Author Topic: Would Ndless 3.0 be possible through Lua?  (Read 21302 times)

0 Members and 1 Guest are viewing this topic.

Offline Snake X

  • Ancient Veteran
  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 810
  • Rating: +33/-8
    • View Profile
Re: Would Ndless 3.0 be possible through Lua?
« Reply #15 on: May 26, 2011, 06:03:24 pm »
The lua code for the buffer overflow was sent to Extended, and he replied and said it's interesting ;)

If this is true, then congratulations jimbauwens! you just might be the first person to help Ndless get on its way via Lua! :D
Loved this place, still the best producers of power metal, and sparked my dreams of coding.

Offline AngelFish

  • Is this my custom title?
  • Administrator
  • LV12 Extreme Poster (Next: 5000)
  • ************
  • Posts: 3242
  • Rating: +270/-27
  • I'm a Fishbot
    • View Profile
Re: Would Ndless 3.0 be possible through Lua?
« Reply #16 on: May 26, 2011, 06:14:57 pm »
The problem with buffer overflows is that it's likely to be a simple fix for TI. Array bounds checking prevents overflows quite effectively and it's generally not difficult to implement.
∂²Ψ    -(2m(V(x)-E)Ψ
---  = -------------
∂x²        ℏ²Ψ

Offline calc84maniac

  • eZ80 Guru
  • Coder Of Tomorrow
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2912
  • Rating: +471/-17
    • View Profile
    • TI-Boy CE
Re: Would Ndless 3.0 be possible through Lua?
« Reply #17 on: May 26, 2011, 06:15:39 pm »
The problem with buffer overflows is that it's likely to be a simple fix for TI. Array bounds checking prevents overflows quite effectively and it's generally not difficult to implement.
But the important thing is that we're that much closer to cracking OS 3 (and the Nspire CX :D)
"Most people ask, 'What does a thing do?' Hackers ask, 'What can I make it do?'" - Pablos Holman

Offline AngelFish

  • Is this my custom title?
  • Administrator
  • LV12 Extreme Poster (Next: 5000)
  • ************
  • Posts: 3242
  • Rating: +270/-27
  • I'm a Fishbot
    • View Profile
Re: Would Ndless 3.0 be possible through Lua?
« Reply #18 on: May 26, 2011, 06:16:35 pm »
That is true. I hope Ndless is now much easier to make because of this :D
∂²Ψ    -(2m(V(x)-E)Ψ
---  = -------------
∂x²        ℏ²Ψ

Offline ruler501

  • Meep
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2475
  • Rating: +66/-9
  • Crazy Programmer
    • View Profile
Re: Would Ndless 3.0 be possible through Lua?
« Reply #19 on: May 26, 2011, 06:17:11 pm »
I wish TI would just give us the keys.that would make everything easier.

I hope ndless 3 gets mede soon
I currently don't do much, but I am a developer for a game you should totally try out called AssaultCube Reloaded download here https://assaultcuber.codeplex.com/
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM/CS/M/S d- s++: a---- C++ UL++ P+ L++ E---- W++ N o? K- w-- o? !M V?
PS+ PE+ Y+ PGP++ t 5? X R tv-- b+++ DI+ D+ G++ e- h! !r y

Offline Lionel Debroux

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2135
  • Rating: +290/-45
    • View Profile
    • TI-Chess Team
Re: Would Ndless 3.0 be possible through Lua?
« Reply #20 on: May 27, 2011, 03:02:45 am »
Before releasing anything publicly, I think that it would be good to have two flaws of different kinds, so as to reduce the risk that the next OS upgrade kills Ndless again :)
This is a common pattern in other third-party development communities that the manufacturer actively fights, and we should follow it.

Being completely open about "something interesting has been found, we'll release when ready" is rather desirable (though it opens the developers of said interesting things to deeper scrutiny, and possible nastiness, from TI), but not publishing the information until the public release of the exploit gives an edge over the manufacturer for a little bit longer.
Remember, what made Nleash a resounding success and a slap in TI's face, due to the short time period between the release of OS 2.1.0.631 and the release of Nleash, was the then-private arbitrary code execution flaw used by Ndless 1.7 and 2.0 :)
Member of the TI-Chess Team.
Co-maintainer of GCC4TI (GCC4TI online documentation), TILP and TIEmu.
Co-admin of TI-Planet.

Offline Jim Bauwens

  • Lua! Nspire! Linux!
  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1881
  • Rating: +206/-7
  • Linux!
    • View Profile
    • nothing...
Re: Would Ndless 3.0 be possible through Lua?
« Reply #21 on: May 27, 2011, 03:26:05 am »
Yeah, that is a very good point, Lionel.

Right now I'm not doing anything with the code, as its in ExtendeD's hands, and he will use it when he has time. He is also allot smarter in this kind of things.

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: Would Ndless 3.0 be possible through Lua?
« Reply #22 on: June 12, 2011, 02:36:53 am »
Yeah I agree. I think we need to not publish way too much info and clues before release. I remember back in 2010 Ndless development was completely secret, although this later changed, so other people could help. I think it's good to not document everything in public, though.

Offline fb39ca4

  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1749
  • Rating: +60/-3
    • View Profile
Re: Would Ndless 3.0 be possible through Lua?
« Reply #23 on: June 12, 2011, 09:39:13 am »
This is interesting to find out about, though I am worried it will make TI think twice about putting in lua.

Offline hoffa

  • LV6 Super Member (Next: 500)
  • ******
  • Posts: 322
  • Rating: +131/-13
    • View Profile
Re: Would Ndless 3.0 be possible through Lua?
« Reply #24 on: June 13, 2011, 08:50:45 am »
I was trying to add some things in the game I've been writing, when one relatively simple thing just didn't want to work. I wanted to print the value of a variable to debug my program, and this is what I saw (I tried it on the calculator itself and the same thing showed up):

I'm not going to conjecture anything at the moment (even though I have some ideas about what it might be). Now I'll just try and trim down the program while still keeping that thing there (and no, it's not a sprite), to try to better reproduce it.
Edit: oh and I'm talking about the theta and the two strange rectangles, not the game itself; I was just testing some things.
« Last Edit: June 13, 2011, 08:57:23 am by hoffa »

Offline kyllopardiun

  • LV4 Regular (Next: 200)
  • ****
  • Posts: 178
  • Rating: +14/-4
  • Kyllopardiun over 2000 results in google.
    • View Profile
    • Kyllo's blog (a blog about poetry, videos and computing)
Re: Would Ndless 3.0 be possible through Lua?
« Reply #25 on: June 13, 2011, 09:14:33 am »
//Just some random thoughts :

Nspire OS3 does not run older .tns,
but, maybe if you can get something with this bug in Lua,
perhaps you could create a buggy .tns (3) which may be the next exploit...


Offline Jim Bauwens

  • Lua! Nspire! Linux!
  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1881
  • Rating: +206/-7
  • Linux!
    • View Profile
    • nothing...
Re: Would Ndless 3.0 be possible through Lua?
« Reply #26 on: June 13, 2011, 10:30:41 am »
@hoffa, I know what the issue is (or at least I think I do). You are mixing utf-8 and ascii, which results in weird characters.

Ashbad

  • Guest
Re: Would Ndless 3.0 be possible through Lua?
« Reply #27 on: June 13, 2011, 10:40:20 am »
I've gone and done some researching on the buffer overflow method of writing to memory, and here's my opinions:

- It's really easy to patch this in a Lua interpreter.  TI would be able to block our efforts in less than 15 minutes if we go about it this way;
- Slow, and unreliable,
- unless you can be sure of the format you're writing things to memory as, I wouldn't suggest it.
« Last Edit: June 13, 2011, 10:40:33 am by Ashbad »

Offline JosJuice

  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1344
  • Rating: +66/-14
    • View Profile
Re: Would Ndless 3.0 be possible through Lua?
« Reply #28 on: June 13, 2011, 10:51:07 am »
@hoffa, I know what the issue is (or at least I think I do). You are mixing utf-8 and ascii, which results in weird characters.
Do you mean UTF-8 and ISO-8859-1/Windows-1252? ASCII is the encoding with 128 characters, and all ASCII is valid UTF-8.

Offline Jim Bauwens

  • Lua! Nspire! Linux!
  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1881
  • Rating: +206/-7
  • Linux!
    • View Profile
    • nothing...
Re: Would Ndless 3.0 be possible through Lua?
« Reply #29 on: June 13, 2011, 10:52:56 am »
Quote
unless you can be sure of the format you're writing things to memory as, I wouldn't suggest it

I can write perfect bits and bytes. I know this because I can fill the display buffer and display perfect graphics.

Edit:
@JosJuice, here is what I think what happens:
He modifies the string containing the utf-8 characters using string.sub( (or something else). Since this is intented for ascii, it modifies the wrong bytes which results in the weird characters. He needs to use string.usub to edit it as utf-8.
« Last Edit: June 13, 2011, 11:00:40 am by jimbauwens »