This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
howto:p3fcchardmod [2019/07/28 19:55] digdat0 fot |
howto:p3fcchardmod [2020/06/30 20:06] (current) digdat0 wrong tool, oops |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Tools to force FCC mode in p3/i1 ====== | + | ====== Tools to force FCC mode in Phantom 3 / Inspire 1 aircraft |
- | This page is intended to document tools which can be used to force FCC mode in the Phantom 3 and Inspire 1 series. | + | This page is intended to document tools which can be used to force FCC mode in the Phantom 3 and Inspire 1 series. |
- | Derived from https:// | + | A method has been created to enable FCC mode as well as changing other transmission settings. There are two methods, one is sending communications to the RC directly, the second is extracting |
- | === lightbridge_stm32_hardcoder.py | + | ====== |
+ | Make sure to review this GitHub with more info: https:// | ||
- | Values it can extract | + | Create a folder, maybe named " |
- | | + | |
- | * " | + | |
- | * " | + | |
- | | + | |
- | * " | + | |
- | * " | + | |
- | | + | |
- | * " | + | |
- | | + | |
- | * " | + | |
- | * " | + | |
- | | + | |
- | * " | + | |
- | * " | + | |
- | | + | |
- | * " | + | |
- | * " | + | |
- | * " | + | |
- | Usage | ||
- | Steps to get to extract | + | Pre-reqs: |
+ | - Have installed Python 3 https:// | ||
+ | NOTE: Make sure to SET PATH for Python during install. If you don't know what this means, google it. | ||
+ | - Install the following modules via pip install | ||
+ | - elftools | ||
+ | - pyelftools | ||
+ | - pycryptodome | ||
+ | - capstone | ||
+ | - keystone | ||
+ | - keystone-engine | ||
- | | + | Once these libraries are all installed you can use the tools to decrypt the firwmare files. |
- | | + | |
- | | + | ====== |
- | | + | |
+ | We are targeting the 1400 or 1401 modules. The 1400 module is for the GL300A controller, the 1401 is for the GL300B/C controllers. <Need to include Inspire RC model> | ||
+ | |||
+ | You need to access the RC firmware files. You can find them on the [[https:// | ||
+ | |||
+ | Direct links available as well: | ||
+ | |||
+ | Phantom 3 RC: | ||
+ | <insert URL's for download> | ||
+ | |||
+ | Inspire RC: | ||
+ | |||
+ | <insert URL's for download> | ||
+ | |||
+ | Once downloaded, move the file into same folder as the files you downloaded earlier. | ||
+ | |||
+ | ===== Extract the firmware file ===== | ||
+ | |||
+ | You will go through these steps: | ||
+ | |||
+ | | ||
+ | - Convert 1400/1401 module to ELF format | ||
+ | - Extract settings from the firmware file | ||
+ | - Edit the settings | ||
+ | - Re-make the firmware file | ||
+ | - Install the firmware file | ||
+ | |||
+ | Extracting the file: | ||
+ | |||
+ | - Drop to a command prompt, Start-> | ||
+ | - Navigate to the folder where the files are located. CD\p3FCC < | ||
+ | - Type the following command: | ||
+ | dji_xv4_fwcon.py -vvv -x -p < | ||
+ | | ||
+ | - You can then type this command | ||
+ | arm_bin2elf.py -vv -e -b 0x000a000 --section .ARM.exidx@0x019300: | ||
+ | | ||
+ | | ||
| | ||
- | | + | |
+ | - You can now type this command: | ||
+ | lightbridge_stm32_hardcoder.py -vvv -x -e < | ||
+ | - This will extract the settings and you can edit them in notepad or similar editting apps | ||
+ | ====== | ||
+ | ^ Parameter Name ^ Description^ | ||
