User Tools

Site Tools

Trace:
faq:dataleakage:chatter

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
faq:dataleakage:chatter [2017/08/10 06:17]
czokie Add video content 		faq:dataleakage:chatter [2017/09/09 23:10]
czokie [https://mydjiflight.dji.com]
Line 1: Line 1:
 ====== Network Analysis Findings ====== ====== Network Analysis Findings ======
-Due to some of the "unusual" findings in reverse engineering of the DJI GO 4 code, Czokie decided to look at the network layer, and do a high level summary of what was found. You will find below a video of what happens when you start DJI GO, and more importantly - "who it is talking to". Traffic was split into two flows to make this easier to analyse.+Due to some of the "unusual" findings in reverse engineering of the DJI GO 4 code, Czokie decided to look at the network layer, and do a high level summary of what was found. You will find below a video of what happens when you start DJI GO, and more importantly - "who it is talking to". Traffic was split into two flows to make this easier to analyse. Make sure you maximise the window to read the details.
  
 {{ :faq:dataleakage:dji-leakage.mp4 |}} {{ :faq:dataleakage:dji-leakage.mp4 |}}
Line 72: Line 72:
 ==== TCP Port 7001 ==== ==== TCP Port 7001 ====
 TCP traffic has been oberved talking to 103.229.215.31 on port 7001. [[https://dig.whois.com.au/ip/103.229.215.31|Guangdong LITONG Network Technology Limited]] TCP traffic has been oberved talking to 103.229.215.31 on port 7001. [[https://dig.whois.com.au/ip/103.229.215.31|Guangdong LITONG Network Technology Limited]]
 +
 +This IP and PORT changes, but it is the first address in the answer paket of the UDP chatter on port 9000. This payload is not readable and we have no idea what it is used for. Very strange, if anyone has more info about this please add it here. For now this is "sketchy"
  
 <file> <file>
Line 91: Line 93:
  
