|
|
QCSBLFunctions
Important QCSBL Functions
Load OEMSBL Check and Load AMSS
ROM:02D4C040 30 FF 2F E1 BLX R0 ; 02D4C074, go to oemsbl check and init
ROM:02D4C044 00 40 A0 E1 MOV R4, R0
ROM:02D4C048 10 0F 11 EE MRC p15, 0, R0,c1,c0
ROM:02D4C04C 80 0D C0 E3 BIC R0, R0, #0x2000
ROM:02D4C050 10 0F 01 EE MCR p15, 0, R0,c1,c0
ROM:02D4C054 14 D0 9F E5 LDR SP, =0xFFFF2800
ROM:02D4C058 40 D0 4D E2 SUB SP, SP, #0x40
ROM:02D4C05C 3C 40 8D E5 STR R4, [SP,#0x40+var_4]
ROM:02D4C060 FF FF 9D E8 LDMFD SP, {R0-PC} ; Jump to 0x0, which is AMSS atm :)AMSS and OEM Check Routine
ROM:02D4E438 check_amss_or_oem ; CODE XREF: ROM:02D4CC4Cp
ROM:02D4E438
ROM:02D4E438 var_4C = -0x4C
ROM:02D4E438 var_38 = -0x38
ROM:02D4E438 var_34 = -0x34
ROM:02D4E438 arg_0 = 0
ROM:02D4E438 arg_4 = 4
ROM:02D4E438 arg_8 = 8
ROM:02D4E438
ROM:02D4E438 F0 4F 2D E9 STMFD SP!, {R4-R11,LR}
ROM:02D4E43C 2C D0 4D E2 SUB SP, SP, #0x2C
ROM:02D4E440 01 E0 A0 E1 MOV LR, R1
ROM:02D4E444 02 80 A0 E1 MOV R8, R2
ROM:02D4E448 03 90 A0 E1 MOV R9, R3
ROM:02D4E44C C0 11 9F E5 LDR R1, =loc_2D50960
ROM:02D4E450 50 60 9D E5 LDR R6, [SP,#0x50+arg_0]
ROM:02D4E454 58 50 9D E5 LDR R5, [SP,#0x50+arg_8] ; Sha1-Value
ROM:02D4E458 54 70 9D E5 LDR R7, [SP,#0x50+arg_4] ; 0x100
ROM:02D4E45C 0C 0C 91 E8 LDMIA R1, {R2,R3,R10,R11}
ROM:02D4E460 1C 40 8D E2 ADD R4, SP, #0x50+var_34
ROM:02D4E464 0C 0C 84 E8 STMIA R4, {R2,R3,R10,R11}
ROM:02D4E468 00 00 5E E3 CMP LR, #0
ROM:02D4E46C 00 00 58 13 CMPNE R8, #0
ROM:02D4E470 A0 11 9F E5 LDR R1, =dword_2D5095C
ROM:02D4E474 00 00 59 13 CMPNE R9, #0
ROM:02D4E478 00 00 56 13 CMPNE R6, #0
ROM:02D4E47C 00 10 91 E5 LDR R1, [R1]
ROM:02D4E480 00 00 57 13 CMPNE R7, #0
ROM:02D4E484 00 00 A0 03 MOVEQ R0, #0
ROM:02D4E488 01 B0 A0 E3 MOV R11, #1
ROM:02D4E48C 00 A0 A0 E3 MOV R10, #0
ROM:02D4E490 00 40 A0 E3 MOV R4, #0
ROM:02D4E494 18 10 8D E5 STR R1, [SP,#0x50+var_38]
ROM:02D4E498 5B 00 00 0A BEQ loc_2D4E60C
ROM:02D4E49C 00 00 55 E3 CMP R5, #0
ROM:02D4E4A0 04 20 8D 02 ADDEQ R2, SP, #0x50+var_4C
ROM:02D4E4A4 0E 10 A0 01 MOVEQ R1, LR
ROM:02D4E4A8 D2 FF FF 0B BLEQ calc_sha_oembl
ROM:02D4E4AC 07 10 A0 E1 MOV R1, R7
ROM:02D4E4B0 06 00 A0 E1 MOV R0, R6
ROM:02D4E4B4 20 05 00 EB BL rsaroutine
ROM:02D4E4B8 00 60 A0 E1 MOV R6, R0
ROM:02D4E4BC 18 00 8D E2 ADD R0, SP, #0x50+var_38
ROM:02D4E4C0 0B 10 A0 E1 MOV R1, R11
ROM:02D4E4C4 1C 05 00 EB BL rsaroutine
ROM:02D4E4C8 00 70 A0 E1 MOV R7, R0
ROM:02D4E4CC 08 00 A0 E1 MOV R0, R8
ROM:02D4E4D0 09 10 A0 E1 MOV R1, R9
ROM:02D4E4D4 18 05 00 EB BL rsaroutine
ROM:02D4E4D8 00 80 A0 E1 MOV R8, R0
ROM:02D4E4DC 00 00 55 E3 CMP R5, #0
ROM:02D4E4E0 05 00 A0 11 MOVNE R0, R5
ROM:02D4E4E4 04 00 8D 02 ADDEQ R0, SP, #0x50+var_4C
ROM:02D4E4E8 14 10 A0 E3 MOV R1, #0x14
ROM:02D4E4EC 12 05 00 EB BL rsaroutine
ROM:02D4E4F0 00 90 A0 E1 MOV R9, R0
ROM:02D4E4F4 63 00 A0 E3 MOV R0, #0x63
ROM:02D4E4F8 00 10 A0 E3 MOV R1, #0
ROM:02D4E4FC 48 00 00 EB BL rsaroutine2
ROM:02D4E500 00 00 56 E3 CMP R6, #0
ROM:02D4E504 00 00 57 13 CMPNE R7, #0
ROM:02D4E508 00 00 58 13 CMPNE R8, #0
ROM:02D4E50C 00 00 59 13 CMPNE R9, #0
ROM:02D4E510 00 50 A0 E1 MOV R5, R0
ROM:02D4E514 00 00 55 13 CMPNE R5, #0
ROM:02D4E518 2B 00 00 0A BEQ exit
ROM:02D4E51C 06 30 A0 E1 MOV R3, R6
ROM:02D4E520 07 20 A0 E1 MOV R2, R7
ROM:02D4E524 08 10 A0 E1 MOV R1, R8
ROM:02D4E528 05 00 A0 E1 MOV R0, R5
ROM:02D4E52C A9 04 00 EB BL finalrsaroutine
ROM:02D4E530 00 00 50 E3 CMP R0, #0
ROM:02D4E534 24 00 00 1A BNE exit
ROM:02D4E538 05 00 A0 E3 MOV R0, #5
ROM:02D4E53C 09 30 A0 E3 MOV R3, #9
ROM:02D4E540 00 20 A0 E3 MOV R2, #0
ROM:02D4E544
ROM:02D4E544 loc_2D4E544 ; CODE XREF: check_amss_or_oem+130j
ROM:02D4E544 00 C1 95 E7 LDR R12, [R5,R0,LSL#2]
ROM:02D4E548 02 10 A0 E1 MOV R1, R2
ROM:02D4E54C 1C E0 8D E2 ADD LR, SP, #0x50+var_34
ROM:02D4E550 01 11 9E E7 LDR R1, [LR,R1,LSL#2]
ROM:02D4E554 01 20 82 E2 ADD R2, R2, #1
ROM:02D4E558 01 00 5C E1 CMP R12, R1
ROM:02D4E55C 02 00 00 1A BNE loc_2D4E56C
ROM:02D4E560 01 00 80 E2 ADD R0, R0, #1
ROM:02D4E564 03 00 50 E1 CMP R0, R3
ROM:02D4E568 F5 FF FF 3A BCC loc_2D4E544
ROM:02D4E56C
ROM:02D4E56C loc_2D4E56C ; CODE XREF: check_amss_or_oem+124j
ROM:02D4E56C A8 00 9F E5 LDR R0, =aSignal
ROM:02D4E570 00 10 E0 E3 MOVL R1, 0xFFFFFFFF
ROM:02D4E574 B0 00 D0 E1 LDRH R0, [R0]
ROM:02D4E578 A0 02 81 E0 ADD R0, R1, R0,LSR#5
