User Tools

Site Tools

Trace:
howto:phantom-firmware-tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
howto:phantom-firmware-tools [2017/07/23 10:34]
czokie 		howto:phantom-firmware-tools [2019/02/17 06:18] (current)
kornvichs ToDo checked: DUML dumping has never worked for me on OSX. Need to understand how this could work including hardware required.
Line 2: Line 2:
  
 The firmware tools described below can be used to do all sorts of fun stuff on your DJI device. The two main things that are of interest here include sniffing and interpreting comms to your aircraft, and firmware tweaking. The firmware tools described below can be used to do all sorts of fun stuff on your DJI device. The two main things that are of interest here include sniffing and interpreting comms to your aircraft, and firmware tweaking.
- 
  
 ===== 1. Toolchain ===== ===== 1. Toolchain =====
Line 25: Line 24:
  
 ===== 5. Capture some traffic ===== ===== 5. Capture some traffic =====
-  python3 comm_serial2pcap.py -b155200 -f /tmp/wsf /dev/tty.usbmodem* /dev/tty.usbmodem*+  python3 comm_serial2pcap.py -b115200 -f /tmp/wsf /dev/tty.usbmodem* /dev/tty.usbmodem* 
 + 
 +The intent is for this command to sit between two serial ports, with serial breakout and capturing the serial TX and RX streams, being duplicated into two ports. I don't have a hardware breakout yet, so I have not yet tried this. 
 + 
 +===== 6. serialsnoop.sh ===== 
 +The code below was created by jan2642 as an alternate way of sniffing duml. It is still a prototype at this stage but listed here to provide a way for Mac users to get some duml love. 
 + 
 +<file bash serialsnoop.sh> 
 +#!/bin/sh 
 + 
 +# Listen in on serial port connections. 
 +# (Note that max packet size is hardcoded to be 512) 
 +# Written by jan2642 
 + 
 +if [ "$#" -ne 1 ]; then 
 +    echo "Usage: $0 <path to serial port>" 
 +fi 
 + 
 +/usr/sbin/dtrace -n ' 
 +inline string PATHNAME = "'$1'"; 
 + 
 +#pragma D option quiet 
 +#pragma D option switchrate=10hz 
 +/* #pragma D option bufpolicy=ring */ 
 + 
 +dtrace:::BEGIN 
 +
 +
 + 
 +syscall::open:entry, syscall::open_nocancel:entry, syscall::open_extended:entry 
 +
 +    self->path = arg0; 
 +    self->file_open_in_progress = 1; 
 +
 + 
 +syscall::open:return, syscall::open_nocancel:return, syscall::open_extended:return 
 +/self->file_open_in_progress && (PATHNAME == copyinstr(self->path))/ 
 +
 +    the_pid = pid; 
 +    the_fd = arg1; 
 +     
 +    self->path = 0; 
 +    self->file_open_in_progress = 0; 
 +
 + 
 +syscall::*read:entry 
 +/pid == the_pid && arg0 == the_fd/ 
 +{  
 +    self->read_in_progress = 1; 
 +    self->read_ptr = arg1; 
 +
 + 
 +syscall::*read:return 
 +/self->read_in_progress/ 
 +
 +    if (arg0 > 0) { 
 +        printf("==+ %s IN %d : ", execname, (int)arg0); 
 +        tracemem(copyin(self->read_ptr, arg0), 512); 
 +        printf("==-\n"); 
 +    } 
 +     
 +    self->read_in_progress = 0; 
 +
 + 
 +syscall::*write:entry 
 +/pid == the_pid && arg0 == the_fd/ 
 +{  
 +    if (arg2 > 0) { 
 +        printf("==+ %s OUT %d : ", execname, (int)arg2); 
 +        tracemem(copyin(arg1, arg2), 512); 
 +        printf("==-\n"); 
 +    } 
 +
 + 
 +' 2> /dev/null | python -c ' 
 +import sys 
 + 
 +def parse_block(buf): 
 +    lines = buf.split("\n"); 
 +    meta = lines[0].split(" ") 
 + 
 +    proc = meta[1] 
 +    direction = meta[2] 
 +    size = int(meta[3]) 
 + 
 +    print("%s %-3s %5d :" % (proc, direction, size)), 
 + 
 +    if size > 512: 
 +        size = 512  
 + 
 +    for i in xrange(0, (size / 16) + 1): 
 +        data = lines[2 + i].strip().split(" ") 
 +        remain = 16 
 +        if i == size / 16: 
 +            remain = size % 16 
 +        for j in xrange(0, remain): 
 +            print("%s" % data[j + 1]), 
 +    print(""
 + 
 +for line in sys.stdin: 
 +    if line.startswith("==+"): 
 +        buf = ""; 
 +    if line.startswith("==-"): 
 +        parse_block(buf) 
 +    buf += line 
 +'
  
-BUT, this aint working for me - The intent is for this command to sit between two serial ports. I've only got one port on my MAC available. It works and it captures, but that is not how its meant to work. More thinking to do+# vim: expandtab:ts=4:sw=4 
 +</file>
  
-===== 6. Something else ===== 
-codeforge mentioned this tool to me... http://www.w7ay.net/site/Applications/Serial%20Tools/  
  
-At face value, its just a terminal emulator. But it also has a capability to sit across two ports and monitor... but again - need to get the connectivity right first.+===== Contribute ===== 
 +<todo #kornvichs:2019-02-17>DUML dumping has never worked for me on OSXNeed to understand how this could work including hardware required.</todo>
howto/phantom-firmware-tools.1500806061.txt.gz · Last modified: 2017/07/23 10:34 by czokie

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Valid HTML5 Valid CSS Driven by DokuWiki