| I can't speak to how their technology actually works, but here's a quick lay-of-the-land for how it could work / how you could start your own similar business: The two most popular manufacturers of higher end drones - DJI and 3DR use standard 802.11 radios for control, telemetry, and FPV video streaming if supported. The manufacturer transmitters include slightly directional amplified antennas so they get better range than your smartphone would, but it's all IP over 802.11. This means all your standard WiFi hacking tricks are perfectly useful here. If you were looking to hijack a DJI drone, https://github.com/noahwilliamsson/dji-phantom-vision would be a good place to start. The only hardware you would need is a standard 802.11abgn network card and a directional power-amplified antenna. Most other higher-end drones use two separate radios - one for control (typically running either the Spektrum or Futaba RF protocols over a 2.4GHz link) and one for telemetry (typically running MAVLink over some sort of FHSS link on 433MHz or 900MHz). Hijacking the control side of one of these systems would require dedicated radio equipment - in the case of Spektrum's DSM protocol, some sort of CYRF wireless-USB chipset board. Spektrum's DSM/DSM2/DSMX protocol is not open-source, but a lot of effort has been put into reverse-engineering it and you can see sample DSM-compatible firmware for a CYRF-based USB transmitter board here: https://github.com/1bitsquared/superbitrf-firmware Hijacking the telemetry channel could also yield control over the drone - depending on the flight controller and firmware used, you could issue MAVLink commands to either return-to-home or fly to specific coordinates. MAVLink is a serial protocol layered over a semi-reliable radio link - to interfere with it, you'd first have to hop on the link and then intercept/override the serial command stream. MAVLink is awesome and open-source - one good resource to learn about it is here: http://qgroundcontrol.org/mavlink/start Theoretically MAVLink can run on top of any radio which exposes a serial link interface - some hobbyists use bluetooth, but most people eventually switch to using longer-range telemetry radio modules running on either 433MHz or 900MHz bands. Most of these radio modules run a particular open-source FHSS firmware known as SiK - https://github.com/Dronecode/SiK If you look at the SiK source, you can see their implementation of FHSS and should be able to figure out how to search for, lock onto, and potentially interfere with a particular radio link. Beyond the major manufacturers, there are hundreds of smaller drone manufacturers, and the radio protocols and systems they use vary from manufacturer to manufacturer and model to model. As a general rule, anyone claiming "iPhone app control" is running some sort of 802.11-based protocol (eg: Parrot / Bebop), while even smaller and cheaper drones are running custom 2.4GHz RF links. One final consideration - most drones have varying degrees of failsafes programmed into them in the event of a loss of control signal (potentially through RF jamming). Cheaper drones will simply shut off and fall out of the sky. More advanced drones / controllers can perform one of a number of behaviors, including loitering in-place or returning to their original launch location. One more final consideration - most of the interference and hijacking methods described here are very much of questionable legality in the FCC's eyes. Also there are enough existing reasons drones fall out of the sky (bad piloting, unreliable hardware, poor maintenance) - we don't need to add another reason. Be safe, be responsible, and be legal. |