Omnimaga: The Coders Of Tomorrow
Welcome, Guest. Please login or register.
 
Omnimaga: The Coders Of Tomorrow
20 May, 2013, 06:20:14 *
Welcome, Guest. Please login or register.

Login with username, password and session length
 
   home   news downloads projects tutorials misc forums rules new posts irc about Login Register  
+-OmnomIRC

You must Register, be logged in and have at least 40 posts to use this shout-box! If it still doesn't show up afterward, it might be that OmnomIRC is disabled for your group or under maintenance.

Note: You can also use an IRC client like mIRC, X-Chat or Mibbit to connect to an EFnet server and #omnimaga.

Pages: [1]   Go Down
  Print  
Author Topic: I just had a crazy idea...... -  (Read 1072 times) Bookmark and Share
0 Members and 1 Guest are viewing this topic.
willrandship
Omnimagus of the Multi-Base.
LV11 Super Veteran (Next: 3000)
***********
Offline Offline

Gender: Male
Last Login: Yesterday at 22:45:51
Date Registered: 11 April, 2010, 03:08:32
Location: Between Venus and Mars
Posts: 2638


Topic starter
Total Post Ratings: +66

View Profile
« on: 27 September, 2010, 17:34:17 »
0
The way I understand it.........

Nspire OS->Checksum file
Checksum->encryption
= Os x.x.tno

Tno->Calc
Calc Decrypts Checksum, makes checksum from OS bin.
If match, installs.

Is that about right?

Well, if so, what about this?

We write our own loader for our own OS/progs/whatever that matches the checksum of the boot2/OS bin, then that loads the rest of everything when run!

Thoughts/comments?
Logged
calcdude84se
Needs Motivation
Members
LV11 Super Veteran (Next: 3000)
***********
Offline Offline

Gender: Male
Last Login: 14 May, 2013, 16:12:14
Date Registered: 21 April, 2010, 04:20:59
Posts: 2207


Total Post Ratings: +62

View Profile
« Reply #1 on: 27 September, 2010, 22:30:47 »
0
It depends. Cryptographic hashes were designed to prevent these so-called "collision attacks."
MD5, however, is compromised. It depends on what hashing method TI is using.
It'll be awesome if it turns out to be this easy Grin
Logged
"People think computers will keep them from making mistakes. They're wrong. With computers you make mistakes faster."
-Adam Osborne
Bug me about PartesOS. I might just need reminding.
thepenguin77
z80 Assembly Master
LV10 31337 u53r (Next: 2000)
**********
Online Online

Gender: Male
Last Login: Today at 06:03:48
Date Registered: 14 December, 2009, 04:21:52
Location: Purdue
Posts: 1484


Total Post Ratings: +778

View Profile
« Reply #2 on: 27 September, 2010, 22:46:38 »
0
I don't know how possible it is, but is this what you are saying?

Create our own loader in say 10kb. Then use like 50kb to try to fake the checksum? If that's possible, it would be really cool, maybe if we devoted a few computers to such a feat it would be possible.
Logged
zStart v1.3.011 4-29-2013  zStart fully works on 83+BE's (except custom font)
All of my utilities
TI-Connect Help
You can build a statue out of either 1'x1' blocks or 12'x12' blocks. The 1'x1' blocks will take a lot longer, but the final product is worth it.
       -Runer112
graphmastur
King Graphmastur
LV11 Super Veteran (Next: 3000)
***********
Offline Offline

Gender: Male
Last Login: 02 February, 2013, 08:34:45
Date Registered: 03 June, 2010, 21:15:55
Posts: 2262


Total Post Ratings: +60

View Profile
« Reply #3 on: 28 September, 2010, 00:04:06 »
0
MD5 is not completely down and out. Besides, I would presume that the nspire might use SHA-1.  Just a theory considering the 1024 bit key.

And Because of the way hashes work, It would be easier to factor the RSA keys then trying to find a match.
Logged
willrandship
Omnimagus of the Multi-Base.
LV11 Super Veteran (Next: 3000)
***********
Offline Offline

Gender: Male
Last Login: Yesterday at 22:45:51
Date Registered: 11 April, 2010, 03:08:32
Location: Between Venus and Mars
Posts: 2638


Topic starter
Total Post Ratings: +66

View Profile
« Reply #4 on: 28 September, 2010, 01:45:32 »
0
Is there any way to know which method they used? It would really stink to develop a program to match the checksum of one type, only to have it be completely different from another, and be rejected.
Logged
Happybobjr
James Oldiges
LV11 Super Veteran (Next: 3000)
***********
Offline Offline

Gender: Male
Last Login: Today at 00:20:45
Date Registered: 01 June, 2010, 00:52:05
Location: IN, United States
Posts: 2273


Total Post Ratings: +100

View Profile
« Reply #5 on: 02 October, 2010, 17:38:39 »
0
any news about this?
Logged
School: East Central High School

Axe: 1.0.0
TI-84 +SE  ||| OS: 2.53 MP (patched) ||| Version: "M"
TI-Nspire    |||  Non-Cas |||  OS: 1.1 |||  Build: Old  |||  84+ keypad.   Being lent out
____________________________________________________________
AngelFish
This is my custom title
Administrator
LV12 Extreme Poster (Next: 5000)
*
Offline Offline

Gender: Male
Last Login: 18 May, 2013, 00:41:29
Date Registered: 15 August, 2010, 09:18:54
Posts: 3187


Total Post Ratings: +218

View Profile
« Reply #6 on: 01 March, 2012, 17:20:09 »
0
Quote from: graphmastur on 28 September, 2010, 00:04:06
MD5 is not completely down and out. Besides, I would presume that the nspire might use SHA-1.  Just a theory considering the 1024 bit key.

And Because of the way hashes work, It would be easier to factor the RSA keys then trying to find a match.

MD5 is down and out, as of 2006. SHA-1 isn't quite down and out, but it's struggling.

Insert obligatory "Holy Necropost Fishman" here Cheesy
Logged
∂²Ψ    -(2m(V(x)-E)Ψ
---  = -------------
∂x²        ℏ²Ψ
Art_of_camelot
The matrix has you.. ಠ_ಠ
Support Staff
LV12 Extreme Poster (Next: 5000)
*
Offline Offline

Last Login: Yesterday at 22:58:04
Date Registered: 30 August, 2008, 04:55:55
Location: Dr. Light's Laboratory
Posts: 4385


Total Post Ratings: +149

View Profile WWW
« Reply #7 on: 01 March, 2012, 17:31:58 »
0
That's one fishy necro! :O How did you happen to stumble onto this again anyways?
Logged
Projects:
TBA! Coming to an 83+ near you!

NerdTests.com says I'm a Cool Nerd King.  Click here to take the Nerd Test, get nerdy images and jokes, and write on the nerd forum!
AngelFish
This is my custom title
Administrator
LV12 Extreme Poster (Next: 5000)
*
Offline Offline

Gender: Male
Last Login: 18 May, 2013, 00:41:29
Date Registered: 15 August, 2010, 09:18:54
Posts: 3187


Total Post Ratings: +218

View Profile
« Reply #8 on: 01 March, 2012, 23:03:56 »
0
I was going over some security stuff and I remembered how computationally expensive it was to sign large quantities of data with public key algorithms. It got me thinking about how the Nspire would have to sign an entire OS if it didn't use hash of sorts and...
Logged
∂²Ψ    -(2m(V(x)-E)Ψ
---  = -------------
∂x²        ℏ²Ψ
Jim Bauwens
Lua! Nspire! Linux!
Editor
LV10 31337 u53r (Next: 2000)
*
Offline Offline

Gender: Male
Last Login: Today at 00:47:15
Date Registered: 28 February, 2011, 22:32:12
Location: Belgium
Posts: 1733


Total Post Ratings: +180

View Profile WWW
« Reply #9 on: 02 March, 2012, 12:16:18 »
0
Very interesting Smiley
Got to research some more details.
Logged


TI-Nspire projects of me:
nCreator | PCspire | Klondike Lua | LogoMagic | EEPro for the TI-Nspire | Pegs | General math definitions
Jonius7
aka jhgenius
LV10 31337 u53r (Next: 2000)
**********
Offline Offline

Gender: Male
Last Login: 11 May, 2013, 13:18:02
Date Registered: 03 September, 2010, 02:50:11
Location: Gold Coast, Australia
Posts: 1743


Total Post Ratings: +50

View Profile WWW
« Reply #10 on: 02 March, 2012, 12:22:35 »
0
That would be tricky overall, but it would be possible considering we've got ndless already manipulating the OS a bit. So effectively, we would be able to write a different OS (GUI) or shell?
« Last Edit: 02 March, 2012, 12:22:46 by Jonius7 » Logged


Userbars.com is down?
+9001
Intermediate TI-nspire Basic Programmer
Programmed some CASIO Basic in the past
DJ_O Music Discographist Wink
Userbars for these coming... in the process
My Released and Announced Projects (Updated 2013/01/29)
TI-nspire BASIC
TI-nspire Hold 'em | Health Bar | Scissors Paper Rock | Battle of 16s (stalled) | sTIck RPG (stalled) | Monopoly (stalled)
TI-nspire Lua
Numstrat | TI-nspire Hold 'em Lua | Terraria (coming soon)
Axe Parser
Doodle God (stalled while I go and learn some Axe)
Spoiler for Other Stuff:
Spoiler for Want your own HonestDownloads userbar?:
Hello! Do you want to show your affection for my website, HonestDownloads? Then here is a userbar I specially created earlier just for HonestDownloads users!

To add it to your signature just copy and paste the code below into your sig and you'll become an instant supporter of my website!
Code: Select All | Copy To Clipboard

1
[URL=http://www.jhgenius01.webs.com][IMG]http://s1.bild.me/bilder/060112/3684792HDuserbaruser.png[/IMG][/URL]
Spoiler for My TI-nspire Basic Programs (Updated 2012/04/15):
***List of Programs in the TI-nspire Stadium***
Group Release 2012/04/07 on omnimaga.org

Games
   Noteable Release    ticalc.org Release Development/Not Publicly Released
2010/05/08 TI-nspire Hold 'em
   2012/04/07 v1.1.2   2012/04/10 v1.1.3  2012/04/14 v1.2.1
2010/08/03 Cosmic Legions
   2012/04/07 v0.2.2.2 (1st Release)
2010/08/12 Battle of 16s
   2012/04/07 v0.2.7
2010/09/10 Health Bar
   2012/04/07 v1.2     2012/04/02 v1.0   
2010/12/04 sTIck RPG
   2012/04/07 v0.1.5.2
2011/01/09 Monopoly
   2012/04/07 v0.16    (1st Release)
2012/04/09 Scissors Paper Rock
   2012/04/14 v0.8.1

Miscellaneous
2010/11/07 中文 (Chinese) Demonstration
   2012/04/07 v1.3     (1st Release)

Potential/Minor Programs
2010/09/26 Shanghai Metro
   2012/04/07 v0.2     (1st Release)
2010/12/22 TI-nspire Programming Tutorials
   2012/04/07 v0.1     (1st Release)
2010/12/28 Casino Games
   Was not released.
2011/04/22 Interlink
   2012/04/07 v0.0.4   (1st Release)
2012/03/22 Hierarchy
   2012/04/07 v0.01

Demo Programs (some may become Potential Programs)
2010/06/23 Monopoly (Board)
   2012/04/07 Prototype
2010/07/14 Strategy Battle
   2012/04/07 v0.12
2010/10/05 JRPG
   2012/04/07 v0.2
2010/11/02 PlotGrid
   2012/04/07 v0.2
2010/11/24 civilizaTIon™
   2012/04/07 v0.11

Purely Informational
2011/01/05 TI-nspire Stadium Changelog
   2012/04/07 v2
   Created to list significant releases of my programs. A page similar to this List of Programs in the TI-nspire Stadium was included in the documentation of most of my programs until sometime in Late 2011/Early 2012.

All games and programs coded in TI-nspire Basic.
© 2010-2012 Jason Ho.
Last Updated 14 April 2012

jhgenius01.webs.com
Will be moving! Stay tuned for updates.
Spoiler for Progress of Doodle God Axe:
2011/12/21 4% - Progress Suspended, ideas of graphical sprites still uncertain
Spoiler for Other Other You Know What Other Stuff I'm Talking About Stuff Stuff (Updated 2012/01/17):
Jim Bauwens
Lua! Nspire! Linux!
Editor
LV10 31337 u53r (Next: 2000)
*
Offline Offline

Gender: Male
Last Login: Today at 00:47:15
Date Registered: 28 February, 2011, 22:32:12
Location: Belgium
Posts: 1733


Total Post Ratings: +180

View Profile WWW
« Reply #11 on: 02 March, 2012, 12:28:58 »
0
You can do that now already.
But the thing here is to have an alternative OS working without Ndless, and installed the the flash.
This would give also much more power to the user.
Logged


TI-Nspire projects of me:
nCreator | PCspire | Klondike Lua | LogoMagic | EEPro for the TI-Nspire | Pegs | General math definitions
Jonius7
aka jhgenius
LV10 31337 u53r (Next: 2000)
**********
Offline Offline

Gender: Male
Last Login: 11 May, 2013, 13:18:02
Date Registered: 03 September, 2010, 02:50:11
Location: Gold Coast, Australia
Posts: 1743


Total Post Ratings: +50

View Profile WWW
« Reply #12 on: 02 March, 2012, 12:30:53 »
0
Yeah I meant that, an OS independent of programs using the OS.
It would definitely give much more power to the user. But flexibility too.
« Last Edit: 02 March, 2012, 12:31:07 by Jonius7 » Logged


Userbars.com is down?
+9001
Intermediate TI-nspire Basic Programmer
Programmed some CASIO Basic in the past
DJ_O Music Discographist Wink
Userbars for these coming... in the process
My Released and Announced Projects (Updated 2013/01/29)
TI-nspire BASIC
TI-nspire Hold 'em | Health Bar | Scissors Paper Rock | Battle of 16s (stalled) | sTIck RPG (stalled) | Monopoly (stalled)
TI-nspire Lua
Numstrat | TI-nspire Hold 'em Lua | Terraria (coming soon)
Axe Parser
Doodle God (stalled while I go and learn some Axe)
Spoiler for Other Stuff:
Spoiler for Want your own HonestDownloads userbar?:
Hello! Do you want to show your affection for my website, HonestDownloads? Then here is a userbar I specially created earlier just for HonestDownloads users!

To add it to your signature just copy and paste the code below into your sig and you'll become an instant supporter of my website!
Code: Select All | Copy To Clipboard

1
[URL=http://www.jhgenius01.webs.com][IMG]http://s1.bild.me/bilder/060112/3684792HDuserbaruser.png[/IMG][/URL]
Spoiler for My TI-nspire Basic Programs (Updated 2012/04/15):
***List of Programs in the TI-nspire Stadium***
Group Release 2012/04/07 on omnimaga.org

Games
   Noteable Release    ticalc.org Release Development/Not Publicly Released
2010/05/08 TI-nspire Hold 'em
   2012/04/07 v1.1.2   2012/04/10 v1.1.3  2012/04/14 v1.2.1
2010/08/03 Cosmic Legions
   2012/04/07 v0.2.2.2 (1st Release)
2010/08/12 Battle of 16s
   2012/04/07 v0.2.7
2010/09/10 Health Bar
   2012/04/07 v1.2     2012/04/02 v1.0   
2010/12/04 sTIck RPG
   2012/04/07 v0.1.5.2
2011/01/09 Monopoly
   2012/04/07 v0.16    (1st Release)
2012/04/09 Scissors Paper Rock
   2012/04/14 v0.8.1

Miscellaneous
2010/11/07 中文 (Chinese) Demonstration
   2012/04/07 v1.3     (1st Release)

Potential/Minor Programs
2010/09/26 Shanghai Metro
   2012/04/07 v0.2     (1st Release)
2010/12/22 TI-nspire Programming Tutorials
   2012/04/07 v0.1     (1st Release)
2010/12/28 Casino Games
   Was not released.
2011/04/22 Interlink
   2012/04/07 v0.0.4   (1st Release)
2012/03/22 Hierarchy
   2012/04/07 v0.01

Demo Programs (some may become Potential Programs)
2010/06/23 Monopoly (Board)
   2012/04/07 Prototype
2010/07/14 Strategy Battle
   2012/04/07 v0.12
2010/10/05 JRPG
   2012/04/07 v0.2
2010/11/02 PlotGrid
   2012/04/07 v0.2
2010/11/24 civilizaTIon™
   2012/04/07 v0.11

Purely Informational
2011/01/05 TI-nspire Stadium Changelog
   2012/04/07 v2
   Created to list significant releases of my programs. A page similar to this List of Programs in the TI-nspire Stadium was included in the documentation of most of my programs until sometime in Late 2011/Early 2012.

All games and programs coded in TI-nspire Basic.
© 2010-2012 Jason Ho.
Last Updated 14 April 2012

jhgenius01.webs.com
Will be moving! Stay tuned for updates.
Spoiler for Progress of Doodle God Axe:
2011/12/21 4% - Progress Suspended, ideas of graphical sprites still uncertain
Spoiler for Other Other You Know What Other Stuff I'm Talking About Stuff Stuff (Updated 2012/01/17):
Lionel Debroux
LV10 31337 u53r (Next: 2000)
**********
Offline Offline

Gender: Male
Last Login: Yesterday at 22:10:34
Date Registered: 17 December, 2009, 09:37:25
Location: France
Posts: 1853

Total Post Ratings: +208

View Profile WWW
« Reply #13 on: 02 March, 2012, 21:11:13 »
0
jimbauwens pointed me to this topic.

Quote
Is there any way to know which method they (TI) used?
The method was publicly documented on Hackspire months before this thread was started Wink
Namely, TI uses SHA256, which is much stronger than SHA-0 or SHA-1, and of course even more stronger than MD5 (used in TI-Z80 and TI-68k series).

Finding a useful cryptographic hash collision would be like winning 10-15 times at the lottery, instead of 20-30 (or 40-60) with TF on the public RSA keys... that's immensely better, but still completely hopeless. Neither method is a usable way to achieve our basic user right, our freedom to tinker with the hardware we own.
Logged
Member of the TI-Chess Team.
Co-maintainer of GCC4TI (GCC4TI online documentation), TILP and TIEmu.
Co-admin of TI-Planet.
AngelFish
This is my custom title
Administrator
LV12 Extreme Poster (Next: 5000)
*
Offline Offline

Gender: Male
Last Login: 18 May, 2013, 00:41:29
Date Registered: 15 August, 2010, 09:18:54
Posts: 3187


Total Post Ratings: +218

View Profile
« Reply #14 on: 02 March, 2012, 23:24:18 »
0
I have to give TI props, they knew what they were doing this time with the Nspire. Although, being able to generate collisions would in fact give us a method to reinstall the OS because if the hash was sufficiently weak, it would give us the freedom to pick certain parts of the data and then select other sections of data to form a collision (basically a variation of the chosen-prefix attack).

Thanks for pointing out the information. I couldn't find the info on Hackspire Smiley
Logged
∂²Ψ    -(2m(V(x)-E)Ψ
---  = -------------
∂x²        ℏ²Ψ
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by EzPortal
Powered by MySQL Powered by SMF 1.1.18 | SMF © 2013, Simple Machines Powered by PHP
Page created in 0.384 seconds with 29 queries.
Skin by DJ Omnimaga edited from SMF default theme with the help of tr1p1ea.
All programs, games and songs avaliable on this website are property of their respective owners.
Best viewed in Opera, Firefox, Chrome and Safari with a resolution of 1024x768 or above.