User Tools

Site Tools

Translations of this page:

howto:mavic_2_firmware

Mavic 2 Firmware

The Mavic 2 had the firmware dumped and is available for analysis from both the aircraft and remote control. The files are available for download here:

Mavic 2 RC firmware https://cdn.nolimitdronez.com/dumps/m2rc_dump.zip Mavic 2 AC firmware http://cdn.nolimitdronez.com/dumps/mavic2_dump.zip

Some technical comments by jcase: (need to bullet point ths)

AC has two android systems running, 0801 which is the Allwinner SOC, and 0901 which is the leadcore SOC. The LC soc is mostly worthless, it acts as the modem control interface. 0801 is when you can do things like disable NFZ etc.

Yes the drone uses trustzone, but that has nothing to do with preventing root, nor protecting any configs. SELinux was a larger annoyance with root, was. On the m2 trustzone mostly handles encryption related tasks. The main issue he is not trustzone, it is that they appear to have actually paid someone to audit the Mavic Air, which resulted in many known bugs being fixed, and that carried over to the M2.

Many many trustzone exploits have existed, it isnt some magically unhackable thing, just many dont understand it. M2 uses the OPTEE trustzone, not one I have seen on phones, and I've hacked on the trustzones of a lot of phones.

sshd binary on the mavic 2

howto/mavic_2_firmware.txt · Last modified: 2020/04/21 22:57 by digdat0