Context Navigation

boot.c @ 1716

Revision 1639, 46.9 KB checked in by philmoz, 17 months ago (diff)
Set SVN properties on newly added directories and files.
Property svn:eol-style set to `native`

Line
1	#include "lolevel.h"
2	#include "platform.h"
3	#include "core.h"
4
5	const char * const new_sa = &_end;
6
7	/* Our stuff */
8	extern long wrs_kernel_bss_start;
9	extern long wrs_kernel_bss_end;
10
11	// Forward declarations
12	void CreateTask_blinker();
13	void CreateTask_PhySw();
14	void CreateTask_spytask();
15
16	void boot();
17	void __attribute__((naked,noinline)) task_blinker();
18	extern void __attribute__((naked,noinline)) task_CaptSeqTask_my();
19	void dump_chdk();
20
21	////////////////////////////////////////////////////////////////////////////////
22	// Note to developers:
23	// The code below is just somewhat annotated in an attempt to figure out what
24	// the camera does. I left it in, it might be of some use to someone someday.
25	// Occasionally, I added the .ltorg directive, because the compiler/assembler
26	// isn't smart enough to place it somewhere sensible. Remember to bypass
27	// (B new_location) that directive if you really MUST place it in the middle
28	// of your code.
29	////////////////////////////////////////////////////////////////////////////////
30
31
32	void boot() {
33	// long canon_data_src = (void)0xFFEEAFD0;
34	long canon_data_src = (void)0xFFEEAFD0; //** different than 1.00b
35
36	long canon_data_dst = (void)0x1900;
37	long canon_data_len = 0xdf7c - 0x1900; // data_end - data_start
38	long canon_bss_start = (void)0xdf7c; // just after data
39	long canon_bss_len = 0xd4ec8 - 0xdf7c;
40
41	long i;
42
43	// Code taken from VxWorks CHDK. Changes CPU speed?
44	asm volatile (
45
46	"MRC p15, 0, R0,c1,c0\n"
47	"ORR R0, R0, #0x1000\n"
48	"ORR R0, R0, #4\n"
49	"ORR R0, R0, #1\n"
50	"MCR p15, 0, R0,c1,c0\n"
51	:::"r0");
52
53	for(i=0;i<canon_data_len/4;i++)
54	canon_data_dst[i]=canon_data_src[i];
55
56	for(i=0;i<canon_bss_len/4;i++)
57	canon_bss_start[i]=0;
58
59	asm volatile ("B sub_FFC001A4_my\n");
60	};
61
62	void __attribute__((naked,noinline)) sub_FFC001A4_my() {
63	asm volatile (
64	"LDR R0, =0xFFC0021C\n"
65	"MOV R1, #0\n"
66	"LDR R3, =0xFFC00254\n"
67
68	"loc_FFC001B0:\n"
69	"CMP R0, R3\n"
70	"LDRCC R2, [R0],#4\n"
71	"STRCC R2, [R1],#4\n"
72	"BCC loc_FFC001B0\n"
73	"LDR R0, =0xFFC00254\n"
74	"MOV R1, #0x4B0\n"
75	"LDR R3, =0xFFC00468\n"
76
77	"loc_FFC001CC:\n"
78	"CMP R0, R3\n"
79	"LDRCC R2, [R0],#4\n"
80	"STRCC R2, [R1],#4\n"
81	"BCC loc_FFC001CC\n"
82	"MOV R0, #0xD2\n"
83	"MSR CPSR_cxsf, R0\n"
84	"MOV SP, #0x1000\n"
85	"MOV R0, #0xD3\n"
86	"MSR CPSR_cxsf, R0\n"
87	"MOV SP, #0x1000\n"
88	"LDR R0, =0x6C4\n"
89	"LDR R2, =0xEEEEEEEE\n"
90	"MOV R3, #0x1000\n"
91
92	"loc_FFC00200:\n"
93	"CMP R0, R3\n"
94	"STRCC R2, [R0],#4\n"
95	"BCC loc_FFC00200\n"
96	"BL sub_FFC00F98_my\n"
97	);
98	}
99
100	void __attribute__((naked,noinline)) sub_FFC00F98_my() {
101
102	asm volatile (
103	"STR LR, [SP,#-0x4]!\n"
104	"SUB SP, SP, #0x74\n"
105	"MOV R0, SP\n"
106	"MOV R1, #0x74\n"
107	"BL sub_FFE71838\n"
108	"MOV R0, #0x53000\n"
109	"STR R0, [SP,#0x74-0x70]\n"
110	);
111	asm volatile (
112	"LDR R0, =new_sa\n"
113	"LDR R0, [R0]\n"
114	);
115
116	asm volatile (
117	"LDR R2, =0x279C00\n"
118	"LDR R1, =0x2724A8\n"
119	"STR R0, [SP,#0x74-0x6C]\n"
120	"SUB R0, R1, R0\n"
121	"ADD R3, SP, #0x74-0x68\n"
122	"STR R2, [SP,#0x74-0x74]\n"
123	"STMIA R3, {R0-R2}\n"
124	"MOV R0, #0x22\n"
125	"STR R0, [SP,#0x74-0x5C]\n"
126	"MOV R0, #0x68\n"
127	"STR R0, [SP,#0x74-0x58]\n"
128	"LDR R0, =0x19B\n"
129	"LDR R1, =sub_FFC04D90_my\n"
130	"STR R0, [SP,#0x74-0x54]\n"
131	"MOV R0, #0x96\n"
132	"STR R0, [SP,#0x74-0x50]\n"
133	"MOV R0, #0x78\n"
134	"STR R0, [SP,#0x74-0x4C]\n"
135	"MOV R0, #0x64\n"
136	"STR R0, [SP,#0x74-0x48]\n"
137	"MOV R0, #0\n"
138	"STR R0, [SP,#0x74-0x44]\n"
139	"STR R0, [SP,#0x74-0x40]\n"
140	"MOV R0, #0x10\n"
141	"STR R0, [SP,#0x74-0x18]\n"
142	"MOV R0, #0x800\n"
143	"STR R0, [SP,#0x74-0x14]\n"
144	"MOV R0, #0xA0\n"
145	"STR R0, [SP,#0x74-0x10]\n"
146	"MOV R0, #0x280\n"
147	"STR R0, [SP,#0x74-0xC]\n"
148	"MOV R0, SP\n"
149	"MOV R2, #0\n"
150	"BL sub_FFC02D3C\n"
151	"ADD SP, SP, #0x74\n"
152	"LDR PC, [SP],#4\n"
153	);
154	}
155
156
157	void __attribute__((naked,noinline)) sub_FFC04D90_my() {
158	asm volatile (
159
160	"STMFD SP!, {R4,LR}\n"
161	"BL sub_FFC00944\n"
162	"BL sub_FFC09708\n" // _dmSetup
163	"CMP R0, #0\n"
164	"LDRLT R0, =0xFFC04EA4\n"
165	"BLLT sub_FFC04E84\n" // err_init_task
166	"BL sub_FFC049B8\n" // termDriverInit
167	"CMP R0, #0\n"
168	"LDRLT R0, =0xFFC04EAC\n"
169	"BLLT sub_FFC04E84\n" // err_init_task
170	"LDR R0, =0xFFC04EBC\n"
171	"BL sub_FFC04AA0\n" // termDeviceCreate
172	"CMP R0, #0\n"
173	"LDRLT R0, =0xFFC04EC4\n"
174	"BLLT sub_FFC04E84\n" // err_init_task
175	"LDR R0, =0xFFC04EBC\n"
176	"BL sub_FFC0354C\n" // stdioSetup
177	"CMP R0, #0\n"
178	"LDRLT R0, =0xFFC04ED8\n"
179	"BLLT sub_FFC04E84\n" // err_init_task
180	"BL sub_FFC09290\n" // stdlibSetup
181	"CMP R0, #0\n"
182	"LDRLT R0, =0xFFC04EE4\n"
183	"BLLT sub_FFC04E84\n" // err_init_task
184	"BL sub_FFC0147C\n" // armlib_setup
185	"CMP R0, #0\n"
186	"LDRLT R0, =0xFFC04EF0\n"
187	"BLLT sub_FFC04E84\n" // err_init_task
188	"LDMFD SP!, {R4,LR}\n"
189	//"B sub_FFC0D9F0\n" // CreateTaskStartup
190	"B sub_FFC0CD6C_my\n" // +---------------------> Hook
191	);
192	};
193
194	void __attribute__((naked,noinline)) sub_FFC0CD6C_my() {
195	asm volatile (
