0 Members and 4 Guests are viewing this topic.
Although boot2.img is sent on RS232 as-is, OSes must be sent with a 32-byte header. The first 24 bytes, as far as I know, are unused. Bytes 24-27 are the size of the data to write to /tmp/manifest_img (nspire_emu always just set this to 0, and it worked, so I guess it's not important. Probably something left over from the CAS+.), and bytes 28-31 are the size of the data to write to /tmp/TI-Nspire.tnc. (Note: these sizes are big-endian)Quote from: nspire_emu v0.01 source code, exec_hack() function (run in place of the xmodem receive function)printf("Loading OS from %s\n", os_filename);FILE *f = fopen(os_filename, "rb");if (f) { u8 *mem = ram_ptr(arm.reg[0]); u32 size = fread(mem + 32, 1, arm.reg[1], f); memset(mem, 0, 28); mem[28] = size >> 24; mem[29] = size >> 16; mem[30] = size >> 8; mem[31] = size; fclose(f); arm.reg[0] = 0;} else { perror(os_filename); arm.reg[0] = 1;}arm.reg[15] = arm.reg[14];
printf("Loading OS from %s\n", os_filename);FILE *f = fopen(os_filename, "rb");if (f) { u8 *mem = ram_ptr(arm.reg[0]); u32 size = fread(mem + 32, 1, arm.reg[1], f); memset(mem, 0, 28); mem[28] = size >> 24; mem[29] = size >> 16; mem[30] = size >> 8; mem[31] = size; fclose(f); arm.reg[0] = 0;} else { perror(os_filename); arm.reg[0] = 1;}arm.reg[15] = arm.reg[14];
Boot Loader Stage 1 (1.1.7314)Build: 2007/2/23, 20:43:36Copyright (c) 2006, 2007 Texas Instruments IncorporatedUsing developer keysLast boot progress: 32Clocks: CPU = 90MHz AHB = 45MHz APB = 22MHzAvailable system memory: 37292SDRAM memory test: PassClearing SDRAM...Done.Clearing SDRAM...Done.Clearing SDRAM...Done.Checking for NAND: NAND Flash ID: ST Micro NAND256R3ABoot option: NormalLoading DIAGS software...Error reading/validating DIAGS imageError loading DIAGS. Switching to BOOT2.Loading BOOT2 software...99%BOOT1: loading complete (331 ticks), launching image.Boot Loader Stage 2 (1.1.7314)Build: 2007/2/23, 20:48:12Copyright (c) 2006, 2007 Texas Instruments IncorporatedUsing developer keysClocks: CPU = 90MHz AHB = 45MHz APB = 22MHzInitializing graphics subsystem.Checking for NAND: NAND Flash ID: ST Micro NAND256R3ABoot option: NormalInitializing filesystem.Datalight Reliance v2.10.1150Copyright (c) 2003-2006 Datalight, Inc.Datalight FlashFX Pro v3.00 Build 1358Nucleus Edition for ARM9Copyright (c) 1993-2006 Datalight, Inc.Patents: US#5860082, US#6260156.Filesystem ready.Loading Operating System...Error loading OS image. Removing OS remnants.Deleting file [/phoenix/manuf.dat]Removing directory [/phoenix/install/]Waiting for OS download.Starting Connectivity services.Initializing USB subsystem...Done.Initializing interim USB loader...Done.USB Download is enabled.Press <Enter> to download through the serial port.Checking battery level.Battery level is OK.Begin XMODEM file transfer.File transfer complete. Saving pre-load file.File saved. Installing new Operating System...TI_OS_INSTALL_PRECHECK (5)TI_OS_INSTALL_VERIFYING_IMAGE (10)IMAGE: verifying file "/tmp/TI-Nspire.tno"IMAGE: file length is 0TI_OS_INSTALL_VERIFYING_RESOURCE (95)Deleting file [/tmp/TI-Nspire.tnc]TI_OS_INSTALL_FAILED TI_OS_INSTALL_IMAGE_INVALIDBoot Loader Stage 1 (1.1.7314)Build: 2007/2/23, 20:43:36Copyright (c) 2006, 2007 Texas Instruments IncorporatedUsing developer keysLast boot progress: 35Clocks: CPU = 90MHz AHB = 45MHz APB = 22MHzAvailable system memory: 37292PM is turning the device OFF
Edit: Here's a possibility to recover the OS. Use Home-Enter-X to send a "temp image" (a .tno/.tnc file, without the 32 byte header) - it will run the sent OS without installing it. It will have to be compatible with the installed OS, though, in terms of filesystem contents. I tried using a modified nspire_emu to run 1.1.9227 on top of a 1.1.8008 installation; there were some messed-up text messages but other than that it seemed to work fine. If you could run a USB-capable OS on top of a 1.1.7320 installation, then you could probably just dump the old OS with TiLP.
