Author Topic: ThePenguin77 Removes the Last Traces of TI from his Calculator  (Read 34007 times)

0 Members and 2 Guests are viewing this topic.

Offline thepenguin77

  • z80 Assembly Master
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1594
  • Rating: +823/-5
  • The game in my avatar is bit.ly/p0zPWu
    • View Profile
This whole process started a long time ago when FloppusMaximus unlocked flash on his calculator. Then came custom OS's, the key factoring, and finally modifying the boot code. This will remove almost all traces of TI from your calculator, but your not quite done, you still can't execute code >$C000.

However, today, I managed to do it. I executed code all the way from $C000 to $FFFF on page 0.

I was playing around with DrDnar's MicrOS preparing to do some boot code changes, when I got a little scared and decided to play around with the protected ports a little. I kept going down the line seeing what would change, and what wouldn't, when all of a sudden, writing to port (25h) crashed my calculator. After a little bit of experimentation, I figured out that any value higher than 17h caused a restart. Then I noticed that port (26h) also crashed my calculator, so after a bit more playing, I realized that any value lower than 1Ah would cause a reset.

Why this actually happened caused me quite a bit of trouble. I started outputting different values to the ports and seeing what I could get to crash. I tried running all sorts of programs with these ports enabled and I wasn't really getting any results. But finally, four hours later, with lots of trial and error with StarFox, I realized that the programs would crash if they executed ram low in memory. A quick check with a RET placed at $8000 confirmed this and then I was off to test the limits.

Setting port (25h) to 17h crashed when PC went below 9C00h. 16h crashed at 9800h. So obviously it is counting by 400h. I then did some testing with port (26h). 19h crashed at A800h and 1A crashed at AC00h. So again, counting by 400h.

After a bit more testing, I realized that these ports are looking at the ram chip as a whole where page 00h comes first, then 01h, 02h, and so on and setting the upper and lower ram execution limits.

So...
Send 00h to port (25h) and FFh to (26h) and your calculator will never crash from PC execution ever again.


For more details, see the newly updated wikiTi for ports 25h and 26h.
zStart v1.3.013 9-20-2013 
All of my utilities
TI-Connect Help
You can build a statue out of either 1'x1' blocks or 12'x12' blocks. The 1'x1' blocks will take a lot longer, but the final product is worth it.
       -Runer112

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: ThePenguin77 Removes the Last Traces of TI from his Calculator
« Reply #1 on: June 28, 2011, 05:46:05 pm »
Wiow this is awesome, so you totally destroyed the 8 KB limit? O.O

Offline Hot_Dog

  • CoT Emeritus
  • LV12 Extreme Poster (Next: 5000)
  • *
  • Posts: 3006
  • Rating: +445/-10
    • View Profile
Re: ThePenguin77 Removes the Last Traces of TI from his Calculator
« Reply #2 on: June 28, 2011, 06:02:11 pm »
Cool!  What are the original values?

Too bad this doesn't work on a Ti-83+ BE

Offline calc84maniac

  • eZ80 Guru
  • Coder Of Tomorrow
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2912
  • Rating: +471/-17
    • View Profile
    • TI-Boy CE
Re: ThePenguin77 Removes the Last Traces of TI from his Calculator
« Reply #3 on: June 28, 2011, 06:02:56 pm »
Cool!  What are the original values?

Too bad this doesn't work on a Ti-83+ BE
It has its own method that's just as easy ;)
"Most people ask, 'What does a thing do?' Hackers ask, 'What can I make it do?'" - Pablos Holman

Offline thepenguin77

  • z80 Assembly Master
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1594
  • Rating: +823/-5
  • The game in my avatar is bit.ly/p0zPWu
    • View Profile
Re: ThePenguin77 Removes the Last Traces of TI from his Calculator
« Reply #4 on: June 28, 2011, 06:03:53 pm »
Wiow this is awesome, so you totally destroyed the 8 KB limit? O.O

Gone

Cool!  What are the original values?

Too bad this doesn't work on a Ti-83+ BE

Typically, 25h and 26h are at 10h and 20h respectively. As long as bits 4 and 5 are 00 though, you should only have to set 25h to 00h to make this work.
zStart v1.3.013 9-20-2013 
All of my utilities
TI-Connect Help
You can build a statue out of either 1'x1' blocks or 12'x12' blocks. The 1'x1' blocks will take a lot longer, but the final product is worth it.
       -Runer112

Offline Hot_Dog

  • CoT Emeritus
  • LV12 Extreme Poster (Next: 5000)
  • *
  • Posts: 3006
  • Rating: +445/-10
    • View Profile
Re: ThePenguin77 Removes the Last Traces of TI from his Calculator
« Reply #5 on: June 28, 2011, 06:04:48 pm »
Cool!  What are the original values?

Too bad this doesn't work on a Ti-83+ BE
It has its own method that's just as easy ;)

Well, almost as easy...

Ashbad

  • Guest
Re: ThePenguin77 Removes the Last Traces of TI from his Calculator
« Reply #6 on: June 28, 2011, 06:34:04 pm »
so, doing:

Code: [Select]
ld a,0
nop
nop
im 1
di
out (25h),a
ld a,$FF
nop
nop
im 1
di
out (26h),a

will allow you to never have the >$C000 thing happen again?

