Allowed flight in DJI No Fly

[aka1ceman]

Have you considered the possibility of attempting to remove DJI go no fly zone? I have a situation where I have legal permission to fly by control tower but DJI Go will not let me unless I upgrade to the newest firmware then register with them... Which I am not trying to do. I stopped upgrading at 1.6.

[mefistotelis]

But where is "updated_at" stored ?

It's not.

[mefistotelis]

I patched two bytes of P3X_FW_V01.07.0060_mi01.bin which stands for radius of my near airport and repack it and upgrade my firmware. But in that NFZ my P3X engines did not start.

This is most likely because there are two lists of NFZ areas - one with radiuses, and one without (some kind of constant radius.

Check your airport in file generated by dji_flyc_nofly_ed.py - if coords have "storage":3 there, then they exist in both lists.

[mefistotelis]

means only custom iOS(or android ) app can unlock NFZ. No firmware patch is required.

Yes.

I remember seeing a message in a log sent by someone - the message suggested nfz was disabled. I commented o it in one of the issues here, can't remember details.

[mefistotelis]

As far as I can check, you did everything correctly.

I have an idea though.. will check.

EDIT: Remember the endianness - 1 meter is 0100, not 0001.

EDIT2: Take a look at this comment - I mentioned it in previous post: https://github.com/mefistotelis/phantom-firmware-tools/issues/5#issuecomment-271079640

[mefistotelis]

In general, I agree with your conclusions.

can anybody access to private storage on AC ?

Maybe it would be faster/easier to give the Go app a fake server, which contains problematic entries with updated_at equal to current date (right now it's 1488281652) and reduced radius?

If you want to trace the code which accesses the AC private storage, you'd have to back track the place where "invalid flash key!" message is printed to log.

[neven385]

I doubt that actual "modified app" is issued by DJI when you unlock NFZ. More likely unlock is given to your DJI account for specific NFZ and that is communicated with AC on next pairing. Those unlocks can be permanent or temporary. So making a fake DJI server would be the way to go. I am also 99% sure that other restrictions (max alt) can also be lifted that way.

[foleyjohnm]

I have capped the traffic and yes, when you open DJI Go, it fetches all NFZ unlocks you have on your accounts.

It does something similar with the red NFZ, but currently you need an iOS device to unlock those. These NFZs are the ones that requires you to fill out the individual unlock request and an actual person at DJI reviews, and I think it is targeted to 107 folks. I suspect that this unlock mechanism has not been brought to Android due to the ease of apk decompiling...

[Powershell-coder]

Hi @mefistotelis Its clear that fw sync itself's NFZ list with NFZ data from GO app.

Can you point me to function in firmware which starts sync NFZ data ?

I wanna see in which conditions fw updates itself's NFZ list from GO app.

Thanks

[mefistotelis]

Can you point me to function in firmware which starts sync NFZ data ?

I don't know the place.

If you want to find it, follow functions which access the internal list of NFZs hard-coded into firmware - I'm sure the code handles NFZ updates from a mobile device somewhere near handling of the hard-coded list.

[KyokushinPL]

As far i know, or maybe i am wrong, i have readed on some forum a someone got android unlocked version, it was djigo_unlimited apk with unlocked zone (not all, just requested one). Maybe it will be good to ask for app with unlocked zone on android, and aftery they send it you will be able to capture traffic and look how it works.

have you tried to swap data in flyforbird in the app? by swap i mean change a date/timestamp of zone, radius etc, because maybe if we cannot remove a zone, then maybe we will able reduce its radius.

[foleyjohnm]

They def never mentioned a different android app, and I vocally objected to the iOS requirement both times I put tickets in for no fly zone issues.

[GlovePuppet]

I think FC UART command 4703 may turn on/ff the NFZ. You can send a single byte of payload to control the switch

[ferraript]

today I was finally able to fly inside NFZ with no issues hack is very simple, I installed FW 1.7.60 with altered flyc params and the important one is g_config.airport_limit_cfg.cfg_search_radius_0, where defaultValue has to be set to 1 it means that AC will look for NFZs (their central point) only in 1 meter radius

but one more warning, I'm using DJI GO 2.4.3 with altered NFZ list, so there is no chance that it tells to AC that it is near/inside NFZ but I'm not sure if this is necessary or not

[viejoperro]

Good news ferraript, can you post your hacked FW1.7.60 for download so I can test it in my NFZ? Thanks

[ferraript]

can you post your hacked FW1.7.60 for download so I can test it in my NFZ?

I have P3A, you too?

