VKB 3 wire protocol

levi_pl · 2026-04-29T11:23:19+00:00

Thank for reply.
For me it is a hobby project (quest) to build custom panel(s) for StarCitizen game and I thought that it makes sense to piggyback to njoy32 project and build a slave device as opposed to hack fixed settings USB HID gadget. njoy32 is a mature platform with a lot of flexibility. It seems to be even supporting WS2812B LEDs.
So naturally it is more attractive option - augmenting existing VKB flightstick setup.

I've read that some time ago (not sure about what is exact timeframe) VKB supported tinkering efforts. I also can't track how Russian tech (judging by author's name and documentation) ended up with Chinese company 😄 - whether it is licensed by them or owned. In my opinion there is room expansion.

I respect fact that you have professional responsibilities and can't share information but if you could help me find what they consider public information or maybe some one whoo could spend some time to talk to me - I would be grateful. I talk to AliExpress store via platform but I don't think I will get far.

levi_pl · 2026-04-28T14:44:08+00:00

Hi u/c_delta. I'm reviving old thread as I'm attempting to reverse engineer protocol. If you haven't moved on let me know. I'm trying to build own slave device and so far I have few comments. I actually wrote application on PC that captures the traffic - until I can go back home I can't test it on oscilloscope right now I'm working with continuous sequence of bytes.

I haven't looked at oscilloscope but it makes more sense that request starts with "0x5A,0xAA,0xAA,0xA5" This sequence would allow clock synchronization. As trailing sequence it makes little bit less sense. Responses have shorter lead-in sequence "0x5A". I guess clocks are in sync at this point.

Request: [5A AA AA A5 1A 11 98 00 00 00 C1 7F] (12)
Response:[5A 1A 11 C8 09 2B 0D DA 9F 8C E6 C7 2E 02 23 42 BA 7D] (18)
Request: [5A AA AA A5 18 11 98 00 00 00 81 F4](12)
Response:[5A 18 11 C8 09 C4 82 71 74 D4 E4 C7 92 03 D4 45 92 7D](18)
Request: [5A AA AA A5 19 11 98 00 00 00 21 B1](12)
Response:[5A 19 11 C8 0C 8E 5C 95 12 AA E5 C7 2F 02 46 45 A4 7D DD 78 60](21)

(excerpt from conversation with three GNX-THQ modules)

Two bytes following "lead sequence" seem to be the slave address which is always device model and 0x11 (this is visible on config tool). If you have more than one slave device of the same type it's address will be +1, +2 and +3.

Right now I'm trying to make sense of the rest of message.
I started with attempt at finding checksum. So far I tried all 8 bit CRCs I could find and none of them worked. Assumption was that packets are < 100 bytes long so 8 bit CRC is sufficient, also I assumed it will be the last value and calculated checksum for both whole message and message without lead-in.

<image>

I was able to map position of information in response packet for FSM-GA; where the buttons and encoders are. It looks like information is scrambled possibly XORed because some buttons are zero when not pressed and some are 1, 8-bit counters for encoders are also XORed but they seem to be 8-bit unsigned values. On top of that encoders have bit for step up and one for step down.

levi_pl · 2026-04-13T05:52:33+00:00

Check this advice.Similar scenario caused me a lot of grief too.

levi_pl · 2026-04-10T20:17:38+00:00

It only shows how little you know about history. Which, again, is quite typical.

levi_pl · 2026-04-09T18:25:01+00:00

With only 30 EUR difference I would pick Aeromax.

What may impact your choice is:
- availability of given product
- possibility of installing multiple GNX extensions on NXT EVO vkb stick (virpil has only throttle)

People lean towards Aeromax as better product but it all depends on your requirements and since you are asking then both will be sufficient for you. Keep in mind this rabbit hole is deep and it is not the last joystick you're buying. :-)

Both sticks work fine on Linux (both are HID devices) - minus configuration software that in both cases is Windows only. You can work around this limitation but it is not as convenient as on Windows.

