1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173

Vectors
       0:  e59ff058   ldr  pc, [pc, #88]  ; 0x60
       4:  e59ff058   ldr  pc, [pc, #88]  ; 0x64
       8:  e59ff1fc   ldr  pc, [pc, #508]  ; 0x20c
       c:  e59ff058   ldr  pc, [pc, #88]  ; 0x6c
      10:  e59ff058   ldr  pc, [pc, #88]  ; 0x70
      14:  e1a00000   nop      ; (mov r0, r0)
      18:  e59ff054   ldr  pc, [pc, #84]  ; 0x74
      1c:  e59ff054   ldr  pc, [pc, #84]  ; 0x78


ASCII (as3525.....)
      20:  35335341   ldrcc  r5, [r3, #-833]!  ; 0x341
      24:  325f3532   subscc  r3, pc, #209715200  ; 0xc800000
      28:  6300305f   movwvs  r3, #95  ; 0x5f
      2c:  5f355f72   svcpl  0x00355f72
      30:  65645f30   strbvs  r5, [r4, #-3888]!  ; 0xf30
      34:  6f6c6576   svcvs  0x006c6576
      38:  30300070   eorscc  r0, r0, r0, ror r0
      3c:  30303230   eorscc  r3, r0, r0, lsr r2
      40:  31303132   teqcc  r0, r2, lsr r1
      44:  35303330   ldrcc  r3, [r0, #-816]!  ; 0x330
      48:  35303030   ldrcc  r3, [r0, #-48]!  ; 0x30
      4c:  00003030   andeq  r3, r0, r0, lsr r0


  ...
Here the destination of vectors
      60:  00000138   andeq  r0, r0, r8, lsr r1
      64:  000000fc   strdeq  r0, [r0], -ip
      68:  00000100   andeq  r0, r0, r0, lsl #2
      6c:  00000104   andeq  r0, r0, r4, lsl #2

      70:  00000108   andeq  r0, r0, r8, lsl #2
      74:  0000a218   andeq  sl, r0, r8, lsl r2
      78:  00007054   andeq  r7, r0, r4, asr r0
  ...
      f8:  00007054   andeq  r7, r0, r4, asr r0

Interestingly all point to 20c
      fc:  ea000042   b  0x20c
     100:  ea000041   b  0x20c
     104:  ea000040   b  0x20c
     108:  ea00003f   b  0x20c


thumb func (calls outside)
     10c:  4c08b538   cfstr32mi  mvfx11, [r8], {56}  ; 0x38
     110:  4d08447c   cfstrsmi  mvf4, [r8, #-496]  ; 0xfffffe10
     114:  42ac447d   adcmi  r4, ip, #2097152000  ; 0x7d000000
     118:  6820d006   stmdavs  r0!, {r1, r2, ip, lr, pc}
     11c:  f0111900   undefined instruction 0xf0111900
     120:  3404ff79   strcc  pc, [r4], #-3961  ; 0xf79
     124:  d1f842ac   mvnsle  r4, ip, lsr #5
     128:  bc08bc38   stclt  12, cr11, [r8], {56}  ; 0x38
     12c:  00004718   andeq  r4, r0, r8, lsl r7
     130:  0006960c   andeq  r9, r6, ip, lsl #12
     134:  0006960c   andeq  r9, r6, ip, lsl #12


     138:  ea000033   b  0x20c

early init
     13c:  ee110f10   mrc  15, 0, r0, cr1, cr0, {0}
     140:  e3c00001   bic  r0, r0, #1
     144:  e3c00004   bic  r0, r0, #4
     148:  e3c00d40   bic  r0, r0, #4096  ; 0x1000
     14c:  e3c004c0   bic  r0, r0, #-1073741824  ; 0xc0000000
     150:  ee010f10   mcr  15, 0, r0, cr1, cr0, {0}
     154:  e59f312c   ldr  r3, [pc, #300]  ; 0x288
     158:  e1a01003   mov  r1, r3
     15c:  e59f4128   ldr  r4, [pc, #296]  ; 0x28c
     160:  e0811004   add  r1, r1, r4
     164:  e3a02000   mov  r2, #0
     168:  e1530001   cmp  r3, r1
     16c:  34832004   strcc  r2, [r3], #4
     170:  3afffffc   bcc  0x168
     174:  e59f3114   ldr  r3, [pc, #276]  ; 0x290
     178:  e59f1114   ldr  r1, [pc, #276]  ; 0x294
     17c:  e1530001   cmp  r3, r1
     180:  34832004   strcc  r2, [r3], #4
     184:  3afffffc   bcc  0x17c
     188:  e321f0db   msr  CPSR_c, #219  ; 0xdb
     18c:  e59fd104   ldr  sp, [pc, #260]  ; 0x298
     190:  e321f0d7   msr  CPSR_c, #215  ; 0xd7
     194:  e59fd100   ldr  sp, [pc, #256]  ; 0x29c
     198:  e321f0d1   msr  CPSR_c, #209  ; 0xd1
     19c:  e59fd0fc   ldr  sp, [pc, #252]  ; 0x2a0
     1a0:  e321f0d2   msr  CPSR_c, #210  ; 0xd2
     1a4:  e59fd0f8   ldr  sp, [pc, #248]  ; 0x2a4
     1a8:  e321f0d3   msr  CPSR_c, #211  ; 0xd3
     1ac:  e59fd0e0   ldr  sp, [pc, #224]  ; 0x294
     1b0:  eb000046   bl  0x2d0

infinite loop
     1b4:  eafffffe   b  0x1b4


     1b8:  e59f00e8   ldr  r0, [pc, #232]  ; 0x2a8
     1bc:  e3a01001   mov  r1, #1
     1c0:  e5801008   str  r1, [r0, #8]
     1c4:  e12fff1e   bx  lr


     1c8:  ee110f10   mrc  15, 0, r0, cr1, cr0, {0}
     1cc:  e3e01d40   mvn  r1, #4096  ; 0x1000
     1d0:  e0010000   and  r0, r1, r0
     1d4:  ee010f10   mcr  15, 0, r0, cr1, cr0, {0}
     1d8:  e12fff1e   bx  lr

     1dc:  e92d4001   push  {r0, lr}
     1e0:  e10f0000   mrs  r0, CPSR
     1e4:  e3c00080   bic  r0, r0, #128  ; 0x80
     1e8:  e121f000   msr  CPSR_c, r0
     1ec:  e8bd4001   pop  {r0, lr}
     1f0:  e1a0f00e   mov  pc, lr

     1f4:  e92d4001   push  {r0, lr}
     1f8:  e10f0000   mrs  r0, CPSR
     1fc:  e3800080   orr  r0, r0, #128  ; 0x80
     200:  e121f000   msr  CPSR_c, r0
     204:  e8bd4001   pop  {r0, lr}
     208:  e1a0f00e   mov  pc, lr

HERE IT IS 
     20c:  e59f5098   ldr  r5, [pc, #152]  ; 0x2ac ==0x81000008 (81000000 = IRAM)
     210:  e5957000   ldr  r7, [r5]
     214:  e59f1094   ldr  r1, [pc, #148]  ; 0x2b0 ==0xe59ff058
     218:  e1570001   cmp  r7, r1
     21c:  0affffc6   beq  0x13c
     220:  e59f508c   ldr  r5, [pc, #140]  ; 0x2b4
     224:  e59f108c   ldr  r1, [pc, #140]  ; 0x2b8
     228:  e5851014   str  r1, [r5, #20]
     22c:  e59f5074   ldr  r5, [pc, #116]  ; 0x2a8
     230:  e59f6084   ldr  r6, [pc, #132]  ; 0x2bc
     234:  e5856000   str  r6, [r5]
     238:  e59f6080   ldr  r6, [pc, #128]  ; 0x2c0
     23c:  e5856004   str  r6, [r5, #4]
     240:  e3a06000   mov  r6, #0
     244:  e5856004   str  r6, [r5, #4]
     248:  e5856000   str  r6, [r5]
     24c:  e3a06000   mov  r6, #0
     250:  e585600c   str  r6, [r5, #12]
     254:  e3a02004   mov  r2, #4
     258:  e3a00481   mov  r0, #-2130706432  ; 0x81000000 IRAM again
     25c:  e59f104c   ldr  r1, [pc, #76]  ; 0x2b0  == 0xe59ff058
     260:  e5801000   str  r1, [r0]
     264:  e0800002   add  r0, r0, r2
     268:  e5801000   str  r1, [r0]
     26c:  e0800002   add  r0, r0, r2
     270:  e5801000   str  r1, [r0]
     274:  e0800002   add  r0, r0, r2
     278:  e5801000   str  r1, [r0]
     27c:  e0800002   add  r0, r0, r2
     280:  e5801000   str  r1, [r0]
     284:  eaffffab   b  0x138             ; and go back again

DATA for 0x20c
     288:  0001ea7c   andeq  lr, r1, ip, ror sl
     28c:  00007498   muleq  r0, r8, r4
     290:  00051100   andeq  r1, r5, r0, lsl #2
     294:  00051a40   andeq  r1, r5, r0, asr #20
     298:  00051120   andeq  r1, r5, r0, lsr #2
     29c:  00051140   andeq  r1, r5, r0, asr #2
     2a0:  00051240   andeq  r1, r5, r0, asr #4
     2a4:  00051640   andeq  r1, r5, r0, asr #12
     2a8:  c8100000   ldmdagt  r0, {}
     2ac:  81000008   tsthi  r0, r8
     2b0:  e59ff058   ldr  pc, [pc, #88]  ; 0x310
     2b4:  c80f0000   stmdagt  pc, {}
     2b8:  0f800004   svceq  0x00800004
     2bc:  00118020   andseq  r8, r1, r0, lsr #32
     2c0:  1a720212   bne  0x1c80b10