--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pirelli/firmware	Tue Nov 12 04:28:47 2013 +0000
@@ -0,0 +1,23 @@
+Following on the success of our match of moko11 disassembly against some known
+objects (see ../moko11), let's try doing the same thing with Pirelli's fw.
+
+Let's see if the code in Pirelli's fw at 0x40000 matches .inttext from TI's
+int.obj: so far, so good!  Let's see how far we can get:
+
+040000:	beginning of match with .inttext in TI's int.obj
+040268:	b 0x3f6b40, should be a jump to the _INC_Initialize veneer
+3BB7D4:	first function called from Application_Initialize()
+	the logic of Init_Target() is recognizable, but it's a modified
+	version, not the same object blob as we have
+	the setup of memory timings matches that done by OsmocomBB!
+3F11F8:	this should be Application_Initialize()
+	differences begin: instead of 6 function calls, there are 12,
+	with one of them conditionalized on the return value of the previous
+3F3E74:	expecting to see $INC_Initialize here - yes!
+3F6B40:	looks like an ARM->Thumb call veneer indeed
+3F6B4C:	Thumb code begins, does bl 0x3f3e74
+3F6B54:	back to ARM, veneer return
+
+data objects:
+
+01775048:	INC_Initialize state variable