Author Topic: Bypassing TI-Nspire RSA signatures now possible?  (Read 33573 times)

0 Members and 1 Guest are viewing this topic.

Offline ExtendeD

  • CoT Emeritus
  • LV8 Addict (Next: 1000)
  • *
  • Posts: 825
  • Rating: +167/-2
    • View Profile
Re: Bypassing TI-Nspire RSA signatures now possible?
« Reply #30 on: March 29, 2011, 05:05:37 pm »
It could be nice to be able to run significantly different versions, like have 2.x installed for Ndless but run 3.0 for the additional math features (e.g. 3d graphing), but this doesn't work too well because you get mixed-up text that basically makes everything incomprehensible (see below for an example - 2.1 running on a 2.0.1 installation).

What about patching the filesystem functions of the OS loaded to "chroot" the OS?

Anyway RunOS was not released to avoid giving TI good reasons (such as being able to run the CAS OS on a non-CAS TI-Nspire) for enabling the downgrade protection. This is really something none of us want.
Ndless.me with the finest TI-Nspire programs

Offline mikehill2003

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 279
  • Rating: +13/-4
    • View Profile
Re: Bypassing TI-Nspire RSA signatures now possible?
« Reply #31 on: March 29, 2011, 05:32:45 pm »
It could be nice to be able to run significantly different versions, like have 2.x installed for Ndless but run 3.0 for the additional math features (e.g. 3d graphing), but this doesn't work too well because you get mixed-up text that basically makes everything incomprehensible (see below for an example - 2.1 running on a 2.0.1 installation).

What about patching the filesystem functions of the OS loaded to "chroot" the OS?

Anyway RunOS was not released to avoid giving TI good reasons (such as being able to run the CAS OS on a non-CAS TI-Nspire) for enabling the downgrade protection. This is really something none of us want.

Is there any large difference between RunOS and diagslauncher? Also, my calc also locks up trying to load the same os that the calc is running. (now 2.0.1, non-cas)

Do I need to stop taking the script kiddie approach and compile it myself with modified offsets?

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
Re: Bypassing TI-Nspire RSA signatures now possible?
« Reply #32 on: March 29, 2011, 06:02:14 pm »
Anyway RunOS was not released to avoid giving TI good reasons (such as being able to run the CAS OS on a non-CAS TI-Nspire) for enabling the downgrade protection.

Which they did anyway, starting from OS 2.0.0 on TouchPad models, and from OS 2.1.0 on all models...
TI-Planet co-admin.

Offline mikehill2003

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 279
  • Rating: +13/-4
    • View Profile
Re: Bypassing TI-Nspire RSA signatures now possible?
« Reply #33 on: March 29, 2011, 06:03:34 pm »
Anyway RunOS was not released to avoid giving TI good reasons (such as being able to run the CAS OS on a non-CAS TI-Nspire) for enabling the downgrade protection.

Which they did anyway, starting from OS 2.0.0 on TouchPad models, and from OS 2.1.0 on all models...

So is there any chance of RunOS ever being released?

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
Re: Bypassing TI-Nspire RSA signatures now possible?
« Reply #34 on: March 29, 2011, 06:55:13 pm »
Just released!
Non, not RunOS yet...
But the very similar Boot2Launcher program by Bsl!

You can launch any uncompressed boot2 image:
- a different image (newer or older) from the one flashed in your NAND ROM
- a prototype image on a production TI-Nspire
- a production image an a prototype TI-Nspire
- ...

Useless, you think?...
But the boot2 does care with everything related to launching (or not launching) the OS.
Guess what could be done by launching a slightly modified boot2 image...

Guess what's next...



Read/watch more (in french):
http://ti.bank.free.fr/index.php?mod=news&ac=commentaires&id=1026
« Last Edit: March 29, 2011, 08:19:35 pm by critor »
TI-Planet co-admin.

Offline mikehill2003

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 279
  • Rating: +13/-4
    • View Profile
Re: Bypassing TI-Nspire RSA signatures now possible?
« Reply #35 on: March 29, 2011, 07:22:52 pm »
Nice! So could boot2 be modified to load a modified os instead of the already-installed one?

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
Re: Bypassing TI-Nspire RSA signatures now possible?
« Reply #36 on: March 29, 2011, 08:22:51 pm »
Yes, if we use a modified boot2 which could load any OS, it could also load a modified OS.

