Xtend 900mHz – AES 128 / 256 bit encrypted telemetry?

Hi all,

Does anyone have experience using the DIGI Xtend modules to replace the 3DR SiK radios, paired with a Pixhawk?

Looks like they’ve just recently replaced the XT09-SI module with the XTP9B-DPS-001:


Only mention I could find was from ~3 years ago: http://diydrones.com/forum/topics/xtend-apm2-gcs-solution-and-more-to-follow . Granted the radios are not cheap, but I’m surprised I can’t find more on them being used, given they look to be (on paper) a bolt on telemetry encryption solution?


Bangor, SiK and RFD modems exists because of Digi Xbee/Xtend modems. Long ago we used those on our Ardupilot project a lot but they just aren’t good for the need. Xtend is based on normal Xbee Zigbee modules with bigger amplifier and a bit bigger PCB. firmwares inside are same. Those Xbee firmwares have always been an issue.

Reason why you don’t find is that they don’t really work the way how we need them to work. SiK/RFD modems then are made for the need and both of them support MAVLink natively.

First off, thanks for the reply – this new forum seems much better than the old one, and much more likely to have community input!

Anyway, I’d had a hunch the prevalence of the SiK / RFD radios was most of the reason.

My concern here is specifically mitigating the risk of a remote hijack / disable, or even the more common concern of multiple aircraft on the same NetID:

We’re operating Pixhawk based aircraft commercially, and while I think a malicious attack is unlikely for now, security through obscurity… doesn’t really work for me long term.

I’ve been following the RFD series radios for a few years, but as far as I’m aware the encryption features still aren’t available on those. A quick Google didn’t turn up anything new for me just now, but if the encryption is working on the RFD series I’d go that route in a heartbeat.

Short of either the RFD or Xtend radios, the only other idea I’ve had regarding securing the connection would be to run a companion computer with an SSH tunnel + MAVproxy over the SiK radios to communicate with the ground station…

Yes this is known issue. Without any really good knowledge it is not that easy after all and developer team is working on preventing this type hijackings over un-encrypted links.

Most likely SiK firmware won’t have encryption as Si1000 CPU that we are using on SiK modems just cannot make encryption. I just don’t have enough hardware power to do that.

Seppo made new versions on RFD modems and they are called RFD+, those modems have new more powerful CPU that can make full realtime encryption and there are already few beta firmwares for this purpose. There is also a multipoint software available for RFDxx modems.

For example all jDrones long-range telemetry sets are using RFD+ models.

As you mentioned, bigger issue is that same NetID that can cause weird behavior.

We can look more inside our dev teams if there is something that can be done better to detect additional units on same NetID.

I am interested in adding an end2end encryption layer to the MAVLink using a separate FPGA chip (to be installed both on the drone and on the GCS). Using the new sig feature from MAVLink v2.0 is a nice step and I could even think to offload part of it (hashing, etc) to the ext FPGA (offloading the main AP MCU).
I was also thinking about allowing every SW module to register with the chip and allow AAA functionalities, so that every SW modules would be sure to communicate only with other authenticated SW modules and not with e.g. an hijacker.
Is there some interest or work done about this? I am searching around the forum as well.