FreeCalypso > hg > freecalypso-reveng
view benq-fw-disasm @ 405:f7df0f4d7d4f
tfo/find-is-hdr.c: print found offset in hex
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Sat, 18 Mar 2023 05:57:23 +0000 |
parents | 42575bc59702 |
children |
line wrap: on
line source
; The present work is a disassembly analysis of the firmware image ; read out of a BenQ M32 module. I have only dug far enough to get ; to the Init_Target() function; my original goal was to see the MEMIF ; setup done therein, which has been successfully located (0x00A3 for ; nCS0, nCS1 and nCS2, totally vanilla), but we've also got a couple of ; surprise discoveries: ; ; 1) It appears that BenQ put their XRAM on Calypso nCS2 instead of ; the canonical placement on nCS1. ; ; 2) Even though the D751774AZHH Calypso chip found in this module ; is supposed to be a C035 variant, not C05, the PLL setup is done ; the way TI did it for D-Sample C05: the PLL multiplier is set to 6 ; rather than 8, so the DSP gets 78 MHz instead of 104 MHz and the ; ARM gets 39 MHz instead of 52 MHz. ; ; The code is very heavily modified relative to TI's original; in those ; places where some TI's original code shines through, it is closer ; to the old DSample-20020917 specimen than to Openmoko-era TCS211. ; Flash boot mode 1 reset entry 0: ea004015 b 0x1005c 4: ea003ffd b 0x10000 8: ea003ffd b 0x10004 c: ea003ffd b 0x10008 10: ea003ffd b 0x1000c 14: ea003ffd b 0x10010 18: ea003ffd b 0x10014 1c: ea003ffd b 0x10018 2000: 00000001 ; mysterious routine called from the assembly boot path, ; implements some kind of interrupt-boot mechanism via the MODEM UART 7890: e59f2438 ldr r2, =0xfffff804 ; via 0x7cd0 7894: e3a010f5 mov r1, #245 ; 0xf5 7898: e1c210b0 strh r1, [r2] 789c: e3a010a0 mov r1, #160 ; 0xa0 78a0: e1c210b0 strh r1, [r2] 78a4: e59f03fc ldr r0, =0xffff5800 ; via 0x7ca8 78a8: e59f13fc ldr r1, =0xbf ; via 0x7cac 78ac: e5c01003 strb r1, [r0, #3] 78b0: e59f13f4 ldr r1, =0xbf ; via 0x7cac 78b4: e5c01003 strb r1, [r0, #3] 78b8: e3a01018 mov r1, #24 ; 0x18 78bc: e5c01002 strb r1, [r0, #2] 78c0: e3a01011 mov r1, #17 ; 0x11 78c4: e5c01004 strb r1, [r0, #4] 78c8: e3a01013 mov r1, #19 ; 0x13 78cc: e5c01006 strb r1, [r0, #6] 78d0: e59f13e4 ldr r1, =0x0 ; via 0x7cbc 78d4: e5c01003 strb r1, [r0, #3] 78d8: e3a01000 mov r1, #0 78dc: e5c01001 strb r1, [r0, #1] 78e0: e59f13c4 ldr r1, =0xbf ; via 0x7cac 78e4: e5c01003 strb r1, [r0, #3] 78e8: e3a01007 mov r1, #7 78ec: e5c01000 strb r1, [r0] 78f0: e3a01000 mov r1, #0 78f4: e5c01001 strb r1, [r0, #1] 78f8: e59f13b0 ldr r1, =0x13 ; via 0x7cb0 78fc: e5c01003 strb r1, [r0, #3] 7900: e3a01040 mov r1, #64 ; 0x40 7904: e5c01004 strb r1, [r0, #4] 7908: e3a0100f mov r1, #15 ; 0xf 790c: e5c01006 strb r1, [r0, #6] 7910: e59f1394 ldr r1, =0xbf ; via 0x7cac 7914: e5c01003 strb r1, [r0, #3] 7918: e59f1390 ldr r1, =0x13 ; via 0x7cb0 791c: e5c01003 strb r1, [r0, #3] 7920: e3a01000 mov r1, #0 7924: e5c01010 strb r1, [r0, #16] ; 0x10 7928: e59f1384 ldr r1, =0x6 ; via 0x7cb4 792c: e5c01002 strb r1, [r0, #2] 7930: e3a0100f mov r1, #15 ; 0xf 7934: e5c01004 strb r1, [r0, #4] 7938: e3a010f1 mov r1, #241 ; 0xf1 793c: e5c01002 strb r1, [r0, #2] 7940: e59f1370 ldr r1, =0x7 ; via 0x7cb8 7944: e5c01008 strb r1, [r0, #8] 7948: e3a01ffa mov r1, #1000 ; 0x3e8 794c: e2411001 sub r1, r1, #1 7950: e3510000 cmp r1, #0 7954: 1afffffc bne 0x794c 7958: e59f135c ldr r1, =0x0 ; via 0x7cbc 795c: e5c01008 strb r1, [r0, #8] 7960: e3a030ff mov r3, #255 ; 0xff 7964: e59f2368 ldr r2, =0x1870bf0 ; via 0x7cd4 7968: e5c23000 strb r3, [r2] 796c: e3a0200a mov r2, #10 ; 0xa 7970: e3a08801 mov r8, #65536 ; 0x10000 7974: e2488001 sub r8, r8, #1 7978: e3580000 cmp r8, #0 797c: 0a00000b beq 0x79b0 7980: e5d01005 ldrb r1, [r0, #5] 7984: e3110001 tst r1, #1 7988: 0afffff9 beq 0x7974 798c: e5d01000 ldrb r1, [r0] 7990: e3510000 cmp r1, #0 7994: 1a000003 bne 0x79a8 7998: e2422001 sub r2, r2, #1 799c: e3520000 cmp r2, #0 79a0: 0a000042 beq 0x7ab0 79a4: eafffff2 b 0x7974 79a8: e3a0200a mov r2, #10 ; 0xa 79ac: eafffff0 b 0x7974 79b0: e59f02f0 ldr r0, =0xffff5800 ; via 0x7ca8 79b4: e59f12f0 