Post Reply 
TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
05-24-2020, 01:25 AM
Post: #1
TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
Note: This is a cross post (with an addition near the end) from an article I posted on the LinusTechTips forum.

​For those who are unaware:
Just a few days ago, TI Education announced that the most recent OS for the TI-83 Premium CE removes the ability for the calculator to run any Assembly (ASM) code. With the decision planned to go global, this means that any program written in ASM or C will not run on any CE operating on the newest TI OS 5.5.1 or higher!

[Image: zKWSsVb.png]
(Source: TI-Planet: Français | English)

Why did this happen?
One big factor in the decision to ban ASM was due to a video created by a student and a teacher that showed the exact steps to bypass a Test Mode restriction in OS 5.2.2, an obsolete, 3 year old OS. What made the matter worse is they passed the issue off as if it were still present in modern OSes! With the video gaining almost a quarter of a million views, TI thought they'd need to take some drastic measures to uphold their Exam Mode security reputation.

Why is this so frustrating?
This is quite a punch in the gut for the community, TI had given TI-Planet (a very reputable TI forum that has been reporting on calculator news for over a decade) a beta build of OS 5.5.0 to review and post about. This build given to TI-Planet had all the benefits of the new Python abilities, however ASM was not banned on this build. To the community, it looks like TI knew we would hate the removal of ASM and therefor gave a different build to us just to drum up support. Then when release date came, they pulled the rug from under our feet and released OS 5.5.1 instead which did include the ASM restrictions

TI-Planet, has privately shared security flaws related to Exam Mode TI needed to fix, and kept vulnerabilities a secret as to not cause this exact situation. TI Planet has put so much meticulous care into protecting the hobby of thousands of students and future Computer Science Majors, like me, it's infuriating to see one clumsy video with a quarter of a million views set years of hard work go up in smoke.

TI Planet's time trying to protect the community isn't the only thing wasted, the hundreds developer's countless hours spent creating amazing content from overclocking utilities, to math additions like CAS, and games will become obsolete when newer calculators inevitably outnumber older ones. TI does offer alternative programming options like TI-BASIC and Python, but as TI Planet user jean-baptiste boric points out on Cemetech:
Quote:Performance is bad. It's the slowest Python implementation in a calculator. From TI-Planet's numbers, just about the only calculator that's roughly as slow is a Casio Graph 35+E, a monochrome calculator, and only mostly on integer benchmarks.
...
Graphics performance in particular is simply atrocious. TI-Planet clocked the put_pixel() fill rate at 48 pixels per seconds. The next two best calculators are 100x to 200x times faster. The next one is 1000x times faster. Forget about gLib, how can anyone be expected to write a simple ray-tracing or fractal script on-calc when it'll take nearly half an hour just to push the pixels out? Even when using TI's proprietary ti_graphics primitives it's still several times slower than the competition's put_pixel().
Source: Cemetech: English

It's also infuriating that TI's consistent reactions of killing a fly with a sledge hammer has done nothing to solve their security, in fact it has only worsened it. I think forum Planet Casio explains it better than I can:
Quote:Almost all calculator models have flaws allowing cheating to varying degrees, and many are vulnerable to modification of the hardware or the [Exam Mode notification] LED. [Currently, there is no enforcement in testing locations that requires you to show up with an updated calculator]. [This means,] in the short term, exposing the vulnerability has only spread it and increased cheating. confused2.gif
... The potential circumvention of the exam mode is ... what has allowed Planète Casio and TI-Planet to point out to manufacturers several annoying flaws concerning the exam mode, without exposing the national exams to more cheating.
Note: I have paraphrased the French to English translation in order to make it sound as coherent as possible.
(Source: Planète Casio: Français | English)

Now that ASM is banned and this situation can't get much worse, the community is already finding exploits that allows not only the ability to run ASM code anyways, but ways to bypass TI's insecure Exam Mode (which was only ever 'secure' because the community was careful not to release the exploits to the public). The community is already brainstorming alternatives that will both satisfy TI and the dedicated programming community. We're doing our best to come to terms with TI and avoid creating another cat-and-mouse game of finding and patching exploits (which happened on the Nspire).

