Jump to content



Photo
* * * * * 2 votes

FX-82/-83GT/-115/-991ES Hacking


  • Please log in to reply
255 replies to this topic

#81 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 04 November 2016 - 09:44 AM

kaikun97, I think I have an idea.

There is an fx-82MS emulator (yes, MS, not ES). Could you please dump the RAM of it? I am trying to find if the fx-ES (not PLUS) and fx-MS have the same architecture, and also want to dig a bit into the MS series.

 

Most wanted: a memory dump of a CLASSWIZ emulator (trial version available from Casio).

 

To download it: On https://edu.casio.co...cense/index.php tick the box "I have read and consented to the Software License Agreement" under "Free Trial Version", select "fx-570/991EX Emulator" on the bottom of the page where it says "ClassWiz Emulator Subscription v2.00" and click Download.

 

hm.

You may not reverse engineer, decompose, disassemble, or create derivative works from the Software.

Edited by SopaXorzTaker, 04 November 2016 - 10:03 AM.


#82 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 04 November 2016 - 12:22 PM

@SopaXorzTaker So you don't like cracked software? It seems this is the only way to get the emulator. And where is the fx-82ES (non-plus) emulator from? Is it free or cracked?

 

It seems that my idea of STAT 9 failed. Have you tried EQN hack?

It hangs on a blank screen for (01:45 for 570es plus, 00:53 for 570vn plus) and display a lot of "ERROR" text. Can that be used to hack the calculator?

 

I seems to unable to find fx-82MS emulator, but I will find.

 

I had classwiz emulator installed, and I will post RAM dump soon.

 

*** When you mention "RAM dump", is the way to do it like the part

> To create a dump using Task Manager

in this page? If so I created [Redacted link]

Do you need a dump of 570 vn plus?

-----------------------------------------------------------

 

I think VINACAL and CASIO are very, very different due to some hacks I found in VINACAL.


Edited by flyingfisch, 04 November 2016 - 04:35 PM.
Redacted links to copyrighted material.


#83 flyingfisch

flyingfisch

    Casio Maniac

  • Deputy
  • PipPipPipPipPipPipPipPip
  • 1891 posts
  • Gender:Male
  • Location:OH,USA
  • Interests:Aviation, Skiing, Programming, Mountain Biking.

  • Calculators:
    fx-9860GII
    fx-CG10 PRIZM

Posted 04 November 2016 - 02:21 PM

Hi guys,

 

Unfortunately, we can't allow linking to copyrighted material on this forum. This is because our main source of revenue for keeping the site online is Google ads, and they have a strict policy regarding copyrighted material. I've removed the illegal links from this thread.

 

I don't think any of you intended to be malicious, so I'm not issuing any bans or warnings, just letting you guys know what's going on.

 

To clarify, pictures of PCBs, "hackstrings", and discussion about reverse engineering the calculators is still allowed, it's just the copyrighted material that isn't.

 

Thank you for your cooperation, and happy hacking! :)


  • SopaXorzTaker and user202729 like this

#84 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 04 November 2016 - 04:29 PM

Are you sure that -ES, -ES Plus and Classwiz calculators use the same instruction set? I have five different sources (bold below) of SimU8.dll and SimU8engine.dll, all from Casio calculator emulator.

 

+ The one from you and the one in fx-es plus manager trial are identical.

+ I also have a pair of dll from another fx-82es emulator, when you replace both files in your emulator with that one it work normally, but not when you replace one file.

+ The one from 570VN PLUS are completely different, but is the same as the one of Classwiz model. That's why the empty-box hack on Classwiz can work on 570VN PLUS.

 

Edit: Although we knew that fx-991es and fx-991es plus use different chips, your fx-82es emulator have dll identical to the one in fx-es plus manager trial. Or that may be an error of the fx-es plus manager?

Hm, that might mean that all the calculators are using the same chip, but running a different firmware each.



#85 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 04 November 2016 - 04:37 PM

@kaikun97 I noticed @flyingfisch removed your 82ES emulator though kaikun97 said that it is free (demo). Why?



#86 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 04 November 2016 - 04:40 PM

@kaikun97, about the memory dump that you posted: why is it so small? Does the entire process use only ~250K of memory, or is it a dump of some array?



#87 flyingfisch

flyingfisch

    Casio Maniac

  • Deputy
  • PipPipPipPipPipPipPipPip
  • 1891 posts
  • Gender:Male
  • Location:OH,USA
  • Interests:Aviation, Skiing, Programming, Mountain Biking.

