FreeCalypso > hg > freecalypso-reveng
view pirelli/preboot.disasm @ 230:f5ad21985e20
pirelli/fw-disasm: beginning of proper static RE
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Thu, 21 Dec 2017 21:54:39 +0000 |
parents | 6a136554378e |
children |
line wrap: on
line source
0: ea00004b b 0x134 4: ea00bffe b 0x30004 8: ea00bffe b 0x30008 c: ea00bffe b 0x3000c 10: ea00bffe b 0x30010 14: ea00bffe b 0x30014 18: ea00bffe b 0x30018 1c: ea00bffe b 0x3001c <20-FF: all FFs> 100: fffffb00 104: 02a102a1 108: 028302a1 10c: 00c000aa 110: 002a0040 114: fffffd00 118: ffff9800 11c: fffffb10 120: ffffff08 124: fffff804 128: 20061081 12c: 00000800 130: 00a000f5 ; RESET vector branches here 134: e51f1024 ldr r1, [pc, #-36] ; 0x118 =0xffff9800 138: e15f21b6 ldrh r2, [pc, #-22] ; 0x12a =0x2006 13c: e1c120b0 strh r2, [r1] 140: e5912000 ldr r2, [r1] 144: e2022001 and r2, r2, #1 ; 0x1 148: e3520001 cmp r2, #1 ; 0x1 14c: 0afffffb beq 0x140 150: e51f1044 ldr r1, [pc, #-68] ; 0x114 =0xfffffd00 154: e15f23b4 ldrh r2, [pc, #-52] ; 0x128 =0x1081 158: e1c120b0 strh r2, [r1] 15c: e51f1048 ldr r1, [pc, #-72] ; 0x11c =0xfffffb10 160: e15f23bc ldrh r2, [pc, #-60] ; 0x12c =0x0800 164: e1d100b0 ldrh r0, [r1] 168: e1800002 orr r0, r0, r2 16c: e1c100b0 strh r0, [r1] ; DU disable 170: e51f1058 ldr r1, [pc, #-88] ; 0x120 =0xffffff08 174: e15f24be ldrh r2, [pc, #-78] ; 0x12e =0x0000 178: e1c120b0 strh r2, [r1] ; MPU disable 17c: e51f1084 ldr r1, [pc, #-132] ; 0x100 =0xfffffb00 180: e51f1064 ldr r1, [pc, #-100] ; 0x124 =0xfffff804 184: e15f25bc ldrh r2, [pc, #-92] ; 0x130 =0x00f5 188: e1c120b0 strh r2, [r1] ; WDOG disable cycle 1 18c: e51f1070 ldr r1, [pc, #-112] ; 0x124 =0xfffff804 190: e15f26b6 ldrh r2, [pc, #-102] ; 0x132 =0x00a0 194: e1c120b0 strh r2, [r1] ; WDOG disable cycle 2 198: e15f29bc ldrh r2, [pc, #-156] ; 0x104 19c: e1c120b0 strh r2, [r1] 1a0: e15f2ab2 ldrh r2, [pc, #-162] ; 0x106 1a4: e1c120b2 strh r2, [r1, #2] 1a8: e15f2ab8 ldrh r2, [pc, #-168] ; 0x108 1ac: e1c120b4 strh r2, [r1, #4] 1b0: e15f2abe ldrh r2, [pc, #-174] ; 0x10a 1b4: e1c120b6 strh r2, [r1, #6] 1b8: e15f2bb4 ldrh r2, [pc, #-180] ; 0x10c 1bc: e1c120ba strh r2, [r1, #10] 1c0: e15f2bba ldrh r2, [pc, #-186] ; 0x10e 1c4: e1c120bc strh r2, [r1, #12] 1c8: e15f2cb0 ldrh r2, [pc, #-192] ; 0x110 1cc: e1c120b8 strh r2, [r1, #8] 1d0: e15f2cb6 ldrh r2, [pc, #-198] ; 0x112 1d4: e1c120be strh r2, [r1, #14] 1d8: e59f0020 ldr r0, [pc, #32] ; 0x200 =0x81047c 1dc: e3a01b01 mov r1, #1024 ; 0x400 1e0: e2411004 sub r1, r1, #4 ; 0x4 1e4: e0802001 add r2, r0, r1 1e8: e3c22003 bic r2, r2, #3 ; 0x3 1ec: e1a0d002 mov sp, r2 1f0: e92d100f stmdb sp!, {r0, r1, r2, r3, ip} 1f4: eb00003b bl 0x2e8 1f8: e8bd100f ldmia sp!, {r0, r1, r2, r3, ip} 1fc: ea000796 b 0x205c 200: 0081047c ; copy(src, len, dest) 204: 2900 cmp r1, #0 206: d006 beq 0x216 208: 6803 ldr r3, [r0, #0] 20a: 6013 str r3, [r2, #0] 20c: 3204 add r2, #4 20e: 3004 add r0, #4 210: 3904 sub r1, #4 212: 2900 cmp r1, #0 214: d1f8 bne 0x208 216: 4770 bx lr ; checksumming function: XOR of all 16-bit words in region 218: 2200 mov r2, #0 21a: 2900 cmp r1, #0 21c: d007 beq 0x22e 21e: 8803 ldrh r3, [r0, #0] 220: 4053 eor r3, r2 222: 041a lsl r2, r3, #16 224: 0c12 lsr r2, r2, #16 226: 3002 add r0, #2 228: 3902 sub r1, #2 22a: 2900 cmp r1, #0 22c: d1f7 bne 0x21e 22e: 1c10 mov r0, r2 (add r0, r2, #0) 230: 4770 bx lr ; 0x232 routine is bzero() with 4-byte alignment required 232: 2900 cmp r1, #0 234: d005 beq 0x242 236: 2200 mov r2, #0 238: 6002 str r2, [r0, #0] 23a: 3004 add r0, #4 23c: 3904 sub r1, #4 23e: 2900 cmp r1, #0 240: d1fa bne 0x238 242: 4770 bx lr ; 0xAA88 bytes are copied from 0x2508 to 0x810484 244: b5f0 push {r4, r5, r6, r7, lr} 246: 4e10 ldr r6, [pc, #64] (0x288) =0x800010 248: 2000 mov r0, #0 24a: 8030 strh r0, [r6, #0] 24c: 4f0f ldr r7, [pc, #60] (0x28c) =0x800012 24e: 8038 strh r0, [r7, #0] 250: 480f ldr r0, [pc, #60] (0x290) =0x810480 252: 4910 ldr r1, [pc, #64] (0x294) =0x81AF0C 254: 1a09 sub r1, r1, r0 256: 3904 sub r1, #4 258: 468c mov ip, r1 25a: 2104 mov r1, #4 25c: 180c add r4, r1, r0 25e: 1c20 mov r0, r4 (add r0, r4, #0) 260: 4661 mov r1, ip 262: ffe6f7ff bl 0x232 ; bzero() 266: 4d0c ldr r5, [pc, #48] (0x298) =0x2508 268: 1c28 mov r0, r5 (add r0, r5, #0) 26a: 4661 mov r1, ip 26c: ffd4f7ff bl 0x218 270: 8030 strh r0, [r6, #0] 272: 1c28 mov r0, r5 (add r0, r5, #0) 274: 4661 mov r1, ip 276: 1c22 mov r2, r4 (add r2, r4, #0) 278: ffc4f7ff bl 0x204 27c: 1c20 mov r0, r4 (add r0, r4, #0) 27e: 4661 mov r1, ip 280: ffcaf7ff bl 0x218 284: 8038 strh r0, [r7, #0] 286: bdf0 pop {r4, r5, r6, r7, pc} 288: 00800010 28c: 00800012 290: 00810480 294: 0081af0c 298: 00002508 29c: b500 push {lr} 29e: f82bf000 bl 0x2f8 2a2: f802f000 bl 0x2aa 2a6: bd00 pop {pc} 2a8: 4770 bx lr 2aa: b500 push {lr} 2ac: 