.file "phatpatch-0.7.1.c" .section .rodata.str1.4,"aMS",%progbits,1 .align 2 .LC0: .ascii "Finding patch offsets:\000" .align 2 .LC1: .ascii "ERROR: Unable to verify patch offsets\000" .align 2 .LC2: .ascii "Verified standard patch offsets\000" .align 2 .LC3: .ascii "Verified volvo patch offsets\000" .text .align 2 .global chose_patches .type chose_patches, %function chose_patches: @ args = 0, pretend = 0, frame = 0 @ frame_needed = 0, uses_anonymous_args = 0 stmfd sp!, {r4, lr} mov r4, r0 ldr r0, .L22 bl puts mov r0, #0 bl fflush ldr r3, .L22+4 mov r2, #9 str r2, [r3, #0] ldr r0, .L22+8 .L2: ldr r3, [r0, #4] bic r1, r3, #1 ldrh r2, [r4, r1] ldrh r3, [r0, #8] cmp r3, r2 add ip, r4, r1 bne .L3 ldrh r2, [ip, #2] ldrh r3, [r0, #10] cmp r3, r2 beq .L5 .L3: ldrh r2, [r4, r1] ldrh r3, [r0, #12] cmp r3, r2 bne .L6 ldrh r2, [ip, #2] ldrh r3, [r0, #14] cmp r3, r2 bne .L6 .L5: ldr r3, .L22+12 add r0, r0, #16 cmp r0, r3 beq .L20 b .L2 .L6: ldr r3, .L22+4 mov r2, #9 str r2, [r3, #0] ldr r0, .L22+16 .L9: ldr r3, [r0, #4] bic r1, r3, #1 ldrh r2, [r4, r1] ldrh r3, [r0, #8] cmp r3, r2 add ip, r4, r1 bne .L10 ldrh r2, [ip, #2] ldrh r3, [r0, #10] cmp r3, r2 beq .L12 .L10: ldrh r2, [r4, r1] ldrh r3, [r0, #12] cmp r3, r2 bne .L13 ldrh r2, [ip, #2] ldrh r3, [r0, #14] cmp r3, r2 bne .L13 .L12: ldr r3, .L22+20 add r0, r0, #16 cmp r0, r3 beq .L21 b .L9 .L13: ldr r0, .L22+24 bl puts mov r0, #1 bl exit .L20: ldr r0, .L22+28 bl puts ldr r0, .L22+8 ldmfd sp!, {r4, pc} .L21: ldr r0, .L22+32 bl puts ldr r0, .L22+16 ldmfd sp!, {r4, pc} .L23: .align 2 .L22: .word .LC0 .word num_patches .word standard_patches .word standard_patches+144 .word volvo_patches .word volvo_patches+144 .word .LC1 .word .LC2 .word .LC3 .size chose_patches, .-chose_patches .section .rodata.str1.4 .align 2 .LC4: .ascii "PhatPatch v0.7.1 - original code by bushing, additi" .ascii "onal patches by sbingner\000" .align 2 .LC5: .ascii "Usage: phatpatch OPT ARG\012\011OPTS:\012\011\011p " .ascii "= Patch flash\012\011\011v = Verify patched flash\012" .ascii "\011\011s filename = save flash to filename\000" .align 2 .LC6: .ascii "/dev/mem\000" .align 2 .LC7: .ascii "Can not open /dev/mem\000" .align 2 .LC8: .ascii "Error MMAP /dev/mem\000" .align 2 .LC9: .ascii "Error: provide name of file to save flash to\000" .align 2 .LC10: .ascii "Saving current flash.\000" .align 2 .LC11: .ascii "Can not create /dos/Data/flash.rom\000" .align 2 .LC12: .ascii "first 2 words of flash=%04x %04x\012\000" .align 2 .LC13: .ascii "testing offsets 0x555 and 0x2aa\000" .align 2 .LC14: .ascii "writing auto-id command (AA, 55, 90)\000" .align 2 .LC15: .ascii "Flash chip reports manufacturer id=%04x, device id=" .ascii "%04x\012\000" .align 2 .LC16: .ascii "offsets 0x555 and 0x2aa verified\000" .align 2 .LC17: .ascii "testing offsets 0x5555 and 0x2aaa\000" .align 2 .LC18: .ascii "offsets 0x5555 and 0x2aaa verified\000" .align 2 .LC19: .ascii "Error: unable to unlock flash\000" .align 2 .LC20: .ascii "Resetting flash.