Author Topic: Difference Between TI-Nspire and TI-Nspire CAS  (Read 5469 times)

0 Members and 1 Guest are viewing this topic.

Offline mikehill2003

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 279
  • Rating: +13/-4
    • View Profile
Difference Between TI-Nspire and TI-Nspire CAS
« on: March 23, 2011, 08:45:10 pm »
Can anyone tell me what the differences are (besides the obvious)? I assume TI provides two separate OS images, and something prevents the CAS OS from loading on the regular Nspire. Are they signed with two different keys?

Offline apcalc

  • The Game
  • CoT Emeritus
  • LV10 31337 u53r (Next: 2000)
  • *
  • Posts: 1393
  • Rating: +120/-2
  • VGhlIEdhbWUh (Base 64 :))
    • View Profile
Re: Difference Between TI-Nspire and TI-Nspire CAS
« Reply #1 on: March 23, 2011, 09:01:12 pm »
Yes, the two are signed with different keys. :(

The only two differences I can think of between the two are (1) the obvious, the CAS has a full Computer Algebra System, and (2) the non-CAS, excluding the new CX model, supports 84 emulation.  Other than that, both calcs are really the same thing.


Offline mikehill2003

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 279
  • Rating: +13/-4
    • View Profile
Re: Difference Between TI-Nspire and TI-Nspire CAS
« Reply #2 on: March 23, 2011, 09:24:51 pm »
Yes, the two are signed with different keys. :(
Darn.

Please pardon my ignorance, it will be a week or two before I get my Nspire basic (v2 with touchpad and ti-84 emu [I wanted an Nspire CAS, but this was nearly new and $60. A CAS would have cost twice as much.]).

Are boot1 and boot2 stored on the same NAND flash rom?
If so, is there any chance of using Ndless to flash an OS with an invalid signature and a boot2 to load it?

Or would I need to re-flash the NAND directly?
Soldering onto those tiny traces is tough (see attachment).

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
Re: Difference Between TI-Nspire and TI-Nspire CAS
« Reply #3 on: March 23, 2011, 09:40:17 pm »
Yes, the two are signed with different keys. :(
Darn.

Please pardon my ignorance, it will be a week or two before I get my Nspire basic (v2 with touchpad and ti-84 emu [I wanted an Nspire CAS, but this was nearly new and $60. A CAS would have cost twice as much.]).

Are boot1 and boot2 stored on the same NAND flash rom?
If so, is there any chance of using Ndless to flash an OS with an invalid signature and a boot2 to load it?

Or would I need to re-flash the NAND directly?


Boot2 & OS are stored in the same NAND ROM chip.

But, Boot1 is stored in a separate NOR ROM chip.


Without modifying the boot2, no invalid OS.
But without modifying the boot1, no modified boot2...

As for Ndless, with ExtendeD and then Bsl we have made some tests, trying to (re)flash the diagnostic software accessible at boot time through Esc+Menu+G (so something which is not "vital").
With more than 20 tests and 10 different versions of the flasher, the flashing succeeded just once... :(

Untill we can understand more about that very low success rate, we can assume you cannot flash anything safely in NAND ROM through Ndless.


Note: according to some messages found in the diagnostic software images, the NOR ROM seems flashable...
TI-Planet co-admin.

Offline mikehill2003

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 279
  • Rating: +13/-4
    • View Profile
Re: Difference Between TI-Nspire and TI-Nspire CAS
« Reply #4 on: March 23, 2011, 10:04:11 pm »
So... boot1 might be changeable, boot2 is not. Flashing the NAND with Ndless is very unstable, and the reason has not yet been discovered. Do you think that the low success rate was due to some form of protection? Is it possible to see how the OS re-flashes the NAND, and possibly modify that routine if it checks the OS image signature?

Thanks for all the info! I really enjoy learning about systems like this.

Offline jnesselr

  • King Graphmastur
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2270
  • Rating: +81/-20
  • TAO == epic
    • View Profile
Re: Difference Between TI-Nspire and TI-Nspire CAS
« Reply #5 on: March 23, 2011, 10:06:16 pm »
So... boot1 might be changeable, boot2 is not. Flashing the NAND with Ndless is very unstable, and the reason has not yet been discovered. Do you think that the low success rate was due to some form of protection? Is it possible to see how the OS re-flashes the NAND, and possibly modify that routine if it checks the OS image signature?

Thanks for all the info! I really enjoy learning about systems like this.
The other way around.  Although boot1 might be erasable, modifiable would be more difficult.  And no, I don't think it's possible to see how the OS does it, or if it is, I don't think it's modifiable.  It might be, though.

Offline mikehill2003

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 279
  • Rating: +13/-4
    • View Profile
Re: Difference Between TI-Nspire and TI-Nspire CAS
« Reply #6 on: March 23, 2011, 10:10:55 pm »
So... boot1 might be changeable, boot2 is not. Flashing the NAND with Ndless is very unstable, and the reason has not yet been discovered. Do you think that the low success rate was due to some form of protection? Is it possible to see how the OS re-flashes the NAND, and possibly modify that routine if it checks the OS image signature?

Thanks for all the info! I really enjoy learning about systems like this.
The other way around.  Although boot1 might be erasable, modifiable would be more difficult.  And no, I don't think it's possible to see how the OS does it, or if it is, I don't think it's modifiable.  It might be, though.

So the NAND can be changed, but the NOR cannot?

Offline Goplat

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 289
  • Rating: +82/-0
    • View Profile
Re: Difference Between TI-Nspire and TI-Nspire CAS
« Reply #7 on: March 23, 2011, 10:52:54 pm »
Yes, the two are signed with different keys. :(
Actually, they are signed with the same key. The reason you cannot use a TI-Nspire CAS OS on the TI-Nspire or vice versa is because for an OS to validate:
  • There must be an 8010 field present which matches the first two characters of the Product ID, which are stored in NAND flash (but don't bother trying to change it, because of the other protection described next)
  • The 80E0 field must contain a byte matching a part of the value read from address 0x900A0028/0x900A002C (presumably, this is an 8 byte ROM inside the ASIC and cannot be changed)

Changing these fields in the OS image will mean the signature isn't valid and the OS won't load.
Numquam te deseram; numquam te deficiam; numquam circa curram et te desolabo
Numquam te plorare faciam; numquam valedicam; numquam mendacium dicam et te vulnerabo

Offline mikehill2003

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 279
  • Rating: +13/-4
    • View Profile
Re: Difference Between TI-Nspire and TI-Nspire CAS
« Reply #8 on: March 23, 2011, 11:17:58 pm »
Yes, the two are signed with different keys. :(
Actually, they are signed with the same key. The reason you cannot use a TI-Nspire CAS OS on the TI-Nspire or vice versa is because for an OS to validate:
  • There must be an 8010 field present which matches the first two characters of the Product ID, which are stored in NAND flash (but don't bother trying to change it, because of the other protection described next)
  • The 80E0 field must contain a byte matching a part of the value read from address 0x900A0028/0x900A002C (presumably, this is an 8 byte ROM inside the ASIC and cannot be changed)

Changing these fields in the OS image will mean the signature isn't valid and the OS won't load.


Fascinating. Is it boot1 or boot2 and/or the OS that does this?

Offline Goplat

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 289
  • Rating: +82/-0
    • View Profile
Re: Difference Between TI-Nspire and TI-Nspire CAS
« Reply #9 on: March 23, 2011, 11:49:52 pm »
The two requirements are enforced in boot2's validation of an OS image. (Actually, the 8010 field requirement is also enforced in boot1's validation of a boot2 image. However, so far every version of boot2 has had two 8010 fields, one for CAS and one for non-CAS, so the possibility of a boot2 that works on only one of them is only theoretical so far.)
Numquam te deseram; numquam te deficiam; numquam circa curram et te desolabo
Numquam te plorare faciam; numquam valedicam; numquam mendacium dicam et te vulnerabo