Skip to content
Advertisement

dev/ttyO0 used in AR Drone 2.0 – Reverse Enginnering

I read an interesting article about coding for the AR Drone 2.0 from Parrot. In this code they us nodeJS to talk to the drone. Therefore the code starts out with creating a Stream to /dev/ttyO0

I am starting out to learn more about the background of linux functionalities and would like to know:

  • How do you initially find out that the dev/ttyO0 is being used, for example on the drone which runs on linux. It is kind of reverse engineering I think, but what tools or commands are being used therefore?
  • When I want to reverse engineer a system like the drone, and find out which commands are being sent, is there something like a “sniffer” to find out what commands are being sent?

I know this is not a short and easy answer, but I would be happy to learn more about that or find out, where to learn about that. But initially the question about finding the right device would be very interesting.

Thank you

Advertisement

Answer

I don’t know the answer to the first part of your question, but I can address the second part.

Yes, the AR.Drone uses TCP and UDP for all communications between the drone and the controller app, including commands, telemetry and video. You can use a standard network sniffer, like tcpdump or Wireshark. When you connect to the drone, its default IP address is 192.168.1.1. Configure the sniffer to capture all traffic to and from that address. Here are some highlights of what you can see:

  • Command/”AT” comms, UDP on port 5556: This port is used to send commands to the drone. Commands are in ASCII, and look like AT*..., for example AT*REF=7,256 or AT*PCMD=7,1,-1110651699,0,0,1050253722. Section 6 of the AR.Drone Developer Guide describes most (but not all) of the commands.

  • Navdata, UDP on port 5554: This is binary encoded data sent from the drone containing sensor data and information about the state of the drone. It includes things like air pressure, altitude estimate, position estimate, flying mode, and GPS (if your drone is equipped with one). Since you mentioned Javascript, the file parseNavdata.js in the node-ar-drone library contains code to parse navdata.

  • Video, TCP on port 5555: This is realtime video from the drone in an almost-but-not-quite H264 format known as PaVE. The format is documented in section 7.3 of the Developer Guide, and most libraries for talking to AR.Drones can parse the format.

Another thing you may notice:

  • FTP: The official controller app uses standard FTP to send an ephemeris file to the drone that contains info that helps GPS get a faster lock.
User contributions licensed under: CC BY-SA
10 People found this is helpful
Advertisement