view compal/boot/c118-dfboot.disasm @ 405:f7df0f4d7d4f

tfo/find-is-hdr.c: print found offset in hex
author Mychaela Falconia <falcon@freecalypso.org>
date Sat, 18 Mar 2023 05:57:23 +0000
parents 50c0fac9a4a8
children
line wrap: on
line source

; In 2023-01 Mother Mychaela received a rare C118 phone with North American
; frequency bands; this phone features a 2 MiB flash chip, but the flash-
; resident bootloader version is one which we haven't seen before.  The present
; work is a disassembly analysis of this new-to-us Compal bootloader version
; from fw version 2.2.84.N.
;
; Analysis result: this bootloader version is fatally hobbled: it NEVER offers
; a serial download opportunity at all (the code is still there, but can never
; be called), only the ftmtool flag mechanism.

RESET entry and exception vectors:
       0:	ea000225	b	0x89c
       4:	ea000825	b	0x20a0
       8:	ea000825	b	0x20a4
       c:	ea000825	b	0x20a8
      10:	ea000825	b	0x20ac
      14:	ea000825	b	0x20b0
      18:	ea000825	b	0x20b4
      1c:	ea000825	b	0x20b8

; magic words?
      20:	47033dc9
      24:	47033dca
      28:	47033df9
      2c:	47033dfa

<30-7FF: all FFs>

00000800:  42 4F 4F 54 2E 39 30 2E  30 34 00 00 00 00 00 00  BOOT.90.04......
00000810:  31 30 30 33 01 03 00 00  FF FF FF FF FF FF FF FF  1003............
00000820:  FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  ................

; serial.obj .const section, matches familiar versions
     830:	00000006
     834:	00000000
     838:	00000000
     83c:	00000048
     840:	00000044
     844:	00000052
     848:	0000001b
     84c:	00000005
     850:	00000000
     854:	00000000
     858:	00000000
     85c:	00000000
     860:	000000fa
     864:	ffff5800
     868:	ffff5000

; bootloader.obj .text section, matches familiar versions

     86c:	fffffb00
     870:	02a102a1
     874:	028302a1
     878:	00c00281
     87c:	002a0040
     880:	00000040
     884:	fffffd00
     888:	ffff9800
     88c:	fffffb10
     890:	ffffff08
     894:	20061081
     898:	00000800

_INT_Bootloader_Start:
     89c:	e51f1020	ldr	r1, =0xfffffd00	; via 0x884
     8a0:	e1d120b2	ldrh	r2, [r1, #2]
     8a4:	e51f002c	ldr	r0, =0x40	; via 0x880
     8a8:	e1800002	orr	r0, r0, r2
     8ac:	e1c100b2	strh	r0, [r1, #2]
     8b0:	e51f1030	ldr	r1, =0xffff9800	; via 0x888
     8b4:	e15f22b6	ldrh	r2, =0x2006	; via 0x896
     8b8:	e1c120b0	strh	r2, [r1]
     8bc:	e5912000	ldr	r2, [r1]
     8c0:	e2022001	and	r2, r2, #1
     8c4:	e3520001	cmp	r2, #1
     8c8:	0afffffb	beq	0x8bc
     8cc:	e51f1050	ldr	r1, =0xfffffd00	; via 0x884
     8d0:	e15f24b4	ldrh	r2, =0x1081	; via 0x894
     8d4:	e1c120b0	strh	r2, [r1]
     8d8:	e51f1054	ldr	r1, =0xfffffb10	; via 0x88c
     8dc:	e15f24bc	ldrh	r2, =0x800	; via 0x898
     8e0:	e1d100b0	ldrh	r0, [r1]
     8e4:	e1800002	orr	r0, r0, r2
     8e8:	e1c100b0	strh	r0, [r1]
     8ec:	e51f1064	ldr	r1, =0xffffff08	; via 0x890
     8f0:	e15f25be	ldrh	r2, =0x0	; via 0x89a
     8f4:	e1c120b0	strh	r2, [r1]
     8f8:	e51f1094	ldr	r1, =0xfffffb00	; via 0x86c
     8fc:	e15f29b4	ldrh	r2, =0x2a1	; via 0x870
     900:	e1c120b0	strh	r2, [r1]
     904:	e15f29ba	ldrh	r2, =0x2a1	; via 0x872
     908:	e1c120b2	strh	r2, [r1, #2]
     90c:	e15f2ab0	ldrh	r2, =0x2a1	; via 0x874
     910:	e1c120b4	strh	r2, [r1, #4]
     914:	e15f2ab6	ldrh	r2, =0x283	; via 0x876
     918:	e1c120b6	strh	r2, [r1, #6]
     91c:	e15f2abc	ldrh	r2, =0x281	; via 0x878
     920:	e1c120ba	strh	r2, [r1, #10]	; 0xa
     924:	e15f2bb2	ldrh	r2, =0xc0	; via 0x87a
     928:	e1c120bc	strh	r2, [r1, #12]	; 0xc
     92c:	e15f2bb8	ldrh	r2, =0x40	; via 0x87c
     930:	e1c120b8	strh	r2, [r1, #8]
     934:	e15f2bbe	ldrh	r2, =0x2a	; via 0x87e
     938:	e1c120be	strh	r2, [r1, #14]	; 0xe
     93c:	e59f0020	ldr	r0, =0x83e68c	; via 0x964
     940:	e3a01b01	mov	r1, #1024	; 0x400
     944:	e2411004	sub	r1, r1, #4
     948:	e0802001	add	r2, r0, r1
     94c:	e3c22003	bic	r2, r2, #3
     950:	e1a0d002	mov	sp, r2
     954:	e92d100f	stmdb	sp!, {r0, r1, r2, r3, r12}
     958:	eb00050c	bl	0x1d90	; _sta_select_application
     95c:	e8bd100f	ldmia	sp!, {r0, r1, r2, r3, r12}
     960:	ea0005e4	b	0x20f8	; _INT_Initialize
     964:	0083e68c