\000" .align 2 .LC21: .ascii "Testing patch locations:\000" .align 2 .LC22: .ascii "Patch %d @ %04x: %s\012\000" .align 2 .LC23: .ascii "Expected: %04x %04x Actual: %04x %04x\012\000" .align 2 .LC24: .ascii "Match! Programming...\000" .align 2 .LC25: .ascii "Waiting...\000" .align 2 .LC26: .ascii "Wrote %04x\012\000" .align 2 .LC27: .ascii "Detected patch %d already applied\012\000" .align 2 .LC28: .ascii "Mismatch!\000" .align 2 .LC29: .ascii "Verifying:\000" .align 2 .LC30: .ascii "Verified!\000" .align 2 .LC31: .ascii "Unverified!\000" .align 2 .LC32: .ascii "Invalid option\000" .text .align 2 .global main .type main, %function main: @ args = 0, pretend = 0, frame = 0 @ frame_needed = 0, uses_anonymous_args = 0 stmfd sp!, {r4, r5, r6, r7, r8, sl, lr} mov r4, r0 sub sp, sp, #8 ldr r0, .L89 mov r6, r1 bl puts cmp r4, #1 bgt .L25 ldr r0, .L89+4 bl puts mvn r0, #0 b .L85 .L25: ldr r0, .L89+8 ldr r1, .L89+12 bl open subs ip, r0, #0 bge .L27 ldr r0, .L89+16 .L87: bl perror .L86: mov r0, #1 .L85: bl exit .L27: mov r7, #0 mov r0, r7 mov r1, #131072 mov r2, #3 mov r3, #1 str ip, [sp, #0] str r7, [sp, #4] bl mmap cmn r0, #1 mov r5, r0 ldreq r0, .L89+20 beq .L87 ldr r3, [r6, #4] ldrb r3, [r3, #0] @ zero_extendqisi2 cmp r3, #115 beq .L33 cmp r3, #118 beq .L34 cmp r3, #112 bne .L79 b .L32 .L33: cmp r4, #2 bne .L35 ldr r0, .L89+24 bl puts b .L88 .L35: ldr r0, .L89+28 bl puts ldr r0, [r6, #8] ldr r1, .L89+32 bl open subs r4, r0, #0 bge .L37 ldr r0, .L89+36 bl perror .L88: mov r0, r5 mov r1, #131072 bl munmap b .L86 .L37: mov r1, r5 mov r2, #131072 bl write mov r0, r4 bl close b .L84 .L32: cmp r4, #3 movne sl, #100 bne .L42 ldr r0, [r6, #8] bl atoi mov sl, r0 .L42: mov r0, r5 bl chose_patches ldrh r3, [r5, #0] ldrh r2, [r5, #4] mov r1, r3 mov r7, r0 ldr r0, .L89+40 mov r4, r3 mov r6, r2 bl printf ldr r0, .L89+44 bl puts ldr r0, .L89+48 bl puts mov r0, #0 bl fflush ldr r2, .L89+52 mov r1, #170 @ movhi ldr r3, .L89+56 strh r1, [r5, r2] @ movhi mov r1, #85 @ movhi strh r1, [r5, r3] @ movhi mov r3, #144 @ movhi strh r3, [r5, r2] @ movhi ldrh r3, [r5, #0] cmp r4, r3 bne .L43 ldrh r3, [r5, #4] cmp r6, r3 beq .L45 .L43: ldrh r1, [r5, #0] ldr r0, .L89+60 ldrh r2, [r5, #4] bl printf ldr r0, .L89+64 bl puts ldr r6, .L89+68 ldr r4, .L89+72 b .L46 .L45: ldr r0, .L89+76 bl puts ldr r0, .L89+48 bl puts mov r0, #0 bl fflush ldr r3, .L89+80 mov r1, #170 @ movhi ldr r2, .L89+84 strh r1, [r5, r3] @ movhi mov r1, #85 @ movhi strh r1, [r5, r2] @ movhi mov r2, #144 @ movhi strh r2, [r5, r3] @ movhi ldrh r3, [r5, #0] cmp r4, r3 bne .L47 ldrh r3, [r5, #4] cmp r6, r3 beq .L49 .L47: ldrh r1, [r5, #0] ldr r0, .L89+60 ldrh r2, [r5, #4] bl printf ldr r0, .L89+88 bl puts ldr r6, .L89+92 ldr r4, .L89+96 b .L46 .L49: ldr r0, .L89+100 bl puts b .L86 .L46: mov r0, #0 bl fflush ldr r0, .L89+104 bl puts mov r0, #0 bl fflush mov r3, #240 @ movhi strh r3, [r5, #0] @ movhi ldr r0, .L89+108 bl puts mov r0, #0 bl fflush add r8, r5, r4, asl #2 add r6, r5, r6, asl #2 mov r4, r7 mov r7, #0 b .L50 .L51: cmp r7, sl bge .L52 add r7, r7, #1 mov r1, r7 ldr r2, [r4, #4] ldr r3, [r4, #0] ldr r0, .L89+112 bl printf mov r0, #0 bl fflush ldr r0, [r4, #4] bic r0, r0, #1 ldrh r3, [r5, r0] add r0, r5, r0 ldrh ip, [r0, #2] ldrh r1, [r4, #8] ldrh r2, [r4, #10] ldr r0, .L89+116 str ip, [sp, #0] bl printf mov r0, #0 bl fflush ldr r3, [r4, #4] bic r1, r3, #1 ldrh r2, [r5, r1] ldrh r3, [r4, #8] cmp r3, r2 add r0, r5, r1 bne .L54 ldrh r2, [r0, #2] ldrh r3, [r4, #10] cmp r3, r2 bne .L54 ldr r0, .L89+120 bl puts mov r0, #0 bl fflush ldrh r2, [r4, #8] ldrh r3, [r4, #12] cmp r2, r3 beq .L57 mov r1, #170 @ movhi mov r2, #85 @ movhi mov r3, #160 @ movhi strh r1, [r6, #0] @ movhi strh r2, [r8, #0] @ movhi strh r3, [r6, #0] @ movhi ldr r3, [r4, #4] ldrh r2, [r4, #12] bic r3, r3, #1 strh r2, [r5, r3] @ movhi mov r0, #2 bl sleep b .L80 .L60: ldr r0, .L89+124 bl puts .L80: mov r0, #0 bl fflush ldr r3, [r4, #4] bic r3, r3, #1 ldrh r3, [r5, r3] ldrh r1, [r4, #12] cmp r1, r3 bne .L60 ldr r0, .L89+128 bl printf .L57: ldrh r2, [r4, #10] ldrh r3, [r4, #14] cmp r2, r3 beq .L62 mov r1, #170 @ movhi strh r1, [r6, #0] @ movhi mov r2, #85 @ movhi mov r1, #160 @ movhi strh r2, [r8, #0] @ movhi ldr r3, [r4, #4] strh r1, [r6, #0] @ movhi bic r3, r3, #1 ldrh r2, [r4, #14] add r3, r5, r3 strh r2, [r3, #2] @ movhi mov r0, #2 bl sleep b .L81 .L65: ldr r0, .L89+124 bl puts .L81: mov r0, #0 bl fflush ldr r3, [r4, #4] bic r3, r3, #1 add r3, r5, r3 ldrh r3, [r3, #2] ldrh r1, [r4, #14] cmp r1, r3 bne .L65 ldr r0, .L89+128 bl printf b .L62 .L54: ldrh r2, [r0, #0] ldrh r3, [r4, #12] cmp r3, r2 bne .L67 add r3, r5, r1 ldrh r2, [r3, #2] ldrh r3, [r4, #14] cmp r3, r2 bne .L67 mov r1, r7 ldr r0, .L89+132 bl printf b .L70 .L67: ldr r0, .L89+136 bl puts .L70: mov r0, #0 bl fflush .L62: mov r0, #2 bl sleep add r4, r4, #16 .L50: ldr r3, .L89+140 ldr r3, [r3, #0] cmp r7, r3 blt .L51 b .L52 .L34: bl chose_patches mov r4, r0 ldr r0, .L89+144 bl puts mov r0, #0 bl fflush mov r7, #0 mov r6, r7 b .L71 .L72: add r6, r6, #1 mov r1, r6 ldr r2, [r4, #4] ldr r3, [r4, #0] ldr r0, .L89+112 bl printf mov r0, #0 bl fflush ldr r0, [r4, #4] bic r0, r0, #1 ldrh r3, [r5, r0] add r0, r5, r0 ldrh ip, [r0, #2] ldrh r1, [r4, #12] ldrh r2, [r4, #14] ldr r0, .L89+116 str ip, [sp, #0] bl printf mov r0, #0 bl fflush ldr r3, [r4, #4] bic r3, r3, #1 ldrh r1, [r5, r3] ldrh r2, [r4, #12] cmp r2, r1 add r3, r5, r3 bne .L73 ldrh r2, [r3, #2] ldrh r3, [r4, #14] cmp r3, r2 ldreq r0, .L89+148 beq .L82 .L73: ldr r0, .L89+152 add r7, r7, #1 .L82: bl puts add r4, r4, #16 .L71: ldr r3, .L89+140 ldr r3, [r3, #0] cmp r6, r3 blt .L72 b .L84 .L79: ldr r0, .L89+156 bl puts .L84: mov r4, r7 b .L39 .L52: mov r4, #0 .L39: mov r0, r5 mov r1, #131072 bl munmap mov r0, r4 add sp, sp, #8 ldmfd sp!, {r4, r5, r6, r7, r8, sl, pc} .L90: .align 2 .L89: .word .LC4 .word .LC5 .word .LC6 .word 4098 .word .LC7 .word .LC8 .word .LC9 .word .LC10 .word 4162 .word .LC11 .word .LC12 .word .LC13 .word .LC14 .word 5460 .word 2728 .word .LC15 .word .LC16 .word 1365 .word 682 .word .LC17 .word 87380 .word 43688 .word .LC18 .word 21845 .word 10922 .word .LC19 .word .LC20 .word .LC21 .word .LC22 .word .LC23 .word .LC24 .word .LC25 .word .LC26 .word .LC27 .word .LC28 .word num_patches .word .LC29 .word .LC30 .word .LC31 .word .LC32 .size main, .