[S-OFF]Development

sub_ROM_25AF8
sub_ROM_25AF8      ; =============== S U B R O U T I N E =======================================
sub_ROM_25AF8
sub_ROM_25AF8
sub_ROM_25AF8      sub_ROM_25AF8                           ; CODE XREF: sub_ROM_16BB4+26
sub_ROM_25AF8
sub_ROM_25AF8      var_3C          = -0x3C
sub_ROM_25AF8      var_28          = -0x28
sub_ROM_25AF8      var_20          = -0x20
sub_ROM_25AF8      var_1C          = -0x1C
sub_ROM_25AF8
sub_ROM_25AF8      PUSH.W  {R4-R8,LR}
sub_ROM_25AF8+4    LDR     R4, =(unk_ROM_1D30B4 - 0x25B06) ; *** R4 = 0x1AD5AE
sub_ROM_25AF8+6    LDR     R1, =0xFFFFFA5C
sub_ROM_25AF8+8    SUB     SP, SP, #0x28
sub_ROM_25AF8+A    ADD     R4, PC                ; *** This is ROM location 0x25B02
                                                 ; *** so I think PC is 0x25B04 now
                                                 ; *** so R4 = 0x1AD5AE + 0x25B04 = 0x1D30B2
sub_ROM_25AF8+C    MOVS    R0, #0
sub_ROM_25AF8+E    ADD     R2, SP, #0x40+var_20
sub_ROM_25AF8+10   STR     R0, [SP,#0x40+var_1C] ; *** Init [SP,#0x40+var_1C] to 0
sub_ROM_25AF8+12   STR     R0, [SP,#0x40+var_20]
sub_ROM_25AF8+14   LDR     R0, [R4,R1]
sub_ROM_25AF8+16   ADD     R1, SP, #0x40+var_1C
sub_ROM_25AF8+18   BL      loc_ROM_290AC         ; *** This must potentially change [SP,#0x40+var_1C]
                                                 ; *** It must also set R0, which is used at loc_ROM_25B38
                                                 ; *** to decide if we branch to loc_ROM_25B4E.
sub_ROM_25AF8+1C   LDR     R3, [SP,#0x40+var_1C]
sub_ROM_25AF8+1E   MOV     R5, R0
sub_ROM_25AF8+20   CBNZ    R3, loc_ROM_25B38     ; *** Branch if [SP,#0x40+var_1C] != 0
sub_ROM_25AF8+22   LDR     R2, =0xFFFFFA70
sub_ROM_25AF8+24   LDR     R7, [R4,R2]           ; *** R4 + R2 = 0x1D30B2 + 0xFFFFFA70 = 0x1001D2B22 = 0x1D2B22
                                                 ; *** (assumes I used the correct value for PC at sub_ROM_25AF8+A)
                                                 ; *** R7 = [0x1D2B22]
sub_ROM_25AF8+26   LDR     R6, [R7]
sub_ROM_25AF8+28   CBNZ    R6, loc_ROM_25B38
sub_ROM_25AF8+2A   MOV     R0, R6
sub_ROM_25AF8+2C   BL      sub_ROM_2740C
sub_ROM_25AF8+30   MOV     R0, R7
sub_ROM_25AF8+32   MOV     R1, R6
sub_ROM_25AF8+34   MOV     R2, R6
sub_ROM_25AF8+36   BL      sub_ROM_339C8         ; *** This routine must set R0, which determines if
                                                 ; *** we will branch to loc_ROM_25B4E
sub_ROM_25AF8+3A   MOV     R5, R0
sub_ROM_25AF8+3C   CBZ     R0, loc_ROM_25B4E
sub_ROM_25AF8+3E   B       loc_ROM_25C3E
sub_ROM_25AF8+40   ; ---------------------------------------------------------------------------
sub_ROM_25AF8+40
sub_ROM_25AF8+40   loc_ROM_25B38                           ; CODE XREF: sub_ROM_25AF8+20
sub_ROM_25AF8+40                                           ; sub_ROM_25AF8+28
sub_ROM_25AF8+40                   CMP     R5, #1
