FreeCalypso > hg > freecalypso-reveng
view compal/boot/c118-dfboot.disasm @ 405:f7df0f4d7d4f
tfo/find-is-hdr.c: print found offset in hex
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Sat, 18 Mar 2023 05:57:23 +0000 |
parents | 50c0fac9a4a8 |
children |
line wrap: on
line source
; In 2023-01 Mother Mychaela received a rare C118 phone with North American ; frequency bands; this phone features a 2 MiB flash chip, but the flash- ; resident bootloader version is one which we haven't seen before. The present ; work is a disassembly analysis of this new-to-us Compal bootloader version ; from fw version 2.2.84.N. ; ; Analysis result: this bootloader version is fatally hobbled: it NEVER offers ; a serial download opportunity at all (the code is still there, but can never ; be called), only the ftmtool flag mechanism. RESET entry and exception vectors: 0: ea000225 b 0x89c 4: ea000825 b 0x20a0 8: ea000825 b 0x20a4 c: ea000825 b 0x20a8 10: ea000825 b 0x20ac 14: ea000825 b 0x20b0 18: ea000825 b 0x20b4 1c: ea000825 b 0x20b8 ; magic words? 20: 47033dc9 24: 47033dca 28: 47033df9 2c: 47033dfa <30-7FF: all FFs> 00000800: 42 4F 4F 54 2E 39 30 2E 30 34 00 00 00 00 00 00 BOOT.90.04...... 00000810: 31 30 30 33 01 03 00 00 FF FF FF FF FF FF FF FF 1003............ 00000820: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ ; serial.obj .const section, matches familiar versions 830: 00000006 834: 00000000 838: 00000000 83c: 00000048 840: 00000044 844: 00000052 848: 0000001b 84c: 00000005 850: 00000000 854: 00000000 858: 00000000 85c: 00000000 860: 000000fa 864: ffff5800 868: ffff5000 ; bootloader.obj .text section, matches familiar versions 86c: fffffb00 870: 02a102a1 874: 028302a1 878: 00c00281 87c: 002a0040 880: 00000040 884: fffffd00 888: ffff9800 88c: fffffb10 890: ffffff08 894: 20061081 898: 00000800 _INT_Bootloader_Start: 89c: e51f1020 ldr r1, =0xfffffd00 ; via 0x884 8a0: e1d120b2 ldrh r2, [r1, #2] 8a4: e51f002c ldr r0, =0x40 ; via 0x880 8a8: e1800002 orr r0, r0, r2 8ac: e1c100b2 strh r0, [r1, #2] 8b0: e51f1030 ldr r1, =0xffff9800 ; via 0x888 8b4: e15f22b6 ldrh r2, =0x2006 ; via 0x896 8b8: e1c120b0 strh r2, [r1] 8bc: e5912000 ldr r2, [r1] 8c0: e2022001 and r2, r2, #1 8c4: e3520001 cmp r2, #1 8c8: 0afffffb beq 0x8bc 8cc: e51f1050 ldr r1, =0xfffffd00 ; via 0x884 8d0: e15f24b4 ldrh r2, =0x1081 ; via 0x894 8d4: e1c120b0 strh