-main .global volvo_patches .section .rodata.str1.4 .align 2 .LC33: .ascii "make drive signature check always succeed: [bne ver" .ascii "ify_sig_failed -> bne PC+1]\000" .align 2 .LC34: .ascii "make rc.sh signature check always succeed: [bne ver" .ascii "ify_sig_failed -> bne PC+1]\000" .align 2 .LC35: .ascii "make phatd signature check always succeed: [bne ver" .ascii "ify_sig_failed -> bne PC+1]\000" .align 2 .LC36: .ascii "make linux signature check always succeed: [bne ver" .ascii "ify_sig_failed -> bne PC+1]\000" .align 2 .LC37: .ascii "make ramdisk invalid signature return 0 instead of " .ascii "0xFFFFFFFF: [movlne r0, 0xFFFFFFFF -> movlne r0, #0" .ascii "]\000" .align 2 .LC38: .ascii "make ramdisk signature check verify 0 instead of 1:" .ascii " [cmp r0, #1 -> cmp r0, #0]\000" .align 2 .LC39: .ascii "make ramdisk valid signature return 0 instead of 1:" .ascii " [moveq r0, #1 -> moveq r0, #0]\000" .align 2 .LC40: .ascii "don't try to read ramdisk.sig (boot without any .si" .ascii "g files): [bl sector_read_suzy -> bl PC+1]\000" .align 2 .LC41: .ascii "don't try to read linux.sig (boot without any .sig " .ascii "files): [bl sector_read_suzy -> bl PC+1]\000" .data .align 2 .type volvo_patches, %object .size volvo_patches, 144 volvo_patches: .word .LC33 .word 3472 .short 51 .short 6656 .short 0 .short 6656 .word .LC34 .word 3524 .short 38 .short 6656 .short 0 .short 6656 .word .LC35 .word 3576 .short 25 .short 6656 .short 0 .short 6656 .word .LC36 .word 3628 .short 12 .short 6656 .short 0 .short 6656 .word .LC37 .word 1308 .short 0 .short 5088 .short 0 .short 5024 .word .LC38 .word 3672 .short 1 .short -7344 .short 0 .short -7344 .word .LC39 .word 1312 .short 1 .short 928 .short 0 .short 928 .word .LC40 .word 1268 .short 736 .short -5376 .short 0 .short -5376 .word .LC41 .word 1120 .short 773 .short -5376 .short 0 .short -5376 .global standard_patches .align 2 .type standard_patches, %object .size standard_patches, 144 standard_patches: .word .LC33 .word 3000 .short 51 .short 6656 .short 0 .short 6656 .word .LC34 .word 3052 .short 38 .short 6656 .short 0 .short 6656 .word .LC35 .word 3104 .short 25 .short 6656 .short 0 .short 6656 .word .LC36 .word 3156 .short 12 .short 6656 .short 0 .short 6656 .word .LC37 .word 852 .short 0 .short 5088 .short 0 .short 5024 .word .LC38 .word 3200 .short 1 .short -7344 .short 0 .short -7344 .word .LC39 .word 856 .short 1 .short 928 .short 0 .short 928 .word .LC40 .word 816 .short 731 .short -5376 .short 0 .short -5376 .word .LC41 .word 704 .short 759 .short -5376 .short 0 .short -5376 .comm num_patches,4,4 .ident "GCC: (GNU) 4.1.2"