FreeCalypso > hg > freecalypso-reveng
view gtm900/fw-disasm @ 405:f7df0f4d7d4f
tfo/find-is-hdr.c: print found offset in hex
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Sat, 18 Mar 2023 05:57:23 +0000 |
parents | d6b65114b82d |
children |
line wrap: on
line source
; This disassembly is a quick look at the firmware that has been read out ; of a Huawei GTM900-B modem module. Unlike most other phone and modem ; vendors' firmwares, this fw exhibits very few changes relative to TI's ; reference version. Here I have only dug far enough to get to the ; init module with the Init_Target() function and the ARMIO module with ; the GPIO setup. ; Flash boot mode 1 reset entry 0: ea0004b3 b 0x12d4 4: ea00083d b 0x2100 8: ea00083d b 0x2104 c: ea00083d b 0x2108 10: ea00083d b 0x210c 14: ea00083d b 0x2110 18: ea00083d b 0x2114 1c: ea00083d b 0x2118 _INT_Bootloader_Start: 12d4: e51f101c ldr r1, =0xffff9800 ; via 0x12c0 12d8: e15f21b2 ldrh r2, =0x2006 ; via 0x12ce 12dc: e1c120b0 strh r2, [r1] 12e0: e5912000 ldr r2, [r1] 12e4: e2022001 and r2, r2, #1 12e8: e3520001 cmp r2, #1 12ec: 0afffffb beq 0x12e0 12f0: e51f103c ldr r1, =0xfffffd00 ; via 0x12bc 12f4: e15f23b0 ldrh r2, =0x1081 ; via 0x12cc 12f8: e1c120b0 strh r2, [r1] 12fc: e51f1040 ldr r1, =0xfffffb10 ; via 0x12c4 1300: e15f23b8 ldrh r2, =0x800 ; via 0x12d0 1304: e1d100b0 ldrh r0, [r1] 1308: e1800002 orr r0, r0, r2 130c: e1c100b0 strh r0, [r1] 1310: e51f1050 ldr r1, =0xffffff08 ; via 0x12c8 1314: e15f24ba ldrh r2, =0x0 ; via 0x12d2 1318: e1c120b0 strh r2, [r1] ; MEMIF setup, nCS0 and nCS1 WS increased from TI's 0x2A1 131c: e51f107c ldr r1, =0xfffffb00 ; via 0x12a8 1320: e15f27bc ldrh r2, =0x2a3 ; via 0x12ac 1324: e1c120b0 strh r2, [r1] 1328: e15f28b2 ldrh r2, =0x2a4 ; via 0x12ae 132c: e1c120b2 strh r2, [r1, #2] 1330: e15f28b8 ldrh r2, =0x2a1 ; via 0x12b0 1334: e1c120b4 strh r2, [r1, #4] 1338: e15f28be ldrh r2, =0x283 ; via 0x12b2 133c: e1c120b6 strh r2, [r1, #6] 1340: e15f29b4 ldrh r2, =0x281 ; via 0x12b4 1344: e1c120ba strh r2, [r1, #10] ; 0xa 1348: e15f29ba ldrh r2, =0xc0 ; via 0x12b6 134c: e1c120bc strh r2, [r1, #12] ; 0xc 1350: e15f2ab0 ldrh r2, =0x40 ; via 0x12b8 1354: e1c120b8 strh r2, [r1, #8] 1358: e15f2ab6 ldrh r2, =0x2a ; via 0x12ba 135c: e1c120be strh r2, [r1, #14] ; 0xe 1360: e59f0020 ldr r0, =0x10ab4cc ; via 0x1388 1364: e3a01b01 mov r1, #1024 ; 0x400 1368: e2411004 sub r1, r1, #4 136c: e0802001 add r2, r0, r1 1370: e3c22003 bic r2, r2, #3 1374: e1a0d002 mov sp, r2 1378: e92d100f stmdb sp!, {r0, r1, r2, r3, r12} 137c: eb000043 bl 0x1490 ; _sta_select_application 1380: e8bd100f ldmia sp!, {r0, r1, r2, r3, r12} 1384: ea000373 b 0x2158 ; _INT_Initialize 2000: 00000001 ; .inttext exception vectors 2100: ea0000cb b 0x2434 2104: ea0000cd b 0x2440 2108: ea0000cf b 0x244c 210c: ea0000d1 b 0x2458 2110: ea0000d3 b 0x2464 2114: ea0000b7 b 0x23f8 2118: ea0000c0 b 0x2420 211c: 02a102a1 2120: 028302a1 2124: 02c00e85 2128: 002a0040 212c: fffffb00 2130: fffef006 2134: 00000008 2138: fffffd00 213c: ffff9800 2140: fffffb10 2144: ffffff08 2148: 20021081 214c: f7ff0800 2150: 00000000 2154: 002041a0 _INT_Initialize: 2158: e51f1024 ldr r1, =0xffff9800 ; via 0x213c 215c: e15f21ba ldrh r2, =0x2002 ; via 0x214a 2160: e1c120b0 strh r2, [r1] 2164: e5912000 ldr r2, [r1] 2168: e2022001 and r2, r2, #1 216c: e3520001 cmp r2, #1 2170: 0afffffb beq 0x2164 2174: e51f1044 ldr r1, =0xfffffd00 ; via 0x2138 2178: e15f23b8 ldrh r2, =0x1081 ; via 0x2148 217c: e1c120b0 strh r2, [r1] 2180: e51f1048 ldr r1, =0xfffffb10 ; via 0x2140 2184: e15f23be ldrh r2, =0xf7ff ; via 0x214e 2188: e1d100b0 ldrh r0, [r1] 218c: e0000002 and r0, r0, r2 2190: e1c100b0 strh r0, [r1] 2194: e51f1058 ldr r1, =0xffffff08 ; via 0x2144 2198: e15f25b0 ldrh r2, =0x0 ; via 0x2150 219c: e1c120b0 strh r2, [r1] ; MEMIF setup same as TI's original, no increased WS 21a0: e51f107c ldr r1, =0xfffffb00 ; via 0x212c 21a4: e15f29b0 ldrh r2, =0x2a1 ; via 0x211c 21a8: e1c120b0 strh r2, [r1] 21ac: e15f29b6 ldrh r2, =0x2a1 ; via 0x211e 21b0: e1c120b2 strh r2, [r1, #2] 21b4: e15f29bc ldrh r2, =0x2a1 ; via 0x2120 21b8: e1c120b4 strh r2, [r1, #4] 21bc: e15f2ab2 ldrh r2, =0x283 ; via 0x2122 21c0: e1c120b6 strh r2, [r1, #6] 21c4: e15f2ab8 ldrh r2, =0xe85 ; via 0x2124 21c8: e1c120ba strh r2, [r1, #10] ; 0xa 21cc: e15f2abe ldrh r2, =0x2c0 ; via 0x2126 21d0: e1c120bc strh r2, [r1, #12] ; 0xc 21d4: e15f2bb4 ldrh r2, =0x40 ; via 0x2128 21d8: e1c120b8 strh r2, [r1, #8] 21dc: e15f2bba ldrh r2, =0x2a ; via 0x212a 21e0: e1c120be strh r2, [r1, #14] ; 0xe 21e4: e51f10bc ldr r1, =0xfffef006 ; via 0x2130 21e8: e1d120b0 ldrh r2, [r1] 21ec: e51f00c0 ldr r0, =0x8 ; via 0x2134 21f0: e1800002 orr r0, r0, r2 21f4: e1c100b0 strh r0, [r1] 21f8: e10f0000 mrs r0, CPSR 21fc: e3c0001f bic r0, r0, #31 ; 0x1f 2200: e3800013 orr r0, r0, #19 ; 0x13 2204: e38000c0 orr r0, r0, #192 ; 0xc0 2208: e129f000 msr CPSR_fc, r0 ; inline bss clearing, not like in our TCS211 reference 220c: e59f031c ldr r0, =0x1000cf8 ; via 0x2530 2210: e3a02000 mov r2, #0 2214: e59f1318 ldr r1, =0x10ab4cc ; via 0x2534 2218: e4802004 str r2, [r0], #4 221c: e1500001 cmp r0, r1 2220: 1afffffc bne 0x2218 2224: e59f030c ldr r0, =0x800000 ; via 0x2538 2228: e3a02000 mov r2, #0 222c: e59f1308 ldr r1, =0x82027c ; via 0x253c 2230: e4802004 str r2, [r0], #4 2234: e1500001 cmp r0, r1 2238: 1afffffc bne 0x2230 ; INT_Loaded_Flag setting, familiar code continues 223c: e3a00001 mov r0, #1 2240: e59f12fc ldr r1, =0x10ab3e4 ; via 0x2544 2244: e5810000 str r0, [r1] 2248: e59f02f0 ldr r0, =0x10ab5b8 ; via 0x2540 224c: e3a01b01 mov r1, #1024 ; 0x400 2250: e2411004 sub r1, r1, #4 2254: e0802001 add r2, r0, r1 2258: e1a0a000 mov r10, r0 225c: e59f32e4 ldr r3, =0x804950 ; via 0x2548 2260: e583a000 str r10, [r3] 2264: e1a0d002 mov sp, r2 2268: e59f32dc ldr r3, =0x804a74 ; via 0x254c 226c: e583d000 str sp, [r3] 2270: e3a01080 mov r1, #128 ; 0x80 2274: e0822001 add r2, r2, r1 2278: e10f0000 mrs r0, CPSR 227c: e3c0001f bic r0, r0, #31 ; 0x1f 2280: e3800012 orr r0, r0, #18 ; 0x12 2284: e129f000 msr CPSR_fc, r0 2288: e1a0d002 mov sp, r2 228c: e3a01c02 mov r1, #512 ; 0x200 2290: e0822001 add r2, r2, r1 2294: e10f0000 mrs r0, CPSR 2298: e3c0001f bic r0, r0, #31 ; 0x1f 229c: e3800011 orr r0, r0, #17 ; 0x11 22a0: e129f000 msr CPSR_fc, r0 22a4: e1a0d002 mov sp, r2 22a8: e10f0000 mrs r0, CPSR 22ac: e3c0001f bic r0, r0, #31 ; 0x1f 22b0: e3800017 orr r0, r0, #23 ; 0x17 22b4: e129f000 msr CPSR_fc, r0 22b8: e59fd29c ldr sp, =0x10ab520 ; via 0x255c 22bc: e10f0000 mrs r0, CPSR 22c0: e3c0001f bic r0, r0, #31 ; 0x1f 22c4: e380001b orr r0, r0, #27 ; 0x1b 22c8: e129f000 msr CPSR_fc, r0 22cc: e59fd288 ldr sp, =0x10ab520 ; via 0x255c 22d0: e10f0000 mrs r0, CPSR 22d4: e3c0001f bic r0, r0, #31 ; 0x1f 22d8: e3800013 orr r0, r0, #19 ; 0x13 22dc: e129f000 msr CPSR_fc, r0 22e0: e59f3268 ldr r3, =0x8048b8 ; via 0x2550 22e4: e2822004 add r2, r2, #4 22e8: e5832000 str r2, [r3] 22ec: e3a01b01 mov r1, #1024 ; 0x400 22f0: e3c11003 bic r1, r1, #3 22f4: e0822001 add r2, r2, r1 22f8: e59f3254 ldr r3, =0x80493c ; via 0x2554 22fc: e5831000 str r1, [r3] 2300: e3a01002 mov r1, #2 2304: e59f324c ldr r3, =0x80494c ; via 0x2558 2308: e5831000 str r1, [r3] 230c: e1a04002 mov r4, r2 2310: eb080707 bl 0x203f34 ; _f_load_int_mem 2314: e1a02004 mov r2, r4 2318: e59f1228 ldr r1, =0x804950 ; via 0x2548 231c: e5910000 ldr r0, [r1] 2320: e3a030fe mov r3, #254 ; 0xfe 2324: e5c03000 strb r3, [r0] 2328: e5c03001 strb r3, [r0, #1] 232c: e5c03002 strb r3, [r0, #2] 2330: e5c03003 strb r3, [r0, #3] 2334: e4903004 ldr r3, [r0], #4 2338: e4803004 str r3, [r0], #4 233c: e1500002 cmp r0, r2 2340: bafffffc blt 0x2338 2344: e51f01f8 ldr r0, =0x2041a0 ; via 0x2154 2348: e3700001 cmn r0, #1 234c: 1b000084 blne 0x2564 2350: e1a00002 mov r0, r2 2354: ea0806ea b 0x203f04 ; _INC_Initialize $Init_Target: 1f30a4: b570 push {r4, r5, r6, lr} 1f30a6: b081 sub sp, #4 1f30a8: 4d62 ldr r5, =0xfffef008 ; via 0x1f3234 1f30aa: 2003 mov r0, #3 1f30ac: 0340 lsl r0, r0, #13 1f30ae: 8028 strh r0, [r5, #0] 1f30b0: f008 fc40 bl 0x1fb934 ; $TM_DisableWatchdog 1f30b4: 4860 ldr r0, =0xfffffd02 ; via 0x1f3238 1f30b6: 2105 mov r1, #5 1f30b8: 8802 ldrh r2, [r0, #0] 1f30ba: 4311 orr r1, r2 1f30bc: 8001 strh r1, [r0, #0] 1f30be: 495f ldr r1, =0xff3f ; via 0x1f323c 1f30c0: 8802 ldrh r2, [r0, #0] 1f30c2: 4011 and r1, r2 1f30c4: 8001 strh r1, [r0, #0] 1f30c6: 2180 mov r1, #128 ; 0x80 1f30c8: 8802 ldrh r2, [r0, #0] 1f30ca: 4311 orr r1, r2 1f30cc: 8001 strh r1, [r0, #0] 1f30ce: 495c ldr r1, =0xffdf ; via 0x1f3240 1f30d0: 8802 ldrh r2, [r0, #0] 1f30d2: 4011 and r1, r2 1f30d4: 8001 strh r1, [r0, #0] 1f30d6: 4e5b ldr r6, =0xfffff900 ; via 0x1f3244 1f30d8: 20ff mov r0, #255 ; 0xff 1f30da: 0200 lsl r0, r0, #8 1f30dc: 8030 strh r0, [r6, #0] 1f30de: 4c5a ldr r4, =0xffff9800 ; via 0x1f3248 1f30e0: 485a ldr r0, =0xfff3 ; via 0x1f324c 1f30e2: 8821 ldrh r1, [r4, #0] 1f30e4: 4008 and r0, r1 1f30e6: 8020 strh r0, [r4, #0] 1f30e8: 8820 ldrh r0, [r4, #0] 1f30ea: 8020 strh r0, [r4, #0] 1f30ec: 4858 ldr r0, =0xf01f ; via 0x1f3250 1f30ee: 8821 ldrh r1, [r4, #0] 1f30f0: 4008 and r0, r1 1f30f2: 8020 strh r0, [r4, #0] 1f30f4: 2001 mov r0, #1 1f30f6: 0280 lsl r0, r0, #10 1f30f8: 8821 ldrh r1, [r4, #0] 1f30fa: 4308 orr r0, r1 1f30fc: 8020 strh r0, [r4, #0] 1f30fe: 2000 mov r0, #0 1f3100: 2102 mov r1, #2 1f3102: 2200 mov r2, #0 1f3104: f009 f84e bl 0x1fc1a4 ; $CLKM_InitARMClock ; MEMIF setup, diff from reference version is nCS1 setting with WS=4 1f3108: 4952 ldr r1, =0xfffffb00 ; via 0x1f3254 1f310a: 20a3 mov r0, #163 ; 0xa3 1f310c: 8008 strh r0, [r1, #0] 1f310e: 22a4 mov r2, #164 ; 0xa4 1f3110: 804a strh r2, [r1, #2] 1f3112: 22a5 mov r2, #165 ; 0xa5 1f3114: 808a strh r2, [r1, #4] 1f3116: 80c8 strh r0, [r1, #6] 1f3118: 2080 mov r0, #128 ; 0x80 1f311a: 8148 strh r0, [r1, #10] ; 0xa 1f311c: 20c0 mov r0, #192 ; 0xc0 1f311e: 8188 strh r0, [r1, #12] ; 0xc 1f3120: 2040 mov r0, #64 ; 0x40 1f3122: 8108 strh r0, [r1, #8] 1f3124: 2020 mov r0, #32 ; 0x20 1f3126: 8070 strh r0, [r6, #2] 1f3128: 2000 mov r0, #0 1f312a: 80b0 strh r0, [r6, #4] 1f312c: 2010 mov r0, #16 ; 0x10 1f312e: 8821 ldrh r1, [r4, #0] 1f3130: 4308 orr r0, r1 1f3132: 8020 strh r0, [r4, #0] 1f3134: 4848 ldr r0, =0xfffffa08 ; via 0x1f3258 1f3136: 4949 ldr r1, =0xffff ; via 0x1f325c 1f3138: 8001 strh r1, [r0, #0] 1f313a: 8041 strh r1, [r0, #2] 1f313c: 2103 mov r1, #3 1f313e: 8181 strh r1, [r0, #12] ; 0xc 1f3140: f007 f980 bl 0x1fa444 ; $IQ_SetupInterrupts 1f3144: 4846 ldr r0, =0xfffffc00 ; via 0x1f3260 1f3146: 2124 mov r1, #36 ; 0x24 1f3148: 8001 strh r1, [r0, #0] 1f314a: 210d mov r1, #13 ; 0xd 1f314c: 8041 strh r1, [r0, #2] 1f314e: 2400 mov r4, #0 1f3150: 4844 ldr r0, =0xfffe2016 ; via 0x1f3264 1f3152: 8004 strh r4, [r0, #0] 1f3154: 4944 ldr r1, =0xfffe2014 ; via 0x1f3268 1f3156: 2002 mov r0, #2 1f3158: 8008 strh r0, [r1, #0] 1f315a: 4944 ldr r1, =0xfffe2002 ; via 0x1f326c 1f315c: 2084 mov r0, #132 ; 0x84 1f315e: 8008 strh r0, [r1, #0] 1f3160: 4843 ldr r0, =0xfffe2000 ; via 0x1f3270 1f3162: 4944 ldr r1, =0x3de0 ; via 0x1f3274 1f3164: 8001 strh r1, [r0, #0] 1f3166: 4a44 ldr r2, =0xfffe2022 ; via 0x1f3278 1f3168: 210c mov r1, #12 ; 0xc 1f316a: 8011 strh r1, [r2, #0] 1f316c: 4a43 ldr r2, =0xfffe2020 ; via 0x1f327c 1f316e: 4944 ldr r1, =0x45a ; via 0x1f3280 1f3170: 8011 strh r1, [r2, #0] 1f3172: 4a44 ldr r2, =0xfffe201e ; via 0x1f3284 1f3174: 21a5 mov r1, #165 ; 0xa5 1f3176: 0089 lsl r1, r1, #2 1f3178: 8011 strh r1, [r2, #0] 1f317a: 4a43 ldr r2, =0xfffe201c ; via 0x1f3288 1f317c: 211f mov r1, #31 ; 0x1f 1f317e: 8011 strh r1, [r2, #0] 1f3180: 4942 ldr r1, =0xfffe2024 ; via 0x1f328c 1f3182: 800c strh r4, [r1, #0] 1f3184: 4b42 ldr r3, =0xfffe2010 ; via 0x1f3290 1f3186: 2202 mov r2, #2 1f3188: 8819 ldrh r1, [r3, #0] 1f318a: 430a orr r2, r1 1f318c: 801a strh r2, [r3, #0] 1f318e: 4a40 ldr r2, =0xfffe2010 ; via 0x1f3290 1f3190: 2104 mov r1, #4 1f3192: 8813 ldrh r3, [r2, #0] 1f3194: 4319 orr r1, r3 1f3196: 8011 strh r1, [r2, #0] 1f3198: 2127 mov r1, #39 ; 0x27 1f319a: 80a9 strh r1, [r5, #4] 1f319c: 8a01 ldrh r1, [r0, #16] ; 0x10 1f319e: 0849 lsr r1, r1, #1 1f31a0: d30f bcc 0x1f31c2 1f31a2: 8a01 ldrh r1, [r0, #16] ; 0x10 1f31a4: 0409 lsl r1, r1, #16 1f31a6: 0c49 lsr r1, r1, #17 1f31a8: 0049 lsl r1, r1, #1 1f31aa: 8201 strh r1, [r0, #16] ; 0x10 1f31ac: 2101 mov r1, #1 1f31ae: e001 b 0x1f31b4 1f31b0: 9900 ldr r1, [sp, #0] 1f31b2: 3101 add r1, #1 1f31b4: 9100 str r1, [sp, #0] 1f31b6: 9900 ldr r1, [sp, #0] 1f31b8: 2932 cmp r1, #50 ; 0x32 1f31ba: d3f9 bcc 0x1f31b0 1f31bc: 8a41 ldrh r1, [r0, #18] ; 0x12 1f31be: 2900 cmp r1, #0 1f31c0: d0fc beq 0x1f31bc 1f31c2: f009 f8d4 bl 0x1fc36e ; $AI_ClockEnable 1f31c6: f009 f8d8 bl 0x1fc37a ; $AI_InitIOConfig ; Huawei's added LPG setup function 1f31ca: f009 fa5e bl 0x1fc68a 1f31ce: 2027 mov r0, #39 ; 0x27 1f31d0: 0500 lsl r0, r0, #20 1f31d2: 8004 strh r4, [r0, #0] 1f31d4: 2001 mov r0, #1 1f31d6: f008 fbbb bl 0x1fb950 ; $TM_EnableTimer 1f31da: 2002 mov r0, #2 1f31dc: f008 fbb8 bl 0x1fb950 ; $TM_EnableTimer 1f31e0: b001 add sp, #4 1f31e2: bd70 pop {r4, r5, r6, pc} $Init_Drivers: 1f31e4: b500 push {lr} 1f31e6: f7b4 f9a5 bl 0x1a7534 1f31ea: f7c9 fe00 bl 0x1bcdee 1f31ee: f74e ffd6 bl 0x14219e 1f31f2: f767 f9c7 bl 0x15a584 1f31f6: f7d7 fd26 bl 0x1cac46 1f31fa: f735 f841 bl 0x128280 1f31fe: bd00 pop {pc} $Init_Serial_Flows: 1f3200: b500 push {lr} 1f3202: 4824 ldr r0, =0x10aa938 ; via 0x1f3294 1f3204: f7b2 fa8a bl 0x1a571c 1f3208: 2000 mov r0, #0 1f320a: 2103 mov r1, #3 1f320c: 2200 mov r2, #0 1f320e: f7b2 fb26 bl 0x1a585e 1f3212: f7b2 fb80 bl 0x1a5916 1f3216: bd00 pop {pc} $Init_Unmask_IT: 1f3218: b500 push {lr} 1f321a: 2004 mov r0, #4 1f321c: f007 f973 bl 0x1fa506 1f3220: 2012 mov r0, #18 ; 0x12 1f3222: f007 f970 bl 0x1fa506 1f3226: 2007 mov r0, #7 1f3228: f007 f96d bl 0x1fa506 1f322c: 2008 mov r0, #8 1f322e: f007 f96a bl 0x1fa506 1f3232: bd00 pop {pc} $AI_EnableBit: 1fc2f0: 4a48 ldr r2, =0xfffef00a ; via 0x1fc414 1fc2f2: 2101 mov r1, #1 1fc2f4: 4081 lsl r1, r0 1fc2f6: 8810 ldrh r0, [r2, #0] 1fc2f8: 4301 orr r1, r0 1fc2fa: 8011 strh r1, [r2, #0] 1fc2fc: 4770 bx lr $AI_DisableBit: 1fc2fe: 4a45 ldr r2, =0xfffef00a ; via 0x1fc414 1fc300: 2101 mov r1, #1 1fc302: 4081 lsl r1, r0 1fc304: 8810 ldrh r0, [r2, #0] 1fc306: 4388 bic r0, r1 1fc308: 8010 strh r0, [r2, #0] 1fc30a: 4770 bx lr $AI_SetBit: 1fc30c: 4a42 ldr r2, =0xfffe4802 ; via 0x1fc418 1fc30e: 2101 mov r1, #1 1fc310: 4081 lsl r1, r0 1fc312: 8810 ldrh r0, [r2, #0] 1fc314: 4301 orr r1, r0 1fc316: 8011 strh r1, [r2, #0] 1fc318: 4770 bx lr $AI_ResetBit: 1fc31a: 4a3f ldr r2, =0xfffe4802 ; via 0x1fc418 1fc31c: 2101 mov r1, #1 1fc31e: 4081 lsl r1, r0 1fc320: 8810 ldrh r0, [r2, #0] 1fc322: 4388 bic r0, r1 1fc324: 8010 strh r0, [r2, #0] 1fc326: 4770 bx lr $AI_ConfigBitAsOutput: 1fc328: 4a3c ldr r2, =0xfffe4804 ; via 0x1fc41c 1fc32a: 2101 mov r1, #1 1fc32c: 4081 lsl r1, r0 1fc32e: 8810 ldrh r0, [r2, #0] 1fc330: 4388 bic r0, r1 1fc332: 8010 strh r0, [r2, #0] 1fc334: 4770 bx lr $AI_ConfigBitAsInput: 1fc336: 4a39 ldr r2, =0xfffe4804 ; via 0x1fc41c 1fc338: 2101 mov r1, #1 1fc33a: 4081 lsl r1, r0 1fc33c: 8810 ldrh r0, [r2, #0] 1fc33e: 4301 orr r1, r0 1fc340: 8011 strh r1, [r2, #0] 1fc342: 4770 bx lr $AI_ReadBit: 1fc344: 4936 ldr r1, =0xfffe4800 ; via 0x1fc420 1fc346: 8809 ldrh r1, [r1, #0] 1fc348: 4101 asr r1, r0 1fc34a: 07c8 lsl r0, r1, #31 1fc34c: 0fc0 lsr r0, r0, #31 1fc34e: 0600 lsl r0, r0, #24 1fc350: 0e00 lsr r0, r0, #24 1fc352: 4770 bx lr $AI_Power: 1fc354: b500 push {lr} 1fc356: 2800 cmp r0, #0 1fc358: d101 bne 0x1fc35e 1fc35a: f7ab fc1b bl 0x1a7b94 ; $ABB_Power_Off 1fc35e: bd00 pop {pc} $AI_ResetIoConfig: 1fc360: 492e ldr r1, =0xfffe4804 ; via 0x1fc41c 1fc362: 4830 ldr r0, =0xffff ; via 0x1fc424 1fc364: 8008 strh r0, [r1, #0] 1fc366: 482b ldr r0, =0xfffef00a ; via 0x1fc414 1fc368: 2100 mov r1, #0 1fc36a: 8001 strh r1, [r0, #0] 1fc36c: 4770 bx lr $AI_ClockEnable: 1fc36e: 492e ldr r1, =0xfffe4806 ; via 0x1fc428 1fc370: 2020 mov r0, #32 ; 0x20 1fc372: 880a ldrh r2, [r1, #0] 1fc374: 4310 orr r0, r2 1fc376: 8008 strh r0, [r1, #0] 1fc378: 4770 bx lr $AI_InitIOConfig: 1fc37a: b500 push {lr} 1fc37c: f7ff fff0 bl 0x1fc360 ; $AI_ResetIoConfig 1fc380: 2002 mov r0, #2 1fc382: f7ff ffb5 bl 0x1fc2f0 ; $AI_EnableBit 1fc386: 2004 mov r0, #4 1fc388: f7ff ffb2 bl 0x1fc2f0 ; $AI_EnableBit 1fc38c: 2005 mov r0, #5 1fc38e: f7ff ffaf bl 0x1fc2f0 ; $AI_EnableBit 1fc392: 2006 mov r0, #6 1fc394: f7ff ffac bl 0x1fc2f0 ; $AI_EnableBit 1fc398: 2007 mov r0, #7 1fc39a: f7ff ffa9 bl 0x1fc2f0 ; $AI_EnableBit 1fc39e: 2008 mov r0, #8 1fc3a0: f7ff ffa6 bl 0x1fc2f0 ; $AI_EnableBit 1fc3a4: 2009 mov r0, #9 1fc3a6: f7ff ffa3 bl 0x1fc2f0 ; $AI_EnableBit 1fc3aa: 491b ldr r1, =0xfffe4802 ; via 0x1fc418 1fc3ac: 481f ldr r0, =0x3f02 ; via 0x1fc42c 1fc3ae: 8008 strh r0, [r1, #0] 1fc3b0: 2000 mov r0, #0 1fc3b2: f7ff ffb9 bl 0x1fc328 ; $AI_ConfigBitAsOutput 1fc3b6: 2001 mov r0, #1 1fc3b8: f7ff ffb6 bl 0x1fc328 ; $AI_ConfigBitAsOutput 1fc3bc: 2002 mov r0, #2 1fc3be: f7ff ffb3 bl 0x1fc328 ; $AI_ConfigBitAsOutput 1fc3c2: 2005 mov r0, #5 1fc3c4: f7ff ffb0 bl 0x1fc328 ; $AI_ConfigBitAsOutput 1fc3c8: 2007 mov r0, #7 1fc3ca: f7ff ffad bl 0x1fc328 ; $AI_ConfigBitAsOutput 1fc3ce: 2009 mov r0, #9 1fc3d0: f7ff ffaa bl 0x1fc328 ; $AI_ConfigBitAsOutput 1fc3d4: 200e mov r0, #14 ; 0xe 1fc3d6: f7ff ffa7 bl 0x1fc328 ; $AI_ConfigBitAsOutput 1fc3da: 200f mov r0, #15 ; 0xf 1fc3dc: f7ff ffa4 bl 0x1fc328 ; $AI_ConfigBitAsOutput 1fc3e0: bd00 pop {pc} $AI_SelectIOForIT: 1fc3e2: 0109 lsl r1, r1, #4 1fc3e4: 1840 add r0, r0, r1 1fc3e6: 0040 lsl r0, r0, #1 1fc3e8: 3001 add r0, #1 1fc3ea: 