FreeCalypso > hg > freecalypso-reveng
view pirelli/firmware @ 408:14302e075f37 default tip
hr-bits: further conditionalize SID-1-diff
| author | Mychaela Falconia <falcon@freecalypso.org> | 
|---|---|
| date | Mon, 22 Jul 2024 10:06:38 +0000 | 
| parents | 277fd7b971f0 | 
| children | 
line wrap: on
 line source
Following on the success of our match of moko11 disassembly against some known objects (see ../moko11), let's try doing the same thing with Pirelli's fw. Let's see if the code in Pirelli's fw at 0x40000 matches .inttext from TI's int.obj: so far, so good! Let's see how far we can get: 040000: beginning of match with .inttext in TI's int.obj 040268: b 0x3f6b40, should be a jump to the _INC_Initialize veneer 3BB7D4: first function called from Application_Initialize() the logic of Init_Target() is recognizable, but it's a modified version, not the same object blob as we have the setup of memory timings matches that done by OsmocomBB! 3F11F8: this should be Application_Initialize() differences begin: instead of 6 function calls, there are 12, with one of them conditionalized on the return value of the previous 3F3E74: expecting to see $INC_Initialize here - yes! 3F6B40: looks like an ARM->Thumb call veneer indeed 3F6B4C: Thumb code begins, does bl 0x3f3e74 3F6B54: back to ARM, veneer return data objects: 01775048: INC_Initialize state variable