r2, [r1] 8d8: e51f1054 ldr r1, =0xfffffb10 ; via 0x88c 8dc: e15f24bc ldrh r2, =0x800 ; via 0x898 8e0: e1d100b0 ldrh r0, [r1] 8e4: e1800002 orr r0, r0, r2 8e8: e1c100b0 strh r0, [r1] 8ec: e51f1064 ldr r1, =0xffffff08 ; via 0x890 8f0: e15f25be ldrh r2, =0x0 ; via 0x89a 8f4: e1c120b0 strh r2, [r1] 8f8: e51f1094 ldr r1, =0xfffffb00 ; via 0x86c 8fc: e15f29b4 ldrh r2, =0x2a1 ; via 0x870 900: e1c120b0 strh r2, [r1] 904: e15f29ba ldrh r2, =0x2a1 ; via 0x872 908: e1c120b2 strh r2, [r1, #2] 90c: e15f2ab0 ldrh r2, =0x2a1 ; via 0x874 910: e1c120b4 strh r2, [r1, #4] 914: e15f2ab6 ldrh r2, =0x283 ; via 0x876 918: e1c120b6 strh r2, [r1, #6] 91c: e15f2abc ldrh r2, =0x281 ; via 0x878 920: e1c120ba strh r2, [r1, #10] ; 0xa 924: e15f2bb2 ldrh r2, =0xc0 ; via 0x87a 928: e1c120bc strh r2, [r1, #12] ; 0xc 92c: e15f2bb8 ldrh r2, =0x40 ; via 0x87c 930: e1c120b8 strh r2, [r1, #8] 934: e15f2bbe ldrh r2, =0x2a ; via 0x87e 938: e1c120be strh r2, [r1, #14] ; 0xe 93c: e59f0020 ldr r0, =0x83e68c ; via 0x964 940: e3a01b01 mov r1, #1024 ; 0x400 944: e2411004 sub r1, r1, #4 948: e0802001 add r2, r0, r1 94c: e3c22003 bic r2, r2, #3 950: e1a0d002 mov sp, r2 954: e92d100f stmdb sp!, {r0, r1, r2, r3, r12} 958: eb00050c bl 0x1d90 ; _sta_select_application 95c: e8bd100f ldmia sp!, {r0, r1, r2, r3, r12} 960: ea0005e4 b 0x20f8 ; _INT_Initialize 964: 0083e68c ; start.obj .text section, matches familiar versions 968: 4961 ldr r1, =0xfffffa08 ; via 0xaf0 96a: 4862 ldr r0, =0xffff ; via 0xaf4 96c: 8008 strh r0, [r1, #0] 96e: 4862 ldr r0, =0xfffffa0a ; via 0xaf8 970: 211f mov r1, #31 ; 0x1f 972: 8001 strh r1, [r0, #0] 974: 4861 ldr r0, =0xfffff804 ; via 0xafc 976: 21f5 mov r1, #245 ; 0xf5 978: 8001 strh r1, [r0, #0] 97a: 21a0 mov r1, #160 ; 0xa0 97c: 8001 strh r1, [r0, #0] 97e: 4860 ldr r0, =0xffff9800 ; via 0xb00 980: 4960 ldr r1, =0x2002 ; via 0xb04 982: 8001 strh r1, [r0, #0] 984: 485e ldr r0, =0xffff9800 ; via 0xb00 986: 8800 ldrh r0, [r0, #0] 988: 0840 lsr r0, r0, #1 98a: d2fb bcs 0x984 98c: 495e ldr r1, =0xfffffd00 ; via 0xb08 98e: 485f ldr r0, =0x1001 ; via 0xb0c 990: 8008 strh r0, [r1, #0] 992: 46f7 mov pc, lr 994: b500 push {lr} 996: b0ff sub sp, #508 ; 0x1fc 998: b0ca sub sp, #296 ; 0x128 99a: 2000 mov r0, #0 99c: 9001 str r0, [sp, #4] 99e: 9801 ldr r0, [sp, #4] 9a0: 2800 cmp r0, #0 9a2: d14e bne 0xa42 9a4: a846 add r0, sp, #280 ; 0x118 9a6: 2100 mov r1, #0 