak, those after were obfuscated so removed.
[2019-01-10 10:33:21]
nabelo :
thanx for clarification @kilrah
[2019-01-10 10:49:49]
rickysuper :
I previously using DZ 4.3.5 frida with Tweak.js 0.23 and works fine
[2019-01-10 11:51:56]
nabelo :
But this password is not restricted to only to use in this app
[2019-01-10 11:52:09]
nabelo :
if someone get this password he can use it for anything
[2019-01-10 13:05:02]
benhardings3 :
I might be noobing hard here, but I just installed the 4.3.10 ipa and the Tweak.js shown above - i selected FCC mode and nothing else, but its still showing 5.8G and doesn't seem to be asking me to switch. Am i being dumb somewhere?
[2019-01-10 13:06:13]
nabelo :
FCC don't mean 2.8G. I just increases the output power..
[2019-01-10 13:06:29]
nabelo :
If you want 2.4G you have to switch yourself
[2019-01-10 13:06:51]
nabelo :
FCC only increases the output power for longer range reception.
[2019-01-10 13:08:26]
nabelo :
If you look for example at the DJI Spark you have the following output powers:
[2019-01-10 13:08:27]
nabelo :
2,4 GHz
FCC: 25 dBm; CE: 18 dBm; SRRC: 18 dBm
5,8 GHz
FCC: 27 dBm; CE: 14 dBm; SRRC: 27 dBm
[2019-01-10 13:08:55]
nabelo :
in this case FCC on 5,8 GhZ gives more powee then 2,4 GHz
[2019-01-10 13:16:11]
benhardings3 :
@nabelo That explains that one then. Much appreciated. The other settings - what do they do exactly? Boost mode in particular? Are there any sort of optimal ones to turn on or leave off? Just wanting to go for maximum range and video quality really.
[2019-01-10 13:26:46]
nabelo :
just use FCC
[2019-01-10 13:27:30]
nabelo :
boost mode will even more increase the output power. which can be dangerous for your remote, because its getting hot
[2019-01-10 13:28:29]
nabelo :
just look at <https://dji.retroroms.info/howto/dji_configs>
[2019-01-10 13:28:40]
nabelo :
there you can read about the different configs
[2019-01-10 14:06:44]
avunduk :
Hi, could you please help me out which js file to use for Mavic Air
[2019-01-10 14:07:23]
avunduk :
Where can I download that
[2019-01-10 14:22:04]
nabelo :
his code looks like he used <https://obfuscator.io/>
[2019-01-10 14:32:06]
hostile :
<https://dji-rev.slack.com/archives/C6KG1UDRS/p1547107138306500> I fucking lol'd
[2019-01-10 14:33:25]
hostile :
<https://dji-rev.slack.com/archives/C6KG1UDRS/p1547109059319700> or anything else he wants
[2019-01-10 14:33:37]
hostile :
@supahfly someone using your implant techniques. =]
[2019-01-10 14:33:39]
thecatthathacks :
@supahfly has joined the channel
[2019-01-10 14:34:09]
hostile :
mention the downloader too?
[2019-01-10 14:34:27]
rickysuper :
My team tested 4.3.10 frida with Tweak 0.23 FCC and boost all works well. C1 and c2 custom works
[2019-01-10 14:34:34]
rickysuper :
Thanks all
[2019-01-10 14:36:28]
rickysuper :
DZ had posted update several hours ago. He still knows here everything
[2019-01-10 14:42:39]
hostile :
**shrug**
[2019-01-10 14:42:53]
hostile :
no fucks given. we just won't allow his blatant presence
[2019-01-10 14:43:06]
hostile :
we did the same thing with Danny... it is obvious anyone can be here
[2019-01-10 14:43:16]
hostile :
just depends on how many email addresses you want to burn up
[2019-01-10 14:43:41]
hostile :
Its not like he's gonna up his skill magically, and keep us out of his obfuscation
[2019-01-10 14:43:55]
hostile :
knowing he has a downloader is sketchy. we should figure out how to exercise it
[2019-01-10 14:44:01]
hostile :
to make it download fucked up stuff
[2019-01-10 14:49:03]
nabelo :
@hostile sounds nice :smile:
[2019-01-10 16:50:19]
cat.db :
I think we should thank the original author, after all, this is the script he wrote.
[2019-01-10 17:18:05]
quad808 :
I am going to jump in here, so if I step on toes, forgive me....I don't use iOS GO, but lots of users do.
[2019-01-10 17:21:23]
quad808 :
iOS dude. I don't know you, but we all know you are here. Don't know if anything can be salvaged at this point, but PM me. I will act as a go between. You need to be humble. This is a very forgiving crowd, but you need to repent, for lack of a better word. You pissed off a lot of people, me included, with your actions. PM me and will see what can be done. This is probably your only chance. I can't promise anything at all, and I have talked to no one about this. Just taking a shot in the dark, that maybe something could be worked out for all of us. Who knows. This may be too soon to try, but I figured it is worth a shot. You need this community way more than anyone of us needs you. Remember that.
