.file "phatpatch-0.8.c" .text .align 2 .global write_word .type write_word, %function write_word: @ args = 4, pretend = 0, frame = 0 @ frame_needed = 0, uses_anonymous_args = 0 stmfd sp!, {r4, lr} and ip, r0, #32768 mov r0, r0, asl #17 and lr, r1, #32768 mov r0, r0, lsr #17 mov r1, r1, asl #17 mov ip, ip, lsr #15 mov r1, r1, lsr #17 orr ip, ip, r0, asl #1 mov lr, lr, lsr #15 orr lr, lr, r1, asl #1 mov ip, ip, asl #1 mov r4, #170 @ movhi ldrh r0, [sp, #8] mov r3, r3, asl #1 strh r4, [r2, ip] @ movhi mov lr, lr, asl #1 mov r4, #85 @ movhi strh r4, [r2, lr] @ movhi add r1, r2, r3 mov lr, #160 @ movhi strh lr, [r2, ip] @ movhi strh r0, [r2, r3] @ movhi b .L2 .L3: ldrh r3, [r1, #0] tst r3, #32 beq .L2 ldrh r3, [r1, #0] mov r3, r3, lsr #7 and r3, r3, #1 cmp r3, r2 mvnne r3, r0 ldreqh r3, [r1, #0] movne r3, r3, asl #16 moveq r0, r3 movne r0, r3, lsr #16 ldmfd sp!, {r4, pc} .L2: ldrh r3, [r1, #0] mov r2, r0, lsr #7 mov r3, r3, lsr #7 and r2, r2, #1 and r3, r3, #1 cmp r3, r2 bne .L3 ldrh r3, [r1, #0] mov r0, r3 ldmfd sp!, {r4, pc} .size write_word, .-write_word .section .rodata.str1.4,"aMS",%progbits,1 .align 2 .LC0: .ascii "Finding patch offsets:\000" .align 2 .LC1: .ascii "ERROR: Unable to verify patch offsets\000" .align 2 .LC2: .ascii "Verified standard patch offsets\000" .align 2 .LC3: .ascii "Verified volvo patch offsets\000" .text .align 2 .global chose_patches .type chose_patches, %function chose_patches: @ args = 0, pretend = 0, frame = 0 @ frame_needed = 0, uses_anonymous_args = 0 stmfd sp!, {r4, lr} mov r4, r0 ldr r0, .L33 bl puts ldr r3, .L33+4 mov r2, #9 str r2, [r3, #0] ldr r0, .L33+8 .L13: ldr r3, [r0, #4] bic r1, r3, #1 ldrh r2, [r4, r1] ldrh r3, [r0, #8] cmp r3, r2 add ip, r4, r1 bne .L14 ldrh r2, [ip, #2] ldrh r3, [r0, #10] cmp r3, r2 beq .L16 .L14: ldrh r2, [r4, r1] ldrh r3, [r0, #12] cmp r3, r2 bne .L17 ldrh r2, [ip, #2] ldrh r3, [r0, #14] cmp r3, r2 bne .L17 .L16: ldr r3, .L33+12 add r0, r0, #16 cmp r0, r3 beq .L31 b .L13 .L17: ldr r3, .L33+4 mov r2, #9 str r2, [r3, #0] ldr r0, .L33+16 .L20: ldr r3, [r0, #4] bic r1, r3, #1 ldrh r2, [r4, r1] ldrh r3, [r0, #8] cmp r3, r2 add ip, r4, r1 bne .L21 ldrh r2, [ip, #2] ldrh r3, [r0, #10] cmp r3, r2 beq .L23 .L21: ldrh r2, [r4, r1] ldrh r3, [r0, #12] cmp r3, r2 bne .L24 ldrh r2, [ip, #2] ldrh r3, [r0, #14] cmp r3, r2 bne .L24 .L23: ldr r3, .L33+20 add r0, r0, #16 cmp r0, r3 beq .L32 b .L20 .L24: ldr r0, .L33+24 bl puts mov r0, #1 bl exit .L31: ldr r0, .L33+28 bl puts ldr r0, .L33+8 ldmfd sp!, {r4, pc} .L32: ldr r0, .L33+32 bl puts ldr r0, .L33+16 ldmfd sp!, {r4, pc} .L34: .align 2 .L33: .word .LC0 .word num_patches .word standard_patches .word standard_patches+144 .word volvo_patches .word volvo_patches+144 .word .LC1 .word .LC2 .word .LC3 .size chose_patches, .