Howto: Rooting DJI Crystal Sky

Richie wrote:

And today, for some unknown reason, the custom GO4 app has vanished again and I had to pm-enable it once more :(

Do we think the xml file is being overwritten by a backup / cached copy?

If so, do we know where that is stored?

Can we script something  to run the "pm enable" each time the CS boots?

(or make a one-click android app??)

Can this be done on a Mac or must it be a windows pc?

Thanks
Allan

It's done , my root is done !
My DJI GO, Litchy & Pix4D apps works great on the Mavic Pro 1 + CrystalSky5,5'
- Downgrade of the drone firmware to 01.03.0700 against Altitude Limiter & Geofence.
- Together with the NLD GO 4.1.22 CS App for CrystalSky

Thanks DJI, CantRepeat and NoLimitDronez =)

Thanks a lot for this absolutely great Guide!
I have done the rooting and everything worked fine for me.

But now i get the offer via Google Play  to update my Go4 App to the latest Version.
I am a little bit concerned to do this .
Can anyone confirm that this is a good thing or is there any risk of problems with G4 or to brick the Device?

Thanks a lot in advance for your answer.

bash$ ./copy.sh
checking if adb device is present
List of devices attached
1TSB3YW039      device

copying files to device
tmp\: 10 files pushed. 3.7 MB/s (8310310 bytes in 2.151s)
/system/bin/sh: chmod: not found
/system/bin/sh: chmod: not found
/system/bin/sh: chmod: not found
bash$


that I'm stuck..

is there a way the new version v3.0.2.0. to root?

I was able to root v3.0.2.0 with csfire, standard method from Linux.
Nothing was different from the instructions and older versions.
No idea who is spreading fake news that the new update made rooting
impossible. It is still an old Android 5.1.1 with 3.10 kernel, so lordroot
and dirtycow methods are still possible.

The only thing I noticed is that adb drivers on Windows are now not compatible
with v3.0.2.0, because the new image reports a different USB VID/PID codes.
So on Win7/Win10 you won't see attached devices on the USB adb bridge.
Use a Linux virtual machine for that (Virtualbox) and the problem is sovled.



DJI Pilot is updated to 1.7.0,
DJI Go 4 is 4.3.16. That's basically all about this "update".

droni wrote:

Did you use the lordroot on the new firmware? I just want to make sure before I update this.

Yes, as you can see from the build.prop it is 20191209, which corresponds to v3.0.2.0.

Do you mean using flashfire and SuperSU? I don't know, for me it looks like an additional unecessary step:

First of all, we want to avoid persistent root as it can be detectable by apps.
I didn't notice any behaivior of DJI Go 4.3.16 and Pilot 1.7.0 on a rooted device,
but I didn't give it a very deep look. Didn't even decompile the bytecode of the stock apps, just made sure they work as before.

There are other DJI daemons that run as root and can detect (persistently) rooted device with 99% probability if they wish to do so.
These methods involve looking up several system properties that can only been changed when the device is rooted. If the values don’t match an unrooted device it’ll flag it as rooted. (Super)su and Busybox binaries are often present on rooted devices, so a simple file system check can detect it as well.
Some root handlers mount the /system partition as read-write, another way etc.

Losing warranty, bricking, is only one reason why we want to avoid it.
So SuperSU and other things you would probably don't care about on
an emulator - are extremely important here.
The guide should be focused about gaining a temp root, install the stuff (Gapps, apks, firewall rules that you need, reboot and go to a clean state.
By clean I mean system-wise unrooted, with your stuff installed and working.
This part is totally missing from your guide for now.
People who want persistent root can go all the way further and install the
unstable garbage like SuperSU, but it shouldn't be a default for all.

Also we want to make sure it's future proof for any next updates, as it will
be less trivial for DJI and other apps to check for device modifications,
we can safely sideload/update any userspace app without worries.

Back to the original question, no - that method will not work since the original installd will check for the following manifests:
> dji.pilot.pad, com.DeviceTest, com.google.android.apps.maps

In the patched installd, this check is zeroed out with 'a's:
< aaa.aaaaa.aaa, aaa.aaaaaaaaaa, aaaaaaaaaa.aaaaaaa.aaaa.aaaa

Here are both files -
Original: https://mega.nz/#!3MwB1bDR!QlsCdfe_0MDBRlt5InA32QZllPssUKG1MCYC0WgECjo
Patched:
https://mega.nz/#!mY41wRCJ!_U8wDHMUJloyQF6gniKn63ozAl1lxzHkEP0G4HaZQr8

To patch, just replace /system/bin/installd with the patched one.