2003 mov r0, #3 2ae: 0400 lsl r0, r0, #16 2b0: f820f000 bl 0x2f4 2b4: bd00 pop {pc} 2b6: 0000 2b8: e92d4000 stmdb sp!, {lr} 2bc: e28fe001 add lr, pc, #1 ; 0x1 2c0: e12fff1e bx lr 2c4: ffeaf7ff bl 0x29c 2c8: 4778 bx pc 2ca: 46c0 nop (mov r8, r8) 2cc: e8bd8000 ldmia sp!, {pc} 2d0: e92d4000 stmdb sp!, {lr} 2d4: e28fe001 add lr, pc, #1 ; 0x1 2d8: e12fff1e bx lr 2dc: ffb2f7ff bl 0x244 2e0: 4778 bx pc 2e2: 46c0 nop (mov r8, r8) 2e4: e8bd8000 ldmia sp!, {pc} 2e8: e59fc000 ldr ip, [pc, #0] ; 0x2f0 2ec: e12fff1c bx ip 2f0: 000002a9 2f4: 4700 bx r0 2f6: 0000 ; Thumb call trampoline to 0x818f2c ; offset 0x8AA8 from start of copy ; should be at 0xAFB0 in flash 2f8: b082 sub sp, #8 2fa: 9400 str r4, [sp, #0] 2fc: 4c01 ldr r4, [pc, #4] (0x304) 2fe: 9401 str r4, [sp, #4] 300: bd10 pop {r4, pc} 302: 0000 304: 00818f2c <308-1FFF: all FFs> 2000: 00000001 ; magic word for the Calypso boot ROM 2004: ea0000be b 0x2304 2008: ea0000c0 b 0x2310 200c: ea0000c2 b 0x231c 2010: ea0000c4 b 0x2328 2014: ea0000c6 b 0x2334 2018: ea0000b0 b 0x22e0 201c: ea0000b6 b 0x22fc 2020: 02a102a4 2024: 02a402a1 2028: 02c0009c 202c: 002a0040 2030: fffffb00 2034: fffef006 2038: 00000008 203c: fffffd00 2040: ffff9800 2044: fffffb10 2048: ffffff08 204c: 20021081 2050: f7ff0800 2054: 00000000 2058: 0001fa00 ; COME FROM 0x1fc 205c: e51f1024 ldr r1, [pc, #-36] ; 0x2040 =0xffff9800 2060: e15f21ba ldrh r2, [pc, #-26] ; 0x204e =0x2002 2064: e1c120b0 strh r2, [r1] 2068: e5912000 ldr r2, [r1] 206c: e2022001 and r2, r2, #1 ; 0x1 2070: e3520001 cmp r2, #1 ; 0x1 2074: 0afffffb beq 0x2068 2078: e51f1044 ldr r1, [pc, #-68] ; 0x203c =0xfffffd00 207c: e15f23b8 ldrh r2, [pc, #-56] ; 0x204c =0x1081 2080: e1c120b0 strh r2, [r1] 2084: e51f1048 ldr r1, [pc, #-72] ; 0x2044 =0xfffffb10 2088: e15f23be ldrh r2, [pc, #-62] ; 0x2052 =0xf7ff 208c: e1d100b0 ldrh r0, [r1] 2090: e0000002 and r0, r0, r2 2094: e1c100b0 strh r0, [r1] ; enable DU 2098: e51f1058 ldr r1, [pc, #-88] ; 0x2048 =0xffffff08 209c: e15f25b0 ldrh r2, [pc, #-80] ; 0x2054 =0x0000 20a0: e1c120b0 strh r2, [r1] 20a4: e51f107c ldr r1, [pc, #-124] ; 0x2030 =0xfffffb00 20a8: e15f29b0 ldrh r2, [pc, #-144] ; 0x2020 =0x02a4 20ac: e1c120b0 strh r2, [r1] 20b0: e15f29b6 ldrh r2, [pc, #-150] ; 0x2022 =0x02a1 20b4: e1c120b2 strh r2, [r1, #2] 20b8: e15f29bc ldrh r2, [pc, #-156] ; 0x2024 =0x02a1 20bc: e1c120b4 strh r2, [r1, #4] 20c0: e15f2ab2 ldrh r2, [pc, #-162] ; 0x2026 =0x02a4 20c4: e1c120b6 strh r2, [r1, #6] 20c8: e15f2ab8 ldrh r2, [pc, #-168] ; 0x2028 =0x009c 20cc: e1c120ba strh r2, [r1, #10] 20d0: e15f2abe ldrh r2, [pc, #-174] ; 0x202a =0x02c0 20d4: e1c120bc strh r2, [r1, #12] 20d8: e15f2bb4 ldrh r2, [pc, #-180] ; 0x202c =0x0040 20dc: e1c120b8 strh r2, [r1, #8] 20e0: e15f2bba ldrh r2, [pc, #-186] ; 0x202e =0x002a 20e4: e1c120be strh r2, [r1, #14] 20e8: e51f10bc ldr r1, [pc, #-188] ; 0x2034 =0xfffef006 20ec: e1d120b0 ldrh r2, [r1] 20f0: e51f00c0 ldr r0, [pc, #-192] ; 0x2038 =0x00000008 20f4: e1800002 orr r0, r0, r2 20f8: e1c100b0 strh r0, [r1] ; enable A22 20fc: e10f0000 mrs r0, CPSR 2100: e3c0001f bic r0, r0, #31 ; 0x1f 2104: e3800013 orr r0, r0, #19 ; 0x13 2108: e38000c0 orr r0, r0, #192 ; 0xc0 210c: e129f000 msr CPSR_fc, r0 ; SVC, all ints disabled 2110: e59f02e0 ldr r0, [pc, #736] ; 0x23f8 =0x800004 2114: e3a02000 mov r2, #0 ; 0x0 2118: e59f12dc ldr r1, [pc, #732] ; 0x23fc =0x81047c 211c: e1500001 cmp r0, r1 2120: 0a000000 beq 0x2128 2124: e4802004 str r2, [r0], #4 2128: e1500001 cmp r0, r1 212c: 1afffffc bne 0x2124 2130: e59f02c8 ldr r0, [pc, #712] ; 0x2400 =0x800000 2134: e3a02000 mov r2, #0 ; 0x0 2138: e59f12c4 ldr r1, [pc, #708] ; 0x2404 =0x81047c 213c: e1500001 cmp r0, r1 2140: 0a000000 beq 0x2148 2144: e4802004 str r2, [r0], #4 2148: e1500001 cmp r0, r1 214c: 1afffffc bne 0x2144 2150: e3a00001 mov r0, #1 ; 0x1 2154: e59f12b0 ldr r1, [pc, #688] ; 0x240c =0x800004 2158: e5810000 str r0, [r1] 215c: e59f02a4 ldr r0, [pc, #676] ; 0x2408 =0x81aff8 2160: e3a01e46 mov r1, #1120 ; 0x460 2164: e2411004 sub r1, r1, #4 ; 0x4 2168: e0802001 add r2, r0, r1 216c: e1a0a000 mov sl, r0 2170: e59f3298 ldr r3, [pc, #664] ; 0x2410 =0x800008 2174: e583a000 str sl, [r3] 2178: e1a0d002 mov sp, r2 217c: e59f3290 ldr r3, [pc, #656] ; 0x2414 =0x80000c 2180: e583d000 str sp, [r3] 2184: e3a01080 mov r1, #128 ; 0x80 2188: e0822001 add r2, r2, r1 218c: e10f0000 mrs r0, CPSR 2190: e3c0001f bic r0, r0, #31 ; 0x1f 2194: e3800012 orr r0, r0, #18 ; 0x12 2198: e129f000 msr CPSR_fc, r0 ; IRQ 219c: e1a0d002 mov sp, r2 21a0: e3a01c02 mov r1, #512 ; 0x200 21a4: e0822001 add r2, r2, r1 21a8: e10f0000 mrs r0, CPSR 21ac: e3c0001f bic r0, r0, #31 ; 0x1f 21b0: e3800011 orr r0, r0, #17 ; 0x11 21b4: e129f000 msr CPSR_fc, r0 ; FIQ 21b8: e1a0d002 mov sp, r2 21bc: e10f0000 mrs r0, CPSR 21c0: e3c0001f bic r0, r0, #31 ; 0x1f 21c4: e3800017 orr r0, r0, #23 ; 0x17 21c8: e129f000 msr CPSR_fc, r0 ; Abort 21cc: e59fd244 ldr sp, [pc, #580] ; 0x2418 =0x81AF60 21d0: e10f0000 mrs r0, CPSR 21d4: e3c0001f bic r0, r0, #31 ; 0x1f 21d8: e380001b orr r0, r0, #27 ; 0x1b 21dc: e129f000 msr CPSR_fc, r0 ; Undef 21e0: e59fd230 ldr sp, [pc, #560] ; 0x2418 =0x81AF60 21e4: e10f0000 mrs r0, CPSR 21e8: e3c0001f bic r0, r0, #31 ; 0x1f 21ec: e3800013 orr r0, r0, #19 ; 0x13 21f0: e129f000 msr CPSR_fc, r0 ; SVC 21f4: e1a04002 mov r4, r2 21f8: ebfff834 bl 0x2d0 ; 0x244 via veneer 21fc: e1a02004 mov r2, r4 2200: e59f1208 ldr r1, [pc, #520] ; 0x2410 =0x800008 2204: e5910000 ldr r0, [r1] 2208: e3a030fe mov r3, #254 ; 0xfe 220c: e5c03000 strb r3, [r0] 2210: e5c03001 strb r3, [r0, #1] 2214: e5c03002 strb r3, [r0, #2] 2218: e5c03003 strb r3, [r0, #3] 221c: e4903004 ldr r3, [r0], #4 2220: e4803004 str r3, [r0], #4 2224: e1500002 cmp r0, r2 2228: bafffffc blt 0x2220 222c: e51f01dc ldr r0, [pc, #-476] ; 0x2058 =0x1FA00 2230: e3700001 cmn r0, #1 ; 0x1 2234: 1b000079 blne 0x2420 2238: e1a00002 mov r0, r2 223c: ebfff81d bl 0x2b8 <2240-23F7: not yet analyzed> 23f8: 00800004 23fc: 0081047c 2400: 00800000 2404: 0081047c 2408: 0081aff8 240c: 00800004 2410: 00800008 2414: 0080000c 2418: 0081af60 241c: 0081af60 ; TI's initialized data function 2420: ea00000c b 0x2458 2424: e4901004 ldr r1, [r0], #4 2428: e3530003 cmp r3, #3 ; 0x3 242c: 84904004 ldrhi r4, [r0], #4 2430: 84814004 strhi r4, [r1], #4 2434: 82433004 subhi r3, r3, #4 ; 0x4 2438: 94d04001 ldrlsb r4, [r0], #1 243c: 94c14001 strlsb r4, [r1], #1 2440: 92433001 subls r3, r3, #1 ; 0x1 2444: e3530000 cmp r3, #0 ; 0x0 2448: 1afffff6 bne 0x2428 244c: e2103003 ands r3, r0, #3 ; 0x3 2450: 12633004 rsbne r3, r3, #4 ; 0x4 2454: 10800003 addne r0, r0, r3 2458: e4903004 ldr r3, [r0], #4 245c: e3530000 cmp r3, #0 ; 0x0 2460: 1affffef bne 0x2424 2464: e1a0f00e mov pc, lr <2468-24FF: all FFs> 2500: 00000000 2504: ffffffff 2508: 0xAA88 bytes copied to IRAM ad8c: b5f0 push {r4, r5, r6, r7, lr} ad8e: 4643 mov r3, r8 ad90: 464c mov r4, r9 ad92: b418 push {r3, r4} ad94: b08b sub sp, #44 ad96: 4690 mov r8, r2 ad98: 1c0f mov r7, r1 (add r7, r1, #0) ad9a: 4684 mov ip, r0 ad9c: 1c3e mov r6, r7 (add r6, r7, #0) ad9e: 1c31 mov r1, r6 (add r1, r6, #0) ada0: aa09 add r2, sp, #36 ada2: 2305 mov r3, #5 ada4: ffdcf7ff bl 0xad60 ada8: 2800 cmp r0, #0 adaa: d079 beq 0xaea0 adac: 4660 mov r0, ip adae: 3005 add r0, #5 adb0: 4684 mov ip, r0 adb2: 3f05 sub r7, #5 adb4: 2400 mov r4, #0 adb6: 2500 mov r5, #0 adb8: 4660 mov r0, ip adba: 1c39 mov r1, r7 (add r1, r7, #0) adbc: 221d mov r2, #29 adbe: 446a add r2, sp adc0: 2301 mov r3, #1 adc2: ffcdf7ff bl 0xad60 adc6: 2800 cmp r0, #0 adc8: d06a beq 0xaea0 adca: 4660 mov r0, ip adcc: 3001 add r0, #1 adce: 4684 mov ip, r0 add0: 3f01 sub r7, #1 add2: 4668 mov r0, sp add4: 7f40 ldrb r0, [r0, #29] add6: 00e9 lsl r1, r5, #3 add8: 4088 lsl r0, r1 adda: 1904 add r4, r0, r4 addc: 3501 add r5, #1 adde: 2d04 cmp r5, #4 ade0: dbea blt 0xadb8 ade2: 2000 mov r0, #0 ade4: 43c0 mvn r0, r0 ade6: 4284 cmp r4, r0 ade8: d05a beq 0xaea0 adea: 2504 mov r5, #4 adec: 4660 mov r0, ip adee: 1c39 mov r1, r7 (add r1, r7, #0) adf0: aa07 add r2, sp, #28 adf2: 2301 mov r3, #1 adf4: ffb4f7ff bl 0xad60 adf8: 2800 cmp r0, #0 adfa: d051 beq 0xaea0 adfc: 4668 mov r0, sp adfe: 7f00 ldrb r0, [r0, #28] ae00: 2800 cmp r0, #0 ae02: d14d bne 0xaea0 ae04: 3f01 sub r7, #1 ae06: 4660 mov r0, ip ae08: 3001 add r0, #1 ae0a: 4684 mov ip, r0 ae0c: 3d01 sub r5, #1 ae0e: 2d00 cmp r5, #0 ae10: d1ec bne 0xadec ae12: 200d mov r0, #13 ae14: 1a30 sub r0, r6, r0 ae16: 4681 mov r9, r0 ae18: 4660 mov r0, ip ae1a: 2800 cmp r0, #0 ae1c: d040 beq 0xaea0 ae1e: a809 add r0, sp, #36 ae20: 7802 ldrb r2, [r0, #0] ae22: a809 add r0, sp, #36 ae24: 7800 ldrb r0, [r0, #0] ae26: 28e1 cmp r0, #225 ae28: da3a bge 0xaea0 ae2a: 4973 ldr r1, [pc, #460] (0xaff8) ae2c: 2500 mov r5, #0 ae2e: 2000 mov r0, #0 ae30: 2600 mov r6, #0 ae32: 2a2e cmp r2, #46 ae34: db06 blt 0xae44 ae36: 3a2d sub r2, #45 ae38: 0612 lsl r2, r2, #24 ae3a: 0e12 lsr r2, r2, #24 ae3c: 3601 add r6, #1 ae3e: 3901 sub r1, #1 ae40: 2900 cmp r1, #0 ae42: d1f6 bne 0xae32 ae44: 496c ldr r1, [pc, #432] (0xaff8) ae46: 2300 mov r3, #0 ae48: 2a09 cmp r2, #9 ae4a: db06 blt 0xae5a ae4c: 3a09 sub r2, #9 ae4e: 0612 lsl r2, r2, #24 ae50: 0e12 lsr r2, r2, #24 ae52: 3301 add r3, #1 ae54: 3901 sub r1, #1 ae56: 2900 cmp r1, #0 ae58: d1f6 bne 0xae48 ae5a: 1899 add r1, r3, r2 ae5c: 2703 mov r7, #3 ae5e: 023f lsl r7, r7, #8 ae60: 408f lsl r7, r1 ae62: 4966 ldr r1, [pc, #408] (0xaffc) ae64: 19c9 add r1, r1, r7 ae66: 0049 lsl r1, r1, #1 ae68: 277f mov r7, #127 ae6a: 043f lsl r7, r7, #16 ae6c: 42bc cmp r4, r7 ae6e: d800 bhi 0xae72 ae70: 4d63 ldr r5, [pc, #396] (0xb000) ae72: 2701 mov r7, #1 ae74: 