AWESOME.
« Last Edit: June 28, 2011, 06:34:26 pm by Ashbad »

Offline Hot_Dog

  • CoT Emeritus
  • LV12 Extreme Poster (Next: 5000)
  • *
  • Posts: 3006
  • Rating: +445/-10
    • View Profile
Re: ThePenguin77 Removes the Last Traces of TI from his Calculator
« Reply #7 on: June 28, 2011, 06:39:14 pm »
so, doing:

Code: [Select]
ld a,0
nop
nop
im 1
di
out (25h),a
ld a,$FF
nop
nop
im 1
di
out (26h),a

will allow you to never have the >$C000 thing happen again?


It also looks like you cannot alter the values of the ports unless you do so from certain flash pages.  But I've been wrong before.

Offline thepenguin77

  • z80 Assembly Master
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1594
  • Rating: +823/-5
  • The game in my avatar is bit.ly/p0zPWu
    • View Profile
Re: ThePenguin77 Removes the Last Traces of TI from his Calculator
« Reply #8 on: June 28, 2011, 06:41:09 pm »
Well, first, flash has to be unlocked before you can even dream about changing ports 25 and 26.

But actually, what we've found through testing is that you don't need that special sequence and it doesn't have to be on a privileged page, the boot code does it, but I'm not really sure you need it. I've been just changing them with OUT ($24), a.


So, unlock flash. Then use the ports like normal.
« Last Edit: June 28, 2011, 06:42:03 pm by thepenguin77 »
zStart v1.3.013 9-20-2013 
All of my utilities
TI-Connect Help
You can build a statue out of either 1'x1' blocks or 12'x12' blocks. The 1'x1' blocks will take a lot longer, but the final product is worth it.
       -Runer112

Offline AngelFish

  • Is this my custom title?
  • Administrator
  • LV12 Extreme Poster (Next: 5000)
  • ************
  • Posts: 3242
  • Rating: +270/-27
  • I'm a Fishbot
    • View Profile
Re: ThePenguin77 Removes the Last Traces of TI from his Calculator
« Reply #9 on: June 28, 2011, 06:43:46 pm »
So... Can we get a demo program to try out or is it too dangerous?
∂²Ψ    -(2m(V(x)-E)Ψ
---  = -------------
∂x²        ℏ²Ψ

Offline Deep Toaster

  • So much to do, so much time, so little motivation
  • Administrator
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 8217
  • Rating: +758/-15
    • View Profile
    • ClrHome
Re: ThePenguin77 Removes the Last Traces of TI from his Calculator
« Reply #10 on: June 28, 2011, 06:57:26 pm »
Wow. You did it.

It feels awesome to be reminded that underneath all these little details, the TI-83 Plus series are just little computers.
« Last Edit: June 28, 2011, 06:57:58 pm by Deep Thought »




Offline thepenguin77

  • z80 Assembly Master
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1594
  • Rating: +823/-5
  • The game in my avatar is bit.ly/p0zPWu
    • View Profile
Re: ThePenguin77 Removes the Last Traces of TI from his Calculator
« Reply #11 on: June 28, 2011, 06:57:36 pm »
Sure, why not. Actually, I want people to run this. It will tell me two things.

1. Do you actually have to do the special sequence to change ports 25h and 26h.
2. Does this work on an 83+SE.

So, just run this program. It will show you the number on screen that it is currently executing at. What it is doing is it is putting a RET at every address in ram and calling it. If it breaks through the $C000 boundary, that means it works fine.

I really need to you run this test if

1. You have a 83+SE. Theoretically, this should work.
2. You have a really low revision 84+BE/SE. We need to know if the port writing still works OK on these.


Finally, here is the program and the source. (I left out the unlock flash so I don't make certain people mad) Just so you know, it clears ram. It will crash when it gets to 10000h or you can pull a battery.
zStart v1.3.013 9-20-2013 
All of my utilities
TI-Connect Help
You can build a statue out of either 1'x1' blocks or 12'x12' blocks. The 1'x1' blocks will take a lot longer, but the final product is worth it.
       -Runer112

Offline Runer112

  • Moderator
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2289
  • Rating: +639/-31
    • View Profile
Re: ThePenguin77 Removes the Last Traces of TI from his Calculator
« Reply #12 on: June 28, 2011, 07:07:35 pm »
I really need to you run this test if

1. You have a 83+SE. Theoretically, this should work.
2. You have a really low revision 84+BE/SE. We need to know if the port writing still works OK on these.

Works on my ancient 0404 84+SE calc. No revision letter because it was the very first revision.
« Last Edit: June 28, 2011, 08:43:01 pm by Runer112 »

Offline Deep Toaster

  • So much to do, so much time, so little motivation
  • Administrator
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 8217
  • Rating: +758/-15
    • View Profile
    • ClrHome
Re: ThePenguin77 Removes the Last Traces of TI from his Calculator
« Reply #13 on: June 28, 2011, 07:08:16 pm »
Runer112 you have one of the first-revision ones? O.O When'd you get it?




Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: ThePenguin77 Removes the Last Traces of TI from his Calculator
« Reply #14 on: June 28, 2011, 07:13:07 pm »
I bet plenty of people on IRC still got them, because they were around since their release. I think tr1p1ea has one of them.