Jump to content



Photo
- - - - -

CASIO fx-82AU PLUS II Hacking

hacking fx-82AU PLUS II hack

  • Please log in to reply
5 replies to this topic

#1 EnderFire09

EnderFire09

    Newbie

  • Members
  • Pip
  • 14 posts
  • Gender:Not Telling
  • Interests:Calculator hacking (Especially the fx-82AU PLUS II)
    Memes
    Gaming (Mostly Minecraft)
    Cats (Especially Pedigree Norwegian Forest Cats)

  • Calculators:
    Casio fx-991ES PLUS Version F
    Casio fx-82AU PLUS II Version A
    Casio fx-82ES PLUS Version E (Sadly the LCD is damaged and half the screen is dead)

Posted 06 August 2020 - 12:02 PM

This thread is to share information.about hacking the CASIO fx-82AU PLUS II and possibly even achieving arbitrary code execution and dumping the rom. I am willing to try any hacks.

 

This is the basics of hacking the CASIO fx-82AU PLUS II.
 

First, I recommend taking a look at http://casiocalc.wikidot.com/ and https://community.ca...s-plus-hacking/

 

Secondly, note that all of the hacks only work on the LY711X VerA with the checksum of 0A69. You can check in diagnostics mode. To enter diagnostic mode, just look it up, there are plenty of tutorials on how to use diagnostic mode, out there.

If the calculator freezes/crashes, press [ON].

 

 

Now for the hacks!

Firstly, all of the hacks use REG hackstrings, hackstrings that involve the small 'A', the small 'B' and 'r' and there are two types of REG hackstrings, ones that involve STAT Submode 0 and ones that involve the MathIO overflow (divide bracket) bug.


Firstly to get into STAT submode 0 you press [MODE], 2, then you press AC/on then [ON] around 0.5 seconds after pressing AC/on. Note that this may be hard for the first few times you try, but you will get better the more you do it.
If you are successful, you should see that the STAT indicator is on and REG is available in the STAT menu Shift, 1. If you are not the go back into COMP mode and try again.


In the REG Menu Shift, 1, 5, you will see 5 characters. We are interested in 2 of them, 'r' and the small 'A'


To get 'r', press Shift, 1, 5, 3.

To get the small 'A', press Shift, 1, 5, 1


sqrt - square root symbol


STAT submode 0 REG hackstrings


1. small 'A' by it self - Enters Mode 68

2. 1(1(1(1r - Enters Mode 68 with MathIO

3. A(BCr - Puts the input into table input mode and corrupts the ram, causing the hackstrings to have different results until you press [ON].

4. 1sqrt(1sqrt(1sqrt(1sqrt(1sqrt(1sqrt(1r - teleport cursor far to the right, past the start of the cache, causing basic overflow.



Now for the MathIO hacks


To get 'r' in MathIO you must type Pol(0,1) then press [=], then press รท, 9, and then press [LEFT BRACKET] until you cant type any more left brackets. Then press [=], then AC/on, , AC/on, [BACK].

Now your should have 'r' and a bunch of other characters next to it. Delete everything except for 'r'


Now for the COMP, MathIO hacks:


1. (7979(7979(7979(7979r - Enters Vector mode, which is not supported by the fx-82AU PLUS II

2. A(BCr->M v/[] (Square root) - Enters Mode 68 with LineIO without crashing the calculator, Press AC/on, then [BACK], delete every thing except for the box. Now move the cursor to the left of the box, then press [RIGHT] once. Initially, you cant see what you are typing until you have typed about a dozen characters. You have now achieved basic overflow.



Terms


1. Mode 68 - see http://casiocalc.wikidot.com/mode-68

2. Basic overflow - see http://casiocalc.wik.../basic-overflow



For more information please visit http://casiocalc.wikidot.com/ and https://community.ca...s-plus-hacking/


If you have some hacks that you know feel free to reply. I am willing to try any hacks.
 


Edited by EnderFire09, 07 August 2020 - 11:59 AM.


#2 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 239 posts

Posted 07 August 2020 - 05:46 AM

I'm not interested in getting another ROM at the moment. It takes some effort.