  • Calculators:
    fx-9860GII
    fx-CG10 PRIZM

Posted 04 November 2016 - 04:46 PM

@kaikun97 I noticed @flyingfisch removed your 82ES emulator though kaikun97 said that it is free (demo). Why?

 

That was accidental collateral damage, I only meant to remove illegal links but didn't have time to check the actual content of each one. You guys can add that link back if you want, and feel free to let me know if there were any other links I accidentally redacted that shouldn't have been. :)



#88 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 04 November 2016 - 04:57 PM

@SopaXorzTaker On my machine the program take 1.9MB, reported by Task manager. Do you actually means the one get from (see my 6:22 post)

 

@flyingfisch I seems to be quite clueless about what is banned. ROM dump of a free software is copyrighted?

Is instruction to upgrade calculator (not hacking) banned? For ex., "Open file A by hex editor, search for 123456, replace by 654321 and save". Is that considered invalid if it convert 82es emulator to a 570es one?


Edited by user202729, 04 November 2016 - 05:01 PM.


#89 flyingfisch

flyingfisch

    Casio Maniac

  • Deputy
  • PipPipPipPipPipPipPipPip
  • 1891 posts
  • Gender:Male
  • Location:OH,USA
  • Interests:Aviation, Skiing, Programming, Mountain Biking.

  • Calculators:
    fx-9860GII
    fx-CG10 PRIZM

Posted 04 November 2016 - 05:19 PM

@flyingfisch I seems to be quite clueless about what is banned. ROM dump of a free software is copyrighted?

Is instruction to upgrade calculator (not hacking) banned? For ex., "Open file A by hex editor, search for 123456, replace by 654321 and save". Is that considered invalid if it convert 82es emulator to a 570es one?

 

Casio copyrights it's ROMs, so you wouldn't be able to distribute those here. Instructions for upgrading or hacking using the method you described is fine.



#90 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 06 November 2016 - 08:05 AM

@SopaXorzTaker Sorry I forgot to mention that the ROM is of fx-570/991SP X emulator, its language is not English. Perhaps I will send you an English version (not on this site)

On this site there are two images of calculators with checksum.

EDIT too bad that those do not have emulator.

 

@kaikun97 Can you delete the video in your quote? It has a lot of Casio calculator emulator which may be copyrighted.


Edited by user202729, 06 November 2016 - 08:17 AM.

  • flyingfisch and kasio like this

#91 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 06 November 2016 - 11:58 AM

@kaikun97 I have told you before, those exploits come from the new feature: automatically add bracket to clarify meaning.


Edited by user202729, 06 November 2016 - 01:27 PM.


#92 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 06 November 2016 - 01:28 PM

The 995ES+ and 915ES+ are all sufficiently new and functionality (they have GCD and LCM for example) (what is "->CONV"?), just like the 570VN PLUS. I tried on a 570VN PLUS and it actually work. And​ the 570VN+ has auto-add-parentheses feature, so I guess 995ES+ and 915ES+ also have.

 

@SopaXorzTaker Why mod 0xFFFF? I think you means mod 0x10000?

Unfortunately I also don't have a classwiz so I can't try.

Also read my 2 previous post.


Edited by user202729, 20 November 2016 - 04:22 PM.


#93 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 06 November 2016 - 01:35 PM

@SopaXorzTaker Why mod 0xFFFF? I think you means mod 0x10000?

Yes, mod 0x10000 of course.


Edited by SopaXorzTaker, 06 November 2016 - 01:35 PM.


#94 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 06 November 2016 - 06:31 PM

Hm found something interesting, remember when I did that glitched barcode graphic earlier in the thread by using the glitched stat mode with the little A and X hat? I tried 8°5°3° in the stat data and did Ex sqaured for the sum menu (first option) and then a little A after and pressed equals. I got Math error, then I deleted the A and put an X hat in its place and pressed equals again and I got a glitched screen, pressed the direction keys seem to change whats on the screen

https://imgur.com/a/CoGBp

I get similar effects with different values of X°Y°Z° so I will experiment with it. Also choosing different Sum options can also cause different glich effects. Ex cubed instead causes a glitched error screen

Does not work on my fx-991ES PLUS, only locking the calculator on any expression with any characters from the glitched Reg menu.

