FreeCalypso > hg > freecalypso-reveng
changeset 67:88cf9811f97c
started disassembly of Pirelli's boot code
author | Michael Spacefalcon <msokolov@ivan.Harhan.ORG> |
---|---|
date | Sun, 09 Feb 2014 09:36:42 +0000 |
parents | 39f2ccd06b57 |
children | 6a136554378e |
files | pirelli/preboot.disasm pirelli/preboot.notes |
diffstat | 2 files changed, 470 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/pirelli/preboot.disasm Sun Feb 09 09:36:42 2014 +0000 @@ -0,0 +1,452 @@ + 0: ea00004b b 0x134 + 4: ea00bffe b 0x30004 + 8: ea00bffe b 0x30008 + c: ea00bffe b 0x3000c + 10: ea00bffe b 0x30010 + 14: ea00bffe b 0x30014 + 18: ea00bffe b 0x30018 + 1c: ea00bffe b 0x3001c + +<20-FF: all FFs> + + 100: fffffb00 + 104: 02a102a1 + 108: 028302a1 + 10c: 00c000aa + 110: 002a0040 + 114: fffffd00 + 118: ffff9800 + 11c: fffffb10 + 120: ffffff08 + 124: fffff804 + 128: 20061081 + 12c: 00000800 + 130: 00a000f5 + +; RESET vector branches here + 134: e51f1024 ldr r1, [pc, #-36] ; 0x118 =0xffff9800 + 138: e15f21b6 ldrh r2, [pc, #-22] ; 0x12a =0x2006 + 13c: e1c120b0 strh r2, [r1] + 140: e5912000 ldr r2, [r1] + 144: e2022001 and r2, r2, #1 ; 0x1 + 148: e3520001 cmp r2, #1 ; 0x1 + 14c: 0afffffb beq 0x140 + 150: e51f1044 ldr r1, [pc, #-68] ; 0x114 =0xfffffd00 + 154: e15f23b4 ldrh r2, [pc, #-52] ; 0x128 =0x1081 + 158: e1c120b0 strh r2, [r1] + 15c: e51f1048 ldr r1, [pc, #-72] ; 0x11c =0xfffffb10 + 160: e15f23bc ldrh r2, [pc, #-60] ; 0x12c =0x0800 + 164: e1d100b0 ldrh r0, [r1] + 168: e1800002 orr r0, r0, r2 + 16c: e1c100b0 strh r0, [r1] ; DU disable + 170: e51f1058 ldr r1, [pc, #-88] ; 0x120 =0xffffff08 + 174: e15f24be ldrh r2, [pc, #-78] ; 0x12e =0x0000 + 178: e1c120b0 strh r2, [r1] ; MPU disable + 17c: e51f1084 ldr r1, [pc, #-132] ; 0x100 =0xfffffb00 + 180: e51f1064 ldr r1, [pc, #-100] ; 0x124 =0xfffff804 + 184: e15f25bc ldrh r2, [pc, #-92] ; 0x130 =0x00f5 + 188: e1c120b0 strh r2, [r1] ; WDOG disable cycle 1 + 18c: e51f1070 ldr r1, [pc, #-112] ; 0x124 =0xfffff804 + 190: e15f26b6 ldrh r2, [pc, #-102] ; 0x132 =0x00a0 + 194: e1c120b0 strh r2, [r1] ; WDOG disable cycle 2 + 198: e15f29bc ldrh r2, [pc, #-156] ; 0x104 + 19c: e1c120b0 strh r2, [r1] + 1a0: e15f2ab2 ldrh r2, [pc, #-162] ; 0x106 + 1a4: e1c120b2 strh r2, [r1, #2] + 1a8: e15f2ab8 ldrh r2, [pc, #-168] ; 0x108 + 1ac: e1c120b4 strh r2, [r1, #4] + 1b0: e15f2abe ldrh