# HG changeset patch # User Mychaela Falconia # Date 1559933040 0 # Node ID d6b65114b82df03e193dd7f70ab499cdd982c886 # Parent a679cff990bfe9a84164efe9c8a8ca934eade3ff gtm900 subdir created, fw-disasm work moved inside diff -r a679cff990bf -r d6b65114b82d gtm900-fw-disasm --- a/gtm900-fw-disasm Fri May 31 01:42:34 2019 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,633 +0,0 @@ -; This disassembly is a quick look at the firmware that has been read out -; of a Huawei GTM900-B modem module. Unlike most other phone and modem -; vendors' firmwares, this fw exhibits very few changes relative to TI's -; reference version. Here I have only dug far enough to get to the -; init module with the Init_Target() function and the ARMIO module with -; the GPIO setup. - -; Flash boot mode 1 reset entry - 0: ea0004b3 b 0x12d4 - 4: ea00083d b 0x2100 - 8: ea00083d b 0x2104 - c: ea00083d b 0x2108 - 10: ea00083d b 0x210c - 14: ea00083d b 0x2110 - 18: ea00083d b 0x2114 - 1c: ea00083d b 0x2118 - -_INT_Bootloader_Start: - 12d4: e51f101c ldr r1, =0xffff9800 ; via 0x12c0 - 12d8: e15f21b2 ldrh r2, =0x2006 ; via 0x12ce - 12dc: e1c120b0 strh r2, [r1] - 12e0: e5912000 ldr r2, [r1] - 12e4: e2022001 and r2, r2, #1 - 12e8: e3520001 cmp r2, #1 - 12ec: 0afffffb beq 0x12e0 - 12f0: e51f103c ldr r1, =0xfffffd00 ; via 0x12bc - 12f4: e15f23b0 ldrh r2, =0x1081 ; via 0x12cc - 12f8: e1c120b0 strh r2, [r1] - 12fc: e51f1040 ldr r1, =0xfffffb10 ; via 0x12c4 - 1300: e15f23b8 ldrh r2, =0x800 ; via 0x12d0 - 1304: e1d100b0 ldrh r0, [r1] - 1308: e1800002 orr r0, r0, r2 - 130c: e1c100b0 strh r0, [r1] - 1310: e51f1050 ldr r1, =0xffffff08 ; via 0x12c8 - 1314: e15f24ba ldrh r2, =0x0 ; via 0x12d2 - 1318: e1c120b0 strh r2, [r1] -; MEMIF setup, nCS0 and nCS1 WS increased from TI's 0x2A1 - 131c: e51f107c ldr r1, =0xfffffb00 ; via 0x12a8 - 1320: e15f27bc ldrh r2, =0x2a3 ; via 0x12ac - 1324: e1c120b0 strh r2, [r1] - 1328: e15f28b2 ldrh r2, =0x2a4 ; via 0x12ae - 132c: e1c120b2 strh r2, [r1, #2] - 1330: e15f28b8 ldrh r2, =0x2a1 ; via 0x12b0 - 1334: e1c120b4 strh r2, [r1, #4] - 1338: e15f28be ldrh r2, =0x283 ; via 0x12b2 - 133c: e1c120b6 strh r2, [r1, #6] - 1340: e15f29b4 ldrh r2, =0x281 ; via 0x12b4 - 1344: e1c120ba strh r2, [r1, #10] ; 0xa - 1348: e15f29ba ldrh r2, =0xc0 ; via 0x12b6 - 134c: e1c120bc strh r2, [r1, #12] ; 0xc - 1350: e15f2ab0 ldrh r2, =0x40 ; via 0x12b8 - 1354: e1c120b8 strh r2, [r1, #8] - 1358: e15f2ab6 ldrh r2, =0x2a ; via 0x12ba - 135c: e1c120be strh r2, [r1, #14] ; 0xe - 1360: e59f0020 ldr r0, =0x10ab4cc ; via 0x1388 - 1364: e3a01b01 mov r1, #1024 ; 0x400 - 1368: e2411004 sub r1, r1, #4 - 136c: e0802001 add r2, r0, r1 - 1370: e3c22003 bic r2, r2, #3 - 1374: e1a0d002 mov sp, r2 - 1378: e92d100f stmdb sp!, {r0, r1, r2, r3, r12} - 137c: eb000043 bl 0x1490 ; _sta_select_application - 1380: e8bd100f ldmia sp!, {r0, r1, r2, r3, r12} - 1384: ea000373 b 0x2158 ; _INT_Initialize - - 2000: 00000001 - -; .inttext exception vectors - 2100: ea0000cb b 0x2434 - 2104: ea0000cd b 0x2440 - 2108: ea0000cf b 0x244c - 210c: ea0000d1 b 0x2458 - 2110: ea0000d3 b 0x2464 - 2114: ea0000b7 b 0x23f8 - 2118: ea0000c0 b 0x2420 - - 211c: 02a102a1 - 2120: 028302a1 - 2124: 02c00e85 - 2128: 002a0040 - 212c: fffffb00 - 2130: fffef006 - 2134: 00000008 - 2138: fffffd00 - 213c: ffff9800 - 2140: fffffb10 - 2144: ffffff08 - 2148: 20021081 - 214c: f7ff0800 - 2150: 00000000 - 2154: 002041a0 - -_INT_Initialize: - 2158: e51f1024 ldr r1, =0xffff9800 ; via 0x213c - 215c: e15f21ba ldrh r2, =0x2002 ; via 0x214a - 2160: e1c120b0 strh r2, [r1] - 2164: e5912000 ldr r2, [r1] - 2168: e2022001 and r2, r2, #1 - 216c: e3520001 cmp r2, #1 - 2170: 0afffffb beq 0x2164 - 2174: e51f1044 ldr r1, =0xfffffd00 ; via 0x2138 - 2178: e15f23b8 ldrh r2, =0x1081 ; via 0x2148 - 217c: e1c120b0 strh r2, [r1] - 2180: e51f1048 ldr r1, =0xfffffb10 ; via 0x2140 - 2184: e15f23be ldrh r2, =0xf7ff ; via 0x214e - 2188: e1d100b0 ldrh r0, [r1] - 218c: e0000002 and r0, r0, r2 - 2190: e1c100b0 strh r0, [r1] - 2194: e51f1058 ldr r1, =0xffffff08 ; via 0x2144 - 2198: e15f25b0 ldrh r2, =0x0 ; via 0x2150 - 219c: e1c120b0 strh r2, [r1] -; MEMIF setup same as TI's original, no increased WS - 21a0: e51f107c ldr r1, =0xfffffb00 ; via 0x212c - 21a4: e15f29b0 ldrh r2, =0x2a1 ; via 0x211c - 21a8: e1c120b0 strh r2, [r1] - 21ac: e15f29b6 ldrh r2, =0x2a1 ; via 0x211e - 21b0: e1c120b2 strh r2, [r1, #2] - 21b4: e15f29bc ldrh r2, =0x2a1 ; via 0x2120 - 21b8: e1c120b4 strh r2, [r1, #4] - 21bc: e15f2ab2 ldrh r2, =0x283 ; via 0x2122 - 21c0: e1c120b6 strh r2, [r1, #6] - 21c4: e15f2ab8 ldrh r2, =0xe85 ; via 0x2124 - 21c8: e1c120ba strh r2, [r1, #10] ; 0xa - 21cc: e15f2abe ldrh r2, =0x2c0 ; via 0x2126 - 21d0: e1c120bc strh r2, [r1, #12] ; 0xc - 21d4: e15f2bb4 ldrh r2, =0x40 ; via 0x2128 - 21d8: e1c120b8 strh r2, [r1, #8] - 21dc: e15f2bba ldrh r2, =0x2a ; via 0x212a - 21e0: e1c120be strh r2, [r1, #14] ; 0xe - 21e4: e51f10bc ldr r1, =0xfffef006 ; via 0x2130 - 21e8: e1d120b0 ldrh r2, [r1] - 21ec: e51f00c0 ldr r0, =0x8 ; via 0x2134 - 21f0: e1800002 orr r0, r0, r2 - 21f4: e1c100b0 strh r0, [r1] - 21f8: e10f0000 mrs r0, CPSR - 21fc: e3c0001f bic r0, r0, #31 ; 0x1f - 2200: e3800013 orr r0, r0, #19 ; 0x13 - 2204: e38000c0 orr r0, r0, #192 ; 0xc0 - 2208: e129f000 msr CPSR_fc, r0 -; inline bss clearing, not like in our TCS211 reference - 220c: e59f031c ldr r0, =0x1000cf8 ; via 0x2530 - 2210: e3a02000 mov r2, #0 - 2214: e59f1318 ldr r1, =0x10ab4cc ; via 0x2534 - 2218: e4802004 str r2, [r0], #4 - 221c: e1500001 cmp r0, r1 - 2220: 1afffffc bne 0x2218 - 2224: e59f030c ldr r0, =0x800000 ; via 0x2538 - 2228: e3a02000 mov r2, #0 - 222c: e59f1308 ldr r1, =0x82027c ; via 0x253c - 2230: e4802004 str r2, [r0], #4 - 2234: e1500001 cmp r0, r1 - 2238: 1afffffc bne 0x2230 -; INT_Loaded_Flag setting, familiar code continues - 223c: e3a00001 mov r0, #1 - 2240: e59f12fc ldr r1, =0x10ab3e4 ; via 0x2544 - 2244: e5810000 str r0, [r1] - 2248: e59f02f0 ldr r0, =0x10ab5b8 ; via 0x2540 - 224c: e3a01b01 mov r1, #1024 ; 0x400 - 2250: e2411004 sub r1, r1, #4 - 2254: e0802001 add r2, r0, r1 - 2258: e1a0a000 mov r10, r0 - 225c: e59f32e4 ldr r3, =0x804950 ; via 0x2548 - 2260: e583a000 str r10, [r3] - 2264: e1a0d002 mov sp, r2 - 2268: e59f32dc ldr r3, =0x804a74 ; via 0x254c - 226c: e583d000 str sp, [r3] - 2270: e3a01080 mov r1, #128 ; 0x80 - 2274: e0822001 add r2, r2, r1 - 2278: e10f0000 mrs r0, CPSR - 227c: e3c0001f bic r0, r0, #31 ; 0x1f - 2280: e3800012 orr r0, r0, #18 ; 0x12 - 2284: e129f000 msr CPSR_fc, r0 - 2288: e1a0d002 mov sp, r2 - 228c: e3a01c02 mov r1, #512 ; 0x200 - 2290: e0822001 add r2, r2, r1 - 2294: e10f0000 mrs r0, CPSR - 2298: e3c0001f bic r0, r0, #31 ; 0x1f - 229c: e3800011 orr r0, r0, #17 ; 0x11 - 22a0: e129f000 msr CPSR_fc, r0 - 22a4: e1a0d002 mov sp, r2 - 22a8: e10f0000 mrs r0, CPSR - 22ac: e3c0001f bic r0, r0, #31 ; 0x1f - 22b0: e3800017 orr r0, r0, #23 ; 0x17 - 22b4: e129f000 msr CPSR_fc, r0 - 22b8: e59fd29c ldr sp, =0x10ab520 ; via 0x255c - 22bc: e10f0000 mrs r0, CPSR - 22c0: e3c0001f bic r0, r0, #31 ; 0x1f - 22c4: e380001b orr r0, r0, #27 ; 0x1b - 22c8: e129f000 msr CPSR_fc, r0 - 22cc: e59fd288 ldr sp, =0x10ab520 ; via 0x255c - 22d0: e10f0000 mrs r0, CPSR - 22d4: e3c0001f bic r0, r0, #31 ; 0x1f - 22d8: e3800013 orr r0, r0, #19 ; 0x13 - 22dc: e129f000 msr CPSR_fc, r0 - 22e0: e59f3268 ldr r3, =0x8048b8 ; via 0x2550 - 22e4: e2822004 add r2, r2, #4 - 22e8: e5832000 str r2, [r3] - 22ec: e3a01b01 mov r1, #1024 ; 0x400 - 22f0: e3c11003 bic r1, r1, #3 - 22f4: e0822001 add r2, r2, r1 - 22f8: e59f3254 ldr r3, =0x80493c ; via 0x2554 - 22fc: e5831000 str r1, [r3] - 2300: e3a01002 mov r1, #2 - 2304: e59f324c ldr r3, =0x80494c ; via 0x2558 - 2308: e5831000 str r1, [r3] - 230c: e1a04002 mov r4, r2 - 2310: eb080707 bl 0x203f34 ; _f_load_int_mem - 2314: e1a02004 mov r2, r4 - 2318: e59f1228 ldr r1, =0x804950 ; via 0x2548 - 231c: e5910000 ldr r0, [r1] - 2320: e3a030fe mov r3, #254 ; 0xfe - 2324: e5c03000 strb r3, [r0] - 2328: e5c03001 strb r3, [r0, #1] - 232c: e5c03002 strb r3, [r0, #2] - 2330: e5c03003 strb r3, [r0, #3] - 2334: e4903004 ldr r3, [r0], #4 - 2338: e4803004 str r3, [r0], #4 - 233c: e1500002 cmp r0, r2 - 2340: bafffffc blt 0x2338 - 2344: e51f01f8 ldr r0, =0x2041a0 ; via 0x2154 - 2348: e3700001 cmn r0, #1 - 234c: 1b000084 blne 0x2564 - 2350: e1a00002 mov r0, r2 - 2354: ea0806ea b 0x203f04 ; _INC_Initialize - -$Init_Target: - 1f30a4: b570 push {r4, r5, r6, lr} - 1f30a6: b081 sub sp, #4 - 1f30a8: 4d62 ldr r5, =0xfffef008 ; via 0x1f3234 - 1f30aa: 2003 mov r0, #3 - 1f30ac: 0340 lsl r0, r0, #13 - 1f30ae: 8028 strh r0, [r5, #0] - 1f30b0: f008 fc40 bl 0x1fb934 ; $TM_DisableWatchdog - 1f30b4: 4860 ldr r0, =0xfffffd02 ; via 0x1f3238 - 1f30b6: 2105 mov r1, #5 - 1f30b8: 8802 ldrh r2, [r0, #0] - 1f30ba: 4311 orr r1, r2 - 1f30bc: 8001 strh r1, [r0, #0] - 1f30be: 495f ldr r1, =0xff3f ; via 0x1f323c - 1f30c0: 8802 ldrh r2, [r0, #0] - 1f30c2: 4011 and r1, r2 - 1f30c4: 8001 strh r1, [r0, #0] - 1f30c6: 2180 mov r1, #128 ; 0x80 - 1f30c8: 8802 ldrh r2, [r0, #0] - 1f30ca: 4311 orr r1, r2 - 1f30cc: 8001 strh r1, [r0, #0] - 1f30ce: 495c ldr r1, =0xffdf ; via 0x1f3240 - 1f30d0: 8802 ldrh r2, [r0, #0] - 1f30d2: 4011 and r1, r2 - 1f30d4: 8001 strh r1, [r0, #0] - 1f30d6: 4e5b ldr r6, =0xfffff900 ; via 0x1f3244 - 1f30d8: 20ff mov r0, #255 ; 0xff - 1f30da: 0200 lsl r0, r0, #8 - 1f30dc: 8030 strh r0, [r6, #0] - 1f30de: 4c5a ldr r4, =0xffff9800 ; via 0x1f3248 - 1f30e0: 485a ldr r0, =0xfff3 ; via 0x1f324c - 1f30e2: 8821 ldrh r1, [r4, #0] - 1f30e4: 4008 and r0, r1 - 1f30e6: 8020 strh r0, [r4, #0] - 1f30e8: 8820 ldrh r0, [r4, #0] - 1f30ea: 8020 strh r0, [r4, #0] - 1f30ec: 4858 ldr r0, =0xf01f ; via 0x1f3250 - 1f30ee: 8821 ldrh r1, [r4, #0] - 1f30f0: 4008 and r0, r1 - 1f30f2: 8020 strh r0, [r4, #0] - 1f30f4: 2001 mov r0, #1 - 1f30f6: 0280 lsl r0, r0, #10 - 1f30f8: 8821 ldrh r1, [r4, #0] - 1f30fa: 4308 orr r0, r1 - 1f30fc: 8020 strh r0, [r4, #0] - 1f30fe: 2000 mov r0, #0 - 1f3100: 2102 mov r1, #2 - 1f3102: 2200 mov r2, #0 - 1f3104: f009 f84e bl 0x1fc1a4 ; $CLKM_InitARMClock -; MEMIF setup, diff from reference version is nCS1 setting with WS=4 - 1f3108: 4952 ldr r1, =0xfffffb00 ; via 0x1f3254 - 1f310a: 20a3 mov r0, #163 ; 0xa3 - 1f310c: 8008 strh r0, [r1, #0] - 1f310e: 22a4 mov r2, #164 ; 0xa4 - 1f3110: 804a strh r2, [r1, #2] - 1f3112: 22a5 mov r2, #165 ; 0xa5 - 1f3114: 808a strh r2, [r1, #4] - 1f3116: 80c8 strh r0, [r1, #6] - 1f3118: 2080 mov r0, #128 ; 0x80 - 1f311a: 8148 strh r0, [r1, #10] ; 0xa - 1f311c: 20c0 mov r0, #192 ; 0xc0 - 1f311e: 8188 strh r0, [r1, #12] ; 0xc - 1f3120: 2040 mov r0, #64 ; 0x40 - 1f3122: 8108 strh r0, [r1, #8] - 1f3124: 2020 mov r0, #32 ; 0x20 - 