You can help CodeWalrus stay online by donating here. | New CodeWalrus | Old (dark mode) | Old (light) | Discord server

Announcing Rip'Em, a third-party firmware for the HP Prime

b/Calculator Development Started by Jean-Baptiste Boric, January 01, 2016, 10:30:14 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

« 1 2 3 4 »
u/Jean-Baptiste Boric March 06, 2016, 02:03:55 PM
Odd. I have a HW-C model though.

I hope it's just the keypad matrix being connected to different GPIO pins. A DVT model is too precious to sacrifice FOR SCIENCE! tinker recklessly with its UART.

Previously, I (ab)used the external interrupt pin hooked to the ON key, but I switched to the proper scanning method when I got it working.

I'll make a firmware to dump all GPIO registers on the screen. Since BXCBOOT0.BIN initializes the keypad GPIO to read the ON+Symb key combination, with a bit of luck the configuration registers will tell me where the keypad pins are located.
0
u/Dream of Omnimaga March 06, 2016, 11:53:38 PM
Maybe you did something that causes the new version to only run on hardware C? I hope hardware differences won't make it too difficult to develop third-party firmwares or bootloaders for that calculator.
0
u/Jean-Baptiste Boric March 07, 2016, 01:20:11 PM
Dumper's done. Hopefully without bugs.

It's in the gpio-dumper branch on the GitHub repository. I took a picture on my HW-C calc and attached the results.
0
u/critor March 07, 2016, 06:07:04 PM
Someone needs to test on HW-A.
Visually, the DVT PCB looks like the HW-A PCB.
0
u/Dream of Omnimaga March 08, 2016, 12:19:29 AM
Would this qualify as safe? I am curious because while under normal means I wouldn't mind sacrifying a calculator to test an OS for compatibility, I am currently short on money for new calculator purchases, so I am reluctant about taking the risk with my only HP Prime.
0
u/Jean-Baptiste Boric March 08, 2016, 08:19:57 AM
Quote from: DJ Omnimaga on March 08, 2016, 12:19:29 AM
Would this qualify as safe? I am curious because while under normal means I wouldn't mind sacrifying a calculator to test an OS for compatibility, I am currently short on money for new calculator purchases, so I am reluctant about taking the risk with my only HP Prime.

Beyond the "decline any responsibility" disclaimer, Rip'Em doesn't touch the NAND at all except for turning on (irrevocably until reset) write-protection for the recovery as the very first thing done, so a brick is theoretically impossible. I'd qualify it as safe.

The reckless part is about opening a HP Prime to connect to the UART and probe the GPIO registers through the GDB stub until something interesting happens. My calc has suffered no side effects, but I wouldn't recommend nor ask anyone to do that.

The dumper firmware merely dumps the contents of the GPIO registers on the screen, no reckless probing here. With screenshots running on different hardware revisions, I can hopefully pinpoint some differences between the revisions and code accordingly.
0
u/Lionel Debroux March 08, 2016, 08:43:46 AM
My Prime is HW A, but I can't run VMs any longer on my main computer to reflash the Prime...
0
u/Jean-Baptiste Boric March 08, 2016, 01:23:49 PM
Yeah, Windows-only flashing sucks, but I don't think I'm up to the task of reverse-engineering the USB flashing protocol. I only have so much sanity to spare ;D

On the other hand, I've reverse-engineered a good chunk of the first 8 KiB (only 2 KiB worth of code, but still) of BXCBOOT0.BIN. There's enough stuff to piggy-back here to allow unlimited read access to the NAND.

It is acceptable to post such material here or should I put it somewhere else ?
0
u/alexgt March 08, 2016, 01:26:11 PM
This looks great! I can't wait for more features. I am sorry for not following this more closely ._.
0
u/Lionel Debroux March 08, 2016, 01:31:47 PM
QuoteYeah, Windows-only flashing sucks, but I don't think I'm up to the task of reverse-engineering the USB flashing protocol. I only have so much sanity to spare ;D
I had scratched the surface of that reverse-engineering work, and AHelper0 worked on it later as well. But there's no complete reimplementation of that protocol.