Stupid bug... TI messed up with /tmp/TI-Nspire.tno and /tmp/TI-Nspire.tnc.I suppose the send OS is stored to /tmp/TI-Nspire.tnc.But the boot2 does check /tmp/TI-Nspire.tno, and complains that the file length is 0 (as it doesn't exist).But guess what... as the check did fail, it then removes /tmp/TI-Nspire.tnc!!!Any idea to bypass this problem ?
By the way... any info on the RS232 diags image?Sending my 640Kb images through RS232 just doesn't work...(no error message: the Nspire just turns off, and Esc+Menu+G doesn't trigger anything)
if (fread((void *)0x117FFFB4 , 1, DIAGS_SIZE, ifile) != DIAGS_SIZE) {
Quote from: critor on March 19, 2011, 04:24:14 pmStupid bug... TI messed up with /tmp/TI-Nspire.tno and /tmp/TI-Nspire.tnc.I suppose the send OS is stored to /tmp/TI-Nspire.tnc.But the boot2 does check /tmp/TI-Nspire.tno, and complains that the file length is 0 (as it doesn't exist).But guess what... as the check did fail, it then removes /tmp/TI-Nspire.tnc!!!Any idea to bypass this problem ?Hex-edit the .tno file you're trying to send. In the header, change "TI-Nspire.tno" to "TI-Nspire.tnc". (This header has no signature protection )
Boot Loader Stage 1 (1.1.7314)Build: 2007/2/23, 20:43:36Copyright (c) 2006, 2007 Texas Instruments IncorporatedUsing developer keysLast boot progress: 17816Clocks: CPU = 90MHz AHB = 45MHz APB = 22MHzAvailable system memory: 37292PM is turning the device OFFPM has turned the device ONSDRAM memory test: PassClearing SDRAM...Done.Clearing SDRAM...Done.Clearing SDRAM...Done.Checking for NAND: NAND Flash ID: ST Micro NAND256R3ABoot option: NormalLoading DIAGS software...Error reading/validating DIAGS imageError loading DIAGS. Switching to BOOT2.Loading BOOT2 software...99%BOOT1: loading complete (339 ticks), launching image.Boot Loader Stage 2 (1.1.7314)Build: 2007/2/23, 20:48:12Copyright (c) 2006, 2007 Texas Instruments IncorporatedUsing developer keysClocks: CPU = 90MHz AHB = 45MHz APB = 22MHzInitializing graphics subsystem.Checking for NAND: NAND Flash ID: ST Micro NAND256R3ABoot option: NormalInitializing filesystem.Datalight Reliance v2.10.1150Copyright (c) 2003-2006 Datalight, Inc.Datalight FlashFX Pro v3.00 Build 1358Nucleus Edition for ARM9Copyright (c) 1993-2006 Datalight, Inc.Patents: US#5860082, US#6260156.Filesystem ready.Loading Operating System...Error loading OS image. Removing OS remnants.Deleting file [/phoenix/manuf.dat]Removing directory [/phoenix/install/]Waiting for OS download.Starting Connectivity services.Initializing USB subsystem...Done.Initializing interim USB loader...Done.USB Download is enabled.Press <Enter> to download through the serial port.Checking battery level.Battery level is OK.Begin XMODEM file transfer.File transfer complete. Saving pre-load file.File saved. Installing new Operating System...TI_OS_INSTALL_PRECHECK (5)TI_OS_INSTALL_VERIFYING_IMAGE (10)IMAGE: verifying file "/tmp/TI-Nspire.tnc"TI_OS_INSTALL_VERIFYING_IMAGE incremental update (11)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (13)TI_OS_INSTALL_INSTALLING_RESOURCES (15)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (17)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (19)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (21)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (23)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (25)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (27)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (29)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (31)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (33)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (35)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (37)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (39)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (41)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (43)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (45)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (47)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (49)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (51)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (53)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (55)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (57)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (59)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (61)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (63)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (65)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (67)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (69)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (71)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (73)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (75)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (77)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (79)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (81)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (83)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (85)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (87)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (89)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (91)TI_OS_INSTALL_VERIFYING_IMAGE incremental update (93)TI_OS_INSTALL_VERIFYING_RESOURCE (95)TI_OS_INSTALL_VERIFICATION_COMPLETE (99)Boot Loader Stage 1 (1.1.7314)Build: 2007/2/23, 20:43:36Copyright (c) 2006, 2007 Texas Instruments IncorporatedUsing developer keysLast boot progress: 35Clocks: CPU = 90MHz AHB = 45MHz APB = 22MHzAvailable system memory: 37292PM is turning the device OFFPM has turned the device ONSDRAM memory test: PassClearing SDRAM...Done.Clearing SDRAM...Done.Clearing SDRAM...Done.Checking for NAND: NAND Flash ID: ST Micro NAND256R3ABoot option: NormalLoading DIAGS software...Error reading/validating DIAGS imageError loading DIAGS. Switching to BOOT2.Loading BOOT2 software...99%BOOT1: loading complete (340 ticks), launching image.Boot Loader Stage 2 (1.1.7314)Build: 2007/2/23, 20:48:12Copyright (c) 2006, 2007 Texas Instruments IncorporatedUsing developer keysClocks: CPU = 90MHz AHB = 45MHz APB = 22MHzInitializing graphics subsystem.Checking for NAND: NAND Flash ID: ST Micro NAND256R3ABoot option: NormalInitializing filesystem.Datalight Reliance v2.10.1150Copyright (c) 2003-2006 Datalight, Inc.Datalight FlashFX Pro v3.00 Build 1358Nucleus Edition for ARM9Copyright (c) 1993-2006 Datalight, Inc.Patents: US#5860082, US#6260156.Filesystem ready.Loading Operating System...Error loading OS image. Removing OS remnants.Deleting file [/phoenix/manuf.dat]Removing directory [/phoenix/install/]Waiting for OS download.Starting Connectivity services.Initializing USB subsystem...Done.Initializing interim USB loader...Done.USB Download is enabled.Press <Enter> to download through the serial port.
Keypad request, preparing to load a test image.Checking battery level.Battery level is OK.Begin XMODEM file transfer.§§File transfer complete. Saving file.File saved. Loading temp image...21% Error loading temp image.
It allways stops at 21%...Strangely, I've tried my modified 1.1.9227 OS (with the added header), and I got the same error, but at 97%...
Seems exploit1 is not working correctly on this oldest boot2... (or in RS232).Any idea?
Quote from: critor on March 20, 2011, 01:25:45 pmSeems exploit1 is not working correctly on this oldest boot2... (or in RS232).Any idea?The right address is going to be a lot lower if you're using rs232. For 1.1.8007 it would be around 11a00000. Since 1.1.7314 is about 150kB smaller when uncompressed, I would try 119d8000.