FreeCalypso > hg > freecalypso-reveng
comparison pirelli/firmware @ 57:277fd7b971f0
some success in finding familiar TI code in moko11 and Pirelli fw binary images
| author | Michael Spacefalcon <msokolov@ivan.Harhan.ORG> |
|---|---|
| date | Tue, 12 Nov 2013 04:28:47 +0000 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 56:fdfb57a1c5fe | 57:277fd7b971f0 |
|---|---|
| 1 Following on the success of our match of moko11 disassembly against some known | |
| 2 objects (see ../moko11), let's try doing the same thing with Pirelli's fw. | |
| 3 | |
| 4 Let's see if the code in Pirelli's fw at 0x40000 matches .inttext from TI's | |
| 5 int.obj: so far, so good! Let's see how far we can get: | |
| 6 | |
| 7 040000: beginning of match with .inttext in TI's int.obj | |
| 8 040268: b 0x3f6b40, should be a jump to the _INC_Initialize veneer | |
| 9 3BB7D4: first function called from Application_Initialize() | |
| 10 the logic of Init_Target() is recognizable, but it's a modified | |
| 11 version, not the same object blob as we have | |
| 12 the setup of memory timings matches that done by OsmocomBB! | |
| 13 3F11F8: this should be Application_Initialize() | |
| 14 differences begin: instead of 6 function calls, there are 12, | |
| 15 with one of them conditionalized on the return value of the previous | |
| 16 3F3E74: expecting to see $INC_Initialize here - yes! | |
| 17 3F6B40: looks like an ARM->Thumb call veneer indeed | |
| 18 3F6B4C: Thumb code begins, does bl 0x3f3e74 | |
| 19 3F6B54: back to ARM, veneer return | |
| 20 | |
| 21 data objects: | |
| 22 | |
| 23 01775048: INC_Initialize state variable |