JohnieBraaf
commented
1 year ago Hi Alex, thanks not a problem at all.
To answer your questions, there are 2 routes in hijacking the S1.
1) Root expoloit of the Control unit (with the antennas)
- It's possible to break out of the Python sandbox and install some Robomaster EP binaries
- it's not that hard, but no faults allowed, you should know linux very well, you can retain all original functionalities
- I have a complete entware installation running including webserver etc on the S1, no problem
- This option also allows the use of the official SDK including the live audio/videostream
2) Reverse engineer the protocol on some level and create control board
- This repositiory demonstrates how to do that on the CAN bus protocol
- It is also possible to do this on the M-Bus between wheels and lower control board (not in this repo)
If you would like to go down the second route, because its a nice challenge, my pointers are:
- use a usb-can driver to reverse the protocol (both for analyzing and controlling)
- use the extra can port to tap into the CAN BUS line and inspect packets (see pic attached) while in normal operation
- green and yellow wires are CAN wires (High and Low respectively)
Much of the protocol is already readable in the EP SDK repository. Have a close look at the pack / unpack code and especially where it is used, because that is exactly the same packet structure. DJI refers to it as proto commands see https://github.com/dji-sdk/RoboMaster-SDK/blob/master/src/robomaster/protocol.py#L237
And yes, you can use a raspberri pi, its an improvement to my micropython attempt, because its lacking some speed. It can be done in micropython, but probably some performance critical tasks need to be rewritten in C/C++.
Let me know if it helps, and happy hacking 👍 If you like to connect, send me a message on Linkedin
Hi,
Thanks for open sourcing this great project. Recently, I have just bought a Robomaster S1, and I would like to hijack it and make it my own robot.
Can I use a usb-can driver and connect the robot to a raspberry pi/nvidia nano instead of STM32 microcontrollers? How you reverse engineer and come out the command_list? From a CAN Analyzer?
[From a young engineer who just started to get his hand dirty with the can bus communication protocol....