.file "phatpatch-0.3.c" .section .rodata.str1.4,"aMS",%progbits,1 .align 2 .LC0: .ascii "/dev/mem\000" .align 2 .LC1: .ascii "Can not open /dev/mem\000" .align 2 .LC2: .ascii "Error MMAP /dev/mem\000" .align 2 .LC3: .ascii "PhatPatch v0.3 - original code by bushing, addition" .ascii "al patches by sbingner\000" .align 2 .LC4: .ascii "first 2 words of flash=%04x %04x\012\000" .align 2 .LC5: .ascii "writing auto-id command (AA, 55, 90)\000" .align 2 .LC6: .ascii "Flash chip reports manufacturer id=%04x, device id=" .ascii "%04x\012\000" .align 2 .LC7: .ascii "Resetting flash.\000" .align 2 .LC8: .ascii "Saving current flash.\000" .align 2 .LC9: .ascii "/dos/Data/flash.rom\000" .align 2 .LC10: .ascii "Can not create /dos/Data/flash.rom\012\000" .align 2 .LC11: .ascii "Testing patch locations:\000" .align 2 .LC12: .ascii "Patch %d @ %04x: %s\012\000" .align 2 .LC13: .ascii "Expected: %04x %04x Actual: %04x %04x\012\000" .align 2 .LC14: .ascii "Match! Programming...\000" .align 2 .LC15: .ascii "Waiting...\000" .align 2 .LC16: .ascii "Wrote %04x\012\000" .align 2 .LC17: .ascii "Mismatch!\000" .align 2 .LC18: .ascii "Verifying:\000" .align 2 .LC19: .ascii "Verified!\000" .align 2 .LC20: .ascii "Unverified!\000" .text .align 2 .global main .type main, %function main: @ args = 0, pretend = 0, frame = 0 @ frame_needed = 0, uses_anonymous_args = 0 stmfd sp!, {r4, r5, r6, r7, r8, lr} ldr r0, .L36 sub sp, sp, #8 ldr r1, .L36+4 bl open subs ip, r0, #0 ldrlt r0, .L36+8 blt .L35 mov r6, #0 mov r0, r6 mov r1, #131072 mov r2, #3 mov r3, #1 str ip, [sp, #0] str r6, [sp, #4] bl mmap cmn r0, #1 mov r4, r0 bne .L4 ldr r0, .L36+12 .L35: bl perror mov r0, #1 bl exit .L4: ldr r0, .L36+16 bl puts ldrh r1, [r4, #0] ldr r0, .L36+20 ldrh r2, [r4, #4] bl printf ldr r0, .L36+24 bl puts mov r0, r6 bl fflush ldr r2, .L36+28 mov r1, #170 @ movhi ldr r3, .L36+32 strh r1, [r4, r2] @ movhi mov r1, #85 @ movhi strh r1, [r4, r3] @ movhi mov r3, #144 @ movhi strh r3, [r4, r2] @ movhi ldr r0, .L36+36 ldrh r1, [r4, #0] ldrh r2, [r4, #4] bl printf mov r0, r6 bl fflush ldr r0, .L36+40 bl puts mov r0, r6 bl fflush mov r1, #240 @ movhi strh r1, [r4, #0] @ movhi ldr r0, .L36+44 bl puts ldr r0, .L36+48 ldr r1, .L36+52 bl open add r7, r4, #5440 add r8, r4, #2720 subs r5, r0, #0 add r7, r7, #20 add r8, r8, #8 ldrlt r0, .L36+56 blt .L35 mov r1, r4 mov r2, #131072 bl write mov r0, r5 bl close ldr r0, .L36+60 bl puts mov r0, r6 bl fflush ldr r5, .L36+64 .L8: add r6, r6, #1 mov r1, r6 ldr r2, [r5, #4] ldr r3, [r5, #0] ldr r0, .L36+68 bl printf mov r0, #0 bl fflush ldr r0, [r5, #4] bic r0, r0, #1 ldrh r3, [r4, r0] add r0, r4, r0 ldrh ip, [r0, #2] ldrh r1, [r5, #8] ldrh r2, [r5, #10] ldr r0, .L36+72 str ip, [sp, #0] bl printf mov r0, #0 bl fflush ldr r3, [r5, #4] bic r3, r3, #1 ldrh r1, [r4, r3] ldrh r2, [r5, #8] cmp r2, r1 add r3, r4, r3 bne .L9 ldrh r2, [r3, #2] ldrh r3, [r5, #10] cmp r3, r2 bne .L9 ldr r0, .L36+76 bl puts mov r0, #0 bl fflush ldrh r2, [r5, #8] ldrh r3, [r5, #12] cmp r2, r3 beq .L12 mov r2, #170 @ movhi mov r3, #85 @ movhi mov r1, #160 @ movhi strh r2, [r7, #0] @ movhi strh r3, [r8, #0] @ movhi strh r1, [r7, #0] @ movhi ldr r3, [r5, #4] ldrh r2, [r5, #12] bic r3, r3, #1 strh r2, [r4, r3] @ movhi b .L14 .L15: ldr r0, .L36+80 bl puts mov r0, #0 bl fflush .L14: ldr r3, [r5, #4] bic r3, r3, #1 ldrh r3, [r4, r3] ldrh r1, [r5, #12] cmp r1, r3 bne .L15 ldr r0, .L36+84 bl printf mov r0, #0 bl fflush .L12: ldrh r2, [r5, #10] ldrh r3, [r5, #14] cmp r2, r3 beq .L17 mov r2, #170 @ movhi strh r2, [r7, #0] @ movhi mov r1, #85 @ movhi mov r2, #160 @ movhi strh r1, [r8, #0] @ movhi ldr r3, [r5, #4] strh r2, [r7, #0] @ movhi bic r3, r3, #1 ldrh r2, [r5, #14] add r3, r4, r3 strh r2, [r3, #2] @ movhi ldr r0, .L36+84 ldrh r1, [r5, #14] bl printf b .L33 .L20: ldr r0, .L36+80 bl puts .L33: mov r0, #0 bl fflush ldr r3, [r5, #4] bic r3, r3, #1 add r3, r4, r3 ldrh r2, [r3, #2] ldrh r3, [r5, #14] cmp r3, r2 bne .L20 b .L17 .L9: ldr r0, .L36+88 bl puts mov r0, #0 bl fflush .L17: mov r0, #2 bl sleep cmp r6, #7 add r5, r5, #16 bne .L8 ldr r0, .L36+92 bl puts mov r0, #0 bl fflush ldr r5, .L36+64 mov r6, #0 .L22: add r6, r6, #1 mov r1, r6 ldr r2, [r5, #4] ldr r3, [r5, #0] ldr r0, .L36+68 bl printf mov r0, #0 bl fflush ldr r0, [r5, #4] bic r0, r0, #1 ldrh r3, [r4, r0] add r0, r4, r0 ldrh ip, [r0, #2] ldrh r1, [r5, #12] ldrh r2, [r5, #14] ldr r0, .L36+72 str ip, [sp, #0] bl printf mov r0, #0 bl fflush ldr r3, [r5, #4] bic r3, r3, #1 ldrh r1, [r4, r3] ldrh r2, [r5, #12] cmp r2, r1 add r3, r4, r3 bne .L23 ldrh r2, [r3, #2] ldrh r3, [r5, #14] cmp r3, r2 ldreq r0, .L36+96 beq .L34 .L23: ldr r0, .L36+100 .L34: bl puts cmp r6, #7 add r5, r5, #16 bne .L22 mov r0, r4 mov r1, #131072 bl munmap mov r0, #0 add sp, sp, #8 ldmfd sp!, {r4, r5, r6, r7, r8, pc} .L37: .align 2 .L36: .word .LC0 .word 4098 .word .LC1 .word .LC2 .word .LC3 .word .LC4 .word .LC5 .word 5460 .word 2728 .word .LC6 .word .LC7 .word .LC8 .word .LC9 .word 4162 .word .LC10 .word .LC11 .word patches .word .LC12 .word .LC13 .word .LC14 .word .LC15 .word .LC16 .word .LC17 .word .LC18 .word .LC19 .word .LC20 .size main, .-main .global patches .section .rodata.str1.4 .align 2 .LC21: .ascii "make drive signature check always succeed: [bne ver" .ascii "ify_sig_failed -> bne PC+1]\000" .align 2 .LC22: .ascii "make rc.sh signature check always succeed: [bne ver" .ascii "ify_sig_failed -> bne PC+1]\000" .align 2 .LC23: .ascii "make phatd signature check always succeed: [bne ver" .ascii "ify_sig_failed -> bne PC+1]\000" .align 2 .LC24: .ascii "make linux signature check always succeed: [bne ver" .ascii "ify_sig_failed -> bne PC+1]\000" .align 2 .LC25: .ascii "make ramdisk invalid signature return 0 instead of " .ascii "0xFFFFFFFF: [movlne r0, 0xFFFFFFFF -> movlne r0, #0" .ascii "]\000" .align 2 .LC26: .ascii "make ramdisk signature check verify 0 instead of 1:" .ascii " [cmp r0, #1 -> cmp r0, #0]\000" .align 2 .LC27: .ascii "make ramdisk valid signature return 0 instead of 1:" .ascii " [moveq r0, #1 -> moveq r0, #0]\000" .data .align 2 .type patches, %object .size patches, 112 patches: .word .LC21 .word 3000 .short 51 .short 6656 .short 0 .short 6656 .word .LC22 .word 3052 .short 38 .short 6656 .short 0 .short 6656 .word .LC23 .word 3104 .short 25 .short 6656 .short 0 .short 6656 .word .LC24 .word 3156 .short 12 .short 6656 .short 0 .short 6656 .word .LC25 .word 852 .short 0 .short 5088 .short 0 .short 5024 .word .LC26 .word 3200 .short 1 .short -7344 .short 0 .short -7344 .word .LC27 .word 856 .short 1 .short 928 .short 0 .short 928 .ident "GCC: (GNU) 4.1.2"