购物车中没有商品
2019年3月25日 22:54:31

Howto: Rooting DJI Crystal Sky

5 months ago
#116 引用
Rooting DJI CrystalSky in windows. v02

WARNING!!!! - If you have attempted to root your CS and install the play store using other methods STOP!!! Before you continue with this guide, do a factory reset and reinstall v02.06.06.00 firmware for your CS. I'm not responsible if you screw this up!

Howto: Rooting the DJI CrystalSky so you can install the google playstore and then any app you like.

This works on all versions up to and including V02.06.06.00

This guide and my rooting were done on Win7/64

The information in this howto was gathered through many sources on the internet.

No limit dronez http://www.nolimitdronez.com  <--- imagine that
DJI Retroroms Wiki https://dji.retroroms.info/
The good folks over at http://dji-rev.slack.com - #crystalsky_rooting
Special thanks to Matioupi for all his help in rooting my CS!



Installing tools and gaining Root:
----------------------------------
Make a directory/folder on your windows machine to work from(I used) C:\adb This is where you will put the android tools, win-bash, and the CS rooting scripts.

On a windows machine download all of the following tools and scripts to your C:\adb folder.

Download the Opcodeffm/csroot files.

Go to the github listed below and on the "Clone or Download" tab select download. (You may have to make a git hub account.)
Unzip the files to the folder you just made, in my example that is C:\adb folder

https://github.com/Opcodeffm/csroot

Download and unzip win-bash to your C:\adb folder - select shell.w32-ix86.zip

https://sourceforge.net/projects/win-bash/files/shell-complete/latest/

Download and unzip the Android Windows platfomtools to your C:\adb folder - select SDK Platform-Tools for Windows

https://developer.android.com/studio/releases/platform-tools



Hook your CS to your PC with a USB cable. I used the side mico usb.

Start your bash terminal by running the start_shell.bat which is located in your C:\adb folder

This is a basic terminal and the prompt will look like bash$



Now it's time to start rooting the CrystalSky.

From your win-bash terminal, run the following commands. After each command I have listed what the output should look like. You will not see the ******** above and below the output. I just used those to separate the commands from the output.

  

  ./copy.sh
  

  
  (this triggers the script to connect to the CS and copy the exploit files)
  ***********
  bash$ ./copy.sh
  checking if adb device is present
  List of devices attached
  1234567890  device

  copying files to device
  tmp/: 11 files pushed. 6.8 MB/s (8348440 bytes in 1.173s)
  bash$
  ***********

  

  adb shell
  

  
   (this will put in a command line on your CrystalSky)
   ***********
   shell@zs600b:/ $
   ***********
  
  

  cd data/local/tmp
  

  
  (changes your working directory)
  ***********
  shell@zs600b:/data/local/tmp $
  ***********

  

  ./lordroot
  

  
  (runs the exploit to gain temporary root)
  ***********
  sh: ./patch_script.sh: not found
  max_:3 min:10 i_ret:0x20

  F_SETPIPE_SZ 407
    [+] Done target:dc0df1a0 overflowcheck:200000 map:12670 readv_error:0
    [+] Done target:dc0df1a0 overflowcheck:deadbeef map:12735 readv_error:0
  get_selinux_state -
  - 0
  shellcode_root_self i_pid:1408 ppid:1402 i_thread_info:de9ba000 i_task:db2c5e80 i_cred:dcbfb180 i_init_sid:0
  fwrite is count 1 ./kok
  shell@zs600b:/data/local/tmp $
  ***********

  

  ./mkdevsh
  

  
  (runs the script to install su binary and supersu.apk)
  **********
  1|shell@zs600b:/data/local/tmp $ ./mkdevsh
  2+0 records in
  2+0 records out
  2 bytes transferred in 0.001 secs (2000 bytes/sec)
  4+0 records in
  4+0 records out
  4 bytes transferred in 0.001 secs (4000 bytes/sec)
  12+0 records in
  12+0 records out
  12 bytes transferred in 0.001 secs (12000 bytes/sec)
  root@zs600b:/data/local/tmp #
  ***********
0
5 months ago
#117 引用
continued -

Reboot your CS and once at the main DJI launcher continue

In the main apps on your CS you now have SuperSU (SU), run SU(double tap), this is where you'll give Super User access to your apps. Most times when an app needs root you will get a popup from SU. You can now close SU.


Installing google play store and framework

Once root is gained from the previous steps, you need a flashing tool and the needed zip which contains the Play Store, Framework etc.


Download flashfire

Flashfire - there are newer versions of flashfire then the link below but this is what I used.

https://www.apkmirror.com/apk/chainfire/flashfire/flashfire-0-71-release/root-flashfire-0-71-android-apk-download/


Down load Google Playstore/framework(ARM) - pay very close attention to the version you download, if you get the wrong one you could brick your CS!!!******

Open this link and then read below this link to understand which package you are getting.

http://opengapps.org/


Look at the webpage, there are three columns named, PLATFORM, ANDROID, and VARIANT. Look below each column and select the correct choice. For CrystalSky it is the following. DON'T MESS THIS UP!!!

