Author Topic: 84+/SE Boot Pages Modified  (Read 40118 times)

0 Members and 2 Guests are viewing this topic.

Offline DrDnar

  • LV7 Elite (Next: 700)
  • *******
  • Posts: 546
  • Rating: +97/-1
    • View Profile
Re: 84+/SE Boot Pages Modified
« Reply #90 on: September 07, 2013, 10:01:23 pm »
I think the only way for TI to prevent any such hacking would be to remove the Asm command and Flash APP support on new models, but since they're popular due to all the programs for them, I doubt that TI would be able to afford to do that, not to mention they might have left ASM support intact on those calcs just so that the TI-Nspire lockdown pills are easier to swallow for us.
The reason that we can defeat the 2048-bit key on the TI-84+/SE line is that the boot sector is not properly protected. TI fixed that with the TI-84+CSE, and there's no reason they can't apply that fix to the TI-84+/SE, other than that it would require them to make a few minor changes to the manufacturing process.

(Specifically, the TI-83+ originally protected the boot sector by having the factory lock the boot sector using a locking feature the flash chip itself has, which can only be overridden by apply +12 V to the right pin. Later, they decided that they wanted to save a few pennies per unit by rolling their protection circuit into the ASIC, instead of using the protection capabilities that the flash chip itself has. This system works fine on the TI-83+, but the TI-84+ ASIC system is easily circumvented once flash is unlocked. (We simply tell the ASIC that it has a 4 MB or 8 MB flash chip, instead of 1 or 2 MB. Thus, it stops protecting the boot sector because it doesn't know it's a boot sector anymore.) After we discovered this, TI decided to return to the flash chip's locking system for the TI-84+CSE.)

I'm not saying they could stop us from running custom code. But I am saying that they can stop us from patching the boot sector(s).
"No tools will make a man a skilled workman, or master of defense, nor be of any use to him who has not learned how to handle them, and has never bestowed any attention upon them. . . . Yes, [] the tools which would teach men their own use would be beyond price."—Plato's The Republic, circa 380 BC

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: 84+/SE Boot Pages Modified
« Reply #91 on: September 07, 2013, 11:04:47 pm »
Oh I didn't know they fixed it on the CSE. Does it means that the CSE might never ever be downgradeable?
« Last Edit: September 07, 2013, 11:05:00 pm by DJ Omnimaga »

Offline DrDnar

  • LV7 Elite (Next: 700)
  • *******
  • Posts: 546
  • Rating: +97/-1
    • View Profile
Re: 84+/SE Boot Pages Modified
« Reply #92 on: September 07, 2013, 11:06:54 pm »
Oh I didn't know they fixed it on the CSE. Does it means that the CSE might never ever be downgradeable?
Downgradeable? There's nothing to downgrade to. Besides, there are other methods of uploading a custom OS.
"No tools will make a man a skilled workman, or master of defense, nor be of any use to him who has not learned how to handle them, and has never bestowed any attention upon them. . . . Yes, [] the tools which would teach men their own use would be beyond price."—Plato's The Republic, circa 380 BC

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: 84+/SE Boot Pages Modified
« Reply #93 on: September 07, 2013, 11:08:32 pm »
Oh I mean when they release a new OS.

Offline DrDnar

  • LV7 Elite (Next: 700)
  • *******
  • Posts: 546
  • Rating: +97/-1
    • View Profile
Re: 84+/SE Boot Pages Modified
« Reply #94 on: September 07, 2013, 11:50:55 pm »
As far as I know, there's no downgrade prevention code in the new boot code. If there is, it would have to be certificate-based, which we can modify at will once flash is unlocked. Brandon has a library of flash unlock exploits ready and waiting, so it should never be an issue.
"No tools will make a man a skilled workman, or master of defense, nor be of any use to him who has not learned how to handle them, and has never bestowed any attention upon them. . . . Yes, [] the tools which would teach men their own use would be beyond price."—Plato's The Republic, circa 380 BC

Offline Sorunome

  • Fox Fox Fox Fox Fox Fox Fox!
  • Support Staff
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 7920
  • Rating: +374/-13
  • Derpy Hooves
    • View Profile
    • My website! (You might lose the game)
Re: 84+/SE Boot Pages Modified
« Reply #95 on: September 08, 2013, 01:13:51 am »
So.....why does TI do that if they know that we can still get through.

