retrieved by wololo
And here the EBOOT.PBP C-pseudo code as decompiled by Davee:
Code: Select all
/*
Eboot.pbp
Relative pseudo C
*/
int Exit(char *message)
{
printf("%s", message); //genius work, really
sceKernelDelayThread(0x3D0900);
sceKernelExitGame();
}
int WriteFile(const char *file, void *buffer, SceSize size) //Awesome error handling ;)
{
SceUID fd = sceIoOpen(file, PSP_O_CREAT | PSP_O_TRUNC | PSP_O_WRONLY, 511);
int ret = sceIoWrite(fd, buffer, size);
sceIoClose(fd);
return ret;
}
void FlashFiles() //bet you had fun writing this ;)
{
if (WriteFile("flash0:/kd/vshctrl.prx", vshctrl, size_vshctrl) != size_vshctrl)
{
Exit("Error writting vshctrl.");
}
if (WriteFile("flash0:/kd/galaxy.prx", galaxy, size_galaxy) != size_galaxy)
{
Exit("Error writting galaxy.");
}
if (WriteFile("flash0:/kd/march33.prx", march33, size_march33) != size_march33)
{
Exit("Error writting march33.");
}
if (WriteFile("flash0:/kd/popcorn.prx", popcorn, size_popcorn) != size_popcorn)
{
Exit("Error writting popcorn.");
}
if (WriteFile("flash0:/kd/idcanager.prx", idcanager, size_idcanager) != size_idcanager)
{
Exit("Error writting idcanager.");
}
if (WriteFile("flash0:/kd/usbdevice.prx", usbdevice, size_usbdevice) != size_usbdevice)
{
Exit("Error writting usbdevice.");
}
if (WriteFile("flash0:/vsh/module/satelite.prx", satelite, size_satelite) != size_satelite)
{
Exit("Error writting satelite.");
}
if (WriteFile("flash0:/kd/systemctrl_02g.prx", systemctrl_02g, size_systemctrl_02g) != size_systemctrl_02g)
{
Exit("Error writting systemctrl.");
}
if (WriteFile("flash0:/kd/pspbtlnf_02g.bin", pspbtlnf_02g, size_pspbtlnf_02g) != size_pspbtlnf_02g)
{
Exit("Error writting pspbtlnf.");
}
if (WriteFile("flash0:/kd/pspbtlnf_02g.bin", pspbtdnf_02g, size_pspbtdnf_02g) != size_pspbtdnf_02g)
{
Exit("Error writting pspbtdnf.");
}
if (WriteFile("flash0:/kd/pspbtjnf_02g.bin", pspbtjnf_02g, size_pspbtjnf_02g) != size_pspbtjnf_02g)
{
Exit("Error writting pspbtjnf.");
}
if (WriteFile("flash0:/kd/pspbtknf_02g.bin", pspbtknf_02g, size_pspbtknf_02g) != size_pspbtknf_02g)
{
Exit("Error writting pspbtknf.");
}
}
int main() //why store strings in vars?
{
SceIoStat stat;
SceCtrlData pad;
int model; //initalize?
pspDebugScreenInit();
printf("Hen de los huevos, como falla el cabron. Custom Firmware Enabler 1.0\nBy Xenogears and Becus25\n\n");
printf("Press O to flash M33 custom firmware files into the flash.\nPress X to run the custom firmware.\nPress R to exit.\n");
while (1)
{
sceCtrlReadBufferPositive(&pad, 1);
if (pad.Buttons & PSP_CTRL_CROSS)
{
pspDebugScreenClear();
printf("\nLoading henctrl.prx...");
SceUID modid = sceKernelLoadModule("henctrl.prx", 0, NULL);
if (modid < 0)
{
Exit(" Error loading henctrl.prx");
}
printf("\nStarting henctrl.prx...");
sceKernelStartModule(modid, strlen("henctrl.prx") + 1, "henctrl.prx", NULL, NULL, NULL);
printf("Wait 5 seconds...")'
sceKernelDelayThread(0x4C4B40);
sceKernelExitGame();
}
else if (pad.Buttons & PSP_CTRL_CIRCLE)
{
if (sceIoUnassign("flash0:") < 0)
{
Exit("Error unassigning flash0:");
}
if (sceIoAssign("flash0:", "lflash0:0,0", "flashfat0:", IOASSIGN_RDWR, NULL, 0) < 0)
{
Exit("Error assigning flash0:");
}
if (!sceIoGetstat("flash0:/kd/loadexec_01g.prx", &stat)) //hello? sceKernelGetModel? >.>
model = 0;
if ((ret = sceIoGetstat("flash0:/kd/loadexec_02g.prx", &stat)) < 0 && model != ret) //model isn't even predefined...
