chupo_cro
Member
Hi all, my first post here.
I was flying flight simulators since ZX Spectrum back in the 80s so i decided to try to fly some beginner quadcopter. For $28 I bought Syma X5 (not X5C) with the transmitter + charger, spare blades, 5 in 1 charging cable, battery and a screwdriver - I thought this would be really basic introduction to quadcopters with just 20 - 30 meters of range but I was surprised when I saw the range was more than 275 m (more than 900 ft)!?
Before I ordered the drone I read many threads about range extending mods - that was why I was surprised with the drone having triple range compared to already modded Syma X5(C) quadcopters. After some reading it seems that new Syma X5 drones with v6 boards have such range because they are using Beken ICs (with more output power than NRF24L01+) and because they lowered the bitrate to 250 kbps in the new firmware.
Since I would like to do (at least) two things:
1. Use Syma's remote to control the devices inside the house (lights, temperature, ...)
2. Design my own flight control PCB to replace the original one (*)
I am interested in communication protocol used by v6 boards. I captured some communication traffic with NRF24L01+ using the method similar to the method described here (this should be a link) and I compared the data with the source codes of symaxrx and nrf24_multipro projects (these were links) but the protocol used by my transmitter is different. For example, this is what I am receiving at channel 60 after binding:
1 ms: 7451 Ch: 60 Data: 8362ab3bc54c8b6d2ecaa9baaad6d56abeabb52b5dd4a5f56a6db6af14aa4252
2 ms: 35870 Ch: 60 Data: 284a4cb40000000000c04040036cabfdffefffffffffffffffbffffdfffbffef
3 ms: 65091 Ch: 60 Data: 284a4cb40000000000c04040036cabfdff7fffffdd95ceb9726852d354a9fdac
4 ms: 74148 Ch: 60 Data: 284a4cb40000000000c04040036cabfdffdffeffffdfffffffffffefffffffbf
5 ms: 81478 Ch: 60 Data: 284a4cb40000000000c04040036cabfdffff7fffffffff7f66f7eb5e8c97a4a9
6 ms: 83551 Ch: 60 Data: 00000000002ef40006ad36df9fbeeb7d776fd5faaaaeb7cab0bdeeea6d966eaa
7 ms: 96224 Ch: 60 Data: be4a4cb4000002ff64c04040036cbffdaffffedd122b515c95652d652d5252b2
8 ms: 97945 Ch: 60 Data: a482809ab9535cc6af2d6c2aed69d94b35f4aec4db69294b5564cdd57695bd2d
(no code formatting or fixed size fonts?)
284a4cb40000... can be used to decode the address and to recognize the protocol (someone who already did reverse engineering will recognize the data). This is when assumed preamble is 0xaa and when assumed preamble is 0x55 the captured data changes to 1425265a0000... (all shifterd one bit to the right).
So the question is - does anyone have any information about the communication protocol used by Syma X5/X5C quadcopters with boards version 6?
(*)
I am aware of several open source quadcopter firmware projects but I would like to make my own AVR based board (both hardware and firmware) from scratch - and then to make my own firmware for Eachine H8 mini ARM board (based upon the h8mini-dual (this should be a link) code).
ps
Flight time with the stock 500 mAh I got with X5 (it is in fact 625 mAh measured by iMAX B6) was 11 minutes and 15 seconds!!
pps
Sice this is my very first post I couldn't insert hyperlinks but I will insert them as soon as I will have enough post.
I was flying flight simulators since ZX Spectrum back in the 80s so i decided to try to fly some beginner quadcopter. For $28 I bought Syma X5 (not X5C) with the transmitter + charger, spare blades, 5 in 1 charging cable, battery and a screwdriver - I thought this would be really basic introduction to quadcopters with just 20 - 30 meters of range but I was surprised when I saw the range was more than 275 m (more than 900 ft)!?
Before I ordered the drone I read many threads about range extending mods - that was why I was surprised with the drone having triple range compared to already modded Syma X5(C) quadcopters. After some reading it seems that new Syma X5 drones with v6 boards have such range because they are using Beken ICs (with more output power than NRF24L01+) and because they lowered the bitrate to 250 kbps in the new firmware.
Since I would like to do (at least) two things:
1. Use Syma's remote to control the devices inside the house (lights, temperature, ...)
2. Design my own flight control PCB to replace the original one (*)
I am interested in communication protocol used by v6 boards. I captured some communication traffic with NRF24L01+ using the method similar to the method described here (this should be a link) and I compared the data with the source codes of symaxrx and nrf24_multipro projects (these were links) but the protocol used by my transmitter is different. For example, this is what I am receiving at channel 60 after binding:
1 ms: 7451 Ch: 60 Data: 8362ab3bc54c8b6d2ecaa9baaad6d56abeabb52b5dd4a5f56a6db6af14aa4252
2 ms: 35870 Ch: 60 Data: 284a4cb40000000000c04040036cabfdffefffffffffffffffbffffdfffbffef
3 ms: 65091 Ch: 60 Data: 284a4cb40000000000c04040036cabfdff7fffffdd95ceb9726852d354a9fdac
4 ms: 74148 Ch: 60 Data: 284a4cb40000000000c04040036cabfdffdffeffffdfffffffffffefffffffbf
5 ms: 81478 Ch: 60 Data: 284a4cb40000000000c04040036cabfdffff7fffffffff7f66f7eb5e8c97a4a9
6 ms: 83551 Ch: 60 Data: 00000000002ef40006ad36df9fbeeb7d776fd5faaaaeb7cab0bdeeea6d966eaa
7 ms: 96224 Ch: 60 Data: be4a4cb4000002ff64c04040036cbffdaffffedd122b515c95652d652d5252b2
8 ms: 97945 Ch: 60 Data: a482809ab9535cc6af2d6c2aed69d94b35f4aec4db69294b5564cdd57695bd2d
(no code formatting or fixed size fonts?)
284a4cb40000... can be used to decode the address and to recognize the protocol (someone who already did reverse engineering will recognize the data). This is when assumed preamble is 0xaa and when assumed preamble is 0x55 the captured data changes to 1425265a0000... (all shifterd one bit to the right).
So the question is - does anyone have any information about the communication protocol used by Syma X5/X5C quadcopters with boards version 6?
(*)
I am aware of several open source quadcopter firmware projects but I would like to make my own AVR based board (both hardware and firmware) from scratch - and then to make my own firmware for Eachine H8 mini ARM board (based upon the h8mini-dual (this should be a link) code).
ps
Flight time with the stock 500 mAh I got with X5 (it is in fact 625 mAh measured by iMAX B6) was 11 minutes and 15 seconds!!
pps
Sice this is my very first post I couldn't insert hyperlinks but I will insert them as soon as I will have enough post.