ldr r1, =0xbf ; via 0x7cac 79b8: e5c01003 strb r1, [r0, #3] 79bc: e59f12e8 ldr r1, =0xbf ; via 0x7cac 79c0: e5c01003 strb r1, [r0, #3] 79c4: e3a01018 mov r1, #24 ; 0x18 79c8: e5c01002 strb r1, [r0, #2] 79cc: e3a01011 mov r1, #17 ; 0x11 79d0: e5c01004 strb r1, [r0, #4] 79d4: e3a01013 mov r1, #19 ; 0x13 79d8: e5c01006 strb r1, [r0, #6] 79dc: e59f12d8 ldr r1, =0x0 ; via 0x7cbc 79e0: e5c01003 strb r1, [r0, #3] 79e4: e3a01000 mov r1, #0 79e8: e5c01001 strb r1, [r0, #1] 79ec: e59f12b8 ldr r1, =0xbf ; via 0x7cac 79f0: e5c01003 strb r1, [r0, #3] 79f4: e3a01002 mov r1, #2 79f8: e5c01000 strb r1, [r0] 79fc: e3a01000 mov r1, #0 7a00: e5c01001 strb r1, [r0, #1] 7a04: e59f12a4 ldr r1, =0x13 ; via 0x7cb0 7a08: e5c01003 strb r1, [r0, #3] 7a0c: e3a01040 mov r1, #64 ; 0x40 7a10: e5c01004 strb r1, [r0, #4] 7a14: e3a0100f mov r1, #15 ; 0xf 7a18: e5c01006 strb r1, [r0, #6] 7a1c: e59f1288 ldr r1, =0xbf ; via 0x7cac 7a20: e5c01003 strb r1, [r0, #3] 7a24: e59f1284 ldr r1, =0x13 ; via 0x7cb0 7a28: e5c01003 strb r1, [r0, #3] 7a2c: e3a01000 mov r1, #0 7a30: e5c01010 strb r1, [r0, #16] ; 0x10 7a34: e59f1278 ldr r1, =0x6 ; via 0x7cb4 7a38: e5c01002 strb r1, [r0, #2] 7a3c: e3a0100f mov r1, #15 ; 0xf 7a40: e5c01004 strb r1, [r0, #4] 7a44: e3a010f1 mov r1, #241 ; 0xf1 7a48: e5c01002 strb r1, [r0, #2] 7a4c: e59f1264 ldr r1, =0x7 ; via 0x7cb8 7a50: e5c01008 strb r1, [r0, #8] 7a54: e3a01ffa mov r1, #1000 ; 0x3e8 7a58: e2411001 sub r1, r1, #1 7a5c: e3510000 cmp r1, #0 7a60: 1afffffc bne 0x7a58 7a64: e59f1250 ldr r1, =0x0 ; via 0x7cbc 7a68: e5c01008 strb r1, [r0, #8] 7a6c: e3a0200a mov r2, #10 ; 0xa 7a70: e3a08801 mov r8, #65536 ; 0x10000 7a74: e2488001 sub r8, r8, #1 7a78: e3580000 cmp r8, #0 7a7c: 0a0021d9 beq 0x101e8 7a80: e5d01005 ldrb r1, [r0, #5] 7a84: e3110001 tst r1, #1 7a88: 0afffff9 beq 0x7a74 7a8c: e5d01000 ldrb r1, [r0] 7a90: e3510000 cmp r1, #0 7a94: 1a000003 bne 0x7aa8 7a98: e2422001 sub r2, r2, #1 7a9c: e3520000 cmp r2, #0 7aa0: 0a000002 beq 0x7ab0 7aa4: eafffff2 b 0x7a74 7aa8: e3a0200a mov r2, #10 ; 0xa 7aac: eafffff0 b 0x7a74 7ab0: e3a0200a mov r2, #10 ; 0xa 7ab4: e3a08801 mov r8, #65536 ; 0x10000 7ab8: e2488001 sub r8, r8, #1 7abc: e3580000 cmp r8, #0 7ac0: 0a0021c8 beq 0x101e8 7ac4: e5d01005 ldrb r1, [r0, #5] 7ac8: e3110001 tst r1, #1 7acc: 0afffff9 beq 0x7ab8 7ad0: e5d01000 ldrb r1, [r0] 7ad4: e3510000 cmp r1, #0 7ad8: 1a000003 bne 0x7aec 7adc: e2422001 sub r2, r2, #1 7ae0: e3520000 cmp r2, #0 7ae4: 0a000002 beq 0x7af4 7ae8: eafffff2 b 0x7ab8 7aec: e3a0200a mov r2, #10 ; 0xa 7af0: eafffff0 b 0x7ab8 7af4: e3a010ee mov r1, #238 ; 0xee 7af8: e5c01000 strb r1, [r0] 7afc: e3a01066 mov r1, #102 ; 0x66 7b00: e5c01000 strb r1, [r0] 7b04: e3a02012 mov r2, #18 ; 0x12 7b08: e3a08801 mov r8, #65536 ; 0x10000 7b0c: e2488001 sub r8, r8, #1 7b10: e3580000 cmp r8, #0 7b14: 0a0021b3 beq 0x101e8 7b18: e5d01005 ldrb r1, [r0, #5] 7b1c: e3110001 tst r1, #1 7b20: 0afffff9 beq 0x7b0c 7b24: e5d01000 ldrb r1, [r0] 7b28: e3510000 cmp r1, #0 7b2c: 1a000003 bne 0x7b40 7b30: e2422001 sub r2, r2, #1 7b34: e3520000 cmp r2, #0 7b38: 0a0021aa beq 0x101e8 7b3c: eafffff2 b 0x7b0c 7b40: e3510011 cmp r1, #17 ; 0x11 7b44: 1a0021a7 bne 0x101e8 7b48: e3a08801 mov r8, #65536 ; 0x10000 7b4c: e2488001 sub r8, r8, #1 7b50: e3580000 cmp r8, #0 7b54: 0a0021a3 beq 0x101e8 7b58: e5d01005 ldrb r1, [r0, #5] 7b5c: e3110001 tst r1, #1 7b60: 0afffff9 beq 0x7b4c 7b64: e5d01000 ldrb r1, [r0] 7b68: e3510022 cmp r1, #34 ; 0x22 7b6c: 1a00219d bne 0x101e8 7b70: e3a08801 mov r8, #65536 ; 0x10000 7b74: e2488001 sub r8, r8, #1 7b78: e3580000 cmp r8, #0 7b7c: 0a002199 beq 0x101e8 7b80: e5d01005 ldrb r1, [r0, #5] 7b84: e3110001 tst r1, #1 7b88: 0afffff9 beq 0x7b74 7b8c: e5d01000 ldrb r1, [r0] 7b90: e3a020ee mov r2, #238 ; 0xee 7b94: e5c02000 strb r2, [r0] 7b98: e1a02001 mov r2, r1 7b9c: e5c02000 strb r2, [r0] 7ba0: e3510000 cmp r1, #0 7ba4: 0a000004 beq 0x7bbc 7ba8: e35100f0 cmp r1, #240 ; 0xf0 7bac: 0a000002 beq 0x7bbc 7bb0: e59f211c ldr r2, =0x1870bf0 ; via 0x7cd4 7bb4: e5c21000 strb r1, [r2] 7bb8: ea00218a b 0x101e8 7bbc: e59f2114 ldr r2, =0x140000 ; via 0x7cd8 7bc0: e5922000 