Author Topic: OS 3.0.2 downgrade now possible with DowngradeFix  (Read 9982 times)

0 Members and 1 Guest are viewing this topic.

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
OS 3.0.2 downgrade now possible with DowngradeFix
« on: June 15, 2011, 06:20:27 pm »
Good news! :)

If you have installed the 3.0.2 OS without the 3.0.1 Boot2 (so if you're still on the 1.4 Boot2), a new software way of downgrading the OS has just been released.

It just does the same thing as Nleash, but in a different way.


Check here:
http://ti.bank.free.fr/index.php?mod=news&ac=commentaires&id=1184


Note that unless they really want to, I don't credit new Nspire hacks developers anymore.
So the author of the tool is unknown in the TI-Bank database.


If you have installed the 3.0.1 Boot2, you'll still need to downgrade it with an RS232 interface, befor being able to remove the 3.0.2 OS downgrade protection with this new software tool.


Have fun.
« Last Edit: June 16, 2011, 04:26:13 am by DJ_O »
TI-Planet co-admin.

Offline Deep Toaster

  • So much to do, so much time, so little motivation
  • Administrator
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 8217
  • Rating: +758/-15
    • View Profile
    • ClrHome
OS 3.0.2 downgrade now possible with DowngradeFix
« Reply #1 on: June 15, 2011, 08:09:49 pm »
You guys rock :w00t:




Offline DJ Omnimaga

  • Former TI programmer
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55913
  • Rating: +3152/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • DJ Omnimaga Music
Re: OS 3.0.2 downgrade now possible with DowngradeFix
« Reply #2 on: June 15, 2011, 10:56:12 pm »
Split topic and moving to news. This is awesome!

Offline Netham45

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2103
  • Rating: +213/-4
  • *explodes*
    • View Profile
Re: OS 3.0.2 downgrade now possible with DowngradeFix
« Reply #3 on: June 15, 2011, 10:57:14 pm »
This means we have code execution on 3.0.{1,2}?
Omnimaga Admin

Offline DJ Omnimaga

  • Former TI programmer
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55913
  • Rating: +3152/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • DJ Omnimaga Music
Re: OS 3.0.2 downgrade now possible with DowngradeFix
« Reply #4 on: June 15, 2011, 11:05:40 pm »
From what I gather on TI-BANK, when you installed OS 3.0.2 you must have ran it through TNOC first to remove Boot2 3.0, removing the other downgrade protection that was present in it. Now what you do to remove the 2nd anti-downgrade protection that is present in OS 3.0.2 itself, is that you delete the OS via maintenance menu, then send a fake OS called DowngradeFix that will launch ASM code, thanks to an exploit found in Boot2 1.4, removing the anti-downgrade protection.

One concern I have, though, is if it's compatible with the regular TI-Nspire? Because I only see a CAS file present in the download ???

Offline TIfanx1999

  • ಠ_ಠ ( ͡° ͜ʖ ͡°)
  • CoT Emeritus
  • LV13 Extreme Addict (Next: 9001)
  • *
  • Posts: 6173
  • Rating: +191/-9
    • View Profile
Re: OS 3.0.2 downgrade now possible with DowngradeFix
« Reply #5 on: June 15, 2011, 11:11:28 pm »
Damn, that was fast! O.O Great work guys!  :thumbsup:

Offline Deep Toaster

  • So much to do, so much time, so little motivation
  • Administrator
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 8217
  • Rating: +758/-15
    • View Profile
    • ClrHome
Re: OS 3.0.2 downgrade now possible with DowngradeFix
« Reply #6 on: June 15, 2011, 11:14:29 pm »
Damn, that was fast! O.O Great work guys!  ;D
^ It's amazing what you guys do over there.
Quote from: OmnomIRC
[21:10:36] <DJ_O> OS 3.0.3 just got released and DowngradeFix doesn't work in it :(
<_<
Spoiler For Spoiler:
Quote from: OmnomIRC
[21:10:40] <DJ_O> j/k
« Last Edit: June 15, 2011, 11:15:52 pm by Deep Thought »




Offline Netham45

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2103
  • Rating: +213/-4
  • *explodes*
    • View Profile
Re: OS 3.0.2 downgrade now possible with DowngradeFix
« Reply #7 on: June 15, 2011, 11:16:23 pm »
just curious, are you using the same buffer overflow on zips as in the other ndless/nleash?
Omnimaga Admin

Offline Juju

  • Incredibly sexy mare
  • Coder Of Tomorrow
  • LV13 Extreme Addict (Next: 9001)
  • *************
  • Posts: 5730
  • Rating: +500/-19
  • Weird programmer
    • View Profile
    • juju2143's shed
Re: OS 3.0.2 downgrade now possible with DowngradeFix
« Reply #8 on: June 15, 2011, 11:21:07 pm »
Well, that's awesome, good job guys :)

Remember the day the walrus started to fly...

