Jump to content



Photo
- - - - -

Casio fx-82 MS hacking


  • Please log in to reply
2 replies to this topic

#1 pedro-javierf

pedro-javierf

    Newbie

  • Members
  • Pip
  • 1 posts
  • Gender:Male

  • Calculators:
    fx-82MS (old)
    fx-82MS (new)

Posted 01 June 2018 - 05:09 PM

Hello  :rolleyes:

 

I'm an owner of several Casio calculators, all from the fx-82MS series. In Spain (where I live) they are very common because they are really cheap.

 

So, I wanted to hack it of course. I already have experience in reverse engineering and exploit development (https://github.com/pedro-javierf/). Nevertheless the calculator scenario is much more complex, at least for the casio fx-82ms which isn't programable.

 

So far I know there's this software glitch (sometimes called overflow but I don't really know if it's a classic stack overflow or someone just gave it the name):

which basically unlocks every mode from the superior model (fx-82ES I think?) on this 10eur calculator (though not all of them are really usable)

 

This is patched in the newer model, which (when turning off) prints the casio logo.

 

Also, the hardware is completely different. I'll post some images in the following days from the newer model, but a Spanish colleague already reversed the hardware for the old model: http://nitehack.blog...k-incluido.html

the most interesting thing is that he found that the hardware beneath the buttons is in fact a matrix keyboard. There are more pins (keyboard combinations) that were actual buttons in the calculator, so he analyzed that and found that some combinations can be triggered to directly activate extra modes from the superior model. I have a hardware setup for that I'll show off as soon as possible. The software layer is still pretty much unexplored, so that's why I'm here  :greengrin:

 

I've seen you people have done a lot of research into better, newer and more complex models (even ROP chains If I'm not wrong!) which is amazing. How could I apply some of that knowledge to reverse the fx-82MS? I've read something about official casio emulators?

 

Thank you!

 

PS: Since I don't have any newer model I can't really help, but I will try if y'all need something :)



#2 frankmar98

frankmar98

    Casio Freak

  • Moderator
  • PipPipPipPip
  • 127 posts
  • Gender:Male
  • Location:Spain
  • Interests:Science, programming

  • Calculators:
    CFX-9970G
    Graph 90+E (fx-GC50)
    fx-9860G SD
    Classpad 300
    HP Prime
    TI-84+ CE-T
    x2 TI-83+
    TI-81
    fx-4800p, fx-3650PII
    fx-991SPX, fx-991ES PLUS, fx-100W

Posted 01 June 2018 - 06:34 PM

Hi, pedro-javierf, welcome to UCF!

 

The research on hacking basic calculators is really interesting. This fx-82 MS is a good platform to research with.

 

I invite you to post here all your research in this model. I've splitted your post from the other thread, because it is other model. This is for organization reasons. To help the users to find your post easiliy.

 

I really understand the popularitiy of this calculator in Spanish classes, I have studied ESO and Bachillerato in a highschool in a town in Málaga, and almost everyone had the fx-82MS.

 

This occurs because the teachers and the students don't have any knowledgment about calculators, for example, a fx-991ES plus or an used graphing calculator are cheap also (I got my fx-9750G for 3€ used), and have many functions more.

 

Although the research in this models hacking is really interesting.

 

The old version of fx-82MS, has the same hardware than fx-570MS, 100MS, 115MS, 991MS, well function suited models, the predecesors of fx-ES plus series.

 

1998:  fx-82W, 85W, 100W, 115W, 570W, 991W

 

2001: fx-82MS, 83MS, 85MS, 100MS, 115MS, 270MS, 300MS, 350MS, 570MS, 991MS

 

2004:  fx-82ES, 83GT, 85ES, 115ES, 350ES, 570ES, 991ES

 

2008:  fx-82ES plus, 83GT plus, 85ES plus, 115ES plus, 350ES plus, 570ES plus, 991ES plus

 

2015: fx-82, 350, 570, 991 EX/SPX/DEX, etc.

 

The better (unlocked) calculators are the fx-570 - 991, and in the MS series, this calculators are discontinued, the 82MS is still in production but with a cheaper PCB.

 

Regards!



#3 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 186 posts

Posted 05 June 2018 - 01:53 PM

I know about that glitch (and some other ones), all of them involves pressing '0' before '1'. Because only '0' works (and nothing else) I suspect that's an Easter egg Casio left in the calculator.

I also have some calculators in the old MS series (where I can test the bugs).

Unfortunately, I have no idea how the glitch works because:

* There are no "correct" emulator of any calculator, that I can extract the ROM and expect it to be "reasonably similar" to the ROM of the real calculator.
* I don't know the details of the hardware (CPU model, etc.) although I guess it's the same kind as the ES and ES PLUS series.
* I can't find out a way to read the calculator ROM.

If anyone succeeded in obtaining the ROM of the calculator series, please post it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users