Author Topic: On-calculator app signing (Read 24042 times)

FloppusMaximus · « **on:** October 15, 2010, 09:59:07 pm »

Like I said over in the Mimas thread, I've been experimenting a bit to see how practical it would be to sign apps on the calculator. So I figured I'd take a look at how Axe generates applications.

(App signing on the calc is never going to be instantaneous (except maybe on the Nspire in ARM mode), so you probably don't want to do it every time you build an app, but it would be nice to have it as an option when you want to distribute your app to others.)

Thus, a few points:
1. It seems that when Axe generates an app, the "signature" is filled with zeroes. It would make life a lot easier, from my perspective, if you used FF bytes instead (and since the signature is invalid either way, it shouldn't matter what you put there initially.)

2. App signatures on the 83+ must begin with the bytes 02 2D 40 (followed by 66 bytes of data), not 02 0D (the latter is used for OS signatures as well as for app signatures on the 89/92+.)

3. Does Axe deal with the 55-mod-64 bug? (An application must not be exactly 55 bytes long mod 64; if it is, it can't be installed on a TI-73 or 83+ BE due to a bug in the boot code. So if an app is 55 bytes mod 64, RabbitSign will add an extra byte to the end, and increase the app length field accordingly. This would be easy to do at the time the app is compiled, and hard to do later.)

4. Only tangentially related to app signing, but does Axe deal with the FF-at-the-start-of-a-page bug? (If you have FF at the beginning of any app page, the OS will set the entire page to FFs when apps get defragmented. I wrote a program to patch the OS and fix this bug, but it's best to avoid that if at all possible.)

SirCmpwn · « **Reply #1 on:** October 15, 2010, 10:02:21 pm »

Perhaps this could be edited to a more friendly tone or risk a tempban?

FloppusMaximus · « **Reply #2 on:** October 15, 2010, 10:04:27 pm »

Um. I'm sorry, I certainly don't mean any offense. What part of my comment did you find unfriendly?

SirCmpwn · « **Reply #3 on:** October 15, 2010, 10:05:36 pm »

Quote from: FloppusMaximus on October 15, 2010, 09:59:07 pm

Like I said over in the Mimas thread, I've been experimenting a bit to see how practical it would be to sign apps on the calculator. So I figured I'd take a look at how Axe generates applications.

(App signing on the calc is never going to be instantaneous (except maybe on the Nspire in ARM mode), so you probably don't want to do it every time you build an app, but it would be nice to have it as an option when you want to distribute your app to others.)

Thus, a few points:
1. It seems that when Axe generates an app, the "signature" is filled with zeroes. Why?! Why couldn't you use FFs? Don't you realize how much harder that makes it?

2. App signatures on the 83+ must begin with the bytes 02 2D 40 (followed by 66 bytes of data), not 02 0D (the latter is used for OS signatures as well as for app signatures on the 89/92+.)

3. Does Axe deal with the 55-mod-64 bug? (An application must not be exactly 55 bytes long mod 64; if it is, it can't be installed on a TI-73 or 83+ BE due to a bug in the boot code. So if an app is 55 bytes mod 64, RabbitSign will add an extra byte to the end, and increase the app length field accordingly. This would be easy to do at the time the app is compiled, and hard to do later.)

4. Only tangentially related to app signing, but does Axe deal with the FF-at-the-start-of-a-page bug? (If you have FF at the beginning of any app page, the OS will set the entire page to FFs when apps get defragmented. I wrote a program to patch the OS and fix this bug, but it's best to avoid that if at all possible.)

From the rules:

Quote

1: Flaming, bigotry, trolling or any other provocative comment aimed toward an user or group of users.

FloppusMaximus · « **Reply #4 on:** October 15, 2010, 10:15:22 pm »

OK, I was just joking. I wasn't really expecting Quigibo to have thought of that, just trying to point out, in a slightly facetious way, that it would have been nice if he had.

SirCmpwn · « **Reply #5 on:** October 15, 2010, 10:16:15 pm »

Thanks, I appreciate it.

Quigibo · « **Reply #6 on:** October 15, 2010, 10:33:27 pm »

1. Yeah, you're probably right. I wasn't really expecting to sign the app on-calc at the time I wrote that part so I agree, if app signing becomes feasible on-calc then of course I would have to fill it with FFs instead. But yeah, it was mostly because I was trying to save one byte using an xor a instead of a load, not thinking about the consequences... That's something I'll definitely change next version now that you mention it.

2. I was unaware of this. I just looked it up on WikiTi I think and it seemed to work after that so I didn't think anything was wrong. I guess I will also have to change that then.

3. No, I have never heard of that bug... do I have to add an extra byte to the executing code itself or can I tack it onto another field? And is that size mod 64 including the signature and header?

4. Yeah, I used to have that bug in the compiler itself, but I fixed it one I realized that that was the problem. But
Axe currently only allows single paged apps and so I don't have this situation when compiling.