[coptersafe]

i also have

[viejoperro]

No the P3P, can you hack the P3P FW?, I'm unable to do it :-(

[notsolowki]

The advanced and pro use the same flight controller binary

[ferraript]

here you go then: https://ulozto.net/!yBHNpQe6vYRV/pmcappfw3-bin

[viejoperro]

Thanks man, appreciated, so this is for the P3 advance?, flash the controller firmware with this file? And use GO 2.4.3 with no fly zone mod?

[KyokushinPL]

@ferraript hmm, what about Litchi? It have no NFZ list inside. Could you share altered 2.4.3? You have altered your own nfz or all? I have P3P. What i need to do? I only need to downgrade to 1.7 and flash by your sharde file or i need to repack pro firmware and flash then?

[ferraript]

according to notsolowki it should work for both, P3A and P3P you need to have FW 1.7.60 in your AC flashed, then you need to flash provided bin file yeah, as you say, Litchi doesn't have NFZs implemented, it should work just fine with DJI GO 2.4.2 or 2.4.3, I don't know, try to use original and let the rest of us know if it works or not

[viejoperro]

Ok, thanks, will flash today and test fly tomorrow, thanks again

Enviado desde mi iPhone

El 22-04-2017, a las 07:37, ferraript notifications@github.com escribió:

according to notsolowki it should work for both, P3A and P3P you need to have FW 1.7.60 in your AC flashed, then you need to flash provided bin file yeah, as you say, Litchi doesn't have NFZs implemented, it should work just fine with DJI GO 2.4.2 or 2.4.3, I don't know, try to use original and let the rest of us know if it works or not

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[polarisax]

For the record, the FW 1.7.60 works also with 1.3.20 RC FW and DJI GO 2.4.2 .

[viejoperro]

Ok ferraript, ir works, my testing, flashed P3P, androids GO 2.4.3 normal, no internet connection, safe to fly, motors start and fly, GO 2.4.3 with internet connection, maps available, safe to fly. Hacked IOS GO 2.5, no internet conn. , works, with internet and loc/gps on iPad, map available, works. Have to test latest GO and see if it works too? Q;, can I use the bin on other FW version? Thanks ferraript, was looking long time for this, also thanks to all of the brains here at the GH, mefistotelis, notsolowki, and all involved, 👋

[KyokushinPL]

Yes, i would also like to say big Thank You! If we ever meet somehow in life - then you all have a beer from me ;) Your achievement is priceless. P.S. DJI can remotely mess in the f/w (they can update NFZ list) so in my opinion it would be safest to stay away from the future versions of DJI GO with and without internet connection. Could someone prepare a bin with NFZ mod and 500m heigh limit mod?

[Powershell-coder]

@ferraript Thanks for hacking

Do you have Hacked IOS GO 2.5 or where can i download ?

Thanks

[coptersafe]

@KyokushinPL i have -- https://yadi.sk/i/ajUsjqls3HGbSz also i remove all NFZ in Android 3.1.5

[ferraript]

can I use the bin on other FW version?

you can do whatever you want :smiley: (but don't complain if you accidently brick your AC) officially it's for 1.7.60 only

[Powershell-coder]

@KyokushinPL i have -- https://yadi.sk/i/ajUsjqls3HGbSz also i remove all NFZ in Android 3.1.5

@coptersafe please send a link to download them

[coptersafe]

https://yadi.sk/d/rqMdrLOx3HNmov altittude 5km no any zones

[KyokushinPL]

@coptersafe link inactive :( @ferraript imo its will be better to stay with 1.7 if there is higher risk to brick or crash with mixed f/w on modules. It was a good firmware.

[coptersafe]

https://yadi.sk/d/Szc2GGGk3HPKzL

[KyokushinPL]

@coptersafe thanx mate! to confirm - its removed NFZ (reduced to 1km) AND removed 500m limit?

[coptersafe]

NFZ to 1 meter and nulled , and work with any DJI GO (i tested with 3.1.5, 2.4.0 .and... other) 500m changed to 5km

[KyokushinPL]

I have waited for that moment over two years and now i feel better than at xmas. :) Not because i want to fly in nfz or at high altitudes (i am an licenced operator and when i need to fly in restricted zones then i have a permission from zone owner), but i am so happy the DJI have no power here finally.

