iCloud and iCal accepting old appointments :-(

So Friday I received a bunch of out of office replies from former Co-workers who I did not email. Uh oh, some virus/malware is running somewhere. Panic level went to 11. Continued to sort through them, and a few were direct replies. I read them and Ed and Brian are asking me why I'm accepting appointments for meetings that have already past. Oh boy, this is going to be hard to track down. It could be a phone based malware, Mac/PC or an epic hack in the cloud.

Oh, did I mention I had just upgraded to iOS 5 and Mac OS X 10.7.2? Yup, sure did. Wasn't able to migrate my MobleMe stuff because the servers were too busy (which is a topic for another rant, since this problem has been solved in the industry multiple ways). So the iCloud transition has none of the fit and finish that I was expecting. Especially considering how bad MobileMe was. Even .Mac was better then MobileMe and .Mac couldn't sync for beans (again another problem that had been solved numerous ways yet ignored). Steve Jobs was supposedly personally involved with iCloud because if is tremendous dissatisfaction with MobileMe and it's reliability. Well they must not have fired the right people because iCloud has been a bumpier ride than MobileMe for me personally.

So back to my 'malware' problem. My Malware goes by the name iCloud. So when I converted my AppleStore account to iCloud (which is another problem I now have two iclouds and can't merge them) it took my home and work calendars into the iCloud. When doing so it went and accepted (and sent responses) to meetings that have already occurred. In 2007. Yup, I'm accepting 3 and 4 year old meetings that I already attended. This seems like a catchable senario to me. What possible reason for accepting a meeting that's already passed could their be? I would concede that there might be a need to accept an appointment that's up to a week old for some kind of tracking/verification purposes, but 3 years?

A bunch of googling didn't turn up others with this problem, so maybe there's something unique to how I did it. I took events from my GoogleApps email and accepted them on my .Mac enabled Laptop. I'm actually quite disappointed that iCloud dared to communicate on my behalf with out asking me. I should have been given the option to not send a response like I am with other well behaved calendar apps. I have a few more computers to upgrade. We'll see if I accept more phantom appointments. Oh well, another year, another disappointment with the Minnesota Vikings and Apple's cloud services.

 

Decoding the Light Strike ITS

Ok, spent 10 minutes after lunch looking into the ITS signals.

You'll have to read the previous post about bits, to know what I'm rambling about, but in essence the significant bits were the even bits between 40 and 62. Not all are used, but I haven't tried all the guns and option combinations yet. So the ITS (Intelligent Targeting System) has 3 modes. Sentry mode - you have to hit the target 5 times, each time you hit it, you light up a bar with your team color. Fifth hit turns it into a sentry for your color. It blasts out random shots until it's captured by another team. Bomb Mode - similar, you get 5 hits to activate the bomb, 6th hit to set it off, which spins the device and it emits shots in every direction and makes an explosion sound. Medic Mode - 5 shots to capture again, but now when you shot it a subsequent time, it puts health bars back on your gun.

So if you activate the sentry, the bits that go high (in addition to the team bits) are: 40, 42, 44, 46 and 56 which in my 'bit math' comes out to a strength of 3848, the strongest shot yet. So far, nothing too unusual.

If you activate the Bomb, however, things get interesting. The bits that go high for blue are: 28, 40, 42, 44, 54, 56. Bit 28 is the new rascal. If you do it as Red, bits 28, 30, 40, 42, 44, 54, 56 go high (in addition to the team bits) - both 28 and 30. Yellow is just 30. Green is just 28 again. I was hoping that green would be both 28 and 30 low. That would make bit s28 and 30 a team marking, but it isn't. So why are blue and green the same, while yellow and red are different? A mystery for another day I guess.

Next up, Medic mode… this would be a fun one to clone into a smart remote or other IR blaster device. You could leave a 'stim-pack' like in the video games around the playing field. Medic mode is the most different code thus far. It broadcasts bits 8 and 40 for every team, and then you get a simple 3-bit mapping for the team color with bits 58, 60 and 62. So 58, 60 and 62 are blue, 58 is red, 58 and 62 are yellow and 50 and 60 are green. This is the first use of a bit below 10 and uses a different set of bits to mark color. What would be interesting is if you could send a 40 and 42 along with the rest to see if you get more health back per shot.

