This one time, I recharged my drone
A second pass at the previous post.
Telnet
Ran through Mirai password list. No luck.
THTTPD
This THTTPD does not appear to be vulnerable to directory traversal, or was appropriately jailed.
Disassemble!
Only four screws. Remove microSD before starting teardown. Be careful not to damage flex cable to image sensor. Once ready to remove PCB,
must follow plastic posts through PCB, similar alignment for reinstallation.
Top Case
Antenna
Neatly tucked into top-case. A bit surprised they used a connector rather than a chip or PCB antenna here.
PCB Side A
This side has the HiSilicon Hi3518 CPU, as well as what appears to be a serial flash, and a four pin UART! I smell a local rootshell.
PCB Side B
This side has power components and the WiFi radio - a radio module design is interesting. It would be cheaper in bulk to integrate directly.
Next Steps
- Charge battery
- Take it apart
- Look for command injection in the webapp.
- Look at how the Android and Windows actually work
- Request source code from the vendor