view pirelli/firmware @ 245:9cd7fa86da47

pirelli/fw-disasm: l1_initialize() located
author Mychaela Falconia <falcon@freecalypso.org>
date Sat, 23 Dec 2017 23:26:06 +0000
parents 277fd7b971f0
children
line wrap: on
line source

Following on the success of our match of moko11 disassembly against some known
objects (see ../moko11), let's try doing the same thing with Pirelli's fw.

Let's see if the code in Pirelli's fw at 0x40000 matches .inttext from TI's
int.obj: so far, so good!  Let's see how far we can get:

040000:	beginning of match with .inttext in TI's int.obj
040268:	b 0x3f6b40, should be a jump to the _INC_Initialize veneer
3BB7D4:	first function called from Application_Initialize()
	the logic of Init_Target() is recognizable, but it's a modified
	version, not the same object blob as we have
	the setup of memory timings matches that done by OsmocomBB!
3F11F8:	this should be Application_Initialize()
	differences begin: instead of 6 function calls, there are 12,
	with one of them conditionalized on the return value of the previous
3F3E74:	expecting to see $INC_Initialize here - yes!
3F6B40:	looks like an ARM->Thumb call veneer indeed
3F6B4C:	Thumb code begins, does bl 0x3f3e74
3F6B54:	back to ARM, veneer return

data objects:

01775048:	INC_Initialize state variable