{
Exit("Your PSP is not 2000. Exiting...");
}
else
model = 1;
printf("\nFlashing...");
FlashFiles();
printf("Done.\n\nPress X to run the custom firmware.");
}
else if (pad.Buttons & PSP_CTRL_RTRIGGER)
{
Exit("Exiting...");
}
}
return 0; //nice program flow control
}
Code: Select all
/*
ohai nubcakes
*/
/* CFW Enabler's main code */
/* Xenogears & Becus25 */
/* http://www.dark-alex.org/forum/viewtopic.php?f=24&t=14641 */
/* Noob comments by m0skit0 */
/* http://advancedpsp.freeforums.org/ */
#include <pspkernel.h>
#include <pspsysmem_kernel.h>
/* Missing this! */
#include "rebootex.h"
PSP_MODULE_INFO("HENControl_module", 0x1000, 0, 1);
/* The macro that makes a call
MAKE_CALL(address, function)
where address is the address to be patched
and function is the new function to call
How it works:
_sw is a function that corresponds to the sw assembler instruction,
Store Word. Writes 32 bits (one word) at a memory direction
0x0C000000 is the opcode for jal, Jump and Link
"f" is the function direction, shifted left 2 positions
and masked with zeroes for the higher 6 bits (which correspond to opcode)
Then MAKE_CALL stores a jal instruction to the function passed at the
address passed */
#define MAKE_CALL(a, f) _sw(0x0C000000 | (((u32)(f) >> 2) & 0x03ffffff), a)
/* To C noobs, this is a function pointer */
int (* DecompressReboot)(u32 addr, u32 size, void *unk, void *unk2, void *unk3) = NULL;
/* Write back data cache to main memory and invalidate all entries from both caches*/
void ClearCaches()
{
sceKernelIcacheInvalidateAll();
sceKernelDcacheWritebackInvalidateAll();
}
/* This is the new function that substitutes the instruction at sceLoadExec offset 0x27DC */
int DecompressRebootPatched(u32 addr, u32 size, void *unk, void *unk2, void *unk3)
{
/* Decompress "rebootex" in address 0x88FC0000 */
/* "rebootex" likely to be referenced by rebootex.h file */
sceKernelGzipDecompress((void *)0x88FC0000, size_rebootex, rebootex, NULL);
/* Call DecompressReboot, which is sceLoadExec text entry as we see below */
return DecompressReboot(addr, size, unk, unk2, unk3);
}
/* Modify sceLoadExecModule */
int PatchLoadExec()
{
/* Get module sceLoadExec */
SceModule *mod = sceKernelFindModuleByName("sceLoadExec");
/* text_addr points to actual code from sceLoadExec module */
u32 text_addr = mod->text_addr;
/* Here comes the tricky part: */
/* Change instruction at offset 0x27dc of sceLoadExec code
with a call to function DecompressRebootPatched() */
MAKE_CALL(text_addr + 0x27DC, DecompressRebootPatched);
/* Stores the value 0x3C0188FC at offset 0x2820
likely to be an instruction if stored in text segment :)
In binary: 0011 1100 0000 0001 1000 1000 1111 1100
Opcode: 001111 -> lui, Load Upper Immediate, loads a register's
higher half-word with an immediate operand
00000 00001 1000100011111100
Then always come 5 zeroes: 00000
Then the register to load in (5 bits): 00001 -> register 1
Finally the half word immediate: 0x88FC
After excuting this instruction $1 = 0x88FC0000 */
_sw(0x3C0188FC, text_addr + 0x2820);
/* You can disassemble sysmem.prx (aka sceLoadExec) to check that sub_00002778
(the subroutine patched above) is referenced a few times by other functions xD */
/* Assigning scePafModule text entry section as DecompressReboot() */
DecompressReboot = (void *)text_addr;
ClearCaches();
}
/* Module entry point, as you should already know :) */
int module_start(SceSize args, void *argp)
{
PatchLoadExec();
return 0;
}
And finally rebootvalidslim disassembly:
Código: Seleccionar todo
Code: Select all
00000000: 0a3f01b9 j 0x8fc06e4 #
00000004: 00000000 nop
00000008: 00000000 nop
0000000c: 18c00007 blez $a2,0x2c
00000010: 00000000 nop
00000014: 80830000 lb $v1,0($a0)
00000018: 80a20000 lb $v0,0($a1)
0000001c: 10620005 beq $v1,$v0,0x34
00000020: 00431023 subu $v0,$v0,$v1
00000024: 03e00008 jr $ra
00000028: 00000000 nop
0000002c: 03e00008 jr $ra
00000030: 00001021 addu $v0,$zero,$zero
00000034: 00003821 addu $a3,$zero,$zero
00000038: 24e70001 addiu $a3,$a3,1
0000003c: 00871021 addu $v0,$a0,$a3
00000040: 10c7fffa beq $a2,$a3,0x2c
00000044: 00e54021 addu $t0,$a3,$a1
00000048: 80430000 lb $v1,0($v0)
0000004c: 81020000 lb $v0,0($t0)
00000050: 1062fffa beq $v1,$v0,0x3c
00000054: 24e70001 addiu $a3,$a3,1
00000058: 03e00008 jr $ra
0000005c: 00431023 subu $v0,$v0,$v1
00000060: 18c00006 blez $a2,0x7c
00000064: 30a500ff andi $a1,$a1,0xff
00000068: 00001821 addu $v1,$zero,$zero
0000006c: 00831021 addu $v0,$a0,$v1
00000070: 24630001 addiu $v1,$v1,1
00000074: 14c3fffd bne $a2,$v1,0x6c
00000078: a0450000 sb $a1,0($v0)
0000007c: 03e00008 jr $ra
00000080: 00000000 nop
00000084: 18c00008 blez $a2,0xa8
00000088: 00804021 addu $t0,$a0,$zero
0000008c: 00003821 addu $a3,$zero,$zero
00000090: 00a71021 addu $v0,$a1,$a3
00000094: 90440000 lbu $a0,0($v0)
00000098: 01071821 addu $v1,$t0,$a3
0000009c: 24e70001 addiu $a3,$a3,1
000000a0: 14c7fffb bne $a2,$a3,0x90
000000a4: a0640000 sb $a0,0($v1)
000000a8: 03e00008 jr $ra
000000ac: 00000000 nop
000000b0: 24c2ffff addiu $v0,$a2,-1=0xffff
000000b4: 04400009 bltz $v0,0xdc
000000b8: 00822021 addu $a0,$a0,$v0
000000bc: 00a22821 addu $a1,$a1,$v0
000000c0: 00001821 addu $v1,$zero,$zero
000000c4: 90a20000 lbu $v0,0($a1)
000000c8: 24630001 addiu $v1,$v1,1
000000cc: 24a5ffff addiu $a1,$a1,-1=0xffff
000000d0: a0820000 sb $v0,0($a0)
000000d4: 1466fffb bne $v1,$a2,0xc4
000000d8: 2484ffff addiu $a0,$a0,-1=0xffff
000000dc: 03e00008 jr $ra
000000e0: 00000000 nop
000000e4: 0a3f003d j 0x8fc00f4 #
000000e8: 00004021 addu $t0,$zero,$zero
000000ec: 10600016 beq $v1,$zero,0x148
000000f0: 00000000 nop
000000f4: 00881021 addu $v0,$a0,$t0
000000f8: 80460000 lb $a2,0($v0)
000000fc: 01051821 addu $v1,$t0,$a1
00000100: 80630000 lb $v1,0($v1)
00000104: 24c2ff9f addiu $v0,$a2,-97=0xff9f
00000108: 304200ff andi $v0,$v0,0xff
0000010c: 2c42001a sltiu $v0,$v0,26=0x001a
00000110: 25080001 addiu $t0,$t0,1
00000114: 10400002 beq $v0,$zero,0x120
00000118: 24c7ffe0 addiu $a3,$a2,-32=0xffe0
0000011c: 7c073420 const 0x7c073420
00000120: 2462ff9f addiu $v0,$v1,-97=0xff9f
00000124: 304200ff andi $v0,$v0,0xff
00000128: 2c42001a sltiu $v0,$v0,26=0x001a
0000012c: 10400002 beq $v0,$zero,0x138
00000130: 2467ffe0 addiu $a3,$v1,-32=0xffe0
00000134: 7c071c20 const 0x7c071c20
00000138: 1066ffec beq $v1,$a2,0xec
0000013c: 00661023 subu $v0,$v1,$a2
00000140: 03e00008 jr $ra
00000144: 00000000 nop
00000148: 03e00008 jr $ra
0000014c: 00001021 addu $v0,$zero,$zero
00000150: 27bdfff8 addiu $sp,$sp,-8
00000154: afbf0000 sw $ra,0($sp)
00000158: 3c0388fc lui $v1,0x88fc
0000015c: 8c620920 lw $v0,2336($v1)
00000160: 0040f809 jalr $ra,$v0
00000164: 00000000 nop
00000168: 3c0388fc lui $v1,0x88fc
0000016c: 8c79091c lw $t9,2332($v1)
00000170: 8fbf0000 lw $ra,0($sp)
00000174: 03200008 jr $t9
00000178: 27bd0008 addiu $sp,$sp,8
0000017c: 27bdffb8 addiu $sp,$sp,-72
00000180: afb20028 sw $s2,40($sp)
00000184: afb10024 sw $s1,36($sp)
00000188: afbf0040 sw $ra,64($sp)
0000018c: afb7003c sw $s7,60($sp)
00000190: afb60038 sw $s6,56($sp)
00000194: afb50034 sw $s5,52($sp)
00000198: afb40030 sw $s4,48($sp)
0000019c: afb3002c sw $s3,44($sp)
000001a0: afb00020 sw $s0,32($sp)
000001a4: 3c0288fc lui $v0,0x88fc
000001a8: 8c430934 lw $v1,2356($v0)
000001ac: 00808821 addu $s1,$a0,$zero
000001b0: 1060001a beq $v1,$zero,0x21c
000001b4: 00a09021 addu $s2,$a1,$zero
000001b8: 3c1188fc lui $s1,0x88fc
000001bc: 8e220940 lw $v0,2368($s1)
000001c0: 3c1088fc lui $s0,0x88fc
000001c4: 8e050984 lw $a1,2436($s0)
000001c8: 0242902d daddu $s2,$s2,$v0
000001cc: 0e3f0021 jal 0x8fc0084 #
000001d0: 02403021 addu $a2,$s2,$zero
000001d4: 8e020984 lw $v0,2436($s0)
000001d8: 8e230940 lw $v1,2368($s1)
000001dc: 00521021 addu $v0,$v0,$s2
000001e0: 00721823 subu $v1,$v1,$s2
000001e4: ae020984 sw $v0,2436($s0)
000001e8: ae230940 sw $v1,2368($s1)
000001ec: 02401021 addu $v0,$s2,$zero
000001f0: 8fbf0040 lw $ra,64($sp)
000001f4: 8fb7003c lw $s7,60($sp)
000001f8: 8fb60038 lw $s6,56($sp)
000001fc: 8fb50034 lw $s5,52($sp)
00000200: 8fb40030 lw $s4,48($sp)
00000204: 8fb3002c lw $s3,44($sp)
00000208: 8fb20028 lw $s2,40($sp)
0000020c: 8fb10024 lw $s1,36($sp)
00000210: 8fb00020 lw $s0,32($sp)
00000214: 03e00008 jr $ra
00000218: 27bd0048 addiu $sp,$sp,72
0000021c: 3c0388fc lui $v1,0x88fc
00000220: 8c620928 lw $v0,2344($v1)
00000224: 0040f809 jalr $ra,$v0
00000228: 00000000 nop
0000022c: 3c0388fc lui $v1,0x88fc
00000230: 00409021 addu $s2,$v0,$zero
00000234: 8c620938 lw $v0,2360($v1)
00000238: 1040ffed beq $v0,$zero,0x1f0
0000023c: 02401021 addu $v0,$s2,$zero
00000240: ac600938 sw $zero,2360($v1)
00000244: 8a240037 lwl $a0,55($s1)
00000248: 8a220033 lwl $v0,51($s1)
0000024c: 8a230023 lwl $v1,35($s1)
00000250: 9a240034 lwr $a0,52($s1)
00000254: 9a220030 lwr $v0,48($s1)
00000258: 9a230020 lwr $v1,32($s1)
0000025c: 3c0588fc lui $a1,0x88fc
00000260: 00912021 addu $a0,$a0,$s1
00000264: 24a508bc addiu $a1,$a1,2236=0x08bc
00000268: 24060009 addiu $a2,$zero,9
0000026c: 0222a021 addu $s4,$s1,$v0
00000270: 0e3f0021 jal 0x8fc0084 #
00000274: 0071b821 addu $s7,$v1,$s1
00000278: 8a230037 lwl $v1,55($s1)
0000027c: 9a230034 lwr $v1,52($s1)
00000280: 24630009 addiu $v1,$v1,9
00000284: aa230037 swl $v1,55($s1)
00000288: ba230034 swr $v1,52($s1)
0000028c: 8a220027 lwl $v0,39($s1)
00000290: 9a220024 lwr $v0,36($s1)
00000294: 1c40004f bgtz $v0,0x3d4
00000298: 26560009 addiu $s6,$s2,9
0000029c: 00009821 addu $s3,$zero,$zero
000002a0: 8a220027 lwl $v0,39($s1)
000002a4: 9a220024 lwr $v0,36($s1)
000002a8: 12620048 beq $s3,$v0,0x3cc
000002ac: 03a02021 addu $a0,$sp,$zero
000002b0: 00002821 addu $a1,$zero,$zero
000002b4: 0e3f0018 jal 0x8fc0060 #
000002b8: 24060020 addiu $a2,$zero,32=0x0020
000002bc: 8a230037 lwl $v1,55($s1)
000002c0: 8a240033 lwl $a0,51($s1)
000002c4: 8a260037 lwl $a2,55($s1)
000002c8: 9a230034 lwr $v1,52($s1)
000002cc: 9a240030 lwr $a0,48($s1)
000002d0: 9a260034 lwr $a2,52($s1)
000002d4: 3c0288fc lui $v0,0x88fc
000002d8: 8c47098c lw $a3,2444($v0)
000002dc: 00641823 subu $v1,$v1,$a0
000002e0: 00138140 sll $s0,$s3,5
000002e4: 02f08021 addu $s0,$s7,$s0
000002e8: 2463fff7 addiu $v1,$v1,-9=0xfff7
000002ec: 00d13021 addu $a2,$a2,$s1
000002f0: 2402ff80 addiu $v0,$zero,-128=0xff80
000002f4: 00d03023 subu $a2,$a2,$s0
000002f8: 26040020 addiu $a0,$s0,32=0x0020
000002fc: 02002821 addu $a1,$s0,$zero
00000300: afa30000 sw $v1,0($sp)
00000304: 24030001 addiu $v1,$zero,1
00000308: a3a2000b sb $v0,11($sp)
0000030c: a3a3000a sb $v1,10($sp)
00000310: 0e3f002c jal 0x8fc00b0 #
00000314: a7a70008 sh $a3,8($sp)
00000318: 02002021 addu $a0,$s0,$zero
0000031c: 03a02821 addu $a1,$sp,$zero
00000320: 0e3f0021 jal 0x8fc0084 #
00000324: 24060020 addiu $a2,$zero,32=0x0020
00000328: 8a230027 lwl $v1,39($s1)
0000032c: 26520029 addiu $s2,$s2,41=0x0029
00000330: 9a230024 lwr $v1,36($s1)
00000334: 24630001 addiu $v1,$v1,1
00000338: aa230027 swl $v1,39($s1)
0000033c: ba230024 swr $v1,36($s1)
00000340: 8a220033 lwl $v0,51($s1)
00000344: 9a220030 lwr $v0,48($s1)
00000348: 24420020 addiu $v0,$v0,32=0x0020
0000034c: aa220033 swl $v0,51($s1)
00000350: ba220030 swr $v0,48($s1)
00000354: 8a230037 lwl $v1,55($s1)
00000358: 9a230034 lwr $v1,52($s1)
0000035c: 24630020 addiu $v1,$v1,32=0x0020
00000360: aa230037 swl $v1,55($s1)
00000364: ba230034 swr $v1,52($s1)
00000368: 8a220013 lwl $v0,19($s1)
0000036c: 8a230017 lwl $v1,23($s1)
00000370: 9a220010 lwr $v0,16($s1)
00000374: 9a230014 lwr $v1,20($s1)
00000378: 1860ff9c blez $v1,0x1ec
0000037c: 02221021 addu $v0,$s1,$v0
00000380: 00402021 addu $a0,$v0,$zero
00000384: 00002821 addu $a1,$zero,$zero
00000388: 90820001 lbu $v0,1($a0)
0000038c: 90830000 lbu $v1,0($a0)
00000390: 24a50001 addiu $a1,$a1,1
00000394: 00021200 sll $v0,$v0,8
00000398: 00431025 or $v0,$v0,$v1
0000039c: 24420001 addiu $v0,$v0,1
000003a0: 3042ffff andi $v0,$v0,0xffff
000003a4: 00021a02 srl $v1,$v0,8
000003a8: a0830001 sb $v1,1($a0)
000003ac: a0820000 sb $v0,0($a0)
000003b0: 8a230017 lwl $v1,23($s1)
000003b4: 9a230014 lwr $v1,20($s1)
000003b8: 00a3182a slt $v1,$a1,$v1
000003bc: 1460fff2 bne $v1,$zero,0x388
000003c0: 24840020 addiu $a0,$a0,32=0x0020
000003c4: 0a3f007c j 0x8fc01f0 #
000003c8: 02401021 addu $v0,$s2,$zero
000003cc: 0a3f007b j 0x8fc01ec #
000003d0: 02c09021 addu $s2,$s6,$zero
000003d4: 02e08021 addu $s0,$s7,$zero
000003d8: 00009821 addu $s3,$zero,$zero
000003dc: 3c1588fc lui $s5,0x88fc
000003e0: 8a040003 lwl $a0,3($s0)
000003e4: 8ea5093c lw $a1,2364($s5)
000003e8: 9a040000 lwr $a0,0($s0)
000003ec: 26100020 addiu $s0,$s0,32=0x0020
000003f0: 0e3f0039 jal 0x8fc00e4 #
000003f4: 02842021 addu $a0,$s4,$a0
000003f8: 1040ffaa beq $v0,$zero,0x2a4
000003fc: 8a220027 lwl $v0,39($s1)
00000400: 26730001 addiu $s3,$s3,1
00000404: 9a220024 lwr $v0,36($s1)
00000408: 0262102a slt $v0,$s3,$v0
0000040c: 5440fff5 bnel $v0,$zero,0x3e4
00000410: 8a040003 lwl $a0,3($s0)
00000414: 0a3f00a9 j 0x8fc02a4 #
00000418: 8a220027 lwl $v0,39($s1)
0000041c: 3c0488fc lui $a0,0x88fc
00000420: 8c830934 lw $v1,2356($a0)
00000424: 10600003 beq $v1,$zero,0x434
00000428: 00001021 addu $v0,$zero,$zero
0000042c: 03e00008 jr $ra
00000430: ac800934 sw $zero,2356($a0)
00000434: 3c0288fc lui $v0,0x88fc
00000438: 8c590924 lw $t9,2340($v0)
0000043c: 03200008 jr $t9
00000440: 00000000 nop
00000444: 27bdfff0 addiu $sp,$sp,-16
00000448: afbf0008 sw $ra,8($sp)
0000044c: 8c870130 lw $a3,304($a0)
00000450: 3c02b301 lui $v0,0xb301
00000454: 3442aeba ori $v0,$v0,0xaeba
00000458: 00805021 addu $t2,$a0,$zero
0000045c: 10e2001f beq $a3,$v0,0x4dc
00000460: 00c05821 addu $t3,$a2,$zero
00000464: 3c08bc10 lui $t0,0xbc10
00000468: 35020094 ori $v0,$t0,0x94
0000046c: 8c430000 lw $v1,0($v0)
00000470: 10e30007 beq $a3,$v1,0x490
00000474: 3c0388fc lui $v1,0x88fc
00000478: 8c620990 lw $v0,2448($v1)
0000047c: 0040f809 jalr $ra,$v0
00000480: 00000000 nop
00000484: 8fbf0008 lw $ra,8($sp)
00000488: 03e00008 jr $ra
0000048c: 27bd0010 addiu $sp,$sp,16
00000490: 35020090 ori $v0,$t0,0x90
00000494: 8c430000 lw $v1,0($v0)
00000498: 03a04021 addu $t0,$sp,$zero
0000049c: 00803021 addu $a2,$a0,$zero
000004a0: afa30000 sw $v1,0($sp)
000004a4: 24890040 addiu $t1,$a0,64=0x0040
000004a8: 24070004 addiu $a3,$zero,4
000004ac: 90c50150 lbu $a1,336($a2)
000004b0: 00002021 addu $a0,$zero,$zero
000004b4: 01041021 addu $v0,$t0,$a0
000004b8: 90430000 lbu $v1,0($v0)
000004bc: 24840001 addiu $a0,$a0,1
000004c0: 00a31026 xor $v0,$a1,$v1
000004c4: 1487fffb bne $a0,$a3,0x4b4
000004c8: 00402821 addu $a1,$v0,$zero
000004cc: a0c20150 sb $v0,336($a2)
000004d0: 24c60001 addiu $a2,$a2,1
000004d4: 5526fff6 bnel $t1,$a2,0x4b0
000004d8: 90c50150 lbu $a1,336($a2)
000004dc: 8d4600b0 lw $a2,176($t2)
000004e0: 01402021 addu $a0,$t2,$zero
000004e4: 25450150 addiu $a1,$t2,336=0x0150
000004e8: 0e3f0021 jal 0x8fc0084 #
000004ec: ad660000 sw $a2,0($t3)
000004f0: 8fbf0008 lw $ra,8($sp)
000004f4: 00001021 addu $v0,$zero,$zero
000004f8: 03e00008 jr $ra
000004fc: 27bd0010 addiu $sp,$sp,16
00000500: 00003021 addu $a2,$zero,$zero
00000504: 0a3f0145 j 0x8fc0514 #
00000508: 24070058 addiu $a3,$zero,88=0x0058
0000050c: 10c70009 beq $a2,$a3,0x534
00000510: 00000000 nop
00000514: 00c41021 addu $v0,$a2,$a0
00000518: 904300d4 lbu $v1,212($v0)
0000051c: 1060fffb beq $v1,$zero,0x50c
00000520: 24c60001 addiu $a2,$a2,1
00000524: 3c0288fc lui $v0,0x88fc
00000528: 8c590988 lw $t9,2440($v0)
0000052c: 03200008 jr $t9
00000530: 00000000 nop
00000534: 03e00008 jr $ra
00000538: 00001021 addu $v0,$zero,$zero
0000053c: 3c0288fc lui $v0,0x88fc
00000540: 3c0388fc lui $v1,0x88fc
00000544: 3c0803ff lui $t0,0x3ff
00000548: 24420444 addiu $v0,$v0,1092=0x0444
0000054c: 24630500 addiu $v1,$v1,1280=0x0500
00000550: 3508ffff ori $t0,$t0,0xffff
00000554: 00021082 srl $v0,$v0,2
00000558: 00031882 srl $v1,$v1,2
0000055c: 3c090c00 lui $t1,0xc00
00000560: 00681824 and $v1,$v1,$t0
00000564: 00481024 and $v0,$v0,$t0
00000568: 27bdffe8 addiu $sp,$sp,-24
0000056c: 00691825 or $v1,$v1,$t1
00000570: 00491025 or $v0,$v0,$t1
00000574: afbf0010 sw $ra,16($sp)
00000578: afb4000c sw $s4,12($sp)
0000057c: afb30008 sw $s3,8($sp)
00000580: afb20004 sw $s2,4($sp)
00000584: afb10000 sw $s1,0($sp)
00000588: 0080a021 addu $s4,$a0,$zero
0000058c: ace2355c sw $v0,13660($a3)
00000590: 00e08821 addu $s1,$a3,$zero
00000594: ace25c84 sw $v0,23684($a3)
00000598: 00a09821 addu $s3,$a1,$zero
0000059c: ace35ca8 sw $v1,23720($a3)
000005a0: 00c09021 addu $s2,$a2,$zero
000005a4: ace35cd8 sw $v1,23768($a3)
000005a8: 24e4757c addiu $a0,$a3,30076=0x757c
000005ac: 24e5755c addiu $a1,$a3,30044=0x755c
000005b0: ace35d70 sw $v1,23920($a3)
000005b4: 3c0288fc lui $v0,0x88fc
000005b8: 3c0388fc lui $v1,0x88fc
000005bc: ac440990 sw $a0,2448($v0)
000005c0: 0e3f0054 jal 0x8fc0150 #
000005c4: ac650988 sw $a1,2440($v1)
000005c8: 02802021 addu $a0,$s4,$zero
000005cc: 02602821 addu $a1,$s3,$zero
000005d0: 02403021 addu $a2,$s2,$zero
000005d4: 0220c821 addu $t9,$s1,$zero
000005d8: 8fbf0010 lw $ra,16($sp)
000005dc: 8fb4000c lw $s4,12($sp)
000005e0: 8fb30008 lw $s3,8($sp)
000005e4: 8fb20004 lw $s2,4($sp)
000005e8: 8fb10000 lw $s1,0($sp)
000005ec: 03200008 jr $t9
000005f0: 27bd0018 addiu $sp,$sp,24
000005f4: 27bdfff8 addiu $sp,$sp,-8
000005f8: afb00000 sw $s0,0($sp)
000005fc: 3c1088fc lui $s0,0x88fc
00000600: 00802821 addu $a1,$a0,$zero
00000604: 24060040 addiu $a2,$zero,64=0x0040
00000608: afbf0004 sw $ra,4($sp)
0000060c: 0e3f0021 jal 0x8fc0084 #
00000610: 26040944 addiu $a0,$s0,2372=0x0944
00000614: 3c0488fc lui $a0,0x88fc
00000618: 3c0588fc lui $a1,0x88fc
0000061c: 24840948 addiu $a0,$a0,2376=0x0948
00000620: 24a508c8 addiu $a1,$a1,2248=0x08c8
00000624: 0e3f0003 jal 0x8fc000c #
00000628: 24060010 addiu $a2,$zero,16=0x0010
0000062c: 1440001c bne $v0,$zero,0x6a0
00000630: 3c0288fb lui $v0,0x88fb
00000634: 344400c0 ori $a0,$v0,0xc0
00000638: 8c830000 lw $v1,0($a0)
0000063c: 24020001 addiu $v0,$zero,1
00000640: 10620014 beq $v1,$v0,0x694
00000644: 26030944 addiu $v1,$s0,2372=0x0944
00000648: 8c830000 lw $v1,0($a0)
0000064c: 24020002 addiu $v0,$zero,2
00000650: 10620021 beq $v1,$v0,0x6d8
00000654: 26030944 addiu $v1,$s0,2372=0x0944
00000658: 2402006a addiu $v0,$zero,106=0x006a
0000065c: a0620009 sb $v0,9($v1)
00000660: 3c0288fc lui $v0,0x88fc
00000664: 8c43093c lw $v1,2364($v0)
00000668: 10600003 beq $v1,$zero,0x678
0000066c: 24030001 addiu $v1,$zero,1
00000670: 3c0288fc lui $v0,0x88fc
00000674: ac430938 sw $v1,2360($v0)
00000678: 3c0288fc lui $v0,0x88fc
0000067c: 8c59092c lw $t9,2348($v0)
00000680: 26040944 addiu $a0,$s0,2372=0x0944
00000684: 8fbf0004 lw $ra,4($sp)
00000688: 8fb00000 lw $s0,0($sp)
0000068c: 03200008 jr $t9
00000690: 27bd0008 addiu $sp,$sp,8
00000694: 2402006b addiu $v0,$zero,107=0x006b
00000698: 0a3f0198 j 0x8fc0660 #
0000069c: a0620009 sb $v0,9($v1)
000006a0: 3c0588fc lui $a1,0x88fc
000006a4: 24a508bc addiu $a1,$a1,2236=0x08bc
000006a8: 26040944 addiu $a0,$s0,2372=0x0944
000006ac: 0e3f0003 jal 0x8fc000c #
000006b0: 24060009 addiu $a2,$zero,9
000006b4: 5440fff1 bnel $v0,$zero,0x67c
000006b8: 3c0288fc lui $v0,0x88fc
000006bc: 24040001 addiu $a0,$zero,1
000006c0: 3c0388fc lui $v1,0x88fc
000006c4: ac640934 sw $a0,2356($v1)
000006c8: 8fbf0004 lw $ra,4($sp)
000006cc: 8fb00000 lw $s0,0($sp)
000006d0: 03e00008 jr $ra
000006d4: 27bd0008 addiu $sp,$sp,8
000006d8: 2402006c addiu $v0,$zero,108=0x006c
000006dc: 0a3f0198 j 0x8fc0660 #
000006e0: a0620009 sb $v0,9($v1)
000006e4: 3c0c88fc lui $t4,0x88fc
000006e8: 3c020fff lui $v0,0xfff
000006ec: 3c0b88fc lui $t3,0x88fc
000006f0: 3c0a88fc lui $t2,0x88fc
000006f4: 3c0988fc lui $t1,0x88fc
000006f8: 3442fffc ori $v0,$v0,0xfffc
000006fc: 258c053c addiu $t4,$t4,1340=0x053c
00000700: 3c0303ff lui $v1,0x3ff
00000704: 256b05f4 addiu $t3,$t3,1524=0x05f4
00000708: 254a017c addiu $t2,$t2,380=0x017c
0000070c: 2529041c addiu $t1,$t1,1052=0x041c
00000710: 3463ffff ori $v1,$v1,0xffff
00000714: 01826024 and $t4,$t4,$v0
00000718: 000b5882 srl $t3,$t3,2
0000071c: 000a5082 srl $t2,$t2,2
00000720: 00094882 srl $t1,$t1,2
00000724: 3c088860 lui $t0,0x8860
00000728: 01234824 and $t1,$t1,$v1
0000072c: 01635824 and $t3,$t3,$v1
00000730: 01435024 and $t2,$t2,$v1
00000734: 3c020800 lui $v0,0x800
00000738: 3c030c00 lui $v1,0xc00
0000073c: 000c6082 srl $t4,$t4,2
00000740: 27bdffd8 addiu $sp,$sp,-40
00000744: 01826025 or $t4,$t4,$v0
00000748: 01635825 or $t3,$t3,$v1
0000074c: 35022020 ori $v0,$t0,0x2020
00000750: afbf0020 sw $ra,32($sp)
00000754: afb7001c sw $s7,28($sp)
00000758: afb60018 sw $s6,24($sp)
0000075c: afb50014 sw $s5,20($sp)
00000760: afb40010 sw $s4,16($sp)
00000764: afb3000c sw $s3,12($sp)
00000768: afb20008 sw $s2,8($sp)
0000076c: afb10004 sw $s1,4($sp)
00000770: afb00000 sw $s0,0($sp)
00000774: 01234825 or $t1,$t1,$v1
00000778: ac4b0000 sw $t3,0($v0)
0000077c: 01435025 or $t2,$t2,$v1
00000780: 350e20bc ori $t6,$t0,0x20bc
00000784: 35032090 ori $v1,$t0,0x2090
00000788: 350f5030 ori $t7,$t0,0x5030
0000078c: 3c02afa5 lui $v0,0xafa5
00000790: ac6a0000 sw $t2,0($v1)
00000794: adc90000 sw $t1,0($t6)
00000798: ade20000 sw $v0,0($t7)
0000079c: 3c0203e0 lui $v0,0x3e0
000007a0: 35105034 ori $s0,$t0,0x5034
000007a4: 351130e0 ori $s1,$t0,0x30e0
000007a8: 3c0320a3 lui $v1,0x20a3
000007ac: 34420008 ori $v0,$v0,0x8
000007b0: ae030000 sw $v1,0($s0)
000007b4: ae220000 sw $v0,0($s1)
000007b8: 3c032402 lui $v1,0x2402
000007bc: 3c020011 lui $v0,0x11
000007c0: 351230e4 ori $s2,$t0,0x30e4
000007c4: 35132018 ori $s3,$t0,0x2018
000007c8: 3514206c ori $s4,$t0,0x206c
000007cc: 35152084 ori $s5,$t0,0x2084
000007d0: 35164ef0 ori $s6,$t0,0x4ef0
000007d4: 34630001 ori $v1,$v1,0x1
000007d8: 34423821 ori $v0,$v0,0x3821
000007dc: ae430000 sw $v1,0($s2)
000007e0: ae600000 sw $zero,0($s3)
000007e4: ae800000 sw $zero,0($s4)
000007e8: aea00000 sw $zero,0($s5)
000007ec: aec20000 sw $v0,0($s6)
000007f0: 3c0202a0 lui $v0,0x2a0
000007f4: 3c0d88fb lui $t5,0x88fb
000007f8: 35186d38 ori $t8,$t0,0x6d38
000007fc: 35174ef4 ori $s7,$t0,0x4ef4
00000800: 3442e821 ori $v0,$v0,0xe821
00000804: 35084ef8 ori $t0,$t0,0x4ef8
00000808: aeec0000 sw $t4,0($s7)
0000080c: 35a300d4 ori $v1,$t5,0xd4
00000810: ad020000 sw $v0,0($t0)
00000814: af000000 sw $zero,0($t8)
00000818: 35a200d0 ori $v0,$t5,0xd0
0000081c: 8c480000 lw $t0,0($v0)
00000820: 35aa00dc ori $t2,$t5,0xdc
00000824: 8c690000 lw $t1,0($v1)
00000828: 35ad00d8 ori $t5,$t5,0xd8
0000082c: 8dab0000 lw $t3,0($t5)
00000830: 8d4c0000 lw $t4,0($t2)
00000834: 3c0288fc lui $v0,0x88fc
00000838: 3c0388fc lui $v1,0x88fc
0000083c: ac48093c sw $t0,2364($v0)
00000840: ac690984 sw $t1,2436($v1)
00000844: 3c0288fc lui $v0,0x88fc
00000848: 3c0388fc lui $v1,0x88fc
0000084c: ac4b0940 sw $t3,2368($v0)
00000850: ac6c098c sw $t4,2444($v1)
00000854: 3c0288fc lui $v0,0x88fc
00000858: 3c0388fc lui $v1,0x88fc
0000085c: 00808021 addu $s0,$a0,$zero
00000860: 00a08821 addu $s1,$a1,$zero
00000864: 00c09021 addu $s2,$a2,$zero
00000868: 00e09821 addu $s3,$a3,$zero
0000086c: ac400938 sw $zero,2360($v0)
00000870: 0e3f0054 jal 0x8fc0150 #
00000874: ac600934 sw $zero,2356($v1)
00000878: 3c0288fc lui $v0,0x88fc
0000087c: 8c590930 lw $t9,2352($v0)
00000880: 02002021 addu $a0,$s0,$zero
00000884: 02202821 addu $a1,$s1,$zero
00000888: 02403021 addu $a2,$s2,$zero
0000088c: 02603821 addu $a3,$s3,$zero
00000890: 8fbf0020 lw $ra,32($sp)
00000894: 8fb7001c lw $s7,28($sp)
00000898: 8fb60018 lw $s6,24($sp)
0000089c: 8fb50014 lw $s5,20($sp)
000008a0: 8fb40010 lw $s4,16($sp)
000008a4: 8fb3000c lw $s3,12($sp)
000008a8: 8fb20008 lw $s2,8($sp)
000008ac: 8fb10004 lw $s1,4($sp)
000008b0: 8fb00000 lw $s0,0($sp)
000008b4: 03200008 jr $t9
000008b8: 27bd0028 addiu $sp,$sp,40
000008bc: 6d74722f ldr $s4,29231($t3)
000008c0: 7872702e const 0x7872702e
000008c4: 00000000 nop
000008c8: 62707370 daddi $s0,$s3,29552=0x7370
000008cc: 666e6374 daddiu $t6,$s3,25460=0x6374
000008d0: 6732305f daddiu $s2,$t9,12383=0x305f
000008d4: 6e69622e ldr $t1,25134($s3)
000008d8: 00000000 nop
000008dc: 00000000 nop
000008e0: 00000000 nop
000008e4: 00000000 nop
000008e8: 00000000 nop
000008ec: 00000000 nop
000008f0: 00000000 nop
000008f4: 00000000 nop
000008f8: 00000000 nop
000008fc: 00000000 nop
00000900: 00000000 nop
00000904: 00000000 nop
00000908: 00000000 nop
0000090c: 00000000 nop
00000910: 00000000 nop
00000914: 00000000 nop
00000918: 00000000 nop
0000091c: 8860022c lwl $zero,556($v1)
00000920: 886007c0 lwl $zero,1984($v1)
00000924: 88607cf8 lwl $zero,31992($v1)
00000928: 88607d54 lwl $zero,32084($v1)
0000092c: 88607be0 lwl $zero,31712($v1)
00000930: 88600000 lwl $zero,0($v1)