1. Forum
  3. Development
  5. Protocol Development
  7. Yi Zhan i6S capture

Yi Zhan i6S capture

More
01 Feb 2016 14:20 - 01 Feb 2016 14:21 #42489 by goebish
Replied by goebish on topic Yi Zhan i6S capture
Work in progress, it's almost working, just that CRC is a bit more difficult than I expected... as I did one year ago for scrambled mode, I've to brute force crc xorout for every payload size... so emulation layer should be ready tonight :)
Last edit: 01 Feb 2016 14:21 by goebish.

Please Log in or Create an account to join the conversation.

More
01 Feb 2016 14:34 #42491 by SeByDocKy
Replied by SeByDocKy on topic Yi Zhan i6S capture

goebish wrote: Work in progress, it's almost working, just that CRC is a bit more difficult than I expected... as I did one year ago for scrambled mode, I've to brute force crc xorout for every payload size... so emulation layer should be ready tonight :)


Crazy guy :) :P

Please Log in or Create an account to join the conversation.

More
01 Feb 2016 19:22 #42492 by goebish
Replied by goebish on topic Yi Zhan i6S capture
I think it's ready, but I'm struggling to build for the 7e, looks like it runs out of flash or ram space ... again.
Which arm gcc version are you guys using ? mine is a bit old (4.8.3, 2014q1)...

Please Log in or Create an account to join the conversation.

More
01 Feb 2016 19:41 - 01 Feb 2016 20:03 #42493 by goebish
Replied by goebish on topic Yi Zhan i6S capture 
+ Building 'objs/devo7e/cx10_nrf24l01.bin'
./target/devo7e/protocol.ld:18 cannot move location counter backwards (from 20004f11 to 20004f10)
make: *** [objs/devo7e/cx10_nrf24l01.bin] Error 1

Question:
The linker says something like /linkerscript.ld:221 cannot move location counter backwards (from 4000fb4c to 4000ec98). What's wrong?
Answer:
Your application is too big and won't fit into RAM or the ROM of the target platform.

File Attachment:


edit: I've to check if it chokes only on cx10 module ...
Last edit: 01 Feb 2016 20:03 by goebish.

Please Log in or Create an account to join the conversation.

More
01 Feb 2016 19:59 #42495 by SeByDocKy
Replied by SeByDocKy on topic Yi Zhan i6S capture
compile it for my devo10 too

Please Log in or Create an account to join the conversation.

More
01 Feb 2016 20:19 #42496 by goebish
Replied by goebish on topic Yi Zhan i6S capture
Ok, let's see if we're having some sign of life:

Devo 10

Please Log in or Create an account to join the conversation.

More
01 Feb 2016 20:38 #42498 by goebish
Replied by goebish on topic Yi Zhan i6S capture
redownload if you've already downloaded, I've made a change.

Please Log in or Create an account to join the conversation.

More
01 Feb 2016 20:55 #42499 by goebish
Replied by goebish on topic Yi Zhan i6S capture
Note that I can't make more tests myself because the xn297 (non L) I'm using can't do 250Kbps ;)
Only 1 & 2Mbps ...

Please Log in or Create an account to join the conversation.

More
01 Feb 2016 21:08 #42500 by SeByDocKy
Replied by SeByDocKy on topic Yi Zhan i6S capture

goebish wrote: Note that I can't make more tests myself because the xn297 (non L) I'm using can't do 250Kbps ;)
Only 1 & 2Mbps ...


Not working :( ... SNifff :(

Please Log in or Create an account to join the conversation.

More
01 Feb 2016 21:11 #42501 by goebish
Replied by goebish on topic Yi Zhan i6S capture
Maybe I made a mistake with the protocol...
I'll check that.

If only I had a XN297L breakout ....

Please Log in or Create an account to join the conversation.

More
02 Feb 2016 11:34 #42508 by goebish
Replied by goebish on topic Yi Zhan i6S capture
oops, my last build was still transmitting in scrambled mode, please try this one :)

Devo 10

Please Log in or Create an account to join the conversation.

More
02 Feb 2016 15:03 - 02 Feb 2016 15:22 #42515 by goebish
Replied by goebish on topic Yi Zhan i6S capture
Meanwhile I'll try to fully understand how the CRC calculation works because as victzh has already stated, that's not normal that we need an hardcoded table of xorout for each possible payload length, it works that way, but that means something is wrong (wrong inital value?) or missing in the algo.

victzh wrote: I had a suspicion, or more precisely, a sign that my CRC algorithm is defective.

victzh wrote: There are still puzzles, may be more of theoretical value. I don't believe that the XOR sequence and these XOROUT constants are stored somewhere in the chip. I think they are byproduct of some calculation, may be of CRC itself.


... if I can understand how it really works that should fix the code size issue for the 7e ...
Last edit: 02 Feb 2016 15:22 by goebish.

Please Log in or Create an account to join the conversation.

More
02 Feb 2016 16:43 - 03 Feb 2016 00:34 #42519 by goebish
Replied by goebish on topic Yi Zhan i6S capture
Haha !

I think I got a winner by feeding crc reveng with MSb payload and LSb crc pairs !
$ reveng -w 16 -s 000069 def356 000011f0 deadd54b deadbee62d deadbeef946d deadbeef00bad0f00d00eeab
width=16  poly=0x1021  init=0x4d66  refin=true  refout=true  xorout=0xffff  check=0x4746  name=(none)
width=16  poly=0x1021  init=0xbd79  refin=true  refout=true  xorout=0x07f0  check=0x4746  name=(none)

seems the same init and xorout values are working for different payload lengths :) ... and 0xffff as xorout is very common.

Now to get that working with scrambled and unscrambled modes then I should be able to remove the 2 hardcoded xorout tables, that should free up something like 208 bytes of memory :)
Last edit: 03 Feb 2016 00:34 by goebish.

Please Log in or Create an account to join the conversation.

More
02 Feb 2016 16:49 #42520 by SeByDocKy
Replied by SeByDocKy on topic Yi Zhan i6S capture

goebish wrote: Haha !

I think I got a winner by feeding crc reveng with MSB payload and LSB crc pairs !

$ reveng -w 16 -s 000069 def356 000011f0 deadd54b deadbee62d deadbeef946d deadbeef00bad0f00d00eeab
width=16  poly=0x1021  init=0x4d66  refin=true  refout=true  xorout=0xffff  check=0x4746  name=(none)
width=16  poly=0x1021  init=0xbd79  refin=true  refout=true  xorout=0x07f0  check=0x4746  name=(none)

seems the same init and xorout values are working for different payload lengths :)


Clap clap :)

Now to get that working with scrambled and unscrambled modes then I should be able to remove the 2 hardcoded xorout tables, that should free up something like 208 bytes of memory :)

Please Log in or Create an account to join the conversation.

More
02 Feb 2016 19:00 - 02 Feb 2016 19:01 #42523 by SeByDocKy
Replied by SeByDocKy on topic Yi Zhan i6S capture

goebish wrote: oops, my last build was still transmitting in scrambled mode, please try this one :)

Devo 10



WORKING !!!! :)


But AIL, ELE channels inverted eachother ... and RUDDLER need to be inverted !=
Last edit: 02 Feb 2016 19:01 by SeByDocKy.

Please Log in or Create an account to join the conversation.

More
02 Feb 2016 19:02 - 02 Feb 2016 19:07 #42524 by goebish
Replied by goebish on topic Yi Zhan i6S capture
Yeah :cheer:

Now let me work on the CRC stuff (I'm still struggling with it, but it's almost there) so it can fit on the 7e ...

I'll work on flags later ;)
Last edit: 02 Feb 2016 19:07 by goebish.

Please Log in or Create an account to join the conversation.

More
02 Feb 2016 20:42 - 03 Feb 2016 01:54 #42526 by goebish
Replied by goebish on topic Yi Zhan i6S capture
Finally ... CRC for payload of arbitrary length is calculated without requiring an array of xorout constants :)
(for unscrambled mode only, but it shouldn't take long to make it work with scrambled mode...)

I need some aspirin now :)
Last edit: 03 Feb 2016 01:54 by goebish.

Please Log in or Create an account to join the conversation.

More
03 Feb 2016 00:08 - 03 Feb 2016 01:28 #42536 by goebish
Replied by goebish on topic Yi Zhan i6S capture
It's working, scrambled, unscrambled, with crc enabled or disabled ... without requiring xorout tables anymore :)
Maybe we could get rid of the scrambling table too, I keep that as a future exercise.

... that was a lot of fun, this is the kind of stuff that would deserve a blog article (sniffing, decoding / unscrambling, crc cracking ...), but I'm just too lazy to write on a blog :P

Back to the i6S protocol now...

I swapped aileron and elevator channels and reversed rudder.
Please test, then I'll check the flags.

Devo 7e
Devo 10
source

It's currently using your stock tx id, but it should work with an arbitrary id as well, we'll check later, but your tx id / rf channels matches with what I have for H7 / MT9916.
Last edit: 03 Feb 2016 01:28 by goebish.

Please Log in or Create an account to join the conversation.

More
03 Feb 2016 07:16 #42541 by SeByDocKy
Replied by SeByDocKy on topic Yi Zhan i6S capture

goebish wrote: It's working, scrambled, unscrambled, with crc enabled or disabled ... without requiring xorout tables anymore :)
Maybe we could get rid of the scrambling table too, I keep that as a future exercise.

... that was a lot of fun, this is the kind of stuff that would deserve a blog article (sniffing, decoding / unscrambling, crc cracking ...), but I'm just too lazy to write on a blog :P

Back to the i6S protocol now...

I swapped aileron and elevator channels and reversed rudder.
Please test, then I'll check the flags.

Devo 7e
Devo 10
source

It's currently using your stock tx id, but it should work with an arbitrary id as well, we'll check later, but your tx id / rf channels matches with what I have for H7 / MT9916.



Just tested with my 7E .... it doesn't bind anymore :(

Please Log in or Create an account to join the conversation.

More
03 Feb 2016 14:51 - 03 Feb 2016 15:26 #42543 by goebish
Replied by goebish on topic Yi Zhan i6S capture
Hmmm probably a stupid question, but are you sure the module you have in your 7e can do 250Kbps ?

I tested unscrambled mode + crc with 9 byte payload on my test xn297 RX (but at 1Mbps...) and it's working fine, when I start my Devo10 with i6S protocol selected (but hacked for 1MBps...) my "rx" receives the bind packets.
Last edit: 03 Feb 2016 15:26 by goebish.

Please Log in or Create an account to join the conversation.

  1. Forum
  3. Development
  5. Protocol Development
  7. Yi Zhan i6S capture
Time to create page: 0.070 seconds
Powered by Kunena Forum
Force desktop display