ldr r2, [r2] 7bc4: e5c02000 strb r2, [r0] 7bc8: e1a02422 mov r2, r2, lsr #8 7bcc: e5c02000 strb r2, [r0] 7bd0: e1a02422 mov r2, r2, lsr #8 7bd4: e5c02000 strb r2, [r0] 7bd8: e1a02422 mov r2, r2, lsr #8 7bdc: e5c02000 strb r2, [r0] 7be0: e3a08000 mov r8, #0 7be4: e35100f0 cmp r1, #240 ; 0xf0 7be8: 0a000001 beq 0x7bf4 7bec: e59f40e4 ldr r4, =0x140000 ; via 0x7cd8 7bf0: ea000002 b 0x7c00 7bf4: e59f10dc ldr r1, =0x140000 ; via 0x7cd8 7bf8: e5911000 ldr r1, [r1] 7bfc: e59f40d8 ldr r4, =0x100 ; via 0x7cdc 7c00: e7d42008 ldrb r2, [r4, r8] 7c04: e5c02000 strb r2, [r0] 7c08: e2888001 add r8, r8, #1 7c0c: e3580010 cmp r8, #16 ; 0x10 7c10: 1afffffa bne 0x7c00 7c14: e5d02005 ldrb r2, [r0, #5] 7c18: e3120001 tst r2, #1 7c1c: 0afffffc beq 0x7c14 7c20: e5d02000 ldrb r2, [r0] 7c24: e3520033 cmp r2, #51 ; 0x33 7c28: 1a00216e bne 0x101e8 7c2c: e5d02005 ldrb r2, [r0, #5] 7c30: e3120001 tst r2, #1 7c34: 0afffffc beq 0x7c2c 7c38: e5d02000 ldrb r2, [r0] 7c3c: e3520044 cmp r2, #68 ; 0x44 7c40: 1a002168 bne 0x101e8 7c44: e59f2078 ldr r2, =0x3490 ; via 0x7cc4 7c48: e59f3078 ldr r3, =0x820100 ; via 0x7cc8 7c4c: e59f406c ldr r4, =0x7000 ; via 0x7cc0 7c50: e5d26000 ldrb r6, [r2] 7c54: e5c36000 strb r6, [r3] 7c58: e2822001 add r2, r2, #1 7c5c: e2833001 add r3, r3, #1 7c60: e2444001 sub r4, r4, #1 7c64: e3540000 cmp r4, #0 7c68: 1afffff8 bne 0x7c50 7c6c: e3a020ee mov r2, #238 ; 0xee 7c70: e5c02000 strb r2, [r0] 7c74: e3a02066 mov r2, #102 ; 0x66 7c78: e5c02000 strb r2, [r0] 7c7c: e59f0048 ldr r0, =0x81fffc ; via 0x7ccc 7c80: e1a0d000 mov sp, r0 7c84: e59f003c ldr r0, =0x820100 ; via 0x7cc8 7c88: e280e001 add lr, r0, #1 7c8c: e1a00001 mov r0, r1 7c90: e12fff1e bx lr ; TI-style exception and interrupt vectors 10000: ea0000ed b 0x103bc 10004: ea0000f4 b 0x103dc 10008: ea0000fb b 0x103fc 1000c: ea0000fe b 0x1040c 10010: ea000102 b 0x10420 10014: ea0000e2 b 0x103a4 10018: ea0000e6 b 0x103b8 ; _c_int00 pool of constants, differs from both TCS211 and DSample-20020917 ; versions: 1001c: 02a302a3 10020: 029202a3 10024: 02c00201 10028: 002a0040 1002c: fffffb00 10030: fffffd00 10034: ffff9800 10038: fffffb10 1003c: ffffff08 10040: fffef006 10044: 20021081 10048: f7ff0800 1004c: 00080000 10050: fffe1800 10054: fffe1811 10058: 0001063c ; Reset entry branches here 1005c: e59fb550 ldr r11, =0x874118 ; via 0x105b4 10060: e92b1007 stmdb r11!, {r0, r1, r2, r12} 10064: ea00011b b 0x104d8 ; return from the 0x104d8 "routine" 10068: e8bb1007 ldmia r11!, {r0, r1, r2, r12} ; code matches both TCS211 and DSample-20020917 1006c: e51f1040 ldr r1, =0xffff9800 ; via 0x10034 10070: e15f23b2 ldrh r2, =0x2002 ; via 0x10046 10074: e1c120b0 strh r2, [r1] 10078: e5912000 ldr r2, [r1] 1007c: e2022001 and r2, r2, #1 10080: e3520001 cmp r2, #1 10084: 0afffffb beq 0x10078 10088: e51f1060 ldr r1, =0xfffffd00 ; via 0x10030 1008c: e15f25b0 ldrh r2, =0x1081 ; via 0x10044 10090: e1c120b0 strh r2, [r1] 10094: e51f1064 ldr r1, =0xfffffb10 ; via 0x10038 10098: e15f25b6 ldrh r2, =0xf7ff ; via 0x1004a 1009c: e1d100b0 ldrh r0, [r1] 100a0: e0000002 and r0, r0, r2 100a4: e1c100b0 strh r0, [r1] 100a8: e51f1074 ldr r1, =0xffffff08 ; via 0x1003c 100ac: e15f26b8 ldrh r2, =0x0 ; via 0x1004c 100b0: e1c120b0 strh r2, [r1] 100b4: e51f1090 ldr r1, =0xfffffb00 ; via 0x1002c 100b8: e15f2ab4 ldrh r2, =0x2a3 ; via 0x1001c 100bc: e1c120b0 strh r2, [r1] 100c0: e15f2aba ldrh r2, =0x2a3 ; via 0x1001e 100c4: e1c120b2 strh r2, [r1, #2] 100c8: e15f2bb0 ldrh r2, =0x2a3 ; via 0x10020 100cc: e1c120b4 strh r2, [r1, #4] 100d0: e15f2bb6 ldrh r2, =0x292 ; via 0x10022 100d4: e1c120b6 strh r2, [r1, #6] 100d8: e15f2bbc ldrh r2, =0x201 ; via 0x10024 100dc: e1c120ba strh r2, [r1, #10] ; 0xa 100e0: e15f2cb2 ldrh r2, =0x2c0 ; via 0x10026 100e4: e1c120bc strh r2, [r1, #12] ; 0xc 100e8: e15f2cb8 ldrh r2, =0x40 ; via 0x10028 100ec: e1c120b8 strh r2, [r1, #8] 100f0: e15f2cbe ldrh r2, =0x2a ; via 0x1002a 100f4: e1c120be strh r2, [r1, #14] ; 0xe ; RTC muck original to BenQ 100f8: e51f10ac ldr r1, =0xfffe1811 ; via 0x10054 100fc: e5d12000 ldrb r2, [r1] 10100: e2022001 and r2, r2, #1 10104: e3520001 cmp r2, #1 10108: 