sub_ROM_25AF8+42                   BNE     loc_ROM_25B4E
sub_ROM_25AF8+44                   LDR     R0, =0x989680
sub_ROM_25AF8+46                   BLX     loc_ROM_96E90
sub_ROM_25AF8+4A                   LDR     R0, =(aLoadOsNowViaJt - 0x25B48)
sub_ROM_25AF8+4C                   ADD     R0, PC          ; "Load OS now via JTAG backdoor....\r\n"
sub_ROM_25AF8+4E                   BLX     loc_ROM_97CB4
sub_ROM_25AF8+52                   BL      nullsub_1
sub_ROM_25AF8+56
sub_ROM_25AF8+56   loc_ROM_25B4E                           ; CODE XREF: sub_ROM_25AF8+3C
sub_ROM_25AF8+56                                           ; sub_ROM_25AF8+42
sub_ROM_25AF8+56                   LDR     R0, =(aPlatformPreBoo - 0x25B54)
sub_ROM_25AF8+58                   ADD     R0, PC          ; "Platform Pre Boot configuration...\n"
sub_ROM_25AF8+5A                   BL      sub_ROM_25F40
sub_ROM_25AF8+5E                   MOVS    R0, #0
sub_ROM_25AF8+60                   BLX     sub_ROM_9112C
sub_ROM_25AF8+64                   CMP     R0, #0
sub_ROM_25AF8+66                   BEQ     loc_ROM_25C3E
sub_ROM_25AF8+68                   LDR.W   R12, =0x1F3CBA
sub_ROM_25AF8+6C                   LDR     R1, [SP,#0x40+var_20]
sub_ROM_25AF8+6E                   ADD     R12, PC
sub_ROM_25AF8+70                   LDR     R3, [SP,#0x40+var_1C]
sub_ROM_25AF8+72                   STR.W   R1, [R12]
sub_ROM_25AF8+76                   CBZ     R3, loc_ROM_25B8E
sub_ROM_25AF8+78                   LDR     R0, =(aEnteringNvflas - 0x25B76)
sub_ROM_25AF8+7A                   ADD     R0, PC          ; "Entering NvFlash recovery mode / Nv3p S"...
sub_ROM_25AF8+7C                   BL      sub_ROM_25F40
sub_ROM_25AF8+80                   MOVS    R0, #1
sub_ROM_25AF8+82                   BL      sub_ROM_2740C
sub_ROM_25AF8+86                   LDR     R0, =0xFFFFFA5C
sub_ROM_25AF8+88                   LDR     R5, [R4,R0]
sub_ROM_25AF8+8A                   LDR     R0, [R5]
sub_ROM_25AF8+8C                   BL      sub_ROM_29400
sub_ROM_25AF8+90                   MOV     R5, R0
sub_ROM_25AF8+92                   CMP     R0, #0
sub_ROM_25AF8+94                   BNE     loc_ROM_25C3E
sub_ROM_25AF8+96
sub_ROM_25AF8+96   loc_ROM_25B8E                           ; CODE XREF: sub_ROM_25AF8+76
sub_ROM_25AF8+96                   LDR     R2, =0x1F3C90
sub_ROM_25AF8+98                   ADD     R2, PC
sub_ROM_25AF8+9A                   LDR     R2, [R2]
sub_ROM_25AF8+9C                   CMP     R2, #0x12
sub_ROM_25AF8+9E                   BNE     loc_ROM_25BAC
sub_ROM_25AF8+A0                   LDR.W   LR, =0xFFFFFA5C
sub_ROM_25AF8+A4                   LDR.W   R3, [R4,LR]
sub_ROM_25AF8+A8                   LDR     R0, [R3]
sub_ROM_25AF8+AA                   BL      sub_ROM_2A638
sub_ROM_25AF8+AE                   MOV     R5, R0
sub_ROM_25AF8+B0                   CMP     R0, #0
sub_ROM_25AF8+B2                   BNE     loc_ROM_25C3E
sub_ROM_25AF8+B4
sub_ROM_25AF8+B4   loc_ROM_25BAC                           ; CODE XREF: sub_ROM_25AF8+9E
sub_ROM_25AF8+B4                   BLX     sub_ROM_9111C
sub_ROM_25AF8+B8                   LDR.W   R12, =(loc_ROM_1D24D0 - 0x25BBA)
sub_ROM_25AF8+BC                   ADD     R7, SP, #0x40+var_3C
sub_ROM_25AF8+BE                   ADD     R12, PC
sub_ROM_25AF8+C0                   MOV     R6, R0
sub_ROM_25AF8+C2                   LDMIA.W R12!, {R0-R3}
sub_ROM_25AF8+C6                   STMIA   R7!, {R0-R3}
sub_ROM_25AF8+C8                   LDR.W   R1, [R12]
sub_ROM_25AF8+CC                   STR     R1, [R7]
sub_ROM_25AF8+CE                   CBNZ    R6, loc_ROM_25BD2
sub_ROM_25AF8+D0                   LDR     R3, =0x1F3B0C
sub_ROM_25AF8+D2                   LDR     R2, =(unk_ROM_1D9118 - 0x25BD2)
sub_ROM_25AF8+D4                   ADD     R3, PC
sub_ROM_25AF8+D6                   ADD     R2, PC
sub_ROM_25AF8+D8                   B       loc_ROM_25C26
sub_ROM_25AF8+DA   ; ---------------------------------------------------------------------------
sub_ROM_25AF8+DA
sub_ROM_25AF8+DA   loc_ROM_25BD2                           ; CODE XREF: sub_ROM_25AF8+CE
sub_ROM_25AF8+DA                   LDR     R7, =(unk_ROM_1D9134 - 0x25BDC)
sub_ROM_25AF8+DC                   MOV     R0, R6
sub_ROM_25AF8+DE                   MOVS    R2, #4
sub_ROM_25AF8+E0                   ADD     R7, PC
sub_ROM_25AF8+E2                   LDR     R1, [R7]
sub_ROM_25AF8+E4                   BLX     loc_ROM_96B7C
sub_ROM_25AF8+E8                   CBZ     R0, loc_ROM_25BE6
sub_ROM_25AF8+EA                   MOV     R8, SP
sub_ROM_25AF8+EC                   B       loc_ROM_25C16
sub_ROM_25AF8+EE   ; ---------------------------------------------------------------------------
sub_ROM_25AF8+EE
sub_ROM_25AF8+EE   loc_ROM_25BE6                           ; CODE XREF: sub_ROM_25AF8+E8
sub_ROM_25AF8+EE                   MOVW    R0, #0xC06
sub_ROM_25AF8+F2                   ADD     R1, SP, #0x40+var_28
sub_ROM_25AF8+F4                   BLX     loc_ROM_91608
sub_ROM_25AF8+F8                   CBZ     R0, loc_ROM_25BFC
sub_ROM_25AF8+FA                   LDR     R3, =0x1F3AE2
sub_ROM_25AF8+FC                   LDR     R2, =(unk_ROM_1D9124 - 0x25BFC)
sub_ROM_25AF8+FE                   ADD     R3, PC
sub_ROM_25AF8+100                  ADD     R2, PC
sub_ROM_25AF8+102                  B       loc_ROM_25C26
sub_ROM_25AF8+104  ; ---------------------------------------------------------------------------
sub_ROM_25AF8+104
sub_ROM_25AF8+104  loc_ROM_25BFC                           ; CODE XREF: sub_ROM_25AF8+F8
sub_ROM_25AF8+104                  LDR     R3, =0x1F3ADA
sub_ROM_25AF8+106                  ADD     R3, PC
sub_ROM_25AF8+108                  B       loc_ROM_25C12
sub_ROM_25AF8+10A  ; ---------------------------------------------------------------------------
sub_ROM_25AF8+10A
sub_ROM_25AF8+10A  loc_ROM_25C02                           ; CODE XREF: sub_ROM_25AF8+124
sub_ROM_25AF8+10A                  MOV     R0, R6
