You have no items in your shopping cart.
Thursday, July 29, 2021 4:54:02 PM

Howto: Rooting DJI Crystal Sky

2 years ago
#1120 Quote
Richie wrote:
Confirmed, after a reboot the dji.pilot.pad is still present in that file after several reboots.


And today, for some unknown reason, the custom GO4 app has vanished again and I had to pm-enable it once more :(

Do we think the xml file is being overwritten by a backup / cached copy?

If so, do we know where that is stored?

Can we script something  to run the "pm enable" each time the CS boots?

(or make a one-click android app??)
0
2 years ago
#1231 Quote
Can this be done on a Mac or must it be a windows pc?

Thanks
Allan
0
one year ago
#3892 Quote
It's done , my root is done !
My DJI GO, Litchy & Pix4D apps works great on the Mavic Pro 1 + CrystalSky5,5'
- Downgrade of the drone firmware to 01.03.0700 against Altitude Limiter & Geofence.
- Together with the NLD GO 4.1.22 CS App for CrystalSky

Thanks DJI, CantRepeat and NoLimitDronez =)
0
one year ago
#4216 Quote
Thanks a lot for this absolutely great Guide!
I have done the rooting and everything worked fine for me.

But now i get the offer via Google Play  to update my Go4 App to the latest Version.
I am a little bit concerned to do this .
Can anyone confirm that this is a good thing or is there any risk of problems with G4 or to brick the Device?

Thanks a lot in advance for your answer.
0
one year ago
#4225 Quote
bash$ ./copy.sh
checking if adb device is present
List of devices attached
1TSB3YW039      device

copying files to device
tmp\: 10 files pushed. 3.7 MB/s (8310310 bytes in 2.151s)
/system/bin/sh: chmod: not found
/system/bin/sh: chmod: not found
/system/bin/sh: chmod: not found
bash$


that I'm stuck..
0
one year ago
#5074 Quote
is there a way the new version v3.0.2.0. to root?
0
one year ago
#5180 Quote
I was able to root v3.0.2.0 with csfire, standard method from Linux.
Nothing was different from the instructions and older versions.
No idea who is spreading fake news that the new update made rooting
impossible. It is still an old Android 5.1.1 with 3.10 kernel, so lordroot
and dirtycow methods are still possible.

The only thing I noticed is that adb drivers on Windows are now not compatible
with v3.0.2.0, because the new image reports a different USB VID/PID codes.
So on Win7/Win10 you won't see attached devices on the USB adb bridge.
Use a Linux virtual machine for that (Virtualbox) and the problem is sovled.



DJI Pilot is updated to 1.7.0,
DJI Go 4 is 4.3.16. That's basically all about this "update".
0
one year ago
#5183 Quote
droni wrote:
I was able to root v3.0.2.0 with csfire, standard method from Linux.
Nothing was different from the instructions and older versions.
No idea who is spreading fake news that the new update made rooting
impossible. It is still an old Android 5.1.1 with 3.10 kernel, so lordroot
and dirtycow methods are still possible.

The only thing I noticed is that adb drivers on Windows are now not compatible
with v3.0.2.0, because the new image reports a different USB VID/PID codes.
So on Win7/Win10 you won't see attached devices on the USB adb bridge.
Use a Linux virtual machine for that (Virtualbox) and the problem is sovled.



DJI Pilot is updated to 1.7.0,
DJI Go 4 is 4.3.16. That's basically all about this "update".


Did you use the lordroot on the new firmware? I just want to make sure before I update this.
0
one year ago
#5185 Quote
Yes, as you can see from the build.prop it is 20191209, which corresponds to v3.0.2.0.
0
one year ago
#5188 Quote
Do you mean using flashfire and SuperSU? I don't know, for me it looks like an additional unecessary step:

First of all, we want to avoid persistent root as it can be detectable by apps.
I didn't notice any behaivior of DJI Go 4.3.16 and Pilot 1.7.0 on a rooted device,
but I didn't give it a very deep look. Didn't even decompile the bytecode of the stock apps, just made sure they work as before.

There are other DJI daemons that run as root and can detect (persistently) rooted device with 99% probability if they wish to do so.
These methods involve looking up several system properties that can only been changed when the device is rooted. If the values don’t match an unrooted device it’ll flag it as rooted. (Super)su and Busybox binaries are often present on rooted devices, so a simple file system check can detect it as well.
Some root handlers mount the /system partition as read-write, another way etc.

Losing warranty, bricking, is only one reason why we want to avoid it.
So SuperSU and other things you would probably don't care about on
an emulator - are extremely important here.
The guide should be focused about gaining a temp root, install the stuff (Gapps, apks, firewall rules that you need, reboot and go to a clean state.
By clean I mean system-wise unrooted, with your stuff installed and working.
This part is totally missing from your guide for now.
People who want persistent root can go all the way further and install the
unstable garbage like SuperSU, but it shouldn't be a default for all.

Also we want to make sure it's future proof for any next updates, as it will
be less trivial for DJI and other apps to check for device modifications,
we can safely sideload/update any userspace app without worries.

Back to the original question, no - that method will not work since the original installd will check for the following manifests:
> dji.pilot.pad, com.DeviceTest, com.google.android.apps.maps

In the patched installd, this check is zeroed out with 'a's:
< aaa.aaaaa.aaa, aaa.aaaaaaaaaa, aaaaaaaaaa.aaaaaaa.aaaa.aaaa

Here are both files -
Original: https://mega.nz/#!3MwB1bDR!QlsCdfe_0MDBRlt5InA32QZllPssUKG1MCYC0WgECjo
Patched:
https://mega.nz/#!mY41wRCJ!_U8wDHMUJloyQF6gniKn63ozAl1lxzHkEP0G4HaZQr8

To patch, just replace /system/bin/installd with the patched one.
0