 | This article needs additional citations for verification .(April 2025) |
| ExpressLRS | |
|---|---|
 | |
| Developer(s) | ExpressLRS LLC and Community |
| Initial release | 2018 |
| Repository | github |
| Written in | C++, Python |
| Operating system | Cross-platform |
| Type | Link protocols |
| License | GPLv3 |
| Website | expresslrs |
ExpressLRS is an open-source radio control link protocol designed for low latency and long-range communication in RC applications such as drones and aircraft. [1] . It supports packet rates up to 1000 Hz operating on 2.4GHz frequency band and up 200Hz on 915/868 MHz frequency bands. [2]
Contents
Using an open source version of the proprietary Crossfire protocol developed by Team BlackSheep, it uses the LoRa modulation technique to provide remote control and telemetry between UAVs and the controller at a much greater range and reliability than previous hobby-grade control systems or WiFi at a fraction of the cost of commercial or military equivalents thanks to the inexpensive ESP32 based hardware. With LoRa's built-in spread spectrum modulation, it is extremely resistant to background noise and intentional interference. Due to LoRa's low bandwidth and the high packet rate demand of UAV control, it is restricted to carrying very short packets of RC channel data and small amounts of telemetry. Developments have allowed the carrying of MAVLink telemetry over ELRS, allowing its use with the Ardupilot system.
Its extensive use as de-facto standard control link in FPV drones and the demands of the War in Ukraine have spurred large scale production of hardware, dropping cost even more, chinese manufacturers offering a wide variety of modules operating far outside established amateur radio or ISM radio band frequencies; and development of customized militarized variants who include encryption, frequency hopping, direction finding and other electronic support measures.
In 2022, a security vulnerability in ExpressLRS was reported, allowing remote takeover of drones. The issue stemmed from the protocol's use of a "binding phrase" encrypted with the outdated MD5 hashing algorithm [ dubious – discuss ]. Sync packets leaked most of the unique identifier used to pair transmitter and receiver, enabling attackers to reconstruct the remaining data and hijack the communication link. Recommendations to address the vulnerability included eliminating the transmission of the UID over the air, improving random number generation, and securing frequency hopping mechanisms. [3]
In 2024, the Ukrainian company Obriy Miltech reported difficulties in jamming ExpressLRS with its electronic warfare system, "Horizon ANTIFPV". While other protocols could be largely suppressed, ExpressLRS, especially with remote antennas, remained resistant to disruption. No system in Ukraine was said to guarantee reliable jamming of ExpressLRS-controlled drones. [4]