Phantom 3 Standard range mod , let's do it together...

Ojcze Nasz

Ojcze Nasz

Joined
Jun 2, 2016
Messages
226
Reaction score
160
Got P3S yesterday. Not happy with range. Considering I also live in dense residential area with hundreds of wifi networks around.
So I tried to hack(?) in to it to see what can be done.
I was so far successful getting inside via FTP :

IP: 192.168.1.1
User : root
Pass : Big~9China

Now I can see entire linux system,
Found an interesting bit in configuration file that loads the module with parameter if the location is 'GB'. I presume 'GB' means europe (as opposed to US and JP )

This is from one the three interesting rcS files inside /etc/config/

rcSap

#!/bin/sh

# This script runs when init it run during the boot process.
# Mounts everything in the fstab

mount -o remount +w /
mount -t tmpfs mdev /dev
mkdir -p /dev/pts
mount -t devpts devpts /dev/pts
mount -t sysfs sysfs /sys
mount -t proc proc /proc
mount -t tmpfs tmpfs /tmp
echo /sbin/mdev > /proc/sys/kernel/hotplug
mdev -s

mknod /dev/caldata b 31 6
mount -t debugfs none /sys/kernel/debug
mkdir /var/run
mkdir /var/lock
mkdir /var/log
/sbin/klogd
/sbin/syslogd

insmod /lib/modules/3.10.49/compat.ko
insmod /lib/modules/3.10.49/crypto_blkcipher.ko
insmod /lib/modules/3.10.49/crc-ccitt.ko
insmod /lib/modules/3.10.49/arc4.ko
insmod /lib/modules/3.10.49/cfg80211.ko
insmod /lib/modules/3.10.49/mac80211.ko
insmod /lib/modules/3.10.49/ath.ko
country=`fw_printenv -n country`
if [ $country = "GB" ];then
insmod /lib/modules/3.10.49/ath9k_hw.ko cert_country=1
else
insmod /lib/modules/3.10.49/ath9k_hw.ko
fi
insmod /lib/modules/3.10.49/ath9k_common.ko
insmod /lib/modules/3.10.49/ath9k.ko

echo dji > /proc/sys/kernel/hostname
/etc/init.d/sysfixtime boot

iw dev wlan0 del
#iw phy phy0 set antenna all all
iw phy phy0 set antenna_gain 0
iw phy phy0 set distance 0
iw phy phy0 interface add wlan0 type managed

ifconfig wlan0 up

brctl addbr br-lan
ifconfig br-lan 192.168.1.1 netmask 255.255.255.0 up
dwifi ap start
apsrv &

ifconfig usb0 hw ether 60:60:1f:ff:ff:ff up
brctl addif br-lan usb0
brctl addif br-lan wlan0

ifconfig lo 127.0.0.1 up
/usr/sbin/udhcpd -S /etc/udhcpd.conf &
#telnetd -l /bin/ash &
mkdir -m 0755 -p /var/run/vsftpd
/usr/sbin/vsftpd &
djiled.sh &

iw phy phy0 set retry short 1 long 1
iw phy phy0 set rts off
iw phy phy0 set frag 256
iw dev wlan0 set noack_map 0x00c0

End of that file....

So in case you missed it or don't want to read entire file here is the interesting bit :

country=`fw_printenv -n country`
if [ $country = "GB" ];then
insmod /lib/modules/3.10.49/ath9k_hw.ko cert_country=1
else
insmod /lib/modules/3.10.49/ath9k_hw.ko
fi

For those who are not programmers, this part of script decides how to load the wifi module (driver).
If the country is GB it will append a parameter "cert_country=1" to the module.
Otherwise it will load the driver without parameter , without limiting the transmit power <---- and THIS IS EXACTLY WHAT WE ALL WANT ;)

I have been able to modify via this FTP connection so I removed 'cert_country=1' from it hoping it will do the trick, however after the reboot the file came back to original state (overwriting my changes). Need some help to get this stay permanently.

Hopefully someone with more brains can help.
Have anyone tried connecting via TTL serial ?

Hope to get this solved soon, range is crap on stock P3S in europe mode.
I'm however extremely happy with the performance of the aircraft itself. Amazing stability, amazing quality video, I definitely do not need 4k.

Good luck. And don't forget to share your findings :p

Thanks.
Tom.


If you find this useful please donate any sum to help me get power meter which i need to finish the 5.8ghz side mod.
Chip in for power meter.
Thanks all.
 
Last edited:
  • Like
Reactions: The_One_, Jagos, _Manny_ and 14 others
Oh yes I forgot to mention how I know I'm on limited ETSI power ?

