Severe security issue with ESC calibration

This forum is dedicated to software development related to MultiWii.
It is not the right place to submit a setup problem.
Software download
Post Reply
User avatar
dramida
Posts: 473
Joined: Mon Feb 28, 2011 12:58 pm
Location: Bucharest
Contact:

Severe security issue with ESC calibration

Post by dramida »

I cut my arm in several places after i uncommented this line:
Do not uncomment this line and power the multirotor with main li-po.
/********************************************************************/
/**** ESCs calibration ****/
/********************************************************************/
//#define ESC_CALIB_CANNOT_FLY // uncomment to activate


My quad was disarmed and powered by LiPo. After uploading the code with calibration code uncommented, all engines screamed to maximum and quad slammed into wall. In the meantime one propeller cut my left arm in several places.
The calibration procedure is wrong because the reset is applied only to flight controller and not to ESC's.
After cleaning the mess, my solution to calibrate ESC's was to power the FC and ESC with 5v only from my ftdi and in this way, all controllers (ESC and main FC) were initialised on power-up for calibration procedure.

copterrichie
Posts: 2261
Joined: Sat Feb 19, 2011 8:30 pm

Re: Severe security issue with ESC calibration

Post by copterrichie »

This is the same issue that existed back in I believe it was 1.3 that had ESC calibration at start up.

Alterscape
Posts: 11
Joined: Fri Jan 27, 2012 9:17 pm

Re: Severe security issue with ESC calibration

Post by Alterscape »

Maybe the code there should be changed to include a comment to the tune of "DO NOT CALIBRATE YOUR ESCs WITH PROPS ATTACHED," optionally with a note that ESC calibration may cause the motors to spin up and that would be bad as we've seen. It's written in many places, but it's possible to miss (or be excited and forget) that in general props should be removed until you know that your ESC/tx/rx setup is OK. There's no way that I can think of to easily verify that props are removed, so relying on human observation and adding a note like this may be the best option.

signal15
Posts: 37
Joined: Sat Jun 23, 2012 8:44 pm

Re: Severe security issue with ESC calibration

Post by signal15 »

I always take my props off when doing calibration. Doing a search on google images for rc prop injury will make you have a new respect for these things. Helicopters are by far the worst though.

gompf-2
Posts: 136
Joined: Sun Jun 05, 2011 11:46 am

Re: Severe security issue with ESC calibration

Post by gompf-2 »

Imho the code is fine. I NEVER flash the Software with ESCs/Props connected, for safety reasons.
There is now way to reset the ESCs via Multiwii so you have to think about what you do.
The code is straight forward and the result of what you tried was predictable. All worked as it should, your failure was to have the ESCs all time connected and not resetted.
Maybe a bigger warning in the code should help but there is no way to avoid this result in this setup.

User avatar
dramida
Posts: 473
Joined: Mon Feb 28, 2011 12:58 pm
Location: Bucharest
Contact:

Re: Severe security issue with ESC calibration

Post by dramida »

Even if you don't have the props attached, the motors will destroy the ball bearings spinning without a load. It is advised to keep the throttle under 1/3 if the motors have no props attached. So even from this point of view the code has a flaw.
Even more, it shoud be written very clear right near the define that if the copter is powered with 12V (3-4s), the motors will start spinning at bootup at their maximum (with or without props). One solution would be to power the multicopter with 5V only, when uploading software (the ftdi does the trick for a quad) and after that, unplug the 5V and plug the main battery.
At this moment the copter should calibrate end points to ESC. Tie the copter down to be shure that nothing goes wrong. After the beeps has stopped, unplug main lipo battery, (disconnect the ESC's from FC to avoid re-programming) connect the FTDI, comment the calibration statament and upload.

Developers have in mind that Ardu Copter made a two stage ESC calibration:
-first stage you keep the sticks in one certain position at startup until a led flashes
-then power off and re-power the copter to calibrate.

