Just a few years ago, palm sized radio controlled toys were nothing more than a dream. Today, you can find them at every mall, toy store, and hobby shop. [Alvaro] couldn’t resist the tiny Estes Proto X quadcopter. While he enjoyed flying the Proto X, he found that the tiny controller left quite a bit to be desired. Not a problem for [Alvaro], as he embarked on a project to reverse engineer the little quad.
Inside the quadcopter and its lilliputian radio, [Alvaro] found a STM8 based processor and an Amiccom A7105 2.4G FSK/GFSK Transceiver radio. The A7105 is well documented, with datasheets easily obtained on the internet. The interface between the processor and the radio chip was the perfect place to start a reverse engineering effort.
With the help of his Saleae logic analyzer, [Alvaro] was able to capture SPI data from both the quadcopter and the transmitter as the two negotiated a connection. The resulting hex files weren’t very useful, so [Alvaro] wrote a couple of Python scripts to decode the data. By operating each control during his captures, [Alvaro] was able to reverse engineer the Proto X’s control protocol. He tested this by removing the microcontroller from the remote control unit and wiring the A7105 to a STM32F4 dev board. Connecting the STM32 to his computer via USB, [Alvaro] was able to command the quad to take off. It wasn’t a very graceful flight, but it did prove that his grafted control system worked. With basic controls covered, [Alvaro] knocked up a quick user interface on his computer. He’s now able to fly the quadcopter around using keyboard and mouse. Not only did this prove the control system worked, it also showed how hard it is to fly a real aircraft (even a tiny model) with FPS controls.
The Estes Proto X is actually manufactured by Hubsan, a China based manufacturer best known for the x4 series of mini quadcopters. Since the Proto X and the x4 share the same communication protocol, [Alvaro’s] work can be applied to both. With fully computer controlled quads available for under $30 USD, we’re only a few cameras (and a heck of a lot of coding) away from cooperative drone swarms akin to those found in the University of Pennsylvania GRASP Lab.
Continue reading “Reverse Engineering The Proto X Quadcopter Radio”