CE jailbreak allows ASM programs to work again!

Posted by Xavier on 6 September 2020, 20:58 GMT

We're happy to relay a very interesting, yet unsurprising, piece of news: the ability for the TI-83 Premium CE, TI-84 Plus CE(-T) and Python editions thereof, to run ASM programs, officially removed by TI a few weeks/months ago depending on the model, as reported in the previous news item, has been unofficially added back thanks to a jailbreak, called "arTIfiCE". From what we can see in the install tutorial, arTIfiCE seems to exploit a bug in the "Cabri Jr" geometry app in order to launch a shell.

This move was so obvious and predictable that it was really a matter of when, not if. After all, the TI-eZ80 series was not designed with security in mind, and in fact no TI graphing calculator model released to date is (even though TI seems to have learned a few tricks in the newer, high-end TI-Nspire CX II series, its security roadblocks appear to have been defeated relatively early on)

What are the next steps? Logically, just like on the TI-Nspire series, TI would release new software versions fixing the vulnerabilities used in the current iteration of the jailbreak, then more vulnerabilities will be exploited to restore access to native code again. Rinse and repeat, for a while, it's the usual cat & mouse "game".

Thinking out loud, we might see a series of 0-days showcasing exam mode insecurity being released over the several few days/weeks before the major exams of the northern hemisphere - something the TI enthusiasts community always refrained from doing. Such a timeframe would make it possible for some users to use programs interfering with exam mode (and needless to say, face the significant consequences if they get caught! - just to be clear, we are not condoning cheating). And this, most importantly, before the fixes for the vulnerabilities get a chance to be made and widely distributed, as well as standardized testing regulation amended to forbid usage of the older, vulnerable versions and to mandate thorough checks of the current state of calculators right before the exam is taken.

If that situation were to happen, it would probably be better to give up on the current exam mode "security model" entirely and rather reflash the OS with an exam-tailored version right in the exam room - something that should have been done from the get go, notwithstanding the practical hurdles, if the fantasized exam security were actually taken seriously. Unfortunately, a path of lower resistance for the educational system would be to just forbid the usage of the affected calculator models, several days before the exams, creating more injustice and further reducing the real-world value of said exams!

Time will tell, but there's a chance that there will be a spectacular - and publicized - backfire for the very smart demands from standardized testing regulation authorities, who didn't get (or didn't understand) the memo that predictably, removing access to native code does not make exams safer - quite the contrary.

Top-level TI management should be somewhat aware of that, in fact some of us in the community, myself included, attempted to explain all that to them several years ago... but we know that regulators have the power to forbid pieces of equipment for whatever reason, and manufacturers need to bend to their demands, no matter how unfounded, ill-motivated and counterproductive...

Thankfully, I'm not in the shoes of the previously mentioned teacher whose video about a long-fixed issue in TI's OS allowing exam mode restrictions bypass on the TI-eZ80 series might well have contributed to the removal of official native code access on those calculators, then consequently the current jailbreak, and might therefore contribute to potential future attacks on the exam mode.

Triggering a worldwide restriction on users' rights to use the hardware they bought, and potentially forbidding hundreds of thousands of calculators and creating further stress for students taking exams, is not something I'd be proud of.

arTIfiCE's author doesn't seem to have uploaded it to our files archives yet(?), so for now, CE users stuck with a recent OS version can learn more on its official website. Go forth and use that great piece of work, which raises the usefulness of the Cabri app :)