; start.obj .text section, matches familiar versions

     968:	4961		ldr	r1, =0xfffffa08	; via 0xaf0
     96a:	4862		ldr	r0, =0xffff	; via 0xaf4
     96c:	8008		strh	r0, [r1, #0]
     96e:	4862		ldr	r0, =0xfffffa0a	; via 0xaf8
     970:	211f		mov	r1, #31	; 0x1f
     972:	8001		strh	r1, [r0, #0]
     974:	4861		ldr	r0, =0xfffff804	; via 0xafc
     976:	21f5		mov	r1, #245	; 0xf5
     978:	8001		strh	r1, [r0, #0]
     97a:	21a0		mov	r1, #160	; 0xa0
     97c:	8001		strh	r1, [r0, #0]
     97e:	4860		ldr	r0, =0xffff9800	; via 0xb00
     980:	4960		ldr	r1, =0x2002	; via 0xb04
     982:	8001		strh	r1, [r0, #0]
     984:	485e		ldr	r0, =0xffff9800	; via 0xb00
     986:	8800		ldrh	r0, [r0, #0]
     988:	0840		lsr	r0, r0, #1
     98a:	d2fb		bcs	0x984
     98c:	495e		ldr	r1, =0xfffffd00	; via 0xb08
     98e:	485f		ldr	r0, =0x1001	; via 0xb0c
     990:	8008		strh	r0, [r1, #0]
     992:	46f7		mov	pc, lr

