Part 3: Data format (DUML)
In a commendable case of cleverly reusing code from across their product stack, DJI opted to use their proprietary DUML protocol/packet format, which is most notably used in DJI’s drones. Drone enthusiasts have a long history of tinkering with things manufacturers would rather have them leave alone, a lot of the work reverse-engineering the protocol has been done for us.
A helpful commenter on a related but dead GitHub repository first made me aware of DUML, along with a clever browser-based tool for decoding DUML packets: https://b3yond.d3vl.com/duml/. I was able to very quickly confirm that the data I was seeing on the CAN bus was in fact in DUML format, as was the data being sent over Bluetooth.
With some minor patches (now merged), I was able to use a Wireshark dissector (from here: https://github.com/o-gs/dji-firmware-tools) to analyze the communication on a higher level and in real time (I could only do one of those at a time using my scripts).
// TODO: screenshots
// TODO: the rest of the post