FreeCalypso > hg > freecalypso-reveng
changeset 400:5377f91aea97
compal/boot/c123-boot.disasm: annotate with symbols
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Sat, 14 Jan 2023 09:47:46 +0000 |
parents | 81cda18b0487 |
children | 4b6b595ae0a0 |
files | compal/boot/c123-boot.disasm |
diffstat | 1 files changed, 152 insertions(+), 103 deletions(-) [+] |
line wrap: on
line diff
--- a/compal/boot/c123-boot.disasm Sat Jan 14 06:17:56 2023 +0000 +++ b/compal/boot/c123-boot.disasm Sat Jan 14 09:47:46 2023 +0000 @@ -1,3 +1,12 @@ +; The bootloader version analyzed here is almost exactly the same as the one +; contained in the special R87.2.1.03.{m0,map} firmware version; the only diffs +; are the 4 magic words at 0x20 (not present in the symbolic reference version) +; and the different stack address in the 0x964 word. +; +; The present disassembly analysis has been annotated with symbolic information +; from R87.2.1.03.map, making it our best available analysis of Compal's flash +; bootloader. + RESET entry and exception vectors: 0: ea000225 b 0x89c 4: ea000825 b 0x20a0 @@ -15,11 +24,20 @@ <30-7FF: all FFs> +; .boot_id output section, comes from ver_boot.obj .const section, +; 0x18 bytes, has these data symbols: + +_ver_boot = 0x800 +_loader_ver = 0x810 +_SWVCM = 0x814 + 00000800: 42 4F 4F 54 2E 39 30 2E 30 34 00 00 00 00 00 00 BOOT.90.04...... 00000810: 31 30 30 33 01 01 00 00 FF FF FF FF FF FF FF FF 1003............ 00000820: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ ; everything up to 0x958 is the same as in the C139 version + +; serial.obj .const section 830: 00000006 834: 00000000 838: 00000000 @@ -35,6 +53,8 @@ 860: 000000fa 864: ffff5800 868: ffff5000 + +; bootloader.obj .text section 86c: fffffb00 870: 02a102a1 874: 028302a1 @@ -49,6 +69,7 @@ 898: 00000800 ; RESET entry point +_INT_Bootloader_Start: 89c: e51f1020 ldr r1, =0xfffffd00 ; via 0x884 8a0: e1d120b2 ldrh r2, [r1, #2] 8a4: e51f002c ldr r0, =0x40 ; via 0x880 @@ -97,13 +118,14 @@ 950: e1a0d002 mov sp, r2 ; business logic 954: e92d100f stmdb sp!, {r0, r1, r2, r3, r12} - 958: eb00051e bl 0x1dd8 + 958: eb00051e bl 0x1dd8 ; _sta_select_application 95c: e8bd100f ldmia sp!, {r0, r1, r2, r3, r12} - 960: ea0005e4 b 0x20f8 + 960: ea0005e4 b 0x20f8 ; _INT_Initialize ; stack address, varies by version 964: 0083e424 +; start.obj .text section ; 0x968 routine same as in the C139 version 968: 4961 ldr r1, =0xfffffa08 ; via 0xaf0 96a: 4862 ldr r0, =0xffff ; via 0xaf4 @@ -274,13 +296,14 @@ ad0: bd00 pop {pc} ; Main entry routine at the same location as in the C139 version +$sta_select_application: ad2: b500 push {lr} ad4: b082 sub sp, #8 ad6: f7ff ff47 bl 0x968 - ada: f001 f881 bl 0x1be0 - ade: f000 fd47 bl 0x1570 - ae2: f000 f81f bl 0xb24 - ae6: f000 f940 bl 0xd6a + ada: f001 f881 bl 0x1be0 ; $ser_initialize_serial_link + ade: f000 fd47 bl 0x1570 ; $con_initialize_conversion + ae2: f000 f81f bl 0xb24 ; $fluid_bootloader + ae6: f000 f940 bl 0xd6a ; $FTM_Tool_check aea: b002 add sp, #8 aec: bd00 pop {pc} aee: 46c0 nop (mov r8, r8) @@ -294,6 +317,7 @@ b08: fffffd00 b0c: 00001001 +; boot.obj .text section b10: e3a0d502 mov sp, #8388608 ; 0x800000 b14: e28dd802 add sp, sp, #131072 ; 0x20000 b18: e28fe005 add lr, pc, #5 @@ -302,6 +326,7 @@ ; 0xb24 function appears to be the same as in the C139 version, ; but calls 0xed4 instead of 0xf2c. +$fluid_bootloader: b24: b500 push {lr} b26: b082 sub sp, #8 b28: 49e8 ldr r1, =0x83ff00 ; via 0xecc @@ -309,7 +334,7 @@ b2c: 6008 str r0, [r1, #0] b2e: 2000 mov r0, #0 b30: 2102 mov r1, #2 - b32: f000 f9cf bl 0xed4 + b32: f000 f9cf bl 0xed4 ; $uart_init b36: 2000 mov r0, #0 b38: 9000 str r0, [sp, #0] b3a: 9900 ldr r1, [sp, #0] @@ -325,10 +350,10 @@ b4e: 0300 lsl r0, r0, #12 b50: 4281 cmp r1, r0 b52: d3f7 bcc 0xb44 - b54: f000 f82a bl 0xbac + b54: f000 f82a bl 0xbac ; $SeekMsg b58: 2000 mov r0, #0 b5a: 2107 mov r1, #7 - b5c: f000 f9ba bl 0xed4 + b5c: f000 f9ba bl 0xed4 ; $uart_init b60: 2000 mov r0, #0 b62: 9000 str r0, [sp, #0] b64: 9900 ldr r1, [sp, #0] @@ -344,7 +369,7 @@ b78: 0300 lsl r0, r0, #12 b7a: 4281 cmp r1, r0 b7c: d3f7 bcc 0xb6e - b7e: f000 f815 bl 0xbac + b7e: f000 f815 bl 0xbac ; $SeekMsg b82: 2000 mov r0, #0 b84: 9001 str r0, [sp, #4] b86: 9000 str r0, [sp, #0] @@ -368,6 +393,7 @@ baa: bd00 pop {pc} ; serial download protocol +$SeekMsg: bac: b500 push {lr} bae: b086 sub sp, #24 ; 0x18 bb0: 48f3 ldr r0, =0x800100 ; via 0xf80 @@ -552,6 +578,7 @@ d66: b006 add sp, #24 ; 0x18 d68: bd00 pop {pc} +$FTM_Tool_check: d6a: b500 push {lr} d6c: b081 sub sp, #4 d6e: 2066 mov r0, #102 ; 0x66 @@ -626,6 +653,7 @@ e20: bd00 pop {pc} ; corresponds to 0xe76 in the C139 version +$jump: e22: 4708 bx r1 ; UART character output routine, corresponds to 0xe78 in the C139 version @@ -645,6 +673,7 @@ e3e: b001 add sp, #4 e40: 46f7 mov pc, lr +$getchar: e42: 4822 ldr r0, =0x83ff00 ; via 0xecc e44: 6800 ldr r0, [r0, #0] e46: 7940 ldrb r0, [r0, #5] @@ -656,6 +685,7 @@ e52: 4770 bx lr ; should correspond to 0xea8 in the C139 version +$getchar_timeout: e54: b083 sub sp, #12 ; 0xc e56: 9000 str r0, [sp, #0] e58: 9800 ldr r0, [sp, #0] @@ -684,6 +714,7 @@ e86: b003 add sp, #12 ; 0xc e88: 4770 bx lr +$UartTimeout: e8a: b081 sub sp, #4 e8c: e001 b 0xe92 e8e: 9800 ldr r0, [sp, #0] @@ -705,6 +736,8 @@ eae: 2001 mov r0, #1 eb0: b001 add sp, #4 eb2: 4770 bx lr + +$hardware_init: eb4: b082 sub sp, #8 eb6: 9000 str r0, [sp, #0] eb8: 4669 mov r1, sp @@ -722,6 +755,7 @@ ed0: ffff5800 ; should be the same as 0xf2c in the C139 version +$uart_init: ed4: b081 sub sp, #4 ed6: 466a mov r2, sp ed8: 7051 strb r1, [r2, #1] @@ -805,6 +839,7 @@ f74: b001 add sp, #4 f76: 4770 bx lr +$CheckFTMtoolMode: f78: 480a ldr r0, =0x83ff80 ; via 0xfa4 f7a: 7800 ldrb r0, [r0, #0] f7c: 4770 bx lr @@ -812,6 +847,7 @@ f80: 00800100 +$putchar__: f84: b500 push {lr} f86: b081 sub sp, #4 f88: 4669 mov r1, sp @@ -821,20 +857,25 @@ f90: f7ff ff48 bl 0xe24 f94: b001 add sp, #4 f96: bd00 pop {pc} + +$getchar__: f98: b500 push {lr} f9a: f7ff ff52 bl 0xe42 f9e: bd00 pop {pc} - fa0: 0100 lsl r0, r0, #4 - fa2: 0080 lsl r0, r0, #2 - fa4: ff80 <half-bl> - fa6: 0083 lsl r3, r0, #2 - fa8: f000 fffe bl 0x1fa8 - fac: 6000 str r0, [r0, #0] - fae: ffff <half-bl> - fb0: ff00 <half-bl> - fb2: 0083 lsl r3, r0, #2 + + fa0: 00800100 + fa4: 0083ff80 + fa8: fffef000 + fac: ffff6000 + fb0: 0083ff00 + +; branch_in_RAM.obj .text section +$Branch_in_RAM: fb4: 4700 bx r0 - fb6: 0000 lsl r0, r0, #0 + fb6: 0000 + +; command.obj .text section +$com_analyze_request: fb8: b08c sub sp, #48 ; 0x30 fba: 9101 str r1, [sp, #4] fbc: 9000 str r0, [sp, #0] @@ -1031,28 +1072,19 @@ 113a: 0089 lsl r1, r1, #2 113c: 5840 ldr r0, [r0, r1] 113e: 4687 mov pc, r0 - 1140: 116c asr r4, r5, #5 - 1142: 0000 lsl r0, r0, #0 - 1144: 116c asr r4, r5, #5 - 1146: 0000 lsl r0, r0, #0 - 1148: 116c asr r4, r5, #5 - 114a: 0000 lsl r0, r0, #0 - 114c: 116c asr r4, r5, #5 - 114e: 0000 lsl r0, r0, #0 - 1150: 116c asr r4, r5, #5 - 1152: 0000 lsl r0, r0, #0 - 1154: 116c asr r4, r5, #5 - 1156: 0000 lsl r0, r0, #0 - 1158: 116c asr r4, r5, #5 - 115a: 0000 lsl r0, r0, #0 - 115c: 0fde lsr r6, r3, #31 - 115e: 0000 lsl r0, r0, #0 - 1160: 1032 asr r2, r6, #32 - 1162: 0000 lsl r0, r0, #0 - 1164: 116c asr r4, r5, #5 - 1166: 0000 lsl r0, r0, #0 - 1168: 10d6 asr r6, r2, #3 - 116a: 0000 lsl r0, r0, #0 + + 1140: 0000116c + 1144: 0000116c + 1148: 0000116c + 114c: 0000116c + 1150: 0000116c + 1154: 0000116c + 1158: 0000116c + 115c: 00000fde + 1160: 00001032 + 1164: 0000116c + 1168: 000010d6 + 116c: 9905 ldr r1, [sp, #20] ; 0x14 116e: 9804 ldr r0, [sp, #16] ; 0x10 1170: 4281 cmp r1, r0 @@ -1062,6 +1094,8 @@ 1178: 9803 ldr r0, [sp, #12] ; 0xc 117a: b00c add sp, #48 ; 0x30 117c: 4770 bx lr + +$com_build_confirmation: 117e: b089 sub sp, #36 ; 0x24 1180: 9101 str r1, [sp, #4] 1182: 9000 str r0, [sp, #0] @@ -1329,28 +1363,19 @@ 138e: 0080 lsl r0, r0, #2 1390: 5808 ldr r0, [r1, r0] 1392: 4687 mov pc, r0 - 1394: 11ba asr r2, r7, #6 - 1396: 0000 lsl r0, r0, #0 - 1398: 11f4 asr r4, r6, #7 - 139a: 0000 lsl r0, r0, #0 - 139c: 1212 asr r2, r2, #8 - 139e: 0000 lsl r0, r0, #0 - 13a0: 121e asr r6, r3, #8 - 13a2: 0000 lsl r0, r0, #0 - 13a4: 13c0 asr r0, r0, #15 - 13a6: 0000 lsl r0, r0, #0 - 13a8: 122a asr r2, r5, #8 - 13aa: 0000 lsl r0, r0, #0 - 13ac: 1294 asr r4, r2, #10 - 13ae: 0000 lsl r0, r0, #0 - 13b0: 12a0 asr r0, r4, #10 - 13b2: 0000 lsl r0, r0, #0 - 13b4: 13c0 asr r0, r0, #15 - 13b6: 0000 lsl r0, r0, #0 - 13b8: 132c asr r4, r5, #12 - 13ba: 0000 lsl r0, r0, #0 - 13bc: 13c0 asr r0, r0, #15 - 13be: 0000 lsl r0, r0, #0 + + 1394: 000011ba + 1398: 000011f4 + 139c: 00001212 + 13a0: 0000121e + 13a4: 000013c0 + 13a8: 0000122a + 13ac: 00001294 + 13b0: 000012a0 + 13b4: 000013c0 + 13b8: 0000132c + 13bc: 000013c0 + 13c0: 9805 ldr r0, [sp, #20] ; 0x14 13c2: 4669 mov r1, sp 13c4: 7c09 ldrb r1, [r1, #16] ; 0x10 @@ -1358,7 +1383,10 @@ 13c8: 9803 ldr r0, [sp, #12] ; 0xc 13ca: b009 add sp, #36 ; 0x24 13cc: 4770 bx lr - 13ce: 0000 lsl r0, r0, #0 + 13ce: 0000 + +; convert.obj .text section +$con_get_command_from_string: 13d0: b500 push {lr} 13d2: b083 sub sp, #12 ; 0xc 13d4: 9101 str r1, [sp, #4] @@ -1492,6 +1520,8 @@ 14d6: 9802 ldr r0, [sp, #8] 14d8: b003 add sp, #12 ; 0xc 14da: bd00 pop {pc} + +$con_build_string_from_command: 14dc: b086 sub sp, #24 ; 0x18 14de: 9202 str r2, [sp, #8] 14e0: 9101 str r1, [sp, #4] @@ -1568,6 +1598,7 @@ 156e: 4770 bx lr ; same as 0x15c8 in the C139 version +$con_initialize_conversion: 1570: 4907 ldr r1, =0x83ff08 ; via 0x1590 1572: 2000 mov r0, #0 1574: 6008 str r0, [r1, #0] @@ -1583,6 +1614,8 @@ 158c: 0083ff0c 1590: 0083ff08 +; optboot.obj .text section +$opt_get_monitor_id: 1594: b082 sub sp, #8 1596: 9101 str r1, [sp, #4] 1598: 9000 str r0, [sp, #0] @@ -1603,6 +1636,8 @@ 15b6: 7181 strb r1, [r0, #6] 15b8: b002 add sp, #8 15ba: 4770 bx lr + +$opt_load_application: 15bc: b500 push {lr} 15be: b084 sub sp, #16 ; 0x10 15c0: 466b mov r3, sp @@ -1657,6 +1692,8 @@ 1624: d0e6 beq 0x15f4 1626: b004 add sp, #16 ; 0x10 1628: bd00 pop {pc} + +$opt_get_running_address: 162a: b084 sub sp, #16 ; 0x10 162c: 9101 str r1, [sp, #4] 162e: 9000 str r0, [sp, #0] @@ -1682,6 +1719,8 @@ 1656: 9803 ldr r0, [sp, #12] ; 0xc 1658: b004 add sp, #16 ; 0x10 165a: 4770 bx lr + +; serial.obj .text section 165c: b085 sub sp, #20 ; 0x14 165e: 9303 str r3, [sp, #12] ; 0xc 1660: 9202 str r2, [sp, #8] @@ -1743,6 +1782,7 @@ 16d0: 9804 ldr r0, [sp, #16] ; 0x10 16d2: b005 add sp, #20 ; 0x14 16d4: 46f7 mov pc, lr + 16d6: b083 sub sp, #12 ; 0xc 16d8: 9101 str r1, [sp, #4] 16da: 4669 mov r1, sp @@ -1829,6 +1869,7 @@ 177c: 9802 ldr r0, [sp, #8] 177e: b003 add sp, #12 ; 0xc 1780: 46f7 mov pc, lr + 1782: b083 sub sp, #12 ; 0xc 1784: 9101 str r1, [sp, #4] 1786: 4669 mov r1, sp @@ -1869,6 +1910,7 @@ 17cc: 9802 ldr r0, [sp, #8] 17ce: b003 add sp, #12 ; 0xc 17d0: 46f7 mov pc, lr + 17d2: b083 sub sp, #12 ; 0xc 17d4: 9101 str r1, [sp, #4] 17d6: 4669 mov r1, sp @@ -1916,6 +1958,7 @@ 182a: 9802 ldr r0, [sp, #8] 182c: b003 add sp, #12 ; 0xc 182e: 46f7 mov pc, lr + 1830: b081 sub sp, #4 1832: 4669 mov r1, sp 1834: 7008 strb r0, [r1, #0] @@ -1938,6 +1981,7 @@ 1856: 6001 str r1, [r0, #0] 1858: b001 add sp, #4 185a: 46f7 mov pc, lr + 185c: b084 sub sp, #16 ; 0x10 185e: 9202 str r2, [sp, #8] 1860: 9101 str r1, [sp, #4] @@ -2006,6 +2050,7 @@ 18de: 9803 ldr r0, [sp, #12] ; 0xc 18e0: b004 add sp, #16 ; 0x10 18e2: 46f7 mov pc, lr + 18e4: b083 sub sp, #12 ; 0xc 18e6: 9101 str r1, [sp, #4] 18e8: 4669 mov r1, sp @@ -2033,6 +2078,7 @@ 1914: 9802 ldr r0, [sp, #8] 1916: b003 add sp, #12 ; 0xc 1918: 46f7 mov pc, lr + 191a: b085 sub sp, #20 ; 0x14 191c: 466b mov r3, sp 191e: 719a strb r2, [r3, #6] @@ -2082,6 +2128,8 @@ 1976: d1e0 bne 0x193a 1978: b005 add sp, #20 ; 0x14 197a: 46f7 mov pc, lr + +$ser_wait_no_activity: 197c: b082 sub sp, #8 197e: 4669 mov r1, sp 1980: 7008 strb r0, [r1, #0] @@ -2129,6 +2177,8 @@ 19d4: dbdd blt 0x1992 19d6: b002 add sp, #8 19d8: 4770 bx lr + +$ser_send_command: 19da: b500 push {lr} 19dc: b08c sub sp, #48 ; 0x30 19de: 466a mov r2, sp @@ -2156,20 +2206,16 @@ 1a0e: 9802 ldr r0, [sp, #8] 1a10: b00c add sp, #48 ; 0x30 1a12: bd00 pop {pc} - 1a14: ff19 <half-bl> - 1a16: 0083 lsl r3, r0, #2 - 1a18: ff1a <half-bl> - 1a1a: 0083 lsl r3, r0, #2 - 1a1c: ff26 <half-bl> - 1a1e: 0083 lsl r3, r0, #2 - 1a20: ff24 <half-bl> - 1a22: 0083 lsl r3, r0, #2 - 1a24: ff20 <half-bl> - 1a26: 0083 lsl r3, r0, #2 - 1a28: ff1b <half-bl> - 1a2a: 0083 lsl r3, r0, #2 - 1a2c: ff18 <half-bl> - 1a2e: 0083 lsl r3, r0, #2 + + 1a14: 0083ff19 + 1a18: 0083ff1a + 1a1c: 0083ff26 + 1a20: 0083ff24 + 1a24: 0083ff20 + 1a28: 0083ff1b + 1a2c: 0083ff18 + +$ser_receive_command: 1a30: b500 push {lr} 1a32: b084 sub sp, #16 ; 0x10 1a34: 9101 str r1, [sp, #4] @@ -2260,12 +2306,12 @@ 1ae2: 7b00 ldrb r0, [r0, #12] ; 0xc 1ae4: b004 add sp, #16 ; 0x10 1ae6: bd00 pop {pc} - 1ae8: ff1c <half-bl> - 1aea: 0083 lsl r3, r0, #2 - 1aec: 0830 lsr r0, r6, #32 - 1aee: 0000 lsl r0, r0, #0 - 1af0: 084c lsr r4, r1, #1 - 1af2: 0000 lsl r0, r0, #0 + + 1ae8: 0083ff1c + 1aec: 00000830 + 1af0: 0000084c + +$ser_receive_data_for_flash: 1af4: b500 push {lr} 1af6: b086 sub sp, #24 ; 0x18 1af8: 466b mov r3, sp @@ -2365,6 +2411,8 @@ 1bc2: 9805 ldr r0, [sp, #20] ; 0x14 1bc4: b006 add sp, #24 ; 0x18 1bc6: bd00 pop {pc} + +$ser_initialize_flash_data_detection: 1bc8: 4942 ldr r1, =0x83ff20 ; via 0x1cd4 1bca: 2001 mov r0, #1 1bcc: 6008 str r0, [r1, #0] @@ -2380,6 +2428,7 @@ ; hoping this routine will be the same as 0x1c38 in the C139 version ; same length, looks the same on inspection +$ser_initialize_serial_link: 1be0: b081 sub sp, #4 1be2: 483f ldr r0, =0xffff5800 ; via 0x1ce0 1be4: 9000 str r0, [sp, #0] @@ -2469,6 +2518,7 @@ 1c8c: b001 add sp, #4 1c8e: 4770 bx lr +$ser_wait_last_character_sent: 1c90: b081 sub sp, #4 1c92: 4669 mov r1, sp 1c94: 7008 strb r0, [r1, #0] @@ -2497,24 +2547,19 @@ 1cc2: d3f3 bcc 0x1cac 1cc4: b001 add sp, #4 1cc6: 4770 bx lr - 1cc8: 0864 lsr r4, r4, #1 - 1cca: 0000 lsl r0, r0, #0 - 1ccc: 5805 ldr r5, [r0, r0] - 1cce: ffff <half-bl> - 1cd0: 5005 str r5, [r0, r0] - 1cd2: ffff <half-bl> - 1cd4: ff20 <half-bl> - 1cd6: 0083 lsl r3, r0, #2 - 1cd8: ff1b <half-bl> - 1cda: 0083 lsl r3, r0, #2 - 1cdc: ff18 <half-bl> - 1cde: 0083 lsl r3, r0, #2 - 1ce0: 5800 ldr r0, [r0, r0] - 1ce2: ffff <half-bl> - 1ce4: 6000 str r0, [r0, #0] - 1ce6: ffff <half-bl> - 1ce8: 5000 str r0, [r0, r0] - 1cea: ffff <half-bl> + + 1cc8: 00000864 + 1ccc: ffff5805 + 1cd0: ffff5005 + 1cd4: 0083ff20 + 1cd8: 0083ff1b + 1cdc: 0083ff18 + 1ce0: ffff5800 + 1ce4: ffff6000 + 1ce8: ffff5000 + +; cmdboot.obj .text section +$cmd_load_application: 1cec: b500 push {lr} 1cee: b087 sub sp, #28 ; 0x1c 1cf0: 466b mov r3, sp @@ -2578,6 +2623,8 @@ 1d6a: 9803 ldr r0, [sp, #12] ; 0xc 1d6c: b007 add sp, #28 ; 0x1c 1d6e: bd00 pop {pc} + +$cmd_check_application_in_flash: 1d70: b089 sub sp, #36 ; 0x24 1d72: 201a mov r0, #26 ; 0x1a 1d74: 9005 str r0, [sp, #20] ; 0x14 @@ -2631,7 +2678,9 @@ 1dd4: 0000ffff +; start.obj .text:v$3 section ; ARM->Thumb call veneer around 0xad2 routine +_sta_select_application: 1dd8: e92d4000 stmdb sp!, {lr} 1ddc: e28fe001 add lr, pc, #1 1de0: e12fff1e bx lr