We are going to make this thing our bitch.

Not really rooting..

1) Plug in your battery and using your laptop, connect to your Ar.Drone.

2) Download and open Putty (or whatever you use to telnet), telnet to 192.168.1.1 Port 23

3) ??? (This means you're in, no password)

4) Profit

5) Congrats you're in, but let's make this easier to hack, let's get it to give us ftp access to the root. cd into '/etc'

6) vi inetd.config

7) Change the first line “21 stream tcp nowait root ftpd ftpd -w /data/video” to “21 stream tcp nowait root ftpd ftpd -w /”

8) Open your web browser or filezilla and ftp into your Ar.Drone: ftp://192.168.1.1

9) Enjoy

Ardrone uses AT commands, using google: https://projects.ardrone.org/boards/1/topics/show/852

Packet capture to be uploaded soon..

flyingrobotzarehellacool.tgz

Initial dump (IDA6.0) of iphone app from Eric.

Hardware specs:

Processor Board: (Front)

• Parrot 6 - CPICS01192A 1022 R1A 7POF47424.00 ARM
• 01A17 D9HSJ M LTX1
• Atmel 58A870 AT73C246 0P0987A 1025
• ROCm ATHREOS AR6102G-8M2D 007K0523.51A F52257.1K 1023
• SMSC USB3317 1409600C CKR
• 32.000Mhz Crystal

(Back)

• 1012 I-2 29FIG08AAC WP C BTT9

Navigation Board:

• Microchip PIC24HJ 16GP304 I/PT 1019K WB
• 6L04STE 1017 V5B
• Invensense IDG 500 143363-H AL1020C
• 043 U018 206

Processor Board:

Nav Board: