[A83] Re: TI-Cares

[A83] Re: TI-Cares

• To: assembly-83@lists.ticalc.org
• Subject: [A83] Re: TI-Cares
• From: Hyperbyte <hyper@hysoft-automation.com>
• Date: Tue, 26 Jun 2001 18:11:22 +0200 (CEST)
• In-Reply-To: <025645713151a61NET013S@hetnet.nl> from "Henk Poley" at Jun 26, 2001 05:14:17 PM
• Reply-To: assembly-83@lists.ticalc.org

Just a correction:

The signign process uses RSA keys, which are 
nearly IMPOSSIBLE to break, (well, unless we were to link all of the 
TI community's computers together for about 9 months :-)

With the source of the signing program we would just know how TI implemented 
the signing process, wich would only reveal how to sign program ourselves,
using TI's keys. (NOT how to make our own keys)

As why TI doesn't release the source (not important):

My guess is that they consider the signing program part of the SDK,
and have a policy to not give away the SDK's sources, because they're 
afraid people are going to abuse the Flash Debugger source.

BTW, Convert transfers Binary into Intel Hex, not intel hex into ordinary hex


> 
> > Van: Dan Englender <dan@calc.org>
> > 
> > ......From my understanding, the rabsig.exe is not a vital part in TI's
> > security scheme.  The vital part is the private key itself, which is then
> > "applied" to the application with an algorithm that's probably widely
> known.
> 
> Sorry, but I think you miss something...
> 
> The key is indeed vital, but since you can open a zipfile on almost all
> platforms that isn't the problem... You could just extract the 0104.key
> file...
> 
> The other programs beside rabsign in the archive are (all Windows/DOS32
> programs...) just programs that do easy to do things, like [fillapp]
> filling your hex-file up to the next 16k, [GLHeader] adding the .8xk (Ti
> GraphLink) header format, [convert] and converting IntelHex to hex,
> [addhex] merging files (hexadecimaly) together, and such sort of things.
> 
> So the actual 'encoder' [rabsign] is indeed the most needed part, because
> the rest of the files are easy to make substitutes for.
> 
> The problem is that we don't exactly know how they apply the MD5 checksum,
> they could be doing all things of wierd stuff (like first reversing the
> bitstream, or something), which isn't always easy to find out the
> reverse-engeneering way.
> 
> Now I've read your mail some better I've seen that it also could be that
> you ment to say that Ti wouldn't loose money on releasing the rabsign
> source-code... That would be true, because you should know the other
> (private/open) keys used by the TIOS (Cerberus...), before being able to
> generate your own keys. But if we would have the encoder source, then it
> wouldn't need that much effort to find new keys that could also 'fit', off
> coarse, I think Ti will still keep it for themselves for some time, utill
> then... (What is the economic lifespan of the Ti83+?)
> 
> 	Henk Poley
> 
> 

• [A83] Re: TI-Cares
• From: "Henk Poley" <HPoley@DDS.nl>

• Prev: [A83] Re: App signing
• Next: [A83] Re: A programming question for a change :-)
• Index(es):
  • Main
  • Thread