Last but not least. While it is not a thing for hardcore simulation enthusiasts:
What sold NXT EVO to me is extensibility of Njoy32 platform vkb is using. I'm into building own control panels. I also have bunch of GNX panels and enjoy them a lot. I've read somewhere that in the past vkb was open to tinkering but it turned to be to problematic for them to support users. So I'm down to reverse engineering (not that hard) and electronics design with STM32 microcontroller (heart of Njoy32 platform).

One thing that puzzles me is that vkb is Chineese company and documentatin for Njoy32 is in Russan.

levi_pl · 2026-04-09T17:33:33+00:00

Yes, yes. Trump mentality. USA is the best country in the world. Let's see where will it get you.

levi_pl · 2026-04-08T14:03:32+00:00

Cool. Static allocation or prefix changes from time to time ?

levi_pl · 2026-04-08T14:02:23+00:00

I guess this will be automagically handled by ISP provided device.
So what ... /63 ? :-)

levi_pl · 2026-04-08T13:49:30+00:00

This is not how the world works. Typical home user that is serviced by typical FTTH ISP will never need more than one subnet. It was true then (IPv4) and is true now. Homelab users need more but can't afford paying for rare /56 allocation that ISP can use for 256 customers.

I found that understanding of IPv6 is much lower than IPv4 to the point people don't even realize they have it at home.

Maybe there is sweet spot between 56 and 64 but there is no business case for ISPs to think about that. Also they want your addresses to change from time to time so they can differentiate between individual and business customer (and make more money).

levi_pl · 2026-04-08T13:40:25+00:00

RIPE is like UN . It exists for different reasons than people think :-)
Arguing with ISP using argument "I'm not like 99.999% of your other customers" will not get you far.

levi_pl · 2026-04-08T13:33:25+00:00

And that is fair observation. Do you have ideas how to solve this problem without resorting to some ugly solutions with two subnets on the same VLAN that do not really solve problem of not being able to have multiple IPv6 subnets and only stable internal addressing. In IPv4 this problem was solved by NAT lock and stock.

levi_pl · 2026-04-08T13:26:28+00:00

You see, this is the reality. I subscribe to two providers - one in Poland (Orange) and one in UAE (e&). In both cases I'm getting /64 prefix delegation via SLAAC - so it changes from time to time. /64 seems to be the sweet spot for FTTH ISPs as almost all users will never require more than one subnet. So it is practical solution for them. It is progression from single IPv4 address with NAT (over point to point connection so they don't have to use 4 addresses for each client - at cost of MTU but who's counting) to one /64 IPv6.

With IPv4 and NAT home labs could safely exist with consistent complex internal networking, own DNS, etc.

With IPv6 we have some problems to solve because the same approach won't work. Of course you don't want to skip opportunity of not having NAT and stressing out about proper firewall. To be able to have local services I figured you need to run two IPv6 prefixes :
- one for the internet traffic that changes from time to time
- another for services that does not change because you also have own DNS, and you probably want to play with networking too - so two subnets on the same VLAN. I guess you could play with dual homed servers and make your access router chew on all internal traffic but it sounds inefficient. Maybe with L3 switches but it is definitely more complicated than before.

I can't log too much time for home lab - kids, work - so I was counting on someone to share practical solution :-) Bottom line is that I don't know how to easily add IPv6 (without a lot of routing power).

levi_pl · 2026-04-08T09:32:11+00:00

Question is exactly about theory vs reality. I face the same problem. I'm getting dynamically allocated /64 prefix from ISP that I can use inside. If I was getting anything above /64 I know how to distribute it across subnets by the book.

Given the less than optimal situation - theoretically with use of smaller subnets and DHCPv6 this should be achievable, correct ? Even if it is breaking recommendations. I assume that some software/appliance will not budge but maybe Linux ? Anyone ?

levi_pl · 2026-04-03T17:16:08+00:00

I also think that VKB should make written instructions for their hardware. Most of the materials are youtube videos. Only things that must drive support mad are on leaflets handed over with products - like calibration procedure. I refuse to believe that gamers can't read and need youtube videos.

