FreeCalypso > hg > freecalypso-reveng
changeset 403:50c0fac9a4a8
compal/boot/c118-dfboot.disasm: new analysis
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Sun, 15 Jan 2023 00:54:33 +0000 |
| parents | 1b83d07576bf |
| children | ceb71478414d |
| files | compal/boot/c118-dfboot.disasm |
| diffstat | 1 files changed, 724 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/compal/boot/c118-dfboot.disasm Sun Jan 15 00:54:33 2023 +0000 @@ -0,0 +1,724 @@ +; In 2023-01 Mother Mychaela received a rare C118 phone with North American +; frequency bands; this phone features a 2 MiB flash chip, but the flash- +; resident bootloader version is one which we haven't seen before. The present +; work is a disassembly analysis of this new-to-us Compal bootloader version +; from fw version 2.2.84.N. +; +; Analysis result: this bootloader version is fatally hobbled: it NEVER offers +; a serial download opportunity at all (the code is still there, but can never +; be called), only the ftmtool flag mechanism. + +RESET entry and exception vectors: + 0: ea000225 b 0x89c + 4: ea000825 b 0x20a0 + 8: ea000825 b 0x20a4 + c: ea000825 b 0x20a8 + 10: ea000825 b 0x20ac + 14: ea000825 b 0x20b0 + 18: ea000825 b 0x20b4 + 1c: ea000825 b 0x20b8 + +; magic words? + 20: 47033dc9 + 24: 47033dca + 28: 47033df9 + 2c: 47033dfa + +<30-7FF: all FFs> + +00000800: 42 4F 4F 54 2E 39 30 2E 30 34 00 00 00 00 00 00 BOOT.90.04...... +00000810: 31 30 30 33 01 03 00 00 FF FF FF FF FF FF FF FF 1003............ +00000820: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ + +; serial.obj .const section, matches familiar versions + 830: 00000006 + 834: 00000000 + 838: 00000000 + 83c: 00000048 + 840: 00000044 + 844: 00000052 + 848: 0000001b + 84c: 00000005 + 850: 00000000 + 854: 00000000 + 858: 00000000 + 85c: 00000000 + 860: 000000fa + 864: ffff5800 + 868: ffff5000 + +; bootloader.obj .text section, matches familiar versions + + 86c: fffffb00 + 870: 02a102a1 + 874: 028302a1 + 878: 00c00281 + 87c: 002a0040 + 880: 00000040 + 884: fffffd00 + 888: ffff9800 + 88c: fffffb10 + 890: ffffff08 + 894: 20061081 + 898: 00000800 + +_INT_Bootloader_Start: + 89c: e51f1020 ldr r1, =0xfffffd00 ; via 0x884 + 8a0: e1d120b2 ldrh r2, [r1, #2] + 8a4: e51f002c ldr r0, =0x40 ; via 0x880 + 8a8: e1800002 orr r0, r0, r2 + 8ac: e1c100b2 strh r0, [r1, #2] + 8b0: e51f1030 ldr r1, =0xffff9800 ; via 0x888 + 8b4: e15f22b6 ldrh r2, =0x2006 ; via 0x896 + 8b8: e1c120b0 strh r2, [r1] + 8bc: e5912000 ldr r2, [r1] + 8c0: e2022001 and r2, r2, #1 + 8c4: e3520001 cmp r2, #1 + 8c8: 0afffffb beq 0x8bc + 8cc: e51f1050 ldr r1, =0xfffffd00 ; via 0x884 + 8d0: e15f24b4 ldrh r2, =0x1081 ; via 0x894 + 8d4: e1c120b0 strh r2, [r1] + 8d8: e51f1054 ldr r1, =0xfffffb10 ; via 0x88c + 8dc: e15f24bc ldrh r2, =0x800 ; via 0x898 + 8e0: e1d100b0 ldrh r0, [r1] + 8e4: e1800002 orr r0, r0, r2 + 8e8: e1c100b0 strh r0, [r1] + 8ec: e51f1064 ldr r1, =0xffffff08 ; via 0x890 + 8f0: e15f25be ldrh r2, =0x0 ; via 0x89a + 8f4: e1c120b0 strh r2, [r1] + 8f8: e51f1094 ldr r1, =0xfffffb00 ; via 0x86c + 8fc: e15f29b4 ldrh r2, =0x2a1 ; via 0x870 + 900: e1c120b0 strh r2, [r1] + 904: e15f29ba ldrh r2, =0x2a1 ; via 0x872 + 908: e1c120b2 strh r2, [r1, #2] + 90c: e15f2ab0 ldrh r2, =0x2a1 ; via 0x874 + 910: e1c120b4 strh r2, [r1, #4] + 914: e15f2ab6 ldrh r2, =0x283 ; via 0x876 + 918: e1c120b6 strh r2, [r1, #6] + 91c: e15f2abc ldrh r2, =0x281 ; via 0x878 + 920: e1c120ba strh r2, [r1, #10] ; 0xa + 924: e15f2bb2 ldrh r2, =0xc0 ; via 0x87a + 928: e1c120bc strh r2, [r1, #12] ; 0xc + 92c: e15f2bb8 ldrh r2, =0x40 ; via 0x87c + 930: e1c120b8 strh r2, [r1, #8] + 934: e15f2bbe ldrh r2, =0x2a ; via 0x87e + 938: e1c120be strh r2, [r1, #14] ; 0xe + 93c: e59f0020 ldr r0, =0x83e68c ; via 0x964 + 940: e3a01b01 mov r1, #1024 ; 0x400 + 944: e2411004 sub r1, r1, #4 + 948: e0802001 add r2, r0, r1 + 94c: e3c22003 bic r2, r2, #3 + 950: e1a0d002 mov sp, r2 + 954: e92d100f stmdb sp!, {r0, r1, r2, r3, r12} + 958: eb00050c bl 0x1d90 ; _sta_select_application + 95c: e8bd100f ldmia sp!, {r0, r1, r2, r3, r12} + 960: ea0005e4 b 0x20f8 ; _INT_Initialize + 964: 0083e68c + +; start.obj .text section, matches familiar versions + + 968: 4961 ldr r1, =0xfffffa08 ; via 0xaf0 + 96a: 4862 ldr r0, =0xffff ; via 0xaf4 + 96c: 8008 strh r0, [r1, #0] + 96e: 4862 ldr r0, =0xfffffa0a ; via 0xaf8 + 970: 211f mov r1, #31 ; 0x1f + 972: 8001 strh r1, [r0, #0] + 974: 4861 ldr r0, =0xfffff804 ; via 0xafc + 976: 21f5 mov r1, #245 ; 0xf5 + 978: 8001 strh r1, [r0, #0] + 97a: 21a0 mov r1, #160 ; 0xa0 + 97c: 8001 strh r1, [r0, #0] + 97e: 4860 ldr r0, =0xffff9800 ; via 0xb00 + 980: 4960 ldr r1, =0x2002 ; via 0xb04 + 982: 8001 strh r1, [r0, #0] + 984: 485e ldr r0, =0xffff9800 ; via 0xb00 + 986: 8800 ldrh r0, [r0, #0] + 988: 0840 lsr r0, r0, #1 + 98a: d2fb bcs 0x984 + 98c: 495e ldr r1, =0xfffffd00 ; via 0xb08 + 98e: 485f ldr r0, =0x1001 ; via 0xb0c + 990: 8008 strh r0, [r1, #0] + 992: 46f7 mov pc, lr + + 994: b500 push {lr} + 996: b0ff sub sp, #508 ; 0x1fc + 998: b0ca sub sp, #296 ; 0x128 + 99a: 2000 mov r0, #0 + 99c: 9001 str r0, [sp, #4] + 99e: 9801 ldr r0, [sp, #4] + 9a0: 2800 cmp r0, #0 + 9a2: d14e bne 