-chose_patches .section .rodata.str1.4 .align 2 .LC4: .ascii "PhatPatch v0.8 - original code by bushing, addition" .ascii "al patches by sbingner\000" .align 2 .LC5: .ascii "Usage: phatpatch OPT ARG\012\011OPTS:\012\011\011p " .ascii "= Patch flash\012\011\011v = Verify patched flash\012" .ascii "\011\011s filename = save flash to filename\000" .align 2 .LC6: .ascii "/dev/mem\000" .align 2 .LC7: .ascii "Can not open /dev/mem\000" .align 2 .LC8: .ascii "Error MMAP /dev/mem\000" .align 2 .LC9: .ascii "Error: provide name of file to save flash to\000" .align 2 .LC10: .ascii "Saving current flash.\000" .align 2 .LC11: .ascii "Can not create /dos/Data/flash.rom\000" .align 2 .LC12: .ascii "first 2 words of flash=%04x %04x\012\000" .align 2 .LC13: .ascii "testing offsets 0x555 and 0x2aa\000" .align 2 .LC14: .ascii "writing auto-id command (AA, 55, 90)\000" .align 2 .LC15: .ascii "Flash chip reports manufacturer id=%04x, device id=" .ascii "%04x\012\000" .align 2 .LC16: .ascii "offsets 0x555 and 0x2aa verified\000" .align 2 .LC17: .ascii "testing offsets 0x5555 and 0x2aaa\000" .align 2 .LC18: .ascii "offsets 0x5555 and 0x2aaa verified\000" .align 2 .LC19: .ascii "Error: unable to unlock flash\000" .align 2 .LC20: .ascii "Resetting flash.\000" .align 2 .LC21: .ascii "Testing patch locations:\000" .align 2 .LC22: .ascii "Patch %d @ %04x: %s\012\000" .align 2 .LC23: .ascii "Expected: %04x %04x Actual: %04x %04x\012\000" .align 2 .LC24: .ascii "Match! Programming...\000" .align 2 .LC25: .ascii "Wrote %04x\012\000" .align 2 .LC26: .ascii "Detected patch %d already applied\012\000" .align 2 .LC27: .ascii "Mismatch!\000" .align 2 .LC28: .ascii "Verifying:\000" .align 2 .LC29: .ascii "Verified!\000" .align 2 .LC30: .ascii "Unverified!\000" .align 2 .LC31: .ascii "Invalid option\000" .text .align 2 .global main .type main, %function main: @ args = 0, pretend = 0, frame = 0 @ frame_needed = 0, uses_anonymous_args = 0 stmfd sp!, {r4, r5, r6, r7, r8, r9, sl, lr} mov r4, r0 sub sp, sp, #8 ldr r0, .L94 mov r6, r1 bl puts cmp r4, #1 bgt .L36 ldr r0, .L94+4 bl puts mvn r0, #0 b .L90 .L36: ldr r0, .L94+8 ldr r1, .L94+12 bl open subs ip, r0, #0 bge .L38 ldr r0, .L94+16 .L92: bl perror .L91: mov r0, #1 .L90: bl exit .L38: mov r7, #0 mov r0, r7 mov r1, #131072 mov r2, #3 mov r3, #1 str ip, [sp, #0] str r7, [sp, #4] bl mmap cmn r0, #1 mov r5, r0 ldreq r0, .L94+20 beq .L92 ldr r3, [r6, #4] ldrb r3, [r3, #0] @ zero_extendqisi2 cmp r3, #115 beq .L44 cmp r3, #118 beq .L45 cmp r3, #112 bne .L85 b .L43 .L44: cmp r4, #2 bne .L46 ldr r0, .L94+24 bl puts b .L93 .L46: ldr r0, .L94+28 bl puts ldr r0, [r6, #8] ldr r1, .L94+32 bl open subs r4, r0, #0 bge .L48 ldr r0, .L94+36 bl perror .L93: mov r0, r5 mov r1, #131072 bl munmap b .L91 .L48: mov r1, r5 mov r2, #131072 bl write mov r0, r4 bl close b .L89 .L43: cmp r4, #3 movne r9, #100 bne .L53 ldr r0, [r6, #8] bl atoi mov r9, r0 .L53: mov r0, r5 bl chose_patches ldrh r3, [r5, #0] ldrh r2, [r5, #4] mov r1, r3 mov sl, r0 ldr r0, .L94+40 mov r4, r3 mov r6, r2 bl printf ldr r0, .L94+44 bl puts ldr r0, .L94+48 bl puts ldr r2, .L94+52 mov r1, #170 @ movhi ldr r3, .L94+56 strh r1, [r5, r2] @ movhi mov r1, #85 @ movhi strh r1, [r5, r3] @ movhi mov r3, #144 @ movhi strh r3, [r5, r2] @ movhi ldrh r3, [r5, #0] cmp r4, r3 bne .L54 ldrh r3, [r5, #4] cmp r6, r3 beq .L56 .L54: ldrh r1, [r5, #0] ldr r0, .L94+60 ldrh r2, [r5, #4] bl printf ldr r0, .L94+64 bl puts ldr r8, .L94+68 ldr r7, .L94+72 b .L57 .L56: ldr r0, .L94+76 bl puts ldr r0, .L94+48 bl puts ldr r3, .L94+80 mov r1, #170 @ movhi ldr r2, .L94+84 strh r1, [r5, r3] @ movhi mov r1, #85 @ movhi strh r1, [r5, r2] @ movhi mov r2, #144 @ movhi strh r2, [r5, r3] @ movhi ldrh r3, [r5, #0] cmp r4, r3 bne .L58 ldrh r3, [r5, #4] cmp r6, r3 beq .L60 .L58: ldrh r1, [r5, #0] ldr r0, .L94+60 ldrh r2, [r5, #4] bl printf ldr r0, .L94+88 bl puts ldr r8, .L94+92 ldr r7, .L94+96 b .L57 .L60: ldr r0, .L94+100 bl puts b .L91 .L57: ldr r0, .L94+104 bl puts mov r3, #240 @ movhi strh r3, [r5, #0] @ movhi ldr r0, .L94+108 bl puts mov r4, sl mov r6, #0 b .L61 .L62: cmp r6, r9 bge .L63 add r6, r6, #1 mov r1, r6 ldr r2, [r4, #4] ldr r3, [r4, #0] ldr r0, .L94+112 bl printf ldr r0, [r4, #4] bic r0, r0, #1 ldrh r3, [r5, r0] add r0, r5, r0 ldrh ip, [r0, #2] ldrh r1, [r4, #8] ldrh r2, [r4, #10] ldr r0, .L94+116 str ip, [sp, #0] bl printf ldr r3, [r4, #4] bic r1, r3, #1 ldrh r2, [r5, r1] ldrh r3, [r4, #8] cmp r3, r2 add r0, r5, r1 bne .L65 ldrh r2, [r0, #2] ldrh r3, [r4, #10] cmp r3, r2 bne .L65 ldr r0, .L94+120 bl puts ldrh ip, [r4, #12] ldrh r3, [r4, #8] cmp r3, ip beq .L68 ldr r3, [r4, #4] mov r1, r7 mov r3, r3, lsr #1 mov r0, r8 mov r2, r5 str ip, [sp, #0] bl write_word ldrh r1, [r4, #12] cmp r1, r0 ldreq r0, .L94+124 bleq printf .L68: ldrh ip, [r4, #14] ldrh r3, [r4, #10] cmp r3, ip beq .L71 ldr r3, [r4, #4] mov r3, r3, lsr #1 mov r1, r7 add r3, r3, #1 mov r0, r8 mov r2, r5 str ip, [sp, #0] bl write_word ldrh r1, [r4, #14] cmp r1, r0 ldreq r0, .L94+124 beq .L86 b .L71 .L65: ldrh r2, [r0, #0] ldrh r3, [r4, #12] cmp r3, r2 bne .L74 add r3, r5, r1 ldrh r2, [r3, #2] ldrh r3, [r4, #14] cmp r3, r2 bne .L74 ldr r0, .L94+128 mov r1, r6 .L86: bl printf b .L71 .L74: ldr r0, .L94+132 bl puts .L71: add r4, r4, #16 .L61: ldr r3, .L94+136 ldr r3, [r3, #0] cmp r6, r3 blt .L62 b .L63 .L45: bl chose_patches mov r4, r0 ldr r0, .L94+140 bl puts mov r7, #0 mov r6, r7 b .L77 .L78: add r6, r6, #1 mov r1, r6 ldr r2, [r4, #4] ldr r3, [r4, #0] ldr r0, .L94+112 bl printf ldr r0, [r4, #4] bic r0, r0, #1 ldrh r3, [r5, r0] add r0, r5, r0 ldrh ip, [r0, #2] ldrh r1, [r4, #12] ldrh r2, [r4, #14] ldr r0, .L94+116 str ip, [sp, #0] bl printf ldr r3, [r4, #4] bic r3, r3, #1 ldrh r1, [r5, r3] ldrh r2, [r4, #12] cmp r2, r1 add r3, r5, r3 bne .L79 ldrh r2, [r3, #2] ldrh r3, [r4, #14] cmp r3, r2 ldreq r0, .L94+144 beq .L87 .L79: ldr r0, .L94+148 add r7, r7, #1 .L87: bl puts add r4, r4, #16 .L77: ldr r3, .L94+136 ldr r3, [r3, #0] cmp r6, r3 blt .L78 b .L89 .L85: ldr r0, .L94+152 bl puts .L89: mov r4, r7 b .L50 .L63: mov r4, #0 .L50: mov r0, r5 mov r1, #131072 bl munmap mov r0, r4 add sp, sp, #8 ldmfd sp!, {r4, r5, r6, r7, r8, r9, sl, pc} .L95: .align 2 .L94: .word .LC4 .word .LC5 .word .LC6 .word 4098 .word .LC7 .word .LC8 .word .LC9 .word .LC10 .word 4162 .word .LC11 .word .LC12 .word .LC13 .word .LC14 .word 5460 .word 2728 .word .LC15 .word .LC16 .word 1365 .word 682 .word .LC17 .word 87380 .word 43688 .word .LC18 .word 21845 .word 10922 .word .LC19 .word .LC20 .word .LC21 .word .LC22 .word .LC23 .word .LC24 .word .LC25 .word .LC26 .word .LC27 .word num_patches .word .LC28 .word .LC29 .word .LC30 .word .LC31 .size main, .-main .global volvo_patches .section .rodata.str1.4 .align 2 .LC32: .ascii "make drive signature check always succeed: [bne ver" .ascii "ify_sig_failed -> bne PC+1]\000" .align 2 .LC33: .ascii "make rc.sh signature check always succeed: [bne ver" .ascii "ify_sig_failed -> bne PC+1]\000" .align 2 .LC34: .ascii "make phatd signature check always succeed: [bne ver" .ascii "ify_sig_failed -> bne PC+1]\000" .align 2 .LC35: .ascii "make linux signature check always succeed: [bne ver" .ascii "ify_sig_failed -> bne PC+1]\000" .align 2 .LC36: .ascii "make ramdisk invalid signature return 0 instead of " .ascii "0xFFFFFFFF: [movlne r0, 0xFFFFFFFF -> movlne r0, #0" .ascii "]\000" .align 2 .LC37: .ascii "make ramdisk signature check verify 0 instead of 1:" .ascii " [cmp r0, #1 -> cmp r0, #0]\000" .align 2 .LC38: .ascii "make ramdisk valid signature return 0 instead of 1:" .ascii " [moveq r0, #1 -> moveq r0, #0]\000" .align 2 .LC39: .ascii "don't try to read ramdisk.sig (boot without any .si" .ascii "g files): [bl sector_read_suzy -> bl PC+1]\000" .align 2 .LC40: .ascii "don't try to read linux.sig (boot without any .sig " .ascii "files): [bl sector_read_suzy -> bl PC+1]\000" .data .align 2 .type volvo_patches, %object .size volvo_patches, 144 volvo_patches: .word .LC32 .word 3472 .short 51 .short 6656 .short 0 .short 6656 .word .LC33 .word 3524 .short 38 .short 6656 .short 0 .short 6656 .word .LC34 .word 3576 .short 25 .short 6656 .short 0 .short 6656 .word .LC35 .word 3628 .short 12 .short 6656 .short 0 .short 6656 .word .LC36 .word 1308 .short 0 .short 5088 .short 0 .short 5024 .word .LC37 .word 3672 .short 1 .short -7344 .short 0 .short -7344 .word .LC38 .word 1312 .short 1 .short 928 .short 0 .short 928 .word .LC39 .word 1268 .short 736 .short -5376 .short 0 .short -5376 .word .LC40 .word 1120 .short 773 .short -5376 .short 0 .short -5376 .global standard_patches .align 2 .type standard_patches, %object .size standard_patches, 144 standard_patches: .word .LC32 .word 3000 .short 51 .short 6656 .short 0 .short 6656 .word .LC33 .word 3052 .short 38 .short 6656 .short 0 .short 6656 .word .LC34 .word 3104 .short 25 .short 6656 .short 0 .short 6656 .word .LC35 .word 3156 .short 12 .short 6656 .short 0 .short 6656 .word .LC36 .word 852 .short 0 .short 5088 .short 0 .short 5024 .word .LC37 .word 3200 .short 1 .short -7344 .short 0 .short -7344 .word .LC38 .word 856 .short 1 .short 928 .short 0 .short 928 .word .LC39 .word 816 .short 731 .short -5376 .short 0 .short -5376 .word .LC40 .word 704 .short 759 .short -5376 .short 0 .short -5376 .comm num_patches,4,4 .ident "GCC: (GNU) 4.1.2"