Omnimaga
Omnimaga => News => Topic started by: DJ Omnimaga on March 30, 2011, 05:24:59 pm
-
As mentionned in the previous news article, the method used by DiagsLauncher to circumvent the RSA signatures protections to launch any Diagnostic Software images on any TI-Nspire model, this method could be possibly used to do the same with Boot1 and Boot2. Well, here comes Boot2Launcher, by bsl too!
Boot2 is what verifies the OS and launch it, for example to disallow the execution of commercial OSes on prototype models for example. What could possibility be done with a modified Boot2 image?
Source of both news and download link: TI-BANK article (http://ti.bank.free.fr/index.php?mod=news&ac=commentaires&id=1026)
-
Thank you for the news.
Just for information, Boot2Launcher has been developped by Bsl.
-
O.o
this is big news indeed.
-
Wow! We are so close to freeing the Nspire forever! How do you guys work so fast? O.O
-
This is awesome! So it means we can develop and boot 3rd party boot2 and OSes on the Nspire?
This is a great day in the Nspire history.
Now I want an Nspire.
-
now the hard part, making an entire OS :P
though it would probably take 1/3rd the size of the current OS, and be 6 times better.
-
Woah, modified boot image! This looks great, how awesome!
The community is moving faster, but still thanks to Ndless :D
-
also, this is good because if we crack the RSA and TI changes it, then we're not totally screwed :P
-
This is awesome! So it means we can develop and boot 3rd party boot2 and OSes on the Nspire?
As I understand it, no. If you want to run a modified OS, you need this and a modified boot2. But it will give you problems on a reboot. I don't think there is a way to install a custom OS, as boot2 is checked by boot1 every boot. All this does is launch boot2 directly so boot1 does not check it. Every time you want to run your custom OS you would need to boot a normal OS, ndless it, and then run this. (I have no idea what the next step to get the loaded boot2 to load your os wold be. Just drag a tnc into ti-link?)
Please correct me if I'm wrong, I think this also requires you to re-install the os at every reboot. (As the installed boot2 would reject the custom image)
So for this to be useful for that you would need to modify boot2 to accept all OSes (I don't know how) and then pack your custom OS in an image inside a tno/tnc. But as goplat suggested in the other thread, the best way to load your own os is just as an ndless prog.
And it's more likely to rain pink robotic unicorns then it is for the RSA key to be factored.
-
:D Nobody can stop us, not even the mighty TI!
I'm sure we can hack the CX in half the time it took us for this. :P
-
I wonder if they'll postpone the CX to fix this stuff when they find out about this...
-
I'm sure we can hack the CX in half the time it took us for this. :P
(http://farm1.static.flickr.com/50/137085364_df42918db1.jpg)
-
I bet it will take longer than it did to hack the Prizm. :P
-
Maybe built in ndless. No more reinstalling. I switch between the ti-84 pad and the nspire ones.
-
I bet it will take longer than it did to hack the Prizm. :P
Well, that was an insanely fast hack :P
Maybe built in ndless. No more reinstalling. I switch between the ti-84 pad and the nspire ones.
Or an entirely new OS. The possibilities are Ndless (:P).
But that's a really good idea, for compatibility. Plus teachers/parents wouldn't get suspicious.
-
IMO a whole OS would take forever and a half. ndless built in wouldnt take as long. Are there even any finished OSes for the 8x series?
-
Maybe built in ndless. No more reinstalling.
What do you mean by this?
-
Mod the Nspire OS to allow ASM natively.
-
When the calculator shuts itself off completely, like you need to boot up again, you must rerun ndless_installer. This also happens wehn you turn off and change pads...
ps firefox is pissing me off... english dictionary isn't installed or something
edit:... some reason the thing was in German...
-
ps firefox is pissing me off... english dictionary isn't installed or something
edit:... some reason the thing was in German...
:P People at my school do that all the time to mess everyone else up. That and changing the keyboard layout to Hiragana.
-
Ahaha.
-
This doesn't really "hack" anything new. You can't save changes to the OS with this.
All this is is an alternate method of loading boot2. Boot2 verifies the OS on every boot. You can't change boot2, because boot1 checks it before running it on every boot. This just loads boot2 without booting the calculator, thus avoiding the the boot1 check of boot2. This does nothing permanent.
If you use this to load a modified OS, (because boot2 checks the OS, so if you manage to modify boot2 you don't need a signed OS) when you restart the calc you will either get the same ndlessless OS you had before, or the calc won't boot at all because the installed os isn't signed. This would be a MAJOR pain in the a** if you just wanted, say, cas on a regular nspire. You would need to re-install the OS twice every reboot to get cas back.
