A Multi-Interface Firmware Acquisition and Validation Methodology for Low-Cost Consumer Drones: A Case Study on Three Holy Stone Platforms

Computer Science > Cryptography and Security [Submitted on 11 May 2026] A Multi-Interface Firmware Acquisition and Validation Methodology for Low-Cost Consumer Drones: A Case Study on Three Holy Stone Platforms Sandesh More, Sneha Sudhakaran, Marco Carvalho Consumer unmanned aerial vehicles (UAVs) have evolved into capable computing platforms, yet their embedded firmware remains largely inaccessible to the security community. Entry-level models, in particular those marketed to first-time and younger operators, commonly ship with limited protection mechanisms and no public documentation of their software internals. This paper presents a systematic study of firmware extraction and validation applied to three Holy Stone consumer drone models: the HS175D, HS720, and HS360S. Rather than pursuing reverse-engineering outcomes, the work focuses on obtaining reliable, ground-truth firmware images across heterogeneous hardware designs using only commercially available, low-cost tooling. Four acquisition methods are evaluated SPI flash in-circuit reading, SWD/JTAG debug-port access, UART boot-message capture, and a clip-based contact approach that avoids chip desoldering and each is assessed for success rate, image completeness, and operational practicality. Post-acquisition quality is evaluated through sliding-window Shannon entropy profiling and structural-signature analysis using binwalk, together forming a three-tier validation framework that distinguishes validated images from those that appear successful at the tool level but contain no meaningful firmware content. Static analysis via the EMBA framework confirms that validated images contain identifiable OS components, aging library stacks with known CVE exposure, and no binary-hardening mechanisms. The resulting corpus and methodology provide a reproducible baseline for firmware rehosting, vulnerability analysis, secure-boot assessment, and embedded-systems education within the consumer UAV domain. Index Terms: consumer UAV, drone firmware, embedded systems security, entropy analysis, firmware extraction, IoT security, SPI flash, SWD/JTAG, UART. Comments: 13 pages, 3 figures, 7 tables, 36 references. Preprint of a manuscript being prepared for submission to the journal Internet of Things (Elsevier) Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2605.11040 [cs.CR]   (or arXiv:2605.11040v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2605.11040 Focus to learn more Submission history From: Sandesh More [view email] [v1] Mon, 11 May 2026 05:28:38 UTC (395 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-05 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)