Difference between revisions of "Go (iBoot command)"

From The iPhone Wiki
Jump to: navigation, search
(New page: == iPhone 3GS 8920x from iBoot-636.66 == ==Disassembly== <pre> N88AP_iBoot:4FF0103C ; =============== S U B R O U T I N E ======================================= N88AP_iBoot:4FF0103C ...)
 
(Added the more updated 5.1b3 version)
Line 1: Line 1:
  +
== iPad 1 from iBoot-1219.62.8 (5.1b3) ==
  +
  +
<pre>
  +
ROM:5FF010E4 _go_command ; DATA XREF: ROM:5FF2A878�o
  +
ROM:5FF010E4
  +
ROM:5FF010E4 var_10 = -0x10
  +
ROM:5FF010E4 var_C = -0xC
  +
ROM:5FF010E4
  +
ROM:5FF010E4 PUSH {R7,LR} ; Save return address on stack. Save R7
  +
ROM:5FF010E6 MOV R7, SP ; R7 holds current stack pointer
  +
ROM:5FF010E8 SUB SP, SP, #0x10 ; And stack reserves 16 bytes
  +
ROM:5FF010EA MOV.W R0, #0x44000000
  +
ROM:5FF010EE MOV.W R1, #0x3F00000
  +
ROM:5FF010F2 STR R0, [SP,#0x18+var_C]
  +
ROM:5FF010F4 MOV.W R0, #0x40000000
  +
ROM:5FF010F8 STR R1, [SP,#0x18+var_10]
  +
ROM:5FF010FA BL sub_5FF163D4 ; Check if this is allowed
  +
ROM:5FF010FE CBNZ R0, allowed
  +
ROM:5FF01100 LDR R0, =aPermissionDenied ; "Permission Denied\n" ; 0x5FF233C4, in case you're interested
  +
ROM:5FF01102 B exit
  +
ROM:5FF01104 ; ---------------------------------------------------------------------------
  +
ROM:5FF01104
  +
ROM:5FF01104 allowed: ; CODE XREF: _go_command+1A�j
  +
ROM:5FF01104 MOVW R2, #0x6563 ; "ec"
  +
ROM:5FF01108 MOVS R3, #1
  +
ROM:5FF0110A MOVT.W R2, #0x6962 ; "bi"
  +
ROM:5FF0110E LDR R1, [SP,#0x18+var_10]
  +
ROM:5FF01110 STRD.W R2, R3, [SP]
  +
ROM:5FF01114 ADD R2, SP, #0x18+var_C
  +
ROM:5FF01116 MOV.W R0, #0x40000000
  +
ROM:5FF0111A ADD R3, SP, #0x18+var_10
  +
ROM:5FF0111C BL sub_5FF19AB8 ; Check if can jump
  +
ROM:5FF01120 CBZ R0, can_jump ; if previous function returned 0, goto
  +
ROM:5FF01122 LDR R0, =aMemoryImageNotVa ; "Memory image not valid\n"
  +
ROM:5FF01124
  +
ROM:5FF01124 exit: ; CODE XREF: _go_command+1E�j
  +
ROM:5FF01124 BL _console_printf_probably
  +
ROM:5FF01128 MOV.W R0, #0xFFFFFFFF
  +
ROM:5FF0112C ADD SP, SP, #0x10
  +
ROM:5FF0112E POP {R7,PC}
  +
ROM:5FF01130 ; ---------------------------------------------------------------------------
  +
ROM:5FF01130
  +
ROM:5FF01130 can_jump ; CODE XREF: _go_command+3C�j
  +
ROM:5FF01130 LDR R1, [SP,#0x18+var_C]
  +
ROM:5FF01132 LDR R0, =aJumpingIntoImage ; "jumping into image at 0x%08x\n"
  +
ROM:5FF01134 BL _console_printf_probably
  +
ROM:5FF01138 MOVS R0, #0
  +
ROM:5FF0113A LDR R1, [SP,#0x18+var_C]
  +
ROM:5FF0113C MOV R2, R0
  +
ROM:5FF0113E BL do_jump
  +
ROM:5FF0113E ; End of function _go_command
  +
ROM:5FF0113E
  +
ROM:5FF01142 NOP
  +
ROM:5FF01142 ; ---------------------------------------------------------------------------
  +
ROM:5FF01144 off_5FF01144 DCD aMemoryImageNotVa ; DATA XREF: _go_command+3E�r
  +
ROM:5FF01144 ; "Memory image not valid\n"
  +
ROM:5FF01148 off_5FF01148 DCD aJumpingIntoImage ; DATA XREF: _go_command+4E�r
  +
ROM:5FF01148 ; "jumping into image at 0x%08x\n"
  +
ROM:5FF0114C off_5FF0114C DCD aPermissionDenied ; DATA XREF: _go_command+1C�r
  +
ROM:5FF0114C ; "Permission Denied\n"
  +
ROM:5FF01150
  +
</pre>
  +
 
