--- Log opened Mon Dec 01 00:00:46 2008
00:25 -!- TheStorm [~TheStorm@CPE-75-86-232-242.wi.res.rr.com] has joined #tiasm
02:16 -!- Recursiv3 [~Recursiv3@12-216-15-194.client.mchsi.com] has joined #tiasm
02:58 -!- Netham47 is now known as Netham45
02:58 -!- DrDnar [~DrDnar@cmu-24-35-40-168.mivlmd.cablespeed.com] has quit [Ping timeout: 556 seconds]
02:59 < TheStorm> DrDnar where can I find your rom dumper program?
02:59 < TheStorm> whoops he jsut left :P
03:00 -!- Recursiv3 [~Recursiv3@12-216-15-194.client.mchsi.com] has quit [Quit:  Try HydraIRC -> http://www.hydrairc.com <-]
03:05 < Netham45> nice, TheStorm
03:05 < Netham45> :P
03:06 -!- BrandonW [~calcmaste@75.130.72.232] has quit []
03:11 -!- BrandonW [~calcmaste@75.130.72.232] has joined #tiasm
03:40 -!- mode/#tiasm [+v Tari] by efneTI86
04:20 -!- DrDnar [~DrDnar@cmu-24-35-40-168.mivlmd.cablespeed.com] has joined #tiasm
04:20 -!- mode/#tiasm [+v DrDnar] by efneTI86
05:00 -!- Netham46 [~Netham45@c-71-229-253-50.hsd1.co.comcast.net] has joined #tiasm
05:00 -!- Netham45 [~Netham45@c-71-229-253-50.hsd1.co.comcast.net] has quit [Read error: Connection reset by peer]
05:00 <@efneTI92> [Netham46] Error: No Keyboard Present. Press F1 to Continue.
05:02 -!- Netham46 is now known as Netham45
05:20 < BrandonW> Yay, now it displays the amount of free archive correctly.
05:25 < Netham45> whatchya working on?
05:25 < BrandonW> A PC-side patcher/development environment/thingy that makes it easy to re-implement boot code routines in a modified version of the 83+ OS which runs on TI-73 hardware.
05:26 < BrandonW> Making it a stable new OS to place on a 73, giving it the power of the 83+.
05:26 < Netham45> nice
05:26 < BrandonW> So essentially it's converting a 73 to an 83+.
05:26 < BrandonW> And making it easy so anyone can do it.
05:28 <@chronomex> you, sir, are TI's worst nightmare
05:28 -!- Netham45 [~Netham45@c-71-229-253-50.hsd1.co.comcast.net] has quit [Leaving]
05:29 < BrandonW> It's pretty much insane. It assembles a program full of boot page replacement code, converts an 8XU and 73 boot code image to a ROM, fills it chock full of patches and a replacement to the boot code jump table, so we can hook into any calls to it. Then it calculates where the program can fit in the ROM, re-assembles it with that as the starting location, embeds it into the ROM...
05:29 < BrandonW> And then converts it to a 73U file for sending to a TI-73.
05:30 < BrandonW> So all you have to do is add in code to that program, run the batch file, and re-send.
05:30 < BrandonW> Works in emulators and on the real hardware.
05:30 < BrandonW> When I'm done re-implementing the necessary ones, I'll release it.
05:30 < BrandonW> And we will have finally given purpose to the TI-73/Explorer.
05:30 <+_aegis_> :)
05:30 <+_aegis_> what's the hardware difference between the 73 and 83+?
05:31 < BrandonW> Almost nothing. The 73 can run code past $C000 (!), the Flash execution permissions work differently, and bit 1 of port 2 is permanently low (this is how you identify it, which is unfortunate because later 83+ code uses it as an LCD delay, so the 83+ OS must be patched to not use it).
05:31 < BrandonW> And the RAM equates are entirely different, which is why 83+ OS + 73 boot code = bad.
05:31 < BrandonW> And that's why I'm re-implementing it.
05:32 <+_aegis_> is there a memory difference?
05:32 < BrandonW> Not at all.
05:32 < BrandonW> So you see why this must be done.
05:32 <+_aegis_> price difference?
05:32 < BrandonW> The 73 is cheaper.