0a000003 beq 0x1011c 1010c: e51f10c4 ldr r1, =0xfffe1800 ; via 0x10050 10110: e5912000 ldr r2, [r1] 10114: e59f14a8 ldr r1, =0x874cd8 ; via 0x105c4 10118: e5812000 str r2, [r1] ; back to original TI code 1011c: e10f0000 mrs r0, CPSR 10120: e3c0001f bic r0, r0, #31 ; 0x1f 10124: e3800013 orr r0, r0, #19 ; 0x13 10128: e3800080 orr r0, r0, #128 ; 0x80 1012c: e129f000 msr CPSR_fc, r0 ; inline bss clearing, similar but not identical to DSample-20020917 version 10130: e59f044c ldr r0, =0x1803784 ; via 0x10584 10134: e3a02000 mov r2, #0 10138: e59f1448 ldr r1, =0x1871ad8 ; via 0x10588 1013c: e4802004 str r2, [r0], #4 10140: e4802004 str r2, [r0], #4 10144: e4802004 str r2, [r0], #4 10148: e4802004 str r2, [r0], #4 1014c: e4802004 str r2, [r0], #4 10150: e4802004 str r2, [r0], #4 10154: e4802004 str r2, [r0], #4 10158: e4802004 str r2, [r0], #4 1015c: e4802004 str r2, [r0], #4 10160: e4802004 str r2, [r0], #4 10164: e4802004 str r2, [r0], #4 10168: e4802004 str r2, [r0], #4 1016c: e4802004 str r2, [r0], #4 10170: e4802004 str r2, [r0], #4 10174: e4802004 str r2, [r0], #4 10178: e4802004 str r2, [r0], #4 1017c: e1500001 cmp r0, r1 10180: 4affffed bmi 0x1013c 10184: e59f0400 ldr r0, =0x8296fc ; via 0x1058c 10188: e3a02000 mov r2, #0 1018c: e59f13fc ldr r1, =0x873d10 ; via 0x10590 10190: e4802004 str r2, [r0], #4 10194: e4802004 str r2, [r0], #4 10198: e4802004 str r2, [r0], #4 1019c: e4802004 str r2, [r0], #4 101a0: e4802004 str r2, [r0], #4 101a4: e4802004 str r2, [r0], #4 101a8: e4802004 str r2, [r0], #4 101ac: e4802004 str r2, [r0], #4 101b0: e4802004 str r2, [r0], #4 101b4: e4802004 str r2, [r0], #4 101b8: e4802004 str r2, [r0], #4 101bc: e4802004 str r2, [r0], #4 101c0: e4802004 str r2, [r0], #4 101c4: e4802004 str r2, [r0], #4 101c8: e4802004 str r2, [r0], #4 101cc: e4802004 str r2, [r0], #4 101d0: e1500001 cmp r0, r1 101d4: 4affffed bmi 0x10190 ; 8 MiB memory interface setup, slightly different code than TI's 101d8: e51f11a0 ldr r1, =0xfffef006 ; via 0x10040 101dc: e3a02008 mov r2, #8 101e0: e1c120b0 strh r2, [r1] ; BenQ's serial interrupt-boot routine 101e4: ebffdda9 bl 0x7890 ; return by branch from the above routine ; setting _INT_Loaded_Flag? 101e8: e3a00001 mov r0, #1 101ec: e59f13a4 ldr r1, =0x1871a34 ; via 0x10598 101f0: e5810000 str r0, [r1] ; stack setup? - code matches DSample-20020917 version from here 101f4: e59f0398 ldr r0, =0x8741d4 ; via 0x10594 101f8: e3a01b01 mov r1, #1024 ; 0x400 101fc: e2411004 sub r1, r1, #4 10200: e0802001 add r2, r0, r1 10204: e1a0a000 mov r10, r0 10208: e59f338c ldr r3, =0x82b8a0 ; via 0x1059c 1020c: e583a000 str r10, [r3] 10210: e1a0d002 mov sp, r2 10214: e59f3384 ldr r3, =0x82b9cc ; via 0x105a0 10218: e583d000 str sp, [r3] 1021c: e3a01080 mov r1, #128 ; 0x80 10220: e0822001 add r2, r2, r1 10224: e10f0000 mrs r0, CPSR 10228: e3c0001f bic r0, r0, #31 ; 0x1f 1022c: e3800012 orr r0, r0, #18 ; 0x12 10230: e129f000 msr CPSR_fc, r0 10234: e1a0d002 mov sp, r2 10238: e3a01c02 mov r1, #512 ; 0x200 1023c: e0822001 add r2, r2, r1 10240: e10f0000 mrs r0, CPSR 10244: e3c0001f bic r0, r0, #31 ; 0x1f 10248: e3800011 orr r0, r0, #17 ; 0x11 1024c: e129f000 msr CPSR_fc, r0 10250: e1a0d002 mov sp, r2 10254: e10f0000 mrs r0, CPSR 10258: e3c0001f bic r0, r0, #31 ; 0x1f 1025c: e3800017 orr r0, r0, #23 ; 0x17 10260: e129f000 msr CPSR_fc, r0 10264: e59fd348 ldr sp, =0x874118 ; via 0x105b4 10268: e10f0000 mrs r0, CPSR 1026c: e3c0001f bic r0, r0, #31 ; 0x1f 10270: e380001b orr r0, r0, #27 ; 0x1b 10274: e129f000 msr CPSR_fc, r0 10278: e59fd334 ldr sp, =0x874118 ; via 0x105b4 1027c: e10f0000 mrs r0, CPSR 10280: e3c0001f bic r0, r0, #31 ; 0x1f 10284: e3800013 orr r0, r0, #19 ; 0x13 10288: e129f000 msr CPSR_fc, r0 1028c: e59f3310 ldr r3, =0x82b804 ; via 0x105a4 10290: e2822004 add r2, r2, #4 10294: e5832000 str r2, [r3] 10298: e3a01b01 mov r1, #1024 ; 0x400 1029c: e3c11003 bic r1, r1, #3 102a0: e0822001 add r2, r2, r1 102a4: e59f32fc ldr r3, =0x82b88c ; via 0x105a8 102a8: e5831000 str r1, [r3] 102ac: e3a01002 mov r1, #2 102b0: e59f32f4 ldr r3, =0x82b89c ; via 0x105ac 102b4: e5831000 str r1, [r3] 102b8: e1a04002 mov r4, r2 102bc: eb08c4c2 bl 0x2415cc ; _f_load_int_mem ? 102c0: e1a02004 mov r2, r4 102c4: e59f12d0 ldr r1, =0x82b8a0 ; via 0x1059c 102c8: e5910000 ldr r0, [r1] 102cc: e3a030fe mov r3, #254 ; 0xfe 102d0: e5c03000 strb r3, [r0] 102d4: e5c03001 strb r3, [r0, #1] 102d8: e5c03002 strb r3, [r0, #2] 102dc: e5c03003 strb r3, [r0, #3] 102e0: e4903004 ldr r3, [r0], #4 102e4: e4803004 str r3, [r0], #4 102e8: e1500002 cmp r0, r2 102ec: bafffffc blt 0x102e4 102f0: e51f02a0 ldr r0, =0x1063c ; via 0x10058 102f4: e3700001 cmn r0, #1 102f8: 1b0000bd blne 0x105f4 ; _auto_init ? 102fc: e59f02ac ldr r0, =0x1870bf4 ; via 0x105b0 10300: ea08c4ab b 0x2415b4 ; _INC_Initialize ? 10304: 46c04778 <invalid ldr/str: offset reg shift by reg> 10308: eaffffff b 0x1030c 1030c: e3a00001 mov r0, #1 10310: e12fff1e bx lr 10314: 46c04778 <invalid ldr/str: offset reg shift by reg> 10318: eaffffff b 0x1031c 1031c: e3a00000 mov r0, #0 10320: e12fff1e bx lr 10324: 46c04778 <invalid ldr/str: offset reg shift by reg> 10328: e10f0000 mrs r0, CPSR 1032c: e3c0001f bic r0, r0, #31 ; 0x1f 10330: e3800012 orr r0, r0, #18 ; 0x12 10334: e129f000 msr CPSR_fc, r0 10338: e10f0000 mrs r0, CPSR 1033c: e3c00080 bic r0, r0, #128 ; 0x80 10340: e129f000 msr CPSR_fc, r0 10344: e3c0001f bic r0, r0, #31 ; 0x1f 10348: e3800013 orr r0, r0, #19 ; 0x13 1034c: e129f000 msr CPSR_fc, r0 10350: e28f0001 add r0, pc, #1 10354: e12fff10 bx r0 10358: 47784770 <invalid ldr/str: offset reg shift by reg> 1035c: 46c046c0 strmib r4, [r0], r0, asr #13 10360: e10f0000 mrs r0, CPSR 10364: e3c0001f bic r0, r0, #31 ; 0x1f 10368: e3800012 orr r0, r0, #18 ; 0x12 1036c: e129f000 msr CPSR_fc, r0 10370: e10f0000 mrs r0, CPSR 10374: e3800080 orr r0, r0, #128 ; 0x80 10378: e129f000 msr CPSR_fc, r0 1037c: e3c0001f bic r0, r0, #31 ; 0x1f 10380: e3800013 orr r0, r0, #19 ; 0x13 10384: e129f000 msr CPSR_fc, r0 10388: e28f0001 add r0, pc, #1 1038c: e12fff10 bx r0 10390: 47784770 <invalid ldr/str: offset reg shift by reg> 10394: 46c046c0 strmib r4, [r0], r0, asr #13 10398: eaffffff b 0x1039c 1039c: e3a00000 mov r0, #0 103a0: e12fff1e bx lr 103a4: e92d000f stmdb sp!, {r0, r1, r2, r3} 103a8: e24e3004 sub r3, lr, #4 103ac: eb205c69 bl 0x827558 103b0: eb0877b5 bl 0x22e28c 103b4: ea205cb0 b 0x82767c 103b8: eb0877c1 bl 0x22e2c4 103bc: e59fd1f0 ldr sp, =0x874118 ; via 0x105b4 103c0: e92d1001 stmdb sp!, {r0, r12} 103c4: e51f0394 ldr r0, =0xfffffb10 ; via 0x10038 103c8: e1d0c0b0 ldrh r12, [r0] 103cc: e38ccb02 orr r12, r12, #2048 ; 0x800 103d0: e1c0c0b0 strh r12, [r0] 103d4: e3a00001 mov r0, #1 103d8: ea00004d b 0x10514 103dc: e59fd1d0 ldr sp, =0x874118 ; via 0x105b4 103e0: e92d1001 stmdb sp!, {r0, r12} 103e4: e51f03b4 ldr r0, =0xfffffb10 ; via 0x10038 103e8: e1d0c0b0 ldrh r12, [r0] 103ec: e38ccb02 orr r12, r12, #2048 ; 0x800 103f0: e1c0c0b0 strh r12, [r0] 103f4: e3a00002 mov r0, #2 103f8: ea000045 b 0x10514 103fc: e59fd1b0 ldr sp, =0x874118 ; via 0x105b4 10400: e92d1001 stmdb sp!, {r0, r12} 10404: e3a00003 mov r0, #3 10408: ea000041 b 0x10514 1040c: e59fd1a0 ldr sp, =0x874118 ; via 0x105b4 10410: e92d1001 stmdb sp!, {r0, r12} 10414: e24ee008 sub lr, lr, #8 10418: e3a00004 mov r0, #4 1041c: ea00003c b 0x10514 10420: e59fd18c ldr sp, =0x874118 ; via 0x105b4 10424: e92d1001 stmdb sp!, {r0, r12} 10428: e51f03f8 ldr r0, =0xfffffb10 ; via 0x10038 1042c: e1d0c0b0 ldrh r12, [r0] 10430: e38ccb02 orr r12, r12, #2048 ; 0x800 10434: e1c0c0b0 strh r12, [r0] 10438: e3a00005 mov r0, #5 1043c: ea000034 b 0x10514 ; BenQ's 0xDEAD reboot handling path, not studied further 10440: e10f0000 mrs r0, CPSR 10444: e3c0001f bic r0, r0, #31 ; 0x1f 10448: e3800017 orr r0, r0, #23 ; 0x17 1044c: e3800080 orr r0, r0, #128 ; 0x80 10450: e129f000 msr CPSR_fc, r0 10454: e92d1001 stmdb sp!, {r0, r12} 10458: e3a00006 mov r0, #6 1045c: ea00002c b 0x10514 10460: 4700a000 strmi r10, [r0, -r0] 10464: eb000040 bl 0x1056c 10468: e1a0100e mov r1, lr 1046c: e10f0000 mrs r0, CPSR 10470: e3c0001f bic r0, r0, #31 ; 0x1f 10474: e3800017 orr r0, r0, #23 ; 0x17 10478: e3800080 orr r0, r0, #128 ; 0x80 1047c: e129f000 msr CPSR_fc, r0 10480: e3a00080 mov r0, #128 ; 0x80 10484: eb205a61 bl 0x826e10 10488: e1a0e001 mov lr, r1 1048c: e59fd120 ldr sp, =0x874118 ; via 0x105b4 10490: e59f1130 ldr r1, =0x82ba50 ; via 0x105c8 10494: e5910000 ldr r0, [r1] 10498: e590102c ldr r1, [r0, #44] ; 0x2c 1049c: e59f2114 ldr r2, =0x18522c4 ; via 0x105b8 104a0: e5910004 ldr r0, [r1, #4] 104a4: e5820040 str r0, [r2, #64] ; 0x40 104a8: e3a00009 mov r0, #9 104ac: e38004de orr r0, r0, #3724541952 ; 0xde000000 104b0: e38008ad orr r0, r0, #11337728 ; 0xad0000 104b4: e5820044 str r0, [r2, #68] ; 0x44 104b8: e3a03010 mov r3, #16 ; 0x10 104bc: e2811008 add r1, r1, #8 104c0: e8b10001 ldmia r1!, {r0} 104c4: e8a20001 stmia r2!, {r0} 104c8: e2433001 sub r3, r3, #1 104cc: e3530000 cmp r3, #0 104d0: 1afffffa bne 0x104c0 104d4: e12fff1e bx lr ; This code executes almost immediately out of reset, before TI's ; _INT_Initialize assembly init code, and it implements some kind of ; reboot check: if the upper 16 bits of the 32-bit word at IRAM address ; 0x874ce0 (Calypso IRAM content should be garbage on a cold-powerup) ; equal 0xDEAD, the code branches to 0x10440 (must be some kind of ; error reboot handling path), otherwise (normal cold power-up path) ; the code branches to 0x10068, where we see TI's _INT_Initialize code. 104d8: e59fc0dc ldr r12, =0x874ce0 ; via 0x105bc 104dc: e59c0000 ldr r0, [r12] 104e0: e2802000 add r2, r0, #0 104e4: e3a01000 mov r1, #0 104e8: e38114ff orr r1, r1, #4278190080 ; 0xff000000 104ec: e38118ff orr r1, r1, #16711680 ; 0xff0000 104f0: e0022001 and r2, r2, r1 104f4: e3a01000 mov r1, #0 104f8: e38114de orr r1, r1, #3724541952 ; 0xde000000 104fc: e38118ad orr r1, r1, #11337728 ; 0xad0000 10500: e1520001 cmp r2, r1 10504: 1afffed7 bne 0x10068 10508: e8bb1007 ldmia r11!, {r0, r1, r2, r12} 1050c: eaffffcb b 0x10440 $Init_Target: ; code mostly matches DSample-20020917 version, diffs noted 2303dc: b570 push {r4, r5, r6, lr} 2303de: b081 sub sp, #4 2303e0: 4d61 ldr r5, =0xfffef006 ; via 0x230568 2303e2: 2003 mov r0, #3 2303e4: 0340 lsl r0, r0, #13 2303e6: 8068 strh r0, [r5, #2] 2303e8: f006 fe71 bl 0x2370ce 2303ec: 2008 mov r0, #8 2303ee: 8829 ldrh r1, [r5, #0] 2303f0: 4308 orr r0, r1 2303f2: 8028 strh r0, [r5, #0] 2303f4: 485d ldr r0, =0xfffffd02 ; via 0x23056c 2303f6: 2105 mov r1, #5 2303f8: 8001 strh r1, [r0, #0] 2303fa: 495d ldr r1, =0xff3f ; via 0x230570 2303fc: 8802 ldrh r2, [r0, #0] 2303fe: 4011 and r1, r2 230400: 8001 strh r1, [r0, #0] 230402: 495c ldr r1, =0xffdf ; via 0x230574 230404: 8802 ldrh r2, [r0, #0] 230406: 4011 and r1, r2 230408: 8001 strh r1, [r0, #0] ; RHEA_CNTL_REG setup: this version writes 0x7F01, ; DSample-20020917 writes 0x7F00, TCS211 writes 0xFF00 23040a: 4e5b ldr r6, =0xfffff900 ; via 0x230578 23040c: 485b ldr r0, =0x7f01 ; via 0x23057c 23040e: 8030 strh r0, [r6, #0] ; The PLL setup is the same as in the D-Sample C05 version: ; the PLL multiplier is set to 6, the DSP runs at 78 MHz ; and the ARM runs at 39 MHz. 230410: 4c5b ldr r4, =0xffff9800 ; via 0x230580 230412: 485c ldr r0, =0xfff3 ; via 0x230584 230414: 8821 ldrh r1, [r4, #0] 230416: 4008 and r0, r1 230418: 8020 strh r0, [r4, #0] 23041a: 8820 ldrh r0, [r4, #0] 23041c: 8020 strh r0, [r4, #0] 23041e: 485a ldr r0, =0xf01f ; via 0x230588 230420: 8821 ldrh r1, [r4, #0] 230422: 4008 and r0, r1 230424: 8020 strh r0, [r4, #0] 230426: 2003 mov r0, #3 230428: 0200 lsl r0, r0, #8 23042a: 8821 ldrh r1, [r4, #0] 23042c: 4308 orr r0, r1 23042e: 8020 strh r0, [r4, #0] ; ARM clock setup: divide by 2 like in TCS211 230430: 2000 mov r0, #0 230432: 2102 mov r1, #2 230434: 2200 mov r2, #0 230436: f008 fc4f bl 0x238cd8 ; Memory timings (MEMIF setup) 23043a: 4954 ldr r1, =0xfffffb00 ; via 0x23058c 23043c: 20a3 mov r0, #163 ; 0xa3 23043e: 8008 strh r0, [r1, #0] 230440: 8048 strh r0, [r1, #2] 230442: 8088 strh r0, [r1, #4] 230444: 2092 mov r0, #146 ; 0x92 230446: 80c8 strh r0, [r1, #6] 230448: 2085 mov r0, #133 ; 0x85 23044a: 8148 strh r0, [r1, #10] ; 0xa 23044c: 200b mov r0, #11 ; 0xb 23044e: 0180 lsl r0, r0, #6 230450: 8188 strh r0, [r1, #12] ; 0xc 230452: 2040 mov r0, #64 ; 0x40 230454: 8108 strh r0, [r1, #8] 230456: 2020 mov r0, #32 ; 0x20 230458: 8070 strh r0, [r6, #2] 23045a: 2000 mov r0, #0 23045c: 80b0 strh r0, [r6, #4] 23045e: 2010 mov r0, #16 ; 0x10 230460: 8821 ldrh r1, [r4, #0] 230462: 4308 orr r0, r1 230464: 8020 strh r0, [r4, #0] 230466: 484a ldr r0, =0xfffffa08 ; via 0x230590 230468: 494a ldr r1, =0xffff ; via 0x230594 23046a: 8001 strh r1, [r0, #0] 23046c: 261f mov r6, #31 ; 0x1f 23046e: 8046 strh r6, [r0, #2] 230470: 2103 mov r1, #3 230472: 8181 strh r1, [r0, #12] ; 0xc 230474: f005 fa9e bl 0x2359b4 230478: 4847 ldr r0, =0xfffffc00 ; via 0x230598 23047a: 2124 mov r1, #36 ; 0x24 23047c: 8001 strh r1, [r0, #0] 23047e: 210d mov r1, #13 ; 0xd 230480: 8041 strh r1, [r0, #2] 230482: 2400 mov r4, #0 230484: 4845 ldr r0, =0xfffe2016 ; via 0x23059c 230486: 8004 strh r4, [r0, #0] 230488: 4945 ldr r1, =0xfffe2014 ; via 0x2305a0 23048a: 2002 mov r0, #2 23048c: 8008 strh r0, [r1, #0] 23048e: 4945 ldr r1, =0xfffe2002 ; via 0x2305a4 230490: 2084 mov r0, #132 ; 0x84 230492: 8008 strh r0, [r1, #0] 230494: 4944 ldr r1, =0xfffe2000 ; via 0x2305a8 230496: 4845 ldr r0, =0x3de0 ; via 0x2305ac 230498: 8008 strh r0, [r1, #0] 23049a: 4a45 ldr r2, =0xfffe2022 ; via 0x2305b0 23049c: 2009 mov r0, #9 23049e: 8010 strh r0, [r2, #0] 2304a0: 4a44 ldr r2, =0xfffe2020 ; via 0x2305b4 2304a2: 4845 ldr r0, =0x45a ; via 0x2305b8 2304a4: 8010 strh r0, [r2, #0] 2304a6: 4a45 ldr r2, =0xfffe201e ; via 0x2305bc 2304a8: 20b4 mov r0, #180 ; 0xb4 2304aa: 8010 strh r0, [r2, #0] 2304ac: 4844 ldr r0, =0xfffe201c ; via 0x2305c0 2304ae: 8006 strh r6, [r0, #0] 2304b0: 4844 ldr r0, =0xfffe2024 ; via 0x2305c4 2304b2: 8004 strh r4, [r0, #0] 2304b4: 4b44 ldr r3, =0xfffe2010 ; via 0x2305c8 2304b6: 2002 mov r0, #2 2304b8: 881a ldrh r2, [r3, #0] 2304ba: 4310 orr r0, r2 2304bc: 8018 strh r0, [r3, #0] 2304be: 4a42 ldr r2, =0xfffe2010 ; via 0x2305c8 2304c0: 2004 mov r0, #4 2304c2: 8813 ldrh r3, [r2, #0] 2304c4: 4318 orr r0, r3 2304c6: 8010 strh r0, [r2, #0] 2304c8: 2027 mov r0, #39 ; 0x27 2304ca: 80e8 strh r0, [r5, #6] 2304cc: 8a08 ldrh r0, [r1, #16] ; 0x10 2304ce: 0840 lsr r0, r0, #1 2304d0: d310 bcc 0x2304f4 2304d2: 8a08 ldrh r0, [r1, #16] ; 0x10 2304d4: 0400 lsl r0, r0, #16 2304d6: 0c40 lsr r0, r0, #17 2304d8: 0040 lsl r0, r0, #1 2304da: 8208 strh r0, [r1, #16] ; 0x10 2304dc: 2001 mov r0, #1 2304de: 9000 str r0, [sp, #0] 2304e0: e002 b 0x2304e8 2304e2: 9800 ldr r0, [sp, #0] 2304e4: 3001 add r0, #1 2304e6: 9000 str r0, [sp, #0] 2304e8: 9800 ldr r0, [sp, #0] 2304ea: 2832 cmp r0, #50 ; 0x32 2304ec: d3f9 bcc 0x2304e2 2304ee: 8a48 ldrh r0, [r1, #18] ; 0x12 2304f0: 2800 cmp r0, #0 2304f2: d0fc beq 0x2304ee 2304f4: f00a fd61 bl 0x23afba 2304f8: f00a fd65 bl 0x23afc6 2304fc: 2005 mov r0, #5 2304fe: 05c0 lsl r0, r0, #23 230500: 7004 strb r4, [r0, #0] 230502: 2001 mov r0, #1 230504: f006 fdf1 bl 0x2370ea 230508: 2002 mov r0, #2 23050a: f006 fdee bl 0x2370ea 23050e: b001 add sp, #4 230510: bd70 pop {r4, r5, r6, pc} $Init_Drivers: 230512: b500 push {lr} 230514: f7ce febd bl 0x1ff292 230518: f795 fd44 bl 0x1c5fa4 23051c: f7e0 f928 bl 0x210770 230520: f735 fb88 bl 0x165c34 230524: bd00 pop {pc} $Init_Serial_Flows: 230526: b500 push {lr} 230528: 4828 ldr r0, =0x1870ba8 ; via 0x2305cc 23052a: f75a f817 bl 0x18a55c 23052e: 2000 mov r0, #0 230530: 2102 mov r1, #2 230532: 2200 mov r2, #0 230534: f75a fd1a bl 0x18af6c 230538: f75a fd77 bl 0x18b02a 23053c: bd00 pop {pc} $Init_Unmask_IT: 23053e: b500 push {lr} 230540: 2004 mov r0, #4 230542: f005 fa98 bl 0x235a76 230546: 2012 mov r0, #18 ; 0x12 230548: f005 fa95 bl 0x235a76 23054c: 2007 mov r0, #7 23054e: f005 fa92 bl 0x235a76 230552: 2011 mov r0, #17 ; 0x11 230554: f005 fa8f bl 0x235a76 230558: bd00 pop {pc} ; same 6 empty functions as in the DSample-20020917 version 23055a: 4770 bx lr 23055c: 4770 bx lr 23055e: 4770 bx lr 230560: 4770 bx lr 230562: 4770 bx lr 230564: 4770 bx lr $Application_Initialize: 23a19e: b5f0 push {r4, r5, r6, r7, lr} 23a1a0: b084 sub sp, #16 ; 0x10 23a1a2: 4c3f ldr r4, =0x800000 ; via 0x23a2a0 23a1a4: 483f ldr r0, =0x8296f8 ; via 0x23a2a4 23a1a6: 1b00 sub r0, r0, r4 23a1a8: 1c46 