     994:	b500		push	{lr}
     996:	b0ff		sub	sp, #508	; 0x1fc
     998:	b0ca		sub	sp, #296	; 0x128
     99a:	2000		mov	r0, #0
     99c:	9001		str	r0, [sp, #4]
     99e:	9801		ldr	r0, [sp, #4]
     9a0:	2800		cmp	r0, #0
     9a2:	d14e		bne	0xa42
     9a4:	a846		add	r0, sp, #280	; 0x118
     9a6:	2100		mov	r1, #0
     9a8:	f001 f81e	bl	0x19e8
     9ac:	a9c8		add	r1, sp, #800	; 0x320
     9ae:	7008		strb	r0, [r1, #0]
     9b0:	a846		add	r0, sp, #280	; 0x118
     9b2:	a902		add	r1, sp, #8
     9b4:	f000 fadc	bl	0xf70
     9b8:	9000		str	r0, [sp, #0]
     9ba:	9800		ldr	r0, [sp, #0]
     9bc:	2800		cmp	r0, #0
     9be:	d01b		beq	0x9f8
     9c0:	a924		add	r1, sp, #144	; 0x90
     9c2:	4668		mov	r0, sp
     9c4:	7a00		ldrb	r0, [r0, #8]
     9c6:	7008		strb	r0, [r1, #0]
     9c8:	2191		mov	r1, #145	; 0x91
     9ca:	466a		mov	r2, sp
     9cc:	4668		mov	r0, sp
     9ce:	7800		ldrb	r0, [r0, #0]
     9d0:	5488		strb	r0, [r1, r2]
     9d2:	e01b		b	0xa0c
     9d4:	a802		add	r0, sp, #8
     9d6:	a924		add	r1, sp, #144	; 0x90
     9d8:	f000 fdb8	bl	0x154c
     9dc:	e016		b	0xa0c
     9de:	a802		add	r0, sp, #8
     9e0:	a924		add	r1, sp, #144	; 0x90
     9e2:	aac8		add	r2, sp, #800	; 0x320
     9e4:	7812		ldrb	r2, [r2, #0]
     9e6:	f000 fdc5	bl	0x1574
     9ea:	e00f		b	0xa0c
     9ec:	a802		add	r0, sp, #8
     9ee:	a924		add	r1, sp, #144	; 0x90
     9f0:	f000 fdf7	bl	0x15e2
     9f4:	90c7		str	r0, [sp, #796]	; 0x31c
     9f6:	e009		b	0xa0c
     9f8:	4668		mov	r0, sp
     9fa:	7a00		ldrb	r0, [r0, #8]
     9fc:	2800		cmp	r0, #0
     9fe:	d0e9		beq	0x9d4
     a00:	3809		sub	r0, #9
     a02:	2800		cmp	r0, #0
     a04:	d0eb		beq	0x9de
     a06:	3801		sub	r0, #1
     a08:	2800		cmp	r0, #0
     a0a:	d0ef		beq	0x9ec
     a0c:	a824		add	r0, sp, #144	; 0x90
     a0e:	a986		add	r1, sp, #536	; 0x218
     a10:	f000 fb91	bl	0x1136
     a14:	2800		cmp	r0, #0
     a16:	d111		bne	0xa3c
     a18:	a886		add	r0, sp, #536	; 0x218
     a1a:	a9c8		add	r1, sp, #800	; 0x320
     a1c:	7809		ldrb	r1, [r1, #0]
     a1e:	f000 ffb8	bl	0x1992
     a22:	2800		cmp	r0, #0
     a24:	d00a		beq	0xa3c
     a26:	4668		mov	r0, sp
     a28:	7a00		ldrb	r0, [r0, #8]
     a2a:	280a		cmp	r0, #10	; 0xa
     a2c:	d106		bne	0xa3c
     a2e:	a8c8		add	r0, sp, #800	; 0x320
     a30:	7800		ldrb	r0, [r0, #0]
     a32:	f001 f909	bl	0x1c48
     a36:	98c7		ldr	r0, [sp, #796]	; 0x31c
     a38:	f000 fa98	bl	0xf6c
     a3c:	9801		ldr	r0, [sp, #4]
     a3e:	2800		cmp	r0, #0
     a40:	d0b0		beq	0x9a4
     a42:	b07f		add	sp, #508	; 0x1fc
     a44:	b04a		add	sp, #296	; 0x128
     a46:	bd00		pop	{pc}

     a48:	b500		push	{lr}
     a4a:	b0ff		sub	sp, #508	; 0x1fc
     a4c:	b0c8		sub	sp, #288	; 0x120
     a4e:	2000		mov	r0, #0
     a50:	9000		str	r0, [sp, #0]
     a52:	a846		add	r0, sp, #280	; 0x118
     a54:	2101		mov	r1, #1
     a56:	f000 ffc7	bl	0x19e8
     a5a:	a9c6		add	r1, sp, #792	; 0x318
     a5c:	7008		strb	r0, [r1, #0]
     a5e:	a8c6		add	r0, sp, #792	; 0x318
     a60:	7800		ldrb	r0, [r0, #0]
     a62:	28ff		cmp	r0, #255	; 0xff
     a64:	d031		beq	0xaca
     a66:	a846		add	r0, sp, #280	; 0x118
     a68:	a902		add	r1, sp, #8
     a6a:	f000 fa81	bl	0xf70
     a6e:	9001		str	r0, [sp, #4]
     a70:	9801		ldr	r0, [sp, #4]
     a72:	2800		cmp	r0, #0
     a74:	d014		beq	0xaa0
     a76:	a924		add	r1, sp, #144	; 0x90
     a78:	4668		mov	r0, sp
     a7a:	7a00		ldrb	r0, [r0, #8]
     a7c:	7008		strb	r0, [r1, #0]
     a7e:	2291		mov	r2, #145	; 0x91
     a80:	4668		mov	r0, sp
     a82:	4669		mov	r1, sp
     a84:	7909		ldrb	r1, [r1, #4]
     a86:	5411		strb	r1, [r2, r0]
     a88:	a824		add	r0, sp, #144	; 0x90
     a8a:	a986		add	r1, sp, #536	; 0x218
     a8c:	f000 fb53	bl	0x1136
     a90:	2800		cmp	r0, #0
     a92:	d11a		bne	0xaca
     a94:	a886		add	r0, sp, #536	; 0x218
     a96:	a9c6		add	r1, sp, #792	; 0x318
     a98:	7809		ldrb	r1, [r1, #0]
     a9a:	f000 ff7a	bl	0x1992
     a9e:	e014		b	0xaca
     aa0:	4668		mov	r0, sp
     aa2:	7a00		ldrb	r0, [r0, #8]
     aa4:	2800		cmp	r0, #0
     aa6:	d110		bne	0xaca
     aa8:	a802		add	r0, sp, #8
     aaa:	a924		add	r1, sp, #144	; 0x90
     aac:	f000 fd4e	bl	0x154c
     ab0:	a824		add	r0, sp, #144	; 0x90
     ab2:	a986		add	r1, sp, #536	; 0x218
     ab4:	f000 fb3f	bl	0x1136
     ab8:	2800		cmp	r0, #0
     aba:	d104		bne	0xac6
     abc:	a886		add	r0, sp, #536	; 0x218
     abe:	a9c6		add	r1, sp, #792	; 0x318
     ac0:	7809		ldrb	r1, [r1, #0]
     ac2:	f000 ff66	bl	0x1992
     ac6:	2001		mov	r0, #1
     ac8:	9000		str	r0, [sp, #0]
     aca:	9800		ldr	r0, [sp, #0]
     acc:	b07f		add	sp, #508	; 0x1fc
     ace:	b048		add	sp, #288	; 0x120
     ad0:	bd00		pop	{pc}