043f lsl r7, r7, #16 ae76: 42b9 cmp r1, r7 ae78: d801 bhi 0xae7e ae7a: 2001 mov r0, #1 ae7c: 0600 lsl r0, r0, #24 ae7e: 2d00 cmp r5, #0 ae80: d00e beq 0xaea0 ae82: 2800 cmp r0, #0 ae84: d00c beq 0xaea0 ae86: 9600 str r6, [sp, #0] ae88: 4666 mov r6, ip ae8a: 9601 str r6, [sp, #4] ae8c: 464e mov r6, r9 ae8e: 9602 str r6, [sp, #8] ae90: 9503 str r5, [sp, #12] ae92: 9404 str r4, [sp, #16] ae94: ac08 add r4, sp, #32 ae96: 9405 str r4, [sp, #20] ae98: ff1bf000 bl 0xbcd2 ae9c: 2800 cmp r0, #0 ae9e: d001 beq 0xaea4 aea0: 2000 mov r0, #0 aea2: e005 b 0xaeb0 aea4: 4640 mov r0, r8 aea6: 6005 str r5, [r0, #0] aea8: 2028 mov r0, #40 aeaa: fbbbf7f7 bl 0x2624 aeae: 9808 ldr r0, [sp, #32] aeb0: b00b add sp, #44 aeb2: bc18 pop {r3, r4} aeb4: 4698 mov r8, r3 aeb6: 46a1 mov r9, r4 aeb8: bdf0 pop {r4, r5, r6, r7, pc} aeba: b530 push {r4, r5, lr} aebc: b09e sub sp, #120 aebe: 2000 mov r0, #0 aec0: 43c4 mvn r4, r0 aec2: 2000 mov r0, #0 aec4: a901 add r1, sp, #4 aec6: 2201 mov r2, #1 aec8: f8fbf000 bl 0xb0c2 aecc: 2800 cmp r0, #0 aece: d13c bne 0xaf4a aed0: a801 add r0, sp, #4 aed2: a903 add r1, sp, #12 aed4: f93df000 bl 0xb152 aed8: 2800 cmp r0, #0 aeda: d132 bne 0xaf42 aedc: 9d03 ldr r5, [sp, #12] aede: 1c28 mov r0, r5 (add r0, r5, #0) aee0: fd90f7ff bl 0xaa04 aee4: 2800 cmp r0, #0 aee6: d02c beq 0xaf42 aee8: 9803 ldr r0, [sp, #12] aeea: fdf6f7ff bl 0xaada aeee: 2800 cmp r0, #0 aef0: d027 beq 0xaf42 aef2: 2038 mov r0, #56 aef4: 1941 add r1, r0, r5 aef6: 2230 mov r2, #48 aef8: a805 add r0, sp, #20 aefa: 780b ldrb r3, [r1, #0] aefc: 7003 strb r3, [r0, #0] aefe: 3101 add r1, #1 af00: 3001 add r0, #1 af02: 3a01 sub r2, #1 af04: 2a00 cmp r2, #0 af06: d1f8 bne 0xaefa af08: 2000 mov r0, #0 af0a: 9000 str r0, [sp, #0] af0c: 9803 ldr r0, [sp, #12] af0e: 30ff add r0, #255 af10: 3079 add r0, #121 af12: 9904 ldr r1, [sp, #16] af14: 39ff sub r1, #255 af16: 3979 sub r1, #121 af18: 466a mov r2, sp af1a: ff37f7ff bl 0xad8c af1e: 1c03 mov r3, r0 (add r3, r0, #0) af20: 2b00 cmp r3, #0 af22: d00e beq 0xaf42 af24: 20ff mov r0, #255 af26: 3071 add r0, #113 af28: 5940 ldr r0, [r0, r5] af2a: fd5df7ff bl 0xa9e8 af2e: 1c02 mov r2, r0 (add r2, r0, #0) af30: 9800 ldr r0, [sp, #0] af32: 1c19 mov r1, r3 (add r1, r3, #0) af34: fbcef000 bl 0xb6d4 af38: 2800 cmp r0, #0 af3a: d101 bne 0xaf40 af3c: 2400 mov r4, #0 af3e: e000 b 0xaf42 af40: e000 b 0xaf44 af42: a801 add r0, sp, #4 af44: 2100 mov r1, #0 af46: f9d5f000 bl 0xb2f4 af4a: 2001 mov r0, #1 af4c: a901 add r1, sp, #4 af4e: 2201 mov r2, #1 af50: f8b7f000 bl 0xb0c2 af54: 2800 cmp r0, #0 af56: d129 bne 0xafac af58: a801 add r0, sp, #4 af5a: a903 add r1, sp, #12 af5c: f8f9f000 bl 0xb152 af60: 2800 cmp r0, #0 af62: d123 bne 0xafac af64: 9903 ldr r1, [sp, #12] af66: aa11 add r2, sp, #68 af68: 2000 mov r0, #0 af6a: 780b ldrb r3, [r1, #0] af6c: 5483 strb r3, [r0, r2] af6e: 3101 add r1, #1 af70: 3001 add r0, #1 af72: 2834 cmp r0, #52 af74: d3f9 bcc 0xaf6a af76: a801 add r0, sp, #4 af78: 2100 mov r1, #0 af7a: f9bbf000 bl 0xb2f4 af7e: 2001 mov r0, #1 af80: a901 add r1, sp, #4 af82: 2202 mov r2, #2 af84: f89df000 bl 0xb0c2 af88: 2800 cmp r0, #0 af8a: d10f bne 0xafac af8c: 2c00 cmp r4, #0 af8e: d101 bne 0xaf94 af90: 2003 mov r0, #3 af92: 9011 str r0, [sp, #68] af94: a801 add r0, sp, #4 af96: a911 add r1, sp, #68 af98: 2234 mov r2, #52 af9a: f8fdf000 bl 0xb198 af9e: a801 add r0, sp, #4 afa0: 2100 mov r1, #0 afa2: f9a7f000 bl 0xb2f4 afa6: 2063 mov r0, #99 afa8: fb3cf7f7 bl 0x2624 afac: b01e add sp, #120 afae: bd30 pop {r4, r5, pc} ; This is the first function in the copied code, ; called from the boot entry code. afb0: b510 push {r4, lr} afb2: b084 sub sp, #16 afb4: 2001 mov r0, #1 afb6: 4669 mov r1, sp afb8: 2201 mov r2, #1 afba: f882f000 bl 0xb0c2 afbe: 2800 cmp r0, #0 afc0: d118 bne 0xaff4 afc2: 4668 mov r0, sp afc4: a902 add r1, sp, #8 afc6: f8c4f000 bl 0xb152 afca: 1c04 mov r4, r0 (add r4, r0, #0) afcc: 4668 mov r0, sp afce: 2100 mov r1, #0 afd0: f990f000 bl 0xb2f4 afd4: 2c00 cmp r4, #0 afd6: d10d bne 0xaff4 afd8: 9802 ldr r0, [sp, #8] afda: 6800 ldr r0, [r0, #0] afdc: 2802 cmp r0, #2 afde: d109 bne 0xaff4 afe0: fb70f7f7 bl 0x26c4 afe4: fa90f7f7 bl 0x2508 afe8: fac3f7f7 bl 0x2572 afec: ff65f7ff bl 0xaeba aff0: f9acf7f8 bl 0x334c aff4: b004 add sp, #16 aff6: bd10 pop {r4, pc} ; This function ensures that the flash at the given address ; is not toggling. b004: 8802 ldrh r2, [r0, #0] b006: 8801 ldrh r1, [r0, #0] b008: 404a eor r2, r1 b00a: 09d1 lsr r1, r2, #7 b00c: d2fa bcs 0xb004 b00e: 4770 bx lr b010: b530 push {r4, r5, lr} b012: 1c0c mov r4, r1 (add r4, r1, #0) b014: 1c05 mov r5, r0 (add r5, r0, #0) b016: fa87f000 bl 0xb528 b01a: 0400 lsl r0, r0, #16 b01c: 0c00 lsr r0, r0, #16 b01e: 49e1 ldr r1, [pc, #900] (0xb3a4) b020: 4288 cmp r0, r1 b022: d008 beq 0xb036 b024: 2121 