1.3.6.1.4.1.61513Mar 4

I got all my ducks in a row (ok, ignore the state of the kitchen right now)... but the blog post ones of you have been waiting for - Strobecom traffic light control details!

Also a little video of it working in practice.

https://sprocketfox.io/xssfox/2026/03/04/strobecom-ii-reverse-engineering_-can-a-flipper-ze/

Strobecom II reverse engineering: Can a Flipper Zero control traffic lights? Can this blog post prove Betteridge's law of headlines wrong?

Reverse engineering the encoding of Strobecom II signals

xssfox
Show thread1.3.6.1.4.1.61513

> After this post goes up I’m going to try to send some of these IDs to see if they trigger anything fun.

ha. it would be really funny if there was a code that always triggered preemption even not configured. a secret traffic light backdoor.

anyway, did you know my favourite number right now is 65015.

Mar 5 at 11:52amWeb
Show thread1.3.6.1.4.1.61513Mar 5

Oh, I just realized something funny about it, because it's not part of a subgroup it doesn't have an option to enable the rs232 announce feature. It still ends up in the log but that needs to be queried. I wonder what this looks like in the software.

I confirmed this actually triggers the preempt signal, and that it's actually decoding to the correct ID. It works with the default config. I don't think there's any way of disabling this ID

Show threadBrandonMar 6

@xssfox

I used to be a paramedic (US). Our older units had a strobe light for the opticom system. The newer ones used LED (either white or infrared). I always assumed it was just a 14hz flash, no encoded value.

Show thread1.3.6.1.4.1.61513Mar 6
@haicen it's very possible it wasn't encoded, but it's hard to tell
Show thread1.3.6.1.4.1.61513Mar 5
I wonder if this is wrapping around the eeprom and causing it to read somewhere else in memory that happens to have the right config byte. I might rerun the test with i2c logic analyser connected
Show thread1.3.6.1.4.1.61513Mar 6
nope this can't be the case because it has to check the value range before looking up the eeprom anyway. the only thing showing up on the bus is the notification from the channel to the main controller to say what just got decoded + a log message to the eeprom. this very much looks like an intended to always decode code.
Show thread1.3.6.1.4.1.61513Mar 6
my other thought is its a special "end of preemption" message - but this doesn't make sense because its logs with the correct ID surely its not a backdoor..... but I dunno.
Show threadCatcrimesMar 6

@xssfox if it smells like a backdoor, looks like a backdoor, and opens like a backdoor...

...it's a development test that got left in *coughcough*

Show threadI love this, so IMar 5
@xssfox ಠ_ಠ
Show threadAlpine TocsinsMar 5
@xssfox shame that PEN is already taken, would be funny to have that in your OID