# HG changeset patch # User Mychaela Falconia # Date 1667697223 0 # Node ID 6c31d8c54ae46613cec2dc39a74e31688da633a3 # Parent 35009c936a4add95c87ab6995f75f65681e683db se_k200i: preliminary analysis diff -r 35009c936a4a -r 6c31d8c54ae4 se_k200i/README --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/se_k200i/README Sun Nov 06 01:13:43 2022 +0000 @@ -0,0 +1,63 @@ +In 2022-10 Vadim Yanitskiy discovered the existence of a previously unknown +family of Calypso phones: Sony Ericsson K200/K220, usually with 'i' suffix. +The only diff between K200 and K220 appears to be the FM radio receiver +(present on K220, unpopulated PCB footprints on K200), whereas the suffix letter +indicates GSM frequency bands: 'i' for 900+1800 MHz, 'a' for 850+1900 MHz. + +As of this writing (early 2022-11) Vadim and steve-m appear to be working on +adding support for this phone model to their beloved pet OsmocomBB. In +contrast, I (Mother Mychaela) currently have no plans to add support for this +phone model to FreeCalypso fw: it is not an interesting target for the purpose +of turning it into a liberated end user phone by way of FC fw (for one thing, +K200a or K220a phones with North American frequency bands appear to be +unobtainium), and we don't need yet another alien phone running voice +pseudo-modem firmware. + +However, I am gathering some notes about K200/220 hw and original fw in this +directory, for two reasons: + +1) To provide better guidance to Vadim in his quest to support this weird phone + model in his beloved pet project; + +2) To gather knowledge in case the situation changes and a use case does arise + for porting our FreeCalypso fw to this target. + +If anyone does fancy the idea of running FreeCalypso fw on these SE K200/220 +phones, even if only as an experiment, the primary pain points will be mostly +the same as with any other alien phone: + +* Like with almost every other alien Calypso device (phone or modem), the FFS + maintained by the original fw is not directly suitable as-is for FreeCalypso, + i.e., sharing the same FFS between original fw and FC, freely going back and + forth in fw with the same FFS, would be a bad idea. Therefore, we would have + to decide whether to put our own FFS (with different content) in the same + sectors as the original, perhaps even produced from the original with our FFS + editor tool, or to put our aftermarket fw FFS in some other sector location. + +* In the case of Pirelli DP-L10 we were lucky to find an area of flash which + the original fw leaves unused and untouched in the vast majority of use cases + (staging area for OTA fw updates, unused at all other times), thus we could + put our separate-from-original FFS instance there. This separate FFS + arrangement is what allows our FC fw on the Pirelli to be run via fc-xram, + without flashing. But we don't have the same luck on K200/220: looking at + flash dumps, there does not appear to be any area that is totally unused and + could be repurposed for aftermarket fw FFS without disturbing the original fw. + Therefore, we won't have the option of non-invasive run-from-RAM operation, + and we would have to flash our fw instead, like on Mot C1xx. + +* The requirement of having to flash our fw, as opposed to running from RAM, + combines badly with the lack of phone UI functionality in voice pseudo-modem + fw: a phone that appears completely dead to the user but speaks some special + binary protocol on the UART when you press the PWON button feels extremely + weird and unnatural. + +* Having to flash our fw also means that we would need to either implement + battery charging in our fw (requiring thorough reverse eng of charging + specifics on this model) or use another phone (running original fw) to charge + batteries, moving batteries back and forth between phones. + +All of the above factors, which apply to *any* alien (meaning not FC-made) phone +model, should make it clear why running our fw on alien Calypso phones is no +longer the direction of interest in FreeCalypso - instead we need to focus on +our own FreeCalypso hardware with phone handset functionality, starting with +FC Venus. diff -r 35009c936a4a -r 6c31d8c54ae4 se_k200i/boot-disasm --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/se_k200i/boot-disasm Sun Nov 06 01:13:43 2022 +0000 @@ -0,0 +1,2310 @@ +; SE K200i firmware structure includes a very complicated bootloader stage +; of their own, sitting at the beginning of the boot flash bank and executing +; from ARM7TDMI reset vector after Calypso boot ROM has provided its +; interrupt-boot window and moved itself out of the way per the control word +; at 0x2000. This custom bootloader stage appears to provide its own UART +; interrupt-boot mechanism, possibly a replica of either our familiar Calypso +; boot ROM protocol or perhaps the later Calypso+ secure boot one, and if no +; serial entry happens, this bootloader stage transfers control to the main +; fw image at 0x20000 - but not before doing some checks first! See +; flash-notes for the description of magic areas, including the IMEI, that are +; checked before the main part of the fw is allowed to boot. + + 0: ea000492 b 0x1250 + 4: ea1ffffe b 0x800004 + 8: ea1ffffe b 0x800008 + c: ea1ffffe b 0x80000c + 10: ea1ffffe b 0x800010 + 14: ea1ffffe b 0x800014 + 18: ea1ffffe b 0x800018 + 1c: ea1ffffe b 0x80001c + + 20: eae00492 b 0xff801270 + 24: e1a00000 mov r0, r0 + 28: e1a00000 mov r0, r0 + 2c: e1a00000 mov r0, r0 + 30: e1a00000 mov r0, r0 + 34: e1a00000 mov r0, r0 + 38: e1a00000 mov r0, r0 + 3c: e1a00000 mov r0, r0 + + 40: b083 sub sp, #12 ; 0xc + 42: 9101 str r1, [sp, #4] + 44: 9000 str r0, [sp, #0] + 46: 2000 mov r0, #0 + 48: 9002 str r0, [sp, #8] + 4a: 9802 ldr r0, [sp, #8] + 4c: 2808 cmp r0, #8 + 4e: da09 bge 0x64 + 50: 9a02 ldr r2, [sp, #8] + 52: 9801 ldr r0, [sp, #4] + 54: 2100 mov r1, #0 + 56: 5411 strb r1, [r2, r0] + 58: 9802 ldr r0, [sp, #8] + 5a: 3001 add r0, #1 + 5c: 9002 str r0, [sp, #8] + 5e: 9802 ldr r0, [sp, #8] + 60: 2808 cmp r0, #8 + 62: dbf5 blt 0x50 + 64: 2000 mov r0, #0 + 66: 9002 str r0, [sp, #8] + 68: 9802 ldr r0, [sp, #8] + 6a: 2810 cmp r0, #16 ; 0x10 + 6c: db00 blt 0x70 + 6e: e088 b 0x182 + 70: 9902 ldr r1, [sp, #8] + 72: 9800 ldr r0, [sp, #0] + 74: 5c08 ldrb r0, [r1, r0] + 76: 2830 cmp r0, #48 ; 0x30 + 78: db26 blt 0xc8 + 7a: 9902 ldr r1, [sp, #8] + 7c: 9800 ldr r0, [sp, #0] + 7e: 5c08 ldrb r0, [r1, r0] + 80: 2839 cmp r0, #57 ; 0x39 + 82: dc21 bgt 0xc8 + 84: 9802 ldr r0, [sp, #8] + 86: 0fc1 lsr r1, r0, #31 + 88: 1809 add r1, r1, r0 + 8a: 0849 lsr r1, r1, #1 + 8c: 0049 lsl r1, r1, #1 + 8e: 1a40 sub r0, r0, r1 + 90: 2800 cmp r0, #0 + 92: d00d beq 0xb0 + 94: 9802 ldr r0, [sp, #8] + 96: 1e40 sub r0, r0, #1 + 98: 0fc1 lsr r1, r0, #31 + 9a: 1808 add r0, r1, r0 + 9c: 1041 asr r1, r0, #1 + 9e: 9801 ldr r0, [sp, #4] + a0: 1808 add r0, r1, r0 + a2: 9a02 ldr r2, [sp, #8] + a4: 9900 ldr r1, [sp, #0] + a6: 5c51 ldrb r1, [r2, r1] + a8: 7802 ldrb r2, [r0, #0] + aa: 1889 add r1, r1, r2 + ac: 3930 sub r1, #48 ; 0x30 + ae: e054 b 0x15a + b0: 9802 ldr r0, [sp, #8] + b2: 0fc1 lsr r1, r0, #31 + b4: 1808 add r0, r1, r0 + b6: 1042 asr r2, r0, #1 + b8: 9b02 ldr r3, [sp, #8] + ba: 9800 ldr r0, [sp, #0] + bc: 5c18 ldrb r0, [r3, r0] + be: 3830 sub r0, #48 ; 0x30 + c0: 0100 lsl r0, r0, #4 + c2: 9901 ldr r1, [sp, #4] + c4: 5450 strb r0, [r2, r1] + c6: e055 b 0x174 + c8: 9902 ldr r1, [sp, #8] + ca: 9800 ldr r0, [sp, #0] + cc: 5c08 ldrb r0, [r1, r0] + ce: 2861 cmp r0, #97 ; 0x61 + d0: db24 blt 0x11c + d2: 9902 ldr r1, [sp, #8] + d4: 9800 ldr r0, [sp, #0] + d6: 5c08 ldrb r0, [r1, r0] + d8: 287a cmp r0, #122 ; 0x7a + da: dc1f bgt 0x11c + dc: 9802 ldr r0, [sp, #8] + de: 0fc1 lsr r1, r0, #31 + e0: 1809 add r1, r1, r0 + e2: 0849 lsr r1, r1, #1 + e4: 0049 lsl r1, r1, #1 + e6: 1a40 sub r0, r0, r1 + e8: 2800 cmp r0, #0 + ea: d00e beq 0x10a + ec: 9802 ldr r0, [sp, #8] + ee: 1e40 sub r0, r0, #1 + f0: 0fc1 lsr r1, r0, #31 + f2: 1808 add r0, r1, r0 + f4: 1040 asr r0, r0, #1 + f6: 9901 ldr r1, [sp, #4] + f8: 1841 add r1, r0, r1 + fa: 9a02 ldr r2, [sp, #8] + fc: 9800 ldr r0, [sp, #0] + fe: 5c12 ldrb r2, [r2, r0] + 100: 7808 ldrb r0, [r1, #0] + 102: 1810 add r0, r2, r0 + 104: 3857 sub r0, #87 ; 0x57 + 106: 7008 strb r0, [r1, #0] + 108: e034 b 0x174 + 10a: 9802 ldr r0, [sp, #8] + 10c: 0fc1 lsr r1, r0, #31 + 10e: 1808 add r0, r1, r0 + 110: 1042 asr r2, r0, #1 + 112: 9802 ldr r0, [sp, #8] + 114: 9b00 ldr r3, [sp, #0] + 116: 5cc0 ldrb r0, [r0, r3] + 118: 3857 sub r0, #87 ; 0x57 + 11a: e7d1 b 0xc0 + 11c: 9802 ldr r0, [sp, #8] + 11e: 9900 ldr r1, [sp, #0] + 120: 5c40 ldrb r0, [r0, r1] + 122: 2841 cmp r0, #65 ; 0x41 + 124: db26 blt 0x174 + 126: 9802 ldr r0, [sp, #8] + 128: 9900 ldr r1, [sp, #0] + 12a: 5c40 ldrb r0, [r0, r1] + 12c: 285a cmp r0, #90 ; 0x5a + 12e: dc21 bgt 0x174 + 130: 9802 ldr r0, [sp, #8] + 132: 0fc1 lsr r1, r0, #31 + 134: 1809 add r1, r1, r0 + 136: 0849 lsr r1, r1, #1 + 138: 0049 lsl r1, r1, #1 + 13a: 1a40 sub r0, r0, r1 + 13c: 2800 cmp r0, #0 + 13e: d00e beq 0x15e + 140: 9802 ldr r0, [sp, #8] + 142: 1e40 sub r0, r0, #1 + 144: 0fc1 lsr r1, r0, #31 + 146: 1808 add r0, r1, r0 + 148: 1041 asr r1, r0, #1 + 14a: 9801 ldr r0, [sp, #4] + 14c: 1808 add r0, r1, r0 + 14e: 9a02 ldr r2, [sp, #8] + 150: 9900 ldr r1, [sp, #0] + 152: 5c51 ldrb r1, [r2, r1] + 154: 7802 ldrb r2, [r0, #0] + 156: 1889 add r1, r1, r2 + 158: 3937 sub r1, #55 ; 0x37 + 15a: 7001 strb r1, [r0, #0] + 15c: e00a b 0x174 + 15e: 9802 ldr r0, [sp, #8] + 160: 0fc1 lsr r1, r0, #31 + 162: 1808 add r0, r1, r0 + 164: 1043 asr r3, r0, #1 + 166: 9a01 ldr r2, [sp, #4] + 168: 9902 ldr r1, [sp, #8] + 16a: 9800 ldr r0, [sp, #0] + 16c: 5c08 ldrb r0, [r1, r0] + 16e: 3837 sub r0, #55 ; 0x37 + 170: 0100 lsl r0, r0, #4 + 172: 5498 strb r0, [r3, r2] + 174: 9802 ldr r0, [sp, #8] + 176: 3001 add r0, #1 + 178: 9002 str r0, [sp, #8] + 17a: 9802 ldr r0, [sp, #8] + 17c: 2810 cmp r0, #16 ; 0x10 + 17e: da00 bge 0x182 + 180: e776 b 0x70 + 182: b003 add sp, #12 ; 0xc + 184: 4770 bx lr + + 186: b500 push {lr} + 188: b084 sub sp, #16 ; 0x10 + 18a: 2000 mov r0, #0 + 18c: 9000 str r0, [sp, #0] + 18e: a0d8 add r0, pc, #864 ; 0x360 + 190: 2101 mov r1, #1 + 192: 4aea ldr r2, =0x1000010 ; via 0x53c + 194: 7812 ldrb r2, [r2, #0] + 196: f000 fef8 bl 0xf8a + 19a: 9800 ldr r0, [sp, #0] + 19c: 2832 cmp r0, #50 ; 0x32 + 19e: da1a bge 0x1d6 + 1a0: a801 add r0, sp, #4 + 1a2: 49e6 ldr r1, =0x1000010 ; via 0x53c + 1a4: 7809 ldrb r1, [r1, #0] + 1a6: f000 ff71 bl 0x108c + 1aa: 4668 mov r0, sp + 1ac: 7900 ldrb r0, [r0, #4] + 1ae: 2843 cmp r0, #67 ; 0x43 + 1b0: d10b bne 0x1ca + 1b2: a0d0 add r0, pc, #832 ; 0x340 + 1b4: a902 add r1, sp, #8 + 1b6: f7ff ff43 bl 0x40 + 1ba: a802 add r0, sp, #8 + 1bc: 2108 mov r1, #8 + 1be: 4adf ldr r2, =0x1000010 ; via 0x53c + 1c0: 7812 ldrb r2, [r2, #0] + 1c2: f000 fee2 bl 0xf8a + 1c6: 2001 mov r0, #1 + 1c8: e006 b 0x1d8 + 1ca: 9800 ldr r0, [sp, #0] + 1cc: 3001 add r0, #1 + 1ce: 9000 str r0, [sp, #0] + 1d0: 9800 ldr r0, [sp, #0] + 1d2: 2832 cmp r0, #50 ; 0x32 + 1d4: dbe4 blt 0x1a0 + 1d6: 2000 mov r0, #0 + 1d8: b004 add sp, #16 ; 0x10 + 1da: bd00 pop {pc} + + 1dc: 49ca ldr r1, =0xfffff804 ; via 0x508 + 1de: 2001 mov r0, #1 + 1e0: 03c0 lsl r0, r0, #15 + 1e2: 8008 strh r0, [r1, #0] + 1e4: 49c9 ldr r1, =0xfffff800 ; via 0x50c + 1e6: 2080 mov r0, #128 ; 0x80 + 1e8: 8008 strh r0, [r1, #0] + 1ea: 48c9 ldr r0, =0xfffff802 ; via 0x510 + 1ec: 8800 ldrh r0, [r0, #0] + 1ee: 48c8 ldr r0, =0xfffff802 ; via 0x510 + 1f0: 2101 mov r1, #1 + 1f2: 8001 strh r1, [r0, #0] + 1f4: 8800 ldrh r0, [r0, #0] + 1f6: e7fe b 0x1f6 + + 1f8: b081 sub sp, #4 + 1fa: 4669 mov r1, sp + 1fc: 7008 strb r0, [r1, #0] + 1fe: 4668 mov r0, sp + 200: 7809 ldrb r1, [r1, #0] + 202: 0709 lsl r1, r1, #28 + 204: 0f09 lsr r1, r1, #28 + 206: 0049 lsl r1, r1, #1 + 208: 7041 strb r1, [r0, #1] + 20a: 7840 ldrb r0, [r0, #1] + 20c: 280a cmp r0, #10 ; 0xa + 20e: da01 bge 0x214 + 210: 2000 mov r0, #0 + 212: e000 b 0x216 + 214: 2009 mov r0, #9 + 216: 4669 mov r1, sp + 218: 7849 ldrb r1, [r1, #1] + 21a: 1a09 sub r1, r1, r0 + 21c: 4668 mov r0, sp + 21e: 7041 strb r1, [r0, #1] + 220: 7800 ldrb r0, [r0, #0] + 222: 0900 lsr r0, r0, #4 + 224: 0700 lsl r0, r0, #28 + 226: 0f01 lsr r1, r0, #28 + 228: 4668 mov r0, sp + 22a: 7840 ldrb r0, [r0, #1] + 22c: 1808 add r0, r1, r0 + 22e: 0600 lsl r0, r0, #24 + 230: 0e00 lsr r0, r0, #24 + 232: b001 add sp, #4 + 234: 4770 bx lr + + 236: b500 push {lr} + 238: b081 sub sp, #4 + 23a: 4669 mov r1, sp + 23c: 2000 mov r0, #0 + 23e: 7008 strb r0, [r1, #0] + 240: 2001 mov r0, #1 + 242: 0400 lsl r0, r0, #16 + 244: 7800 ldrb r0, [r0, #0] + 246: f7ff ffd7 bl 0x1f8 + 24a: 4669 mov r1, sp + 24c: 7809 ldrb r1, [r1, #0] + 24e: 1841 add r1, r0, r1 + 250: 4668 mov r0, sp + 252: 7001 strb r1, [r0, #0] + 254: 48dd ldr r0, =0x10001 ; via 0x5cc + 256: 7800 ldrb r0, [r0, #0] + 258: f7ff ffce bl 0x1f8 + 25c: 4669 mov r1, sp + 25e: 7809 ldrb r1, [r1, #0] + 260: 1841 add r1, r0, r1 + 262: 4668 mov r0, sp + 264: 7001 strb r1, [r0, #0] + 266: 48da ldr r0, =0x10002 ; via 0x5d0 + 268: 7800 ldrb r0, [r0, #0] + 26a: f7ff ffc5 bl 0x1f8 + 26e: 4669 mov r1, sp + 270: 7809 ldrb r1, [r1, #0] + 272: 1841 add r1, r0, r1 + 274: 4668 mov r0, sp + 276: 7001 strb r1, [r0, #0] + 278: 48d6 ldr r0, =0x10003 ; via 0x5d4 + 27a: 7800 ldrb r0, [r0, #0] + 27c: f7ff ffbc bl 0x1f8 + 280: 4669 mov r1, sp + 282: 7809 ldrb r1, [r1, #0] + 284: 1840 add r0, r0, r1 + 286: 4669 mov r1, sp + 288: 7008 strb r0, [r1, #0] + 28a: 48d3 ldr r0, =0x10004 ; via 0x5d8 + 28c: 7800 ldrb r0, [r0, #0] + 28e: f7ff ffb3 bl 0x1f8 + 292: 4669 mov r1, sp + 294: 7809 ldrb r1, [r1, #0] + 296: 1841 add r1, r0, r1 + 298: 4668 mov r0, sp + 29a: 7001 strb r1, [r0, #0] + 29c: 48cf ldr r0, =0x10005 ; via 0x5dc + 29e: 7800 ldrb r0, [r0, #0] + 2a0: f7ff ffaa bl 0x1f8 + 2a4: 4669 mov r1, sp + 2a6: 7809 ldrb r1, [r1, #0] + 2a8: 1841 add r1, r0, r1 + 2aa: 4668 mov r0, sp + 2ac: 7001 strb r1, [r0, #0] + 2ae: 48cc ldr r0, =0x10006 ; via 0x5e0 + 2b0: 7800 ldrb r0, [r0, #0] + 2b2: f7ff ffa1 bl 0x1f8 + 2b6: 4669 mov r1, sp + 2b8: 7809 ldrb r1, [r1, #0] + 2ba: 1841 add r1, r0, r1 + 2bc: 4668 mov r0, sp + 2be: 7001 strb r1, [r0, #0] + 2c0: 7800 ldrb r0, [r0, #0] + 2c2: 210a mov r1, #10 ; 0xa + 2c4: f000 ff1a bl 0x10fc + 2c8: 210a mov r1, #10 ; 0xa + 2ca: 1a08 sub r0, r1, r0 + 2cc: 4669 mov r1, sp + 2ce: 7048 strb r0, [r1, #1] + 2d0: 4668 mov r0, sp + 2d2: 7840 ldrb r0, [r0, #1] + 2d4: 280a cmp r0, #10 ; 0xa + 2d6: d101 bne 0x2dc + 2d8: 2000 mov r0, #0 + 2da: e001 b 0x2e0 + 2dc: 4668 mov r0, sp + 2de: 7840 ldrb r0, [r0, #1] + 2e0: 4669 mov r1, sp + 2e2: 7048 strb r0, [r1, #1] + 2e4: 4668 mov r0, sp + 2e6: 7840 ldrb r0, [r0, #1] + 2e8: b001 add sp, #4 + 2ea: bd00 pop {pc} + + 2ec: b500 push {lr} + 2ee: b082 sub sp, #8 + 2f0: 9000 str r0, [sp, #0] + 2f2: 2000 mov r0, #0 + 2f4: 9001 str r0, [sp, #4] + 2f6: 9801 ldr r0, [sp, #4] + 2f8: 280e cmp r0, #14 ; 0xe + 2fa: da1f bge 0x33c + 2fc: 9801 ldr r0, [sp, #4] + 2fe: 0fc1 lsr r1, r0, #31 + 300: 1808 add r0, r1, r0 + 302: 1041 asr r1, r0, #1 + 304: 2001 mov r0, #1 + 306: 0400 lsl r0, r0, #16 + 308: 5c40 ldrb r0, [r0, r1] + 30a: 0900 lsr r0, r0, #4 + 30c: 3030 add r0, #48 ; 0x30 + 30e: 9a01 ldr r2, [sp, #4] + 310: 9900 ldr r1, [sp, #0] + 312: 5450 strb r0, [r2, r1] + 314: 9801 ldr r0, [sp, #4] + 316: 0fc1 lsr r1, r0, #31 + 318: 1808 add r0, r1, r0 + 31a: 1040 asr r0, r0, #1 + 31c: 2101 mov r1, #1 + 31e: 0409 lsl r1, r1, #16 + 320: 5c08 ldrb r0, [r1, r0] + 322: 0700 lsl r0, r0, #28 + 324: 0f00 lsr r0, r0, #28 + 326: 3030 add r0, #48 ; 0x30 + 328: 9a01 ldr r2, [sp, #4] + 32a: 9900 ldr r1, [sp, #0] + 32c: 1851 add r1, r2, r1 + 32e: 7048 strb r0, [r1, #1] + 330: 9801 ldr r0, [sp, #4] + 332: 3002 add r0, #2 + 334: 9001 str r0, [sp, #4] + 336: 9801 ldr r0, [sp, #4] + 338: 280e cmp r0, #14 ; 0xe + 33a: dbdf blt 0x2fc + 33c: f7ff ff7b bl 0x236 + 340: 3030 add r0, #48 ; 0x30 + 342: 9900 ldr r1, [sp, #0] + 344: 7388 strb r0, [r1, #14] ; 0xe + 346: b002 add sp, #8 + 348: bd00 pop {pc} + + 34a: b500 push {lr} + 34c: b08c sub sp, #48 ; 0x30 + 34e: 4668 mov r0, sp + 350: 497a ldr r1, =0x1000010 ; via 0x53c + 352: 7809 ldrb r1, [r1, #0] + 354: f000 fe4a bl 0xfec + 358: e0a7 b 0x4aa + 35a: a066 add r0, pc, #408 ; 0x198 + 35c: a901 add r1, sp, #4 + 35e: f7ff fe6f bl 0x40 + 362: 2108 mov r1, #8 + 364: e08e b 0x484 + 366: a091 add r0, pc, #580 ; 0x244 + 368: 211e mov r1, #30 ; 0x1e + 36a: e099 b 0x4a0 + 36c: a801 add r0, sp, #4 + 36e: f7ff ffbd bl 0x2ec + 372: 210f mov r1, #15 ; 0xf + 374: e086 b 0x484 + 376: 489b ldr r0, =0x422024 ; via 0x5e4 + 378: 9009 str r0, [sp, #36] ; 0x24 + 37a: 2000 mov r0, #0 + 37c: e007 b 0x38e + 37e: 990a ldr r1, [sp, #40] ; 0x28 + 380: 9809 ldr r0, [sp, #36] ; 0x24 + 382: 5c08 ldrb r0, [r1, r0] + 384: 990a ldr r1, [sp, #40] ; 0x28 + 386: aa01 add r2, sp, #4 + 388: 5450 strb r0, [r2, r1] + 38a: 980a ldr r0, [sp, #40] ; 0x28 + 38c: 3001 add r0, #1 + 38e: 900a str r0, [sp, #40] ; 0x28 + 390: 990a ldr r1, [sp, #40] ; 0x28 + 392: 9809 ldr r0, [sp, #36] ; 0x24 + 394: 5c08 ldrb r0, [r1, r0] + 396: 2800 cmp r0, #0 + 398: d002 beq 0x3a0 + 39a: 980a ldr r0, [sp, #40] ; 0x28 + 39c: 281a cmp r0, #26 ; 0x1a + 39e: dbee blt 0x37e + 3a0: 9a0a ldr r2, [sp, #40] ; 0x28 + 3a2: 2020 mov r0, #32 ; 0x20 + 3a4: a901 add r1, sp, #4 + 3a6: 5488 strb r0, [r1, r2] + 3a8: 488f ldr r0, =0x422004 ; via 0x5e8 + 3aa: 9009 str r0, [sp, #36] ; 0x24 + 3ac: 980a ldr r0, [sp, #40] ; 0x28 + 3ae: 3001 add r0, #1 + 3b0: 900b str r0, [sp, #44] ; 0x2c + 3b2: 2000 mov r0, #0 + 3b4: 900a str r0, [sp, #40] ; 0x28 + 3b6: e00b b 0x3d0 + 3b8: 990a ldr r1, [sp, #40] ; 0x28 + 3ba: 9809 ldr r0, [sp, #36] ; 0x24 + 3bc: 5c09 ldrb r1, [r1, r0] + 3be: 9a0b ldr r2, [sp, #44] ; 0x2c + 3c0: a801 add r0, sp, #4 + 3c2: 5481 strb r1, [r0, r2] + 3c4: 980a ldr r0, [sp, #40] ; 0x28 + 3c6: 3001 add r0, #1 + 3c8: 900a str r0, [sp, #40] ; 0x28 + 3ca: 980b ldr r0, [sp, #44] ; 0x2c + 3cc: 3001 add r0, #1 + 3ce: 900b str r0, [sp, #44] ; 0x2c + 3d0: 990a ldr r1, [sp, #40] ; 0x28 + 3d2: 9809 ldr r0, [sp, #36] ; 0x24 + 3d4: 5c08 ldrb r0, [r1, r0] + 3d6: 2800 cmp r0, #0 + 3d8: d002 beq 0x3e0 + 3da: 980b ldr r0, [sp, #44] ; 0x2c + 3dc: 281e cmp r0, #30 ; 0x1e + 3de: dbeb blt 0x3b8 + 3e0: 980b ldr r0, [sp, #44] ; 0x2c + 3e2: 281e cmp r0, #30 ; 0x1e + 3e4: da4d bge 0x482 + 3e6: 980b ldr r0, [sp, #44] ; 0x2c + 3e8: 2120 mov r1, #32 ; 0x20 + 3ea: aa01 add r2, sp, #4 + 3ec: 5411 strb r1, [r2, r0] + 3ee: 980b ldr r0, [sp, #44] ; 0x2c + 3f0: 3001 add r0, #1 + 3f2: 