In response to TI's addition of anti downgrade protection to their recently updated bootcodes, Brandon Wilson has created Flashy, a program which can directly modify the boot code of a ti-83+SE, 84+, 84+SE, or the brand new ti-84 pocket. With the new ability to modify the boot code of these models, it is now possible to remove every last trace of Texas Instruments code from these calculators and replace it with custom made code. However, doing so is EXTREMELY dangerous, as any errors that may occur will result in the device being insta-bricked. TI-Bank states that Flashy allows bootcodes to:
-be upgraded
-be downgraded
-be custom modified
-be swapped between models (essentially allowing one model to 'become' another, although differences in hardware will still be an issue)

This program (which can be found here) has several features included to help avoid anything awful happening to your calculator, but you should still be absolutely certain that you know what you're doing before attempting to use it.

To add some more information:

The main uses for this are:
   1. Testing code very early in the boot process. We can learn a lot more about the hardware now that we can get control very early in the boot process (the very first instruction executed!), and we've learned quite a bit in the past week or so.
   2. Downgrading boot code 1.03 calculators, such as the TI-84 Pocket.fr (and now the 84+ and 84+SE, which have started showing up with 1.03). I have upgraded my calculators to 1.03 and downgraded them back to 1.00/1.02 without incident. This means the anti-downrgade protection and added 2048-bit RSA key is useless (epic fail).
   3. Customizing the boot sectors. We can now add Calcsys-like functionality to normally read-only boot sectors and gain new emergency recovery abilities you wish you had in the past. Corrupted OS and you really need to get your programs off? Now you can (as soon as we write such a utility to flash to it). We can also change functionality we assume will always be there -- we can change (and I have changed) the ON+DEL keyboard shortcut to something secret or more complex (to prevent strangers from getting into your calculator), or whatever you want...sky's the limit.

Also, if the process to create the image AppVar looks a little scary/confusing to you, you can use the pre-built AppVars made from boot code dumps available elsewhere (for the 83+SE, 84+, and 84+SE, from versions 1.00 to 1.03). I'd link you to them, but it's not exactly legal to host them. I'm sure if you look around in the "usual places", you can find them.

This program tries to be as safe as possible. The boot image AppVars it uses have up to two MD5 hashes embedded with them, one for each page. Both of these hashes are checked twice, battery levels are checked twice, the images themselves are checked for code patterns that must be present for the model being flashed to, the boot page jump table is checked for valid page and address ranges, and warnings are thrown up if anything looks amiss.

It even installs a temporary cursor hook to steal back control in the unlikely event that the boot page is erased (filled with 0xFF bytes (which are interpreted as "rst 38h" instructions)), where it will attempt to complete the write.

I personally tested it on my real 83+SE, 84+, and 84+SE calculators, and several other people have used it multiple times without incident. I have yet to brick a calculator using this program, even after making some pretty scary patches.

So it's worth a shot, if you're brave enough.

Awesome stuff guys! Thank you for every thing you do.

Calcdude, I figured out that you only have to execute code in a bank controlled by port (06).

Also, I figured out what was wrong with the LCD, I had a few "ld ($10), a" where I should have had "out ($10), a"

Quote from: thepenguin77 on July 02, 2011, 01:00:57 pm

Calcdude, I figured out that you only have to execute code in a bank controlled by port (06).

Ah, okay. Do we still not know why just executing TI's code from bank 1 directly doesn't work?

I did something else wrong, it works now. (I almost feel like I didn't press ON.)

This is awesome. I almost want to upgrade my calc to 1.03, just so I can downgrade again.

Just curious, are there any major applications for this, other than just being able to be 100% open-source?

Well, OS validation is good to a point, it ensures that nothing to wipe the bootpages randomly gets written to a privlidged page on corruption.

It's because the 83+ doesn't have the port that's been used to bypass the protection on the boot code.
We don't know whether or not modification of its boot code is possible yet, I think.