The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Go (iBoot command)"
(New page: == iPhone 3GS 8920x from iBoot-636.66 == ==Disassembly== <pre> N88AP_iBoot:4FF0103C ; =============== S U B R O U T I N E ======================================= N88AP_iBoot:4FF0103C ...) |
(Added the more updated 5.1b3 version) |
||
Line 1: | Line 1: | ||
+ | == iPad 1 from iBoot-1219.62.8 (5.1b3) == |
||
+ | |||
+ | <pre> |
||
+ | ROM:5FF010E4 _go_command ; DATA XREF: ROM:5FF2A878�o |
||
+ | ROM:5FF010E4 |
||
+ | ROM:5FF010E4 var_10 = -0x10 |
||
+ | ROM:5FF010E4 var_C = -0xC |
||
+ | ROM:5FF010E4 |
||
+ | ROM:5FF010E4 PUSH {R7,LR} ; Save return address on stack. Save R7 |
||
+ | ROM:5FF010E6 MOV R7, SP ; R7 holds current stack pointer |
||
+ | ROM:5FF010E8 SUB SP, SP, #0x10 ; And stack reserves 16 bytes |
||
+ | ROM:5FF010EA MOV.W R0, #0x44000000 |
||
+ | ROM:5FF010EE MOV.W R1, #0x3F00000 |
||
+ | ROM:5FF010F2 STR R0, [SP,#0x18+var_C] |
||
+ | ROM:5FF010F4 MOV.W R0, #0x40000000 |
||
+ | ROM:5FF010F8 STR R1, [SP,#0x18+var_10] |
||
+ | ROM:5FF010FA BL sub_5FF163D4 ; Check if this is allowed |
||
+ | ROM:5FF010FE CBNZ R0, allowed |
||
+ | ROM:5FF01100 LDR R0, =aPermissionDenied ; "Permission Denied\n" ; 0x5FF233C4, in case you're interested |
||
+ | ROM:5FF01102 B exit |
||
+ | ROM:5FF01104 ; --------------------------------------------------------------------------- |
||
+ | ROM:5FF01104 |
||
+ | ROM:5FF01104 allowed: ; CODE XREF: _go_command+1A�j |
||
+ | ROM:5FF01104 MOVW R2, #0x6563 ; "ec" |
||
+ | ROM:5FF01108 MOVS R3, #1 |
||
+ | ROM:5FF0110A MOVT.W R2, #0x6962 ; "bi" |
||
+ | ROM:5FF0110E LDR R1, [SP,#0x18+var_10] |
||
+ | ROM:5FF01110 STRD.W R2, R3, [SP] |
||
+ | ROM:5FF01114 ADD R2, SP, #0x18+var_C |
||
+ | ROM:5FF01116 MOV.W R0, #0x40000000 |
||
+ | ROM:5FF0111A ADD R3, SP, #0x18+var_10 |
||
+ | ROM:5FF0111C BL sub_5FF19AB8 ; Check if can jump |
||
+ | ROM:5FF01120 CBZ R0, can_jump ; if previous function returned 0, goto |
||
+ | ROM:5FF01122 LDR R0, =aMemoryImageNotVa ; "Memory image not valid\n" |
||
+ | ROM:5FF01124 |
||
+ | ROM:5FF01124 exit: ; CODE XREF: _go_command+1E�j |
||
+ | ROM:5FF01124 BL _console_printf_probably |
||
+ | ROM:5FF01128 MOV.W R0, #0xFFFFFFFF |
||
+ | ROM:5FF0112C ADD SP, SP, #0x10 |
||
+ | ROM:5FF0112E POP {R7,PC} |
||
+ | ROM:5FF01130 ; --------------------------------------------------------------------------- |
||
+ | ROM:5FF01130 |
||
+ | ROM:5FF01130 can_jump ; CODE XREF: _go_command+3C�j |
||
+ | ROM:5FF01130 LDR R1, [SP,#0x18+var_C] |
||
+ | ROM:5FF01132 LDR R0, =aJumpingIntoImage ; "jumping into image at 0x%08x\n" |
||
+ | ROM:5FF01134 BL _console_printf_probably |
||
+ | ROM:5FF01138 MOVS R0, #0 |
||
+ | ROM:5FF0113A LDR R1, [SP,#0x18+var_C] |
||
+ | ROM:5FF0113C MOV R2, R0 |
||
+ | ROM:5FF0113E BL do_jump |
||
+ | ROM:5FF0113E ; End of function _go_command |
||
+ | ROM:5FF0113E |
||
+ | ROM:5FF01142 NOP |
||
+ | ROM:5FF01142 ; --------------------------------------------------------------------------- |
||
+ | ROM:5FF01144 off_5FF01144 DCD aMemoryImageNotVa ; DATA XREF: _go_command+3E�r |
||
+ | ROM:5FF01144 ; "Memory image not valid\n" |
||
+ | ROM:5FF01148 off_5FF01148 DCD aJumpingIntoImage ; DATA XREF: _go_command+4E�r |
||
+ | ROM:5FF01148 ; "jumping into image at 0x%08x\n" |
||
+ | ROM:5FF0114C off_5FF0114C DCD aPermissionDenied ; DATA XREF: _go_command+1C�r |
||
+ | ROM:5FF0114C ; "Permission Denied\n" |
||
+ | ROM:5FF01150 |
||
+ | </pre> |
||
+ | |||
== iPhone 3GS 8920x from iBoot-636.66 == |
== iPhone 3GS 8920x from iBoot-636.66 == |
||
Revision as of 21:44, 5 March 2012
iPad 1 from iBoot-1219.62.8 (5.1b3)
ROM:5FF010E4 _go_command ; DATA XREF: ROM:5FF2A878�o ROM:5FF010E4 ROM:5FF010E4 var_10 = -0x10 ROM:5FF010E4 var_C = -0xC ROM:5FF010E4 ROM:5FF010E4 PUSH {R7,LR} ; Save return address on stack. Save R7 ROM:5FF010E6 MOV R7, SP ; R7 holds current stack pointer ROM:5FF010E8 SUB SP, SP, #0x10 ; And stack reserves 16 bytes ROM:5FF010EA MOV.W R0, #0x44000000 ROM:5FF010EE MOV.W R1, #0x3F00000 ROM:5FF010F2 STR R0, [SP,#0x18+var_C] ROM:5FF010F4 MOV.W R0, #0x40000000 ROM:5FF010F8 STR R1, [SP,#0x18+var_10] ROM:5FF010FA BL sub_5FF163D4 ; Check if this is allowed ROM:5FF010FE CBNZ R0, allowed ROM:5FF01100 LDR R0, =aPermissionDenied ; "Permission Denied\n" ; 0x5FF233C4, in case you're interested ROM:5FF01102 B exit ROM:5FF01104 ; --------------------------------------------------------------------------- ROM:5FF01104 ROM:5FF01104 allowed: ; CODE XREF: _go_command+1A�j ROM:5FF01104 MOVW R2, #0x6563 ; "ec" ROM:5FF01108 MOVS R3, #1 ROM:5FF0110A MOVT.W R2, #0x6962 ; "bi" ROM:5FF0110E LDR R1, [SP,#0x18+var_10] ROM:5FF01110 STRD.W R2, R3, [SP] ROM:5FF01114 ADD R2, SP, #0x18+var_C ROM:5FF01116 MOV.W R0, #0x40000000 ROM:5FF0111A ADD R3, SP, #0x18+var_10 ROM:5FF0111C BL sub_5FF19AB8 ; Check if can jump ROM:5FF01120 CBZ R0, can_jump ; if previous function returned 0, goto ROM:5FF01122 LDR R0, =aMemoryImageNotVa ; "Memory image not valid\n" ROM:5FF01124 ROM:5FF01124 exit: ; CODE XREF: _go_command+1E�j ROM:5FF01124 BL _console_printf_probably ROM:5FF01128 MOV.W R0, #0xFFFFFFFF ROM:5FF0112C ADD SP, SP, #0x10 ROM:5FF0112E POP {R7,PC} ROM:5FF01130 ; --------------------------------------------------------------------------- ROM:5FF01130 ROM:5FF01130 can_jump ; CODE XREF: _go_command+3C�j ROM:5FF01130 LDR R1, [SP,#0x18+var_C] ROM:5FF01132 LDR R0, =aJumpingIntoImage ; "jumping into image at 0x%08x\n" ROM:5FF01134 BL _console_printf_probably ROM:5FF01138 MOVS R0, #0 ROM:5FF0113A LDR R1, [SP,#0x18+var_C] ROM:5FF0113C MOV R2, R0 ROM:5FF0113E BL do_jump ROM:5FF0113E ; End of function _go_command ROM:5FF0113E ROM:5FF01142 NOP ROM:5FF01142 ; --------------------------------------------------------------------------- ROM:5FF01144 off_5FF01144 DCD aMemoryImageNotVa ; DATA XREF: _go_command+3E�r ROM:5FF01144 ; "Memory image not valid\n" ROM:5FF01148 off_5FF01148 DCD aJumpingIntoImage ; DATA XREF: _go_command+4E�r ROM:5FF01148 ; "jumping into image at 0x%08x\n" ROM:5FF0114C off_5FF0114C DCD aPermissionDenied ; DATA XREF: _go_command+1C�r ROM:5FF0114C ; "Permission Denied\n" ROM:5FF01150
iPhone 3GS 8920x from iBoot-636.66
Disassembly
N88AP_iBoot:4FF0103C ; =============== S U B R O U T I N E ======================================= N88AP_iBoot:4FF0103C N88AP_iBoot:4FF0103C ; Attributes: bp-based frame N88AP_iBoot:4FF0103C N88AP_iBoot:4FF0103C n88ap__iBoot__go_command ; DATA XREF: N88AP_iBoot:n88ap__iBoot__go�o N88AP_iBoot:4FF0103C N88AP_iBoot:4FF0103C var_18 = -0x18 N88AP_iBoot:4FF0103C MemoryPoint = -0x14 N88AP_iBoot:4FF0103C N88AP_iBoot:4FF0103C 000 PUSH {R4,R5,R7,LR} ; Push registers N88AP_iBoot:4FF0103E 010 ADD R7, SP, #8 ; Rd = Op1 + Op2 N88AP_iBoot:4FF01040 010 SUB SP, SP, #8 ; Rd = Op1 - Op2 N88AP_iBoot:4FF01042 018 CMP R0, #1 ; Set cond. codes on Op1 - Op2 N88AP_iBoot:4FF01044 018 MOV R4, R1 ; Rd = Op2 N88AP_iBoot:4FF01046 018 BLE loc_4FF01062 ; Branch N88AP_iBoot:4FF01048 018 ADD.W R5, R1, #0x14 ; Rd = Op1 + Op2 N88AP_iBoot:4FF0104C 018 LDR R0, =aHelp ; "help" N88AP_iBoot:4FF0104E 018 LDR R1, [R1,#0x24] ; Load from Memory N88AP_iBoot:4FF01050 018 BL sub_4FF1ECA0 ; Branch with Link N88AP_iBoot:4FF01054 018 CMP R0, #0 ; Set cond. codes on Op1 - Op2 N88AP_iBoot:4FF01056 018 BNE loc_4FF010C4 ; Branch N88AP_iBoot:4FF01058 018 LDR R1, [R4,#0x10] ; param_R1 N88AP_iBoot:4FF0105A 018 LDR R0, =aSAddress ; "%s [<address>]\n" N88AP_iBoot:4FF0105C 018 BL N88AP__iBOOT__console_printf ; Branch with Link N88AP_iBoot:4FF01060 018 B loc_4FF010D4 ; Branch N88AP_iBoot:4FF01062 ; --------------------------------------------------------------------------- N88AP_iBoot:4FF01062 N88AP_iBoot:4FF01062 loc_4FF01062 ; CODE XREF: n88ap__iBoot__go_command+A�j N88AP_iBoot:4FF01062 018 LDR R0, =aLoadaddr ; "loadaddr" N88AP_iBoot:4FF01064 018 MOV.W R1, #0x41000000 ; Rd = Op2 N88AP_iBoot:4FF01068 018 BL sub_4FF1CD88 ; Branch with Link N88AP_iBoot:4FF0106C 018 STR R0, [SP,#0x18+MemoryPoint] ; Store to Memory N88AP_iBoot:4FF0106E N88AP_iBoot:4FF0106E loc_4FF0106E ; CODE XREF: n88ap__iBoot__go_command+96�j N88AP_iBoot:4FF0106E 018 LDR R0, [SP,#0x18+MemoryPoint] ; Load from Memory N88AP_iBoot:4FF01070 018 