howto:p3fcchardmod
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision Last revision Both sides next revision | ||
|
howto:p3fcchardmod [2019/07/28 19:42] digdat0 created |
howto:p3fcchardmod [2020/06/29 19:00] digdat0 formatting |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Tools to force FCC mode in p3/i1 ====== | + | ====== Tools to force FCC mode in Phantom 3 / Inspire 1 aircraft |
| - | This page is intended to document tools which can be used to force FCC mode in the Phantom 3 and Inspire 1 series. | + | This page is intended to document tools which can be used to force FCC mode in the Phantom 3 and Inspire 1 series. |
| - | Derived from https:// | + | A method has been created to enable FCC mode as well as changing other transmission settings. This requires extracting |
| - | === lightbridge_stm32_hardcoder.py | + | ====== |
| + | Make sure to review this GitHub with more info: https:// | ||
| - | Values it can extract | + | Create a folder, maybe named " |
| - | " | + | - Download [[https://github.com/o-gs/dji-firmware-tools/ |
| - | " | + | - Download [[https://github.com/ |
| - | " | + | - Download [[https://github.com/ |
| - | " | + | - Download [[https://github.com/ |
| - | " | + | - Download [[https://github.com/ |
| - | " | + | - Download [[https://github.com/ |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | " | + | |
| - | Usage | ||
| - | Steps to get to extract | + | Pre-reqs: |
| + | - Have installed Python 3 https:// | ||
| + | NOTE: Make sure to SET PATH for Python during install. If you don't know what this means, google it. | ||
| + | - Install the following modules via pip install | ||
| + | - elftools | ||
| + | - pyelftools | ||
| + | - pycryptodome | ||
| + | - capstone | ||
| + | - keystone | ||
| + | - keystone-engine | ||
| - | dji_xv4_fwcon.py -vvv -x -p < | + | Once these libraries are all installed you can use the tools to decrypt the firwmare files. |
| - | arm_bin2elf.py -vv -e -b 0x000a000 --section .ARM.exidx@0x019300: | + | |
| - | | + | ====== |
| - | | + | |
| + | We are targeting the 1400 or 1401 modules. The 1400 module is for the GL300A controller, the 1401 is for the GL300B/C controllers. <Need to include Inspire RC model> | ||
| + | |||
| + | You need to access the RC firmware files. You can find them on the [[https:// | ||
| + | |||
| + | Direct links available as well: | ||
| + | |||
| + | Phantom 3 RC: | ||
| + | <insert URL's for download> | ||
| + | |||
| + | Inspire RC: | ||
| + | |||
| + | <insert URL's for download> | ||
| + | |||
| + | Once downloaded, move the file into same folder as the files you downloaded earlier. | ||
| + | |||
| + | ===== Extract the firmware file ===== | ||
| + | |||
| + | You will go through these steps: | ||
| + | |||
| + | - Extract main firmware file | ||
| + | - Convert 1400/1401 module to ELF format | ||
| + | - Extract settings from the firmware file | ||
| + | - Edit the settings | ||
| + | - Re-make the firmware file | ||
| + | - Install the firmware file | ||
| + | |||
| + | Extracting the file: | ||
| + | |||
| + | - Drop to a command prompt, Start-> | ||
| + | - Navigate to the folder where the files are located. CD\p3FCC < | ||
| + | - Type the following command: | ||
| + | dji_xv4_fwcon.py -vvv -x -p < | ||
| + | - Now, open the folder and you should see the .1401 file. | ||
| + | - You can then type this command | ||
| + | arm_bin2elf.py -vv -e -b 0x000a000 --section .ARM.exidx@0x019300: | ||
| + | | ||
| + | | ||
| | | ||
| - | lightbridge_stm32_hardcoder.py -vvv -x -e < | + | - you should see the .1401 elf file in the folder. |
| + | - You can now type this command: | ||
| + | lightbridge_stm32_hardcoder.py -vvv -x -e < | ||
| + | - This will extract the settings and you can edit them in notepad or similar editting apps | ||
| + | ====== | ||
| + | ^ Parameter Name ^ Description^ | ||
| + | ^ og_hardcoded.lightbridge_stm32.packet_received_attenuation_override ^ What to do when received a packet with transceiver power set request; 0 - use the received attenuation value, 1 - override the value with constant one| | ||
| + | ^ og_hardcoded.lightbridge_stm32.packet_received_attenuation_value ^ Constant attenuation value used when packet_received_attenuation_override is enabled; unit depends on OFDM board type| | ||
| + | ^ og_hardcoded.lightbridge_stm32.board_ad3_attenuation_tx1_fcc ^ Transceiver attenuation value for board type 3 with Analog Devices chip, change by 1 means 0.25 dBm| | ||
| + | ^ og_hardcoded.lightbridge_stm32.board_ad3_attenuation_tx2_fcc ^ Transceiver attenuation value for board type 3 with Analog Devices chip, change by 1 means 0.25 dBm| | ||
| + | ^ og_hardcoded.lightbridge_stm32.board_ar0_attenuation_tx1_ce ^ Transceiver attenuation value for board type 0 with Artosyn chip, change by 1 means 1 dBm| | ||
| + | ^ og_hardcoded.lightbridge_stm32.board_ar0_attenuation_tx2_ce ^ Transceiver attenuation value for board type 0 with Artosyn chip, change by 1 means 1 dBm| | ||
| + | ^ og_hardcoded.lightbridge_stm32.board_ad3_attenuation_tx1_ce ^ Transceiver attenuation value for board type 4 with Analog Devices chip, change by 1 means 0.25 dBm| | ||
| + | ^ og_hardcoded.lightbridge_stm32.board_ad3_attenuation_tx2_ce ^ Transceiver attenuation value for board type 4 with Analog Devices chip, change by 1 means 0.25 dBm| | ||
| + | ^ og_hardcoded.lightbridge_stm32.power_zone_selection_override ^ What to do when power zone is about to be selected from geo coordinates; | ||
| - | ==== Direct commands comm_mkdupc.py ===== | ||
| - | To set CE: | ||
| - | ./ | ||
| + | ====== | ||
| + | You can also use the tool comm_mkdupc.py to send commands to the RC to see the status or change status. | ||
| - | To set FCC: | + | These are commands to the RC plugged in via USB to PC using comm_mkdupc.py. This tool is a DUML Packet Builder with hex string output. https://github.com/o-gs/dji-firmware-tools |
| - | ./comm_mkdupc.py | + | |
| + | * To set CE: | ||
| - | To disallow the RC to reset the value by itself: | ||
| - | ./ | ||
| - | To check (query) currently set zone: | + | comm_mkdupc.py -vv --sender_type=PC --sender_index=1 --receiver_type=OFDM_Ground --ack_type=ACK_After_Exec --cmd_set=OFDM --cmd_id=6 --seq_num=5552 --payload_hex=" |
| - | ./comm_mkdupc.py -vv --sender_type=PC --sender_index=1 --receiver_type=OFDM_Ground --ack_type=ACK_After_Exec --cmd_set=OFDM --cmd_id=7 --seq_num=5555 --payload_hex=" | + | |
| + | |||
| + | * To set FCC: | ||
| + | |||
| + | |||
| + | comm_mkdupc.py -vv --sender_type=PC --sender_index=1 --receiver_type=OFDM_Ground --ack_type=ACK_After_Exec --cmd_set=OFDM --cmd_id=6 --seq_num=5553 --payload_hex=" | ||
| + | |||
| + | |||
| + | * To disallow the RC to reset the value by itself: | ||
| + | |||
| + | |||
| + | comm_mkdupc.py -vv --sender_type=PC --sender_index=1 --receiver_type=OFDM_Ground --ack_type=ACK_After_Exec --cmd_set=OFDM --cmd_id=6 --seq_num=5554 --payload_hex=" | ||
| + | |||
| + | |||
| + | * To check (query) currently set zone: | ||
| + | comm_mkdupc.py -vv --sender_type=PC --sender_index=1 --receiver_type=OFDM_Ground --ack_type=ACK_After_Exec --cmd_set=OFDM --cmd_id=7 --seq_num=5555 --payload_hex=" | ||
| + | |||
| + | ====== | ||
| + | Need to add install steps. | ||
| ==== Misc ==== | ==== Misc ==== | ||
| - | P1765Fw3.bin means something, service file name? | + | P1765Fw3.bin means something, service file name? gs_ofdm.bin? |
| - | m1400 is probably used only by GL300a/b; the c version likely uses m1401 | + | 1400 is probably used only by GL300a/b; the c version likely uses m1401 |
howto/p3fcchardmod.txt · Last modified: 2020/06/30 20:06 by digdat0
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