1f3126: 8070 strh r0, [r6, #2] - 1f3128: 2000 mov r0, #0 - 1f312a: 80b0 strh r0, [r6, #4] - 1f312c: 2010 mov r0, #16 ; 0x10 - 1f312e: 8821 ldrh r1, [r4, #0] - 1f3130: 4308 orr r0, r1 - 1f3132: 8020 strh r0, [r4, #0] - 1f3134: 4848 ldr r0, =0xfffffa08 ; via 0x1f3258 - 1f3136: 4949 ldr r1, =0xffff ; via 0x1f325c - 1f3138: 8001 strh r1, [r0, #0] - 1f313a: 8041 strh r1, [r0, #2] - 1f313c: 2103 mov r1, #3 - 1f313e: 8181 strh r1, [r0, #12] ; 0xc - 1f3140: f007 f980 bl 0x1fa444 ; $IQ_SetupInterrupts - 1f3144: 4846 ldr r0, =0xfffffc00 ; via 0x1f3260 - 1f3146: 2124 mov r1, #36 ; 0x24 - 1f3148: 8001 strh r1, [r0, #0] - 1f314a: 210d mov r1, #13 ; 0xd - 1f314c: 8041 strh r1, [r0, #2] - 1f314e: 2400 mov r4, #0 - 1f3150: 4844 ldr r0, =0xfffe2016 ; via 0x1f3264 - 1f3152: 8004 strh r4, [r0, #0] - 1f3154: 4944 ldr r1, =0xfffe2014 ; via 0x1f3268 - 1f3156: 2002 mov r0, #2 - 1f3158: 8008 strh r0, [r1, #0] - 1f315a: 4944 ldr r1, =0xfffe2002 ; via 0x1f326c - 1f315c: 2084 mov r0, #132 ; 0x84 - 1f315e: 8008 strh r0, [r1, #0] - 1f3160: 4843 ldr r0, =0xfffe2000 ; via 0x1f3270 - 1f3162: 4944 ldr r1, =0x3de0 ; via 0x1f3274 - 1f3164: 8001 strh r1, [r0, #0] - 1f3166: 4a44 ldr r2, =0xfffe2022 ; via 0x1f3278 - 1f3168: 210c mov r1, #12 ; 0xc - 1f316a: 8011 strh r1, [r2, #0] - 1f316c: 4a43 ldr r2, =0xfffe2020 ; via 0x1f327c - 1f316e: 4944 ldr r1, =0x45a ; via 0x1f3280 - 1f3170: 8011 strh r1, [r2, #0] - 1f3172: 4a44 ldr r2, =0xfffe201e ; via 0x1f3284 - 1f3174: 21a5 mov r1, #165 ; 0xa5 - 1f3176: 0089 lsl r1, r1, #2 - 1f3178: 8011 strh r1, [r2, #0] - 1f317a: 4a43 ldr r2, =0xfffe201c ; via 0x1f3288 - 1f317c: 211f mov r1, #31 ; 0x1f - 1f317e: 8011 strh r1, [r2, #0] - 1f3180: 4942 ldr r1, =0xfffe2024 ; via 0x1f328c - 1f3182: 800c strh r4, [r1, #0] - 1f3184: 4b42 ldr r3, =0xfffe2010 ; via 0x1f3290 - 1f3186: 2202 mov r2, #2 - 1f3188: 8819 ldrh r1, [r3, #0] - 1f318a: 430a orr r2, r1 - 1f318c: 801a strh r2, [r3, #0] - 1f318e: 4a40 ldr r2, =0xfffe2010 ; via 0x1f3290 - 1f3190: 2104 mov r1, #4 - 1f3192: 8813 ldrh r3, [r2, #0] - 1f3194: 4319 orr r1, r3 - 1f3196: 8011 strh r1, [r2, #0] - 1f3198: 2127 mov r1, #39 ; 0x27 - 1f319a: 80a9 strh r1, [r5, #4] - 1f319c: 8a01 ldrh r1, [r0, #16] ; 0x10 - 1f319e: 0849 lsr r1, r1, #1 - 1f31a0: d30f bcc 0x1f31c2 - 1f31a2: 8a01 ldrh r1, [r0, #16] ; 0x10 - 1f31a4: 0409 lsl r1, r1, #16 - 1f31a6: 0c49 lsr r1, r1, #17 - 1f31a8: 0049 lsl r1, r1, #1 - 1f31aa: 8201 strh r1, [r0, #16] ; 0x10 - 1f31ac: 2101 mov r1, #1 - 1f31ae: e001 b 0x1f31b4 - 1f31b0: 9900 ldr r1, [sp, #0] - 1f31b2: 3101 add r1, #1 - 1f31b4: 9100 str r1, [sp, #0] - 1f31b6: 9900 ldr r1, [sp, #0] - 1f31b8: 2932 cmp r1, #50 ; 0x32 - 1f31ba: d3f9 bcc 0x1f31b0 - 1f31bc: 8a41 ldrh r1, [r0, #18] ; 0x12 - 1f31be: 2900 cmp r1, #0 - 1f31c0: d0fc beq 0x1f31bc - 1f31c2: f009 f8d4 bl 0x1fc36e ; $AI_ClockEnable - 1f31c6: f009 f8d8 bl 0x1fc37a ; $AI_InitIOConfig -; Huawei's added LPG setup function - 1f31ca: f009 fa5e bl 0x1fc68a - 1f31ce: 2027 mov r0, #39 ; 0x27 - 1f31d0: 0500 lsl r0, r0, #20 - 1f31d2: 8004 strh r4, [r0, #0] - 1f31d4: 2001 mov r0, #1 - 1f31d6: f008 fbbb bl 0x1fb950 ; $TM_EnableTimer - 1f31da: 2002 mov r0, #2 - 1f31dc: f008 fbb8 bl 0x1fb950 ; $TM_EnableTimer - 1f31e0: b001 add sp, #4 - 1f31e2: bd70 pop {r4, r5, r6, pc} - -$Init_Drivers: - 1f31e4: b500 push {lr} - 1f31e6: f7b4 f9a5 bl 0x1a7534 - 1f31ea: f7c9 fe00 bl 0x1bcdee - 1f31ee: f74e ffd6 bl 0x14219e - 1f31f2: f767 f9c7 bl 0x15a584 - 1f31f6: f7d7 fd26 bl 0x1cac46 - 1f31fa: f735 f841 bl 0x128280 - 1f31fe: bd00 pop {pc} - -$Init_Serial_Flows: - 1f3200: b500 push {lr} - 1f3202: 4824 ldr r0, =0x10aa938 ; via 0x1f3294 - 1f3204: f7b2 fa8a bl 0x1a571c - 1f3208: 2000 mov r0, #0 - 1f320a: 2103 mov r1, #3 - 1f320c: 2200 mov r2, #0 - 1f320e: f7b2 fb26 bl 0x1a585e - 1f3212: f7b2 fb80 bl 0x1a5916 - 1f3216: bd00 pop {pc} - -$Init_Unmask_IT: - 1f3218: b500 push {lr} - 1f321a: 2004 mov r0, #4 - 1f321c: f007 f973 bl 0x1fa506 - 1f3220: 2012 mov r0, #18 ; 0x12 - 1f3222: f007 f970 bl 0x1fa506 - 1f3226: 2007 mov r0, #7 - 1f3228: f007 f96d bl 0x1fa506 - 1f322c: 2008 mov r0, #8 - 1f322e: f007 f96a bl 0x1fa506 - 1f3232: bd00 pop {pc} - -$AI_EnableBit: - 1fc2f0: 4a48 ldr r2, =0xfffef00a ; via 0x1fc414 - 1fc2f2: 2101 mov r1, #1 - 1fc2f4: 4081 lsl r1, r0 - 1fc2f6: 8810 ldrh r0, [r2, #0] - 1fc2f8: 4301 orr r1, r0 - 1fc2fa: 8011 strh r1, [r2, #0] - 1fc2fc: 4770 bx lr - -$AI_DisableBit: - 1fc2fe: 4a45 ldr r2, =0xfffef00a ; via 0x1fc414 - 1fc300: 2101 mov r1, #1 - 1fc302: 4081 lsl r1, r0 - 1fc304: 8810 ldrh r0, [r2, #0] - 1fc306: 4388 bic r0, r1 - 1fc308: 8010 strh r0, [r2, #0] - 1fc30a: 4770 bx lr - -$AI_SetBit: - 1fc30c: 4a42 ldr r2, =0xfffe4802 ; via 0x1fc418 - 1fc30e: 2101 mov r1, #1 - 1fc310: 4081 lsl r1, r0 - 1fc312: 8810 ldrh r0, [r2, #0] - 1fc314: 4301 orr r1, r0 - 1fc316: 8011 strh r1, [r2, #0] - 1fc318: 4770 bx lr - -$AI_ResetBit: - 1fc31a: 4a3f ldr r2, =0xfffe4802 ; via 0x1fc418 - 1fc31c: 2101 mov r1, #1 - 1fc31e: 4081 lsl r1, r0 - 1fc320: 8810 ldrh r0, [r2, #0] - 1fc322: 4388 bic r0, r1 - 1fc324: 8010 strh r0, [r2, #0] - 1fc326: 4770 bx lr - -$AI_ConfigBitAsOutput: - 1fc328: 4a3c ldr r2, =0xfffe4804 ; via 0x1fc41c - 1fc32a: 2101 mov r1, #1 - 1fc32c: 4081 lsl r1, r0 - 1fc32e: 8810 ldrh r0, [r2, #0] - 1fc330: 4388 bic r0, r1 - 1fc332: 8010 strh r0, [r2, #0] - 1fc334: 4770 bx lr - -$AI_ConfigBitAsInput: - 1fc336: 4a39 ldr r2, =0xfffe4804 ; via 0x1fc41c - 1fc338: 2101 mov r1, #1 - 1fc33a: 4081 lsl r1, r0 - 1fc33c: 8810 ldrh r0, [r2, #0] - 1fc33e: 4301 orr r1, r0 - 1fc340: 8011 strh r1, [r2, #0] - 1fc342: 4770 bx lr - -$AI_ReadBit: - 1fc344: 4936 ldr r1, =0xfffe4800 ; via 0x1fc420 - 1fc346: 8809 ldrh r1, [r1, #0] - 1fc348: 4101 asr r1, r0 - 1fc34a: 07c8 lsl r0, r1, #31 - 1fc34c: 0fc0 lsr r0, r0, #31 - 1fc34e: 0600 lsl r0, r0, #24 - 1fc350: 0e00 lsr r0, r0, #24 - 1fc352: 4770 bx lr - -$AI_Power: - 1fc354: b500 push {lr} - 1fc356: 2800 cmp r0, #0 - 1fc358: d101 bne 0x1fc35e - 1fc35a: f7ab fc1b bl 0x1a7b94 ; $ABB_Power_Off - 1fc35e: bd00 pop {pc} - -$AI_ResetIoConfig: - 1fc360: 492e ldr r1, =0xfffe4804 ; via 0x1fc41c - 1fc362: 4830 ldr r0, =0xffff ; via 0x1fc424 - 1fc364: 8008 strh r0, [r1, #0] - 1fc366: 482b ldr r0, =0xfffef00a ; via 0x1fc414 - 1fc368: 2100 mov r1, #0 - 1fc36a: 8001 strh r1, [r0, #0] - 1fc36c: 4770 bx lr - -$AI_ClockEnable: - 1fc36e: 492e ldr r1, =0xfffe4806 ; via 0x1fc428 - 1fc370: 2020 mov r0, #32 ; 0x20 - 1fc372: 880a ldrh r2, [r1, #0] - 1fc374: 4310 orr r0, r2 - 1fc376: 8008 strh r0, [r1, #0] - 1fc378: 4770 bx lr - -$AI_InitIOConfig: - 1fc37a: b500 push {lr} - 1fc37c: f7ff fff0 bl 0x1fc360 ; $AI_ResetIoConfig - 1fc380: 2002 mov r0, #2 - 1fc382: f7ff ffb5 bl 0x1fc2f0 ; $AI_EnableBit - 1fc386: 2004 mov r0, #4 - 1fc388: f7ff ffb2 bl 0x1fc2f0 ; $AI_EnableBit - 1fc38c: 2005 mov r0, #5 - 1fc38e: f7ff ffaf bl 0x1fc2f0 ; $AI_EnableBit - 1fc392: 2006 mov r0, #6 - 1fc394: f7ff ffac bl 0x1fc2f0 ; $AI_EnableBit - 1fc398: 2007 mov r0, #7 - 1fc39a: f7ff ffa9 bl 0x1fc2f0 ; $AI_EnableBit - 1fc39e: 2008 mov r0, #8 - 1fc3a0: f7ff ffa6 bl 0x1fc2f0 ; $AI_EnableBit - 1fc3a4: 2009 mov r0, #9 - 1fc3a6: f7ff ffa3 bl 0x1fc2f0 ; $AI_EnableBit - 1fc3aa: 491b ldr r1, =0xfffe4802 ; via 0x1fc418 - 1fc3ac: 481f ldr r0, =0x3f02 ; via 0x1fc42c - 1fc3ae: 8008 strh r0, [r1, #0] - 1fc3b0: 2000 mov r0, #0 - 1fc3b2: f7ff ffb9 bl 0x1fc328 ; $AI_ConfigBitAsOutput - 1fc3b6: 2001 mov r0, #1 - 1fc3b8: f7ff ffb6 bl 0x1fc328 ; $AI_ConfigBitAsOutput - 1fc3bc: 2002 mov r0, #2 - 1fc3be: f7ff ffb3 bl 0x1fc328 ; $AI_ConfigBitAsOutput - 1fc3c2: 2005 mov r0, #5 - 1fc3c4: f7ff ffb0 bl 0x1fc328 ; $AI_ConfigBitAsOutput - 1fc3c8: 2007 mov r0, #7 - 1fc3ca: f7ff ffad bl 0x1fc328 ; $AI_ConfigBitAsOutput - 1fc3ce: 2009 mov r0, #9 - 1fc3d0: f7ff ffaa bl 0x1fc328 ; $AI_ConfigBitAsOutput - 1fc3d4: 200e mov r0, #14 ; 0xe - 1fc3d6: f7ff ffa7 bl 0x1fc328 ; $AI_ConfigBitAsOutput - 1fc3da: 200f mov r0, #15 ; 0xf - 1fc3dc: f7ff ffa4 bl 0x1fc328 ; $AI_ConfigBitAsOutput - 1fc3e0: bd00 pop {pc} - -$AI_SelectIOForIT: - 1fc3e2: 0109 lsl r1, r1, #4 - 1fc3e4: 1840 add r0, r0, r1 - 1fc3e6: 0040 lsl r0, r0, #1 - 1fc3e8: 3001 add r0, #1 - 1fc3ea: 4911 ldr r1, =0xfffe4814 ; via 0x1fc430 - 1fc3ec: 8008 strh r0, [r1, #0] - 1fc3ee: 4770 bx lr - -$AI_CheckITSource: - 1fc3f0: 2100 mov r1, #0 - 1fc3f2: 4a10 ldr r2, =0xfffe4816 ; via 0x1fc434 - 1fc3f4: 8812 ldrh r2, [r2, #0] - 1fc3f6: 4210 tst r0, r2 - 1fc3f8: d000 beq 0x1fc3fc - 1fc3fa: 2101 mov r1, #1 - 1fc3fc: 1c08 add r0, r1, #0 - 1fc3fe: 4770 bx lr - -$AI_UnmaskIT: - 1fc400: 4a0d ldr r2, =0xfffe4818 ; via 0x1fc438 - 1fc402: 8811 ldrh r1, [r2, #0] - 1fc404: 4381 bic r1, r0 - 1fc406: 8011 strh r1, [r2, #0] - 1fc408: 4770 bx lr - -$AI_MaskIT: - 1fc40a: 4a0b ldr r2, =0xfffe4818 ; via 0x1fc438 - 1fc40c: 8811 ldrh r1, [r2, #0] - 1fc40e: 4301 orr r1, r0 - 1fc410: 8011 strh r1, [r2, #0] - 1fc412: 4770 bx lr - -; Huawei's added LPG setup function - 1fc68a: b500 push {lr} - 1fc68c: 490e ldr r1, =0xfffef008 ; via 0x1fc6c8 - 1fc68e: 2040 mov r0, #64 ; 0x40 - 1fc690: 880a ldrh r2, [r1, #0] - 1fc692: 4310 orr r0, r2 - 1fc694: 8008 strh r0, [r1, #0] - 1fc696: 490d ldr r1, =0xfffe7801 ; via 0x1fc6cc - 1fc698: 2001 mov r0, #1 - 1fc69a: 7008 strb r0, [r1, #0] - 1fc69c: 2000 mov r0, #0 - 1fc69e: f7ff ffcb bl 0x1fc638 - 1fc6a2: bd00 pop {pc} - -$INC_Initialize: - 202fbc: b530 push {r4, r5, lr} - 202fbe: 1c05 add r5, r0, #0 - 202fc0: 4c13 ldr r4, =0x10ab3cc ; via 0x203010 - 202fc2: 2001 mov r0, #1 - 202fc4: 6020 str r0, [r4, #0] - 202fc6: f001 f8e3 bl 0x204190 - 202fca: f001 f8e5 bl 0x204198 - 202fce: f001 f8b3 bl 0x204138 - 202fd2: f000 fc21 bl 0x203818 - 202fd6: f7fc f8e9 bl 0x1ff1ac - 202fda: f000 fe2b bl 0x203c34 - 202fde: f000 fdf9 bl 0x203bd4 - 202fe2: f000 fe17 bl 0x203c14 - 202fe6: f000 fde5 bl 0x203bb4 - 202fea: f000 fe43 bl 0x203c74 - 202fee: f000 fe01 bl 0x203bf4 - 202ff2: f000 fe4f bl 0x203c94 - 202ff6: f7fe fa33 bl 0x201460 - 202ffa: f000 fe2b bl 0x203c54 - 202ffe: 1c28 add r0, r5, #0 - 203000: f000 fea8 bl 0x203d54 ; $Application_Initialize - 203004: 2002 mov r0, #2 - 203006: 6020 str r0, [r4, #0] - 203008: f782 ff04 bl 0x185e14 - 20300c: bd30 pop {r4, r5, pc} - 20300e: 46c0 nop (mov r8, r8) - -$Application_Initialize: - 203d54: b500 push {lr} - 203d56: f7ef f9a5 bl 0x1f30a4 ; $Init_Target - 203d5a: f7ef fa43 bl 0x1f31e4 ; $Init_Drivers - 203d5e: f077 fed5 bl 0x27bb0c ; $Cust_Init_Layer1 - 203d62: f7ef fa4d bl 0x1f3200 ; $Init_Serial_Flows - 203d66: f766 fb73 bl 0x16a450 ; $StartFrame - 203d6a: f7ef fa55 bl 0x1f3218 ; $Init_Unmask_IT - 203d6e: bd00 pop {pc} - -_INC_Initialize: ; ARM->Thumb call veneer - 203f04: e92d4000 stmdb sp!, {lr} - 203f08: e28fe001 add lr, pc, #1 - 203f0c: e12fff1e bx lr - 203f10: f7ff