May 21st: official documentation, and a tool that generates "0D" compressed+encrypted files, has been erroneously leaked. And the person who did that will probably get in severe trouble with TI.
http://ourl.ca/11123
http://ti.bank.free.fr/index.php?mod=news&ac=commentaires&id=1113
Thanks for sharing that, Lionel.
What does this mean in terms of the new OS 3.0 version that blocks end-users from creating (loading?) their own Lua programs?
Fascinating. Thanks for the updates. Has anyone looked into reverse engineering the "0D" tool?
AFAICT, the "secret" program changes little in terms of tooling: it generates data for copying & pasting into TI's computer software which, when saving the data, compresses+encrypts it appropriately.
This workflow is only mildly easier than using the various third-party Lua2TNS generators, opening the generated files with OS 3.0.1 and re-saving them.
In terms of documentation, though, it's likely that this leak represents a step forward
elfprince: yes, but you aren't going to find much information about that on a public forum
Lionel, but I hear talk of compression and encryption, so that suggests to me that the program has the private key for encrypting the Lua files, which I would expect TI to not want distributed.
ExtendeD wrote:
Very nice, that further clarified the situation for me. Cheers, ExtendeD!
Perfect guide to what's going on
Awesome post.
So now that we can boot the CAS OS on a plain Nspire, I wonder what the College Board and ACT and teachers'll think.
It's likely that they're pissed at TI.
If TI sold them the platform as safe, then TI lied (as ought to have been obvious to both TI and the regulators, if they had even a slight clue about the history of computing).
True, so what do you think they'll do? They'd either have to check each individual Nspire to see if it has OSLauncher installed (and then there might be a way in the future to hide it), or ban Nspires altogether. Second choice seems to be a bit drastic, especially since TI seems so focused on the Nspire line now.
Lionel Debroux wrote:
Unless they were going to make that public anyway, which I really doubt.
Well, for now, exams can just use the PTT mode built in by TI
I'm not aware anyone has tampered with it yet.
Silly TI. No matter what you try to do, if your device has a PC connection, it CAN be hacked. The ONLY way for them to make it even remotely safe would be to have a super-complex proprietary linkport, and only offer software updates through schools equipped with the necessary(and prohibitively expensive) link cable and software, or through electronic kiosks in malls. Then the only way to put your own programs on it would be to build your own connection and write your own software, which an overwhelming majority of students aren't going to have the time/skill to do.
The issue with TI now is that they became so bad that when we heard OS 3.0.2 would come out, some people already expected TI to block third-party Lua files and add an even stronger anti-downgrade protection.
Now, though, it seems like an official SDK is at the horizon, because TI contacted many TI-BANK developers to beta-test a tool to create Lua files, but told them to not reveal more info than that to the TI community yet. The problem, though, is that knowing TI, I wouldn't be surprised that if they released an SDK for the TI-Nspire CX, they decided to charge money for it... In the end, we would still be facing the same problems as with the current ways to make Lua files: Having to bypass protections TI adds on every OS update so we can still use third-party tools to generate Lua documents for free.
Until the encryption keys are released. Face it TI, you can't win this. Give up while you still can.
Good luck factoring a 2048 bit RSA key, though. (The older Nspires uses 1024 bit ones, but I bet TI will eventually phase those models out anyway)
The 1024-bit and 2048-bit signing keys are one thing, the triple DES encryption is another, easier one
DJ_O, doesn't the fact that someone leaked a copy of the SDK mean that TI is likely to retaliate, though?
Actually it's not really the SDK itself, but a tool to generate Lua TNS documents. Still, some TI community users believes that the person will get in trouble from TI, as he apparently works for TI. I could be wrong, though, but this is what I gathered from the posts I had time to read.
DJ_O wrote:
Actually it's not really the SDK itself, but a tool to generate Lua TNS documents. Still, some TI community users believes that the person will get in trouble from TI, as he apparently works for TI. I could be wrong, though, but this is what I gathered from the posts I had time to read.
Based on past history with TI's educational division, I'm very much inclined to agree that the TI employee will get in trouble, assuming they can figure out who's responsible for the leak.
Well, the URLs of his site have been posted at several places...
Maybe he was more of a contractor than a TI employee, though.
Shortly after the leak, TI has now officially released the executable that was leaked. Not that it changes anything in practice, since we already had it. Sure enough, they didn't fix the silliness of embedding the Qt DLLs alongside the executable...
My feeling is that in exchange, they'll fight C/C++/ASM even more strongly than they did until now (but keep failing at it, like other manufacturers).
Lua has alleviated criticism about the Nspire's programming capabilities being inferior, in some areas, to those of the 20-year-old TI-81 and TI-80; from their POV, it's enough, and we ought to be happy with what they feel like providing us peasants...
