Description
Over the past decade, the use of small unmanned aerial vehicles (UAVs),
colloquially known as drones, has increased significantly. Recent
regulations restricting flights in certain areas and requiring the
transmission of flight data have prompted manufacturers to incorporate
many state-of-the-art security mechanisms into their devices. These
changes make this class of devices an interesting subject for research.
The first part of this bachelor thesis deals with the reverse
engineering of the proprietary packet format and packet routing system
of the market leader DJI. In the second part, a fuzzing environment
based on the QEMU user mode is developed. The fuzzer focuses on the
command handlers of the central DJI System Service, which are accessible
via the proprietary packet system. In particular, this work addresses
the problem of fuzzing proprietary services whose reception and
processing of packets is distributed across multiple threads.
Ultimately, more than 100 unique crashes were found, but measures such
as Stack Canaries and Fortify prevented the exploitation of vulnerabilities.
|
