noahwilliamsson
commented
9 years ago Thank you for the kind words and sorry for the delayed response (I have email notifications turned off).
Unfortunately ser2net limits the number of connections to an exported serial port to one. That means you can't have the Vision app talking to the raw port (2001) while your own program simultaneously talks to the telnet port (3011).
If you tried to connect to port 3011 while the Vision app is talking to port 2001 you'd receive a message that said Port's device already in use and then ser2net would immediately close the connection.
As someone pointed out in the thread you linked to it's possible to modify /etc/ser2net.conf to have ser2net write tracefiles with logs of the data it sends and receive. I believe there is at least one custom app out there that's using this approach to get its hand on Phantom data while simultaneously allowing the DJI Vision app to do its thing.
If you could get custom software running on the range extender (by cross-compiling for the platform or installing a script interpreter) you could probably write something up that would accept a connection on port 2001 (which the Vision app expects to talk to), forward that traffic to the actual ser2net port (which you would need to change in ser2net.conf) and at the same time mirror the traffic that's being exchanged between port 2001<->ser2net to another port (using some protocol that differentiates incoming from outgoing traffic) which your custom app connects to.
The IP-address you're connecting to, 192.168.1.2, is the WiFi range extender (the Phantom is at 192.168.1.1). This protocol seems to have some similarities with the one the Phantom speaks but I haven't looked into it. I would guess the data it sends is battery related. Perhaps number of times the battery has been charged and how much charge is left?
FWIW, looking up the range extender at FCC using its FCC ID SS3-RE7001402 seems to suggest it has a 3.7V 2000mAh battery in it.
Here's an example of the data I'm seeing while talking to port 3011 on my range extender. (The first twelve bytes are four Telnet Interpret-As-Command sequences and then there's a banner that's configured in ser2net.conf).
$ nc 192.168.1.2 3011 |hexdump -C
00000000 ff fb 03 ff fb 01 ff fe 01 ff fd 00 74 68 69 73 |............this|
00000010 20 69 73 20 73 65 72 32 6e 65 74 20 54 43 50 20 | is ser2net TCP |
00000020 70 6f 72 74 20 33 30 31 31 20 64 65 76 69 63 65 |port 3011 device|
00000030 20 2f 64 65 76 2f 74 74 79 53 30 0d 0a 73 65 63 | /dev/ttyS0..sec|
00000040 6f 6e 64 20 6c 69 6e 65 20 74 68 69 72 64 20 6c |ond line third l|
00000050 69 6e 65 0d 0a 35 35 42 42 30 37 30 41 34 33 31 |ine..55BB070A431|
00000060 37 46 46 20 0d 0a 35 35 42 42 30 37 30 41 34 33 |7FF ..55BB070A43|
00000070 33 36 46 46 20 0d 0a 35 35 42 42 30 37 30 41 34 |36FF ..55BB070A4|
00000080 33 32 31 46 46 20 0d 0a 35 35 42 42 30 37 30 41 |321FF ..55BB070A|
00000090 34 33 34 30 46 46 20 0d 0a 35 35 42 42 30 37 30 |4340FF ..55BB070|
...
00007810 35 35 42 42 30 37 30 41 34 33 31 32 46 46 20 0d |55BB070A4312FF .|
00007820 0a 35 35 42 42 30 37 30 41 34 33 30 37 46 46 20 |.55BB070A4307FF |
00007830 0d 0a 35 35 42 42 30 37 30 41 34 33 31 32 46 46 |..55BB070A4312FF|
00007840 20 0d 0a 35 35 42 42 30 37 30 41 34 33 30 37 46 | ..55BB070A4307F|
00007850 46 20 0d 0a 35 35 42 42 30 37 30 41 34 33 31 32 |F ..55BB070A4312|
00007860 46 46 20 0d 0a 35 35 42 42 30 37 30 41 34 33 30 |FF ..55BB070A430|
00007870 37 46 46 20 0d 0a 35 35 42 42 30 37 30 41 34 33 |7FF ..55BB070A43|
00007880 31 32 46 46 20 0d 0a 35 35 42 42 30 37 30 41 34 |12FF ..55BB070A4|
00007890 33 30 37 46 46 20 0d 0a 35 35 42 42 30 37 30 41 |307FF ..55BB070A|
000078a0 34 33 30 37 46 46 20 0d 0a 35 35 42 42 30 37 30 |4307FF ..55BB070|
...
0000ab00 35 42 42 30 37 30 41 34 32 39 38 46 46 20 0d 0a |5BB070A4298FF ..|
...
0000c8d0 35 35 42 42 30 37 30 41 34 32 39 33 46 46 20 0d |55BB070A4293FF .|
...
0000ff00 35 35 42 42 30 37 30 41 34 32 37 38 46 46 20 0d |55BB070A4278FF .|And some time later it stops doing the 55BB dance and instead sends:
$ nc 192.168.1.2 3011 |hexdump -C
00000000 ff fb 03 ff fb 01 ff fe 01 ff fd 00 74 68 69 73 |............this|
00000010 20 69 73 20 73 65 72 32 6e 65 74 20 54 43 50 20 | is ser2net TCP |
00000020 70 6f 72 74 20 33 30 31 31 20 64 65 76 69 63 65 |port 3011 device|
00000030 20 2f 64 65 76 2f 74 74 79 53 30 0d 0a 73 65 63 | /dev/ttyS0..sec|
00000040 6f 6e 64 20 6c 69 6e 65 20 74 68 69 72 64 20 6c |ond line third l|
00000050 69 6e 65 0d 0a d3 0c 42 d3 1c 42 d3 18 42 d3 18 |ine....B..B..B..|
00000060 42 d3 18 42 d3 0c 42 d3 18 42 d3 18 42 d3 1c 42 |B..B..B..B..B..B|
00000070 d3 1c 42 d3 0c 42 d3 1c 42 d3 1c 42 d3 18 42 d3 |..B..B..B..B..B.|All I can tell from this data is that some of the numbers seem to decrease over time. And that you get "55BB 07 04" while I get "55BB 07 0A". Perhaps that last 04/0A byte could be the number of full charges the range extender's battery has received?
Morgon
Fantastic work so far!
I found something a few weeks ago, but don't have the experience to really vet it out. ser2net allows two connections to a serial port - one 'raw' data connection (2001, as you know), and one telnet port. The telnet port is configured as 3011.
When you telnet to 3011, you get some interesting output that seems quite similar to the message packets, although after looking through your C library, seems like it's the 0xFF error state. I'm curious if there is some way of obtaining useful data from here, though.. perhaps sending some sort of ack packet? (Dunno if the raw stream connection does that - we'd have to sniff the traffic from right before the Vision app connects)
My essential goal here is to be able to write some sort of program/library that can obtain data real-time from the Phantom with a second device (initially a computer), while allowing the phone/tablet-based Vision app to operate normally and uninterrupted.
Thoughts?
Here's the output from my brief test:
λ telnet 192.168.1.2 3011 Trying 192.168.1.2... Connected to 192.168.1.2. Escape character is '^]'. this is ser2net TCP port 3011 device /dev/ttyS0 second line third line 55BB07043897FF 55BB07043883FF 55BB07043887FF 55BB07043897FF ? B?NBBB?NB? B?NB?HB?B?NBB?NB?JB?B?JBB?NB?NB?B?JB?