$sta_select_application:
     ad2:	b500		push	{lr}
     ad4:	b082		sub	sp, #8
     ad6:	f7ff ff47	bl	0x968
     ada:	f001 f85d	bl	0x1b98	; $ser_initialize_serial_link
     ade:	f000 fd23	bl	0x1528	; $con_initialize_conversion
     ae2:	f000 f81f	bl	0xb24	; $fluid_bootloader
     ae6:	f000 f91a	bl	0xd1e	; $FTM_Tool_check
     aea:	b002		add	sp, #8
     aec:	bd00		pop	{pc}
     aee:	46c0		nop			(mov r8, r8)

     af0:	fffffa08
     af4:	0000ffff
     af8:	fffffa0a
     afc:	fffff804
     b00:	ffff9800
     b04:	00002002
     b08:	fffffd00
     b0c:	00001001

; boot.obj .text section

     b10:	e3a0d502	mov	sp, #8388608	; 0x800000
     b14:	e28dd802	add	sp, sp, #131072	; 0x20000
     b18:	e28fe005	add	lr, pc, #5
     b1c:	e12fff1e	bx	lr
     b20:	e1a00000	mov	r0, r0

; The fluid_bootloader() function is fatally hobbled: it initializes the UART
; at 115200 baud, but then does a delay and returns - NO call to SeekMsg()!

$fluid_bootloader:
     b24:	b500		push	{lr}
     b26:	b082		sub	sp, #8
     b28:	49f0		ldr	r1, =0x83ff00	; via 0xeec
     b2a:	48d5		ldr	r0, =0xffff5800	; via 0xe80
     b2c:	6008		str	r0, [r1, #0]
     b2e:	2000		mov	r0, #0
     b30:	2107		mov	r1, #7
     b32:	f000 f9a7	bl	0xe84	; $uart_init
     b36:	2000		mov	r0, #0
     b38:	9001		str	r0, [sp, #4]
     b3a:	9000		str	r0, [sp, #0]
     b3c:	9900		ldr	r1, [sp, #0]
     b3e:	2005		mov	r0, #5
     b40:	0400		lsl	r0, r0, #16
     b42:	4281		cmp	r1, r0
     b44:	d20a		bcs	0xb5c
     b46:	9801		ldr	r0, [sp, #4]
     b48:	3001		add	r0, #1
     b4a:	9001		str	r0, [sp, #4]
     b4c:	9800		ldr	r0, [sp, #0]
     b4e:	3001		add	r0, #1
     b50:	9000		str	r0, [sp, #0]
     b52:	9900		ldr	r1, [sp, #0]
     b54:	2005		mov	r0, #5
     b56:	0400		lsl	r0, r0, #16
     b58:	4281		cmp	r1, r0
     b5a:	d3f4		bcc	0xb46
     b5c:	b002		add	sp, #8
     b5e:	bd00		pop	{pc}

$SeekMsg:
     b60:	b500		push	{lr}
     b62:	b086		sub	sp, #24	; 0x18
     b64:	48f4		ldr	r0, =0x800100	; via 0xf38
     b66:	9005		str	r0, [sp, #20]	; 0x14
     b68:	201b		mov	r0, #27	; 0x1b
     b6a:	f000 f935	bl	0xdd8
     b6e:	20f6		mov	r0, #246	; 0xf6
     b70:	f000 f932	bl	0xdd8
     b74:	2002		mov	r0, #2
     b76:	f000 f92f	bl	0xdd8
     b7a:	2000		mov	r0, #0
     b7c:	f000 f92c	bl	0xdd8
     b80:	2041		mov	r0, #65	; 0x41
     b82:	f000 f929	bl	0xdd8
     b86:	2001		mov	r0, #1
     b88:	f000 f926	bl	0xdd8
     b8c:	2040		mov	r0, #64	; 0x40
     b8e:	f000 f923	bl	0xdd8
     b92:	2001		mov	r0, #1
     b94:	0300		lsl	r0, r0, #12
     b96:	f000 f937	bl	0xe08
     b9a:	281b		cmp	r0, #27	; 0x1b
     b9c:	d000		beq	0xba0
     b9e:	e0bc		b	0xd1a
     ba0:	2001		mov	r0, #1
     ba2:	0300		lsl	r0, r0, #12
     ba4:	f000 f930	bl	0xe08
     ba8:	28f6		cmp	r0, #246	; 0xf6
     baa:	d000		beq	0xbae
     bac:	e0b5		b	0xd1a
     bae:	2001		mov	r0, #1
     bb0:	0300		lsl	r0, r0, #12
     bb2:	f000 f929	bl	0xe08
     bb6:	2802		cmp	r0, #2
     bb8:	d000		beq	0xbbc
     bba:	e0ae		b	0xd1a
     bbc:	2001		mov	r0, #1
     bbe:	0300		lsl	r0, r0, #12
     bc0:	f000 f922	bl	0xe08
     bc4:	2800		cmp	r0, #0
     bc6:	d000		beq	0xbca
     bc8:	e0a7		b	0xd1a
     bca:	2001		mov	r0, #1
     bcc:	0300		lsl	r0, r0, #12
     bce:	f000 f91b	bl	0xe08
     bd2:	2852		cmp	r0, #82	; 0x52
     bd4:	d000		beq	0xbd8
     bd6:	e0a0		b	0xd1a
     bd8:	2001		mov	r0, #1
     bda:	0300		lsl	r0, r0, #12
     bdc:	f000 f914	bl	0xe08
     be0:	2801		cmp	r0, #1
     be2:	d000		beq	0xbe6
     be4:	e099		b	0xd1a
     be6:	2001		mov	r0, #1
     be8:	0300		lsl	r0, r0, #12
     bea:	f000 f90d	bl	0xe08
     bee:	2853		cmp	r0, #83	; 0x53
     bf0:	d000		beq	0xbf4
     bf2:	e092		b	0xd1a
     bf4:	201b		mov	r0, #27	; 0x1b
     bf6:	f000 f8ef	bl	0xdd8
     bfa:	20f6		mov	r0, #246	; 0xf6
     bfc:	f000 f8ec	bl	0xdd8
     c00:	2002		mov	r0, #2
     c02:	f000 f8e9	bl	0xdd8
     c06:	2000		mov	r0, #0
     c08:	f000 f8e6	bl	0xdd8
     c0c:	2041		mov	r0, #65	; 0x41
     c0e:	f000 f8e3	bl	0xdd8
     c12:	2002		mov	r0, #2
     c14:	f000 f8e0	bl	0xdd8
     c18:	2043		mov	r0, #67	; 0x43
     c1a:	f000 f8dd	bl	0xdd8
     c1e:	2001		mov	r0, #1
     c20:	0300		lsl	r0, r0, #12
     c22:	f000 f8f1	bl	0xe08
     c26:	4669		mov	r1, sp
     c28:	7208		strb	r0, [r1, #8]
     c2a:	4668		mov	r0, sp
     c2c:	2102		mov	r1, #2
     c2e:	7441		strb	r1, [r0, #17]	; 0x11
     c30:	2000		mov	r0, #0
     c32:	9000		str	r0, [sp, #0]
     c34:	9800		ldr	r0, [sp, #0]
     c36:	2802		cmp	r0, #2
     c38:	d216		bcs	0xc68
     c3a:	2001		mov	r0, #1
     c3c:	0300		lsl	r0, r0, #12
     c3e:	f000 f8e3	bl	0xe08
     c42:	466a		mov	r2, sp
     c44:	9900		ldr	r1, [sp, #0]
     c46:	1a51		sub	r1, r2, r1
     c48:	7348		strb	r0, [r1, #13]	; 0xd
     c4a:	4668		mov	r0, sp