9a8: f001 f81e bl 0x19e8 9ac: a9c8 add r1, sp, #800 ; 0x320 9ae: 7008 strb r0, [r1, #0] 9b0: a846 add r0, sp, #280 ; 0x118 9b2: a902 add r1, sp, #8 9b4: f000 fadc bl 0xf70 9b8: 9000 str r0, [sp, #0] 9ba: 9800 ldr r0, [sp, #0] 9bc: 2800 cmp r0, #0 9be: d01b beq 0x9f8 9c0: a924 add r1, sp, #144 ; 0x90 9c2: 4668 mov r0, sp 9c4: 7a00 ldrb r0, [r0, #8] 9c6: 7008 strb r0, [r1, #0] 9c8: 2191 mov r1, #145 ; 0x91 9ca: 466a mov r2, sp 9cc: 4668 mov r0, sp 9ce: 7800 ldrb r0, [r0, #0] 9d0: 5488 strb r0, [r1, r2] 9d2: e01b b 0xa0c 9d4: a802 add r0, sp, #8 9d6: a924 add r1, sp, #144 ; 0x90 9d8: f000 fdb8 bl 0x154c 9dc: e016 b 0xa0c 9de: a802 add r0, sp, #8 9e0: a924 add r1, sp, #144 ; 0x90 9e2: aac8 add r2, sp, #800 ; 0x320 9e4: 7812 ldrb r2, [r2, #0] 9e6: f000 fdc5 bl 0x1574 9ea: e00f b 0xa0c 9ec: a802 add r0, sp, #8 9ee: a924 add r1, sp, #144 ; 0x90 9f0: f000 fdf7 bl 0x15e2 9f4: 90c7 str r0, [sp, #796] ; 0x31c 9f6: e009 b 0xa0c 9f8: 4668 mov r0, sp 9fa: 7a00 ldrb r0, [r0, #8] 9fc: 2800 cmp r0, #0 9fe: d0e9 beq 0x9d4 a00: 3809 sub r0, #9 a02: 2800 cmp r0, #0 a04: d0eb beq 0x9de a06: 3801 sub r0, #1 a08: 2800 cmp r0, #0 a0a: d0ef beq 0x9ec a0c: a824 add r0, sp, #144 ; 0x90 a0e: a986 add r1, sp, #536 ; 0x218 a10: f000 fb91 bl 0x1136 a14: 2800 cmp r0, #0 a16: d111 bne 0xa3c a18: a886 add r0, sp, #536 ; 0x218 a1a: a9c8 add r1, sp, #800 ; 0x320 a1c: 7809 ldrb r1, [r1, #0] a1e: f000 ffb8 bl 0x1992 a22: 2800 cmp r0, #0 a24: d00a beq 0xa3c a26: 4668 mov r0, sp a28: 7a00 ldrb r0, [r0, #8] a2a: 280a cmp r0, #10 ; 0xa a2c: d106 bne 0xa3c a2e: a8c8 add r0, sp, #800 ; 0x320 a30: 7800 ldrb r0, [r0, #0] a32: f001 f909 bl 0x1c48 a36: 98c7 ldr r0, [sp, #796] ; 0x31c a38: f000 fa98 bl 0xf6c a3c: 9801 ldr r0, [sp, #4] a3e: 2800 cmp r0, #0 a40: d0b0 beq 0x9a4 a42: b07f add sp, #508 ; 0x1fc a44: b04a add sp, #296 ; 0x128 a46: bd00 pop {pc} a48: b500 push {lr} a4a: b0ff sub sp, #508 ; 0x1fc a4c: b0c8 sub sp, #288 ; 0x120 a4e: 2000 mov r0, #0 a50: 9000 str r0, [sp, #0] a52: a846 add r0, sp, #280 ; 0x118 a54: 2101 mov r1, #1 a56: f000 ffc7 bl 0x19e8 a5a: a9c6 add r1, sp, #792 ; 0x318 a5c: 7008 strb r0, [r1, #0] a5e: a8c6 add r0, sp, #792 ; 0x318 a60: 7800 ldrb r0, [r0, #0] a62: 28ff cmp r0, #255 ; 0xff a64: d031 beq 0xaca a66: a846 add r0, sp, #280 ; 0x118 a68: a902 add r1, sp, #8 a6a: f000 fa81 bl 0xf70 a6e: 9001 str r0, [sp, #4] a70: 9801 ldr r0, [sp, #4] a72: 2800 cmp r0, #0 a74: d014 beq 0xaa0 a76: a924 add r1, sp, #144 ; 0x90 a78: 4668 mov r0, sp a7a: 7a00 ldrb r0, [r0, #8] a7c: 7008 strb r0, [r1, #0] a7e: 2291 mov r2, #145 ; 0x91 a80: 4668 mov r0, sp a82: 4669 mov r1, sp a84: 7909 ldrb r1, [r1, #4] a86: 5411 strb r1, [r2, r0] a88: a824 add r0, sp, #144 ; 0x90 a8a: a986 add r1, sp, #536 ; 0x218 a8c: f000 fb53 bl 0x1136 a90: 2800 cmp r0, #0 a92: d11a bne 0xaca a94: a886 add r0, sp, #536 ; 0x218 a96: a9c6 add r1, sp, #792 ; 0x318 a98: 7809 ldrb r1, [r1, #0] a9a: f000 ff7a bl 0x1992 a9e: e014 b 0xaca aa0: 4668 mov r0, sp aa2: 7a00 ldrb r0, [r0, #8] aa4: 2800 cmp r0, #0 aa6: d110 bne 0xaca aa8: a802 add r0, sp, #8 aaa: a924 add r1, sp, #144 ; 0x90 aac: f000 fd4e bl 0x154c ab0: a824 add r0, sp, #144 ; 0x90 ab2: a986 add r1, sp, #536 ; 0x218 ab4: f000 fb3f bl 0x1136 ab8: 2800 cmp r0, #0 aba: d104 bne 0xac6 abc: a886 add r0, sp, #536 ; 0x218 abe: a9c6 add r1, sp, #792 ; 0x318 ac0: 7809 ldrb r1, [r1, #0] ac2: f000 ff66 bl 0x1992 ac6: 2001 mov r0, #1 ac8: 9000 str r0, [sp, #0] aca: 9800 ldr r0, [sp, #0] acc: b07f add sp, #508 ; 0x1fc ace: b048 add sp, #288 ; 0x120 ad0: bd00 pop {pc} $sta_select_application: ad2: b500 push {lr} ad4: b082 sub sp, #8 ad6: f7ff ff47 bl 0x968 ada: f001 f85d bl 0x1b98 ; $ser_initialize_serial_link ade: f000 fd23 bl 0x1528 ; $con_initialize_conversion ae2: f000 f81f bl 0xb24 ; $fluid_bootloader ae6: f000 f91a bl 0xd1e ; $FTM_Tool_check aea: b002 add sp, #8 aec: bd00 pop {pc} aee: 46c0 nop (mov r8, r8) af0: fffffa08 af4: 0000ffff af8: fffffa0a afc: fffff804 b00: ffff9800 b04: 00002002 b08: fffffd00 b0c: 00001001 ; boot.obj .text section b10: e3a0d502 mov sp, #8388608 ; 0x800000 b14: e28dd802 add sp, sp, #131072 ; 0x20000 b18: e28fe005 add lr, pc, #5 b1c: e12fff1e bx lr b20: e1a00000 mov r0, r0 ; The fluid_bootloader() function is fatally hobbled: it initializes the UART ; at 115200 baud, but then does a delay and returns - NO call to SeekMsg()! $fluid_bootloader: b24: b500 push {lr} b26: b082 sub sp, #8 b28: 49f0 ldr r1, =0x83ff00 ; via 0xeec b2a: 48d5 ldr r0, =0xffff5800 ; via 0xe80 b2c: 6008 str r0, [r1, #0] b2e: 2000 mov r0, #0 b30: 2107 mov r1, #7 b32: f000 f9a7 bl 0xe84 ; $uart_init b36: 2000 mov r0, #0 b38: 9001 str r0, [sp, #4] b3a: 9000 str r0, [sp, #0] b3c: 9900 ldr r1, [sp, #0] b3e: 2005 mov r0, #5 b40: 0400 lsl r0, r0, #16 b42: 4281 cmp r1, r0 b44: d20a bcs 0xb5c b46: 9801 ldr r0, [sp, #4] b48: 3001 add r0, #1 b4a: 9001 str r0, [sp, #4] b4c: 9800 ldr r0, [sp, #0] b4e: 3001 add r0, #1 b50: 9000 str r0, [sp, #0] b52: 9900 ldr r1, [sp, #0] b54: 2005 mov r0, #5 b56: 0400 lsl r0, r0, #16 b58: 4281 cmp r1, r0 b5a: d3f4 bcc 0xb46 b5c: b002 add sp, #8 b5e: bd00 pop {pc} $SeekMsg: b60: b500 push {lr} b62: b086 sub sp, #24 ; 0x18 b64: 48f4 ldr r0, =0x800100 ; via 0xf38 b66: 9005 str r0, [sp, #20] ; 0x14 b68: 201b mov r0, #27 ; 0x1b b6a: f000 f935 bl 0xdd8 b6e: 20f6 mov r0, #246 ; 0xf6 b70: f000 f932 bl 0xdd8 b74: 2002 mov r0, #2 b76: f000 f92f bl 0xdd8 b7a: 2000 mov r0, #0 b7c: f000 f92c bl 0xdd8 b80: 2041 mov r0, #65 ; 0x41 b82: f000 f929 bl 0xdd8 b86: 2001 mov r0, #1 b88: f000 f926 bl 0xdd8 b8c: 2040 mov r0, #64 ; 0x40 b8e: f000 f923 bl 0xdd8 b92: 2001 mov r0, #1 b94: 0300 lsl r0, r0, #12 b96: f000 f937 bl 0xe08 b9a: 281b cmp r0, #27 ; 0x1b b9c: d000 beq 0xba0 b9e: e0bc b 0xd1a ba0: 2001 mov r0, #1 ba2: 0300 lsl r0, r0, #12 ba4: f000 f930 bl 0xe08 ba8: 28f6 cmp r0, #246 ; 0xf6 baa: d000 beq 0xbae bac: e0b5 b 0xd1a bae: 2001 mov r0, #1 bb0: 0300 lsl r0, r0, #12 bb2: f000 f929 bl 0xe08 bb6: 2802 cmp r0, #2 bb8: d000 beq 0xbbc bba: e0ae b 0xd1a bbc: 2001 mov r0, #1 bbe: 0300 lsl r0, r0, #12 bc0: f000 f922 bl 0xe08 bc4: 2800 cmp r0, #0 bc6: d000 beq 0xbca bc8: e0a7 b 0xd1a bca: 2001 mov r0, #1 bcc: 0300 lsl r0, r0, #12 bce: f000 f91b bl 0xe08 bd2: 2852 cmp r0, #82 ; 0x52 bd4: d000 beq 0xbd8 bd6: e0a0 b 0xd1a bd8: 2001 mov r0, #1 bda: 0300 lsl r0, r0, #12 bdc: f000 f914 bl 0xe08 be0: 2801 cmp r0, #1 be2: d000 beq 0xbe6 be4: e099 b 0xd1a be6: 2001 mov r0, #1 be8: 0300 lsl r0, r0, #12 bea: f000 f90d bl 0xe08 bee: 2853 cmp r0, #83 ; 0x53 bf0: d000 beq 0xbf4 bf2: e092 b 0xd1a bf4: 201b mov r0, #27 ; 0x1b bf6: f000 f8ef bl 0xdd8 bfa: 20f6 mov r0, #246 ; 0xf6 bfc: f000 f8ec bl 0xdd8 c00: 2002 mov r0, #2 c02: f000 f8e9 bl 0xdd8 c06: 2000 mov r0, #0 c08: f000 f8e6 bl 0xdd8 c0c: 2041 mov r0, #65 ; 0x41 c0e: f000 f8e3 bl 0xdd8 c12: 2002 mov r0, #2 c14: f000 f8e0 bl 0xdd8 c18: 2043 mov r0, #67 ; 0x43 c1a: f000 f8dd bl 0xdd8 c1e: 2001 mov r0, #1 c20: 0300 lsl r0, r0, #12 c22: f000 f8f1 bl 0xe08 c26: 4669 mov r1, sp c28: 7208 strb r0, [r1, #8] c2a: 4668 mov r0, sp c2c: 2102 mov r1, #2 c2e: 7441 strb r1, [r0, #17] ; 0x11 c30: 2000 mov r0, #0 c32: 9000 str r0, [sp, #0] c34: 