1rabbitsign(1) General Commands Manual rabbitsign(1)
2
6 rabbitsign - sign applications for TI graphing calculators
7
9 rabbitsign [ options ] [ -o appfile ] [ -k keyfile ] hexfile ...
10 rabbitsign [ options ] [ -k keyfile ] -c hexfile ...
12
15 rabbitsign is an implementation of Texas Instruments' Rabin and RSA
16 signing algorithms, as used on the TI-73, TI-83 Plus, TI-84 Plus,
17 TI-89, and TI-92 Plus graphing calculators. These algorithms are used
18 to sign Flash applications and operating systems so that the calculator
19 can recognize them as valid.
20 rabbitsign, like Texas Instruments' official signing programs, needs a
22 private key (a pair of large prime numbers) to sign apps. In order for
23 the app to be accepted, the corresponding public key (their product)
24 must be present on the calculator. As of this writing, the ``share‐
25 ware'' private key number 0104, used for signing applications for the
26 TI-83 Plus and TI-84 Plus, is available through TI's SDK. Unfortu‐
27 nately, the OS signing keys, as well as the app signing keys for the
28 TI-73, TI-89, and TI-92 Plus, have not been released, which means that
29 only TI can sign apps and OSes for those calculators.
30 OPTIONS
33 -a Attempt to match the output of Peter-Martijn Kuipers' appsign
34 program, for testing purposes. The resulting output file will
35 have Unix-style line termination, and hence will not be compati‐
36 ble with all programs. This option is not recommended for ordi‐
37 nary use.
38 -b Assume input files are raw binary files. If this option is not
40 given, the file type is detected automatically.
41 -c Do not sign apps; instead, check that the signatures of the
43 specified apps are valid. Exit status is 0 if all apps are
44 valid, 1 if one or more apps fail, or 2 if there is a non-mathe‐
45 matical error.
46 -f Ignore non-fatal errors, and force the application to be signed
48 if possible. (All of these messages are there for a reason,
49 though, and chances are that if your app generates any of them,
50 it will also either fail validation or crash the calculator.
51 You have been warned.)
52 -g Write the output file in GraphLink ``TIFL'' format. (By default
54 and for historical reasons, apps and OSes for the TI-73 and
55 TI-83 Plus are written in plain TI Hex format instead; you can
56 use packxxk(1) to convert these files into TIFL format.) Apps
57 and OSes for the TI-89 and TI-92 Plus are always written in TIFL
58 format. See APPLICATION FILE FORMATS below for more informa‐
59 tion.
60 -k keyfile
62 Read signing and/or validation keys from the given file. This
63 file must be in one of the formats used by TI's SDK tools. (See
64 KEY FILE FORMATS below.) By default, rabbitsign searches for
65 the key named in the app header (for example, 0104.key for
66 ``shareware'' TI-83 Plus apps.)
67 -K id Search for the key with the given id (a small hexadecimal num‐
69 ber) rather than the ID specified in the app header.
70 -n Attempt to sign the program as-is, without modifying the header.
72 (This option may not produce a file that the calculator will ac‐
73 tually accept; it is intended for testing and special-purpose
74 signatures, not for ordinary app signing.)
75 -o outfile
77 Specify the output file. By default, output files are named by
78 taking the name of the input file, removing any suffix, and
79 adding a `.app' or `.8xk' suffix depending on whether -g is
80 specified. (If the input file already has a `.app' or `.8xk'
81 suffix, `-signed' is inserted, so `myapp.8xk' becomes `myapp-
82 signed.8xk'.)
83 If `-' is specified as an input file, that indicates the stan‐
85 dard input, and the signed result is written by default to the
86 standard output.
87 -p Fix the app pages header. This is not done by default because
89 an incorrect pages header is generally a sign of a much more se‐
90 rious problem.
91 -P If the application ends close to a page boundary, add an addi‐
93 tional page to hold the signature. (Application signatures on
94 the TI-73 and TI-83 Plus are not allowed to span a page bound‐
95 ary.) Keep in mind that this is extremely wasteful, as it con‐
96 sumes 16384 bytes of Flash to hold approximately 69 bytes of
97 data; if your application is in this situation, you should con‐
98 sider trying to reduce its size slightly, or alternatively,
99 adding more data to take advantage of the extra Flash page.