FloppusMaximus · « **Reply #7 on:** October 15, 2010, 10:51:16 pm »

It's the size of the app including the header, but not including the signature (so, starting from 4000h, up to the 02h byte that marks the beginning of the signature.) Or to put it a different way, the app length field in the header should be set to something other than 49 mod 64.

You can just stick an extra byte onto the end, before the signature - that's what RabbitSign does, and it shouldn't make any difference to the app, unless you're depending on that byte being set to 2 for some reason.

jnesselr · « **Reply #8 on:** October 16, 2010, 11:07:32 am »

Sounds great! okay, will it have a progress bar, because if it is going to take longer than 2 seconds, a percentage bar/count would be nice. How exactly are you going to do this? Hash the app, then the signing part is probably going to take the longest. Well, good luck with that!

DJ Omnimaga · « **Reply #9 on:** October 16, 2010, 02:34:08 pm »

I agree with Graph. When something is processing and there are no progress bar, it's hard to tell if the calc froze or if it's just taking a while. Some people may think the former then remove a battery, which I think isn't good when writing to Flash.

ztrumpet · « **Reply #10 on:** October 16, 2010, 04:18:05 pm »

Awesome! I hope that Floppus and Quigibo can get this working. It's going to be wonderful for Axe and Mimas.

FloppusMaximus · « **Reply #11 on:** October 16, 2010, 06:20:15 pm »

A progress bar? Sure, that would be easy enough to do. I guess I should point out, though, there are two distinct parts to app signing: MD5 hashing, and the Rabin algorithm or "signing" proper. The MD5 calculation takes time proportional to the size of the application, and will be significantly faster on an 83+ SE or 84+ due to hardware acceleration (I'm not sure about the Nspire, but it's probably comparable to the 84+.) The Rabin algorithm, in contrast, will take almost exactly the same amount of CPU time regardless of the application. So the two parts aren't directly comparable.

DJ Omnimaga · « **Reply #12 on:** October 17, 2010, 04:07:35 am »

Ah right. Hopefully it should be bearable for the programmer

FloppusMaximus · « **Reply #13 on:** October 26, 2010, 11:10:25 pm »

An update for those who care: my app signing code works, and works pretty well; the remaining difficulties are with the practical side of writing and erasing signatures in existing apps.

Compiling apps with Axe seems to be a little flaky...

- Sometimes the application is deleted as soon as it's created. I'm not entirely sure, but I think what is happening is that the "app-installed" bit isn't getting cleared, or isn't getting cleared soon enough. At some point, Axe calls _Arc_Unarc (or maybe some other archive-related routine), and somewhere deep inside that routine, a routine is called that checks the app-installed bits, and deletes any apps that don't have their corresponding bits cleared.

(In case you weren't aware: For an app whose base page is (16h - k), (2Ah - k), or (6Ah - k), depending on the model, the app-installed bit is bit (k % 8) at address 5FE0h + (k / 8) or 7FE0h + (k / 8), depending on which certificate sector is in use. Thus, if the 4000h sector is in use, bit 1 of 5FE0h always corresponds to the first installed app, regardless of the calc model. If that's a one-page app, bit 2 of 5FE0h corresponds to the second installed app. And so forth.)

So, you should be sure to clear the bit as soon as you write the app header and before you make any other OS calls, particularly anything archive-related.

- Sometimes, rather than an all-zeroes signature, the signature contains the bytes 02 0D 40 (not quite correct, as we discussed above) followed by a bunch of apparently-random data. I'm actually not 100% sure this is Axe's doing, though, as it's proving difficult to reproduce.

DJ Omnimaga · « **Reply #14 on:** October 26, 2010, 11:21:05 pm »

FloppusMaximus, unfortunately I am not experienced with that stuff, but could what you are describing be why app compiling doesn't work on my TI-83 Plus and someone else's calc? (I forgot who, but if I remember it was a 84+). Everyone else who has a 83+ can compile fine. When I compile on my 83+, sometimes it freezes on the creating app message, sometimes the calc turns off then greets me with a RAM clear, sometimes it exits fine, but in all cases, the APP is never created, and if I get away with no RAM clear, opening the Y= menu causes one. (There's no Y= junk in the MEM menu). If I can find the video I'll post the link here.

Author Topic: On-calculator app signing (Read 24042 times)

FloppusMaximus

On-calculator app signing

SirCmpwn

Re: On-calculator app signing

FloppusMaximus

Re: On-calculator app signing

SirCmpwn

Re: On-calculator app signing

FloppusMaximus

Re: On-calculator app signing

SirCmpwn

Re: On-calculator app signing

Quigibo

Re: On-calculator app signing

FloppusMaximus

Re: On-calculator app signing

jnesselr

Re: On-calculator app signing

DJ Omnimaga

Re: On-calculator app signing

ztrumpet

Re: On-calculator app signing

FloppusMaximus

Re: On-calculator app signing

DJ Omnimaga

Re: On-calculator app signing

FloppusMaximus

Re: On-calculator app signing

DJ Omnimaga

Re: On-calculator app signing