====== P0V Root Kit for DJI aircraft ======

This document describes one of the early rootkit approaches for DJI aircraft. The instructions below assume you are running on OSX. Most of these instructions will readily translate to most Linux variants.

===== 1. Toolchain =====
Install your toolchain as per the instructions [[.:toolchain|here]]. You only need to do this once... but check the instructions to see if there are any new tools that you may need.

===== 2. Get firmware =====

  * You need something in your firmware cache on your MAC, otherwise you will need to install a version (or reinstall) using DJI assistant before proceeding.

===== 3. Get the RedHerring magic =====

If this is your first time using RedHerring, you will need to checkout the code from git.  

  cd ~/Documents/
  git clone https://github.com/MAVProxyUser/P0VsRedHerring.git
  cd P0VsRedHerring

If you have done this before and you want to make sure you have the latest code, you just need to sync to the most recent version

  cd ~/Documents/P0VsRedHerring
  git pull

===== 4. Run the master script using the grep method =====

  sudo ruby RedHerring.rb /data/.bin/grep grep
===== 5. Start DJI assistant =====
Open a new window, and start DJI assistant ... connect to your aircraft, and view the list of available firmware updates... and then close DJI assistant. This will set a login cookie that will be re-used for the next command
  /Applications/Assistant.app/Contents/MacOS/Assistant 

===== 6. Start DJI assistant in test_server mode =====
  /Applications/Assistant.app/Contents/MacOS/Assistant --test_server

This sends our fireworks via the NFZ database upload, to get root access.
===== 7. Get a list of ads devices (see if it all worked) =====
  adb devices

===== 8. Connect to the adb shell =====
  adb shell

===== 9. Make ADB persistent =====
To make it easier to get back into your aircraft via ADB next time, you can add a command to the boot init script. Beware. This command is modifying a startup script. If you get it wrong, that could be ... well ... bad. Don't do this more than once, unless you change your firmware to re-patch the startup script.

  mount -o remount,rw /system
  echo /system/bin/adb_en.sh >> /system/bin/start_dji_system.sh
  reboot

===== Credits =====
  * https://www.youtube.com/watch?v=BTQ_CTih1HM
  * with help from opcode at https://dji-rev.slack.com/