Hey, everybody!
I recently started a research project aimed to find arbitrary code execution loopholes in a common series of Casio calculators, such as fx-82ES PLUS and fx-991ES PLUS. They use similar hardware, and many discoveries have been made. However, it looks like that not much activity is seen on casiocalc.org, so it was recommended that I also make a post on the more active Cemetech.
The original casiocalc.org topic: link.
The fx-ES PLUS series are different from the fx-ES ones, so only the PLUS models are targeted.
We found out that the calculators use an OKI (now Lapis Semiconductor) chip based on the nX-U8 RISC architecture. There are emulators for these calculators, so we now have the firmware extracted from them.
One problem is that there is not much known about the nX-U8. However, I was able to find an SDK for the OKI chips, and it includes an assembler, so by reverse-engineering it we could get to know the instruction set and disassemble the firmware to find bugs and loopholes, so we would be thankful for the help of a person able to reverse-engineer the assembler.
We (the casiocalc.org members) would be happy to receive any kind of help.
I recently started a research project aimed to find arbitrary code execution loopholes in a common series of Casio calculators, such as fx-82ES PLUS and fx-991ES PLUS. They use similar hardware, and many discoveries have been made. However, it looks like that not much activity is seen on casiocalc.org, so it was recommended that I also make a post on the more active Cemetech.
The original casiocalc.org topic: link.
The fx-ES PLUS series are different from the fx-ES ones, so only the PLUS models are targeted.
We found out that the calculators use an OKI (now Lapis Semiconductor) chip based on the nX-U8 RISC architecture. There are emulators for these calculators, so we now have the firmware extracted from them.
One problem is that there is not much known about the nX-U8. However, I was able to find an SDK for the OKI chips, and it includes an assembler, so by reverse-engineering it we could get to know the instruction set and disassemble the firmware to find bugs and loopholes, so we would be thankful for the help of a person able to reverse-engineer the assembler.
We (the casiocalc.org members) would be happy to receive any kind of help.