RC Groups

RC Groups
    DIY Electronics
        Discussion Walkera DEVO Tx Hacking

#1 rcH4x0r Mar 10, 2012 12:47 PM

Walkera DEVO Tx Hacking
 
I put together a little tool for editing the bitmaps in Walkera Devo 6, 8 & 12 after chatting to FDR_. You can find it here

When you open a Walkera lib you will be presented with a list of "resource elements" each of which contains one or more bitmaps. Double clicking on a "resource element" allows you browse the bitmaps in that element and import/export the bitmaps as standard Windows bitmap files. When importing a bitmap it must be the same size as the original.

You can also export all the bitmaps in a Walkera lib file (use the export all button).

If you modify any of the bitmaps in the file you can update it with your changes and the app will fix up the CRC for you. The modified file can then be flashed to your Tx as usual - obviously use a lib file that matches your Tx's firmware

Note: This app is provided "as-is" and with no warranty. If it bricks your Tx then I am not responsible. That said, it really shouldn't since all we are doing is changing the contents of the bitmaps.

Happy Hacking!

http://rch4x0r.com/heli.bmp

Edit: Update v0.2 tool can be found here

Adds support for import/export of strings. Strings will be extracted to a .rtf file

European languages, make sure your editor handles UTF-7
Chinese, make sure your editor handles Bigendian Unicode

For some reason the Chinese strings don't display correctly.

Edit: Update v0.2A tool can be found here

#2 SadSack Mar 10, 2012 01:12 PM

still not getting one :D

:popcorn:

#3 FDR_ Mar 10, 2012 01:18 PM

Please, make the window sizable! :D

#4 FDR_ Mar 10, 2012 02:52 PM

Where to go now with the hacking project? :D

The library is almost done:
0-24. Pictures
25. all null
26. Bold font
27-28. Normal font
29. Chinese font
30. all null
31. String table

So the annoying sounds are in the firmware... :censored:

#5 rcH4x0r Mar 10, 2012 03:49 PM

That rather depends on what you want to achieve. For me the next things are:
-Reverse the FW to understand the transmitted packet format
-Reverse teh HW to understand what's connected to where

#6 FDR_ Mar 10, 2012 04:00 PM

Yes, that is the question indeed... :D:D:D

I think the most important thing would be the compatibility with other non-DEVO receivers, ie protocols for Walkera 24xx, 26xx, 28xx, and perhaps protocols of the others: DSM2/DSMx would be nice! :D
I know you have already reverse engineered the 24xx protocol! ;)

#7 rcH4x0r Mar 10, 2012 04:56 PM

I looked at the older 4 channel Walkera Txs, particularly the SPI bus between the MCU and CYRF chip, I think I understand a lot of the protocol but not all. Hopefully the Devo protocol is similar enough that it will give some hints as to the missing info.

Whether other protocols can be supported depends on the RF HW. I really doubt other protocols could be hacked into the Devo Tx's FW, I think you would need a new FW designed to support multiple protocols. Judging by the way the Lib files work the Devo FW is probably not that great :s

The telemetry module is interesting though, it's based on the CYRF6936, the same chip as the older Walkera kit. In the worst case we have an easy to access SPI bus to play with....

#8 NorCalMatCat Mar 11, 2012 01:03 AM

Woop, I started another thread on this subject after looking up and down to see if one existed :P I am really interested in trying to hack the firmware itself.

#9 FDR_ Mar 11, 2012 04:27 AM

Quote:

Originally Posted by rcH4x0r (Post 20996667)
I looked at the older 4 channel Walkera Txs, particularly the SPI bus between the MCU and CYRF chip, I think I understand a lot of the protocol but not all. Hopefully the Devo protocol is similar enough that it will give some hints as to the missing info.

Whether other protocols can be supported depends on the RF HW. I really doubt other protocols could be hacked into the Devo Tx's FW, I think you would need a new FW designed to support multiple protocols. Judging by the way the Lib files work the Devo FW is probably not that great :s

The telemetry module is interesting though, it's based on the CYRF6936, the same chip as the older Walkera kit. In the worst case we have an easy to access SPI bus to play with....

There are some information about it:
http://9xforums.com/forum/viewtopic.php?f=5&t=362
They even link your pages... :D

The telemetry module IS the standard RF module of the DEVO 8 and 12. They do all the communication throw it. It is only a revised version of some kind. There are reports, that telemetry works with the original modules too...

#10 NorCalMatCat Mar 11, 2012 05:05 AM

Could it just be that it needs 2 radio links to work? One handling servos, the other telemetry?

#11 FDR_ Mar 11, 2012 05:34 AM

Quote:

Originally Posted by NorCalMatCat (Post 21000680)
Could it just be that it needs 2 radio links to work? One handling servos, the other telemetry?

How do you mean? I don't get it... :rolleyes:

#12 rcH4x0r Mar 11, 2012 06:02 AM

The old 4 channel Walkera sets based on CYRF6936 had what I think is a pre amplifier on the receiver. The CYRF6936 is capable of transmitting and receiving but not at the same time (half duplex) so it could handle both tasks.

If the telemetry function needs a preamp then that would explain the need for a physical upgrade rather than a software update.

There's two SPI busses being used in the 8S firmware I have looked at, I dont know which is which yet.

SPI1 uses bit 2 of GPIO Port B for CS
SPI2 uses bits 8 & 12 of GPIO Port B for CS (2 pins for CS ?!?)

Can anybody who opened their Devo8 tell me where these GPIOs go? My Devo8 is on its way from HK....

#13 FDR_ Mar 11, 2012 06:36 AM

Quote:

Originally Posted by rcH4x0r (Post 21000842)
The old 4 channel Walkera sets based on CYRF6936 had what I think is a pre amplifier on the receiver. The CYRF6936 is capable of transmitting and receiving but not at the same time (half duplex) so it could handle both tasks.

If the telemetry function needs a preamp then that would explain the need for a physical upgrade rather than a software update.

There's two SPI busses being used in the 8S firmware I have looked at, I dont know which is which yet.

SPI1 uses bit 2 of GPIO Port B for CS
SPI2 uses bits 8 & 12 of GPIO Port B for CS (2 pins for CS ?!?)

Can anybody who opened their Devo8 tell me where these GPIOs go? My Devo8 is on its way from HK....

I hope you have ordered the DEVO 8S with RX802! :D

#14 mescalinedream Mar 11, 2012 11:57 AM

So I take it that no one is even going to try and hack the devo 7. I wish I had the money for the 8 when I bought my mini combo. I like the 7 though it does what I need it to. I just wish I could have an alarm that goes off after 3 minutes of inactivity. I always forget to shut it off. I would also like it if the timer could be stopped while throttle hold is on. I always forget to stop the timer when I crash.

#15 bobepine Mar 11, 2012 12:08 PM

What are the benefits of hacking?

Thanks!

Chris


All times are GMT -5. The time now is 02:59 PM.