mov r1, #33 b026: 0209 lsl r1, r1, #8 b028: 4288 cmp r0, r1 b02a: d126 bne 0xb07a b02c: 49ea ldr r1, [pc, #936] (0xb3d8) b02e: 0b28 lsr r0, r5, #12 b030: 0300 lsl r0, r0, #12 b032: 1808 add r0, r1, r0 b034: e003 b 0xb03e b036: 49e8 ldr r1, [pc, #928] (0xb3d8) b038: 0c28 lsr r0, r5, #16 b03a: 0400 lsl r0, r0, #16 b03c: 1808 add r0, r1, r0 b03e: 4ae7 ldr r2, [pc, #924] (0xb3dc) b040: 21aa mov r1, #170 b042: 5211 strh r1, [r2, r0] b044: 2155 mov r1, #85 b046: 8001 strh r1, [r0, #0] b048: 49e4 ldr r1, [pc, #912] (0xb3dc) b04a: 22a0 mov r2, #160 b04c: 520a strh r2, [r1, r0] b04e: 802c strh r4, [r5, #0] b050: 2080 mov r0, #128 b052: 4020 and r0, r4 b054: 8829 ldrh r1, [r5, #0] b056: 2280 mov r2, #128 b058: 400a and r2, r1 b05a: 4282 cmp r2, r0 b05c: d00d beq 0xb07a b05e: 0989 lsr r1, r1, #6 b060: d3f8 bcc 0xb054 b062: 8829 ldrh r1, [r5, #0] b064: 2280 mov r2, #128 b066: 400a and r2, r1 b068: 4282 cmp r2, r0 b06a: d006 beq 0xb07a b06c: 2090 mov r0, #144 b06e: 8028 strh r0, [r5, #0] b070: 2000 mov r0, #0 b072: 8028 strh r0, [r5, #0] b074: 48da ldr r0, [pc, #872] (0xb3e0) b076: 2101 mov r1, #1 b078: 7001 strb r1, [r0, #0] b07a: bd30 pop {r4, r5, pc} b07c: b530 push {r4, r5, lr} b07e: b081 sub sp, #4 b080: 0b01 lsr r1, r0, #12 b082: 030b lsl r3, r1, #12 b084: 49d7 ldr r1, [pc, #860] (0xb3e4) b086: 18c9 add r1, r1, r3 b088: 22aa mov r2, #170 b08a: 800a strh r2, [r1, #0] b08c: 4cd2 ldr r4, [pc, #840] (0xb3d8) b08e: 18e4 add r4, r4, r3 b090: 2355 mov r3, #85 b092: 8023 strh r3, [r4, #0] b094: 2580 mov r5, #128 b096: 800d strh r5, [r1, #0] b098: 800a strh r2, [r1, #0] b09a: 8023 strh r3, [r4, #0] b09c: 2130 mov r1, #48 b09e: 8001 strh r1, [r0, #0] b0a0: 8801 ldrh r1, [r0, #0] b0a2: 0909 lsr r1, r1, #4 b0a4: d3fc bcc 0xb0a0 b0a6: 4669 mov r1, sp b0a8: 8802 ldrh r2, [r0, #0] b0aa: 804a strh r2, [r1, #2] b0ac: 466a mov r2, sp b0ae: 8801 ldrh r1, [r0, #0] b0b0: 8011 strh r1, [r2, #0] b0b2: 4669 mov r1, sp b0b4: 8849 ldrh r1, [r1, #2] b0b6: 8812 ldrh r2, [r2, #0] b0b8: 4051 eor r1, r2 b0ba: 09c9 lsr r1, r1, #7 b0bc: d2f3 bcs 0xb0a6 b0be: b001 add sp, #4 b0c0: bd30 pop {r4, r5, pc} ; arg1: magic region number ; arg2: ptr to 8-byte buffer receiving copies of arg1 and arg3 ; arg3: mode, must be 1 or 2 ; ; Mode 1: check the region (which must be in a state other than 2) for ; a checksum-passing image, and advance to state 1 if found. If already ; in state 1, increment the byte at offset 8 in struct. ; ; Mode 2: put the region (which must be in state 0) into state 2. ; ; Returns: ; 0 = success ; 1 = region in the wrong state for mode ; 2 = called with bad arguments ; 3 = mode 1: no checksum-passing image found b0c2: b5f0 push {r4, r5, r6, r7, lr} b0c4: 1c15 mov r5, r2 (add r5, r2, #0) b0c6: 1c0e mov r6, r1 (add r6, r1, #0) b0c8: 1c04 mov r4, r0 (add r4, r0, #0) b0ca: 4fe5 ldr r7, [pc, #916] (0xb460) =0x810020 b0cc: 7838 ldrb r0, [r7, #0] b0ce: 2800 cmp r0, #0 b0d0: d103 bne 0xb0da b0d2: f969f000 bl 0xb3a8 b0d6: 2001 mov r0, #1 b0d8: 7038 strb r0, [r7, #0] b0da: 2c03 cmp r4, #3 b0dc: da07 bge 0xb0ee b0de: 2d03 cmp r5, #3 b0e0: da05 bge 0xb0ee b0e2: 1e68 sub r0, r5, #1 b0e4: 2800 cmp r0, #0 b0e6: d019 beq 0xb11c b0e8: 3801 sub r0, #1 b0ea: 2800 cmp r0, #0 b0ec: d001 beq 0xb0f2 ; return 2; means invalid invokation? b0ee: 2002 mov r0, #2 b0f0: bdf0 pop {r4, r5, r6, r7, pc} ; goes here if 3rd arg == 2 b0f2: 2018 mov r0, #24 b0f4: 4360 mul r0, r4 b0f6: 49db ldr r1, [pc, #876] (0xb464) =0x810024 b0f8: 1809 add r1, r1, r0 b0fa: 2004 mov r0, #4 b0fc: 1840 add r0, r0, r1 b0fe: 6802 ldr r2, [r0, #0] b100: 2a00 cmp r2, #0 b102: d112 bne 0xb12a ; return 1; b104: 2202 mov r2, #2 b106: 6002 str r2, [r0, #0] b108: 2000 mov r0, #0 b10a: 8288 strh r0, [r1, #20] b10c: 6108 str r0, [r1, #16] b10e: 4aea ldr r2, [pc, #936] (0xb4b8) =0x81006C b110: 00a3 lsl r3, r4, #2 b112: 58d2 ldr r2, [r2, r3] b114: 6892 ldr r2, [r2, #8] b116: 600a str r2, [r1, #0] b118: 7248 strb r0, [r1, #9] b11a: e016 b 0xb14a ; goes here if 3rd arg == 1 b11c: 2018 mov r0, #24 b11e: 4360 mul r0, r4 b120: 49d1 ldr r1, [pc, #836] (0xb468) =0x810028 b122: 180f add r7, r1, r0 b124: 6838 ldr r0, [r7, #0] b126: 2802 cmp r0, #2 b128: d101 bne 0xb12e ; return 1; b12a: 2001 mov r0, #1 b12c: bdf0 pop {r4, r5, r6, r7, pc} ; continuation of operation with arg3 == 1 b12e: 2800 cmp r0, #0 b130: d108 bne 0xb144 b132: 1c20 mov r0, r4 (add r0, r4, #0) b134: f99af000 bl 0xb46c b138: 2800 cmp r0, #0 b13a: d001 beq 0xb140 b13c: 2003 mov r0, #3 b13e: bdf0 pop {r4, r5, r6, r7, pc} b140: 2001 mov r0, #1 b142: 6038 str r0, [r7, #0] b144: 7938 ldrb r0, [r7, #4] b146: 3001 add r0, #1 b148: 7138 strb r0, [r7, #4] b14a: 6034 str r4, [r6, #0] b14c: 6075 str r5, [r6, #4] b14e: 2000 mov r0, #0 b150: bdf0 pop {r4, r5, r6, r7, pc} ; arg1: points to buffer filled by