微风小杨

DJI Configs parser, for FCC and 32 channel and other stuff

53 posts in this topic

Posted (edited)

Edit: According to Marcocappe 's feedback, the config i made doesn't work on ios but some other ios config works. By analysis the file i see only 2 major differences: the file length and the byte 47

in order to determine what is the key for ios parser to work, i create 2 other configs for test purpose(all with SDR boost)

https://pan.baidu.com/s/1kV3KWlD

1 is with byte 47,  2 is with byte 47 and file length extended

It's regret that I still dont get an IOS device for test yet ... so anybody's help would be much grateful.

 

By far what i can confirm is that the config does no boost on P3A app 3.1.5 fw 1.10.090, neither direct sdr function calls. And mavic pro does work on 550 fw and 4.0.7 and some other versions, all test on android

 

Hello guys this's my recent discovery 

Dji go uses configs, Most people knows how to enable 32 channel but there are hidden functions. I checked in the app, follow the DJI parser and create this config file, this will force the dji drone to run in FCC mode(still getting the list), and also, 32 channels for phantom and inspire

This is the android config parser located in dji.pilot.publics.c.a

  public static void a(Context paramContext)
  {
    int i = 1;
    File localFile = new File(paramContext.getExternalFilesDir(null), f);
    if (!localFile.exists())
      label25: return;
    dji.pilot.c.a.j = 0;
    while (true)
    {
      int j;
      try
      {
        RandomAccessFile localRandomAccessFile = new RandomAccessFile(localFile, "r");
        localRandomAccessFile.seek(36L);
        if (localRandomAccessFile.readInt() != i)
          break label178;
        j = i;
        label59: a = j;
        localRandomAccessFile.skipBytes(2);
        int k = localRandomAccessFile.readShort();
        if ((k < 0) || (k > 2))
          break label184;
        dji.pilot.c.a.j = k;
        label92: localRandomAccessFile.skipBytes(5);
        int l = localRandomAccessFile.readByte();
        if ((l & 0x1) == 0)
          break label201;
        i1 = i;
        b = i1;
        if ((l & 0x2) == 0)
          break label207;
        i2 = i;
        c = i2;
        if ((l & 0x4) == 0)
          break label213;
        i3 = i;
        d = i3;
        if ((l & 0x8) == 0)
          break label219;
        e = i;
        label178: label184: localRandomAccessFile.close();
      }
      catch (FileNotFoundException localFileNotFoundException)
      {
        localFileNotFoundException.printStackTrace();
        break label25:
        j = 0;
        break label59:
        dji.pilot.c.a.j = 0;
        break label92:
      }
      catch (IOException localIOException)
      {
        localIOException.printStackTrace();
      }
      break label25:
      label201: int i1 = 0;
      continue;
      label207: int i2 = 0;
      continue;
      label213: int i3 = 0;
      continue;
      label219: i = 0;
    }

 

i've done a research of all the variables, and know a is  "isopenallchannel",  dji.pilot.c.a.j is a switch for different upgrade url, b,c,d,e are sdr flags

  private void x()
  {
    if (dji.pilot.publics.c.a.b)
    {
      DataOsdSetSdrAssitantWrite localDataOsdSetSdrAssitantWrite1 = new DataOsdSetSdrAssitantWrite();
      localDataOsdSetSdrAssitantWrite1.a().start(null);
      localDataOsdSetSdrAssitantWrite1.join();
    }
    if (dji.pilot.publics.c.a.c)
    {
      DataOsdSetSdrForceBoost localDataOsdSetSdrForceBoost = new DataOsdSetSdrForceBoost();
      localDataOsdSetSdrForceBoost.start(null);
      localDataOsdSetSdrForceBoost.join();
    }
    if (dji.pilot.publics.c.a.d)
    {
      DataOsdSetSdrAssitantWrite localDataOsdSetSdrAssitantWrite2 = new DataOsdSetSdrAssitantWrite();
      localDataOsdSetSdrAssitantWrite2.b().start(null);
      localDataOsdSetSdrAssitantWrite2.join();
    }
    if (!dji.pilot.publics.c.a.e)
      return;
    DataOsdSetSdrAssitantWrite localDataOsdSetSdrAssitantWrite3 = new DataOsdSetSdrAssitantWrite();
    localDataOsdSetSdrAssitantWrite3.c().start(null);
    localDataOsdSetSdrAssitantWrite3.join();
  }

b and c represent force FCC and force SDR boost, d/e currently unknown. in my config opens b, in sdr boost config opens c

 

update: this is the IOS config parser decompiled

// DJIAppSettings - (void)loadDJICfg
void __cdecl -[DJIAppSettings loadDJICfg](struct DJIAppSettings *self, SEL a2)
{
  struct DJIAppSettings *v2; // r10@1
  int v3; // r0@1
  int v4; // r0@1
  int v5; // r5@1
  int v6; // r0@1
  struct DJICameraSettingObject *v7; // r4@1
  int v8; // r0@1
  int v9; // r0@1
  int v10; // r6@1
  int v11; // r1@2
  int v12; // r0@3
  int v13; // r1@5
  int v14; // r0@6
  int v15; // r1@8
  int v16; // r0@9
  int v17; // r0@9
  signed int v18; // r0@10
  int v19; // r1@13
  int v20; // r0@14
  int v21; // r1@16
  int v22; // r0@17
  int v23; // r1@19
  int v24; // r0@20
  char v25; // r5@20
  SEL v26; // r1@28
  char v27; // r2@28
  int v28; // r3@28
  int v29; // [sp+2Ch] [bp+8h]@0

  v2 = self;
  v3 = j__objc_msgSend(&OBJC_CLASS___DJIFileHelper, "fetchDocumentPath");
  v4 = j__objc_retainAutoreleasedReturnValue(v3);
  v5 = v4;
  v6 = j__objc_msgSend(v4, "stringByAppendingPathComponent:");
  v7 = (struct DJICameraSettingObject *)j__objc_retainAutoreleasedReturnValue(v6);
  j__objc_release(v5);
  v8 = j__objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:");
  v9 = j__objc_retainAutoreleasedReturnValue(v8);
  v10 = v9;
  if ( v9 )
  {
    v2->_canUseIllegalChannels = 0;
    v2->_mfiDisable = 0;
    v2->_firmwareServiceType = 0;
    v2->_limitCameraRecordingTime = 1;
    v2->_simulatorInternalDisable = 0;
    if ( (unsigned int)j__objc_msgSend(v9, "length") >= 0x29 )
    {
      v12 = j__objc_retainAutorelease(v10, v11);
      if ( *(_BYTE *)(j__objc_msgSend(v12, "bytes") + 39) == 1 )
        v2->_canUseIllegalChannels = 1;
    }
    if ( (unsigned int)j__objc_msgSend(v10, "length") >= 0x2A )
    {
      v14 = j__objc_retainAutorelease(v10, v13);
      if ( *(_BYTE *)(j__objc_msgSend(v14, "bytes") + 40) == 1 )
        v2->_mfiDisable = 1;
    }
    if ( (unsigned int)j__objc_msgSend(v10, "length") >= 0x2D )
    {
      v16 = j__objc_retainAutorelease(v10, v15);
      v17 = *(_BYTE *)(j__objc_msgSend(v16, "bytes") + 43);
      if ( v17 == 2 )
        v18 = 2;
      else
        v18 = v17 == 1;
      v2->_firmwareServiceType = v18;
    }
    if ( (unsigned int)j__objc_msgSend(v10, "length") >= 0x2E )
    {
      v20 = j__objc_retainAutorelease(v10, v19);
      if ( *(_BYTE *)(j__objc_msgSend(v20, "bytes") + 44) == 1 )
        v2->_limitCameraRecordingTime = 0;
    }
    if ( (unsigned int)j__objc_msgSend(v10, "length") >= 0x2F )
    {
      v22 = j__objc_retainAutorelease(v10, v21);
      if ( *(_BYTE *)(j__objc_msgSend(v22, "bytes") + 45) == 1 )
        v2->_simulatorInternalDisable = 1;
    }
    if ( (unsigned int)j__objc_msgSend(v10, "length") >= 0x31 )
    {
      v24 = j__objc_retainAutorelease(v10, v23);
      v25 = *(_BYTE *)(j__objc_msgSend(v24, "bytes") + 48);
      if ( v25 & 1 )
        j__objc_msgSend(v2, "setSdr_force_fcc:");
      if ( v25 & 2 )
        j__objc_msgSend(v2, "setSdr_force_boost:");
      if ( v25 & 4 )
        j__objc_msgSend(v2, "setSdr_force_2_3_G:");
      if ( v25 & 8 )
        j__objc_msgSend(v2, "setSdr_force_2_5_G:");
    }
  }
  j__objc_release(v10);
  j_j__objc_release_1(v7, v26, v27, v28, v29);
}

I only see a different that the SDR  config byte is byte 48, while in android it's byte 49. The ios config has some extra flags for useless purpose. Then i don't know why ios doesn't work, for I have already set the byte 48 the same as byte 49 on android. 

