rVersion:
scf
REP_NEXT
call unlockflash
REP_NEXT
call rVersionEnd
or a
unlockFlash:
di
in a, (06)
push af
REP_NEXT
ld (saveSP), sp
ld sp, $82AB+$4000
ld a, 1
out (05), a
rrca
ld i, a ;$80
dec a
out (06), a ;$7F
in a, (02)
bit 5, a
ld a, $C3 ;jp
REP_NEXT
ld hl, returnPointz
_84Plus:
ld ($80C8), a
ld ($80C9), hl
jp nz, $4528
_83PlusSE:
ld ($80FE), a
ld ($80FF), hl
jp $4276
returnPointz:
saveSP equ $+1
ld sp, 0000
xor a
out (05), a
pop af
out (06), a
ld a, $10
jr nc, wasUndoing
xor a
wasUndoing:
out ($25), a
bcall(_flashWriteDisable)
ret
rVersionEnd:
allVersion:
scf
REP_NEXT
call doIt
REP_NEXT
call allVersionEnd
or a
doIt:
in a, (6)
push af
push af
REP_NEXT
call unlockFlashz
in a, (02)
rlca
jr c, regularUnlock
ex de, hl ;HL is too close to SP
ld (hl), b ;b is zero
pop af
ld a, $1F
jr c, notLocking
ld (hl), a ;should be $0F
notLocking:
dec hl
out (06), a
out (05), a ;should be 7
call $46D8 ;hack, works on 1.00 and 1.01
push af
regularUnlock:
pop af
ld a, $10
jr nc, wasUndoingz
xor a
wasUndoingz:
out ($25), a
finishUp:
pop af
out (06), a
bcall(_flashWriteDisable)
ret
UnlockFlashz:
;Unlocks Flash protection.
;Destroys: pagedCount
; pagedGetPtr
; arcInfo
; iMathPtr5
; pagedBuf
; ramCode
di
REP_NEXT
ld hl, returnPoint+$8214-$81E3
ld de, $8214
ld a, e
ld (arcInfo), a ;should be 08-15
ld (pagedCount), a ;just has to be over 2
ld bc, $8214-$8167
lddr
ld (iMathPtr5), de ;must be 8167
ld iy, 0056h-25h ;permanent flags
add a, e
ld (pagedBuf), a ;needs to be large, but under 80
REP_NEXT
call translatePage
ld hl, ($5092)
ld a, ($5094)
REP_NEXT
call translatePage
ld a, $CC
cpir
dec hl
jp (hl)
returnPoint:
ld hl, $0018
ld (hl), $C3 ;dummy write
flashWait:
ld iy, flags
djnz flashWait ;wait for write to finish
add hl, sp
ld sp, hl
translatePage:
bcall(_NZIf83Plus)
jr z, not83
and 1Fh
not83:
out (06), a
ret
allVersionEnd:
Why is it smaller on the 84+?
:AsmComp(FULLRENE)
or
:#Axiom(FULLRENE) (Axe hooks)
:Fcdf() (all calculators)
or
:Fcdf()r (non-83+BE calculators)
if youre using chrome and know a little html, you can just right-click on the code box, click "Inspect element", double click where it says "height: 20px; " and change the 20 to something more like 260. I dont know why it is set to be only 20 pixels high; it just is.Thank for the tip! It's pretty awesome. :D
Edit: or, you could just remove the style="" attribute altogether. that's how normal code boxes are.
You got +5 before anybody replied O.O That sounds brilliant, as in really, really useful.+9 now :P
javascript:var i=document.querySelectorAll('.alt2 .code');for(var j=0;j<i.length;j++)i[j].style.height='auto';void(0)I'm very glad to hear that, because I never actually tested it ;DGlad it works then lol
ld de,pagedBuf+1
ld bc,49 ;so lucky VV
push bc
ldir
ld hl,(iMathPtr5)
push hl
ld de,9A00h
ld bc,50
ld de,pagedBuf+1
ld bc,49 ;so lucky VV
push bc
ldir ;bc is now zero
ld hl,(iMathPtr5)
push hl
ld de,9A00h
ld c,50 ;since b is already zero...I'm very glad to hear that, because I never actually tested it ;DGlad it works then lol
Any plans to pick up Portal, Builder? :o
Great work ! but I have a question :P
Do we need to compile for a shell or does it work in noshell and apps too ?
As far as optimizations, I found one byte for the all models case:
By the way, if you need absolute addressing in the $0000 to $3FFF range, I can add a new prefix to ignore the automatic replacements if that's convenient. I didn't think anyone would ever need to jump or call addresses there, but I guess for hacks like this that could be important.
