Author Topic: Signed Operating Systems - Who needs them?  (Read 29473 times)

0 Members and 2 Guests are viewing this topic.

Offline thepenguin77

  • z80 Assembly Master
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1594
  • Rating: +823/-5
  • The game in my avatar is bit.ly/p0zPWu
    • View Profile
Signed Operating Systems - Who needs them?
« on: August 23, 2011, 05:54:25 pm »
In short, this is the boot code 1.03 hack.

When boot code 1.03 first came out, I searched pretty hard for an exploit that would allow unsigned OS's to be sent to the calculator. I ended up disassembling the entire boot code only to come up short. So I figured it wasn't possible. But then, brandonW said that he had found a way to do it, but of course, was not going to tell anyone (for safety reason, the same reason I'm releasing this so late.) This energized me to look through the boot code, and sure enough, I figured out how to do it.

But guess what? Brandon and I had come up with entirely different ways to beat the boot code. This is actually really cool because it means we are covered the next time TI releases an boot code. So, we should be able to downgrade operating systems for quite some time.

The reason I had to wait so long to release this was so that it would not be easy for TI to change their boot code to beat my exploit. I think now is a good time to release this because TI has already made their supply of calculators for the 2011-2012 school year and it's about this time of year that people will start looking for a way to downgrade. And actually, I'm not even sure that TI will be able to reverse engineer my exploit once they find out about it, but that's another story.


So, here is the patcher: This is just an extension of my old AboutNam, the code has been finished for several months now, I just had to wait to release it. Here's what the exploit does:
  • Allows unsigned OS's (512 bit RSA and 1024 bit RSA)
  • Allows unsigned apps


The cool part is that this exploit works on all boot codes all the way back to the 83+, so feel free to use it there. And allowing/disallowing is as simple as selecting "Unsigned OS's" vs "Signed OS's." While you're at it, you might as well put your name in the certifiacte :D


As far as side effects go, here's what I've noticed:
  • Validation of OS's in boot code 1.03 takes ~5 minutes less :D
  • If the unsigned OS's are selected, the calculator will finish receiving the OS and reboot without telling the sending calculator/Ti-connect that it has finished. This is because I intercept control before the final confirmation packet is sent (which is after validation) and I have no way to tell whether the OS was received via USB or I/O. A very simple work around is to just close Ti-connect. When sending from another calculator, the calculator will just say Error in Xmit, so there's really no problem there.
  • The above is also true for receiving apps with unsigned apps enabled
  • When you run this program on an 83+BE, it will clear ram when it's done. I did this on purpose.
  • If you always use unsigned apps, you'll have no idea whether the apps will actually work on other calculators (not really a side effect)



If you want a copy of the source, just PM me, I'll be happy to send you a copy as long as you are: not TI, or are not going to send it to TI. In fact, it actually makes me happy when people look at the source, so don't feel at all like it will annoy me. I'd attach it, but like I said, I want this exploit to remain valid for a while.

Lastly, if you are going to run this program from a shell (yes you can), be sure that the program is archived. This is because it manually deallocates itself and jumps to the OS, which means if it's in ram, it's essentially deleting itself. If you run it from TI-OS, it will just run like a normal program. Why does it deallocate itself you ask? Because I encrypted it :D


Edit:
Why do you need this?
If you don't understand any of the above information, then the only reason you need this program is to downgrade your calculator from OS 2.55 to something else if you have boot code 1.03.

First off, your calculator won't have boot code 1.03 unless you bought it within the past month. Secondly, to check, press [Mode][Alpha][Ln]. If it does not say BOOT Code 1.03, then you have nothing to worry about.

The reason you would run this is because TI added in anti-downgrade protection in the boot code that would only allow you to run OS's 2.55 and higher. Of course, some people won't want to run that OS, so run this and you'll be able to downgrade.
« Last Edit: August 23, 2011, 10:46:27 pm by thepenguin77 »
zStart v1.3.013 9-20-2013 
All of my utilities
TI-Connect Help
You can build a statue out of either 1'x1' blocks or 12'x12' blocks. The 1'x1' blocks will take a lot longer, but the final product is worth it.
       -Runer112

