diff pirelli/preboot.disasm @ 67:88cf9811f97c

started disassembly of Pirelli's boot code
author Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date Sun, 09 Feb 2014 09:36:42 +0000
parents
children 6a136554378e
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pirelli/preboot.disasm	Sun Feb 09 09:36:42 2014 +0000
@@ -0,0 +1,452 @@
+       0:	ea00004b 	b	0x134
+       4:	ea00bffe 	b	0x30004
+       8:	ea00bffe 	b	0x30008
+       c:	ea00bffe 	b	0x3000c
+      10:	ea00bffe 	b	0x30010
+      14:	ea00bffe 	b	0x30014
+      18:	ea00bffe 	b	0x30018
+      1c:	ea00bffe 	b	0x3001c
+
+<20-FF: all FFs>
+
+     100:	fffffb00
+     104:	02a102a1
+     108:	028302a1
+     10c:	00c000aa
+     110:	002a0040
+     114:	fffffd00
+     118:	ffff9800
+     11c:	fffffb10
+     120:	ffffff08
+     124:	fffff804
+     128:	20061081
+     12c:	00000800
+     130:	00a000f5
+
+; RESET vector branches here
+     134:	e51f1024 	ldr	r1, [pc, #-36]	; 0x118 =0xffff9800
+     138:	e15f21b6 	ldrh	r2, [pc, #-22]	; 0x12a =0x2006
+     13c:	e1c120b0 	strh	r2, [r1]
+     140:	e5912000 	ldr	r2, [r1]
+     144:	e2022001 	and	r2, r2, #1	; 0x1
+     148:	e3520001 	cmp	r2, #1	; 0x1
+     14c:	0afffffb 	beq	0x140
+     150:	e51f1044 	ldr	r1, [pc, #-68]	; 0x114 =0xfffffd00
+     154:	e15f23b4 	ldrh	r2, [pc, #-52]	; 0x128 =0x1081
+     158:	e1c120b0 	strh	r2, [r1]
+     15c:	e51f1048 	ldr	r1, [pc, #-72]	; 0x11c =0xfffffb10
+     160:	e15f23bc 	ldrh	r2, [pc, #-60]	; 0x12c =0x0800
+     164:	e1d100b0 	ldrh	r0, [r1]
+     168:	e1800002 	orr	r0, r0, r2
+     16c:	e1c100b0 	strh	r0, [r1]	; DU disable
+     170:	e51f1058 	ldr	r1, [pc, #-88]	; 0x120 =0xffffff08
+     174:	e15f24be 	ldrh	r2, [pc, #-78]	; 0x12e =0x0000
+     178:	e1c120b0 	strh	r2, [r1]	; MPU disable
+     17c:	e51f1084 	ldr	r1, [pc, #-132]	; 0x100 =0xfffffb00
+     180:	e51f1064 	ldr	r1, [pc, #-100]	; 0x124 =0xfffff804
+     184:	e15f25bc 	ldrh	r2, [pc, #-92]	; 0x130 =0x00f5
+     188:	e1c120b0 	strh	r2, [r1]	; WDOG disable cycle 1
+     18c:	e51f1070 	ldr	r1, [pc, #-112]	; 0x124 =0xfffff804
+     190:	e15f26b6 	ldrh	r2, [pc, #-102]	; 0x132 =0x00a0
+     194:	e1c120b0 	strh	r2, [r1]	; WDOG disable cycle 2
+     198:	e15f29bc 	ldrh	r2, [pc, #-156]	; 0x104
+     19c:	e1c120b0 	strh	r2, [r1]
+     1a0:	e15f2ab2 	ldrh	r2, [pc, #-162]	; 0x106
+     1a4:	e1c120b2 	strh	r2, [r1, #2]
+     1a8:	e15f2ab8 	ldrh	r2, [pc, #-168]	; 0x108
+     1ac:	e1c120b4 	strh	r2, [r1, #4]
+     1b0:	e15f2abe 	ldrh	r2, [pc, #-174]	; 0x10a
+     1b4:	e1c120b6 	strh	r2, [r1, #6]
