Author Topic: Casio Prizm documentation  (Read 240176 times)

0 Members and 1 Guest are viewing this topic.

Offline z80man

  • Casio Traitor
  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 977
  • Rating: +85/-3
    • View Profile
Re: Casio Prizm documentation
« Reply #90 on: December 27, 2010, 04:25:51 am »
The app still won't run. It seems that the check sum for all apps in between 0x0000 and 0x003F. For conversion app it is AA AC BD AF 90 88 9A 8D D3 FF FE FF FE FF 16 FE FF F4 75 57 9F 00 49 12 00 00 00 00 00 00 00 00 04 1D D1 DC 01 01 00 00 00 00 00 00 00 00 00 0B 1A A4 00 00 00 00 00 00 00 00 00 00 00 00 00 00. About 75% of it identical to other apps

List of stuff I need to do before September:
1. Finish the Emulator of the Casio Prizm (in active development)
2. Finish the the SH3 asm IDE/assembler/linker program (in active development)
3. Create a partial Java virtual machine  for the Prizm (not started)
4. Create Axe for the Prizm with an Axe legacy mode (in planning phase)
5. Develop a large set of C and asm libraries for the Prizm (some progress)
6. Create an emulator of the 83+ for the Prizm (not started)
7. Create a well polished game that showcases the ability of the Casio Prizm (not started)

Offline z80man

  • Casio Traitor
  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 977
  • Rating: +85/-3
    • View Profile
Re: Casio Prizm documentation
« Reply #91 on: December 27, 2010, 04:31:55 am »
After changing some of the data you can see a change in the icon, but then the app becomes unrunnable. Any ideas why would be helpful.
The first 2 bytes in the headers are 0xAA and 0xAC, right? On the fx-9860, to disable the checksum you would change the first byte (0xAA) to 0xAC. Try and see if that works.
I tried changing the first byte from $AA to $AC, but the app is still not running.

List of stuff I need to do before September:
1. Finish the Emulator of the Casio Prizm (in active development)
2. Finish the the SH3 asm IDE/assembler/linker program (in active development)
3. Create a partial Java virtual machine  for the Prizm (not started)
4. Create Axe for the Prizm with an Axe legacy mode (in planning phase)
5. Develop a large set of C and asm libraries for the Prizm (some progress)
6. Create an emulator of the 83+ for the Prizm (not started)
7. Create a well polished game that showcases the ability of the Casio Prizm (not started)

Offline JosJuice

  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1344
  • Rating: +66/-14
    • View Profile
Re: Casio Prizm documentation
« Reply #92 on: December 27, 2010, 04:38:07 am »
After changing some of the data you can see a change in the icon, but then the app becomes unrunnable. Any ideas why would be helpful.
The first 2 bytes in the headers are 0xAA and 0xAC, right? On the fx-9860, to disable the checksum you would change the first byte (0xAA) to 0xAC. Try and see if that works.
I tried changing the first byte from $AA to $AC, but the app is still not running.
What happens if the first byte of an unmodified app is changed to 0xAC?

Offline z80man

  • Casio Traitor
  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 977
  • Rating: +85/-3
    • View Profile
Re: Casio Prizm documentation
« Reply #93 on: December 27, 2010, 04:40:54 am »
After changing some of the data you can see a change in the icon, but then the app becomes unrunnable. Any ideas why would be helpful.
The first 2 bytes in the headers are 0xAA and 0xAC, right? On the fx-9860, to disable the checksum you would change the first byte (0xAA) to 0xAC. Try and see if that works.
I tried changing the first byte from $AA to $AC, but the app is still not running.
What happens if the first byte of an unmodified app is changed to 0xAC?
ah ha!! I figured it out!!! ;D ;D ;D ;D The OS uses a modular sum checksum. So as long as I keep the sum of all the bytes added together the app will run. All we need to do now is find out where this sum is located that way we can start modifying some code. Also if you change the first byte to $AC the app does not run.
« Last Edit: December 27, 2010, 04:50:04 am by z80man »

List of stuff I need to do before September:
1. Finish the Emulator of the Casio Prizm (in active development)
2. Finish the the SH3 asm IDE/assembler/linker program (in active development)
3. Create a partial Java virtual machine  for the Prizm (not started)
4. Create Axe for the Prizm with an Axe legacy mode (in planning phase)
5. Develop a large set of C and asm libraries for the Prizm (some progress)
6. Create an emulator of the 83+ for the Prizm (not started)
7. Create a well polished game that showcases the ability of the Casio Prizm (not started)