0xa42 + 9a4: a846 add r0, sp, #280 ; 0x118 + 9a6: 2100 mov r1, #0 + 9a8: f001 f81e bl 0x19e8 + 9ac: a9c8 add r1, sp, #800 ; 0x320 + 9ae: 7008 strb r0, [r1, #0] + 9b0: a846 add r0, sp, #280 ; 0x118 + 9b2: a902 add r1, sp, #8 + 9b4: f000 fadc bl 0xf70 + 9b8: 9000 str r0, [sp, #0] + 9ba: 9800 ldr r0, [sp, #0] + 9bc: 2800 cmp r0, #0 + 9be: d01b beq 0x9f8 + 9c0: a924 add r1, sp, #144 ; 0x90 + 9c2: 4668 mov r0, sp + 9c4: 7a00 ldrb r0, [r0, #8] + 9c6: 7008 strb r0, [r1, #0] + 9c8: 2191 mov r1, #145 ; 0x91 + 9ca: 466a mov r2, sp + 9cc: 4668 mov r0, sp + 9ce: 7800 ldrb r0, [r0, #0] + 9d0: 5488 strb r0, [r1, r2] + 9d2: e01b b 0xa0c + 9d4: a802 add r0, sp, #8 + 9d6: a924 add r1, sp, #144 ; 0x90 + 9d8: f000 fdb8 bl 0x154c + 9dc: e016 b 0xa0c + 9de: a802 add r0, sp, #8 + 9e0: a924 add r1, sp, #144 ; 0x90 + 9e2: aac8 add r2, sp, #800 ; 0x320 + 9e4: 7812 ldrb r2, [r2, #0] + 9e6: f000 fdc5 bl 0x1574 + 9ea: e00f b 0xa0c + 9ec: a802 add r0, sp, #8 + 9ee: a924 add r1, sp, #144 ; 0x90 + 9f0: f000 fdf7 bl 0x15e2 + 9f4: 90c7 str r0, [sp, #796] ; 0x31c + 9f6: e009 b 0xa0c + 9f8: 4668 mov r0, sp + 9fa: 7a00 ldrb r0, [r0, #8] + 9fc: 2800 cmp r0, #0 + 9fe: d0e9 beq 0x9d4 + a00: 3809 sub r0, #9 + a02: 2800 cmp r0, #0 + a04: d0eb beq 0x9de + a06: 3801 sub r0, #1 + a08: 2800 cmp r0, #0 + a0a: d0ef beq 0x9ec + a0c: a824 add r0, sp, #144 ; 0x90 + a0e: a986 add r1, sp, #536 ; 0x218 + a10: f000 fb91 bl 0x1136 + a14: 2800 cmp r0, #0 + a16: d111 bne 0xa3c + a18: a886 add r0, sp, #536 ; 0x218 + a1a: a9c8 add r1, sp, #800 ; 0x320 + a1c: 7809 ldrb r1, [r1, #0] + a1e: f000 ffb8 bl 0x1992 + a22: 2800 cmp r0, #0 + a24: d00a beq 0xa3c + a26: 4668 mov r0, sp + a28: 7a00 ldrb r0, [r0, #8] + a2a: 280a cmp r0, #10 ; 0xa + a2c: d106 bne 0xa3c + a2e: a8c8 add r0, sp, #800 ; 0x320 + a30: 7800 ldrb r0, [r0, #0] + a32: f001 f909 bl 0x1c48 + a36: 98c7 ldr r0, [sp, #796] ; 0x31c + a38: f000 fa98 bl 0xf6c + a3c: 9801 ldr r0, [sp, #4] + a3e: 2800 cmp r0, #0 + a40: d0b0 beq 0x9a4 + a42: b07f add sp, #508 ; 0x1fc + a44: b04a add sp, #296 ; 0x128 + a46: bd00 pop {pc} + + a48: b500 push {lr} + a4a: b0ff sub sp, #508 ; 0x1fc + a4c: b0c8 sub sp, #288 ; 0x120 + a4e: 2000 mov r0, #0 + a50: 9000 str r0, [sp, #0] + a52: a846 add r0, sp, #280 ; 0x118 + a54: 2101 mov r1, #1 + a56: f000 ffc7 bl 0x19e8 + a5a: a9c6 add r1, sp, #792 ; 0x318 + a5c: 7008 strb r0, [r1, #0] + a5e: a8c6 add r0, sp, #792 ; 0x318 + a60: 7800 ldrb r0, [r0, #0] + a62: 28ff cmp r0, #255 ; 0xff + a64: d031 beq 0xaca + a66: a846 add r0, sp, #280 ; 0x118 + a68: a902 add r1, sp, #8 + a6a: f000 fa81 bl 0xf70 + a6e: 9001 str r0, [sp, #4] + a70: 9801 ldr r0, [sp, #4] + a72: 2800 cmp r0, #0 + a74: d014 beq 0xaa0 + a76: a924 add r1, sp, #144 ; 0x90 + a78: 4668 mov r0, sp + a7a: 7a00 ldrb r0, [r0, #8] + a7c: 7008 strb r0, [r1, #0] + a7e: 2291 mov r2, #145 ; 0x91 + a80: 4668 mov r0, sp + a82: 4669 mov r1, sp + a84: 7909 ldrb r1, [r1, #4] + a86: 5411 strb r1, [r2, r0] + a88: a824 add r0, sp, #144 ; 0x90 + a8a: a986 add r1, sp, #536 ; 0x218 + a8c: f000 fb53 bl 0x1136 + a90: 2800 cmp r0, #0 + a92: d11a bne 0xaca + a94: a886 add r0, sp, #536 ; 0x218 + a96: a9c6 add r1, sp, #792 ; 0x318 + a98: 7809 ldrb r1, [r1, #0] + a9a: f000 ff7a bl 0x1992 + a9e: e014 b 0xaca + aa0: 4668 mov r0, sp + aa2: 7a00 ldrb r0, [r0, #8] + aa4: 2800 cmp r0, #0 + aa6: d110 bne 0xaca + aa8: a802 add r0, sp, #8 + aaa: a924 add r1, sp, #144 ; 0x90 + aac: f000 fd4e bl 0x154c + ab0: a824 add r0, sp, #144 ; 0x90 + ab2: a986 add r1, sp, #536 ; 0x218 + ab4: f000 fb3f bl 0x1136 + ab8: 2800 cmp r0, #0 + aba: d104 bne 0xac6 + abc: a886 add r0, sp, #536 ; 0x218 + abe: a9c6 add r1, sp, #792 ; 0x318 + ac0: 7809 ldrb r1, [r1, #0] + ac2: f000 ff66 bl 0x1992 + ac6: 2001 mov r0, #1 + ac8: 9000 str r0, [sp, #0] + aca: 9800 ldr r0, [sp, #0] + acc: b07f add sp, #508 ; 0x1fc + ace: b048 add sp, #288 ; 0x120 + ad0: bd00 pop {pc} + +$sta_select_application: + ad2: b500 push {lr} + ad4: b082 sub sp, #8 + ad6: f7ff ff47 bl 0x968 + ada: f001 f85d bl 0x1b98 ; $ser_initialize_serial_link + ade: f000 fd23 bl 0x1528 ; $con_initialize_conversion + ae2: f000 f81f bl 0xb24 ; $fluid_bootloader + ae6: f000 f91a bl 0xd1e ; $FTM_Tool_check + aea: b002 add sp, #8 + aec: bd00 pop {pc} + aee: 46c0 nop (mov r8, r8) + + af0: fffffa08 + af4: 0000ffff + af8: fffffa0a + afc: fffff804 + b00: ffff9800 + b04: 00002002 + b08: fffffd00 + b0c: 00001001 + +; boot.obj .text section + + b10: e3a0d502 mov sp, #8388608 ; 0x800000 + b14: e28dd802 add sp, sp, #131072 ; 0x20000 + b18: e28fe005 add lr, pc, #5 + b1c: e12fff1e bx lr + b20: e1a00000 mov r0, r0 + +; The fluid_bootloader() function is fatally hobbled: it initializes the UART +; at 115200 baud, but then does a delay and returns - NO call to SeekMsg()! + +$fluid_bootloader: + b24: b500 push {lr} + b26: b082 sub sp, #8 + b28: 49f0 ldr r1, =0x83ff00 ; via 0xeec + b2a: 48d5 ldr r0, =0xffff5800 ; via 0xe80 + b2c: 6008 str r0, [r1, #0] + b2e: 2000 mov r0, #0 + b30: 2107 mov r1, #7 + b32: f000 f9a7 bl 0xe84 ; $uart_init + b36: 2000 mov r0, #0 + b38: 9001 str r0, [sp, #4] + b3a: 9000 str r0, [sp, #0] + b3c: 9900 ldr r1, [sp, #0] + b3e: 2005 mov r0, #5 + b40: 