Here is how you run the CAS OS on a Non-CAS Nspire !
AdRiWeB
According to TI-Bank.fr, by using Ndless and a new program called
"OSlauncher", it is now possible to run CAS OSes on basic (non-CAS) TI-
Nspire calculators.
Imagine all the possibilities !
All links, photos, and a comprehensive how-to available at the
following link:
http://ti.bank.free.fr/index.php?mod=news&ac=commentaires&id=1082 (in
french)
Nelson Sousa
all sorts of standardized testing where CAS isn't allowed.
Cheers,
Nelson
> --
> To post to this group, send email to tins...@googlegroups.com
> To unsubscribe send email to tinspire+u...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com.au/group/tinspire?hl=en-GB?hl=en-GB
> The tns documents shared by group members are archived at
> http://lafacroft.com/archive/nspire.php
Lionel Debroux
> all sorts of standardized testing where CAS isn't allowed.
least !) two trivial ways to disable OSLauncher in testing context:
* OSLauncher does not contain any code for tampering with the PTT mode.
You can easily check for yourself, since the complete source code is
provided (well, otherwise you'd just have to disassemble the clear binary);
* Ndless does not run on OS 3.0.1 for now.
Let's also remind of the existence of the Symbolic FlashApp for 83+/84+,
and of the fact that arbitrary OS can be installed to e.g. the 83+ since
shortly before the 04 signing key's factorization (by virtue of adding a
new "05" key to the certificate memory).
Did it cause TI-Z80 calculators to be banned from standardized testing ?
AFAICT, it didn't...
BTW: independently of OSLauncher, activating the PTT mode triggers a
reboot... and if the calculator hadn't been rebooted since OS 3.0.1 was
transferred to it, some students may face the brick right in the testing
room. Which is an unwelcome source of stress, and also a source of
testing unfairness (and therefore, maybe, litigation ?)...
Lionel.
Andy Kemp
--
Lionel Debroux
> little credibility they had with Teaching profession. The only real
> purpose for loading CAS OS on a non-CAS device is to enable students
> to cheat...
proven by the CAS OS running just fine on the non-CAS device !
What you term "non-CAS device" is therefore better described as
"CAS-capable device artificially sold as non-CAS-capable".
Running the CAS OS on the CAS-capable devices artificially sold as
non-capable, enables people not to pay for the same device, sold as
CAS-capable at a higher price tag (though it used to be _cheaper_ to
produce, since the Clickpad Nspires didn't have swappable keyboards) for
no good reason.
YMMV on calling this "a real purpose", and on thinking that enabling
students to cheat, enabling students / parents / taxpayers, or whatever
other reason you can find, is the motivation for running a CAS OS on
"Nspire non-CAS".
> And I am not so bothered about TI Business model, so much as to my
> students. You may remember that there was a similar incident a few
> years ago with HP48G (IIRC) where hackers worked out how to enable
> the CAS features on the non-CAS handheld... This device was then
> banned from all high-stakes exams.
Did the device you're talking about have PTT ?
Did that device have a way to reflash the OS without erasing the user
portion of the Flash memory ?
I don't know the answer to either of those questions, but I do know that
the Nspire has those two trivial _built-in_ defenses against
OSLauncher-type programs, and I also know that tampering with them is
harder than our current collective knowledge of the Nspire.
> This move in my opinion fully justifies TI stance on the hacking
> community, and its attempts to block Ndless. Whilst as you say it
> may be possible to prevent this at the moment, it seems unlikely
> that someone else in the community won't continue to work on it to
> overcome these limitations with regard to P2T...
That may be. However, it's much more border-line, from a moral and
perhaps also from a legal POV, than merely enabling the execution of
arbitrary OS on the devices we own. Someone willing to do that had
probably better not be a citizen of a Western country.
I did not withhold the source code, obfuscate the binary, include any
protection against launching TI's official OS made for a different
model, or whatever else, since _any_ such protection can be worked
around anyway and is therefore, ultimately, a waste of time.
BTW: execution of arbitrary OS on the devices we own (and more
specifically, the reverse-engineering required to achieve this aim,
since the manufacturer is not providing documentation) is protected by
the DMCA: https://www.eff.org/deeplinks/2009/09/ti-leave-those-kids-alone .
> I have in the past agreed with some of the desires of the hacking
> community, with regard to the desire for more programming
> capabilities, but this is just plain irresponsible!
Keep in mind that RunOS, the first attempt at running arbitrary OS on
Nspires, was made and showcased more than a year ago; it took one year
before someone took a whack at releasing an independent reimplementation
of RunOS. Other people may have created independent reimplementations
in-between, but they didn't release them.
