This is an old revision of the document!
Table of Contents
P0V Root Kit for DJI aircraft
0. Preliminary
- These instructions assume OSX on a mac.
- Install Python 3 if you don't already have it. You can get it from Here
- You need something in your firmware cache on your MAC, otherwise you will need to install a version (or reinstall) using DJI assistant before proceeding.
- Install required python modules pycrypto
pip3 install pycrypto
- Install required Ruby modules colorise
sudo gem install colorize
- Install adb (Android Debugger) for osx
curl https://dl.google.com/android/repository/platform-tools-latest-darwin.zip > platform-tools-latest-darwin.zip unzip platform-tools-latest-darwin.zip platform-tools/adb mv platform-tools/adb . rm -rf platform-tools platform-tools-latest-darwin.zip sudo mv adb /usr/local/bin/adb
- Get the code using git
cd ~/Documents/ git clone https://github.com/MAVProxyUser/P0VsRedHerring.git cd P0VsRedHerring
1. Get the code using GIT
Freshen the code each time you want to root kit an aircraft
cd ~/Documents/P0VsRedHerring git pull
2. Find the firmware file that needs to be tweaked
grep start_dji_system /Applications/Assistant.app/Contents/MacOS/Data/firm_cache/*.fw.sig -r
Note the path and filename that is returned. You will need it in the next step. The filename that was returned for me was
/Applications/Assistant.app/Contents/MacOS/Data/firm_cache/wm331_0801_v01.01.03.89_20170519.pro.fw.sig
ls -l `grep start_dji_system /Applications/Assistant.app/Contents/MacOS/Data/firm_cache/*.fw.sig -r | grep ^Binary | cut -d " " -f 3`
3. Extract a bin file from that image
python3 image.py **add path and filename here**
4. Confirm a bin file was extracted
ls *bin
You should see your bin filename
5. Verify the file type of your bin file
file *.bin
This should return: Java archive data (JAR)
6. Extract the startup script from the JAR file
tar xvf *.bin system/bin/start_dji_system.sh
7. Patch the startup script
echo /system/bin/adb_en.sh >> system/bin/start_dji_system.sh
8. Run the master script
The next step will connect to your aircraft, so get it powered on and connected via USB… But this is the old one. You can PROBABLY skip this and go straight to the next step.
sudo ruby RedHerring.rb /system/bin/start_dji_system.sh system/bin/start_dji_system.sh
8b. Run the master script v2
sudo ruby RedHerring.rb /data/.bin/grep grep
9. Start DJI assistant
Open a new window, and start DJI assistant … connect to your aircraft, and view the list of available firmware updates… and then close DJI assistant. This will set a login cookie that will be re-used for the next command
/Applications/Assistant.app/Contents/MacOS/Assistant
10. Start DJI assistant in test_server mode
/Applications/Assistant.app/Contents/MacOS/Assistant --test_server
This will take a while - but it will update the NFZ database with no active NFZ's. Quite DJI assistant once its done
11. Get a list of ads devices (see if it all worked)
adb devices
12. Connect to the adb shell
adb shell
Other tidbits
Confirm aircraft is connected
/usr/sbin/system_profiler SPUSBDataType | grep DJI: -A 19
Credits
- with help from opcode at https://dji-rev.slack.com/
