DIY DJI Aeroscope to find drone operator locations

Something for the weekend sir? Do you have an SDR receiver? Well, now you can build your own open-source Occusync sort of. Thanks to the work of a group of researchers from Ruhr University Bochum and the CISPA Helmholtz Center for Information Security

Just head off to Github to find the code, something I will be doing as a Friday night project to sniff out drone operations near my home, #VertiportAfricas own CUAS system!

https://github.com/RUB-SysSec/DroneSecurity

Kevin Finisterre @d0tslash what seems many lifetimes first revealed that DJI’s own RID system was unencrypted and these researchers have taken it a little further. To be clear we are not talking about RID here, the researchers are decoding the drone and operator positions that DJI was already sending,

This project is a receiver for DJI’s Drone-ID protocol. The receiver works either live with an SDR, or offline on pre-recorded captures.

Our paper from NDSS’23 explains the protocol and receiver design: Drone Security and the Mysterious Case of DJI’s DroneID [pdf]

If you’re looking for the fuzzer, we will upload that shortly 🙂

The live receiver was tested with:

  • Ettus USRP B205-mini
  • DJI mini 2, DJI Mavic Air 2

Our software is a proof-of-concept receiver that we used to reverse-engineer an unknown protocol. Hence, it is not optimized for bad RF conditions, performance, or range.

Well done all, super impressed

@inproceedings{schiller2023drone,
  title={Drone Security and the Mysterious Case of DJI's DroneID},
  author={Schiller, Nico and Chlosta, Merlin and Schloegel, Moritz and Bars, Nils and Eisenhofer, Thorsten and Scharnowski, Tobias and Domke, Felix and Sch{"o}nherr, Lea and Holz, Thorsten},
  booktitle={Network and Distributed System Security Symposium (NDSS)},
  year={2023}
}