EAchine E012

More
28 May 2017 19:50 #62661 by SeByDocKy
Replied by SeByDocKy on topic EAchine E012

goebish wrote: The protocol seems simple... data address & hopping frequencies are sent in clear text during bind, shouldn't be hard to implement, also I've already written some code to emulate the HS6200 some time ago , I'm only missing a few scrambling bytes which I've to capture over the air.


Great :) so a future good news for any HS6200 other protocols if the scrambling is common

Please Log in or Create an account to join the conversation.

  • goebish
  • goebish's Avatar Topic Author
  • Offline
  • I Void Warranties
More
28 May 2017 20:06 #62662 by goebish
Replied by goebish on topic EAchine E012
yes it should always be the same as we can't set an arbitrary scrambling seed.

Please Log in or Create an account to join the conversation.

  • goebish
  • goebish's Avatar Topic Author
  • Offline
  • I Void Warranties
More
12 Jun 2017 12:15 - 12 Jun 2017 12:15 #62940 by goebish
Replied by goebish on topic EAchine E012
Look at what I got in the mail this morning:



Ya plus qu'à ;)
Last edit: 12 Jun 2017 12:15 by goebish.

Please Log in or Create an account to join the conversation.

  • goebish
  • goebish's Avatar Topic Author
  • Offline
  • I Void Warranties
More
12 Jun 2017 14:03 - 13 Jun 2017 11:56 #62942 by goebish
Replied by goebish on topic EAchine E012
scrambling is defeated and the protocol is thoroughly understood, I "only" have to implement it now, expect a test build soon™.

raw packet: 55 55 3c 27 af 81 a0 ad bd 14 39 f3 e9 e0 fe e0 99 b3 59 7b fa 
guard: 55 55
len: 15
pid: 0
no ack: 0
raw payload        : 4f 5f 03 41 5b 7a 28 73 e7 d3 c1 fd c1 33 66 
unscrambled payload: cf aa 38 4c 36 50 d1 cf b6 5d 8d 00 00 56 b6 
crc: b2 f7

raw packet: 55 55 3d 27 af 81 a0 ad bd 14 39 f3 e9 e0 fe e0 99 b3 79 4f 39 
guard: 55 55
len: 15
pid: 1
no ack: 0
raw payload        : 4f 5f 03 41 5b 7a 28 73 e7 d3 c1 fd c1 33 66 
unscrambled payload: cf aa 38 4c 36 50 d1 cf b6 5d 8d 00 00 56 b6 
crc: f2 9e

raw packet: 55 55 3e 27 af 81 a0 ad bd 14 39 f3 e9 e0 fe e0 99 b3 19 12 fb 
guard: 55 55
len: 15
pid: 2
no ack: 0
raw payload        : 4f 5f 03 41 5b 7a 28 73 e7 d3 c1 fd c1 33 66 
unscrambled payload: cf aa 38 4c 36 50 d1 cf b6 5d 8d 00 00 56 b6 
crc: 32 25

raw packet: 55 55 3f 27 af 81 a0 ad bd 14 39 f3 e9 e0 fe e0 99 b3 39 26 2b 
guard: 55 55
len: 15
pid: 3
no ack: 0
raw payload        : 4f 5f 03 41 5b 7a 28 73 e7 d3 c1 fd c1 33 66 
unscrambled payload: cf aa 38 4c 36 50 d1 cf b6 5d 8d 00 00 56 b6 
crc: 72 4c

HS6200 rf frame: preamble (55/aa) | address (4-5 bytes) | guard (2 bytes, default = first byte of address) | PCF (6 bit payload length + 2 bit PID + 1 bit no_ack flag) | scrambled payload (0-32 bytes) | optional crc (1-2 bytes)
scramble (xor): 80 f5 3b 0d 6d 2a f9 bc 51 8e 4c fd c1 65 d0
crc: CRC16/CCITT-FALSE, LFSR fed with address in reverse order + PCF + scrambled payload
crc poly: 0x1021
crc init: 0xffff
crc xorout: none

bind:
-----
address: 55 42 9C 8F C9
rf_ch: 3c

00 01 02 03 04 05 06 07 08 09 10 11 12 13 14
CF AA 38 4C 36 50 D1 CF B6 5D 8D 00 00 56 B6

00 address[1]
01 aa
02 rf_ch[0]
03 rf_ch[1]
04 rf_ch[2]
05 rf_ch[3]
06 address[0]
07 address[1]
08 address[2]
09 address[3]
10 address[4]
11 00
12 00
13 56
14 address[2]

data:
-----
interval: 4525 us
address: sent during bind
rf channels: sent during bind

00 01 02 03 04 05 06 07 08 09 10 11 12 13 14
cf 01 64 64 64 00 aa 02 00 00 00 00 00 56 b6

00 address[1]
01   01 
    |04 : right trigger (only if throttle > 0)
    |10 : left trigger 
    |40 : flip
02 aileron 00 - c8
03 elevator 00 - c8
04 rudder 00 - c8 
05 throttle 00 - c8
06 aa 
07 02 high rate
08 00 
09 00 
10 00 
11 00 
12 00 
13 56 
14 address[2]
Last edit: 13 Jun 2017 11:56 by goebish.

Please Log in or Create an account to join the conversation.

More
12 Jun 2017 15:29 #62945 by SeByDocKy
Replied by SeByDocKy on topic EAchine E012
Great !!!!! :)


Out of topic: I broke my E70 mini radio while soldering probes :( :( ... a short between two pads ... I can't remove :(

Please Log in or Create an account to join the conversation.

  • goebish
  • goebish's Avatar Topic Author
  • Offline
  • I Void Warranties
More
12 Jun 2017 15:37 #62946 by goebish
Replied by goebish on topic EAchine E012
Use a desoldering pump or desoldering braid, but depending of which pins were shorted it can be dead if you applied power ...

Please Log in or Create an account to join the conversation.

More
12 Jun 2017 15:39 #62947 by SeByDocKy
Replied by SeByDocKy on topic EAchine E012
CLK & CSN .... if I am not wrong ... I tried with pomp ect ... I will retry one more time

Please Log in or Create an account to join the conversation.

  • goebish
  • goebish's Avatar Topic Author
  • Offline
  • I Void Warranties
More
12 Jun 2017 15:45 #62948 by goebish
Replied by goebish on topic EAchine E012
just add more leaded solder on the short, then it will be easier to remove ;)

Please Log in or Create an account to join the conversation.

  • goebish
  • goebish's Avatar Topic Author
  • Offline
  • I Void Warranties
More
12 Jun 2017 15:50 #62949 by goebish
Replied by goebish on topic EAchine E012
Also, set your soldering iron to 380°C or so if possible.

Please Log in or Create an account to join the conversation.

More
12 Jun 2017 16:05 #62950 by SeByDocKy
Replied by SeByDocKy on topic EAchine E012
The problem the short is done at the perpendicular part between the daughter RF board and the main PCB :( Hard to collect at this corner :(

Please Log in or Create an account to join the conversation.

  • goebish
  • goebish's Avatar Topic Author
  • Offline
  • I Void Warranties
More
12 Jun 2017 16:13 #62951 by goebish
Replied by goebish on topic EAchine E012
Send it to me if you're really desperate, but shipping it forth and back might cost almost as much as ordering a new one ;)

Please Log in or Create an account to join the conversation.

  • goebish
  • goebish's Avatar Topic Author
  • Offline
  • I Void Warranties
More
12 Jun 2017 16:29 #62952 by goebish
Replied by goebish on topic EAchine E012
You should get one of those, that makes desoldering super easy:
www.amazon.fr/Pistolet-BK-858D-Station-S...amsung/dp/B013XBKE2Q

Please Log in or Create an account to join the conversation.

  • goebish
  • goebish's Avatar Topic Author
  • Offline
  • I Void Warranties
More
13 Jun 2017 16:11 - 13 Jun 2017 19:30 #62970 by goebish
Replied by goebish on topic EAchine E012
It works ...

*but* the hs6200 has a hard time decoding the packets sent by a nrf24l01 (that's the same the other way round), they're supposed to use the same center frequencies and gfsk deviation (±160 kHz at 1 Mbps), but I suppose they're using inaccurate crystal oscillators and loading capacitors (if any...).
To mitigate this issue I use only 1 frequency instead of 4 for frequency hopping, and as with other machines which have the same problem you've to set Tx Power to a lower value (eg 1mW30mW), expect some lag in control if you don't. As there's no way to set a frequency drift with the nrf24l01 I can't do anything better.



Source:
github.com/goebish/deviation/blob/protoc...ocol/e012_nrf24l01.c

Test builds:
www.dropbox.com/sh/8dd1hvli0qt7fw4/AABlW...kQJymHNNEfjViga?dl=0

New protocol: E012

Channel 5: flip
Channel 9: headless
Channel 10: RTH

Please report, check range if you can.
Last edit: 13 Jun 2017 19:30 by goebish.

Please Log in or Create an account to join the conversation.

More
13 Jun 2017 16:28 #62971 by SeByDocKy
Replied by SeByDocKy on topic EAchine E012

goebish wrote: It works ...

*but* the hs6200 has a hard time decoding the packets sent by a nrf24l01 (that's the same the other way round), they're supposed to use the same center frequencies and gfsk deviation (±160 kHz at 1 Mbps), but I suppose they're using inaccurate crystal oscillators and loading capacitors (if any...).
To mitigate this issue I use only 1 frequency instead of 4 for frequency hopping, and as with other machines which have the same problem you've to set Tx Power to a lower value (eg 1mW), expect some lag in control if you don't. As there's no way to set a frequency drift with the nrf24l01 I can't do anything better.



Source:
github.com/goebish/deviation/blob/protoc...ocol/e012_nrf24l01.c

Test builds:
www.dropbox.com/sh/8dd1hvli0qt7fw4/AABlW...kQJymHNNEfjViga?dl=0

New protocol: E012

Channel 5: flip
Channel 9: headless
Channel 10: RTH

Please report, check range if you can.

Please Log in or Create an account to join the conversation.

More
13 Jun 2017 16:29 #62972 by SeByDocKy
Replied by SeByDocKy on topic EAchine E012
Whaooohhhh good and bad news in the same time :( :( You tested with a 3-in-1 module or a genuine nRF23L01+ chip ?

Please Log in or Create an account to join the conversation.

  • goebish
  • goebish's Avatar Topic Author
  • Offline
  • I Void Warranties
More
13 Jun 2017 16:31 #62973 by goebish
Replied by goebish on topic EAchine E012
"Genuine" board, the one that works the best usually, I do not use a x-in-1 module.

Please Log in or Create an account to join the conversation.

More
13 Jun 2017 16:36 #62974 by SeByDocKy
Replied by SeByDocKy on topic EAchine E012
The Devo7E is crashing just before to select the new protocol E12 .... :(

Please Log in or Create an account to join the conversation.

  • goebish
  • goebish's Avatar Topic Author
  • Offline
  • I Void Warranties
More
13 Jun 2017 16:39 - 22 Jul 2017 16:16 #62975 by goebish
Replied by goebish on topic EAchine E012
Oops, I made a mistake with the 7e build, as usual, I'll fix that ;)
Last edit: 22 Jul 2017 16:16 by goebish.

Please Log in or Create an account to join the conversation.

  • goebish
  • goebish's Avatar Topic Author
  • Offline
  • I Void Warranties
More
13 Jun 2017 16:42 #62976 by goebish
Replied by goebish on topic EAchine E012
It should be fixed, re-download from the same link.

Please Log in or Create an account to join the conversation.

  • goebish
  • goebish's Avatar Topic Author
  • Offline
  • I Void Warranties
More
13 Jun 2017 18:16 #62977 by goebish
Replied by goebish on topic EAchine E012
I uploaded new test builds to try to mitigate the HS6200 Rx issue:
- decrease packet interval, so the Rx has more chance to decode packets
- Tx power from 3mW to 150mW are the same for this protocol now, actually this is ~13dBm (20mW) if using the "simple" nrf24l01 module with its RFX2401C PA, it should be about the same transmit power than the stock transmitter.

www.dropbox.com/sh/8dd1hvli0qt7fw4/AABlW...kQJymHNNEfjViga?dl=0

Please test outdoor if you can, I can't right now.

Please Log in or Create an account to join the conversation.

Time to create page: 0.064 seconds
Powered by Kunena Forum