r2, [pc, #-174] ; 0x10a + 1b4: e1c120b6 strh r2, [r1, #6] + 1b8: e15f2bb4 ldrh r2, [pc, #-180] ; 0x10c + 1bc: e1c120ba strh r2, [r1, #10] + 1c0: e15f2bba ldrh r2, [pc, #-186] ; 0x10e + 1c4: e1c120bc strh r2, [r1, #12] + 1c8: e15f2cb0 ldrh r2, [pc, #-192] ; 0x110 + 1cc: e1c120b8 strh r2, [r1, #8] + 1d0: e15f2cb6 ldrh r2, [pc, #-198] ; 0x112 + 1d4: e1c120be strh r2, [r1, #14] + 1d8: e59f0020 ldr r0, [pc, #32] ; 0x200 =0x81047c + 1dc: e3a01b01 mov r1, #1024 ; 0x400 + 1e0: e2411004 sub r1, r1, #4 ; 0x4 + 1e4: e0802001 add r2, r0, r1 + 1e8: e3c22003 bic r2, r2, #3 ; 0x3 + 1ec: e1a0d002 mov sp, r2 + 1f0: e92d100f stmdb sp!, {r0, r1, r2, r3, ip} + 1f4: eb00003b bl 0x2e8 + 1f8: e8bd100f ldmia sp!, {r0, r1, r2, r3, ip} + 1fc: ea000796 b 0x205c + + 200: 0081047c + +; copy(src, len, dest) + 204: 2900 cmp r1, #0 + 206: d006 beq 0x216 + 208: 6803 ldr r3, [r0, #0] + 20a: 6013 str r3, [r2, #0] + 20c: 3204 add r2, #4 + 20e: 3004 add r0, #4 + 210: 3904 sub r1, #4 + 212: 2900 cmp r1, #0 + 214: d1f8 bne 0x208 + 216: 4770 bx lr + +; checksumming function: XOR of all 16-bit words in region + 218: 2200 mov r2, #0 + 21a: 2900 cmp r1, #0 + 21c: d007 beq 0x22e + 21e: 8803 ldrh r3, [r0, #0] + 220: 4053 eor r3, r2 + 222: 041a lsl r2, r3, #16 + 224: 0c12 lsr r2, r2, #16 + 226: 3002 add r0, #2 + 228: 3902 sub r1, #2 + 22a: 2900 cmp r1, #0 + 22c: d1f7 bne 0x21e + 22e: 1c10 mov r0, r2 (add r0, r2, #0) + 230: 4770 bx lr + +; 0x232 routine is bzero() with 4-byte alignment required + 232: 2900 cmp r1, #0 + 234: d005 beq 0x242 + 236: 2200 mov r2, #0 + 238: 6002 str r2, [r0, #0] + 23a: 3004 add r0, #4 + 23c: 3904 sub r1, #4 + 23e: 2900 cmp r1, #0 + 240: d1fa bne 0x238 + 242: 4770 bx lr + +; 0xAA88 bytes are copied from 0x2508 to 0x810484 + 244: b5f0 push {r4, r5, r6, r7, lr} + 246: 4e10 ldr r6, [pc, #64] (0x288) =0x800010 + 248: 2000 mov r0, #0 + 24a: 8030 strh r0, [r6, #0] + 24c: 4f0f ldr r7, [pc, #60] (0x28c) =0x800012 + 24e: 8038 strh r0, [r7, #0] + 250: 480f ldr r0, [pc, #60] (0x290) =0x810480 + 252: 4910 ldr r1, [pc, #64] (0x294) =0x81AF0C + 254: 1a09 sub r1, r1, r0 + 256: 3904 sub r1, #4 + 258: 468c mov ip, r1 + 25a: 2104 mov r1, #4 + 25c: 180c add r4, r1, r0 + 25e: 1c20 mov r0, r4 (add r0, r4, #0) + 260: 4661 mov r1, ip + 262: ffe6f7ff bl 0x232 ; bzero() + 266: 4d0c ldr r5, [pc, #48] (0x298) =0x2508 + 268: 1c28 mov r0, r5 (add