×

Notice

The forum is in read only mode.
  1. Forum
  3. Development
  5. Protocol Development
  7. Furibee F36 protocol attempt

Furibee F36 protocol attempt

More
04 Mar 2017 22:13 - 04 Mar 2017 22:14 #59855 by xxx
Replied by xxx on topic Furibee F36 protocol attempt
The part: 30 63 f8 aa 55 91 49 is common between your nrf and my payload, so at least it's not scrambled with a channel or tx specific number

might be more common stuff that is less obvious
silverxxx
Last edit: 04 Mar 2017 22:14 by xxx.
More
04 Mar 2017 22:44 #59856 by xxx
Replied by xxx on topic Furibee F36 protocol attempt
I was not able to use the address or any part of it, also the first few bytes of the payload did not work as an address, but I was able to find another 7 byte sequence that is common to both.
silverxxx
More
04 Mar 2017 22:59 #59857 by xxx
Replied by xxx on topic Furibee F36 protocol attempt
The data rate should be easy to figure out if you can see the frequency deviation as it is 2GFSK. I think they should be 1mhz apart for 1Mbps? But don't quote me on it. Of course other offsets can be used, but there is little point

I think there are automatic nrf24 payload decoders for sdr and other tools that can decode bits
silverxxx
More
05 Mar 2017 02:03 #59863 by kamnxt_
Replied by kamnxt_ on topic Furibee F36 protocol attempt
goebish, could you try capturing some data and uploading it here? Just capture it into a file output block.
More
05 Mar 2017 14:06 - 05 Mar 2017 17:16 #59874 by goebish
Replied by goebish on topic Furibee F36 protocol attempt
Yup, here it is:
drive.google.com/file/d/0B9Xtm43hpQfbeG1...aWs/view?usp=sharing
Direct Osmocom source to file sink (complex 32-bit floats), no FIR filter, center freq: 2456.2MHz, sample rate: 4Msps.
Last edit: 05 Mar 2017 17:16 by goebish.
More
05 Mar 2017 14:14 - 05 Mar 2017 14:16 #59876 by goebish
Replied by goebish on topic Furibee F36 protocol attempt
And here's the .grc I'm using to get to the bits (file sinks disabled by default):
www.dropbox.com/s/d9o8aq9j5hmud6n/F36_demod.grc?dl=1
Last edit: 05 Mar 2017 14:16 by goebish.
More
05 Mar 2017 18:24 - 05 Mar 2017 18:46 #59880 by goebish
Replied by goebish on topic Furibee F36 protocol attempt
Far away from the preamble (more than 200 bytes) I've found a block of bytes that changes while moving throttle stick, but that's complete garbage, now I wonder if the chip is really using gfsk actually ...
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 04 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e1 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 98 cc 49 00 a3 44 17 e5 e3 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 88 b8 7c 00 a9 0b bc e6 83 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 82 c6 2a a6 1b 0c c0 b7 a4 c0 d7 86 d0 e5 71 00 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 82 89 f0 0e 74 b1 b2 11 24 c0 d7 86 d0 e5 71 00 a4 c0 d7 86 c0 e5 71
3f 8a a5 59 14 94 88 b8 7d 00 a9 0b bc e6 98 cc 49 00 a3 44 17 e5 e4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 82 c6 2a a6 1b 0c c0 b7 bc 08 1d 93 28 55 95 9c a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 83 2c 29 22 9f 89 11 8e 28 03 07 b4 e2 23 a4 0b a0 c0 d7 86 d0 e5 71
3f 8a a1 59 14 94 89 1c 5e 9c c0 97 11 45 88 03 07 b4 e2 23 a4 0b 84 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 82 c6 2a a6 1b 0c c0 b7 ad 4a f8 40 60 e3 b8 b2 64 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 98 cc 49 00 a3 44 17 e5 ed 4a f8 40 60 e3 b8 b2 64 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 88 03 07 b4 e2 23 a4 0b ad 0a f8 40 60 e3 b8 b2 64 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 80 70 14 53 59 b2 85 7e 2d 4a f8 40 60 e3 b8 b2 64 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 98 cc 49 00 a3 44 17 e5 f3 06 3f 8a a5 59 14 94 84 c0 d7 86 c0 e1 71
3f 8a a5 59 14 94 91 3c c0 c1 29 7b 35 57 33 06 3f 8a a5 59 14 94 84 c0 d7 86 c0 e5 71
3f 8a a5 59 14 94 93 06 3f 8a a5 59 14 94 80 70 14 53 59 b2 85 7e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 91 4e b5 04 4b 62 78 65 c2 89 f0 0e 74 b1 b2 11 24 c0 d7 86 d0 e1 71
3f 8a a5 59 14 94 89 1c 5e 1c c0 97 11 45 82 89 f0 0e 74 b1 b2 11 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 82 c6 2a a6 1b 0c c0 b7 89 f8 0c 5c 50 42 9d cb 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 9c 08 1d 93 28 51 95 9c a9 f8 0c 5c 50 42 9d cb 04 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 93 06 3f 8a a5 59 14 94 89 f8 0c 5c 50 42 9d cb 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 09 f8 0c 5c 50 42 9d cb 29 f8 0c 5c 50 42 9d cb 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 83 2c 29 22 9f 89 11 8e 29 1c 5e 9c c0 97 11 45 84 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 9c 08 1d 93 08 55 95 9c a9 1c 5e 9c c0 97 11 45 84 c0 d7 86 d0 e1 71
3f 8a a5 59 14 94 89 f8 0c 1c 50 42 9d cb 29 1c 5e 1c c0 97 11 45 84 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 83 2c 29 22 9f 89 11 8e 28 b8 7c 00 a9 0b bc e6 84 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 88 b8 7c 00 a9 0b bc e6 88 b8 7c 00 a9 0b bc e6 84 c0 d7 86 c0 e5 71
3f 8a a5 59 14 94 80 70 14 53 59 b2 85 7e 31 3c c0 c1 29 7b 35 57 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 b1 3c c0 c1 29 7b 35 57 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a4 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 91 4e b5 04 4b 62 78 65 c4 e2 2c 32 b4 06 7c 39 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 8d 4a f8 40 60 e3 b8 b2 64 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 88 b8 7c 00 a9 0b bc e6 84 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 8d 4a f8 40 60 e3 b8 b2 63 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 82 89 f0 0e 74 b1 b2 11 22 c6 2a a6 1b 0c c0 b7 84 c0 d7 86 d0 e1 71
3f 8a a5 59 14 94 8d 4a f8 40 60 e3 b8 b2 64 c0 d7 86 d0 e5 71 00 a4 c0 d7 86 c0 e5 71
