# HG changeset patch # User Mychaela Falconia # Date 1544600928 0 # Node ID 42575bc59702a61e9c76e3b60e08f3ff2e36e585 # Parent 5c47d916255eb44b9dbe34dfa8c5a003356d2be9 benq-fw-disasm: dug a little into BenQ's M32 firmware diff -r 5c47d916255e -r 42575bc59702 benq-fw-disasm --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/benq-fw-disasm Wed Dec 12 07:48:48 2018 +0000 @@ -0,0 +1,991 @@ +; The present work is a disassembly analysis of the firmware image +; read out of a BenQ M32 module. I have only dug far enough to get +; to the Init_Target() function; my original goal was to see the MEMIF +; setup done therein, which has been successfully located (0x00A3 for +; nCS0, nCS1 and nCS2, totally vanilla), but we've also got a couple of +; surprise discoveries: +; +; 1) It appears that BenQ put their XRAM on Calypso nCS2 instead of +; the canonical placement on nCS1. +; +; 2) Even though the D751774AZHH Calypso chip found in this module +; is supposed to be a C035 variant, not C05, the PLL setup is done +; the way TI did it for D-Sample C05: the PLL multiplier is set to 6 +; rather than 8, so the DSP gets 78 MHz instead of 104 MHz and the +; ARM gets 39 MHz instead of 52 MHz. +; +; The code is very heavily modified relative to TI's original; in those +; places where some TI's original code shines through, it is closer +; to the old DSample-20020917 specimen than to Openmoko-era TCS211. + +; Flash boot mode 1 reset entry + 0: ea004015 b 0x1005c + 4: ea003ffd b 0x10000 + 8: ea003ffd b 0x10004 + c: ea003ffd b 0x10008 + 10: ea003ffd b 0x1000c + 14: ea003ffd b 0x10010 + 18: ea003ffd b 0x10014 + 1c: ea003ffd b 0x10018 + + 2000: 00000001 + +; mysterious routine called from the assembly boot path, +; implements some kind of interrupt-boot mechanism via the MODEM UART + 7890: e59f2438 ldr r2, =0xfffff804 ; via 0x7cd0 + 7894: e3a010f5 mov r1, #245 ; 0xf5 + 7898: e1c210b0 strh r1, [r2] + 789c: e3a010a0 mov r1, #160 ; 0xa0 + 78a0: e1c210b0 strh r1, [r2] + 78a4: e59f03fc ldr r0, =0xffff5800 ; via 0x7ca8 + 78a8: e59f13fc ldr r1, =0xbf ; via 0x7cac + 78ac: e5c01003 strb r1, [r0, #3] + 78b0: e59f13f4 ldr r1, =0xbf ; via 0x7cac + 78b4: e5c01003 strb r1, [r0, #3] + 78b8: e3a01018 mov r1, #24 ; 0x18 + 78bc: e5c01002 strb r1, [r0, #2] + 78c0: e3a01011 mov r1, #17 ; 0x11 + 78c4: e5c01004 strb r1, [r0, #4] + 78c8: e3a01013 mov r1, #19 ; 0x13 + 78cc: e5c01006 strb r1, [r0, #6] + 78d0: e59f13e4 ldr r1, =0x0 ; via 0x7cbc + 78d4: e5c01003 strb r1, [r0, #3] + 78d8: e3a01000 mov r1, #0 + 78dc: e5c01001 strb r1, [r0, #1] + 78e0: e59f13c4 ldr r1, =0xbf ; via 0x7cac + 78e4: e5c01003 strb r1, [r0, #3] + 78e8: e3a01007 mov r1, #7 + 78ec: e5c01000 strb r1, [r0] + 78f0: e3a01000 mov r1, #0 + 78f4: e5c01001 strb r1, [r0, #1] + 78f8: e59f13b0 ldr r1, =0x13 ; via 0x7cb0 + 78fc: e5c01003 strb r1, [r0, #3] + 7900: e3a01040 mov r1, #64 ; 0x40 + 7904: e5c01004 strb r1, [r0, #4] + 7908: e3a0100f mov r1, #15 ; 0xf + 790c: e5c01006 strb r1, [r0, #6] + 7910: e59f1394 ldr r1, =0xbf ; via 0x7cac + 7914: e5c01003 strb r1, [r0, #3] + 7918: e59f1390 ldr r1, =0x13 ; via 0x7cb0 + 791c: e5c01003 strb r1, [r0, #3] + 7920: e3a01000 mov r1, #0 + 7924: e5c01010 strb r1, [r0, #16] ; 0x10 + 7928: e59f1384 ldr r1, =0x6 ; via 0x7cb4 + 792c: e5c01002 strb r1, [r0, #2] + 7930: e3a0100f mov r1, #15 ; 0xf + 7934: e5c01004 strb r1, [r0, #4] + 7938: e3a010f1 mov r1, #241 ; 0xf1 + 793c: e5c01002 strb r1, [r0, #2] + 7940: e59f1370 ldr r1, =0x7 ; via 0x7cb8 + 7944: e5c01008 strb r1, [r0, #8] + 7948: e3a01ffa mov r1, #1000 ; 0x3e8 + 794c: e2411001 sub r1, r1, #1 + 7950: e3510000 cmp r1, #0 + 7954: 1afffffc bne 0x794c + 7958: e59f135c ldr r1, =0x0 ; via 0x7cbc + 795c: e5c01008 strb r1, [r0, #8] + 7960: e3a030ff mov r3, #255 ; 0xff + 7964: e59f2368 ldr r2, =0x1870bf0 ; via 0x7cd4 + 7968: e5c23000 strb r3, [r2] + 796c: e3a0200a mov r2, #10 ; 0xa + 7970: e3a08801 mov r8, #65536 ; 0x10000 + 7974: e2488001 sub r8, r8, #1 + 7978: e3580000 cmp r8, #0 + 797c: 0a00000b beq 0x79b0 + 7980: e5d01005 ldrb r1, [r0, #5] + 7984: e3110001 tst r1, #1 + 7988: 0afffff9 beq 0x7974 + 798c: e5d01000 ldrb r1, [r0] + 7990: e3510000 cmp r1, #0 + 7994: 1a000003 bne 0x79a8 + 7998: e2422001 sub r2, r2, #1 + 799c: e3520000 cmp r2, #0 + 79a0: 0a000042 beq 0x7ab0 + 79a4: eafffff2 b 0x7974 + 79a8: e3a0200a mov r2, #10 ; 0xa + 79ac: eafffff0 b 0x7974 + 79b0: e59f02f0 ldr r0, =0xffff5800 ; via 0x7ca8 + 79b4: e59f12f0 ldr r1, =0xbf ; via 0x7cac + 79b8: e5c01003 strb r1, [r0, #3] + 79bc: e59f12e8 ldr r1, =0xbf ; via 0x7cac + 79c0: e5c01003 strb r1, [r0, #3] + 79c4: e3a01018 mov r1, #24 ; 0x18 + 79c8: e5c01002 strb r1, [r0, #2] + 79cc: e3a01011 mov r1, #17 ; 0x11 + 79d0: e5c01004 strb r1, [r0, #4] + 79d4: e3a01013 mov r1, #19 ; 0x13 + 79d8: e5c01006 strb r1, [r0, #6] + 79dc: e59f12d8 ldr r1, =0x0 ; via 0x7cbc + 79e0: e5c01003 strb r1, [r0, #3] + 79e4: e3a01000 mov r1, #0 + 79e8: e5c01001 strb r1, [r0, #1] + 79ec: e59f12b8 ldr r1, =0xbf ; via 0x7cac + 79f0: e5c01003 strb r1, [r0, #3] + 79f4: e3a01002 mov r1, #2 + 79f8: e5c01000 strb r1, [r0] + 79fc: e3a01000 mov r1, #0 + 7a00: e5c01001 strb r1, [r0, #1] + 7a04: e59f12a4 ldr r1, =0x13 ; via 0x7cb0 + 7a08: e5c01003 strb r1, [r0, #3] + 7a0c: e3a01040 mov r1, #64 ; 0x40 + 7a10: e5c01004 strb r1, [r0, #4] + 7a14: e3a0100f mov r1, #15 ; 0xf + 7a18: e5c01006 strb r1, [r0, #6] + 7a1c: e59f1288 ldr r1, =0xbf ; via 0x7cac + 7a20: e5c01003 strb r1, [r0, #3] + 7a24: e59f1284 ldr r1, =0x13 ; via 0x7cb0 + 7a28: e5c01003 strb r1, [r0, #3] + 7a2c: e3a01000 mov r1, #0 + 7a30: e5c01010 strb r1, [r0, #16] ; 0x10 + 7a34: e59f1278 ldr r1, =0x6 ; via 0x7cb4 + 7a38: e5c01002 strb r1, [r0, #2] + 7a3c: e3a0100f mov r1, #15 ; 0xf + 7a40: e5c01004 strb r1, [r0, #4] + 7a44: e3a010f1 mov r1, #241 ; 0xf1 + 7a48: e5c01002 strb r1, [r0, #2] + 7a4c: e59f1264 ldr r1, =0x7 ; via 0x7cb8 + 7a50: e5c01008 strb r1, [r0, #8] + 7a54: e3a01ffa mov r1, #1000 ; 0x3e8 + 7a58: e2411001 sub r1, r1, #1 + 7a5c: e3510000 cmp r1, #0 + 7a60: 1afffffc bne 0x7a58 + 7a64: e59f1250 ldr r1, =0x0 ; via 0x7cbc + 7a68: e5c01008 strb r1, [r0, #8] + 7a6c: e3a0200a mov r2, #10 ; 0xa + 7a70: e3a08801 mov r8, #65536 ; 0x10000 + 7a74: e2488001 sub r8, r8, #1 + 7a78: e3580000 cmp r8, #0 + 7a7c: 0a0021d9 beq 0x101e8 + 7a80: e5d01005 ldrb r1, [r0, #5] + 7a84: e3110001 tst r1, #1 + 7a88: 0afffff9 beq 0x7a74 + 7a8c: e5d01000 ldrb r1, [r0] + 7a90: e3510000 cmp r1, #0 + 7a94: 1a000003 bne 0x7aa8 + 7a98: e2422001 sub r2, r2, #1 + 7a9c: e3520000 cmp r2, #0 + 7aa0: 0a000002 beq 0x7ab0 + 7aa4: eafffff2 b 0x7a74 + 7aa8: e3a0200a mov r2, #10 ; 0xa + 7aac: eafffff0 b 0x7a74 + 7ab0: e3a0200a mov r2, #10 ; 0xa + 7ab4: e3a08801 mov r8, #65536 ; 0x10000 + 7ab8: e2488001 sub r8, r8, #1 + 7abc: e3580000 cmp r8, #0 + 7ac0: 0a0021c8 beq 0x101e8 + 7ac4: e5d01005 ldrb r1, [r0, #5] + 7ac8: e3110001 tst r1, #1 + 7acc: 0afffff9 beq 0x7ab8 + 7ad0: e5d01000 ldrb r1, [r0] + 7ad4: e3510000 cmp r1, #0 + 7ad8: 1a000003 bne 0x7aec + 7adc: e2422001 sub r2, r2, #1 + 7ae0: e3520000 cmp r2, #0 + 7ae4: 0a000002 beq 0x7af4 + 7ae8: eafffff2 b 0x7ab8 + 7aec: e3a0200a mov r2, #10 ; 0xa + 7af0: eafffff0 b 0x7ab8 + 7af4: e3a010ee mov r1, #238 ; 0xee + 7af8: e5c01000 strb r1, [r0] + 7afc: e3a01066 mov r1, #102 ; 0x66 + 7b00: e5c01000 strb r1, [r0] + 7b04: e3a02012 mov r2, #18 ; 0x12 + 7b08: e3a08801 mov r8, #65536 ; 0x10000 + 7b0c: e2488001 sub r8, r8, #1 + 7b10: e3580000 cmp r8, #0 + 7b14: 0a0021b3 beq 0x101e8 + 7b18: e5d01005 ldrb r1, [r0, #5] + 7b1c: e3110001 tst r1, #1 + 7b20: 0afffff9 beq 0x7b0c + 7b24: e5d01000 ldrb r1, [r0] + 7b28: e3510000 cmp r1, #0 + 7b2c: 1a000003 bne 0x7b40 + 7b30: e2422001 sub r2, r2, #1 + 7b34: e3520000 cmp r2, #0 + 7b38: 0a0021aa beq 0x101e8 + 7b3c: eafffff2 b 0x7b0c + 7b40: e3510011 cmp r1, #17 ; 0x11 + 7b44: 1a0021a7 bne 0x101e8 + 7b48: e3a08801 mov r8, #65536 ; 0x10000 + 7b4c: e2488001 sub r8, r8, #1 + 7b50: e3580000 cmp r8, #0 + 7b54: 0a0021a3 beq 0x101e8 + 7b58: e5d01005 ldrb r1, [r0, #5] + 7b5c: e3110001 tst r1, #1 + 7b60: 0afffff9 beq 0x7b4c + 7b64: e5d01000 ldrb r1, [r0] + 7b68: e3510022 cmp r1, #34 ; 0x22 + 7b6c: 1a00219d bne 0x101e8 + 7b70: e3a08801 mov r8, #65536 ; 0x10000 + 7b74: e2488001 sub r8, r8, #1 + 7b78: e3580000 cmp r8, #0 + 7b7c: 0a002199 beq 0x101e8 + 7b80: e5d01005 ldrb r1, [r0, #5] + 7b84: e3110001 tst r1, #1 + 7b88: 0afffff9 beq 0x7b74 + 7b8c: e5d01000 ldrb r1, [r0] + 7b90: e3a020ee mov r2, #238 ; 0xee + 7b94: e5c02000 strb r2, [r0] + 7b98: e1a02001 mov r2, r1 + 7b9c: e5c02000 strb r2, [r0] + 7ba0: e3510000 cmp r1, #0 + 7ba4: 0a000004 beq 0x7bbc + 7ba8: e35100f0 cmp r1, #240 ; 0xf0 + 7bac: 0a000002 beq 0x7bbc + 7bb0: e59f211c ldr r2, =0x1870bf0 ; via 0x7cd4 + 7bb4: e5c21000 strb r1, [r2] + 7bb8: ea00218a b 0x101e8 + 7bbc: e59f2114 ldr r2, =0x140000 ; via 0x7cd8 + 7bc0: e5922000 ldr r2, [r2] + 7bc4: e5c02000 strb r2, [r0] + 7bc8: e1a02422 mov r2, r2, lsr #8 + 7bcc: e5c02000 strb r2, [r0] + 7bd0: e1a02422 mov r2, r2, lsr #8 + 7bd4: e5c02000 strb r2, [r0] + 7bd8: e1a02422 mov r2, r2, lsr #8 + 7bdc: e5c02000 strb r2, [r0] + 7be0: e3a08000 mov r8, #0 + 7be4: e35100f0 cmp r1, #240 ; 0xf0 + 7be8: 0a000001 beq 0x7bf4 + 7bec: e59f40e4 ldr r4, =0x140000 ; via 0x7cd8 + 7bf0: ea000002 b 0x7c00 + 7bf4: e59f10dc ldr r1, =0x140000 ; via 0x7cd8 + 7bf8: e5911000 ldr r1, [r1] + 7bfc: e59f40d8 ldr r4, =0x100 ; via 0x7cdc + 7c00: e7d42008 ldrb r2, [r4, r8] + 7c04: e5c02000 strb r2, [r0] + 7c08: e2888001 add r8, r8, #1 + 7c0c: e3580010 cmp r8, #16 ; 0x10 + 7c10: 1afffffa bne 0x7c00 + 7c14: e5d02005 ldrb r2, [r0, #5] + 7c18: e3120001 tst r2, #1 + 7c1c: 0afffffc beq 0x7c14 + 7c20: e5d02000 ldrb r2, [r0] + 7c24: e3520033 cmp r2, #51 ; 0x33 + 7c28: 1a00216e bne 0x101e8 + 7c2c: e5d02005 ldrb r2, [r0, #5] + 7c30: e3120001 tst r2, #1 + 7c34: 0afffffc beq 0x7c2c + 7c38: e5d02000 ldrb r2, [r0] + 7c3c: e3520044 cmp r2, #68 ; 0x44 + 7c40: 1a002168 bne 0x101e8 + 7c44: e59f2078 ldr r2, =0x3490 ; via 0x7cc4 + 7c48: e59f3078 ldr r3, =0x820100 ; via 0x7cc8 + 7c4c: e59f406c ldr r4, =0x7000 ; via 0x7cc0 + 7c50: e5d26000 ldrb r6, [r2] + 7c54: e5c36000 strb r6, [r3] + 7c58: e2822001 add r2, r2, #1 + 7c5c: e2833001 add r3, r3, #1 + 7c60: e2444001 sub r4, r4, #1 + 7c64: e3540000 cmp r4, #0 + 7c68: 1afffff8 bne 0x7c50 + 7c6c: e3a020ee mov r2, #238 ; 0xee + 7c70: e5c02000 strb r2, [r0] + 7c74: e3a02066 mov r2, #102 ; 0x66 + 7c78: e5c02000 strb r2, [r0] + 7c7c: e59f0048 ldr r0, =0x81fffc ; via 0x7ccc + 7c80: e1a0d000 mov sp, r0 + 7c84: e59f003c ldr r0, =0x820100 ; via 0x7cc8 + 7c88: e280e001 add lr, r0, #1 + 7c8c: e1a00001 mov r0, r1 + 7c90: e12fff1e bx lr + +; TI-style exception and interrupt vectors + 10000: ea0000ed b 0x103bc + 10004: ea0000f4 b 0x103dc + 10008: ea0000fb b 0x103fc + 1000c: ea0000fe b 0x1040c + 10010: ea000102 b 0x10420 + 10014: ea0000e2 b 0x103a4 + 10018: ea0000e6 b 0x103b8 + +; _c_int00 pool of constants, differs from both TCS211 and DSample-20020917 +; versions: + + 1001c: 02a302a3 + 10020: 029202a3 + 10024: 02c00201 + 10028: 002a0040 + 1002c: fffffb00 + 10030: fffffd00 + 10034: ffff9800 + 10038: fffffb10 + 1003c: ffffff08 + 10040: fffef006 + 10044: 20021081 + 10048: f7ff0800 + 1004c: 00080000 + 10050: fffe1800 + 10054: fffe1811 + 10058: 0001063c + +; Reset entry branches here + 1005c: e59fb550 ldr r11, =0x874118 ; via 0x105b4 + 10060: e92b1007 stmdb r11!, {r0, r1, r2, r12} + 10064: ea00011b b 0x104d8 + +; return from the 0x104d8 "routine" + 10068: e8bb1007 ldmia r11!, {r0, r1, r2, r12} +; code matches both TCS211 and DSample-20020917 + 1006c: e51f1040 ldr r1, =0xffff9800 ; via 0x10034 + 10070: e15f23b2 ldrh r2, =0x2002 ; via 0x10046 + 10074: e1c120b0 strh r2, [r1] + 10078: e5912000 ldr r2, [r1] + 1007c: e2022001 and r2, r2, #1 + 10080: e3520001 cmp r2, #1 + 10084: 0afffffb beq 0x10078 + 10088: e51f1060 ldr r1, =0xfffffd00 ; via 0x10030 + 1008c: e15f25b0 ldrh r2, =0x1081 ; via 0x10044 + 10090: e1c120b0 strh r2, [r1] + 10094: e51f1064 ldr r1, =0xfffffb10 ; via 0x10038 + 10098: e15f25b6 ldrh r2, =0xf7ff ; via 0x1004a + 1009c: e1d100b0 ldrh r0, [r1] + 100a0: e0000002 and r0, r0, r2 + 100a4: e1c100b0 strh r0, [r1] + 100a8: e51f1074 ldr r1, =0xffffff08 ; via 0x1003c + 100ac: e15f26b8 ldrh r2, =0x0 ; via 0x1004c + 100b0: e1c120b0 strh r2, [r1] + 100b4: e51f1090 ldr r1, =0xfffffb00 ; via 0x1002c + 100b8: e15f2ab4 ldrh r2, =0x2a3 ; via 0x1001c + 100bc: e1c120b0 strh r2, [r1] + 100c0: e15f2aba ldrh r2, =0x2a3 ; via 0x1001e + 100c4: e1c120b2 strh r2, [r1, #2] + 100c8: e15f2bb0 ldrh r2, =0x2a3 ; via 0x10020 + 100cc: e1c120b4 strh r2, [r1, #4] + 100d0: e15f2bb6 ldrh r2, =0x292 ; via 0x10022 + 100d4: e1c120b6 strh r2, [r1, #6] + 100d8: e15f2bbc ldrh r2, =0x201 ; via 0x10024 + 100dc: e1c120ba strh r2, [r1, #10] ; 0xa + 100e0: e15f2cb2 ldrh r2, =0x2c0 ; via 0x10026 + 100e4: e1c120bc strh r2, [r1, #12] ; 0xc + 100e8: e15f2cb8 ldrh r2, =0x40 ; via 0x10028 + 100ec: e1c120b8 strh r2, [r1, #8] + 100f0: e15f2cbe ldrh r2, =0x2a ; via 0x1002a + 100f4: e1c120be strh r2, [r1, #14] ; 0xe +; RTC muck original to BenQ + 100f8: e51f10ac ldr r1, =0xfffe1811 ; via 0x10054 + 100fc: e5d12000 ldrb r2, [r1] + 10100: e2022001 and r2, r2, #1 + 10104: e3520001 cmp r2, #1 + 10108: 0a000003 beq 0x1011c + 1010c: e51f10c4 ldr r1, =0xfffe1800 ; via 0x10050 + 10110: e5912000 ldr r2, [r1] + 10114: e59f14a8 ldr r1, =0x874cd8 ; via 0x105c4 + 10118: e5812000 str r2, [r1] +; back to original TI code + 1011c: e10f0000 mrs r0, CPSR + 10120: e3c0001f bic r0, r0, #31 ; 0x1f + 10124: e3800013 orr r0, r0, #19 ; 0x13 + 10128: e3800080 orr r0, r0, #128 ; 0x80 + 1012c: e129f000 msr CPSR_fc, r0 +; inline bss clearing, similar but not identical to DSample-20020917 version + 10130: e59f044c ldr r0, =0x1803784 ; via 0x10584 + 10134: e3a02000 mov r2, #0 + 10138: e59f1448 ldr r1, =0x1871ad8 ; via 0x10588 + 1013c: e4802004 str r2, [r0], #4 + 10140: e4802004 str r2, [r0], #4 + 10144: e4802004 str r2, [r0], #4 + 10148: e4802004 str r2, [r0], #4 + 1014c: e4802004 str r2, [r0], #4 + 10150: e4802004 str r2, [r0], #4 + 10154: e4802004 str r2, [r0], #4 + 10158: e4802004 str r2, [r0], #4 + 1015c: e4802004 str r2, [r0], #4 + 10160: e4802004 str r2, [r0], #4 + 10164: e4802004 str r2, [r0], #4 + 10168: e4802004 str r2, [r0], #4 + 1016c: e4802004 str r2, [r0], #4 + 10170: e4802004 str r2, [r0], #4 + 10174: e4802004 str r2, [r0], #4 + 10178: e4802004 str r2, [r0], #4 + 1017c: e1500001 cmp r0, r1 + 10180: 4affffed bmi 0x1013c + 10184: e59f0400 ldr r0, =0x8296fc ; via 0x1058c + 10188: e3a02000 mov r2, #0 + 1018c: e59f13fc ldr r1, =0x873d10 ; via 0x10590 + 10190: e4802004 str r2, [r0], #4 + 10194: e4802004 str r2, [r0], #4 + 10198: e4802004 str r2, [r0], #4 + 1019c: e4802004 str r2, [r0], #4 + 101a0: e4802004 str r2, [r0], #4 + 101a4: e4802004 str r2, [r0], #4 + 101a8: e4802004 str r2, [r0], #4 + 101ac: e4802004 str r2, [r0], #4 + 101b0: e4802004 str r2, [r0], #4 + 101b4: e4802004 str r2, [r0], #4 + 101b8: e4802004 str r2, [r0], #4 + 101bc: e4802004 str r2, [r0], #4 + 101c0: e4802004 str r2, [r0], #4 + 101c4: e4802004 str r2, [r0], #4 + 101c8: e4802004 str r2, [r0], #4 + 101cc: e4802004 str r2, [r0], #4 + 101d0: e1500001 cmp r0, r1 + 101d4: 4affffed bmi 0x10190 +; 8 MiB memory interface setup, slightly different code than TI's + 101d8: e51f11a0 ldr r1, =0xfffef006 ; via 0x10040 + 101dc: e3a02008 mov r2, #8 + 101e0: e1c120b0 strh r2, [r1] +; BenQ's serial interrupt-boot routine + 101e4: ebffdda9 bl 0x7890 +; return by branch from the above routine +; setting _INT_Loaded_Flag? + 101e8: e3a00001 mov r0, #1 + 101ec: e59f13a4 ldr r1, =0x1871a34 ; via 0x10598 + 101f0: e5810000 str r0, [r1] +; stack setup? - code matches DSample-20020917 version from here + 101f4: e59f0398 ldr r0, =0x8741d4 ; via 0x10594 + 101f8: e3a01b01 mov r1, #1024 ; 0x400 + 101fc: e2411004 sub r1, r1, #4 + 10200: e0802001 add r2, r0, r1 + 10204: e1a0a000 mov r10, r0 + 10208: e59f338c ldr r3, =0x82b8a0 ; via 0x1059c + 1020c: e583a000 str r10, [r3] + 10210: e1a0d002 mov sp, r2 + 10214: e59f3384 ldr r3, =0x82b9cc ; via 0x105a0 + 10218: e583d000 str sp, [r3] + 1021c: e3a01080 mov r1, #128 ; 0x80 + 10220: e0822001 add r2, r2, r1 + 10224: e10f0000 mrs r0, CPSR + 10228: e3c0001f bic r0, r0, #31 ; 0x1f + 1022c: e3800012 orr r0, r0, #18 ; 0x12 + 10230: e129f000 msr CPSR_fc, r0 + 10234: e1a0d002 mov sp, r2 + 10238: e3a01c02 mov r1, #512 ; 0x200 + 1023c: e0822001 add r2, r2, r1 + 10240: e10f0000 mrs r0, CPSR + 10244: e3c0001f bic r0, r0, #31 ; 0x1f + 10248: e3800011 orr r0, r0, #17 ; 0x11 + 1024c: e129f000 msr CPSR_fc, r0 + 10250: e1a0d002 mov sp, r2 + 10254: e10f0000 mrs r0, CPSR + 10258: e3c0001f bic r0, r0, #31 ; 0x1f + 1025c: e3800017 orr r0, r0, #23 ; 0x17 + 10260: e129f000 msr CPSR_fc, r0 + 10264: e59fd348 ldr sp, =0x874118 ; via 0x105b4 + 10268: e10f0000 mrs r0, CPSR + 1026c: e3c0001f bic r0, r0, #31 ; 0x1f + 10270: e380001b orr r0, r0, #27 ; 0x1b + 10274: e129f000 msr CPSR_fc, r0 + 10278: e59fd334 ldr sp, =0x874118 ; via 0x105b4 + 1027c: e10f0000 mrs r0, CPSR + 10280: e3c0001f bic r0, r0, #31 ; 0x1f + 10284: e3800013 orr r0, r0, #19 ; 0x13 + 10288: e129f000 msr CPSR_fc, r0 + 1028c: e59f3310 ldr r3, =0x82b804 ; via 0x105a4 + 10290: e2822004 add r2, r2, #4 + 10294: e5832000 str r2, [r3] + 10298: e3a01b01 mov r1, #1024 ; 0x400 + 1029c: e3c11003 bic r1, r1, #3 + 102a0: e0822001 add r2, r2, r1 + 102a4: e59f32fc ldr r3, =0x82b88c ; via 0x105a8 + 102a8: e5831000 str r1, [r3] + 102ac: e3a01002 mov r1, #2 + 102b0: e59f32f4 ldr r3, =0x82b89c ; via 0x105ac + 102b4: e5831000 str r1, [r3] + 102b8: e1a04002 mov r4, r2 + 102bc: eb08c4c2 bl 0x2415cc ; _f_load_int_mem ? + 102c0: e1a02004 mov r2, r4 + 102c4: e59f12d0 ldr r1, =0x82b8a0 ; via 0x1059c + 102c8: e5910000 ldr r0, [r1] + 102cc: e3a030fe mov r3, #254 ; 0xfe + 102d0: e5c03000 strb r3, [r0] + 102d4: e5c03001 strb r3, [r0, #1] + 102d8: e5c03002 strb r3, [r0, #2] + 102dc: e5c03003 strb r3, [r0, #3] + 102e0: e4903004 ldr r3, [r0], #4 + 102e4: e4803004 str r3, [r0], #4 + 102e8: e1500002 cmp r0, r2 + 102ec: bafffffc blt 0x102e4 + 102f0: e51f02a0 ldr r0, =0x1063c ; via 0x10058 + 102f4: e3700001 cmn r0, #1 + 102f8: 1b0000bd blne 0x105f4 ; _auto_init ? + 102fc: e59f02ac ldr r0, =0x1870bf4 ; via 0x105b0 + 10300: ea08c4ab b 0x2415b4 ; _INC_Initialize ? + + 10304: 46c04778 + 10308: eaffffff b 0x1030c + 1030c: e3a00001 mov r0, #1 + 10310: e12fff1e bx lr + 10314: 46c04778 + 10318: eaffffff b 0x1031c + 1031c: e3a00000 mov r0, #0 + 10320: e12fff1e bx lr + 10324: 46c04778 + 10328: e10f0000 mrs r0, CPSR + 1032c: e3c0001f bic r0, r0, #31 ; 0x1f + 10330: e3800012 orr r0, r0, #18 ; 0x12 + 10334: e129f000 msr CPSR_fc, r0 + 10338: e10f0000 mrs r0, CPSR + 1033c: e3c00080 bic r0, r0, #128 ; 0x80 + 10340: e129f000 msr CPSR_fc, r0 + 10344: e3c0001f bic r0, r0, #31 ; 0x1f + 10348: e3800013 orr r0, r0, #19 ; 0x13 + 1034c: e129f000 msr CPSR_fc, r0 + 10350: e28f0001 add r0, pc, #1 + 10354: e12fff10 bx r0 + 10358: 47784770 + 1035c: 46c046c0 strmib r4, [r0], r0, asr #13 + 10360: e10f0000 mrs r0, CPSR + 10364: e3c0001f bic r0, r0, #31 ; 0x1f + 10368: e3800012 orr r0, r0, #18 ; 0x12 + 1036c: e129f000 msr CPSR_fc, r0 + 10370: e10f0000 mrs r0, CPSR + 10374: e3800080 orr r0, r0, #128 ; 0x80 + 10378: e129f000 msr CPSR_fc, r0 + 1037c: e3c0001f bic r0, r0, #31 ; 0x1f + 10380: e3800013 orr r0, r0, #19 ; 0x13 + 10384: e129f000 msr CPSR_fc, r0 + 10388: e28f0001 add r0, pc, #1 + 1038c: e12fff10 bx r0 + 10390: 47784770 + 10394: 46c046c0 strmib r4, [r0], r0, asr #13 + 10398: eaffffff b 0x1039c + 1039c: e3a00000 mov r0, #0 + 103a0: e12fff1e bx lr + 103a4: e92d000f stmdb sp!, {r0, r1, r2, r3} + 103a8: e24e3004 sub r3, lr, #4 + 103ac: eb205c69 bl 0x827558 + 103b0: eb0877b5 bl 0x22e28c + 103b4: ea205cb0 b 0x82767c + 103b8: eb0877c1 bl 0x22e2c4 + 103bc: e59fd1f0 ldr sp, =0x874118 ; via 0x105b4 + 103c0: e92d1001 stmdb sp!, {r0, r12} + 103c4: e51f0394 ldr r0, =0xfffffb10 ; via 0x10038 + 103c8: e1d0c0b0 ldrh r12, [r0] + 103cc: e38ccb02 orr r12, r12, #2048 ; 0x800 + 103d0: e1c0c0b0 strh r12, [r0] + 103d4: e3a00001 mov r0, #1 + 103d8: ea00004d b 0x10514 + 103dc: e59fd1d0 ldr sp, =0x874118 ; via 0x105b4 + 103e0: e92d1001 stmdb sp!, {r0, r12} + 103e4: e51f03b4 ldr r0, =0xfffffb10 ; via 0x10038 + 103e8: e1d0c0b0 ldrh r12, [r0] + 103ec: e38ccb02 orr r12, r12, #2048 ; 0x800 + 103f0: e1c0c0b0 strh r12, [r0] + 103f4: e3a00002 mov r0, #2 + 103f8: ea000045 b 0x10514 + 103fc: e59fd1b0 ldr sp, =0x874118 ; via 0x105b4 + 10400: e92d1001 stmdb sp!, {r0, r12} + 10404: e3a00003 mov r0, #3 + 10408: ea000041 b 0x10514 + 1040c: e59fd1a0 ldr sp, =0x874118 ; via 0x105b4 + 10410: e92d1001 stmdb sp!, {r0, r12} + 10414: e24ee008 sub lr, lr, #8 + 10418: e3a00004 mov r0, #4 + 1041c: ea00003c b 0x10514 + 10420: e59fd18c ldr sp, =0x874118 ; via 0x105b4 + 10424: e92d1001 stmdb sp!, {r0, r12} + 10428: e51f03f8 ldr r0, =0xfffffb10 ; via 0x10038 + 1042c: e1d0c0b0 ldrh r12, [r0] + 10430: e38ccb02 orr r12, r12, #2048 ; 0x800 + 10434: e1c0c0b0 strh r12, [r0] + 10438: e3a00005 mov r0, #5 + 1043c: ea000034 b 0x10514 + +; BenQ's 0xDEAD reboot handling path, not studied further + 10440: e10f0000 mrs r0, CPSR + 10444: e3c0001f bic r0, r0, #31 ; 0x1f + 10448: e3800017 orr r0, r0, #23 ; 0x17 + 1044c: e3800080 orr r0, r0, #128 ; 0x80 + 10450: e129f000 msr CPSR_fc, r0 + 10454: e92d1001 stmdb sp!, {r0, r12} + 10458: e3a00006 mov r0, #6 + 1045c: ea00002c b 0x10514 + 10460: 4700a000 strmi r10, [r0, -r0] + 10464: eb000040 bl 0x1056c + 10468: e1a0100e mov r1, lr + 1046c: e10f0000 mrs r0, CPSR + 10470: e3c0001f bic r0, r0, #31 ; 0x1f + 10474: e3800017 orr r0, r0, #23 ; 0x17 + 10478: e3800080 orr r0, r0, #128 ; 0x80 + 1047c: e129f000 msr CPSR_fc, r0 + 10480: e3a00080 mov r0, #128 ; 0x80 + 10484: eb205a61 bl 0x826e10 + 10488: e1a0e001 mov lr, r1 + 1048c: e59fd120 ldr sp, =0x874118 ; via 0x105b4 + 10490: e59f1130 ldr r1, =0x82ba50 ; via 0x105c8 + 10494: e5910000 ldr r0, [r1] + 10498: e590102c ldr r1, [r0, #44] ; 0x2c + 1049c: e59f2114 ldr r2, =0x18522c4 ; via 0x105b8 + 104a0: e5910004 ldr r0, [r1, #4] + 104a4: e5820040 str r0, [r2, #64] ; 0x40 + 104a8: e3a00009 mov r0, #9 + 104ac: e38004de orr r0, r0, #3724541952 ; 0xde000000 + 104b0: e38008ad orr r0, r0, #11337728 ; 0xad0000 + 104b4: e5820044 str r0, [r2, #68] ; 0x44 + 104b8: e3a03010 mov r3, #16 ; 0x10 + 104bc: e2811008 add r1, r1, #8 + 104c0: e8b10001 ldmia r1!, {r0} + 104c4: e8a20001 stmia r2!, {r0} + 104c8: e2433001 sub r3, r3, #1 + 104cc: e3530000 cmp r3, #0 + 104d0: 1afffffa bne 0x104c0 + 104d4: e12fff1e bx lr + +; This code executes almost immediately out of reset, before TI's +; _INT_Initialize assembly init code, and it implements some kind of +; reboot check: if the upper 16 bits of the 32-bit word at IRAM address +; 0x874ce0 (Calypso IRAM content should be garbage on a cold-powerup) +; equal 0xDEAD, the code branches to 0x10440 (must be some kind of +; error reboot handling path), otherwise (normal cold power-up path) +; the code branches to 0x10068, where we see TI's _INT_Initialize code. + + 104d8: e59fc0dc ldr r12, =0x874ce0 ; via 0x105bc + 104dc: e59c0000 ldr r0, [r12] + 104e0: e2802000 add r2, r0, #0 + 104e4: e3a01000 mov r1, #0 + 104e8: e38114ff orr r1, r1, #4278190080 ; 0xff000000 + 104ec: e38118ff orr r1, r1, #16711680 ; 0xff0000 + 104f0: e0022001 and r2, r2, r1 + 104f4: e3a01000 mov r1, #0 + 104f8: e38114de orr r1, r1, #3724541952 ; 0xde000000 + 104fc: e38118ad orr r1, r1, #11337728 ; 0xad0000 + 10500: e1520001 cmp r2, r1 + 10504: 1afffed7 bne 0x10068 + 10508: e8bb1007 ldmia r11!, {r0, r1, r2, r12} + 1050c: eaffffcb b 0x10440 + +$Init_Target: +; code mostly matches DSample-20020917 version, diffs noted + 2303dc: b570 push {r4, r5, r6, lr} + 2303de: b081 sub sp, #4 + 2303e0: 4d61 ldr r5, =0xfffef006 ; via 0x230568 + 2303e2: 2003 mov r0, #3 + 2303e4: 0340 lsl r0, r0, #13 + 2303e6: 8068 strh r0, [r5, #2] + 2303e8: f006 fe71 bl 0x2370ce + 2303ec: 2008 mov r0, #8 + 2303ee: 8829 ldrh r1, [r5, #0] + 2303f0: 4308 orr r0, r1 + 2303f2: 8028 strh r0, [r5, #0] + 2303f4: 485d ldr r0, =0xfffffd02 ; via 0x23056c + 2303f6: 2105 mov r1, #5 + 2303f8: 8001 strh r1, [r0, #0] + 2303fa: 495d ldr r1, =0xff3f ; via 0x230570 + 2303fc: 8802 ldrh r2, [r0, #0] + 2303fe: 4011 and r1, r2 + 230400: 8001 strh r1, [r0, #0] + 230402: 495c ldr r1, =0xffdf ; via 0x230574 + 230404: 8802 ldrh r2, [r0, #0] + 230406: 4011 and r1, r2 + 230408: 8001 strh r1, [r0, #0] +; RHEA_CNTL_REG setup: this version writes 0x7F01, +; DSample-20020917 writes 0x7F00, TCS211 writes 0xFF00 + 23040a: 4e5b ldr r6, =0xfffff900 ; via 0x230578 + 23040c: 485b ldr r0, =0x7f01 ; via 0x23057c + 23040e: 8030 strh r0, [r6, #0] +; The PLL setup is the same as in the D-Sample C05 version: +; the PLL multiplier is set to 6, the DSP runs at 78 MHz +; and the ARM runs at 39 MHz. + 230410: 4c5b ldr r4, =0xffff9800 ; via 0x230580 + 230412: 485c ldr r0, =0xfff3 ; via 0x230584 + 230414: 8821 ldrh r1, [r4, #0] + 230416: 4008 and r0, r1 + 230418: 8020 strh r0, [r4, #0] + 23041a: 8820 ldrh r0, [r4, #0] + 23041c: 8020 strh r0, [r4, #0] + 23041e: 485a ldr r0, =0xf01f ; via 0x230588 + 230420: 8821 ldrh r1, [r4, #0] + 230422: 4008 and r0, r1 + 230424: 8020 strh r0, [r4, #0] + 230426: 2003 mov r0, #3 + 230428: 0200 lsl r0, r0, #8 + 23042a: 8821 ldrh r1, [r4, #0] + 23042c: 4308 orr r0, r1 + 23042e: 8020 strh r0, [r4, #0] +; ARM clock setup: divide by 2 like in TCS211 + 230430: 2000 mov r0, #0 + 230432: 2102 mov r1, #2 + 230434: 2200 mov r2, #0 + 230436: f008 fc4f bl 0x238cd8 +; Memory timings (MEMIF setup) + 23043a: 4954 ldr r1, =0xfffffb00 ; via 0x23058c + 23043c: 20a3 mov r0, #163 ; 0xa3 + 23043e: 8008 strh r0, [r1, #0] + 230440: 8048 strh r0, [r1, #2] + 230442: 8088 strh r0, [r1, #4] + 230444: 2092 mov r0, #146 ; 0x92 + 230446: 80c8 strh r0, [r1, #6] + 230448: 2085 mov r0, #133 ; 0x85 + 23044a: 8148 strh r0, [r1, #10] ; 0xa + 23044c: 200b mov r0, #11 ; 0xb + 23044e: 0180 lsl r0, r0, #6 + 230450: 8188 strh r0, [r1, #12] ; 0xc + 230452: 2040 mov r0, #64 ; 0x40 + 230454: 8108 strh r0, [r1, #8] + 230456: 2020 mov r0, #32 ; 0x20 + 230458: 8070 strh r0, [r6, #2] + 