After that, power off and repower and everything comes to normal.

my 2 cents.
Last edited by dramida on Tue Jul 17, 2012 9:17 am, edited 2 times in total.

gompf-2
Posts: 136
Joined: Sun Jun 05, 2011 11:46 am

Re: Severe security issue with ESC calibration

Post by gompf-2 »

dramida wrote:One solution would be to power the multicopter with 5V only when uploading software (the ftdi does the trick for a quad) and after that, unplug the 5V and plug the main battery.

This is imho the one and only correct way to update the FC.

User avatar
dramida
Posts: 473
Joined: Mon Feb 28, 2011 12:58 pm
Location: Bucharest
Contact:

Re: Severe security issue with ESC calibration

Post by dramida »

This is AC2 procedure for automatic ESC Calibration:

Safety First! - Remove the props!

Disconnect USB
Put the throttle high and connect the Lipo to power the APM
When the APM boots the lights will cycle continuously
Disconnect the Lipo and reconnect it. High PWM will be sent to the ESCs triggering calibration
Drop your throttle stick to the lowest position. You should hear a confirmation/arming beep or two.
Move the throttle to confirm all ESCs are armed and the motors are working in sync.
Unplug the battery. Your ESCs are now calibrated. No further action is required.
Note! After performing an Automatic ESC calibration, (even if the motors seemed to operate correctly immediately after setup,) but do not initialize after power off / on sequencing (ESCs still beep quickly and continuously) you will need to do a Manual ESC calibration sequence as described below.

copterrichie
Posts: 2261
Joined: Sat Feb 19, 2011 8:30 pm

Re: Severe security issue with ESC calibration

Post by copterrichie »

In my most humble Opinion, every profession has its TOOLS, a plumber a wrench, a carpenter a hammer and a copter pilot, a good server tester. Come on guys, you spend lots of money of these copters, don't you feel a good servo tester is a good investment?

Here is the one that I use: http://www.hobbyking.com/hobbyking/stor ... oduct=4573

However you can build one with an extra Arduino.

Edgar
Posts: 13
Joined: Tue Jul 17, 2012 2:08 pm

Suggestion for code improvement

Post by Edgar »

Hi all!

The problem is, that not every time the controller-cpu resets the ESCs are reset also (e.g. after pluging/unplugining the usb-connection, after software flash, etc.). Hence, the ESCs don't get into calibration mode and put the full-throttle-command out to the motors.

One possible solution is to check the reset-reason of the controller-cpu and only execute the calibration-code if the reset-reason was a power-on reset. This can be done by querying the 'MCUSR'-register (for further information see ATmega-documentation):

Code: Select all

if (MCUSR & 0x01)
{
  // Calibration code here
}

MCUSR &= ~(0x01);


Important Note: The Power-on reset flag has to be cleared manually everytime afterwards. This is done via the last command.

Greets, Edgar

Scotth72
Posts: 23
Joined: Sat Jan 21, 2012 4:11 am

Re: Severe security issue with ESC calibration

Post by Scotth72 »

gompf-2 wrote:Imho the code is fine. I NEVER flash the Software with ESCs/Props connected, for safety reasons.
There is now way to reset the ESCs via Multiwii so you have to think about what you do.
The code is straight forward and the result of what you tried was predictable. All worked as it should, your failure was to have the ESCs all time connected and not resetted.
Maybe a bigger warning in the code should help but there is no way to avoid this result in this setup.



This! You NEVER load code while the esc's are powered. EVER. This has been gone over many, many, many, many times.
Sorry you cut your arm.

Vilhelmsson
Posts: 8
Joined: Sun May 20, 2012 7:09 am

Re: Severe security issue with ESC calibration

Post by Vilhelmsson »

dramida wrote:Even if you don't have the props attached, the motors will destroy the ball bearings spinning without a load. It is advised to keep the throttle under 1/3 if the motors have no props attached. So even from this point of view the code has a flaw.
Even more, it shoud be written very clear right near the define that if the copter is powered with 12V (3-4s), the motors will start spinning at bootup at their maximum (with or without props). One solution would be to power the multicopter with 5V only, when uploading software (the ftdi does the trick for a quad) and after that, unplug the 5V and plug the main battery.
At this moment the copter should calibrate end points to ESC. Tie the copter down to be shure that nothing goes wrong. After the beeps has stopped, unplug main lipo battery, (disconnect the ESC's from FC to avoid re-programming) connect the FTDI, comment the calibration statament and upload.

