Author |
Message |
|
ztrumpet
Active Member
Joined: 06 May 2009 Posts: 555
|
Posted: 22 Jun 2009 02:55:15 pm Post subject: |
|
|
never mind...
Other sources work.
Edit:
I start the App and it takes me to the first screen. i press any button and it crashes. Then I press on and my ram is reset. Why?
Last edited by Guest on 22 Jun 2009 03:11:57 pm; edited 1 time in total |
|
Back to top |
|
|
calc84maniac
Elite
Joined: 22 Jan 2007 Posts: 770
|
Posted: 22 Jun 2009 03:26:55 pm Post subject: |
|
|
You are using the new wabbit? |
|
Back to top |
|
|
ztrumpet
Active Member
Joined: 06 May 2009 Posts: 555
|
Posted: 22 Jun 2009 03:31:31 pm Post subject: |
|
|
? How do I tell?
Edit: I have version 0.9.1.0
Last edited by Guest on 22 Jun 2009 03:32:41 pm; edited 1 time in total |
|
Back to top |
|
|
calc84maniac
Elite
Joined: 22 Jan 2007 Posts: 770
|
Posted: 22 Jun 2009 03:33:37 pm Post subject: |
|
|
I mean are you using the one included with TI-Boy? It won't work with any other version. |
|
Back to top |
|
|
ztrumpet
Active Member
Joined: 06 May 2009 Posts: 555
|
Posted: 22 Jun 2009 03:34:29 pm Post subject: |
|
|
So I need to install that Wabbit Emu?
Last edited by Guest on 22 Jun 2009 03:34:36 pm; edited 1 time in total |
|
Back to top |
|
|
calc84maniac
Elite
Joined: 22 Jan 2007 Posts: 770
|
Posted: 22 Jun 2009 03:35:40 pm Post subject: |
|
|
Nah there's no "installation" needed. Just run it. |
|
Back to top |
|
|
ztrumpet
Active Member
Joined: 06 May 2009 Posts: 555
|
Posted: 22 Jun 2009 03:39:12 pm Post subject: |
|
|
Got It to work. Thanks!
Why dosn't it work with other wabbits? |
|
Back to top |
|
|
calc84maniac
Elite
Joined: 22 Jan 2007 Posts: 770
|
Posted: 22 Jun 2009 03:42:54 pm Post subject: |
|
|
I'm using a sort of obscure memory mapping port which I got Spencer to add support for in Wabbit. |
|
Back to top |
|
|
panyan
Member
Joined: 29 Dec 2007 Posts: 142
|
Posted: 23 Jun 2009 12:59:09 pm Post subject: |
|
|
^any development? i know im asking quickly, but im excited! |
|
Back to top |
|
|
calc84maniac
Elite
Joined: 22 Jan 2007 Posts: 770
|
Posted: 01 Jul 2009 11:19:01 pm Post subject: |
|
|
Digg? |
|
Back to top |
|
|
tr1p1ea
Elite
Joined: 03 Aug 2003 Posts: 870
|
Posted: 02 Jul 2009 02:14:12 am Post subject: |
|
|
Congrats! You have been Dugg . |
|
Back to top |
|
|
DigiTan Unregistered HyperCam 2
Super Elite (Last Title)
Joined: 10 Nov 2003 Posts: 4468
|
Posted: 02 Jul 2009 07:08:34 pm Post subject: |
|
|
Yeah. I hate to say it, but including on the same domain would be problematic. TI-Boy itself on ticalc or wherever should be more than a good enough start for anyone really interested. |
|
Back to top |
|
|
brandonw
Advanced Member
Joined: 12 Jan 2007 Posts: 455
|
Posted: 11 Jul 2009 12:25:33 am Post subject: |
|
|
Mapar007 wrote: I've always wanted to know how brandon's unlocking routines work... (I've seen stuff with the cursor hook/locale hook, ???)
FlashDrv is quite old. What I believe to be the best (and most universal) unlock exploit is this:
There is a linking BCALL (5092h) which receives a variable data link packet to anywhere you want in RAM or Flash. It works in two parts: 1), the subroutine which actually unlocks Flash, calls _WriteFlash with an address and page you specify (it checks to make sure the page is in the user archive (08h <= page < 69h)) and locks it back can be looked up in a relatively clean way and then called, and 2) an exploit in _WriteFlash itself which can let you copy from RAM to RAM, thereby corrupting the stack and returning to a point you specify.
By setting up an area of RAM with all 80h's and then having _WriteFlash copy from there to SP, you fill the stack with 80h's and the calculator then returns to 8080h, where you can place more code to clean up the stack and return.
So you look up the address of that subroutine in code, set up the stack and the source/destination addresses appropriately, and jump into it. It will unlock Flash, attempt to copy 80h's to the stack, return to 8080h, restore the previous contents of the stack, and return with Flash unlocked.
The code for this is out there somewhere, I forget where. This works on any OS version, any boot code version, and is unlikely to be fixed unless they make the appropriate changes in the boot code (not easy) and/or remove that linking BCALL, which I doubt they'll do.
EDIT: Oh, and there's the always-humorous 1.19+/2.40+ exploit:
Code: ld a,1
ld (appInfo+2),a
bcall(50CBh)
I still chuckle to myself at night that this exists.
Last edited by Guest on 11 Jul 2009 12:27:44 am; edited 1 time in total |
|
Back to top |
|
|
FloppusMaximus
Advanced Member
Joined: 22 Aug 2008 Posts: 472
|
Posted: 11 Jul 2009 12:43:55 am Post subject: |
|
|
Cool, that makes sense. I think I saw some code along those lines in one of your programs once. :)
I'll update the fixdefrg program when I get a chance (or somebody else can do it... it shouldn't be too complicated.) |
|
Back to top |
|
|
magicdanw pcGuru()
Calc Guru
Joined: 14 Feb 2007 Posts: 1110
|
Posted: 11 Jul 2009 12:48:54 am Post subject: |
|
|
brandonw wrote: I still chuckle to myself at night that this exists. And I still feel all warm and fuzzy inside when I read about your insanely awesome exploits and projects |
|
Back to top |
|
|
Graphmastur
Advanced Member
Joined: 25 Mar 2009 Posts: 360
|
Posted: 11 Jul 2009 04:04:10 pm Post subject: |
|
|
brandonw wrote: EDIT: Oh, and there's the always-humorous 1.19+/2.40+ exploit:
Code: ld a,1
ld (appInfo+2),a
bcall(50CBh)
I still chuckle to myself at night that this exists.
How exactly does that work? |
|
Back to top |
|
|
FloppusMaximus
Advanced Member
Joined: 22 Aug 2008 Posts: 472
|
Posted: 11 Jul 2009 04:13:18 pm Post subject: |
|
|
Disassemble it and see - it is indeed pretty hilarious. 50CB is the WriteToFlash routine on 1.19+/2.40+; A=1 means validate a FlashApp. |
|
Back to top |
|
|
FloppusMaximus
Advanced Member
Joined: 22 Aug 2008 Posts: 472
|
Posted: 15 Jul 2009 08:57:55 pm Post subject: |
|
|
Here's the revised defragmentation patch. Should work on all current 83+/84+ OSes; I still don't know about the Nspire. Standard disclaimers apply.
On another note, calc84maniac, you seem to be using some... unusual... output values to port 3. What's the significance? Something to do with the crystal timers? |
|
Back to top |
|
|
brandonw
Advanced Member
Joined: 12 Jan 2007 Posts: 455
|
Posted: 16 Jul 2009 03:23:58 am Post subject: |
|
|
I haven't really paid attention to the thread, but if you're discussing an OS patch, it won't work on the Nspire unless you're using the "writing to OS space" exploit/hack/screw-up/whatever. I would elaborate, but it's a bug I really don't want them fixing in the near future. |
|
Back to top |
|
|
FloppusMaximus
Advanced Member
Joined: 22 Aug 2008 Posts: 472
|
Posted: 16 Jul 2009 02:28:04 pm Post subject: |
|
|
Understood. In this case it doesn't make a lot of difference; the readme states that TI-Boy SE won't work on the Nspire anyway (probably due to undocumented instructions.) |
|
Back to top |
|
|
|