THE GAME
Also, check out my website
If OmnomIRC is screwed up, blame me!
Click here to give me an internet!

Offline Streetwalrus

  • LV12 Extreme Poster (Next: 5000)
  • ************
  • Posts: 3821
  • Rating: +80/-8
    • View Profile
Re: 84+/SE Boot Pages Modified
« Reply #96 on: September 08, 2013, 03:15:53 am »
So.....why does TI do that if they know that we can still get through.
They're just pissed off in silence. :P

Offline Eiyeron

  • Urist McEiyolobster
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1430
  • Rating: +130/-10
  • (-_(//));
    • View Profile
    • Rétro-Actif : Rétro/Prog/Blog
Re: 84+/SE Boot Pages Modified
« Reply #97 on: September 08, 2013, 05:07:25 am »
I don't think they are really concerned with the monochrome z80 anymore. Don't get mad, I just think, with seeing color calc profusion, that they just want us to buy/use them. It's for thesz kind of reasons I suppose that they won't acting up on 8x(+) anymore. They certainly prefer blocking the nSpire to conserve the exams monopoly, I'd guess.

Technically speaking, last rsa record was 768bits in 2009. GLHF cracking a 2k one...

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
Re: 84+/SE Boot Pages Modified
« Reply #98 on: September 30, 2013, 02:55:17 pm »
Anybody with a TI-84+ or TI-84+SE hardware revision R or above?

It seems that the new TI-83 Plus.fr USB in France (which use the TI-84+SE hardware) have their Boot Code write protected: EpicFail and Flashy don't work anymore.
(source: http://tiplanet.org/forum/viewtopic.php?f=41&t=13116 )

I suppose it's the same for the new TI-84+ in shops.

We need to determine at which hardware revision they did change this.
My TI-83 Plus.fr USB won't help, as the hardware revision code on the back was reset.
« Last Edit: September 30, 2013, 03:03:18 pm by critor »
TI-Planet co-admin.

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: 84+/SE Boot Pages Modified
« Reply #99 on: September 30, 2013, 02:59:08 pm »
Nope I got N, but I bought my calc a few years ago, which probably means that there are R models in stores by now.

Also this sucks. Btw do those revisions still have the Asm()/AsmComp()/AsmPrgm commands anymore and do they support third-party Flash APPs? Also, how much extra RAM do they have?

Offline Streetwalrus

  • LV12 Extreme Poster (Next: 5000)
  • ************
  • Posts: 3821
  • Rating: +80/-8
    • View Profile
Re: 84+/SE Boot Pages Modified
« Reply #100 on: September 30, 2013, 03:03:43 pm »
Well, I hope that Unsigned still works at least. :/

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
Re: 84+/SE Boot Pages Modified
« Reply #101 on: September 30, 2013, 03:53:04 pm »
Yes, I could confirm that Unsigned.8xp still works. Probably USORECV.8xp still works too.
So we can sill install unsigned or missigned OSes.

But we still need to understand what TI did (again) and when.

So Boot Code 1.03 was introduced in TI-84+ hardware revision Q.
Anybody who bought a TI-84+ those last weeks/months? Which hardware revision did it come with?
« Last Edit: September 30, 2013, 03:54:45 pm by critor »
TI-Planet co-admin.

Offline Dapianokid

  • LV7 Elite (Next: 700)
  • *******
  • Posts: 539
  • Rating: +46/-27
  • That one dude
    • View Profile
Re: 84+/SE Boot Pages Modified
« Reply #102 on: September 30, 2013, 04:43:54 pm »
critor, you'd be better off posting that question on the front page.
Keep trying.

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
Re: 84+/SE Boot Pages Modified
« Reply #103 on: September 30, 2013, 05:06:24 pm »
Thank you.

The TI-Planet news about this is in my list of news which need to be translated and crossposted.
I'm just very busy those last days. ;)
« Last Edit: September 30, 2013, 05:06:41 pm by critor »
TI-Planet co-admin.

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: 84+/SE Boot Pages Modified
« Reply #104 on: September 30, 2013, 11:37:11 pm »
How big is the RSA key now btw? O.O

Also glad that some custom OS tools still works. It will be hard for TI to lock down such outdated platform, unless they ever decide to remove ASM support completely in future OSes, but still, it sucks that they try so hard. >.<