MoonTop M9911 with PANCHIP XN297

Hi,

I received a very very nice nanoquad (ProtoX clone but amazingly good).
This one is using the PANCHIP XN297







According to datasheet, it's using a GFSK at 1Mbits/1Mhz or 2Mbits/2Mhz...
Anyone know if this one compatible with one of our 4 favorites RFchips ?
Can be emulated with one of them ?. I already identified SPI pins...
I can capture logs if Victzh, PB, HexFet is interesred

PhracturedBlue wrote: It looks like an nrf24l01 clone. the radio has thesame specs and the pinout is identical. It is possible it uses a different preamble (in which case it maybe incompatible) but I'd be surprised.

So sure, go ahead and capture the TX SPI tracce

Ok Boss I will

I found this other document but doesn't help too much ...

It's probably a clone of V272, did you try V202 protocol on it? I have V272, it flies OK.

victzh wrote: It's probably a clone of V272, did you try V202 protocol on it? I have V272, it flies OK.

Yes I tried all nRF24L01 associated protocols without success....
For the CX-10 and CX-11, it's using the Sky Wlkr protocol (good news)

I will capture SPI log asap

OK, one more to go!

victzh wrote: OK, one more to go!

For the King of the nRF24L01 like you, it will trivial
By the way, you should make videos of your hacking process ...

Want to be Victzh Jr

Hacking process is not very visualizable. A man staring at a computer with quad-ruled pad nearby and scribbling some illegible notes. Sometimes for hours. There are very simple cases, say you have documentation, or protocol is just straightforward. Then the note in notepad are minimal. If they use non-trivial algorithm somewhere - either for frequency hopping or for CRC, or pack values like SLT did, then you need to guess. Then check yor guess. And so on. It's close to the scientific research, but the puzzle is man-made.

Ok ...

First file : TX on, quad off ....no other action

mon-partage.fr/f/pGUdzE9l/


Second file :

Quad on, TX on (binding) then play a bit with right stick

mon-partage.fr/f/N3aY1kmG/


More to come

One new (larger)

Quad on then TX on (binding) then some trhottle then play with right stick than press the flipping and speed mode buttons (2 or 3 times each of them)


mon-partage.fr/f/Op3uMIUh/

It's nRF clone for sure, but probably some original one - it does not have Beken commands but some other unknown commands instead.

victzh wrote: It's nRF clone for sure, but probably some original one - it does not have Beken commands but some other unknown commands instead.

So we need to find a detailed datasheet to find them ?

One detail point. The quad have to be switch on first for binding successfully

SeByDocKy wrote: So we need to find a detailed datasheet to find them ?

No need at all - these commands can be just a result of spurious activity, not real commands, and second - they are at the very beginning and do not affect the logic of further action, at best it's some chip-specific initialization. For all intents and purposes it's nRF24L01. One condition though - we did not check the radio - they can use the commands of nRF but modulation of their own. I doubt it though, as there is no need to do this - if you clone something, why clone the easiest part and invent your own radio.

victzh wrote:

SeByDocKy wrote: So we need to find a detailed datasheet to find them ?

No need at all - these commands can be just a result of spurious activity, not real commands, and second - they are at the very beginning and do not affect the logic of further action, at best it's some chip-specific initialization. For all intents and purposes it's nRF24L01. One condition though - we did not check the radio - they can use the commands of nRF but modulation of their own. I doubt it though, as there is no need to do this - if you clone something, why clone the easiest part and invent your own radio.

Maybe on the capture with the TX on standalone, you can find these initialization informations ?

I did not say that we even need it. I think that you can just treat it as nRF exact clone (there is at least one such chip) until proven the opposite.

victzh wrote: I did not say that we even need it. I think that you can just treat it as nRF exact clone (there is at least one such chip) until proven the opposite.

Well ... me ... I reach my maximum capacity by delivering the SPI informations ....

I did not say that I need more

victzh wrote: I did not say that I need more