TI-Planet co-admin.

Offline Goplat

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 289
  • Rating: +82/-0
    • View Profile
Re: Bypassing TI-Nspire RSA signatures now possible?
« Reply #37 on: March 29, 2011, 08:26:05 pm »
If you want to modify the OS, it would be far easier and quicker to just do it in-memory.
Numquam te deseram; numquam te deficiam; numquam circa curram et te desolabo
Numquam te plorare faciam; numquam valedicam; numquam mendacium dicam et te vulnerabo

Offline mikehill2003

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 279
  • Rating: +13/-4
    • View Profile
Re: Bypassing TI-Nspire RSA signatures now possible?
« Reply #38 on: March 29, 2011, 08:33:14 pm »
If you want to modify the OS, it would be far easier and quicker to just do it in-memory.

Could I make the regular os on my nspire be the cas one this way?

Offline bsl

  • LV4 Regular (Next: 200)
  • ****
  • Posts: 157
  • Rating: +14/-0
    • View Profile
Re: Bypassing TI-Nspire RSA signatures now possible?
« Reply #39 on: March 29, 2011, 08:40:23 pm »
Be careful with boot2launcher .
If you launch a developer boot2 on a production OS (or vice versa)it will delete that OS.

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
Re: Bypassing TI-Nspire RSA signatures now possible?
« Reply #40 on: March 29, 2011, 08:42:58 pm »
Be careful with boot2launcher .
If you launch a developer boot2 on a production OS (or vice versa)it will delete that OS.

Which is normal as the production and developer keys are different. (but shouldn't be a problem, as the developer boot2 images haven't been shared publicly)

By the way, thank you for you great work Bsl. :)


Maybe with a modified boot2, we could also run production OSes on Ndlessed basic & CAS TI-Nspire prototypes.
« Last Edit: March 29, 2011, 08:44:19 pm by critor »
TI-Planet co-admin.

Offline coolrudski

  • LV3 Member (Next: 100)
  • ***
  • Posts: 85
  • Rating: +1/-5
    • View Profile
Re: Bypassing TI-Nspire RSA signatures now possible?
« Reply #41 on: March 29, 2011, 08:50:28 pm »
ok maybe im missing something but what exactly could this mean for the nspire? i mean besides diagnostic wise on programs and the os (which is nice) programming capability wise what does this mean?

Offline willrandship

  • Omnimagus of the Multi-Base.
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2953
  • Rating: +98/-13
  • Insert sugar to begin programming subroutine.
    • View Profile
Re: Bypassing TI-Nspire RSA signatures now possible?
« Reply #42 on: March 29, 2011, 10:59:26 pm »
It means that RunOS (CAS on reg, 84+ emu on CAS) is theoretically possible now. It also means that, if you have room, you could launch a 3rd party OS from the regular OS.

Offline Goplat

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 289
  • Rating: +82/-0
    • View Profile
Re: Bypassing TI-Nspire RSA signatures now possible?
« Reply #43 on: March 29, 2011, 11:17:37 pm »
It also means that, if you have room, you could launch a 3rd party OS from the regular OS.
But why would you want to have to go through this process:

TI's OS → Ndless → boot2launcher → modified boot2 → your OS (as a .tno file)

when you could just go through this one:

TI's OS → Ndless → your OS (as an Ndless program)
Numquam te deseram; numquam te deficiam; numquam circa curram et te desolabo
Numquam te plorare faciam; numquam valedicam; numquam mendacium dicam et te vulnerabo

Offline compu

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 275
  • Rating: +63/-3
    • View Profile
Re: Bypassing TI-Nspire RSA signatures now possible?
« Reply #44 on: March 30, 2011, 02:02:30 pm »
Maybe with a modified boot2, we could also run production OSes on Ndlessed basic & CAS TI-Nspire prototypes.
But isn't RunOS launching the OS files directly? without boot2? I think that way would be easier..
Anyway, would it be really possible to launch a CAS OS on a non-CAS calc using this way?

It also means that, if you have room, you could launch a 3rd party OS from the regular OS.
But why would you want to have to go through this process:

TI's OS → Ndless → boot2launcher → modified boot2 → your OS (as a .tno file)

when you could just go through this one:

TI's OS → Ndless → your OS (as an Ndless program)
I agree. Using ndless directly is much easier.