[coptersafe]

Merry Christmas from DJI ))))

[foleyjohnm]

When can I flash it straight it over 1.10? :)

On Wed, Apr 26, 2017 at 3:23 PM, coptersafe notifications@github.com wrote:

Merry Christmas from DJI ))))

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/mefistotelis/phantom-firmware-tools/issues/13#issuecomment-297514983, or mute the thread https://github.com/notifications/unsubscribe-auth/AV_IF8nAHvAz-wmjqnM7d41xvGg0mlRIks5rz5m7gaJpZM4LoSWi .

-- John M. Foley

[viejoperro]

Yes links are dead, please upload the again, so I can be at Christmas too

[aka1ceman]

I was just about to see if ferraripts file could be modified to include the advantage of pre 1.4 and Litchi with the height restriction gone, then Copter does it and killed the link before I could grab a copy. :(

[polarisax]

Be careful to get too high .. In my experience with the modified FW over a certain height the drone goes into autolanding mode at the point where it is located in that moment. This is linked to the battery safety system that calculates the residual capacity and height from the starting point. This seems similar to RTH behavior. It is necessary to find and modify the parameters that affect the time and battery capacity estimation.

[KyokushinPL]

Please take a look into it: https://twitter.com/d0tslash/status/857823645988786176/photo/1 https://twitter.com/d0tslash/status/857799128700645377/photo/1

[Powershell-coder]

@coptersafe

Yes links are dead, please upload the again, so I can be at Christmas too

[foleyjohnm]

Well, I can also verify that this works like a champ!

[KyokushinPL]

I have readed about API (litchi can download NFZ and God know what else), so maybe if we have a situation is work flawless, so maybe it will be better to stick on working versions and cut the Internet connection.

Block on F/W everything from DJI, allow only google maps to map cache. And make map cache only without connection to the bird. Just for safe.

[MAVProxyUser]

https://github.com/MAVProxyUser/dji.nfzdb

[ghsec]

Hello all. I'm noob in reverce engineering. I am from Georgia. In Tbilisi are 3 points where drone can not fly with his/her drone which include NFZ in firmware. I tried decompile djo go 4 app and find interesting json files in assets/fly_forbid. There are 28 json files. I replaced every one which is in my country area. Code: "country": 268 it's Georgia. Then I build this again with apktool and sign cert with zip signer and install this apk in my doogee dg 700 android 5.1. After that I can fly every where. No NFZ but app work only phantom4 and phantom 4 pro. One problem. This app work on every android but with NFZ. I do not understand why. Meybe you can bypass NFZ.

Sorry for my English. I hope you can understand what I mean in this topic

[foleyjohnm]

Veering a little off track here, but I wonder if NFZ info is even stored in the firmware on the P4s? I saw a dude deep in an NFZ flying a P4 and I asked him how he was doing it. He said he was using Litchi. Litchi doesn't care about NFZs at all, so your findings with DJI GO 4 kind of make sense.

On Wed, May 10, 2017 at 12:33 PM, ghsec notifications@github.com wrote:

Hello all. I'm noob in reverce engineering. I am from Georgia. In Tbilisi are 3 points where drone can not fly with his/her drone which include NFZ in firmware. I tried decompile djo go 4 app and find interesting json files in assets/fly_forbid. There are 28 json files. I replaced every one which is in my country area. Code: "country": 268 it's Georgia. Then I build this again with apktool and sign cert with zip signer and install this apk in my doogee dg 700 android 5.1. After that I can fly every where. No NFZ but app work only phantom4 and phantom 4 pro. One problem. This app work on every android but with NFZ. I do not understand why. Meybe you can bypass NFZ.

Sorry for my English. I hope you can understand what I mean in this topic

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/mefistotelis/phantom-firmware-tools/issues/13#issuecomment-300539450, or mute the thread https://github.com/notifications/unsubscribe-auth/AV_IF5VFBKnsNEHqOqgdF3RHxPXZ7W8Cks5r4ea-gaJpZM4LoSWi .

-- John M. Foley

[ghsec]

But this app works only on my doogee dg 700. Android version is 5.1. I borow my phone other pilot and they can fly in NFZ whis my android, but when I install modified app in their android NFZ work. Meybe it work onli china phone? With Doogee? There is androidmanifest.xml where permition is update app whithout notification. There is flyforbid parameter where app forces download without notification. If deletes this permitions I think NFZ will be bypassed. Meybe I am not sure

[KyokushinPL]

@ghsec Please write what exact version of DJI GO you are using. Could you share modified app? Please write also what firmware you have both on bird and RC. This may be 'working' combination and they may patch it later... so it will be good to grab it before it. P.S. DJI Go is updating NFZ by connecting it to the internet. I do not know exactly when - before or after connecting to a drone.