awesome-drone-hacking

A list of awesome drone hacking tools & resources.
https://github.com/nicholasaleks/awesome-drone-hacking

Last synced: 2 days ago
JSON representation

🔬 Drone Hacking Labs, CTFs & Workshops
- Damn Vulnerable Drone (DVD) - Docker-based virtual drone hacking simulator.
- Hack The Drone - International Drone Hacking Competition, Korea Drone Security Association.
- Hack Our Drone Workshop - Dark Wolf Hack Our Drone Workshop.
- Hack The Drone - International Drone Hacking Competition, Korea Drone Security Association.
- Drone Wars, BloomCon - Collegiate arena where teams hijack Wi‑Fi drones and race them through obstacles.
🎤 Conference Talks & Videos
- Shelling out a "smart drone" - Kevin Finisterre, Derbycon 2015.
- Hacking a Professional Drone - Nils Rodday, Black Hat, 2016.
- A Drone Tale, All your drones are belong to us - Paolo Stagno, Hacktivity.
- Icarus - Hacking and hijacking DSMx drones, RC devices - Jonathan Andersson, PACSEC, 2016.
- WTF WJI, UAV CTF? - Felix Domke, cccamp23.
- Debugging Microcontrollers - Niklas Hauser, ccamp23.
- Demodulating 5GHz analog drone video - Cemaxecuter, YouTube.
- Game of Drones - Bishopfox Dangerdrone.
- Parrot Drones Hijacking - RSA2018 Video, Pedro Cabrera, March 2018 (Slides).
- All your bebop drones still belong to us - Pedro Cabrera, Rooted CON, 2016.
- Drones Hijacking - Multi dimensional attack vectors - Aaron Luo, DEF CON 24, 2016.
- Avoiding CounterDrone Systems with NanoDrones - David Melendez Cano, DEF CON 26, 2018.
- Game of Drones - Fran Brown & David Latimer, DEF CON 25, 2017.
- Practical Aerial Hacking & Surveillance - Glenn Wilkinson, DEF CON 22, 2015.
- SkyJack - autonomous drone hacking - Samy Kamkar, YouTube, 2013.
- A Drone Tale, All your drones are belong to us - Paolo Stagno, Hacktivity.
- Shelling out a "smart drone" - Kevin Finisterre, Derbycon 2015.
- Hacking a Professional Drone - Nils Rodday, Black Hat, 2016.
- Spread Spectrum techniques for anti drone evasion - David Melendez, Gabriela Garcia, DEF CON 31, 2023.
- Knocking my neighbors kids cruddy drone offline - Michael Robinson, DEF CON 23, 2015.
🔌 Flight Controller & Embedded Systems
- Embedding Hacking Tools
  - JTAGULATOR - Detects JTAG Pinouts fast.
  - J-Link - J-Link offers USB powered JTAG debug probes for multiple different CPU cores.
  - HydraBus - Open source multi-tool hardware similar to the BusPirate but with NFC capabilities.
  - Bus Blaster - Detects and interacts with hardware debug ports like UART and JTAG.
  - Bus Pirate - Detects and interacts with hardware debug ports like UART and JTAG.
  - Tigard - An open source FT2232H-based, multi-protocol, multi-voltage tool for hardware hacking.
  - Saleae - Easy to use Logic Analyzer that support many protocols.
  - Ikalogic - Alternative to Saleae logic analyzers.
  - ChipWhisperer - Detects Glitch/Side-channel attacks.
  - Glasgow - Tool for exploring and debugging different digital interfaces.
- Common Flight Controller & Embedded System Resources
  - STM32 - 32-bit Arm Cortex MCUs.
  - AT32 - 32-bit Cortex-M4 microcontroller MUCs.
  - Pixhawk - Open source hardware flight controller.
  - Cube - Modular flight controller hardware.
  - DJI A3 - A commercial-grade flight controller offering triple-redundant IMUs and advanced fail-safes for industrial multirotors.
  - DJI N3 - A flight controller designed for professional aerial cinematography, optimized for integration with the DJI Inspire 2 and Lightbridge 2.
  - PX4 Wiring Diagram - Official reference diagram for wiring Pixhawk 5X flight controllers running PX4.
  - DJI A3 - A commercial-grade flight controller offering triple-redundant IMUs and advanced fail-safes for industrial multirotors.
  - DJI N3 - A flight controller designed for professional aerial cinematography, optimized for integration with the DJI Inspire 2 and Lightbridge 2.
  - PX4 Wiring Diagram - Official reference diagram for wiring Pixhawk 5X flight controllers running PX4.
