Hi all,

I was wondering why its not possible to install a custom software update on, say, the TI-84 CE-T. I have heard something about encryption but how does this work? How is it possible that the calculator knows what upgrade is legit without being connected to the internet?

Thanks in advance,

SaltySoySauce

**Quote:**

I have heard something about encryption but how does this work?

Nope, not encryption.

**Quote:**

How is it possible that the calculator knows what upgrade is legit without being connected to the internet?

TI calculators use RSA signature / validation (that's the keyword), using a private key (known only to TI) for signing and a public key embedded into the calculator's boot code to validate the OS.

The private key can be deduced from the public key (that's precisely what community members did for older TI calculator models, mainly in 2009 but also a bit later). However, if the key is large enough, the computation is prohibitively expensive, in terms of CPU power and therefore money, for everything but government agencies (whose exact capabilities are kept secret), or at best, large cooperating groups of academics using hundreds, now probably thousands of computers, for years.

RSA factoring could become trivial if proper quantum computers of sufficient size ever became usable. That's still a fairly large if.
**Quote:**

Is it possible to read the key from the chips?

Nope, the key isn't in the chips we have access to. Only TI has access to the private key. The point of a private key is that you don't distribute it. Ever.

If they use a SC / HSM to store the key and perform data signature operations, just reading the key is really hard, even for TI or anyone else.

**Quote:**

And how large is the key for the TI-84-CE-T?

2048 bits, i.e. way too large. I'm a bit behind in reading news items, but AFAICT, at the time of this writing, no factorization of even a 1024-bit RSA key was publicly announced. And no, factoring a carefully chosen 2048-bit RSA key is not just twice harder than factoring a 1024-bit RSA key. The best known algorithm for numbers of this size, Number Field Sieve, has super-polynomial complexity, AFAIK.

**Quote:**

Can you rent a GPU supercomputer and let it calculate it?

Of course not.

GPUs can help for the tiny initial phase of selecting a polynomial for the Number Field Sieve algorithm, but I'm not aware that GPUs can meaningfully help - at least on numbers without special properties, which RSA keys are - performing the much more computationally expensive phases which follow polynomial selection:

* sieving: this one can be distributed arbitrarily, but efficiently handling numbers of this size when we still don't have public code to handle numbers of half the width is hopeless;

* linear algebra: Block Lanczos and Block Wiedmann scale badly, IIRC as the square root of the total number of nodes in a square cluster (i.e. as a single dimension of such a cluster). Clusters of 40x40 or more computers equipped with fast cores, lots of cache, fast RAM and most of all any-to-any 100+ Gbps Infiniband interconnect are hard to come by. Switches such as the Mellanox CS8500 described at https://www.nextplatform.com/2017/11/13/mellanox-poised-hdr-infiniband-quantum-leap/ are supposed to enable such setups, but a single CS8500 weighs hundreds of kilograms, consumes dozens of kilowatts of power and probably costs hundreds of thousands of USD...

* square root, relatively easy once you've managed to perform sieving and LA, but... there were already problems with the existing algorithms and implementations when the leading researchers of the field factored RSA-768 in 2009, so chances are RSA-1024 and RSA-2048 create more challenges.
More to the point, if we could find this key we could also break most of the world's encryption.

**SaltySoySauce wrote:**

Is it possible to hardware-hack a TI so that it can run custom sofware? Maybe replace a ROM chip with another one? Or do we have to put in something like a raspberry pi zero?

You can replace the PCB inside with your own hardware.
**SaltySoySauce wrote:**

Or do we have to put in something like a raspberry pi zero?

Very much so: https://www.cemetech.net/forum/viewtopic.php?t=14513
**SaltySoySauce wrote:**

Thanks for the HUGE reply! I find it's too bad we're so limited on our own devices. Is it possible to hardware-hack a TI so that it can run custom sofware? Maybe replace a ROM chip with another one? Or do we have to put in something like a raspberry pi zero?

Have you seen FreeOS? https://www.cemetech.net/programs/index.php?mode=file&path=/84pce/asm/programs/freeos.zip
FreeOS doesn't work anymore.

**De2290 wrote:**

FreeOS doesn't work anymore.

Maybe for you, but it certainly works on pretty much all other calculators.
It could work for you, if you don't have boot code 5.3.1. And yes, it does run like a program, to install it.