05:32 < BrandonW> Designed for middle school use.
05:32 <@chronomex> like $30 cheaper
05:32 < BrandonW> Some teachers wouldn't even care if you had it where an 83+ would be bad.
05:32 <@chronomex> has different keylabels, doesn't it have a fraction key?
05:33 < BrandonW> Yes, the homescreen's all wonky because it can show you fractions as they are.
05:33 < BrandonW> Pretty print-ish.
05:33 <@chronomex> :P
05:33 <+_aegis_> what's the difference between the original 73 and the explorer?
05:33 < BrandonW> The Explorer has an extremely ugly case.
05:33 < BrandonW> No other differences at all.
05:33 < BrandonW> I've identified several different boot code versions.
05:34 < BrandonW> From 1.3004 (!) to 1.3007.
05:34 <@chronomex> why '!'?
05:34 < BrandonW> Previously unheard of.
05:34 < BrandonW> There's an OS with the same version, and it has no assembly support.
05:34 <@chronomex> ah
05:34 < BrandonW> While the others do.
05:34 <+_aegis_> but the 73 was released before most of the 8x series?
05:34 < BrandonW> It's an earlier revision of the 83+ hardware.
05:34 < BrandonW> Before they worked out the kinks.
05:35 < BrandonW> The 73 has sector-based Flash execution permissions.
05:35 < BrandonW> Which is pretty much useless.
05:35 < BrandonW> And it doesn't have the $C000+ restriction as I said.
05:35 < BrandonW> It has no user archive.
05:35 < BrandonW> Only because of the 73 OS.
05:35 < BrandonW> Mine does now.
05:35 <+_aegis_> :)
05:36 < BrandonW> It's pretty exciting.
05:37 < BrandonW> I'm thinking it'll hit ticalc.org.
05:37 <@chronomex> coolz
05:37 <+_aegis_> the key difference will make it harder to use though :(
05:38 < BrandonW> I pity anyone who hasn't memorized the 83+ key layout by now.
05:38 < BrandonW> You can buy a broken 83+ and transplant the hardware.
05:38 < BrandonW> It's a poor man's 83+.
05:38 <+_aegis_> yeah :)
05:38 <+_aegis_> no, I can touch-type on the 83 layout
05:39 <+_aegis_> so periph8x was pretty cool
05:39 < BrandonW> It might be susceptible to some instabilities, any 83+ programs that use bit 1 of port 2 will choke, as well as anything which directly jumps into the boot code via page 1Fh (which would pretty much mean just stuff I write), and it's impossible to send the OS to another calculator via the link.
05:40 < BrandonW> But that's the price you pay.
05:42 < BrandonW> One of these days I'll get back to periph8x.
05:42 < BrandonW> This was a good all-weekend thing to knock out.
05:51 <+DrDnar> How much is a 73?
05:51 <+DrDnar> This is so crazy I just have to see it work.
05:51 < BrandonW> On eBay, I see them for $30-$40.
05:51 <@chronomex> $20-$30 less than an 83
05:51 <@chronomex> retail
05:52 < BrandonW> I can show you video if you want.
05:52 < BrandonW> Or I can send you a ROM or CLC to see it in any emulator.
05:52 <@chronomex> how do you make a CLC?
05:52 <+DrDnar> So $30 for a TI-83+
05:52 < BrandonW> Steal the one from the flash debugger and copy the ROM into the first 512KB of the CLC file.
05:52 <@chronomex> ah, okay
05:53 <@chronomex> a 73 is $70 from TI
05:54 <@chronomex> $69 from NewEgg if you buy in lots of 10
05:54 < BrandonW> Buying retail is crazy
05:54 <@chronomex> exactly
05:54 < BrandonW> Get yourself a cheap 73 and try this thing.
05:54 <@chronomex> if I were interested I totally would
05:54 <+_aegis_> the middle school here has like 5 classroom sets of them
05:54 <+DrDnar> Which button is the x on the 73?
05:55 < BrandonW> draw
05:55 < BrandonW> Same as on the 83+.
05:55 < BrandonW> The key layout is the same.
05:55 < BrandonW> On the 73 OS, the X is three up from ON.
05:55 <+DrDnar> I mean, I'm trying to graph something.