sub_ROM_25AF8+10C                  LDR     R1, [R7]
sub_ROM_25AF8+10E                  MOVS    R2, #4
sub_ROM_25AF8+110                  BLX     loc_ROM_96B7C
sub_ROM_25AF8+114                  CBNZ    R0, loc_ROM_25C16
sub_ROM_25AF8+116                  LDR     R3, =0x1F3AC8
sub_ROM_25AF8+118                  ADD     R3, PC
sub_ROM_25AF8+11A
sub_ROM_25AF8+11A  loc_ROM_25C12                           ; CODE XREF: sub_ROM_25AF8+108
sub_ROM_25AF8+11A                  STR     R7, [R3]
sub_ROM_25AF8+11C                  B       loc_ROM_25C28
sub_ROM_25AF8+11E  ; ---------------------------------------------------------------------------
sub_ROM_25AF8+11E
sub_ROM_25AF8+11E  loc_ROM_25C16                           ; CODE XREF: sub_ROM_25AF8+EC
sub_ROM_25AF8+11E                                          ; sub_ROM_25AF8+114
sub_ROM_25AF8+11E                  LDR.W   R7, [R8,#4]!
sub_ROM_25AF8+122                  CMP     R7, #0
sub_ROM_25AF8+124                  BNE     loc_ROM_25C02
sub_ROM_25AF8+126                  LDR     R3, =0x1F3AB6
sub_ROM_25AF8+128                  LDR     R2, =(unk_ROM_1D9118 - 0x25C28)
sub_ROM_25AF8+12A                  ADD     R3, PC
sub_ROM_25AF8+12C                  ADD     R2, PC
sub_ROM_25AF8+12E
sub_ROM_25AF8+12E  loc_ROM_25C26                           ; CODE XREF: sub_ROM_25AF8+D8
sub_ROM_25AF8+12E                                          ; sub_ROM_25AF8+102
sub_ROM_25AF8+12E                  STR     R2, [R3]
sub_ROM_25AF8+130
sub_ROM_25AF8+130  loc_ROM_25C28                           ; CODE XREF: sub_ROM_25AF8+11C
sub_ROM_25AF8+130                  LDR     R2, =0xFFFFFADC
sub_ROM_25AF8+132                  MOVS    R1, #0
sub_ROM_25AF8+134                  LDR.W   LR, =0xFFFFF9F0
sub_ROM_25AF8+138                  LDR     R3, =0xFFFFFAE0
sub_ROM_25AF8+13A                  LDR     R0, [R4,R2]
sub_ROM_25AF8+13C                  LDR.W   R2, [R4,LR]
sub_ROM_25AF8+140                  LDR     R3, [R4,R3]
sub_ROM_25AF8+142                  BL      sub_ROM_27CFC
sub_ROM_25AF8+146
sub_ROM_25AF8+146  loc_ROM_25C3E                           ; CODE XREF: sub_ROM_25AF8+3E
sub_ROM_25AF8+146                                          ; sub_ROM_25AF8+66 ...
sub_ROM_25AF8+146                  MOV     R0, R5
sub_ROM_25AF8+148                  ADD     SP, SP, #0x28
sub_ROM_25AF8+14A                  POP.W   {R4-R8,PC}
sub_ROM_25AF8+14A  ; End of function sub_ROM_25AF8
sub_ROM_25AF8+14A
sub_ROM_25AF8+14A  ; ---------------------------------------------------------------------------
ROM:00025C46                 DCB    0
ROM:00025C47                 DCB 0xBF ; +
ROM:00025C48 dword_ROM_25C48 DCD 0x989680            ; DATA XREF: sub_ROM_25AF8+44
ROM:00025C4C off_ROM_25C4C   DCD unk_ROM_1D30B4 - 0x25B06 ; DATA XREF: sub_ROM_25AF8+4
ROM:00025C50 dword_ROM_25C50 DCD 0xFFFFFA5C          ; DATA XREF: sub_ROM_25AF8+6
ROM:00025C50                                         ; sub_ROM_25AF8+86 ...
