RF Controller - Part 4
I've managed to find time to capture some data from the other 2 controllers I have, but the sad state of my laptop has prevented me doing too much. Thankfully a new laptop is arriving soon and I have taken the time to look at the data I did capture in more detail.
Preamble & Sync Words
From the original controller I was expecting to see
- 40 byte preamble
- 4 sync words, 0x5a475250
Sure enough that was exactly what I found :-) Looking at the decoded hex for the 2nd controller,
This confirms my initial theories and shows that the sync words are fixed across all controllers.
Identifier?
Having found that the next 4 bytes were variable but the subsequent 4 (which I believe to be an identifier) were identical, I checked this for the additional controllers. I expected the identifier to be different from the initial controller, but identical in all captured transmissions.
This seems to confirm that the second 4 byte block is a unique identifier. Whether it is unique to the controller or the controller & receiver pairing I will investigate further.
Header?
If the second 4 byte block is an identifier, then a logical assumption is that the first 4 byte block is a message header. With the variable length of the messages I was expecting to see a length encoded somewhere, but it's not obvious.
This means presently I consider the RF data to be formatted as
Message Lengths
Looking at the messages there are only a few payload lengths that are received. Checking the control bytes against the payload length shows there is a relationship.
The first byte of the payload is another candidate for the length and in fact looking at that byte shows another relationship.
The next step is to capture a pairing sequence and see if that reveals any more useful information.