new discovery phase
This commit is contained in:
Aiden
@@ -1413,3 +1413,316 @@ Optional latch test, without power-cycling after the first run:
|
||||
```powershell
|
||||
python scripts/serial_direct_response_sweep.py --port COM5 --commands "0x00 0xB5" --states 0x00 --values 0x80 --settle 3 --after-each 0.6 --cycles 3 --cycle-pause 2 --log captures/rcp-latch-primer-00-b5-cycles.txt
|
||||
```
|
||||
|
||||
## Current Inferred Behavior
|
||||
|
||||
The current evidence suggests the RCP is entering a discovery/query/status-read
|
||||
phase, not a completed active-control handshake.
|
||||
|
||||
Working model:
|
||||
|
||||
```text
|
||||
Host/CCU -> RCP: valid primer frame
|
||||
Host/CCU -> RCP: selected query/status command
|
||||
RCP -> Host/CCU: checksum-valid response frame repeated briefly
|
||||
RCP -> Host/CCU: returns to heartbeat
|
||||
```
|
||||
|
||||
Important details:
|
||||
|
||||
- Single selected commands such as `B2`, `B6`, and `B7` do not respond from a
|
||||
cold panel.
|
||||
- A preceding valid frame is required. `00 00 00 00 80 DA` works as a generic
|
||||
primer for several selected commands.
|
||||
- The second command selects the response payload.
|
||||
- The LCD can remain `CONNECT NOT ACT` while serial responses vary in a
|
||||
structured way. Serial response does not yet mean the active control session
|
||||
is accepted.
|
||||
- At least some primed queries appear one-shot after power-up. Repeating the
|
||||
same primed query without power-cycling can produce only heartbeat traffic.
|
||||
|
||||
Likely protocol role:
|
||||
|
||||
- These `B0`-range commands may be a CCU discovery or capability/status query
|
||||
phase.
|
||||
- The CCU may query RCP model/capability/state blocks before sending a later
|
||||
activation/session command.
|
||||
- The next unknown is the command or command sequence that follows these
|
||||
discovery responses and moves the panel from `CONNECT NOT ACT` to active.
|
||||
|
||||
## Primer-Candidate Broad Sweep
|
||||
|
||||
Use `scripts/serial_primer_candidate_sweep.py` for broader searches based on
|
||||
the current primer/query model. It sends:
|
||||
|
||||
```text
|
||||
primer frame -> candidate frame -> raw RX classification
|
||||
```
|
||||
|
||||
For clean mapping, use `--prompt-power-cycle` and power-cycle before each
|
||||
candidate. This avoids the one-shot/latch behavior contaminating later
|
||||
candidates.
|
||||
|
||||
Example dry run:
|
||||
|
||||
```powershell
|
||||
python scripts/serial_primer_candidate_sweep.py --port COM5 --candidates "0xB0-0xB7" --dry-run
|
||||
```
|
||||
|
||||
Continue the known `B` range first:
|
||||
|
||||
```powershell
|
||||
python scripts/serial_primer_candidate_sweep.py --port COM5 --candidates "0xB1 0xB6 0xB7 0xB8 0xB9 0xBA 0xBB 0xBC 0xBD 0xBE 0xBF" --prompt-power-cycle --stop-on-anomaly --log captures/rcp-primer-sweep-b1-bf.txt
|
||||
```
|
||||
|
||||
Because `--stop-on-anomaly` stops at the first response, after each hit:
