TI-85 Virus 'RAGE!'

WHY

Well... I was just wondering if it's possible to code such a thing for a pocket calculator. So I tried and succeeded. I had some problems at the beginning with the allocation of variables and the VAT, but some nice people helped me (eg. the creator of ZShell and some guys from the TI-mailinglist) and I was able to code it in a few days. Of course I don't want to spread this virus everywhere, and I hope you don't, too! This documentation is for informational purpose only, and viruses aren't fun anyway! Last but not least: Thanks to Irene for the idea :)

HOW

This is not a "real" virus like the one you have on PC's, because it doesn't stay resident. It just infects other programs when you execute the infected program. A bit simplified, an infected program (ie. the virus) does the following things:

  • go through all variables (strings, programs, reals...)
  • check if variable is a string
  • check if string is a ZShell-program
  • check if it is already infected
  • infect the program
  • run the original program
  • The virus is inserted before the original program like this:

    Finding the ZShell-games isn't that difficult: You just have to go through the VAT (variable allocation table), which is locatet at the end of the TI's memory and check all string-variables. But infecting a program isn't as easy as it looks. The problem is: because you want to add the virus to the program, the program will be bigger afterwards and therefore need more memory. The only (good) way to do this is:

  • allocate a new variable with the size PROGRAM_LENGTH + VIRUS_LENGTH
  • copy the virus there
  • copy the original program there, after the virus
  • delete the old variable (original program)
  • As you can see this method has a little drawback: You need at least PROGRAM_LENGTH + VIRUS_LENGTH free memory to infect a program. It would be fine to check if there is enough memory available first, so you don't mess up the whole TI :)
    But.. there is still one little problem: The memory-management (which is inside the ROM and provides the memory-allocation and delete-functions) is dynamic. Variables are not always at the same place, and this leads to the following problem: When you delete the old program, it might happen that the whole memory after it is shifted back, and in this case it is possible (if the virus is after the program in memory) that the executing code (the virus) gets shifted, too, some unknown data is shifted over the currently executed program (the virus at IP), which messes up everything and produces a nice crash. Ouh.. sounds terrible, I know. Here's an example:

    So... how to get rid of this problem? We need a place we can execute the virus from without getting shifted around by the stupid TI-ROM. And this place is: The TI graph-mem! Yes, the memory where your y=x^2 stuff is stored. Drawback: When you enter the GRAPH-mode on your TI, you'll see that something messed up. But nevermind, some ZShell games are messing up the graph-mem, too, and nobody complains about it.
    The complete virus looks like this:

  • find uninfected program
  • copy WHOLE virus into graph-mem
  • jump to the graph-mem, into the copy of the virus
  • infect all uninfected programs
  • run original program (ONLY IF NO PROGRAM HAS BEEN INFECTED!)
  • There's another little problem here: My virus only runs the original program if no other program has been infected. This is because of the delete-messing-up (see above). Because the virus and the original program may have been shifted around in memory, we don't know where the original program is at the moment, and finding it via VAT would make the virus even more complex (and bigger!). The best thing we can do if something has been infected is to quit back to ZShell.
    This was a short summary of how the virus works. If you are interested in the details, eg. how to allocate or delete variables, have a look the sourcecode.

    PROBLEMS

    First problem: The virus is still quite unoptimized and too big (about 500 bytes). Which means that when your TI gets infected, you loose NUMBER_OF_PROGRAMS*500 bytes of memory, which is quite much.
    Another problem is turboslo: turboslo copies itself into the graph-mem and stays resident, and when the graph-mem gets overwritten by the virus it messes up and causes a crash. (Try drawing a function in GRAPH when turboslo is resident! It will crash terrible. And some uninfected games which use the graph-mem will crash, too, if turboslo is running).
    A little problem that has already been discussed above is that the original program is only run when nothing was infected. When you have an infected and some uninfected ZShell-programs on your TI and you run the infected one, nothing will happen and you are back in the ZShell-menu. When you press 'enter' a second time to run it, it will work. The order of programs in the ZShell program will also change a bit after the infection, because their order in the VAT has been changed.
    Summary: There are some visible effects to the user, so if he really knows his TI he might realize that something weird is going on and think about a virus... but, phew, a virus for TI-85, this must be a joke! :)

    DOWNLOAD

    Download the source (asm), readme and .85g here.
    Klick here to have a look at the sourcecode (Z80 asm) online.

    back to P. DooM's Homepage


    '98 by P. DooM