23045a: 2000 mov r0, #0 + 23045c: 80b0 strh r0, [r6, #4] + 23045e: 2010 mov r0, #16 ; 0x10 + 230460: 8821 ldrh r1, [r4, #0] + 230462: 4308 orr r0, r1 + 230464: 8020 strh r0, [r4, #0] + 230466: 484a ldr r0, =0xfffffa08 ; via 0x230590 + 230468: 494a ldr r1, =0xffff ; via 0x230594 + 23046a: 8001 strh r1, [r0, #0] + 23046c: 261f mov r6, #31 ; 0x1f + 23046e: 8046 strh r6, [r0, #2] + 230470: 2103 mov r1, #3 + 230472: 8181 strh r1, [r0, #12] ; 0xc + 230474: f005 fa9e bl 0x2359b4 + 230478: 4847 ldr r0, =0xfffffc00 ; via 0x230598 + 23047a: 2124 mov r1, #36 ; 0x24 + 23047c: 8001 strh r1, [r0, #0] + 23047e: 210d mov r1, #13 ; 0xd + 230480: 8041 strh r1, [r0, #2] + 230482: 2400 mov r4, #0 + 230484: 4845 ldr r0, =0xfffe2016 ; via 0x23059c + 230486: 8004 strh r4, [r0, #0] + 230488: 4945 ldr r1, =0xfffe2014 ; via 0x2305a0 + 23048a: 2002 mov r0, #2 + 23048c: 8008 strh r0, [r1, #0] + 23048e: 4945 ldr r1, =0xfffe2002 ; via 0x2305a4 + 230490: 2084 mov r0, #132 ; 0x84 + 230492: 8008 strh r0, [r1, #0] + 230494: 4944 ldr r1, =0xfffe2000 ; via 0x2305a8 + 230496: 4845 ldr r0, =0x3de0 ; via 0x2305ac + 230498: 8008 strh r0, [r1, #0] + 23049a: 4a45 ldr r2, =0xfffe2022 ; via 0x2305b0 + 23049c: 2009 mov r0, #9 + 23049e: 8010 strh r0, [r2, #0] + 2304a0: 4a44 ldr r2, =0xfffe2020 ; via 0x2305b4 + 2304a2: 4845 ldr r0, =0x45a ; via 0x2305b8 + 2304a4: 8010 strh r0, [r2, #0] + 2304a6: 4a45 ldr r2, =0xfffe201e ; via 0x2305bc + 2304a8: 20b4 mov r0, #180 ; 0xb4 + 2304aa: 8010 strh r0, [r2, #0] + 2304ac: 4844 ldr r0, =0xfffe201c ; via 0x2305c0 + 2304ae: 8006 strh r6, [r0, #0] + 2304b0: 4844 ldr r0, =0xfffe2024 ; via 0x2305c4 + 2304b2: 8004 strh r4, [r0, #0] + 2304b4: 4b44 ldr r3, =0xfffe2010 ; via 0x2305c8 + 2304b6: 2002 mov r0, #2 + 2304b8: 881a ldrh r2, [r3, #0] + 2304ba: 4310 orr r0, r2 + 2304bc: 8018 strh r0, [r3, #0] + 2304be: 4a42 ldr r2, =0xfffe2010 ; via 0x2305c8 + 2304c0: 2004 mov r0, #4 + 2304c2: 8813 ldrh r3, [r2, #0] + 2304c4: 4318 orr r0, r3 + 2304c6: 8010 strh r0, [r2, #0] + 2304c8: 2027 mov r0, #39 ; 0x27 + 2304ca: 80e8 strh r0, [r5, #6] + 2304cc: 8a08 ldrh r0, [r1, #16] ; 0x10 + 2304ce: 0840 lsr r0, r0, #1 + 2304d0: d310 bcc 0x2304f4 + 2304d2: 8a08 ldrh r0, [r1, #16] ; 0x10 + 2304d4: 0400 lsl r0, r0, #16 + 2304d6: 0c40 lsr r0, r0, #17 + 2304d8: 0040 lsl r0, r0, #1 + 2304da: 8208 strh r0, [r1, #16] ; 0x10 + 2304dc: 2001 mov r0, #1 + 2304de: 9000 str r0, [sp, #0] + 2304e0: e002 b 0x2304e8 + 2304e2: 9800 ldr r0, [sp, #0] + 2304e4: 3001 add r0, #1 + 2304e6: 9000 str r0, [sp, #0] + 2304e8: 9800 ldr r0, [sp, #0] + 2304ea: 2832 cmp r0, #50 ; 0x32 + 2304ec: d3f9 bcc 0x2304e2 + 2304ee: 8a48 ldrh r0, [r1, #18] ; 0x12 + 2304f0: 2800 cmp r0, #0 + 2304f2: d0fc beq 0x2304ee + 2304f4: f00a fd61 bl 0x23afba + 2304f8: f00a fd65 bl 0x23afc6 + 2304fc: 2005 mov r0, #5 + 2304fe: 05c0 lsl r0, r0, #23 + 230500: 7004 strb r4, [r0, #0] + 230502: 2001 mov r0, #1 + 230504: f006 fdf1 bl 0x2370ea + 230508: 2002 mov r0, #2 + 23050a: f006 fdee bl 0x2370ea + 23050e: b001 add sp, #4 + 230510: bd70 pop {r4, r5, r6, pc} + +$Init_Drivers: + 230512: b500 push {lr} + 230514: f7ce febd bl 0x1ff292 + 230518: f795 fd44 bl 0x1c5fa4 + 23051c: f7e0 f928 bl 0x210770 + 230520: f735 fb88 bl 0x165c34 + 230524: bd00 pop {pc} + +$Init_Serial_Flows: + 230526: b500 push {lr} + 230528: 4828 ldr r0, =0x1870ba8 ; via 0x2305cc + 23052a: f75a f817 bl 0x18a55c + 23052e: 2000 mov r0, #0 + 230530: 2102 mov r1, #2 + 230532: 2200 mov r2, #0 + 230534: f75a fd1a bl 0x18af6c + 230538: f75a fd77 bl 0x18b02a + 23053c: bd00 pop {pc} + +$Init_Unmask_IT: + 23053e: b500 push {lr} + 230540: 2004 mov r0, #4 + 230542: f005 fa98 bl 0x235a76 + 230546: 2012 mov r0, #18 ; 0x12 + 230548: f005 fa95 bl 0x235a76 + 23054c: 2007 mov r0, #7 + 23054e: f005 fa92 bl 0x235a76 + 230552: 2011 mov r0, #17 ; 0x11 + 230554: f005 fa8f bl 0x235a76 + 230558: bd00 pop {pc} + +; same 6 empty functions as in the DSample-20020917 version + 23055a: 4770 bx lr + 23055c: 4770 bx lr + 23055e: 4770 bx lr + 230560: 4770 bx lr + 230562: 4770 bx lr + 230564: 4770 bx lr + +$Application_Initialize: + 23a19e: b5f0 push {r4, r5, r6, r7, lr} + 23a1a0: b084 sub sp, #16 ; 0x10 + 23a1a2: 4c3f ldr r4, =0x800000 ; via 0x23a2a0 + 23a1a4: 483f ldr r0, =0x8296f8 ; via 0x23a2a4 + 23a1a6: 1b00 sub r0, r0, r4 + 23a1a8: 1c46 add r6, r0, #1 + 23a1aa: 2500 mov r5, #0 + 23a1ac: 