0400 lsl r0, r0, #16 + b42: 4281 cmp r1, r0 + b44: d20a bcs 0xb5c + b46: 9801 ldr r0, [sp, #4] + b48: 3001 add r0, #1 + b4a: 9001 str r0, [sp, #4] + b4c: 9800 ldr r0, [sp, #0] + b4e: 3001 add r0, #1 + b50: 9000 str r0, [sp, #0] + b52: 9900 ldr r1, [sp, #0] + b54: 2005 mov r0, #5 + b56: 0400 lsl r0, r0, #16 + b58: 4281 cmp r1, r0 + b5a: d3f4 bcc 0xb46 + b5c: b002 add sp, #8 + b5e: bd00 pop {pc} + +$SeekMsg: + b60: b500 push {lr} + b62: b086 sub sp, #24 ; 0x18 + b64: 48f4 ldr r0, =0x800100 ; via 0xf38 + b66: 9005 str r0, [sp, #20] ; 0x14 + b68: 201b mov r0, #27 ; 0x1b + b6a: f000 f935 bl 0xdd8 + b6e: 20f6 mov r0, #246 ; 0xf6 + b70: f000 f932 bl 0xdd8 + b74: 2002 mov r0, #2 + b76: f000 f92f bl 0xdd8 + b7a: 2000 mov r0, #0 + b7c: f000 f92c bl 0xdd8 + b80: 2041 mov r0, #65 ; 0x41 + b82: f000 f929 bl 0xdd8 + b86: 2001 mov r0, #1 + b88: f000 f926 bl 0xdd8 + b8c: 2040 mov r0, #64 ; 0x40 + b8e: f000 f923 bl 0xdd8 + b92: 2001 mov r0, #1 + b94: 0300 lsl r0, r0, #12 + b96: f000 f937 bl 0xe08 + b9a: 281b cmp r0, #27 ; 0x1b + b9c: d000 beq 0xba0 + b9e: e0bc b 0xd1a + ba0: 2001 mov r0, #1 + ba2: 0300 lsl r0, r0, #12 + ba4: f000 f930 bl 0xe08 + ba8: 28f6 cmp r0, #246 ; 0xf6 + baa: d000 beq 0xbae + bac: e0b5 b 0xd1a + bae: 2001 mov r0, #1 + bb0: 0300 lsl r0, r0, #12 + bb2: f000 f929 bl 0xe08 + bb6: 2802 cmp r0, #2 + bb8: d000 beq 0xbbc + bba: e0ae b 0xd1a + bbc: 2001 mov r0, #1 + bbe: 0300 lsl r0, r0, #12 + bc0: f000 f922 bl 0xe08 + bc4: 2800 cmp r0, #0 + bc6: d000 beq 0xbca + bc8: e0a7 b 0xd1a + bca: 2001 mov r0, #1 + bcc: 0300 lsl r0, r0, #12 + bce: f000 f91b bl 0xe08 + bd2: 2852 cmp r0, #82 ; 0x52 + bd4: d000 beq 0xbd8 + bd6: e0a0 b 0xd1a + bd8: 2001 mov r0, #1 + bda: 0300 lsl r0, r0, #12 + bdc: f000 f914 bl 0xe08 + be0: 2801 cmp r0, #1 + be2: d000 beq 0xbe6 + be4: e099 b 0xd1a + be6: 2001 mov r0, #1 + be8: 0300 lsl r0, r0, #12 + bea: f000 f90d bl 0xe08 + bee: 2853 cmp r0, #83 ; 0x53 + bf0: d000 beq 0xbf4 + bf2: e092 b 0xd1a + bf4: 201b mov r0, #27 ; 0x1b + bf6: f000 f8ef bl 0xdd8 + bfa: 20f6 mov r0, #246 ; 0xf6 + bfc: f000 f8ec bl 0xdd8 + c00: 2002 mov r0, #2 + c02: f000 f8e9 bl 0xdd8 + c06: 2000 mov r0, #0 + c08: f000 f8e6 bl 0xdd8 + c0c: 2041 mov r0, #65 ; 0x41 + c0e: f000 f8e3 bl 0xdd8 + c12: 2002 mov r0, #2 + c14: f000 f8e0 bl 0xdd8 + c18: 2043 mov r0, #67 ; 0x43 + c1a: f000 f8dd bl 0xdd8 + c1e: 2001 mov r0, #1 + c20: 0300 lsl r0, r0, #12 + c22: f000 f8f1 bl 0xe08 + c26: 4669 mov r1, sp + c28: 7208 strb r0, [r1, #8] + c2a: 4668 mov r0, sp + c2c: 2102 mov r1, #2 + c2e: 7441 strb r1, [r0, #17] ; 0x11 + c30: 2000 mov r0, #0 + c32: 9000 str r0, [sp, #0] + c34: 9800 ldr r0, [sp, #0] + c36: 2802 cmp r0, #2 + c38: d216 bcs 0xc68 + c3a: 2001 mov r0, #1 + c3c: 0300 lsl r0, r0, #12 + c3e: f000 f8e3 bl 0xe08 + c42: 466a mov r2, sp + c44: 9900 ldr r1, [sp, #0] + c46: 1a51 sub r1, r2, r1 + c48: 7348 strb r0, [r1, #13] ; 0xd + c4a: 4668 mov r0, sp + c4c: 9900 ldr r1, [sp, #0] + c4e: 1a40 sub r0, r0, r1 + c50: 7b40 ldrb r0, [r0, #13] ; 0xd + c52: 4669 mov r1, sp + c54: 7c49 ldrb r1, [r1, #17] ; 0x11 + c56: 4048 eor r0, r1 + c58: 4669 mov r1, sp + c5a: 7448 strb r0, [r1, #17] ; 0x11 + c5c: 9800 ldr r0, [sp, #0] + c5e: 3001 add r0, #1 + c60: 9000 str r0, [sp, #0] + c62: 9800 ldr r0, [sp, #0] + c64: 2802 cmp r0, #2 + c66: d3e8 bcc 0xc3a + c68: 4668 mov r0, sp + c6a: 8980 ldrh r0, [r0, #12] ; 0xc + c6c: 466a mov r2, sp + c6e: 1e41 sub r1, r0, #1 + c70: 8191 strh r1, [r2, #12] ; 0xc + c72: 2800 cmp r0, #0 + c74: d016 beq 0xca4 + c76: 2001 mov r0, #1 + c78: 0300 lsl r0, r0, #12 + c7a: f000 f8c5 bl 0xe08 + c7e: 9905 ldr r1, [sp, #20] ; 0x14 + c80: 7008 strb r0, [r1, #0] + c82: 9805 ldr r0, [sp, #20] ; 0x14 + c84: 7801 ldrb r1, [r0, #0] + c86: 4668 mov r0, sp + c88: 7c40 ldrb r0, [r0, #17] ; 0x11 + c8a: 4041 eor r1, r0 + c8c: 4668 mov r0, sp + c8e: 7441 strb r1, [r0, #17] ; 0x11 + c90: 9805 ldr r0, [sp, #20] ; 0x14 + c92: 3001 add r0, #1 + c94: 9005 str r0, [sp, #20] ; 0x14 + c96: 4668 mov r0, sp + c98: 8982 ldrh r2, [r0, #12] ; 0xc + c9a: 4669 mov r1, sp + c9c: 1e50 sub r0, r2, #1 + c9e: 8188 strh r0, [r1, #12] ; 0xc + ca0: 2a00 cmp r2, #0 + ca2: d1e8 bne 0xc76 + ca4: 2001 mov r0, #1 + ca6: 0300 lsl r0, r0, #12 + ca8: f000 f8ae bl 0xe08 + cac: 4669 mov r1, sp + cae: 7408 strb r0, [r1, #16] ; 0x10 + cb0: 4668 mov r0, sp + cb2: 7c01 ldrb r1, [r0, #16] ; 0x10 + cb4: 7c40 ldrb r0, [r0, #17] ; 0x11 + cb6: 4281 cmp r1, r0 + cb8: d015 beq 0xce6 + cba: 201b mov r0, #27 ; 0x1b + cbc: f000 f88c bl 0xdd8 + cc0: 20f6 mov r0, #246 ; 0xf6 + cc2: f000 f889 bl 0xdd8 + cc6: 2002 mov r0, #2 + cc8: f000 f886 bl 0xdd8 + ccc: 2000 mov r0, #0 + cce: f000 f883 bl 0xdd8 + cd2: 2045 mov r0, #69 ; 0x45 + cd4: f000 f880 bl 0xdd8 + cd8: 2053 mov r0, #83 ; 0x53 + cda: f000 f87d bl 0xdd8 + cde: 2016 mov r0, #22 ; 0x16 + ce0: f000 f87a bl 0xdd8 + ce4: e019 b 0xd1a + ce6: 201b mov r0, #27 ; 0x1b + ce8: f000 f876 bl 0xdd8 + cec: 20f6 mov r0, #246 ; 0xf6 + cee: f000 f873 bl 0xdd8 + cf2: 2002 mov r0, #2 + cf4: f000 f870 bl 0xdd8 + cf8: 2000 mov r0, #0 + cfa: f000 f86d bl 0xdd8 + cfe: 2041 mov r0, #65 ; 0x41 + d00: f000 f86a bl 0xdd8 + d04: 2003 mov r0, #3 + d06: f000 f867 bl 0xdd8 + d0a: 2042 mov r0, #66 ; 0x42 + d0c: f000 f864 bl 0xdd8 + d10: 4876 ldr r0, =0x83ff00 ; via 0xeec + d12: 6800 ldr r0, [r0, #0] + d14: 4990 ldr r1, =0x800100 ; via 0xf58 + d16: f000 f85e bl 0xdd6 + d1a: b006 add sp, #24 ; 0x18 + d1c: bd00 pop {pc} + +$FTM_Tool_check: + d1e: b500 push {lr} + d20: b081 sub sp, #4 + d22: 2066 mov r0, #102 ; 0x66 + d24: f000 f858 bl 0xdd8 + d28: 2074 mov r0, #116 ; 0x74 + d2a: f000 f855 bl 0xdd8 + d2e: 206d mov r0, #109 ; 0x6d + d30: f000 f852 bl 0xdd8 + d34: 2074 mov r0, #116 ; 0x74 + d36: f000 f84f bl 0xdd8 + d3a: 206f mov r0, #111 ; 0x6f + d3c: f000 f84c bl 0xdd8 + d40: 206f mov r0, #111 ; 0x6f + d42: f000 f849 bl 0xdd8 + d46: 206c mov r0, #108 ; 0x6c + d48: f000 f846 bl 0xdd8 + d4c: 4983 ldr r1, =0x83ff80 ; via 0xf5c + d4e: 2000 mov r0, #0 + d50: 7008 strb r0, [r1, #0] + d52: 9000 str r0, [sp, #0] + d54: 9800 ldr r0, [sp, #0] + d56: 0c00 lsr r0, r0, #16 + d58: d105 bne 0xd66 + d5a: 9800 ldr r0, [sp, #0] + d5c: 3001 add r0, #1 + d5e: 9000 str r0, [sp, #0] + d60: 9800 ldr r0, [sp, #0] + d62: 0c00 lsr r0, r0, #16 + d64: d0f9 beq 0xd5a + d66: 2007 mov r0, #7 + d68: 0400 lsl r0, r0, #16 + d6a: f000 f84d bl 0xe08 + d6e: 2879 cmp r0, #121 ; 0x79 + d70: d10e bne 0xd90 + d72: 2001 mov r0, #1 + d74: 0300 lsl r0, r0, #12 + d76: f000 f847 bl 0xe08 + d7a: 2865 cmp r0, #101 ; 0x65 + d7c: d108 bne 0xd90 + d7e: 2001 mov r0, #1 + d80: 0300 lsl r0, r0, #12 + d82: f000 f841 bl 0xe08 + d86: 2873 cmp r0, #115 ; 0x73 + d88: d102 bne 0xd90 + d8a: 4874 ldr r0, =0x83ff80 ; via 0xf5c + d8c: 2101 mov r1, #1 + d8e: 7001 strb r1, [r0, #0] + d90: f000 f8ce bl 0xf30 + d94: 2800 cmp r0, #0 + d96: d00d beq 0xdb4 + d98: 206d mov r0, #109 ; 0x6d + d9a: f000 f81d bl 0xdd8 + d9e: 206f mov r0, #111 ; 0x6f + da0: f000 f81a bl 0xdd8 + da4: 2064 mov r0, #100 ; 0x64 + da6: f000 f817 bl 0xdd8 + daa: 2065 mov r0, #101 ; 0x65 + dac: f000 f814 bl 0xdd8 + db0: 206d mov r0, #109 ; 0x6d + db2: e00c b 0xdce + db4: 2065 mov r0, #101 ; 0x65 + db6: f000 f80f bl 0xdd8 + dba: 2072 mov r0, #114 ; 0x72 + dbc: f000 f80c bl 0xdd8 + dc0: 2072 mov r0, #114 ; 0x72 + dc2: f000 f809 bl 0xdd8 + dc6: 206f mov r0, #111 ; 0x6f + dc8: f000 f806 bl 0xdd8 + dcc: 2072 mov r0, #114 ; 0x72 + dce: f000 f803 bl 0xdd8 + dd2: b001 add sp, #4 + dd4: bd00 pop {pc} + +$jump: + dd6: 4708 bx r1 + +$putchar: ; static + dd8: b081 sub sp, #4 + dda: 4669 mov r1, sp + ddc: 7008 strb r0, [r1, #0] + dde: 4843 ldr r0, =0x83ff00 ; via 0xeec + de0: 6800 ldr r0, [r0, #0] + de2: 7940 ldrb r0, [r0, #5] + de4: 0980 lsr r0, r0, #6 + de6: d3fa bcc 0xdde + de8: 4840 ldr