FreeCalypso > hg > freecalypso-sw
annotate target-utils/tf-breakin/payload.S @ 1012:93f4fc26b204
fc-shell: arbitrary send command implemented in one-shot mode
author | Mychaela Falconia <falcon@ivan.Harhan.ORG> |
---|---|
date | Sun, 20 Mar 2016 22:06:11 +0000 |
parents | 7166c8311b0d |
children |
rev | line source |
---|---|
356
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
1 .text |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
2 .org 0 |
983
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
356
diff
changeset
|
3 |
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
356
diff
changeset
|
4 @ allow entry in Thumb state |
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
356
diff
changeset
|
5 .code 16 |
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
356
diff
changeset
|
6 bx pc |
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
356
diff
changeset
|
7 nop |
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
356
diff
changeset
|
8 |
356
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
9 .code 32 |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
10 |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
11 @ set CPSR like mot931c payload does |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
12 msr CPSR_c, #0xd3 |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
13 @ disable the watchdog |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
14 ldr r1, =0xfffff802 |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
15 mov r0, #0xf5 |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
16 strh r0, [r1, #2] |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
17 mov r0, #0xa0 |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
18 strh r0, [r1, #2] |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
19 @ MODEM UART |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
20 ldr r6, =0xffff5800 |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
21 @ wait for any previous output to flush out |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
22 1: ldrb r0, [r6, #5] |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
23 tst r0, #0x20 |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
24 beq 1b |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
25 @ send our indication |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
26 adr r1, outstr |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
27 mov r2, #6 |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
28 1: ldrb r0, [r1], #1 |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
29 strb r0, [r6] |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
30 subs r2, r2, #1 |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
31 bne 1b |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
32 @ wait for this output to go out to the TxD pin |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
33 1: ldrb r0, [r6, #5] |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
34 tst r0, #0x40 |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
35 beq 1b |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
36 @ enable the Calypso boot ROM |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
37 ldr r1, =0xFFFFFB10 |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
38 mov r2, #0x0100 |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
39 strh r2, [r1] |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
40 @ jump to it! |
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
41 mov pc, #0 |
983
7166c8311b0d
tfc139 reworked to support both ARM and Thumb entry
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
356
diff
changeset
|
42 .ltorg |
356
4e0aa166baa5
target-utils/tf-breakin: payload written for the TF C139 break-in attempt
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
43 outstr: .byte 2,2,2,'O','K',2 |