196	"STMFD SP!, {R3,LR}\n"
197	"BL sub_FFC11198\n"
198	"BL sub_FFC18AE0\n"
199	"CMP R0, #0\n"
200	"BNE loc_FFC0CDA0\n"
201	"BL sub_FFC11194\n"
202	"CMP R0, #0\n"
203	"BNE loc_FFC0CDA0\n"
204	// "LDR R1, =0xC0022000\n"
205	"LDR R1, =0xC0220000 \n" //** different than 1.00b
206	"MOV R0, #0x44\n"
207	"STR R0, [R1,#0xA4]\n"
208	"STR R0, [R1,#0xA0]\n"
209
210	"loc_FFC0CD9C:\n"
211	"B loc_FFC0CD9C\n"
212
213	"loc_FFC0CDA0:\n"
214	"BL sub_FFC111A0\n"
215	"BL sub_FFC1119C\n"
216	"BL sub_FFC16E70\n"
217	"LDR R1, =0x2CE000\n"
218	"MOV R0, #0\n"
219	"BL sub_FFC170B8\n"
220	"BL sub_FFC17064\n"
221	"MOV R3, #0\n"
222	"STR R3, [SP]\n"
223	"LDR R3, =sub_FFC0CD10_my\n" // +---------------------> Hook
224	"MOV R2, #0\n"
225	"MOV R1, #0x19\n"
226	"LDR R0, =0xFFC0CDE8\n"
227	"BL sub_FFC0B8C0\n" // CreateTask
228	"MOV R0, #0\n"
229	"LDMFD SP!, {R12,PC}\n"
230	".ltorg\n"
231	);
232	}
233	void __attribute__((naked,noinline)) sub_FFC0CD10_my() {
234	asm volatile (
235	"STMFD SP!, {R4,LR}\n"
236	"BL sub_FFC0515C\n"
237	"BL sub_FFC12304\n"
238	"BL sub_FFC10BE0\n"
239	"BL sub_FFC18B20\n"
240	"BL sub_FFC18CE8\n"
241	);
242
243	CreateTask_spytask();
244
245	asm volatile (
246	//"BL sub_FFC18BA8\n"
247	"BL sub_FFC18EA0\n"
248	"BL sub_FFC18D38\n"
249	"BL sub_FFC16164\n"
250	"BL sub_FFC18EA4\n"
251	);
252
253	CreateTask_PhySw();
254	//CreateTask_blinker();
255
256	asm volatile (
257	//"BL sub_FFC11094\n"
258	"BL sub_FFC141EC_my\n" // +---------------------> Hook (in capt_seq.c)
259	//"BL sub_FFC141EC\n" // +---------------------> Hook (in capt_seq.c)
260	"BL sub_FFC18EBC\n"
261	"BL sub_FFC0FC08\n"
262	"BL sub_FFC10530\n"
263	"BL sub_FFC188C0\n"
264	"BL sub_FFC10B90\n"
265	"BL sub_FFC1044C\n"
266	"BL sub_FFC19944_my\n" // +---> MAJOR HOOK (SDHC boot)
267	"BL sub_FFC10424\n"
268	"LDMFD SP!, {R4,LR}\n"
269	"B sub_FFC0505C\n"
270	".ltorg\n"
271	);
272	}
273
274	void CreateTask_spytask() {
275	_CreateTask("SpyTask", 0x19, 0x2000, core_spytask, 0);
276	};
277
278
279	void CreateTask_PhySw() {
280	_CreateTask("PhySw", 0x2, 0x800, mykbd_task, 0);
281	};
282
283	void __attribute__((naked,noinline)) sub_FFC141EC_my() {
284	asm volatile (
285	"STMFD SP!, {R4,LR}\n"
286	"LDR R4, =0x1BF8\n"
287	"MOV R0, #0\n"
288	"MOV R1, #4\n"
289	"STR R0, [R4,#0xC]\n"
290	"BL sub_FFC0BBF0\n"
291	"STR R0, [R4, #4]\n"
292	"MOV R0, #0\n"
293	"MOV R1, #1\n"
294	"BL sub_FFC0BC14\n"
295	"STR R0, [R4,#8]\n"
296	"BL sub_FFC4EC00\n"
297	"BL sub_FFC4FC40\n"
298	"BL sub_FFC4DD20\n"
299	"BL sub_FFC4A028_my\n" // Taskcreate_captseqtask called from this one
300	"BL sub_FFC4EECC\n"
301	// "LDR R0, [R4]\n"
302	"LDR R0, [R4, #4] \n" //** different than 1.00b
303	"LDMFD SP!, {R4,LR}\n"
304	"MOV R1, #0x1000\n"
305	"B sub_FFC166AC\n"
306	);
307	}
308
309	void __attribute__((naked,noinline)) sub_FFC4A028_my() {
310	asm volatile (
311	"STMFD SP!, {R4,LR}\n"
312	"LDR R4, =0x515C\n"
313	"LDR R0, [R4]\n"
314	"CMP R0, #0\n"
315	"BNE loc_FFC4A094\n"
316	"BL sub_FFC4D0E4\n"
317	"MOV R1, #1\n"
318	"MOV R0, #0\n"
319	"BL sub_FFC0BC14\n"
320	"STR R0, [R4,#8]\n"
321	"MOV R0, #0\n"
322	"MOV R1, #0\n"
323	"BL sub_FFC0BBF0\n"
324	"STR R0, [R4,#0xC]\n"
325	"BL sub_FFC4A38C\n"
326	"BL sub_FFC4A8E4\n"
327	"MOV R0, #0\n"
328	"STR R0, [R4,#4]\n"
329	"ADD R0, R4, #0x10\n"
330	"MOV R1, #0\n"
331	"STR R1, [R0],#4\n"
332	"STR R1, [R0]\n"
333	"BL sub_FFC4AA74\n"
334	"BL sub_FFC4F07C\n"
335	"BL sub_FFC4D444\n"
336	"BL sub_FFC4B46C_my\n"
337	"BL sub_FFC4C344\n"
338
339	"loc_FFC4A094:\n"
340	"MOV R0, #1\n"
341	"STR R0, [R4]\n"
342	"LDMFD SP!, {R4,PC}\n"
343	);
344	}
345
346	void __attribute__((naked,noinline)) sub_FFC4B46C_my() {
347	asm volatile (
348	"STMFD SP!, {R3-R5,LR}\n"
349	"LDR R2, =0x18C1C\n"
350	"MOV R0, #0\n"
351	"MOV R1, #0\n"
352	"loc_FFC4B47C:\n"
353	"ADD R3, R2, R0,LSL#4\n"
354	"ADD R0, R0, #1\n"
355	"CMP R0, #5\n"
356	"STR R1, [R3,#8]\n"
357	"BCC loc_FFC4B47C\n"
358	"BL sub_FFC4BEA8\n"
359	"BL sub_FFD0CE1C\n"
360	"MOV R1, #5\n"
361	"MOV R0, #0\n"
362	"BL sub_FFC0BBCC\n"
363	"LDR R4, =0x5190\n"
364	"LDR R1, =0x101DFF\n"
365	"STR R0, [R4,#8]\n"
366	"MOV R0, #0\n"
367	"BL sub_FFC0BBF0\n"
368	"STR R0, [R4,#4]\n"
369	"MOV R0, #0\n"
370	"MOV R1, #1\n"
371	"BL sub_FFC0BC14\n"
372	"STR R0, [R4,#0xC]\n"
373	"MOV R3, #0\n"
374	"STR R3, [SP]\n"
375	"LDR R3, =task_CaptSeqTask_my\n"
376	"LDR R0, =0xFFC4B6A8\n"
377	"MOV R2, #0x1000\n"
378	"MOV R1, #0x17\n"
379	"BL sub_FFC0BB98\n"
380	"LDMFD SP!, {R3-R5,PC}\n"
381
382	);
383	}
384
385
386	/////////////////////////////////////////////////////////////////////////////////////
387	// Major SDHC boot fix hook starts here
388	//
389	// Paths that certainly do not (by itself) get the SDHC booting going:
390	// sub_FFC1E570 -> sub_FFC14D18 -> sub_FFC14A60 -> sub_FFC6BF78 (entire 'right subtree')
391	// sub_FFC1E570 -> sub_FFC1E120 -> sub_FFC6AC88 -> sub_FFC6A340 -> sub_FFC6BF78 (shortest path (subroutine-count-wise) through 'left subtree')
392	// sub_FFC1E570 -> sub_FFC1E120 -> sub_FFC6AC88 -> sub_FFC6A80C -> sub_FFC6A340 -> sub_FFC6BF78 (sub_FFC6A80C does not appear to be called)
393	//
394	// Unexplored:
395	// sub_FFC1E570 -> sub_FFC1E120 -> sub_FFC6BD48 -> sub_FFC6BB94 -> sub_FFC6AC88 -> -> sub_FFC6A340 -> sub_FFC6BF78
396	// -> sub_FFC6A80C ->
397	//
398	// Final, working path:
399	// sub_FFC1E570 -> sub_FFC1E120 -> sub_FFC6BD48 -> sub_FFC6BB94 -> sub_FFC6AC88 -> sub_FFC6A340 -> sub_FFC6BF78
400	//
401	// That's the 'tree'-part, the rest of the subroutines are just straight on down, no junctions.