|
||||
|
||||
1. Save the reported candidate and response frame.
|
||||
2. Power-cycle the panel.
|
||||
3. Restart the sweep from the next unmapped candidate.
|
||||
|
||||
For non-stop mapping, omit `--stop-on-anomaly`, but still power-cycle at each
|
||||
prompt:
|
||||
|
||||
```powershell
|
||||
python scripts/serial_primer_candidate_sweep.py --port COM5 --candidates "0xB8-0xBF" --prompt-power-cycle --log captures/rcp-primer-sweep-b8-bf.txt
|
||||
```
|
||||
|
||||
Suggested broad ranges after `B0-BF`:
|
||||
|
||||
```powershell
|
||||
python scripts/serial_primer_candidate_sweep.py --port COM5 --candidates "0xA0-0xAF" --prompt-power-cycle --log captures/rcp-primer-sweep-a0-af.txt
|
||||
python scripts/serial_primer_candidate_sweep.py --port COM5 --candidates "0xC0-0xCF" --prompt-power-cycle --log captures/rcp-primer-sweep-c0-cf.txt
|
||||
python scripts/serial_primer_candidate_sweep.py --port COM5 --candidates "0x00-0x1F" --prompt-power-cycle --log captures/rcp-primer-sweep-00-1f.txt
|
||||
```
|
||||
|
||||
Recommended first run:
|
||||
|
||||
```powershell
|
||||
python scripts/serial_primer_candidate_sweep.py --port COM5 --candidates "0xB1 0xB6 0xB7 0xB8 0xB9 0xBA 0xBB 0xBC 0xBD 0xBE 0xBF" --prompt-power-cycle --log captures/rcp-primer-sweep-b1-bf.txt
|
||||
```
|
||||
|
||||
## Primer Reuse and Sequential Query Tests
|
||||
|
||||
Two open questions:
|
||||
|
||||
1. After a cold boot, does the RCP only answer one selected query before it
|
||||
latches/suppresses further responses?
|
||||
2. Is a fresh primer required before every selected query, or can one primer
|
||||
unlock several selected commands in sequence?
|
||||
|
||||
Use `scripts/serial_direct_response_sweep.py` for these tests because it can
|
||||
send arbitrary command sequences without stopping between commands. For each
|
||||
test below, power-cycle once before starting the script, then do not power-cycle
|
||||
again until the script exits.
|
||||
|
||||
### Test S1: One Primer, Multiple Different Queries
|
||||
|
||||
Purpose: test whether one primer can unlock several different selected commands.
|
||||
|
||||
```powershell
|
||||
python scripts/serial_direct_response_sweep.py --port COM5 --commands "0x00 0xB2 0xB3 0xB4 0xB5" --states 0x00 --values 0x80 --settle 3 --after-each 0.8 --log captures/rcp-seq-one-primer-b2-b5.txt
|
||||
```
|
||||
|
||||
Interpretation:
|
||||
|
||||
- If only `B2` responds, the panel likely allows one selected response per
|
||||
cold-boot/primer state.
|
||||
- If `B2`, `B3`, `B4`, and `B5` all respond, one primer can unlock multiple
|
||||
sequential queries.
|
||||
- If some respond and some do not, there may be command-group or latch behavior.
|
||||
|
||||
### Test S2: Primer Before Every Query, No Power Cycle
|
||||
|
||||
Purpose: test whether a new primer can re-arm another selected query without
|
||||
power-cycling.
|
||||
|
||||
```powershell
|
||||
python scripts/serial_direct_response_sweep.py --port COM5 --commands "0x00 0xB2 0x00 0xB3 0x00 0xB4 0x00 0xB5" --states 0x00 --values 0x80 --settle 3 --after-each 0.8 --log captures/rcp-seq-reprimer-b2-b5.txt
|
||||
```
|
||||
|
||||
Interpretation:
|
||||
|
||||
- If every selected command responds, a primer is required before each query but
|
||||
power-cycling is not.
|
||||
- If only the first selected command responds, power-cycle or another reset-like
|
||||
command may be required to clear the latch.
|
||||
|
||||
### Test S3: Repeat Same Query With and Without Reprimer
|
||||
|
||||
Purpose: test whether the same selected query can be repeated in one powered
|
||||
session.
|
||||
|
||||
Without re-primer:
|
||||
|
||||
```powershell
|
||||
python scripts/serial_direct_response_sweep.py --port COM5 --commands "0x00 0xB5 0xB5 0xB5" --states 0x00 --values 0x80 --settle 3 --after-each 0.8 --log captures/rcp-seq-repeat-b5-no-reprimer.txt
|
||||
```
|
||||
|
||||
Power-cycle, then with re-primer:
|
||||
|
||||
```powershell
|
||||
python scripts/serial_direct_response_sweep.py --port COM5 --commands "0x00 0xB5 0x00 0xB5 0x00 0xB5" --states 0x00 --values 0x80 --settle 3 --after-each 0.8 --log captures/rcp-seq-repeat-b5-reprimer.txt
|
||||
```
|
||||
|
||||
Interpretation:
|
||||
|
||||
- If only the first `B5` responds in both tests, the response is one-shot until
|
||||
power cycle or a yet-unknown reset/ack command.
|
||||
- If the re-primer version responds repeatedly, the primer re-arms the selected
|
||||
query.
|
||||
|
||||
### 2026-05-13 Sequential Query Test Result
|
||||
|
||||
Captures:
|
||||
|
||||
- `captures/rcp-seq-one-primer-b2-b5.txt`
|
||||
- `captures/rcp-seq-reprimer-b2-b5.txt`
|
||||
- `captures/rcp-seq-repeat-b5-no-reprimer.txt`
|
||||
- `captures/rcp-seq-repeat-b5-reprimer.txt`
|
||||
|
||||
Valid result:
|
||||
|
||||
| Test | Intended sequence | Actual sequence sent | Result |
|
||||
| --- | --- | --- | --- |
|
||||
| S1 | `00 -> B2 -> B3 -> B4 -> B5` | `00 -> B2 -> B3 -> B4 -> B5` | only `B2` responded: `07 80 36 10 0C F7` |
|
||||
|
||||
Tooling caveat:
|
||||
|
||||
- The original `serial_direct_response_sweep.py` de-duplicated command lists.
|
||||
- Because of that, sequences containing repeated commands did not run as
|
||||
intended.
|
||||
- `S2`, `S3 no re-primer`, and `S3 re-primer` need to be rerun after the
|
||||
script fix.
|
||||
- The script has been updated to preserve repeated command values in explicit
|
||||
command lists.
|
||||
|
||||
Interpretation from S1:
|
||||
|
||||
- One primer did not unlock a whole list of feature/status queries.
|
||||
- After `00 -> B2` returned `07 80 36 10 0C F7`, later `B3`, `B4`, and `B5`
|
||||
in the same powered session did not produce additional non-heartbeat frames.
|
||||
- This supports a one-response latch model unless the re-primer test proves that
|
||||
the primer can re-arm another query.
|
||||
|
||||
Rerun these tests after the script fix:
|
||||
|
||||
```powershell
|
||||
python scripts/serial_direct_response_sweep.py --port COM5 --commands "0x00 0xB2 0x00 0xB3 0x00 0xB4 0x00 0xB5" --states 0x00 --values 0x80 --settle 3 --after-each 0.8 --log captures/rcp-seq-reprimer-b2-b5-v2.txt
|
||||
```
|
||||
|
||||
Power-cycle, then:
|
||||
|
||||
```powershell
|
||||
python scripts/serial_direct_response_sweep.py --port COM5 --commands "0x00 0xB5 0xB5 0xB5" --states 0x00 --values 0x80 --settle 3 --after-each 0.8 --log captures/rcp-seq-repeat-b5-no-reprimer-v2.txt
|
||||
```
|
||||
|
||||
Power-cycle, then:
|
||||
|
||||
```powershell
|
||||
python scripts/serial_direct_response_sweep.py --port COM5 --commands "0x00 0xB5 0x00 0xB5 0x00 0xB5" --states 0x00 --values 0x80 --settle 3 --after-each 0.8 --log captures/rcp-seq-repeat-b5-reprimer-v2.txt
|
||||
```
|
||||
|
||||
### 2026-05-13 Sequential Query Rerun Result
|
||||
|
||||
Captures:
|
||||
|
||||
- `captures/rcp-seq-reprimer-b2-b5-v2.txt`
|
||||
- `captures/rcp-seq-repeat-b5-no-reprimer-v2.txt`
|
||||
- `captures/rcp-seq-repeat-b5-reprimer-v2.txt`
|
||||
|
||||
These reruns used the fixed `serial_direct_response_sweep.py`, which preserves
|
||||
repeated command values in explicit sequences.
|
||||
|
||||
Results:
|
||||
|
||||
| Test | Sequence | Non-heartbeat response(s) |
|
||||
| --- | --- | --- |
|
||||
| Re-primer between different queries | `00 -> B2 -> 00 -> B3 -> 00 -> B4 -> 00 -> B5` | only `B2`: `07 80 36 10 0C F7` |
|
||||
| Repeat `B5`, no re-primer | `00 -> B5 -> B5 -> B5` | only first `B5`: `07 80 6D 20 D8 48` |
|
||||
| Repeat `B5`, re-primer each time | `00 -> B5 -> 00 -> B5 -> 00 -> B5` | only first `B5`: `07 80 6D 20 D8 48` |
|
||||
|
||||
Interpretation:
|
||||
|
||||
- The RCP appears to allow only one selected query response per powered session
|
||||
in the current `CONNECT NOT ACT` state.