     c4c:	9900		ldr	r1, [sp, #0]
     c4e:	1a40		sub	r0, r0, r1
     c50:	7b40		ldrb	r0, [r0, #13]	; 0xd
     c52:	4669		mov	r1, sp
     c54:	7c49		ldrb	r1, [r1, #17]	; 0x11
     c56:	4048		eor	r0, r1
     c58:	4669		mov	r1, sp
     c5a:	7448		strb	r0, [r1, #17]	; 0x11
     c5c:	9800		ldr	r0, [sp, #0]
     c5e:	3001		add	r0, #1
     c60:	9000		str	r0, [sp, #0]
     c62:	9800		ldr	r0, [sp, #0]
     c64:	2802		cmp	r0, #2
     c66:	d3e8		bcc	0xc3a
     c68:	4668		mov	r0, sp
     c6a:	8980		ldrh	r0, [r0, #12]	; 0xc
     c6c:	466a		mov	r2, sp
     c6e:	1e41		sub	r1, r0, #1
     c70:	8191		strh	r1, [r2, #12]	; 0xc
     c72:	2800		cmp	r0, #0
     c74:	d016		beq	0xca4
     c76:	2001		mov	r0, #1
     c78:	0300		lsl	r0, r0, #12
     c7a:	f000 f8c5	bl	0xe08
     c7e:	9905		ldr	r1, [sp, #20]	; 0x14
     c80:	7008		strb	r0, [r1, #0]
     c82:	9805		ldr	r0, [sp, #20]	; 0x14
     c84:	7801		ldrb	r1, [r0, #0]
     c86:	4668		mov	r0, sp
     c88:	7c40		ldrb	r0, [r0, #17]	; 0x11
     c8a:	4041		eor	r1, r0
     c8c:	4668		mov	r0, sp
     c8e:	7441		strb	r1, [r0, #17]	; 0x11
     c90:	9805		ldr	r0, [sp, #20]	; 0x14
     c92:	3001		add	r0, #1
     c94:	9005		str	r0, [sp, #20]	; 0x14
     c96:	4668		mov	r0, sp
     c98:	8982		ldrh	r2, [r0, #12]	; 0xc
     c9a:	4669		mov	r1, sp
     c9c:	1e50		sub	r0, r2, #1
     c9e:	8188		strh	r0, [r1, #12]	; 0xc
     ca0:	2a00		cmp	r2, #0
     ca2:	d1e8		bne	0xc76
     ca4:	2001		mov	r0, #1
     ca6:	0300		lsl	r0, r0, #12
     ca8:	f000 f8ae	bl	0xe08
     cac:	4669		mov	r1, sp
     cae:	7408		strb	r0, [r1, #16]	; 0x10
     cb0:	4668		mov	r0, sp
     cb2:	7c01		ldrb	r1, [r0, #16]	; 0x10
     cb4:	7c40		ldrb	r0, [r0, #17]	; 0x11
     cb6:	4281		cmp	r1, r0
     cb8:	d015		beq	0xce6
     cba:	201b		mov	r0, #27	; 0x1b
     cbc:	f000 f88c	bl	0xdd8
     cc0:	20f6		mov	r0, #246	; 0xf6
     cc2:	f000 f889	bl	0xdd8
     cc6:	2002		mov	r0, #2
     cc8:	f000 f886	bl	0xdd8
     ccc:	2000		mov	r0, #0
     cce:	f000 f883	bl	0xdd8
     cd2:	2045		mov	r0, #69	; 0x45
     cd4:	f000 f880	bl	0xdd8
     cd8:	2053		mov	r0, #83	; 0x53
     cda:	f000 f87d	bl	0xdd8
     cde:	2016		mov	r0, #22	; 0x16
     ce0:	f000 f87a	bl	0xdd8
     ce4:	e019		b	0xd1a
     ce6:	201b		mov	r0, #27	; 0x1b
     ce8:	f000 f876	bl	0xdd8
     cec:	20f6		mov	r0, #246	; 0xf6
     cee:	f000 f873	bl	0xdd8
     cf2:	2002		mov	r0, #2
     cf4:	f000 f870	bl	0xdd8
     cf8:	2000		mov	r0, #0
     cfa:	f000 f86d	bl	0xdd8
     cfe:	2041		mov	r0, #65	; 0x41
     d00:	f000 f86a	bl	0xdd8
     d04:	2003		mov	r0, #3
     d06:	f000 f867	bl	0xdd8
     d0a:	2042		mov	r0, #66	; 0x42
     d0c:	f000 f864	bl	0xdd8
     d10:	4876		ldr	r0, =0x83ff00	; via 0xeec
     d12:	6800		ldr	r0, [r0, #0]
     d14:	4990		ldr	r1, =0x800100	; via 0xf58
     d16:	f000 f85e	bl	0xdd6
     d1a:	b006		add	sp, #24	; 0x18
     d1c:	bd00		pop	{pc}

$FTM_Tool_check:
     d1e:	b500		push	{lr}
     d20:	b081		sub	sp, #4
     d22:	2066		mov	r0, #102	; 0x66
     d24:	f000 f858	bl	0xdd8
     d28:	2074		mov	r0, #116	; 0x74
     d2a:	f000 f855	bl	0xdd8
     d2e:	206d		mov	r0, #109	; 0x6d
     d30:	f000 f852	bl	0xdd8
     d34:	2074		mov	r0, #116	; 0x74
     d36:	f000 f84f	bl	0xdd8
     d3a:	206f		mov	r0, #111	; 0x6f
     d3c:	f000 f84c	bl	0xdd8
     d40:	206f		mov	r0, #111	; 0x6f
     d42:	f000 f849	bl	0xdd8
     d46:	206c		mov	r0, #108	; 0x6c
     d48:	f000 f846	bl	0xdd8
     d4c:	4983		ldr	r1, =0x83ff80	; via 0xf5c
     d4e:	2000		mov	r0, #0
     d50:	7008		strb	r0, [r1, #0]
     d52:	9000		str	r0, [sp, #0]
     d54:	9800		ldr	r0, [sp, #0]
     d56:	0c00		lsr	r0, r0, #16
     d58:	d105		bne	0xd66
     d5a:	9800		ldr	r0, [sp, #0]
     d5c:	3001		add	r0, #1
     d5e:	9000		str	r0, [sp, #0]
     d60:	9800		ldr	r0, [sp, #0]
     d62:	0c00		lsr	r0, r0, #16
     d64:	d0f9		beq	0xd5a
     d66:	2007		mov	r0, #7
     d68:	0400		lsl	r0, r0, #16
     d6a:	f000 f84d	bl	0xe08
     d6e:	2879		cmp	r0, #121	; 0x79
     d70:	d10e		bne	0xd90
     d72:	2001		mov	r0, #1
     d74:	0300		lsl	r0, r0, #12
     d76:	f000 f847	bl	0xe08
     d7a:	2865		cmp	r0, #101	; 0x65
     d7c:	d108		bne	0xd90
     d7e:	2001		mov	r0, #1
     d80:	0300		lsl	r0, r0, #12
     d82:	f000 f841	bl	0xe08
     d86:	2873		cmp	r0, #115	; 0x73
     d88:	d102		bne	0xd90
     d8a:	4874		ldr	r0, =0x83ff80	; via 0xf5c
     d8c:	2101		mov	r1, #1
     d8e:	7001		strb	r1, [r0, #0]
     d90:	f000 f8ce	bl	0xf30
     d94:	2800		cmp	r0, #0
     d96:	d00d		beq	0xdb4
     d98:	206d		mov	r0, #109	; 0x6d
     d9a:	f000 f81d	bl	0xdd8
     d9e:	206f		mov	r0, #111	; 0x6f
     da0:	f000 f81a	bl	0xdd8
     da4:	2064		mov	r0, #100	; 0x64
     da6:	f000 f817	bl	0xdd8
     daa:	2065		mov	r0, #101	; 0x65
     dac:	f000 f814	bl	0xdd8
     db0:	206d		mov	r0, #109	; 0x6d
     db2:	e00c		b	0xdce
     db4:	2065		mov	r0, #101	; 0x65
     db6:	f000 f80f	bl	0xdd8
     dba:	2072		mov	r0, #114	; 0x72
     dbc:	f000 f80c	bl	0xdd8
     dc0:	2072		mov	r0, #114	; 0x72
     dc2:	f000 f809	bl	0xdd8
     dc6:	206f		mov	r0, #111	; 0x6f
     dc8:	f000 f806	bl	0xdd8
     dcc:	2072		mov	r0, #114	; 0x72
     dce:	f000 f803	bl	0xdd8
     dd2:	b001		add	sp, #4
     dd4:	bd00		pop	{pc}