r0, r5, #0) + 26a: 4661 mov r1, ip + 26c: ffd4f7ff bl 0x218 + 270: 8030 strh r0, [r6, #0] + 272: 1c28 mov r0, r5 (add r0, r5, #0) + 274: 4661 mov r1, ip + 276: 1c22 mov r2, r4 (add r2, r4, #0) + 278: ffc4f7ff bl 0x204 + 27c: 1c20 mov r0, r4 (add r0, r4, #0) + 27e: 4661 mov r1, ip + 280: ffcaf7ff bl 0x218 + 284: 8038 strh r0, [r7, #0] + 286: bdf0 pop {r4, r5, r6, r7, pc} + + 288: 00800010 + 28c: 00800012 + 290: 00810480 + 294: 0081af0c + 298: 00002508 + + 29c: b500 push {lr} + 29e: f82bf000 bl 0x2f8 + 2a2: f802f000 bl 0x2aa + 2a6: bd00 pop {pc} + + 2a8: 4770 bx lr + + 2aa: b500 push {lr} + 2ac: 2003 mov r0, #3 + 2ae: 0400 lsl r0, r0, #16 + 2b0: f820f000 bl 0x2f4 + 2b4: bd00 pop {pc} + 2b6: 0000 + + 2b8: e92d4000 stmdb sp!, {lr} + 2bc: e28fe001 add lr, pc, #1 ; 0x1 + 2c0: e12fff1e bx lr + 2c4: ffeaf7ff bl 0x29c + 2c8: 4778 bx pc + 2ca: 46c0 nop (mov r8, r8) + 2cc: e8bd8000 ldmia sp!, {pc} + + 2d0: e92d4000 stmdb sp!, {lr} + 2d4: e28fe001 add lr, pc, #1 ; 0x1 + 2d8: e12fff1e bx lr + 2dc: ffb2f7ff bl 0x244 + 2e0: 4778 bx pc + 2e2: 46c0 nop (mov r8, r8) + 2e4: e8bd8000 ldmia sp!, {pc} + + 2e8: e59fc000 ldr ip, [pc, #0] ; 0x2f0 + 2ec: e12fff1c bx ip + 2f0: 000002a9 + + 2f4: 4700 bx r0 + 2f6: 0000 + + 2f8: b082 sub sp, #8 + 2fa: 9400 str r4, [sp, #0] + 2fc: 4c01 ldr r4, [pc, #4] (0x304) + 2fe: 9401 str r4, [sp, #4] + 300: bd10 pop {r4, pc} + 302: 0000 + 304: 00818f2c + +<308-1FFF: all FFs> + + 2000: 00000001 ; magic word for the Calypso boot ROM + + 2004: ea0000be b 0x2304 + 2008: ea0000c0 b 0x2310 + 200c: ea0000c2 b 0x231c + 2010: ea0000c4 b 0x2328 + 2014: ea0000c6 b 0x2334 + 2018: ea0000b0 b 0x22e0 + 201c: ea0000b6 b 0x22fc + + 2020: 02a102a4 + 2024: 02a402a1 + 2028: 02c0009c + 202c: 002a0040 + 2030: fffffb00 + 2034: fffef006 + 2038: 00000008 + 203c: fffffd00 + 2040: ffff9800 + 2044: fffffb10 + 2048: ffffff08 + 204c: 20021081 + 2050: f7ff0800 + 2054: 00000000 + 2058: 0001fa00 + +; COME FROM 0x1fc + 205c: e51f1024 ldr r1, [pc, #-36] ; 0x2040 =0xffff9800 + 2060: e15f21ba ldrh r2, [pc, #-26] ; 0x204e =0x2002 + 2064: e1c120b0 strh r2, [r1] + 2068: e5912000 ldr r2, [r1] + 206c: e2022001 and r2, r2, #1 ; 0x1 + 2070: e3520001 cmp r2, #1 ; 0x1 + 2074: 0afffffb beq 0x2068 + 2078: e51f1044 ldr r1, [pc, #-68] ; 0x203c =0xfffffd00 + 207c: e15f23b8 ldrh r2, [pc, #-56] ; 0x204c =0x1081 + 2080: e1c120b0 strh r2, [r1] + 