 

Here is something new I found on DJISDRBoostLogic on IOS:

if ( j__objc_msgSend(&OBJC_CLASS___DJIProductManager, "currentProductCode") == 13
    || j__objc_msgSend(&OBJC_CLASS___DJIProductManager, "currentProductCode") == 21 )
  {
    v2 = j__objc_msgSend(&OBJC_CLASS___DJIAppSettings, "instance");
    v3 = (struct DJICameraSettingObject *)j__objc_retainAutoreleasedReturnValue(v2);
    if ( j__objc_msgSend(v3, "sdr_force_fcc") )
    {
      v4 = j__objc_msgSend(&OBJC_CLASS___DJISDRParamWritePack, "alloc");
      v5 = j__objc_msgSend(v4, "initRequestFromGround:target:addr:dataType:data:");
      v6 = j__objc_msgSend(&OBJC_CLASS___DJIPackManager, "sharedInstance");
      v7 = j__objc_retainAutoreleasedReturnValue(v6);
      j__objc_msgSend(v7, "sendPack:option:completion:");
      j__objc_release(v7);
      j__objc_release(v5);
    }
    if ( j__objc_msgSend(v3, "sdr_force_boost") )
    {
      v8 = j__objc_msgSend(&OBJC_CLASS___DJIOFDMPack, "alloc");
      v9 = j__objc_msgSend(v8, "initRequest");
      v10 = v9;
      v11 = j__objc_msgSend(v9, "extHeader");
      *(_BYTE *)(v11 + 1) = *(_BYTE *)(v11 + 1) & 0xE0 | 9;
      *(_BYTE *)(j__objc_msgSend(v10, "extHeader") + 5) = 9;
      *(_BYTE *)(j__objc_msgSend(v10, "extHeader") + 6) = 60;
      v12 = j__objc_msgSend(&OBJC_CLASS___DJIPackManager, "sharedInstance");
      v13 = j__objc_retainAutoreleasedReturnValue(v12);
      j__objc_msgSend(v13, "sendPack:completion:");
      j__objc_release(v13);
      j__objc_release(v10);
    }
....

It seems that the DJISDRBoostLogic  works only for Product code 13 & 21, that is KumquatX (Mavic Pro) and KumquatL (Mavic unknown)

 

 

For a conclusion , The config bytes are arranges as follows:

                                                        Use All Channel(Int)    unused 2        FirmwareUrl(short)        unused 5           Sdr cfg

for Android:         [36 bytes unused]     00 00 00 01              00 00                 00 00                    00 00 00 00 00         01

                                                       unused 3   Use All Channel(Byte)    mfi    unused 2     FirmwareUrl(Byte)     CameraRec    simulator       unused 2     Sdr cfg      unused

for IOS:         [36 bytes unused]     00 00 00               01                       00       00 00                   00                           00                00                00 00            01              00

 

The firmware url is a selection of these url

    arrayOfString1[0] = "https://upgrade.bgcentre.com/links/links/pilot_v2";
    arrayOfString1[1] = "http://upgrade.dj2006.net/redirect/links/GO_Test";
    arrayOfString1[2] = "http://upgrade.dj2006.net/redirect/links/GO_Debug";

not know extactly if these are upgrade url

Sdr cfg is a byte with sdr flags,

0x01 is Sdr Force FCC

0x02 is Sdr Force Boost

0x04 is Sdr Force 2 3  (dont know what really mean, 2.3Ghz?)