[2019-01-10 17:39:16]
quad808 :
The last thing I will tell you is this...take a look at NLD. Under @coldflake's direction and OG's blessings, he has taken the tools created by the OG's and incorporated them into a easy to use app. He has done this not all by himself, but with help from other OG's. He then takes $$ earned and plows it back into the community, which then in turn helps keep OG's active and continuing to be motivated to further the efforts for all of us. There is no harm in making something that in turn makes $$, BUT you need to give back to the OG community that gave you the tools that allowed you to do this, like NLD continues to do. You need to grow a pair, Man up and come clean. Thats all. However..if it is found out in your work that you did anything nefarious, you will be found out and you will reap what you sow.
[2019-01-10 17:41:24]
hostile :
:100:
[2019-01-10 18:04:27]
hostile :
Drone Corleone has already spoken on this exact topic... <https://github.com/JD4x4/dji_system.bin-1/blob/master/README.md>
[2019-01-10 18:05:11]
hostile :
[2019-01-10 18:05:14]
hostile :
YOU broke the peace that we made that day...
[2019-01-10 18:06:42]
hostile :
I mean did you not read the words on the heads of the 5 families? @bin4ry literally said that day: "Then we are agreed. The traffic in unlocked drones will be permitted, but controlled and Drone Corleone will give up protection of the NFZ, and there will be the peace."
[2019-01-10 18:07:25]
hostile :
When...when did I ever refuse an accommodation? All of you know me here. When did I ever refuse?
[2019-01-10 18:45:32]
rames.d :
From who you are waiting answer? DZ? May be you will unban him and continue discussion here?
[2019-01-10 19:01:38]
hostile :
it is a rhetorical question... from a movie...
[2019-01-10 19:01:44]
hostile :
The GodFather :wink:
[2019-01-10 20:15:03]
rames.d :
Any updates in reversing? Is it safe to use his tweak?
[2019-01-10 20:19:42]
rickw001 :
use whatever you want,I wouldn't trust anything he did,I will gladly wait for the guys here for their stuff
[2019-01-10 20:23:17]
rames.d :
Their stuff will be free for us?
[2019-01-10 20:24:20]
hostile :
what is "their stuff"? have they innovated any techniques ?
[2019-01-10 20:25:53]
rames.d :
Stuff from OG will be free for us for Mavic 2?
[2019-01-10 20:28:40]
hostile :
you gotta earn a Mavic2...
[2019-01-10 20:29:00]
hostile :
but yes NLD funds allow for R&D to be done against bounties
[2019-01-10 20:29:05]
hostile :
and hardware given to help with bounties
[2019-01-10 20:35:06]
rames.d :
I didn’t understand why DZ became bad guy for you. He spending time for research, made really working solution for M2 and other birds. Why NLD can sell something but DZ cannot?
What he stolen from you? He uses public toolset - objection and frida gadget, writes his own tweak. His tweak 0.23 completely different with PrettyWoman.
Whats wrong with him?
[2019-01-10 20:36:40]
jcase :
@rames.d its behavior like his
[2019-01-10 20:36:50]
jcase :
that keeps me from leasing more exploits
[2019-01-10 20:37:12]
jcase :
i released a couple then bam, we saw ppl selling them or using them in commercial activity
[2019-01-10 20:37:15]
jcase :
against the license of my tools
[2019-01-10 20:37:19]
jcase :
without even saying a word to me
[2019-01-10 20:37:54]
jcase :
you can thank people behaving like that, for the reason there is no public m2 root
[2019-01-10 20:38:46]
jcase :
commercilizing the work of others without permission is SHITTY
[2019-01-10 20:38:55]
jcase :
NLD no only asks, but gives credit
[2019-01-10 20:39:03]
jcase :
hell they even funded some of my research
[2019-01-10 20:39:10]
jcase :
without being asked
[2019-01-10 20:39:17]
rames.d :
Objection and frida gadget is OG’s work?
[2019-01-10 20:39:46]
jcase :
ah maybe i misunderstood the question
[2019-01-10 20:39:54]
jcase :
i thought you were saying he is using OG's toolset
[2019-01-10 20:40:05]
jcase :
i care not for his spat
[2019-01-10 20:40:08]
jcase :
with OG
[2019-01-10 20:40:54]
jcase :
however ive yet to see someone selling something that didnt use our research
[2019-01-10 20:41:20]
rames.d :
He used in his tweak many lines of OG’s code?