402	// -> sub_FFC6BF28 -> sub_FFC64FDC -> sub_FFC46910 -> sub_FFC4674C -> sub_FFC465E4
403	/////////////////////////////////////////////////////////////////////////////////////
404
405	void __attribute__((naked,noinline)) sub_FFC19944_my() {
406	asm volatile (
407	"STMFD SP!, {R4,LR}\n"
408	"BL sub_FFC5D7AC\n"
409	"BL sub_FFC34778\n"
410	"CMP R0, #1\n"
411	"BNE loc_FFC19964\n"
412	"BL sub_FFC607DC\n"
413	"LDMFD SP!, {R4,LR}\n"
414	"B sub_FFC34804\n"
415
416	"loc_FFC19964:\n"
417	"BL sub_FFC5F974\n"
418	"LDR R4, =0x1D10\n"
419	"LDR R0, [R4,#4]\n"
420	"CMP R0, #0\n"
421	"LDMNEFD SP!, {R4,PC}\n"
422	"MOV R1, #0\n"
423	"LDR R0, =sub_FFC194A0_my\n" // +----> Hook for SDHC booting
424	"BL sub_FFC5BC6C\n"
425	"STR R0, [R4,#4]\n"
426	"LDMFD SP!, {R4,PC}\n"
427	);
428	}
429
430	void __attribute__((naked,noinline)) sub_FFC194A0_my() {
431	asm volatile (
432	"STMFD SP!, {R3-R11,LR}\n"
433	"LDR R6, =0x1D10\n"
434	"MOV R5, R1\n"
435	"LDR R0, [R6,#0x14]\n"
436	"MOV R4, R3\n"
437	"CMP R0, #1\n"
438	"BNE loc_FFC194C4\n"
439	"BL sub_FFC5E014\n"
440	"B loc_FFC1954C\n"
441
442	"loc_FFC194C4:\n"
443	"LDR R10, =0x1167\n"
444	"MOV R7, #0\n"
445	"CMP R5, R10\n"
446	"MOV R8, #1\n"
447	"ADD R9, R10, #1\n"
448	"BEQ loc_FFC1980C\n"
449	"BGT loc_FFC19610\n"
450	"LDR R12, =0x10AD\n"
451	"CMP R5, R12\n"
452	"BEQ loc_FFC198AC\n"
453	"BGT loc_FFC19594\n"
454	"LDR R12, =0x1003\n"
455	"CMP R5, R12\n"
456	"BEQ loc_FFC19890\n"
457	"BGT loc_FFC19554\n"
458	"SUB R12, R5, #0x800\n"
459	"SUBS R12, R12, #3\n"
460	"BEQ loc_FFC19724\n"
461	"SUB R12, R5, #0x800\n"
462	"SUBS R12, R12, #0x158\n"
463	"BEQ loc_FFC19928\n"
464	"LDR R4, =0x9A3\n"
465	"CMP R5, R4\n"
466	"SUBNE R12, R5, #0x900\n"
467	"SUBNES R12, R12, #0xA5\n"
468	"BNE loc_FFC196F0\n"
469	"LDR R0, [R6,#0xC]\n"
470	"SUB R12, R0, #0x8000\n"
471	"SUBS R12, R12, #2\n"
472	"BEQ loc_FFC1954C\n"
473	"LDR R0, =0x10A5\n"
474	"BL sub_FFC5CADC\n"
475	"CMP R0, #0\n"
476	"BEQ loc_FFC1986C\n"
477
478	"loc_FFC1954C:\n"
479	"MOV R0, #0\n"
480	"LDMFD SP!, {R3-R11,PC}\n"
481
482	"loc_FFC19554:\n"
483	"SUB R12, R5, #0x1000\n"
484	"SUBS R12, R12, #0x5\n"
485	"BEQ loc_FFC1958C\n"
486	"SUB R12, R5, #0x1000\n"
487	"LDR R0, =0x10A3\n"
488	"SUBS R12, R12, #0xA9\n"
489	"BEQ loc_FFC198A0\n"
490	"SUB R12, R5, #0x1000\n"
491	"SUBS R12, R12, #0xAA\n"
492	"BNE loc_FFC196F0\n"
493	"BL sub_FFC5CADC\n"
494	"CMP R0, #0\n"
495	"BNE loc_FFC1954C\n"
496
497	"loc_FFC19588:\n"
498	"BL sub_FFC19D20\n"
499
500	"loc_FFC1958C:\n"
501	"MOV R1, R4\n"
502	"B loc_FFC19878\n"
503
504	"loc_FFC19594:\n"
505	"LDR R12, =0x10B2\n"
506	"CMP R5, R12\n"
507	"LDREQ R0, =0x1008\n"
508	"MOVEQ R1, R4\n"
509	"BEQ loc_FFC19898\n"
510	"BGT loc_FFC195D4\n"
511	"SUB R12, R5, #0x1000\n"
512	"SUBS R12, R12, #0xAE\n"
513	"BEQ loc_FFC19588\n"
514	"SUB R12, R5, #0x1000\n"
515	"SUBS R12, R12, #0xAF\n"
516	"BEQ loc_FFC198AC\n"
517	"SUB R12, R5, #0x1000\n"
518	"SUBS R12, R12, #0xB0\n"
519	"BEQ loc_FFC19588\n"
520	"B loc_FFC196F0\n"
521
522	"loc_FFC195D4:\n"
523	"SUB R12, R5, #0x1100\n"
524	"SUBS R12, R12, #0x62\n"
525	"BEQ loc_FFC19880\n"
526	"SUB R12, R5, #0x1100\n"
527	"SUBS R12, R12, #0x63\n"
528	"MOVEQ R1, #0\n"
529	"MOVEQ R0, #0x82\n"
530	"BEQ loc_FFC19608\n"
531	"SUB R12, R5, #0x1100\n"
532	"SUBS R12, R12, #0x65\n"
533	"BNE loc_FFC196F0\n"
534	"MOV R1, #0\n"
535	"MOV R0, #0x83\n"
536
537	"loc_FFC19608:\n"
538	"BL sub_FFC61E54\n"
539	"B loc_FFC1954C\n"
540
541	"loc_FFC19610:\n"
542	"LDR R11, =0x201B\n"
543	"LDR R0, =0x1D10\n"
544	"ADD R12, R11, #2\n"
545	"LDR R1, [R0,#0x20]\n"
546	"CMP R5, R12\n"
547	"SUB R10, R11, #0x17\n"
548	"BEQ loc_FFC198F4\n"
549	"BGT loc_FFC1969C\n"
550	"CMP R5, R10\n"
551	"MOV R0, R10\n"
552	"BEQ loc_FFC19900\n"
553	"BGT loc_FFC19664\n"
554	"CMP R5, R9\n"
555	"BEQ loc_FFC1980C\n"
556	"LDR R8, =0x116A\n"
557	"CMP R5, R8\n"
558	"BEQ loc_FFC19858\n"
559	"SUB R12, R5, #0x2000\n"
560	"SUBS R12, R12, #2\n"
561	"BNE loc_FFC196F0\n"
562	"B loc_FFC198F4\n"
563
564	"loc_FFC19664:\n"
565	"SUB R12, R5, #0x2000\n"
566	"SUBS R12, R12, #5\n"
567	"BEQ loc_FFC198F4\n"
568	"LDR R2, =0x1D10\n"
569	"SUB R12, R5, #0x2000\n"
570	"LDR R2, [R2,#0x10]\n"
571	"SUBS R12, R12, #0x19\n"
572	"BEQ loc_FFC198D8\n"
573	"CMP R5, R11\n"
574	"BNE loc_FFC196F0\n"
575	"CMP R2, #1\n"
576	"BNE loc_FFC1958C\n"
577	"BL sub_FFC5E048\n"
578	"B loc_FFC1954C\n"
579
580	"loc_FFC1969C:\n"
581	"LDR R12, =0x3111\n"
582	"CMP R5, R12\n"
583	"BEQ loc_FFC1958C\n"
584	"BGT loc_FFC196D0\n"
585	"LDR R0, =0x2027\n"
586	"CMP R5, R0\n"
587	"BEQ loc_FFC198B8\n"
588	"SUB R12, R5, #0x3000\n"
589	"SUBS R12, R12, #6\n"
590	"SUBNE R12, R5, #0x3000\n"
591	"SUBNES R12, R12, #0x110\n"
592	"BEQ loc_FFC1958C\n"
593	"B loc_FFC196F0\n"
594
595	"loc_FFC196D0:\n"
596	"CMP R5, #0x3140\n"
597	"BEQ loc_FFC1991C\n"
598	"SUB R12, R5, #0x3200\n"
599	"SUBS R12, R12, #1\n"
600	"BEQ loc_FFC19874\n"
601	"SUB R12, R5, #0x3200\n"
602	"SUBS R12, R12, #2\n"
603	"BEQ loc_FFC1958C\n"
604
605	"loc_FFC196F0:\n"
606	"MOV R0, R5\n"
607	"BL sub_FFC19D50\n"
608	"CMP R0, #0\n"
609	"BEQ loc_FFC19874\n"
610	"LDR R0, =0x1061\n"
611	"CMP R5, R0\n"
612	"BEQ loc_FFC198E8\n"
613	"MOV R0, R5\n"
614	"BL sub_FFC19D50\n"
615	"CMP R0, #0\n"
616	"LDRNE R0, =0x1065\n"
617	// "MOV R0, #-1\n"
618	"MVNEQ R0, #0 \n" //** different than 1.00b
619	"B loc_FFC198E8\n"
620
621	"loc_FFC19724:\n"
622	"MOV R4, #1\n"
623	"MOV R0, #2\n"
624	"BL sub_FFC5D840\n"
625	"CMP R0, #1\n"
626	"MOVEQ R4, #2\n"
627	"MOV R0, R4\n"
628	"BL sub_FFC107A4\n"
629	"CMP R0, #0\n"
630	"STRNE R8, [R6,#0x14]\n"
631	"BNE loc_FFC1977C\n"
632	"BL sub_FFC63488\n"
633	"BL sub_FFC611C0\n"
634	"BL sub_FFC61D7C\n"
635	"BL sub_FFC60A78\n"
636	"BL sub_FFC62398\n"
637	"CMP R0, #0\n"
638	"BEQ loc_FFC197EC\n"
639	"BL sub_FFC19150\n"
640	"BL sub_FFC621F4\n"
641	"MOV R1, R0\n"
642	"MOV R0, R10\n"
643	"BL sub_FFC5C45C\n"
644
645	"loc_FFC1977C:\n"
646	"MOV R0, R7\n"
647	"LDMFD SP!, {R3-R11,PC}\n"
648
649	"loc_FFC197EC:\n"
650	"BL sub_FFC1477C\n"
651	"CMP R0, #1\n"
652	"LDRNE R0, =0x310B\n"
653	"LDREQ R0, =0x310C\n"
654	"MOV R1, #0\n"
655	"BL sub_FFC5C45C\n"
656	"BL sub_FFC604A4_my\n" // +----> Hook for SDHC booting
657	"B loc_FFC1977C\n"
658
659	"loc_FFC1980C:\n"
660	"MOV R1, #0\n"
661	"MOV R0, #0x53\n"
662	"STR R8, [R6,#0x10]\n"
663	"BL sub_FFC676C4\n"
664	"LDR R0, [R6,#0x20]\n"
665	"LDR R4, =0x4508\n"
666	"CMP R0, #0\n"
667	"BEQ loc_FFC19840\n"
668	"BL sub_FFC5E048\n"
669	"B loc_FFC1984C\n"
670
671
672	"loc_FFC19834:\n"
673	"MOV R0, R4\n"
674	"BL sub_FFC48CA8\n"
675	"B loc_FFC1954C\n"
676
677	"loc_FFC19840:\n"
678	"BL sub_FFC6143C\n"
679	"BL sub_FFC613A0\n"
680	"BL sub_FFC144A8\n"
681
682	"loc_FFC1984C:\n"
683	"CMP R5, R9\n"
684	"BNE loc_FFC1954C\n"
685	"B loc_FFC19834\n"
686
687	"loc_FFC19858:\n"
688	"MOV R0, #1\n"
689	"BL sub_FFC5E174\n"
690	"LDR R0, =0x1005\n"
691	"MOV R1, R8\n"
692	"B loc_FFC19898\n"
693	"loc_FFC1986C:\n"
694	"CMP R5, R4\n"
695	"STREQ R8, [R6,#0x30]\n"
696	"loc_FFC19874:\n"
697	"MOV R1, #0\n"
698	"loc_FFC19878:\n"
699	"MOV R0, R5\n"
700	"B loc_FFC19898\n"
701	"loc_FFC19880:\n"
702	"BL sub_FFC6559C\n"
703	"CMP R0, #0\n"
704	"BLNE sub_FFC643F0\n"
705	"B loc_FFC1958C\n"
706	"loc_FFC19890:\n"
707	"BL sub_FFC19404\n"
708	"MOV R1, R4\n"
709	"loc_FFC19898:\n"
710	"BL sub_FFC5F6C0_my\n"
711	"LDMFD SP!, {R3-R11,PC}\n"
712	"loc_FFC198A0:\n"
713	"BL sub_FFC5CADC\n"
714	"CMP R0, #0\n"
715	"BNE loc_FFC1954C\n"
716	"loc_FFC198AC:\n"
717	"MOV R0, R5\n"
718	"BL sub_FFC1921C\n"
719	"LDMFD SP!, {R3-R11,PC}\n"
720	"loc_FFC198B8:\n"
721	"MOV R1, #0\n"
722	"BL sub_FFC5F6C0_my\n"
723	"MOV R1, #0\n"
724	"MOV R0, R11\n"
725	"BL sub_FFC5F6C0_my\n"
726	"MOV R1, #0\n"
727	"MOV R0, R10\n"
728	"B loc_FFC198EC\n"
729	"loc_FFC198D8:\n"
730	"CMP R1, #0\n"
731	"BEQ loc_FFC1954C\n"
732	"CMP R2, #0\n"
733	"BNE loc_FFC1954C\n"
734	"loc_FFC198E8:\n"
735	"MOV R1, #0\n"
736	"loc_FFC198EC:\n"
737	"BL sub_FFC5F6C0_my\n"
738	"B loc_FFC1954C\n"
739	"loc_FFC198F4:\n"
740	"STR R7, [R6,#0x20]\n"
741	"BL sub_FFC19B1C\n"
742	"B loc_FFC1958C\n"
743	"loc_FFC19900:\n"
744	"STR R7, [R6,#0x20]\n"
745	"BL sub_FFC19B1C\n"
746	"LDR R0, [R6,#0x10]\n"
747	"CMP R0, #1\n"
748	"BNE loc_FFC1958C\n"
749	"BL sub_FFC5E08C\n"
750	"B loc_FFC1954C\n"
751	"loc_FFC1991C:\n"
752	"CMP R1, #0\n"
753	"BLEQ sub_FFC19B1C\n"
754	"B loc_FFC1954C\n"
755	"loc_FFC19928:\n"
756	"TST R4, #0x80000000\n"
757	"MOVNE R0, #1\n"
758	"LDMNEFD SP!, {R3-R11,PC}\n"
759	"BL sub_FFC668A4\n"
760	"CMP R0, #0\n"
761	"BLEQ sub_FFC16074\n"
762	"B loc_FFC1954C\n"
763	);
764	}
765	void __attribute__((naked,noinline)) sub_FFC604A4_my() {
766	asm volatile (
767	"STMFD SP!, {R4,LR}\n"
768	"BL sub_FFC19ADC\n"
769	"MOV R4, R0\n"
770	"BL sub_FFC605C8\n"
771	"MOV R0, R4\n"
772	"BL sub_FFC60358\n"
773	"BL sub_FFC19ADC\n"
774	"MOV R4, R0\n"
775	"LDR R0, =0x56AC\n"
776	"LDR R0, [R0]\n"
777	"TST R0, #1\n"
778	"TSTEQ R0, #0x10\n"
779	"BEQ loc_FFC604E4\n"
780	"loc_FFC604D8:\n"
781	"MOV R1, R4\n"
782	"MOV R0, #2\n"
783	"B loc_FFC60528\n"
784	"loc_FFC604E4:\n"
785	"TST R0, #0x40\n"
786	"BEQ loc_FFC604F8\n"
787	"loc_FFC604EC:\n"
788	"MOV R1, R4\n"
789	"MOV R0, #1\n"
790	"B loc_FFC60528\n"
791	"loc_FFC604F8:\n"
792	"TST R0, #0x20\n"
793	"BEQ loc_FFC60514\n"
794	"TST R0, #0x4000\n"
795	"BNE loc_FFC60514\n"
796	"loc_FFC60508:\n"
797	"MOV R1, R4\n"
798	"MOV R0, #0\n"
799	"B loc_FFC60528\n"
800	"loc_FFC60514:\n"
801	"LDR R1, =0x102\n"
802	"BICS R1, R1, R0\n"
803	"BNE loc_FFC60530\n"
804	"MOV R1, R4\n"
805	"MOV R0, #6\n"
806	"loc_FFC60528:\n"
807	"LDMFD SP!, {R4,LR}\n"
808	"B sub_FFC602F4_my\n" // +----> Hook for SDHC booting
809	"loc_FFC60530:\n"
810	"TST R0, #0x100\n"
811	"BNE loc_FFC604D8\n"
812	"TST R0, #0x4000\n"
813	"TSTEQ R0, #0x400\n"
814	"BNE loc_FFC604EC\n"
815	"TST R0, #0x200\n"
816	"TSTEQ R0, #2\n"
817	"BNE loc_FFC60508\n"
818	"TST R0, #0x40000\n"