Choose
Platform: “ARM”
Android: “5.1”
Variant: “pico” (really take care choosing the right version)

Here is a pic of the correct selection!  

You should have file named open_gapps-arm-5.1-pico-xxxxxxx.zip   where the xxxxxxx is the date you downloaded the file. For me that was open_gapps-arm-5.1-pico-20180912.zip and yours will have a different date.

Now copy both eu.chainfire.flash_0.71-710_minAPI17(armeabi-v7a,x86)(nodpi)_apkmirror.com.apk AND open_gapps-arm-5.1-pico-20180912.zip to a micro sd card and put it in sd card1 slot on your CS.

Installing flashfire and playstore.


- From the main boot menu on the CS open the explorer and select SD Card 1
- Locate the chainfire file and open it.
- Give flashfire su, if asked (should be asked)
- In flashfire, tap the “+” sign on the right hand corner.
- Choose “Flash ZIP or OTA”
- Tap on top of the filebrowser to change to “Filesystem root”
- Navigate to “mnt/external_sd1”
- Choose your zip file
- Leave “Auto-mount” and “Mount/system read/write” unchecked
- Hit the checkmark and there you go

After several reboots, you will be greeted with the setup assistant. Step through it, make your desired settings and that should be it.


This has been tested on an CrystalSky 5.5 and 7.85, System Version up to 2.06.06.00

Once installed, you will be required to self register the CS as an uncertified Android device. This way you can install apps. You can do this by following the next set of steps below.


Retrieve your android device ID and register your device with Google:
----------------------------------

You need to get the android_id for your Crystalsky to register it with google so you can download and install apps from the playstore.

Download Device ID apk - Device ID_v1.3.2_apkpure.com.apk

https://apkpure.com/device-id/com.evozi.deviceid - put it on an SD card and install on your CS by running it in the CS explorer app. Once installed just run it from the main apps in the CS and it will output your android device ID.

Open this on a web browser with your Google Account and logged in. Note: This doesn't have to happen on your CS.

https://www.google.com/android/uncertified/

Register your CS by typing or copy and paste your android_id and click the register button.

Wait a few minutes (this can take upwards of 10 minutes or longer if the servers are busy) for the device to be authorized on Google servers.
0
5 months ago
#118 引用
continued -

Now you should be able to open the PlayStore on your CS and install any app you like from there.

I use apk installer to install the NLD GO4 app after I've patch it in the NLD program.

https://play.google.com/store/apps/details?id=com.apkinstaller.ApkInstaller&hl=en_US



If you are going to run NLD apk app on your CS here are some specifics for that.
--------------

With firmware 2.06.03.00 and 2.06.06.00 of crystal sky (5.5 and 7.85 versions) there is a bug in DJI Launcher that cause the following side effect :

Some times t he NLD app gets hidden. There is a fix for this.

Install both terminal window and ES file explorer if you have not already done so.

https://play.google.com/store/apps/details?id=com.estrongs.android.pop.pro


Step 1 :

Start your terminal window on your CS then issue the following command


su -c "pm enable dji.pilot.pad"


This will make the NLD app appear if it was hidden.


Step 2 :

From ES Explorer Pro, enable the root explorer mode (there is a small slider in app settings to do so) and navigate to the normally inaccessible file system section :

/data/data/dji.system.launcher/shared_prefs/

copy the file dji.system.launcher.xml to the local storage /Download/ full path is /mnt/sdcard/Download/

From there, open the file with a text editor (ES Explorer Pro has an embedded one) or quickedit pro and modify the file so it looks like :

<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
    <int name="KEY_APP1_INDEX" value="1" />
    <int name="KEY_APP2_INDEX" value="0" />
    <string name="KEY_MUTEX_PREF_PKG">dji.pilot.pad</string>
    <long name="KEY_BOOT_CNT" value="165" />
    <int name="KEY_F1_INDEX" value="0" />
    <string name="KEY_TRAFFIC_USED_TIMESTAMP">2018-06-14</string>
    <int name="KEY_FREEZE_ROTATION" value="0" />
    <long name="KEY_TRAFFIC_USED_TOTAL" value="7363457756" />
    <int name="KEY_F2_INDEX" value="4" />
    <long name="KEY_TRAFFIC_USED_TODAY" value="127043018" />
</map>

The line to add/modify is <string name="KEY_MUTEX_PREF_PKG">dji.pilot.pad</string>
it may be missing or be <string name="KEY_MUTEX_PREF_PKG">dji.go.v4</string>

Once again, add or change it to <string name="KEY_MUTEX_PREF_PKG">dji.pilot.pad</string>
Save the file.
Once the file is saved, copy it from /Download/ (in local storage) to the original place : /data/data/dji.system.launcher/shared_prefs/
and overwrite the original file.

Reboot CS. Should now never lose NLD app.

Some times the NLD app will continue to dissapear. To fix this edit the file on your windows PC with notepad ++

On the CS

copy the /data/data/dji.system.launcher/shared_prefs/dji.system.launcher.xml to /mnt/sdcard/Download/


On your PC in an adb shell:


adb pull /mnt/sdcard/Download/dji.system.launcher.xml


this will download the file on PC.

Modify the file on PC side with a text editor (e.g. notepad++) to add the line

<string name="KEY_MUTEX_PREF_PKG">dji.pilot.pad</string>
or replace dji.go.v4 with dji.pilot.pad in it if already there.

Save the file on PC side.

Then upload it back to the CS, in an adb shell:


adb push dji.system.launcher.xml /mnt/sdcard/Download/



Use ES explorer pro copy / paste the xml file from /Download/ to /data/data/dji.system.launcher/shared_prefs/
(you should get asked to overwrite : say YES)

Reboot CS, try pressing middle button, NLD should still be there and stick now.

You might need to redo this if you later install or change the launcher to avoid the awful DJI one e.g. Nova, Google Now Launcher, Windows Launcher)

continued -
0
5 months ago
#119 引用
continued -

The copy/overwrite needs to be done with ES Explorer Pro as it handles properly overwriting a file with read/only partitions etc. If you try to modify it directly, the unmodified version would be restored automatically from a cache, erasing your changes.


--------------------------------

Software I recommend you install, I have no game in this, they are just suggestions.

In no particular order.

No Root Firewall - I use it to block all the factory DJI apps and IP numbers
Nova Launcher (Prime) - us it to replace the DJI launcher, I like it so I got the prime version
ES File Explorer (Pro) great all around file explorer (again pro if you like it) https://play.google.com/store/apps/details?id=com.estrongs.android.pop.pro
Terminal Emulator - used to further customize your CS and shell https://play.google.com/store/apps/details?id=jackpal.androidterm
Quick Edit (Pro) - great all around text editor, pro if you like it
Chrome to replace the CS internet browser
Sqlite (prime) - great tool for looking in DJI and other databases/gservices
Last but not least - check out no limit dronez www.nolimitdronz.com It's your bird, fly it how you want to, but be safe!

What your CS can look like with Nova Launcher -

No Root Firewall blocking DJI stuffs -
0
5 months ago
#135 引用
Appreciate the write up mate!
0
5 months ago
#160 引用
CantRepeat wrote:

After several reboots, you will be greeted with the setup assistant.

I've made it this far, but I'm not getting the setup assistant.
Any suggestions?
0
5 months ago
#164 引用
Thomas wrote:

After several reboots, you will be greeted with the setup assistant.

I've made it this far, but I'm not getting the setup assistant.
Any suggestions?


So you installed the correct playstore zip file using flashfire?

----------------------------

Installing flashfire and playstore.


- From the main boot menu on the CS open the explorer and select SD Card 1
- Locate the chainfire file and open it.
- Give flashfire su, if asked (should be asked)
- In flashfire, tap the “+” sign on the right hand corner.
- Choose “Flash ZIP or OTA”
- Tap on top of the filebrowser to change to “Filesystem root”
- Navigate to “mnt/external_sd1”
- Choose your zip file
- Leave “Auto-mount” and “Mount/system read/write” unchecked
- Hit the checkmark and there you go
0
5 months ago
#166 引用
CantRepeat wrote:


So you installed the correct playstore zip file using flashfire?

Yes, had trouble getting zip from gapps, used older one (same version) first, later whatever was up w/the web site let me down load latest version. So I skipped the older and flashed newest. Followed install instructions.
I gave CS several (many) reboots and reflashed several (many) times to give it another chance but just not seeing play store.

0
5 months ago
#167 引用
Thomas wrote:


Yes, had trouble getting zip from gapps, used older one (same version) first, later whatever was up w/the web site let me down load latest version. So I skipped the older and flashed newest. Followed install instructions.
I gave CS several (many) reboots and reflashed several (many) times to give it another chance but just not seeing play store.



What do you mean older vs newer one?

0
5 months ago
#168 引用
CantRepeat wrote:

What do you mean older vs newer one?
The gapps file is playstore and there is no newer or older one you can use. It must be the one outlined in the howto.


opengapps.org wasn't working, threw an error, so I went looking for other sources and found open_gapps-arm-5.1-pico-20161006.zip

Later when opengapps.org did allow me to dl I used open_gapps-arm-5.1-pico-20181023.zip
0