900b str r0, [sp, #44] ; 0x2c + 3f4: 980b ldr r0, [sp, #44] ; 0x2c + 3f6: 281e cmp r0, #30 ; 0x1e + 3f8: dbf5 blt 0x3e6 + 3fa: e042 b 0x482 + 3fc: 203b mov r0, #59 ; 0x3b + 3fe: 04c0 lsl r0, r0, #19 + 400: 9009 str r0, [sp, #36] ; 0x24 + 402: 2000 mov r0, #0 + 404: e007 b 0x416 + 406: 990a ldr r1, [sp, #40] ; 0x28 + 408: 9809 ldr r0, [sp, #36] ; 0x24 + 40a: 5c09 ldrb r1, [r1, r0] + 40c: 9a0a ldr r2, [sp, #40] ; 0x28 + 40e: a801 add r0, sp, #4 + 410: 5481 strb r1, [r0, r2] + 412: 980a ldr r0, [sp, #40] ; 0x28 + 414: 3001 add r0, #1 + 416: 900a str r0, [sp, #40] ; 0x28 + 418: 990a ldr r1, [sp, #40] ; 0x28 + 41a: 9809 ldr r0, [sp, #36] ; 0x24 + 41c: 5c08 ldrb r0, [r1, r0] + 41e: 2800 cmp r0, #0 + 420: d002 beq 0x428 + 422: 980a ldr r0, [sp, #40] ; 0x28 + 424: 281a cmp r0, #26 ; 0x1a + 426: dbee blt 0x406 + 428: 9a0a ldr r2, [sp, #40] ; 0x28 + 42a: 2020 mov r0, #32 ; 0x20 + 42c: a901 add r1, sp, #4 + 42e: 5488 strb r0, [r1, r2] + 430: 48e2 ldr r0, =0x1d80020 ; via 0x7bc + 432: 9009 str r0, [sp, #36] ; 0x24 + 434: 980a ldr r0, [sp, #40] ; 0x28 + 436: 3001 add r0, #1 + 438: 900b str r0, [sp, #44] ; 0x2c + 43a: 2000 mov r0, #0 + 43c: 900a str r0, [sp, #40] ; 0x28 + 43e: e00b b 0x458 + 440: 990a ldr r1, [sp, #40] ; 0x28 + 442: 9809 ldr r0, [sp, #36] ; 0x24 + 444: 5c08 ldrb r0, [r1, r0] + 446: 990b ldr r1, [sp, #44] ; 0x2c + 448: aa01 add r2, sp, #4 + 44a: 5450 strb r0, [r2, r1] + 44c: 980a ldr r0, [sp, #40] ; 0x28 + 44e: 3001 add r0, #1 + 450: 900a str r0, [sp, #40] ; 0x28 + 452: 980b ldr r0, [sp, #44] ; 0x2c + 454: 3001 add r0, #1 + 456: 900b str r0, [sp, #44] ; 0x2c + 458: 980a ldr r0, [sp, #40] ; 0x28 + 45a: 9909 ldr r1, [sp, #36] ; 0x24 + 45c: 5c40 ldrb r0, [r0, r1] + 45e: 2800 cmp r0, #0 + 460: d002 beq 0x468 + 462: 980b ldr r0, [sp, #44] ; 0x2c + 464: 281e cmp r0, #30 ; 0x1e + 466: dbeb blt 0x440 + 468: 980b ldr r0, [sp, #44] ; 0x2c + 46a: 281e cmp r0, #30 ; 0x1e + 46c: da09 bge 0x482 + 46e: 990b ldr r1, [sp, #44] ; 0x2c + 470: 2020 mov r0, #32 ; 0x20 + 472: aa01 add r2, sp, #4 + 474: 5450 strb r0, [r2, r1] + 476: 980b ldr r0, [sp, #44] ; 0x2c + 478: 3001 add r0, #1 + 47a: 900b str r0, [sp, #44] ; 0x2c + 47c: 980b ldr r0, [sp, #44] ; 0x2c + 47e: 281e cmp r0, #30 ; 0x1e + 480: dbf5 blt 0x46e + 482: 211e mov r1, #30 ; 0x1e + 484: a801 add r0, sp, #4 + 486: e00b b 0x4a0 + 488: f7ff fea8 bl 0x1dc + 48c: e75f b 0x34e + 48e: a0ef add r0, pc, #956 ; 0x3bc + 490: 2102 mov r1, #2 + 492: 4a2a ldr r2, =0x1000010 ; via 0x53c + 494: 7812 ldrb r2, [r2, #0] + 496: f000 fd78 bl 0xf8a + 49a: e026 b 0x4ea + 49c: a0ec add r0, pc, #944 ; 0x3b0 + 49e: 2102 mov r1, #2 + 4a0: 4a26 ldr r2, =0x1000010 ; via 0x53c + 4a2: 7812 ldrb r2, [r2, #0] + 4a4: f000 fd71 bl 0xf8a + 4a8: e751 b 0x34e + 4aa: 4668 mov r0, sp + 4ac: 7800 ldrb r0, [r0, #0] + 4ae: 2143 mov r1, #67 ; 0x43 + 4b0: 1a40 sub r0, r0, r1 + 4b2: 2800 cmp r0, #0 + 4b4: d100 bne 0x4b8 + 4b6: e750 b 0x35a + 4b8: 3801 sub r0, #1 + 4ba: 2800 cmp r0, #0 + 4bc: d09e beq 0x3fc + 4be: 3801 sub r0, #1 + 4c0: 2800 cmp r0, #0 + 4c2: d0eb beq 0x49c + 4c4: 3802 sub r0, #2 + 4c6: 2800 cmp r0, #0 + 4c8: d0e1 beq 0x48e + 4ca: 3802 sub r0, #2 + 4cc: 2800 cmp r0, #0 + 4ce: d100 bne 0x4d2 + 4d0: e74c b 0x36c + 4d2: 3804 sub r0, #4 + 4d4: 2800 cmp r0, #0 + 4d6: d100 bne 0x4da + 4d8: e745 b 0x366 + 4da: 3804 sub r0, #4 + 4dc: 2800 cmp r0, #0 + 4de: d0d3 beq 0x488 + 4e0: 3807 sub r0, #7 + 4e2: 2800 cmp r0, #0 + 4e4: d100 bne 0x4e8 + 4e6: e746 b 0x376 + 4e8: e731 b 0x34e + 4ea: b00c add sp, #48 ; 0x30 + 4ec: bd00 pop {pc} + 4ee: 46c0 nop (mov r8, r8) + + 4f0: 46c00054 + 4f4: 30303239 ; ASCIZ "92000101FFFFFFFF" + 4f8: 31303130 + 4fc: 46464646 + 500: 46464646 + 504: c046c000 + 508: fffff804 + 50c: fffff800 + 510: fffff802 + + 514: b500 push {lr} + 516: b084 sub sp, #16 ; 0x10 + 518: 4668 mov r0, sp + 51a: 2109 mov r1, #9 + 51c: 4a07 ldr r2, =0x1000010 ; via 0x53c + 51e: 7812 ldrb r2, [r2, #0] + 520: f000 fd7f bl 0x1022 + 524: 4668 mov r0, sp + 526: 7800 ldrb r0, [r0, #0] + 528: 2804 cmp r0, #4 + 52a: dd09 ble 0x540 + 52c: a0ea add r0, pc, #936 ; 0x3a8 + 52e: 2102 mov r1, #2 + 530: 4a02 ldr r2, =0x1000010 ; via 0x53c + 532: 7812 ldrb r2, [r2, #0] + 534: f000 fd29 bl 0xf8a + 538: e035 b 0x5a6 + 53a: 46c0 nop (mov r8, r8) + 53c: 01000010 + 540: 4669 mov r1, sp + 542: 2000 mov r0, #0 + 544: 7308 strb r0, [r1, #12] ; 0xc + 546: 4668 mov r0, sp + 548: 2104 mov r1, #4 + 54a: 7341 strb r1, [r0, #13] ; 0xd + 54c: a0e3 add r0, pc, #908 ; 0x38c + 54e: 2102 mov r1, #2 + 550: 4af7 ldr r2, =0x1000010 ; via 0x930 + 552: 7812 ldrb r2, [r2, #0] + 554: f000 fd19 bl 0xf8a + 558: a803 add r0, sp, #12 ; 0xc + 55a: 2102 mov r1, #2 + 55c: 4af4 ldr r2, =0x1000010 ; via 0x930 + 55e: 7812 ldrb r2, [r2, #0] + 560: f000 fd13 bl 0xf8a + 564: 48f2 ldr r0, =0x1000010 ; via 0x930 + 566: 7800 ldrb r0, [r0, #0] + 568: f000 fcf3 bl 0xf52 + 56c: 49dd ldr r1, =0x1304 ; via 0x8e4 + 56e: 4668 mov r0, sp + 570: 7800 ldrb r0, [r0, #0] + 572: 5c09 ldrb r1, [r1, r0] + 574: 48da ldr r0, =0x1000011 ; via 0x8e0 + 576: 7800 ldrb r0, [r0, #0] + 578: 4288 cmp r0, r1 + 57a: d009 beq 0x590 + 57c: 49d9 ldr r1, =0x1304 ; via 0x8e4 + 57e: 4668 mov r0, sp + 580: 7800 ldrb r0, [r0, #0] + 582: 5c08 ldrb r0, [r1, r0] + 584: 49d6 ldr r1, =0x1000011 ; via 0x8e0 + 586: 7008 strb r0, [r1, #0] + 588: 48e9 ldr r0, =0x1000010 ; via 0x930 + 58a: 7800 ldrb r0, [r0, #0] + 58c: f000 fca9 bl 0xee2 + 590: 48f5 ldr r0, =0x1000000 ; via 0x968 + 592: 2100 mov r1, #0 + 594: 6001 str r1, [r0, #0] + 596: 48f5 ldr r0, =0x100000c ; via 0x96c + 598: 7001 strb r1, [r0, #0] + 59a: 49f5 ldr r1, =0x1000004 ; via 0x970 + 59c: 2000 mov r0, #0 + 59e: 7008 strb r0, [r1, #0] + 5a0: 48f4 ldr r0, =0x1000008 ; via 0x974 + 5a2: 2100 mov r1, #0 + 5a4: 6001 str r1, [r0, #0] + 5a6: b004 add sp, #16 ; 0x10 + 5a8: bd00 pop {pc} + 5aa: 46c0 nop (mov r8, r8) + + 5ac: 7263694d ; ASCIZ "MicroEROM v1.0 " + 5b0: 4f52456f + 5b4: 3176204d + 5b8: 2020302e + 5bc: 20202020 + 5c0: 20202020 + 5c4: 20202020 + 5c8: c0002020 + 5cc: 00010001 + 5d0: 00010002 + 5d4: 00010003 + 5d8: 00010004 + 5dc: 00010005 + 5e0: 00010006 + 5e4: 00422024 + 5e8: 00422004 + + 5ec: b500 push {lr} + 5ee: 48e4 ldr r0, =0xfffffbf4 ; via 0x980 + 5f0: 4485 add sp, r0 + 5f2: 4668 mov r0, sp + 5f4: 2108 mov r1, #8 + 5f6: 4ace ldr r2, =0x1000010 ; via 0x930 + 5f8: 7812 ldrb r2, [r2, #0] + 5fa: f000 fd12 bl 0x1022 + 5fe: 4ade ldr r2, =0x402 ; via 0x978 + 600: 4669 mov r1, sp + 602: 4668 mov r0, sp + 604: 78c3 ldrb r3, [r0, #3] + 606: 7880 ldrb r0, [r0, #2] + 608: 0200 lsl r0, r0, #8 + 60a: 1818 add r0, r3, r0 + 60c: 5250 strh r0, [r2, r1] + 60e: 2081 mov r0, #129 ; 0x81 + 610: 00c2 lsl r2, r0, #3 + 612: 4668 mov r0, sp + 614: 7940 ldrb r0, [r0, #5] + 616: 0403 lsl r3, r0, #16 + 618: 4668 mov r0, sp + 61a: 7900 ldrb r0, [r0, #4] + 61c: 0600 lsl r0, r0, #24 + 61e: 181b add r3, r3, r0 + 620: 4668 mov r0, sp + 622: 7980 ldrb r0, [r0, #6] + 624: 0200 lsl r0, r0, #8 + 626: 18c3 add r3, r0, r3 + 628: 4668 mov r0, sp + 62a: 79c0 ldrb r0, [r0, #7] + 62c: 18c0 add r0, r0, r3 + 62e: 5050 str r0, [r2, r1] + 630: 48cd ldr r0, =0x1000000 ; via 0x968 + 632: 6800 ldr r0, [r0, #0] + 634: 2800 cmp r0, #0 + 636: d105 bne 0x644 + 638: 2081 mov r0, #129 ; 0x81 + 63a: 00c1 lsl r1, r0, #3 + 63c: 4668 mov r0, sp + 63e: 5808 ldr r0, [r1, r0] + 640: 49c9 ldr r1, =0x1000000 ; via 0x968 + 642: 6008 str r0, [r1, #0] + 644: 4668 mov r0, sp + 646: 4acc ldr r2, =0x402 ; via 0x978 + 648: 4669 mov r1, sp + 64a: 5a51 ldrh r1, [r2, r1] + 64c: 4ab8 ldr r2, =0x1000010 ; via 0x930 + 64e: 7812 ldrb r2, [r2, #0] + 650: f000 fce7 bl 0x1022 + 654: 4ac9 ldr r2, =0x404 ; via 0x97c + 656: 4669 mov r1, sp + 658: 2000 mov r0, #0 + 65a: 5250 strh r0, [r2, r1] + 65c: 49c7 ldr r1, =0x404 ; via 0x97c + 65e: 4668 mov r0, sp + 660: 5a0a ldrh r2, [r1, r0] + 662: 49c5 ldr r1, =0x402 ; via 0x978 + 664: 5a08 ldrh r0, [r1, r0] + 666: 4282 cmp r2, r0 + 668: da1a bge 0x6a0 + 66a: 49c4 ldr r1, =0x404 ; via 0x97c + 66c: 4668 mov r0, sp + 66e: 5a0b ldrh r3, [r1, r0] + 670: 2081 mov r0, #129 ; 0x81 + 672: 00c0 lsl r0, r0, #3 + 674: 4669 mov r1, sp + 676: 5841 ldr r1, [r0, r1] + 678: 4ac0 ldr r2, =0x404 ; via 0x97c + 67a: 4668 mov r0, sp + 67c: 5a10 ldrh r0, [r2, r0] + 67e: 466a mov r2, sp + 680: 5c80 ldrb r0, [r0, r2] + 682: 5458 strb r0, [r3, r1] + 684: 49bd ldr r1, =0x404 ; via 0x97c + 686: 466b mov r3, sp + 688: 4abc ldr r2, =0x404 ; via 0x97c + 68a: 4668 mov r0, sp + 68c: 5a10 ldrh r0, [r2, r0] + 68e: 3001 add r0, #1 + 690: 52c8 strh r0, [r1, r3] + 692: 4668 mov r0, sp + 694: 5a08 ldrh r0, [r1, r0] + 696: 49b8 ldr r1, =0x402 ; via 0x978 + 698: 466a mov r2, sp + 69a: 5a89 ldrh r1, [r1, r2] + 69c: 4288 cmp r0, r1 + 69e: dbe4 blt 0x66a + 6a0: 2001 mov r0, #1 + 6a2: 0282 lsl r2, r0, #10 + 6a4: 4669 mov r1, sp + 6a6: 2005 mov r0, #5 + 6a8: 5450 strb r0, [r2, r1] + 6aa: 49b3 ldr r1, =0x402 ; via 0x978 + 6ac: 4668 mov r0, sp + 6ae: 5a08 ldrh r0, [r1, r0] + 6b0: 0600 lsl r0, r0, #24 + 6b2: 0e02 lsr r2, r0, #24 + 6b4: 2001 mov r0, #1 + 6b6: 0280 lsl r0, r0, #10 + 6b8: 4669 mov r1, sp + 6ba: 5c40 ldrb r0, [r0, r1] + 6bc: 1810 add r0, r2, r0 + 6be: 2101 mov r1, #1 + 6c0: 028a lsl r2, r1, #10 + 6c2: 4669 mov r1, sp + 6c4: 5450 strb r0, [r2, r1] + 6c6: 2081 mov r0, #129 ; 0x81 + 6c8: 00c1 lsl r1, r0, #3 + 6ca: 4668 mov r0, sp + 6cc: 5808 ldr r0, [r1, r0] + 6ce: 0e00 lsr r0, r0, #24 + 6d0: 0600 lsl r0, r0, #24 + 6d2: 0e02 lsr r2, r0, #24 + 6d4: 2001 mov r0, #1 + 6d6: 0281 lsl r1, r0, #10 + 6d8: 4668 mov r0, sp + 6da: 5c08 ldrb r0, [r1, r0] + 6dc: 1812 add r2, r2, r0 + 6de: 2001 mov r0, #1 + 6e0: 0281 lsl r1, r0, #10 + 6e2: 4668 mov r0, sp + 6e4: 540a strb r2, [r1, r0] + 6e6: 2081 mov r0, #129 ; 0x81 + 6e8: 00c1 lsl r1, r0, #3 + 6ea: 4668 mov r0, sp + 6ec: 5808 ldr r0, [r1, r0] + 6ee: 0200 lsl r0, r0, #8 + 6f0: 0e00 lsr r0, r0, #24 + 6f2: 0400 lsl r0, r0, #16 + 6f4: 0c02 lsr r2, r0, #16 + 6f6: 2001 mov r0, #1 + 6f8: 0281 lsl r1, r0, #10 + 6fa: 4668 mov r0, sp + 6fc: 5c08 ldrb r0, [r1, r0] + 6fe: 1811 add r1, r2, r0 + 700: 2001 mov r0, #1 + 702: 0280 lsl r0, r0, #10 + 704: 466a mov r2, sp + 706: 5481 strb r1, [r0, r2] + 708: 2081 mov r0, #129 ; 0x81 + 70a: 00c1 lsl r1, r0, #3 + 70c: 4668 mov r0, sp + 70e: 5808 ldr r0, [r1, r0] + 710: 0400 lsl r0, r0, #16 + 712: 0e00 lsr r0, r0, #24 + 714: 0200 lsl r0, r0, #8 + 716: 0a02 lsr r2, r0, #8 + 718: 2001 mov r0, #1 + 71a: 0281 lsl r1, r0, #10 + 71c: 4668 mov r0, sp + 71e: 5c08 ldrb r0, [r1, r0] + 720: 1812 add r2, r2, r0 + 722: 2001 mov r0, #1 + 724: 0281 lsl r1, r0, #10 + 726: 4668 mov r0, sp + 728: 540a strb r2, [r1, r0] + 72a: 2081 mov r0, #129 ; 0x81 + 72c: 00c0 lsl r0, r0, #3 + 72e: 4669 mov r1, sp + 730: 5840 ldr r0, [r0, r1] + 732: 0600 lsl r0, r0, #24 + 734: 0e02 lsr r2, r0, #24 + 736: 2001 mov r0, #1 + 738: 0280 lsl r0, r0, #10 + 73a: 5c40 ldrb r0, [r0, r1] + 73c: 1811 add r1, r2, r0 + 73e: 2001 mov r0, #1 + 740: 0282 lsl r2, r0, #10 + 742: 4668 mov r0, sp + 744: 5411 strb r1, [r2, r0] + 746: 4a8d ldr r2, =0x404 ; via 0x97c + 748: 2100 mov r1, #0 + 74a: 5211 strh r1, [r2, r0] + 74c: 488b ldr r0, =0x404 ; via 0x97c + 74e: 4669 mov r1, sp + 750: 5a40 ldrh r0, [r0, r1] + 752: 4a89 ldr r2, =0x402 ; via 0x978 + 754: 5a51 ldrh r1, [r2, r1] + 756: 4288 cmp r0, r1 + 758: da19 bge 0x78e + 75a: 4988 ldr r1, =0x404 ; via 0x97c + 75c: 4668 mov r0, sp + 75e: 5a09 ldrh r1, [r1, r0] + 760: 5c09 ldrb r1, [r1, r0] + 762: 2001 mov r0, #1 + 764: 0282 lsl r2, r0, #10 + 766: 4668 mov r0, sp + 768: 5c10 ldrb r0, [r2, r0] + 76a: 1809 add r1, r1, r0 + 76c: 2001 mov r0, #1 + 76e: 0282 lsl r2, r0, #10 + 770: 4668 mov r0, sp + 772: 5411 strb r1, [r2, r0] + 774: 4a81 ldr r2, =0x404 ; via 0x97c + 776: 4669 mov r1, sp + 778: 4b80 ldr r3, =0x404 ; via 0x97c + 77a: 5a18 ldrh r0, [r3, r0] + 77c: 3001 add r0, #1 + 77e: 5250 strh r0, [r2, r1] + 780: 487e ldr r0, =0x404 ; via 0x97c + 782: 5a40 ldrh r0, [r0, r1] + 784: 497c ldr r1, =0x402 ; via 0x978 + 786: 466a mov r2, sp + 788: 5a89 ldrh r1, [r1, r2] + 78a: 4288 cmp r0, r1 + 78c: dbe5 blt 0x75a + 78e: 4878 ldr r0, =0x1000004 ; via 0x970 + 790: 2101 mov r1, #1 + 792: 028a lsl r2, r1, #10 + 794: 4669 mov r1, sp + 796: 5c51 ldrb r1, [r2, r1] + 798: 43c9 mvn r1, r1 + 79a: 7802 ldrb r2, [r0, #0] + 79c: 1889 add r1, r1, r2 + 79e: 7001 strb r1, [r0, #0] + 7a0: a09e add r0, pc, #632 ; 0x278 + 7a2: 2102 mov r1, #2 + 7a4: 4a62 ldr r2, =0x1000010 ; via 0x930 + 7a6: 7812 ldrb r2, [r2, #0] + 7a8: f000 fbef bl 0xf8a + 7ac: 486f ldr r0, =0x100000c ; via 0x96c + 7ae: 2101 mov r1, #1 + 7b0: 7001 strb r1, [r0, #0] + 7b2: 4873 ldr r0, =0xfffffbf4 ; via 0x980 + 7b4: 4240 neg r0, r0 + 7b6: 4485 add sp, r0 + 7b8: bd00 pop {pc} + 7ba: 46c0 nop (mov r8, r8) + + 7bc: 01d80020 + + 7c0: b500 push {lr} + 7c2: b082 sub sp, #8 + 7c4: 4869 ldr r0, =0x100000c ; via 0x96c + 7c6: 7800 ldrb r0, [r0, #0] + 7c8: 2801 cmp r0, #1 + 7ca: d00f beq 0x7ec + 7cc: a094 add r0, pc, #592 ; 0x250 + 7ce: 2102 mov r1, #2 + 7d0: 4a57 ldr r2, =0x1000010 ; via 0x930 + 7d2: 7812 ldrb r2, [r2, #0] + 7d4: f000 fbd9 bl 0xf8a + 7d8: 4865 ldr r0, =0x1000004 ; via 0x970 + 7da: 2101 mov r1, #1 + 7dc: 4a54 ldr r2, =0x1000010 ; via 0x930 + 7de: 7812 ldrb r2, [r2, #0] + 7e0: f000 fbd3 bl 0xf8a + 7e4: 4961 ldr r1, =0x100000c ; via 0x96c + 7e6: 2000 mov r0, #0 + 7e8: 7008 strb r0, [r1, #0] + 7ea: e02d b 0x848 + 7ec: 4669 mov r1, sp + 7ee: 4860 ldr r0, =0x1000004 ; via 0x970 + 7f0: 7800 ldrb r0, [r0, #0] + 7f2: 43c0 mvn r0, r0 + 7f4: 7108 strb r0, [r1, #4] + 7f6: 4668 mov r0, sp + 7f8: 2101 mov r1, #1 + 7fa: 4a4d ldr r2, =0x1000010 ; via 0x930 + 7fc: 7812 ldrb r2, [r2, #0] + 7fe: f000 fc10 bl 0x1022 + 802: 4668 mov r0, sp + 804: 7900 ldrb r0, [r0, #4] + 806: 4669 mov r1, sp + 808: 7809 ldrb r1, [r1, #0] + 80a: 4288 cmp r0, r1 + 80c: d00d beq 0x82a + 80e: a084 add r0, pc, #528 ; 0x210 + 810: 2102 mov r1, #2 + 812: 4a47 ldr r2, =0x1000010 ; via 0x930 + 814: 7812 ldrb r2, [r2, #0] + 816: f000 fbb8 bl 0xf8a + 81a: 4855 ldr r0, =0x1000004 ; via 0x970 + 81c: 2101 mov r1, #1 + 81e: 4a44 ldr r2, =0x1000010 ; via 0x930 + 820: 7812 ldrb r2, [r2, #0] + 822: f000 fbb2 bl 0xf8a + 826: 2100 mov r1, #0 + 828: e00c b 0x844 + 82a: a07e add r0, pc, #504 ; 0x1f8 + 82c: 2102 mov r1, #2 + 82e: 4a40 ldr r2, =0x1000010 ; via 0x930 + 830: 7812 ldrb r2, [r2, #0] + 832: f000 fbaa bl 0xf8a + 836: 484e ldr r0, =0x1000004 ; via 0x970 + 838: 2101 mov r1, #1 + 83a: 4a3d ldr r2, =0x1000010 ; via 0x930 + 83c: 7812 ldrb r2, [r2, #0] + 83e: f000 fba4 bl 0xf8a + 842: 2102 mov r1, #2 + 844: 4849 ldr r0, =0x100000c ; via 0x96c + 846: 7001 strb r1, [r0, #0] + 848: b002 add sp, #8 + 84a: bd00 pop {pc} + + 84c: c000473e + 850: 00003030 + + 854: b510 push {r4, lr} + 856: b082 sub sp, #8 + 858: 4844 ldr r0, =0x100000c ; via 0x96c + 85a: 7800 ldrb r0, [r0, #0] + 85c: 2802 cmp r0, #2 + 85e: d009 beq 0x874 + 860: a071 add r0, pc, #452 ; 0x1c4 + 862: 2102 mov r1, #2 + 864: 4a32 ldr r2, =0x1000010 ; via 0x930 + 866: 7812 ldrb r2, [r2, #0] + 868: f000 fb8f bl 0xf8a + 86c: 493f ldr r1, =0x100000c ; via 0x96c + 86e: 2000 mov r0, #0 + 870: 7008 strb r0, [r1, #0] + 872: e02e b 0x8d2 + 874: 4668 mov r0, sp + 876: 2104 mov r1, #4 + 878: 4a2d ldr r2, =0x1000010 ; via 0x930 + 87a: 7812 ldrb r2, [r2, #0] + 87c: f000 fbd1 bl 0x1022 + 880: 4668 mov r0, sp + 882: 7840 ldrb r0, [r0, #1] + 884: 0401 lsl r1, r0, #16 + 886: 4668 mov r0, sp + 888: 7800 ldrb r0, [r0, #0] + 88a: 0600 lsl r0, r0, #24 + 88c: 1808 add r0, r1, r0 + 88e: 4669 mov r1, sp + 890: 7889 ldrb r1, [r1, #2] + 892: 0209 lsl r1, r1, #8 + 894: 1809 add r1, r1, r0 + 896: 4668 mov r0, sp + 898: 78c0 ldrb r0, [r0, #3] + 89a: 1841 add r1, r0, r1 + 89c: 4835 ldr r0, =0x1000008 ; via 0x974 + 89e: 6001 str r1, [r0, #0] + 8a0: 4834 ldr r0, =0x1000008 ; via 0x974 + 8a2: 6801 ldr r1, [r0, #0] + 8a4: 4830 ldr r0, =0x1000000 ; via 0x968 + 8a6: 6800 ldr r0, [r0, #0] + 8a8: 4281 cmp r1, r0 + 8aa: d006 beq 0x8ba + 8ac: a05f add r0, pc, #380 ; 0x17c + 8ae: 2102 mov r1, #2 + 8b0: 4a1f ldr r2, =0x1000010 ; via 0x930 + 8b2: 7812 ldrb r2, [r2, #0] + 8b4: f000 fb69 bl 0xf8a + 8b8: e00b b 0x8d2 + 8ba: a05b add r0, pc, #364 ; 0x16c + 8bc: 2102 mov r1, #2 + 8be: 4a1c ldr r2, =0x1000010 ; via 0x930 + 8c0: 7812 ldrb r2, [r2, #0] + 8c2: f000 fb62 bl 0xf8a + 8c6: 482b ldr r0, =0x1000008 ; via 0x974 + 8c8: 6800 ldr r0, [r0, #0] + 8ca: 9001 str r0, [sp, #4] + 8cc: 9c01 ldr r4, [sp, #4] + 8ce: f000 fd0b bl 0x12e8 + 8d2: b002 add sp, #8 + 8d4: bd10 pop {r4, pc} + 8d6: 46c0 nop (mov r8, r8) + + 8d8: c000503e + 8dc: c000703e + 8e0: 01000011 + 8e4: 00001304 + + 8e8: b500 push {lr} + 8ea: b081 sub sp, #4 + 8ec: 491e ldr r1, =0x1000000 ; via 0x968 + 8ee: 2000 mov r0, #0 + 8f0: 6008 str r0, [r1, #0] + 8f2: 2100 mov r1, #0 + 8f4: 481d ldr r0, =0x100000c ; via 0x96c + 8f6: 7001 strb r1, [r0, #0] + 8f8: 481d ldr r0, =0x1000004 ; via 0x970 + 8fa: 7001 strb r1, [r0, #0] + 8fc: 481d ldr r0, =0x1000008 ; via 0x974 + 8fe: 6001 str r1, [r0, #0] + 900: 4668 mov r0, sp + 902: 490b ldr r1, =0x1000010 ; via 0x930 + 904: 7809 ldrb r1, [r1, #0] + 906: f000 fb71 bl 0xfec + 90a: 4668 mov r0, sp + 90c: 7800 ldrb r0, [r0, #0] + 90e: 283c cmp r0, #60 ; 0x3c + 910: d1f6 bne 0x900 + 912: 4668 mov r0, sp + 914: 4946 ldr r1, =0x1000010 ; via 0xa30 + 916: 7809 ldrb r1, [r1, #0] + 918: f000 fb68 bl 0xfec + 91c: e011 b 0x942 + 91e: f7ff fdf9 bl 0x514 + 922: e7ed b 0x900 + 924: f7ff fe62 bl 0x5ec + 928: e7ea b 0x900 + 92a: f7ff ff49 bl 0x7c0 + 92e: e7e7 b 0x900 + 930: 01000010 + 934: f7ff ff8e bl 0x854 + 938: e7e2 b 0x900 + 93a: 480b ldr r0, =0x1000000 ; via 0x968 + 93c: 2100 mov r1, #0 + 93e: 6001 str r1, [r0, #0] + 940: e7d8 b 0x8f4 + 942: 4668 mov r0, sp + 944: 7801 ldrb r1, [r0, #0] + 946: 2061 mov r0, #97 ; 0x61 + 948: 1a08 sub r0, r1, r0 + 94a: 2800 cmp r0, #0 + 94c: d0f5 beq 0x93a + 94e: 3801 sub r0, #1 + 950: 2800 cmp r0, #0 + 952: d0ef beq 0x934 + 954: 3801 sub r0, #1 + 956: 2800 cmp r0, #0 + 958: d0e7 beq 0x92a + 95a: 380d sub r0, #13 ; 0xd + 95c: 2800 cmp r0, #0 + 95e: d0de beq 0x91e + 960: 3807 sub r0, #7 + 962: 2800 cmp r0, #0 + 964: d0de beq 0x924 + 966: e7e8 b 0x93a + + 968: 01000000 + 96c: 0100000c + 970: 01000004 + 974: 01000008 + 978: 00000402 + 97c: 00000404 + 980: fffffbf4 + + 984: b510 push {r4, lr} + 986: b086 sub sp, #24 ; 0x18 + 988: 482a ldr r0, =0x1ff02c8 ; via 0xa34 + 98a: 9005 str r0, [sp, #20] ; 0x14 + 98c: 2001 mov r0, #1 + 98e: 0400 lsl r0, r0, #16 + 990: 4929 ldr r1, =0x1ff0000 ; via 0xa38 + 992: aa01 add r2, sp, #4 + 994: 2359 mov r3, #89 ; 0x59 + 996: 00db lsl r3, r3, #3 + 998: f000 f9ca bl 0xd30 + 99c: a801 add r0, sp, #4 + 99e: 4927 ldr r1, =0x10008 ; via 0xa3c + 9a0: aa03 add r2, sp, #12 ; 0xc + 9a2: 2340 mov r3, #64 ; 0x40 + 9a4: f000 f9c4 bl 0xd30 + 9a8: 4668 mov r0, sp + 9aa: 7b01 ldrb r1, [r0, #12] ; 0xc + 9ac: 9805 ldr r0, [sp, #20] ; 0x14 + 9ae: 7800 ldrb r0, [r0, #0] + 9b0: 4281 cmp r1, r0 + 9b2: d130 bne 0xa16 + 9b4: 4668 mov r0, sp + 9b6: 7b41 ldrb r1, [r0, #13] ; 0xd + 9b8: 9805 ldr r0, [sp, #20] ; 0x14 + 9ba: 7840 ldrb r0, [r0, #1] + 9bc: 4281 cmp r1, r0 + 9be: d12a bne 0xa16 + 9c0: 4668 mov r0, sp + 9c2: 7b81 ldrb r1, [r0, #14] ; 0xe + 9c4: 9805 ldr r0, [sp, #20] ; 0x14 + 9c6: 7880 ldrb r0, [r0, #2] + 9c8: 4281 cmp r1, r0 + 9ca: d124 bne 0xa16 + 9cc: 4668 mov r0, sp + 9ce: 7bc1 ldrb r1, [r0, #15] ; 0xf + 9d0: 9805 ldr r0, [sp, #20] ; 0x14 + 9d2: 78c0 ldrb r0, [r0, #3] + 9d4: 4281 cmp r1, r0 + 9d6: d11e bne 0xa16 + 9d8: 4668 mov r0, sp + 9da: 7c00 ldrb r0, [r0, #16] ; 0x10 + 9dc: 9905 ldr r1, [sp, #20] ; 0x14 + 9de: 7909 ldrb r1, [r1, #4] + 9e0: 4288 cmp r0, r1 + 9e2: d118 bne 0xa16 + 9e4: 4668 mov r0, sp + 9e6: 7c41 ldrb r1, [r0, #17] ; 0x11 + 9e8: 9805 ldr r0, [sp, #20] ; 0x14 + 9ea: 7940 ldrb r0, [r0, #5] + 9ec: 4281 cmp r1, r0 + 9ee: d112 bne 0xa16 + 9f0: 4668 mov r0, sp + 9f2: 7c81 ldrb r1, [r0, #18] ; 0x12 + 9f4: 9805 ldr r0, [sp, #20] ; 0x14 + 9f6: 7980 ldrb r0, [r0, #6] + 9f8: 4281 cmp r1, r0 + 9fa: d10c bne 0xa16 + 9fc: 4668 mov r0, sp + 9fe: 7cc0 ldrb r0, [r0, #19] ; 0x13 + a00: 9905 ldr r1, [sp, #20] ; 0x14 + a02: 79c9 ldrb r1, [r1, #7] + a04: 4288 cmp r0, r1 + a06: d106 bne 0xa16 + a08: 2001 mov r0, #1 + a0a: 0440 lsl r0, r0, #17 + a0c: 9000 str r0, [sp, #0] + a0e: 9c00 ldr r4, [sp, #0] + a10: f000 fc6a bl 0x12e8 + a14: e000 b 0xa18 + a16: e7fe b 0xa16 + a18: b006 add sp, #24 ; 0x18 + a1a: bd10 pop {r4, pc} + + a1c: c000773e + a20: c000433e + a24: c000633e + a28: c000623e + a2c: c000423e + a30: 01000010 + a34: 01ff02c8 + a38: 01ff0000 + a3c: 00010008 + + a40: b082 sub sp, #8 + a42: 9101 str r1, [sp, #4] + a44: 9000 str r0, [sp, #0] + a46: 9901 ldr r1, [sp, #4] + a48: 10c8 asr r0, r1, #3 + a4a: 0f00 lsr r0, r0, #28 + a4c: 1840 add r0, r0, r1 + a4e: 220f mov r2, #15 ; 0xf + a50: 4390 bic r0, r2 + a52: 1a08 sub r0, r1, r0 + a54: 9001 str r0, [sp, #4] + a56: 2110 mov r1, #16 ; 0x10 + a58: 9801 ldr r0, [sp, #4] + a5a: 1a08 sub r0, r1, r0 + a5c: 2100 mov r1, #0 + a5e: 43c9 mvn r1, r1 + a60: 4081 lsl r1, r0 + a62: 9800 ldr r0, [sp, #0] + a64: 2200 mov r2, #0 + a66: 5e80 ldrsh r0, [r0, r2] + a68: 4008 and r0, r1 + a6a: 0400 lsl r0, r0, #16 + a6c: 0c00 lsr r0, r0, #16 + a6e: 2110 mov r1, #16 ; 0x10 + a70: 9a01 ldr r2, [sp, #4] + a72: 1a89 sub r1, r1, r2 + a74: 40c8 lsr r0, r1 + a76: 9900 ldr r1, [sp, #0] + a78: 2200 mov r2, #0 + a7a: 5e89 ldrsh r1, [r1, r2] + a7c: 9a01 ldr r2, [sp, #4] + a7e: 4091 lsl r1, r2 + a80: 4308 orr r0, r1 + a82: 9900 ldr r1, [sp, #0] + a84: 8008 strh r0, [r1, #0] + a86: b002 add sp, #8 + a88: 4770 bx lr + + a8a: b500 push {lr} + a8c: b08e sub sp, #56 ; 0x38 + a8e: 9000 str r0, [sp, #0] + a90: 48d7 ldr r0, =0x72d42a70 ; via 0xdf0 + a92: 9001 str r0, [sp, #4] + a94: 48d7 ldr r0, =0x9836f25a ; via 0xdf4 + a96: 9002 str r0, [sp, #8] + a98: 9800 ldr r0, [sp, #0] + a9a: 7840 ldrb r0, [r0, #1] + a9c: 0400 lsl r0, r0, #16 + a9e: 0200 lsl r0, r0, #8 + aa0: 0e00 lsr r0, r0, #24 + aa2: 0402 lsl r2, r0, #16 + aa4: 9800 ldr r0, [sp, #0] + aa6: 7800 ldrb r0, [r0, #0] + aa8: 0600 lsl r0, r0, #24 + aaa: 0e00 lsr r0, r0, #24 + aac: 0600 lsl r0, r0, #24 + aae: 4302 orr r2, r0 + ab0: 9800 ldr r0, [sp, #0] + ab2: 7880 ldrb r0, [r0, #2] + ab4: 0200 lsl r0, r0, #8 + ab6: 0400 lsl r0, r0, #16 + ab8: 0e00 lsr r0, r0, #24 + aba: 0201 lsl r1, r0, #8 + abc: 4311 orr r1, r2 + abe: 9800 ldr r0, [sp, #0] + ac0: 78c0 ldrb r0, [r0, #3] + ac2: 0600 lsl r0, r0, #24 + ac4: 0e00 lsr r0, r0, #24 + ac6: 4308 orr r0, r1 + ac8: 9003 str r0, [sp, #12] ; 0xc + aca: 9800 ldr r0, [sp, #0] + acc: 7940 ldrb r0, [r0, #5] + ace: 0400 lsl r0, r0, #16 + ad0: 0200 lsl r0, r0, #8 + ad2: 0e00 lsr r0, r0, #24 + ad4: 0402 lsl r2, r0, #16 + ad6: 9800 ldr r0, [sp, #0] + ad8: 7900 ldrb r0, [r0, #4] + ada: 0600 lsl r0, r0, #24 + adc: 0e00 lsr r0, r0, #24 + ade: 0600 lsl r0, r0, #24 + ae0: 4302 orr r2, r0 + ae2: 9800 ldr r0, [sp, #0] + ae4: 7980 ldrb r0, [r0, #6] + ae6: 0200 lsl r0, r0, #8 + ae8: 0400 lsl r0, r0, #16 + aea: 0e00 lsr r0, r0, #24 + aec: 0201 lsl r1, r0, #8 + aee: 4311 orr r1, r2 + af0: 9800 ldr r0, [sp, #0] + af2: 79c0 ldrb r0, [r0, #7] + af4: 0600 lsl r0, r0, #24 + af6: 0e00 lsr r0, r0, #24 + af8: 4308 orr r0, r1 + afa: 9004 str r0, [sp, #16] ; 0x10 + afc: 9801 ldr r0, [sp, #4] + afe: 9903 ldr r1, [sp, #12] ; 0xc + b00: 4048 eor r0, r1 + b02: 9003 str r0, [sp, #12] ; 0xc + b04: 9802 ldr r0, [sp, #8] + b06: 9904 ldr r1, [sp, #16] ; 0x10 + b08: 4048 eor r0, r1 + b0a: 9004 str r0, [sp, #16] ; 0x10 + b0c: 9803 ldr r0, [sp, #12] ; 0xc + b0e: 1700 asr r0, r0, #28 + b10: 0700 lsl r0, r0, #28 + b12: 0f00 lsr r0, r0, #28 + b14: 3004 add r0, #4 + b16: 9005 str r0, [sp, #20] ; 0x14 + b18: 2000 mov r0, #0 + b1a: 9007 str r0, [sp, #28] ; 0x1c + b1c: 9907 ldr r1, [sp, #28] ; 0x1c + b1e: 9805 ldr r0, [sp, #20] ; 0x14 + b20: 4281 cmp r1, r0 + b22: db00 blt 0xb26 + b24: e086 b 0xc34 + b26: 4669 mov r1, sp + b28: 9803 ldr r0, [sp, #12] ; 0xc + b2a: 0400 lsl r0, r0, #16 + b2c: 0c00 lsr r0, r0, #16 + b2e: 8608 strh r0, [r1, #48] ; 0x30 + b30: 4668 mov r0, sp + b32: 9904 ldr r1, [sp, #16] ; 0x10 + b34: 1409 asr r1, r1, #16 + b36: 0409 lsl r1, r1, #16 + b38: 0c09 lsr r1, r1, #16 + b3a: 8641 strh r1, [r0, #50] ; 0x32 + b3c: 4669 mov r1, sp + b3e: 9804 ldr r0, [sp, #16] ; 0x10 + b40: 0400 lsl r0, r0, #16 + b42: 0c00 lsr r0, r0, #16 + b44: 8688 strh r0, [r1, #52] ; 0x34 + b46: 9803 ldr r0, [sp, #12] ; 0xc + b48: 1400 asr r0, r0, #16 + b4a: 0400 lsl r0, r0, #16 + b4c: 0c00 lsr r0, r0, #16 + b4e: 9008 str r0, [sp, #32] ; 0x20 + b50: 9803 ldr r0, [sp, #12] ; 0xc + b52: 0600 lsl r0, r0, #24 + b54: 0e00 lsr r0, r0, #24 + b56: 9009 str r0, [sp, #36] ; 0x24 + b58: 9804 ldr r0, [sp, #16] ; 0x10 + b5a: 1400 asr r0, r0, #16 + b5c: 0600 lsl r0, r0, #24 + b5e: 0e00 lsr r0, r0, #24 + b60: 900a str r0, [sp, #40] ; 0x28 + b62: 9804 ldr r0, [sp, #16] ; 0x10 + b64: 0600 lsl r0, r0, #24 + b66: 0e00 lsr r0, r0, #24 + b68: 900b str r0, [sp, #44] ; 0x2c + b6a: 9809 ldr r0, [sp, #36] ; 0x24 + b6c: 2800 cmp r0, #0 + b6e: d004 beq 0xb7a + b70: 9808 ldr r0, [sp, #32] ; 0x20 + b72: 9909 ldr r1, [sp, #36] ; 0x24 + b74: f000 fac2 bl 0x10fc + b78: e000 b 0xb7c + b7a: 2000 mov r0, #0 + b7c: 9009 str r0, [sp, #36] ; 0x24 + b7e: 980a ldr r0, [sp, #40] ; 0x28 + b80: 2800 cmp r0, #0 + b82: d004 beq 0xb8e + b84: 9808 ldr r0, [sp, #32] ; 0x20 + b86: 990a ldr r1, [sp, #40] ; 0x28 + b88: f000 fab8 bl 0x10fc + b8c: e000 b 0xb90 + b8e: 2000 mov r0, #0 + b90: 900a str r0, [sp, #40] ; 0x28 + b92: 980b ldr r0, [sp, #44] ; 0x2c + b94: 2800 cmp r0, #0 + b96: d004 beq 0xba2 + b98: 9808 ldr r0, [sp, #32] ; 0x20 + b9a: 990b ldr r1, [sp, #44] ; 0x2c + b9c: f000 faae bl 0x10fc + ba0: e000 b 0xba4 + ba2: 2000 mov r0, #0 + ba4: 900b str r0, [sp, #44] ; 0x2c + ba6: a80c add r0, sp, #48 ; 0x30 + ba8: 9909 ldr r1, [sp, #36] ; 0x24 + baa: f7ff ff49 bl 0xa40 + bae: 2032 mov r0, #50 ; 0x32 + bb0: 4468 add r0, sp + bb2: 990a ldr r1, [sp, #40] ; 0x28 + bb4: f7ff ff44 bl 0xa40 + bb8: a80d add r0, sp, #52 ; 0x34 + bba: 990b ldr r1, [sp, #44] ; 0x2c + bbc: f7ff ff40 bl 0xa40 + bc0: 980c ldr r0, [sp, #48] ; 0x30 + bc2: 1400 asr r0, r0, #16 + bc4: 0400 lsl r0, r0, #16 + bc6: 1400 asr r0, r0, #16 + bc8: 990c ldr r1, [sp, #48] ; 0x30 + bca: 0409 lsl r1, r1, #16 + bcc: 1409 asr r1, r1, #16 + bce: 0409 lsl r1, r1, #16 + bd0: 1409 asr r1, r1, #16 + bd2: 4048 eor r0, r1 + bd4: 4669 mov r1, sp + bd6: 8608 strh r0, [r1, #48] ; 0x30 + bd8: 980d ldr r0, [sp, #52] ; 0x34 + bda: 0400 lsl r0, r0, #16 + bdc: 1400 asr r0, r0, #16 + bde: 0400 lsl r0, r0, #16 + be0: 1400 asr r0, r0, #16 + be2: 990c ldr r1, [sp, #48] ; 0x30 + be4: 0409 lsl r1, r1, #16 + be6: 1409 asr r1, r1, #16 + be8: 0409 lsl r1, r1, #16 + bea: 1409 asr r1, r1, #16 + bec: 4048 eor r0, r1 + bee: 4669 mov r1, sp + bf0: 8608 strh r0, [r1, #48] ; 0x30 + bf2: 9803 ldr r0, [sp, #12] ; 0xc + bf4: 9006 str r0, [sp, #24] ; 0x18 + bf6: 980c ldr r0, [sp, #48] ; 0x30 + bf8: 0400 lsl r0, r0, #16 + bfa: 1400 asr r0, r0, #16 + bfc: 0400 lsl r0, r0, #16 + bfe: 1400 asr r0, r0, #16 + c00: 0400 lsl r0, r0, #16 + c02: 0c00 lsr r0, r0, #16 + c04: 9904 ldr r1, [sp, #16] ; 0x10 + c06: 0409 lsl r1, r1, #16 + c08: 0c09 lsr r1, r1, #16 + c0a: 0409 lsl r1, r1, #16 + c0c: 4308 orr r0, r1 + c0e: 9003 str r0, [sp, #12] ; 0xc + c10: 9804 ldr r0, [sp, #16] ; 0x10 + c12: 0c00 lsr r0, r0, #16 + c14: 0400 lsl r0, r0, #16 + c16: 0c00 lsr r0, r0, #16 + c18: 9906 ldr r1, [sp, #24] ; 0x18 + c1a: 0409 lsl r1, r1, #16 + c1c: 0c09 lsr r1, r1, #16 + c1e: 0409 lsl r1, r1, #16 + c20: 4308 orr r0, r1 + c22: 9004 str r0, [sp, #16] ; 0x10 + c24: 9807 ldr r0, [sp, #28] ; 0x1c + c26: 3001 add r0, #1 + c28: 9007 str r0, [sp, #28] ; 0x1c + c2a: 9807 ldr r0, [sp, #28] ; 0x1c + c2c: 9905 ldr r1, [sp, #20] ; 0x14 + c2e: 4288 cmp r0, r1 + c30: da00 bge 0xc34 + c32: e778 b 0xb26 + c34: 2000 mov r0, #0 + c36: 9007 str r0, [sp, #28] ; 0x1c + c38: 9807 ldr r0, [sp, #28] ; 0x1c + c3a: 2804 cmp r0, #4 + c3c: da10 bge 0xc60 + c3e: 9b07 ldr r3, [sp, #28] ; 0x1c + c40: 9a00 ldr r2, [sp, #0] + c42: 2103 mov r1, #3 + c44: 9807 ldr r0, [sp, #28] ; 0x1c + c46: 1a08 sub r0, r1, r0 + c48: 00c1 lsl r1, r0, #3 + c4a: 9803 ldr r0, [sp, #12] ; 0xc + c4c: 4108 asr r0, r1 + c4e: 0600 lsl r0, r0, #24 + c50: 0e00 lsr r0, r0, #24 + c52: 5498 strb r0, [r3, r2] + c54: 9807 ldr r0, [sp, #28] ; 0x1c + c56: 3001 add r0, #1 + c58: 9007 str r0, [sp, #28] ; 0x1c + c5a: 9807 ldr r0, [sp, #28] ; 0x1c + c5c: 2804 cmp r0, #4 + c5e: dbee blt 0xc3e + c60: 2004 mov r0, #4 + c62: 9007 str r0, [sp, #28] ; 0x1c + c64: 9807 ldr r0, [sp, #28] ; 0x1c + c66: 2808 cmp r0, #8 + c68: da10 bge 0xc8c + c6a: 9907 ldr r1, [sp, #28] ; 0x1c + c6c: 9b00 ldr r3, [sp, #0] + c6e: 2207 mov r2, #7 + c70: 9807 ldr r0, [sp, #28] ; 0x1c + c72: 1a10 sub r0, r2, r0 + c74: 00c0 lsl r0, r0, #3 + c76: 9a04 ldr r2, [sp, #16] ; 0x10 + c78: 4102 asr r2, r0 + c7a: 0610 lsl r0, r2, #24 + c7c: 0e00 lsr r0, r0, #24 + c7e: 54c8 strb r0, [r1, r3] + c80: 9807 ldr r0, [sp, #28] ; 0x1c + c82: 3001 add r0, #1 + c84: 9007 str r0, [sp, #28] ; 0x1c + c86: 9807 ldr r0, [sp, #28] ; 0x1c + c88: 2808 cmp r0, #8 + c8a: dbee blt 0xc6a + c8c: b00e add sp, #56 ; 0x38 + c8e: bd00 pop {pc} + + c90: b500 push {lr} + c92: b083 sub sp, #12 ; 0xc + c94: 9101 str r1, [sp, #4] + c96: 9000 str r0, [sp, #0] + c98: 4669 mov r1, sp + c9a: 2000 mov r0, #0 + c9c: 7208 strb r0, [r1, #8] + c9e: 4668 mov r0, sp + ca0: 7a00 ldrb r0, [r0, #8] + ca2: 2810 cmp r0, #16 ; 0x10 + ca4: da3f bge 0xd26 + ca6: 4668 mov r0, sp + ca8: 7a00 ldrb r0, [r0, #8] + caa: 0fc1 lsr r1, r0, #31 + cac: 1808 add r0, r1, r0 + cae: 1042 asr r2, r0, #1 + cb0: 9901 ldr r1, [sp, #4] + cb2: 4668 mov r0, sp + cb4: 7a03 ldrb r3, [r0, #8] + cb6: 9800 ldr r0, [sp, #0] + cb8: 5c18 ldrb r0, [r3, r0] + cba: 2839 cmp r0, #57 ; 0x39 + cbc: dd05 ble 0xcca + cbe: 4668 mov r0, sp + cc0: 7a00 ldrb r0, [r0, #8] + cc2: 9b00 ldr r3, [sp, #0] + cc4: 5cc0 ldrb r0, [r0, r3] + cc6: 3837 sub r0, #55 ; 0x37 + cc8: e004 b 0xcd4 + cca: 4668 mov r0, sp + ccc: 7a00 ldrb r0, [r0, #8] + cce: 9b00 ldr r3, [sp, #0] + cd0: 5cc0 ldrb r0, [r0, r3] + cd2: 3830 sub r0, #48 ; 0x30 + cd4: 0100 lsl r0, r0, #4 + cd6: 5450 strb r0, [r2, r1] + cd8: 4668 mov r0, sp + cda: 7a00 ldrb r0, [r0, #8] + cdc: 0fc1 lsr r1, r0, #31 + cde: 1808 add r0, r1, r0 + ce0: 1041 asr r1, r0, #1 + ce2: 9801 ldr r0, [sp, #4] + ce4: 180a add r2, r1, r0 + ce6: 4668 mov r0, sp + ce8: 7a01 ldrb r1, [r0, #8] + cea: 9800 ldr r0, [sp, #0] + cec: 1808 add r0, r1, r0 + cee: 7840 ldrb r0, [r0, #1] + cf0: 2839 cmp r0, #57 ; 0x39 + cf2: dd06 ble 0xd02 + cf4: 4668 mov r0, sp + cf6: 7a00 ldrb r0, [r0, #8] + cf8: 9900 ldr r1, [sp, #0] + cfa: 1840 add r0, r0, r1 + cfc: 7840 ldrb r0, [r0, #1] + cfe: 3837 sub r0, #55 ; 0x37 + d00: e005 b 0xd0e + d02: 4668 mov r0, sp + d04: 7a01 ldrb r1, [r0, #8] + d06: 9800 ldr r0, [sp, #0] + d08: 1808 add r0, r1, r0 + d0a: 7840 ldrb r0, [r0, #1] + d0c: 3830 sub r0, #48 ; 0x30 + d0e: 7811 ldrb r1, [r2, #0] + d10: 1840 add r0, r0, r1 + d12: 7010 strb r0, [r2, #0] + d14: 4669 mov r1, sp + d16: 4668 mov r0, sp + d18: 7a00 ldrb r0, [r0, #8] + d1a: 3002 add r0, #2 + d1c: 7208 strb r0, [r1, #8] + d1e: 4668 mov r0, sp + d20: 7a00 ldrb r0, [r0, #8] + d22: 2810 cmp r0, #16 ; 0x10 + d24: dbbf blt 0xca6 + d26: 9801 ldr r0, [sp, #4] + d28: f7ff feaf bl 0xa8a + d2c: b003 add sp, #12 ; 0xc + d2e: bd00 pop {pc} + + d30: b500 push {lr} + d32: b089 sub sp, #36 ; 0x24 + d34: 9303 str r3, [sp, #12] ; 0xc + d36: 9202 str r2, [sp, #8] + d38: 9101 str r1, [sp, #4] + d3a: 9000 str r0, [sp, #0] + d3c: 9803 ldr r0, [sp, #12] ; 0xc + d3e: 2800 cmp r0, #0 + d40: dd53 ble 0xdea + d42: 9803 ldr r0, [sp, #12] ; 0xc + d44: 9006 str r0, [sp, #24] ; 0x18 + d46: 2000 mov r0, #0 + d48: 9004 str r0, [sp, #16] ; 0x10 + d4a: 9804 ldr r0, [sp, #16] ; 0x10 + d4c: 2808 cmp r0, #8 + d4e: da0b bge 0xd68 + d50: 9904 ldr r1, [sp, #16] ; 0x10 + d52: 9800 ldr r0, [sp, #0] + d54: 5c09 ldrb r1, [r1, r0] + d56: 9804 ldr r0, [sp, #16] ; 0x10 + d58: aa07 add r2, sp, #28 ; 0x1c + d5a: 5411 strb r1, [r2, r0] + d5c: 9804 ldr r0, [sp, #16] ; 0x10 + d5e: 3001 add r0, #1 + d60: 9004 str r0, [sp, #16] ; 0x10 + d62: 9804 ldr r0, [sp, #16] ; 0x10 + d64: 2808 cmp r0, #8 + d66: dbf3 blt 0xd50 + d68: 9806 ldr r0, [sp, #24] ; 0x18 + d6a: 2800 cmp r0, #0 + d6c: dd2c ble 0xdc8 + d6e: 9806 ldr r0, [sp, #24] ; 0x18 + d70: 2808 cmp r0, #8 + d72: da01 bge 0xd78 + d74: 9806 ldr r0, [sp, #24] ; 0x18 + d76: e000 b 0xd7a + d78: 2008 mov r0, #8 + d7a: 9005 str r0, [sp, #20] ; 0x14 + d7c: 2000 mov r0, #0 + d7e: 9004 str r0, [sp, #16] ; 0x10 + d80: 9804 ldr r0, [sp, #16] ; 0x10 + d82: 2808 cmp r0, #8 + d84: da17 bge 0xdb6 + d86: 9904 ldr r1, [sp, #16] ; 0x10 + d88: 9805 ldr r0, [sp, #20] ; 0x14 + d8a: 4281 cmp r1, r0 + d8c: da0d bge 0xdaa + d8e: 9803 ldr r0, [sp, #12] ; 0xc + d90: 9901 ldr r1, [sp, #4] + d92: 1840 add r0, r0, r1 + d94: 9906 ldr r1, [sp, #24] ; 0x18 + d96: 1a40 sub r0, r0, r1 + d98: 9904 ldr r1, [sp, #16] ; 0x10 + d9a: 5c09 ldrb r1, [r1, r0] + d9c: 9804 ldr r0, [sp, #16] ; 0x10 + d9e: aa07 add r2, sp, #28 ; 0x1c + da0: 5c10 ldrb r0, [r2, r0] + da2: 4048 eor r0, r1 + da4: 9904 ldr r1, [sp, #16] ; 0x10 + da6: aa07 add r2, sp, #28 ; 0x1c + da8: 5450 strb r0, [r2, r1] + daa: 9804 ldr r0, [sp, #16] ; 0x10 + dac: 3001 add r0, #1 + dae: 9004 str r0, [sp, #16] ; 0x10 + db0: 9804 ldr r0, [sp, #16] ; 0x10 + db2: 2808 cmp r0, #8 + db4: dbe7 blt 0xd86 + db6: a807 add r0, sp, #28 ; 0x1c + db8: f7ff fe67 bl 0xa8a + dbc: 9806 ldr r0, [sp, #24] ; 0x18 + dbe: 3808 sub r0, #8 + dc0: 9006 str r0, [sp, #24] ; 0x18 + dc2: 9806 ldr r0, [sp, #24] ; 0x18 + dc4: 2800 cmp r0, #0 + dc6: dcd2 bgt 0xd6e + dc8: 2000 mov r0, #0 + dca: 9004 str r0, [sp, #16] ; 0x10 + dcc: 9804 ldr r0, [sp, #16] ; 0x10 + dce: 2808 cmp r0, #8 + dd0: da0b bge 0xdea + dd2: 9804 ldr r0, [sp, #16] ; 0x10 + dd4: 9a02 ldr r2, [sp, #8] + dd6: 9b04 ldr r3, [sp, #16] ; 0x10 + dd8: a907 add r1, sp, #28 ; 0x1c + dda: 5cc9 ldrb r1, [r1, r3] + ddc: 5481 strb r1, [r0, r2] + dde: 9804 ldr r0, [sp, #16] ; 0x10 + de0: 3001 add r0, #1 + de2: 9004 str r0, [sp, #16] ; 0x10 + de4: 9804 ldr r0, [sp, #16] ; 0x10 + de6: 2808 cmp r0, #8 + de8: dbf3 blt 0xdd2 + dea: b009 add sp, #36 ; 0x24 + dec: bd00 pop {pc} + dee: 46c0 nop (mov r8, r8) + + df0: 72d42a70 + df4: 9836f25a + + df8: b082 sub sp, #8 + dfa: 4669 mov r1, sp + dfc: 7008 strb r0, [r1, #0] + dfe: 2000 mov r0, #0 + e00: 8088 strh r0, [r1, #4] + e02: 4668 mov r0, sp + e04: 8881 ldrh r1, [r0, #4] + e06: 20ff mov r0, #255 ; 0xff + e08: 30f5 add r0, #245 ; 0xf5 + e0a: 4281 cmp r1, r0 + e0c: da21 bge 0xe52 + e0e: 4669 mov r1, sp + e10: 4668 mov r0, sp + e12: 8880 ldrh r0, [r0, #4] + e14: 3001 add r0, #1 + e16: 8088 strh r0, [r1, #4] + e18: 48b4 ldr r0, =0x12fc ; via 0x10ec + e1a: 7809 ldrb r1, [r1, #0] + e1c: 0089 lsl r1, r1, #2 + e1e: 5840 ldr r0, [r0, r1] + e20: 7940 ldrb r0, [r0, #5] + e22: 4669 mov r1, sp + e24: 7048 strb r0, [r1, #1] + e26: 4668 mov r0, sp + e28: 7840 ldrb r0, [r0, #1] + e2a: 0840 lsr r0, r0, #1 + e2c: d30b bcc 0xe46 + e2e: 49af ldr r1, =0x12fc ; via 0x10ec + e30: 4668 mov r0, sp + e32: 7800 ldrb r0, [r0, #0] + e34: 0080 lsl r0, r0, #2 + e36: 5808 ldr r0, [r1, r0] + e38: 7800 ldrb r0, [r0, #0] + e3a: 0600 lsl r0, r0, #24 + e3c: 0e00 lsr r0, r0, #24 + e3e: 4669 mov r1, sp + e40: 7088 strb r0, [r1, #2] + e42: 2000 mov r0, #0 + e44: 8088 strh r0, [r1, #4] + e46: 4668 mov r0, sp + e48: 8881 ldrh r1, [r0, #4] + e4a: 20ff mov r0, #255 ; 0xff + e4c: 30f5 add r0, #245 ; 0xf5 + e4e: 4281 cmp r1, r0 + e50: dbdd blt 0xe0e + e52: b002 add sp, #8 + e54: 4770 bx lr + + e56: b081 sub sp, #4 + e58: 49a5 ldr r1, =0x1000010 ; via 0x10f0 + e5a: 2000 mov r0, #0 + e5c: 7008 strb r0, [r1, #0] + e5e: 49a3 ldr r1, =0x12fc ; via 0x10ec + e60: 48a3 ldr r0, =0x1000010 ; via 0x10f0 + e62: 7800 ldrb r0, [r0, #0] + e64: 0080 lsl r0, r0, #2 + e66: 5808 ldr r0, [r1, r0] + e68: 9000 str r0, [sp, #0] + e6a: 49a2 ldr r1, =0x1000011 ; via 0x10f4 + e6c: 2054 mov r0, #84 ; 0x54 + e6e: 7008 strb r0, [r1, #0] + e70: 49a1 ldr r1, =0xffff6000 ; via 0x10f8 + e72: 2002 mov r0, #2 + e74: 880a ldrh r2, [r1, #0] + e76: 4310 orr r0, r2 + e78: 8008 strh r0, [r1, #0] + e7a: 489f ldr r0, =0xffff6000 ; via 0x10f8 + e7c: 8801 ldrh r1, [r0, #0] + e7e: 0849 lsr r1, r1, #1 + e80: 0049 lsl r1, r1, #1 + e82: 8001 strh r1, [r0, #0] + e84: 499c ldr r1, =0xffff6000 ; via 0x10f8 + e86: 8808 ldrh r0, [r1, #0] + e88: 2202 mov r2, #2 + e8a: 4390 bic r0, r2 + e8c: 8008 strh r0, [r1, #0] + e8e: 9800 ldr r0, [sp, #0] + e90: 2107 mov r1, #7 + e92: 7201 strb r1, [r0, #8] + e94: 9800 ldr r0, [sp, #0] + e96: 7a00 ldrb r0, [r0, #8] + e98: 2807 cmp r0, #7 + e9a: d1fb bne 0xe94 + e9c: 9900 ldr r1, [sp, #0] + e9e: 20bf mov r0, #191 ; 0xbf + ea0: 70c8 strb r0, [r1, #3] + ea2: 9800 ldr r0, [sp, #0] + ea4: 2110 mov r1, #16 ; 0x10 + ea6: 7081 strb r1, [r0, #2] + ea8: 9800 ldr r0, [sp, #0] + eaa: 2140 mov r1, #64 ; 0x40 + eac: 7101 strb r1, [r0, #4] + eae: 9800 ldr r0, [sp, #0] + eb0: 2100 mov r1, #0 + eb2: 71c1 strb r1, [r0, #7] + eb4: 9800 ldr r0, [sp, #0] + eb6: 70c1 strb r1, [r0, #3] + eb8: 9800 ldr r0, [sp, #0] + eba: 2187 mov r1, #135 ; 0x87 + ebc: 7081 strb r1, [r0, #2] + ebe: 9800 ldr r0, [sp, #0] + ec0: 2180 mov r1, #128 ; 0x80 + ec2: 70c1 strb r1, [r0, #3] + ec4: 9800 ldr r0, [sp, #0] + ec6: 498b ldr r1, =0x1000011 ; via 0x10f4 + ec8: 7809 ldrb r1, [r1, #0] + eca: 7001 strb r1, [r0, #0] + ecc: 9900 ldr r1, [sp, #0] + ece: 2000 mov r0, #0 + ed0: 7048 strb r0, [r1, #1] + ed2: 9900 ldr r1, [sp, #0] + ed4: 2003 mov r0, #3 + ed6: 70c8 strb r0, [r1, #3] + ed8: 9900 ldr r1, [sp, #0] + eda: 2000 mov r0, #0 + edc: 7208 strb r0, [r1, #8] + ede: b001 add sp, #4 + ee0: 4770 bx lr + + ee2: b081 sub sp, #4 + ee4: 4669 mov r1, sp + ee6: 7008 strb r0, [r1, #0] + ee8: 4980 ldr r1, =0x12fc ; via 0x10ec + eea: 4668 mov r0, sp + eec: 7800 ldrb r0, [r0, #0] + eee: 0080 lsl r0, r0, #2 + ef0: 5808 ldr r0, [r1, r0] + ef2: 2107 mov r1, #7 + ef4: 7201 strb r1, [r0, #8] + ef6: 487d ldr r0, =0x12fc ; via 0x10ec + ef8: 4669 mov r1, sp + efa: 7809 ldrb r1, [r1, #0] + efc: 0089 lsl r1, r1, #2 + efe: 5840 ldr r0, [r0, r1] + f00: 7a00 ldrb r0, [r0, #8] + f02: 2807 cmp r0, #7 + f04: d1f7 bne 0xef6 + f06: 4979 ldr r1, =0x12fc ; via 0x10ec + f08: 4668 mov r0, sp + f0a: 7800 ldrb r0, [r0, #0] + f0c: 0080 lsl r0, r0, #2 + f0e: 5808 ldr r0, [r1, r0] + f10: 2180 mov r1, #128 ; 0x80 + f12: 70c1 strb r1, [r0, #3] + f14: 4875 ldr r0, =0x12fc ; via 0x10ec + f16: 4669 mov r1, sp + f18: 7809 ldrb r1, [r1, #0] + f1a: 0089 lsl r1, r1, #2 + f1c: 5840 ldr r0, [r0, r1] + f1e: 4975 ldr r1, =0x1000011 ; via 0x10f4 + f20: 7809 ldrb r1, [r1, #0] + f22: 7001 strb r1, [r0, #0] + f24: 4871 ldr r0, =0x12fc ; via 0x10ec + f26: 4669 mov r1, sp + f28: 7809 ldrb r1, [r1, #0] + f2a: 0089 lsl r1, r1, #2 + f2c: 5840 ldr r0, [r0, r1] + f2e: 2100 mov r1, #0 + f30: 7041 strb r1, [r0, #1] + f32: 486e ldr r0, =0x12fc ; via 0x10ec + f34: 4669 mov r1, sp + f36: 7809 ldrb r1, [r1, #0] + f38: 0089 lsl r1, r1, #2 + f3a: 5840 ldr r0, [r0, r1] + f3c: 2103 mov r1, #3 + f3e: 70c1 strb r1, [r0, #3] + f40: 486a ldr r0, =0x12fc ; via 0x10ec + f42: 4669 mov r1, sp + f44: 7809 ldrb r1, [r1, #0] + f46: 0089 lsl r1, r1, #2 + f48: 5840 ldr r0, [r0, r1] + f4a: 2100 mov r1, #0 + f4c: 7201 strb r1, [r0, #8] + f4e: b001 add sp, #4 + f50: 4770 bx lr + + f52: b081 sub sp, #4 + f54: 4669 mov r1, sp + f56: 7008 strb r0, [r1, #0] + f58: 4964 ldr r1, =0x12fc ; via 0x10ec + f5a: 4668 mov r0, sp + f5c: 7800 ldrb r0, [r0, #0] + f5e: 0080 lsl r0, r0, #2 + f60: 5808 ldr r0, [r1, r0] + f62: 7941 ldrb r1, [r0, #5] + f64: 4668 mov r0, sp + f66: 7041 strb r1, [r0, #1] + f68: 7840 ldrb r0, [r0, #1] + f6a: 09c0 lsr r0, r0, #7 + f6c: d20b bcs 0xf86 + f6e: 485f ldr r0, =0x12fc ; via 0x10ec + f70: 4669 mov r1, sp + f72: 7809 ldrb r1, [r1, #0] + f74: 0089 lsl r1, r1, #2 + f76: 5840 ldr r0, [r0, r1] + f78: 7940 ldrb r0, [r0, #5] + f7a: 4669 mov r1, sp + f7c: 7048 strb r0, [r1, #1] + f7e: 4668 mov r0, sp + f80: 7840 ldrb r0, [r0, #1] + f82: 09c0 lsr r0, r0, #7 + f84: d3f3 bcc 0xf6e + f86: b001 add sp, #4 + f88: 4770 bx lr + + f8a: b085 sub sp, #20 ; 0x14 + f8c: 466b mov r3, sp + f8e: 719a strb r2, [r3, #6] + f90: 466a mov r2, sp + f92: 8091 strh r1, [r2, #4] + f94: 9000 str r0, [sp, #0] + f96: 9800 ldr r0, [sp, #0] + f98: 9002 str r0, [sp, #8] + f9a: 4669 mov r1, sp + f9c: 4668 mov r0, sp + f9e: 8880 ldrh r0, [r0, #4] + fa0: 8208 strh r0, [r1, #16] ; 0x10 + fa2: 4668 mov r0, sp + fa4: 8a00 ldrh r0, [r0, #16] ; 0x10 + fa6: 2800 cmp r0, #0 + fa8: d01e beq 0xfe8 + faa: 4950 ldr r1, =0x12fc ; via 0x10ec + fac: 4668 mov r0, sp + fae: 7980 ldrb r0, [r0, #6] + fb0: 0080 lsl r0, r0, #2 + fb2: 5808 ldr r0, [r1, r0] + fb4: 7941 ldrb r1, [r0, #5] + fb6: 4668 mov r0, sp + fb8: 7301 strb r1, [r0, #12] ; 0xc + fba: 7b00 ldrb r0, [r0, #12] ; 0xc + fbc: 0980 lsr r0, r0, #6 + fbe: d3f4 bcc 0xfaa + fc0: 494a ldr r1, =0x12fc ; via 0x10ec + fc2: 4668 mov r0, sp + fc4: 7980 ldrb r0, [r0, #6] + fc6: 0080 lsl r0, r0, #2 + fc8: 5809 ldr r1, [r1, r0] + fca: 9802 ldr r0, [sp, #8] + fcc: 7800 ldrb r0, [r0, #0] + fce: 7008 strb r0, [r1, #0] + fd0: 9802 ldr r0, [sp, #8] + fd2: 3001 add r0, #1 + fd4: 9002 str r0, [sp, #8] + fd6: 4669 mov r1, sp + fd8: 4668 mov r0, sp + fda: 8a00 ldrh r0, [r0, #16] ; 0x10 + fdc: 3801 sub r0, #1 + fde: 8208 strh r0, [r1, #16] ; 0x10 + fe0: 4668 mov r0, sp + fe2: 8a00 ldrh r0, [r0, #16] ; 0x10 + fe4: 2800 cmp r0, #0 + fe6: d1e0 bne 0xfaa + fe8: b005 add sp, #20 ; 0x14 + fea: 4770 bx lr + + fec: b082 sub sp, #8 + fee: 466a mov r2, sp + ff0: 7111 strb r1, [r2, #4] + ff2: 9000 str r0, [sp, #0] + ff4: 483d ldr r0, =0x12fc ; via 0x10ec + ff6: 4669 mov r1, sp + ff8: 7909 ldrb r1, [r1, #4] + ffa: 0089 lsl r1, r1, #2 + ffc: 5840 ldr r0, [r0, r1] + ffe: 7940 ldrb r0, [r0, #5] + 1000: 4669 mov r1, sp + 1002: 7148 strb r0, [r1, #5] + 1004: 4668 mov r0, sp + 1006: 7940 ldrb r0, [r0, #5] + 1008: 0840 lsr r0, r0, #1 + 100a: d3f3 bcc 0xff4 + 100c: 4837 ldr r0, =0x12fc ; via 0x10ec + 100e: 7909 ldrb r1, [r1, #4] + 1010: 0089 lsl r1, r1, #2 + 1012: 5840 ldr r0, [r0, r1] + 1014: 7800 ldrb r0, [r0, #0] + 1016: 0600 lsl r0, r0, #24 + 1018: 0e00 lsr r0, r0, #24 + 101a: 9900 ldr r1, [sp, #0] + 101c: 7008 strb r0, [r1, #0] + 101e: b002 add sp, #8 + 1020: 4770 bx lr + + 1022: b083 sub sp, #12 ; 0xc + 1024: 466b mov r3, sp + 1026: 719a strb r2, [r3, #6] + 1028: 466a mov r2, sp + 102a: 8091 strh r1, [r2, #4] + 102c: 9000 str r0, [sp, #0] + 102e: 4669 mov r1, sp + 1030: 4668 mov r0, sp + 1032: 8880 ldrh r0, [r0, #4] + 1034: 8108 strh r0, [r1, #8] + 1036: 4668 mov r0, sp + 1038: 8900 ldrh r0, [r0, #8] + 103a: 2800 cmp r0, #0 + 103c: dd24 ble 0x1088 + 103e: 482b ldr r0, =0x12fc ; via 0x10ec + 1040: 4669 mov r1, sp + 1042: 7989 ldrb r1, [r1, #6] + 1044: 0089 lsl r1, r1, #2 + 1046: 5840 ldr r0, [r0, r1] + 1048: 7940 ldrb r0, [r0, #5] + 104a: 4669 mov r1, sp + 104c: 71c8 strb r0, [r1, #7] + 104e: 4668 mov r0, sp + 1050: 79c0 ldrb r0, [r0, #7] + 1052: 0840 lsr r0, r0, #1 + 1054: d3f3 bcc 0x103e + 1056: 4668 mov r0, sp + 1058: 8881 ldrh r1, [r0, #4] + 105a: 9800 ldr r0, [sp, #0] + 105c: 1809 add r1, r1, r0 + 105e: 4668 mov r0, sp + 1060: 8900 ldrh r0, [r0, #8] + 1062: 1a0a sub r2, r1, r0 + 1064: 4821 ldr r0, =0x12fc ; via 0x10ec + 1066: 4669 mov r1, sp + 1068: 7989 ldrb r1, [r1, #6] + 106a: 0089 lsl r1, r1, #2 + 106c: 5840 ldr r0, [r0, r1] + 106e: 7800 ldrb r0, [r0, #0] + 1070: 0600 lsl r0, r0, #24 + 1072: 0e00 lsr r0, r0, #24 + 1074: 7010 strb r0, [r2, #0] + 1076: 4669 mov r1, sp + 1078: 4668 mov r0, sp + 107a: 8900 ldrh r0, [r0, #8] + 107c: 3801 sub r0, #1 + 107e: 8108 strh r0, [r1, #8] + 1080: 4668 mov r0, sp + 1082: 8900 ldrh r0, [r0, #8] + 1084: 2800 cmp r0, #0 + 1086: dcda bgt 0x103e + 1088: b003 add sp, #12 ; 0xc + 108a: 4770 bx lr + + 108c: b082 sub sp, #8 + 108e: 466a mov r2, sp + 1090: 7111 strb r1, [r2, #4] + 1092: 9000 str r0, [sp, #0] + 1094: 4669 mov r1, sp + 1096: 2000 mov r0, #0 + 1098: 80c8 strh r0, [r1, #6] + 109a: 4668 mov r0, sp + 109c: 88c1 ldrh r1, [r0, #6] + 109e: 20ff mov r0, #255 ; 0xff + 10a0: 30f5 add r0, #245 ; 0xf5 + 10a2: 4281 cmp r1, r0 + 10a4: da1f bge 0x10e6 + 10a6: 4669 mov r1, sp + 10a8: 4668 mov r0, sp + 10aa: 88c0 ldrh r0, [r0, #6] + 10ac: 3001 add r0, #1 + 10ae: 80c8 strh r0, [r1, #6] + 10b0: 490e ldr r1, =0x12fc ; via 0x10ec + 10b2: 4668 mov r0, sp + 10b4: 7900 ldrb r0, [r0, #4] + 10b6: 0080 lsl r0, r0, #2 + 10b8: 5808 ldr r0, [r1, r0] + 10ba: 7941 ldrb r1, [r0, #5] + 10bc: 4668 mov r0, sp + 10be: 7141 strb r1, [r0, #5] + 10c0: 7940 ldrb r0, [r0, #5] + 10c2: 0840 lsr r0, r0, #1 + 10c4: d309 bcc 0x10da + 10c6: 4809 ldr r0, =0x12fc ; via 0x10ec + 10c8: 4669 mov r1, sp + 10ca: 7909 ldrb r1, [r1, #4] + 10cc: 0089 lsl r1, r1, #2 + 10ce: 5840 ldr r0, [r0, r1] + 10d0: 7800 ldrb r0, [r0, #0] + 10d2: 0600 lsl r0, r0, #24 + 10d4: 0e01 lsr r1, r0, #24 + 10d6: 9800 ldr r0, [sp, #0] + 10d8: 7001 strb r1, [r0, #0] + 10da: 4668 mov r0, sp + 10dc: 88c1 ldrh r1, [r0, #6] + 10de: 20ff mov r0, #255 ; 0xff + 10e0: 30f5 add r0, #245 ; 0xf5 + 10e2: 4281 cmp r1, r0 + 10e4: dbdf blt 0x10a6 + 10e6: b002 add sp, #8 + 10e8: 4770 bx lr + 10ea: 46c0 nop (mov r8, r8) + + 10ec: 000012fc + 10f0: 01000010 + 10f4: 01000011 + 10f8: ffff6000 + + 10fc: b43c push {r2, r3, r4, r5} + 10fe: 17cc asr r4, r1, #31 + 1100: 4061 eor r1, r4 + 1102: 1b09 sub r1, r1, r4 + 1104: d050 beq 0x11a8 + 1106: 17c2 asr r2, r0, #31 + 1108: 4050 eor r0, r2 + 110a: 1a80 sub r0, r0, r2 + 110c: 0864 lsr r4, r4, #1 + 110e: 4054 eor r4, r2 + 1110: 1c0a add r2, r1, #0 + 1112: 0c05 lsr r5, r0, #16 + 1114: 42aa cmp r2, r5 + 1116: d800 bhi 0x111a + 1118: 0412 lsl r2, r2, #16 + 111a: 0a05 lsr r5, r0, #8 + 111c: 42aa cmp r2, r5 + 111e: d800 bhi 0x1122 + 1120: 0212 lsl r2, r2, #8 + 1122: 1c03 add r3, r0, #0 + 1124: a51b add r5, pc, #108 ; 0x6c + 1126: 085b lsr r3, r3, #1 + 1128: 3d0c sub r5, #12 ; 0xc + 112a: 429a cmp r2, r3 + 112c: d9fb bls 0x1126 + 112e: 2300 mov r3, #0 + 1130: 46af mov pc, r5 + 1132: 0a12 lsr r2, r2, #8 + 1134: 01d5 lsl r5, r2, #7 + 1136: 42a8 cmp r0, r5 + 1138: 415b adc r3, r3 + 113a: 42a8 cmp r0, r5 + 113c: d300 bcc 0x1140 + 113e: 1b40 sub r0, r0, r5 + 1140: 0195 lsl r5, r2, #6 + 1142: 42a8 cmp r0, r5 + 1144: 415b adc r3, r3 + 1146: 42a8 cmp r0, r5 + 1148: d300 bcc 0x114c + 114a: 1b40 sub r0, r0, r5 + 114c: 0155 lsl r5, r2, #5 + 114e: 42a8 cmp r0, r5 + 1150: 415b adc r3, r3 + 1152: 42a8 cmp r0, r5 + 1154: d300 bcc 0x1158 + 1156: 1b40 sub r0, r0, r5 + 1158: 0115 lsl r5, r2, #4 + 115a: 42a8 cmp r0, r5 + 115c: 415b adc r3, r3 + 115e: 42a8 cmp r0, r5 + 1160: d300 bcc 0x1164 + 1162: 1b40 sub r0, r0, r5 + 1164: 00d5 lsl r5, r2, #3 + 1166: 42a8 cmp r0, r5 + 1168: 415b adc r3, r3 + 116a: 42a8 cmp r0, r5 + 116c: d300 bcc 0x1170 + 116e: 1b40 sub r0, r0, r5 + 1170: 0095 lsl r5, r2, #2 + 1172: 42a8 cmp r0, r5 + 1174: 415b adc r3, r3 + 1176: 42a8 cmp r0, r5 + 1178: d300 bcc 0x117c + 117a: 1b40 sub r0, r0, r5 + 117c: 0055 lsl r5, r2, #1 + 117e: 42a8 cmp r0, r5 + 1180: 415b adc r3, r3 + 1182: 42a8 cmp r0, r5 + 1184: d300 bcc 0x1188 + 1186: 1b40 sub r0, r0, r5 + 1188: 4290 cmp r0, r2 + 118a: 415b adc r3, r3 + 118c: 4290 cmp r0, r2 + 118e: d300 bcc 0x1192 + 1190: 1a80 sub r0, r0, r2 + 1192: 4291 cmp r1, r2 + 1194: d3cd bcc 0x1132 + 1196: 17e5 asr r5, r4, #31 + 1198: 4068 eor r0, r5 + 119a: 1b40 sub r0, r0, r5 + 119c: 0064 lsl r4, r4, #1 + 119e: 17e4 asr r4, r4, #31 + 11a0: 4063 eor r3, r4 + 11a2: 1b19 sub r1, r3, r4 + 11a4: bc3c pop {r2, r3, r4, r5} + 11a6: 46f7 mov pc, lr + 11a8: 2000 mov r0, #0 + 11aa: bc3c pop {r2, r3, r4, r5} + 11ac: 46f7 mov pc, lr + + 11ae: 0000 lsl r0, r0, #0 + 11b0: 4918 ldr r1, =0xfffffa08 ; via 0x1214 + 11b2: 4819 ldr r0, =0xffff ; via 0x1218 + 11b4: 8008 strh r0, [r1, #0] + 11b6: 4819 ldr r0, =0xfffffa0a ; via 0x121c + 11b8: 211f mov r1, #31 ; 0x1f + 11ba: 8001 strh r1, [r0, #0] + 11bc: 4818 ldr r0, =0xfffff804 ; via 0x1220 + 11be: 21f5 mov r1, #245 ; 0xf5 + 11c0: 8001 strh r1, [r0, #0] + 11c2: 21a0 mov r1, #160 ; 0xa0 + 11c4: 8001 strh r1, [r0, #0] + 11c6: 4817 ldr r0, =0xffff9800 ; via 0x1224 + 11c8: 4917 ldr r1, =0x2002 ; via 0x1228 + 11ca: 8001 strh r1, [r0, #0] + 11cc: 4815 ldr r0, =0xffff9800 ; via 0x1224 + 11ce: 8800 ldrh r0, [r0, #0] + 11d0: 0840 lsr r0, r0, #1 + 11d2: d2fb bcs 0x11cc + 11d4: 4915 ldr r1, =0xfffffd00 ; via 0x122c + 11d6: 4816 ldr r0, =0x1001 ; via 0x1230 + 11d8: 8008 strh r0, [r1, #0] + 11da: 4916 ldr r1, =0xfffffd02 ; via 0x1234 + 11dc: 2080 mov r0, #128 ; 0x80 + 11de: 8008 strh r0, [r1, #0] + 11e0: 4915 ldr r1, =0xfffef006 ; via 0x1238 + 11e2: 2008 mov r0, #8 + 11e4: 880a ldrh r2, [r1, #0] + 11e6: 4310 orr r0, r2 + 11e8: 8008 strh r0, [r1, #0] + 11ea: 46f7 mov pc, lr + + 11ec: b500 push {lr} + 11ee: f7ff ffdf bl 0x11b0 + 11f2: f7ff fe30 bl 0xe56 + 11f6: bd00 pop {pc} + + 11f8: b500 push {lr} + 11fa: f7fe ffc4 bl 0x186 + 11fe: 2801 cmp r0, #1 + 1200: d104 bne 0x120c + 1202: f7ff f8a2 bl 0x34a + 1206: f7ff fb6f bl 0x8e8 + 120a: bd00 pop {pc} + 120c: f7ff fbba bl 0x984 + 1210: bd00 pop {pc} + 1212: 46c0 nop (mov r8, r8) + + 1214: fffffa08 + 1218: 0000ffff + 121c: fffffa0a + 1220: fffff804 + 1224: ffff9800 + 1228: 00002002 + 122c: fffffd00 + 1230: 00001001 + 1234: fffffd02 + 1238: fffef006 + 123c: fffffb00 + 1240: 02a1 + 1242: 02a1 + 1244: 02a1 + 1246: 0283 + 1248: 0281 + 124a: 00c0 + 124c: 0040 + 124e: 002a + + 1250: e51f101c ldr r1, =0xfffffb00 ; via 0x123c + 1254: e15f21bc ldrh r2, =0x2a1 ; via 0x1240 + 1258: e1c120b0 strh r2, [r1] + 125c: e15f22b2 ldrh r2, =0x2a1 ; via 0x1242 + 1260: e1c120b2 strh r2, [r1, #2] + 1264: e15f22b8 ldrh r2, =0x2a1 ; via 0x1244 + 1268: e1c120b4 strh r2, [r1, #4] + 126c: e15f22be ldrh r2, =0x283 ; via 0x1246 + 1270: e1c120b6 strh r2, [r1, #6] + 1274: e15f23b4 ldrh r2, =0x281 ; via 0x1248 + 1278: e1c120ba strh r2, [r1, #10] ; 0xa + 127c: e15f23ba ldrh r2, =0xc0 ; via 0x124a + 1280: e1c120bc strh r2, [r1, #12] ; 0xc + 1284: e15f24b0 ldrh r2, =0x40 ; via 0x124c + 1288: e1c120b8 strh r2, [r1, #8] + 128c: e15f24b6 ldrh r2, =0x2a ; via 0x124e + 1290: e1c120be strh r2, [r1, #14] ; 0xe + 1294: e59f0018 ldr r0, =0x1001000 ; via 0x12b4 + 1298: e3a01b01 mov r1, #1024 ; 0x400 + 129c: e2411004 sub r1, r1, #4 + 12a0: e0802001 add r2, r0, r1 + 12a4: e3c22003 bic r2, r2, #3 + 12a8: e1a0d002 mov sp, r2 + 12ac: eb000007 bl 0x12d0 + 12b0: ea000000 b 0x12b8 + 12b4: 01001000 + + 12b8: e92d4000 stmdb sp!, {lr} + 12bc: e28fe001 add lr, pc, #1 + 12c0: e12fff1e bx lr + 12c4: f7ff ff98 bl 0x11f8 + 12c8: 4778 bx pc + 12ca: 46c0 nop (mov r8, r8) + 12cc: e8bd8000 ldmia sp!, {pc} + + 12d0: e92d4000 stmdb sp!, {lr} + 12d4: e28fe001 add lr, pc, #1 + 12d8: e12fff1e bx lr + 12dc: f7ff ff86 bl 0x11ec + 12e0: 4778 bx pc + 12e2: 46c0 nop (mov r8, r8) + 12e4: e8bd8000 ldmia sp!, {pc} + + 12e8: 46a4 mov r12, r4 + 12ea: 0864 lsr r4, r4, #1 + 12ec: d301 bcc 0x12f2 + 12ee: 4760 bx r12 + 12f0: 46c0 nop (mov r8, r8) + 12f2: 4674 mov r4, lr + 12f4: 46fe mov lr, pc + 12f6: 4760 bx r12 + 12f8: e12fff14 bx r4 + + 12fc: ffff5800 + 1300: ffff5000 + 1304: 2a150e07 + 1308: 00000054 + + 2000: 00000001 diff -r 35009c936a4a -r 6c31d8c54ae4 se_k200i/chipset --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/se_k200i/chipset Sun Nov 06 01:13:43 2022 +0000 @@ -0,0 +1,19 @@ +The core baseband chipset found inside SE K200/220 phones consists of: + +* Calypso variant 751992A (C035, final DSP ROM version 3606, full 512 KiB IRAM) +* ABB: TWL3025BZ, familiar Iota +* Flash+XRAM: Spansion S71PL129NB0HFW4B (16 MiB flash, 4 MiB RAM) + +Calypso MEMIF chip selects: + +nCS0: flash main bank (boot) +nCS1: XRAM +nCS2: flash second bank +nCS3: currently unknown +nCS4: ditto + +RF components: + +* Transceiver: TRF6151CJ, familiar Rita +* PA: SKY77318 +* Antenna switch: Murata LMSP43AA-191 diff -r 35009c936a4a -r 6c31d8c54ae4 se_k200i/flash-notes --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/se_k200i/flash-notes Sun Nov 06 01:13:43 2022 +0000 @@ -0,0 +1,62 @@ +SE K200 family phones have 16 MiB of flash total, physically presented to the +Calypso chip as two banks of 8 MiB each. Their official fw architecture uses +the following flash organization: + +Flash bank 1, first 64 KiB sector: + +This part of the flash naturally contains the boot entry point. The word at +0x2000 equals 1, telling Calypso boot ROM to move itself out of the way and +perform a watchdog reset, and then the reset entry point is at 0. The code +implemented by SE or their ODM in this flash sector is a boot stage of their +own invention, eventually passing control to the main fw entry point at +0x200000. + +Flash bank 1, 64 KiB sector at 0x10000: + +This sector holds two items of factory-programmed data, apparently intended to +remain immutable for the lifetime of each hw unit: + + 7 bytes at 0x10000: the phone's IMEI, format obvious, no obfuscation + 1 byte at 0x10007: 0xFF filler +64 bytes at 0x10008: appear to be cryptographically random filler + +Flash bank 1 starting at 0x20000: + +The main firmware image resides here, entry point right at 0x200000. + +Flash bank 2, first 13 sectors of 256 KiB each: + +The firmware on this phone model uses classic TIFFS. Their TIFFS organization +is 256x13 (a little smaller than Pirelli's 256x18), sitting at the beginning of +flash bank 2, mapped into Calypso address space at 0x01800000. FFS design +appears to be self-regenerating: if the fw is booted with all FFS sectors +erased, it will not only format a new FFS like Pirelli's fw, but also fill it +with all necessary data. In contrast with Pirelli's fw architecture, the FFS +in these SE K200 phones appears to NOT contain any static asset files that must +be loaded externally. + +Flash bank 2, area starting at 0x01B40000, right after TIFFS: + +This area appears to be an extension of the firmware. Without a lot more +reverse eng work, it is not obvious if this area contains any executable code, +or if it is only data bits like UI pixel images, MIDI ringtones, language +strings etc. + +Flash bank 2, 64 KiB sector at 0x01FD0000: + +This sector holds factory calibration data, including RF, AFC (VCXO) and MADC +calibrations. When the firmware reinitializes a freshly formatted FFS, it must +be copying calibration bits from this sector. + +Flash bank 2, 64 KiB sector at 0x01FF0000 (end of flash): + +First 0x2C8 bytes: purpose unknown, but they are fed into the hash function +that determines whether or not the firmware is allowed to boot. + +8 bytes at 0x01FF02C8: output of some kind of cryptographic hash function + +There is a hash function implemented in the custom bootloader in sector 0 (not +studied in detail) whose inputs are the IMEI record at 0x10000, the block of +0x2C8 bytes at 0x01FF0000 and the block of 64 bytes at 0x10008 in this order. +The output must match the 8 bytes at 0x01FF02C8, or the code refuses to boot +and goes into a dead hang instead. diff -r 35009c936a4a -r 6c31d8c54ae4 se_k200i/tpudrv-notes --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/se_k200i/tpudrv-notes Sun Nov 06 01:13:43 2022 +0000 @@ -0,0 +1,16 @@ +Notes from OsmocomBB tinkerer steve-m, relayed to me (Mother Mychaela) through +Vadim, indicate that: + +* Calypso TSP signals going to Rita xcvr are wired per canon: TSPEN2 for strobe, + TSPACT0 for reset. + +* TSP controls to the PA are also TI-canonical: TSPACT9 for enable, TSPACT3 for + band select. + +* The two antenna switch controls (Tx low band, Tx high band) exactly match TI + Leonardo, specifically the cheapened 2-band version of that canonical + platform: TSPACT1 is Tx high band switch, TSPACT2 is Tx low band switch, both + inverted per canon. + +But here is the part that deviates from canon: Iota TEN is apparently wired to +Calypso TSPEN1 instead of canonical TSPEN0!