f854 bl 0x202fbc - 203f14: 4778 bx pc - 203f16: 46c0 nop (mov r8, r8) - 203f18: e8bd8000 ldmia sp!, {pc} diff -r a679cff990bf -r d6b65114b82d gtm900/fw-disasm --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/gtm900/fw-disasm Fri Jun 07 18:44:00 2019 +0000 @@ -0,0 +1,633 @@ +; This disassembly is a quick look at the firmware that has been read out +; of a Huawei GTM900-B modem module. Unlike most other phone and modem +; vendors' firmwares, this fw exhibits very few changes relative to TI's +; reference version. Here I have only dug far enough to get to the +; init module with the Init_Target() function and the ARMIO module with +; the GPIO setup. + +; Flash boot mode 1 reset entry + 0: ea0004b3 b 0x12d4 + 4: ea00083d b 0x2100 + 8: ea00083d b 0x2104 + c: ea00083d b 0x2108 + 10: ea00083d b 0x210c + 14: ea00083d b 0x2110 + 18: ea00083d b 0x2114 + 1c: ea00083d b 0x2118 + +_INT_Bootloader_Start: + 12d4: e51f101c ldr r1, =0xffff9800 ; via 0x12c0 + 12d8: e15f21b2 ldrh r2, =0x2006 ; via 0x12ce + 12dc: e1c120b0 strh r2, [r1] + 12e0: e5912000 ldr r2, [r1] + 12e4: e2022001 and r2, r2, #1 + 12e8: e3520001 cmp r2, #1 + 12ec: 0afffffb beq 0x12e0 + 12f0: e51f103c ldr r1, =0xfffffd00 ; via 0x12bc + 12f4: e15f23b0 ldrh r2, =0x1081 ; via 0x12cc + 12f8: e1c120b0 strh r2, [r1] + 12fc: e51f1040 ldr r1, =0xfffffb10 ; via 0x12c4 + 1300: e15f23b8 ldrh r2, =0x800 ; via 0x12d0 + 1304: e1d100b0 ldrh r0, [r1] + 1308: e1800002 orr r0, r0, r2 + 130c: e1c100b0 strh r0, [r1] + 1310: e51f1050 ldr r1, =0xffffff08 ; via 0x12c8 + 1314: e15f24ba ldrh r2, =0x0 ; via 0x12d2 + 1318: e1c120b0 strh r2, [r1] +; MEMIF setup, nCS0 and nCS1 WS increased from TI's 0x2A1 + 131c: e51f107c ldr r1, =0xfffffb00 ; via 0x12a8 + 1320: e15f27bc ldrh r2, =0x2a3 ; via 0x12ac + 1324: e1c120b0 strh r2, [r1] + 1328: e15f28b2 ldrh r2, =0x2a4 ; via 0x12ae + 132c: e1c120b2 strh r2, [r1, #2] + 1330: e15f28b8 ldrh r2, =0x2a1 ; via 0x12b0 + 1334: e1c120b4 strh r2, [r1, #4] + 1338: e15f28be ldrh r2, =0x283 ; via 0x12b2 + 133c: e1c120b6 strh r2, [r1, #6] + 1340: e15f29b4 ldrh r2, =0x281 ; via 0x12b4 + 1344: e1c120ba strh r2, [r1, #10] ; 0xa + 1348: e15f29ba ldrh r2, =0xc0 ; via 0x12b6 + 134c: e1c120bc strh r2, [r1, #12] ; 0xc + 1350: e15f2ab0 ldrh r2, =0x40 ; via 0x12b8 + 1354: e1c120b8 strh r2, [r1, #8] + 1358: e15f2ab6 ldrh r2, =0x2a ; via 0x12ba + 135c: e1c120be strh r2, [r1, #14] ; 0xe + 1360: e59f0020 ldr r0, =0x10ab4cc ; via 0x1388 + 1364: e3a01b01 mov r1, #1024 ; 0x400 + 1368: e2411004 sub r1, r1, #4 + 136c: e0802001 add r2, r0, r1 + 1370: e3c22003 bic r2, r2, #3 + 1374: e1a0d002 mov sp, r2 + 1378: e92d100f stmdb sp!, {r0, r1, r2, r3, r12} + 137c: eb000043 bl 0x1490 ; _sta_select_application + 1380: e8bd100f ldmia sp!, {r0, r1, r2, r3, r12} + 1384: ea000373 b 0x2158 ; _INT_Initialize + + 2000: 00000001 + +; .inttext exception vectors + 2100: ea0000cb b 0x2434 + 2104: ea0000cd b 0x2440 + 2108: ea0000cf b 0x244c + 210c: ea0000d1 b 0x2458 + 2110: ea0000d3 b 0x2464 + 2114: ea0000b7 b 0x23f8 + 2118: ea0000c0 b 0x2420 + + 211c: 02a102a1 + 2120: 028302a1 + 2124: 02c00e85 + 2128: 002a0040 + 212c: fffffb00 + 2130: fffef006 + 2134: 00000008 + 2138: fffffd00 + 213c: ffff9800 + 2140: fffffb10 + 2144: ffffff08 + 2148: 20021081 + 214c: f7ff0800 + 2150: 00000000 + 2154: 002041a0 + +_INT_Initialize: + 2158: e51f1024 ldr r1, =0xffff9800 ; via 0x213c + 215c: e15f21ba ldrh r2, =0x2002 ; via 0x214a + 2160: e1c120b0 strh r2, [r1] + 2164: e5912000 ldr r2, [r1] + 2168: e2022001 and r2, r2, #1 + 216c: e3520001 cmp r2, #1 + 2170: 0afffffb beq 0x2164 + 2174: e51f1044 ldr r1, =0xfffffd00 ; via 0x2138 + 2178: e15f23b8 ldrh r2, =0x1081 ; via 0x2148 + 217c: e1c120b0 strh r2, [r1] + 2180: e51f1048 ldr r1, =0xfffffb10 ; via 0x2140 + 2184: e15f23be ldrh r2, =0xf7ff ; via 0x214e + 2188: e1d100b0 ldrh r0, [r1] + 218c: e0000002 and r0, r0, r2 + 2190: e1c100b0 strh r0, [r1] + 2194: e51f1058 ldr r1, =0xffffff08 ; via 0x2144 + 2198: e15f25b0 ldrh r2, =0x0 ; via 0x2150 + 219c: e1c120b0 strh r2, [r1] +; MEMIF setup same as TI's original, no increased WS + 21a0: e51f107c ldr r1, =0xfffffb00 ; via 0x212c + 21a4: e15f29b0 ldrh r2, =0x2a1 ; via 0x211c + 21a8: e1c120b0 strh r2, [r1] + 21ac: e15f29b6 ldrh r2, =0x2a1 ; via 0x211e + 21b0: e1c120b2 strh r2, [r1, #2] + 21b4: e15f29bc ldrh r2, =0x2a1 ; via 0x2120 + 21b8: e1c120b4 strh r2, [r1, #4] + 21bc: e15f2ab2 ldrh r2, =0x283 ; via 0x2122 + 21c0: e1c120b6 strh r2, [r1, #6] + 21c4: e15f2ab8 ldrh r2, =0xe85 ; via 0x2124 + 21c8: e1c120ba strh r2, [r1, #10] ; 0xa + 21cc: e15f2abe ldrh r2, =0x2c0 ; via 0x2126 + 21d0: e1c120bc strh r2, [r1, #12] ; 0xc + 21d4: e15f2bb4 ldrh r2, =0x40 ; via 0x2128 + 21d8: e1c120b8 strh r2, [r1, #8] + 21dc: e15f2bba ldrh r2, =0x2a ; via 0x212a + 21e0: e1c120be strh r2, [r1, #14] ; 0xe + 21e4: e51f10bc ldr r1, =0xfffef006 ; via 0x2130 + 21e8: e1d120b0 ldrh r2, [r1] + 21ec: e51f00c0 ldr r0, =0x8 ; via 0x2134 + 21f0: e1800002 orr r0, r0, r2 + 21f4: e1c100b0 strh r0, [r1] + 21f8: e10f0000 mrs r0, CPSR + 21fc: e3c0001f bic r0, r0, #31 ; 0x1f + 2200: e3800013 orr r0, r0, #19 ; 0x13 + 2204: e38000c0 orr r0, r0, #192 ; 0xc0 + 2208: e129f000 msr CPSR_fc, r0 +; inline bss clearing, not like in our TCS211 reference + 220c: e59f031c ldr r0, =0x1000cf8 ; via 0x2530 + 2210: e3a02000 mov r2, #0 + 2214: e59f1318 ldr r1, =0x10ab4cc ; via 0x2534 + 2218: e4802004 str r2, [r0], #4 + 221c: e1500001 cmp r0, r1 + 2220: 1afffffc bne 0x2218 + 2224: e59f030c ldr r0, =0x800000 ; via 0x2538 + 2228: e3a02000 mov r2, #0 + 222c: e59f1308 ldr r1, =0x82027c ; via 0x253c + 2230: e4802004 str r2, [r0], #4 + 2234: e1500001 cmp r0, r1 + 2238: 1afffffc bne 0x2230 +; INT_Loaded_Flag setting, familiar code continues + 223c: e3a00001 mov r0, #1 + 2240: e59f12fc ldr r1, =0x10ab3e4 ; via 0x2544 + 2244: e5810000 str r0, [r1] + 2248: e59f02f0 ldr r0, =0x10ab5b8 ; via 0x2540 + 224c: e3a01b01 mov r1, #1024 ; 0x400 + 2250: e2411004 sub r1, r1, #4 + 2254: e0802001 add r2, r0, r1 + 2258: e1a0a000 mov r10, r0 + 225c: e59f32e4 ldr r3, =0x804950 ; via 0x2548 + 2260: e583a000 str r10, [r3] + 2264: e1a0d002 mov sp, r2 + 2268: e59f32dc ldr r3, =0x804a74 ; via 0x254c + 226c: e583d000 str sp, [r3] + 2270: e3a01080 mov r1, #128 ; 0x80 + 2274: e0822001 add r2, r2, r1 + 2278: e10f0000 mrs r0, CPSR + 227c: e3c0001f bic r0, r0, #31 ; 0x1f + 2280: e3800012 orr r0, r0, #18 ; 0x12 + 2284: e129f000 msr CPSR_fc, r0 + 2288: e1a0d002 mov sp, r2 + 228c: e3a01c02 mov r1, #512 ; 0x200 + 2290: e0822001 add r2, r2, r1 + 2294: e10f0000 mrs r0, CPSR + 2298: e3c0001f bic r0, r0, #31 ; 0x1f + 229c: e3800011 orr r0, r0, #17 ; 0x11 + 22a0: e129f000 msr CPSR_fc, r0 + 22a4: e1a0d002 mov sp, r2 + 22a8: e10f0000 mrs r0, CPSR + 22ac: e3c0001f bic r0, r0, #31 ; 0x1f + 22b0: e3800017 orr r0, r0, #23 ; 0x17 + 22b4: e129f000 msr CPSR_fc, r0 + 22b8: e59fd29c ldr sp, =0x10ab520 ; via 0x255c + 22bc: e10f0000 mrs r0, CPSR + 22c0: e3c0001f bic r0, r0, #31 ; 0x1f + 22c4: e380001b orr r0, r0, #27 ; 0x1b + 22c8: e129f000 msr CPSR_fc, r0 + 22cc: e59fd288 ldr sp, =0x10ab520 ; via 0x255c + 22d0: e10f0000 mrs r0, CPSR + 22d4: e3c0001f bic r0, r0, #31 ; 0x1f + 22d8: e3800013 orr r0, r0, #19 ; 0x13 + 22dc: e129f000 msr CPSR_fc, r0 + 22e0: e59f3268 ldr r3, =0x8048b8 ; via 0x2550 + 22e4: e2822004 add r2, r2, #4 + 22e8: e5832000 str r2, [r3] + 22ec: e3a01b01 mov r1, #1024 ; 0x400 + 22f0: e3c11003 bic r1, r1, #3 + 22f4: e0822001 add r2, r2, r1 + 22f8: e59f3254 ldr r3, =0x80493c ; via 0x2554 + 22fc: e5831000 str r1, [r3] + 2300: e3a01002 mov r1, #2 + 2304: e59f324c ldr r3, =0x80494c ; via 0x2558 + 2308: e5831000 str r1, [r3] + 230c: e1a04002 mov r4, r2 + 2310: eb080707 bl 0x203f34 ; _f_load_int_mem + 2314: e1a02004 mov r2, r4 + 2318: e59f1228 ldr r1, =0x804950 ; via 0x2548 + 231c: e5910000 ldr r0, [r1] + 2320: e3a030fe mov r3, #254 ; 0xfe + 2324: e5c03000 strb r3, [r0] + 2328: e5c03001 strb r3, [r0, #1] + 232c: e5c03002 strb r3, [r0, #2] + 2330: e5c03003 strb r3, [r0, #3] + 2334: e4903004 ldr r3, [r0], #4 + 2338: e4803004 str r3, [r0], #4 + 233c: e1500002 cmp r0, r2 + 2340: bafffffc blt 0x2338 + 2344: e51f01f8 ldr r0, =0x2041a0 ; via 0x2154 + 2348: e3700001 cmn r0, #1 + 234c: 1b000084 blne 0x2564 + 2350: e1a00002 mov r0, r2 + 2354: ea0806ea b 0x203f04 ; _INC_Initialize + +$Init_Target: + 1f30a4: b570 push {r4, r5, r6, lr} + 1f30a6: b081 sub sp, #4 + 1f30a8: 4d62 ldr r5, =0xfffef008 ; via 0x1f3234 + 1f30aa: 2003 mov r0, #3 + 1f30ac: 0340 lsl r0, r0, #13 + 1f30ae: 8028 strh r0, [r5, #0] + 1f30b0: f008 fc40 bl 0x1fb934 ; $TM_DisableWatchdog + 1f30b4: 4860 ldr r0, =0xfffffd02 ; via 0x1f3238 + 1f30b6: 2105 mov r1, #5 + 1f30b8: 8802 ldrh r2, [r0, #0] + 1f30ba: 4311 orr r1, r2 + 1f30bc: 8001 strh r1, [r0, #0] + 1f30be: 495f ldr r1, =0xff3f ; via 0x1f323c + 1f30c0: 8802 ldrh r2, [r0, #0] + 1f30c2: 4011 and r1, r2 + 1f30c4: 8001 strh r1, [r0, #0] + 1f30c6: 2180 mov r1, #128 ; 0x80 + 1f30c8: 8802 ldrh r2, [r0, #0] + 1f30ca: 4311 orr r1, r2 + 1f30cc: 8001 strh r1, [r0, #0] + 1f30ce: 495c ldr r1, =0xffdf ; via 0x1f3240 + 1f30d0: 8802 ldrh r2, [r0, #0] + 1f30d2: 4011 and r1, r2 + 1f30d4: 8001 strh r1, [r0, #0] + 1f30d6: 4e5b ldr r6, =0xfffff900 ; via 0x1f3244 + 1f30d8: 20ff mov r0, #255 ; 0xff + 1f30da: 0200 lsl r0, r0, #8 + 1f30dc: 8030 strh r0, [r6, #0] + 1f30de: 4c5a ldr r4, =0xffff9800 ; via 0x1f3248 + 1f30e0: 485a ldr r0, =0xfff3 ; via 0x1f324c + 1f30e2: 8821 ldrh r1, [r4, #0] + 1f30e4: 4008 and r0, r1 + 1f30e6: 8020 strh r0, [r4, #0] + 1f30e8: 8820 ldrh r0, [r4, #0] + 1f30ea: 8020 strh r0, [r4, #0] + 1f30ec: 4858 ldr r0, =0xf01f ; via 0x1f3250 + 1f30ee: 8821 ldrh r1, [r4, #0] + 1f30f0: 4008 and r0, r1 + 1f30f2: 8020 strh r0, [r4, #0] + 1f30f4: 2001 mov r0, #1 + 1f30f6: 0280 lsl r0, r0, #10 + 1f30f8: 8821 ldrh r1, [r4, #0] + 1f30fa: 4308 orr r0, r1 + 1f30fc: 8020 strh r0, [r4, #0] + 1f30fe: 2000 mov r0, #0 + 1f3100: 2102 mov r1, #2 + 1f3102: 2200 mov r2, #0 + 1f3104: f009 f84e bl 0x1fc1a4 ; $CLKM_InitARMClock +; MEMIF setup, diff from reference version is nCS1 setting with WS=4 + 1f3108: 4952 ldr r1, =0xfffffb00 ; via 0x1f3254 + 1f310a: 20a3 mov r0, #163 ; 0xa3 + 1f310c: 8008 strh r0, [r1, #0] + 1f310e: 22a4 mov r2, #164 ; 0xa4 + 1f3110: 804a strh r2, [r1, #2] + 1f3112: 22a5 mov r2, #165 ; 0xa5 + 1f3114: 808a strh r2, [r1, #4] + 1f3116: 80c8 strh r0, [r1, #6] + 1f3118: 2080 mov r0, #128 ; 0x80 + 1f311a: 8148 strh r0, [r1, #10] ; 0xa + 1f311c: 20c0 mov r0, #192 ; 0xc0 + 1f311e: 8188 strh r0, [r1, #12] ; 0xc + 1f3120: 2040 mov r0, #64 ; 0x40 + 1f3122: 8108 strh r0, [r1, #8] + 1f3124: 2020 mov r0, #32 ; 0x20 + 1f3126: 8070 strh r0, [r6, #2] + 1f3128: 2000 mov r0, #0 + 1f312a: 80b0 strh r0, [r6, #4] + 1f312c: 2010 