0x08 is Sdr Force 2 5  (dont know what really mean, 2.5Ghz?)

on IOS sdr cfg , by looking at the code , seems only work for Mavic (still not test yet)

 

 

I uploaded to baidu think maybe you can download too

http://pan.baidu.com/s/1pKZP8K

For android dji go, put .DJI.Configs into /Android/data/dji.pilot/files/

For android dji go 4, put .DJI.Configs into /Android/data/dji.go.v4/files/

For ios, put this into related DJI app, not test on IOS but I think it might also work

 

The SDR boost version can be found here, try at your own risk for this have unknown side effect for your device

download http://pan.baidu.com/s/1miDRrrq password: 7dbz

Edited by 微风小杨
edit
0

Share this post


Link to post
Share on other sites

Posted (edited)

Hi and thanx!

To confirm - this is a version with FCC and 32, without boost over FCC? (i am asking because in config is "DJI CONFIG FOR BOOST"). FCC is enough for me (and safe).

Could you tell in which place in djigo app are coded the values for config? I would like to dig into it.

Edited by Kyokushin
0

Share this post


Link to post
Share on other sites
14 minutes ago, Kyokushin said:

Hi and thanx!

To confirm - this is a version with FCC and 32, without boost over FCC? (i am asking because in config is "DJI CONFIG FOR BOOST"). FCC is enough for me (and safe).

Could you tell in which place in djigo app are coded the values for config? I would like to dig into it.

it's located in dji.pilot.public.c.a, maybe vary in package within different version

and yes , this config only force FCC, not further boost up, but i think you will found way in that class

0

Share this post


Link to post
Share on other sites
1 hour ago, 微风小杨 said:

I dont know how to Edit thread but the previous config might affect update url for dji product. A safer version is here

https://pan.baidu.com/s/1bP0CX4

I downloaded that file, but when unrar it, there is only Readme.txt, nothing else.

0

Share this post


Link to post
Share on other sites
14 hours ago, 微风小杨 said:

I dont know how to Edit thread but the previous config might affect update url for dji product. A safer version is here

https://pan.baidu.com/s/1bP0CX4

How is this different to what's already in the 4.1.3v5 version (FCC default)?

Also, does this also boost the mavic side (HD)?

Thanks.

0

Share this post


Link to post
Share on other sites
12 hours ago, gregw said:

I downloaded that file, but when unrar it, there is only Readme.txt, nothing else.

It's a small "hidden" file. Just select "show hidden files" in your file manager.

0

Share this post


Link to post
Share on other sites
8 hours ago, MacIak said:

How is this different to what's already in the 4.1.3v5 version (FCC default)?

Also, does this also boost the mavic side (HD)?

Thanks.

The signal strength would be identical to the  countrycode FCC default app.

There is also a SDR boost version, This will outperform FCC. yes , this version boost the mavic side. but try at your own risk for this have unknown effect on the device

download https://pan.baidu.com/s/1sljUQlv password: 9ajb

0

Share this post


Link to post
Share on other sites
1 hour ago, 微风小杨 said:

The signal strength would be identical to the  countrycode FCC default app.

There is also a SDR boost version, This will outperform FCC. yes , this version boost the mavic side. but try at your own risk for this have unknown effect on the device

download https://pan.baidu.com/s/1sljUQlv password: 9ajb

seem not work on my mavic pro (.200 + 4.1.3 fcc patched)

0

Share this post


Link to post
Share on other sites
1 hour ago, singlag said:

seem not work on my mavic pro (.200 + 4.1.3 fcc patched)

the result was tested on .550+4.0.6 and .900+4.1.3, don't know if it works on other firmware

0

Share this post


Link to post
Share on other sites

Posted (edited)

Is there actually any proof out there that also the HD is better/boosted? 

Field test shows no increase of HD signal in same conditions.(LoS, unobstructed, little interference, non congested area.)

Edited by MacIak
add text
0

Share this post


Link to post
Share on other sites

Posted (edited)

2 hours ago, MacIak said:

Is there actually any proof out there that also the HD is better/boosted? 

Field test shows no increase of HD signal in same conditions.(LoS, unobstructed, little interference, non congested area.)

do you use IOS or Android? Our result is simply represented by distance doubled

Edited by 微风小杨
add
0

Share this post


Link to post
Share on other sites

In the stock CE system the "HD" link is stronger than the rc signal. So when the RC is boosted to FCC, the range will increase until the HD signal in CE mode becomes unusable. This might indeed double the range.

The question is: when a flightleg is flown in CE mode and HD is observed to drop to 1-2  bars, when flying the same route in FCC mode, is the HD link proven to be stronger (3-4 bars)?

In my tests the HD remained unchanged.

Im on android.

0

Share this post


Link to post
Share on other sites

I cant seem to download it from Baidu, I don't know chinese. Is there any other link to the files? I have iOS as well, has it been tested to work on iOS? I have version 4.1.3

0

Share this post


Link to post
Share on other sites

Posted (edited)

8 hours ago, MacIak said:

In the stock CE system the "HD" link is stronger than the rc signal. So when the RC is boosted to FCC, the range will increase until the HD signal in CE mode becomes unusable. This might indeed double the range.

The question is: when a flightleg is flown in CE mode and HD is observed to drop to 1-2  bars, when flying the same route in FCC mode, is the HD link proven to be stronger (3-4 bars)?

In my tests the HD remained unchanged.

Im on android.

i know that HD will become the short part when FCC is open. but we do observed a siginificant improvement on HD with the sdr boost config. our test is fly with the stock config/FCC config to the farest distance until rc or hd drops to empty, then re-enter dji go with config to see how the signal change. 

can you provide the firmware version you use?

Edited by 微风小杨
0

Share this post


Link to post
Share on other sites

Posted (edited)

2 hours ago, GCBrent said:

I cant seem to download it from Baidu, I don't know chinese. Is there any other link to the files? I have iOS as well, has it been tested to work on iOS? I have version 4.1.3

Some of my friend say it do not work on ios, some say will, the ios uses a slightly different parser on the SDR config byte, i'll do some test with ios to see how ios parser works

you can just press the button on baidu link 下载(372B)

Edited by 微风小杨
add
0

Share this post


Link to post
Share on other sites
1 minute ago, 微风小杨 said:

Some of my foes say it do not work on ios, some say will, the ios uses a slightly different parser on the SDR config byte, i'll do some test with ios to see how ios parser works

Thanks for that! I wouldn't mind testing either if I can get a link to it... Baidu is impossible for non-English speaking noobs.

0

Share this post


Link to post
Share on other sites

Sorry, meant non-Chinese speaking...

0

Share this post


Link to post
Share on other sites

I have downloaded the file. Where do I put it in the DJI Go folders?

0

Share this post


Link to post
Share on other sites
15 minutes ago, GCBrent said:

I have downloaded the file. Where do I put it in the DJI Go folders?

i dont have ios yet, but for what i've told just push the file with itune into the app folder. or you can do a search if there already exist such a file

0

Share this post


Link to post
Share on other sites
9 hours ago, 微风小杨 said:

i know that HD will become the short part when FCC is open. but we do observed a siginificant improvement on HD with the sdr boost config. our test is fly with the stock config/FCC config to the farest distance until rc or hd drops to empty, then re-enter dji go with config to see how the signal change. 

can you provide the firmware version you use?

I m on .0200 and go4 4.1.3

Im indeed hesitant on using sdr cause the mentioned heating issue.

0

Share this post


Link to post
Share on other sites

Posted (edited)

21 hours ago, MacIak said:

I m on .0200 and go4 4.1.3

Im indeed hesitant on using sdr cause the mentioned heating issue.

i think in most situation the FCC is good enough for about 4~5 km remote control outside the city. With reflect board mounted on wavelength and manually set HD to 10mhz bandwidth with proper channel this can be extend like +80 percent, getting further distance is meanless unless you are those like one-way-tripper cause battery drains really quick. The sdr config is just for test or for those who fly upon the city, in my city(Shenzhen) with FCC i can only get around 2.0 km before HD flash red in 20mhz bandwidth mode.  

For the test around my friends most android user with newer FW/App (like 550, 800, 900, with App 4.0.7/4.1.3)get positive result with SDR and FCC configs, don't know if 200 is too old or something, and dont know if there are differences between dji go in china and outside.  And most IOS user test get negative result, i think the ios have a different config parser, or the config should place in a special folder i dont know , will try to do some reverse around ios app

Edited by 微风小杨
0

Share this post


Link to post
Share on other sites

New to iOS, but how do you copy the file to the DJI GO4 directory?

0

Share this post


Link to post
Share on other sites

When in the Go App in iTunes, add file and point it towards the new config file.

0

Share this post


Link to post
Share on other sites

Anyone tried with a spark? Im using IOS with a controller but i cant see any noticeable difference 

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.