QuoteOn the other hand, I've reverse-engineered a good chunk of the first 8 KiB (only 2 KiB worth of code, but still) of BXCBOOT0.BIN. There's enough stuff to piggy-back here to allow unlimited read access to the NAND.
Indeed, we already knew it.

QuoteIt is acceptable to post such material here or should I put it somewhere else ?
What about the TI-Planet hpwiki, which already contains such kind of material, as well as other content unmatched elsewhere (not even in the HP community), that I know of ? :)
See https://tiplanet.org/hpwiki/index.php?title=User:BXCBOOT0_BIN_pastebin_com_SKw5xtev , dropped by an anonymous user in August 2013.
Last Edit: March 08, 2016, 01:36:07 PM by Lionel Debroux
0
u/Jean-Baptiste Boric March 08, 2016, 02:16:57 PM
Quote from: Lionel Debroux on March 08, 2016, 01:31:47 PM
Indeed, we already knew it.

Better than knowing it, now we can use it. Besides other things I figured out the subroutine that reads a NAND block, so now I can either write a reimplementation or piggy-back the existing one for Rip'Em.

Quote from: Lionel Debroux on March 08, 2016, 01:31:47 PM
What about the TI-Planet hpwiki, which already contains such kind of material, as well as other content unmatched elsewhere (not even in the HP community), that I know of ? :)
See https://tiplanet.org/hpwiki/index.php?title=User:BXCBOOT0_BIN_pastebin_com_SKw5xtev , dropped by an anonymous user in August 2013.

I used that page as a starting point, but I've done my reverse-engineering with only arm-none-eabi-objdump since I don't have IDA. I've requested an account, now waiting for the email.

By the way, why is the HP wiki separate from the main TI-Planet wiki and why does it require a separate account from TI-Planet's ? It's not very practical and the HP pages are needlessly hidden away...
0
u/Lionel Debroux March 08, 2016, 02:48:00 PM
QuoteBy the way, why is the HP wiki separate from the main TI-Planet wiki
IIRC, that was an aim, for neutrality or something along those lines. Even if hosted on the server which hosts TI-Planet, Inspired-Lua, ToutMonExam and whatever else I forget right now, It could have been accessible from a different URL later, with a redirect.
Of course, we now know that very few people care about tinkering with the Prime...

Quoteand why does it require a separate account from TI-Planet's ?
Indeed, no integration between MediaWiki and PHPBB was performed, but beyond the aforementioned aim, I don't know whether it's because it's "impossible" (as in, annoying) to do, or because "we" - mostly Adriweb - didn't spend time trying, or because of security reasons (deeper integration = more damage upon intrusion or legal attacks).
Hackspire was separated from anything else, too.
Trying to concentrate much shared community knowledge - and therefore power - into a single integrated infrastructure has clear downsides, all the more said concentration is performed partially without permission, as occurred recently on another TI community site.
0
u/Vogtinator March 08, 2016, 03:38:33 PM
Quote from: Jean-Baptiste Boric on March 08, 2016, 02:16:57 PM
I used that page as a starting point, but I've done my reverse-engineering with only arm-none-eabi-objdump since I don't have IDA. I've requested an account, now waiting for the email.

IDA 5.0 is free and a huge step up compared to objdump -D...
0
u/Jean-Baptiste Boric March 08, 2016, 03:59:44 PM
Quote from: Vogtinator on March 08, 2016, 03:38:33 PM
IDA 5.0 is free and a huge step up compared to objdump -D...

If I remember well, IDA 5.0 only supports x86 disassembly and it doesn't run under Linux.
0
u/Adriweb March 08, 2016, 06:55:16 PM
About the wiki thing, I've now validated the account.

The HP Wiki we have is indeed separate from TI-Planet itself, but the TI-Planet wiki is however using the forum's phpBB account for single-sign-on user friendliness.
0
« 1 2 3 4 »
Website statistics


MyCalcs | Ticalc.org | Cemetech | Omnimaga | TI-Basic Developer | MaxCoderz | TI-Story | Casiocalc.org | Casiopeia | The Museum of HP Calculators | HPCalc.org | CnCalc.org | Music 2000 Community | TI Education | Casio Education | HP Calcs | NumWorks | SwissMicros | Sharp Calculators
Powered by EzPortal