Perhaps that happens because of a different firmware. If I am able to buy a fx-82ES PLUS, I'd try this on it.



#95 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 07 November 2016 - 03:32 PM

@SopaXorzTaker Can you guarantee anything about the size of the ROM (like divisible by 2^10, etc)? I am going to find byte substrings in casio fx-570vn plus dump that sum mod 0x10000 is D457.



#96 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 07 November 2016 - 03:41 PM

@SopaXorzTaker Can you guarantee anything about the size of the ROM (like divisible by 2^10, etc)? I am going to find byte substrings in casio fx-570vn plus dump that sum mod 0x10000 is D457.

I'd look for chunks of sizes 98304 (96 KiB), 131072 (128 KiB), 262144 (256 KiB), 524288 (512 KiB).



#97 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 07 November 2016 - 05:03 PM

I'd look for chunks of sizes 98304 (96 KiB), 131072 (128 KiB), 262144 (256 KiB), 524288 (512 KiB).

 

In fact the one that look most likely to be the ROM in VINACAL II emulator (Sim VINACAL 570ES PLUS II v1.0) is 192 KB, but it looks like that the ROM size is divisible by 32 KB, that is larger than I expected. (so that is better)


Edited by user202729, 07 November 2016 - 05:04 PM.


#98 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 07 November 2016 - 05:13 PM

The non plus models have 96KB ROM so I would say no bigger than 192KB

 

Really? Where do you know that? What about the plus models?

I say that the Vinacal emulator has rom 192KB, not very related to this, but as an example to ROM size.



#99 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 08 November 2016 - 03:16 PM

Some information about other models:
 
1. The EQN hack on fx-500VN PLUS take 1 minutes 26 seconds.
 
2. The forensic result on a 500VN PLUS and a 570ES PLUS is the same as SopaXorzTaker's 991ES PLUS, that is 9 + 7.33338 * 10^-9 = 9.00000000733338.
 
3. Checksum
 
** Why is the 570ES PLUS nearly identical to the 991ES PLUS, but the 570ES PLUS has the number in first line less than 1 and checksum greater than 1? So I doubt that checksum is sum of all bytes mod 0x10000**
 
(It seems that those information are hard to find.)
<570VN PLUS>

LY710X VerA
SUM D457 OK

<570ES PLUS>

GY454X VerE
SUM 8929 OK

<500VN PLUS>

GY460X VerF
SUM D29B OK

<991DE PLUS>
<83GT PLUS>

http://tieba.baidu.com/p/4120085688


Edited by user202729, 21 January 2017 - 04:33 AM.


#100 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 08 November 2016 - 06:02 PM

kaikun97, I want to test something. Remember taking a memory dump for me - could you please do that again, but with an expression entered?

I want you to type "123+456-789/123*456ABCDEFXYM" into the emulator and press =.

Ideally, I'd like memory dumps in different modes, COMP and CMPLX would be enough.

Also, please set the M variable to 123.456 before entering the expression above.

That would help me to find where the expressions and the variables are stored in the emulator.

Thanks.



#101 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 09 November 2016 - 11:04 AM

So I am looking for where things are stored using Cheat Engine, but only on fx 570vn plus emulator. On the 570vn plus I made a large cheat table. Only a few is done for the 82es one, seatch the web for "fx82es.ct". Only work for some specific model.. SopaXorzTaker you use Linux so probably can't use Cheat Engine or the simulator.

 

In 570vn+ emulator I found a memory block 0x10000 bytes that contains "Syntax ERROR" text and many other texts that I believe to be the calculator's ROM.

 

Unfortunately the sum of those 0x10000 bytes is 00000000006C69DD and the sum of 0x8000 words is 000000002773B860, different from 0xD457. But comparing detail & checksum of 570es+ and 991es+ (my post above)

 

EDIT:​ The sum of 0x8000 words above is big-endian. For little-endian see below.


Edited by user202729, 13 November 2016 - 08:05 AM.


#102 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 09 November 2016 - 01:28 PM

The one name "Cheat engine" at (cheatengine.org). Ver 6.5.1. (Now 6.6 is available)

 

 

 

@SopaXorzTaker I am doing that with the 570vn+ emulator (you can find the cheat table in the "Cheat table" section in the link above), and it is very hard to find something. I think what you want is not enough.

 

 

Note: Cheat table is just a list of hex addresses of data in memory and some comment what an address point to.


Edited by user202729, 09 November 2016 - 02:19 PM.

  • kasio likes this

#103 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 09 November 2016 - 03:21 PM

@kaikun97 @SopaXorzTaker If possible can you find:

 

1) The instruction pointer.

2) What determine what page​ is currently showing on the screen. I managed to find scroll page (page 1 / page 2) but unable to switch between different pages. (For example I can't get to SETUP from MODE)

3) What determine what button is being pressed. I found the part that determine the highlight on screen (determine by two 4-bytes values that is FFFFFFFF when no highlight. I found by pause hotkey) but that can't help.

4) From 2 or 3 above (or by another means), how to enter DIAGNOSTIC mode.

 

In my computer the save file (external memory?) is stored in

 

C:\Users\<my user name>\AppData\Local\Temp\<long hexadecimal sequence>.tmp

 

One of long hexadecimal sequences is:     52432066782d353730564e20504c5553436173696f206678353730766e20706c7573   .

The emulator can keep value of variables even if I exit that.

 

Anyone know details of es-plus models? (ram size, rom size, etc)


Edited by user202729, 09 November 2016 - 03:24 PM.


#104 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 09 November 2016 - 03:31 PM

@kaikun97 @SopaXorzTaker If possible can you find:

 

1) The instruction pointer.

2) What determine what page​ is currently showing on the screen. I managed to find scroll page (page 1 / page 2) but unable to switch between different pages. (For example I can't get to SETUP from MODE)

3) What determine what button is being pressed. I found the part that determine the highlight on screen (determine by two 4-bytes values that is FFFFFFFF when no highlight. I found by pause hotkey) but that can't help.

4) From 2 or 3 above (or by another means), how to enter DIAGNOSTIC mode.

 

In my computer the save file (external memory?) is stored in

 

C:\Users\<my user name>\AppData\Local\Temp\<long hexadecimal sequence>.tmp

 

One of long hexadecimal sequences is:     52432066782d353730564e20504c5553436173696f206678353730766e20706c7573   .

The emulator can keep value of variables even if I exit that.

 

Anyone know details of es-plus models? (ram size, rom size, etc)

Could you upload one of those temporary files for me to look into?

According to the datasheet, the chip in fx-991ES (not PLUS) has 96KiB of ROM and 3584 (3.5KiB) bytes of RAM.



#105 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 09 November 2016 - 03:34 PM

So I am looking for where things are stored using Cheat Engine, but only on fx 570vn plus emulator. On the 570vn plus I made a large cheat table. Only a few is done for the 82es one, seatch the web for "fx82es.ct". Only work for some specific model.. SopaXorzTaker you use Linux so probably can't use Cheat Engine or the simulator.

 

In 570vn+ emulator I found a memory block 0x10000 bytes that contains "Syntax ERROR" text and many other texts that I believe to be the calculator's ROM.

 

Unfortunately the sum of those 0x10000 bytes is 00000000006C69DD and the sum of 0x8000 words is 000000002773B860, different from 0xD457. But comparing detail & checksum of 570es+ and 991es+ (my post above)

That block's probably 0x18000 bytes (96KiB) long instead. Could you please dump it and upload the file?



#106 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 09 November 2016 - 03:35 PM

My 82GT Plus can type in more data like sqaure roots in MathIO mode than my 82ES so the Plus models will for sure have more RAM, the ROM could be the same size though.

I think the amount of RAM stays the same, because of Casio software-limiting their calculators, as for the upgrade hack.



#107 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 09 November 2016 - 03:37 PM

http://www.mediafire...e20706c7573.tmp

(temporary file)

Now you're a moderator is that valid on this site?


Edited by user202729, 09 November 2016 - 03:39 PM.


#108 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 09 November 2016 - 03:39 PM

It could be the case but I doubt it with the Plus models because they also have a faster CPU (There is less delay if I do a complex calculation) so it would make sense to upgrade the RAM

Yeah, didn't think well about that. Makes sense.



#109 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 09 November 2016 - 03:42 PM

If it contains the ROM I would say no(in that case just PM him). If not then it should be fine

That file doesn't seem to contain the ROM, as it's only 2.5K.


  • kasio likes this

#110 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 09 November 2016 - 03:45 PM

Yes, but I don't know about the memory dump. (If we knew then I could take its checksum)

I have reasons to believe the rom part in the memory dump is 0x10000 bytes, as I will describe.