add r6, r0, #1 23a1aa: 2500 mov r5, #0 23a1ac: 2001 mov r0, #1 23a1ae: 0440 lsl r0, r0, #17 23a1b0: 4286 cmp r6, r0 23a1b2: d920 bls 0x23a1f6 23a1b4: 2701 mov r7, #1 23a1b6: 9400 str r4, [sp, #0] 23a1b8: 2001 mov r0, #1 23a1ba: 0440 lsl r0, r0, #17 23a1bc: 9001 str r0, [sp, #4] 23a1be: 1c28 add r0, r5, #0 23a1c0: 2103 mov r1, #3 23a1c2: 2200 mov r2, #0 23a1c4: 2301 mov r3, #1 23a1c6: f004 faab bl 0x23e720 23a1ca: 1c68 add r0, r5, #1 23a1cc: 0600 lsl r0, r0, #24 23a1ce: 0e05 lsr r5, r0, #24 23a1d0: 2d02 cmp r5, #2 23a1d2: d100 bne 0x23a1d6 23a1d4: 2700 mov r7, #0 23a1d6: 2001 mov r0, #1 23a1d8: 0440 lsl r0, r0, #17 23a1da: 1904 add r4, r0, r4 23a1dc: 2001 mov r0, #1 23a1de: 0440 lsl r0, r0, #17 23a1e0: 1a36 sub r6, r6, r0 23a1e2: 2001 mov r0, #1 23a1e4: 0440 lsl r0, r0, #17 23a1e6: 4286 cmp r6, r0 23a1e8: d901 bls 0x23a1ee 23a1ea: 2f01 cmp r7, #1 23a1ec: d0e3 beq 0x23a1b6 23a1ee: 2e00 cmp r6, #0 23a1f0: d009 beq 0x23a206 23a1f2: 2f01 cmp r7, #1 23a1f4: d107 bne 0x23a206 23a1f6: 9400 str r4, [sp, #0] 23a1f8: 9601 str r6, [sp, #4] 23a1fa: 1c28 add r0, r5, #0 23a1fc: 2103 mov r1, #3 23a1fe: 2200 mov r2, #0 23a200: 2301 mov r3, #1 23a202: f004 fa8d bl 0x23e720 23a206: f7f6 f8e9 bl 0x2303dc ; $Init_Target 23a20a: 4827 ldr r0, =0x1870bf0 ; via 0x23a2a8 23a20c: 7800 ldrb r0, [r0, #0] 23a20e: 2820 cmp r0, #32 ; 0x20 23a210: d122 bne 0x23a258 23a212: 2001 mov r0, #1 23a214: 2100 mov r1, #0 23a216: 2200 mov r2, #0 23a218: f7bc fdca bl 0x1f6db0 23a21c: f6d2 fb45 bl 0x10c8aa 23a220: f6d2 fb4a bl 0x10c8b8 23a224: 2800 cmp r0, #0 23a226: d106 bne 0x23a236 23a228: 4669 mov r1, sp 23a22a: 20ee mov r0, #238 ; 0xee 23a22c: 7308 strb r0, [r1, #12] ; 0xc 23a22e: 4668 mov r0, sp 23a230: 21aa mov r1, #170 ; 0xaa 23a232: 7341 strb r1, [r0, #13] ; 0xd 23a234: e004 b 0x23a240 23a236: 4668 mov r0, sp 23a238: 21ee mov r1, #238 ; 0xee 23a23a: 7301 strb r1, [r0, #12] ; 0xc 23a23c: 21ff mov r1, #255 ; 0xff 23a23e: 7341 strb r1, [r0, #13] ; 0xd 23a240: 2001 mov r0, #1 23a242: a903 add r1, sp, #12 ; 0xc 23a244: 2202 mov r2, #2 23a246: f7bc ff28 bl 0x1f709a 23a24a: 2802 cmp r0, #2 23a24c: d1f8 bne 0x23a240 23a24e: 2001 mov r0, #1 23a250: 213c mov r1, #60 ; 0x3c 23a252: 2201 mov r2, #1 23a254: f771 fbb8 bl 0x1ab9c8 23a258: f7f6 f95b bl 0x230512 ; $Init_Drivers 23a25c: f008 f99c bl 0x242598 23a260: f7f6 f961 bl 0x230526 ; $Init_Serial_Flows 23a264: f796 f878 bl 0x1d0358 23a268: f004 ffc5 bl 0x23f1f6 23a26c: 2000 mov r0, #0 23a26e: f002 fcdf bl 0x23cc30 23a272: 480e ldr r0, =0xffff ; via 0x23a2ac 23a274: 2100 mov r1, #0 23a276: 2200 mov r2, #0 23a278: 2301 mov r3, #1 23a27a: f002 fc94 bl 0x23cba6 23a27e: 2001 mov r0, #1 23a280: f002 fcd6 bl 0x23cc30 23a284: f7f6 f95b bl 0x23053e ; $Init_Unmask_IT 23a288: 2002 mov r0, #2 23a28a: 2103 mov r1, #3 23a28c: f008 f884 bl 0x242398 23a290: 4807 ldr r0, =0x187036c ; via 0x23a2b0 23a292: 6800 ldr r0, [r0, #0] 23a294: 4907 ldr r1, =0x187037c ; via 0x23a2b4 23a296: 6809 ldr r1, [r1, #0] 23a298: f008 f876 bl 0x242388 23a29c: b004 add sp, #16 ; 0x10 23a29e: bdf0 pop {r4, r5, r6, r7, pc} $INC_Initialize: 2405c8: b530 push {r4, r5, lr} 2405ca: 1c05 add r5, r0, #0 2405cc: 4c13 ldr r4, =0x1871a1c ; via 0x24061c 2405ce: 2001 mov r0, #1 2405d0: 6020 str r0, [r4, #0] 2405d2: f001 f929 bl 0x241828 2405d6: f001 f92b bl 0x241830 2405da: f001 f8e7 bl 0x2417ac 2405de: f000 fcf1 bl 0x240fc4 2405e2: f7fc f8f9 bl 0x23c7d8 2405e6: f000 fed1 bl 0x24138c 2405ea: f000 fe9f bl 0x24132c 2405ee: f000 febd bl 0x24136c 2405f2: f000 fe8b bl 0x24130c 2405f6: f000 fee9 bl 0x2413cc 2405fa: f000 fea7 bl 0x24134c 2405fe: f000 fef5 bl 0x2413ec 240602: f7fe f947 bl 0x23e894 240606: f000 fed1 bl 0x2413ac 24060a: 1c28 add r0, r5, #0 24060c: f7f9 fdc7 bl 0x23a19e ; app init 240610: 2002 mov r0, #2 240612: 6020 str r0, [r4, #0] 240614: f001 fe70 bl 0x2422f8 ; $TCT_Schedule veneer 240618: bd30 pop {r4, r5, pc} ; _INC_Initialize call veneer 2415b4: e92d4000 stmdb sp!, {lr} 2415b8: e28fe001 add lr, pc, #1 2415bc: e12fff1e bx lr 2415c0: f7ff f802 bl 0x2405c8 2415c4: 4778 bx pc 2415c6: 46c0 nop (mov r8, r8) 2415c8: e8bd8000 ldmia sp!, {pc}