2084: e51f1048 ldr r1, [pc, #-72] ; 0x2044 =0xfffffb10 + 2088: e15f23be ldrh r2, [pc, #-62] ; 0x2052 =0xf7ff + 208c: e1d100b0 ldrh r0, [r1] + 2090: e0000002 and r0, r0, r2 + 2094: e1c100b0 strh r0, [r1] ; enable DU + 2098: e51f1058 ldr r1, [pc, #-88] ; 0x2048 =0xffffff08 + 209c: e15f25b0 ldrh r2, [pc, #-80] ; 0x2054 =0x0000 + 20a0: e1c120b0 strh r2, [r1] + 20a4: e51f107c ldr r1, [pc, #-124] ; 0x2030 =0xfffffb00 + 20a8: e15f29b0 ldrh r2, [pc, #-144] ; 0x2020 =0x02a4 + 20ac: e1c120b0 strh r2, [r1] + 20b0: e15f29b6 ldrh r2, [pc, #-150] ; 0x2022 =0x02a1 + 20b4: e1c120b2 strh r2, [r1, #2] + 20b8: e15f29bc ldrh r2, [pc, #-156] ; 0x2024 =0x02a1 + 20bc: e1c120b4 strh r2, [r1, #4] + 20c0: e15f2ab2 ldrh r2, [pc, #-162] ; 0x2026 =0x02a4 + 20c4: e1c120b6 strh r2, [r1, #6] + 20c8: e15f2ab8 ldrh r2, [pc, #-168] ; 0x2028 =0x009c + 20cc: e1c120ba strh r2, [r1, #10] + 20d0: e15f2abe ldrh r2, [pc, #-174] ; 0x202a =0x02c0 + 20d4: e1c120bc strh r2, [r1, #12] + 20d8: e15f2bb4 ldrh r2, [pc, #-180] ; 0x202c =0x0040 + 20dc: e1c120b8 strh r2, [r1, #8] + 20e0: e15f2bba ldrh r2, [pc, #-186] ; 0x202e =0x002a + 20e4: e1c120be strh r2, [r1, #14] + 20e8: e51f10bc ldr r1, [pc, #-188] ; 0x2034 =0xfffef006 + 20ec: e1d120b0 ldrh r2, [r1] + 20f0: e51f00c0 ldr r0, [pc, #-192] ; 0x2038 =0x00000008 + 20f4: e1800002 orr r0, r0, r2 + 20f8: e1c100b0 strh r0, [r1] ; enable A22 + 20fc: e10f0000 mrs r0, CPSR + 2100: e3c0001f bic r0, r0, #31 ; 0x1f + 2104: e3800013 orr r0, r0, #19 ; 0x13 + 2108: e38000c0 orr r0, r0, #192 ; 0xc0 + 210c: e129f000 msr CPSR_fc, r0 ; SVC, all ints disabled + 2110: e59f02e0 ldr r0, [pc, #736] ; 0x23f8 =0x800004 + 2114: e3a02000 mov r2, #0 ; 0x0 + 2118: e59f12dc ldr r1, [pc, #732] ; 0x23fc =0x81047c + 211c: e1500001 cmp r0, r1 + 2120: 0a000000 beq 0x2128 + 2124: e4802004 str r2, [r0], #4 + 2128: e1500001 cmp r0, r1 + 212c: 1afffffc bne 0x2124 + 2130: e59f02c8 ldr r0, [pc, #712] ; 0x2400 =0x800000 + 2134: e3a02000 mov r2, #0 ; 0x0 + 2138: e59f12c4 ldr r1, [pc, #708] ; 0x2404 =0x81047c + 213c: e1500001 cmp r0, r1 + 2140: 0a000000 beq 0x2148 + 2144: e4802004 str r2, [r0], #4 + 2148: e1500001 cmp r0, r1 + 214c: 1afffffc bne 0x2144 + 2150: e3a00001 mov r0, #1 ; 0x1 + 2154: e59f12b0 ldr r1, [pc, #688] ; 0x240c =0x800004 + 2158: e5810000 str r0, [r1] + 215c: e59f02a4 ldr r0, [pc, #676] ; 0x2408 =0x81aff8 + 2160: e3a01e46 