== iPhone 3GS 8920x from iBoot-636.66 ==
 
== iPhone 3GS 8920x from iBoot-636.66 ==
   

Revision as of 21:44, 5 March 2012

iPad 1 from iBoot-1219.62.8 (5.1b3)

ROM:5FF010E4 _go_command                             ; DATA XREF: ROM:5FF2A878�o
ROM:5FF010E4
ROM:5FF010E4 var_10          = -0x10
ROM:5FF010E4 var_C           = -0xC
ROM:5FF010E4
ROM:5FF010E4                 PUSH            {R7,LR}                ; Save return address on stack. Save R7
ROM:5FF010E6                 MOV             R7, SP                 ; R7 holds current stack pointer
ROM:5FF010E8                 SUB             SP, SP, #0x10          ; And stack reserves 16 bytes
ROM:5FF010EA                 MOV.W           R0, #0x44000000
ROM:5FF010EE                 MOV.W           R1, #0x3F00000
ROM:5FF010F2                 STR             R0, [SP,#0x18+var_C]
ROM:5FF010F4                 MOV.W           R0, #0x40000000
ROM:5FF010F8                 STR             R1, [SP,#0x18+var_10]
ROM:5FF010FA                 BL              sub_5FF163D4           ; Check if this is allowed
ROM:5FF010FE                 CBNZ            R0, allowed       
ROM:5FF01100                 LDR             R0, =aPermissionDenied ; "Permission Denied\n" ; 0x5FF233C4, in case you're interested
ROM:5FF01102                 B               exit
ROM:5FF01104 ; ---------------------------------------------------------------------------
ROM:5FF01104
ROM:5FF01104 allowed:                            ; CODE XREF: _go_command+1A�j
ROM:5FF01104                 MOVW            R2, #0x6563   ; "ec"
ROM:5FF01108                 MOVS            R3, #1
ROM:5FF0110A                 MOVT.W          R2, #0x6962   ; "bi"
ROM:5FF0110E                 LDR             R1, [SP,#0x18+var_10]
ROM:5FF01110                 STRD.W          R2, R3, [SP]
ROM:5FF01114                 ADD             R2, SP, #0x18+var_C
ROM:5FF01116                 MOV.W           R0, #0x40000000
ROM:5FF0111A                 ADD             R3, SP, #0x18+var_10
ROM:5FF0111C                 BL              sub_5FF19AB8           ; Check if can jump
ROM:5FF01120                 CBZ             R0, can_jump            ; if previous function returned 0, goto
ROM:5FF01122                 LDR             R0, =aMemoryImageNotVa ; "Memory image not valid\n"
ROM:5FF01124
ROM:5FF01124 exit:                            ; CODE XREF: _go_command+1E�j
ROM:5FF01124                 BL              _console_printf_probably
ROM:5FF01128                 MOV.W           R0, #0xFFFFFFFF
ROM:5FF0112C                 ADD             SP, SP, #0x10
ROM:5FF0112E                 POP             {R7,PC}
ROM:5FF01130 ; ---------------------------------------------------------------------------
ROM:5FF01130
ROM:5FF01130 can_jump                            ; CODE XREF: _go_command+3C�j
ROM:5FF01130                 LDR             R1, [SP,#0x18+var_C]   
ROM:5FF01132                 LDR             R0, =aJumpingIntoImage ; "jumping into image at 0x%08x\n"
ROM:5FF01134                 BL              _console_printf_probably
ROM:5FF01138                 MOVS            R0, #0
ROM:5FF0113A                 LDR             R1, [SP,#0x18+var_C]
ROM:5FF0113C                 MOV             R2, R0
ROM:5FF0113E                 BL              do_jump
ROM:5FF0113E ; End of function _go_command
ROM:5FF0113E
ROM:5FF01142                 NOP
ROM:5FF01142 ; ---------------------------------------------------------------------------
ROM:5FF01144 off_5FF01144    DCD aMemoryImageNotVa   ; DATA XREF: _go_command+3E�r
ROM:5FF01144                                         ; "Memory image not valid\n"
ROM:5FF01148 off_5FF01148    DCD aJumpingIntoImage   ; DATA XREF: _go_command+4E�r
ROM:5FF01148                                         ; "jumping into image at 0x%08x\n"
ROM:5FF0114C off_5FF0114C    DCD aPermissionDenied   ; DATA XREF: _go_command+1C�r
ROM:5FF0114C                                         ; "Permission Denied\n"
ROM:5FF01150