mov r0, #16 ; 0x10 + 1f312e: 8821 ldrh r1, [r4, #0] + 1f3130: 4308 orr r0, r1 + 1f3132: 8020 strh r0, [r4, #0] + 1f3134: 4848 ldr r0, =0xfffffa08 ; via 0x1f3258 + 1f3136: 4949 ldr r1, =0xffff ; via 0x1f325c + 1f3138: 8001 strh r1, [r0, #0] + 1f313a: 8041 strh r1, [r0, #2] + 1f313c: 2103 mov r1, #3 + 1f313e: 8181 strh r1, [r0, #12] ; 0xc + 1f3140: f007 f980 bl 0x1fa444 ; $IQ_SetupInterrupts + 1f3144: 4846 ldr r0, =0xfffffc00 ; via 0x1f3260 + 1f3146: 2124 mov r1, #36 ; 0x24 + 1f3148: 8001 strh r1, [r0, #0] + 1f314a: 210d mov r1, #13 ; 0xd + 1f314c: 8041 strh r1, [r0, #2] + 1f314e: 2400 mov r4, #0 + 1f3150: 4844 ldr r0, =0xfffe2016 ; via 0x1f3264 + 1f3152: 8004 strh r4, [r0, #0] + 1f3154: 4944 ldr r1, =0xfffe2014 ; via 0x1f3268 + 1f3156: 2002 mov r0, #2 + 1f3158: 8008 strh r0, [r1, #0] + 1f315a: 4944 ldr r1, =0xfffe2002 ; via 0x1f326c + 1f315c: 2084 mov r0, #132 ; 0x84 + 1f315e: 8008 strh r0, [r1, #0] + 1f3160: 4843 ldr r0, =0xfffe2000 ; via 0x1f3270 + 1f3162: 4944 ldr r1, =0x3de0 ; via 0x1f3274 + 1f3164: 8001 strh r1, [r0, #0] + 1f3166: 4a44 ldr r2, =0xfffe2022 ; via 0x1f3278 + 1f3168: 210c mov r1, #12 ; 0xc + 1f316a: 8011 strh r1, [r2, #0] + 1f316c: 4a43 ldr r2, =0xfffe2020 ; via 0x1f327c + 1f316e: 4944 ldr r1, =0x45a ; via 0x1f3280 + 1f3170: 8011 strh r1, [r2, #0] + 1f3172: 4a44 ldr r2, =0xfffe201e ; via 0x1f3284 + 1f3174: 21a5 mov r1, #165 ; 0xa5 + 1f3176: 0089 lsl r1, r1, #2 + 1f3178: 8011 strh r1, [r2, #0] + 1f317a: 4a43 ldr r2, =0xfffe201c ; via 0x1f3288 + 1f317c: 211f mov r1, #31 ; 0x1f + 1f317e: 8011 strh r1, [r2, #0] + 1f3180: 4942 ldr r1, =0xfffe2024 ; via 0x1f328c + 1f3182: 800c strh r4, [r1, #0] + 1f3184: 4b42 ldr r3, =0xfffe2010 ; via 0x1f3290 + 1f3186: 2202 mov r2, #2 + 1f3188: 8819 ldrh r1, [r3, #0] + 1f318a: 430a orr r2, r1 + 1f318c: 801a strh r2, [r3, #0] + 1f318e: 4a40 ldr r2, =0xfffe2010 ; via 0x1f3290 + 1f3190: 2104 mov r1, #4 + 1f3192: 8813 ldrh r3, [r2, #0] + 1f3194: 4319 orr r1, r3 + 1f3196: 8011 strh r1, [r2, #0] + 1f3198: 2127 mov r1, #39 ; 0x27 + 1f319a: 80a9 strh r1, [r5, #4] + 1f319c: 8a01 ldrh r1, [r0, #16] ; 0x10 + 1f319e: 0849 lsr r1, r1, #1 + 1f31a0: d30f bcc 0x1f31c2 + 1f31a2: 8a01 ldrh r1, [r0, #16] ; 0x10 + 1f31a4: 0409 lsl r1, r1, #16 + 1f31a6: 0c49 lsr r1, r1, #17 + 1f31a8: 0049 lsl r1, r1, #1 + 1f31aa: 8201 strh r1, [r0, #16] ; 0x10 + 1f31ac: 2101 mov r1, #1 + 1f31ae: e001 b 0x1f31b4 + 1f31b0: 9900 ldr r1, [sp, #0] + 1f31b2: 3101 add r1, #1 + 1f31b4: 9100 str r1, [sp, #0] + 1f31b6: 9900 ldr r1, [sp, #0] + 1f31b8: 2932 cmp r1, #50 ; 0x32 + 1f31ba: d3f9 bcc 0x1f31b0 + 1f31bc: 8a41 ldrh r1, [r0, #18] ; 0x12 + 1f31be: 2900 cmp r1, #0 + 1f31c0: d0fc beq 0x1f31bc + 1f31c2: f009 f8d4 bl 0x1fc36e ; $AI_ClockEnable + 1f31c6: f009 f8d8 bl 0x1fc37a ; $AI_InitIOConfig +; Huawei's added LPG setup function + 1f31ca: f009 fa5e bl 0x1fc68a + 1f31ce: 2027 mov r0, #39 ; 0x27 + 1f31d0: 0500 lsl r0, r0, #20 + 1f31d2: 8004 strh r4, [r0, #0] + 1f31d4: 2001 mov r0, #1 + 1f31d6: f008 fbbb bl 0x1fb950 ; $TM_EnableTimer + 1f31da: 2002 mov r0, #2 + 1f31dc: f008 fbb8 bl 0x1fb950 ; $TM_EnableTimer + 1f31e0: b001 add sp, #4 + 1f31e2: bd70 pop {r4, r5, r6, pc} + +$Init_Drivers: + 1f31e4: b500 push {lr} + 1f31e6: f7b4 f9a5 bl 0x1a7534 + 1f31ea: f7c9 fe00 bl 0x1bcdee + 1f31ee: f74e ffd6 bl 0x14219e + 1f31f2: f767 f9c7 bl 0x15a584 + 1f31f6: f7d7 fd26 bl 0x1cac46 + 1f31fa: f735 f841 bl 0x128280 + 1f31fe: bd00 pop {pc} + +$Init_Serial_Flows: + 1f3200: b500 push {lr} + 1f3202: 4824 ldr r0, =0x10aa938 ; via 0x1f3294 + 1f3204: f7b2 fa8a bl 0x1a571c + 1f3208: 2000 mov r0, #0 + 1f320a: 2103 mov r1, #3 + 1f320c: 2200 mov r2, #0 + 1f320e: f7b2 fb26 bl 0x1a585e + 1f3212: f7b2 fb80 bl 0x1a5916 + 1f3216: bd00 pop {pc} + +$Init_Unmask_IT: + 1f3218: b500 push {lr} + 1f321a: 2004 mov r0, #4 + 1f321c: f007 f973 bl 0x1fa506 + 1f3220: 2012 mov r0, #18 ; 0x12 + 1f3222: f007 f970 bl 0x1fa506 + 1f3226: 2007 mov r0, #7 + 1f3228: f007 f96d bl 0x1fa506 + 1f322c: 2008 mov r0, #8 + 1f322e: f007 f96a bl 0x1fa506 + 1f3232: bd00 pop {pc} + +$AI_EnableBit: + 1fc2f0: 4a48 ldr r2, =0xfffef00a ; via 0x1fc414 + 1fc2f2: 2101 mov r1, #1 + 1fc2f4: 4081 lsl r1, r0 + 1fc2f6: 8810 ldrh r0, [r2, #0] + 1fc2f8: 4301 orr r1, r0 + 1fc2fa: 8011 strh r1, [r2, #0] + 1fc2fc: 4770 bx lr + +$AI_DisableBit: + 1fc2fe: 4a45 ldr r2, =0xfffef00a ; via 0x1fc414 + 1fc300: 2101 mov r1, #1 + 1fc302: 4081 lsl r1, r0 + 1fc304: 8810 ldrh r0, [r2, #0] + 1fc306: 4388 bic r0, r1 + 1fc308: 8010 strh r0, [r2, #0] + 1fc30a: 4770 bx lr + +$AI_SetBit: + 1fc30c: 4a42 ldr r2, =0xfffe4802 ; via 0x1fc418 + 1fc30e: 2101 mov r1, #1 + 1fc310: 4081 lsl r1, r0 + 1fc312: 8810 ldrh r0, [r2, #0] + 1fc314: 4301 orr r1, r0 + 1fc316: 8011 strh r1, [r2, #0] + 1fc318: 4770 bx lr + +$AI_ResetBit: + 1fc31a: 4a3f ldr r2, =0xfffe4802 ; via 0x1fc418 + 1fc31c: 2101 mov r1, #1 + 1fc31e: 4081 lsl r1, r0 + 1fc320: 8810 ldrh r0, [r2, #0] + 1fc322: 4388 bic r0, r1 + 1fc324: 8010 strh r0, [r2, #0] + 1fc326: 4770 bx lr + +$AI_ConfigBitAsOutput: + 1fc328: 4a3c ldr r2, =0xfffe4804 ; via 0x1fc41c + 1fc32a: 2101 mov r1, #1 + 1fc32c: 4081 lsl r1, r0 + 1fc32e: 8810 ldrh r0, [r2, #0] + 1fc330: 4388 bic r0, r1 + 1fc332: 8010 strh r0, [r2, #0] + 1fc334: 4770 bx lr + +$AI_ConfigBitAsInput: + 1fc336: 4a39 ldr r2, =0xfffe4804 ; via 0x1fc41c + 1fc338: 2101 mov r1, #1 + 1fc33a: 4081 lsl r1, r0 + 