- Posts: 2631
The New Hubsans
27 Nov 2015 09:11 - 09 Dec 2015 15:37 #40426
by goebish
I suppose this is a SWIM header to flash the STM8 mcu, Useless for us, except if we'd like to reprogram the stock transmitter for other purposes
Replied by goebish on topic The New Hubsans
Nuggetz wrote: Anyone know what the 4 breakout pins are on the back? There's a cutout behind the batteries that give access to those 4 pins.
I suppose this is a SWIM header to flash the STM8 mcu, Useless for us, except if we'd like to reprogram the stock transmitter for other purposes
Please Log in or Create an account to join the conversation.
01 Dec 2015 11:34 - 01 Dec 2015 11:36 #40527
by goebish
Replied by goebish on topic The New Hubsans
bangkomit, have a look at this thread:
www.deviationtx.com/forum/protocol-devel...95-spi-capture-guide
feel free to ask if you need more help
Please post in the forums, don't be shy, there are a few issues with PMs right now.
www.deviationtx.com/forum/protocol-devel...95-spi-capture-guide
feel free to ask if you need more help
Please post in the forums, don't be shy, there are a few issues with PMs right now.
Please Log in or Create an account to join the conversation.
02 Dec 2015 09:42 #40555
by goebish
Replied by goebish on topic The New Hubsans
Thanks bangkomit, I'll check that
Please Log in or Create an account to join the conversation.
02 Dec 2015 11:38 - 14 Dec 2015 09:42 #40556
by goebish
Replied by goebish on topic The New Hubsans
So, new "plus" protocol shares similarities with former one, but is also quite different :
Former H107 Tx protocol: bit.ly/1Ndrfgw
* currently implemented in Deviation (PB)
H107L/C/D Tx protocol: www.deviationtx.com/media/kunena/attachments/1240/dump.txt
* proper H107L/C/D format has never been implemented because those aircrafts also work with former protocol, leds / flip / vTX / telemetry were added and it worked like that ...
* no more Transmitter ID ***
* no unknown fixed bytes in bind packets ***
* during bind stage 3, first byte of session id is replaced with an handshake counter in Tx packets ***
* one extra Tx packet at end of bind (handshake counter = 9) ***
* doesn't transmit on channel+0x23 every 5 data packets anymore ***
***: NOT required for H107L/C/D to work, hence it has never been implemented in Deviation
New "Hubsan+" series Tx protocol (H107P, H107C+, H107D+):
* new transmitter with spring loaded throttle stick, auto altitude hold, neutral throttle at mid stick
* uses the same a7105 init & frequency selection method than former versions
* different data ID during 1st bind stage
* almost similar to H107L/C/D format
* during bind stages 2 & 3, hh ii hold 0x62 0x12 in Tx packets
* aircraft expects properly crafted bind packets (handshake counter in tx packets), unlike H107L/C/D
* no more telemetry, well, transmitter is listening but aircraft doesn't send anything
* headless mode
* camera on H107C+/D+ can be controlled from transmitter, snapshot and video recording
* leds can't be controlled anymore ?
.
bangkomit, I think the previous capture is not complete (it doesn't start with 00 00 = reset), start the capture before powering the transmitter on, or setup a trigger on clock channel, but aside from that it's perfect, good job
Former H107 Tx protocol: bit.ly/1Ndrfgw
* currently implemented in Deviation (PB)
H107L/C/D Tx protocol: www.deviationtx.com/media/kunena/attachments/1240/dump.txt
* proper H107L/C/D format has never been implemented because those aircrafts also work with former protocol, leds / flip / vTX / telemetry were added and it worked like that ...
* no more Transmitter ID ***
* no unknown fixed bytes in bind packets ***
* during bind stage 3, first byte of session id is replaced with an handshake counter in Tx packets ***
* one extra Tx packet at end of bind (handshake counter = 9) ***
* doesn't transmit on channel+0x23 every 5 data packets anymore ***
***: NOT required for H107L/C/D to work, hence it has never been implemented in Deviation
New "Hubsan+" series Tx protocol (H107P, H107C+, H107D+):
* new transmitter with spring loaded throttle stick, auto altitude hold, neutral throttle at mid stick
* uses the same a7105 init & frequency selection method than former versions
* different data ID during 1st bind stage
* almost similar to H107L/C/D format
* during bind stages 2 & 3, hh ii hold 0x62 0x12 in Tx packets
* aircraft expects properly crafted bind packets (handshake counter in tx packets), unlike H107L/C/D
* no more telemetry, well, transmitter is listening but aircraft doesn't send anything
* headless mode
* camera on H107C+/D+ can be controlled from transmitter, snapshot and video recording
* leds can't be controlled anymore ?
.
bind
----
stage 1
Id: AA 20 10 41 ; different chip ID
Tx: 01 82 3C 7A 9E 2D 00 00 00 00 00 00 00 00 00 FC ; 3C 7A 9E 2D = random session id
Tx: 01 82 3C 7A 9E 2D 00 00 00 00 00 00 00 00 00 FC ; no more transmitter ID
Tx: 01 82 3C 7A 9E 2D 00 00 00 00 00 00 00 00 00 FC
Tx: 01 82 3C 7A 9E 2D 00 00 00 00 00 00 00 00 00 FC
Tx: 01 82 3C 7A 9E 2D 00 00 00 00 00 00 00 00 00 FC
Rx: 02 82 3C 7A 9E 2D 00 00 00 00 00 00 00 00 00 FB
Tx: 03 82 3C 7A 9E 2D 00 00 00 00 00 00 00 00 00 FA
Rx: 04 82 3C 7A 9E 2D 00 00 00 00 00 00 00 00 00 F9
stage 2
Id: 3C 7A 9E 2D ; chip ID = session ID, as before
Tx: 01 82 3C 7A 9E 2D 00 62 16 00 00 00 00 00 00 84 ; 62 16, unknown but fixed
Rx: 02 82 3C 7A 9E 2D 03 07 00 00 00 00 00 00 00 F1
stage 3
Tx: 09 82 00 7A 9E 2D 00 62 16 00 00 00 00 00 00 B8 ; 1st byte of session id
Rx: 0A 01 3C 7A 9E 2D 03 07 00 00 00 00 00 00 00 6A
Tx: 09 82 01 7A 9E 2D 00 62 16 00 00 00 00 00 00 B7 ; is replaced with a counter
Rx: 0A 02 3C 7A 9E 2D 03 07 00 00 00 00 00 00 00 69
Tx: 09 82 02 7A 9E 2D 00 62 16 00 00 00 00 00 00 B6 ; in tx packets (new)
Rx: 0A 03 3C 7A 9E 2D 03 07 00 00 00 00 00 00 00 68 ; aircraft replies with counter+1
Tx: 09 82 03 7A 9E 2D 00 62 16 00 00 00 00 00 00 B5
Rx: 0A 04 3C 7A 9E 2D 03 07 00 00 00 00 00 00 00 67 ; in 2nd byte (as before)
Tx: 09 82 04 7A 9E 2D 00 62 16 00 00 00 00 00 00 B4
Rx: 0A 05 3C 7A 9E 2D 03 07 00 00 00 00 00 00 00 66
Tx: 09 82 05 7A 9E 2D 00 62 16 00 00 00 00 00 00 B3
Rx: 0A 06 3C 7A 9E 2D 03 07 00 00 00 00 00 00 00 65
Tx: 09 82 06 7A 9E 2D 00 62 16 00 00 00 00 00 00 B2
Rx: 0A 07 3C 7A 9E 2D 03 07 00 00 00 00 00 00 00 64
Tx: 09 82 07 7A 9E 2D 00 62 16 00 00 00 00 00 00 B1
Rx: 0A 08 3C 7A 9E 2D 03 07 00 00 00 00 00 00 00 63
Tx: 09 82 08 7A 9E 2D 00 62 16 00 00 00 00 00 00 B0
Rx: 0A 09 3C 7A 9E 2D 03 07 00 00 00 00 00 00 00 62
Tx: 09 82 09 7A 9E 2D 00 62 16 00 00 00 00 00 00 AF ; one extra tx packet
data
----
aa bb cc dd ee ff gg hh ii jj kk ll mm nn oo pp
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5C 00 49 F0 ; slightly different data packet
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5D 00 4B ED ; dd ee hh = 0x64, fixed
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5C 00 4A EF ; TREA still at the same places
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5C 00 4A EF ; (bb dd ff hh) range 0-255
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5C 00 4A EF ; kk ll mm nn is obviously
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5C 00 4A EF ; different as there's no more
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5C 00 49 F0 ; transmitter ID
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5C 00 4A EF ; kk = 0x19, ll = 0, fixed
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5D 00 4A EE ; mm oo seem to hold 2 channels
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5C 00 4A EF ; values, perhaps coming from
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5D 00 4A EE ; floating ADCs ?
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5D 00 4C EC ; pp is checksum:
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5D 00 4C EC ; pp=(256-(sum[aa:oo]%256))&0xff
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5D 00 4C EC
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5D 00 4C EC ; jj = flags 1:
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5F 00 52 E4 ; 0x06 always set
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5F 00 52 E4 ; | 0x01 video recording
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5C 00 4A EF ; | 0x08 headless mode
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5C 00 4A EF ; nn = flags 2:
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5D 00 4C EC ; | 0x01 snapshot
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5C 00 4A EF ; | 0x80 flip mode
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5F 00 52 E4
Tx: 40 16 67 82 78 64 80 64 80 06 19 00 30 00 29 09 ; vTX packet starts with 0x40
Tx: 40 16 67 82 78 64 80 64 80 06 19 00 30 00 29 09 ; instead of 0x20 and uses
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5E 00 52 E5 ; bb cc to set frequency
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5F 00 53 E3 ; eg 0x1667 = 5735 MHz
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5F 00 52 E4 ; also, dd = 0x82
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5F 00 52 E4 ; other bytes are the same than
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5F 00 52 E4 ; regular data packet
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5F 00 52 E4 ; it's sent twice in a row
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5F 00 52 E4 ; everytime there's a frequency
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5F 00 52 E4 ; change (same as H107D)
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5F 00 53 E3
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5F 00 52 E4
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5F 00 52 E4
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5F 00 52 E4
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5F 00 52 E4
Tx: 20 00 80 64 80 64 80 64 80 06 19 00 5E 00 52 E5
...bangkomit, I think the previous capture is not complete (it doesn't start with 00 00 = reset), start the capture before powering the transmitter on, or setup a trigger on clock channel, but aside from that it's perfect, good job
Please Log in or Create an account to join the conversation.
02 Dec 2015 15:49 - 03 Dec 2015 01:03 #40562
by goebish
Replied by goebish on topic The New Hubsans
it's starting to talk, now I've to compare that with the former protocol
Please Log in or Create an account to join the conversation.
04 Dec 2015 11:28 - 04 Dec 2015 17:20 #40591
by goebish
Replied by goebish on topic The New Hubsans
I started to implement the "plus" format, now I need more captures
- rudder / aileron / elevator channels with transmitter set to "100% expert" mode
- every features you can think of (leds on/off, auto flip on/off, vTX frequency change ....)
Please make 1 capture per feature, that's easier to work with.
- rudder / aileron / elevator channels with transmitter set to "100% expert" mode
- every features you can think of (leds on/off, auto flip on/off, vTX frequency change ....)
Please make 1 capture per feature, that's easier to work with.
Please Log in or Create an account to join the conversation.
07 Dec 2015 00:33 #40641
by AndyRC
Replied by AndyRC on topic The New Hubsans
still waiting for my logic analyzer unless bangkomit can provide
unless bangkomit can provide Please Log in or Create an account to join the conversation.
07 Dec 2015 12:26 - 07 Dec 2015 12:55 #40652
by goebish
Replied by goebish on topic The New Hubsans
Here's a test firmware, there's no guaranty it will work as it only changes A7105 chip ID during 1st bind stage, the rest of the protocol seems to be the same than
H107L
/C/D, it is slightly different than the one implemented in deviation actually (H107 first version), but there's a chance it will work though as no changes were required to control L/C/D versions with old protocol
Select "+ Series" in Hubsan4 protocol options (Format).
I think that's better to start TX with throttle at mid stick, as with stock tx + a deadband may be required around mid throttle.
Devo 7e
Devo 10
source
Select "+ Series" in Hubsan4 protocol options (Format).
I think that's better to start TX with throttle at mid stick, as with stock tx + a deadband may be required around mid throttle.
Devo 7e
Devo 10
source
Please Log in or Create an account to join the conversation.
07 Dec 2015 13:54 #40655
by AndyRC
Replied by AndyRC on topic The New Hubsans
wonderful i will try when i get home later
Please Log in or Create an account to join the conversation.
Time to create page: 0.106 seconds
-
Home
-
Forum
-
Development
-
Protocol Development
- The New Hubsans