freecalypso-reveng: pirelli/preboot.disasm comparison

comparison pirelli/preboot.disasm @ 68:6a136554378e

pirelli preboot re: figured out the triggering condition

author	Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date	Mon, 10 Feb 2014 02:33:17 +0000
parents	88cf9811f97c
children

comparison

equal deleted inserted replaced

-:88cf9811f97c
+:6a136554378e
 2f0:	000002a9
 2f4:	4700      	bx	r0
 2f6:	0000
+; Thumb call trampoline to 0x818f2c
+; offset 0x8AA8 from start of copy
+; should be at 0xAFB0 in flash
 2f8:	b082      	sub	sp, #8
 2fa:	9400      	str	r4, [sp, #0]
 2fc:	4c01      	ldr	r4, [pc, #4]	(0x304)
 2fe:	9401      	str	r4, [sp, #4]
 300:	bd10      	pop	{r4, pc}
 2500:	00000000
 2504:	ffffffff
 2508: 0xAA88 bytes copied to IRAM
+ad8c:	b5f0      	push	{r4, r5, r6, r7, lr}
+ad8e:	4643      	mov	r3, r8
+ad90:	464c      	mov	r4, r9
+ad92:	b418      	push	{r3, r4}
+ad94:	b08b      	sub	sp, #44
+ad96:	4690      	mov	r8, r2
+ad98:	1c0f      	mov	r7, r1		(add r7, r1, #0)
+ad9a:	4684      	mov	ip, r0
+ad9c:	1c3e      	mov	r6, r7		(add r6, r7, #0)
+ad9e:	1c31      	mov	r1, r6		(add r1, r6, #0)
+ada0:	aa09      	add	r2, sp, #36
+ada2:	2305      	mov	r3, #5
+ada4:	ffdcf7ff 	bl	0xad60
+ada8:	2800      	cmp	r0, #0
+adaa:	d079      	beq	0xaea0
+adac:	4660      	mov	r0, ip
+adae:	3005      	add	r0, #5
+adb0:	4684      	mov	ip, r0
+adb2:	3f05      	sub	r7, #5
+adb4:	2400      	mov	r4, #0
+adb6:	2500      	mov	r5, #0
+adb8:	4660      	mov	r0, ip
+adba:	1c39      	mov	r1, r7		(add r1, r7, #0)
+adbc:	221d      	mov	r2, #29
+adbe:	446a      	add	r2, sp
+adc0:	2301      	mov	r3, #1
+adc2:	ffcdf7ff 	bl	0xad60
+adc6:	2800      	cmp	r0, #0
+adc8:	d06a      	beq	0xaea0
+adca:	4660      	mov	r0, ip
+adcc:	3001      	add	r0, #1
+adce:	4684      	mov	ip, r0
+add0:	3f01      	sub	r7, #1
+add2:	4668      	mov	r0, sp
+add4:	7f40      	ldrb	r0, [r0, #29]
+add6:	00e9      	lsl	r1, r5, #3
+add8:	4088      	lsl	r0, r1
+adda:	1904      	add	r4, r0, r4
+addc:	3501      	add	r5, #1
+adde:	2d04      	cmp	r5, #4
+ade0:	dbea      	blt	0xadb8
+ade2:	2000      	mov	r0, #0
+ade4:	43c0      	mvn	r0, r0
+ade6:	4284      	cmp	r4, r0
+ade8:	d05a      	beq	0xaea0
+adea:	2504      	mov	r5, #4
+adec:	4660      	mov	r0, ip
+adee:	1c39      	mov	r1, r7		(add r1, r7, #0)
+adf0:	aa07      	add	r2, sp, #28
+adf2:	2301      	mov	r3, #1
+adf4:	ffb4f7ff 	bl	0xad60
+adf8:	2800      	cmp	r0, #0
+adfa:	d051      	beq	0xaea0
+adfc:	4668      	mov	r0, sp
+adfe:	7f00      	ldrb	r0, [r0, #28]
+ae00:	2800      	cmp	r0, #0
+ae02:	d14d      	bne	0xaea0
+ae04:	3f01      	sub	r7, #1
+ae06:	4660      	mov	r0, ip
+ae08:	3001      	add	r0, #1
+ae0a:	4684      	mov	ip, r0
+ae0c:	3d01      	sub	r5, #1
+ae0e:	2d00      	cmp	r5, #0
+ae10:	d1ec      	bne	0xadec
+ae12:	200d      	mov	r0, #13
+ae14:	1a30      	sub	r0, r6, r0
+ae16:	4681      	mov	r9, r0
+ae18:	4660      	mov	r0, ip
+ae1a:	2800      	cmp	r0, #0
+ae1c:	d040      	beq	0xaea0
+ae1e:	a809      	add	r0, sp, #36
+ae20:	7802      	ldrb	r2, [r0, #0]
+ae22:	a809      	add	r0, sp, #36
+ae24:	7800      	ldrb	r0, [r0, #0]
+ae26:	28e1      	cmp	r0, #225
+ae28:	da3a      	bge	0xaea0
+ae2a:	4973      	ldr	r1, [pc, #460]	(0xaff8)
+ae2c:	2500      	mov	r5, #0
+ae2e:	2000      	mov	r0, #0
+ae30:	2600      	mov	r6, #0
+ae32:	2a2e      	cmp	r2, #46
+ae34:	db06      	blt	0xae44
+ae36:	3a2d      	sub	r2, #45
+ae38:	0612      	lsl	r2, r2, #24
+ae3a:	0e12      	lsr	r2, r2, #24
+ae3c:	3601      	add	r6, #1
+ae3e:	3901      	sub	r1, #1
+ae40:	2900      	cmp	r1, #0
+ae42:	d1f6      	bne	0xae32
+ae44:	496c      	ldr	r1, [pc, #432]	(0xaff8)
+ae46:	2300      	mov	r3, #0
+ae48:	2a09      	cmp	r2, #9
+ae4a:	db06      	blt	0xae5a
+ae4c:	3a09      	sub	r2, #9
+ae4e:	0612      	lsl	r2, r2, #24
+ae50:	0e12      	lsr	r2, r2, #24
+ae52:	3301      	add	r3, #1
+ae54:	3901      	sub	r1, #1
+ae56:	2900      	cmp	r1, #0
+ae58:	d1f6      	bne	0xae48
+ae5a:	1899      	add	r1, r3, r2
+ae5c:	2703      	mov	r7, #3
+ae5e:	023f      	lsl	r7, r7, #8
+ae60:	408f      	lsl	r7, r1
+ae62:	4966      	ldr	r1, [pc, #408]	(0xaffc)
+ae64:	19c9      	add	r1, r1, r7
+ae66:	0049      	lsl	r1, r1, #1
+ae68:	277f      	mov	r7, #127
+ae6a:	043f      	lsl	r7, r7, #16
+ae6c:	42bc      	cmp	r4, r7
+ae6e:	d800      	bhi	0xae72
+ae70:	4d63      	ldr	r5, [pc, #396]	(0xb000)
+ae72:	2701      	mov	r7, #1
+ae74:	043f      	lsl	r7, r7, #16
+ae76:	42b9      	cmp	r1, r7
+ae78:	d801      	bhi	0xae7e
+ae7a:	2001      	mov	r0, #1
+ae7c:	0600      	lsl	r0, r0, #24
+ae7e:	2d00      	cmp	r5, #0
+ae80:	d00e      	beq	0xaea0
+ae82:	2800      	cmp	r0, #0
+ae84:	d00c      	beq	0xaea0
+ae86:	9600      	str	r6, [sp, #0]
+ae88:	4666      	mov	r6, ip
+ae8a:	9601      	str	r6, [sp, #4]
+ae8c:	464e      	mov	r6, r9
+ae8e:	9602      	str	r6, [sp, #8]
+ae90:	9503      	str	r5, [sp, #12]
+ae92:	9404      	str	r4, [sp, #16]
+ae94:	ac08      	add	r4, sp, #32
+ae96:	9405      	str	r4, [sp, #20]
+ae98:	ff1bf000 	bl	0xbcd2
+ae9c:	2800      	cmp	r0, #0
+ae9e:	d001      	beq	0xaea4
+aea0:	2000      	mov	r0, #0
+aea2:	e005      	b	0xaeb0
+aea4:	4640      	mov	r0, r8
+aea6:	6005      	str	r5, [r0, #0]
+aea8:	2028      	mov	r0, #40
+aeaa:	fbbbf7f7 	bl	0x2624
+aeae:	9808      	ldr	r0, [sp, #32]
+aeb0:	b00b      	add	sp, #44
+aeb2:	bc18      	pop	{r3, r4}
+aeb4:	4698      	mov	r8, r3
+aeb6:	46a1      	mov	r9, r4
+aeb8:	bdf0      	pop	{r4, r5, r6, r7, pc}
+aeba:	b530      	push	{r4, r5, lr}
+aebc:	b09e      	sub	sp, #120
+aebe:	2000      	mov	r0, #0
+aec0:	43c4      	mvn	r4, r0
+aec2:	2000      	mov	r0, #0
+aec4:	a901      	add	r1, sp, #4
+aec6:	2201      	mov	r2, #1
+aec8:	f8fbf000 	bl	0xb0c2
+aecc:	2800      	cmp	r0, #0
+aece:	d13c      	bne	0xaf4a
+aed0:	a801      	add	r0, sp, #4
+aed2:	a903      	add	r1, sp, #12
+aed4:	f93df000 	bl	0xb152
+aed8:	2800      	cmp	r0, #0
+aeda:	d132      	bne	0xaf42
+aedc:	9d03      	ldr	r5, [sp, #12]
+aede:	1c28      	mov	r0, r5		(add r0, r5, #0)
+aee0:	fd90f7ff 	bl	0xaa04
+aee4:	2800      	cmp	r0, #0
+aee6:	d02c      	beq	0xaf42
+aee8:	9803      	ldr	r0, [sp, #12]
+aeea:	fdf6f7ff 	bl	0xaada
+aeee:	2800      	cmp	r0, #0
+aef0:	d027      	beq	0xaf42
+aef2:	2038      	mov	r0, #56
+aef4:	1941      	add	r1, r0, r5
+aef6:	2230      	mov	r2, #48
+aef8:	a805      	add	r0, sp, #20
+aefa:	780b      	ldrb	r3, [r1, #0]
+aefc:	7003      	strb	r3, [r0, #0]
+aefe:	3101      	add	r1, #1
+af00:	3001      	add	r0, #1
+af02:	3a01      	sub	r2, #1
+af04:	2a00      	cmp	r2, #0
+af06:	d1f8      	bne	0xaefa
+af08:	2000      	mov	r0, #0
+af0a:	9000      	str	r0, [sp, #0]
+af0c:	9803      	ldr	r0, [sp, #12]
+af0e:	30ff      	add	r0, #255
+af10:	3079      	add	r0, #121
+af12:	9904      	ldr	r1, [sp, #16]
+af14:	39ff      	sub	r1, #255
+af16:	3979      	sub	r1, #121
+af18:	466a      	mov	r2, sp
+af1a:	ff37f7ff 	bl	0xad8c
+af1e:	1c03      	mov	r3, r0		(add r3, r0, #0)
+af20:	2b00      	cmp	r3, #0
+af22:	d00e      	beq	0xaf42
+af24:	20ff      	mov	r0, #255
+af26:	3071      	add	r0, #113
+af28:	5940      	ldr	r0, [r0, r5]
+af2a:	fd5df7ff 	bl	0xa9e8
+af2e:	1c02      	mov	r2, r0		(add r2, r0, #0)
+af30:	9800      	ldr	r0, [sp, #0]
+af32:	1c19      	mov	r1, r3		(add r1, r3, #0)
+af34:	fbcef000 	bl	0xb6d4
+af38:	2800      	cmp	r0, #0
+af3a:	d101      	bne	0xaf40
+af3c:	2400      	mov	r4, #0
+af3e:	e000      	b	0xaf42
+af40:	e000      	b	0xaf44
+af42:	a801      	add	r0, sp, #4
+af44:	2100      	mov	r1, #0
+af46:	f9d5f000 	bl	0xb2f4
+af4a:	2001      	mov	r0, #1
+af4c:	a901      	add	r1, sp, #4
+af4e:	2201      	mov	r2, #1
+af50:	f8b7f000 	bl	0xb0c2
+af54:	2800      	cmp	r0, #0
+af56:	d129      	bne	0xafac
+af58:	a801      	add	r0, sp, #4
+af5a:	a903      	add	r1, sp, #12
+af5c:	f8f9f000 	bl	0xb152
+af60:	2800      	cmp	r0, #0
+af62:	d123      	bne	0xafac
+af64:	9903      	ldr	r1, [sp, #12]
+af66:	aa11      	add	r2, sp, #68
+af68:	2000      	mov	r0, #0
+af6a:	780b      	ldrb	r3, [r1, #0]
+af6c:	5483      	strb	r3, [r0, r2]
+af6e:	3101      	add	r1, #1
+af70:	3001      	add	r0, #1
+af72:	2834      	cmp	r0, #52
+af74:	d3f9      	bcc	0xaf6a
+af76:	a801      	add	r0, sp, #4
+af78:	2100      	mov	r1, #0
+af7a:	f9bbf000 	bl	0xb2f4
+af7e:	2001      	mov	r0, #1
+af80:	a901      	add	r1, sp, #4
+af82:	2202      	mov	r2, #2
+af84:	f89df000 	bl	0xb0c2
+af88:	2800      	cmp	r0, #0
+af8a:	d10f      	bne	0xafac
+af8c:	2c00      	cmp	r4, #0
+af8e:	d101      	bne	0xaf94
+af90:	2003      	mov	r0, #3
+af92:	9011      	str	r0, [sp, #68]
+af94:	a801      	add	r0, sp, #4
+af96:	a911      	add	r1, sp, #68
+af98:	2234      	mov	r2, #52
+af9a:	f8fdf000 	bl	0xb198
+af9e:	a801      	add	r0, sp, #4
+afa0:	2100      	mov	r1, #0
+afa2:	f9a7f000 	bl	0xb2f4
+afa6:	2063      	mov	r0, #99
+afa8:	fb3cf7f7 	bl	0x2624
+afac:	b01e      	add	sp, #120
+afae:	bd30      	pop	{r4, r5, pc}
+; This is the first function in the copied code,
+; called from the boot entry code.
+afb0:	b510      	push	{r4, lr}
+afb2:	b084      	sub	sp, #16
+afb4:	2001      	mov	r0, #1
+afb6:	4669      	mov	r1, sp
+afb8:	2201      	mov	r2, #1
+afba:	f882f000 	bl	0xb0c2
+afbe:	2800      	cmp	r0, #0
+afc0:	d118      	bne	0xaff4
+afc2:	4668      	mov	r0, sp
+afc4:	a902      	add	r1, sp, #8
+afc6:	f8c4f000 	bl	0xb152
+afca:	1c04      	mov	r4, r0		(add r4, r0, #0)
+afcc:	4668      	mov	r0, sp
+afce:	2100      	mov	r1, #0
+afd0:	f990f000 	bl	0xb2f4
+afd4:	2c00      	cmp	r4, #0
+afd6:	d10d      	bne	0xaff4
+afd8:	9802      	ldr	r0, [sp, #8]
+afda:	6800      	ldr	r0, [r0, #0]
+afdc:	2802      	cmp	r0, #2
+afde:	d109      	bne	0xaff4
+afe0:	fb70f7f7 	bl	0x26c4
+afe4:	fa90f7f7 	bl	0x2508
+afe8:	fac3f7f7 	bl	0x2572
+afec:	ff65f7ff 	bl	0xaeba
+aff0:	f9acf7f8 	bl	0x334c
+aff4:	b004      	add	sp, #16
+aff6:	bd10      	pop	{r4, pc}
+; This function ensures that the flash at the given address
+; is not toggling.
+b004:	8802      	ldrh	r2, [r0, #0]
+b006:	8801      	ldrh	r1, [r0, #0]
+b008:	404a      	eor	r2, r1
+b00a:	09d1      	lsr	r1, r2, #7
+b00c:	d2fa      	bcs	0xb004
+b00e:	4770      	bx	lr
+b010:	b530      	push	{r4, r5, lr}
+b012:	1c0c      	mov	r4, r1		(add r4, r1, #0)
+b014:	1c05      	mov	r5, r0		(add r5, r0, #0)
+b016:	fa87f000 	bl	0xb528
+b01a:	0400      	lsl	r0, r0, #16
+b01c:	0c00      	lsr	r0, r0, #16
+b01e:	49e1      	ldr	r1, [pc, #900]	(0xb3a4)
+b020:	4288      	cmp	r0, r1
+b022:	d008      	beq	0xb036
+b024:	2121      	mov	r1, #33
+b026:	0209      	lsl	r1, r1, #8
+b028:	4288      	cmp	r0, r1
+b02a:	d126      	bne	0xb07a
+b02c:	49ea      	ldr	r1, [pc, #936]	(0xb3d8)
+b02e:	0b28      	lsr	r0, r5, #12
+b030:	0300      	lsl	r0, r0, #12
+b032:	1808      	add	r0, r1, r0
+b034:	e003      	b	0xb03e
+b036:	49e8      	ldr	r1, [pc, #928]	(0xb3d8)
+b038:	0c28      	lsr	r0, r5, #16
+b03a:	0400      	lsl	r0, r0, #16
+b03c:	1808      	add	r0, r1, r0
+b03e:	4ae7      	ldr	r2, [pc, #924]	(0xb3dc)
+b040:	21aa      	mov	r1, #170
+b042:	5211      	strh	r1, [r2, r0]
+b044:	2155      	mov	r1, #85
+b046:	8001      	strh	r1, [r0, #0]
+b048:	49e4      	ldr	r1, [pc, #912]	(0xb3dc)
+b04a:	22a0      	mov	r2, #160
+b04c:	520a      	strh	r2, [r1, r0]
+b04e:	802c      	strh	r4, [r5, #0]
+b050:	2080      	mov	r0, #128
+b052:	4020      	and	r0, r4
+b054:	8829      	ldrh	r1, [r5, #0]
+b056:	2280      	mov	r2, #128
+b058:	400a      	and	r2, r1
+b05a:	4282      	cmp	r2, r0
+b05c:	d00d      	beq	0xb07a
+b05e:	0989      	lsr	r1, r1, #6
+b060:	d3f8      	bcc	0xb054
+b062:	8829      	ldrh	r1, [r5, #0]
+b064:	2280      	mov	r2, #128
+b066:	400a      	and	r2, r1
+b068:	4282      	cmp	r2, r0
+b06a:	d006      	beq	0xb07a
+b06c:	2090      	mov	r0, #144
+b06e:	8028      	strh	r0, [r5, #0]
+b070:	2000      	mov	r0, #0
+b072:	8028      	strh	r0, [r5, #0]
+b074:	48da      	ldr	r0, [pc, #872]	(0xb3e0)
+b076:	2101      	mov	r1, #1
+b078:	7001      	strb	r1, [r0, #0]
+b07a:	bd30      	pop	{r4, r5, pc}
+b07c:	b530      	push	{r4, r5, lr}
+b07e:	b081      	sub	sp, #4
+b080:	0b01      	lsr	r1, r0, #12
+b082:	030b      	lsl	r3, r1, #12
+b084:	49d7      	ldr	r1, [pc, #860]	(0xb3e4)
+b086:	18c9      	add	r1, r1, r3
+b088:	22aa      	mov	r2, #170
+b08a:	800a      	strh	r2, [r1, #0]
+b08c:	4cd2      	ldr	r4, [pc, #840]	(0xb3d8)
+b08e:	18e4      	add	r4, r4, r3
+b090:	2355      	mov	r3, #85
+b092:	8023      	strh	r3, [r4, #0]
+b094:	2580      	mov	r5, #128
+b096:	800d      	strh	r5, [r1, #0]
+b098:	800a      	strh	r2, [r1, #0]
+b09a:	8023      	strh	r3, [r4, #0]
+b09c:	2130      	mov	r1, #48
