foobar2000 Posted at 2-18 07:25
As I said... maybe my serial is already registered on the server.
There is an interesting discussion going on here: https://mavicpilots.com/threads/some-guy-doing-an-fcc-hack-permanent-for-rc-pro-controller.133836/page-5

I know this is a lot to ask , but can you share the password for the pass.txt ?
If it is already registered to your serial, noone else can use it to patch their device , but maybe the ADB would work with a valid pass.

[ilkeraktuna] Posted at 2-18 07:37
I know this is a lot to ask , but can you share the password for the pass.txt ?
If it is already registered to your serial, noone else can use it to patch their device , but maybe the ADB would work with a valid pass.

interestingly , if I unplug the USB cable , the tool reports that USB is not connected.
So it should be connecting to the RC even before checking password/registration.
But then why doesn't it make ADB authorized as in yours...

My adb is working First run the fcc tool and saw in process explorer the following adb command running adb -L tcp:5037 fork-server server --reply-fd 612
So i runned that exact same command and now im authorized
After that the device was authorized i managed to run adb install and APK file and did some testing
Maby somebody else can build a cool apps menu or something cause i have no knowledge about this furthermore

Fw071 Posted at 2-18 09:29
My adb is working First run the following: adb -L tcp:5037 fork-server server --reply-fd 612
After that the device was authorized and i managed to run adb install and APK file

Cant confirm the adb command is working. How should it?

Im connected and can even run this tool:

Fw071 Posted at 2-18 10:15
Im connected and can even run this tool:

[view_image]

No doubt you are connected. But I cant confirm this adb command is sufficient to connect.

foobar2000 Posted at 2-18 10:27
No doubt you are connected. But I cant confirm this adb command is sufficient to connect.

What i did was first run the fcc tool
After that cmd adb -L tcp:5037 fork-server server --reply-fd 612
I dont know what the function of this command is but captured it when the fcc patch was running and connecting to the controller.
And then "ADB devices"

EDIT:
After restarting i'm still connected using adb so i think the tool made some sort of trust with the RC..

Fw071 Posted at 2-18 10:35
What i did was first run the fcc tool
After that cmd adb -L tcp:5037 fork-server server --reply-fd 612
I dont know what the function of this command is but captured it when the fcc patch was running and connecting to the controller.

were you able to connect with default pass in pass.txt ? (pass_111111111111111111111111)
or some other password ?
on my test it does not work

maybe you are using a different version of the exe.
where did you get it ?

I get this error

Fw071 Posted at 2-18 09:29
My adb is working First run the fcc tool and saw in process explorer the following adb command running adb -L tcp:5037 fork-server server --reply-fd 612
So i runned that exact same command and now im authorized
After that the device was authorized i managed to run adb install and APK file and did some testing
[Image]

Have fun

https://drive.google.com/file/d/1dgv7Fdnw4DtvzWr2SWf4g9ep-XJp3T68/view?usp=drivesdk

https://youtu.be/95d1flT1hts

i get this error, how can do it?

djiuser_jZElbzvkKfnV Posted at 2-19 10:36
[view_image]

i get this error, how can do it?

just use the apps, FCC and S9 Launcher

If you activate the three things in ADB App Control, a wide app called Bug appears, look the Video
https://youtu.be/e3H8cS-Dhc4

GPS Glonass and Beidu is aktiv

Install the S9 Launcher and the FCC App that I uploaded above

Still don't understand how to authorize the device and how to change unauthorized to authorized.

djiuser_bYdutkGF09oC Posted at 2-19 09:30
Have fun

https://drive.google.com/file/d/1dgv7Fdnw4DtvzWr2SWf4g9ep-XJp3T68/view?usp=drivesdk

what are these files for ?
and how do we use it if we  don't have ADB access ?

djiuser_bYdutkGF09oC Posted at 2-19 09:42
https://youtu.be/95d1flT1hts

I don'T understand. How do you make "device unauthorized" to "authorized" ?

This remains no other option than to buy an FCC hack. Because the passport ID is generated based on the serial number. With the valid FCC hack, ADB is automatically installed. Through ADB you can do the gimmicks.

djiuser_bYdutkGF09oC Posted at 2-19 12:59
If you activate the three things in ADB App Control, a wide app called Bug appears, look the Video
https://youtu.be/e3H8cS-Dhc4

what is "ADB app control" ?

[ilkeraktuna] Posted at 2-19 22:50
what is "ADB app control" ?

ok. I found adb app control
but how do you make "device authorized" ?

With ADB AppContoll, you can install Apk from your computer. However, an ADB bridge must first be produced on the RC. Because your RC has no trust with your computer. It doesn't happen. The FCC establishes trustworthiness and the RC goes into ADB mode.

fansc7e35b83 Posted at 2-19 22:57
With ADB AppContoll, you can install Apk from your computer. However, an ADB bridge must first be produced on the RC. Because your RC has no trust with your computer. It doesn't happen. The FCC establishes trustworthiness and the RC goes into ADB mode.

ok but yesterday 2 people were saying that the device could be authorized with the RCFCC tool  even if the password is not valid.
did I misunderstand it ?

