annotate pirelli/firmware @ 305:da3e752cbed5

dsample-fw-disasm: tpudrv10 init code analysed
author Mychaela Falconia <falcon@freecalypso.org>
date Sun, 06 Oct 2019 01:56:38 +0000
parents 277fd7b971f0
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
57
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
1 Following on the success of our match of moko11 disassembly against some known
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
2 objects (see ../moko11), let's try doing the same thing with Pirelli's fw.
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
3
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
4 Let's see if the code in Pirelli's fw at 0x40000 matches .inttext from TI's
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
5 int.obj: so far, so good! Let's see how far we can get:
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
6
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
7 040000: beginning of match with .inttext in TI's int.obj
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
8 040268: b 0x3f6b40, should be a jump to the _INC_Initialize veneer
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
9 3BB7D4: first function called from Application_Initialize()
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
10 the logic of Init_Target() is recognizable, but it's a modified
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
11 version, not the same object blob as we have
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
12 the setup of memory timings matches that done by OsmocomBB!
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
13 3F11F8: this should be Application_Initialize()
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
14 differences begin: instead of 6 function calls, there are 12,
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
15 with one of them conditionalized on the return value of the previous
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
16 3F3E74: expecting to see $INC_Initialize here - yes!
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
17 3F6B40: looks like an ARM->Thumb call veneer indeed
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
18 3F6B4C: Thumb code begins, does bl 0x3f3e74
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
19 3F6B54: back to ARM, veneer return
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
20
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
21 data objects:
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
22
277fd7b971f0 some success in finding familiar TI code in moko11 and Pirelli fw binary images
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
23 01775048: INC_Initialize state variable