05:55 <+DrDnar> On the 73 software
05:55 <+DrDnar> oh
05:57 <+DrDnar> The 73 is perfectly useless.
05:57 <+DrDnar> They charge $70 for this thing?
05:57 < BrandonW> Not anymore.
05:57 < BrandonW> BWAHAHAHA...
05:57 < BrandonW> I know, amazing.
05:57 <+DrDnar> Well, yes, not anymore.
05:57 <+DrDnar> Now it's not just useful, it's a bargin.
05:58 < BrandonW> Now it's starting to make sense why I would be wasting my time with this...
05:58 < BrandonW> This would really be upsetting 5 years ago.
05:59 <@chronomex> now it's par for the course
05:59 <+DrDnar> You could save tens of students tens of dollars.
05:59 <@chronomex> but not each.
06:00 <+DrDnar> The $C000 thing is pretty neat. 
06:00 < BrandonW> I screwed TI out of $100.
06:00 < BrandonW> That's worth it for me.
06:00 <+DrDnar> It doesn't have extra RAM pages, does it?
06:00 < BrandonW> No.
06:00 <+_aegis_> I could reflash the whole middle school!
06:00 < BrandonW> Although they do manufacture them with 84+/SE style cases now. Which this one is.
06:00 <+_aegis_> wha?
06:01 < BrandonW> I have many 73s.
06:01 <@chronomex> hah
06:01 <@chronomex> congratulation
06:01 <@chronomex> you didn't scam though
06:01 <@chronomex> you hacked
06:01 < BrandonW> The original TI-73 (with unheard-of boot code 1.3004 and OS 1.3004), the first TI-73 to run assembly language (by Michael Vincent), a TI-73 Explorer (83+/SE case style), and TI-73 Explorer (84+/SE case style).
06:02 <+_aegis_> does the 84-style have the ugly colors?
06:02 <@chronomex> isn't it blue?
06:02 <+DrDnar> My dream list of things to do includes a CAS that would completely page TIOS out of memory, aside from the 0000h page.
06:02 < BrandonW> Yes, and yes.
06:02 <@chronomex> blue != ugly
06:03 <@chronomex> you should spraypaint one gold
06:03 < BrandonW> That's very true, but the buttons are horrible.
06:03 <+DrDnar> It would sort of  be a replacement for TIOS, except it woud be an app that operates in conjunction with TIOS.
06:04 <+DrDnar> Replaceing TIOS entirely is silly. There's too much dependant on it.
06:06 < BrandonW> It's not silly, you replace it, but you keep all the backwards compatibility.
06:07 <+DrDnar> It'd be too much work. 
06:07 <+DrDnar> Hey, there isn't any extra space on the page that's stuck in the 0000h bank, is there?
06:08 < BrandonW> Depending on the OS, yes.
06:08 < BrandonW> Some versions have as little as 10 bytes free.
06:09 < BrandonW> Others, 100+.
06:09 < BrandonW> This patch requires 8.
06:09 <+DrDnar> Hmmm. . . 
06:09 <+DrDnar> I wonder what, if anything, TI will do about the 73->83 hack.
06:09 < BrandonW> Probably nothing.
06:10 < BrandonW> But it would be so sweet if I got a cease-and-desist order.
06:10 <+DrDnar> There isn't much they can do.
06:10 <@chronomex> hahaha
06:10 <@chronomex> how would that be legally binding at all?
06:10 < BrandonW> To do this, you just need an 8XU (downloadable from education.ti.com) and a 73 boot code image, which you can get from a real 73 or from the flash debugger (free download).
06:11 < BrandonW> So what are they going to do, prevent me from releasing it?
06:11 < BrandonW> It's some wicked hacks and patches to copyrighted code, but..
06:11 <@chronomex> yeah, exactly
06:11 < BrandonW> I don't see what else they could do.
06:11 <@chronomex> release a patcher :)
06:11 < BrandonW> If I just uploaded a 73U file that worked, they would probably bite my head off.
06:11 < BrandonW> But this is just a patch.
06:11 < BrandonW> Using stuff you can obtain freely from their own site.
06:12 <@chronomex> aye
06:12 <+DrDnar> Have click-wrapped licences been in/valided in the Supreme Court?
