Change of FTP AES key in .1000 firmware

Question

Change of FTP AES key in .1000 firmware

Opened this issue 7 years ago · 3 comments

New FTP AES key:
Hex: 0x59 0x50 0x31 0x4E 0x61 0x67 0x37 0x5A 0x52 0x26 0x44 0x6A 0x00 0x00 0x00 0x00
ASCII: YP1Nag7ZR&Dj

IV remains the same:
Hex: 0x30 0x31 0x32 0x33 0x34 0x35 0x36 0x37 0x38 0x39 0x61 0x62 0x63 0x64 0x65 0x66
ASCII: 0123456789abcdef

Answer 1 · 2017-10-16T12:42:03.000Z

Hi,
how did you manage to get the new key?
I tried before but when running the busybox binary of the new firmware I always got a Segmentation fault.
The method used for previous version did not work.

Thank you

Answer 2 · 2017-10-16T13:46:31.000Z

@Dreamlinker77 you'd need to share strace output from the segfault for help there, at least share more info on your system. The old technique is how we got the new key as you can see from the output.

You can also get the new FTP key from the environment variables, you can root the drone and type "set" and see the net key.

You can see this in the open source code.
https://github.com/MAVProxyUser/busybox-1.25.1/blob/master/networking/ftpd.c#L583
http://www.dji.com/opensource

Answer 3 · 2017-10-16T14:25:51.000Z

Now it's more clear to me
Thank you