3f 8a a5 59 14 94 83 2c 29 22 9f 89 11 8e 38 cc 49 00 a3 44 17 e5 e0 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 88 03 07 b4 e2 23 84 0b b8 cc 49 00 a3 44 17 e5 e4 c0 d7 86 d0 e1 71
3f 8a a5 59 14 94 88 b8 7d 00 a9 0b bc e6 98 cc 49 00 a3 44 17 e5 e4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 93 06 3f 8a a5 59 14 94 91 4e b5 04 4b 62 78 65 c4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 93 06 3f 8a a5 59 14 94 9c 08 1d 83 28 55 95 9c a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 93 06 3f 8a a5 59 14 94 88 03 07 b4 e2 23 a4 0b a0 c0 c7 86 d0 e5 71
3f 8a a5 59 14 94 82 c6 2a a6 1b 0c c0 b7 ad 4a f8 40 60 e3 b8 b2 64 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 9c 08 1d 93 28 55 95 9c ad 4a f8 40 60 e3 b8 b2 64 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 89 f8 0c 5c 50 42 9d cb 2d 4a f8 40 60 e3 b8 b2 64 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 ad 4a f8 40 60 e3 b8 b2 64 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 c0 e5 71 00 b3 06 3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 8d 4a f8 40 60 e3 b8 b2 73 06 3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 89 f8 0c 5c 50 42 9d cb 33 06 3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 82 c6 2a a6 1b 0c c0 b7 a0 70 14 53 59 b2 85 7e 24 c0 d7 86 d0 e1 71
3f 8a a5 59 14 94 80 70 14 53 59 b2 85 7e 20 70 14 53 59 b2 85 7e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 89 1c 5e 9c c0 97 11 45 80 70 14 53 59 b2 85 7e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 83 2c 29 22 9f 89 11 8e 22 89 f0 0e 74 b1 b2 11 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 93 06 3f 8a a5 59 14 94 82 89 f0 0e 74 b1 b2 11 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 91 4e b5 04 4b 62 78 65 c9 f8 0c 5c 50 42 9d cb 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 82 c6 2a a6 1b 0c c0 b7 89 1c 5e 9c c0 97 11 45 84 c0 d7 86 d0 e1 71
3f 8a a5 59 14 94 82 c6 2a a6 1b 0c c0 b7 88 b8 7c 00 a9 0b bc e6 84 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 70 00 b1 3c c0 c1 29 7b 35 57 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a4 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 a4 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 91 3c c0 c1 29 7b 35 57 23 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 89 1c 5e 9c c0 97 11 45 82 c6 2a a6 1b 0c c0 b7 84 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 89 f8 0c 5c 50 42 9d cb 24 c0 d7 86 d0 e5 71 00 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 82 c6 2a a6 1b 0c c0 b7 b1 4e b5 04 4b 62 78 65 c4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 91 4e b5 04 4b 62 78 65 dc 08 1d 93 28 55 95 9c a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 89 f8 0c 5c 50 42 9d cb 28 03 07 b4 e2 23 a4 0b a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 91 3c c0 c1 29 7b 35 57 2d 4a f8 40 60 e3 b8 b2 64 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 91 4e b5 04 4b 62 78 65 c0 70 14 53 59 b2 85 7e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 80 70 14 53 59 b2 85 7e 22 89 f0 0e 74 b1 b2 11 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 91 3c c0 c1 29 7b 35 57 29 f8 0c 5c 50 42 9d cb 24 c0 d7 86 c0 e5 71
3f 8a a5 59 14 94 82 89 f0 0e 74 b1 b2 11 29 1c 5e 9c c0 97 11 45 84 c0 d7 86 d0 e1 71
3f 8a a5 59 14 94 80 70 14 53 59 b2 85 7e 28 b8 7c 00 a9 0b bc e6 84 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 91 3c c0 c1 29 7b 35 57 31 3c c0 c1 29 7b 35 57 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 83 2c 29 22 9f 89 11 8e 23 2c 29 22 9f 89 11 8e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 88 03 07 b4 e2 23 a4 0b 82 c6 2a a6 1b 0c c0 b7 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 c0 d7 86 d0 e5 71 00 a4 c0 d7 86 d0 e5 71 00 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 98 cc 49 00 a3 44 17 e5 f8 cc 49 00 a3 44 17 e5 e4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 b1 4e b5 04 4b 62 78 65 c4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 98 cc 49 00 a3 44 17 e5 e8 03 07 b4 e2 23 a4 0b a4 c0 d7 86 c0 e5 71
3f 8a a5 59 14 94 82 89 f0 0e 70 b1 b2 11 2d 4a f8 40 60 e3 b8 b2 64 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 9c 08 1d 93 28 55 95 9c a0 70 14 53 59 b2 85 7e 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 91 4e b5 04 4b 62 78 65 c9 f8 0c 5c 50 42 9d cb 24 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 93 06 3f 8a a5 59 14 94 88 b8 7c 00 a9 0b bc e6 84 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 89 1c 5e 9c c0 97 11 45 84 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 a4 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 a4 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 a4 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 a4 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b0 06 7c b9 a4 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 a4 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 a4 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 a4 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 a4 e2 2c 32 b4 06 7c 39 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 a4 e2 2c 32 b0 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 a4 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 a4 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 a4 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 a4 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
3f 8a a5 59 14 94 84 e2 2c 32 b4 06 7c b9 a4 e2 2c 32 b4 06 7c b9 a4 c0 d7 86 d0 e5 71
Last edit: 05 Mar 2017 18:46 by goebish.
More
05 Mar 2017 21:27 #59884 by xxx
Replied by xxx on topic Furibee F36 protocol attempt
I think it's their combination of redundancy and interleaving, it's probably easier to find the buttons as it might be one bit.

