Casio fx-ES PLUS Reverse Engineering Project

We aim to achieve arbitrary code execution on calculators such as Casio fx-991 ES PLUS.

SopaXorzTaker

Following Follow project

Liked Like project

Become a Hackaday.io member

Just one more thing

To make the experience fit your profile, pick a username and tell us what interests you.

OK, I'm done! Skip

Similar projects worth following

1.4k views

0 comments

17 followers

9 likes

View Gallery

Description

There's a line of Casio calculators which has a dot-matrix LCD display and a 8-bit CPU of an obscure architecture called nX-U8/100.

Eventually, a way to make the Harvard-architecture CPU jump to arbitrary locations was discovered, and this combined with a manually dumped ROM image allows to execute arbitrary code using ROP.

The method of achieving a buffer overflow was originally discovered by a small group of calculator hackers on Baidu and that discovery makes the above possible.

Our research on casiocalc.org has yielded the necessary documentation on the rare CPU and its architecture, and we plan on writing a custom loader to make this exploit more convenient to use. We have also developed an open-source emulator for the calculator to aid research.