Author Topic: CAS+ dumping / flashing / Ndlessing  (Read 6447 times)

0 Members and 2 Guests are viewing this topic.

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
CAS+ dumping / flashing / Ndlessing
« on: November 07, 2010, 07:40:41 am »
This topic is about jailbreaking the TI-Nspire CAS+ with OS 1.0.554.

Crossposting from TI-Bank and UTI, in case anyone can help with ideas or tests.



I have done some tests for months by my side. Here are my results so far:


1)a) Calculator "Send OS":

The "Send OS" menu is disabled.
Even when you connect the calculator to a computer, to a TI-Nspire/Nspire CAS, or even to another TI-Nspire CAS+.

According to tests I had asked for to Datamath, the "Send OS" menu was enabled on previous CAS+ OSes (1.0.4xx, 1.0.3xx). But I've never seen those older prototypes anywhere outside  the Datamath museum.


1)b) Calculator file architecture:

According to a basic link tool I've developped:

The CAS+ doesn't understand ".." folder
It has no "/phoenix" folder.

Visible folders are only:
"/"
"/phx"
"/phx/documents"
"/phx/tmp"

And nothing interesting in those folders.

So, the OS is not visible in the filesystem.

Notice: with so few files, the systems reports 5.9Mb used in the 27.8Mb Flash file system... Where are those Mb?...


2) Maintenance menu:

Do not try menu+enter+p. It doesn't show a menu, but does remove the OS.


3) Diagnostic menu:

I haven't managed to trigger the diagnostic menu.
With Esc+Menu+G, the calculator just doesn't turn on until you remove the batteries... Strange...


4) Ndless 1.4/1.7:

Great news! Trying to install Ndless 1.4/1.7 crashes the calculator!

You can still move the pointer and turn the calculator off and on.
But that's all.
All other keys seem useless...
And except about the pointer, the screen is not updated and seems frozen: no "low battery" or "low ressources" indicator flashing, no control key flag...

Seems the main program/OS loop is crashed/stucked, but that interrupts are still working.

It would be great to try to install Ndless 1.0/1.1/1.1.1...


5) Computer "Send OS":

The TI-Nspire Computer Link 1.0 looks for ".tnc" OS update files.
If a CAS+ calculator is connected, you immediatly get a "bad file" error when trying to flash the 1.1 CAS OS, or even the 1.1 OS renamed from ".tno" to ".tnc".

I've used a Java decompiler. The sources were not 100% ok (won't compile again - syntax errors), but here is what I have understood about the "Send OS" code. Note, I might be wrong.

- I think the ".tnc" file is not sent to the calculator.
- The ".tnc" file is decompressed on the computer in a temporary folder.
- All included files are sent one by one to the CAS+ in the "/phx/tmp" folder.
- The code checks that you've sent a ".img" file, and a "manifest_img" file.
- Then, the code calls a native method installOS() with the calculator pathes of both above files.

I've made various tests by sending such files to the "/phx/tmp" folder, but the native installOS() just triggers a "Bad File" exception without telling me anything more.

Notice: even after sending severall Mb of data in the "/phx/tmp" folder, the free space remains unchanged.


That's all for today.


I've got 2 identical TI-Nspire CAS+.
If you've got any idea of other interesting tests, just tell me.



What would be interesting to do with the CAS+ is:
- installing Ndless 1.0/1.1/1.1.1
- installing Ndless 1.4/1.7
- dumping/reflashing the 1.0 OS
- dumping the 1.0 boot2
- flashing a 1.1 OS
- flashing a 1.1 boot2
TI-Planet co-admin.

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: CAS+ dumping / flashing / Ndlessing
« Reply #1 on: November 07, 2010, 01:07:14 pm »
Wow interesting find! It would indeed be nice if Ndless was possible on it (as long as it can't permanently brick the calculator if a game crashes or something), because a bunch of people bough CAS+ calculators either by mistake or because they wanted one.
« Last Edit: November 07, 2010, 01:07:28 pm by DJ Omnimaga »

Offline FloppusMaximus

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 290
  • Rating: +57/-5
    • View Profile
Re: CAS+ dumping / flashing / Ndlessing
« Reply #2 on: November 07, 2010, 02:15:37 pm »
Does it have an RS232 "serial console" like the regular Nspire models do?

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
Re: CAS+ dumping / flashing / Ndlessing
« Reply #3 on: November 07, 2010, 02:46:03 pm »
Does it have an RS232 "serial console" like the regular Nspire models do?

