The CE C toolchain uses makefiles, which are difficult to use without a template. To save time, ACag probably copied the makefile from Star Trek to use as a template to make this project. This would have included the Star Trek description.

For the record, the "Star Trek Multiplayer" name is actually a mistake. I did duplicate the Star Trek MP project and forgot to change the description. That's been fixed in an unreleased version.

The other troll also hasn't been "officially" released, it was a quick post to SAX for the benefit of yourself and TheLastMillenial after you asked me to scan for everything but the kitchen sink, which I happily obliged. I *can* make that publicly available if people like.


As for Lionel and Mateo's post... this may seem a bit odd, coming from someone who is coding and maintaining an antivirus suite, but I am completely in agreement with both. As someone who has some experience in security the first thing you learn is that no amount of security will keep out someone who wants in. For the most part, "security software" is more peace-of-mind than actual security. The only exception to this being on servers that run valuable services.

That being said, I started this project as (1) an opportunity to do something security-related for a platform that hasn't seen something like it before that actually does what it says, (2) to maybe use this project to help push programming, and even general knowledge of security, and last (3) Playing around with and increasingly build my skills with C (and assembly) using a project that is more about data structures, reading and writing, than intense graphics, experience that I can in turn apply to my other projects (Star Trek, Slender, Polynomials AIO).

Being that this project got, on the whole at least a semi-positive response, I'll be sticking with it for some time more than I intended and bringing it up to full functionality (yes, to heck with ya Lionel, I'm making the dang firewall ). Full functionality, however, does not mean it will catch every possible permutation and obfuscation of malware. There is no software of this kind anywhere that can. I'd bet every dollar I own on that.

Good to see we're all on the same page
I'm pretty much always all for learning exercises.


Producing full two-way stateful DBUS communication validation code looks like a fun project, but it's non-trivial
Double bonus points for writing that code in C, at the expense of calculator-side efficiency but at lower development + debugging cost and much higher reusability. The TI-68k series also speaks DBUS; but a good design should make the protocol checking framemwork applicable to DBUS (the libticalcs name) / CARS (the official name), spoken by the 84+ and offspring, the TI-eZ80 series and the 89T, or NSP (NavNet) spoken by the Nspire series.

FTR, libticalcs contains functionality to help with debugging and testing packet validation code:
* direct access to dbus_send(), dbus_recv() and similar functions for the two other protocols;
* a hooks system before and after send and receive has existed in libticables for a while; it's now deprecated because it's being replaced by...
* ... a more generic events system in libticables + libticalcs, which only lives on the experimental2 branch for now, as it's not finished, but the core functionality is there.
There's no interactive DBUS dissector in libticalcs yet, but it's arguably one of the next things I planned to work on anyway.


Indeed... something to do with the fact that perfect obfuscation is not usable in practice (the proof is easy), and the halting problem (Gödel's incompleteness / incomputability theorem).

So I tried to run a virus, with the top two check boxes selected, the virus was the Corrupt calc opcode, which I had compiled then run. Execution didn't stop...

Also, maybe an option to scan for specific byte sequences, like how Windows Defender gives options for quick scan/ scan certain file(s)?

Noted! I'll work on resolving.

This differs from the existing definitions-based scan in what way?

Nothing much, except that if you make an ICE prgm that checks for BlastCSS, it'll show up on the scan, but if you wanted to scan for the more malicious issues more often, you could just run the one (or was it 2?) scan(s) and be done.

What I could do is add the option for a "user specified search string" where it gives you an input field and you tell it what to look for.

Also, I sent ti an email asking for info on the usb activity hook and how the protocol works and they said bc its not in the guidebook, its proprietary and they cannot answer. Isn't the _EnableUSBHook macro in the guidebook?

Admins should edit out the hex code IMHO.

Yea. That is most likely best. Just like the spambot thread.

to be honest, the hex is going to be in the program, and on the definitions site, so there is really no point, IMO, in deleting the hex in the threads, unless there is some psycho calc hacker who only uses Cemetech. In that case... idk...

Hey it's been a while, I know you're busy working on Star Trek, but are you planning on developing this more? (or at least changing the description from 'star trek' so something more appropriate )

I was thinking, now that a program has publicly been released that can change the certificate of the calculator, since changing the certificate can be potentially calc-bricking, it my be worth looking into hex codes that reference the certificate. Of course I know that there's no program right now that targets the certificate to damage it, but why not include the codes anyways?

The definitions for this project are community sourced. http://clrhome.org/blastav/definitions.php.
Feel free to add anything you guys think deserves inclusion.

And yea, I've been focusing on Star Trek right now, but once I get a demo out, I'll try to work more on this. And yea, i'll change the description.

There's a bug where returning from the the about screen doesn't clear the screen and makes the screen a jumble of text and sprites.

Sorry, kinda forgot about this thread for a while. There is going to be a massive update and overhaul to this program when i get the motivation to sit down and actually work on it, but for now Minecraft and work at eating a lot of my time. Sit tight on the bugs, and hopefully i'll have them resolved by the next update.

Update
A screenshot, showcasing the GUI of the new version of this thing:


On the topic of the second option of this program, can someone please tell me the start and end address of the boot code and OS itself. Option 2 (System Scans) will have the ability to retain checksums for both, as well as to READ ONLY both and check against the malware definitions, and render alerts if those are off. For this reason, I need to know their addresses, and how to return pointers to them.

Like the new GUI! Any new changes to the mechanics, or is this just a new look?

Actually, there will be lots of changes to the mechanics. First, File Options. You will be presented with a gallery of all the files on your calculator (scroll them by using left/right arrows). While a program is selected you will see the file's size, checksum, (if saved) the last saved size and checksum. You will also have the option to update the attributes for that file, stop and start attribute tracking on that file, and store and remove file snapshots. Seen WIP on this part here:

Secondly, System Scans. This option will initiate scans of the OS, certificate, boot, user archive, and user RAM (regardless of file placement). This will not modify anything, but it will compile checksums and check for malware signatures, based on the included malware defines file.

Thirdly, Settings. These will enable certain options. For now, without hook-writing ability, my options for this are limited, but one of the settings that can be enabled is a more advanced malware detection algorithm. Rather than looking for a specific byte sequence, it will disregard the first byte of the sequence and convert the rest of the sequence into an array of byte value offsets from the initial. It will then scan the files looking for that particular combination of offsets and return an alert on a file with a byte sequence that could possibly be converted into a malware sequence.

Update
Program list now sorted alphabetically.
Program list now displayed in column to the left, and this list heapscrolls you'll see the same list while you're in the same "group" of 14 programs, once you move to an adjacent group, the list changes. Also, added a little "indexing" message at the beginning of the program, so you know something is going on before the GUI pops up. If you've got a lot of large programs/appvars on your calc, indexing can take a while.

Indexing is when this program parses the VAT, returns a list of all programs and appvars on your device, stores their names, types, sizes, and checksums for future use. This always occurs when the program starts, but there will be a hotkey to force a re-index from any menu.

Here's a little taste of the progress I've made with this GUI for tonight:

Out of pure curiosity: When I make a file and then run your program, how much additional space on my calculator is used?

Very nice looking program, the GUI looks fantastic. I particularly like the shield icon you are using.Time to write some trojans!

17 bytes per program on device is the allocated buffer that is used for indexing, itemized below:
1 byte for type, 9 for name (with terminating zero), 4 for checksum, 3 for size. You also have the icon/sprite sizes, which isn't that much.
When I add the setup for file tracking, there will be a few more things added, per file...
1. A pointer to the file's properties tracking structure in the file properties database (3 bytes)
2. A pointer to the file's track changes file. (3 bytes)
** These two pointers might end up being offsets from file_start if I find that appvars move around in memory.
So this will increase to 23 bytes per program, plus an additional 17 bytes per program with properties tracking active (in an archived appvar), and an additional variable number of bytes per file that has track changes active (this last bit will not be implemented until I can figure out a way to do this via AppChangeHook, every time the editor closes).

There will also be the option for a developer who is designing a program to release with this program a verified checksum by creating an appvar that starts with this data structure:

Code:

This will use ti_DetectVar()'s ability to check for a file beginning with a certain string to find any installed appvars (regardless of name) that start with the trigger string "Av.Db.Upd". Finding a file with the trigger string will cause this app to load the checksums database file and then either update an existing entry or to append a new one, using the supplied checksum. My program will then delete the trigger file. It will be up to the developer to distribute a trigger file with their program that follows the correct syntax.