Conclusion:
Like I said at the beginning, my goal is to spread the word about this as much as I can. Although this is only effecting the CE line up of calculators right now, TI has not ruled out releasing updates to older models that also bans ASM.
Quote: Q. Does this mean you will also be removing it from the TI-84 Plus?
A. At this time, we are only removing ASM capabilities on the TI-84 Plus CE, TI-84 Plus CE-T and TI-83 Premium CE.

(Source: An e-mail from TI-Cares posted on TI-Planet: Français | English)

My Plead to HP:
I know the HP Prime already doesn't have any popular ASM utilities yet. However, now that TI has banned ASM and Casio is limiting add-ins, the communities are trying to find alternative platforms that are more developer friendly. The HP Prime and the Numworks calculators are the top picks right now. Like I said above, the community has done a great job over the past decade keeping exploits incredibly private. I just hope HP doesn't freak out if ASM tools are developed for the Prime or if they receive a (private) notice about a potential exam security flaw. I know the developers here are amazing people and I think they'll be OK with it. However, they don't always get to make the decisions they know are right (i.e. the orientation of the Prime's LCD). At least the devs here get to communicate with their community and consider other methods than 'ban everything that's remotely bothersome'.

From my time here, I've seen this community is a bit small and new programs are sparse, especially compared to the hundreds of thousands of users at TI Planet. Right now is the ideal time to try and bring over new users. Right now is the ideal time to seriously focus on adding full Python support and give Numworks a run for its money.

Finally, I'd love if the users here could help spread the word as best you can. We could potentially get a segment on TechLinked, or ideally a full LinusTechTips video if my thread catches enough attention. If any of you have an LTT account, I'd appreciate if you could help out the thread!

Sources:
These go more in-depth than I did in this article. TI-Planet's 20 year history of ASM on calculators is a particularly great read.
Cemetech:
TI Removes ASM/C Programming from TI-83 Premium CE: English
TI-83 Premium CE/TI-84 Plus CE ASM/C Removal: Updates: English

Planet Casio:
TI supprime les programmes assembleur sur TI-83 Premium CE et 84+ CE version 5.5: Français
TI removes assembly programs on TI-83 Premium CE and 84+ CE version 5.5: English

ticalc:
TI removes access to assembly programs on the TI-83 Premium CE: English

TI-Planet:
Mise à jour 5.5 supprime assembleur TI-83 Premium CE & 84+CE: Français
Update 5.5 removes TI-83 Premium CE & 84 + CE assembler: English

Cemetech | YouTube
Visit this user's website Find all posts by this user
Quote this message in a reply
05-24-2020, 06:09 AM
Post: #2
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
Hello!

Build this calculator and do assembly programming to your heart's content Smile





Nad

Everything will be alright in the end. If it's not alright, then it's not the end.
Find all posts by this user
Quote this message in a reply
05-24-2020, 07:38 AM
Post: #3
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
I did not know Monic, it looks cool, but it is off topic here.

TheLastMillenial, there was a conversation (here) where Tim warned us about trying to hack the exam mode, that would lead to complete lock down of the system.
I think you could be interested.

And yes, as we discovered the icon in the wrong beta package this winter, we are waiting for the python app!
Find all posts by this user
Quote this message in a reply
05-24-2020, 11:09 AM
Post: #4
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
It's sad that most (if not all) handheld calculators of the current generation are targeted on the educational sector. In the past, handheld calculators were used by pilots, engineers, mathematicians etc. Today these groups mostly use big computers or more specialized devices.

Maybe it would be worth to manufacture "unlocked" devices that can be easily distinguished from educational devices (maybe a different color?).
Visit this user's website Find all posts by this user
Quote this message in a reply
05-24-2020, 03:44 PM (This post was last modified: 05-24-2020 06:31 PM by TheLastMillennial.)
Post: #5
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
pinkman: I'm aware of that topic and I understand why they would lock it down. TI's whole reaction is because of (obsolete) bugs related to test mode. However, these bugs were ones TI accidentally created themselves, not because of anyone attempting to hack it. In the years I've been apart of the TI community, not one programmer made a public project designed to tamper with test mode.

SammysHP: Yes! We've been brainstorming potential 'unlocked' calculators in a thread here. Personally, a separate calculator with different hardware doesn't sound too profitable for TI. However, an 'unlocked' OS that disables test mode sounds more reasonable. Neither are ideal though, it's so annoying this whole situation is completely unnecessary. Sad

Cemetech | YouTube
Visit this user's website Find all posts by this user
Quote this message in a reply
05-24-2020, 04:21 PM (This post was last modified: 05-24-2020 04:22 PM by SammysHP.)
Post: #6
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
(05-24-2020 03:44 PM)TheLastMillennial Wrote:  SammysHP: Yes! We've been brainstorming potential 'unlocked' calculators in a thread here. Personally, a separate calculator with different hardware doesn't sound too profitable for TI. However, an 'unlocked' OS that disables test mode sounds more reasonable. Neither are ideal though, it's so annoying this whole situation is completely unnecessary. Sad

A different hardware is not necessary. Just one model that uses signed "locked" firmware and one model without that restriction. AFAIK the bootloader can be configured entirely by a firmware update (at least relevant parts to require signed firmwares). So it would require only the maintenance of two firmware versions and a production run with a differently colored case. Both should not be that expensive and a small increase of the retail price is probably OK if you want an unlocked model.
Visit this user's website Find all posts by this user
Quote this message in a reply
05-24-2020, 05:38 PM (This post was last modified: 05-26-2020 07:22 PM by compsystems.)
Post: #7
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
It is a great loss to remove the ASM, but what I would like to see is python syntax with symbolic manipulation or CAS commands, this is what the Xcas author is doing.

hp-prime with Python Syntax, beyond the Python numeric language
https://www.hpmuseum.org/forum/thread-12...ght=python

Time to think of another platform.
newRPL https://sourceforge.net/p/newrpl/sources...ster/tree/
librecalc https://symbolibre.org/
Find all posts by this user
Quote this message in a reply
05-25-2020, 08:50 AM (This post was last modified: 05-25-2020 09:15 PM by Tugdual.)
Post: #8
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
So basically your message is : if Hp was to give us ASM access please don’t remove it ?
You surely understand this is a bit absurd. Considering that Hp had the school market as a primary target they have absolutely no intention to give any back door access that could geopardize exam modes. I would even say they pioneered what TI is now following. A second aspect to consider is that Hp is upgrading hardware and the G2 has a different CPU and I suspect the ASM might also change.
Find all posts by this user
Quote this message in a reply
05-25-2020, 03:05 PM
Post: #9
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
(05-24-2020 01:25 AM)TheLastMillennial Wrote:  Now that ASM is banned and this situation can't get much worse, the community is already finding exploits that allows not only the ability to run ASM code anyways, but ways to bypass TI's insecure Exam Mode (which was only ever 'secure' because the community was careful not to release the exploits to the public).
That could work out bad for TI, it now just takes a few angry TI hackers to publish those exploits online and spread them.

I have little hopes for TI of "fixing" this, after all, even companies like Apple could not prevent jailbreaks of their devices and they work with specialized security chips.
Find all posts by this user
Quote this message in a reply
05-26-2020, 06:22 AM
Post: #10
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
Hello,

A calculator is a much simpler device and making it jailbreak proof is much easier...

On Prime, if I was to turn on the chip level digital signature, they would be only one way to bypass the system. unsolder the CPU and replace it with a fresh one.

