Here are a few of the ways I have have done it.
1. The first is a Y-Splitter coming out of the iDevice with a gender changer to the sound card.
2. Short the Sleeve and the Tip of the LTAR and measure your signal or run through your sound card. No board or iDevice needed.
3. This way is similar to #2, you can connect Sleeve to Tip and measure your signal or amplify the signal if you need.
Note, the signal is small, i.e. around 100mV. If using the Y-Splitter you will possibly get disconnects from the LTAR and iDevice.
If you don't mind having your LTAR disassembled you can also do the above to short the Tip to Sleeve and measure the signal in a few locations and get a much cleaner signal.
The sound card is probably the best way to measure the signal. You can use audacity to record the wave and view it like I listed above, or you can use some of the free Oscilloscope software that can use your sound card, or even some of the Software Defined Radio (SDR) software to view the signal in a spectrum analyzer.
LTAR TRRS Protocol
Re: LTAR TRRS Protocol
- Attachments
-
- ltar_trrs_short.jpg (129.81 KiB) Viewed 12216 times
Re: LTAR TRRS Protocol
<t>Awesome, thanks Justin. This is really helpful. Have you had any luck "listening" to the other end of the conversation? I mean, finding what the idevice is saying to the LTAR in different configurations? I believe Ryan mentioned once that communication of the idevice to the LTAR was very similar but on slightly different frequencies for the 1 and 0. As soon as I have the electronics I'm ordering for this, I will try and take a look and find that signal. I just wondered if you had tried looking for that already. I imagine it would only occur in circumstances that are specific to the idevice. Such as when you are hit by an EMP or other special weapon not available in the standard mode. Similarly, it may communicate a weapon selection being made if it is a weapon only available in the app. </t>
Re: LTAR TRRS Protocol
Sorry for the delayed response. I had a bunch of recordings, but I did a terrible job keeping a description of them. When I looked through them I had no idea what happened at what time, i.e. gun change, or hit from an enemy. Anyway, I recorded a few new ones and tried to keep track of what happened at what time.
This is the sequence of events of the recording.
1. Everything is plugged in a I start the recording with the iPodTouch and LTAR off. The iPodTouch is not completely turned off, just in power save mode?
2. I turn the iPodTouch on and run the LazerTag software.
3. I wait until the LazerTag software has run through all the transition screens and is waiting at the Single Player, Multi Player, etc... menu.
4. Then I turn the LTAR on.
5. I select single player.
6. I select play. (On the last 2 I changed the level to 1 because I get shot less)
This is 3 different recordings. I have changed the volume for the mic recording on my computer in each one. This helps to show the LazerTag software sending/querying some information...?
Here's a little more zoomed in. In the second recording you can clearly see when the LazerTag software is running ~16-18.5, then the LTAR is turned on ~18.5
So let's focus on the second recording. Here's what I wrote down on a notepad while recording the action. These are not exact times, it was just to keep track of what was happening.
0:18 - gun on
0:30 - countdown start
0:49 - gun change (quantum repeater)
0:56 - shot by enemy
1:05 - shoot gun
1:20 - shot by enemy
1:30 - gun change (pyroburst) - and was shot by enemy
Initially it can be difficult to see the data, so one way to pin point the data is to duplicate the recording and turn on the spectrogram option. You will then have something that looks like this. Notice the 2K 4K and 6K in the legend to the left of the spectrogram.
This is the sequence of events of the recording.
1. Everything is plugged in a I start the recording with the iPodTouch and LTAR off. The iPodTouch is not completely turned off, just in power save mode?
2. I turn the iPodTouch on and run the LazerTag software.
3. I wait until the LazerTag software has run through all the transition screens and is waiting at the Single Player, Multi Player, etc... menu.
4. Then I turn the LTAR on.
5. I select single player.
6. I select play. (On the last 2 I changed the level to 1 because I get shot less)
This is 3 different recordings. I have changed the volume for the mic recording on my computer in each one. This helps to show the LazerTag software sending/querying some information...?
- ltar_idevice_connect_and_countdown.jpeg (150.77 KiB) Viewed 12178 times
Here's a little more zoomed in. In the second recording you can clearly see when the LazerTag software is running ~16-18.5, then the LTAR is turned on ~18.5
- ltar_idevice_connect_and_countdown_zoom1.jpeg (175.43 KiB) Viewed 12178 times
So let's focus on the second recording. Here's what I wrote down on a notepad while recording the action. These are not exact times, it was just to keep track of what was happening.
0:18 - gun on
0:30 - countdown start
0:49 - gun change (quantum repeater)
0:56 - shot by enemy
1:05 - shoot gun
1:20 - shot by enemy
1:30 - gun change (pyroburst) - and was shot by enemy
Initially it can be difficult to see the data, so one way to pin point the data is to duplicate the recording and turn on the spectrogram option. You will then have something that looks like this. Notice the 2K 4K and 6K in the legend to the left of the spectrogram.
- rec2_spectrogram.jpeg (172.83 KiB) Viewed 12178 times
Re: LTAR TRRS Protocol
If I zoom in to 0:30 where I thought the countdown started you can see some "white lines" (I'm not sure what the correct technical term is here!). This is where the frequency changes from ~2K to ~4K. I can see now that 0:30 was wrong but I can also see what looks like 1 second intervals of data, the countdown, and that appears to start at ~32.5 or ~33.5.
If I continue to zoom in on 33.5 I can read the data being sent and I can also see the time is around 33.65 and not 33.5.
I did 32.65 and 34.65 after the 33.65 and here is that data
I have listed at 0:49 that I have a gun change to the quantum repeater. I figured I'd zoom in around 0:49 and I want to point something out. The information pulses from the gun are noticeable because of the series of frequency changes.
- rec2_spectrogram_zm1.jpeg (177.59 KiB) Viewed 12178 times
If I continue to zoom in on 33.5 I can read the data being sent and I can also see the time is around 33.65 and not 33.5.
Code: Select all
11000011000110000100001100000000011000000000110000000001101111101
Which is:
110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx
110 00011000 110 00010000 110 00000000 110 00000000 110 00000000 110 11111011
- rec2_spectrogram_zm2.jpeg (197.06 KiB) Viewed 12178 times
I did 32.65 and 34.65 after the 33.65 and here is that data
Code: Select all
110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx
32.65 - 110 00011000 110 10010000 110 00000000 110 00000000 110 00000000 110 01111011
33.65 - 110 00011000 110 00010000 110 00000000 110 00000000 110 00000000 110 11111011
34.65 - 110 00011000 110 11100000 110 00000000 110 00000000 110 00000000 110 00000111
I have listed at 0:49 that I have a gun change to the quantum repeater. I figured I'd zoom in around 0:49 and I want to point something out. The information pulses from the gun are noticeable because of the series of frequency changes.
Code: Select all
110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx
45.65 - 110 01000000 110 00000000 110 00000001 110 11010010 110 01010000 110 11111111 110 11111111 110 01111000 110 00000000 110 01000000 110 01010000 11
48.65 - 110 01000000 110 00000000 110 00000001 110 11010010 110 01010000 110 11111111 110 11111111 110 01111000 110 00000000 110 10100000 110 11100000 11
49.65 - 110 01000000 110 00000000 110 00000001 110 11010010 110 01010000 110 11111111 110 11111111 110 01111000 110 00000000 110 01100000 110 01100000 11
- rec2_spectrogram_zm3_hilight.jpeg (244.47 KiB) Viewed 12178 times
Last edited by neuron on Thu Aug 31, 2017 6:09 pm, edited 2 times in total.
Re: LTAR TRRS Protocol
Awesome. Thanks for the very comprehensive look at this Justin. I know this takes a lot of time to do and then post in such detail - it is very appreciated. So it looks like the 6k frequency is used here, which if I remember correctly, we havent' seen before. Watching the info from before, we saw 2k frequency as "0" and 4k as "1" correct? When coming from the app talking, it looks like the 6k is used now, am I reading this correctly? Is 2k still "0"? I'll wait to hear from you, here, but once we have definitive questions that need clarification, I'll post those on the FB page and see if Ryan can clue us in further when needed. Thanks again. Edit: I think I got my 1 and 0 backwards up there 
Re: LTAR TRRS Protocol
It can be ignored for now. It could be noise introduced from splitting the signal and turning the volume up on the mic recording. It could also be there to make the wave more clear for communication between the LTAR and iPodTouch. Either way the 2K 4K and 6K can be ignored for now since we are just looking at the waveform.
I really just wanted to show you the data pulses and how to zoom in on them. I'm sorry if it was confusing.
I have the 3 wave files that I tried to post here, but I couldn't upload .flac, .wav, or .zip. I'll e-mail them to you in .flac format so you can look at them too.
I tried to put some 1's and 0's above the waveform. They're in red.
2K - 1 (binary)
4K - 0 (binary)
I really just wanted to show you the data pulses and how to zoom in on them. I'm sorry if it was confusing.
I have the 3 wave files that I tried to post here, but I couldn't upload .flac, .wav, or .zip. I'll e-mail them to you in .flac format so you can look at them too.
I tried to put some 1's and 0's above the waveform. They're in red.
2K - 1 (binary)
4K - 0 (binary)
- rec2_spectrogram_zm2_binary.jpeg (49.76 KiB) Viewed 12151 times
Last edited by neuron on Thu Aug 31, 2017 2:01 pm, edited 2 times in total.
Re: LTAR TRRS Protocol
I've relaxed the restrictions on file attachments to make it easier on you. You can now have up to 10 images or attachments per post, attachments can be up to 2MB each, and audio files are now allowed (including WAV and FLAC). ZIP should have worked for you (unless the file was too big). Let me know if you still have trouble.
Re: LTAR TRRS Protocol
Hey Riley, thank you. You're right my zip file was way to large!
Re: LTAR TRRS Protocol
This is great Justin. Thanks for the email, I got it. I see what you mean now about the waveform being the important part. I'll download audacity and maybe one of those oscilloscope programs and play with the flac files when I can. Leaving for a trip with my two oldest kids tomorrow so it might be next week before I can sit down and really play with these. Thanks again. P.S. - Riley, I'm anxious for your package to arrive in the mail and see what you make of it! Working off both the hosting protocol from the Nomad and the audio data stream decoding here should really get us far in this effort - maybe no ROM dump necessary in the end.
Re: LTAR TRRS Protocol
0:49 - gun change (quantum repeater)
After zooming in and looking at the 1 second data pulse around 0:49.65 it does not appear that much data has changed since 0:45.65, so I'll skip ahead to, 0:56 - shot by enemy, and see what that data looks like.
So, it looks like the health bits have been identified. It also looks like the bits are Least Significant Bit to Most Significant Bit. LSB first gives us this (it's just in reverse):
01001011 -> 75
01001010 -> 74
01001001 -> 73
Since we've figured out the bit ordering, if we look at the countdown sequence again we see this:
1001 -> 9
1000 -> 8
0111 -> 7
Quick Edit (confirmed health and shield when connected to iPodTouch):
After zooming in and looking at the 1 second data pulse around 0:49.65 it does not appear that much data has changed since 0:45.65, so I'll skip ahead to, 0:56 - shot by enemy, and see what that data looks like.
Code: Select all
Health
110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx
45.65 - 110 01000000 110 00000000 110 00000001 110 11010010 110 01010000 110 11111111 110 11111111 110 01111000 110 00000000 110 01000000 110 01010000 11
48.65 - 110 01000000 110 00000000 110 00000001 110 11010010 110 01010000 110 11111111 110 11111111 110 01111000 110 00000000 110 10100000 110 11100000 11
49.65 - 110 01000000 110 00000000 110 00000001 110 11010010 110 01010000 110 11111111 110 11111111 110 01111000 110 00000000 110 01100000 110 01100000 11
Found something, in this column -> ********
55.65 - 110 01000000 110 00000000 110 00000001 110 01010010 110 01010000 110 11111111 110 11111111 110 01111000 110 00000000 110 00110000 110 10000000 11
56.65 - 110 01000000 110 00000000 110 00000001 110 10010010 110 01010000 110 11111111 110 11111111 110 01111000 110 00000000 110 10110000 110 10000000 11
57.65 - 110 01000000 110 00000000 110 00000001 110 10010010 110 01010000 110 11111111 110 11111111 110 01111000 110 00000000 110 01110000 110 00000000 11
01001011 -> 75
01001010 -> 74
01001001 -> 73
Since we've figured out the bit ordering, if we look at the countdown sequence again we see this:
Code: Select all
Count
Down
110 xxxxxxxx 110 ****xxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx
32.65 - 110 00011000 110 10010000 110 00000000 110 00000000 110 00000000 110 01111011
33.65 - 110 00011000 110 00010000 110 00000000 110 00000000 110 00000000 110 11111011
34.65 - 110 00011000 110 11100000 110 00000000 110 00000000 110 00000000 110 00000111
1000 -> 8
0111 -> 7
Quick Edit (confirmed health and shield when connected to iPodTouch):
Code: Select all
Health Shield
110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx 110 xxxxxxxx
45.65 - 110 01000000 110 00000000 110 00000001 110 11010010 110 01010000 110 11111111 110 11111111 110 01111000 110 00000000 110 01000000 110 01010000 11