Offline shmibs

  • しらす丼
  • Administrator
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2132
  • Rating: +281/-3
  • try to be ok, ok?
    • View Profile
    • shmibbles.me
Re: Signed Operating Systems - Who needs them?
« Reply #1 on: August 23, 2011, 06:05:00 pm »
Why does it deallocate itself you ask? Because I encrypted it :D

thepenguin, you really are the best XD
i now feel secure in buying new calcs.
« Last Edit: August 23, 2011, 06:05:21 pm by shmibs »

Offline calcdude84se

  • Needs Motivation
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2272
  • Rating: +78/-13
  • Wondering where their free time went...
    • View Profile
Re: Signed Operating Systems - Who needs them?
« Reply #2 on: August 23, 2011, 06:29:15 pm »
I'll just inquire over a general detail: since it works (presumably) on the 83+, I take it that it modifies the certificate and not the boot code?
Also, what's the point of encrypting it? It has to decrypt itself to run, and thus it should be easy to get a decrypted version to study.
Also, does it only work against 1.03, or does it work for 1.02 (and perhaps 1.00) too?
Edit: Moved to News.
« Last Edit: August 23, 2011, 06:38:04 pm by calcdude84se »
"People think computers will keep them from making mistakes. They're wrong. With computers you make mistakes faster."
-Adam Osborne
Spoiler For "PartesOS links":
I'll put it online when it does something.

Offline willrandship

  • Omnimagus of the Multi-Base.
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2953
  • Rating: +98/-13
  • Insert sugar to begin programming subroutine.
    • View Profile
Re: Signed Operating Systems - Who needs them?
« Reply #3 on: August 23, 2011, 06:51:40 pm »
So, is there any chance of finding something like this in the nspire? I'd love to see that.

Great news!

Offline thepenguin77

  • z80 Assembly Master
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1594
  • Rating: +823/-5
  • The game in my avatar is bit.ly/p0zPWu
    • View Profile
Re: Signed Operating Systems - Who needs them?
« Reply #4 on: August 23, 2011, 06:59:51 pm »
I'll just inquire over a general detail: since it works (presumably) on the 83+, I take it that it modifies the certificate and not the boot code?

Correct, it modifies the certificate.

Quote
Also, what's the point of encrypting it? It has to decrypt itself to run, and thus it should be easy to get a decrypted version to study.

Two reasons, 1) you can't just use IDA on it this way, 2) the way I encrypted it makes it very hard to NOP code (I can't give away too many details in permanent posts like this)

Quote
Also, does it only work against 1.03, or does it work for 1.02 (and perhaps 1.00) too?

This works on every boot code that has been released to date. Though, there are far fewer reasons to use it on anything besides boot code 1.03.
zStart v1.3.013 9-20-2013 
All of my utilities
TI-Connect Help
You can build a statue out of either 1'x1' blocks or 12'x12' blocks. The 1'x1' blocks will take a lot longer, but the final product is worth it.
       -Runer112

Offline calcdude84se

  • Needs Motivation
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2272
  • Rating: +78/-13
  • Wondering where their free time went...
    • View Profile
Re: Signed Operating Systems - Who needs them?
« Reply #5 on: August 23, 2011, 07:28:41 pm »
Very cool. I think I'll install :D
"People think computers will keep them from making mistakes. They're wrong. With computers you make mistakes faster."
-Adam Osborne
Spoiler For "PartesOS links":
I'll put it online when it does something.

Offline ztrumpet

  • The Rarely Active One
  • CoT Emeritus
  • LV13 Extreme Addict (Next: 9001)
  • *
  • Posts: 5712
  • Rating: +364/-4
  • If you see this, send me a PM. Just for fun.
    • View Profile
Re: Signed Operating Systems - Who needs them?
« Reply #6 on: August 23, 2011, 08:14:26 pm »
Wow.  Thepenguin, this is awesome.  I've been wondering if you'd found a way to do things like this a while back, but then forgot about it.  This is epic.

Did you ever figure out a way to keep "trial apps" from deleting themselves?

Oh, and...
Why does it deallocate itself you ask? Because I encrypted it :D
You, my friend, are a beast. :D

Offline willrandship

  • Omnimagus of the Multi-Base.
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2953
  • Rating: +98/-13
  • Insert sugar to begin programming subroutine.
    • View Profile
Re: Signed Operating Systems - Who needs them?
« Reply #7 on: August 23, 2011, 08:15:11 pm »
wait, what are Trial Apps?