iPhone 3GS 8920x from iBoot-636.66

Disassembly

N88AP_iBoot:4FF0103C     ; =============== S U B R O U T I N E =======================================
N88AP_iBoot:4FF0103C
N88AP_iBoot:4FF0103C     ; Attributes: bp-based frame
N88AP_iBoot:4FF0103C
N88AP_iBoot:4FF0103C     n88ap__iBoot__go_command                ; DATA XREF: N88AP_iBoot:n88ap__iBoot__go�o
N88AP_iBoot:4FF0103C
N88AP_iBoot:4FF0103C     var_18          = -0x18
N88AP_iBoot:4FF0103C     MemoryPoint     = -0x14
N88AP_iBoot:4FF0103C
N88AP_iBoot:4FF0103C 000                 PUSH    {R4,R5,R7,LR}   ; Push registers
N88AP_iBoot:4FF0103E 010                 ADD     R7, SP, #8      ; Rd = Op1 + Op2
N88AP_iBoot:4FF01040 010                 SUB     SP, SP, #8      ; Rd = Op1 - Op2
N88AP_iBoot:4FF01042 018                 CMP     R0, #1          ; Set cond. codes on Op1 - Op2
N88AP_iBoot:4FF01044 018                 MOV     R4, R1          ; Rd = Op2
N88AP_iBoot:4FF01046 018                 BLE     loc_4FF01062    ; Branch
N88AP_iBoot:4FF01048 018                 ADD.W   R5, R1, #0x14   ; Rd = Op1 + Op2
N88AP_iBoot:4FF0104C 018                 LDR     R0, =aHelp      ; "help"
N88AP_iBoot:4FF0104E 018                 LDR     R1, [R1,#0x24]  ; Load from Memory
N88AP_iBoot:4FF01050 018                 BL      sub_4FF1ECA0    ; Branch with Link
N88AP_iBoot:4FF01054 018                 CMP     R0, #0          ; Set cond. codes on Op1 - Op2
N88AP_iBoot:4FF01056 018                 BNE     loc_4FF010C4    ; Branch
N88AP_iBoot:4FF01058 018                 LDR     R1, [R4,#0x10]  ; param_R1
N88AP_iBoot:4FF0105A 018                 LDR     R0, =aSAddress  ; "%s [<address>]\n"
N88AP_iBoot:4FF0105C 018                 BL      N88AP__iBOOT__console_printf ; Branch with Link
N88AP_iBoot:4FF01060 018                 B       loc_4FF010D4    ; Branch
N88AP_iBoot:4FF01062     ; ---------------------------------------------------------------------------
N88AP_iBoot:4FF01062
N88AP_iBoot:4FF01062     loc_4FF01062                            ; CODE XREF: n88ap__iBoot__go_command+A�j
N88AP_iBoot:4FF01062 018                 LDR     R0, =aLoadaddr  ; "loadaddr"
N88AP_iBoot:4FF01064 018                 MOV.W   R1, #0x41000000 ; Rd = Op2
N88AP_iBoot:4FF01068 018                 BL      sub_4FF1CD88    ; Branch with Link
N88AP_iBoot:4FF0106C 018                 STR     R0, [SP,#0x18+MemoryPoint] ; Store to Memory
N88AP_iBoot:4FF0106E
N88AP_iBoot:4FF0106E     loc_4FF0106E                            ; CODE XREF: n88ap__iBoot__go_command+96�j
N88AP_iBoot:4FF0106E 018                 LDR     R0, [SP,#0x18+MemoryPoint] ; Load from Memory
N88AP_iBoot:4FF01070 018                 MOV.W   R1, #0xF00000   ; Rd = Op2
N88AP_iBoot:4FF01074 018                 BL      sub_4FF1A038    ; Branch with Link
N88AP_iBoot:4FF01078 018                 CBNZ    R0, loc_4FF0107E ; Compare and Branch on Non-Zero
N88AP_iBoot:4FF0107A 018                 LDR     R0, =aPermissionDenied ; "Permission Denied\n"
N88AP_iBoot:4FF0107C 018                 B       loc_4FF010AC    ; Branch
N88AP_iBoot:4FF0107E     ; ---------------------------------------------------------------------------
N88AP_iBoot:4FF0107E
N88AP_iBoot:4FF0107E     loc_4FF0107E                            ; CODE XREF: n88ap__iBoot__go_command+3C�j
