There's nothing inherently wrong with that.
What is it you think you're doing to port 0 by unlocking Flash?
Is it crashing? How do you know it's not working?
What is it you think you're doing to port 0 by unlocking Flash?
Is it crashing? How do you know it's not working?
Well, I'm using WabbitEmu to test it. And I know it doesn't work because the value at 0000 does not change.
And I'm not doing anything to port 0 O_o
And I'm not doing anything to port 0 O_o
I misread it as "out (0),a" instead of "ld (0),a".
This is not how you write to Flash.
It has to be done using memory-mapped I/O commands with the Flash chip. This is all wrapped by the boot code BCALLs _WriteFlash, _WriteFlashUnsafe, _WriteAByte, _WriteAByteSafe, _EraseFlash, _EraseFlashPage, etc. You have to do what they do, or more simply, call them.
This is not how you write to Flash.
It has to be done using memory-mapped I/O commands with the Flash chip. This is all wrapped by the boot code BCALLs _WriteFlash, _WriteFlashUnsafe, _WriteAByte, _WriteAByteSafe, _EraseFlash, _EraseFlashPage, etc. You have to do what they do, or more simply, call them.
BrandonW wrote:
I misread it as "out (0),a" instead of "ld (0),a".
This is not how you write to Flash.
It has to be done using memory-mapped I/O commands with the Flash chip. This is all wrapped by the boot code BCALLs _WriteFlash, _WriteFlashUnsafe, _WriteAByte, _WriteAByteSafe, _EraseFlash, _EraseFlashPage, etc. You have to do what they do, or more simply, call them.
Since he's trying to write an OS, it sounds like he's going to have to write his own versions. This is not how you write to Flash.
It has to be done using memory-mapped I/O commands with the Flash chip. This is all wrapped by the boot code BCALLs _WriteFlash, _WriteFlashUnsafe, _WriteAByte, _WriteAByteSafe, _EraseFlash, _EraseFlashPage, etc. You have to do what they do, or more simply, call them.
SirCmpwn, you're aware that you have to write a whole page of Flash at a time, right? 
Ugh.
Could you give me the run down of what page these routines are on as well as their addresses, and the syntax for calling them? And I don't have to write a whole page at a time, not necessarily.
Could you give me the run down of what page these routines are on as well as their addresses, and the syntax for calling them? And I don't have to write a whole page at a time, not necessarily.
- 30 Aug 2010 06:16:07 pm
- Last edited by KermMartian on 30 Aug 2010 06:16:42 pm; edited 1 time in total
SirCmpwn wrote:
Ugh.
Could you give me the run down of what page these routines are on as well as their addresses, and the syntax for calling them? And I don't have to write a whole page at a time, not necessarily.
Could you give me the run down of what page these routines are on as well as their addresses, and the syntax for calling them? And I don't have to write a whole page at a time, not necessarily.
WikiTI Memory Commands Summary:
_WriteAByte: http://wikiti.brandonw.net/index.php?title=83Plus:BCALLs:8021
_WriteAByteSafe: http://wikiti.brandonw.net/index.php?title=83Plus:BCALLs:80C6
_EraseFlash: http://wikiti.brandonw.net/index.php?title=83Plus:BCALLs:8024
_EraseFlashPage: http://wikiti.brandonw.net/index.php?title=83Plus:BCALLs:8084
_WriteFlash: http://wikiti.brandonw.net/index.php?title=83Plus:BCALLs:80C9
_WriteFlashUnsafe: http://wikiti.brandonw.net/index.php?title=83Plus:BCALLs:8087
That's ridiculous, you don't have to write your own versions. It's actually quite silly if you do.
These are on the boot page, page 1Fh.
And you don't write pages at a time, you ERASE pages at a time. You can write to empty areas of Flash (meaning you can reset bits) using the _Write* calls.
The boot page has its own BCALL jump table you can use to find the locations of the routines.
These are on the boot page, page 1Fh.
And you don't write pages at a time, you ERASE pages at a time. You can write to empty areas of Flash (meaning you can reset bits) using the _Write* calls.
The boot page has its own BCALL jump table you can use to find the locations of the routines.
BrandonW wrote:
[...]
And you don't write pages at a time, you ERASE pages at a time. You can write to empty areas of Flash (meaning you can reset bits) using the _Write* calls.[...]
Sorry, that's what I meant; I just wasn't using specific enough terminology. And you don't write pages at a time, you ERASE pages at a time. You can write to empty areas of Flash (meaning you can reset bits) using the _Write* calls.[...]
qazz42 wrote:
out of curiosity, what does unlocking flash so? [/noob question]
It means that you can write to special pages of Flash that would otherwise be protected and read-only.
It allows writing to the Flash ROM chip, which includes the user archive, Flash application space, and the OS.
It also enables reading the certificate sectors and enables writes to certain "protected" hardware ports, which are used for Flash execution protections and so on and so forth.
It's a pretty important aspect of TI-83 Plus security. The only way to unlock Flash is by executing a sequence of instructions from a "privileged" Flash page, which are coincidentally where the OS and boot code lie. Thus the only way to do it is to erase the OS and replace it with your own that can unlock Flash, like SirCmpwn here is doing, or trick the OS or boot code into doing it for you through exploits, which TI would rather you not use. Unlocking Flash is the calculator equivalent of jailbreaking.
It also enables reading the certificate sectors and enables writes to certain "protected" hardware ports, which are used for Flash execution protections and so on and so forth.
It's a pretty important aspect of TI-83 Plus security. The only way to unlock Flash is by executing a sequence of instructions from a "privileged" Flash page, which are coincidentally where the OS and boot code lie. Thus the only way to do it is to erase the OS and replace it with your own that can unlock Flash, like SirCmpwn here is doing, or trick the OS or boot code into doing it for you through exploits, which TI would rather you not use. Unlocking Flash is the calculator equivalent of jailbreaking.
qazz42 wrote:
Ok, thanks BrandonW, KermM
Hmm, now I am wonder if that is what ndless does..
Ah, no, not at all; it's something completely different. Hmm, now I am wonder if that is what ndless does..
Now that I know how to do it, I need to make TI Dev splice page 1F into the ROM file...
All done! I'll publish an update for TI Dev with the support to patch ROMs.
All done! I'll publish an update for TI Dev with the support to patch ROMs.
SirCmpwn wrote:
Now that I know how to do it, I need to make TI Dev splice page 1F into the ROM file...
All done! I'll publish an update for TI Dev with the support to patch ROMs.
Just to be clear, you're not using a TI page from one of their ROM files, right? I think they would be somewhat against that. All done! I'll publish an update for TI Dev with the support to patch ROMs.
Register to Join the Conversation
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Advertisement