819	"BEQ loc_FFC604D8\n"
820	"TST R0, #0x200000\n"
821	"MOVEQ R1, R4\n"
822	"MOVEQ R0, #1\n"
823	"BLEQ sub_FFC602F4_my\n" // +----> Hook for SDHC booting
824	"B loc_FFC604D8\n"
825	);
826	}
827
828
829	void __attribute__((naked,noinline)) sub_FFC602F4_my() {
830	asm volatile (
831	"STMFD SP!, {R4-R6,LR}\n"
832	"MOVS R4, R0\n"
833	"MOV R0, #1\n"
834	"MOV R5, R1\n"
835	"BNE loc_FFC60334\n"
836	"MOV R1, #0\n"
837	"MOV R0, #0\n"
838	"BL sub_FFC5D7D0\n"
839	"BL sub_FFC19ADC\n"
840	"SUB R12, R0, #0x1000\n"
841	"SUBS R12, R12, #0x5B\n"
842	"BNE loc_FFC6032C\n"
843	"loc_FFC60324:\n"
844	"BL sub_FFC60228\n"
845	"B loc_FFC6033C\n"
846	"loc_FFC6032C:\n"
847	"BL sub_FFC60288\n"
848	"B loc_FFC6033C\n"
849	"loc_FFC60334:\n"
850	"CMP R4, #5\n"
851	"BEQ loc_FFC60324\n"
852	"loc_FFC6033C:\n"
853	"CMP R0, #0\n"
854	"LDREQ R5, =0x1162\n"
855	"MOVEQ R4, #2\n"
856	"MOV R0, R4\n"
857	"MOV R1, R5\n"
858	"LDMFD SP!, {R4-R6,LR}\n"
859	"B sub_FFC5F6C0_my\n" // +----> Hook for SDHC booting
860	);
861	}
862
863	void __attribute__((naked,noinline)) sub_FFC5F6C0_my() {
864	asm volatile (
865	"STMFD SP!, {R4-R8,LR}\n"
866	"MOV R8, R1\n"
867	"MOV R4, R0\n"
868	"BL sub_FFC19B10\n"
869	"CMP R0, #0\n"
870	"BNE loc_FFC5F96C\n"
871	"MOV R1, R8\n"
872	"MOV R0, R4\n"
873	"BL sub_FFC5E36C\n"
874	"LDR R5, =0x55E0\n"
875	"MOV R7, #1\n"
876	"LDR R0, [R5,#0x10]\n"
877	"MOV R6, #0\n"
878	"CMP R0, #0x16\n"
879	"ADDLS PC, PC, R0,LSL#2\n"
880	"B loc_FFC5F96C\n"
881	"loc_FFC5F700:\n"
882	"B loc_FFC5F75C\n"
883	"loc_FFC5F704:\n"
884	"B loc_FFC5F778\n"
885	"loc_FFC5F708:\n"
886	"B loc_FFC5F7BC\n"
887	"loc_FFC5F70C:\n"
888	"B loc_FFC5F83C\n"
889	"loc_FFC5F710:\n"
890	"B loc_FFC5F84C\n"
891	"loc_FFC5F714:\n"
892	"B loc_FFC5F96C\n"
893	"loc_FFC5F718:\n"
894	"B loc_FFC5F96C\n"
895	"loc_FFC5F71C:\n"
896	"B loc_FFC5F8C8\n"
897	"loc_FFC5F720:\n"
898	"B loc_FFC5F76C\n"
899	"loc_FFC5F724:\n"
900	"B loc_FFC5F96C\n"
901	"loc_FFC5F728:\n"
902	"B loc_FFC5F8C8\n"
903	"loc_FFC5F72C:\n"
904	"B loc_FFC5F7B0\n"
905	"loc_FFC5F730:\n"
906	"B loc_FFC5F96C\n"
907	"loc_FFC5F734:\n"
908	"B loc_FFC5F96C\n"
909	"loc_FFC5F738:\n"
910	"B loc_FFC5F7C8\n"
911	"loc_FFC5F73C:\n"
912	"B loc_FFC5F7D4\n"
913	"loc_FFC5F740:\n"
914	"B loc_FFC5F80C\n"
915	"loc_FFC5F744:\n"
916	"B loc_FFC5F784\n"
917	"loc_FFC5F748:\n"
918	"B loc_FFC5F954\n"
919	"loc_FFC5F74C:\n"
920	"B loc_FFC5F8D4\n"
921	"loc_FFC5F750:\n"
922	"B loc_FFC5F904\n"
923	"loc_FFC5F754:\n"
924	"B loc_FFC5F904\n"
925	"loc_FFC5F758:\n"
926	"B loc_FFC5F858\n"
927	"loc_FFC5F75C:\n"
928	"MOV R1, R8\n"
929	"MOV R0, R4\n"
930	"LDMFD SP!, {R4-R8,LR}\n"
931	"B sub_FFC5EEF8_my\n" // +----> Hook for SDHC booting
932	"loc_FFC5F76C:\n"
933	"MOV R0, R4\n"
934	"LDMFD SP!, {R4-R8,LR}\n"
935	"B sub_FFC60004\n"
936	"loc_FFC5F778:\n"
937	"MOV R0, R4\n"
938	"LDMFD SP!, {R4-R8,LR}\n"
939	"B sub_FFC5EAB8\n"
940	"loc_FFC5F784:\n"
941	"SUB R12, R4, #0x1000\n"
942	"SUBS R12, R12, #0xA5\n"
943	"STREQ R7, [R5,#0x88]\n"
944	"BEQ loc_FFC5F964\n"
945	"SUB R12, R4, #0x3000\n"
946	"SUBS R12, R12, #6\n"
947	"BNE loc_FFC5F96C\n"
948	"MOV R0, #0\n"
949	"BL sub_FFC18FB4\n"
950	"BL sub_FFC5FE6C\n"
951	"B loc_FFC5F964\n"
952	"loc_FFC5F7B0:\n"
953	"MOV R0, R4\n"
954	"LDMFD SP!, {R4-R8,LR}\n"
955	"B sub_FFC5FEA4\n"
956	"loc_FFC5F7BC:\n"
957	"MOV R0, R4\n"
958	"LDMFD SP!, {R4-R8,LR}\n"
959	"B sub_FFC5EC9C\n"
960	"loc_FFC5F7C8:\n"
961	"MOV R0, R4\n"
962	"LDMFD SP!, {R4-R8,LR}\n"
963	"B sub_FFC5F2F4\n"
964	"loc_FFC5F7D4:\n"
965	"SUB R12, R4, #0x3200\n"
966	"SUBS R12, R12, #2\n"
967	"BNE loc_FFC5F96C\n"
968	"MOV R0, #3\n"
969	"BL sub_FFC5E250\n"
970	"MOV R0, #8\n"
971	"BL sub_FFC18F14\n"
972	"MOV R1, #0\n"
973	"MOV R0, #0x19\n"
974	"BL sub_FFC270C8\n"
975	"BL sub_FFC6143C\n"
976	"BL sub_FFC616D8\n"
977	"BL sub_FFC60AE8\n"
978	"B loc_FFC5F964\n"
979
980	"loc_FFC5F80C:\n"
981	"SUB R12, R4, #0x3300\n"
982	"SUBS R12, R12, #1\n"
983	"BNE loc_FFC5F96C\n"
984	"LDR R0, =0x4010\n"
985	"STR R6, [R5,#0x80]\n"
986	"BL sub_FFC18F14\n"
987	"BL sub_FFD6CD30\n"
988	"BL sub_FFC61474\n"
989	"BL sub_FFC60AE8\n"
990	"MOV R0, #4\n"
991	"BL sub_FFC5E250\n"
992	"B loc_FFC5F964\n"
993	"loc_FFC5F83C:\n"
994	"MOV R1, R8\n"
995	"MOV R0, R4\n"
996	"LDMFD SP!, {R4-R8,LR}\n"
997	"B sub_FFC5F450\n"
998	"loc_FFC5F84C:\n"
999	"MOV R0, R4\n"
1000	"LDMFD SP!, {R4-R8,LR}\n"
1001	"B sub_FFC5F550\n"
1002	"loc_FFC5F858:\n"
1003	"LDR R8, =0x1182\n"
1004	"CMP R4, R8\n"
1005	"STREQ R7, [R5,#0xB8]\n"
1006	"BEQ loc_FFC5F964\n"
1007	"SUB R12, R4, #0x1000\n"
1008	"SUBS R12, R12, #0x1AC\n"
1009	"BEQ loc_FFC5F8B0\n"
1010	"SUB R12, R4, #0x3000\n"
1011	"SUBS R12, R12, #0x224\n"
1012	"BNE loc_FFC5F96C\n"
1013	"MOV R0, #8\n"
1014	"BL sub_FFC18F14\n"
1015	"MOV R0, #3\n"
1016	"BL sub_FFC5E250\n"
1017	"STR R6, [R5,#0xBC]\n"
1018	"LDR R0, [R5,#0xB8]\n"
1019	"CMP R0, #0\n"
1020	"MOVNE R1, #0\n"
1021	"MOVNE R0, R8\n"
1022	"STRNE R6, [R5,#0xB8]\n"
1023	"BLNE sub_FFC5F450\n"
