[A83] Re: TI-Cares


[Prev][Next][Index][Thread]

[A83] Re: TI-Cares




> Van: Dan Englender <dan@calc.org>
> 
> ......From my understanding, the rabsig.exe is not a vital part in TI's
> security scheme.  The vital part is the private key itself, which is then
> "applied" to the application with an algorithm that's probably widely
known.

Sorry, but I think you miss something...

The key is indeed vital, but since you can open a zipfile on almost all
platforms that isn't the problem... You could just extract the 0104.key
file...

The other programs beside rabsign in the archive are (all Windows/DOS32
programs...) just programs that do easy to do things, like [fillapp]
filling your hex-file up to the next 16k, [GLHeader] adding the .8xk (Ti
GraphLink) header format, [convert] and converting IntelHex to hex,
[addhex] merging files (hexadecimaly) together, and such sort of things.

So the actual 'encoder' [rabsign] is indeed the most needed part, because
the rest of the files are easy to make substitutes for.

The problem is that we don't exactly know how they apply the MD5 checksum,
they could be doing all things of wierd stuff (like first reversing the
bitstream, or something), which isn't always easy to find out the
reverse-engeneering way.

Now I've read your mail some better I've seen that it also could be that
you ment to say that Ti wouldn't loose money on releasing the rabsign
source-code... That would be true, because you should know the other
(private/open) keys used by the TIOS (Cerberus...), before being able to
generate your own keys. But if we would have the encoder source, then it
wouldn't need that much effort to find new keys that could also 'fit', off
coarse, I think Ti will still keep it for themselves for some time, utill
then... (What is the economic lifespan of the Ti83+?)

	Henk Poley



Follow-Ups: