With the availability of the new 2.4 GHz transmitter modules from various vendors, I was wondering if it would be possible to directly get the channel data from the transmitter instead of reading out the PPM signal. I love my EVO, and so I chose to find more information about it. First thing on the list was a patent search... and I found DE 198 18 919 C 1. This German patent explains how the EVO and its RF module work together. Traditionally, the transmitter would directly send the PPM signal to the rf module, which would then takes this signal to directly modulate the rf. The EVO setup goes a different route. The transmitter send information to the rf module, which generates the modulation signal itself. The patent does not describe the protocol, but that was fairly easy:
This image shows the overview of the signals (pin-out rf connector, from top: D Tx->Rf, Rf EN, Vcc, GND, D Rf->Tx, Rf)
Now we zoom into the different regions. The transmitter sets Rf EN to low, and queries the rf module by a 'v', (19200 baud, 1 start bit, no parity, 1 stop bit).
The module responds in clear text:
Next comes a query for the scanner with a '?'. The scanner reports the channel and the frequency...
... followed by the measured intensity.
Now, the Tx requests rf by sending an 'a':
Which is promptly done:
The transmitter switches to 116 kBaud and sends the channel info package every 24.2 ms. The first byte contains the number of channels (e.g. 0x09), then the channel information is encoded in two bytes each, containing 12 bit signed values:
Simple as that...
If you want to analyze the data yourself, you may download this
startup sequence recorded from a RoyalPro with Firmware 3.30 set to 9 channels, with ch1 set to -100, ch2 to +100 and the rest to 0. The software for the analysis you'll find
here. And
here you'll find the same data recorede with firmware 2.62.