Author |
Message |
|
TylerMcL
Member

Joined: 28 May 2008 Posts: 148
|
Posted: 10 Sep 2008 08:03:02 pm Post subject: |
|
|
Yeah, I'd certainly wouldn't mind leaving my computer on for a long time I leave it on all night long anyway (I leave it to download stuff all night long, every night :)
If it helps at all: I've got linux ubutu and windows vista to run software on A Intel core 2 duo processor @2.2 ghz a piece, and 2 gb or ram. So like I said, I'd be more than happy to leave my computer calculating for however long it takes  |
|
Back to top |
|
|
FloppusMaximus
Advanced Member

Joined: 22 Aug 2008 Posts: 472
|
Posted: 10 Sep 2008 11:16:08 pm Post subject: |
|
|
rcfreak0 wrote: well i know nothing about the Nspire, but i would gladly leave my computer on for a long time to help crack it  Otherwise, good luck in doing so, and at least i now know not to go and buy on yet!
[post="126750"]<{POST_SNAPBACK}>[/post]
(I was talking about the 83+, in case it wasn't clear.) If people are actually interested in doing that, I would be willing to help coordinate. If so, though, we'd need to find somewhere to discuss it, and I'm actually not sure how legal such an effort would be, nor whether the UTI admins would appreciate it being discussed on their boards.
Back on topic. I expect TI has done their homework this time around, and even knowing the details of the Nspire's encryption/signing scheme won't make it possible to crack. Nevertheless, just having a copy of the decrypted OS should be a huge benefit - I very much doubt that there are no bugs to exploit between all the various built-in apps. No doubt this is the reason TI encrypted it in the first place!
Besides reverse-engineering the emulator, what about attacking the hardware? Would it be possible to remove the RAM and/or Flash chip from the board, or to attach some sort of device to monitor their data/address lines? (Disclaimer: IANAEE.) |
|
Back to top |
|
|
Cryzbl
Newbie

Joined: 20 Jun 2008 Posts: 46
|
Posted: 11 Sep 2008 04:59:16 am Post subject: |
|
|
Yes, like brandonw said,
brandonw wrote: I share your enthusiasm, really, but it's going to take a lot more than just looking at code. As I said, the OS is encrypted and you can't disassemble it. The only way you're going to find any code is to desolder the memory chips and dump it yourself, and believe me, that is much, much harder than it might sound.
[post="126683"]<{POST_SNAPBACK}>[/post]
But that isn't easy either...
I do have one question about brute forcing the encryption key however...
How do you know when you have found the right key? Wouldn't you need the decrypted data to compare with?
For text you can run an dictionary on it, but code/random data that's a different story.
Last edited by Guest on 11 Sep 2008 04:59:36 am; edited 1 time in total |
|
Back to top |
|
|
brandonw
Advanced Member

Joined: 12 Jan 2007 Posts: 455
|
Posted: 11 Sep 2008 12:34:15 pm Post subject: |
|
|
FloppusMaximus wrote: Besides reverse-engineering the emulator, what about attacking the hardware? Would it be possible to remove the RAM and/or Flash chip from the board, or to attach some sort of device to monitor their data/address lines? (Disclaimer: IANAEE.)
[post="126762"]<{POST_SNAPBACK}>[/post]
As I have stated before, that kind of research is currently being done by the community (and does work).
Last edited by Guest on 11 Sep 2008 12:50:26 pm; edited 1 time in total |
|
Back to top |
|
|
FloppusMaximus
Advanced Member

Joined: 22 Aug 2008 Posts: 472
|
Posted: 11 Sep 2008 04:30:05 pm Post subject: |
|
|
OK, OK. I'm sorry I didn't notice that part of your post before. Good to hear it's being worked on. |
|
Back to top |
|
|
Galandros
Active Member

Joined: 29 Aug 2008 Posts: 565
|
Posted: 11 Sep 2008 04:40:46 pm Post subject: |
|
|
Cryzbl wrote: I do have one question about brute forcing the encryption key however...
How do you know when you have found the right key? Wouldn't you need the decrypted data to compare with?
For text you can run an dictionary on it, but code/random data that's a different story.
[post="126766"]<{POST_SNAPBACK}>[/post]
Maybe not so random. The OS need the tokens text and more than that: Menus text and all that texts someone around in the OS ROM memory. I think I got a point. |
|
Back to top |
|
|
FloppusMaximus
Advanced Member

Joined: 22 Aug 2008 Posts: 472
|
Posted: 11 Sep 2008 05:18:29 pm Post subject: |
|
|
That's true. If we could actually brute-force the encryption, that would be a way to tell if we had found the right key. (Whether we can do it or not does depend on first figuring out what the algorithm is. I see only two likely ways of doing that: getting a hold of the bootloader somehow, or finding a hint that someone at TI drops accidentally.) |
|
Back to top |
|
|
Galandros
Active Member

Joined: 29 Aug 2008 Posts: 565
|
Posted: 11 Sep 2008 05:31:51 pm Post subject: |
|
|
But if TI actually uses 2 different encryption? One for instructions and other for data like text... Are you sure that is only 1 encryption? This may sound like paranoid but who knows.
I expect I am not giving TI a idea xD
Last edited by Guest on 11 Sep 2008 05:32:30 pm; edited 1 time in total |
|
Back to top |
|
|
Cryzbl
Newbie

Joined: 20 Jun 2008 Posts: 46
|
Posted: 11 Sep 2008 06:15:16 pm Post subject: |
|
|
Or, to complete the paranoia, TI uses a different encoding scheme for characters :P
Well, luckily there are alternatives, like brandonw said. |
|
Back to top |
|
|
Liazon title goes here
Bandwidth Hog

Joined: 01 Nov 2005 Posts: 2007
|
Posted: 11 Sep 2008 08:58:27 pm Post subject: |
|
|
so what skills are needed to help? and what other contributions can be made by regular people? |
|
Back to top |
|
|
brandonw
Advanced Member

Joined: 12 Jan 2007 Posts: 455
|
Posted: 11 Sep 2008 09:10:17 pm Post subject: |
|
|
Liazon wrote: so what skills are needed to help? and what other contributions can be made by regular people?
[post="126792"]<{POST_SNAPBACK}>[/post]
Nothing yet. Believe me, I'd love nothing more than to get this all out in the open as soon as possible, but it's just not ready yet.
I'd be brushing up on ARM disassembly skills, though. |
|
Back to top |
|
|
adriweb
Newbie

Joined: 28 Aug 2007 Posts: 22
|
Posted: 14 Sep 2008 12:58:23 am Post subject: |
|
|
maybe it would be interesting too to try some various things via the serial port ?
see http://hackspire.unsads.com/Hardware#PCB
-> rs232 section
Last edited by Guest on 14 Sep 2008 12:58:51 am; edited 1 time in total |
|
Back to top |
|
|
brandonw
Advanced Member

Joined: 12 Jan 2007 Posts: 455
|
Posted: 14 Sep 2008 01:50:05 pm Post subject: |
|
|
adriweb wrote:
We didn't get anything from that, other than boot logs. |
|
Back to top |
|
|
rfeder
Newbie

Joined: 30 Sep 2008 Posts: 2
|
Posted: 30 Sep 2008 02:07:29 pm Post subject: |
|
|
We have access to the emulator rom images as they are on nspire.
Last edited by Guest on 30 Sep 2008 02:10:16 pm; edited 1 time in total |
|
Back to top |
|
|
brandonw
Advanced Member

Joined: 12 Jan 2007 Posts: 455
|
Posted: 30 Sep 2008 03:11:43 pm Post subject: |
|
|
rfeder wrote: We have access to the emulator rom images as they are on nspire.
[post="127447"]<{POST_SNAPBACK}>[/post]
Yeah, they're in the TNO file.
I've disassembled all versions of the Nspire 84+SE OS and documented the differences/changes on the Nspire wiki.
The only exploit found was the ability to modify the OS space (or the Nspire RAM being used to represent the OS space), which is something they intended not to be possible on the 84+SE emulator. I'm not releasing any details on this because it's very stupid and could be easily fixed. It's too early in the game to make some things public.
Last edited by Guest on 30 Sep 2008 03:23:04 pm; edited 1 time in total |
|
Back to top |
|
|
TylerMcL
Member

Joined: 28 May 2008 Posts: 148
|
Posted: 01 Oct 2008 02:19:19 pm Post subject: |
|
|
Yeah, I agree. This all makes it really hard because you can't really afford to release any information in fears that TI will patch them up. I'm just keeping mine at the lowest OS release, because who knows if there'll be any going back :(
So really, this is an extremely private project, or someone is gonna have to do it all by themselves. Ugh, I hope this doesn't take nearly two years like some of the older models did  |
|
Back to top |
|
|
brandonw
Advanced Member

Joined: 12 Jan 2007 Posts: 455
|
Posted: 01 Oct 2008 04:37:51 pm Post subject: |
|
|
TylerMcL wrote: Yeah, I agree. This all makes it really hard because you can't really afford to release any information in fears that TI will patch them up. I'm just keeping mine at the lowest OS release, because who knows if there'll be any going back :(
So really, this is an extremely private project, or someone is gonna have to do it all by themselves.  Ugh, I hope this doesn't take nearly two years like some of the older models did
[post="127471"]<{POST_SNAPBACK}>[/post]
You can upgrade the Nspire OS and then downgrade by erasing the OS, and installing the old one. You can erase the OS by entering the boot menu documented on the wiki. It's done by holding down certain keys when turning on, like all other calculators.
This calculator is much harder to break than the others, so it's definitely going to take time. The Nspire is still very much in its infancy and not worth having. |
|
Back to top |
|
|
TylerMcL
Member

Joined: 28 May 2008 Posts: 148
|
Posted: 02 Oct 2008 07:17:52 pm Post subject: |
|
|
Wait, since I own a TI-Nspire Non-CAS, does that I mean I might be able to install a CAS OS? It's basically all the same hardware, with the exception of the keypad. And if not at this point, do you think it'll be possible to install a CAS on it?
And Brandon, you're absolutely correct on the part of the NSpire, being not worth buying. Unless you're already gonna buy a 84+SE or a similar one, it's useless as of the part of the Nspire keypad. Yeah, it's fancy - But i can already do all the stuff the Nspire can do -- and more - with my TI-83+SE And trust me, |
|
Back to top |
|
|
brandonw
Advanced Member

Joined: 12 Jan 2007 Posts: 455
|
Posted: 02 Oct 2008 07:36:46 pm Post subject: |
|
|
You can't install the CAS OS on a non-CAS. Unofficially, though...maybe one day. |
|
Back to top |
|
|
FloppusMaximus
Advanced Member

Joined: 22 Aug 2008 Posts: 472
|
Posted: 03 Oct 2008 02:36:36 pm Post subject: |
|
|
That's an interesting point. Is the hardware actually the same in all other respects (that we know of)? If so, I guess that could partly explain TI's anti-programming attitude. |
|
Back to top |
|
|
|