TI-85 Virus 'RAGE!'
Well... I was just wondering if it's possible to code such a thing for a
pocket calculator. So I tried and succeeded. I had some problems at the
beginning with the allocation of variables and the VAT, but some nice people
helped me (eg. the creator of ZShell and some guys from the TI-mailinglist)
and I was able to code it in a few days. Of course I don't want to spread this
virus everywhere, and I hope you don't, too! This documentation is for
informational purpose only, and viruses aren't fun anyway!
Last but not least: Thanks to Irene for the idea :)
This is not a "real" virus like the one you have on PC's, because it doesn't
stay resident. It just infects other programs when you execute the infected
program. A bit simplified, an infected program (ie. the virus) does the following
go through all variables (strings, programs, reals...)
check if variable is a string
check if string is a ZShell-program
check if it is already infected
infect the program
run the original program
The virus is inserted before the original program like this:
Finding the ZShell-games isn't that difficult: You just have to go through the
VAT (variable allocation table), which is locatet at the end of the TI's
memory and check all string-variables. But infecting a program isn't as
easy as it looks. The problem is: because you want to add the virus to the
program, the program will be bigger afterwards and therefore need more memory. The
only (good) way to do this is:
allocate a new variable with the size PROGRAM_LENGTH + VIRUS_LENGTH
copy the virus there
copy the original program there, after the virus
delete the old variable (original program)
As you can see this method has a little drawback: You need at least
PROGRAM_LENGTH + VIRUS_LENGTH free memory to infect a program. It would be
fine to check if there is enough memory available first, so you don't mess
up the whole TI :)
But.. there is still one little problem: The memory-management (which is
inside the ROM and provides the memory-allocation and delete-functions) is
dynamic. Variables are not always at the same place, and this leads to the
following problem: When you delete the old program, it might happen that
the whole memory after it is shifted back, and in this case it is possible
(if the virus is after the program in memory) that the executing code (the virus)
gets shifted, too, some unknown data is shifted over the currently executed
program (the virus at IP), which messes up everything and produces a nice crash.
Ouh.. sounds terrible, I know. Here's an example:
So... how to get rid of this problem? We need a place we can execute the virus
from without getting shifted around by the stupid TI-ROM. And this place is:
The TI graph-mem! Yes, the memory where your y=x^2 stuff is stored. Drawback:
When you enter the GRAPH-mode on your TI, you'll see that something messed up. But nevermind,
some ZShell games are messing up the graph-mem, too, and nobody complains about
The complete virus looks like this:
find uninfected program
copy WHOLE virus into graph-mem
jump to the graph-mem, into the copy of the virus
infect all uninfected programs
run original program (ONLY IF NO PROGRAM HAS BEEN INFECTED!)
There's another little problem here: My virus only runs the original program
if no other program has been infected. This is because of the delete-messing-up
(see above). Because the virus and the original program may have been shifted
around in memory, we don't know where the original program is at the moment,
and finding it via VAT would make the virus even more complex (and bigger!).
The best thing we can do if something has been infected is to quit back to ZShell.
This was a short summary of how the virus works. If you are interested in the
details, eg. how to allocate or delete variables, have a look the sourcecode.
First problem: The virus is still quite unoptimized and too big (about 500 bytes).
Which means that when your TI gets infected, you loose NUMBER_OF_PROGRAMS*500 bytes
of memory, which is quite much.
Another problem is turboslo: turboslo copies itself into the graph-mem and
stays resident, and when the graph-mem gets overwritten by the virus it
messes up and causes a crash. (Try drawing a function in GRAPH when turboslo
is resident! It will crash terrible. And some uninfected games which use the graph-mem will
crash, too, if turboslo is running).
A little problem that has already been discussed above is that the original
program is only run when nothing was infected. When you have an infected and
some uninfected ZShell-programs on your TI and you run the infected one,
nothing will happen and you are back in the ZShell-menu. When you press
'enter' a second time to run it, it will work. The order of programs in the
ZShell program will also change a bit after the infection, because their
order in the VAT has been changed.
Summary: There are some visible effects to the user, so if he really knows
his TI he might realize that something weird is going on and think about
a virus... but, phew, a virus for TI-85, this must be a joke! :)
Download the source (asm), readme and .85g here.
Klick here to have a look at the sourcecode (Z80 asm) online.
back to P. DooM's Homepage
'98 by P. DooM