Bureaucrats, oversight, Administrators
33
edits
Changes
Jump to navigation
Jump to search
New page: == BIOS and Bootrom == The ARM7 BIOS is splitted up into two parts: # the actual BIOS which is 0x8000 bytes long and starts at 0x0 # the bootrom which is probably also 0x8000 bytes long a...
== BIOS and Bootrom ==
The ARM7 BIOS is splitted up into two parts:
# the actual BIOS which is 0x8000 bytes long and starts at 0x0
# the bootrom which is probably also 0x8000 bytes long and starts at 0x8000
*The data of 1) can only be read by instructions within the BIOS. It can therefore be dumped by applying some irq timer trick to find a usable ''ldr'' instruction or by just using the memcpy at 0x6bb0 with the usual arguments.
*The data of 2) can only be read until bit 0 in register '''0x04004000 or 0x04004001 (?)''' is cleared. It is enabled after it has been executed and can never be read again until a reset then. It might contains keys and has not been dumped yet.
== SWI list ==
The BIOS provides the following SVC functions. Every SVC not mentioned here just jumps to an infinite loop at 0x16c (b .)
{| class="wikitable sortable" width="55%"
|-
! SVC
! NAME
! DESCRIPTION
|-
|01
|n/a
|n/a
|-
|02
|n/a
|n/a
|-
|03
|WaitByLoop
|n/a
|-
|04
|IntrWait
|n/a
|-
|05
|VSyncWait
|n/a
|-
|06
|HaltMaybe
|n/a
|-
|07
|StopMaybe
|n/a
|-
|08
|n/a
|n/a
|-
|09
|n/a
|n/a
|-
|0b
|CPUSet
|n/a
|-
|0c
|CpuFastSet
|n/a
|-
|0d
|n/a
|n/a
|-
|0e
|crc16
|n/a
|-
|10
|n/a
|n/a
|-
|11
|n/a
|n/a
|-
|12
|n/a
|n/a
|-
|13
|n/a
|n/a
|-
|14
|n/a
|n/a
|-
|15
|n/a
|n/a
|-
|19
|n/a
|n/a
|-
|1a
|GetSinTable
|n/a
|-
|1b
|GetPitchTable
|n/a
|-
|1c
|GetVolumeTable
|n/a
|-
|1d
|n/a
|n/a
|-
|1f
|CustomHalt
|n/a
|-
|20
|n/a
|n/a
|-
|21
|n/a
|n/a
|-
|22
|n/a
|n/a
|-
|23
|n/a
|n/a
|-
|24
|sha1_init
|n/a
|-
|25
|sha1_update
|n/a
|-
|26
|sha1_finalize
|n/a
|-
|27
|sha1
|n/a
|-
|28
|sha1_compare
|n/a
|-
|29
|sha1_random_maybe
|n/a
|}
== reset vectors et al ==
The first few words of the BIOS cannot be dumped. You can guess them by tracing the code though (all values are noted in little endian here):
060000ea
060000ea
1f0000ea
040000ea
030000ea
feffffea
130000ea
000000ea
The ARM7 BIOS is splitted up into two parts:
# the actual BIOS which is 0x8000 bytes long and starts at 0x0
# the bootrom which is probably also 0x8000 bytes long and starts at 0x8000
*The data of 1) can only be read by instructions within the BIOS. It can therefore be dumped by applying some irq timer trick to find a usable ''ldr'' instruction or by just using the memcpy at 0x6bb0 with the usual arguments.
*The data of 2) can only be read until bit 0 in register '''0x04004000 or 0x04004001 (?)''' is cleared. It is enabled after it has been executed and can never be read again until a reset then. It might contains keys and has not been dumped yet.
== SWI list ==
The BIOS provides the following SVC functions. Every SVC not mentioned here just jumps to an infinite loop at 0x16c (b .)
{| class="wikitable sortable" width="55%"
|-
! SVC
! NAME
! DESCRIPTION
|-
|01
|n/a
|n/a
|-
|02
|n/a
|n/a
|-
|03
|WaitByLoop
|n/a
|-
|04
|IntrWait
|n/a
|-
|05
|VSyncWait
|n/a
|-
|06
|HaltMaybe
|n/a
|-
|07
|StopMaybe
|n/a
|-
|08
|n/a
|n/a
|-
|09
|n/a
|n/a
|-
|0b
|CPUSet
|n/a
|-
|0c
|CpuFastSet
|n/a
|-
|0d
|n/a
|n/a
|-
|0e
|crc16
|n/a
|-
|10
|n/a
|n/a
|-
|11
|n/a
|n/a
|-
|12
|n/a
|n/a
|-
|13
|n/a
|n/a
|-
|14
|n/a
|n/a
|-
|15
|n/a
|n/a
|-
|19
|n/a
|n/a
|-
|1a
|GetSinTable
|n/a
|-
|1b
|GetPitchTable
|n/a
|-
|1c
|GetVolumeTable
|n/a
|-
|1d
|n/a
|n/a
|-
|1f
|CustomHalt
|n/a
|-
|20
|n/a
|n/a
|-
|21
|n/a
|n/a
|-
|22
|n/a
|n/a
|-
|23
|n/a
|n/a
|-
|24
|sha1_init
|n/a
|-
|25
|sha1_update
|n/a
|-
|26
|sha1_finalize
|n/a
|-
|27
|sha1
|n/a
|-
|28
|sha1_compare
|n/a
|-
|29
|sha1_random_maybe
|n/a
|}
== reset vectors et al ==
The first few words of the BIOS cannot be dumped. You can guess them by tracing the code though (all values are noted in little endian here):
060000ea
060000ea
1f0000ea
040000ea
030000ea
feffffea
130000ea
000000ea