During that timespan, TI made multiple anti-programmer moves, while
consistently keeping a portion of the Nspire's BASIC capabilities below
those offered by the 20-year-old TI-81.
(The actual release of OSLauncher post-dates the discovery of Lua on OS
3.0 by a day, but the code of OSLauncher pre-dates that welcome event.)
Was it responsible from TI to sell the Nspire as secure (e.g. the
"hardware-controlled" nonsense description for the PTT LED, etc.) ?
Anyhow, we'll now see in practice whether any standardized testing
regulation authority finds it smart to prove its complete cluelessness
and incompetence, by deciding to ban Nspires from some exam,
notwithstanding the existence of built-in defenses against
OSLauncher-type programs.
They didn't do that one year ago in the event of Ndless; they didn't do
that in the event of RunOS, though the video clearly showed that it was
not only possible but also easy enough, given that the executable was
very small. The only reason why the OSLauncher binary is more than 1 KB,
is that unlike RunOS, OSLauncher supports compressed OS images (only).
Lionel.
(*): technically, AFAWCT, the difference between the device sold as
Nspire non-CAS, and the device sold as Nspire CAS, is one bit in one of
the hardware ports.
TI cannot be making two different ASICs just for that purpose, because
it's more costly than making an ASIC and twiddling the bit in production
stage. They could easily, at a rather low design-time cost and a low
production-time cost, make the two kinds of devices _much_ more
different than they are from a hardware POV. Therefore, the software
would be very different as well, and fiddling with the OS made for one
model in such a way that it can run on the other model would be a much
harder task than OSLauncher was (three days).
It's not _our_ fault if they didn't do that, it's theirs.
Xavier Andréani
OSlauncher was released on 14th april, so after OS 3.0.1.
Another Ndless program, RunOS, has existed for over a year but hadn't been released because of moral reasons.
So OSlauncher might have been released to get back at TI.
Only the author/developer could give the real motivations behind this.
Date: Sat, 7 May 2011 08:25:14 +0100
Subject: Re: [tinspire] Here is how you run the CAS OS on a Non-CAS Nspire !
From: an...@kemp.co
To: tins...@googlegroups.com
Lionel Debroux
> > community, and its attempts to block Ndless.
>
> There's a little problem in what you're stating. Ndless was blocked
> (yes blocked: there is no way to install it up to now as the known
> exploits were fixed) in OS 3.0.1.
> OSlauncher was released on 14th april, so after OS 3.0.1.
>
> Another Ndless program, RunOS, has existed for over a year but
> hadn't been released because of moral reasons.
>
>
> So OSlauncher might have been released to get back at TI.
> Only the author/developer could give the real motivations behind
> this.
time as yours. Andy is free to think whatever he wants :)
The trigger for me working on OSLauncher was TI-Bank's April Fools joke.
As a followup to my previous mail, for Andy and others: at the same time
as OSLauncher, I released DummyOS:
http://www.ticalc.org/archives/files/fileinfo/437/43702.html
DummyOS is an "OS" that, uh, doesn't do much in the way of useful
things. It may not even be useful as a starting point for a decent
third-party OS. But OSLauncher can start arbitrary OS: DummyOS, or,
well, Phoenix (which I didn't bother trying to prevent, because as I
stated previously, it wouldn't be an effective protection).
OSLauncher is a tool, just like a knife, a hammer, or in general many
objects of day to day life.
The normal purpose of knives is cutting food, but knives can be used to
kill. The normal purpose of hammers is a percussive action on objects,
but hammers can be used to kill. Et caetera.
The source code of OSLauncher contains an interesting note:
"
// This program is a tool for launching (apriori) arbitrary OS from
Nspire OS
// versions supported by Ndless, without installing them.
// I decline any responsibility in users using the program for purposes
// potentially unwanted by TI, if such usages are possible.
"
Lionel.
Andy Kemp
Lionel Debroux
> testing authorities are made by people with the technical prowess to
> understand your distinction - in reality most are not and whilst this
> may make little difference to those covered by DCMA in the US, I
> don't feel as certain for those of us with less progressive testing
> models who may well find themselves unable to use this excellent
> teaching tool due to this...
fixing this state of fact is hard...
> I certainly don't mean to diminish the technical achievement here
> which is clearly profound,
Well, even if you had meant that, I wouldn't be really mad at you.
Maybe I haven't made it clear enough by just mentioning "three days",
but Ndless and nDOOM (between others) are deeper technical achievements
that required more work than OSLauncher did.