  - CUAV X7 & V5+ - High-performance ArduPilot flight controllers with rich I/O and robust sensor redundancy.
  - Holybro Kakute F7/H7 - Compact Betaflight-compatible flight controllers popular in racing and freestyle drones.
📻 Radio & Telemetry
- Telemetry Detection & Eavesdropping Tools
  - SiKening - 3DR Radio SiKening PoC by Meatball Ninja - Brute force 3DR NetID and sync up with hopping sequence.
  - SiKW00F - SiK Radio Detection & MAVLink Telemetry Eavesdropping Toolkit.
- Remote Identification Discovery & Spoofing Tools
  - DragonSync-iOS - Real-time Remote/Drone ID–compliant drone detection and monitoring on iOS/macOS.
  - RemoteID Spoofer - An ESP8266/NodeMCU tool that simulates up to 16 fake Remote ID–broadcasting drones around a GPS location via Wi‑Fi for Red Team testing.
  - WiFi RID capture - A Linux tool that listens for ASTM F3411 (Wi‑Fi/Bluetooth) Remote ID frames and logs real UAV positions in JSON for monitoring or analysis.
  - DJI DroneID Detection - FPGA-based software-defined radio based on the ZYNQ and AD936x chipsets.
Misc RF Tools
- Telemetry Detection & Eavesdropping Tools
  - SDR# (SDRSharp) - Airspy is a popular, affordable SDR (software defined radio.
  - Bluefruit LE Sniffer - Easy to use Bluetooth Low Energy sniffer.
  - DragonOS - Ubuntu-based SDR distribution with preinstalled cellular tools.
  - RTL-SDR - Cheapest SDR for beginners. It is a computer based radio scanner for receiving live radio signals frequencies from 500 kHz up to 1.75 GHz.
  - GNURadio - Free and Open Software Radio Ecosystem.
  - SigDigger - Free digital signal analyzer.
  - SDRangel - Open-source Qt5 / OpenGL 3.0+ SDR and signal analyzer frontend to various hardware.
  - GQRX - Software defined radio receiver powered by GNU Radio and Qt.
  - HackRF One - Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz (half-duplex).
  - YardStick One - Half-duplex sub-1 GHz wireless transceiver.
  - LimeSDR - Software Defined Radio peripheral capable of transmission or reception of radio signals from 100 KHz to 3.8 GHz (full-duplex).
  - BladeRF 2.0 - Software Defined Radio peripheral capable of transmission or reception of radio signals from 47 MHz to 6 GHz (full-duplex).
  - USRP B Series - Software Defined Radio peripheral capable of transmission or reception of radio signals from 70 MHz to 6 GHz (full-duplex).
  - ApiMote - ZigBee security research hardware for learning about and evaluating the security of IEEE 802.15.4/ZigBee systems. Killerbee compatible.
  - Killerbee - Framework for Testing & Auditing ZigBee and IEEE 802.15.4 Networks.
  - zigdiggity - A ZigBee hacking toolkit by Bishop Fox.
  - UberTooth One - Open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation.
- Common Control & Telemetry Radios
  - Microhard Telemetry Radios - FHSS serial radios in 900 MHz/840 MHz/410–480 MHz bands; ~60 km range, mesh/point‑to‑point.
  - Microhard Telemetry Radios - FHSS serial radios in 900 MHz/840 MHz/410–480 MHz bands; ~60 km range, mesh/point‑to‑point.
  - RFD900X / RFD868X - Long-range radio data modem operating in the 902-928MHzor 865-870MHz frequency band.
  - 3DR SiK Radio - SIK Air Telemetry Radio kit.
  - mRo SiK Radios - mRo SiK Telemetry Radio V2.
  - Holybro Sik Radios - SiK Telemetry Radio V3.
  - ExpressLRS - Open-source RC link that now supports bidirectional MAVLink passthrough with sub-10 ms latency—favoured by FPV pilots and DIY UAVs.
  - TBS Crossfire - Team Black Sheep Crossfire TX - Long Range R/C Transmitter.
📶 Wi-Fi Communications
- Wi-Fi Detection & Infiltration Tools
  - Bettercap - MITM framework to hijack drone app traffic.
  - Aircrack-ng - Deauth and WPA cracking toolkit.
  - WifiPhisher - Automated Evil Twin to phish Drone app creds.
  - DangerDrone - A DIY penetration testing quadcopter platform announced at Black Hat 2016.
  - WASP - Wireless Aerial Surveillance Platform.
