Author Topic: The TI-Nspire CAS+ dumped at last !  (Read 16600 times)

0 Members and 2 Guests are viewing this topic.

Offline Jim Bauwens

  • Lua! Nspire! Linux!
  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1881
  • Rating: +206/-7
  • Linux!
    • View Profile
    • nothing...
Re: The TI-Nspire CAS+ dumped at last !
« Reply #15 on: May 03, 2012, 04:05:23 am »
Interesting Goplat!
However pn_fm_fput is no existing command (but maybe it an int containing an address, need to check).
Also, the IP should just be a decimal number.
But it is great that you could find more info about the function, I'll soon do some tests with it (or Adrien, as my CAS+ just lost it's mind) :)



1337 posts
« Last Edit: May 03, 2012, 04:05:41 am by jimbauwens »

Offline Adriweb

  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1708
  • Rating: +229/-17
    • View Profile
    • TI-Planet.org
Re: The TI-Nspire CAS+ dumped at last !
« Reply #16 on: May 03, 2012, 06:34:58 am »
Interesting indeed, I will try that soon, thanks GoPlat.

Also, I wiresharked the device transactions, I can send you some logs of basic actions.

Basically :
port 10001 tcp : how the software communicates.
port 10002 tcp : "TI-PN" shell via telnet. You know about that one. Not used by the software.
port 10003 udp : discovery port where the unit always (whatever you send) replies by its version ("pn-srv5.c phoenix 2006" or something like that)
« Last Edit: May 03, 2012, 06:35:50 am by adriweb »
My calculator programs
TI-Planet.org co-admin.
TI-Nspire Lua programming : Tutorials  |  API Documentation

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
Re: The TI-Nspire CAS+ dumped at last !
« Reply #17 on: May 03, 2012, 11:47:42 am »
The TI-Nspire CAS+ P1-EVT2 has a different boot screen than later Nspire: So it probably has different Boot2 and Diags flashing screens too.
I hope you're making sure there is no diags present before testing the diags reflashing combination, as it immediately erases diags before receiving any data (unlike the boot2 reflashing combination, which doesn't erase until the transfer is completed)

Yes,I had checked before. When using the diags combo on the P1-EVT2, we get an error in the bootlog:
Code: [Select]
Keypad request - launching DIAGS software...

Error reading/validating DIAGS image
Error loading DIAGS. reverting to BOOT2.

Up to now, I've never found a CAS+ including a Diags image :(
TI-Planet co-admin.

Offline Adriweb

  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1708
  • Rating: +229/-17
    • View Profile
    • TI-Planet.org
Re: The TI-Nspire CAS+ dumped at last !
« Reply #18 on: May 04, 2012, 06:27:38 am »
fm_xfer(127.0.0.1, pn_fm_fput, "/phx/documents/ndless/phoenix.tns", "/phoenix/install/phoenix.img", 5000, 1, 0)
BTW, first arg is supposed to be a long (ip2long), so, 127.0.0.1 became 2130706433.
So, I just tested that, and I still get the "-100" (error/return code). I tested with some variants within the function call, but nothing ... :(

Any other idea, this looked kinda good :D
My calculator programs
TI-Planet.org co-admin.
TI-Nspire Lua programming : Tutorials  |  API Documentation

Offline Goplat

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 289
  • Rating: +82/-0
    • View Profile
Re: The TI-Nspire CAS+ dumped at last !
« Reply #19 on: May 04, 2012, 12:00:10 pm »
BTW, first arg is supposed to be a long (ip2long), so, 127.0.0.1 became 2130706433.
The function that parses that argument (10339db0) reads a token, compares it to the string "addr", returns some variable if equal (probably the IP address of the other side), and tries to parse the token as an IP address otherwise (using the 10345488 function), dots and all. Don't be misled by the C-ish syntax.
Numquam te deseram; numquam te deficiam; numquam circa curram et te desolabo
Numquam te plorare faciam; numquam valedicam; numquam mendacium dicam et te vulnerabo

Offline Adriweb

  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1708
  • Rating: +229/-17
    • View Profile
    • TI-Planet.org
Re: The TI-Nspire CAS+ dumped at last !
« Reply #20 on: May 04, 2012, 12:02:09 pm »
Hmm ok, thanks...

However, I found multiple occurences of code calling stuff with ip directly in the long format, and not the "normal" format, so I guess that's again de-compilation "mistakes" ?

Also, jim and I made a google doc with what we found/documented so far :
https://docs.google.com/document/d/1cP5BIeV8B66VXXv1LqOUl_SNO8voF2s1CxR_Ofuy9UM/edit

You're welcome to put there what you found too :)
« Last Edit: May 04, 2012, 12:09:09 pm by adriweb »
My calculator programs
TI-Planet.org co-admin.
TI-Nspire Lua programming : Tutorials  |  API Documentation

Offline Jim Bauwens

  • Lua! Nspire! Linux!
  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1881
  • Rating: +206/-7
  • Linux!
    • View Profile
    • nothing...
Re: The TI-Nspire CAS+ dumped at last !
« Reply #21 on: May 04, 2012, 12:03:26 pm »
Ah, thanks for the info.
It's just weird since multiple functions contains the decimal equivalent of 127.0.0.1. But maybe that's because we are looking at the wrong file.
« Last Edit: May 04, 2012, 12:08:39 pm by adriweb »