successful 0xb0c2 in mode 1 ; arg2: 8-byte buffer filled as: ; 0: points to start of image ; 4: image length b152: b530 push {r4, r5, lr} b154: 1c0c mov r4, r1 (add r4, r1, #0) b156: 1c01 mov r1, r0 (add r1, r0, #0) b158: 48c1 ldr r0, [pc, #772] (0xb460) =0x810020 b15a: 7800 ldrb r0, [r0, #0] b15c: 2800 cmp r0, #0 b15e: d010 beq 0xb182 b160: 6808 ldr r0, [r1, #0] b162: 4ad5 ldr r2, [pc, #852] (0xb4b8) =0x81006C b164: 0083 lsl r3, r0, #2 b166: 18d5 add r5, r2, r3 b168: 2803 cmp r0, #3 b16a: da02 bge 0xb172 b16c: 6849 ldr r1, [r1, #4] b16e: 2903 cmp r1, #3 b170: db01 blt 0xb176 b172: 2002 mov r0, #2 b174: bd30 pop {r4, r5, pc} b176: 2118 mov r1, #24 b178: 4341 mul r1, r0 b17a: 4abb ldr r2, [pc, #748] (0xb468) =0x810028 b17c: 5851 ldr r1, [r2, r1] b17e: 2901 cmp r1, #1 b180: d001 beq 0xb186 b182: 2005 mov r0, #5 b184: bd30 pop {r4, r5, pc} b186: f95ff000 bl 0xb448 b18a: 6840 ldr r0, [r0, #4] b18c: 6060 str r0, [r4, #4] b18e: 6828 ldr r0, [r5, #0] b190: 6880 ldr r0, [r0, #8] b192: 6020 str r0, [r4, #0] b194: 2000 mov r0, #0 b196: bd30 pop {r4, r5, pc} b2f4: b570 push {r4, r5, r6, lr} b2f6: 1c04 mov r4, r0 (add r4, r0, #0) b2f8: 4859 ldr r0, [pc, #356] (0xb460) =0x810020 b2fa: 7800 ldrb r0, [r0, #0] b2fc: 2800 cmp r0, #0 b2fe: d00f beq 0xb320 b300: 6820 ldr r0, [r4, #0] b302: 2803 cmp r0, #3 b304: da14 bge 0xb330 b306: 6866 ldr r6, [r4, #4] b308: 2e03 cmp r6, #3 b30a: da11 bge 0xb330 b30c: 2902 cmp r1, #2 b30e: da0f bge 0xb330 b310: 4d54 ldr r5, [pc, #336] (0xb464) =0x810024 b312: 2218 mov r2, #24 b314: 4342 mul r2, r0 b316: 18aa add r2, r5, r2 b318: 3204 add r2, #4 b31a: 6813 ldr r3, [r2, #0] b31c: 2b00 cmp r3, #0 b31e: d101 bne 0xb324 b320: 2005 mov r0, #5 b322: bd70 pop {r4, r5, r6, pc} b324: 1e73 sub r3, r6, #1 b326: 2b00 cmp r3, #0 b328: d010 beq 0xb34c b32a: 3b01 sub r3, #1 b32c: 2b00 cmp r3, #0 b32e: d001 beq 0xb334 b330: 2002 mov r0, #2 b332: bd70 pop {r4, r5, r6, pc} b334: 2900 cmp r1, #0 b336: d106 bne 0xb346 b338: f856f000 bl 0xb3e8 b33c: 2018 mov r0, #24 b33e: 6821 ldr r1, [r4, #0] b340: 4348 mul r0, r1 b342: 182a add r2, r5, r0 b344: 3204 add r2, #4 b346: 2000 mov r0, #0 b348: 6010 str r0, [r2, #0] b34a: e00c b 0xb366 b34c: 7910 ldrb r0, [r2, #4] b34e: 3801 sub r0, #1 b350: 0600 lsl r0, r0, #24 b352: 0e00 lsr r0, r0, #24 b354: 7110 strb r0, [r2, #4] b356: 2800 cmp r0, #0 b358: d105 bne 0xb366 b35a: 2018 mov r0, #24 b35c: 6821 ldr r1, [r4, #0] b35e: 4348 mul r0, r1 b360: 1828 add r0, r5, r0 b362: 2100 mov r1, #0 b364: 6041 str r1, [r0, #4] b366: 2000 mov r0, #0 b368: bd70 pop {r4, r5, r6, pc} ; This function adjusts the flash region pointers ; in the table @81006C depending on the chip revision. b36a: b500 push {lr} b36c: f8dcf000 bl 0xb528 b370: 0400 lsl r0, r0, #16 b372: 0c00 lsr r0, r0, #16 b374: 2121 mov r1, #33 b376: 0209 lsl r1, r1, #8 b378: 4288 cmp r0, r1 b37a: d00a beq 0xb392 b37c: 4909 ldr r1, [pc, #36] (0xb3a4) b37e: 4288 cmp r0, r1 b380: d10e bne 0xb3a0 b382: 484d ldr r0, [pc, #308] (0xb4b8) b384: 4981 ldr r1, [pc, #516] (0xb58c) b386: 6001 str r1, [r0, #0] b388: 4981 ldr r1, [pc, #516] (0xb590) b38a: 6041 str r1, [r0, #4] b38c: 4981 ldr r1, [pc, #516] (0xb594) b38e: 6081 str r1, [r0, #8] b390: bd00 pop {pc} b392: 4849 ldr r0, [pc, #292] (0xb4b8) b394: 4980 ldr r1, [pc, #512] (0xb598) b396: 6001 str r1, [r0, #0] b398: 4980 ldr r1, [pc, #512] (0xb59c) b39a: 6041 str r1, [r0, #4] b39c: 4980 ldr r1, [pc, #512] (0xb5a0) b39e: 6081 str r1, [r0, #8] b3a0: bd00 pop {pc} b3a2: 46c0 nop (mov r8, r8) b3a4: 00002101 b3a8: b530 push {r4, r5, lr} b3aa: ffdef7ff bl 0xb36a b3ae: 2100 mov r1, #0 b3b0: 4d7c ldr r5, [pc, #496] (0xb5a4) =0x12345678 b3b2: 2303 mov r3, #3 b3b4: 4a40 ldr r2, [pc, #256] (0xb4b8) b3b6: 482b ldr r0, [pc, #172] (0xb464) =0x810024 b3b8: 6814 ldr r4, [r2, #0] b3ba: 68a4 ldr r4, [r4, #8] b3bc: 6004 str r4, [r0, #0] b3be: 60c5 str r5, [r0, #12] b3c0: 8281 strh r1, [r0, #20] b3c2: 6101 str r1, [r0, #16] b3c4: 6041 str r1, [r0, #4] b3c6: 7201 strb r1, [r0, #8] b3c8: 7241 strb r1, [r0, #9] b3ca: 3204 add r2, #4 b3cc: 3018 add r0, #24 b3ce: 3b01 sub r3, #1 b3d0: 2b00 cmp r3, #0 b3d2: d1f1 bne 0xb3b8 b3d4: bd30 pop {r4, r5, pc} b3d6: 46c0 nop (mov r8, r8) ; This function ensures that the flash in the last sector of the ; specified magic region is not toggling, and then returns ; the address of where 0x12345678 is expected. b448: b500 push {lr} b44a: 491b ldr r1, [pc, #108] (0xb4b8) =0x81006C b44c: 0080 lsl r0, r0, #2 b44e: 5808 ldr r0, [r1, r0] b450: 7901 ldrb r1, [r0, #4] b452: 0089 lsl r1, r1, #2 b454: 1840 add r0, r0, r1 b456: 6880 ldr r0, [r0, #8] b458: 380c sub r0, #12 b45a: fdd3f7ff bl 0xb004 b45e: bd00 pop {pc} b460: 00810020 b464: 00810024 b468: 00810028 ; This function checks whether the magic region specified by the argument ; contains a checksum-passing image or not. Returns 0 if pass, 3 otherwise. b46c: b530 push {r4, r5, lr} b46e: 1c04 mov r4, r0 (add r4, r0, #0) b470: ffeaf7ff bl 0xb448 b474: 1c02 mov r2, r0 (add r2, r0, #0) b476: 2105 mov r1, #5 b478: 2300 mov r3, #0 b47a: 8815 ldrh r5, [r2, #0] b47c: 18eb add r3, r5, r3 b47e: 041b lsl r3, r3, #16 b480: 0c1b lsr r3, r3, #16 b482: 3202 add r2, #2 b484: 3901 sub r1, #1 b486: 2900 cmp r1, #0 b488: d1f7 bne 0xb47a b48a: 8941 ldrh r1, [r0, #10] b48c: 428b cmp r3, r1 b48e: d11e bne 0xb4ce b490: 4909 ldr r1, [pc, #36] (0xb4b8) =0x81006C b492: 00a2 lsl r2, r4, #2 b494: 5889 ldr r1, [r1, r2] b496: 688b ldr r3, [r1, #8] b498: 6842 ldr r2, [r0, #4] b49a: 2400 mov r4, #0 b49c: 0851 lsr r1, r2, #1 b49e: 2900 cmp r1, #0 b4a0: d007 beq 0xb4b2 b4a2: 881d ldrh r5, [r3, #0] b4a4: 192c add r4, r5, r4 b4a6: 0424 lsl r4, r4, #16 b4a8: 0c24 lsr r4, r4, #16 b4aa: 3302 add r3, #2 b4ac: 3901 sub r1, #1 b4ae: 2900 cmp r1, #0 b4b0: d1f7 bne 0xb4a2 b4b2: 0851 lsr r1, r2, #1 b4b4: d308 bcc 0xb4c8 b4b6: e001 b 0xb4bc ; interspersed literal b4b8: 0081006c ; function continues b4bc: 8819 ldrh r1, [r3, #0] b4be: 0609 lsl r1, r1, #24 b4c0: 0e09 lsr r1, r1, #24 b4c2: 1909 add r1, r1, r4 b4c4: 0409 lsl r1, r1, #16 b4c6: 0c0c lsr r4, r1, #16 b4c8: 8900 ldrh r0, [r0, #8] b4ca: 4284 cmp r4, r0 b4cc: d001 beq 0xb4d2 b4ce: 2003 mov r0, #3 b4d0: bd30 pop {r4, r5, pc} b4d2: 2000 mov r0, #0 b4d4: bd30 pop {r4, r5, pc} ; This function reads flash ID from the chip. ; R0 needs to point to a 2-byte buffer into which the read manuf ID is stored. ; R1 needs to point to an 8-byte buffer (4 16-bit words) filled as follows: ; 0: word read from 0x02 in autoselect mode ; 2: word read from 0x1C "" ; 4: word read from 0x1E "" ; 6: revision number word from CFI b4d6: b5f0 push {r4, r5, r6, r7, lr} b4d8: 2303 mov r3, #3 b4da: 2200 mov r2, #0 b4dc: 0114 lsl r4, r2, #4 b4de: 4314 orr r4, r2 b4e0: 220a mov r2, #10 b4e2: 4322 orr r2, r4 b4e4: 3b01 sub r3, #1 b4e6: 2b00 cmp r3, #0 b4e8: d1f8 bne 0xb4dc b4ea: 24aa mov r4, #170 b4ec: 8014 strh r4, [r2, #0] b4ee: 1056 asr r6, r2, #1 b4f0: 2555 mov r5, #85 b4f2: 8035 strh r5, [r6, #0] b4f4: 2390 mov r3, #144 b4f6: 8013 strh r3, [r2, #0] b4f8: 2300 mov r3, #0 b4fa: 881f ldrh r7, [r3, #0] b4fc: 8007 strh r7, [r0, #0] b4fe: 8858 ldrh r0, [r3, #2] b500: 8008 strh r0, [r1, #0] b502: 8b98 ldrh r0, [r3, #28] b504: 8048 strh r0, [r1, #2] b506: 8bd8 ldrh r0, [r3, #30] b508: 8088 strh r0, [r1, #4] b50a: 2098 mov r0, #152 b50c: 8010 strh r0, [r2, #0] b50e: 2086 mov r0, #134 b510: 8847 ldrh r7, [r0, #2] b512: 8800 ldrh r0, [r0, #0] b514: 0200 lsl r0, r0, #8 b516: 4307 orr r7, r0 b518: 80cf strh r7, [r1, #6] b51a: 20ff mov r0, #255 b51c: 8018 strh r0, [r3, #0] b51e: 8014 strh r4, [r2, #0] b520: 8035 strh r5, [r6, #0] b522: 20f0 mov r0, #240 b524: 8010 strh r0, [r2, #0] b526: bdf0 pop {r4, r5, r6, r7, pc} ; This function computes a single-word flash device ID. The algorithm is ; as follows: ; - if the manuf is other than 01 or 04, return the autoselect word from 0x02 ; - ditto autosel[0x02] != 0x227E ; - in the case of our expected S71PL129NC0, return value will be ; 0x2100 or 0x2101 depending on the chip rev indicated in CFI table b528: b500 push {lr} b52a: b083 sub sp, #12 b52c: 4668 mov r0, sp b52e: a901 add r1, sp, #4 b530: ffd1f7ff bl 0xb4d6 b534: 4668 mov r0, sp b536: 8800 ldrh r0, [r0, #0] b538: 2801 cmp r0, #1 b53a: d003 beq 0xb544 b53c: 4668 mov r0, sp b53e: 8800 ldrh r0, [r0, #0] b540: 2804 cmp r0, #4 b542: d11e bne 0xb582 b544: 4668 mov r0, sp b546: 8881 ldrh r1, [r0, #4] b548: 4817 ldr r0, [pc, #92] (0xb5a8) b54a: 4281 cmp r1, r0 b54c: d119 bne 0xb582 b54e: 4668 mov r0, sp b550: 7a00 ldrb r0, [r0, #8] b552: 4669 mov r1, sp b554: 88c9 ldrh r1, [r1, #6] b556: 0209 lsl r1, r1, #8 b558: 4308 orr r0, r1 b55a: 0400 lsl r0, r0, #16 b55c: 0c00 lsr r0, r0, #16 b55e: 4669 mov r1, sp b560: 88c9 ldrh r1, [r1, #6] b562: 4a12 ldr r2, [pc, #72] (0xb5ac) b564: 4291 cmp r1, r2 b566: d10e bne 0xb586 b568: 4669 mov r1, sp b56a: 890a ldrh r2, [r1, #8] b56c: 2111 mov r1, #17 b56e: 0249 lsl r1, r1, #9 b570: 428a cmp r2, r1 b572: d108 bne 0xb586 b574: 4669 mov r1, sp b576: 8949 ldrh r1, [r1, #10] b578: 4a0d ldr r2, [pc, #52] (0xb5b0) b57a: 4291 cmp r1, r2 b57c: d003 beq 0xb586 b57e: 480d ldr r0, [pc, #52] (0xb5b4) b580: e001 b 0xb586 b582: 4668 mov r0, sp b584: 8880 ldrh r0, [r0, #4] b586: b003 add sp, #12 b588: bd00 pop {pc} b58a: 46c0 nop (mov r8, r8) ; written into table @81006C for one chip rev b58c: 0081a61c b590: 0081a8b4 b594: 0081ab4c ; written into table @81006C for the other chip rev b598: 0081a4d0 b59c: 0081a768 b5a0: 0081aa00 ; looks like 6 records of 0x14C bytes each, starting at 0x81a4d0 ; that's offset 0xA04C from the start of copy, 0xC554 in flash b5a4: 12345678 