 

Because I don't have the necessary hardware, I can only do it manually (writing hacks so the ROM is displayed on the screen, and interpret that), and that involves some known information.

 

It's not very hard to get the rom from an emulator (can be bought, and... there are cracked versions... I should not post the link).

 

Resources: (you may want to figure out how to get the ROM yourself)

 

wikidot

the other topic on this site

https://tieba.baidu.com/p/6836768682

https://tieba.baidu.com/p/6243040741



#3 EnderFire09

EnderFire09

    Newbie

  • Members
  • Pip
  • 14 posts
  • Gender:Not Telling
  • Interests:Calculator hacking (Especially the fx-82AU PLUS II)
    Memes
    Gaming (Mostly Minecraft)
    Cats (Especially Pedigree Norwegian Forest Cats)

  • Calculators:
    Casio fx-991ES PLUS Version F
    Casio fx-82AU PLUS II Version A
    Casio fx-82ES PLUS Version E (Sadly the LCD is damaged and half the screen is dead)

Posted 07 August 2020 - 09:39 AM

Here is an image of the result of the small 'A' by itself

 

dEJjqV5.png



#4 EnderFire09

EnderFire09

    Newbie

  • Members
  • Pip
  • 14 posts
  • Gender:Not Telling
  • Interests:Calculator hacking (Especially the fx-82AU PLUS II)
    Memes
    Gaming (Mostly Minecraft)
    Cats (Especially Pedigree Norwegian Forest Cats)

  • Calculators:
    Casio fx-991ES PLUS Version F
    Casio fx-82AU PLUS II Version A
    Casio fx-82ES PLUS Version E (Sadly the LCD is damaged and half the screen is dead)

Posted 09 August 2020 - 07:01 AM

Here are some more hacks for the fx-82AU PLUS II.

 

First the STAT submode 0 hacks:

 

1. The small 'A' preceded with a lot of digits - shows a glitched contrast menu and changes the STAT submode to another unintended submode (possibly 9 or above). This causes the reg characters and thus the hackstrings to have different effects.

 

2. (3636(3636(3636(3636r - shows a cursed contrast menu for a brief moment then immediately shuts off and resets all.

 

Now for the COMP, MathIO hack

           _____

1.        |   r

          |   ----     ----> M       (r over empty box , inside a square root stored into M)  -- Shows a cursed Syntax Error

         |     []

     \_|

 

Hope you enjoy them!

More to come soon! :)



#5 user202729

user202729

    Casio Freak

  • Members
  • PipPipPipPip
  • 239 posts

Posted 15 August 2020 - 10:46 AM

Can you understand ROP? I guess it isn't too hard to figure out the necessary addresses to dump the ROM, assumes basic overflow in math mode works, and given that the emulator ROM is available.


Edited by user202729, 17 August 2020 - 01:45 AM.


#6 aidswidjaja

aidswidjaja

    Newbie

  • Members
  • Pip
  • 10 posts
  • Gender:Male
  • Location:Sydney, Australia
  • Interests:Hacking calculators, playing with computers and watching anime.

  • Calculators:
    CASIO fx-82AU PLUS II
    CASIO fx-100AU PLUS II

Posted 25 August 2020 - 11:42 AM

ROP could be interesting couldn't it... iirc basic overflow does work, and there is an emulator ROM available (so we don't have to read pixels off the screen, that sounded painful)

 

And I mean, maybe someone could write different scripts to translate machine/assembly instruction to addresses to keypresses, for different models, one program could be ported to multiple calculator models? I don't really know.. err...

 

Well anyway, I don't know how much time I have on my hands to dig into this, and I don't know how many other people would be willing to. Getting snake running on a non-programmable calculator will win you a lot of internet points, so there's that lol

 

But in all seriousness, provided we did get ROP working (so hijacking the call stack) but also to make a meaningful program, that would be cool. Though easier said than done of course, and I don't know much about ROP... We'll see I guess.

 

I recall that user and SoraXorpTaker did get ROP working (it was a basic one-line string that moved one character every ~1 second on an emulator).

 

Well anyway, it'll be interesting to see if anyone will go for this :D I'll keep watching the forums then I guess







Also tagged with one or more of these keywords: hacking, fx-82AU PLUS II, hack

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users