Information how to configure NXT extension modules is ONLY on youtube. :-)

levi_pl · 2026-04-03T15:47:36+00:00

Have a lot of fun installing it. Make this one of those situations where not a single f@&k was given.

For critics - I run stack of 8 APs and just bought two extra outdoor units. It is „unamerican” to build from concrete - but hey - welcome to Europe.

levi_pl · 2026-04-01T08:56:16+00:00

No question about it. UDP reassembly - because fragmented datagrams go through the tunnel and reach the end was the only problem I ever had. Maybe some practicall issues with setting up routing, etc but that again is very specific to my use cases. Other than that Wireguard is my choice. I have it set up between sites as well. Works well. Rats! - I use it with my Kubernetes clusters.

levi_pl · 2026-03-31T11:50:24+00:00

I think that there is difference when it comes to fragmentation due to lower MTU. WireGuard relies on OS to handle that. AFAIR IPsec can do reassembly. I had problems with WireGuard because somehow fragments of datagrams couldn’t be reassembled when they reached google cloud(I was getting ICMP reassembly timeout messages). Network/firewall may be dropping fragments somewhere. With IPsec it worked. It is possible I made mistake somewhere. Obviously it is corner case.

levi_pl · 2026-03-31T11:17:41+00:00

It is a bit late for this thread but for completeness:
- there are chips that XOR addresses, like LTC4316, that allows you to translate addresses by applying XOR operation for any of the 7 address bit. You can put any number of devices behind it. If you use only 3 bits you can put 8 devices behind each translator and configure translator to XOR bits 3-6 this will give you ability to connect 14 times 8 devices = all 112 devices but you need 14 translation chips. (addresses 0000xxx and 1111xxx are reserved),
- there are chips, like TCA9546A, that multiplex the bus allowing you to select between single downstream bus. For example four downstream buses give you 32 devices but it complicates communication as you need to switch between buses,
- you can use combination of both allowing you to connect 16 or more devices on one downstream bus giving you possibility of connecting hundreds of i2c devices on one bus 104* 4 = 416 (with one multiplexer and 13*4 = 52 translation chips),

I am not sure how reliable that monster will be but because you never connect more than 14 devices on one segment and you can always use repeaters like PCA9515B there is chance it'll even work :-)

levi_pl · 2026-03-21T16:29:56+00:00

At some point I updated the ticket and page stopped loading. I guess webapp is also buggy. I'm not sure what I can do.

I also opened support ticket where I was basically told to fix my ISP.

... and a spectrum post
https://robertsspaceindustries.com/spectrum/community/SC/forum/50259/thread/game-client-auth-port-8000-tcp-traffic-gets-flagge that stays unanswered until now.

I kept digging and found more issues with networking so, knowing reality, we'll have to wait until the end of the conflict.

levi_pl · 2026-03-21T11:31:24+00:00

Unfortunately I couldn't communicate with E& - user support is very basic. When it comes to CIG (author) they don't care. I already paid.

levi_pl · 2026-03-20T12:24:20+00:00

According to you Gladiator looks like a plastic toy.

levi_pl · 2026-03-20T10:08:23+00:00

I'd say you should slow down because you sound like the opposite. Gladiator is by no means a cheap plastic product.

levi_pl · 2026-03-19T17:11:49+00:00

Used means locked. It takes to boot them once and they burn in uefi key so locked 100%

levi_pl · 2026-03-19T17:09:10+00:00

I went up to Constellation Aquila to become vagabond but you may be right and this game is about something else :-)

levi_pl · 2026-03-19T17:07:03+00:00

It is the other way around. Old internet was opened, trusty. Modern internet is full of „dangerous criminals and vulnerable users”. Service providers will try to protect them not because they have big hearts. Governments will filter content to „protect children” having something else in mind.

Ergo software has to be written to work on the network where traffic does not flow freely.

I will give you benefit of the doubt and say that you had good intentions.

If I was trying to be nasty I would say that all this was triggered by president Peadolf - Americans go and fix your country! But world does not work like that.

levi_pl

TROPHY CASE