By the way, if you need absolute addressing in the $0000 to $3FFF range, I can add a new prefix to ignore the automatic replacements if that's convenient. I didn't think anyone would ever need to jump or call addresses there, but I guess for hacks like this that could be important.That would be much better than what I currently do!
BJump:
ld hl,50h
push hl
ret
Hmmm so Portal Prelude has been using Fcdf()r this entire time without a hitch, but just recently to increase compatibility I switched to the slightly larger Fcdf(), and now I simply get a RAM clear upon starting the program. Ideas?
You need to make sure that Fcdf() is the first line, (or close) of your program. If this is true, you shouldn't have any problems. If you do, then I would assume something else is broken.Well I just changed the cragcake stuff to the fullrene stuff so it's like
I think that can be shortened to:Code: [Select]BJump:
ld hl,50h
push hl
ret
BJump:
ld hl,50h
jp (hl)
>.>Oh, I changed the syntax on you. Now it's just Fcdf() at the start of the program. I should properly release this sometime...XD
Oh, I changed the syntax on you. Now it's just Fcdf() at the start of the program. I should properly release this sometime...
It's still Fcdf(0) to close it, then?
No, you don't close it, it closes automatically. Just put Fcdf() at the start. Then, imagine that there is a bracket after it that encapsulates your entire program.
Also, I picked Fcdf( as my token, if you don't like it or have a better one, I'm all ears. (Fcdf(1) unlock, Fcdf(0) lock)
Shouldn't that be the other way around? If it works on the calculator, it should work on the emulator. If it doesn't, I would think it would be a feature request for the emulator instead of the program, since the emulator is the one that is not working properly.Yeah maybe, but Buckeye claims it works fine on his end, so I think he won't be fixing that issue anytime soon. :S
xor a
REP_NEXT
call unlockflash
REP_NEXT
call rVersionEnd
ld a, $10
unlockFlash:
di
push af
in a, (06)
push af
REP_NEXT
ld hl, returnPointz+$8138-$80FE
ld de, $8138
ld a, d
out (05), a
dec a
ld i, a
dec a
out (06), a
in a, (02)
and e
jr z, $+4
ld e, $02
ld b, d
ld c, e
lddr
ex de, hl
add hl, sp
ex de, hl
ld sp, $82A9+$4000
jp nz, $4529
call $4276
returnPointz:
ex de, hl
ld sp, hl
out (05), a
pop af
out (06), a
pop af
out ($25), a
bcall(_flashWriteDisable)
ret
rVersionEnd:
On another note, has anyone actually used this with success?If you mean the attached appvar, then yes. I'm running a 11kb program with no problems :)
Oh, right, I know why that is. You were probably using bootfree which doesn't contain the same flash unlock exploits as the TI boot code. I don't think I can really make it work with boot free (unless it has it's own specialized unlock routine)So what would I need to do to get it to work in Wabbit? Do I need to create a new ROM with a special program or something? I hate creating ROMs because the last time I did with VTI it took like 30 minutes to dump... ???
Just put Fcdf() or Fcdf()r very early in your program to use them. Preferably, don't force quit after you use it.What do you mean by that?
:.IKARUGAX
:#Axiom(FULLRENE)
:Fcdf()
:ReturnI compiled it for MirageOS, I launched it from RAM (so I had around 8k free RAM when I launched it), it apparently launched properly, and when it was about to exit, it crashed.Asm(prgmFULLTEST) ran fine, exited fine and didn't mess with the free ARC display. So I guess it worked.
Bump again,
Apparently, not closing the RAM page causes the calc not to detect TI-Connect. I only have to force the OS closing the page with a manual RAM clear and everything works again. Would it be possible to have a separate program closing the page for us that would be to be ran outside of MirageOS ?
ex de, hl ;HL is too close to SP
ld (hl), b ;b is zero
ld a, $1F
jr c, notLocking
ld (hl), a ;should be $0F
notLocking:
dec hl
out (06), a
out (05), a ;should be 7
call $46D8 ;hack, works on 1.00 and 1.01It seems like there are a couple shortcuts taken, for example instead of outputting $7 to port 05 they send $1F to both port 05 and 06, i assume the upper bits of port 05 are unused? Then it runs the 84+ code? I'm also not sure how we get back to "returnPoint". I've really got no idea what's going on in the unlock flash section, is the size of the routine taken into consideration? I tried adding some extra code to debug it but it caused weird stuff to happen when exiting. I see that some stuff ($8214-$8167 bytes) is getting LDDR'd into $8214, though i'm not sure where all these numbers come from. The code getting copied stretches into the main program code (ie. beyond Fullrene).