Hey, everybody!
I recently started a research project aimed to find arbitrary code execution loopholes in a common series of Casio calculators, such as fx-82ES PLUS and fx-991ES PLUS. They use similar hardware, and many discoveries have been made. However, it looks like that not much activity is seen on casiocalc.org, so it was recommended that I also make a post on the more active Cemetech.
The original casiocalc.org topic: link.

The fx-ES PLUS series are different from the fx-ES ones, so only the PLUS models are targeted.

We found out that the calculators use an OKI (now Lapis Semiconductor) chip based on the nX-U8 RISC architecture. There are emulators for these calculators, so we now have the firmware extracted from them.
One problem is that there is not much known about the nX-U8. However, I was able to find an SDK for the OKI chips, and it includes an assembler, so by reverse-engineering it we could get to know the instruction set and disassemble the firmware to find bugs and loopholes, so we would be thankful for the help of a person able to reverse-engineer the assembler.

We (the casiocalc.org members) would be happy to receive any kind of help.
Are you having any specific problems with IDA Pro? If you're having trouble purchasing it, scuttlebutt is that our venerable Brandon Wilson tried to buy an individual license from them, only to be told that it wasn't worth their efforts to actually put together such a small license, so I'm aware that he uses it free of charge (and I believe he may have it available for others to use. I'd recommend taking that particular discussion to IRC PMs to avoid spoiling a kind gesture from Hex-Rays). Have you tried reaching out to Lapis Semiconductor to find out if they'll give you more documentation on the chip? Depending on how you approach it, including as a potential customer, they may be more forthcoming.
KermMartian wrote:
Are you having any specific problems with IDA Pro? If you're having trouble purchasing it, scuttlebutt is that our venerable Brandon Wilson tried to buy an individual license from them, only to be told that it wasn't worth their efforts to actually put together such a small license, so I'm aware that he uses it free of charge (and I believe he may have it available for others to use. I'd recommend taking that particular discussion to IRC PMs to avoid spoiling a kind gesture from Hex-Rays). Have you tried reaching out to Lapis Semiconductor to find out if they'll give you more documentation on the chip? Depending on how you approach it, including as a potential customer, they may be more forthcoming.


I don't have much experience in using IDA, so I'd ask someone with the proper skills to help me.
Also, I think that writing to Lapis is a stupid idea, as I can't even afford a devkit from them (which they would expect me to buy, as it comes with documentation), and also they would never help with reverse-engineering their partner's product.
Microcontroller dev kits really aren't that expensive. The last one I bought was for Renesas RX and it only set me back about $100, and that is a *MUCH* more powerful chip. I'd say to make up a fake company name, etc. and act like a potential customer. You'd be surprised how many chip vendors will even give away hardware to a "potential customer" to try to get them to use their product.
  
Register to Join the Conversation
Have your own thoughts to add to this or any other topic? Want to ask a question, offer a suggestion, share your own programs and projects, upload a file to the file archives, get help with calculator and computer programming, or simply chat with like-minded coders and tech and calculator enthusiasts via the site-wide AJAX SAX widget? Registration for a free Cemetech account only takes a minute.

» Go to Registration page
Page 1 of 1
» All times are UTC - 5 Hours
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 

Advertisement