TUM Logo

Security Testing the DJI Firmware in a QEMU environment

Security Testing the DJI Firmware in a QEMU environment

Supervisor(s): Fabian Franzen
Status: finished
Topic: Others
Author: Hendrik Hagendorn
Submission: 2022-04-15
Type of Thesis: Bachelorthesis

Description

Over the past decade, the use of small unmanned aerial vehicles (UAVs), 
colloquially known as drones, has increased significantly. Recent 
regulations restricting flights in certain areas and requiring the 
transmission of flight data have prompted manufacturers to incorporate 
many state-of-the-art security mechanisms into their devices. These 
changes make this class of devices an interesting subject for research. 
The first part of this bachelor thesis deals with the reverse 
engineering of the proprietary packet format and packet routing system 
of the market leader DJI. In the second part, a fuzzing environment 
based on the QEMU user mode is developed. The fuzzer focuses on the 
command handlers of the central DJI System Service, which are accessible 
via the proprietary packet system. In particular, this work addresses 
the problem of fuzzing proprietary services whose reception and 
processing of packets is distributed across multiple threads. 
Ultimately, more than 100 unique crashes were found, but measures such 
as Stack Canaries and Fortify prevented the exploitation of vulnerabilities.