Luma3DS-3GX/reboot/rebootCode.s

.arm.little

firm_size equ 0x000EA000
firm_addr equ 0x24000000
fopen equ 0x08059D10
fread equ 0x0804CC54
pxi_wait_recv equ 0x08054134

.create "reboot1.bin", 0x080849DC
.org 0x080849DC
.arm
patch005:
	ldr r0, =0x2000E000
	mov r1, #0x200
	mov r2, #0
	add r1, r1, r0
@@memset_loop:
	str r2, [r0]
	add r0, r0, #4
	cmp r0, r1
	blt @@memset_loop
	ldr r0, =0x2000E000
	ldr r1, =firm_fname
	mov r2, #1
	blx fopen
	ldr r0, =0x2000E000
	ldr r1, =0x2000E100
	mov r2, #firm_addr
	mov r3, #firm_size
	blx fread

	ldr r4, =0x44846
	blx pxi_wait_recv
	cmp r0, r4
	bne patch005
	mov r2, #0
	mov r3, r2
	mov r1, r2
	mov r0, r2
	swi 0x7C
	ldr r0, =0x80FF4FC
	swi 0x7B

@@inf_loop:
	b @@inf_loop
.pool
firm_fname:
.close

.create "reboot2.bin", 0x080933CC
.org 0x080933CC
.arm
	stmfd sp!, {r4-r11,lr}
	sub sp, sp, #0x3C
	mrc p15, 0, r0, c2, c0, 0	; dcacheable
	mrc p15, 0, r12, c2, c0, 1	; icacheable
	mrc p15, 0, r1, c3, c0, 0	; write bufferable
	mrc p15, 0, r2, c5, c0, 2	; daccess
	mrc p15, 0, r3, c5, c0, 3	; iaccess
	ldr r4, =0x18000035			; 0x18000000 128M
	bic r2, r2, #0xF0000		; unprotect region 4
	bic r3, r3, #0xF0000		; unprotect region 4
	orr r0, r0, #0x10			; dcacheable region 4
	orr r2, r2, #0x30000		; region 4 r/w
	orr r3, r3, #0x30000		; region 4 r/w
	orr r12, r12, #0x10			; icacheable region 4
	orr r1, r1, #0x10			; write bufferable region 4
	mcr p15, 0, r0, c2, c0, 0
	mcr p15, 0, r12, c2, c0, 1
	mcr p15, 0, r1, c3, c0, 0	; write bufferable
	mcr p15, 0, r2, c5, c0, 2	; daccess
	mcr p15, 0, r3, c5, c0, 3	; iaccess
	mcr p15, 0, r4, c6, c4, 0	; region 4 (hmmm)

	mrc p15, 0, r0, c2, c0, 0	; dcacheable
	mrc p15, 0, r1, c2, c0, 1	; icacheable
	mrc p15, 0, r2, c3, c0, 0	; write bufferable
	orr r0, r0, #0x20			; dcacheable region 5
	orr r1, r1, #0x20			; icacheable region 5
	orr r2, r2, #0x20			; write bufferable region 5
	mcr p15, 0, r0, c2, c0, 0	; dcacheable
	mcr p15, 0, r1, c2, c0, 1	; icacheable
	mcr p15, 0, r2, c3, c0, 0	; write bufferable

