Re: A83: Re: Flash App Hacking


[Prev][Next][Index][Thread]

Re: A83: Re: Flash App Hacking




No.  Apps are verified no matter what source they are coming from
(calculator or computer).  And just because you can load an application on
one calculator (ie. "hacked" calculator), does not mean you will be able to
load it on another.  What Julien was proposing (I beleive) is that you could
physically disable the write protection on the flash chip, and then be able
to write to it.  However, this does not mean you could "sign" the
application for use on another calculator.  It only means that you could put
whatever you pleased into the Flash ROM of the specific calculator you
disabled protection on.  No signing of applicaitons is done on-calc.  The
calculator only verifies the application.

The only way to develop an application that could be loaded onto any
calculator would be to:
a) Find the RSA encryption key (not easy).
b) To find a way to trick the software into unprotecting the flash (this is
the way the 89 "patching" programs work, but it seems unlikely that such a
system could be used on the 83 Plus).
c) Just get it signed by TI (not such a big deal).

-Dan Englender


----- Original Message -----
From: "Hyperbyte" <central@hyperfield.com>
To: <assembly-83@lists.ticalc.org>
Sent: Sunday, October 08, 2000 9:35 AM
Subject: RE: A83: Re: Flash App Hacking


> Does this mean Apps can be signed on a hacked calc, and than be
transferred to a non-hacked calc, and WORK?
>
> I guess we'll still need an AppTran program to send it to the hacked calc
in the first place, am I right?
>
> Greets,
> Peter Martijn
>
> -----Original Message-----
> From: Solignac Julien [SMTP:x1cygnus@online.fr]
> Sent: Saturday, October 07, 2000 9:14 PM
> To: assembly-83@lists.ticalc.org
> Subject: Re: A83: Re: Flash App Hacking
>
>
> >Is the validation info written in flash with the app, or is it recreated
> when the app is transferred??
> >is it is recreated with each transfer, we could try to phisically hack a
> calc, and then in essence signing it on the calc..
>
> The validification routines are all about page 1Fh a starting point is
64D7h
> (md5 sub routine), validation info is written each time an app is
> transferred (page 1Eh) to the calc and read every single time it's run.
The
> only thing that is written once for all is base code validification (about
3
> bytes). Physical hacking is a good/great idea, there's only a single wire
to
> short circuit to do so: the #WE pin on the flash chip.
>
> Solignac Julien
> x1cygnus@xcalc.org
> http://xcalc.org
>
> Piracy is a victimless crime, like punching someone in the dark
>
>
> ____________________________________________________________
> Get your FREE personal .com domain name and
> NAMEzero Personal Portal at: http://www.namezero.com.
> For customer service, mailto:customerservice@namezero.com.
>




References: