×

Notice

The forum is in read only mode.
  1. Forum
  3. Development
  5. Protocol Development
  7. Global Drone, Skull Drone or GW008

Global Drone, Skull Drone or GW008

More
22 Feb 2017 12:34 - 22 Feb 2017 13:12 #59450 by goebish
Replied by goebish on topic Global Drone, Skull Drone or GW008
Yes I suppose it works like that (and the list of channel is also sent in the bind packets), but I've not seen this reply packet yet, it probably happens on a different channel than the bind channel, I've to find it.

edit: seems txid is composed of the first and last byte of payload, I can change both of them in the bind and data packets and it's still working. Not working anymore if I change one of them in the bind or data packets only.
Last edit: 22 Feb 2017 13:12 by goebish.
More
22 Feb 2017 13:45 - 22 Feb 2017 16:20 #59454 by goebish
Replied by goebish on topic Global Drone, Skull Drone or GW008
Got it, it's sent on the bind channel actually (0x02), hmmm now I've to add a function to decode xn297 packets with a pcf ...
File Attachment:

(we're lucky that the quad doesn't ensure an ack is received after it transmits this packet!)
Last edit: 22 Feb 2017 16:20 by goebish.
More
22 Feb 2017 16:01 - 22 Feb 2017 16:07 #59466 by goebish
Replied by goebish on topic Global Drone, Skull Drone or GW008
I confirm I receive a 15 byte packet (according to the pcf) from the quad, now to decode it ...
I think that's the last part of the puzzle then this protocol will be thoroughly cracked, with arbitrary txid / rf channels and all :)
Fortunately the protocol itself is very easy.
Last edit: 22 Feb 2017 16:07 by goebish.
More
22 Feb 2017 18:55 - 22 Feb 2017 18:55 #59474 by goebish
Replied by goebish on topic Global Drone, Skull Drone or GW008
Hmmmm, seems the packets I posted above were sent by the Tx, not by the quad, these are the packets I receive from the quad at end of bind:
38 55 32 3f 42 47 00 00 00 00 00 00 00 58 05
38 55 32 3f 42 47 00 00 00 00 00 00 00 58 45
38 55 32 3f 42 47 00 00 00 00 00 00 00 58 65
38 55 32 3f 42 47 00 00 00 00 00 00 00 58 45

That's hard to know how this 0x58 becomes 0x18 afterward without at least another capture ...
Last edit: 22 Feb 2017 18:55 by goebish.
More
22 Feb 2017 18:59 #59475 by planger
Replied by planger on topic Global Drone, Skull Drone or GW008
Now that you have done the ground work of the xn297 with pcf, you should be able to emulate the drone response with a nrf and therefore see what's the response from the transmitter would be for different RX IDs.
More
22 Feb 2017 19:00 #59476 by goebish
Replied by goebish on topic Global Drone, Skull Drone or GW008
C'est pas con ;)
More
22 Feb 2017 20:30 - 22 Feb 2017 23:53 #59480 by goebish
Replied by goebish on topic Global Drone, Skull Drone or GW008
Ok, I'm stupid, I forgot to add +2 (for pcf) to the rx pipe size, hence the last 2 bytes were not correct, my quad returns 0x18 actually, as expected ...

It's working now, I'll cleanup my code, add arbitrary tx id + rf channels, flips, try dynamic trims then post another build that should work for everyone this time :)

Time for dinner first ...
Last edit: 22 Feb 2017 23:53 by goebish.
More
22 Feb 2017 23:15 - 26 Feb 2017 19:16 #59492 by goebish
Replied by goebish on topic Global Drone, Skull Drone or GW008
Test build updated with all the bells and whistles:
www.dropbox.com/sh/kzbq09i0n0n4p5y/AADNB...7BieEsGlf_jy-Xa?dl=0
Diff: github.com/DeviationTX/deviation/pull/184/files

Flips on channel 6.
Last edit: 26 Feb 2017 19:16 by goebish.
More
23 Feb 2017 04:15 #59496 by Caerus
Replied by Caerus on topic Global Drone, Skull Drone or GW008
Well ....:woohoo:! Is this the first time anyone's cracked a protocol this way? Good job mate.
More
23 Feb 2017 04:20 - 23 Feb 2017 04:46 #59497 by goebish
Replied by goebish on topic Global Drone, Skull Drone or GW008
For deviation, I think so, but that was not that difficult, because it's xn297 compatible, a well known chip here, and the protocol is very simple: no txid / rf channel relationship to crack, no checksum, same address for bind & data ...
You confirm that it's working now ? Ok for nightly builds ?
Last edit: 23 Feb 2017 04:46 by goebish.
More
23 Feb 2017 07:48 #59501 by Fernandez
Replied by Fernandez on topic Global Drone, Skull Drone or GW008
Don't own the drone myself, but follow your works impressive!
Radiolink protocol could be another tricky one to tackle........
More
23 Feb 2017 09:44 #59508 by Caerus
Replied by Caerus on topic Global Drone, Skull Drone or GW008
Flying wise it's perfect. Flips work... and they're just as crazy as everything about this thing. Looks like job done to me.

