====== NFZ Bypass ======
This page was previously hidden content. The team that has contributed to this work has in a private channel agreed it is time to release this material.
Feel free to contribute / update this material to expand on the details here.
===== NFZ Removal Tutorial =====
How to fully remove NFZ from 4.1.22 GO and on your stock firmware drone WITHOUT mixing firmware.
**These instructions are for MAVIC only.** Coming soon for Spark,P4, I2. Stay tuned.
Following these steps will allow you almost the full monty. All performance mods will work, but you still can’t bypass GO Altitude limits, but you can use stock firmware and NOT have to bypass NFZ in parameters. Yes, you read that right. You will be rid of ALL NFZ zones on the map, all of the pop-ups and warnings in the app and be able to arm and fly ANYWHERE! You will have all other benefits of the FW such as Quickshots, Precision Landing etc.
Just to be clear, this project was undertaken to get around DJIs INCORRECT NFZ and Warning zones that they implemented without any legal obligation or requirement.
**DON'T DO ANYTHING STUPID IF YOU PROCEED WITH NFZ UNLOCKING! If you do something STUPID like flying around airports or other aircraft etc, everyone involved in this project will do whatever we can to identify you and provide your info to the authorities! Do not TEST US!**
Tools/software needed:
* DUMLdore V3.03: https://github.com/jezzab/DUMLdore/archive/master.zip
* Latest bin4ry/deejayeye-modder software so you can patch GO and remove the NFZ from the app.
* https://github.com/Bin4ry/deejayeye-modder/archive/master.zip
* DDD – DankDrone Downloader - https://github.com/cs2000/DankDroneDownloader/archive/master.zip
* Latest GO that is patchable: http://www.openpilotlegacy.org/dji.go.v4-4.1.22-3028592-noseceo.apk
* Jezzabs stage2.bin file attached [[http://dji.polybotes.feralhosting.com/stage2/Mavic-Pro/stage2.bin|Here]]
Without getting into the details of what jezzab has done for all of us…here is what you do:
- Use DDD and download 01.04.0100/.0200 and or .0300. Tested and working on v01.04.0300.
- Use DUMLdore V3.03 and flash your Mavic to the firmware of your choice in #1. Stock. No mixed firmware, and make sure it is stock, no f’ing around with the files on your bird.
- Flash it again, just to make sure, to the same version. No really. Just do it. Stop whining.
- Now, close DUMLdore . In the DUMLdore folder you will see the stage2.bin file. Rename this file so the program doesn’t use it. (Example, rename it to stage2original.bin) Replace that file with stage2.bin attached here.
- Start up DUMLdore. Hold ALT and click the Load Firmware button and select any firmware file. You will not actually flash the firmware but you must select one to get the process started. Then click on Flash Firmware. You will see stage 1, then stage 2. After its done you will see "**Completed. Exit DUMLdore and restart device**" it will then quickly change to "**Flashing complete. Device may be powered off**". Once you see the last message, you can exit DUMLdore restart the Mavic and you are DONE. If you flash ANY firmware again, it will put the NFZ back on the Mavic. Then you will need to do steps 4 and 5 again.
- Don’t forget to rename the stage2.bin file back, or swap it out again.
- Man up and send jezzab some LOVE via PayPal. This means you. All the OG’s work hard. Time to pay back and make someone happy. https://www.paypal.me/DUMLdore
Test in an area where you had NFZ warnings before, WITH PROPS OFF. I am NOT telling you to fly in a NFZ. Use your smarts. You are responsible for your flying. Not DJI.
===== Another method (ADB and Root, tested with Mavic Pro 1.04.400 on Windows 10 x64) =====
- Turn on your Mavic, connect via USB and wait for it to start up.
- Open DUMLdore (tested in version 3.20) and select "Enable ADB". Wait for the confirmation message in the status bar.
- Open as administrator: CMD and type "adb shell" and enter.
- Run, in order:
mount -o remount,rw /amt
cd amt
rm -r nfz
exit
- Restart your bird and test if the application asks you to update the FlySafe database. If it does, you're ready to go. Keep in mind that each update comes with its database built in, so **this method only works if the update you use corresponds to an NFZDB that does not contain locks for the area you want to fly**.
Note: If after the change the aircraft reports a firmware check error, simply flash the same version and the error will go away.
Big thanks to this post [[http://dji.retroroms.info/howto/dumlracer]]. I don't know who did it, but it served as my entry point. (by jmartincufre).
