151 lines
2.3 KiB
ArmAsm
151 lines
2.3 KiB
ArmAsm
.arm
|
|
.align 4
|
|
.code 32
|
|
.text
|
|
|
|
.global jump_table
|
|
jump_table:
|
|
b func_patch_hook
|
|
b reboot_function
|
|
|
|
func_patch_hook:
|
|
push {r0-r12, lr}
|
|
|
|
mov r0, #0
|
|
bl pxi_send
|
|
bl pxi_sync
|
|
|
|
mov r0, #0x10000
|
|
bl pxi_send
|
|
bl pxi_recv
|
|
bl pxi_recv
|
|
bl pxi_recv
|
|
|
|
ldr r1, jt_pdn_regs
|
|
mov r0, #2
|
|
strb r0, [r1, #0x230]
|
|
mov r0, #0x10
|
|
bl busy_spin
|
|
mov r0, #0
|
|
strb r0, [r1, #0x230]
|
|
mov r0, #0x10
|
|
bl busy_spin
|
|
|
|
pop {r0-r12, lr}
|
|
|
|
ldr r0, =0x44836
|
|
str r0, [r1]
|
|
ldr pc, jt_return
|
|
|
|
reboot_function:
|
|
adr r0, arm11_reboot_hook
|
|
adr r1, arm11_reboot_hook_end
|
|
ldr r2, =0x1FFFFC00
|
|
mov r4, r2
|
|
bl copy_mem
|
|
bx r4
|
|
|
|
copy_mem:
|
|
sub r3, r1, r0
|
|
mov r1, r3,asr#2
|
|
cmp r1, #0
|
|
ble copy_mem_ret
|
|
movs r1, r3,lsl#29
|
|
sub r0, r0, #4
|
|
sub r1, r2, #4
|
|
bpl copy_mem_loc1
|
|
ldr r2, [r0,#4]!
|
|
str r2, [r1,#4]!
|
|
|
|
copy_mem_loc1:
|
|
movs r2, r3,asr#3
|
|
beq copy_mem_ret
|
|
|
|
copy_mem_loc2:
|
|
ldr r3, [r0,#4]
|
|
subs r2, r2, #1
|
|
str r3, [r1,#4]
|
|
ldr r3, [r0,#8]!
|
|
str r3, [r1,#8]!
|
|
bne copy_mem_loc2
|
|
|
|
copy_mem_ret:
|
|
bx lr
|
|
|
|
.pool
|
|
|
|
arm11_reboot_hook:
|
|
ldr r0, pxi_regs
|
|
ldr r1, pxi_command
|
|
str r1, [r0]
|
|
|
|
ldr r8, io_mem
|
|
ldr r9, arm9_payload
|
|
ldr r10, firm_header
|
|
|
|
wait_arm9_loop:
|
|
ldrb r0, [r8]
|
|
ands r0, r0, #1
|
|
bne wait_arm9_loop
|
|
|
|
str r9, [r10, #0xC]
|
|
|
|
mov r0, #0x1FFFFFF8
|
|
wait_arm11_loop:
|
|
ldr r1, [r0]
|
|
cmp r1, #0
|
|
beq wait_arm11_loop
|
|
|
|
bx r1
|
|
|
|
pxi_regs: .long 0x10163008
|
|
pxi_command: .long 0x44846
|
|
io_mem: .long 0x10140000
|
|
arm9_payload: .long 0x23F00000
|
|
firm_header: .long 0x24000000
|
|
|
|
arm11_reboot_hook_end:
|
|
|
|
.pool
|
|
|
|
busy_spin:
|
|
subs r0, #2
|
|
nop
|
|
bgt busy_spin
|
|
bx lr
|
|
|
|
pxi_send:
|
|
ldr r1, jt_pxi_regs
|
|
pxi_send_l1:
|
|
ldrh r2, [r1,#4]
|
|
tst r2, #2
|
|
bne pxi_send_l1
|
|
str r0, [r1,#8]
|
|
bx lr
|
|
|
|
pxi_sync:
|
|
ldr r0, jt_pxi_regs
|
|
ldrb r1, [r0,#3]
|
|
orr r1, #0x40
|
|
strb r1, [r0,#3]
|
|
bx lr
|
|
|
|
pxi_recv:
|
|
ldr r0, jt_pxi_regs
|
|
pxi_recv_l1:
|
|
ldrh r1, [r0,#4]
|
|
tst r1, #0x100
|
|
bne pxi_recv_l1
|
|
ldr r0, [r0,#0xC]
|
|
bx lr
|
|
|
|
.global jt_pdn_regs
|
|
jt_pdn_regs: .long 0
|
|
.global jt_pxi_regs
|
|
jt_pxi_regs: .long 0
|
|
.global jt_return
|
|
jt_return: .long 0
|
|
|
|
.global jump_table_end
|
|
jump_table_end:
|