FreeCalypso > hg > freecalypso-reveng

comparison pirelli/fw-disasm @ 256:dbcfb097ffe1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
pirelli/fw-disasm: pwr_cust battery type logic located and analyzed
author Mychaela Falconia <falcon@freecalypso.org>
date Tue, 26 Dec 2017 00:56:55 +0000
parents 0f5a24acde3a
children 01030ff953a2
comparison
equal deleted inserted replaced
255:0f5a24acde3a 256:dbcfb097ffe1
1038 32dd0c: e001 b 0x32dd12 1038 32dd0c: e001 b 0x32dd12
1039 32dd0e: f7b4 fd93 bl 0x2e2838 ; $pwr_CI_charge_process 1039 32dd0e: f7b4 fd93 bl 0x2e2838 ; $pwr_CI_charge_process
1040 32dd12: b002 add sp, #8 1040 32dd12: b002 add sp, #8
1041 32dd14: bd10 pop {r4, pc} 1041 32dd14: bd10 pop {r4, pc}
1042 32dd16: 46c0 nop (mov r8, r8) 1042 32dd16: 46c0 nop (mov r8, r8)
1043
1044 $pwr_bat_10uA_temp_test_timer_process:
1045 32dd20: b510 push {r4, lr}
1046 32dd22: b082 sub sp, #8
1047 32dd24: 4838 ldr r0, =0x1774e70 ; via 0x32de08
1048 32dd26: 6800 ldr r0, [r0, #0]
1049 32dd28: 6840 ldr r0, [r0, #4]
1050 32dd2a: 2800 cmp r0, #0
1051 32dd2c: d101 bne 0x32dd32
1052 32dd2e: 2138 mov r1, #56 ; 0x38
1053 32dd30: e048 b 0x32ddc4
1054 32dd32: f000 faaf bl 0x32e294
1055 32dd36: 2800 cmp r0, #0
1056 32dd38: d164 bne 0x32de04
1057 32dd3a: 4834 ldr r0, =0xa0020 ; via 0x32de0c
1058 32dd3c: 9000 str r0, [sp, #0]
1059 32dd3e: a0f2 add r0, pc, #968 ; 0x3c8
1060 32dd40: 211e mov r1, #30 ; 0x1e
1061 32dd42: 2200 mov r2, #0
1062 32dd44: 43d2 mvn r2, r2
1063 32dd46: 2302 mov r3, #2
1064 32dd48: f0ac ff74 bl 0x3dac34
1065 32dd4c: 4c2e ldr r4, =0x1774e70 ; via 0x32de08
1066 32dd4e: 6821 ldr r1, [r4, #0]
1067 32dd50: 2000 mov r0, #0
1068 32dd52: 43c0 mvn r0, r0
1069 32dd54: 8708 strh r0, [r1, #56] ; 0x38
1070 32dd56: 2001 mov r0, #1
1071 32dd58: 2128 mov r1, #40 ; 0x28
1072 32dd5a: 2200 mov r2, #0
1073 32dd5c: f01b fa56 bl 0x34920c
1074 32dd60: 2002 mov r0, #2
1075 32dd62: f783 fd9c bl 0x2b189e
1076 32dd66: 2001 mov r0, #1
1077 32dd68: 2128 mov r1, #40 ; 0x28
1078 32dd6a: f01b fa76 bl 0x34925a
1079 32dd6e: 1c01 add r1, r0, #0
1080 32dd70: 6822 ldr r2, [r4, #0]
1081 32dd72: 3238 add r2, #56 ; 0x38
1082 32dd74: 2051 mov r0, #81 ; 0x51
1083 32dd76: f7ff ff0b bl 0x32db90
1084 32dd7a: 2800 cmp r0, #0
1085 32dd7c: d12a bne 0x32ddd4
1086 32dd7e: 2148 mov r1, #72 ; 0x48
1087 32dd80: 6820 ldr r0, [r4, #0]
1088 32dd82: 5c08 ldrb r0, [r1, r0]
1089 32dd84: 2800 cmp r0, #0
1090 32dd86: d125 bne 0x32ddd4
1091 32dd88: 4820 ldr r0, =0xa0020 ; via 0x32de0c
1092 32dd8a: 9000 str r0, [sp, #0]
1093 32dd8c: a0e6 add r0, pc, #920 ; 0x398
1094 32dd8e: 2129 mov r1, #41 ; 0x29
1095 32dd90: 2200 mov r2, #0
1096 32dd92: 43d2 mvn r2, r2
1097 32dd94: 2302 mov r3, #2
1098 32dd96: f0ac ff4d bl 0x3dac34
1099 32dd9a: 2001 mov r0, #1
1100 32dd9c: 2138 mov r1, #56 ; 0x38
1101 32dd9e: 2201 mov r2, #1
1102 32dda0: f01b fa34 bl 0x34920c
1103 32dda4: f7b4 faa3 bl 0x2e22ee
1104 32dda8: 4927 ldr r1, =0x1774b78 ; via 0x32de48
1105 32ddaa: 2006 mov r0, #6
1106 32ddac: 43c0 mvn r0, r0
1107 32ddae: 8008 strh r0, [r1, #0]
1108 32ddb0: 2000 mov r0, #0
1109 32ddb2: f067 f886 bl 0x394ec2
1110 32ddb6: 2132 mov r1, #50 ; 0x32
1111 32ddb8: 48d2 ldr r0, =0x1774e38 ; via 0x32e104
1112 32ddba: 6800 ldr r0, [r0, #0]
1113 32ddbc: 5c08 ldrb r0, [r1, r0]
1114 32ddbe: 2800 cmp r0, #0
1115 32ddc0: d105 bne 0x32ddce
1116 32ddc2: 213c mov r1, #60 ; 0x3c
1117 32ddc4: 2001 mov r0, #1
1118 32ddc6: 2201 mov r2, #1
1119 32ddc8: f01b fa20 bl 0x34920c
1120 32ddcc: e01a b 0x32de04
1121 32ddce: f085 fef0 bl 0x3b3bb2
1122 32ddd2: e017 b 0x32de04
1123 32ddd4: 2001 mov r0, #1
1124 32ddd6: 2138 mov r1, #56 ; 0x38
1125 32ddd8: 2201 mov r2, #1
1126 32ddda: f01b fa17 bl 0x34920c
1127 32ddde: 6820 ldr r0, [r4, #0]
1128 32dde0: 6840 ldr r0, [r0, #4]
1129 32dde2: 2802 cmp r0, #2
1130 32dde4: d00c beq 0x32de00
1131 32dde6: 2803 cmp r0, #3
1132 32dde8: d007 beq 0x32ddfa
1133 32ddea: 2801 cmp r0, #1
1134 32ddec: d002 beq 0x32ddf4
1135 32ddee: f083 fc67 bl 0x3b16c0
1136 32ddf2: e007 b 0x32de04
1137 32ddf4: f7b4 fab2 bl 0x2e235c
1138 32ddf8: e004 b 0x32de04
1139 32ddfa: f7b4 fe8b bl 0x2e2b14
1140 32ddfe: e001 b 0x32de04
1141 32de00: f7b4 fd1a bl 0x2e2838
1142 32de04: b002 add sp, #8
1143 32de06: bd10 pop {r4, pc}
1144
1145 $pwr_get_battery_type:
1146 32de10: b570 push {r4, r5, r6, lr}
1147 32de12: 48f0 ldr r0, =0x1774e70 ; via 0x32e1d4
1148 32de14: 6801 ldr r1, [r0, #0]
1149 ; half-word at offset 0x40 = 0
1150 32de16: 2340 mov r3, #64 ; 0x40
1151 32de18: 2200 mov r2, #0
1152 32de1a: 525a strh r2, [r3, r1]
1153 ; word at offset 0x44 = 0
1154 32de1c: 2400 mov r4, #0
1155 32de1e: 644c str r4, [r1, #68] ; 0x44
1156 32de20: 4d09 ldr r5, =0x1774b78 ; via 0x32de48
1157 32de22: 6806 ldr r6, [r0, #0]
1158 32de24: 88a8 ldrh r0, [r5, #4]
1159 32de26: f000 f8e2 bl 0x32dfee
1160 ; initial % written into 16-bit var at offset 0x3e
1161 32de2a: 87f0 strh r0, [r6, #62] ; 0x3e
1162 ; pwr_env_ctrl_blk->timer0_state = BATTERY_TYPE_TEST;
1163 32de2c: 6334 str r4, [r6, #48] ; 0x30
1164 ; THEN_50uA written into BCICTL1
1165 32de2e: 2001 mov r0, #1
1166 32de30: 2138 mov r1, #56 ; 0x38
1167 32de32: 2261 mov r2, #97 ; 0x61
1168 32de34: f01b f9ea bl 0x34920c ; $ABB_Write_Register_on_page
1169 ; TIMER0 set to 300 ms
1170 32de38: 2000 mov r0, #0
1171 32de3a: 2141 mov r1, #65 ; 0x41
1172 32de3c: 2200 mov r2, #0
1173 32de3e: f7fd f81b bl 0x32ae78 ; $rvf_start_timer
1174 ; 0 into error code var
1175 32de42: 2000 mov r0, #0
1176 32de44: 8028 strh r0, [r5, #0]
1177 32de46: bd70 pop {r4, r5, r6, pc}
1178
1179 $pwr_type_test_timer_process:
1180 32df04: b510 push {r4, lr}
1181 32df06: b082 sub sp, #8
1182 32df08: 48e1 ldr r0, =0xa0020 ; via 0x32e290
1183 32df0a: 9000 str r0, [sp, #0]
1184 32df0c: a0d6 add r0, pc, #856 ; 0x358
1185 32df0e: 2119 mov r1, #25 ; 0x19
1186 32df10: 2200 mov r2, #0
1187 32df12: 43d2 mvn r2, r2
1188 32df14: 2302 mov r3, #2
1189 32df16: f0ac fe8d bl 0x3dac34
1190 ; write 0 into ADIN2REG
1191 32df1a: 2001 mov r0, #1
1192 32df1c: 2128 mov r1, #40 ; 0x28
1193 32df1e: 2200 mov r2, #0
1194 32df20: f01b f974 bl 0x34920c ; $ABB_Write_Register_on_page
1195 ; delay 2 ticks
1196 32df24: 2002 mov r0, #2
1197 32df26: f783 fcba bl 0x2b189e ; rvf_delay()
1198 ; now read ADIN2REG
1199 32df2a: 2001 mov r0, #1
1200 32df2c: 2128 mov r1, #40 ; 0x28
1201 32df2e: f01b f994 bl 0x34925a ; $ABB_Read_Register_on_page
1202 32df32: 1c04 add r4, r0, #0
1203 ; "bat type" trace
1204 32df34: 48d6 ldr r0, =0xa0020 ; via 0x32e290
1205 32df36: 9000 str r0, [sp, #0]
1206 32df38: a0d2 add r0, pc, #840 ; 0x348
1207 32df3a: 2108 mov r1, #8
1208 32df3c: 1c22 add r2, r4, #0
1209 32df3e: 2302 mov r3, #2
1210 32df40: f0ac fe78 bl 0x3dac34
1211 ; BCICTL1 write turns off current source
1212 32df44: 2001 mov r0, #1
1213 32df46: 2138 mov r1, #56 ; 0x38
1214 32df48: 2201 mov r2, #1
1215 32df4a: f01b f95f bl 0x34920c
1216 32df4e: 2c81 cmp r4, #129 ; 0x81
1217 32df50: db03 blt 0x32df5a
1218 32df52: 202d mov r0, #45 ; 0x2d
1219 32df54: 0100 lsl r0, r0, #4
1220 32df56: 4284 cmp r4, r0
1221 32df58: dd26 ble 0x32dfa8
1222 ; bad result
1223 32df5a: 489e ldr r0, =0x1774e70 ; via 0x32e1d4
1224 32df5c: 6800 ldr r0, [r0, #0]
1225 32df5e: 2148 mov r1, #72 ; 0x48
1226 32df60: 5c09 ldrb r1, [r1, r0]
1227 32df62: 2901 cmp r1, #1
1228 32df64: d020 beq 0x32dfa8
1229 32df66: 2101 mov r1, #1
1230 32df68: 6341 str r1, [r0, #52] ; 0x34
1231 32df6a: 48c9 ldr r0, =0xa0020 ; via 0x32e290
1232 32df6c: 9000 str r0, [sp, #0]
1233 32df6e: a0eb add r0, pc, #940 ; 0x3ac
1234 32df70: 2110 mov r1, #16 ; 0x10
1235 32df72: 2200 mov r2, #0
1236 32df74: 43d2 mvn r2, r2
1237 32df76: 2302 mov r3, #2
1238 32df78: f0ac fe5c bl 0x3dac34
1239 32df7c: 48e6 ldr r0, =0x1774b78 ; via 0x32e318
1240 32df7e: 2100 mov r1, #0
1241 32df80: 43c9 mvn r1, r1
1242 32df82: 8001 strh r1, [r0, #0]
1243 32df84: 2003 mov r0, #3
1244 32df86: f066 ff9c bl 0x394ec2
1245 32df8a: 2032 mov r0, #50 ; 0x32
1246 32df8c: 495d ldr r1, =0x1774e38 ; via 0x32e104
1247 32df8e: 6809 ldr r1, [r1, #0]
1248 32df90: 5c40 ldrb r0, [r0, r1]
1249 32df92: 2800 cmp r0, #0
1250 32df94: d105 bne 0x32dfa2
1251 32df96: 2001 mov r0, #1
1252 32df98: 213c mov r1, #60 ; 0x3c
1253 32df9a: 2201 mov r2, #1
1254 32df9c: f01b f936 bl 0x34920c
1255 32dfa0: e011 b 0x32dfc6
1256 32dfa2: f085 fe06 bl 0x3b3bb2
1257 32dfa6: e00e b 0x32dfc6
1258 ; good result
1259 32dfa8: 488a ldr r0, =0x1774e70 ; via 0x32e1d4
1260 32dfaa: 6801 ldr r1, [r0, #0]
1261 32dfac: 2000 mov r0, #0
1262 32dfae: 6348 str r0, [r1, #52] ; 0x34
1263 32dfb0: 48b7 ldr r0, =0xa0020 ; via 0x32e290
1264 32dfb2: 9000 str r0, [sp, #0]
1265 32dfb4: a0de add r0, pc, #888 ; 0x378
1266 32dfb6: 2106 mov r1, #6
1267 32dfb8: 2200 mov r2, #0
1268 32dfba: 43d2 mvn r2, r2
1269 32dfbc: 2302 mov r3, #2
1270 32dfbe: f0ac fe39 bl 0x3dac34
1271 32dfc2: f7b4 f9ed bl 0x2e23a0 ; $pwr_battery_qualification
1272 32dfc6: b002 add sp, #8
1273 32dfc8: bd10 pop {r4, pc}
1274 32dfca: 46c0 nop (mov r8, r8)
1043 1275
1044 ; The following function computes the battery remaining % number 1276 ; The following function computes the battery remaining % number
1045 ; from the battery mV passed in R0. It first increases the mV value 1277 ; from the battery mV passed in R0. It first increases the mV value
1046 ; by a factor that depends on the system current draw (it appears 1278 ; by a factor that depends on the system current draw (it appears
1047 ; that they are after the "true" battery voltage before the internal 1279 ; that they are after the "true" battery voltage before the internal
2346 3a15c6: 30b2 add r0, #178 ; 0xb2 2578 3a15c6: 30b2 add r0, #178 ; 0xb2
2347 3a15c8: f710 f969 bl 0x2b189e ; rvf_delay() 2579 3a15c8: f710 f969 bl 0x2b189e ; rvf_delay()
2348 3a15cc: 2003 mov r0, #3 2580 3a15cc: 2003 mov r0, #3
2349 3a15ce: f789 fcc9 bl 0x32af64 ; $rvf_stop_timer 2581 3a15ce: f789 fcc9 bl 0x32af64 ; $rvf_stop_timer
2350 3a15d2: f7f3 fb5d bl 0x394c90 ; $pwr_send_charger_plug_event ? 2582 3a15d2: f7f3 fb5d bl 0x394c90 ; $pwr_send_charger_plug_event ?
2351 3a15d6: f78c fc1b bl 0x32de10 ; $pwr_get_battery_type ? 2583 3a15d6: f78c fc1b bl 0x32de10 ; $pwr_get_battery_type
2352 3a15da: bd00 pop {pc} 2584 3a15da: bd00 pop {pc}
2353 2585
2354 $PWR_Charger_Unplug: 2586 $PWR_Charger_Unplug:
2355 3a15dc: b500 push {lr} 2587 3a15dc: b500 push {lr}
2356 3a15de: b082 sub sp, #8 2588 3a15de: b082 sub sp, #8