search

MAVProxyUser / dji.nfzdb

DJI No Fly Zone SQLite DB as extracted from DJI Go app.
31 stars 22 forks source link

Extract FlyfrbBaseDbManager.FLYFORBID_DB_PWD aka FlyForbid.native_getFlyfrbDbPwd(); #1

Closed MAVProxyUser closed 7 years ago

MAVProxyUser commented 7 years ago

Something similar to this method should give an opportunity to extract the password. 

$ cat FlyForbid.java 
public class FlyForbid
{
static
{
      System.load("/data/app/dji.go.v4-1/lib/arm/libFlyForbid.so");
}
public static native String native_getFlyfrbDbPwd();

public static void main(String[] args) 
{
      System.out.println("FlyForbid DB Password: " + FlyForbid.native_getFlyfrbDbPwd() );
      return;
}
}
$ /Library//Java/JavaVirtualMachines/jdk1.7.0_80.jdk/Contents/Home/bin/javac FlyForbid.java
$ dx --dex --output=FlyForbid.dex FlyForbid.class
$ adb push FlyForbid.dex  /sdcard

It currently fails when attempting to run! 

$ dalvikvm -Djava.class.path=./FlyForbid.dex FlyForbid  
Unable to find static main(String[]) in 'FlyForbid'
java.lang.UnsatisfiedLinkError: JNI_ERR returned from JNI_OnLoad in "/data/app/dji.go.v4-1/lib/arm/libFlyForbid.so"
    at java.lang.Runtime.load(Runtime.java:332)
    at java.lang.System.load(System.java:1069)
    at FlyForbid.<clinit>(FlyForbid.java:5)
java.lang.UnsatisfiedLinkError: JNI_ERR returned from JNI_OnLoad in "/data/app/dji.go.v4-1/lib/arm/libFlyForbid.so"
    at java.lang.Runtime.load(Runtime.java:332)
    at java.lang.System.load(System.java:1069)
    at FlyForbid.<clinit>(FlyForbid.java:5)
MAVProxyUser commented 7 years ago

Password "gH*=[xH2{Rm@Q" is visible in clear text in libFlyForbid.so

00003710: 6e76 0047 6574 456e 7620 6661 696c 6564 nv.GetEnv failed 00003720: 2100 6361 6e27 7420 6c6f 6164 2072 6567 !.can't load reg 00003730: 6973 7465 725f 4772 6f75 6453 7461 7469 ister_GroudStati 00003740: 6f6e 006c 6f61 6465 6420 6f6e 4c6f 6164 on.loaded onLoad 00003750: 2e63 7070 203a 4a4e 495f 4f6e 4c6f 6164 .cpp :JNI_OnLoad 00003760: 2829 2067 6f20 746f 2065 6e64 0067 482a () go to end.gH* 00003770: 3d5b 7848 327b 526d 4051 0064 6a69 2f6d =[xH2{Rm@Q.dji/m 00003780: 6964 7761 7265 2f6e 6174 6976 6573 2f46 idware/natives/F 00003790: 6c79 466f 7262 6964 2446 6c79 466f 7262 lyForbid$FlyForb 000037a0: 6964 5061 7261 6d00 636f 756e 7400 4900 idParam.count.I. 000037b0: 5365 7446 6f72 6269 6450 6f69 6e74 0028 SetForbidPoint.( 000037c0: 5b44 5b44 5b44 5b44 5b44 4929 5600 646a [D[D[D[D[DI)V.dj