  - Hack-a-drone - A Java-based project allowing control of Wi‑Fi drones (e.g. Cheerson CX‑10) via app or keyboard, demonstrating remote command capabilities.
- Common Wi-Fi Protocols & Equipment
  - WFB-ng - Low‑latency UDP Wi‑Fi broadcast for FPV drones.
  - OpenIPC - Open firmware turning IP cameras into low‑cost FPV links.
  - RubyFPV - Cross‑platform digital FPV stack for Wi‑Fi dongles.
  - RunCam WifiLink - 5.8 GHz Wi‑Fi FPV adapter with open protocol docs.
📡 BVLOS Communications
- Cellular Analysis & Tampering Tools
  - 5GBaseChecker - Tool for detecting vulnerabilities in 5G baseband implementations (2024).
  - LTE-Cell-Scanner - LTE cell detection and analysis.
  - gr-gsm - GSM analysis with GNU Radio.
  - QCSuper - Capture 2G-4G traffic using Qualcomm phones.
  - FALCON LTE - Fast Analysis of LTE Control Channels for real-time analysis.
  - Kalibrate - GSM base station scanner and frequency calibration tool.
  - LTE Sniffer - Open-source LTE downlink/uplink eavesdropper.
  - OsmocomBB - Free firmware for mobile phone baseband processors.
  - Modmobmap - Mobile network mapping.
  - Modmobjam - Mobile jamming research.
- Common BVLOS Equipment
  - Iridium RockBlock - Satellite Communications Module.
  - Magma Core Network - Meta's distributed packet core now under Linux Foundation.
  - Iridium RockBlock - Satellite Communications Module.
  - CUAV SR 4/5G Link - LTE LINK series communication link is a UAV link, independently supported by CUAV.
  - Cloud Walker - Optical Fiber Digital Communication Module.
  - OpenBTS - GSM+GPRS Radio Access Network Node reloaded for 2024-2025 for newest UHD drivers and supporting Ubuntu 22.04 & 24.04.
  - LimeNET CrowdCell - Network in a box solution with integrated LimeSDR for small cell deployments.
🤖 Protocols & Middleware Tools
- Common BVLOS Equipment
  - MAVLink - Marshalling / communication library for drones.
  - MAVROS - MAVLink to ROS gateway with proxy for Ground Control Station.
  - MAVLink Router - Route mavlink packets between endpoints.
  - MAVSDK - API and library for MAVLink compatible systems written in C++17.
  - ROS - Open Source Robot Operation System (ROS).
- Protocol Analysis & Tampering
  - MAVSploit - Pentesting toolkit designed specifically for identifying and exploiting vulnerabilities within the MavLink communication protocol.
  - MAVLink Wireshark PLugin - Parsing MAVLink Messages in Wireshark.
  - aztarna - ROS Footprinting Tool.
🛫 Ground Control Stations
- Companion Web Application Attacking
  - QGround Control - Cross-platform ground control station for drones.
  - Mission Planner - Windows-based GCS Software.
  - MAVProxy - CLI-based GCS Software.
📱 Mobile GCS Apps
- Companion Web Application Attacking
  - Androguard - Reverse engineering and pentesting for Android applications.
  - Apktool - A tool for reverse engineering Android apk files.
  - Dex2Jar - Tools to work with android .dex and java .class files.
  - MobSF - Automated, all in one mobile application hacking.
  - ADB Toolkit - ADB-Toolkit V2 for easy ADB tricks with many perks in all one.
  - Enjarify - Tool for translating Dalvik bytecode to equivalent Java bytecode. This allows Java analysis tools to analyze Android applications.
🏢 Vendor-Specific Research
- DJI
  - Drone-ID Receiver for DJI OcuSync 2.0
  - DroneXtract - Digital forensics suite for DJI drones.
  - DJI Drone ID - An SDR-based decoder that demodulates proprietary DJI DroneID RF bursts and allows creation of arbitrary DroneID frames using MATLAB/Octave scripts.
  - Drone Hacks - DJI Drone Hacking Tool for purchase.
  - dji_rev - DJI Reverse Engineering Toolkit.
  - deejaeye-Modder - DJI Drone Firmware Modding Tool.
  - pyduml - Python based DUML "DJI Universal Markup Language" Exploit & FW upgrade/downgrade tool.
  - RedHerring - FTPD directory transversal 0day.
  - DUMLrub - Ruby port of PyDUML.
  - DUMLdore - DJI Firmware Flashing Tool v3.20.
  - No Limit Drones - DJI Drone Hacking Tool for purchase.
