Software Developer and Application Security Consultant
The Race to Secure Texas Instruments Graphing Calculators
Over the years, Texas Instruments graphing calculators have evolved from simple programmable devices with fixed ROMs to complex, USB- and wificapable Flash upgradeable computers. Because of their widespread adoption for use in classrooms, Texas Instruments is forced to implement security measures that prevent tampering of the calculator's operating system, storage and usage of notes during tests, temporarily crippling or disabling built-in features, and even outright code execution.
For well over a decade, I have implemented and released exploits that enable writing to Flash memory, allow unsigned code execution, bypass teacher restrictions (which can be enabled by anyone, not just teachers), and open up the hardware to its full potential, even going so far as using it to jailbreak a PS3 or boot a desktop PC via USB flash drive simulation.
In this talk, I will provide a technical overview of the history of achieving and maintaining unsigned code execution on the various graphing calculator models Texas Instruments has released over many years, as well as a personal recollection on how the first Flash unlock exploits were created and evolved to keep up with TI's fixes, how the 512-bit RSA OS signing keys were factored and the legal fallout, and the current challenge to find and utilize new vulnerabilities for the latest models.
Brandon Wilson is a U.S. software developer and application security consultant with over ten years of professional experience, and hacker of random things like game consoles and TI graphing calculators. An avid tinkerer of anything USBrelated, he has spoken at DerbyCon and numerous local conferences on this and other subjects, and appeared in the Wall Street Journal and several other publications. He also collects DMCA takedown notices for fun.