[2019-01-10 20:41:25]
hostile :
he was also openly refusing to help @bin4ry and talking shit
[2019-01-10 20:41:29]
hostile :
it isn't that hard
[2019-01-10 20:41:35]
hostile :
talk shit... get the fuck out of my community
[2019-01-10 20:41:40]
hostile :
nothing to defend here mate
[2019-01-10 20:41:43]
jcase :
pretty much
[2019-01-10 20:41:51]
jcase :
this is a private community
[2019-01-10 20:44:52]
rames.d :
I cant find any similar lines in PrettyWoman and his tweak. I’m not defending him but i want to understand reasons
[2019-01-10 20:45:18]
czokie :
@rames.d - Look at the instructions on how to do the objection patching. It was developed by us.
[2019-01-10 20:45:44]
czokie :
Look at the filename he used in his first version - Tweak.js .... Something that was created by myself and @jezzab
[2019-01-10 20:46:08]
rames.d :
But objection is public tool and used by many hackers and developers. Name? Good name, why not use it?
[2019-01-10 20:46:23]
czokie :
Look at Frida - We bloody worked with the author to get it patched and changed, so it would work better.
[2019-01-10 20:46:46]
quad808 :
@rames.d are you the iOS dude, or is he feeding you info??
[2019-01-10 20:47:05]
czokie :
Yes, his JS script code is different to ours - he re-built it - so what. He still piggy backed off our work - and never acknowledged it.
[2019-01-10 20:47:11]
rames.d :
wtf?
[2019-01-10 20:47:29]
quad808 :
just askin
[2019-01-10 20:47:43]
czokie :
Until he started insulting, I didnt give a crap... but when he came in here slinging shit around... now thats another story.
[2019-01-10 20:47:59]
czokie :
Have you read his code? Do you know what it does?
[2019-01-10 20:48:36]
rames.d :
Yes, it changes CC to US. This is OG’s idea?
[2019-01-10 20:48:47]
czokie :
In comparison - All of our code has been open and transparent. We have nothing to hide.
[2019-01-10 20:49:06]
czokie :
Bloody oath it was - @jezzab and I were playing with that for a long time.
[2019-01-10 20:49:22]
czokie :
But let me ask again @rames.d - have you read his code?
[2019-01-10 20:49:30]
rames.d :
Yes
[2019-01-10 20:49:47]
czokie :
var _0x4c5c=['w7dzBkjCqQ==','wpMiLR3Cvw==','w5N1AVTCkg==','NQXCgsK/w7E=','dcOGwo1wBQ==','w6ViwpkHwrI=','V1rDglHCpQ==','T8OpF23CgQ==','wps5w546LA==','b8K0w5lcwqw=','GMKMw6I1w7gdw6vCh8O2IsKUKMKp','wrALJx7Cog==','UWTCuFlx','PRXDimfDvw==','w5TDjsOGw6sl','Q0I4QBE=','KMO5MsOqAw==','VA4Uwr8U','wrLCs8OlInI=','wq/Cjy1rw7g=','M8OTw6led3Nie8KIb8KlKWZqLiRy','w6ZqOnnCmA==','w49ewrEiwoA=','w7BdYMOYw5A=','wonCnANgw6A=','w5UAwqdhwqQ=','FMKWwqM/Zw==','CT7CmxZB','AcOQw5tqJg==','DHXCqcOkNQ==','dkDDpVvCtw==','HMObH8OmMw==','csKXw5J4wog=','T8OHwp8lXQ==','wr8Nw5wbIQ==','wpbCpi/Dp8KyDTLDh8OMwqQwX8Ocw6kpW0s=','UsOBGn7CiQ==','QjrDnsKbwqXDscKuTnwMwqNzwpY=','OcOLMknDtA==','T8OFwoZ4OQ==','dcOpwrkbWg==','YcOaEHPClQ==','BsOVEUTDrA==','V8KLciRi','w6t0wpAjwqg=','w7p/QcOmw5M=','I8Ocw4Z9IA==','w4vCrVTDtcO/','w5/DqBzCl18=','YH4vN8Oq','w6h4wqs+wpEGw798HhNEwozDkQ5WB200dUbCsMKKw7TCrQU8csKdwrE0w6DDnsKEw7RSw6VELW9TQRJXMQ==','ecK+wqcAwoM=','DMK8wroL','YcKAez91','f3siAsOvXQ==','PcO/AUXDhg==','wrYHw5o7Dg==','w71pD1jCuw==','w5DDoT7Cn0E=','wpTCvgxCw7o=','dcK4dCNn','w5BhAUPCrQ==','w7piclHCvA==','HcO0M0rDgw==','Cx9CNi8=','eWPCtEtn','GsOsw6dBPw==','HS/Cl8KTw6o=','PRFoKwM=','DMKED8OUfQ==','NsOlB8Oow6M=','TldZTU4=','w73DqsO/w4M4','wpFfwo/Coyo=','BMOjJMOKw4Y=','JsK4ZHRk','wrjCpSdiw7g=','Yz4RwoEv','FcKdwqFYw7A=','wpPCtzxmw6o=','IcKYIMOCWw==','woHCoxBDw4A=','S8OGP1rCuw==','SMKyw51Vwq0=','I8O0GsORMQ==','KA9jGCQ=','woZRwqHChBM=','P8KeUkzDlQ==','wr1cwpPCoR4=','w5zDj8Osw64L','KcK4T1vDpg==','S8KbWgZP','wpsrw5UiFQ==','wokrLzfCgg==','wo/CnQZCw7g=','w4hmDCDDpw==','XzVTSMOy','Bht7DBw=','F8KUwoFVw6A=','DsO0B8OtJQ==','
[2019-01-10 20:49:51]
czokie :
That is his code.
