[Goplat]

Another minor update: This fixes the packet sequence number handling, so you can now send large documents (previously, sending a document over about 62kB wouldn't work), and document sending also works after disconnecting and reconnecting. A couple more CPU bugs are also fixed.

Attached File(s)

•  nspire_emu_012.zip (71.91K)
  Number of downloads: 49

[Lionel Debroux]

First, a quick translation of http://www.yaronet.c...s...8&h=239#239 , which details how to activate WiFi:

1) On your computer, fill a "wlan_ini.tns" file with the following data:

Quote

ipaddr=192.168.0.1
ssid=myssid
identity=myidentity
radius_retries=1
radius_wait=1
supp_held_period=1
supp_auth_period=1
supp_start_period=1
supp_max_starts=1
rssi_high_rssi=1
num_retries_for_default=1
num_retries_for_normal=1
num_retries_high_rssi=1
num_retries_after_auto=1
reattach_limit=1
wave_delay_time_secs=1
max_delay_time_secs=1
auto_reconnect_secs=1
reads_to_not_ping=1
power_params_idle_period=1
power_params_pspoll_number=1
crash_dump_enable=1
lockup_monitor_enable=1
event_logging_level=1

2) Send this file to the calculator in a "Developer Unit" folder.

3) Make the calculator reboot, i.e. remove a battery while the calculator is on. The booting process will be slightly slower than it usually is.

4) You should see a new 'Developer Unit/wcm_events' file, as well as a blinking sign at the bottom right of the screen, which indicates that the calculator is in Wifi receive mode.
The 'wcm_events.tns' files contains something along the lines of:
[45984f03 bc4c] 3.45 State: WCM_INIT ----System startup----


EDIT: a special file is creating during the boot: /LaunchSetup.sav, 4 bytes: 0x30 0x30 0x30 0x30.

[Techrocket9]

I don't know what thread you are talking about, but plug it into translate.google.com to see it in English.

[bwang]

I did but Google's translation was a bit unclear.

EDIT: Never mind, I got it to work. Turns out you have to press Ctrl, then press menu many, many times very quickly.

This post has been edited by bwang: 29 December 2009 - 08:21 PM

[ExtendeD]

Cross-posting from http://yaronet.com/p...5...9&h=254#254 : I have been able to execute arbitrary code, using several flaws of OS 1.1.9.
The exploit requires a few manual steps, which I'll try to automate before releasing it.

[squalyl]

congrats here too

thanks for your hard work.

This post has been edited by squalyl: 30 December 2009 - 02:08 AM

[Graphmastur]

What is the breadboard next to it? Good job, though!

[calc84maniac]

ExtendeD, on Dec 29 2009, 08:38 PM, said:

Cross-posting from http://yaronet.com/p...5...9&h=254#254 : I have been able to execute arbitrary code, using several flaws of OS 1.1.9.
The exploit requires a few manual steps, which I'll try to automate before releasing it.

OMGOMGOMG

If the automation is going to take a while, do you mind sharing the manual steps? I'm pretty sure I could handle it.

[brandonw]

Congratulations!!!

I hope you're watching, TI. You can't stop this community. 15 years and you still haven't learned that.

I'm going to go run around some more in excitement.

[critor]

Congratulations, Extended! :biggrin:


We've been dreaming of this for years...

It's a wonderfull gift!!!


Question: you're saying OS 1.1, ok...
Is boot2 1.1 needed too? Or can it work with boot2 1.4?


Thanks again!

[calc84maniac]

Okay, I installed OS 1.1.9 on my calc. However, when I turn it off, the screen stays off when I turn it back on. (I know it turns back on because I get the notification from the USB cable.) Switching keypads or pressing the reset button don't help either. The only thing that will turn the screen back on is a battery pull. I do not get this problem in OS 1.2 or greater.

FYI, I have Boot1 1.1.8916 and Boot2 1.4.1571.

Edit:
Replicated on my second Nspire, which has the same boot versions.

This post has been edited by calc84maniac: 30 December 2009 - 06:28 AM

[Techrocket9]

Wait a minute, the NSpire has a disabled WiFi Chip?!?!? On an unrelated note, good work ExtendeD.


Edit: Also, ExtendeD, would you be willing to upload an unedited/uncropped version of the image? The version you posted fails a JPEGsnoop test. I don't distrust you, I just want to be sure that the hack is more than a photomanipulation. Thanks!

Attached File(s)

•  JPEG_Snoop_Log.txt (19.3K)
  Number of downloads: 52

This post has been edited by Techrocket9: 30 December 2009 - 05:59 AM

[bwang]

Where can we find the 1.1 OS? I see .bin files on brandonw.net, but no .tno files.

[Techrocket9]

bwang, on Dec 29 2009, 10:48 PM, said:

Where can we find the 1.1 OS? I see .bin files on brandonw.net, but no .tno files.

I wish I knew. Maybe ExtendeD can share them.

This is as far as I got: http://preview.tinyu...as-far-as-I-got
That's the archive.org version of the ti-nspire.com firmware download page just after the calculator's release. I can't get past that page, however. It just loops at the EULA. Maybe someone thrifty at editing the code of websites could do it.

This post has been edited by Techrocket9: 30 December 2009 - 07:52 AM

[Galandros]

Amazing!
No entertainment history or suspense question? C'mon!

Time to check my Nspire version... I need to discover how to check my OS version and downgrade if needed...

This post has been edited by Galandros: 30 December 2009 - 08:44 AM

[ExtendeD]

Graphmastur, on Dec 30 2009, 03:13 AM, said:

What is the breadboard next to it? Good job, though!

It hosts RS232 and JTAG adapters. Unfortunately we have not been able to find the JTAG pins on the external connector, where they were supposed to be.

calc84maniac, on Dec 30 2009, 03:48 AM, said:

If the automation is going to take a while, do you mind sharing the manual steps? I'm pretty sure I could handle it.

The automation shouldn't be long. But it also requires special USB software.

critor, on Dec 30 2009, 04:02 AM, said:

Question: you're saying OS 1.1, ok...
Is boot2 1.1 needed too? Or can it work with boot2 1.4?

The boot version doesn't matter.

calc84maniac, on Dec 30 2009, 06:29 AM, said:

Okay, I installed OS 1.1.9 on my calc. However, when I turn it off, the screen stays off when I turn it back on.

No issue on my non CAS TI-Nspire. Is it a CAS one?

Techrocket9, on Dec 30 2009, 06:48 AM, said:

Wait a minute, the NSpire has a disabled WiFi Chip?!?!? On an unrelated note, good work ExtendeD.

The Wifi adapter is external, probably USB-based. Here is a French news item about it: http://ti.bank.free....&...ires&id=778

Techrocket9, on Dec 30 2009, 06:48 AM, said:

Edit: Also, ExtendeD, would you be willing to upload an unedited/uncropped version of the image? The version you posted fails a JPEGsnoop test. I don't distrust you, I just want to be sure that the hack is more than a photomanipulation. Thanks!

Sure: http://bytecode.fr/m...e/plop_orig.jpg
But JPEGsnoop tells me:

 Based on the analysis of compression characteristics and EXIF metadata:

  ASSESSMENT: Class 4 - Uncertain if processed or original
			  While the EXIF fields indicate original, no compression signatures 
			  in the current database were found matching this make/model

  Appears to be new signature for known camera.
  If the camera/software doesn't appear in list above,
  PLEASE ADD TO DATABASE with [Tools->Add Camera to DB]

bwang, on Dec 30 2009, 07:48 AM, said:

Where can we find the 1.1 OS? I see .bin files on brandonw.net, but no .tno files.

http://ti.bank.free....i...c=cat&id=OS , I am not sure how this is legal.

[critor]

ExtendeD, on Dec 30 2009, 10:11 AM, said:

I am not sure how this is legal.

They're just the OS upgrade files that were available on TI's web site or CDs, or that were sent by TI-Cares (when they used to send OSes... they don't do it any more)
They aren't any ROM dumps or boot1 code images.

So I don't think our files are illegal...


Please correct me if I'm wrong.


But when TI finds out, legal or illegal is not the important thing for them!
Just look at how they used DMCA...


By the way, if you're just interested in the 1.1 OSes, you should better use those 2 links:
(you won't have to browse through all files)
1.1.9253 -> http://ti.bank.free....i...oir&id=1394 (nSpire)
1.1.9170 -> http://ti.bank.free....i...oir&id=1395 (nSpire CAS)

Just click the "Télécharger" button (it means "Download" in french).

This post has been edited by critor: 30 December 2009 - 11:24 AM

[Art_of_camelot]

Congratulations! This is freakin great! :biggrin: :biggrin: :biggrin: Oh the possibilities!

[calc84maniac]

ExtendeD, on Dec 30 2009, 04:11 AM, said:

calc84maniac, on Dec 30 2009, 06:29 AM, said:

Okay, I installed OS 1.1.9 on my calc. However, when I turn it off, the screen stays off when I turn it back on.

No issue on my non CAS TI-Nspire. Is it a CAS one?

No, it is non-CAS. I received both of these calculators in the past year, if that might make a difference.

Edit: On IRC, Goplat said that version 1.1 has different power management code.

This post has been edited by calc84maniac: 30 December 2009 - 03:46 PM

[critor]

calc84maniac, on Dec 30 2009, 03:55 PM, said:

ExtendeD, on Dec 30 2009, 04:11 AM, said:

calc84maniac, on Dec 30 2009, 06:29 AM, said:

Okay, I installed OS 1.1.9 on my calc. However, when I turn it off, the screen stays off when I turn it back on.

No issue on my non CAS TI-Nspire. Is it a CAS one?

No, it is non-CAS. I received both of these calculators in the past year, if that might make a difference.

I don't have problems with the 1.1 OSes...

What you're describing, reminds me of many glitches I've had while installing TI-73 or TI-84+ OSes on my TI-83+...