+     1b8:	e15f2bb4 	ldrh	r2, [pc, #-180]	; 0x10c
+     1bc:	e1c120ba 	strh	r2, [r1, #10]
+     1c0:	e15f2bba 	ldrh	r2, [pc, #-186]	; 0x10e
+     1c4:	e1c120bc 	strh	r2, [r1, #12]
+     1c8:	e15f2cb0 	ldrh	r2, [pc, #-192]	; 0x110
+     1cc:	e1c120b8 	strh	r2, [r1, #8]
+     1d0:	e15f2cb6 	ldrh	r2, [pc, #-198]	; 0x112
+     1d4:	e1c120be 	strh	r2, [r1, #14]
+     1d8:	e59f0020 	ldr	r0, [pc, #32]	; 0x200 =0x81047c
+     1dc:	e3a01b01 	mov	r1, #1024	; 0x400
+     1e0:	e2411004 	sub	r1, r1, #4	; 0x4
+     1e4:	e0802001 	add	r2, r0, r1
+     1e8:	e3c22003 	bic	r2, r2, #3	; 0x3
+     1ec:	e1a0d002 	mov	sp, r2
+     1f0:	e92d100f 	stmdb	sp!, {r0, r1, r2, r3, ip}
+     1f4:	eb00003b 	bl	0x2e8
+     1f8:	e8bd100f 	ldmia	sp!, {r0, r1, r2, r3, ip}
+     1fc:	ea000796 	b	0x205c
+
+     200:	0081047c
+
+; copy(src, len, dest)
+     204:	2900      	cmp	r1, #0
+     206:	d006      	beq	0x216
+     208:	6803      	ldr	r3, [r0, #0]
+     20a:	6013      	str	r3, [r2, #0]
+     20c:	3204      	add	r2, #4
+     20e:	3004      	add	r0, #4
+     210:	3904      	sub	r1, #4
+     212:	2900      	cmp	r1, #0
+     214:	d1f8      	bne	0x208
+     216:	4770      	bx	lr
+
+; checksumming function: XOR of all 16-bit words in region
+     218:	2200      	mov	r2, #0
+     21a:	2900      	cmp	r1, #0
+     21c:	d007      	beq	0x22e
+     21e:	8803      	ldrh	r3, [r0, #0]
+     220:	4053      	eor	r3, r2
+     222:	041a      	lsl	r2, r3, #16
+     224:	0c12      	lsr	r2, r2, #16
+     226:	3002      	add	r0, #2
+     228:	3902      	sub	r1, #2
+     22a:	2900      	cmp	r1, #0
+     22c:	d1f7      	bne	0x21e
+     22e:	1c10      	mov	r0, r2		(add r0, r2, #0)
+     230:	4770      	bx	lr
+
+; 0x232 routine is bzero() with 4-byte alignment required
+     232:	2900      	cmp	r1, #0
+     234:	d005      	beq	0x242
+     236:	2200      	mov	r2, #0
+     238:	6002      	str	r2, [r0, #0]
+     23a:	3004      	add	r0, #4
+     23c:	3904      	sub	r1, #4
+     23e:	2900      	cmp	r1, #0
+     240:	d1fa      	bne	0x238
+     242:	4770      	bx	lr
+
+; 0xAA88 bytes are copied from 0x2508 to 0x810484
+     244:	b5f0      	push	{r4, r5, r6, r7, lr}
+     246:	4e10      	ldr	r6, [pc, #64]	(0x288) =0x800010
+     248:	2000      	mov	r0, #0
+     24a:	8030      	strh	r0, [r6, #0]
+     24c:	4f0f      	ldr	r7, [pc, #60]	(0x28c) =0x800012
+     24e:	8038      	strh	r0, [r7, #0]
+     250:	480f      	ldr	r0, [pc, #60]	(0x290) =0x810480
+     252:	4910      	ldr	r1, [pc, #64]	(0x294) =0x81AF0C
+     254:	1a09      	sub	r1, r1, r0
+     256:	3904      	sub	r1, #4
