Re: A89: Linux Port for 89/92


[Prev][Next][Index][Thread]

Re: A89: Linux Port for 89/92





The ROM is mostly written in C, but barely optimized. Some parts, like
hardware initialization and low-level math routines, are written in asm.

The .tib file contains "chunks" of information, the largest chunk is the
code-chunk. Other chunks contains the name of the OS, the version, and other
more or less important things. The very last chunk contains an 512-bit RSA
crypto that, when decrypted, is an MD5 checksum of all other chunks.

This checksum is compared to the checksum that the boot loader calculates
when it installs the .tib file.

There is no encrypted or otherwise hidden code anywhere. There are functions
in the ROM for both encryption and decryption, if you can supply the *key*.
The key needed for decryption is in the ROM (of course, since the boot
loader uses it), I've found it. But the key needed for *encryption* is not
available, only TI knows about it.

Please see the RSA Labs FAQ for more information about the RSA encryption
scheme (question 3.1.1): http://www.rsa.com/rsalabs/faq/
We have "n" (=a large 512-bit number) and "d" (=17) in the example.
This FAQ also discusses many ways to "break" RSA.

//Johan


KKokiri89@aol.com wrote:
> 
> Is there any way to decompile or take apart the TIB rom file? Does anyone 
> know what language it is written in? I thought it was C, but of course i have 
> learned many new things in this past week. The encryption is incredible, but 
> i guess it's not too surprising. You said we have the decrypted password, but 
> i didn't see it in the letter. Could you tell what it is and then, (maybe) we 
> can begin to understand this. That is a serious problem that will have to be 
> addressed. There is no way that we could break the code by chance, but...what 
> if we could look at what the encrypted code was in the boot loader? Or is the 
> boot loader like firmware and can't be decompile or taken from the 
> calculator. 
> Some thing we could try is connecting a calculator to the computer...fire up 
> the VTI, then send a ROM file to the VTI, pause it and look at the boot 
> loader code...of course that would still be very complicated.
> 
> (Imagine what TI is going to do if we do get past the encryption! They will 
> probably make it so that we can't load the next released ROM, or find some 
> way to punish us....hehe)
> (if we ever do get past it.....yeah right!)
> 
> 
> Kyle
> 


Follow-Ups: References: