howto:p3fcchardmod
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
howto:p3fcchardmod [2019/07/28 19:42] digdat0 created |
howto:p3fcchardmod [2020/06/30 20:06] (current) digdat0 wrong tool, oops |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Tools to force FCC mode in p3/i1 ====== | + | ====== Tools to force FCC mode in Phantom 3 / Inspire 1 aircraft |
| - | This page is intended to document tools which can be used to force FCC mode in the Phantom 3 and Inspire 1 series. | + | This page is intended to document tools which can be used to force FCC mode in the Phantom 3 and Inspire 1 series. |
| - | Derived from https:// | + | A method has been created to enable FCC mode as well as changing other transmission settings. There are two methods, one is sending communications to the RC directly, the second is extracting |
| - | === lightbridge_stm32_hardcoder.py | + | ====== |
| + | Make sure to review this GitHub with more info: https:// | ||
| - | Values it can extract | + | Create a folder, maybe named " |
| - | " | + | - Download [[https://github.com/o-gs/dji-firmware-tools/ |
| - | " | + | - Download [[https://github.com/ |
| - | " | + | - Download [[https://github.com/ |
| - | " | + | - Download [[https://github.com/ |
| - | " | + | - Download [[https://github.com/ |
| - | " | + | - Download [[https://github.com/ |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | Usage | ||
| - | Steps to get to extract | + | Pre-reqs: |
| + | - Have installed Python 3 https:// | ||
| + | NOTE: Make sure to SET PATH for Python during install. If you don't know what this means, google it. | ||
| + | - Install the following modules via pip install | ||
| + | - elftools | ||
| + | - pyelftools | ||
| + | - pycryptodome | ||
| + | - capstone | ||
| + | - keystone | ||
| + | - keystone-engine | ||
| - | dji_xv4_fwcon.py -vvv -x -p < | + | Once these libraries are all installed you can use the tools to decrypt the firwmare files. |
| - | arm_bin2elf.py -vv -e -b 0x000a000 --section .ARM.exidx@0x019300: | + | |
| - | | + | ====== |
| - | | + | |
| + | We are targeting the 1400 or 1401 modules. The 1400 module is for the GL300A controller, the 1401 is for the GL300B/C controllers. <Need to include Inspire RC model> | ||
| + | |||
| + | You need to access the RC firmware files. You can find them on the [[https:// | ||
| + | |||
| + | Direct links available as well: | ||
| + | |||
| + | Phantom 3 RC: | ||
| + | <insert URL's for download> | ||
| + | |||
| + | Inspire RC: | ||
| + | |||
| + | <insert URL's for download> | ||
| + | |||
| + | Once downloaded, move the file into same folder as the files you downloaded earlier. | ||
| + | |||
| + | ===== Extract the firmware file ===== | ||
| + | |||
| + | You will go through these steps: | ||
| + | |||
| + | - Extract main firmware file | ||
| + | - Convert 1400/1401 module to ELF format | ||
| + | - Extract settings from the firmware file | ||
| + | - Edit the settings | ||
| + | - Re-make the firmware file | ||
| + | - Install the firmware file | ||
| + | |||
| + | Extracting the file: | ||
| + | |||
| + | - Drop to a command prompt, Start-> | ||
| + | - Navigate to the folder where the files are located. CD\p3FCC < | ||
| + | - Type the following command: | ||
| + | dji_xv4_fwcon.py -vvv -x -p < | ||
| + | - Now, open the folder and you should see the .1401 file. | ||
| + | - You can then type this command | ||
| + | arm_bin2elf.py -vv -e -b 0x000a000 --section .ARM.exidx@0x019300: | ||
| + | | ||
| + | | ||
| | | ||
| - | lightbridge_stm32_hardcoder.py -vvv -x -e < | + | - you should see the .1401 elf file in the folder. |
| + | - You can now type this command: | ||
| + | lightbridge_stm32_hardcoder.py -vvv -x -e < | ||
| + | - This will extract the settings and you can edit them in notepad or similar editting apps | ||
| + | |||
| + | |||
| + | ====== | ||
| + | |||
| + | ^ Parameter Name ^ Description^ | ||
| + | ^ og_hardcoded.lightbridge_stm32.packet_received_attenuation_override ^ What to do when received a packet with transceiver power set request; 0 - use the received attenuation value, 1 - override the value with constant one| | ||
| + | ^ og_hardcoded.lightbridge_stm32.packet_received_attenuation_value ^ Constant attenuation value used when packet_received_attenuation_override is enabled; unit depends on OFDM board type| | ||
| + | ^ og_hardcoded.lightbridge_stm32.board_ad3_attenuation_tx1_fcc ^ Transceiver attenuation value for board type 3 with Analog Devices chip, change by 1 means 0.25 dBm| | ||
| + | ^ og_hardcoded.lightbridge_stm32.board_ad3_attenuation_tx2_fcc ^ Transceiver attenuation value for board type 3 with Analog Devices chip, change by 1 means 0.25 dBm| | ||
| + | ^ og_hardcoded.lightbridge_stm32.board_ar0_attenuation_tx1_ce ^ Transceiver attenuation value for board type 0 with Artosyn chip, change by 1 means 1 dBm| | ||
| + | ^ og_hardcoded.lightbridge_stm32.board_ar0_attenuation_tx2_ce ^ Transceiver attenuation value for board type 0 with Artosyn chip, change by 1 means 1 dBm| | ||
| + | ^ og_hardcoded.lightbridge_stm32.board_ad3_attenuation_tx1_ce ^ Transceiver attenuation value for board type 4 with Analog Devices chip, change by 1 means 0.25 dBm| | ||
| + | ^ og_hardcoded.lightbridge_stm32.board_ad3_attenuation_tx2_ce ^ Transceiver attenuation value for board type 4 with Analog Devices chip, change by 1 means 0.25 dBm| | ||
| + | ^ og_hardcoded.lightbridge_stm32.power_zone_selection_override ^ What to do when power zone is about to be selected from geo coordinates; | ||
| + | |||
| + | ====== | ||
| + | You can also use the tool comm_serialtalk.py to send commands to the RC to see the status or change status. | ||
| + | These are commands to the RC plugged in via USB to PC using comm_serialtalk.py. | ||
| + | * To set CE: python comm_serialtalk.py COM6 -vv --timeout=5000 --receiver_type=OFDM_Ground --seq_num=5552 --ack_type=ACK_After_Exec --cmd_set=OFDM --cmd_id=6 --payload_hex=“F7 FF 00” | ||
| - | ==== Direct commands comm_mkdupc.py ===== | ||
| - | To set CE: | + | * To set FCC: python comm_serialtalk.py COM6 -vv --timeout=5000 --receiver_type=OFDM_Ground |
| - | ./ | + | |
| - | To set FCC: | + | * To disallow the RC to reset the value by itself: python comm_serialtalk.py COM6 -vv --timeout=5000 --receiver_type=OFDM_Ground |
| - | ./ | + | |
| - | To disallow the RC to reset the value by itself: | + | * To check (query) currently set zone: python comm_serialtalk.py COM6 -vv --timeout=5000 --receiver_type=OFDM_Ground |
| - | ./ | + | |
| - | To check (query) currently set zone: | ||
| - | ./ | ||
| - | |||
| + | ====== | ||
| + | Need to add install steps for FW. | ||
| ==== Misc ==== | ==== Misc ==== | ||
| - | P1765Fw3.bin means something, service file name? | + | P1765Fw3.bin means something, service file name? gs_ofdm.bin? |
| - | m1400 is probably used only by GL300a/b; the c version likely uses m1401 | + | 1400 is probably used only by GL300a/b; the c version likely uses m1401 |
howto/p3fcchardmod.1564342954.txt.gz · Last modified: 2019/07/28 19:42 by digdat0
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