Here is that part from phantom system log file (during boot)

Jan 1 00:00:03 (none) kern.info kernel: [ 3.820000] cfg80211: Calling CRDA for country: US
Jan 1 00:00:03 (none) kern.info kernel: [ 3.840000] cfg80211: Regulatory domain changed to country: US
Jan 1 00:00:03 (none) kern.info kernel: [ 3.840000] cfg80211: DFS Master region: FCC
Jan 1 00:00:03 (none) kern.info kernel: [ 3.850000] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
Jan 1 00:00:03 (none) kern.info kernel: [ 3.860000] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (N/A, 3000 mBm), (N/A)
Jan 1 00:00:03 (none) kern.info kernel: [ 3.860000] cfg80211: (5170000 KHz - 5250000 KHz @ 80000 KHz), (N/A, 1700 mBm), (N/A)
Jan 1 00:00:03 (none) kern.info kernel: [ 3.870000] cfg80211: (5250000 KHz - 5330000 KHz @ 80000 KHz), (N/A, 2300 mBm), (0 s)
Jan 1 00:00:03 (none) kern.info kernel: [ 3.880000] cfg80211: (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 3000 mBm), (N/A)
Jan 1 00:00:03 (none) kern.info kernel: [ 3.890000] cfg80211: (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 4000 mBm), (N/A)
Jan 1 00:00:03 (none) kern.info kernel: [ 3.900000] ieee80211 phy0: Atheros AR9340 Rev:0 mem=0xb8100000, irq=47
Apr 18 04:11:42 (none) kern.info kernel: [ 4.770000] cfg80211: Calling CRDA for country: GB
Apr 18 04:11:42 (none) kern.info kernel: [ 4.800000] cfg80211: Regulatory domain changed to country: GB
Apr 18 04:11:42 (none) kern.info kernel: [ 4.800000] cfg80211: DFS Master region: ETSI
Apr 18 04:11:42 (none) kern.info kernel: [ 4.810000] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
Apr 18 04:11:42 (none) kern.info kernel: [ 4.820000] cfg80211: (2402000 KHz - 2482000 KHz @ 40000 KHz), (N/A, 1700 mBm), (N/A)
Apr 18 04:11:42 (none) kern.info kernel: [ 4.820000] cfg80211: (5170000 KHz - 5250000 KHz @ 80000 KHz), (N/A, 2000 mBm), (N/A)
Apr 18 04:11:42 (none) kern.info kernel: [ 4.830000] cfg80211: (5250000 KHz - 5330000 KHz @ 80000 KHz), (N/A, 2000 mBm), (0 s)
Apr 18 04:11:42 (none) kern.info kernel: [ 4.840000] cfg80211: (5490000 KHz - 5710000 KHz @ 80000 KHz), (N/A, 2700 mBm), (0 s)
Apr 18 04:11:42 (none) kern.info kernel: [ 4.850000] cfg80211: (57240000 KHz - 65880000 KHz @ 2160000 KHz), (N/A, 4000 mBm), (N/A)
Apr 18 04:11:43 (none) kern.info kernel: [ 5.670000] device usb0 entered promiscuous mode
Apr 18 04:11:43 (none) kern.info kernel: [ 5.690000] device wlan0 entered promiscuous mode

So it definetely changes to ETSI / GB
Not sure how it knew my location. I have used Ipad4 wifi with US VPN to activate the phantom. My IP was from Texas :). I had location services turned off on the ipad during activation. There was no GPS coverage inside my house while I was activating it either...

Perhaps it took the location next time I opened DJI GO, not sure, I tried as best as I could to make it appear as I was in USA.
DJI won this one. 1:0 for you DJI ;)

Tom.
 
Last edited:
  • Like
Reactions: The_One_, _Manny_, StefanMK and 5 others
Ojcze Nasz said:
For those who are not programmers, this part of script decides how to load the wifi module (driver).
If the country is GB it will append a parameter "cert_country=1" to the module.
Otherwise it will load the driver without parameter , without limiting the transmit power <---- and THIS IS EXACTLY WHAT WE ALL WANT ;)

I have been able to modify via this FTP connection so I removed 'cert_country=1' from it hoping it will do the trick, however after the reboot the file came back to original state (overwriting my changes). Need some help to get this stay permanently.

Hopefully someone with more brains can help.
Have anyone tried connecting via TTL serial ?
Click to expand...

Hi Tom,
This is something I did not see in this forum. Your job is very interesting, because I also live in Europe and have disappointing range.
I`m not programmer. I`m not even good at computers. But is there a chance to keep old file by checking "read only" button in file properties?
 
  • Like
Reactions: x11freak
Ojcze Nasz said:
Got P3S yesterday. Not happy with range. Considering I also live in dense residential area with hundreds of wifi networks around.
So I tried to hack(?) in to it to see what can be done.
I was so far successful getting inside via FTP :
Click to expand...
Tom,
I understand what your attempting, I have messed with Linux once, didn't really get anywhere. I do recognize some of the commands and variables, that code could definitely help some of us trouble shoot problems in the future.
What is your poor distance range, do you have a defective unit?

If you change the code and it worked, would that change the power in the bird and the remote?

Do you think the code you changed is created from the firmware every time you power up?

Rod
 
Ojcze Nasz said:
I just got message from this guy from Lithuania, he said he tried my method and the changes he made are actually preserved after boot :
It's in comments...
Thanks for the info on firmware.
Click to expand...
Could you explain step by step how do connect device and how you enter ftp (for noob) ? I`m also from Lithuania and want to test if my changes are preserved.
 
What you need is power up your remote.
Connect with your laptop to the PHANTOM3XXXX wifi
Open up your favorite FTP client. There are plenty free ones if you don't have one.
Connect to IP or Host (same thing in this manner) : 192.168.1.1
Username : root
Password : Big~9China

Once you connect enter the /etc/init.d folder. Interesting files there.
Again, do not mess up anything. If you do that your own responsibility, you've been warned ;)

Good luck.
 
  • Like
Reactions: The_One_ and SZNJ732
Hi again. I just did this again, and this time the changes stay ;))) and I also found out what I was doing wrong yesterday.
Anyhow. This is good, let's now test it in real field. I think we have a solution...
 
  • Like
Reactions: MasterBlaster and gvsukids
OK Guys !!! Done it right , I'm back on FCC.

I actually enabled telnet on my phantom to check ;)
Yes, it's doable, very easy indeed. Going to test it right now.


BusyBox v1.22.1 (2015-11-16 16:28:58 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

/ # iw reg get
country US: DFS-FCC
(2402 - 2472 @ 40), (N/A, 30), (N/A)
(5170 - 5250 @ 80), (N/A, 17), (N/A)
(5250 - 5330 @ 80), (N/A, 23), (0 ms), DFS
(5735 - 5835 @ 80), (N/A, 30), (N/A)
(57240 - 63720 @ 2160), (N/A, 40), (N/A)
/ #


All you need to modify is to add following at the end rc script.

I'm not sure which one is what so I modified all four of them. No harm doing all of them cuz they're most likely used in different instances of init.
However these are the files you need to modify :

/etc/init.d/rcS
/etc/init.d/rcS_ap
/etc/init.d/rcS_aphand
/etc/init.d/rcS_cli <--- probably do not even need this one...

Simply add "iw reg set US" without quotes at the VERY END of each file in new line.

Reboot and enjoy your full power device ;)

Good luck.
 
It's very interesting, but there's a great amount of files amongst which there are some system / config (critical?) files. I think it's important to practice with a lot of precautions here. I'm still looking for some changes to make improvments however.
 
Ojcze Nasz said:
OK Guys !!! Done it right , I'm back on FCC.

I actually enabled telnet on my phantom to check ;)
Yes, it's doable, very easy indeed. Going to test it right now.


BusyBox v1.22.1 (2015-11-16 16:28:58 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

/ # iw reg get
country US: DFS-FCC
(2402 - 2472 @ 40), (N/A, 30), (N/A)
(5170 - 5250 @ 80), (N/A, 17), (N/A)
(5250 - 5330 @ 80), (N/A, 23), (0 ms), DFS
(5735 - 5835 @ 80), (N/A, 30), (N/A)
(57240 - 63720 @ 2160), (N/A, 40), (N/A)
/ #


All you need to modify is to add following at the end rc script.

I'm not sure which one is what so I modified all four of them. No harm doing all of them cuz they're most likely used in different instances of init.
However these are the files you need to modify :

/etc/init.d/rcS
/etc/init.d/rcS_ap
/etc/init.d/rcS_aphand
/etc/init.d/rcS_cli <--- probably do not even need this one...

Simply add "iw reg set US" without quotes at the VERY END of each file in new line.

Reboot and enjoy your full power device ;)

Good luck.
Click to expand...
That's awesome! I'll try it immediatly, thanks for the advices!
 
I am thinking if this will be a solution for those who have signal lost issues in short ranges

Sent from my Samsung Galaxy Tab S2 using Tapatalk
 
I've flown my phanton after changing reg value, however I was unable to determine whether it improved or not. I have a lot of interferecne around the house. I will test it again tomorrow in another location where I flew today and lost signal.
Good news is that it still flies :) I didn't brick it and results look promising.
Anyone has a meter or some method of testing actual power output ?
Thanks.
T.
 
  • Like
Reactions: JhonJungblut
Great post. If you confirm it works would you mind posting the full script and highlight where u made the changes...thanks in advance


Sent from my iPhone using PhantomPilots mobile app
 
Ojcze Nasz said:
I've flown my phanton after changing reg value, however I was unable to determine whether it improved or not. I have a lot of interferecne around the house. I will test it again tomorrow in another location where I flew today and lost signal.
Good news is that it still flies :) I didn't brick it and results look promising.
Anyone has a meter or some method of testing actual power output ?
Thanks.
T.
Click to expand...

I guess failing something like that you could just try and get anecdotal evidence by setting it it CE and flying it where you struggle with range and then switch it to FCC and see if that makes a difference.

Can you tell me if this will increase the range of controls, video feed or both?
 

Similar threads

G
TUTORIAL: CE TO FCC RANGE MOD Phantom 3 Standard GUARANTEED and EASY
Replies
14
Views
2K
Phantom 3 Standard
Timmy08054
T
Serpent
Permanently increasing the FPV + RE Wifi TX Power
Replies
12
Views
6K
Phantom 2 Vision+ Discussion
ToThePoint
ToThePoint

Recent Posts

Members online

No members online now.
Total: 275 (members: 0, guests: 275)

Forum statistics

Threads
143,087
Messages
1,467,528
Members
104,965
Latest member
cokersean20