	mov r4, #firm_addr
	add r3, r4, #0x40
	ldr r0, [r3]				; offset
	add r0, r0, r4				; src
	ldr r1, [r3,#4]				; dst
	ldr r2, [r3,#8]				; size
	bl memcpy32
	add r3, r4, #0x70
	ldr r0, [r3]
	add r0, r0, r4				; src
	ldr r1, [r3,#4]				; dst
	ldr r2, [r3,#8]				; size
	bl memcpy32
	add r3, r4, #0xA0
	ldr r0, [r3]
	add r0, r0, r4				; src
	ldr r1, [r3,#4]				; dst
	ldr r2, [r3,#8]				; size
	bl memcpy32
	mov r2, #0
	mov r1, r2
@flush_cache:
	mov r0, #0
	mov r3, r2, lsl#30
@flush_cache_inner_loop:
	orr r12, r3, r0, lsl#5
	mcr p15, 0, r1, c7, c10, 4	; drain write buffer
	mcr p15, 0, r12, c7, c14, 2	; clean and flush dcache entry (index and segment)
	add r0, r0, #1
	cmp r0, #0x20
	bcc @flush_cache_inner_loop
	add r2, r2, #1
	cmp r2, #4
	bcc @flush_cache
	mcr p15, 0, r1, c7, c10, 4	; drain write buffer
@mpu_enable:
	ldr r0, =0x42078			; alt vector select, enable itcm
	mcr p15, 0, r0, c1, c0, 0
	mcr p15, 0, r1, c7, c5, 0	; flush dcache
	mcr p15, 0, r1, c7, c6, 0	; flush icache
	mcr p15, 0, r1, c7, c10, 4	; drain write buffer
	mov r0, #firm_addr
	mov r1, 0X1FFFFFFC
	ldr r2, [r0,#8]				; arm11 entry
	str r2, [r1]
	ldr r0, [r0,#0xC]			; arm9 entry
	add sp, sp, #0x3C
	ldmfd sp!, {r4-r11,lr}
	bx r0
.pool
memcpy32: ; memcpy32(void *src, void *dst, unsigned int size)
	mov r12, lr
	stmfd sp!, {r0-r4}
	add r2, r2, r0
@memcpy_loop:
	ldr r3, [r0], #4
	str r3, [r1], #4
	cmp r0, r2
	blt @memcpy_loop
	ldmfd sp!, {r0-r4}
	mov lr, r12
	bx lr
.pool
.close
Prep work for A9LH screen init 2016-02-24 20:35:15 +01:00			`.arm.little`
Merged my changes There you have it! 2016-02-08 03:37:03 +01:00
			`firm_size equ 0x000EA000`
			`firm_addr equ 0x24000000`
			`fopen equ 0x08059D10`
			`fread equ 0x0804CC54`
			`pxi_wait_recv equ 0x08054134`

			`.create "reboot1.bin", 0x080849DC`
			`.org 0x080849DC`
			`.arm`
			`patch005:`
			`ldr r0, =0x2000E000`
			`mov r1, #0x200`
			`mov r2, #0`
			`add r1, r1, r0`
			`@@memset_loop:`
			`str r2, [r0]`
			`add r0, r0, #4`
			`cmp r0, r1`
			`blt @@memset_loop`
			`ldr r0, =0x2000E000`
			`ldr r1, =firm_fname`
			`mov r2, #1`
			`blx fopen`
			`ldr r0, =0x2000E000`
			`ldr r1, =0x2000E100`
			`mov r2, #firm_addr`
			`mov r3, #firm_size`
			`blx fread`

			`ldr r4, =0x44846`
			`blx pxi_wait_recv`
			`cmp r0, r4`
			`bne patch005`
			`mov r2, #0`
			`mov r3, r2`
			`mov r1, r2`
			`mov r0, r2`
Prep work for A9LH screen init 2016-02-24 20:35:15 +01:00			`swi 0x7C`
Merged my changes There you have it! 2016-02-08 03:37:03 +01:00			`ldr r0, =0x80FF4FC`
Prep work for A9LH screen init 2016-02-24 20:35:15 +01:00			`swi 0x7B`
Merged my changes There you have it! 2016-02-08 03:37:03 +01:00
			`@@inf_loop:`
			`b @@inf_loop`
			`.pool`
			`firm_fname:`
			`.close`

			`.create "reboot2.bin", 0x080933CC`
			`.org 0x080933CC`
			`.arm`
			`stmfd sp!, {r4-r11,lr}`
			`sub sp, sp, #0x3C`
			`mrc p15, 0, r0, c2, c0, 0 ; dcacheable`
			`mrc p15, 0, r12, c2, c0, 1 ; icacheable`
			`mrc p15, 0, r1, c3, c0, 0 ; write bufferable`
			`mrc p15, 0, r2, c5, c0, 2 ; daccess`
			`mrc p15, 0, r3, c5, c0, 3 ; iaccess`
			`ldr r4, =0x18000035 ; 0x18000000 128M`
			`bic r2, r2, #0xF0000 ; unprotect region 4`
			`bic r3, r3, #0xF0000 ; unprotect region 4`
			`orr r0, r0, #0x10 ; dcacheable region 4`
			`orr r2, r2, #0x30000 ; region 4 r/w`
			`orr r3, r3, #0x30000 ; region 4 r/w`
			`orr r12, r12, #0x10 ; icacheable region 4`
			`orr r1, r1, #0x10 ; write bufferable region 4`
			`mcr p15, 0, r0, c2, c0, 0`
			`mcr p15, 0, r12, c2, c0, 1`
			`mcr p15, 0, r1, c3, c0, 0 ; write bufferable`
			`mcr p15, 0, r2, c5, c0, 2 ; daccess`
			`mcr p15, 0, r3, c5, c0, 3 ; iaccess`
			`mcr p15, 0, r4, c6, c4, 0 ; region 4 (hmmm)`

			`mrc p15, 0, r0, c2, c0, 0 ; dcacheable`
			`mrc p15, 0, r1, c2, c0, 1 ; icacheable`
			`mrc p15, 0, r2, c3, c0, 0 ; write bufferable`
			`orr r0, r0, #0x20 ; dcacheable region 5`
			`orr r1, r1, #0x20 ; icacheable region 5`
			`orr r2, r2, #0x20 ; write bufferable region 5`
			`mcr p15, 0, r0, c2, c0, 0 ; dcacheable`
			`mcr p15, 0, r1, c2, c0, 1 ; icacheable`
			`mcr p15, 0, r2, c3, c0, 0 ; write bufferable`

			`mov r4, #firm_addr`
			`add r3, r4, #0x40`
			`ldr r0, [r3] ; offset`
			`add r0, r0, r4 ; src`
			`ldr r1, [r3,#4] ; dst`
			`ldr r2, [r3,#8] ; size`
			`bl memcpy32`
			`add r3, r4, #0x70`
			`ldr r0, [r3]`
			`add r0, r0, r4 ; src`
			`ldr r1, [r3,#4] ; dst`
			`ldr r2, [r3,#8] ; size`
			`bl memcpy32`
			`add r3, r4, #0xA0`
			`ldr r0, [r3]`
			`add r0, r0, r4 ; src`
			`ldr r1, [r3,#4] ; dst`
			`ldr r2, [r3,#8] ; size`
			`bl memcpy32`
			`mov r2, #0`
			`mov r1, r2`
			`@flush_cache:`
			`mov r0, #0`
			`mov r3, r2, lsl#30`
			`@flush_cache_inner_loop:`
			`orr r12, r3, r0, lsl#5`
			`mcr p15, 0, r1, c7, c10, 4 ; drain write buffer`
			`mcr p15, 0, r12, c7, c14, 2 ; clean and flush dcache entry (index and segment)`
			`add r0, r0, #1`
			`cmp r0, #0x20`
			`bcc @flush_cache_inner_loop`
			`add r2, r2, #1`
			`cmp r2, #4`
			`bcc @flush_cache`
			`mcr p15, 0, r1, c7, c10, 4 ; drain write buffer`
			`@mpu_enable:`
			`ldr r0, =0x42078 ; alt vector select, enable itcm`
			`mcr p15, 0, r0, c1, c0, 0`
			`mcr p15, 0, r1, c7, c5, 0 ; flush dcache`
			`mcr p15, 0, r1, c7, c6, 0 ; flush icache`
			`mcr p15, 0, r1, c7, c10, 4 ; drain write buffer`
			`mov r0, #firm_addr`
			`mov r1, 0X1FFFFFFC`
			`ldr r2, [r0,#8] ; arm11 entry`
			`str r2, [r1]`
			`ldr r0, [r0,#0xC] ; arm9 entry`
			`add sp, sp, #0x3C`
			`ldmfd sp!, {r4-r11,lr}`
			`bx r0`
			`.pool`
			`memcpy32: ; memcpy32(void src, void dst, unsigned int size)`
			`mov r12, lr`
			`stmfd sp!, {r0-r4}`
			`add r2, r2, r0`
			`@memcpy_loop:`
			`ldr r3, [r0], #4`
			`str r3, [r1], #4`
			`cmp r0, r2`
			`blt @memcpy_loop`
			`ldmfd sp!, {r0-r4}`
			`mov lr, r12`
			`bx lr`
			`.pool`
			`.close`