I am not sure which of those two possibilities is correct, though.
-
That's why we should not force the installation of the OS we want to lauch, but run it over another Ndlessed OS.
When you restart the calc, you'll just have to:
- Ndless the original OS again
- relaunch your "special" OS
-
That's why we should not force the installation of the OS we want to lauch, but run it over another Ndlessed OS.
How do you run a "Special" OS over an Ndlessed OS with boot2launcher?
-
If the OS is not compressed/encrypted (TNC/TNO files), you can just launch it directly like any program.
-
If the OS is not compressed/encrypted (TNC/TNO files), you can just launch it directly like any program.
Wow! I assume you would still need a modified boot2 to load a modified OS? Is anyone working on that?
-
I assume you would still need a modified boot2 to load a modified OS?
Probably not. IIRC, from the files' sizes, RunOS didn't use a modified boot2.
Hot-patching the OS in RAM before launching it seems necessary.
-
If the OS is not compressed/encrypted (TNC/TNO files), you can just launch it directly like any program.
Launch directly like renaming to .tns and opening as any ndless program, or launch like diagslauncher/boot2launcher by loading into ram and directly executing? So all that is really needed to run an OS directly is to decrypt the image? (Does boot2 do that or does the OS do that as it loads?) If you ran them that way, would you lose the extra files included in the compressed image? (all the /phx stuff (is that folder any different for the CAS and basic nspire?)) Could you obtain a decompressed copy of the OS from nspire_emu as it is running, or would you need to look inside boot2?
Hot-patching the OS in RAM before launching it seems necessary.
Are you referring to an uncompressed and unencrypted OS image file launched in the same way as diagslauncher/boot2launcher? If so, what functions would need to be patched and why? (Or is this not a suitable topic)
And who made RunOS? The only info I could find on it was that video posted on youtube.
Sorry for all the endless questions...
-
Indeed, many questions :D:
Launch directly like renaming to .tns and opening as any ndless program, or launch like diagslauncher/boot2launcher by loading into ram and directly executing?
In my view, renaming the pristine .tnc/.tno / the TNOC-shrinked .tnc/.tno / the OS image manually extracted by the user to .tns on the computer before transferring it as a regular file, and launching the "OSLauncher" (Ndless program) .tns.
So all that is really needed to run an OS directly is to decrypt the image?
Probably not just decrypt it.
I'm positive that the decryption can be performed on the calculator, at the cost of increased launching time. In fact, it needs to be for user convenience reasons.
(Does boot2 do that or does the OS do that as it loads?)
The boot2 decrypts the OS, indeed.
If you ran them that way, would you lose the extra files included in the compressed image? (all the /phx stuff (is that folder any different for the CAS and basic nspire?))
I'm not sure, so I'll let others reply to that bit.
Could you obtain a decompressed copy of the OS from nspire_emu as it is running
Yes, but you couldn't distribute it anyway, for legal reasons.
or would you need to look inside boot2?
For on-calc decryption, yes. Two methods were publicly posted in the past, but at least one of them was redacted. Anyway, they involved searching for the Blowfish decryption functions and key, and either using the embedded decryption functions in a generic emulator (whose addresses in the boot2 1.4.x and OS 1.7.2741, 2.0.1.60 and 2.1.0.631 are known, perhaps not publicly though), or a set of Blowfish functions as part of an external program.]
Hot-patching the OS in RAM before launching it seems necessary.
Are you referring to an uncompressed and unencrypted OS image file launched in the same way as diagslauncher/boot2launcher?
I'm referring to the OS image after decryption, but the OS image could be stored in encrypted form and launched by "OSLauncher".
If so, what functions would need to be patched and why?
No precise idea (i.e. I think I can imagine some reasons, but not give any specifics - at least without looking e.g. at the Ndless source), I'm just reposting what critor wrote elsewhere :)
And who made RunOS?
geogeo & ExtendeD, AFAICT.
[various EDITs: grammar at one place, and additions.]
-
Thank you very much for that informative post!
Now I have some research to do :thumbsup:
-
I'm kind of overwhelmed with information, so just making sure...
This is an ndless program that launches a boot2.
You still must have TI's os installed to run this.
The boot2 is running on top of TI's os.
There is currently no way to automatically launch your own boot2 / os when the calculator starts up.
-
I'm kind of overwhelmed with information, so just making sure...
This is an ndless program that launches a boot2.
Yes
You still must have TI's os installed to run this.
Yes
The boot2 is running on top of TI's os.
That, or it's restarting the calc using the custom boot2(Meaning the original OS is no longer running).(I'm not really sure which)
There is currently no way to automatically launch your own boot2 / os when the calculator starts up.
True.