Mine has some wicked left drift, but it's the quad. Was gonna order another anyway. Thanks for all the work goebish, appreciate it. If anyone doesn't have one of these, you should :).
More
23 Feb 2017 10:16 #59509 by HappyHarry
Replied by HappyHarry on topic Global Drone, Skull Drone or GW008
amazing work again goebish! seeing as you have both which would you suggest as a first sdr, the blade or the hackone?
More
23 Feb 2017 16:35 - 18 Mar 2017 17:03 #59532 by goebish
Replied by goebish on topic Global Drone, Skull Drone or GW008
I'm far from being an expert, but I'd get the HackRF because of the lower price and its greater frequency range out of the box. However, the BladeRF is better in other aspects, more instantaneous bandwidth, better ADC and full duplex ...
I got the BladeRF X40 as well because that's convenient to have 2 SDR devices sometimes especially when you start to experiment with transmitting, and Nuand had a 50% sale last summer.

If all you want is to do is to "listen" to the 2.4GHz ISM band, then you can use a simple RTL dongle + MMDS downconverter:
blog.cyberexplorer.me/2014/01/sniffing-a...ng-nrf24l01-and.html
Last edit: 18 Mar 2017 17:03 by goebish.
More
23 Feb 2017 18:42 #59535 by HappyHarry
Replied by HappyHarry on topic Global Drone, Skull Drone or GW008
thanks for the info bud, i'm having to train in sdr as part of work (i'm a ccnp network engineer and i'm told i need to add wireless to my pentesting skills lol) and as well as 2.4ghz i'll need coverage up into 5/5.8ghz for A,N/AC wireless and 800mhz to 2.6ghz for 4G routers so it looks like the hackone hackrf is the only choice really. at least work is paying for the hardware lol
More
24 Feb 2017 04:22 #59552 by ajtank
Replied by ajtank on topic Global Drone, Skull Drone or GW008
If your employer is going to pay for the HackRF One then get it from the original source otherwise there are some cheaper knockoffs on Taobao.
More
24 Feb 2017 06:05 - 24 Feb 2017 06:06 #59553 by Caerus
Replied by Caerus on topic Global Drone, Skull Drone or GW008

goebish wrote: I'm far from being an expert....


Trust me, you're an expert. Of course there's always more to learn, and people with more knowledge, but you have some impressive skills. I respect modesty though. My dad was a really good programmer, but it never rubbed off on me. Given the age we live in I wish it did. I'm not unintelligent, but it's obvious you need a particular mind. I obviously don't have it.

Thought I should add, if you're going to get one of these Skull Drone's (GW008) order it from BangGood. That's not a plug for BangGood, they're just the only confirmed source of the version goebish deviated. If anyone finds another, chime in. BangGood are giving me endless headaches atm.
Last edit: 24 Feb 2017 06:06 by Caerus.
More
26 Feb 2017 15:13 #59650 by goebish
Replied by goebish on topic Global Drone, Skull Drone or GW008
It's been merged, it should be available in tomorrow's nightly build.
More
27 Feb 2017 11:34 #59678 by Caerus
Replied by Caerus on topic Global Drone, Skull Drone or GW008
1 more off the list. You have my thanks.

My 2x H20H order got turned around (yet another BangGood f**k up), so I can't add to the captures atm. I wasn't keen on them anyway. Just curious to see alt. hold, then they were going to my nieces. Let me know when you get to the H20/30 mini's though. They're still wired up to do the rest of the captures.
More
20 Mar 2017 07:38 #60394 by Danik
Replied by Danik on topic Global Drone, Skull Drone or GW008
Ok. Definetely a newbee to this but I re-installed the new nightly build 3.17.17. Put in Skull drone under Cx10 green and still no bind.

What am I doing wrong? You guys worked so hard to get this up and running

Daniel
  1. Forum
  3. Development
  5. Protocol Development
  7. Global Drone, Skull Drone or GW008
Time to create page: 0.406 seconds
Powered by Kunena Forum
Force desktop display