I finally cleared my sig after 4 years you're happy now?
THEGAME
This signature is ridiculously large you've been warned.

The cute mare that used to be in my avatar is Yuki Kagayaki, you can follow her on Facebook and Tumblr.

Offline DJ Omnimaga

  • Former TI programmer
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55913
  • Rating: +3152/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • DJ Omnimaga Music
Re: OS 3.0.2 downgrade now possible with DowngradeFix
« Reply #9 on: June 16, 2011, 12:48:49 am »
Damn, that was fast! O.O Great work guys!  ;D
^ It's amazing what you guys do over there.
Quote from: OmnomIRC
[21:10:36] <DJ_O> OS 3.0.3 just got released and DowngradeFix doesn't work in it :(
<_<
Spoiler For Spoiler:
Quote from: OmnomIRC
[21:10:40] <DJ_O> j/k
THat said, they responded quite fast to the TNOC downgrade breaking on OS 3.0.1 D:

Offline aeTIos

  • Nonbinary computing specialist
  • LV12 Extreme Poster (Next: 5000)
  • ************
  • Posts: 3913
  • Rating: +184/-32
    • View Profile
    • wank.party
Re: OS 3.0.2 downgrade now possible with DowngradeFix
« Reply #10 on: June 16, 2011, 03:36:33 am »
Yay. great work, whoever did it.
I'm not a nerd but I pretend:

Offline Jim Bauwens

  • Lua! Nspire! Linux!
  • Editor
  • LV10 31337 u53r (Next: 2000)
  • **********
  • Posts: 1881
  • Rating: +206/-7
  • Linux!
    • View Profile
    • nothing...
Re: OS 3.0.2 downgrade now possible with DowngradeFix
« Reply #11 on: June 16, 2011, 03:37:52 am »
Wow, this is great news! Congratulations to all the people who made this possible :)

Offline critor

  • Editor
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2079
  • Rating: +439/-13
    • View Profile
    • TI-Planet
Re: OS 3.0.2 downgrade now possible with DowngradeFix
« Reply #12 on: June 16, 2011, 05:52:44 am »
The Boot2 1.4 is the same on CAS and non-CAS.

So just rename the tnc extension into tno and you can send the file on a non-CAS.


But as said in the end of my news, DowngradeFix is not a "good" solution.
You need the old 1.4 Boot2.

Most people with the 3.0.2 OS will also have the 3.0.1 Boot2 (which came preloaded into their Nspire, or which they didn't remove before updating as they weren't aware of the problem).

And in that configuration, there is currently no way to downgrade through software... :(
You cannot execute Asm code at the 3.0.1 Boot2 "Install OS" screen, and you need an RS232 interface to downgrade the Boot2... Although it's quite cheap, to my advice very few people are going to deal with that... :(
« Last Edit: June 16, 2011, 05:54:12 am by critor »
TI-Planet co-admin.

Offline Lionel Debroux

  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2135
  • Rating: +290/-45
    • View Profile
    • TI-Chess Team
Re: OS 3.0.2 downgrade now possible with DowngradeFix
« Reply #13 on: June 16, 2011, 06:18:23 am »
Good to see this file released - I wondered if, and when, it would be released :)

Quote
just curious, are you using the same buffer overflow on zips as in the other ndless/nleash?
Nope, this is something completely different :)
boot2 1.4.1571 has a stack-based buffer overflow in its OS parsing code.
Member of the TI-Chess Team.
Co-maintainer of GCC4TI (GCC4TI online documentation), TILP and TIEmu.
Co-admin of TI-Planet.

Offline renatose

  • LV5 Advanced (Next: 300)
  • *****
  • Posts: 209
  • Rating: +4/-0
  • watch out the power balls
    • View Profile
Re: OS 3.0.2 downgrade now possible with DowngradeFix
« Reply #14 on: June 16, 2011, 06:21:22 am »
I already bought the RS232, just in case :P

And now I'll upgrade to 3.0.2 after «TNOCing» it :D
what diferences will I find between 3.0.1 and 3.0.2 others than the bugs fixed?