
Looking at my Piwik stats I've seen some interest with my previous DJI Phantom 3 posts.
I've also seen a guy that has quite the same goal as me:
writing a PC-based ground station software to drive a phantom 3.
So I guess it's time to speak of my discoveries regarding the protocol that is spoken
between the remote controller, the camera, the mobile app and the drone.
Protocol basics
Header
First the packets are split in two parts: a header and a payload.
The header has the following format:
-------------------------------------------------------------------------
| 0 0 0 0 0 0 0 0 | 0 0 1 1 1 1 1 1 | 1 1 1 1 2 2 2 2 | 2 2 2 2 2 2 3 3 |
| 0 1 2 3 4 5 6 7 | 8 9 0 1 2 3 4 5 | 6 7 8 9 0 1 2 3 | 4 5 6 7 8 9 0 1 |
|-----------------------------------------------------------------------|
| magic - 0x55 | payload length | version | crc8 |
-------------------------------------------------------------------------
There's the 0x55 magic on 1 byte. Followed by a lenVer field on 2 bytes, it contains
length of the payload and version of the protocol in the 6 upper bits. And then you have
a custom crc8 of the first 3 bytes.
The payload size is limited to 4096 bytes.
As magic and protocol version never change, you can notice that only the size of the
payload influence the crc8. So you can have a table that list some lengths and give the
expected crc8 result.
The crc8 is there to be sure we have a header and that we may read the payload (well we
can't be sure as it's just a crc8 but at least it give a good level of confidence).
Read more…