Zipit Z1
逆向loader.bin
整理如下:
.text
b reset
dcd 0xc0000000
dcd 0xc0028000
dcd 0x00002000
dcd 0x000f0000
dcd 0xc0020000
dcd 0xc0700000
dcd 0x00090000
dcd 0x00170000
dcd 0x00001000
dcd 0x00000000
dcd 0x00000000
reset:
mov sp, #0x60009600
mov r0, #0x80000000
mov r1, #0x40100
str r1, [r0, #0x100] ; SYSCON1 = 0x40100
mov r0, #0x80002200
ldr r1, [r0]
orr r1, r1, #6 ; SYSCON3|= 6
str r1, [r0]
nop
nop
nop
nop
nop
nop
mov r0, #0x80002600
mov r1, #0x31000000
str r1, [r0, #0x10] ; DAI64Fs = 0x31000000
nop
nop
nop
nop
mov r0, #0x80000000
mov r1, #0x60004
str r1, [r0, #0x4c0] ; UBRLCR1 = 0x60004
add r0, r0, #0x1000
str r1, [r0, #0x4c0] ; UBRLCR2 = 0x1000
mov r1, #0x100
str r1, [r0, #0x100] ; SYSCON2 = 0x100
mrc p15, 0, r5, c1, c0, 0 ; co-processor MMU
bic r5, r5, #0xd
mcr p15, 0, r5, c1, c0, 0
nop
nop
nop
nop
ldr r0, =loader_aeronix7312boo ; "aeronix 7312 bootloader\r\n with zipitp"...
bl uart2_send_string
mov r0, #0x80000000
mov r1, #0xc00000c
str r1, [r0, #0x180] ; MEMCFG1 = 0xc00000c
mov r0, #0x80000000
ldr r1, =0x29000200
str r1, [r0] ; PADR = 0x29000200
ldr r1, =0x200
str r1, [r0, #0x40] ; PADDR = 0x200
ldr r0, =loader_sizingmemory ; "sizing memory...\r\n"
bl uart2_send_string
mov r0, #0x80001100
ldr r1, [r0]
orr r1, r1, #4
str r1, [r0] ; SYSCON2|= 4
mov r0, #0x80002300
mov r1, #0x4e2
str r1, [r0] ; SDCONF = 0x4e2
mov r1, #0x168
str r1, [r0, #0x40] ; SDRFPR = 0x168
mov r0, #0xc0000000
ldr r1, =0x55aa55aa
str r1, [r0]
ldr r2, [r0]
cmp r1, r2
beq main
ldr r0, =loader_nomemorydetect ; "no memory detected - system halted!!\r\"...
bl uart2_send_string
mov r0, #0x80000000
ldr r1, [r0]
bic r1, r1, #0x300
str r1, [r0] ; PADR&= ~0x00000300
halt:
b halt
main:
mov r1, #0
mov r0, #0xc0000000
str r1, [r0]
mov r0, #0xc0000200
str r1, [r0]
mov r0, #0xc0000400
str r1, [r0]
mov r0, #0xc0400000
str r1, [r0]
mov r0, #0xc0800000
str r1, [r0]
mov r8, #8
mov r9, #0xb
ldr r1, =0x55aa55aa
mov r0, #0xc0000000
str r1, [r0]
mov r0, #0xc0000200
ldr r2, [r0]
cmp r1, r2
addne r8, r8, #1
mov r0, #0xc0000400
ldr r2, [r0]
cmp r1, r2
addne r8, r8, #1
mov r0, #0xc0400000
ldr r2, [r0]
cmp r1, r2
addne r9, r9, #1
mov r0, #0xc0800000
ldr r2, [r0]
cmp r1, r2
addne r9, r9, #1
orr r9, r9, r8, lsl#4
cmp r9, #0x9d
ldreq r0, =loader_sdram256mbit16 ; "sdram: 256mbit, 16mb x 16\r\n"
moveq r8, #0x562
moveq r10, #0x2000000
cmp r9, #0xad
ldreq r0, =loader_sdram256mbit32 ; "sdram: 256mbit, 32mb x 8\r\n"
moveq r8, #0x4e2
moveq r10, #0x2000000
cmp r9, #0x8c
ldreq r0, =loader_sdram64mbit4mb ; "sdram: 64mbit, 4mb x 16\r\n"
moveq r8, #0x522
moveq r10, #0x800000
cmp r9, #0x9c
ldreq r0, =loader_sdram128mbit8m ; "sdram: 128mbit, 8mb x 16\r\n"
moveq r8, #0x542
moveq r10, #0x1000000
bl uart2_send_string
mov r0, #0x80001100
ldr r1, [r0]
bic r1, r1, #4
str r1, [r0] ; SYSCON2&= ~0x00000004
mov r0, #0x80002300
mov r1, #0
str r1, [r0] ; SDCONF = 0
str r8, [r0]
mov r0, #0xc0000000
ldr r1, =0x55aa55aa
str r1, [r0]
ldr r2, [r0]
cmp r1, r2
addeq r10, r10, r10
movne r0, #0x80001100
ldrne r1, [r0]
orrne r1, r1, #4
strne r1, [r0] ; SYSCON2
ldreq r0, =loader_memorywidth32b ; "memory width: 32 bits\r\n"
ldrne r0, =loader_memorywidth16b ; "memory width: 16 bits\r\n"
bl uart2_send_string
ldr r0, =loader_memorysize ; "memory size: "
bl uart2_send_string
mov r0, r10, lsr #20
bl uart2_print_ulong
ldr r0, =loader_megs ; " megs\r\n"
bl uart2_send_string
ldr r0, =loader_clearingmemory ; "clearing memory\r\n"
bl uart2_send_string
mov r0, r10, lsr #16
mov r3, r10
and r0, r0, #0x200
and r3, r3, #0x1000000
mov r1, #0x80000000
ldr r2, [r1]
bic r2, r2, #0x200
bic r2, r2, #0x1000000
orr r2, r2, r0
orr r2, r2, r3
str r2, [r1]
ldr r1, =0xc0000000
mov r2, #0x100000
mov r0, #0
0:
str r0, [r1]
add r1, r1, #4
subs r2, r2, #4
bne 0b
ldr r0, =byte_820
mov r1, #0xc0000000
ldr r2, =0x4fa
1:
ldrb r3, [r0]
ldrb r4, [r0,#(byte_821 - 0x820)]
2:
strb r4, [r1]
add r1, r1, #1
sub r3, r3, #1
ands r3, r3, #0xff
bne 2b
add r0, r0, #2
subs r2, r2, #2
bne 1b
mov r0, #0x80000000
ldr r1, [r0, #0x100]
bic r1, r1, #0x1000
str r1, [r0, #0x100]
ldr r1, =0xe03a695f
str r1, [r0, #0x2c0]
mov r1, #0xc
add r0, r0, #0x1000
str r1, [r0]
sub r0, r0, #0x1000
ldr r1, =0x89abcdef
str r1, [r0,#0x540]
ldr r1, =0x1234567
str r1, [r0,#0x580]
ldr r1, [r0,#0x100]
orr r1, r1, #0x1000
str r1, [r0,#0x100]
ldr r0, =loader_copyingramdisk ; "copying ramdisk\r\n"
bl uart2_send_string
ldr r0, =0x90000
ldr r1, =0xc0700000
ldr r2, =0x170000
3:
ldr r3, [r0]
str r3, [r1]
add r0, r0, #4
add r1, r1, #4
subs r2, r2, #4
bne 3b
ldr r0, =loader_copyingkernel ; "copying kernel\r\n"
bl uart2_send_string
ldr r0, =0x2000
ldr r1, =0xc0028000
ldr r2, =0xf0000
4:
ldr r3, [r0]
str r3, [r1]
add r0, r0, #4
add r1, r1, #4
subs r2, r2, #4
bne 4b
ldr r0, =loader_creatingatags ; "creating atags\r\n"
bl uart2_send_string
ldr r0, =0xc0020000
mov r1, #5
str r1, [r0]
add r0, r0, #4
ldr r1, =0x54410001
str r1, [r0]
add r0, r0, #4
mov r1, #0
str r1, [r0]
add r0, r0, #4
str r1, [r0]
add r0, r0, #4
mov r1, #0x100
str r1, [r0]
add r0, r0, #4
mov r1, #4
str r1, [r0]
add r0, r0, #4
ldr r1, =0x54410002
str r1, [r0]
add r0, r0, #4
mov r1, r10
str r1, [r0]
add r0, r0, #4
ldr r1, =0xc0000000
