Firmware m0901

Target

The firmware programs SoC with LTE modem, which handles radio communication (OcuSync) and controls intelligent flight functions (obstacle avoidance). Location of this chip:

in WM220, LC1860C SoC is on WM220 Core Board A
in WM240, LC1860C SoC is on WM240 Core Board
in other products, the location is unknown

This module flips its number between platforms. On WM220 it's m0801, while on later platforms, it's m0901. The inconsistency happened because m0801 was used for different SoC (custom ASIC) in WM230, and then WM240 included both of these chips - so naming from WM230 was retained.

Purpose

The module contains programming of a SoC originally designed as main processor in mobile phones; here software-defined part of LTE modem is re-programmed to create OcuSync protocol instead. All stages of the OcuSync transmission are closed within one chip. Remaining processing power and camera interfaces are used to implement obstacle avoidance system (called APAS - Advanced Pilot Assistance System). Specific responsibilities of this chip change between platforms, but its use for OcuSync is constant.

Versions

TODO

Structure

The IM*H module within FW update package is always encrypted, with AES, using platform-specific PRAK (in WM220) or UFIE (in WM240) key.

Decrypted firmware is a JAR file, which when unzipped reveals typical Android boot images (normal.img, recovery.img), and a 2nd stage bootloader (bootarea.img). It also contains new content for system and/or vendor partitions, either as individual files (in WM220) or as sparse filesystem images (in WM240).

The bootarea.img has the bootloader encrypted with either IAEK (in WM220) or TBIE (in WM240) key. Like the whole firmware file, it has IM*H format, though within the bootloader that part is preceded by a chunk of unencrypted code; the balance of unencrypted-vs-encrypted part changes between platforms - the newer the drone, the less plain code there is.

Boot partitions (normal.img, recovery.img) have IM*H format as well, and are encrypted with the same key as 2nd stage bootloader.

OS and Libraries

The firmware is based on Android, though it is cut down and heavily modified version. 2nd stage bootloader is designed to support IM*H images, and boot images are supplied in form of such encrypted files. Part of the bootloader is also supplied as IM*H image. How much of it is encrypted changes between platforms.

User space has the graphical interface part removed, and works like simple Linux distribution. There are several DJI-made native executables and libraries available within the file system. Some of them are running as services, performing designed functions of the module.

Flashing

TODO

Interfaces

TODO

This page is created by drone enthusiasts for drone enthusiasts.

If you see a mistake, or you know more about specific subject, or you see an area for improvement for the wiki - create an issue in this project and attach your patch (or describe the change you propose).

Firmware m0901

Table of Contents

Target

Purpose

Versions

Structure

OS and Libraries

Flashing

Interfaces

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!