According to the video that was posted, RunOS was launching the OS directly.

But, you'd have to get a decrypted OS image first, which is not easy at all for the end user.
So it might be usefull to use a modified boot2 in order to launch the OS from a simple tnc/tno file.

Why are the boot2 images so large in this video?
http://ti.bank.free.fr/index.php?mod=news&ac=commentaires&id=1026

It looks like they are ~300kb more than what TNOC removes from a standard tno/tnc.

How are they uncompressed? Nevermind.

The boot2 is compressed in a weird format (documented on UTI), and the OS is encrypted with Blowfish.

Well make sure to not post any copyrighted stuff like code, that's for sure. I unfortunately do not know about that stuff, though, so whatever you would post, I wouldn't even know what is it. X.x. At least avoid describing completely how to perform things like running a CAS OS on Nspires it isn't supposed to run on, though, so TI won't get mad.

I have decrypted the OS now using a method described on yAronet and modified boot2launcher's source (instead of 0x1180000 0x10000000 + size changed) but it seems that this method would be too easy. The emulator reboots with

Code: [Select]

data abort exception, lr=101f9ddc
So, is anybody gonna help me or does nobody want to talk about this because they don't want to upset TI?

I have the code to make a "hot reboot". It's tested and working.
The OS decrypted code has to be copied some way at 0x10000000.

But you have to make sure no OS code is used at that time.
So I suppose you can neither fread directly at 0x100000000, nor use memcpy().
I've tried to use standard C functions (malloc, fread, and then a for loop and pointers...), but in the end it didn't work either.
I've disabled interrupts, same thing...
I've disabled the compiler optimisations, same thing...

I'm either getting errors speaking of:
- code allready in use
- misaligned data
either a freeze or full reboot.

I suppose, some part of the old OS code is still in use...
Maybe performing the copy operation in assembly would be a way.

It's probably quite simple, for someone who understands ARM assembly.

So this has to be done in asm?
I have never used it.

Anyway, the "hot reboot" code is allready in asm.
So adding the "OS copy code" just before it wouldn't be a problem for me.

What do you mean by hot reboot code?
This one line of assembly in boot2-/diagslauncher that loads the OS base address into r15/pc?

For the OS, it's a little more complicated than that.