FreeCalypso > hg > freecalypso-reveng
view dsample-fw-disasm @ 265:d15f701b1434
dsample-fw-disasm: beginning to locate tpudrv10 code
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Thu, 18 Jan 2018 08:03:03 +0000 |
parents | e4a596bbb2bf |
children | bb46e9f67cd5 |
line wrap: on
line source
; The present work is a disassembly analysis of the 20020917 firmware image ; read out of our vintage D-Sample C05 board. 0: ea0004e7 b 0x13a4 4: ea003ffd b 0x10000 8: ea003ffd b 0x10004 c: ea003ffd b 0x10008 10: ea003ffd b 0x1000c 14: ea003ffd b 0x10010 18: ea003ffd b 0x10014 1c: ea003ffd b 0x10018 ; constant pool before _INT_Bootloader_Start matches TCS211 1378: fffffb00 137c: 02a102a1 1380: 028302a1 1384: 00c00281 1388: 002a0040 138c: fffffd00 1390: ffff9800 1394: fffffb10 1398: ffffff08 139c: 20061081 13a0: 00000800 _INT_Bootloader_Start: ; code fully matches TCS211 13a4: e51f101c ldr r1, =0xffff9800 ; via 0x1390 13a8: e15f21b2 ldrh r2, =0x2006 ; via 0x139e 13ac: e1c120b0 strh r2, [r1] 13b0: e5912000 ldr r2, [r1] 13b4: e2022001 and r2, r2, #1 13b8: e3520001 cmp r2, #1 13bc: 0afffffb beq 0x13b0 13c0: e51f103c ldr r1, =0xfffffd00 ; via 0x138c 13c4: e15f23b0 ldrh r2, =0x1081 ; via 0x139c 13c8: e1c120b0 strh r2, [r1] 13cc: e51f1040 ldr r1, =0xfffffb10 ; via 0x1394 13d0: e15f23b8 ldrh r2, =0x800 ; via 0x13a0 13d4: e1d100b0 ldrh r0, [r1] 13d8: e1800002 orr r0, r0, r2 13dc: e1c100b0 strh r0, [r1] 13e0: e51f1050 ldr r1, =0xffffff08 ; via 0x1398 13e4: e15f24ba ldrh r2, =0x0 ; via 0x13a2 13e8: e1c120b0 strh r2, [r1] 13ec: e51f107c ldr r1, =0xfffffb00 ; via 0x1378 13f0: e15f27bc ldrh r2, =0x2a1 ; via 0x137c 13f4: e1c120b0 strh r2, [r1] 13f8: e15f28b2 ldrh r2, =0x2a1 ; via 0x137e 13fc: e1c120b2 strh r2, [r1, #2] 1400: e15f28b8 ldrh r2, =0x2a1 ; via 0x1380 1404: e1c120b4 strh r2, [r1, #4] 1408: e15f28be ldrh r2, =0x283 ; via 0x1382 140c: e1c120b6 strh r2, [r1, #6] 1410: e15f29b4 ldrh r2, =0x281 ; via 0x1384 1414: e1c120ba strh r2, [r1, #10] ; 0xa 1418: e15f29ba ldrh r2, =0xc0 ; via 0x1386 141c: e1c120bc strh r2, [r1, #12] ; 0xc 1420: e15f2ab0 ldrh r2, =0x40 ; via 0x1388 1424: e1c120b8 strh r2, [r1, #8] 1428: e15f2ab6 ldrh r2, =0x2a ; via 0x138a 142c: e1c120be strh r2, [r1, #14] ; 0xe 1430: e59f0020 ldr r0, =0x107921c ; via 0x1458 1434: e3a01b01 mov r1, #1024 ; 0x400 1438: e2411004 sub r1, r1, #4 143c: e0802001 add r2, r0, r1 1440: e3c22003 bic r2, r2, #3 1444: e1a0d002 mov sp, r2 1448: e92d100f stmdb sp!, {r0, r1, r2, r3, r12} 144c: eb000046 bl 0x156c 1450: e8bd100f ldmia sp!, {r0, r1, r2, r3, r12} 1454: ea003afd b 0x10050 1458: 0107921c _sta_select_application: (ARM->Thumb veneer) 156c: e92d4000 stmdb sp!, {lr} 1570: e28fe001 add lr, pc, #1 1574: e12fff1e bx lr 1578: f7ff fd63 bl 0x1042 157c: 4778 bx pc 157e: 46c0 nop (mov r8, r8) 1580: e8bd8000 ldmia sp!, {pc} ; branch target addresses differ from TCS211 10000: ea0000bf b 0x10304 10004: ea0000c4 b 0x1031c 10008: ea0000c9 b 0x10334 1000c: ea0000ce b 0x1034c 10010: ea0000d3 b 0x10364 10014: ea0000b0 b 0x102dc 10018: ea0000b4 b 0x102f0 ; Constant pool ; Difference between this version and TCS211: the newer TCS211 version ; includes constants 0xFFFEF006 and 0x00000008 for the 8 MiB ; memory bank setup. This difference must be responsible for the ; 0x10050 vs. 0x10058 discrepancy. 1001c: 02a102a1 10020: 028302a1 10024: 02c00e85 10028: 002a0040 1002c: fffffb00 10030: fffffd00 10034: ffff9800 10038: fffffb10 1003c: ffffff08 10040: 20021081 10044: f7ff0800 10048: 00000000 1004c: 0001047c ; .cinit base _INT_Initialize: ; beginning matches TCS211 10050: e51f1024 ldr r1, =0xffff9800 ; via 0x10034 10054: e15f21ba ldrh r2, =0x2002 ; via 0x10042 10058: e1c120b0 strh r2, [r1] 1005c: e5912000 ldr r2, [r1] 10060: e2022001 and r2, r2, #1 10064: e3520001 cmp r2, #1 10068: 0afffffb beq 0x1005c 1006c: e51f1044 ldr r1, =0xfffffd00 ; via 0x10030 10070: e15f23b8 ldrh r2, =0x1081 ; via 0x10040 10074: e1c120b0 strh r2, [r1] 10078: e51f1048 ldr r1, =0xfffffb10 ; via 0x10038 1007c: e15f23be ldrh r2, =0xf7ff ; via 0x10046 10080: e1d100b0 ldrh r0, [r1] 10084: e0000002 and r0, r0, r2 10088: e1c100b0 strh r0, [r1] 1008c: e51f1058 ldr r1, =0xffffff08 ; via 0x1003c 10090: e15f25b0 ldrh r2, =0x0 ; via 0x10048 10094: e1c120b0 strh r2, [r1] 10098: e51f1074 ldr r1, =0xfffffb00 ; via 0x1002c 1009c: e15f28b8 ldrh r2, =0x2a1 ; via 0x1001c 100a0: e1c120b0 strh r2, [r1] 100a4: e15f28be ldrh r2, =0x2a1 ; via 0x1001e 100a8: e1c120b2 strh r2, [r1, #2] 100ac: e15f29b4 ldrh r2, =0x2a1 ; via 0x10020 100b0: e1c120b4 strh r2, [r1, #4] 100b4: e15f29ba ldrh r2, =0x283 ; via 0x10022 100b8: e1c120b6 strh r2, [r1, #6] 100bc: e15f2ab0 ldrh r2, =0xe85 ; via 0x10024 100c0: e1c120ba strh r2, [r1, #10] ; 0xa 100c4: e15f2ab6 ldrh r2, =0x2c0 ; via 0x10026 100c8: e1c120bc strh r2, [r1, #12] ; 0xc 100cc: e15f2abc ldrh r2, =0x40 ; via 0x10028 100d0: e1c120b8 strh r2, [r1, #8] 100d4: e15f2bb2 ldrh r2, =0x2a ; via 0x1002a 100d8: e1c120be strh r2, [r1, #14] ; 0xe ; TCS211 version does the 8 MiB memory bank setup at this point 100dc: e10f0000 mrs r0, CPSR 100e0: e3c0001f bic r0, r0, #31 ; 0x1f 100e4: e3800013 orr r0, r0, #19 ; 0x13 100e8: e38000c0 orr r0, r0, #192 ; 0xc0 100ec: e129f000 msr CPSR_fc, r0 ; bss clearing is done inline here, whereas TCS211 version calls _INT_memset 100f0: e59f0304 ldr r0, =0x1000cf4 ; via 0x103fc 100f4: e3a02000 mov r2, #0 100f8: e59f1300 ldr r1, =0x107921c ; via 0x10400 100fc: e4802004 str r2, [r0], #4 10100: e1500001 cmp r0, r1 10104: 1afffffc bne 0x100fc 10108: e59f02f4 ldr r0, =0x819450 ; via 0x10404 1010c: e3a02000 mov r2, #0 10110: e59f12f0 ldr r1, =0x83eda0 ; via 0x10408 10114: e4802004 str r2, [r0], #4 10118: e1500001 cmp r0, r1 1011c: 1afffffc bne 0x10114 ; setting _INT_Loaded_Flag? ; code matches TCS211 0x10150 from this point onward 10120: e3a00001 mov r0, #1 10124: e59f12e4 ldr r1, =0x107916c ; via 0x10410 10128: e5810000 str r0, [r1] ; stack setup matching 0x1015c in TCS211 1012c: e59f02d8 ldr r0, =0x1079308 ; via 0x1040c 10130: e3a01b01 mov r1, #1024 ; 0x400 10134: e2411004 sub r1, r1, #4 10138: e0802001 add r2, r0, r1 1013c: e1a0a000 mov r10, r0 10140: e59f32cc ldr r3, =0x83c148 ; via 0x10414 10144: e583a000 str r10, [r3] 10148: e1a0d002 mov sp, r2 1014c: e59f32c4 ldr r3, =0x83c26c ; via 0x10418 10150: e583d000 str sp, [r3] 10154: e3a01080 mov r1, #128 ; 0x80 10158: e0822001 add r2, r2, r1 1015c: e10f0000 mrs r0, CPSR 10160: e3c0001f bic r0, r0, #31 ; 0x1f 10164: e3800012 orr r0, r0, #18 ; 0x12 10168: e129f000 msr CPSR_fc, r0 1016c: e1a0d002 mov sp, r2 10170: e3a01c02 mov r1, #512 ; 0x200 10174: e0822001 add r2, r2, r1 10178: e10f0000 mrs r0, CPSR 1017c: e3c0001f bic r0, r0, #31 ; 0x1f 10180: e3800011 orr r0, r0, #17 ; 0x11 10184: e129f000 msr CPSR_fc, r0 10188: e1a0d002 mov sp, r2 1018c: e10f0000 mrs r0, CPSR 10190: e3c0001f bic r0, r0, #31 ; 0x1f 10194: e3800017 orr r0, r0, #23 ; 0x17 10198: e129f000 msr CPSR_fc, r0 1019c: e59fd288 ldr sp, =0x1079270 ; via 0x1042c 101a0: e10f0000 mrs r0, CPSR 101a4: e3c0001f bic r0, r0, #31 ; 0x1f 101a8: e380001b orr r0, r0, #27 ; 0x1b 101ac: e129f000 msr CPSR_fc, r0 101b0: e59fd274 ldr sp, =0x1079270 ; via 0x1042c 101b4: e10f0000 mrs r0, CPSR 101b8: e3c0001f bic r0, r0, #31 ; 0x1f 101bc: e3800013 orr r0, r0, #19 ; 0x13 101c0: e129f000 msr CPSR_fc, r0 101c4: e59f3250 ldr r3, =0x83c0b0 ; via 0x1041c 101c8: e2822004 add r2, r2, #4 101cc: e5832000 str r2, [r3] 101d0: e3a01b01 mov r1, #1024 ; 0x400 101d4: e3c11003 bic r1, r1, #3 101d8: e0822001 add r2, r2, r1 101dc: e59f323c ldr r3, =0x83c134 ; via 0x10420 101e0: e5831000 str r1, [r3] 101e4: e3a01002 mov r1, #2 101e8: e59f3234 ldr r3, =0x83c144 ; via 0x10424 101ec: e5831000 str r1, [r3] 101f0: e1a04002 mov r4, r2 101f4: eb09153c bl 0x2556ec ; _f_load_int_mem 101f8: e1a02004 mov r2, r4 101fc: e59f1210 ldr r1, =0x83c148 ; via 0x10414 10200: e5910000 ldr r0, [r1] 10204: e3a030fe mov r3, #254 ; 0xfe 10208: e5c03000 strb r3, [r0] 1020c: e5c03001 strb r3, [r0, #1] 10210: e5c03002 strb r3, [r0, #2] 10214: e5c03003 strb r3, [r0, #3] 10218: e4903004 ldr r3, [r0], #4 1021c: e4803004 str r3, [r0], #4 10220: e1500002 cmp r0, r2 10224: bafffffc blt 0x1021c 10228: e51f01e4 ldr r0, =0x1047c ; via 0x1004c 1022c: e3700001 cmn r0, #1 10230: 1b00007f blne 0x10434 ; _auto_init 10234: e59f01ec ldr r0, =0x1078744 ; via 0x10428 10238: ea09151f b 0x2556bc ; _INC_Initialize $Init_Target: 2458f0: b570 push {r4, r5, r6, lr} 2458f2: b081 sub sp, #4 ; write 0x6000 into FFFE:F008 like TCS211 2458f4: 4d62 ldr r5, =0xfffef006 ; via 0x245a80 2458f6: 2003 mov r0, #3 2458f8: 0340 lsl r0, r0, #13 2458fa: 8068 strh r0, [r5, #2] ; TM_DisableWatchdog() ? 