1fc33c: 8810 ldrh r0, [r2, #0] + 1fc33e: 4301 orr r1, r0 + 1fc340: 8011 strh r1, [r2, #0] + 1fc342: 4770 bx lr + +$AI_ReadBit: + 1fc344: 4936 ldr r1, =0xfffe4800 ; via 0x1fc420 + 1fc346: 8809 ldrh r1, [r1, #0] + 1fc348: 4101 asr r1, r0 + 1fc34a: 07c8 lsl r0, r1, #31 + 1fc34c: 0fc0 lsr r0, r0, #31 + 1fc34e: 0600 lsl r0, r0, #24 + 1fc350: 0e00 lsr r0, r0, #24 + 1fc352: 4770 bx lr + +$AI_Power: + 1fc354: b500 push {lr} + 1fc356: 2800 cmp r0, #0 + 1fc358: d101 bne 0x1fc35e + 1fc35a: f7ab fc1b bl 0x1a7b94 ; $ABB_Power_Off + 1fc35e: bd00 pop {pc} + +$AI_ResetIoConfig: + 1fc360: 492e ldr r1, =0xfffe4804 ; via 0x1fc41c + 1fc362: 4830 ldr r0, =0xffff ; via 0x1fc424 + 1fc364: 8008 strh r0, [r1, #0] + 1fc366: 482b ldr r0, =0xfffef00a ; via 0x1fc414 + 1fc368: 2100 mov r1, #0 + 1fc36a: 8001 strh r1, [r0, #0] + 1fc36c: 4770 bx lr + +$AI_ClockEnable: + 1fc36e: 492e ldr r1, =0xfffe4806 ; via 0x1fc428 + 1fc370: 2020 mov r0, #32 ; 0x20 + 1fc372: 880a ldrh r2, [r1, #0] + 1fc374: 4310 orr r0, r2 + 1fc376: 8008 strh r0, [r1, #0] + 1fc378: 4770 bx lr + +$AI_InitIOConfig: + 1fc37a: b500 push {lr} + 1fc37c: f7ff fff0 bl 0x1fc360 ; $AI_ResetIoConfig + 1fc380: 2002 mov r0, #2 + 1fc382: f7ff ffb5 bl 0x1fc2f0 ; $AI_EnableBit + 1fc386: 2004 mov r0, #4 + 1fc388: f7ff ffb2 bl 0x1fc2f0 ; $AI_EnableBit + 1fc38c: 2005 mov r0, #5 + 1fc38e: f7ff ffaf bl 0x1fc2f0 ; $AI_EnableBit + 1fc392: 2006 mov r0, #6 + 1fc394: f7ff ffac bl 0x1fc2f0 ; $AI_EnableBit + 1fc398: 2007 mov r0, #7 + 1fc39a: f7ff ffa9 bl 0x1fc2f0 ; $AI_EnableBit + 1fc39e: 2008 mov r0, #8 + 1fc3a0: f7ff ffa6 bl 0x1fc2f0 ; $AI_EnableBit + 1fc3a4: 2009 mov r0, #9 + 1fc3a6: f7ff ffa3 bl 0x1fc2f0 ; $AI_EnableBit + 1fc3aa: 491b ldr r1, =0xfffe4802 ; via 0x1fc418 + 1fc3ac: 481f ldr r0, =0x3f02 ; via 0x1fc42c + 1fc3ae: 8008 strh r0, [r1, #0] + 1fc3b0: 2000 mov r0, #0 + 1fc3b2: f7ff ffb9 bl 0x1fc328 ; $AI_ConfigBitAsOutput + 1fc3b6: 2001 mov r0, #1 + 1fc3b8: f7ff ffb6 bl 0x1fc328 ; $AI_ConfigBitAsOutput + 1fc3bc: 2002 mov r0, #2 + 1fc3be: f7ff ffb3 bl 0x1fc328 ; $AI_ConfigBitAsOutput + 1fc3c2: 2005 mov r0, #5 + 1fc3c4: f7ff ffb0 bl 0x1fc328 ; $AI_ConfigBitAsOutput + 1fc3c8: 2007 mov r0, #7 + 1fc3ca: f7ff ffad bl 0x1fc328 ; $AI_ConfigBitAsOutput + 1fc3ce: 2009 mov r0, #9 + 1fc3d0: f7ff ffaa bl 0x1fc328 ; $AI_ConfigBitAsOutput + 1fc3d4: 200e mov r0, #14 ; 0xe + 1fc3d6: f7ff ffa7 bl 0x1fc328 ; $AI_ConfigBitAsOutput + 1fc3da: 200f mov r0, #15 ; 0xf + 1fc3dc: f7ff ffa4 bl 0x1fc328 ; $AI_ConfigBitAsOutput + 1fc3e0: bd00 pop {pc} + +$AI_SelectIOForIT: + 1fc3e2: 0109 lsl r1, r1, #4 + 1fc3e4: 1840 add r0, r0, r1 + 1fc3e6: 0040 lsl r0, r0, #1 + 1fc3e8: 3001 add r0, #1 + 1fc3ea: 4911 ldr r1, =0xfffe4814 ; via 0x1fc430 + 1fc3ec: 8008 strh r0, [r1, #0] + 1fc3ee: 4770 bx lr + +$AI_CheckITSource: + 1fc3f0: 2100 mov r1, #0 + 1fc3f2: 4a10 ldr r2, =0xfffe4816 ; via 0x1fc434 + 1fc3f4: 8812 ldrh r2, [r2, #0] + 1fc3f6: 4210 tst r0, r2 + 1fc3f8: d000 beq 0x1fc3fc + 1fc3fa: 2101 mov r1, #1 + 1fc3fc: 1c08 add r0, r1, #0 + 1fc3fe: 4770 bx lr + +$AI_UnmaskIT: + 1fc400: 4a0d ldr r2, =0xfffe4818 ; via 0x1fc438 + 1fc402: 8811 ldrh r1, [r2, #0] + 1fc404: 4381 bic r1, r0 + 1fc406: 8011 strh r1, [r2, #0] + 1fc408: 4770 bx lr + +$AI_MaskIT: + 1fc40a: 4a0b ldr r2, =0xfffe4818 ; via 0x1fc438 + 1fc40c: 8811 ldrh r1, [r2, #0] + 1fc40e: 4301 orr r1, r0 + 1fc410: 8011 strh r1, [r2, #0] + 1fc412: 4770 bx lr + +; Huawei's added LPG setup function + 1fc68a: b500 push {lr} + 1fc68c: 490e ldr r1, =0xfffef008 ; via 0x1fc6c8 + 1fc68e: 2040 mov r0, #64 ; 0x40 + 1fc690: 880a ldrh r2, [r1, #0] + 1fc692: 4310 orr r0, r2 + 1fc694: 8008 strh r0, [r1, #0] + 1fc696: 490d ldr r1, =0xfffe7801 ; via 0x1fc6cc + 1fc698: 2001 mov r0, #1 + 1fc69a: 7008 strb r0, [r1, #0] + 1fc69c: 2000 mov r0, #0 + 1fc69e: f7ff ffcb bl 0x1fc638 + 1fc6a2: bd00 pop {pc} + +$INC_Initialize: + 202fbc: b530 push {r4, r5, lr} + 202fbe: 1c05 add r5, r0, #0 + 202fc0: 4c13 ldr r4, =0x10ab3cc ; via 0x203010 + 202fc2: 2001 mov r0, #1 + 202fc4: 6020 str r0, [r4, #0] + 202fc6: f001 f8e3 bl 0x204190 + 202fca: f001 f8e5 bl 0x204198 + 202fce: f001 f8b3 bl 0x204138 + 202fd2: f000 fc21 bl 0x203818 + 202fd6: f7fc f8e9 bl 0x1ff1ac + 202fda: f000 fe2b bl 0x203c34 + 202fde: f000 fdf9 bl 0x203bd4 + 202fe2: f000 fe17 bl 0x203c14 + 202fe6: f000 fde5 bl 0x203bb4 + 202fea: f000 fe43 bl 0x203c74 + 202fee: f000 fe01 bl 0x203bf4 + 202ff2: f000 fe4f bl 0x203c94 + 202ff6: f7fe fa33 bl 0x201460 + 202ffa: f000 fe2b bl 0x203c54 + 202ffe: 1c28 add r0, r5, #0 + 203000: f000 fea8 bl 0x203d54 ; $Application_Initialize + 203004: 2002 mov r0, #2 + 203006: 6020 str r0, [r4, #0] + 203008: f782 ff04 bl 0x185e14 + 20300c: bd30 pop {r4, r5, pc} + 20300e: 46c0 nop (mov r8, r8) + +$Application_Initialize: + 203d54: b500 push {lr} + 203d56: f7ef f9a5 bl 0x1f30a4 ; $Init_Target + 203d5a: f7ef fa43 bl 0x1f31e4 ; $Init_Drivers + 203d5e: f077 fed5 bl 0x27bb0c ; $Cust_Init_Layer1 + 203d62: f7ef fa4d bl 0x1f3200 ; $Init_Serial_Flows + 203d66: f766 fb73 bl 0x16a450 ; $StartFrame + 203d6a: f7ef fa55 bl 0x1f3218 ; $Init_Unmask_IT + 203d6e: bd00 pop {pc} + +_INC_Initialize: ; ARM->Thumb call veneer + 203f04: e92d4000 stmdb sp!, {lr} + 203f08: e28fe001 add lr, pc, #1 + 203f0c: e12fff1e bx lr + 203f10: f7ff f854 bl 0x202fbc + 203f14: 4778 bx pc + 203f16: 46c0 nop (mov r8, r8) + 203f18: e8bd8000 ldmia sp!, {pc}