N88AP_iBoot:4FF0107E 018                 LDR     R0, [SP,#0x18+MemoryPoint] ; StartAddress
N88AP_iBoot:4FF01080 018                 MOV.W   R1, #0xF00000   ; dataSize
N88AP_iBoot:4FF01084 018                 MOVS    R2, #1          ; Type
N88AP_iBoot:4FF01086 018                 BL      n88ap__iBoot__MEMZ_STRUCT_INIT ; Branch with Link
N88AP_iBoot:4FF0108A 018                 CBNZ    R0, loc_4FF01090 ; Compare and Branch on Non-Zero
N88AP_iBoot:4FF0108C 018                 LDR     R0, =aMemoryImageCorrupt ; "Memory image corrupt\n"
N88AP_iBoot:4FF0108E 018                 B       loc_4FF010AC    ; Branch
N88AP_iBoot:4FF01090     ; ---------------------------------------------------------------------------
N88AP_iBoot:4FF01090
N88AP_iBoot:4FF01090     loc_4FF01090                            ; CODE XREF: n88ap__iBoot__go_command+4E�j
N88AP_iBoot:4FF01090 018                 MOV.W   R3, #0x43000000 ; Rd = Op2
N88AP_iBoot:4FF01094 018                 LDR     R1, ='ibec'     ; TAG_TYPE
N88AP_iBoot:4FF01096 018                 STR     R3, [SP,#0x18+MemoryPoint] ; Store to Memory
N88AP_iBoot:4FF01098 018                 ADD     R2, SP, #0x18+MemoryPoint ; unknown1
N88AP_iBoot:4FF0109A 018                 MOV.W   R3, #0xF00000   ; Rd = Op2
N88AP_iBoot:4FF0109E 018                 STR     R3, [SP,#0x18+var_18] ; Store to Memory
N88AP_iBoot:4FF010A0 018                 MOV     R3, SP          ; unknown2
N88AP_iBoot:4FF010A2 018                 BL      n88ap__iBoot__image_load ; Branch with Link
N88AP_iBoot:4FF010A6 018                 CMP     R0, #0          ; Set cond. codes on Op1 - Op2
N88AP_iBoot:4FF010A8 018                 BGE     loc_4FF010B2    ; Branch
N88AP_iBoot:4FF010AA 018                 LDR     R0, =aMemoryImageNotValid ; "Memory image not valid\n"
N88AP_iBoot:4FF010AC
N88AP_iBoot:4FF010AC     loc_4FF010AC                            ; CODE XREF: n88ap__iBoot__go_command+40�j
N88AP_iBoot:4FF010AC                                             ; n88ap__iBoot__go_command+52�j
N88AP_iBoot:4FF010AC 018                 BL      N88AP__iBOOT__console_printf ; Branch with Link
N88AP_iBoot:4FF010B0 018                 B       loc_4FF010D4    ; Branch
N88AP_iBoot:4FF010B2     ; ---------------------------------------------------------------------------
N88AP_iBoot:4FF010B2
N88AP_iBoot:4FF010B2     loc_4FF010B2                            ; CODE XREF: n88ap__iBoot__go_command+6C�j
N88AP_iBoot:4FF010B2 018                 LDR     R1, [SP,#0x18+MemoryPoint] ; param_R1
N88AP_iBoot:4FF010B4 018                 LDR     R0, =aJumpingIntoImageAt0x08x ; "jumping into image at 0x%08x\n"
N88AP_iBoot:4FF010B6 018                 BL      N88AP__iBOOT__console_printf ; Branch with Link
N88AP_iBoot:4FF010BA 018                 MOVS    R0, #0          ; Rd = Op2
N88AP_iBoot:4FF010BC 018                 LDR     R1, [SP,#0x18+MemoryPoint] ; Load from Memory
N88AP_iBoot:4FF010BE 018                 MOV     R2, R0          ; Rd = Op2
N88AP_iBoot:4FF010C0 018                 BL      sub_4FF19264    ; Branch with Link
N88AP_iBoot:4FF010C4
N88AP_iBoot:4FF010C4     loc_4FF010C4                            ; CODE XREF: n88ap__iBoot__go_command+1A�j
N88AP_iBoot:4FF010C4 018                 LDR     R0, =aLoadaddr  ; "loadaddr"
N88AP_iBoot:4FF010C6 018                 MOV.W   R1, #0x41000000 ; Rd = Op2
N88AP_iBoot:4FF010CA 018                 BL      sub_4FF1CD88    ; Branch with Link
N88AP_iBoot:4FF010CE 018                 LDR     R3, [R5,#4]     ; Load from Memory
N88AP_iBoot:4FF010D0 018                 STR     R3, [SP,#0x18+MemoryPoint] ; Store to Memory
N88AP_iBoot:4FF010D2 018                 B       loc_4FF0106E    ; Branch
N88AP_iBoot:4FF010D4     ; ---------------------------------------------------------------------------
N88AP_iBoot:4FF010D4
N88AP_iBoot:4FF010D4     loc_4FF010D4                            ; CODE XREF: n88ap__iBoot__go_command+24�j
N88AP_iBoot:4FF010D4                                             ; n88ap__iBoot__go_command+74�j
N88AP_iBoot:4FF010D4 018                 MOV.W   R0, #0xFFFFFFFF ; Rd = Op2
N88AP_iBoot:4FF010D8 018                 SUB.W   SP, R7, #8      ; Rd = Op1 - Op2
N88AP_iBoot:4FF010DC 018                 POP     {R4,R5,R7,PC}   ; Pop registers
N88AP_iBoot:4FF010DC     ; End of function n88ap__iBoot__go_command
N88AP_iBoot:4FF010DC
N88AP_iBoot:4FF010DE     ; ---------------------------------------------------------------------------
N88AP_iBoot:4FF010DE                     NOP                     ; No Operation
N88AP_iBoot:4FF010DE     ; ---------------------------------------------------------------------------
N88AP_iBoot:4FF010E0     off_4FF010E0    DCD aHelp               ; DATA XREF: n88ap__iBoot__go_command+10�r
N88AP_iBoot:4FF010E0                                             ; "help"
N88AP_iBoot:4FF010E4     ; int off_4FF010E4
N88AP_iBoot:4FF010E4     off_4FF010E4    DCD aSAddress           ; DATA XREF: n88ap__iBoot__go_command+1E�r
N88AP_iBoot:4FF010E4                                             ; "%s [<address>]\n"
N88AP_iBoot:4FF010E8     off_4FF010E8    DCD aLoadaddr           ; DATA XREF: n88ap__iBoot__go_command:loc_4FF01062�r
N88AP_iBoot:4FF010E8                                             ; n88ap__iBoot__go_command:loc_4FF010C4�r
N88AP_iBoot:4FF010E8                                             ; "loadaddr"
N88AP_iBoot:4FF010EC     off_4FF010EC    DCD aPermissionDenied   ; DATA XREF: n88ap__iBoot__go_command+3E�r
N88AP_iBoot:4FF010EC                                             ; "Permission Denied\n"
N88AP_iBoot:4FF010F0     ; struct MEMZ_STRUCT *off_4FF010F0
N88AP_iBoot:4FF010F0     off_4FF010F0    DCD aMemoryImageCorrupt ; DATA XREF: n88ap__iBoot__go_command+50�r
N88AP_iBoot:4FF010F0                                             ; "Memory image corrupt\n"
N88AP_iBoot:4FF010F4     ; char *dword_4FF010F4
N88AP_iBoot:4FF010F4     dword_4FF010F4  DCD 'ibec'              ; DATA XREF: n88ap__iBoot__go_command+58�r
N88AP_iBoot:4FF010F8     ; int off_4FF010F8
N88AP_iBoot:4FF010F8     off_4FF010F8    DCD aMemoryImageNotValid
N88AP_iBoot:4FF010F8                                             ; DATA XREF: n88ap__iBoot__go_command+6E�r
N88AP_iBoot:4FF010F8                                             ; "Memory image not valid\n"
N88AP_iBoot:4FF010FC     ; int off_4FF010FC
N88AP_iBoot:4FF010FC     off_4FF010FC    DCD aJumpingIntoImageAt0x08x
N88AP_iBoot:4FF010FC                                             ; DATA XREF: n88ap__iBoot__go_command+78�r
N88AP_iBoot:4FF010FC                                             ; "jumping into image at 0x%08x\n"
N88AP_iBoot:4FF01100