Anyhow, Prime does not have the issue as there is no ASM/C level access (unless you completely change the ROM, which you can do)...

Anyhow, the main issue here for TI and Casio is that when a government or minister tells you: "If you can't guaranty that the test mode is secure, you will not be allowed on the national exam"... well, you do it. Point end of story. High school education is 99% of their market.

Cyrille

Although I work for the HP calculator group, the views and opinions I post here are my own. I do not speak for HP.
Find all posts by this user
Quote this message in a reply
05-26-2020, 08:56 AM (This post was last modified: 05-26-2020 09:02 AM by Jean-Baptiste Boric.)
Post: #11
TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
(05-26-2020 06:22 AM)cyrille de brébisson Wrote:  On Prime, if I was to turn on the chip level digital signature, they would be only one way to bypass the system. unsolder the CPU and replace it with a fresh one.

Assuming all of the root of trust, the chain of trust, the operating system and the application are all completely watertight. It only takes one unlucky bug and the HP Prime runs a whole lot of code.

The traditional counter-example is video game consoles, which despite strong incentives to stop piracy manufacturers have only managed so far to delay hacks, not completely prevent them. Heck, the first 10 million of Nintendo Switch consoles sold or so have a non-patchable bug in the Nvidia-provided boot ROM that completely breaks the root of trust. The only hardware tool required is a paperclip stuck in the USB port.

I agree that in theory the cyber-security of the HP Prime sounds very good. I disagree that practice proved it.

(05-26-2020 06:22 AM)cyrille de brébisson Wrote:  Anyhow, Prime does not have the issue as there is no ASM/C level access (unless you completely change the ROM, which you can do)...

I'd say the HP Prime mostly doesn't have this issue because both the hardware and the included programming language are powerful enough for most usages. I can think of only two things that can be a problem:
  • Proprietary language with no available transpiler for porting stuff ;
  • Emulation of video game consoles at full speed (maybe, I'm not spending months learning a new language and writing an emulator to find out).
Unlike the HP Prime, ASM/C programs on a TI-83 Premium CE Edition Python are often the only solution for non-trivial programs with any remote expectation of performance.

(05-26-2020 06:22 AM)cyrille de brébisson Wrote:  Anyhow, the main issue here for TI and Casio is that when a government or minister tells you: "If you can't guaranty that the test mode is secure, you will not be allowed on the national exam"... well, you do it. Point end of story. High school education is 99% of their market.

What's their threat model on the test mode? Dunces with basic copy-pasting abilities, students with computer skills, hobbyists with basic soldering and electronics equipment, state-sponsored actors? People need to stop treating security as a yes-or-no problem because it's not. Proper security analysis always starts with a proper threat modeling.

I've written a bedtime story at Cemetech (https://www.cemetech.net/forum/viewtopic...865#285865) about how TI and NumWorks have handled the same exact problem: technically sound but extremely poorly-handled video or blog post about security of test mode reaches the higher-ups in a ministry of education.
  • NumWorks reached out to their community for advice and we have made proposals that do not lock down the calculator (ending still pending, but I'm hopeful it'll work out in the end) ;
  • TI preemptively threw their power user community off a cliff without so much as a heads-up and said that their Python solution, running on a micro-controller with 32 KiB of RAM (17 KiB of heap available) and a put_pixel() fill rate of 48 pixels per seconds shall be a replacement for ASM/C programs, no take-backs.

Guess which community is reaching for their pitchforks right now.
Find all posts by this user
Quote this message in a reply
05-26-2020, 05:25 PM
Post: #12
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
I thought some enterprising soul published private keys after breaking them years ago.

If so, is this update/change by TI any worse? If they don't use big enough keys somebody can factor them using amazon cloud for 10 bucks over a period of a few weeks months etc.

I don't understand if this is a new, harder problem or just more of the same.