$jump:
     dd6:	4708		bx	r1

$putchar:	; static
     dd8:	b081		sub	sp, #4
     dda:	4669		mov	r1, sp
     ddc:	7008		strb	r0, [r1, #0]
     dde:	4843		ldr	r0, =0x83ff00	; via 0xeec
     de0:	6800		ldr	r0, [r0, #0]
     de2:	7940		ldrb	r0, [r0, #5]
     de4:	0980		lsr	r0, r0, #6
     de6:	d3fa		bcc	0xdde
     de8:	4840		ldr	r0, =0x83ff00	; via 0xeec
     dea:	6800		ldr	r0, [r0, #0]
     dec:	4669		mov	r1, sp
     dee:	7809		ldrb	r1, [r1, #0]
     df0:	7001		strb	r1, [r0, #0]
     df2:	b001		add	sp, #4
     df4:	46f7		mov	pc, lr

$getchar:
     df6:	483d		ldr	r0, =0x83ff00	; via 0xeec
     df8:	6800		ldr	r0, [r0, #0]
     dfa:	7940		ldrb	r0, [r0, #5]
     dfc:	0840		lsr	r0, r0, #1
     dfe:	d3fa		bcc	0xdf6
     e00:	483a		ldr	r0, =0x83ff00	; via 0xeec
     e02:	6800		ldr	r0, [r0, #0]
     e04:	7800		ldrb	r0, [r0, #0]
     e06:	4770		bx	lr

$getchar_timeout:
     e08:	b083		sub	sp, #12	; 0xc
     e0a:	9000		str	r0, [sp, #0]
     e0c:	9800		ldr	r0, [sp, #0]
     e0e:	9002		str	r0, [sp, #8]
     e10:	4836		ldr	r0, =0x83ff00	; via 0xeec
     e12:	6800		ldr	r0, [r0, #0]
     e14:	7940		ldrb	r0, [r0, #5]
     e16:	0840		lsr	r0, r0, #1
     e18:	d20c		bcs	0xe34
     e1a:	9802		ldr	r0, [sp, #8]
     e1c:	3801		sub	r0, #1
     e1e:	9002		str	r0, [sp, #8]
     e20:	9802		ldr	r0, [sp, #8]
     e22:	2800		cmp	r0, #0
     e24:	d101		bne	0xe2a
     e26:	20ff		mov	r0, #255	; 0xff
     e28:	e007		b	0xe3a
     e2a:	4830		ldr	r0, =0x83ff00	; via 0xeec
     e2c:	6800		ldr	r0, [r0, #0]
     e2e:	7940		ldrb	r0, [r0, #5]
     e30:	0840		lsr	r0, r0, #1
     e32:	d3f2		bcc	0xe1a
     e34:	482d		ldr	r0, =0x83ff00	; via 0xeec
     e36:	6800		ldr	r0, [r0, #0]
     e38:	7800		ldrb	r0, [r0, #0]
     e3a:	b003		add	sp, #12	; 0xc
     e3c:	4770		bx	lr

$UartTimeout:
     e3e:	b081		sub	sp, #4
     e40:	e001		b	0xe46
     e42:	9800		ldr	r0, [sp, #0]
     e44:	3801		sub	r0, #1
     e46:	9000		str	r0, [sp, #0]
     e48:	4828		ldr	r0, =0x83ff00	; via 0xeec
     e4a:	6800		ldr	r0, [r0, #0]
     e4c:	7940		ldrb	r0, [r0, #5]
     e4e:	0840		lsr	r0, r0, #1
     e50:	d202		bcs	0xe58
     e52:	9800		ldr	r0, [sp, #0]
     e54:	2800		cmp	r0, #0
     e56:	dcf4		bgt	0xe42
     e58:	9800		ldr	r0, [sp, #0]
     e5a:	2800		cmp	r0, #0
     e5c:	dd01		ble	0xe62
     e5e:	2000		mov	r0, #0
     e60:	e000		b	0xe64
     e62:	2001		mov	r0, #1
     e64:	b001		add	sp, #4
     e66:	4770		bx	lr

$hardware_init:
     e68:	b082		sub	sp, #8
     e6a:	9000		str	r0, [sp, #0]
     e6c:	4669		mov	r1, sp
     e6e:	2000		mov	r0, #0
     e70:	7188		strb	r0, [r1, #6]
     e72:	9900		ldr	r1, [sp, #0]
     e74:	483a		ldr	r0, =0xfffef000	; via 0xf60
     e76:	8800		ldrh	r0, [r0, #0]
     e78:	8008		strh	r0, [r1, #0]
     e7a:	b002		add	sp, #8
     e7c:	4770		bx	lr
     e7e:	46c0		nop			(mov r8, r8)

<portion not analyzed yet>

; start.obj .text:v$3 section, matches familiar versions

_sta_select_application:
    1d90:	e92d4000	stmdb	sp!, {lr}
    1d94:	e28fe001	add	lr, pc, #1
    1d98:	e12fff1e	bx	lr
    1d9c:	f7fe fe99	bl	0xad2	; $sta_select_application
    1da0:	4778		bx	pc
    1da2:	46c0		nop			(mov r8, r8)
    1da4:	e8bd8000	ldmia	sp!, {pc}

<1DA8-1EFF: all FFs>

    1f00:	00000001

<1F04-end: all FFs>