Developers have in mind that Ardu Copter made a two stage ESC calibration:
-first stage you keep the sticks in one certain position at startup until a led flashes
-then power off and re-power the copter to calibrate.

After that, power off and repower and everything comes to normal.

my 2 cents.


BLDC motors will not spin out of control it's depending on the freqense from the ECS, DC it's a different mater.

Anders

gompf-2
Posts: 136
Joined: Sun Jun 05, 2011 11:46 am

Re: Severe security issue with ESC calibration

Post by gompf-2 »

In this point dramida is quite right, you can easily destroy a 2-pole inrunner in freerun with a "good esc". The risk is not so high with "our" multipole outrunners as the number of poles acts like kind of gearset from the ESCs side (mecanical rpms lower than "electrical rpms" so less stress on the bearings).

User avatar
shikra
Posts: 783
Joined: Wed Mar 30, 2011 7:58 pm

Re: Severe security issue with ESC calibration

Post by shikra »

This is me flying the Tri on the weekend - take no chances guys!!
Attachments
take no chances.png

PatrikE
Posts: 1976
Joined: Tue Apr 12, 2011 6:35 pm
Location: Sweden
Contact:

Re: Severe security issue with ESC calibration

Post by PatrikE »

Why not use a jumer to enable the calibration.
It will reqire a manual action to start the calibration.

Like.
if (enableEscCailb) { RunEscCalib(); }

tovrin
Posts: 705
Joined: Tue Sep 20, 2011 4:08 pm

Re: Severe security issue with ESC calibration

Post by tovrin »

i posted my thoughts on a solution in a similar thread i posted in general discussion, i think a lot of the danger could be reduced with some more notice on whats about to happen, even capital letters stating "REMOVE YOUR PROPS BE FORE UNCOMMENTING" would be useful

viewtopic.php?f=16&t=2072&start=10

JirkaA
Posts: 11
Joined: Mon Jul 16, 2012 5:41 pm
Location: near Brno, Czech Republic
Contact:

Re: Severe security issue with ESC calibration

Post by JirkaA »

tovrin wrote:i posted my thoughts on a solution in a similar thread i posted in general discussion, i think a lot of the danger could be reduced with some more notice on whats about to happen, even capital letters stating "REMOVE YOUR PROPS BE FORE UNCOMMENTING" would be useful

viewtopic.php?f=16&t=2072&start=10



I am little bit skeptic.. 90% of peoples doesn't read manuals, 9% of rest doesn't understand written text.. Maybe it is one of ways how the mother nature tries to reduce overmanning animal form homo sapiens.. ;)

Edgar
Posts: 13
Joined: Tue Jul 17, 2012 2:08 pm

Re: Severe security issue with ESC calibration

Post by Edgar »

Has meanwhile anybody tried this mod?

viewtopic.php?f=8&t=2078#p19020

signal15
Posts: 37
Joined: Sat Jun 23, 2012 8:44 pm

Re: Severe security issue with ESC calibration

Post by signal15 »

Can you calibrate just by powering through usb? The ESCs are just looking for throttle endpoints right?

gompf-2
Posts: 136
Joined: Sun Jun 05, 2011 11:46 am

Re: Severe security issue with ESC calibration

Post by gompf-2 »

Edgar wrote:Has meanwhile anybody tried this mod?

viewtopic.php?f=8&t=2078#p19020

Yes, didn´t work on Promini. I tried to check MCUSR for PORF and EXTRF but were not able to read the flag correctly. Maybe it´s cleared when the bootloader exits.

Edgar
Posts: 13
Joined: Tue Jul 17, 2012 2:08 pm

Re: Severe security issue with ESC calibration

Post by Edgar »

This is strange. On my board with an integrated ATmega328P with arduino bootloader it works. But I've combined it with some other modifications to dectect a trottle-stick high position during startup.

Post Reply