It ain't OVER 'till it's 2 PICK
Find all posts by this user
Quote this message in a reply
05-26-2020, 09:01 PM
Post: #13
TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
(05-26-2020 05:25 PM)HP67 Wrote:  I thought some enterprising soul published private keys after breaking them years ago.

If so, is this update/change by TI any worse? If they don't use big enough keys somebody can factor them using amazon cloud for 10 bucks over a period of a few weeks months etc.

I don't understand if this is a new, harder problem or just more of the same.

Wikipedia says the old 512 bit RSA has been factored for more than a decade. I recall reading somewhere TI introducing a 2048 bit RSA key as a response. Unless you have contacts at the NSA or many millions of dollars to spare, I doubt that key will be broken anytime soon.
Find all posts by this user
Quote this message in a reply
05-26-2020, 10:11 PM (This post was last modified: 05-26-2020 10:12 PM by pinkman.)
Post: #14
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
Just ask HP to build a 2048 qbits quantum computer, and it will be a matter of milliseconds!
Ok I’m already gone —>[]
Find all posts by this user
Quote this message in a reply
05-26-2020, 10:43 PM (This post was last modified: 05-26-2020 10:47 PM by medwatt.)
Post: #15
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
Meanwhile, TI gave them Python instead which will probably make up for the lack of Assembly and even more. I'm looking at my HP Prime in disgust, really. I reported a bug a while back to both Tom and
Cyrille. They didn't even bother reply to my emails; they just ignored me. I wish I can sell my HP Prime 2 without too much loss because the more it stays around, the more my blood boils when I realize I burned more than €120 on it. I absolutely have no use for it and I refuse to learn HP's version of Basic. I have no intentions of wasting my time on a programming language that works on a single device.
Find all posts by this user
Quote this message in a reply
05-27-2020, 12:11 AM
Post: #16
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't ...
(05-26-2020 10:43 PM)medwatt Wrote:  Meanwhile, TI gave them Python instead which will probably make up for the lack of Assembly and even more. I'm looking at my HP Prime in disgust, really. I reported a bug a while back to both Tom and
Cyrille. They didn't even bother reply to my emails; they just ignored me. I wish I can sell my HP Prime 2 without too much loss because the more it stays around, the more my blood boils when I realize I burned more than €120 on it. I absolutely have no use for it and I refuse to learn HP's version of Basic. I have no intentions of wasting my time on a programming language that works on a single device.

Maybe Tim and Cyrille are busy adding Python to the Prime, rather than fixing other minor bug reports (though I agree, it doesn't take long at all to just reply, assuming they got it)? It would be a shame if you sold it and then what you wanted to happen, did happen; you'd have to buy a Prime all over again.

I have information about this, I'm just asking 'what if...?'

But it seems there is anger there about more than just this issue, so please feel free to ignore this, and go ahead and sell your Prime G2; though it seems like there is no rush, the used Prime price does not seem to drop much with time.

--Bob Prosperi
Find all posts by this user
Quote this message in a reply
05-27-2020, 03:31 AM
Post: #17
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
(05-27-2020 12:11 AM)rprosperi Wrote:  
(05-26-2020 10:43 PM)medwatt Wrote:  Meanwhile, TI gave them Python instead which will probably make up for the lack of Assembly and even more. I'm looking at my HP Prime in disgust, really. I reported a bug a while back to both Tom and
Cyrille. They didn't even bother reply to my emails; they just ignored me. I wish I can sell my HP Prime 2 without too much loss because the more it stays around, the more my blood boils when I realize I burned more than €120 on it. I absolutely have no use for it and I refuse to learn HP's version of Basic. I have no intentions of wasting my time on a programming language that works on a single device.

Maybe Tim and Cyrille are busy adding Python to the Prime, rather than fixing other minor bug reports (though I agree, it doesn't take long at all to just reply, assuming they got it)? It would be a shame if you sold it and then what you wanted to happen, did happen; you'd have to buy a Prime all over again.