2458fc: f006 fd03 bl 0x24c306 ; 8 MiB memory bank setup 245900: 2008 mov r0, #8 245902: 8829 ldrh r1, [r5, #0] 245904: 4308 orr r0, r1 245906: 8028 strh r0, [r5, #0] ; CNTL_CLK (FFFF:FD02) register setup ; ; TCS211 does this: ; CNTL_CLK |= 0x0005; ; CNTL_CLK &= 0xFF3F; ; CNTL_CLK |= 0x0080; ; CNTL_CLK &= 0xFFDF; ; ; The present version does this: ; CNTL_CLK = 0x0005; ; CNTL_CLK &= 0xFF3F; ; CNTL_CLK &= 0xFFDF; ; ; Difference 1: initial straight write vs. OR: it must be the effect ; of the change in the definition of the CLKM_INITCNTL() ; macro seen in the diff between MV100 and Sotovik versions. ; ; Difference 2: VTCXO_DIV2 bit setting for Clara (13 MHz) vs. Rita (26 MHz) 245908: 485e ldr r0, =0xfffffd02 ; via 0x245a84 24590a: 2105 mov r1, #5 24590c: 8001 strh r1, [r0, #0] 24590e: 495e ldr r1, =0xff3f ; via 0x245a88 245910: 8802 ldrh r2, [r0, #0] 245912: 4011 and r1, r2 245914: 8001 strh r1, [r0, #0] 245916: 495d ldr r1, =0xffdf ; via 0x245a8c 245918: 8802 ldrh r2, [r0, #0] 24591a: 4011 and r1, r2 24591c: 8001 strh r1, [r0, #0] ; RHEA_CNTL_REG setup: this version writes 0x7F00, TCS211 writes 0xFF00 24591e: 4e5c ldr r6, =0xfffff900 ; via 0x245a90 245920: 207f mov r0, #127 ; 0x7f 245922: 0200 lsl r0, r0, #8 245924: 8030 strh r0, [r6, #0] ; PLL setup: the code structure (sequence of steps) is the same as in TCS211, ; but the PLL multiplier is set to 6 instead of 8. Thus the DSP runs at ; 78 MHz and the ARM runs at 39 MHz. 245926: 4c5b ldr r4, =0xffff9800 ; via 0x245a94 245928: 485b ldr r0, =0xfff3 ; via 0x245a98 24592a: 8821 ldrh r1, [r4, #0] 24592c: 4008 and r0, r1 24592e: 8020 strh r0, [r4, #0] 245930: 8820 ldrh r0, [r4, #0] 245932: 8020 strh r0, [r4, #0] 245934: 4859 ldr r0, =0xf01f ; via 0x245a9c 245936: 8821 ldrh r1, [r4, #0] 245938: 4008 and r0, r1 24593a: 8020 strh r0, [r4, #0] 24593c: 2003 mov r0, #3 24593e: 0200 lsl r0, r0, #8 245940: 8821 ldrh r1, [r4, #0] 245942: 4308 orr r0, r1 245944: 8020 strh r0, [r4, #0] ; ARM clock setup: divide by 2 like in TCS211 245946: 2000 mov r0, #0 245948: 2102 mov r1, #2 24594a: 2200 mov r2, #0 24594c: f007 fe00 bl 0x24d550 ; Memory timings: definitely peculiar 245950: 4953 ldr r1, =0xfffffb00 ; via 0x245aa0 245952: 20a5 mov r0, #165 ; 0xa5 245954: 8008 strh r0, [r1, #0] 245956: 8048 strh r0, [r1, #2] 245958: 20a2 mov r0, #162 ; 0xa2 24595a: 8088 strh r0, [r1, #4] 24595c: 2085 mov r0, #133 ; 0x85 24595e: 80c8 strh r0, [r1, #6] 245960: 2080 mov r0, #128 ; 0x80 245962: 8148 strh r0, [r1, #10] ; 0xa 245964: 200b mov r0, #11 ; 0xb 245966: 0180 lsl r0, r0, #6 245968: 8188 strh r0, [r1, #12] ; 0xc 24596a: 2040 mov r0, #64 ; 0x40 24596c: 8108 strh r0, [r1, #8] ; FFFF:F902 and FFFF:F904 registers set up exactly the same as in TCS211 24596e: 2020 mov r0, #32 ; 0x20 245970: 8070 strh r0, [r6, #2] 245972: 2000 mov r0, #0 245974: 80b0 strh r0, [r6, #4] ; PLL turn-on just like in TCS211 245976: 2010 mov r0, #16 ; 0x10 245978: 8821 ldrh r1, [r4, #0] 24597a: 4308 orr r0, r1 24597c: 8020 strh r0, [r4, #0] ; remaining Init_Target() code not studied yet 24597e: 4849 ldr r0, =0xfffffa08 ; via 0x245aa4 245980: 4949 ldr r1, =0xffff ; via 0x245aa8 245982: 8001 strh r1, [r0, #0] 245984: 241f mov r4, #31 ; 0x1f 245986: 8044 strh r4, [r0, #2] 245988: 2103 mov r1, #3 24598a: 8181 strh r1, [r0, #12] ; 0xc 24598c: f005 fc28 bl 0x24b1e0 ; $IQ_SetupInterrupts 245990: 4846 ldr r0, =0xfffffc00 ; via 0x245aac 245992: 2124 mov r1, #36 ; 0x24 245994: 8001 strh r1, [r0, #0] 245996: 210d mov r1, #13 ; 0xd 245998: 8041 strh r1, [r0, #2] 24599a: 2300 mov r3, #0 24599c: 4844 ldr r0, =0xfffe2016 ; via 0x245ab0 24599e: 8003 strh r3, [r0, #0] 2459a0: 4844 ldr r0, =0xfffe2014 ; via 0x245ab4 2459a2: 2102 mov r1, #2 2459a4: 8001 strh r1, [r0, #0] 2459a6: 4844 ldr r0, =0xfffe2002 ; via 0x245ab8 2459a8: 2184 mov r1, #132 ; 0x84 2459aa: 8001 strh r1, [r0, #0] 2459ac: 4943 ldr r1, =0xfffe2000 ; via 0x245abc 2459ae: 4844 ldr r0, =0x3de0 ; via 0x245ac0 2459b0: 8008 strh r0, [r1, #0] 2459b2: 4a44 ldr r2, =0xfffe2022 ; via 0x245ac4 2459b4: 2009 mov r0, #9 2459b6: 8010 strh r0, [r2, #0] 2459b8: 4843 ldr r0, =0xfffe2020 ; via 0x245ac8 2459ba: 4a44 ldr r2, =0x45a ; via 0x245acc 2459bc: 8002 strh r2, [r0, #0] 2459be: 4844 ldr r0, =0xfffe201e ; via 0x245ad0 2459c0: 22b4 mov r2, #180 ; 0xb4 2459c2: 8002 strh r2, [r0, #0] 2459c4: 4843 ldr r0, =0xfffe201c ; via 0x245ad4 2459c6: 8004 strh r4, [r0, #0] 2459c8: 1c1c add r4, r3, #0 2459ca: 4843 ldr r0, =0xfffe2024 ; via 0x245ad8 2459cc: 8004 strh r4, [r0, #0] 2459ce: 4b43 ldr r3, =0xfffe2010 ; via 0x245adc 2459d0: 2002 mov r0, #2 2459d2: 881a ldrh r2, [r3, #0] 2459d4: 4310 orr r0, r2 2459d6: 8018 strh r0, [r3, #0] 2459d8: 4840 ldr r0, =0xfffe2010 ; via 0x245adc 2459da: 2304 mov r3, #4 2459dc: 8802 ldrh r2, [r0, #0] 2459de: 4313 orr r3, r2 2459e0: 8003 strh r3, [r0, #0] 2459e2: 2027 mov r0, #39 ; 0x27 2459e4: 80e8 strh r0, [r5, #6] 2459e6: 8a08 ldrh r0, [r1, #16] ; 0x10 2459e8: 0840 lsr r0, r0, #1 2459ea: d310 bcc 0x245a0e 2459ec: 8a08 ldrh r0, [r1, #16] ; 0x10 2459ee: 0400 lsl r0, r0, #16 2459f0: 0c40 lsr r0, r0, #17 2459f2: 0040 lsl r0, r0, #1 2459f4: 8208 strh r0, [r1, #16] ; 0x10 2459f6: 2001 mov r0, #1 2459f8: 9000 str r0, [sp, #0] 2459fa: e002 b 0x245a02 2459fc: 9800 ldr r0, [sp, #0] 2459fe: 3001 add r0, #1 245a00: 9000 str r0, [sp, #0] 245a02: 9800 ldr r0, [sp, #0] 245a04: 2832 cmp r0, #50 ; 0x32 245a06: d3f9 bcc 0x2459fc 245a08: 8a48 ldrh r0, [r1, #18] ; 0x12 245a0a: 2800 cmp r0, #0 245a0c: d0fc beq 0x245a08 245a0e: f006 fdbf bl 0x24c590 ; $AI_ClockEnable 245a12: f006 fdc3 bl 0x24c59c ; $AI_InitIOConfig 245a16: 2027 mov r0, #39 ; 0x27 245a18: 0500 lsl r0, r0, #20 245a1a: 8004 strh r4, [r0, #0] 245a1c: 2001 mov r0, #1 245a1e: f006 fc80 bl 0x24c322 ; $TM_EnableTimer 245a22: 2002 mov r0, #2 245a24: f006 fc7d bl 0x24c322 ; $TM_EnableTimer 245a28: b001 add sp, #4 245a2a: bd70 pop {r4, r5, r6, pc} $Init_Drivers: 245a2c: b500 push {lr} 245a2e: f7ce f9b0 bl 0x213d92 245a32: f7af fb41 bl 0x1f50b8 245a36: f7da fd20 bl 0x22047a 245a3a: f755 fc4f bl 0x19b2dc 245a3e: bd00 pop {pc} $Init_Serial_Flows: 245a40: b500 push {lr} 245a42: 4827 ldr r0, =0x10786fc ; via 0x245ae0 245a44: f795 f98e bl 0x1dad64 245a48: 2000 mov r0, #0 245a4a: 2102 mov r1, #2 245a4c: 2200 mov r2, #0 245a4e: f795 fbdc bl 0x1db20a 245a52: f795 fc51 bl 0x1db2f8 245a56: bd00 pop {pc} $Init_Unmask_IT: 245a58: b500 push {lr} 245a5a: 2004 mov r0, #4 245a5c: f005 fc21 bl 0x24b2a2 245a60: 2012 mov r0, #18 ; 0x12 245a62: f005 fc1e bl 0x24b2a2 245a66: 2007 mov r0, #7 245a68: f005 fc1b bl 0x24b2a2 245a6c: 2008 mov r0, #8 245a6e: f005 fc18 bl 0x24b2a2 245a72: bd00 pop {pc} ; The following BX LR instructions must be empty functions in the same init ; module as the recognizable functions above, as they lie between the previous ; code and its associated literal pool. 245a74: 4770 bx lr 245a76: 4770 bx lr 245a78: 4770 bx lr 245a7a: 4770 bx lr 245a7c: 4770 bx lr 245a7e: 4770 bx lr $AI_EnableBit: 24c4f4: 4a4e ldr r2, =0xfffef00a ; via 0x24c630 24c4f6: 2101 mov r1, #1 24c4f8: 4081 lsl r1, r0 24c4fa: 8810 ldrh r0, [r2, #0] 24c4fc: 4301 orr r1, r0 24c4fe: 8011 strh r1, [r2, #0] 24c500: 4770 bx lr $AI_DisableBit: 24c502: 4a4b ldr r2, =0xfffef00a ; via 0x24c630 24c504: 2101 mov r1, #1 24c506: 4081 lsl r1, r0 24c508: 8810 ldrh r0, [r2, #0] 24c50a: 4388 bic r0, r1 24c50c: 8010 strh r0, [r2, #0] 24c50e: 4770 bx lr $AI_SetBit: 24c510: 4a48 ldr r2, =0xfffe4802 ; via 0x24c634 24c512: 2101 mov r1, #1 24c514: 4081 lsl r1, r0 24c516: 8810 ldrh r0, [r2, #0] 24c518: 4301 orr r1, r0 24c51a: 8011 strh r1, [r2, #0] 24c51c: 4770 bx lr $AI_ResetBit: 24c51e: 4a45 ldr r2, =0xfffe4802 ; via 0x24c634 24c520: 2101 mov r1, #1 24c522: 4081 lsl r1, r0 24c524: 8810 ldrh r0, [r2, #0] 24c526: 4388 bic r0, r1 24c528: 8010 strh r0, [r2, #0] 24c52a: 4770 bx lr $AI_ConfigBitAsOutput: 24c52c: 4a42 ldr r2, =0xfffe4804 ; via 0x24c638 24c52e: 2101 mov r1, #1 24c530: 4081 lsl r1, r0 24c532: 8810 ldrh r0, [r2, #0] 24c534: 4388 bic r0, r1 24c536: 8010 strh r0, [r2, #0] 24c538: 4770 bx lr $AI_ConfigBitAsInput: 24c53a: 4a3f ldr r2, =0xfffe4804 ; via 0x24c638 24c53c: 2101 mov r1, #1 24c53e: 4081 lsl r1, r0 24c540: 8810 ldrh r0, [r2, #0] 24c542: 4301 orr r1, r0 24c544: 8011 strh r1, [r2, #0] 24c546: 4770 bx lr $AI_ReadBit: 24c548: 493c ldr r1, =0xfffe4800 ; via 0x24c63c 24c54a: 8809 ldrh r1, [r1, #0] 24c54c: 4101 asr r1, r0 24c54e: 07c8 lsl r0, r1, #31 24c550: 0fc0 lsr r0, r0, #31 24c552: 0600 lsl r0, r0, #24 24c554: 0e00 lsr r0, r0, #24 24c556: 4770 bx lr $AI_Power: 24c558: b500 push {lr} 24c55a: 2800 cmp r0, #0 24c55c: d110 bne 0x24c580 24c55e: f772 fcbf bl 0x1beee0 24c562: 0940 lsr r0, r0, #5 24c564: d2fb bcs 0x24c55e 24c566: f004 fc89 bl 0x250e7c 24c56a: 4835 ldr r0, =0xfffe3000 ; via 0x24c640 24c56c: 217c mov r1, #124 ; 0x7c 24c56e: 8141 strh r1, [r0, #10] ; 0xa 24c570: 2131 mov r1, #49 ; 0x31 24c572: 8802 ldrh r2, [r0, #0] 24c574: 4311 orr r1, r2 24c576: 8001 strh r1, [r0, #0] 24c578: 2102 mov r1, #2 24c57a: 8882 ldrh r2, [r0, #4] 24c57c: 4311 orr r1, r2 24c57e: 8081 strh r1, [r0, #4] 24c580: bd00 pop {pc} $AI_ResetIoConfig: 24c582: 492d ldr r1, =0xfffe4804 ; via 0x24c638 24c584: 482f ldr r0, =0xffff ; via 0x24c644 24c586: 8008 strh r0, [r1, #0] 24c588: 4829 ldr r0, =0xfffef00a ; via 0x24c630 24c58a: 2100 mov r1, #0 24c58c: 8001 strh r1, [r0, #0] 24c58e: 4770 bx lr $AI_ClockEnable: 24c590: 492d ldr r1, =0xfffe4806 ; via 0x24c648 24c592: 2020 mov r0, #32 ; 0x20 24c594: 880a ldrh r2, [r1, #0] 24c596: 4310 orr r0, r2 24c598: 8008 strh r0, [r1, #0] 24c59a: 4770 bx lr $AI_InitIOConfig: 24c59c: b500 push {lr} 24c59e: f7ff fff0 bl 0x24c582 ; $AI_ResetIoConfig 24c5a2: 2002 mov r0, #2 24c5a4: f7ff ffa6 bl 0x24c4f4 ; $AI_EnableBit 24c5a8: 2004 mov r0, #4 24c5aa: f7ff ffa3 bl 0x24c4f4 ; $AI_EnableBit 24c5ae: 2005 mov r0, #5 24c5b0: f7ff ffa0 bl 0x24c4f4 ; $AI_EnableBit 24c5b4: 2006 mov r0, #6 24c5b6: f7ff ff9d bl 0x24c4f4 ; $AI_EnableBit 24c5ba: 2007 mov r0, #7 24c5bc: f7ff ff9a bl 0x24c4f4 ; $AI_EnableBit 24c5c0: 2008 mov r0, #8 24c5c2: f7ff ff97 bl 0x24c4f4 ; $AI_EnableBit 24c5c6: 2009 mov r0, #9 24c5c8: f7ff ff94 bl 0x24c4f4 ; $AI_EnableBit 24c5cc: 4919 ldr r1, =0xfffe4802 ; via 0x24c634 24c5ce: 481f ldr r0, =0x3f02 ; via 0x24c64c 24c5d0: 8008 strh r0, [r1, #0] 24c5d2: 2001 mov r0, #1 24c5d4: f7ff ffaa bl 0x24c52c ; $AI_ConfigBitAsOutput 24c5d8: 2002 mov r0, #2 24c5da: f7ff ffa7 bl 0x24c52c ; $AI_ConfigBitAsOutput 24c5de: 2005 mov r0, #5 24c5e0: f7ff ffa4 bl 0x24c52c ; $AI_ConfigBitAsOutput 24c5e4: 2007 mov r0, #7 24c5e6: f7ff ffa1 bl 0x24c52c ; $AI_ConfigBitAsOutput 24c5ea: 2009 mov r0, #9 24c5ec: f7ff ff9e bl 0x24c52c ; $AI_ConfigBitAsOutput 24c5f0: 200e mov r0, #14 ; 0xe 24c5f2: f7ff ff9b bl 0x24c52c ; $AI_ConfigBitAsOutput 24c5f6: 200f mov r0, #15 ; 0xf 24c5f8: f7ff ff98 bl 0x24c52c ; $AI_ConfigBitAsOutput 24c5fc: bd00 pop {pc} $AI_SelectIOForIT: 24c5fe: 0109 lsl r1, r1, #4 24c600: 1840 add r0, r0, r1 24c602: 0040 lsl r0, r0, #1 24c604: 3001 add r0, #1 24c606: 4912 ldr r1, =0xfffe4814 ; via 0x24c650 24c608: 8008 strh r0, [r1, #0] 24c60a: 4770 bx lr $AI_CheckITSource: 24c60c: 2100 mov r1, #0 24c60e: 4a11 ldr r2, =0xfffe4816 ; via 0x24c654 24c610: 8812 ldrh r2, [r2, #0] 24c612: 4210 tst r0, r2 24c614: d000 beq 0x24c618 24c616: 2101 mov r1, #1 24c618: 1c08 add r0, r1, #0 24c61a: 4770 bx lr $AI_UnmaskIT: 24c61c: 4a0e ldr r2, =0xfffe4818 ; via 0x24c658 24c61e: 8811 ldrh r1, [r2, #0] 24c620: 4381 bic r1, r0 24c622: 8011 strh r1, [r2, #0] 24c624: 4770 bx lr $AI_MaskIT: 24c626: 4a0c ldr r2, =0xfffe4818 ; via 0x24c658 24c628: 8811 ldrh r1, [r2, #0] 24c62a: 4301 orr r1, r0 24c62c: 8011 strh r1, [r2, #0] 24c62e: 4770 bx lr ; Appears to the old Thumb implementation of f_load_int_mem(), ; differs from TCS211 version which is ARM and appears to be assembly 250408: b5f0 push {r4, r5, r6, r7, lr} 25040a: 4640 mov r0, r8 25040c: 4649 mov r1, r9 25040e: 4652 mov r2, r10 250410: 465b mov r3, r11 250412: b40f push {r0, r1, r2, r3} 250414: 4f22 ldr r7, =0x1079168 ; via 0x2504a0 250416: 2000 mov r0, #0 250418: 8038 strh r0, [r7, #0] 25041a: 4922 ldr r1, =0x107916a ; via 0x2504a4 25041c: 4688 mov r8, r1 25041e: 8008 strh r0, [r1, #0] 250420: 4821 ldr r0, =0x800000 ; via 0x2504a8 250422: 4922 ldr r1, =0x81944c ; via 0x2504ac 250424: 1a09 sub r1, r1, r0 250426: 3904 sub r1, #4 250428: 468c mov r12, r1 25042a: 2104 mov r1, #4 25042c: 180e add r6, r1, r0 25042e: 1c30 add r0, r6, #0 250430: 4661 mov r1, r12 250432: f7ff ffe0 bl 0x2503f6 250436: 4c1e ldr r4, =0x83eda4 ; via 0x2504b0 250438: 481e ldr r0, =0x83f294 ; via 0x2504b4 25043a: 1b05 sub r5, r0, r4 25043c: 1c20 add r0, r4, #0 25043e: 1c29 add r1, r5, #0 250440: f7ff ffd9 bl 0x2503f6 250444: 481c ldr r0, =0x20508 ; via 0x2504b8 250446: 4681 mov r9, r0 250448: 4661 mov r1, r12 25044a: f7ff ffc7 bl 0x2503dc 25044e: 4682 mov r10, r0 250450: 8038 strh r0, [r7, #0] 250452: 481a ldr r0, =0x155e8 ; via 0x2504bc 250454: 4683 mov r11, r0 250456: 1c29 add r1, r5, #0 250458: f7ff ffc0 bl 0x2503dc 25045c: 4651 mov r1, r10 25045e: 1808 add r0, r1, r0 250460: 8038 strh r0, [r7, #0] 250462: 4648 mov r0, r9 250464: 4661 mov r1, r12 250466: 1c32 add r2, r6, #0 250468: f7ff ffae bl 0x2503c8 25046c: 4658 mov r0, r11 25046e: 1c29 add r1, r5, #0 250470: 1c22 add r2, r4, #0 250472: f7ff ffa9 bl 0x2503c8 250476: 1c30 add r0, r6, #0 250478: 4661 mov r1, r12 25047a: f7ff ffaf bl 0x2503dc 25047e: 1c06 add r6, r0, #0 250480: 4640 mov r0, r8 250482: 8006 strh r6, [r0, #0] 250484: 1c20 add r0, r4, #0 250486: 1c29 add r1, r5, #0 250488: f7ff ffa8 bl 0x2503dc 25048c: 1830 add r0, r6, r0 25048e: 4641 mov r1, r8 250490: 8008 strh r0, [r1, #0] 250492: bc0f pop {r0, r1, r2, r3} 250494: 4680 mov r8, r0 250496: 4689 mov r9, r1 250498: 4692 mov r10, r2 25049a: 469b mov r11, r3 25049c: bdf0 pop {r4, r5, r6, r7, pc} IRAM code flash address = 0x20508 IRAM code run start address = 0x800004 IRAM code run end address = 0x81944c Run address = load address + 0x7DFAFC $INC_Initialize: 254654: b530 push {r4, r5, lr} 254656: 1c05 add r5, r0, #0 254658: 4c13 ldr r4, =0x1079150 ; via 0x2546a8 25465a: 2001 mov r0, #1 25465c: 6020 str r0, [r4, #0] 25465e: f001 f9eb bl 0x255a38 254662: f001 f9ed bl 0x255a40 254666: f001 f9ad bl 0x2559c4 25466a: f000 fd45 bl 0x2550f8 25466e: f7fb ffa3 bl 0x2505b8 254672: f000 ff0d bl 0x255490 254676: f000 fedb bl 0x255430 25467a: f000 fef9 bl 0x255470 25467e: f000 fec7 bl 0x255410 254682: f000 ff25 bl 0x2554d0 254686: f000 fee3 bl 0x255450 25468a: f000 ff31 bl 0x2554f0 25468e: f7fe faef bl 0x252c70 254692: f000 ff0d bl 0x2554b0 254696: 1c28 add r0, r5, #0 254698: f000 fda5 bl 0x2551e6 ; app init 25469c: 2002 mov r0, #2 25469e: 6020 str r0, [r4, #0] 2546a0: f001 fefa bl 0x256498 ; $TCT_Schedule veneer 2546a4: bd30 pop {r4, r5, pc} $Application_Initialize: 2551e6: b500 push {lr} 2551e8: f7f0 fb82 bl 0x2458f0 ; $Init_Target 2551ec: f7f0 fc1e bl 0x245a2c ; $Init_Drivers 2551f0: f001 fa82 bl 0x2566f8 ; $Cust_Init_Layer1 2551f4: f7f0 fc24 bl 0x245a40 ; $Init_Serial_Flows 2551f8: f7a0 fba6 bl 0x1f5948 ; $StartFrame 2551fc: f7f0 fc2c bl 0x245a58 ; $Init_Unmask_IT 255200: bd00 pop {pc} 2556a4: e58de004 str lr, [sp, #4] 2556a8: e28fe001 add lr, pc, #1 2556ac: e12fff1e bx lr 2556b0: f7e8 f8e6 bl 0x23d880 2556b4: 4778 bx pc 2556b6: 46c0 nop (mov r8, r8) 2556b8: e59df004 ldr pc, [sp, #4] ; _INC_Initialize call veneer 2556bc: e92d4000 stmdb sp!, {lr} 2556c0: e28fe001 add lr, pc, #1 2556c4: e12fff1e bx lr 2556c8: f7fe ffc4 bl 0x254654 2556cc: 4778 bx pc 2556ce: 46c0 nop (mov r8, r8) 2556d0: e8bd8000 ldmia sp!, {pc} 2556d4: e92d4000 stmdb sp!, {lr} 2556d8: e28fe001 add lr, pc, #1 2556dc: e12fff1e bx lr 2556e0: f7e7 fb27 bl 0x23cd32 2556e4: 4778 bx pc 2556e6: 46c0 nop (mov r8, r8) 2556e8: e8bd8000 ldmia sp!, {pc} ; _f_load_int_mem call veneer 2556ec: e92d4000 stmdb sp!, {lr} 2556f0: e28fe001 add lr, pc, #1 2556f4: e12fff1e bx lr 2556f8: f7fa fe86 bl 0x250408 2556fc: 4778 bx pc 2556fe: 46c0 nop (mov r8, r8) 255700: e8bd8000 ldmia sp!, {pc} 255704: e92d4000 stmdb sp!, {lr} 255708: e28fe001 add lr, pc, #1 25570c: e12fff1e bx lr 255710: f7ff fd69 bl 0x2551e6 255714: 4778 bx pc 255716: 46c0 nop (mov r8, r8) 255718: e8bd8000 ldmia sp!, {pc} 25571c: e92d4000 stmdb sp!, {lr} 255720: e28fe001 add lr, pc, #1 255724: e12fff1e bx lr 255728: f76e f932 bl 0x1c3990 25572c: 4778 bx pc 25572e: 46c0 nop (mov r8, r8) 255730: e8bd8000 ldmia sp!, {pc} 255734: e92d4000 stmdb sp!, {lr} 255738: e28fe001 add lr, pc, #1 25573c: e12fff1e bx lr 255740: f7a6 fe10 bl 0x1fc364 255744: 4778 bx pc 255746: 46c0 nop (mov r8, r8) 255748: e8bd8000 ldmia sp!, {pc} 25574c: e92d4000 stmdb sp!, {lr} 255750: e28fe001 add lr, pc, #1 255754: e12fff1e bx lr 255758: f6f4 fa10 bl 0x149b7c 25575c: 4778 bx pc 25575e: 46c0 nop (mov r8, r8) 255760: e8bd8000 ldmia sp!, {pc} 255764: e92d4000 stmdb sp!, {lr} 255768: e28fe001 add lr, pc, #1 25576c: e12fff1e bx lr 255770: f785 ff3b bl 0x1db5ea 255774: 4778 bx pc 255776: 46c0 nop (mov r8, r8) 255778: e8bd8000 ldmia sp!, {pc} 25577c: e92d4000 stmdb sp!, {lr} 255780: e28fe001 add lr, pc, #1 255784: e12fff1e bx lr 255788: f785 ff10 bl 0x1db5ac 25578c: 4778 bx pc 25578e: 46c0 nop (mov r8, r8) 255790: e8bd8000 ldmia sp!, {pc} ; $Cust_Init_Layer1 call trampoline 2566f8: b082 sub sp, #8 2566fa: 9400 str r4, [sp, #0] 2566fc: 4c01 ldr r4, =0x803bf8 ; via 0x256704 2566fe: 9401 str r4, [sp, #4] 256700: bd10 pop {r4, pc} 256702: 0000 IRAM code: $Cust_get_pwr_data: 803b5c: b5f0 push {r4, r5, r6, r7, lr} 803b5e: 4642 mov r2, r8 803b60: b404 push {r2} 803b62: 1c0e add r6, r1, #0 803b64: 1c05 add r5, r0, #0 803b66: 1c30 add r0, r6, #0 803b68: f7ff ff66 bl 0x803a38 ; $Cust_is_band_high 803b6c: 1c04 add r4, r0, #0 803b6e: 1c30 add r0, r6, #0 803b70: f00e fa45 bl 0x811ffe ; $Convert_l1_radio_freq 803b74: 0400 lsl r0, r0, #16 803b76: 0c06 lsr r6, r0, #16 803b78: 20dd mov r0, #221 ; 0xdd 803b7a: 0080 lsl r0, r0, #2 803b7c: 4360 mul r0, r4 803b7e: 4680 mov r8, r0 803b80: 20dd mov r0, #221 ; 0xdd 803b82: 4360 mul r0, r4 803b84: 1828 add r0, r5, r0 803b86: 0080 lsl r0, r0, #2 803b88: 4b9e ldr r3, =0x83a2f0 ; via 0x803e04 803b8a: 1819 add r1, r3, r0 803b8c: 315c add r1, #92 ; 0x5c 803b8e: 8809 ldrh r1, [r1, #0] 803b90: 468c mov r12, r1 803b92: 499e ldr r1, =0x83a34f ; via 0x803e0c 803b94: 5c08 ldrb r0, [r1, r0] 803b96: 0141 lsl r1, r0, #5 803b98: 4640 mov r0, r8 803b9a: 1845 add r5, r0, r1 803b9c: 2400 mov r4, #0 803b9e: e002 b 0x803ba6 803ba0: 1c60 add r0, r4, #1 803ba2: 0400 lsl r0, r0, #16 803ba4: 0c04 lsr r4, r0, #16 803ba6: 00a2 lsl r2, r4, #2 803ba8: 18a8 add r0, r5, r2 803baa: 1819 add r1, r3, r0 803bac: 31dc add r1, #220 ; 0xdc 803bae: 2702 mov r7, #2 803bb0: 1950 add r0, r2, r5 803bb2: 181a add r2, r3, r0 803bb4: 20dc mov r0, #220 ; 0xdc 803bb6: 5a80 ldrh r0, [r0, r2] 803bb8: 4286 cmp r6, r0 803bba: dcf1 bgt 0x803ba0 803bbc: 5e79 ldrsh r1, [r7, r1] 803bbe: 4660 mov r0, r12 803bc0: 4341 mul r1, r0 803bc2: 09c8 lsr r0, r1, #7 803bc4: 0400 lsl r0, r0, #16 803bc6: 0c00 lsr r0, r0, #16 803bc8: 4684 mov r12, r0 803bca: 4640 mov r0, r8 803bcc: 18c0 add r0, r0, r3 803bce: 21d7 mov r1, #215 ; 0xd7 803bd0: 0089 lsl r1, r1, #2 803bd2: 1808 add r0, r1, r0 803bd4: 4a8a ldr r2, =0x83a2da ; via 0x803e00 803bd6: 2100 mov r1, #0 803bd8: 5e51 ldrsh r1, [r2, r1] 803bda: e000 b 0x803bde 803bdc: 3004 add r0, #4 803bde: 2200 mov r2, #0 803be0: 5e82 ldrsh r2, [r0, r2] 803be2: 4291 cmp r1, r2 803be4: dcfa bgt 0x803bdc 803be6: 2102 mov r1, #2 803be8: 5e09 ldrsh r1, [r1, r0] 803bea: 4660 mov r0, r12 803bec: 1808 add r0, r1, r0 803bee: 0400 lsl r0, r0, #16 803bf0: 0c00 lsr r0, r0, #16 803bf2: bc04 pop {r2} 803bf4: 4690 mov r8, r2 803bf6: bdf0 pop {r4, r5, r6, r7, pc} $Cust_Init_Layer1: 803bf8: b500 push {lr} 803bfa: b084 sub sp, #16 ; 0x10 803bfc: 4669 mov r1, sp 803bfe: 2006 mov r0, #6 803c00: 7008 strb r0, [r1, #0] 803c02: 4668 mov r0, sp 803c04: 2101 mov r1, #1 803c06: 7101 strb r1, [r0, #4] 803c08: 2000 mov r0, #0 803c0a: 4669 mov r1, sp 803c0c: 70c8 strb r0, [r1, #3] 803c0e: 7208 strb r0, [r1, #8] 803c10: 487f ldr r0, =0x5ff ; via 0x803e10 803c12: 9003 str r0, [sp, #12] ; 0xc 803c14: 2001 mov r0, #1 803c16: 80c8 strh r0, [r1, #6] 803c18: 4668 mov r0, sp 803c1a: f03b f9bb bl 0x83ef94 ; $l1_initialize 803c1e: 480b ldr r0, =0x839ea8 ; via 0x803c4c 803c20: 21ff mov r1, #255 ; 0xff 803c22: 319d add r1, #157 ; 0x9d 803c24: 2200 mov r2, #0 803c26: f000 f868 bl 0x803cfa 803c2a: 487a ldr r0, =0x83a09c ; via 0x803e14 803c2c: 2124 mov r1, #36 ; 0x24 803c2e: 2201 mov r2, #1 803c30: f000 f863 bl 0x803cfa 803c34: b004 add sp, #16 ; 0x10 803c36: bd00 pop {pc} $Convert_l1_radio_freq: 811ffe: b081 sub sp, #4 812000: 4669 mov r1, sp 812002: 8008 strh r0, [r1, #0] 812004: e06c b 0x8120e0 812006: 4668 mov r0, sp 812008: 8800 ldrh r0, [r0, #0] 81200a: e083 b 0x812114 81200c: 4668 mov r0, sp 81200e: 8801 ldrh r1, [r0, #0] 812010: 4849 ldr r0, =0x83cdc0 ; via 0x812138 812012: 6800 ldr r0, [r0, #0] 812014: 4281 cmp r1, r0 812016: d202 bcs 0x81201e 812018: 4668 mov r0, sp 81201a: 8800 ldrh r0, [r0, #0] 81201c: e07a b 0x812114 81201e: 4668 mov r0, sp 812020: 8800 ldrh r0, [r0, #0] 812022: 4945 ldr r1, =0x83cdc0 ; via 0x812138 812024: 6809 ldr r1, [r1, #0] 812026: 1a41 sub r1, r0, r1 812028: 2001 mov r0, #1 81202a: 0240 lsl r0, r0, #9 81202c: 1840 add r0, r0, r1 81202e: 0400 lsl r0, r0, #16 812030: 0c00 lsr r0, r0, #16 812032: e06f b 0x812114 812034: 4668 mov r0, sp 812036: 8801 ldrh r1, [r0, #0] 812038: 483f ldr r0, =0x83cdc0 ; via 0x812138 81203a: 6800 ldr r0, [r0, #0] 81203c: 4281 cmp r1, r0 81203e: d213 bcs 0x812068 812040: 4668 mov r0, sp 812042: 8800 ldrh r0, [r0, #0] 812044: 287c cmp r0, #124 ; 0x7c 812046: dc02 bgt 0x81204e 812048: 4668 mov r0, sp 81204a: 8800 ldrh r0, [r0, #0] 81204c: e062 b 0x812114 81204e: 4668 mov r0, sp 812050: 8800 ldrh r0, [r0, #0] 812052: 28ae cmp r0, #174 ; 0xae 812054: da06 bge 0x812064 812056: 4939 ldr r1, =0x352 ; via 0x81213c 812058: 4668 mov r0, sp 81205a: 8800 ldrh r0, [r0, #0] 81205c: 1808 add r0, r1, r0 81205e: 0400 lsl r0, r0, #16 812060: 0c00 lsr r0, r0, #16 812062: e057 b 0x812114 812064: 2000 mov r0, #0 812066: e055 b 0x812114 812068: 4668 mov r0, sp 81206a: 8801 ldrh r1, [r0, #0] 81206c: 4832 ldr r0, =0x83cdc0 ; via 0x812138 81206e: 6800 ldr r0, [r0, #0] 812070: 1a09 sub r1, r1, r0 812072: 2001 mov r0, #1 812074: 0240 lsl r0, r0, #9 812076: 1840 add r0, r0, r1 812078: 0400 lsl r0, r0, #16 81207a: 0c00 lsr r0, r0, #16 81207c: e04a b 0x812114 81207e: 4668 mov r0, sp 812080: 8800 ldrh r0, [r0, #0] 812082: 287c cmp r0, #124 ; 0x7c 812084: dc02 bgt 0x81208c 812086: 4668 mov r0, sp 812088: 8800 ldrh r0, [r0, #0] 81208a: e043 b 0x812114 81208c: 4668 mov r0, sp 81208e: 8800 ldrh r0, [r0, #0] 812090: 28ae cmp r0, #174 ; 0xae 812092: da06 bge 0x8120a2 812094: 4929 ldr r1, =0x352 ; via 0x81213c 812096: 4668 mov r0, sp 812098: 8800 ldrh r0, [r0, #0] 81209a: 1808 add r0, r1, r0 81209c: 0400 lsl r0, r0, #16 81209e: 0c00 lsr r0, r0, #16 8120a0: e038 b 0x812114 8120a2: 2000 mov r0, #0 8120a4: e036 b 0x812114 8120a6: 4668 mov r0, sp 8120a8: 8800 ldrh r0, [r0, #0] 8120aa: 4923 ldr r1, =0x83cdc0 ; via 0x812138 8120ac: 6809 ldr r1, [r1, #0] 8120ae: 4288 cmp r0, r1 8120b0: d208 bcs 0x8120c4 8120b2: 4668 mov r0, sp 8120b4: 8801 ldrh r1, [r0, #0] 8120b6: 4822 ldr r0, =0x83cdbc ; via 0x812140 8120b8: 6800 ldr r0, [r0, #0] 8120ba: 1a08 sub r0, r1, r0 8120bc: 3080 add r0, #128 ; 0x80 8120be: 0400 lsl r0, r0, #16 8120c0: 0c00 lsr r0, r0, #16 8120c2: e027 b 0x812114 8120c4: 4668 mov r0, sp 8120c6: 8801 ldrh r1, [r0, #0] 8120c8: 481b ldr r0, =0x83cdc0 ; via 0x812138 8120ca: 6800 ldr r0, [r0, #0] 8120cc: 1a08 sub r0, r1, r0 8120ce: 2101 mov r1, #1 8120d0: 0249 lsl r1, r1, #9 8120d2: 1808 add r0, r1, r0 8120d4: 0400 lsl r0, r0, #16 8120d6: 0c00 lsr r0, r0, #16 8120d8: e01c b 0x812114 8120da: 4668 mov r0, sp 8120dc: 8800 ldrh r0, [r0, #0] 8120de: e019 b 0x812114 8120e0: 4818 ldr r0, =0x83cdb4 ; via 0x812144 8120e2: 7800 ldrb r0, [r0, #0] 8120e4: 1e40 sub r0, r0, #1 8120e6: 2807 cmp r0, #7 8120e8: d8f7 bhi 0x8120da 8120ea: a102 add r1, pc, #8 8120ec: 0080 lsl r0, r0, #2 8120ee: 5808 ldr r0, [r1, r0] 8120f0: 4687 mov pc, r0 8120f2: 46c0 nop (mov r8, r8) 8120f4: 00812006 8120f8: 0081207e 8120fc: 00812006 812100: 00812006 812104: 0081200c 812108: 00812034 81210c: 00812006 812110: 008120a6 812114: b001 add sp, #4 812116: 4770 bx lr