MOV.W R1, #0xF00000 ; Rd = Op2 N88AP_iBoot:4FF01074 018 BL sub_4FF1A038 ; Branch with Link N88AP_iBoot:4FF01078 018 CBNZ R0, loc_4FF0107E ; Compare and Branch on Non-Zero N88AP_iBoot:4FF0107A 018 LDR R0, =aPermissionDenied ; "Permission Denied\n" N88AP_iBoot:4FF0107C 018 B loc_4FF010AC ; Branch N88AP_iBoot:4FF0107E ; --------------------------------------------------------------------------- N88AP_iBoot:4FF0107E N88AP_iBoot:4FF0107E loc_4FF0107E ; CODE XREF: n88ap__iBoot__go_command+3C�j N88AP_iBoot:4FF0107E 018 LDR R0, [SP,#0x18+MemoryPoint] ; StartAddress N88AP_iBoot:4FF01080 018 MOV.W R1, #0xF00000 ; dataSize N88AP_iBoot:4FF01084 018 MOVS R2, #1 ; Type N88AP_iBoot:4FF01086 018 BL n88ap__iBoot__MEMZ_STRUCT_INIT ; Branch with Link N88AP_iBoot:4FF0108A 018 CBNZ R0, loc_4FF01090 ; Compare and Branch on Non-Zero N88AP_iBoot:4FF0108C 018 LDR R0, =aMemoryImageCorrupt ; "Memory image corrupt\n" N88AP_iBoot:4FF0108E 018 B loc_4FF010AC ; Branch N88AP_iBoot:4FF01090 ; --------------------------------------------------------------------------- N88AP_iBoot:4FF01090 N88AP_iBoot:4FF01090 loc_4FF01090 ; CODE XREF: n88ap__iBoot__go_command+4E�j N88AP_iBoot:4FF01090 018 MOV.W R3, #0x43000000 ; Rd = Op2 N88AP_iBoot:4FF01094 018 LDR R1, ='ibec' ; TAG_TYPE N88AP_iBoot:4FF01096 018 STR R3, [SP,#0x18+MemoryPoint] ; Store to Memory N88AP_iBoot:4FF01098 018 ADD R2, SP, #0x18+MemoryPoint ; unknown1 N88AP_iBoot:4FF0109A 018 MOV.W R3, #0xF00000 ; Rd = Op2 N88AP_iBoot:4FF0109E 018 STR R3, [SP,#0x18+var_18] ; Store to Memory N88AP_iBoot:4FF010A0 018 MOV R3, SP ; unknown2 N88AP_iBoot:4FF010A2 018 BL n88ap__iBoot__image_load ; Branch with Link N88AP_iBoot:4FF010A6 018 CMP R0, #0 ; Set cond. codes on Op1 - Op2 N88AP_iBoot:4FF010A8 018 BGE loc_4FF010B2 ; Branch N88AP_iBoot:4FF010AA 018 LDR R0, =aMemoryImageNotValid ; "Memory image not valid\n" N88AP_iBoot:4FF010AC N88AP_iBoot:4FF010AC loc_4FF010AC ; CODE XREF: n88ap__iBoot__go_command+40�j N88AP_iBoot:4FF010AC ; n88ap__iBoot__go_command+52�j N88AP_iBoot:4FF010AC 018 BL N88AP__iBOOT__console_printf ; Branch with Link N88AP_iBoot:4FF010B0 018 B loc_4FF010D4 ; Branch N88AP_iBoot:4FF010B2 ; --------------------------------------------------------------------------- N88AP_iBoot:4FF010B2 N88AP_iBoot:4FF010B2 loc_4FF010B2 ; CODE XREF: n88ap__iBoot__go_command+6C�j N88AP_iBoot:4FF010B2 018 LDR R1, [SP,#0x18+MemoryPoint] ; param_R1 N88AP_iBoot:4FF010B4 018 LDR R0, =aJumpingIntoImageAt0x08x ; "jumping into image at 0x%08x\n" N88AP_iBoot:4FF010B6 018 BL N88AP__iBOOT__console_printf ; Branch with Link N88AP_iBoot:4FF010BA 018 MOVS R0, #0 ; Rd = Op2 N88AP_iBoot:4FF010BC 018 LDR R1, [SP,#0x18+MemoryPoint] ; Load from Memory N88AP_iBoot:4FF010BE 018 MOV