ROM:00025C54 dword_ROM_25C54 DCD 0xFFFFFA70          ; DATA XREF: sub_ROM_25AF8+22
ROM:00025C58 off_ROM_25C58   DCD aLoadOsNowViaJt - 0x25B48 ; DATA XREF: sub_ROM_25AF8+4A
ROM:00025C58                                         ; "Load OS now via JTAG backdoor....\r\n"
ROM:00025C5C off_ROM_25C5C   DCD aPlatformPreBoo - 0x25B54
ROM:00025C5C                                         ; DATA XREF: sub_ROM_25AF8:loc_ROM_25B4E
ROM:00025C5C                                         ; "Platform Pre Boot configuration...\n"
ROM:00025C60 off_ROM_25C60   DCD 0x1F3CBA            ; DATA XREF: sub_ROM_25AF8+68
ROM:00025C64 off_ROM_25C64   DCD aEnteringNvflas - 0x25B76 ; DATA XREF: sub_ROM_25AF8+78
ROM:00025C64                                         ; "Entering NvFlash recovery mode / Nv3p S"...
ROM:00025C68 off_ROM_25C68   DCD 0x1F3C90            ; DATA XREF: sub_ROM_25AF8:loc_ROM_25B8E
ROM:00025C6C off_ROM_25C6C   DCD loc_ROM_1D24D0 - 0x25BBA ; DATA XREF: sub_ROM_25AF8+B8
ROM:00025C70 off_ROM_25C70   DCD 0x1F3B0C            ; DATA XREF: sub_ROM_25AF8+D0
ROM:00025C74 off_ROM_25C74   DCD unk_ROM_1D9118 - 0x25BD2 ; DATA XREF: sub_ROM_25AF8+D2
ROM:00025C78 off_ROM_25C78   DCD unk_ROM_1D9134 - 0x25BDC
ROM:00025C78                                         ; DATA XREF: sub_ROM_25AF8:loc_ROM_25BD2
ROM:00025C7C off_ROM_25C7C   DCD 0x1F3AE2            ; DATA XREF: sub_ROM_25AF8+FA
ROM:00025C80 off_ROM_25C80   DCD unk_ROM_1D9124 - 0x25BFC ; DATA XREF: sub_ROM_25AF8+FC
ROM:00025C84 off_ROM_25C84   DCD 0x1F3ADA            ; DATA XREF: sub_ROM_25AF8:loc_ROM_25BFC
ROM:00025C88 off_ROM_25C88   DCD 0x1F3AC8            ; DATA XREF: sub_ROM_25AF8+116
ROM:00025C8C off_ROM_25C8C   DCD 0x1F3AB6            ; DATA XREF: sub_ROM_25AF8+126
ROM:00025C90 off_ROM_25C90   DCD unk_ROM_1D9118 - 0x25C28 ; DATA XREF: sub_ROM_25AF8+128
ROM:00025C94 dword_ROM_25C94 DCD 0xFFFFFADC          ; DATA XREF: sub_ROM_25AF8:loc_ROM_25C28
ROM:00025C98 dword_ROM_25C98 DCD 0xFFFFF9F0          ; DATA XREF: sub_ROM_25AF8+134
ROM:00025C9C dword_ROM_25C9C DCD 0xFFFFFAE0          ; DATA XREF: sub_ROM_25AF8+138