9800 ldr r0, [sp, #0] c36: 2802 cmp r0, #2 c38: d216 bcs 0xc68 c3a: 2001 mov r0, #1 c3c: 0300 lsl r0, r0, #12 c3e: f000 f8e3 bl 0xe08 c42: 466a mov r2, sp c44: 9900 ldr r1, [sp, #0] c46: 1a51 sub r1, r2, r1 c48: 7348 strb r0, [r1, #13] ; 0xd c4a: 4668 mov r0, sp c4c: 9900 ldr r1, [sp, #0] c4e: 1a40 sub r0, r0, r1 c50: 7b40 ldrb r0, [r0, #13] ; 0xd c52: 4669 mov r1, sp c54: 7c49 ldrb r1, [r1, #17] ; 0x11 c56: 4048 eor r0, r1 c58: 4669 mov r1, sp c5a: 7448 strb r0, [r1, #17] ; 0x11 c5c: 9800 ldr r0, [sp, #0] c5e: 3001 add r0, #1 c60: 9000 str r0, [sp, #0] c62: 9800 ldr r0, [sp, #0] c64: 2802 cmp r0, #2 c66: d3e8 bcc 0xc3a c68: 4668 mov r0, sp c6a: 8980 ldrh r0, [r0, #12] ; 0xc c6c: 466a mov r2, sp c6e: 1e41 sub r1, r0, #1 c70: 8191 strh r1, [r2, #12] ; 0xc c72: 2800 cmp r0, #0 c74: d016 beq 0xca4 c76: 2001 mov r0, #1 c78: 0300 lsl r0, r0, #12 c7a: f000 f8c5 bl 0xe08 c7e: 9905 ldr r1, [sp, #20] ; 0x14 c80: 7008 strb r0, [r1, #0] c82: 9805 ldr r0, [sp, #20] ; 0x14 c84: 7801 ldrb r1, [r0, #0] c86: 4668 mov r0, sp c88: 7c40 ldrb r0, [r0, #17] ; 0x11 c8a: 4041 eor r1, r0 c8c: 4668 mov r0, sp c8e: 7441 strb r1, [r0, #17] ; 0x11 c90: 9805 ldr r0, [sp, #20] ; 0x14 c92: 3001 add r0, #1 c94: 9005 str r0, [sp, #20] ; 0x14 c96: 4668 mov r0, sp c98: 8982 ldrh r2, [r0, #12] ; 0xc c9a: 4669 mov r1, sp c9c: 1e50 sub r0, r2, #1 c9e: 8188 strh r0, [r1, #12] ; 0xc ca0: 2a00 cmp r2, #0 ca2: d1e8 bne 0xc76 ca4: 2001 mov r0, #1 ca6: 0300 lsl r0, r0, #12 ca8: f000 f8ae bl 0xe08 cac: 4669 mov r1, sp cae: 7408 strb r0, [r1, #16] ; 0x10 cb0: 4668 mov r0, sp cb2: 7c01 ldrb r1, [r0, #16] ; 0x10 cb4: 7c40 ldrb r0, [r0, #17] ; 0x11 cb6: 4281 cmp r1, r0 cb8: d015 beq 0xce6 cba: 201b mov r0, #27 ; 0x1b cbc: f000 f88c bl 0xdd8 cc0: 20f6 mov r0, #246 ; 0xf6 cc2: f000 f889 bl 0xdd8 cc6: 2002 mov r0, #2 cc8: f000 f886 bl 0xdd8 ccc: 2000 mov r0, #0 cce: f000 f883 bl 0xdd8 cd2: 2045 mov r0, #69 ; 0x45 cd4: f000 f880 bl 0xdd8 cd8: 2053 mov r0, #83 ; 0x53 cda: f000 f87d bl 0xdd8 cde: 2016 mov r0, #22 ; 0x16 ce0: f000 f87a bl 0xdd8 ce4: e019 b 0xd1a ce6: 201b mov r0, #27 ; 0x1b ce8: f000 f876 bl 0xdd8 cec: 20f6 mov r0, #246 ; 0xf6 cee: f000 f873 bl 0xdd8 cf2: 2002 mov r0, #2 cf4: f000 f870 bl 0xdd8 cf8: 2000 mov r0, #0 cfa: f000 f86d bl 0xdd8 cfe: 2041 mov r0, #65 ; 0x41 d00: f000 f86a bl 0xdd8 d04: 2003 mov r0, #3 d06: f000 f867 bl 0xdd8 d0a: 2042 mov