Like many programs whose binary is less than 2 KB large (most of which
was copied from one of the zlib usage examples), RunOS / OSLauncher is
no rocket science.
(though miracles _can_ happen in a 4 KB binary, e.g.
http://pouet.net/prod.php?which=52938 )
> I just find it sad that the effort couldn't have been put into doing
> something more productive for the education community...
After OSLauncher, I've worked on native CAS programming ;)
But it's practically useless for now, given that it's not interactive
(because Phoenix is complex and hasn't been reverse-engineered enough).
Only a handful of people might dare using that.
> Even if testing authorities don't prevent students using the Npsire,
> teachers will now no longer be able to be certain whether the student
> is cheating in class without insisting that the calcs are always in
> P2T mode which kind of defeats the object!
Well, that was _theoretically_ the case since the end of February 2010
(public release of Ndless) anyway.
> I wish I could be excited about this - I have for a while wished we
> could have a CAS/non-CAS handheld that we could enable/disable the
> case features easily on, but I know for certain that such a device
> would not be passed by the testing authorities, which is why we
> have the arbitrary distinction between the CAS and non-CAS models...
Indeed.
> To suggest that TI should have made the hardware and software more
> different, to prevent this makes absolutely no business sense at all
> as the costs of production and development would have been much
> higher, and therefore the cost to students likewise would have
> increased...
Precisely: I don't think that the development and production costs would
be _much_ higher. They must be configuring the CAS/non-CAS bit in
production stage - so why couldn't they configure other parameters ?
(yes, my post is intentionally vague)
> I completely agree that the difference between the two devices is
> fundamentally arbitrary, but the distinction is essential from an
> educational point of view, and TI are certainly not the first
> company to produce multiple products which are basically the same
> hardware but running different software, and selling them at
> different prices.
Yes, at least Casio did that too. Casio-Bank published a tutorial for
raising the capabilities of the lower models.
> To imply that the people who bought the non-CAS handheld should be
> allowed to run the CAS software on the device implies that all
> they were paying for was the 'hardware' and that the OS software
> is 'free'. Installing the CAS OS on a non-CAS device whilst
> technically possible, basically amounts to theft as you have not
> paid for the right to install that OS
Isn't selling a cheaper hardware at a higher price tag another form of
theft ? ;-)
We do understand that corporations' goal is to make money, but there
must be some moral bounds about that.
> (installing a custom OS would be covered by the DCMA,
Not sure what kind of "covered" you mean (allowed, or forbidden).
At least, from the EFF's defense of the people illegally attacked by TI
in the signing keys episode,
https://www.eff.org/deeplinks/2009/09/ti-leave-those-kids-alone
"
[...]
That's two fatal flaws in TI's DMCA arguments, without even considering
the explicit exemption in the statute (Section 1201(f)) for reverse
engineering in order to create interoperable software (like homebrew
operating systems for your calculator).
"
> but I am not sure installing propriety code you have no license for
> - even if freely downloadable - is covered and I would suggest this
> is dubious legal grounds, however I am a maths teacher so what do I
> know about law!)
IANAL either.
> I am sorry, but for me this is a very sad outcome for educators...
> I wouldn't be surprised if TI have to be even more tight with
> securing the device and preventing downgrading now to reassure
> testing authorities...
Which would be persisting in error. Protection schemes of various kinds
have been used for decades on hundreds of platforms - and their cost is
passed onto consumers - and they always fail and fall some day.
Lionel.
Andy Kemp
Xavier Andréani
- you cannot install Ndless (there is no way up to now)
- you cannot downgrade to any 2.1 or older OS (there is a way, but it requires external hardware...)
- you cannot open documents created by the 1.1 OS/Software, although there are still many of them on various sites
- you cannot open documents created by 3rd party softwares (TI-Nspire Text Editor for texts, TNIC for images...)
And OSLauncher was released after the 3.0 OS.
The original RunOS program has been developped more than a year and a half ago. A video was published, proving its existence.
But it hadn't been released, so that TI wouldn't secure the OS more or prevent downgrading.
As TI did anyway start to do that with the 2.1 OS, and even more with the 3.0 OS, I'm not surprised at all such a program (now named OSLauncher) was developped and released.
I hardly see how the 3.0 OS could get worse for the open community.
Date: Sat, 7 May 2011 11:15:58 +0100
Subject: Re: [tinspire] Here is how you run the CAS OS on a Non-CAS Nspire !