[2019-01-10 20:50:04]
rames.d :
I read his 0.23 tweak
[2019-01-10 20:50:20]
czokie :
And above is the first bit of his latest version.
[2019-01-10 20:50:23]
czokie :
See the difference?
[2019-01-10 20:51:20]
rames.d :
His paid version is obfuscated, i can not read it
[2019-01-10 20:51:27]
czokie :
Not only his paid version.
[2019-01-10 20:51:39]
czokie :
He did the same thing on all of the IPA's on the polybotes server,without telling people.
[2019-01-10 20:52:20]
czokie :
I wrote to him ages ago when he first came here.
[2019-01-10 20:52:44]
czokie :
I suggested we colaborate, and get the patch-o-matic thing built - and thrown on NLD.
[2019-01-10 20:53:09]
czokie :
Lately, he is complaining we never asked him to colaborate. I call bullshit on that. It was offered, he just didnt want to play ball.
[2019-01-10 20:54:57]
rames.d :
Ok guys i understood you.
Last thing - can you proof asking him for collaboration? He really rejected you?
[2019-01-10 20:55:17]
czokie :
I personally suggested this in the early time in PM chat to him.
[2019-01-10 20:55:37]
czokie :
I even provided a link to a private section on the wiki - where all of my research is located.
[2019-01-10 20:56:32]
czokie :
The idea was to proceed with auto patching / auto signing / auto install tweak.js as a service - and put it on NLD.
[2019-01-10 20:57:15]
rames.d :
You asked him for that and he rejected? Or you started to do it without him?
[2019-01-10 20:57:28]
czokie :
I already started it before he came here.
[2019-01-10 20:57:42]
czokie :
He came with some pretty push buttons in java script.
[2019-01-10 20:57:43]
czokie :
So what.
[2019-01-10 20:58:01]
rames.d :
And gone out with working M2 tweak...
[2019-01-10 20:59:09]
czokie :
This was all before M2... He never showed interest in colaboraing - and I had other things in my life that took over priority. So, no - we dont have any M2 specific stuff to share... but I would not be surprised if the existing code works with M2 right now.
[2019-01-10 20:59:42]
czokie :
To be clear - The 0.23 file is fine -
[2019-01-10 20:59:55]
czokie :
Anything after that is unknown
[2019-01-10 21:00:23]
rames.d :
And you want to include that file in NLD?
[2019-01-10 21:00:27]
czokie :
But - when he started putting "loaders" in files that he was sharing through our servers without telling us - that is just shit
[2019-01-10 21:00:37]
czokie :
@rames.d - did I say that?
[2019-01-10 21:01:11]
czokie :
Ultimately, his code does the same thing that the old pretty woman stuff does - but has some buttons in it for a UI - and a "pay me" screen.
[2019-01-10 21:02:29]
czokie :
This is just my opinion - but any service for IPA's would allow user choice - and not shove obsfuscated code down someone's throat without telling them they're doing it - or what the code does.
[2019-01-10 21:03:42]
czokie :
For example - Imagine a service that does a patch / sign / load tweak file as a service... and you can provide your own tweak file. Thats the magic.
[2019-01-10 21:15:32]
hostile :
<https://dji-rev.slack.com/archives/C6KG1UDRS/p1547153835450800>
[2019-01-10 21:15:35]
hostile :
WHO CARES
[2019-01-10 21:15:46]
hostile :
I'm growing tired of the over explaination of a simple thing
[2019-01-10 21:15:55]
hostile :
get back to hacking and consider this dude voldemort
[2019-01-10 21:16:00]
hostile :
stop speaking of him
[2019-01-10 21:16:27]
hostile :
This place runs on respect
[2019-01-10 23:31:39]
cantrepeat :
man, if DZ wakes up and comes to his senses I'm screwed!!! Deleted my github like 8 times already! :smile:
[2019-01-10 23:33:03]
jcase :
why delete your github
[2019-01-10 23:44:52]
hostile :
(joke) cuz he did
[2019-01-10 23:48:07]
cantrepeat :
yeah, mocking DZ because he took his ball and ran home, IE said he deleted his in protest I guess
[2019-01-11 00:48:48]
quad808 :
Wait. I just deleted mine too. Damn.