str r1, [r0]
add r0, r0, #4
mov r1, #5
str r1, [r0]
add r0, r0, #4
ldr r1, =0x54410004
str r1, [r0]
add r0, r0, #4
mov r1, #0
str r1, [r0]
add r0, r0, #4
ldr r1, =0x1000
str r1, [r0]
add r0, r0, #4
mov r1, #0
str r1, [r0]
add r0, r0, #4
mov r1, #4
str r1, [r0]
add r0, r0, #4
ldr r1, =0x54420005
str r1, [r0]
add r0, r0, #4
ldr r1, =0xc0700000
str r1, [r0]
add r0, r0, #4
ldr r1, =0x170000
str r1, [r0]
add r0, r0, #4
mov r1, #0
str r1, [r0]
add r0, r0, #4
ldr r1, =0
str r1, [r0]
add r0, r0, #4
ldr r0, =loader_bootinglinux ; "booting linux\r\n"
bl uart2_send_string
ldr r4, =0xc0028000
mov r0, #0
mov r1, #0x83
mov pc, r4
uart2_send_string:
stmfd sp!, {lr}
mov r3, r0
0:
ldrb r0, [r3]
cmp r0, #0
beq 1f
bl uart2_send_char
add r3, r3, #1
b 0b
1:
ldmfd sp!, {pc}
uart2_send_char:
mov r1, #0x80001000
1:
ldr r2, [r1, #0x140]
tst r2, #0x800000 ; SYSYFLG2.UTX2FF
bne 1b
str r0, [r1, #0x480]
ret
uart2_print_hex:
stmfd sp!, {lr}
and r0, r0, #0xf
cmp r0, #9
bls 1f
sub r0, r0, #0xa
add r0, r0, #0x41
b 2f
1:
add r0, r0, #0x30
2:
bl uart2_send_char
ldmfd sp!, {pc}
uart2_print_ulong:
stmfd sp!, {lr}
mov r5, r0
mov r0, #0x20 ; ' '
bl uart2_send_char
mov r0, #0x20 ; ' '
bl uart2_send_char
mov r0, #0x30 ; '0'
bl uart2_send_char
mov r0, #0x78 ; 'x'
bl uart2_send_char
mov r0, r5, lsr #28
bl uart2_print_hex
mov r0, r5, lsr #24
bl uart2_print_hex
mov r0, r5, lsr #20
bl uart2_print_hex
mov r0, r5, lsr #16
bl uart2_print_hex
mov r0, r5, lsr #12
bl uart2_print_hex
mov r0, r5, lsr #8
bl uart2_print_hex
mov r0, r5, lsr #4
bl uart2_print_hex
mov r0, r5
bl uart2_print_hex
mov r0, r5
ldmfd sp!, {pc}
align 8
byte_820: dcb 0xff
byte_821: dcb 0xff
.align
loader_aeronix7312boo: .asciz "Aeronix 7312 BootLoader\r\n with ZipitPet mods (1.16)\r\n"
loader_sizingmemory: .asciz "Sizing Memory...\r\n"
loader_nomemorydetect: .asciz "No Memory Detected - System Halted!!\r\n"
loader_sdram256mbit16: .asciz "SDRAM: 256Mbit, 16MB x 16\r\n"
loader_sdram256mbit32: .asciz "SDRAM: 256Mbit, 32MB x 8\r\n"
loader_sdram64mbit4mb: .asciz "SDRAM: 64Mbit, 4MB x 16\r\n"
loader_sdram128mbit8m: .asciz "SDRAM: 64Mbit, 8MB x 8\r\n"
loader_memorywidth32b: .asciz "Memory Width: 32 bits\r\n"
loader_memorywidth16b: .asciz "Memory Width: 16 bits\r\n"
loader_memorysize: .asciz "Memory Size: "
loader_megs: .asciz " Megs\r\n"
loader_clearingmemory: .asciz "Clearing Memory\r\n"
loader_copyingramdisk: .asciz "Copying Ramdisk\r\n"
loader_copyingkernel: .asciz "Copying Kernel\r\n"
loader_creatingatags: .asciz "Creating ATAGS\r\n"
loader_bootinglinux: .asciz "Booting Linux\r\n"
end