+b09e:	8001      	strh	r1, [r0, #0]
+b0a0:	8801      	ldrh	r1, [r0, #0]
+b0a2:	0909      	lsr	r1, r1, #4
+b0a4:	d3fc      	bcc	0xb0a0
+b0a6:	4669      	mov	r1, sp
+b0a8:	8802      	ldrh	r2, [r0, #0]
+b0aa:	804a      	strh	r2, [r1, #2]
+b0ac:	466a      	mov	r2, sp
+b0ae:	8801      	ldrh	r1, [r0, #0]
+b0b0:	8011      	strh	r1, [r2, #0]
+b0b2:	4669      	mov	r1, sp
+b0b4:	8849      	ldrh	r1, [r1, #2]
+b0b6:	8812      	ldrh	r2, [r2, #0]
+b0b8:	4051      	eor	r1, r2
+b0ba:	09c9      	lsr	r1, r1, #7
+b0bc:	d2f3      	bcs	0xb0a6
+b0be:	b001      	add	sp, #4
+b0c0:	bd30      	pop	{r4, r5, pc}
+; arg1: magic region number
+; arg2: ptr to 8-byte buffer receiving copies of arg1 and arg3
+; arg3: mode, must be 1 or 2
+;
+; Mode 1: check the region (which must be in a state other than 2) for
+; a checksum-passing image, and advance to state 1 if found.  If already
+; in state 1, increment the byte at offset 8 in struct.
+;
+; Mode 2: put the region (which must be in state 0) into state 2.
+;
+; Returns:
+; 0 = success
+; 1 = region in the wrong state for mode
+; 2 = called with bad arguments
+; 3 = mode 1: no checksum-passing image found
+b0c2:	b5f0      	push	{r4, r5, r6, r7, lr}
+b0c4:	1c15      	mov	r5, r2		(add r5, r2, #0)
+b0c6:	1c0e      	mov	r6, r1		(add r6, r1, #0)
+b0c8:	1c04      	mov	r4, r0		(add r4, r0, #0)
+b0ca:	4fe5      	ldr	r7, [pc, #916]	(0xb460) =0x810020
+b0cc:	7838      	ldrb	r0, [r7, #0]
+b0ce:	2800      	cmp	r0, #0
+b0d0:	d103      	bne	0xb0da
+b0d2:	f969f000 	bl	0xb3a8
+b0d6:	2001      	mov	r0, #1
+b0d8:	7038      	strb	r0, [r7, #0]
+b0da:	2c03      	cmp	r4, #3
+b0dc:	da07      	bge	0xb0ee
+b0de:	2d03      	cmp	r5, #3
+b0e0:	da05      	bge	0xb0ee
+b0e2:	1e68      	sub	r0, r5, #1
+b0e4:	2800      	cmp	r0, #0
+b0e6:	d019      	beq	0xb11c
+b0e8:	3801      	sub	r0, #1
+b0ea:	2800      	cmp	r0, #0
+b0ec:	d001      	beq	0xb0f2
+; return 2; means invalid invokation?
+b0ee:	2002      	mov	r0, #2
+b0f0:	bdf0      	pop	{r4, r5, r6, r7, pc}
+; goes here if 3rd arg == 2
+b0f2:	2018      	mov	r0, #24
+b0f4:	4360      	mul	r0, r4
+b0f6:	49db      	ldr	r1, [pc, #876]	(0xb464) =0x810024
+b0f8:	1809      	add	r1, r1, r0
+b0fa:	2004      	mov	r0, #4
+b0fc:	1840      	add	r0, r0, r1
+b0fe:	6802      	ldr	r2, [r0, #0]
+b100:	2a00      	cmp	r2, #0
+b102:	d112      	bne	0xb12a		; return 1;
+b104:	2202      	mov	r2, #2
+b106:	6002      	str	r2, [r0, #0]
+b108:	2000      	mov	r0, #0
+b10a:	8288      	strh	r0, [r1, #20]
+b10c:	6108      	str	r0, [r1, #16]
+b10e:	4aea      	ldr	r2, [pc, #936]	(0xb4b8) =0x81006C
+b110:	00a3      	lsl	r3, r4, #2
+b112:	58d2      	ldr	r2, [r2, r3]
+b114:	6892      	ldr	r2, [r2, #8]
+b116:	600a      	str	r2, [r1, #0]
+b118:	7248      	strb	r0, [r1, #9]
+b11a:	e016      	b	0xb14a
+; goes here if 3rd arg == 1
+b11c:	2018      	mov	r0, #24
+b11e:	4360      	mul	r0, r4
+b120:	49d1      	ldr	r1, [pc, #836]	(0xb468) =0x810028
+b122:	180f      	add	r7, r1, r0
+b124:	6838      	ldr	r0, [r7, #0]
+b126:	2802      	cmp	r0, #2
+b128:	d101      	bne	0xb12e
+; return 1;
+b12a:	2001      	mov	r0, #1
+b12c:	bdf0      	pop	{r4, r5, r6, r7, pc}
+; continuation of operation with arg3 == 1
+b12e:	2800      	cmp	r0, #0
+b130:	d108      	bne	0xb144
+b132:	1c20      	mov	r0, r4		(add r0, r4, #0)
+b134:	f99af000 	bl	0xb46c
+b138:	2800      	cmp	r0, #0
+b13a:	d001      	beq	0xb140
+b13c:	2003      	mov	r0, #3
+b13e:	bdf0      	pop	{r4, r5, r6, r7, pc}
+b140:	2001      	mov	r0, #1
+b142:	6038      	str	r0, [r7, #0]
+b144:	7938      	ldrb	r0, [r7, #4]
+b146:	3001      	add	r0, #1
+b148:	7138      	strb	r0, [r7, #4]
+b14a:	6034      	str	r4, [r6, #0]
+b14c:	6075      	str	r5, [r6, #4]
+b14e:	2000      	mov	r0, #0
+b150:	bdf0      	pop	{r4, r5, r6, r7, pc}
+; arg1: points to buffer filled by successful 0xb0c2 in mode 1
+; arg2: 8-byte buffer filled as:
+; 0: points to start of image
+; 4: image length
+b152:	b530      	push	{r4, r5, lr}
+b154:	1c0c      	mov	r4, r1		(add r4, r1, #0)
+b156:	1c01      	mov	r1, r0		(add r1, r0, #0)
+b158:	48c1      	ldr	r0, [pc, #772]	(0xb460) =0x810020
+b15a:	7800      	ldrb	r0, [r0, #0]
+b15c:	2800      	cmp	r0, #0
+b15e:	d010      	beq	0xb182
+b160:	6808      	ldr	r0, [r1, #0]
+b162:	4ad5      	ldr	r2, [pc, #852]	(0xb4b8) =0x81006C
+b164:	0083      	lsl	r3, r0, #2
+b166:	18d5      	add	r5, r2, r3
+b168:	2803      	cmp	r0, #3
+b16a:	da02      	bge	0xb172
+b16c:	6849      	ldr	r1, [r1, #4]
+b16e:	2903      	cmp	r1, #3
+b170:	db01      	blt	0xb176
+b172:	2002      	mov	r0, #2
+b174:	bd30      	pop	{r4, r5, pc}
+b176:	2118      	mov	r1, #24
+b178:	4341      	mul	r1, r0
+b17a:	4abb      	ldr	r2, [pc, #748]	(0xb468) =0x810028
+b17c:	5851      	ldr	r1, [r2, r1]
+b17e:	2901      	cmp	r1, #1
+b180:	d001      	beq	0xb186
+b182:	2005      	mov	r0, #5
+b184:	bd30      	pop	{r4, r5, pc}
+b186:	f95ff000 	bl	0xb448
+b18a:	6840      	ldr	r0, [r0, #4]
+b18c:	6060      	str	r0, [r4, #4]
+b18e:	6828      	ldr	r0, [r5, #0]
+b190:	6880      	ldr	r0, [r0, #8]
+b192:	6020      	str	r0, [r4, #0]
+b194:	2000      	mov	r0, #0
+b196:	bd30      	pop	{r4, r5, pc}
+b2f4:	b570      	push	{r4, r5, r6, lr}
+b2f6:	1c04      	mov	r4, r0		(add r4, r0, #0)
+b2f8:	4859      	ldr	r0, [pc, #356]	(0xb460) =0x810020
+b2fa:	7800      	ldrb	r0, [r0, #0]
+b2fc:	2800      	cmp	r0, #0
+b2fe:	d00f      	beq	0xb320
+b300:	6820      	ldr	r0, [r4, #0]
+b302:	2803      	cmp	r0, #3
+b304:	da14      	bge	0xb330
+b306:	6866      	ldr	r6, [r4, #4]
+b308:	2e03      	cmp	r6, #3
+b30a:	da11      	bge	0xb330
+b30c:	2902      	cmp	r1, #2
+b30e:	da0f      	bge	0xb330
+b310:	4d54      	ldr	r5, [pc, #336]	(0xb464) =0x810024
+b312:	2218      	mov	r2, #24
+b314:	4342      	mul	r2, r0
+b316:	18aa      	add	r2, r5, r2
+b318:	3204      	add	r2, #4
+b31a:	6813      	ldr	r3, [r2, #0]
+b31c:	2b00      	cmp	r3, #0
+b31e:	d101      	bne	0xb324
+b320:	2005      	mov	r0, #5
+b322:	bd70      	pop	{r4, r5, r6, pc}
+b324:	1e73      	sub	r3, r6, #1
+b326:	2b00      	cmp	r3, #0
+b328:	d010      	beq	0xb34c
+b32a:	3b01      	sub	r3, #1
+b32c:	2b00      	cmp	r3, #0
+b32e:	d001      	beq	0xb334
+b330:	2002      	mov	r0, #2
+b332:	bd70      	pop	{r4, r5, r6, pc}
+b334:	2900      	cmp	r1, #0
+b336:	d106      	bne	0xb346
+b338:	f856f000 	bl	0xb3e8
+b33c:	2018      	mov	r0, #24
+b33e:	6821      	ldr	r1, [r4, #0]
+b340:	4348      	mul	r0, r1
+b342:	182a      	add	r2, r5, r0
+b344:	3204      	add	r2, #4
+b346:	2000      	mov	r0, #0
+b348:	6010      	str	r0, [r2, #0]
+b34a:	e00c      	b	0xb366
+b34c:	7910      	ldrb	r0, [r2, #4]
+b34e:	3801      	sub	r0, #1
+b350:	0600      	lsl	r0, r0, #24
+b352:	0e00      	lsr	r0, r0, #24
+b354:	7110      	strb	r0, [r2, #4]
+b356:	2800      	cmp	r0, #0
+b358:	d105      	bne	0xb366
+b35a:	2018      	mov	r0, #24
+b35c:	6821      	ldr	r1, [r4, #0]
+b35e:	4348      	mul	r0, r1
+b360:	1828      	add	r0, r5, r0
+b362:	2100      	mov	r1, #0
+b364:	6041      	str	r1, [r0, #4]
+b366:	2000      	mov	r0, #0
+b368:	bd70      	pop	{r4, r5, r6, pc}
+; This function adjusts the flash region pointers
+; in the table @81006C depending on the chip revision.
+b36a:	b500      	push	{lr}
+b36c:	f8dcf000 	bl	0xb528
+b370:	0400      	lsl	r0, r0, #16
+b372:	0c00      	lsr	r0, r0, #16
+b374:	2121      	mov	r1, #33
+b376:	0209      	lsl	r1, r1, #8
+b378:	4288      	cmp	r0, r1
+b37a:	d00a      	beq	0xb392
+b37c:	4909      	ldr	r1, [pc, #36]	(0xb3a4)
+b37e:	4288      	cmp	r0, r1
+b380:	d10e      	bne	0xb3a0
+b382:	484d      	ldr	r0, [pc, #308]	(0xb4b8)
+b384:	4981      	ldr	r1, [pc, #516]	(0xb58c)
+b386:	6001      	str	r1, [r0, #0]
+b388:	4981      	ldr	r1, [pc, #516]	(0xb590)
+b38a:	6041      	str	r1, [r0, #4]
+b38c:	4981      	ldr	r1, [pc, #516]	(0xb594)
+b38e:	6081      	str	r1, [r0, #8]
+b390:	bd00      	pop	{pc}
+b392:	4849      	ldr	r0, [pc, #292]	(0xb4b8)
+b394:	4980      	ldr	r1, [pc, #512]	(0xb598)
+b396:	6001      	str	r1, [r0, #0]
+b398:	4980      	ldr	r1, [pc, #512]	(0xb59c)
+b39a:	6041      	str	r1, [r0, #4]
+b39c:	4980      	ldr	r1, [pc, #512]	(0xb5a0)
+b39e:	6081      	str	r1, [r0, #8]
+b3a0:	bd00      	pop	{pc}
+b3a2:	46c0      	nop			(mov r8, r8)
+b3a4:	00002101
+b3a8:	b530      	push	{r4, r5, lr}
+b3aa:	ffdef7ff 	bl	0xb36a
+b3ae:	2100      	mov	r1, #0
+b3b0:	4d7c      	ldr	r5, [pc, #496]	(0xb5a4) =0x12345678
+b3b2:	2303      	mov	r3, #3
+b3b4:	4a40      	ldr	r2, [pc, #256]	(0xb4b8)
+b3b6:	482b      	ldr	r0, [pc, #172]	(0xb464) =0x810024
+b3b8:	6814      	ldr	r4, [r2, #0]
+b3ba:	68a4      	ldr	r4, [r4, #8]
+b3bc:	6004      	str	r4, [r0, #0]
+b3be:	60c5      	str	r5, [r0, #12]
+b3c0:	8281      	strh	r1, [r0, #20]
+b3c2:	6101      	str	r1, [r0, #16]
+b3c4:	6041      	str	r1, [r0, #4]
+b3c6:	7201      	strb	r1, [r0, #8]
+b3c8:	7241      	strb	r1, [r0, #9]
+b3ca:	3204      	add	r2, #4
+b3cc:	3018      	add	r0, #24
+b3ce:	3b01      	sub	r3, #1
+b3d0:	2b00      	cmp	r3, #0
+b3d2:	d1f1      	bne	0xb3b8
+b3d4:	bd30      	pop	{r4, r5, pc}
+b3d6:	46c0      	nop			(mov r8, r8)
+; This function ensures that the flash in the last sector of the
+; specified magic region is not toggling, and then returns
+; the address of where 0x12345678 is expected.
+b448:	b500      	push	{lr}
+b44a:	491b      	ldr	r1, [pc, #108]	(0xb4b8) =0x81006C
+b44c:	0080      	lsl	r0, r0, #2
+b44e:	5808      	ldr	r0, [r1, r0]
+b450:	7901      	ldrb	r1, [r0, #4]
+b452:	0089      	lsl	r1, r1, #2
+b454:	1840      	add	r0, r0, r1
+b456:	6880      	ldr	r0, [r0, #8]
+b458:	380c      	sub	r0, #12
+b45a:	fdd3f7ff 	bl	0xb004
+b45e:	bd00      	pop	{pc}
+b460:	00810020
+b464:	00810024
+b468:	00810028
+; This function checks whether the magic region specified by the argument
+; contains a checksum-passing image or not.  Returns 0 if pass, 3 otherwise.
+b46c:	b530      	push	{r4, r5, lr}
+b46e:	1c04      	mov	r4, r0		(add r4, r0, #0)
+b470:	ffeaf7ff 	bl	0xb448
+b474:	1c02      	mov	r2, r0		(add r2, r0, #0)
+b476:	2105      	mov	r1, #5
+b478:	2300      	mov	r3, #0
+b47a:	8815      	ldrh	r5, [r2, #0]
+b47c:	18eb      	add	r3, r5, r3
+b47e:	041b      	lsl	r3, r3, #16
+b480:	0c1b      	lsr	r3, r3, #16
+b482:	3202      	add	r2, #2
+b484:	3901      	sub	r1, #1
+b486:	2900      	cmp	r1, #0
+b488:	d1f7      	bne	0xb47a
+b48a:	8941      	ldrh	r1, [r0, #10]
+b48c:	428b      	cmp	r3, r1
+b48e:	d11e      	bne	0xb4ce
+b490:	4909      	ldr	r1, [pc, #36]	(0xb4b8) =0x81006C
+b492:	00a2      	lsl	r2, r4, #2
+b494:	5889      	ldr	r1, [r1, r2]
+b496:	688b      	ldr	r3, [r1, #8]
+b498:	6842      	ldr	r2, [r0, #4]
+b49a:	2400      	mov	r4, #0
+b49c:	0851      	lsr	r1, r2, #1
+b49e:	2900      	cmp	r1, #0
+b4a0:	d007      	beq	0xb4b2
+b4a2:	881d      	ldrh	r5, [r3, #0]
+b4a4:	192c      	add	r4, r5, r4
+b4a6:	0424      	lsl	r4, r4, #16
+b4a8:	0c24      	lsr	r4, r4, #16
+b4aa:	3302      	add	r3, #2
+b4ac:	3901      	sub	r1, #1
+b4ae:	2900      	cmp	r1, #0
+b4b0:	d1f7      	bne	0xb4a2
+b4b2:	0851      	lsr	r1, r2, #1
+b4b4:	d308      	bcc	0xb4c8
+b4b6:	e001      	b	0xb4bc
+; interspersed literal
+b4b8:	0081006c
+; function continues
+b4bc:	8819      	ldrh	r1, [r3, #0]
+b4be:	0609      	lsl	r1, r1, #24
+b4c0:	0e09      	lsr	r1, r1, #24
+b4c2:	1909      	add	r1, r1, r4
+b4c4:	0409      	lsl	r1, r1, #16
+b4c6:	0c0c      	lsr	r4, r1, #16
+b4c8:	8900      	ldrh	r0, [r0, #8]
+b4ca:	4284      	cmp	r4, r0
+b4cc:	d001      	beq	0xb4d2
+b4ce:	2003      	mov	r0, #3
+b4d0:	bd30      	pop	{r4, r5, pc}
+b4d2:	2000      	mov	r0, #0
+b4d4:	bd30      	pop	{r4, r5, pc}
+; This function reads flash ID from the chip.
+; R0 needs to point to a 2-byte buffer into which the read manuf ID is stored.
+; R1 needs to point to an 8-byte buffer (4 16-bit words) filled as follows:
+; 0: word read from 0x02 in autoselect mode
+; 2: word read from 0x1C ""
+; 4: word read from 0x1E ""
+; 6: revision number word from CFI
+b4d6:	b5f0      	push	{r4, r5, r6, r7, lr}
+b4d8:	2303      	mov	r3, #3
+b4da:	2200      	mov	r2, #0
+b4dc:	0114      	lsl	r4, r2, #4
+b4de:	4314      	orr	r4, r2
+b4e0:	220a      	mov	r2, #10
+b4e2:	4322      	orr	r2, r4
+b4e4:	3b01      	sub	r3, #1
+b4e6:	2b00      	cmp	r3, #0
+b4e8:	d1f8      	bne	0xb4dc
+b4ea:	24aa      	mov	r4, #170
+b4ec:	8014      	strh	r4, [r2, #0]
+b4ee:	1056      	asr	r6, r2, #1
+b4f0:	2555      	mov	r5, #85
+b4f2:	8035      	strh	r5, [r6, #0]
+b4f4:	2390      	mov	r3, #144
+b4f6:	8013      	strh	r3, [r2, #0]
+b4f8:	2300      	mov	r3, #0
+b4fa:	881f      	ldrh	r7, [r3, #0]
+b4fc:	8007      	strh	r7, [r0, #0]
+b4fe:	8858      	ldrh	r0, [r3, #2]
+b500:	8008      	strh	r0, [r1, #0]
+b502:	8b98      	ldrh	r0, [r3, #28]
+b504:	8048      	strh	r0, [r1, #2]
+b506:	8bd8      	ldrh	r0, [r3, #30]
+b508:	8088      	strh	r0, [r1, #4]
+b50a:	2098      	mov	r0, #152
+b50c:	8010      	strh	r0, [r2, #0]
+b50e:	2086      	mov	r0, #134
+b510:	8847      	ldrh	r7, [r0, #2]
+b512:	8800      	ldrh	r0, [r0, #0]
+b514:	0200      	lsl	r0, r0, #8
+b516:	4307      	orr	r7, r0
+b518:	80cf      	strh	r7, [r1, #6]
+b51a:	20ff      	mov	r0, #255
+b51c:	8018      	strh	r0, [r3, #0]
+b51e:	8014      	strh	r4, [r2, #0]
+b520:	8035      	strh	r5, [r6, #0]
+b522:	20f0      	mov	r0, #240
+b524:	8010      	strh	r0, [r2, #0]
+b526:	bdf0      	pop	{r4, r5, r6, r7, pc}
+; This function computes a single-word flash device ID.  The algorithm is
+; as follows:
+; - if the manuf is other than 01 or 04, return the autoselect word from 0x02
+; - ditto autosel[0x02] != 0x227E
+; - in the case of our expected S71PL129NC0, return value will be
+;   0x2100 or 0x2101 depending on the chip rev indicated in CFI table
+b528:	b500      	push	{lr}
+b52a:	b083      	sub	sp, #12
+b52c:	4668      	mov	r0, sp
+b52e:	a901      	add	r1, sp, #4
+b530:	ffd1f7ff 	bl	0xb4d6
+b534:	4668      	mov	r0, sp
+b536:	8800      	ldrh	r0, [r0, #0]
+b538:	2801      	cmp	r0, #1
+b53a:	d003      	beq	0xb544
+b53c:	4668      	mov	r0, sp
+b53e:	8800      	ldrh	r0, [r0, #0]
+b540:	2804      	cmp	r0, #4
+b542:	d11e      	bne	0xb582
+b544:	4668      	mov	r0, sp
+b546:	8881      	ldrh	r1, [r0, #4]
+b548:	4817      	ldr	r0, [pc, #92]	(0xb5a8)
+b54a:	4281      	cmp	r1, r0
+b54c:	d119      	bne	0xb582
+b54e:	4668      	mov	r0, sp
+b550:	7a00      	ldrb	r0, [r0, #8]
+b552:	4669      	mov	r1, sp
+b554:	88c9      	ldrh	r1, [r1, #6]
+b556:	0209      	lsl	r1, r1, #8
+b558:	4308      	orr	r0, r1
+b55a:	0400      	lsl	r0, r0, #16
+b55c:	0c00      	lsr	r0, r0, #16
+b55e:	4669      	mov	r1, sp
+b560:	88c9      	ldrh	r1, [r1, #6]
+b562:	4a12      	ldr	r2, [pc, #72]	(0xb5ac)
+b564:	4291      	cmp	r1, r2
+b566:	d10e      	bne	0xb586
+b568:	4669      	mov	r1, sp
+b56a:	890a      	ldrh	r2, [r1, #8]
+b56c:	2111      	mov	r1, #17
+b56e:	0249      	lsl	r1, r1, #9
+b570:	428a      	cmp	r2, r1
+b572:	d108      	bne	0xb586
+b574:	4669      	mov	r1, sp
+b576:	8949      	ldrh	r1, [r1, #10]
+b578:	4a0d      	ldr	r2, [pc, #52]	(0xb5b0)
+b57a:	4291      	cmp	r1, r2
+b57c:	d003      	beq	0xb586
+b57e:	480d      	ldr	r0, [pc, #52]	(0xb5b4)
+b580:	e001      	b	0xb586
+b582:	4668      	mov	r0, sp
+b584:	8880      	ldrh	r0, [r0, #4]
+b586:	b003      	add	sp, #12
+b588:	bd00      	pop	{pc}
+b58a:	46c0      	nop			(mov r8, r8)
+; written into table @81006C for one chip rev
+b58c:	0081a61c
+b590:	0081a8b4
+b594:	0081ab4c
+; written into table @81006C for the other chip rev
+b598:	0081a4d0
+b59c:	0081a768
+b5a0:	0081aa00
+; looks like 6 records of 0x14C bytes each, starting at 0x81a4d0
+; that's offset 0xA04C from the start of copy, 0xC554 in flash
+b5a4:	12345678
+b5a8:	0000227e
+b5ac:	00002221
+b5b0:	00003133
+b5b4:	00002101
+c554:	00000000
+c558:	00000036
+c55c:	02480000
+c560:	02490000
+c564:	024a0000
+c568:	024b0000
+c56c:	024c0000
+c570:	024d0000
+c574:	024e0000
+c578:	024f0000
+c57c:	02500000
+c580:	02510000
+c584:	02520000
+c588:	02530000
+c58c:	02540000
+c590:	02550000
+c594:	02560000
+c598:	02570000
+c59c:	02580000
+c5a0:	02590000
+c5a4:	025a0000
+c5a8:	025b0000
+c5ac:	025c0000
+c5b0:	025d0000
+c5b4:	025e0000
+c5b8:	025f0000
+c5bc:	02600000
+c5c0:	02610000
+c5c4:	02620000
+c5c8:	02630000
+c5cc:	02640000
+c5d0:	02650000
+c5d4:	02660000
+c5d8:	02670000
+c5dc:	02680000
+c5e0:	02690000
+c5e4:	026a0000
+c5e8:	026b0000
+c5ec:	026c0000
+c5f0:	026d0000
+c5f4:	026e0000
+c5f8:	026f0000
+c5fc:	02700000
+c600:	02710000
+c604:	02720000
+c608:	02730000
+c60c:	02740000
+c610:	02750000
+c614:	02760000
+c618:	02770000
+c61c:	02780000
+c620:	02790000
+c624:	027a0000
+c628:	027b0000
+c62c:	027c0000
+c630:	027d0000
+c634:	027e0000
+	...
+c6a4:	0000000f
+c6a8:	02480000
+c6ac:	024c0000
+c6b0:	02500000
+c6b4:	02540000
+c6b8:	02580000
+c6bc:	025c0000
+c6c0:	02600000
+c6c4:	02640000
+c6c8:	02680000
+c6cc:	026c0000
+c6d0:	02700000
+c6d4:	02740000
+c6d8:	02780000
+c6dc:	027c0000
+c6e0:	027d0000
+c6e4:	027e0000
+	...
+c7ec:	00000001
+c7f0:	00000001
+c7f4:	027e0000
+c7f8:	027f0000
+	...
+c938:	00000001
+c93c:	00000001
+c940:	027e0000
+c944:	027f0000
+	...
+ca84:	00000002
+ca88:	00000008
+ca8c:	027f0000
+ca90:	027f2000
+ca94:	027f4000
+ca98:	027f6000
+ca9c:	027f8000
+caa0:	027fa000
+caa4:	027fc000
+caa8:	027fe000
+caac:	02800000
+	...
+cbd0:	00000002
+cbd4:	00000001
+cbd8:	027f0000
+cbdc:	02800000
+	...
+cd1c:	00030000
+cd20:	00040000
+cd24:	00050000
+cd28:	00060000
+cd2c:	00070000
+cd30:	00080000
+cd34:	00090000
+cd38:	000a0000
+cd3c:	000b0000
+cd40:	000c0000
+cd44:	000d0000
+cd48:	000e0000
+cd4c:	000f0000
+cd50:	00100000
+cd54:	00110000
+cd58:	00120000
+cd5c:	00130000
+cd60:	00140000
+cd64:	00150000
+cd68:	00160000
+cd6c:	00170000
+cd70:	00180000
+cd74:	00190000
+cd78:	001a0000
+cd7c:	001b0000
+cd80:	001c0000
+cd84:	001d0000
+cd88:	001e0000
+cd8c:	001f0000
+cd90:	00200000
+cd94:	00210000
+cd98:	00220000
+cd9c:	00230000
+cda0:	00240000
+cda4:	00250000
+cda8:	00260000
+cdac:	00270000
+cdb0:	00280000
+cdb4:	00290000
+cdb8:	002a0000
+cdbc:	002b0000
+cdc0:	002c0000
+cdc4:	002d0000
+cdc8:	002e0000
+cdcc:	002f0000
+cdd0:	00300000
+cdd4:	00310000
+cdd8:	00320000
+cddc:	00330000
+cde0:	00340000
+cde4:	00350000
+cde8:	00360000
+cdec:	00370000
+cdf0:	00380000
+cdf4:	00390000
+cdf8:	003a0000
+cdfc:	003b0000
+ce00:	003c0000
+ce04:	003d0000
+ce08:	003e0000
+ce0c:	003f0000
+ce10:	00400000
+ce14:	00410000
+ce18:	00420000
+ce1c:	00430000
+ce20:	00440000
+ce24:	00450000
+ce28:	00460000
+ce2c:	00470000
+ce30:	00480000
+ce34:	00490000
+ce38:	004a0000
+ce3c:	004b0000
+ce40:	004c0000
+ce44:	004d0000
+ce48:	004e0000
+ce4c:	004f0000
+ce50:	00500000
+ce54:	00510000
+ce58:	00520000
+ce5c:	00530000
+ce60:	00540000
+ce64:	00550000
+ce68:	00560000
+ce6c:	00570000
+ce70:	00580000
+ce74:	00590000
+ce78:	005a0000
+ce7c:	005b0000
+ce80:	005c0000
+ce84:	005d0000
+ce88:	005e0000
+ce8c:	005f0000
+ce90:	00600000
+ce94:	00610000
+ce98:	00620000
+ce9c:	00630000
+cea0:	00640000
+cea4:	00650000
+cea8:	00660000
+ceac:	00670000
+ceb0:	00680000
+ceb4:	00690000
+ceb8:	006a0000
+cebc:	006b0000
+cec0:	006c0000
+cec4:	006d0000
+cec8:	006e0000
+cecc:	006f0000
+ced0:	00700000
+ced4:	00710000
+ced8:	00720000
+cedc:	00730000
+cee0:	00740000
+cee4:	00750000
+cee8:	00760000
+ceec:	00770000
+cef0:	00780000
+cef4:	00790000
+cef8:	007a0000
+cefc:	007b0000
+cf00:	007c0000
+cf04:	007d0000
+cf08:	007e0000
+cf0c:	007f0000
+cf10:	00030000
+cf14:	00040000
+cf18:	00080000
+cf1c:	000c0000
+cf20:	00100000
+cf24:	00140000
+cf28:	00180000
+cf2c:	001c0000
+cf30:	00200000
+cf34:	00240000
+cf38:	00280000
+cf3c:	002c0000
+cf40:	00300000
+cf44:	00340000
+cf48:	00380000
+cf4c:	003c0000
+cf50:	00400000
+cf54:	00440000
+cf58:	00480000
+cf5c:	004c0000
+cf60:	00500000
+cf64:	00540000
+cf68:	00580000
+cf6c:	005c0000
+cf70:	00600000
+cf74:	00640000
+cf78:	00680000
+cf7c:	006c0000
+cf80:	00700000
+cf84:	00740000
+cf88:	00780000
+cf8c:	007c0000
 CF8F: last copied byte
 <CF90-1F9FF: all FFs>
 ; initialized data table

FreeCalypso > hg > freecalypso-reveng

comparison pirelli/preboot.disasm @ 68:6a136554378e