+     258:	468c      	mov	ip, r1
+     25a:	2104      	mov	r1, #4
+     25c:	180c      	add	r4, r1, r0
+     25e:	1c20      	mov	r0, r4		(add r0, r4, #0)
+     260:	4661      	mov	r1, ip
+     262:	ffe6f7ff 	bl	0x232		; bzero()
+     266:	4d0c      	ldr	r5, [pc, #48]	(0x298) =0x2508
+     268:	1c28      	mov	r0, r5		(add r0, r5, #0)
+     26a:	4661      	mov	r1, ip
+     26c:	ffd4f7ff 	bl	0x218
+     270:	8030      	strh	r0, [r6, #0]
+     272:	1c28      	mov	r0, r5		(add r0, r5, #0)
+     274:	4661      	mov	r1, ip
+     276:	1c22      	mov	r2, r4		(add r2, r4, #0)
+     278:	ffc4f7ff 	bl	0x204
+     27c:	1c20      	mov	r0, r4		(add r0, r4, #0)
+     27e:	4661      	mov	r1, ip
+     280:	ffcaf7ff 	bl	0x218
+     284:	8038      	strh	r0, [r7, #0]
+     286:	bdf0      	pop	{r4, r5, r6, r7, pc}
+
+     288:	00800010
+     28c:	00800012
+     290:	00810480
+     294:	0081af0c
+     298:	00002508
+
+     29c:	b500      	push	{lr}
+     29e:	f82bf000 	bl	0x2f8
+     2a2:	f802f000 	bl	0x2aa
+     2a6:	bd00      	pop	{pc}
+
+     2a8:	4770      	bx	lr
+
+     2aa:	b500      	push	{lr}
+     2ac:	2003      	mov	r0, #3
+     2ae:	0400      	lsl	r0, r0, #16
+     2b0:	f820f000 	bl	0x2f4
+     2b4:	bd00      	pop	{pc}
+     2b6:	0000
+
+     2b8:	e92d4000 	stmdb	sp!, {lr}
+     2bc:	e28fe001 	add	lr, pc, #1	; 0x1
+     2c0:	e12fff1e 	bx	lr
+     2c4:	ffeaf7ff 	bl	0x29c
+     2c8:	4778      	bx	pc
+     2ca:	46c0      	nop			(mov r8, r8)
+     2cc:	e8bd8000 	ldmia	sp!, {pc}
+
+     2d0:	e92d4000 	stmdb	sp!, {lr}
+     2d4:	e28fe001 	add	lr, pc, #1	; 0x1
+     2d8:	e12fff1e 	bx	lr
+     2dc:	ffb2f7ff 	bl	0x244
+     2e0:	4778      	bx	pc
+     2e2:	46c0      	nop			(mov r8, r8)
+     2e4:	e8bd8000 	ldmia	sp!, {pc}
+
+     2e8:	e59fc000 	ldr	ip, [pc, #0]	; 0x2f0
+     2ec:	e12fff1c 	bx	ip
+     2f0:	000002a9
+
+     2f4:	4700      	bx	r0
+     2f6:	0000
+
+     2f8:	b082      	sub	sp, #8
+     2fa:	9400      	str	r4, [sp, #0]
+     2fc:	4c01      	ldr	r4, [pc, #4]	(0x304)
+     2fe:	9401      	str	r4, [sp, #4]
+     300:	bd10      	pop	{r4, pc}
+     302:	0000
+     304:	00818f2c
+
+<308-1FFF: all FFs>
+
+    2000:	00000001	; magic word for the Calypso boot ROM
+
+    2004:	ea0000be 	b	0x2304
+    2008:	ea0000c0 	b	0x2310
+    200c:	ea0000c2 	b	0x231c
+    2010:	ea0000c4 	b	0x2328
+    2014:	ea0000c6 	b	0x2334
+    2018:	ea0000b0 	b	0x22e0
+    201c:	ea0000b6 	b	0x22fc
+
+    2020:	02a102a4
+    2024:	02a402a1
+    2028:	02c0009c
+    202c:	002a0040
+    2030:	fffffb00
+    2034:	fffef006