1024	"B loc_FFC5F964\n"
1025	"loc_FFC5F8B0:\n"
1026	"LDR R0, [R5,#0xBC]\n"
1027	"CMP R0, #0\n"
1028	"BNE loc_FFC5F964\n"
1029	"BL sub_FFD6AF4C\n"
1030	"STR R7, [R5,#0xBC]\n"
1031	"B loc_FFC5F964\n"
1032	"loc_FFC5F8C8:\n"
1033	"MOV R0, R4\n"
1034	"LDMFD SP!, {R4-R8,LR}\n"
1035	"B sub_FFC5F214\n"
1036	"loc_FFC5F8D4:\n"
1037	"LDR R12, =0x10B0\n"
1038	"CMP R4, R12\n"
1039	"BEQ loc_FFC5F900\n"
1040	"BGT loc_FFC5F90C\n"
1041	"CMP R4, #4\n"
1042	"BEQ loc_FFC5F934\n"
1043	"SUB R12, R4, #0x1000\n"
1044	"SUBS R12, R12, #0xAA\n"
1045	"SUBNE R12, R4, #0x1000\n"
1046	"SUBNES R12, R12, #0xAE\n"
1047	"BNE loc_FFC5F96C\n"
1048	"loc_FFC5F900:\n"
1049	"BL sub_FFC5DF30\n"
1050	"loc_FFC5F904:\n"
1051	"MOV R0, R6\n"
1052	"LDMFD SP!, {R4-R8,PC}\n"
1053	"loc_FFC5F90C:\n"
1054	"SUB R12, R4, #0x2000\n"
1055	"SUBS R12, R12, #4\n"
1056	"BEQ loc_FFC5F94C\n"
1057	"SUB R12, R4, #0x5000\n"
1058	"SUBS R12, R12, #1\n"
1059	"SUBNE R12, R4, #0x5000\n"
1060	"SUBNES R12, R12, #6\n"
1061	"BNE loc_FFC5F96C\n"
1062	"BL sub_FFC5EA10\n"
1063	"B loc_FFC5F964\n"
1064	"loc_FFC5F934:\n"
1065	"LDR R0, [R5,#0x2C]\n"
1066	"CMP R0, #0\n"
1067	"BNE loc_FFC5F94C\n"
1068	"BL sub_FFC5FB1C\n"
1069	"BL sub_FFC143B4\n"
1070	"B loc_FFC5F964\n"
1071	"loc_FFC5F94C:\n"
1072	"BL sub_FFC5DF6C\n"
1073	"B loc_FFC5F964\n"
1074	"loc_FFC5F954:\n"
1075	"SUB R12, R4, #0x3000\n"
1076	"SUBS R12, R12, #0x130\n"
1077	"BNE loc_FFC5F96C\n"
1078	"BL sub_FFC5E014\n"
1079	"loc_FFC5F964:\n"
1080	"MOV R0, #0\n"
1081	"LDMFD SP!, {R4-R8,PC}\n"
1082	"loc_FFC5F96C:\n"
1083	"MOV R0, #1\n"
1084	"LDMFD SP!, {R4-R8,PC}\n"
1085	);
1086	}
1087
1088	void __attribute__((naked,noinline)) sub_FFC5EEF8_my() {
1089	asm volatile (
1090	"STMFD SP!, {R4-R8,LR}\n"
1091	"LDR R7, =0x8002\n"
1092	"LDR R4, =0x55E0\n"
1093	"CMP R0, #2\n"
1094	"MOV R6, R1\n"
1095	"MOV R5, #1\n"
1096	"BEQ loc_FFC5EF84\n"
1097	"BGT loc_FFC5EF6C\n"
1098	"CMP R0, #0\n"
1099	"BEQ loc_FFC5EFB0\n"
1100	"CMP R0, #1\n"
1101	"BNE loc_FFC5F048\n"
1102	"MOV R0, #8\n"
1103	"BL sub_FFC5E250\n"
1104	"BL sub_FFC6070C\n"
1105	"BL sub_FFC6129C\n"
1106	"LDR R1, =0xFFC5F19C\n"
1107	"MOV R0, #0x60\n"
1108	"BL sub_FFC5673C\n"
1109	"BL sub_FFC606D0_my\n" // +----> Hook for SDHC booting
1110	"BL sub_FFC607DC\n"
1111	"BL sub_FFC19A4C\n"
1112	"LDR R0, =0x4004\n"
1113	"BL sub_FFC18F14\n"
1114	"LDR R0, [R4,#0x68]\n"
1115	"CMP R0, #0\n"
1116	"BNE loc_FFC5F028\n"
1117	"BL sub_FFC1912C\n"
1118	"B loc_FFC5F02C\n"
1119	"loc_FFC5EF6C:\n"
1120	"CMP R0, #6\n"
1121	"STREQ R5, [R4,#0x28]\n"
1122	"BEQ loc_FFC5F03C\n"
1123	"SUB R12, R0, #0x2000\n"
1124	"SUBS R12, R12, #4\n"
1125	"BNE loc_FFC5F048\n"
1126	"loc_FFC5EF84:\n"
1127	"SUB R12, R6, #0x1100\n"
1128	"SUBS R12, R12, #0x62\n"
1129	"BNE loc_FFC5EFA0\n"
1130	"MOV R1, R7\n"
1131	"MOV R0, #0\n"
1132	"BL sub_FFC61E54\n"
1133	"STR R5, [R4,#0x60]\n"
1134	"loc_FFC5EFA0:\n"
1135	"BL sub_FFC6143C\n"
1136	"BL sub_FFC616D8\n"
1137	"BL sub_FFC5E9B0\n"
1138	"B loc_FFC5F040\n"
1139	"loc_FFC5EFB0:\n"
1140	"MOV R0, #7\n"
1141	"BL sub_FFC5E250\n"
1142	"MOV R0, R7\n"
1143	"BL sub_FFC18F14\n"
1144	"BL sub_FFC6070C\n"
1145	"BL sub_FFC6129C\n"
1146	"LDR R1, =0xFFC5F1AC\n"
1147	"MOV R0, #0x60\n"
1148	"STR R6, [R4,#0x18]\n"
1149	"BL sub_FFC5673C\n"
1150	"LDR R1, =0xFFC5F1B8\n"
1151	"MOV R0, #0x60\n"
1152	"BL sub_FFC5673C\n"
1153	"STR R5, [R4,#0x28]\n"
1154	"BL sub_FFC190BC\n"
1155	"BL sub_FFC18FDC\n"
1156	"LDR R0, [R4,#0x1C]\n"
1157	"LDR R1, [R4,#0x20]\n"
1158	"ORRS R0, R0, R1\n"
1159	"BLNE sub_FFC5FAF8\n"
1160	"LDR R0, [R4,#0x68]\n"
1161	"CMP R0, #0\n"
1162	"BNE loc_FFC5F014\n"
1163	"BL sub_FFC1912C\n" //taskcreate_StartupImage
1164	"B loc_FFC5F01C\n"
1165	"loc_FFC5F014:\n"
1166	"BL sub_FFC14250\n"
1167	"BL sub_FFC19A84\n"
1168	"loc_FFC5F01C:\n"
1169	"BL sub_FFC606D0_my\n" // +----> Hook for SDHC booting
1170	"BL sub_FFC60748\n"
1171	"B loc_FFC5F040\n"
1172	"loc_FFC5F028:\n"
1173	"BL sub_FFC14250\n"
1174	"loc_FFC5F02C:\n"
1175	"BL sub_FFC60778\n"
1176	"LDR R0, [R4,#0x30]\n"
1177	"CMP R0, #0\n"
1178	"BEQ loc_FFC5F040\n"
1179	"loc_FFC5F03C:\n"
1180	"BL sub_FFC5FB40\n"
1181	"loc_FFC5F040:\n"
1182	"MOV R0, #0\n"
1183	"LDMFD SP!, {R4-R8,PC}\n"
1184	"loc_FFC5F048:\n"
1185	"MOV R0, #1\n"
1186	"LDMFD SP!, {R4-R8,PC}\n"
1187	);
1188	}
1189
1190	void __attribute__((naked,noinline)) sub_FFC606D0_my() {
1191	asm volatile (
1192	// "LDR R0, =0x6380\n"
1193	"LDR R0, =0x56B8 \n" //** different than 1.00b
1194	"STMFD SP!, {R3,LR}\n"
1195	// "LDR R1, [R0,#0x10]\n"
1196	// "CMP R1, #1\n"
1197	// "BEQ locret_FFC60708\n"
1198	"LDR R1, [R0, #4] \n" //** different than 1.00b
1199	"CMP R1, #0 \n" //** different than 1.00b
1200	"BNE locret_FFC60708 \n" //** different than 1.00b
1201	"MOV R1, #1\n"
1202	"STR R1, [R0,#0x4]\n"
1203	"MOV R3, #0\n"
1204	"STR R3, [SP,#8-8]\n"
1205	"LDR R3, =sub_FFC60680_my\n" // +----> Hook for SDHC booting
1206	"MOV R1, #0x19\n"
1207	"LDR R0, =0xFFC60834\n"
1208	"MOV R2, #0x1000\n"