+ | ^ og_hardcoded.lightbridge_stm32.packet_received_attenuation_override ^ What to do when received a packet with transceiver power set request; 0 - use the received attenuation value, 1 - override the value with constant one| | ||
+ | ^ og_hardcoded.lightbridge_stm32.packet_received_attenuation_value ^ Constant attenuation value used when packet_received_attenuation_override is enabled; unit depends on OFDM board type| | ||
+ | ^ og_hardcoded.lightbridge_stm32.board_ad3_attenuation_tx1_fcc ^ Transceiver attenuation value for board type 3 with Analog Devices chip, change by 1 means 0.25 dBm| | ||
+ | ^ og_hardcoded.lightbridge_stm32.board_ad3_attenuation_tx2_fcc ^ Transceiver attenuation value for board type 3 with Analog Devices chip, change by 1 means 0.25 dBm| | ||
+ | ^ og_hardcoded.lightbridge_stm32.board_ar0_attenuation_tx1_ce ^ Transceiver attenuation value for board type 0 with Artosyn chip, change by 1 means 1 dBm| | ||
+ | ^ og_hardcoded.lightbridge_stm32.board_ar0_attenuation_tx2_ce ^ Transceiver attenuation value for board type 0 with Artosyn chip, change by 1 means 1 dBm| | ||
+ | ^ og_hardcoded.lightbridge_stm32.board_ad3_attenuation_tx1_ce ^ Transceiver attenuation value for board type 4 with Analog Devices chip, change by 1 means 0.25 dBm| | ||
+ | ^ og_hardcoded.lightbridge_stm32.board_ad3_attenuation_tx2_ce ^ Transceiver attenuation value for board type 4 with Analog Devices chip, change by 1 means 0.25 dBm| | ||
+ | ^ og_hardcoded.lightbridge_stm32.power_zone_selection_override ^ What to do when power zone is about to be selected from geo coordinates; | ||
- | ==== Direct commands comm_mkdupc.py ===== | ||
- | These are commands to the RC plugged in via USB to PC using comm_mkdupc.py. This tool is a DUML Packet Builder with hex string output. https:// | ||
+ | ====== | ||
+ | You can also use the tool comm_serialtalk.py to send commands to the RC to see the status or change status. | ||
- | * To set CE: | + | These are commands to the RC plugged in via USB to PC using comm_serialtalk.py. |
- | ./ | + | |
+ | * To set CE: python comm_serialtalk.py COM6 -vv --timeout=5000 --receiver_type=OFDM_Ground --seq_num=5552 --ack_type=ACK_After_Exec --cmd_set=OFDM --cmd_id=6 --payload_hex=“F7 FF 00” | ||
- | * To set FCC: | ||
- | ./ | ||
+ | * To set FCC: python comm_serialtalk.py COM6 -vv --timeout=5000 --receiver_type=OFDM_Ground --seq_num=5553 --ack_type=ACK_After_Exec --cmd_set=OFDM --cmd_id=6 --payload_hex=“F7 FF 01” | ||
- | * To disallow the RC to reset the value by itself: | ||
- | ./ | ||
- | * To check (query) currently set zone: | + | * To disallow the RC to reset the value by itself: python comm_serialtalk.py COM6 -vv --timeout=5000 --receiver_type=OFDM_Ground |
- | ./ | + | |
- | + | ||
+ | * To check (query) currently set zone: python comm_serialtalk.py COM6 -vv --timeout=5000 --receiver_type=OFDM_Ground --seq_num=5555 --ack_type=ACK_After_Exec --cmd_set=OFDM --cmd_id=7 --payload_hex=“F7 FF” | ||
- | ==== Misc ==== | ||
- | P1765Fw3.bin means something, service file name? gs_ofdm.bin? | ||
+ | ====== | ||
+ | Need to add install steps for FW. | ||
- | m1400 is probably used only by GL300a/b; the c version likely uses m1401 | + | ==== Misc ==== |
+ | P1765Fw3.bin means something, service file name? gs_ofdm.bin? | ||
+ | 1400 is probably used only by GL300a/b; the c version likely uses m1401 |