The helicopter advertises itself as a password-free wi-fi access point, to which you get your phone to connect to. Mine uses SSID of the form wispi0004849. The helicopter also has a mini-DHCP server to give you computer all the necessary connection info. At that point you can use the phone to control the helicopter.
A port scan reveals three open ports: 23, 2000 and 8080.
Port 23 is telnet, but I haven't worked out the username/password. The prompt displays "huahong login:". Port 8080 is http, using MJPEG HTTP Push for the video stream. I am guessing port 2000 is the port used to send the control signals.
A few things I am looking at the moment:
- - how the software knows the address to use to connect to the server. I had assumed maybe the DNS addresses it provided, but those seem dud. At this point I am assuming it is just the address of the router it looks for.
- Trying to find out the telnet access info
- Working out how to decipher the protocol on port 2000.
- See what nmap and wireshark can give me.
If anyone has any ideas of how I can approach trying to get to the necessary information needed to make this useful for other project, then it would be appreciated. Maybe someone has already done the work?