Offline thepenguin77

  • z80 Assembly Master
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1594
  • Rating: +823/-5
  • The game in my avatar is bit.ly/p0zPWu
    • View Profile
Re: Signed Operating Systems - Who needs them?
« Reply #8 on: August 23, 2011, 08:20:31 pm »
Wow.  Thepenguin, this is awesome.  I've been wondering if you'd found a way to do things like this a while back, but then forgot about it.  This is epic.

Did you ever figure out a way to keep "trial apps" from deleting themselves?

Well, if you install them with this they won't. But yes, keeping them from deleting themselves is easy.

wait, what are Trial Apps?

Back when you used to have to pay for apps, people would make apps that would only run a certain number of times and then delete themselves.
zStart v1.3.013 9-20-2013 
All of my utilities
TI-Connect Help
You can build a statue out of either 1'x1' blocks or 12'x12' blocks. The 1'x1' blocks will take a lot longer, but the final product is worth it.
       -Runer112

Offline ztrumpet

  • The Rarely Active One
  • CoT Emeritus
  • LV13 Extreme Addict (Next: 9001)
  • *
  • Posts: 5712
  • Rating: +364/-4
  • If you see this, send me a PM. Just for fun.
    • View Profile
Re: Signed Operating Systems - Who needs them?
« Reply #9 on: August 23, 2011, 08:22:49 pm »
wait, what are Trial Apps?

Back when you used to have to pay for apps, people would make apps that would only run a certain number of times and then delete themselves.
(These are also the type of Apps that Axe makes.)

Offline thepenguin77

  • z80 Assembly Master
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1594
  • Rating: +823/-5
  • The game in my avatar is bit.ly/p0zPWu
    • View Profile
Re: Signed Operating Systems - Who needs them?
« Reply #10 on: August 23, 2011, 08:25:42 pm »
Really? That's a really easy fix. Check here for info. A quick writeAByte to the certificate and your app is valid.

I'll go tell quigibo.
zStart v1.3.013 9-20-2013 
All of my utilities
TI-Connect Help
You can build a statue out of either 1'x1' blocks or 12'x12' blocks. The 1'x1' blocks will take a lot longer, but the final product is worth it.
       -Runer112

Offline annoyingcalc

  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1953
  • Rating: +140/-72
  • Found in Eclipse.exe
    • View Profile
Re: Signed Operating Systems - Who needs them?
« Reply #11 on: August 23, 2011, 08:28:43 pm »
 :o O.O amazingly cool
This used to contain a signature.

Offline mrmprog

  • LV7 Elite (Next: 700)
  • *******
  • Posts: 559
  • Rating: +35/-1
    • View Profile
Re: Signed Operating Systems - Who needs them?
« Reply #12 on: August 23, 2011, 08:31:35 pm »
Great job! Now I am not afraid to buy any new calcs!

Offline Juju

  • Incredibly sexy mare
  • Coder Of Tomorrow
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 5730
  • Rating: +500/-19
  • Weird programmer
    • View Profile
    • juju2143's shed
Re: Signed Operating Systems - Who needs them?
« Reply #13 on: August 23, 2011, 08:40:09 pm »
Damn thepenguin77, I cannot handle your awesomeness. You are now our hero.

Remember the day the walrus started to fly...

I finally cleared my sig after 4 years you're happy now?
THEGAME
This signature is ridiculously large you've been warned.

The cute mare that used to be in my avatar is Yuki Kagayaki, you can follow her on Facebook and Tumblr.

Offline Binder News

  • LV8 Addict (Next: 1000)
  • ********
  • Posts: 785
  • Rating: +46/-3
  • Zombie of Tomorrow
    • View Profile
Re: Signed Operating Systems - Who needs them?
« Reply #14 on: August 23, 2011, 09:13:40 pm »
Thepenguin, you are a calculator god.
Spoiler For userbars:







Hacker-in-training!   Z80 Assembly Programmer     Axe Programmer
C++ H4X0R             Java Coder                           I <3 Python!

Perdidisti ludum     Cerebrum non habes

"We are humans first, no matter what."
"Fame is a vapor, popularity an accident, and riches take wings. Only one thing endures, and that is character."
Spoiler For Test Results: