Calculator Community > ASM
A routine to lock/unlock flash? (Request by Sir, relayed by me)
DJ Omnimaga:
Ok, since SirCmpwn cannot visit any TI site until Summer 2011, I am relaying his request for him:
He would like to ask if someone has a routine to lock/unlock flash memory? He also wants to know which pages would this affect?
_player1537:
maybe ask brandon for one, I know he has used it. But he says it is pretty dangerous iirc
Galandros:
This has been questioned and answered in some UTI topics. mapar007 should have one routine for that and calcmaniac84 probably will (for his TI-Boy SE).
I know he can not visit the TI forums but we can save the pages and send to him. Or see WikiTI ports documentation, I have saw there code to unlock flash.
And Brandon Wilson has the most up to date method to unlock flash (if there is some bcall we can use or details in the instructions to unlock flash) and even knows details in the emulated TI-84+ SE in a Nspire unlock flash.
mapar007:
I'll do my duty, then :P
The 'universal exploit' that works on all OS versions. (c) Brandon Wilson
--- Code: ---
UnlockFlash:
;Unlocks Flash protection.
;Destroys: appBackUpScreen
; pagedCount
; pagedGetPtr
; arcInfo
; iMathPtr5
; pagedBuf
; ramCode
in a,(6)
push af
ld a,7Bh
call translatePage
out (6),a
ld hl,5092h
ld e,(hl)
inc hl
ld d,(hl)
inc hl
ld a,(hl)
call translatePage
out (6),a
ex de,hl
ld a,0CCh
ld bc,0FFFFh
cpir
ld e,(hl)
inc hl
ld d,(hl)
push de
pop ix
ld hl,9898h
ld (hl),0C3h
inc hl
ld (hl),returnPoint & 11111111b
inc hl
ld (hl),returnPoint >> 8
ld hl,pagedBuf
ld (hl),98h
ld de,pagedBuf+1
ld bc,49
ldir
ld (iMathPtr5),sp
ld hl,(iMathPtr5)
ld de,9A00h
ld bc,50
ldir
ld de,(iMathPtr5)
ld hl,-12
add hl,de
ld (iMathPtr5),hl
ld iy,0056h-25h
ld a,50
ld (pagedCount),a
ld a,8
ld (arcInfo),a
jp (ix)
translatePage:
ld b,a
in a,(2)
and 80h
jr z,_is83P
in a,(21h)
and 3
ld a,b
ret nz
and 3Fh
ret
_is83P: ld a,b
and 1Fh
ret
returnPoint:
ld iy,flags
ld hl,(iMathPtr5)
ld de,12
add hl,de
ld sp,hl
ex de,hl
ld hl,9A00h
ld bc,50
ldir
pop af
out (6),a
ret
--- End code ---
EDIT:
To answer the second question: unlocking flash enables writing on all pages of the Flash memory (except the boot code, of course), and additionally grants access to the certificate page (7Eh).
DJ Omnimaga:
OOOH RIGHT! The last part is the one that can be the most dangerous. I think this is what Brandon talked about. When unlocking flash, be VERY careful to not overwrite the certificate, otherwise, big "OOPS".
Navigation
[0] Message Index
[#] Next page
Go to full version