===== Big switch =====
Unlocking the entire system with license (big switch):
* dji/sdk/DJISDKManager
* silentmode IIRC
* License.dlf (filename)
* Base64 coded
* Com.dji.industy.pilot.homepage.homenavigationmenu
* .field private final mDeviceLimiter:DeviceLimiter
===== Led status =====
Change LED Status (can play with LED speed etc)
===== getBean =====
getBean() function that parses param file located at res/raw/flyc_param_infos)
===== NFZ Flight State Change =====
NFZ Flight State Change (could potentially change to Flying Normally)
===== Max Height Param =====
PnUqLQk4MAN3TCU7DjA+OzVDJCsTcDQFIXUhJw45MRAGGg==
g_config.flying_limit.max_height_0
===== Height Limit (yes/no?) =====
EU8gJQ8qFQ00Qz0jEzc2Cg==
HeightLimitation
===== Max Radius / Distance Param =====
PnUqLQk4MAN3TCU7DjA+OzVDJCsTcDQFIXU7IwM3LBcGGg==
g_config.flying_limit.max_radius_0
===== Distance Limit (yes/no?) =====
HUM6NgYwOgEVQyQrEz8tDTZE
DistanceLimitation
===== Decrypt =====
Decrypt above with:
python defog_one_string.py 2 STRINGtoDECRYPT
===== NFZ DB Keys =====
|nfz db encryption key|slkIUOIjf234w4dfaLIKJ793s3j|
|Geo1860 aes key|hpBzum8Ht1aGpB8YCB2&KcW#jwdaWBx9|
|Geo aes key|E72AA69EC4B8E342B3DCC3A7834EB|
|Geo1860 db Signature key|E72AA69EC4B8E342B3DCC3A7834EB|
===== Create NFZ Patch =====
==== apktool.yml ====
remove:
assets/expansion/internal/flysafe/dji.nfzdb.confumix
assets/expansion/internal/flysafe/dji.nfzdb.sig
==== AndroidManifest.xml ====
remove:
==== smali_classes3 > dji > data > upgrade > d > a.smali ====
remove:
.line 202
==== res > layout > v2_upgrade_data_activity.xml ====
===== Current NFZ Patch =====
==== RUNME.BAT file ====
if "%%f"=="removeNFZ" ( echo.-: Deleting all NFZ db all files...
del /f /q "assets\expansion\internal\flysafe\dji.nfzdb.confumix"
del /f /q "assets\expansion\internal\flysafe\dji.nfzdb.sig"
del /f /q "assets\expansion\internal\flysafe\flysafe_areas_djigo.db"
del /f /q "assets\expansion\internal\flysafe\flysafe_polygon_1860.db"
del /f /q "assets\expansion\internal\flysafe\flyforbid_airmap\*.json"
del /f /q "res\raw\flyforbid.json"
copy /b NUL "res\raw\flyforbid.json" )
==== RUNME.SH file ====
if [ "$patch" == "removeNFZ" ]
then
rm assets/expansion/internal/flysafe/dji.nfzdb.confumix
rm assets/expansion/internal/flysafe/dji.nfzdb.sig
rm assets/expansion/internal/flysafe/flysafe_areas_djigo.db
rm assets/expansion/internal/flysafe/flysafe_polygon_1860.db
rm assets/expansion/internal/flysafe/flyforbid_airmap/*.json
rm res/raw/flyforbid.json
touch res/raw/flyforbid.json
fi
==== removeNFZ.patch ====
=== AndroidManifest.xml ===
diff -Naur orig/AndroidManifest.xml mod/AndroidManifest.xml
--- orig/AndroidManifest.xml 2018-01-25 21:31:44.000000000 -0500
+++ mod/AndroidManifest.xml 2018-01-25 21:36:55.000000000 -0500
@@ -72,7 +72,6 @@
-
@@ -276,7 +275,6 @@
-
=== a.smali ===
diff -Naur orig/smali_classes3/dji/data/upgrade/d/a.smali mod/smali_classes3/dji/data/upgrade/d/a.smali
--- orig/smali_classes3/dji/data/upgrade/d/a.smali 2018-01-25 21:31:56.000000000 -0500
+++ mod/smali_classes3/dji/data/upgrade/d/a.smali 2018-01-25 21:45:50.000000000 -0500
@@ -483,8 +483,6 @@
.line 211
iget-object v0, p0, Ldji/data/upgrade/d/a;->l:Ldji/publics/widget/dialog/c;
- invoke-virtual {v0}, Ldji/publics/widget/dialog/c;->show()V
-
.line 212
return-void
.end method
@@ -652,8 +650,6 @@
.line 293
iget-object v1, p0, Ldji/data/upgrade/d/a;->m:Ldji/publics/widget/dialog/c;
- invoke-virtual {v1}, Ldji/publics/widget/dialog/c;->show()V
-
goto :goto_0
.end method
@@ -770,8 +766,6 @@
.line 341
iget-object v0, p0, Ldji/data/upgrade/d/a;->n:Ldji/publics/widget/dialog/c;
- invoke-virtual {v0}, Ldji/publics/widget/dialog/c;->show()V
-
goto :goto_0
.end method
@@ -1413,8 +1407,6 @@
.line 421
iget-object v0, p0, Ldji/data/upgrade/d/a;->p:Ldji/publics/widget/dialog/c;
- invoke-virtual {v0}, Ldji/publics/widget/dialog/c;->show()V
-
goto :goto_0
.end method
@@ -1455,8 +1447,6 @@
.line 435
iget-object v0, p0, Ldji/data/upgrade/d/a;->j:Ldji/data/upgrade/d/b;
- invoke-virtual {v0}, Ldji/data/upgrade/d/b;->show()V
-
goto :goto_0
.end method
@@ -1618,8 +1608,6 @@
.line 482
iget-object v0, p0, Ldji/data/upgrade/d/a;->q:Ldji/publics/widget/dialog/c;
- invoke-virtual {v0}, Ldji/publics/widget/dialog/c;->show()V
-
goto :goto_0
.end method
=== apktool.yml ===
diff -Naur orig/apktool.yml mod/apktool.yml
--- orig/apktool.yml 2018-01-25 16:29:49.000000000 -0500
+++ mod/apktool.yml 2018-01-25 21:25:46.000000000 -0500
@@ -5,8 +5,6 @@
- arsc
- data
- assets/build
-- assets/expansion/internal/flysafe/dji.nfzdb.confumix
-- assets/expansion/internal/flysafe/dji.nfzdb.sig
- webp
- so
- h264