A really good read, thanks.
The security aspect doesn't bother me; as you say, it's a toy - I'm not storing my company secrets on there! But the 4097 bug is really interesting.
After checking my own Drone SDK it seems I don't make UDP datagram size checks before sending. But that would have been based on 2 factors:
The SDK documentation states:
6.1 AT Commands syntax
The maximum length of the total command cannot exceed 1024 characters; otherwise the entire command line is rejected. This limit is hard coded in the drone software.
I don't see how 1 or 2 standard AT commands, even concatenated, would even approach the 1024 bytes, let alone the 4096 limit. I guess I'll have to start logging the datagram lengths to find out!
Armed with this new information, maybe it's safe for me to unpack the drone once again!?
Though given point 2 above, I'm still a bit concerned there maybe a second unresponsive bug lurking somewhere.
But thanks for investigating, I've not read machine code for a while!