r0, =0x83ff00 ; via 0xeec + dea: 6800 ldr r0, [r0, #0] + dec: 4669 mov r1, sp + dee: 7809 ldrb r1, [r1, #0] + df0: 7001 strb r1, [r0, #0] + df2: b001 add sp, #4 + df4: 46f7 mov pc, lr + +$getchar: + df6: 483d ldr r0, =0x83ff00 ; via 0xeec + df8: 6800 ldr r0, [r0, #0] + dfa: 7940 ldrb r0, [r0, #5] + dfc: 0840 lsr r0, r0, #1 + dfe: d3fa bcc 0xdf6 + e00: 483a ldr r0, =0x83ff00 ; via 0xeec + e02: 6800 ldr r0, [r0, #0] + e04: 7800 ldrb r0, [r0, #0] + e06: 4770 bx lr + +$getchar_timeout: + e08: b083 sub sp, #12 ; 0xc + e0a: 9000 str r0, [sp, #0] + e0c: 9800 ldr r0, [sp, #0] + e0e: 9002 str r0, [sp, #8] + e10: 4836 ldr r0, =0x83ff00 ; via 0xeec + e12: 6800 ldr r0, [r0, #0] + e14: 7940 ldrb r0, [r0, #5] + e16: 0840 lsr r0, r0, #1 + e18: d20c bcs 0xe34 + e1a: 9802 ldr r0, [sp, #8] + e1c: 3801 sub r0, #1 + e1e: 9002 str r0, [sp, #8] + e20: 9802 ldr r0, [sp, #8] + e22: 2800 cmp r0, #0 + e24: d101 bne 0xe2a + e26: 20ff mov r0, #255 ; 0xff + e28: e007 b 0xe3a + e2a: 4830 ldr r0, =0x83ff00 ; via 0xeec + e2c: 6800 ldr r0, [r0, #0] + e2e: 7940 ldrb r0, [r0, #5] + e30: 0840 lsr r0, r0, #1 + e32: d3f2 bcc 0xe1a + e34: 482d ldr r0, =0x83ff00 ; via 0xeec + e36: 6800 ldr r0, [r0, #0] + e38: 7800 ldrb r0, [r0, #0] + e3a: b003 add sp, #12 ; 0xc + e3c: 4770 bx lr + +$UartTimeout: + e3e: b081 sub sp, #4 + e40: e001 b 0xe46 + e42: 9800 ldr r0, [sp, #0] + e44: 3801 sub r0, #1 + e46: 9000 str r0, [sp, #0] + e48: 4828 ldr r0, =0x83ff00 ; via 0xeec + e4a: 6800 ldr r0, [r0, #0] + e4c: 7940 ldrb r0, [r0, #5] + e4e: 0840 lsr r0, r0, #1 + e50: d202 bcs 0xe58 + e52: 9800 ldr r0, [sp, #0] + e54: 2800 cmp r0, #0 + e56: dcf4 bgt 0xe42 + e58: 9800 ldr r0, [sp, #0] + e5a: 2800 cmp r0, #0 + e5c: dd01 ble 0xe62 + e5e: 2000 mov r0, #0 + e60: e000 b 0xe64 + e62: 2001 mov r0, #1 + e64: b001 add sp, #4 + e66: 4770 bx lr + +$hardware_init: + e68: b082 sub sp, #8 + e6a: 9000 str r0, [sp, #0] + e6c: 4669 mov r1, sp + e6e: 2000 mov r0, #0 + e70: 7188 strb r0, [r1, #6] + e72: 9900 ldr r1, [sp, #0] + e74: 483a ldr r0, =0xfffef000 ; via 0xf60 + e76: 8800 ldrh r0, [r0, #0] + e78: 8008 strh r0, [r1, #0] + e7a: b002 add sp, #8 + e7c: 4770 bx lr + e7e: 46c0 nop (mov r8, r8) + +<portion not analyzed yet> + +; start.obj .text:v$3 section, matches familiar versions + +_sta_select_application: + 1d90: e92d4000 stmdb sp!, {lr} + 1d94: e28fe001 add lr, pc, #1 + 1d98: e12fff1e bx lr + 1d9c: f7fe fe99 bl 0xad2 ; $sta_select_application + 1da0: 4778 bx pc + 1da2: 46c0 nop (mov r8, r8) + 1da4: e8bd8000 ldmia sp!, {pc} + +<1DA8-1EFF: all FFs> + + 1f00: 00000001 + +<1F04-end: all FFs>