mov r1, #1120 ; 0x460 + 2164: e2411004 sub r1, r1, #4 ; 0x4 + 2168: e0802001 add r2, r0, r1 + 216c: e1a0a000 mov sl, r0 + 2170: e59f3298 ldr r3, [pc, #664] ; 0x2410 =0x800008 + 2174: e583a000 str sl, [r3] + 2178: e1a0d002 mov sp, r2 + 217c: e59f3290 ldr r3, [pc, #656] ; 0x2414 =0x80000c + 2180: e583d000 str sp, [r3] + 2184: e3a01080 mov r1, #128 ; 0x80 + 2188: e0822001 add r2, r2, r1 + 218c: e10f0000 mrs r0, CPSR + 2190: e3c0001f bic r0, r0, #31 ; 0x1f + 2194: e3800012 orr r0, r0, #18 ; 0x12 + 2198: e129f000 msr CPSR_fc, r0 ; IRQ + 219c: e1a0d002 mov sp, r2 + 21a0: e3a01c02 mov r1, #512 ; 0x200 + 21a4: e0822001 add r2, r2, r1 + 21a8: e10f0000 mrs r0, CPSR + 21ac: e3c0001f bic r0, r0, #31 ; 0x1f + 21b0: e3800011 orr r0, r0, #17 ; 0x11 + 21b4: e129f000 msr CPSR_fc, r0 ; FIQ + 21b8: e1a0d002 mov sp, r2 + 21bc: e10f0000 mrs r0, CPSR + 21c0: e3c0001f bic r0, r0, #31 ; 0x1f + 21c4: e3800017 orr r0, r0, #23 ; 0x17 + 21c8: e129f000 msr CPSR_fc, r0 ; Abort + 21cc: e59fd244 ldr sp, [pc, #580] ; 0x2418 =0x81AF60 + 21d0: e10f0000 mrs r0, CPSR + 21d4: e3c0001f bic r0, r0, #31 ; 0x1f + 21d8: e380001b orr r0, r0, #27 ; 0x1b + 21dc: e129f000 msr CPSR_fc, r0 ; Undef + 21e0: e59fd230 ldr sp, [pc, #560] ; 0x2418 =0x81AF60 + 21e4: e10f0000 mrs r0, CPSR + 21e8: e3c0001f bic r0, r0, #31 ; 0x1f + 21ec: e3800013 orr r0, r0, #19 ; 0x13 + 21f0: e129f000 msr CPSR_fc, r0 ; SVC + 21f4: e1a04002 mov r4, r2 + 21f8: ebfff834 bl 0x2d0 ; 0x244 via veneer + 21fc: e1a02004 mov r2, r4 + 2200: e59f1208 ldr r1, [pc, #520] ; 0x2410 =0x800008 + 2204: e5910000 ldr r0, [r1] + 2208: e3a030fe mov r3, #254 ; 0xfe + 220c: e5c03000 strb r3, [r0] + 2210: e5c03001 strb r3, [r0, #1] + 2214: e5c03002 strb r3, [r0, #2] + 2218: e5c03003 strb r3, [r0, #3] + 221c: e4903004 ldr r3, [r0], #4 + 2220: e4803004 str r3, [r0], #4 + 2224: e1500002 cmp r0, r2 + 2228: bafffffc blt 0x2220 + 222c: e51f01dc ldr r0, [pc, #-476] ; 0x2058 =0x1FA00 + 2230: e3700001 cmn r0, #1 ; 0x1 + 2234: 1b000079 blne 0x2420 + 2238: e1a00002 mov r0, r2 + 223c: ebfff81d bl 0x2b8 + +<2240-23F7: not yet analyzed> + + 23f8: 00800004 + 23fc: 0081047c + 2400: 00800000 + 2404: 0081047c + 2408: 0081aff8 + 240c: 00800004 + 2410: 00800008 + 2414: 0080000c + 2418: 0081af60 + 241c: 0081af60 + +; TI's initialized data function + 2420: ea00000c b 0x2458 + 2424: e4901004 ldr r1, [r0], #4 + 2428: e3530003 cmp r3, #3 ; 0x3 + 242c: 84904004 ldrhi r4, [r0], #4 + 2430: 84814004 strhi r4, [r1], #4 + 2434: 82433004 subhi r3, r3, #4 ; 0x4 + 2438: 94d04001 ldrlsb r4, [r0], #1 + 243c: 94c14001 strlsb r4, [r1], #1 + 2440: 92433001 subls r3, r3, #1 ; 0x1 + 2444: e3530000 cmp r3, #0 ; 0x0 + 2448: 1afffff6 bne 0x2428 + 244c: e2103003 ands r3, r0, #3 ; 0x3 + 2450: 12633004 rsbne r3, r3, #4 ; 0x4 + 2454: 10800003 addne r0, r0, r3 + 2458: e4903004 ldr r3, [r0], #4 + 245c: e3530000 cmp r3, #0 ; 0x0 + 2460: 1affffef bne 0x2424 + 2464: e1a0f00e mov pc, lr + +<2468-24FF: all FFs> + + 2500: 00000000 + 2504: ffffffff + +2508: 0xAA88 bytes copied to IRAM +CF8F: last copied byte + +<CF90-1F9FF: all FFs> + +; initialized data table + 1fa00: 00000001 + 1fa04: 00810020 + 1fa08: c046c000 + + 1fa0c: 00000001 + 1fa10: 00810021 + 1fa14: c046c000 + + 1fa18: 00000004 + 1fa1c: 00810024 + 1fa20: 00000000 + + 1fa24: 0000000c + 1fa28: 0081006c + 1fa2c: 0081a4d0 + 1fa30: 0081a768 + 1fa34: 0081aa00 + + 1fa38: 00000002 + 1fa3c: 00810014 + 1fa40: 46c00000 + + 1fa44: 00000002 + 1fa48: 00810016 + 1fa4c: 46c00000 + + 1fa50: 00000001 + 1fa54: 00810018 + 1fa58: c046c000 + + 1fa5c: 00000001 + 1fa60: 00810019 + 1fa64: 000000bc + + 1fa68: 00000001 + 1fa6c: 00800000 + 1fa70: a0000000 + + 1fa74: 00000001 + 1fa78: 0081047c + 1fa7c: 00000000 + + 1fa80: 00000004 + 1fa84: 00810078 + 1fa88: 00000000 + + 1fa8c: 00000004 + 1fa90: 0081001c + 1fa94: 00000000 + 1fa98: 00000000 + +<1FA9C-2FFBF: all FFs> + +0002FFC0: 42 43 5F 44 39 31 30 2E 30 2E 31 36 00 00 00 00 BC_D910.0.16.... +0002FFD0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ +*
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/pirelli/preboot.notes Sun Feb 09 09:36:42 2014 +0000 @@ -0,0 +1,18 @@ +0xAA88 bytes are copied from 0x2508 to 0x810484 + +IRAM usage: + +800000: everything from here to 81047C is zeroed out +800004: 1 written here +800008: var set to bottom of SVC stack +80000C: var set to top of SVC stack +800010: 16-bit checksum of copy-to-RAM block, before copy +800012: 16-bit checksum of copy-to-RAM block, after copy +81047C: bottom of init stack (0x400 bytes) +810484: first byte used by copied code block +81AF0B: last byte "" +81AF60: initial SP for abort and undef +81AFF8: bottom of SVC stack +81B454: initial SVC SP +81B4D4: initial IRQ SP +81B6D4: initial FIQ SP