b5a8: 0000227e b5ac: 00002221 b5b0: 00003133 b5b4: 00002101 c554: 00000000 c558: 00000036 c55c: 02480000 c560: 02490000 c564: 024a0000 c568: 024b0000 c56c: 024c0000 c570: 024d0000 c574: 024e0000 c578: 024f0000 c57c: 02500000 c580: 02510000 c584: 02520000 c588: 02530000 c58c: 02540000 c590: 02550000 c594: 02560000 c598: 02570000 c59c: 02580000 c5a0: 02590000 c5a4: 025a0000 c5a8: 025b0000 c5ac: 025c0000 c5b0: 025d0000 c5b4: 025e0000 c5b8: 025f0000 c5bc: 02600000 c5c0: 02610000 c5c4: 02620000 c5c8: 02630000 c5cc: 02640000 c5d0: 02650000 c5d4: 02660000 c5d8: 02670000 c5dc: 02680000 c5e0: 02690000 c5e4: 026a0000 c5e8: 026b0000 c5ec: 026c0000 c5f0: 026d0000 c5f4: 026e0000 c5f8: 026f0000 c5fc: 02700000 c600: 02710000 c604: 02720000 c608: 02730000 c60c: 02740000 c610: 02750000 c614: 02760000 c618: 02770000 c61c: 02780000 c620: 02790000 c624: 027a0000 c628: 027b0000 c62c: 027c0000 c630: 027d0000 c634: 027e0000 ... c6a4: 0000000f c6a8: 02480000 c6ac: 024c0000 c6b0: 02500000 c6b4: 02540000 c6b8: 02580000 c6bc: 025c0000 c6c0: 02600000 c6c4: 02640000 c6c8: 02680000 c6cc: 026c0000 c6d0: 02700000 c6d4: 02740000 c6d8: 02780000 c6dc: 027c0000 c6e0: 027d0000 c6e4: 027e0000 ... c7ec: 00000001 c7f0: 00000001 c7f4: 027e0000 c7f8: 027f0000 ... c938: 00000001 c93c: 00000001 c940: 027e0000 c944: 027f0000 ... ca84: 00000002 ca88: 00000008 ca8c: 027f0000 ca90: 027f2000 ca94: 027f4000 ca98: 027f6000 ca9c: 027f8000 caa0: 027fa000 caa4: 027fc000 caa8: 027fe000 caac: 02800000 ... cbd0: 00000002 cbd4: 00000001 cbd8: 027f0000 cbdc: 02800000 ... cd1c: 00030000 cd20: 00040000 cd24: 00050000 cd28: 00060000 cd2c: 00070000 cd30: 00080000 cd34: 00090000 cd38: 000a0000 cd3c: 000b0000 cd40: 000c0000 cd44: 000d0000 cd48: 000e0000 cd4c: 000f0000 cd50: 00100000 cd54: 00110000 cd58: 00120000 cd5c: 00130000 cd60: 00140000 cd64: 00150000 cd68: 00160000 cd6c: 00170000 cd70: 00180000 cd74: 00190000 cd78: 001a0000 cd7c: 001b0000 cd80: 001c0000 cd84: 001d0000 cd88: 001e0000 cd8c: 001f0000 cd90: 00200000 cd94: 00210000 cd98: 00220000 cd9c: 00230000 cda0: 00240000 cda4: 00250000 cda8: 00260000 cdac: 00270000 cdb0: 00280000 cdb4: 00290000 cdb8: 002a0000 cdbc: 002b0000 cdc0: 002c0000 cdc4: 002d0000 cdc8: 002e0000 cdcc: 002f0000 cdd0: 00300000 cdd4: 00310000 cdd8: 00320000 cddc: 00330000 cde0: 00340000 cde4: 00350000 cde8: 00360000 cdec: 00370000 cdf0: 00380000 cdf4: 00390000 cdf8: 003a0000 cdfc: 003b0000 ce00: 003c0000 ce04: 003d0000 ce08: 003e0000 ce0c: 003f0000 ce10: 00400000 ce14: 00410000 ce18: 00420000 ce1c: 00430000 ce20: 00440000 ce24: 00450000 ce28: 00460000 ce2c: 00470000 ce30: 00480000 ce34: 00490000 ce38: 004a0000 ce3c: 004b0000 ce40: 004c0000 ce44: 004d0000 ce48: 004e0000 ce4c: 004f0000 ce50: 00500000 ce54: 00510000 ce58: 00520000 ce5c: 00530000 ce60: 00540000 ce64: 00550000 ce68: 00560000 ce6c: 00570000 ce70: 00580000 ce74: 00590000 ce78: 005a0000 ce7c: 005b0000 ce80: 005c0000 ce84: 005d0000 ce88: 005e0000 ce8c: 005f0000 ce90: 00600000 ce94: 00610000 ce98: 00620000 ce9c: 00630000 cea0: 00640000 cea4: 00650000 cea8: 00660000 ceac: 00670000 ceb0: 00680000 ceb4: 00690000 ceb8: 006a0000 cebc: 006b0000 cec0: 006c0000 cec4: 006d0000 cec8: 006e0000 cecc: 006f0000 ced0: 00700000 ced4: 00710000 ced8: 00720000 cedc: 00730000 cee0: 00740000 cee4: 00750000 cee8: 00760000 ceec: 00770000 cef0: 00780000 cef4: 00790000 cef8: 007a0000 cefc: 007b0000 cf00: 007c0000 cf04: 007d0000 cf08: 007e0000 cf0c: 007f0000 cf10: 00030000 cf14: 00040000 cf18: 00080000 cf1c: 000c0000 cf20: 00100000 cf24: 00140000 cf28: 00180000 cf2c: 001c0000 cf30: 00200000 cf34: 00240000 cf38: 00280000 cf3c: 002c0000 cf40: 00300000 cf44: 00340000 cf48: 00380000 cf4c: 003c0000 cf50: 00400000 cf54: 00440000 cf58: 00480000 cf5c: 004c0000 cf60: 00500000 cf64: 00540000 cf68: 00580000 cf6c: 005c0000 cf70: 00600000 cf74: 00640000 cf78: 00680000 cf7c: 006c0000 cf80: 00700000 cf84: 00740000 cf88: 00780000 cf8c: 007c0000 CF8F: last copied byte <CF90-1F9FF: all FFs> ; initialized data table 1fa00: 00000001 1fa04: 00810020 1fa08: c046c000 1fa0c: 00000001 1fa10: 00810021 1fa14: c046c000 1fa18: 00000004 1fa1c: 00810024 1fa20: 00000000 1fa24: 0000000c 1fa28: 0081006c 1fa2c: 0081a4d0 1fa30: 0081a768 1fa34: 0081aa00 1fa38: 00000002 1fa3c: 00810014 1fa40: 46c00000 1fa44: 00000002 1fa48: 00810016 1fa4c: 46c00000 1fa50: 00000001 1fa54: 00810018 1fa58: c046c000 1fa5c: 00000001 1fa60: 00810019 1fa64: 000000bc 1fa68: 00000001 1fa6c: 00800000 1fa70: a0000000 1fa74: 00000001 1fa78: 0081047c 1fa7c: 00000000 1fa80: 00000004 1fa84: 00810078 1fa88: 00000000 1fa8c: 00000004 1fa90: 0081001c 1fa94: 00000000 1fa98: 00000000 <1FA9C-2FFBF: all FFs> 0002FFC0: 42 43 5F 44 39 31 30 2E 30 2E 31 36 00 00 00 00 BC_D910.0.16.... 0002FFD0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ *