goebish
commented
3 years ago Hi,
A nrf24l01 can be used to dump packets sent by a xn297 (RF part built into XNS1042CV) but the nrf24 multipro project doesn't have the code to do that. (hint: on the nrf receiver, use a 3 byte address length with value 0x55, 0x0F, 0x71 with CRC disabled, find a channel / bitrate that receives data then unscramble it since most of the time xn297 whitening is enabled).
The DIY 4-in-1 Multiprotocol module can dump xn297: https://github.com/pascallanger/DIY-Multiprotocol-TX-Module/blob/master/Multiprotocol/XN297Dump_nrf24l01.ino
Or you can use a SDR: https://github.com/goebish/XN297_dumper
Or a DeviationTX radio: https://www.youtube.com/watch?v=pWWmSvUSex4
Also, a nrf24l01 is good at emulating a xn297 running @ 1 Mbps bitrate but for 250 kbps better use a TI CC2500 instead. Oh, and this project is dead, you'd better contribute to DIY Multiprotocol TX Module ;)
@pascallanger I'm not sure but I think you've already worked on the C17 ?
edit: seems like this protocol has already been reverse engineered, it's named gd00x and there are 2 versions (v1, v2) Deviation source code (using nrf24l01, v1 only, unstable): https://github.com/DeviationTX/deviation/blob/master/src/protocol/gd00x_nrf24l01.c DIY Multiprotocol source code (using NRF24, or CC2500 if installed, v1 & v2): https://github.com/pascallanger/DIY-Multiprotocol-TX-Module/blob/master/Multiprotocol/GD00X_nrf24l01.ino (don't expect it to work properly with nrf24...)
pascallanger
I have a C17 airplane from Banggood (the same is also sold by FliteTest as the FT Freighter, so I added that for searchability) which has a XNS1042CV in the controller. It is the only chip and the antenna is wired in, so it is probably an MCU+RF chip.
I would like to reverse engineer the protocol and get support added to the nrf_multipro software.
Hopefully I have the requisite skills. I am an engineer by trade. :) I have an extra NRF24 module. Can that be put into sniffing mode for this chip? I've done a bit of reading, but haven't seen simple Arduino code yet. I'm looking for some direction. Is this possible without an SDR?