Login [Register]
Don't have an account? Register now to chat, post, use our tools, and much more.
This is an archived, read-only copy of the United-TI subforum , including posts and topic from May 2003 to April 2012. If you would like to discuss any of the topics in this forum, you can visit Cemetech's Technology & Calculator Open Topic subforum. Some of these topics may also be directly-linked to active Cemetech topics. If you are a Cemetech member with a linked United-TI account, you can link United-TI topics here with your current Cemetech topics.

This forum is locked: you cannot post, reply to, or edit topics. Community News & Discuss Nspire => Technology & Calculator Open Topic
Author Message
TylerMcL


Member


Joined: 28 May 2008
Posts: 148

Posted: 08 Sep 2008 06:38:57 am    Post subject:

So as we've all seen, TI's latest addition to it's line of calculators, is the most amazing nSpire. One problem though, TI does not wish to allow third party applications at the time, nor do they show evidence of that they will ever plan to do so either.

So here's what must be done: In order to support Assembly, we will most likely have to construct our own OS for this beast. My only idea of achieving this would be to use the same file header that the current OS's use.

As you all have probably noticed, I'm not an expert at hacking, but I may be able to help with the general idea support and Assembly coded, nonetheless.

So my question to all:

Is there anyone willing to partake in this, and is there anyone with any type of knowledge that might be able to help? :D

TI is gonna get raped. Again. Very Happy 0x5


Last edited by Guest on 18 Nov 2009 04:39:41 pm; edited 1 time in total
Back to top
brandonw


Advanced Member


Joined: 12 Jan 2007
Posts: 455

Posted: 08 Sep 2008 07:32:32 am    Post subject:

There's already an Nspire community at hackspire.unsads.com.

An OS replacement is way out of line right now...the goal is just to execute any ARM assembly at all, and come up with a viable hack and system of releasing programs that will continue to work even after they fix whatever exploit we release.

They are dead-set against us doing this, so anything we exploit, they will fix. Take a look at the PSP, there have been many exploits of varying natures, but once you can get unsigned code running on it, you can start running standard applications people have made.

We know next to nothing about Nspire hardware, and that's what has to change first.

The Nspire OS is encrypted and transferred to the calculator encrypted, where it is decrypted, validated, and then written (in that order). You will not be able to install an OS of your own without an exploit, just like with the other calculators.

So...it IS being worked on. Because of how much TI wants to shut this down, details are going to be hard to find publicly, especially on running code.


Last edited by Guest on 08 Sep 2008 07:33:48 am; edited 1 time in total
Back to top
Cryzbl


Newbie


Joined: 20 Jun 2008
Posts: 46

Posted: 08 Sep 2008 09:24:53 am    Post subject:

Why would TI want to stop people from running their own programs not written in Basic? If you don't mind me asking.
Back to top
TylerMcL


Member


Joined: 28 May 2008
Posts: 148

Posted: 08 Sep 2008 09:34:44 am    Post subject:

The problem with TI is that they are wanting to keep their calculators strictly for mathematics, and problem solving. They are upset because many teachers look down upon fancy calculators because of all the games that students play on them during class.

99% of the people that I see with a calculator are either playing a game or coding on it. the other 1% of the people, like myself and the community who enjoy programming for experience, and homework, and on occasion, games, are left out in the cold to suffer. So until we figure out a way, we're screwed.

And the reason I posted this here, and not on the wiki is because we are the largest calc community, and I can't imagine how many programmers (who are not necessarily interested in calculators) visit this site every day.
Back to top
Cryzbl


Newbie


Joined: 20 Jun 2008
Posts: 46

Posted: 08 Sep 2008 01:53:51 pm    Post subject:

Ah well, I wish I could help out then, but unfortunately I lack any kind of hacking skill.
Back to top
TylerMcL


Member


Joined: 28 May 2008
Posts: 148

Posted: 08 Sep 2008 02:35:07 pm    Post subject:

I suppose that you don't have to know anything about hacking, just programming. Razz You gotta be able to find a hole or an error in the coding and be able to exploit it. :P

I'm actually trying to rally people up to be able to do this. Something just needs to be done about it. The greatest calculator in history (well, not technically Razz) is released, and we can't even use it how we want. >Sad That's very upsetting!

I've tried a little bit of research on how the 83 and 84 were hacked, but with no avail. Does anyone happen to know exactly how this was done? Was it done through the I/O port, or was there a BASIC program that manipulated the PC (program counter)?

I mean come on, though. People are able to hack through something crazy like an Xbox, yet we haven't been able to poke through a calculator?? 0x5. (I just really, really, want to be able to make games and to experiment on the nSpire. Very Happy)
Back to top
brandonw


Advanced Member


Joined: 12 Jan 2007
Posts: 455

Posted: 08 Sep 2008 02:45:29 pm    Post subject:

TylerMcL wrote:
I suppose that you don't have to know anything about hacking, just programming. Razz You gotta be able to find a hole or an error in the coding and be able to exploit it. :P

I'm actually trying to rally people up to be able to do this. Something just needs to be done about it. The greatest calculator in history (well, not technically Razz) is released, and we can't even use it how we want. >Sad  That's very upsetting!