It could still be LT8910 as it's got both fec and interleave.
silverxxx
More
06 Mar 2017 03:23 - 06 Mar 2017 04:00 #59887 by goebish
Replied by goebish on topic Furibee F36 protocol attempt
After further inspection I still believe this is gfsk @ 1Mbps and I think the packets are exactly 325.5 bytes long, including the 3 byte preamble.
Here's a bind packet:
55 55 55 20 0c 1e d3 88 8e 90 2e a0 0c 1e d3 88 8e 90 2e b5 2b e1 01 83 8e e2 c9 b5 2b e1 01 83 8e e2 c9 8c b0 a4 8a 7e 24 46 38 8c b0 a4 8a 7e 24 46 38 8b 18 aa 98 6c 33 02 de 8b 18 aa 98 6c 33 02 de a9 30 35 e1 b4 39 5c 40 29 38 8b 0c ad 01 9f 2e 6a 7e 03 17 14 10 a7 72 cf 02 07 64 ca 15 65 67 2c 53 ad 41 12 d8 9e 19 74 c1 8f e2 a9 56 45 25 23 52 be 10 18 38 ee 2c 9c 4f 30 30 4a 5e cd 55 ca 2e 1f 40 2a 42 ef 39 a0 b1 8a a9 86 c3 30 2d eb 52 be 10 18 38 ee 2c 9c c1 8f e2 a9 56 45 25 20 cb 0a 48 a7 e2 44 63 8a 7e 03 17 14 10 a7 72 c8 1c 05 14 d6 6c a1 5f 8a 47 17 a7 30 25 c4 51 66 33 12 40 28 d1 05 f9 7a 47 17 a7 30 25 c4 51 62 2e 1f 40 2a 42 ef 39 a2 7e 03 17 14 10 a7 72 ca 7e 03 17 14 10 a7 72 cb 52 be 10 18 38 ee 2c 99 30 35 e1 b4 39 5c 40 29 30 35 e1 b4 39 5c 40 2a 47 17 a7 30 25 c4 51 60 cb 0a 48 a7 e2 44 63 8b 52 be 10 18 38 ee 2c 98 b1 8a a9 86 c3 30 2d e8 cb 0a 48 a7 e2 44 63 8b 52 be 10 18 38 ee 2c 9c 4f 30 30 4a 5e cd 55 c9 30 35 e1 b4 39 5c 40 29 3x