From: an...@kemp.co
To: tins...@googlegroups.com
Lionel Debroux
> the reason TI have to put in all this protection is to get the
> device approved by testing authorities...
restrictions on the usage of CAS in France, and the TI-68k series has
always been popular here (now being replaced by Nspire CAS, TI doesn't
distribute the non-CAS models here anymore).
But - and especially in countries where, usually, schools, instead of
parents, buy calculators - why would the testing authorities on the one
hand be serious about requiring such protection (for new devices, I
guess) and on the other hand not outright ban older devices which do not
have said protections ?
> Secondly in response to them selling cheaper CAS hardware at a more
> expensive price, you are again discounting the cost of the software,
> the development of the CAS side of the software will have been
> significantly more expensive so this is reflected in the modest
> increase in price...
The development cost of the Nspire's Phoenix OS, from the TI-68k/AMS
code base, is actually mostly on stuff _not_ related to the CAS: the
complicated document system, protection system, new computer linking
protocols and code (why not a standard mass storage like Casio did for
the Prizm ?), and in general, what the Nspire running Phoenix can do out
of the box while the TI-68k running AMS didn't.
The fact is that the math functions in Phoenix are _very_ similar to
those of AMS. There are some new higher-level functions in Phoenix (no
ground-breaking new functionality), but for the bulk of what I've found
so far, it's largely the same old code base as AMS, introduced 10+ years
ago on TI-68k calculators...
My Nspire/Phoenix and TI-68k/AMS implementation of Aitken's delta^2
algorithm are twins: after the argument retrieval phase (which doesn't
exist on Nspire/Phoenix, for now at least) they call the same OS
functions with the same arguments. After finding the appropriate
function and variable addresses, it was copy, paste and poof, the
Nspire/Phoenix program worked on my usual testcases, yielding the same
result as the TI-68k/AMS program (obviously, this is a measurement of
similarity, not of absolute correctness).
> The OS for the Nspire is not a free commodity that can be installed
> on any device you like it is licensed to be used on the hardware...
> This I think completely justifies charging more for a device which
> is more capable... even if these features have been removed (note
> they are removed and not disabled) from the software in the numeric
> version... The price difference reflects the difference in software
> not in hardware.
For more than five years, I've been using Linux flavors most of the time
on the computers I have access to, whether personal or for work. Of
course, I use legal copies of Windows (in a VM or on bare metal) if the
vendors' programs don't exist for other platforms, or because I have to
test on Windows pieces of software I'm working on.
But the point is, I'm not really in the "software costs money"
philosophy anymore ;)
Lionel.
Andy Kemp
Andy Kemp
Lionel.
Lionel Debroux
> can see TI suffering increased pressure from testing agencies which
> will ultimately worse for the open community...
much deeper...
Until now, nobody went through the process of nullifying the
compression+encryption system, because OS 1.2-2.1 still accepted
clear-text documents. OS 3.0 doesn't anymore, and for the (legal !!)
purpose of generating documents without having to rely on TI's
proprietary software, that compression+encryption system _will_ have to
be defeated by someone.
Look at what happened with the PS3 made by another company, whose
behaviour bears similarity with TI's: thorough reverse-engineering, with
a goal of fiddling hard with the platform, didn't start until the
manufacturer released firmware updates which disabled the Linux
functionality people had paid for...
As long as the manufacturer acted reasonable, people didn't bother. But
when the manufacturer took off gloves, people did as well. It's not too
late yet for TI to behave reasonably, though - but it might be by one
year (the time it took for the PS3 to be thoroughly broken).
> For me, the release of this code by the hacking community, reflects
> that TI had correctly judged the intentions of (some of) the
> community, and that they were right to add in this extra protection
> in OS3.0...
Well, like it or not, the open development community, for any platform,
has the will (for challenge, fun and other reasons) to run other, non-TI
software on the devices we have bought and we therefore own.
Other purposes, as is the case here, are a collateral damage.
> Ultimately I think this will do significant harm to the community
> and lose what little good-will was left between the company and the
> hacking community...
Well, what "good will" exactly ? ;-)
TI has been carrying an all-out war in the past year (only to name
three: attack on Ndless, downgrade protection on OS 2.1, downgrade
protection on OS 3.0). And even before that, TI has been negating for
four years what made the success in the market place of their
calculators for the 10+ previous years.
OS 3.0 contains a glitter of hope with the advent of a (stripped-down)
Lua, which is no appropriate substitute for native code programming. But
that post-dates the making of RunOS and OSLauncher...
Lionel.
Andy Kemp
because they are not devices used in high stakes exams...
But the two situations are not the same at all, Sony were not
attempting to build a machine that had to be approved by testing
agencies!! As I have said before it is the unfortunate result of the
community adding extra features to the older gen calculators which has
made the testing agencies much more verciferous in their
requirements...
To pretend that these issues are not important is to fail to
understand the fundamental purpose of the Nspire...
Sent from my iPhone
Lionel Debroux
> devices that as you say have been compromised... Fundamentally this
> is an issue of cost, for countries where as you say a lot of the
> technology is school owned schools cannot afford to replace whole
> sets of handhelds easily, so the testing agencies reluctantly allow
> the continued use of these older devices in general (although the
> HP48G was an interesting exception)...
I can of course understand it - but it means that standardized tests
remain fundamentally unfair.
> My guess is we will see some agencies move quite quickly to insist
> that all handhelds are running OS3.0 or above (The IB already
> insist on 1.3 or above but for different reasons)...
That may be, but it is, at best, a temporary band-aid over a problem
that has basically no solution, as evidenced by many years of fallen
protection schemes.
> I have a lot of sympathy for what the community are attempting to
> achieve but I feel releasing this code will do a lot more harm
> then good, especially for those of us who are not in countries
> where CAS is dominant (sadly)...
Only time will tell.
OSLauncher-type programs would provide a way to let Nspire CAS
calculators be usable in standardized tests. Not that this is the way
testing authorities would allow the Nspire CAS, though :D
From here, insistence on standardized testing being devoid of CAS
functionality looks somewhat strange - if nothing else because it's not
representative of real world usage after initial education.
Insistence on "no CAS" policies in exams (until a certain level, I
guess) tends to yield "no CAS" teaching policy in the educational system
below that level. But in real professional life, those who need a CAS
are going to use a CAS anyway... and on average, the longer they've used
a CAS, the more efficient they're going to be at that task.
> I have no issue with hacking the PS3 or iPhone if people want to
> because they are not devices used in high stakes exams...
Just to be clear: I didn't mean that I thought you had an issue with
fiddling with the PS3. As you write, there's indeed a difference between
the PS3 and the Nspire.
But I'm predicting that TI's actions are leading the Nspire towards the
same path as Sony's actions led the PS3 through. Experience, on other
platforms, shows that people 1) interested by thoroughly screwing with
the platform and 2) possessing the technical abilities to do so may rise.
Lionel.
Andy Kemp
Lionel.
Lionel Debroux
> some testing agencies to reconsider whether to approve the Nspire,
> or at least to require assurances that this type of 'hack' will not
> be possible in the future,
this, even if this is more a proof of incompetence than a proof of
anything else :)
But any calculator manufacturer's salespersons assuring testing
authorities that this type of hack will not be possible on the
newandimproved device, would be crooks.
> which will only make your job more difficult...
> Your comments about RunOS being hinted at 12-18months ago may well
> be part of the reason that these additional restriction we mentioned
> were added in the 3.0 release...
That may be indeed.
And before that, the anti-downgrade protection in OS 2.1, which
prevented from using OS 1.1, and therefore Ndless 1.0, on calculators
that had been upgraded to OS 2.1.
But that protection fell in one week at best, and Nleash was released
about two weeks after OS 2.1, if memory serves me. That was right in the
middle of the summer break. As a bonus, TI's anti-downgrade protection
enabled finding out how to control the PTT LED (which was supposedly
impossible to tamper with...) at our liking :D
Fully defeating the compression+encryption of documents is probably
going to yield other unexpected gains.
Lionel.
Joe
It has been fasinating to read the rapid fire posts on this subject.
Perhaps a bit of perspective will help.
At the present time, the sky has not fallen and the world has not come
to an end and recently the developer community brought to light the
bricking problem made possible by TI with their OS 3.0 and identifying
the problem was a valuable service to everyone including ti since the
source of the problem was identified for TI and no doubt TI will fix
the problem as usual with their next os. As for putting a cas on a
non-cas nspire, again the developer community has provided a service
by bringing that problem to light, which TI made possible by the way,
and no doubt TI will fix that problem also with the next OS and the
sky will not fall and the world will not come to an end. As a side
issue it seems clear that if TI wants to do a better job of testing
their software, which by the way is in our best interests, then they
need to enlist the support of the hackers, and for better beta testing
it is the hackers and not the teachers that should be given new
calculators to test for bugs.
As for the problem of the testing morons being unreasonable,
scapegoating the hacking community for that problem is not the
answer. Taking long over due action against the source of the problem
is.
You said that "In the UK we are probably more likely at the moment to
just recently decided again not to allow the use of CAS in the
>
> - Show quoted text -