r0, #66 ; 0x42 d0c: f000 f864 bl 0xdd8 d10: 4876 ldr r0, =0x83ff00 ; via 0xeec d12: 6800 ldr r0, [r0, #0] d14: 4990 ldr r1, =0x800100 ; via 0xf58 d16: f000 f85e bl 0xdd6 d1a: b006 add sp, #24 ; 0x18 d1c: bd00 pop {pc} $FTM_Tool_check: d1e: b500 push {lr} d20: b081 sub sp, #4 d22: 2066 mov r0, #102 ; 0x66 d24: f000 f858 bl 0xdd8 d28: 2074 mov r0, #116 ; 0x74 d2a: f000 f855 bl 0xdd8 d2e: 206d mov r0, #109 ; 0x6d d30: f000 f852 bl 0xdd8 d34: 2074 mov r0, #116 ; 0x74 d36: f000 f84f bl 0xdd8 d3a: 206f mov r0, #111 ; 0x6f d3c: f000 f84c bl 0xdd8 d40: 206f mov r0, #111 ; 0x6f d42: f000 f849 bl 0xdd8 d46: 206c mov r0, #108 ; 0x6c d48: f000 f846 bl 0xdd8 d4c: 4983 ldr r1, =0x83ff80 ; via 0xf5c d4e: 2000 mov r0, #0 d50: 7008 strb r0, [r1, #0] d52: 9000 str r0, [sp, #0] d54: 9800 ldr r0, [sp, #0] d56: 0c00 lsr r0, r0, #16 d58: d105 bne 0xd66 d5a: 9800 ldr r0, [sp, #0] d5c: 3001 add r0, #1 d5e: 9000 str r0, [sp, #0] d60: 9800 ldr r0, [sp, #0] d62: 0c00 lsr r0, r0, #16 d64: d0f9 beq 0xd5a d66: 2007 mov r0, #7 d68: 0400 lsl r0, r0, #16 d6a: f000 f84d bl 0xe08 d6e: 2879 cmp r0, #121 ; 0x79 d70: d10e bne 0xd90 d72: 2001 mov r0, #1 d74: 0300 lsl r0, r0, #12 d76: f000 f847 bl 0xe08 d7a: 2865 cmp r0, #101 ; 0x65 d7c: d108 bne 0xd90 d7e: 2001 mov r0, #1 d80: 0300 lsl r0, r0, #12 d82: f000 f841 bl 0xe08 d86: 2873 cmp r0, #115 ; 0x73 d88: d102 bne 0xd90 d8a: 4874 ldr r0, =0x83ff80 ; via 0xf5c d8c: 2101 mov r1, #1 d8e: 7001 strb r1, [r0, #0] d90: f000 f8ce bl 0xf30 d94: 2800 cmp r0, #0 d96: d00d beq 0xdb4 d98: 206d mov r0, #109 ; 0x6d d9a: f000 f81d bl 0xdd8 d9e: 206f mov r0, #111 ; 0x6f da0: f000 f81a bl 0xdd8 da4: 2064 mov r0, #100 ; 0x64 da6: f000 f817 bl 0xdd8 daa: 2065 mov r0, #101 ; 0x65 dac: f000 f814 bl 0xdd8 db0: 206d mov r0, #109 ; 0x6d db2: e00c b 0xdce db4: 2065 mov r0, #101 ; 0x65 db6: f000 f80f bl 0xdd8 dba: 2072 mov r0, #114 ; 0x72 dbc: f000 f80c bl 0xdd8 dc0: 2072 mov r0, #114 ; 0x72 dc2: f000 f809 bl 0xdd8 dc6: 206f mov r0, #111 ; 0x6f dc8: f000 f806 bl 0xdd8 dcc: 2072 mov r0, #114 ; 0x72 dce: f000 f803 bl 0xdd8 dd2: b001 add sp, #4 dd4: bd00 pop {pc} $jump: dd6: 4708 bx r1 $putchar: ; static dd8: b081 sub sp, #4 dda: 4669 mov r1, sp ddc: 7008 strb r0, [r1, #0] dde: 4843 ldr r0, =0x83ff00 ; via 0xeec de0: 6800 ldr r0, [r0, #0] de2: 7940 ldrb r0, [r0, #5] de4: 0980 lsr r0, r0, #6 de6: d3fa bcc 0xdde de8: 4840 ldr r0, =0x83ff00 ; via 0xeec dea: 6800 ldr r0, [r0, #0] dec: 4669 mov r1, sp dee: 7809 ldrb r1, [r1, #0] df0: 7001 strb r1, [r0, #0] df2: b001 add sp, #4 df4: 46f7 mov pc, lr $getchar: df6: 483d ldr r0, =0x83ff00 ; via 0xeec df8: 6800 ldr r0, [r0, #0] dfa: 7940 ldrb r0, [r0, #5] dfc: 0840 lsr r0, r0, #1 dfe: d3fa bcc 0xdf6 e00: 483a ldr r0, =0x83ff00 ; via 0xeec e02: 6800 ldr r0, [r0, #0] e04: 7800 ldrb r0, [r0, #0] e06: 4770 bx lr $getchar_timeout: e08: b083 sub sp, #12 ; 0xc e0a: 9000 str r0, [sp, #0] e0c: 9800 ldr r0, [sp, #0] e0e: 9002 str r0, [sp, #8] e10: 4836 ldr r0, =0x83ff00 ; via 0xeec e12: 6800 ldr r0, [r0, #0] e14: 7940 ldrb r0, [r0, #5] e16: 0840 lsr r0, r0, #1 e18: d20c bcs 0xe34 e1a: 9802 ldr r0, [sp, #8] e1c: 3801 sub r0, #1 e1e: 9002 str r0, [sp, #8] e20: 9802 ldr r0, [sp, #8] e22: 2800 cmp r0, #0 e24: d101 bne 0xe2a e26: 20ff mov r0, #255 ; 0xff e28: e007 b 0xe3a e2a: 4830 ldr r0, =0x83ff00 ; via 0xeec e2c: 6800 ldr r0, [r0, #0] e2e: 7940 ldrb r0, [r0, #5] e30: 0840 lsr r0, r0, #1 e32: d3f2 bcc 0xe1a e34: 482d ldr r0, =0x83ff00 ; via 0xeec e36: 6800 ldr r0, [r0, #0] e38: 7800 ldrb r0, [r0, #0] e3a: b003 add sp, #12 ; 0xc e3c: 4770 bx lr $UartTimeout: e3e: b081 sub sp, #4 e40: e001 b 0xe46 e42: 9800 ldr r0, [sp, #0] e44: 3801 sub r0, #1 e46: 9000 str r0, [sp, #0] e48: 4828 ldr r0, =0x83ff00 ; via 0xeec e4a: 6800 ldr r0, [r0, #0] e4c: 7940 ldrb r0, [r0, #5] e4e: 0840 lsr r0, r0, #1 e50: d202 bcs 0xe58 e52: 9800 ldr r0, [sp, #0] e54: 2800 cmp r0, #0 e56: dcf4 bgt 0xe42 e58: 9800 ldr r0, [sp, #0] e5a: 2800 cmp r0, #0 e5c: dd01 ble 0xe62 e5e: 2000 mov r0, #0 e60: e000 b 0xe64 e62: 2001 mov r0, #1 e64: b001 add sp, #4 e66: 4770 bx lr $hardware_init: e68: b082 sub sp, #8 e6a: 9000 str r0, [sp, #0] e6c: 4669 mov r1, sp e6e: 2000 mov r0, #0 e70: 7188 strb r0, [r1, #6] e72: 9900 ldr r1, [sp, #0] e74: 483a ldr r0, =0xfffef000 ; via 0xf60 e76: 8800 ldrh r0, [r0, #0] e78: 8008 strh r0, [r1, #0] e7a: b002 add sp, #8 e7c: 4770 bx lr e7e: 46c0 nop (mov r8, r8) <portion not analyzed yet> ; start.obj .text:v$3 section, matches familiar versions _sta_select_application: 1d90: e92d4000 stmdb sp!, {lr} 1d94: e28fe001 add lr, pc, #1 1d98: e12fff1e bx lr 1d9c: f7fe fe99 bl 0xad2 ; $sta_select_application 1da0: 4778 bx pc 1da2: 46c0 nop (mov r8, r8) 1da4: e8bd8000 ldmia sp!, {pc} <1DA8-1EFF: all FFs> 1f00: 00000001 <1F04-end: all FFs>