ROM:02D4E57C 03 00 00 EA B jumptocompare
ROM:02D4E580 ; ---------------------------------------------------------------------------
ROM:02D4E580
ROM:02D4E580 loc_2D4E580 ; CODE XREF: check_amss_or_oem+15Cj
ROM:02D4E580 03 11 95 E7 LDR R1, [R5,R3,LSL#2]
ROM:02D4E584 01 00 71 E3 CMN R1, #1
ROM:02D4E588 0E 00 00 1A BNE seterrorval ; return val : error
ROM:02D4E58C 01 30 83 E2 ADD R3, R3, #1
ROM:02D4E590
ROM:02D4E590 jumptocompare ; CODE XREF: check_amss_or_oem+144j
ROM:02D4E590 00 00 53 E1 CMP R3, R0
ROM:02D4E594 F9 FF FF 3A BCC loc_2D4E580
ROM:02D4E598 00 00 5A E3 CMP R10, #0
ROM:02D4E59C 00 01 95 07 LDREQ R0, [R5,R0,LSL#2]
ROM:02D4E5A0 78 10 9F 05 LDREQ R1, =0x1FFFF
ROM:02D4E5A4 01 00 50 01 CMPEQ R0, R1
ROM:02D4E5A8 06 00 00 1A BNE seterrorval ; return val : error
ROM:02D4E5AC 14 20 A0 E3 MOV R2, #0x14
ROM:02D4E5B0 05 10 A0 E1 MOV R1, R5
ROM:02D4E5B4 09 00 A0 E1 MOV R0, R9
ROM:02D4E5B8 3B 07 00 FA BLX memorycompare_at_2d504ac ; 2d504ac
ROM:02D4E5BC 00 00 50 E3 CMP R0, #0
ROM:02D4E5C0 01 40 A0 03 MOVEQ R4, #1 ; good guy ;)
ROM:02D4E5C4 00 00 00 0A BEQ exit
ROM:02D4E5C8
ROM:02D4E5C8 seterrorval ; CODE XREF: check_amss_or_oem+150j
ROM:02D4E5C8 ; check_amss_or_oem+170j
ROM:02D4E5C8 00 40 A0 E3 MOV R4, #0 ; return val : error
ROM:02D4E5CC
ROM:02D4E5CC exit ; CODE XREF: check_amss_or_oem+E0j
ROM:02D4E5CC ; check_amss_or_oem+FCj ...
ROM:02D4E5CC 06 10 A0 E1 MOV R1, R6
ROM:02D4E5D0 66 00 A0 E3 MOV R0, #0x66
ROM:02D4E5D4 12 00 00 EB BL rsaroutine2
ROM:02D4E5D8 07 10 A0 E1 MOV R1, R7
ROM:02D4E5DC 66 00 A0 E3 MOV R0, #0x66
ROM:02D4E5E0 0F 00 00 EB BL rsaroutine2
ROM:02D4E5E4 08 10 A0 E1 MOV R1, R8
ROM:02D4E5E8 66 00 A0 E3 MOV R0, #0x66
ROM:02D4E5EC 0C 00 00 EB BL rsaroutine2
ROM:02D4E5F0 09 10 A0 E1 MOV R1, R9
ROM:02D4E5F4 66 00 A0 E3 MOV R0, #0x66
ROM:02D4E5F8 09 00 00 EB BL rsaroutine2
ROM:02D4E5FC 05 10 A0 E1 MOV R1, R5
ROM:02D4E600 66 00 A0 E3 MOV R0, #0x66
ROM:02D4E604 06 00 00 EB BL rsaroutine2
ROM:02D4E608 04 00 A0 E1 MOV R0, R4
ROM:02D4E60C
ROM:02D4E60C loc_2D4E60C ; CODE XREF: check_amss_or_oem+60j
ROM:02D4E60C 2C D0 8D E2 ADD SP, SP, #0x2C