It has the same connector.
I need to build the cable and test...
TI-Planet co-admin.

Offline ExtendeD

  • CoT Emeritus
  • LV8 Addict (Next: 1000)
  • *
  • Posts: 825
  • Rating: +167/-2
    • View Profile
Re: CAS+ dumping / flashing / Ndlessing
« Reply #4 on: November 07, 2010, 02:50:08 pm »
Be careful if you want to try to flash boot2. This will erase the original boot code. If the boot image is incompatible with CAS+ or rejected because the signing keys have changed, the caculator will become unusable.
Ndless.me with the finest TI-Nspire programs

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
Re: CAS+ dumping / flashing / Ndlessing
« Reply #5 on: November 08, 2010, 07:56:13 am »
Be careful if you want to try to flash boot2. This will erase the original boot code. If the boot image is incompatible with CAS+ or rejected because the signing keys have changed, the caculator will become unusable.


That's why I've got 2 Nspire CAS+.

I know what I'm  risking. The 1.1/1.4 boot2 may be incompatible with the TI-Nspire CAS+. And even if they are compatible, the 1.0 boot1 may refuse to load it because of a different signature.

If I manage to build the appropriate cable/interface, I'll begin by testing it with a basic/CAS TI-Nspire. Logging, then diagnostic/boot2 reflashing as we've got valid images of them.

And if everything seems to work, the next steps will be in order:
- logging the CAS+ boot messages and publishing them
- flashing a 1.1 diagnostic software and testing it
- flashing the 1.1 boot2 and testing
- flashing the 1.1 OS and testing

ExtendeD -> don't you have a working unused cable you could lend me?
There's something I'm very bad at: it's soldering!
« Last Edit: November 08, 2010, 07:58:15 am by critor »
TI-Planet co-admin.

Offline ExtendeD

  • CoT Emeritus
  • LV8 Addict (Next: 1000)
  • *
  • Posts: 825
  • Rating: +167/-2
    • View Profile
Re: CAS+ dumping / flashing / Ndlessing
« Reply #6 on: November 08, 2010, 02:14:06 pm »
I have a breadboard with the required chip I am currently not using, but lending it too may be unfortunately difficult, the chips would probably be damaged during shipping.

I am now using a USB-RS232 adapter hwti sent me, it is much more handy. You could try to find one to avoid building the circuit. There are usually used for transfers between a computer and a cellphone, there are probably not too expensive.
« Last Edit: November 08, 2010, 02:14:15 pm by ExtendeD »
Ndless.me with the finest TI-Nspire programs

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
Re: CAS+ dumping / flashing / Ndlessing
« Reply #7 on: November 08, 2010, 04:32:16 pm »
ExtendeD -> I'm not good at electronics.

Can you tell me what is the purpose of the electronic circuit described on Yaronet/Hackspire ?

Why isn't a simple db9 plug enough ?
TI-Planet co-admin.

Offline ExtendeD

  • CoT Emeritus
  • LV8 Addict (Next: 1000)
  • *
  • Posts: 825
  • Rating: +167/-2
    • View Profile
Re: CAS+ dumping / flashing / Ndlessing
« Reply #8 on: November 08, 2010, 04:36:44 pm »
Neither am I :)

The voltage needs to be adapted. The max3232 does the job.
Ndless.me with the finest TI-Nspire programs

Offline Goplat

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 289
  • Rating: +82/-0
    • View Profile
Re: CAS+ dumping / flashing / Ndlessing
« Reply #9 on: November 23, 2010, 02:10:51 pm »
ExtendeD: Instead of bothering with adapters and such, would it be possible to just connect the serial ports of two Nspires together in a cross-over configuration, and run a program on one to dump what it reads to a file? Seems that would be easier, to someone who has a spare.

Edit: noticed critor's comment about soldering; is a serial cable something that has to be soldered to the connector? obviously this would be a bad idea if so :p
« Last Edit: November 23, 2010, 02:20:13 pm by Goplat »
Numquam te deseram; numquam te deficiam; numquam circa curram et te desolabo
Numquam te plorare faciam; numquam valedicam; numquam mendacium dicam et te vulnerabo

Offline ExtendeD

  • CoT Emeritus
  • LV8 Addict (Next: 1000)
  • *
  • Posts: 825
  • Rating: +167/-2
    • View Profile
Re: CAS+ dumping / flashing / Ndlessing
« Reply #10 on: November 23, 2010, 03:29:07 pm »
Ndless.me with the finest TI-Nspire programs