06:12 < BrandonW> No idea what that is.
06:32 < BrandonW> David...if you kill him...he will win.
06:37 < BrandonW> http://img81.imageshack.us/img81/1600/ss2nc0.jpg Four lines of code and a couple of batch files created an image that shows this.
06:38 < BrandonW> I figured I'd change the number since it's now a smattering of my rewrites and the original one, whatever version that happens to be.
06:39 < BrandonW> I really need to come up with a universal unlock exploit on the 73.
06:40 <+DrDnar> An OS isn't good enough for you, is it?
06:40 <+DrDnar> What, you can'
06:40 <+DrDnar> What, you can't just make a modified OS to do it?
06:40 < BrandonW> The purpose is a certificate backup program for people who use this.
06:40 < BrandonW> Because you need to erase your 73 certificate to make this really work well.
06:40 <+DrDnar> I see.
06:41 < BrandonW> I can do it, I'm just tired.
06:41 < BrandonW> I'll just have to write something that scans for the block of code I'm already exploiting.
06:41 < BrandonW> Since it changes from version to version.
06:41 < BrandonW> It's more or less the same as the 83+ one.
06:41 < BrandonW> Exploiting the fact that the OS unlocks Flash and calls _FlashToRam/_WriteFlash with values we control.
06:41 < BrandonW> Giving us the ability to overwrite the stack and regain control.
06:42 < BrandonW> They should've seen it.
06:44 < BrandonW> But then again, it took us 8 years to see it.
06:46 <+DrDnar> Security seems like a good field to go into, if you select the right subset of it.
06:46 <+DrDnar> By good, I mean well paying.
06:47 <+DrDnar> Not for the faint of heart or code.
06:49 < BrandonW> Too much of a chance of failure. I don't like it.
06:49 < BrandonW> If you miss something, you're screwed.
06:51 <+DrDnar> Never said easy. Just good money.
06:52 < BrandonW> I was sort of saying I'm...faint of heart.
07:13 <+DrDnar> The 73 seems to have no alpha keys. Does this mean that, when programming on the 73, the only variable you have at your disposal is x?
07:13 < BrandonW> It means you have to go into the text menu.
07:13 < BrandonW> With [2nd]+[MATH].
07:13 < BrandonW> Which is a huge pain.
07:14 <+DrDnar> Ouch.
07:14 < BrandonW> Why they did that, I have absolutely no idea.
07:14 < BrandonW> I never looked into it, but the 73 OS apparenetly does have an 83+ style _getKey, though.
07:14 < BrandonW> Calcsys uses it.
07:15 < BrandonW> So the MATH key becomes ALPHA.
07:15 <+DrDnar> They have so many keys missing a 2nd function.
07:15 < BrandonW> I don't think that's manually done in Calcsys, but who knows.
07:15 < BrandonW> Calcsys is quite a hacked up application.
07:15 < BrandonW> Not very extensible.
07:16 <+DrDnar> So using the console on the 73 isn't easy if you haven't memorized the key layout.
07:16 <+DrDnar> I've never really looked at the Calcsys souce.
07:17 < BrandonW> I mean, it's understandable, the whole thing has to be written to leave a small memory footprint.
07:17 < BrandonW> So that the hex editor is actually useful, and stuff.
07:22 < BrandonW> Yay, a universal 73 Flash unlock exploit.
07:42 -!- DrDnar [~DrDnar@cmu-24-35-40-168.mivlmd.cablespeed.com] has quit [Quit: is going to be very tired in school tomorrow]
13:24 -!- Merthsoft [~Shaun@140.141.26.108] has quit [Ping timeout: 246 seconds]
17:37 -!- Merthsoft [~Shaun@140.141.26.108] has joined #tiasm
18:07 -!- Merthsoft [~Shaun@140.141.26.108] has quit [Ping timeout: 246 seconds]
18:20 -!- Merthsoft [~Shaun@140.141.212.72] has joined #tiasm
22:15 -!- Netham45 [~Netham45@c-71-229-253-50.hsd1.co.comcast.net] has joined #tiasm
22:15 <@efneTI92> [Netham45] Error: No Keyboard Present. Press F1 to Continue.
--- Log closed Tue Dec 02 00:00:46 2008