1209	"BL sub_FFC0B8C0\n"
1210	"locret_FFC60708:\n"
1211	"LDMFD SP!, {R12,PC}\n"
1212	);
1213	}
1214
1215	void __attribute__((naked,noinline)) sub_FFC60680_my() {
1216	asm volatile (
1217	"STMFD SP!, {R4-R6,LR}\n"
1218	"BL sub_FFC59D6C\n"
1219	"LDR R5, =0x5006\n"
1220	"MOVS R4, R0\n"
1221	"MOVNE R1, #0\n"
1222	"MOVNE R0, R5\n"
1223	"BLNE sub_FFC5C45C\n"
1224	"BL sub_FFC59D98\n" // +----> Hook for SDHC booting
1225
1226	"BL core_spytask_can_start\n" // +----> CHDK: Set "it's-safe-to-start"-Flag for spytask
1227
1228	"CMP R4, #0\n"
1229	"MOVEQ R0, R5\n"
1230	"LDMEQFD SP!, {R4-R6,LR}\n"
1231	"MOVEQ R1, #0\n"
1232	"BEQ sub_FFC5C45C\n"
1233	"LDMFD SP!, {R4-R6,PC}\n"
1234	);
1235	}
1236
1237	void __attribute__((naked,noinline)) sub_FFC59D98_my() {
1238	asm volatile (
1239	"STMFD SP!, {R4,LR}\n"
1240	"BL sub_FFC3FC50_my\n" // +----> Hook for SDHC booting
1241	"BL sub_FFCE9F34 \n" //** different than 1.00b - nullsub?
1242	"LDR R4, =0x5474\n"
1243	"LDR R0, [R4,#4]\n"
1244	"CMP R0, #0\n"
1245	"BNE loc_FFC59DCC\n"
1246	"BL sub_FFC3F118\n"
1247	"BL sub_FFCDFCFC\n"
1248	"BL sub_FFC3F118\n"
1249	"BL sub_FFC3AFEC\n"
1250	"BL sub_FFC3F018\n"
1251	"BL sub_FFCDFDC8\n"
1252	"loc_FFC59DCC:\n"
1253	"MOV R0, #1\n"
1254	"STR R0, [R4]\n"
1255	"LDMFD SP!, {R4,PC}\n"
1256	);
1257	}
1258
1259	void __attribute__((naked,noinline)) sub_FFC3FC50_my() {
1260	asm volatile (
1261	"STMFD SP!, {R4-R6,LR}\n"
1262	"MOV R6, #0\n"
1263	"MOV R0, R6\n"
1264	"BL sub_FFC3F710\n"
1265	"LDR R4, =0x176A4\n"
1266	"MOV R5, #0\n"
1267	"LDR R0, [R4,#0x38]\n"
1268	"BL sub_FFC40170\n"
1269	"CMP R0, #0\n"
1270	"LDREQ R0, =0x26F8\n"
1271	"STREQ R5, [R0,#0x10]\n"
1272	"STREQ R5, [R0,#0x14]\n"
1273	"STREQ R5, [R0,#0x18]\n"
1274	"MOV R0, R6\n"
1275	"BL sub_FFC3F750\n"
1276	"MOV R0, R6\n"
1277	"BL sub_FFC3FA8C_my\n" // +----> Hook for SDHC booting
1278	"MOV R5, R0\n"
1279	"MOV R0, R6\n"
1280	"BL sub_FFC3FAF8\n"
1281	"LDR R1, [R4,#0x3C]\n"
1282	"AND R2, R5, R0\n"
1283	"CMP R1, #0\n"
1284	"MOV R0, #0\n"
1285	"MOVEQ R0, #0x80000001\n"
1286	"BEQ loc_FFC3FCE4\n"
1287	"LDR R3, [R4,#0x2C]\n"
1288	"CMP R3, #2\n"
1289	"MOVEQ R0, #4\n"
1290	"CMP R1, #5\n"
1291	"ORRNE R0, R0, #1\n"
1292	"BICEQ R0, R0, #1\n"
1293	"CMP R2, #0\n"
1294	"BICEQ R0, R0, #2\n"
1295	"ORREQ R0, R0, #0x80000000\n"
1296	"BICNE R0, R0, #0x80000000\n"
1297	"ORRNE R0, R0, #2\n"
1298	"loc_FFC3FCE4:\n"
1299	"STR R0, [R4,#0x40]\n"
1300	"LDMFD SP!, {R4-R6,PC}\n"
1301	);
1302	}
1303
1304	void __attribute__((naked,noinline)) sub_FFC3FA8C_my() {
1305	asm volatile (
1306	"STMFD SP!, {R4-R6,LR}\n"
1307	"LDR R5, =0x26F8\n"
1308	"MOV R6, R0\n"
1309	"LDR R0, [R5,#0x14]\n"
1310	"CMP R0, #0\n"
1311	"MOVNE R0, #1\n"
1312	"LDMNEFD SP!, {R4-R6,PC}\n"
1313	"MOV R0, #0x17\n"
1314	"MUL R1, R0, R6\n"
1315	"LDR R0, =0x176A4\n"
1316	"ADD R4, R0, R1,LSL#2\n"
1317	"LDR R0, [R4,#0x38]\n"
1318	"MOV R1, R6\n"
1319	//"BL sub_FFC3F81C_my\n" // +----> Hook for SDHC booting
1320	"BL sub_FFC3F81C_my\n" // +----> Hook for SDHC booting
1321	"CMP R0, #0\n"
1322	"LDMEQFD SP!, {R4-R6,PC}\n"
1323	"LDR R0, [R4,#0x38]\n"
1324	"MOV R1, R6\n"
1325	"BL sub_FFC3F984\n"
1326	"CMP R0, #0\n"
1327	"LDMEQFD SP!, {R4-R6,PC}\n"
1328	"MOV R0, R6\n"
1329	"BL sub_FFC3F318\n"
1330	"CMP R0, #0\n"
1331	"MOVNE R1, #1\n"
1332	"STRNE R1, [R5,#0x14]\n"
1333	"LDMFD SP!, {R4-R6,PC}\n"
1334	);
1335	}
1336
1337	void __attribute__((naked,noinline)) sub_FFC3F81C_my() {
1338	asm volatile (
1339	"STMFD SP!, {R4-R8,LR}\n"
1340	"MOV R8, R0\n"
1341	"MOV R0, #0x17\n"
1342	"MUL R1, R0, R1\n"
1343	"LDR R0, =0x176A4\n"
1344	"MOV R6, #0\n"
1345	"ADD R7, R0, R1,LSL#2\n"
1346	"LDR R0, [R7,#0x3C]\n"
1347	"MOV R5, #0\n"
1348	"CMP R0, #6\n"
1349	"ADDLS PC, PC, R0,LSL#2\n"
1350	"B loc_FFC3F968\n"
1351	"loc_FFC3F84C:\n"
1352	"B loc_FFC3F880\n"
1353	"loc_FFC3F850:\n"
1354	"B loc_FFC3F868\n"
1355	"loc_FFC3F854:\n"
1356	"B loc_FFC3F868\n"
1357	"loc_FFC3F858:\n"
1358	"B loc_FFC3F868\n"
1359	"loc_FFC3F85C:\n"
1360	"B loc_FFC3F868\n"
1361	"loc_FFC3F860:\n"
1362	"B loc_FFC3F960\n"
1363	"loc_FFC3F864:\n"
1364	"B loc_FFC3F868\n"
1365	"loc_FFC3F868:\n"
1366	"MOV R2, #0\n"
1367	"MOV R1, #0x200\n"
1368	"MOV R0, #2\n"
1369	"BL sub_FFC53DBC\n"
1370	"MOVS R4, R0\n"
1371	"BNE loc_FFC3F888\n"
1372	"loc_FFC3F880:\n"
1373	"MOV R0, #0\n"
1374	"LDMFD SP!, {R4-R8,PC}\n"
1375	"loc_FFC3F888:\n"
1376	"LDR R12, [R7,#0x4C]\n"
1377	"MOV R3, R4\n"
1378	"MOV R2, #1\n"
1379	"MOV R1, #0\n"
1380	"MOV R0, R8\n"
1381
1382	//"BLX R12\n"
1383	"MOV LR, PC\n"
1384	"MOV PC, R12\n"
1385
1386	"CMP R0, #1\n"
1387	"BNE loc_FFC3F8B4\n"
1388	"MOV R0, #2\n"
1389	"BL sub_FFC53F08\n"
1390	"B loc_FFC3F880\n"
1391
1392	"loc_FFC3F8B4:\n"
1393	"MOV R0, R8\n"
1394	"BL sub_FFCF51D4\n"
1395
1396	// Start of DataGhost's FAT32 autodetection code
1397	// Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
1398	// According to the code below, we can use R1, R2, R3 and R12.
