From bab24b766025e41d5116f4fd8681c79d3acf2fcc Mon Sep 17 00:00:00 2001 From: Ryan Dwyer Date: Mon, 22 Nov 2021 20:31:52 +1000 Subject: [PATCH] Disassemble rspboot microcode --- Makefile | 12 ++++++- README.md | 3 +- src/rsp/rspboot.s | 89 +++++++++++++++++++++++++++++++++++++++++++++++ tools/extract | 1 - 4 files changed, 102 insertions(+), 3 deletions(-) create mode 100644 src/rsp/rspboot.s diff --git a/Makefile b/Makefile index dc9bdec72..39b10c0ae 100644 --- a/Makefile +++ b/Makefile @@ -496,8 +496,18 @@ $(B_DIR)/assets/accessingpakZ.o: $(B_DIR)/assets/accessingpakZ $(B_DIR)/assets/copyrightZ.o: $(B_DIR)/assets/copyrightZ TOOLCHAIN=$(TOOLCHAIN) ROMID=$(ROMID) tools/mkrawobject $< $@ -$(B_DIR)/rsp/%.o: $(E_DIR)/rsp/%.bin +$(B_DIR)/rsp/%.text.bin: src/rsp/%.s @mkdir -p $(dir $@) + armips -strequ CODE_FILE $(B_DIR)/rsp/$*.text.bin -strequ DATA_FILE $(B_DIR)/rsp/$*.data.bin $< + +$(B_DIR)/rsp/%.data.bin: src/rsp/%.text.bin + +# For RSP ucodes which haven't been diassembled yet, copy from extracted +$(B_DIR)/rsp/%.bin: $(E_DIR)/rsp/%.bin + @mkdir -p $(dir $@) + cp $< $@ + +$(B_DIR)/rsp/%.o: $(B_DIR)/rsp/%.bin TOOLCHAIN=$(TOOLCHAIN) ROMID=$(ROMID) tools/mkrawobject $< $@ $(B_DIR)/lib/ultra/libc/llcvt.o: src/lib/ultra/libc/llcvt.c $(ASSETMGR_O_FILES) diff --git a/README.md b/README.md index ae1a3ce11..f8ede26a4 100644 --- a/README.md +++ b/README.md @@ -11,11 +11,12 @@ See the [Perfect Dark Decompilation Status Page](https://ryandwyer.gitlab.io/pds For Arch Linux: * Install these packages: `binutils fakeroot gcc make python vim` -* Install from AUR: `mips64-elf-binutils` +* Install from AUR: `armips mips64-elf-binutils` For Debian and Ubuntu: * Install these packages: `binutils-mips-linux-gnu make` +* Compile and install `armips` ## ROM Versions diff --git a/src/rsp/rspboot.s b/src/rsp/rspboot.s new file mode 100644 index 000000000..e7387874f --- /dev/null +++ b/src/rsp/rspboot.s @@ -0,0 +1,89 @@ +.rsp + +// OSTask placed at end of DMEM (IMEM_START - sizeof(OSTask)) +.definelabel OSTask_addr, 0xfc0 + +// OSTask data member offsets +OSTask_flags equ 0x04 +OSTask_ucode equ 0x10 +OSTask_ucode_size equ 0x14 +OSTask_ucode_data equ 0x18 +OSTask_ucode_data_size equ 0x1c + +OS_TASK_DP_WAIT equ 0x0002 + +// RDP Status read flags +DPC_STATUS_DMA_BUSY equ 0x0100 + +.create CODE_FILE, 0x04001000 + + j rdpcheck + addi at, zero, OSTask_addr + +ucodeload: + lw v0, OSTask_ucode(at) + addi v1, zero, 0x0f7f + addi a3, zero, 0x1080 + mtc0 a3, SP_MEM_ADDR + mtc0 v0, SP_DRAM_ADDR + mtc0 v1, SP_RD_LEN + +ucodeloadloop: + mfc0 a0, SP_DMA_BUSY + bne a0, zero, ucodeloadloop + nop + jal checkyield + nop + jr a3 + mtc0 zero, SP_SEMAPHORE + +checkyield: + mfc0 t0, SP_STATUS + andi t0, t0, 0x0080 + bne t0, zero, Yield + nop + jr ra + +Yield: + mtc0 zero, SP_SEMAPHORE + ori t0, zero, 0x5200 + mtc0 t0, SP_STATUS + break + nop + +rdpcheck: + lw v0, OSTask_flags(at) + andi v0, v0, OS_TASK_DP_WAIT + beq v0, zero, rdpwait + nop + jal checkyield + nop + mfc0 v0, DPC_STATUS + andi v0, v0, DPC_STATUS_DMA_BUSY + bgtz v0, checkyield + nop + +rdpwait: + lw v0, OSTask_ucode_data(at) + lw v1, OSTask_ucode_data_size(at) + addi v1, v1, -1 + +DMEMLoad: + mfc0 s8, SP_DMA_FULL + bne s8, zero, DMEMLoad + nop + mtc0 zero, SP_MEM_ADDR + mtc0 v0, SP_DRAM_ADDR + mtc0 v1, SP_RD_LEN + +dmaloop: + mfc0 a0, SP_DMA_BUSY + bne a0, zero, dmaloop + nop + jal checkyield + nop + j ucodeload + nop + nop + +.close // CODE_FILE diff --git a/tools/extract b/tools/extract index d1546aa72..c812cec73 100755 --- a/tools/extract +++ b/tools/extract @@ -252,7 +252,6 @@ class Extractor: self.write_extracted('rsp/' + name, content) def extract_rsp(self): - self.extract_rsp_segment('rspboot.text.bin', 0, 0xd0) self.extract_rsp_segment('gsp.text.bin', 0xd0, 0x1420) self.extract_rsp_segment('asp.text.bin', 0x14f0, 0x1930) self.extract_rsp_segment('gsp.data.bin', -0x1350, 0x800)