DJI FCC

[21]

DJI FCC is a mod for DJI drones with RC controller.
It enables FCC wifi signal (more powerful)  on devices locked to CE signal.

The app is a single exe and a dll located here:
https://dji-fcc.com/djifcc.zip

password for the zip file is "dji"

It checks license from a server and according to the server response it works or stops

For a valid license, the pass.txt file should have a valid password.
With a wrong one  it says "prohibited" 
I tried with "pass_111111111111111111111112"
if you use pass_111111111111111111111111 (default one) it does not produce the error.

I would really appreciate if anyone can hack this one.

Btw, it is a 2 phase auth:
1. password in pass.txt should be valid
2. password in pass.txt should be an unused one which would be registered with the serial of the device.

Even if hacking phase 1 would be a good start.

Thanks

[2]

yes , this one would be great !

[21]

any solutions ?

[21]

nope ?

[21]

bump again...

[21]

bumpbidi bump bump

---

This is a bump

[1]

DJI FCC is a mod for DJI drones with RC controller.
It enables FCC wifi signal (more powerful)  on devices locked to CE signal.

The app is a single exe and a dll located here:
https://dji-fcc.com/djifcc.zip

password for the zip file is "dji"

It checks license from a server and according to the server response it works or stops

For a valid license, the pass.txt file should have a valid password.
With a wrong one  it says "prohibited" 
I tried with "pass_111111111111111111111112"
if you use pass_111111111111111111111111 (default one) it does not produce the error.

I would really appreciate if anyone can hack this one.

Btw, it is a 2 phase auth:
1. password in pass.txt should be valid
2. password in pass.txt should be an unused one which would be registered with the serial of the device.

Even if hacking phase 1 would be a good start.

Thanks

Bump again Any body got a lead ?? about thiss

[1]

that zip has since been moved or auth redirected as the dev has likely noticed the anomaly errors in logging as it's spread among forum's. there's likely a lot of use of it in the cantonese market too which is tasky to infil effectively with machine translation
 

Code:

amper@paradox:~$ curl -I https://dji-fcc.com/djifcc.zip
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 28 Feb 2024 04:22:23 GMT
Content-Type: text/html
Content-Length: 524
Last-Modified: Tue, 27 Feb 2024 21:42:56 GMT
Connection: keep-alive
ETag: "65de5760-20c"
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_Or/sOiX6CPmuW13VqYwjrMtmhUp9KdbAEzeYWeqxtQL+8azPCs3Ldfjs8Y7OYe1NVAnKVMGHYTPznAzTs8cGSA
Cache-Control: no-cache
X-Content-Type-Options: nosniff
Set-Cookie: caf_ipaddr=192.168.11.111;Path=/;Max-Age=86400;
Set-Cookie: country=EU;Path=/;Max-Age=86400;
Set-Cookie: city="Hyperloop";Path=/;Max-Age=86400;
Set-Cookie: lander_type=parkweb-reseller;Path=/;Max-Age=86400;
Set-Cookie: traffic_target=reseller;Path=/;Max-Age=86400;
Set-Cookie: _policy={"restricted_market":false,"tracking_market":"none"};Path=/;Max-Age=86400;
Accept-Ranges: bytes

so to reverse the auth server that the exe in that file connects to, i'll need to trace the, likely json string, that is sent to the remote activation srv after capturing the egress data

if you have that zip, forward it to [email protected] and i'll take a look at it