[2019-01-11 00:48:55]
quad808 :
DJI!
[2019-01-11 00:49:01]
quad808 :
D J I !
[2019-01-11 00:49:12]
quad808 :
hahahahaha !DJI
[2019-01-11 02:24:18]
hin.lai :
Hi @czokie, do we still have ability to perform self patching for the upcoming IPA?:face_with_raised_eyebrow:
[2019-01-11 02:27:02]
czokie :
Of course - upload your own Tweak.js file
[2019-01-11 02:28:37]
hin.lai :
Thanks, for you clarify
[2019-01-11 06:59:28]
czokie :
Getting back in the saddle... working on my own code... building an automated frida patch / codesigning system that does not require a Mac or OSX...
[2019-01-11 07:20:43]
czokie :
I managed to get all the way through, with one code signing problem. I think its a dependency issue in one of the components ... Will look more after playing "dads taxi" in a bit...
[2019-01-11 07:59:36]
kilrah :
nice!
[2019-01-11 08:52:13]
benhardings3 :
That is super cool! Good effort.
[2019-01-11 09:14:46]
cs2000 :
Good to see you back @czokie :slightly_smiling_face:
[2019-01-11 09:57:34]
czokie :
Hmm. I just had a harrowing "drivers ed" session with Daughter. We had someone else in the car as a passenger... and I have never felt so unsafe in a car. She drive so fast... I didn't want to chastise her in front of other people... but it was really insane! We had a talk after the other person left the car - but I am glad to be home!
[2019-01-11 10:02:51]
mavpac :
We are glad aswell so you can continue working on that signing issue :grinning:
[2019-01-11 10:03:07]
czokie :
hehehehe
[2019-01-11 10:04:20]
czokie :
I am about to rebuild the VM - and give it another approach. The problem I am having is with "isign" - I had it working a long time ago - will try it again - but try tweaking a few different things in the process.
[2019-01-11 10:48:14]
cantrepeat :
Are you THE GregK?
[2019-01-11 10:49:37]
cantrepeat :
Gregory David Kriesel better known as Greg K the bass player from The Offspring?
[2019-01-11 10:58:03]
czokie :
not a bass player :slightly_smiling_face:
[2019-01-11 11:10:54]
cantrepeat :
damn! I was hoping he was a closet coder - <https://en.wikipedia.org/wiki/Greg_K.>
[2019-01-11 11:11:00]
czokie :
But I am a keys player :slightly_smiling_face:
[2019-01-11 11:12:55]
cantrepeat :
and a pretty damn good one at that! :smile:
[2019-01-11 17:13:48]
d95gas :
Just changed the link in the WikI for the :<http://dji.retroroms.info/howto/apple_ios_patched_dji_go4#install_process>
to reflect new download location of the 0.23 js posted here earlier.
[2019-01-11 18:46:43]
dronepilot :
Can i use .23 on the new version 4.3.10?
[2019-01-11 18:47:11]
benhardings3 :
@rgf8aerial yep
[2019-01-11 20:46:29]
quad808 :
For whatever reason, I can't access the !wiki from my work computer, but home PC is just fine...work PC connects only sometimes, if at all...
[2019-01-11 21:03:02]
czokie :
Hey @quad808 - hit me up in a PM - but I’m busy the next 4-5 hours - If you’re still up then - I can trace your IP to find out what IPS stuff its triggering
[2019-01-11 21:10:17]
quad808 :
Thanks bro, will do!
[2019-01-11 21:10:35]
rickw001 :
good job quad,thanks
[2019-01-11 21:14:13]
dronepilot :
.23 is the best tweak out at the moment?
[2019-01-12 00:25:46]
nikogpsy :
@quad808 I had the same problem. My work around was to do a search for retroroms on google and use the link from the search.
[2019-01-12 01:27:44]
czokie :
Hi all
[2019-01-12 01:41:24]
czokie :
@nikogpsy - I just tweaked a regex that was looking for spambots - it was getting others as well - it should be good now. Apologies
[2019-01-12 03:46:07]
quad808 :
No worries, all good @czokie!! :+1:
[2019-01-12 03:46:33]
czokie :
And now, I am knee deep in python debugging of isign
[2019-01-12 05:14:21]
czokie :
Signing progressing - I was able to sign 4.2.x - now moving to 4.3.x
[2019-01-12 05:27:15]
czokie :
OK. Here is the news. 4.3.0 is signable with my system. 4.3.1 is signable. 4.3.2 and after fails with isign
[2019-01-12 05:28:06]
d95gas :
@czokie I seem to having same issue as Quad808 had. Cannot access the Wiki from home (UK) unless I run a VPN, then I can connect ok. Been like that a few weeks now, no big deal, just a bit of a pain.
[2019-01-12 05:28:26]
czokie :
Send me a PM with IP address @d95gas
[2019-01-12 05:28:42]
d95gas :
will do
[2019-01-12 05:31:38]
czokie :
Guys - after a little crowd sourcing of info.
[2019-01-12 05:31:52]
czokie :
Release of DJI GO 4 version 4.3.2
[2019-01-12 05:32:23]
czokie :
Question - What happened around that date (just before that date). Any new iphone releases or anything like that ... but MUST be after DJI GO 4.3.1 release date
[2019-01-12 05:45:35]
czokie :
It feels like a macho binary format change after 4.3.1 was released that has not made it into isign (which I want to use)
[2019-01-12 06:56:25]
rickysuper :
4.3.10 frida run perfectly on M2P !
[2019-01-12 06:59:43]
d95gas :
Nice :+1:
[2019-01-12 07:00:05]
czokie :
Awesome!
[2019-01-12 07:00:24]
czokie :
Now - to get some automation of IPA builds to make this much easier... thats what I am working on.
[2019-01-12 07:31:03]
czokie :
try:
if self.subcon.conflags & self.FLAG_COPY_CONTEXT:
while c < count:
obj.append(self.subcon._parse(stream, context.__copy__()))
c += 1
else:
while c < count:
obj.append(self.subcon._parse(stream, context))
c += 1
except ConstructError:
raise ArrayError("expected %d, found %d" % (count, c), sys.exc_info()[1])
return obj
[2019-01-12 07:32:06]
czokie :
construct.core.ArrayError: ('expected 79, found 78', ArrayError('expected 6, found 3', SwitchError('no default case defined',)))
[2019-01-12 07:32:06]
czokie :
This is a piece of code in one of the upstream dependencies for isign... Basically, its parsing the macho binary. My problem - I am getting exceptions... like...
[2019-01-12 07:33:14]
czokie :
this is in construct/core.py .....
[2019-01-12 07:33:32]
czokie :
but only happens on 4.3.2 and after IPA's
[2019-01-12 07:47:30]
rames.d :
Which version are you using?
[2019-01-12 07:47:44]
rames.d :
Try to install from master branch
[2019-01-12 08:55:21]
czokie :
Cannot use newer version. Construct deprecated some methods later that are used by isign
[2019-01-12 09:00:24]
kilrah :
wonder how cydia impactor does it
[2019-01-12 09:00:26]
rames.d :
Isign master branch
[2019-01-12 09:23:01]
czokie :
isign master branch - tried that... No good.
[2019-01-12 09:23:29]
czokie :
Also tried a fork - that is more advanced (Original author not updating as frequently)
[2019-01-12 09:25:45]
czokie :
<https://github.com/apperian/isign.git>
[2019-01-12 09:25:53]
czokie :
This is the repo I am using for isign
[2019-01-12 09:26:23]
czokie :
I have a couple of tweaks to the setup.py file that I am using - (unrelated to the issue)...
[2019-01-12 09:26:26]
czokie :
pyOpenSSL==16.2.0
[2019-01-12 09:27:06]
czokie :
and construct==2.5.3
[2019-01-12 09:27:53]
czokie :
The problem is in construct - (or in the data it is passed from the macho structure definitions)
[2019-01-12 09:32:47]
czokie :
<https://github.com/apperian/isign/commit/cd90d1ca7afa8bbc8b1b6f7a060bf9d1f9d7e9f8#diff-3293286541b066de6c27769225fbdec8>
[2019-01-12 09:33:31]
czokie :
This is the most recent commit to the macho.py file - where IOS12 support was added.
[2019-01-12 09:43:56]
czokie :
Update - I went back to pyOpenSSL==18.0.0 - still no help. I was not aware the current master from appearian was updated to a recent version - they previously had an old one :slightly_smiling_face:
[2019-01-12 09:48:11]
cantrepeat :
I'm still on iOS 11.3.1 and un j/B
[2019-01-12 09:48:51]
czokie :
Yep - my problem is that the newer IPA's have different MACHO encoding - that is not playing nice (at least thats what I think)
[2019-01-12 10:28:11]
dronepilot :
@rickysuper what tweak version are you on 4.3.10? Thanks
[2019-01-12 11:03:43]
czokie :
So - I had a look at two macho binaries - 4.3.1 and 4.3.2 - one of them works with isign, one does not. I am viewing them with MachOView - Nothing obvious sticks out in terms of file format changes so far... but I'm not super familiar with the strtucture
[2019-01-12 14:40:15]
rickysuper :
0.23
[2019-01-12 15:09:53]
dronepilot :
@rickysuper Did you download the frida 4.3.10 and inserted the 0.23 tweak over the 0.31?