And , if the author of the RCFCC tool can do it, why can't anyone else do ?

Personally, I understood it that way. One bought the tool and one was just lucky. Apparently he must have bought the controller used. Me and a few other people had extracted the tool. However, it is packed or encrypted more times. I can only imagine it that way, the developer has written a tool where he gets a hash or binary code based on the serial number that allows it to run.

The tool descompress in temp Izer esparce,  only adb, a log file and a few dll,s…
I an not a hacker.. pelase other can help? Thanks

djiuser_jZElbzvkKfnV Posted at 2-20 02:23
The tool descompress in temp Izer esparce,  only adb, a log file and a few dll,s…
I an not a hacker.. pelase other can help? Thanks

did  you catch these files ?
can you zip them up and send them over some filesharing site ?

You have to buy the FCC Hack, this gives you access to the Android system of the remote control as we found out by accident https://youtu.be/hSi93Cd1uNQ

djiuser_bYdutkGF09oC Posted at 2-20 07:25
You have to buy the FCC Hack, this gives you access to the Android system of the remote control as we found out by accident https://youtu.be/hSi93Cd1uNQ

ok. so Fcc hack is probably using some kind of exploit to gain adb root access.
If we can understand what it is using, we can simulate it , or do the same and gain access (without buying the hack)

[ilkeraktuna] Posted at 2-20 10:17
ok. so Fcc hack is probably using some kind of exploit to gain adb root access.
If we can understand what it is using, we can simulate it , or do the same and gain access (without buying the hack)

I dont know if this helps, but after running the FCC tool, the RC gets disconnected/reconnected and is then accessible via ADB. In this state you can even connect the RC to another computer (in my case from Win to Mac) and its still "open", until you reboot the RC.
So my assumption is, its not related to any local ADB-Keys, but I may be wrong.

foobar2000 Posted at 2-20 14:31
I dont know if this helps, but after running the FCC tool, the RC gets disconnected/reconnected and is then accessible via ADB. In this state you can even connect the RC to another computer (in my case from Win to Mac) and its still "open", until you reboot the RC.
So my assumption is, its not related to any local ADB-Keys, but I may be wrong.

I am guessing that the hack uses a special adb built to connect.
So if anyone can share the extracted files , we might try it.

[ilkeraktuna] Posted at 2-20 21:09
I am guessing that the hack uses a special adb built to connect.
So if anyone can share the extracted files , we might try it.

This is  the files that the tool decompress in temp folder:

https://drive.google.com/file/d/16B6pc2_jrNj4W4r-YD9tix1J7_UEiY5d/view?usp=drivesdk

djiuser_jZElbzvkKfnV Posted at 2-20 23:24
This is  the files that the tool decompress in temp folder:

https://drive.google.com/file/d/16B6pc2_jrNj4W4r-YD9tix1J7_UEiY5d/view?usp=drivesdk

thank you. I tried this adb with dll files but still unauthorized...

Can you do one more favor please ?
if possible,

1. Please install Wireshark (from wireshark.org) on your PC. Please also install USBPcap when Wireshark installation asks.
2. After install, you have to reboot your PC
3. After reboot , please run Wireshark and start capturing packets on USB interface (for this you have to select "capture" menu and then "options" , there you will have the USB interface to capture.
4. after capture starts, please run RCFCC tool
5. Wireshark will capture what it does
6. Stop capture and save it to a pcap (or cap) file
7. send the pcap file so that we can see what the RCFCC tool does

I'd really appreciate if you can do this. If not, thanks anyway

thanks.

there is also this thread, which might help:
https://cracked.io/Thread-DJI-FCC

so if many of us want this hack, please go there and make a comment wishing the tool to be cracked...

brilliant!  I'll try it tonight. I'll let you know.  On the other hand, do you find it interesting to create a group on Telegram?  talk later

[ilkeraktuna] Posted at 2-21 06:00
thank you. I tried this adb with dll files but still unauthorized...

Can you do one more favor please ?

https://drive.google.com/file/d/ ... xL/view?usp=sharing


I'll give it to you but I don't know if it will be of much use, you'll tell us!

djiuser_jZElbzvkKfnV Posted at 2-21 13:34
https://drive.google.com/file/d/1xmr8uPumxIbrZctMEkZICaCG696Zt4xL/view?usp=sharing

there is a 15 seconds of communication between the RC and the PC
but I really don't understand the USB comm.
What did you do in that 15 seconds period ?
Was the adb unauthorized BEFORE this and authorized AfTER ?

I treid to debug the whole proces but unfortunately it has a debug protection build in

[ilkeraktuna] Posted at 2-19 22:52
ok. I found adb app control
but how do you make "device authorized" ?

Bedava olmaz, you have to buy the fcc hack

djiuser_bYdutkGF09oC Posted at 2-21 14:41
Bedava olmaz, you have to buy the fcc hack

TR:
bal gibi bedava olur Aytaç. Çalışır yaparız.

EN:
If we work hard, we can do it and provide it free.