I have information about this, I'm just asking 'what if...?'

But it seems there is anger there about more than just this issue, so please feel free to ignore this, and go ahead and sell your Prime G2; though it seems like there is no rush, the used Prime price does not seem to drop much with time.

The interesting part is they initially asked me to provide more details about the bug. I did and they never replied back even after emailed them several weeks later. It's like avoiding someone with a plague.

I should have probably done more research before getting the G2. I am the sort of person that would take a month to make a decision about buying anything. I did the unthinkable and sold my well-preserved HP-50g for 135EUR. Here, in Germany, used HP-50g(s) can go for as high as 200EUR. I had used the 50g for so long and the Prime was intriguing. That's how I ended up with the prime. I started getting second thoughts when I booted up the calculator for the first time and realized there was an app called triangle solver.

I haven't touched the calculator since the last update in February. At that time I had found an app that was useful to me (control toolbox). The problem is you cannot restart the calculator or have the calculator recover from a crash with the app installed. I contacted the developer and he also experiences the same problem. The crash even occurs on the emulator. I contacted Tim and Cyrille to inform them about the bug almost a month before the new update. So, I was hoping the new update would solve the issue but it didn't and had no use for the calculator anymore. I mean, the last time I needed to calculate the angle of a triangle was when I 8 or so. Anyway, I guess I should end my rant here.
Find all posts by this user
Quote this message in a reply
05-27-2020, 10:53 AM
Post: #18
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
(05-24-2020 07:38 AM)pinkman Wrote:  I did not know Monic, it looks cool, but it is off topic here.

Hello!

Writing software for a specific device is always risky as there are no guarantees that the product will not be discontinued or, as in this case, have certain capabilities removed. I speak from personal experience here.

This is why I recommend open source projects running on popular processors for major software development. Most of these projects are still in their infancy and can't compare (yet) to high-end commercial calculators but at least you won't have years of hard work go down the drain.

Nad

Everything will be alright in the end. If it's not alright, then it's not the end.
Find all posts by this user
Quote this message in a reply
05-27-2020, 11:40 AM (This post was last modified: 05-27-2020 11:41 AM by pinkman.)
Post: #19
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
Hello,

I found your answer off topic because of the risk of deviation of the initial subject (“Hey, we have troubles with Windows and MacOS”, “No worries, use Linux!”), and because the Monic topic could have it’s own thread.

Even if it’s exciting to master a commercial device and pushing it to limits its creators did not think about, I absolutely agree with your vision of open source developments on common platforms. This is part of the success of Free42 (even if it did not address a specific hardware before the DM42 project).

Regards,
Thibault
Find all posts by this user
Quote this message in a reply
05-27-2020, 06:36 PM
Post: #20
RE: TI Bans all Assembly Programming, Casio Limits Add-ins. Please don't follow suit HP.
(05-26-2020 09:01 PM)Jean-Baptiste Boric Wrote:  
(05-26-2020 05:25 PM)HP67 Wrote:  I thought some enterprising soul published private keys after breaking them years ago.

If so, is this update/change by TI any worse? If they don't use big enough keys somebody can factor them using amazon cloud for 10 bucks over a period of a few weeks months etc.

I don't understand if this is a new, harder problem or just more of the same.

Wikipedia says the old 512 bit RSA has been factored for more than a decade. I recall reading somewhere TI introducing a 2048 bit RSA key as a response. Unless you have contacts at the NSA or many millions of dollars to spare, I doubt that key will be broken anytime soon.

People said the same thing about 3DES and 1024 bit keys and MD5 and were proven overly optimistic before too long.

This issue just doesn't seem as hopeless and dire as advertised.

It ain't OVER 'till it's 2 PICK
Find all posts by this user
Quote this message in a reply
Post Reply 




User(s) browsing this thread: 2 Guest(s)