0

I have this Quadcopter "Garuda" that can stream video to an Android APP named VS FPV PRO over wifi. Here is the video. I wanted to receive the video stream on my laptop to run some computer vision models so I tried to reverse engineer the Android APP using jadx decompiler. I was able to write this Python script that initiates the video stream and give a 1 second heartbeat packet to keep the video stream alive. You can see that wireshark is receiving a steady flow of UDP packets of the video stream. The command being

$ ffplay udp:/172.16.10.1:8888

I am using ffplay to display the video stream as internally in the app also ffmpeg was being used. In the end of the above video you can see the stream I am able to see the top few lines are somewhat RGB and below it there is a lot of missing pixels. I suspect a decoding issue where error correction might not be happening. I tried setting the probesize to 32, increasing fifo buggersize and setting framerate but the outcome was the same. I feel I am close but I have no leads about this problem so please do give any suggestions or advice on what might be the problem and how to solve it.

Improve this question

3 Answers 3

Reset to default
0

I'll suggest to you first SSL unpin the target app (using either LSPosed or Frida) & analyze the decrypted/detailed app traffic on Reqable/PCAPDroid/Burp Suite/MITMProxy

Frida SSL Unpinning Script:- https://github.com/apkunpacker/FridaScripts/blob/main/SSLUnpinning.js

After which, you should should Developer Assistant app to find the current activity inside the app where the video is streamed. From there, you can use jadx to decompile the code & figure out how target classes decode & play the video. (App link: https://play.google.com/store/apps/details?id=com.appsisle.developerassistant )

Further, I'll recommend using SimpleHook LSPosed module to ease reverse engineering, it can help figure out lot of stuff like what classes are triggered on a particular button click, which saves your time.

Perhaps, there's some "shortcut" to figure out what that video format is, it's better if you can find it. But, in case you don't, then you'll have to walk this path to reverse engineer the app directly to figure out the decode flow.

Improve this answer
0

In the class com.vison.baselibrary.base.BaseApplication in the application you linked, you will find a huge switch statement that categorises the stream based on a few starting bytes of the UDP stream. That should help you figure out the correct configuration.

Improve this answer
0

I found this post and it had some interesting info that helped me complete the video decode for my done that uses the same app as yours.

I have documeneted it in https://github.com/mretallack/DroneReverseEngineer

The video feed has a header and they also corrupt the video feed, all details are in readme.md.

Improve this answer
New contributor
Mark Retallack is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.