The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Address Mapping
iPod touch (2nd generation) Bootrom
I think this might not be a good idea, because this page will wind up getting huge, but in case anyone thinks differently I'll add these for the hell of it.
functions
- 0x067A - BootromStart
- 0x45BA - InitProcessor
- 0x4778 - SetupMMU
- 0x4734 - MMU_MapAddr
- 0x3A84 - Do_MMU_Mappings
- 0x34FC - EnableInterrupts
- 0x652C - Setup_SPI
- 0x36DC - Setup_IdleTask
- 0x4906 - PrepareNOR
- 0x49BC - nor_spi_read_range
- 0x178C - malloc
- 0x34D8 - DisableInterrupts
- 0x7840 - memset
- 0x7858 - memzero (this looks funny in IDA, kind of, but really it's just optimized as part of memset)
- 0x1954 - free
- 0x4844 - addNORtoBlockDevList
- 0x4804 - default_block_read
- 0x10C8 - blockdev_read_hook(void *BDevStruct, void *OutputBuffer, __int32 InputImageStartAddress, int Offset, __int32 Size)
- 0x1258 - fake_default_block_read
- 0x136E - blockdev_write_hook
- 0x1518 - default_block_write
- 0x151E - default_block_erase
- 0x1090 - get_block_device(const char* deviceName)
- 0x8354 - strcmp
- 0x1AF0 - CreateImageList
- 0x1F68 - DoCreateImageList
- 0x204C - GetImage(u32 imageFourccTag)
- 0x1BF0 - SetupMemzStruct(u32 LoadAddress, u32 FileSize, u32 flags)
- 0x30E8 - InitUSB
- 0x795C - memcpy
- 0x0E84 - USB_Core_Init
- 0x1058 - StopUSB
- 0x328C - GetSystemInfo
- 0x3D94 - Get_Chip_ID
- 0x3DA0 - Get_Chip_Revision
- 0x3D74 - Get_Security_Epoch
- 0x3AE4 - Get_Board_ID
- 0x3DD4 - Get_Unique_Chip_ID
- 0x8286 - snprintf
- 0x7D5C - vfprintf_like_thingy
- 0x82A8 - printf
- 0x8422 - putchar
- 0x2E98 - usb_print
- 0x83CC - strncat
- 0x1C18 - FreeMemzStruct
- 0x67DC - Reboot (via watchdog, so yeah it looks a bit odd)
- 0x0644 - LoadAndJumpToFWImage(struct MemzStruct *pMemzInfo, __int32 LoadAddress, __int32 FileSize)
- 0x3338 - ProperlyJumpToImage(void unkown, u32 address, void unknown)
- 0x4584 - PrepMMUForJump (?)
- 0x1B78 - LoadFirmwareImage
- 0x2144 - doLoadFirmwareImage
- 0x1D04 - VerifyImage
- 0x5EA8 - ComputeSHA1(void *Input_Data, int Data_Size, void *SHA1_Of_Data)
- 0x4150 - AdjustClock
- 0x5E54 - CopyBlockToSHA1Engine
- 0x372E - yield
- 0x2400 - DecryptRSASignature
- 0x0898 - DoCrypto(int CryptOption, void *Input_Buffer, void *Output_Buffer, __int32 Size, int AESMode, void *Key, void *IV) [CryptOption 0x10 == encrypt, 0x11 == decrypt]
- 0x5010 - aes_encrypt
- 0x4DB8 - do_aes_encrypt
- 0x4D38 - send_key_to_aes
- 0x4D88 - send_iv_to_aes
- 0x4F44 - aes_decrypt
- 0x4E80 - do_aes_decrypt
- 0x2668 - parse_certificate_and_signature(void *pCertsData, int sizeOfCerts, void *pImageRsaSha1, int sizeofRsaSha1, void *pComputedImageSha1, int sha1Size, void *pImageBuffer, int imageFullSize)
- 0x356C - CheckIfDiagnosticDevice
- 0x3D64 - Get_Security_Domain
- 0x3D44 - Get_Production_Mode
- 0x1F00 - Find_Data_For_Tag
- 0x346C - Panic
- 0x0634 - WaitForInterrupt
- 0x4618 - UndefinedInstructionVector
- 0x46F0 - UndefinedInstructionHandler
- 0x4628 - SoftwareInterruptVector
- 0x4700 - SoftwareInterruptHandler
- 0x4640 - PrefetchAbortVector
- 0x46B4 - PrefetchAbortHandler
- 0x4664 - DataAbortVector
- 0x46A2 - DataAbortHandler
- 0x467C - AddressExceptionTrapVector
- 0x4680 - InterruptRequestVector
- 0x4710 - InterruptRequestHandler
- 0x4BEC - HandleInterruptRequest
- 0x4690 - FastInterruptRequestVector
- 0x4722 - FastInterruptRequestHandler
- 0x4C40 - HandleFastInterruptRequest
variables
- 0x220240D4 - SHA1 accelerator register table
- 0x22024200 - Block Device List
- 0x220250A0 - Permissions Flags
- 0x220254E0 - Interrupt Table
- 0x2202C000 - Page table