 ==== https://www.skypixel.com ==== ==== https://www.skypixel.com ====
 +Multiple requests during startup
 +  * /api/users/identifyable-user-id/
 +    * GET /api/users/[[personally-identifiable-key]]/favorites?page=1&page_size=20&token=[[session-key]]&type=all
 +    * GET /api/users/[[personally-identifiable-key]]/home?page=1&page_size=20&[[token=session-key]]&type=all
 +    * GET /api/users/[[personally-identifiable-key]]/followings?page=1&page_size=20&[[token=session-key]]&type=all
 +    * GET /api/users/[[personally-identifiable-key]]/followers?page=1&page_size=20&token=[[session-key]]&type=all
 +  * /api/giftcards/
 +    * GET /api/giftcards/popup?lang=en&token=[[session-key]]
 +    * GET /api/giftcards/has_new_giftcard?token=[[session-key]]
 +  * /api/msg/
 +    * GET /api/msg/list?page=2&page_size=1&token=[[session-key]]
 +  * /api/photos/
 +    * GET /api/photos/popular?page=77&page_size=5&token=token=[[session-key]]
 +  * /api/mobile/explore/
 +    * GET /api/mobile/explore/splashes?lang=en
 +    * GET /api/mobile/explore/splashes?lang=en
 +    * GET /api/mobile/explore/alert?lang=en
 +  * /api/videos/
 +    * GET /api/videos/popular?page=90&page_size=5&token=[[session-key]]
 +  * /api/
 +    * GET /api/token_with_buckets HTTP/1.1
 ==== https://mydjiflight.dji.com ==== ==== https://mydjiflight.dji.com ====
 +  * /api/static_resources/
 +    * GET /api/static_resources/hot_update?md5=&os_platform=ios&signature=[[hash-value]]&timestamp=[[timestamp]]&version=4.1.9
 +  * /api/v2/flight_log/
 +    * profile?user_id=my-userid
 +  * /api/v2/geocoder_service/
 +    * geoip?lat=[[mylocation]]&lng=[[mylocation]]
 +    * geoip?lat=[[mylocation]]&lng=[[mylocation]]
 +    * geoip?lat=[[mylocation]]&lng=[[mylocation]]
 +  * /api/v2/
 +    * POST register_device (Four times)
 +
 +^device_sn|[[device_sn]]|
 +^app_version|[[4.1.9]]|
 +^lang|en|
 +^os_platform|ios|
 +^operator|[[my-carrier]]|
 +^os_version|[[10.3.2]]|
 +^api_version|1|
 +^sign|[[hash-value]]|
 +^app_name|djigo_ios|
 +^app_datetime|[[timestamp]]|
 +
 +  * /api/djigo/
 +    * POST /api/djigo/popupv2
 +
 +^app_version|[[4.1.9]]|
 +^lang|en|
 +^nation_code|AU|
 +^notify_type|0|
 +^os_platform|ios|
 +^signature|[[hash-value]]|
 +^time|[[timestamp]]|
 +
 +  * /loadconfig/
 +    * POST /loadconfig/geturl (3 times)
 +
 +^os|ios|
 +^signature|[[hash-value]]|
 +^time|[[timestamp]]|
 +^version|[[4.1.9]]|
 +
 +  * /links/links/pilot_br
 +    * GET /links/links/pilot_br
 +  * /getfile/
 +    * POST /getfile/getallfile
 +
 +^language|en|
 +^product_id|wm331|
 +^signature|[[hash-value]]|
 +^token|[[session-key]]|
 +
 +  * /getfile/
 +    * POST /getfile/download
 +
 +^product_id|[[wm331]]|
 +^product_version|[[01.04.0602]]|
 +^signature|[[hash-value]]|
 +^token|[[session-key]]|
 +
 +  * /
 +    * GET /getdayv3
 +    * CONNECT https://mydjiflight.dji.com
 +
 +
 ==== https://active.dji.com ==== ==== https://active.dji.com ====
 +An unknown DJI service
 ==== https://ios.bugly.qq.com ==== ==== https://ios.bugly.qq.com ====
 +[[https://en.wikipedia.org/wiki/Tencent_QQ|QQ]] is a Chinese instant messaging platform owned by [[https://en.wikipedia.org/wiki/Tencent|Tencent]]
 ==== https://apigateway.djiservice.org ==== ==== https://apigateway.djiservice.org ====
 ==== https://account-api.dji.com ==== ==== https://account-api.dji.com ====
 +An unknown DJI service
 ==== https://fffdrone.aasky.net ==== ==== https://fffdrone.aasky.net ====
 ==== https://play.googleapis.com ==== ==== https://play.googleapis.com ====
Line 104: Line 194:
 ==== https://fusion.qq.com ==== ==== https://fusion.qq.com ====
 ==== https://c-adash.ut.taobao.com ==== ==== https://c-adash.ut.taobao.com ====
 +[[https://en.wikipedia.org/wiki/Taobao|Taobao]] is a Chinese online marketplace.
 ==== https://stats.jpush.cn ==== ==== https://stats.jpush.cn ====
 +Some form of push notification interface.
 +**This one sends a list of all installed apps on your phone to the service! Atleast on Android.**
 ==== http://d16koec4ujdumm.cloudfront.net ==== ==== http://d16koec4ujdumm.cloudfront.net ====
 +This is related to the DJI.com website
 ==== https://www.djiexplore.com ==== ==== https://www.djiexplore.com ====
 +Unknown DJI activity.
 ==== https://flysafe-api.dji.com ==== ==== https://flysafe-api.dji.com ====
 +Assumed to be DJI GEO related
 ==== http://flysafe-api.dji.com ==== ==== http://flysafe-api.dji.com ====
 +Assumed to be DJI GEO related
 ==== https://configuration.apple.com ==== ==== https://configuration.apple.com ====
 +Unknown - may not be DJI related
 ==== https://adhoc.djiservice.org ==== ==== https://adhoc.djiservice.org ====
 +An unknown DJI service
 ==== https://statistical-report.djiservice.org ==== ==== https://statistical-report.djiservice.org ====
 +Assumed to be tracking usage for DJI
 ==== https://https ==== ==== https://https ====
 +Looks to be a bug in DJI-GO...
 ==== https://data.flurry.com ==== ==== https://data.flurry.com ====
 +[[https://en.wikipedia.org/wiki/Flurry_(company)|Flurry]]
 ==== https://gsp-ssl.ls.apple.com ==== ==== https://gsp-ssl.ls.apple.com ====
 +Not unusual traffic...
 ==== https://cdn-hz.skypixel.com ==== ==== https://cdn-hz.skypixel.com ====
 +[[http://www.dji.com/|DJI]] owned video content site.
 ==== https://cdn-usa.skypixel.com ==== ==== https://cdn-usa.skypixel.com ====
 +[[http://www.dji.com/|DJI]] owned video content site.
 ==== https://adash.ut.taobao.com ==== ==== https://adash.ut.taobao.com ====
 +[[https://en.wikipedia.org/wiki/Taobao|Taobao]] is a Chinese online marketplace.
 ==== https://app-service.skypixel.com ==== ==== https://app-service.skypixel.com ====
 +[[http://www.dji.com/|DJI]] owned video content site.
  
faq/dataleakage/chatter.txt ยท Last modified: 2017/09/09 23:10 by czokie

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Valid HTML5 Valid CSS Driven by DokuWiki