Author Topic: On-calculator app signing  (Read 24586 times)

0 Members and 1 Guest are viewing this topic.

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: On-calculator app signing
« Reply #30 on: December 05, 2010, 10:47:35 pm »
I see, I think I remember the OS signer now. Gonna download your file now. :)

Offline Michael_Lee

  • LV9 Veteran (Next: 1337)
  • *********
  • Posts: 1019
  • Rating: +124/-9
    • View Profile
Re: On-calculator app signing
« Reply #31 on: December 06, 2010, 07:49:32 pm »
Oh ho!, good sir - this shall be teletranscombulated to my calculator with rapid speed for prompt testing!

Edit: And, alas, it did not work for me.  I created a short program that would display some text then wait for a key press to quit.  I tested it to ensure it would operate normally, used Ducksign, then tried using it for about 16 times, but it defragmented.  Could the fact that I used Axe have anything to do with it?
« Last Edit: December 06, 2010, 08:10:24 pm by Michael_Lee »
My website: Currently boring.

Projects:
Axe Interpreter
   > Core: Done
   > Memory: Need write code to add constants.
   > Graphics: Rewritten.  Needs to integrate sprites with constants.
   > IO: GetKey done.  Need to add mostly homescreen IO stuff.
Croquette:
   > Stomping bugs
   > Internet version: On hold until I can make my website less boring/broken.

Offline FloppusMaximus

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 290
  • Rating: +57/-5
    • View Profile
Re: On-calculator app signing
« Reply #32 on: December 06, 2010, 08:38:02 pm »
Sorry, I should have been more clear.  DuckSign is for signing the application so that you can send it to another calculator.  Setting the expiration count is a separate issue, and one that should probably be handled by the Axe Parser itself.

Offline Michael_Lee

  • LV9 Veteran (Next: 1337)
  • *********
  • Posts: 1019
  • Rating: +124/-9
    • View Profile
Re: On-calculator app signing
« Reply #33 on: December 06, 2010, 09:45:23 pm »
Ah, I see.
I had assumed that the two were related to each other, so that signing the application would also handle the expiration count.
So if I were to sign the app and transfer it to another calculator, would it still have the expiration count?
My website: Currently boring.

Projects:
Axe Interpreter
   > Core: Done
   > Memory: Need write code to add constants.
   > Graphics: Rewritten.  Needs to integrate sprites with constants.
   > IO: GetKey done.  Need to add mostly homescreen IO stuff.
Croquette:
   > Stomping bugs
   > Internet version: On hold until I can make my website less boring/broken.

Offline FloppusMaximus

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 290
  • Rating: +57/-5
    • View Profile
Re: On-calculator app signing
« Reply #34 on: December 06, 2010, 10:06:48 pm »
If you send it to another calculator, it will not expire.  What I'm calling the expiration count is a field on the certificate page; it's not stored within the app, but it's set by the OS at the time the app is installed.  For normal, non-limited-trial apps, it should be set to the value 80 00.  Since Axe circumvents the normal installation procedure, this doesn't happen, so the field is left at its default value (FF FF), which is interpreted to mean that the app should expire after being run 16 times.

Offline jnesselr

  • King Graphmastur
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2270
  • Rating: +81/-20
  • TAO == epic
    • View Profile
Re: On-calculator app signing
« Reply #35 on: December 06, 2010, 10:07:58 pm »
If you send it to another calculator, it will not expire.  What I'm calling the expiration count is a field on the certificate page; it's not stored within the app, but it's set by the OS at the time the app is installed.  For normal, non-limited-trial apps, it should be set to the value 80 00.  Since Axe circumvents the normal installation procedure, this doesn't happen, so the field is left at its default value (FF FF), which is interpreted to mean that the app should expire after being run 16 times.
So, if axe changed those two bytes, would it fix it? Wait, can we even write to the certificate that easily?

Offline FloppusMaximus

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 290
  • Rating: +57/-5
    • View Profile
Re: On-calculator app signing
« Reply #36 on: December 06, 2010, 10:12:32 pm »
Well, as "easily" as writing to other areas in Flash. :P  (And yes, that's kind of dangerous; if you screw up the certificate, it's possible to crash the boot code and make it impossible to install an OS.)

Offline jnesselr

  • King Graphmastur
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2270
  • Rating: +81/-20
  • TAO == epic
    • View Profile
Re: On-calculator app signing
« Reply #37 on: December 06, 2010, 10:18:58 pm »
Well, as "easily" as writing to other areas in Flash. :P  (And yes, that's kind of dangerous; if you screw up the certificate, it's possible to crash the boot code and make it impossible to install an OS.)
Yeah, true. It's not completely a brick, though, is it?

Offline FloppusMaximus

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 290
  • Rating: +57/-5
    • View Profile
Re: On-calculator app signing
« Reply #38 on: December 06, 2010, 10:28:16 pm »
I'm not entirely sure, actually.  BrandonW devised a technique that you can use to run arbitrary code by sending specially crafted link packets.  But in order to actually fix the damage and reinstall an OS, you would then need to unlock Flash somehow; this can always be done on an 83+ SE or 84+, but I don't know if there's any way to do it on an 83+ BE or 73 with no OS installed.

Offline jnesselr

  • King Graphmastur
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2270
  • Rating: +81/-20
  • TAO == epic
    • View Profile
Re: On-calculator app signing
« Reply #39 on: December 06, 2010, 10:37:09 pm »
Yeah, I guess you could just make a backup, reset the flash manually, and burn it in there if you ever need to. ;-) But I don't know, software wise. Considering it might not even respond to packets at that point.
« Last Edit: December 06, 2010, 10:37:31 pm by graphmastur »

SirCmpwn

  • Guest
Re: On-calculator app signing
« Reply #40 on: December 06, 2010, 11:29:44 pm »
I'm not entirely sure, actually.  BrandonW devised a technique that you can use to run arbitrary code by sending specially crafted link packets.  But in order to actually fix the damage and reinstall an OS, you would then need to unlock Flash somehow; this can always be done on an 83+ SE or 84+, but I don't know if there's any way to do it on an 83+ BE or 73 with no OS installed.
Well, invalidating the certificate does not erase ROM.  The OS would still be there, and the boot page certainly would.  You could use any flash exploit you want if you got arbitrary code running correctly, it would just be hard.

Offline FloppusMaximus

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 290
  • Rating: +57/-5
    • View Profile
Re: On-calculator app signing
« Reply #41 on: December 06, 2010, 11:59:09 pm »
If you were ever in a situation where you needed to use that technique, some or all of the OS would not be present.

This is getting way off topic...
« Last Edit: December 06, 2010, 11:59:31 pm by FloppusMaximus »

SirCmpwn

  • Guest
Re: On-calculator app signing
« Reply #42 on: December 06, 2010, 11:59:44 pm »
What makes you say so?  It's not like invalidating the certificate will insta-erase everything.

Offline FloppusMaximus

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 290
  • Rating: +57/-5
    • View Profile
Re: On-calculator app signing
« Reply #43 on: December 07, 2010, 12:14:13 am »
No, of course it doesn't.  We were talking about what to do if you get into the situation where you cannot install an OS.  Which implies that your OS has been partially or completely erased somehow.

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: On-calculator app signing
« Reply #44 on: December 07, 2010, 02:20:39 am »
Wasn't BrandonW program something that re-installed a certificate in case yours got corrupted/broken? I wonder what do we do if both the entire OS and the certificate are gone, though...