ROM:02D4E610 F0 8F BD E8 LDMFD SP!, {R4-R11,PC} ; 2d4cc50Memory Compare Function
ROM:02D504AC 10 B4 PUSH {R4}
ROM:02D504AE 04 2A CMP R2, #4
ROM:02D504B0 0E D3 BCC loc_2D504D0
ROM:02D504B2 03 1C ADDS R3, R0, #0
ROM:02D504B4 0B 43 ORRS R3, R1
ROM:02D504B6 9B 07 LSLS R3, R3, #0x1E
ROM:02D504B8 0A D1 BNE loc_2D504D0
ROM:02D504BA
ROM:02D504BA loc_2D504BA ; CODE XREF: memorycompare+1Aj
ROM:02D504BA 08 C8 LDMIA R0!, {R3} // Here, bytes are loaded
ROM:02D504BC 10 C9 LDMIA R1!, {R4} // Other bytes
ROM:02D504BE A3 42 CMP R3, R4 // Compare both
ROM:02D504C0 02 D1 BNE loc_2D504C8
ROM:02D504C2 04 3A SUBS R2, #4
ROM:02D504C4 04 2A CMP R2, #4
ROM:02D504C6 F8 D2 BCS loc_2D504BA // loopSha1 Calculation
ROM:02D4E3F8 calc_sha_oembl ; CODE XREF: check_amss_or_oem+70p
ROM:02D4E3F8
ROM:02D4E3F8 var_AC = -0xAC
ROM:02D4E3F8
ROM:02D4E3F8 70 40 2D E9 STMFD SP!, {R4-R6,LR}
ROM:02D4E3FC A0 D0 4D E2 SUB SP, SP, #0xA0
ROM:02D4E400 00 50 A0 E1 MOV R5, R0
ROM:02D4E404 04 00 8D E2 ADD R0, SP, #0xB0+var_AC ; C0C3D402D8C2D402000801002000FFFF
ROM:02D4E408 01 60 A0 E1 MOV R6, R1
ROM:02D4E40C 02 40 A0 E1 MOV R4, R2
ROM:02D4E410 67 FF FF EB BL sha1_init
ROM:02D4E414 06 20 A0 E1 MOV R2, R6 ; 6895C
ROM:02D4E418 05 10 A0 E1 MOV R1, R5 ; 02D9C000
ROM:02D4E41C 04 00 8D E2 ADD R0, SP, #0xB0+var_AC ; Pointer to 0
ROM:02D4E420 75 FF FF EB BL sha1_update
ROM:02D4E424 04 10 8D E2 ADD R1, SP, #0xB0+var_AC ; Pointer to 344ae0
ROM:02D4E428 04 00 A0 E1 MOV R0, R4 ; B0
ROM:02D4E42C AC FF FF EB BL sha1_finish ; R5 = 02D9C000, R6 = 0006895C, R7 = 00000100
ROM:02D4E430 A0 D0 8D E2 ADD SP, SP, #0xA0 ; R4 = sha1_sum
ROM:02D4E434 70 80 BD E8 LDMFD SP!, {R4-R6,PC}
ROM:02D4E434 ; End of function calc_sha_oemblInit OEMSBL
ROM:02D4C290 24 00 9D E5 LDR R0, [SP,#0x58+var_34]
ROM:02D4C294 00 00 85 E5 STR R0, [R5]
ROM:02D4C298 04 00 95 E5 LDR R0, [R5,#4]
ROM:02D4C29C 10 00 90 E5 LDR R0, [R0,#0x10]
ROM:02D4C2A0 30 FF 2F E1 BLX R0 ; Jump to OEMSBL ! (0x02D9C354)
ROM:02D4C2A4 00 00 95 E5 LDR R0, [R5] ; Welcome back from Init OEMSBL :)
ROM:02D4C2A8 40 D0 8D E2 ADD SP, SP, #0x40
ROM:02D4C2AC F0 81 BD E8 LDMFD SP!, {R4-R8,PC} ; (0x02D4C044)
Sign in to add a comment