Offline Goplat

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 289
  • Rating: +82/-0
    • View Profile
Re: The TI-Nspire CAS+ dumped at last !
« Reply #22 on: May 04, 2012, 12:09:16 pm »
However, I found multiple occurences of code calling stuff with ip directly in the long format, and not the "normal" format, so I guess that's again de-compilation "mistakes" ?
Not a mistake - the actual TI_PN_fm_xfer function (10342018) is called with an integer representing the IP address as its first argument. The port-10002 shell just does not use exact C syntax in all cases - in this case it wants the IP address in dotted quad notation instead of a plain number.
Numquam te deseram; numquam te deficiam; numquam circa curram et te desolabo
Numquam te plorare faciam; numquam valedicam; numquam mendacium dicam et te vulnerabo

Offline Adriweb

  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1708
  • Rating: +229/-17
    • View Profile
    • TI-Planet.org
Re: The TI-Nspire CAS+ dumped at last !
« Reply #23 on: May 04, 2012, 12:09:50 pm »
Ok, let me try this, then :)
My calculator programs
TI-Planet.org co-admin.
TI-Nspire Lua programming : Tutorials  |  API Documentation

Offline Adriweb

  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1708
  • Rating: +229/-17
    • View Profile
    • TI-Planet.org
Re: The TI-Nspire CAS+ dumped at last !
« Reply #24 on: May 04, 2012, 12:15:48 pm »
Wow, sorry for the double post, but it's worth it :
it looks like it works (for a part, at least ) :

Here's what I get :
Code: [Select]
   TI_PN_fm_xfer(127.0.0.1, pn_fm_fput, "/phx/documents/ndless/phoenix.tns", "/phoenix/install/phoenix.img", 5000, 1, 0)
fm_xfer(127.0.0.1, pn_fm_fput, "/phx/documents/ndless/phoenix.tns", "/phoenix/install/phoenix.img", 5000, 1, 0) = -unknown functio
n ``ti_pn_fm_xfer''
102
   TI_PN_  [-1022]

TI_PN_fn_cbfn: transferred 6144 of 5065885
                                          fn_cbfn: transferred 6144 of 5065885
                                                                              fm_xfer(127.0.0.1, pn_fm_fput, "/phx/documents/ndles
s/phoenix.tns", "/phoenix/install/phoenix.img", 5000, 1, 0) = -1022 [-1022] = -1013 [-1013]

TI_PN_

Weirdly, there is still nothing in the destination folder tho...

GOPLAT++ !


OK, with the options at 0,0,0 it worked !!
Let me host the OS file :D
« Last Edit: May 04, 2012, 12:36:31 pm by adriweb »
My calculator programs
TI-Planet.org co-admin.
TI-Nspire Lua programming : Tutorials  |  API Documentation

Offline Jim Bauwens

  • Lua! Nspire! Linux!
  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1881
  • Rating: +206/-7
  • Linux!
    • View Profile
    • nothing...
Re: The TI-Nspire CAS+ dumped at last !
« Reply #25 on: May 04, 2012, 12:51:51 pm »
Very nice!
Great :)

Offline Adriweb

  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1708
  • Rating: +229/-17
    • View Profile
    • TI-Planet.org
Re: The TI-Nspire CAS+ dumped at last !
« Reply #26 on: May 04, 2012, 04:20:40 pm »
Just for you guys .... Thanks to GoPlat :



The Boot2 still remains to be dumped :) But Jim is doing that ...
« Last Edit: May 04, 2012, 04:21:52 pm by adriweb »
My calculator programs
TI-Planet.org co-admin.
TI-Nspire Lua programming : Tutorials  |  API Documentation

Offline TheNlightenedOne

  • LV6 Super Member (Next: 500)
  • ******
  • Posts: 427
  • Rating: +16/-1
    • View Profile
Re: The TI-Nspire CAS+ dumped at last !
« Reply #27 on: May 04, 2012, 05:07:04 pm »
Sorry if this seems rude or noobish, but why wasn't this done instead of connecting the NAND (I think? Correct me if I'm wrong) to an xD card reader?
"Eris" (Ndless 3.1)
"Keto" (Ndless 3.1)
"Luna" (AMS 3.10, HW4)
"Aurora" (2.55MP)

Offline Adriweb

  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1708
  • Rating: +229/-17
    • View Profile
    • TI-Planet.org
Re: The TI-Nspire CAS+ dumped at last !
« Reply #28 on: May 04, 2012, 05:07:53 pm »
Both methods were tried simultaneously actually.
We only started to work on that a few days ago ... idk why :D

The nand reader is still needed to be done to get the boot2.
My calculator programs
TI-Planet.org co-admin.
TI-Nspire Lua programming : Tutorials  |  API Documentation

Offline Jim Bauwens

  • Lua! Nspire! Linux!
  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1881
  • Rating: +206/-7
  • Linux!
    • View Profile
    • nothing...
Re: The TI-Nspire CAS+ dumped at last !
« Reply #29 on: May 04, 2012, 05:08:58 pm »
Because I only found the 10002 port a couple of days ago AND we needed to reverse engineer some parts of an older CAS+ that we just dumped a few days ago to be able to find how it operated.