 

1. Using Cheat Engine's debugging feature the ROM is accessed in form [ptr + offset], so I guess the ptr is the starting point of the ROM.

2. After 0x10018 bytes are next part (I guess external memory or RAM) start pointer.

3. Those 0x10000 bytes are the same in all instances (I guess since I just compared two instances).

4. (not very related) It seems that the next part has 0x8000 bytes start with 0.

 

If I can call diagnostic in emulator I would find which address is accessed thus find where is ROM.


Edited by user202729, 09 November 2016 - 03:52 PM.


#111 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 09 November 2016 - 04:02 PM

Yes, but I don't know about the memory dump. (If we knew then I could take its checksum)

I have reasons to believe the rom part in the memory dump is 0x10000 bytes, as I will describe.

 

1. Using Cheat Engine's debugging feature the ROM is accessed in form [ptr + offset], so I guess the ptr is the starting point of the ROM.

2. After 0x10018 bytes are next part (I guess external memory or RAM) start pointer.

3. Those 0x10000 bytes are the same in all instances (I guess since I just compared two instances).

4. (not very related) It seems that the next part has 0x8000 bytes start with 0.

 

If I can call diagnostic in emulator I would find which address is accessed thus find where is ROM.

So yeah, if you plan on dumping this, you better send me a PM, ROM links are against the rules on the forum.



#112 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 09 November 2016 - 04:22 PM

We have an IRC channel now for discussion, the link is at the bottom of the first post in the topic.

Feel free to join!



#113 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 09 November 2016 - 04:32 PM

Why don't we gather all discussion here?

Also I am said to be a bot on that IRC channel.

 

I will PM you (SopaXorzTaker) a link to an (old) memory dump of 570vn+ emulator. The part I believe to be the ROM start at 0x004A84E4 and is 0x10000 bytes long.


Edited by user202729, 11 November 2016 - 02:19 PM.


#114 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 09 November 2016 - 04:38 PM

Why don't we gather all discussion here?

Also I am said to be a bot on that IRC channel.

 

I will PM you (SopaXorzTaker) a link to an (old) memory dump of 570vn+ emulator. The part I believe to be the ROM start at 0x004A84E4 and is 0x1000 bytes long..

This was my fault, I incorrectly specified the link. Update the page and try clicking the link in the first post again.

EDIT: if your nickname contains lots of numbers, the server may think that you're a bot. Try again with less of them if that is the case.



#115 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 10 November 2016 - 03:44 PM

By the way:

fx-570 ES PLUS produces the following as per user202729:

GY454X VerE
SUM 8929 OK

My calculator (fx-991ES PLUS) has the checksum of 8928, so that might imply a byte sum used.



#116 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 10 November 2016 - 04:04 PM

1. Or the byte difference is exactly the little byte of the word.

2. A byte can contains 454 > 2^8? It is either ascii or word.

2. What about the reverse direction? (checksum + 1, model - 1)

3. I am downloading the u8 assembler. It seems that there is only similar models (not exactly the same) but perhaps they are very similar.


Edited by SopaXorzTaker, 10 November 2016 - 04:11 PM.
revert mod edit


#117 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 10 November 2016 - 04:10 PM

We found the leaked u8 assembler, which hopefully can also disassemble the firmware too. We aren't linking to it on the forums, but it can be found by careful googling. At the time of writing this post, it was on the first page of Google search "oki u8 github".



#118 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 10 November 2016 - 05:44 PM

Well, now we have the assembler executable (rasu8.exe). Reverse-engineering it could reveal the nX-U8 instruction set.



#119 SopaXorzTaker

SopaXorzTaker

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 132 posts
  • Gender:Male
  • Interests:Electronics and programming.

  • Calculators:
    fx-991ES PLUS

Posted 11 November 2016 - 01:45 PM

user202729, I think that the chercksum is the sum of every 16-bit word in the rom, either big- or little- endian, e.g 0xFFFF + 0xFFFF = 0xFFFE.



#120 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 117 posts

Posted 11 November 2016 - 02:04 PM

So you means if the ROM is 01 02 03 04 05 06 07 08 then the checksum is (0102 + 0304 + 0506 + 0708 + 0807 + 0605 + 0403 + 0201) mod 10000 (hex)? If so checksum (of the part I mentioned) is 000000006CD646DD. If only little endian is sum then the sum is 0000000045628E7D.


Edited by user202729, 11 November 2016 - 02:13 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users