Omnimaga
Omnimaga => News => Topic started by: critor on March 14, 2012, 03:59:51 pm
-
Cross-posting from TI-Planet.
Levak has just discovered hidden popups in the TI-Nspire OS. As far as we know, it's not possible to access them officially, but you can with Ndless.
They might be kept in the OS for future updates, or for TI developers use.
(http://i.imgur.com/9ENJz.png)
(http://i.imgur.com/qFDUn.png)
So we discover that the Nspire Navigator Cradles (WiFi) can be updated, and that the clock frequency can apparently be stored in the battery...
We could then imagine that TI has special batteries which trigger strange things when put in a TI-Nspire...
More secret popups in the TI-Planet news:
http://tiplanet.org/forum/viewtopic.php?f=43&t=8903&p=121753#p121750
-
Very interesting!
-
Since strings are hard coded in the binary, I won't say they are for upcomming OSes.
By the way, the title of the frequency manager is just the same as another popup that really deals with batteries. I would say they just copy/pasted the code and replaced some stuff to display something else.
And by the way, the "Mise à jour" ("Update" in english) buttons are only there to update popups.
-
Sounds very nice. So putting in a certain battery might make things go faster?
Also EEPRO isn't linked with EEPROM, right?
-
Hm, that's very interesting. Maybe the remains from an intensive debug session at TI?
-
Also EEPRO isn't linked with EEPROM, right?
Right, no relation. EEPROM means electrically-erasable programmable read-only memory; it's like Flash except that individual bytes can be erased instead of having to erase entire large blocks.
-
Nice find! Congrats! :)
-
Lol overclocking a calculator 8) like a boss
-
AMAZING!!!!!
-
By keeping it up I found some way to invoke Numeric Input popup and handle them as Input dialogs for Ndless.
(http://i.imgur.com/oC1j4.png)(http://i.imgur.com/dUOKb.png)
(more info here : http://tiplanet.org/forum/viewtopic.php?f=43&p=121843#p121842)
-
Cool! Cue the popup box abuse! :P
-
This is cool! I wonder what else is buried in the Nspire. :P
-
Here we go again :
(http://i.imgur.com/E21Pw.png)(http://i.imgur.com/nX2Rg.png)
RequestStr popup hacked.
(more info here http://tiplanet.org/forum/viewtopic.php?f=43&t=8914)
-
Nice find guys :D
-
The same one with a default value (in fact I had to blow up all my code in order to make it possible) :
(http://i.imgur.com/JwLxH.png)
Hours and hours of brainfuck, damn, I don't have life.
-
Back again, water flowed under the bridge, I've added the String API used by the OS to the upcoming Ndless and that let me fix asegfault with the previous show_msg_user_input, I'm also trolling at the maximum level the GUI API used by the OS in order to create any kind of popup we want. A huge part of the OS is now known because of the use of theses functions.
I tooks 3 month in order to have something reliable AND customizable.
Here are some examples :
(http://i.imgur.com/ny1VE.png)(http://i.imgur.com/LSyEL.jpg)(http://i.imgur.com/lqIov.png)(http://i.imgur.com/W9kwZ.png)(http://i.imgur.com/kDQ9V.png)
But one important notice : Things are not ready yet to be published as a fully working API in Ndless since I know there are more functions and some of the functions haven't been fully tested. More and more I'm discovering things, because the more functions you have, the more function you find, this is a basic fact of reverse engineering.
I've recently added the support of customizable icons which is not simple and expandable in a way that it modifies the OS directly in RAM when you launch the program. The icons are indeed used by id and resource id by the OS, and the resources are preloaded in RAM. The only way to use custom icons is to hijack a resource that is not used and use it =).
Also, since it is only OS functions (or syscalls if you want) this project was at first only for reverse engineering purposes, but since it is easy to use when documented (JFrame like), I was intended to make a little API for Ndless. Again, since it is syscalls based, each Nspire has to be reverse engineered as well (tnc, tno, tco, tcc) and for each OS version as well ... (3.1, 3.2 ?)
And since there are like 100 fonctions ... it is 400 syscalls to find by hand \o/ If Ndless 3.2 comes, it is 800 to find \o/ _o\ /o_
Anyway, enjoy the feeling of evolution in the Ndless programming.
-
ooh, fancy =D
what differences are there likely to be between each OS?
-
what differences are there likely to be between each OS?
Offsets in Syscalls... But we can't know in advance if there are adds that make the functions longer or smaller, so we have to search for them all.
What will help is that a bunch of theses are grouped in 2 major places that make them easy to find in all OSes.
Obviously, it is a painful work but fast, contrary to the reverse engineering part where you have to understand the function goal by look at the ASM code, by the effects it does, or by the arguments other functions gives.
What's awesomly hard is to search the meaning of get/set functions that exists in over 9000 versions. Indeed, it only set or get a value in a specific offset of the object structure. But what does tell you what the object is in ASM ? Only the uses other functions that use this offset in the object ... only when there are other functions that use this offset, which is not the case for most of the get/set functions that actually exists.
In other words, the GUI API of the OS is most likely awesome but not fully exploited by TI : We can't use those unused functions for now, because we don't know how they work.
-
Nice Levak, this looks promising :)
-
This looks amazing! Nice work. I wish I could do these things. :-\
-
wow this is absolutely great and awesome! keep up this great work Levak!
(and don't forget to make backups or to use git or something like that)
-
Sadly my computer burned to death after I received a mail from TI. It _can't_ be the mail, obviously !
j/k
-
It looks very interesting :)
I'd also like to know more about nEditor and nFrame ;)
-
nFrame is the name of my GUI API (like "JFrame") and has demos like nEditor, minesweeper and The game, in order to test everything the best I can.
nEditor is just a basic text editor that opens a file as text, fills a MLTextEntry, where you can edit, add mathboxes, Ctrl+X, Ctrl+V, Ctrl+C etc ... (since it is the OS that handles that, but sadly, no Ctrl+Z), save and that's all. For now, only the Open and Save buttons are linked. The "Tools" button links to the "The Game" frame. The other buttons does nothing, just buttons I've planned to link in the future.
-
What about writing functions for accessing that from the TI BASIC so it could be useful for something funny...
In the future, after you release it.
-
What about writing functions for accessing that from the TI BASIC so it could be useful for something funny...
In the future, after you release it.
I already plan to make it accessible through Lua with the Lua extension Ndless feature because I know it is possible. I don't know for TI-Basic and I'm a bit afraid it is not only an enumeration with commands but more than that. I have no idea.
-
Looks pretty great, but one of the screenshot made me lose The Game. <_<
-
I lost the game.
-
I have fixed a segfault issue due to the manipulation of the Menus and discovered that the gui_MenuFrame_setPosition() was in fact applicable to Frames (popups) and that the MenuFrame were in fact Frames... :D
The only "problem" I face is that the MenuFrames I've found are the one in the Ctrl+I/N menu and the G&G app. The other apps such as Calculous or Lua toolpalette cannot be found for now evenif there are so close graphically to the other MenuFrames =(
This may show that TI has designed the Frame system twice ...
-
(http://i.imgur.com/juDTa.png)(http://i.imgur.com/uMmwz.png)(http://i.imgur.com/tTu7p.png)
I know you want a Theme editor now ;)
-
Very nice \o/
-
\o/ nice :D
-
Good job ;)
Don't forget to make backups ^^