100 -q Do not print non-fatal warning messages.
102 -r Re-sign a previously signed app (i.e., discard the previous sig‐
104 nature before signing.)
105 -R n For signing TI-73 and TI-83 Plus applications, use root number n
107 (0 ≤ n ≤ 3) rather than the default, root number 0. All four
108 roots are valid, though distinct, signatures, so this option is
109 mainly for debugging.
110 Root 0 is computed so as to be congruent to m^[(p+1)/4] modulo p
112 and m^[(q+1)/4] modulo q. Root 1 is the negation of root 0 mod‐
113 ulo p, root 2 the negation modulo q, and root 3 the negation
114 both modulo p and modulo q.
115 This option has no effect when signing OSes or TI-89/92 Plus ap‐
117 plications, which use the RSA algorithm rather than Rabin.
118 -t type
120 Explicitly specify the type of program (e.g., `8xk' for a TI-83
121 Plus application, or `73u' for a TI-73 operating system.) The
122 default behavior is to infer the program type from the name of
123 the input file. (If the input file does not have a recognized
124 suffix, the type is guessed based on the contents of the program
125 header.)
126 -u Disable automatic page detection, and assume input files are un‐
128 sorted. This means that page boundaries must be defined explic‐
129 itly. (See APPLICATION FILE FORMATS below.) This option has no
130 effect in binary (-b) mode.
131 -v Be verbose; print out the names of apps and their signatures as
133 they are signed. Use -vv for more detailed information about
134 the computation.
135 --help Print out a summary of options.
137 --version
139 Print out version information.
140
143 Intel Hex
144 Intel hex is a standard ASCII file format used by many PROM program‐
145 mers, and a common assembler output format. Each line (or ``record'')
146 consists of the following:
147 :NNAAAATTDDDDDD...CC
149 : The first character of the line is a colon; this is just used to
151 identify the format.
152 NN The next two characters are the number of data bytes on this
154 line, written in uppercase ASCII hexadecimal.
155 AAAA The next four digits are the address of the data on this line.
157 rabbitsign only looks at the low 14 bits of this value.
158 TT These two digits identify the ``type'' of the record. Intel hex
160 defines several record types for various addressing models; the
161 only types which are meaningful for TI calculators are types 00
162 (ordinary data) and 01 (end of file.)
163 DD... 2*NN hex digits follow, the actual data.
165 CC Finally, the inverted checksum is added, so that adding up all
167 the bytes on the line gives a total of zero modulo 256. (As an
168 extension, rabbitsign permits you to use two uppercase `X's in
169 place of a checksum.)
170 Since the address is only 16 bits, this format cannot unambiguously
172 represent applications larger than 64 kilobytes. To enable multi-page
173 applications to be created, rabbitsign attempts to detect page bound‐
174 aries automatically, starting a new page for each field with a zero ad‐
175 dress. Thus to create a multi-page app, you can simply concatenate
176 several Intel Hex files, e.g.
177 cat page0.hex page1.hex | rabbitsign - -o complete.app
179 This will only work if the records are correctly sorted within each
181 page. (If the assembler does not generate records in order, you can
182 sort the fields yourself using a command such as `sort -k1.8,1.9
183 -k1.4,1.7'.)
184 To turn off this automatic page detection, use the -u option. In this
186 case, you must define page boundaries explicitly using the TI Hex for‐
187 mat.
188 TI Hex
191 ``TI'' hex is an extension to Intel hex which provides unambiguous rep‐
192 resentation of multi-page apps. It adds records of the form
193 :0200000200NNCC
195 which indicate that subsequent data is placed on relative page number
197 NN. (Keep in mind that the TI-83 and 84 Plus install applications
198 ``backwards,'' so if relative page 0 is stored on absolute page 69,
199 relative page 1 will be stored on absolute page 68, and so forth.)
200 Some assemblers can generate multi-page data using type 4 records in‐
202 stead of type 2; rabbitsign treats these as equivalent to type 2.
203 For compatibility with other software which makes certain assumptions
205 about the format, rabbitsign will write 32 bytes per line, and will end
206 lines with a DOS-style carriage return and line feed.
207 GraphLink TIFL
210 The standard (newer) GraphLink format consists of a 78-byte binary
211 header which is added to the start of a hex or binary file. The con‐
212 tents of this header are as follows:
213 0x00-07
216 The string `**TIFL**'.
217 0x08 The major version number (``App ID'') of the application.
219 0x09 The minor version number (``App Build'') of the application.
221 0x0A Flags; apparently intended to indicate whether the contents of
223 the file are binary (0) or TI Hex (1). This value is not, how‐
224 ever, set consistently by other software.
225 0x0B ``Object Type'' field; apparently indicates something about the
227 type of data. Set to 0x88 in most TI-73 and TI-83 Plus files;
228 set to 0 in TI-89 and TI-92 Plus files.
229 0x0C-0F
231 Binary-coded decimal month (one byte), day (one byte), and year
232 (two bytes, big endian) when the app was signed.
233 0x10 Length of the app's name.
235 0x11-18
237 Name of the app.
238 0x19-2F
240 Reserved, always set to zero.
241 0x30 Calculator type (0x73 = TI-83 Plus, 0x74 = TI-73, 0x88 = TI-92
243 Plus, 0x98 = TI-89.)
244 0x31 Type of data (0x23 = OS upgrade, 0x24 = application, 0x25 = cer‐
246 tificate.)
247 0x32-49
249 Reserved, always set to zero.
250 0x4A-4D
252 Little endian length of the following data (the length of the
253 hex file, not the on-calculator size of the application.)
254 There also exist multi-part TIFL files, which simply consist of two or
256 more TIFL files concatentated together. (For instance, a software li‐
257 cense agreement or a certificate file can be attached to an applica‐
258 tion.) rabbitsign handles these files in a limited way: it will read
259 only the first section with a recognized data type, ignoring any other
260 data in the file. rabbitsign cannot create multi-part TIFL files, but
261 they can be created using packxxk(1) (or simply using cat(1).)
262 Binary
265 rabbitsign can also read binary app files; they are assumed to be con‐
266 tiguous, so when signing a multi-page app, each page except the last
267 must be filled to a full 16k.
268
271 Key files contain the data needed for signing and validating applica‐
272 tions. (The portion of the key file used for validating is known as
273 the ``public'' key; the portion used for signing is the ``private''
274 key. Only the public key is stored on the calculator itself.) Offi‐
275 cial key files from TI come in two varieties, known as ``Rabin'' and
276 ``RSA'' formats. Note that rabbitsign currently supports using Rabin-
277 type key files to generate RSA signatures, but not the other way
278 around.
279 Rabin key format
282 The Rabin key file format is typically used for TI-73 and TI-83 Plus
283 application signing keys. It consists of three lines, each containing
284 a big integer. The first line is the public key, n; the second and
285 third are its two factors, p and q.
286 Each line begins with two hexadecimal digits, giving the length of the
288 number in bytes, followed by the bytes themselves, written in hexadeci‐
289 mal in little-endian order.
290 RSA key format
293 The RSA key file format is typically used for TI-89 and TI-92 Plus ap‐
294 plication signing keys. It consists of three lines: the key ID, the
295 public key n, and the signing exponent d. (d is the inverse of the
296 validation exponent, 17, modulo ϕ(n), and thus calculating d is compu‐
297 tationally equivalent to factoring n.)
298 The key ID is a short hexadecimal number, which should match the con‐
300 tents of the 811x header field. The numbers n and d are written as big
301 integers, as in the Rabin key format.
302
305 /usr/local/share/rabbitsign/*.key
306 Private key files which will be used if the requested key is not
307 found in the current directory.
308
311 Who needs them?
312 rabbitsign accepts keys, applications, and even file names which cause
314 TI's programs to crash or generate invalid signatures.
315 Some apps which come very close to filling the last page may not be us‐
317 able with TI-Connect. This is a bug in TI-Connect. Try TiLP.
318 rabbitsign does not always generate the same signature as do TI's pro‐
320 grams. This is not a bug; it is simply due to the differences in im‐
321 plementation. There are in fact four valid signatures for every appli‐
322 cation hash; all four are accepted by the calculator.
323 If you encounter a valid app which rabbitsign is unable to sign, or
325 worse, generates an invalid signature, this is a serious bug, and I
326 would like to know about it.
327
330 packxxk(1), rskeygen(1)
331
334 Benjamin Moody <floppusmaximus@users.sf.net>
335RabbitSign 2.0 July 2009 rabbitsign(1)