- Parrot
  - SkyJack - Drone source used to autonomously seek out, hack, and wirelessly take full control over any other Parrot or 3DR drones.
  - DroneJack - Dronejack is a node web-based application to take control of a Parrot drone.
  - Maldrone - First Backdoor for Drones.
- Misc
  - DroneSploit - Drone pentesting framework console.
  - Drone Duel - Code used in the Great Drone Duel of 2016.
  - Drone-Hacking-Tool - Drone Hacking Tool is a GUI tool that works with a USB Wifi adapter and HackRF One for hacking drones.
  - Snoopy - A distributed tracking and data interception framework.
📚 Research Papers & Blog Articles
- Misc
  - GPS Jamming Techniques for UAVs using Low-Cost SDR Platforms - A research paper showing BladeRF/GNU Radio SDR can generate effective GPS interference to disrupt UAV navigation.
  - Vulnerability Analysis of the MAVLink Protocol for Command and Control of Unmanned Aircraft - A DoD/AFIT technical report identifying confidentiality, integrity, and availability flaws in MAVLink C2 messages, enabling crafted attacks on UAV missions.
  - How to Set Up A Drone Vulnerability Testing Lab - A Medium guide detailing a <$100 home drone security lab using toy/hobby drones and RC systems, upgradable to advanced gear like DJI and Futaba.
  - Unmanned Aircraft Capture and Control via GPS Spoofing - A seminal study demonstrating UAV takeover by injecting deceptive GPS signals under specific conditions.
  - Drone Detection and Tracking Using RF Identification Signals - An MDPI study presenting a dev‑board RF system decoding Drone‑ID telemetry with detection ranges of up to ~3.7 km on various DJI models.
📣 Vulnerability Disclosure Programs
- Misc
  - DJI - Official DJI program offering $50–$30 k rewards.
  - QGround Control - QGround Control Vulnerability Disclosure.
  - Autel Robotics - Autel Robotics Vulnerability Disclosure.
  - ROS - ROS Vulnerability Disclosure Policy.
  - DJI - Official DJI program offering $50–$30 k rewards.
  - Parrot - Parrot runs a phased YesWeHack bug bounty program.
  - PX4 - PX4 Security Policy.
  - ArduPilot - ArduPilot Vulnerability Disclosure.
  - DroneDeploy - DroneDeploy Vulnerability Reporting Policy.
  - Zipline - Zipline Vulnerability Disclosure Policy.
  - IRIS Automation / uAvioni - IRIS Automation / uAvioni Vulnerability Disclosure.
  - Ameta - Ameta Vulnerability Disclosure Policy.
  - Ouster - Ouster Responsible Disclosure Policy.
💿 Real-Time Operating Systems
- Fuzzing & Analysis Tools
  - Fuzzware - The target orchestration framework with focus on dynamic analysis of embedded devices' firmware.
  - Avatar² Framework - Fuzzware is a project for automated, self-configuring fuzzing of firmware images.
  - American Fuzzy Lop plus plus - AFL with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Emulators
- Fuzzing & Analysis Tools
  - QEMU - A generic and open source machine emulator and virtualizer.
  - Renode - Antmicro's open source simulation and virtual development framework for complex embedded systems. Supports many [STM32](https://github.com/renode/renode/blob/master/platforms/cpus/stm32f4.repl) series chips.
- Common RTOS
  - NuttX - NuttX RTOS, used by PX4.
  - ChibiOS - ChibiOS RTOS, used by ArduPilot.
📺 FPV & Payloads
- Video Detection & Eavesdropping
  - FPV DETECTION - Raspberry Pi Pico-based FPV Detection Tool with 1.6 km range.
  - RX5808 Pro Diversity - DIY 5.8 GHz FPV video receiver station with antenna diversity.
  - Meshtastic Detection Node (Drone Detection) - Mesh nodes designed to detect, and alert presence of 5.8GHz FPV analog video transmissions. They alert via Meshtastic and Serial USB.
  - TVSharp - An analog TV decoder for the RTL-SDR (but sharper).
- Video Jamming, Spoofing & Tampering
  - HackTV - Analogue TV transmitter for the HackRF.
💽 Autopilot Firmware
- Protocol Analysis & Tampering
  - ArduPilot - Trusted, versatile, and open source autopilot system supporting many vehicle types.