[2019-01-12 15:13:13]
rickysuper :
The frida you download from the above link does not contain 0.31 tweak. You have to insert the 0.23 to the file
[2019-01-12 15:13:32]
mavpac :
Can you provide the unsigned ipa ricky?
[2019-01-12 15:14:05]
rickysuper :
Please find the official link from the above post
[2019-01-12 15:15:01]
rickysuper :
[2019-01-12 15:15:26]
mavpac :
Hmm cant find it
[2019-01-12 15:15:37]
mavpac :
Ah here we go
[2019-01-12 15:16:19]
mavpac :
So i just install 4.3.10 and add the tweak.js?
[2019-01-12 15:17:35]
mavpac :
Using the ipas from polybyte server?
[2019-01-12 15:17:43]
rickysuper :
Yes
[2019-01-12 15:18:33]
mavpac :
Thanks! There is no time bomb like in DZ frida? Cause i cant run it anymore on my ipad. It seems that he is sending your udid to his server to check if it was running longer than the trial.
[2019-01-12 15:18:53]
mavpac :
Thats why ad tracking needs to be allowed i guess
[2019-01-12 15:39:41]
rickysuper :
7 days if you are not paid Apple Developer. It's not time bomb of the frida, is time bomb from Apple.
[2019-01-12 16:30:27]
kilrah :
DZ might have added some stuff for his trial too. Normally should be in the loader that was removed.
[2019-01-12 16:31:09]
kilrah :
if there is still something without that we need to know cause maybe it's in the app patch then.
[2019-01-12 16:35:25]
mavpac :
I talk about the popup that shows up with DZs version telling you to contact cause trial expired. nothing to do with signing.
[2019-01-12 16:35:39]
mavpac :
So yes he added extra stuff and even tracks it online.
[2019-01-12 16:36:59]
kilrah :
what version does it mention
[2019-01-12 16:38:30]
mavpac :
it was 4.3.9 from his telegram channel
[2019-01-12 16:41:28]
mavpac :
i removed it, reinstalled with superimpactor but the nag screen still shows up
[2019-01-12 16:42:23]
mavpac :
if I turn on ad track blocking in ios settings, the ipa will show that it cant regonize my device. I am pretty sure he sends my udid or something like that to an server to check it only for trial
[2019-01-12 16:42:55]
diy :
I installed frida 4.3.10 with the tweak 0.23. I opened it and it successfully changed to FCC then while it was on, i opened the original Go 4. It reverted back to CE. Now the frida 4.3.10 can not change it back to FCC no matter what i do.
[2019-01-12 16:43:56]
mavpac :
close both apps. shut down the bird. restart the frida and the bird. in camera screen, minimize frida (put in background) and activate it again. check if it is fcc. worked for me.
[2019-01-12 16:44:23]
mavpac :
at least with earlier versions when I had problem with FCC
[2019-01-12 16:49:46]
diy :
Yes you are right. I totally forgot that “minimising app” step. Thank you. It works nice and solid. Thanks to everyone contributed.
[2019-01-13 12:20:47]
rickysuper :
I never install modded God app with original on same device
[2019-01-13 16:08:14]
dronepilot :
Just tried out the new go 4.3.10 tweak.23 comparison with 4.3.0 tweak .23 i felt the older version works better.
[2019-01-13 16:09:13]
dronepilot :
[2019-01-13 16:48:26]
nikogpsy :
I thought the same. 4.3.10 is a bit buggy. 4.2.22 and 4.3.5 seems to work very well without issues.
[2019-01-13 17:46:48]
dronepilot :
@nikogpsy Did you use the .23 tweak on both 4.2.22 and 4.3.5?
[2019-01-13 18:30:19]
nikogpsy :
@rgf8aerial Yes.
[2019-01-13 20:09:14]
czokie :
Morning... The same tweak files do the same things in the same way. Have you compared to non tweaked versions? Same bugs? What are your concerns specifically
[2019-01-13 20:35:08]
dronepilot :
@nikogpsy what version do you use on your Mavic 2?
[2019-01-13 20:41:39]
vasek_r :
Use 4.3.5 with tweak .23 reduced to fcc only works well with m2p
[2019-01-13 22:30:10]
nikogpsy :
@czokie I saw a couple of bugs with 4.3.10 that I didn’t notice with lower versions aforementioned. The AC location relative to my location was off by about 45 degrees and some height and distance readings were off. And I tested with MP. Don’t have the M2 yet. Waiting on NLD. :)
[2019-01-13 22:54:01]
czokie :
So - @nikogpsy - Obvious questions - Are these issues specific to (a) Factory app, (b) Frida app (with no tweak), or (c) Frida app (with tweak)...
[2019-01-13 22:56:39]
chipmangini :
V 4.3.3 is all that's available for a P4P on DJI site, maybe that's part of it????