If I'm reading things right, it would seem that 2048 is the number to take a health bar on or off. So now I just need to finish writing my code to recognize these different flag values and then start painting the screen the correct color for the flag.

 

More Light Strike attachments and decodes

So Adam bought the G.A.R.-023

And two accessories, the scope and the refractor launch system.

I went and bought the same scope and the rapid fire system. I also got the ITS - Intelligent Targeting System. So we now have every offensive add-on (missing the detector, but that's passive/defensive so we can go on with out it). With these attachments you get an Optic strike and Refractor strike with the scope and a launcher strike with the RLS and Rapid Fire with the RFS. The RLS and RFS strikes are actually two things, a distinct IR code and three consecutive hits. So now I have decoded these light strike mods and their data bits.
If you recall, the bits in play are: bit 40, bit 42, bit 44, bit 46, bit 50, bit 56, bit 58, bit 60, bit 62. We now get to add bit 54 and bit 46 to the mix.
High bits for Optic strike: 40, 44, 56, 58
High bits for Refractor: 40, 42, 44, 54, 56
High bits for RFL: 40, 42, 46, 58, 60
High bits for RFS: 40, 42, 60, 62
If you make that a 12-bit binary, you get:
Optic: 2572
Refractor: 3608
RFL: 3334
RFS: 3075
Making the RFL the device to have it seems. In practice it is deadly too, it takes 2+ bars off your gun per shot, but has a long recycle time. Not sure when I'll get to it, but at some point I'm going to decode the ITS. When you capture the ITS for your team it can then do three things: 1 - Sentry mode, it spins and shoots randomly, only damaging teams of other colors. 2 - Bomb mode, you can activate and detonate a bomb doing massive damage (I'm assuming, haven't set it off yet). 3 - Medic mode, when the capturing team shoots the target, it beams back a health bar. Medic mode will be the most interesting to me. What does it send? Could you program a smart remote to record that signal and then have your own version of a med-pack like in the video games? There are other light strike mods we're thinking of too. A fun one might be to make a trip wire. Set off the sensor and an IR damage flash goes off. Or a death room, a room where you continually take low damage doses. It would be like crossing the lava or nuclear waste areas in Doom or Quake.
We spend 10 minutes or so goofing around with it this morning. First time we actually did some real shooting, and it went awesome. This is going to be really fun! Got an uptick in website traffic this week. Going to have to see what search terms bring you to these posts. Probably light strike hack or light strike hacking. I wonder if I show up for light strike mod at all. Probably will after this post.

Light Strike decodes so far

Ok, so I've been working on software to work with the Light Strike laser tag system. In the long run, I still want to hack the light strike targets and light strike laser tag guns but for now I'm settling for decoding the pulses from the guns themselves. For everyone who hasn't been following along (and it's riveting, how could you not!) a quick re-cap.

Using a USB-UIRT device I am able to receive the pulses coming from the gun. The signal starts with a pulse of ~6700 (sometimes higher, sometimes lower). Followed by 32 interleaved pulses and spaces that hover around 700. The spaces and pulses are effectively 64 'bits' although it seems only the spaces are actually used, not the pulses as I previously thought. The output clearly spaces, but because that made no sense to my brain, so I said pulses in previous posts. Anyway the way I'm tracking it, I'm counting the spaces and pulses just in case I get a surprise somewhere. The spaces that have meaning hover around 3200. So in my code I just look for greater than 5000 for the 'frame start' and greater than 2000 for the 'space' to be a high bit. Keep in mind I'm counting pulses and spaces when tracking them and I start at zero (because it's not confusing enough right?), so if I say bit 4, I mean space(0), pulse(1), space(2),pulse(3),space(4). If you don't like it, divide them by 2 to get the 'space' position only (which is why I started with zero). So far here are the bits of note:

BIT 10 - always high in the two assault strikers I've tested: G.A.R.-023 and D.C.R.-012

BIT 12 - part of the team color

BIT 14 - part of the team color

12 and 14 high = blue

12 and 14 low = red

12 low and 14 high = yellow

12 high and 14 low = green

With this info, I can now determine what color shot the IR sensor and can effectively write my own target for capture the flag.

But wait theirs more! For shots:

bit 40, bit 42, bit 44, bit 46, bit 50, bit 56, bit 58, bit 60, bit 62.