2001 mov r0, #1 + 23a1ae: 0440 lsl r0, r0, #17 + 23a1b0: 4286 cmp r6, r0 + 23a1b2: d920 bls 0x23a1f6 + 23a1b4: 2701 mov r7, #1 + 23a1b6: 9400 str r4, [sp, #0] + 23a1b8: 2001 mov r0, #1 + 23a1ba: 0440 lsl r0, r0, #17 + 23a1bc: 9001 str r0, [sp, #4] + 23a1be: 1c28 add r0, r5, #0 + 23a1c0: 2103 mov r1, #3 + 23a1c2: 2200 mov r2, #0 + 23a1c4: 2301 mov r3, #1 + 23a1c6: f004 faab bl 0x23e720 + 23a1ca: 1c68 add r0, r5, #1 + 23a1cc: 0600 lsl r0, r0, #24 + 23a1ce: 0e05 lsr r5, r0, #24 + 23a1d0: 2d02 cmp r5, #2 + 23a1d2: d100 bne 0x23a1d6 + 23a1d4: 2700 mov r7, #0 + 23a1d6: 2001 mov r0, #1 + 23a1d8: 0440 lsl r0, r0, #17 + 23a1da: 1904 add r4, r0, r4 + 23a1dc: 2001 mov r0, #1 + 23a1de: 0440 lsl r0, r0, #17 + 23a1e0: 1a36 sub r6, r6, r0 + 23a1e2: 2001 mov r0, #1 + 23a1e4: 0440 lsl r0, r0, #17 + 23a1e6: 4286 cmp r6, r0 + 23a1e8: d901 bls 0x23a1ee + 23a1ea: 2f01 cmp r7, #1 + 23a1ec: d0e3 beq 0x23a1b6 + 23a1ee: 2e00 cmp r6, #0 + 23a1f0: d009 beq 0x23a206 + 23a1f2: 2f01 cmp r7, #1 + 23a1f4: d107 bne 0x23a206 + 23a1f6: 9400 str r4, [sp, #0] + 23a1f8: 9601 str r6, [sp, #4] + 23a1fa: 1c28 add r0, r5, #0 + 23a1fc: 2103 mov r1, #3 + 23a1fe: 2200 mov r2, #0 + 23a200: 2301 mov r3, #1 + 23a202: f004 fa8d bl 0x23e720 + 23a206: f7f6 f8e9 bl 0x2303dc ; $Init_Target + 23a20a: 4827 ldr r0, =0x1870bf0 ; via 0x23a2a8 + 23a20c: 7800 ldrb r0, [r0, #0] + 23a20e: 2820 cmp r0, #32 ; 0x20 + 23a210: d122 bne 0x23a258 + 23a212: 2001 mov r0, #1 + 23a214: 2100 mov r1, #0 + 23a216: 2200 mov r2, #0 + 23a218: f7bc fdca bl 0x1f6db0 + 23a21c: f6d2 fb45 bl 0x10c8aa + 23a220: f6d2 fb4a bl 0x10c8b8 + 23a224: 2800 cmp r0, #0 + 23a226: d106 bne 0x23a236 + 23a228: 4669 mov r1, sp + 23a22a: 20ee mov r0, #238 ; 0xee + 23a22c: 7308 strb r0, [r1, #12] ; 0xc + 23a22e: 4668 mov r0, sp + 23a230: 21aa mov r1, #170 ; 0xaa + 23a232: 7341 strb r1, [r0, #13] ; 0xd + 23a234: e004 b 0x23a240 + 23a236: 4668 mov r0, sp + 23a238: 21ee mov r1, #238 ; 0xee + 23a23a: 7301 strb r1, [r0, #12] ; 0xc + 23a23c: 21ff mov r1, #255 ; 0xff + 23a23e: 7341 strb r1, [r0, #13] ; 0xd + 23a240: 2001 mov r0, #1 + 23a242: a903 add r1, sp, #12 ; 0xc + 23a244: 2202 mov r2, #2 + 23a246: f7bc ff28 bl 0x1f709a + 23a24a: 2802 cmp r0, #2 + 23a24c: d1f8 bne 0x23a240 + 23a24e: 2001 mov r0, #1 + 23a250: 213c mov r1, #60 ; 0x3c + 23a252: 2201 mov r2, #1 + 23a254: f771 fbb8 bl 0x1ab9c8 + 23a258: f7f6 f95b bl 0x230512 ; $Init_Drivers + 23a25c: f008 f99c bl 0x242598 + 23a260: f7f6 f961 bl 0x230526 ; $Init_Serial_Flows + 23a264: f796 f878 bl 0x1d0358 + 23a268: f004 ffc5 bl 0x23f1f6 + 23a26c: 2000 mov r0, #0 + 23a26e: f002 fcdf bl 0x23cc30 + 23a272: 480e ldr r0, =0xffff ; via 0x23a2ac + 23a274: 2100 mov r1, #0 + 23a276: 2200 mov r2, #0 + 23a278: 2301 mov r3, #1 + 23a27a: f002 fc94 bl 0x23cba6 + 23a27e: 2001 mov r0, #1 + 23a280: f002 fcd6 bl 0x23cc30 + 23a284: f7f6 f95b bl 0x23053e ; $Init_Unmask_IT + 23a288: 2002 mov r0, #2 + 23a28a: 2103 mov r1, #3 + 23a28c: f008 f884 bl 0x242398 + 23a290: 4807 ldr r0, =0x187036c ; via 0x23a2b0 + 23a292: 6800 ldr r0, [r0, #0] + 23a294: 4907 ldr r1, =0x187037c ; via 0x23a2b4 + 23a296: 6809 ldr r1, [r1, #0] + 23a298: f008 f876 bl 0x242388 + 23a29c: b004 add sp, #16 ; 0x10 + 23a29e: bdf0 pop {r4, r5, r6, r7, pc} + +$INC_Initialize: + 2405c8: b530 push {r4, r5, lr} + 2405ca: 1c05 add r5, r0, #0 + 2405cc: 4c13 ldr r4, =0x1871a1c ; via 0x24061c + 2405ce: 2001 mov r0, #1 + 2405d0: 6020 str r0, [r4, #0] + 2405d2: f001 f929 bl 0x241828 + 2405d6: f001 f92b bl 0x241830 + 2405da: f001 f8e7 bl 0x2417ac + 2405de: f000 fcf1 bl 0x240fc4 + 2405e2: f7fc f8f9 bl 0x23c7d8 + 2405e6: f000 fed1 bl 0x24138c + 2405ea: f000 fe9f bl 0x24132c + 2405ee: f000 febd bl 0x24136c + 2405f2: f000 fe8b bl 0x24130c + 2405f6: f000 fee9 bl 0x2413cc + 2405fa: f000 fea7 bl 0x24134c + 2405fe: f000 fef5 bl 0x2413ec + 240602: f7fe f947 bl 0x23e894 + 240606: f000 fed1 bl 0x2413ac + 24060a: 1c28 add r0, r5, #0 + 24060c: f7f9 fdc7 bl 0x23a19e ; app init + 240610: 2002 mov r0, #2 + 240612: 6020 str r0, [r4, #0] + 240614: f001 fe70 bl 0x2422f8 ; $TCT_Schedule veneer + 240618: bd30 pop {r4, r5, pc} + +; _INC_Initialize call veneer + 2415b4: e92d4000 stmdb sp!, {lr} + 2415b8: e28fe001 add lr, pc, #1 + 2415bc: e12fff1e bx lr + 2415c0: f7ff f802 bl 0x2405c8 + 2415c4: 4778 bx pc + 2415c6: 46c0 nop (mov r8, r8) + 2415c8: e8bd8000 ldmia sp!, {pc}