I've tried a little bit of research on how the 83 and 84 were hacked, but with no avail. Does anyone happen to know exactly how this was done? Was it done through the I/O port, or was there a BASIC program that manipulated the PC (program counter)?

I mean come on, though. People are able to hack through something crazy like an Xbox, yet we haven't been able to poke through a calculator?? 0x5. (I just really, really, want to be able to make games and to experiment on the nSpire. Very Happy)
[post="126682"]<{POST_SNAPBACK}>[/post]


I share your enthusiasm, really, but it's going to take a lot more than just looking at code. As I said, the OS is encrypted and you can't disassemble it. The only way you're going to find any code is to desolder the memory chips and dump it yourself, and believe me, that is much, much harder than it might sound.

I don't mean to sound like a jerk, but a lot of the effort going into this is behind the scenes and is not ready to be publicized, one because it's in its infant stages, and two because TI IS watching, like I said.

The first calculator to run assembly was the TI-85, and it was done through a hacked backup. At the time, you could transfer backups of RAM from one calculator to another through the I/O port. A .85b file (85 backup file) on the PC was analyzed and it was found that the custom menu entries on the 85 contain pointers to functions in the OS, and that by selecting a menu item, you were really jumping to a location in memory. This allows you to manipulate that pointer and send it back to the 85, and jump anywhere in RAM. By placing more code elsewhere in RAM, you can start working on dumping the OS to picture variables in pieces. And from there, you have a dump you can analyze and learn more. And that's the basis of ZShell and all the other 85 shells.

The 82 had a hacked backup method as well, but without a custom menu, it was done another way (by manipulating the VAT entries for REAL variables...by storing from one to another, you could overwrite arbitrary points in RAM, the most important being the context vectors. By overwriting cxMain with the address you want to jump to, and pressing another key, the OS will call your code directly. This is why you have to press enter twice on 82 shells).

The 83 had limited built-in assembly support through the use of Send(9, which was placed there by TI to see what we would do with it.

The 83+ and 84+ series have built-in assembly support.


Last edited by Guest on 08 Sep 2008 02:49:28 pm; edited 1 time in total
Back to top
TylerMcL


Member


Joined: 28 May 2008
Posts: 148

Posted: 08 Sep 2008 03:03:57 pm    Post subject:

I know it might sound crazily hard to do, but what would we be able to do with the computer software that they released? I have the teacher edition for both the regular and CAS edition. Would it be possible to track what instructions were being sent, therefore we wouldn't have to do any decrypting? I'm not quite sure how they created the computer emulator (I still have the CD's in the package Razz).

Does anybody need a copy of these, or would these even be able to help whatsoever?

:P This is really upsetting that we can't program this monster :/
Back to top
brandonw


Advanced Member


Joined: 12 Jan 2007
Posts: 455

Posted: 08 Sep 2008 03:49:52 pm    Post subject:

TylerMcL wrote:
I know it might sound crazily hard to do, but what would we be able to do with the computer software that they released? I have the teacher edition for both the regular and CAS edition. Would it be possible to track what instructions were being sent, therefore we wouldn't have to do any decrypting? I'm not quite sure how they created the computer emulator (I still have the CD's in the package Razz).

Does anybody need a copy of these, or would these even be able to help whatsoever?

:P This is really upsetting that we can't program this monster :/
[post="126685"]<{POST_SNAPBACK}>[/post]


You can do nothing with the software except document the link protocol, which has already been done on the wiki.

As far as the "emulator" software, I highly doubt it's accurately emulating the real hardware, or even the boot code or OS.

Everything is sent to the calculator and then it is decrypted from there. That's the black box you can't get into.

I would be interested in having it, though.
Back to top
FloppusMaximus


Advanced Member


Joined: 22 Aug 2008
Posts: 472

Posted: 09 Sep 2008 08:59:08 am    Post subject:

I know almost nothing about the Nspire, but... I wouldn't be so quick to write off the emulator. It may not be emulating the ARM CPU, but I expect it is running more-or-less the same software (which is presumably written in C or C++.) So if there are any vulnerabilities in the built-in apps, to corrupted data files or whatever, you might very well be able to find them in the emulator.

(That's not to say that the same exploits would work, merely that you could potentially find vulnerable areas of the code.)