R2, R0 ; Rd = Op2 N88AP_iBoot:4FF010C0 018 BL sub_4FF19264 ; Branch with Link N88AP_iBoot:4FF010C4 N88AP_iBoot:4FF010C4 loc_4FF010C4 ; CODE XREF: n88ap__iBoot__go_command+1A�j N88AP_iBoot:4FF010C4 018 LDR R0, =aLoadaddr ; "loadaddr" N88AP_iBoot:4FF010C6 018 MOV.W R1, #0x41000000 ; Rd = Op2 N88AP_iBoot:4FF010CA 018 BL sub_4FF1CD88 ; Branch with Link N88AP_iBoot:4FF010CE 018 LDR R3, [R5,#4] ; Load from Memory N88AP_iBoot:4FF010D0 018 STR R3, [SP,#0x18+MemoryPoint] ; Store to Memory N88AP_iBoot:4FF010D2 018 B loc_4FF0106E ; Branch N88AP_iBoot:4FF010D4 ; --------------------------------------------------------------------------- N88AP_iBoot:4FF010D4 N88AP_iBoot:4FF010D4 loc_4FF010D4 ; CODE XREF: n88ap__iBoot__go_command+24�j N88AP_iBoot:4FF010D4 ; n88ap__iBoot__go_command+74�j N88AP_iBoot:4FF010D4 018 MOV.W R0, #0xFFFFFFFF ; Rd = Op2 N88AP_iBoot:4FF010D8 018 SUB.W SP, R7, #8 ; Rd = Op1 - Op2 N88AP_iBoot:4FF010DC 018 POP {R4,R5,R7,PC} ; Pop registers N88AP_iBoot:4FF010DC ; End of function n88ap__iBoot__go_command N88AP_iBoot:4FF010DC N88AP_iBoot:4FF010DE ; --------------------------------------------------------------------------- N88AP_iBoot:4FF010DE NOP ; No Operation N88AP_iBoot:4FF010DE ; --------------------------------------------------------------------------- N88AP_iBoot:4FF010E0 off_4FF010E0 DCD aHelp ; DATA XREF: n88ap__iBoot__go_command+10�r N88AP_iBoot:4FF010E0 ; "help" N88AP_iBoot:4FF010E4 ; int off_4FF010E4 N88AP_iBoot:4FF010E4 off_4FF010E4 DCD aSAddress ; DATA XREF: n88ap__iBoot__go_command+1E�r N88AP_iBoot:4FF010E4 ; "%s [<address>]\n" N88AP_iBoot:4FF010E8 off_4FF010E8 DCD aLoadaddr ; DATA XREF: n88ap__iBoot__go_command:loc_4FF01062�r N88AP_iBoot:4FF010E8 ; n88ap__iBoot__go_command:loc_4FF010C4�r N88AP_iBoot:4FF010E8 ; "loadaddr" N88AP_iBoot:4FF010EC off_4FF010EC DCD aPermissionDenied ; DATA XREF: n88ap__iBoot__go_command+3E�r N88AP_iBoot:4FF010EC ; "Permission Denied\n" N88AP_iBoot:4FF010F0 ; struct MEMZ_STRUCT *off_4FF010F0 N88AP_iBoot:4FF010F0 off_4FF010F0 DCD aMemoryImageCorrupt ; DATA XREF: n88ap__iBoot__go_command+50�r N88AP_iBoot:4FF010F0 ; "Memory image corrupt\n" N88AP_iBoot:4FF010F4 ; char *dword_4FF010F4 N88AP_iBoot:4FF010F4 dword_4FF010F4 DCD 'ibec' ; DATA XREF: n88ap__iBoot__go_command+58�r N88AP_iBoot:4FF010F8 ; int off_4FF010F8 N88AP_iBoot:4FF010F8 off_4FF010F8 DCD aMemoryImageNotValid N88AP_iBoot:4FF010F8 ; DATA XREF: n88ap__iBoot__go_command+6E�r N88AP_iBoot:4FF010F8 ; "Memory image not valid\n" N88AP_iBoot:4FF010FC ; int off_4FF010FC N88AP_iBoot:4FF010FC off_4FF010FC DCD aJumpingIntoImageAt0x08x N88AP_iBoot:4FF010FC ; DATA XREF: n88ap__iBoot__go_command+78�r N88AP_iBoot:4FF010FC ; "jumping into image at 0x%08x\n" N88AP_iBoot:4FF01100