In a previous news, we saw that a small broaching difference around the NOR Flash chip in TI-Nspire ClickPad prototypes was making the chip writeable.

This ability to reprogram the Boot1 had then helped us transforming TI-Nspire ClickPad prototypes into fully functionnal production TI-Nspire.



In a previous news, an anonymous source had published information about a hardware mod for production TI-Nspire ClickPad, which would make the Flash NOR chip writeable like on prototypes.

We were unable to obtain any further information, so it was best to try ourselves to check:

The installation does require a switch to toggle between the original and modified states of the calculator. Indeed, in the modified state the calculator does not boot, which suggests that there are other hardware differences with the prototypes since those are able to boot in this state.


Once the OS has started, you just have to flip the switch before launching the NOR flasher.

Let's try to reprogram a 1.1.8916 Boot1, with its version string modified to 1.1.9999...


Success!



Since you can now modify the Boot1 exactly as you want, it becomes possible to program anything as Boot2 and diagnostics software, or even as OS.

The possibilities are simply huge!
Note that the Boot1 does launch either the Boot2, either the diagnostic software. Both use the same format in memory and are fully interchangeable, the only constraint being the size (the diags area is limited to 640KB, but the code can be compressed).

We could have our own diagnostics / troubleshooting / maintenance software, with more and greater options than the official one...

Or permanently install Linux by programming a loader as a Boot2 or Diags...

Or even have a true dual-boot, to run two different OS ... for example to switch between the Nspire OS and Linux... or to switch between OS 3.1 (for Ndless) and OS 3.2 (for new Lua apps)... No need for a computer or another calculator anymore to constantly install the currently needed OS every 2 days!

And much more...



But don't be too excited: we are talking about TI-Nspire ClickPad sold until 2009-2010, which had an external Flash-NOR chip.

From 2010-2011, TI-Nspire TouchPad, CX and CM had their Flash-NOR chip moved inside the ASIC.

This internal Flash-NOR internal is unknown and probably write-protected. A similar change would require to uncap the ASIC chip without destroying it and then modify it under a microscope... Let's say it more simply: it's impossible.



Source:
http://tiplanet.org/forum/viewtopic.php?p=133688&lang=en

A similar change would require to uncap the ASIC chip without destroying it and then modify it under a microscope... Let's say it more simply: it's impossible.[/i]

But Calc84maniac made a GBA emulator for the Nspire, so that must be possible!

But joking aside, good job critor

 Well it's useless, the clickpad are out there already and not produced anymore, so....

This is revolutionary!  We must figure out a way to flash boot1 on the CX even if it is "impossible".

Answering to myself.

Here is Adriweb's TI-Nspire CAS ClickPad hardware revision E:


Only 2 chips - we won't be able to reflash the Boot1 which is inside the ASIC.


Seems like TI fixed that exploit very early, and we should have released many things years ago.

TI-Nspire ClickPad hardware revisions E and later won't be flashable.


So, we now need to check TI-Nspire ClickPad hardware revisions B, C, D.
Thanks.




Edit: now from Excale, a TI-Nspire CAS ClickPad hardware revision C (P-0308C).

It uses the new hardware: new ASIC reference and no Flash-NOR chip

We now need someone with a TI-Nspire ClickPad hardware revision B.

But apparently it seems that only prototypes and first production models manufactured in 2007 will be reflashable.

But would you still need to hardware-mod?

Yes, indeed (so that's reducing the range of HW revisions of CLickpad to pre-A (nothing shown after the date), and possibly A and B)

A is confirmed to be flashable after the hardware mod.
I've got a Nspire hardware revision A, sent to me by Lionel.

pre-A models need the hardware mod too.

The only unknown remains hardware revision B.

You can load a CAS os?