|
||||
- Sending another primer (`00 00 00 00 80 DA`) after the first response does not
|
||||
re-arm the query responder.
|
||||
- Repeating the same selected query does not produce another response.
|
||||
- This strongly suggests a one-shot discovery/status response followed by a
|
||||
required next-stage command, acknowledgement, reset, or activation step.
|
||||
|
||||
Implication for CCU behavior:
|
||||
|
||||
- The CCU may not scan a list of feature queries in the current state. It may
|
||||
send one discovery/status query, receive one response, then decide what
|
||||
activation/session command to send next.
|
||||
- Alternatively, additional feature reads may require an acknowledgement or
|
||||
state-advance command that has not yet been identified.
|
||||
|
||||
Recommended next direction:
|
||||
|
||||
- Stop broad feature scanning for the moment.
|
||||
- Search for the post-discovery acknowledgement/activation command that follows
|
||||
one known response such as `00 -> B5 => 07 80 6D 20 D8 48`.
|
||||
- Use a three-step pattern:
|
||||
|
||||
```text
|
||||
primer -> selected query -> candidate activation/ack command
|
||||
```
|
||||
|
||||
Known reproducible setup:
|
||||
|
||||
```text
|
||||
Host -> RCP: 00 00 00 00 80 DA
|
||||
Host -> RCP: 00 00 B5 00 80 6F
|
||||
RCP -> Host: 07 80 6D 20 D8 48
|
||||
Host -> RCP: candidate next-stage command
|
||||
```
|
||||
|
||||
## Post-Discovery Candidate Sweep
|
||||
|
||||
Use `scripts/serial_post_discovery_sweep.py` to search for the command that
|
||||
comes after one known discovery/status response. This is the likely next stage
|
||||
after the one-shot response behavior.
|
||||
|
||||
Default setup:
|
||||
|
||||
```text
|
||||
primer: 00 00 00 00 80 DA
|
||||
query: 00 00 B5 00 80 6F
|
||||
RCP: 07 80 6D 20 D8 48
|
||||
then: candidate next-stage command
|
||||
```
|
||||
|
||||
Recommended first post-discovery sweep:
|
||||
|
||||
```powershell
|
||||
python scripts/serial_post_discovery_sweep.py --port COM5 --candidates "0x00-0x1F" --prompt-power-cycle --prompt-screen --log captures/rcp-post-discovery-b5-candidates-00-1f.txt
|
||||
```
|
||||
|
||||
For each candidate:
|
||||
|
||||
1. Power-cycle the RCP.
|
||||
2. Wait for heartbeat/panel stable.
|
||||
3. Press Enter at the prompt.
|
||||
4. Watch for any screen change after the candidate frame.
|
||||
5. Type the screen state if it changes, or press Enter for no visible change.
|
||||
|
||||
Why this range first:
|
||||
|
||||
- Earlier frame-length tests showed small command values can change screen state
|
||||
to `CONNECT NOT ACT`.
|
||||
- If a simple ACK/activation command exists, it may be in the low command range.
|
||||
|
||||
Next ranges if `00-1F` does not change state:
|
||||
|
||||
```powershell
|
||||
python scripts/serial_post_discovery_sweep.py --port COM5 --candidates "0x20-0x3F" --prompt-power-cycle --prompt-screen --log captures/rcp-post-discovery-b5-candidates-20-3f.txt
|
||||
python scripts/serial_post_discovery_sweep.py --port COM5 --candidates "0x80-0x9F" --prompt-power-cycle --prompt-screen --log captures/rcp-post-discovery-b5-candidates-80-9f.txt
|
||||
python scripts/serial_post_discovery_sweep.py --port COM5 --candidates "0xB0-0xBF" --prompt-power-cycle --prompt-screen --log captures/rcp-post-discovery-b5-candidates-b0-bf.txt
|
||||
```
|
||||
|
||||
If any candidate changes the screen away from `CONNECT NOT ACT`, or produces a
|
||||
new RCP response after the candidate stage, retest that candidate alone with
|
||||
three fresh power cycles.
|
||||
|
||||
Reference in New Issue
Block a user