+    2038:	00000008
+    203c:	fffffd00
+    2040:	ffff9800
+    2044:	fffffb10
+    2048:	ffffff08
+    204c:	20021081
+    2050:	f7ff0800
+    2054:	00000000
+    2058:	0001fa00
+
+; COME FROM 0x1fc
+    205c:	e51f1024 	ldr	r1, [pc, #-36]	; 0x2040 =0xffff9800
+    2060:	e15f21ba 	ldrh	r2, [pc, #-26]	; 0x204e =0x2002
+    2064:	e1c120b0 	strh	r2, [r1]
+    2068:	e5912000 	ldr	r2, [r1]
+    206c:	e2022001 	and	r2, r2, #1	; 0x1
+    2070:	e3520001 	cmp	r2, #1	; 0x1
+    2074:	0afffffb 	beq	0x2068
+    2078:	e51f1044 	ldr	r1, [pc, #-68]	; 0x203c =0xfffffd00
+    207c:	e15f23b8 	ldrh	r2, [pc, #-56]	; 0x204c =0x1081
+    2080:	e1c120b0 	strh	r2, [r1]
+    2084:	e51f1048 	ldr	r1, [pc, #-72]	; 0x2044 =0xfffffb10
+    2088:	e15f23be 	ldrh	r2, [pc, #-62]	; 0x2052 =0xf7ff
+    208c:	e1d100b0 	ldrh	r0, [r1]
+    2090:	e0000002 	and	r0, r0, r2
+    2094:	e1c100b0 	strh	r0, [r1]	; enable DU
+    2098:	e51f1058 	ldr	r1, [pc, #-88]	; 0x2048 =0xffffff08
+    209c:	e15f25b0 	ldrh	r2, [pc, #-80]	; 0x2054 =0x0000
+    20a0:	e1c120b0 	strh	r2, [r1]
+    20a4:	e51f107c 	ldr	r1, [pc, #-124]	; 0x2030 =0xfffffb00
+    20a8:	e15f29b0 	ldrh	r2, [pc, #-144]	; 0x2020 =0x02a4
+    20ac:	e1c120b0 	strh	r2, [r1]
+    20b0:	e15f29b6 	ldrh	r2, [pc, #-150]	; 0x2022 =0x02a1
+    20b4:	e1c120b2 	strh	r2, [r1, #2]
+    20b8:	e15f29bc 	ldrh	r2, [pc, #-156]	; 0x2024 =0x02a1
+    20bc:	e1c120b4 	strh	r2, [r1, #4]
+    20c0:	e15f2ab2 	ldrh	r2, [pc, #-162]	; 0x2026 =0x02a4
+    20c4:	e1c120b6 	strh	r2, [r1, #6]
+    20c8:	e15f2ab8 	ldrh	r2, [pc, #-168]	; 0x2028 =0x009c
+    20cc:	e1c120ba 	strh	r2, [r1, #10]
+    20d0:	e15f2abe 	ldrh	r2, [pc, #-174]	; 0x202a =0x02c0
+    20d4:	e1c120bc 	strh	r2, [r1, #12]
+    20d8:	e15f2bb4 	ldrh	r2, [pc, #-180]	; 0x202c =0x0040
+    20dc:	e1c120b8 	strh	r2, [r1, #8]
+    20e0:	e15f2bba 	ldrh	r2, [pc, #-186]	; 0x202e =0x002a
+    20e4:	e1c120be 	strh	r2, [r1, #14]
+    20e8:	e51f10bc 	ldr	r1, [pc, #-188]	; 0x2034 =0xfffef006
+    20ec:	e1d120b0 	ldrh	r2, [r1]
+    20f0:	e51f00c0 	ldr	r0, [pc, #-192]	; 0x2038 =0x00000008
+    20f4:	e1800002 	orr	r0, r0, r2
+    20f8:	e1c100b0 	strh	r0, [r1]	; enable A22
+    20fc:	e10f0000 	mrs	r0, CPSR
+    2100:	e3c0001f 	bic	r0, r0, #31	; 0x1f
+    2104:	e3800013 	orr	r0, r0, #19	; 0x13
+    2108:	e38000c0 	orr	r0, r0, #192	; 0xc0
+    210c:	e129f000 	msr	CPSR_fc, r0	; SVC, all ints disabled
+    2110:	e59f02e0 	ldr	r0, [pc, #736]	; 0x23f8 =0x800004
+    2114:	e3a02000 	mov	r2, #0	; 0x0
+    2118:	e59f12dc 	ldr	r1, [pc, #732]	; 0x23fc =0x81047c
+    211c:	e1500001 	cmp	r0, r1
+    2120:	0a000000 	beq	0x2128
+    2124:	e4802004 	str	r2, [r0], #4
+    2128:	e1500001 	cmp	r0, r1
+    212c:	1afffffc 	bne	0x2124
+    2130:	e59f02c8 	ldr	r0, [pc, #712]	; 0x2400 =0x800000
+    2134:	e3a02000 	mov	r2, #0	; 0x0
+    2138:	e59f12c4 	ldr	r1, [pc, #708]	; 0x2404 =0x81047c
+    213c:	e1500001 	cmp	r0, r1
+    2140:	0a000000 	beq	0x2148
+    2144:	e4802004 	str	r2, [r0], #4
+    2148:	e1500001 	cmp	r0, r1
+    214c:	1afffffc 	bne	0x2144
+    2150:	e3a00001 	mov	r0, #1	; 0x1
+    2154:	e59f12b0 	ldr	r1, [pc, #688]	; 0x240c =0x800004
+    2158:	e5810000 	str	r0, [r1]
+    215c:	e59f02a4 	ldr	r0, [pc, #676]	; 0x2408 =0x81aff8
+    2160:	e3a01e46 	mov	r1, #1120	; 0x460
+    2164:	e2411004 	sub	r1, r1, #4	; 0x4
+    2168:	e0802001 	add	r2, r0, r1
+    216c:	e1a0a000 	mov	sl, r0
+    2170:	e59f3298 	ldr	r3, [pc, #664]	; 0x2410 =0x800008
+    2174:	e583a000 	str	sl, [r3]
+    2178:	e1a0d002 	mov	sp, r2
+    217c:	e59f3290 	ldr	r3, [pc, #656]	; 0x2414 =0x80000c
+    2180:	e583d000 	str	sp, [r3]
+    2184:	e3a01080 	mov	r1, #128	; 0x80
+    2188:	e0822001 	add	r2, r2, r1
+    218c:	e10f0000 	mrs	r0, CPSR
+    2190:	e3c0001f 	bic	r0, r0, #31	; 0x1f
+    2194:	e3800012 	orr	r0, r0, #18	; 0x12
+    2198:	e129f000 	msr	CPSR_fc, r0	; IRQ
+    219c:	e1a0d002 	mov	sp, r2
+    21a0:	e3a01c02 	mov	r1, #512	; 0x200
+    21a4:	e0822001 	add	r2, r2, r1
+    21a8:	e10f0000 	mrs	r0, CPSR
+    21ac:	e3c0001f 	bic	r0, r0, #31	; 0x1f
+    21b0:	e3800011 	orr	r0, r0, #17	; 0x11
+    21b4:	e129f000 	msr	CPSR_fc, r0	; FIQ
+    21b8:	e1a0d002 	mov	sp, r2
+    21bc:	e10f0000 	mrs	r0, CPSR
+    21c0:	e3c0001f 	bic	r0, r0, #31	; 0x1f
+    21c4:	e3800017 	orr	r0, r0, #23	; 0x17
+    21c8:	e129f000 	msr	CPSR_fc, r0	; Abort
+    21cc:	e59fd244 	ldr	sp, [pc, #580]	; 0x2418 =0x81AF60
+    21d0:	e10f0000 	mrs	r0, CPSR
+    21d4:	e3c0001f 	bic	r0, r0, #31	; 0x1f
+    21d8:	e380001b 	orr	r0, r0, #27	; 0x1b
+    21dc:	e129f000 	msr	CPSR_fc, r0	; Undef
+    21e0:	e59fd230 	ldr	sp, [pc, #560]	; 0x2418 =0x81AF60
+    21e4:	e10f0000 	mrs	r0, CPSR
+    21e8:	e3c0001f 	bic	r0, r0, #31	; 0x1f
+    21ec:	e3800013 	orr	r0, r0, #19	; 0x13
+    21f0:	e129f000 	msr	CPSR_fc, r0	; SVC
+    21f4:	e1a04002 	mov	r4, r2
+    21f8:	ebfff834 	bl	0x2d0		; 0x244 via veneer
+    21fc:	e1a02004 	mov	r2, r4
+    2200:	e59f1208 	ldr	r1, [pc, #520]	; 0x2410 =0x800008
+    2204:	e5910000 	ldr	r0, [r1]
+    2208:	e3a030fe 	mov	r3, #254	; 0xfe
+    220c:	e5c03000 	strb	r3, [r0]
+    2210:	e5c03001 	strb	r3, [r0, #1]
+    2214:	e5c03002 	strb	r3, [r0, #2]
+    2218:	e5c03003 	strb	r3, [r0, #3]
+    221c:	e4903004 	ldr	r3, [r0], #4
+    2220:	e4803004 	str	r3, [r0], #4
+    2224:	e1500002 	cmp	r0, r2
+    2228:	bafffffc 	blt	0x2220
+    222c:	e51f01dc 	ldr	r0, [pc, #-476]	; 0x2058 =0x1FA00
+    2230:	e3700001 	cmn	r0, #1	; 0x1
+    2234:	1b000079 	blne	0x2420
+    2238:	e1a00002 	mov	r0, r2
+    223c:	ebfff81d 	bl	0x2b8
+
+<2240-23F7: not yet analyzed>
+
+    23f8:	00800004
+    23fc:	0081047c
+    2400:	00800000
+    2404:	0081047c
+    2408:	0081aff8
+    240c:	00800004
+    2410:	00800008
+    2414:	0080000c
+    2418:	0081af60
+    241c:	0081af60
+
+; TI's initialized data function
+    2420:	ea00000c 	b	0x2458
+    2424:	e4901004 	ldr	r1, [r0], #4
+    2428:	e3530003 	cmp	r3, #3	; 0x3
+    242c:	84904004 	ldrhi	r4, [r0], #4
+    2430:	84814004 	strhi	r4, [r1], #4
+    2434:	82433004 	subhi	r3, r3, #4	; 0x4
+    2438:	94d04001 	ldrlsb	r4, [r0], #1
+    243c:	94c14001 	strlsb	r4, [r1], #1
+    2440:	92433001 	subls	r3, r3, #1	; 0x1
+    2444:	e3530000 	cmp	r3, #0	; 0x0
+    2448:	1afffff6 	bne	0x2428
+    244c:	e2103003 	ands	r3, r0, #3	; 0x3
+    2450:	12633004 	rsbne	r3, r3, #4	; 0x4
+    2454:	10800003 	addne	r0, r0, r3
+    2458:	e4903004 	ldr	r3, [r0], #4
+    245c:	e3530000 	cmp	r3, #0	; 0x0
+    2460:	1affffef 	bne	0x2424
+    2464:	e1a0f00e 	mov	pc, lr
+
+<2468-24FF: all FFs>
+
+    2500:	00000000
+    2504:	ffffffff
+
+2508: 0xAA88 bytes copied to IRAM
+CF8F: last copied byte
+
+<CF90-1F9FF: all FFs>
+
+; initialized data table
+   1fa00:	00000001
+   1fa04:	00810020
+   1fa08:	c046c000
+
+   1fa0c:	00000001
+   1fa10:	00810021
+   1fa14:	c046c000
+
+   1fa18:	00000004
+   1fa1c:	00810024
+   1fa20:	00000000
+
+   1fa24:	0000000c
+   1fa28:	0081006c
+   1fa2c:	0081a4d0
+   1fa30:	0081a768
+   1fa34:	0081aa00
+
+   1fa38:	00000002
+   1fa3c:	00810014
+   1fa40:	46c00000
+
+   1fa44:	00000002
+   1fa48:	00810016
+   1fa4c:	46c00000
+
+   1fa50:	00000001
+   1fa54:	00810018
+   1fa58:	c046c000
+
+   1fa5c:	00000001
+   1fa60:	00810019
+   1fa64:	000000bc
+
+   1fa68:	00000001
+   1fa6c:	00800000
+   1fa70:	a0000000
+
+   1fa74:	00000001
+   1fa78:	0081047c
+   1fa7c:	00000000
+
+   1fa80:	00000004
+   1fa84:	00810078
+   1fa88:	00000000
+
+   1fa8c:	00000004
+   1fa90:	0081001c
+   1fa94:	00000000
+   1fa98:	00000000
+
+<1FA9C-2FFBF: all FFs>
+
+0002FFC0:  42 43 5F 44 39 31 30 2E  30 2E 31 36 00 00 00 00  BC_D910.0.16....
+0002FFD0:  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................
+*