AntSDR E200

A powerful, versatile, FPGA-based software-defined radio based on the ZYNQ and AD936x chipsets

Jan 09, 2024

Project update 9 of 9

DJI DroneID Detection

by Chaochen Wei, Chao Jiang, Aero

Hello supporters of the E200.

Today, we bring you a rather interesting project – DJI drone detection. This project was initially documented on GitHub at https://github.com/proto17/dji_droneid and https://github.com/RUB-SysSec/DroneSecurity provides instructions on how to implement it. Now, we have implemented the entire DroneID decoding on the AntSDR-E200. The E200 is equipped with an ARM core, and we have implemented the decoding part on the ARM core. The decoding results are then output through either the serial port or the network port (for testing, the image uses the serial port).

Download test firmware

Testing the decoded information from the firmware output is incomplete. If needed, please contact Microphase. Firmware download link for testing: https://drive.google.com/file/d/1Ob0sC5IISxM9p-qbJm6WTnZ4X_iWQJtP/view(Note: The firmware is intended solely for testing purposes.)

Steps for usage

1. Replace firmware

First, unzip the downloaded firmware to obtain a folder named build_sdimg, which contains five files. Replace the existing content on the SD card of Antsdr-E200 with these five files. Of course, it is advisable to back up the original files on the SD card before replacing them to prevent data loss.

2. Set device SD card to boot

Make sure the device’s DIP switch is activated on the SD card. Please be careful when turning it to avoid breaking it.

3. Plug in the USB cable

Connect to the device using the serial port, the baud rate is 115200.

If you open the serial port quickly enough, you can see the following information.

hw-breakpoint: found 5 (+1 reserved) breakpoint and 1 watchpoint registers.
hw-breakpoint: maximum watchpoint size is 4 bytes.
zynq-ocm f800c000.ocmc: ZYNQ OCM pool: 256 KiB @ 0x(ptrval)
e0000000.serial: ttyPS1 at MMIO 0xe0000000 (irq = 25, base_baud = 6249999) is a xuartps
e0001000.serial: ttyPS0 at MMIO 0xe0001000 (irq = 26, base_baud = 6249999) is a xuartps
printk: console [ttyPS0] enabled
printk: bootconsole [earlycon0] disabled

Of course, it’s normal if you can’t see it because the serial port has finished printing at this time.Turn on the aircraft. It is recommended to use Ocusync 2 or 3 image transmission like mini2 mini3pro, because we found that DJI has encrypted some models, and the decrypted data of some models is wrong.

Then you can see this.

0Y{"freq":2414.500000000000000,"device_type":"DJI Mini 2","device_type_8":63,"drone_gps_time":"1970-01-01 08:00:00","app_lat":0.000000000000000,"app_lon":0.000000000000000,"drone_lat":0.000000000000000,"drone_lon":0.000000000000000,"home_lat":0.000000000000000,"home_lon":0.000000000000000,"heigth":-0.100000000000000,"altitude":0.000000000000000}
0Y{"freq":2414.500000000000000,"device_type":"DJI Mini 2","device_type_8":63,"drone_gps_time":"1970-01-01 08:00:00","app_lat":0.000000000000000,"app_lon":0.000000000000000,"drone_lat":0.000000000000000,"drone_lon":0.000000000000000,"home_lat":0.000000000000000,"home_lon":0.000000000000000,"heigth":-0.100000000000000,"altitude":0.000000000000000}
0Y{"freq":2414.500000000000000,"device_type":"DJI Mini 2","device_type_8":63,"drone_gps_time":"1970-01-01 08:00:00","app_lat":0.000000000000000,"app_lon":0.000000000000000,"drone_lat":0.000000000000000,"drone_lon":0.000000000000000,"home_lat":0.000000000000000,"home_lon":0.000000000000000,"heigth":-0.100000000000000,"altitude":0.000000000000000}
0Y{"freq":2414.500000000000000,"device_type":"DJI Mini 2","device_type_8":63,"drone_gps_time":"1970-01-01 08:00:00","app_lat":0.000000000000000,"app_lon":0.000000000000000,"drone_lat":0.000000000000000,"drone_lon":0.000000000000000,"home_lat":0.000000000000000,"home_lon":0.000000000000000,"heigth":-0.100000000000000,"altitude":0.000000000000000}

If everything is normal, the console can display the drone’s information. When your aircraft is locked on GPS and connected to your phone, you can see some location information.

Special Instructions

Since the initial DAC values of the E200 devices are different, some devices are not very efficient in detecting drones and require frequency offset calibration of the devices.

If you need to detect a longer distance, you need to use a 5.8 G LNA with a filter and a glass omnidirectional antenna or directional antenna.

Since I don’t know whether DJI will encrypt the DroneID of all drones in the future, this project cannot guarantee that it can be used all the time. I can only say that it will bring a little happiness to SDR enthusiasts.

Project video

We are honored to invite cemaxecuter to help me test this project. He posted a simple video on Youtube.

Thank you again for your support of AntSDR.


Sign up to receive future updates for AntSDR E200.

AntSDR E200 is part of AMD FPGA Playground

Key Components

ZYNQ7020 · FPGA

Subscribe to the Crowd Supply newsletter, highlighting the latest creators and projects