1399	// LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
1400	// that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
1401	"MOV R12, R4\n" // Copy the MBR start address so we have something to work with
1402	"MOV LR, R4\n" // Save old offset for MBR signature
1403	"MOV R1, #1\n" // Note the current partition number
1404	"B dg_sd_fat32_enter\n" // We actually need to check the first partition as well, no increments yet!
1405	"dg_sd_fat32:\n"
1406	"CMP R1, #4\n" // Did we already see the 4th partition?
1407	"BEQ dg_sd_fat32_end\n" // Yes, break. We didn't find anything, so don't change anything.
1408	"ADD R12, R12, #0x10\n" // Second partition
1409	"ADD R1, R1, #1\n" // Second partition for the loop
1410	"dg_sd_fat32_enter:\n"
1411	"LDRB R2, [R12, #0x1BE]\n" // Partition status
1412	"LDRB R3, [R12, #0x1C2]\n" // Partition type (FAT32 = 0xB)
1413	"CMP R3, #0xB\n" // Is this a FAT32 partition?
1414	"CMPNE R3, #0xC\n" // Not 0xB, is it 0xC (FAT32 LBA) then?
1415	"BNE dg_sd_fat32\n" // No, it isn't. Loop again.
1416	"CMP R2, #0x00\n" // It is, check the validity of the partition type
1417	"CMPNE R2, #0x80\n"
1418	"BNE dg_sd_fat32\n" // Invalid, go to next partition
1419	// This partition is valid, it's the first one, bingo!
1420	"MOV R4, R12\n" // Move the new MBR offset for the partition detection.
1421
1422	"dg_sd_fat32_end:\n"
1423	// End of DataGhost's FAT32 autodetection code
1424	"LDRB R1, [R4,#0x1C9]\n" // 4th byte of LBA
1425	"LDRB R3, [R4,#0x1C8]\n" // 3rd byte of LBA
1426	"LDRB R12, [R4,#0x1CC]\n" // 3rd byte of partition length
1427	"MOV R1, R1,LSL#24\n" // Shift and...
1428	"ORR R1, R1, R3,LSL#16\n" // combine LBA bytes (endianness fix)
1429	"LDRB R3, [R4,#0x1C7]\n" // 2nd byte of LBA
1430	"LDRB R2, [R4,#0x1BE]\n" // Partition status (0x00=nonboot, 0x80=boot, other=bad)
1431	//"LDRB LR, [R4,#0x1FF]\n" // Last MBR signature byte (0xAA)
1432	"ORR R1, R1, R3,LSL#8\n" // Combine more LBA bytes
1433	"LDRB R3, [R4,#0x1C6]\n" // 1st byte of LBA
1434	"CMP R2, #0\n" // Check partition status
1435	"CMPNE R2, #0x80\n" // and again
1436	"ORR R1, R1, R3\n" // Combine LBA into final value
1437	"LDRB R3, [R4,#0x1CD]\n" // 4th byte of partition length
1438	"MOV R3, R3,LSL#24\n" // Shift and...
1439	"ORR R3, R3, R12,LSL#16\n" // combine partition length bytes
1440	"LDRB R12, [R4,#0x1CB]\n" // 2nd byte of partition length
1441	"ORR R3, R3, R12,LSL#8\n" // Combine partition length bytes
1442	"LDRB R12, [R4,#0x1CA]\n" // 1st byte of partition length
1443	"ORR R3, R3, R12\n" // Combine partition length bytes into final value
1444	//"LDRB R12, [R4,#0x1FE]\n" // First MBR signature byte (0x55)
1445	"LDRB R12, [LR,#0x1FE]\n" // + First MBR signature byte (0x55), LR is original offset.
1446	"LDRB LR, [LR,#0x1FF]\n" // + Last MBR signature byte (0xAA), LR is original offset.
1447
1448	"MOV R4, #0\n" // This value previously held a pointer to the partition table :(
1449	"BNE loc_FFC3F93C\n" // Jump out if the partition is malformed (partition status \'other\')
1450	"CMP R0, R1\n"
1451	"BCC loc_FFC3F93C\n" // Jump out if R0 < R1 (probably checking for a valid LBA addr)
1452	"ADD R2, R1, R3\n" // R2 = partition start address + length = partition end address
1453	"CMP R2, R0\n" // Guess: CMPLS is used to check for an overflow, the partition end address cannot be negative.
1454	"CMPLS R12, #0x55\n" // Check MBR signature with original offset
1455	"CMPEQ LR, #0xAA\n" // Check MBR signature with original offset
1456	"MOVEQ R6, R1\n"
1457	"MOVEQ R5, R3\n"
1458	"MOVEQ R4, #1\n"
1459	"loc_FFC3F93C:\n"
1460	// "MOV R0, #3\n"
1461	"MOV R0, #2 \n" //** different than 1.00b
1462	"BL sub_FFC53F08\n"
1463	"CMP R4, #0\n"
1464	"BNE loc_FFC3F974\n"
1465	"MOV R6, #0\n"
1466	"MOV R0, R8\n"
1467	"BL sub_FFCF51D4\n"
1468	"MOV R5, R0\n"
1469	"B loc_FFC3F974\n"
1470	"loc_FFC3F960:\n"
1471	"MOV R5, #0x40\n"
1472	"B loc_FFC3F974\n"
1473	"loc_FFC3F968:\n"
1474	"LDR R1, =0x37A\n"
1475	"LDR R0, =0xFFC3F810\n"
1476	"BL sub_FFC0BD98\n"
1477	"loc_FFC3F974:\n"
1478	"STR R6, [R7,#0x44]!\n"
1479	"MOV R0, #1\n"
1480	"STR R5, [R7,#4]\n"
1481	"LDMFD SP!, {R4-R8,PC}\n"
1482	);
1483	}
1484
1485	////////////////////////////////////////////////////////////////////////////////
1486	// SDHC HOOK ENDS HERE
1487	////////////////////////////////////////////////////////////////////////////////
1488
1489	void CreateTask_blinker() {
1490	_CreateTask("Blinker", 0x1, 0x200, task_blinker, 0);
1491	};
1492
1493
1494	void __attribute__((naked,noinline)) task_blinker() {
1495
1496	volatile long p=(void)0xC02200CC;
1497
1498	int delay = 0x200000;
1499	int i;
1500
1501	while(1){
1502	p[0]=0x46;
1503	for(i=0;i<delay;i++){
1504	asm ("nop\n");
1505	asm ("nop\n");
1506	}
1507	p[0]=0x44;
1508	for(i=0;i<delay;i++){
1509	asm ("nop\n");
1510	asm ("nop\n");
1511	}
1512	}
1513	};
1514
1515	extern long _Fopen_Fut(const char filename, const char mode);
1516	extern long _Fwrite_Fut(const void *buf, long elsize, long count, long f);
1517	extern long Fread_Fut(void *buf, long elsize, long count, long f);
1518	extern long Fseek_Fut(long file, long offset, long whence);
1519	extern long _qDump(char* filename, long unused, long write_p2, long write_p3);

Note: See TracBrowser for help on using the repository browser.

chdk

Context Navigation

source: branches/release-1_0/platform/a1000/sub/100a/boot.c @ 1716

Download in other formats: