From c3bfbb7b90f808f343db53bc4a6369bc61be7798 Mon Sep 17 00:00:00 2001 From: Zack Buhman Date: Wed, 23 Oct 2024 08:08:44 -0500 Subject: [PATCH] improve "IP" decompilation --- burn.sh | 2 + common.mk | 20 ++--- ip.lds | 4 + sg_are00.s | 5 ++ sg_are01.s | 5 ++ sg_are02.s | 5 ++ sg_are03.s | 5 ++ sg_are04.s | 5 ++ sg_areec.s | 5 ++ sg_arejp.s | 5 ++ sg_areus.s | 5 ++ sg_ini.s | 250 +++++++++++++++++++++++++++++++++++------------------ systemid.s | 10 +-- 13 files changed, 227 insertions(+), 99 deletions(-) create mode 100644 burn.sh create mode 100644 sg_are00.s create mode 100644 sg_are01.s create mode 100644 sg_are02.s create mode 100644 sg_are03.s create mode 100644 sg_are04.s create mode 100644 sg_areec.s create mode 100644 sg_arejp.s create mode 100644 sg_areus.s diff --git a/burn.sh b/burn.sh new file mode 100644 index 0000000..8e7e75b --- /dev/null +++ b/burn.sh @@ -0,0 +1,2 @@ +cdrecord -speed=8 -v dev=/dev/sr0 -dao -multi taudio01.wav +cdrecord -eject -overburn -speed=8 -v dev=/dev/sr0 -tao -xa tdata02.iso diff --git a/common.mk b/common.mk index bb490b9..9897200 100644 --- a/common.mk +++ b/common.mk @@ -21,16 +21,16 @@ IP_OBJ = \ systemid.o \ toc.o \ sg/sg_sec.o \ - sg/sg_arejp.o \ - sg/sg_areus.o \ - sg/sg_areec.o \ - sg/sg_are00.o \ - sg/sg_are01.o \ - sg/sg_are02.o \ - sg/sg_are03.o \ - sg/sg_are04.o \ - sg/sg_ini.o \ - sg/aip.o + sg_arejp.o \ + sg_areus.o \ + sg_areec.o \ + sg_are00.o \ + sg_are01.o \ + sg_are02.o \ + sg_are03.o \ + sg_are04.o \ + sg_ini.o \ + aip.o %.o: %.obj $(OBJCOPY) -g \ diff --git a/ip.lds b/ip.lds index 61ea874..73aa034 100644 --- a/ip.lds +++ b/ip.lds @@ -42,11 +42,13 @@ SECTIONS .text.sg_ini : { KEEP(*(.text.*sg_ini)) + . = ORIGIN(sg_ini) + LENGTH(sg_ini); } > sg_ini .text.aip : { KEEP(*(.text.*aip)) + . = ORIGIN(aip) + LENGTH(aip); } > aip /DISCARD/ : @@ -56,4 +58,6 @@ SECTIONS *(.bss) *(.comment) } + + INCLUDE "debug.lds" } diff --git a/sg_are00.s b/sg_are00.s new file mode 100644 index 0000000..20ae471 --- /dev/null +++ b/sg_are00.s @@ -0,0 +1,5 @@ + .section .text.sg_are00 + bra _sg_are00_next + nop + .ascii " " +_sg_are00_next: diff --git a/sg_are01.s b/sg_are01.s new file mode 100644 index 0000000..31d4500 --- /dev/null +++ b/sg_are01.s @@ -0,0 +1,5 @@ + .section .text.sg_are01 + bra _sg_are01_next + nop + .ascii " " +_sg_are01_next: diff --git a/sg_are02.s b/sg_are02.s new file mode 100644 index 0000000..0cd51a4 --- /dev/null +++ b/sg_are02.s @@ -0,0 +1,5 @@ + .section .text.sg_are02 + bra _sg_are02_next + nop + .ascii " " +_sg_are02_next: diff --git a/sg_are03.s b/sg_are03.s new file mode 100644 index 0000000..00fff6e --- /dev/null +++ b/sg_are03.s @@ -0,0 +1,5 @@ + .section .text.sg_are03 + bra _sg_are03_next + nop + .ascii " " +_sg_are03_next: diff --git a/sg_are04.s b/sg_are04.s new file mode 100644 index 0000000..0d051f1 --- /dev/null +++ b/sg_are04.s @@ -0,0 +1,5 @@ + .section .text.sg_are04 + bra _sg_are04_next + nop + .ascii " " +_sg_are04_next: diff --git a/sg_areec.s b/sg_areec.s new file mode 100644 index 0000000..6c7757a --- /dev/null +++ b/sg_areec.s @@ -0,0 +1,5 @@ + .section .text.sg_areec + bra _sg_areec_next + nop + .ascii "For EUROPE. " +_sg_areec_next: diff --git a/sg_arejp.s b/sg_arejp.s new file mode 100644 index 0000000..7179090 --- /dev/null +++ b/sg_arejp.s @@ -0,0 +1,5 @@ + .section .text.sg_arejp + bra _sg_arejp_next + nop + .ascii "For JAPAN,TAIWAN,PHILIPINES." +_sg_arejp_next: diff --git a/sg_areus.s b/sg_areus.s new file mode 100644 index 0000000..86ab92e --- /dev/null +++ b/sg_areus.s @@ -0,0 +1,5 @@ + .section .text.sg_areus + bra _sg_areus_next + nop + .ascii "For USA and CANADA. " +_sg_areus_next: diff --git a/sg_ini.s b/sg_ini.s index afc84c4..5c072d3 100644 --- a/sg_ini.s +++ b/sg_ini.s @@ -2,7 +2,7 @@ .global _text_sg_ini_start _text_sg_ini_start: - mov.l label_18,r0 /* 8d000000 → beginning of system ram, image area */ + mov.l label_18,r0 /* 8d000000 → end of system ram */ mov r0,r15 nop nop @@ -23,26 +23,36 @@ label_20: .fill 0x2000,1,0x00 label_2020: + /* function that processes the list of addresses/values at label_2284 */ mov.l label_204c,r0 /* 8c00d940 → label_2140 */ mov #0,r1 jsr @r0 nop + + /* ???? possibly jump to boot menu? */ mov.l label_2050,r0 /* 8c00d900 → label_2100 */ jsr @r0 nop + + /* possibly jump to boot menu? */ mov.l label_2054,r0 /* 8c00d888 → label_2088 */ jsr @r0 nop + + /* check for Windows CE? */ mov.l label_2058,r0 /* 8c00dae0 → label_22e0 */ jsr @r0 nop + mov.l label_205c,r0 /* 8c00db40 → label_2340 */ jsr @r0 nop + nop mov.l label_2060,r0 /* 8c00d86c → label_206c */ jmp @r0 nop + nop nop @@ -80,7 +90,7 @@ label_2084: label_2088: sts.l pr,@-r15 mov.l label_20a4,r0 /* 8c000048 */ - mov.l @r0,r0 + mov.l @r0,r0 /* r0 ← 1 */ cmp/eq #6,r0 bt label_209e cmp/eq #7,r0 @@ -98,6 +108,7 @@ label_20a4: label_20a8: .long 0x8c00d8ac + /* jump back to boot menu? */ label_20ac: mov.l label_20b4,r0 /* 8c0000e0 */ mov.l @r0,r0 @@ -108,61 +119,68 @@ label_20b4: label_20b8: exts.b r4,r0 - mov #57,r1 + mov #57,r1 /* ascii '9' */ cmp/gt r1,r0 bf label_20c2 add #-7,r0 label_20c2: rts add #-48,r0 + + /* called from label_2100 and label_22e0 */ label_20c6: xor r2,r2 sts.l pr,@-r15 - mov.b @r4,r4 - mov r4,r0 - cmp/eq #32,r0 - bt label_20e0 - bsr label_20b8 + mov.b @r4,r4 /* r4 ← (0x8c00803e) = 0x30 */ + mov r4,r0 /* r0 ← 0x30 */ + cmp/eq #0x20,r0 /* check for ascii space in 'Compatible peripherals' of systemid */ + bt label_20e0 /* if it is space, return 0 */ + bsr label_20b8 /* ascii 0-9 to integer */ nop mov #1,r1 - tst r1,r0 - bt.s label_20e0 + tst r1,r0 /* check for ascii '1' / "uses Windows CE" */ + bt.s label_20e0 /* if not "uses Windows CE", take branch to label_20e0 */ xor r2,r2 mov #1,r2 label_20e0: lds.l @r15+,pr rts - mov r2,r0 + mov r2,r0 /* return 1 if Windows CE, 0 if not */ .word 0xffff label_20e8: mov.l label_20fc,r1 ! 8c008024 - mov.l label_20f8,r3 ! 4c494d20 - mov.l @r1,r2 + mov.l label_20f8,r3 /* ascii ' MIL' ; 0x4c494d20 */ + mov.l @r1,r2 /* r2 ← 0x2d444720 ' GD-' */ cmp/eq r3,r2 movt r0 rts nop nop label_20f8: - .long 0x4c494d20 + .ascii " MIL" /* 4c494d20 */ label_20fc: .long 0x8c008024 + + /* called from label_2020 */ label_2100: sts.l pr,@-r15 mov.l label_212c,r3 /* 8c00d8c6 → label_20c6 */ - mov.l label_213c,r4 ! 8c008000 + mov.l label_213c,r4 /* 8c008000 */ jsr @r3 - add #62,r4 - tst r0,r0 + add #0x3e,r4 /* r4 ← 0x8c00803e */ + tst r0,r0 /* check return value != 0 */ bf label_2126 + + /* check for ' MIL' CD */ mov.l label_2130,r3 /* 8c00d8e8 → label_20e8 */ jsr @r3 nop - tst r0,r0 + tst r0,r0 /* check return value != 0 */ bf label_2126 + mov.l label_2138,r3 ! 8c010000 mov.w @r3,r0 - cmp/eq #34,r0 + cmp/eq #34,r0 /* check for 'stc vbr,r0' ?? */ bf label_2126 mov.l label_2134,r1 /* 8c00d8ac → label_20ac */ jmp @r1 @@ -182,22 +200,25 @@ label_2138: label_213c: .long 0x8c008000 + /* function that processes the list of addresses/values at label_2284 */ label_2140: mov.l r2,@-r15 mov.l r3,@-r15 mov.l r4,@-r15 mov.l r5,@-r15 sts.l pr,@-r15 - mova label_2284,r0 - mov.w @(r0,r1),r1 - add r1,r0 + mova label_2284,r0 /* 0x8c00da84 */ + mov.w @(r0,r1),r1 /* 0x2 */ + add r1,r0 /* 0x8c00da86 */ label_2150: add #3,r0 shlr2 r0 - shll2 r0 - mov.w @r0+,r4 - tst r4,r4 - bf label_2172 + shll2 r0 /* #1 r0 ← 0x8c00da88 + #2 r0 ← 0x8c00da90 */ + mov.w @r0+,r4 /* #1 r0 ← 0x8c00da8a ; r4 ← 2 + #2 r4 ← 1 */ + tst r4,r4 /* r4 & r4 != 0 → T unset */ + bf label_2172 /* branch taken */ mov.w @r0+,r4 tst r4,r4 bf.s label_2150 @@ -210,20 +231,22 @@ label_2150: rts sett label_2172: - mov.w @r0+,r3 - mov.l label_2278,r1 ! ffff8000 - and r3,r1 - tst r1,r1 - bt label_2180 + mov.w @r0+,r3 /* #1 0x8c00da8a ; r0 ← 0x8c00da8c ; r3 ← 0x6 + #2 0x8c00da92 ; r0 ← 0x8c00da94 ; r3 ← 0x18 + */ + mov.l label_2278,r1 /* ffff8000 */ + and r3,r1 /* r1 ← 0 */ + tst r1,r1 /* r1 & r1 == 0 → T set */ + bt label_2180 /* branch taken */ xor r1,r3 bf label_2182 label_2180: - mov.l @r0+,r2 + mov.l @r0+,r2 /* 0x8c00da8c ; r2 ← 0xff000038 */ label_2182: - mov.l label_227c,r1 ! 6000 - and r3,r1 - tst r1,r1 - bt label_21a0 + mov.l label_227c,r1 /* r1 ← 6000 */ + and r3,r1 /* r1 ← 0 */ + tst r1,r1 /* T set */ + bt label_21a0 /* branch taken */ xor r1,r3 add #12,r3 mov.l @r0+,r1 @@ -236,27 +259,43 @@ label_2194: add #4,r2 bra label_2150 mov r5,r0 + /* branch from label_2182 */ label_21a0: - bsrf r3 - dt r4 - bf.s label_21a0 - add #4,r2 - bt label_2150 + bsrf r3 /* #1 0x06 ; PC ← 0x8c00d9aa (label_21aa) + #2 0x18 ; PC ← 0x8c00d9bc (label_2abc) + #3 0x0c ; PC ← 0x8c00d9b0 (label_21b0) + */ + dt r4 /* #1 r4 ← 1 ; T unset + #2 r4 ← 0 ; T set + #3 r4 ← 3 ; T unset + */ + bf.s label_21a0 /* #1 branch taken ; #2 branch not taken */ + add #4,r2 /* 0xff000038 ; r2 ← 0xff00003c */ + bt label_2150 /* branch taken */ +label_21aa: mov #0,r1 rts mov.l r1,@r2 +label_21b0: mov #0,r1 rts mov.w r1,@r2 mov #0,r1 rts mov.b r1,@r2 - mov.l @r0+,r1 +label_21bc: + mov.l @r0+,r1 /* 0x8c00da98 ; r1 ← 0x12c0 */ rts - mov.l r1,@r2 + mov.l r1,@r2 /* 0xffa0002c ; CHCR2 ← 0x000012c0 + DM: fixed + SM: incremented + RS: external request, single address mode + */ +label_21c2: mov.w @r0+,r1 rts mov.l r1,@r2 + mov.l @r0+,r1 rts mov.b r1,@r2 @@ -357,50 +396,90 @@ label_2278: label_227c: .long 0x00006000 - /* unreachable? */ - .word 0x8040 - .word 0xa05f + .long 0xa05f8040 /* unused; VO_BORDER_COL */ label_2284: .word 0x0002 - .word 0x0009 +label_2286: + .word 0x0009 /* unused garbage data? */ + +label_2288: .word 0x0002 - .word 0x0006 - .word 0x0038 - .word 0xff00 +label_228a: + .word 0x0006 /* r3 */ +label_228c: + .long 0xff000038 + +label_2290: .word 0x0001 - .word 0x0018 - .word 0x002c - .word 0xffa0 - .word 0x12c0 - .word 0x0000 +label_2292: + .word 0x0018 /* r3 */ +label_2294: + .long 0xffa0002c /* CHCR2 ← 0x000012c0 */ +label_2298: + .long 0x000012c0 + +label_229c: .word 0x0004 +label_229e: .word 0x000c - .word 0x0000 - .word 0xffd0 - .word 0x0001 - .word 0x0018 - .word 0x0024 - .word 0xff00 - .word 0x0020 - .word 0x0000 - .word 0x0002 - .word 0x001e - .word 0x7490 - .word 0xa05f +label_22a0: + .long 0xffd00000 /* ICR ← 0 + IPRA ← 0 + IPRB ← 0 + IPRC ← 0 + */ +label_22a4: + .word 0x0001 /* r4 */ +label_22a6: + .word 0x0018 /* r3 → bsrf label_21bc */ +label_22a8: + .long 0xff000024 /* r2 + ?? ← 0x00000020 */ +label_22ac: + .long 0x00000020 /* r1 */ + +label_22b0: + .word 0x0002 /* r4 */ +label_22b2: + .word 0x001e /* r3 → bsrf label_21c2 */ +label_22b4: + .long 0xa05f7490 /* r2 + SB_G1CRC ← 0x0222 + SB_G1CWC ← 0x0222 + */ +label_22b8: .word 0x0222 +label_22ba: .word 0x0222 - .word 0x0002 - .word 0x001e - .word 0x74a0 - .word 0xa05f + +label_22bc: + .word 0x0002 /* r4 */ +label_22be: + .word 0x001e /* r3 → bsrf label_21c2 */ +label_22c0: + .long 0xa05f74a0 /* r2 + SB_G1GDRC ← 0x2001 + SB_G1GDWC ← 0x2001 + */ +label_22c4: .word 0x2001 +label_22c6: .word 0x2001 - .word 0x0002 - .word 0x001e - .word 0x7890 - .word 0xa05f + +label_22c8: + .word 0x0002 /* r4 */ +label_22ca: + .word 0x001e /* r3 → bsrf label_21c2 */ +label_22cc: + .long 0xa05f7890 /* SB_G2DSTO ← 0x001b + SB_G2TRTO ← 0x0271 + */ +label_22d0: .word 0x001b +label_22d2: .word 0x0271 + +label_22d4: .word 0x0000 .word 0x0000 nop @@ -408,14 +487,16 @@ label_2284: nop nop + /* called from label_2020 */ label_22e0: sts.l pr,@-r15 - mov.l label_2330,r4 ! 8c008000 - mov.l label_2328,r3 ! 8c00d8c6 + /* check systemid for "uses Windows CE" */ + mov.l label_2330,r4 /* 8c008000 systemid */ + mov.l label_2328,r3 /* 8c00d8c6 label_20c6 */ jsr @r3 - add #62,r4 - tst r0,r0 - bt label_2320 + add #0x3e,r4 + tst r0,r0 /* r0 (1 if Windows CE) */ + bt label_2320 /* if not Windows CE, return */ mov.l label_2334,r1 ! 8ce01010 mov.l @r1,r0 tst r0,r0 @@ -467,10 +548,11 @@ label_2340: add #-20,r15 mov r15,r3 mov r15,r5 - mov.l r3,@(16,r15) + mov.l r3,@(16,r15) /* copy stack pointer to stack */ add #16,r5 bsr label_23e0 mov #30,r4 + mov r0,r4 tst r4,r4 bt label_2384 @@ -554,7 +636,7 @@ label_23e0: mov #0,r6 mov #0,r7 mov.l label_2404,r0 ! 8c0000bc - mov.l @r0,r0 + mov.l @r0,r0 /* r0 ← 0x8c001000 */ label_23e8: jmp @r0 nop @@ -562,14 +644,14 @@ label_23ec: mov #0,r6 mov #1,r7 mov.l label_2404,r0 ! 8c0000bc - mov.l @r0,r0 + mov.l @r0,r0 /* r0 ← 0x8c001000 */ jmp @r0 nop label_23f8: mov #0,r6 mov #2,r7 mov.l label_2404,r0 ! 8c0000bc - mov.l @r0,r0 + mov.l @r0,r0 /* r0 ← 0x8c001000 */ jmp @r0 nop label_2404: diff --git a/systemid.s b/systemid.s index b8dc97c..a844e7d 100644 --- a/systemid.s +++ b/systemid.s @@ -34,12 +34,12 @@ .section .text.systemid - .ascii "SEGA SEGAKATANA " /* H/W identifier */ - .ascii "SEGA ENTERPRISES" /* H/W Vendor ID */ - .ascii "39F1 " /* Media ID */ + .ascii "SEGA SEGAKATANA " /* 0x00 H/W identifier */ + .ascii "SEGA ENTERPRISES" /* 0x10 H/W Vendor ID */ + .ascii "39F1 " /* 0x20 Media ID */ .ascii "GD-ROM1/1 " /* Media information */ - .ascii "JUE " /* Compatible Area Symbol */ - .ascii "C000810 " /* Compatible peripherals */ + .ascii "JUE " /* 0x30 Compatible Area Symbol */ + .ascii "C000810 " /* Compatible peripherals */ .ascii "HDR-0900 " /* Product number */ .ascii "V0.000" /* Version number */ .ascii "19980901" /* Release date */