  - PX4 - Open Source Autopilot fro Drone Developers.
  - iNav - Navigation-enabled flight control software.
  - Betaflight - Open Source Flight Controller Firmware for FPV Drones.
- Firmware Analysis
  - Binwalk - Searches a binary for "interesting" stuff, as well as extracts arbitrary files.
  - cwe_checker - Finds vulnerable patterns in binary executables - ELF support for x86, ARM, and MIPS, experimental bare-metal support.
  - emba - Analyze Linux-based firmware of embedded devices.
  - Firmwalker - Searches extracted firmware images for interesting files and information.
  - Firmware Slap - Discovering vulnerabilities in firmware through concolic analysis and function clustering.
  - Ghidra - Software Reverse Engineering suite; handles arbitrary binaries, if you provide CPU architecture and endianness of the binary.
  - Radare2 - Software Reverse Engineering framework, also handles popular formats and arbitrary binaries, has an extensive command line toolset.
  - Trommel - Searches extracted firmware images for interesting files and information.
  - JTAGenum - Add JTAG capabilities to an Arduino.
  - OpenOCD - Free and Open On-Chip Debugging, In-System Programming and Boundary-Scan Testing.
- Firmware Extraction
  - DJI Firmware Tools - Utilities to extract, modify, and rebuild DJI drone firmware modules—including calibration, parameter editing, and repackaging for analysis.
  - FACT Extractor - Detects container format automatically and executes the corresponding extraction tool.
  - Firmware Mod Kit - Extraction tools for several container formats.
  - The SRecord package - Collection of tools for manipulating EPROM files (can convert lots of binary formats).
  - Cotopaxi - Set of tools for security testing of Internet of Things devices using specific network IoT protocols.
  - dumpflash - Low-level NAND Flash dump and parsing utility.
  - flashrom - Tool for detecting, reading, writing, verifying and erasing flash chips.
  - Samsung Firmware Magic - Decrypt Samsung SSD firmware updates.
- Firmware Modification
  - WAF - Python-based Ardupilot Firmware Compiler.
  - DJI FC Patcher - Custom FC Patcher and Flashing for various DJI drones.
🧠 Companion Computers
- Companion Network Analysis
  - NMAP - Network Mapping Tool.
  - Wireshark - Network traffic analyzer.
- Companion Web Application Attacking
  - BurpSuite - Web application security testing tooling, provides automated testing & external plugins.
🧠 Artifical Intelligence Libraries
- Companion Web Application Attacking
  - OpenCV - Open Source Computer Vision Library.
🔍 OSINT & Intelligence
- Misc
  - The Drone Database - Detailed information on drones from around the world. Perfect for research, analysis, and staying informed about global drone capabilities.
  - DJI Hardware Schematics - Community-shared KiCad schematics and PCBs for various DJI drone boards, though may contain errors and lack warranty.
  - DJI Packet Dumps - Collections of DJI hardware communication logs in PCAP format, useful for protocol analysis in Wireshark.
💥 Exploits, CVEs & Vulnerabilities
- Misc
  - Exploit Database - A large, public, CVE‑compliant repo of exploits and proof‑of‑concept code for penetration testers and researchers.
  - Robot Vulnerability Database - An open archive tracking robot/ROS vulnerabilities with RVSS scoring, curated by Alias Robotics.
🎓 Training & Education
- Misc
  - DSOC - DronSec Courses - Master Offensive Operations & Adversary Tradecraft for Drones.
  - DarkWolf Drone Playbook - Drone Hacking Playbook Developed by Dark Wolf Solutions.
🗣️ Communities
- Misc
  - Dronecode foundation - Home for MavLink, QGroundcontrol and PX4, part of Linux foundation.
  - FPV Freedom Coalation - Keep drones hackabel and safe.
- Who to Follow
  - Sander Walters
  - d0tslash
Additional Resources
- Who to Follow
  - Awesome-Drones - A curated list of Awesome Drones resources.
  - Awesome-Flying-FPV - Awesome Flying FPV List.

Programming Languages

Python 20 C++ 18 C 14 JavaScript 4 Shell 3 Java 3 Rust 2 RobotFramework 1 Go 1

awesome-drone-hacking

🔬 Drone Hacking Labs, CTFs & Workshops

🎤 Conference Talks & Videos

🔌 Flight Controller & Embedded Systems

Embedding Hacking Tools

Common Flight Controller & Embedded System Resources

📻 Radio & Telemetry

Telemetry Detection & Eavesdropping Tools

Remote Identification Discovery & Spoofing Tools

Misc RF Tools

Telemetry Detection & Eavesdropping Tools

Common Control & Telemetry Radios

📶 Wi-Fi Communications

Wi-Fi Detection & Infiltration Tools

Common Wi-Fi Protocols & Equipment

📡 BVLOS Communications

Cellular Analysis & Tampering Tools

Common BVLOS Equipment

🤖 Protocols & Middleware Tools

Common BVLOS Equipment

Protocol Analysis & Tampering

🛫 Ground Control Stations

Companion Web Application Attacking

📱 Mobile GCS Apps

Companion Web Application Attacking

🏢 Vendor-Specific Research

DJI

Parrot

Misc

📚 Research Papers & Blog Articles

Misc

📣 Vulnerability Disclosure Programs

Misc

💿 Real-Time Operating Systems

Fuzzing & Analysis Tools

Emulators

Fuzzing & Analysis Tools

Common RTOS

📺 FPV & Payloads

Video Detection & Eavesdropping

Video Jamming, Spoofing & Tampering

💽 Autopilot Firmware

Protocol Analysis & Tampering

Firmware Analysis

Firmware Extraction

Firmware Modification

🧠 Companion Computers

Companion Network Analysis

Companion Web Application Attacking

🧠 Artifical Intelligence Libraries

Companion Web Application Attacking

🔍 OSINT & Intelligence

Misc

💥 Exploits, CVEs & Vulnerabilities

Misc

🎓 Training & Education

Misc

🗣️ Communities

Misc

Who to Follow

Additional Resources

Who to Follow