FreeCalypso > hg > freecalypso-reveng
changeset 256:dbcfb097ffe1
pirelli/fw-disasm: pwr_cust battery type logic located and analyzed
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Tue, 26 Dec 2017 00:56:55 +0000 |
parents | 0f5a24acde3a |
children | 01030ff953a2 |
files | pirelli/fw-disasm |
diffstat | 1 files changed, 233 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/pirelli/fw-disasm Mon Dec 25 23:54:05 2017 +0000 +++ b/pirelli/fw-disasm Tue Dec 26 00:56:55 2017 +0000 @@ -1041,6 +1041,238 @@ 32dd14: bd10 pop {r4, pc} 32dd16: 46c0 nop (mov r8, r8) +$pwr_bat_10uA_temp_test_timer_process: + 32dd20: b510 push {r4, lr} + 32dd22: b082 sub sp, #8 + 32dd24: 4838 ldr r0, =0x1774e70 ; via 0x32de08 + 32dd26: 6800 ldr r0, [r0, #0] + 32dd28: 6840 ldr r0, [r0, #4] + 32dd2a: 2800 cmp r0, #0 + 32dd2c: d101 bne 0x32dd32 + 32dd2e: 2138 mov r1, #56 ; 0x38 + 32dd30: e048 b 0x32ddc4 + 32dd32: f000 faaf bl 0x32e294 + 32dd36: 2800 cmp r0, #0 + 32dd38: d164 bne 0x32de04 + 32dd3a: 4834 ldr r0, =0xa0020 ; via 0x32de0c + 32dd3c: 9000 str r0, [sp, #0] + 32dd3e: a0f2 add r0, pc, #968 ; 0x3c8 + 32dd40: 211e mov r1, #30 ; 0x1e + 32dd42: 2200 mov r2, #0 + 32dd44: 43d2 mvn r2, r2 + 32dd46: 2302 mov r3, #2 + 32dd48: f0ac ff74 bl 0x3dac34 + 32dd4c: 4c2e ldr r4, =0x1774e70 ; via 0x32de08 + 32dd4e: 6821 ldr r1, [r4, #0] + 32dd50: 2000 mov r0, #0 + 32dd52: 43c0 mvn r0, r0 + 32dd54: 8708 strh r0, [r1, #56] ; 0x38 + 32dd56: 2001 mov r0, #1 + 32dd58: 2128 mov r1, #40 ; 0x28 + 32dd5a: 2200 mov r2, #0 + 32dd5c: f01b fa56 bl 0x34920c + 32dd60: 2002 mov r0, #2 + 32dd62: f783 fd9c bl 0x2b189e + 32dd66: 2001 mov r0, #1 + 32dd68: 2128 mov r1, #40 ; 0x28 + 32dd6a: f01b fa76 bl 0x34925a + 32dd6e: 1c01 add r1, r0, #0 + 32dd70: 6822 ldr r2, [r4, #0] + 32dd72: 3238 add r2, #56 ; 0x38 + 32dd74: 2051 mov r0, #81 ; 0x51 + 32dd76: f7ff ff0b bl 0x32db90 + 32dd7a: 2800 cmp r0, #0 + 32dd7c: d12a bne 0x32ddd4 + 32dd7e: 2148 mov r1, #72 ; 0x48 + 32dd80: 6820 ldr r0, [r4, #0] + 32dd82: 5c08 ldrb r0, [r1, r0] + 32dd84: 2800 cmp r0, #0 + 32dd86: d125 bne 0x32ddd4 + 32dd88: 4820 ldr r0, =0xa0020 ; via 0x32de0c + 32dd8a: 9000 str r0, [sp, #0] + 32dd8c: a0e6 add r0, pc, #920 ; 0x398 + 32dd8e: 2129 mov r1, #41 ; 0x29 + 32dd90: 2200 mov r2, #0 + 32dd92: 43d2 mvn r2, r2 + 32dd94: 2302 mov r3, #2 + 32dd96: f0ac ff4d bl 0x3dac34 + 32dd9a: 2001 mov r0, #1 + 32dd9c: 2138 mov r1, #56 ; 0x38 + 32dd9e: 2201 mov r2, #1 + 32dda0: f01b fa34 bl 0x34920c + 32dda4: f7b4 faa3 bl 0x2e22ee + 32dda8: 4927 ldr r1, =0x1774b78 ; via 0x32de48 + 32ddaa: 2006 mov r0, #6 + 32ddac: 43c0 mvn r0, r0 + 32ddae: 8008 strh r0, [r1, #0] + 32ddb0: 2000 mov r0, #0 + 32ddb2: f067 f886 bl 0x394ec2 + 32ddb6: 2132 mov r1, #50 ; 0x32 + 32ddb8: 48d2 ldr r0, =0x1774e38 ; via 0x32e104 + 32ddba: 6800 ldr r0, [r0, #0] + 32ddbc: 5c08 ldrb r0, [r1, r0] + 32ddbe: 2800 cmp r0, #0 + 32ddc0: d105 bne 0x32ddce + 32ddc2: 213c mov r1, #60 ; 0x3c + 32ddc4: 2001 mov r0, #1 + 32ddc6: 2201 mov r2, #1 + 32ddc8: f01b fa20 bl 0x34920c + 32ddcc: e01a b 0x32de04 + 32ddce: f085 fef0 bl 0x3b3bb2 + 32ddd2: e017 b 0x32de04 + 32ddd4: 2001 mov r0, #1 + 32ddd6: 2138 mov r1, #56 ; 0x38 + 32ddd8: 2201 mov r2, #1 + 32ddda: f01b fa17 bl 0x34920c + 32ddde: 6820 ldr r0, [r4, #0] + 32dde0: 6840 ldr r0, [r0, #4] + 32dde2: 2802 cmp r0, #2 + 32dde4: d00c beq 0x32de00 + 32dde6: 2803 cmp r0, #3 + 32dde8: d007 beq 0x32ddfa + 32ddea: 2801 cmp r0, #1 + 32ddec: d002 beq 0x32ddf4 + 32ddee: f083 fc67 bl 0x3b16c0 + 32ddf2: e007 b 0x32de04 + 32ddf4: f7b4 fab2 bl 0x2e235c + 32ddf8: e004 b 0x32de04 + 32ddfa: f7b4 fe8b bl 0x2e2b14 + 32ddfe: e001 b 0x32de04 + 32de00: f7b4 fd1a bl 0x2e2838 + 32de04: b002 add sp, #8 + 32de06: bd10 pop {r4, pc} + +$pwr_get_battery_type: + 32de10: b570 push {r4, r5, r6, lr} + 32de12: 48f0 ldr r0, =0x1774e70 ; via 0x32e1d4 + 32de14: 6801 ldr r1, [r0, #0] +; half-word at offset 0x40 = 0 + 32de16: 2340 mov r3, #64 ; 0x40 + 32de18: 2200 mov r2, #0 + 32de1a: 525a strh r2, [r3, r1] +; word at offset 0x44 = 0 + 32de1c: 2400 mov r4, #0 + 32de1e: 644c str r4, [r1, #68] ; 0x44 + 32de20: 4d09 ldr r5, =0x1774b78 ; via 0x32de48 + 32de22: 6806 ldr r6, [r0, #0] + 32de24: 88a8 ldrh r0, [r5, #4] + 32de26: f000 f8e2 bl 0x32dfee +; initial % written into 16-bit var at offset 0x3e + 32de2a: 87f0 strh r0, [r6, #62] ; 0x3e +; pwr_env_ctrl_blk->timer0_state = BATTERY_TYPE_TEST; + 32de2c: 6334 str r4, [r6, #48] ; 0x30 +; THEN_50uA written into BCICTL1 + 32de2e: 2001 mov r0, #1 + 32de30: 2138 mov r1, #56 ; 0x38 + 32de32: 2261 mov r2, #97 ; 0x61 + 32de34: f01b f9ea bl 0x34920c ; $ABB_Write_Register_on_page +; TIMER0 set to 300 ms + 32de38: 2000 mov r0, #0 + 32de3a: 2141 mov r1, #65 ; 0x41 + 32de3c: 2200 mov r2, #0 + 32de3e: f7fd f81b bl 0x32ae78 ; $rvf_start_timer +; 0 into error code var + 32de42: 2000 mov r0, #0 + 32de44: 8028 strh r0, [r5, #0] + 32de46: bd70 pop {r4, r5, r6, pc} + +$pwr_type_test_timer_process: + 32df04: b510 push {r4, lr} + 32df06: b082 sub sp, #8 + 32df08: 48e1 ldr r0, =0xa0020 ; via 0x32e290 + 32df0a: 9000 str r0, [sp, #0] + 32df0c: a0d6 add r0, pc, #856 ; 0x358 + 32df0e: 2119 mov r1, #25 ; 0x19 + 32df10: 2200 mov r2, #0 + 32df12: 43d2 mvn r2, r2 + 32df14: 2302 mov r3, #2 + 32df16: f0ac fe8d bl 0x3dac34 +; write 0 into ADIN2REG + 32df1a: 2001 mov r0, #1 + 32df1c: 2128 mov r1, #40 ; 0x28 + 32df1e: 2200 mov r2, #0 + 32df20: f01b f974 bl 0x34920c ; $ABB_Write_Register_on_page +; delay 2 ticks + 32df24: 2002 mov r0, #2 + 32df26: f783 fcba bl 0x2b189e ; rvf_delay() +; now read ADIN2REG + 32df2a: 2001 mov r0, #1 + 32df2c: 2128 mov r1, #40 ; 0x28 + 32df2e: f01b f994 bl 0x34925a ; $ABB_Read_Register_on_page + 32df32: 1c04 add r4, r0, #0 +; "bat type" trace + 32df34: 48d6 ldr r0, =0xa0020 ; via 0x32e290 + 32df36: 9000 str r0, [sp, #0] + 32df38: a0d2 add r0, pc, #840 ; 0x348 + 32df3a: 2108 mov r1, #8 + 32df3c: 1c22 add r2, r4, #0 + 32df3e: 2302 mov r3, #2 + 32df40: f0ac fe78 bl 0x3dac34 +; BCICTL1 write turns off current source + 32df44: 2001 mov r0, #1 + 32df46: 2138 mov r1, #56 ; 0x38 + 32df48: 2201 mov r2, #1 + 32df4a: f01b f95f bl 0x34920c + 32df4e: 2c81 cmp r4, #129 ; 0x81 + 32df50: db03 blt 0x32df5a + 32df52: 202d mov r0, #45 ; 0x2d + 32df54: 0100 lsl r0, r0, #4 + 32df56: 4284 cmp r4, r0 + 32df58: dd26 ble 0x32dfa8 +; bad result + 32df5a: 489e ldr r0, =0x1774e70 ; via 0x32e1d4 + 32df5c: 6800 ldr r0, [r0, #0] + 32df5e: 2148 mov r1, #72 ; 0x48 + 32df60: 5c09 ldrb r1, [r1, r0] + 32df62: 2901 cmp r1, #1 + 32df64: d020 beq 0x32dfa8 + 32df66: 2101 mov r1, #1 + 32df68: 6341 str r1, [r0, #52] ; 0x34 + 32df6a: 48c9 ldr r0, =0xa0020 ; via 0x32e290 + 32df6c: 9000 str r0, [sp, #0] + 32df6e: a0eb add r0, pc, #940 ; 0x3ac + 32df70: 2110 mov r1, #16 ; 0x10 + 32df72: 2200 mov r2, #0 + 32df74: 43d2 mvn r2, r2 + 32df76: 2302 mov r3, #2 + 32df78: f0ac fe5c bl 0x3dac34 + 32df7c: 48e6 ldr r0, =0x1774b78 ; via 0x32e318 + 32df7e: 2100 mov r1, #0 + 32df80: 43c9 mvn r1, r1 + 32df82: 8001 strh r1, [r0, #0] + 32df84: 2003 mov r0, #3 + 32df86: f066 ff9c bl 0x394ec2 + 32df8a: 2032 mov r0, #50 ; 0x32 + 32df8c: 495d ldr r1, =0x1774e38 ; via 0x32e104 + 32df8e: 6809 ldr r1, [r1, #0] + 32df90: 5c40 ldrb r0, [r0, r1] + 32df92: 2800 cmp r0, #0 + 32df94: d105 bne 0x32dfa2 + 32df96: 2001 mov r0, #1 + 32df98: 213c mov r1, #60 ; 0x3c + 32df9a: 2201 mov r2, #1 + 32df9c: f01b f936 bl 0x34920c + 32dfa0: e011 b 0x32dfc6 + 32dfa2: f085 fe06 bl 0x3b3bb2 + 32dfa6: e00e b 0x32dfc6 +; good result + 32dfa8: 488a ldr r0, =0x1774e70 ; via 0x32e1d4 + 32dfaa: 6801 ldr r1, [r0, #0] + 32dfac: 2000 mov r0, #0 + 32dfae: 6348 str r0, [r1, #52] ; 0x34 + 32dfb0: 48b7 ldr r0, =0xa0020 ; via 0x32e290 + 32dfb2: 9000 str r0, [sp, #0] + 32dfb4: a0de add r0, pc, #888 ; 0x378 + 32dfb6: 2106 mov r1, #6 + 32dfb8: 2200 mov r2, #0 + 32dfba: 43d2 mvn r2, r2 + 32dfbc: 2302 mov r3, #2 + 32dfbe: f0ac fe39 bl 0x3dac34 + 32dfc2: f7b4 f9ed bl 0x2e23a0 ; $pwr_battery_qualification + 32dfc6: b002 add sp, #8 + 32dfc8: bd10 pop {r4, pc} + 32dfca: 46c0 nop (mov r8, r8) + ; The following function computes the battery remaining % number ; from the battery mV passed in R0. It first increases the mV value ; by a factor that depends on the system current draw (it appears @@ -2348,7 +2580,7 @@ 3a15cc: 2003 mov r0, #3 3a15ce: f789 fcc9 bl 0x32af64 ; $rvf_stop_timer 3a15d2: f7f3 fb5d bl 0x394c90 ; $pwr_send_charger_plug_event ? - 3a15d6: f78c fc1b bl 0x32de10 ; $pwr_get_battery_type ? + 3a15d6: f78c fc1b bl 0x32de10 ; $pwr_get_battery_type 3a15da: bd00 pop {pc} $PWR_Charger_Unplug: