User Tools

Site Tools

Translations of this page:

howto:crystalsky

This is an old revision of the document!


OriginalGangsterCow

MAVProxyUser found a way to sideload and install apk´s on the CrystalSky. This works through the DirtyCow exploit. It temporary patches the installd, which was modded by DJI to prevent installation of apks through adb (Android Debug Bridge).

You need to have adb installed and CrystalSky connected via USB to your PC for this script!

https://github.com/MAVProxyUser/OriginalGangsterCow

Rooting

Kingoroot works, nobody cared to actually look which exploit they use, might be dirtyc0w. If you use kingoroot you should do so in a WindowsVM since they install a ton of crapware to your windows installation.

WARNING!

In the past Kingoroot has been found to be stealing IMEIs, and potentially other information from devices, as well as other strange behaviour that may or may not be intentionally malicious. See these threads for more information:

https://forum.xda-developers.com/general/general/kingo-root-steals-imei-t3268525

https://forum.xda-developers.com/fire-tv/general/psa-kingoroot-exploit-users-major-t3502824

The user is advised to find another method to obtain a root prompt if at all possible. As a last resort, kingoroot could be used, providing:

  • A windows VM, without network connection is created. Kingoroot is installed in the VM to shield the user's system from Kingoroot bloatware.
  • The CrystalSky device has its wifi radio switched off, preventing any potential attempts for Kingoroot - related binaries to send data home.

APK installation blocked

DJI blocked apk installation, they do this through a modified installd. Bin4ry patched the installd to allow installations again, download it here: https://dji-rev.slack.com/files/bin4ry/F6L7R9ZFT/installd With root remount the system partion rw and then overwrite the original installd in /system/bin/installd. Make sure you keep the correct file permissions.

This will allow sideloading of APKs.

WARNING!

Triple check file name and file permissions before rebooting as your CS can get bricked if mishandling the installd. And as long as we dont have a good way of creating & restoring a (nandroid) backup that is risky…

Settings

To unlock more settings use this build.prop: https://dji-rev.slack.com/files/bin4ry/F6MFB6K8D/build.prop Remount system partition rw and overwrite the build.prop in /system/build.prop. Make sure you keep the correct file permisions. chmod 644 build.prop

WARNING!

Triple check file contents, file name and file permissions before rebooting as your CS can get bricked if mishandling the build.prop. And as long as we dont have a good way of creating & restoring a (nandroid) backup that is risky…

Google Play Store

To make Google Play Store work, first you need root. It will NOT work with Kingoroot. To switch from Kingoroot to SuperSU, use this App : https://s3-us-west-2.amazonaws.com/supersu/download/zip/SuperSU-v2.79-20161205182033.apk

After that, you need a flashing tool and the needed zip which contains the Play Store, Framework etc. The flashing tool can be downloaded here: https://flashfire.chainfire.eu/ The needed zip can be downloaded here: http://opengapps.org/ Choose Platform: “ARM” Android: “5.1” Variant: “pico”

- Install (sideload) flashfire

- Give flashfire su, if asked

- Copy the zip (i.e. open_gapps-arm-5.1-pico-20170811.zip) to an sd card, plug it in the CS sd1 slot

- In flashfire, tap the “+” sign on the right hand corner.

- Choose “Flash ZIP or OTA”

- Tap on top of the filebrowser to change to “Filesystem root”

- Navigate to “mnt/external_sd1”

- Choose your zip file

- Leave “Auto-mount” and “Mount/system read/write” unchecked

- Hit the checkmark and there you go

After several reboots, you will be greeted with the setup assistant. Step through it, make your settings and thats it.

WARNING!

Triple Check the choosen Platform, Android Version and Variant to avoid flashing wrong software, which could brick your device. Execute the steps carefully and you should be good.

This has been tested on an CrystalSky 7.85, System Version 02.02.08.01 and 02.02.09.00

howto/crystalsky.1504540289.txt.gz · Last modified: 2017/09/04 15:51 by opcode