Address Mapping

From The iPhone Wiki
Revision as of 12:29, 23 March 2017 by Spydar007 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

iPod touch (2nd generation) Bootrom

I think this might not be a good idea, because this page will wind up getting huge, but in case anyone thinks differently I'll add these for the hell of it.

functions

  • 0x067A - BootromStart
  • 0x45BA - InitProcessor
  • 0x4778 - SetupMMU
  • 0x4734 - MMU_MapAddr
  • 0x3A84 - Do_MMU_Mappings
  • 0x34FC - EnableInterrupts
  • 0x652C - Setup_SPI
  • 0x36DC - Setup_IdleTask
  • 0x4906 - PrepareNOR
  • 0x49BC - nor_spi_read_range
  • 0x178C - malloc
  • 0x34D8 - DisableInterrupts
  • 0x7840 - memset
  • 0x7858 - memzero (this looks funny in IDA, kind of, but really it's just optimized as part of memset)
  • 0x1954 - free
  • 0x4844 - addNORtoBlockDevList
  • 0x4804 - default_block_read
  • 0x10C8 - blockdev_read_hook(void *BDevStruct, void *OutputBuffer, __int32 InputImageStartAddress, int Offset, __int32 Size)
  • 0x1258 - fake_default_block_read
  • 0x136E - blockdev_write_hook
  • 0x1518 - default_block_write
  • 0x151E - default_block_erase
  • 0x1090 - get_block_device(const char* deviceName)
  • 0x8354 - strcmp
  • 0x1AF0 - CreateImageList
  • 0x1F68 - DoCreateImageList
  • 0x204C - GetImage(u32 imageFourccTag)
  • 0x1BF0 - SetupMemzStruct(u32 LoadAddress, u32 FileSize, u32 flags)
  • 0x30E8 - InitUSB
  • 0x795C - memcpy
  • 0x0E84 - USB_Core_Init
  • 0x1058 - StopUSB
  • 0x328C - GetSystemInfo
  • 0x3D94 - Get_Chip_ID
  • 0x3DA0 - Get_Chip_Revision
  • 0x3D74 - Get_Security_Epoch
  • 0x3AE4 - Get_Board_ID
  • 0x3DD4 - Get_Unique_Chip_ID
  • 0x8286 - snprintf
  • 0x7D5C - vfprintf_like_thingy
  • 0x82A8 - printf
  • 0x8422 - putchar
  • 0x2E98 - usb_print
  • 0x83CC - strncat
  • 0x1C18 - FreeMemzStruct
  • 0x67DC - Reboot (via watchdog, so yeah it looks a bit odd)
  • 0x0644 - LoadAndJumpToFWImage(struct MemzStruct *pMemzInfo, __int32 LoadAddress, __int32 FileSize)
  • 0x3338 - ProperlyJumpToImage(void unkown, u32 address, void unknown)
  • 0x4584 - PrepMMUForJump (?)
  • 0x1B78 - LoadFirmwareImage
  • 0x2144 - doLoadFirmwareImage
  • 0x1D04 - VerifyImage
  • 0x5EA8 - ComputeSHA1(void *Input_Data, int Data_Size, void *SHA1_Of_Data)
  • 0x4150 - AdjustClock
  • 0x5E54 - CopyBlockToSHA1Engine
  • 0x372E - yield
  • 0x2400 - DecryptRSASignature
  • 0x0898 - DoCrypto(int CryptOption, void *Input_Buffer, void *Output_Buffer, __int32 Size, int AESMode, void *Key, void *IV) [CryptOption 0x10 == encrypt, 0x11 == decrypt]
  • 0x5010 - aes_encrypt
  • 0x4DB8 - do_aes_encrypt
  • 0x4D38 - send_key_to_aes
  • 0x4D88 - send_iv_to_aes
  • 0x4F44 - aes_decrypt
  • 0x4E80 - do_aes_decrypt
  • 0x2668 - parse_certificate_and_signature(void *pCertsData, int sizeOfCerts, void *pImageRsaSha1, int sizeofRsaSha1, void *pComputedImageSha1, int sha1Size, void *pImageBuffer, int imageFullSize)
  • 0x356C - CheckIfDiagnosticDevice
  • 0x3D64 - Get_Security_Domain
  • 0x3D44 - Get_Production_Mode
  • 0x1F00 - Find_Data_For_Tag
  • 0x346C - Panic
  • 0x0634 - WaitForInterrupt
  • 0x4618 - UndefinedInstructionVector
  • 0x46F0 - UndefinedInstructionHandler
  • 0x4628 - SoftwareInterruptVector
  • 0x4700 - SoftwareInterruptHandler
  • 0x4640 - PrefetchAbortVector
  • 0x46B4 - PrefetchAbortHandler
  • 0x4664 - DataAbortVector
  • 0x46A2 - DataAbortHandler
  • 0x467C - AddressExceptionTrapVector
  • 0x4680 - InterruptRequestVector
  • 0x4710 - InterruptRequestHandler
  • 0x4BEC - HandleInterruptRequest
  • 0x4690 - FastInterruptRequestVector
  • 0x4722 - FastInterruptRequestHandler
  • 0x4C40 - HandleFastInterruptRequest

variables

  • 0x220240D4 - SHA1 accelerator register table
  • 0x22024200 - Block Device List
  • 0x220250A0 - Permissions Flags
  • 0x220254E0 - Interrupt Table
  • 0x2202C000 - Page table