Offline jnesselr

  • King Graphmastur
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2270
  • Rating: +81/-20
  • TAO == epic
    • View Profile
Re: Casio Prizm documentation
« Reply #94 on: December 27, 2010, 11:37:08 am »
After changing some of the data you can see a change in the icon, but then the app becomes unrunnable. Any ideas why would be helpful.
The first 2 bytes in the headers are 0xAA and 0xAC, right? On the fx-9860, to disable the checksum you would change the first byte (0xAA) to 0xAC. Try and see if that works.
I tried changing the first byte from $AA to $AC, but the app is still not running.
What happens if the first byte of an unmodified app is changed to 0xAC?
ah ha!! I figured it out!!! ;D ;D ;D ;D The OS uses a modular sum checksum. So as long as I keep the sum of all the bytes added together the app will run. All we need to do now is find out where this sum is located that way we can start modifying some code. Also if you change the first byte to $AC the app does not run.
Excellent news there!

I was thinking that maybe they did the two separate icons in case you wanted to change what it was when it was selected.  Also, how did you figure it out? That it was modular sum checksum, I mean.

Offline z80man

  • Casio Traitor
  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 977
  • Rating: +85/-3
    • View Profile
Re: Casio Prizm documentation
« Reply #95 on: December 27, 2010, 01:20:46 pm »
Yes there are two icons in the header one at 0x1000 and the other at 0x4000. The former is for when the cursor is off the icon and the latter is when it is on. How I figured out a modular sum checksum was used, Whenever I changed some data in the program I would keep track of how much much I added or subtracted from each byte and When I was done the net change must be at 0. eg. If there is a byte that reads $C0 and I change it $B0 then I must add $10 to another byte. So $60 becomes $70

List of stuff I need to do before September:
1. Finish the Emulator of the Casio Prizm (in active development)
2. Finish the the SH3 asm IDE/assembler/linker program (in active development)
3. Create a partial Java virtual machine  for the Prizm (not started)
4. Create Axe for the Prizm with an Axe legacy mode (in planning phase)
5. Develop a large set of C and asm libraries for the Prizm (some progress)
6. Create an emulator of the 83+ for the Prizm (not started)
7. Create a well polished game that showcases the ability of the Casio Prizm (not started)

Offline jnesselr

  • King Graphmastur
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2270
  • Rating: +81/-20
  • TAO == epic
    • View Profile
Re: Casio Prizm documentation
« Reply #96 on: December 27, 2010, 03:38:03 pm »
Yes there are two icons in the header one at 0x1000 and the other at 0x4000. The former is for when the cursor is off the icon and the latter is when it is on. How I figured out a modular sum checksum was used, Whenever I changed some data in the program I would keep track of how much much I added or subtracted from each byte and When I was done the net change must be at 0. eg. If there is a byte that reads $C0 and I change it $B0 then I must add $10 to another byte. So $60 becomes $70
And that's how the file gets accepted. Alright, good. In which case, do you know what the bit length is for the field is? I bet you could figure it out by changing enough data so that if the lower part (say the low 16 bits) are the same, but the higher part isn't, would it reject it?

As in, say your sum was $C9ED. If it only took the lower 8 bits in the checksum, then that means that you can change a bunch of bytes to get $D6ED or something, and you would know that only the lower 8 bits are used in the checksum because the file still transferred.

If we did that, we could possibly figure out where the checksum is. Does the header use fixed location stuff, or does it have ID's of some sort to say that this piece of information is the pic, this piece is the second pic, etc.?

Offline AngelFish

  • Is this my custom title?
  • Administrator
  • LV12 Extreme Poster (Next: 5000)
  • ************
  • Posts: 3242
  • Rating: +270/-27
  • I'm a Fishbot
    • View Profile
Re: Casio Prizm documentation
« Reply #97 on: December 27, 2010, 04:23:16 pm »
It almost certainly uses fixed location stuff from what I've seen, but we'd have to see a disassembly to confirm it.
∂²Ψ    -(2m(V(x)-E)Ψ
---  = -------------
∂x²        ℏ²Ψ

Offline z80man

  • Casio Traitor
  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 977
  • Rating: +85/-3
    • View Profile
Re: Casio Prizm documentation
« Reply #98 on: December 27, 2010, 05:14:33 pm »
It appears more than one checksum is used. After running a checksum-32 algorithim on the conversion app I got 0027DB. At 0x0020 in the code appears 0027D864. On the Geometry app the algorithim got a result of 014DD578 and at 0x0020 was 014DD1DC. So the checksum doesn't include the entire code. I can't figure out what part is left out though. For the geometry app the first part of the header is AA AC BD AF 90 88 9A 8D D3 FF FE FF FE FF 16 FE FF F4 75 57 9F 00 49 12 00 00 00 00 00 00 00 00 04 1D D1 DC 01 01 00 00 00 00 00 00 00 00 00 0B 1A A4 00 00 00 00 00 00 00 00 00 00 00 00 00 00

List of stuff I need to do before September:
1. Finish the Emulator of the Casio Prizm (in active development)
2. Finish the the SH3 asm IDE/assembler/linker program (in active development)
3. Create a partial Java virtual machine  for the Prizm (not started)
4. Create Axe for the Prizm with an Axe legacy mode (in planning phase)
5. Develop a large set of C and asm libraries for the Prizm (some progress)
6. Create an emulator of the 83+ for the Prizm (not started)
7. Create a well polished game that showcases the ability of the Casio Prizm (not started)

Offline jnesselr

  • King Graphmastur
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2270
  • Rating: +81/-20
  • TAO == epic
    • View Profile
Re: Casio Prizm documentation
« Reply #99 on: December 27, 2010, 05:25:00 pm »
okay, so that makes it 40 bits? That doesn't seem right. I would think maybe 64 bits at most.  The question is, where is it that the bytes aren't used.  Also, it could be that a checksum is encrypted with something like RSA too.  That would still cause things with the same checksum to have the same signature.

Offline z80man

  • Casio Traitor
  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 977
  • Rating: +85/-3
    • View Profile
Re: Casio Prizm documentation
« Reply #100 on: December 27, 2010, 05:33:41 pm »
New find. I believe this is a 32 bit number. At 0x002E on the geometry app is 000B1AA4 which just so happens to be the exact size of the program not including the header. On the conversion app I get 000001F8 also the size of the program not including the header.

List of stuff I need to do before September:
1. Finish the Emulator of the Casio Prizm (in active development)
2. Finish the the SH3 asm IDE/assembler/linker program (in active development)
3. Create a partial Java virtual machine  for the Prizm (not started)
4. Create Axe for the Prizm with an Axe legacy mode (in planning phase)
5. Develop a large set of C and asm libraries for the Prizm (some progress)
6. Create an emulator of the 83+ for the Prizm (not started)
7. Create a well polished game that showcases the ability of the Casio Prizm (not started)

Offline jnesselr

  • King Graphmastur
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2270
  • Rating: +81/-20
  • TAO == epic
    • View Profile
Re: Casio Prizm documentation
« Reply #101 on: December 27, 2010, 05:43:05 pm »
Is there a wiki where all this information is being documented?

Offline z80man

  • Casio Traitor
  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 977
  • Rating: +85/-3
    • View Profile
Re: Casio Prizm documentation
« Reply #102 on: December 27, 2010, 06:13:48 pm »
There needs to be a site like wikiti.brandonw.net/ but for casio calcs

List of stuff I need to do before September:
1. Finish the Emulator of the Casio Prizm (in active development)
2. Finish the the SH3 asm IDE/assembler/linker program (in active development)
3. Create a partial Java virtual machine  for the Prizm (not started)
4. Create Axe for the Prizm with an Axe legacy mode (in planning phase)
5. Develop a large set of C and asm libraries for the Prizm (some progress)
6. Create an emulator of the 83+ for the Prizm (not started)
7. Create a well polished game that showcases the ability of the Casio Prizm (not started)

Offline jnesselr

  • King Graphmastur
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2270
  • Rating: +81/-20
  • TAO == epic
    • View Profile
Re: Casio Prizm documentation
« Reply #103 on: December 27, 2010, 07:01:39 pm »
There needs to be a site like wikiti.brandonw.net/ but for casio calcs
I know how to host one on wikidot. Not a wiki per se, though. Just a place to hold info for the time being.

Offline AngelFish

  • Is this my custom title?
  • Administrator
  • LV12 Extreme Poster (Next: 5000)
  • ************
  • Posts: 3242
  • Rating: +270/-27
  • I'm a Fishbot
    • View Profile
Re: Casio Prizm documentation
« Reply #104 on: December 27, 2010, 07:09:30 pm »
My hosting provider refuses to support the software <_<
∂²Ψ    -(2m(V(x)-E)Ψ
---  = -------------
∂x²        ℏ²Ψ