annotate moko11 @ 234:5b530eea8f4e

pirelli/fw-disasm: IRAM code loading located
author Mychaela Falconia <falcon@freecalypso.org>
date Fri, 22 Dec 2017 02:10:56 +0000
parents 277fd7b971f0
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
57
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
1 The Init_Target() function in the TCS211 code from Sotovik (which sits in a
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
2 binary lib with no source!) programs nCS0 and nCS1 memory timings with WS=3.
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
3 We would like to determine whether or not the moko11 firmware does the same
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
4 thing. We have no linker map file for moko11, so we have to dig around in the
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
5 binary and try to match the code against known objects.
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
6
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
7 In the Sotomodem version of Init_Target(), at offset 0x60 from the beginning of
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
8 the function there is a BL instruction calling $CLKM_InitARMClock, and this call
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
9 is immediately followed by the code that sets up the memory timings.
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
10
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
11 Let's see what we can find in the moko11 binary image:
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
12
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
13 0012D4: RESET vector jumps here
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
14 010000: the code here appears to fully match the .inttext section of
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
15 TI's int.obj
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
16 010058: appears to be the _INT_Initialize entry point
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
17 (seems to be the same for all TI firmwares of that era)
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
18 010268: b 0x1e8364, should be a jump to the _INC_Initialize veneer
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
19 1D1E48: first function called from Application_Initialize, should be
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
20 Init_Target()
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
21 Matches the Sotomodem version of Init_Target() indeed,
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
22 including the memory timing setup!
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
23 1E72B0: Expected start of $INC_Initialize, appears to match
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
24 1E72F4: bl 0x1e81fc, should be calling Application_Initialize()
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
25 1E81FC: Expected start of Application_Initialize(), contains 6 calls indeed
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
26 1E8364: looks like an ARM->Thumb call veneer indeed
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
27 1E8370: Thumb code begins, does bl 0x1e72b0
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
28 1E8378: back to ARM, veneer return