WriteToFlash
» >
»
» View previous topic :: View next topic  
For those who don't know, WriteToFlash is an undocumented bcall (.equ 50CBh) that has some documentation at http://brandonw.net/calcstuff/WriteToFlash.txt courtesy of BrandonW. It's only available in OS 1.19 and OS 2.40+, and is used by the TI-Navigator app to write appvars directly to the archive. It also used to be the source of an incredibly simple flash unlock exploit Very Happy.
Anyway, I'm working on a library that needs to be able to write appvars directly to flash, so WriteToFlash seemed like a reasonable choice. Unfortunately, the linked documentation seems to be inaccurate.
The code snippet below should, to my understanding, create an appvar TEST with the contents "Hello World" in it in flash, but it doesn't seem to write any data beyond the VAT entry to flash at all. (Which manifests as an ERR:MEMORY in the variable viewer)
I have tested this code, and it fails as expected.

Code:
#include "ti83plus.inc"
_WriteToFlash .equ 50CBh

.org $9D93
  .db $BB,$6D

  ;Create a bare VAT entry by creating an appvar and deleting its size bytes
  ld hl,name
  rst rMOV9TOOP1
  ld hl,0
  b_call(_CreateAppVar)
  push hl  ;Save the VAT entry address, needed for WriteToFlash
  ex de,hl
  ld de,2
  b_call(_DelMem)
  b_call(_OP4ToOP1)  ;CreateAppVar moves OP1 to OP4. Move it back.
  pop hl  ;VAT entry address
  ld a,2  ;Create appvar directly in archive
  b_call(_WriteToFlash)
  ld hl,text
  ld bc,text_end-text  ;data length
  ld a,3  ;write bytes
  b_call(_WriteToFlash)
  ld a,4  ;Finish writing
  b_call(_WriteToFlash)
  ld a,5  ;Mark appvar as valid
  b_call(_WriteToFlash)
  ret

name:
  .db AppVarObj, "TEST", 0
text:
  .db "Hello World"
text_end:

.end

I'll be trying to look into this more myself; hopefully there's only a slight misunderstanding.
People think computers will keep them from making mistakes. They're wrong. With computers you make mistakes faster.
-Adam Osborne
You didn't write the size bytes to the archive first. That'll severely confuse the OS (as you discovered).

Quote:

A=2: Create AppVar directly in the archive.
Inputs: HL points to VAT entry.
OP1 contains type and name of variable.
Outputs: AppVar is created directly in archive; size bytes and data not written.
Comments: Variable is deleted and ERR:VERSION thrown if 6 or higher.


Even though they killed the 3-line unlock exploit, Write-to-Flash is still the source of numerous exploits.
What's the best way to write the size bytes, then? Does WriteToFlash with A=2 return any useful values for that purpose? And do I need to write flash directly myself, or is there some OS routine to do that?
People think computers will keep them from making mistakes. They're wrong. With computers you make mistakes faster.
-Adam Osborne
  
Register to Join the Conversation
Have your own thoughts to add to this or any other topic? Want to ask a question, offer a suggestion, share your own programs and projects, upload a file to the file archives, get help with calculator and computer programming, or simply chat with like-minded coders and tech and calculator enthusiasts via the site-wide AJAX SAX widget? Registration for a free Cemetech account only takes a minute.

» Go to Registration page
WriteToFlash
»
» View previous topic :: View next topic  
Page 1 of 1
» All times are UTC - 5 Hours
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 

Advertisement