[2019-01-13 23:34:44]
nikogpsy :
@czokie This was FRIDA with .23 tweak. Didn’t test with any other combo for this version but it could just be an issue with the app itself. I have not used this version before other than that time. As soon as I saw the bugs when ac flew out about 1k ft I said “nope” and brought the bird back. lol
[2019-01-13 23:47:15]
czokie :
@nikogpsy - Really need to get more detail - otherwise, nothing is going to happen. Also, it may have just been a bad calibration @ take off on that occasion.
[2019-01-13 23:50:42]
czokie :
OK. Signing 4.3.10 using a different version of isign
[2019-01-13 23:51:09]
czokie :
and that failed :disappointed:
[2019-01-14 00:53:53]
nikogpsy :
@czokie I had 4.2.22, 4.3.5 and 4.3.10 loaded on the same phone. After noticing the issues with the 4.3.10 I landed the MP and flew with the 4.2.22 immediately after. No issues.
I’ll reload the 4.3.10 again and retest when I get a chance tomorrow and see if I can recreate the bugs.
[2019-01-14 01:25:30]
dronepilot :
@vasek_r will try out thanks buddy.
[2019-01-14 10:13:52]
dronepilot :
4.3.5 tweak .23 rocks the best until now M2 birds. Thanks allot @vasek_r and @nikogpsy.
[2019-01-14 11:31:00]
rickysuper :
For me and my group 4.3.10 was the best version for the M2
[2019-01-14 11:38:42]
rickysuper :
Android released 4.3.11
[2019-01-14 12:59:03]
dronepilot :
@rickysuper thanks on your sharing.
[2019-01-14 14:34:39]
fredmicrowave :
Been flying with M2 and 4.3.10 yesterday with no problem . Just regular flying, no special function testing however.
[2019-01-15 22:00:44]
czokie :
Team. Here is a quick update on my research relating to isign parsing of 4.3.2 and later. Check out <https://dji.retroroms.info/howto/iosfrida#footnote> ... Any python guru's or macho binary format guru's that can help would be appreciated.
[2019-01-15 22:43:28]
czokie :
Update: Just found this ... <https://github.com/AlexDenisov/segment_dumper> - which was sourced from <https://lowlevelbits.org/parsing-mach-o-files/> ... that might help...
[2019-01-15 22:46:52]
czokie :
Helpful - but not 100% what was required :disappointed:
[2019-01-16 02:37:35]
czokie :
Update: Just completed manual hex viewing analysis of the 4.3.10 binary - <https://dji.retroroms.info/howto/iosfrida#manual_analysis_of_dji_go_4_v4310>
[2019-01-16 02:37:46]
czokie :
Progressing slowly
[2019-01-16 04:00:23]
czokie :
Progress: There are 79 records in the file. The only one that does not appear in the debug is LC_CODE_SIGNATURE ...
[2019-01-16 04:00:50]
czokie :
Assuming this is not a new tag or structure, the question is - how is it different to previous IPA's.
[2019-01-16 04:03:25]
czokie :
What is starting to possibly make sense - Our local "decryption" source changed process/method of decryption some time back... which could indicate new/different input data as the root cause of the problem.
[2019-01-16 04:18:43]
czokie :
Confirmed. I did a debug for an old IPA... and I can see LC_CODE_SIGNATURE in the debug... So, that is the missing ingreedient - Some how, it is different. What might be a good exercise to do is to get @kilrah to decrypt 4.3.0 using the same tools that he uses for current decryption - to see if that causes any problems with isign.
[2019-01-16 04:22:25]
rames.d :
Try to sign this ipa with iOS App Signer and after try to resign output with isign
[2019-01-16 04:23:14]
rames.d :
Maybe it will add something missing to binary?
[2019-01-16 04:25:05]
czokie :
That won’t help me tho. Even if a Mac signed binary will fix it, I still need to get to the root cause so a normal decrypted binary can be signed without any Mac tools in between. At the moment, it feels like bad input. Replicating with the new decrypt tools on a old ipa will confirm one way or the other.
[2019-01-16 08:44:00]
czokie :
OK. So I tested with a 4.3.0 decrypted with the newer process... It signed perfectly with isign. So something else in the data that is unrelated to the decryption process change.
[2019-01-16 08:44:08]
czokie :
Sigh
[2019-01-16 08:45:35]
czokie :
Thanks @kilrah :slightly_smiling_face:
[2019-01-16 08:45:43]
czokie :
Back to the drawing board
[2019-01-16 09:49:00]
cs2000 :
Yeah i had no issues doing this with app specefic passwords personally, unless apple has changed something again in the last 2 weeks... (not totally unheard of i guess)
[2019-01-16 11:29:32]
kilrah :
you must NOT us an app specific pw to sign into iTunes, only to 3rd party apps that don't support Apple's own 2FA.
[2019-01-16 11:32:10]