Last edited by Guest on 09 Sep 2008 09:01:12 am; edited 1 time in total
Back to top
Liazon
title goes here


Bandwidth Hog


Joined: 01 Nov 2005
Posts: 2007

Posted: 09 Sep 2008 03:28:13 pm    Post subject:

0x5, maybe someone should start a facebook group. "3.14 million students demanding games for the nspire" see if TI will pay attention to that 0x5
Back to top
c_plus_plus
My Face Hertz


Active Member


Joined: 30 Jan 2006
Posts: 575

Posted: 09 Sep 2008 04:32:44 pm    Post subject:

brandonw wrote:
You can do nothing with the software except document the link protocol, which has already been done on the wiki.
[post="126686"]<{POST_SNAPBACK}>[/post]

Which Wiki? wikiti? I couldn't find anything.
Back to top
Cryzbl


Newbie


Joined: 20 Jun 2008
Posts: 46

Posted: 09 Sep 2008 04:54:55 pm    Post subject:

brandonw wrote:
There's already an Nspire community at hackspire.unsads.com.
[post="126673"]<{POST_SNAPBACK}>[/post]

There is this fine link crafted by brandonw Razz
Back to top
Lachprog


Newbie


Joined: 11 Mar 2007
Posts: 15

Posted: 09 Sep 2008 05:07:56 pm    Post subject:

Maybe this is a longshot or already tried, but what about trying to crack the encryption on an OS upgrade file (on the computer)?
Back to top
brandonw


Advanced Member


Joined: 12 Jan 2007
Posts: 455

Posted: 09 Sep 2008 05:16:52 pm    Post subject:

Lachprog wrote:
Maybe this is a longshot or already tried, but what about trying to crack the encryption on an OS upgrade file (on the computer)?
[post="126728"]<{POST_SNAPBACK}>[/post]


No, that's not practical. We can't even factor the 83+ series public key.
Back to top
DigiTan
Unregistered HyperCam 2


Super Elite (Last Title)


Joined: 10 Nov 2003
Posts: 4468

Posted: 09 Sep 2008 06:27:32 pm    Post subject:

What about its TI-84+ emulator mode? I don't know too much about this system, but it sounded like it could at least play the current flash apps.
Back to top
FloppusMaximus


Advanced Member


Joined: 22 Aug 2008
Posts: 472

Posted: 09 Sep 2008 08:04:33 pm    Post subject:

brandonw wrote:
No, that's not practical. We can't even factor the 83+ series public key.
[post="126729"]<{POST_SNAPBACK}>[/post]

Well, back in the day, a few years ago when 83+ hacking was at its peak, I would have been inclined to agree with you. Nowadays? Factoring a 512-bit number is certainly within the realm of possibility, if we could get a decent-sized group of people to donate their spare CPU cycles for a few months.

Do you guys have any idea what encryption scheme is used on the Nspire? I would guess it's considerably stronger. Still, I'm sure somebody will find a way in, sooner or later Smile
Back to top
TylerMcL


Member


Joined: 28 May 2008
Posts: 148

Posted: 10 Sep 2008 05:23:35 am    Post subject:

Quote:
Still, I'm sure somebody will find a way in, sooner or later :]


I don't know if I can wait that long Razz I've been emailing TI like crazy, and it's been taking them over 5 days to respond to my emails! Razz I wonder if they've been taking my emails to higher authority or something, because of the questions about the nSpire?

(They haven't been able to tell me a thing, because they've already "released as much information as they chose to, to the public Sad )
Back to top
brandonw


Advanced Member


Joined: 12 Jan 2007
Posts: 455

Posted: 10 Sep 2008 09:08:30 am    Post subject:

TylerMcL wrote:
Quote:
Still, I'm sure somebody will find a way in, sooner or later :]


I don't know if I can wait that long Razz I've been emailing TI like crazy, and it's been taking them over 5 days to respond to my emails! Razz I wonder if they've been taking my emails to higher authority or something, because of the questions about the nSpire?

(They haven't been able to tell me a thing, because they've already "released as much information as they chose to, to the public Sad )
[post="126743"]<{POST_SNAPBACK}>[/post]


They will tell you nothing about the Nspire...you're wasting your time with them, they have no motivation whatsoever to help you break what they've spent months and months trying to set up.

The 84+SE emulator of course can run current Flash applications and do everything a real one does (except writing to OS space, which can still be done through exploits). The emulator has been looked at as a method of attack and we found nothing, other than writing to OS space and "setting" bits in Flash.
Back to top
rcfreak0


Advanced Member


Joined: 27 Mar 2007
Posts: 354

Posted: 10 Sep 2008 04:34:22 pm    Post subject:

Quote:
Well, back in the day, a few years ago when 83+ hacking was at its peak, I would have been inclined to agree with you. Nowadays? Factoring a 512-bit number is certainly within the realm of possibility, if we could get a decent-sized group of people to donate their spare CPU cycles for a few months.


well i know nothing about the Nspire, but i would gladly leave my computer on for a long time to help crack it Smile Otherwise, good luck in doing so, and at least i now know not to go and buy on yet!
Back to top
Display posts from previous:   
Register to Join the Conversation
Have your own thoughts to add to this or any other topic? Want to ask a question, offer a suggestion, share your own programs and projects, upload a file to the file archives, get help with calculator and computer programming, or simply chat with like-minded coders and tech and calculator enthusiasts via the site-wide AJAX SAX widget? Registration for a free Cemetech account only takes a minute.

» Go to Registration page
    » Goto page 1, 2, 3 ... 44, 45, 46  Next
» View previous topic :: View next topic  
Page 1 of 46 » All times are GMT - 5 Hours