High bits for Laser strike: 42, 46, 60

High bits for Stealth strike: 42, 44, 60

High bits for Pulse strike: 42, 44, 46, 60, 62

High bits for Rail strike: 40, 58, 60

High bits for Sonic strike: 40, 46, 56

So there is rather some reserve bits in the middle or the assault strikers add ons use the middle bits in the low 50's. If you read the bits from right to left starting at 40 and ending at 62, you have a 12-bit number that gets bigger the more powerful the strike. I vaguely recall 12-bits being important in the IR remote space, so maybe that's why. Maybe my math is off too. Anyway, if you take my 12 bits as binary numbers:

Laser - 1344

Stealth - 1538

Pulse - 1795

Rail - 2054

Sonic - 2312

Stealth strike may be an outlier, because I'm not sure that it's stronger than a laser strike in terms of damage done to the other guns. Anyway, since I can decode strike values, and I have orders of magnitude, I can do some fun stuff with my computer based target. For example, I can have degrees of team color. You could have a laser strike be +1, stealth +2, etc. And every time you shoot my target, the counter goes up (or the team color level bar could fill more screen) up to a maximum number, say 5 or 6. Then to recapture the flag, you would have to take away the apposing teams hits first, before you could turn it to your color, making capturing and holding a flag a little more interesting.

I'm still tweaking my perl code, but in short, I went the

open(MODE,"mode2 --driver=usb_uirt_raw --device=/dev/ttyUSB0|") || die "Unable to open mode2\n";

route to get the data. The mode2 binary from LIRC does a great job for me already, why re-invent the wheel at this point? I have it capturing the 'high' bits and printing the team color so far.

---- SHOT ----
10 - 3150
12 - 3200
14 - 3150
42 - 3150
44 - 3200
60 - 3200
---- SHOT ----
COLOR: blue
---- SHOT ----
10 - 3200
12 - 3200
14 - 3200
42 - 3200
44 - 3200
60 - 3200
---- SHOT ----
COLOR: blue
---- SHOT ----
10 - 3150
42 - 3200
44 - 3200
60 - 3150
---- SHOT ----
COLOR: red
---- SHOT ----
10 - 3200
42 - 3150
44 - 3150
60 - 3200
---- SHOT ----
COLOR: red
---- SHOT ----

So I'm getting pretty close!

Perl code for Light Strike decoding

Making progress on my quest to write a 'capture the flag' module for the light strike laser tag guns. Some googling found me this code from Kenneth L. Root. <http://the-b.org>. I hacked it into this the other day and am able to get this output now:

root@rwhiffen-OptiPlex-GX280:/tmp# ./light-strike.pl
Opening port: /dev/ttyUSB0
Opened port /dev/ttyUSB0
Shoot the gun at the IR Sensor
IR Code: 0xe6 0xc2 0x87 0x0d 0x12 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x40 0x12 0x40 0x12 0x40 0x12 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x3f 0x12 0x0e 0x12 0x40 0x12 0x0f 0x11 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x3f 0x12 0x0e 0x12 0xff
root@rwhiffen-OptiPlex-GX280:/tmp# ./light-strike.pl
Opening port: /dev/ttyUSB0
Opened port /dev/ttyUSB0
Shoot the gun at the IR Sensor
IR Code: 0xb9 0xc2 0x86 0x0e 0x11 0x0f 0x11 0x0f 0x11 0x0e 0x12 0x0e 0x12 0x40 0x12 0x3f 0x12 0x40 0x12 0x0e 0x12 0x0f 0x11 0x0e 0x11 0x0f 0x11 0x0e 0x12 0x0e 0x11 0x0e 0x12 0x0e 0x11 0x0e 0x12 0x0e 0x12 0x0f 0x11 0x0e 0x12 0x0e 0x12 0x40 0x12 0x0e 0x12 0x3f 0x12 0x0e 0x12 0x0e 0x12 0x0f 0x11 0x0e 0x12 0x0e 0x12 0x0e 0x12 0x40 0x12 0x0e 0x12 0xff
root@rwhiffen-OptiPlex-GX280:/tmp#

So I'm getting closer. The results are more inconsistent with the perl code than with the 'mode2 command, which makes me think I might want to do some 'expect' style perl coding with the app rather than direct. maybe something like:

open(MODE,"|mode2 --driver=usb_uirt_raw --device=/dev/ttyUSB0 --mode");

And then do all my interacting with the output via the MODE file handle. That would allow me to get some basic functionality going.

Light Strike IR decoding part 2

The continuing saga of my efforts to hack a light strike laser tag system by reading the infrared signals it puts out…

Ok so I just went from being totally stuck and posting that blog post, to being unstuck in about 30 minutes. Ok, so in the last post, I was thinking I needed to figure out what the bit encoding was for the pulses coming in. WHen you look at the in a long row, it's hard to see the patterns. So I was reading the man page for mode2, and it says there's another command line switch called --mode, which is helpfully described as " enable alternative display mode". Ok, what could it hurt right? So I ran it. Instead of getting the two column pulse/space list, you get a more helpful:

6700     650      900      700      900      700
900      700      900      700      900     3150
900     3150      900     3150      900      750
850      750      850      700      900      700
900      700      850      700      900      700
850      750      850      700      900      700
900      700      900      700      850      750
900     3200      850      700      900     3150
900      700      850      700      900      700
850      700      900      700      900      700
900     3200      900      700      900  1382500

Which is a lot easier to read, and makes deltas between two different settings stand out. That one was a blue, this one is a red.

6700     650      900      700      900      700
900      700      900      700      900     3150
900      700      900      700      900      700
900      700      900      700      900      700
900      700      900      700      900      700
900      700      900      700      900      700
900      700      900      700      900      700
900     3150      900      700      900     3150
900      700      900      700      900      700
900      700      900      700      900      700
900     3150      900      700      900  2267300

Notice how C2 R3 and C4 R3 change from 3150 to 700? That pattern holds for yellow and green as well. You end up with a pretty simple table:

If you count the spaces as clock ticks and the pulses as 'bits' you can then start to map things out. The last huge number in C6 R11 is the time between the last event and the next event. The last event recorded does not have this value, it is blank and can be discarded. The first pulse is a 'double-high' value which marks the beginning of a frame. This gives you effectively 32 bits. Now I just have to get a perl or python script to read the device instead of the 'mode2' command and I'm off to the races. That will have to wait for another day however, because I need to get back to work.

Light Strike laser tag

After reading a review on Ars Technica: Lawn warfare: Light Strike brings laser tag back home I decided I had to have some of these at the office. They're pretty cool, mostly gimmicks but they do work. I bought myself a D.C.R.-012. Am probably going to pick up some of the accessories as well. I've talked some co-workers into buying them, so we're almost ready to have some office warfare.

The trick is, you can only 'death match' each other for so long. And most of the that would be on the honor system, since you can self-respawn quickly. So I've set out to try and make my own 'targets' or flags to play capture the flag with. I have some USB-UIRT devices. I found some Linux drivers at LIRC.org and a CPAN perl module for the driver. So far, so good. I'm able to detect gun output by running:

mode2 --driver=uirt2_raw --device=/dev/ttyUSB0

From the command line. It gives me output like this:

pulse 6650
space 750
pulse 850
space 750
pulse 850
space 750
pulse 850
space 750
pulse 850
space 750
pulse 850
space 3200
pulse 850
space 3200
pulse 850
space 3200
pulse 850
space 750
pulse 850
space 750
pulse 850
space 750
pulse 850
space 750
pulse 850
space 750
pulse 850
space 750
pulse 850
space 750
pulse 850
space 750
pulse 850
space 750
pulse 850
space 700
pulse 850
space 700
pulse 850
space 700
pulse 850
space 750
pulse 850
space 3200
pulse 850
space 700
pulse 850
space 3200
pulse 850
space 750
pulse 850
space 750
pulse 850
space 750
pulse 850
space 700
pulse 850
space 750
pulse 850
space 700
pulse 850
space 3200
pulse 850
space 750
pulse 850

Unfortunately subsequent firings do not give me identical values. Some times the pulses are 50 higher, so 6700 rather than 850. Perhaps worse still, the other three colors (that was a 'blue team' laser) seem to have the same values. Next I'm going to plug it into a windows machine and run Girder on it and see what that gives me.

Google wasn't very helpful, perhaps because Light Strike isn't a unique term to the laser tag guns. It's used in other contexts as well. So I think I'll pads this post with light strike hacking and other google-able terms. Light Strike IR hacking is a good example of what I was hoping to find a post about. ANyway, hopefully someone who is searching for linux IR hacking light strike guns will find me and we can team up.