FreeCalypso > hg > freecalypso-reveng
annotate moko11 @ 184:069b79b36228
tiobjd: chararray extraction command implemented
author | Michael Spacefalcon <msokolov@ivan.Harhan.ORG> |
---|---|
date | Mon, 04 Aug 2014 21:17:06 +0000 |
parents | 277fd7b971f0 |
children |
rev | line source |
---|---|
57
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
1 The Init_Target() function in the TCS211 code from Sotovik (which sits in a |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
2 binary lib with no source!) programs nCS0 and nCS1 memory timings with WS=3. |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
3 We would like to determine whether or not the moko11 firmware does the same |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
4 thing. We have no linker map file for moko11, so we have to dig around in the |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
5 binary and try to match the code against known objects. |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
6 |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
7 In the Sotomodem version of Init_Target(), at offset 0x60 from the beginning of |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
8 the function there is a BL instruction calling $CLKM_InitARMClock, and this call |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
9 is immediately followed by the code that sets up the memory timings. |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
10 |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
11 Let's see what we can find in the moko11 binary image: |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
12 |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
13 0012D4: RESET vector jumps here |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
14 010000: the code here appears to fully match the .inttext section of |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
15 TI's int.obj |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
16 010058: appears to be the _INT_Initialize entry point |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
17 (seems to be the same for all TI firmwares of that era) |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
18 010268: b 0x1e8364, should be a jump to the _INC_Initialize veneer |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
19 1D1E48: first function called from Application_Initialize, should be |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
20 Init_Target() |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
21 Matches the Sotomodem version of Init_Target() indeed, |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
22 including the memory timing setup! |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
23 1E72B0: Expected start of $INC_Initialize, appears to match |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
24 1E72F4: bl 0x1e81fc, should be calling Application_Initialize() |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
25 1E81FC: Expected start of Application_Initialize(), contains 6 calls indeed |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
26 1E8364: looks like an ARM->Thumb call veneer indeed |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
27 1E8370: Thumb code begins, does bl 0x1e72b0 |
277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
28 1E8378: back to ARM, veneer return |