Ok, I have compiled a list of what TI checks for after unlocking flash:

• Makes sure bits 14 and 15 of sp are set
  
• Makes sure a privileged page is in Memory Bank A
  
• Makes sure RAM page 1 is in Memory Bank B
  
• Makes sure it can write to $8000 and $C000

If any of these are false, it resets RAM.

I had an idea that ALMOST works:
Sometimes after unlocking flash it calls something in the $4000-$7FFF range.
So if I went into memory map mode 1, the privileged page would be mapped to $8000-$BFFF.
Then if I used that port that maps a multiple of 64 bytes of RAM page 1 starting at $8000, it would be able to write to $C000 AND $8000.
But when it does that call, it land right on RAM page 0, which TI just happened to decide can't run code.
So back to square one...

They didn't just "randomly decide" it; it's clearly to prevent exactly the kind of thing you're talking about.

but i know a way that you can acess execute code on ram page 0, and disables the hardware macrodie uses that way althought i decided not to unlock flash... and i guarantee you its not impossible to ilude hardware that you are on page zero....

Do you think you can pm me the routine to allow code on ram page 0? The reason to pm is I'm not sure if you want to make your routine public...

And Kerm, they did the RAM page 0 thing so ppl couldn't make RAM versions of their apps I think.

Eh, I've heard that theory before, but I don't really buy it. They already have enough limitations that that wouldn't really be terribly useful for them, imo.

What I'm wondering is how on earth Rayden can "unlock" execution on RAM page 0...

And I think I read that you can't execute on ANY even-numbered RAM page, but I'm not sure if that's true...

Edit: This web page is an interesting explanation of memory pages...

I got even closer to unlocking flash, but it isn't working!!!! *pulls hair out*
Look at ti's code here:

Code:

I can use Port 28 to map $8000-$B47F to always be RAM page 1, and stick a ret at $B47F, and stick $7D in port 6, and go into mem map mode 1, and call $B491, so when it jr's, it'll come back into my control. But it clears my RAM every time I try it!

http://www.revsoft.org/phpBB2/viewtopic.php?t=606

Yes, I know about that. But there are other useful things that can be done with simply unlocking the flash (setting execution limits, etc.) And they don't seem to be giving out any actual numbers, so I can't use the bcall.

the numbers are there in the topic if yoou look for them, brandonw is trying to be discreet with this to prevent mass mayhem from n00bles.

i will telll you the way not the code simple you can redirect your program to page zero but remenber that the code is already there so how make the calculator think that you have are on page zero... first make the stack fool then jump to page zero an ret should be ok but before swap to the protect flash page then jump to the ret on page zero then the ret that is on page zero will jump to the routine that will unlock the flash that code belong to our beloved ti-os and you can change it but the flash is unlocked... i have tryed it and it have worked for me althought i do not like to work with the flash unlocked...

What? You can't execute code on RAM page 0.
The code to unlock Flash has been on the Detached Solutions forum for a very, very long time...have you tried using or adapting that method?

He very often makes stuff up, like about GPUs.

no i like to use y own ways not buggy ones like the one that is on detached solution that have 2 mistakes not 1 but 2...

I think BrandonW might know a hair more about ASM than you. BTW, what are the errors?

He also likes to just talk and never provide proof (code, benchmarks, other sources, etc...)

Seconded. I was trying to imply the lack of prrof when I said "makes stuff up".

yeah, I have noticed that about him. I will trust kllrnohj as when I talked to him on things, he knows a lot, and work when I put them into practice.

What do you want to write to Flash for, anyway? If you want to corrupt the archive, I doubt many users would like it, and it's awful easy to screw up something like creating an app.
Unless you're trying to allow OS loading that doesn't go through the boot code..

@Rayden: Post code or else.
@Anyone else: Can I have the link to the unlock flash routine? I can't find it.