The attached 1.4 OS is 100% identic to the one I tried to install 2 days ago.
When the computer "install OS" progress bar reaches 100%, I get the error "OS is invalid or damaged".


Yes, apcalc, you can send them my images or modified images, as you wish.


I think that my english written emails are being forwarded to the french speaking TI-Cares team, because of my registration... And either they know even less things than the english guys, either they don't understand english, either they do hate me (which is perfectly possible)

Lol, they just sent a generic e-mail, as if they didn't know there were prototypes. X.x

I e-mailed you the details.

Development boot2 1.1.8310 dumped.

It's running correctly if started directly by Goplat's emulator.
You even get the small square in the top left-hand corner.

Here's a log:

Boot Loader Stage 2 (1.1.8310)
Build: 2007/4/1, 23:28:14
Copyright (c)  2006, 2007 Texas Instruments Incorporated
Using developer keys
The last line usually said "Using production keys".

Same problem with the emulator of course: it won't install the OS.


But production boot1 1.1.8916 doesn't want to run the development boot2.

Boot Loader Stage 1 (1.1.8916)
Build: 2007/4/23, 23:37:16
Copyright (c) 2006, 2007 Texas Instruments Incorporated
Using production keys

Last boot progress: 0
Clocks:  CPU = 90MHz   AHB = 45MHz   APB = 22MHz

Available system memory: 37292
Checking for NAND: NAND Flash ID: ST Micro NAND256R3A
PM is turning the device OFF
PM has turned the device ON
SDRAM memory test:   Pass
Clearing SDRAM...Done.
Clearing SDRAM...Done.
Clearing SDRAM...Done.
Boot option: Normal

Read of bootdata failed

Loading DIAGS software...

Error reading/validating DIAGS image

Error loading DIAGS. Switching to BOOT2.

Loading BOOT2 software...

Error reading/validating BOOT2 image

Error loading BOOT2, looking for pre-installed images.
Checking for DIAGS image in pre-install area.
No DIAGS image found.
Checking for BOOT2 image in pre-install area.
Reading BOOT2 image from pre-install area.
Erasing old BOOT2 image.
Updating BOOT2 image.
BOOT2 image has been updated.
Finished loading pre-installed images.

Restarting now.

Boot Loader Stage 1 (1.1.8916)
Build: 2007/4/23, 23:37:16
Copyright (c) 2006, 2007 Texas Instruments Incorporated
Using production keys

Last boot progress: 1
Clocks:  CPU = 90MHz   AHB = 45MHz   APB = 22MHz

Available system memory: 37292
Checking for NAND: NAND Flash ID: ST Micro NAND256R3A
SDRAM memory test:   Pass
Clearing SDRAM...Done.
Clearing SDRAM...Done.
Clearing SDRAM...Done.
Boot option: Normal

Read of bootdata failed

Loading DIAGS software...

Error reading/validating DIAGS image

Error loading DIAGS. Switching to BOOT2.

Loading BOOT2 software...

20%Error reading/validating BOOT2 image

So upgrading my prototype would require to update both boot1 and boot2 simultaneously.
We can't even update the diags software correctly, so I suppose nobody wants to try that for now...

So we were right: I need a developer-signed 1.1 OS.



Edit: Diags is dumped too. The version is "simply" 1.1.8310.

Development Boot1 is now dumped too:

Boot Loader Stage 1 (1.1.8129)
Build: 2007/3/26, 23:28:47
Copyright (c) 2006, 2007 Texas Instruments Incorporated
Using developer keys
And as you can guess, it doesn't want to load a production boot2.



Goplat, do you think we could use the same trick to dump the 1.0 boot1/boot2/OS of a TI-Nspire CAS+ ?
If the hardware is not too different and if it's using the same developer keys, the 1.0 OS might be launched by my developer boot2 1.1.

Of course, the exploit may not be present...

But there's another difficulty: the TI-Nspire CAS+ are using a different transfer protocol and need the 1.0 version of the TI-Nspire Computer Link.
That version checks the TNC files before sending them to the calculator, and it's saying that all my current TNC files are bad.

Looking at the decompiled Java source code, it seems to look for a manifest file inside the TNC archive. But I cannot figure out everything as a part of the code is called through JNI.

Here's the Computer Link 1.0 installer:
http://ti.bank.free.fr/index.php?mod=archives&ac=voir&id=1439

Haha my exploit idea in action. Probably not useable though, but I knew that message meant something, and I bet there's a way to change it so it uses the "Dev Keys"

@Galandros that was about Goplat's exploit in Boot2

Apcalc,  have you answered to the TI-Cares email?

It would be great if we could get an OS signed by the developer keys...