Author Topic: Would Ndless 3.0 be possible through Lua?  (Read 15586 times)

0 Members and 1 Guest are viewing this topic.

Offline DJ Omnimaga

  • Former TI programmer
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55910
  • Rating: +3152/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • DJ Omnimaga Music
Would Ndless 3.0 be possible through Lua?
« on: April 17, 2011, 09:53:56 pm »
Hi,

On ticalc.org, Kevin Kofler mentions something about these bugs: http://www.lua.org/bugs.html#5.1.4-1

Assuming that TI did not fix these, I wonder if they could be used to run some third-party ASM code? Of course I do not know about that stuff much, I just saw his comment at http://www.ticalc.org/archives/news/articles/14/147/147339.html and thought it might be interesting.

I wasn't sure if this should go in the Lua or Ndless section, but since it involves Nspire jailbreaking, I thought it would fit better with Ndless.

Offline willrandship

  • Omnimagus of the Multi-Base.
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2953
  • Rating: +98/-13
  • Insert sugar to begin programming subroutine.
    • View Profile
Re: Would Ndless 3.0 be possible through Lua?
« Reply #1 on: April 17, 2011, 10:26:57 pm »
The stack overflow ones look the most promising to me. Overflows are usually what allow exploits in the first place.

Best part is, there's no way to fix it since it's a Lua bug, not a TI one :) and we've got a nice list to use, for 3.1,3.2,etc :P
« Last Edit: April 17, 2011, 10:27:33 pm by willrandship »

Offline calc84maniac

  • eZ80 Guru
  • Coder Of Tomorrow
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2898
  • Rating: +467/-17
    • View Profile
    • TI-Boy CE
Re: Would Ndless 3.0 be possible through Lua?
« Reply #2 on: April 17, 2011, 10:27:41 pm »
The stack overflow ones look the most promising to me. Overflows are usually what allow exploits in the first place.

Best part is, there's no way to fix it since it's a Lua bug, not a TI one :)
TI can make any changes to the Lua code that they want to, so don't be too sure there.
"Most people ask, 'What does a thing do?' Hackers ask, 'What can I make it do?'" - Pablos Holman

Offline willrandship

  • Omnimagus of the Multi-Base.
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2953
  • Rating: +98/-13
  • Insert sugar to begin programming subroutine.
    • View Profile
Re: Would Ndless 3.0 be possible through Lua?
« Reply #3 on: April 17, 2011, 10:28:56 pm »
Sure, I guess, but then they're not using the same Lua, and hopefully they break their periodic table :P

Offline Munchor

  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 6199
  • Rating: +295/-121
  • Code Recycler
    • View Profile
Re: Would Ndless 3.0 be possible through Lua?
« Reply #4 on: April 18, 2011, 06:21:32 am »
Lua is interpreted so I'm not of how level it can be, but it's promising, some way of allowing the NSpire to C/ARM by making a Lua program like NDless.

Offline Lionel Debroux

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2135
  • Rating: +290/-45
    • View Profile
    • TI-Chess Team
Re: Would Ndless 3.0 be possible through Lua?
« Reply #5 on: April 18, 2011, 06:31:50 am »
Kofler is not the first person to think of the bugs listed on the Lua bug page ;)

* the first bug involves precompiled code - but third-party Lua TNS documents are plain text, so we can't feed malformed precompiled code into TI's stripped interpreter through that means;
* the second bug involves making C call a Lua function, if the description is correct, and I'm not sure how we could do that (functions of the Lua interpreter calling back into our Lua functions ?);

* bugs 3 to 9 have patches - but executing the testcases (thanks AdRiWeB) for bugs 3 and 9 shows that the Lua is an unpatched version, i.e. TI has made the blunder of not patching 5.1.4 :D

Bug 8 is unreachable, given that TI's stripped-down Lua doesn't contain the "io" functions, according to Hackspire.
Bug 3, 5, 6 and 9 don't show any potential for exploitation.
That leaves bugs 4 (memory corruption, which is often hard to exploit reliably) and 7.
« Last Edit: April 18, 2011, 08:18:24 am by Lionel Debroux »
Member of the TI-Chess Team.
Co-maintainer of GCC4TI (GCC4TI online documentation), TILP and TIEmu.
Co-admin of TI-Planet.

Offline DJ Omnimaga

  • Former TI programmer
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55910
  • Rating: +3152/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • DJ Omnimaga Music
Re: Would Ndless 3.0 be possible through Lua?
« Reply #6 on: May 26, 2011, 12:45:11 am »
Darn this sucks. I wonder if there will eventually be a way? I know I read somewhere on TI-BANK or ExtendeD blog that maybe Lua could be used to run Ndless. Has anything new been discovered so far?

Offline Jim Bauwens

  • Lua! Nspire! Linux!
  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1881
  • Rating: +206/-7
  • Linux!
    • View Profile
    • nothing...
Re: Would Ndless 3.0 be possible through Lua?
« Reply #7 on: May 26, 2011, 03:13:58 am »
Well, I found something yesterday that might help. I managed get a buffer overflow, and for replace parts of memory (actually, fill it with my data). I think it would be possible to get code execution through this, but I'm not sure.

Offline DJ Omnimaga

  • Former TI programmer
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55910
  • Rating: +3152/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • DJ Omnimaga Music
Re: Would Ndless 3.0 be possible through Lua?
« Reply #8 on: May 26, 2011, 03:51:17 am »
Oh nice! It would be cool to check.

Btw although you now use an IRC chan or the Lua site to document stuff, keep us informed of new discoveries here too :)

Offline Jim Bauwens

  • Lua! Nspire! Linux!
  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1881
  • Rating: +206/-7
  • Linux!
    • View Profile
    • nothing...
Re: Would Ndless 3.0 be possible through Lua?
« Reply #9 on: May 26, 2011, 04:07:53 am »
Sure  :D
I just don't want to be hasty, saying I found something when its not special at all  ^-^

Offline DJ Omnimaga

  • Former TI programmer
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55910
  • Rating: +3152/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • DJ Omnimaga Music
Re: Would Ndless 3.0 be possible through Lua?
« Reply #10 on: May 26, 2011, 04:08:45 am »
Yeah I understand. I just mean it's best to not keep stuff away from public too much, else people are not informed on some stuff. It also increases discussion about stuff :P

Offline TIfanx1999

  • ಠ_ಠ ( ͡° ͜ʖ ͡°)
  • CoT Emeritus
  • LV13 Extreme Addict (Next: 9001)
  • *
  • Posts: 6173
  • Rating: +191/-9
    • View Profile
Re: Would Ndless 3.0 be possible through Lua?
« Reply #11 on: May 26, 2011, 09:09:49 am »
That's a pretty cool find Jim! Hopefully it'll lead to something more. :D

Offline Adriweb

  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1708
  • Rating: +229/-17
    • View Profile
    • TI-Planet.org
Re: Would Ndless 3.0 be possible through Lua?
« Reply #12 on: May 26, 2011, 09:13:15 am »
The lua code for the buffer overflow was sent to Extended, and he replied and said it's interesting ;)
« Last Edit: May 26, 2011, 09:13:58 am by adriweb »
My calculator programs
TI-Planet.org co-admin.
TI-Nspire Lua programming : Tutorials  |  API Documentation

Offline ztrumpet

  • The Rarely Active One
  • CoT Emeritus
  • LV13 Extreme Addict (Next: 9001)
  • *
  • Posts: 5712
  • Rating: +364/-4
  • If you see this, send me a PM. Just for fun.
    • View Profile
Re: Would Ndless 3.0 be possible through Lua?
« Reply #13 on: May 26, 2011, 05:11:16 pm »
That's pretty cool.  Nice job, Jim! :D

Offline ruler501

  • Meep
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2475
  • Rating: +66/-9
  • Crazy Programmer
    • View Profile
Re: Would Ndless 3.0 be possible through Lua?
« Reply #14 on: May 26, 2011, 05:58:10 pm »
Well, I found something yesterday that might help. I managed get a buffer overflow, and for replace parts of memory (actually, fill it with my data). I think it would be possible to get code execution through this, but I'm not sure.
Have we seen if that data could be executed yet? How much data can you write?
This is wonderful news. Ndless 3.0 will hopefully be here soon
I currently don't do much, but I am a developer for a game you should totally try out called AssaultCube Reloaded download here https://assaultcuber.codeplex.com/
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM/CS/M/S d- s++: a---- C++ UL++ P+ L++ E---- W++ N o? K- w-- o? !M V?
PS+ PE+ Y+ PGP++ t 5? X R tv-- b+++ DI+ D+ G++ e- h! !r y