All I can see is that some portions are repeated.
I've a LT8910 breakout board, I'll use it to send packets with various encoding types (4 available) to check if I can find similarities.

Any idea welcome !
Last edit: 06 Mar 2017 04:00 by goebish.
More
06 Mar 2017 05:12 - 06 Mar 2017 05:14 #59888 by xxx
Replied by xxx on topic Furibee F36 protocol attempt 
7:6  DATA_PACKET_TYPE  R/W 
00: NRZ law data 
01: Manchester data type 
10: 8bit/10bit line code 
11: Interleave data type 
00B 
5:4  FEC_TYPE  R/W 
00: No FEC 
01: FEC13 
10: FEC23 
11: reserved

There are over 4 types. but i'm pretty sure it's interleaved and one of the fecs, probably FEC13

Another idea would be to try to receive the packet from the tx
silverxxx
Last edit: 06 Mar 2017 05:14 by xxx.
More
06 Mar 2017 13:07 - 06 Mar 2017 14:33 #59898 by goebish
Replied by goebish on topic Furibee F36 protocol attempt
According to my LT8910 datasheet (in chinese...) FEC23 is always enabled if DATA_PACKET_TYPE is interleave, bits 5:4 are RESERVED while they're used to set FEC type on the 8900.

I had a look at my scrap parts box, I do have a LT8900 breakout actually, not a 8910, but as it seems the bitrate is 1Mbps that should be fine.
I'll make some tests this evening.

If you look at the bind packet, it has 3 byte preamble (55 55 55), 64 bit address (20 0c 1e d3 88 8e 90 2e) then 4 bit trailer (1010 bin), those sizes are the default settings for LT8900/8910 ... but maybe I'm wrong and the address field is interleave+FEC encoded as well.

