[A83] Re: apps


[Prev][Next][Index][Thread]

[A83] Re: apps




> I heard that the Ti83+ uses MD5 encription.

MD5 is a one way hash algorithm, not encryption.

> But what kind of encription is that? Does the calc check it against only
> one build-in decoder-key, or what? You defenately don't get a "decode
> string" to type in if you want to upload the newest ROM or a Flash App...
> So how does it get the key? Is it 'hidden' inside the file you upload to
> your calc? Would it be (relatively) simple to extract this key from your
> Flash-App-file? Maybe 'collect' them, and look if you can extrapolate some
> other keys from them?

It probably uses the standard RSA one used by SSH and SSL.  It would have
the key stored in the ROM.  And it doesn't have to be hidden.  You can know
the key and it does you no good, because it only lets you decrypt, not
encrypt.  It's not like cracking DVD's where they left the keys to decode
unencrypted.  Signing something illegitimately is completely different

> And how does it get "signed"? Do you have to send your assembler-output to
> Ti, so they create a Flash App for you? (with all the stresses that
they've
> put the wrong name on your App, etc. etc.)

You send them the unsigned application, and they sign it.  You can make
applications yourself, and run them on your calc if you get a developer
certificate for your calc from TI.  Or use their Flash Simulator, or the
upcoming VTI.  I wrote a plugin for Assembly Studio 8x to make applications
(.hex files).

> Or do you get a (DOS/Win32) program to sign it yourself, when you buy the
> SDK? Wouldn't it be possible to use that program again? Do you have to
give
> a separate key to the program, or does it have only one "hardcoded" key?
> Does your Ti83+ check if you have Apps with the same key on your calc?

It only works for calculators that you have developer certificates for.  You
can't globally sign it or anything.

> Anyways, there might be simpler options then brakeing ?the? code.

Not unless you can change the Flash ROM, but then everyone who wanted to use
apps would have to do that, and TI wouldn't like it because then you could
pirate applications.





Follow-Ups: References: