Omnimaga

Omnimaga => News => Topic started by: critor on May 28, 2012, 11:40:34 am

Title: Downgrade your TI-84 without reflashing the Boot Code
Post by: critor on May 28, 2012, 11:40:34 am

Summer 2009, the TI community factored all 512-bits RSA keys used to validate OS and Apps installation on TI-z80 and TI-68k Flash calculators.

This opened the way to:

• patched OSes and Apps
• 3rd party OSes and Apps

Some of the patches disabled the TI-84 PTT mode, and TI must have been bothered with that.

Spring 2011 (http://ourl.ca/11565), we discovered a new 1.03 Boot Code on the new TI-84 Pocket and on TI-84 Plus hardware revision Q and above.



That new Boot Code adds a 2nd validation check for the OS installation with a 2048-bits RSA key only included in OS 2.55MP.

So you had to:

• wait 6 additional minutes at the "Validating..." screen after sending an OS
• stay with the lastest 2.55MP OS which breaks compatibility with several asm games

(http://i.imgur.com/9cowL.jpg) (http://i.imgur.com/aO10u.jpg)

Then, Brandon Wilson discovered a way to reflash the TI-84 Boot Code. You could then downgrade your Boot Code to 1.02 or 1.00 and then downgrade the OS. ;D(http://www.omnimaga.org/Themes/default/images/gpbp_arrow_up.gif)
But you had to get such Boot Code image, which is different between basic and Silver Edition TI-84.

(http://i.imgur.com/MFjW8.gif)

Brandon then released EpicFail, a Boot Code 1.03 patch. No need to dump the Boot Code on a model you don't own anymore.
But you might break your TI-84 permanently if anything bad happends during the Boot Code flashing, and using such tools might void your warranty from TI point of view.



Brandon then worked on a 3rd way: a patched TI-84 2.43 OS which can be installed on Boot Code 1.03 because of some exploits. But it could not be shared publicly because of copyright reasons...

On TI-Planet we just converted that into a dynamic patch for every TI-84 OS; Make103!  ;D(http://www.omnimaga.org/Themes/default/images/gpbp_arrow_up.gif)

You can now make every TI-84 0.46 to 2.53MP OS installable on your original Boot Code 1.03! ;D(http://www.omnimaga.org/Themes/default/images/gpbp_arrow_up.gif)
It also works with TI-83 Plus OSes patched to be installed on the TI-84.
For now it doesn't work with 3rd-party OSes which are much smaller and don't reach the 2048-bits RSA key location (and so exploit) in ROM.



Download from the TI-Planet news:
http://tiplanet.org/forum/viewtopic.php?t=9333

Title: Re: Downgrade your TI-84 withour reflashing the Boot Code
Post by: thepenguin77 on May 28, 2012, 11:43:54 am

If you want to do 3rd party OS's, or any OS for that matter, don't forget unsigned (http://www.ticalc.org/archives/files/fileinfo/441/44190.html). It lets you send unsigned OS's to your calculator.

Title: Re: Downgrade your TI-84 withour reflashing the Boot Code
Post by: critor on May 28, 2012, 11:52:48 am

Oh sorry, I missed it.

Seems we made similar patches. :)

Title: Re: Downgrade your TI-84 without reflashing the Boot Code
Post by: thepenguin77 on May 28, 2012, 12:30:13 pm

Actually, mine is very different. It mods the certificate.

The difference is that the brandonW version is specific to the OS while mine is specific to the calculator.

Title: Re: Downgrade your TI-84 without reflashing the Boot Code
Post by: apcalc on May 28, 2012, 01:40:07 pm

Very nice!  Great pics and work! ;)

Title: Re: Downgrade your TI-84 without reflashing the Boot Code
Post by: DJ Omnimaga on May 28, 2012, 03:40:11 pm

Good stuff Critor :)

Title: Re: Downgrade your TI-84 without reflashing the Boot Code
Post by: Juju on May 28, 2012, 06:53:47 pm

Hey that's great :D

Title: Re: Downgrade your TI-84 without reflashing the Boot Code
Post by: blue_bear_94 on May 29, 2012, 04:09:52 pm

By the way, there was a 0.46?