I understand what FEC2/3 is, but do you have any info on interleave ?
Last edit: 06 Mar 2017 14:33 by goebish.
More
06 Mar 2017 19:01 - 06 Mar 2017 19:05 #59921 by xxx
Replied by xxx on topic Furibee F36 protocol attempt
I was reading out of the lt8900 datasheet as it's in english, looks it's different in this respect form lt8910

fec13 can be simply repeating 1 byte 3 times (or bits), but the problem with this is some interference might wipe out a number of consecutive bits. so interleave changes the order so a burst error kills a number of bits out of several payload parts, and so makes it easier to recover.

payload:
1 1 1 2 2 2 3 3 3

receiver

1 _ _ 2 2 2 3 3 3

interleaved

1 2 3 1 3 2 3 2 1

1 _ _ 1 3 2 3 2 1

in the last case there are at least two of each so it can be checked if valid. It can also be done at bit level for fec that corrects less bits

interleaving is also used on cds and dvd so that a scratch can be less audible and the fec has a better chance to correct it
silverxxx
Last edit: 06 Mar 2017 19:05 by xxx.
More
22 Mar 2017 21:17 #60577 by Wene001
Replied by Wene001 on topic Furibee F36 protocol attempt
Something new with this interesting over the air reverse engineering ? :-)
My F36 is on the way....
More
22 Mar 2017 21:22 #60578 by goebish
Replied by goebish on topic Furibee F36 protocol attempt
No, I can receive packets with a LT8900, but can't decode them to valid data.
I don't think it's using a LT89x0 core.
More
27 Mar 2017 21:46 #60824 by Williams
Replied by Williams on topic Furibee F36 protocol attempt
Hi,
Any updates on this? I am both very interested and appreciative as I love the f36!
Many thanks
Si
More
01 Apr 2017 16:36 #61024 by furi
Replied by furi on topic Furibee F36 protocol attempt
Just got the Furibee F3 FC with DSM2 so I can use the Devo7e, but would love to help towards binding to the original stock board as I have 4 of those ;)
I was just wondering if anybody tried getting anything out of the pads marked tx, rx, clk, dat, a1, a2 and rst on the underside of the stock board?
Sorry if this is blatantly obvious or was tried already, deviationtx noob and all :dry:
Also the F3 board claims to be compatible with the original Furibee transmitter. Is there anything that can be gained from a cleanflight serial connection regarding bound transmitter or communication between them?

Grtz
More
01 Apr 2017 19:32 #61035 by goebish
Replied by goebish on topic Furibee F36 protocol attempt
Can you check if the F3 board is really compatible with stock F36 transmitter because that seems surprising.
More
02 Apr 2017 10:57 #61062 by furi
Replied by furi on topic Furibee F36 protocol attempt

goebish wrote: Can you check if the F3 board is really compatible with stock F36 transmitter because that seems surprising.



It's a claim made by Gearbest support which may not be the most reliable source on the matter.. I for one couldn't bind the original transmitter to the furibee F3 but then I have no docs, no bind button like it is pictured to have and didn't yet get it to bind DSM2 either, but this more likely something that I'm doing wrong with the devo7e or because it needs the battery connected.

What about these pads on the original F36 board? seems like i2c (clk & dat) and serial (tx and rx) to me but maybe I'm wrong... I'll be dismantling one of the stock F36's to replace with the F3 board soon so I'll hook it up and poke about.
More
07 Apr 2017 08:33 #61232 by DIGGIDY
Replied by DIGGIDY on topic Furibee F36 protocol attempt
This Furibee F36 looks like a lot of fun, would like to get one soon, are we any closer to hacking the protocol?
More
07 Apr 2017 08:43 #61233 by goebish
Replied by goebish on topic Furibee F36 protocol attempt
I wouldn't count on it anytime soon ;)
  1. Forum
  3. Development
  5. Protocol Development
  7. Furibee F36 protocol attempt
Time to create page: 0.294 seconds
Powered by Kunena Forum
Re-enable mobile display