Of course you had to know it was coming if you follow me on twitter. As soon as I got a drone you should know that one of two things is inevitable:
1. I'd almost immediately crash it.
2. I'm going to pull apart the apps to fly it.
Well, so far so good on #1, but it's time for #2!
I'm starting off with the DJIFly application on iOS: https://apps.apple.com/us/app/dji-fly/id1479649251
I recently picked up a Mavic Mini to play around with because my colleagues and friends keep telling me to "get a hobby" and "get away from the desk." Fair. So I bought a drone that forces me outside to play with it. (Plus I was already told I'm not allowed to chase the dog around the house, sadly)
Test environment: iPhone on iOS 13.6 running the latest version of DJI Fly. I'll be honest, I skipped the quick image on this one and didn't make a iTunes-style backup. I went straight to the full file system acquisition on this one. I have some more app research coming up for some other iOS apps so when I get around to that I'll be sure to take a quick image and compare. The good news is that basically you don't even NEED a quick image OR a full filesystem image. See the last note at the bottom for why.
Let's dig in!
Preference/User Info:
I feel like I always start here. Mostly because it's usually an incredibly valuable source of information. So to begin, I'm going to look at the com.dji.golite.plist file found within the [APPGUID]/Library/Preferences/ directory.
In here there's a key that's going to give us the user's email. Look for DJIACCOUNTMANAGER_LASTUSEREMAIL.
There's some other information in here such as total distance (measure in meters), total flight time (measured in milliseconds), and the total numbers of flights taken.
There are also two separate binary plist files embedded into the preference plist that might be of use to you. The first can be found under the key FIND_AIRCRAFT_LAST_LOCATION > LAST_LOCATION
Pulling this plist out and opening it, it's an NSKeyedArchiver style plist that will give you the latitude and longitude. Since mine was last launched at my house, you'll have to trust me and go try and pull yours apart. Note: Longitude is listed first. Something I missed when I wondered how my drone was last seen in Antartica...
In the DJICareData key there's another NSKeyedArchiver style binary plist. Pull it out and you'll find the device and gimbal serial number listed.
Oh BTW, if you're using Magnet AXIOM take a look in the iOS App Cache artifact for the URL: https://mydjiflight.dji.com/api/v2/flight_log/profile?user_id=
The numeric value at the end matches what I blacked out in the first screenshot. This is the numerical ID for the user account that could be used if you're requesting information direct from DJI.
Flight Log Info:
I feel like this is really the part you probably came for but I can't lead with that info right? Here's the good news/bad news. The DJI Fly kept some absolutely AWESOME flight records in the iOS app. The bad news, they're encoded/encrypted. Good news: there's a free tool for that.
First the files. There are .DAT and .TXT files both of which have good information. Let's start with the TXT files. These can be found in the Documents/FlightRecords/. To look at these .txt files I'll be using CsvView Introduction found at http://www.datfile.net/CsvView/intro.html
Once you load them in there's an absolutely TON of information such as serial numbers, speed, event logs, and literally a nice little set of all the flight paths on here. I use the GeoPlayer button to review this. Here's a little flight I had with the kids around a local park.
If you want something a little fancier like seeing like seeing all of the photos and videos and where they were taken as well, there are some other free tools for that. Most rely on using an online service so your milage may vary on the ability to use these. I checked out https://flightlogs.de/convert and thought it was pretty nice. It will generate a KML file for Google Earth.
Captured Media
Now let's wrap up by looking at the media that was captured. Depending upon your investigation into the app, you may care about the pictures and/or video files that were captured. Well, here's a fun fact, there's a lot of information cached in the app even if you don't download it from your device!
While thumbnails can be carved from several different places, focus on the Documents/videoCache for Video files and Documents/veMediaLibrary for Pictures. I recommend this directory for pictures because that's where I found the most EXIF data including geolocation, software/model numbers, and serial number (for the gimbal, NOT the drone).
Oh btw, the log files (even though they can't be natively read) do contain pictures that were taken and can be easily carved out. This could be beneficial if the media files were deleted but the flight log was not.
One last note about the media. The video files didn't have a lot of EXIF data sadly. :sadTrombone:
Last Note:
What if you don't have a full filesystem? No worries! ALMOST all of the fun stuff I showed you above are available straight from the device without even making an image at all! Got iTunes or a macOS device? Just go in to the device and click Files (depending upon if you're using iTunes or macOS Finder [10.15+]) then take a look at this:
FlightRecords? Check
Logs? Check
veMediaLibrary? Check
videoCache? Check
Until next time folks! [When I most likely just rip apart the same exact app for Android to see if there's anything majorly different]
No comments:
Post a Comment