4911 ldr r1, =0xfffe4814 ; via 0x1fc430 1fc3ec: 8008 strh r0, [r1, #0] 1fc3ee: 4770 bx lr $AI_CheckITSource: 1fc3f0: 2100 mov r1, #0 1fc3f2: 4a10 ldr r2, =0xfffe4816 ; via 0x1fc434 1fc3f4: 8812 ldrh r2, [r2, #0] 1fc3f6: 4210 tst r0, r2 1fc3f8: d000 beq 0x1fc3fc 1fc3fa: 2101 mov r1, #1 1fc3fc: 1c08 add r0, r1, #0 1fc3fe: 4770 bx lr $AI_UnmaskIT: 1fc400: 4a0d ldr r2, =0xfffe4818 ; via 0x1fc438 1fc402: 8811 ldrh r1, [r2, #0] 1fc404: 4381 bic r1, r0 1fc406: 8011 strh r1, [r2, #0] 1fc408: 4770 bx lr $AI_MaskIT: 1fc40a: 4a0b ldr r2, =0xfffe4818 ; via 0x1fc438 1fc40c: 8811 ldrh r1, [r2, #0] 1fc40e: 4301 orr r1, r0 1fc410: 8011 strh r1, [r2, #0] 1fc412: 4770 bx lr ; Huawei's added LPG setup function 1fc68a: b500 push {lr} 1fc68c: 490e ldr r1, =0xfffef008 ; via 0x1fc6c8 1fc68e: 2040 mov r0, #64 ; 0x40 1fc690: 880a ldrh r2, [r1, #0] 1fc692: 4310 orr r0, r2 1fc694: 8008 strh r0, [r1, #0] 1fc696: 490d ldr r1, =0xfffe7801 ; via 0x1fc6cc 1fc698: 2001 mov r0, #1 1fc69a: 7008 strb r0, [r1, #0] 1fc69c: 2000 mov r0, #0 1fc69e: f7ff ffcb bl 0x1fc638 1fc6a2: bd00 pop {pc} $INC_Initialize: 202fbc: b530 push {r4, r5, lr} 202fbe: 1c05 add r5, r0, #0 202fc0: 4c13 ldr r4, =0x10ab3cc ; via 0x203010 202fc2: 2001 mov r0, #1 202fc4: 6020 str r0, [r4, #0] 202fc6: f001 f8e3 bl 0x204190 202fca: f001 f8e5 bl 0x204198 202fce: f001 f8b3 bl 0x204138 202fd2: f000 fc21 bl 0x203818 202fd6: f7fc f8e9 bl 0x1ff1ac 202fda: f000 fe2b bl 0x203c34 202fde: f000 fdf9 bl 0x203bd4 202fe2: f000 fe17 bl 0x203c14 202fe6: f000 fde5 bl 0x203bb4 202fea: f000 fe43 bl 0x203c74 202fee: f000 fe01 bl 0x203bf4 202ff2: f000 fe4f bl 0x203c94 202ff6: f7fe fa33 bl 0x201460 202ffa: f000 fe2b bl 0x203c54 202ffe: 1c28 add r0, r5, #0 203000: f000 fea8 bl 0x203d54 ; $Application_Initialize 203004: 2002 mov r0, #2 203006: 6020 str r0, [r4, #0] 203008: f782 ff04 bl 0x185e14 20300c: bd30 pop {r4, r5, pc} 20300e: 46c0 nop (mov r8, r8) $Application_Initialize: 203d54: b500 push {lr} 203d56: f7ef f9a5 bl 0x1f30a4 ; $Init_Target 203d5a: f7ef fa43 bl 0x1f31e4 ; $Init_Drivers 203d5e: f077 fed5 bl 0x27bb0c ; $Cust_Init_Layer1 203d62: f7ef fa4d bl 0x1f3200 ; $Init_Serial_Flows 203d66: f766 fb73 bl 0x16a450 ; $StartFrame 203d6a: f7ef fa55 bl 0x1f3218 ; $Init_Unmask_IT 203d6e: bd00 pop {pc} _INC_Initialize: ; ARM->Thumb call veneer 203f04: e92d4000 stmdb sp!, {lr} 203f08: e28fe001 add lr, pc, #1 203f0c: e12fff1e bx lr 203f10: f7ff f854 bl 0x202fbc 203f14: 4778 bx pc 203f16: 46c0 nop (mov r8, r8) 203f18: e8bd8000 ldmia sp!, {pc}