Index: dukaqi/senrui/do.bat =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/do.bat (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/do.bat (working copy) @@ -0,0 +1,146 @@ +@set FPGA_PATH=fpgajic\fpga +@set ROM_PATH=. +@set MV_PATCH=mv\src\yichip +@set YC_PATCH_FILE=yc_patch_yc1021.h +@set enc=1 +@set enckey=0000000000000000 +@set device_option=none +@rem set device_option=xip +@rem set device_option=shutter +@rem set device_option=hci +@rem set device_option=kb +@rem set device_option=mouse +@rem set device_option=le_kb +@rem set device_option=dongle +@rem set device_option=module +@rem set device_option=prcp + +@echo off + +setlocal enabledelayedexpansion +for /f %%f in ('dir /b /o program\*.prog') do @if not %%f==bt.prog if not %%f==patch.prog if not %%f==sim.prog set progs=!progs! program\%%f +type program\bt.prog %progs% > output\bt_program23.meta +for /f %%f in ('dir /b /o format\*.format') do @if not %%f==bt.format if not %%f==command.format set fmts=!fmts! format\%%f +type format\bt.format %fmts% format\command.format > output\bt_format.meta +perl util/mergepatch.pl output/bt_program23.meta +perl util/memalloc.pl output/bt_format.meta + +cd output +osiuasm bt_program23 -O-W + +if "%device_option%" equ "hci" ( + copy ..\sched\hci_boot.dat ..\output\sched.rom +) else if "%device_option%" equ "kb" ( +copy ..\sched\ssp.dat + ..\sched\kb.dat + ..\sched\revc.dat ..\output\sched.rom +) else if "%device_option%" equ "le_kb" ( + copy ..\sched\le_kb.dat + ..\sched\revc.dat ..\output\sched.rom +) else if "%device_option%" equ "mouse" ( + copy ..\sched\ssp.dat + ..\sched\mouse.dat + ..\sched\le_mouse.dat + ..\sched\revc.dat ..\output\sched.rom +) else if "%device_option%" equ "module" ( + copy ..\sched\DM_module.dat + ..\sched\revd.dat ..\output\sched.rom +) else if "%device_option%" equ "shutter" ( + copy ..\sched\ssp.dat + ..\sched\shutter.dat + ..\sched\revc.dat ..\output\sched.rom +) else if "%device_option%" equ "dongle" ( + copy ..\sched\dongle.dat + ..\sched\usb.dat + ..\sched\revc.dat ..\output\sched.rom +) else if "%device_option%" equ "prcp" ( + copy ..\sched\Le_prcp.dat + ..\sched\revb.dat ..\output\sched.rom +) else if "%device_option%" equ "xip" ( + copy ..\sched\patch.dat + ..\sched\rf.dat + ..\sched\user.dat ..\output\sched.rom +) else if "%device_option%" equ "none" ( +rem del ..\output\sched.rom +) else ( +cd .. +echo ********************************** +echo Error: illegal device_option ! +echo ********************************** +goto end +) + + copy ..\sched\DM_module.dat + ..\sched\109x.dat ..\output\sched.rom + +if "%1" equ "eep" ( + goto genromrevc +)else ( + goto downloadram +) + +:geneeprom +@rem echo on +@echo Start to generate EEPROM code +copy ..\sched\mouse.dat ..\output\sched.rom + +..\util\geneep ramcode.rom fwram.rom sched.rom %enc% %enckey% a + +perl ..\util\a1bugfix.pl +osiuasm bt_program23 -O-W +..\util\geneep ramcode.rom fwram.rom sched.rom %enc% %enckey% a +goto gen_eep_end + + + + +:genromrevb +echo off +@echo Start to generate EEPROM code +..\..\regedr\geneep ramcode.rom fwram.rom sched.rom %enc% %enckey% b +goto gen_eep_end + + +:genromrevc +echo off +@echo Start to generate EEPROM code + +geneep -n + + +:gen_eep_end +cd .. +echo ********************************** +echo EEPROM Generated. +echo The Device is %device_option%. +echo Use command "e fp" to download EEPROM. +echo ********************************** +goto end + + + + +:genrom +@rem echo on +perl ..\util\rom2mif.pl romcode +del ..\..\%FPGA_PATH%\romcode.mif +copy .\romcode.mif ..\..\%FPGA_PATH%\romcode.mif +perl ..\util\gen_patch_h.pl >%YC_PATCH_FILE% +copy .\%YC_PATCH_FILE% ..\..\%MV_PATCH%\%YC_PATCH_FILE% +copy .\%YC_PATCH_FILE% D:\work\yichip\mv_proj\src\inc\%YC_PATCH_FILE% +cd ..\..\%FPGA_PATH% +quartus_cdb btspi -c btspi --update_mif +quartus_asm --read_settings_files=off --write_settings_files=off btspi -c btspi +quartus_pgm -c USB-Blaster[USB-0] -m jtag -o "p;.\output\btspi.sof" +@echo bitstream_compression=on >1 +@echo memory_map_file=on >> 1 +quartus_cpf -c -o 1 -s EP3C55 -d EPCS16 output\btspi.sof output\btspi.jic +@rem quartus_pgm -c USB-Blaster[USB-0] -m jtag -o "pi;.\output\btspi.jic" +@del 1 +goto end + + + +:downloadram +echo on +@echo Start to download ram code +e ku +e hu +e su sched.rom +@echo ********************************** +@echo RAM CODE has been downloaded. +@echo The Device is %device_option%. +@echo ********************************** +cd .. + + +:end +echo create bt_code.c file +perl .\util\rom2h.pl <.\output\eeprom.dat> .\output\bt_code.c +copy .\output\bt_code.c ..\fw\core + Index: dukaqi/senrui/format/app.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/app.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/app.format (working copy) @@ -0,0 +1,278 @@ + +memalloc( + +/* load code */ +1 mem_ucode_status +2 mem_otp_ucode_flag +1 mem_spid_tbuf /* spid buf: 03 addr[23:16] addr[15:8] addr[7:0] */ +0 mem_iicd_tbuf /* iicd buf: iic_adr addr[15:8] addr[7:0] iic_adr */ +1 mem_addr_hi +1 mem_addr_mi +1 mem_addr_lo +1 mem_iicd_addr +4 mem_spid_rbuf +2 mem_ucode_buf +2 mem_ucode_len +2 mem_sched_addr +2 mem_ucode_ptr +16 mem_ucode_keybuf +18 mem_check_plap_temp + + +1 mem_reconnect_flag +1 mem_switch_fail_master_count +1 mem_app_evt_timer_count + +) + +xmemalloc( +1 mem_app_handshake_flag +2 mem_sniff_param_interval +2 mem_sniff_param_attempt +2 mem_sniff_param_timeout + +/*App Callback Functons*/ +2 mem_cb_check_wakelock +2 mem_cb_before_hibernate +2 mem_cb_before_lpm +2 mem_cb_le_process +2 mem_cb_bt_process +2 mem_cb_idle_process +2 mem_cb_bb_event_process +2 mem_cb_discovry_timeout +2 mem_cb_att_write +2 mem_cb_ble_transmit +2 mem_cb_event_timer +2 mem_cb_bt_set_mult + + + + +2 mem_eeprom_base + +1 mem_unsniff2sniff_timer_count +//lpm mode +1 mem_wake_up_delay_timer + +1 mem_app_connection_options + +// +2 mem_app_disconn_reason +2 mem_app_disconn_reason_flag +4 mem_lpm_delay_after_sniff +1 mem_xrecord_mode + +1 mem_eeprom_block_size +1 mem_spi_init_clk +1 mem_spi_init_delay_time +1 mem_spi_ncs_gpio + +2 mem_nv_data_ptr +1 mem_nv_data_number + + +ifdef SPI_SIMULATE +//spi gpio config +0 mem_spi_simulate_struct +1 mem_spi_simulate_cs_gpio +1 mem_spi_simulate_sclk_gpio +1 mem_spi_simulate_mosi_gpio +1 mem_spi_simulate_miso_gpio +1 mem_spi_simulate_motion_gpio +//spi slave read byte +50 mem_spi_simulate_read_byte_slave +1 mem_spi_simulate_read_byte_slave_temp +1 mem_spi_simulate_read_length_slave +1 mem_spi_simulate_read_length_slave_temp +//spi slave write byte +50 mem_spi_simulate_write_byte_slave +1 mem_spi_simulate_write_byte_slave_temp +1 mem_spi_simulate_write_byte_slave_temp_temp +1 mem_spi_simulate_write_length_slave +1 mem_spi_simulate_write_length_slave_temp +endif + +) +//adc read +( +0 ADC_CONFIG_VINLPM +1 ADC_CONFIG_HVIN +2 ADC_CONFIG_GPIO +) + + +( +0 QUEUE_OFFSET_EACH_SIZE +1 QUEUE_OFFSET_LENGTH +2 QUEUE_OFFSET_CURR_NUM +3 QUEUE_OFFSET_READ_PTR +4 QUEUE_OFFSET_WRITE_PTR +5 QUEUE_OFFSET_ELE_INIT_ADDR +) +( +//Flash Register +0x05 FLASH_READ_SATUS + +// Flash Status Register +0x00 FLASH_STATUS_WIP +0X01 FLASH_STATUS_WEL +0X02 FLASH_STATUS_BP0 +0X03 FLASH_STATUS_BP1 + +//Flash Write Sm +0X00 FLASH_SM_NO_BUYS +0X01 FLASH_SM_START +0X02 FLASH_SM_ERASE_SECTOR +0X03 FLASH_SM_WAIT_ERASE_SECTOR +0X04 FLASH_SM_WRITE_DATA +0X05 FLASH_SM_WAIT_WRITE_DATA + + +//Flash Command +0x02 FLASH_COMMAND_WRITE_DATA +0x03 FLASH_COMMAND_READ_DATA +0x20 FLASH_COMMAND_SECTOR_ERASE +) + +0x0000 otp_ucode_flag +0x07f0 otp_ucode_aeskey + +/* adc data addr and flag */ +( +0x07e0 OTP_CHIP_FUNCTIONS +0x07e2 otp_adc_io_0_5V_addr +0x07e4 otp_adc_hvin_1V_addr +0x07e6 otp_adc_vinlpm_2V_addr +0x07e8 otp_adc_io_1V_addr +0x07ea otp_adc_hvin_5V_addr +0x07ec otp_adc_vinlpm_3V_addr +0x07ee otp_adc_flag_addr +0xaa55 OTP_ADC_FLAG +) + +/* data stored in eeprom */ +( +0 eeprom_nv_ram + +195 eeprom_module_init_flag//2 + +) + +/*mem_app_handshake_flag*/ +( +0 APP_HANDSHAKE_NULL +1 APP_HANDSHAKE_DONE + +) +/*mem_device_option*/ +( +1 dvc_op_hci +4 dvc_op_dongle +5 dvc_op_spp +6 dvc_op_ukey +7 dvc_op_ir + +9 dvc_op_shutter +10 dvc_op_module +11 dvc_op_ble_mouse +12 dvc_op_ble_kb +13 dvc_op_ble_prcp +14 dvc_op_car +15 dvc_op_AntiLost +16 dvc_op_remote_car +255 dvc_op_test +//device option hight 4 +6 dvc_op_mouse +7 dvc_op_keyboard +//device option low 2 +( +0 MODE_3_MOUSE +1 MODE_4_MOUSE +) +) + +( +3 twspi_sclk +4 twspi_sdio +) + +( +4 pan_clk_bit +5 pan_dat_bit +6 pan_mov_bit +) + +( +7 otp_uflag_aes +6 otp_uflag_skip_eep +5 otp_uflag_skip_flash +4 otp_uflag_hci +) + +/* ir command */ +( +1 ircmd_record +2 ircmd_play +3 ircmd_write_pulse +4 ircmd_write_seq +5 ircmd_write_next + +8 ircmd_test_play +9 ircmd_test_rec + +10 ircmd_report_pulse +11 ircmd_report_seq +12 ircmd_report_raw + +20 ircmd_screen_on +21 ircmd_screen_off +) + +( +7 gpio_active_bit +) +( +2 HID_HANDSHAKE_TIMEOUT + +) + +( +1 APP_FLAG_RECONNECT +) +( +5 LPM_WAKE_UP_DELAY_TIMER +) + + +//mem_app_disconn_reason +//mem_app_disconn_reason_flag +//bit map +( +2 APP_DISC_RSN_SIZE +) +( +0 APP_DISC_BY_BUTTON +1 APP_DISC_AFTER_PAIRING +2 APP_DISC_AFTER_RECONN +3 APP_DISC_AFTER_SNIFF +4 APP_DISC_AFTER_SETUP_DONE +5 APP_DISC_AFTER_HANDSHAKE +6 APP_DISC_BT +7 APP_DISC_BLE +8 APP_DISC_L2CAP_REFUSED +9 APP_DISC_SWITCH_FAIL +) +//eeprom init flag +( + 0xaa55 EEPROM_INIT_FLAG +) + +( +1 KEY_CONF_STRUCT_LEN +0 KEY_PIN_OFFSET +) + +( +12000000 PWM_12MHZ +) + Index: dukaqi/senrui/format/app_module.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/app_module.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/app_module.format (working copy) @@ -0,0 +1,228 @@ +memalloc( +) +omemalloc( + 2 mem_soft_version_num + + 2 mem_current_packet_length + 1 mem_module_state + + 1 mem_module_spp_lpm_mult + 1 mem_module_le_lpm_mult + 1 mem_module_bluetooth_stauts_by_command + + //ble + 1 mem_module_le_rx_data_len + 2 mem_module_le_rx_data_address + 2 mem_module_le_rx_data_handle + //ble write handle + 2 mem_module_data_write_handle + 2 mem_module_data_write_handle2 + //flag + 1 mem_module_flag + + 1 mem_module_hci_notify_len + 2 mem_module_hci_notify_handle + 2 mem_module_hci_nofiy_addr + + 4 mem_last_transmite_clock + + 300 mem_module_uuid_list + 0 mem_module_uuid_list_end + 700 mem_module_le_att_list + 0 mem_module_le_att_list_end + 0 mem_module_nv_data + 34 mem_module_nv_data0 + 34 mem_module_nv_data1 + 34 mem_module_nv_data2 + 34 mem_module_nv_data3 + 34 mem_module_nv_data4 + 1 mem_module_rfcomm_disconnect_count + 3 mem_rf_init +) + + +( +0x4FEF IPC_HOLD_BT + +0x4FF0 IPC_BT2M0_START_ADDR +0x4FF2 IPC_BT2M0_END_ADDR +0x4FF4 IPC_BT2M0_READ_PTR +0x4FF6 IPC_BT2M0_WRITE_PTR + +0x4FF8 IPC_M02BT_START_ADDR +0x4FFA IPC_M02BT_END_ADDR +0x4FFC IPC_M02BT_READ_PTR +0x4FFE IPC_M02BT_WRITE_PTR +) + +(//mem_module_flag +//bit0~bit3 config module function +0 MODULE_FLAG_UART_FLOW_CONTROL +1 MODULE_FLAG_BLE_SEND_MTU23 +2 MODULE_FLAG_BLE_DATA_ENCRYPT + +//bit4~bit7 module states change +4 MODULE_FLAG_BLE_DATA_FINISH +5 MOUDLE_TASK_UNSNIFF +6 MOUDLE_TASK_SNIFF + +) + +( +34 NV_DATA_LEN +-1 DECREASED_ONE +) + + + +( + 10 FLAG_MODULE_READ_VDD_COUNT +) + +( + 110 DM_REFCOM_BUFF_LEN + 230 NL_RFCOMM_BUFF_LEN +) +( + 0x200 UART_AIR_CONTROL_THRESHOLD +) + +( +0x01 HCI_DISCARD_PACKET +0x00 HCI_NOT_DISCARD_PACKET +) + + + +(//Command +0x00 HCI_CMD_SET_BT_ADDR_REQ +0x01 HCI_CMD_SET_LE_ADDR_REQ +0x02 HCI_CMD_SET_VISIBILITY_REQ +0x03 HCI_CMD_SET_BT_NAME_REQ +0x04 HCI_CMD_SET_LE_NAME_REQ +0x05 HCI_CMD_SPP_DATA_REQ +0x09 HCI_CMD_LE_DATA_REQ +0x0b HCI_CMD_STATUS_IRQ +0x0c HCI_CMD_SET_PAIRING_REQ +0x0d HCI_CMD_SET_PINCODE_REQ +0x0e HCI_CMD_SET_UARTCONTROL_REQ +0x0f HCI_CMD_SET_UART_BAUD_REQ +0x10 HCI_CMD_VERSION_REQ +0x11 HCI_CMD_BT_DISCONNECT +0x12 HCI_CMD_BLE_DISCONNECT +0x13 HCI_CMD_DELETE_DEVICE +0x14 HCI_CMD_CREATE_CONNECT +0x15 HCI_CMD_SET_COD +0x26 HCI_CMD_SET_NVRAM_REQ +0x27 HCI_CMD_SLEEP +0x28 HCI_CMD_CONFIRM_GKEY +0x29 HCI_CMD_SET_CREDIT_GIVEN +0x2a HCI_CMD_AUTO_ADV_SCAN +0x2b HCI_CMD_POWER_REQ +0x2c HCI_CMD_POWER_SET +0x30 HCI_CMD_PASSKEY_ENTRY +0x31 HCI_CMD_SET_GPIO +0x32 HCI_CMD_READ_GPIO +0x33 HCI_CMD_LE_SET_PAIRING +0x34 HCI_CMD_LE_SET_ADV_DATA +0x35 HCI_CMD_LE_SET_SCAN_DATA +0x36 HCI_CMD_LE_SEND_CONN_UPDATE_REQ +0x37 HCI_CMD_LE_SET_ADV_PARM +0x38 HCI_CMD_LE_START_PAIRING +0x40 HCI_CMD_SET_WAKE_GPIO +0x42 HCI_CMD_SET_TX_POWER +0x43 HCI_CMD_BOOT_VERSION_REQ +0x48 HCI_CMD_LE_CONFIRM_GKEY +0x49 HCI_CMD_REJECT_JUSTWORK +0x51 HCI_CMD_RESET_CHIP_REQ +0x61 HCI_CMD_LE_SET_FIXED_PASSKEY + +0x76 HCI_CMD_DELETE_CUSTOMIZE_SERVICE +0x77 HCI_CMD_ADD_SERVICE_UUID +0x78 HCI_CMD_ADD_CHARACTERISTIC_UUID + + +0xee HCI_TEST_CMD_REBACK +0xff HCI_TEST_CMD_CLOSE_LPM +) + +(//event +0x00 HCI_EVENT_SPP_CONN_REP +0x01 HCI_EVENT_HID_CONN_REP +0x02 HCI_EVENT_LE_CONN_REP +0x03 HCI_EVENT_SPP_DIS_REP +0x04 HCI_EVENT_HID_DIS_REP +0x05 HCI_EVENT_LE_DIS_REP +0x06 HCI_EVENT_CMD_RES +0x07 HCI_EVENT_SPP_DATA_REP +0x08 HCI_EVENT_LE_DATA_REP +0x09 HCI_EVENT_STANDBY_REP +0x0a HCI_EVENT_STATUS_RES +0x0b HCI_EVENT_FINISH_PACK_NUM +0X0C HCI_EVENT_SNIFF_MD_CHANGE +0x0D HCI_EVENT_NVRAM_REP +0x0e HCI_EVENT_GKEY +0x0F HCI_EVENT_INVALID_PACKET +0x10 HCI_EVENT_GET_PASSKEY +0x11 HCI_EVENT_LE_TK +0x12 HCI_EVENT_REMOTE_MTU +0x14 HCI_EVENT_LE_PAIRING_STATE +0X15 HCI_EVENT_LE_ENCRYPTION_STATE +0x17 HCI_EVENT_LE_CONNECTION_UPDATE +0x1d HCI_EVENT_LE_GKEY +0x29 HCI_EVENT_UUID_HANDLE + +) + + +(//command HCI_CMD_SET_GPIO +//byte 0 +0x00 HCI_CMD_CONFIG_GPIO_INPUT +0x01 HCI_CMD_CONFIG_GPIO_OUTPUT +//byte 1 input state +0x00 GPIO_INPUT_PULLUP +0x01 GPIO_INPUT_PULLDOWN +0x02 GPIO_INPUT_HIGH_IMPEDANCE +) + + + +( +0x7e0 OTP_ADDR_RF_PARAM_FIX +//struct of RF_PARAM_FIX +// uint8 //length = param_pair_count * 2 +// uint16 //param-pair-1 +// uint16 //param-pair-2 +// uint16 //param-pair-3 +// uint16 //param-pair-4 +// uint16 //param-pair-5 +// uint16 //param-pair-6 +// uint16 //param-pair-7 +) + +( +0 PAIRING_PINCODE +1 PAIRING_JUSTWORK +2 PAIRING_PASSKEY +3 PAIRING_CONFIRM +) + + +( +0x0001 FLAG_BT_PAIRING_SUCCESS +0x0101 FLAG_BT_PAIRING_FAIL +0x0080 FLAG_BLE_PAIRING_SUCCESS +0x0180 FLAG_BLE_PAIRING_FAIL +) + + +( +1 FLAG_EVENT_START_ENC +0 FLAG_EVENT_PAUSE_ENC +) + +( + 0 MOUDLE_STATE_BT_BIT + 1 MOUDLE_STATE_BLE_BIT +) + Index: dukaqi/senrui/format/bt.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/bt.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/bt.format (working copy) @@ -0,0 +1,1049 @@ + + width = 32 + const length = 12000 + + /* ========= memory ============== */ +memalloc( +/* 00-0f most frequently used area */ +1 mem_le_adv_transmit +1 mem_le_adv_waitcnt +1 mem_le_adv_rcv +1 mem_le_req_rcv +1 mem_le_scanrsp_rcv +1 mem_le_conn_rcv + +1 mem_inquiryscan_waitcnt +1 mem_inquiryscan_rcvcnt +1 mem_pagescan_waitcnt +1 mem_pagescan_rcvcnt +1 mem_pagescan_rcvfhscnt +1 mem_slave_rcvcnt +1 mem_page_transmit +1 mem_page_rcv +1 mem_page_rcv_fhs +1 mem_master_rcvcnt + +/* 10-1f debug area */ +1 mem_fhs_wait_counter +1 mem_newconnto_counter +1 mem_inquiry_transmit +1 mem_inquiry_rcv +1 mem_fw_ver +1 mem_current_context +1 mem_le_ch_mapped +1 mem_last_freq +1 mem_rssi +1 mem_rx_type +2 mem_rx_hec_err +2 mem_rx_crc_err +2 mem_context_ptr +8 mem_display +8 mem_bcd + + /* context swappable area */ +1 mem_state +1 mem_mode +2 mem_tsniff +4 mem_sniff_anchor +6 mem_clk_offset +2 mem_rx_window +3 mem_plap +1 mem_puap +2 mem_pnap +1 mem_conn_handle +1 mem_arq +1 mem_lmp_to_send +1 mem_lmi_opcode +1 mem_lmo_reason +1 mem_op +1 mem_state_map +4 mem_supervision_timer +2 mem_supervision_to +1 mem_name_offset +1 mem_key_size +1 mem_conn_sm +12 mem_aco +16 mem_kc +1 mem_conn_timer +1 mem_sniff_attempt +1 mem_sniff_timeout +2 mem_dsniff +1 mem_amaddr +1 mem_lmo_opcode1 +1 mem_lmi_opcode1 +1 mem_lmo_reason1 +1 mem_lmo_tid1 +1 mem_lmo_opcode2 +1 mem_lmi_opcode2 +1 mem_lmo_reason2 +1 mem_lmo_tid2 + +3 mem_hci_version +2 mem_acl_pktlen +1 mem_sco_pktlen +2 mem_acl_pktcnt +2 mem_sco_pktcnt + +1 mem_current_sniff_attempt +1 mem_current_sniff_timeout +1 mem_sniff_timeout_temp +1 mem_nfreq_index_inq +1 mem_nfreq_index_page +1 mem_ninqy_index +1 mem_fhs_misc + + + +/* lpo related */ +4 mem_subsniff_instant +1 mem_subsniff_rate +2 mem_subsniff_tcmax +1 mem_subsniff_tsniff +1 mem_lpm_adjust +6 mem_sync_clke +1 mem_lpm_current_mult +6 mem_gpio_wakeup + +/* sco & esco */ +1 mem_air_mode +1 mem_sco_asso_handle +2 mem_sco_handle +1 mem_esco_desco +1 mem_esco_type +1 mem_neogotiation_state +1 mem_saved_amaddr +1 mem_esco_arq +1 mem_esco_saved_arq +30 mem_sco_obuf +30 mem_sco_ibuf +1 mem_sco_poll + + + +//page +1 mem_npage_index +1 mem_page_mode +4 mem_page_clk + + +/* test related */ +2 mem_tst_pktcnt_sync +2 mem_tst_pktcnt_hec +2 mem_tst_pktcnt_crc +2 mem_tst_pktcnt_dmh +3 mem_tmp_buffer_head +80 mem_tmp_buffer + + +1 mem_tester_emulate +0 mem_temp_payload +1 test_mode_scenario +1 test_mode_hopping_mode +1 test_mode_tx_freq +1 test_mode_rx_freq +1 test_mode_power_mode +1 test_mode_poll_period +1 test_mode_packet_type +2 test_mode_data_length +1 mem_test_mode_old_debug_config +1 mem_tester_cnt + + +/*temp mem*/ +1 mem_temp_am_addr +1 mem_temp_arq + +// +2 mem_len +4 mem_clkn_bt +4 mem_clke_bt +4 mem_dpll_clkn +1 mem_connection_options + +1 mem_nameres_cnt +2 mem_txptr +2 mem_slot_offset + +//extm +1 extm_fhs_misc +1 extm_newconn_am_addr +3 extm_class +3 extm_lap +1 extm_uap +3 extm_nap + + +//debug +1 mem_debug_config +1 mem_lch_code +1 mem_fhs_am_addr +2 mem_dpll_error +1 mem_select_list_item +0 mem_temp_reconn_record +1 mem_record_bt_mode +6 mem_temp_lap +2 mem_list_item_ptr + +100 mem_eir +) + + +xmemalloc( +/* patch enable 0x4000-0x403f */ + +1 mem_patch00 +1 mem_patch01 +1 mem_patch02 +1 mem_patch03 +1 mem_patch04 +1 mem_patch05 +1 mem_patch06 +1 mem_patch07 +1 mem_patch08 +1 mem_patch09 +1 mem_patch0a +1 mem_patch0b +1 mem_patch0c +1 mem_patch0d +1 mem_patch0e +1 mem_patch0f +1 mem_patch10 +1 mem_patch11 +1 mem_patch12 +1 mem_patch13 +1 mem_patch14 +1 mem_patch15 +1 mem_patch16 +1 mem_patch17 +1 mem_patch18 +1 mem_patch19 +1 mem_patch1a +1 mem_patch1b +1 mem_patch1c +1 mem_patch1d +1 mem_patch1e +1 mem_patch1f +1 mem_patch20 +1 mem_patch21 +1 mem_patch22 +1 mem_patch23 +1 mem_patch24 +1 mem_patch25 +1 mem_patch26 +1 mem_patch27 +1 mem_patch28 +1 mem_patch29 +1 mem_patch2a +1 mem_patch2b +1 mem_patch2c +1 mem_patch2d +1 mem_patch2e +1 mem_patch2f +1 mem_patch30 +1 mem_patch31 +1 mem_patch32 +1 mem_patch33 +1 mem_patch34 +1 mem_patch35 +1 mem_patch36 +1 mem_patch37 +1 mem_patch38 +1 mem_patch39 +1 mem_patch3a +1 mem_patch3b +1 mem_patch3c +1 mem_patch3d +1 mem_patch3e +1 mem_patch3f + + /* 3 device contexts */ +80 mem_context +1 mem_current_amaddr +1 mem_lpm_mode +1 mem_device_option +1 mem_scan_mode +4 mem_last_clkn + + /* parameters */ +8 mem_features +3 mem_lap +1 mem_uap +2 mem_nap +1 mem_npage +3 mem_glap +3 mem_class +2 mem_iscan_window +2 mem_iscan_interval +2 mem_pscan_window +2 mem_pscan_interval +2 mem_page_interval +2 mem_page_window +2 mem_page_to +2 mem_inq_window +1 mem_fcomp_mul +1 mem_fcomp_div +2 mem_rx_window_init +2 mem_rx_window_sniff +2 mem_rf_init_ptr + + /* connection related */ +1 mem_last_type +1 mem_last_type_esco +1 mem_last_type_saved +2 mem_retransmission_cnt +4 mem_next_btclk + +1 mem_rf_rccal +1 mem_handle_num +1 mem_max_slot +1 mem_eir_enable + +/* AFH related */ +4 mem_afh_instant +2 mem_afh_error_total +1 mem_afh_cfg +1 mem_afh_new_mod +5 mem_afh_map_lo +5 mem_afh_map_hi +1 mem_afh_used +2 mem_afh_index +11 mem_afh_map_new +80 mem_afh_map +4 mem_afh_timer +10 mem_afh_classify_channel_map + + + /* lpm related */ +2 mem_chip_functions +2 mem_lpm_wake_lock +2 mem_lpm_interval +1 mem_lpm_overhead +1 mem_lpm_hibernate_switch +1 mem_lpm_doze_switch +1 mem_esco_addr +1 mem_sniff_unint_lost +1 mem_ptt +4 mem_sleep_counter //should be 0x41fc in REVC +4 mem_sleep_counter_all +6 mem_sleep_clkn +3 mem_sniff_rcv +3 mem_sniff_lost +3 mem_clks_per_lpo + +1 mem_lpm_mult +1 mem_lpm_mult_timeout +1 mem_lpm_mult_cnt + +/* 8139-813b lpm_ctrl[31:12] */ +3 mem_lpm_config + +1 mem_lpm_xtalcnt +1 mem_lpm_buckcnt +1 mem_lpm_ldocnt +1 mem_lpm_isogate +1 mem_lpm_isogate_final +16 mem_saved_gpio // should be 0x421e in REVC +3 mem_saved_gsel +8 mem_saved_mark +1 mem_saved_spidctrl +2 mem_patch_ptr +2 mem_patch_len + +32 mem_timers + +/*LINK KEY*/ +1 mem_link_key_exists +16 mem_link_key + + +/* HCI */ +1 mem_hci_cmd +1 mem_hci_conn_handle +3 mem_hci_plap +1 mem_hci_puap +2 mem_hci_pnap + +/*Peripherals*/ +1 mem_uartd_rxitems_got_data +1 mem_uartd_rxitems_threshold +2 mem_uartd_rx_timeout + +1 mem_loadcode_times + +1 mem_tx_lch +2 mem_tx_len + +1 mem_tx_power + +1 mem_context_number + +1 mem_250k_freq_enable + +ifdef DEBUG_RF_INIT +1 mem_rf_init_data +endif +) + +(//bluetooth tx power +0 TX_POWER_0DB +1 TX_POWER_3DB +2 TX_POWER_5DB +3 TX_POWER_f3DB +4 TX_POWER_f5DB + +0x20 TX_POWER_PAIR +) + + +ifdef RAM_VERSION +0x4b17 rom_lpm_sleep +0x4b1d rom_lpm_enter_sleep +0x4b16 rom_lpm_write_ctrl +0x6b1a rom_otpd_read_data +0x6ada rom_otp_write +else +0x3b17 rom_lpm_sleep +0x59e0 rom_save_ucode + +0x4219 rom_mem_lpm_xtalcnt +0x423b rom_mem_patch_ptr +0x423d rom_mem_patch_len + +0x5b1a rom_otpd_read_data +0x5ada rom_otp_write +endif + /* context */ +( +0x01 coffset_mode +0x02 coffset_tsniff +0x04 coffset_sniff_anchor +0x08 coffset_clk_offset +0x0e coffset_rx_window +0x10 coffset_plap +0x16 coffset_conn_handle +0x17 coffset_arq + /* 3.0 only */ +0x18 coffset_lmp_to_send +0x1b coffset_op +0x1c coffset_state_map + /* le only */ +0x18 coffset_le_ch +0x19 coffset_le_hop +0x1a coffset_le_event_cnt + +80 context_size +1 context_num +) + +( +0 lpm_flag_wake +1 lpm_flag_loadcode +) + +/* ========= parameters ============== */ +( +0x0050 param_newconn_arq +0x0007 param_esco_addr +0x0010 param_conn_handle +0x01f0 param_conn_handle_comp +0x0020 param_newconnto +0x0008 param_pagerespto +0x0a00 param_snooze_setup_orig +0x5353 param_snooze_ahead_orig +0x00ff param_ninquiry +0x2000 param_page_to +0x0005 param_max_slot +0x0010 param_sco_poll + +/* 6Mhz clock setting */ +ifdef CLK6M +0x0721 param_tx_setup +0x06e8 param_rx_setup +0x04e8 param_rx_setup_earlier +0x0300 param_rf_setup +0x01d8 param_clke_cal +0x0500 param_conn_access +0x0400 param_conn_access_wider +200 param_pll_setup +else +/* 12Mhz clock setting */ +0x0e43 param_tx_setup +0x09d0 param_rx_setup_earlier +0x0600 param_rf_setup +0x03bb param_clke_cal +0x0600 param_conn_access +0x0800 param_conn_access_wider +ifdef FPGA +0x0500 param_pll_setup // 120 is minimum +else +0x0500 param_pll_setup // 120 is minimum +endif +0x0500 param_rx_ahead + +0x0d00 param_rx_setup // 114us before sync +2000 param_dpll_start_delay + +110 param_lpm_fix +10 param_lpo_extra +200 param_lpm_adjmax + +ifdef SIM +20 param_hibernate_clks +3 param_chgpump_delay +else +-1 param_hibernate_clks +3000 param_chgpump_delay +endif + +3 param_featrue_ssp +0x0101 param_lmpext_ssp_enable +339 param_acl_pktlen +30 param_sco_pktlen +1 param_acl_pktcnt /*buffer acl pkt cnt*/ +7 param_sco_pktcnt + + +0x8fffff param_features0 +0x9d83fe param_features1 // not support afh +0x8359 param_features2 +0x000033 param_unap +0x001177 param_lap +0x9e8b33 param_glap +0x002540 param_class//0x180208 //0x002580//402500//240404 +0x12e904 param_hci_version +0x000a04 param_lmp_version//0x0a04 +0x000a06 param_lmp_version0 +0x12e9 param_lmp_subversion +0x0012 param_tisw +0x0012 param_tpsw +0x1000 param_tisi +0x0800 param_tpsi +0x0020 param_page_window +0x0020 param_inq_window +0x1c80 param_supervision_to +39 param_fcomp_div +2 param_fcomp_mul +6 param_name_len +0x535442 param_name +0x344950 param_name1 + + +) + +/* ======= packet types ========= */ +( +0x0 type_null +0x1 type_poll +0x2 type_fhs +0x3 type_dm1 +0x4 type_dh1 +0x5 type_hv1 +0x6 type_hv2 +0x7 type_hv3 +0x8 type_3dh1 +0x9 type_aux1 +0xa type_dm3 +0xb type_dh3 +0xe type_dm5 +0xf type_dh5 +0x10 type_id +0x11 type_shutdown +0x13 type_lmp +) + +/* ========== flag[6] =============== */ +( +0 always /* always 1 */ +1 true /* set/rstn by verify,compare,icompare (true) */ +2 positive /* set/rstn by all alu operations (opcode = 0x03,0x13,0x0f,0x1f), if alu output >= 0 */ +3 timeout /* read only, the timeout from timers */ +5 zero /* set/rstn by all alu operations (opcode = 0x03,0x13,0x0f,0x1f), if alu output == 0 */ +6 crc_failed /* level, cleared by hop_start */ +7 enable_white /* outside mux decide whether to load bt_clk or response_X */ +8 enable_parity /* level */ +9 enable_crc /* level */ +10 enable_hec /* level */ +11 decode_fec1 /* level */ +12 decode_fec2 /* level */ +13 decode_fec0 /* level */ +14 encrypt /* level */ +15 crc16 /* for caculate ccitt crc16 */ +16 swfine /* =0 stop_watch count based on oneslot =1 on 1 clock */ +17 bt_trig +20 rqst_freq /* pulse, to start calculating frequency */ +21 recalc /* pulse, to recalculate the fhs_parity */ +22 init_encrypt /* pulse, issued to initialize encrption */ +23 mhalfbnd /* half slot boundary of clke_rt, or when clke_bt[0] toggles */ +24 sync /* sync found as a result of correlation,set/rstn by correlate opcode */ +25 user10 /* user10 */ +26 kc_p_activate /* pulse to recalc the kc_p */ +27 encode_fec1 /* level */ +28 encode_fec2 /* level */ +29 encode_fec0 /* level */ +30 packet_end /* pulse */ +32 is_tx /* level */ +33 is_rx /* level */ +34 halfslot /* pulse, read only, when clkn_bt[0] toggles */ +35 oneslot /* pulse, read only, when clkn_bt[1] toggles */ +36 mslotbnd /* pulse, read only, when clke_bt[1] toggles */ +37 expire /* level, read only, when selected clock source exceed timeup value */ +38 meet /* level, read only, when selected clock source meet timeup value */ +39 tx_clear /* level, read only, indicate tx pipe is cleared */ +40 user /* user0 */ +41 master /* user1 */ +42 slave2 /* user2 */ +43 wake /* user3 */ +44 user2 /* user4 */ +45 match /* user5 */ +46 attempt /* user6 */ +47 user3 /* user7 */ +48 clknt /* user8 */ +49 user7 /* user9 */ +50 synchronize /* synchronize lpo and regular version of the clock */ +51 lpo_edge /* read only, 3 clocks after risling edge of lpo clock */ +52 blank /* C0 only, means pdata == 0 */ +53 modone /* set divide operation is done */ +54 le /* bluetooth 4.0 LE enable */ +55 aes_ready /* set when aes is ok */ +63 never /* read only, always 0 */ +) + +default flag = always + +/* ========== reg[6] =============== */ +( +0 mark /* for keeping strobes, more permanent */ +1 type /* save and verify during rx */ /* rw */ +2 temp /* general purpose register, 64 bits */ +3 contru /* contr uart */ +4 am_addr /* verify during rx, read and send during tx */ /* ro */ +5 contw /* last mem_addr during write */ +6 contr /* last mem_addr during read */ +7 queue /* the index of qset*,qisolate* commands, ie, if queue = 3, qset/qisolate operate on bit3 */ +8 debug /* can be wired out for observation */ +9 access /* the 72 bit access word */ +10 contwu /* contw uart */ +11 timeup /* when does certain counter expire */ +12 pwindow /* bit 71-61 of pdata; because on rx, bits shifts in from 71 down */ +13 fhs_parity /* re-gernated based on bt_adr( {nap,uap,lap} ) when recalc flag is pulsed */ +14 white_init /* init value of the whitening */ +15 crc24_init /* init crc24 lfsr, 24 bits */ +16 contrub /* uartb read ptr */ +17 rega /* general purpose register, 32 bits */ +18 regb /* general purpose register, 32 bits */ +19 regc /* general purpose register, 17 bits */ +20 regab /* concat of {rega,regb}, thus 64 bits */ +21 radio_ctrl /* radio i/f direct i/o ctrl, check following "radio_ctrl" section */ +22 addhi /* ahb bus address [24:16] */ +23 freq_index /* 7 bit read only */ +24 regd /* regext[1] */ +25 clkn /* {clkn_bt, clkn_rt} */ +26 clke /* {clke_bt, clke_rt} */ +27 stop_watch +28 fhs_misc /* SR, SP, pscan mode */ +29 fhs_class /* class field in fhs */ +30 fhs0 /* read only, bit 0-71 of fhs word */ +31 fhs1 /* read only, bit 72-142 of fhs word */ +32 bt_adr /* r/w, the bt_addr to access gen and freq hopping, contain only lap and uap */ +33 bt_clk /* r/w, the bt_clk for freq hopping */ +34 clkn_bt /* read only, native bluetooth clock, free running 3.2KHz or controlled by RTHALFSLOT register */ +35 clkn_rt /* read only, native realtime clock, free running 12MHz, count from 0-3749, or controlled by RTHALFSLOT register */ +36 freq_mode +/* wire even_train = freq_mode[4]; // odd even train */ +/* wire conn_mode = 3; // connection */ +/* wire iqpgscan_mode = 2; // slave in inquiry and page (not response) */ +/* wire iqpgresp_mode = 1; // slave in inquriy and page (response only) */ +/* wire inqypage_mode = 0; // master in inquiry and page(response or not response) */ +37 xin /* x parameter, read only */ +38 N_tx_slot /* the N factor in equations for Xi,Xp,Xprm,Xprs */ +39 auxcnt +40 clke_bt /* r/w, external bluetooth clock , free running 3.2KHz or controlled by RTHALFSLOT register */ +41 clke_rt /* r/w, external realtime clock, , free running 12MHz, count from 0-3749, or controlled by RTHALFSLOT register */ +42 branch_addr /* last branch address */ +44 lap +45 uap +46 nap +47 regext /* r/w extended 12x32bit registers, indexed by regext_index */ +48 alarm /* r/w, lpo wake up time, this is also how lpo and current clock keep sync */ +49 lpo_time /* read only, this is the value to be copied back to clkn/clke after wakeup */ +50 kc_ls /* secret key, 71: 0 */ +51 kc_ms /* secret key, 127:72 */ +52 g1l /* encryption length */ +53 mask3ff /* for mask 0x3ff operation */ +54 aes_ctrl /* bit[0] init, bit[2:1] mode, bit[3] big endian, bit[4] load data, bit[5] load key */ +55 rege /* regext[3],regext[2] */ +56 regext_index /* index of regext */ +57 loopcnt +58 stack /* current return address */ +59 stack_ptr /* stack depth */ +60 max_stack /* maximum stack ptr */ +61 pc /* direct goto */ +62 null /* to nowhere */ +63 pdata /* the shift register */ +) +default reg = pdata + +/* regext_index */ +( +0 regidx_data +4 regidx_key +8 regidx_xor +12 regidx_result +) + +/* aes_ctrl */ +( +0x01 aes_cbc +0x02 aes_cfb +0x04 aes_192 +0x08 aes_256 +0x10 aes_big_endian +0x20 aes_initialize +0x40 aes_load +0x80 aes_zero +) + +/* ========== radio_ctrl========= */ +( +0 TXGFSK +1 PSK +2 PSK3M +3 RESET +) +/* assign BPWR = radio_ctrl[0]; */ +/* assign PARAMP = radio_ctrl[1]; */ +/* assign XTALPU = radio_ctrl[2]; */ +/* assign SYNTHPU = radio_ctrl[3]; */ +/* assign TXPU = radio_ctrl[4]; */ +/* assign RXPU = radio_ctrl[5]; */ +/* assign SLCTRL = radio_ctrl[6]; */ +/* assign XTALSEL_MUX_SEL = radio_ctrl[7] */ + + +/* =========== destination[4] ============== */ +( +0 bucket +1 rxf +2 back +3 mod +) +default dest = bucket + +/* =========== source[4] ============= */ +( +1 txf +3 demod +) +default source = 0 + + +/* ============== mark ============= *//*0 - 47 */ +( + +0 mark_fhs_eir +1 mark_rxbuf_inuse +2 mark_tx_l2cap +3 mark_switch_initiated +4 mark_accept_switch +5 mark_loopback +7 mark_esco +8 mark_esco_rxok +9 mark_context +10 mark_am_addr_broadcast +11 mark_fhs_already_good +12 mark_page_trainb +13 mark_lpm_mult_enable +14 mark_usb_flag +15 mark_old_packet +16 mark_longpacket +17 mark_testmode +18 mark_ar2 +19 mark_h5tx_rp +20 mark_h5tx_crc +21 mark_h5tx_retransmit +22 mark_h5rx_pstart +23 mark_h5_sync +24 mark_h5_reinit +28 mark_inquiry_on +29 mark_inquiry_state +30 mark_inquiry_trainb +31 mark_periodical_diac +32 mark_all_diac +33 mark_slave_in_rand_accepted +34 mark_reconn_recieve_switch +35 mark_isstr +36 mark_loadcode +37 mark_ext_patch +38 mark_24g +39 mark_24g_conext +40 mark_eeprom_size +// REVAB:max 35, REVC:max 63 +41 mark_ble_tx_md +42 mark_ble_rx_md +43 mark_otp_encrypt +) + +( +1 reload_type_otp +2 reload_type_spi +3 reload_type_iic +) + + +/* ============== soft timers ============== */ +( +0 le_adv_interval_timer +1 inquiry_length_timer +2 le_scan_interval_timer +3 page_length_timer +4 iscan_interval_timer +5 pscan_interval_timer +6 switch_wait_timer +7 enpt_delay_timer +8 page_interval_timer +9 key_scan_timer +10 smp_pairing_timer +11 ui_led_blink //led timer ¿ÉÀ©Ơ¹ +12 ui_led_blink1 +13 ui_led_blink2 + +) + +( +1 hci_cmd_inquiry +2 hci_cmd_inquiry_cancel +3 hci_cmd_remote_name_req +4 hci_cmd_remote_feature_req +5 hci_cmd_create_conn +6 hci_cmd_disconn +7 hci_cmd_accept_conn +8 hci_cmd_reject_conn +9 hci_cmd_pair +10 hci_cmd_nopair +11 hci_cmd_linkkey +12 hci_cmd_nokey +13 hci_cmd_auth +14 hci_cmd_stopencrypt +15 hci_cmd_startencrypt +16 hci_cmd_setup_sco +17 hci_cmd_disconn_sco +18 hci_cmd_in_sniff +19 hci_cmd_exit_sniff +20 hci_cmd_remote_version_req +21 hci_cmd_remote_ext_features_req +22 hci_cmd_io_cap +23 hci_cmd_role_discovery +24 hci_cmd_role_switch +25 hci_cmd_accept_with_switch +26 hci_cmd_detach +27 hci_cmd_le_create_conn +28 hci_cmd_accept_sco_conn +80 hci_cmd_wait_remote_feature +81 hci_cmd_wait_remote_ext_feature +82 hci_cmd_wait_remote_name +) + + + +/* ============== debug ============= */ +( +0 debug_neg_skew +1 debug_bitbucket +2 debug_dont_clear_got_tx +3 debug_scatter_enabled +4 debug_tx_fixed_freq +5 debug_rx_fixed_freq +6 debug_tx_pattern +) + +/* ============== tester_emulator ============= */ +( +0 tester_fixed_flow +1 tester_fixed_flow_polarity +2 tester_change +3 tester_exit +4 tester_pattern_test +5 tester_whitening_change +6 tester_fixed_freq +7 tester_no_whitening +) + +/* ============== mode ==========*/ +( +0 mode_le +1 mode_master +2 afh_enable +3 afh_change +4 send_sco_when_slave +5 first_seqnx +) + +/* ============== state_map ==========*/ +( +0 smap_lmptidinit +1 smap_lmptid +2 smap_encryption +3 smap_name_res +4 smap_name_req +5 smap_edr +6 smap_rxlmp +7 smap_rxl2cap +) +( +0 state_inconn +1 state_insniff +2 state_insco +3 state_inpage +4 state_conn_comp +5 state_init_seq +6 state_combkey +7 state_linkkey +) +( +0 op_send_sres +1 op_auth_req +2 op_inrand_req +3 op_disconn +4 op_stop_enc +5 op_start_enc +6 op_txl2cap +7 op_pkt_comp +) + + +/* ============== arq [3] ================ */ +( +0 flow +1 arqn +2 seqn +3 wack +4 flowx /* out */ /* not really in memory */ +5 arqnx /* out */ +6 seqnx /* out */ +7 bcast1 /* first broadcast received */ +) + +/* arq {flow,arqn,seqn}, read/write */ +/* [0] flow r/w acl full status of the other, store during rx, checked during tx */ +/* [1] arqn r/w ack of the other during rx (ack tx fifo), */ +/* [2] seqn r/w seqn of the other, check during rx */ +/* arqx {flowx,arqnx,seqnx} */ +/* [0] flowx r/o flow back to the other, 1 alow send, 0 not to send, read only tx */ +/* [1] arqnx r/w ack to the other, set by rx, send back on tx */ +/* [2] seqnx r/w toggled by arqn, to be send during tx */ + +( +0 llid0 +1 llid1 +2 nesn +3 sn +4 md +5 wak +) + +/* AFH flags */ +( +0 AFH_CFG_ON +1 AFH_CFG_TIMER +2 send_lmp_set_afh +3 AFH_CFG_REPORT_MODE +4 AFH_CFG_MASTER_SENT_REQ +) + +/* LLID CODE */ +( +1 LLID_L2CAP_CONT +2 LLID_L2CAP_START +3 LLID_LMP +) + +/* ============== master_state ==========*/ +( +0 master_in_idle +1 master_in_inquiry +2 master_in_page +10 master_in_becoming_slave +15 master_in_conn +) +( +0 newrev_feature_bettx +1 newrev_feature_betplltx +2 newrev_feature_skip_retransmit +3 newrev_feature_init_radio_after_sleep +4 newrev_feature_no_lpolog +) +/*************mem_pincode_state****************/ +( +0 pincode_state_ilde +1 pincode_state_wait_pincode +2 pincode_state_pincode_ready +) + + +// lpm_write +( +1 lpmreg_sel_ctrl +2 lpmreg_sel_ctrl2 +4 lpmreg_sel_gpiolow +8 lpmreg_sel_gpiohigh +16 lpmreg_sel_counter +) + +//scan_mode +( +0 inq_scan_mode +1 page_scan_mode +2 page_inq_enable +) +//mem_neogotiation_state +( + 0 default_neogotiation_state + 1 prarm_neogotiation +) + +//mem_lpm_wake_lock +( +0 wake_lock_ble_rx +1 wake_lock_ble_tx +2 wake_lock_m0_single + +3 wake_lock_ble_rx_patch +4 wake_lock_ble_tx_patch + +5 wake_lock_ipc_bt2m0 +6 wake_lock_ipc_m02bt +7 wake_lock_button +8 wake_lock_cmd +9 wake_lock_app +10 wake_lock_lmp_tx +11 wake_lock_lmp_rx +12 wake_lock_l2cap_tx +13 wake_lock_l2cap_rx +14 wake_lock_ipc_c512bt +15 wake_lock_ipc_bt2c51 + +) + +( +0 bt_disabled +1 ble_disabled +2 module_disable + +) + +( +0x33 REC_3_MODE +0x34 REC_4_MODE +0x35 REC_4_MODE_STATIC_ADDRESS +0x36 REC_4_MODE_RANDOM_RESOLVABLE_PRIVATE_ADDRESS +0x37 REC_4_MODE_RANDOM_NON_RESOLVABLE_PRIVATE_ADDRESS +) + + +//sniff UART_TX UART_RX +( +6 UART_WAKEUP_TX +7 UART_WAKEUP_RX +) + + Index: dukaqi/senrui/format/command.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/command.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/command.format (working copy) @@ -0,0 +1,1407 @@ + +/* Parse Command: +TX: take bits from tx fifo, jam it into shift and a destination (rf,bucket) +RX: take bits from demod, jam it into shift and a destination (acl,sco,bucket) */ + +/* Inject Command: +TX: 0 into shift, send tail of shift into a destination (rf,bucket) +RX: 0 into shift, send tail of shift into a destination (acl,sco,bucket) */ + +format + ! 15 romdat + % d0 + % d1 + % d2 + % d3 + [8] d0 + [8] d1 + [8] d2 + [8] d3 +end + +format + ! 15 enable /* set flag to 1 */ + % flag + [5] opcode + [6] 1 + [6] flag + [6] null + [9] 0 +end + /* High 5 bytes of channel map */ +format + ! 15 pulse /* set flag to 1 */ + % flag + [5] opcode + [6] 1 + [6] flag + [6] null + [9] 0 +end + +format + ! 15 disable /* set flag to 0 */ + % flag + [5] opcode + [6] 2 + [6] flag + [6] null + [9] 0 +end + +format + ! 15 set0 /* set selected bit of reg to 0 */ + % immediate + % reg + [5] opcode + [6] 9 + [6] never + [6] reg + [9] immediate +end + +format + ! 15 set1 /* set selected bit of reg to 1 */ + % immediate + % reg + [5] opcode + [6] 9 /* alu op demux */ + [6] always + [6] reg + [9] immediate +end + +format + ! 15 setflag /* set selected bit of the reg to the polarity of the flag */ + % flag + % immediate + % reg + [5] opcode + [6] 9 + [6] flag + [6] reg + [9] immediate +end + +format + ! 15 nsetflag /* set the selected bit of the reg to the opposite polarity of the flag */ + % flag + % immediate + % reg + [5] opcode + [6] 0x29 + [6] flag + [6] reg + [9] immediate +end + +format + ! 15 setflip /* invert the selected bit of the reg */ + % immediate + % reg + [5] opcode + [6] 10 /* this is alu op */ + [6] always + [6] reg + [9] immediate +end + +format + ! 0x1f qset1 /* demux the lowest 4 bit of queue and OR it with regr into regw */ + % reg /* in short, set the bit in reg indexed by queue to 1 */ + [5] opcode + [6] 9 + [6] always + [6] reg + [9] 0 +end + +format + ! 0x1f qset0 /* demux the lowest 4 bit of queue and AND it with regr into regw */ + % reg /* in short, set the bit in reg indexed by queue to 0 */ + [5] opcode + [6] 9 + [6] never + [6] reg + [9] 0 +end + +format + ! 0x1f qsetflag /* set the bit in reg index by queue to same as flag */ + % flag + % reg + [5] opcode + [6] 9 + [6] flag + [6] reg + [9] 0 +end + +format + ! 0x1f nqsetflag /* set the bit in the reg index by queue to opposite of flag */ + % flag + % reg + [5] opcode + [6] 0x29 + [6] flag + [6] reg + [9] 0 +end + +format + ! 0x1f qsetflip /* flip the bit in reg index by queue */ + % reg + [5] opcode + [6] 10 + [6] always + [6] reg + [9] 0 +end + +format + ! 1 parse /* take bits out of source (sco_tx,tx_buffer,rx-elas) into pdata and dest (sco_rx,rx_fifo,tx-elas) */ + % source + % dest + % immediate + [5] opcode + [4] source /* voice, data, demod */ + [2] 0 + [6] 0 + [2] 0 /* parse or inject */ + [4] dest /* acl, sco, mod, bucket */ + [9] immediate /* number of bits to parse off */ +end + +format + ! 1 inject /* shift data from pdata into destination (tx-elas,rx_fifo,sco_rx) */ + % destination + % immediate + [5] opcode + [4] 0 + [2] 0 + [6] 1 + [2] 0 + [4] destination /* acl,sco,mod,bucket */ + [9] immediate /* number of bits to be injected */ +end + +format + ! 1 iinject + % destination + % regr + [5] opcode + [6] regr /* contain the number of bits to inject */ + [6] 3 + [2] 0 + [4] destination /* acl,sco,mod,bucket */ + [9] 0 +end + +format + ! 1 stuff /* automatic parse, stuff_counter decrement on every bit until hits zero */ + % source + % destination + [5] opcode + [4] source + [2] 0 + [6] 2 + [2] 0 + [4] destination + [9] 0 +end + +format /* force immediate value into registers */ + ! 3 force + % immediate + % regw + [5] opcode + [6] 0 + [6] 0 /* alu operation force */ + [6] regw /* destination register */ + [9] immediate +end + +format /* force whatever is on shift_reg to regsiters */ + ! 0x13 iforce + % regw + [5] opcode + [6] 0 + [6] 0 /* alu operation force */ + [6] regw /* destination register */ + [9] 0 +end + +format /* force immediate value into registers */ + ! 3 increase + % immediate + % reg + [5] opcode + [6] reg + [6] 1 /* alu operation add */ + [6] reg + [9] immediate +end + +format + ! 3 pincrease + % immediate + [5] opcode + [6] -1 /* pdata */ + [6] 1 /* alu add */ + [6] -1 /* back to pdata */ + [9] immediate +end + +format /* force immediate value into registers */ + ! 3 and_into + % immediate + % reg + [5] opcode + [6] reg + [6] 2 /* alu operation and into */ + [6] reg + [9] immediate +end + +format + ! 3 and + % regr + % immediate + % regw + [5] opcode + [6] regr + [6] 2 /* alu operation and into */ + [6] regw + [9] immediate +end + +format + ! 0x13 iand /* pdata & regr -> regw */ + % regr + % regw + [5] opcode + [6] regr + [6] 2 /* alu operation and into */ + [6] regw + [9] 0 +end + + +format /* and whatever is in shiftreg with reg */ + ! 0x13 iand_into + % reg + [5] opcode + [6] reg + [6] 2 /* alu operation and into */ + [6] reg + [9] 0 +end + +format + ! 3 or_into + % immediate + % reg + [5] opcode + [6] reg + [6] 3 /* alu operation or into */ + [6] reg + [9] immediate +end + +format + ! 3 or + % regr + % immediate + % regw + [5] opcode + [6] regr + [6] 3 /* alu operation or into */ + [6] regw + [9] immediate +end + +format + ! 0x13 ior + % regr + % regw + [5] opcode + [6] regr + [6] 3 /* alu operation or into */ + [6] regw + [9] 0 +end + +format + ! 0x13 ior_into + % reg + [5] opcode + [6] reg + [6] 3 /* alu operation or into */ + [6] reg + [9] 0 +end + +format + ! 3 skip_to /* jump to location stored in reg */ + % reg + [5] opcode + [6] reg + [6] 4 /* alu operation copy */ + [6] rom_addr + [9] 0 +end + +format + ! 3 copy + % regr + % regw + [5] opcode + [6] regr + [6] 4 /* alu operation copy */ + [6] regw + [9] 0 +end + +format + ! 3 deposit /* copy the register content thru alu to shift register, not prealigned like preload */ + % reg + [5] opcode + [6] reg + [6] 4 /* alu operation copy */ + [6] -1 /* pdata */ + [9] 0 +end + +format + ! 3 icopy /* copy the shift register lsb content directly to register, not aligned */ + % regw + [5] opcode + [6] -1 /* pdata */ + [6] 4 /* alu copy */ + [6] regw + [9] 0 +end + +format + ! 3 add + % regr + % immediate + % regw + [5] opcode + [6] regr + [6] 1 + [6] regw + [9] immediate +end + +format + ! 0x13 iadd /* regr + pdata -> regw */ + % regr + % regw + [5] opcode + [6] regr + [6] 1 + [6] regw + [9] 0 +end + +format + ! 3 sub /* immediate - regr -> regw */ + % regr + % immediate + % regw + [5] opcode + [6] regr + [6] 12 + [6] regw + [9] immediate +end + +format + ! 0x13 isub /* pdata - regr -> regw */ + % regr + % regw + [5] opcode + [6] regr + [6] 12 + [6] regw + [9] 0 +end + + +format + ! 3 flip + % immediate + % reg + [5] opcode + [6] reg + [6] 5 + [6] reg + [9] immediate +end + +format + ! 0x13 iflip /* use shift register as immediate to do xor */ + % regr + % regw + [5] opcode + [6] regr + [6] 5 + [6] regw + [9] 0 +end + +format + ! 3 xor + % regr + % immediate + % regw + [5] opcode + [6] regr + [6] 5 + [6] regw + [9] immediate +end + +format + ! 3 xor_into + % immediate + % reg + [5] opcode + [6] reg + [6] 5 + [6] reg + [9] immediate +end + +format + ! 0x13 ixor /* pdata xor regr and store result in regw */ + % regr + % regw + [5] opcode + [6] regr + [6] 5 + [6] regw + [9] 0 +end + +format + ! 3 invert + % regr + % regw + [5] opcode + [6] regr + [6] 8 + [6] regw + [9] 0 +end + +format + ! 3 pinvert /* invert pdata into itself */ + [5] opcode + [6] -1 + [6] 8 + [6] -1 + [9] 0 +end + +format + ! 3 div /* regr div immediate div */ + % reg + % immediate + [5] opcode + [6] reg + [6] 13 /* generate diven pulse to div */ + [6] null + [9] immediate +end + +format + ! 0x13 idiv /* pdata div regr data ready at most after 41 nops */ + % reg + [5] opcode + [6] reg + [6] 13 /* generate diven pulse to div */ + [6] null + [9] 0 +end + +format + ! 3 remainder /* harvest div remainder */ + % regw + [5] opcode + [6] 0 + [6] 14 + [6] regw + [9] 0 +end + +format + ! 3 quotient /* harvest div quotient */ + % regw + [5] opcode + [6] 0 + [6] 15 + [6] regw + [9] 0 +end + +format + ! 3 rshift + % regr + % regw + [5] opcode + [6] regr + [6] 6 + [6] regw + [9] 0 +end + +format + ! 3 rshift2 + % regr + % regw + [5] opcode + [6] regr + [6] 22 + [6] regw + [9] 0 +end + +format + ! 3 rshift3 + % regr + % regw + [5] opcode + [6] regr + [6] 18 + [6] regw + [9] 0 +end + +format + ! 3 rshift4 + % regr + % regw + [5] opcode + [6] regr + [6] 35 + [6] regw + [9] 0 +end + +format + ! 3 rshift8 + % regr + % regw + [5] opcode + [6] regr + [6] 25 + [6] regw + [9] 0 +end + +format + ! 3 rshift16 + % regr + % regw + [5] opcode + [6] regr + [6] 34 + [6] regw + [9] 0 +end + +format + ! 3 rshift32 + % regr + % regw + [5] opcode + [6] regr + [6] 30 + [6] regw + [9] 0 +end + +format + ! 3 lshift + % regr + % regw + [5] opcode + [6] regr + [6] 7 + [6] regw + [9] 0 +end + +format + ! 3 lshift2 + % regr + % regw + [5] opcode + [6] regr + [6] 23 + [6] regw + [9] 0 +end + +format + ! 3 lshift8 + % regr + % regw + [5] opcode + [6] regr + [6] 26 + [6] regw + [9] 0 +end + + +format + ! 3 lshift3 + % regr + % regw + [5] opcode + [6] regr + [6] 19 + [6] regw + [9] 0 +end + +format + ! 3 lshift4 + % regr + % regw + [5] opcode + [6] regr + [6] 36 + [6] regw + [9] 0 +end + + +format + ! 3 lshift16 + % regr + % regw + [5] opcode + [6] regr + [6] 32 + [6] regw + [9] 0 +end + +format + ! 3 random /* random number into regw */ + % reg + [5] opcode + [6] 0 + [6] 20 + [6] reg + [9] 0 +end + +format /* bit reverse within a byte */ + ! 3 reverse + % reg + % regw + [5] opcode + [6] reg + [6] 27 + [6] regw + [9] 0 +end + +format + ! 3 priority /* priority encode reg into regw, lsb is the top priority, ie, priority(8'b00010000) = 4 */ + % reg + % regw + [5] opcode + [6] reg + [6] 21 + [6] regw + [9] 0 +end + +format + ! 7 setsect /* set a section of pdata */ + % section /* 0 sets 17:0 of pdata with set_data, 1 sets 35:18, 2 sets 53:36, 3 sets 71:54 */ + % set_data + [5] opcode + [7] 0 + [2] section + [18] set_data +end + +format + ! 10 preload /* load stuff into pdata according to fhs format, check us.v */ + % reg + [5] opcode + [6] reg + [6] 0 + [6] -1 + [9] 0 +end + +format /* load register with pdata content, according to fhs format, check us.v */ + ! 10 ialigned /* all bits are in position */ + % regw + [5] opcode + [6] -1 + [6] 0 + [6] regw + [9] 0 +end + +format /* load register to another according to fhs format */ + ! 10 aligned + % regr + % regw + [5] opcode + [6] regr + [6] 0 + [6] regw + [9] 0 +end + +format + ! 4 branch + % addr + % flag + [5] opcode + [6] 1 + [6] flag + [15] addr +end + +format + ! 4 call + % addr + % flag + [5] opcode + [6] 2 + [6] flag + [15] addr +end + +format + ! 4 rtn + % flag + [5] opcode + [6] 3 + [6] flag + [15] 0 +end + +format + ! 0x0c storer /* write reg to memory, address from immediate then mem_ptr */ + % reg + % num_bytes + % addr + [5] opcode + [6] reg + [4] num_bytes + [17] addr +end + +format + ! 0x0c store /* write pdata to memory, address from immediate then mem_ptr */ + % num_bytes + % addr + [5] opcode + [6] 63 + [4] num_bytes + [17] addr +end + +format + ! 0x0c storet /* write temp to memory, address from immediate then mem_ptr */ + % num_bytes + % addr + [5] opcode + [6] 2 + [4] num_bytes + [17] addr +end + + +format + ! 0x1c istorer /* write regr to memory, address from regaddr */ + % regr + % num_bytes + % regaddr + [5] opcode + [6] regr + [4] num_bytes + [11] 0 + [6] regaddr +end + +format + ! 0x1c istore /* write pdata to memory, address from regaddr */ + % num_bytes + % regaddr + [5] opcode + [6] 63 + [4] num_bytes + [11] 0 + [6] regaddr +end + +format + ! 0x1c istoret /* write temp to memory, address from regaddr */ + % num_bytes + % regaddr + [5] opcode + [6] 2 + [4] num_bytes + [11] 0 + [6] regaddr +end + + +format + ! 0x0d fetchr /* read reg from memory, address from immediate then mem_ptr */ + % reg + % num_bytes + % addr + [5] opcode + [6] reg + [4] num_bytes + [17] addr +end + +format + ! 0x0d fetch /* read pdata from memory, address from immediate then mem_ptr */ + % num_bytes + % addr + [5] opcode + [6] 63 + [4] num_bytes + [17] addr +end + +format + ! 0x0d fetcht /* read temp from memory, address from immediate then mem_ptr */ + % num_bytes + % addr + [5] opcode + [6] 2 + [4] num_bytes + [17] addr +end + +format + ! 0x1d ifetchr /* read regr from memory, address from regaddr */ + % regr + % num_bytes + % regaddr + [5] opcode + [6] regr + [4] num_bytes + [11] 0 + [6] regaddr +end + +format + ! 0x1d ifetch /* read pdata from memory, address from regaddr */ + % num_bytes + % regaddr + [5] opcode + [6] 63 + [4] num_bytes + [11] 0 + [6] regaddr +end + +format + ! 0x1d ifetcht /* read temp from memory, address from regaddr */ + % num_bytes + % regaddr + [5] opcode + [6] 2 + [4] num_bytes + [11] 0 + [6] regaddr +end + + +format + ! 0x0c hstoret /* write to corereg, data from temp, address from immediate won't increment */ + % num_bytes + % addr + [5] opcode + [6] 2 /* memory */ + [4] num_bytes + [1] 0 + [1] 1 + [15] addr +end + +format + ! 0x0d hfetcht /* read from corereg, data into temp, address from immediate won't increment */ + % num_bytes + % addr + [5] opcode + [6] 2 /* memory */ + [4] num_bytes + [1] 0 + [1] 1 + [15] addr +end + +format + ! 0x0c hstore /* write to memory, data from pdata, address from immediate then mem_ptr */ + % num_bytes + % addr + [5] opcode + [6] 63 /* memory */ + [4] num_bytes + [1] 0 + [1] 1 + [15] addr +end + +format + ! 0x0d hfetch /* read from memory, data into pdata, address from immediate then mem_ptr */ + % num_bytes + % addr + [5] opcode + [6] 63 /* memory */ + [4] num_bytes + [1] 0 + [1] 1 + [15] addr +end + + +format + ! 0x0d crc /* read from memory, count from loopcnt, put crc result into pdata */ + % addr + [5] opcode + [6] 0 + [4] 0 + [17] addr +end + +format + ! 0x1d icrc /* read from memory, address from reg, count from loopcnt, put crc result into pdata */ + % reg + [5] opcode + [6] reg /* hold address */ + [4] 0 + [17] 0 +end + +format + ! 0x0e jam + % immediate + % addr + [5] opcode + [2] 0 + [17] addr + [8] immediate +end + +format + ! 0x0e hjam + % immediate + % addr + [5] opcode + [3] 0 + [1] 1 /* msb */ + [15] addr + [8] immediate +end + + +format /* 0x242... */ + ! 4 nbranch + % addr + % flag + [5] opcode + [1] 1 + [5] 1 + [6] flag + [15] addr +end + +format + ! 4 ncall + % addr + % flag + [5] opcode + [1] 1 + [5] 2 + [6] flag + [15] addr +end + +format + ! 4 nrtn + % flag + [5] opcode + [1] 1 + [5] 3 + [6] flag + [15] 0 +end + +format + ! 4 nop + % addr /* no-op for addr+2 clocks */ + [5] opcode + [6] 0 + [6] 0 /* always */ + [15] addr +end + +format + ! 4 clear_stack + [5] opcode + [6] 4 + [6] 0 /* always */ + [15] 0 +end + +format + ! 6 until + % reg + % flag + [5] opcode + [6] reg + [6] flag + [6] 1 + [9] 0 +end + +format + ! 6 correlate /* quit if 1. flag is true 2, regr time up 3, found sync,(cond_true) */ + % reg /* expire counter to check against */ + % flag + [5] opcode + [6] reg + [6] flag + [6] 2 /* correlate */ + [9] 0 +end + +format + ! 5 compare /* sets cond flag, if reg equals immediate */ + % immediate + % reg + % mask + [5] opcode + [6] reg + [3] 0 + [9] mask + [9] immediate +end + +format + ! 0x15 icompare /* sets cond flag, if reg equals pdata */ + % mask + % reg + [5] opcode + [6] reg + [3] 0 + [9] mask + [9] 0 +end + +format /* sets cond. flag, if reg equals LS half of shift reg with MS half of reg being mask */ + ! 5 iverify + % reg + [5] opcode + [6] reg + [3] 2 + [18] 0 +end + +format + ! 0x15 qisolate1 + % reg + [5] opcode + [6] reg + [3] 3 + [18] -1 +end + +format + ! 0x15 qisolate0 + % reg + [5] opcode + [6] reg + [3] 3 + [18] 0 +end + + /* REVAB bug: cannot access bit above 35 */ +format + ! 5 isolate1 + % addr + % reg + [5] opcode + [6] reg + [3] 3 + [9] -1 + [9] addr +end + +format + ! 5 isolate0 + % addr + % reg + [5] opcode + [6] reg + [3] 3 + [9] 0 + [9] addr +end + +format + ! 11 setarg + % immediate + [5] opcode + [27] immediate +end + +format + ! 0x1b arg + % immediate + % reg + [5] opcode + [6] reg + [21] immediate +end + + +format + ! 0 sleep + [5] opcode + [27] 0 +end + +format + ! 0 snooze + [5] opcode + [6] -1 + [21] 0 +end + +format + ! 0 revision + % rev_num + [5] opcode + [27] rev_num +end + +format + ! 0x18 loop /* branch when loopcnt is NOT zero, and decrease loopcnt */ + % addr + [5] opcode + [4] 4 + [8] 0 + [15] addr +end + +format + ! 0x18 beq /* branch when pdata is equal to immediate */ + % imme + % addr + [5] opcode + [4] 0 + [8] imme + [15] addr +end + +format + ! 0x18 bne /* branch when pdata is NOT equal to immediate */ + % imme + % addr + [5] opcode + [4] 1 + [8] imme + [15] addr +end + +format + ! 0x18 rtneq /* return when pdata is equal to immediate */ + % imme + [5] opcode + [4] 2 + [8] imme + [15] 0 +end + +format + ! 0x18 rtnne /* return when pdata is NOT equal to immediate */ + % imme + [5] opcode + [4] 3 + [8] imme + [15] 0 +end + +format + ! 0x18 bbit1 /* branch when pdata's imme bit is 1 */ + % imme + % addr + [5] opcode + [4] 5 + [8] imme + [15] addr +end + +format + ! 0x18 bbit0 /* branch when pdata's imme bit is 0 */ + % imme + % addr + [5] opcode + [4] 6 + [8] imme + [15] addr +end + +format + ! 0x18 rtnbit1 /* return when pdata's imme bit is 0 */ + % imme + [5] opcode + [4] 7 + [8] imme + [15] 0 +end + +format + ! 0x18 rtnbit0 /* return when pdata's imme bit is 0 */ + % imme + [5] opcode + [4] 8 + [8] imme + [15] 0 +end + +format + ! 8 bpatch + % imme + % addr + [5] opcode + [4] 9 + [8] imme + [15] addr +end + +format + ! 8 bpatchx + % imme + % addr + [5] opcode + [4] 14 + [8] imme + [15] addr +end + +format + ! 0x18 bmark1 /* branch when mark's imme bit is 1 */ + % imme + % addr + [5] opcode + [4] 10 + [8] imme + [15] addr +end + +format + ! 0x18 bmark0 /* branch when mark's imme bit is 0 */ + % imme + % addr + [5] opcode + [4] 11 + [8] imme + [15] addr +end + +format + ! 0x18 rtnmark1 /* return when mark's imme bit is 0 */ + % imme + [5] opcode + [4] 12 + [8] imme + [15] 0 +end + +format + ! 0x18 rtnmark0 /* return when mark's imme bit is 0 */ + % imme + [5] opcode + [4] 13 + [8] imme + [15] 0 +end + +format + ! 3 mul32 /* immediate mult regr */ + % regr + % immediate + % regw + [5] opcode + [6] regr + [6] 31 + [6] regw + [9] immediate +end + +format + ! 0x13 imul32 /* pdata mult regr 32x32=64bit */ + % regr + % regw + [5] opcode + [6] regr + [6] 31 + [6] regw + [9] 0 +end + +format + ! 3 product /* harvest mult product */ + % regw + [5] opcode + [6] 0 + [6] 17 + [6] regw + [9] 0 +end + +format + ! 3 byteswap + % regr + % regw + [5] opcode + [6] regr + [6] 33 + [6] regw + [9] 0 +end + +format + ! 3 shasx /* SHA256 Sx operation, immediate is Sx */ + % regr + % immediate + % regw + [5] opcode + [6] regr + [6] 28 + [6] regw + [9] immediate +end + + +format + ! 0x13 regexrot /* regext[0] <- regext[7], regext[1] <- regext[0], regext[2] <- regext[1] ... */ + [5] opcode + [6] 0 + [6] 29 + [6] null + [9] 0 +end + Index: dukaqi/senrui/format/hci.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/hci.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/hci.format (working copy) @@ -0,0 +1,569 @@ + + +memalloc( +1 mem_h5rx_ackcnt +1 mem_check_err_acl_cont + +1 mem_rp_packets +2 mem_packet_type + +2 mem_hci_sniff_conn_handle +2 mem_hci_sniff_max_interval +2 mem_hci_sniff_min_interval +2 mem_hci_sniff_attempt +2 mem_hci_sniff_timeout +2 mem_voice_setting +1 mem_retransmission_effort +2 mem_sco_ptype +3 mem_extm_uap_restore + +2 mem_h5rx_rptr +1 mem_h5rx_ack +1 mem_h5tx_ack +2 mem_h5tx_rptr +2 mem_h5tx_wptr +2 mem_h5tx_free +1 mem_h5rx_tmp +1 mem_h5tx_seq + +2 mem_hci_acl_queue_wptr +2 mem_hci_acl_queue_rptr +2 mem_hci_acl_queue_end +1 mem_hci_acl_queue_wcnt +1 mem_hci_acl_cnt + +2 mem_hci_acl_tx_trigger_wptr //tx via uart + + +1 mem_hci_curr_len +2 mem_hci_curr_target +) + +xmemalloc( + +1 mem_hci_lt_rx_state +) + +15 hci_flag_rp +//mem_hci_options bit map +( +1 hci_option_h4 +2 hci_option_protocol2 +3 hci_option_protocol3 +4 hci_option_uart +5 hci_option_usb +6 hci_option_phy2 +7 hci_option_phy3 +) +// UART baud rate @6MHz +( +0 uart_ctrl_bit_enable +3 uart_ctrl_bit_slip_protocol + +) + +//bit map of core_uart_ctrl +( + +) +//bit map of core_uart_status +( +0 uart_status_tx_fifo_full +1 uart_status_tx_fifo_empty +2 uart_status_tx_busy +3 uart_status_rx_fifo_empty + +) +//HCI H4 LOG related +( +0x4850 mem_hci_log +8 hci_log_size +100 hci_log_cnt + +) +//HCI H4 Packet TYPE +( +0x01 HCI_H4_TYPE_CMD +0x02 HCI_H4_TYPE_ACL +0x04 HCI_H4_TYPE_EVENT + +) +// HCI command opcode group field values +( +0x01 HCI_OGF_LINK_CONTROL +0x02 HCI_OGF_LINK_POLICY +0x03 HCI_OGF_BASEBAND +0x04 HCI_OGF_INFO +0x05 HCI_OGF_STATUS +0x06 HCI_OGF_TEST +0x08 HCI_OGF_LOW_ENERGY +0x3e HCI_OGF_LOGO_TESTING +0x3f HCI_OGF_VENDOR_SPECIFIC +) + +// HCI link control opcode command field values, OGF=1 +( +0x01 HCI_INQUIRY +0x02 HCI_INQUIRY_CANCEL +0x03 HCI_PERIODIC_INQUIRY_MODE +0x04 HCI_EXIT_PERIODIC_INQUIRY_MODE +0x05 HCI_CREATE_CONNECTION +0x06 HCI_DISCONNECT +0x07 HCI_ADD_SCO_CONNECTION +0x08 HCI_CREATE_CONNECTION_CANCEL +0x09 HCI_ACCEPT_CONNECTION +0x0A HCI_REJECT_CONNECTION +0x0B HCI_LINK_KEY_REQUEST_REPLY +0x0C HCI_LINK_KEY_REQUEST_NEGATIVE_REPLY +0x0D HCI_PIN_CODE_REQUEST_REPLY +0x0E HCI_PIN_CODE_REQUEST_NEGATIVE_REPLY +0x0F HCI_CHANGE_CONNECTION_PACKET_TYPE +0x11 HCI_AUTHENTICATION_REQUESTED +0x13 HCI_SET_CONNECTION_ENCRYPTION +0x15 HCI_CHANGE_CONNECTION_LINK_KEY +0x17 HCI_MASTER_LINK_KEY +0x19 HCI_REMOTE_NAME_REQUEST +0x1A HCI_REMOTE_NAME_REQUEST_CANCEL +0x1B HCI_READ_REMOTE_SUPPORTED_FEATURES +0x1C HCI_READ_REMOTE_EXT_FEATURES +0x1D HCI_READ_REMOTE_VERSION_INFORMATION +0x1F HCI_READ_CLOCK_OFFSET +0x20 HCI_READ_LMP_HANDLE +0x28 HCI_SETUP_SCO_CONNECTION +0x29 HCI_ACCEPT_SCO_CONNECTION +0x2A HCI_REJECT_SCO_CONNECTION +0x2B HCI_IO_CAP_REQUEST_REPLY +0x2C HCI_USER_CONFIRMATION_REQUEST_REPLY +0x2D HCI_USER_CONFIRMATION_REQUEST_NEGATIVE_REPLY +0x2E HCI_USER_PASSKEY_REQUEST_REPLY +0x2F HCI_USER_PASSKEY_REQUEST_NEGATIVE_REPLY +0x30 HCI_REMOTE_OOB_DATA_REQUEST_REPLY +0x33 HCI_REMOTE_OOB_DATA_REQUEST_NEGATIVE_REPLY +0x34 HCI_IO_CAPABILITY_REQUEST_NEGATIVE_REPLY +0x35 HCI_CREATE_PHYSICAL_LINK +0x36 HCI_ACCEPT_PHYSICAL_LINK +0x37 HCI_DISCONNECT_PHYSICAL_LINK +0x38 HCI_CREATE_LOGICAL_LINK +0x39 HCI_ACCEPT_LOGICAL_LINK +0x3A HCI_DISCONNECT_LOGICAL_LINK +0x3B HCI_LOGICAL_LINK_CANCEL +0x3C HCI_FLOW_SPEC_MODIFY +0x3D HCI_ENHANCED_SETUP_SYNCHRONOUS_CONNECTION +0x3E HCI_ENHANCED_ACCEPT_SYNCHRONOUS_CONNECTION_REQUEST +0x3F HCI_TRUNCATED_PAGE +0x40 HCI_TRUNCATED_PAGE_CANCEL +0x41 HCI_SET_CONNECTIONLESS_SLAVE_BROADCAST +0x42 HCI_SET_CONNECTIONLESS_SLAVE_BROADCAST_RECEIVE +0x43 HCI_START_SYNCHRONIZATION_TRAIN +0x44 HCI_RECEIVE_SYNCHRONIZATION_TRAIN +0x45 HCI_REMOTE_OOB_EXTENDED_DATA_REQUEST_REPLY +) + + +// HCI link policy commands OCF value, OGF=2 +( +0x01 HCI_HOLD_MODE +0x03 HCI_SNIFF_MODE +0x04 HCI_EXIT_SNIFF_MODE +0x05 HCI_PARK_MODE +0x06 HCI_EXIT_PARK_MODE +0x07 HCI_QOS_SETUP +0x09 HCI_ROLE_DISCOVERY +0x0B HCI_SWITCH_ROLE +0x0C HCI_READ_LINK_POLICY_SETTINGS +0x0D HCI_WRITE_LINK_POLICY_SETTINGS +0x0e HCI_READ_DEFAULT_LINK_POLICY_SETTINGS +0x0f HCI_WRITE_DEFAULT_LINK_POLICY_SETTINGS +0x10 HCI_FLOW_SPECIFICATION +0x11 HCI_SNIFF_SUBRATING +) + +// HCI host controller and baseband commands OCF values, OGF=3 +( +0x01 HCI_SET_EVENT_MASK +0x03 HCI_RESET +0x05 HCI_SET_EVENT_FILTER +0x08 HCI_FLUSH +0x09 HCI_READ_PIN_TYPE +0x0A HCI_WRITE_PIN_TYPE +0x0B HCI_CREATE_NEW_UNIT_KEY +0x0D HCI_READ_STORED_LINK_KEY +0x11 HCI_WRITE_STORED_LINK_KEY +0x12 HCI_DELETE_STORED_LINK_KEY +0x13 HCI_WRITE_LOCAL_NAME +0x14 HCI_READ_LOCAL_NAME +0x15 HCI_READ_CONN_ACCEPT_TIMEOUT +0x16 HCI_WRITE_CONN_ACCEPT_TIMEOUT +0x17 HCI_READ_PAGE_TIMEOUT +0x18 HCI_WRITE_PAGE_TIMEOUT +0x19 HCI_READ_SCAN_ENABLE +0x1A HCI_WRITE_SCAN_ENABLE +0x1B HCI_READ_PAGE_SCAN_ACTIVITY +0x1C HCI_WRITE_PAGE_SCAN_ACTIVITY +0x1D HCI_READ_INQUIRY_SCAN_ACTIVITY +0x1E HCI_WRITE_INQUIRY_SCAN_ACTIVITY +0x1F HCI_READ_AUTHENTICATION_ENABLE +0x20 HCI_WRITE_AUTHENTICATION_ENABLE +0x21 HCI_READ_ENCRYPTION_MODE +0x22 HCI_WRITE_ENCRYPTION_MODE +0x23 HCI_READ_CLASS_OF_DEVICE +0x24 HCI_WRITE_CLASS_OF_DEVICE +0x25 HCI_READ_VOICE_SETTING +0x26 HCI_WRITE_VOICE_SETTING +0x27 HCI_READ_AUTOMATIC_FLUSH_TIMEOUT +0x28 HCI_WRITE_AUTOMATIC_FLUSH_TIMEOUT +0x29 HCI_READ_NUM_BROADCAST_RETRANSMISSIONS +0x2A HCI_WRITE_NUM_BROADCAST_RETRANSMISSIONS +0x2B HCI_READ_HOLD_MODE_ACTIVITY +0x2C HCI_WRITE_HOLD_MODE_ACTIVITY +0x2D HCI_READ_TRANSMIT_POWER_LEVEL +0x2E HCI_READ_SCO_FLOW_CONTROL_ENABLE +0x2F HCI_WRITE_SCO_FLOW_CONTROL_ENABLE +0x31 HCI_SET_CONTROLLER_TO_HOST_FLOW_CONTROL +0x33 HCI_HOST_BUFFER_SIZE +0x35 HCI_HOST_NUM_COMPLETED_PACKETS +0x36 HCI_READ_LINK_SUPERVISION_TIMEOUT +0x37 HCI_WRITE_LINK_SUPERVISION_TIMEOUT +0x38 HCI_READ_NUMBER_OF_SUPPORTED_IAC +0x39 HCI_READ_CURRENT_IAC_LAP +0x3A HCI_WRITE_CURRENT_IAC_LAP +0x3B HCI_READ_PAGE_SCAN_PERIOD_MODE +0x3C HCI_WRITE_PAGE_SCAN_PERIOD_MODE +0x3D HCI_READ_PAGE_SCAN_MODE +0x3E HCI_WRITE_PAGE_SCAN_MODE +0x3F HCI_SET_AFH_CHANNEL_CLASSIFICATION + + +0x42 HCI_READ_INQUIRY_SCAN_TYPE +0x43 HCI_WRITE_INQUIRY_SCAN_TYPE +0x44 HCI_READ_INQUIRY_MODE +0x45 HCI_WRITE_INQUIRY_MODE +0x46 HCI_READ_PAGE_SCAN_TYPE +0x47 HCI_WRITE_PAGE_SCAN_TYPE + +0x48 HCI_READ_AFH_CHANNEL_ACCESSMENT_MODE +0x49 HCI_WRITE_AFH_CHANNEL_ACCESSMENT_MODE +0x51 HCI_READ_EXTENDED_INQUIRY_RESPONSE +0x52 HCI_WRITE_EXTENDED_INQUIRY_RESPONSE +0x53 HCI_REFRESH_ENCRYPTION_KEY +0x55 HCI_READ_SIMPLE_PAIRING_MODE +0x56 HCI_WRITE_SIMPLE_PAIRING_MODE +0x57 HCI_READ_LOCAL_OOB_DATA +0x58 HCI_READ_INQUIRY_RESPONSE_TRANSMIT_POWER_LEVEL +0x59 HCI_WRITE_INQUIRY_TRANSMIT_POWER_LEVEL +0x60 HCI_SEND_KEYPRESS_NOTIFICATION +0x5A HCI_READ_DEFAULT_ERRONEOUS_DATA_REPORTING +0x5B HCI_WRITE_DEFAULT_ERRONEOUS_DATA_REPORTING +0x5F HCI_ENHANCED_FLUSH +0x61 HCI_READ_LOGICAL_LINK_ACCEPT_TIMEOUT +0x62 HCI_WRITE_LOGICAL_LINK_ACCEPT_TIMEOUT +0x63 HCI_SET_EVENT_MASK_PAGE_2 +0x64 HCI_READ_LOCATION_DATA +0x65 HCI_WRITE_LOCATION_DATA +0x66 HCI_READ_FLOW_CONTROL_MODE +0x67 HCI_WRITE_FLOW_CONTROL_MODE +0x68 HCI_READ_ENHANCE_TRANSMIT_POWER_LEVEL +0x69 HCI_READ_BEST_EFFORT_FLUSH_TIMEOUT +0x6A HCI_WRITE_BEST_EFFORT_FLUSH_TIMEOUT +0x6B HCI_SHORT_RANGE_MODE +0x6C HCI_READ_LE_HOST_SUPPORT +0x6D HCI_WRITE_LE_HOST_SUPPORT +0x6E HCI_SET_MWS_CHANNEL_PARAMETERS +0x6F HCI_SET_EXTERNAL_FRAME_CONFIGURATION +0x70 HCI_SET_MWS_SIGNALING +0x71 HCI_SET_MWS_TRANSPORT_LAYER +0x72 HCI_SET_MWS_SCAN_FREQUENCY_TABLE +0x73 HCI_SET_MWS_PATTERN_CONFIGURATION +0x74 HCI_SET_RESERVED_LT_ADDR +0x75 HCI_DELETE_RESERVED_LT_ADDR +0x76 HCI_SET_CONNECTIONLESS_SLAVE_BROADCAST_DATA +0x77 HCI_READ_SYNCHRONIZATION_TRAIN_PARAMETERS +0x78 HCI_WRITE_SYNCHRONIZATION_TRAIN_PARAMETERS +0x79 HCI_READ_SECURE_CONNECTIONS_HOST_SUPPORT +0x7A HCI_WRITE_SECURE_CONNECTIONS_HOST_SUPPORT +0x7B HCI_READ_AUTHENTICATED_PAYLOAD_TIMEOUT +0x7C HCI_WRITE_AUTHENTICATED_PAYLOAD_TIMEOUT +0x7D HCI_READ_LOCAL_OOB_EXTENDED_DATA +0x7E HCI_READ_EXTENDED_PAGE_TIMEOUT +0x7F HCI_WRITE_EXTENDED_PAGE_TIMEOUT +0x80 HCI_READ_EXTENDED_INQUIRY_LENGTH +0x81 HCI_WRITE_EXTENDED_INQUIRY_LENGTH +) + + +// HCI informational parameters OCF values, OGF=4 +( +0x01 HCI_READ_LOCAL_VERSION_INFORMATION +0x02 HCI_READ_LOCAL_SUPPORTED_COMMANDS +0x03 HCI_READ_LOCAL_SUPPORTED_FEATURES +0x04 HCI_READ_LOCAL_EXT_FEATURES +0x05 HCI_READ_BUFFER_SIZE +0x07 HCI_READ_COUNTRY_CODE +0x09 HCI_READ_BD_ADDR +0x0A HCI_REJECT_CONNECTION_REQUEST +0x0B HCI_READ_LOCAL_SUPPORTED_CODECS +) + +// HCI status parameters OCF values, OGF=5 +( +0x01 HCI_READ_FAILED_CONTACT_COUNTER +0x02 HCI_RESET_FAILED_CONTACT_COUNTER +0x03 HCI_GET_LINK_QUALITY +0x05 HCI_READ_RSSI +0x06 HCI_READ_AFH_CHANNEL_MAP +0x07 HCI_READ_BD_CLOCK +0x08 HCI_READ_ENCRYPTION_KEY_SIZE +0x09 HCI_READ_LOCAL_AMP_INFO +0x0A HCI_READ_LOCAL_AMP_ASSOC +0x0B HCI_WRITE_REMOTE_AMP_ASSOC +0x0C HCI_GET_MWS_TRANSPORT_LAYER_CONFIGURATION +0x0D HCI_SET_TRIGGERED_CLOCK_CAPTURE +) + +// HCI testing command OCF values, OGF=6 +( +0x01 HCI_READ_LOOPBACK_MODE +0x02 HCI_WRITE_LOOPBACK_MODE +0x03 HCI_ENABLE_DEVICE_UNDER_TEST_MODE +0x04 HCI_WRITE_SIMPLE_PAIRING_DEBUG_MODE +0x07 HCI_ENABLE_AMP_RECEIVER_REPORTS +0x08 HCI_AMP_TEST_END +0x09 HCI_AMP_TEST +0x0A HCI_WRITE_SECURE_CONNECTIONS_TEST_MODE +) + +// HCI vendor specific command OCF values -OGF=3F +( +0x01 HCI_WRITE_BD_ADDR +0x02 HCI_READ_INQUIRY_RESPONSE_TIMEOUT +0x03 HCI_WRITE_INQUIRY_RESPONSE_TIMEOUT +0x04 HCI_READ_PAGE_SCAN_REPETITION_MODE +0x05 HCI_WRITE_PAGE_SCAN_REPETITION_MODE +0x06 HCI_READ_PAGE_RESPONSE_TIMEOUT +0x07 HCI_WRITE_PAGE_RESPONSE_TIMEOUT +0x08 HCI_READ_NEW_CONNECTION_TIMEOUT +0x09 HCI_WRITE_NEW_CONNECTION_TIMEOUT +0x0a HCI_INITIALIZE_BASEBAND +0x0b HCI_WRITE_LOCAL_SUPPORTED_FEATURES +0x0c HCI_WRITE_PARK_PARAMETERS +0x0d HCI_READ_PARK_PARAMETERS +0x0e HCI_WRITE_QUALITY_OF_SERVICE +0x0f HCI_NOT_USED +0x10 HCI_MODIFY_BEACON_PARAMETERS +0x11 HCI_UNPARK_USING_PM_ADDR +0x12 HCI_WRITE_HOPPING_CHANNELS +0x13 HCI_SLEEP_FOREVER_MODE +0x14 HCI_WRITE_AUTO_PAGE_SCAN_ENABLE +0x15 HCI_READ_AUTO_PAGE_SCAN_ENABLE +0x16 HCI_SET_ENCRYPTION_KEY_SIZE +0x17 HCI_INVALIDATE_FLASH_AND_REBOOT +0x18 HCI_UPDATE_UART_BAUD_RATE +0x19 HCI_WRITE_GPIO_1_4_AS_OUTPUT +0x1A HCI_WRITE_GPIO_2_LED +0x1B HCI_SET_TESTMODE_TYPE +0x1C HCI_WRITE_SCO_PCM_INT_PARAM +0x1D HCI_READ_SCO_PCM_INT_PARAM +0x1E HCI_WRITE_PCM_DATA_FORMAT_PARAM +0x1F HCI_READ_PCM_DATA_FORMAT_PARAM +0x20 HCI_WRITE_COMFORT_NOISE_PARAM +0x21 HCI_READ_COMFORT_NOISE_PARAM +0x22 HCI_WRITE_SCO_TS +0x23 HCI_READ_SCO_TS +0x24 HCI_WRITE_PCM_LOOPBACK_MODE +0x25 HCI_READ_PCM_LOOPBACK_MODE +0x26 HCI_SET_TRANSMIT_POWER +0x27 HCI_SET_SLEEPMODE_PARAM +0x28 HCI_READ_SLEEPMODE_PARAM +0x29 HCI_SLEEPMODE_CMD +0x2A HCI_DELAY_PERIPHERAL_SCO_STARTUP +0x2B HCI_WRITE_RECEIVE_ONLY +0x2C HCI_WRITE_RATE_CONTROL +0x2D HCI_TX_UNMOD_CARRIER +0x2E HCI_DOWNLOAD_MINIDRIVER +0x2F HCI_CRYSTAL_PPM +0x30 HCI_SET_POWER_AMP_BIAS +0x31 HCI_SET_HAM_BEHAVIOR +0x32 HCI_SET_AFH_BEHAVIOR +0x33 HCI_READ_USER_DEFINED_NVRAM +0x34 HCI_ENABLE_RADIO +0x35 HCI_READ_DIAGNOSTIC_INFO +0x36 HCI_GET_HID_DEVICE_LIST +0x37 HCI_ADD_HID_DEVICE +0x38 HCI_READ_APP_FW_CONFIG_VERSION +0x39 HCI_DELETE_HID_DEVICE +0x3B HCI_ENABLE_USB_HID_EMULATION +// 0x3A available +// 0x3B available +0x3C HCI_SEND_LMPDU +0x3D HCI_AUTO_PAIR_REQ +0x3E HCI_READ_VS_EXTENSION +0x3F HCI_WRITE_VS_EXTENSION + +0x77 HCI_OPCODE_FC77 +0x79 HCI_OPCODE_FC79 +0xC4 HCI_DOWNLOAD_PATCH +0xCC HCI_OPCODE_FCCC + +0x00 HCI_VENDOR_CMD_RESET +0x01 HCI_VENDOR_CMD_CHIPID +0x02 HCI_VENDOR_CMD_BAUD +0x03 HCI_VENDOR_CMD_PATCH +0x04 HCI_VENDOR_CMD_PATCH_DONE +0x05 HCI_VENDOR_CMD_ECHO +0x06 HCI_VENDOR_CMD_BDADDR + +0x07 HCI_VENDOR_CMD_ENTER_LPM +0x08 HCI_VENDOR_CMD_COMMU_READY + +0x10 HCI_VENDOR_CMD_MEM +0x11 HCI_VENDOR_CMD_EEP + +0X12 HCI_VENDOR_CMD_PATCH_SEC_INIT +0X13 HCI_VENDOR_CMD_PATCH_SEC +) + +//HCI LE controller command OCF values, OGF=8 +( +0x01 HCI_LE_SET_EVENT_MASK +0x02 HCI_LE_READ_BUFFER_SIZE +0x03 HCI_LE_READ_LOCAL_SUPPORTED_FEATURES +0x05 HCI_LE_SET_RANDOM_ADDRESS +0x06 HCI_LE_SET_ADVERTISING_PARAMETERS +0x07 HCI_LE_READ_ADVERTISING_CHANNEL_TX_POWER +0x08 HCI_LE_SET_ADVERTISING_DATA +0x09 HCI_LE_SET_SCAN_RESPONSE_DATA +0x0A HCI_LE_SET_ADVERTISE_ENABLE +0x0B HCI_LE_SET_SCAN_PARAMETERS +0x0C HCI_LE_SET_SCAN_ENABLE +0x0D HCI_LE_CREATE_CONNECTION +0x0E HCI_LE_CREATE_CONNECTION_CANCEL +0x0F HCI_LE_READ_WHITE_LIST_SIZE +0x10 HCI_LE_CLEAR_WHITE_LIST +0x11 HCI_LE_ADD_DEVICE_TO_WHITE_LIST +0x12 HCI_LE_REMOVE_DEVICE_FROM_WHITE_LIST +0x13 HCI_LE_CONNECTION_UPDATE +0x14 HCI_LE_SET_HOST_CHANNEL_CLASSIFICATION +0x15 HCI_LE_READ_CHANNEL_MAP +0x16 HCI_LE_READ_REMOTE_USED_FEATURES +0x17 HCI_LE_ENCRYPT +0x18 HCI_LE_RAND +0x19 HCI_LE_START_ENCRYPTION +0x1A HCI_LE_LONG_TERM_KEY_REQUEST_REPLY +0x1B HCI_LE_LONG_TERM_KEY_REQUEST_NEGATIVE_REPLY +0x1C HCI_LE_READ_SUPPORTED_STATES +0x1D HCI_LE_RECEIVER_TEST +0x1E HCI_LE_TRANSMITTER_TEST +0x1F HCI_LE_TEST_END +0x20 HCI_LE_REMOTE_CONNECTION_PARAMETER_REQUEST_REPLY +0x21 HCI_LE_REMOTE_CONNECTION_PARAMETER_REQUEST_NEGATIVE_REPLY +) +// HCI event code +( +0x01 HCI_EVENT_INQUIRY_COMPLETE +0x02 HCI_EVENT_INQUIRY_RESULT +0x03 HCI_EVENT_CONNECTION_COMPLETE +0x04 HCI_EVENT_CONNECTION_REQUEST +0x05 HCI_EVENT_DISCONNECTION_COMPLETE +0x06 HCI_EVENT_AUTHENTICATION_COMPLETE +0x07 HCI_EVENT_REMOTE_NAME_REQUEST_COMPLETE +0x08 HCI_EVENT_ENCRYPTION_CHANGE_COMPLETE +0x09 HCI_EVENT_CHANGE_CONNECTION_LINK_KEY_COMPLETE +0x0A HCI_EVENT_MASTER_LINK_KEY_COMPLETE +0x0B HCI_EVENT_READ_REMOTE_FEATURES_COMPLETE +0x0C HCI_EVENT_READ_REMOTE_VERSION_INFORMATION_COMPLETE +0x0D HCI_EVENT_QOS_SETUP_COMPLETE +0x0E HCI_EVENT_COMMAND_COMPLETE +0x0F HCI_EVENT_COMMAND_STATUS +0x10 HCI_EVENT_HARDWARE_ERROR +0x11 HCI_EVENT_FLUSH_OCCURRED +0x12 HCI_EVENT_ROLE_CHANGE +0x13 HCI_EVENT_NUM_COMPLETED_PACKETS +0x14 HCI_EVENT_MODE_CHANGE +0x15 HCI_EVENT_RETURN_LINK_KEYS +0x16 HCI_EVENT_PIN_CODE_REQUEST +0x17 HCI_EVENT_LINK_KEY_REQUEST +0x18 HCI_EVENT_LINK_KEY_NOTIFICATION +0x19 HCI_EVENT_LOOPBACK_COMMAND +0x1A HCI_EVENT_DATA_BUFFER_OVERFLOW +0x1B HCI_EVENT_MAX_SLOTS_CHANGE +0x1C HCI_EVENT_READ_CLOCK_OFFSET_COMPLETE +0x1D HCI_EVENT_CONNECTION_PACKET_TYPE_CHANGED +0x1E HCI_EVENT_QOS_VIOLATION +0x1F HCI_EVENT_PAGE_SCAN_MODE_CHANGE +0x20 HCI_EVENT_PAGE_SCAN_REPETITION_MODE_CHANGE +0x21 HCI_EVENT_FLOW_SPECIFICATION_COMPLETE +0x22 HCI_EVENT_INQUIRY_RESULT_WITHRSSI +0x23 HCI_EVENT_READ_REMOTE_EXT_FEATURES_COMPLETE +0x2C HCI_EVENT_SCO_CONNECTION_COMPLETE +0x2D HCI_EVENT_SCO_CONNECTION_CHANGED +0x2E HCI_EVENT_SNIFF_SUBRATING +0x2F HCI_EVENT_EXT_INQUIRY_RESULT +0x30 HCI_EVENT_ENCRYPT_KEY_REFRESH_COMPLETE +0x31 HCI_EVENT_IO_CAP_REQ +0x32 HCI_EVENT_IO_CAP_RESPONSE +0x33 HCI_EVENT_USER_CONFIRMATION_REQUEST +0x34 HCI_EVENT_UESR_PASSKEY_REQUEST +0x35 HCI_EVENT_REMOTE_OOB_DATA_REQUEST +0x36 HCI_EVENT_SIMPLE_PAIRING_COMPLETE +0x38 HCI_EVENT_LINK_SUPERVISION_TIMEOUT_CHANGED +0x39 HCI_EVENT_ENHANCED_FLUSH_COMPLETE +0x3B HCI_EVENT_USER_PASSKEY_NOTIFICATION +0x3C HCI_EVENT_KEYPRESS_NOTIFICATION +0x3D HCI_EVENT_REMOTE_HOST_SUPPORTED_FEATURES_NOTIFICATION +0x3E HCI_EVENT_LE_META_EVENT +0x40 HCI_EVENT_PHYSICAL_LINK_COMPLETE +0x41 HCI_EVENT_CHANNEL_SELECTED +0x42 HCI_EVENT_DISCONNECTION_PHYSICAL_LINK_COMPLETE +0x43 HCI_EVENT_PHYSICAL_LINK_LOSS_EARLY_WARNING +0x44 HCI_EVENT_PHYSICAL_LINK_RECOVERY +0x45 HCI_EVENT_LOGICAL_LINK_COMPLETE +0x46 HCI_EVENT_DISCONNECTION_LOGICAL_LINK_COMPLETE +0x47 HCI_EVENT_FLOW_SPEC_MODIFY_COMPLETE +0x48 HCI_EVENT_NUMBER_OF_COMPLETED_DATA_BLOCKS +0x49 HCI_EVENT_AMP_START_TEST +0x4A HCI_EVENT_AMP_TEST_END +0x4B HCI_EVENT_AMP_RECEIVER_REPORT +0x4C HCI_EVENT_SHORT_RANGE_MODE_CHANGE_COMPLETE +0x4D HCI_EVENT_AMP_STATUS_CHANGE +0x4E HCI_EVENT_TRIGGERED_CLOCK_CAPTURE +0x4F HCI_EVENT_SYNCHRONIZATION_TRAIN_COMPLETE +0x50 HCI_EVENT_SYNCHRONIZATION_TRAIN_RECEIVED +0x51 HCI_EVENT_CONNECTIONLESS_SLAVE_BROADCAST_RECEIVE +0x52 HCI_EVENT_CONNECTIONLESS_SLAVE_BROADCAST_TIMEOUT +0x53 HCI_EVENT_TRUNCATED_PAGE_COMPLETE +0x54 HCI_EVENT_SLAVE_PAGE_RESPONSE_TIMEOUT +0x55 HCI_EVENT_CONNECTIONLESS_SLAVE_BROADCAST_CHANNEL_MAP_CHANGE +0x56 HCI_EVENT_INQUIRY_RESPONSE_NOTIFICATION +0x57 HCI_EVENT_AUTHENTICATED_PAYLOAD_TIMEOUT_EXPIRED + +0xFE HCI_EVENT_LOGO_TESTING +0xFF HCI_EVENT_VENDOR_SPECIFIC +) +( +0x01 HCI_VENDOR_EVENT_COMMU_READY +) +//HCI LE SUBEVENT CODE +( +0x01 HCI_LE_SUBEVENT_CONN_COMPLETE +0x02 HCI_LE_SUBEVENT_ADV_REPORT +0x03 HCI_LE_SUBEVENT_CONN_UPDATE_COMPLETE +0x04 HCI_LE_SUBEVENT_REMOTE_FEATURE_COMPLETE +0x05 HCI_LE_SUBEVENT_LTK_REQUEST +0x06 HCI_LE_SUBEVENT_REMOTE_CONN_PARAM_REQ +) + +( +0x00 HCI_LPM_OFF +0x01 HCI_LPM_ON +) + + +( +33 HOST_WAKE_TIME +) + +( +1 HCI_RX_WAKE +0 HCI_RX_READY +) + Index: dukaqi/senrui/format/hid.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/hid.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/hid.format (working copy) @@ -0,0 +1,21 @@ + +( +/*HID TYPE*/ +0x01 HID_TYPE_CONTROL +0x04 HID_TYPE_GET_REPORT +0x05 HID_TYPE_SET_REPORT +0x07 HID_TYPE_SET_PROTOCOL +0x09 HID_TYPE_SET_IDLE +0x0a HID_TYPE_DATA +/*HID REPORT ID*/ +0x01 HID_REPORT_ID_KB + +0x00 HID_CONTROL_P_NOOPERATION +0x01 HID_CONTROL_P_HARDRESET +0x02 HID_CONTROL_P_SOFTRESET +0x03 HID_CONTROL_P_SUSPEND +0x04 HID_CONTROL_P_EXITSUSPEND +0x05 HID_CONTROL_P_VIRTUALCABLEUNPLUG +) + + Index: dukaqi/senrui/format/l2cap.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/l2cap.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/l2cap.format (working copy) @@ -0,0 +1,442 @@ + +memalloc( +0 mem_l2cap_mem_start +// L2CAP RX +2 mem_l2cap_rxbuff1_len +2 mem_l2cap_rxbuff2_len +2 mem_l2cap_rxbuff_new +1 mem_l2cap_rxbuff_inuse +2 mem_l2cap_payload_ptr +2 mem_l2cap_rx_pkt_length +2 mem_l2cap_rx_cid +1 mem_l2cap_rx_done + + + +// L2CAP TX Signal channel +2 mem_l2cap_signal_tx_buff_ptr +2 mem_l2cap_signal_tx_payload_ptr +2 mem_l2cap_signal_tx_length +// L2CAP TX SDP channel +2 mem_sdp_tx_buff_ptr +2 mem_sdp_tx_payload_ptr +2 mem_sdp_tx_pkt_length +// L2CAP TX RFCOMM channel +2 mem_rfcomm_tx_buff_ptr +2 mem_rfcomm_tx_payload_ptr +2 mem_rfcomm_tx_pkt_length + + + +//L2CAP Util + +2 memL2CAP_T1 + +1 mem_CONTROL_tasks +1 mem_send_config_req + + +1 mem_config_identifier +2 mem_config_req_dest_CID +1 mem_rfcomm_malloc_fail_flag + +//L2CAP STATE MACHINE +1 mem_message_to_uppersm +1 mem_upper_sm_remote_page +1 mem_upper_sm_reconn +1 mem_upper_sm_ss + + +64 mem_tx_malloc_log +0 mem_l2cap_mem_end + + +2 mem_scid +2 mem_cmd_length +2 mem_tt2 +2 mem_tt3 +2 mem_id +2 mem_psm + + +4 mem_l2cap_sdpres_delay_time +) + +xmemalloc( +0 mem_l2cap_xmem_start +//*******************L2CAP TX MULTI-PACKET*********************// +2 mem_l2cap_tx_multi_offset //0 means single packet + +//*******************CHANNEL ID*********************// +2 mem_sdp_remote_cid +2 mem_rfcomm_remote_cid +2 mem_hid_ctrl_remote_cid +2 mem_hid_int_remote_cid +//*******************CHANNEL STATE*********************// +1 mem_sdp_state +1 mem_rfcomm_state +1 mem_hid_control_state +1 mem_hid_interrupt_state +1 mem_spp_state +1 mem_ML2CAP_comm_id + +//*******************L2CAP malloc********************// +1 mem_used_map +0 mem_tx_fifo0 +1 mem_tx_fifo0_map +2 mem_tx_fifo0_ptr +0 mem_tx_fifo1 +1 mem_tx_fifo1_map +2 mem_tx_fifo1_ptr +0 mem_tx_fifo2 +1 mem_tx_fifo2_map +2 mem_tx_fifo2_ptr +0 mem_tx_fifo3 +1 mem_tx_fifo3_map +2 mem_tx_fifo3_ptr +0 mem_tx_fifo_end +256 mem_l2cap_lpm_txbuf +//*******************MISC*********************// +1 mem_l2cap_flow_ctrl_flag +1 mem_l2cap_pending_item +0 mem_l2cap_xmem_end + +) + + +//mem_l2cap_lpm_txbuf +( +256 l2cap_lpm_txbuf_len +) + +( +4 L2CAP_TX_FIFO_SIZE +8 L2CAP_TX_BUFF_CNT + +) +( +0x0002 L2CAP_SIG_EXT_FEATRUE +0x0003 L2CAP_SIG_FIX_FEATRUE +) + + +( +0 HS_IDLE +1 AG_INIT_CALL +2 HS_INIT_CALL +) +( +0 M_ACL_LINK_ABSENT +1 M_ACL_LINK_EXIST +) + +( +0 L2CAP_INUSE_BUFF1 +1 L2CAP_INUSE_BUFF2 +) +/* upper layer interface w/ lower layer */ +( +1 MAX_NUM_LINKS_ALLOWED +1 MAX_NUM_SCO_ALLOWED +1 ACL_LINK_PRESENT +0 ACL_LINK_ABSENT +) +( +1 L2CAP_RX_DONE +0 L2CAP_RX_CLEAR +) +/* Scheduler */ +( +0 L2CAP_DISCONNECT_INTERRUPT +1 RFCOMM_wants_service +2 L2CAP_sig_Tx_buff_full +3 RFCOMM_Tx_buff_full +4 SDP_Tx_buff_full +5 got_complete_L2CAP_pkt +6 L2CAP_init_Config_Req +7 L2CAP_DISCONNECT_CONTROL +) + +/* mem_CONTROL_tasks2 */ +( +0 UI_NEED_SERVICE +) +/* L2CAP logic channel identifiers (2 bytes) p.261 */ +( +0x0001 L2CAP_signal_channel +0x0050 L2CAP_SDP_channel +0x0051 L2CAP_RFCOMM_channel +0x0052 L2CAP_HID_Control_channel +0x0053 L2CAP_HID_Interrupt_channel +0x0077 L2CAP_AVDTP_signal_channel //------avdtp +0x0078 L2CAP_AVDTP_media_channel +0x0079 L2CAP_AVDTP_report_channel +0x0080 L2CAP_AVDTP_recovery_channel +0x00dd L2CAP_AVCTP_Control_channel +) +/* L2CAP signalling command codes (1 byte) p.284 */ +( +0x00 reserved +0x01 signal_cmd_reject +0x02 signal_connect_req +0x03 signal_connect_rsp +0x04 signal_config_req +0x05 signal_config_rsp +0x06 signal_disconnect_req +0x07 signal_disconnect_rsp +0x08 signal_echo_req +0x09 signal_echo_rsp +0x0a signal_info_req +0x0b signal_info_rsp +) +/* L2CAP signal_command_reject reason code (2 bytes), p.285 */ +( +0x0000 cmd_not_understood +0x0001 signalling_MTU_exceeded +0x0002 invalid_CID_in_req +) +/* L2CAP PSM values used in signal_connect_req (2 bytes), p.286 */ +( +0x0001 PSM_SDP +0x0003 PSM_RFCOMM +0x0005 PSM_TCS +0x0011 PSM_HID_control +0x0013 PSM_HID_interrupt +0x0017 PSM_AVCTP +0x0019 PSM_AVDTP +) +/* L2CAP connection response result code (2 bytes), p.288 */ +( +0x0000 L2CAP_connect_successful +0x0001 L2CAP_connect_pending +0x0002 L2CAP_connect_refused_PSM_unsupported +0x0003 L2CAP_connect_refused_security_block +0x0004 L2CAP_connect_refused_no_resources +) +/* L2CAP connection status values (2 bytes), p.288 */ +( +0x0000 L2CAP_no_info_available +0x0001 L2CAP_authentication_pending +0x0002 L2CAP_authorization_pending +) +/* L2CAP configuration response result code (2 bytes), p.292 */ +( +0x0000 L2CAP_config_success +0x0001 L2CAP_config_failure_bad_parameters +0x0002 L2CAP_config_failure_no_reason +0x0003 L2CAP_config_failure_unknown_options +) +/* L2CAP constant definitions */ +( +128 L2CAP_Rx_buff_size +48 L2CAP_signal_Tx_buff_size +128 SDP_Tx_buff_size +128 RFCOMM_Tx_buff_size +1 AM_ADDRESS +3 DM1TYPE +4 DH1TYPE +11 DH3TYPE +8 DVTYPE +0 channel_state_closed +1 channel_state_config +2 channel_state_open +0x0030 L2CAP_config_MTU_SDP +0xffff L2CAP_config_ftimeout_SDP +0x03e3 L2CAP_config_MTU_RFCOMM +0xffff L2CAP_config_ftimeout_RFCOMM +260 l2cap_max_pkt_len +) + +( +0 FAILURE +1 SUCCESS +2 IN_PROGRESS +) +( +0x00 IDLE +0x01 WAIT_4_BB_PAGE +0x02 WAIT_4_LMP_CONN +0x03 WAIT_4_SCO_CONN +0x04 WAIT_4_SCO_KILLED +) + +/*mem_master_mss*/ +( +0 STOP_ENC +1 SEND_SWITCH_REQ +) +( +0 HF_HS_READY +1 HF_AG_READY +) +/* mem_hf_state */ +( +0 HF_STATE_WAITING_RFCOMM_CONN +1 HF_STATE_HF_SEND_FEATURE +2 HF_STATE_WAITING_AG_FEATURE_OK +3 HF_STATE_HF_SEND_INDICATORS +4 HF_STATE_WAITING_AG_INDICATORS_OK +5 HF_STATE_HF_SEND_CURR_STATUS +6 HF_STATE_WAITING_AG_STATUS_OK +7 HF_STATE_HF_SEND_UPDATE_STATUS +8 HF_STATE_WAITING_AG_UPDATE_STATUS_OK +9 HF_STATE_CONNECTED +0x0a HF_STATE_HF_SEND_RECEIVE_INFO +0x0b HF_STATE_WAITING_AG_INFO +0x0c HF_STATE_HF_SEND_AT_CLIP +0x0d HF_STATE_WAITING_AT_CLIP +0x0e HF_STATE_HF_SEND_AT_CCWA +0x0f HF_STATE_WAITING_AT_CCWA +) +/*mem_hf_call_state*/ +( +0 HF_CALL_STATE_INACTIVE +1 HF_CALL_STATE_SETUP +2 HF_CALL_STATE_ACTIVE +) +/* mem_pairing_state bit definition */ +( +0 PAIR_INQUIRY_START +1 PAIR_INQUIRY_TIME_OUT +2 PAIR_INQUIRY_FAILED +3 PAIR_INQUIRY_SUCCESS +4 PAIR_READY_CONN +5 PAIR_WAIT_CANCEL_RESPONSE +6 PAIR_CONN_SUCCESS +7 PAIR_WAIT_DETACH +) + +/* mem_pairing_mode bit definition */ +( +0 FORCE_AUTHENTICATION +) +/* mem_hid_protecol_type */ +( +0 PROTECOL_BOOT /*default*/ +1 PROTECOL_REPORT +) + +/* mem_upper_sm_reconn */ +( +1 UPPERSM_SEND_SDP_CONN_REQ +2 UPPERSM_SEND_SDP_CFG_REQ +3 UPPERSM_SEND_SDP_HF_SS +4 UPPERSM_SEND_SDP_DISC_REQ +5 UPPERSM_SEND_RFCOMM_CONN_REQ +6 UPPERSM_SEND_RFCOMM_CFG_REQ +7 UPPERSM_SEND_SABM_CMD +8 UPPERSM_SEND_DISC +9 UPPERSM_SEND_WAIT +10 UPPERSM_SEND_HID_CONTROL_CONN_REQ +11 UPPERSM_SEND_HID_CONTROL_CFG_REQ +12 UPPERSM_SEND_HID_INTERRUPT_CONN_REQ +13 UPPERSM_SEND_HID_INTERRUPT_CFG_REQ +14 UPPERSM_SEND_SDP_HS_SS +15 UPPERSM_SEND_SDP_PBAP_SS +16 UPPERSM_SEND_SDP_AVTARG_SS +) +/* mem_upper_sm_remote_page */ +( +1 UPPERSM_RP_SEND_SDP_CONN_REQ +2 UPPERSM_RP_SEND_SDP_CFG_REQ +3 UPPERSM_RP_SEND_SDP_HF_SS +4 UPPERSM_RP_SEND_SDP_HS_SS +5 UPPERSM_RP_SEND_SDP_PBAP_SS +6 UPPERSM_RP_SEND_SDP_AVTARG_SS +7 UPPERSM_RP_SEND_SDP_DISC_REQ +8 UPPERSM_RP_SEND_AVCTP_CONN_REQ +9 UPPERSM_RP_SEND_AVCTP_CFG_REQ +) + +/* mem_ML2CAP_flag */ +( +0 MSCHEDULER_HID_CONTROL_CONN_DONE +1 MSCHEDULER_HID_INTERRUPT_CONN_DONE +2 MSCHEDULER_HID_CONTROL_CFG_REQ_DONE +3 MSCHEDULER_HID_CONTROL_CFG_RSP_DONE +4 MSCHEDULER_HID_INTERRUPT_CFG_REQ_DONE +5 MSCHEDULER_HID_INTERRUPT_CFG_RSP_DONE +6 MSCHEDULER_HID_CONTROL_DISC_DONE +7 MSCHEDULER_HID_INTERRUPT_DISC_DONE +) +/* ui event --add by lj*/ +( +0x00 UI_DATA_EVNET_NONE +0x01 UI_DATA_EVNET_HID +0x02 UI_DATA_EVNET_AVDTP_S +0x03 UI_DATA_EVNET_AVDTP_M +0x04 UI_DATA_EVNET_AVCTP +0x05 UI_DATA_EVNET_HS +0x06 UI_DATA_EVNET_HF +0x07 UI_DATA_EVNET_SPP +0x08 UI_DATA_EVNET_OBEX +) +/* ui ack --add by lj*/ +( +0x00 UI_DATA_TX_NONE +0x01 UI_DATA_TX_HID +0x02 UI_DATA_TX_AVDTP_S +0x03 UI_DATA_TX_AVDTP_M +0x04 UI_DATA_TX_AVCTP +0x05 UI_DATA_TX_HS +0x06 UI_DATA_TX_HF +0x07 UI_DATA_TX_SPP +0x08 UI_DATA_TX_OBEX +0x10 ACL_TX_L2CAP_SIGNAL +0x11 ACL_TX_SDP +0x12 ACL_TX_RFCOMM + +) + +( +0 L2CAP_SDP_interface_conn +1 L2CAP_SDP_interface_cfg +) + +( +0 L2CAP_CHANNEL_STATE_CONN_REQ +1 L2CAP_CHANNEL_STATE_CONN_RES +2 L2CAP_CHANNEL_STATE_SND_CFG_REQ +3 L2CAP_CHANNEL_STATE_SND_CFG_RES +4 L2CAP_CHANNEL_STATE_RCV_CFG_REQ +5 L2CAP_CHANNEL_STATE_RCV_CFG_RES +6 L2CAP_CHANNEL_RFCOMM_ONLY_SABM +7 L2CAP_CHANNEL_RFCOMM_ONLY_UA +6 L2CAP_CHANNEL_AVDTP_SIGNAL_INIT //set avdtp init complete +6 L2CAP_CHANNEL_HID_HANDSHAKE_DONE +0x3f L2CAP_CHANNEL_SETUP_COMPLETE +0x7f L2CAP_CHANNEL_AVDTP_SIGNAL_COMPLETE +0xff L2CAP_CHANNEL_RFCOMM_DLCI0_OPENED +) + +/* AVDTP---lj*/ +( +0 L2CAP_AVDTP_SIGNAL_CONNECT +1 L2CAP_AVDTP_SIGNAL_CONFIG +2 L2CAP_AVDTP_MEDIA_CONNECT +3 L2CAP_AVDTP_MEDIA_CONFIG +4 L2CAP_AVDTP_REPORT_CONNECT +5 L2CAP_AVDTP_REPORT_CONFIG +6 L2CAP_AVDTP_RECOVERY_CONNECT +7 L2CAP_AVDTP_RECOVERY_CONFIG +) +/* AVCTP---lj*/ +( +0 L2CAP_AVCTP_SIGNAL_CONNECT +1 L2CAP_AVCTP_SIGNAL_CONFIG +) + +127 L2CAP_SIGNAL_MALLOC_SIZE + +//1 mem_rfcomm_malloc_fail_flag +( +0 RFCOMM_MALLOC_SUCCEED +1 RFCOMM_MALLOC_FAIL +) + +//mem_l2cap_flow_ctrl_flag +( +0 L2CAP_FLOW_CTRL_DISABLE +1 L2CAP_FLOW_CTRL_ENABLE +) + Index: dukaqi/senrui/format/le.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/le.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/le.format (working copy) @@ -0,0 +1,732 @@ + +memalloc( +56 mem_le_rxbuf +262 mem_le_l2capbuf + + +/* security temp */ +4 mem_le_mic +4 mem_le_peer_mic +//8 mem_le_skdm +//8 mem_le_skds +16 mem_le_peer_ltk +16 mem_le_mrand + + +/* ========= le context =========== */ +1 mem_le_state +1 mem_le_mode +2 mem_le_tsniff +4 mem_le_anchor +6 mem_le_clk_offset +2 mem_le_receive_window +6 mem_le_plap +1 mem_le_conn_handle +1 mem_le_arq +1 mem_le_ch +1 mem_le_hop +2 mem_le_event_count +4 mem_le_supervision_timer +2 mem_le_instant +1 mem_le_channels +1 mem_le_op + + /* these 3 should NOT be seperated */ +4 mem_le_access +3 mem_le_crcinit +1 mem_le_window_size + + /* these 3 should NOT be seperated */ +2 mem_le_slave_latency +2 mem_le_superto +5 mem_le_channel_map + +2 mem_le_no_using +1 mem_le_peer_sca + +/* should be together */ +1 mem_le_att_opcode +2 mem_le_att_handle + +1 mem_le_err_code +1 mem_le_ll_pairing_fail_reason + +16 mem_le_sk + +/* test */ +1 mem_le_testtype +2 mem_le_test_sync +2 mem_le_test_pcnt + +6 mem_le_rxon_ts + +1 mem_le_rx_ll_opcode + +2 mem_le_notify_attr_start +1 mem_le_notify_len + +1 mem_cmd_le_create_conn + +2 mem_le_cur_attlist_start_ptr +2 mem_le_cur_handle_start +2 mem_le_cur_handle_end +1 mem_le_cur_uuid_length +16 mem_le_cur_uuid + +1 mem_le_curr_att_len +1 mem_le_search_res + +1 mem_le_continue_type + +) + + +xmemalloc( +2 mem_le_dsniff + +// parameters +2 mem_le_conn_interval +1 mem_le_scan_enable +2 mem_le_scan_interval +2 mem_le_scan_window + +1 mem_le_adv_enable +1 mem_le_adv_data_len +31 mem_le_adv_data +1 mem_le_scan_data_len +31 mem_le_scan_data + +//modified name +1 mem_le_name_len +30 mem_le_name + + +5 mem_le_new_map +0 mem_le_new_param +1 mem_le_new_transmitwindowsize +2 mem_le_new_transmitwindowoffset +2 mem_le_new_conninterval +2 mem_le_new_connslavelatency +2 mem_le_new_connsupervisiontimeout + +1 mem_le_txheader +1 mem_le_txlen +2 mem_le_txpayload +2 mem_le_txcid +1 mem_le_l2cap +1 mem_le_l2cap_response +31 mem_le_txbdy + +/* smp related */ +5 mem_le_pcnt_tx +5 mem_le_pcnt_rx +4 mem_le_last_mic +4 mem_le_ivm +4 mem_le_ivs +16 mem_le_ltk +1 mem_ltk_exists +16 mem_le_rconfirm +16 mem_le_srand +1 mem_le_iat +1 mem_le_rat +1 mem_le_preq +1 mem_le_preq_iocap +1 mem_le_preq_oob +1 mem_le_preq_auth +1 mem_le_preq_max_keysize +1 mem_le_preq_init_key_distribution +1 mem_le_preq_resp_key_distribution +1 mem_le_pres +1 mem_le_pres_iocap +1 mem_le_pres_oob +1 mem_le_pres_auth +1 mem_le_pres_max_keysize +1 mem_le_pres_init_key_distribution +1 mem_le_pres_resp_key_distribution + +/* att related */ +2 mem_le_search_handle_start +2 mem_le_search_handle_end +0 mem_le_att_offset +1 mem_le_search_att_type_length +16 mem_le_search_att_type +2 mem_le_notify_handle +1 mem_le_search_uuid_length +16 mem_le_search_uuid + + +//START of LE adv parameter structure +0 mem_le_adv_param +2 mem_le_adv_interval +1 mem_le_adv_type +1 mem_le_adv_own_addr_type +1 mem_le_adv_direct_addr_type +6 mem_le_adv_direct_addr +1 mem_le_adv_channel_map +//END of LE adv parameter structure + +//START of LE conn parameter structure +0 mem_le_conn_param +1 mem_le_conn_peer_addr_type +6 mem_le_conn_peer_addr +1 mem_le_conn_own_addr_type +2 mem_le_interval_min +2 mem_le_interval_max +2 mem_le_latency +2 mem_le_timeout +//START of LE conn parameter structure + +//START of LE scan parameter structure +0 mem_le_scan_params +1 mem_le_scan_type +1 mem_le_scan_own_addr_type +//END of LE scan parameter structure + +3 mem_le_lap +1 mem_le_uap +2 mem_le_nap + + +2 mem_le_local_mtu +2 mem_le_remote_mtu + +8 mem_le_skdm +8 mem_le_skds + +2 mem_le_init_superto +2 mem_ui_le_uuid_table + +1 mem_le_secure_connect_enable +1 mem_le_secure_connect_flag +1 mem_le_sc_calc +1 mem_le_secure_connect_state +1 mem_le_sc_confirm_gkey_flag +1 mem_le_sc_local_key_invalid + + +1 mem_le_pairing_state +1 mem_le_enc_state +1 mem_le_pairing_mode +4 mem_le_tk +2 mem_le_ediv +8 mem_le_rand +16 mem_le_irk + +//LE attribute list +4 mem_le_transmit_window + +//ble General configuration +1 mem_le_configuration +16 mem_le_fixed_ltk +2 mem_le_pairing_handle + +//for continue +2 mem_le_l2cap_size +1 mem_le_packet_len_recved + +//for fifo +1 mem_le_tx_buff_used +2 mem_le_tx_ptr0 +2 mem_le_tx_ptr1 +2 mem_le_tx_ptr2 +2 mem_le_tx_ptr3 + +//ble gatt signaling +1 mem_le_signaling_identifier +2 mem_le_l2cap_signaling_conn_param_update_rsp_result + +1 mem_le_packet_size +1 mem_le_packet_llid +2 mem_le_payload_ptr + +1 mem_le_md_count + +) + + +( +0x000001 param_le_features + +1636 param_sifs +0x1e0 param_clke_cal_le +0xa0 param_le_sca +) + +( +0 DEFAULT_STATES +1 IPHONE_LOST_LTK +2 MODULE_LOST_LTK +3 LTK_NOT_LOST +) + + +( +27 LE_MAX_PAKET_LEN +) + +/* advertising channel PDU type */ +( +0 ADV_IND +1 ADV_DIRECT_IND +2 ADV_NONCONN_IND +3 SCAN_REQ +4 SCAN_RSP +5 CONNECT_REQ +6 ADV_SCAN_IND +) + +( +0x01 GAP_ADTYPE_FLAGS +0x02 GAP_ADTYPE_16BIT_MORE +0x03 GAP_ADTYPE_16BIT_COMPLETE +0x04 GAP_ADTYPE_32BIT_MORE +0x05 GAP_ADTYPE_32BIT_COMPLETE +0x06 GAP_ADTYPE_128BIT_MORE +0x07 GAP_ADTYPE_128BIT_COMPLETE +0x08 GAP_ADTYPE_LOCAL_NAME_SHORT +0x09 GAP_ADTYPE_LOCAL_NAME_COMPLETE +0x0a GAP_ADTYPE_POWER_LEVEL +0xff GAP_ADTYPE_MANUFACTURER_SPECIFIC +) + + + /* LE control packet type */ + ( + 0x00 LL_CONNECTION_UPDATE_REQ + 0x01 LL_CHANNEL_MAP_REQ + 0x02 LL_TERMINATE_IND + 0x03 LL_ENC_REQ + 0x04 LL_ENC_RSP + 0x05 LL_START_ENC_REQ + 0x06 LL_START_ENC_RSP + 0x07 LL_UNKNOWN_RSP + 0x08 LL_FEATURE_REQ + 0x09 LL_FEATURE_RSP + 0x0A LL_PAUSE_ENC_REQ + 0x0B LL_PAUSE_ENC_RSP + 0x0C LL_VERSION_IND + 0x0D LL_REJECT_IND + 0x0E LL_SLAVE_FEATURE_REQ + 0x0F LL_CONNECTION_PARAM_REQ + 0x10 LL_CONNECTION_PARAM_RSP + 0x11 LL_REJECT_IND_EXT + 0x12 LL_PING_REQ + 0x13 LL_PING_RSP + ) + + /* Security Manager Protocol Code */ + ( + 0x01 SMP_PAIRING_REQUEST + 0x02 SMP_PAIRING_RESPONSE + 0x03 SMP_PAIRING_CONFIRM + 0x04 SMP_PAIRING_RANDOM + 0x05 SMP_PAIRING_FAILED + 0x06 SMP_ENCRYPTION_INFORMATION + 0x07 SMP_MASTER_IDENTIFICATION + 0x08 SMP_IDENTITY_INFORMATION + 0x09 SMP_IDENTITY_ADDRESS_INFORMATION + 0x0A SMP_SIGNING_INFORMATION + 0x0B SMP_SECURITY_REQUEST + 0x0c SMP_PAIRING_PUBLIC_KEY + 0x0d SMP_PAIRING_DHKEY_CHECK + ) + + /* L2CAP Signaling OPCODE */ + ( + 0x12 L2CAP_CONNECTION_PARAMETER_UPDATE_REQUEST + 0x13 L2CAP_CONNECTION_PARAMETER_UPDATE_RESPONSE + ) + + /* ATT OPCODE */ + ( + 0x01 ATTOP_ERROR_RESPONSE + 0x02 ATTOP_EXCHANGE_MTU_REQUEST + 0x03 ATTOP_EXCHANGE_MTU_RESPONSE + 0x04 ATTOP_FIND_INFORMATION_REQUEST + 0x05 ATTOP_FIND_INFORMATION_RESPONSE + 0x06 ATTOP_FIND_BY_TYPE_VALUE_REQUEST + 0x07 ATTOP_FIND_BY_TYPE_VALUE_RESPONSE + 0x08 ATTOP_READ_BY_TYPE_REQUEST + 0x09 ATTOP_READ_BY_TYPE_RESPONSE + 0x0A ATTOP_READ_REQUEST + 0x0B ATTOP_READ_RESPONSE + 0x0C ATTOP_READ_BLOB_REQUEST + 0x0D ATTOP_READ_BLOB_RESPONSE + 0x0E ATTOP_READ_MULTIPLE_REQUEST + 0x0F ATTOP_READ_MULTIPLE_RESPONSE + 0x10 ATTOP_READ_BY_GROUP_TYPE_REQUEST + 0x11 ATTOP_READ_BY_GROUP_TYPE_RESPONSE + 0x12 ATTOP_WRITE_REQUEST + 0x13 ATTOP_WRITE_RESPONSE + 0x16 ATTOP_PREPARE_WRITE_REQUEST + 0x17 ATTOP_PREPARE_WRITE_RESPONSE + 0x18 ATTOP_EXECUTE_WRITE_REQUEST + 0x19 ATTOP_EXECUTE_WRITE_RESPONSE + 0x1B ATTOP_HANDLE_VALUE_NOTIFICATION + 0x1D ATTOP_HANDLE_VALUE_INDICATION + 0x1E ATTOP_HANDLE_VALUE_CONFIRMATION + 0x52 ATTOP_WRITE_COMMAND + 0xD2 ATTOP_SIGNED_WRITE_COMMAND + 0x1f ATTOP_CONTINUE + 0x9e EMPTY_LE_DATA_PRE + 0x9f EMPTY_LE_DATA + ) + + /* ATT error code */ + ( + 0x01 ATT_ERR_INVALID_HANDLE + 0x02 ATT_ERR_READ_NOT_PERMITTED + 0x03 ATT_ERR_WRITE_NOT_PERMITTED + 0x04 ATT_ERR_INVALID_PDU + 0x05 ATT_ERR_INSUFFICIENT_AUTHENTICATION + 0x06 ATT_ERR_REQUEST_NOT_SUPPORTED + 0x07 ATT_ERR_INVALID_OFFSET + 0x08 ATT_ERR_INSUFFICIENT_AUTHORIZATION + 0x09 ATT_ERR_PREPARE_QUEUE_FULL + 0x0A ATT_ERR_ATTRIBUTE_NOT_FOUND + 0x0B ATT_ERR_ATTRIBUTE_NOT_LONG + 0x0C ATT_ERR_INSUFFICIENT_ENCRYPTION_KEY_SIZE + 0x0D ATT_ERR_INVALID_ATTRIBUTE_VALUE_LENGTH + 0x0E ATT_ERR_UNLIKELY_ERROR + 0x0F ATT_ERR_INSUFFICIENT_ENCRYPTION + 0x10 ATT_ERR_UNSUPPORTED_GROUP_TYPE + 0x11 ATT_ERR_INSUFFICIENT_RESOURCES + ) + /* SERVICE UUID */ + ( + 0x1800 UUID_SERVICE_GENERIC_ACC + 0x1801 UUID_SERVICE_GENERIC_ATT + 0x180a UUID_SERVICE_DEVICE_INFO + 0x180f UUID_SERVICE_BATTERY + 0x1812 UUID_SERVICE_HIDS + 0x2800 UUID_GATT_PRIMARY_SERVICE + 0x2801 UUID_GATT_SECONDARY_SERVICE + 0X2802 UUID_GATT_INCLUDE + 0X2803 UUID_GATT_CHARACTERISTIC + 0X2A00 UUID_CHRCTR_DEVICE_NAME + 0X2A19 UUID_CHRCTR_BATTERY_LEVEL + 0X2A22 UUID_CHRCTR_KEYBOARD_INPUT + 0X2A23 UUID_CHRCTR_SYSTEM_ID + 0X2A25 UUID_CHRCTR_SERIAL_NUMBER + 0X2A26 UUID_CHRCTR_FIRMWARE + 0X2A32 UUID_CHRCTR_KEYBOARD_OUTPUT + 0X2A33 UUID_CHRCTR_MOUSE_INPUT + 0X2A4A UUID_CHRCTR_HID_INFO + 0X2A4B UUID_CHRCTR_REPORT_MAP + 0X2A4C UUID_CHRCTR_HID_CTRL_POINT + 0X2A4D UUID_CHRCTR_REPORT + 0X2A4E UUID_CHRCTR_PROTOCOL_MODE + ) + + (// pairing failed reason + 0x00 PAIRING_FAILED_RESERVED + 0X01 PAIRING_FAILED_PASSKEY_ENTRY_FAILED + 0X02 PAIRING_FAILED_OOB_NOT_AVAILABLE + 0X03 PAIRING_FAILED_AUTHENTICATION_REQUIRE + 0X04 PAIRING_FAILED_CONFIRM_VALUE_FAILED + 0X05 PAIRING_FAILED_PAIRING_NOT_SUPPORTED + 0X06 PAIRING_FAILED_ENCRYPTION_KEY_SIZE + 0X07 PAIRING_FAILED_COMMAND_NOT_SUPPORTED + 0X08 PAIRING_FAILED_UNSPECIFIED_REASON + 0X09 PAIRING_FAILED_REPEATED_ATTEMPTS + 0X0A PAIRING_FAILED_INVALID_PARAMETERS + 0X0B PAIRING_FAILED_DHKEY_CHECK_FAILED + 0X0C PAIRING_FAILED_NUMERIC_COMPARISON_FAILED + 0X0D PAIRING_FAILED_BR_EDR_PAIRING_IN_PROGRESS + 0X0E PAIRING_FAILED_KEY_DERIVATION_GENERATION_NOT_ALLOWED + ) + + + //BLE ErrorCodes + ( + 0x01 ERROR_UNKNOWN_HCI_COMMAND + 0x02 ERROR_NO_CONNECTION + 0x03 ERROR_HARDWARE_FAILURE + 0x04 ERROR_PAGE_TIMEOUT + 0x05 ERROR_AUTHENTICATION_FAILURE + 0x06 ERROR_KEY_MISSING + 0x07 ERROR_MEMORY_FULL + 0x08 ERROR_CONNECTION_TIMEOUT + 0x09 ERROR_MAX_CONNECTIONS + 0x0A ERROR_MAX_SCO_CONNECTIONS + 0x0B ERROR_MAX_ACL_CONNECTIONS + 0x0C ERROR_COMMAND_DISALLOWED + 0x0D ERROR_HOST_REJECT_LIMITED_RESOURCES + 0x0E ERROR_HOST_REJECT_SECURITY_REASONS + 0x0F ERROR_HOST_REJECT_REMOTE_IS_ONLY_PERSONAL + 0x10 ERROR_HOST_TIMEOUT + 0x11 ERROR_UNSUPPORTED_FEATURE_OR_PARAMETER_VALUE + 0x12 ERROR_INVALID_HCI_COMMAND_PARAMETERS + 0x13 ERROR_REMOTE_USER_TERMINATED_CONNECTION + 0x14 ERROR_REMOTE_LOW_RESOURCES + 0x15 ERROR_REMOTE_POWERING_OFF + 0x16 ERROR_CONNECTION_TERMINATED_BY_LOCAL_HOST + 0x17 ERROR_REPEATED_ATTEMPTS + 0x18 ERROR_PAIRING_NOT_ALLOWED + 0x19 ERROR_UNKNOWN_LMP_PDU + 0x1A ERROR_UNSUPPORTED_REMOTE_FEATURE + 0x1B ERROR_SCO_OFFSET_REJECTED + 0x1C ERROR_SCO_INTERVAL_REJECTED + 0x1D ERROR_SCO_AIR_MODE_REJECTED + 0x1E ERROR_INVALID_LMP_PARAMETER + 0x1F ERROR_UNSPECIFIED_ERROR + 0x20 ERROR_UNSUPPORTED_LMP_PARAMETER_VALUE + 0x21 ERROR_ROLE_CHANGE_NOT_ALLOWD + 0x22 ERROR_LMP_RESPONSE_TIMEOUT + 0x23 ERROR_ERROR_TRANSACTION_COLLISION + 0x24 ERROR_LMP_PDU_NOT_ALLOWED + 0x25 ERROR_ENCRYPTION_MODE_NOT_ACCEPTABLE + 0x26 ERROR_UNIT_KEY_USED + 0x27 ERROR_QOS_NOT_SUPPORTED + 0x28 ERROR_INSTANT_PASSED + 0x29 ERROR_PAIRING_W_UNIT_KEY_NOT_SUPPORTED + 0x2a ERROR_DIFFERENT_TRANSACTION_COLLISION + 0x2c ERROR_QOS_UNACCEPTABLE_PARAMETER + 0x2d ERROR_QOS_REJECTED + 0x2e ERROR_CHANNEL_CLASSIFICATION_NOT_SUPPORTED + 0x2f ERROR_INSUFFICIENT_SECURITY + 0x30 ERROR_PARAMETER_OUT_OF_MANDATORY_PANGE + 0x32 ERROR_ROLE_SWITCH_PENDING + 0x34 ERROR_RESERVED_SLOT_VIOLATION + 0x35 ERROR_ROLE_SWITCH_FAILED + 0x36 ERROR_EXTENDED_INQUIRY_RESPONSE_TOO_LARGE + 0x37 ERROR_SIMPLE_PAIRING_NOT_SUPPORTED_BY_HOST + 0x38 ERROR_HOST_BUSY_PAIRING + ) + + + //modified_name + ( + 0x14 MAX_NAME_LEN + 0x16 ADV_DATA_NAME_LEN + 0X20 SPACE + + ) + /* GATT Specifications*/ + ( + 0X2900 CHARACTERTIC_EXTENDED_PROPERTIES + 0X2901 CHARACTERTIC_USER_DESCRIPTION + 0X2902 CLIENT_CHARACTERTIC_CONFIGURATION + 0X2903 SERVER_CHARACTERTIC_CONFIGURATION + 0X2904 CHARACTERTIC_PRESENTATION_FORMAT + 0X2905 CHARACTERTIC_AGGREGATE + 0X2906 VALID_RANGE + 0X2907 EXTERNAL_REPORT_REFERENCE + 0X2908 REPORT_REFERENCE + 0X290B ENVIR_SENSING_CONFIGURATION + 0X290C ENVIR_SENSING_MEASUREMENT + 0X290D ENVIR_SENSING_TRIGGER_SETTING + ) + /* LE L2CAP CID */ + ( + 0x0004 LE_L2CAP_CID_ATT + 0x0005 LE_L2CAP_CID_SIGNAL + 0x0006 LE_L2CAP_CID_SMP + ) + + //LE address type + ( + 0 LE_ADDR_TYPE_PUBLIC + 1 LE_ADDR_TYPE_RANDOM + ) + //LE address type bitmap + ( + 7 LE_RECEIVER_ADDR_BIT + 6 LE_SENDER_ADDR_BIT + ) + //LE SCAN TYPE + ( + 0x00 LE_SCAN_TYPE_PASSIVE //no SCAN_REQ shall be sent + 0x01 LE_SCAN_TYPE_ACTIVE + ) + + //LE SCAN ENABLE + ( + 0x00 LE_SCAN_DISABLE + 0x01 LE_SCAN_ENABLE + 0x0101 LE_ACTIVE_SCAN_ENABLE + ) + + //LE FIND INFORMATION RESPONSE + //THE FORMAT OF THE INFORMATION DATA + ( + 0x01 UUID_SIZE_16BIT + 0x02 UUID_SIZE_128BIT + ) + + ( + 0x0000 BLE_SIGNALING_CONNECT_PARAMETER_UPDATE_ACCEPTED + 0x0001 BLE_SIGNALING_CONNECT_PARAMETER_UPDATE_REJECTED + ) + +// le_state_map 0-2 is reserved for state_inconn,state_insniff and state_sco +( +3 lestate_got_first_packet +4 lestate_encryption +5 lestate_update_param +6 lestate_update_map +) + +// le mode +( +0 lemode_idle +1 lemode_slave +3 lemode_master +) + + +( +0x01 LLID_CONTINUE +0x02 LLID_START +0x03 LLID_LE_LL +0x01 LLID_EMPTY +) + +( +4 LE_TX_BUFF_COUNT +3 LE_TX_BUFF_UPDATE_LOOPCNT //LE_TX_BUFF_COUNT-1 + +12 LE_MD_MAX_COUNT +) + + +( +0 LE_INITATOR_LTK_BIT +1 LE_INITATOR_IRK_BIT +2 LE_INITATOR_CSRK_BIT +) + +( +0x00 LE_PAIRING_MODE_NONE +0x01 LE_PAIRING_MODE_LAGACY_JUSTWORK +0x02 LE_PAIRING_MODE_LAGACY_PASSKEY +0x81 LE_PAIRING_MODE_SECURE_CONNECT_JUSTWORK +0x82 LE_PAIRING_MODE_SECURE_CONNECT_NUMERIC +0x83 LE_PAIRING_MODE_SECURE_CONNECT_PASSKEY + +7 LE_PAIRING_MODE_SECURE_CONNECT_BIT +) + + +( +0 FLAG_IOCAP_DISPLAYONLY +1 FLAG_IOCAP_DISPLAYYESNO +2 FLAG_IOCAP_KEYBOARDONLY +3 FLAG_IOCAP_NOINPUTNOOUTPUT +4 FLAG_IOCAP_KEYBOARDDISPLAY + +0x00 FLAG_OOB_DATA_FLAG_NO +) + +( +0x00 FLAG_LE_NO_BONDING_NO_MITM +0x01 FLAG_LE_BONDING_NO_MITM +0x04 FLAG_LE_NO_BONDING_MITM +0x05 FLAG_LE_BONDING_MITM +0x09 FLAG_LE_BONDING_NO_MITM_SECURE +0x0D FLAG_LE_BONDING_MITM_SECURE + +2 LE_AUTH_MITM_BIT +3 LE_AUTH_SECURE_CONNECTION_PAIRING_BIT +) + +( +0 LE_FIND_BY_TYPE_VAL_RES_NOT_FOUND +1 LE_FIND_BY_TYPE_VAL_RES_FOUND_STARTING_HANDLE +2 LE_FIND_BY_TYPE_VAL_RES_FOUND_ENDING_HANDLE + +) + +( +0 MASTER_PUBLIC_ADDR +1 MASTER_RANDOM_ADDR +) + +( +0x06 LE_ERR_PIN_OR_KEY_MISSING +) + + +( +96000 TIMER_SMP_PAIRING_TIMEOUT //30S +) +//mem_le_pairing_state +( +0 FLAG_LE_PAIRING_NULL +1 FLAG_LE_PAIRING_START +2 FLAG_LE_PAIRING_SEND_RECURITY_REQ +3 FLAG_LE_PAIRING_RCV_PAIRING_REQ +4 FLAG_LE_PAIRING_AUTH +5 FLAG_LE_PAIRING_AFTER_AUTH +6 FLAG_LE_PAIRING_SEND_START_ENC_RSP +7 FLAG_LE_PARING_SEND_ENC_INFORMATION +8 FLAG_LE_PARING_SEND_MASTER_IDENTIFICATION +9 FLAG_LE_PARING_SEND_INDENTITY_INFORMATION +0xff FLAG_LE_PAIRING_END +) + + + +/*LE secure connect state */ +( +0x00 LE_SC_STAT_NULL +0x01 LE_SC_STAT_RECEIVE_PUBLIC_KEY +0x02 LE_SC_STAT_WAIT_SEND_PUBLIC_KEY +0x03 LE_SC_STAT_SEND_PUBLIC_KEY +0x04 LE_SC_STAT_RECEIVE_RANDOM +0x05 LE_SC_STAT_SEND_RANDOM +0x06 LE_SC_STAT_RECEIVE_DHKEY +0x07 LE_SC_STAT_WAIT_CONFIRM_GKEY +0x08 LE_SC_STAT_PASSKEY_WAIT_CONFIRM +) + + +( +0 FLAG_LE_SC_CONFRIM_NULL +1 FLAG_LE_SC_CONFRIM_GKEY_OK +) + +//mem_le_enc_state +( +0 FLAG_LE_ENC_NULL +1 FLAG_LE_RCV_ENC_START +2 FLAG_LE_ENC_PAUSE +3 FLAG_LE_RCV_START_ENC_RSP +4 FLAG_LE_SEND_START_ENC_RSP +0xff FLAG_LE_ENC_END +) + +(//mem_le_configuration +//bit0:use fixed key , ble passkey pairing +0 BIT_BLE_PASSKEY_FIXED_KEY +//bit1:ble pairing use fixed long term key +1 BIT_BLE_PAIRING_FIXED_LTK +//bit2:ble transmit packet will set more data flag +2 BIT_BLE_TRANSMIT_PACKET_BY_MD +//bit3:master read handle, with requires an authenticated link +3 BIT_BLE_READ_AUTH +//bit4:master write handle, with requires an authenticated link +4 BIT_BLE_WRITE_AUTH +//bit5:cannot enter long sleep +5 BIT_BLE_SHORT_MULT + +) + +( +0 BIT_ADV_CHANNEL_MAP_37 +1 BIT_ADV_CHANNEL_MAP_38 +2 BIT_ADV_CHANNEL_MAP_39 +) + +( +0 BIT_CHARACTERISTIC_BROADCAST +1 BIT_CHARACTERISTIC_READ +2 BIT_CHARACTERISTIC_WRITE_WITHOUT_RESPONSE +3 BIT_CHARACTERISTIC_WRITE +4 BIT_CHARACTERISTIC_NOTIFY +5 BIT_CHARACTERISTIC_INDICATE +6 BIT_CHARACTERISTIC_SIGNED_WRITE +7 BIT_CHARACTERISTIC_EXTENDED_PROPERTIES +) + + Index: dukaqi/senrui/format/lmp.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/lmp.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/lmp.format (working copy) @@ -0,0 +1,224 @@ + +memalloc( + +1 mem_lmo_header_length +1 mem_lmo_header_opcode +17 mem_lmo_payload +1 mem_lmi_accepted_opcode +1 mem_disconn_reason_send +1 mem_tx_fixed_freq +1 mem_rx_fixed_freq +1 mem_ext_features_page +2 mem_lmpext_ssp_enable +1 mem_remote_sppcap + +1 mem_lmp_conn_state +2 mem_soft_timer +1 mem_pincode_state + +1 mem_sres_tid +1 mem_accptsco_tid + +1 mem_auth_enable +1 mem_wait_encryption + +16 mem_sniff_payload +4 mem_aurand_send_delay_time +) + +xmemalloc( +3 mem_lmp_version +2 mem_lmp_subversion +1 mem_local_name_length +3 mem_local_name +64 mem_local_name2 +1 mem_local_name_end +1 mem_unsniff2sniff_timer +1 mem_switch_flag +1 mem_classic_bt_flag +) + + ( + //bit flag:mem_classic_bt_flag + 0 FLAG_SSP_REJECT_JUSTWORK + 1 SHORT_MULT_FLAG + ) + + ( + //bit map + 0 pair_state_inrand + 1 pair_state_inrand_acpt + 2 pair_state_send_comb + 3 pair_state_recv_comb + 4 pair_state_send_aurand + 5 pair_state_recv_sres + 6 pair_state_recv_aurand + 7 pair_state_send_sres + ) + /* LMP opcodes */ + ( + 1 LMP_NAME_REQ + 2 LMP_NAME_RES + 3 LMP_ACCEPTED + 4 LMP_NOT_ACCEPTED + 5 LMP_CLKOFFSET_REQ + 6 LMP_CLKOFFSET_RES + 7 LMP_DETACH + 8 LMP_IN_RAND + 9 LMP_COMB_KEY + 10 LMP_UNIT_KEY + 11 LMP_AU_RAND + 12 LMP_SRES + 13 LMP_TEMP_RAND + 14 LMP_TEMP_KEY + 15 LMP_ENCRYPTION_MODE_REQ + 16 LMP_ENCRYPTION_KEY_SIZE_REQ + 17 LMP_START_ENCRYPTION_REQ + 18 LMP_STOP_ENCRYPTION_REQ + 19 LMP_SWITCH_REQ + 20 LMP_HOLD + 21 LMP_HOLD_REQ + 23 LMP_SNIFF_REQ + 24 LMP_UNSNIFF_REQ + 26 LMP_PARK_REQ + 27 LMP_SET_BROADCAST_SCAN_WINDOW + 28 LMP_MODIFY_BEACON + 29 LMP_UNPARK_BD_ADDR_REQ + 30 LMP_UNPARK_PM_ADDR_REQ + 31 LMP_INCR_POWER_REQ + 32 LMP_DECR_POWER_REQ + 33 LMP_MAX_POWER + 34 LMP_MIN_POWER + 35 LMP_AUTO_RATE + 36 LMP_PREFERRED_RATE + 37 LMP_VERSION_REQ + 38 LMP_VERSION_RES + 39 LMP_FEATURES_REQ + 40 LMP_FEATURES_RES + 41 LMP_QUALITY_OF_SERVICE + 42 LMP_QUALITY_OF_SERVICE_REQ + 43 LMP_SCO_LINK_REQ + 44 LMP_REMOVE_SCO_LINK_REQ + 45 LMP_MAX_SLOT + 46 LMP_MAX_SLOT_REQ + 47 LMP_TIMING_ACCURACY_REQ + 48 LMP_TIMING_ACCURACY_RES + 49 LMP_SETUP_COMPLETE + 50 LMP_USE_SEMI_PERMANENT_KEY + 51 LMP_HOST_CONNECTION_REQ + 52 LMP_SLOT_OFFSET + 53 LMP_PAGE_MODE_REQ + 54 LMP_PAGE_SCAN_MODE_REQ + 55 LMP_SUPERVISION_TIMEOUT + 56 LMP_TEST_ACTIVATE + 57 LMP_TEST_CONTROL + 58 LMP_ENC_KEY_SIZE_MASK_REQ + 59 LMP_ENC_KEY_SIZE_MASK_RES + 60 LMP_SET_AFH + + /* simple pairing support */ + 61 LMP_ENCAPSULATED_HEADER + 62 LMP_ENCAPSULATED_PAYLOAD + 63 LMP_SIMPLE_PAIRING_CONFIRM + 64 LMP_SIMPLE_PAIRING_NUMBER + 65 LMP_DHKEY_CHECK + 127 LMP_ESCAPE + 127 LMP_ESCAPE_4 /* add 2bytes LMP header support */ + ) + /* LMP EXT opcodes, ORed with bit 7 to make difference to nonEXT */ + ( + 129 LMP_EXT_ACCEPTED + 130 LMP_NOT_ACCEPTED_EXT + 131 LMP_EXT_FEATURES_REQ + 132 LMP_EXT_FEATURES_RES + 139 LMP_PACKET_TYPE_TABLE_REQ + 140 LMP_EXT_ESCO_LINK_REQ + 141 LMP_EXT_REMOVE_ESCO_REQ + 144 LMP_EXT_CHN_CLASSIFICATION_REQ + 145 LMP_EXT_CHN_CLASSIFICATION + 149 LMP_SNIFF_SUBRATING_REQ + 150 LMP_SNIFF_SUBRATING_RES + 151 LMP_PAUSE_ENCRYPTION_REQ + 152 LMP_RESUME_ENCRYPTION_REQ + 153 LMP_IO_CAP_REQ + 154 LMP_IO_CAP_RES + ) + /* LMP reason codes */ + ( + 0x05 AUTHENTICATION_FAILURE_ERROR + 0x06 KEY_MISSING + 0x0b ACL_CONNECTION_ALREADY_EXISTS + 0x13 OTHER_END_TERMINATED + 0x15 ABOUT_TO_POEWR_OFF + 0x16 LOCAL_HOST + 0x18 PAIRING_NOT_ALLOWED + 0x19 UNKNOWN_LMP_PDU + 0x1A UNSUPPORTED_LMP_FEATURE + 0x1F UNSPECIFIED_ERROR + 0x20 UNSUPPORTED_PARAMETERS + 0x21 SWITCH_NOT_ALLOWED + 0x23 TRANSACTION_COLLISION + 0x24 PDU_NOT_ALLOWED + 0x25 ENCRYPTION_MODE_NOT_ACCEPTABLE + 0x2e NOT_SUPPORT_CHN_CLASSIFICATION + 0x37 NOT_SUPPORT_SSP + ) + + /* test mode scenarios */ + ( + 0 PAUSE_TEST_MODE + 1 ZERO_PATTERN + 2 ONE_PATTERN + 3 ALT_PATTERN + 4 PSEUDORANDOM + 5 CLOSED_LOOP_BACK_ACL + 6 CLOSED_LOOP_BACK_SCO + 7 ACL_WITHOUT_WHITENING + 8 SCO_WITHOUT_WHITENING + 9 ALT2_PATTERN + 255 EXIT_TEST_MODE + ) + /* test mode hoppig modes */ + ( + 0 FIXED_FREQ + 1 NORMAL_HOP + ) + + /* mem_lmp_tid indicates which type of LMP will be sent */ + ( + 0 TID_NORM_REPLY + 1 TID_NORM_SEND + 2 TID_ONE + 3 TID_ZERO + 4 TID_PAIRING + 5 TID_ENCRYPTION + 6 TID_VARIABLE + 7 TID_RX + ) + + /* ============== lmp status ==========*/ + ( + 0 lmp_incoming + 1 lmp_outgoing + 2 lmp_reject_msg + 3 lmp_clear_msg + 4 upper_reject_msg + 5 upper_clear_msg + ) + +( +0x2ee00 TIMER_ONE_MINUTE //96000*2 +80 TIMER_SWITCH_WAITE +12 TIMER_ENPT_WAITE +) + +( +0 SWITCH_FLAG_INIT +1 SWITCH_FLAG_ACCEPT +2 SWITCH_FLAG_NOT_ACCEPT +) +( +0 NULL_ENCRYP +1 DONE_ENCRYP +) + Index: dukaqi/senrui/format/memblocks.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/memblocks.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/memblocks.format (working copy) @@ -0,0 +1,66 @@ +// +// +//Large memory blocks defined in this file. +//Blocks Shall be defined with absolute address. +//Blocks' length Shall be specified in comment following Blocks' names. +//Different blocks MAY be overlap. +//Blocks defined in this file Shall NOT be overlap with variable in memmap.format. + +// USB C51 exchange area +( +0xff0 mem_mcmd +0xff1 mem_mouse_data +) + +//l2cap RX buffers +( +0x1000 mem_l2cap_rxbuff1 //0x400 +0x1400 mem_l2cap_rxbuff2 //0x400 +//end address:0x17ff +) +//l2cap TX buffers +( +0x1800 mem_tx_buff0 //128 +0x1880 mem_tx_buff1 //128 +0x1900 mem_tx_buff2 //128 +0x1980 mem_tx_buff3 //128 +0x1a00 mem_tx_buff4 //128 +0x1a80 mem_tx_buff5 //128 +0x1b00 mem_tx_buff6 //128 +0x1b80 mem_tx_buff7 //128 +//end address: 0x1bff +) + +( +0x1800 mem_le_tx_buffer0 +0x1900 mem_le_tx_buffer1 +0x1a00 mem_le_tx_buffer2 +0x1b00 mem_le_tx_buffer3 +//end addr:0x1dff +) + + +//uart buffer +( +0x1800 mem_h5rx_buf//0x400 +0x1bff mem_h5rx_buf_end +0x1c00 mem_h5tx_buf +0x1fff mem_h5tx_buf_end +) + +( +0x4c00 mem_module_rx_buf//0x400 +0x4c00 mem_module_rx_buf_little +0x4fff mem_module_rx_buf_end +0x1c00 mem_module_tx_buf +0x1fff mem_module_tx_buf_end +) + +( +0x1800 mem_ir_record +0x1c mem_ir_record_max +) + + +endif + Index: dukaqi/senrui/format/patch.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/patch.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/patch.format (working copy) @@ -0,0 +1,516 @@ + +( + 0 patch00_0 + 1 patch00_1 + 2 patch00_2 + 3 patch00_3 + 4 patch00_4 + 5 patch00_5 + 6 patch00_6 + 7 patch00_7 + 8 patch01_0 + 9 patch01_1 + 10 patch01_2 + 11 patch01_3 + 12 patch01_4 + 13 patch01_5 + 14 patch01_6 + 15 patch01_7 + 16 patch02_0 + 17 patch02_1 + 18 patch02_2 + 19 patch02_3 + 20 patch02_4 + 21 patch02_5 + 22 patch02_6 + 23 patch02_7 + 24 patch03_0 + 25 patch03_1 + 26 patch03_2 + 27 patch03_3 + 28 patch03_4 + 29 patch03_5 + 30 patch03_6 + 31 patch03_7 + 32 patch04_0 + 33 patch04_1 + 34 patch04_2 + 35 patch04_3 + 36 patch04_4 + 37 patch04_5 + 38 patch04_6 + 39 patch04_7 + 40 patch05_0 + 41 patch05_1 + 42 patch05_2 + 43 patch05_3 + 44 patch05_4 + 45 patch05_5 + 46 patch05_6 + 47 patch05_7 + 48 patch06_0 + 49 patch06_1 + 50 patch06_2 + 51 patch06_3 + 52 patch06_4 + 53 patch06_5 + 54 patch06_6 + 55 patch06_7 + 56 patch07_0 + 57 patch07_1 + 58 patch07_2 + 59 patch07_3 + 60 patch07_4 + 61 patch07_5 + 62 patch07_6 + 63 patch07_7 + 64 patch08_0 + 65 patch08_1 + 66 patch08_2 + 67 patch08_3 + 68 patch08_4 + 69 patch08_5 + 70 patch08_6 + 71 patch08_7 + 72 patch09_0 + 73 patch09_1 + 74 patch09_2 + 75 patch09_3 + 76 patch09_4 + 77 patch09_5 + 78 patch09_6 + 79 patch09_7 + 80 patch0a_0 + 81 patch0a_1 + 82 patch0a_2 + 83 patch0a_3 + 84 patch0a_4 + 85 patch0a_5 + 86 patch0a_6 + 87 patch0a_7 + 88 patch0b_0 + 89 patch0b_1 + 90 patch0b_2 + 91 patch0b_3 + 92 patch0b_4 + 93 patch0b_5 + 94 patch0b_6 + 95 patch0b_7 + 96 patch0c_0 + 97 patch0c_1 + 98 patch0c_2 + 99 patch0c_3 + 100 patch0c_4 + 101 patch0c_5 + 102 patch0c_6 + 103 patch0c_7 + 104 patch0d_0 + 105 patch0d_1 + 106 patch0d_2 + 107 patch0d_3 + 108 patch0d_4 + 109 patch0d_5 + 110 patch0d_6 + 111 patch0d_7 + 112 patch0e_0 + 113 patch0e_1 + 114 patch0e_2 + 115 patch0e_3 + 116 patch0e_4 + 117 patch0e_5 + 118 patch0e_6 + 119 patch0e_7 + 120 patch0f_0 + 121 patch0f_1 + 122 patch0f_2 + 123 patch0f_3 + 124 patch0f_4 + 125 patch0f_5 + 126 patch0f_6 + 127 patch0f_7 + 128 patch10_0 + 129 patch10_1 + 130 patch10_2 + 131 patch10_3 + 132 patch10_4 + 133 patch10_5 + 134 patch10_6 + 135 patch10_7 + 136 patch11_0 + 137 patch11_1 + 138 patch11_2 + 139 patch11_3 + 140 patch11_4 + 141 patch11_5 + 142 patch11_6 + 143 patch11_7 + 144 patch12_0 + 145 patch12_1 + 146 patch12_2 + 147 patch12_3 + 148 patch12_4 + 149 patch12_5 + 150 patch12_6 + 151 patch12_7 + 152 patch13_0 + 153 patch13_1 + 154 patch13_2 + 155 patch13_3 + 156 patch13_4 + 157 patch13_5 + 158 patch13_6 + 159 patch13_7 + 160 patch14_0 + 161 patch14_1 + 162 patch14_2 + 163 patch14_3 + 164 patch14_4 + 165 patch14_5 + 166 patch14_6 + 167 patch14_7 + 168 patch15_0 + 169 patch15_1 + 170 patch15_2 + 171 patch15_3 + 172 patch15_4 + 173 patch15_5 + 174 patch15_6 + 175 patch15_7 + 176 patch16_0 + 177 patch16_1 + 178 patch16_2 + 179 patch16_3 + 180 patch16_4 + 181 patch16_5 + 182 patch16_6 + 183 patch16_7 + 184 patch17_0 + 185 patch17_1 + 186 patch17_2 + 187 patch17_3 + 188 patch17_4 + 189 patch17_5 + 190 patch17_6 + 191 patch17_7 + 192 patch18_0 + 193 patch18_1 + 194 patch18_2 + 195 patch18_3 + 196 patch18_4 + 197 patch18_5 + 198 patch18_6 + 199 patch18_7 + 200 patch19_0 + 201 patch19_1 + 202 patch19_2 + 203 patch19_3 + 204 patch19_4 + 205 patch19_5 + 206 patch19_6 + 207 patch19_7 + 208 patch1a_0 + 209 patch1a_1 + 210 patch1a_2 + 211 patch1a_3 + 212 patch1a_4 + 213 patch1a_5 + 214 patch1a_6 + 215 patch1a_7 + 216 patch1b_0 + 217 patch1b_1 + 218 patch1b_2 + 219 patch1b_3 + 220 patch1b_4 + 221 patch1b_5 + 222 patch1b_6 + 223 patch1b_7 + 224 patch1c_0 + 225 patch1c_1 + 226 patch1c_2 + 227 patch1c_3 + 228 patch1c_4 + 229 patch1c_5 + 230 patch1c_6 + 231 patch1c_7 + 232 patch1d_0 + 233 patch1d_1 + 234 patch1d_2 + 235 patch1d_3 + 236 patch1d_4 + 237 patch1d_5 + 238 patch1d_6 + 239 patch1d_7 + 240 patch1e_0 + 241 patch1e_1 + 242 patch1e_2 + 243 patch1e_3 + 244 patch1e_4 + 245 patch1e_5 + 246 patch1e_6 + 247 patch1e_7 + 248 patch1f_0 + 249 patch1f_1 + 250 patch1f_2 + 251 patch1f_3 + 252 patch1f_4 + 253 patch1f_5 + 254 patch1f_6 + 255 patch1f_7 + 0 patch20_0 + 1 patch20_1 + 2 patch20_2 + 3 patch20_3 + 4 patch20_4 + 5 patch20_5 + 6 patch20_6 + 7 patch20_7 + 8 patch21_0 + 9 patch21_1 + 10 patch21_2 + 11 patch21_3 + 12 patch21_4 + 13 patch21_5 + 14 patch21_6 + 15 patch21_7 + 16 patch22_0 + 17 patch22_1 + 18 patch22_2 + 19 patch22_3 + 20 patch22_4 + 21 patch22_5 + 22 patch22_6 + 23 patch22_7 + 24 patch23_0 + 25 patch23_1 + 26 patch23_2 + 27 patch23_3 + 28 patch23_4 + 29 patch23_5 + 30 patch23_6 + 31 patch23_7 + 32 patch24_0 + 33 patch24_1 + 34 patch24_2 + 35 patch24_3 + 36 patch24_4 + 37 patch24_5 + 38 patch24_6 + 39 patch24_7 + 40 patch25_0 + 41 patch25_1 + 42 patch25_2 + 43 patch25_3 + 44 patch25_4 + 45 patch25_5 + 46 patch25_6 + 47 patch25_7 + 48 patch26_0 + 49 patch26_1 + 50 patch26_2 + 51 patch26_3 + 52 patch26_4 + 53 patch26_5 + 54 patch26_6 + 55 patch26_7 + 56 patch27_0 + 57 patch27_1 + 58 patch27_2 + 59 patch27_3 + 60 patch27_4 + 61 patch27_5 + 62 patch27_6 + 63 patch27_7 + 64 patch28_0 + 65 patch28_1 + 66 patch28_2 + 67 patch28_3 + 68 patch28_4 + 69 patch28_5 + 70 patch28_6 + 71 patch28_7 + 72 patch29_0 + 73 patch29_1 + 74 patch29_2 + 75 patch29_3 + 76 patch29_4 + 77 patch29_5 + 78 patch29_6 + 79 patch29_7 + 80 patch2a_0 + 81 patch2a_1 + 82 patch2a_2 + 83 patch2a_3 + 84 patch2a_4 + 85 patch2a_5 + 86 patch2a_6 + 87 patch2a_7 + 88 patch2b_0 + 89 patch2b_1 + 90 patch2b_2 + 91 patch2b_3 + 92 patch2b_4 + 93 patch2b_5 + 94 patch2b_6 + 95 patch2b_7 + 96 patch2c_0 + 97 patch2c_1 + 98 patch2c_2 + 99 patch2c_3 + 100 patch2c_4 + 101 patch2c_5 + 102 patch2c_6 + 103 patch2c_7 + 104 patch2d_0 + 105 patch2d_1 + 106 patch2d_2 + 107 patch2d_3 + 108 patch2d_4 + 109 patch2d_5 + 110 patch2d_6 + 111 patch2d_7 + 112 patch2e_0 + 113 patch2e_1 + 114 patch2e_2 + 115 patch2e_3 + 116 patch2e_4 + 117 patch2e_5 + 118 patch2e_6 + 119 patch2e_7 + 120 patch2f_0 + 121 patch2f_1 + 122 patch2f_2 + 123 patch2f_3 + 124 patch2f_4 + 125 patch2f_5 + 126 patch2f_6 + 127 patch2f_7 + 128 patch30_0 + 129 patch30_1 + 130 patch30_2 + 131 patch30_3 + 132 patch30_4 + 133 patch30_5 + 134 patch30_6 + 135 patch30_7 + 136 patch31_0 + 137 patch31_1 + 138 patch31_2 + 139 patch31_3 + 140 patch31_4 + 141 patch31_5 + 142 patch31_6 + 143 patch31_7 + 144 patch32_0 + 145 patch32_1 + 146 patch32_2 + 147 patch32_3 + 148 patch32_4 + 149 patch32_5 + 150 patch32_6 + 151 patch32_7 + 152 patch33_0 + 153 patch33_1 + 154 patch33_2 + 155 patch33_3 + 156 patch33_4 + 157 patch33_5 + 158 patch33_6 + 159 patch33_7 + 160 patch34_0 + 161 patch34_1 + 162 patch34_2 + 163 patch34_3 + 164 patch34_4 + 165 patch34_5 + 166 patch34_6 + 167 patch34_7 + 168 patch35_0 + 169 patch35_1 + 170 patch35_2 + 171 patch35_3 + 172 patch35_4 + 173 patch35_5 + 174 patch35_6 + 175 patch35_7 + 176 patch36_0 + 177 patch36_1 + 178 patch36_2 + 179 patch36_3 + 180 patch36_4 + 181 patch36_5 + 182 patch36_6 + 183 patch36_7 + 184 patch37_0 + 185 patch37_1 + 186 patch37_2 + 187 patch37_3 + 188 patch37_4 + 189 patch37_5 + 190 patch37_6 + 191 patch37_7 + 192 patch38_0 + 193 patch38_1 + 194 patch38_2 + 195 patch38_3 + 196 patch38_4 + 197 patch38_5 + 198 patch38_6 + 199 patch38_7 + 200 patch39_0 + 201 patch39_1 + 202 patch39_2 + 203 patch39_3 + 204 patch39_4 + 205 patch39_5 + 206 patch39_6 + 207 patch39_7 + 208 patch3a_0 + 209 patch3a_1 + 210 patch3a_2 + 211 patch3a_3 + 212 patch3a_4 + 213 patch3a_5 + 214 patch3a_6 + 215 patch3a_7 + 216 patch3b_0 + 217 patch3b_1 + 218 patch3b_2 + 219 patch3b_3 + 220 patch3b_4 + 221 patch3b_5 + 222 patch3b_6 + 223 patch3b_7 + 224 patch3c_0 + 225 patch3c_1 + 226 patch3c_2 + 227 patch3c_3 + 228 patch3c_4 + 229 patch3c_5 + 230 patch3c_6 + 231 patch3c_7 + 232 patch3d_0 + 233 patch3d_1 + 234 patch3d_2 + 235 patch3d_3 + 236 patch3d_4 + 237 patch3d_5 + 238 patch3d_6 + 239 patch3d_7 + 240 patch3e_0 + 241 patch3e_1 + 242 patch3e_2 + 243 patch3e_3 + 244 patch3e_4 + 245 patch3e_5 + 246 patch3e_6 + 247 patch3e_7 + 248 patch3f_0 + 249 patch3f_1 + 250 patch3f_2 + 251 patch3f_3 + 252 patch3f_4 + 253 patch3f_5 + 254 patch3f_6 + 255 patch3f_7 + +) Index: dukaqi/senrui/format/regs.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/regs.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/regs.format (working copy) @@ -0,0 +1,195 @@ +( + 0x8000 core_chipid + 0x8001 core_revid + 0x8003 core_kick + 0x8005 core_lpm_wr + 0x8006 core_misc_ctrl + 0x8007 core_otp_rdata + 0x800a core_dma_start + 0x800b core_sbc_clr + 0x8010 core_reset + 0x8011 core_encrypt + 0x8015 core_uart_txd + 0x8022 core_ucode_hi + 0x8023 core_ucode_ctrl + 0x8024 core_ucode_low + 0x8025 core_ucode_data + + 0x8040 core_rthalfslot + 0x8042 core_clksel + 0x8043 core_config + 0x8044 core_sec_rsaddr + 0x8046 core_sec_readdr + 0x8048 core_sec_tsaddr + 0x804a core_sec_teaddr + 0x804c core_lpm_reg + 0x804e core_lpm_isogate + + 0x8100 core_clkn + 0x8104 core_extmclk + 0x8108 core_misc_status + 0x8109 core_debug_baud + 0x810a core_ccnt_counter + 0x810e core_gpio_in + 0x811c core_lpm_ctrl + 0x8123 core_lpm_ldocnt + 0x8124 core_lpm_xtalcnt + 0x8125 core_lpm_buckcnt + 0x8126 core_lpm_switch + 0x8127 core_lpm_buckcfg + 0x8130 core_gpio_wakeup + + + 0x8203 core_ice_ctrl + 0x8204 core_ice_status + 0x8205 core_ice_break0 + 0x8207 core_ice_break1 + + 0x8400 mem_b_box /* entire bank */ + 0x8500 mem_e_box /* entire bank */ + 0x8600 mem_l_box /* entire bank */ + + 0x8700 memk + + 0x8900 rfen_rx + 0x8901 rfen_tx + 0x8902 rfen_mdm + 0x8903 rfen_sn + 0x8904 rfen_msc + 0x8905 rfen_ck + 0x8906 rfen_adc + 0x8912 rf_agc_ctrl + 0x8914 rfen_ulp + 0x8971 rf_adc_mode + 0x8972 rf_adc_gc + 0x8973 rf_adc_ch + + 0x894b rf_rx_vctrl_reg1 + 0x894c rf_rx_vctrl_reg2 + 0x894d rf_rx_ib_lna + 0x894e rf_rx_lna_ctrim + + 0x8950 rf_bpf_ctrim + 0x8951 rf_bpf_ib + 0x8952 rf_adc_rccal + 0x8952 rf_rccal_ctrl + 0x8953 rf_rccal_sel + 0x8955 rf_tx_pa + 0x8956 rf_tx_mix + 0x895f rf_pll_rstn + 0x8964 rf_sdm_en + 0x8960 rf_pll_intg + 0x8961 rf_pll_frac + 0x8963 rf_pll_frachi + 0x896c rf_afc_cap + 0x8967 rf_clkpll_bias + 0x896f rf_clkpll_en + 0x8968 rf_clkpll_int + 0x8969 rf_clkpll_frac + 0x896d rf_balun_ctrim + 0x8972 rf_saradc_ctrl + 0x8973 rfen_chgpump + 0x897a rf_audio_voll + 0x897b rf_audio_volr + 0x897e rfen_aadc + 0x897f rf_audio_pddac0 + 0x8980 rf_audio_pddac1 + 0x8981 rf_audio_dac_ldo + + 0x8990 rf_rccal_result + 0x8991 rf_afc_d2a + 0x8992 rf_rssi + + +0x8c00 core_usb_config +0x8c01 core_usb_int_mask +0x8c04 core_usb_addr +0x8c10 core_usb_trig +0x8c11 core_usb_stall +0x8c12 core_usb_clear +0x8c18 core_usb_ep +0x8c18 core_usb_dfifo0 +0x8c19 core_usb_dfifo1 +0x8c1a core_usb_dfifo2 +0x8c20 core_usb_ep_len +0x8c26 core_usb_status +0x8c27 core_usb_fifo_empty +0x8c28 core_usb_fifo_full + + +4 rx_freq_offset +1 tx_freq_offset + +/* bit difinitions */ + 4 whiteoff_bit + 6 clksel_rc + 5 clksel_dpll + 4 clksel_xtal + 5 adc_rccal + 0 bpf_rccal + 1 demod_clkoff + +( + 7 cold_wake + 3 gpio_latch + 6 enable_retmem + 19 hibernate + 20 xram_switch + 21 pram_switch + 23 isogate + 0xb0 isogate_mask +) + +// misc ctrl +( + 0x04 set_tea_key + 0x08 lock_otp + 0x10 x_sethi + 0x20 y_sethi + 0x40 z_sethi + 0x80 ccnt_start +) + +// dma start +( + 0x01 otpd_start + 0x02 spid_start + 0x04 iicd_start + 0x08 qspi_start +) + +// dma status bit +( + 0 otpd_crcok + 1 otpd_done + 2 spid_crcok + 3 spid_done + 4 iicd_crcok + 5 iicd_done + 6 iicd_ack +) + +// core_misc_status +( + 0 CCNT_DONE + 1 KICKED + 2 SEC_PWRUP +) + +0x8b uart_ctrl_default //BCSP +0x81 uart_ctrl_h4 //H4 +0x81 uart_ctrl_normal +0x81 uart_ctrl_57600 +2 uart_baud_len +0x01 uartclk_dpll +0x1a0 uart_baud_115200 +0xbb uart_baud_256000 +0x340 uart_baud_57600 +0x2dc6c00 uart_clk + +//core_config +( +3 CLOCK_ON_AUTH_ROM +) + + Index: dukaqi/senrui/format/rfcomm.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/rfcomm.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/rfcomm.format (working copy) @@ -0,0 +1,391 @@ +/*****************************************************************************/ +/* RCS HEADER -- DO NOT ERASE */ +/* $Author: Administrator $ */ +/* $Id: bt_rfcomm_format.upper,v 1.1 2009-09-28 04:06:17 Administrator Exp $ */ +/* Orisil Technology */ +/*****************************************************************************/ + +/**********/ +/* memory */ +/**********/ + +memalloc( +1 memRemoteRPNBitRate +1 memRemotePRNDataBits +1 memRemotePRNStopBit +1 memRemotePRNParity +1 memRemotePRNFlowControl +1 memRemotePRNXon +1 memRemotePRNXoff + + +3 mem_mod2div_temp +2 mem_contw_temp +2 mem_attrib_list + +//rfcomm head +1 mem_current_adss +1 mem_current_channel +1 mem_current_frame_type +1 mem_current_fcs +2 mem_current_length +2 mem_rfcomm_uih_payload_ptr + +//rfcomm uih +1 mem_uih_cmd_type +2 mem_uih_length +2 mem_param_payload_ptr + + +//rfcomm modem status +1 mem_ms_param + +//rfcomm pn +1 mem_pn_credit_flow_type_info +1 mem_pn_priority +1 mem_pn_acknowledg_timer +1 mem_pn_max_retrans + +1 mem_rfcomm_send_adss +1 mem_rfcomm_send_frame_type +1 mem_rfcomm_send_fcs +1 mem_rfcomm_send_offset + +) + +xmemalloc( +1 mem_pn_dlci +2 mem_pn_max_frame_size + +1 memFCStemp1 +1 memFCStemp2 +1 memFCStemp3 + +1 mem_rfcomm_initiator + +1 mem_remote_spp_channel + +1 mem_HIUfcs_SPP +1 mem_HIUfcs_SPP_WCredits + +1 mem_rfcomm_send_more_pkt + +1 mem_remote_credits +1 mem_credit_given + +//rfcomm modem status +1 mem_ms_channel + +1 mem_credit_flag + +2 mem_rfcomm_max_frame_size +1 mem_rfcomm_credit_init_data + +2 mem_cb_receive_spp_data + +2 mem_nl_rx_data_src +2 mem_nl_rx_len_all +) + + +( +0 CREDIT_DISABLE +1 CREDIT_ENABLE +) + + +/************************************************************************/ + + + +/************/ +/* constant */ +/************/ + +/* RFCOMM state for Headset (memRFCOMM_State) */ + ( + 0 RFCOMM_IDLE /* before the responsor HS receive SABM */ + 1 RFCOMM_W4_DLCI0_OPEN + 2 RFCOMM_W4_DLCI0_CLOSE + 3 RFCOMM_START_DLCI0 /* After respond SABM frame (DLCI=0) */ + 4 RFCOMM_W4_DLCI_OPEN + 5 RFCOMM_W4_DLCI_CLOSE + 6 RFCOMM_DLCI_OPENED + + ) + +/* RFCOMM timer constants */ + ( + 1000 RFCOMM_T1 /* Used by SABM and DISC frames,100*20ms = 20s */ + 1000 RFCOMM_T2 /* Used by commands send in UIH on DLCI0, */ + 300 RFCOMM_T3_RINGON /* 6s for ring fade time */ + + ) + +/* Command Type */ + ( + 0x3F RSP_RX_SABM /*responsor expect SABM from initiator */ + 0x3F INI_TX_SABM + + 0x73 RSP_TX_UA /*responsor send out UA command */ + 0x73 UA_WFBIT_SET /* UA control field with F bit set */ + + 0xEF RSP_RX_UIH /*responsor expect UIH from initiator */ + + 0xEF RSP_TX_UIH /*responsor send UIH to initiator */ + + 0x1F RSP_TX_DM /*responsor send DM to initiator */ + 0x1F DM_WFBIT_SET /* DM control field with F bit set */ + 0x0F DM_WFBIT_CLEAR /* DM control field with F bit clear */ + + 0x53 RSP_RX_DISC /*responsor expect DISC from initiator */ + 0x53 INI_TX_DISC /*initiator send DISC control type command */ + + 0xFF RSP_RX_UIH_WDATA /*UIH data with credit flow control info */ + + + ) + +/* Multiplexor commands and responses frames */ + ( + 0x83 PN_COMMAND /* Bit 0 EA C/R Type = 000001 */ + 0x81 PN_RESPONSOR /* Bit 0 EA C/R Type = 000001 */ + + 0xE3 MSC_COMMAND /* Bit 0 EA C/R Type = 000111 */ + 0xE1 MSC_RESPONSOR + + 0x13 NSC_COMMAND /* Bit 0 EA C/R Type = 001000 */ + 0x11 NSC_RESPONSOR /* Bit 0 EA C/R Type = 001000 */ + + 0x23 TEST_COMMAND /* Bit 0 EA C/R Type = 000111 */ + 0x21 TEST_RESPONSOR + + 0x93 RPN_COMMAND /* Bit 0 EA C/R Type = 001001 */ + 0x91 RPN_RESPONSOR + + 0x53 RLS_COMMAND /* Bit 0 EA C/R Type = 001010 */ + 0x51 RLS_RESPONSOR + + 0xA3 FCON_COMMAND /* Bit 0 EA C/R Type = 000101 */ + 0xA1 FCON_RESPONSOR + + 0x63 FCOFF_COMMAND /* Bit 0 EA C/R Type = 000110 */ + 0x61 FCOFF_RESPONSOR + + 0x03 RLS_OVERRUN + 0x05 RLS_PARITY_ERROR + 0x09 RLS_FRAMING_ERROR + ) + +/* memLocalCredit */ + ( + 0x01 RFCOMM_CREDIT + ) + + ( + 0x007f RFCOMM_MAX_FRAME_SIZE + ) + +/* UIH received Data length */ + ( + 0 LENGTH_ZERO + + 6 LENGTH_OK + 7 LENGTH_HOT + 8 LENGTH_RING + 9 LENGTH_ERROR + 9 LENGTH_AGVOL_ONEBYTE + 10 LENGTH_AGVOL_TWOBYTE + 10 LENGTH_VOL_ONEBYTE + 11 LENGTH_VOL_TWOBYTE + 12 LENGTH_BRSF + 13 LENGTH_PLUS_CIEV + 15 LENGTH_INBANDRING + 14 LENGTH_CIEV_CALL + 17 LENGTH_CRING + 20 LENGTH_BRSF_OK + 24 LENGTH_CIND0 + 28 LENGTH_CIEV_TWO + 32 LENGTH_CIND_OK + 59 LENGTH_CIND_OK2 + 100 LENGTH_DISCARD + ) + +/************/ +/* flags */ +/************/ + +/* memRFCOMM_L2CAP_Interface */ + ( + 0 RFCOMM_TX_W4BUF_FLAG /* Wait for Tx buffer empty flag */ + 1 RFCOMM_CLOSE_LINK_FLAG + ) + + + +/* memRemoteMSC */ + ( + 0 MSC_EA_BIT + 1 MSC_FC_BIT + 2 MSC_RTC_BIT + 3 MSC_RTR_BIT + 6 MSC_IC_BIT + 7 MSC_DV_BIT + ) + +/* memRemoteRLS */ + ( + 0x0C OVERRUN_ERROR + 0x0A PARITY_ERROR + 0x09 FRAMING_RERROR + ) + +/* memRemoteRPNBitRate */ + ( + 0x00 BITS2400 + 0x01 BITS4800 + 0x02 BITS7200 + 0x03 BITS9600 + 0x04 BITS19200 + 0x05 BITS38400 + 0x06 BITS57600 + 0x07 BITS115200 + 0x08 BITS230400 + ) + +/* memRemotePRNDataBits */ + ( + 0x00 DATABITS5 + 0x01 DATABITS6 + 0x02 DATABITS7 + 0x03 DATABITS8 + ) + +/* memRemotePRNStopBit */ + ( + 0 ONESTOP + 1 ONEHALFSTOP + ) + +/* memRemotePRNParity */ + ( + 0 ODDPARITY + 1 EVENPARITY + 2 MARKPARITY + 3 SPACEPARITY + + 7 PARITY_ENABLE_BIT + ) + +/* RPN bit mask(in) */ + ( + 0 BIT_RATE_MASK_BIT + 1 DATA_BITS_MASK_BIT + 2 STOP_BITS_MASK_BIT + 3 PARITY_MASK_BIT + 4 PARITY_TYPE_MASK_BIT + 5 XON_CHAR_MASK_BIT + 6 XOFF_CHAR_MASK_BIT + ) + +/* RPN bit mask(in) 2 */ + ( + 0 XON_XOFF_INPUT_MASK_BIT + 1 XON_XOFF_OUTPUT_MASK_BIT + 2 RTR_INPUT_MASK_BIT + 3 RTR_OUTPUT_MASK_BIT + 4 RTC_INPUT_MASK_BIT + 5 RTC_OUTPUT_MASK_BIT + + ) + +/* memRFCOMM_Request */ + ( + 0 SEND_MSC_CMD_REQ_FLAG + 1 SEND_AT_CKPD_REQ_FLAG + 2 SEND_RING_REQ_FLAG + 3 SEND_SABM_CMD + ) + +/* memRFCOMM_Misc_Flag */ + ( + 0 MSC_CDM_ALREADY_SEND_FLAG + 1 CREDIT_FLOW_USED_FLAG + 2 DONT_EMBEDDED_CREDIT_FLAG + 3 MSC_EXCHANGE_DONE_FLAG + 4 FLOW_CONTROL_FCOFF_BIT /* set when receive FCoff, clear when FCon */ + ) + +/* memRemoteMSC */ + ( + 1 FLOW_CONTROL_FC_BIT /* received MSC FC bits */ + + ) +/* Address filed */ + ( + 0 ADDR_EA_BIT + 1 ADDR_CR_BIT + 2 ADDR_D_BIT + ) +//should be same as descripted in SDP +( + 1 SPP_SLAVE_CHANNEL + 7 OBEX_SERVER_CHANNEL + 8 HF_SERVER_CHANNEL + 9 HS_SERVER_CHANNEL +) +/* memRFCOMM_Flag */ +( + 0 USING_HF_PROFILE + 1 USING_HS_PROFILE + 2 USING_SPP_PROFILE +) +/*RFCOMM Frame Type*/ +( + 0x3f RFCOMM_FRAME_TYPE_SABM + 0x73 RFCOMM_FRAME_TYPE_UA + 0xEF RFCOMM_FRAME_TYPE_UIH + 0xFF RFCOMM_FRAME_TYPE_UIH_CREDITS + 0x53 RFCOMM_FRAME_TYPE_DISCONN +) +/*RFCOMM UIH CMD TYPE*/ +( + 0x41 UIH_PARAM_NEG_CMD + 0x40 UIH_PARAM_NEG_RES + 0x49 UIH_PARAM_CMD_REMOVE_PORT + 0x71 UIH_MODEM_STATUS_CMD + 0x70 UIH_MODEM_STATUS_RES +) + +/*bits in rfcomm address*/ +( + 0 RFCOMM_ADDRESS_EXT_LEN + 1 RFCOMM_ADDRESS_CR + 2 RFCOMM_ADDRESS_DERECTION + + +) + + ( + 0 RFCOMM_CHANNEL_STATE_PN_CMD + 1 RFCOMM_CHANNEL_STATE_PN_RES + 2 RFCOMM_CHANNEL_STATE_SABM + 3 RFCOMM_CHANNEL_STATE_UA + 4 RFCOMM_CHANNEL_STATE_SND_MS_CMD + 5 RFCOMM_CHANNEL_STATE_RCV_MS_CMD + 6 RFCOMM_CHANNEL_STATE_SND_MS_RES + 7 RFCOMM_CHANNEL_STATE_RCV_MS_RES + 0xff RFCOMM_CHANNEL_SETUP_COMPLETE + ) + + /*mem_rfcomm_send_more_pkt*/ + ( + 1 MORE_PKT_MSC_CMD_HF + 2 MORE_PKT_MSC_CMD_HS + 3 MORE_PKT_MSC_CMD_SPP + 4 MORE_PKT_MSC_CMD_OBEX + ) + + ( + 127 RFCOMM_MALLOC_SIZE + ) \ No newline at end of file Index: dukaqi/senrui/format/sdp.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/sdp.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/sdp.format (working copy) @@ -0,0 +1,70 @@ + +memalloc( +0 mem_sdp_mem_start +8 mem_sdp_uuid_search_ptr +2 mem_sdp_continue_byte +1 mem_sdp_pduid +2 mem_sdp_transactionid +2 mem_sdp_transactionid_local +2 mem_sdp_attribute_maxbyte +2 mem_sdp_record_maxcnt +4 mem_sdp_record_handle +1 mem_sdp_LACAP_found +1 mem_sdp_RFCOMM_found +0 mem_sdp_handle_list +32 mem_sdp_attrib_list +2 mem_sdp_error_code +2 mem_sdp_all_length +1 mem_handle_humber +2 mem_search_uuid +0 mem_sdp_mem_end +) +xmemalloc( +2 mem_ui_uuid_table +22 mem_all_uuid_16bits +34 mem_all_uuid_128bits +2 mem_sdp_l2capch_ptr +) +( +0 AGORHS_SERVICE +1 GENAUDIO_SERVICE +2 HANDSFREE_SERVICE +) +( +0 ATTRIBUTEID_0000 +1 ATTRIBUTEID_0001 +2 ATTRIBUTEID_0004 +3 ATTRIBUTEID_0009 +4 ATTRIBUTEID_0100 +5 ATTRIBUTEID_0302 +6 ATTRIBUTEID_0006 +7 ATTRIBUTEID_0311 +) + +( +0x01 SDP_ERROR_RES +0x02 SDP_SEARCH_REQ +0x03 SDP_SEARCH_RES +0x04 SDP_ATTRIBUTE_REQ +0x05 SDP_ATTRIBUTE_RES +0x06 SDP_SEARCHATTRIB_REQ +0x07 SDP_SEARCHATTRIB_RES +) +0x2600 sdp_max_amount +250 SDP_MALLOC_SIZE +0x6e sdp_tid_spp //any number + +( +0x1f11 SDP_UUID_HS_AUDIO_GATEWAY +) + +( +0X09 SDP_ATTRIBUTE_ID +0x0a SDP_ATTRIBUTE_RANGE +) + +(//mem_sdp_handle_list +7 SDP_MAX_HANDLE_NUMBER +) + + Index: dukaqi/senrui/format/security.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/security.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/security.format (working copy) @@ -0,0 +1,141 @@ + +memalloc( +/* moved from bt.format for 3dh5 1021bytes packet buffer */ +17 mem_rxbuf + +16 mem_random_number +16 mem_round_key +16 mem_kinit + +16 mem_input_store +16 mem_x +15 mem_y +1 mem_y15 +17 mem_key_store +1 mem_key_store_end +2 memp_ar_key +2 memp_ar_input +10 mem_ar_hround + + +1 mem_ec_infinite +2 mem_ec_loopc +1 mem_aes_cmac_data_length + +0 memdat +/* ecc calculation */ + +24 mem_ax +24 mem_ay +24 mem_az +24 mem_bx +0 mem_ax_256 //32 bytes +24 mem_by +8 mem_bz +16 mem_ay_256 // 32 bytes +16 mem_cx +8 mem_az_256 // 32 bytes +23 mem_cy +1 mem_cy5 +0 mem_bx_256 // 32 bytes +24 mem_cz +8 mem_k +16 mem_by_256 // 31 bytes +16 mem_align + +0 mem_bz_256 //32 bytes +0 mem_tmp1 +24 memahbak +8 mem_tmp5 +0 mem_cx_256 //32 bytes +16 memahsave +16 mem_tmp2 +0 mem_cy_256 // 32 bytes +0 memahsave_end +1 mem_addr_padding +7 mem_addr_value /* 12 bytes */ +0 mem_tmp3 +5 mem_t1 +3 mem_addr_value_end +15 mem_addr_iocap_end +1 mem_cy5_256 // 1 byte +0 mem_cz_256 // 32 bytes +0 mem_tmp0 +8 mem_t0 +16 mem_tmp0a +8 mem_t2 +16 mem_k_256 //32 bytes +16 mem_t3 +8 mem_tmp1_256 //32 bytes +24 mem_t7 + + +32 mem_tmp5_256 +32 mem_tmp2_256 +0 mem_tmp3_256 +32 mem_t1_256 +0 mem_tmp0_256 +32 mem_t0_256 +32 mem_t2_256 +32 mem_t3_256 +32 mem_t7_256 + +24 mem_p +24 mem_a +24 mem_b +24 mem_gx +24 mem_gy +32 memh0 + +//p256 +//2 mem_ec_loopc_256 +//32 mem_ax_256 +//32 mem_ay_256 +//32 mem_az_256 +//32 mem_bx_256 +//32 mem_by_256 +//32 mem_bz_256 +//32 mem_cx_256 +//31 mem_cy_256 +//1 mem_cy5_256 +//32 mem_cz_256 +//32 mem_k_256 + + +//32 mem_tmp1_256 +//32 mem_tmp5_256 +//32 mem_tmp2_256 + +//0 mem_tmp3_256 +//32 mem_t1_256 +//0 mem_tmp0_256 +//32 mem_t0_256 +//32 mem_t2_256 +//32 mem_t3_256 +//32 mem_t7_256 + +32 mem_p_256 +32 mem_a_256 +32 mem_gx_256 +32 mem_gy_256 +//4 mem_le_keyid +16 mem_le_slat + + +//64 mem_regext +//1 mem_regext_index + +//16 mem_le_mackey + + +//1 mem_AES_CMAC_flag +//16 mem_AES_CMAC_temp +//16 mem_AES_CMAC_M_last + +//4 mem_le_gkey + +//16 mem_le_r + +) + + Index: dukaqi/senrui/format/simple_pairing.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/simple_pairing.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/simple_pairing.format (working copy) @@ -0,0 +1,188 @@ +/* simple pairing page */ + +memalloc( + +//4 mem_hci_ssp_mode +0 mem_sp_state_start +1 mem_sp_state +1 mem_master_sp_state +1 mem_sp_flag +1 mem_master_sp_flag +1 mem_sp_calc +1 mem_sp_dh_ready +1 mem_sp_localsm +1 mem_pairing_auth + +0 mem_sp_flag_start +1 mem_sp_local_key_send_count +1 mem_sp_remote_key_recv_count +1 mem_sp_remote_key_invalid +1 mem_sp_dhkey_invalid + + +4 mem_gkey + + +8 mem_le_pubkey_remote_x_256 +0 mem_sp_pubkey_remote +24 mem_sp_pubkey_remote_x +0 mem_sp_pubkey_remote_x_end +8 mem_le_pubkey_remote_y_256 +24 mem_sp_pubkey_remote_y + +8 mem_le_dhkey_256 +24 mem_sp_dhkey +0 mem_sp_dhkey_end + +16 mem_sp_random_local +0 mem_sp_random_local_end +16 mem_sp_random_remote +0 mem_sp_random_remote_end +0 memresult +0 mem_sp_calc_result +4 memh +4 memg +4 memf +4 meme +0 mem_sp_calc_result_high +4 memd +4 memc +4 memb +4 mema +16 mem_sp_check_result +16 mem_sp_confirm_remote +16 mem_sp_prarm_stack +) + +xmemalloc( +1 mem_sp_local_key_invalid + + +32 mem_le_private_key_256 +32 mem_le_pubkey_local_x_256 +32 mem_le_pubkey_local_y_256 + +24 mem_sp_private_key +0 mem_sp_pubkey_local +24 mem_sp_pubkey_local_x +0 mem_sp_pubkey_local_x_end +24 mem_sp_pubkey_local_y + +1 mem_ssp_enable +3 mem_sp_iocap_local +3 mem_sp_iocap_remote + +1 mem_flag_mode_ssp_pin +1 mem_ssp_mode_flag +1 mem_authentication_passkey_times +1 mem_passkey_1bit +1 mem_flag_pairing_state + +) +/* simple pairing status flag */ +( + 0x00 SP_FLAG_STANDBY + 0x01 SP_FLAG_COMMIT + 0x02 LE_SP_FLAG_COMMIT_256 + +) + +/* simple pairing calc flag */ +( + 0x00 SP_CALC_STANDBY + 0x01 SP_CALC_PUBKEY + 0x02 SP_CALC_DHKEY + 0x03 SP_CALC_PUBKEY_256 + 0x04 SP_CALC_DHKEY_256 +) + +/* simple pairing state */ +( + 0x00 SP_STAT_NULL + 0x01 SP_STAT_KEY_RECV + 0x02 SP_STAT_KEY_GENERATE + 0x03 SP_STAT_KEY_SEND + 0x04 SP_STAT_COMMIT_CALC + 0x05 SP_STAT_COMMIT_SEND + 0x06 SP_STAT_RANDOM_RECV + 0x07 SP_STAT_RANDOM_SEND + 0x08 SP_STAT_CONFIRM_RECV + 0x09 SP_STAT_CONFIRM_CHECK + 0x0A SP_STAT_CONFIRM_CALC + 0x0B SP_STAT_CONFIRM_SEND + 0x0C SP_STAT_LINK_KEY_CALC + 0x0F SP_STAT_DONE + 0x10 SP_STAT_FEATURE_EXT_SEND + 0x11 SP_STAT_GKEY_CALC + /*simple pairing master only*/ + 0x12 SP_MASTER_STAT_START_SKIP + 0x13 SP_MASTER_STAT_START_DONE + 0x14 SP_STAT_COMMITMENT_COMPARE + 0x15 SP_STATE_END +) + + +/* simple paring invalid flag */ +( + 0x00 SP_KEY_INVALID + 0x01 SP_KEY_VALID + 0x03 SP_KEY_VALID_256 + +) + +/* encapsulated defination for P-192 key */ +( + 0x01 ENCAPSULATED_MAJOR_TYPE_P192 + 0x01 ENCAPSULATED_MINOR_TYPE_P192 + 0x30 ENCAPSULATED_LEN_P192 +) + +/* bluetooth 2.1 support flag */ +( + 0x00 SIMPLE_PAIRING_ENABLE + 0x01 ENCRYPTION_PAUSE_ENABLE + 0x02 EXTENDED_INQUIRY_RESPOSE_ENABLE + 0x03 SNIFF_SUBRATING_ENABLE +) + +/*mem_sp_localsm*/ +( + 0x00 DEFAULT_STATEMACHINE + 0x01 LOCAL_STATEMACHINE +) + +( + 0x00 DEFALT_PAIRING_AUTH + 0x01 PAIRING_AUTH +) + +( +1 SSP_MODE_SSP_PIN_FLAG +2 SSP_MODE_PASSKEY_ENTRY_FLAG +3 SSP_MODE_JUST_WORK_FLAG +) + +(//ssp mode +0x040003 SSP_MODE_JUST_WORK_IO_CAP_DATA +0X040001 SSP_MODE_SSP_PIN_IO_CAP_DATA +0X040002 SSP_MODE_PASSKEY_IO_CAP_DATA +) + +( +0x00 DISPLAY_ONLY +0x01 DISPLAY_YESNO +0x02 KEYBOARD_ONLY +0x03 NO_INPUT_NO_OUTPUT +) + +( +7 FLAG_MODE_SSP_PIN_REVICEVE_COMPARISON_BIT +6 FLAG_MODE_SSP_PIN_RECIEVE_DHKEY_BIT +0 FLAG_MODE_SSP_PIN_COMPARISON_RESULT_BIT +) +( +1 FLAG_PAIRING_STATE_PAIRING +0 FLAG_PAIRING_STATE_NOT_PAIRING +) + + Index: dukaqi/senrui/format/ui.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/ui.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/ui.format (working copy) @@ -0,0 +1,421 @@ +/*****************************************************************************/ +/* RCS HEADER -- DO NOT ERASE */ +/* $Author: Administrator $ */ +/* $Id: bt_ui_format.upper,v 1.1 2009-09-28 04:06:17 Administrator Exp $ */ +/************************************************************************/ + + + /* ========= memory ============== */ +memalloc( +2 mem_UI_data_txbuff_length + +1 mem_ipc_skip_continue_proc +0 mem_ui_timer_temp //length 4 +4 mem_ipc_rega_temp +) + +xmemalloc( +//UI Work area +1 mem_ipc_lock_bt +1 mem_ipc_lock_c51 +8 mem_ipc_fifo_bt2c51 +8 mem_ipc_fifo_c512bt + +4 mem_ui_timer_last_btclk +2 mem_discovery_timeout_timer_count +1 mem_hid_handshake_timer_count +1 memui_reconnect_mode +2 mem_ui_state_map + +//UI Config area +1 mem_ui_profile_supported +2 mem_discovery_timeout +1 mem_pin_length +16 mem_pin + +) +/************/ +/* constant */ +/************/ + +//mem_ui_state_map +( +0 UI_STATE_BT_CONNECTED +1 UI_STATE_BT_SETUP_COMPLETE +2 UI_STATE_BT_HID_CONN +3 UI_STATE_BT_HID_HANDSHAKE +4 UI_STATE_BT_SPP_CONN +5 UI_STATE_BT_SNIFF +6 UI_STATE_BT_DISCOVERY +7 UI_STATE_BT_RECONNECT +8 UI_STATE_BT_SLAVE_ROLE +9 UI_STATE_BLE_CONNECTED +10 UI_STATE_BLE_WRITE_RCV +11 UI_STATE_BLE_ADV +) + +( +1 UI_STATE_SPP_NL_AUTO_DISCOVER + +) + +/* UI state for Headset (memui_HS_State) */ + ( + 0 UI_HEADSET_DISCONNECT + 1 UI_HEADSET_IDLE /* before the responsor HS receive SABM */ + 2 UI_HEADSET_W4CONNECT + 3 UI_HEADSET_RINGING + 4 UI_HEADSET_CONNECTED + 5 UI_HEADSET_PARING + ) +/* memui_BB_State */ +( + 0 UI_BB_OFF + 1 UI_BB_IDLE + 2 UI_BB_DISCOVERY + 3 UI_BB_CONNECTED_ACTIVE_NO_SCO + 4 UI_BB_CONNECTED_ACTIVE_WITH_SCO + 5 UI_BB_CONNECTED_ACTIVE_WAIT_SNIFF + 6 UI_BB_CONNECTED_SNIFF + 7 UI_BB_RECONNECT + 8 UI_BB_CONNECTED_SNIFF_WITH_SCO +) + +/************/ +/* flags */ +/************/ + +/* memui_Misc_Flags */ + ( + 5 NO_IDLE_TURN_OFF + 7 ANSWER_RING_FLAG /* 1 Answer,0 no*/ + ) + +/* mem_UI_SCH_Interface */ + ( + 0 UI_HS_PAIRING + 2 UI_REQ_CLOSE_RFCOMM + 3 UI_LINK_LOST + 4 UI_REQ_OPEN_SCO + 6 UI_REQ_CLOSE_SCO + ) + +/* memui_PassOverKey */ + ( + 0 ANSWER_RING_BIT + 0 AG_SEND_RING_BIT + 1 VOL_UP_BIT + 2 VOL_DOWN_BIT + 3 INI_CALL_BIT + 4 DAIL_LAST_CALL + 5 END_CALL_BIT + 6 NOKIA_VOICE_ACTIVE + 7 REJECT_CALL_BIT + ) + +/* memui_reconnect_mode */ +( + 0 NO_RECONNECTION + 1 RECONNECT_HID + 2 RECONNECT_HF + 3 RECONNECT_HS + 4 RECONNECT_HID_HF + 5 RECONNECT_HID_HS +) +/* memui_Commands */ +( +0 BT_CMD_STANDBY +1 BT_CMD_START_DISCOVERY +2 BT_CMD_STOP_DISCOVERY +3 BT_CMD_RECONNECT +4 BT_CMD_DISCONNECT +5 BT_CMD_ENTER_SNIFF +6 BT_CMD_EXIT_SNIFF +7 BT_CMD_ENTER_SNIFF_SUBRATING +8 BT_CMD_EXIT_SNIFF_SUBRATING +9 BT_CMD_SNIFF_TEST +10 BT_CMD_SET_PIN_CODE +11 BT_CMD_START_INQUIRY +12 BT_CMD_STOP_INQUIRY +13 BT_CMD_START_ADV +14 BT_CMD_STOP_ADV +15 BT_CMD_START_DIRECT_ADV +16 BT_CMD_STOP_DIRECT_ADV +17 BT_CMD_LE_DISCONNECT +18 BT_CMD_LE_UPDATE_CONN +19 BT_CMD_LED_OFF +20 BT_CMD_LED_ON +21 BT_CMD_LED_BLINK +22 BT_CMD_LE_START_CONN +23 BT_CMD_LE_START_SCAN +24 BT_CMD_LE_STOP_SCAN +25 BT_CMD_ENTER_HIBERNATE +27 BT_CMD_LE_SMP_SECURITY_REQUEST +29 BT_CMD_ROLE_SWITCH +30 BT_CMD_BB_RECONN_CANCEL +31 BT_CMD_STORE_RECONN_INFO_LE +32 BT_CMD_STORE_RECONN_INFO_BT +33 BT_CMD_DHKEY_NOT_ACCEPT +34 BT_CMD_START_24G +35 BT_CMD_STOP_24G +36 BT_CMD_PAIR_24G +37 BT_CMD_STORE_RECONN_INFO +) + +( +0x00 BT_EVT_NULL +0x01 BT_EVT_BB_CONNECTED +0x02 BT_EVT_BB_DISCONNECTED +0x03 BT_EVT_RECONN_STARTED +0x04 BT_EVT_RECONN_FAILED +0x05 BT_EVT_SETUP_COMPLETE +0x06 BT_EVT_HID_CONNECTED +0x07 BT_EVT_HID_DISCONNECTED +0x08 BT_EVT_SPP_CONNECTED +0x09 BT_EVT_SPP_DISCONNECTED +0x0A BT_EVT_PINCODE_REQ +0x0B BT_EVT_ENTER_SNIFF +0x0C BT_EVT_EXIT_SNIFF +0x0D BT_EVT_ENTER_SNIFF_SUB +0x0E BT_EVT_EXIT_SNIFF_SUB +0x0F BT_EVT_DISCOVERY_STOPED +0x10 BT_EVT_BUTTON_LONG_PRESSED +0x12 BT_EVT_HID_HANDSHAKE +0X13 BT_EVT_RECONN_PAGE_TIMEOUT +0x14 BT_EVT_LE_CONNECTED +0X15 BT_EVT_LE_DISCONNECTED +0x16 BT_EVT_ML2CAP_CONN_REFUSED +0x17 BT_EVT_BUTTON_ENTER_HIBERNATE +0x18 BT_EVT_LINKKEY_GENERATE +0x19 BT_EVT_SWITCH_NOT_ACCEPT +0x20 BT_EVT_SWITCH_ACCEPT +0x21 BT_EVT_SNIFF_NOT_ACCEPT +0x22 BT_EVT_SNIFF_ACCEPT +0x23 BT_EVT_UNSNIFF_ACCEPT +0x24 BT_EVT_UNSNIFF_NOT_ACCEPT +0x25 BT_EVT_BUTTON_ADJUST_DPI +0x26 BT_EVT_SEND_UNSNIFF_ACCEPT +0x27 BT_EVT_VIRTUAL_CABLE_UNPLUG +0x28 BT_EVT_LE_WRITE_REQUEST +0x29 BT_EVT_LE_ENC_INFO +0x2a BT_EVT_SWITCH_FAIL_MASTER +0x2b BT_EVT_SWITCH_SUCCESS_MASTER +0x2c BT_EVT_BUTTON_DOWN +0x2d BT_EVT_BUTTON_UP +0x2e BT_EVT_REMOTE_UNSNIFF +0x30 BT_EVT_LE_PAIRING_FAIL +0x31 BT_EVT_LE_PAIRING_SUCCESS +0x32 BT_EVT_LE_START_ENC +0X33 BT_EVT_LE_PAUSE_ENC +0X34 BT_EVT_LE_TK_GENERATE +0x35 BT_EVT_BT_GKEY_GENERATE +0x36 BT_EVT_BT_GET_PASSKEY +0x37 BT_EVT_BT_PAIRING_FAIL +0x38 BT_EVT_BT_PAIRING_SUCCESS +0x39 BT_EVT_24G_PAIRING_COMPLETE +0x3a BT_EVT_24G_ATTEMPT_FAIL +0x3b BT_EVT_LE_GKEY_GENERATE +0x3c BT_EVT_24G_ATTEMPT_SUCCESS +0x3d BT_EVT_STORE_NVRAM +0x3e BT_EVT_LE_PAIRING_COMPLETE +0x3F BT_EVT_LE_RECONNECT_COMPLETE +0x40 BT_EVT_LE_PARSE_CONN_PAPA_UPDATE_RSP +0x41 BT_EVT_LE_LTK_LOST +) +//switch +( +0 OFF +1 ON +) +/* memui_mem_lock */ +( + 0 MEM_UNLOCK + 1 MEM_LOCK +) +/* memui_flag0 */ +( + 0 UI_USER_DATA_FLAG + 1 UI_WII_WAITING_SLEEP + 2 UI_KEYBOARD_SNIFF_SKIP +) +/* mem_master_type */ +( + 0 MTYPE_HID_DEFAULT + 1 MTYPE_HID_SSP + 2 MTYPE_SPP +) + + ( + 0x01 RECIEVE_SDP_CONN_RES + 0x02 RECIEVE_SDP_CFG_REQ + 0x03 RECIEVE_SDP_CFG_RES + 0x04 RECIEVE_RFCOMM_CONN_RES + 0x05 RECIEVE_RFCOMM_CFG_REQ + 0x06 RECIEVE_RFCOMM_CFG_RES + 0x07 RECIEVE_HID_CTRL_CONN_RES + 0x08 RECIEVE_HID_CTRL_CFG_REQ + 0x09 RECIEVE_HID_CTRL_CFG_RES + 0x0A RECIEVE_HID_INT_CONN_RES + 0x0B RECIEVE_HID_INT_CFG_REQ + 0x0C RECIEVE_HID_INT_CFG_RES + 0x0D RECIEVE_AVCTP_CONN_RES + 0x0E RECIEVE_AVCTP_CFG_REQ + 0x0F RECIEVE_AVCTP_CFG_RES + 0x10 RECIEVE_AVDTP_SIGNAL_CONN_RES + 0x11 RECIEVE_AVDTP_SIGNAL_CFG_REQ + 0x12 RECIEVE_AVDTP_SIGNAL_CFG_RES + 0x13 RECIEVE_AVDTP_MEDIA_CONN_RES + 0x14 RECIEVE_AVDTP_MEDIA_CFG_REQ + 0x15 RECIEVE_AVDTP_MEDIA_CFG_RES + 0x16 RECIEVE_SS_REASULT_HS + 0x17 RECIEVE_SS_REASULT_HF + 0x18 RECIEVE_SS_REASULT_AVTARG + 0x19 RECIEVE_SS_REASULT_OBEX + 0x1A RECIEVE_DLCI0_UA + 0x1B RECIEVE_HS_PARAM_NEG_RES + 0x1C RECIEVE_HS_UA + 0x1D RECIEVE_HS_MODEM_STATUS_RES + 0x1E RECIEVE_HS_MODEm_STATUS_CMD + 0x1F RECIEVE_HF_PARAM_NEG_RES + 0x20 RECIEVE_HF_UA + 0x21 RECIEVE_HF_MODEM_STATUS_RES + 0x22 RECIEVE_HF_MODEm_STATUS_CMD + 0x23 RECIEVE_OBEX_PARAM_NEG_RES + 0x24 RECIEVE_OBEX_UA + 0x25 RECIEVE_OBEX_MODEM_STATUS_RES + 0x26 RECIEVE_OBEX_MODEm_STATUS_CMD + 0x27 RECIEVE_SPP_PARAM_NEG_RES + 0x28 RECIEVE_SPP_UA + 0x29 RECIEVE_SPP_MODEM_STATUS_RES + 0x2A RECIEVE_SPP_MODEm_STATUS_CMD + 0x2b RECIEVE_SDP_DISCONN_RES + ) + + + + ( + 0 UPPERSM_RP_IDLE + 1 UPPERSM_RP_SDP_CONN + 2 UPPERSM_RP_SDP_CONN_WAIT + 3 UPPERSM_RP_SDP_CFG + 4 UPPERSM_RP_SDP_CFG_WAIT + 5 UPPERSM_RP_SS_AVTARG + 6 UPPERSM_RP_SS_AVTARG_WAIT + 7 UPPERSM_RP_SS_OBEX + 8 UPPERSM_RP_SS_OBEX_WAIT + 9 UPPERSM_RP_SDP_DISCONN + 10 UPPERSM_RP_SDP_DISCONN_WAIT + 11 UPPERSM_RP_AVDTP_CONN_WAIT + 12 UPPERSM_RP_AVCTP_CONN + 13 UPPERSM_RP_AVCTP_CONN_WAIT + 14 UPPERSM_RP_AVCTP_CFG + 15 UPPERSM_RP_AVCTP_CFG_WAIT + 16 UPPERSM_RP_OBEX_CMD_PN + 17 UPPERSM_RP_OBEX_CMD_PN_WAIT + 18 UPPERSM_RP_OBEX_SABM + 19 UPPERSM_RP_OBEX_SABM_WAIT + 20 UPPERSM_RP_OBEX_CMD_MS + 21 UPPERSM_RP_OBEX_CMD_MS_WAIT + ) + ( /*mem_upper_sm_reconn*/ + 0 UPPERSM_RECONN_IDLE + 1 UPPERSM_RECONN_SDP_CONN + 2 UPPERSM_RECONN_SDP_CONN_WAIT + 3 UPPERSM_RECONN_SDP_CFG + 4 UPPERSM_RECONN_SDP_CFG_WAIT + 5 UPPERSM_RECONN_SS_HS + 6 UPPERSM_RECONN_SS_HS_WAIT + 7 UPPERSM_RECONN_SS_HF + 8 UPPERSM_RECONN_SS_HF_WAIT + 9 UPPERSM_RECONN_SS_AVTARG + 10 UPPERSM_RECONN_SS_AVTARG_WAIT + 11 UPPERSM_RECONN_SS_OBEX + 12 UPPERSM_RECONN_SS_OBEX_WAIT + 13 UPPERSM_RECONN_SDP_DISCONN + 14 UPPERSM_RECONN_SDP_DISCONN_WAIT + 15 UPPERSM_RECONN_HID_CTRL_CONN + 16 UPPERSM_RECONN_HID_CTRL_CONN_WAIT + 17 UPPERSM_RECONN_HID_CTRL_CFG + 18 UPPERSM_RECONN_HID_CTRL_CFG_WAIT + 19 UPPERSM_RECONN_HID_INT_CONN + 20 UPPERSM_RECONN_HID_INT_CONN_WAIT + 21 UPPERSM_RECONN_HID_INT_CFG + 22 UPPERSM_RECONN_HID_INT_CFG_WAIT + 23 UPPERSM_RECONN_RFCOMM_CONN + 24 UPPERSM_RECONN_RFCOMM_CONN_WAIT + 25 UPPERSM_RECONN_RFCOMM_CFG + 26 UPPERSM_RECONN_RFCOMM_CFG_WAIT + 27 UPPERSM_RECONN_RFCOMM_SABM + 28 UPPERSM_RECONN_RFCOMM_SABM_WAIT + 29 UPPERSM_RECONN_SPP_CMD_PN + 30 UPPERSM_RECONN_SPP_CMD_PN_WAIT + 31 UPPERSM_RECONN_SPP_SABM + 32 UPPERSM_RECONN_SPP_SABM_WAIT + 33 UPPERSM_RECONN_SPP_CMD_MS + 34 UPPERSM_RECONN_SPP_CMD_MS_WAIT + 35 UPPERSM_RECONN_HF_CMD_PN + 36 UPPERSM_RECONN_HF_CMD_PN_WAIT + 37 UPPERSM_RECONN_HF_SABM + 38 UPPERSM_RECONN_HF_SABM_WAIT + 39 UPPERSM_RECONN_HF_CMD_MS + 40 UPPERSM_RECONN_HF_CMD_MS_WAIT + 41 UPPERSM_RECONN_AVDTPs_CONN + 42 UPPERSM_RECONN_AVDTPs_CONN_WAIT + 43 UPPERSM_RECONN_AVDTPs_CFG + 44 UPPERSM_RECONN_AVDTPs_CFG_WAIT + 45 UPPERSM_RECONN_AVDTPm_CONN + 46 UPPERSM_RECONN_AVDTPm_CONN_WAIT + 47 UPPERSM_RECONN_AVDTPm_CFG + 48 UPPERSM_RECONN_AVDTPm_CFG_WAIT + 49 UPPERSM_RECONN_AVCTP_CONN + 50 UPPERSM_RECONN_AVCTP_CONN_WAIT + 51 UPPERSM_RECONN_AVCTP_CFG + 52 UPPERSM_RECONN_AVCTP_CFG_WAIT + 53 UPPERSM_RECONN_OBEX_CMD_PN + 54 UPPERSM_RECONN_OBEX_CMD_PN_WAIT + 55 UPPERSM_RECONN_OBEX_SABM + 56 UPPERSM_RECONN_OBEX_SABM_WAIT + 57 UPPERSM_RECONN_OBEX_CMD_MS + 58 UPPERSM_RECONN_OBEX_CMD_MS_WAIT + 59 UPPERSM_RECONN_SS_SPP + 60 UPPERSM_RECONN_SS_SPP_WAIT + ) + (/*mem_UI_profile_supported*/ + 0 support_HID + 1 support_A2DP + 2 support_AVRCP + 3 support_HF + 4 support_HS + 5 support_PBAP + 6 support_SPP + ) + /*mem_upper_sm_ss*/ + ( + 0 UPPERSM_SS_HS + 1 UPPERSM_SS_HF + 2 UPPERSM_SS_AVTARG + 3 UPPERSM_SS_OBEX + ) + + ( + 160 UI_HUNDRED_MILLISECOND_TIME + 0XFF UI_BUTTON_GPIO_DISABLE + ) + ( + 0x01 UI_BB_INCONNECT + 0x10 UI_BB_DISCONNECT + ) +( +0x00 UI_BUTTON_STATE_DOWN +0x01 UI_BUTTON_STATE_UP +) + +//mem_ipc_skip_continue_proc +( + 0 IPC_CONTINUE_PROCESS + 1 IPC_SKIP_CONTINUE_PROCESS +) + + + + Index: dukaqi/senrui/format/utility.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/utility.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/utility.format (working copy) @@ -0,0 +1,180 @@ +/** +* @file:bt_utility_format.upper +* @author: lei.zhu +* utility header file. inlcude timer +* Copyright: (C)Hanlynn Technology +*/ + +memalloc( + +/* + temp parameter +*/ +2 mem_hold_contr +2 mem_hold_contw +1 mem_fifo_temp + +8 mem_pdatatemp +8 mem_temp //8 bytes +4 mem_timeup // 4 bytes +4 mem_rega //4 bytes +4 mem_regb //4 bytes +3 mem_regc //3 bytes +2 mem_contr //2 bytes +2 mem_contw //2 bytes + +1 mem_wakup_from_power_flag +4 mem_saved_gpio_in + +0 mem_shutter_random_mac_data_temp +0 mem_shutter_config_data_temp +0 mem_le_adv_channel_map_temp +0 mem_le_data_len_temp //1byte +0 mem_tx_fifo_map_temp +0 mem_rpn_dlci //1byte +0 mem_event_cmd_response_content //2byte +0 mem_le_prand //16byte +0 mem_AES_CMAC_k //16 bytes +0 mem_regext_index //1 bytes +1 mem_temp_block0 +0 mem_le_data_temp //15bytes +15 mem_temp_block1 +0 mem_le_aes_128 //16byte +0 mem_regext //64 bytes +0 mem_AES_CMAC_k1 //16 bytes +16 mem_temp_block2 +0 mem_AES_CMAC_k2 //16 bytes +16 mem_temp_block3 +0 mem_AES_CMAC_temp // 16 bytes +16 mem_temp_block4 +0 mem_AES_CMAC_M_last // 16 bytes +1 mem_module_uart_cmd +1 mem_module_uart_opcode +1 mem_module_uart_len +1 mem_module_temp_nl_discard_packet +12 mem_temp_block5 +0 mem_le_mackey //16 bytes +0 mem_app_receive_temp +2 mem_key_value_temp +2 mem_key_value +1 mem_key_value_temp1 +1 mem_key_value_temp2 +1 mem_key_value_temp3 +1 mem_key_value_temp4 +1 mem_key_value_temp5 +1 mem_key_value_temp6 +6 mem_temp_block6 + + +1 mem_usb_status +1 mem_usb_fifo_empty +1 mem_usb_read_len +64 mem_usb_rxbuf +2 mem_bufptr +1 mem_remain +20 mem_devicedesc +2 mem_hidreportdesc_kb +2 mem_hidreportdesc_m +100 mem_confdesc +5 mem_string0 +30 mem_string1 +64 mem_string2 +30 mem_string3 +2 mem_usb_zero_packet +2 mem_usb_ones_packet +2 mem_usb_two_packet +1 mem_usb0_state + +1 mem_usb_offline_check_gpio +1 mem_usb_tx_interval + +0 mem_usb_clear_mem_start +0 mem_usb_setup +1 mem_usb_setup_bmRequestType +1 mem_usb_setup_bRequest +1 mem_usb_setup_bValue +1 mem_usb_setup_bValueH +2 mem_usb_setup_wIndex +1 mem_usb_setup_bLength +1 mem_usb_setup_bLengthH +64 mem_usb0_setup +64 mem_usb0_set_report_data +64 mem_usb0_get_report_data +1 mem_usb_state +1 mem_usb_tx_wait +1 mem_usb_tx_enable +1 mem_usb_remote_wakeup +1 mem_usb_clear_remote_wakeup +1 mem_usb_ep0_stall_status +1 mem_usb_ep1_stall_status +1 mem_usb_ep2_stall_status +1 mem_usb_ep3_stall_status +2 mem_dsc_info_data_pointer +1 mem_dsc_info_len +1 mem_usb0_data_ready_report +1 mem_usb_tx_win_enable +1 mem_usb_tx_mac_enable +1 mem_usb_device_enumeration_endflag +1 mem_usb_wakestate_onetime_flag +1 mem_usb_mac_wakeup_trig +1 mem_usb_set_high_addr_flag +1 mem_usb_set_protocol_value +1 mem_usb_set_protocol_status +1 mem_usb_get_protocol_flag +1 mem_usb_idle_flag +1 mem_usb_idle_rate +2 mem_usb_setup_bValue_temp +1 mem_usb0_get_set_report +1 mem_usb_ep1_data +1 mem_usb_ep2_data +1 mem_usb_clear_halt +16 mem_usb_mouse_data +16 mem_usb_kb_data +16 mem_usb_kb_multikey +8 mem_usb_kb_data_sta_data +8 mem_usb_kb_data_last_data +3 mem_usb_kb_multikey_sta_data +3 mem_usb_kb_multikey_last_data +1 mem_usb_kb_blank_data_enable +1 mem_usb_kb_mul_blank_data_enable +1 mem_usb_test_cnt +0 mem_usb_clear_mem_end +1 mem_usb_test_kb + +256 mem_rssi_noise_buffer +256 mem_rssi_noise_dg_buffer +256 mem_rssi_noise_ms_buffer +256 mem_rssi_noise_kb_buffer +32 mem_24g_common_temp + +) + + +( +/*mem_util_timer_flag0_7*/ + 0 UTIL_TIMER_0_USED + 1 UTIL_TIMER_1_USED + 2 UTIL_TIMER_2_USED + 3 UTIL_TIMER_3_USED + 4 UTIL_TIMER_4_USED + 5 UTIL_TIMER_5_USED + 6 UTIL_TIMER_6_USED + 7 UTIL_TIMER_7_USED +/*mem_util_timer_flag8_15*/ + 0 UTIL_TIMER_8_USED + 1 UTIL_TIMER_9_USED + 2 UTIL_TIMER_10_USED + 3 UTIL_TIMER_11_USED + 4 UTIL_TIMER_12_USED + 5 UTIL_TIMER_13_USED + 6 UTIL_TIMER_14_USED + 7 UTIL_TIMER_15_USED +) + +//util fifo param +( + +8 UTIL_FIFO_LEN +-1 UTIL_FIFO_OFFSET +) + Index: dukaqi/senrui/format/var.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/var.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/format/var.format (working copy) @@ -0,0 +1,442 @@ +/************************************************************************/ +/* RCS HEADER -- DO NOT ERASE */ +/* $Author: Administrator $ */ +/* $Id: bt_var.osi,v 1.1 2009-09-28 04:06:18 Administrator Exp $ */ +/* Orisil Technology */ +/************************************************************************/ + + +/* packet types */ +( + 0x02 FHS_PACKET + 0x03 DM1_PACKET + 0x03 DM1_LMP_PACKET + 0x04 DH1_PACKET + 0x05 HV1_PACKET + 0x06 HV2_PACKET + 0x07 HV3_PACKET + 0x08 DV_PACKET + 0x09 AUX1_PACKET + 0x0a DM3_PACKET + 0x0b DH3_PACKET + 0x0e DM5_PACKET + 0x0f DH5_PACKET +) + + +/* mem_lmp_respond */ +( + 0 RESPOND_TO_ALL + 1 PASS_EVERYTHING + 2 PASS_ONLY_UNKNOWNS + 3 RESPOND_TO_LMPS +) +/* SCO algorithm defines */ +( + 0 ULAW + 1 ALAW + 2 CVSD +) +/* encryption modes */ +( + 0 NO_ENCRYPTION + 1 PT_PT_ENCRYPTION + 2 PT_BROADCAST_ENCRYPTION +) + +/* bits used in mem_lmp_state1 variable */ +( + 0 LMP_STATE_DETACH + 1 LMP_STATE_HOLD + 2 LMP_STATE_SNIFF + 3 LMP_STATE_PARK + 4 LMP_STATE_WAIT_SCO_CREATE + 5 LMP_STATE_WAIT_SCO_KILL + 6 LMP_STATE_SCO3 + 7 LMP_STATE_WAIT_SCO_START +) +/* mem_lmp_state2 */ +( + 0 LMP_WAIT_FOR_SNIFF_ACCEPT + 1 LMP_WAIT_FOR_PARK_ACCEPT + 2 LMP_SEND_UNPARK_ACCEPTED + 3 LMP_SEND_ENCRYPTION_START + 4 LMP_SEND_ENCRYPTION_STOP + 5 MESSAGE_QUEUE + 7 LMP_STATE_WAIT_BEACON +) +/* mem_lmp_state3 */ +( + 0 INQUIRY_STATE_CHECK + 1 HOST_DELAY_MESSAGE + 2 VARIABLE_DELAY + 3 TEST_MODE_START_LOOPBACK + 4 TEST_MODE_START_PATTERN + 5 PARSE_TEST_CONTROL_MESSAGE + 6 H_AUTH_SEND_COMB_KEY +) +/* mem_rx_status */ +( + 0 FROM_MASTER +) +/* mem_ms_flag */ +( + 0 MS_RECEIVE_SWITCH_REQ + 1 MS_SEND_SETUP_COMPLATE +) +/* mem_conn_sm */ +( + 0 CONN_SM_STANDBY + 1 CONN_SM_WAIT_PAGE + 2 CONN_SM_SEND_FEATURES + 3 CONN_SM_WAIT_FEATURES_RES + 4 CONN_SM_SEND_CONN_REQ + 5 CONN_SM_WAIT_CONN_ACCEPT + 6 CONN_SM_AUTH_PAIR + 7 CONN_SM_AUTH_PAIR_WAIT + 8 CONN_SM_WAIT_MUTAL_AUTH + 9 CONN_SM_ENCRYPT + 0xa CONN_SM_ENCRYPT_WAIT + 0xb CONN_SM_ENCRYPT_WAIT_CLEAR + 0xc CONN_SM_SEND_SETUP_COMPLETE + 0xd CONN_SM_WAIT_SETUP_COMPLETE + 0xe CONN_SM_SEND_SWITCH + 0xf CONN_SM_DETACH_DELAY + 0x10 CONN_SM_WAIT_SWITCH_AFTER_HOST_CONNECTION + 0x11 CONN_SM_DELAY_RESTART_CONNECTION + 0x12 CONN_SM_SEND_VERSION + 0X13 CONN_SM_WAIT_VERSION + 0x14 CONN_SM_SEND_FEATURES_EXT + 0x15 CONN_SM_WAIT_FEATURES_EXT + 0x16 CONN_SM_PAIRING + 0x17 CONN_SM_AUTH + 0x18 CONN_SM_PAIRING_WAIT + 0x19 CONN_SM_AUTH_WAIT + 0x1a CONN_SM_DONE + 0x1b CONN_SM_WAIT_DONE +) + +/* btStateConn1 */ +( + 0 CONN_STANDBY + 1 CONN_MASTER_SEND_CONN_REQ + 2 CONN_MASTER_WAIT_FOR_CONN_ACCEPTED + 3 CONN_MASTER_AUTH + 4 CONN_MASTER_WAIT_FOR_FEATURES + 5 CONN_MASTER_WAIT_FOR_SETUP_COMPLETE + 6 CONN_MASTER_WAIT_FOR_MAX_SLOT + 7 CONN_SLAVE_CONN_REQUESTED + 8 CONN_SLAVE_WAIT_FOR_SETUP_COMPLETE + 9 CONN_SLAVE_AUTH + 10 CONN_USING_HOST_OPCODE + 11 CONN_SLAVE_AUTH_WAIT + 12 CONN_SLAVE_ENCRYPT_WAIT +) + +/* mem_lmp_conn_state */ +( + 0 RECEIVED_CONN_REQ + 1 SENT_CONN_REQ + 2 RECEIVED_SETUP_COMPLETE + 3 SENT_SETUP_COMPLETE + 4 HOST_CONNECTION_MADE + 6 INIT_COMPLETE + 7 SNIFF_NEGOTIATE +) +/* btStateAuth1 */ +( + 0 WAIT_FOR_KINIT + 1 WAIT_FOR_LKA + 2 WAIT_FOR_LKB + 3 WAIT_FOR_SRES + 4 EXAMINE_RECEIVED_SRES + 5 SEND_AU_RAND + 6 WAIT_FOR_KC + 7 DELAYED_ENCRYPT_RESPONSE +) +/* btStateAuth2 */ +( + 0 SENT_SRES + 1 RECEIVED_IN_RAND + 2 SENT_AU_RAND + 3 AUTHENTICATION_FAILED + 4 AUTHENTICATION_PASSED + 5 STARTED_AUTH + 6 SENT_COMB_KEY + 7 SENT_IN_RAND +) +/* btStateAuth3 */ +( + 0 RECEIVED_AU_RAND + 1 RECEIVED_SRES + 2 MUTUALLY_AUTHENTICATE +) +/* btStateHost */ +( + 0 H_AUTH_STARTED + 2 H_ENCRYPTION_MODE_REQ_PT + 3 H_ENCRYPTION_KEY_SIZE + 4 H_ENCRYPTION_START + 5 H_ENCRYPTION_STOP + 6 H_AUTH_SECOND_TRY +) +/* btStateEncrypt2 */ +( + 0 RECEIVED_ENCRYPT_MODE_REQ_PT + 1 RECEIVED_ENCRYPT_KEY_SIZE + 2 RECEIVED_ENCRYPT_START + 3 RECEIVED_ENCRYPT_STOP + 4 STARTED_ENCRYPT_START +) +/* mem_ms_state */ +( + 0x00 MS_STANDBY + 0x11 M_MINIT_1 + 0x12 M_MINIT_2 + 0x20 M_SINIT_0 + 0x30 S_MINIT_0 + 0x31 S_MINIT_1 + 0x32 S_MINIT_2 + 0x41 S_SINIT_1 + 0x42 S_SINIT_2 + 0x43 S_SINIT_3 +) +/* mem_test_mode */ +( + 0 TEST_MODE_ALLOWED + 1 TEST_MODE_ACTIVE +) +/* values for mem_tester_emulate */ +( + 0x00 NO_TEST_MODE + 0x00 CONTINUOUS_TRANSMIT + 0x10 TRANSMIT_TEST + 0x08 LOOPBACK +) + +/* mem_tx_misc */ +( + 1 SEND_TX_ADDR +) +/* BBHWREG_page_stat */ +( + 5 PAGE_MODE_END +) +/* host_return_parameters_status codes */ +( + 0x00 HOST_RETURN_SUCCESS + 0x01 HOST_RETURN_SLAVE_CANT_ISSUE + 0x02 HOST_RETURN_NO_CONNECTION + 0x04 HOST_RETURN_PAGE_TIMEOUT + 0x05 HOST_RETURN_INQUIRY_TIMEOUT + 0x08 HOST_RETURN_CONNECTION_TIMEOUT + 0x09 HOST_RETURN_MAX_NUM_CONNECTIONS + 0x0a HOST_RETURN_MAX_NUM_SCO + 0x0b HOST_RETURN_MAX_NUM_ACL + 0x0c HOST_RETURN_SECURITY_REASONS + 0x10 HOST_RETURN_HOST_TIMEOUT + 0x11 HOST_RETURN_UNSUPPORTED_FEATURE_PARAMETER + 0x13 HOST_RETURN_OTHER_END_USER + 0x14 HOST_RETURN_OTHER_END_LOW_RESOURCE + 0x15 HOST_RETURN_OTHER_END_POWER_OFF + 0x16 HOST_RETURN_LOCAL_HOST + 0x18 HOST_RETURN_PAIRING_NOT_ALLOWED + 0x19 HOST_RETURN_UNKNOWN_PDU + 0x1a HOST_RETURN_UNSUPPORTED_REMOTE_FEATURE + 0x1d HOST_RETURN_SCO_AIR_MODE_REJECTED + 0x20 HOST_RETURN_UNSUPPORTED_LMP_VALUE + 0x21 HOST_RETURN_AUTHENTICATION_FAILURE + 0x22 HOST_RETURN_CHANGED_EXISTING_SCO + 0x23 HOST_RETURN_HOST_REJECTED + 0x24 HOST_RETURN_UNSPECIFIED_ERROR + 0x25 HOST_RESET + 0x26 HOST_RETURN_BAD_HANDLE + + 0x00 HOST_RETURN_ACCEPT_COMMAND + 0x01 HOST_RETURN_REJECT_COMMAND +) +/* host_present */ +( + 0 HOST_IS_PRESENT + 1 BCI_IS_PRESENT + 2 DONT_INIT_RADIO +) +/* mem_master_state */ +( + 0 MASTER_STATE_STANDBY + 1 MASTER_INQUIRY +) +/* misc */ +( + 92 SECOND_SWITCH_REQ + 93 SLAVE_DELAY_DETACH + 94 MASTER_DELAY_DETACH + 95 UNSNIFF_DELAY_DETACH + 0 WE_STARTED_AS_MASTER + 1 WE_STARTED_AS_SLAVE +) +/* mem_host_commands */ +( + 0x01 HOST_INQUIRY + 0x02 HOST_INQUIRY_CANCEL + 0x03 HOST_CREATE_CONNECTION + 0x04 HOST_DISCONNECT_CONNECTION + 0x05 HOST_ADD_SCO_REQUEST + 0x06 HOST_REMOTE_NAME_REQUEST + 0x07 HOST_WRITE_SUPPORTED_FEATURES + 0x08 HOST_SET_TX_LEVEL + 0x09 HOST_SET_RX_LEVEL + 0x0a HOST_SNIFF_REQUEST + 0x0b HOST_UNSNIFF_REQUEST + 0x0c HOST_WRITE_LINK_SUPERVISION_TIMEOUT + 0x0e HOST_WRITE_SCAN_ENABLE + 0x0f HOST_READ_AUDIO_QUALITY + 0x10 HOST_ENABLE_DEVICE_UNDER_TEST + 0x14 HOST_BUTTON_CONFIGURE + 0x15 HOST_SET_LOW_BATTERY_LEVEL + 0x16 HOST_WRITE_LOCAL_NAME + 0x17 HOST_WRITE_LOCAL_PIN + 0x18 HOST_KILL_SCO_REQUEST + 0x19 HOST_QOS_REQ + + 0x1a HOST_FEATURES_REQUEST + 0x1b HOST_VERSION_REQUEST + 0x1c HOST_TIMING_REQUEST + 0x1d HOST_CLK_OFFSET_REQUEST + 0x1e HOST_AUTHENTICATE + 0x1f HOST_START_ENCRYPTION + 0x20 HOST_STOP_ENCRYPTION + 0x21 HOST_HOLD_REQUEST + 0x22 HOST_HOLD_FORCE + 0x23 HOST_PARK_REQUEST + 0x24 HOST_MOD_BEACON + 0x25 HOST_SET_BROADCAST_SCAN_WINDOW + 0x26 HOST_UNPARK_PM_REQUEST + 0x27 HOST_UNPARK_BD_REQUEST + 0x28 HOST_SLAVE_REQUEST_UNPARK + 0x29 HOST_DECREASE_POWER_REQUEST + 0x2a HOST_INCREASE_POWER_REQUEST + 0x2b HOST_SEND_PREFERRED_RATE + 0x2c HOST_MAX_SLOT_REQ + 0x2d HOST_MAX_SLOT_FORCE + 0x2e HOST_PAGE_MODE_REQUEST + 0x2f HOST_PAGE_SCAN_MODE_REQUEST + 0x30 HOST_MASTER_SLAVE_SWITCH + 0x31 HOST_SEND_AUTO_RATE + 0x32 HOST_PAGE_CANCEL + 0x33 HOST_CHANGE_LINK_KEY + 0x34 HOST_RADIO_READ + 0x35 HOST_RADIO_WRITE + 0x36 HOST_REMOTE_SLAVE_INIT_UNPARK_REQUESTED + + 0x40 HOST_REMOTE_CONNECTION_REQUESTED + 0x41 HOST_REMOTE_DETACH + 0x42 HOST_REMOTE_SCO_CREATE_REQUESTED + 0x43 HOST_REMOTE_SCO_KILL_REQUESTED + 0x44 HOST_REMOTE_PARK_REQUESTED + 0x45 HOST_REMOTE_UNPARK_REQUESTED + 0x46 HOST_REMOTE_SNIFF_REQUESTED + 0x47 HOST_REMOTE_UNSNIFF_REQUESTED + 0x48 HOST_REMOTE_HOLD_REQUESTED + 0x49 HOST_REMOTE_AUTHENTICATION + 0x4a HOST_REMOTE_START_ENCRYPTION_REQUESTED + 0x4b HOST_REMOTE_STOP_ENCRYPTION_REQUESTED + 0x4c HOST_MODE_CHANGE_EVENT + 0x4d HOST_REMOTE_TEST_ACTIVATE + 0x4e HOST_REMOTE_TEST_CONTROL + 0x4f HOST_REMOTE_TIMING_REQUEST +) +/* BCI interface (not used if not compiled in ) */ +( + 0x01 BCI_INQUIRY + 0x02 BCI_INQUIRY_CANCEL + 0x03 BCI_CREATE_CONNECTION + 0x04 BCI_DISCONNECT + 0x05 BCI_ADD_SCO_CONNECTION + 0x06 BCI_REMOTE_NAME_REQUEST + 0x07 BCI_WRITE_SUPPORTED_FEATURES + 0x08 BCI_SET_TX_POWER_LEVEL + 0x09 BCI_SET_RX_POWER_LEVEL + 0x0a BCI_SNIFF_MODE + 0x0b BCI_EXIT_SNIFF_MODE + 0x0c BCI_WRITE_LINK_SUPERVISION_TIMEOUT + 0x0d BCI_WRITE_PAGE_TIMEOUT + 0x0e BCI_WRITE_SCAN_ENABLE + 0x0f BCI_GET_AUDIO_QUALITY + 0x10 BCI_ENABLE_DEVICE_UNDER_TEST + 0x11 BCI_SEND_DATA + 0x12 BCI_REGISTER_SERVICE_RECORD + 0x13 BCI_SERVICE_SEARCH_ATTRIB_REQ + 0x14 BCI_BUTTON_CONFIGURE + 0x15 BCI_SET_LOW_BATTERY_LEVEL + 0x16 BCI_WRITE_LOCAL_NAME + 0x17 BCI_WRITE_LOCAL_PIN + 0x18 BCI_REMOVE_SCO_CONNECTION + 0x19 BCI_QUALITY_OF_SERVICE + 0x40 BCI_REMOTE_CONNECTION_REQUEST + 0x41 BCI_REMOTE_DETACH + 0x42 BCI_REMOTE_ADD_SCO_REQUEST + 0x43 BCI_REMOTE_REMOVE_SCO_REQUEST + 0x44 BCI_REMOTE_PARK_REQUEST + 0x45 BCI_REMOTE_UNPARK_REQUEST + 0x46 BCI_REMOTE_SNIFF_REQUEST + 0x47 BCI_REMOTE_UNSNIFF_REQUEST + 0x48 BCI_REMOTE_HOLD_REQUEST + 0x49 BCI_REMOTE_AUTHENTICATION_PAIRING_REQUEST + 0x4a BCI_REMOTE_START_ENCRYPTION_REQUEST + 0x4b BCI_REMOTE_STOP_ENCRYPTION_REQUEST + 0x4c BCI_MODE_CHANGE_EVENT +) +/* mode changes */ +( + 0 MODE_CHANGE_ACTIVE + 1 MODE_CHANGE_SNIFFING + 2 MODE_CHANGE_PARKED + 3 MODE_CHANGE_HOLDING + 4 MODE_CHANGE_SCO_ADDED + 5 MODE_CHANGE_SCO_REMOVED + 6 MODE_CHANGE_ACL_CONNECTION + 7 MODE_CHANGE_DISCONNECT + 8 MODE_CHANGE_SCO_CHANGED + 9 MODE_CHANGE_ENCRYPTING + 10 MODE_CHANGE_NOT_ENCRYPTING + 11 MODE_CHANGE_BUTTON_UP + 12 MODE_CHANGE_BUTTON_DOWN + 13 MODE_CHANGE_BATTERY_LOW + 14 MODE_CHANGE_RESET + 15 MODE_CHANGE_INQUIRY_CANCELED_RMTCMD + 16 MODE_ACTIVE_MSSWITCH_PASSED + 17 MODE_ACTIVE_MSSWITCH_FAILED +) +/* mem_battery - low nibble is level information, upper nibble is status info */ +( + 6 BATTERY_CHECK_LEVEL + 7 BATTERY_SENT_STATUS +) +/* mem_radio_version */ +( + 0x02 RADIO_2001 + 0x12 RADIO_2002 + 0x32 RADIO_2002_DDM + 0x42 RADIO_1008A1 + 0x52 RADIO_1018A0 +) +/* mem_slave_initiated_conn */ +( + 0 SLAVE_INIT_AUTHENTICATION + 1 SLAVE_INIT_ENCRYPTION + 2 SLAVE_INIT_MASTER_SLAVE_SWITCH +) +/* connection_options */ +( + 0 CONNECTION_AUTH + 1 CONNECTION_ENCRYPT + 2 CONNECTION_SWITCH + 3 CONNECTION_ACL + 4 CONNECTION_FEATURE_EXT +) +/* mem_debug_config */ +( + 7 AA_INSERTION +) + Index: dukaqi/senrui/output/bt_code.c =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/output/bt_code.c (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/output/bt_code.c (working copy) @@ -0,0 +1,138 @@ +const unsigned char bt_code[] = { +0x00,0x02,0xaa,0x55,0xb2,0x04,0xc2,0x84,0x00,0x09,0xc0,0x00,0x80,0x12,0xc0,0x42, +0x80,0x18,0xc0,0x44,0x80,0x39,0xc0,0x51,0x00,0x42,0xc0,0x5c,0x00,0x49,0xc0,0x5d, +0x80,0x76,0xc0,0x5e,0x00,0xd1,0x20,0x20,0x4a,0x8b,0xc0,0x01,0x80,0xd5,0xc0,0x02, +0x80,0xe5,0xc0,0x03,0x00,0xee,0xc0,0x1d,0x00,0xf3,0xc0,0x1f,0x00,0xfc,0xc0,0x20, +0x81,0x0e,0xc0,0x29,0x01,0x14,0xc0,0x4c,0x81,0x28,0x20,0x20,0x4a,0x8b,0x20,0x40, +0x68,0xc4,0x20,0x40,0x60,0xd7,0x20,0x40,0x00,0x16,0x20,0x20,0x40,0x0a,0x20,0x75, +0x80,0x00,0x20,0x20,0x7b,0x9a,0x20,0x30,0x80,0x28,0x70,0x89,0x55,0xd4,0x20,0x00, +0x00,0x04,0x70,0x89,0x55,0xd2,0x20,0x00,0x00,0x04,0x70,0x89,0x55,0xd1,0x20,0x00, +0x00,0x04,0x6f,0xe2,0x41,0xdf,0xc0,0x00,0x00,0x26,0xc0,0x00,0x80,0x36,0xc0,0x01, +0x00,0x26,0xc0,0x01,0x80,0x36,0xc0,0x02,0x00,0x36,0xc0,0x10,0x00,0x36,0x70,0x89, +0x55,0xd0,0x70,0x89,0x56,0xe0,0x18,0x00,0x2a,0x08,0x18,0x00,0x2a,0x00,0x78,0x50, +0xfc,0x00,0x78,0x50,0x7c,0x00,0x78,0x2f,0x7c,0x00,0x70,0x89,0x02,0x00,0x70,0x89, +0x01,0x00,0x70,0x89,0x00,0x00,0x70,0x89,0x03,0x00,0x70,0x89,0x04,0x70,0x6f,0xe2, +0x89,0x06,0x79,0x20,0x7e,0x00,0x67,0xe2,0x89,0x06,0x20,0x60,0x00,0x00,0x70,0x89, +0x55,0xd0,0x70,0x89,0x56,0xc0,0x20,0x20,0x00,0x28,0x60,0x42,0x00,0x17,0x20,0x40, +0x49,0x2a,0x20,0x40,0x49,0x80,0x58,0x00,0x05,0x00,0x20,0x40,0x4a,0x8e,0x6f,0xe2, +0x89,0x06,0x79,0x20,0x7e,0x00,0x67,0xe2,0x89,0x06,0x20,0x20,0x49,0x37,0x70,0x89, +0x06,0x7c,0x20,0x75,0x80,0x00,0x58,0x00,0x00,0x00,0x67,0xe4,0x41,0xdd,0x1c,0x43, +0x7e,0x00,0x67,0xe8,0x40,0x94,0x20,0x60,0x00,0x00,0x58,0x00,0x00,0x53,0x67,0xe4, +0x41,0xf6,0x58,0x00,0x00,0x5b,0x67,0xe4,0x41,0xfe,0x58,0x00,0x00,0x65,0x67,0xe4, +0x41,0xfa,0x20,0x40,0x4d,0xaf,0x20,0x40,0x4d,0xbc,0x20,0x40,0x4c,0x2a,0x20,0x20, +0x50,0x4d,0x1a,0x62,0x7e,0x00,0xc0,0x04,0x80,0x59,0xc0,0x01,0x00,0x57,0x20,0x20, +0x4d,0xdf,0x70,0x4b,0x15,0x00,0x20,0x20,0x4d,0xfb,0x70,0x4b,0x15,0x06,0x20,0x20, +0x4e,0x08,0x20,0x40,0x00,0x5d,0x20,0x20,0x50,0xc3,0x6f,0xe2,0x4b,0x15,0x20,0x7a, +0x00,0x00,0x1f,0xe0,0xff,0xff,0x67,0xe2,0x4b,0x15,0x24,0x7a,0x00,0x00,0x6f,0xe4, +0x46,0x52,0xc2,0x80,0x4d,0x64,0x20,0x60,0x00,0x00,0x20,0x40,0x4f,0x11,0x20,0x74, +0x00,0x00,0x1a,0x22,0x7e,0x00,0x67,0xe4,0x46,0x71,0x1a,0x42,0x7e,0x00,0x67,0xe2, +0x46,0x70,0x68,0x44,0x04,0x74,0x60,0x44,0x46,0x73,0x20,0x40,0x5b,0x6c,0x24,0x3a, +0x4a,0x8b,0x6f,0xe2,0x04,0x9e,0xc0,0x81,0x50,0x42,0xe8,0x44,0x00,0x06,0x58,0x00, +0x29,0x02,0x98,0x46,0x7c,0x00,0x20,0x62,0x80,0x00,0x20,0x20,0x50,0x42,0x6f,0xe2, +0x0a,0xff,0xc0,0x13,0x80,0xcf,0xc0,0x06,0x00,0x7e,0xc0,0x3b,0x00,0x87,0xc0,0x3b, +0x80,0x8d,0xc0,0x3c,0x00,0x92,0xc0,0x0a,0x80,0xcc,0x20,0x20,0x4e,0x5c,0x1a,0x22, +0x06,0x00,0xef,0xe2,0x00,0x03,0xc0,0x00,0x4f,0x1c,0xc0,0x00,0xcf,0x1f,0xc0,0x01, +0x4f,0x25,0xc0,0x01,0x80,0x85,0x20,0x20,0x50,0x1c,0x58,0x00,0x00,0x01,0x20,0x20, +0x4f,0x20,0xd8,0x40,0x00,0x28,0x20,0x40,0x5b,0x4d,0x18,0xc0,0x8b,0xfe,0x58,0x00, +0x00,0x00,0xe7,0xe4,0x00,0x05,0x20,0x20,0x50,0x1f,0x20,0x40,0x00,0x96,0x20,0x40, +0x00,0xb3,0x58,0x00,0x00,0x00,0xe7,0xe4,0x00,0x05,0x20,0x20,0x00,0xc5,0xef,0xe2, +0x00,0x03,0x20,0x40,0x00,0x9a,0x20,0x40,0x00,0xa1,0x20,0x20,0x00,0xc5,0x20,0x40, +0x00,0xb7,0x58,0x28,0x00,0x02,0xe7,0xe6,0x00,0x05,0x20,0x60,0x00,0x00,0x67,0xe2, +0x0a,0x96,0x20,0x40,0x00,0xb7,0x59,0x28,0x03,0x02,0xe7,0xe8,0x00,0x05,0x6f,0xe2, +0x0a,0x96,0xe7,0xe6,0x00,0x05,0x20,0x60,0x00,0x00,0x20,0x40,0x00,0xb7,0x20,0x40, +0x00,0xb3,0x20,0x40,0x00,0xb3,0x58,0x00,0x00,0x00,0xe7,0xe4,0x00,0x05,0x18,0x40, +0x85,0xff,0x20,0x40,0x5b,0x4d,0x18,0xc0,0x8c,0x04,0xef,0xe2,0x00,0x06,0xc2,0x82, +0x00,0xae,0xc2,0x82,0x80,0xae,0x18,0x40,0x84,0x01,0x20,0x60,0x00,0x00,0x20,0x40, +0x00,0xb7,0x5a,0x29,0x02,0x02,0xe7,0xf0,0x00,0x05,0x18,0x40,0x85,0xff,0x20,0x60, +0x00,0x00,0xef,0xe2,0x00,0x03,0x1f,0xe2,0x72,0x00,0xe7,0xe2,0x00,0x05,0x20,0x20, +0x67,0xed,0x20,0x40,0x00,0xba,0xe0,0x44,0x00,0x05,0x20,0x60,0x00,0x00,0x6f,0xe4, +0x44,0x8e,0x98,0x00,0x0c,0x00,0xef,0xe4,0x00,0x06,0x20,0x7a,0x00,0x00,0x1f,0xe0, +0x84,0x01,0xef,0xe2,0x00,0x06,0x98,0xc0,0x8c,0x00,0xef,0xe2,0x00,0x06,0x98,0xc0, +0x8c,0x00,0x18,0xc2,0x0a,0x00,0x20,0x20,0x00,0xbc,0x60,0x44,0x0a,0x9e,0x70,0x0a, +0xff,0x29,0x58,0x00,0x00,0x02,0x20,0x40,0x50,0xa5,0x68,0x44,0x0a,0x9e,0xe0,0x44, +0x00,0x0a,0x20,0x20,0x67,0xb9,0xef,0xe6,0x00,0x03,0x67,0xe6,0x40,0xaa,0x20,0x20, +0x50,0x1f,0x20,0x40,0x50,0x1f,0x20,0x20,0x4d,0x85,0x6f,0xe4,0x44,0x78,0x20,0x40, +0x7d,0xb5,0x1f,0xe2,0x04,0x00,0x20,0x20,0x4e,0xfa,0x20,0x40,0x49,0xba,0x78,0x23, +0xfc,0x00,0x78,0x24,0xfc,0x00,0x09,0x80,0x00,0x08,0x19,0x89,0x7e,0x00,0x67,0xe2, +0x02,0xd5,0x09,0x80,0x00,0x08,0x19,0x89,0x7e,0x00,0xe7,0xe2,0x00,0x05,0x1f,0xe1, +0x72,0x3f,0x20,0x22,0xd8,0x8b,0x1f,0xe6,0x7c,0x33,0x24,0x41,0x00,0xe3,0x20,0x20, +0x58,0x87,0xdf,0x20,0x00,0x33,0x20,0x60,0x00,0x00,0x20,0x40,0x58,0xa3,0x20,0x40, +0x49,0x15,0x68,0x42,0x00,0x17,0x20,0x40,0x49,0x1c,0x20,0x00,0x05,0xdc,0x20,0x40, +0x49,0x21,0x78,0x28,0x7c,0x00,0xd9,0x60,0x15,0x7c,0x20,0x20,0x58,0x69,0x20,0x40, +0x57,0xaf,0x20,0x40,0x00,0xf1,0x20,0x20,0x58,0xa7,0x20,0x36,0x80,0x3e,0x20,0x20, +0x57,0xbe,0x6f,0xe2,0x00,0x7d,0xc0,0x08,0x00,0xf6,0x20,0x20,0x60,0xfe,0x68,0x42, +0x05,0x4e,0x18,0x46,0x7c,0x06,0x20,0x21,0x00,0xfa,0x20,0x20,0x62,0x06,0x70,0x00, +0x7e,0x24,0x20,0x20,0x61,0x34,0x78,0x54,0x7c,0x00,0x20,0x40,0x66,0xa3,0x6f,0xe2, +0x00,0x48,0x20,0x7a,0x00,0x00,0xc2,0x83,0x81,0x02,0x20,0x20,0x63,0xf2,0xc0,0x42, +0x01,0x05,0xc0,0x41,0x81,0x08,0x20,0x20,0x64,0x21,0x20,0x40,0x01,0x0b,0x6f,0xe2, +0x00,0x48,0x20,0x20,0x64,0x7b,0x20,0x40,0x01,0x0b,0x6f,0xe2,0x00,0x48,0x20,0x20, +0x64,0xef,0x6f,0xe2,0x46,0x2c,0x20,0x3a,0x65,0x0d,0x20,0x20,0x65,0x06,0x6f,0xe2, +0x40,0x9e,0x79,0x3f,0xfe,0x03,0x67,0xe2,0x40,0x9e,0x58,0x00,0x00,0x01,0x67,0xe4, +0x04,0xca,0x20,0x60,0x00,0x00,0x6f,0xe2,0x04,0xf9,0xc0,0x1f,0xe9,0x3e,0xc0,0x39, +0xe9,0x47,0xc0,0x77,0x81,0x1a,0xc0,0x29,0xea,0x05,0x20,0x60,0x00,0x00,0x6f,0xe4, +0x04,0xfd,0x1f,0xe2,0x0c,0x00,0x20,0x40,0x69,0x84,0x6f,0xe2,0x04,0xff,0xc0,0x20, +0xe9,0x66,0xc0,0x20,0x69,0x6e,0xc0,0x38,0xe9,0xa7,0xc0,0x38,0x01,0x24,0xc0,0x24, +0xe9,0xbe,0x20,0x20,0x6a,0x58,0x70,0x0a,0x95,0x08,0x20,0x40,0x7b,0xab,0x20,0x40, +0x69,0x72,0x20,0x20,0x69,0xba,0x6f,0xe2,0x44,0x90,0x20,0x3a,0x5e,0xd0,0x20,0x40, +0x74,0x38,0x20,0x20,0x79,0x32,0xd6,0x16,0xaa,0x55,0x01,0x00,0x92,0x40,0x0a,0xaa, +0x55,0x01,0x00,0x54,0x46,0x40,0xaa,0x55,0x01,0x00,0x06,0x42,0x13,0xaa,0x55,0x08, +0x00,0x98,0x40,0xff,0xfb,0x8f,0xf8,0x8b,0x85,0x59,0x83,0xaa,0x55,0x03,0x00,0x14, +0x42,0x6b,0x4a,0x05,0xaa,0x55,0x04,0x00,0x3d,0x45,0x00,0x7f,0x00,0x07,0xaa,0x55, +0x03,0x00,0x2d,0x46,0x03,0x00,0x04,0xaa,0x55,0x01,0x00,0x2c,0x46,0x01,0xaa,0x55, +0x06,0x00,0x57,0x46,0x04,0x30,0x30,0x30,0x30,0x30,0xaa,0x55,0x10,0x00,0xf0,0x4f, +0x00,0x1c,0xff,0x1f,0x00,0x1c,0x00,0x1c,0x00,0x4c,0xe0,0x4f,0x00,0x4c,0x00,0x4c, +0xaa,0x55,0x02,0x00,0x68,0x46,0x00,0x05,0xaa,0x55,0x01,0x00,0x6c,0x46,0x03,0xaa, +0x55,0x01,0x00,0x6f,0x46,0x07,0xaa,0x55,0x03,0x00,0xaa,0x40,0x24,0x04,0x04,0xaa, +0x55,0x01,0x00,0x79,0x46,0x00,0xaa,0x55,0x01,0x00,0x91,0x40,0x00,0xaa,0x55,0x03, +0x00,0x54,0x41,0x00,0x01,0x08,0xaa,0x55,0x01,0x00,0x74,0x41,0x02,0xaa,0x55,0x01, +0x00,0x93,0x40,0x00,0xaa,0x55,0x01,0x00,0x6d,0x46,0x28,0xaa,0x55,0x06,0x00,0xa0, +0x40,0xa7,0x2a,0x2a,0x21,0x10,0x3a,0xaa,0x55,0x0c,0x00,0xe7,0x44,0x0b,0x33,0x31, +0x32,0x31,0x20,0x4d,0x6f,0x75,0x20,0x42,0x74,0xaa,0x55,0x03,0x00,0xe4,0x41,0x20, +0x00,0x01,0xaa,0x55,0x01,0x00,0xe8,0x41,0x00,0xaa,0x55,0x01,0x00,0x90,0x44,0x01, +0xaa,0x55,0x01,0x00,0x5f,0x44,0x07,0xaa,0x55,0x01,0x00,0x98,0x44,0x00,0xaa,0x55, +0x04,0x00,0x75,0x46,0x2d,0x00,0x2f,0x00,0xaa,0x55,0x01,0x00,0x40,0x43,0x00,0xaa, +0x55,0x02,0x00,0x54,0x44,0x40,0x00,0xaa,0x55,0x01,0x00,0x6e,0x46,0x05,0xaa,0x55, +0x06,0x00,0x72,0x44,0x21,0x22,0x01,0x33,0x02,0x3a,0xaa,0x55,0x0d,0x00,0x81,0x43, +0x0c,0x33,0x31,0x32,0x31,0x20,0x4d,0x6f,0x75,0x20,0x42,0x6c,0x65,0xaa,0x55,0x04, +0x00,0x41,0x43,0x03,0x02,0x01,0x02,0xaa,0x55,0x16,0x00,0x61,0x43,0x0e,0x02,0x01, +0x02,0x11,0x09,0x59,0x69,0x63,0x68,0x69,0x70,0x20,0x31,0x30,0x32,0x31,0x73,0x20, +0x4d,0x6f,0x75,0xaa,0x55,0x07,0x00,0x25,0x44,0x02,0x03,0x00,0x05,0x10,0x02,0x03, +0xaa,0x55,0x08,0x00,0x68,0x44,0x08,0x00,0x10,0x00,0x00,0x00,0x2c,0x01,0xaa,0x55, +0x01,0x00,0x78,0x44,0xb9,0xaa,0x55,0x01,0x00,0x7a,0x44,0x17,0xaa,0x55,0x02,0x00, +0xcc,0x44,0x31,0x00,0xaa,0x55,0x01,0x00,0xd1,0x40,0x01,0xaa,0x55,0x0c,0x00,0x49, +0x45,0x05,0x03,0x00,0x12,0x00,0x01,0x01,0x00,0x01,0x11,0x03,0x00,0xaa,0x55,0x01, +0x00,0x5f,0x45,0x00,0xaa,0x55,0x02,0x00,0x47,0x45,0x83,0x46,0xaa,0x55,0xb8,0x00, +0x83,0x46,0x03,0x12,0x00,0x01,0x00,0x00,0x01,0x00,0x01,0x00,0x01,0x36,0x00,0x52, +0x09,0x00,0x00,0x0a,0x00,0x01,0x00,0x01,0x09,0x00,0x01,0x35,0x03,0x19,0x12,0x00, +0x09,0x00,0x04,0x35,0x0d,0x35,0x06,0x19,0x01,0x00,0x09,0x00,0x01,0x35,0x03,0x19, +0x00,0x01,0x09,0x00,0x09,0x35,0x08,0x35,0x06,0x19,0x12,0x00,0x09,0x01,0x00,0x09, +0x02,0x00,0x09,0x01,0x03,0x09,0x02,0x01,0x09,0x05,0xac,0x09,0x02,0x02,0x09,0x02, +0x39,0x09,0x02,0x03,0x09,0x06,0x44,0x09,0x02,0x04,0x28,0x01,0x09,0x02,0x05,0x09, +0x00,0x02,0x03,0x11,0x01,0x00,0x03,0x01,0x00,0x00,0x01,0x00,0x03,0x36,0x00,0x46, +0x09,0x00,0x00,0x0a,0x00,0x01,0x00,0x03,0x09,0x00,0x01,0x35,0x03,0x19,0x11,0x01, +0x09,0x00,0x02,0x0a,0x00,0x00,0x00,0x00,0x09,0x00,0x04,0x35,0x0c,0x35,0x03,0x19, +0x01,0x00,0x35,0x05,0x19,0x00,0x03,0x08,0x01,0x09,0x00,0x06,0x35,0x09,0x09,0x65, +0x6e,0x09,0x00,0x6a,0x09,0x01,0x00,0x09,0x01,0x00,0x25,0x0a,0x53,0x50,0x50,0x20, +0x73,0x6c,0x61,0x76,0x65,0x00,0x00,0x00,0x01,0x00,0xaa,0x55,0x02,0x00,0x8e,0x44, +0xaf,0x47,0xaa,0x55,0x6c,0x00,0xaf,0x47,0x01,0x00,0x02,0x00,0x28,0x02,0x01,0x18, +0x02,0x00,0x02,0x03,0x28,0x01,0x20,0x03,0x00,0x02,0x05,0x2a,0x01,0x00,0x04,0x00, +0x02,0x02,0x29,0x02,0x01,0x00,0x05,0x00,0x02,0x00,0x28,0x02,0x00,0x18,0x06,0x00, +0x02,0x03,0x28,0x01,0x4e,0x07,0x00,0x02,0x00,0x2a,0x13,0x41,0x73,0x74,0x20,0x4c, +0x45,0x20,0x4d,0x6f,0x75,0x73,0x65,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x08,0x00, +0x02,0x03,0x28,0x01,0x4e,0x09,0x00,0x02,0x01,0x2a,0x02,0x00,0x00,0x0a,0x00,0x02, +0x03,0x28,0x01,0x02,0x0b,0x00,0x02,0x04,0x2a,0x08,0x10,0x00,0x20,0x00,0x05,0x00, +0x2c,0x01,0x00,0x00,0xaa,0x55,0x01,0x00,0x00,0x40,0x02,0xaa,0x55,0x02,0x00,0x10, +0x40,0x20,0x02,0xaa,0x55,0x01,0x00,0x14,0x40,0x04,0xaa,0x55,0x01,0x00,0x17,0x40, +0x19,0xaa,0x55,0x01,0x00,0x20,0x40,0x68,0xaa,0x55,0x02,0x00,0x27,0x40,0x44,0x02, +0xaa,0x55,0x01,0x00,0x2a,0x40,0x04,0xaa,0x55,0x01,0x00,0x33,0x40,0x02,0xaa,0x55, +0x07,0x00,0x76,0x41,0x0f,0x84,0x30,0x0a,0x0b,0xb2,0x32,0xaa,0x55,0x02,0x00,0x57, +0x41,0x8b,0x0b,0xaa,0x55,0x08,0x00,0xa1,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, +0x00,0xaa,0x55,0x02,0x00,0xbd,0x40,0x02,0x24,0xaa,0x55,0x08,0x00,0xad,0x40,0x40, +0x00,0x00,0x02,0x32,0x00,0x00,0x02,0xaa,0x55,0x02,0x00,0xbb,0x40,0x20,0x00,0xaa, +0x55,0x04,0x00,0xb7,0x40,0x20,0x00,0x00,0x20,0xaa,0x55,0x04,0x00,0xbf,0x40,0x80, +0x04,0x00,0x10,0xaa,0x55,0x05,0x00,0xe2,0x44,0x08,0x0e,0x05,0x04,0x00,0xaa,0x55, +0x02,0x00,0x02,0x42,0x30,0x1f,0xaa,0x55,0x01,0x00,0x10,0x42,0x20,0xaa,0x55,0x01, +0x00,0xe0,0x41,0x01,0xaa,0x55,0x0f,0x00,0x16,0x4b,0x4b,0xba,0x55,0xd0,0x56,0xe0, +0x57,0x88,0x58,0x6c,0x59,0x10,0x07,0xff,0xff,0xaa,0x55,0x02,0x00,0xc3,0x40,0x16, +0x4b,0x89,0x61 +}; Index: dukaqi/senrui/output/eeprom.dat =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/output/eeprom.dat (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/output/eeprom.dat (working copy) @@ -0,0 +1,2163 @@ +00 +02 +aa +55 +b2 +04 +c2 +84 +00 +09 +c0 +00 +80 +12 +c0 +42 +80 +18 +c0 +44 +80 +39 +c0 +51 +00 +42 +c0 +5c +00 +49 +c0 +5d +80 +76 +c0 +5e +00 +d1 +20 +20 +4a +8b +c0 +01 +80 +d5 +c0 +02 +80 +e5 +c0 +03 +00 +ee +c0 +1d +00 +f3 +c0 +1f +00 +fc +c0 +20 +81 +0e +c0 +29 +01 +14 +c0 +4c +81 +28 +20 +20 +4a +8b +20 +40 +68 +c4 +20 +40 +60 +d7 +20 +40 +00 +16 +20 +20 +40 +0a +20 +75 +80 +00 +20 +20 +7b +9a +20 +30 +80 +28 +70 +89 +55 +d4 +20 +00 +00 +04 +70 +89 +55 +d2 +20 +00 +00 +04 +70 +89 +55 +d1 +20 +00 +00 +04 +6f +e2 +41 +df +c0 +00 +00 +26 +c0 +00 +80 +36 +c0 +01 +00 +26 +c0 +01 +80 +36 +c0 +02 +00 +36 +c0 +10 +00 +36 +70 +89 +55 +d0 +70 +89 +56 +e0 +18 +00 +2a +08 +18 +00 +2a +00 +78 +50 +fc +00 +78 +50 +7c +00 +78 +2f +7c +00 +70 +89 +02 +00 +70 +89 +01 +00 +70 +89 +00 +00 +70 +89 +03 +00 +70 +89 +04 +70 +6f +e2 +89 +06 +79 +20 +7e +00 +67 +e2 +89 +06 +20 +60 +00 +00 +70 +89 +55 +d0 +70 +89 +56 +c0 +20 +20 +00 +28 +60 +42 +00 +17 +20 +40 +49 +2a +20 +40 +49 +80 +58 +00 +05 +00 +20 +40 +4a +8e +6f +e2 +89 +06 +79 +20 +7e +00 +67 +e2 +89 +06 +20 +20 +49 +37 +70 +89 +06 +7c +20 +75 +80 +00 +58 +00 +00 +00 +67 +e4 +41 +dd +1c +43 +7e +00 +67 +e8 +40 +94 +20 +60 +00 +00 +58 +00 +00 +53 +67 +e4 +41 +f6 +58 +00 +00 +5b +67 +e4 +41 +fe +58 +00 +00 +65 +67 +e4 +41 +fa +20 +40 +4d +af +20 +40 +4d +bc +20 +40 +4c +2a +20 +20 +50 +4d +1a +62 +7e +00 +c0 +04 +80 +59 +c0 +01 +00 +57 +20 +20 +4d +df +70 +4b +15 +00 +20 +20 +4d +fb +70 +4b +15 +06 +20 +20 +4e +08 +20 +40 +00 +5d +20 +20 +50 +c3 +6f +e2 +4b +15 +20 +7a +00 +00 +1f +e0 +ff +ff +67 +e2 +4b +15 +24 +7a +00 +00 +6f +e4 +46 +52 +c2 +80 +4d +64 +20 +60 +00 +00 +20 +40 +4f +11 +20 +74 +00 +00 +1a +22 +7e +00 +67 +e4 +46 +71 +1a +42 +7e +00 +67 +e2 +46 +70 +68 +44 +04 +74 +60 +44 +46 +73 +20 +40 +5b +6c +24 +3a +4a +8b +6f +e2 +04 +9e +c0 +81 +50 +42 +e8 +44 +00 +06 +58 +00 +29 +02 +98 +46 +7c +00 +20 +62 +80 +00 +20 +20 +50 +42 +6f +e2 +0a +ff +c0 +13 +80 +cf +c0 +06 +00 +7e +c0 +3b +00 +87 +c0 +3b +80 +8d +c0 +3c +00 +92 +c0 +0a +80 +cc +20 +20 +4e +5c +1a +22 +06 +00 +ef +e2 +00 +03 +c0 +00 +4f +1c +c0 +00 +cf +1f +c0 +01 +4f +25 +c0 +01 +80 +85 +20 +20 +50 +1c +58 +00 +00 +01 +20 +20 +4f +20 +d8 +40 +00 +28 +20 +40 +5b +4d +18 +c0 +8b +fe +58 +00 +00 +00 +e7 +e4 +00 +05 +20 +20 +50 +1f +20 +40 +00 +96 +20 +40 +00 +b3 +58 +00 +00 +00 +e7 +e4 +00 +05 +20 +20 +00 +c5 +ef +e2 +00 +03 +20 +40 +00 +9a +20 +40 +00 +a1 +20 +20 +00 +c5 +20 +40 +00 +b7 +58 +28 +00 +02 +e7 +e6 +00 +05 +20 +60 +00 +00 +67 +e2 +0a +96 +20 +40 +00 +b7 +59 +28 +03 +02 +e7 +e8 +00 +05 +6f +e2 +0a +96 +e7 +e6 +00 +05 +20 +60 +00 +00 +20 +40 +00 +b7 +20 +40 +00 +b3 +20 +40 +00 +b3 +58 +00 +00 +00 +e7 +e4 +00 +05 +18 +40 +85 +ff +20 +40 +5b +4d +18 +c0 +8c +04 +ef +e2 +00 +06 +c2 +82 +00 +ae +c2 +82 +80 +ae +18 +40 +84 +01 +20 +60 +00 +00 +20 +40 +00 +b7 +5a +29 +02 +02 +e7 +f0 +00 +05 +18 +40 +85 +ff +20 +60 +00 +00 +ef +e2 +00 +03 +1f +e2 +72 +00 +e7 +e2 +00 +05 +20 +20 +67 +ed +20 +40 +00 +ba +e0 +44 +00 +05 +20 +60 +00 +00 +6f +e4 +44 +8e +98 +00 +0c +00 +ef +e4 +00 +06 +20 +7a +00 +00 +1f +e0 +84 +01 +ef +e2 +00 +06 +98 +c0 +8c +00 +ef +e2 +00 +06 +98 +c0 +8c +00 +18 +c2 +0a +00 +20 +20 +00 +bc +60 +44 +0a +9e +70 +0a +ff +29 +58 +00 +00 +02 +20 +40 +50 +a5 +68 +44 +0a +9e +e0 +44 +00 +0a +20 +20 +67 +b9 +ef +e6 +00 +03 +67 +e6 +40 +aa +20 +20 +50 +1f +20 +40 +50 +1f +20 +20 +4d +85 +6f +e4 +44 +78 +20 +40 +7d +b5 +1f +e2 +04 +00 +20 +20 +4e +fa +20 +40 +49 +ba +78 +23 +fc +00 +78 +24 +fc +00 +09 +80 +00 +08 +19 +89 +7e +00 +67 +e2 +02 +d5 +09 +80 +00 +08 +19 +89 +7e +00 +e7 +e2 +00 +05 +1f +e1 +72 +3f +20 +22 +d8 +8b +1f +e6 +7c +33 +24 +41 +00 +e3 +20 +20 +58 +87 +df +20 +00 +33 +20 +60 +00 +00 +20 +40 +58 +a3 +20 +40 +49 +15 +68 +42 +00 +17 +20 +40 +49 +1c +20 +00 +05 +dc +20 +40 +49 +21 +78 +28 +7c +00 +d9 +60 +15 +7c +20 +20 +58 +69 +20 +40 +57 +af +20 +40 +00 +f1 +20 +20 +58 +a7 +20 +36 +80 +3e +20 +20 +57 +be +6f +e2 +00 +7d +c0 +08 +00 +f6 +20 +20 +60 +fe +68 +42 +05 +4e +18 +46 +7c +06 +20 +21 +00 +fa +20 +20 +62 +06 +70 +00 +7e +24 +20 +20 +61 +34 +78 +54 +7c +00 +20 +40 +66 +a3 +6f +e2 +00 +48 +20 +7a +00 +00 +c2 +83 +81 +02 +20 +20 +63 +f2 +c0 +42 +01 +05 +c0 +41 +81 +08 +20 +20 +64 +21 +20 +40 +01 +0b +6f +e2 +00 +48 +20 +20 +64 +7b +20 +40 +01 +0b +6f +e2 +00 +48 +20 +20 +64 +ef +6f +e2 +46 +2c +20 +3a +65 +0d +20 +20 +65 +06 +6f +e2 +40 +9e +79 +3f +fe +03 +67 +e2 +40 +9e +58 +00 +00 +01 +67 +e4 +04 +ca +20 +60 +00 +00 +6f +e2 +04 +f9 +c0 +1f +e9 +3e +c0 +39 +e9 +47 +c0 +77 +81 +1a +c0 +29 +ea +05 +20 +60 +00 +00 +6f +e4 +04 +fd +1f +e2 +0c +00 +20 +40 +69 +84 +6f +e2 +04 +ff +c0 +20 +e9 +66 +c0 +20 +69 +6e +c0 +38 +e9 +a7 +c0 +38 +01 +24 +c0 +24 +e9 +be +20 +20 +6a +58 +70 +0a +95 +08 +20 +40 +7b +ab +20 +40 +69 +72 +20 +20 +69 +ba +6f +e2 +44 +90 +20 +3a +5e +d0 +20 +40 +74 +38 +20 +20 +79 +32 +d6 +16 +aa +55 +01 +00 +92 +40 +0a +aa +55 +01 +00 +54 +46 +40 +aa +55 +01 +00 +06 +42 +13 +aa +55 +08 +00 +98 +40 +ff +fb +8f +f8 +8b +85 +59 +83 +aa +55 +03 +00 +14 +42 +6b +4a +05 +aa +55 +04 +00 +3d +45 +00 +7f +00 +07 +aa +55 +03 +00 +2d +46 +03 +00 +04 +aa +55 +01 +00 +2c +46 +01 +aa +55 +06 +00 +57 +46 +04 +30 +30 +30 +30 +30 +aa +55 +10 +00 +f0 +4f +00 +1c +ff +1f +00 +1c +00 +1c +00 +4c +e0 +4f +00 +4c +00 +4c +aa +55 +02 +00 +68 +46 +00 +05 +aa +55 +01 +00 +6c +46 +03 +aa +55 +01 +00 +6f +46 +07 +aa +55 +03 +00 +aa +40 +24 +04 +04 +aa +55 +01 +00 +79 +46 +00 +aa +55 +01 +00 +91 +40 +00 +aa +55 +03 +00 +54 +41 +00 +01 +08 +aa +55 +01 +00 +74 +41 +02 +aa +55 +01 +00 +93 +40 +00 +aa +55 +01 +00 +6d +46 +28 +aa +55 +06 +00 +a0 +40 +a7 +2a +2a +21 +10 +3a +aa +55 +0c +00 +e7 +44 +0b +33 +31 +32 +31 +20 +4d +6f +75 +20 +42 +74 +aa +55 +03 +00 +e4 +41 +20 +00 +01 +aa +55 +01 +00 +e8 +41 +00 +aa +55 +01 +00 +90 +44 +01 +aa +55 +01 +00 +5f +44 +07 +aa +55 +01 +00 +98 +44 +00 +aa +55 +04 +00 +75 +46 +2d +00 +2f +00 +aa +55 +01 +00 +40 +43 +00 +aa +55 +02 +00 +54 +44 +40 +00 +aa +55 +01 +00 +6e +46 +05 +aa +55 +06 +00 +72 +44 +21 +22 +01 +33 +02 +3a +aa +55 +0d +00 +81 +43 +0c +33 +31 +32 +31 +20 +4d +6f +75 +20 +42 +6c +65 +aa +55 +04 +00 +41 +43 +03 +02 +01 +02 +aa +55 +16 +00 +61 +43 +0e +02 +01 +02 +11 +09 +59 +69 +63 +68 +69 +70 +20 +31 +30 +32 +31 +73 +20 +4d +6f +75 +aa +55 +07 +00 +25 +44 +02 +03 +00 +05 +10 +02 +03 +aa +55 +08 +00 +68 +44 +08 +00 +10 +00 +00 +00 +2c +01 +aa +55 +01 +00 +78 +44 +b9 +aa +55 +01 +00 +7a +44 +17 +aa +55 +02 +00 +cc +44 +31 +00 +aa +55 +01 +00 +d1 +40 +01 +aa +55 +0c +00 +49 +45 +05 +03 +00 +12 +00 +01 +01 +00 +01 +11 +03 +00 +aa +55 +01 +00 +5f +45 +00 +aa +55 +02 +00 +47 +45 +83 +46 +aa +55 +b8 +00 +83 +46 +03 +12 +00 +01 +00 +00 +01 +00 +01 +00 +01 +36 +00 +52 +09 +00 +00 +0a +00 +01 +00 +01 +09 +00 +01 +35 +03 +19 +12 +00 +09 +00 +04 +35 +0d +35 +06 +19 +01 +00 +09 +00 +01 +35 +03 +19 +00 +01 +09 +00 +09 +35 +08 +35 +06 +19 +12 +00 +09 +01 +00 +09 +02 +00 +09 +01 +03 +09 +02 +01 +09 +05 +ac +09 +02 +02 +09 +02 +39 +09 +02 +03 +09 +06 +44 +09 +02 +04 +28 +01 +09 +02 +05 +09 +00 +02 +03 +11 +01 +00 +03 +01 +00 +00 +01 +00 +03 +36 +00 +46 +09 +00 +00 +0a +00 +01 +00 +03 +09 +00 +01 +35 +03 +19 +11 +01 +09 +00 +02 +0a +00 +00 +00 +00 +09 +00 +04 +35 +0c +35 +03 +19 +01 +00 +35 +05 +19 +00 +03 +08 +01 +09 +00 +06 +35 +09 +09 +65 +6e +09 +00 +6a +09 +01 +00 +09 +01 +00 +25 +0a +53 +50 +50 +20 +73 +6c +61 +76 +65 +00 +00 +00 +01 +00 +aa +55 +02 +00 +8e +44 +af +47 +aa +55 +6c +00 +af +47 +01 +00 +02 +00 +28 +02 +01 +18 +02 +00 +02 +03 +28 +01 +20 +03 +00 +02 +05 +2a +01 +00 +04 +00 +02 +02 +29 +02 +01 +00 +05 +00 +02 +00 +28 +02 +00 +18 +06 +00 +02 +03 +28 +01 +4e +07 +00 +02 +00 +2a +13 +41 +73 +74 +20 +4c +45 +20 +4d +6f +75 +73 +65 +20 +20 +20 +20 +20 +20 +20 +08 +00 +02 +03 +28 +01 +4e +09 +00 +02 +01 +2a +02 +00 +00 +0a +00 +02 +03 +28 +01 +02 +0b +00 +02 +04 +2a +08 +10 +00 +20 +00 +05 +00 +2c +01 +00 +00 +aa +55 +01 +00 +00 +40 +02 +aa +55 +02 +00 +10 +40 +20 +02 +aa +55 +01 +00 +14 +40 +04 +aa +55 +01 +00 +17 +40 +19 +aa +55 +01 +00 +20 +40 +68 +aa +55 +02 +00 +27 +40 +44 +02 +aa +55 +01 +00 +2a +40 +04 +aa +55 +01 +00 +33 +40 +02 +aa +55 +07 +00 +76 +41 +0f +84 +30 +0a +0b +b2 +32 +aa +55 +02 +00 +57 +41 +8b +0b +aa +55 +08 +00 +a1 +00 +00 +00 +00 +00 +00 +00 +00 +00 +aa +55 +02 +00 +bd +40 +02 +24 +aa +55 +08 +00 +ad +40 +40 +00 +00 +02 +32 +00 +00 +02 +aa +55 +02 +00 +bb +40 +20 +00 +aa +55 +04 +00 +b7 +40 +20 +00 +00 +20 +aa +55 +04 +00 +bf +40 +80 +04 +00 +10 +aa +55 +05 +00 +e2 +44 +08 +0e +05 +04 +00 +aa +55 +02 +00 +02 +42 +30 +1f +aa +55 +01 +00 +10 +42 +20 +aa +55 +01 +00 +e0 +41 +01 +aa +55 +0f +00 +16 +4b +4b +ba +55 +d0 +56 +e0 +57 +88 +58 +6c +59 +10 +07 +ff +ff +aa +55 +02 +00 +c3 +40 +16 +4b +89 +61 Index: dukaqi/senrui/output/memmap.format =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/output/memmap.format (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/output/memmap.format (working copy) @@ -0,0 +1,1025 @@ +0x0000 mem_le_adv_transmit +0x0001 mem_le_adv_waitcnt +0x0002 mem_le_adv_rcv +0x0003 mem_le_req_rcv +0x0004 mem_le_scanrsp_rcv +0x0005 mem_le_conn_rcv +0x0006 mem_inquiryscan_waitcnt +0x0007 mem_inquiryscan_rcvcnt +0x0008 mem_pagescan_waitcnt +0x0009 mem_pagescan_rcvcnt +0x000a mem_pagescan_rcvfhscnt +0x000b mem_slave_rcvcnt +0x000c mem_page_transmit +0x000d mem_page_rcv +0x000e mem_page_rcv_fhs +0x000f mem_master_rcvcnt +0x0010 mem_fhs_wait_counter +0x0011 mem_newconnto_counter +0x0012 mem_inquiry_transmit +0x0013 mem_inquiry_rcv +0x0014 mem_fw_ver +0x0015 mem_current_context +0x0016 mem_le_ch_mapped +0x0017 mem_last_freq +0x0018 mem_rssi +0x0019 mem_rx_type +0x001a mem_rx_hec_err +0x001c mem_rx_crc_err +0x001e mem_context_ptr +0x0020 mem_display +0x0028 mem_bcd +0x0030 mem_state +0x0031 mem_mode +0x0032 mem_tsniff +0x0034 mem_sniff_anchor +0x0038 mem_clk_offset +0x003e mem_rx_window +0x0040 mem_plap +0x0043 mem_puap +0x0044 mem_pnap +0x0046 mem_conn_handle +0x0047 mem_arq +0x0048 mem_lmp_to_send +0x0049 mem_lmi_opcode +0x004a mem_lmo_reason +0x004b mem_op +0x004c mem_state_map +0x004d mem_supervision_timer +0x0051 mem_supervision_to +0x0053 mem_name_offset +0x0054 mem_key_size +0x0055 mem_conn_sm +0x0056 mem_aco +0x0062 mem_kc +0x0072 mem_conn_timer +0x0073 mem_sniff_attempt +0x0074 mem_sniff_timeout +0x0075 mem_dsniff +0x0077 mem_amaddr +0x0078 mem_lmo_opcode1 +0x0079 mem_lmi_opcode1 +0x007a mem_lmo_reason1 +0x007b mem_lmo_tid1 +0x007c mem_lmo_opcode2 +0x007d mem_lmi_opcode2 +0x007e mem_lmo_reason2 +0x007f mem_lmo_tid2 +0x0080 mem_hci_version +0x0083 mem_acl_pktlen +0x0085 mem_sco_pktlen +0x0086 mem_acl_pktcnt +0x0088 mem_sco_pktcnt +0x008a mem_current_sniff_attempt +0x008b mem_current_sniff_timeout +0x008c mem_sniff_timeout_temp +0x008d mem_nfreq_index_inq +0x008e mem_nfreq_index_page +0x008f mem_ninqy_index +0x0090 mem_fhs_misc +0x0091 mem_subsniff_instant +0x0095 mem_subsniff_rate +0x0096 mem_subsniff_tcmax +0x0098 mem_subsniff_tsniff +0x0099 mem_lpm_adjust +0x009a mem_sync_clke +0x00a0 mem_lpm_current_mult +0x00a1 mem_gpio_wakeup +0x00a7 mem_air_mode +0x00a8 mem_sco_asso_handle +0x00a9 mem_sco_handle +0x00ab mem_esco_desco +0x00ac mem_esco_type +0x00ad mem_neogotiation_state +0x00ae mem_saved_amaddr +0x00af mem_esco_arq +0x00b0 mem_esco_saved_arq +0x00b1 mem_sco_obuf +0x00cf mem_sco_ibuf +0x00ed mem_sco_poll +0x00ee mem_npage_index +0x00ef mem_page_mode +0x00f0 mem_page_clk +0x00f4 mem_tst_pktcnt_sync +0x00f6 mem_tst_pktcnt_hec +0x00f8 mem_tst_pktcnt_crc +0x00fa mem_tst_pktcnt_dmh +0x00fc mem_tmp_buffer_head +0x00ff mem_tmp_buffer +0x014f mem_tester_emulate +0x0150 mem_temp_payload +0x0150 test_mode_scenario +0x0151 test_mode_hopping_mode +0x0152 test_mode_tx_freq +0x0153 test_mode_rx_freq +0x0154 test_mode_power_mode +0x0155 test_mode_poll_period +0x0156 test_mode_packet_type +0x0157 test_mode_data_length +0x0159 mem_test_mode_old_debug_config +0x015a mem_tester_cnt +0x015b mem_temp_am_addr +0x015c mem_temp_arq +0x015d mem_len +0x015f mem_clkn_bt +0x0163 mem_clke_bt +0x0167 mem_dpll_clkn +0x016b mem_connection_options +0x016c mem_nameres_cnt +0x016d mem_txptr +0x016f mem_slot_offset +0x0171 extm_fhs_misc +0x0172 extm_newconn_am_addr +0x0173 extm_class +0x0176 extm_lap +0x0179 extm_uap +0x017a extm_nap +0x017d mem_debug_config +0x017e mem_lch_code +0x017f mem_fhs_am_addr +0x0180 mem_dpll_error +0x0182 mem_select_list_item +0x0183 mem_temp_reconn_record +0x0183 mem_record_bt_mode +0x0184 mem_temp_lap +0x018a mem_list_item_ptr +0x018c mem_eir +0x01f0 mem_ucode_status +0x01f1 mem_otp_ucode_flag +0x01f3 mem_spid_tbuf/* spid buf: 03 addr[23:16] addr[15:8] addr[7:0] */ +0x01f4 mem_iicd_tbuf/* iicd buf: iic_adr addr[15:8] addr[7:0] iic_adr */ +0x01f4 mem_addr_hi +0x01f5 mem_addr_mi +0x01f6 mem_addr_lo +0x01f7 mem_iicd_addr +0x01f8 mem_spid_rbuf +0x01fc mem_ucode_buf +0x01fe mem_ucode_len +0x0200 mem_sched_addr +0x0202 mem_ucode_ptr +0x0204 mem_ucode_keybuf +0x0214 mem_check_plap_temp +0x0226 mem_reconnect_flag +0x0227 mem_switch_fail_master_count +0x0228 mem_app_evt_timer_count +0x0229 mem_h5rx_ackcnt +0x022a mem_check_err_acl_cont +0x022b mem_rp_packets +0x022c mem_packet_type +0x022e mem_hci_sniff_conn_handle +0x0230 mem_hci_sniff_max_interval +0x0232 mem_hci_sniff_min_interval +0x0234 mem_hci_sniff_attempt +0x0236 mem_hci_sniff_timeout +0x0238 mem_voice_setting +0x023a mem_retransmission_effort +0x023b mem_sco_ptype +0x023d mem_extm_uap_restore +0x0240 mem_h5rx_rptr +0x0242 mem_h5rx_ack +0x0243 mem_h5tx_ack +0x0244 mem_h5tx_rptr +0x0246 mem_h5tx_wptr +0x0248 mem_h5tx_free +0x024a mem_h5rx_tmp +0x024b mem_h5tx_seq +0x024c mem_hci_acl_queue_wptr +0x024e mem_hci_acl_queue_rptr +0x0250 mem_hci_acl_queue_end +0x0252 mem_hci_acl_queue_wcnt +0x0253 mem_hci_acl_cnt +0x0254 mem_hci_acl_tx_trigger_wptr//tx via uart +0x0256 mem_hci_curr_len +0x0257 mem_hci_curr_target +0x0259 mem_l2cap_mem_start +0x0259 mem_l2cap_rxbuff1_len +0x025b mem_l2cap_rxbuff2_len +0x025d mem_l2cap_rxbuff_new +0x025f mem_l2cap_rxbuff_inuse +0x0260 mem_l2cap_payload_ptr +0x0262 mem_l2cap_rx_pkt_length +0x0264 mem_l2cap_rx_cid +0x0266 mem_l2cap_rx_done +0x0267 mem_l2cap_signal_tx_buff_ptr +0x0269 mem_l2cap_signal_tx_payload_ptr +0x026b mem_l2cap_signal_tx_length +0x026d mem_sdp_tx_buff_ptr +0x026f mem_sdp_tx_payload_ptr +0x0271 mem_sdp_tx_pkt_length +0x0273 mem_rfcomm_tx_buff_ptr +0x0275 mem_rfcomm_tx_payload_ptr +0x0277 mem_rfcomm_tx_pkt_length +0x0279 memL2CAP_T1 +0x027b mem_CONTROL_tasks +0x027c mem_send_config_req +0x027d mem_config_identifier +0x027e mem_config_req_dest_CID +0x0280 mem_rfcomm_malloc_fail_flag +0x0281 mem_message_to_uppersm +0x0282 mem_upper_sm_remote_page +0x0283 mem_upper_sm_reconn +0x0284 mem_upper_sm_ss +0x0285 mem_tx_malloc_log +0x02c5 mem_l2cap_mem_end +0x02c5 mem_scid +0x02c7 mem_cmd_length +0x02c9 mem_tt2 +0x02cb mem_tt3 +0x02cd mem_id +0x02cf mem_psm +0x02d1 mem_l2cap_sdpres_delay_time +0x02d5 mem_le_rxbuf +0x030d mem_le_l2capbuf +0x0413 mem_le_mic +0x0417 mem_le_peer_mic +0x041b mem_le_peer_ltk +0x042b mem_le_mrand +0x043b mem_le_state +0x043c mem_le_mode +0x043d mem_le_tsniff +0x043f mem_le_anchor +0x0443 mem_le_clk_offset +0x0449 mem_le_receive_window +0x044b mem_le_plap +0x0451 mem_le_conn_handle +0x0452 mem_le_arq +0x0453 mem_le_ch +0x0454 mem_le_hop +0x0455 mem_le_event_count +0x0457 mem_le_supervision_timer +0x045b mem_le_instant +0x045d mem_le_channels +0x045e mem_le_op +0x045f mem_le_access +0x0463 mem_le_crcinit +0x0466 mem_le_window_size +0x0467 mem_le_slave_latency +0x0469 mem_le_superto +0x046b mem_le_channel_map +0x0470 mem_le_no_using +0x0472 mem_le_peer_sca +0x0473 mem_le_att_opcode +0x0474 mem_le_att_handle +0x0476 mem_le_err_code +0x0477 mem_le_ll_pairing_fail_reason +0x0478 mem_le_sk +0x0488 mem_le_testtype +0x0489 mem_le_test_sync +0x048b mem_le_test_pcnt +0x048d mem_le_rxon_ts +0x0493 mem_le_rx_ll_opcode +0x0494 mem_le_notify_attr_start +0x0496 mem_le_notify_len +0x0497 mem_cmd_le_create_conn +0x0498 mem_le_cur_attlist_start_ptr +0x049a mem_le_cur_handle_start +0x049c mem_le_cur_handle_end +0x049e mem_le_cur_uuid_length +0x049f mem_le_cur_uuid +0x04af mem_le_curr_att_len +0x04b0 mem_le_search_res +0x04b1 mem_le_continue_type +0x04b2 mem_lmo_header_length +0x04b3 mem_lmo_header_opcode +0x04b4 mem_lmo_payload +0x04c5 mem_lmi_accepted_opcode +0x04c6 mem_disconn_reason_send +0x04c7 mem_tx_fixed_freq +0x04c8 mem_rx_fixed_freq +0x04c9 mem_ext_features_page +0x04ca mem_lmpext_ssp_enable +0x04cc mem_remote_sppcap +0x04cd mem_lmp_conn_state +0x04ce mem_soft_timer +0x04d0 mem_pincode_state +0x04d1 mem_sres_tid +0x04d2 mem_accptsco_tid +0x04d3 mem_auth_enable +0x04d4 mem_wait_encryption +0x04d5 mem_sniff_payload +0x04e5 mem_aurand_send_delay_time +0x04e9 memRemoteRPNBitRate +0x04ea memRemotePRNDataBits +0x04eb memRemotePRNStopBit +0x04ec memRemotePRNParity +0x04ed memRemotePRNFlowControl +0x04ee memRemotePRNXon +0x04ef memRemotePRNXoff +0x04f0 mem_mod2div_temp +0x04f3 mem_contw_temp +0x04f5 mem_attrib_list +0x04f7 mem_current_adss +0x04f8 mem_current_channel +0x04f9 mem_current_frame_type +0x04fa mem_current_fcs +0x04fb mem_current_length +0x04fd mem_rfcomm_uih_payload_ptr +0x04ff mem_uih_cmd_type +0x0500 mem_uih_length +0x0502 mem_param_payload_ptr +0x0504 mem_ms_param +0x0505 mem_pn_credit_flow_type_info +0x0506 mem_pn_priority +0x0507 mem_pn_acknowledg_timer +0x0508 mem_pn_max_retrans +0x0509 mem_rfcomm_send_adss +0x050a mem_rfcomm_send_frame_type +0x050b mem_rfcomm_send_fcs +0x050c mem_rfcomm_send_offset +0x050d mem_sdp_mem_start +0x050d mem_sdp_uuid_search_ptr +0x0515 mem_sdp_continue_byte +0x0517 mem_sdp_pduid +0x0518 mem_sdp_transactionid +0x051a mem_sdp_transactionid_local +0x051c mem_sdp_attribute_maxbyte +0x051e mem_sdp_record_maxcnt +0x0520 mem_sdp_record_handle +0x0524 mem_sdp_LACAP_found +0x0525 mem_sdp_RFCOMM_found +0x0526 mem_sdp_handle_list +0x0526 mem_sdp_attrib_list +0x0546 mem_sdp_error_code +0x0548 mem_sdp_all_length +0x054a mem_handle_humber +0x054b mem_search_uuid +0x054d mem_sdp_mem_end +0x054d mem_rxbuf +0x055e mem_random_number +0x056e mem_round_key +0x057e mem_kinit +0x058e mem_input_store +0x059e mem_x +0x05ae mem_y +0x05bd mem_y15 +0x05be mem_key_store +0x05cf mem_key_store_end +0x05d0 memp_ar_key +0x05d2 memp_ar_input +0x05d4 mem_ar_hround +0x05de mem_ec_infinite +0x05df mem_ec_loopc +0x05e1 mem_aes_cmac_data_length +0x05e2 memdat +0x05e2 mem_ax +0x05fa mem_ay +0x0612 mem_az +0x062a mem_bx +0x0642 mem_ax_256//32 bytes +0x0642 mem_by +0x065a mem_bz +0x0662 mem_ay_256// 32 bytes +0x0672 mem_cx +0x0682 mem_az_256// 32 bytes +0x068a mem_cy +0x06a1 mem_cy5 +0x06a2 mem_bx_256// 32 bytes +0x06a2 mem_cz +0x06ba mem_k +0x06c2 mem_by_256// 31 bytes +0x06d2 mem_align +0x06e2 mem_bz_256//32 bytes +0x06e2 mem_tmp1 +0x06e2 memahbak +0x06fa mem_tmp5 +0x0702 mem_cx_256//32 bytes +0x0702 memahsave +0x0712 mem_tmp2 +0x0722 mem_cy_256// 32 bytes +0x0722 memahsave_end +0x0722 mem_addr_padding +0x0723 mem_addr_value/* 12 bytes */ +0x072a mem_tmp3 +0x072a mem_t1 +0x072f mem_addr_value_end +0x0732 mem_addr_iocap_end +0x0741 mem_cy5_256// 1 byte +0x0742 mem_cz_256// 32 bytes +0x0742 mem_tmp0 +0x0742 mem_t0 +0x074a mem_tmp0a +0x075a mem_t2 +0x0762 mem_k_256//32 bytes +0x0772 mem_t3 +0x0782 mem_tmp1_256//32 bytes +0x078a mem_t7 +0x07a2 mem_tmp5_256 +0x07c2 mem_tmp2_256 +0x07e2 mem_tmp3_256 +0x07e2 mem_t1_256 +0x0802 mem_tmp0_256 +0x0802 mem_t0_256 +0x0822 mem_t2_256 +0x0842 mem_t3_256 +0x0862 mem_t7_256 +0x0882 mem_p +0x089a mem_a +0x08b2 mem_b +0x08ca mem_gx +0x08e2 mem_gy +0x08fa memh0 +0x091a mem_p_256 +0x093a mem_a_256 +0x095a mem_gx_256 +0x097a mem_gy_256 +0x099a mem_le_slat +0x09aa mem_sp_state_start +0x09aa mem_sp_state +0x09ab mem_master_sp_state +0x09ac mem_sp_flag +0x09ad mem_master_sp_flag +0x09ae mem_sp_calc +0x09af mem_sp_dh_ready +0x09b0 mem_sp_localsm +0x09b1 mem_pairing_auth +0x09b2 mem_sp_flag_start +0x09b2 mem_sp_local_key_send_count +0x09b3 mem_sp_remote_key_recv_count +0x09b4 mem_sp_remote_key_invalid +0x09b5 mem_sp_dhkey_invalid +0x09b6 mem_gkey +0x09ba mem_le_pubkey_remote_x_256 +0x09c2 mem_sp_pubkey_remote +0x09c2 mem_sp_pubkey_remote_x +0x09da mem_sp_pubkey_remote_x_end +0x09da mem_le_pubkey_remote_y_256 +0x09e2 mem_sp_pubkey_remote_y +0x09fa mem_le_dhkey_256 +0x0a02 mem_sp_dhkey +0x0a1a mem_sp_dhkey_end +0x0a1a mem_sp_random_local +0x0a2a mem_sp_random_local_end +0x0a2a mem_sp_random_remote +0x0a3a mem_sp_random_remote_end +0x0a3a memresult +0x0a3a mem_sp_calc_result +0x0a3a memh +0x0a3e memg +0x0a42 memf +0x0a46 meme +0x0a4a mem_sp_calc_result_high +0x0a4a memd +0x0a4e memc +0x0a52 memb +0x0a56 mema +0x0a5a mem_sp_check_result +0x0a6a mem_sp_confirm_remote +0x0a7a mem_sp_prarm_stack +0x0a8a mem_UI_data_txbuff_length +0x0a8c mem_ipc_skip_continue_proc +0x0a8d mem_ui_timer_temp//length 4 +0x0a8d mem_ipc_rega_temp +0x0a91 mem_hold_contr +0x0a93 mem_hold_contw +0x0a95 mem_fifo_temp +0x0a96 mem_pdatatemp +0x0a9e mem_temp//8 bytes +0x0aa6 mem_timeup// 4 bytes +0x0aaa mem_rega//4 bytes +0x0aae mem_regb//4 bytes +0x0ab2 mem_regc//3 bytes +0x0ab5 mem_contr//2 bytes +0x0ab7 mem_contw//2 bytes +0x0ab9 mem_wakup_from_power_flag +0x0aba mem_saved_gpio_in +0x0abe mem_shutter_random_mac_data_temp +0x0abe mem_shutter_config_data_temp +0x0abe mem_le_adv_channel_map_temp +0x0abe mem_le_data_len_temp//1byte +0x0abe mem_tx_fifo_map_temp +0x0abe mem_rpn_dlci//1byte +0x0abe mem_event_cmd_response_content//2byte +0x0abe mem_le_prand//16byte +0x0abe mem_AES_CMAC_k//16 bytes +0x0abe mem_regext_index//1 bytes +0x0abe mem_temp_block0 +0x0abf mem_le_data_temp//15bytes +0x0abf mem_temp_block1 +0x0ace mem_le_aes_128//16byte +0x0ace mem_regext//64 bytes +0x0ace mem_AES_CMAC_k1//16 bytes +0x0ace mem_temp_block2 +0x0ade mem_AES_CMAC_k2//16 bytes +0x0ade mem_temp_block3 +0x0aee mem_AES_CMAC_temp// 16 bytes +0x0aee mem_temp_block4 +0x0afe mem_AES_CMAC_M_last// 16 bytes +0x0afe mem_module_uart_cmd +0x0aff mem_module_uart_opcode +0x0b00 mem_module_uart_len +0x0b01 mem_module_temp_nl_discard_packet +0x0b02 mem_temp_block5 +0x0b0e mem_le_mackey//16 bytes +0x0b0e mem_app_receive_temp +0x0b0e mem_key_value_temp +0x0b10 mem_key_value +0x0b12 mem_key_value_temp1 +0x0b13 mem_key_value_temp2 +0x0b14 mem_key_value_temp3 +0x0b15 mem_key_value_temp4 +0x0b16 mem_key_value_temp5 +0x0b17 mem_key_value_temp6 +0x0b18 mem_temp_block6 +0x0b1e mem_usb_status +0x0b1f mem_usb_fifo_empty +0x0b20 mem_usb_read_len +0x0b21 mem_usb_rxbuf +0x0b61 mem_bufptr +0x0b63 mem_remain +0x0b64 mem_devicedesc +0x0b78 mem_hidreportdesc_kb +0x0b7a mem_hidreportdesc_m +0x0b7c mem_confdesc +0x0be0 mem_string0 +0x0be5 mem_string1 +0x0c03 mem_string2 +0x0c43 mem_string3 +0x0c61 mem_usb_zero_packet +0x0c63 mem_usb_ones_packet +0x0c65 mem_usb_two_packet +0x0c67 mem_usb0_state +0x0c68 mem_usb_offline_check_gpio +0x0c69 mem_usb_tx_interval +0x0c6a mem_usb_clear_mem_start +0x0c6a mem_usb_setup +0x0c6a mem_usb_setup_bmRequestType +0x0c6b mem_usb_setup_bRequest +0x0c6c mem_usb_setup_bValue +0x0c6d mem_usb_setup_bValueH +0x0c6e mem_usb_setup_wIndex +0x0c70 mem_usb_setup_bLength +0x0c71 mem_usb_setup_bLengthH +0x0c72 mem_usb0_setup +0x0cb2 mem_usb0_set_report_data +0x0cf2 mem_usb0_get_report_data +0x0d32 mem_usb_state +0x0d33 mem_usb_tx_wait +0x0d34 mem_usb_tx_enable +0x0d35 mem_usb_remote_wakeup +0x0d36 mem_usb_clear_remote_wakeup +0x0d37 mem_usb_ep0_stall_status +0x0d38 mem_usb_ep1_stall_status +0x0d39 mem_usb_ep2_stall_status +0x0d3a mem_usb_ep3_stall_status +0x0d3b mem_dsc_info_data_pointer +0x0d3d mem_dsc_info_len +0x0d3e mem_usb0_data_ready_report +0x0d3f mem_usb_tx_win_enable +0x0d40 mem_usb_tx_mac_enable +0x0d41 mem_usb_device_enumeration_endflag +0x0d42 mem_usb_wakestate_onetime_flag +0x0d43 mem_usb_mac_wakeup_trig +0x0d44 mem_usb_set_high_addr_flag +0x0d45 mem_usb_set_protocol_value +0x0d46 mem_usb_set_protocol_status +0x0d47 mem_usb_get_protocol_flag +0x0d48 mem_usb_idle_flag +0x0d49 mem_usb_idle_rate +0x0d4a mem_usb_setup_bValue_temp +0x0d4c mem_usb0_get_set_report +0x0d4d mem_usb_ep1_data +0x0d4e mem_usb_ep2_data +0x0d4f mem_usb_clear_halt +0x0d50 mem_usb_mouse_data +0x0d60 mem_usb_kb_data +0x0d70 mem_usb_kb_multikey +0x0d80 mem_usb_kb_data_sta_data +0x0d88 mem_usb_kb_data_last_data +0x0d90 mem_usb_kb_multikey_sta_data +0x0d93 mem_usb_kb_multikey_last_data +0x0d96 mem_usb_kb_blank_data_enable +0x0d97 mem_usb_kb_mul_blank_data_enable +0x0d98 mem_usb_test_cnt +0x0d99 mem_usb_clear_mem_end +0x0d99 mem_usb_test_kb +0x0d9a mem_rssi_noise_buffer +0x0e9a mem_rssi_noise_dg_buffer +0x0f9a mem_rssi_noise_ms_buffer +0x109a mem_rssi_noise_kb_buffer +0x119a mem_24g_common_temp +0x4000 mem_patch00 +0x4001 mem_patch01 +0x4002 mem_patch02 +0x4003 mem_patch03 +0x4004 mem_patch04 +0x4005 mem_patch05 +0x4006 mem_patch06 +0x4007 mem_patch07 +0x4008 mem_patch08 +0x4009 mem_patch09 +0x400a mem_patch0a +0x400b mem_patch0b +0x400c mem_patch0c +0x400d mem_patch0d +0x400e mem_patch0e +0x400f mem_patch0f +0x4010 mem_patch10 +0x4011 mem_patch11 +0x4012 mem_patch12 +0x4013 mem_patch13 +0x4014 mem_patch14 +0x4015 mem_patch15 +0x4016 mem_patch16 +0x4017 mem_patch17 +0x4018 mem_patch18 +0x4019 mem_patch19 +0x401a mem_patch1a +0x401b mem_patch1b +0x401c mem_patch1c +0x401d mem_patch1d +0x401e mem_patch1e +0x401f mem_patch1f +0x4020 mem_patch20 +0x4021 mem_patch21 +0x4022 mem_patch22 +0x4023 mem_patch23 +0x4024 mem_patch24 +0x4025 mem_patch25 +0x4026 mem_patch26 +0x4027 mem_patch27 +0x4028 mem_patch28 +0x4029 mem_patch29 +0x402a mem_patch2a +0x402b mem_patch2b +0x402c mem_patch2c +0x402d mem_patch2d +0x402e mem_patch2e +0x402f mem_patch2f +0x4030 mem_patch30 +0x4031 mem_patch31 +0x4032 mem_patch32 +0x4033 mem_patch33 +0x4034 mem_patch34 +0x4035 mem_patch35 +0x4036 mem_patch36 +0x4037 mem_patch37 +0x4038 mem_patch38 +0x4039 mem_patch39 +0x403a mem_patch3a +0x403b mem_patch3b +0x403c mem_patch3c +0x403d mem_patch3d +0x403e mem_patch3e +0x403f mem_patch3f +0x4040 mem_context +0x4090 mem_current_amaddr +0x4091 mem_lpm_mode +0x4092 mem_device_option +0x4093 mem_scan_mode +0x4094 mem_last_clkn +0x4098 mem_features +0x40a0 mem_lap +0x40a3 mem_uap +0x40a4 mem_nap +0x40a6 mem_npage +0x40a7 mem_glap +0x40aa mem_class +0x40ad mem_iscan_window +0x40af mem_iscan_interval +0x40b1 mem_pscan_window +0x40b3 mem_pscan_interval +0x40b5 mem_page_interval +0x40b7 mem_page_window +0x40b9 mem_page_to +0x40bb mem_inq_window +0x40bd mem_fcomp_mul +0x40be mem_fcomp_div +0x40bf mem_rx_window_init +0x40c1 mem_rx_window_sniff +0x40c3 mem_rf_init_ptr +0x40c5 mem_last_type +0x40c6 mem_last_type_esco +0x40c7 mem_last_type_saved +0x40c8 mem_retransmission_cnt +0x40ca mem_next_btclk +0x40ce mem_rf_rccal +0x40cf mem_handle_num +0x40d0 mem_max_slot +0x40d1 mem_eir_enable +0x40d2 mem_afh_instant +0x40d6 mem_afh_error_total +0x40d8 mem_afh_cfg +0x40d9 mem_afh_new_mod +0x40da mem_afh_map_lo +0x40df mem_afh_map_hi +0x40e4 mem_afh_used +0x40e5 mem_afh_index +0x40e7 mem_afh_map_new +0x40f2 mem_afh_map +0x4142 mem_afh_timer +0x4146 mem_afh_classify_channel_map +0x4150 mem_chip_functions +0x4152 mem_lpm_wake_lock +0x4154 mem_lpm_interval +0x4156 mem_lpm_overhead +0x4157 mem_lpm_hibernate_switch +0x4158 mem_lpm_doze_switch +0x4159 mem_esco_addr +0x415a mem_sniff_unint_lost +0x415b mem_ptt +0x415c mem_sleep_counter//should be 0x41fc in REVC +0x4160 mem_sleep_counter_all +0x4164 mem_sleep_clkn +0x416a mem_sniff_rcv +0x416d mem_sniff_lost +0x4170 mem_clks_per_lpo +0x4173 mem_lpm_mult +0x4174 mem_lpm_mult_timeout +0x4175 mem_lpm_mult_cnt +0x4176 mem_lpm_config +0x4179 mem_lpm_xtalcnt +0x417a mem_lpm_buckcnt +0x417b mem_lpm_ldocnt +0x417c mem_lpm_isogate +0x417d mem_lpm_isogate_final +0x417e mem_saved_gpio// should be 0x421e in REVC +0x418e mem_saved_gsel +0x4191 mem_saved_mark +0x4199 mem_saved_spidctrl +0x419a mem_patch_ptr +0x419c mem_patch_len +0x419e mem_timers +0x41be mem_link_key_exists +0x41bf mem_link_key +0x41cf mem_hci_cmd +0x41d0 mem_hci_conn_handle +0x41d1 mem_hci_plap +0x41d4 mem_hci_puap +0x41d5 mem_hci_pnap +0x41d7 mem_uartd_rxitems_got_data +0x41d8 mem_uartd_rxitems_threshold +0x41d9 mem_uartd_rx_timeout +0x41db mem_loadcode_times +0x41dc mem_tx_lch +0x41dd mem_tx_len +0x41df mem_tx_power +0x41e0 mem_context_number +0x41e1 mem_250k_freq_enable +0x41e2 mem_rf_init_data +0x41e3 mem_app_handshake_flag +0x41e4 mem_sniff_param_interval +0x41e6 mem_sniff_param_attempt +0x41e8 mem_sniff_param_timeout +0x41ea mem_cb_check_wakelock +0x41ec mem_cb_before_hibernate +0x41ee mem_cb_before_lpm +0x41f0 mem_cb_le_process +0x41f2 mem_cb_bt_process +0x41f4 mem_cb_idle_process +0x41f6 mem_cb_bb_event_process +0x41f8 mem_cb_discovry_timeout +0x41fa mem_cb_att_write +0x41fc mem_cb_ble_transmit +0x41fe mem_cb_event_timer +0x4200 mem_cb_bt_set_mult +0x4202 mem_eeprom_base +0x4204 mem_unsniff2sniff_timer_count +0x4205 mem_wake_up_delay_timer +0x4206 mem_app_connection_options +0x4207 mem_app_disconn_reason +0x4209 mem_app_disconn_reason_flag +0x420b mem_lpm_delay_after_sniff +0x420f mem_xrecord_mode +0x4210 mem_eeprom_block_size +0x4211 mem_spi_init_clk +0x4212 mem_spi_init_delay_time +0x4213 mem_spi_ncs_gpio +0x4214 mem_nv_data_ptr +0x4216 mem_nv_data_number +0x4217 mem_hci_lt_rx_state +0x4218 mem_l2cap_xmem_start +0x4218 mem_l2cap_tx_multi_offset//0 means single packet +0x421a mem_sdp_remote_cid +0x421c mem_rfcomm_remote_cid +0x421e mem_hid_ctrl_remote_cid +0x4220 mem_hid_int_remote_cid +0x4222 mem_sdp_state +0x4223 mem_rfcomm_state +0x4224 mem_hid_control_state +0x4225 mem_hid_interrupt_state +0x4226 mem_spp_state +0x4227 mem_ML2CAP_comm_id +0x4228 mem_used_map +0x4229 mem_tx_fifo0 +0x4229 mem_tx_fifo0_map +0x422a mem_tx_fifo0_ptr +0x422c mem_tx_fifo1 +0x422c mem_tx_fifo1_map +0x422d mem_tx_fifo1_ptr +0x422f mem_tx_fifo2 +0x422f mem_tx_fifo2_map +0x4230 mem_tx_fifo2_ptr +0x4232 mem_tx_fifo3 +0x4232 mem_tx_fifo3_map +0x4233 mem_tx_fifo3_ptr +0x4235 mem_tx_fifo_end +0x4235 mem_l2cap_lpm_txbuf +0x4335 mem_l2cap_flow_ctrl_flag +0x4336 mem_l2cap_pending_item +0x4337 mem_l2cap_xmem_end +0x4337 mem_le_dsniff +0x4339 mem_le_conn_interval +0x433b mem_le_scan_enable +0x433c mem_le_scan_interval +0x433e mem_le_scan_window +0x4340 mem_le_adv_enable +0x4341 mem_le_adv_data_len +0x4342 mem_le_adv_data +0x4361 mem_le_scan_data_len +0x4362 mem_le_scan_data +0x4381 mem_le_name_len +0x4382 mem_le_name +0x43a0 mem_le_new_map +0x43a5 mem_le_new_param +0x43a5 mem_le_new_transmitwindowsize +0x43a6 mem_le_new_transmitwindowoffset +0x43a8 mem_le_new_conninterval +0x43aa mem_le_new_connslavelatency +0x43ac mem_le_new_connsupervisiontimeout +0x43ae mem_le_txheader +0x43af mem_le_txlen +0x43b0 mem_le_txpayload +0x43b2 mem_le_txcid +0x43b4 mem_le_l2cap +0x43b5 mem_le_l2cap_response +0x43b6 mem_le_txbdy +0x43d5 mem_le_pcnt_tx +0x43da mem_le_pcnt_rx +0x43df mem_le_last_mic +0x43e3 mem_le_ivm +0x43e7 mem_le_ivs +0x43eb mem_le_ltk +0x43fb mem_ltk_exists +0x43fc mem_le_rconfirm +0x440c mem_le_srand +0x441c mem_le_iat +0x441d mem_le_rat +0x441e mem_le_preq +0x441f mem_le_preq_iocap +0x4420 mem_le_preq_oob +0x4421 mem_le_preq_auth +0x4422 mem_le_preq_max_keysize +0x4423 mem_le_preq_init_key_distribution +0x4424 mem_le_preq_resp_key_distribution +0x4425 mem_le_pres +0x4426 mem_le_pres_iocap +0x4427 mem_le_pres_oob +0x4428 mem_le_pres_auth +0x4429 mem_le_pres_max_keysize +0x442a mem_le_pres_init_key_distribution +0x442b mem_le_pres_resp_key_distribution +0x442c mem_le_search_handle_start +0x442e mem_le_search_handle_end +0x4430 mem_le_att_offset +0x4430 mem_le_search_att_type_length +0x4431 mem_le_search_att_type +0x4441 mem_le_notify_handle +0x4443 mem_le_search_uuid_length +0x4444 mem_le_search_uuid +0x4454 mem_le_adv_param +0x4454 mem_le_adv_interval +0x4456 mem_le_adv_type +0x4457 mem_le_adv_own_addr_type +0x4458 mem_le_adv_direct_addr_type +0x4459 mem_le_adv_direct_addr +0x445f mem_le_adv_channel_map +0x4460 mem_le_conn_param +0x4460 mem_le_conn_peer_addr_type +0x4461 mem_le_conn_peer_addr +0x4467 mem_le_conn_own_addr_type +0x4468 mem_le_interval_min +0x446a mem_le_interval_max +0x446c mem_le_latency +0x446e mem_le_timeout +0x4470 mem_le_scan_params +0x4470 mem_le_scan_type +0x4471 mem_le_scan_own_addr_type +0x4472 mem_le_lap +0x4475 mem_le_uap +0x4476 mem_le_nap +0x4478 mem_le_local_mtu +0x447a mem_le_remote_mtu +0x447c mem_le_skdm +0x4484 mem_le_skds +0x448c mem_le_init_superto +0x448e mem_ui_le_uuid_table +0x4490 mem_le_secure_connect_enable +0x4491 mem_le_secure_connect_flag +0x4492 mem_le_sc_calc +0x4493 mem_le_secure_connect_state +0x4494 mem_le_sc_confirm_gkey_flag +0x4495 mem_le_sc_local_key_invalid +0x4496 mem_le_pairing_state +0x4497 mem_le_enc_state +0x4498 mem_le_pairing_mode +0x4499 mem_le_tk +0x449d mem_le_ediv +0x449f mem_le_rand +0x44a7 mem_le_irk +0x44b7 mem_le_transmit_window +0x44bb mem_le_configuration +0x44bc mem_le_fixed_ltk +0x44cc mem_le_pairing_handle +0x44ce mem_le_l2cap_size +0x44d0 mem_le_packet_len_recved +0x44d1 mem_le_tx_buff_used +0x44d2 mem_le_tx_ptr0 +0x44d4 mem_le_tx_ptr1 +0x44d6 mem_le_tx_ptr2 +0x44d8 mem_le_tx_ptr3 +0x44da mem_le_signaling_identifier +0x44db mem_le_l2cap_signaling_conn_param_update_rsp_result +0x44dd mem_le_packet_size +0x44de mem_le_packet_llid +0x44df mem_le_payload_ptr +0x44e1 mem_le_md_count +0x44e2 mem_lmp_version +0x44e5 mem_lmp_subversion +0x44e7 mem_local_name_length +0x44e8 mem_local_name +0x44eb mem_local_name2 +0x452b mem_local_name_end +0x452c mem_unsniff2sniff_timer +0x452d mem_switch_flag +0x452e mem_classic_bt_flag +0x452f mem_pn_dlci +0x4530 mem_pn_max_frame_size +0x4532 memFCStemp1 +0x4533 memFCStemp2 +0x4534 memFCStemp3 +0x4535 mem_rfcomm_initiator +0x4536 mem_remote_spp_channel +0x4537 mem_HIUfcs_SPP +0x4538 mem_HIUfcs_SPP_WCredits +0x4539 mem_rfcomm_send_more_pkt +0x453a mem_remote_credits +0x453b mem_credit_given +0x453c mem_ms_channel +0x453d mem_credit_flag +0x453e mem_rfcomm_max_frame_size +0x4540 mem_rfcomm_credit_init_data +0x4541 mem_cb_receive_spp_data +0x4543 mem_nl_rx_data_src +0x4545 mem_nl_rx_len_all +0x4547 mem_ui_uuid_table +0x4549 mem_all_uuid_16bits +0x455f mem_all_uuid_128bits +0x4581 mem_sdp_l2capch_ptr +0x4583 mem_sp_local_key_invalid +0x4584 mem_le_private_key_256 +0x45a4 mem_le_pubkey_local_x_256 +0x45c4 mem_le_pubkey_local_y_256 +0x45e4 mem_sp_private_key +0x45fc mem_sp_pubkey_local +0x45fc mem_sp_pubkey_local_x +0x4614 mem_sp_pubkey_local_x_end +0x4614 mem_sp_pubkey_local_y +0x462c mem_ssp_enable +0x462d mem_sp_iocap_local +0x4630 mem_sp_iocap_remote +0x4633 mem_flag_mode_ssp_pin +0x4634 mem_ssp_mode_flag +0x4635 mem_authentication_passkey_times +0x4636 mem_passkey_1bit +0x4637 mem_flag_pairing_state +0x4638 mem_ipc_lock_bt +0x4639 mem_ipc_lock_c51 +0x463a mem_ipc_fifo_bt2c51 +0x4642 mem_ipc_fifo_c512bt +0x464a mem_ui_timer_last_btclk +0x464e mem_discovery_timeout_timer_count +0x4650 mem_hid_handshake_timer_count +0x4651 memui_reconnect_mode +0x4652 mem_ui_state_map +0x4654 mem_ui_profile_supported +0x4655 mem_discovery_timeout +0x4657 mem_pin_length +0x4658 mem_pin +0x4668 mem_soft_version_num +0x466a mem_current_packet_length +0x466c mem_module_state +0x466d mem_module_spp_lpm_mult +0x466e mem_module_le_lpm_mult +0x466f mem_module_bluetooth_stauts_by_command +0x4670 mem_module_le_rx_data_len +0x4671 mem_module_le_rx_data_address +0x4673 mem_module_le_rx_data_handle +0x4675 mem_module_data_write_handle +0x4677 mem_module_data_write_handle2 +0x4679 mem_module_flag +0x467a mem_module_hci_notify_len +0x467b mem_module_hci_notify_handle +0x467d mem_module_hci_nofiy_addr +0x467f mem_last_transmite_clock +0x4683 mem_module_uuid_list +0x47af mem_module_uuid_list_end +0x47af mem_module_le_att_list +0x4a6b mem_module_le_att_list_end +0x4a6b mem_module_nv_data +0x4a6b mem_module_nv_data0 +0x4a8d mem_module_nv_data1 +0x4aaf mem_module_nv_data2 +0x4ad1 mem_module_nv_data3 +0x4af3 mem_module_nv_data4 +0x4b15 mem_module_rfcomm_disconnect_count +0x4b16 mem_rf_init Index: dukaqi/senrui/output/program.lis =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/output/program.lis (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/output/program.lis (working copy) @@ -0,0 +1,21076 @@ + include "bt_format " + org 0x0000 + +p_start: +0000 c2840009 bbit1 8 ,pf_patch_ext +0001 c0008012 beq patch00_1 ,p_soft_reset +0002 c0428018 beq patch10_5 ,p_shutdown_radio +0003 c0448039 beq patch11_1 ,p_set_freq_tx +0004 c0510042 beq patch14_2 ,p_init_param +0005 c05c0049 beq patch17_0 ,p_module_init +0006 c05d8076 beq patch17_3 ,p_module_hci_cmd_control +0007 c05e00d1 beq patch17_4 ,p_module_hci_cmd_transmit_le_notify +0008 20204a8b branch assert + +pf_patch_ext: +0009 c00180d5 beq patch20_3 ,p_le_receive_skip +000a c00280e5 beq patch20_5 ,p_le_transmit_receive_sifs +000b c00300ee beq patch20_6 ,p_le_transmit +000c c01d00f3 beq patch27_2 ,p_parse_lmp +000d c01f00fc beq patch27_6 ,p_send_lmp +000e c020810e beq patch28_1 ,p_ssp_disable +000f c0290114 beq patch2a_2 ,p_parse_dlci0_rp +0010 c04c8128 beq patch33_1 ,p_sp_initialize_256 +0011 20204a8b branch assert + +p_soft_reset: +0012 204068c4 call rfcomm_init +0013 204060d7 call init_lmp +0014 20400016 call p_ui_init +0015 2020400a branch soft_reset + 9 + +p_ui_init: +0016 20758000 rtn wake +0017 20207b9a branch ui_timer_init + +p_shutdown_radio: +0018 20308028 branch p_shutdown_radio0 ,is_rx +0019 708955d4 hjam 0xd4 ,0x955 +001a 20000004 nop 4 +001b 708955d2 hjam 0xd2 ,0x955 +001c 20000004 nop 4 +001d 708955d1 hjam 0xd1 ,0x955 +001e 20000004 nop 4 +001f 6fe241df fetch 1 ,mem_tx_power +0020 c0000026 beq tx_power_0db ,p_shutdown_radio_0db +0021 c0008036 beq tx_power_3db ,p_shutdown_radio_3db +0022 c0010026 beq tx_power_5db ,p_shutdown_radio_5db +0023 c0018036 beq tx_power_f3db ,p_shutdown_radio_f3db +0024 c0020036 beq tx_power_f5db ,p_shutdown_radio_f5db +0025 c0100036 beq tx_power_pair ,p_shutdown_radio_pair + +p_shutdown_radio_5db: + +p_shutdown_radio_0db: +0026 708955d0 hjam 0xd0 ,0x955 +0027 708956e0 hjam 0xe0 ,0x956 + +p_shutdown_radio0: +0028 18002a08 force 0x08 ,radio_ctrl +0029 18002a00 force 0 ,radio_ctrl +002a 7850fc00 disable is_rx +002b 78507c00 disable is_tx +002c 782f7c00 pulse packet_end +002d 70890200 hjam 0x0 ,rfen_mdm +002e 70890100 hjam 0x0 ,rfen_tx +002f 70890000 hjam 0x0 ,rfen_rx +0030 70890300 hjam 0 ,rfen_sn +0031 70890470 hjam 0x70 ,rfen_msc +0032 6fe28906 fetch 1 ,rfen_adc +0033 79207e00 set1 0 ,pdata +0034 67e28906 store 1 ,rfen_adc +0035 20600000 rtn + +p_shutdown_radio_pair: + +p_shutdown_radio_f5db: + +p_shutdown_radio_f3db: + +p_shutdown_radio_3db: +0036 708955d0 hjam 0xd0 ,0x955 +0037 708956c0 hjam 0xc0 ,0x956 +0038 20200028 branch p_shutdown_radio0 + +p_set_freq_tx: +0039 60420017 storet 1 ,mem_last_freq +003a 2040492a call set_freq_tx_offset +003b 20404980 call rf_write_freq +003c 58000500 setarg param_pll_setup +003d 20404a8e call sleep + +p_txon: +003e 6fe28906 fetch 1 ,rfen_adc +003f 79207e00 set1 0 ,pdata +0040 67e28906 store 1 ,rfen_adc +0041 20204937 branch txon + 1 + +p_init_param: +0042 7089067c hjam 0x7c ,rfen_adc +0043 20758000 rtn wake +0044 58000000 setarg 0 +0045 67e441dd store 2 ,mem_tx_len +0046 1c437e00 rshift clkn_bt ,pdata +0047 67e84094 store 4 ,mem_last_clkn +0048 20600000 rtn + +p_module_init: +0049 58000053 setarg p_module_process_bb_event +004a 67e441f6 store 2 ,mem_cb_bb_event_process +004b 5800005b setarg p_module_bb_event_timer +004c 67e441fe store 2 ,mem_cb_event_timer +004d 58000065 setarg p_module_le_receive_data +004e 67e441fa store 2 ,mem_cb_att_write +004f 20404daf call module_lpm_uart_init +0050 20404dbc call module_gpio_init +0051 20404c2a call check_module_disabled +0052 2020504d branch module_hci_event_enter_standby_mode + +p_module_process_bb_event: +0053 1a627e00 copy regc ,pdata +0054 c0048059 beq bt_evt_spp_disconnected ,p_module_process_spp_disconnected +0055 c0010057 beq bt_evt_bb_disconnected ,p_module_process_bb_event_disconned +0056 20204ddf branch module_process_bb_event + 1 + +p_module_process_bb_event_disconned: +0057 704b1500 jam 0 ,mem_module_rfcomm_disconnect_count +0058 20204dfb branch module_process_bb_event_disconned + +p_module_process_spp_disconnected: +0059 704b1506 jam 6 ,mem_module_rfcomm_disconnect_count +005a 20204e08 branch module_process_spp_disconnected + +p_module_bb_event_timer: +005b 2040005d call p_module_rfcomm_disconnect_timer +005c 202050c3 branch module_bb_event_timer + +p_module_rfcomm_disconnect_timer: +005d 6fe24b15 fetch 1 ,mem_module_rfcomm_disconnect_count +005e 207a0000 rtn blank +005f 1fe0ffff increase -1 ,pdata +0060 67e24b15 store 1 ,mem_module_rfcomm_disconnect_count +0061 247a0000 nrtn blank +0062 6fe44652 fetch 2 ,mem_ui_state_map +0063 c2804d64 bbit1 ui_state_bt_connected ,app_bt_disconnect +0064 20600000 rtn + +p_module_le_receive_data: +0065 20404f11 call module_check_ble_encrypt_state +0066 20740000 rtn user +0067 1a227e00 copy rega ,pdata +0068 67e44671 store 2 ,mem_module_le_rx_data_address +0069 1a427e00 copy regb ,pdata +006a 67e24670 store 1 ,mem_module_le_rx_data_len +006b 68440474 fetcht 2 ,mem_le_att_handle +006c 60444673 storet 2 ,mem_module_le_rx_data_handle +006d 20405b6c call le_att_get_handle_info +006e 243a4a8b nbranch assert ,blank +006f 6fe2049e fetch 1 ,mem_le_cur_uuid_length +0070 c0815042 bne 0x02 ,module_hci_event_receive_le_data +0071 e8440006 ifetcht 2 ,contr +0072 58002902 setarg client_charactertic_configuration +0073 98467c00 isub temp ,null +0074 20628000 rtn zero +0075 20205042 branch module_hci_event_receive_le_data + +p_module_hci_cmd_control: +0076 6fe20aff fetch 1 ,mem_module_uart_opcode +0077 c01380cf beq hci_cmd_sleep ,p_module_hci_cmd_enter_sleep +0078 c006007e beq hci_cmd_set_pairing_req ,p_module_hci_cmd_set_pairing_mode +0079 c03b0087 beq hci_cmd_delete_customize_service ,module_hci_cmd_delete_customize_service +007a c03b808d beq hci_cmd_add_service_uuid ,module_hci_cmd_add_service_uuid +007b c03c0092 beq hci_cmd_add_characteristic_uuid ,module_hci_cmd_add_characteristic_uuid +007c c00a80cc beq hci_cmd_set_cod ,module_hci_cmd_le_set_adv_data_set_cod +007d 20204e5c branch module_hci_cmd_control + 2 + +p_module_hci_cmd_set_pairing_mode: +007e 1a220600 copy rega ,contru +007f efe20003 ifetch 1 ,contru +0080 c0004f1c beq pairing_pincode ,module_hci_pairing_pincode_mode +0081 c000cf1f beq pairing_justwork ,module_hci_pairing_just_work_mode +0082 c0014f25 beq pairing_passkey ,module_hci_pairing_passkey +0083 c0018085 beq pairing_confirm ,p_module_hci_pairing_numeric_comparison +0084 2020501c branch module_hci_event_receive_invalid_cmd + +p_module_hci_pairing_numeric_comparison: +0085 58000001 setarg 0x000001 +0086 20204f20 branch module_hci_sspairing_mode + +module_hci_cmd_delete_customize_service: +0087 d8400028 arg 0x0028 ,temp +0088 20405b4d call le_att_get_handle_ptr2 +0089 18c08bfe add contr ,-2 ,contw +008a 58000000 setarg 0x0000 +008b e7e40005 istore 2 ,contw +008c 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_add_service_uuid: +008d 20400096 call module_hci_cmd_add_service_uuid_set_uuid +008e 204000b3 call uart_copy_rx_bytes_len_data +008f 58000000 setarg 0x0000 +0090 e7e40005 istore 2 ,contw +0091 202000c5 branch module_hci_event_uuid_handle + +module_hci_cmd_add_characteristic_uuid: +0092 efe20003 ifetch 1 ,contru +0093 2040009a call module_hci_cmd_add_characteristic_uuid_set_handle +0094 204000a1 call module_hci_cmd_add_characteristic_uuid_set_uuid +0095 202000c5 branch module_hci_event_uuid_handle + +module_hci_cmd_add_service_uuid_set_uuid: +0096 204000b7 call le_att_creat_new_handle +0097 58280002 setarg 0x280002 +0098 e7e60005 istore 3 ,contw +0099 20600000 rtn + +module_hci_cmd_add_characteristic_uuid_set_handle: +009a 67e20a96 store 1 ,mem_pdatatemp +009b 204000b7 call le_att_creat_new_handle +009c 59280302 setarg 0x01280302 +009d e7e80005 istore 4 ,contw +009e 6fe20a96 fetch 1 ,mem_pdatatemp +009f e7e60005 istore 3 ,contw +00a0 20600000 rtn + +module_hci_cmd_add_characteristic_uuid_set_uuid: +00a1 204000b7 call le_att_creat_new_handle +00a2 204000b3 call uart_copy_rx_bytes_len_data +00a3 204000b3 call uart_copy_rx_bytes_len_data +00a4 58000000 setarg 0 +00a5 e7e40005 istore 2 ,contw +00a6 184085ff increase -1 ,temp +00a7 20405b4d call le_att_get_handle_ptr2 +00a8 18c08c04 add contr ,4 ,contr +00a9 efe20006 ifetch 1 ,contr +00aa c28200ae bbit1 bit_characteristic_notify ,module_hci_cmd_add_characteristic_uuid_set_ccc_uuid +00ab c28280ae bbit1 bit_characteristic_indicate ,module_hci_cmd_add_characteristic_uuid_set_ccc_uuid +00ac 18408401 increase 1 ,temp +00ad 20600000 rtn + +module_hci_cmd_add_characteristic_uuid_set_ccc_uuid: +00ae 204000b7 call le_att_creat_new_handle +00af 5a290202 setarg 0x02290202 +00b0 e7f00005 istore 8 ,contw +00b1 184085ff increase -1 ,temp +00b2 20600000 rtn + +uart_copy_rx_bytes_len_data: +00b3 efe20003 ifetch 1 ,contru +00b4 1fe27200 copy pdata ,loopcnt +00b5 e7e20005 istore 1 ,contw +00b6 202067ed branch uart_copy_rx_bytes + +le_att_creat_new_handle: +00b7 204000ba call le_att_get_last_handle +00b8 e0440005 istoret 2 ,contw +00b9 20600000 rtn + +le_att_get_last_handle: +00ba 6fe4448e fetch 2 ,mem_ui_le_uuid_table +00bb 98000c00 iforce contr + +le_att_get_last_handle_loop: +00bc efe40006 ifetch 2 ,contr +00bd 207a0000 rtn blank +00be 1fe08401 add pdata ,1 ,temp +00bf efe20006 ifetch 1 ,contr +00c0 98c08c00 iadd contr ,contr +00c1 efe20006 ifetch 1 ,contr +00c2 98c08c00 iadd contr ,contr +00c3 18c20a00 copy contr ,contw +00c4 202000bc branch le_att_get_last_handle_loop + +module_hci_event_uuid_handle: +00c5 60440a9e storet 2 ,mem_temp +00c6 700aff29 jam hci_event_uuid_handle ,mem_module_uart_opcode +00c7 58000002 setarg 2 +00c8 204050a5 call module_hci_prepare_tx +00c9 68440a9e fetcht 2 ,mem_temp +00ca e044000a istoret 2 ,contwu +00cb 202067b9 branch uartd_send + +module_hci_cmd_le_set_adv_data_set_cod: +00cc efe60003 ifetch 3 ,contru +00cd 67e640aa store 3 ,mem_class +00ce 2020501f branch module_hci_event_receive_valid_cmd + +p_module_hci_cmd_enter_sleep: +00cf 2040501f call module_hci_event_receive_valid_cmd +00d0 20204d85 branch app_enter_hibernate + +p_module_hci_cmd_transmit_le_notify: +00d1 6fe44478 fetch 2 ,mem_le_local_mtu +00d2 20407db5 call not_greater_than +00d3 1fe20400 copy pdata ,temp +00d4 20204efa branch module_hci_cmd_transmit_le_notify + 6 + +p_le_receive_skip: +00d5 204049ba call save_rssi +00d6 7823fc00 enable enable_white +00d7 7824fc00 enable enable_crc +00d8 09800008 parse demod ,bucket ,8 +00d9 19897e00 rshift3 pwindow ,pdata +00da 67e202d5 store 1 ,mem_le_rxbuf +00db 09800008 parse demod ,bucket ,8 +00dc 19897e00 rshift3 pwindow ,pdata +00dd e7e20005 istore 1 ,contw +00de 1fe1723f and pdata ,0x3f ,loopcnt +00df 2022d88b branch lerx_nopayload ,zero +00e0 1fe67c33 sub pdata ,51 ,null +00e1 244100e3 ncall p_lerx_max_length ,positive +00e2 20205887 branch lerx_loop + +p_lerx_max_length: +00e3 df200033 arg 51 ,loopcnt +00e4 20600000 rtn + +p_le_transmit_receive_sifs: +00e5 204058a3 call le_transmit +00e6 20404915 call set_sync_on +00e7 68420017 fetcht 1 ,mem_last_freq +00e8 2040491c call set_freq_rx +00e9 200005dc nop 1500 +00ea 20404921 call rf_rx_enable +00eb 78287c00 enable swfine +00ec d960157c arg 5500 ,timeup +00ed 20205869 branch le_receive_rxon + +p_le_transmit: +00ee 204057af call le_prep +00ef 204000f1 call p_letx_setfreq +00f0 202058a7 branch le_transmit0 + +p_letx_setfreq: +00f1 2036803e branch p_txon ,match +00f2 202057be branch letx_setfreq + 1 + +p_parse_lmp: +00f3 6fe2007d fetch 1 ,mem_lmi_opcode2 +00f4 c00800f6 beq lmp_encryption_key_size_req ,p_parse_lmp_crypt_key +00f5 202060fe branch parse_lmp + 21 + +p_parse_lmp_crypt_key: +00f6 6842054e fetcht 1 ,mem_rxbuf + 1 +00f7 18467c06 sub temp ,6 ,null +00f8 202100fa branch reject_lmp_packet_pdu_not_allowed ,positive +00f9 20206206 branch parse_lmp_crypt_key + 1 + +reject_lmp_packet_pdu_not_allowed: +00fa 70007e24 jam pdu_not_allowed ,mem_lmo_reason2 +00fb 20206134 branch reject_lmp_packet + +p_send_lmp: +00fc 78547c00 disable user +00fd 204066a3 call lmo_fifo_process +00fe 6fe20048 fetch 1 ,mem_lmp_to_send +00ff 207a0000 rtn blank +0100 c2838102 bbit1 7 ,p_send_lmp_escape +0101 202063f2 branch send_lmp0 + +p_send_lmp_escape: +0102 c0420105 beq lmp_ext_features_res ,p_send_lmpext_features_res +0103 c0418108 beq lmp_ext_features_req ,p_send_lmpext_features_req +0104 20206421 branch send_lmp_escape + +p_send_lmpext_features_res: +0105 2040010b call p_check_ssp_enable +0106 6fe20048 fetch 1 ,mem_lmp_to_send +0107 2020647b branch send_lmpext_features_res + +p_send_lmpext_features_req: +0108 2040010b call p_check_ssp_enable +0109 6fe20048 fetch 1 ,mem_lmp_to_send +010a 202064ef branch send_lmpext_features_req + +p_check_ssp_enable: +010b 6fe2462c fetch 1 ,mem_ssp_enable +010c 203a650d branch ssp_disable ,blank +010d 20206506 branch ssp_enable + +p_ssp_disable: +010e 6fe2409e fetch 1 ,mem_features + 6 +010f 793ffe03 set0 param_featrue_ssp ,pdata +0110 67e2409e store 1 ,mem_features + 6 +0111 58000001 setarg 0x1 +0112 67e404ca store 2 ,mem_lmpext_ssp_enable +0113 20600000 rtn + +p_parse_dlci0_rp: +0114 6fe204f9 fetch 1 ,mem_current_frame_type +0115 c01fe93e beq rfcomm_frame_type_sabm ,rfcomm_rx_process_dlci0_sabm +0116 c039e947 beq rfcomm_frame_type_ua ,rfcomm_rx_process_dlci0_ua +0117 c077811a beq rfcomm_frame_type_uih ,p_parse_dlci0_rp_uih +0118 c029ea05 beq rfcomm_frame_type_disconn ,parse_uih_rp_spp_disconn_send_event +0119 20600000 rtn + +p_parse_dlci0_rp_uih: +011a 6fe404fd fetch 2 ,mem_rfcomm_uih_payload_ptr +011b 1fe20c00 copy pdata ,contr +011c 20406984 call get_rfcomm_uih_head_struct +011d 6fe204ff fetch 1 ,mem_uih_cmd_type +011e c020e966 beq uih_param_neg_cmd ,parse_dlci0_rp_uih_pn_cmd +011f c020696e beq uih_param_neg_res ,parse_dlci0_rp_uih_pn_res +0120 c038e9a7 beq uih_modem_status_cmd ,parse_dlci0_rp_uih_ms_cmd +0121 c0380124 beq uih_modem_status_res ,p_parse_dlci0_rp_uih_ms_res +0122 c024e9be beq uih_param_cmd_remove_port ,parse_dlci0_rp_uih_cmd_port +0123 20206a58 branch rfcomm_rx_process_end + +p_parse_dlci0_rp_uih_ms_res: +0124 700a9508 jam bt_evt_spp_connected ,mem_fifo_temp +0125 20407bab call ui_ipc_send_event +0126 20406972 call get_rfcomm_param_modem_status +0127 202069ba branch parse_dlci0_rp_uih_ms_res_spp + +p_sp_initialize_256: +0128 6fe24490 fetch 1 ,mem_le_secure_connect_enable +0129 203a5ed0 branch le_secure_connection_disable ,blank +012a 20407438 call sp_clear_flags +012b 20207932 branch sp_pubkey_calc_256 + org 0x4000 + +start: +4000 20404abb call lpmstate + +soft_reset: +4001 44804000 bpatch patch00_0 ,mem_patch00 +4002 20800000 clear_stack +4003 2040496a call initialize_radio +4004 20404a95 call init_param +4005 20405144 call l2cap_init +4006 4480c000 bpatch patch00_1 ,mem_patch00 +4007 204068c4 call rfcomm_init +4008 204060d7 call init_lmp +4009 20407b81 call ui_init +400a 20404c77 call app_init +400b 44814000 bpatch patch00_2 ,mem_patch00 +400c 2055cc7c call app_lpm_init ,wake +400d 2040741f call publickey_init +400e 2055cb1d call lpm_recover_clk ,wake + +main_loop: +400f 4481c000 bpatch patch00_3 ,mem_patch00 +4010 20407591 call sp_calc_sequence +4011 20407964 call sp_calc_sequence_256 +4012 20407422 call sp_calc_sequence_256_check +4013 20405736 call le_dispatch +4014 44824000 bpatch patch00_4 ,mem_patch00 +4015 20404034 call idle_dispatch +4016 20404c86 call app_process_idle +4017 2040408b call inquiry_dispatch +4018 204042f4 call inquiry_scan_dispatch +4019 20404366 call page_scan_dispatch +401a 2040401d call connection_dispatch +401b 20404b3f call lpm_dispatch +401c 2020400f branch main_loop + +connection_dispatch: +401d 20404022 call connection_incontext +401e c6848000 rtnmark0 mark_context +401f 793f8009 set0 mark_context ,mark +4020 2040421f call context_save +4021 202057a8 branch le_disable + +connection_incontext: +4022 4482c000 bpatch patch00_5 ,mem_patch00 +4023 2040425a call context_search_insniff +4024 2422c02b nbranch connection_nosniff ,zero +4025 20404206 call context_load +4026 1a208c01 add rega ,coffset_mode ,contr +4027 efe20006 ifetch 1 ,contr +4028 c280573a bbit1 mode_le ,le_conn_dispatch +4029 c280c162 bbit1 mode_master ,master_dispatch +402a 202043cb branch slave_dispatch + +connection_nosniff: +402b 20404227 call context_get_next +402c 1f227c00 copy loopcnt ,null +402d 20628000 rtn zero +402e 20404206 call context_load +402f 6fe20030 fetch 1 ,mem_state +4030 c281c0cf bbit1 state_inpage ,master_page +4031 6fe20031 fetch 1 ,mem_mode +4032 c280c162 bbit1 mode_master ,master_dispatch +4033 202043cb branch slave_dispatch + +idle_dispatch: +4034 6fe241cf fetch 1 ,mem_hci_cmd +4035 207a0000 rtn blank +4036 c000c044 beq hci_cmd_inquiry ,idle_inquiry +4037 c0014049 beq hci_cmd_inquiry_cancel ,idle_inquiry_cancel +4038 c001c04c beq hci_cmd_remote_name_req ,idle_remote_name_req +4039 c002c051 beq hci_cmd_create_conn ,idle_create_conn +403a c00dc041 beq hci_cmd_le_create_conn ,idle_le_create_conn +403b 20404253 call context_search_conn_handle +403c 20628000 rtn zero +403d 20404256 call context_search_plap +403e 20628000 rtn zero + +idle_exit: +403f 7041cf00 jam 0 ,mem_hci_cmd +4040 20600000 rtn + +idle_le_create_conn: +4041 7004971b jam hci_cmd_le_create_conn ,mem_cmd_le_create_conn +4042 7041cf00 jam 0 ,mem_hci_cmd +4043 20600000 rtn + +idle_inquiry: +4044 7920001c set1 mark_inquiry_on ,mark +4045 793f801e set0 mark_inquiry_trainb ,mark +4046 70008fff jam param_ninquiry ,mem_ninqy_index +4047 70008d1f jam 31 ,mem_nfreq_index_inq +4048 2020403f branch idle_exit + +idle_inquiry_cancel: +4049 793f801c set0 mark_inquiry_on ,mark +404a 18003600 force 0 ,stop_watch +404b 2020403f branch idle_exit + +idle_remote_name_req: +404c 20404256 call context_search_plap +404d 20628000 rtn zero +404e 18000401 force lmp_name_req ,temp +404f 70016c05 jam 5 ,mem_nameres_cnt +4050 20204058 branch idle_start_page + +idle_create_conn: +4051 44834000 bpatch patch00_6 ,mem_patch00 + +idle_create_conn_device: +4052 6fec41d1 fetch 6 ,mem_hci_plap +4053 203a403f branch idle_exit ,blank +4054 70465101 jam reconnect_hid ,memui_reconnect_mode +4055 70005503 jam conn_sm_wait_features_res ,mem_conn_sm +4056 20204057 branch idle_create_conn_cont + +idle_create_conn_cont: +4057 18000425 force lmp_version_req ,temp + +idle_start_page: +4058 4483c000 bpatch patch00_7 ,mem_patch00 +4059 6fe200ef fetch 1 ,mem_page_mode +405a 203a405e branch idle_page_mode_r0 ,blank +405b 1fe9fe00 lshift3 pdata ,pdata +405c 1ff27e00 lshift4 pdata ,pdata +405d 1fe0ffff increase -1 ,pdata + +idle_page_mode_r0: +405e 67e240a6 store 1 ,mem_npage +405f 67e200ee store 1 ,mem_npage_index +4060 70008e1f jam 31 ,mem_nfreq_index_page +4061 793f800c set0 mark_page_trainb ,mark +4062 20404237 call context_new +4063 2422c07f nbranch idle_page_fail ,zero +4064 20404a6e call get_free_amaddr +4065 67e20077 store 1 ,mem_amaddr +4066 6042007c storet 1 ,mem_lmo_opcode2 +4067 6fec41d1 fetch 6 ,mem_hci_plap +4068 67ec0040 store 6 ,mem_plap +4069 44844001 bpatch patch01_0 ,mem_patch01 +406a 20407cf0 call timer_reinit +406b 18007e00 force 0 ,pdata +406c 2841fe01 compare lmp_name_req ,temp ,0xff +406d 7d20fe05 nsetflag true ,state_init_seq ,pdata +406e 79207e03 set1 state_inpage ,pdata +406f 67e20030 store 1 ,mem_state +4070 700a9503 jam bt_evt_reconn_started ,mem_fifo_temp +4071 20407bab call ui_ipc_send_event +4072 18007e00 force 0 ,pdata +4073 7920fe04 setflag true ,smap_name_req ,pdata +4074 67e2004c store 1 ,mem_state_map +4075 58000000 setarg 0 +4076 79207e01 set1 mode_master ,pdata +4077 67e20031 store 1 ,mem_mode +4078 7834fc00 enable master +4079 2040421f call context_save +407a 7854fc00 disable master +407b 18000e03 force page_length_timer ,queue +407c 6fe440b9 fetch 2 ,mem_page_to +407d 20407ce3 call timer_init +407e 2020403f branch idle_exit + +idle_page_fail: +407f 4484c001 bpatch patch01_1 ,mem_patch01 +4080 6fec41d1 fetch 6 ,mem_hci_plap +4081 67ec0040 store 6 ,mem_plap +4082 2841fe01 compare lmp_name_req ,temp ,0xff +4083 2020c085 branch idle_name_fail ,true +4084 2020403f branch idle_exit + +idle_name_fail: +4085 d8a000ff arg mem_tmp_buffer ,contw +4086 df200008 arg 8 ,loopcnt +4087 20407ca1 call memset0 +4088 700a9504 jam bt_evt_reconn_failed ,mem_fifo_temp +4089 20407bab call ui_ipc_send_event +408a 2020403f branch idle_exit + +inquiry_dispatch: +408b c68e0000 rtnmark0 mark_inquiry_on +408c 18000e01 force inquiry_length_timer ,queue +408d 20407cf1 call timer_check +408e 7d3a001c nsetflag blank ,mark_inquiry_on ,mark +408f 243a4091 nbranch inquiry_start ,blank +4090 20600000 rtn + +inquiry_start: +4091 44854001 bpatch patch01_2 ,mem_patch01 +4092 684440bb fetcht 2 ,mem_inq_window +4093 18000e04 force 4 ,queue +4094 20404718 call sniff_check_window +4095 20740000 rtn user +4096 204048a0 call afh_clear +4097 18004800 force 0 ,freq_mode + +inquiry_restart: +4098 20618000 rtn timeout +4099 793f800b set0 mark_fhs_already_good ,mark +409a 793f8000 set0 mark_fhs_eir ,mark + +inquiry_rx_restart: +409b 1c40c201 add clkn_bt ,1 ,bt_clk +409c 280ffe1e isolate1 mark_inquiry_trainb ,mark +409d 7920c802 setflag true ,2 ,freq_mode +409e 2c200400 compare 0x00 ,bt_clk ,0x02 +409f 2420c0ba nbranch inquiry_receive ,true + +inquiry_transmit: +40a0 4485c001 bpatch patch01_3 ,mem_patch01 +40a1 6fe20012 fetch 1 ,mem_inquiry_transmit +40a2 1fe0fe01 increase 1 ,pdata +40a3 67e20012 store 1 ,mem_inquiry_transmit +40a4 204048d4 call fetch_giac +40a5 204048ce call tx_radio_freq +40a6 204048ee call fetch_diac +40a7 20404a50 call start_transmitter +40a8 20404a55 call start_tx_native +40a9 20404a63 call send_access_word +40aa 20404649 call end_of_packet +40ab 204040ad call inquiry_check_train +40ac 20204098 branch inquiry_restart + +inquiry_check_train: +40ad 44864001 bpatch patch01_4 ,mem_patch01 +40ae 6fe2008d fetch 1 ,mem_nfreq_index_inq +40af 1fe0ffff increase -1 ,pdata +40b0 67e2008d store 1 ,mem_nfreq_index_inq +40b1 20610000 rtn positive +40b2 70008d1f jam 31 ,mem_nfreq_index_inq +40b3 6fe2008f fetch 1 ,mem_ninqy_index +40b4 1fe0ffff increase -1 ,pdata +40b5 67e2008f store 1 ,mem_ninqy_index +40b6 20610000 rtn positive +40b7 7940001e setflip mark_inquiry_trainb ,mark +40b8 70008fff jam param_ninquiry ,mem_ninqy_index +40b9 20600000 rtn + +inquiry_receive: +40ba 4486c001 bpatch patch01_5 ,mem_patch01 +40bb 204048d4 call fetch_giac +40bc 204048c8 call rx_radio_freq +40bd 204048ee call fetch_diac +40be 20404a5a call start_rx_native +40bf 204049ea call start_receiver +40c0 20404a0c call wait_access_clkn_rt +40c1 202c40c4 branch inquiry_sync ,sync +40c2 204040ad call inquiry_check_train +40c3 2020409b branch inquiry_rx_restart + +inquiry_sync: +40c4 44874001 bpatch patch01_6 ,mem_patch01 +40c5 204049ba call save_rssi +40c6 20404a6a call scan_mode_whiten +40c7 2040451a call receive_packet_whitened +40c8 793f8001 set0 mark_rxbuf_inuse ,mark +40c9 c6858000 rtnmark0 mark_fhs_already_good + +inquiry_receive_rtn: +40ca 4487c001 bpatch patch01_7 ,mem_patch01 + +inquiry_receive_eir_rtn: +40cb 6fe20013 fetch 1 ,mem_inquiry_rcv +40cc 1fe0fe01 increase 1 ,pdata +40cd 67e20013 store 1 ,mem_inquiry_rcv +40ce 20600000 rtn + +master_page: +40cf 44884002 bpatch patch02_0 ,mem_patch02 +40d0 7834fc00 enable master +40d1 78387c00 enable clknt +40d2 6fe440b5 fetch 2 ,mem_page_interval +40d3 203a40d7 branch master_page_no_interval ,blank +40d4 18000e08 force page_interval_timer ,queue +40d5 20407cf1 call timer_check +40d6 247a0000 nrtn blank + +master_page_no_interval: +40d7 4488c002 bpatch patch02_1 ,mem_patch02 +40d8 684440b7 fetcht 2 ,mem_page_window +40d9 18000e28 force 40 ,queue +40da 20404718 call sniff_check_window +40db 20344110 branch page_exit ,user +40dc 18000e03 force page_length_timer ,queue +40dd 20407cf1 call timer_check +40de 243a40ec nbranch page_start ,blank +40df 6fe2004c fetch 1 ,mem_state_map +40e0 c28240e2 bbit1 smap_name_req ,master_npage_timeout +40e1 202040e5 branch master_page_timeout + +master_npage_timeout: +40e2 d8a000ff arg mem_tmp_buffer ,contw +40e3 df200008 arg 8 ,loopcnt +40e4 20407ca1 call memset0 + +master_page_timeout: +40e5 44894002 bpatch patch02_2 ,mem_patch02 +40e6 70003000 jam 0 ,mem_state +40e7 204060d8 call init_lmp_work +40e8 70465100 jam 0 ,memui_reconnect_mode +40e9 700a9513 jam bt_evt_reconn_page_timeout ,mem_fifo_temp +40ea 20407bab call ui_ipc_send_event +40eb 20204110 branch page_exit + +page_start: +40ec 4489c002 bpatch patch02_3 ,mem_patch02 +40ed 18001600 force 0 ,timeup +40ee 34730200 until clkn_rt ,meet +40ef 6fe200f0 fetch 1 ,mem_page_clk +40f0 1fe0ffff increase -1 ,pdata +40f1 9c42fe00 ixor clkn_bt ,pdata +40f2 2fe00600 compare 0 ,pdata ,3 +40f3 2420c0ec nbranch page_start ,true +40f4 18827e00 deposit am_addr +40f5 67e2017f store 1 ,mem_fhs_am_addr +40f6 18004c00 force 0 ,n_tx_slot +40f7 18004800 force 0 ,freq_mode + +page_restart: +40f8 448a4002 bpatch patch02_4 ,mem_patch02 +40f9 2021c110 branch page_exit ,timeout +40fa 204048d8 call fetch_page_bt_adr +40fb d9600600 arg param_rf_setup ,timeup +40fc 34730200 until clkn_rt ,meet + +page_rx_restart: +40fd 448ac002 bpatch patch02_5 ,mem_patch02 +40fe 6fe800f0 fetch 4 ,mem_page_clk +40ff 98004200 iforce bt_clk +4100 1fe0fe01 increase 1 ,pdata +4101 67e800f0 store 4 ,mem_page_clk +4102 280ffe0c isolate1 mark_page_trainb ,mark +4103 7920c802 setflag true ,2 ,freq_mode +4104 2c200400 compare 0x00 ,bt_clk ,0x02 +4105 2420c124 nbranch page_receive ,true +4106 6fe2000c fetch 1 ,mem_page_transmit +4107 1fe0fe01 increase 1 ,pdata +4108 67e2000c store 1 ,mem_page_transmit +4109 204048ce call tx_radio_freq +410a 20404a50 call start_transmitter +410b 20404a55 call start_tx_native +410c 20404a63 call send_access_word +410d 20404649 call end_of_packet +410e 20404116 call page_check_train +410f 202040f8 branch page_restart + +page_exit: +4110 448b4002 bpatch patch02_6 ,mem_patch02 +4111 7854fc00 disable master +4112 6fe440b5 fetch 2 ,mem_page_interval +4113 207a0000 rtn blank +4114 18000e08 force page_interval_timer ,queue +4115 20207ce3 branch timer_init + +page_check_train: +4116 448bc002 bpatch patch02_7 ,mem_patch02 +4117 6fe2008e fetch 1 ,mem_nfreq_index_page +4118 1fe0ffff increase -1 ,pdata +4119 67e2008e store 1 ,mem_nfreq_index_page +411a 20610000 rtn positive +411b 70008e1f jam 31 ,mem_nfreq_index_page +411c 6fe200ee fetch 1 ,mem_npage_index +411d 1fe0ffff increase -1 ,pdata +411e 67e200ee store 1 ,mem_npage_index +411f 20610000 rtn positive +4120 7940000c setflip mark_page_trainb ,mark +4121 6fe240a6 fetch 1 ,mem_npage +4122 67e200ee store 1 ,mem_npage_index +4123 20600000 rtn + +page_receive: +4124 448c4003 bpatch patch03_0 ,mem_patch03 +4125 204048c8 call rx_radio_freq +4126 20404a5a call start_rx_native +4127 204049ea call start_receiver +4128 20404a0c call wait_access_clkn_rt +4129 202c412c branch page_sync ,sync +412a 20404116 call page_check_train +412b 202040fd branch page_rx_restart + +page_sync: +412c 20404649 call end_of_packet +412d 6fe2000d fetch 1 ,mem_page_rcv +412e 1fe0fe01 increase 1 ,pdata +412f 67e2000d store 1 ,mem_page_rcv +4130 18003600 force 0 ,stop_watch +4131 6fe800f0 fetch 4 ,mem_page_clk + +page_send_fhs: +4132 448cc003 bpatch patch03_1 ,mem_patch03 +4133 20404a4e call rf_setup_time_master_slot +4134 204048d8 call fetch_page_bt_adr +4135 1cc0cc01 increase 1 ,n_tx_slot + +page_send_fhs_continue: +4136 1c2143fd and_into 0x1fd ,bt_clk +4137 1c8149fc and_into 0x1fc ,freq_mode +4138 204048ce call tx_radio_freq +4139 20404a50 call start_transmitter +413a 20404a55 call start_tx_native +413b 20404a63 call send_access_word +413c 1c427e00 deposit clkn_bt +413d 67e8015f store 4 ,mem_clkn_bt +413e 18000800 force 0 ,am_addr +413f 18000202 force type_fhs ,type +4140 20404a6a call scan_mode_whiten +4141 20404762 call transmit_packet_whitened + +page_wait_fhs_reply: +4142 448d4003 bpatch patch03_2 ,mem_patch03 +4143 20404a4c call rf_setup_time_slave_slot +4144 1c21c202 or_into 0x02 ,bt_clk +4145 1c8149fc and_into 0x1fc ,freq_mode +4146 204048c8 call rx_radio_freq +4147 20404a5a call start_rx_native +4148 204049ea call start_receiver +4149 20404a0c call wait_access_clkn_rt +414a 204c4649 call end_of_packet ,sync +414b 202c4151 branch page_wait_fhs_reply_ok ,sync +414c 6fe20010 fetch 1 ,mem_fhs_wait_counter +414d 203a40f8 branch page_restart ,blank +414e 1fe0ffff increase -1 ,pdata +414f 67e20010 store 1 ,mem_fhs_wait_counter +4150 20204132 branch page_send_fhs + +page_wait_fhs_reply_ok: +4151 448dc003 bpatch patch03_3 ,mem_patch03 +4152 6fe2000e fetch 1 ,mem_page_rcv_fhs +4153 1fe0fe01 increase 1 ,pdata +4154 67e2000e store 1 ,mem_page_rcv_fhs +4155 20404431 call prepare_newconn + +master_newconn_loop: +4156 204042ee call master_newconn_once +4157 202c415b branch newconn_poll_responded ,sync +4158 20404451 call new_conn_timeout +4159 243a4156 nbranch master_newconn_loop ,blank +415a 202040f8 branch page_restart + +newconn_poll_responded: +415b 448e4003 bpatch patch03_4 ,mem_patch03 +415c 6fe20030 fetch 1 ,mem_state +415d 793ffe03 set0 state_inpage ,pdata +415e 67e20030 store 1 ,mem_state +415f 2040443c call newconn_init +4160 7854fc00 disable master +4161 20600000 rtn + +master_dispatch: +4162 448ec003 bpatch patch03_5 ,mem_patch03 +4163 7834fc00 enable master +4164 78387c00 enable clknt +4165 204041dd call role_switch_master +4166 20740000 rtn user +4167 20404c24 call check_bt_disabled +4168 20404a4e call rf_setup_time_master_slot +4169 1c40c201 add clkn_bt ,1 ,bt_clk +416a 204048de call fetch_self_bt_adr +416b 18004803 force 0x03 ,freq_mode +416c 20406b81 call scheduler_tx_l2cap_pkt +416d 20404485 call prepare_tx +416e 204048ce call tx_radio_freq +416f 20404a50 call start_transmitter +4170 20404a55 call start_tx_native +4171 20404a63 call send_access_word +4172 2040475e call transmit_packet + +master_loop: +4173 448f4003 bpatch patch03_6 ,mem_patch03 +4174 204060e9 call parse_lmp +4175 204042e0 call master_conn_recv_packet +4176 2436c17c nbranch master_notmatch ,match +4177 20404a87 call supervision_flush +4178 20404724 call parse_l2cap +4179 6fe2000f fetch 1 ,mem_master_rcvcnt +417a 1fe0fe01 increase 1 ,pdata +417b 67e2000f store 1 ,mem_master_rcvcnt + +master_notmatch: +417c 448fc003 bpatch patch03_7 ,mem_patch03 +417d 20406b69 call scheduler_process +417e 20404187 call check_master_disconnect +417f 24748000 nrtn master +4180 204046ef call check_attempt +4181 243a4184 nbranch master_attempt ,blank + +master_exit: +4182 7854fc00 disable master +4183 20600000 rtn + +master_attempt: +4184 20404485 call prepare_tx +4185 204042d6 call master_conn_send_packet +4186 20204173 branch master_loop + +check_master_disconnect: +4187 2036c18a branch check_master_match ,match +4188 20404a7e call supervision_update +4189 20214198 branch master_disconnect ,positive + +check_master_match: +418a 204041a3 call check_disconnect_timeout +418b 24344198 nbranch master_disconnect ,user +418c 6fe2004c fetch 1 ,mem_state_map +418d c4020000 rtnbit0 smap_name_req +418e c3818000 rtnbit1 smap_name_res +418f 6fe2004b fetch 1 ,mem_op +4190 c3818000 rtnbit1 op_disconn +4191 204041aa call conn_timer_expired +4192 247a0000 nrtn blank +4193 6fe2016c fetch 1 ,mem_nameres_cnt +4194 1fe0ffff increase -1 ,pdata +4195 67e2016c store 1 ,mem_nameres_cnt +4196 247a0000 nrtn blank +4197 202063e8 branch lmp_disconnect + +master_disconnect: +4198 44904004 bpatch patch04_0 ,mem_patch04 +4199 20404459 call quit_connection +419a 7854fc00 disable master +419b 6fe2004c fetch 1 ,mem_state_map +419c c282419e bbit1 smap_name_req ,master_name_disconnect +419d 20600000 rtn + +master_name_disconnect: +419e 6fe2004c fetch 1 ,mem_state_map +419f c3818000 rtnbit1 smap_name_res + +master_name_error: +41a0 d8a000ff arg mem_tmp_buffer ,contw +41a1 df200008 arg 8 ,loopcnt +41a2 20207ca1 branch memset0 + +check_disconnect_timeout: +41a3 4490c004 bpatch patch04_1 ,mem_patch04 +41a4 78347c00 enable user +41a5 6fe2004b fetch 1 ,mem_op +41a6 c4018000 rtnbit0 op_disconn +41a7 204041aa call conn_timer_expired +41a8 247a0000 nrtn blank +41a9 20207dc1 branch disable_user + +conn_timer_expired: +41aa 6fe20072 fetch 1 ,mem_conn_timer +41ab 1fe0ffff increase -1 ,pdata +41ac 67e20072 store 1 ,mem_conn_timer +41ad 20600000 rtn + +linkkey_ready: +41ae 44914004 bpatch patch04_2 ,mem_patch04 +41af 6fe20030 fetch 1 ,mem_state +41b0 c283c1b7 bbit1 state_linkkey ,linkkey_set +41b1 6fe209b1 fetch 1 ,mem_pairing_auth +41b2 203a41b7 branch linkkey_set ,blank +41b3 7009b100 jam defalt_pairing_auth ,mem_pairing_auth +41b4 700a9518 jam bt_evt_linkkey_generate ,mem_fifo_temp +41b5 20407bab call ui_ipc_send_event +41b6 202041b7 branch linkkey_set + +linkkey_set: +41b7 4491c004 bpatch patch04_3 ,mem_patch04 +41b8 20404250 call context_traverse_linkkey +41b9 6fe20030 fetch 1 ,mem_state +41ba 79207e07 set1 state_linkkey ,pdata +41bb 67e20030 store 1 ,mem_state +41bc 7041be01 jam 1 ,mem_link_key_exists +41bd 6fe20055 fetch 1 ,mem_conn_sm +41be c08b41bf bne conn_sm_pairing ,linkkey_set_continue + +linkkey_set_continue: +41bf 20600000 rtn + +generate_linkkey_continue: +41c0 7009b101 jam pairing_auth ,mem_pairing_auth + +clear_linkstate: +41c1 6fe20030 fetch 1 ,mem_state +41c2 793ffe07 set0 state_linkkey ,pdata +41c3 67e20030 store 1 ,mem_state +41c4 20600000 rtn + +role_switch_check: +41c5 44924004 bpatch patch04_4 ,mem_patch04 +41c6 78547c00 disable user +41c7 6fe40032 fetch 2 ,mem_tsniff +41c8 d840ffff arg 0xffff ,temp +41c9 98467c00 isub temp ,null +41ca 24628000 nrtn zero +41cb 6fe80034 fetch 4 ,mem_sniff_anchor +41cc 203841cf branch role_switch_clkn ,clknt +41cd 9d067e00 isub clke_bt ,pdata +41ce 202041d0 branch role_switch_clke + +role_switch_clkn: +41cf 9c467e00 isub clkn_bt ,pdata + +role_switch_clke: +41d0 1fe67c04 sub pdata ,4 ,null +41d1 24610000 nrtn positive +41d2 18007e00 force 0 ,pdata +41d3 67e40032 store 2 ,mem_tsniff +41d4 20207dbf branch enable_user + +role_switch_prepare: +41d5 1fe20400 copy pdata ,temp +41d6 4492c004 bpatch patch04_5 ,mem_patch04 +41d7 60480034 storet 4 ,mem_sniff_anchor + +role_switch_prepare0: +41d8 70452d01 jam switch_flag_accept ,mem_switch_flag +41d9 5800ffff setarg 0xffff +41da 67e40032 store 2 ,mem_tsniff +41db 70007301 jam 1 ,mem_sniff_attempt +41dc 20600000 rtn + +role_switch_master: +41dd 44934004 bpatch patch04_6 ,mem_patch04 +41de 204041c5 call role_switch_check +41df 24740000 nrtn user +41e0 78547c00 disable user +41e1 70001120 jam param_newconnto ,mem_newconnto_counter +41e2 793f800b set0 mark_fhs_already_good ,mark + +roles_waitfhs_loop: +41e3 20404a4e call rf_setup_time_master_slot +41e4 204042e2 call master_recv_packet +41e5 c505c1f0 bmark1 mark_fhs_already_good ,roles_replyto_fhs +41e6 20404451 call new_conn_timeout +41e7 243a41e3 nbranch roles_waitfhs_loop ,blank + +role_switch_fail_master: +41e8 4493c004 bpatch patch04_7 ,mem_patch04 +41e9 78547c00 disable user +41ea 1c427e00 deposit clkn_bt +41eb 67e840ca store 4 ,mem_next_btclk +41ec 78387c00 enable clknt +41ed 7834fc00 enable master +41ee 700a952a jam bt_evt_switch_fail_master ,mem_fifo_temp +41ef 20207bab branch ui_ipc_send_event + +roles_replyto_fhs: +41f0 44944005 bpatch patch05_0 ,mem_patch05 +41f1 20404a4c call rf_setup_time_slave_slot +41f2 d8200010 arg type_id ,type +41f3 204042d8 call master_send_packet +41f4 78587c00 disable clknt +41f5 7854fc00 disable master +41f6 20404814 call apply_switch_clke +41f7 20404431 call prepare_newconn + +roles_newconns_loop: +41f8 4494c005 bpatch patch05_1 ,mem_patch05 +41f9 20404478 call slave_newconn_once +41fa 2036c1fe branch roles_newconns_responded ,match +41fb 20404451 call new_conn_timeout +41fc 243a41f8 nbranch roles_newconns_loop ,blank +41fd 202041e8 branch role_switch_fail_master + +roles_newconns_responded: +41fe 6fe20031 fetch 1 ,mem_mode +41ff 793ffe01 set0 mode_master ,pdata +4200 67e20031 store 1 ,mem_mode +4201 20404a87 call supervision_flush +4202 2040483d call calc_clke_offset +4203 78347c00 enable user +4204 700a952b jam bt_evt_switch_success_master ,mem_fifo_temp +4205 20207bab branch ui_ipc_send_event + +context_load: +4206 44954005 bpatch patch05_2 ,mem_patch05 +4207 79200009 set1 mark_context ,mark +4208 1a227e00 deposit rega +4209 67e4001e store 2 ,mem_context_ptr +420a 18007250 force context_size ,loopcnt +420b d8a0043b arg mem_le_state ,contw +420c 1a208c01 add rega ,coffset_mode ,contr +420d efe20006 ifetch 1 ,contr +420e 1a220c00 copy rega ,contr +420f c2807cdc bbit1 mode_le ,memcpy +4210 d8a00030 arg mem_state ,contw +4211 20407cdc call memcpy +4212 78577c00 disable attempt +4213 6fe20077 fetch 1 ,mem_amaddr +4214 98000800 iforce am_addr +4215 70008a01 jam 1 ,mem_current_sniff_attempt +4216 2034c218 branch context_load_master ,master +4217 70008a01 jam 1 ,mem_current_sniff_attempt + +context_load_master: +4218 6fe20030 fetch 1 ,mem_state +4219 c4008000 rtnbit0 state_insniff +421a 6fe20073 fetch 1 ,mem_sniff_attempt +421b 67e2008a store 1 ,mem_current_sniff_attempt +421c 6fe20074 fetch 1 ,mem_sniff_timeout +421d 67e2008b store 1 ,mem_current_sniff_timeout +421e 20600000 rtn + +context_save: +421f 4495c005 bpatch patch05_3 ,mem_patch05 +4220 6fe4001e fetch 2 ,mem_context_ptr +4221 98000a00 iforce contw +4222 18007250 force context_size ,loopcnt +4223 d8c0043b arg mem_le_state ,contr +4224 203b7cdc branch memcpy ,le +4225 d8c00030 arg mem_state ,contr +4226 20207cdc branch memcpy + +context_get_next: +4227 df200001 arg context_num ,loopcnt +4228 68420015 fetcht 1 ,mem_current_context + +context_get_next_loop: +4229 18408401 increase 1 ,temp +422a 2841fe01 compare context_num ,temp ,0xff +422b 2420c22d nbranch context_get_next_cont ,true +422c d8400000 arg 0 ,temp + +context_get_next_cont: +422d 60420015 storet 1 ,mem_current_context +422e 184ffe50 mul32 temp ,context_size ,pdata +422f da204040 arg mem_context ,rega +4230 9a20a200 iadd rega ,rega +4231 efe20011 ifetch 1 ,rega +4232 c280c235 bbit1 state_insniff ,context_get_next_sniff +4233 c3800000 rtnbit1 state_inconn +4234 c3818000 rtnbit1 state_inpage + +context_get_next_sniff: +4235 c2004229 loop context_get_next_loop +4236 20600000 rtn + +context_new: +4237 44964005 bpatch patch05_4 ,mem_patch05 +4238 da604266 arg context_search_empty ,regc +4239 2040425d call context_search +423a 24628000 nrtn zero +423b 1a227e00 deposit rega +423c 67e4001e store 2 ,mem_context_ptr +423d 18007c00 force 0 ,null +423e 20600000 rtn + +context_check_all_wack: +423f 20404721 call check_esco_amaddr +4240 2020c247 branch context_check_esco_wack ,true +4241 6fe4001e fetch 2 ,mem_context_ptr +4242 1fe08a17 add pdata ,coffset_arq ,contw +4243 6fe20047 fetch 1 ,mem_arq +4244 e7e20005 istore 1 ,contw +4245 da6042a6 arg context_check_a_wack ,regc +4246 2020425d branch context_search + +context_check_esco_wack: +4247 6fe20047 fetch 1 ,mem_arq +4248 2feffe03 isolate1 wack ,pdata +4249 2020c24c branch context_esco_wack ,true +424a 18007c01 force 1 ,null +424b 20600000 rtn + +context_esco_wack: +424c 18007c00 force 0 ,null +424d 20600000 rtn + +context_check_idle: +424e da6042a3 arg context_check_inconn ,regc +424f 2020425d branch context_search + +context_traverse_linkkey: +4250 6844001e fetcht 2 ,mem_context_ptr +4251 da6042cb arg context_traverse_clearkey ,regc +4252 2020425d branch context_search + +context_search_conn_handle: +4253 684241d0 fetcht 1 ,mem_hci_conn_handle + +context_search_conn_handle2: +4254 da604271 arg context_search_handle ,regc +4255 2020425d branch context_search + +context_search_plap: +4256 4496c005 bpatch patch05_5 ,mem_patch05 +4257 684c41d1 fetcht 6 ,mem_hci_plap + +context_search_plap2: +4258 da60426a arg context_search_lap ,regc +4259 2020425d branch context_search + +context_search_insniff: +425a da604277 arg context_search_sniff ,regc +425b 2020425d branch context_search + +context_search_sniff_window: +425c da6042c2 arg context_search_window ,regc + +context_search: +425d 44974005 bpatch patch05_6 ,mem_patch05 +425e da204040 arg mem_context ,rega +425f df200001 arg context_num ,loopcnt + +context_search_loop: +4260 efe20011 ifetch 1 ,rega +4261 1a627a00 copy regc ,pc + +context_search_next: +4262 1a20a250 increase context_size ,rega +4263 c2004260 loop context_search_loop +4264 18007c01 force 1 ,null +4265 20600000 rtn + +context_search_empty: +4266 c2804262 bbit1 state_inconn ,context_search_next +4267 c281c262 bbit1 state_inpage ,context_search_next +4268 18007c00 force 0 ,null +4269 20600000 rtn + +context_search_lap: +426a c281c26c bbit1 state_inpage ,context_search_lap_cont +426b c3004262 bbit0 state_inconn ,context_search_next + +context_search_lap_cont: +426c 1a208c10 add rega ,coffset_plap ,contr +426d efec0006 ifetch 6 ,contr +426e 98467c00 isub temp ,null +426f 20628000 rtn zero +4270 20204262 branch context_search_next + +context_search_handle: +4271 c3004262 bbit0 state_inconn ,context_search_next +4272 1a208c16 add rega ,coffset_conn_handle ,contr +4273 efe20006 ifetch 1 ,contr +4274 98467c00 isub temp ,null +4275 20628000 rtn zero +4276 20204262 branch context_search_next + +context_search_sniff: +4277 c300c262 bbit0 state_insniff ,context_search_next + +context_search_sniff_loop: +4278 204042af call context_get_anchor +4279 20404293 call sign_pdata_temp +427a 98467e00 isub temp ,pdata +427b 1fe0fe01 increase 1 ,pdata +427c 2021428d branch context_search_sniff_miss ,positive +427d 18c22400 copy contr ,regb +427e 67f20a9e store 9 ,mem_temp +427f 6fe24492 fetch 1 ,mem_le_sc_calc +4280 243a4285 nbranch context_search_sniff_sc ,blank +4281 6ff20a9e fetch 9 ,mem_temp +4282 1a420c00 copy regb ,contr +4283 1fe0fe05 increase 5 ,pdata +4284 20204288 branch context_search_meet1 + +context_search_sniff_sc: +4285 6ff20a9e fetch 9 ,mem_temp +4286 1a420c00 copy regb ,contr +4287 1fe0fe14 increase 20 ,pdata + +context_search_meet1: +4288 24214262 nbranch context_search_next ,positive + +context_search_meet: +4289 18424200 copy temp ,bt_clk +428a 204042bb call context_next_anchor +428b 18007c00 force 0 ,null +428c 20600000 rtn + +context_search_sniff_miss: +428d 98002400 iforce regb +428e 1a208c02 add rega ,coffset_tsniff ,contr +428f efe40006 ifetch 2 ,contr +4290 203a4289 branch context_search_meet ,blank +4291 204042bb call context_next_anchor +4292 20204278 branch context_search_sniff_loop + +sign_pdata_temp: +4293 1ff11600 rshift16 pdata ,timeup +4294 196c9600 rshift8 timeup ,timeup +4295 2022c29d branch sign_pdata_temp_p0 ,zero +4296 29601e0f compare 0xf ,timeup ,0xf +4297 24608000 nrtn true +4298 18511600 rshift16 temp ,timeup +4299 196c9600 rshift8 timeup ,timeup +429a 24628000 nrtn zero +429b 7920041c set1 28 ,temp +429c 20600000 rtn + +sign_pdata_temp_p0: +429d 18511600 rshift16 temp ,timeup +429e 196c9600 rshift8 timeup ,timeup +429f 29601e0f compare 0xf ,timeup ,0xf +42a0 24608000 nrtn true +42a1 79207e1c set1 28 ,pdata +42a2 20600000 rtn + +context_check_inconn: +42a3 c3004262 bbit0 state_inconn ,context_search_next +42a4 18007c00 force 0 ,null +42a5 20600000 rtn + +context_check_a_wack: +42a6 c3004262 bbit0 state_inconn ,context_search_next +42a7 1a208c01 add rega ,coffset_mode ,contr +42a8 efe20006 ifetch 1 ,contr +42a9 c2804262 bbit1 mode_le ,context_search_next +42aa 1a208c17 add rega ,coffset_arq ,contr +42ab efe20006 ifetch 1 ,contr +42ac c301c262 bbit0 wack ,context_search_next +42ad 18007c00 force 0 ,null +42ae 20600000 rtn + +context_get_anchor: +42af 1a208c01 add rega ,coffset_mode ,contr +42b0 e8420006 ifetcht 1 ,contr +42b1 1c427e00 deposit clkn_bt +42b2 284ffe01 isolate1 mode_master ,temp +42b3 1a208c04 add rega ,coffset_sniff_anchor ,contr +42b4 e8480006 ifetcht 4 ,contr +42b5 20608000 rtn true +42b6 1a208c08 add rega ,coffset_clk_offset ,contr +42b7 efec0006 ifetch 6 ,contr +42b8 20404850 call calc_clke2 +42b9 1d027e00 deposit clke_bt +42ba 20600000 rtn + +context_next_anchor: +42bb 1a208c02 add rega ,coffset_tsniff ,contr +42bc 1a208a04 add rega ,coffset_sniff_anchor ,contw +42bd efe40006 ifetch 2 ,contr +42be 98409600 iadd temp ,timeup +42bf 19627e00 deposit timeup +42c0 e7e80005 istore 4 ,contw +42c1 20205823 branch le_context_nexthop + +context_search_window: +42c2 c300c262 bbit0 state_insniff ,context_search_next +42c3 204042af call context_get_anchor +42c4 9b60fe00 iadd stop_watch ,pdata +42c5 9b60fe00 iadd stop_watch ,pdata +42c6 98e0fe00 iadd queue ,pdata +42c7 98467c00 isub temp ,null +42c8 24214262 nbranch context_search_next ,positive +42c9 18007c00 force 0 ,null +42ca 20600000 rtn + +context_traverse_clearkey: +42cb c3004262 bbit0 state_inconn ,context_search_next +42cc 18427e00 deposit temp +42cd 9a267c00 isub rega ,null +42ce 203f4262 branch context_search_next ,null +42cf 1a208c01 add rega ,coffset_mode ,contr +42d0 efe20006 ifetch 1 ,contr +42d1 c2804262 bbit1 mode_le ,context_search_next +42d2 efe20011 ifetch 1 ,rega +42d3 793ffe07 set0 state_linkkey ,pdata +42d4 e7e20011 istore 1 ,rega +42d5 20204262 branch context_search_next + +master_conn_send_packet: +42d6 4497c005 bpatch patch05_7 ,mem_patch05 +42d7 20404a4e call rf_setup_time_master_slot + +master_send_packet: +42d8 1c40c201 add clkn_bt ,1 ,bt_clk +42d9 204048de call fetch_self_bt_adr +42da 18004803 force 0x03 ,freq_mode +42db 204048ce call tx_radio_freq +42dc 20404a50 call start_transmitter +42dd 20404a55 call start_tx_native +42de 20404a63 call send_access_word +42df 2020475e branch transmit_packet + +master_conn_recv_packet: +42e0 44984006 bpatch patch06_0 ,mem_patch06 +42e1 20404a4c call rf_setup_time_slave_slot + +master_recv_packet: +42e2 1c40c201 add clkn_bt ,1 ,bt_clk +42e3 204048de call fetch_self_bt_adr +42e4 18004803 force 0x03 ,freq_mode +42e5 204048c8 call rx_radio_freq +42e6 20404426 call init_rx_packet_flags +42e7 204049f0 call prep_crypt +42e8 20404a5a call start_rx_native +42e9 204049ea call start_receiver + +master_rx_conn_finish_packet: +42ea 20404a0c call wait_access_clkn_rt +42eb 246c0000 nrtn sync +42ec 204049ba call save_rssi +42ed 20204518 branch receive_packet + +master_newconn_once: +42ee 4498c006 bpatch patch06_1 ,mem_patch06 +42ef 6fe2017f fetch 1 ,mem_fhs_am_addr +42f0 98000800 iforce am_addr +42f1 18000201 force type_poll ,type +42f2 204042d6 call master_conn_send_packet +42f3 202042e0 branch master_conn_recv_packet + +inquiry_scan_dispatch: +42f4 6fe24093 fetch 1 ,mem_scan_mode +42f5 c4000000 rtnbit0 inq_scan_mode +42f6 18000e04 force iscan_interval_timer ,queue +42f7 20407cf1 call timer_check +42f8 247a0000 nrtn blank +42f9 684440ad fetcht 2 ,mem_iscan_window +42fa 18000e04 force 4 ,queue +42fb 20404718 call sniff_check_window +42fc 20740000 rtn user +42fd 20404304 call inquiry_scan_start +42fe 18000e04 force iscan_interval_timer ,queue +42ff 6fe440af fetch 2 ,mem_iscan_interval +4300 242c7ce3 nbranch timer_init ,sync +4301 180a7e00 random pdata +4302 9ea17e00 iand mask3ff ,pdata +4303 20207ce3 branch timer_init + +inquiry_scan_start: +4304 44994006 bpatch patch06_2 ,mem_patch06 +4305 70017f00 jam 0 ,mem_fhs_am_addr +4306 78587c00 disable clknt +4307 78577c00 disable attempt +4308 204048a0 call afh_clear +4309 1c4143fc and clkn_bt ,0x1fc ,bt_clk +430a 18004801 force 0x01 ,freq_mode +430b 204048d4 call fetch_giac +430c 204048c8 call rx_radio_freq +430d 7940001d setflip mark_inquiry_state ,mark +430e 6fe20006 fetch 1 ,mem_inquiryscan_waitcnt +430f 1fe0fe01 increase 1 ,pdata +4310 67e20006 store 1 ,mem_inquiryscan_waitcnt +4311 204048ee call fetch_diac +4312 204049ea call start_receiver +4313 20404a13 call wait_access_forever +4314 246c0000 nrtn sync +4315 4499c006 bpatch patch06_3 ,mem_patch06 +4316 18003600 force 0 ,stop_watch +4317 204048f5 call shutdown_radio +4318 6fe20007 fetch 1 ,mem_inquiryscan_rcvcnt +4319 1fe0fe01 increase 1 ,pdata +431a 67e20007 store 1 ,mem_inquiryscan_rcvcnt +431b 204048d4 call fetch_giac +431c 20404a4c call rf_setup_time_slave_slot +431d 1c21c202 or_into 0x002 ,bt_clk +431e 18004801 force 0x01 ,freq_mode +431f 204048ce call tx_radio_freq +4320 204048ee call fetch_diac +4321 20404a50 call start_transmitter +4322 20404a5e call start_tx_external +4323 1c427e00 deposit clkn_bt +4324 67e8015f store 4 ,mem_clkn_bt +4325 20404a63 call send_access_word +4326 18000202 force type_fhs ,type +4327 18000800 force 0 ,am_addr +4328 20404a6a call scan_mode_whiten +4329 20404762 call transmit_packet_whitened +432a 2040432e call send_eir +432b 1c2143fd and_into 0x1fd ,bt_clk +432c 1cc0cc01 increase 1 ,n_tx_slot +432d 20600000 rtn + +send_eir: +432e 449a4006 bpatch patch06_4 ,mem_patch06 +432f 6fe240d1 fetch 1 ,mem_eir_enable +4330 207a0000 rtn blank +4331 d8a0018c arg mem_eir ,contw +4332 6fe244e7 fetch 1 ,mem_local_name_length +4333 1fe27200 copy pdata ,loopcnt +4334 1fe0fe01 increase 1 ,pdata +4335 e7e20005 istore 1 ,contw +4336 18a20400 copy contw ,temp +4337 1fe0fe01 increase 1 ,pdata +4338 67e441dd store 2 ,mem_tx_len +4339 18420a00 copy temp ,contw +433a 58000009 setarg 0x09 +433b e7e20005 istore 1 ,contw +433c d8c044e8 arg mem_local_name ,contr +433d 20407cdc call memcpy +433e da60455f arg mem_all_uuid_128bits ,regc +433f df200004 arg 4 ,loopcnt +4340 20404350 call get_all_uuid +4341 da604549 arg mem_all_uuid_16bits ,regc +4342 df200001 arg 1 ,loopcnt +4343 20404350 call get_all_uuid +4344 1800020a force type_dm3 ,type +4345 7041dc02 jam 2 ,mem_tx_lch +4346 5800018c setarg mem_eir +4347 67e4016d store 2 ,mem_txptr +4348 20404a4c call rf_setup_time_slave_slot +4349 204048ce call tx_radio_freq +434a 20404a50 call start_transmitter +434b 20404a5e call start_tx_external +434c 20404a63 call send_access_word +434d 20404a6a call scan_mode_whiten +434e 20404762 call transmit_packet_whitened +434f 20600000 rtn + +get_all_uuid: +4350 18a20400 copy contw ,temp +4351 1a620c00 copy regc ,contr +4352 efe20006 ifetch 1 ,contr +4353 207a0000 rtn blank + +lshift_loop: +4354 1fe3fe00 lshift pdata ,pdata +4355 c2004354 loop lshift_loop +4356 1fe22200 copy pdata ,rega +4357 1fe0fe02 increase 2 ,pdata +4358 1fe20e00 copy pdata ,queue +4359 6fe441dd fetch 2 ,mem_tx_len +435a 98e0fe00 iadd queue ,pdata +435b 67e441dd store 2 ,mem_tx_len +435c 18420a00 copy temp ,contw +435d 1a227e00 copy rega ,pdata +435e 1fe0fe01 increase 1 ,pdata +435f e7e20005 istore 1 ,contw +4360 1a620c00 copy regc ,contr +4361 efe20006 ifetch 1 ,contr +4362 efe20006 ifetch 1 ,contr +4363 e7e20005 istore 1 ,contw +4364 1a227200 copy rega ,loopcnt +4365 20207cdc branch memcpy + +page_scan_dispatch: +4366 6fe24093 fetch 1 ,mem_scan_mode +4367 c4008000 rtnbit0 page_scan_mode +4368 18000e05 force pscan_interval_timer ,queue +4369 20407cf1 call timer_check +436a 247a0000 nrtn blank +436b 684440b1 fetcht 2 ,mem_pscan_window +436c 18000e28 force 40 ,queue +436d 20404718 call sniff_check_window +436e 20740000 rtn user +436f 18000800 force 0 ,am_addr +4370 70001008 jam param_pagerespto ,mem_fhs_wait_counter +4371 793f800b set0 mark_fhs_already_good ,mark +4372 20404376 call page_scan_start +4373 18000e05 force pscan_interval_timer ,queue +4374 6fe440b3 fetch 2 ,mem_pscan_interval +4375 20207ce3 branch timer_init + +page_scan_start: +4376 449ac006 bpatch patch06_5 ,mem_patch06 +4377 78587c00 disable clknt +4378 204048a0 call afh_clear +4379 6fe20008 fetch 1 ,mem_pagescan_waitcnt +437a 1fe0fe01 increase 1 ,pdata +437b 67e20008 store 1 ,mem_pagescan_waitcnt +437c 18004c00 force 0 ,n_tx_slot +437d 204048de call fetch_self_bt_adr +437e 1c40c201 add clkn_bt ,1 ,bt_clk +437f 18004802 force 0x02 ,freq_mode +4380 449b4006 bpatch patch06_6 ,mem_patch06 +4381 204048c8 call rx_radio_freq +4382 204049ea call start_receiver +4383 20404a13 call wait_access_forever +4384 246c0000 nrtn sync +4385 204048f5 call shutdown_radio +4386 6fe20009 fetch 1 ,mem_pagescan_rcvcnt +4387 1fe0fe01 increase 1 ,pdata +4388 67e20009 store 1 ,mem_pagescan_rcvcnt +4389 18003600 force 0 ,stop_watch +438a 20404a4c call rf_setup_time_slave_slot +438b 1c21c202 or_into 0x002 ,bt_clk +438c 18004801 force 0x01 ,freq_mode +438d 204048ce call tx_radio_freq +438e 20404a50 call start_transmitter +438f 20404a5e call start_tx_external +4390 20404a63 call send_access_word +4391 20404649 call end_of_packet +4392 18000800 force 0 ,am_addr +4393 d9600600 arg param_rf_setup ,timeup +4394 35330200 until clke_rt ,meet +4395 1d01d003 or_into 0x03 ,clke_bt +4396 1c2143fd and_into 0x1fd ,bt_clk + +page_scan_wait_fhs_restart: +4397 449bc006 bpatch patch06_7 ,mem_patch06 +4398 1cc0cc01 increase 1 ,n_tx_slot +4399 204048c8 call rx_radio_freq +439a 204049ea call start_receiver +439b 20404a06 call wait_access_mhalfbnd +439c 242c43a0 nbranch page_scan_wait_fhs_again ,sync +439d 20404a6a call scan_mode_whiten +439e 2040451a call receive_packet_whitened +439f c505c3a7 bmark1 mark_fhs_already_good ,page_scan_reply_to_fhs + +page_scan_wait_fhs_again: +43a0 449c4007 bpatch patch07_0 ,mem_patch07 +43a1 6fe20010 fetch 1 ,mem_fhs_wait_counter +43a2 207a0000 rtn blank +43a3 1fe0ffff increase -1 ,pdata +43a4 67e20010 store 1 ,mem_fhs_wait_counter +43a5 20404a4e call rf_setup_time_master_slot +43a6 20204397 branch page_scan_wait_fhs_restart + +page_scan_reply_to_fhs: +43a7 449cc007 bpatch patch07_1 ,mem_patch07 +43a8 793fd001 set0 1 ,clke_bt +43a9 79205000 set1 0 ,clke_bt +43aa 6fe2000a fetch 1 ,mem_pagescan_rcvfhscnt +43ab 1fe0fe01 increase 1 ,pdata +43ac 67e2000a store 1 ,mem_pagescan_rcvfhscnt +43ad 20404a4c call rf_setup_time_slave_slot +43ae 1c21c202 or_into 0x02 ,bt_clk +43af 204048ce call tx_radio_freq +43b0 20404a50 call start_transmitter +43b1 20404a5e call start_tx_external +43b2 20404a63 call send_access_word +43b3 20404649 call end_of_packet + +slave_apply_clke_bt: +43b4 2d000603 compare 0x03 ,clke_bt ,0x03 +43b5 2020c3b8 branch slave_apply_clke_bt_now ,true +43b6 37cb8200 until null ,mhalfbnd +43b7 202043b4 branch slave_apply_clke_bt + +slave_apply_clke_bt_now: +43b8 6fe80163 fetch 4 ,mem_clke_bt +43b9 1fe1fe03 or_into 0x03 ,pdata +43ba 1fe25000 icopy clke_bt + +start_slave_connection: +43bb 449d4007 bpatch patch07_2 ,mem_patch07 +43bc 6fec0176 fetch 6 ,extm_lap +43bd 67ec0040 store 6 ,mem_plap +43be 20404431 call prepare_newconn + +slave_newconn_loop: +43bf 20404478 call slave_newconn_once +43c0 2036c3c4 branch sconn_successful ,match +43c1 20404451 call new_conn_timeout +43c2 243a43bf nbranch slave_newconn_loop ,blank +43c3 20600000 rtn + +sconn_successful: +43c4 449dc007 bpatch patch07_3 ,mem_patch07 +43c5 2040443c call newconn_init +43c6 20404237 call context_new +43c7 24628000 nrtn zero +43c8 70003100 jam 0 ,mem_mode +43c9 2040483d call calc_clke_offset +43ca 2020421f branch context_save + +slave_dispatch: +43cb 449e4007 bpatch patch07_4 ,mem_patch07 +43cc 2040484c call calc_clke +43cd 204043ef call role_switch_slave +43ce 20740000 rtn user + +slave_loop: +43cf 449ec007 bpatch patch07_5 ,mem_patch07 +43d0 20404c24 call check_bt_disabled +43d1 20406b69 call scheduler_process +43d2 20404510 call slave_conn_recv_packet +43d3 2436c3de nbranch slave_notmatch ,match +43d4 20404a87 call supervision_flush +43d5 20406b81 call scheduler_tx_l2cap_pkt +43d6 20404485 call prepare_tx +43d7 20404753 call slave_conn_send_packet +43d8 20404724 call parse_l2cap +43d9 204060e9 call parse_lmp +43da 6fe2000b fetch 1 ,mem_slave_rcvcnt +43db 1fe0fe01 increase 1 ,pdata +43dc 67e2000b store 1 ,mem_slave_rcvcnt +43dd 2040483d call calc_clke_offset + +slave_notmatch: +43de 449f4007 bpatch patch07_6 ,mem_patch07 +43df 20404b86 call lpm_set_mult +43e0 20404a7e call supervision_update +43e1 202143e7 branch slave_disconnect ,positive +43e2 204041a3 call check_disconnect_timeout +43e3 243443e7 nbranch slave_disconnect ,user +43e4 204046ef call check_attempt +43e5 243a43cf nbranch slave_loop ,blank +43e6 20600000 rtn + +slave_disconnect: +43e7 449fc007 bpatch patch07_7 ,mem_patch07 +43e8 70014f00 jam 0 ,mem_tester_emulate +43e9 70017d00 jam 0 ,mem_debug_config +43ea 20404459 call quit_connection +43eb 793f8011 set0 mark_testmode ,mark +43ec 20407d8c call test_enable_white +43ed 6fe20030 fetch 1 ,mem_state +43ee 20600000 rtn + +role_switch_slave: +43ef 44a04008 bpatch patch08_0 ,mem_patch08 +43f0 204041c5 call role_switch_check +43f1 24740000 nrtn user +43f2 18820400 copy am_addr ,temp +43f3 20404a6e call get_free_amaddr +43f4 67e2017f store 1 ,mem_fhs_am_addr +43f5 18420800 copy temp ,am_addr +43f6 70001120 jam param_newconnto ,mem_newconnto_counter + +roles_sendfhs_loop: +43f7 44a0c008 bpatch patch08_1 ,mem_patch08 +43f8 20404a4e call rf_setup_time_master_slot +43f9 18000202 force type_fhs ,type +43fa 2040474b call slave_send_access +43fb 1c427e00 deposit clkn_bt +43fc 67e8015f store 4 ,mem_clkn_bt +43fd 2040475e call transmit_packet +43fe 20404a4c call rf_setup_time_slave_slot +43ff 7837fc00 enable user3 +4400 204044f2 call slave_receive_access +4401 202c4409 branch roles_got_fhs_reply ,sync +4402 204048f5 call shutdown_radio +4403 20404451 call new_conn_timeout +4404 243a43f7 nbranch roles_sendfhs_loop ,blank +4405 c6820000 rtnmark0 mark_accept_switch +4406 70007c34 jam lmp_slot_offset ,mem_lmo_opcode2 +4407 79200003 set1 mark_switch_initiated ,mark +4408 20600000 rtn + +roles_got_fhs_reply: +4409 78387c00 enable clknt +440a 20404431 call prepare_newconn +440b 204048a0 call afh_clear + +roles_newconn_loop: +440c 44a14008 bpatch patch08_2 ,mem_patch08 +440d 204042ee call master_newconn_once +440e 202c4415 branch roles_newconn_responded ,sync +440f 20404451 call new_conn_timeout +4410 243a440c nbranch roles_newconn_loop ,blank +4411 78587c00 disable clknt +4412 1d027e00 deposit clke_bt +4413 67e840ca store 4 ,mem_next_btclk +4414 20600000 rtn + +roles_newconn_responded: +4415 7834fc00 enable master +4416 c582441b bmark0 mark_accept_switch ,roles_newconn_nolmp +4417 793f8004 set0 mark_accept_switch ,mark +4418 70007c03 jam lmp_accepted ,mem_lmo_opcode2 +4419 70007d33 jam lmp_host_connection_req ,mem_lmi_opcode2 +441a 204066da call tid_set_reply + +roles_newconn_nolmp: +441b 18827e00 deposit am_addr +441c 67e20077 store 1 ,mem_amaddr +441d 18007e00 force 0 ,pdata +441e 67ec0038 store 6 ,mem_clk_offset +441f 6fe20031 fetch 1 ,mem_mode +4420 79207e01 set1 mode_master ,pdata +4421 67e20031 store 1 ,mem_mode +4422 20404a87 call supervision_flush +4423 7854fc00 disable master +4424 78347c00 enable user +4425 20600000 rtn + +init_rx_packet_flags: +4426 44a1c008 bpatch patch08_3 ,mem_patch08 +4427 7856fc00 disable match +4428 793f8005 set0 mark_loopback ,mark +4429 793f800a set0 mark_am_addr_broadcast ,mark +442a 793f8010 set0 mark_longpacket ,mark +442b 793f800f set0 mark_old_packet ,mark +442c 6fe20047 fetch 1 ,mem_arq +442d 793ffe05 set0 arqnx ,pdata +442e 79207e04 set1 flowx ,pdata +442f 67e20047 store 1 ,mem_arq +4430 20600000 rtn + +prepare_newconn: +4431 44a24008 bpatch patch08_4 ,mem_patch08 +4432 70001120 jam param_newconnto ,mem_newconnto_counter +4433 70004750 jam param_newconn_arq ,mem_arq +4434 6fe440bf fetch 2 ,mem_rx_window_init +4435 67e4003e store 2 ,mem_rx_window +4436 1c427e00 deposit clkn_bt +4437 67e840ca store 4 ,mem_next_btclk +4438 20780000 rtn clknt +4439 1d027e00 deposit clke_bt +443a 67e840ca store 4 ,mem_next_btclk +443b 20600000 rtn + +newconn_init: +443c 44a2c008 bpatch patch08_5 ,mem_patch08 +443d 204060e5 call init_lmp_reinit +443e 20404455 call new_conn_handle +443f 67e20046 store 1 ,mem_conn_handle +4440 58000000 setarg 0 +4441 67e40259 store 2 ,mem_l2cap_rxbuff1_len +4442 58001c80 setarg param_supervision_to +4443 67e40051 store 2 ,mem_supervision_to +4444 6fe20030 fetch 1 ,mem_state +4445 79207e00 set1 state_inconn ,pdata +4446 67e20030 store 1 ,mem_state +4447 70004b00 jam 0 ,mem_op +4448 70004c00 jam 0 ,mem_state_map +4449 7000a000 jam 0 ,mem_lpm_current_mult +444a 20204a87 branch supervision_flush + +clear_linkkey: +444b 44a34008 bpatch patch08_6 ,mem_patch08 +444c 18007e00 force 0 ,pdata +444d 67f041bf store 8 ,mem_link_key +444e e7f00005 istore 8 ,contw +444f 204041c1 call clear_linkstate +4450 20204250 branch context_traverse_linkkey + +new_conn_timeout: +4451 6fe20011 fetch 1 ,mem_newconnto_counter +4452 1fe0ffff increase -1 ,pdata +4453 67e20011 store 1 ,mem_newconnto_counter +4454 20600000 rtn + +new_conn_handle: +4455 6fe240cf fetch 1 ,mem_handle_num +4456 1fe0fe01 increase 1 ,pdata +4457 67e240cf store 1 ,mem_handle_num +4458 20600000 rtn + +quit_connection: +4459 44a3c008 bpatch patch08_7 ,mem_patch08 +445a 6fe241cf fetch 1 ,mem_hci_cmd +445b c001c45e beq hci_cmd_remote_name_req ,quit_connection_name +445c 6fe20048 fetch 1 ,mem_lmp_to_send +445d c080c462 bne lmp_name_req ,quit_connection_cont + +quit_connection_name: +445e 204050ec call cmd_check_plap +445f 2422c462 nbranch quit_connection_cont ,zero +4460 204041a0 call master_name_error +4461 7041cf00 jam 0 ,mem_hci_cmd + +quit_connection_cont: +4462 44a44009 bpatch patch09_0 ,mem_patch09 +4463 20404d3a call app_disconn_reason_collect_bt +4464 204046e5 call sniff_exit +4465 700a9502 jam bt_evt_bb_disconnected ,mem_fifo_temp +4466 20407bab call ui_ipc_send_event +4467 204060d8 call init_lmp_work +4468 20405145 call l2cap_init_work +4469 20407432 call sp_initialize +446a 6fe20030 fetch 1 ,mem_state +446b 793ffe00 set0 state_inconn +446c 67e20030 store 1 ,mem_state +446d 70465100 jam 0 ,memui_reconnect_mode +446e 6fe2004c fetch 1 ,mem_state_map +446f 2fe18000 compare 0x0 ,pdata ,0xc0 +4470 2020c472 branch quit_connection_not_clear_mark ,true +4471 793f8001 set0 mark_rxbuf_inuse ,mark + +quit_connection_not_clear_mark: +4472 6fe20047 fetch 1 ,mem_arq +4473 c301c474 bbit0 wack ,quit_connection_not_clear_tx + +quit_connection_not_clear_tx: +4474 6fe2004b fetch 1 ,mem_op +4475 c4030000 rtnbit0 op_txl2cap +4476 793f8002 set0 mark_tx_l2cap ,mark +4477 20600000 rtn + +slave_newconn_once: +4478 44a4c009 bpatch patch09_1 ,mem_patch09 +4479 6fe20172 fetch 1 ,extm_newconn_am_addr +447a 207a0000 rtn blank +447b 1fe20800 icopy am_addr +447c 20404510 call slave_conn_recv_packet +447d 24768000 nrtn match +447e 18000200 force type_null ,type +447f 20404753 call slave_conn_send_packet +4480 18827e00 deposit am_addr +4481 67e20077 store 1 ,mem_amaddr +4482 18007e00 force 0 ,pdata +4483 67e20172 store 1 ,extm_newconn_am_addr +4484 20600000 rtn + +prepare_tx: +4485 44a54009 bpatch patch09_2 ,mem_patch09 +4486 6fe20030 fetch 1 ,mem_state +4487 c3014492 bbit0 state_insco ,prepare_tx_not_sco +4488 18000207 force type_hv3 ,type +4489 c583c491 bmark0 mark_esco ,prepare_tx_not_esco +448a 20404721 call check_esco_amaddr +448b 2420c492 nbranch prepare_tx_not_sco ,true +448c 20374492 branch prepare_tx_not_sco ,attempt +448d 204044bd call set_wait_ack +448e 58000002 setarg 2 +448f 67e440c8 store 2 ,mem_retransmission_cnt +4490 20600000 rtn + +prepare_tx_not_esco: +4491 24770000 nrtn attempt + +prepare_tx_not_sco: +4492 44a5c009 bpatch patch09_3 ,mem_patch09 +4493 2040423f call context_check_all_wack +4494 2422c4a3 nbranch prepare_tx_no_retransmit ,zero +4495 6fe20047 fetch 1 ,mem_arq +4496 c301c4ac bbit0 wack ,prepare_tx_pollnull + +prepare_tx_retransmit: +4497 c502c4b0 bmark1 mark_loopback ,prepare_tx_loopback +4498 6fe2017d fetch 1 ,mem_debug_config +4499 c28344b6 bbit1 debug_tx_pattern ,prepare_tx_txpat +449a 6fe440c8 fetch 2 ,mem_retransmission_cnt +449b 1fe0ffff increase -1 ,pdata +449c 67e440c8 store 2 ,mem_retransmission_cnt +449d 203a44a1 branch prepare_tx_nomore_retransmit ,blank +449e 6fe240c5 fetch 1 ,mem_last_type +449f 98000200 iforce type +44a0 20600000 rtn + +prepare_tx_nomore_retransmit: +44a1 44a64009 bpatch patch09_4 ,mem_patch09 +44a2 20404683 call clear_got_tx + +prepare_tx_no_retransmit: +44a3 20404721 call check_esco_amaddr +44a4 2020c4ac branch prepare_tx_pollnull ,true +44a5 204063ec call send_lmp +44a6 203444ba branch prepare_tx_sendlmp ,user +44a7 6fe2004b fetch 1 ,mem_op +44a8 c28344bc bbit1 op_txl2cap ,prepare_tx_sendl2cap +44a9 c502c4b0 bmark1 mark_loopback ,prepare_tx_loopback +44aa 6fe2017d fetch 1 ,mem_debug_config +44ab c28344b6 bbit1 debug_tx_pattern ,prepare_tx_txpat + +prepare_tx_pollnull: +44ac 18000201 force type_poll ,type +44ad 20748000 rtn master +44ae 18000200 force type_null ,type +44af 20600000 rtn + +prepare_tx_loopback: +44b0 44a6c009 bpatch patch09_5 ,mem_patch09 +44b1 6fe20019 fetch 1 ,mem_rx_type +44b2 98000200 iforce type +44b3 c1808000 rtnne 1 +44b4 18000200 force type_null ,type +44b5 20600000 rtn + +prepare_tx_txpat: +44b6 6fe20156 fetch 1 ,test_mode_packet_type +44b7 1fe1020f and pdata ,0xf ,type +44b8 79200005 set1 mark_loopback ,mark +44b9 20600000 rtn + +prepare_tx_sendlmp: +44ba 18000213 force type_lmp ,type +44bb 202044bd branch set_wait_ack + +prepare_tx_sendl2cap: +44bc 204044c6 call tx_l2cap_type + +set_wait_ack: +44bd 44a74009 bpatch patch09_6 ,mem_patch09 +44be 68420047 fetcht 1 ,mem_arq +44bf 79200403 set1 wack ,temp +44c0 60420047 storet 1 ,mem_arq +44c1 18227e00 deposit type +44c2 67e240c5 store 1 ,mem_last_type +44c3 5800ffff setarg 0xffff +44c4 67e440c8 store 2 ,mem_retransmission_cnt +44c5 20600000 rtn + +tx_l2cap_type: +44c6 44a7c009 bpatch patch09_7 ,mem_patch09 +44c7 6fe2004c fetch 1 ,mem_state_map +44c8 2feffe05 isolate1 smap_edr ,pdata +44c9 6fe441dd fetch 2 ,mem_tx_len +44ca 2020c4dc branch tx_l2cap_type_edr ,true +44cb 18000203 force type_dm1 ,type +44cc 1fe67c11 sub pdata ,17 ,null +44cd 20610000 rtn positive +44ce 18000204 force type_dh1 ,type +44cf 1fe67c1b sub pdata ,27 ,null +44d0 20610000 rtn positive +44d1 1800020a force type_dm3 ,type +44d2 1fe67c79 sub pdata ,121 ,null +44d3 20610000 rtn positive +44d4 1800020b force type_dh3 ,type +44d5 1fe67cb7 sub pdata ,183 ,null +44d6 20610000 rtn positive +44d7 1800020e force type_dm5 ,type +44d8 1fe67ce0 sub pdata ,224 ,null +44d9 20610000 rtn positive +44da 1800020f force type_dh5 ,type +44db 20600000 rtn + +tx_l2cap_type_edr: +44dc 18000203 force type_dm1 ,type +44dd 1fe67c11 sub pdata ,17 ,null +44de 20610000 rtn positive +44df 18000204 force type_dh1 ,type +44e0 1fe67c36 sub pdata ,54 ,null +44e1 20610000 rtn positive +44e2 1800020a force type_dm3 ,type +44e3 d840016f arg 367 ,temp +44e4 98467c00 isub temp ,null +44e5 24610000 nrtn positive +44e6 1800020e force type_dm5 ,type +44e7 d84002a7 arg 679 ,temp +44e8 98467c00 isub temp ,null +44e9 24610000 nrtn positive +44ea 1800020f force type_dh5 ,type +44eb 20600000 rtn + +slave_receive_master_slot: +44ec 6fe20030 fetch 1 ,mem_state +44ed c300c4f1 bbit0 state_insniff ,slave_receive_notsniff +44ee 6fe40032 fetch 2 ,mem_tsniff +44ef 203a44f1 branch slave_receive_notsniff ,blank +44f0 243744f3 nbranch slave_receive_sniff ,attempt + +slave_receive_notsniff: +44f1 20404a4e call rf_setup_time_master_slot + +slave_receive_access: +44f2 1d00c201 add clke_bt ,1 ,bt_clk + +slave_receive_sniff: +44f3 78287c00 enable swfine +44f4 6fe4003e fetch 2 ,mem_rx_window +44f5 1fe37e00 rshift pdata ,pdata +44f6 d8400500 arg param_pll_setup ,temp +44f7 9840fe00 iadd temp ,pdata +44f8 20404a23 call ahead_window +44f9 204048e6 call fetch_extm_bt_adr +44fa 18004803 force 0x03 ,freq_mode +44fb 204048c8 call rx_radio_freq +44fc 20404426 call init_rx_packet_flags +44fd 204049f0 call prep_crypt +44fe 44a8400a bpatch patch0a_0 ,mem_patch0a +44ff 6fe4003e fetch 2 ,mem_rx_window +4500 1fe37e00 rshift pdata ,pdata +4501 20404a23 call ahead_window +4502 204049ea call start_receiver +4503 7826fc00 enable decode_fec0 +4504 6fe4003e fetch 2 ,mem_rx_window +4505 d84003bb arg param_clke_cal ,temp +4506 9840b600 iadd temp ,stop_watch +4507 37c18400 correlate null ,timeout +4508 1b420400 copy clke ,temp +4509 604c009a storet 6 ,mem_sync_clke +450a 7846fc00 disable decode_fec0 +450b 246c0000 nrtn sync +450c dd2003bb arg param_clke_cal ,clke_rt +450d 1c225000 copy bt_clk ,clke_bt +450e 2035cae6 branch lpm_adjust_clk ,wake +450f 20600000 rtn + +slave_conn_recv_packet: +4510 44a8c00a bpatch patch0a_1 ,mem_patch0a +4511 204044ec call slave_receive_master_slot +4512 242c48f5 nbranch shutdown_radio ,sync +4513 204049ba call save_rssi +4514 c588c518 bmark0 mark_testmode ,receive_packet +4515 6fe400f4 fetch 2 ,mem_tst_pktcnt_sync +4516 1fe0fe01 increase 1 ,pdata +4517 67e400f4 store 2 ,mem_tst_pktcnt_sync + +receive_packet: +4518 1c230400 rshift bt_clk ,temp +4519 18419c40 or temp ,0x40 ,white_init + +receive_packet_whitened: +451a 44a9400a bpatch patch0a_2 ,mem_patch0a +451b 7823fc00 enable enable_white +451c 78257c00 enable enable_hec +451d 7825fc00 enable decode_fec1 +451e 09800003 parse demod ,bucket ,3 +451f 198cfe00 rshift8 pwindow ,pdata +4520 67e2015b store 1 ,mem_temp_am_addr +4521 09800004 parse demod ,bucket ,4 +4522 08008007 inject bucket ,7 +4523 19827e00 copy pwindow ,pdata +4524 67e20019 store 1 ,mem_rx_type +4525 09800003 parse demod ,bucket ,3 +4526 198cfe00 rshift8 pwindow ,pdata +4527 67e2015c store 1 ,mem_temp_arq +4528 6fe20019 fetch 1 ,mem_rx_type +4529 1fe67c03 sub pdata ,3 ,null +452a 2021452f branch receive_packet_noedr ,positive +452b c003c52f beq 7 ,receive_packet_noedr +452c 6fe2004c fetch 1 ,mem_state_map +452d 2feffe05 isolate1 smap_edr ,pdata +452e 7920aa01 setflag true ,psk ,radio_ctrl + +receive_packet_noedr: +452f 44a9c00a bpatch patch0a_3 ,mem_patch0a +4530 09800008 parse demod ,bucket ,8 +4531 7845fc00 disable decode_fec1 +4532 78457c00 disable enable_hec +4533 2023462d branch error_header ,crc_failed +4534 c588c538 bmark0 mark_testmode ,receive_packet_amchk +4535 6fe400f6 fetch 2 ,mem_tst_pktcnt_hec +4536 1fe0fe01 increase 1 ,pdata +4537 67e400f6 store 2 ,mem_tst_pktcnt_hec + +receive_packet_amchk: +4538 44aa400a bpatch patch0a_4 ,mem_patch0a +4539 6fe2015b fetch 1 ,mem_temp_am_addr +453a 2fe00e00 compare 0 ,pdata ,0x07 +453b 7920800a setflag true ,mark_am_addr_broadcast ,mark +453c 2020c548 branch am_addr_ok ,true +453d a8800e00 icompare 0x07 ,am_addr +453e 2020c547 branch am_addr_match ,true +453f c583c649 bmark0 mark_esco ,end_of_packet +4540 684200ae fetcht 1 ,mem_saved_amaddr +4541 a8400e00 icompare 0x7 ,temp +4542 2420c649 nbranch end_of_packet ,true +4543 6fe20047 fetch 1 ,mem_arq +4544 793ffe05 set0 arqnx ,pdata +4545 79207e04 set1 flowx ,pdata +4546 67e20047 store 1 ,mem_arq + +am_addr_match: +4547 7836fc00 enable match + +am_addr_ok: +4548 44aac00a bpatch patch0a_5 ,mem_patch0a +4549 6fe20019 fetch 1 ,mem_rx_type +454a 1fe20200 icopy type +454b c5054557 bmark1 mark_am_addr_broadcast ,arqn_bypass +454c 6842015c fetcht 1 ,mem_temp_arq +454d 6fe20047 fetch 1 ,mem_arq +454e 793ffe00 set0 flow ,pdata +454f 284ffe00 isolate1 flow ,temp +4550 7920fe00 setflag true ,flow ,pdata +4551 284ffe01 isolate1 arqn ,temp +4552 7920fe01 setflag true ,arqn ,pdata +4553 67e20047 store 1 ,mem_arq +4554 284c0001 isolate0 arqn ,temp +4555 2020c557 branch arqn_bypass ,true +4556 20404683 call clear_got_tx + +arqn_bypass: +4557 44ab400a bpatch patch0a_6 ,mem_patch0a +4558 d8400000 arg 0 ,temp +4559 20404a1b call reserve_slot +455a 18217e0f and type ,0xf ,pdata +455b c000c583 beq type_poll ,process_poll +455c c0004649 beq type_null ,end_of_packet +455d c0014655 beq type_fhs ,process_fhs +455e 6842015c fetcht 1 ,mem_temp_arq +455f 6fe20047 fetch 1 ,mem_arq +4560 a8400800 icompare 0x04 ,temp +4561 2420c565 nbranch rx_type_dispatch ,true +4562 c5854564 bmark0 mark_am_addr_broadcast ,failed_seqn +4563 c303c565 bbit0 bcast1 ,rx_type_dispatch + +failed_seqn: +4564 7920000f set1 mark_old_packet ,mark + +rx_type_dispatch: +4565 44abc00a bpatch patch0a_7 ,mem_patch0a +4566 18227e00 deposit type +4567 c001c585 beq type_dm1 ,process_dm1 +4568 c0024589 beq type_dh1 ,process_dh1 +4569 c003c574 beq type_hv3 ,process_hev +456a c0044588 beq type_3dh1 ,process_3dh1 +456b d8400004 arg 4 ,temp +456c 20404a1b call reserve_slot +456d c0054584 beq type_dm3 ,process_dm3 +456e c005c587 beq type_dh3 ,process_dh3 +456f d8400008 arg 8 ,temp +4570 20404a1b call reserve_slot +4571 c0074584 beq type_dm5 ,process_dm5 +4572 c007c587 beq type_dh5 ,process_dh5 +4573 20600000 rtn + +process_hev: +4574 44ac400b bpatch patch0b_0 ,mem_patch0b +4575 7826fc00 enable decode_fec0 +4576 7824fc00 enable enable_crc +4577 78277c00 enable encrypt +4578 d8a000cf arg mem_sco_ibuf ,contw +4579 1800721e force 30 ,loopcnt + +process_hev_loop: +457a 09800008 parse demod ,bucket ,8 +457b 19897e00 rshift3 pwindow ,pdata +457c e7e20005 istore 1 ,contw +457d c200457a loop process_hev_loop +457e c583c649 bmark0 mark_esco ,end_of_packet +457f 09800010 parse demod ,bucket ,16 +4580 7d230008 nsetflag crc_failed ,mark_esco_rxok ,mark +4581 20234639 branch error_payload ,crc_failed +4582 2020461c branch ack_payload + +process_poll: +4583 20204649 branch end_of_packet + +process_dm3: + +process_dm5: +4584 79200010 set1 mark_longpacket ,mark + +process_dm1: +4585 78267c00 enable decode_fec2 +4586 2020458a branch process_dmh + +process_dh3: + +process_dh5: +4587 79200010 set1 mark_longpacket ,mark + +process_3dh1: +4588 79202a02 set1 psk3m ,radio_ctrl + +process_dh1: +4589 7826fc00 enable decode_fec0 + +process_dmh: +458a 44acc00b bpatch patch0b_1 ,mem_patch0b +458b c500c649 bmark1 mark_rxbuf_inuse ,end_of_packet +458c 2aac0001 isolate0 psk ,radio_ctrl +458d 2020c596 branch process_dmh_noedr ,true +458e 7843fc00 disable enable_white +458f 7826fc00 enable decode_fec0 +4590 78467c00 disable decode_fec2 +4591 1c409602 add clkn_bt ,2 ,timeup +4592 34530400 correlate clkn_bt ,meet +4593 242c4639 nbranch error_payload ,sync +4594 79200010 set1 mark_longpacket ,mark +4595 7823fc00 enable enable_white + +process_dmh_noedr: +4596 44ad400b bpatch patch0b_2 ,mem_patch0b +4597 78277c00 enable encrypt +4598 7824fc00 enable enable_crc +4599 09800003 parse demod ,bucket ,3 +459a 198cfe00 rshift8 pwindow ,pdata +459b 67e2017e store 1 ,mem_lch_code +459c 09800005 parse demod ,bucket ,5 +459d c50845a1 bmark1 mark_longpacket ,process_dmh_long +459e 19897200 rshift3 pwindow ,loopcnt +459f 1f297200 rshift3 loopcnt ,loopcnt +45a0 202045a4 branch process_dmh_common + +process_dmh_long: +45a1 09800005 parse demod ,bucket ,5 +45a2 19837200 rshift pwindow ,loopcnt +45a3 09800003 parse demod ,bucket ,3 + +process_dmh_common: +45a4 44adc00b bpatch patch0b_3 ,mem_patch0b +45a5 1f227e00 deposit loopcnt +45a6 67e4015d store 2 ,mem_len +45a7 203a45e4 branch process_dmh_data_end ,blank +45a8 9ea67c00 isub mask3ff ,null +45a9 20214639 branch error_payload ,positive +45aa 44ae400b bpatch patch0b_4 ,mem_patch0b +45ab 793f8000 set0 mark_fhs_eir ,mark +45ac 6fe2017e fetch 1 ,mem_lch_code +45ad 1fe17e03 and_into 0x03 ,pdata +45ae d8a0054d arg mem_rxbuf ,contw +45af c001c5b6 beq llid_lmp ,process_lmp +45b0 c508c5e0 bmark1 mark_testmode ,process_dmh_data +45b1 6fe2017e fetch 1 ,mem_lch_code +45b2 1fe17e03 and_into 0x03 ,pdata +45b3 c00145bb beq llid_l2cap_start ,process_dmh_data_l2cap_start_pkt +45b4 c000c5cf beq llid_l2cap_cont ,process_dmh_data_l2cap_continue_pkt +45b5 20204639 branch error_payload + +process_lmp: +45b6 6fe4015d fetch 2 ,mem_len +45b7 1fe67c70 sub pdata ,0x70 ,null +45b8 24214639 nbranch error_payload ,positive +45b9 c507c61c bmark1 mark_old_packet ,ack_payload +45ba 202045e0 branch process_dmh_data + +process_dmh_data_l2cap_start_pkt: +45bb 44aec00b bpatch patch0b_5 ,mem_patch0b +45bc c507c61c bmark1 mark_old_packet ,ack_payload +45bd 6fe4015d fetch 2 ,mem_len +45be d84002e0 arg 0x2e0 ,temp +45bf 98467c00 isub temp ,null +45c0 20214639 branch error_payload ,positive +45c1 6fe2025f fetch 1 ,mem_l2cap_rxbuff_inuse +45c2 c30045c5 bbit0 l2cap_inuse_buff1 ,process_dmh_data_into_buff1 +45c3 c300c5ca bbit0 l2cap_inuse_buff2 ,process_dmh_data_into_buff2 +45c4 20204649 branch end_of_packet + +process_dmh_data_into_buff1: +45c5 70025d01 jam 1 ,mem_l2cap_rxbuff_new +45c6 6fe40259 fetch 2 ,mem_l2cap_rxbuff1_len +45c7 c0804649 bne 0 ,end_of_packet +45c8 d8a01000 arg mem_l2cap_rxbuff1 ,contw +45c9 202045e0 branch process_dmh_data + +process_dmh_data_into_buff2: +45ca 70025d02 jam 2 ,mem_l2cap_rxbuff_new +45cb 6fe4025b fetch 2 ,mem_l2cap_rxbuff2_len +45cc c0804649 bne 0 ,end_of_packet +45cd d8a01400 arg mem_l2cap_rxbuff2 ,contw +45ce 202045e0 branch process_dmh_data + +process_dmh_data_l2cap_continue_pkt: +45cf 44af400b bpatch patch0b_6 ,mem_patch0b +45d0 c507c61c bmark1 mark_old_packet ,ack_payload +45d1 6fe4015d fetch 2 ,mem_len +45d2 d84002e0 arg 0x2e0 ,temp +45d3 98467c00 isub temp ,null +45d4 20214639 branch error_payload ,positive +45d5 6fe2025d fetch 1 ,mem_l2cap_rxbuff_new +45d6 c000c5d9 beq 1 ,process_dmh_data_l2cap_continue_pkt1 +45d7 c00145dd beq 2 ,process_dmh_data_l2cap_continue_pkt2 +45d8 20204649 branch end_of_packet + +process_dmh_data_l2cap_continue_pkt1: +45d9 d8a01000 arg mem_l2cap_rxbuff1 ,contw +45da 6fe40259 fetch 2 ,mem_l2cap_rxbuff1_len +45db 98a08a00 iadd contw ,contw +45dc 202045e0 branch process_dmh_data + +process_dmh_data_l2cap_continue_pkt2: +45dd d8a01400 arg mem_l2cap_rxbuff2 ,contw +45de 6fe4025b fetch 2 ,mem_l2cap_rxbuff2_len +45df 98a08a00 iadd contw ,contw + +process_dmh_data: +45e0 09800008 parse demod ,bucket ,8 +45e1 19897e00 rshift3 pwindow ,pdata +45e2 e7e20005 istore 1 ,contw +45e3 c20045e0 loop process_dmh_data + +process_dmh_data_end: +45e4 44afc00b bpatch patch0b_7 ,mem_patch0b +45e5 09800010 parse demod ,bucket ,16 +45e6 20234633 branch error_payload_crc ,crc_failed +45e7 6fe24335 fetch 1 ,mem_l2cap_flow_ctrl_flag +45e8 c000c649 beq l2cap_flow_ctrl_enable ,end_of_packet +45e9 c508c609 bmark1 mark_testmode ,process_dmh_cont +45ea c507c646 bmark1 mark_old_packet ,redundant_payload +45eb 6fe2017e fetch 1 ,mem_lch_code +45ec 2fe00603 compare 3 ,pdata ,3 +45ed 2020c609 branch process_dmh_cont ,true +45ee 6fe4015d fetch 2 ,mem_len +45ef 203a4609 branch process_dmh_cont ,blank +45f0 44b0400c bpatch patch0c_0 ,mem_patch0c +45f1 6fe2025d fetch 1 ,mem_l2cap_rxbuff_new +45f2 c000c5f5 beq 1 ,process_l2cap_pass_crc_buff1 +45f3 c00145ff beq 2 ,process_l2cap_pass_crc_buff2 +45f4 20204a8b branch assert + +process_l2cap_pass_crc_buff1: +45f5 6fe40259 fetch 2 ,mem_l2cap_rxbuff1_len +45f6 6844015d fetcht 2 ,mem_len +45f7 9840fe00 iadd temp ,pdata +45f8 67e40259 store 2 ,mem_l2cap_rxbuff1_len +45f9 c0004a8b beq 0 ,assert +45fa 68441000 fetcht 2 ,mem_l2cap_rxbuff1 +45fb 18408404 increase 4 ,temp +45fc 98467c00 isub temp ,null +45fd 2042c743 call l2cap_buff1_inuse ,zero +45fe 20204609 branch process_dmh_cont + +process_l2cap_pass_crc_buff2: +45ff 6fe4025b fetch 2 ,mem_l2cap_rxbuff2_len +4600 6844015d fetcht 2 ,mem_len +4601 9840fe00 iadd temp ,pdata +4602 67e4025b store 2 ,mem_l2cap_rxbuff2_len +4603 c0004a8b beq 0 ,assert +4604 68441400 fetcht 2 ,mem_l2cap_rxbuff2 +4605 18408404 add temp ,4 ,temp +4606 98467c00 isub temp ,null +4607 2042c747 call l2cap_buff2_inuse ,zero +4608 20204609 branch process_dmh_cont + +process_dmh_cont: +4609 44b0c00c bpatch patch0c_1 ,mem_patch0c +460a 6842004c fetcht 1 ,mem_state_map +460b 6fe2017e fetch 1 ,mem_lch_code +460c 2fe00603 compare 3 ,pdata ,0x03 +460d 79208406 setflag true ,smap_rxlmp ,temp +460e 7d208407 nsetflag true ,smap_rxl2cap ,temp +460f 6042004c storet 1 ,mem_state_map +4610 2420c612 nbranch process_dmh_cont_rxbuf_not_use ,true +4611 79200001 set1 mark_rxbuf_inuse ,mark + +process_dmh_cont_rxbuf_not_use: +4612 c588c61c bmark0 mark_testmode ,ack_payload +4613 284ffe06 isolate1 smap_rxlmp ,temp +4614 2020c61c branch ack_payload ,true +4615 6fe400f8 fetch 2 ,mem_tst_pktcnt_crc +4616 1fe0fe01 increase 1 ,pdata +4617 67e400f8 store 2 ,mem_tst_pktcnt_crc +4618 79200005 set1 mark_loopback ,mark +4619 793f8407 set0 smap_rxl2cap ,temp +461a 793f8001 set0 mark_rxbuf_inuse ,mark +461b 6042004c storet 1 ,mem_state_map + +ack_payload: +461c 44b1400c bpatch patch0c_2 ,mem_patch0c +461d 6842015c fetcht 1 ,mem_temp_arq +461e 6fe20047 fetch 1 ,mem_arq +461f 79207e05 set1 arqnx ,pdata +4620 284ffe02 isolate1 seqn ,temp +4621 7920fe02 setflag true ,seqn ,pdata +4622 280ffe0a isolate1 mark_am_addr_broadcast ,mark +4623 7920fe07 setflag true ,bcast1 ,pdata +4624 67e20047 store 1 ,mem_arq +4625 6fe4015d fetch 2 ,mem_len +4626 243a4649 nbranch end_of_packet ,blank +4627 6fe2004c fetch 1 ,mem_state_map +4628 793ffe07 set0 smap_rxl2cap ,pdata +4629 67e2004c store 1 ,mem_state_map +462a 6fe2017e fetch 1 ,mem_lch_code +462b 2fe00e01 compare 0x01 ,pdata ,0x07 +462c 20204649 branch end_of_packet + +error_header: +462d 44b1c00c bpatch patch0c_3 ,mem_patch0c +462e 7856fc00 disable match +462f 6fe4001a fetch 2 ,mem_rx_hec_err +4630 1fe0fe01 increase 1 ,pdata +4631 67e4001a store 2 ,mem_rx_hec_err +4632 20204649 branch end_of_packet + +error_payload_crc: +4633 6fe4001c fetch 2 ,mem_rx_crc_err +4634 1fe0fe01 increase 1 ,pdata +4635 67e4001c store 2 ,mem_rx_crc_err +4636 2040463a call discard_pkt +4637 c588c639 bmark0 mark_testmode ,error_payload +4638 79200005 set1 mark_loopback ,mark + +error_payload: +4639 20204649 branch end_of_packet + +discard_pkt: +463a 44b2400c bpatch patch0c_4 ,mem_patch0c +463b 6fe2017e fetch 1 ,mem_lch_code +463c 2fe00603 compare 3 ,pdata ,0x03 +463d 2420c642 nbranch discard_pkt_l2cap ,true + +discard_pkt_lmp: +463e 6842004c fetcht 1 ,mem_state_map +463f 793f8406 set0 smap_rxlmp ,temp +4640 6042004c storet 1 ,mem_state_map +4641 20600000 rtn + +discard_pkt_l2cap: +4642 6842004c fetcht 1 ,mem_state_map +4643 793f8407 set0 smap_rxl2cap ,temp +4644 6042004c storet 1 ,mem_state_map +4645 20600000 rtn + +redundant_payload: +4646 6fe20047 fetch 1 ,mem_arq +4647 79207e05 set1 arqnx ,pdata +4648 67e20047 store 1 ,mem_arq + +end_of_packet: +4649 44b2c00c bpatch patch0c_5 ,mem_patch0c +464a 784efc00 disable encode_fec0 +464b 784e7c00 disable encode_fec2 +464c 7846fc00 disable decode_fec0 +464d 78467c00 disable decode_fec2 +464e 7844fc00 disable enable_crc +464f 78477c00 disable encrypt +4650 7843fc00 disable enable_white +4651 2030c8f5 branch shutdown_radio ,is_rx +4652 37d38200 until null ,tx_clear +4653 20000064 nop 100 +4654 202048f5 branch shutdown_radio + +process_fhs: +4655 44b3400c bpatch patch0c_6 ,mem_patch0c +4656 7824fc00 enable enable_crc +4657 78267c00 enable decode_fec2 +4658 09800048 parse demod ,bucket ,72 +4659 2feffe3a isolate1 58 ,pdata +465a 79208000 setflag true ,mark_fhs_eir ,mark +465b 1c020400 copy bt_adr ,temp +465c 57e04000 ialigned bt_adr +465d 57e03c00 ialigned fhs0 +465e 782afc00 pulse recalc +465f 380bffff setsect 2 ,0xfffff +4660 380cffff setsect 3 ,0x0ffff +4661 20000020 nop 32 +4662 29a80000 iverify fhs_parity +4663 1d827e00 deposit lap +4664 67e60176 store 3 ,extm_lap +4665 1da27e00 deposit uap +4666 67e20179 store 1 ,extm_uap +4667 18424000 copy temp ,bt_adr +4668 2020c66a branch fhs_parity_ok ,true +4669 20204639 branch error_payload + +fhs_parity_ok: +466a 44b3c00c bpatch patch0c_7 ,mem_patch0c +466b 09800048 parse demod ,bucket ,72 +466c 57e03e00 ialigned fhs1 +466d 57e00800 ialigned am_addr +466e 57e05c00 ialigned nap +466f 57e02400 ialigned regb +4670 18007e00 force 0 ,pdata +4671 09800010 parse demod ,bucket ,16 +4672 20234639 branch error_payload ,crc_failed +4673 5ffffffc setarg 0x0ffffffc +4674 9a417e00 iand regb ,pdata +4675 67e80163 store 4 ,mem_clke_bt +4676 1ba27e00 deposit fhs_class +4677 67e60173 store 3 ,extm_class +4678 1b827e00 deposit fhs_misc +4679 67e20171 store 1 ,extm_fhs_misc +467a 18827e00 deposit am_addr +467b 67e20172 store 1 ,extm_newconn_am_addr +467c 1dc27e00 deposit nap +467d 67e4017a store 2 ,extm_nap +467e 1c227e00 deposit bt_clk +467f 08008220 inject rxf ,32 +4680 28201e02 compare type_fhs ,type ,0x0f +4681 7920800b setflag true ,mark_fhs_already_good ,mark +4682 20204649 branch end_of_packet + +clear_got_tx: +4683 44b4400d bpatch patch0d_0 ,mem_patch0d +4684 6fe20047 fetch 1 ,mem_arq +4685 c4018000 rtnbit0 wack +4686 793ffe03 set0 wack ,pdata +4687 79407e06 setflip seqnx ,pdata +4688 67e20047 store 1 ,mem_arq +4689 6fe240c5 fetch 1 ,mem_last_type +468a c009c698 beq type_lmp ,clear_got_txlmp +468b c1038000 rtneq type_hv3 +468c 6fe2004b fetch 1 ,mem_op +468d c4030000 rtnbit0 op_txl2cap ,pdata +468e 793ffe06 set0 op_txl2cap ,pdata +468f 79207e07 set1 op_pkt_comp ,pdata +4690 67e2004b store 1 ,mem_op +4691 793f8002 set0 mark_tx_l2cap ,mark +4692 6fe44218 fetch 2 ,mem_l2cap_tx_multi_offset +4693 247a0000 nrtn blank +4694 6fe2004b fetch 1 ,mem_op +4695 793ffe07 set0 op_pkt_comp ,pdata +4696 67e2004b store 1 ,mem_op +4697 20205637 branch l2cap_malloc_free + +clear_got_txlmp: +4698 44b4c00d bpatch patch0d_1 ,mem_patch0d +4699 6fe204b3 fetch 1 ,mem_lmo_header_opcode +469a 1fe37e00 rshift pdata ,pdata +469b c008c6b4 beq lmp_start_encryption_req ,start_encryption +469c c00946bc beq lmp_stop_encryption_req ,stop_encryption +469d c00c46e5 beq lmp_unsniff_req ,sniff_exit +469e c03fc6a4 beq lmp_escape ,clear_lmp_escape +469f c1818000 rtnne lmp_accepted +46a0 6fe204b4 fetch 1 ,mem_lmo_payload +46a1 c015c6ac beq lmp_sco_link_req ,sco_link_req_by_slave +46a2 c008c6a7 beq lmp_start_encryption_req ,clear_send_setup_complete +46a3 20600000 rtn + +clear_lmp_escape: +46a4 6fe204b4 fetch 1 ,mem_lmo_payload +46a5 79207e07 set1 7 ,pdata +46a6 20600000 rtn + +clear_send_setup_complete: +46a7 20748000 rtn master +46a8 6fe20030 fetch 1 ,mem_state +46a9 c3820000 rtnbit1 state_conn_comp +46aa 70007c31 jam lmp_setup_complete ,mem_lmo_opcode2 +46ab 20600000 rtn + +sco_link_req_by_slave: +46ac 20748000 rtn master +46ad 6fe20031 fetch 1 ,mem_mode +46ae 2feffe04 isolate1 send_sco_when_slave ,pdata +46af 2020c6b1 branch clean_mem_mode ,true +46b0 20600000 rtn + +clean_mem_mode: +46b1 793ffe04 set0 send_sco_when_slave ,pdata +46b2 67e20031 store 1 ,mem_mode +46b3 20600000 rtn + +start_encryption: +46b4 44b5400d bpatch patch0d_2 ,mem_patch0d +46b5 6fe2004c fetch 1 ,mem_state_map +46b6 79207e02 set1 smap_encryption ,pdata +46b7 67e2004c store 1 ,mem_state_map +46b8 70801101 hjam 1 ,core_encrypt +46b9 6fe20030 fetch 1 ,mem_state +46ba 2feffe04 isolate1 state_conn_comp ,pdata +46bb 20600000 rtn + +stop_encryption: +46bc 44b5c00d bpatch patch0d_3 ,mem_patch0d +46bd 6fe2004c fetch 1 ,mem_state_map +46be 793ffe02 set0 smap_encryption ,pdata +46bf 67e2004c store 1 ,mem_state_map +46c0 70801100 hjam 0 ,core_encrypt +46c1 20600000 rtn + +sniff_init: +46c2 44b6400d bpatch patch0d_4 ,mem_patch0d +46c3 1c427e00 copy clkn_bt ,pdata +46c4 67e8420b store 4 ,mem_lpm_delay_after_sniff +46c5 1c40a203 add clkn_bt ,3 ,rega +46c6 2034c6c8 branch sniff_init_master ,master +46c7 1d00a203 add clke_bt ,3 ,rega + +sniff_init_master: +46c8 68440032 fetcht 2 ,mem_tsniff +46c9 1a227e00 deposit rega +46ca 793ffe1b set0 27 ,pdata +46cb 9846fc00 idiv temp +46cc 6fe40075 fetch 2 ,mem_dsniff +46cd 20407d61 call wait_div_end +46ce 18072600 remainder regc +46cf 9a667e00 isub regc ,pdata +46d0 202146d2 branch sniff_init_nowrap ,positive +46d1 9840fe00 iadd temp ,pdata + +sniff_init_nowrap: +46d2 9a20fe00 iadd rega ,pdata +46d3 67e80034 store 4 ,mem_sniff_anchor +46d4 70452d00 jam switch_flag_init ,mem_switch_flag +46d5 6fe20030 fetch 1 ,mem_state +46d6 79207e01 set1 state_insniff ,pdata +46d7 67e20030 store 1 ,mem_state +46d8 6fe20073 fetch 1 ,mem_sniff_attempt +46d9 67e2008a store 1 ,mem_current_sniff_attempt +46da 58000000 setarg 0 +46db 67e6416a store 3 ,mem_sniff_rcv +46dc 67e6416d store 3 ,mem_sniff_lost +46dd 67e2415a store 1 ,mem_sniff_unint_lost +46de 700a950b jam bt_evt_enter_sniff ,mem_fifo_temp +46df 20407bab call ui_ipc_send_event +46e0 6fe440c1 fetch 2 ,mem_rx_window_sniff +46e1 67e4003e store 2 ,mem_rx_window +46e2 24748000 nrtn master +46e3 18808fff add am_addr ,-1 ,queue +46e4 20600000 rtn + +sniff_exit: +46e5 44b6c00d bpatch patch0d_5 ,mem_patch0d +46e6 6fe20030 fetch 1 ,mem_state +46e7 c4008000 rtnbit0 state_insniff +46e8 793ffe01 set0 state_insniff ,pdata +46e9 67e20030 store 1 ,mem_state +46ea 6fe440bf fetch 2 ,mem_rx_window_init +46eb 67e4003e store 2 ,mem_rx_window +46ec 7855fc00 disable wake +46ed 700a950c jam bt_evt_exit_sniff ,mem_fifo_temp +46ee 20207bab branch ui_ipc_send_event + +check_attempt: +46ef 44b7400d bpatch patch0d_6 ,mem_patch0d +46f0 78377c00 enable attempt +46f1 6fe20030 fetch 1 ,mem_state +46f2 c280c6fc bbit1 state_insniff ,check_attempt_sniff +46f3 c6088000 rtnmark1 mark_testmode +46f4 6fe20047 fetch 1 ,mem_arq +46f5 c3818000 rtnbit1 wack +46f6 6fe20048 fetch 1 ,mem_lmp_to_send +46f7 247a0000 nrtn blank +46f8 6fe2004b fetch 1 ,mem_op +46f9 c3830000 rtnbit1 op_txl2cap + +check_attempt_nomore: +46fa 18007e00 force 0 ,pdata +46fb 20600000 rtn + +check_attempt_sniff: +46fc c301470b bbit0 state_insco ,check_attempt_not_sco +46fd 6fe2008a fetch 1 ,mem_current_sniff_attempt +46fe c0014702 beq 2 ,check_attempt_sniff_restore_sco +46ff 6fe20047 fetch 1 ,mem_arq +4700 c281c714 bbit1 wack ,check_attempt_notimeout +4701 c5844714 bmark0 mark_esco_rxok ,check_attempt_notimeout + +check_attempt_sniff_restore_sco: +4702 2434c714 nbranch check_attempt_notimeout ,master +4703 6fe20048 fetch 1 ,mem_lmp_to_send +4704 243a4714 nbranch check_attempt_notimeout ,blank + +check_attempt_sco_master: +4705 6fe200ed fetch 1 ,mem_sco_poll +4706 1fe0ffff increase -1 ,pdata +4707 67e200ed store 1 ,mem_sco_poll +4708 243a46fa nbranch check_attempt_nomore ,blank +4709 7000ed10 jam param_sco_poll ,mem_sco_poll +470a 20204714 branch check_attempt_notimeout + +check_attempt_not_sco: +470b 6fe2008a fetch 1 ,mem_current_sniff_attempt +470c c080c714 bne 1 ,check_attempt_notimeout +470d 6fe2008b fetch 1 ,mem_current_sniff_timeout +470e 203a4714 branch check_attempt_notimeout ,blank +470f 1fe0ffff increase -1 ,pdata +4710 67e2008b store 1 ,mem_current_sniff_timeout +4711 6fe20047 fetch 1 ,mem_arq +4712 c3818000 rtnbit1 wack +4713 24768000 nrtn match + +check_attempt_notimeout: +4714 6fe2008a fetch 1 ,mem_current_sniff_attempt +4715 1fe0ffff increase -1 ,pdata +4716 67e2008a store 1 ,mem_current_sniff_attempt +4717 20600000 rtn + +sniff_check_window: +4718 44b7c00d bpatch patch0d_7 ,mem_patch0d +4719 78487c00 disable swfine +471a 18423600 copy temp ,stop_watch +471b 2040425c call context_search_sniff_window +471c 78547c00 disable user +471d 24628000 nrtn zero +471e 18003600 force 0 ,stop_watch +471f 78347c00 enable user +4720 20600000 rtn + +check_esco_amaddr: +4721 6fe24159 fetch 1 ,mem_esco_addr +4722 a881fe00 icompare 0xff ,am_addr +4723 20600000 rtn + +parse_l2cap: +4724 44b8400e bpatch patch0e_0 ,mem_patch0e +4725 793f8001 set0 mark_rxbuf_inuse ,mark + +parse_l2cap_cont: +4726 70026600 jam l2cap_rx_clear ,mem_l2cap_rx_done +4727 6fe2025f fetch 1 ,mem_l2cap_rxbuff_inuse +4728 207a0000 rtn blank +4729 2feffe00 isolate1 l2cap_inuse_buff1 ,pdata +472a d8c01000 arg mem_l2cap_rxbuff1 ,contr +472b 2040d153 call process_rx_l2cap_pkt ,true +472c 44b8c00e bpatch patch0e_1 ,mem_patch0e +472d 6fe20266 fetch 1 ,mem_l2cap_rx_done +472e c000c737 beq l2cap_rx_done ,parse_l2cap_release_buff1 +472f 70026600 jam l2cap_rx_clear ,mem_l2cap_rx_done +4730 6fe2025f fetch 1 ,mem_l2cap_rxbuff_inuse +4731 c4008000 rtnbit0 l2cap_inuse_buff2 +4732 d8c01400 arg mem_l2cap_rxbuff2 ,contr +4733 20405153 call process_rx_l2cap_pkt +4734 6fe20266 fetch 1 ,mem_l2cap_rx_done +4735 c000c73d beq l2cap_rx_done ,parse_l2cap_release_buff2 +4736 20600000 rtn + +parse_l2cap_release_buff1: +4737 6fe2025f fetch 1 ,mem_l2cap_rxbuff_inuse +4738 793ffe00 set0 l2cap_inuse_buff1 ,pdata +4739 67e2025f store 1 ,mem_l2cap_rxbuff_inuse +473a 58000000 setarg 0 +473b 67e40259 store 2 ,mem_l2cap_rxbuff1_len +473c 20600000 rtn + +parse_l2cap_release_buff2: +473d 6fe2025f fetch 1 ,mem_l2cap_rxbuff_inuse +473e 793ffe01 set0 l2cap_inuse_buff2 ,pdata +473f 67e2025f store 1 ,mem_l2cap_rxbuff_inuse +4740 58000000 setarg 0 +4741 67e4025b store 2 ,mem_l2cap_rxbuff2_len +4742 20600000 rtn + +l2cap_buff1_inuse: +4743 6fe2025f fetch 1 ,mem_l2cap_rxbuff_inuse +4744 79207e00 set1 l2cap_inuse_buff1 ,pdata +4745 67e2025f store 1 ,mem_l2cap_rxbuff_inuse +4746 20600000 rtn + +l2cap_buff2_inuse: +4747 6fe2025f fetch 1 ,mem_l2cap_rxbuff_inuse +4748 79207e01 set1 l2cap_inuse_buff2 ,pdata +4749 67e2025f store 1 ,mem_l2cap_rxbuff_inuse +474a 20600000 rtn + +slave_send_access: +474b 44b9400e bpatch patch0e_2 ,mem_patch0e +474c 1d00c201 add clke_bt ,1 ,bt_clk +474d 204048e6 call fetch_extm_bt_adr +474e 18004803 force 0x03 ,freq_mode +474f 204048ce call tx_radio_freq +4750 20404a50 call start_transmitter +4751 20404a5e call start_tx_external +4752 20204a63 branch send_access_word + +slave_conn_send_packet: +4753 44b9c00e bpatch patch0e_3 ,mem_patch0e +4754 20404a4c call rf_setup_time_slave_slot +4755 1d027e00 deposit clke_bt +4756 684840ca fetcht 4 ,mem_next_btclk +4757 98467e00 isub temp ,pdata +4758 c1808000 rtnne 1 +4759 28203e00 compare type_null ,type ,0x1f +475a 2420c75d nbranch slave_conn_send_access ,true +475b 6fe20019 fetch 1 ,mem_rx_type +475c 207a0000 rtn blank + +slave_conn_send_access: +475d 2040474b call slave_send_access + +transmit_packet: +475e 28203e10 compare type_id ,type ,0x1f +475f 2020c649 branch end_of_packet ,true +4760 1c230400 rshift bt_clk ,temp +4761 18419c40 or temp ,0x40 ,white_init + +transmit_packet_whitened: +4762 44ba400e bpatch patch0e_4 ,mem_patch0e +4763 7823fc00 enable enable_white +4764 78257c00 enable enable_hec +4765 782dfc00 enable encode_fec1 +4766 793f8010 set0 mark_longpacket ,mark +4767 18827e00 deposit am_addr +4768 08008603 inject mod ,3 +4769 18227e00 deposit type +476a 08008604 inject mod ,4 +476b 6fe20047 fetch 1 ,mem_arq +476c 08008004 inject bucket ,4 +476d 08008603 inject mod ,3 +476e 78247c00 enable enable_parity +476f 08008608 inject mod ,8 +4770 784dfc00 disable encode_fec1 +4771 78447c00 disable enable_parity +4772 78457c00 disable enable_hec +4773 793faa02 set0 psk3m ,radio_ctrl +4774 d8400000 arg 0 ,temp +4775 20404a1b call reserve_slot +4776 44bac00e bpatch patch0e_5 ,mem_patch0e +4777 18217e1f and type ,0x1f ,pdata +4778 c009c7b0 beq type_lmp ,transmit_lmp +4779 c0004649 beq type_null ,end_of_packet +477a c000c649 beq type_poll ,end_of_packet +477b c0014793 beq type_fhs ,transmit_fhs +477c c001c7c1 beq type_dm1 ,transmit_dm1 +477d c00247c7 beq type_dh1 ,transmit_dh1 +477e c003c788 beq type_hv3 ,transmit_hev +477f c00447c6 beq type_3dh1 ,transmit_3dh1 +4780 d8400004 arg 4 ,temp +4781 20404a1b call reserve_slot +4782 c00547c3 beq type_dm3 ,transmit_dm3 +4783 c005c7c9 beq type_dh3 ,transmit_dh3 +4784 d8400008 arg 8 ,temp +4785 20404a1b call reserve_slot +4786 c007c7c9 beq type_dh5 ,transmit_dh5 +4787 202047c3 branch transmit_dm5 + +transmit_hev: +4788 44bb400e bpatch patch0e_6 ,mem_patch0e +4789 782efc00 enable encode_fec0 +478a 7824fc00 enable enable_crc +478b 78277c00 enable encrypt +478c 1800721e force 30 ,loopcnt +478d d8c000b1 arg mem_sco_obuf ,contr + +transmit_ev_loop: +478e efe20006 ifetch 1 ,contr +478f 08008608 inject mod ,8 +4790 c200478e loop transmit_ev_loop +4791 c503c7f3 bmark1 mark_esco ,transmit_end +4792 20204649 branch end_of_packet + +transmit_fhs: +4793 44bbc00e bpatch patch0e_7 ,mem_patch0e +4794 6fe2017f fetch 1 ,mem_fhs_am_addr +4795 1fe20800 icopy am_addr +4796 6fe20090 fetch 1 ,mem_fhs_misc +4797 1fe23800 icopy fhs_misc +4798 6fe640aa fetch 3 ,mem_class +4799 1fe23a00 icopy fhs_class +479a 6fe440a4 fetch 2 ,mem_nap +479b 1fe25c00 icopy nap +479c 7824fc00 enable enable_crc +479d 782e7c00 enable encode_fec2 +479e 1c022200 copy bt_adr ,rega +479f 204048de call fetch_self_bt_adr +47a0 782afc00 pulse recalc +47a1 20000020 nop 32 +47a2 1c221600 copy bt_clk ,timeup +47a3 6fe8015f fetch 4 ,mem_clkn_bt +47a4 1fe24200 icopy bt_clk +47a5 53c07e00 preload fhs0 +47a6 79207e3a set1 58 ,pdata +47a7 08008648 inject mod ,72 +47a8 53e07e00 preload fhs1 +47a9 08008648 inject mod ,72 +47aa 19624200 copy timeup ,bt_clk +47ab 1a224000 copy rega ,bt_adr +47ac 78247c00 enable enable_parity +47ad 08008610 inject mod ,16 +47ae 78447c00 disable enable_parity +47af 20204649 branch end_of_packet + +transmit_lmp: +47b0 44bc400f bpatch patch0f_0 ,mem_patch0f +47b1 78277c00 enable encrypt +47b2 7824fc00 enable enable_crc +47b3 782e7c00 enable encode_fec2 +47b4 6fe204b2 fetch 1 ,mem_lmo_header_length +47b5 1fe105f8 and pdata ,0x1f8 ,temp +47b6 d8c004b2 arg mem_lmo_header_length ,contr +47b7 18408408 increase 8 ,temp + +transmit_lmp_loop: +47b8 1840a7b8 add temp ,-72 ,regc +47b9 242147be nbranch transmit_lmp_finish ,positive +47ba eff20006 ifetch 9 ,contr +47bb 08008648 inject mod ,72 +47bc 1a620400 copy regc ,temp +47bd 202047b8 branch transmit_lmp_loop + +transmit_lmp_finish: +47be eff20006 ifetch 9 ,contr +47bf 08418600 iinject mod ,temp +47c0 202047f3 branch transmit_end + +transmit_dm1: +47c1 782e7c00 enable encode_fec2 +47c2 202047cc branch transmit_dmh + +transmit_dm3: + +transmit_dm5: +47c3 782e7c00 enable encode_fec2 +47c4 79200010 set1 mark_longpacket ,mark +47c5 202047cc branch transmit_dmh + +transmit_3dh1: +47c6 79202a02 set1 psk3m ,radio_ctrl + +transmit_dh1: +47c7 782efc00 enable encode_fec0 +47c8 202047cc branch transmit_dmh + +transmit_dh3: + +transmit_dh5: +47c9 79202a02 set1 psk3m ,radio_ctrl +47ca 782efc00 enable encode_fec0 +47cb 79200010 set1 mark_longpacket ,mark + +transmit_dmh: +47cc 44bcc00f bpatch patch0f_1 ,mem_patch0f +47cd 6fe2004c fetch 1 ,mem_state_map +47ce c302c7e1 bbit0 smap_edr ,transmit_noedr +47cf 18267c03 sub type ,3 ,null +47d0 202147e1 branch transmit_noedr ,positive +47d1 78477c00 disable encrypt +47d2 784e7c00 disable encode_fec2 +47d3 782efc00 enable encode_fec0 +47d4 7843fc00 disable enable_white +47d5 79202a01 set1 psk ,radio_ctrl +47d6 2aaffe02 isolate1 psk3m ,radio_ctrl +47d7 2020c7db branch transmit_edr3m ,true +47d8 580abeee setarg 0xabeee +47d9 08008614 inject mod ,20 +47da 202047df branch transmit_edr_sync_end + +transmit_edr3m: +47db 585faeba setarg 0x5faeba +47dc 08008618 inject mod ,24 +47dd 58000012 setarg 0x12 +47de 08008606 inject mod ,6 + +transmit_edr_sync_end: +47df 7823fc00 enable enable_white +47e0 79200010 set1 mark_longpacket ,mark + +transmit_noedr: +47e1 78277c00 enable encrypt +47e2 7824fc00 enable enable_crc +47e3 c502c7fc bmark1 mark_loopback ,transmit_loopback +47e4 6fe241dc fetch 1 ,mem_tx_lch +47e5 08008603 inject mod ,3 +47e6 6fe441dd fetch 2 ,mem_tx_len +47e7 98007200 iforce loopcnt +47e8 c50847eb bmark1 mark_longpacket ,transmit_long +47e9 08008605 inject mod ,5 +47ea 202047ec branch transmit_stuff + +transmit_long: +47eb 0800860d inject mod ,13 + +transmit_stuff: +47ec 1f227e00 deposit loopcnt +47ed 203a47f3 branch transmit_end ,blank +47ee 6fe4016d fetch 2 ,mem_txptr +47ef 98000c00 iforce contr + +transmit_stuff_loop: +47f0 efe20006 ifetch 1 ,contr +47f1 08008608 inject mod ,8 +47f2 c20047f0 loop transmit_stuff_loop + +transmit_end: +47f3 78247c00 enable enable_parity +47f4 08008610 inject mod ,16 +47f5 78447c00 disable enable_parity +47f6 204044bd call set_wait_ack +47f7 6fe2004c fetch 1 ,mem_state_map +47f8 c302c649 bbit0 smap_edr ,end_of_packet +47f9 18007e00 force 0 ,pdata +47fa 08008606 inject mod ,6 +47fb 20204649 branch end_of_packet + +transmit_loopback: +47fc 44bd400f bpatch patch0f_2 ,mem_patch0f +47fd c5084804 bmark1 mark_longpacket ,transmit_loopback_long + +transmit_loopback_short: +47fe 6fe2017e fetch 1 ,mem_lch_code +47ff 08008603 inject mod ,3 +4800 6fe2015d fetch 1 ,mem_len +4801 98002600 iforce regc +4802 08008605 inject mod ,5 +4803 20204809 branch transmit_loopback_cont + +transmit_loopback_long: +4804 6fe2017e fetch 1 ,mem_lch_code +4805 08008603 inject mod ,3 +4806 6fe4015d fetch 2 ,mem_len +4807 98002600 iforce regc +4808 0800860d inject mod ,13 + +transmit_loopback_cont: +4809 d8c0054d arg mem_rxbuf ,contr + +transmit_loopback_loop: +480a 1a627c00 copy regc ,null +480b 2022c810 branch transmit_loopback_end ,zero +480c efe20006 ifetch 1 ,contr +480d 08008608 inject mod ,8 +480e 1a60a7ff increase -1 ,regc +480f 2020480a branch transmit_loopback_loop + +transmit_loopback_end: +4810 6fe400fa fetch 2 ,mem_tst_pktcnt_dmh +4811 1fe0fe01 increase 1 ,pdata +4812 67e400fa store 2 ,mem_tst_pktcnt_dmh +4813 202047f3 branch transmit_end + +apply_switch_clke: +4814 6fe80163 fetch 4 ,mem_clke_bt +4815 1fe0a207 add pdata ,7 ,rega +4816 6fe4016f fetch 2 ,mem_slot_offset +4817 243a481a nbranch apply_switch_nozero ,blank +4818 1a20a3fd increase -3 ,rega +4819 20204822 branch apply_switch_wait_loop + +apply_switch_nozero: +481a 1feffe0c mul32 pdata ,12 ,pdata +481b 68448040 fetcht 2 ,core_rthalfslot +481c 18408401 increase 1 ,temp + +apply_switch_loop: +481d 98467e00 isub temp ,pdata +481e 24214821 nbranch apply_switch_bt ,positive +481f 1a20a3ff increase -1 ,rega +4820 2020481d branch apply_switch_loop + +apply_switch_bt: +4821 1fe67e00 sub pdata ,0 ,pdata + +apply_switch_wait_loop: +4822 37d18200 until null ,oneslot +4823 2c400600 compare 0 ,clkn_bt ,3 +4824 2420c822 nbranch apply_switch_wait_loop ,true +4825 98005200 iforce clke_rt +4826 1a225000 copy rega ,clke_bt +4827 98005200 iforce clke_rt +4828 20600000 rtn + +calc_slot_offset: +4829 44bdc00f bpatch patch0f_3 ,mem_patch0f +482a 37d10200 until null ,halfslot +482b 1b427e00 deposit clke +482c 98000c00 iforce contr +482d 1ff17e00 rshift16 ,pdata ,pdata +482e 9c467200 isub clkn_bt ,loopcnt +482f 1f217203 and_into 3 ,loopcnt +4830 2422c833 nbranch calc_bt_portion ,zero +4831 18007e00 force 0 ,pdata +4832 20204837 branch calc_skip_bt + +calc_bt_portion: +4833 d8400ea6 arg 3750 ,temp +4834 18007e00 force 0 ,pdata + +calc_slot_offset_loop: +4835 9840fe00 iadd temp ,pdata +4836 c2004835 loop calc_slot_offset_loop + +calc_skip_bt: +4837 98c0fe00 iadd contr ,pdata +4838 1fe6fc0c div pdata ,12 +4839 20407d61 call wait_div_end +483a 1807fe00 quotient pdata +483b 67e4016f store 2 ,mem_slot_offset +483c 20600000 rtn + +calc_clke_offset: +483d 44be400f bpatch patch0f_4 ,mem_patch0f +483e 1b427e00 deposit clke +483f 1b220400 copy clkn ,temp +4840 98467c00 isub temp ,null +4841 7d217e2c nsetflag positive ,44 ,pdata +4842 98460400 isub temp ,temp +4843 58000ea6 setarg 3750 +4844 284c000f isolate0 15 ,temp +4845 2020c848 branch calc_clke_pos ,true +4846 5fff0ea6 setarg -61786 +4847 98408400 iadd temp ,temp + +calc_clke_pos: +4848 604c0443 storet 6 ,mem_le_clk_offset +4849 207b0000 rtn le +484a 604c0038 storet 6 ,mem_clk_offset +484b 20600000 rtn + +calc_clke: +484c 78587c00 disable clknt +484d 6fec0443 fetch 6 ,mem_le_clk_offset +484e 203b4850 branch calc_clke2 ,le +484f 6fec0038 fetch 6 ,mem_clk_offset + +calc_clke2: +4850 9b20e000 iadd clkn ,alarm +4851 1e00e00a increase 10 ,alarm +4852 58000ea6 setarg 3750 +4853 9e067e00 isub alarm ,pdata +4854 2fec000f isolate0 15 ,pdata +4855 2020c85a branch calc_clke_pos_adj ,true +4856 5800f15a setarg 0xf15a +4857 9e00e000 iadd alarm ,alarm + +calc_clke_pos2: +4858 1e023400 copy alarm ,clke +4859 20600000 rtn + +calc_clke_pos_adj: +485a 18007c00 force 0 ,null +485b 20204858 branch calc_clke_pos2 + +calc_radio_freq: +485c 44bec00f bpatch patch0f_5 ,mem_patch0f +485d 20404915 call set_sync_on +485e 1c227e00 copy bt_clk ,pdata +485f 1fe17f80 and_into 0x180 ,pdata +4860 2c800e03 compare 3 ,freq_mode ,0x07 +4861 2420c865 nbranch freq_not_connection ,true +4862 1fe97e00 rshift3 pdata ,pdata +4863 9ae0fe00 iadd freq_index ,pdata +4864 20204866 branch do_hop_mod_now + +freq_not_connection: +4865 1ae27e00 copy freq_index ,pdata + +do_hop_mod_now: +4866 1fe6fc4f div pdata ,79 +4867 782afc00 pulse recalc +4868 20407d61 call wait_div_end +4869 18072200 remainder rega +486a 1a2085d8 add rega ,-40 ,temp +486b 2021486e branch odd_half ,positive +486c 1a238400 lshift rega ,temp +486d 20204870 branch freq_result + +odd_half: +486e 18438400 lshift temp ,temp +486f 18408401 increase 1 ,temp + +freq_result: +4870 44bf400f bpatch patch0f_6 ,mem_patch0f +4871 6fe20031 fetch 1 ,mem_mode +4872 c301c881 bbit0 afh_change ,afh_process_con + +afh_process_0: +4873 6fe840d2 fetch 4 ,mem_afh_instant +4874 9c267c00 isub bt_clk ,null +4875 20214881 branch afh_process_con ,positive +4876 204048a0 call afh_clear +4877 6fe240d9 fetch 1 ,mem_afh_new_mod +4878 207a0000 rtn blank +4879 6fe20031 fetch 1 ,mem_mode +487a 79207e02 set1 afh_enable ,pdata +487b 67e20031 store 1 ,mem_mode +487c 6fea40e7 fetch 5 ,mem_afh_map_new +487d 67ea40da store 5 ,mem_afh_map_lo +487e efea0006 ifetch 5 ,contr +487f 67ea40df store 5 ,mem_afh_map_hi +4880 204048a5 call afh_process_freq_map + +afh_process_con: +4881 6fe20031 fetch 1 ,mem_mode +4882 c4010000 rtnbit0 afh_enable +4883 2c2ffe01 isolate1 1 ,bt_clk +4884 2020c89d branch afh_same_channel ,true +4885 18492200 rshift3 temp ,rega +4886 18410e07 and temp ,7 ,queue +4887 580040da setarg mem_afh_map_lo +4888 9a20a200 iadd rega ,rega +4889 efe20011 ifetch 1 ,rega +488a afec0000 qisolate0 pdata +488b 2020c88e branch afh_process_1 ,true +488c 18427e00 deposit temp +488d 2020489a branch afh_process_end + +afh_process_1: +488e 6fe240e4 fetch 1 ,mem_afh_used +488f 98002400 iforce regb +4890 1c227e00 deposit bt_clk +4891 1fe17f80 and_into 0x180 ,pdata +4892 1fe97e00 rshift3 pdata ,pdata +4893 9ae0fe00 iadd freq_index ,pdata +4894 9a46fc00 idiv regb +4895 580040f2 setarg mem_afh_map +4896 20407d61 call wait_div_end +4897 18072200 remainder rega +4898 9a208c00 iadd rega ,contr +4899 efe20006 ifetch 1 ,contr + +afh_process_end: +489a 67e240e5 store 1 ,mem_afh_index +489b 98000400 iforce temp +489c 20600000 rtn + +afh_same_channel: +489d 6fe240e5 fetch 1 ,mem_afh_index +489e 98000400 iforce temp +489f 20600000 rtn + +afh_clear: +48a0 6fe20031 fetch 1 ,mem_mode +48a1 793ffe02 set0 afh_enable ,pdata +48a2 793ffe03 set0 afh_change ,pdata +48a3 67e20031 store 1 ,mem_mode +48a4 20600000 rtn + +afh_process_freq_map: +48a5 44bfc00f bpatch patch0f_7 ,mem_patch0f +48a6 d8a040f2 arg mem_afh_map ,contw +48a7 1800720a force 10 ,loopcnt +48a8 20407ca1 call memset0 +48a9 d8a040f2 arg mem_afh_map ,contw +48aa 18002600 force 0 ,regc +48ab 18000e02 force 2 ,queue + +process_freq_3: +48ac 6fea40da fetch 5 ,mem_afh_map_lo +48ad 98000400 iforce temp +48ae 28e1fe02 compare 2 ,queue ,0xff +48af 2020c8b1 branch process_freq_1 ,true +48b0 18430400 rshift temp ,temp + +process_freq_1: +48b1 284c0000 isolate0 0 ,temp +48b2 2020c8b5 branch process_freq_0 ,true +48b3 1a627e00 deposit regc +48b4 e7e20005 istore 1 ,contw + +process_freq_0: +48b5 184b0400 rshift2 temp ,temp +48b6 1a60a602 increase 2 ,regc +48b7 2a61fc28 compare 40 ,regc ,0xfe +48b8 2420c8be nbranch process_freq_2 ,true +48b9 6fea40df fetch 5 ,mem_afh_map_hi +48ba 98000400 iforce temp +48bb 28e1fe02 compare 2 ,queue ,0xff +48bc 2020c8be branch process_freq_2 ,true +48bd 18430400 rshift temp ,temp + +process_freq_2: +48be 1a667c4e sub regc ,78 ,null +48bf 202148b1 branch process_freq_1 ,positive +48c0 18002601 force 1 ,regc +48c1 18e08fff increase -1 ,queue +48c2 2422c8ac nbranch process_freq_3 ,zero +48c3 da2040f2 arg mem_afh_map ,rega +48c4 18a27e00 deposit contw +48c5 9a267e00 isub rega ,pdata +48c6 67e240e4 store 1 ,mem_afh_used +48c7 20600000 rtn + +rx_radio_freq: +48c8 44c04010 bpatch patch10_0 ,mem_patch10 +48c9 2040485c call calc_radio_freq +48ca 6fe2017d fetch 1 ,mem_debug_config +48cb c302c8cd bbit0 debug_rx_fixed_freq ,rx_radio_freq_now +48cc 684204c8 fetcht 1 ,mem_rx_fixed_freq + +rx_radio_freq_now: +48cd 2020491c branch set_freq_rx + +tx_radio_freq: +48ce 44c0c010 bpatch patch10_1 ,mem_patch10 +48cf 2040485c call calc_radio_freq +48d0 6fe2017d fetch 1 ,mem_debug_config +48d1 c30248d3 bbit0 debug_tx_fixed_freq ,tx_radio_freq_now +48d2 684204c7 fetcht 1 ,mem_tx_fixed_freq + +tx_radio_freq_now: +48d3 20204930 branch set_freq_tx + +fetch_giac: +48d4 18005a00 force 0 ,uap +48d5 6fe640a7 fetch 3 ,mem_glap +48d6 98005800 iforce lap +48d7 20600000 rtn + +fetch_page_bt_adr: +48d8 44c14010 bpatch patch10_2 ,mem_patch10 +48d9 6fe241d4 fetch 1 ,mem_hci_puap +48da 1fe25a00 icopy uap +48db 6fe641d1 fetch 3 ,mem_hci_plap +48dc 1fe25800 icopy lap +48dd 20600000 rtn + +fetch_self_bt_adr: +48de 44c1c010 bpatch patch10_3 ,mem_patch10 +48df 6fe440a4 fetch 2 ,mem_nap +48e0 1fe25c00 icopy nap +48e1 6fe240a3 fetch 1 ,mem_uap +48e2 1fe25a00 icopy uap +48e3 6fe640a0 fetch 3 ,mem_lap +48e4 1fe25800 icopy lap +48e5 20600000 rtn + +fetch_extm_bt_adr: +48e6 44c24010 bpatch patch10_4 ,mem_patch10 +48e7 6fe40044 fetch 2 ,mem_pnap +48e8 1fe25c00 icopy nap +48e9 6fe20043 fetch 1 ,mem_puap +48ea 1fe25a00 icopy uap +48eb 6fe60040 fetch 3 ,mem_plap +48ec 1fe25800 icopy lap +48ed 20600000 rtn + +fetch_diac: +48ee c51048f1 bmark1 mark_all_diac ,fetch_diac_do +48ef c68e8000 rtnmark0 mark_inquiry_state +48f0 c68f8000 rtnmark0 mark_periodical_diac + +fetch_diac_do: +48f1 1d815900 and_into -256 ,lap +48f2 782afc00 pulse recalc +48f3 20000020 nop 32 +48f4 20600000 rtn + +shutdown_radio: +48f5 44c2c010 bpatch patch10_5 ,mem_patch10 +48f6 2030c906 branch shutdown_radio0 ,is_rx +48f7 708955d4 hjam 0xd4 ,0x955 +48f8 20000004 nop 4 +48f9 708955d2 hjam 0xd2 ,0x955 +48fa 20000004 nop 4 +48fb 708955d1 hjam 0xd1 ,0x955 +48fc 20000004 nop 4 +48fd 6fe241df fetch 1 ,mem_tx_power +48fe c0004904 beq tx_power_0db ,shutdown_radio_0db +48ff c000c912 beq tx_power_3db ,shutdown_radio_3db +4900 c0014904 beq tx_power_5db ,shutdown_radio_5db +4901 c001c912 beq tx_power_f3db ,shutdown_radio_f3db +4902 c0024912 beq tx_power_f5db ,shutdown_radio_f5db +4903 c0104912 beq tx_power_pair ,shutdown_radio_pair + +shutdown_radio_5db: + +shutdown_radio_0db: +4904 708955d0 hjam 0xd0 ,0x955 +4905 708956e0 hjam 0xe0 ,0x956 + +shutdown_radio0: +4906 18002a08 force 0x08 ,radio_ctrl +4907 18002a00 force 0 ,radio_ctrl +4908 7850fc00 disable is_rx +4909 78507c00 disable is_tx +490a 782f7c00 pulse packet_end +490b 70890200 hjam 0x0 ,rfen_mdm +490c 70890100 hjam 0x0 ,rfen_tx +490d 70890000 hjam 0x0 ,rfen_rx +490e 70890300 hjam 0 ,rfen_sn +490f 70890470 hjam 0x70 ,rfen_msc +4910 70890600 hjam 0x0 ,rfen_adc +4911 20600000 rtn + +shutdown_radio_pair: + +shutdown_radio_f5db: + +shutdown_radio_f3db: + +shutdown_radio_3db: +4912 708955d0 hjam 0xd0 ,0x955 +4913 708956c0 hjam 0xc0 ,0x956 +4914 20204906 branch shutdown_radio0 + +set_sync_on: +4915 44c34010 bpatch patch10_6 ,mem_patch10 +4916 70890200 hjam 0x0 ,rfen_mdm +4917 70890100 hjam 0x0 ,rfen_tx +4918 70890018 hjam 0x18 ,rfen_rx +4919 708903a7 hjam 0xa7 ,rfen_sn +491a 7089047f hjam 0x7f ,rfen_msc +491b 20600000 rtn + +set_freq_rx: +491c 44c3c010 bpatch patch10_7 ,mem_patch10 +491d 60420017 storet 1 ,mem_last_freq +491e 1840a204 add temp ,rx_freq_offset ,rega +491f 70896d07 hjam 0x07 ,0x96d +4920 20204980 branch rf_write_freq + +rf_rx_enable: +4921 44c44011 bpatch patch11_0 ,mem_patch11 +4922 708901cf hjam 0xcf ,rfen_tx +4923 2000000a nop 10 +4924 708900ff hjam 0xff ,rfen_rx +4925 708903af hjam 0xaf ,rfen_sn +4926 708904ff hjam 0xff ,rfen_msc +4927 2000000a nop 10 +4928 708902a0 hjam 0xa0 ,rfen_mdm +4929 20600000 rtn + +set_freq_tx_offset: +492a 6fe241e1 fetch 1 ,mem_250k_freq_enable +492b 203a492e branch set_freq_tx_2m_offset ,blank + +set_freq_tx_0m_offset: +492c 1840a202 add temp ,2 ,rega +492d 20600000 rtn + +set_freq_tx_2m_offset: +492e 1840a200 add temp ,0 ,rega +492f 20600000 rtn + +set_freq_tx: +4930 44c4c011 bpatch patch11_1 ,mem_patch11 +4931 60420017 storet 1 ,mem_last_freq +4932 2040492a call set_freq_tx_offset +4933 20404980 call rf_write_freq +4934 58000500 setarg param_pll_setup +4935 20404a8e call sleep + +txon: +4936 70890601 hjam 0x1 ,rfen_adc +4937 7089003c hjam 0x3c ,rfen_rx +4938 708901e0 hjam 0xe0 ,rfen_tx +4939 70896d12 hjam 0x12 ,0x96d +493a 2000000a nop 10 +493b 70890201 hjam 0x01 ,rfen_mdm +493c 7089023d hjam 0x3d ,rfen_mdm +493d 2000000a nop 10 +493e 708903b7 hjam 0xb7 ,rfen_sn +493f 2000000a nop 10 +4940 7089027f hjam 0x7f ,rfen_mdm +4941 6fe241df fetch 1 ,mem_tx_power +4942 c0004948 beq tx_power_0db ,set_tx_power_0db +4943 c000c94c beq tx_power_3db ,set_tx_power_3db +4944 c0014950 beq tx_power_5db ,set_tx_power_5db +4945 c001c954 beq tx_power_f3db ,set_tx_power_f3db +4946 c0024958 beq tx_power_f5db ,set_tx_power_f5db +4947 c010495c beq tx_power_pair ,set_tx_power_pair + +set_tx_power_0db: +4948 708956f0 hjam 0xf0 ,0x956 +4949 20404962 call txon_common +494a 708955d8 hjam 0xd8 ,0x955 +494b 20600000 rtn + +set_tx_power_3db: +494c 708956df hjam 0xdf ,0x956 +494d 20404962 call txon_common +494e 708955df hjam 0xdf ,0x955 +494f 20600000 rtn + +set_tx_power_5db: +4950 708956ff hjam 0xff ,0x956 +4951 20404962 call txon_common +4952 708955df hjam 0xdf ,0x955 +4953 20600000 rtn + +set_tx_power_f3db: +4954 708956ce hjam 0xce ,0x956 +4955 20404962 call txon_common +4956 708955d8 hjam 0xd8 ,0x955 +4957 20600000 rtn + +set_tx_power_f5db: +4958 708956cb hjam 0xcb ,0x956 +4959 20404962 call txon_common +495a 708955d8 hjam 0xd8 ,0x955 +495b 20600000 rtn + +set_tx_power_pair: +495c 708955d0 hjam 0xd0 ,0x955 +495d 708956c0 hjam 0xc0 ,0x956 +495e 7089574c hjam 0x4c ,0x957 +495f 7089586c hjam 0x6c ,0x958 +4960 70895950 hjam 0x50 ,0x959 +4961 20600000 rtn + +txon_common: +4962 20000004 nop 4 +4963 708955d1 hjam 0xd1 ,0x955 +4964 20000004 nop 4 +4965 708955d2 hjam 0xd2 ,0x955 +4966 20000004 nop 4 +4967 708955d4 hjam 0xd4 ,0x955 +4968 20000004 nop 4 +4969 20600000 rtn + +initialize_radio: +496a 70804206 hjam clksel_rc ,core_clksel +496b 2455e7bc ncall wake_up_m0 ,wake + +initialize_radio_wait: +496c 6fe440c3 fetch 2 ,mem_rf_init_ptr +496d c307496c bbit0 14 ,initialize_radio_wait +496e 98000c00 iforce contr +496f d8408900 arg 0x8900 ,temp + +initialize_radio_loop: +4970 efe20006 ifetch 1 ,contr +4971 c07fc976 beq 0xff ,initialize_radio_cont +4972 98418a00 ior temp ,contw +4973 efe20006 ifetch 1 ,contr +4974 e7e20005 istore 1 ,contw +4975 20204970 branch initialize_radio_loop + +initialize_radio_cont: +4976 44c54011 bpatch patch11_2 ,mem_patch11 +4977 20404bba call lpm_cal_xtal_startup +4978 204049c8 call switchto_dpllclk +4979 580007d0 setarg param_dpll_start_delay +497a 9c40fe00 iadd clkn_bt ,pdata +497b 67e80167 store 4 ,mem_dpll_clkn +497c 79202a03 set1 reset ,radio_ctrl +497d 18002a00 force 0 ,radio_ctrl +497e 2455c997 ncall do_rccal ,wake +497f 202049aa branch set_rccal + +rf_write_freq: +4980 44c5c011 bpatch patch11_3 ,mem_patch11 +4981 58000960 setarg 2400 +4982 9a208400 iadd rega ,temp +4983 6fe240bd fetch 1 ,mem_fcomp_mul +4984 70895f04 hjam 0x04 ,rf_pll_rstn +4985 984ffe00 imul32 temp ,pdata +4986 684240be fetcht 1 ,mem_fcomp_div +4987 9846fc00 idiv temp +4988 20407d61 call wait_div_end +4989 1807a200 quotient rega +498a 18077e00 remainder pdata +498b 1ff07e00 lshift16 pdata ,pdata +498c 1ff27e00 lshift4 pdata ,pdata +498d 9846fc00 idiv temp +498e 20407d61 call wait_div_end +498f 1807fe00 quotient pdata +4990 1fed7e00 lshift8 pdata ,pdata +4991 1fe3fe00 lshift pdata ,pdata +4992 9a21fe00 ior rega ,pdata +4993 67e88960 hstore 4 ,rf_pll_intg +4994 70895f44 hjam 0x44 ,rf_pll_rstn +4995 70895fc4 hjam 0xc4 ,rf_pll_rstn +4996 20600000 rtn + +do_rccal: +4997 44c64011 bpatch patch11_4 ,mem_patch11 +4998 70890602 hjam 0x02 ,rfen_adc +4999 5803d090 setarg 250000 +499a 20404a8e call sleep +499b 7089007f hjam 0x7f ,rfen_rx +499c 20000082 nop 130 +499d 70895230 hjam 0x30 ,rf_rccal_ctrl +499e 708901d0 hjam 0xd0 ,rfen_tx +499f 70895270 hjam 0x70 ,rf_rccal_ctrl +49a0 708952f0 hjam 0xf0 ,rf_rccal_ctrl +49a1 18007232 force 50 ,loopcnt + +do_rccal_loop: +49a2 6fe28990 hfetch 1 ,rf_rccal_result +49a3 c282c9a5 bbit1 5 ,do_rccal_end +49a4 c20049a2 loop do_rccal_loop + +do_rccal_end: +49a5 67e240ce store 1 ,mem_rf_rccal +49a6 70890100 hjam 0 ,rfen_tx +49a7 70890000 hjam 0 ,rfen_rx +49a8 70890600 hjam 0x00 ,rfen_adc +49a9 20600000 rtn + +set_rccal: +49aa 44c6c011 bpatch patch11_5 ,mem_patch11 +49ab 6fe240ce fetch 1 ,mem_rf_rccal +49ac 79207e05 set1 5 ,pdata +49ad 67e28952 hstore 1 ,rf_rccal_ctrl +49ae 68428950 hfetcht 1 ,rf_bpf_ctrim +49af 18410407 and_into 7 ,temp +49b0 1fe9fe00 lshift3 pdata ,pdata +49b1 9841fe00 ior temp ,pdata +49b2 67e28950 hstore 1 ,rf_bpf_ctrim +49b3 6fe28951 hfetch 1 ,rf_bpf_ib +49b4 793ffe00 set0 bpf_rccal ,pdata +49b5 67e28951 hstore 1 ,rf_bpf_ib +49b6 6fe28952 hfetch 1 ,rf_adc_rccal +49b7 793ffe05 set0 adc_rccal ,pdata +49b8 67e28952 hstore 1 ,rf_adc_rccal +49b9 20600000 rtn + +save_rssi: +49ba 44c74011 bpatch patch11_6 ,mem_patch11 +49bb 6fe48991 hfetch 2 ,rf_afc_d2a +49bc 1ff1fe00 rshift4 pdata ,pdata +49bd 1fe97e00 rshift3 pdata ,pdata +49be 1fe67e00 sub pdata ,0 ,pdata +49bf 1fe17eff and_into 0xff ,pdata +49c0 1fe6fc0a div pdata ,10 +49c1 20407d61 call wait_div_end +49c2 1807fe00 quotient pdata +49c3 1ff27e00 lshift4 pdata ,pdata +49c4 18070400 remainder temp +49c5 9841fe00 ior temp ,pdata +49c6 67e20018 store 1 ,mem_rssi +49c7 20600000 rtn + +switchto_dpllclk: +49c8 70804206 hjam clksel_rc ,core_clksel +49c9 6fe2896b hfetch 1 ,rf_clkpll_frac + 2 +49ca 793ffe04 set0 4 ,pdata +49cb 793ffe05 set0 5 ,pdata +49cc 67e2896b hstore 1 ,rf_clkpll_frac + 2 +49cd 70890500 hjam 0x00 ,rfen_ck +49ce 70890400 hjam 0x00 ,rfen_msc +49cf 70890470 hjam 0x70 ,rfen_msc +49d0 708905ff hjam 0xff ,rfen_ck +49d1 6fe2896b hfetch 1 ,rf_clkpll_frac + 2 +49d2 79207e04 set1 4 ,pdata +49d3 79207e05 set1 5 ,pdata +49d4 67e2896b hstore 1 ,rf_clkpll_frac + 2 +49d5 204049e8 call init_lpm_ctrl +49d6 6fe28968 hfetch 1 ,rf_clkpll_int +49d7 79207e07 set1 7 ,pdata +49d8 67e28968 hstore 1 ,rf_clkpll_int +49d9 793ffe07 set0 7 ,pdata +49da 67e28968 hstore 1 ,rf_clkpll_int +49db 79207e07 set1 7 ,pdata +49dc 67e28968 hstore 1 ,rf_clkpll_int +49dd 70804205 hjam clksel_dpll ,core_clksel +49de 20000001 nop 1 +49df 70804204 hjam clksel_xtal ,core_clksel +49e0 6fe2896b hfetch 1 ,rf_clkpll_frac + 2 +49e1 1fe17ecf and_into 0xcf ,pdata +49e2 67e2896b hstore 1 ,rf_clkpll_frac + 2 +49e3 1fe1fe30 or_into 0x30 ,pdata +49e4 67e2896b hstore 1 ,rf_clkpll_frac + 2 +49e5 20600000 rtn + +xtal_fast_wake: +49e6 58000f0f setarg 0xf0f +49e7 20204bd2 branch lpm_write_config + +init_lpm_ctrl: +49e8 5800080f setarg 0x80f +49e9 20204bd2 branch lpm_write_config + +start_receiver: +49ea 44c7c011 bpatch patch11_7 ,mem_patch11 +49eb 20404921 call rf_rx_enable +49ec 78507c00 disable is_tx +49ed 7830fc00 enable is_rx +49ee 782b7c00 pulse init_encrypt +49ef 20600000 rtn + +prep_crypt: +49f0 44c84012 bpatch patch12_0 ,mem_patch12 +49f1 6fe2004c fetch 1 ,mem_state_map +49f2 2feffe02 isolate1 smap_encryption ,pdata +49f3 7920fe00 setflag true ,0 ,pdata +49f4 67e28011 hstore 1 ,core_encrypt +49f5 d8c00062 arg mem_kc ,contr +49f6 eff20006 ifetch 9 ,contr +49f7 98006400 iforce kc_ls +49f8 efee0006 ifetch 7 ,contr +49f9 98006600 iforce kc_ms +49fa 6fe20054 fetch 1 ,mem_key_size +49fb 1fe0e9ff add pdata ,-1 ,g1l +49fc 782d7c00 pulse kc_p_activate +49fd 20600000 rtn + +wait_access_end: +49fe 1b427e00 deposit clke +49ff 67ec009a store 6 ,mem_sync_clke +4a00 7846fc00 disable decode_fec0 +4a01 242c48f5 nbranch shutdown_radio ,sync +4a02 dd2003bb arg param_clke_cal ,clke_rt +4a03 1d00d001 increase 1 ,clke_bt +4a04 1d0151fc and_into 0x1fc ,clke_bt +4a05 20600000 rtn + +wait_access_mhalfbnd: +4a06 7826fc00 enable decode_fec0 + +wait_access_mhalfbnd_correlate: +4a07 37cb8400 correlate null ,mhalfbnd +4a08 202c49fe branch wait_access_end ,sync +4a09 2d000402 compare 0x02 ,clke_bt ,0x02 +4a0a 2420ca07 nbranch wait_access_mhalfbnd_correlate ,true +4a0b 202049fe branch wait_access_end + +wait_access_clkn_rt: +4a0c 44c8c012 bpatch patch12_1 ,mem_patch12 +4a0d d9600600 arg param_conn_access ,timeup +4a0e 7826fc00 enable decode_fec0 +4a0f 34730400 correlate clkn_rt ,meet +4a10 7846fc00 disable decode_fec0 +4a11 242c48f5 nbranch shutdown_radio ,sync +4a12 20600000 rtn + +wait_access_forever: +4a13 44c94012 bpatch patch12_2 ,mem_patch12 +4a14 7826fc00 enable decode_fec0 +4a15 37c18400 correlate null ,timeout +4a16 7846fc00 disable decode_fec0 +4a17 242c48f5 nbranch shutdown_radio ,sync +4a18 dd2003bb arg param_clke_cal ,clke_rt +4a19 1d0151fc and_into 0x1fc ,clke_bt +4a1a 20600000 rtn + +reserve_slot: +4a1b 44c9c012 bpatch patch12_3 ,mem_patch12 +4a1c 98002200 iforce rega +4a1d 1c227e00 deposit bt_clk +4a1e 98409600 iadd temp ,timeup +4a1f 19627e00 copy timeup ,pdata +4a20 67e840ca store 4 ,mem_next_btclk +4a21 1a227e00 deposit rega +4a22 20600000 rtn + +ahead_window: +4a23 1fe20400 copy pdata ,temp +4a24 44ca4012 bpatch patch12_4 ,mem_patch12 +4a25 18427e00 copy temp ,pdata +4a26 20407d2b call clk2bt +4a27 1c307e00 lshift16 bt_clk ,pdata +4a28 79207e2c set1 44 ,pdata +4a29 20407d14 call clk_diff +4a2a 793ffe2c set0 44 ,pdata +4a2b 20404a76 call get_clk +4a2c 20407d14 call clk_diff +4a2d 20740000 rtn user +4a2e 20407d1e call clk2rt +4a2f 98003600 iforce stop_watch +4a30 37c18200 until null ,timeout +4a31 20600000 rtn + +setup_clk: +4a32 44cac012 bpatch patch12_5 ,mem_patch12 +4a33 20384a37 branch setup_clkn ,clknt +4a34 35330200 until clke_rt ,meet + +skip_setup_clke: +4a35 1d020400 copy clke_bt ,temp +4a36 20204a3a branch setup_clknbt + +setup_clkn: +4a37 20374a39 branch skip_setup_clkn ,attempt +4a38 34730200 until clkn_rt ,meet + +skip_setup_clkn: +4a39 1c420400 copy clkn_bt ,temp + +setup_clknbt: +4a3a 20344a46 branch setup_clk11 ,user +4a3b 28400601 compare 1 ,temp ,3 +4a3c 2420ca32 nbranch setup_clk ,true + +setup_complete: +4a3d 44cb4012 bpatch patch12_6 ,mem_patch12 +4a3e 6fe20030 fetch 1 ,mem_state +4a3f c4000000 rtnbit0 state_inconn +4a40 6fe840ca fetch 4 ,mem_next_btclk +4a41 98467e00 isub temp ,pdata +4a42 24610000 nrtn positive +4a43 1fe67cff sub pdata ,0xff ,null +4a44 20214a32 branch setup_clk ,positive +4a45 20600000 rtn + +setup_clk11: +4a46 28400603 compare 3 ,temp ,3 +4a47 2420ca32 nbranch setup_clk ,true +4a48 20204a3d branch setup_complete + +rf_setup_time: +4a49 44cbc012 bpatch patch12_7 ,mem_patch12 +4a4a d9600600 arg param_rf_setup ,timeup +4a4b 20204a32 branch setup_clk + +rf_setup_time_slave_slot: +4a4c 78547c00 disable user +4a4d 20204a49 branch rf_setup_time + +rf_setup_time_master_slot: +4a4e 78347c00 enable user +4a4f 20204a49 branch rf_setup_time + +start_transmitter: +4a50 44cc4013 bpatch patch13_0 ,mem_patch13 +4a51 204049f0 call prep_crypt +4a52 7850fc00 disable is_rx +4a53 78307c00 enable is_tx +4a54 20600000 rtn + +start_tx_native: +4a55 44ccc013 bpatch patch13_1 ,mem_patch13 +4a56 d9600e43 arg param_tx_setup ,timeup +4a57 34730200 until clkn_rt ,meet +4a58 782b7c00 pulse init_encrypt +4a59 20600000 rtn + +start_rx_native: +4a5a 44cd4013 bpatch patch13_2 ,mem_patch13 +4a5b d9600d00 arg param_rx_setup ,timeup +4a5c 34730200 until clkn_rt ,meet +4a5d 20600000 rtn + +start_tx_external: +4a5e 44cdc013 bpatch patch13_3 ,mem_patch13 +4a5f d9600e43 arg param_tx_setup ,timeup +4a60 35330200 until clke_rt ,meet +4a61 782b7c00 pulse init_encrypt +4a62 20600000 rtn + +send_access_word: +4a63 44ce4013 bpatch patch13_4 ,mem_patch13 +4a64 51207e00 preload access +4a65 782efc00 enable encode_fec0 +4a66 79202a00 set1 txgfsk ,radio_ctrl +4a67 08008648 inject mod ,72 +4a68 784efc00 disable encode_fec0 +4a69 20600000 rtn + +scan_mode_whiten: +4a6a 1ca20400 copy xin ,temp +4a6b 18418460 or_into 0x60 ,temp +4a6c 18421c00 copy temp ,white_init +4a6d 20600000 rtn + +get_free_amaddr: +4a6e 44cec013 bpatch patch13_5 ,mem_patch13 +4a6f 6fe24090 fetch 1 ,mem_current_amaddr +4a70 1fe0fe01 increase 1 ,pdata +4a71 c083ca73 bne param_esco_addr ,get_free_amaddr_cont +4a72 18007e01 force 1 ,pdata + +get_free_amaddr_cont: +4a73 67e24090 store 1 ,mem_current_amaddr +4a74 98000800 iforce am_addr +4a75 20600000 rtn + +get_clk: +4a76 1b220400 copy clkn ,temp +4a77 20748000 rtn master +4a78 1b420400 copy clke ,temp +4a79 20600000 rtn + +get_clkbt: +4a7a 1c427e00 deposit clkn_bt +4a7b 20748000 rtn master +4a7c 1d027e00 deposit clke_bt +4a7d 20600000 rtn + +supervision_update: +4a7e 44cf4013 bpatch patch13_6 ,mem_patch13 +4a7f 6848004d fetcht 4 ,mem_supervision_timer +4a80 20404a7a call get_clkbt +4a81 98461600 isub temp ,timeup +4a82 19627e00 deposit timeup +4a83 68440051 fetcht 2 ,mem_supervision_to +4a84 18438400 lshift temp ,temp +4a85 98467e00 isub temp ,pdata +4a86 20600000 rtn + +supervision_flush: +4a87 44cfc013 bpatch patch13_7 ,mem_patch13 +4a88 20404a7a call get_clkbt +4a89 67e8004d store 4 ,mem_supervision_timer +4a8a 20600000 rtn + +assert: +4a8b 44d04014 bpatch patch14_0 ,mem_patch14 +4a8c 20204a8b branch assert + +loop: +4a8d 20204a8d branch loop + +sleep: +4a8e 207a0000 rtn blank +4a8f 1fe37e00 rshift pdata ,pdata +4a90 1fe0fffd increase -3 ,pdata + +sleep_loop: +4a91 1fe0ffff increase -1 ,pdata +4a92 2422ca91 nbranch sleep_loop ,zero +4a93 18007e00 force 0 ,pdata +4a94 20600000 rtn + +init_param: +4a95 df200010 arg 0x10 ,loopcnt +4a96 d8a00000 arg 0 ,contw +4a97 20407ca1 call memset0 +4a98 d8a0043b arg mem_le_state ,contw +4a99 df20000a arg 10 ,loopcnt +4a9a 20407ca1 call memset0 +4a9b 7009ae00 jam 0 ,mem_sp_calc +4a9c 700a9500 jam 0 ,mem_fifo_temp +4a9d 70048800 jam 0 ,mem_le_testtype +4a9e 70017d00 jam 0 ,mem_debug_config +4a9f 7004cd00 jam 0 ,mem_lmp_conn_state +4aa0 44d0c014 bpatch patch14_1 ,mem_patch14 +4aa1 70016b00 jam 0 ,mem_connection_options +4aa2 70014f00 jam 0 ,mem_tester_emulate +4aa3 70015a00 jam 0 ,mem_tester_cnt +4aa4 589e8b33 setarg param_glap +4aa5 67e640a7 store 3 ,mem_glap +4aa6 58000153 setarg param_acl_pktlen +4aa7 67e40083 store 2 ,mem_acl_pktlen +4aa8 7000851e jam param_sco_pktlen ,mem_sco_pktlen +4aa9 70008601 jam param_acl_pktcnt ,mem_acl_pktcnt +4aaa 70008807 jam param_sco_pktcnt ,mem_sco_pktcnt +4aab 5812e904 setarg param_hci_version +4aac 67e60080 store 3 ,mem_hci_version +4aad 70009060 jam 0x60 ,mem_fhs_misc +4aae 7040d005 jam param_max_slot ,mem_max_slot +4aaf 70001402 jam 0x02 ,mem_fw_ver +4ab0 6fe2462c fetch 1 ,mem_ssp_enable +4ab1 245a7376 ncall init_memp ,blank +4ab2 6fe24490 fetch 1 ,mem_le_secure_connect_enable +4ab3 245a73cd ncall init_memp_256 ,blank +4ab4 44d14014 bpatch patch14_2 ,mem_patch14 +4ab5 20758000 rtn wake +4ab6 58000000 setarg 0 +4ab7 67e441dd store 2 ,mem_tx_len +4ab8 1c437e00 rshift clkn_bt ,pdata +4ab9 67e84094 store 4 ,mem_last_clkn +4aba 20600000 rtn + +lpmstate: +4abb 6fe88124 fetch 4 ,core_lpm_xtalcnt +4abc 2feffe13 isolate1 hibernate ,pdata +4abd c30bcac2 bbit0 isogate ,lpm_open_isogate +4abe 2420fd74 nbranch clean_mem ,true +4abf d85fffff arg param_hibernate_clks ,temp +4ac0 1ce27e00 deposit auxcnt +4ac1 203a4b18 branch lpm_enter_sleep ,blank + +lpm_open_isogate: +4ac2 79207e17 set1 isogate ,pdata +4ac3 79207e14 set1 xram_switch ,pdata +4ac4 79207e15 set1 pram_switch ,pdata +4ac5 67e8804c store 4 ,core_lpm_reg +4ac6 37d98200 until null ,lpo_edge +4ac7 37d98200 until null ,lpo_edge +4ac8 20404bdd call lpm_write_ctrl2 +4ac9 6fe2804e fetch 1 ,core_lpm_isogate +4aca 79207e06 set1 enable_retmem ,pdata +4acb 67e2804e store 1 ,core_lpm_isogate +4acc 20404bdd call lpm_write_ctrl2 +4acd 2020fd74 branch clean_mem ,true +4ace 7835fc00 enable wake + +lpm_load_context: +4acf 70804301 jam 0x1 ,core_config +4ad0 6ff04191 fetch 8 ,mem_saved_mark +4ad1 98000000 iforce mark +4ad2 6fec8130 fetch 6 ,core_gpio_wakeup +4ad3 67ec00a1 store 6 ,mem_gpio_wakeup +4ad4 20600000 rtn + +lpm_save_context: +4ad5 18027e00 deposit mark +4ad6 67f04191 store 8 ,mem_saved_mark +4ad7 20204be3 branch lpm_write_gpio_wakeup + +lpo_calibration: +4ad8 68428042 fetcht 1 ,core_clksel +4ad9 18417ef0 and temp ,0xf0 ,pdata +4ada 243a4ae1 nbranch lpo_cal_inited ,blank +4adb 6fe64170 fetch 3 ,mem_clks_per_lpo +4adc 247a0000 nrtn blank +4add 18417e0f and temp ,0xf ,pdata +4ade 1fe1fec0 or_into 0xc0 ,pdata +4adf 67e28042 store 1 ,core_clksel +4ae0 70800a80 jam ccnt_start ,core_dma_start + +lpo_cal_inited: +4ae1 6fe28108 fetch 1 ,core_misc_status +4ae2 c4000000 rtnbit0 ccnt_done +4ae3 6fe6810a fetch 3 ,core_ccnt_counter +4ae4 67e64170 store 3 ,mem_clks_per_lpo +4ae5 20600000 rtn + +lpm_adjust_clk: +4ae6 44d1c014 bpatch patch14_3 ,mem_patch14 +4ae7 1b427e00 deposit clke +4ae8 20407d12 call clk_diff_rt +4ae9 68484160 fetcht 4 ,mem_sleep_counter_all +4aea 18467cff sub temp ,0xff ,null +4aeb 20610000 rtn positive +4aec 1fed7e00 lshift8 pdata ,pdata +4aed 1ff27e00 lshift4 pdata ,pdata +4aee 9846fc00 idiv temp +4aef 20407d61 call wait_div_end +4af0 1807fe00 quotient pdata +4af1 d84000c8 arg param_lpm_adjmax ,temp +4af2 20407d6c call ceiling +4af3 67e20099 store 1 ,mem_lpm_adjust +4af4 24344af6 nbranch lpm_adjust_positive ,user +4af5 1fe67e00 sub pdata ,0 ,pdata + +lpm_adjust_positive: +4af6 68464170 fetcht 3 ,mem_clks_per_lpo +4af7 9840fe00 iadd temp ,pdata +4af8 67e64170 store 3 ,mem_clks_per_lpo + +lpm_clear_counter: +4af9 58000000 setarg 0 +4afa 67e84160 store 4 ,mem_sleep_counter_all +4afb 20600000 rtn + +lpm_doze: +4afc 6fe24158 fetch 1 ,mem_lpm_doze_switch +4afd 20204aff branch lpm_hibernate_normal + +lpm_hibernate: +4afe 6fe24157 fetch 1 ,mem_lpm_hibernate_switch + +lpm_hibernate_normal: +4aff 67e2417c store 1 ,mem_lpm_xtalcnt + 3 +4b00 44d24014 bpatch patch14_4 ,mem_patch14 +4b01 20404be3 call lpm_write_gpio_wakeup +4b02 d85fffff arg param_hibernate_clks ,temp +4b03 6fe24177 fetch 1 ,mem_lpm_config + 1 +4b04 793ffe07 set0 7 ,pdata +4b05 67e24177 store 1 ,mem_lpm_config + 1 + +lpm_sleep: +4b06 44d2c014 bpatch patch14_5 ,mem_patch14 +4b07 204049e6 call xtal_fast_wake +4b08 6fe84160 fetch 4 ,mem_sleep_counter_all +4b09 9840fe00 iadd temp ,pdata +4b0a 67e84160 store 4 ,mem_sleep_counter_all +4b0b 20404ad5 call lpm_save_context +4b0c 6fe64179 fetch 3 ,mem_lpm_xtalcnt +4b0d 67e6804c store 3 ,core_lpm_reg +4b0e ea220006 ifetchr rega ,1 ,contr +4b0f 6fe28127 fetch 1 ,core_lpm_buckcfg +4b10 e7e20005 istore 1 ,contw +4b11 37d98200 until null ,lpo_edge +4b12 632c4164 storer clkn ,6 ,mem_sleep_clkn +4b13 70800502 hjam lpmreg_sel_ctrl2 ,core_lpm_wr +4b14 37d98200 until null ,lpo_edge +4b15 37d98200 until null ,lpo_edge +4b16 6222804e storer rega ,1 ,core_lpm_isogate +4b17 70800502 hjam lpmreg_sel_ctrl2 ,core_lpm_wr + +lpm_enter_sleep: +4b18 37d98200 until null ,lpo_edge +4b19 37d98200 until null ,lpo_edge +4b1a 6048804c hstoret 4 ,core_lpm_reg +4b1b 70800510 hjam lpmreg_sel_counter ,core_lpm_wr +4b1c 37df8200 until null ,never + +lpm_recover_clk: +4b1d 44d34014 bpatch patch14_6 ,mem_patch14 +4b1e 58000000 setarg 0 +4b1f 1ce27c00 copy auxcnt ,null +4b20 2022cb28 branch lpm_recover_timeout ,zero +4b21 6fe28124 hfetch 1 ,core_lpm_xtalcnt +4b22 68428125 hfetcht 1 ,core_lpm_buckcnt +4b23 98467c00 isub temp ,null +4b24 20214b26 branch lpm_recover_xtal ,positive +4b25 18427e00 deposit temp + +lpm_recover_xtal: +4b26 9ce67e00 isub auxcnt ,pdata +4b27 1fe0fe01 increase 1 ,pdata + +lpm_recover_timeout: +4b28 1fe0fe08 increase 8 ,pdata +4b29 37d98200 until null ,lpo_edge +4b2a 9e20fe00 iadd lpo_time ,pdata +4b2b 6848415c fetcht 4 ,mem_sleep_counter +4b2c 9840fe00 iadd temp ,pdata +4b2d 68464170 fetcht 3 ,mem_clks_per_lpo +4b2e 984ffe00 imul32 temp ,pdata +4b2f 1fecfe00 rshift8 pdata ,pdata +4b30 1ff1fe00 rshift4 pdata ,pdata +4b31 1fe0fe6e increase param_lpm_fix ,pdata +4b32 d8400ea6 arg 3750 ,temp +4b33 9846fc00 idiv temp +4b34 20407d61 call wait_div_end +4b35 1807fe00 quotient pdata +4b36 1ff07e00 lshift16 pdata ,pdata +4b37 18070400 remainder temp +4b38 9841fe00 ior temp ,pdata +4b39 684c4164 fetcht 6 ,mem_sleep_clkn +4b3a 20407d07 call clk_add +4b3b 18423200 copy temp ,clkn +4b3c 6fec4048 fetch 6 ,mem_context + coffset_clk_offset +4b3d 20404850 call calc_clke2 +4b3e 20600000 rtn + +lpm_dispatch: +4b3f 44d3c014 bpatch patch14_7 ,mem_patch14 +4b40 20404ad8 call lpo_calibration +4b41 6fe64170 fetch 3 ,mem_clks_per_lpo +4b42 207a0000 rtn blank +4b43 6fe24091 fetch 1 ,mem_lpm_mode +4b44 207a0000 rtn blank +4b45 6fe2462c fetch 1 ,mem_ssp_enable +4b46 203a4b49 branch lpm_dispatch_next ,blank +4b47 6fe24583 fetch 1 ,mem_sp_local_key_invalid +4b48 207a0000 rtn blank + +lpm_dispatch_next: +4b49 6fe24492 fetch 1 ,mem_le_sc_calc +4b4a 247a0000 nrtn blank +4b4b 20404bf4 call lpm_check_wake_lock +4b4c 247a0000 nrtn blank +4b4d 6fe24040 fetch 1 ,mem_context +4b4e 2fe00e03 compare 3 ,pdata ,0x7 +4b4f 2420cb72 nbranch lpm_dispatch_unconn ,true +4b50 6fe44042 fetch 2 ,mem_context + coffset_tsniff +4b51 207a0000 rtn blank +4b52 20758000 rtn wake +4b53 44d44015 bpatch patch15_0 ,mem_patch15 +4b54 684200a0 fetcht 1 ,mem_lpm_current_mult +4b55 6fe44042 fetch 2 ,mem_context + coffset_tsniff +4b56 984ffe00 imul32 temp ,pdata +4b57 18518400 rshift4 temp ,temp +4b58 184b0400 rshift2 temp ,temp +4b59 98467e00 isub temp ,pdata +4b5a 68484044 fetcht 4 ,mem_context + coffset_sniff_anchor +4b5b 9840fe00 iadd temp ,pdata +4b5c 68424156 fetcht 1 ,mem_lpm_overhead +4b5d 98467e00 isub temp ,pdata +4b5e 1ff06000 lshift16 pdata ,alarm +4b5f 44d4c015 bpatch patch15_1 ,mem_patch15 +4b60 6fe4404e fetch 2 ,mem_context + coffset_rx_window +4b61 1fe37e00 rshift pdata ,pdata +4b62 20407d2b call clk2bt +4b63 1e027e00 deposit alarm +4b64 20407d14 call clk_diff +4b65 1b420400 copy clke ,temp +4b66 20407d12 call clk_diff_rt +4b67 20740000 rtn user + +lpm_dispatch_sleep: +4b68 20407d24 call clk2lpo + +lpm_dispatch_lpo: +4b69 44d54015 bpatch patch15_2 ,mem_patch15 +4b6a 6fe24179 fetch 1 ,mem_lpm_xtalcnt +4b6b 98467c00 isub temp ,null +4b6c 20214af9 branch lpm_clear_counter ,positive +4b6d 6048415c storet 4 ,mem_sleep_counter +4b6e 20404cc1 call app_will_enter_lpm +4b6f 204056d5 call l2cap_lpm_save_txbuf +4b70 6848415c fetcht 4 ,mem_sleep_counter +4b71 20204b06 branch lpm_sleep + +lpm_dispatch_unconn: +4b72 44d5c015 bpatch patch15_3 ,mem_patch15 +4b73 6fe24040 fetch 1 ,mem_context +4b74 c3800000 rtnbit1 state_inconn +4b75 c3818000 rtnbit1 state_inpage +4b76 6fe2462c fetch 1 ,mem_ssp_enable +4b77 203a4b7a branch lpm_unconn_nossp ,blank +4b78 6fe24583 fetch 1 ,mem_sp_local_key_invalid +4b79 207a0000 rtn blank + +lpm_unconn_nossp: +4b7a 44d64015 bpatch patch15_4 ,mem_patch15 +4b7b 6fe24340 fetch 1 ,mem_le_adv_enable +4b7c 243a4b7f nbranch lpm_unconn_cont ,blank +4b7d 6fe24093 fetch 1 ,mem_scan_mode +4b7e 207a0000 rtn blank + +lpm_unconn_cont: +4b7f 6fe44154 fetch 2 ,mem_lpm_interval +4b80 207a0000 rtn blank + +lpm_sleep_btclk: +4b81 68424156 fetcht 1 ,mem_lpm_overhead +4b82 98467e00 isub temp ,pdata +4b83 d8401d4c arg 7500 ,temp +4b84 984ffe00 imul32 temp ,pdata +4b85 20204b68 branch lpm_dispatch_sleep + +lpm_set_mult: +4b86 44d6c015 bpatch patch15_5 ,mem_patch15 +4b87 7855fc00 disable wake +4b88 6fe20030 fetch 1 ,mem_state +4b89 c4008000 rtnbit0 state_insniff +4b8a 2436cba5 nbranch lpm_not_match ,match +4b8b 20404ba0 call lpm_match +4b8c 6fe440c1 fetch 2 ,mem_rx_window_sniff +4b8d 67e4003e store 2 ,mem_rx_window +4b8e 6fe20047 fetch 1 ,mem_arq +4b8f c281cbb3 bbit1 wack ,lpm_mult_short +4b90 c586cbb3 bmark0 mark_lpm_mult_enable ,lpm_mult_short +4b91 2040564e call l2cap_malloc_is_fifo_empty +4b92 243a4bb3 nbranch lpm_mult_short ,blank +4b93 6fe2452e fetch 1 ,mem_classic_bt_flag +4b94 c280cbb3 bbit1 short_mult_flag ,lpm_mult_short + +lpm_mult_wait_timeout: +4b95 7000a000 jam 0 ,mem_lpm_current_mult +4b96 c586cbb3 bmark0 mark_lpm_mult_enable ,lpm_mult_short +4b97 6fe24175 fetch 1 ,mem_lpm_mult_cnt +4b98 203a4bb7 branch lpm_mult_long ,blank +4b99 1fe0ffff increase -1 ,pdata +4b9a 67e24175 store 1 ,mem_lpm_mult_cnt +4b9b 20600000 rtn + +classic_bt_set_mult_short_flag: +4b9c d8e00001 arg short_mult_flag ,queue +4b9d 202064af branch classic_bluetooth_set_flag + +classic_bt_clr_mult_short_flag: +4b9e d8e00001 arg short_mult_flag ,queue +4b9f 202064b3 branch classic_bluetooth_clr_flag + +lpm_match: +4ba0 70415a00 jam 0 ,mem_sniff_unint_lost +4ba1 6fe6416a fetch 3 ,mem_sniff_rcv +4ba2 1fe0fe01 increase 1 ,pdata +4ba3 67e6416a store 3 ,mem_sniff_rcv +4ba4 20600000 rtn + +lpm_not_match: +4ba5 44d74015 bpatch patch15_6 ,mem_patch15 +4ba6 684440c1 fetcht 2 ,mem_rx_window_sniff +4ba7 18430400 rshift temp ,temp +4ba8 6fe4003e fetch 2 ,mem_rx_window +4ba9 9840fe00 iadd temp ,pdata +4baa 67e4003e store 2 ,mem_rx_window + +lpm_lost: +4bab 7000a000 jam 0 ,mem_lpm_current_mult +4bac 6fe6416d fetch 3 ,mem_sniff_lost +4bad 1fe0fe01 increase 1 ,pdata +4bae 67e6416d store 3 ,mem_sniff_lost +4baf 6fe2415a fetch 1 ,mem_sniff_unint_lost +4bb0 1fe0fe01 increase 1 ,pdata +4bb1 67e2415a store 1 ,mem_sniff_unint_lost +4bb2 20600000 rtn + +lpm_mult_short: +4bb3 7000a000 jam 0 ,mem_lpm_current_mult +4bb4 6fe24174 fetch 1 ,mem_lpm_mult_timeout +4bb5 67e24175 store 1 ,mem_lpm_mult_cnt +4bb6 20600000 rtn + +lpm_mult_long: +4bb7 68424173 fetcht 1 ,mem_lpm_mult +4bb8 604200a0 storet 1 ,mem_lpm_current_mult +4bb9 20600000 rtn + +lpm_cal_xtal_startup: +4bba 44d7c015 bpatch patch15_7 ,mem_patch15 +4bbb 6fe24179 fetch 1 ,mem_lpm_xtalcnt +4bbc 247a0000 nrtn blank +4bbd 70804206 hjam clksel_rc ,core_clksel +4bbe 58000f0c setarg 0xf0c +4bbf 20404bd2 call lpm_write_config +4bc0 58030d40 setarg 200000 +4bc1 20404a8e call sleep +4bc2 37d98200 until null ,lpo_edge +4bc3 1e226000 copy lpo_time ,alarm +4bc4 204049e6 call xtal_fast_wake +4bc5 70804204 hjam clksel_xtal ,core_clksel +4bc6 2000000a nop 10 +4bc7 37d98200 until null ,lpo_edge +4bc8 1e227e00 deposit lpo_time +4bc9 9e067e00 isub alarm ,pdata +4bca 1fe0fe30 increase 0x30 ,pdata +4bcb d84000ff arg 0xff ,temp +4bcc 20407d6c call ceiling +4bcd 67e24179 store 1 ,mem_lpm_xtalcnt +4bce 20007530 nop 30000 +4bcf 20007530 nop 30000 +4bd0 20007530 nop 30000 +4bd1 20600000 rtn + +lpm_write_config: +4bd2 d8a00fff arg 0xfff ,contw +4bd3 98a10a00 iand contw ,contw +4bd4 6fe24176 fetch 1 ,mem_lpm_config +4bd5 1fe17ef0 and_into 0xf0 ,pdata +4bd6 1fed7e00 lshift8 pdata ,pdata +4bd7 98a1fe00 ior contw ,pdata +4bd8 67e4804c hstore 2 ,core_lpm_reg +4bd9 efe40006 ifetch 2 ,contr +4bda e7e40005 istore 2 ,contw + +lpm_write_ctrl: +4bdb 58000001 setarg lpmreg_sel_ctrl +4bdc 20204bde branch lpm_write + +lpm_write_ctrl2: +4bdd 58000002 setarg lpmreg_sel_ctrl2 + +lpm_write: +4bde 67e28005 hstore 1 ,core_lpm_wr +4bdf 37d98200 until null ,lpo_edge +4be0 37d98200 until null ,lpo_edge +4be1 37d98200 until null ,lpo_edge +4be2 20600000 rtn + +lpm_write_gpio_wakeup: +4be3 44d84016 bpatch patch16_0 ,mem_patch16 +4be4 6fe800a1 fetch 4 ,mem_gpio_wakeup +4be5 67e8804c store 4 ,core_lpm_reg +4be6 58000004 setarg lpmreg_sel_gpiolow +4be7 20404bde call lpm_write +4be8 efe40006 ifetch 2 ,contr +4be9 67e8804c store 4 ,core_lpm_reg +4bea 58000008 setarg lpmreg_sel_gpiohigh +4beb 20204bde branch lpm_write + +lpm_get_wake_lock: +4bec 6fe44152 fetch 2 ,mem_lpm_wake_lock +4bed f9207e00 qset1 pdata +4bee 67e44152 store 2 ,mem_lpm_wake_lock +4bef 20600000 rtn + +lpm_put_wake_lock: +4bf0 6fe44152 fetch 2 ,mem_lpm_wake_lock +4bf1 f93ffe00 qset0 pdata +4bf2 67e44152 store 2 ,mem_lpm_wake_lock +4bf3 20600000 rtn + +lpm_check_wake_lock: +4bf4 44d8c016 bpatch patch16_1 ,mem_patch16 +4bf5 20404cbf call app_check_wake_lock +4bf6 6fe44152 fetch 2 ,mem_lpm_wake_lock +4bf7 1fe22200 copy pdata ,rega +4bf8 6fe2004c fetch 1 ,mem_state_map +4bf9 2feffe06 isolate1 smap_rxlmp ,pdata +4bfa 7920a20b setflag true ,wake_lock_lmp_rx ,rega +4bfb 6fe20078 fetch 1 ,mem_lmo_opcode1 +4bfc 6842007c fetcht 1 ,mem_lmo_opcode2 +4bfd 9840fe00 iadd temp ,pdata +4bfe 68420048 fetcht 1 ,mem_lmp_to_send +4bff 9840fe00 iadd temp ,pdata +4c00 7d3a220a nsetflag blank ,wake_lock_lmp_tx ,rega +4c01 6fe244d1 fetch 1 ,mem_le_tx_buff_used +4c02 7d3a2201 nsetflag blank ,wake_lock_ble_tx ,rega +4c03 6fe40259 fetch 2 ,mem_l2cap_rxbuff1_len +4c04 6844025b fetcht 2 ,mem_l2cap_rxbuff2_len +4c05 9840fe00 iadd temp ,pdata +4c06 7d3a220d nsetflag blank ,wake_lock_l2cap_rx ,rega +4c07 6ff0463a fetch util_fifo_len ,mem_ipc_fifo_bt2c51 +4c08 7d3a220f nsetflag blank ,wake_lock_ipc_bt2c51 ,rega +4c09 6ff04642 fetch util_fifo_len ,mem_ipc_fifo_c512bt +4c0a 7d3a220e nsetflag blank ,wake_lock_ipc_c512bt ,rega +4c0b 6fe44ff4 fetch 2 ,ipc_bt2m0_read_ptr +4c0c 68444ff6 fetcht 2 ,ipc_bt2m0_write_ptr +4c0d 98467c00 isub temp ,null +4c0e 7d22a205 nsetflag zero ,wake_lock_ipc_bt2m0 ,rega +4c0f 6fe44ffc fetch 2 ,ipc_m02bt_read_ptr +4c10 68444ffe fetcht 2 ,ipc_m02bt_write_ptr +4c11 98467c00 isub temp ,null +4c12 7d22a206 nsetflag zero ,wake_lock_ipc_m02bt ,rega +4c13 6fe28043 fetch 1 ,core_config +4c14 2feffe07 isolate1 7 ,pdata +4c15 7920a202 setflag true ,wake_lock_m0_single ,rega +4c16 6fe241cf fetch 1 ,mem_hci_cmd +4c17 7d3a2208 nsetflag blank ,wake_lock_cmd ,rega +4c18 1a227e00 copy rega ,pdata +4c19 67e44152 store 2 ,mem_lpm_wake_lock +4c1a 20600000 rtn + +lpm_shut_down: +4c1b 6fe8811c hfetch 4 ,core_lpm_ctrl +4c1c 793ffe1b set0 27 ,pdata +4c1d 67e8804c hstore 4 ,core_lpm_reg +4c1e 20404bdb call lpm_write_ctrl +4c1f 20204a8b branch assert + +lpm_disable_exen_output: +4c20 6fe88124 hfetch 4 ,core_lpm_xtalcnt +4c21 793ffe14 set0 20 ,pdata +4c22 67e8804c hstore 4 ,core_lpm_reg +4c23 20204bdd branch lpm_write_ctrl2 + +check_bt_disabled: +4c24 6fe44150 fetch 2 ,mem_chip_functions +4c25 c2804a8b bbit1 bt_disabled ,assert +4c26 20600000 rtn + +check_ble_disabled: +4c27 6fe44150 fetch 2 ,mem_chip_functions +4c28 c280ca8b bbit1 ble_disabled ,assert +4c29 20600000 rtn + +check_module_disabled: +4c2a 6fe44150 fetch 2 ,mem_chip_functions +4c2b c2814a8b bbit1 module_disable ,assert +4c2c 20600000 rtn + +test_init: +4c2d 58004c35 setarg test_proc +4c2e 67e441f2 store 2 ,mem_cb_bt_process +4c2f 58004c64 setarg test_sleep +4c30 67e441f6 store 2 ,mem_cb_bb_event_process +4c31 58004c35 setarg test_proc +4c32 67e441f4 store 2 ,mem_cb_idle_process +4c33 20758000 rtn wake +4c34 20600000 rtn + +test_proc: +4c35 6fe20030 fetch 1 ,mem_state +4c36 c300cc3b bbit0 state_insniff ,check_test_cond +4c37 7920000d set1 mark_lpm_mult_enable ,mark +4c38 6fec416a fetch 6 ,mem_sniff_rcv +4c39 67ec44e8 store 6 ,mem_local_name +4c3a 20600000 rtn + +check_test_cond: +4c3b 6fe2014f fetch 1 ,mem_tester_emulate +4c3c c4010000 rtnbit0 tester_change +4c3d 6fe2015a fetch 1 ,mem_tester_cnt +4c3e 1fe0fe01 increase 1 ,pdata +4c3f 67e2015a store 1 ,mem_tester_cnt +4c40 c1828000 rtnne 5 +4c41 70015a00 jam 0 ,mem_tester_cnt +4c42 6fe2014f fetch 1 ,mem_tester_emulate +4c43 793ffe02 set0 tester_change ,pdata +4c44 67e2014f store 1 ,mem_tester_emulate +4c45 c281cc5c bbit1 tester_exit ,check_test_exit +4c46 2feffe07 isolate1 tester_no_whitening ,pdata +4c47 2040fd88 call test_no_white ,true +4c48 2440fd8c ncall test_enable_white ,true +4c49 6fe20156 fetch 1 ,test_mode_packet_type +4c4a 2fe06020 compare 0x20 ,pdata ,0x30 +4c4b 6fe2004c fetch 1 ,mem_state_map +4c4c 7920fe05 setflag true ,smap_edr ,pdata +4c4d 67e2004c store 1 ,mem_state_map +4c4e 6fe2014f fetch 1 ,mem_tester_emulate +4c4f 6842017d fetcht 1 ,mem_debug_config +4c50 2feffe04 isolate1 tester_pattern_test ,pdata +4c51 79208406 setflag true ,debug_tx_pattern ,temp +4c52 2feffe06 isolate1 tester_fixed_freq ,pdata +4c53 79208404 setflag true ,debug_tx_fixed_freq ,temp +4c54 79208405 setflag true ,debug_rx_fixed_freq ,temp +4c55 6042017d storet 1 ,mem_debug_config +4c56 6fe20152 fetch 1 ,test_mode_tx_freq +4c57 67e204c7 store 1 ,mem_tx_fixed_freq +4c58 6fe20153 fetch 1 ,test_mode_rx_freq +4c59 67e204c8 store 1 ,mem_rx_fixed_freq +4c5a 79200011 set1 mark_testmode ,mark +4c5b 20600000 rtn + +check_test_exit: +4c5c 793f8011 set0 mark_testmode ,mark +4c5d 70014f00 jam 0 ,mem_tester_emulate +4c5e 6fe20159 fetch 1 ,mem_test_mode_old_debug_config +4c5f 67e2017d store 1 ,mem_debug_config +4c60 6fe28043 hfetch 1 ,core_config +4c61 1fe17efb and_into 0xfb ,pdata +4c62 67e28043 hstore 1 ,core_config +4c63 20600000 rtn + +test_sleep: +4c64 1a627e00 deposit regc +4c65 c1880000 rtnne bt_evt_button_long_pressed + +test_sleep_loop: +4c66 20600000 rtn +4c67 c000cc66 beq 1 ,test_sleep_loop +4c68 20204afe branch lpm_hibernate + +test_tx: +4c69 18000402 force 2 ,temp +4c6a 184085fe increase -2 ,temp +4c6b 20404915 call set_sync_on +4c6c 20404930 call set_freq_tx +4c6d 7843fc00 disable enable_white +4c6e 782efc00 enable encode_fec0 +4c6f 79202a00 set1 txgfsk ,radio_ctrl +4c70 20404a50 call start_transmitter + +test_tx_loop: +4c71 6fe20000 fetch 1 ,0 +4c72 08008608 inject mod ,8 +4c73 20204c71 branch test_tx_loop + +wait_sec_powerup: +4c74 6fe28108 fetch 1 ,core_misc_status +4c75 c3014c74 bbit0 sec_pwrup ,wait_sec_powerup +4c76 20600000 rtn + +app_init: +4c77 44d94016 bpatch patch16_2 ,mem_patch16 +4c78 6fe24092 fetch 1 ,mem_device_option +4c79 203a4c77 branch app_init ,blank +4c7a c0054d95 beq dvc_op_module ,module_init +4c7b 20600000 rtn + +app_lpm_init: +4c7c 44d9c016 bpatch patch16_3 ,mem_patch16 +4c7d 70014f00 jam 0 ,mem_tester_emulate +4c7e 70017d00 jam 0 ,mem_debug_config +4c7f 70017e00 jam 0 ,mem_lch_code +4c80 58000000 setarg 0 +4c81 67ea09aa store 5 ,mem_sp_state_start +4c82 6fe24092 fetch 1 ,mem_device_option +4c83 203a4c7c branch app_lpm_init ,blank +4c84 c0054dba beq dvc_op_module ,module_lpm_init + +app_lpm_init0: +4c85 20600000 rtn + +app_process_idle: +4c86 20407b84 call ui_dispatch +4c87 20407bc1 call check_51cmd +4c88 20404c8f call app_process_bb_event +4c89 6fe441f4 fetch 2 ,mem_cb_idle_process +4c8a 20207d77 branch callback_func + +app_process_bt: +4c8b 6fe441f2 fetch 2 ,mem_cb_bt_process +4c8c 20207d77 branch callback_func + +app_process_ble: +4c8d 6fe441f0 fetch 2 ,mem_cb_le_process +4c8e 20207d77 branch callback_func + +app_process_bb_event: +4c8f 44da4016 bpatch patch16_4 ,mem_patch16 +4c90 da20463a arg mem_ipc_fifo_bt2c51 ,rega +4c91 20407d9c call fifo_out +4c92 207a0000 rtn blank +4c93 1fe22600 copy pdata ,regc +4c94 20404c98 call app_event_normal_process +4c95 20204cbd branch app_process_bb_event_priority + +app_discard_event: +4c96 da600000 arg 0 ,regc +4c97 20600000 rtn + +app_event_normal_process: +4c98 c000ccaa beq bt_evt_bb_connected ,app_evt_bt_conn +4c99 c0084cf0 beq bt_evt_button_long_pressed ,app_evt_button_long_pressed +4c9a c002ccce beq bt_evt_setup_complete ,app_evt_setup_complete +4c9b c0094cd5 beq bt_evt_hid_handshake ,app_evt_hid_handshake +4c9c c0034cec beq bt_evt_hid_connected ,app_bb_event_hid_connected +4c9d c0024d1f beq bt_evt_reconn_failed ,app_bb_event_reconn_failed +4c9e c0014d24 beq bt_evt_bb_disconnected ,app_bb_event_bb_disconn +4c9f c009cd1f beq bt_evt_reconn_page_timeout ,app_bb_event_reconn_failed +4ca0 c00a4ce4 beq bt_evt_le_connected ,app_le_event_bb_connected +4ca1 c00acce8 beq bt_evt_le_disconnected ,app_le_event_bb_disconn +4ca2 c001ccc7 beq bt_evt_reconn_started ,app_event_reconn_start +4ca3 c005ccd9 beq bt_evt_enter_sniff ,app_event_enter_sniff +4ca4 c0064ce0 beq bt_evt_exit_sniff ,app_event_exit_sniff +4ca5 c00b4cf4 beq bt_evt_ml2cap_conn_refused ,app_event_ml2cap_conn_refused +4ca6 c00c4cc3 beq bt_evt_linkkey_generate ,app_event_linkkey_generate +4ca7 c0154cb3 beq bt_evt_switch_fail_master ,app_event_switch_fail_master +4ca8 c015ccb1 beq bt_evt_switch_success_master ,app_event_switch_success +4ca9 20600000 rtn + +app_evt_bt_conn: +4caa 6fe44652 fetch 2 ,mem_ui_state_map +4cab 79207e00 set1 ui_state_bt_connected ,pdata +4cac 67e44652 store 2 ,mem_ui_state_map +4cad 6fe44209 fetch app_disc_rsn_size ,mem_app_disconn_reason_flag +4cae 793ffe00 set0 app_disc_by_button ,pdata +4caf 67e44209 store app_disc_rsn_size ,mem_app_disconn_reason_flag +4cb0 20600000 rtn + +app_event_switch_success: +4cb1 70022700 jam 0 ,mem_switch_fail_master_count +4cb2 20600000 rtn + +app_event_switch_fail_master: +4cb3 6fe20227 fetch 1 ,mem_switch_fail_master_count +4cb4 1fe0fe01 increase 1 ,pdata +4cb5 67e20227 store 1 ,mem_switch_fail_master_count +4cb6 1fe67c01 sub pdata ,1 ,null +4cb7 20214d5a branch app_bt_role_switch ,positive +4cb8 70022700 jam 0 ,mem_switch_fail_master_count +4cb9 6fe44209 fetch app_disc_rsn_size ,mem_app_disconn_reason_flag +4cba 79207e09 set1 app_disc_switch_fail ,pdata +4cbb 67e44209 store app_disc_rsn_size ,mem_app_disconn_reason_flag +4cbc 20204d64 branch app_bt_disconnect + +app_process_bb_event_priority: +4cbd 6fe441f6 fetch 2 ,mem_cb_bb_event_process +4cbe 20207d77 branch callback_func + +app_check_wake_lock: +4cbf 6fe441ea fetch 2 ,mem_cb_check_wakelock +4cc0 20207d77 branch callback_func + +app_will_enter_lpm: +4cc1 6fe441ee fetch 2 ,mem_cb_before_lpm +4cc2 20207d77 branch callback_func + +app_event_linkkey_generate: +4cc3 6fe44209 fetch app_disc_rsn_size ,mem_app_disconn_reason_flag +4cc4 79207e01 set1 app_disc_after_pairing ,pdata +4cc5 67e44209 store app_disc_rsn_size ,mem_app_disconn_reason_flag +4cc6 20204d8d branch app_bt_store_reconn_info + +app_event_reconn_start: +4cc7 6fe44652 fetch 2 ,mem_ui_state_map +4cc8 79207e07 set1 ui_state_bt_reconnect ,pdata +4cc9 67e44652 store 2 ,mem_ui_state_map +4cca 6fe44209 fetch app_disc_rsn_size ,mem_app_disconn_reason_flag +4ccb 79207e02 set1 app_disc_after_reconn ,pdata +4ccc 67e44209 store app_disc_rsn_size ,mem_app_disconn_reason_flag +4ccd 20600000 rtn + +app_evt_setup_complete: +4cce 6fe44652 fetch 2 ,mem_ui_state_map +4ccf 79207e01 set1 ui_state_bt_setup_complete ,pdata +4cd0 67e44652 store 2 ,mem_ui_state_map +4cd1 6fe44209 fetch app_disc_rsn_size ,mem_app_disconn_reason_flag +4cd2 79207e04 set1 app_disc_after_setup_done ,pdata +4cd3 67e44209 store app_disc_rsn_size ,mem_app_disconn_reason_flag +4cd4 20600000 rtn + +app_evt_hid_handshake: +4cd5 6fe44652 fetch 2 ,mem_ui_state_map +4cd6 79207e03 set1 ui_state_bt_hid_handshake ,pdata +4cd7 67e44652 store 2 ,mem_ui_state_map +4cd8 20600000 rtn + +app_event_enter_sniff: +4cd9 6fe44652 fetch 2 ,mem_ui_state_map +4cda 79207e05 set1 ui_state_bt_sniff ,pdata +4cdb 67e44652 store 2 ,mem_ui_state_map +4cdc 6fe44209 fetch app_disc_rsn_size ,mem_app_disconn_reason_flag +4cdd 79207e03 set1 app_disc_after_sniff ,pdata +4cde 67e44209 store app_disc_rsn_size ,mem_app_disconn_reason_flag +4cdf 20600000 rtn + +app_event_exit_sniff: +4ce0 6fe44652 fetch 2 ,mem_ui_state_map +4ce1 793ffe05 set0 ui_state_bt_sniff ,pdata +4ce2 67e44652 store 2 ,mem_ui_state_map +4ce3 20600000 rtn + +app_le_event_bb_connected: +4ce4 6fe44652 fetch 2 ,mem_ui_state_map +4ce5 79207e09 set1 ui_state_ble_connected ,pdata +4ce6 67e44652 store 2 ,mem_ui_state_map +4ce7 20600000 rtn + +app_le_event_bb_disconn: +4ce8 6fe44652 fetch 2 ,mem_ui_state_map +4ce9 793ffe09 set0 ui_state_ble_connected ,pdata +4cea 67e44652 store 2 ,mem_ui_state_map +4ceb 20204d93 branch app_lpm_mult_disable + +app_bb_event_hid_connected: +4cec 6fe44652 fetch 2 ,mem_ui_state_map +4ced 79207e02 set1 ui_state_bt_hid_conn ,pdata +4cee 67e44652 store 2 ,mem_ui_state_map +4cef 20600000 rtn + +app_evt_button_long_pressed: +4cf0 6fe44209 fetch app_disc_rsn_size ,mem_app_disconn_reason_flag +4cf1 79207e00 set1 app_disc_by_button ,pdata +4cf2 67e44209 store app_disc_rsn_size ,mem_app_disconn_reason_flag +4cf3 20600000 rtn + +app_event_ml2cap_conn_refused: +4cf4 6fe44209 fetch app_disc_rsn_size ,mem_app_disconn_reason_flag +4cf5 79207e08 set1 app_disc_l2cap_refused ,pdata +4cf6 67e44209 store app_disc_rsn_size ,mem_app_disconn_reason_flag +4cf7 20204d64 branch app_bt_disconnect + +app_evt_timer: +4cf8 44dac016 bpatch patch16_5 ,mem_patch16 +4cf9 67e20228 store 1 ,mem_app_evt_timer_count + +app_evt_100ms_loop: +4cfa 6fe20228 fetch 1 ,mem_app_evt_timer_count +4cfb 207a0000 rtn blank +4cfc 1fe0ffff increase -1 ,pdata +4cfd 67e20228 store 1 ,mem_app_evt_timer_count +4cfe 20404d51 call app_lpm_wake_auto_lock_timer +4cff 20404d12 call app_unsniff_delay_timer +4d00 20404d18 call app_discovery_timer +4d01 6fe441fe fetch 2 ,mem_cb_event_timer +4d02 20407d77 call callback_func +4d03 20204cfa branch app_evt_100ms_loop + +timer_single_step: +4d04 efe20013 ifetch 1 ,regc +4d05 207a0000 rtn blank +4d06 1fe0ffff pincrease -1 +4d07 e7e20013 istore 1 ,regc +4d08 247a0000 nrtn blank +4d09 1a427e00 copy regb ,pdata +4d0a 20207d77 branch callback_func + +timer_single_step_2b: +4d0b efe40013 ifetch 2 ,regc +4d0c 207a0000 rtn blank +4d0d 1fe0ffff pincrease -1 +4d0e e7e40013 istore 2 ,regc +4d0f 247a0000 nrtn blank +4d10 1a427e00 copy regb ,pdata +4d11 20207d77 branch callback_func + +app_unsniff_delay_timer: +4d12 da604204 arg mem_unsniff2sniff_timer_count ,regc +4d13 da404d15 arg app_unsniff_delay_timeout ,regb +4d14 20204d04 branch timer_single_step + +app_unsniff_delay_timeout: +4d15 2040424e call context_check_idle +4d16 2022cd89 branch app_bt_enter_sniff ,zero +4d17 20600000 rtn + +app_discovery_timer: +4d18 da60464e arg mem_discovery_timeout_timer_count ,regc +4d19 da404d1b arg app_discovery_timeout ,regb +4d1a 20204d0b branch timer_single_step_2b + +app_discovery_timeout: +4d1b 20404d6b call app_bt_stop_discovery +4d1c 20404d83 call app_led_off +4d1d 6fe441f8 fetch 2 ,mem_cb_discovry_timeout +4d1e 20207d77 branch callback_func + +app_bb_event_reconn_failed: +4d1f 20404d37 call app_disconn_reason_flag_clear + +app_clear_reconnect_flag: +4d20 6fe44652 fetch 2 ,mem_ui_state_map +4d21 793ffe07 set0 ui_state_bt_reconnect ,pdata +4d22 67e44652 store 2 ,mem_ui_state_map +4d23 20600000 rtn + +app_bb_event_bb_disconn: +4d24 70420400 jam 0 ,mem_unsniff2sniff_timer_count +4d25 6fe44652 fetch 2 ,mem_ui_state_map +4d26 c283cd29 bbit1 ui_state_bt_reconnect ,app_bb_event_bb_reconn_disconn +4d27 2fec0001 isolate0 ui_state_bt_setup_complete ,pdata +4d28 2040cc96 call app_discard_event ,true + +app_bb_event_bb_reconn_disconn: +4d29 44db4016 bpatch patch16_6 ,mem_patch16 +4d2a 6fe44652 fetch 2 ,mem_ui_state_map +4d2b 793ffe00 set0 ui_state_bt_connected ,pdata +4d2c 793ffe01 set0 ui_state_bt_setup_complete ,pdata +4d2d 793ffe02 set0 ui_state_bt_hid_conn ,pdata +4d2e 793ffe03 set0 ui_state_bt_hid_handshake ,pdata +4d2f 793ffe07 set0 ui_state_bt_reconnect ,pdata +4d30 67e44652 store 2 ,mem_ui_state_map +4d31 20204d93 branch app_lpm_mult_disable + +app_bb_hibernate: +4d32 20404d34 call app_disconn_reason_clear +4d33 20204d85 branch app_enter_hibernate + +app_disconn_reason_clear: +4d34 58000000 setarg 0 +4d35 67e44207 store app_disc_rsn_size ,mem_app_disconn_reason +4d36 20600000 rtn + +app_disconn_reason_flag_clear: +4d37 58000000 setarg 0 +4d38 67e44209 store app_disc_rsn_size ,mem_app_disconn_reason_flag +4d39 20600000 rtn + +app_disconn_reason_collect_bt: +4d3a 6fe44209 fetch app_disc_rsn_size ,mem_app_disconn_reason_flag +4d3b 67e44207 store app_disc_rsn_size ,mem_app_disconn_reason +4d3c 58000000 setarg 0 +4d3d 67e44209 store app_disc_rsn_size ,mem_app_disconn_reason_flag +4d3e 20600000 rtn + +app_disconn_reason_collect_ble: +4d3f 6fe44209 fetch app_disc_rsn_size ,mem_app_disconn_reason_flag +4d40 79207e07 set1 app_disc_ble ,pdata +4d41 67e44207 store app_disc_rsn_size ,mem_app_disconn_reason +4d42 58000000 setarg 0 +4d43 67e44209 store app_disc_rsn_size ,mem_app_disconn_reason_flag +4d44 20600000 rtn + +app_check_sniff: +4d45 6fe24652 fetch 1 ,mem_ui_state_map +4d46 2feffe05 isolate1 ui_state_bt_sniff ,pdata +4d47 20600000 rtn + +app_start_auto_sniff: +4d48 6fe2452c fetch 1 ,mem_unsniff2sniff_timer +4d49 67e24204 store 1 ,mem_unsniff2sniff_timer_count +4d4a 20600000 rtn + +app_get_lpm_wake_lock: +4d4b d8e00009 arg wake_lock_app ,queue +4d4c 20204bec branch lpm_get_wake_lock + +app_put_lpm_wake_lock: +4d4d d8e00009 arg wake_lock_app ,queue +4d4e 20204bf0 branch lpm_put_wake_lock + +app_lpm_wake_auto_lock: +4d4f 70420505 jam lpm_wake_up_delay_timer ,mem_wake_up_delay_timer +4d50 20204d4b branch app_get_lpm_wake_lock + +app_lpm_wake_auto_lock_timer: +4d51 da604205 arg mem_wake_up_delay_timer ,regc +4d52 da404d4d arg app_put_lpm_wake_lock ,regb +4d53 20204d04 branch timer_single_step + +app_l2cap_flow_control_enable: +4d54 70433501 jam l2cap_flow_ctrl_enable ,mem_l2cap_flow_ctrl_flag +4d55 20600000 rtn + +app_l2cap_flow_control_disable: +4d56 70433500 jam l2cap_flow_ctrl_disable ,mem_l2cap_flow_ctrl_flag +4d57 20600000 rtn + +app_bt_set_pincode: +4d58 700a950a jam bt_cmd_set_pin_code ,mem_fifo_temp +4d59 20207bb4 branch ui_ipc_send_cmd + +app_bt_role_switch: +4d5a 700a951d jam bt_cmd_role_switch ,mem_fifo_temp +4d5b 20207bb4 branch ui_ipc_send_cmd + +app_bt_start_reconnect: +4d5c 44dbc016 bpatch patch16_7 ,mem_patch16 +4d5d 6fe24206 fetch 1 ,mem_app_connection_options +4d5e 67e2016b store 1 ,mem_connection_options +4d5f 70022601 jam app_flag_reconnect ,mem_reconnect_flag +4d60 700a9503 jam bt_cmd_reconnect ,mem_fifo_temp +4d61 20207bb4 branch ui_ipc_send_cmd + +app_bt_reconnect_cancel: +4d62 700a951e jam bt_cmd_bb_reconn_cancel ,mem_fifo_temp +4d63 20207bb4 branch ui_ipc_send_cmd + +app_bt_disconnect: +4d64 700a9504 jam bt_cmd_disconnect ,mem_fifo_temp +4d65 20207bb4 branch ui_ipc_send_cmd + +app_bt_start_discovery_short: +4d66 6fe44655 fetch 2 ,mem_discovery_timeout +4d67 67e4464e store 2 ,mem_discovery_timeout_timer_count + +app_bt_start_discovery_led_blink: +4d68 20404d7f call app_led_start_blink + +app_bt_start_discovery: +4d69 700a9501 jam bt_cmd_start_discovery ,mem_fifo_temp +4d6a 20207bb4 branch ui_ipc_send_cmd + +app_bt_stop_discovery: +4d6b 58000000 setarg 0 +4d6c 67e4464e store 2 ,mem_discovery_timeout_timer_count +4d6d 700a9502 jam bt_cmd_stop_discovery ,mem_fifo_temp +4d6e 20207bb4 branch ui_ipc_send_cmd + +app_ble_start_direct_adv: +4d6f 700a950f jam bt_cmd_start_direct_adv ,mem_fifo_temp +4d70 20207bb4 branch ui_ipc_send_cmd + +app_ble_stop_direct_adv: +4d71 700a9510 jam bt_cmd_stop_direct_adv ,mem_fifo_temp +4d72 20207bb4 branch ui_ipc_send_cmd + +app_ble_stop_adv: +4d73 700a950e jam bt_cmd_stop_adv ,mem_fifo_temp +4d74 20207bb4 branch ui_ipc_send_cmd + +app_ble_start_adv: +4d75 700a950d jam bt_cmd_start_adv ,mem_fifo_temp +4d76 20207bb4 branch ui_ipc_send_cmd + +app_ble_start_scan: +4d77 700a9517 jam bt_cmd_le_start_scan ,mem_fifo_temp +4d78 20207bb4 branch ui_ipc_send_cmd + +app_ble_stop_scan: +4d79 700a9518 jam bt_cmd_le_stop_scan ,mem_fifo_temp +4d7a 20207bb4 branch ui_ipc_send_cmd + +app_ble_start_conn: +4d7b 700a9516 jam bt_cmd_le_start_conn ,mem_fifo_temp +4d7c 20207bb4 branch ui_ipc_send_cmd + +app_ble_disconnect: +4d7d 700a9511 jam bt_cmd_le_disconnect ,mem_fifo_temp +4d7e 20207bb4 branch ui_ipc_send_cmd + +app_led_start_blink: +4d7f 700a9515 jam bt_cmd_led_blink ,mem_fifo_temp +4d80 20207bb4 branch ui_ipc_send_cmd + +app_led_on: +4d81 700a9514 jam bt_cmd_led_on ,mem_fifo_temp +4d82 20207bb4 branch ui_ipc_send_cmd + +app_led_stop_blink: + +app_led_off: +4d83 700a9513 jam bt_cmd_led_off ,mem_fifo_temp +4d84 20207bb4 branch ui_ipc_send_cmd + +app_enter_hibernate: +4d85 700a9519 jam bt_cmd_enter_hibernate ,mem_fifo_temp +4d86 20207bb4 branch ui_ipc_send_cmd + +app_bt_sniff_exit: +4d87 700a9506 jam bt_cmd_exit_sniff ,mem_fifo_temp +4d88 20207bb4 branch ui_ipc_send_cmd + +app_bt_enter_sniff: +4d89 700a9505 jam bt_cmd_enter_sniff ,mem_fifo_temp +4d8a 20207bb4 branch ui_ipc_send_cmd + +app_ble_store_reconn_info: +4d8b 700a951f jam bt_cmd_store_reconn_info_le ,mem_fifo_temp +4d8c 20207bb4 branch ui_ipc_send_cmd + +app_bt_store_reconn_info: +4d8d 700a9520 jam bt_cmd_store_reconn_info_bt ,mem_fifo_temp +4d8e 20207bb4 branch ui_ipc_send_cmd + +app_store_reconn_info: +4d8f 700a9525 jam bt_cmd_store_reconn_info ,mem_fifo_temp +4d90 20207bb4 branch ui_ipc_send_cmd + +app_lpm_mult_enable: +4d91 7920000d set1 mark_lpm_mult_enable ,mark +4d92 20600000 rtn + +app_lpm_mult_disable: +4d93 793f800d set0 mark_lpm_mult_enable ,mark +4d94 20600000 rtn + +module_init: +4d95 20758000 rtn wake +4d96 20405b83 call le_modified_name +4d97 58004dda setarg module_process_idle +4d98 67e441f4 store 2 ,mem_cb_idle_process +4d99 58004dc5 setarg module_bt_conn_process +4d9a 67e441f2 store 2 ,mem_cb_bt_process +4d9b 58004dde setarg module_process_bb_event +4d9c 67e441f6 store 2 ,mem_cb_bb_event_process +4d9d 58004dc4 setarg module_le_conn_process +4d9e 67e441f0 store 2 ,mem_cb_le_process +4d9f 58004dbd setarg module_lpm_lock +4da0 67e441ea store 2 ,mem_cb_check_wakelock +4da1 58004ef4 setarg module_hci_cmd_transmit_le_notify +4da2 67e441fc store 2 ,mem_cb_ble_transmit +4da3 58005037 setarg module_hci_event_receive_spp_data +4da4 67e44541 store 2 ,mem_cb_receive_spp_data +4da5 580050ae setarg module_le_receive_data +4da6 67e441fa store 2 ,mem_cb_att_write +4da7 580050c3 setarg module_bb_event_timer +4da8 67e441fe store 2 ,mem_cb_event_timer +4da9 20404dd7 call module_spp_clear_last_transmite_clock +4daa 44dc4017 bpatch patch17_0 ,mem_patch17 +4dab 20404daf call module_lpm_uart_init +4dac 20404dbc call module_gpio_init +4dad 20404c2a call check_module_disabled +4dae 2020504d branch module_hci_event_enter_standby_mode + +module_lpm_uart_init: +4daf 6fe44ffa fetch 2 ,ipc_m02bt_end_addr +4db0 67e48046 store 2 ,core_sec_readdr +4db1 6fe44ff8 fetch 2 ,ipc_m02bt_start_addr +4db2 67e48044 store 2 ,core_sec_rsaddr +4db3 1fe20600 copy pdata ,contru +4db4 6fe44ff2 fetch 2 ,ipc_bt2m0_end_addr +4db5 67e4804a store 2 ,core_sec_teaddr +4db6 6fe44ff0 fetch 2 ,ipc_bt2m0_start_addr +4db7 67e48048 store 2 ,core_sec_tsaddr +4db8 1fe21400 copy pdata ,contwu +4db9 20600000 rtn + +module_lpm_init: +4dba 20404daf call module_lpm_uart_init +4dbb 20204dd7 branch module_spp_clear_last_transmite_clock + +module_gpio_init: +4dbc 20600000 rtn + +module_lpm_lock: +4dbd 6fe24fef fetch 1 ,ipc_hold_bt +4dbe c000cd4b beq 1 ,app_get_lpm_wake_lock +4dbf 6fe24496 fetch 1 ,mem_le_pairing_state +4dc0 c0804dc2 bne flag_le_pairing_null ,module_lpm_lock_check_pairing +4dc1 20204d4d branch app_put_lpm_wake_lock + +module_lpm_lock_check_pairing: +4dc2 c07fcd4d beq flag_le_pairing_end ,app_put_lpm_wake_lock +4dc3 20204d4b branch app_get_lpm_wake_lock + +module_le_conn_process: +4dc4 20600000 rtn + +module_bt_conn_process: +4dc5 20404dc7 call module_spp_enter_sniff +4dc6 202050d3 branch module_control_air_flow + +module_spp_enter_sniff: +4dc7 20600000 rtn +4dc8 6fe24652 fetch 1 ,mem_ui_state_map +4dc9 c3024dd7 bbit0 ui_state_bt_spp_conn ,module_spp_clear_last_transmite_clock +4dca 44dcc017 bpatch patch17_1 ,mem_patch17 +4dcb 58003eff setarg 0x3eff +4dcc 6848467f fetcht 4 ,mem_last_transmite_clock +4dcd 98408400 iadd temp ,temp +4dce 1c427e00 copy clkn_bt ,pdata +4dcf 98467c00 isub temp ,null +4dd0 24610000 nrtn positive +4dd1 6fe44652 fetch 2 ,mem_ui_state_map +4dd2 c282cdd7 bbit1 ui_state_bt_sniff ,module_spp_clear_last_transmite_clock +4dd3 6fe24679 fetch 1 ,mem_module_flag +4dd4 c3830000 rtnbit1 moudle_task_sniff +4dd5 204050d6 call module_set_sniff_task_flag +4dd6 20404d89 call app_bt_enter_sniff + +module_spp_clear_last_transmite_clock: +4dd7 1c427e00 copy clkn_bt ,pdata +4dd8 67e8467f store 4 ,mem_last_transmite_clock +4dd9 20600000 rtn + +module_process_idle: +4dda 204050d3 call module_control_air_flow +4ddb 20405648 call l2cap_malloc_is_fifo_full +4ddc 247a0000 nrtn blank +4ddd 20204e3d branch module_process + +module_process_bb_event: +4dde 1a627e00 copy regc ,pdata +4ddf c000ce2c beq bt_evt_bb_connected ,module_process_bb_conn +4de0 c0014dfb beq bt_evt_bb_disconnected ,module_process_bb_event_disconned +4de1 c0024e2f beq bt_evt_reconn_failed ,module_process_reconn_fail +4de2 c002ce1d beq bt_evt_setup_complete ,module_process_setup_complete +4de3 c0044e02 beq bt_evt_spp_connected ,module_process_spp_connected +4de4 c004ce08 beq bt_evt_spp_disconnected ,module_process_spp_disconnected +4de5 c0054e22 beq bt_evt_pincode_req ,module_process_evt_pincode_req +4de6 c005ce0d beq bt_evt_enter_sniff ,module_process_enter_sniff +4de7 c0064e1b beq bt_evt_exit_sniff ,module_process_exit_sniff +4de8 c009ce2f beq bt_evt_reconn_page_timeout ,module_process_page_time_out +4de9 c00a4e28 beq bt_evt_le_connected ,module_process_le_conn +4dea c00ace1f beq bt_evt_le_disconnected ,module_process_bb_even_le_disconn +4deb c010ce23 beq bt_evt_sniff_not_accept ,module_process_sniff_not_accept +4dec c011ce24 beq bt_evt_unsniff_accept ,module_process_unsniff_accept +4ded c0124e27 beq bt_evt_unsniff_not_accept ,module_process_unsniff_not_accept +4dee c0185088 beq bt_evt_le_pairing_fail ,module_hci_event_le_pairing_fail +4def c018d08a beq bt_evt_le_pairing_success ,module_hci_event_le_pairing_success +4df0 c0195098 beq bt_evt_le_start_enc ,module_hci_event_start_enc +4df1 c019d096 beq bt_evt_le_pause_enc ,module_hci_event_pause_enc +4df2 c01a5082 beq bt_evt_le_tk_generate ,module_hci_event_le_tk +4df3 c01ad078 beq bt_evt_bt_gkey_generate ,module_hci_event_gkey_generate +4df4 c01b5080 beq bt_evt_bt_get_passkey ,module_hci_event_passkey_entry_mode +4df5 c01bd08c beq bt_evt_bt_pairing_fail ,module_hci_event_bt_pairing_fail +4df6 c01c508e beq bt_evt_bt_pairing_success ,module_hci_event_bt_pairing_success +4df7 c01dd09f beq bt_evt_le_gkey_generate ,module_hci_event_le_gkey +4df8 c01ed06f beq bt_evt_store_nvram ,module_hci_event_store_device +4df9 c020ce30 beq bt_evt_le_ltk_lost ,module_process_ble_ltk_lost +4dfa 20600000 rtn + +module_process_bb_event_disconned: +4dfb 20404dd7 call module_spp_clear_last_transmite_clock +4dfc 6fe24637 fetch 1 ,mem_flag_pairing_state +4dfd 245a508c ncall module_hci_event_bt_pairing_fail ,blank +4dfe 20404e2f call module_disconn_start +4dff 6fe44652 fetch 2 ,mem_ui_state_map +4e00 c4020000 rtnbit0 ui_state_bt_spp_conn +4e01 20204e08 branch module_spp_disconnected + +module_process_spp_connected: +4e02 6fe44652 fetch 2 ,mem_ui_state_map +4e03 79207e04 set1 ui_state_bt_spp_conn ,pdata +4e04 67e44652 store 2 ,mem_ui_state_map +4e05 6fe2466d fetch 1 ,mem_module_spp_lpm_mult +4e06 67e24173 store 1 ,mem_lpm_mult +4e07 20205022 branch module_hci_event_spp_connect + +module_process_spp_disconnected: + +module_spp_disconnected: +4e08 6fe44652 fetch 2 ,mem_ui_state_map +4e09 c4020000 rtnbit0 ui_state_bt_spp_conn +4e0a 793ffe04 set0 ui_state_bt_spp_conn ,pdata +4e0b 67e44652 store 2 ,mem_ui_state_map +4e0c 20205026 branch module_hci_event_spp_disconnect + +module_process_enter_sniff: + +module_sniff_param_check: +4e0d 20404dd7 call module_spp_clear_last_transmite_clock +4e0e 6fe44042 fetch 2 ,mem_context + coffset_tsniff +4e0f 1fe37e00 rshift pdata ,pdata +4e10 684441e4 fetcht 2 ,mem_sniff_param_interval +4e11 98467c00 isub temp ,null +4e12 2422ce14 nbranch module_sniff_param_check_unsniff ,zero +4e13 20204d91 branch app_lpm_mult_enable + +module_sniff_param_check_unsniff: +4e14 6fe24679 fetch 1 ,mem_module_flag +4e15 c3828000 rtnbit1 moudle_task_unsniff +4e16 6fe44ffc fetch 2 ,ipc_m02bt_read_ptr +4e17 68444ffe fetcht 2 ,ipc_m02bt_write_ptr +4e18 98467c00 isub temp ,null +4e19 2442d0da ncall module_set_unsniff_task_flag ,zero +4e1a 20204d87 branch app_bt_sniff_exit + +module_process_exit_sniff: +4e1b 204050d8 call module_clear_sniff_task_flag +4e1c 20204d93 branch app_lpm_mult_disable + +module_process_setup_complete: +4e1d 20404dd7 call module_spp_clear_last_transmite_clock +4e1e 20204e32 branch module_conn_start + +module_process_bb_even_le_disconn: +4e1f 20405bf6 call le_clr_config_more_data +4e20 20404e2f call module_disconn_start +4e21 20205028 branch module_hci_event_le_disconnect + +module_process_evt_pincode_req: +4e22 20204d58 branch app_bt_set_pincode + +module_process_sniff_not_accept: +4e23 202050d8 branch module_clear_sniff_task_flag + +module_process_unsniff_accept: +4e24 6fe24679 fetch 1 ,mem_module_flag +4e25 c302cd89 bbit0 moudle_task_unsniff ,app_bt_enter_sniff +4e26 202050dc branch module_clear_unsniff_task_flag + +module_process_unsniff_not_accept: +4e27 202050dc branch module_clear_unsniff_task_flag + +module_process_le_conn: +4e28 20404e32 call module_conn_start +4e29 6fe2466e fetch 1 ,mem_module_le_lpm_mult +4e2a 67e24173 store 1 ,mem_lpm_mult +4e2b 20205024 branch module_hci_event_le_connect + +module_process_bb_conn: +4e2c 70463300 jam 0 ,mem_flag_mode_ssp_pin +4e2d 204050d8 call module_clear_sniff_task_flag +4e2e 202050dc branch module_clear_unsniff_task_flag + +module_process_page_time_out: + +module_process_reconn_fail: + +module_disconn_start: +4e2f 20204e8f branch module_start_adv_discovery_by_command + +module_process_ble_ltk_lost: +4e30 204060aa call le_send_reject_ind +4e31 20205ee2 branch le_send_smp_security_request + +module_conn_start: +4e32 20204e33 branch module_stop_adv_discovery + +module_stop_adv_discovery: +4e33 6fe2466c fetch 1 ,mem_module_state +4e34 2feffe00 isolate1 moudle_state_bt_bit ,pdata +4e35 2040cd6b call app_bt_stop_discovery ,true +4e36 6fe2466c fetch 1 ,mem_module_state +4e37 2feffe01 isolate1 moudle_state_ble_bit ,pdata +4e38 2040cd73 call app_ble_stop_adv ,true +4e39 20600000 rtn + +module_process_with_credit: +4e3a 6fe2453d fetch 1 ,mem_credit_flag +4e3b c1000000 rtneq credit_disable +4e3c 20206ae9 branch rfcomm_send_uih_without_payload + +module_process: +4e3d 6fe44ffc fetch 2 ,ipc_m02bt_read_ptr +4e3e 68444ffe fetcht 2 ,ipc_m02bt_write_ptr +4e3f 98467c00 isub temp ,null +4e40 2022ce3a branch module_process_with_credit ,zero +4e41 204067f7 call uartd_prepare_rx +4e42 efe20003 ifetch 1 ,contru +4e43 c080ce4e bne 0x01 ,module_hci_in_excp +4e44 efe20003 ifetch 1 ,contru +4e45 67e20aff store 1 ,mem_module_uart_opcode +4e46 e8420003 ifetcht 1 ,contru +4e47 18622200 copy contru ,rega +4e48 60420b00 storet 1 ,mem_module_uart_len +4e49 700b0101 jam hci_discard_packet ,mem_module_temp_nl_discard_packet +4e4a 20404e5a call module_hci_cmd_control +4e4b 6fe20b01 fetch 1 ,mem_module_temp_nl_discard_packet +4e4c c1000000 rtneq hci_not_discard_packet +4e4d 20204e55 branch module_hci_dicard_packet + +module_hci_in_excp: +4e4e 20407c9c call delay_10ms +4e4f 2040507e call module_hci_event_invalid_packet +4e50 20204e51 branch module_hci_release_except + +module_hci_release_except: +4e51 44dd4017 bpatch patch17_2 ,mem_patch17 +4e52 6fe44ffe fetch 2 ,ipc_m02bt_write_ptr +4e53 67e44ffc store 2 ,ipc_m02bt_read_ptr +4e54 20600000 rtn + +module_hci_dicard_packet: +4e55 204067f7 call uartd_prepare_rx +4e56 18608602 increase 2 ,contru +4e57 efe20003 ifetch 1 ,contru +4e58 98608600 iadd contru ,contru + +module_hci_dicard_bytes: +4e59 202067f3 branch uartd_rxdone + +module_hci_cmd_control: +4e5a 44ddc017 bpatch patch17_3 ,mem_patch17 +4e5b 6fe20aff fetch 1 ,mem_module_uart_opcode +4e5c c0004e7c beq hci_cmd_set_bt_addr_req ,module_hci_cmd_set_bt_addr +4e5d c000ce81 beq hci_cmd_set_le_addr_req ,module_hci_cmd_set_le_addr +4e5e c0014e86 beq hci_cmd_set_visibility_req ,module_hci_cmd_set_visibility +4e5f c001ce9c beq hci_cmd_set_bt_name_req ,module_hci_cmd_set_bt_name +4e60 c0024ea8 beq hci_cmd_set_le_name_req ,module_hci_cmd_set_le_name +4e61 c002ceb2 beq hci_cmd_spp_data_req ,module_hci_cmd_receive_spp_data +4e62 c004ced7 beq hci_cmd_le_data_req ,module_hci_cmd_receive_le_data +4e63 c005cf14 beq hci_cmd_status_irq ,module_hci_cmd_inquire_status +4e64 c0064f15 beq hci_cmd_set_pairing_req ,module_hci_cmd_set_pairing_mode +4e65 c006cf29 beq hci_cmd_set_pincode_req ,module_hci_cmd_set_pincode +4e66 c0084f31 beq hci_cmd_version_req ,module_hci_cmd_version_request +4e67 c008cf39 beq hci_cmd_bt_disconnect ,module_hci_cmd_bt_disconnect +4e68 c0094f3d beq hci_cmd_ble_disconnect ,module_hci_cmd_ble_disconnect +4e69 c0134f41 beq hci_cmd_set_nvram_req ,module_hci_cmd_set_nvram +4e6a c0144f48 beq hci_cmd_confirm_gkey ,module_hci_cmd_confirm_gkey +4e6b c014cf58 beq hci_cmd_set_credit_given ,module_hci_cmd_set_credit_given +4e6c c0154f61 beq hci_cmd_auto_adv_scan ,module_hci_cmd_auto_adv +4e6d c0184f94 beq hci_cmd_passkey_entry ,module_hci_cmd_passkey_entry +4e6e c019cf9a beq hci_cmd_le_set_pairing ,module_hci_cmd_le_set_pairing_mode +4e6f c01a4fbd beq hci_cmd_le_set_adv_data ,module_hci_cmd_le_set_adv_data +4e70 c01acfc6 beq hci_cmd_le_set_scan_data ,module_hci_cmd_le_set_scan_data +4e71 c01b4fcf beq hci_cmd_le_send_conn_update_req ,module_hci_cmd_le_send_conn_update_req +4e72 c01bcfd9 beq hci_cmd_le_set_adv_parm ,module_hci_cmd_set_le_adv_parameter +4e73 c01c4fdc beq hci_cmd_le_start_pairing ,module_hci_cmd_le_start_pairing +4e74 c0214fe4 beq hci_cmd_set_tx_power ,module_hci_cmd_set_tx_power +4e75 c0244fe9 beq hci_cmd_le_confirm_gkey ,module_hci_cmd_le_confirm_gkey +4e76 c024cff4 beq hci_cmd_reject_justwork ,module_hci_cmd_set_reject_justwork_flag +4e77 c028cffa beq hci_cmd_reset_chip_req ,module_hci_cmd_reset_chip +4e78 c030cffd beq hci_cmd_le_set_fixed_passkey ,module_hci_cmd_le_set_fixed_passkey +4e79 c07fd00c beq hci_test_cmd_close_lpm ,module_hci_test_cmde_close_lpm +4e7a c077500f beq hci_test_cmd_reback ,module_hci_test_cmd_reback +4e7b 2020501c branch module_hci_event_receive_invalid_cmd + +module_hci_cmd_set_bt_addr: +4e7c 6fe20b00 fetch 1 ,mem_module_uart_len +4e7d c083501c bne 6 ,module_hci_event_receive_invalid_cmd +4e7e efec0003 ifetch 6 ,contru +4e7f 67ec40a0 store 6 ,mem_lap +4e80 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_set_le_addr: +4e81 6fe20b00 fetch 1 ,mem_module_uart_len +4e82 c083501c bne 6 ,module_hci_event_receive_invalid_cmd +4e83 efec0003 ifetch 6 ,contru +4e84 67ec4472 store 6 ,mem_le_lap +4e85 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_set_visibility: +4e86 6fe20b00 fetch 1 ,mem_module_uart_len +4e87 c080d01c bne 1 ,module_hci_event_receive_invalid_cmd +4e88 1a220600 copy rega ,contru +4e89 2040501f call module_hci_event_receive_valid_cmd +4e8a e8420003 ifetcht 1 ,contru +4e8b 6042466f storet 1 ,mem_module_bluetooth_stauts_by_command +4e8c 6fe44652 fetch 2 ,mem_ui_state_map +4e8d c3848000 rtnbit1 ui_state_ble_connected +4e8e c3800000 rtnbit1 ui_state_bt_connected + +module_start_adv_discovery_by_command: +4e8f 6fe2466c fetch 1 ,mem_module_state +4e90 2feffe00 isolate1 moudle_state_bt_bit ,pdata +4e91 2420ce95 nbranch moudle_start_adv_by_command ,true +4e92 6842466f fetcht 1 ,mem_module_bluetooth_stauts_by_command +4e93 18417e03 and temp ,0x03 ,pdata +4e94 67e24093 store 1 ,mem_scan_mode + +moudle_start_adv_by_command: +4e95 6fe2466c fetch 1 ,mem_module_state +4e96 2feffe01 isolate1 moudle_state_ble_bit ,pdata +4e97 24608000 nrtn true +4e98 6842466f fetcht 1 ,mem_module_bluetooth_stauts_by_command +4e99 284ffe02 isolate1 2 ,temp +4e9a 2020cd75 branch app_ble_start_adv ,true +4e9b 20204d73 branch app_ble_stop_adv + +module_hci_cmd_set_bt_name: +4e9c 6fe20b00 fetch 1 ,mem_module_uart_len +4e9d 1fe67c43 sub pdata ,67 ,null +4e9e 2421501c nbranch module_hci_event_receive_invalid_cmd ,positive +4e9f 67e244e7 store 1 ,mem_local_name_length +4ea0 df200008 arg 8 ,loopcnt +4ea1 20407ca1 call memset0 +4ea2 6fe20b00 fetch 1 ,mem_module_uart_len +4ea3 1fe27200 copy pdata ,loopcnt +4ea4 1a220600 copy rega ,contru +4ea5 d8a044e8 arg mem_local_name ,contw +4ea6 204067da call uart_copy_rx_bytes_fast +4ea7 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_set_le_name: +4ea8 6fe20b00 fetch 1 ,mem_module_uart_len +4ea9 1fe67c1d sub pdata ,29 ,null +4eaa 2421501c nbranch module_hci_event_receive_invalid_cmd ,positive +4eab 67e24381 store 1 ,mem_le_name_len +4eac 1fe27200 copy pdata ,loopcnt +4ead 1a220600 copy rega ,contru +4eae d8a04382 arg mem_le_name ,contw +4eaf 204067da call uart_copy_rx_bytes_fast +4eb0 20405b83 call le_modified_name +4eb1 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_receive_spp_data: +4eb2 6fe24652 fetch 1 ,mem_ui_state_map +4eb3 c302501c bbit0 ui_state_bt_spp_conn ,module_hci_event_receive_invalid_cmd +4eb4 20404d45 call app_check_sniff +4eb5 2020cec3 branch module_hci_cmd_spp_exit_sniff ,true +4eb6 700b0100 jam hci_not_discard_packet ,mem_module_temp_nl_discard_packet +4eb7 20404dd7 call module_spp_clear_last_transmite_clock +4eb8 6fe2453a fetch 1 ,mem_remote_credits +4eb9 207a0000 rtn blank +4eba 6fe44545 fetch 2 ,mem_nl_rx_len_all +4ebb c0804ec1 bne 0 ,module_hci_cmd_pass_init_ng_rx_len_all +4ebc 6fe20b00 fetch 1 ,mem_module_uart_len +4ebd 67e44545 store 2 ,mem_nl_rx_len_all +4ebe 1a220600 copy rega ,contru +4ebf 18627e00 copy contru ,pdata +4ec0 67e44543 store 2 ,mem_nl_rx_data_src + +module_hci_cmd_pass_init_ng_rx_len_all: +4ec1 20404ec5 call module_hci_cmd_get_current_packet_len_and_remain_len +4ec2 20206b0c branch spp_tx_rfcomm_packet + +module_hci_cmd_spp_exit_sniff: +4ec3 700b0100 jam hci_not_discard_packet ,mem_module_temp_nl_discard_packet +4ec4 202050bd branch module_exit_sniff + +module_hci_cmd_get_current_packet_len_and_remain_len: +4ec5 20404ecb call module_hci_cmd_get_current_patcket_len +4ec6 6fe44545 fetch 2 ,mem_nl_rx_len_all +4ec7 6844466a fetcht 2 ,mem_current_packet_length +4ec8 98467e00 isub temp ,pdata +4ec9 67e44545 store 2 ,mem_nl_rx_len_all +4eca 20600000 rtn + +module_hci_cmd_get_current_patcket_len: +4ecb 6fe44545 fetch 2 ,mem_nl_rx_len_all +4ecc d84000e6 arg nl_rfcomm_buff_len ,temp +4ecd 20407db5 call not_greater_than +4ece 6844453e fetcht 2 ,mem_rfcomm_max_frame_size +4ecf 20407db5 call not_greater_than +4ed0 68444530 fetcht 2 ,mem_pn_max_frame_size +4ed1 20407db5 call not_greater_than +4ed2 67e4466a store 2 ,mem_current_packet_length +4ed3 20600000 rtn + +module_hci_command_tx_spp_tx_complete: +4ed4 700b0101 jam hci_discard_packet ,mem_module_temp_nl_discard_packet +4ed5 700aff05 jam hci_cmd_spp_data_req ,mem_module_uart_opcode +4ed6 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_receive_le_data: +4ed7 6fe44652 fetch 2 ,mem_ui_state_map +4ed8 c304d01c bbit0 ui_state_ble_connected ,module_hci_event_receive_invalid_cmd +4ed9 20404f11 call module_check_ble_encrypt_state +4eda 2034501c branch module_hci_event_receive_invalid_cmd ,user +4edb 700b0100 jam hci_not_discard_packet ,mem_module_temp_nl_discard_packet +4edc 6fe24679 fetch 1 ,mem_module_flag +4edd c2824ef1 bbit1 module_flag_ble_data_finish ,module_hci_cmd_receive_le_data_finish +4ede 6fe2467a fetch 1 ,mem_module_hci_notify_len +4edf 247a0000 nrtn blank +4ee0 700b0101 jam hci_discard_packet ,mem_module_temp_nl_discard_packet +4ee1 efe40003 ifetch 2 ,contru +4ee2 67e4467b store 2 ,mem_module_hci_notify_handle +4ee3 18627e00 copy contru ,pdata +4ee4 67e4467d store 2 ,mem_module_hci_nofiy_addr +4ee5 6fe20b00 fetch 1 ,mem_module_uart_len +4ee6 1fe0fffe pincrease -2 +4ee7 2421501c nbranch module_hci_event_receive_invalid_cmd ,positive +4ee8 2022d01c branch module_hci_event_receive_invalid_cmd ,zero +4ee9 67e2467a store 1 ,mem_module_hci_notify_len +4eea 700b0100 jam hci_not_discard_packet ,mem_module_temp_nl_discard_packet +4eeb 20405bf4 call le_set_config_more_data +4eec 20404ef4 call module_hci_cmd_transmit_le_notify +4eed 20404ef4 call module_hci_cmd_transmit_le_notify +4eee 20404ef4 call module_hci_cmd_transmit_le_notify +4eef 6fe24679 fetch 1 ,mem_module_flag +4ef0 c4020000 rtnbit0 module_flag_ble_data_finish + +module_hci_cmd_receive_le_data_finish: +4ef1 700b0101 jam hci_discard_packet ,mem_module_temp_nl_discard_packet +4ef2 204050e0 call module_clear_le_tx_data_flag +4ef3 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_transmit_le_notify: +4ef4 6fe2467a fetch 1 ,mem_module_hci_notify_len +4ef5 207a0000 rtn blank +4ef6 20405c72 call le_fifo_check_nearly_full +4ef7 247a0000 nrtn blank +4ef8 20404f0c call module_get_le_remote_mtu +4ef9 44de4017 bpatch patch17_4 ,mem_patch17 +4efa 1840fffd add temp ,-3 ,pdata +4efb 6842467a fetcht 1 ,mem_module_hci_notify_len +4efc 20407db5 call not_greater_than +4efd 1fe22200 copy pdata ,rega +4efe 18427e00 copy temp ,pdata +4eff 9a267e00 isub rega ,pdata +4f00 67e2467a store 1 ,mem_module_hci_notify_len +4f01 6844467b fetcht 2 ,mem_module_hci_notify_handle +4f02 20405e44 call le_att_malloc_tx_notify +4f03 6fe4467d fetch 2 ,mem_module_hci_nofiy_addr +4f04 1fe20600 copy pdata ,contru +4f05 1a227200 copy rega ,loopcnt +4f06 204067da call uart_copy_rx_bytes_fast +4f07 18627e00 copy contru ,pdata +4f08 67e4467d store 2 ,mem_module_hci_nofiy_addr +4f09 6fe2467a fetch 1 ,mem_module_hci_notify_len +4f0a 247a0000 nrtn blank +4f0b 202050de branch module_set_le_tx_data_flag + +module_get_le_remote_mtu: +4f0c d8400017 arg 0x17 ,temp +4f0d 6fe24679 fetch 1 ,mem_module_flag +4f0e c3808000 rtnbit1 module_flag_ble_send_mtu23 +4f0f 6844447a fetcht 2 ,mem_le_remote_mtu +4f10 20600000 rtn + +module_check_ble_encrypt_state: +4f11 6fe24679 fetch 1 ,mem_module_flag +4f12 c2815e22 bbit1 module_flag_ble_data_encrypt ,le_check_encrypt_state +4f13 20207dc1 branch disable_user + +module_hci_cmd_inquire_status: +4f14 20205051 branch module_hci_event_status_res + +module_hci_cmd_set_pairing_mode: +4f15 1a220600 copy rega ,contru +4f16 efe20003 ifetch 1 ,contru +4f17 c0004f1c beq pairing_pincode ,module_hci_pairing_pincode_mode +4f18 c000cf1f beq pairing_justwork ,module_hci_pairing_just_work_mode +4f19 c0014f25 beq pairing_passkey ,module_hci_pairing_passkey +4f1a c001cf27 beq pairing_confirm ,module_hci_pairing_numeric_comparison +4f1b 2020501c branch module_hci_event_receive_invalid_cmd + +module_hci_pairing_pincode_mode: +4f1c 2040650d call ssp_disable +4f1d 70462c00 jam 0 ,mem_ssp_enable +4f1e 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_pairing_just_work_mode: +4f1f 58040003 setarg ssp_mode_just_work_io_cap_data + +module_hci_sspairing_mode: +4f20 67e6462d store 3 ,mem_sp_iocap_local +4f21 67e24634 store 1 ,mem_ssp_mode_flag +4f22 20406506 call ssp_enable +4f23 70462c01 jam 1 ,mem_ssp_enable +4f24 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_pairing_passkey: +4f25 58040002 setarg ssp_mode_passkey_io_cap_data +4f26 20204f20 branch module_hci_sspairing_mode + +module_hci_pairing_numeric_comparison: +4f27 58040001 setarg ssp_mode_ssp_pin_io_cap_data +4f28 20204f20 branch module_hci_sspairing_mode + +module_hci_cmd_set_pincode: +4f29 6fe20b00 fetch 1 ,mem_module_uart_len +4f2a 1fe67c10 sub pdata ,16 ,null +4f2b 2421501c nbranch module_hci_event_receive_invalid_cmd ,positive +4f2c 67e24657 store 1 ,mem_pin_length +4f2d 1fe27200 copy pdata ,loopcnt +4f2e d8a04658 arg mem_pin ,contw +4f2f 204067ed call uart_copy_rx_bytes +4f30 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_version_request: +4f31 da200002 arg 2 ,rega +4f32 da404668 arg mem_soft_version_num ,regb +4f33 d8400000 arg 0 ,temp +4f34 2020502a branch module_hci_event_set_cmd + +module_hci_event_set_cmd_send_response: +4f35 67e40abe store 2 ,mem_event_cmd_response_content +4f36 da400abe arg mem_event_cmd_response_content ,regb +4f37 d8400000 arg 0 ,temp +4f38 2020502a branch module_hci_event_set_cmd + +module_hci_cmd_bt_disconnect: +4f39 6fe44652 fetch 2 ,mem_ui_state_map +4f3a c300501c bbit0 ui_state_bt_connected ,module_hci_event_receive_invalid_cmd + +module_hci_cmd_bt_disconnect_doing: +4f3b 2040501f call module_hci_event_receive_valid_cmd +4f3c 20204d64 branch app_bt_disconnect + +module_hci_cmd_ble_disconnect: +4f3d 6fe44652 fetch 2 ,mem_ui_state_map +4f3e c304d01c bbit0 ui_state_ble_connected ,module_hci_event_receive_invalid_cmd + +module_hci_cmd_ble_disconnect_doing: +4f3f 2040501f call module_hci_event_receive_valid_cmd +4f40 20204d7d branch app_ble_disconnect + +module_hci_cmd_set_nvram: +4f41 6fe20b00 fetch 1 ,mem_module_uart_len +4f42 1fe27200 copy pdata ,loopcnt +4f43 1a220600 copy rega ,contru +4f44 6fe44214 fetch 2 ,mem_nv_data_ptr +4f45 1fe20a00 icopy contw +4f46 204067da call uart_copy_rx_bytes_fast +4f47 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_confirm_gkey: +4f48 6fe24652 fetch 1 ,mem_ui_state_map +4f49 c300501c bbit0 ui_state_bt_connected ,module_hci_event_receive_invalid_cmd +4f4a efe20003 ifetch 1 ,contru +4f4b 68424633 fetcht 1 ,mem_flag_mode_ssp_pin +4f4c 793a0400 setflag blank ,flag_mode_ssp_pin_comparison_result_bit ,temp +4f4d 79200407 set1 flag_mode_ssp_pin_reviceve_comparison_bit ,temp +4f4e 60424633 storet 1 ,mem_flag_mode_ssp_pin +4f4f 2040501f call module_hci_event_receive_valid_cmd +4f50 6fe24633 fetch 1 ,mem_flag_mode_ssp_pin +4f51 c2834f56 bbit1 flag_mode_ssp_pin_recieve_dhkey_bit ,module_hci_cmd_spp_number_comparison_result_is1 +4f52 20600000 rtn + +dhkey_not_accept: +4f53 70463300 jam 0 ,mem_flag_mode_ssp_pin +4f54 700a9521 jam bt_cmd_dhkey_not_accept ,mem_fifo_temp +4f55 20207bb4 branch ui_ipc_send_cmd + +module_hci_cmd_spp_number_comparison_result_is1: +4f56 c2806377 bbit1 flag_mode_ssp_pin_comparison_result_bit ,number_comparison_successed +4f57 20204f53 branch dhkey_not_accept + +module_hci_cmd_set_credit_given: +4f58 6fe24652 fetch 1 ,mem_ui_state_map +4f59 c4020000 rtnbit0 ui_state_bt_spp_conn +4f5a 6fe2453d fetch 1 ,mem_credit_flag +4f5b c1000000 rtneq credit_disable +4f5c efe20003 ifetch 1 ,contru +4f5d 6842453b fetcht 1 ,mem_credit_given +4f5e 98408400 iadd temp ,temp +4f5f 6042453b storet 1 ,mem_credit_given +4f60 20600000 rtn + +module_hci_cmd_auto_adv: +4f61 df200040 arg 0x40 ,loopcnt +4f62 d8a04341 arg mem_le_adv_data_len ,contw +4f63 20407caf call clear_mem +4f64 58000000 setarg 0 +4f65 67e20aae store 1 ,mem_regb +4f66 1a220600 copy rega ,contru + +module_hci_cmd_auto_adv_loop: +4f67 18627e00 copy contru ,pdata +4f68 67e40ab2 store 2 ,mem_regc +4f69 20404f8f call module_hci_cmd_auto_adv_adv_analys +4f6a 6fe20aae fetch 1 ,mem_regb +4f6b 68420a9e fetcht 1 ,mem_temp +4f6c 18408401 increase 1 ,temp +4f6d 9840fe00 iadd temp ,pdata +4f6e 67e20aae store 1 ,mem_regb +4f6f 1fe67c1f sub pdata ,31 ,null +4f70 24214f7b nbranch module_hci_cmd_auto_adv_store_scan ,positive + +module_hci_cmd_auto_adv_store_adv: +4f71 68424341 fetcht 1 ,mem_le_adv_data_len +4f72 58004342 setarg mem_le_adv_data +4f73 9840fe00 iadd temp ,pdata +4f74 67e40ab7 store 2 ,mem_contw +4f75 68420a9e fetcht 1 ,mem_temp +4f76 18408401 increase 1 ,temp +4f77 6fe24341 fetch 1 ,mem_le_adv_data_len +4f78 9840fe00 iadd temp ,pdata +4f79 67e24341 store 1 ,mem_le_adv_data_len +4f7a 20204f84 branch module_hci_cmd_auto_adv_store_common + +module_hci_cmd_auto_adv_store_scan: +4f7b 68424361 fetcht 1 ,mem_le_scan_data_len +4f7c 58004362 setarg mem_le_scan_data +4f7d 9840fe00 iadd temp ,pdata +4f7e 67e40ab7 store 2 ,mem_contw +4f7f 68420a9e fetcht 1 ,mem_temp +4f80 18408401 increase 1 ,temp +4f81 6fe24361 fetch 1 ,mem_le_scan_data_len +4f82 9840fe00 iadd temp ,pdata +4f83 67e24361 store 1 ,mem_le_scan_data_len + +module_hci_cmd_auto_adv_store_common: +4f84 6fe40ab7 fetch 2 ,mem_contw +4f85 1fe20a00 copy pdata ,contw +4f86 6fe40ab2 fetch 2 ,mem_regc +4f87 1fe20600 copy pdata ,contru +4f88 18427200 copy temp ,loopcnt +4f89 204067da call uart_copy_rx_bytes_fast +4f8a 6fe20b00 fetch 1 ,mem_module_uart_len +4f8b 68420aae fetcht 1 ,mem_regb +4f8c 98467c00 isub temp ,null +4f8d 2422cf67 nbranch module_hci_cmd_auto_adv_loop ,zero +4f8e 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_auto_adv_adv_analys: +4f8f efe20003 ifetch 1 ,contru +4f90 67e20a9e store 1 ,mem_temp +4f91 efe20003 ifetch 1 ,contru +4f92 67e20aaa store 1 ,mem_rega +4f93 20600000 rtn + +module_hci_cmd_passkey_entry: +4f94 efe80003 ifetch 4 ,contru +4f95 67e84658 store 4 ,mem_pin +4f96 70465704 jam 4 ,mem_pin_length +4f97 70463500 jam 0 ,mem_authentication_passkey_times +4f98 2040501f call module_hci_event_receive_valid_cmd +4f99 20206313 branch authentication_passkey + +module_hci_cmd_le_set_pairing_mode: +4f9a 1a220600 copy rega ,contru +4f9b efe20003 ifetch 1 ,contru +4f9c 1fe20400 copy pdata ,temp +4f9d c040cfa5 beq le_pairing_mode_secure_connect_justwork ,module_le_set_pairing_mode_secure_justwork +4f9e c0414faa beq le_pairing_mode_secure_connect_numeric ,module_le_set_pairing_mode_secure_numeric +4f9f c041cfb0 beq le_pairing_mode_secure_connect_passkey ,module_le_set_pairing_mode_secure_passkey +4fa0 67e24498 store 1 ,mem_le_pairing_mode +4fa1 c0004fb5 beq le_pairing_mode_none ,module_le_set_no_pairing +4fa2 c000cfb8 beq le_pairing_mode_lagacy_justwork ,module_le_set_pairing_mode_lagacy_just_work +4fa3 c0014fba beq le_pairing_mode_lagacy_passkey ,module_le_set_pairing_mode_lagacy_passkey +4fa4 2020501c branch module_hci_event_receive_invalid_cmd + +module_le_set_pairing_mode_secure_justwork: +4fa5 6fe24490 fetch 1 ,mem_le_secure_connect_enable +4fa6 203a501c branch module_hci_event_receive_invalid_cmd ,blank +4fa7 60424498 storet 1 ,mem_le_pairing_mode +4fa8 7044280d jam flag_le_bonding_mitm_secure ,mem_le_pres_auth +4fa9 20204fb6 branch module_le_set_noinputnooutput + +module_le_set_pairing_mode_secure_numeric: +4faa 6fe24490 fetch 1 ,mem_le_secure_connect_enable +4fab 203a501c branch module_hci_event_receive_invalid_cmd ,blank +4fac 60424498 storet 1 ,mem_le_pairing_mode +4fad 7044280d jam flag_le_bonding_mitm_secure ,mem_le_pres_auth +4fae 70442601 jam flag_iocap_displayyesno ,mem_le_pres_iocap +4faf 2020501f branch module_hci_event_receive_valid_cmd + +module_le_set_pairing_mode_secure_passkey: +4fb0 6fe24490 fetch 1 ,mem_le_secure_connect_enable +4fb1 203a501c branch module_hci_event_receive_invalid_cmd ,blank +4fb2 60424498 storet 1 ,mem_le_pairing_mode +4fb3 7044280d jam flag_le_bonding_mitm_secure ,mem_le_pres_auth +4fb4 20204fbb branch module_le_set_displayonly + +module_le_set_no_pairing: +4fb5 70442800 jam flag_le_no_bonding_no_mitm ,mem_le_pres_auth + +module_le_set_noinputnooutput: +4fb6 70442603 jam flag_iocap_noinputnooutput ,mem_le_pres_iocap +4fb7 2020501f branch module_hci_event_receive_valid_cmd + +module_le_set_pairing_mode_lagacy_just_work: +4fb8 70442805 jam flag_le_bonding_mitm ,mem_le_pres_auth +4fb9 20204fb6 branch module_le_set_noinputnooutput + +module_le_set_pairing_mode_lagacy_passkey: +4fba 70442805 jam flag_le_bonding_mitm ,mem_le_pres_auth + +module_le_set_displayonly: +4fbb 70442600 jam flag_iocap_displayonly ,mem_le_pres_iocap +4fbc 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_le_set_adv_data: +4fbd 6fe20b00 fetch 1 ,mem_module_uart_len +4fbe 1fe67c1f sub pdata ,31 ,null +4fbf 2421501c nbranch module_hci_event_receive_invalid_cmd ,positive +4fc0 67e24341 store 1 ,mem_le_adv_data_len +4fc1 1fe27200 copy pdata ,loopcnt +4fc2 1a220600 copy rega ,contru +4fc3 d8a04342 arg mem_le_adv_data ,contw +4fc4 204067da call uart_copy_rx_bytes_fast +4fc5 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_le_set_scan_data: +4fc6 6fe20b00 fetch 1 ,mem_module_uart_len +4fc7 1fe67c1f sub pdata ,31 ,null +4fc8 2421501c nbranch module_hci_event_receive_invalid_cmd ,positive +4fc9 67e24361 store 1 ,mem_le_scan_data_len +4fca 1fe27200 copy pdata ,loopcnt +4fcb 1a220600 copy rega ,contru +4fcc d8a04362 arg mem_le_scan_data ,contw +4fcd 204067da call uart_copy_rx_bytes_fast +4fce 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_le_send_conn_update_req: +4fcf 6fe44652 fetch 2 ,mem_ui_state_map +4fd0 c304d01c bbit0 ui_state_ble_connected ,module_hci_event_receive_invalid_cmd +4fd1 6fe20b00 fetch 1 ,mem_module_uart_len +4fd2 c084501c bne 0x08 ,module_hci_event_receive_invalid_cmd +4fd3 1a220600 copy rega ,contru +4fd4 eff00003 ifetch 8 ,contru +4fd5 67f04468 store 8 ,mem_le_interval_min +4fd6 700a9512 jam bt_cmd_le_update_conn ,mem_fifo_temp +4fd7 20407bb4 call ui_ipc_send_cmd +4fd8 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_set_le_adv_parameter: +4fd9 efe40003 ifetch 2 ,contru +4fda 67e44454 store 2 ,mem_le_adv_interval +4fdb 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_le_start_pairing: +4fdc 6fe24498 fetch 1 ,mem_le_pairing_mode +4fdd 203a501c branch module_hci_event_receive_invalid_cmd ,blank +4fde 6fe24496 fetch 1 ,mem_le_pairing_state +4fdf c080501c bne flag_le_pairing_null ,module_hci_event_receive_invalid_cmd +4fe0 6fe24497 fetch 1 ,mem_le_enc_state +4fe1 c080501c bne flag_le_enc_null ,module_hci_event_receive_invalid_cmd +4fe2 20407c3d call check_51cmd_le_smp_sec_req +4fe3 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_set_tx_power: +4fe4 6fe20b00 fetch 1 ,mem_module_uart_len +4fe5 c080d01c bne 0x01 ,module_hci_event_receive_invalid_cmd +4fe6 efe20003 ifetch 1 ,contru +4fe7 67e241df store 1 ,mem_tx_power +4fe8 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_le_confirm_gkey: +4fe9 efe20003 ifetch 1 ,contru +4fea c000cff2 beq 0x01 ,module_hci_cmd_le_confirm_gkey_fail +4feb 6fe24493 fetch 1 ,mem_le_secure_connect_state +4fec c001cff0 beq le_sc_stat_send_public_key ,module_hci_cmd_le_confirm_gkey_ok +4fed c0034ff0 beq le_sc_stat_receive_dhkey ,module_hci_cmd_le_confirm_gkey_ok +4fee c003cff0 beq le_sc_stat_wait_confirm_gkey ,module_hci_cmd_le_confirm_gkey_ok +4fef 2020501c branch module_hci_event_receive_invalid_cmd + +module_hci_cmd_le_confirm_gkey_ok: +4ff0 70449401 jam flag_le_sc_confrim_gkey_ok ,mem_le_sc_confirm_gkey_flag +4ff1 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_le_confirm_gkey_fail: +4ff2 20405f33 call le_send_pairing_confirm_value_failed +4ff3 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_set_reject_justwork_flag: +4ff4 6fe20b00 fetch 1 ,mem_module_uart_len +4ff5 c080d01c bne 0x01 ,module_hci_event_receive_invalid_cmd +4ff6 2040501f call module_hci_event_receive_valid_cmd +4ff7 efe20003 ifetch 1 ,contru +4ff8 203a64ad branch classic_bt_clr_reject_justwork_flag ,blank +4ff9 202064ab branch classic_bt_set_reject_justwork_flag + +module_hci_cmd_reset_chip: +4ffa 2040501f call module_hci_event_receive_valid_cmd +4ffb 70801001 hjam 0x01 ,core_reset +4ffc 20204a8d branch loop + +module_hci_cmd_le_set_fixed_passkey: +4ffd 6fe20b00 fetch 1 ,mem_module_uart_len +4ffe c000501c beq 0 ,module_hci_event_receive_invalid_cmd +4fff efe20003 ifetch 1 ,contru +5000 203a500a branch module_hci_cmd_le_set_random_passkey ,blank +5001 6fe20b00 fetch 1 ,mem_module_uart_len +5002 c082d01c bne 5 ,module_hci_event_receive_invalid_cmd +5003 efe80003 ifetch 4 ,contru +5004 d84f4240 arg 1000000 ,temp +5005 98467c00 isub temp ,null +5006 2021501c branch module_hci_event_receive_invalid_cmd ,positive +5007 67e84499 store 4 ,mem_le_tk +5008 20405bec call le_set_config_fixed_tk +5009 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_cmd_le_set_random_passkey: +500a 20405bee call le_clr_config_fixed_tk +500b 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_test_cmde_close_lpm: +500c efe20003 ifetch 1 ,contru +500d 67e24091 store 1 ,mem_lpm_mode +500e 2020501f branch module_hci_event_receive_valid_cmd + +module_hci_test_cmd_reback: +500f 6fe20b00 fetch 1 ,mem_module_uart_len +5010 204050a5 call module_hci_prepare_tx +5011 6fe20b00 fetch 1 ,mem_module_uart_len +5012 1fe27200 copy pdata ,loopcnt +5013 1a220600 copy rega ,contru +5014 20405016 call copy_tx_bytes +5015 202067b9 branch uartd_send + +copy_tx_bytes: +5016 1f227e00 deposit loopcnt +5017 207a0000 rtn blank + +copy_tx_bytes_loop: +5018 efe20003 ifetch 1 ,contru +5019 e7e2000a istore 1 ,contwu +501a c2005018 loop copy_tx_bytes_loop +501b 20600000 rtn + +module_hci_event_receive_invalid_cmd: +501c d8400001 arg 1 ,temp +501d da200000 arg 0 ,rega +501e 2020502a branch module_hci_event_set_cmd + +module_hci_event_receive_valid_cmd: +501f d8400000 arg 0 ,temp +5020 da200000 arg 0 ,rega +5021 2020502a branch module_hci_event_set_cmd + +module_hci_event_spp_connect: +5022 700aff00 jam hci_event_spp_conn_rep ,mem_module_uart_opcode +5023 2020504e branch module_hci_event_enter_standby_mode_len0 + +module_hci_event_le_connect: +5024 700aff02 jam hci_event_le_conn_rep ,mem_module_uart_opcode +5025 2020504e branch module_hci_event_enter_standby_mode_len0 + +module_hci_event_spp_disconnect: +5026 700aff03 jam hci_event_spp_dis_rep ,mem_module_uart_opcode +5027 2020504e branch module_hci_event_enter_standby_mode_len0 + +module_hci_event_le_disconnect: +5028 700aff05 jam hci_event_le_dis_rep ,mem_module_uart_opcode +5029 2020504e branch module_hci_event_enter_standby_mode_len0 + +module_hci_event_set_cmd: +502a 6fe20aff fetch 1 ,mem_module_uart_opcode +502b 1fe22600 copy pdata ,regc +502c 700aff06 jam hci_event_cmd_res ,mem_module_uart_opcode +502d 58000002 setarg 2 +502e 9a20fe00 iadd rega ,pdata +502f 204050a5 call module_hci_prepare_tx +5030 1a627e00 copy regc ,pdata +5031 e7e2000a istore 1 ,contwu +5032 e042000a istoret 1 ,contwu +5033 1a227200 copy rega ,loopcnt +5034 1a420c00 copy regb ,contr +5035 204067d4 call uart_copy_tx_bytes +5036 202067b9 branch uartd_send + +module_hci_event_receive_spp_data: +5037 20404dd7 call module_spp_clear_last_transmite_clock +5038 700aff07 jam hci_event_spp_data_rep ,mem_module_uart_opcode +5039 6fe204fb fetch 1 ,mem_current_length +503a 207a0000 rtn blank +503b 204050a5 call module_hci_prepare_tx +503c 6fe204fb fetch 1 ,mem_current_length +503d 1fe27200 copy pdata ,loopcnt +503e 6fe404fd fetch 2 ,mem_rfcomm_uih_payload_ptr +503f 1fe20c00 copy pdata ,contr +5040 204067c1 call uart_copy_tx_bytes_fast +5041 202067b9 branch uartd_send + +module_hci_event_receive_le_data: +5042 700aff08 jam hci_event_le_data_rep ,mem_module_uart_opcode +5043 6fe24670 fetch 1 ,mem_module_le_rx_data_len +5044 1fe27200 icopy loopcnt +5045 1fe0fe02 increase 2 ,pdata +5046 204050a5 call module_hci_prepare_tx +5047 6fe44673 fetch 2 ,mem_module_le_rx_data_handle +5048 e7e4000a istore 2 ,contwu +5049 6fe44671 fetch 2 ,mem_module_le_rx_data_address +504a 1fe20c00 icopy contr +504b 204067c1 call uart_copy_tx_bytes_fast +504c 202067b9 branch uartd_send + +module_hci_event_enter_standby_mode: +504d 700aff09 jam hci_event_standby_rep ,mem_module_uart_opcode + +module_hci_event_enter_standby_mode_len0: +504e 58000000 setarg 0 +504f 204050a5 call module_hci_prepare_tx +5050 202067b9 branch uartd_send + +module_hci_event_status_res: +5051 700aff0a jam hci_event_status_res ,mem_module_uart_opcode +5052 58000001 setarg 1 +5053 204050a5 call module_hci_prepare_tx +5054 20405062 call module_hci_read_bt_status +5055 6fe44652 fetch 2 ,mem_ui_state_map +5056 d8e00002 arg ui_state_bt_hid_conn ,queue +5057 afefffff qisolate1 pdata +5058 79208403 setflag true ,3 ,temp +5059 d8e00009 arg ui_state_ble_connected ,queue +505a afefffff qisolate1 pdata +505b 79208405 setflag true ,5 ,temp +505c 6fe24652 fetch 1 ,mem_ui_state_map +505d d8e00004 arg ui_state_bt_spp_conn ,queue +505e afefffff qisolate1 pdata +505f 79208404 setflag true ,4 ,temp +5060 e042000a istoret 1 ,contwu +5061 202067b9 branch uartd_send + +module_hci_read_bt_status: +5062 d8400000 arg 0 ,temp +5063 6fe24093 fetch 1 ,mem_scan_mode +5064 d8e00000 arg inq_scan_mode ,queue +5065 afefffff qisolate1 pdata +5066 79208400 setflag true ,0 ,temp +5067 d8e00001 arg page_scan_mode ,queue +5068 afefffff qisolate1 pdata +5069 79208401 setflag true ,1 ,temp +506a 6fe24340 fetch 1 ,mem_le_adv_enable +506b d8e00000 arg 0 ,queue +506c afefffff qisolate1 pdata +506d 79208402 setflag true ,2 ,temp +506e 20600000 rtn + +module_hci_event_store_device: +506f 700aff0d jam hci_event_nvram_rep ,mem_module_uart_opcode +5070 6fe24216 fetch 1 ,mem_nv_data_number +5071 1feffe22 mul32 pdata ,34 ,pdata +5072 1fe27200 icopy loopcnt +5073 204050a5 call module_hci_prepare_tx +5074 6fe44214 fetch 2 ,mem_nv_data_ptr +5075 1fe20c00 icopy contr +5076 204067c1 call uart_copy_tx_bytes_fast +5077 202067b9 branch uartd_send + +module_hci_event_gkey_generate: +5078 700aff0e jam hci_event_gkey ,mem_module_uart_opcode +5079 58000004 setarg 4 +507a 204050a5 call module_hci_prepare_tx +507b 6fe809b6 fetch 4 ,mem_gkey +507c e7e8000a istore 4 ,contwu +507d 202067b9 branch uartd_send + +module_hci_event_invalid_packet: +507e 700aff0f jam hci_event_invalid_packet ,mem_module_uart_opcode +507f 2020504e branch module_hci_event_enter_standby_mode_len0 + +module_hci_event_passkey_entry_mode: +5080 700aff10 jam hci_event_get_passkey ,mem_module_uart_opcode +5081 2020504e branch module_hci_event_enter_standby_mode_len0 + +module_hci_event_le_tk: +5082 700aff11 jam hci_event_le_tk ,mem_module_uart_opcode +5083 58000004 setarg 4 +5084 204050a5 call module_hci_prepare_tx +5085 6fe84499 fetch 4 ,mem_le_tk +5086 e7e8000a istore 4 ,contwu +5087 202067b9 branch uartd_send + +module_hci_event_le_pairing_fail: +5088 da200180 arg flag_ble_pairing_fail ,rega +5089 2020508f branch module_hci_event_pairing_completed + +module_hci_event_le_pairing_success: +508a da200080 arg flag_ble_pairing_success ,rega +508b 2020508f branch module_hci_event_pairing_completed + +module_hci_event_bt_pairing_fail: +508c da200101 arg flag_bt_pairing_fail ,rega +508d 2020508f branch module_hci_event_pairing_completed + +module_hci_event_bt_pairing_success: +508e da200001 arg flag_bt_pairing_success ,rega + +module_hci_event_pairing_completed: +508f 70463300 jam 0 ,mem_flag_mode_ssp_pin +5090 700aff14 jam hci_event_le_pairing_state ,mem_module_uart_opcode +5091 58000002 setarg 2 +5092 204050a5 call module_hci_prepare_tx +5093 1a227e00 copy rega ,pdata +5094 e7e4000a istore 2 ,contwu +5095 202067b9 branch uartd_send + +module_hci_event_pause_enc: +5096 da600000 arg flag_event_pause_enc ,regc +5097 20205099 branch module_hci_event_enc + +module_hci_event_start_enc: +5098 da600001 arg flag_event_start_enc ,regc + +module_hci_event_enc: +5099 700aff15 jam hci_event_le_encryption_state ,mem_module_uart_opcode +509a 58000001 setarg 1 +509b 204050a5 call module_hci_prepare_tx +509c 1a627e00 copy regc ,pdata +509d e7e2000a istore 1 ,contwu +509e 202067b9 branch uartd_send + +module_hci_event_le_gkey: +509f 700aff1d jam hci_event_le_gkey ,mem_module_uart_opcode +50a0 58000004 setarg 4 +50a1 204050a5 call module_hci_prepare_tx +50a2 6fe809b6 fetch 4 ,mem_gkey +50a3 e7e8000a istore 4 ,contwu +50a4 202067b9 branch uartd_send + +module_hci_prepare_tx: +50a5 700afe02 jam 0x02 ,mem_module_uart_cmd +50a6 67e20b00 store 1 ,mem_module_uart_len +50a7 60500a9e storet 8 ,mem_temp +50a8 44dec017 bpatch patch17_5 ,mem_patch17 +50a9 68500a9e fetcht 8 ,mem_temp +50aa 204067b5 call uartd_prepare_tx +50ab 6fe60afe fetch 3 ,mem_module_uart_cmd +50ac e7e6000a istore 3 ,contwu +50ad 20600000 rtn + +module_le_receive_data: +50ae 20404f11 call module_check_ble_encrypt_state +50af 20740000 rtn user +50b0 1a227e00 copy rega ,pdata +50b1 67e44671 store 2 ,mem_module_le_rx_data_address +50b2 1a427e00 copy regb ,pdata +50b3 67e24670 store 1 ,mem_module_le_rx_data_len +50b4 6fe40474 fetch 2 ,mem_le_att_handle +50b5 68444675 fetcht 2 ,mem_module_data_write_handle +50b6 98467c00 isub temp ,null +50b7 2022d0bb branch module_le_receive_data_ok ,zero +50b8 68444677 fetcht 2 ,mem_module_data_write_handle2 +50b9 98467c00 isub temp ,null +50ba 24628000 nrtn zero + +module_le_receive_data_ok: +50bb 67e44673 store 2 ,mem_module_le_rx_data_handle +50bc 20205042 branch module_hci_event_receive_le_data + +module_exit_sniff: +50bd 6fe24679 fetch 1 ,mem_module_flag +50be c3828000 rtnbit1 moudle_task_unsniff +50bf 204050da call module_set_unsniff_task_flag +50c0 20204d87 branch app_bt_sniff_exit + +module_set_lpm_mult_2: +50c1 70417302 jam 2 ,mem_lpm_mult +50c2 20600000 rtn + +module_bb_event_timer: +50c3 20600000 rtn + +check_ipc_tx_buff: +50c4 204050cb call get_ipc_tx_buff +50c5 d8400200 arg uart_air_control_threshold ,temp + +pdata_sub_temp: +50c6 98467c00 isub temp ,null +50c7 20600000 rtn + +calc_ipc_tx_buff_pos: +50c8 9a267e00 isub rega ,pdata +50c9 1fe67e00 sub pdata ,0 ,pdata +50ca 20600000 rtn + +get_ipc_tx_buff: +50cb 68444ff0 fetcht 2 ,ipc_bt2m0_start_addr +50cc 6fe44ff2 fetch 2 ,ipc_bt2m0_end_addr +50cd 98462200 isub temp ,rega +50ce 68444ff4 fetcht 2 ,ipc_bt2m0_read_ptr +50cf 6fe44ff6 fetch 2 ,ipc_bt2m0_write_ptr +50d0 98467e00 isub temp ,pdata +50d1 244150c8 ncall calc_ipc_tx_buff_pos ,positive +50d2 20600000 rtn + +module_control_air_flow: +50d3 204050c4 call check_ipc_tx_buff +50d4 20214d54 branch app_l2cap_flow_control_enable ,positive +50d5 20204d56 branch app_l2cap_flow_control_disable + +module_set_sniff_task_flag: +50d6 d8e00006 arg moudle_task_sniff ,queue +50d7 202050e6 branch module_set_state + +module_clear_sniff_task_flag: +50d8 d8e00006 arg moudle_task_sniff ,queue +50d9 202050e2 branch module_clr_state + +module_set_unsniff_task_flag: +50da d8e00005 arg moudle_task_unsniff ,queue +50db 202050e6 branch module_set_state + +module_clear_unsniff_task_flag: +50dc d8e00005 arg moudle_task_unsniff ,queue +50dd 202050e2 branch module_clr_state + +module_set_le_tx_data_flag: +50de d8e00004 arg module_flag_ble_data_finish ,queue +50df 202050e6 branch module_set_state + +module_clear_le_tx_data_flag: +50e0 d8e00004 arg module_flag_ble_data_finish ,queue +50e1 202050e2 branch module_clr_state + +module_clr_state: +50e2 6fe24679 fetch 1 ,mem_module_flag +50e3 f93ffe00 qset0 pdata +50e4 67e24679 store 1 ,mem_module_flag +50e5 20600000 rtn + +module_set_state: +50e6 6fe24679 fetch 1 ,mem_module_flag +50e7 f9207e00 qset1 pdata +50e8 67e24679 store 1 ,mem_module_flag +50e9 20600000 rtn + +cmd_exit: +50ea 7041cf00 jam 0 ,mem_hci_cmd +50eb 20600000 rtn + +cmd_check_plap: +50ec 6fec41d1 fetch 6 ,mem_hci_plap +50ed 684c0040 fetcht 6 ,mem_plap +50ee 98467c00 isub temp ,null +50ef 20600000 rtn + +cmd_pair: +50f0 6fe2004b fetch 1 ,mem_op +50f1 c28150f5 bbit1 op_inrand_req ,cmd_pair_passive +50f2 204066d1 call tid_initiate +50f3 70007c08 jam lmp_in_rand ,mem_lmo_opcode2 +50f4 202050ea branch cmd_exit + +cmd_pair_passive: +50f5 793ffe02 set0 op_inrand_req ,pdata +50f6 67e2004b store 1 ,mem_op +50f7 204063e3 call lmp_accept_inrand +50f8 58000000 setarg 0 +50f9 7934fe01 setflag master ,smap_lmptid ,pdata +50fa 67e2007f store 1 ,mem_lmo_tid2 +50fb 202050ea branch cmd_exit +50fc 20600000 rtn + +cmd_in_sniff: +50fd 70007c17 jam lmp_sniff_req ,mem_lmo_opcode2 +50fe d8a004d5 arg mem_sniff_payload ,contw +50ff 58000000 setarg 0 +5100 2d0ffe1b isolate1 27 ,clke_bt +5101 7920fe01 setflag true ,1 ,pdata +5102 e7e20005 istore 1 ,contw +5103 58000000 setarg 0 +5104 e7e40005 istore 2 ,contw +5105 6fe441e4 fetch 2 ,mem_sniff_param_interval +5106 e7e40005 istore 2 ,contw +5107 6fe241e6 fetch 1 ,mem_sniff_param_attempt +5108 e7e40005 istore 2 ,contw +5109 6fe241e8 fetch 1 ,mem_sniff_param_timeout +510a e7e40005 istore 2 ,contw +510b 202050ea branch cmd_exit + +cmd_exit_sniff: +510c 70007c18 jam lmp_unsniff_req ,mem_lmo_opcode2 +510d 202050ea branch cmd_exit + +hid_rx_process: +510e 44df4017 bpatch patch17_6 ,mem_patch17 +510f 6fe40260 fetch 2 ,mem_l2cap_payload_ptr +5110 1fe20c00 copy pdata ,contr +5111 efe20006 ifetch 1 ,contr +5112 1fe1040f and pdata ,0x0f ,temp +5113 1ff1fe00 rshift4 pdata ,pdata +5114 c004d12d beq hid_type_set_idle ,hid_rx_process_handshake +5115 c003d12d beq hid_type_set_protocol ,hid_rx_process_handshake +5116 c0055139 beq hid_type_data ,hid_rx_process_data +5117 c002d125 beq hid_type_set_report ,hid_rx_process_set_report +5118 c000d11a beq hid_type_control ,hid_rx_process_hid_control +5119 20600000 rtn + +hid_rx_process_hid_control: +511a 18427e00 copy temp ,pdata +511b c002d11e beq hid_control_p_virtualcableunplug ,hid_rx_process_virtual_cable_unplug +511c c001d124 beq hid_control_p_suspend ,hid_rx_process_suspend +511d 20600000 rtn + +hid_rx_process_virtual_cable_unplug: +511e 700a9527 jam bt_evt_virtual_cable_unplug ,mem_fifo_temp +511f 20407bab call ui_ipc_send_event +5120 6fe24092 fetch 1 ,mem_device_option +5121 c4030000 rtnbit0 dvc_op_mouse +5122 18427e00 copy temp ,pdata +5123 20600000 rtn + +hid_rx_process_suspend: +5124 20600000 rtn + +hid_rx_process_set_report: +5125 20405139 call hid_rx_process_data +5126 da200001 arg 0x01 ,rega +5127 2040513d call hid_malloc_tx_buff +5128 6fe4421e fetch 2 ,mem_hid_ctrl_remote_cid +5129 e7e40005 istore 2 ,contw +512a 58000000 setarg 0x00 +512b e7e20005 istore 1 ,contw +512c 20600000 rtn + +hid_rx_process_handshake: +512d da200001 arg 1 ,rega +512e 2040513d call hid_malloc_tx_buff +512f 6fe4421e fetch 2 ,mem_hid_ctrl_remote_cid +5130 e7e40005 istore 2 ,contw +5131 58000000 setarg 0 +5132 e7e20005 istore 1 ,contw +5133 700a8a01 jam 1 ,mem_ui_data_txbuff_length +5134 6fe24224 fetch 1 ,mem_hid_control_state +5135 79207e06 set1 l2cap_channel_hid_handshake_done +5136 67e24224 store 1 ,mem_hid_control_state +5137 700a9512 jam bt_evt_hid_handshake ,mem_fifo_temp +5138 20207bab branch ui_ipc_send_event + +hid_rx_process_data: +5139 efe20006 ifetch 1 ,contr +513a c000d13c beq hid_report_id_kb ,hid_rx_process_data_hid_kb +513b 20600000 rtn + +hid_rx_process_data_hid_kb: +513c 20600000 rtn + +hid_malloc_tx_buff: +513d 2040561a call l2cap_malloc +513e 1a220400 copy rega ,temp +513f 60420a8a storet 1 ,mem_ui_data_txbuff_length +5140 1fe20a00 copy pdata ,contw +5141 1a227e00 copy rega ,pdata +5142 e7e40005 istore 2 ,contw +5143 20600000 rtn + +l2cap_init: +5144 2035d149 branch l2cap_init_wake ,wake + +l2cap_init_work: +5145 58004337 setarg mem_l2cap_xmem_end +5146 d8a04218 arg mem_l2cap_xmem_start ,contw +5147 98a67200 isub contw ,loopcnt +5148 20407caf call clear_mem + +l2cap_init_wake: +5149 44dfc017 bpatch patch17_7 ,mem_patch17 +514a 5800054d setarg mem_sdp_mem_end +514b d8a0050d arg mem_sdp_mem_start ,contw +514c 98a67200 isub contw ,loopcnt +514d 20407caf call clear_mem +514e 580002c5 setarg mem_l2cap_mem_end +514f d8a00259 arg mem_l2cap_mem_start ,contw +5150 98a67200 isub contw ,loopcnt +5151 20407caf call clear_mem +5152 202056f2 branch l2cap_lpm_load_txbuf + +process_rx_l2cap_pkt: +5153 44e04018 bpatch patch18_0 ,mem_patch18 +5154 18c20400 copy contr ,temp +5155 18420c00 copy temp ,contr +5156 efe40006 ifetch 2 ,contr +5157 67e40262 store 2 ,mem_l2cap_rx_pkt_length +5158 efe40006 ifetch 2 ,contr +5159 67e40264 store 2 ,mem_l2cap_rx_cid +515a 18c27e00 deposit contr +515b 67e40260 store 2 ,mem_l2cap_payload_ptr +515c 6fe24651 fetch 1 ,memui_reconnect_mode +515d c000515f beq no_reconnection ,l2cap_rx_multiplexing +515e 202054c9 branch ml2cap_rx_multiplexing + +l2cap_rx_multiplexing: +515f 6fe40262 fetch 2 ,mem_l2cap_rx_pkt_length +5160 203a51d6 branch l2cap_rx_reset_state ,blank +5161 44e0c018 bpatch patch18_1 ,mem_patch18 +5162 6fe20264 fetch 1 ,mem_l2cap_rx_cid +5163 c000d177 beq l2cap_signal_channel ,l2cap_call_proc_signal + +l2cap_rx_multiplexing0: +5164 c02851ba beq l2cap_sdp_channel ,l2cap_call_proc_sdp +5165 c028d1cf beq l2cap_rfcomm_channel ,l2cap_call_proc_rfcomm +5166 c02951cd beq l2cap_hid_control_channel ,l2cap_call_proc_hid +5167 c029d1cd beq l2cap_hid_interrupt_channel ,l2cap_call_proc_hid +5168 202051d6 branch l2cap_rx_reset_state + +l2cap_check_map: +5169 44e14018 bpatch patch18_2 ,mem_patch18 +516a 20405658 call l2cap_malloc_get_full_map +516b 6fe24228 fetch 1 ,mem_used_map +516c c0005175 beq 0 ,set_pdata_0 +516d c000d175 beq 1 ,set_pdata_0 +516e c0015175 beq 2 ,set_pdata_0 +516f c001d175 beq 3 ,set_pdata_0 +5170 c040d175 beq 0x81 ,set_pdata_0 +5171 c0605175 beq 0xc0 ,set_pdata_0 +5172 c0405175 beq 0x80 ,set_pdata_0 +5173 c0205175 beq 0x40 ,set_pdata_0 +5174 20600000 rtn + +set_pdata_0: +5175 58000000 setarg 0 +5176 20600000 rtn + +l2cap_call_proc_signal: +5177 20405169 call l2cap_check_map +5178 247a0000 nrtn blank + +l2cap_call_proc_signal0: +5179 20405692 call l2cap_malloc_signal_channel +517a 204051db call l2cap_process_signal_pkt +517b 6844026b fetcht 2 ,mem_l2cap_signal_tx_length +517c 203a51d5 branch l2cap_call_proc_no_reply ,blank +517d 2040569b call l2cap_get_signal_tx_buff +517e 6fe4026b fetch 2 ,mem_l2cap_signal_tx_length +517f e7e40005 istore 2 ,contw +5180 18007e01 force l2cap_signal_channel ,pdata +5181 e7e40005 istore 2 ,contw +5182 202051d6 branch l2cap_rx_reset_state + +l2cap_call_proc_sigal_pending: +5183 6fe24336 fetch 1 ,mem_l2cap_pending_item +5184 207a0000 rtn blank +5185 1fe22200 copy pdata ,rega +5186 44e1c018 bpatch patch18_3 ,mem_patch18 +5187 6fe802d1 fetch 4 ,mem_l2cap_sdpres_delay_time +5188 d8400100 arg 0x100 ,temp +5189 98408400 iadd temp ,temp +518a 1c427e00 copy clkn_bt ,pdata +518b 98467c00 isub temp ,null +518c 24610000 nrtn positive +518d 70433600 jam 0 ,mem_l2cap_pending_item +518e 1a227e00 copy rega ,pdata +518f c0285191 beq l2cap_sdp_channel ,l2cap_sdp_conn_succ +5190 20204a8b branch assert + +l2cap_sdp_conn_succ: +5191 d9000000 arg 0 ,debug +5192 20405692 call l2cap_malloc_signal_channel +5193 20405254 call restore_l2cap_req_param +5194 2040569d call l2cap_get_signal_tx_payload +5195 20407c83 call save_cont_pointers +5196 20405287 call send_connection_sdp_res +5197 2040569b call l2cap_get_signal_tx_buff +5198 5800000c setarg 0x000c +5199 e7e40005 istore 2 ,contw +519a 18007e01 force l2cap_signal_channel ,pdata +519b e7e40005 istore 2 ,contw +519c 202051d6 branch l2cap_rx_reset_state + +l2cap_reset_sdp_map: +519d 44e24018 bpatch patch18_4 ,mem_patch18 +519e 6fe40271 fetch 2 ,mem_sdp_tx_pkt_length +519f 1fe0fe04 increase 4 ,pdata +51a0 1ff1fe00 rshift4 pdata ,pdata +51a1 1fe97e00 rshift3 pdata ,pdata +51a2 1fe08401 add pdata ,1 ,temp +51a3 d8c04232 arg mem_tx_fifo3 ,contr +51a4 efe60006 ifetch 3 ,contr +51a5 207a0000 rtn blank +51a6 67e60abe store 3 ,mem_tx_fifo_map_temp +51a7 6fe20abe fetch 1 ,mem_tx_fifo_map_temp +51a8 1fe22200 copy pdata ,rega +51a9 204051ad call check_l2cap_map +51aa 1a427e00 copy regb ,pdata +51ab 67e24232 store 1 ,mem_tx_fifo3 +51ac 20600000 rtn + +check_l2cap_map: +51ad d8e00000 arg 0 ,queue +51ae da400000 arg 0 ,regb + +check_l2cap_map_loop: +51af 18e67c07 sub queue ,7 ,null +51b0 24610000 nrtn positive +51b1 aa2fffff qisolate1 rega +51b2 2020d1b4 branch check_l2cap_map_used ,true +51b3 202051b8 branch check_l2cap_map_used2 + +check_l2cap_map_used: +51b4 18427e00 copy temp ,pdata +51b5 203a51b8 branch check_l2cap_map_used2 ,blank +51b6 f9202400 qset1 regb +51b7 184085ff increase -1 ,temp + +check_l2cap_map_used2: +51b8 18e08e01 increase 1 ,queue +51b9 202051af branch check_l2cap_map_loop + +l2cap_call_proc_sdp: +51ba 2040564e call l2cap_malloc_is_fifo_empty +51bb 247a0000 nrtn blank +51bc 20405169 call l2cap_check_map +51bd 247a0000 nrtn blank +51be 2040569f call l2cap_malloc_sdp_channel +51bf 20406cd0 call sdp_process +51c0 2040519d call l2cap_reset_sdp_map +51c1 202051c6 branch l2cap_call_proc_sdp_common + +ml2cap_call_proc_sdp: +51c2 2040564e call l2cap_malloc_is_fifo_empty +51c3 247a0000 nrtn blank +51c4 2040569f call l2cap_malloc_sdp_channel +51c5 20406cd0 call sdp_process + +l2cap_call_proc_sdp_common: +51c6 204056a8 call l2cap_get_sdp_tx_buff +51c7 6fe40271 fetch 2 ,mem_sdp_tx_pkt_length +51c8 203a51d5 branch l2cap_call_proc_no_reply ,blank +51c9 e7e40005 istore 2 ,contw +51ca 6fe4421a fetch 2 ,mem_sdp_remote_cid +51cb e7e40005 istore 2 ,contw +51cc 202051d6 branch l2cap_rx_reset_state + +l2cap_call_proc_hid: +51cd 2040510e call hid_rx_process +51ce 202051d6 branch l2cap_rx_reset_state + +l2cap_call_proc_rfcomm: +51cf 44e2c018 bpatch patch18_5 ,mem_patch18 +51d0 70028000 jam rfcomm_malloc_succeed ,mem_rfcomm_malloc_fail_flag +51d1 2040694b call rfcomm_rx_process +51d2 6fe20280 fetch 1 ,mem_rfcomm_malloc_fail_flag +51d3 c1008000 rtneq rfcomm_malloc_fail +51d4 202051d6 branch l2cap_rx_reset_state + +l2cap_call_proc_no_reply: +51d5 2040563e call l2cap_malloc_discard + +l2cap_rx_reset_state: +51d6 58000000 setarg 0 +51d7 67e40262 store 2 ,mem_l2cap_rx_pkt_length +51d8 67e40264 store 2 ,mem_l2cap_rx_cid +51d9 70026601 jam l2cap_rx_done ,mem_l2cap_rx_done +51da 20600000 rtn + +l2cap_process_signal_pkt: +51db 44e34018 bpatch patch18_6 ,mem_patch18 +51dc 2040569d call l2cap_get_signal_tx_payload +51dd 18002400 force 0 ,regb +51de 6fe40262 fetch 2 ,mem_l2cap_rx_pkt_length +51df 1fe22600 copy pdata ,regc +51e0 6fe40260 fetch 2 ,mem_l2cap_payload_ptr +51e1 98000c00 iforce contr + +l2cap_process_signal_pkt_loop: +51e2 204051ea call l2cap_process_one_signal +51e3 1a627e00 deposit regc +51e4 1a60a7fc increase -4 ,regc +51e5 1fe0fffc increase -4 ,pdata +51e6 243a51e2 nbranch l2cap_process_signal_pkt_loop ,blank +51e7 1a427e00 copy regb ,pdata +51e8 67e4026b store 2 ,mem_l2cap_signal_tx_length +51e9 20600000 rtn + +l2cap_process_one_signal: +51ea 44e3c018 bpatch patch18_7 ,mem_patch18 +51eb efe20006 ifetch 1 ,contr +51ec c000d223 beq signal_cmd_reject ,l2cap_proc_signal_cmd_reject +51ed c001522b beq signal_connect_req ,l2cap_proc_signal_connect_req +51ee c001d2af beq signal_connect_rsp ,l2cap_proc_signal_connect_rsp +51ef c00252df beq signal_config_req ,l2cap_proc_signal_config_req +51f0 c002d37c beq signal_config_rsp ,l2cap_proc_signal_config_rsp +51f1 c00353a5 beq signal_disconnect_req ,l2cap_proc_signal_disconnect_req +51f2 c003d3f5 beq signal_disconnect_rsp ,l2cap_proc_signal_disconnect_rsp +51f3 c004542a beq signal_echo_req ,l2cap_proc_signal_echo_req +51f4 c004d43a beq signal_echo_rsp ,l2cap_proc_signal_echo_rsp +51f5 c00551f9 beq signal_info_req ,l2cap_proc_signal_info_req +51f6 c005d43b beq signal_info_rsp ,l2cap_proc_signal_info_rsp +51f7 2040543c call l2cap_reject_command + +l2cap_process_one_signal_rtn: +51f8 20600000 rtn + +l2cap_proc_signal_info_req: +51f9 efe20006 ifetch 1 ,contr +51fa 1fe20e00 copy pdata ,queue +51fb efe40006 ifetch 2 ,contr +51fc 1fe22200 copy pdata ,rega +51fd 1a627e00 copy regc ,pdata +51fe 9a262600 isub rega ,regc +51ff 5800000b setarg signal_info_rsp +5200 e7e20005 istore 1 ,contw +5201 18e27e00 copy queue ,pdata +5202 e7e20005 istore 1 ,contw +5203 efe40006 ifetch 2 ,contr + +l2cap_proc_signal_info_req_reply: +5204 c0015207 beq l2cap_sig_ext_featrue ,l2cap_proc_signal_info_req_ext +5205 c001d20d beq l2cap_sig_fix_featrue ,l2cap_proc_signal_info_req_fix +5206 20600000 rtn + +l2cap_proc_signal_info_req_ext: +5207 58020008 setarg 0x020008 +5208 e7ec0005 istore 6 ,contw +5209 58000280 setarg 0x0280 +520a e7e80005 istore 4 ,contw +520b 18007e0c force 12 ,pdata +520c 20205212 branch l2cap_proc_signal_info_req_common + +l2cap_proc_signal_info_req_fix: +520d 5803000c setarg 0x3000c +520e e7ec0005 istore 6 ,contw +520f 58000006 setarg 0x0006 +5210 e7f00005 istore 8 ,contw +5211 18007e10 force 16 ,pdata + +l2cap_proc_signal_info_req_common: +5212 9a40a400 iadd regb ,regb +5213 202051f8 branch l2cap_process_one_signal_rtn + +ml2cap_proc_signal_info_req: +5214 efe20006 ifetch 1 ,contr +5215 1fe20e00 copy pdata ,queue +5216 efe40006 ifetch 2 ,contr +5217 1fe22200 copy pdata ,rega +5218 efe40006 ifetch 2 ,contr +5219 67e40a9e store 2 ,mem_temp +521a 1a627e00 copy regc ,pdata +521b 9a262600 isub rega ,regc +521c 2040569d call l2cap_get_signal_tx_payload +521d 5800000b setarg signal_info_rsp +521e e7e20005 istore 1 ,contw +521f 18e27e00 copy queue ,pdata +5220 e7e20005 istore 1 ,contw +5221 6fe40a9e fetch 2 ,mem_temp +5222 20205204 branch l2cap_proc_signal_info_req_reply + +l2cap_proc_signal_cmd_reject: +5223 efe20006 ifetch 1 ,contr +5224 1fe20e00 copy pdata ,queue +5225 efe40006 ifetch 2 ,contr +5226 1fe22200 copy pdata ,rega +5227 98c08c00 iadd contr ,contr +5228 1a627e00 copy regc ,pdata +5229 9a262600 isub rega ,regc + +l2cap_proc_signal_cmd_reject_rtn: +522a 202051f8 branch l2cap_process_one_signal_rtn + +l2cap_proc_signal_connect_req: +522b 20407c83 call save_cont_pointers +522c 20407c88 call load_cont_pointers +522d d9000000 arg 0 ,debug +522e efe20006 ifetch 1 ,contr +522f 1fe20e00 copy pdata ,queue +5230 efe40006 ifetch 2 ,contr +5231 1fe22200 copy pdata ,rega +5232 efe40006 ifetch 2 ,contr +5233 1fe20400 copy pdata ,temp +5234 efe40006 ifetch 2 ,contr +5235 1fe21600 copy pdata ,timeup +5236 44e44019 bpatch patch19_0 ,mem_patch19 +5237 18427e00 copy temp ,pdata +5238 c000d23e beq psm_sdp ,l2cap_proc_signal_connect_req_sdp +5239 c001d260 beq psm_rfcomm ,l2cap_proc_signal_connect_req_rfcomm +523a c008d26c beq psm_hid_control ,l2cap_proc_signal_connect_req_hid_ctrl +523b c009d277 beq psm_hid_interrupt ,l2cap_proc_signal_connect_req_hid_int +523c 2040543c call l2cap_reject_command +523d 202052ae branch l2cap_proc_signal_connect_req_rtn + +l2cap_proc_signal_connect_req_sdp: +523e 20407c83 call save_cont_pointers +523f d8400050 arg l2cap_sdp_channel ,temp +5240 6fe4421a fetch 2 ,mem_sdp_remote_cid +5241 243a52a8 nbranch already_connected ,blank +5242 19627e00 copy timeup ,pdata +5243 67e4421a store 2 ,mem_sdp_remote_cid +5244 1c427e00 copy clkn_bt ,pdata +5245 67e802d1 store 4 ,mem_l2cap_sdpres_delay_time +5246 20405248 call store_l2cap_req_param +5247 20205283 branch send_connection_pending + +store_l2cap_req_param: +5248 604402cf storet 2 ,mem_psm +5249 19627e00 deposit timeup +524a 67e402c5 store 2 ,mem_scid +524b 1a227e00 deposit rega +524c 67e402c7 store 2 ,mem_cmd_length +524d 1a427e00 deposit regb +524e 67e402c9 store 2 ,mem_tt2 +524f 1a627e00 deposit regc +5250 67e402cb store 2 ,mem_tt3 +5251 18e27e00 deposit queue +5252 67e402cd store 2 ,mem_id +5253 20600000 rtn + +restore_l2cap_req_param: +5254 684402cf fetcht 2 ,mem_psm +5255 6fe402c5 fetch 2 ,mem_scid +5256 1fe21600 copy pdata ,timeup +5257 6fe402c7 fetch 2 ,mem_cmd_length +5258 1fe22200 copy pdata ,rega +5259 6fe402c9 fetch 2 ,mem_tt2 +525a 1fe22400 copy pdata ,regb +525b 6fe402cb fetch 2 ,mem_tt3 +525c 1fe22600 copy pdata ,regc +525d 6fe402cd fetch 2 ,mem_id +525e 1fe20e00 copy pdata ,queue +525f 20600000 rtn + +l2cap_proc_signal_connect_req_rfcomm: +5260 20407c83 call save_cont_pointers +5261 58000051 setarg l2cap_rfcomm_channel +5262 d8400051 arg l2cap_rfcomm_channel ,temp +5263 6fe4421c fetch 2 ,mem_rfcomm_remote_cid +5264 243a52a8 nbranch already_connected ,blank +5265 19627e00 copy timeup ,pdata +5266 67e4421c store 2 ,mem_rfcomm_remote_cid +5267 6fe24223 fetch 1 ,mem_rfcomm_state +5268 79207e00 set1 l2cap_channel_state_conn_req ,pdata +5269 79207e01 set1 l2cap_channel_state_conn_res ,pdata +526a 67e24223 store 1 ,mem_rfcomm_state +526b 2020528b branch send_connection_res + +l2cap_proc_signal_connect_req_hid_ctrl: +526c 20407c83 call save_cont_pointers +526d d8400052 arg l2cap_hid_control_channel ,temp +526e 6fe4421e fetch 2 ,mem_hid_ctrl_remote_cid +526f 243a52a8 nbranch already_connected ,blank +5270 19627e00 copy timeup ,pdata +5271 67e4421e store 2 ,mem_hid_ctrl_remote_cid +5272 6fe24224 fetch 1 ,mem_hid_control_state +5273 79207e00 set1 l2cap_channel_state_conn_req ,pdata +5274 79207e01 set1 l2cap_channel_state_conn_res ,pdata +5275 67e24224 store 1 ,mem_hid_control_state +5276 2020528b branch send_connection_res + +l2cap_proc_signal_connect_req_hid_int: +5277 20407c83 call save_cont_pointers +5278 1b427e00 deposit clke +5279 d8400053 arg l2cap_hid_interrupt_channel ,temp +527a 6fe44220 fetch 2 ,mem_hid_int_remote_cid +527b 243a52a8 nbranch already_connected ,blank +527c 19627e00 copy timeup ,pdata +527d 67e44220 store 2 ,mem_hid_int_remote_cid +527e 6fe24225 fetch 1 ,mem_hid_interrupt_state +527f 79207e00 set1 l2cap_channel_state_conn_req ,pdata +5280 79207e01 set1 l2cap_channel_state_conn_res ,pdata +5281 67e24225 store 1 ,mem_hid_interrupt_state +5282 2020528b branch send_connection_res + +send_connection_pending: +5283 58000001 setarg l2cap_connect_pending +5284 67e40279 store 2 ,meml2cap_t1 +5285 70433650 jam l2cap_sdp_channel ,mem_l2cap_pending_item +5286 2020528d branch send_connection_res0 + +send_connection_sdp_res: +5287 6fe24222 fetch 1 ,mem_sdp_state +5288 79207e00 set1 l2cap_channel_state_conn_req ,pdata +5289 79207e01 set1 l2cap_channel_state_conn_res ,pdata +528a 67e24222 store 1 ,mem_sdp_state + +send_connection_res: +528b 58000000 setarg l2cap_connect_successful +528c 67e40279 store 2 ,meml2cap_t1 + +send_connection_res0: +528d 44e4c019 bpatch patch19_1 ,mem_patch19 +528e 20407c88 call load_cont_pointers +528f 58000003 setarg signal_connect_rsp +5290 e7e20005 istore 1 ,contw +5291 18e27e00 copy queue ,pdata +5292 e7e20005 istore 1 ,contw +5293 58000008 setarg 0x0008 +5294 e7e40005 istore 2 ,contw +5295 18427e00 copy temp ,pdata +5296 e7e40005 istore 2 ,contw +5297 19627e00 copy timeup ,pdata +5298 e7e40005 istore 2 ,contw +5299 6fe40279 fetch 2 ,meml2cap_t1 +529a c000d2a3 beq l2cap_connect_pending ,connect_pending +529b 290c0000 isolate0 0 ,debug +529c 2020d29e branch connect_suc ,true +529d 58000004 setarg l2cap_connect_refused_no_resources + +connect_suc: +529e e7e40005 istore 2 ,contw +529f 18007e00 force 0x0000 ,pdata +52a0 e7e40005 istore 2 ,contw +52a1 5800000c setarg 12 +52a2 202052aa branch connect_req_update_byte_counts + +connect_pending: +52a3 e7e40005 istore 2 ,contw +52a4 18007e02 force 0x0002 ,pdata +52a5 e7e40005 istore 2 ,contw +52a6 5800000c setarg 12 +52a7 202052aa branch connect_req_update_byte_counts + +already_connected: +52a8 79201000 set1 0 ,debug +52a9 2020528b branch send_connection_res + +connect_req_update_byte_counts: +52aa 9a40a400 iadd regb ,regb +52ab 1a627e00 copy regc ,pdata +52ac 9a262600 isub rega ,regc +52ad 202052ae branch l2cap_proc_signal_connect_req_rtn + +l2cap_proc_signal_connect_req_rtn: +52ae 202051f8 branch l2cap_process_one_signal_rtn + +l2cap_proc_signal_connect_rsp: +52af efe20006 ifetch 1 ,contr +52b0 1fe20e00 copy pdata ,queue +52b1 efe40006 ifetch 2 ,contr +52b2 1fe22200 copy pdata ,rega +52b3 1a627e00 copy regc ,pdata +52b4 9a262600 isub rega ,regc +52b5 efe40006 ifetch 2 ,contr +52b6 1fe21600 copy pdata ,timeup +52b7 efe40006 ifetch 2 ,contr +52b8 1fe20400 copy pdata ,temp +52b9 44e54019 bpatch patch19_2 ,mem_patch19 +52ba 58000050 setarg l2cap_sdp_channel +52bb 98467c00 isub temp ,null +52bc 2022d2c7 branch l2cap_proc_signal_connect_rsp_sdp ,zero +52bd 58000051 setarg l2cap_rfcomm_channel +52be 98467c00 isub temp ,null +52bf 2022d2cd branch l2cap_proc_signal_connect_rsp_rfcomm ,zero +52c0 58000052 setarg l2cap_hid_control_channel +52c1 98467c00 isub temp ,null +52c2 2022d2d9 branch l2cap_proc_signal_connect_rsp_hid_ctrl ,zero +52c3 58000053 setarg l2cap_hid_interrupt_channel +52c4 98467c00 isub temp ,null +52c5 2022d2d3 branch l2cap_proc_signal_connect_rsp_hid_int ,zero +52c6 20600000 rtn + +l2cap_proc_signal_connect_rsp_sdp: +52c7 19627e00 copy timeup ,pdata +52c8 67e4421a store 2 ,mem_sdp_remote_cid +52c9 6fe24222 fetch 1 ,mem_sdp_state +52ca 79207e01 set1 l2cap_channel_state_conn_res ,pdata +52cb 67e24222 store 1 ,mem_sdp_state +52cc 202051f8 branch l2cap_process_one_signal_rtn + +l2cap_proc_signal_connect_rsp_rfcomm: +52cd 19627e00 copy timeup ,pdata +52ce 67e4421c store 2 ,mem_rfcomm_remote_cid +52cf 6fe24223 fetch 1 ,mem_rfcomm_state +52d0 79207e01 set1 l2cap_channel_state_conn_res ,pdata +52d1 67e24223 store 1 ,mem_rfcomm_state +52d2 20600000 rtn + +l2cap_proc_signal_connect_rsp_hid_int: +52d3 19627e00 copy timeup ,pdata +52d4 67e4421e store 2 ,mem_hid_ctrl_remote_cid +52d5 6fe24225 fetch 1 ,mem_hid_interrupt_state +52d6 79207e01 set1 l2cap_channel_state_conn_res ,pdata +52d7 67e24225 store 1 ,mem_hid_interrupt_state +52d8 20600000 rtn + +l2cap_proc_signal_connect_rsp_hid_ctrl: +52d9 19627e00 copy timeup ,pdata +52da 67e44220 store 2 ,mem_hid_int_remote_cid +52db 6fe24224 fetch 1 ,mem_hid_control_state +52dc 79207e01 set1 l2cap_channel_state_conn_res ,pdata +52dd 67e24224 store 1 ,mem_hid_control_state +52de 20600000 rtn + +l2cap_proc_signal_config_req: +52df efe20006 ifetch 1 ,contr +52e0 1fe20e00 copy pdata ,queue +52e1 efe40006 ifetch 2 ,contr +52e2 1fe22200 copy pdata ,rega +52e3 1a627e00 copy regc ,pdata +52e4 9a262600 isub rega ,regc +52e5 efe40006 ifetch 2 ,contr +52e6 1fe20400 copy pdata ,temp +52e7 18422200 copy temp ,rega +52e8 44e5c019 bpatch patch19_3 ,mem_patch19 +52e9 58000050 setarg l2cap_sdp_channel +52ea 98467c00 isub temp ,null +52eb 2022d2f6 branch l2cap_proc_signal_config_req_sdp ,zero +52ec 58000051 setarg l2cap_rfcomm_channel +52ed 98467c00 isub temp ,null +52ee 2022d314 branch l2cap_proc_signal_config_req_rfcomm ,zero +52ef 58000052 setarg l2cap_hid_control_channel +52f0 98467c00 isub temp ,null +52f1 2022d300 branch l2cap_proc_signal_config_req_hid_ctrl ,zero +52f2 58000053 setarg l2cap_hid_interrupt_channel +52f3 98467c00 isub temp ,null +52f4 2022d30a branch l2cap_proc_signal_config_req_hid_int ,zero +52f5 2020543c branch l2cap_reject_command + +l2cap_proc_signal_config_req_sdp: +52f6 18a21600 copy contw ,timeup +52f7 6fe24222 fetch 1 ,mem_sdp_state +52f8 79207e04 set1 l2cap_channel_state_rcv_cfg_req ,pdata +52f9 79207e03 set1 l2cap_channel_state_snd_cfg_res ,pdata +52fa 67e24222 store 1 ,mem_sdp_state +52fb 19620a00 copy timeup ,contw +52fc d9600050 arg l2cap_sdp_channel ,timeup +52fd 6fe4421a fetch 2 ,mem_sdp_remote_cid +52fe 1fe20400 copy pdata ,temp +52ff 2020531d branch l2cap_send_config_rsp + +l2cap_proc_signal_config_req_hid_ctrl: +5300 18a21600 copy contw ,timeup +5301 6fe24224 fetch 1 ,mem_hid_control_state +5302 79207e04 set1 l2cap_channel_state_rcv_cfg_req ,pdata +5303 79207e03 set1 l2cap_channel_state_snd_cfg_res ,pdata +5304 67e24224 store 1 ,mem_hid_control_state +5305 19620a00 copy timeup ,contw +5306 d9600052 arg l2cap_hid_control_channel ,timeup +5307 6fe4421e fetch 2 ,mem_hid_ctrl_remote_cid +5308 1fe20400 copy pdata ,temp +5309 2020531d branch l2cap_send_config_rsp + +l2cap_proc_signal_config_req_hid_int: +530a 18a21600 copy contw ,timeup +530b 6fe24225 fetch 1 ,mem_hid_interrupt_state +530c 79207e04 set1 l2cap_channel_state_rcv_cfg_req ,pdata +530d 79207e03 set1 l2cap_channel_state_snd_cfg_res ,pdata +530e 67e24225 store 1 ,mem_hid_interrupt_state +530f 19620a00 copy timeup ,contw +5310 d9600053 arg l2cap_hid_interrupt_channel ,timeup +5311 6fe44220 fetch 2 ,mem_hid_int_remote_cid +5312 1fe20400 copy pdata ,temp +5313 2020531d branch l2cap_send_config_rsp + +l2cap_proc_signal_config_req_rfcomm: +5314 18a21600 copy contw ,timeup +5315 6fe24223 fetch 1 ,mem_rfcomm_state +5316 79207e04 set1 l2cap_channel_state_rcv_cfg_req ,pdata +5317 79207e03 set1 l2cap_channel_state_snd_cfg_res ,pdata +5318 67e24223 store 1 ,mem_rfcomm_state +5319 19620a00 copy timeup ,contw +531a d9600051 arg l2cap_rfcomm_channel ,timeup +531b 6fe4421c fetch 2 ,mem_rfcomm_remote_cid +531c 1fe20400 copy pdata ,temp + +l2cap_send_config_rsp: +531d 44e64019 bpatch patch19_4 ,mem_patch19 +531e 58000005 setarg signal_config_rsp +531f e7e20005 istore 1 ,contw +5320 18e27e00 copy queue ,pdata +5321 e7e20005 istore 1 ,contw +5322 58000006 setarg 0x0006 +5323 e7e40005 istore 2 ,contw +5324 18427e00 copy temp ,pdata +5325 e7e40005 istore 2 ,contw +5326 18007e00 force 0x00 ,pdata +5327 e7e40005 istore 2 ,contw +5328 18007e00 force l2cap_config_success ,pdata +5329 e7e40005 istore 2 ,contw +532a 18007e0a force 10 ,pdata +532b 9a40a400 iadd regb ,regb +532c 6044027e storet 2 ,mem_config_req_dest_cid +532d 18e27e00 copy queue ,pdata +532e 67e2027d store 1 ,mem_config_identifier +532f 18007e50 force l2cap_sdp_channel ,pdata +5330 a961fe00 icompare 0xff ,timeup +5331 2020d333 branch l2cap_send_config_rsp_is_sdp ,true +5332 1fe0fe01 increase 1 ,pdata + +l2cap_send_config_rsp_is_sdp: +5333 20600000 rtn + +l2cap_check_channel_state: +5334 78547c00 disable user +5335 c3810000 rtnbit1 l2cap_channel_state_snd_cfg_req ,pdata +5336 c4000000 rtnbit0 l2cap_channel_state_conn_req ,pdata +5337 c4008000 rtnbit0 l2cap_channel_state_conn_res ,pdata +5338 79207e02 set1 l2cap_channel_state_snd_cfg_req ,pdata +5339 18c20a00 copy contr ,contw +533a 18a08bff increase -1 ,contw +533b e7e20005 istore 1 ,contw +533c 78347c00 enable user +533d 20600000 rtn + +l2cap_send_config_req: + +l2cap_send_config_req_sdp: +533e 6fe24222 fetch 1 ,mem_sdp_state +533f 20405334 call l2cap_check_channel_state +5340 24345345 nbranch l2cap_send_config_req_rfcomm ,user +5341 70027c50 jam l2cap_sdp_channel ,mem_send_config_req +5342 6fe4421a fetch 2 ,mem_sdp_remote_cid +5343 67e4027e store 2 ,mem_config_req_dest_cid +5344 20205359 branch l2cap_generate_config_req + +l2cap_send_config_req_rfcomm: +5345 6fe24223 fetch 1 ,mem_rfcomm_state +5346 20405334 call l2cap_check_channel_state +5347 2434534c nbranch l2cap_send_config_req_hid_ctrl ,user +5348 70027c51 jam l2cap_rfcomm_channel ,mem_send_config_req +5349 6fe4421c fetch 2 ,mem_rfcomm_remote_cid +534a 67e4027e store 2 ,mem_config_req_dest_cid +534b 20205359 branch l2cap_generate_config_req + +l2cap_send_config_req_hid_ctrl: +534c 6fe24224 fetch 1 ,mem_hid_control_state +534d 20405334 call l2cap_check_channel_state +534e 24345353 nbranch l2cap_send_config_req_hid_int ,user +534f 70027c52 jam l2cap_hid_control_channel ,mem_send_config_req +5350 6fe4421e fetch 2 ,mem_hid_ctrl_remote_cid +5351 67e4027e store 2 ,mem_config_req_dest_cid +5352 20205359 branch l2cap_generate_config_req + +l2cap_send_config_req_hid_int: +5353 6fe24225 fetch 1 ,mem_hid_interrupt_state +5354 20405334 call l2cap_check_channel_state +5355 24740000 nrtn user +5356 70027c53 jam l2cap_hid_interrupt_channel ,mem_send_config_req +5357 6fe44220 fetch 2 ,mem_hid_int_remote_cid +5358 67e4027e store 2 ,mem_config_req_dest_cid + +l2cap_generate_config_req: +5359 44e6c019 bpatch patch19_5 ,mem_patch19 +535a 20405614 call l2cap_get_req_id +535b 20405692 call l2cap_malloc_signal_channel +535c 18002400 force 0 ,regb +535d 2040569d call l2cap_get_signal_tx_payload +535e 18007e04 force signal_config_req ,pdata +535f e7e20005 istore 1 ,contw +5360 6fe24227 fetch 1 ,mem_ml2cap_comm_id +5361 e7e20005 istore 1 ,contw +5362 58000008 setarg 0x0008 +5363 e7e40005 istore 2 ,contw +5364 6fe4027e fetch 2 ,mem_config_req_dest_cid +5365 e7e40005 istore 2 ,contw +5366 58000000 setarg 0x0000 +5367 e7e40005 istore 2 ,contw +5368 18007e01 force 1 ,pdata +5369 e7e20005 istore 1 ,contw +536a 18007e02 force 2 ,pdata +536b e7e20005 istore 1 ,contw +536c 6fe2027c fetch 1 ,mem_send_config_req +536d c028d371 beq l2cap_rfcomm_channel ,l2cap_generate_config_req_rfcomm +536e 58000030 setarg l2cap_config_mtu_sdp +536f e7e40005 istore 2 ,contw +5370 20205373 branch l2cap_generate_config_req_done + +l2cap_generate_config_req_rfcomm: +5371 580003e3 setarg l2cap_config_mtu_rfcomm +5372 e7e40005 istore 2 ,contw + +l2cap_generate_config_req_done: +5373 d840000c arg 0x0c ,temp +5374 6044026b storet 2 ,mem_l2cap_signal_tx_length +5375 2040569b call l2cap_get_signal_tx_buff +5376 6fe4026b fetch 2 ,mem_l2cap_signal_tx_length +5377 e7e40005 istore 2 ,contw +5378 18007e01 force l2cap_signal_channel ,pdata +5379 e7e40005 istore 2 ,contw +537a 70027c00 jam 0 ,mem_send_config_req + +l2cap_proc_signal_config_req_rtn: +537b 202051f8 branch l2cap_process_one_signal_rtn + +l2cap_proc_signal_config_rsp: +537c 18c08c01 increase 1 ,contr +537d efe40006 ifetch 2 ,contr +537e 1fe22200 copy pdata ,rega +537f 1a627e00 copy regc ,pdata +5380 9a262600 isub rega ,regc +5381 efe40006 ifetch 2 ,contr +5382 1fe22200 copy pdata ,rega +5383 44e74019 bpatch patch19_6 ,mem_patch19 +5384 58000050 setarg l2cap_sdp_channel +5385 9a267c00 isub rega ,null +5386 2022d394 branch l2cap_proc_signal_config_rsp_sdp ,zero +5387 58000051 setarg l2cap_rfcomm_channel +5388 9a267c00 isub rega ,null +5389 2022d398 branch l2cap_proc_signal_config_rsp_rfcomm ,zero +538a 58000052 setarg l2cap_hid_control_channel +538b 9a267c00 isub rega ,null +538c 2022d39c branch l2cap_proc_signal_config_rsp_hid_ctrl ,zero +538d 58000053 setarg l2cap_hid_interrupt_channel +538e 9a267c00 isub rega ,null +538f 2022d3a0 branch l2cap_proc_signal_config_rsp_hid_int ,zero +5390 18c08c02 increase 2 ,contr +5391 efe40006 ifetch 2 ,contr +5392 98007c00 iforce null +5393 202051f8 branch l2cap_process_one_signal_rtn + +l2cap_proc_signal_config_rsp_sdp: +5394 6fe24222 fetch 1 ,mem_sdp_state +5395 79207e05 set1 l2cap_channel_state_rcv_cfg_res ,pdata +5396 67e24222 store 1 ,mem_sdp_state +5397 202051f8 branch l2cap_process_one_signal_rtn + +l2cap_proc_signal_config_rsp_rfcomm: +5398 6fe24223 fetch 1 ,mem_rfcomm_state +5399 79207e05 set1 l2cap_channel_state_rcv_cfg_res ,pdata +539a 67e24223 store 1 ,mem_rfcomm_state +539b 202051f8 branch l2cap_process_one_signal_rtn + +l2cap_proc_signal_config_rsp_hid_ctrl: +539c 6fe24224 fetch 1 ,mem_hid_control_state +539d 79207e05 set1 l2cap_channel_state_rcv_cfg_res ,pdata +539e 67e24224 store 1 ,mem_hid_control_state +539f 202051f8 branch l2cap_process_one_signal_rtn + +l2cap_proc_signal_config_rsp_hid_int: +53a0 6fe24225 fetch 1 ,mem_hid_interrupt_state +53a1 79207e05 set1 l2cap_channel_state_rcv_cfg_res ,pdata +53a2 67e24225 store 1 ,mem_hid_interrupt_state +53a3 700a9506 jam bt_evt_hid_connected ,mem_fifo_temp +53a4 20207bab branch ui_ipc_send_event + +l2cap_proc_signal_disconnect_req: +53a5 efe20006 ifetch 1 ,contr +53a6 1fe20e00 copy pdata ,queue +53a7 efe40006 ifetch 2 ,contr +53a8 1fe22200 copy pdata ,rega +53a9 1a627e00 copy regc ,pdata +53aa 9a262600 isub rega ,regc +53ab efe40006 ifetch 2 ,contr +53ac 1fe22200 copy pdata ,rega +53ad efe40006 ifetch 2 ,contr +53ae 1fe21600 copy pdata ,timeup +53af 1a220400 copy rega ,temp +53b0 20407c83 call save_cont_pointers +53b1 44e7c019 bpatch patch19_7 ,mem_patch19 +53b2 58000050 setarg l2cap_sdp_channel +53b3 98467c00 isub temp ,null +53b4 2022d3cc branch l2cap_proc_signal_disconnect_req_sdp ,zero +53b5 58000051 setarg l2cap_rfcomm_channel +53b6 98467c00 isub temp ,null +53b7 2022d3dc branch l2cap_proc_signal_disconnect_req_rfcomm ,zero +53b8 58000052 setarg l2cap_hid_control_channel +53b9 98467c00 isub temp ,null +53ba 2022d3c0 branch l2cap_proc_signal_disconnect_req_hid_ctrl ,zero +53bb 58000053 setarg l2cap_hid_interrupt_channel +53bc 98467c00 isub temp ,null +53bd 2022d3c6 branch l2cap_proc_signal_disconnect_req_hid_int ,zero +53be 2040543c call l2cap_reject_command +53bf 202053f1 branch l2cap_proc_signal_disconnect_req_err_rtn + +l2cap_proc_signal_disconnect_req_hid_ctrl: +53c0 19620400 copy timeup ,temp +53c1 6fe4421e fetch 2 ,mem_hid_ctrl_remote_cid +53c2 98467c00 isub temp ,null +53c3 2022d3d2 branch l2cap_disconnect_hid_control_now ,zero +53c4 2040543c call l2cap_reject_command +53c5 202053f1 branch l2cap_proc_signal_disconnect_req_err_rtn + +l2cap_proc_signal_disconnect_req_hid_int: +53c6 19620400 copy timeup ,temp +53c7 6fe44220 fetch 2 ,mem_hid_int_remote_cid +53c8 98467c00 isub temp ,null +53c9 2022d3d4 branch l2cap_disconnect_hid_interrupt_now ,zero +53ca 2040543c call l2cap_reject_command +53cb 202053f1 branch l2cap_proc_signal_disconnect_req_err_rtn + +l2cap_proc_signal_disconnect_req_sdp: +53cc 19620400 copy timeup ,temp +53cd 6fe4421a fetch 2 ,mem_sdp_remote_cid +53ce 98467c00 isub temp ,null +53cf 2022d3d8 branch l2cap_disconnect_sdp_now ,zero +53d0 2040543c call l2cap_reject_command +53d1 202053f1 branch l2cap_proc_signal_disconnect_req_err_rtn + +l2cap_disconnect_hid_control_now: +53d2 20405453 call l2cap_reset_hid_ctrl_state +53d3 202053e4 branch l2cap_send_disconnect_rsp_pkt + +l2cap_disconnect_hid_interrupt_now: +53d4 20405459 call l2cap_reset_hid_int_state +53d5 6fe4421e fetch 2 ,mem_hid_ctrl_remote_cid +53d6 203a53e4 branch l2cap_send_disconnect_rsp_pkt ,blank +53d7 202053e4 branch l2cap_send_disconnect_rsp_pkt + +l2cap_disconnect_sdp_now: +53d8 2040544e call l2cap_reset_sdp_channel_state +53d9 6fe20284 fetch 1 ,mem_upper_sm_ss +53da 243a53e4 nbranch l2cap_send_disconnect_rsp_pkt ,blank +53db 202053e4 branch l2cap_send_disconnect_rsp_pkt + +l2cap_proc_signal_disconnect_req_rfcomm: +53dc 19620400 copy timeup ,temp +53dd 6fe4421c fetch 2 ,mem_rfcomm_remote_cid +53de 98467c00 isub temp ,null +53df 2022d3e2 branch l2cap_disconnect_rfcomm_now ,zero +53e0 2040543c call l2cap_reject_command +53e1 202053f1 branch l2cap_proc_signal_disconnect_req_err_rtn + +l2cap_disconnect_rfcomm_now: +53e2 20405449 call l2cap_reset_rfcomm_channel_state +53e3 202053e4 branch l2cap_send_disconnect_rsp_pkt + +l2cap_send_disconnect_rsp_pkt: +53e4 20407c88 call load_cont_pointers +53e5 58000007 setarg signal_disconnect_rsp +53e6 e7e20005 istore 1 ,contw +53e7 18e27e00 copy queue ,pdata +53e8 e7e20005 istore 1 ,contw +53e9 58000004 setarg 0x0004 +53ea e7e40005 istore 2 ,contw +53eb 1a227e00 copy rega ,pdata +53ec e7e40005 istore 2 ,contw +53ed 19627e00 copy timeup ,pdata +53ee e7e40005 istore 2 ,contw +53ef 18007e08 force 8 ,pdata +53f0 202053f3 branch l2cap_proc_signal_disconnect_req_rtn + +l2cap_proc_signal_disconnect_req_err_rtn: +53f1 20407c88 call load_cont_pointers +53f2 202053f3 branch l2cap_proc_signal_disconnect_req_rtn + +l2cap_proc_signal_disconnect_req_rtn: +53f3 9a40a400 iadd regb ,regb +53f4 202051f8 branch l2cap_process_one_signal_rtn + +l2cap_proc_signal_disconnect_rsp: +53f5 efe20006 ifetch 1 ,contr +53f6 1fe20e00 copy pdata ,queue +53f7 efe40006 ifetch 2 ,contr +53f8 1fe22200 copy pdata ,rega +53f9 1a627e00 copy regc ,pdata +53fa 9a262600 isub rega ,regc +53fb efe40006 ifetch 2 ,contr +53fc 1fe21600 copy pdata ,timeup +53fd efe40006 ifetch 2 ,contr +53fe 1fe20400 copy pdata ,temp +53ff 20407c83 call save_cont_pointers +5400 44e8401a bpatch patch1a_0 ,mem_patch1a +5401 58000050 setarg l2cap_sdp_channel +5402 98467c00 isub temp ,null +5403 2022d40f branch l2cap_proc_signal_disconnect_rsp_sdp ,zero +5404 58000051 setarg l2cap_rfcomm_channel +5405 98467c00 isub temp ,null +5406 2022d415 branch l2cap_proc_signal_disconnect_rsp_rfcomm ,zero +5407 58000052 setarg l2cap_hid_control_channel +5408 98467c00 isub temp ,null +5409 2022d41b branch l2cap_proc_signal_disconnect_rsp_hid_ctrl ,zero +540a 58000053 setarg l2cap_hid_interrupt_channel +540b 98467c00 isub temp ,null +540c 2022d421 branch l2cap_proc_signal_disconnect_rsp_hid_int ,zero +540d 2040543c call l2cap_reject_command +540e 20205429 branch l2cap_proc_signal_disconnect_rsp_err_rtn + +l2cap_proc_signal_disconnect_rsp_sdp: +540f 18422200 copy temp ,rega +5410 19620400 copy timeup ,temp +5411 6fe4421a fetch 2 ,mem_sdp_remote_cid +5412 98467c00 isub temp ,null +5413 2042d44e call l2cap_reset_sdp_channel_state ,zero +5414 20205427 branch l2cap_proc_signal_disconnect_rsp_rtn + +l2cap_proc_signal_disconnect_rsp_rfcomm: +5415 18422200 copy temp ,rega +5416 19620400 copy timeup ,temp +5417 6fe4421c fetch 2 ,mem_rfcomm_remote_cid +5418 98467c00 isub temp ,null +5419 2042d449 call l2cap_reset_rfcomm_channel_state ,zero +541a 20205427 branch l2cap_proc_signal_disconnect_rsp_rtn + +l2cap_proc_signal_disconnect_rsp_hid_ctrl: +541b 18422200 copy temp ,rega +541c 19620400 copy timeup ,temp +541d 6fe4421e fetch 2 ,mem_hid_ctrl_remote_cid +541e 98467c00 isub temp ,null +541f 2042d453 call l2cap_reset_hid_ctrl_state ,zero +5420 20205427 branch l2cap_proc_signal_disconnect_rsp_rtn + +l2cap_proc_signal_disconnect_rsp_hid_int: +5421 18422200 copy temp ,rega +5422 19620400 copy timeup ,temp +5423 6fe44220 fetch 2 ,mem_hid_int_remote_cid +5424 98467c00 isub temp ,null +5425 2042d459 call l2cap_reset_hid_int_state ,zero +5426 20205427 branch l2cap_proc_signal_disconnect_rsp_rtn + +l2cap_proc_signal_disconnect_rsp_rtn: +5427 20407c88 call load_cont_pointers +5428 202051f8 branch l2cap_process_one_signal_rtn + +l2cap_proc_signal_disconnect_rsp_err_rtn: +5429 202051f8 branch l2cap_process_one_signal_rtn + +l2cap_proc_signal_echo_req: +542a efe20006 ifetch 1 ,contr +542b 1fe20e00 copy pdata ,queue +542c efe40006 ifetch 2 ,contr +542d 1fe22200 copy pdata ,rega +542e 98c08c00 iadd contr ,contr +542f 58000009 setarg 9 +5430 e7e20005 istore 1 ,contw +5431 18e27e00 copy queue ,pdata +5432 e7e20005 istore 1 ,contw +5433 18007e00 force 0x0000 ,pdata +5434 e7e40005 istore 2 ,contw +5435 18007e04 force 4 ,pdata +5436 9a40a400 iadd regb ,regb +5437 1a627e00 copy regc ,pdata +5438 9a262600 isub rega ,regc +5439 202051f8 branch l2cap_process_one_signal_rtn + +l2cap_proc_signal_echo_rsp: +543a 202051f8 branch l2cap_process_one_signal_rtn + +l2cap_proc_signal_info_rsp: +543b 202051f8 branch l2cap_process_one_signal_rtn + +l2cap_reject_command: +543c 18002400 force 0 ,regb +543d 2040569d call l2cap_get_signal_tx_payload +543e 58000001 setarg signal_cmd_reject +543f e7e20005 istore 1 ,contw +5440 18e27e00 copy queue ,pdata +5441 e7e20005 istore 1 ,contw +5442 58000002 setarg 2 +5443 e7e40005 istore 2 ,contw +5444 58000000 setarg cmd_not_understood +5445 e7e40005 istore 2 ,contw +5446 1a40a406 increase 6 ,regb +5447 da600004 arg 4 ,regc +5448 202051f8 branch l2cap_process_one_signal_rtn + +l2cap_reset_rfcomm_channel_state: +5449 58000000 setarg 0 +544a 67e40277 store 2 ,mem_rfcomm_tx_pkt_length +544b 67e4421c store 2 ,mem_rfcomm_remote_cid +544c 70422300 jam 0 ,mem_rfcomm_state +544d 20600000 rtn + +l2cap_reset_sdp_channel_state: +544e 58000000 setarg 0 +544f 67e40271 store 2 ,mem_sdp_tx_pkt_length +5450 67e4421a store 2 ,mem_sdp_remote_cid +5451 70422200 jam 0 ,mem_sdp_state +5452 20600000 rtn + +l2cap_reset_hid_ctrl_state: +5453 58000000 setarg 0 +5454 67e4421e store 2 ,mem_hid_ctrl_remote_cid +5455 70422400 jam 0 ,mem_hid_control_state +5456 6fe24225 fetch 1 ,mem_hid_interrupt_state +5457 c000545f beq 0 ,l2cap_reset_hid_disconnected +5458 20600000 rtn + +l2cap_reset_hid_int_state: +5459 58000000 setarg 0 +545a 67e44220 store 2 ,mem_hid_int_remote_cid +545b 70422500 jam 0 ,mem_hid_interrupt_state +545c 6fe24224 fetch 1 ,mem_hid_control_state +545d c000545f beq 0 ,l2cap_reset_hid_disconnected +545e 20600000 rtn + +l2cap_reset_hid_disconnected: +545f 700a9507 jam bt_evt_hid_disconnected ,mem_fifo_temp +5460 20207bab branch ui_ipc_send_event + +l2cap_disconnect_interrupt_req: +5461 6fe2027b fetch 1 ,mem_control_tasks +5462 793ffe00 set0 l2cap_disconnect_interrupt ,pdata +5463 67e2027b store 1 ,mem_control_tasks +5464 6fe44220 fetch 2 ,mem_hid_int_remote_cid +5465 207a0000 rtn blank +5466 20405692 call l2cap_malloc_signal_channel +5467 6fe44220 fetch 2 ,mem_hid_int_remote_cid +5468 1fe22200 copy pdata ,rega +5469 18002453 force l2cap_hid_interrupt_channel ,regb +546a 20205474 branch l2cap_generate_disconnect_req + +l2cap_disconnect_control_req: +546b 6fe2027b fetch 1 ,mem_control_tasks +546c 793ffe07 set0 l2cap_disconnect_control ,pdata +546d 67e2027b store 1 ,mem_control_tasks +546e 6fe4421e fetch 2 ,mem_hid_ctrl_remote_cid +546f 207a0000 rtn blank +5470 20405692 call l2cap_malloc_signal_channel +5471 6fe4421e fetch 2 ,mem_hid_ctrl_remote_cid +5472 1fe22200 copy pdata ,rega +5473 18002452 force l2cap_hid_control_channel ,regb + +l2cap_generate_disconnect_req: +5474 20405614 call l2cap_get_req_id +5475 2040569d call l2cap_get_signal_tx_payload +5476 18007e06 force signal_disconnect_req ,pdata +5477 e7e20005 istore 1 ,contw +5478 6fe24227 fetch 1 ,mem_ml2cap_comm_id +5479 e7e20005 istore 1 ,contw +547a 58000004 setarg 0x0004 +547b e7e40005 istore 2 ,contw +547c 1a227e00 copy rega ,pdata +547d e7e40005 istore 2 ,contw +547e 1a427e00 copy regb ,pdata +547f e7e40005 istore 2 ,contw +5480 18000408 force 0x08 ,temp +5481 202054b8 branch ml2cap_send_signal + +ml2cap_send_signal_connect_req: +5482 44e8c01a bpatch patch1a_1 ,mem_patch1a +5483 20405614 call l2cap_get_req_id +5484 2040569d call l2cap_get_signal_tx_payload +5485 58000002 setarg signal_connect_req +5486 e7e20005 istore 1 ,contw +5487 6fe24227 fetch 1 ,mem_ml2cap_comm_id +5488 e7e20005 istore 1 ,contw +5489 58000004 setarg 0x0004 +548a e7e40005 istore 2 ,contw +548b 18427e00 copy temp ,pdata +548c e7e40005 istore 2 ,contw +548d 19627e00 copy timeup ,pdata +548e e7e40005 istore 2 ,contw +548f d8400008 arg 8 ,temp +5490 202054b8 branch ml2cap_send_signal + +ml2cap_send_signal_config_req: +5491 44e9401a bpatch patch1a_2 ,mem_patch1a +5492 20405614 call l2cap_get_req_id +5493 2040569d call l2cap_get_signal_tx_payload +5494 58000004 setarg signal_config_req +5495 e7e20005 istore 1 ,contw +5496 6fe24227 fetch 1 ,mem_ml2cap_comm_id +5497 e7e20005 istore 1 ,contw +5498 58000008 setarg 0x0008 +5499 e7e40005 istore 2 ,contw +549a 18427e00 copy temp ,pdata +549b e7e40005 istore 2 ,contw +549c 58000000 setarg 0x0000 +549d e7e40005 istore 2 ,contw +549e 58000001 setarg 0x01 +549f e7e20005 istore 1 ,contw +54a0 58000002 setarg 0x02 +54a1 e7e20005 istore 1 ,contw +54a2 580003e3 setarg l2cap_config_mtu_rfcomm +54a3 e7e40005 istore 2 ,contw +54a4 d840000c arg 0xc ,temp +54a5 202054b8 branch ml2cap_send_signal + +ml2cap_send_signal_disconn_req: +54a6 44e9c01a bpatch patch1a_3 ,mem_patch1a +54a7 20405614 call l2cap_get_req_id +54a8 2040569d call l2cap_get_signal_tx_payload +54a9 58000006 setarg signal_disconnect_req +54aa e7e20005 istore 1 ,contw +54ab 6fe24227 fetch 1 ,mem_ml2cap_comm_id +54ac 1fe0fe01 increase 1 ,pdata +54ad 18a22200 copy contw ,rega +54ae 67e24227 store 1 ,mem_ml2cap_comm_id +54af 1a220a00 copy rega ,contw +54b0 e7e20005 istore 1 ,contw +54b1 58000004 setarg 0x0004 +54b2 e7e40005 istore 2 ,contw +54b3 18427e00 copy temp ,pdata +54b4 e7e40005 istore 2 ,contw +54b5 19627e00 copy timeup ,pdata +54b6 e7e40005 istore 2 ,contw +54b7 d8400008 arg 0x8 ,temp + +ml2cap_send_signal: +54b8 6044026b storet 2 ,mem_l2cap_signal_tx_length +54b9 18427e00 copy temp ,pdata +54ba 203a563e branch l2cap_malloc_discard ,blank +54bb 2040569b call l2cap_get_signal_tx_buff +54bc 6fe4026b fetch 2 ,mem_l2cap_signal_tx_length +54bd e7e40005 istore 2 ,contw +54be 18007e01 force l2cap_signal_channel ,pdata +54bf e7e40005 istore 2 ,contw +54c0 20600000 rtn + +msdp_send_req_done: +54c1 6fe40271 fetch 2 ,mem_sdp_tx_pkt_length +54c2 203a4a8b branch assert ,blank +54c3 204056a8 call l2cap_get_sdp_tx_buff +54c4 6fe40271 fetch 2 ,mem_sdp_tx_pkt_length +54c5 e7e40005 istore 2 ,contw +54c6 6fe4421a fetch 2 ,mem_sdp_remote_cid +54c7 e7e40005 istore 2 ,contw +54c8 20600000 rtn + +ml2cap_rx_multiplexing: +54c9 6fe40262 fetch 2 ,mem_l2cap_rx_pkt_length +54ca 203a51d6 branch l2cap_rx_reset_state ,blank +54cb 44ea401a bpatch patch1a_4 ,mem_patch1a +54cc 6fe20264 fetch 1 ,mem_l2cap_rx_cid +54cd c000d4d3 beq l2cap_signal_channel ,ml2cap_call_proc_signal +54ce c02851c2 beq l2cap_sdp_channel ,ml2cap_call_proc_sdp +54cf c028d1cf beq l2cap_rfcomm_channel ,l2cap_call_proc_rfcomm +54d0 c02951cd beq l2cap_hid_control_channel ,l2cap_call_proc_hid +54d1 c029d1cd beq l2cap_hid_interrupt_channel ,l2cap_call_proc_hid +54d2 202051d6 branch l2cap_rx_reset_state + +ml2cap_call_proc_signal: +54d3 44eac01a bpatch patch1a_5 ,mem_patch1a +54d4 20405692 call l2cap_malloc_signal_channel +54d5 18002400 force 0 ,regb +54d6 2040569d call l2cap_get_signal_tx_payload +54d7 1fe20a00 copy pdata ,contw +54d8 6fe40262 fetch 2 ,mem_l2cap_rx_pkt_length +54d9 1fe22600 copy pdata ,regc +54da 6fe40260 fetch 2 ,mem_l2cap_payload_ptr +54db 98000c00 iforce contr + +ml2cap_proc_one_comm_loop: +54dc 204054e2 call ml2cap_proc_one_comm +54dd 1a60a7fc increase -4 ,regc +54de 2422d4dc nbranch ml2cap_proc_one_comm_loop ,zero +54df 1a420400 copy regb ,temp +54e0 204054b8 call ml2cap_send_signal +54e1 202051d6 branch l2cap_rx_reset_state + +ml2cap_proc_one_comm: +54e2 efe20006 ifetch 1 ,contr +54e3 c00154ed beq signal_connect_req ,ml2cap_proc_signal_connect_req +54e4 c000d4f0 beq signal_cmd_reject ,ml2cap_proc_signal_cmd_reject +54e5 c001d4fa beq signal_connect_rsp ,ml2cap_proc_signal_connect_rsp +54e6 c002d536 beq signal_config_rsp ,ml2cap_proc_signal_config_rsp +54e7 c0025568 beq signal_config_req ,ml2cap_proc_signal_config_req +54e8 c003d5ed beq signal_disconnect_rsp ,ml2cap_proc_signal_disconn_rsp +54e9 c00355bb beq signal_disconnect_req ,ml2cap_proc_signal_disconn_req +54ea c004542a beq signal_echo_req ,l2cap_proc_signal_echo_req +54eb c0055214 beq signal_info_req ,ml2cap_proc_signal_info_req +54ec 20205608 branch ml2cap_proc_send_reject + +ml2cap_proc_signal_connect_req: +54ed 20407c83 call save_cont_pointers +54ee 20407c88 call load_cont_pointers +54ef 2020522b branch l2cap_proc_signal_connect_req + +ml2cap_proc_signal_cmd_reject: +54f0 efe20006 ifetch 1 ,contr +54f1 1fe20e00 copy pdata ,queue +54f2 efe40006 ifetch 2 ,contr +54f3 1fe22200 copy pdata ,rega +54f4 1a627e00 copy regc ,pdata +54f5 9a262600 isub rega ,regc + +mvptr: +54f6 efe20006 ifetch 1 ,contr +54f7 1a20a3ff increase -1 ,rega +54f8 2422d4f6 nbranch mvptr ,zero +54f9 20600000 rtn + +ml2cap_proc_signal_connect_rsp: +54fa efe20006 ifetch 1 ,contr +54fb 1fe20e00 copy pdata ,queue +54fc efe40006 ifetch 2 ,contr +54fd 1fe22200 copy pdata ,rega +54fe efe40006 ifetch 2 ,contr +54ff 1fe21600 copy pdata ,timeup +5500 efe40006 ifetch 2 ,contr +5501 1fe20400 copy pdata ,temp +5502 efe40006 ifetch 2 ,contr +5503 1fe67c00 sub pdata ,0 ,null +5504 2022d50c branch ml2cap_proc_signal_connect_rsp_sucessful ,zero +5505 c0015508 beq l2cap_connect_refused_psm_unsupported ,ml2cap_proc_signal_connect_refused_result +5506 c0025508 beq l2cap_connect_refused_no_resources ,ml2cap_proc_signal_connect_refused_result +5507 2020550a branch ml2cap_proc_signal_connect_rsp_mnosucc + +ml2cap_proc_signal_connect_refused_result: +5508 700a9516 jam bt_evt_ml2cap_conn_refused ,mem_fifo_temp +5509 20407bab call ui_ipc_send_event + +ml2cap_proc_signal_connect_rsp_mnosucc: +550a efe40006 ifetch 2 ,contr +550b 20205533 branch mnosucc + +ml2cap_proc_signal_connect_rsp_sucessful: +550c 20407c83 call save_cont_pointers +550d 44eb401a bpatch patch1a_6 ,mem_patch1a +550e 58000050 setarg l2cap_sdp_channel +550f 98467c00 isub temp ,null +5510 2022d51b branch ml2cap_proc_signal_connect_rsp_sdp ,zero +5511 58000051 setarg l2cap_rfcomm_channel +5512 98467c00 isub temp ,null +5513 2022d521 branch ml2cap_proc_signal_connect_rsp_rfcomm ,zero +5514 58000053 setarg l2cap_hid_interrupt_channel +5515 98467c00 isub temp ,null +5516 2022d52d branch ml2cap_proc_signal_connect_rsp_hid_int ,zero +5517 58000052 setarg l2cap_hid_control_channel +5518 98467c00 isub temp ,null +5519 2022d527 branch ml2cap_proc_signal_connect_rsp_hid_ctrl ,zero +551a 20205533 branch mnosucc + +ml2cap_proc_signal_connect_rsp_sdp: +551b 19627e00 copy timeup ,pdata +551c 67e4421a store 2 ,mem_sdp_remote_cid +551d 6fe24222 fetch 1 ,mem_sdp_state +551e 79207e01 set1 l2cap_channel_state_conn_res +551f 67e24222 store 1 ,mem_sdp_state +5520 20205532 branch mnosucc1 + +ml2cap_proc_signal_connect_rsp_rfcomm: +5521 19627e00 copy timeup ,pdata +5522 67e4421c store 2 ,mem_rfcomm_remote_cid +5523 6fe24223 fetch 1 ,mem_rfcomm_state +5524 79207e01 set1 l2cap_channel_state_conn_res +5525 67e24223 store 1 ,mem_rfcomm_state +5526 20205532 branch mnosucc1 + +ml2cap_proc_signal_connect_rsp_hid_ctrl: +5527 19627e00 copy timeup ,pdata +5528 67e4421e store 2 ,mem_hid_ctrl_remote_cid +5529 6fe24224 fetch 1 ,mem_hid_control_state +552a 79207e01 set1 l2cap_channel_state_conn_res +552b 67e24224 store 1 ,mem_hid_control_state +552c 20205532 branch mnosucc1 + +ml2cap_proc_signal_connect_rsp_hid_int: +552d 19627e00 copy timeup ,pdata +552e 67e44220 store 2 ,mem_hid_int_remote_cid +552f 6fe24225 fetch 1 ,mem_hid_interrupt_state +5530 79207e01 set1 l2cap_channel_state_conn_res +5531 67e24225 store 1 ,mem_hid_interrupt_state + +mnosucc1: +5532 20407c88 call load_cont_pointers + +mnosucc: +5533 1a627e00 copy regc ,pdata +5534 9a262600 isub rega ,regc +5535 20600000 rtn + +ml2cap_proc_signal_config_rsp: +5536 efe20006 ifetch 1 ,contr +5537 1fe20e00 copy pdata ,queue +5538 efe40006 ifetch 2 ,contr +5539 1fe22200 copy pdata ,rega +553a 1a627e00 copy regc ,pdata +553b 9a262600 isub rega ,regc +553c efe40006 ifetch 2 ,contr +553d 1fe21600 copy pdata ,timeup +553e efe40006 ifetch 2 ,contr +553f efe40006 ifetch 2 ,contr +5540 243a5562 nbranch mcrsdone1 ,blank +5541 20407c83 call save_cont_pointers +5542 19620400 copy timeup ,temp +5543 44ebc01a bpatch patch1a_7 ,mem_patch1a +5544 58000050 setarg l2cap_sdp_channel +5545 98467c00 isub temp ,null +5546 2022d550 branch ml2cap_proc_signal_config_rsp_sdp ,zero +5547 58000051 setarg l2cap_rfcomm_channel +5548 98467c00 isub temp ,null +5549 2022d554 branch ml2cap_proc_signal_config_rsp_rfcomm ,zero +554a 58000052 setarg l2cap_hid_control_channel +554b 98467c00 isub temp ,null +554c 2022d558 branch ml2cap_proc_signal_config_rsp_hid_ctrl ,zero +554d 58000053 setarg l2cap_hid_interrupt_channel +554e 98467c00 isub temp ,null +554f 2022d55c branch ml2cap_proc_signal_config_rsp_hid_int ,zero + +ml2cap_proc_signal_config_rsp_sdp: +5550 6fe24222 fetch 1 ,mem_sdp_state +5551 79207e05 set1 l2cap_channel_state_rcv_cfg_res +5552 67e24222 store 1 ,mem_sdp_state +5553 20600000 rtn + +ml2cap_proc_signal_config_rsp_rfcomm: +5554 6fe24223 fetch 1 ,mem_rfcomm_state +5555 79207e05 set1 l2cap_channel_state_rcv_cfg_res +5556 67e24223 store 1 ,mem_rfcomm_state +5557 20600000 rtn + +ml2cap_proc_signal_config_rsp_hid_ctrl: +5558 6fe24224 fetch 1 ,mem_hid_control_state +5559 79207e05 set1 l2cap_channel_state_rcv_cfg_res +555a 67e24224 store 1 ,mem_hid_control_state +555b 20600000 rtn + +ml2cap_proc_signal_config_rsp_hid_int: +555c 6fe24225 fetch 1 ,mem_hid_interrupt_state +555d 79207e05 set1 l2cap_channel_state_rcv_cfg_res +555e 67e24225 store 1 ,mem_hid_interrupt_state +555f 700a9506 jam bt_evt_hid_connected ,mem_fifo_temp +5560 20207bab branch ui_ipc_send_event + +mcfrsdone: +5561 20407c88 call load_cont_pointers + +mcrsdone1: +5562 1a20a3fa increase -6 ,rega + +mloop2: +5563 2022d567 branch mcrsdone ,zero +5564 18c08c01 increase 1 ,contr +5565 1a20a3ff increase -1 ,rega +5566 20205563 branch mloop2 + +mcrsdone: +5567 20600000 rtn + +ml2cap_proc_signal_config_req: +5568 efe20006 ifetch 1 ,contr +5569 1fe20e00 copy pdata ,queue +556a efe40006 ifetch 2 ,contr +556b 1fe22200 copy pdata ,rega +556c 1a627e00 copy regc ,pdata +556d 9a262600 isub rega ,regc +556e efe40006 ifetch 2 ,contr +556f 18c08c02 increase 2 ,contr +5570 1fe20400 copy pdata ,temp +5571 58000005 setarg signal_config_rsp +5572 e7e20005 istore 1 ,contw +5573 18e27e00 copy queue ,pdata +5574 e7e20005 istore 1 ,contw +5575 1a20a202 increase 2 ,rega +5576 1a227e00 copy rega ,pdata +5577 e7e40005 istore 2 ,contw +5578 20407c83 call save_cont_pointers +5579 44ec401b bpatch patch1b_0 ,mem_patch1b +557a 58000050 setarg l2cap_sdp_channel +557b 98467c00 isub temp ,null +557c 2022d587 branch ml2cap_proc_signal_config_req_sdp ,zero +557d 58000051 setarg l2cap_rfcomm_channel +557e 98467c00 isub temp ,null +557f 2022d598 branch ml2cap_proc_signal_config_req_rfcomm ,zero +5580 58000052 setarg l2cap_hid_control_channel +5581 98467c00 isub temp ,null +5582 2022d59e branch ml2cap_proc_signal_config_req_hid_ctrl ,zero +5583 58000053 setarg l2cap_hid_interrupt_channel +5584 98467c00 isub temp ,null +5585 2022d5a4 branch ml2cap_proc_signal_config_req_hid_int ,zero +5586 202055a9 branch mcfgrq_done + +ml2cap_proc_signal_config_req_sdp: +5587 6fe24222 fetch 1 ,mem_sdp_state +5588 79207e04 set1 l2cap_channel_state_rcv_cfg_req ,pdata +5589 79207e03 set1 l2cap_channel_state_snd_cfg_res ,pdata +558a 67e24222 store 1 ,mem_sdp_state +558b c2815595 bbit1 l2cap_channel_state_snd_cfg_req ,ml2cap_proc_signal_config_req_sdp_nsndreq +558c 6842027b fetcht 1 ,mem_control_tasks +558d 79200406 set1 l2cap_init_config_req ,temp +558e 6042027b storet 1 ,mem_control_tasks +558f 18e27e00 copy queue ,pdata +5590 1fe0fe01 increase 1 ,pdata +5591 67e2027d store 1 ,mem_config_identifier +5592 6fe24222 fetch 1 ,mem_sdp_state +5593 79207e02 set1 l2cap_channel_state_snd_cfg_req ,pdata +5594 67e24222 store 1 ,mem_sdp_state + +ml2cap_proc_signal_config_req_sdp_nsndreq: +5595 6fe4421a fetch 2 ,mem_sdp_remote_cid +5596 67e4027e store 2 ,mem_config_req_dest_cid +5597 202055a9 branch mcfgrq_done + +ml2cap_proc_signal_config_req_rfcomm: +5598 6fe24223 fetch 1 ,mem_rfcomm_state +5599 79207e04 set1 l2cap_channel_state_rcv_cfg_req ,pdata +559a 79207e03 set1 l2cap_channel_state_snd_cfg_res ,pdata +559b 67e24223 store 1 ,mem_rfcomm_state +559c 6fe4421c fetch 2 ,mem_rfcomm_remote_cid +559d 202055a9 branch mcfgrq_done + +ml2cap_proc_signal_config_req_hid_ctrl: +559e 6fe24224 fetch 1 ,mem_hid_control_state +559f 79207e04 set1 l2cap_channel_state_rcv_cfg_req ,pdata +55a0 79207e03 set1 l2cap_channel_state_snd_cfg_res ,pdata +55a1 67e24224 store 1 ,mem_hid_control_state +55a2 6fe4421e fetch 2 ,mem_hid_ctrl_remote_cid +55a3 202055a9 branch mcfgrq_done + +ml2cap_proc_signal_config_req_hid_int: +55a4 6fe24225 fetch 1 ,mem_hid_interrupt_state +55a5 79207e04 set1 l2cap_channel_state_rcv_cfg_req ,pdata +55a6 79207e03 set1 l2cap_channel_state_snd_cfg_res ,pdata +55a7 67e24225 store 1 ,mem_hid_interrupt_state +55a8 6fe44220 fetch 2 ,mem_hid_int_remote_cid + +mcfgrq_done: +55a9 1fe21600 copy pdata ,timeup +55aa 20407c88 call load_cont_pointers +55ab 19627e00 copy timeup ,pdata +55ac e7e40005 istore 2 ,contw +55ad 18007e00 force 0x0000 ,pdata +55ae e7e40005 istore 2 ,contw +55af 18007e00 force 0x0000 ,pdata +55b0 e7e40005 istore 2 ,contw +55b1 18007e0a force 10 ,pdata +55b2 9a40a400 iadd regb ,regb +55b3 1a20a3fa increase -6 ,rega + +mloop1: +55b4 2022d5ba branch mcrqdone ,zero +55b5 efe20006 ifetch 1 ,contr +55b6 e7e20005 istore 1 ,contw +55b7 1a40a401 increase 1 ,regb +55b8 1a20a3ff increase -1 ,rega +55b9 202055b4 branch mloop1 + +mcrqdone: +55ba 20600000 rtn + +ml2cap_proc_signal_disconn_req: +55bb efe20006 ifetch 1 ,contr +55bc 1fe20e00 copy pdata ,queue +55bd efe40006 ifetch 2 ,contr +55be 1fe22200 copy pdata ,rega +55bf 1a627e00 copy regc ,pdata +55c0 9a262600 isub rega ,regc +55c1 efe40006 ifetch 2 ,contr +55c2 1fe22200 copy pdata ,rega +55c3 efe40006 ifetch 2 ,contr +55c4 1fe21600 copy pdata ,timeup +55c5 20407c83 call save_cont_pointers +55c6 44ecc01b bpatch patch1b_1 ,mem_patch1b +55c7 58000050 setarg l2cap_sdp_channel +55c8 1a220400 copy rega ,temp +55c9 98467c00 isub temp ,null +55ca 2022d5d4 branch ml2cap_proc_signal_disconn_sdp ,zero +55cb 58000052 setarg l2cap_hid_control_channel +55cc 1a220400 copy rega ,temp +55cd 98467c00 isub temp ,null +55ce 2022d5d9 branch ml2cap_proc_signal_disconn_hid_ctrl ,zero +55cf 58000053 setarg l2cap_hid_interrupt_channel +55d0 1a220400 copy rega ,temp +55d1 98467c00 isub temp ,null +55d2 2022d5db branch ml2cap_proc_signal_disconn_hid_int ,zero +55d3 202055dd branch mclsrfc + +ml2cap_proc_signal_disconn_sdp: +55d4 58000000 setarg 0x0000 +55d5 67e40271 store 2 ,mem_sdp_tx_pkt_length +55d6 67e4421a store 2 ,mem_sdp_remote_cid +55d7 67e24222 store 1 ,mem_sdp_state +55d8 202055df branch mclssdp + +ml2cap_proc_signal_disconn_hid_ctrl: +55d9 20405453 call l2cap_reset_hid_ctrl_state +55da 202055df branch mclssdp + +ml2cap_proc_signal_disconn_hid_int: +55db 20405459 call l2cap_reset_hid_int_state +55dc 202055df branch mclssdp + +mclsrfc: +55dd 58000000 setarg 0x0000 +55de 67e40277 store 2 ,mem_rfcomm_tx_pkt_length + +mclssdp: +55df 20407c88 call load_cont_pointers +55e0 58000007 setarg signal_disconnect_rsp +55e1 e7e20005 istore 1 ,contw +55e2 18e27e00 copy queue ,pdata +55e3 e7e20005 istore 1 ,contw +55e4 58000004 setarg 0x0004 +55e5 e7e40005 istore 2 ,contw +55e6 1a227e00 copy rega ,pdata +55e7 e7e40005 istore 2 ,contw +55e8 19627e00 copy timeup ,pdata +55e9 e7e40005 istore 2 ,contw +55ea 18007e08 force 8 ,pdata +55eb 9a40a400 iadd regb ,regb +55ec 20600000 rtn + +ml2cap_proc_signal_disconn_rsp: +55ed efe20006 ifetch 1 ,contr +55ee 1fe20e00 copy pdata ,queue +55ef efe40006 ifetch 2 ,contr +55f0 1fe22200 copy pdata ,rega +55f1 efe40006 ifetch 2 ,contr +55f2 1fe21600 copy pdata ,timeup +55f3 efe40006 ifetch 2 ,contr +55f4 1fe20400 copy pdata ,temp +55f5 20407c83 call save_cont_pointers +55f6 44ed401b bpatch patch1b_2 ,mem_patch1b +55f7 6fe24227 fetch 1 ,mem_ml2cap_comm_id +55f8 a8e1fe00 icompare 0xff ,queue +55f9 2420d604 nbranch mdisdone ,true +55fa 58000050 setarg l2cap_sdp_channel +55fb 98467c00 isub temp ,null +55fc 2022d601 branch ml2cap_proc_signal_disconn_rsp_sdp ,zero +55fd 58000051 setarg l2cap_rfcomm_channel +55fe 98467c00 isub temp ,null +55ff 2022d604 branch ml2cap_proc_signal_disconn_rsp_rfcomm ,zero +5600 20205604 branch mdisdone + +ml2cap_proc_signal_disconn_rsp_sdp: +5601 70421a00 jam 0 ,mem_sdp_remote_cid +5602 70422200 jam 0 ,mem_sdp_state +5603 20205604 branch mdisdone + +ml2cap_proc_signal_disconn_rsp_rfcomm: + +mdisdone: +5604 20407c88 call load_cont_pointers +5605 1a627e00 copy regc ,pdata +5606 9a262600 isub rega ,regc +5607 20600000 rtn + +ml2cap_proc_send_reject: +5608 58000001 setarg signal_cmd_reject +5609 e7e20005 istore 1 ,contw +560a efe20006 ifetch 1 ,contr +560b e7e20005 istore 1 ,contw +560c 58000002 setarg 0x0002 +560d e7e40005 istore 2 ,contw +560e 58000000 setarg 0x0000 +560f e7e40005 istore 2 ,contw +5610 58000006 setarg 0x0006 +5611 9a40a400 iadd regb ,regb +5612 18002604 force 4 ,regc +5613 20600000 rtn + +l2cap_get_req_id: +5614 6fe24227 fetch 1 ,mem_ml2cap_comm_id +5615 1fe0fe01 increase 1 ,pdata +5616 c0805618 bne 0 ,l2cap_get_req_id_ok +5617 1fe0fe01 increase 1 ,pdata + +l2cap_get_req_id_ok: +5618 67e24227 store 1 ,mem_ml2cap_comm_id +5619 20600000 rtn + +l2cap_malloc: +561a 44edc01b bpatch patch1b_3 ,mem_patch1b +561b da400000 arg 0 ,regb +561c 20405648 call l2cap_malloc_is_fifo_full +561d 243a4a8b nbranch assert ,blank +561e 20405658 call l2cap_malloc_get_full_map +561f da401800 arg mem_tx_buff0 ,regb +5620 d8e00000 arg 0 ,queue + +l2cap_malloc_loop: +5621 68424228 fetcht 1 ,mem_used_map +5622 a84fffff qisolate1 temp +5623 2020d629 branch l2cap_malloc_next ,true +5624 2040567a call l2cap_malloc_enough +5625 19667c00 sub timeup ,0 ,null +5626 20215629 branch l2cap_malloc_next ,positive +5627 20405662 call l2cap_malloc_into_fifo +5628 2020562f branch l2cap_malloc_rtn + +l2cap_malloc_next: +5629 1a40a480 increase 128 ,regb +562a 18e08e01 increase 1 ,queue +562b 58000008 setarg 8 +562c 98e67c00 isub queue ,null +562d 20215621 branch l2cap_malloc_loop ,positive +562e da400000 arg 0 ,regb + +l2cap_malloc_rtn: +562f 1a427e00 copy regb ,pdata +5630 203a4a8b branch assert ,blank +5631 20600000 rtn + +l2cap_malloc_fifo_out: +5632 44ee401b bpatch patch1b_4 ,mem_patch1b +5633 20405651 call l2cap_malloc_fifo_get_first_ptr +5634 18c08c01 increase 1 ,contr +5635 efe40006 ifetch 2 ,contr +5636 20600000 rtn + +l2cap_malloc_free: +5637 44eec01b bpatch patch1b_5 ,mem_patch1b +5638 20405651 call l2cap_malloc_fifo_get_first_ptr +5639 18c20a00 copy contr ,contw +563a 18c20400 copy contr ,temp +563b 58000000 setarg 0 +563c e7e60005 istore 3 ,contw +563d 20600000 rtn + +l2cap_malloc_discard: +563e 44ef401b bpatch patch1b_6 ,mem_patch1b +563f 2040564e call l2cap_malloc_is_fifo_empty +5640 203a4a8b branch assert ,blank +5641 6fe6422f fetch 3 ,mem_tx_fifo2 +5642 67e64232 store 3 ,mem_tx_fifo3 +5643 6fe6422c fetch 3 ,mem_tx_fifo1 +5644 67e6422f store 3 ,mem_tx_fifo2 +5645 6fe64229 fetch 3 ,mem_tx_fifo0 +5646 67e6422c store 3 ,mem_tx_fifo1 +5647 20600000 rtn + +l2cap_malloc_is_fifo_full: +5648 44efc01b bpatch patch1b_7 ,mem_patch1b +5649 6fe64229 fetch 3 ,mem_tx_fifo0 +564a 20600000 rtn + +l2cap_malloc_is_fifo_nearly_full: +564b 44f0401c bpatch patch1c_0 ,mem_patch1c +564c 6fe6422c fetch 3 ,mem_tx_fifo1 +564d 20600000 rtn + +l2cap_malloc_is_fifo_empty: +564e 44f0c01c bpatch patch1c_1 ,mem_patch1c +564f 6fe64232 fetch 3 ,mem_tx_fifo3 +5650 20600000 rtn + +l2cap_malloc_fifo_get_first_ptr: +5651 2040564e call l2cap_malloc_is_fifo_empty +5652 203a4a8b branch assert ,blank +5653 d8c04229 arg mem_tx_fifo0 ,contr + +l2cap_malloc_free_loop: +5654 efe60006 ifetch 3 ,contr +5655 203a5654 branch l2cap_malloc_free_loop ,blank +5656 18c08dfd increase -3 ,contr +5657 20600000 rtn + +l2cap_malloc_get_full_map: +5658 44f1401c bpatch patch1c_2 ,mem_patch1c +5659 df200004 arg 4 ,loopcnt +565a d8c04229 arg mem_tx_fifo0_map ,contr +565b d8400000 arg 0 ,temp + +l2cap_malloc_get_full_map_loop: +565c efe60006 ifetch 3 ,contr +565d 1fe17eff and pdata ,0xff ,pdata +565e 98418400 ior temp ,temp +565f c200565c loop l2cap_malloc_get_full_map_loop +5660 60424228 storet 1 ,mem_used_map +5661 20600000 rtn + +l2cap_malloc_into_fifo: +5662 44f1c01c bpatch patch1c_3 ,mem_patch1c +5663 20405648 call l2cap_malloc_is_fifo_full +5664 243a4a8b nbranch assert ,blank +5665 2040564e call l2cap_malloc_is_fifo_empty +5666 203a566f branch l2cap_malloc_into_fifo_no_push ,blank +5667 6fe6422c fetch 3 ,mem_tx_fifo1 +5668 67e64229 store 3 ,mem_tx_fifo0 +5669 efe60006 ifetch 3 ,contr +566a e7e60005 istore 3 ,contw +566b efe60006 ifetch 3 ,contr +566c e7e60005 istore 3 ,contw +566d 58000000 setarg 0 +566e e7e60005 istore 3 ,contw + +l2cap_malloc_into_fifo_no_push: +566f d8400000 arg 0 ,temp +5670 19627e00 copy timeup ,pdata +5671 98e0fe00 iadd queue ,pdata + +l2cap_malloc_into_fifo_loop: +5672 f9200400 qset1 temp +5673 18e08e01 increase 1 ,queue +5674 98e67c00 isub queue ,null +5675 2422d672 nbranch l2cap_malloc_into_fifo_loop ,zero +5676 1a4d7e00 lshift8 regb ,pdata +5677 9841fe00 ior temp ,pdata +5678 67e64232 store 3 ,mem_tx_fifo3 +5679 20600000 rtn + +l2cap_malloc_enough: +567a 44f2401c bpatch patch1c_4 ,mem_patch1c +567b 20405658 call l2cap_malloc_get_full_map +567c 18e22600 copy queue ,regc +567d d8400000 arg 0 ,temp +567e d9600000 arg 0 ,timeup + +l2cap_malloc_enough_loop: +567f 18e27e00 copy queue ,pdata +5680 c004568a beq 8 ,l2cap_malloc_enough_end +5681 6fe24228 fetch 1 ,mem_used_map +5682 afefffff qisolate1 pdata +5683 2020d68a branch l2cap_malloc_enough_end ,true +5684 18408480 increase 128 ,temp +5685 18e08e01 increase 1 ,queue +5686 1a227e00 copy rega ,pdata +5687 98467c00 isub temp ,null +5688 2022d68a branch l2cap_malloc_enough_end ,zero +5689 2021567f branch l2cap_malloc_enough_loop ,positive + +l2cap_malloc_enough_end: +568a 18427e00 copy temp ,pdata +568b 9a267c00 isub rega ,null +568c 24215690 nbranch l2cap_malloc_enough_rtn ,positive +568d 18e27e00 copy queue ,pdata +568e 1a620400 copy regc ,temp +568f 98461600 isub temp ,timeup + +l2cap_malloc_enough_rtn: +5690 1a620e00 copy regc ,queue +5691 20600000 rtn + +l2cap_malloc_signal_channel: +5692 44f2c01c bpatch patch1c_5 ,mem_patch1c +5693 da20007f arg l2cap_signal_malloc_size ,rega +5694 2040561a call l2cap_malloc +5695 67e40267 store 2 ,mem_l2cap_signal_tx_buff_ptr +5696 1fe0fe04 increase 4 ,pdata +5697 67e40269 store 2 ,mem_l2cap_signal_tx_payload_ptr +5698 58000000 setarg 0 +5699 67e4026b store 2 ,mem_l2cap_signal_tx_length +569a 20600000 rtn + +l2cap_get_signal_tx_buff: +569b 6fe40267 fetch 2 ,mem_l2cap_signal_tx_buff_ptr +569c 202056bc branch l2cap_util_pdata_to_contw + +l2cap_get_signal_tx_payload: +569d 6fe40269 fetch 2 ,mem_l2cap_signal_tx_payload_ptr +569e 202056bc branch l2cap_util_pdata_to_contw + +l2cap_malloc_sdp_channel: +569f 44f3401c bpatch patch1c_6 ,mem_patch1c +56a0 da2000fa arg sdp_malloc_size ,rega +56a1 2040561a call l2cap_malloc +56a2 67e4026d store 2 ,mem_sdp_tx_buff_ptr +56a3 1fe0fe04 increase 4 ,pdata +56a4 67e4026f store 2 ,mem_sdp_tx_payload_ptr +56a5 58000000 setarg 0 +56a6 67e40271 store 2 ,mem_sdp_tx_pkt_length +56a7 20600000 rtn + +l2cap_get_sdp_tx_buff: +56a8 6fe4026d fetch 2 ,mem_sdp_tx_buff_ptr +56a9 202056bc branch l2cap_util_pdata_to_contw + +l2cap_get_sdp_tx_payload: +56aa 6fe4026f fetch 2 ,mem_sdp_tx_payload_ptr +56ab 202056bc branch l2cap_util_pdata_to_contw + +l2cap_malloc_rfcomm_channel: +56ac 44f3c01c bpatch patch1c_7 ,mem_patch1c +56ad 20407c57 call push_stack +56ae 70028001 jam rfcomm_malloc_fail ,mem_rfcomm_malloc_fail_flag +56af 20405648 call l2cap_malloc_is_fifo_full +56b0 247a0000 nrtn blank +56b1 da20007f arg rfcomm_malloc_size ,rega +56b2 2040561a call l2cap_malloc +56b3 67e40273 store 2 ,mem_rfcomm_tx_buff_ptr +56b4 1fe0fe04 increase 4 ,pdata +56b5 67e40275 store 2 ,mem_rfcomm_tx_payload_ptr +56b6 58000000 setarg 0 +56b7 67e40277 store 2 ,mem_rfcomm_tx_pkt_length +56b8 70028000 jam rfcomm_malloc_succeed ,mem_rfcomm_malloc_fail_flag +56b9 20207c67 branch pop_stack + +l2cap_get_rfcomm_tx_buff: +56ba 6fe40273 fetch 2 ,mem_rfcomm_tx_buff_ptr +56bb 202056bc branch l2cap_util_pdata_to_contw + +l2cap_util_pdata_to_contw: +56bc 203a4a8b branch assert ,blank +56bd 1fe20a00 copy pdata ,contw +56be 20600000 rtn + +l2cap_lpm_save_calc_len: +56bf 44f4401d bpatch patch1d_0 ,mem_patch1d +56c0 da400000 arg 0 ,regb +56c1 da204229 arg mem_tx_fifo0_map ,rega +56c2 1a20a3fe increase -2 ,rega + +l2cap_lpm_save_calc_len_loop: +56c3 1a20a202 increase 2 ,rega +56c4 58004235 setarg mem_tx_fifo_end +56c5 9a267c00 isub rega ,null +56c6 2022d6cf branch l2cap_lpm_save_calc_len_end ,zero +56c7 efe20011 ifetch 1 ,rega +56c8 1a20a201 increase 1 ,rega +56c9 203a56c3 branch l2cap_lpm_save_calc_len_loop ,blank +56ca e8440011 ifetcht 2 ,rega +56cb efe40002 ifetch 2 ,temp +56cc 9a40a400 iadd regb ,regb +56cd 1a40a404 increase 4 ,regb +56ce 202056c3 branch l2cap_lpm_save_calc_len_loop + +l2cap_lpm_save_calc_len_end: +56cf 1a427e00 copy regb ,pdata +56d0 20600000 rtn + +l2cap_lpm_get_wake_lock: +56d1 d8e0000c arg wake_lock_l2cap_tx ,queue +56d2 20204bec branch lpm_get_wake_lock + +l2cap_lpm_put_wake_lock: +56d3 d8e0000c arg wake_lock_l2cap_tx ,queue +56d4 20204bf0 branch lpm_put_wake_lock + +l2cap_lpm_save_txbuf: +56d5 44f4c01d bpatch patch1d_1 ,mem_patch1d +56d6 20405658 call l2cap_malloc_get_full_map +56d7 6fe24228 fetch 1 ,mem_used_map +56d8 207a0000 rtn blank +56d9 204056bf call l2cap_lpm_save_calc_len +56da d8400100 arg l2cap_lpm_txbuf_len ,temp +56db 98467c00 isub temp ,null +56dc 202156d1 branch l2cap_lpm_get_wake_lock ,positive +56dd 204056d3 call l2cap_lpm_put_wake_lock +56de d8a04235 arg mem_l2cap_lpm_txbuf ,contw +56df da204229 arg mem_tx_fifo0 ,rega + +l2cap_lpm_save_txbuf_loop: +56e0 58004235 setarg mem_tx_fifo_end +56e1 9a267c00 isub rega ,null +56e2 20628000 rtn zero +56e3 efe20011 ifetch 1 ,rega +56e4 1a20a201 increase 1 ,rega +56e5 243a56e9 nbranch l2cap_lpm_save_txbuf_nempty ,blank +56e6 e7e40005 istore 2 ,contw +56e7 1a20a202 increase 2 ,rega +56e8 202056e0 branch l2cap_lpm_save_txbuf_loop + +l2cap_lpm_save_txbuf_nempty: +56e9 efe40011 ifetch 2 ,rega +56ea 1a20a202 increase 2 ,rega +56eb 1fe20c00 copy pdata ,contr +56ec efe40006 ifetch 2 ,contr +56ed e7e40005 istore 2 ,contw +56ee 1fe27200 copy pdata ,loopcnt +56ef 1f20f202 increase 2 ,loopcnt +56f0 20407cdc call memcpy +56f1 202056e0 branch l2cap_lpm_save_txbuf_loop + +l2cap_lpm_load_txbuf: +56f2 44f5401d bpatch patch1d_2 ,mem_patch1d +56f3 20405658 call l2cap_malloc_get_full_map +56f4 6fe24228 fetch 1 ,mem_used_map +56f5 207a0000 rtn blank +56f6 da20422a arg mem_tx_fifo0_ptr ,rega +56f7 1a20a3fd increase -3 ,rega +56f8 d8c04235 arg mem_l2cap_lpm_txbuf ,contr + +l2cap_lpm_load_txbuf_loop: +56f9 1a20a203 increase 3 ,rega +56fa 58004236 setarg mem_tx_fifo_end + 1 +56fb 9a267c00 isub rega ,null +56fc 20628000 rtn zero +56fd efe40006 ifetch 2 ,contr +56fe 203a56f9 branch l2cap_lpm_load_txbuf_loop ,blank +56ff 1fe0fe04 increase 4 ,pdata +5700 1fe27200 copy pdata ,loopcnt +5701 18c22400 copy contr ,regb +5702 efe40011 ifetch 2 ,rega +5703 1fe20a00 copy pdata ,contw +5704 1a420c00 copy regb ,contr +5705 18c08dfe increase -2 ,contr +5706 20407cdc call memcpy +5707 202056f9 branch l2cap_lpm_load_txbuf_loop + +le_init_conn: +5708 44f5c01d bpatch patch1d_3 ,mem_patch1d +5709 7855fc00 disable wake +570a 70045101 jam 1 ,mem_le_conn_handle +570b 70043b03 jam 3 ,mem_le_state +570c 70045201 jam 1 ,mem_le_arq +570d 5fffffff setarg -1 +570e 67e40455 store 2 ,mem_le_event_count +570f 18007e00 force 0 ,pdata +5710 67e20453 store 1 ,mem_le_ch +5711 67e2045e store 1 ,mem_le_op +5712 67e6416a store 3 ,mem_sniff_rcv +5713 67e6416d store 3 ,mem_sniff_lost +5714 67ea43d5 store 5 ,mem_le_pcnt_tx +5715 79207e27 set1 39 ,pdata +5716 67ea43da store 5 ,mem_le_pcnt_rx +5717 7043ae01 jam 1 ,mem_le_txheader +5718 7043af00 jam 0 ,mem_le_txlen +5719 20205ac9 branch le_supervision_flush + +le_init_master: +571a 44f6401d bpatch patch1d_4 ,mem_patch1d +571b 7834fc00 enable master +571c 70043c03 jam lemode_master ,mem_le_mode +571d 70047401 jam 1 ,mem_le_att_handle +571e 70442c01 jam 1 ,mem_le_search_handle_start +571f 5800ffff setarg 0xffff +5720 67e4442e store 2 ,mem_le_search_handle_end +5721 18007e00 force 0 ,pdata +5722 67ea43da store 5 ,mem_le_pcnt_rx +5723 79207e27 set1 39 ,pdata +5724 67ea43d5 store 5 ,mem_le_pcnt_tx +5725 20205708 branch le_init_conn + +le_init_slave: +5726 44f6c01d bpatch patch1d_5 ,mem_patch1d +5727 7854fc00 disable master +5728 58000017 setarg 0x17 +5729 67e4447a store 2 ,mem_le_remote_mtu +572a 70043c01 jam lemode_slave ,mem_le_mode +572b 70434000 jam 0 ,mem_le_adv_enable +572c 7000a000 jam 0 ,mem_lpm_current_mult +572d 70449600 jam flag_le_pairing_null ,mem_le_pairing_state +572e 70449700 jam flag_le_enc_null ,mem_le_enc_state +572f 6fe40469 fetch 2 ,mem_le_superto +5730 67e4448c store 2 ,mem_le_init_superto +5731 6fe4043d fetch 2 ,mem_le_tsniff +5732 1feffe05 mul32 pdata ,5 ,pdata +5733 1ff1fe00 rshift4 pdata ,pdata +5734 67e40469 store 2 ,mem_le_superto +5735 20205708 branch le_init_conn + +le_dispatch: +5736 2040579e call le_enable +5737 204059c2 call le_scan +5738 20405acc call le_adv +5739 202057a8 branch le_disable + +le_conn_dispatch: +573a 44f7401d bpatch patch1d_6 ,mem_patch1d +573b 2040579e call le_enable +573c 20404c8d call app_process_ble +573d 6fe2043c fetch 1 ,mem_le_mode +573e c001d740 beq lemode_master ,le_master_dispatch +573f 20205754 branch le_slave_dispatch + +le_master_dispatch: +5740 44f7c01d bpatch patch1d_7 ,mem_patch1d +5741 7834fc00 enable master +5742 20405ac0 call le_supervision_update +5743 20215751 branch le_master_disconn ,positive +5744 20404c27 call check_ble_disabled +5745 204057ed call le_setup +5746 204059f8 call le_prepare_tx +5747 7856fc00 disable match +5748 20405899 call le_transmit_receive_sifs +5749 24768000 nrtn match +574a 44f8401e bpatch patch1e_0 ,mem_patch1e +574b 6fe20005 fetch 1 ,mem_le_conn_rcv +574c 1fe0fe01 increase 1 ,pdata +574d 67e20005 store 1 ,mem_le_conn_rcv +574e 20405984 call le_acknowledge +574f 7854fc00 disable master +5750 20600000 rtn + +le_master_disconn: +5751 20405783 call le_disconnect +5752 7854fc00 disable master +5753 20600000 rtn + +le_slave_dispatch: +5754 44f8c01e bpatch patch1e_1 ,mem_patch1e +5755 7044e100 jam 0 ,mem_le_md_count +5756 20407964 call sp_calc_sequence_256 +5757 20405ff8 call le_secure_connect_sm +5758 78577c00 disable attempt +5759 20405ac0 call le_supervision_update +575a 20215783 branch le_slave_disconn ,positive +575b 20404c27 call check_ble_disabled +575c 204057ed call le_setup +575d 20405863 call le_receive_slave +575e 242c5775 nbranch le_slave_unsync ,sync +575f 20405791 call le_got_first_packet +5760 2036d762 branch le_slave_match ,match +5761 2020576f branch le_slave_cont + +le_slave_match: +5762 44f9401e bpatch patch1e_2 ,mem_patch1e +5763 6fe244e1 fetch 1 ,mem_le_md_count +5764 1fe0fe01 pincrease 1 +5765 67e244e1 store 1 ,mem_le_md_count +5766 c006576f beq le_md_max_count ,le_slave_cont +5767 20405984 call le_acknowledge +5768 204059f8 call le_prepare_tx +5769 204058a1 call le_transmit_norx +576a 20405a58 call le_parse +576b 6fe441fc fetch 2 ,mem_cb_ble_transmit +576c 20407d77 call callback_func +576d 2040577a call le_check_md +576e 2034577e branch le_slave_more_data ,user + +le_slave_cont: +576f 44f9c01e bpatch patch1e_3 ,mem_patch1e +5770 20405fc4 call le_pairing_sm +5771 20405fbb call le_check_paring_time +5772 20407bc1 call check_51cmd +5773 6fe2045e fetch 1 ,mem_le_op +5774 c281d783 bbit1 op_disconn ,le_slave_disconn + +le_slave_unsync: +5775 44fa401e bpatch patch1e_4 ,mem_patch1e +5776 20405bd4 call le_lpm_set_mult +5777 20405977 call le_update_channel_map +5778 2040594f call le_update_param +5779 2020483d branch calc_clke_offset + +le_check_md: +577a 78547c00 disable user +577b c5157dbf bmark1 mark_ble_rx_md ,enable_user +577c c514fdbf bmark1 mark_ble_tx_md ,enable_user +577d 20600000 rtn + +le_slave_more_data: +577e 44fac01e bpatch patch1e_5 ,mem_patch1e +577f 78377c00 enable attempt +5780 2040589b call le_transmit_receive_sifs_notx +5781 2036d762 branch le_slave_match ,match +5782 2020576f branch le_slave_cont + +le_slave_disconn: + +le_disconnect: +5783 44fb401e bpatch patch1e_6 ,mem_patch1e +5784 20405789 call le_clear_connection_info +5785 20404d3f call app_disconn_reason_collect_ble +5786 2040792c call sp_initialize_256 +5787 700a9515 jam bt_evt_le_disconnected ,mem_fifo_temp +5788 20207bab branch ui_ipc_send_event + +le_clear_connection_info: +5789 58000000 setarg 0 +578a 67f244d1 store 9 ,mem_le_tx_buff_used +578b 70045100 jam 0 ,mem_le_conn_handle +578c 70043c00 jam lemode_idle ,mem_le_mode +578d 70043b00 jam 0 ,mem_le_state +578e 70449700 jam flag_le_enc_null ,mem_le_enc_state +578f 70449600 jam flag_le_pairing_null ,mem_le_pairing_state +5790 20600000 rtn + +le_got_first_packet: +5791 44fbc01e bpatch patch1e_7 ,mem_patch1e +5792 6fe20005 fetch 1 ,mem_le_conn_rcv +5793 1fe0fe01 increase 1 ,pdata +5794 67e20005 store 1 ,mem_le_conn_rcv +5795 6fe2043b fetch 1 ,mem_le_state +5796 c3818000 rtnbit1 lestate_got_first_packet +5797 79207e03 set1 lestate_got_first_packet +5798 67e2043b store 1 ,mem_le_state +5799 6fe4448c fetch 2 ,mem_le_init_superto +579a 67e40469 store 2 ,mem_le_superto +579b 58000000 setarg 0 +579c 67e844b7 store 4 ,mem_le_transmit_window +579d 20600000 rtn + +le_enable: +579e 44fc401f bpatch patch1f_0 ,mem_patch1f +579f 70890f36 hjam 0x36 ,0x90f +57a0 70890b5f hjam 0x5f ,0x90b +57a1 783b7c00 enable le +57a2 70891407 hjam 7 ,rfen_ulp +57a3 20404c27 call check_ble_disabled +57a4 6fe241e1 fetch 1 ,mem_250k_freq_enable +57a5 207a0000 rtn blank +57a6 70890ab8 hjam 0xb8 ,0x90a +57a7 20600000 rtn + +le_disable: +57a8 44fcc01f bpatch patch1f_1 ,mem_patch1f +57a9 70890f2e hjam 0x2e ,0x90f +57aa 70890bff hjam 0xff ,0x90b +57ab 785b7c00 disable le +57ac 70891403 hjam 3 ,rfen_ulp +57ad db600000 arg 0 ,stop_watch +57ae 20600000 rtn + +le_prep: +57af 7844fc00 disable enable_crc +57b0 7843fc00 disable enable_white +57b1 6fe60463 fetch 3 ,mem_le_crcinit +57b2 98001e00 iforce crc24_init +57b3 6fe20016 fetch 1 ,mem_le_ch_mapped +57b4 1fed8400 reverse pdata ,temp +57b5 79200401 set1 1 ,temp +57b6 18431c00 rshift temp ,white_init +57b7 20600000 rtn + +lerx_setfreq: +57b8 204057c0 call le_setfreq +57b9 2040491c call set_freq_rx +57ba 58000500 setarg param_pll_setup +57bb 20404a8e call sleep +57bc 20204921 branch rf_rx_enable + +letx_setfreq: +57bd 2036c936 branch txon ,match + +letx_setfreq0: +57be 204057c0 call le_setfreq +57bf 20204930 branch set_freq_tx + +le_setfreq: +57c0 44fd401f bpatch patch1f_2 ,mem_patch1f +57c1 20404915 call set_sync_on +57c2 6fe20488 fetch 1 ,mem_le_testtype +57c3 243a57d3 nbranch le_ctf_test ,blank +57c4 6fe20016 fetch 1 ,mem_le_ch_mapped +57c5 1fe67c24 sub pdata ,36 ,null +57c6 202157cd branch le_ctf_normal ,positive +57c7 18000400 force 0 ,temp +57c8 c1128000 rtneq 37 +57c9 18000418 force 24 ,temp +57ca c1130000 rtneq 38 +57cb 1800044e force 78 ,temp +57cc 20600000 rtn + +le_ctf_normal: +57cd 1fe67c0a sub pdata ,10 ,null +57ce 202157d0 branch le_ctf_low ,positive +57cf 1fe0fe01 increase 1 ,pdata + +le_ctf_low: +57d0 1fe3fe00 lshift pdata ,pdata +57d1 1fe08402 add pdata ,2 ,temp +57d2 20600000 rtn + +le_ctf_test: +57d3 6fe20016 fetch 1 ,mem_le_ch_mapped +57d4 1fe38400 lshift pdata ,temp +57d5 20600000 rtn + +le_sca_map: +57d6 d84001f4 arg 500 ,temp +57d7 207a0000 rtn blank +57d8 d84000fa arg 250 ,temp +57d9 c1008000 rtneq 1 +57da d8400096 arg 150 ,temp +57db c1010000 rtneq 2 +57dc d8400064 arg 100 ,temp +57dd c1018000 rtneq 3 +57de d840004b arg 75 ,temp +57df c1020000 rtneq 4 +57e0 d8400032 arg 50 ,temp +57e1 c1028000 rtneq 5 +57e2 d8400028 arg 40 ,temp +57e3 c1030000 rtneq 6 +57e4 d8400014 arg 20 ,temp +57e5 20600000 rtn + +le_adv_access: +57e6 588e89be setarg 0x8e89be +57e7 1fed7e00 lshift8 pdata ,pdata +57e8 1fe1fed6 or_into 0xd6 ,pdata +57e9 98001200 iforce access +57ea 58555555 setarg 0x555555 +57eb 67e60463 store 3 ,mem_le_crcinit +57ec 20600000 rtn + +le_setup: +57ed 44fdc01f bpatch patch1f_3 ,mem_patch1f +57ee 78287c00 enable swfine +57ef 6fe8045f fetch 4 ,mem_le_access +57f0 98001200 iforce access +57f1 20405840 call le_map_channel +57f2 58000200 setarg 0x200 +57f3 2034d7f6 branch le_setup_master ,master +57f4 6fe40449 fetch 2 ,mem_le_receive_window +57f5 1fe37e00 rshift pdata ,pdata + +le_setup_master: +57f6 d8400500 arg param_pll_setup ,temp +57f7 9840fe00 iadd temp ,pdata +57f8 20404a23 call ahead_window +57f9 1b427e00 deposit clke +57fa 67ec048d store 6 ,mem_le_rxon_ts +57fb 20600000 rtn + +le_next_adv_channel: +57fc 44fe401f bpatch patch1f_4 ,mem_patch1f +57fd 6fe20016 fetch 1 ,mem_le_ch_mapped +57fe c012d802 beq 37 ,le_next_adv_channel_curr_channel_37 +57ff c0135808 beq 38 ,le_next_adv_channel_curr_channel_38 +5800 c013d80e beq 39 ,le_next_adv_channel_curr_channel_39 +5801 2020580e branch le_next_adv_channel_curr_channel_39 + +le_next_adv_channel_curr_channel_37: +5802 6842445f fetcht 1 ,mem_le_adv_channel_map +5803 284ffe01 isolate1 bit_adv_channel_map_38 ,temp +5804 2020d819 branch set_le_next_adv_channel_38 ,true +5805 284ffe02 isolate1 bit_adv_channel_map_39 ,temp +5806 2020d81e branch set_le_next_adv_channel_39 ,true +5807 20205814 branch set_le_next_adv_channel_37 + +le_next_adv_channel_curr_channel_38: +5808 6842445f fetcht 1 ,mem_le_adv_channel_map +5809 284ffe02 isolate1 bit_adv_channel_map_39 ,temp +580a 2020d81e branch set_le_next_adv_channel_39 ,true +580b 284ffe00 isolate1 bit_adv_channel_map_37 ,temp +580c 2020d814 branch set_le_next_adv_channel_37 ,true +580d 20205819 branch set_le_next_adv_channel_38 + +le_next_adv_channel_curr_channel_39: +580e 6842445f fetcht 1 ,mem_le_adv_channel_map +580f 284ffe00 isolate1 bit_adv_channel_map_37 ,temp +5810 2020d814 branch set_le_next_adv_channel_37 ,true +5811 284ffe01 isolate1 bit_adv_channel_map_38 ,temp +5812 2020d819 branch set_le_next_adv_channel_38 ,true +5813 2020581e branch set_le_next_adv_channel_39 + +set_le_next_adv_channel_37: +5814 70001625 jam 37 ,mem_le_ch_mapped +5815 6fe20abe fetch 1 ,mem_le_adv_channel_map_temp +5816 79207e00 set1 bit_adv_channel_map_37 ,pdata +5817 67e20abe store 1 ,mem_le_adv_channel_map_temp +5818 20600000 rtn + +set_le_next_adv_channel_38: +5819 70001626 jam 38 ,mem_le_ch_mapped +581a 6fe20abe fetch 1 ,mem_le_adv_channel_map_temp +581b 79207e01 set1 bit_adv_channel_map_38 ,pdata +581c 67e20abe store 1 ,mem_le_adv_channel_map_temp +581d 20600000 rtn + +set_le_next_adv_channel_39: +581e 70001627 jam 39 ,mem_le_ch_mapped +581f 6fe20abe fetch 1 ,mem_le_adv_channel_map_temp +5820 79207e02 set1 bit_adv_channel_map_39 ,pdata +5821 67e20abe store 1 ,mem_le_adv_channel_map_temp +5822 20600000 rtn + +le_context_nexthop: +5823 44fec01f bpatch patch1f_5 ,mem_patch1f +5824 1a208c01 add rega ,coffset_mode ,contr +5825 efe20006 ifetch 1 ,contr +5826 c4000000 rtnbit0 mode_le +5827 1a208a1a add rega ,coffset_le_event_cnt ,contw +5828 efe40005 ifetch 2 ,contw +5829 1fe0fe01 increase 1 ,pdata +582a e7e40005 istore 2 ,contw +582b 1a208c19 add rega ,coffset_le_hop ,contr +582c efe20006 ifetch 1 ,contr +582d 1a208a18 add rega ,coffset_le_ch ,contw +582e e8420005 ifetcht 1 ,contw +582f 9840fe00 iadd temp ,pdata +5830 1fe67c24 sub pdata ,36 ,null +5831 20215833 branch le_nexthop_nowrap ,positive +5832 1fe0ffdb increase -37 ,pdata + +le_nexthop_nowrap: +5833 e7e20005 istore 1 ,contw +5834 20600000 rtn + +le_calc_channel_map: +5835 44ff401f bpatch patch1f_6 ,mem_patch1f +5836 6fea046b fetch 5 ,mem_le_channel_map +5837 18000400 force 0 ,temp +5838 18007225 force 37 ,loopcnt + +le_count_channels_loop: +5839 c300583b bbit0 0 ,le_count_channels_notused +583a 18408401 increase 1 ,temp + +le_count_channels_notused: +583b 1fe37e00 rshift pdata ,pdata +583c c2005839 loop le_count_channels_loop +583d 1840ffff add temp ,-1 ,pdata +583e 67e2045d store 1 ,mem_le_channels +583f 20600000 rtn + +le_map_channel: +5840 44ffc01f bpatch patch1f_7 ,mem_patch1f +5841 6fe20453 fetch 1 ,mem_le_ch +5842 98000e00 iforce queue +5843 684a046b fetcht 5 ,mem_le_channel_map +5844 a84fffff qisolate1 temp +5845 2020d856 branch le_map_channel_end ,true + +le_map_channel_next: +5846 47004020 bpatchx patch20_0 ,mem_patch20 +5847 6fe2045d fetch 1 ,mem_le_channels +5848 98e67e00 isub queue ,pdata +5849 2021584c branch le_map_channel_cont ,positive +584a 1fe60fff sub pdata ,-1 ,queue +584b 20205846 branch le_map_channel_next + +le_map_channel_cont: +584c 18e27200 copy queue ,loopcnt +584d 18000e00 force 0 ,queue + +le_map_channel_loop: +584e a84fffff qisolate1 temp +584f 2020d851 branch le_map_channel_skip ,true +5850 1f20f201 increase 1 ,loopcnt + +le_map_channel_skip: +5851 1f227e00 deposit loopcnt +5852 203a5856 branch le_map_channel_end ,blank +5853 18e08e01 increase 1 ,queue +5854 1f20f3ff increase -1 ,loopcnt +5855 2020584e branch le_map_channel_loop + +le_map_channel_end: +5856 18e27e00 deposit queue +5857 67e20016 store 1 ,mem_le_ch_mapped +5858 20600000 rtn + +le_wait_tx: +5859 2034d85c branch le_wait_master ,master +585a 37c18200 until null ,timeout +585b 20600000 rtn + +le_wait_master: +585c d9600ea0 arg 0xea0 ,timeup +585d 34730200 until clkn_rt ,meet +585e 20600000 rtn + +le_receive_adv: +585f 78487c00 disable swfine +5860 6fe4433e fetch 2 ,mem_le_scan_window +5861 1fe21600 copy pdata ,timeup +5862 20205868 branch le_receive_packet + +le_receive_slave: +5863 4700c020 bpatchx patch20_1 ,mem_patch20 +5864 78287c00 enable swfine +5865 6fe40449 fetch 2 ,mem_le_receive_window +5866 684844b7 fetcht 4 ,mem_le_transmit_window +5867 98409600 iadd temp ,timeup + +le_receive_packet: +5868 204057b8 call lerx_setfreq + +le_receive_rxon: +5869 47014020 bpatchx patch20_2 ,mem_patch20 +586a 204057af call le_prep +586b 7856fc00 disable match +586c 7826fc00 enable decode_fec0 +586d 7830fc00 enable is_rx +586e 78507c00 disable is_tx +586f 19623600 copy timeup ,stop_watch +5870 37c18400 correlate null ,timeout +5871 20375874 branch le_receive_on_attempt ,attempt +5872 1b420400 copy clke ,temp +5873 604c009a storet 6 ,mem_sync_clke + +le_receive_on_attempt: +5874 242c4649 nbranch end_of_packet ,sync +5875 2037587b branch le_receive_skip ,attempt +5876 dd2001e0 arg param_clke_cal_le ,clke_rt +5877 1c225000 copy bt_clk ,clke_bt +5878 6fe2043b fetch 1 ,mem_le_state +5879 c301d87b bbit0 lestate_got_first_packet ,le_receive_skip +587a 2055cae6 call lpm_adjust_clk ,wake + +le_receive_skip: +587b 4701c020 bpatchx patch20_3 ,mem_patch20 +587c 204049ba call save_rssi +587d 7823fc00 enable enable_white +587e 7824fc00 enable enable_crc +587f 09800008 parse demod ,bucket ,8 +5880 19897e00 rshift3 pwindow ,pdata +5881 67e202d5 store 1 ,mem_le_rxbuf +5882 09800008 parse demod ,bucket ,8 +5883 19897e00 rshift3 pwindow ,pdata +5884 e7e20005 istore 1 ,contw +5885 1fe1723f and pdata ,0x3f ,loopcnt +5886 2022d88b branch lerx_nopayload ,zero + +lerx_loop: +5887 09800008 parse demod ,bucket ,8 +5888 19897e00 rshift3 pwindow ,pdata +5889 e7e20005 istore 1 ,contw +588a c2005887 loop lerx_loop + +lerx_nopayload: +588b 47024020 bpatchx patch20_4 ,mem_patch20 +588c 09800018 parse demod ,bucket ,24 +588d 78287c00 enable swfine +588e db600664 arg param_sifs ,stop_watch +588f 1fef7e00 rshift32 pdata ,pdata +5890 1ff17e00 rshift16 pdata ,pdata +5891 e7e60005 istore 3 ,contw +5892 20234649 branch end_of_packet ,crc_failed +5893 7836fc00 enable match +5894 6fe20017 fetch 1 ,mem_last_freq +5895 1fe0a200 add pdata ,0 ,rega +5896 20404980 call rf_write_freq +5897 7846fc00 disable decode_fec0 +5898 20204915 branch set_sync_on + +le_transmit_receive_sifs: +5899 4702c020 bpatchx patch20_5 ,mem_patch20 +589a 204058a3 call le_transmit + +le_transmit_receive_sifs_notx: +589b 68420017 fetcht 1 ,mem_last_freq +589c 2040491c call set_freq_rx +589d 20404921 call rf_rx_enable +589e 78287c00 enable swfine +589f d960157c arg 5500 ,timeup +58a0 20205869 branch le_receive_rxon + +le_transmit_norx: +58a1 204058a3 call le_transmit +58a2 20204649 branch end_of_packet + +le_transmit: +58a3 47034020 bpatchx patch20_6 ,mem_patch20 +58a4 204057af call le_prep +58a5 204057bd call letx_setfreq +58a6 202058a7 branch le_transmit0 + +le_transmit0: +58a7 79202a00 set1 txgfsk ,radio_ctrl +58a8 782efc00 enable encode_fec0 +58a9 78307c00 enable is_tx +58aa 7850fc00 disable is_rx +58ab 20405859 call le_wait_tx +58ac 19317e00 rshift16 access ,pdata +58ad 1fecfe00 rshift8 pdata ,pdata +58ae 1ff1fe00 rshift4 pdata ,pdata +58af 08008628 inject mod ,40 +58b0 7823fc00 enable enable_white +58b1 7824fc00 enable enable_crc +58b2 4703c020 bpatchx patch20_7 ,mem_patch20 +58b3 6fe243ae fetch 1 ,mem_le_txheader +58b4 08008608 inject mod ,8 +58b5 efe20006 ifetch 1 ,contr +58b6 1fe1723f and pdata ,0x3f ,loopcnt +58b7 08008608 inject mod ,8 +58b8 2022d8bc branch letr_nopayload ,zero + +letr_loop: +58b9 efe20006 ifetch 1 ,contr +58ba 08008608 inject mod ,8 +58bb c20058b9 loop letr_loop + +letr_nopayload: +58bc 78247c00 enable enable_parity +58bd 08008618 inject mod ,24 +58be 78447c00 disable enable_parity +58bf 37d38200 until null ,tx_clear +58c0 20000064 nop 100 +58c1 784efc00 disable encode_fec0 +58c2 20600000 rtn + +le_send_adv_ind: +58c3 47044021 bpatchx patch21_0 ,mem_patch21 +58c4 6fe24456 fetch 1 ,mem_le_adv_type +58c5 c000d8d3 beq adv_direct_ind ,le_send_adv_direct_ind +58c6 6fe24457 fetch 1 ,mem_le_adv_own_addr_type +58c7 1ff27e00 lshift4 pdata ,pdata +58c8 1febfe00 lshift2 pdata ,pdata +58c9 67e243ae store 1 ,mem_le_txheader +58ca 68424341 fetcht 1 ,mem_le_adv_data_len +58cb 1840fe06 add temp ,6 ,pdata +58cc 67e243af store 1 ,mem_le_txlen +58cd 6fec4472 fetch 6 ,mem_le_lap +58ce 67ec43b0 store 6 ,mem_le_txpayload +58cf 18427200 copy temp ,loopcnt +58d0 d8c04342 arg mem_le_adv_data ,contr +58d1 20407ccf call memcpy_fast +58d2 202058de branch le_send_adv_transmit + +le_send_adv_direct_ind: +58d3 6fe24458 fetch 1 ,mem_le_adv_direct_addr_type +58d4 1ff27e00 lshift4 pdata ,pdata +58d5 1febfe00 lshift2 pdata ,pdata +58d6 1fe0fe01 increase 1 ,pdata +58d7 67e243ae store 1 ,mem_le_txheader +58d8 5800000c setarg 12 +58d9 67e243af store 1 ,mem_le_txlen +58da 6fec4472 fetch 6 ,mem_le_lap +58db 67ec43b0 store 6 ,mem_le_txpayload +58dc 6fec41d1 fetch 6 ,mem_hci_plap +58dd e7ec0005 istore 6 ,contw + +le_send_adv_transmit: +58de 4704c021 bpatchx patch21_1 ,mem_patch21 +58df 6fe20000 fetch 1 ,mem_le_adv_transmit +58e0 1fe0fe01 increase 1 ,pdata +58e1 67e20000 store 1 ,mem_le_adv_transmit +58e2 db600708 arg 1800 ,stop_watch +58e3 7856fc00 disable match +58e4 20205899 branch le_transmit_receive_sifs + +le_send_scan_request: +58e5 47054021 bpatchx patch21_2 ,mem_patch21 +58e6 6fe24470 fetch 1 ,mem_le_scan_type +58e7 c1808000 rtnne le_scan_type_active +58e8 6fe20000 fetch 1 ,mem_le_adv_transmit +58e9 1fe0fe01 increase 1 ,pdata +58ea 67e20000 store 1 ,mem_le_adv_transmit +58eb d8400c03 arg 0x0c03 ,temp +58ec 6fe24471 fetch 1 ,mem_le_scan_own_addr_type +58ed 7d3a0406 nsetflag blank ,le_sender_addr_bit ,temp +58ee 1a227e00 copy rega ,pdata +58ef 7d3a0407 nsetflag blank ,le_receiver_addr_bit ,temp +58f0 604443ae storet 2 ,mem_le_txheader +58f1 6fec4472 fetch 6 ,mem_le_lap +58f2 e7ec0005 istore 6 ,contw +58f3 6fec044b fetch 6 ,mem_le_plap +58f4 e7ec0005 istore 6 ,contw +58f5 20205899 branch le_transmit_receive_sifs + +le_send_scan_response: +58f6 4705c021 bpatchx patch21_3 ,mem_patch21 +58f7 d8400004 arg scan_rsp ,temp +58f8 6fe24457 fetch 1 ,mem_le_adv_own_addr_type +58f9 7d3a0406 nsetflag blank ,le_sender_addr_bit ,temp +58fa 604243ae storet 1 ,mem_le_txheader +58fb 68424361 fetcht 1 ,mem_le_scan_data_len +58fc 1840fe06 add temp ,6 ,pdata +58fd 67e243af store 1 ,mem_le_txlen +58fe 6fec4472 fetch 6 ,mem_le_lap +58ff 67ec43b0 store 6 ,mem_le_txpayload +5900 d8c04362 arg mem_le_scan_data ,contr +5901 18427200 copy temp ,loopcnt +5902 20407ccf call memcpy_fast +5903 204058a1 call le_transmit_norx +5904 20205ae2 branch le_adv_not_match + +le_connect_request: +5905 47064021 bpatchx patch21_4 ,mem_patch21 +5906 18007fff force -1 ,pdata +5907 38080001 setsect 2 ,1 +5908 67ea046b store 5 ,mem_le_channel_map +5909 20405835 call le_calc_channel_map +590a 18007204 force 4 ,loopcnt +590b d8a0045f arg mem_le_access ,contw +590c 204066ef call generate_random_loop +590d 6fe4446e fetch 2 ,mem_le_timeout +590e 67e40469 store 2 ,mem_le_superto + +le_con_req_hop_retry: +590f 180a7e00 random pdata +5910 1fe17e0f and_into 0xf ,pdata +5911 1fe67c04 sub pdata ,4 ,null +5912 2021590f branch le_con_req_hop_retry ,positive +5913 67e20454 store 1 ,mem_le_hop +5914 67e206e2 store 1 ,mem_tmp1 +5915 4706c021 bpatchx patch21_5 ,mem_patch21 +5916 68444339 fetcht 2 ,mem_le_conn_interval +5917 6044043d storet 2 ,mem_le_tsniff +5918 18422600 copy temp ,regc +5919 1c40fe07 add clkn_bt ,7 ,pdata +591a 9a66fc00 idiv regc +591b 20407d61 call wait_div_end +591c 18072200 remainder rega +591d 9a267e00 isub rega ,pdata +591e 9a60fe00 iadd regc ,pdata +591f 68444337 fetcht 2 ,mem_le_dsniff +5920 9840fe00 iadd temp ,pdata +5921 67e8043f store 4 ,mem_le_anchor +5922 9c462200 isub clkn_bt ,rega +5923 1a20a3fa increase -6 ,rega +5924 da402205 arg 0x2205 ,regb +5925 6fe24467 fetch 1 ,mem_le_conn_own_addr_type +5926 7d3a2406 nsetflag blank ,le_sender_addr_bit ,regb +5927 6fe24460 fetch 1 ,mem_le_conn_peer_addr_type +5928 7d3a2407 nsetflag blank ,le_receiver_addr_bit ,regb +5929 1a427e00 copy regb ,pdata +592a 67e443ae store 2 ,mem_le_txheader +592b 6fec4472 fetch 6 ,mem_le_lap +592c e7ec0005 istore 6 ,contw +592d 6fec044b fetch 6 ,mem_le_plap +592e e7ec0005 istore 6 ,contw +592f 6fe8045f fetch 4 ,mem_le_access +5930 e7e80005 istore 4 ,contw +5931 180a7e00 random pdata +5932 e7e40005 istore 2 ,contw +5933 180a7e00 random pdata +5934 e7e20005 istore 1 ,contw +5935 18007e02 force 2 ,pdata +5936 e7e20005 istore 1 ,contw +5937 1a2b7e00 rshift2 rega ,pdata +5938 e7e40005 istore 2 ,contw +5939 1a6b7e00 rshift2 regc ,pdata +593a e7e40005 istore 2 ,contw +593b 47074021 bpatchx patch21_6 ,mem_patch21 +593c 58000000 setarg 0 +593d e7e40005 istore 2 ,contw +593e 6fe4446e fetch 2 ,mem_le_timeout +593f e7e40005 istore 2 ,contw +5940 6fea046b fetch 5 ,mem_le_channel_map +5941 e7ea0005 istore 5 ,contw +5942 6fe20454 fetch 1 ,mem_le_hop +5943 d84000a0 arg param_le_sca ,temp +5944 9841fe00 ior temp ,pdata +5945 e7e20005 istore 1 ,contw +5946 204058a1 call le_transmit_norx +5947 580043ae setarg mem_le_txheader +5948 1fe08c12 add pdata ,18 ,contr +5949 efe60006 ifetch 3 ,contr +594a 67e60463 store 3 ,mem_le_crcinit +594b 20600000 rtn + +le_init_adv: +594c 4707c021 bpatchx patch21_7 ,mem_patch21 +594d 7854fc00 disable master +594e 202057e6 branch le_adv_access + +le_update_param: +594f 6fe2043b fetch 1 ,mem_le_state +5950 c4028000 rtnbit0 lestate_update_param +5951 6fe40455 fetch 2 ,mem_le_event_count +5952 6844045b fetcht 2 ,mem_le_instant +5953 98467e00 isub temp ,pdata +5954 24610000 nrtn positive +5955 67e40a96 store 2 ,mem_pdatatemp +5956 47084022 bpatchx patch22_0 ,mem_patch22 +5957 6fe2043b fetch 1 ,mem_le_state +5958 793ffe05 set0 lestate_update_param ,pdata +5959 793ffe03 set0 lestate_got_first_packet ,pdata +595a 67e2043b store 1 ,mem_le_state +595b 6fe8043f fetch 4 ,mem_le_anchor +595c 6844043d fetcht 2 ,mem_le_tsniff +595d 60440a9e storet 2 ,mem_temp +595e 98462200 isub temp ,rega +595f 4708c022 bpatchx patch22_1 ,mem_patch22 +5960 6fe243a5 fetch 1 ,mem_le_new_param +5961 67e20466 store 1 ,mem_le_window_size +5962 e8440006 ifetcht 2 ,contr +5963 efe40006 ifetch 2 ,contr +5964 1febfe00 lshift2 pdata ,pdata +5965 67e4043d store 2 ,mem_le_tsniff +5966 184b8400 lshift2 temp ,temp +5967 9840fe00 iadd temp ,pdata +5968 e8480006 ifetcht 4 ,contr +5969 60480467 storet 4 ,mem_le_slave_latency +596a 9a20fe00 iadd rega ,pdata +596b 1fe22800 copy pdata ,regab +596c 6fe4043d fetch 2 ,mem_le_tsniff +596d 68440a9e fetcht 2 ,mem_temp +596e 98467e00 isub temp ,pdata +596f 68440a96 fetcht 2 ,mem_pdatatemp +5970 984ffe00 imul32 temp ,pdata +5971 9a80fe00 iadd regab ,pdata +5972 67e8043f store 4 ,mem_le_anchor +5973 20405af3 call le_receive_window_size +5974 6fe40469 fetch 2 ,mem_le_superto +5975 67e4448c store 2 ,mem_le_init_superto +5976 20600000 rtn + +le_update_channel_map: +5977 47094022 bpatchx patch22_2 ,mem_patch22 +5978 6fe2043b fetch 1 ,mem_le_state +5979 c4030000 rtnbit0 lestate_update_map +597a 6fe40455 fetch 2 ,mem_le_event_count +597b 6844045b fetcht 2 ,mem_le_instant +597c 98467e00 isub temp ,pdata +597d 24610000 nrtn positive +597e 6fe2043b fetch 1 ,mem_le_state +597f 793ffe06 set0 lestate_update_map ,pdata +5980 67e2043b store 1 ,mem_le_state +5981 6fea43a0 fetch 5 ,mem_le_new_map +5982 67ea046b store 5 ,mem_le_channel_map +5983 20205835 branch le_calc_channel_map + +le_acknowledge: +5984 4709c022 bpatchx patch22_3 ,mem_patch22 +5985 20405ac9 call le_supervision_flush +5986 2040599a call le_check_wak +5987 6fe202d5 fetch 1 ,mem_le_rxbuf +5988 2feffe04 isolate1 md ,pdata +5989 7920802a setflag true ,mark_ble_rx_md ,mark +598a 1fe37e00 rshift pdata ,pdata +598b 9842fe00 ixor temp ,pdata +598c 2feffe02 isolate1 nesn ,pdata +598d 7920800f setflag true ,mark_old_packet ,mark +598e c6078000 rtnmark1 mark_old_packet +598f 6fe202d6 fetch 1 ,mem_le_rxbuf + 1 +5990 203a5996 branch le_ack_unenc ,blank +5991 6fe2043b fetch 1 ,mem_le_state +5992 c3025996 bbit0 lestate_encryption ,le_ack_unenc +5993 20407342 call load_sk +5994 204072b2 call le_decrypt +5995 247a0000 nrtn blank + +le_ack_unenc: +5996 68420452 fetcht 1 ,mem_le_arq +5997 79400402 setflip nesn ,temp +5998 60420452 storet 1 ,mem_le_arq +5999 20600000 rtn + +le_check_wak: +599a 470a4022 bpatchx patch22_4 ,mem_patch22 +599b 68420452 fetcht 1 ,mem_le_arq +599c 284c0005 isolate0 wak ,temp +599d 20608000 rtn true +599e 6fe202d5 fetch 1 ,mem_le_rxbuf +599f 1fe3fe00 lshift pdata ,pdata +59a0 9842fe00 ixor temp ,pdata +59a1 c4018000 rtnbit0 sn +59a2 793f8405 set0 wak ,temp +59a3 79400403 setflip sn ,temp +59a4 60420452 storet 1 ,mem_le_arq +59a5 28400603 compare 3 ,temp ,3 +59a6 24608000 nrtn true +59a7 6fe243b0 fetch 1 ,mem_le_txpayload +59a8 c002d9ac beq ll_start_enc_req ,le_set_enc +59a9 6fe24497 fetch 1 ,mem_le_enc_state +59aa c00159b0 beq flag_le_enc_pause ,le_clear_enc +59ab 20600000 rtn + +le_set_enc: +59ac 6fe2043b fetch 1 ,mem_le_state +59ad 79207e04 set1 lestate_encryption ,pdata +59ae 67e2043b store 1 ,mem_le_state +59af 20600000 rtn + +le_clear_enc: +59b0 470ac022 bpatchx patch22_5 ,mem_patch22 +59b1 70449700 jam flag_le_enc_null ,mem_le_enc_state +59b2 dfe00000 arg 0 ,pdata +59b3 67e843df store 4 ,mem_le_last_mic +59b4 67ea43d5 store 5 ,mem_le_pcnt_tx +59b5 79207e27 set1 39 ,pdata +59b6 67ea43da store 5 ,mem_le_pcnt_rx +59b7 6fe2043b fetch 1 ,mem_le_state +59b8 793ffe04 set0 lestate_encryption ,pdata +59b9 67e2043b store 1 ,mem_le_state +59ba 20600000 rtn + +le_wait_adv: +59bb 470b4022 bpatchx patch22_6 ,mem_patch22 +59bc 204057fc call le_next_adv_channel +59bd 2040585f call le_receive_adv +59be 6fe20001 fetch 1 ,mem_le_adv_waitcnt +59bf 1fe0fe01 increase 1 ,pdata +59c0 67e20001 store 1 ,mem_le_adv_waitcnt +59c1 20600000 rtn + +le_scan: +59c2 470bc022 bpatchx patch22_7 ,mem_patch22 +59c3 6fe2433b fetch 1 ,mem_le_scan_enable +59c4 c1808000 rtnne le_scan_enable +59c5 d8e00002 arg le_scan_interval_timer ,queue +59c6 20407cf1 call timer_check +59c7 247a0000 nrtn blank +59c8 6fe4433c fetch 2 ,mem_le_scan_interval +59c9 6844433e fetcht 2 ,mem_le_scan_window +59ca 98467e00 isub temp ,pdata +59cb d8e00002 arg le_scan_interval_timer ,queue +59cc 20407ce3 call timer_init +59cd 7854fc00 disable master +59ce 2040594c call le_init_adv +59cf 204059bb call le_wait_adv +59d0 24768000 nrtn match +59d1 470c4023 bpatchx patch23_0 ,mem_patch23 +59d2 6fec02d7 fetch 6 ,mem_le_rxbuf + 2 +59d3 67ec044b store 6 ,mem_le_plap +59d4 6fe20002 fetch 1 ,mem_le_adv_rcv +59d5 1fe0fe01 increase 1 ,pdata +59d6 67e20002 store 1 ,mem_le_adv_rcv +59d7 204059e2 call le_create_conn +59d8 20748000 rtn master +59d9 204058e5 call le_send_scan_request +59da 24768000 nrtn match +59db 470cc023 bpatchx patch23_1 ,mem_patch23 +59dc 6fe20004 fetch 1 ,mem_le_scanrsp_rcv +59dd 1fe0fe01 increase 1 ,pdata +59de 67e20004 store 1 ,mem_le_scanrsp_rcv +59df 6ff202dd fetch 9 ,mem_le_rxbuf + 8 +59e0 67f200ff store 9 ,mem_tmp_buffer +59e1 20600000 rtn + +le_create_conn: +59e2 470d4023 bpatchx patch23_2 ,mem_patch23 +59e3 6fe20497 fetch 1 ,mem_cmd_le_create_conn +59e4 c18d8000 rtnne hci_cmd_le_create_conn +59e5 6fec044b fetch 6 ,mem_le_plap +59e6 684c4461 fetcht 6 ,mem_le_conn_peer_addr +59e7 98467c00 isub temp ,null +59e8 24628000 nrtn zero +59e9 20404237 call context_new +59ea 24628000 nrtn zero +59eb 20405905 call le_connect_request +59ec 2040571a call le_init_master +59ed 470dc023 bpatchx patch23_3 ,mem_patch23 +59ee 7041cf00 jam 0 ,mem_hci_cmd +59ef 70047200 jam 0 ,mem_le_peer_sca +59f0 70433b00 jam 0 ,mem_le_scan_enable +59f1 70049700 jam 0 ,mem_cmd_le_create_conn +59f2 2020421f branch context_save + +le_scan_check_sender_addr_type: +59f3 da200001 arg 1 ,rega +59f4 6fe202d5 fetch 1 ,mem_le_rxbuf +59f5 c3830000 rtnbit1 le_sender_addr_bit +59f6 da200000 arg 0 ,rega +59f7 20600000 rtn + +le_prepare_tx: +59f8 470e4023 bpatchx patch23_4 ,mem_patch23 +59f9 6fe20452 fetch 1 ,mem_le_arq +59fa c3828000 rtnbit1 wak +59fb 20405a1c call le_check_tx_md +59fc 20405c53 call le_fifo_get_first_tx_ptr +59fd 203a5a3e branch le_send_empty ,blank +59fe efe20006 ifetch 1 ,contr +59ff e8420006 ifetcht 1 ,contr +5a00 18422200 copy temp ,rega +5a01 9a267e00 isub rega ,pdata +5a02 d840001b arg le_max_paket_len ,temp +5a03 20407db5 call not_greater_than +5a04 1fe20400 copy pdata ,temp +5a05 efe20006 ifetch 1 ,contr +5a06 1fe20200 copy pdata ,type +5a07 1a227e00 copy rega ,pdata +5a08 98c08c00 iadd contr ,contr +5a09 d8a043b0 arg mem_le_txpayload ,contw +5a0a 18427200 copy temp ,loopcnt +5a0b 20407cdc call memcpy +5a0c 20405a2e call le_update_tx_type +5a0d 20405a40 call le_send_packet +5a0e 20405c53 call le_fifo_get_first_tx_ptr +5a0f efe20006 ifetch 1 ,contr +5a10 1fe22200 copy pdata ,rega +5a11 18c22600 copy contr ,regc +5a12 e8420006 ifetcht 1 ,contr +5a13 18422400 copy temp ,regb +5a14 9a467e00 isub regb ,pdata +5a15 d840001b arg le_max_paket_len ,temp +5a16 20407db5 call not_greater_than +5a17 9a40fe00 iadd regb ,pdata +5a18 e7e20013 istore 1 ,regc +5a19 9a267c00 isub rega ,null +5a1a 24628000 nrtn zero +5a1b 20205c76 branch le_fifo_release_first_node + +le_check_tx_md: +5a1c 20405a23 call le_check_continue +5a1d c6148000 rtnmark1 mark_ble_tx_md +5a1e 6fe244bb fetch 1 ,mem_le_configuration +5a1f c3015a2c bbit0 bit_ble_transmit_packet_by_md ,le_clear_md +5a20 20405c56 call le_fifo_get_second_tx_ptr +5a21 203a5a2c branch le_clear_md ,blank +5a22 20205a2a branch le_set_md + +le_check_continue: +5a23 20405c53 call le_fifo_get_first_tx_ptr +5a24 203a5a2c branch le_clear_md ,blank +5a25 efe20006 ifetch 1 ,contr +5a26 e8420006 ifetcht 1 ,contr +5a27 98467e00 isub temp ,pdata +5a28 1fe67c1b sub pdata ,le_max_paket_len ,null +5a29 20215a2c branch le_clear_md ,positive + +le_set_md: +5a2a 79200029 set1 mark_ble_tx_md ,mark +5a2b 20600000 rtn + +le_clear_md: +5a2c 793f8029 set0 mark_ble_tx_md ,mark +5a2d 20600000 rtn + +le_update_tx_type: +5a2e 1a227e00 copy rega ,pdata +5a2f 207a0000 rtn blank +5a30 d8200001 arg llid_continue ,type +5a31 20600000 rtn + +le_att_check_notification_enable: +5a32 470ec023 bpatchx patch23_5 ,mem_patch23 +5a33 18408401 increase 1 ,temp +5a34 20405b4a call le_att_get_handle_ptr +5a35 18c08dfe increase -2 ,contr +5a36 efe40006 ifetch 2 ,contr +5a37 d8402902 arg client_charactertic_configuration ,temp +5a38 98467c00 isub temp ,null +5a39 24628000 nrtn zero +5a3a 18c08c01 increase 1 ,contr +5a3b 18c22200 copy contr ,rega +5a3c efe20006 ifetch 1 ,contr +5a3d 20600000 rtn + +le_send_empty: +5a3e 18000400 force 0 ,temp +5a3f 18000201 force 1 ,type + +le_send_packet: +5a40 470f4023 bpatchx patch23_6 ,mem_patch23 +5a41 604243af storet 1 ,mem_le_txlen +5a42 68420452 fetcht 1 ,mem_le_arq +5a43 79200405 set1 wak ,temp +5a44 18417efc and temp ,0xfc ,pdata +5a45 9821fe00 ior type ,pdata +5a46 67e20452 store 1 ,mem_le_arq +5a47 1fe17e1f and_into 0x1f ,pdata +5a48 280ffe29 isolate1 mark_ble_tx_md ,mark +5a49 7920fe04 setflag true ,md ,pdata +5a4a 67e243ae store 1 ,mem_le_txheader +5a4b 6fe243ae fetch 1 ,mem_le_txheader +5a4c 28200601 compare 1 ,type ,3 +5a4d 2420da50 nbranch le_send_no_txlen ,true +5a4e 6fe243af fetch 1 ,mem_le_txlen +5a4f 207a0000 rtn blank + +le_send_no_txlen: +5a50 6fe2043b fetch 1 ,mem_le_state +5a51 c4020000 rtnbit0 lestate_encryption +5a52 20407342 call load_sk +5a53 20207299 branch le_encrypt + +get_lpm_wake_ble_rx_lock: +5a54 d8e00000 arg wake_lock_ble_rx ,queue +5a55 20204bec branch lpm_get_wake_lock + +put_lpm_wake_ble_rx_lock: +5a56 d8e00000 arg wake_lock_ble_rx ,queue +5a57 20204bf0 branch lpm_put_wake_lock + +le_parse: +5a58 470fc023 bpatchx patch23_7 ,mem_patch23 +5a59 c6078000 rtnmark1 mark_old_packet +5a5a 20405c70 call le_fifo_check_full +5a5b 247a0000 nrtn blank +5a5c 6fe202d5 fetch 1 ,mem_le_rxbuf +5a5d 1fe17e03 and pdata ,0x3 ,pdata +5a5e 67e244de store 1 ,mem_le_packet_llid +5a5f efe20006 ifetch 1 ,contr +5a60 1fe17e1f and pdata ,0x1f ,pdata +5a61 67e244dd store 1 ,mem_le_packet_size +5a62 207a0000 rtn blank +5a63 18c27e00 copy contr ,pdata +5a64 67e444df store 2 ,mem_le_payload_ptr +5a65 47104024 bpatchx patch24_0 ,mem_patch24 +5a66 6fe244de fetch 1 ,mem_le_packet_llid +5a67 c001e044 beq llid_le_ll ,le_parse_ll + +le_parse_l2cap: +5a68 4710c024 bpatchx patch24_1 ,mem_patch24 +5a69 20405a76 call le_check_l2cap_complete +5a6a 24345a54 nbranch get_lpm_wake_ble_rx_lock ,user +5a6b 20405a56 call put_lpm_wake_ble_rx_lock +5a6c 6fe444df fetch 2 ,mem_le_payload_ptr +5a6d 1fe20c00 copy pdata ,contr +5a6e efe40006 ifetch 2 ,contr +5a6f 67e444ce store 2 ,mem_le_l2cap_size +5a70 47114024 bpatchx patch24_2 ,mem_patch24 +5a71 efe40006 ifetch 2 ,contr +5a72 c0025c8b beq le_l2cap_cid_att ,le_parse_att +5a73 c0035ed4 beq le_l2cap_cid_smp ,le_parse_smp +5a74 c002de96 beq le_l2cap_cid_signal ,le_parse_signaling +5a75 20600000 rtn + +le_check_l2cap_complete: +5a76 6fe244de fetch 1 ,mem_le_packet_llid +5a77 c0015a85 beq llid_start ,le_check_l2cap_llid_start +5a78 c000da9d beq llid_continue ,le_check_l2cap_llid_continue +5a79 20600000 rtn + +le_check_l2cap_cid_legal: +5a7a 20407dbf call enable_user +5a7b d8400004 arg le_l2cap_cid_att ,temp +5a7c 9fe67c00 isub pdata ,null +5a7d 20628000 rtn zero +5a7e d8400005 arg le_l2cap_cid_signal ,temp +5a7f 9fe67c00 isub pdata ,null +5a80 20628000 rtn zero +5a81 d8400006 arg le_l2cap_cid_smp ,temp +5a82 9fe67c00 isub pdata ,null +5a83 20628000 rtn zero +5a84 20207dc1 branch disable_user + +le_check_l2cap_llid_start: +5a85 6fe444df fetch 2 ,mem_le_payload_ptr +5a86 1fe20c00 copy pdata ,contr +5a87 efe40006 ifetch 2 ,contr +5a88 67e444ce store 2 ,mem_le_l2cap_size +5a89 efe40006 ifetch 2 ,contr +5a8a 20405a7a call le_check_l2cap_cid_legal +5a8b 24740000 nrtn user +5a8c 684244dd fetcht 1 ,mem_le_packet_size +5a8d 604244d0 storet 1 ,mem_le_packet_len_recved +5a8e 6fe444ce fetch 2 ,mem_le_l2cap_size +5a8f 1fe0fe04 increase 4 ,pdata +5a90 98467c00 isub temp ,null +5a91 2022fdbf branch enable_user ,zero +5a92 6fe244dd fetch 1 ,mem_le_packet_size +5a93 1fe27200 copy pdata ,loopcnt +5a94 d8a0030d arg mem_le_l2capbuf ,contw +5a95 6fe444df fetch 2 ,mem_le_payload_ptr +5a96 1fe20c00 copy pdata ,contr +5a97 20407cdc call memcpy +5a98 20207dc1 branch disable_user + +le_check_l2cap_continue_legal: +5a99 20407dbf call enable_user +5a9a 6fe244d0 fetch 1 ,mem_le_packet_len_recved +5a9b 247a0000 nrtn blank +5a9c 20207dc1 branch disable_user + +le_check_l2cap_llid_continue: +5a9d 20405a99 call le_check_l2cap_continue_legal +5a9e 24740000 nrtn user +5a9f 6fe244d0 fetch 1 ,mem_le_packet_len_recved +5aa0 d8a0030d arg mem_le_l2capbuf ,contw +5aa1 98a0a200 iadd contw ,rega +5aa2 684244dd fetcht 1 ,mem_le_packet_size +5aa3 9840fe00 iadd temp ,pdata +5aa4 67e244d0 store 1 ,mem_le_packet_len_recved +5aa5 6fe244dd fetch 1 ,mem_le_packet_size +5aa6 1fe27200 copy pdata ,loopcnt +5aa7 1a220a00 copy rega ,contw +5aa8 6fe444df fetch 2 ,mem_le_payload_ptr +5aa9 1fe20c00 copy pdata ,contr +5aaa 20407ccf call memcpy_fast +5aab 5800030d setarg mem_le_l2capbuf +5aac 67e444df store 2 ,mem_le_payload_ptr +5aad 6fe444ce fetch 2 ,mem_le_l2cap_size +5aae 1fe0fe04 increase 4 ,pdata +5aaf 684244d0 fetcht 1 ,mem_le_packet_len_recved +5ab0 98467c00 isub temp ,null +5ab1 2022fdbf branch enable_user ,zero +5ab2 20207dc1 branch disable_user + +le_get_search_att_type: +5ab3 20407c80 call store_contr +5ab4 d8a04430 arg mem_le_search_att_type_length ,contw + +le_get_search_common: +5ab5 6fe444ce fetch 2 ,mem_le_l2cap_size +5ab6 1fe0fffb increase -5 ,pdata + +le_get_search_common2: +5ab7 e7e20005 istore 1 ,contw +5ab8 1fe27200 copy pdata ,loopcnt +5ab9 20407c7a call get_contr +5aba 20207ccf branch memcpy_fast + +le_get_search_att_uuid: +5abb 20407c80 call store_contr +5abc d8a04443 arg mem_le_search_uuid_length ,contw +5abd 20205ab5 branch le_get_search_common + +le_writeatt_cb: +5abe 6fe441fa fetch 2 ,mem_cb_att_write +5abf 20207d77 branch callback_func + +le_supervision_update: +5ac0 68480457 fetcht 4 ,mem_le_supervision_timer +5ac1 20404a7a call get_clkbt +5ac2 98461600 isub temp ,timeup +5ac3 19627e00 deposit timeup +5ac4 68440469 fetcht 2 ,mem_le_superto +5ac5 18520400 lshift4 temp ,temp +5ac6 18438400 lshift temp ,temp +5ac7 98467e00 isub temp ,pdata +5ac8 20600000 rtn + +le_supervision_flush: +5ac9 20404a7a call get_clkbt +5aca 67e80457 store 4 ,mem_le_supervision_timer +5acb 20600000 rtn + +le_adv: +5acc 70001624 jam 36 ,mem_le_ch_mapped +5acd 700abe00 jam 0 ,mem_le_adv_channel_map_temp + +le_adv_loop: +5ace 4711c024 bpatchx patch24_3 ,mem_patch24 +5acf 6fe24340 fetch 1 ,mem_le_adv_enable +5ad0 207a0000 rtn blank +5ad1 d8e00000 arg le_adv_interval_timer ,queue +5ad2 20407cf1 call timer_check +5ad3 247a0000 nrtn blank +5ad4 47124024 bpatchx patch24_4 ,mem_patch24 + +le_adv_loop_tx: +5ad5 7854fc00 disable master +5ad6 78287c00 enable swfine +5ad7 2040594c call le_init_adv +5ad8 204057fc call le_next_adv_channel +5ad9 204058c3 call le_send_adv_ind +5ada 2436dae2 nbranch le_adv_not_match ,match +5adb 6fe20003 fetch 1 ,mem_le_req_rcv +5adc 1fe0fe01 increase 1 ,pdata +5add 67e20003 store 1 ,mem_le_req_rcv +5ade 6fe202d5 fetch 1 ,mem_le_rxbuf +5adf 1fe17e0f and pdata ,0x0f ,pdata +5ae0 c001d8f6 beq scan_req ,le_send_scan_response +5ae1 c002db08 beq connect_req ,le_parse_connect_req + +le_adv_not_match: +5ae2 4712c024 bpatchx patch24_5 ,mem_patch24 +5ae3 180a7e00 random pdata +5ae4 d84001ff arg 0x1ff ,temp +5ae5 98417e00 iand temp ,pdata +5ae6 1fe0fefa add pdata ,250 ,pdata +5ae7 20405aef call delay +5ae8 6fe20abe fetch 1 ,mem_le_adv_channel_map_temp +5ae9 6842445f fetcht 1 ,mem_le_adv_channel_map +5aea 98467c00 isub temp ,null +5aeb 2422dace nbranch le_adv_loop ,zero +5aec d8e00000 arg le_adv_interval_timer ,queue +5aed 6fe44454 fetch 2 ,mem_le_adv_interval +5aee 20207ce3 branch timer_init + +delay: +5aef 1fe0ffff increase -1 ,pdata +5af0 20000026 nop 38 +5af1 243a5aef nbranch delay ,blank +5af2 20600000 rtn + +le_receive_window_size: +5af3 47134024 bpatchx patch24_6 ,mem_patch24 +5af4 6fe20472 fetch 1 ,mem_le_peer_sca +5af5 204057d6 call le_sca_map +5af6 6fe4043d fetch 2 ,mem_le_tsniff +5af7 984ffe00 imul32 temp ,pdata +5af8 d8400177 arg 375 ,temp +5af9 984ffe00 imul32 temp ,pdata +5afa d84186a0 arg 100000 ,temp +5afb 9846fc00 idiv temp +5afc 6fe20466 fetch 1 ,mem_le_window_size +5afd d8404e20 arg 20000 ,temp +5afe 984ffe00 imul32 temp ,pdata +5aff 9840fe00 iadd temp ,pdata +5b00 67e844b7 store 4 ,mem_le_transmit_window +5b01 4713c024 bpatchx patch24_7 ,mem_patch24 +5b02 6fe440c1 fetch 2 ,mem_rx_window_sniff +5b03 20407d61 call wait_div_end +5b04 18078400 quotient temp +5b05 9840fe00 iadd temp ,pdata +5b06 67e40449 store 2 ,mem_le_receive_window +5b07 20600000 rtn + +le_parse_connect_req: +5b08 47144025 bpatchx patch25_0 ,mem_patch25 +5b09 6fec02dd fetch 6 ,mem_le_rxbuf + 8 +5b0a 684c4472 fetcht 6 ,mem_le_lap +5b0b 98467c00 isub temp ,null +5b0c 24628000 nrtn zero +5b0d 204059f3 call le_scan_check_sender_addr_type +5b0e 1a227e00 copy rega ,pdata +5b0f 67e24460 store 1 ,mem_le_conn_peer_addr_type +5b10 6fee02ea fetch 7 ,mem_le_rxbuf + 21 +5b11 67ee00ff store 7 ,mem_tmp_buffer +5b12 eff00006 ifetch 8 ,contr +5b13 e7f00005 istore 8 ,contw +5b14 6fec02d7 fetch 6 ,mem_le_rxbuf + 2 +5b15 67ec044b store 6 ,mem_le_plap +5b16 18c08c06 increase 6 ,contr +5b17 eff00006 ifetch 8 ,contr +5b18 67f0045f store 8 ,mem_le_access +5b19 e8440006 ifetcht 2 ,contr +5b1a 4714c025 bpatchx patch25_1 ,mem_patch25 +5b1b 184b8400 lshift2 temp ,temp +5b1c efe40006 ifetch 2 ,contr +5b1d 1febfe00 lshift2 pdata ,pdata +5b1e 67e4043d store 2 ,mem_le_tsniff +5b1f 67e8043f store 4 ,mem_le_anchor +5b20 98467e00 isub temp ,pdata +5b21 1fe0d1fe add pdata ,-2 ,clke_bt +5b22 eff20006 ifetch 9 ,contr +5b23 67f20467 store 9 ,mem_le_slave_latency +5b24 47154025 bpatchx patch25_2 ,mem_patch25 +5b25 efe20006 ifetch 1 ,contr +5b26 1ff18400 rshift4 pdata ,temp +5b27 18430400 rshift temp ,temp +5b28 60420472 storet 1 ,mem_le_peer_sca +5b29 1fe17e1f and_into 0x1f ,pdata +5b2a 67e20454 store 1 ,mem_le_hop +5b2b 20405af3 call le_receive_window_size +5b2c 20405835 call le_calc_channel_map +5b2d 20405726 call le_init_slave +5b2e 20404237 call context_new +5b2f 24628000 nrtn zero +5b30 4715c025 bpatchx patch25_3 ,mem_patch25 +5b31 2040483d call calc_clke_offset +5b32 20405eb3 call le_l2cap_reset_signaling_identifier +5b33 700a9514 jam bt_evt_le_connected ,mem_fifo_temp +5b34 20407bab call ui_ipc_send_event +5b35 2020421f branch context_save + +le_init_attlist_search: +5b36 47164025 bpatchx patch25_4 ,mem_patch25 +5b37 6fe4442c fetch 2 ,mem_le_search_handle_start +5b38 98002400 iforce regb +5b39 6fe4442e fetch 2 ,mem_le_search_handle_end +5b3a 98002600 iforce regc +5b3b 6fe4448e fetch 2 ,mem_ui_le_uuid_table +5b3c 98000c00 iforce contr +5b3d 78347c00 enable user +5b3e 20600000 rtn + +le_att_handle_inrange: +5b3f efe40006 ifetch 2 ,contr +5b40 207a0000 rtn blank +5b41 9a467c00 isub regb ,null +5b42 24610000 nrtn positive +5b43 9a667c00 isub regc ,null +5b44 20628000 rtn zero +5b45 20215b48 branch le_att_handle_blank ,positive +5b46 18007c01 force 1 ,null +5b47 20600000 rtn + +le_att_handle_blank: +5b48 18007e00 force 0 ,pdata +5b49 20600000 rtn + +le_att_get_handle_ptr: +5b4a 20405b4d call le_att_get_handle_ptr2 +5b4b 2022db59 branch le_att_get_handle_ptr_found ,zero +5b4c 20600000 rtn + +le_att_get_handle_ptr2: +5b4d 4716c025 bpatchx patch25_5 ,mem_patch25 +5b4e 6fe4448e fetch 2 ,mem_ui_le_uuid_table +5b4f 98000c00 iforce contr + +le_att_get_handle_loop1: +5b50 efe40006 ifetch 2 ,contr +5b51 207a0000 rtn blank +5b52 98467c00 isub temp ,null +5b53 20628000 rtn zero +5b54 efe20006 ifetch 1 ,contr +5b55 98c08c00 iadd contr ,contr +5b56 efe20006 ifetch 1 ,contr +5b57 98c08c00 iadd contr ,contr +5b58 20205b50 branch le_att_get_handle_loop1 + +le_att_get_handle_ptr_found: +5b59 efe20006 ifetch 1 ,contr +5b5a 98c08c00 iadd contr ,contr +5b5b 20600000 rtn + +le_att_get_short_uuid_ptr: +5b5c 47174025 bpatchx patch25_6 ,mem_patch25 +5b5d 6fe4448e fetch 2 ,mem_ui_le_uuid_table +5b5e 98000c00 iforce contr + +le_att_get_short_uuid_loop: +5b5f efe40006 ifetch 2 ,contr +5b60 207a0000 rtn blank +5b61 efe20006 ifetch 1 ,contr +5b62 98c08c00 iadd contr ,contr +5b63 18c08dfe increase -2 ,contr +5b64 efe40006 ifetch 2 ,contr +5b65 98467c00 isub temp ,null +5b66 20628000 rtn zero +5b67 efe20006 ifetch 1 ,contr +5b68 98c08c00 iadd contr ,contr +5b69 20205b5f branch le_att_get_short_uuid_loop + +le_att_get_handle_info_from_ptr: +5b6a 6fe40498 fetch 2 ,mem_le_cur_attlist_start_ptr +5b6b 20205b6e branch le_att_get_handle_info_fast + +le_att_get_handle_info: +5b6c 4717c025 bpatchx patch25_7 ,mem_patch25 +5b6d 6fe4448e fetch 2 ,mem_ui_le_uuid_table + +le_att_get_handle_info_fast: +5b6e 98000c00 iforce contr +5b6f 18422200 copy temp ,rega + +le_att_get_handle_loop: +5b70 efe40006 ifetch 2 ,contr +5b71 203a5b79 branch le_att_unfind_handle ,blank +5b72 9a267c00 isub rega ,null +5b73 2022db7a branch le_att_finded_handle ,zero +5b74 efe20006 ifetch 1 ,contr +5b75 98c08c00 iadd contr ,contr +5b76 efe20006 ifetch 1 ,contr +5b77 98c08c00 iadd contr ,contr +5b78 20205b70 branch le_att_get_handle_loop + +le_att_unfind_handle: +5b79 20207dc7 branch disable_blank + +le_att_finded_handle: +5b7a efe20006 ifetch 1 ,contr +5b7b 67e2049e store 1 ,mem_le_cur_uuid_length +5b7c 1fe27200 copy pdata ,loopcnt +5b7d d8a0049f arg mem_le_cur_uuid ,contw +5b7e 20407ccf call memcpy_fast +5b7f efe20006 ifetch 1 ,contr +5b80 67e204af store 1 ,mem_le_curr_att_len +5b81 20407c80 call store_contr +5b82 20207dc9 branch enable_blank + +le_modified_name: +5b83 47184026 bpatchx patch26_0 ,mem_patch26 +5b84 20405b86 call le_modified_name_att_list +5b85 20205b98 branch le_modified_name_adv + +le_modified_name_att_list: +5b86 d8402a00 arg uuid_chrctr_device_name ,temp +5b87 20405b5c call le_att_get_short_uuid_ptr +5b88 207a0000 rtn blank +5b89 efe20006 ifetch 1 ,contr +5b8a 18c20a00 copy contr ,contw +5b8b 68424381 fetcht 1 ,mem_le_name_len +5b8c 18427200 copy temp ,loopcnt +5b8d 98467c00 isub temp ,null +5b8e 24215b95 nbranch le_name_length_longer_than_att ,positive +5b8f 98460400 isub temp ,temp +5b90 d8c04382 arg mem_le_name ,contr +5b91 20407cdc call memcpy +5b92 18427200 copy temp ,loopcnt +5b93 2442dbd0 ncall memcpy_empty ,zero +5b94 20600000 rtn + +le_name_length_longer_than_att: +5b95 1fe27200 copy pdata ,loopcnt +5b96 d8c04382 arg mem_le_name ,contr +5b97 20207ccf branch memcpy_fast + +le_modified_name_adv: +5b98 da604361 arg mem_le_adv_data_len + 32 ,regc +5b99 da204342 arg mem_le_adv_data ,rega +5b9a 20405ba5 call le_modified_name_adv_and_scan +5b9b 58000000 setarg 0 +5b9c 79347e00 setflag user ,0 ,pdata +5b9d 67e20a96 store 1 ,mem_pdatatemp +5b9e da604381 arg mem_le_scan_data_len + 32 ,regc +5b9f da204362 arg mem_le_scan_data ,rega +5ba0 20405ba5 call le_modified_name_adv_and_scan +5ba1 20740000 rtn user +5ba2 6fe20a96 fetch 1 ,mem_pdatatemp +5ba3 203a4a8b branch assert ,blank +5ba4 20600000 rtn + +le_modified_name_adv_and_scan: +5ba5 4718c026 bpatchx patch26_1 ,mem_patch26 +5ba6 20407dbf call enable_user +5ba7 20407cb5 call clear_temp_block +5ba8 da400000 arg 0 ,regb +5ba9 d8a00abf arg mem_le_data_temp ,contw +5baa 20405bbf call le_modified_name_adv_loop +5bab 6fe24381 fetch 1 ,mem_le_name_len +5bac 1fe08401 add pdata ,1 ,temp +5bad 9a40a200 iadd regb ,rega +5bae 1a20a202 increase 2 ,rega +5baf 1a267c1f sub rega ,0x1f ,null +5bb0 24215bbd nbranch le_modified_name_adv_and_scan_name_overflow ,positive +5bb1 e0420005 istoret 1 ,contw +5bb2 d8400009 arg gap_adtype_local_name_complete ,temp +5bb3 e0420005 istoret 1 ,contw +5bb4 98007200 iforce loopcnt +5bb5 20407ccf call memcpy_fast +5bb6 1a222400 copy rega ,regb + +le_modified_name_adv_and_scan_store_data: +5bb7 1a427e00 deposit regb +5bb8 67e20abe store 1 ,mem_le_data_len_temp +5bb9 d8c00abe arg mem_le_data_len_temp ,contr +5bba 5fffffe0 setarg -32 +5bbb 9a608a00 iadd regc ,contw +5bbc 20207c98 branch memcpy32 + +le_modified_name_adv_and_scan_name_overflow: +5bbd 20407dc1 call disable_user +5bbe 20205bb7 branch le_modified_name_adv_and_scan_store_data + +le_modified_name_adv_loop: +5bbf efe20011 ifetch 1 ,rega +5bc0 207a0000 rtn blank +5bc1 1fe0fe01 pincrease 1 +5bc2 e8420006 ifetcht 1 ,contr +5bc3 18467c09 sub temp ,gap_adtype_local_name_complete ,null +5bc4 2022dbce branch le_modified_name_adv_found_name ,zero +5bc5 9a40a400 iadd regb ,regb +5bc6 1a220c00 copy rega ,contr +5bc7 98007200 iforce loopcnt +5bc8 20407ccf call memcpy_fast +5bc9 18c22200 copy contr ,rega + +le_modified_name_adv_loop2: +5bca 1a227e00 deposit rega +5bcb 9a667c00 isub regc ,null +5bcc 20610000 rtn positive +5bcd 20205bbf branch le_modified_name_adv_loop + +le_modified_name_adv_found_name: +5bce 9a20a200 iadd rega ,rega +5bcf 20205bca branch le_modified_name_adv_loop2 + +memcpy_empty: +5bd0 58000020 setarg space +5bd1 e7e20005 istore 1 ,contw +5bd2 c2005bd0 loop memcpy_empty +5bd3 20600000 rtn + +le_lpm_set_mult: +5bd4 47194026 bpatchx patch26_2 ,mem_patch26 +5bd5 7855fc00 disable wake +5bd6 20375bd8 branch le_lpm_set_mult_attempt ,attempt +5bd7 2436dbe6 nbranch le_lpm_lost ,match + +le_lpm_set_mult_attempt: +5bd8 20404ba0 call lpm_match +5bd9 6fe440c1 fetch 2 ,mem_rx_window_sniff +5bda 67e40449 store 2 ,mem_le_receive_window +5bdb 2436cbb3 nbranch lpm_mult_short ,match +5bdc c507cbb3 bmark1 mark_old_packet ,lpm_mult_short +5bdd 6fe244dd fetch 1 ,mem_le_packet_size +5bde 243a4bb3 nbranch lpm_mult_short ,blank +5bdf 6fe243af fetch 1 ,mem_le_txlen +5be0 243a4bb3 nbranch lpm_mult_short ,blank +5be1 6fe244bb fetch 1 ,mem_le_configuration +5be2 c282cbb3 bbit1 bit_ble_short_mult ,lpm_mult_short +5be3 6fe2043b fetch 1 ,mem_le_state +5be4 c282cbb3 bbit1 lestate_update_param ,lpm_mult_short +5be5 20204b95 branch lpm_mult_wait_timeout + +le_lpm_lost: +5be6 684440c1 fetcht 2 ,mem_rx_window_sniff +5be7 18430400 rshift temp ,temp +5be8 6fe40449 fetch 2 ,mem_le_receive_window +5be9 9840fe00 iadd temp ,pdata +5bea 67e40449 store 2 ,mem_le_receive_window +5beb 20204bab branch lpm_lost + +le_set_config_fixed_tk: +5bec d8e00000 arg bit_ble_passkey_fixed_key ,queue +5bed 20205c04 branch le_set_config + +le_clr_config_fixed_tk: +5bee d8e00000 arg bit_ble_passkey_fixed_key ,queue +5bef 20205c08 branch le_clr_config + +le_set_config_fixed_ltk: +5bf0 d8e00001 arg bit_ble_pairing_fixed_ltk ,queue +5bf1 20205c04 branch le_set_config + +le_clr_config_fixed_ltk: +5bf2 d8e00001 arg bit_ble_pairing_fixed_ltk ,queue +5bf3 20205c08 branch le_clr_config + +le_set_config_more_data: +5bf4 d8e00002 arg bit_ble_transmit_packet_by_md ,queue +5bf5 20205c04 branch le_set_config + +le_clr_config_more_data: +5bf6 d8e00002 arg bit_ble_transmit_packet_by_md ,queue +5bf7 20205c08 branch le_clr_config + +le_set_config_read_authentication: +5bf8 d8e00003 arg bit_ble_read_auth ,queue +5bf9 20205c04 branch le_set_config + +le_clr_config_read_authentication: +5bfa d8e00003 arg bit_ble_read_auth ,queue +5bfb 20205c08 branch le_clr_config + +le_set_config_write_authentication: +5bfc d8e00004 arg bit_ble_write_auth ,queue +5bfd 20205c04 branch le_set_config + +le_clr_config_write_authentication: +5bfe d8e00004 arg bit_ble_write_auth ,queue +5bff 20205c08 branch le_clr_config + +le_set_config_short_mult: +5c00 d8e00005 arg bit_ble_short_mult ,queue +5c01 20205c04 branch le_set_config + +le_clr_config_short_mult: +5c02 d8e00005 arg bit_ble_short_mult ,queue +5c03 20205c08 branch le_clr_config + +le_set_config: +5c04 6fe244bb fetch 1 ,mem_le_configuration +5c05 f9207e00 qset1 pdata +5c06 67e244bb store 1 ,mem_le_configuration +5c07 20600000 rtn + +le_clr_config: +5c08 6fe244bb fetch 1 ,mem_le_configuration +5c09 f93ffe00 qset0 pdata +5c0a 67e244bb store 1 ,mem_le_configuration +5c0b 20600000 rtn + +le_set_fixed_ltk: +5c0c 58112233 setarg 0x112233 +5c0d 67e644bc store 3 ,mem_le_fixed_ltk +5c0e 58445566 setarg 0x445566 +5c0f e7e60005 istore 3 ,contw +5c10 58778899 setarg 0x778899 +5c11 e7e60005 istore 3 ,contw +5c12 58001122 setarg 0x001122 +5c13 e7e60005 istore 3 ,contw +5c14 58334455 setarg 0x334455 +5c15 e7e60005 istore 3 ,contw +5c16 58000066 setarg 0x66 +5c17 e7e20005 istore 1 ,contw +5c18 20600000 rtn + +le_set_justwork: +5c19 59000302 setarg 0x01000302 +5c1a 67e84425 store 4 ,mem_le_pres +5c1b 58010010 setarg 0x010010 +5c1c 67e64429 store 3 ,mem_le_pres_max_keysize +5c1d 70449801 jam 1 ,mem_le_pairing_mode +5c1e 20600000 rtn + +le_fifo_malloc_tx_empty: +5c1f da200000 arg 0 ,rega +5c20 d8200001 arg llid_empty ,type +5c21 20205c30 branch le_fifo_malloc_tx + +le_fifo_malloc_tx_ll: +5c22 d8200003 arg llid_le_ll ,type +5c23 20405c30 call le_fifo_malloc_tx +5c24 1a427e00 copy regb ,pdata +5c25 e7e20005 istore 1 ,contw +5c26 20600000 rtn + +le_fifo_malloc_tx_l2cap: +5c27 18000202 force llid_l2cap_start ,type +5c28 1a20a204 increase 4 ,rega +5c29 20405c30 call le_fifo_malloc_tx +5c2a 1a20a3fc increase -4 ,rega +5c2b 1a227e00 copy rega ,pdata +5c2c e7e40005 istore 2 ,contw +5c2d 1a427e00 copy regb ,pdata +5c2e e7e40005 istore 2 ,contw +5c2f 20600000 rtn + +le_fifo_malloc_tx: +5c30 1a267cf0 sub rega ,240 ,null +5c31 24214a8b nbranch assert ,positive +5c32 6fe244d1 fetch 1 ,mem_le_tx_buff_used +5c33 d8400001 arg 1 ,temp +5c34 df200004 arg le_tx_buff_count ,loopcnt + +le_fifo_malloc_tx_loop: +5c35 98417c00 iand temp ,null +5c36 2022dc3a branch le_fifo_malloc_tx_got_empty ,zero +5c37 18438400 lshift temp ,temp +5c38 c2005c35 loop le_fifo_malloc_tx_loop +5c39 20204a8b branch assert + +le_fifo_malloc_tx_got_empty: +5c3a 9842fe00 ixor temp ,pdata +5c3b 67e244d1 store 1 ,mem_le_tx_buff_used +5c3c 1f267e04 sub loopcnt ,le_tx_buff_count ,pdata +5c3d 1ff27e00 lshift4 pdata ,pdata +5c3e 1ff27e00 lshift4 pdata ,pdata +5c3f d8401800 arg mem_le_tx_buffer0 ,temp +5c40 98408400 iadd temp ,temp + +le_fifo_tx_find_empty_ptr: +5c41 df200000 arg 0 ,loopcnt +5c42 d8c044d2 arg mem_le_tx_ptr0 ,contr + +le_fifo_tx_find_empty_ptr_loop: +5c43 efe40006 ifetch 2 ,contr +5c44 203a5c49 branch le_fifo_tx_found_empty_ptr ,blank +5c45 1f227e00 copy loopcnt ,pdata +5c46 1f20f201 increase 1 ,loopcnt +5c47 c0825c43 bne le_tx_buff_count ,le_fifo_tx_find_empty_ptr_loop +5c48 20204a8b branch assert + +le_fifo_tx_found_empty_ptr: +5c49 18c08dfe increase -2 ,contr +5c4a e0440006 istoret 2 ,contr +5c4b 18420a00 copy temp ,contw +5c4c 1a227e00 copy rega ,pdata +5c4d e7e20005 istore 1 ,contw +5c4e 58000000 setarg 0 +5c4f e7e20005 istore 1 ,contw +5c50 18227e00 copy type ,pdata +5c51 e7e20005 istore 1 ,contw +5c52 20600000 rtn + +le_fifo_get_first_tx_ptr: +5c53 6fe444d2 fetch 2 ,mem_le_tx_ptr0 +5c54 1fe20c00 copy pdata ,contr +5c55 20600000 rtn + +le_fifo_get_second_tx_ptr: +5c56 6fe444d4 fetch 2 ,mem_le_tx_ptr1 +5c57 1fe20c00 copy pdata ,contr +5c58 20600000 rtn + +le_fifo_get_last_tx_ptr: +5c59 20405c5c call le_fifo_get_last_tx_ptr0 +5c5a 1fe20c00 copy pdata ,contr +5c5b 20600000 rtn + +le_fifo_get_last_tx_ptr0: +5c5c 6fe444d8 fetch 2 ,mem_le_tx_ptr3 +5c5d 247a0000 nrtn blank +5c5e 6fe444d6 fetch 2 ,mem_le_tx_ptr2 +5c5f 247a0000 nrtn blank +5c60 6fe444d4 fetch 2 ,mem_le_tx_ptr1 +5c61 247a0000 nrtn blank +5c62 6fe444d2 fetch 2 ,mem_le_tx_ptr0 +5c63 20600000 rtn + +le_fifo_get_first_l2cap_ptr: +5c64 20405c53 call le_fifo_get_first_tx_ptr +5c65 18c08c03 increase 3 ,contr +5c66 20600000 rtn + +le_fifo_get_first_att_ptr: +5c67 20405c53 call le_fifo_get_first_tx_ptr +5c68 18c08c07 increase 7 ,contr +5c69 20600000 rtn + +le_fifo_get_last_att_ptr: +5c6a 20405c59 call le_fifo_get_last_tx_ptr +5c6b 18c08c07 increase 7 ,contr +5c6c 20600000 rtn + +le_fifo_get_last_l2cap_ptr: +5c6d 20405c59 call le_fifo_get_last_tx_ptr +5c6e 18c08c03 increase 3 ,contr +5c6f 20600000 rtn + +le_fifo_check_full: +5c70 6fe444d8 fetch 2 ,mem_le_tx_ptr3 +5c71 20600000 rtn + +le_fifo_check_nearly_full: +5c72 6fe444d6 fetch 2 ,mem_le_tx_ptr2 +5c73 20600000 rtn + +le_fifo_check_empty: +5c74 6fe444d2 fetch 2 ,mem_le_tx_ptr0 +5c75 20600000 rtn + +le_fifo_release_first_node: +5c76 6fe444d2 fetch 2 ,mem_le_tx_ptr0 +5c77 d8401800 arg mem_le_tx_buffer0 ,temp +5c78 98467e00 isub temp ,pdata +5c79 1ff1fe00 rshift4 pdata ,pdata +5c7a 1ff18e00 rshift4 pdata ,queue +5c7b 6fe244d1 fetch 1 ,mem_le_tx_buff_used +5c7c f93ffe00 qset0 pdata +5c7d 67e244d1 store 1 ,mem_le_tx_buff_used +5c7e df200000 arg 0 ,loopcnt + +le_fifo_release_first_node_loop: +5c7f 1f23fe00 lshift loopcnt ,pdata +5c80 d84044d4 arg mem_le_tx_ptr1 ,temp +5c81 98408400 iadd temp ,temp +5c82 efe40002 ifetch 2 ,temp +5c83 184085fe increase -2 ,temp +5c84 e7e40002 istore 2 ,temp +5c85 1f227e00 copy loopcnt ,pdata +5c86 1f20f201 increase 1 ,loopcnt +5c87 c081dc7f bne le_tx_buff_update_loopcnt ,le_fifo_release_first_node_loop +5c88 58000000 setarg 0 +5c89 e7e40002 istore 2 ,temp +5c8a 20600000 rtn + +le_parse_att: +5c8b efe60006 ifetch 3 ,contr +5c8c 67e60473 store 3 ,mem_le_att_opcode +5c8d c0015ca1 beq attop_exchange_mtu_request ,le_parse_att_exchange_mtu_request +5c8e c001dca9 beq attop_exchange_mtu_response ,le_parse_att_exchange_mtu_response +5c8f c0025cac beq attop_find_information_request ,le_parse_att_find_information_request +5c90 c0035cd2 beq attop_find_by_type_value_request ,le_parse_att_find_by_type_value_request +5c91 c0045d1f beq attop_read_by_type_request ,le_parse_att_read_by_type_request +5c92 c0055d9c beq attop_read_request ,le_parse_att_read_request +5c93 c0065dc4 beq attop_read_blob_request ,le_parse_att_read_blob_request +5c94 c0085dda beq attop_read_by_group_type_request ,le_parse_att_read_by_group_type_request +5c95 c0095e0f beq attop_write_request ,le_parse_att_write_request +5c96 c00b5e28 beq attop_prepare_write_request ,le_parse_att_prepare_write_request +5c97 c00c5e3b beq attop_execute_write_request ,le_parse_att_execute_write_request +5c98 c0295e40 beq attop_write_command ,le_parse_att_write_command +5c99 20600000 rtn + +le_send_att_exchange_mtu_requset: +5c9a 18002203 force 3 ,rega +5c9b 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5c9c 58000002 setarg attop_exchange_mtu_request +5c9d e7e20005 istore 1 ,contw +5c9e 6fe44478 fetch 2 ,mem_le_local_mtu +5c9f e7e40005 istore 2 ,contw +5ca0 20600000 rtn + +le_parse_att_exchange_mtu_request: +5ca1 20405ca9 call le_parse_att_exchange_mtu_response + +le_send_att_exchange_mtu_response: +5ca2 18002203 force 3 ,rega +5ca3 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5ca4 58000003 setarg attop_exchange_mtu_response +5ca5 e7e20005 istore 1 ,contw +5ca6 6fe44478 fetch 2 ,mem_le_local_mtu +5ca7 e7e40005 istore 2 ,contw +5ca8 20600000 rtn + +le_parse_att_exchange_mtu_response: +5ca9 1fecfe00 rshift8 pdata ,pdata +5caa 67e4447a store 2 ,mem_le_remote_mtu +5cab 20600000 rtn + +le_parse_att_find_information_request: +5cac 20405e91 call le_get_search_handle_start_end_common +5cad 20407dbf call enable_user +5cae 20205caf branch le_send_att_find_information_response + +le_send_att_find_information_response: +5caf d9600003 arg 3 ,timeup +5cb0 20405b36 call le_init_attlist_search + +le_send_att_find_information_res_loop: +5cb1 20405b3f call le_att_handle_inrange +5cb2 203a5cd0 branch le_send_att_find_information_res_end ,blank +5cb3 24215ccd nbranch le_send_att_find_information_res_next ,positive +5cb4 18c08dfe increase -2 ,contr +5cb5 20407c80 call store_contr +5cb6 20407c77 call get_contw +5cb7 24345cc1 nbranch le_send_att_find_information_res_store_info ,user +5cb8 20407c60 call push_stack_rega_b_c +5cb9 20407dc1 call disable_user +5cba 18002214 force 20 ,rega +5cbb 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5cbc 20407c70 call pop_stack_rega_b_c +5cbd 58000005 setarg attop_find_information_response +5cbe e7e20005 istore 1 ,contw +5cbf 58000001 setarg uuid_size_16bit +5cc0 e7e20005 istore 1 ,contw + +le_send_att_find_information_res_store_info: +5cc1 20407c7a call get_contr +5cc2 efe40006 ifetch 2 ,contr +5cc3 e7e40005 istore 2 ,contw +5cc4 efe20006 ifetch 1 ,contr +5cc5 1fe27200 copy pdata ,loopcnt +5cc6 20407cdc call memcpy +5cc7 20407c7d call store_contw +5cc8 196097ff increase -1 ,timeup +5cc9 2022dcd0 branch le_send_att_find_information_res_end ,zero + +le_send_att_find_information_res_cont: +5cca efe20006 ifetch 1 ,contr +5ccb 98c08c00 iadd contr ,contr +5ccc 20205cb1 branch le_send_att_find_information_res_loop + +le_send_att_find_information_res_next: +5ccd efe20006 ifetch 1 ,contr +5cce 98c08c00 iadd contr ,contr +5ccf 20205cca branch le_send_att_find_information_res_cont + +le_send_att_find_information_res_end: +5cd0 20345e56 branch le_send_att_error_response_notfound ,user +5cd1 20205e85 branch le_send_auto_len_by_mem + +le_parse_att_find_by_type_value_request: +5cd2 20405e91 call le_get_search_handle_start_end_common +5cd3 efe40006 ifetch 2 ,contr +5cd4 67e44444 store 2 ,mem_le_search_uuid +5cd5 20407c80 call store_contr +5cd6 d8a04430 arg mem_le_search_att_type_length ,contw +5cd7 6fe444ce fetch 2 ,mem_le_l2cap_size +5cd8 1fe0fff9 increase -7 ,pdata +5cd9 20405ab7 call le_get_search_common2 +5cda 20205ce5 branch le_send_att_find_by_type_value_response + +le_start_end_handle_check_1: +5cdb 78547c00 disable user +5cdc 6844442c fetcht 2 ,mem_le_search_handle_start +5cdd 6fe4442e fetch 2 ,mem_le_search_handle_end +5cde 98467c00 isub temp ,null +5cdf 24215ce2 nbranch le_start_end_handle_check_1_fail ,positive +5ce0 18427e00 deposit temp +5ce1 c1800000 rtnne 0 + +le_start_end_handle_check_1_fail: +5ce2 78347c00 enable user +5ce3 70047601 jam att_err_invalid_handle ,mem_le_err_code +5ce4 20205e57 branch le_send_att_error_response + +le_send_att_find_by_type_value_response: +5ce5 20405cdb call le_start_end_handle_check_1 +5ce6 20740000 rtn user +5ce7 68444444 fetcht 2 ,mem_le_search_uuid +5ce8 58002800 setarg uuid_gatt_primary_service +5ce9 98467c00 isub temp ,null +5cea 2022dcec branch le_send_att_find_by_type_value_res_primary ,zero +5ceb 20205e56 branch le_send_att_error_response_notfound + +le_send_att_find_by_type_value_res_primary: +5cec 7004b000 jam le_find_by_type_val_res_not_found ,mem_le_search_res +5ced 6844442c fetcht 2 ,mem_le_search_handle_start +5cee 60440a9e storet 2 ,mem_temp +5cef 20405b6c call le_att_get_handle_info +5cf0 243a5e56 nbranch le_send_att_error_response_notfound ,blank + +le_send_att_find_primary_search_loop: +5cf1 68440a9e fetcht 2 ,mem_temp +5cf2 20405b6c call le_att_get_handle_info +5cf3 243a5d05 nbranch le_send_att_error_response_notfound2 ,blank +5cf4 18c22200 copy contr ,rega +5cf5 6fe204af fetch 1 ,mem_le_curr_att_len +5cf6 1fe27200 copy pdata ,loopcnt +5cf7 68424430 fetcht 1 ,mem_le_search_att_type_length +5cf8 98467c00 isub temp ,null +5cf9 2422dd01 nbranch le_send_att_find_primary_search_loop1 ,zero +5cfa da404431 arg mem_le_search_att_type ,regb +5cfb 20407d63 call string_compare +5cfc 2022dd08 branch le_send_att_find_primary_search_end_start_handle_found ,zero +5cfd 6fe4049f fetch 2 ,mem_le_cur_uuid +5cfe 68444444 fetcht 2 ,mem_le_search_uuid +5cff 98467c00 isub temp ,null +5d00 2022dd10 branch le_send_att_find_primary_search_end_ending_handle_found ,zero + +le_send_att_find_primary_search_loop1: +5d01 6fe40a9e fetch 2 ,mem_temp +5d02 1fe0fe01 increase 1 ,pdata +5d03 67e40a9e store 2 ,mem_temp +5d04 20205cf1 branch le_send_att_find_primary_search_loop + +le_send_att_error_response_notfound2: +5d05 6fe204b0 fetch 1 ,mem_le_search_res +5d06 c000dd10 beq le_find_by_type_val_res_found_starting_handle ,le_send_att_find_primary_search_end_ending_handle_found +5d07 20205e56 branch le_send_att_error_response_notfound + +le_send_att_find_primary_search_end_start_handle_found: +5d08 6fe4049f fetch 2 ,mem_le_cur_uuid +5d09 68444444 fetcht 2 ,mem_le_search_uuid +5d0a 98467c00 isub temp ,null +5d0b 2422dd01 nbranch le_send_att_find_primary_search_loop1 ,zero +5d0c 7004b001 jam le_find_by_type_val_res_found_starting_handle ,mem_le_search_res +5d0d 68440a9e fetcht 2 ,mem_temp +5d0e 6044049a storet 2 ,mem_le_cur_handle_start +5d0f 20205d01 branch le_send_att_find_primary_search_loop1 + +le_send_att_find_primary_search_end_ending_handle_found: +5d10 6fe204b0 fetch 1 ,mem_le_search_res +5d11 c0005d01 beq le_find_by_type_val_res_not_found ,le_send_att_find_primary_search_loop1 +5d12 7004b002 jam le_find_by_type_val_res_found_ending_handle ,mem_le_search_res +5d13 68440a9e fetcht 2 ,mem_temp +5d14 184085ff increase -1 ,temp +5d15 6044049c storet 2 ,mem_le_cur_handle_end + +le_send_att_find_primary_search_end: +5d16 da200005 arg 5 ,rega +5d17 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5d18 58000007 setarg attop_find_by_type_value_response +5d19 e7e20005 istore 1 ,contw +5d1a 6fe4049a fetch 2 ,mem_le_cur_handle_start +5d1b e7e40005 istore 2 ,contw +5d1c 6fe4049c fetch 2 ,mem_le_cur_handle_end +5d1d e7e40005 istore 2 ,contw +5d1e 20600000 rtn + +le_parse_att_read_by_type_request: +5d1f 20405e91 call le_get_search_handle_start_end_common +5d20 20405abb call le_get_search_att_uuid +5d21 20205d22 branch le_send_att_read_by_type_response + +le_send_att_read_by_type_response: +5d22 6844442c fetcht 2 ,mem_le_search_handle_start +5d23 60440a9e storet 2 ,mem_temp +5d24 20405b36 call le_init_attlist_search +5d25 20405b4d call le_att_get_handle_ptr2 +5d26 18c08dfe increase -2 ,contr +5d27 18c27e00 copy contr ,pdata +5d28 67e40498 store 2 ,mem_le_cur_attlist_start_ptr +5d29 68444444 fetcht 2 ,mem_le_search_uuid +5d2a 58002a00 setarg uuid_chrctr_device_name +5d2b 98467c00 isub temp ,null +5d2c 2022dd88 branch le_send_att_read_by_type_res_device_name ,zero +5d2d 58002803 setarg uuid_gatt_characteristic +5d2e 98467c00 isub temp ,null +5d2f 2422dd70 nbranch le_send_att_read_by_type_res_not_characteristic ,zero +5d30 d9600002 arg 2 ,timeup + +le_send_att_read_by_type_response_loop: +5d31 20405e68 call le_att_check_handle_end +5d32 24215d4d nbranch le_send_att_read_by_type_response_end ,positive +5d33 68440a9e fetcht 2 ,mem_temp +5d34 20405b6a call le_att_get_handle_info_from_ptr +5d35 c000dd4d beq 1 ,le_send_att_read_by_type_response_end +5d36 20405e74 call le_att_same_uuid +5d37 2422dd4b nbranch le_send_att_read_by_type_response_next_handle ,zero +5d38 24345d4f nbranch le_send_att_read_by_type_res_found_next ,user +5d39 78547c00 disable user +5d3a da200014 arg 20 ,rega +5d3b 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5d3c 58000009 setarg attop_read_by_type_response +5d3d e7e20005 istore 1 ,contw +5d3e 18a26000 copy contw ,alarm +5d3f 18a08a01 increase 1 ,contw +5d40 20405d5d call le_send_att_read_by_type_write_properties +5d41 20405e64 call le_att_next_handle +5d42 20405b6a call le_att_get_handle_info_from_ptr +5d43 20405d64 call le_send_att_read_by_type_write_uuid +5d44 6fe2049e fetch 1 ,mem_le_cur_uuid_length +5d45 1fe0fe05 increase 5 ,pdata +5d46 e7e20030 istore 1 ,alarm +5d47 6fe2049e fetch 1 ,mem_le_cur_uuid_length +5d48 c0085d4d beq 16 ,le_send_att_read_by_type_response_end +5d49 196097ff increase -1 ,timeup +5d4a 2022dd4d branch le_send_att_read_by_type_response_end ,zero + +le_send_att_read_by_type_response_next_handle: +5d4b 20405e64 call le_att_next_handle +5d4c 20205d31 branch le_send_att_read_by_type_response_loop + +le_send_att_read_by_type_response_end: +5d4d 20345e56 branch le_send_att_error_response_notfound ,user +5d4e 20205e85 branch le_send_auto_len_by_mem + +le_send_att_read_by_type_res_found_next: +5d4f 20405e77 call le_store_att_record +5d50 20405e64 call le_att_next_handle +5d51 20405b6a call le_att_get_handle_info_from_ptr +5d52 6fe2049e fetch 1 ,mem_le_cur_uuid_length +5d53 c0085d4d beq 16 ,le_send_att_read_by_type_response_end +5d54 20407c77 call get_contw +5d55 6fe40a9e fetch 2 ,mem_temp +5d56 1fe0ffff increase -1 ,pdata +5d57 e7e40005 istore 2 ,contw +5d58 20405e81 call le_write_att_record_common +5d59 20405d64 call le_send_att_read_by_type_write_uuid +5d5a 196097ff increase -1 ,timeup +5d5b 2022dd4d branch le_send_att_read_by_type_response_end ,zero +5d5c 20205d4b branch le_send_att_read_by_type_response_next_handle + +le_send_att_read_by_type_write_properties: +5d5d 6fe40a9e fetch 2 ,mem_temp +5d5e e7e40005 istore 2 ,contw +5d5f 6fe204af fetch 1 ,mem_le_curr_att_len +5d60 1fe27200 copy pdata ,loopcnt +5d61 20407c7a call get_contr +5d62 20407ccf call memcpy_fast +5d63 20207c7d branch store_contw + +le_send_att_read_by_type_write_uuid: +5d64 20407c77 call get_contw +5d65 6fe40a9e fetch 2 ,mem_temp +5d66 e7e40005 istore 2 ,contw +5d67 20407c7d call store_contw +5d68 6fe2049e fetch 1 ,mem_le_cur_uuid_length +5d69 1fe27200 copy pdata ,loopcnt +5d6a 20407c77 call get_contw +5d6b 20407c7a call get_contr +5d6c 9f260c00 isub loopcnt ,contr +5d6d 18c08dff increase -1 ,contr +5d6e 20407ccf call memcpy_fast +5d6f 20207c7d branch store_contw + +le_send_att_read_by_type_res_not_characteristic: +5d70 6844442c fetcht 2 ,mem_le_search_handle_start +5d71 60440a9e storet 2 ,mem_temp + +le_send_att_read_by_type_res_not_char_loop: +5d72 20405e68 call le_att_check_handle_end +5d73 24215e56 nbranch le_send_att_error_response_notfound ,positive +5d74 20405b6a call le_att_get_handle_info_from_ptr +5d75 c000de56 beq 1 ,le_send_att_error_response_notfound +5d76 20405e74 call le_att_same_uuid +5d77 2422dd86 nbranch le_send_att_read_by_type_res_not_char_next ,zero + +le_send_att_read_by_type_res_not_char_common: +5d78 da200014 arg 20 ,rega +5d79 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5d7a 58000009 setarg attop_read_by_type_response +5d7b e7e20005 istore 1 ,contw +5d7c 6fe204af fetch 1 ,mem_le_curr_att_len +5d7d 1fe27200 copy pdata ,loopcnt +5d7e 1fe0fe02 increase 2 ,pdata +5d7f e7e20005 istore 1 ,contw +5d80 6fe40a9e fetch 2 ,mem_temp +5d81 e7e40005 istore 2 ,contw +5d82 20407c7a call get_contr +5d83 20407ccf call memcpy_fast +5d84 20407c7d call store_contw +5d85 20205e85 branch le_send_auto_len_by_mem + +le_send_att_read_by_type_res_not_char_next: +5d86 20405e64 call le_att_next_handle +5d87 20205d72 branch le_send_att_read_by_type_res_not_char_loop + +le_send_att_read_by_type_res_device_name: +5d88 d8402a00 arg uuid_chrctr_device_name ,temp +5d89 20405b5c call le_att_get_short_uuid_ptr +5d8a 207a0000 rtn blank +5d8b 18c08dfb increase -5 ,contr +5d8c efe40006 ifetch 2 ,contr +5d8d 67e40a9e store 2 ,mem_temp +5d8e da200014 arg 20 ,rega +5d8f 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5d90 58000009 setarg attop_read_by_type_response +5d91 e7e20005 istore 1 ,contw +5d92 6fe24381 fetch 1 ,mem_le_name_len +5d93 1fe27200 copy pdata ,loopcnt +5d94 1fe0fe02 increase 2 ,pdata +5d95 e7e20005 istore 1 ,contw +5d96 6fe40a9e fetch 2 ,mem_temp +5d97 e7e40005 istore 2 ,contw +5d98 d8c04382 arg mem_le_name ,contr +5d99 20407ccf call memcpy_fast +5d9a 20407c7d call store_contw +5d9b 20205e85 branch le_send_auto_len_by_mem + +le_parse_att_read_request: +5d9c 68440474 fetcht 2 ,mem_le_att_handle +5d9d 6fe244bb fetch 1 ,mem_le_configuration +5d9e c281ddbd bbit1 bit_ble_read_auth ,le_send_att_read_response_check_auth + +le_send_att_read_response: +5d9f 20405b4a call le_att_get_handle_ptr +5da0 203a5e56 branch le_send_att_error_response_notfound ,blank +5da1 18c08dfe increase -2 ,contr +5da2 efe40006 ifetch 2 ,contr +5da3 d8402a00 arg uuid_chrctr_device_name ,temp +5da4 98467c00 isub temp ,null +5da5 2022ddb3 branch le_send_device_name ,zero +5da6 efe20006 ifetch 1 ,contr +5da7 1fe67c16 sub pdata ,22 ,null +5da8 20215daa branch le_send_att_read_response_less ,positive +5da9 18007e16 force 22 ,pdata + +le_send_att_read_response_less: +5daa 1fe22600 copy pdata ,regc +5dab 20407c80 call store_contr +5dac 1a60a201 add regc ,1 ,rega +5dad 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5dae 5800000b setarg attop_read_response +5daf e7e20005 istore 1 ,contw +5db0 1a627200 copy regc ,loopcnt +5db1 20407c7a call get_contr +5db2 20207cdc branch memcpy + +le_send_device_name: +5db3 20407c80 call store_contr +5db4 6fe24381 fetch 1 ,mem_le_name_len +5db5 1fe0a201 add pdata ,1 ,rega +5db6 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5db7 5800000b setarg attop_read_response +5db8 e7e20005 istore 1 ,contw +5db9 6fe24381 fetch 1 ,mem_le_name_len +5dba 1fe27200 copy pdata ,loopcnt +5dbb d8c04382 arg mem_le_name ,contr +5dbc 20207cdc branch memcpy + +le_send_att_read_response_check_auth: +5dbd 6fe444cc fetch 2 ,mem_le_pairing_handle +5dbe 98467c00 isub temp ,null +5dbf 2422dd9f nbranch le_send_att_read_response ,zero +5dc0 20405e22 call le_check_encrypt_state +5dc1 24345d9f nbranch le_send_att_read_response ,user +5dc2 70047605 jam att_err_insufficient_authentication ,mem_le_err_code +5dc3 20205e57 branch le_send_att_error_response + +le_parse_att_read_blob_request: +5dc4 efe40006 ifetch 2 ,contr +5dc5 67e44430 store 2 ,mem_le_att_offset + +le_send_att_read_blob_response: +5dc6 da200014 arg 20 ,rega +5dc7 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5dc8 5800000d setarg attop_read_blob_response +5dc9 e7e20005 istore 1 ,contw +5dca 6fe44430 fetch 2 ,mem_le_att_offset +5dcb 98002200 iforce rega +5dcc 68440474 fetcht 2 ,mem_le_att_handle +5dcd 20405b4a call le_att_get_handle_ptr +5dce 203a5e56 branch le_send_att_error_response_notfound ,blank +5dcf efe20006 ifetch 1 ,contr +5dd0 9a267200 isub rega ,loopcnt +5dd1 24215e56 nbranch le_send_att_error_response_notfound ,positive +5dd2 1f267c16 sub loopcnt ,22 ,null +5dd3 20215dd5 branch le_send_att_read_blob_response_less ,positive +5dd4 18007216 force 22 ,loopcnt + +le_send_att_read_blob_response_less: +5dd5 1a227e00 deposit rega +5dd6 98c08c00 iadd contr ,contr +5dd7 20407ccf call memcpy_fast +5dd8 20407c7d call store_contw +5dd9 20205e85 branch le_send_auto_len_by_mem + +le_parse_att_read_by_group_type_request: +5dda 20405e91 call le_get_search_handle_start_end_common +5ddb 20405ab3 call le_get_search_att_type +5ddc 20205ddd branch le_send_att_read_by_group_type_response + +le_send_att_read_by_group_type_response: +5ddd d9600002 arg 2 ,timeup +5dde 6844442c fetcht 2 ,mem_le_search_handle_start +5ddf 60440a9e storet 2 ,mem_temp +5de0 20405b36 call le_init_attlist_search +5de1 20405b4d call le_att_get_handle_ptr2 +5de2 18c08dfe increase -2 ,contr +5de3 18c27e00 copy contr ,pdata +5de4 67e40498 store 2 ,mem_le_cur_attlist_start_ptr + +le_send_att_read_by_group_type_response_loop: +5de5 20405e68 call le_att_check_handle_end +5de6 24215e05 nbranch le_send_att_read_by_group_type_end0 ,positive +5de7 68440a9e fetcht 2 ,mem_temp +5de8 20405b6a call le_att_get_handle_info_from_ptr +5de9 c000de08 beq 1 ,le_send_att_read_by_group_type_end1 +5dea 20405e6c call le_att_same_type +5deb 2422de03 nbranch le_send_att_read_by_group_type_next_handle ,zero +5dec 19627e00 copy timeup ,pdata +5ded c0005e08 beq 0 ,le_send_att_read_by_group_type_end1 +5dee 24345df9 nbranch le_send_att_read_by_group_type_store_write_record ,user +5def 78547c00 disable user +5df0 da200014 arg 20 ,rega +5df1 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5df2 58000011 setarg attop_read_by_group_type_response +5df3 e7e20005 istore 1 ,contw +5df4 6fe204af fetch 1 ,mem_le_curr_att_len +5df5 1fe0fe04 increase 4 ,pdata +5df6 e7e20005 istore 1 ,contw +5df7 20407c7d call store_contw +5df8 20205dff branch le_send_att_read_by_group_type_store_record + +le_send_att_read_by_group_type_store_write_record: +5df9 6fe204af fetch 1 ,mem_le_curr_att_len +5dfa c0085e08 beq 16 ,le_send_att_read_by_group_type_end1 +5dfb 6fe40a9e fetch 2 ,mem_temp +5dfc 1fe0ffff increase -1 ,pdata +5dfd 67e4049c store 2 ,mem_le_cur_handle_end +5dfe 20405e7c call le_write_att_record + +le_send_att_read_by_group_type_store_record: +5dff 6fe40a9e fetch 2 ,mem_temp +5e00 67e4049a store 2 ,mem_le_cur_handle_start +5e01 20405e77 call le_store_att_record +5e02 196097ff increase -1 ,timeup + +le_send_att_read_by_group_type_next_handle: +5e03 20405e64 call le_att_next_handle +5e04 20205de5 branch le_send_att_read_by_group_type_response_loop + +le_send_att_read_by_group_type_end0: +5e05 6fe40a9e fetch 2 ,mem_temp +5e06 67e4049c store 2 ,mem_le_cur_handle_end +5e07 20205e0c branch le_send_att_read_by_group_type_end_common + +le_send_att_read_by_group_type_end1: +5e08 6fe40a9e fetch 2 ,mem_temp +5e09 1fe0ffff increase -1 ,pdata +5e0a 67e4049c store 2 ,mem_le_cur_handle_end +5e0b 20205e0c branch le_send_att_read_by_group_type_end_common + +le_send_att_read_by_group_type_end_common: +5e0c 20345e56 branch le_send_att_error_response_notfound ,user +5e0d 20405e7c call le_write_att_record +5e0e 20205e85 branch le_send_auto_len_by_mem + +le_parse_att_write_request: +5e0f 18c22200 copy contr ,rega +5e10 6fe444ce fetch 2 ,mem_le_l2cap_size +5e11 1fe0a5fd add pdata ,-3 ,regb +5e12 20405abe call le_writeatt_cb + +le_send_att_write_response_check_auth: +5e13 6fe244bb fetch 1 ,mem_le_configuration +5e14 c3025e1d bbit0 bit_ble_write_auth ,le_send_att_write_response +5e15 68440474 fetcht 2 ,mem_le_att_handle +5e16 6fe444cc fetch 2 ,mem_le_pairing_handle +5e17 98467c00 isub temp ,null +5e18 2422de1d nbranch le_send_att_write_response ,zero +5e19 20405e22 call le_check_encrypt_state +5e1a 24345e1d nbranch le_send_att_write_response ,user +5e1b 70047605 jam att_err_insufficient_authentication ,mem_le_err_code +5e1c 20205e57 branch le_send_att_error_response + +le_send_att_write_response: +5e1d 18002201 force 1 ,rega +5e1e 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5e1f 58000013 setarg attop_write_response +5e20 e7e20005 istore 1 ,contw +5e21 20600000 rtn + +le_check_encrypt_state: +5e22 20407dc1 call disable_user +5e23 6fe24498 fetch 1 ,mem_le_pairing_mode +5e24 c1000000 rtneq le_pairing_mode_none +5e25 6fe24040 fetch 1 ,mem_context +5e26 c3820000 rtnbit1 lestate_encryption +5e27 20207dbf branch enable_user + +le_parse_att_prepare_write_request: +5e28 18c0a202 add contr ,2 ,rega +5e29 6fe444ce fetch 2 ,mem_le_l2cap_size +5e2a 1fe0a5fb add pdata ,-5 ,regb +5e2b 20405abe call le_writeatt_cb +5e2c 20205e2d branch le_send_att_prepare_write_response + +le_send_att_prepare_write_response: +5e2d 6fe444ce fetch 2 ,mem_le_l2cap_size +5e2e 1fe22200 copy pdata ,rega +5e2f 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5e30 58000017 setarg attop_prepare_write_response +5e31 e7e20005 istore 1 ,contw +5e32 6fe40474 fetch 2 ,mem_le_att_handle +5e33 e7e40005 istore 2 ,contw +5e34 6fe444ce fetch 2 ,mem_le_l2cap_size +5e35 1fe0f3fb add pdata ,-5 ,loopcnt +5e36 6fe444df fetch 2 ,mem_le_payload_ptr +5e37 1fe08c07 add pdata ,7 ,contr +5e38 efe40006 ifetch 2 ,contr +5e39 e7e40005 istore 2 ,contw +5e3a 20207ccf branch memcpy_fast + +le_parse_att_execute_write_request: + +le_send_att_execute_write_response: +5e3b 18002201 force 1 ,rega +5e3c 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5e3d 58000019 setarg attop_execute_write_response +5e3e e7e20005 istore 1 ,contw +5e3f 20600000 rtn + +le_parse_att_write_command: +5e40 18c22200 copy contr ,rega +5e41 6fe444ce fetch 2 ,mem_le_l2cap_size +5e42 1fe0a5fd add pdata ,-3 ,regb +5e43 20205abe branch le_writeatt_cb + +le_att_malloc_tx_notify: +5e44 18422600 copy temp ,regc +5e45 1a20a203 increase 3 ,rega +5e46 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5e47 1a20a3fd increase -3 ,rega +5e48 5800001b setarg attop_handle_value_notification +5e49 e7e20005 istore 1 ,contw +5e4a 1a620400 copy regc ,temp +5e4b e0440005 istoret 2 ,contw +5e4c 20600000 rtn + +le_att_malloc_tx_indication: +5e4d 18422600 copy temp ,regc +5e4e 1a20a203 increase 3 ,rega +5e4f 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5e50 1a20a3fd increase -3 ,rega +5e51 5800001d setarg attop_handle_value_indication +5e52 e7e20005 istore 1 ,contw +5e53 1a620400 copy regc ,temp +5e54 e0440005 istoret 2 ,contw +5e55 20600000 rtn + +le_send_att_error_response_notfound: +5e56 7004760a jam att_err_attribute_not_found ,mem_le_err_code + +le_send_att_error_response: +5e57 18002205 force 5 ,rega +5e58 20405e62 call le_fifo_malloc_tx_l2cap_gatt +5e59 58000001 setarg attop_error_response +5e5a e7e20005 istore 1 ,contw +5e5b 6fe20473 fetch 1 ,mem_le_att_opcode +5e5c e7e20005 istore 1 ,contw +5e5d 6fe40474 fetch 2 ,mem_le_att_handle +5e5e e7e40005 istore 2 ,contw +5e5f 6fe20476 fetch 1 ,mem_le_err_code +5e60 e7e20005 istore 1 ,contw +5e61 20600000 rtn + +le_fifo_malloc_tx_l2cap_gatt: +5e62 18002404 force le_l2cap_cid_att ,regb +5e63 20205c27 branch le_fifo_malloc_tx_l2cap + +le_att_next_handle: +5e64 68440a9e fetcht 2 ,mem_temp +5e65 18408401 increase 1 ,temp +5e66 60440a9e storet 2 ,mem_temp +5e67 20600000 rtn + +le_att_check_handle_end: +5e68 68440a9e fetcht 2 ,mem_temp +5e69 6fe4442e fetch 2 ,mem_le_search_handle_end +5e6a 98467c00 isub temp ,null +5e6b 20600000 rtn + +le_att_same_type: +5e6c 68424430 fetcht 1 ,mem_le_search_att_type_length +5e6d da204431 arg mem_le_search_att_type ,rega + +le_att_check_same_common: +5e6e 6fe2049e fetch 1 ,mem_le_cur_uuid_length +5e6f 1fe27200 copy pdata ,loopcnt +5e70 98467c00 isub temp ,null +5e71 24628000 nrtn zero +5e72 da40049f arg mem_le_cur_uuid ,regb +5e73 20207d63 branch string_compare + +le_att_same_uuid: +5e74 68424443 fetcht 1 ,mem_le_search_uuid_length +5e75 da204444 arg mem_le_search_uuid ,rega +5e76 20205e6e branch le_att_check_same_common + +le_store_att_record: +5e77 6fe204af fetch 1 ,mem_le_curr_att_len +5e78 67e200ff store 1 ,mem_tmp_buffer +5e79 1fe27200 copy pdata ,loopcnt +5e7a 20407c7a call get_contr +5e7b 20207ccf branch memcpy_fast + +le_write_att_record: +5e7c 20407c77 call get_contw +5e7d 6fe4049a fetch 2 ,mem_le_cur_handle_start +5e7e e7e40005 istore 2 ,contw +5e7f 6fe4049c fetch 2 ,mem_le_cur_handle_end +5e80 e7e40005 istore 2 ,contw + +le_write_att_record_common: +5e81 6fe200ff fetch 1 ,mem_tmp_buffer +5e82 1fe27200 copy pdata ,loopcnt +5e83 20407ccf call memcpy_fast +5e84 20207c7d branch store_contw + +le_send_auto_len_by_mem: +5e85 20407c77 call get_contw +5e86 20405c6a call le_fifo_get_last_att_ptr +5e87 18a27e00 copy contw ,pdata +5e88 98c62200 isub contr ,rega +5e89 20405c6d call le_fifo_get_last_l2cap_ptr +5e8a 1a227e00 copy rega ,pdata +5e8b e7e40006 istore 2 ,contr +5e8c 1a20a204 increase 4 ,rega +5e8d 20405c59 call le_fifo_get_last_tx_ptr +5e8e 1a227e00 copy rega ,pdata +5e8f e7e20006 istore 1 ,contr +5e90 20600000 rtn + +le_get_search_handle_start_end_common: +5e91 1fecfe00 rshift8 pdata ,pdata +5e92 67e4442c store 2 ,mem_le_search_handle_start +5e93 efe40006 ifetch 2 ,contr +5e94 67e4442e store 2 ,mem_le_search_handle_end +5e95 20600000 rtn + +le_parse_signaling: +5e96 efe20006 ifetch 1 ,contr +5e97 e8420006 ifetcht 1 ,contr +5e98 e8440006 ifetcht 2 ,contr +5e99 c009de9b beq l2cap_connection_parameter_update_response ,le_l2cap_parse_conn_parameter_update_rsp +5e9a 20600000 rtn + +le_l2cap_parse_conn_parameter_update_rsp: +5e9b efe40006 ifetch 2 ,contr +5e9c 67e444db store 2 ,mem_le_l2cap_signaling_conn_param_update_rsp_result +5e9d 700a9540 jam bt_evt_le_parse_conn_papa_update_rsp ,mem_fifo_temp +5e9e 20207bab branch ui_ipc_send_event + +le_l2cap_tx_update_req: +5e9f da20000c arg 0x0c ,rega +5ea0 da600012 arg l2cap_connection_parameter_update_request ,regc +5ea1 20405ea7 call le_fifo_malloc_tx_l2cap_signaling +5ea2 58000008 setarg 0x08 +5ea3 e7e40005 istore 2 ,contw +5ea4 6ff04468 fetch 8 ,mem_le_interval_min +5ea5 e7f00005 istore 8 ,contw +5ea6 20600000 rtn + +le_fifo_malloc_tx_l2cap_signaling: +5ea7 20405eaf call le_l2cap_update_signaling_identifier +5ea8 da400005 arg le_l2cap_cid_signal ,regb +5ea9 20405c27 call le_fifo_malloc_tx_l2cap +5eaa 1a627e00 copy regc ,pdata +5eab e7e20005 istore 1 ,contw +5eac 6fe244da fetch 1 ,mem_le_signaling_identifier +5ead e7e20005 istore 1 ,contw +5eae 20600000 rtn + +le_l2cap_update_signaling_identifier: +5eaf 6fe244da fetch 1 ,mem_le_signaling_identifier +5eb0 1fe0fe01 pincrease 1 +5eb1 67e244da store 1 ,mem_le_signaling_identifier +5eb2 c1800000 rtnne 0 + +le_l2cap_reset_signaling_identifier: +5eb3 7044da01 jam 1 ,mem_le_signaling_identifier +5eb4 20600000 rtn + +le_pairing_mode_init: +5eb5 6fe24498 fetch 1 ,mem_le_pairing_mode +5eb6 c0005ec4 beq le_pairing_mode_none ,le_set_no_pairing +5eb7 c000dec7 beq le_pairing_mode_lagacy_justwork ,le_set_pairing_mode_lagacy_just_work +5eb8 c0015ec9 beq le_pairing_mode_lagacy_passkey ,le_set_pairing_mode_lagacy_passkey +5eb9 c040debd beq le_pairing_mode_secure_connect_justwork ,le_set_pairing_mode_secure_justwork +5eba c0415ebf beq le_pairing_mode_secure_connect_numeric ,le_set_pairing_mode_secure_numeric +5ebb c041dec2 beq le_pairing_mode_secure_connect_passkey ,le_set_pairing_mode_secure_passkey +5ebc 20600000 rtn + +le_set_pairing_mode_secure_justwork: +5ebd 7044280d jam flag_le_bonding_mitm_secure ,mem_le_pres_auth +5ebe 20205ec5 branch le_set_noinputnooutput + +le_set_pairing_mode_secure_numeric: +5ebf 7044280d jam flag_le_bonding_mitm_secure ,mem_le_pres_auth +5ec0 70442601 jam flag_iocap_displayyesno ,mem_le_pres_iocap +5ec1 20600000 rtn + +le_set_pairing_mode_secure_passkey: +5ec2 7044280d jam flag_le_bonding_mitm_secure ,mem_le_pres_auth +5ec3 20205eca branch le_set_displayonly + +le_set_no_pairing: +5ec4 70442800 jam flag_le_no_bonding_no_mitm ,mem_le_pres_auth + +le_set_noinputnooutput: +5ec5 70442603 jam flag_iocap_noinputnooutput ,mem_le_pres_iocap +5ec6 20600000 rtn + +le_set_pairing_mode_lagacy_just_work: +5ec7 70442805 jam flag_le_bonding_mitm ,mem_le_pres_auth +5ec8 20205ec5 branch le_set_noinputnooutput + +le_set_pairing_mode_lagacy_passkey: +5ec9 70442805 jam flag_le_bonding_mitm ,mem_le_pres_auth + +le_set_displayonly: +5eca 70442600 jam flag_iocap_displayonly ,mem_le_pres_iocap +5ecb 20600000 rtn + +le_secure_connection_enable: +5ecc 6fe24428 fetch 1 ,mem_le_pres_auth +5ecd 79207e03 set1 le_auth_secure_connection_pairing_bit ,pdata +5ece 67e24428 store 1 ,mem_le_pres_auth +5ecf 20600000 rtn + +le_secure_connection_disable: +5ed0 6fe24428 fetch 1 ,mem_le_pres_auth +5ed1 793ffe03 set0 le_auth_secure_connection_pairing_bit ,pdata +5ed2 67e24428 store 1 ,mem_le_pres_auth +5ed3 20600000 rtn + +le_parse_smp: +5ed4 efe20006 ifetch 1 ,contr +5ed5 c000dee9 beq smp_pairing_request ,le_parse_smp_pairing_request +5ed6 c001df10 beq smp_pairing_confirm ,le_parse_smp_pairing_confirm +5ed7 c0025f2d beq smp_pairing_random ,le_parse_smp_pairing_random +5ed8 c002df3a beq smp_pairing_failed ,le_parse_smp_pairing_failed +5ed9 c0035f60 beq smp_encryption_information ,le_parse_smp_encryption_information +5eda c003dfa4 beq smp_master_identification ,le_parse_smp_master_identification +5edb c0045f8f beq smp_identity_information ,le_parse_smp_identity_information +5edc c004dfa0 beq smp_identity_address_information ,le_parse_smp_identity_address_information +5edd c0055fa4 beq smp_signing_information ,le_parse_smp_signing_information +5ede c005dfa4 beq smp_security_request ,le_parse_smp_security_request +5edf c0065fa5 beq smp_pairing_public_key ,le_parse_smp_public_key +5ee0 c006dfaa beq smp_pairing_dhkey_check ,le_parse_smp_dhkey_check +5ee1 20600000 rtn + +le_send_smp_security_request: +5ee2 18002202 force 2 ,rega +5ee3 20406042 call le_fifo_malloc_tx_l2cap_smp +5ee4 5800000b setarg smp_security_request +5ee5 e7e20005 istore 1 ,contw +5ee6 6fe24428 fetch 1 ,mem_le_pres_auth +5ee7 e7e20005 istore 1 ,contw +5ee8 20600000 rtn + +le_parse_smp_pairing_request: +5ee9 67e2441e store 1 ,mem_le_preq +5eea efec0006 ifetch 6 ,contr +5eeb e7ec0005 istore 6 ,contw +5eec 6fe24498 fetch 1 ,mem_le_pairing_mode +5eed c0005f3f beq le_pairing_mode_none ,le_smp_pairing_fail_reason_not_support_pairing +5eee 20405f0b call le_send_smp_pairing_response +5eef 20405f06 call le_check_master_support_secure_connect +5ef0 70449603 jam flag_le_pairing_rcv_pairing_req ,mem_le_pairing_state +5ef1 6fe2441f fetch 1 ,mem_le_preq_iocap +5ef2 c0005ef8 beq flag_iocap_displayonly ,le_set_tk_0 +5ef3 c000def8 beq flag_iocap_displayyesno ,le_set_tk_0 +5ef4 c001def8 beq flag_iocap_noinputnooutput ,le_set_tk_0 +5ef5 6fe24498 fetch 1 ,mem_le_pairing_mode +5ef6 c0015efb beq le_pairing_mode_lagacy_passkey ,le_parse_smp_pairing_req_passkey +5ef7 c1418000 rtneq le_pairing_mode_secure_connect_passkey + +le_set_tk_0: +5ef8 dfe00000 arg 0 ,pdata +5ef9 67e84499 store 4 ,mem_le_tk +5efa 20600000 rtn + +le_parse_smp_pairing_req_passkey: +5efb 6fe244bb fetch 1 ,mem_le_configuration +5efc c2805f04 bbit1 bit_ble_passkey_fixed_key ,le_parse_smp_pairing_req_fixed_passkey + +le_genernate_tk: +5efd da204499 arg mem_le_tk ,rega +5efe 1a220a00 copy rega ,contw +5eff df200003 arg 3 ,loopcnt +5f00 204066ef call generate_random_loop +5f01 6fe4449b fetch 2 ,mem_le_tk + 2 +5f02 1fe17e07 and_into 0x7 ,pdata +5f03 67e4449b store 2 ,mem_le_tk + 2 + +le_parse_smp_pairing_req_fixed_passkey: +5f04 700a9534 jam bt_evt_le_tk_generate ,mem_fifo_temp +5f05 20207bab branch ui_ipc_send_event + +le_check_master_support_secure_connect: +5f06 6fe24421 fetch 1 ,mem_le_preq_auth +5f07 c3818000 rtnbit1 le_auth_secure_connection_pairing_bit +5f08 6fe24498 fetch 1 ,mem_le_pairing_mode +5f09 c4038000 rtnbit0 le_pairing_mode_secure_connect_bit +5f0a 20204d7d branch app_ble_disconnect + +le_send_smp_pairing_response: +5f0b 18002207 force 7 ,rega +5f0c 20406042 call le_fifo_malloc_tx_l2cap_smp +5f0d 6fee4425 fetch 7 ,mem_le_pres +5f0e e7ee0005 istore 7 ,contw +5f0f 20600000 rtn + +le_parse_smp_pairing_confirm: +5f10 18c22200 copy contr ,rega +5f11 6fe24498 fetch 1 ,mem_le_pairing_mode +5f12 c041df17 beq le_pairing_mode_secure_connect_passkey ,le_parse_smp_pairing_confirm_secure_passkey +5f13 1a220c00 copy rega ,contr +5f14 d8a043fc arg mem_le_rconfirm ,contw +5f15 20407c9a call memcpy16 +5f16 20205f1d branch le_send_smp_pairing_confirm + +le_parse_smp_pairing_confirm_secure_passkey: +5f17 1a220c00 copy rega ,contr +5f18 d8a043fc arg mem_le_rconfirm ,contw +5f19 20407c9a call memcpy16 +5f1a 70449102 jam le_sp_flag_commit_256 ,mem_le_secure_connect_flag +5f1b 70449308 jam le_sc_stat_passkey_wait_confirm ,mem_le_secure_connect_state +5f1c 20600000 rtn + +le_send_smp_pairing_confirm: +5f1d 6fe24498 fetch 1 ,mem_le_pairing_mode +5f1e c283df25 bbit1 le_pairing_mode_secure_connect_bit ,le_send_smp_pairing_confirm_sc +5f1f 20407252 call generate_confirm +5f20 18002211 force 17 ,rega +5f21 20406042 call le_fifo_malloc_tx_l2cap_smp +5f22 58000003 setarg smp_pairing_confirm +5f23 e7e20005 istore 1 ,contw +5f24 2020734c branch store_aes_result + +le_send_smp_pairing_confirm_sc: +5f25 d8a0440c arg mem_le_srand ,contw +5f26 204066ee call generate_random +5f27 20407084 call function_f4_cb +5f28 18002211 force 17 ,rega +5f29 20406042 call le_fifo_malloc_tx_l2cap_smp +5f2a 58000003 setarg smp_pairing_confirm +5f2b e7e20005 istore 1 ,contw +5f2c 202070c0 branch load_inverse_result + +le_parse_smp_pairing_random: +5f2d 18c22200 copy contr ,rega +5f2e 6fe24498 fetch 1 ,mem_le_pairing_mode +5f2f c283df41 bbit1 le_pairing_mode_secure_connect_bit ,le_parse_smp_pairing_random_sc +5f30 1a220c00 copy rega ,contr +5f31 2040724a call authenticate_rconfirm +5f32 2022df55 branch le_parse_smp_pairing_random_success ,zero + +le_send_pairing_confirm_value_failed: +5f33 70047704 jam pairing_failed_confirm_value_failed ,mem_le_ll_pairing_fail_reason + +le_send_pairing_failed: +5f34 18002202 force 2 ,rega +5f35 20406042 call le_fifo_malloc_tx_l2cap_smp +5f36 58000005 setarg smp_pairing_failed +5f37 e7e20005 istore 1 ,contw +5f38 6fe20477 fetch 1 ,mem_le_ll_pairing_fail_reason +5f39 e7e20005 istore 1 ,contw + +le_parse_smp_pairing_failed: +5f3a 18000e0a force smp_pairing_timer ,queue +5f3b 20407ce2 call timer_stop +5f3c 70449600 jam flag_le_pairing_null ,mem_le_pairing_state +5f3d 700a9530 jam bt_evt_le_pairing_fail ,mem_fifo_temp +5f3e 20207bab branch ui_ipc_send_event + +le_smp_pairing_fail_reason_not_support_pairing: +5f3f 70047705 jam pairing_failed_pairing_not_supported ,mem_le_ll_pairing_fail_reason +5f40 20205f34 branch le_send_pairing_failed + +le_parse_smp_pairing_random_sc: +5f41 d8a0042b arg mem_le_mrand ,contw +5f42 1a220c00 copy rega ,contr +5f43 20407c9a call memcpy16 +5f44 6fe24498 fetch 1 ,mem_le_pairing_mode +5f45 c041df4c beq le_pairing_mode_secure_connect_passkey ,le_parse_smp_pairing_random_sc_passkey +5f46 2040700e call function_g2 +5f47 20405f5a call le_send_smp_pairing_random +5f48 6fe24498 fetch 1 ,mem_le_pairing_mode +5f49 c1c10000 rtnne le_pairing_mode_secure_connect_numeric +5f4a 700a953b jam bt_evt_le_gkey_generate ,mem_fifo_temp +5f4b 20207bab branch ui_ipc_send_event + +le_parse_smp_pairing_random_sc_passkey: +5f4c 20407079 call function_f4_ca +5f4d d8a00aee arg mem_aes_cmac_temp ,contw +5f4e 204070c0 call load_inverse_result +5f4f da200aee arg mem_aes_cmac_temp ,rega +5f50 da4043fc arg mem_le_rconfirm ,regb +5f51 df200010 arg 16 ,loopcnt +5f52 20407d63 call string_compare +5f53 2422df33 nbranch le_send_pairing_confirm_value_failed ,zero +5f54 20205f5a branch le_send_smp_pairing_random + +le_parse_smp_pairing_random_success: +5f55 20407246 call generate_stk +5f56 700a9531 jam bt_evt_le_pairing_success ,mem_fifo_temp +5f57 20407bab call ui_ipc_send_event +5f58 7043fb01 jam 1 ,mem_ltk_exists +5f59 70449605 jam flag_le_pairing_after_auth ,mem_le_pairing_state + +le_send_smp_pairing_random: +5f5a 18002211 force 17 ,rega +5f5b 20406042 call le_fifo_malloc_tx_l2cap_smp +5f5c 58000004 setarg smp_pairing_random +5f5d e7e20005 istore 1 ,contw +5f5e d8c0440c arg mem_le_srand ,contr +5f5f 20207c9a branch memcpy16 + +le_parse_smp_encryption_information: +5f60 d8a0041b arg mem_le_peer_ltk ,contw +5f61 20207c9a branch memcpy16 + +le_send_smp_encryption_information: +5f62 18002211 force 17 ,rega +5f63 20406042 call le_fifo_malloc_tx_l2cap_smp +5f64 58000006 setarg smp_encryption_information +5f65 e7e20005 istore 1 ,contw +5f66 6fe244bb fetch 1 ,mem_le_configuration +5f67 c280df6a bbit1 bit_ble_pairing_fixed_ltk ,le_send_fixed_ltk +5f68 d8c043eb arg mem_le_ltk ,contr +5f69 20207c9a branch memcpy16 + +le_send_fixed_ltk: +5f6a d8c044bc arg mem_le_fixed_ltk ,contr +5f6b 20207c9a branch memcpy16 + +le_send_smp_master_identification: +5f6c d8a0449d arg mem_le_ediv ,contw +5f6d 1800720a force 10 ,loopcnt +5f6e 204066ef call generate_random_loop +5f6f 1800220b force 11 ,rega +5f70 20406042 call le_fifo_malloc_tx_l2cap_smp +5f71 58000007 setarg smp_master_identification +5f72 e7e20005 istore 1 ,contw +5f73 6fe4449d fetch 2 ,mem_le_ediv +5f74 e7e40005 istore 2 ,contw +5f75 6ff0449f fetch 8 ,mem_le_rand +5f76 e7f00005 istore 8 ,contw +5f77 20600000 rtn + +le_send_smp_identity_information: +5f78 18002211 force 17 ,rega +5f79 20406042 call le_fifo_malloc_tx_l2cap_smp +5f7a 58000008 setarg smp_identity_information +5f7b e7e20005 istore 1 ,contw +5f7c 58000000 setarg 0 +5f7d e7f00005 istore 8 ,contw +5f7e e7f00005 istore 8 ,contw +5f7f 20600000 rtn + +le_send_smp_identity_address_information: +5f80 18002208 force 8 ,rega +5f81 20406042 call le_fifo_malloc_tx_l2cap_smp +5f82 58000009 setarg smp_identity_address_information +5f83 e7e20005 istore 1 ,contw +5f84 6fe24467 fetch 1 ,mem_le_conn_own_addr_type +5f85 e7e20005 istore 1 ,contw +5f86 6fec4472 fetch 6 ,mem_le_lap +5f87 e7ec0005 istore 6 ,contw +5f88 20600000 rtn + +le_send_pairing_fail_unspecified_reason: +5f89 70047708 jam pairing_failed_unspecified_reason ,mem_le_ll_pairing_fail_reason +5f8a 20205f34 branch le_send_pairing_failed + +le_check_init_key_distribution: +5f8b 6fe2442a fetch 1 ,mem_le_pres_init_key_distribution +5f8c 6842442a fetcht 1 ,mem_le_pres_init_key_distribution +5f8d 98417e00 iand temp ,pdata +5f8e 20600000 rtn + +le_parse_smp_identity_information: +5f8f d8a044a7 arg mem_le_irk ,contw +5f90 20407c9a call memcpy16 +5f91 20405f8b call le_check_init_key_distribution +5f92 2fec0001 isolate0 le_initator_irk_bit ,pdata +5f93 2020df89 branch le_send_pairing_fail_unspecified_reason ,true +5f94 6fe24092 fetch 1 ,mem_device_option +5f95 c1850000 rtnne dvc_op_module +5f96 20405f99 call le_check_master_addr_type +5f97 24740000 nrtn user +5f98 20204d8b branch app_ble_store_reconn_info + +le_check_master_addr_type: +5f99 20407dc1 call disable_user +5f9a 6fe24460 fetch 1 ,mem_le_conn_peer_addr_type +5f9b c1000000 rtneq master_public_addr +5f9c 6fe20450 fetch 1 ,mem_le_plap + 5 +5f9d 2fe180c0 compare 0xc0 ,pdata ,0xc0 +5f9e 20608000 rtn true +5f9f 20207dbf branch enable_user + +le_parse_smp_identity_address_information: +5fa0 20405f8b call le_check_init_key_distribution +5fa1 2fec0001 isolate0 le_initator_irk_bit ,pdata +5fa2 2020df89 branch le_send_pairing_fail_unspecified_reason ,true +5fa3 20600000 rtn + +le_parse_smp_master_identification: + +le_parse_smp_signing_information: + +le_parse_smp_security_request: +5fa4 20600000 rtn + +le_parse_smp_public_key: +5fa5 d8a009ba arg mem_le_pubkey_remote_x_256 ,contw +5fa6 20407c8e call memcpy64 +5fa7 70449102 jam le_sp_flag_commit_256 ,mem_le_secure_connect_flag +5fa8 70449301 jam le_sc_stat_receive_public_key ,mem_le_secure_connect_state +5fa9 20600000 rtn + +le_parse_smp_dhkey_check: +5faa d8a00a6a arg mem_sp_confirm_remote ,contw +5fab 20407c9a call memcpy16 +5fac 70449306 jam le_sc_stat_receive_dhkey ,mem_le_secure_connect_state +5fad 70449102 jam le_sp_flag_commit_256 ,mem_le_secure_connect_flag +5fae 20600000 rtn + +le_send_smp_pairing_public_key: +5faf 18002241 force 65 ,rega +5fb0 20406042 call le_fifo_malloc_tx_l2cap_smp +5fb1 5800000c setarg smp_pairing_public_key +5fb2 e7e20005 istore 1 ,contw +5fb3 d8c045a4 arg mem_le_pubkey_local_x_256 ,contr +5fb4 20207c8e branch memcpy64 + +le_send_smp_pairing_dhkey_check: +5fb5 20407025 call function_f6_eb +5fb6 18002211 force 17 ,rega +5fb7 20406042 call le_fifo_malloc_tx_l2cap_smp +5fb8 5800000d setarg smp_pairing_dhkey_check +5fb9 e7e20005 istore 1 ,contw +5fba 202070c0 branch load_inverse_result + +le_check_paring_time: +5fbb 6fe24496 fetch 1 ,mem_le_pairing_state +5fbc c17f8000 rtneq flag_le_pairing_end +5fbd d8400003 arg flag_le_pairing_rcv_pairing_req ,temp +5fbe 98467c00 isub temp ,null +5fbf 24610000 nrtn positive +5fc0 d8e0000a arg smp_pairing_timer ,queue +5fc1 20407cf1 call timer_check +5fc2 247a0000 nrtn blank +5fc3 20205f89 branch le_send_pairing_fail_unspecified_reason + +le_pairing_sm: +5fc4 4719c026 bpatchx patch26_3 ,mem_patch26 +5fc5 6fe24496 fetch 1 ,mem_le_pairing_state +5fc6 c0005fcf beq flag_le_pairing_null ,le_pairing_sm_null +5fc7 c000dfd5 beq flag_le_pairing_start ,le_pairing_sm_start +5fc8 c0015fcf beq flag_le_pairing_send_recurity_req ,le_pairing_sm_send_sec_req +5fc9 c001dfd7 beq flag_le_pairing_rcv_pairing_req ,le_pairing_sm_rcv_pairing_req +5fca c002dfdb beq flag_le_pairing_after_auth ,le_pairing_sm_after_auth +5fcb c003dfe7 beq flag_le_paring_send_enc_information ,le_pairng_sm_send_enc_information +5fcc c0045fe9 beq flag_le_paring_send_master_identification ,le_pairng_sm_send_master_indentification +5fcd c004dff0 beq flag_le_paring_send_indentity_information ,le_pairng_sm_send_indentity_information +5fce 20600000 rtn + +le_pairing_sm_null: + +le_pairing_sm_send_sec_req: +5fcf 6fe24497 fetch 1 ,mem_le_enc_state +5fd0 c1820000 rtnne flag_le_send_start_enc_rsp +5fd1 704497ff jam flag_le_enc_end ,mem_le_enc_state +5fd2 704496ff jam flag_le_pairing_end ,mem_le_pairing_state +5fd3 700a953f jam bt_evt_le_reconnect_complete ,mem_fifo_temp +5fd4 20207bab branch ui_ipc_send_event + +le_pairing_sm_start: +5fd5 70449602 jam flag_le_pairing_send_recurity_req ,mem_le_pairing_state +5fd6 20205ee2 branch le_send_smp_security_request + +le_pairing_sm_rcv_pairing_req: +5fd7 70449604 jam flag_le_pairing_auth ,mem_le_pairing_state +5fd8 58017700 setarg timer_smp_pairing_timeout +5fd9 d8e0000a arg smp_pairing_timer ,queue +5fda 20207ce3 branch timer_init + +le_pairing_sm_after_auth: +5fdb 6fe24497 fetch 1 ,mem_le_enc_state +5fdc c0025fde beq flag_le_send_start_enc_rsp ,le_pairing_sm_after_auth_start_enc +5fdd 20600000 rtn + +le_pairing_sm_after_auth_start_enc: +5fde 70449607 jam flag_le_paring_send_enc_information ,mem_le_pairing_state +5fdf 700a9529 jam bt_evt_le_enc_info ,mem_fifo_temp +5fe0 20407bab call ui_ipc_send_event +5fe1 20405f62 call le_send_smp_encryption_information +5fe2 6fe24092 fetch 1 ,mem_device_option +5fe3 c1850000 rtnne dvc_op_module +5fe4 20405f99 call le_check_master_addr_type +5fe5 20740000 rtn user +5fe6 20204d8b branch app_ble_store_reconn_info + +le_pairng_sm_send_enc_information: +5fe7 70449608 jam flag_le_paring_send_master_identification ,mem_le_pairing_state +5fe8 20205f6c branch le_send_smp_master_identification + +le_pairng_sm_send_master_indentification: +5fe9 6fe24424 fetch 1 ,mem_le_preq_resp_key_distribution +5fea 6842442b fetcht 1 ,mem_le_pres_resp_key_distribution +5feb 98417e00 iand temp ,pdata +5fec 2fec0001 isolate0 le_initator_irk_bit ,pdata +5fed 2020dff2 branch le_parse_start_enc_rsp_after_auth_end ,true +5fee 70449609 jam flag_le_paring_send_indentity_information ,mem_le_pairing_state +5fef 20205f78 branch le_send_smp_identity_information + +le_pairng_sm_send_indentity_information: +5ff0 20405f80 call le_send_smp_identity_address_information +5ff1 20205ff2 branch le_parse_start_enc_rsp_after_auth_end + +le_parse_start_enc_rsp_after_auth_end: +5ff2 18000e0a force smp_pairing_timer ,queue +5ff3 20407ce2 call timer_stop +5ff4 704497ff jam flag_le_enc_end ,mem_le_enc_state +5ff5 704496ff jam flag_le_pairing_end ,mem_le_pairing_state +5ff6 700a953e jam bt_evt_le_pairing_complete ,mem_fifo_temp +5ff7 20207bab branch ui_ipc_send_event + +le_secure_connect_sm: +5ff8 471a4026 bpatchx patch26_4 ,mem_patch26 +5ff9 6fe24498 fetch 1 ,mem_le_pairing_mode +5ffa c4038000 rtnbit0 le_pairing_mode_secure_connect_bit +5ffb 6fe24491 fetch 1 ,mem_le_secure_connect_flag +5ffc c1810000 rtnne le_sp_flag_commit_256 +5ffd 70449100 jam sp_flag_standby ,mem_le_secure_connect_flag +5ffe 6fe24493 fetch 1 ,mem_le_secure_connect_state +5fff c000e038 beq le_sc_stat_receive_public_key ,le_sc_sm_receive_public_key +6000 c001603f beq le_sc_stat_wait_send_public_key ,le_sc_sm_wait_send_public_key +6001 c001e032 beq le_sc_stat_send_public_key ,le_sc_sm_send_public_key +6002 c0036019 beq le_sc_stat_receive_dhkey ,le_sc_sm_receive_dhkey +6003 c003e010 beq le_sc_stat_wait_confirm_gkey ,le_sc_sm_wait_confirm_gkey +6004 c0046006 beq le_sc_stat_passkey_wait_confirm ,le_sc_sm_passkey_wait_confirm +6005 20600000 rtn + +le_sc_sm_passkey_wait_confirm: +6006 6fe24635 fetch 1 ,mem_authentication_passkey_times +6007 1fe20e00 copy pdata ,queue +6008 1fe0fe01 increase 1 ,pdata +6009 67e24635 store 1 ,mem_authentication_passkey_times +600a 6fe84499 fetch 4 ,mem_le_tk +600b afefffff qisolate1 pdata +600c 58000080 setarg 0x80 +600d 7920fe00 setflag true ,0 ,pdata +600e 67e24636 store 1 ,mem_passkey_1bit +600f 20206035 branch le_sc_sm_ready_send_pairing_confirm + +le_sc_sm_wait_confirm_gkey: +6010 6fe24494 fetch 1 ,mem_le_sc_confirm_gkey_flag +6011 70449400 jam flag_le_sc_confrim_null ,mem_le_sc_confirm_gkey_flag +6012 c000e015 beq flag_le_sc_confrim_gkey_ok ,le_sc_confirm_gkey_ok +6013 70449102 jam le_sp_flag_commit_256 ,mem_le_secure_connect_flag +6014 20600000 rtn + +le_sc_confirm_gkey_ok: +6015 700a9531 jam bt_evt_le_pairing_success ,mem_fifo_temp +6016 20407bab call ui_ipc_send_event +6017 70449605 jam flag_le_pairing_after_auth ,mem_le_pairing_state +6018 20205fb5 branch le_send_smp_pairing_dhkey_check + +le_sc_sm_receive_dhkey: +6019 6fe209b5 fetch 1 ,mem_sp_dhkey_invalid +601a c001e01d beq sp_key_valid_256 ,le_dhkey_ready +601b 70449102 jam le_sp_flag_commit_256 ,mem_le_secure_connect_flag +601c 20600000 rtn + +le_dhkey_ready: +601d 2040704c call function_f5 +601e 6fe24498 fetch 1 ,mem_le_pairing_mode +601f c041e021 beq le_pairing_mode_secure_connect_passkey ,le_dhkey_ready_common +6020 20405ef8 call le_set_tk_0 + +le_dhkey_ready_common: +6021 20407039 call function_f6_ea +6022 da200aee arg mem_aes_cmac_temp ,rega +6023 da400a6a arg mem_sp_confirm_remote ,regb +6024 df200010 arg 16 ,loopcnt +6025 20407d63 call string_compare +6026 2022e029 branch le_dhkey_check_ok ,zero + +le_dhkey_check_fail: +6027 7004770b jam pairing_failed_dhkey_check_failed ,mem_le_ll_pairing_fail_reason +6028 20205f34 branch le_send_pairing_failed + +le_dhkey_check_ok: +6029 2040744a call sp_calc_check_publickey_256 +602a 2422e027 nbranch le_dhkey_check_fail ,zero +602b 7043fb01 jam 1 ,mem_ltk_exists +602c 6fe24498 fetch 1 ,mem_le_pairing_mode +602d c040e015 beq le_pairing_mode_secure_connect_justwork ,le_sc_confirm_gkey_ok +602e c041e015 beq le_pairing_mode_secure_connect_passkey ,le_sc_confirm_gkey_ok +602f 70449102 jam le_sp_flag_commit_256 ,mem_le_secure_connect_flag +6030 70449307 jam le_sc_stat_wait_confirm_gkey ,mem_le_secure_connect_state +6031 20600000 rtn + +le_sc_sm_send_public_key: +6032 6fe24498 fetch 1 ,mem_le_pairing_mode +6033 c041e036 beq le_pairing_mode_secure_connect_passkey ,le_sc_sm_send_public_key_passkey +6034 70463600 jam 0 ,mem_passkey_1bit + +le_sc_sm_ready_send_pairing_confirm: +6035 20205f1d branch le_send_smp_pairing_confirm + +le_sc_sm_send_public_key_passkey: +6036 70463500 jam 0 ,mem_authentication_passkey_times +6037 20205efb branch le_parse_smp_pairing_req_passkey + +le_sc_sm_receive_public_key: +6038 70449102 jam le_sp_flag_commit_256 ,mem_le_secure_connect_flag +6039 6fe24495 fetch 1 ,mem_le_sc_local_key_invalid +603a c001e03c beq sp_key_valid_256 ,le_public_key_ready +603b 20600000 rtn + +le_public_key_ready: +603c 70449302 jam le_sc_stat_wait_send_public_key ,mem_le_secure_connect_state +603d 7009b500 jam sp_key_invalid ,mem_sp_dhkey_invalid +603e 2020794e branch sp_dhkey_calc_256 + +le_sc_sm_wait_send_public_key: +603f 70449102 jam le_sp_flag_commit_256 ,mem_le_secure_connect_flag +6040 70449303 jam le_sc_stat_send_public_key ,mem_le_secure_connect_state +6041 20205faf branch le_send_smp_pairing_public_key + +le_fifo_malloc_tx_l2cap_smp: +6042 18002406 force le_l2cap_cid_smp ,regb +6043 20205c27 branch le_fifo_malloc_tx_l2cap + +le_parse_ll: +6044 471ac026 bpatchx patch26_5 ,mem_patch26 +6045 6fe202d7 fetch 1 ,mem_le_rxbuf + 2 +6046 c000605c beq ll_connection_update_req ,le_parse_connection_update_req +6047 c000e064 beq ll_channel_map_req ,le_parse_channel_map_req +6048 c001606f beq ll_terminate_ind ,le_parse_terminate_ind +6049 c001e08b beq ll_enc_req ,le_parse_enc_req +604a c00260c2 beq ll_enc_rsp ,le_parse_enc_rsp +604b c002e0c7 beq ll_start_enc_req ,le_parse_start_enc_req +604c c00360cb beq ll_start_enc_rsp ,le_parse_start_enc_rsp +604d c003e0d6 beq ll_unknown_rsp ,le_parse_unknown_rsp +604e c004607a beq ll_feature_req ,le_parse_feature_req +604f c004e0d6 beq ll_feature_rsp ,le_parse_feature_rsp +6050 c00560d0 beq ll_pause_enc_req ,le_parse_pause_enc_req +6051 c005e0d6 beq ll_pause_enc_rsp ,le_parse_pause_enc_rsp +6052 c0066080 beq ll_version_ind ,le_parse_version_ind +6053 c006e0d6 beq ll_reject_ind ,le_parse_reject_ind +6054 c0096087 beq ll_ping_req ,le_parse_ping_req +6055 c009e0d6 beq ll_ping_rsp ,le_parse_ping_rsp +6056 da200002 arg 2 ,rega +6057 da400007 arg ll_unknown_rsp ,regb +6058 20405c22 call le_fifo_malloc_tx_ll +6059 6fe202d7 fetch 1 ,mem_le_rxbuf + 2 +605a e7e20005 istore 1 ,contw +605b 20600000 rtn + +le_parse_connection_update_req: +605c eff20006 ifetch 9 ,contr +605d 67f243a5 store 9 ,mem_le_new_param +605e efe40006 ifetch 2 ,contr +605f 67e4045b store 2 ,mem_le_instant +6060 6fe2043b fetch 1 ,mem_le_state +6061 79207e05 set1 lestate_update_param ,pdata +6062 67e2043b store 1 ,mem_le_state +6063 20600000 rtn + +le_parse_channel_map_req: +6064 efea0006 ifetch 5 ,contr +6065 67ea43a0 store 5 ,mem_le_new_map +6066 efe40006 ifetch 2 ,contr +6067 67e4045b store 2 ,mem_le_instant +6068 68440455 fetcht 2 ,mem_le_event_count +6069 98467c00 isub temp ,null +606a 2421606f nbranch le_parse_terminate_ind ,positive +606b 6fe2043b fetch 1 ,mem_le_state +606c 79207e06 set1 lestate_update_map ,pdata +606d 67e2043b store 1 ,mem_le_state +606e 20600000 rtn + +le_parse_terminate_ind: +606f 58000014 setarg 20 +6070 67e40469 store 2 ,mem_le_superto +6071 67e4448c store 2 ,mem_le_init_superto +6072 20600000 rtn + +le_send_terminate_ind_user_terminated: +6073 da600013 arg error_remote_user_terminated_connection ,regc + +le_send_terminate_ind: +6074 da200002 arg 2 ,rega +6075 da400002 arg ll_terminate_ind ,regb +6076 20405c22 call le_fifo_malloc_tx_ll +6077 1a627e00 copy regc ,pdata +6078 e7e20005 istore 1 ,contw +6079 20600000 rtn + +le_parse_feature_req: + +le_send_feature_rsp: +607a da200009 arg 9 ,rega +607b da400009 arg ll_feature_rsp ,regb +607c 20405c22 call le_fifo_malloc_tx_ll +607d 58000001 setarg param_le_features +607e e7f00005 istore 8 ,contw +607f 20600000 rtn + +le_parse_version_ind: +6080 20748000 rtn master + +le_send_version_ind: +6081 da200006 arg 6 ,rega +6082 da40000c arg ll_version_ind ,regb +6083 20405c22 call le_fifo_malloc_tx_ll +6084 6fea44e2 fetch 5 ,mem_lmp_version +6085 e7ea0005 istore 5 ,contw +6086 20600000 rtn + +le_parse_ping_req: +6087 da400013 arg ll_ping_rsp ,regb +6088 20206089 branch le_send_ll_one_lenth + +le_send_ll_one_lenth: +6089 da200001 arg 1 ,rega +608a 20205c22 branch le_fifo_malloc_tx_ll + +le_parse_enc_req: +608b eff00006 ifetch 8 ,contr +608c 67f0449f store 8 ,mem_le_rand +608d efe40006 ifetch 2 ,contr +608e 67e4449d store 2 ,mem_le_ediv +608f eff00006 ifetch 8 ,contr +6090 67f0447c store 8 ,mem_le_skdm +6091 efe80006 ifetch 4 ,contr +6092 67e843e3 store 4 ,mem_le_ivm +6093 204060b0 call le_send_enc_rsp +6094 471b4026 bpatchx patch26_6 ,mem_patch26 +6095 6fe24496 fetch 1 ,mem_le_pairing_state +6096 c002e09d beq flag_le_pairing_after_auth ,le_parse_enc_req_after_auth +6097 6fe244bb fetch 1 ,mem_le_configuration +6098 c280e0a0 bbit1 bit_ble_pairing_fixed_ltk ,le_parse_enc_req_fixed_ltk +6099 6fe24216 fetch 1 ,mem_nv_data_number +609a 245a68b0 ncall load_device_list_mode_4 ,blank +609b 6fe243fb fetch 1 ,mem_ltk_exists +609c c00060a5 beq 0 ,le_ltk_lost + +le_parse_enc_req_after_auth: +609d 70449701 jam flag_le_rcv_enc_start ,mem_le_enc_state +609e 204060be call le_send_start_enc_req +609f 20207258 branch generate_sk + +le_parse_enc_req_fixed_ltk: +60a0 7043fb01 jam 1 ,mem_ltk_exists +60a1 d8c044bc arg mem_le_fixed_ltk ,contr +60a2 d8a043eb arg mem_le_ltk ,contw +60a3 20407c9a call memcpy16 +60a4 2020609d branch le_parse_enc_req_after_auth + +le_ltk_lost: +60a5 471bc026 bpatchx patch26_7 ,mem_patch26 +60a6 70449700 jam flag_le_enc_null ,mem_le_enc_state +60a7 70449600 jam flag_le_enc_null ,mem_le_pairing_state +60a8 700a9541 jam bt_evt_le_ltk_lost ,mem_fifo_temp +60a9 20207bab branch ui_ipc_send_event + +le_send_reject_ind: +60aa da200002 arg 2 ,rega +60ab da40000d arg ll_reject_ind ,regb +60ac 20405c22 call le_fifo_malloc_tx_ll +60ad 58000006 setarg le_err_pin_or_key_missing +60ae e7e20005 istore 1 ,contw +60af 20600000 rtn + +le_send_enc_rsp: +60b0 d8a04484 arg mem_le_skds ,contw +60b1 18007208 force 8 ,loopcnt +60b2 204066ef call generate_random_loop +60b3 d8a043e7 arg mem_le_ivs ,contw +60b4 18007204 force 4 ,loopcnt +60b5 204066ef call generate_random_loop +60b6 da20000d arg 13 ,rega +60b7 da400004 arg ll_enc_rsp ,regb +60b8 20405c22 call le_fifo_malloc_tx_ll +60b9 6ff04484 fetch 8 ,mem_le_skds +60ba e7f00005 istore 8 ,contw +60bb 6fe843e7 fetch 4 ,mem_le_ivs +60bc e7e80005 istore 4 ,contw +60bd 20600000 rtn + +le_send_start_enc_req: +60be da400005 arg ll_start_enc_req ,regb +60bf 20206089 branch le_send_ll_one_lenth + +le_send_start_enc_rsp: +60c0 da400006 arg ll_start_enc_rsp ,regb +60c1 20206089 branch le_send_ll_one_lenth + +le_parse_enc_rsp: +60c2 eff00006 ifetch 8 ,contr +60c3 67f04484 store 8 ,mem_le_skds +60c4 efe80006 ifetch 4 ,contr +60c5 67e843e7 store 4 ,mem_le_ivs +60c6 20207258 branch generate_sk + +le_parse_start_enc_req: +60c7 6fe2043b fetch 1 ,mem_le_state +60c8 79207e04 set1 lestate_encryption ,pdata +60c9 67e2043b store 1 ,mem_le_state +60ca 20600000 rtn + +le_parse_start_enc_rsp: +60cb 20748000 rtn master +60cc 700a9532 jam bt_evt_le_start_enc ,mem_fifo_temp +60cd 20407bab call ui_ipc_send_event +60ce 70449704 jam flag_le_send_start_enc_rsp ,mem_le_enc_state +60cf 202060c0 branch le_send_start_enc_rsp + +le_parse_pause_enc_req: +60d0 70449702 jam flag_le_enc_pause ,mem_le_enc_state +60d1 204060d4 call le_send_pause_enc_rsp +60d2 700a9533 jam bt_evt_le_pause_enc ,mem_fifo_temp +60d3 20207bab branch ui_ipc_send_event + +le_send_pause_enc_rsp: +60d4 da40000b arg ll_pause_enc_rsp ,regb +60d5 20206089 branch le_send_ll_one_lenth + +le_parse_feature_rsp: + +le_parse_unknown_rsp: + +le_parse_pause_enc_rsp: + +le_parse_reject_ind: + +le_parse_ping_rsp: +60d6 20600000 rtn + +init_lmp: +60d7 20758000 rtn wake + +init_lmp_work: +60d8 471c4027 bpatchx patch27_0 ,mem_patch27 +60d9 58000000 setarg 0 +60da 67e20048 store 1 ,mem_lmp_to_send +60db 67e20055 store 1 ,mem_conn_sm +60dc 67e20078 store 1 ,mem_lmo_opcode1 +60dd 67e2007c store 1 ,mem_lmo_opcode2 +60de 67e24159 store 1 ,mem_esco_addr +60df 67e204d3 store 1 ,mem_auth_enable +60e0 67e2016b store 1 ,mem_connection_options +60e1 67e209b1 store 1 ,mem_pairing_auth +60e2 70452d00 jam switch_flag_init ,mem_switch_flag +60e3 70022700 jam 0 ,mem_switch_fail_master_count +60e4 7004d400 jam null_encryp ,mem_wait_encryption + +init_lmp_reinit: +60e5 7009b100 jam 0 ,mem_pairing_auth +60e6 7009b000 jam 0 ,mem_sp_localsm +60e7 7004cd00 jam 0 ,mem_lmp_conn_state + +parse_rx_done: +60e8 20600000 rtn + +parse_lmp: +60e9 471cc027 bpatchx patch27_1 ,mem_patch27 +60ea 2054e6e1 call setlocalsm_master ,master +60eb 2454e6e5 ncall setlocalsm_slave ,master +60ec 2040669e call lmo_fifo_check +60ed 247a0000 nrtn blank +60ee 6fe2004c fetch 1 ,mem_state_map +60ef c4030000 rtnbit0 smap_rxlmp +60f0 793ffe06 set0 smap_rxlmp ,pdata +60f1 793f8001 set0 mark_rxbuf_inuse ,mark +60f2 67e2004c store 1 ,mem_state_map +60f3 6fe2054d fetch 1 ,mem_rxbuf +60f4 6842004c fetcht 1 ,mem_state_map +60f5 2feffe00 isolate1 smap_lmptidinit ,pdata +60f6 79208401 setflag true ,smap_lmptid ,temp +60f7 6042004c storet 1 ,mem_state_map +60f8 18410402 and_into 0x2 ,temp +60f9 6042007f storet 1 ,mem_lmo_tid2 +60fa 6842004c fetcht 1 ,mem_state_map +60fb 1fe37e00 rshift pdata ,pdata +60fc 67e2007d store 1 ,mem_lmi_opcode2 +60fd 471d4027 bpatchx patch27_2 ,mem_patch27 +60fe 6fe2007d fetch 1 ,mem_lmi_opcode2 +60ff c03fe147 beq lmp_escape ,parse_lmp_escape +6100 c001e192 beq lmp_accepted ,parse_lmp_accepted +6101 c00261a3 beq lmp_not_accepted ,parse_lmp_not_accepted +6102 c01e613a beq lmp_set_afh ,parse_lmp_set_afh +6103 c002e136 beq lmp_clkoffset_req ,parse_lmp_clkoffset_req +6104 c007e38a beq lmp_encryption_mode_req ,parse_lmp_encryption_mode_req +6105 c0086205 beq lmp_encryption_key_size_req ,parse_lmp_crypt_key +6106 c011e223 beq lmp_auto_rate ,parse_lmp_auto_rate +6107 c01ce3a3 beq lmp_test_control ,parse_lmp_test_control +6108 c01c639e beq lmp_test_activate ,parse_lmp_test_activate +6109 c018e208 beq lmp_setup_complete ,parse_lmp_setup_complete +610a c01be291 beq lmp_supervision_timeout ,parse_lmp_supervision_timeout +610b c013e28d beq lmp_features_req ,parse_lmp_features_req +610c c019e28a beq lmp_host_connection_req ,parse_lmp_conn_req +610d c012e28f beq lmp_version_req ,parse_lmp_version_req +610e c013621f beq lmp_version_res ,parse_lmp_version_res +610f c003e217 beq lmp_detach ,parse_lmp_detach +6110 c016e20e beq lmp_max_slot ,parse_lmp_max_slot +6111 c017620f beq lmp_max_slot_req ,parse_lmp_max_slot_req +6112 c000e286 beq lmp_name_req ,parse_lmp_name_req +6113 c0016271 beq lmp_name_res ,parse_lmp_name_res +6114 c0146395 beq lmp_features_res ,parse_lmp_features_res +6115 c004e267 beq lmp_comb_key ,parse_lmp_comb_key +6116 c005e240 beq lmp_au_rand ,parse_lmp_au_rand +6117 c0046224 beq lmp_in_rand ,parse_lmp_in_rand +6118 c006624b beq lmp_sres ,parse_lmp_sres +6119 c00fe21b beq lmp_incr_power_req ,parse_lmp_incr_power +611a c010621d beq lmp_decr_power_req ,parse_lmp_decr_power +611b c010e2ab beq lmp_max_power ,parse_lmp_max_power +611c c01162ab beq lmp_min_power ,parse_lmp_min_power +611d c01ae2ac beq lmp_page_mode_req ,parse_lmp_page_mode_req +611e c01b62ad beq lmp_page_scan_mode_req ,parse_lmp_page_scan_mode_req +611f c01262ab beq lmp_preferred_rate ,parse_lmp_preferred_rate +6120 c01a62ae beq lmp_slot_offset ,parse_lmp_slot_offset +6121 c00be2b7 beq lmp_sniff_req ,parse_lmp_sniff_req +6122 c008e2d4 beq lmp_start_encryption_req ,parse_lmp_start_encryption_req +6123 c00962d8 beq lmp_stop_encryption_req ,parse_lmp_stop_encryption_req +6124 c009e2da beq lmp_switch_req ,parse_lmp_switch_req +6125 c006e2ec beq lmp_temp_rand ,parse_lmp_temp_rand +6126 c00762ec beq lmp_temp_key ,parse_lmp_temp_key +6127 c017e28b beq lmp_timing_accuracy_req ,parse_lmp_timing_accuracy_req +6128 c01862ec beq lmp_timing_accuracy_res ,parse_lmp_timing_accuracy_res +6129 c00562ec beq lmp_unit_key ,parse_lmp_unit_key +612a c00c62ed beq lmp_unsniff_req ,parse_lmp_unsniff_req +612b c01962ec beq lmp_use_semi_permanent_key ,parse_lmp_use_semi_permanend_key +612c c01ee2f2 beq lmp_encapsulated_header ,parse_lmp_encapsulated_header +612d c01f6333 beq lmp_encapsulated_payload ,parse_lmp_encapsulated_payload +612e c01fe32d beq lmp_simple_pairing_confirm ,parse_simple_pairing_confirm +612f c020635a beq lmp_simple_pairing_number ,parse_lmp_simple_pairing_number +6130 c020e36c beq lmp_dhkey_check ,parse_dhkey_check +6131 c0036389 beq lmp_clkoffset_res ,parse_lmp_clkoffset_res +6132 c01d6138 beq lmp_enc_key_size_mask_req ,parse_enc_key_size_mask_req + +reject_unknown_packet: +6133 70007e19 jam unknown_lmp_pdu ,mem_lmo_reason2 + +reject_lmp_packet: +6134 70007c04 jam lmp_not_accepted ,mem_lmo_opcode2 +6135 20600000 rtn + +parse_lmp_clkoffset_req: +6136 70007c06 jam lmp_clkoffset_res ,mem_lmo_opcode2 +6137 20600000 rtn + +parse_enc_key_size_mask_req: +6138 70007c3b jam lmp_enc_key_size_mask_res ,mem_lmo_opcode2 +6139 20600000 rtn + +parse_lmp_set_afh: +613a 6fe8054e fetch 4 ,mem_rxbuf + 1 +613b 1fe3fe00 lshift pdata ,pdata +613c 67e840d2 store 4 ,mem_afh_instant +613d 6fe20552 fetch 1 ,mem_rxbuf + 5 +613e 67e240d9 store 1 ,mem_afh_new_mod +613f 6fea0553 fetch 5 ,mem_rxbuf + 6 +6140 67ea40e7 store 5 ,mem_afh_map_new +6141 6fea0558 fetch 5 ,mem_rxbuf + 11 +6142 e7ea0005 istore 5 ,contw +6143 6fe20031 fetch 1 ,mem_mode +6144 79207e03 set1 afh_change ,pdata +6145 67e20031 store 1 ,mem_mode +6146 20600000 rtn + +parse_lmp_escape: +6147 471dc027 bpatchx patch27_3 ,mem_patch27 +6148 6fe2054e fetch 1 ,mem_rxbuf + 1 +6149 79207e07 set1 7 ,pdata +614a 67e2007d store 1 ,mem_lmi_opcode2 +614b c040e169 beq lmp_ext_accepted ,parse_lmpext_accepted +614c c041616e beq lmp_not_accepted_ext ,parse_lmpext_not_accepted +614d c04ae292 beq lmp_sniff_subrating_req ,parse_lmp_sniff_subrating_req +614e c04b62ab beq lmp_sniff_subrating_res ,parse_lmp_sniff_subrating_res +614f c045e2a0 beq lmp_packet_type_table_req ,parse_lmpext_packet_type_table_req +6150 c041e186 beq lmp_ext_features_req ,parse_lmpext_features_req +6151 c0426188 beq lmp_ext_features_res ,parse_lmpext_features_res +6152 c048615b beq lmp_ext_chn_classification_req ,parse_lmpext_chn_classification_req +6153 c04be17f beq lmp_pause_encryption_req ,parse_lmpext_pause_encrypt +6154 c04c6184 beq lmp_resume_encryption_req ,parse_lmpext_resume_encrypt +6155 c04ce15e beq lmp_io_cap_req ,parse_lmpext_iocap_req +6156 c04d6161 beq lmp_io_cap_res ,parse_lmpext_iocap_res +6157 c1420000 rtneq lmp_ext_features_res + +reject_unknown_ext_packet: +6158 70007c82 jam lmp_not_accepted_ext ,mem_lmo_opcode2 +6159 70007e19 jam unknown_lmp_pdu ,mem_lmo_reason2 +615a 20600000 rtn + +parse_lmpext_chn_classification_req: +615b 70007c82 jam lmp_not_accepted_ext ,mem_lmo_opcode2 +615c 70007e2e jam not_support_chn_classification ,mem_lmo_reason2 +615d 20600000 rtn + +parse_lmpext_iocap_req: +615e 20406163 call iocap_lmpext_load +615f 70007c9a jam lmp_io_cap_res ,mem_lmo_opcode2 +6160 20600000 rtn + +parse_lmpext_iocap_res: +6161 20406163 call iocap_lmpext_load +6162 20206167 branch iocap_lmpext_common + +iocap_lmpext_load: +6163 d8a04630 arg mem_sp_iocap_remote ,contw +6164 6fe6054f fetch 3 ,mem_rxbuf + 2 +6165 e7e60005 istore 3 ,contw +6166 20600000 rtn + +iocap_lmpext_common: +6167 2020f58d branch master_set_mem_master_sp_flag ,true +6168 20600000 rtn + +parse_lmpext_accepted: +6169 6fe20550 fetch 1 ,mem_rxbuf + 3 +616a 79207e07 set1 7 ,pdata +616b 67e204c5 store 1 ,mem_lmi_accepted_opcode +616c c045e173 beq lmp_packet_type_table_req ,parse_lmpext_accepted_ptt +616d 20600000 rtn + +parse_lmpext_not_accepted: +616e 6fe20550 fetch 1 ,mem_rxbuf + 3 +616f 79207e07 set1 7 ,pdata +6170 67e204c5 store 1 ,mem_lmi_accepted_opcode +6171 c045e177 beq lmp_packet_type_table_req ,parse_lmpext_not_accepted_ptt +6172 20600000 rtn + +parse_lmpext_accepted_ptt: +6173 6fe2415b fetch 1 ,mem_ptt +6174 6842004c fetcht 1 ,mem_state_map +6175 7d3a0405 nsetflag blank ,smap_edr ,temp +6176 6042004c storet 1 ,mem_state_map + +parse_lmpext_not_accepted_ptt: +6177 6fe20030 fetch 1 ,mem_state +6178 c4028000 rtnbit0 state_init_seq +6179 793ffe05 set0 state_init_seq ,pdata +617a 67e20030 store 1 ,mem_state +617b 6fe204d3 fetch 1 ,mem_auth_enable +617c 247a0000 nrtn blank +617d 70007c31 jam lmp_setup_complete ,mem_lmo_opcode2 +617e 20600000 rtn + +parse_lmpext_pause_encrypt: +617f 2434e182 nbranch parse_lmpext_pause_encrypt_slave ,master +6180 70007c12 jam lmp_stop_encryption_req ,mem_lmo_opcode2 +6181 202066cd branch tid_reply + +parse_lmpext_pause_encrypt_slave: +6182 70007c97 jam lmp_pause_encryption_req ,mem_lmo_opcode2 +6183 20600000 rtn + +parse_lmpext_resume_encrypt: +6184 204066cd call tid_reply +6185 202063e0 branch lmp_start_encryption + +parse_lmpext_features_req: +6186 70007c84 jam lmp_ext_features_res ,mem_lmo_opcode2 +6187 20600000 rtn + +parse_lmpext_features_res: +6188 68420551 fetcht 1 ,mem_rxbuf + 4 +6189 18410401 and temp ,0x1 ,temp +618a 604204cc storet 1 ,mem_remote_sppcap +618b 6fe241cf fetch 1 ,mem_hci_cmd +618c c0a8e18e bne hci_cmd_wait_remote_ext_feature ,parse_lmpext_features_res_not_hci +618d 7041cf00 jam 0 ,mem_hci_cmd + +parse_lmpext_features_res_not_hci: +618e 6fe20055 fetch 1 ,mem_conn_sm +618f c18a8000 rtnne conn_sm_wait_features_ext +6190 70005504 jam conn_sm_send_conn_req ,mem_conn_sm +6191 202066fd branch process_conn_sm + +parse_lmp_accepted: +6192 471e4027 bpatchx patch27_4 ,mem_patch27 +6193 6fe2054e fetch 1 ,mem_rxbuf + 1 +6194 67e204c5 store 1 ,mem_lmi_accepted_opcode +6195 c019e1b9 beq lmp_host_connection_req ,parse_lmp_accepted_hostconn +6196 c00461c8 beq lmp_in_rand ,parse_lmp_accepted_inrand +6197 c007e1cf beq lmp_encryption_mode_req ,parse_lmp_accepted_enc_mode +6198 c00861d5 beq lmp_encryption_key_size_req ,parse_lmp_accepted_enc_keysize +6199 c008e1d6 beq lmp_start_encryption_req ,parse_lmp_accepted_start_enc +619a c00961de beq lmp_stop_encryption_req ,parse_lmp_accepted_stop_enc +619b c00c61f4 beq lmp_unsniff_req ,parse_lmp_accepted_unsniff_req +619c c00be1f7 beq lmp_sniff_req ,parse_lmp_accepted_sniff_req +619d c009e1b0 beq lmp_switch_req ,parse_lmp_accepted_switch +619e c01ee300 beq lmp_encapsulated_header ,parse_lmp_accepted_encapsulated_header +619f c01f634c beq lmp_encapsulated_payload ,parse_lmp_accepted_encapsulated_payload +61a0 c0206302 beq lmp_simple_pairing_number ,parse_lmp_accepted_simple_pairing_number +61a1 c020e31f beq lmp_dhkey_check ,parse_lmp_accepted_dhkey_check +61a2 20600000 rtn + +parse_lmp_not_accepted: +61a3 471ec027 bpatchx patch27_5 ,mem_patch27 +61a4 6fe2054e fetch 1 ,mem_rxbuf + 1 +61a5 67e204c5 store 1 ,mem_lmi_accepted_opcode +61a6 c000e1eb beq lmp_name_req ,parse_lmp_not_accepted_name_req +61a7 c019e1c3 beq lmp_host_connection_req ,parse_lmp_not_accepted_hostconn +61a8 c005e1df beq lmp_au_rand ,parse_lmp_not_accepted_aurand +61a9 c00461e2 beq lmp_in_rand ,parse_lmp_not_accepted_inrand +61aa c009e1b3 beq lmp_switch_req ,parse_lmp_not_accepted_switch +61ab c02061ec beq lmp_simple_pairing_number ,parse_lmp_not_accepted_simple_pairing_number +61ac c020e1ef beq lmp_dhkey_check ,parse_lmp_not_accepted_dhkey_check +61ad c00c61f2 beq lmp_unsniff_req ,parse_lmp_not_accepted_unsniff_req +61ae c00be203 beq lmp_sniff_req ,parse_lmp_not_acdcept_sniff_req +61af 20600000 rtn + +parse_lmp_accepted_switch: +61b0 700a9520 jam bt_evt_switch_accept ,mem_fifo_temp +61b1 20407bab call ui_ipc_send_event +61b2 202041d8 branch role_switch_prepare0 + +parse_lmp_not_accepted_switch: +61b3 700a9519 jam bt_evt_switch_not_accept ,mem_fifo_temp +61b4 20407bab call ui_ipc_send_event +61b5 70452d02 jam switch_flag_not_accept ,mem_switch_flag +61b6 58000050 setarg timer_switch_waite +61b7 d8e00006 arg switch_wait_timer ,queue +61b8 20207ce3 branch timer_init + +parse_lmp_accepted_hostconn: +61b9 6fe204cd fetch 1 ,mem_lmp_conn_state +61ba 79207e00 set1 received_conn_req ,pdata +61bb 67e204cd store 1 ,mem_lmp_conn_state +61bc 700a9501 jam bt_evt_bb_connected ,mem_fifo_temp +61bd 20407bab call ui_ipc_send_event +61be 70007c8b jam lmp_packet_type_table_req ,mem_lmo_opcode2 + +parse_lmp_accepted_hostconn_ctn: +61bf 6fe20055 fetch 1 ,mem_conn_sm +61c0 c082e0e8 bne conn_sm_wait_conn_accept ,parse_rx_done +61c1 70005506 jam conn_sm_auth_pair ,mem_conn_sm +61c2 20600000 rtn + +parse_lmp_not_accepted_hostconn: +61c3 7004c60b jam acl_connection_already_exists ,mem_disconn_reason_send +61c4 70007c07 jam lmp_detach ,mem_lmo_opcode2 +61c5 70005500 jam conn_sm_standby ,mem_conn_sm +61c6 2020e0e8 branch parse_rx_done ,true +61c7 20600000 rtn + +parse_lmp_accepted_inrand: +61c8 6fe241be fetch 1 ,mem_link_key_exists +61c9 247a0000 nrtn blank +61ca 2040444b call clear_linkkey +61cb 204063de call lmp_generate_key +61cc 20748000 rtn master +61cd 79200021 set1 mark_slave_in_rand_accepted ,mark +61ce 20600000 rtn + +parse_lmp_accepted_enc_mode: +61cf 24748000 nrtn master +61d0 70007c10 jam lmp_encryption_key_size_req ,mem_lmo_opcode2 +61d1 6fe2004c fetch 1 ,mem_state_map +61d2 c4010000 rtnbit0 smap_encryption +61d3 70007c12 jam lmp_stop_encryption_req ,mem_lmo_opcode2 +61d4 20600000 rtn + +parse_lmp_accepted_enc_keysize: +61d5 202063e0 branch lmp_start_encryption + +parse_lmp_accepted_start_enc: +61d6 2040643b call send_create_conn_start_l2cap_timer_sm +61d7 6fe20030 fetch 1 ,mem_state +61d8 c3820000 rtnbit1 state_conn_comp +61d9 70007c31 jam lmp_setup_complete ,mem_lmo_opcode2 +61da 6fe20055 fetch 1 ,mem_conn_sm +61db c1850000 rtnne conn_sm_encrypt_wait +61dc 7000550b jam conn_sm_encrypt_wait_clear ,mem_conn_sm +61dd 20600000 rtn + +parse_lmp_accepted_stop_enc: +61de 20600000 rtn + +parse_lmp_not_accepted_aurand: + +parse_lmp_not_accepted_aurand_send_detach: +61df 70007c07 jam lmp_detach ,mem_lmo_opcode2 +61e0 7004c613 jam other_end_terminated ,mem_disconn_reason_send +61e1 20600000 rtn + +parse_lmp_not_accepted_inrand: +61e2 6fe2054f fetch 1 ,mem_rxbuf + 2 +61e3 c00361e8 beq key_missing ,parse_lmp_inrand_key_missing +61e4 c18c0000 rtnne pairing_not_allowed +61e5 7004c618 jam pairing_not_allowed ,mem_disconn_reason_send +61e6 70007c07 jam lmp_detach ,mem_lmo_opcode2 +61e7 20600000 rtn + +parse_lmp_inrand_key_missing: +61e8 7004c606 jam key_missing ,mem_disconn_reason_send +61e9 70007c07 jam lmp_detach ,mem_lmo_opcode2 +61ea 20600000 rtn + +parse_lmp_not_accepted_name_req: +61eb 20600000 rtn + +parse_lmp_not_accepted_simple_pairing_number: +61ec 7009aa00 jam sp_stat_null ,mem_sp_state +61ed 70007c07 jam lmp_detach ,mem_lmo_opcode2 +61ee 202060e8 branch parse_rx_done + +parse_lmp_not_accepted_dhkey_check: +61ef 7009aa00 jam sp_stat_null ,mem_sp_state +61f0 70007c07 jam lmp_detach ,mem_lmo_opcode2 +61f1 202060e8 branch parse_rx_done + +parse_lmp_not_accepted_unsniff_req: +61f2 700a9524 jam bt_evt_unsniff_not_accept ,mem_fifo_temp +61f3 20207bab branch ui_ipc_send_event + +parse_lmp_accepted_unsniff_req: +61f4 700a9523 jam bt_evt_unsniff_accept ,mem_fifo_temp +61f5 20407bab call ui_ipc_send_event +61f6 202046e5 branch sniff_exit + +parse_lmp_accepted_sniff_req: +61f7 700a9522 jam bt_evt_sniff_accept ,mem_fifo_temp +61f8 20407bab call ui_ipc_send_event +61f9 58000000 setarg 0 +61fa 67e40075 store 2 ,mem_dsniff +61fb 6fe441e4 fetch 2 ,mem_sniff_param_interval +61fc 1fe3fe00 lshift pdata ,pdata +61fd 67e40032 store 2 ,mem_tsniff +61fe 6fe241e6 fetch 1 ,mem_sniff_param_attempt +61ff 67e20073 store 1 ,mem_sniff_attempt +6200 6fe241e8 fetch 1 ,mem_sniff_param_timeout +6201 67e20074 store 1 ,mem_sniff_timeout +6202 202046c2 branch sniff_init + +parse_lmp_not_acdcept_sniff_req: +6203 700a9521 jam bt_evt_sniff_not_accept ,mem_fifo_temp +6204 20207bab branch ui_ipc_send_event + +parse_lmp_crypt_key: +6205 6842054e fetcht 1 ,mem_rxbuf + 1 +6206 60420054 storet 1 ,mem_key_size +6207 20206219 branch accept_lmp_msg + +parse_lmp_setup_complete: +6208 6fe204cd fetch 1 ,mem_lmp_conn_state +6209 79207e02 set1 received_setup_complete ,pdata +620a 67e204cd store 1 ,mem_lmp_conn_state +620b c3818000 rtnbit1 sent_setup_complete +620c 70007c31 jam lmp_setup_complete ,mem_lmo_opcode2 +620d 202060e8 branch parse_rx_done + +parse_lmp_max_slot: +620e 20600000 rtn + +parse_lmp_max_slot_req: +620f 6fe240d0 fetch 1 ,mem_max_slot +6210 6842054e fetcht 1 ,mem_rxbuf + 1 +6211 98467c00 isub temp ,null +6212 20216219 branch accept_lmp_msg ,positive +6213 70007c04 jam lmp_not_accepted ,mem_lmo_opcode2 +6214 70007e1f jam unspecified_error ,mem_lmo_reason2 +6215 70007d2e jam lmp_max_slot_req ,mem_lmi_opcode2 +6216 20600000 rtn + +parse_lmp_detach: +6217 20406539 call prepare_disconnect +6218 20206219 branch accept_lmp_msg + +accept_lmp_msg: +6219 70007c03 jam lmp_accepted ,mem_lmo_opcode2 +621a 20600000 rtn + +parse_lmp_incr_power: +621b 70007c21 jam lmp_max_power ,mem_lmo_opcode2 +621c 20600000 rtn + +parse_lmp_decr_power: +621d 70007c22 jam lmp_min_power ,mem_lmo_opcode2 +621e 20600000 rtn + +parse_lmp_version_res: +621f 6fe20055 fetch 1 ,mem_conn_sm +6220 c1098000 rtneq conn_sm_wait_version +6221 70005502 jam conn_sm_send_features ,mem_conn_sm +6222 20600000 rtn + +parse_lmp_auto_rate: +6223 20600000 rtn + +parse_lmp_in_rand: +6224 204063db call lmp_copy_rand +6225 7004d001 jam pincode_state_wait_pincode ,mem_pincode_state +6226 700a950a jam bt_evt_pincode_req ,mem_fifo_temp +6227 20407bab call ui_ipc_send_event +6228 204066d5 call tid_check +6229 2420e3e3 nbranch lmp_accept_inrand ,true +622a 2434e22f nbranch parse_lmp_inrand_res ,master +622b 70007c04 jam lmp_not_accepted ,mem_lmo_opcode2 +622c 70007d08 jam lmp_in_rand ,mem_lmi_opcode2 +622d 70007e23 jam transaction_collision ,mem_lmo_reason2 +622e 20600000 rtn + +parse_lmp_inrand_res: +622f 6fe2004b fetch 1 ,mem_op +6230 79207e02 set1 op_inrand_req ,pdata +6231 67e2004b store 1 ,mem_op +6232 20600000 rtn + +pop_tid_follow: +6233 6842004c fetcht 1 ,mem_state_map +6234 7d3a0401 nsetflag blank ,smap_lmptid ,temp +6235 6042004c storet 1 ,mem_state_map +6236 20600000 rtn + +push_tid_follow: +6237 6fe2007f fetch 1 ,mem_lmo_tid2 +6238 1fe37e00 rshift pdata ,pdata +6239 1fe17e01 and_into 1 ,pdata +623a 20600000 rtn + +parse_lmp_au_rand_moudle: +623b 6fe24216 fetch 1 ,mem_nv_data_number +623c 207a0000 rtn blank +623d 6fe209b1 fetch 1 ,mem_pairing_auth +623e 205a68a4 call load_device_list ,blank +623f 20600000 rtn + +parse_lmp_au_rand: +6240 2040623b call parse_lmp_au_rand_moudle +6241 20406237 call push_tid_follow +6242 67e204d1 store 1 ,mem_sres_tid +6243 204063db call lmp_copy_rand +6244 70007c0c jam lmp_sres ,mem_lmo_opcode2 +6245 6fe241be fetch 1 ,mem_link_key_exists +6246 247a0000 nrtn blank +6247 6fe20030 fetch 1 ,mem_state +6248 c3830000 rtnbit1 state_combkey +6249 70007e06 jam key_missing ,mem_lmo_reason2 +624a 20206134 branch reject_lmp_packet + +parse_lmp_sres: +624b da200040 arg mem_plap ,rega +624c 20407147 call function_e1 +624d 6fe8054e fetch 4 ,mem_rxbuf + 1 +624e 6848058e fetcht 4 ,mem_input_store +624f 98467c00 isub temp ,null +6250 2022e254 branch authentication_ok ,zero +6251 70007c07 jam lmp_detach ,mem_lmo_opcode2 +6252 7004c605 jam authentication_failure_error ,mem_disconn_reason_send +6253 20600000 rtn + +authentication_ok: +6254 20406258 call authentication_ok_common +6255 6fe2462c fetch 1 ,mem_ssp_enable +6256 203a6320 branch pairing_success ,blank +6257 20600000 rtn + +authentication_ok_common: +6258 2040723c call copy_aco +6259 204041ae call linkkey_ready +625a 6fe2004b fetch 1 ,mem_op +625b 2feffe01 isolate1 op_auth_req ,pdata +625c 793ffe01 set0 op_auth_req ,pdata +625d 67e2004b store 1 ,mem_op +625e 6fe20055 fetch 1 ,mem_conn_sm +625f c00ce262 beq conn_sm_auth_wait ,authentication_ok_conn_sm +6260 c00c6262 beq conn_sm_pairing_wait ,authentication_ok_conn_sm +6261 20600000 rtn + +authentication_ok_conn_sm: +6262 6fe209b1 fetch 1 ,mem_pairing_auth +6263 c1800000 rtnne defalt_pairing_auth +6264 6fe2004c fetch 1 ,mem_state_map +6265 c3810000 rtnbit1 smap_encryption +6266 20206793 branch host_create_conn_encrypt + +parse_lmp_comb_key: +6267 da20054e arg mem_rxbuf + 1 ,rega +6268 da40057e arg mem_kinit ,regb +6269 d8a0055e arg mem_random_number ,contw +626a 20407208 call xor16 +626b da200040 arg mem_plap ,rega +626c 204066f3 call generate_linkkey +626d 70007c0b jam lmp_au_rand ,mem_lmo_opcode2 +626e 6fe20030 fetch 1 ,mem_state +626f c30363de bbit0 state_combkey ,lmp_generate_key +6270 20600000 rtn + +parse_lmp_name_res: +6271 6fe4015d fetch 2 ,mem_len +6272 1fe0f3fd add pdata ,-3 ,loopcnt +6273 6842054e fetcht 1 ,mem_rxbuf + 1 +6274 580000ff setarg mem_tmp_buffer +6275 98408a00 iadd temp ,contw +6276 d8c00550 arg mem_rxbuf + 3 ,contr +6277 20407cdc call memcpy +6278 68420053 fetcht 1 ,mem_name_offset +6279 6fe2054f fetch 1 ,mem_rxbuf + 2 +627a 98467e00 isub temp ,pdata +627b 1fe67c0e sub pdata ,14 ,null +627c 20216281 branch parse_lmp_name_res_end ,positive +627d 1840fe0e add temp ,14 ,pdata +627e 67e20053 store 1 ,mem_name_offset +627f 70007c01 jam lmp_name_req ,mem_lmo_opcode2 +6280 20600000 rtn + +parse_lmp_name_res_end: +6281 6fe2004c fetch 1 ,mem_state_map +6282 79207e03 set1 smap_name_res ,pdata +6283 67e2004c store 1 ,mem_state_map +6284 c28263e8 bbit1 smap_name_req ,lmp_disconnect +6285 20600000 rtn + +parse_lmp_name_req: +6286 6fe2054e fetch 1 ,mem_rxbuf + 1 +6287 67e2007d store 1 ,mem_lmi_opcode2 +6288 70007c02 jam lmp_name_res ,mem_lmo_opcode2 +6289 20600000 rtn + +parse_lmp_conn_req: +628a 20206219 branch accept_lmp_msg + +parse_lmp_timing_accuracy_req: +628b 70007c30 jam lmp_timing_accuracy_res ,mem_lmo_opcode2 +628c 20600000 rtn + +parse_lmp_features_req: +628d 70007c28 jam lmp_features_res ,mem_lmo_opcode2 +628e 20600000 rtn + +parse_lmp_version_req: +628f 70007c26 jam lmp_version_res ,mem_lmo_opcode2 +6290 20600000 rtn + +parse_lmp_supervision_timeout: +6291 20600000 rtn + +parse_lmp_sniff_subrating_req: +6292 6fe40032 fetch 2 ,mem_tsniff +6293 98000400 iforce temp +6294 6fe2054f fetch 1 ,mem_rxbuf + 2 +6295 67e20095 store 1 ,mem_subsniff_rate +6296 984f8400 imul32 temp ,temp +6297 6fe40550 fetch 2 ,mem_rxbuf + 3 +6298 1fe3fe00 lshift pdata ,pdata +6299 67e40096 store 2 ,mem_subsniff_tcmax +629a 6fe80552 fetch 4 ,mem_rxbuf + 5 +629b 1fe3fe00 lshift pdata ,pdata +629c 67e80091 store 4 ,mem_subsniff_instant +629d 18427e00 deposit temp +629e 67e40098 store 2 ,mem_subsniff_tsniff +629f 20600000 rtn + +parse_lmpext_packet_type_table_req: +62a0 6842415b fetcht 1 ,mem_ptt +62a1 6fe2054f fetch 1 ,mem_rxbuf + 2 +62a2 9842fc00 ixor temp ,null +62a3 2422e158 nbranch reject_unknown_ext_packet ,zero +62a4 2feffe00 isolate1 0 ,pdata +62a5 6fe2004c fetch 1 ,mem_state_map +62a6 7920fe05 setflag true ,smap_edr ,pdata +62a7 67e2004c store 1 ,mem_state_map +62a8 70007c81 jam lmp_ext_accepted ,mem_lmo_opcode2 +62a9 70007d8b jam lmp_packet_type_table_req ,mem_lmi_opcode2 +62aa 20600000 rtn + +parse_lmp_sniff_subrating_res: + +parse_lmp_preferred_rate: + +parse_lmp_max_power: + +parse_lmp_min_power: +62ab 20600000 rtn + +parse_lmp_page_mode_req: +62ac 20206219 branch accept_lmp_msg + +parse_lmp_page_scan_mode_req: +62ad 20206219 branch accept_lmp_msg + +parse_lmp_slot_offset: +62ae 6fe4054e fetch 2 ,mem_rxbuf + 1 +62af 67e4016f store 2 ,mem_slot_offset +62b0 20600000 rtn + +parse_lmp_sniff_req_check_sniff_para: +62b1 6fe40551 fetch 2 ,mem_rxbuf + 4 +62b2 68424173 fetcht 1 ,mem_lpm_mult +62b3 984ffe00 imul32 temp ,pdata +62b4 d8400640 arg 0x640 ,temp +62b5 98467c00 isub temp ,null +62b6 20600000 rtn + +parse_lmp_sniff_req: +62b7 202062d2 branch lmp_reject_sniff +62b8 6fe40553 fetch 2 ,mem_rxbuf + 6 +62b9 203a62d2 branch lmp_reject_sniff ,blank +62ba 204062b1 call parse_lmp_sniff_req_check_sniff_para +62bb 202162d2 branch lmp_reject_sniff ,positive +62bc 6fe24092 fetch 1 ,mem_device_option +62bd 1fe67c0a sub pdata ,dvc_op_module ,null +62be 2042d0c1 call module_set_lpm_mult_2 ,zero +62bf 6fe20030 fetch 1 ,mem_state +62c0 c280e2d2 bbit1 state_insniff ,lmp_reject_sniff +62c1 6fe4054f fetch 2 ,mem_rxbuf + 2 +62c2 1fe3fe00 lshift pdata ,pdata +62c3 67e40075 store 2 ,mem_dsniff +62c4 6fe40551 fetch 2 ,mem_rxbuf + 4 +62c5 1fe3fe00 lshift pdata ,pdata +62c6 67e40032 store 2 ,mem_tsniff +62c7 6fe40553 fetch 2 ,mem_rxbuf + 6 +62c8 67e20073 store 1 ,mem_sniff_attempt +62c9 98000400 iforce temp +62ca 6fe40555 fetch 2 ,mem_rxbuf + 8 +62cb 67e20074 store 1 ,mem_sniff_timeout +62cc 98467c00 isub temp ,null +62cd 242162cf nbranch set_big_value_to_attempt ,positive +62ce 67e20073 store 1 ,mem_sniff_attempt + +set_big_value_to_attempt: +62cf 70007c03 jam lmp_accepted ,mem_lmo_opcode2 +62d0 70007d17 jam lmp_sniff_req ,mem_lmi_opcode2 +62d1 20600000 rtn + +lmp_reject_sniff: +62d2 70007e24 jam pdu_not_allowed ,mem_lmo_reason2 +62d3 20206134 branch reject_lmp_packet + +parse_lmp_start_encryption_req: +62d4 20406219 call accept_lmp_msg +62d5 204063db call lmp_copy_rand +62d6 2040714a call function_e3 +62d7 202046b4 branch start_encryption + +parse_lmp_stop_encryption_req: +62d8 20406219 call accept_lmp_msg +62d9 202046bc branch stop_encryption + +parse_lmp_switch_req: +62da 6fe8054e fetch 4 ,mem_rxbuf + 1 +62db 1fe3fe00 lshift pdata ,pdata +62dc 2034e2e6 branch parse_lmp_switch_accept ,master +62dd 684241be fetcht 1 ,mem_link_key_exists +62de 243a62e3 nbranch parse_lmp_switch_req_clear_mark ,blank + +parse_lmp_switch_req_not_accept: +62df 70007c04 jam lmp_not_accepted ,mem_lmo_opcode2 +62e0 70007d13 jam lmp_switch_req ,mem_lmi_opcode2 +62e1 70007e24 jam pdu_not_allowed ,mem_lmo_reason2 +62e2 20600000 rtn + +parse_lmp_switch_req_clear_mark: +62e3 70007c34 jam lmp_slot_offset ,mem_lmo_opcode2 +62e4 70005500 jam 0 ,mem_conn_sm +62e5 202041d5 branch role_switch_prepare + +parse_lmp_switch_accept: +62e6 204041d5 call role_switch_prepare +62e7 79200022 set1 mark_reconn_recieve_switch ,mark +62e8 6fe2016b fetch 1 ,mem_connection_options +62e9 793ffe02 set0 connection_switch ,pdata +62ea 67e2016b store 1 ,mem_connection_options +62eb 20206219 branch accept_lmp_msg + +parse_lmp_temp_rand: + +parse_lmp_temp_key: + +parse_lmp_timing_accuracy_res: + +parse_lmp_unit_key: + +parse_lmp_use_semi_permanend_key: +62ec 20600000 rtn + +parse_lmp_unsniff_req: +62ed 70007c03 jam lmp_accepted ,mem_lmo_opcode2 +62ee 70007d18 jam lmp_unsniff_req ,mem_lmi_opcode2 +62ef 700a952e jam bt_evt_remote_unsniff ,mem_fifo_temp +62f0 20407bab call ui_ipc_send_event +62f1 202046e5 branch sniff_exit + +parse_lmp_encapsulated_header: +62f2 6fe2054e fetch 1 ,mem_rxbuf + 1 +62f3 c080e2fe bne encapsulated_major_type_p192 ,parse_lmp_encapsulated_header_reject +62f4 6fe2054f fetch 1 ,mem_rxbuf + 2 +62f5 c080e2fe bne encapsulated_minor_type_p192 ,parse_lmp_encapsulated_header_reject +62f6 6fe20550 fetch 1 ,mem_rxbuf + 3 +62f7 c09862fe bne encapsulated_len_p192 ,parse_lmp_encapsulated_header_reject +62f8 204066de call check_localsm +62f9 2020e2fb branch parse_lmp_encapsulated_header_master ,true +62fa 7009aa01 jam sp_stat_key_recv ,mem_sp_state + +parse_lmp_encapsulated_header_master: +62fb 70007c03 jam lmp_accepted ,mem_lmo_opcode2 +62fc 70007d3d jam lmp_encapsulated_header ,mem_lmi_opcode2 +62fd 202060e8 branch parse_rx_done + +parse_lmp_encapsulated_header_reject: +62fe 70007e24 jam pdu_not_allowed ,mem_lmo_reason2 +62ff 20206134 branch reject_lmp_packet + +parse_lmp_accepted_encapsulated_header: +6300 70007c3e jam lmp_encapsulated_payload ,mem_lmo_opcode2 +6301 20600000 rtn + +parse_lmp_accepted_simple_pairing_number: +6302 6fe24634 fetch 1 ,mem_ssp_mode_flag +6303 c000e309 beq ssp_mode_ssp_pin_flag ,parse_lmp_accepted_simple_pairing_number_ssp_pin +6304 c001630d beq ssp_mode_passkey_entry_flag ,parse_lmp_accepted_simple_pairing_number_passkey + +parse_lmp_accepted_simple_pairing_number_common: +6305 204066de call check_localsm +6306 20608000 rtn true +6307 7009aa08 jam sp_stat_confirm_recv ,mem_sp_state +6308 20600000 rtn + +parse_lmp_accepted_simple_pairing_number_ssp_pin: +6309 20407817 call g_noninit_number_confirm +630a 700a9535 jam bt_evt_bt_gkey_generate ,mem_fifo_temp +630b 20407bab call ui_ipc_send_event +630c 20206305 branch parse_lmp_accepted_simple_pairing_number_common + +parse_lmp_accepted_simple_pairing_number_passkey: +630d 204066de call check_localsm +630e 20608000 rtn true +630f 6fe24635 fetch 1 ,mem_authentication_passkey_times +6310 c009e31d beq 19 ,authentication_passkey_end +6311 1fe0fe01 increase 1 ,pdata +6312 67e24635 store 1 ,mem_authentication_passkey_times + +authentication_passkey: +6313 7009ac01 jam sp_flag_commit ,mem_sp_flag +6314 7009aa04 jam sp_stat_commit_calc ,mem_sp_state +6315 6fe24635 fetch 1 ,mem_authentication_passkey_times +6316 1fe20e00 copy pdata ,queue +6317 6fec4658 fetch 6 ,mem_pin +6318 afefffff qisolate1 pdata +6319 58000080 setarg 0x80 +631a 7920fe00 setflag true ,0 ,pdata +631b 67e24636 store 1 ,mem_passkey_1bit +631c 20600000 rtn + +authentication_passkey_end: +631d 7009aa08 jam sp_stat_confirm_recv ,mem_sp_state +631e 20600000 rtn + +parse_lmp_accepted_dhkey_check: +631f 20406325 call parse_lmp_accepted_dhkey_check_common + +pairing_success: +6320 6fe24637 fetch 1 ,mem_flag_pairing_state +6321 207a0000 rtn blank +6322 70463700 jam flag_pairing_state_not_pairing ,mem_flag_pairing_state +6323 700a9538 jam bt_evt_bt_pairing_success ,mem_fifo_temp +6324 20207bab branch ui_ipc_send_event + +parse_lmp_accepted_dhkey_check_common: +6325 204066de call check_localsm +6326 2440f81a ncall g_noninit ,true +6327 2040f82a call g_init ,true +6328 204066de call check_localsm +6329 20608000 rtn true +632a 7009aa0c jam sp_stat_link_key_calc ,mem_sp_state +632b 7009ac01 jam sp_flag_commit ,mem_sp_flag +632c 20600000 rtn + +parse_simple_pairing_confirm: +632d d8a00a6a arg mem_sp_confirm_remote ,contw +632e d8c0054e arg mem_rxbuf + 1 ,contr +632f 20407c9a call memcpy16 +6330 6fe24634 fetch 1 ,mem_ssp_mode_flag +6331 c1010000 rtneq ssp_mode_passkey_entry_flag +6332 2020758d branch master_set_mem_master_sp_flag + +parse_lmp_encapsulated_payload: +6333 6fe209ab fetch 1 ,mem_master_sp_state +6334 c003e337 beq sp_stat_random_send ,parse_encapsulated_payload_master +6335 6fe209aa fetch 1 ,mem_sp_state +6336 c080e34a bne sp_stat_key_recv ,parse_lmp_encapsulated_payload_reject + +parse_encapsulated_payload_master: +6337 6fe209b3 fetch 1 ,mem_sp_remote_key_recv_count +6338 1fe60a20 sub pdata ,0x20 ,contw +6339 2421634a nbranch parse_lmp_encapsulated_payload_reject ,positive +633a d8a009c2 arg mem_sp_pubkey_remote ,contw +633b 98a08a00 iadd contw ,contw +633c 6ff0054e fetch 8 ,mem_rxbuf + 1 +633d e7f00005 istore 8 ,contw +633e 6ff00556 fetch 8 ,mem_rxbuf + 9 +633f e7f00005 istore 8 ,contw +6340 6fe209b3 fetch 1 ,mem_sp_remote_key_recv_count +6341 1fe0fe10 increase 16 ,pdata +6342 67e209b3 store 1 ,mem_sp_remote_key_recv_count +6343 c0986219 bne encapsulated_len_p192 ,accept_lmp_msg + +parse_lmp_encapsulated_payload_completed: +6344 204066de call check_localsm +6345 2020e219 branch accept_lmp_msg ,true +6346 7009b401 jam sp_key_valid ,mem_sp_remote_key_invalid +6347 7009aa02 jam sp_stat_key_generate ,mem_sp_state +6348 7009ac01 jam sp_flag_commit ,mem_sp_flag +6349 20206219 branch accept_lmp_msg + +parse_lmp_encapsulated_payload_reject: +634a 70007e24 jam pdu_not_allowed ,mem_lmo_reason2 +634b 20206134 branch reject_lmp_packet + +parse_lmp_accepted_encapsulated_payload: +634c 6fe209b2 fetch 1 ,mem_sp_local_key_send_count +634d c0186350 beq encapsulated_len_p192 ,parse_lmp_encapsulated_payload_all_accepted +634e 70007c3e jam lmp_encapsulated_payload ,mem_lmo_opcode2 +634f 202060e8 branch parse_rx_done + +parse_lmp_encapsulated_payload_all_accepted: +6350 204066de call check_localsm +6351 2020e359 branch parse_lmp_encapsulated_payload_all_accepted_master ,true +6352 6fe24634 fetch 1 ,mem_ssp_mode_flag +6353 c0016357 beq ssp_mode_passkey_entry_flag ,parse_lmp_encapsulated_payload_all_accepted_get_passkey +6354 7009ac01 jam sp_flag_commit ,mem_sp_flag +6355 7009aa04 jam sp_stat_commit_calc ,mem_sp_state +6356 202060e8 branch parse_rx_done + +parse_lmp_encapsulated_payload_all_accepted_get_passkey: +6357 700a9536 jam bt_evt_bt_get_passkey ,mem_fifo_temp +6358 20207bab branch ui_ipc_send_event + +parse_lmp_encapsulated_payload_all_accepted_master: +6359 202060e8 branch parse_rx_done + +parse_lmp_simple_pairing_number: +635a 6fe209ab fetch 1 ,mem_master_sp_state +635b c003e35e beq sp_stat_random_send ,parse_lmp_simple_pairing_number_master +635c 6fe209aa fetch 1 ,mem_sp_state +635d c083636a bne sp_stat_random_recv ,parse_lmp_simple_pairing_number_reject + +parse_lmp_simple_pairing_number_master: +635e d8a00a2a arg mem_sp_random_remote ,contw +635f 6ff0054e fetch 8 ,mem_rxbuf + 1 +6360 e7f00005 istore 8 ,contw +6361 6ff00556 fetch 8 ,mem_rxbuf + 9 +6362 e7f00005 istore 8 ,contw +6363 204066de call check_localsm +6364 2020e368 branch parse_lmp_simple_pairing_number_master0 ,true +6365 7009aa07 jam sp_stat_random_send ,mem_sp_state +6366 7009ac01 jam sp_flag_commit ,mem_sp_flag +6367 20206219 branch accept_lmp_msg + +parse_lmp_simple_pairing_number_master0: +6368 7009ab04 jam sp_stat_commit_calc ,mem_master_sp_state +6369 2020758d branch master_set_mem_master_sp_flag + +parse_lmp_simple_pairing_number_reject: +636a 70007e24 jam pdu_not_allowed ,mem_lmo_reason2 +636b 20206134 branch reject_lmp_packet + +parse_dhkey_check: +636c 6fe209ab fetch 1 ,mem_master_sp_state +636d c005e370 beq sp_stat_confirm_send ,parse_dhkey_check_master +636e 6fe209aa fetch 1 ,mem_sp_state +636f c084637f bne sp_stat_confirm_recv ,parse_lmp_dhkey_check_reject + +parse_dhkey_check_master: +6370 d8a00a5a arg mem_sp_check_result ,contw +6371 d8c0054e arg mem_rxbuf + 1 ,contr +6372 20407c9a call memcpy16 +6373 204066de call check_localsm +6374 2020e37c branch parse_dhkey_check_master0 ,true +6375 6fe24634 fetch 1 ,mem_ssp_mode_flag +6376 c000e381 beq ssp_mode_ssp_pin_flag ,number_comparison_mode + +number_comparison_successed: +6377 70463300 jam 0 ,mem_flag_mode_ssp_pin +6378 7009aa09 jam sp_stat_confirm_check ,mem_sp_state +6379 7009ac01 jam sp_flag_commit ,mem_sp_flag +637a 70007d41 jam lmp_dhkey_check ,mem_lmi_opcode2 +637b 202060e8 branch parse_rx_done + +parse_dhkey_check_master0: +637c 7009ab09 jam sp_stat_confirm_check ,mem_master_sp_state +637d 7009ad01 jam sp_flag_commit ,mem_master_sp_flag +637e 202060e8 branch parse_rx_done + +parse_lmp_dhkey_check_reject: +637f 70007e24 jam pdu_not_allowed ,mem_lmo_reason2 +6380 20206134 branch reject_lmp_packet + +number_comparison_mode: +6381 6fe24633 fetch 1 ,mem_flag_mode_ssp_pin +6382 c283e386 bbit1 flag_mode_ssp_pin_reviceve_comparison_bit ,comparison_result +6383 79207e06 set1 flag_mode_ssp_pin_recieve_dhkey_bit ,pdata +6384 67e24633 store 1 ,mem_flag_mode_ssp_pin +6385 20600000 rtn + +comparison_result: +6386 c2806377 bbit1 flag_mode_ssp_pin_comparison_result_bit ,number_comparison_successed +6387 70463300 jam 0 ,mem_flag_mode_ssp_pin +6388 2020637f branch parse_lmp_dhkey_check_reject + +parse_lmp_clkoffset_res: +6389 202060e8 branch parse_rx_done + +parse_lmp_encryption_mode_req: +638a 6fe2016b fetch 1 ,mem_connection_options +638b 793ffe01 set0 connection_encrypt +638c 67e2016b store 1 ,mem_connection_options +638d 20406219 call accept_lmp_msg +638e 24748000 nrtn master +638f 6fe2054e fetch 1 ,mem_rxbuf + 1 +6390 6842004b fetcht 1 ,mem_op +6391 793a0404 setflag blank ,op_stop_enc ,temp +6392 7d3a0405 nsetflag blank ,op_start_enc ,temp +6393 6042004b storet 1 ,mem_op +6394 20600000 rtn + +parse_lmp_features_res: +6395 6850054e fetcht 8 ,mem_rxbuf + 1 + +parse_lmp_features_res_not_hci: +6396 6fe20055 fetch 1 ,mem_conn_sm +6397 c1818000 rtnne conn_sm_wait_features_res +6398 6fe2016b fetch 1 ,mem_connection_options +6399 c302639c bbit0 connection_feature_ext ,parse_lmp_send_conn +639a 70005514 jam conn_sm_send_features_ext ,mem_conn_sm +639b 20600000 rtn + +parse_lmp_send_conn: +639c 70005504 jam conn_sm_send_conn_req ,mem_conn_sm +639d 20600000 rtn + +parse_lmp_test_activate: +639e 6fe2017d fetch 1 ,mem_debug_config +639f 67e20159 store 1 ,mem_test_mode_old_debug_config +63a0 70007c03 jam lmp_accepted ,mem_lmo_opcode2 +63a1 70007d38 jam lmp_test_activate ,mem_lmi_opcode2 +63a2 20600000 rtn + +parse_lmp_test_control: +63a3 70007c03 jam lmp_accepted ,mem_lmo_opcode2 +63a4 70007d39 jam lmp_test_control ,mem_lmi_opcode2 +63a5 18007209 force 9 ,loopcnt +63a6 d8c0054e arg mem_rxbuf + 1 ,contr +63a7 d8a00150 arg mem_temp_payload ,contw + +parse_lmp_test_xor: +63a8 efe20006 ifetch 1 ,contr +63a9 1fe2fe55 xor_into 0x55 ,pdata +63aa e7e20005 istore 1 ,contw +63ab c20063a8 loop parse_lmp_test_xor +63ac 6fe20150 fetch 1 ,test_mode_scenario +63ad 6842014f fetcht 1 ,mem_tester_emulate +63ae 793f8407 set0 tester_no_whitening ,temp +63af 793f8404 set0 tester_pattern_test ,temp +63b0 c07fe3bc beq exit_test_mode ,parse_lmp_test_control_exit +63b1 c00063d5 beq pause_test_mode ,parse_lmp_test_control_pause +63b2 c002e3c9 beq closed_loop_back_acl ,parse_lmp_test_control_loopback +63b3 c003e3c8 beq acl_without_whitening ,parse_lmp_test_control_loopback_nowhite +63b4 c00363c9 beq closed_loop_back_sco ,parse_lmp_test_control_loopback +63b5 c00463c8 beq sco_without_whitening ,parse_lmp_test_control_loopback_nowhite +63b6 c000e3c1 beq zero_pattern ,parse_lmp_test_control_pattern +63b7 c00163c1 beq one_pattern ,parse_lmp_test_control_pattern +63b8 c001e3c1 beq alt_pattern ,parse_lmp_test_control_pattern +63b9 c004e3c1 beq alt2_pattern ,parse_lmp_test_control_pattern +63ba c00263c1 beq pseudorandom ,parse_lmp_test_control_pattern +63bb 20600000 rtn + +parse_lmp_test_control_exit: +63bc 6fe2014f fetch 1 ,mem_tester_emulate +63bd 79207e03 set1 tester_exit ,pdata +63be 79207e02 set1 tester_change ,pdata +63bf 67e2014f store 1 ,mem_tester_emulate +63c0 20600000 rtn + +parse_lmp_test_control_pattern: +63c1 79200404 set1 tester_pattern_test ,temp +63c2 70017e05 jam 5 ,mem_lch_code +63c3 6fe40157 fetch 2 ,test_mode_data_length +63c4 98007200 iforce loopcnt +63c5 67e4015d store 2 ,mem_len +63c6 d8a0054d arg mem_rxbuf ,contw +63c7 20407d4e call pn9 + +parse_lmp_test_control_loopback_nowhite: +63c8 79200407 set1 tester_no_whitening ,temp + +parse_lmp_test_control_loopback: +63c9 79200402 set1 tester_change ,temp +63ca 18007e00 force 0 ,pdata +63cb 67e2000b store 1 ,mem_slave_rcvcnt +63cc 67e400f8 store 2 ,mem_tst_pktcnt_crc +63cd 67e400fa store 2 ,mem_tst_pktcnt_dmh +63ce 67e400f6 store 2 ,mem_tst_pktcnt_hec +63cf 67e400f4 store 2 ,mem_tst_pktcnt_sync +63d0 6fe20151 fetch 1 ,test_mode_hopping_mode +63d1 2fe1fe00 compare fixed_freq ,pdata ,0xff +63d2 79208406 setflag true ,tester_fixed_freq ,temp +63d3 6042014f storet 1 ,mem_tester_emulate +63d4 20600000 rtn + +parse_lmp_test_control_pause: +63d5 793f8011 set0 mark_testmode ,mark +63d6 70014f00 jam 0 ,mem_tester_emulate +63d7 6fe2017d fetch 1 ,mem_debug_config +63d8 793ffe06 set0 debug_tx_pattern ,pdata +63d9 67e2017d store 1 ,mem_debug_config +63da 20600000 rtn + +lmp_copy_rand: +63db d8c0054e arg mem_rxbuf + 1 ,contr +63dc d8a0055e arg mem_random_number ,contw +63dd 20207c9a branch memcpy16 + +lmp_generate_key: +63de 70007c09 jam lmp_comb_key ,mem_lmo_opcode2 +63df 20600000 rtn + +lmp_start_encryption: +63e0 24748000 nrtn master +63e1 70007c11 jam lmp_start_encryption_req ,mem_lmo_opcode2 +63e2 20600000 rtn + +lmp_accept_inrand: +63e3 da2040a0 arg mem_lap ,rega +63e4 20407114 call generate_kinit +63e5 70007c03 jam lmp_accepted ,mem_lmo_opcode2 +63e6 70007d08 jam lmp_in_rand ,mem_lmi_opcode2 +63e7 20600000 rtn + +lmp_disconnect: +63e8 7000720a jam 10 ,mem_conn_timer +63e9 70007c07 jam lmp_detach ,mem_lmo_opcode2 +63ea 7004c616 jam local_host ,mem_disconn_reason_send +63eb 20600000 rtn + +send_lmp: +63ec 471f4027 bpatchx patch27_6 ,mem_patch27 +63ed 78547c00 disable user +63ee 204066a3 call lmo_fifo_process +63ef 6fe20048 fetch 1 ,mem_lmp_to_send +63f0 207a0000 rtn blank +63f1 c283e421 bbit1 7 ,send_lmp_escape + +send_lmp0: +63f2 c000e551 beq lmp_name_req ,send_lmp_name_req +63f3 c00164c6 beq lmp_name_res ,send_lmp_name_res +63f4 c001e42c beq lmp_accepted ,send_lmp_accepted +63f5 c0026442 beq lmp_not_accepted ,send_lmp_not_accepted +63f6 c013e5bd beq lmp_features_req ,send_lmp_features_req +63f7 c01464ea beq lmp_features_res ,send_lmp_features_res +63f8 c01864d6 beq lmp_timing_accuracy_res ,send_lmp_timing_accuracy_res +63f9 c012e5b8 beq lmp_version_req ,send_lmp_version_req +63fa c01364e5 beq lmp_version_res ,send_lmp_version_res +63fb c018e5a5 beq lmp_setup_complete ,send_lmp_setup_complete +63fc c01be54c beq lmp_supervision_timeout ,send_lmp_superto +63fd c019e53e beq lmp_host_connection_req ,send_lmp_no_payload +63fe c004663b beq lmp_in_rand ,send_lmp_inrand +63ff c004e631 beq lmp_comb_key ,send_lmp_comb_key +6400 c005e646 beq lmp_au_rand ,send_lmp_aurand +6401 c006664f beq lmp_sres ,send_lmp_sres +6402 c007e544 beq lmp_encryption_mode_req ,send_lmp_encryption_mode_req +6403 c0086674 beq lmp_encryption_key_size_req ,send_lmp_encryption_key_size_req +6404 c008e66a beq lmp_start_encryption_req ,send_lmp_start_encryption +6405 c003e534 beq lmp_detach ,send_lmp_detach +6406 c0156560 beq lmp_quality_of_service_req ,send_lmp_quality_of_service_req +6407 c0056561 beq lmp_unit_key ,send_lmp_unit_key +6408 c00fe59e beq lmp_incr_power_req ,send_lmp_inc_power +6409 c00364db beq lmp_clkoffset_res ,send_lmp_clkoffset_res +640a c010e541 beq lmp_max_power ,send_lmp_nopayload_reply +640b c016e594 beq lmp_max_slot ,send_lmp_max_slot +640c c0176599 beq lmp_max_slot_req ,send_lmp_max_slot_req +640d c0116541 beq lmp_min_power ,send_lmp_nopayload_reply +640e c01a6562 beq lmp_slot_offset ,send_lmp_slot_offset +640f c009e577 beq lmp_switch_req ,send_lmp_switch_req +6410 c00be586 beq lmp_sniff_req ,send_lmp_sniff_req +6411 c0096671 beq lmp_stop_encryption_req ,send_lmp_stop_encryption_req +6412 c017e58c beq lmp_timing_accuracy_req ,send_lmp_timing_accuracy_req +6413 c00c6591 beq lmp_unsniff_req ,send_lmp_unsniff_req +6414 c01ee5e1 beq lmp_encapsulated_header ,send_lmp_encapsulated_header +6415 c01f65ed beq lmp_encapsulated_payload ,send_lmp_encapsulated_payload +6416 c01fe5ff beq lmp_simple_pairing_confirm ,send_lmp_simple_pairing_comfirm +6417 c0206609 beq lmp_simple_pairing_number ,send_lmp_simple_pairing_number +6418 c020e61e beq lmp_dhkey_check ,send_lmp_dhkey_check +6419 c011e62d beq lmp_auto_rate ,send_lmp_auto_rate +641a c01de628 beq lmp_enc_key_size_mask_res ,send_lmp_enc_key_size_mask_res +641b c002e62e beq lmp_clkoffset_req ,send_lmp_clkoffset_req +641c c014e62f beq lmp_quality_of_service ,send_lmp_quality_of_service +641d c01c6630 beq lmp_test_activate ,send_lmp_test_activate +641e c01ce557 beq lmp_test_control ,send_lmp_test_control + +send_lmp_error: +641f 20204a8b branch assert +6420 20600000 rtn + +send_lmp_escape: +6421 c040e44f beq lmp_ext_accepted ,send_lmpext_accepted +6422 c042647b beq lmp_ext_features_res ,send_lmpext_features_res +6423 c0416458 beq lmp_not_accepted_ext ,send_lmpext_not_accepted +6424 c041e4ef beq lmp_ext_features_req ,send_lmpext_features_req +6425 c045e4fa beq lmp_packet_type_table_req ,send_lmpext_packet_type_table_req +6426 c04be530 beq lmp_pause_encryption_req ,send_lmpext_pause_encryption_req +6427 c04ce4b7 beq lmp_io_cap_req ,send_lmp_io_cap_req +6428 c04d6486 beq lmp_io_cap_res ,send_lmpext_io_cap_res +6429 c04ae4bc beq lmp_sniff_subrating_req ,send_lmpext_sniff_subrating_req +642a c04b64bd beq lmp_sniff_subrating_res ,send_lmpext_sniff_subrating_res +642b 20204a8b branch assert + +send_lmp_accepted: +642c 18007e02 force 2 ,pdata +642d 2040667a call msg_send_lmp +642e 6fe20049 fetch 1 ,mem_lmi_opcode +642f e7e20005 istore 1 ,contw +6430 20406689 call send_lmp_follow +6431 471fc027 bpatchx patch27_7 ,mem_patch27 +6432 6fe20049 fetch 1 ,mem_lmi_opcode +6433 c0046462 beq lmp_in_rand ,send_lmp_accepted_inrand +6434 c007e466 beq lmp_encryption_mode_req ,send_lmp_accepted_enc_mode +6435 c0086471 beq lmp_encryption_key_size_req ,send_lmp_accepted_enc_key +6436 c00be441 beq lmp_sniff_req ,send_lmp_accept_sniff_req +6437 c019e474 beq lmp_host_connection_req ,send_lmp_accepted_connection +6438 c020e47a beq lmp_dhkey_check ,send_lmp_accept_dhkey_check +6439 c008e43b beq lmp_start_encryption_req ,send_create_conn_start_l2cap_timer_sm +643a 20600000 rtn + +send_create_conn_start_l2cap_timer_sm: +643b 6fe20055 fetch 1 ,mem_conn_sm +643c 207a0000 rtn blank +643d 7000551b jam conn_sm_wait_done ,mem_conn_sm +643e 5800000c setarg timer_enpt_waite +643f d8e00007 arg enpt_delay_timer ,queue +6440 20207ce3 branch timer_init + +send_lmp_accept_sniff_req: +6441 202046c2 branch sniff_init + +send_lmp_not_accepted: +6442 18007e03 force 3 ,pdata +6443 2040667a call msg_send_lmp +6444 6fe20049 fetch 1 ,mem_lmi_opcode +6445 c005e44a beq lmp_au_rand ,send_not_accept_aurand +6446 e7e20005 istore 1 ,contw +6447 6fe2004a fetch 1 ,mem_lmo_reason +6448 e7e20005 istore 1 ,contw +6449 20206689 branch send_lmp_follow + +send_not_accept_aurand: +644a e7e20005 istore 1 ,contw +644b 6fe2004a fetch 1 ,mem_lmo_reason +644c e7e20005 istore 1 ,contw +644d d84004d1 arg mem_sres_tid ,temp +644e 202066c4 branch special_tid_store + +send_lmpext_accepted: +644f 18000e04 force 4 ,queue +6450 20406682 call send_lmpext +6451 5800007f setarg lmp_escape +6452 e7e20005 istore 1 ,contw +6453 6fe20049 fetch 1 ,mem_lmi_opcode +6454 793ffe07 set0 7 ,pdata +6455 e7e20005 istore 1 ,contw +6456 6fe20049 fetch 1 ,mem_lmi_opcode +6457 20206689 branch send_lmp_follow + +send_lmpext_not_accepted: +6458 18000e05 force 5 ,queue +6459 20406682 call send_lmpext +645a 5800007f setarg lmp_escape +645b e7e20005 istore 1 ,contw +645c 6fe20049 fetch 1 ,mem_lmi_opcode +645d 793ffe07 set0 7 ,pdata +645e e7e20005 istore 1 ,contw +645f 6fe2004a fetch 1 ,mem_lmo_reason +6460 e7e20005 istore 1 ,contw +6461 20206689 branch send_lmp_follow + +send_lmp_accepted_inrand: +6462 2040444b call clear_linkkey +6463 204066d5 call tid_check +6464 20608000 rtn true +6465 202063de branch lmp_generate_key + +send_lmp_accepted_enc_mode: +6466 6fe2004b fetch 1 ,mem_op +6467 c282e46d bbit1 op_start_enc ,send_lmp_accepted_enc_start +6468 c4020000 rtnbit0 op_stop_enc +6469 70007c12 jam lmp_stop_encryption_req ,mem_lmo_opcode2 +646a 793ffe04 set0 op_stop_enc ,pdata +646b 204066cd call tid_reply +646c 2020646f branch send_lmp_accepted_enc_exit + +send_lmp_accepted_enc_start: +646d 70007c10 jam lmp_encryption_key_size_req ,mem_lmo_opcode2 +646e 793ffe05 set0 op_start_enc ,pdata + +send_lmp_accepted_enc_exit: +646f 67e2004b store 1 ,mem_op +6470 20600000 rtn + +send_lmp_accepted_enc_key: +6471 204066de call check_localsm +6472 2020e3e0 branch lmp_start_encryption ,true +6473 20600000 rtn + +send_lmp_accepted_connection: +6474 70007c8b jam lmp_packet_type_table_req ,mem_lmo_opcode2 +6475 6fe204cd fetch 1 ,mem_lmp_conn_state +6476 79207e00 set1 received_conn_req ,pdata +6477 67e204cd store 1 ,mem_lmp_conn_state +6478 700a9501 jam bt_evt_bb_connected ,mem_fifo_temp +6479 20207bab branch ui_ipc_send_event + +send_lmp_accept_dhkey_check: +647a 20600000 rtn + +send_lmpext_features_res: +647b 18000e0c force 12 ,queue +647c 20406682 call send_lmpext +647d 58000001 setarg 0x01 +647e e7e20005 istore 1 ,contw +647f 6fe404ca fetch 2 ,mem_lmpext_ssp_enable +6480 e7e40005 istore 2 ,contw +6481 58000000 setarg 0 +6482 e7e60005 istore 3 ,contw +6483 58000000 setarg 0x00 +6484 e7e80005 istore 4 ,contw +6485 20206692 branch send_lmp_reply + +send_lmpext_io_cap_res: +6486 18000e05 force 5 ,queue +6487 20406682 call send_lmpext +6488 6fe6462d fetch 3 ,mem_sp_iocap_local +6489 e7e60005 istore 3 ,contw +648a 20406692 call send_lmp_reply +648b 70463701 jam flag_pairing_state_pairing ,mem_flag_pairing_state +648c 6fe2462d fetch 1 ,mem_sp_iocap_local +648d c000e497 beq display_yesno ,responder_iocap_display_yesno +648e c0016491 beq keyboard_only ,responder_iocap_keyboard_only +648f c001e49d beq no_input_no_output ,responder_iocap_no_input_no_output +6490 20600000 rtn + +responder_iocap_keyboard_only: +6491 6fe24630 fetch 1 ,mem_sp_iocap_remote +6492 c00064a9 beq display_only ,responder_iocap_keyboard_only_initiator_iocap_display_only +6493 c000e4a9 beq display_yesno ,responder_iocap_keyboard_only_initiator_iocap_display_yesno +6494 c00164a9 beq keyboard_only ,responder_iocap_keyboard_only_initiator_iocap_keyboard_only +6495 c001e4a3 beq no_input_no_output ,responder_iocap_keyboard_only_initiator_iocap_no_input_no_output +6496 20600000 rtn + +responder_iocap_display_yesno: +6497 6fe24630 fetch 1 ,mem_sp_iocap_remote +6498 c00064a3 beq display_only ,responder_iocap_display_yesno_initiator_iocap_display_only +6499 c000e4a7 beq display_yesno ,responder_iocap_display_yesno_initiator_iocap_display_yesno +649a c00164a9 beq keyboard_only ,responder_iocap_display_yesno_initiator_iocap_keyboard_only +649b c001e4a3 beq no_input_no_output ,responder_iocap_display_yesno_initiator_iocap_no_input_no_output +649c 20600000 rtn + +responder_iocap_no_input_no_output: +649d 6fe24630 fetch 1 ,mem_sp_iocap_remote +649e c00064a3 beq display_only ,responder_iocap_no_input_no_output_initiator_iocap_display_only +649f c000e4a3 beq display_yesno ,responder_iocap_no_input_no_output_initiator_iocap_display_yesno +64a0 c00164a3 beq keyboard_only ,responder_iocap_no_input_no_output_initiator_iocap_keyboard_only +64a1 c001e4a3 beq no_input_no_output ,responder_iocap_no_input_no_output_initiator_iocap_no_input_no_output +64a2 20600000 rtn + +responder_iocap_keyboard_only_initiator_iocap_no_input_no_output: + +responder_iocap_display_yesno_initiator_iocap_no_input_no_output: + +responder_iocap_display_yesno_initiator_iocap_display_only: + +responder_iocap_no_input_no_output_initiator_iocap_display_only: + +responder_iocap_no_input_no_output_initiator_iocap_display_yesno: + +responder_iocap_no_input_no_output_initiator_iocap_keyboard_only: + +responder_iocap_no_input_no_output_initiator_iocap_no_input_no_output: + +set_ssp_mode_justwork: +64a3 70463403 jam ssp_mode_just_work_flag ,mem_ssp_mode_flag +64a4 6fe2452e fetch 1 ,mem_classic_bt_flag +64a5 c2804d64 bbit1 flag_ssp_reject_justwork ,app_bt_disconnect +64a6 20600000 rtn + +responder_iocap_display_yesno_initiator_iocap_display_yesno: + +set_ssp_mode_numeric_comparison: +64a7 70463401 jam ssp_mode_ssp_pin_flag ,mem_ssp_mode_flag +64a8 20600000 rtn + +responder_iocap_keyboard_only_initiator_iocap_display_yesno: + +responder_iocap_keyboard_only_initiator_iocap_keyboard_only: + +responder_iocap_keyboard_only_initiator_iocap_display_only: + +responder_iocap_display_yesno_initiator_iocap_keyboard_only: + +set_ssp_mode_passkey: +64a9 70463402 jam ssp_mode_passkey_entry_flag ,mem_ssp_mode_flag +64aa 20600000 rtn + +classic_bt_set_reject_justwork_flag: +64ab d8e00000 arg flag_ssp_reject_justwork ,queue +64ac 202064af branch classic_bluetooth_set_flag + +classic_bt_clr_reject_justwork_flag: +64ad d8e00000 arg flag_ssp_reject_justwork ,queue +64ae 202064b3 branch classic_bluetooth_clr_flag + +classic_bluetooth_set_flag: +64af 6fe2452e fetch 1 ,mem_classic_bt_flag +64b0 f9207e00 qset1 pdata +64b1 67e2452e store 1 ,mem_classic_bt_flag +64b2 20600000 rtn + +classic_bluetooth_clr_flag: +64b3 6fe2452e fetch 1 ,mem_classic_bt_flag +64b4 f93ffe00 qset0 pdata +64b5 67e2452e store 1 ,mem_classic_bt_flag +64b6 20600000 rtn + +send_lmp_io_cap_req: +64b7 18000e05 force 5 ,queue +64b8 20406682 call send_lmpext +64b9 6fe6462d fetch 3 ,mem_sp_iocap_local +64ba e7e60005 istore 3 ,contw +64bb 20206694 branch send_lmp_request + +send_lmpext_sniff_subrating_req: +64bc 20600000 rtn + +send_lmpext_sniff_subrating_res: +64bd 18000e09 force 9 ,queue +64be 20406682 call send_lmpext +64bf 6fe20095 fetch 1 ,mem_subsniff_rate +64c0 e7e20005 istore 1 ,contw +64c1 6fe40096 fetch 2 ,mem_subsniff_tcmax +64c2 e7e40005 istore 2 ,contw +64c3 6fe80091 fetch 4 ,mem_subsniff_instant +64c4 e7e80005 istore 4 ,contw +64c5 20206692 branch send_lmp_reply + +send_lmp_name_res: +64c6 18007e11 force 17 ,pdata +64c7 2040667a call msg_send_lmp +64c8 6fe20049 fetch 1 ,mem_lmi_opcode +64c9 1fe20400 copy pdata ,temp +64ca c00064ce beq 0x00 ,send_lmp_name_res_offset_ok +64cb c00764ce beq 0x0e ,send_lmp_name_res_offset_ok +64cc c00e64ce beq 0x1c ,send_lmp_name_res_offset_ok +64cd 20600000 rtn + +send_lmp_name_res_offset_ok: +64ce e7e20005 istore 1 ,contw +64cf 6fe244e7 fetch 1 ,mem_local_name_length +64d0 e7e20005 istore 1 ,contw +64d1 df20000e arg 14 ,loopcnt +64d2 580044e8 setarg mem_local_name +64d3 98408c00 iadd temp ,contr +64d4 20407cdc call memcpy +64d5 20206692 branch send_lmp_reply + +send_lmp_timing_accuracy_res: +64d6 18007e03 force 3 ,pdata +64d7 2040667a call msg_send_lmp +64d8 58000114 setarg 0x0114 +64d9 e7e40005 istore 2 ,contw +64da 20206692 branch send_lmp_reply + +send_lmp_clkoffset_res: +64db 18007e03 force 3 ,pdata +64dc 2040667a call msg_send_lmp +64dd 6fe80163 fetch 4 ,mem_clke_bt +64de 9c467e00 isub clkn_bt ,pdata +64df 2034e4e1 branch send_lmp_clkoffset_res_master ,master +64e0 1fe67e00 sub pdata ,0 ,pdata + +send_lmp_clkoffset_res_master: +64e1 1feb7e00 rshift2 pdata ,pdata +64e2 793ffe0f set0 15 ,pdata +64e3 e7e40005 istore 2 ,contw +64e4 20206692 branch send_lmp_reply + +send_lmp_version_res: +64e5 18007e06 force 6 ,pdata +64e6 2040667a call msg_send_lmp +64e7 6fea44e2 fetch 5 ,mem_lmp_version +64e8 e7ea0005 istore 5 ,contw +64e9 20206692 branch send_lmp_reply + +send_lmp_features_res: +64ea 18007e09 force 9 ,pdata +64eb 2040667a call msg_send_lmp +64ec 6ff04098 fetch 8 ,mem_features +64ed e7f00005 istore 8 ,contw +64ee 20206692 branch send_lmp_reply + +send_lmpext_features_req: +64ef 18000e0c force 12 ,queue +64f0 20406682 call send_lmpext +64f1 58000001 setarg 0x01 +64f2 e7e20005 istore 1 ,contw +64f3 6fe404ca fetch 2 ,mem_lmpext_ssp_enable +64f4 e7e40005 istore 2 ,contw +64f5 58000000 setarg 0 +64f6 e7e60005 istore 3 ,contw +64f7 58000000 setarg 0x00 +64f8 e7e80005 istore 4 ,contw +64f9 20206694 branch send_lmp_request + +send_lmpext_packet_type_table_req: +64fa 18000e03 force 3 ,queue +64fb 20406682 call send_lmpext +64fc 6fe2415b fetch 1 ,mem_ptt +64fd e7e20005 istore 1 ,contw +64fe 78547c00 disable user +64ff 20406694 call send_lmp_request +6500 24740000 nrtn user +6501 24748000 nrtn master +6502 6fe240d8 fetch 1 ,mem_afh_cfg +6503 c4000000 rtnbit0 afh_cfg_on +6504 20406514 call afh_init +6505 2020651e branch afh_open_all_channels + +ssp_enable: +6506 47204028 bpatchx patch28_0 ,mem_patch28 +6507 6fe2409e fetch 1 ,mem_features + 6 +6508 79207e03 set1 param_featrue_ssp ,pdata +6509 67e2409e store 1 ,mem_features + 6 +650a 58000101 setarg param_lmpext_ssp_enable +650b 67e404ca store 2 ,mem_lmpext_ssp_enable +650c 20600000 rtn + +ssp_disable: +650d 4720c028 bpatchx patch28_1 ,mem_patch28 +650e 6fe2409e fetch 1 ,mem_features + 6 +650f 793ffe03 set0 param_featrue_ssp ,pdata +6510 67e2409e store 1 ,mem_features + 6 +6511 58000000 setarg 0 +6512 67e404ca store 2 ,mem_lmpext_ssp_enable +6513 20600000 rtn + +afh_init: +6514 7040d803 jam 0x3 ,mem_afh_cfg +6515 58000000 setarg 0 +6516 67e84142 store 4 ,mem_afh_timer +6517 d8a040da arg mem_afh_map_lo ,contw +6518 20406522 call afh_reset_map +6519 d8a040e7 arg mem_afh_map_new ,contw +651a 20406522 call afh_reset_map +651b d8a04146 arg mem_afh_classify_channel_map ,contw +651c 20406522 call afh_reset_map +651d 20206529 branch afh_clear_error_counter + +afh_open_all_channels: +651e d8a040e7 arg mem_afh_map_new ,contw +651f 20406522 call afh_reset_map +6520 20406529 call afh_clear_error_counter +6521 2020652c branch afh_set_send_flag + +afh_reset_map: +6522 58ffffff setarg 0xffffff +6523 e7e60005 istore 3 ,contw +6524 e7e60005 istore 3 ,contw +6525 e7e60005 istore 3 ,contw +6526 5800007f setarg 0x7f +6527 e7e20005 istore 1 ,contw +6528 20600000 rtn + +afh_clear_error_counter: +6529 58000000 setarg 0 +652a 67e440d6 store 2 ,mem_afh_error_total +652b 20600000 rtn + +afh_set_send_flag: +652c 6fe240d8 fetch 1 ,mem_afh_cfg +652d 79207e02 set1 send_lmp_set_afh ,pdata +652e 67e240d8 store 1 ,mem_afh_cfg +652f 20600000 rtn + +send_lmpext_pause_encryption_req: +6530 18000e02 force 2 ,queue +6531 20406682 call send_lmpext +6532 2434e692 nbranch send_lmp_reply ,master +6533 20206694 branch send_lmp_request + +send_lmp_detach: +6534 18007e02 force 2 ,pdata +6535 2040667a call msg_send_lmp +6536 6fe204c6 fetch 1 ,mem_disconn_reason_send +6537 e7e20005 istore 1 ,contw +6538 20406694 call send_lmp_request + +prepare_disconnect: +6539 6fe2004b fetch 1 ,mem_op +653a 79207e03 set1 op_disconn ,pdata +653b 67e2004b store 1 ,mem_op +653c 70007232 jam 50 ,mem_conn_timer +653d 20600000 rtn + +send_lmp_no_payload: +653e 18007e01 force 1 ,pdata +653f 2040667a call msg_send_lmp +6540 20206694 branch send_lmp_request + +send_lmp_nopayload_reply: +6541 18007e01 force 1 ,pdata +6542 2040667a call msg_send_lmp +6543 20206692 branch send_lmp_reply + +send_lmp_encryption_mode_req: +6544 18007e02 force 2 ,pdata +6545 2040667a call msg_send_lmp +6546 6fe2004c fetch 1 ,mem_state_map +6547 2fec0002 isolate0 smap_encryption ,pdata +6548 7920fe00 setflag true ,0 ,pdata +6549 1fe17e01 and_into 1 ,pdata +654a e7e20005 istore 1 ,contw +654b 20206694 branch send_lmp_request + +send_lmp_superto: +654c 18007e03 force 3 ,pdata +654d 2040667a call msg_send_lmp +654e 6fe40051 fetch 2 ,mem_supervision_to +654f e7e40005 istore 2 ,contw +6550 20206694 branch send_lmp_request + +send_lmp_name_req: +6551 700072fa jam 250 ,mem_conn_timer +6552 18007e02 force 2 ,pdata +6553 2040667a call msg_send_lmp +6554 6fe20053 fetch 1 ,mem_name_offset +6555 e7e20005 istore 1 ,contw +6556 20206694 branch send_lmp_request + +send_lmp_test_control: +6557 18007e0a force 10 ,pdata +6558 2040667a call msg_send_lmp +6559 d8c00150 arg mem_temp_payload ,contr +655a 18007209 force 9 ,loopcnt + +send_lmp_test_control_loop: +655b efe20006 ifetch 1 ,contr +655c 1fe2fe55 xor_into 0x55 ,pdata +655d e7e20005 istore 1 ,contw +655e c200655b loop send_lmp_test_control_loop +655f 20206694 branch send_lmp_request + +send_lmp_quality_of_service_req: +6560 20206694 branch send_lmp_request + +send_lmp_unit_key: +6561 20206694 branch send_lmp_request + +send_lmp_slot_offset: +6562 20748000 rtn master +6563 20404829 call calc_slot_offset +6564 18007e09 force 9 ,pdata +6565 2040667a call msg_send_lmp +6566 6fe4016f fetch 2 ,mem_slot_offset +6567 e7e40005 istore 2 ,contw +6568 6fe640a0 fetch 3 ,mem_lap +6569 e7e60005 istore 3 ,contw +656a 6fe240a3 fetch 1 ,mem_uap +656b e7e20005 istore 1 ,contw +656c 6fe440a4 fetch 2 ,mem_nap +656d e7e40005 istore 2 ,contw +656e c581e573 bmark0 mark_switch_initiated ,send_lmp_slot_offset_reply +656f 793f8003 set0 mark_switch_initiated ,mark +6570 20406694 call send_lmp_request +6571 70007c13 jam lmp_switch_req ,mem_lmo_opcode2 +6572 20600000 rtn + +send_lmp_slot_offset_reply: +6573 20406692 call send_lmp_reply +6574 70007c03 jam lmp_accepted ,mem_lmo_opcode2 +6575 70007d13 jam lmp_switch_req ,mem_lmi_opcode2 +6576 20600000 rtn + +send_lmp_switch_req: +6577 d8400200 arg 0x200 ,temp +6578 2034e57b branch switch_on_native ,master +6579 1d027e00 deposit clke_bt +657a 2020657c branch switch_slack + +switch_on_native: +657b 1c427e00 deposit clkn_bt + +switch_slack: +657c 1c227e00 deposit bt_clk +657d 9840fe00 iadd temp ,pdata +657e 1fe17ffc and_into 0x1fc ,pdata +657f 67e80034 store 4 ,mem_sniff_anchor +6580 18007e05 force 5 ,pdata +6581 2040667a call msg_send_lmp +6582 6fe80034 fetch 4 ,mem_sniff_anchor +6583 1fe37e00 rshift pdata ,pdata +6584 e7e80005 istore 4 ,contw +6585 20206694 branch send_lmp_request + +send_lmp_sniff_req: +6586 18007e0a force 10 ,pdata +6587 2040667a call msg_send_lmp +6588 d8c004d5 arg mem_sniff_payload ,contr +6589 eff20006 ifetch 9 ,contr +658a e7f20005 istore 9 ,contw +658b 20206694 branch send_lmp_request + +send_lmp_timing_accuracy_req: +658c 18007e03 force 3 ,pdata +658d 2040667a call msg_send_lmp +658e 58000114 setarg 0x0114 +658f e7e40005 istore 2 ,contw +6590 20206694 branch send_lmp_request + +send_lmp_unsniff_req: +6591 18007e01 force 1 ,pdata +6592 2040667a call msg_send_lmp +6593 20206694 branch send_lmp_request + +send_lmp_max_slot: +6594 18007e02 force 2 ,pdata +6595 2040667a call msg_send_lmp +6596 6fe240d0 fetch 1 ,mem_max_slot +6597 e7e20005 istore 1 ,contw +6598 20206694 branch send_lmp_request + +send_lmp_max_slot_req: +6599 18007e02 force 2 ,pdata +659a 2040667a call msg_send_lmp +659b 58000005 setarg 0x05 +659c e7e20005 istore 1 ,contw +659d 20206694 branch send_lmp_request + +send_lmp_inc_power: +659e 18007e02 force 2 ,pdata +659f 2040667a call msg_send_lmp +65a0 58000000 setarg 0x00 +65a1 e7e20005 istore 1 ,contw +65a2 20206694 branch send_lmp_request + +send_lmp_setup_complete_by_module: +65a3 70007c2e jam lmp_max_slot_req ,mem_lmo_opcode2 +65a4 20600000 rtn + +send_lmp_setup_complete: +65a5 6fe24092 fetch 1 ,mem_device_option +65a6 1fe67c0a sub pdata ,dvc_op_module ,null +65a7 2042e5a3 call send_lmp_setup_complete_by_module ,zero +65a8 6fe20030 fetch 1 ,mem_state +65a9 79207e04 set1 state_conn_comp ,pdata +65aa 67e20030 store 1 ,mem_state +65ab 1c427e00 copy clkn_bt ,pdata +65ac 67e804e5 store 4 ,mem_aurand_send_delay_time +65ad 6fe204cd fetch 1 ,mem_lmp_conn_state +65ae c281e5b6 bbit1 sent_setup_complete ,send_lmp_setup_complete_has_sent +65af 79207e03 set1 sent_setup_complete ,pdata +65b0 67e204cd store 1 ,mem_lmp_conn_state +65b1 700a9505 jam bt_evt_setup_complete ,mem_fifo_temp +65b2 20407bab call ui_ipc_send_event +65b3 18007e01 force 1 ,pdata +65b4 2040667a call msg_send_lmp +65b5 20206694 branch send_lmp_request + +send_lmp_setup_complete_has_sent: +65b6 70004800 jam 0 ,mem_lmp_to_send +65b7 20600000 rtn + +send_lmp_version_req: +65b8 18007e06 force 6 ,pdata +65b9 2040667a call msg_send_lmp +65ba 6fea44e2 fetch 5 ,mem_lmp_version +65bb e7ea0005 istore 5 ,contw +65bc 20206694 branch send_lmp_request + +send_lmp_features_req: +65bd 18007e09 force 9 ,pdata +65be 2040667a call msg_send_lmp +65bf 6ff04098 fetch 8 ,mem_features +65c0 e7f00005 istore 8 ,contw +65c1 20206694 branch send_lmp_request + +sp_master_send_io_cap_get: +65c2 7009ad01 jam sp_flag_commit ,mem_master_sp_flag +65c3 6fe24583 fetch 1 ,mem_sp_local_key_invalid +65c4 c1808000 rtnne sp_key_valid +65c5 7009ab13 jam sp_master_stat_start_done ,mem_master_sp_state +65c6 20600000 rtn + +sp_master_send_io_cap_send: +65c7 204066d1 call tid_initiate +65c8 70007c99 jam lmp_io_cap_req ,mem_lmo_opcode2 +65c9 7009ab03 jam sp_stat_key_send ,mem_master_sp_state +65ca 20600000 rtn + +sp_master_send_lmp_encapsulated_header: +65cb 204066d1 call tid_initiate +65cc 70007c3d jam lmp_encapsulated_header ,mem_lmo_opcode2 +65cd 7009ab07 jam sp_stat_random_send ,mem_master_sp_state +65ce 20600000 rtn + +sp_master_commitment_compare: +65cf da200a4a arg mem_sp_calc_result_high ,rega +65d0 da400a6a arg mem_sp_confirm_remote ,regb +65d1 df200010 arg 16 ,loopcnt +65d2 20407d63 call string_compare +65d3 2022e5d9 branch sp_master_commitment_compare_success ,zero +65d4 7009ab00 jam sp_stat_null ,mem_master_sp_state +65d5 2040758f call master_clear_mem_master_sp_flag +65d6 70007e24 jam pdu_not_allowed ,mem_lmo_reason2 +65d7 70007d40 jam lmp_simple_pairing_number ,mem_lmi_opcode2 +65d8 20206134 branch reject_lmp_packet + +sp_master_commitment_compare_success: +65d9 7009ab0a jam sp_stat_confirm_calc ,mem_master_sp_state +65da 2040758d call master_set_mem_master_sp_flag +65db 70007d40 jam lmp_simple_pairing_number ,mem_lmi_opcode2 +65dc 20206219 branch accept_lmp_msg + +sp_master_send_lmp_simple_pairing_number: +65dd 70007c40 jam lmp_simple_pairing_number ,mem_lmo_opcode2 +65de 20600000 rtn + +sp_send_lmp_encapsulated_header: +65df 70007c3d jam lmp_encapsulated_header ,mem_lmo_opcode2 +65e0 20600000 rtn + +send_lmp_encapsulated_header: +65e1 7009b200 jam 0 ,mem_sp_local_key_send_count +65e2 18007e04 force 4 ,pdata +65e3 2040667a call msg_send_lmp +65e4 18007e01 force encapsulated_major_type_p192 ,pdata +65e5 e7e20005 istore 1 ,contw +65e6 18007e01 force encapsulated_minor_type_p192 ,pdata +65e7 e7e20005 istore 1 ,contw +65e8 18007e30 force encapsulated_len_p192 ,pdata +65e9 e7e20005 istore 1 ,contw +65ea 204066de call check_localsm +65eb 2020e694 branch send_lmp_request ,true +65ec 20206692 branch send_lmp_reply + +send_lmp_encapsulated_payload: +65ed 18007e11 force 17 ,pdata +65ee 2040667a call msg_send_lmp +65ef 6fe209b2 fetch 1 ,mem_sp_local_key_send_count +65f0 d8c045fc arg mem_sp_pubkey_local ,contr +65f1 98c08c00 iadd contr ,contr +65f2 eff00006 ifetch 8 ,contr +65f3 e7f00005 istore 8 ,contw +65f4 eff00006 ifetch 8 ,contr +65f5 e7f00005 istore 8 ,contw +65f6 6fe209b2 fetch 1 ,mem_sp_local_key_send_count +65f7 1fe0fe10 increase 16 ,pdata +65f8 67e209b2 store 1 ,mem_sp_local_key_send_count +65f9 204066de call check_localsm +65fa 2020e694 branch send_lmp_request ,true +65fb 20206692 branch send_lmp_reply + +sp_send_lmp_simple_pairing_comfirm: +65fc 7009aa06 jam sp_stat_random_recv ,mem_sp_state +65fd 70007c3f jam lmp_simple_pairing_confirm ,mem_lmo_opcode2 +65fe 20600000 rtn + +send_lmp_simple_pairing_comfirm: +65ff 18007e11 force 17 ,pdata +6600 2040667a call msg_send_lmp +6601 d8c00a4a arg mem_sp_calc_result_high ,contr +6602 eff00006 ifetch 8 ,contr +6603 e7f00005 istore 8 ,contw +6604 eff00006 ifetch 8 ,contr +6605 e7f00005 istore 8 ,contw +6606 20206692 branch send_lmp_reply + +sp_send_lmp_simple_pairing_number: +6607 70007c40 jam lmp_simple_pairing_number ,mem_lmo_opcode2 +6608 20600000 rtn + +send_lmp_simple_pairing_number: +6609 204066de call check_localsm +660a 2040f4c7 call sp_local_random_key_generator ,true +660b 18007e11 force 17 ,pdata +660c 2040667a call msg_send_lmp +660d d8c00a1a arg mem_sp_random_local ,contr +660e eff00006 ifetch 8 ,contr +660f e7f00005 istore 8 ,contw +6610 eff00006 ifetch 8 ,contr +6611 e7f00005 istore 8 ,contw +6612 204066de call check_localsm +6613 2420e692 nbranch send_lmp_reply ,true +6614 2020e694 branch send_lmp_request ,true + +master_sp_sm_end: +6615 7009ab0f jam sp_stat_done ,mem_master_sp_state + +sp_aurand_send: +6616 204066d1 call tid_initiate +6617 70007c0b jam lmp_au_rand ,mem_lmo_opcode2 +6618 204066e9 call check_localsm_master +6619 2020f503 branch sp_master_key_prarm_push ,true +661a 2020750d branch sp_link_key_prarm_push + +master_sp_send_lmp_dhkey_check: +661b 204066cd call tid_reply + +sp_send_lmp_dhkey_check: +661c 70007c41 jam lmp_dhkey_check ,mem_lmo_opcode2 +661d 20600000 rtn + +send_lmp_dhkey_check: +661e 18007e11 force 17 ,pdata +661f 2040667a call msg_send_lmp +6620 d8c00a4a arg mem_sp_calc_result_high ,contr +6621 eff00006 ifetch 8 ,contr +6622 e7f00005 istore 8 ,contw +6623 eff00006 ifetch 8 ,contr +6624 e7f00005 istore 8 ,contw +6625 204066de call check_localsm +6626 2420e692 nbranch send_lmp_reply ,true +6627 2020e694 branch send_lmp_request ,true + +send_lmp_enc_key_size_mask_res: +6628 18007e03 force 3 ,pdata +6629 2040667a call msg_send_lmp +662a 5800fffe setarg 0xfffe +662b e7e40005 istore 2 ,contw +662c 20206692 branch send_lmp_reply + +send_lmp_auto_rate: +662d 20206694 branch send_lmp_request + +send_lmp_clkoffset_req: +662e 20206694 branch send_lmp_request + +send_lmp_quality_of_service: +662f 20206694 branch send_lmp_request + +send_lmp_test_activate: +6630 20206694 branch send_lmp_request + +send_lmp_comb_key: +6631 204066ed call generate_random_number +6632 da2040a0 arg mem_lap ,rega +6633 204066f3 call generate_linkkey +6634 18007e11 force 17 ,pdata +6635 2040667a call msg_send_lmp +6636 da20057e arg mem_kinit ,rega +6637 da40055e arg mem_random_number ,regb +6638 20407208 call xor16 +6639 2434e689 nbranch send_lmp_follow ,master +663a 2020668f branch send_lmp_tid + +send_lmp_inrand: +663b 204066ed call generate_random_number +663c da200040 arg mem_plap ,rega +663d 20407114 call generate_kinit + +send_lmp_rand: +663e 18007e11 force 17 ,pdata +663f 2040667a call msg_send_lmp +6640 d8c0055e arg mem_random_number ,contr +6641 20407c9a call memcpy16 +6642 6fe20055 fetch 1 ,mem_conn_sm +6643 c00ce694 beq conn_sm_auth_wait ,send_lmp_request +6644 c00c6694 beq conn_sm_pairing_wait ,send_lmp_request +6645 2020668f branch send_lmp_tid + +send_lmp_aurand: +6646 6fe209b1 fetch 1 ,mem_pairing_auth +6647 203a664c branch send_lmp_aurand_notpairing ,blank +6648 204066de call check_localsm +6649 2040e6d1 call tid_initiate ,true +664a 2440e6cd ncall tid_reply ,true +664b 2020664d branch send_lmp_aurand_common + +send_lmp_aurand_notpairing: +664c 204066d1 call tid_initiate + +send_lmp_aurand_common: +664d 204066ed call generate_random_number +664e 2020663e branch send_lmp_rand + +send_lmp_sres: +664f da2040a0 arg mem_lap ,rega +6650 20407147 call function_e1 +6651 18007e05 force 5 ,pdata +6652 2040667a call msg_send_lmp +6653 6fe8058e fetch 4 ,mem_input_store +6654 e7e80005 istore 4 ,contw +6655 d84004d1 arg mem_sres_tid ,temp +6656 204066c4 call special_tid_store +6657 2040723c call copy_aco +6658 204066de call check_localsm +6659 2020e65e branch send_lmp_sres_master ,true +665a 7004d401 jam done_encryp ,mem_wait_encryption +665b 6fe209b1 fetch 1 ,mem_pairing_auth +665c 207a0000 rtn blank +665d 70007c0b jam lmp_au_rand ,mem_lmo_opcode2 + +send_lmp_sres_master: +665e 6fe241be fetch 1 ,mem_link_key_exists +665f 207a0000 rtn blank + +send_lmp_sres_startenc: +6660 204066de call check_localsm +6661 2420e666 nbranch send_lmp_sres_startenc_slave ,true +6662 6fe204d3 fetch 1 ,mem_auth_enable +6663 207a0000 rtn blank +6664 70007c0f jam lmp_encryption_mode_req ,mem_lmo_opcode2 +6665 20600000 rtn + +send_lmp_sres_startenc_slave: +6666 c6908000 rtnmark0 mark_slave_in_rand_accepted +6667 793f8021 set0 mark_slave_in_rand_accepted ,mark +6668 70007c0f jam lmp_encryption_mode_req ,mem_lmo_opcode2 +6669 20600000 rtn + +send_lmp_start_encryption: +666a 204066ed call generate_random_number +666b 2040714a call function_e3 +666c 18007e11 force 17 ,pdata +666d 2040667a call msg_send_lmp +666e d8c0055e arg mem_random_number ,contr +666f 20407c9a call memcpy16 +6670 2020668f branch send_lmp_tid + +send_lmp_stop_encryption_req: +6671 18007e01 force 1 ,pdata +6672 2040667a call msg_send_lmp +6673 2020668f branch send_lmp_tid + +send_lmp_encryption_key_size_req: +6674 18007e02 force 2 ,pdata +6675 2040667a call msg_send_lmp +6676 18007e10 force 16 ,pdata +6677 e7e20005 istore 1 ,contw +6678 67e20054 store 1 ,mem_key_size +6679 2020668f branch send_lmp_tid + +msg_send_lmp: +667a 1fe9fe00 lshift3 pdata ,pdata +667b 1fe1fe07 or_into 0x07 ,pdata +667c 67e204b2 store 1 ,mem_lmo_header_length +667d df200011 arg 17 ,loopcnt +667e d8a004b4 arg mem_lmo_payload ,contw +667f 20407caf call clear_mem +6680 d8a004b4 arg mem_lmo_payload ,contw +6681 20600000 rtn + +send_lmpext: +6682 1fe1227f and pdata ,0x7f ,rega +6683 7000487f jam lmp_escape ,mem_lmp_to_send +6684 18e27e00 deposit queue +6685 2040667a call msg_send_lmp +6686 1a227e00 deposit rega +6687 e7e20005 istore 1 ,contw +6688 20600000 rtn + +send_lmp_follow: +6689 6fe20048 fetch 1 ,mem_lmp_to_send +668a 1fe3fe00 lshift pdata ,pdata +668b 6842004c fetcht 1 ,mem_state_map +668c 284ffe01 isolate1 smap_lmptid ,temp +668d 7920fe00 setflag true ,0 ,pdata +668e 20206699 branch send_lmp_exit + +send_lmp_tid: +668f 6842004c fetcht 1 ,mem_state_map +6690 18410401 and_into 1 ,temp +6691 20206695 branch send_lmp_end + +send_lmp_reply: +6692 18000400 force 0 ,temp +6693 20206695 branch send_lmp_end + +send_lmp_request: +6694 18000401 force 1 ,temp + +send_lmp_end: +6695 6fe20048 fetch 1 ,mem_lmp_to_send +6696 1fe3fe00 lshift pdata ,pdata +6697 7934fe00 setflag master ,0 ,pdata +6698 9842fe00 ixor temp ,pdata + +send_lmp_exit: +6699 67e204b3 store 1 ,mem_lmo_header_opcode +669a 70004800 jam 0 ,mem_lmp_to_send +669b 204066a9 call lmo_fifo_process_lmo0empty +669c 78347c00 enable user +669d 20600000 rtn + +lmo_fifo_check: +669e 6fe2007c fetch 1 ,mem_lmo_opcode2 +669f 207a0000 rtn blank +66a0 204066a3 call lmo_fifo_process +66a1 6fe2007c fetch 1 ,mem_lmo_opcode2 +66a2 20600000 rtn + +lmo_fifo_process: +66a3 47214028 bpatchx patch28_2 ,mem_patch28 +66a4 6fe20048 fetch 1 ,mem_lmp_to_send +66a5 203a66a9 branch lmo_fifo_process_lmo0empty ,blank +66a6 6fe20078 fetch 1 ,mem_lmo_opcode1 +66a7 247a0000 nrtn blank +66a8 202066b3 branch lmo_fifo_process_lmo2to1 + +lmo_fifo_process_lmo0empty: +66a9 6fe20078 fetch 1 ,mem_lmo_opcode1 +66aa 203a66b9 branch lmo_fifo_process_lmo1_empty ,blank +66ab 6fe60078 fetch 3 ,mem_lmo_opcode1 +66ac 67e60048 store 3 ,mem_lmp_to_send +66ad 6842007b fetcht 1 ,mem_lmo_tid1 +66ae 6fe2004c fetch 1 ,mem_state_map +66af 793ffe01 set0 smap_lmptid ,pdata +66b0 9841fe00 ior temp ,pdata +66b1 67e2004c store 1 ,mem_state_map +66b2 70007800 jam 0 ,mem_lmo_opcode1 + +lmo_fifo_process_lmo2to1: +66b3 6fe2007c fetch 1 ,mem_lmo_opcode2 +66b4 207a0000 rtn blank +66b5 6fe8007c fetch 4 ,mem_lmo_opcode2 +66b6 67e80078 store 4 ,mem_lmo_opcode1 +66b7 70007c00 jam 0 ,mem_lmo_opcode2 +66b8 20600000 rtn + +lmo_fifo_process_lmo1_empty: +66b9 6fe2007c fetch 1 ,mem_lmo_opcode2 +66ba 207a0000 rtn blank +66bb 6fe6007c fetch 3 ,mem_lmo_opcode2 +66bc 67e60048 store 3 ,mem_lmp_to_send +66bd 6842007f fetcht 1 ,mem_lmo_tid2 +66be 6fe2004c fetch 1 ,mem_state_map +66bf 793ffe01 set0 smap_lmptid ,pdata +66c0 9841fe00 ior temp ,pdata +66c1 67e2004c store 1 ,mem_state_map +66c2 70007c00 jam 0 ,mem_lmo_opcode2 +66c3 20600000 rtn + +special_tid_store: +66c4 4721c028 bpatchx patch28_3 ,mem_patch28 +66c5 6fe2004c fetch 1 ,mem_state_map +66c6 1fe22600 copy pdata ,regc +66c7 efe20002 ifetch 1 ,temp +66c8 20406233 call pop_tid_follow +66c9 20406689 call send_lmp_follow +66ca 1a627e00 copy regc ,pdata +66cb 67e2004c store 1 ,mem_state_map +66cc 20600000 rtn + +tid_reply: +66cd 6842004c fetcht 1 ,mem_state_map +66ce 793f8400 set0 smap_lmptidinit ,temp +66cf 6042004c storet 1 ,mem_state_map +66d0 20600000 rtn + +tid_initiate: +66d1 6842004c fetcht 1 ,mem_state_map +66d2 79200400 set1 smap_lmptidinit ,temp +66d3 6042004c storet 1 ,mem_state_map +66d4 20600000 rtn + +tid_check: +66d5 7d34fe01 nsetflag master ,smap_lmptid ,pdata +66d6 6842004c fetcht 1 ,mem_state_map +66d7 9842fe00 ixor temp ,pdata +66d8 2feffe01 isolate1 smap_lmptid ,pdata +66d9 20600000 rtn + +tid_set_reply: +66da 6fe2004c fetch 1 ,mem_state_map +66db 7934fe01 setflag master ,smap_lmptid ,pdata +66dc 67e2004c store 1 ,mem_state_map +66dd 20600000 rtn + +check_localsm: +66de 6fe209b0 fetch 1 ,mem_sp_localsm +66df 2fe0fe01 compare local_statemachine ,pdata ,0x7f +66e0 20600000 rtn + +setlocalsm_master: +66e1 6fe209b0 fetch 1 ,mem_sp_localsm +66e2 79207e07 set1 7 ,pdata +66e3 67e209b0 store 1 ,mem_sp_localsm +66e4 20600000 rtn + +setlocalsm_slave: +66e5 6fe209b0 fetch 1 ,mem_sp_localsm +66e6 793ffe07 set0 7 ,pdata +66e7 67e209b0 store 1 ,mem_sp_localsm +66e8 20600000 rtn + +check_localsm_master: +66e9 6fe209b0 fetch 1 ,mem_sp_localsm +66ea 2feffe07 isolate1 7 ,pdata +66eb 67e209b0 store 1 ,mem_sp_localsm +66ec 20600000 rtn + +generate_random_number: +66ed d8a0055e arg mem_random_number ,contw + +generate_random: +66ee 18007210 force 16 ,loopcnt + +generate_random_another: + +generate_random_loop: +66ef 180a7e00 random pdata +66f0 e7e20005 istore 1 ,contw +66f1 c20066ef loop generate_random_another +66f2 20600000 rtn + +generate_linkkey: +66f3 20407118 call function_e21 +66f4 da2041bf arg mem_link_key ,rega +66f5 da40058e arg mem_input_store ,regb +66f6 eff00011 ifetch 8 ,rega +66f7 68420030 fetcht 1 ,mem_state +66f8 7d3a0406 nsetflag blank ,state_combkey ,temp +66f9 60420030 storet 1 ,mem_state +66fa 1a220a00 copy rega ,contw +66fb 20407208 call xor16 +66fc 202041c0 branch generate_linkkey_continue + +process_conn_sm: +66fd 47224028 bpatchx patch28_4 ,mem_patch28 +66fe 2040669e call lmo_fifo_check +66ff 247a0000 nrtn blank + +process_conn_sm_continue: +6700 6fe20055 fetch 1 ,mem_conn_sm +6701 207a0000 rtn blank +6702 c0026751 beq conn_sm_send_conn_req ,host_create_conn_send_conn_req +6703 c002e756 beq conn_sm_wait_conn_accept ,host_create_conn_wait_accept +6704 c0016748 beq conn_sm_send_features ,host_create_conn_send_features +6705 c001e75e beq conn_sm_wait_features_res ,host_create_conn_waiting +6706 c007674b beq conn_sm_send_switch ,host_create_conn_send_switch +6707 c003677a beq conn_sm_auth_pair ,host_create_conn_auth_pair +6708 c003e792 beq conn_sm_auth_pair_wait ,host_create_conn_auth_pair_wait +6709 c004e793 beq conn_sm_encrypt ,host_create_conn_encrypt +670a c005679c beq conn_sm_encrypt_wait ,host_create_conn_encrypt_wait +670b c005e7a0 beq conn_sm_encrypt_wait_clear ,host_create_conn_encrypt_wait_clear +670c c0066768 beq conn_sm_send_setup_complete ,host_create_conn_send_setup_complete +670d c006e76b beq conn_sm_wait_setup_complete ,host_create_conn_wait_setup_complete +670e c007e771 beq conn_sm_detach_delay ,host_create_conn_master_detach +670f c009673b beq conn_sm_send_version ,host_create_conn_send_version +6710 c009e75e beq conn_sm_wait_version ,host_create_conn_waiting +6711 c008673e beq conn_sm_wait_switch_after_host_connection ,host_creat_conn_wait_switch +6712 c00a6738 beq conn_sm_send_features_ext ,host_creat_conn_send_feat_ext +6713 c00ae75e beq conn_sm_wait_features_ext ,host_create_conn_waiting +6714 c00b6732 beq conn_sm_pairing ,host_create_conn_pairing +6715 c00c6737 beq conn_sm_pairing_wait ,host_create_conn_pairing_wait +6716 c00be72b beq conn_sm_auth ,host_create_conn_auth +6717 c00ce731 beq conn_sm_auth_wait ,host_create_conn_auth_wait +6718 c00d671c beq conn_sm_done ,host_create_conn_done +6719 c00de726 beq conn_sm_wait_done ,host_create_conn_done_wait +671a 70005500 jam conn_sm_standby ,mem_conn_sm +671b 20600000 rtn + +host_create_conn_done: +671c 6fe204cd fetch 1 ,mem_lmp_conn_state +671d c4010000 rtnbit0 received_setup_complete +671e c4018000 rtnbit0 sent_setup_complete +671f 70005500 jam conn_sm_standby ,mem_conn_sm +6720 20406722 call host_conn_judge_encrypt +6721 20206bae branch scheduler_start_upper_sm + +host_conn_judge_encrypt: +6722 6fe2016b fetch 1 ,mem_connection_options +6723 c4008000 rtnbit0 connection_encrypt +6724 7000550a jam conn_sm_encrypt_wait ,mem_conn_sm +6725 20600000 rtn + +host_create_conn_done_wait: +6726 d8e00007 arg enpt_delay_timer ,queue +6727 20407cf1 call timer_check +6728 247a0000 nrtn blank +6729 7000551a jam conn_sm_done ,mem_conn_sm +672a 20600000 rtn + +host_create_conn_auth: +672b 6fe2016b fetch 1 ,mem_connection_options +672c 793ffe00 set0 connection_auth ,pdata +672d 67e2016b store 1 ,mem_connection_options +672e 70005519 jam conn_sm_auth_wait ,mem_conn_sm +672f 70007c0b jam lmp_au_rand ,mem_lmo_opcode2 +6730 20600000 rtn + +host_create_conn_auth_wait: +6731 20600000 rtn + +host_create_conn_pairing: +6732 6fe204d0 fetch 1 ,mem_pincode_state +6733 c1810000 rtnne pincode_state_pincode_ready +6734 204067a2 call host_auth +6735 70005518 jam conn_sm_pairing_wait ,mem_conn_sm +6736 20600000 rtn + +host_create_conn_pairing_wait: +6737 20600000 rtn + +host_creat_conn_send_feat_ext: +6738 70005515 jam conn_sm_wait_features_ext ,mem_conn_sm +6739 70007c83 jam lmp_ext_features_req ,mem_lmo_opcode2 +673a 20600000 rtn + +host_create_conn_send_version: +673b 70005513 jam conn_sm_wait_version ,mem_conn_sm +673c 70007c25 jam lmp_version_req ,mem_lmo_opcode2 +673d 20600000 rtn + +host_creat_conn_wait_switch: +673e 6fe2452d fetch 1 ,mem_switch_flag +673f c1000000 rtneq switch_flag_init +6740 c000e746 beq switch_flag_accept ,host_create_conn_switch_accept +6741 d8e00006 arg switch_wait_timer ,queue +6742 20407cf1 call timer_check +6743 247a0000 nrtn blank +6744 70452d00 jam switch_flag_init ,mem_switch_flag +6745 2020675f branch host_create_conn_switch + +host_create_conn_switch_accept: +6746 20748000 rtn master +6747 2020677a branch host_create_conn_auth_pair + +host_create_conn_send_features: +6748 70005503 jam conn_sm_wait_features_res ,mem_conn_sm +6749 70007c27 jam lmp_features_req ,mem_lmo_opcode2 +674a 20600000 rtn + +host_create_conn_send_switch: +674b 70007c13 jam lmp_switch_req ,mem_lmo_opcode2 +674c 79200003 set1 mark_switch_initiated ,mark +674d 70005505 jam conn_sm_wait_conn_accept ,mem_conn_sm +674e 580001ff setarg 0x1ff +674f 67e404ce store 2 ,mem_soft_timer +6750 20600000 rtn + +host_create_conn_send_conn_req: +6751 70005505 jam conn_sm_wait_conn_accept ,mem_conn_sm +6752 7004ceff jam 0xff ,mem_soft_timer +6753 793f8022 set0 mark_reconn_recieve_switch ,mark +6754 70007c33 jam lmp_host_connection_req ,mem_lmo_opcode2 +6755 202060e5 branch init_lmp_reinit + +host_create_conn_wait_accept: +6756 c6110000 rtnmark1 mark_reconn_recieve_switch +6757 6fe404ce fetch 2 ,mem_soft_timer +6758 1fe67e01 sub pdata ,1 ,pdata +6759 2022e75c branch host_create_conn_resend ,zero +675a 67e404ce store 2 ,mem_soft_timer +675b 20600000 rtn + +host_create_conn_resend: +675c 7000550e jam conn_sm_send_switch ,mem_conn_sm +675d 20600000 rtn + +host_create_conn_waiting: +675e 20600000 rtn + +host_create_conn_switch: +675f 6fe204cd fetch 1 ,mem_lmp_conn_state +6760 c4018000 rtnbit0 sent_setup_complete +6761 c4010000 rtnbit0 received_setup_complete +6762 6fe2016b fetch 1 ,mem_connection_options +6763 793ffe02 set0 connection_switch ,pdata +6764 67e2016b store 1 ,mem_connection_options +6765 70007c13 jam lmp_switch_req ,mem_lmo_opcode2 +6766 70005510 jam conn_sm_wait_switch_after_host_connection ,mem_conn_sm +6767 20600000 rtn + +host_create_conn_send_setup_complete: +6768 7000550d jam conn_sm_wait_setup_complete ,mem_conn_sm +6769 70007c31 jam lmp_setup_complete ,mem_lmo_opcode2 +676a 20600000 rtn + +host_create_conn_wait_setup_complete: +676b 6fe204cd fetch 1 ,mem_lmp_conn_state +676c c4010000 rtnbit0 received_setup_complete +676d 70005500 jam conn_sm_standby ,mem_conn_sm +676e 20600000 rtn + +host_create_conn_wait_setup_complete_rtn: +676f 70005506 jam conn_sm_auth_pair ,mem_conn_sm +6770 20600000 rtn + +host_create_conn_master_detach: +6771 6fe204ce fetch 1 ,mem_soft_timer +6772 1fe0ffff increase -1 ,pdata +6773 203a6776 branch host_create_conn_send_detach ,blank +6774 67e204ce store 1 ,mem_soft_timer +6775 20600000 rtn + +host_create_conn_send_detach: +6776 70007c07 jam lmp_detach ,mem_lmo_opcode2 +6777 7004c616 jam local_host ,mem_disconn_reason_send +6778 70005500 jam 0 ,mem_conn_sm +6779 20600000 rtn + +host_create_conn_auth_pair: +677a 6fe2016b fetch 1 ,mem_connection_options +677b c281675f bbit1 connection_switch ,host_create_conn_switch +677c c280677f bbit1 connection_auth ,host_create_conn_auth_pair_true + +host_create_conn_sm_done: +677d 7000551a jam conn_sm_done ,mem_conn_sm +677e 20600000 rtn + +host_create_conn_auth_pair_true: +677f 6fe241be fetch 1 ,mem_link_key_exists +6780 203a678b branch host_create_conn_auth_pair_nokey ,blank +6781 6fe204cd fetch 1 ,mem_lmp_conn_state +6782 c4018000 rtnbit0 sent_setup_complete +6783 c4010000 rtnbit0 received_setup_complete +6784 6fe804e5 fetch 4 ,mem_aurand_send_delay_time +6785 d8400064 arg 100 ,temp +6786 98408400 iadd temp ,temp +6787 1c427e00 copy clkn_bt ,pdata +6788 98467c00 isub temp ,null +6789 24610000 nrtn positive +678a 2020672b branch host_create_conn_auth + +host_create_conn_auth_pair_nokey: +678b 70005516 jam conn_sm_pairing ,mem_conn_sm +678c 70465704 jam 4 ,mem_pin_length +678d 58003030 setarg 0x3030 +678e 67e44658 store 2 ,mem_pin +678f e7e40005 istore 2 ,contw +6790 7004d002 jam pincode_state_pincode_ready ,mem_pincode_state +6791 20206732 branch host_create_conn_pairing + +host_create_conn_auth_pair_wait: +6792 20600000 rtn + +host_create_conn_encrypt: +6793 6fe2016b fetch 1 ,mem_connection_options +6794 c280e797 bbit1 connection_encrypt ,host_create_conn_encrypt_start +6795 7000551a jam conn_sm_done ,mem_conn_sm +6796 20600000 rtn + +host_create_conn_encrypt_start: +6797 6fe2016b fetch 1 ,mem_connection_options +6798 793ffe01 set0 connection_encrypt ,pdata +6799 67e2016b store 1 ,mem_connection_options +679a 70007c0f jam lmp_encryption_mode_req ,mem_lmo_opcode2 +679b 20600000 rtn + +host_create_conn_encrypt_wait: +679c 6fe204d4 fetch 1 ,mem_wait_encryption +679d 207a0000 rtn blank +679e 70005500 jam conn_sm_standby ,mem_conn_sm +679f 20206797 branch host_create_conn_encrypt_start + +host_create_conn_encrypt_wait_clear: +67a0 7000550c jam conn_sm_send_setup_complete ,mem_conn_sm +67a1 20600000 rtn + +host_auth: +67a2 6fe2004b fetch 1 ,mem_op +67a3 c28167a7 bbit1 op_inrand_req ,remote_auth +67a4 204066d1 call tid_initiate +67a5 70007c08 jam lmp_in_rand ,mem_lmo_opcode2 +67a6 202050ea branch cmd_exit + +remote_auth: +67a7 6fe2004b fetch 1 ,mem_op +67a8 793ffe02 set0 op_inrand_req ,pdata +67a9 67e2004b store 1 ,mem_op +67aa 204063e3 call lmp_accept_inrand +67ab 204066da call tid_set_reply +67ac 202050ea branch cmd_exit + +pincode_reinit: +67ad 58000004 setarg 4 +67ae 67e24657 store 1 ,mem_pin_length +67af 58003030 setarg 0x3030 +67b0 e7e40005 istore 2 ,contw +67b1 e7e40005 istore 2 ,contw +67b2 20600000 rtn + +soft_reset_chip: +67b3 70801001 hjam 1 ,core_reset +67b4 20600000 rtn + +uartd_prepare_tx: +67b5 47244029 bpatchx patch29_0 ,mem_patch29 +67b6 6fe44ff6 fetch 2 ,ipc_bt2m0_write_ptr +67b7 1fe21400 copy pdata ,contwu +67b8 20600000 rtn + +uartd_send: +67b9 4724c029 bpatchx patch29_1 ,mem_patch29 +67ba 19427e00 copy contwu ,pdata +67bb 67e44ff6 store 2 ,ipc_bt2m0_write_ptr + +wake_up_m0: +67bc 6fe28043 fetch 1 ,core_config +67bd c3838000 rtnbit1 7 +67be 79207e07 set1 7 ,pdata +67bf 67e28043 store 1 ,core_config +67c0 20600000 rtn + +uart_copy_tx_bytes_fast: +67c1 1f227e00 deposit loopcnt +67c2 207a0000 rtn blank + +uart_copy_tx_bytes_fast_loop: +67c3 1f20f3f8 increase -8 ,loopcnt +67c4 204167ce call uart_tx_8_bytes ,positive +67c5 20628000 rtn zero +67c6 202167c3 branch uart_copy_tx_bytes_fast_loop ,positive +67c7 1f20f208 increase 8 ,loopcnt + +uart_copy_tx_bytes_fast_loop_four: +67c8 1f20f3fc increase -4 ,loopcnt +67c9 204167d1 call uart_tx_4_bytes ,positive +67ca 20628000 rtn zero +67cb 202167c8 branch uart_copy_tx_bytes_fast_loop_four ,positive +67cc 1f20f204 increase 4 ,loopcnt +67cd 202067d4 branch uart_copy_tx_bytes + +uart_tx_8_bytes: +67ce eff00006 ifetch 8 ,contr +67cf e7f0000a istore 8 ,contwu +67d0 20600000 rtn + +uart_tx_4_bytes: +67d1 efe80006 ifetch 4 ,contr +67d2 e7e8000a istore 4 ,contwu +67d3 20600000 rtn + +uart_copy_tx_bytes: +67d4 1f227e00 deposit loopcnt +67d5 207a0000 rtn blank + +uart_copy_tx_bytes_loop: +67d6 efe20006 ifetch 1 ,contr +67d7 e7e2000a istore 1 ,contwu +67d8 c20067d6 loop uart_copy_tx_bytes_loop +67d9 20600000 rtn + +uart_copy_rx_bytes_fast: +67da 1f227e00 deposit loopcnt +67db 207a0000 rtn blank + +uart_copy_rx_bytes_fast_loop: +67dc 1f20f3f8 increase -8 ,loopcnt +67dd 204167e7 call uart_rx_8_bytes ,positive +67de 20628000 rtn zero +67df 202167dc branch uart_copy_rx_bytes_fast_loop ,positive +67e0 1f20f208 increase 8 ,loopcnt + +uart_copy_rx_bytes_fast_loop_four: +67e1 1f20f3fc increase -4 ,loopcnt +67e2 204167ea call uart_rx_4_bytes ,positive +67e3 20628000 rtn zero +67e4 202167e1 branch uart_copy_rx_bytes_fast_loop_four ,positive +67e5 1f20f204 increase 4 ,loopcnt +67e6 202067ed branch uart_copy_rx_bytes + +uart_rx_8_bytes: +67e7 eff00003 ifetch 8 ,contru +67e8 e7f00005 istore 8 ,contw +67e9 20600000 rtn + +uart_rx_4_bytes: +67ea efe80003 ifetch 4 ,contru +67eb e7e80005 istore 4 ,contw +67ec 20600000 rtn + +uart_copy_rx_bytes: +67ed 1f227e00 deposit loopcnt +67ee 207a0000 rtn blank + +uart_copy_rx_bytes_loop: +67ef efe20003 ifetch 1 ,contru +67f0 e7e20005 istore 1 ,contw +67f1 c20067ef loop uart_copy_rx_bytes_loop +67f2 20600000 rtn + +uartd_rxdone: +67f3 47254029 bpatchx patch29_2 ,mem_patch29 +67f4 18627e00 copy contru ,pdata +67f5 67e44ffc store 2 ,ipc_m02bt_read_ptr +67f6 20600000 rtn + +uartd_prepare_rx: +67f7 4725c029 bpatchx patch29_3 ,mem_patch29 +67f8 6fe44ffc fetch 2 ,ipc_m02bt_read_ptr +67f9 1fe20600 copy pdata ,contru +67fa 20600000 rtn + +app_store_nvram_event: +67fb 700a953d jam bt_evt_store_nvram ,mem_fifo_temp +67fc 20207bab branch ui_ipc_send_event + +eeprom_store_le_reconn_info: + +eeprom_store_bd_reconn_info: + +check_51cmd_store_reconn_info: + +check_51cmd_update_device_record: +67fd 47264029 bpatchx patch29_4 ,mem_patch29 +67fe 6fe24216 fetch 1 ,mem_nv_data_number +67ff 207a0000 rtn blank +6800 20406895 call check_nvram +6801 2042e89b call init_device_list ,zero +6802 20406830 call nvram_find_addr_from_bd_list + +write_device_record: +6803 6fe24216 fetch 1 ,mem_nv_data_number +6804 1fe22600 icopy regc +6805 68444214 fetcht 2 ,mem_nv_data_ptr +6806 6044018a storet 2 ,mem_list_item_ptr + +write_device_loop_find: +6807 1a627e00 copy regc ,pdata +6808 203a67fb branch app_store_nvram_event ,blank +6809 1a60a7ff increase -1 ,regc +680a 18422200 copy temp ,rega +680b efe20011 ifetch 1 ,rega +680c 68420182 fetcht 1 ,mem_select_list_item +680d 98467c00 isub temp ,null +680e 2042e817 call set_index_finded_device ,zero +680f 20216813 branch write_device_loop_find0 ,positive +6810 efe20011 ifetch 1 ,rega +6811 1fe0fe01 increase 1 ,pdata +6812 e7e20011 istore 1 ,rega + +write_device_loop_find0: +6813 6844018a fetcht 2 ,mem_list_item_ptr +6814 18408422 increase nv_data_len ,temp +6815 6044018a storet 2 ,mem_list_item_ptr +6816 20206807 branch write_device_loop_find + +set_index_finded_device: +6817 58000000 setarg 0 +6818 e7e20011 istore 1 ,rega +6819 6fe20183 fetch 1 ,mem_temp_reconn_record +681a e7e20005 istore 1 ,contw +681b c099e825 bne rec_3_mode ,set_index_finded_device_ble_mode +681c da4041bf arg mem_link_key ,regb + +set_index_find_device_master_addr: +681d efec0006 ifetch 6 ,contr +681e e7f00005 istore 8 ,contw +681f 58000000 setarg 0 +6820 e7f00005 istore 8 ,contw +6821 1a420c00 copy regb ,contr + +store_rec_data_common: +6822 20407c9a call memcpy16 +6823 18007c01 force 1 ,null +6824 20600000 rtn + +set_index_finded_device_ble_mode: +6825 c01b6829 beq rec_4_mode_random_resolvable_private_address ,set_index_finded_device_irk +6826 c01be82d beq rec_4_mode_random_non_resolvable_private_address ,set_index_finded_device_ediv +6827 da4043eb arg mem_le_ltk ,regb +6828 2020681d branch set_index_find_device_master_addr + +set_index_finded_device_irk: +6829 d8c044a7 arg mem_le_irk ,contr +682a 20407c9a call memcpy16 + +store_ble_rec_data_common: +682b d8c043eb arg mem_le_ltk ,contr +682c 20206822 branch store_rec_data_common + +set_index_finded_device_ediv: +682d d8c0449f arg mem_le_rand ,contr +682e 20407c9a call memcpy16 +682f 2020682b branch store_ble_rec_data_common + +nvram_find_addr_from_bd_list: +6830 20407dc1 call disable_user +6831 6fe24216 fetch 1 ,mem_nv_data_number +6832 207a0000 rtn blank +6833 6fe44652 fetch 2 ,mem_ui_state_map +6834 c2806846 bbit1 ui_state_bt_connected ,find_addr_from_bd_list_spp_mode + +find_addr_from_bd_list_ble_mode: +6835 4726c029 bpatchx patch29_5 ,mem_patch29 +6836 6fe24460 fetch 1 ,mem_le_conn_peer_addr_type +6837 c000683f beq master_public_addr ,find_addr_from_bd_list_static_addr +6838 6fe20450 fetch 1 ,mem_le_plap + 5 +6839 2fe180c0 compare 0xc0 ,pdata ,0xc0 +683a 2020e83f branch find_addr_from_bd_list_static_addr ,true +683b 2fe18040 compare 0x40 ,pdata ,0xc0 +683c 2020e844 branch find_addr_from_bd_list_random_addr ,true +683d 2fe18000 compare 0x00 ,pdata ,0xc0 +683e 2020e842 branch find_addr_from_bd_list_random_non_resolvable_private_address ,true + +find_addr_from_bd_list_static_addr: +683f 70018335 jam rec_4_mode_static_address ,mem_temp_reconn_record +6840 6fec044b fetch 6 ,mem_le_plap +6841 20206849 branch find_addr_from_bd_list_common + +find_addr_from_bd_list_random_non_resolvable_private_address: +6842 70018337 jam rec_4_mode_random_non_resolvable_private_address ,mem_temp_reconn_record +6843 20206849 branch find_addr_from_bd_list_common + +find_addr_from_bd_list_random_addr: +6844 70018336 jam rec_4_mode_random_resolvable_private_address ,mem_temp_reconn_record +6845 20206849 branch find_addr_from_bd_list_common + +find_addr_from_bd_list_spp_mode: +6846 47274029 bpatchx patch29_6 ,mem_patch29 +6847 70018333 jam rec_3_mode ,mem_temp_reconn_record +6848 6fec0040 fetch 6 ,mem_plap + +find_addr_from_bd_list_common: +6849 67ec0184 store 6 ,mem_temp_reconn_record + 1 +684a 6fe44214 fetch 2 ,mem_nv_data_ptr +684b e842003f ifetcht 1 ,pdata +684c 1fe0fe01 pincrease 1 +684d 67e4018a store 2 ,mem_list_item_ptr +684e 60420182 storet 1 ,mem_select_list_item +684f 6fe24216 fetch 1 ,mem_nv_data_number +6850 1fe22600 icopy regc + +nvram_find_addr_from_list: +6851 6fe4018a fetch 2 ,mem_list_item_ptr +6852 1fe22200 copy pdata ,rega +6853 20406861 call nvram_find_addr_from_list_compare +6854 20740000 rtn user +6855 6844018a fetcht 2 ,mem_list_item_ptr +6856 18408422 increase nv_data_len ,temp +6857 6044018a storet 2 ,mem_list_item_ptr +6858 184085ff increase -1 ,temp +6859 efe20002 ifetch 1 ,temp +685a 67e20182 store 1 ,mem_select_list_item +685b 1a60a7ff increase -1 ,regc +685c 2422e851 nbranch nvram_find_addr_from_list ,zero +685d 6fe24216 fetch 1 ,mem_nv_data_number +685e 1fe0ffff pincrease decreased_one +685f 67e20182 store 1 ,mem_select_list_item +6860 20600000 rtn + +nvram_find_addr_from_list_compare: +6861 6fe20183 fetch 1 ,mem_temp_reconn_record +6862 c099e868 bne rec_3_mode ,find_addr_from_list_compare_ble_mode + +find_master_addr_from_list_compare: +6863 da400183 arg mem_temp_reconn_record ,regb +6864 df200007 arg 7 ,loopcnt +6865 20407d63 call string_compare +6866 2022fdbf branch enable_user ,zero +6867 20600000 rtn + +find_addr_from_list_compare_ble_mode: +6868 c01b686b beq rec_4_mode_random_resolvable_private_address ,find_irk_form_list_compare +6869 c01be886 beq rec_4_mode_random_non_resolvable_private_address ,find_ediv_form_list_compare +686a 20206863 branch find_master_addr_from_list_compare + +find_irk_form_list_compare: +686b e8420011 ifetcht 1 ,rega +686c 98467c00 isub temp ,null +686d 24628000 nrtn zero +686e d8a00abe arg mem_le_prand ,contw +686f df200010 arg 16 ,loopcnt +6870 20407caf call clear_mem +6871 6fe6044e fetch 3 ,mem_le_plap + 3 +6872 67e60abe store 3 ,mem_le_prand +6873 2040687d call genernate_master_macaddress +6874 6fe40adb fetch 2 ,mem_le_aes_128 + 13 +6875 1ff0fe00 byteswap pdata ,pdata +6876 1fed0400 lshift8 pdata ,temp +6877 efe20006 ifetch 1 ,contr +6878 9840fe00 iadd temp ,pdata +6879 6846044b fetcht 3 ,mem_le_plap +687a 98467c00 isub temp ,null +687b 2022fdbf branch enable_user ,zero +687c 20600000 rtn + +genernate_master_macaddress: +687d d8c00abe arg mem_le_prand ,contr +687e 2040733b call load_data128 +687f efe20011 ifetch 1 ,rega +6880 20407338 call load_key128 +6881 18006c50 force aes_big_endian | aes_load ,aes_ctrl +6882 18006c00 force 0 ,aes_ctrl +6883 204072d1 call wait_aes +6884 d8a00ace arg mem_le_aes_128 ,contw +6885 2020734c branch store_aes_result + +find_ediv_form_list_compare: +6886 e8420011 ifetcht 1 ,rega +6887 98467c00 isub temp ,null +6888 24628000 nrtn zero +6889 18c22200 copy contr ,rega +688a 18c0a608 add contr ,8 ,regc +688b da40449f arg mem_le_rand ,regb +688c df200008 arg 8 ,loopcnt +688d 20407d63 call string_compare +688e 2022fdbf branch enable_user ,zero +688f 1a622200 copy regc ,rega +6890 da4044a7 arg mem_le_irk ,regb +6891 df200008 arg 8 ,loopcnt +6892 20407d63 call string_compare +6893 2022fdbf branch enable_user ,zero +6894 20600000 rtn + +check_nvram: +6895 6fe44214 fetch 2 ,mem_nv_data_ptr +6896 e842003f ifetcht 1 ,pdata +6897 1fe0fe22 pincrease nv_data_len +6898 efe2003f ifetch 1 ,pdata +6899 98467c00 isub temp ,null +689a 20600000 rtn + +init_device_list: +689b 6fe24216 fetch 1 ,mem_nv_data_number +689c 1fe27200 icopy loopcnt +689d 68444214 fetcht 2 ,mem_nv_data_ptr +689e 58000000 setarg 0 + +init_device_list_loop: +689f e7e20002 istore 1 ,temp +68a0 18408422 increase nv_data_len ,temp +68a1 1fe0fe01 pincrease 1 +68a2 c200689f loop init_device_list_loop +68a3 20600000 rtn + +load_device_list: +68a4 4727c029 bpatchx patch29_7 ,mem_patch29 +68a5 20406830 call nvram_find_addr_from_bd_list +68a6 6fe20030 fetch 1 ,mem_state +68a7 79347e06 setflag user ,state_combkey ,pdata +68a8 67e20030 store 1 ,mem_state +68a9 243468ae nbranch clear_key_exists ,user +68aa 1a208c0a add rega ,10 ,contr +68ab d8a041bf arg mem_link_key ,contw +68ac 20407c9a call memcpy16 +68ad 202068be branch check_link_key_load + +clear_key_exists: +68ae 7041be00 jam 0 ,mem_link_key_exists +68af 20600000 rtn + +load_device_list_mode_4: +68b0 6ff2449d fetch 9 ,mem_le_ediv +68b1 203a68bc branch clear_ltk_exists ,blank +68b2 20406830 call nvram_find_addr_from_bd_list +68b3 243468bc nbranch clear_ltk_exists ,user +68b4 6fe4018a fetch 2 ,mem_list_item_ptr +68b5 1fe08c01 add pdata ,1 ,contr +68b6 d8a044a7 arg mem_le_irk ,contw +68b7 20407c9a call memcpy16 +68b8 d8a043eb arg mem_le_ltk ,contw +68b9 20407c9a call memcpy16 +68ba 7043fb01 jam 1 ,mem_ltk_exists +68bb 20600000 rtn + +clear_ltk_exists: +68bc 7043fb00 jam 0 ,mem_ltk_exists +68bd 20600000 rtn + +check_link_key_load: +68be 6ff041bf fetch 8 ,mem_link_key +68bf 685041c7 fetcht 8 ,mem_link_key + 8 +68c0 9841fe00 ior temp ,pdata +68c1 207a0000 rtn blank +68c2 7041be01 jam 1 ,mem_link_key_exists +68c3 20600000 rtn + +rfcomm_init: +68c4 20758000 rtn wake +68c5 70453900 jam 0 ,mem_rfcomm_send_more_pkt +68c6 7004e903 jam bits9600 ,memremoterpnbitrate +68c7 7004ea03 jam databits8 ,memremoteprndatabits +68c8 7004ee11 jam 0x11 ,memremoteprnxon +68c9 7004ef13 jam 0x13 ,memremoteprnxoff +68ca 58000000 setarg 0 +68cb 67e604eb store 3 ,memremoteprnstopbit +68cc 67e24226 store 1 ,mem_spp_state +68cd 70465100 jam 0 ,memui_reconnect_mode + +rfcomm_init_spp: +68ce 4728402a bpatchx patch2a_0 ,mem_patch2a +68cf 58000000 setarg 0 +68d0 67e24226 store 1 ,mem_spp_state +68d1 67e24536 store 1 ,mem_remote_spp_channel +68d2 67e2452f store 1 ,mem_pn_dlci +68d3 6fe2453d fetch 1 ,mem_credit_flag +68d4 c000e8d7 beq credit_enable ,rfcomm_init_spp_with_credit +68d5 70453b50 jam 0x50 ,mem_credit_given +68d6 20600000 rtn + +rfcomm_init_spp_with_credit: +68d7 70453b00 jam 0x00 ,mem_credit_given +68d8 20600000 rtn + +set_cr_bit: +68d9 18418402 or_into 0x02 ,temp +68da 20600000 rtn + +rfcomm_calculate_fcs_sabm: +68db 18427e00 copy temp ,pdata +68dc 1fedfe00 reverse pdata ,pdata +68dd 67e24534 store 1 ,memfcstemp3 +68de 18007e3f force ini_tx_sabm ,pdata +68df 1fedfe00 reverse pdata ,pdata +68e0 67e24533 store 1 ,memfcstemp2 +68e1 18007e01 force 0x01 ,pdata +68e2 1fedfe00 reverse pdata ,pdata +68e3 67e24532 store 1 ,memfcstemp1 +68e4 20406911 call caculate_fcs +68e5 18427e00 copy temp ,pdata +68e6 20600000 rtn + +rfcomm_calculate_fcs_ua: +68e7 1fedfe00 reverse pdata ,pdata +68e8 67e24534 store 1 ,memfcstemp3 +68e9 18007e73 force rsp_tx_ua ,pdata +68ea 1fedfe00 reverse pdata ,pdata +68eb 67e24533 store 1 ,memfcstemp2 +68ec 18007e01 force 0x01 ,pdata +68ed 1fedfe00 reverse pdata ,pdata +68ee 67e24532 store 1 ,memfcstemp1 +68ef 20206911 branch caculate_fcs + +rfcomm_calculate_fcs_dlci0: +68f0 6fe24535 fetch 1 ,mem_rfcomm_initiator +68f1 203a68f4 branch rfcomm_calculate_fcs_dlci0_res ,blank +68f2 58000070 setarg 0x70 +68f3 20600000 rtn + +rfcomm_calculate_fcs_dlci0_res: +68f4 580000aa setarg 0xaa +68f5 20600000 rtn + +rfcomm_save_fcs_uih: +68f6 1fedfe00 reverse pdata ,pdata +68f7 67e24534 store 1 ,memfcstemp3 +68f8 18007eef force rsp_rx_uih ,pdata +68f9 20406905 call caculate_uihdata_fcs +68fa 684404f3 fetcht 2 ,mem_contw_temp +68fb 18420a00 copy temp ,contw +68fc e7e20005 istore 1 ,contw +68fd 18a20400 copy contw ,temp +68fe 604404f3 storet 2 ,mem_contw_temp +68ff 18007eff force rsp_rx_uih_wdata ,pdata +6900 20406905 call caculate_uihdata_fcs +6901 684404f3 fetcht 2 ,mem_contw_temp +6902 18420a00 copy temp ,contw +6903 e7e20005 istore 1 ,contw +6904 20600000 rtn + +caculate_uihdata_fcs: +6905 1fedfe00 reverse pdata ,pdata +6906 67e24533 store 1 ,memfcstemp2 +6907 6fe44533 fetch 2 ,memfcstemp2 +6908 1fed7e00 lshift8 pdata ,pdata +6909 67e604f0 store 3 ,mem_mod2div_temp +690a da200107 arg 0x107 ,rega +690b da40000f arg 0xf ,regb +690c 2040691e call mod2div +690d 1fe2fed7 xor_into 0xd7 ,pdata +690e 1fe47e00 invert pdata ,pdata +690f 1fedfe00 reverse pdata ,pdata +6910 20600000 rtn + +caculate_fcs: +6911 6fe64532 fetch 3 ,memfcstemp1 +6912 67e604f0 store 3 ,mem_mod2div_temp +6913 da200107 arg 0x107 ,rega +6914 da40000f arg 0xf ,regb +6915 2040691e call mod2div +6916 1fed7e00 lshift8 pdata ,pdata +6917 da400007 arg 0x7 ,regb +6918 2040691e call mod2div +6919 1fe2fe2b xor_into 0x2b ,pdata +691a 1fe47e00 invert pdata ,pdata +691b 1fedfe00 reverse pdata ,pdata +691c 1fe20400 copy pdata ,temp +691d 20600000 rtn + +mod2div: +691e da600000 arg 0 ,regc +691f 1a427200 copy regb ,loopcnt +6920 20407c4c call right_shift_n +6921 1fe20400 icopy temp + +mod2div_loop: +6922 18427e00 copy temp ,pdata +6923 1a63a600 lshift regc ,regc +6924 c3046927 bbit0 8 ,mod2div_not_enough_reduction +6925 9a228400 ixor rega ,temp +6926 1a60a601 increase 1 ,regc + +mod2div_not_enough_reduction: +6927 18438400 lshift temp ,temp +6928 6fe604f0 fetch 3 ,mem_mod2div_temp +6929 1a40a5ff increase -1 ,regb +692a 2a41feff compare 0xff ,regb ,0xff +692b 2020e931 branch mod2div_end ,true +692c 1a427200 copy regb ,loopcnt +692d 20407c4c call right_shift_n +692e 2feffe00 isolate1 0 ,pdata +692f 79208400 setflag true ,0 ,temp +6930 20206922 branch mod2div_loop + +mod2div_end: +6931 18437e00 rshift temp ,pdata +6932 20600000 rtn + +get_rfcomm_snd_adss: +6933 6842452f fetcht 1 ,mem_pn_dlci + +dlci_to_address_cmd: +6934 184b8400 lshift2 temp ,temp +6935 79200400 set1 rfcomm_address_ext_len ,temp +6936 6fe24535 fetch 1 ,mem_rfcomm_initiator +6937 245a68d9 ncall set_cr_bit ,blank +6938 60420509 storet 1 ,mem_rfcomm_send_adss +6939 20600000 rtn + +channel_to_dlci: +693a 18438400 lshift temp ,temp +693b 6fe24535 fetch 1 ,mem_rfcomm_initiator +693c 793a0400 setflag blank ,0 ,temp +693d 20600000 rtn + +rfcomm_rx_process_dlci0_sabm: +693e 684204f8 fetcht 1 ,mem_current_channel +693f 7004fad7 jam 0xd7 ,mem_current_fcs +6940 20406a77 call rfcomm_send_ua +6941 6fe24223 fetch 1 ,mem_rfcomm_state +6942 79207e06 set1 l2cap_channel_rfcomm_only_sabm ,pdata +6943 79207e07 set1 l2cap_channel_rfcomm_only_ua ,pdata +6944 67e24223 store 1 ,mem_rfcomm_state +6945 70453500 jam 0 ,mem_rfcomm_initiator +6946 20206a58 branch rfcomm_rx_process_end + +rfcomm_rx_process_dlci0_ua: +6947 6fe24223 fetch 1 ,mem_rfcomm_state +6948 79207e07 set1 l2cap_channel_rfcomm_only_ua ,pdata +6949 67e24223 store 1 ,mem_rfcomm_state +694a 20206a58 branch rfcomm_rx_process_end + +rfcomm_rx_process: +694b 4728c02a bpatchx patch2a_1 ,mem_patch2a +694c 6fe24651 fetch 1 ,memui_reconnect_mode +694d c000694f beq no_reconnection ,rfcomm_rx_process_remote_page +694e 20206a0d branch rfcomm_rx_process_reconn + +rfcomm_rx_process_remote_page: +694f 6fe40260 fetch 2 ,mem_l2cap_payload_ptr +6950 1fe20c00 copy pdata ,contr +6951 20406979 call get_rfcomm_head_struct +6952 6fe204f8 fetch 1 ,mem_current_channel +6953 c0006955 beq 0 ,parse_dlci0_rp +6954 202069d9 branch parse_uih_rp + +parse_dlci0_rp: +6955 4729402a bpatchx patch2a_2 ,mem_patch2a +6956 6fe204f9 fetch 1 ,mem_current_frame_type +6957 c01fe93e beq rfcomm_frame_type_sabm ,rfcomm_rx_process_dlci0_sabm +6958 c039e947 beq rfcomm_frame_type_ua ,rfcomm_rx_process_dlci0_ua +6959 c077e95c beq rfcomm_frame_type_uih ,parse_dlci0_rp_uih +695a c029ea05 beq rfcomm_frame_type_disconn ,parse_uih_rp_spp_disconn_send_event +695b 20600000 rtn + +parse_dlci0_rp_uih: +695c 6fe404fd fetch 2 ,mem_rfcomm_uih_payload_ptr +695d 1fe20c00 copy pdata ,contr +695e 20406984 call get_rfcomm_uih_head_struct +695f 6fe204ff fetch 1 ,mem_uih_cmd_type +6960 c020e966 beq uih_param_neg_cmd ,parse_dlci0_rp_uih_pn_cmd +6961 c020696e beq uih_param_neg_res ,parse_dlci0_rp_uih_pn_res +6962 c038e9a7 beq uih_modem_status_cmd ,parse_dlci0_rp_uih_ms_cmd +6963 c03869b3 beq uih_modem_status_res ,parse_dlci0_rp_uih_ms_res +6964 c024e9be beq uih_param_cmd_remove_port ,parse_dlci0_rp_uih_cmd_port +6965 20206a58 branch rfcomm_rx_process_end + +parse_dlci0_rp_uih_pn_cmd: +6966 20406970 call parse_dlci0_rp_uih_pn_res_common +6967 20206968 branch parse_dlci0_rp_uih_pn_cmd_spp + +parse_dlci0_rp_uih_pn_cmd_spp: +6968 6fe24226 fetch 1 ,mem_spp_state +6969 79207e00 set1 rfcomm_channel_state_pn_cmd ,pdata +696a 79207e01 set1 rfcomm_channel_state_pn_res ,pdata +696b 67e24226 store 1 ,mem_spp_state +696c 20406aa1 call rfcomm_send_param_neg_res +696d 20206a58 branch rfcomm_rx_process_end + +parse_dlci0_rp_uih_pn_res: +696e 20406970 call parse_dlci0_rp_uih_pn_res_common +696f 20206a58 branch rfcomm_rx_process_end + +parse_dlci0_rp_uih_pn_res_common: +6970 2040698c call get_param_payload_ptr +6971 20206998 branch get_rfcomm_prarmer_negotiation + +get_rfcomm_param_modem_status: +6972 2040698c call get_param_payload_ptr +6973 efe20006 ifetch 1 ,contr +6974 1fe97e00 rshift3 pdata ,pdata +6975 67e2453c store 1 ,mem_ms_channel +6976 efe20006 ifetch 1 ,contr +6977 67e20504 store 1 ,mem_ms_param +6978 20600000 rtn + +get_rfcomm_head_struct: +6979 efe20006 ifetch 1 ,contr +697a 67e204f7 store 1 ,mem_current_adss +697b 1fe97e00 rshift3 pdata ,pdata +697c 67e204f8 store 1 ,mem_current_channel +697d efe20006 ifetch 1 ,contr +697e 67e204f9 store 1 ,mem_current_frame_type + +get_rfcomm_current_length: +697f 2040698f call get_rfcomm_length_common +6980 604404fb storet 2 ,mem_current_length +6981 18c27e00 copy contr ,pdata +6982 67e404fd store 2 ,mem_rfcomm_uih_payload_ptr +6983 20600000 rtn + +get_rfcomm_uih_head_struct: +6984 efe20006 ifetch 1 ,contr +6985 1fe37e00 rshift pdata ,pdata +6986 67e204ff store 1 ,mem_uih_cmd_type +6987 2040698f call get_rfcomm_length_common +6988 60440500 storet 2 ,mem_uih_length +6989 18c27e00 copy contr ,pdata +698a 67e40502 store 2 ,mem_param_payload_ptr +698b 20600000 rtn + +get_param_payload_ptr: +698c 6fe40502 fetch 2 ,mem_param_payload_ptr +698d 1fe20c00 copy pdata ,contr +698e 20600000 rtn + +get_rfcomm_length_common: +698f efe20006 ifetch 1 ,contr +6990 1fe20400 copy pdata ,temp +6991 18430400 rshift temp ,temp +6992 c3800000 rtnbit1 0 +6993 efe20006 ifetch 1 ,contr +6994 1fe9fe00 lshift3 pdata ,pdata +6995 1ff27e00 lshift4 pdata ,pdata +6996 98408400 iadd temp ,temp +6997 20600000 rtn + +get_rfcomm_prarmer_negotiation: +6998 efe20006 ifetch 1 ,contr +6999 67e2452f store 1 ,mem_pn_dlci +699a efe20006 ifetch 1 ,contr +699b 67e20505 store 1 ,mem_pn_credit_flow_type_info +699c efe20006 ifetch 1 ,contr +699d 67e20506 store 1 ,mem_pn_priority +699e efe20006 ifetch 1 ,contr +699f 67e20507 store 1 ,mem_pn_acknowledg_timer +69a0 efe40006 ifetch 2 ,contr +69a1 67e44530 store 2 ,mem_pn_max_frame_size +69a2 efe20006 ifetch 1 ,contr +69a3 67e20508 store 1 ,mem_pn_max_retrans +69a4 efe20006 ifetch 1 ,contr +69a5 67e2453a store 1 ,mem_remote_credits +69a6 20600000 rtn + +parse_dlci0_rp_uih_ms_cmd: +69a7 20406972 call get_rfcomm_param_modem_status +69a8 202069a9 branch parse_dlci0_rp_uih_ms_cmd_spp + +parse_dlci0_rp_uih_ms_cmd_spp: +69a9 6fe24226 fetch 1 ,mem_spp_state +69aa 79207e05 set1 rfcomm_channel_state_rcv_ms_cmd ,pdata +69ab 79207e06 set1 rfcomm_channel_state_snd_ms_res ,pdata +69ac 67e24226 store 1 ,mem_spp_state +69ad 6842452f fetcht 1 ,mem_pn_dlci +69ae 184b8400 lshift2 temp ,temp +69af 18418403 or_into 3 ,temp +69b0 20406ad2 call rfcomm_send_modem_status_res +69b1 70453903 jam more_pkt_msc_cmd_spp ,mem_rfcomm_send_more_pkt +69b2 20206a58 branch rfcomm_rx_process_end + +parse_dlci0_rp_uih_ms_res: +69b3 700a9508 jam bt_evt_spp_connected ,mem_fifo_temp +69b4 20407bab call ui_ipc_send_event +69b5 20406972 call get_rfcomm_param_modem_status +69b6 6fe2453c fetch 1 ,mem_ms_channel +69b7 1fe67c01 sub pdata ,1 ,null +69b8 2022e9ba branch parse_dlci0_rp_uih_ms_res_spp ,zero +69b9 20204a8b branch assert + +parse_dlci0_rp_uih_ms_res_spp: +69ba 6fe24226 fetch 1 ,mem_spp_state +69bb 79207e07 set1 rfcomm_channel_state_rcv_ms_res ,pdata +69bc 67e24226 store 1 ,mem_spp_state +69bd 20206a58 branch rfcomm_rx_process_end + +parse_dlci0_rp_uih_cmd_port: +69be 2040698c call get_param_payload_ptr +69bf efe20006 ifetch 1 ,contr +69c0 67e20abe store 1 ,mem_rpn_dlci +69c1 204056ac call l2cap_malloc_rfcomm_channel +69c2 204056ba call l2cap_get_rfcomm_tx_buff +69c3 5800000e setarg 0x000e +69c4 e7e40005 istore 2 ,contw +69c5 6fe4421c fetch 2 ,mem_rfcomm_remote_cid +69c6 e7e40005 istore 2 ,contw +69c7 6fe24535 fetch 1 ,mem_rfcomm_initiator +69c8 1fe3fe00 lshift pdata ,pdata +69c9 79207e00 set1 0 ,pdata +69ca e7e20005 istore 1 ,contw +69cb 4729c02a bpatchx patch2a_3 ,mem_patch2a +69cc 580015ef setarg 0x15ef +69cd e7e40005 istore 2 ,contw +69ce 58001191 setarg 0x1191 +69cf e7e40005 istore 2 ,contw +69d0 6fe20abe fetch 1 ,mem_rpn_dlci +69d1 e7e20005 istore 1 ,contw +69d2 58000007 setarg 0x000007 +69d3 e7ea0005 istore 5 ,contw +69d4 58000001 setarg 0x01 +69d5 e7e40005 istore 2 ,contw +69d6 204068f0 call rfcomm_calculate_fcs_dlci0 +69d7 e7e20005 istore 1 ,contw +69d8 20600000 rtn + +parse_uih_rp: +69d9 202069da branch parse_uih_rp_spp + +parse_uih_rp_spp: +69da 472a402a bpatchx patch2a_4 ,mem_patch2a +69db 6fe204f9 fetch 1 ,mem_current_frame_type +69dc c039e9e2 beq rfcomm_frame_type_ua ,parse_uih_rp_spp_ua +69dd c01fe9e6 beq rfcomm_frame_type_sabm ,parse_uih_rp_spp_sabm +69de c077ea00 beq rfcomm_frame_type_uih ,parse_uih_spp_uih +69df c07fe9f8 beq rfcomm_frame_type_uih_credits ,parse_uih_spp_uih_credits +69e0 c029ea07 beq rfcomm_frame_type_disconn ,parse_uih_rp_spp_disconn +69e1 20600000 rtn + +parse_uih_rp_spp_ua: +69e2 6fe24226 fetch 1 ,mem_spp_state +69e3 79207e03 set1 rfcomm_channel_state_ua ,pdata +69e4 67e24226 store 1 ,mem_spp_state +69e5 20206a58 branch rfcomm_rx_process_end + +parse_uih_rp_spp_sabm: +69e6 6fe24226 fetch 1 ,mem_spp_state +69e7 79207e03 set1 rfcomm_channel_state_ua ,pdata +69e8 79207e02 set1 rfcomm_channel_state_sabm ,pdata +69e9 67e24226 store 1 ,mem_spp_state +69ea 6fe204f7 fetch 1 ,mem_current_adss +69eb 204068e7 call rfcomm_calculate_fcs_ua +69ec 67e204fa store 1 ,mem_current_fcs +69ed 20406a77 call rfcomm_send_ua +69ee 6fe204f7 fetch 1 ,mem_current_adss +69ef 1feb7e00 rshift2 pdata ,pdata +69f0 67e2452f store 1 ,mem_pn_dlci +69f1 1febfe00 lshift2 pdata ,pdata +69f2 793ffe01 set0 rfcomm_address_cr ,pdata +69f3 79207e00 set1 rfcomm_address_ext_len ,pdata +69f4 d8404537 arg mem_hiufcs_spp ,temp +69f5 604404f3 storet 2 ,mem_contw_temp +69f6 204068f6 call rfcomm_save_fcs_uih +69f7 20206a58 branch rfcomm_rx_process_end + +parse_uih_spp_uih_credits: +69f8 6fe404fd fetch 2 ,mem_rfcomm_uih_payload_ptr +69f9 1fe20c00 copy pdata ,contr +69fa 1fe0fe01 increase 1 ,pdata +69fb 67e404fd store 2 ,mem_rfcomm_uih_payload_ptr +69fc efe20006 ifetch 1 ,contr +69fd 6842453a fetcht 1 ,mem_remote_credits +69fe 9840fe00 iadd temp ,pdata +69ff 67e2453a store 1 ,mem_remote_credits + +parse_uih_spp_uih: +6a00 20406b01 call rfcomm_increase_credit_given + +parse_uih_spp_uih_cont: +6a01 20406933 call get_rfcomm_snd_adss +6a02 20406ae9 call rfcomm_send_uih_without_payload +6a03 20406b0a call spp_process_rx_data +6a04 20206a58 branch rfcomm_rx_process_end + +parse_uih_rp_spp_disconn_send_event: +6a05 700a9509 jam bt_evt_spp_disconnected ,mem_fifo_temp +6a06 20407bab call ui_ipc_send_event + +parse_uih_rp_spp_disconn: +6a07 204068ce call rfcomm_init_spp +6a08 6fe204f7 fetch 1 ,mem_current_adss +6a09 204068e7 call rfcomm_calculate_fcs_ua +6a0a 67e204fa store 1 ,mem_current_fcs +6a0b 20406a77 call rfcomm_send_ua +6a0c 20206a58 branch rfcomm_rx_process_end + +rfcomm_rx_process_reconn: +6a0d 6fe40260 fetch 2 ,mem_l2cap_payload_ptr +6a0e 1fe20c00 copy pdata ,contr +6a0f 20406979 call get_rfcomm_head_struct +6a10 6fe204f8 fetch 1 ,mem_current_channel +6a11 c0006a13 beq 0 ,parse_dlci0_reconn +6a12 20206a47 branch parse_uih_reconn + +parse_dlci0_reconn: +6a13 472ac02a bpatchx patch2a_5 ,mem_patch2a +6a14 6fe204f9 fetch 1 ,mem_current_frame_type +6a15 c01fe93e beq rfcomm_frame_type_sabm ,rfcomm_rx_process_dlci0_sabm +6a16 c039e947 beq rfcomm_frame_type_ua ,rfcomm_rx_process_dlci0_ua +6a17 c077ea19 beq rfcomm_frame_type_uih ,parse_dlci0_reconn_uih +6a18 20206a58 branch rfcomm_rx_process_end + +parse_dlci0_reconn_uih: +6a19 6fe404fd fetch 2 ,mem_rfcomm_uih_payload_ptr +6a1a 1fe20c00 copy pdata ,contr +6a1b 20406984 call get_rfcomm_uih_head_struct +6a1c 6fe204ff fetch 1 ,mem_uih_cmd_type +6a1d c020ea22 beq uih_param_neg_cmd ,parse_dlci0_reconn_uih_pn_cmd +6a1e c0206a22 beq uih_param_neg_res ,parse_dlci0_reconn_uih_pn_cmd +6a1f c038ea2d beq uih_modem_status_cmd ,parse_dlci0_reconn_uih_ms_cmd +6a20 c0386a3d beq uih_modem_status_res ,parse_dlci0_reconn_uih_ms_res +6a21 20206a58 branch rfcomm_rx_process_end + +parse_dlci0_reconn_uih_pn_cmd: +6a22 20406970 call parse_dlci0_rp_uih_pn_res_common +6a23 6fe2452f fetch 1 ,mem_pn_dlci +6a24 1fe37e00 rshift pdata ,pdata +6a25 68424536 fetcht 1 ,mem_remote_spp_channel +6a26 98467c00 isub temp ,null +6a27 2022ea29 branch parse_dlci0_reconn_uih_pn_cmd_spp ,zero +6a28 20204a8b branch assert + +parse_dlci0_reconn_uih_pn_cmd_spp: +6a29 6fe24226 fetch 1 ,mem_spp_state +6a2a 79207e01 set1 rfcomm_channel_state_pn_res ,pdata +6a2b 67e24226 store 1 ,mem_spp_state +6a2c 20206a58 branch rfcomm_rx_process_end + +parse_dlci0_reconn_uih_ms_cmd: +6a2d 20406972 call get_rfcomm_param_modem_status +6a2e 6fe2453c fetch 1 ,mem_ms_channel +6a2f 68424536 fetcht 1 ,mem_remote_spp_channel +6a30 98467c00 isub temp ,null +6a31 2022ea34 branch parse_dlci0_reconn_uih_ms_cmd_spp ,zero +6a32 20204a8b branch assert +6a33 20206a58 branch rfcomm_rx_process_end + +parse_dlci0_reconn_uih_ms_cmd_spp: +6a34 6fe24226 fetch 1 ,mem_spp_state +6a35 79207e05 set1 rfcomm_channel_state_rcv_ms_cmd ,pdata +6a36 79207e06 set1 rfcomm_channel_state_snd_ms_res ,pdata +6a37 67e24226 store 1 ,mem_spp_state +6a38 6842452f fetcht 1 ,mem_pn_dlci +6a39 184b8400 lshift2 temp ,temp +6a3a 18418403 or_into 3 ,temp +6a3b 20406ad2 call rfcomm_send_modem_status_res +6a3c 20206a58 branch rfcomm_rx_process_end + +parse_dlci0_reconn_uih_ms_res: +6a3d 20406972 call get_rfcomm_param_modem_status +6a3e 6fe2453c fetch 1 ,mem_ms_channel +6a3f 68424536 fetcht 1 ,mem_remote_spp_channel +6a40 98467c00 isub temp ,null +6a41 2022ea43 branch parse_dlci0_reconn_uih_ms_res_spp ,zero +6a42 20204a8b branch assert + +parse_dlci0_reconn_uih_ms_res_spp: +6a43 6fe24226 fetch 1 ,mem_spp_state +6a44 79207e07 set1 rfcomm_channel_state_rcv_ms_res ,pdata +6a45 67e24226 store 1 ,mem_spp_state +6a46 20206a58 branch rfcomm_rx_process_end + +parse_uih_reconn: +6a47 6fe204f8 fetch 1 ,mem_current_channel +6a48 68424536 fetcht 1 ,mem_remote_spp_channel +6a49 98467c00 isub temp ,null +6a4a 2022ea4d branch parse_uih_reconn_spp ,zero +6a4b 20204a8b branch assert +6a4c 20206a58 branch rfcomm_rx_process_end + +parse_uih_reconn_spp: +6a4d 6fe204f9 fetch 1 ,mem_current_frame_type +6a4e c039ea52 beq rfcomm_frame_type_ua ,parse_uih_reconn_spp_ua +6a4f c077ea00 beq rfcomm_frame_type_uih ,parse_uih_spp_uih +6a50 c07fe9f8 beq rfcomm_frame_type_uih_credits ,parse_uih_spp_uih_credits +6a51 c029ea57 beq rfcomm_frame_type_disconn ,parse_uih_reconn_spp_disconn + +parse_uih_reconn_spp_ua: +6a52 6fe24226 fetch 1 ,mem_spp_state +6a53 79207e03 set1 rfcomm_channel_state_ua ,pdata +6a54 67e24226 store 1 ,mem_spp_state +6a55 20206a58 branch rfcomm_rx_process_end + +parse_uih_reconn_spp_sabm: +6a56 20206a56 branch parse_uih_reconn_spp_sabm + +parse_uih_reconn_spp_disconn: +6a57 20206a07 branch parse_uih_rp_spp_disconn + +rfcomm_rx_process_end: +6a58 20600000 rtn + +rfcomm_send_more_pkt: +6a59 6fe24539 fetch 1 ,mem_rfcomm_send_more_pkt +6a5a 207a0000 rtn blank +6a5b c001ea5d beq more_pkt_msc_cmd_spp ,rfcomm_send_more_pkt_msc_cmd_spp +6a5c 20204a8b branch assert + +rfcomm_send_more_pkt_msc_cmd_spp: +6a5d 70453900 jam 0 ,mem_rfcomm_send_more_pkt +6a5e 204056ac call l2cap_malloc_rfcomm_channel +6a5f d8400001 arg spp_slave_channel ,temp +6a60 6842452f fetcht 1 ,mem_pn_dlci +6a61 184b8400 lshift2 temp ,temp + +rfcomm_send_more_pkt_msc_cmd_spp0: +6a62 18418403 or_into 0x03 ,temp +6a63 da2000aa arg 0xaa ,rega +6a64 20406abd call rfcomm_send_modem_status_cmd +6a65 204056ba call l2cap_get_rfcomm_tx_buff +6a66 18a20c00 copy contw ,contr +6a67 efe40006 ifetch 2 ,contr +6a68 203a4a8b branch assert ,blank +6a69 20600000 rtn + +rfcomm_send_sabm: +6a6a 204056ba call l2cap_get_rfcomm_tx_buff +6a6b 58000004 setarg 0x0004 +6a6c e7e40005 istore 2 ,contw +6a6d 6fe4421c fetch 2 ,mem_rfcomm_remote_cid +6a6e e7e40005 istore 2 ,contw +6a6f 6fe204f7 fetch 1 ,mem_current_adss +6a70 e7e20005 istore 1 ,contw +6a71 472b402a bpatchx patch2a_6 ,mem_patch2a +6a72 5800013f setarg 0x013f +6a73 e7e40005 istore 2 ,contw +6a74 6fe204fa fetch 1 ,mem_current_fcs +6a75 e7e20005 istore 1 ,contw +6a76 20600000 rtn + +rfcomm_send_ua: +6a77 204056ac call l2cap_malloc_rfcomm_channel +6a78 204056ba call l2cap_get_rfcomm_tx_buff +6a79 58000004 setarg 0x0004 +6a7a e7e40005 istore 2 ,contw +6a7b 6fe4421c fetch 2 ,mem_rfcomm_remote_cid +6a7c e7e40005 istore 2 ,contw +6a7d 6fe204f7 fetch 1 ,mem_current_adss +6a7e e7e20005 istore 1 ,contw +6a7f 472bc02a bpatchx patch2a_7 ,mem_patch2a +6a80 58000173 setarg 0x0173 +6a81 e7e40005 istore 2 ,contw +6a82 6fe204fa fetch 1 ,mem_current_fcs +6a83 e7e20005 istore 1 ,contw +6a84 20600000 rtn + +rfcomm_send_param_neg_cmd: +6a85 204056ba call l2cap_get_rfcomm_tx_buff +6a86 5800000e setarg 0x000e +6a87 e7e40005 istore 2 ,contw +6a88 6fe4421c fetch 2 ,mem_rfcomm_remote_cid +6a89 e7e40005 istore 2 ,contw +6a8a 6fe24535 fetch 1 ,mem_rfcomm_initiator +6a8b 1fe3fe00 lshift pdata ,pdata +6a8c 79207e00 set1 0 ,pdata +6a8d e7e20005 istore 1 ,contw +6a8e 472c402b bpatchx patch2b_0 ,mem_patch2b +6a8f 580015ef setarg 0x15ef +6a90 e7e40005 istore 2 ,contw +6a91 58001183 setarg 0x1183 +6a92 e7e40005 istore 2 ,contw +6a93 18427e00 copy temp ,pdata +6a94 e7e20005 istore 1 ,contw +6a95 580000f0 setarg 0x0000f0 +6a96 e7e60005 istore 3 ,contw +6a97 5800007f setarg rfcomm_max_frame_size +6a98 e7e40005 istore 2 ,contw +6a99 58000000 setarg 0 +6a9a e7e20005 istore 1 ,contw +6a9b 58000001 setarg 0x01 +6a9c e7e20005 istore 1 ,contw +6a9d 204068f0 call rfcomm_calculate_fcs_dlci0 +6a9e e7e20005 istore 1 ,contw +6a9f 70453b10 jam 0x10 ,mem_credit_given +6aa0 20600000 rtn + +rfcomm_send_param_neg_res: +6aa1 204056ac call l2cap_malloc_rfcomm_channel +6aa2 204056ba call l2cap_get_rfcomm_tx_buff +6aa3 5800000e setarg 0x000e +6aa4 e7e40005 istore 2 ,contw +6aa5 6fe4421c fetch 2 ,mem_rfcomm_remote_cid +6aa6 e7e40005 istore 2 ,contw +6aa7 6fe24535 fetch 1 ,mem_rfcomm_initiator +6aa8 1fe3fe00 lshift pdata ,pdata +6aa9 79207e00 set1 0 ,pdata +6aaa e7e20005 istore 1 ,contw +6aab 472cc02b bpatchx patch2b_1 ,mem_patch2b +6aac 580015ef setarg 0x15ef +6aad e7e40005 istore 2 ,contw +6aae 58001181 setarg 0x1181 +6aaf e7e40005 istore 2 ,contw +6ab0 6fe2452f fetch 1 ,mem_pn_dlci +6ab1 e7e20005 istore 1 ,contw +6ab2 580000e0 setarg 0x0000e0 +6ab3 e7e60005 istore 3 ,contw +6ab4 6fe4453e fetch 2 ,mem_rfcomm_max_frame_size +6ab5 e7e40005 istore 2 ,contw +6ab6 58000000 setarg 0x00 +6ab7 e7e20005 istore 1 ,contw +6ab8 6fe24540 fetch 1 ,mem_rfcomm_credit_init_data +6ab9 e7e20005 istore 1 ,contw +6aba 204068f0 call rfcomm_calculate_fcs_dlci0 +6abb e7e20005 istore 1 ,contw +6abc 20600000 rtn + +rfcomm_send_modem_status_cmd: +6abd 204056ba call l2cap_get_rfcomm_tx_buff +6abe 58000008 setarg 0x0008 +6abf e7e40005 istore 2 ,contw +6ac0 6fe4421c fetch 2 ,mem_rfcomm_remote_cid +6ac1 e7e40005 istore 2 ,contw +6ac2 6fe24535 fetch 1 ,mem_rfcomm_initiator +6ac3 1fe3fe00 lshift pdata ,pdata +6ac4 79207e00 set1 0 ,pdata +6ac5 e7e20005 istore 1 ,contw +6ac6 472d402b bpatchx patch2b_2 ,mem_patch2b +6ac7 580009ef setarg 0x09ef +6ac8 e7e40005 istore 2 ,contw +6ac9 580005e3 setarg 0x05e3 +6aca e7e40005 istore 2 ,contw +6acb 18427e00 copy temp ,pdata +6acc e7e20005 istore 1 ,contw +6acd 5800008d setarg 0x8d +6ace e7e20005 istore 1 ,contw +6acf 204068f0 call rfcomm_calculate_fcs_dlci0 +6ad0 e7e20005 istore 1 ,contw +6ad1 20600000 rtn + +rfcomm_send_modem_status_res: +6ad2 204056ac call l2cap_malloc_rfcomm_channel +6ad3 204056ba call l2cap_get_rfcomm_tx_buff +6ad4 58000008 setarg 0x0008 +6ad5 e7e40005 istore 2 ,contw +6ad6 6fe4421c fetch 2 ,mem_rfcomm_remote_cid +6ad7 e7e40005 istore 2 ,contw +6ad8 18421600 copy temp ,timeup +6ad9 6fe24535 fetch 1 ,mem_rfcomm_initiator +6ada 1fe3fe00 lshift pdata ,pdata +6adb 79207e00 set1 0 ,pdata +6adc e7e20005 istore 1 ,contw +6add 472dc02b bpatchx patch2b_3 ,mem_patch2b +6ade 580009ef setarg 0x09ef +6adf e7e40005 istore 2 ,contw +6ae0 580005e1 setarg 0x05e1 +6ae1 e7e40005 istore 2 ,contw +6ae2 19627e00 copy timeup ,pdata +6ae3 e7e20005 istore 1 ,contw +6ae4 5800008d setarg 0x8d +6ae5 e7e20005 istore 1 ,contw +6ae6 204068f0 call rfcomm_calculate_fcs_dlci0 +6ae7 e7e20005 istore 1 ,contw +6ae8 20600000 rtn + +rfcomm_send_uih_without_payload: +6ae9 472e402b bpatchx patch2b_4 ,mem_patch2b +6aea 6fe2453b fetch 1 ,mem_credit_given +6aeb 207a0000 rtn blank +6aec 1a227e00 copy rega ,pdata +6aed 67e20a97 store 1 ,mem_pdatatemp + 1 +6aee 60420a96 storet 1 ,mem_pdatatemp +6aef 20405648 call l2cap_malloc_is_fifo_full +6af0 247a0000 nrtn blank +6af1 204056ac call l2cap_malloc_rfcomm_channel +6af2 204056ba call l2cap_get_rfcomm_tx_buff +6af3 58000005 setarg 0x05 +6af4 e7e40005 istore 2 ,contw +6af5 6fe4421c fetch 2 ,mem_rfcomm_remote_cid +6af6 e7e40005 istore 2 ,contw +6af7 6fe20509 fetch 1 ,mem_rfcomm_send_adss +6af8 e7e20005 istore 1 ,contw +6af9 580001ff setarg 0x01ff +6afa e7e40005 istore 2 ,contw +6afb 6fe2453b fetch 1 ,mem_credit_given +6afc e7e20005 istore 1 ,contw +6afd 6fe24538 fetch 1 ,mem_hiufcs_spp_wcredits +6afe e7e20005 istore 1 ,contw +6aff 70453b00 jam 0 ,mem_credit_given +6b00 20600000 rtn + +rfcomm_increase_credit_given: +6b01 472ec02b bpatchx patch2b_5 ,mem_patch2b +6b02 6fe2453d fetch 1 ,mem_credit_flag +6b03 c1008000 rtneq credit_enable +6b04 6fe404fb fetch 2 ,mem_current_length +6b05 207a0000 rtn blank +6b06 6fe2453b fetch 1 ,mem_credit_given +6b07 1fe0fe01 increase 1 ,pdata +6b08 67e2453b store 1 ,mem_credit_given +6b09 20600000 rtn + +spp_process_rx_data: +6b0a 6fe44541 fetch 2 ,mem_cb_receive_spp_data +6b0b 20207d77 branch callback_func + +spp_tx_rfcomm_packet: +6b0c 472f402b bpatchx patch2b_6 ,mem_patch2b +6b0d 6fe2453a fetch 1 ,mem_remote_credits +6b0e 207a0000 rtn blank +6b0f 1fe0ffff increase -1 ,pdata +6b10 67e2453a store 1 ,mem_remote_credits +6b11 6fe44530 fetch 2 ,mem_pn_max_frame_size +6b12 6844466a fetcht 2 ,mem_current_packet_length +6b13 98467c00 isub temp ,null +6b14 20216b16 branch ssp_tx_rfcomm_from_uart ,positive +6b15 67e4466a store 2 ,mem_current_packet_length + +ssp_tx_rfcomm_from_uart: +6b16 6fe2453b fetch 1 ,mem_credit_given +6b17 203a6b1e branch ssp_tx_rfcomm_from_uart_without_credit ,blank +6b18 70050c01 jam 1 ,mem_rfcomm_send_offset +6b19 6fe24538 fetch 1 ,mem_hiufcs_spp_wcredits +6b1a 67e2050b store 1 ,mem_rfcomm_send_fcs +6b1b 580000ff setarg rsp_rx_uih_wdata +6b1c 67e2050a store 1 ,mem_rfcomm_send_frame_type +6b1d 20206b23 branch ssp_tx_rfcomm_from_uart_common + +ssp_tx_rfcomm_from_uart_without_credit: +6b1e 70050c00 jam 0 ,mem_rfcomm_send_offset +6b1f 6fe24537 fetch 1 ,mem_hiufcs_spp +6b20 67e2050b store 1 ,mem_rfcomm_send_fcs +6b21 580000ef setarg rsp_tx_uih +6b22 67e2050a store 1 ,mem_rfcomm_send_frame_type + +ssp_tx_rfcomm_from_uart_common: +6b23 472fc02b bpatchx patch2b_7 ,mem_patch2b +6b24 6fe4466a fetch 2 ,mem_current_packet_length +6b25 1fe67c7f sub pdata ,127 ,null +6b26 20216b2a branch ssp_tx_rfcomm_from_uart_common0 ,positive +6b27 6fe2050c fetch 1 ,mem_rfcomm_send_offset +6b28 1fe0fe01 increase 1 ,pdata +6b29 67e2050c store 1 ,mem_rfcomm_send_offset + +ssp_tx_rfcomm_from_uart_common0: +6b2a 20406933 call get_rfcomm_snd_adss +6b2b 6fe4466a fetch 2 ,mem_current_packet_length +6b2c 1fe0fe08 increase 8 ,pdata +6b2d 6842050c fetcht 1 ,mem_rfcomm_send_offset +6b2e 9840a200 iadd temp ,rega +6b2f 2040561a call l2cap_malloc +6b30 67e40273 store 2 ,mem_rfcomm_tx_buff_ptr +6b31 1fe0fe04 increase 4 ,pdata +6b32 67e40275 store 2 ,mem_rfcomm_tx_payload_ptr +6b33 1fe20a00 copy pdata ,contw +6b34 6fe20509 fetch 1 ,mem_rfcomm_send_adss +6b35 e7e20005 istore 1 ,contw +6b36 6fe2050a fetch 1 ,mem_rfcomm_send_frame_type +6b37 e7e20005 istore 1 ,contw +6b38 20406b54 call ssp_tx_write_length +6b39 20406b65 call ssp_tx_write_given_credit +6b3a 4730402c bpatchx patch2c_0 ,mem_patch2c +6b3b 6fe44543 fetch 2 ,mem_nl_rx_data_src +6b3c 1fe20600 copy pdata ,contru +6b3d 6fe4466a fetch 2 ,mem_current_packet_length +6b3e 1fe27200 copy pdata ,loopcnt +6b3f 204067da call uart_copy_rx_bytes_fast +6b40 18a20400 copy contw ,temp +6b41 18627e00 copy contru ,pdata +6b42 67e44543 store 2 ,mem_nl_rx_data_src +6b43 18420a00 copy temp ,contw +6b44 6fe2050b fetch 1 ,mem_rfcomm_send_fcs +6b45 e7e20005 istore 1 ,contw +6b46 6fe40273 fetch 2 ,mem_rfcomm_tx_buff_ptr +6b47 1fe20a00 copy pdata ,contw +6b48 6fe4466a fetch 2 ,mem_current_packet_length +6b49 6842050c fetcht 1 ,mem_rfcomm_send_offset +6b4a 9840fe00 iadd temp ,pdata +6b4b 1fe0fe04 increase 4 ,pdata +6b4c e7e40005 istore 2 ,contw +6b4d 6fe4421c fetch 2 ,mem_rfcomm_remote_cid +6b4e e7e40005 istore 2 ,contw +6b4f 70453b00 jam 0 ,mem_credit_given +6b50 6fe44545 fetch 2 ,mem_nl_rx_len_all +6b51 c0004ed4 beq 0 ,module_hci_command_tx_spp_tx_complete +6b52 700b0100 jam hci_not_discard_packet ,mem_module_temp_nl_discard_packet +6b53 20600000 rtn + +ssp_tx_write_length: +6b54 4730c02c bpatchx patch2c_1 ,mem_patch2c +6b55 6fe4466a fetch 2 ,mem_current_packet_length +6b56 1fe67c7f sub pdata ,0x7f ,null +6b57 24216b5c nbranch ssp_tx_write_long_packet ,positive +6b58 1fe3fe00 lshift pdata ,pdata +6b59 79207e00 set1 0 ,pdata +6b5a e7e20005 istore 1 ,contw +6b5b 20600000 rtn + +ssp_tx_write_long_packet: +6b5c 6fe4466a fetch 2 ,mem_current_packet_length +6b5d 1fe97e00 rshift3 pdata ,pdata +6b5e 1ff18400 rshift4 pdata ,temp +6b5f 1fe17e7f and_into 0x7f ,pdata +6b60 1fe3fe00 lshift pdata ,pdata +6b61 793ffe00 set0 0 ,pdata +6b62 e7e20005 istore 1 ,contw +6b63 e0420005 istoret 1 ,contw +6b64 20600000 rtn + +ssp_tx_write_given_credit: +6b65 6fe2453b fetch 1 ,mem_credit_given +6b66 207a0000 rtn blank +6b67 e7e20005 istore 1 ,contw +6b68 20600000 rtn + +scheduler_process: +6b69 4731402c bpatchx patch2c_2 ,mem_patch2c +6b6a 20407bc1 call check_51cmd +6b6b 20404c8f call app_process_bb_event +6b6c 204066fd call process_conn_sm +6b6d 4731c02c bpatchx patch2c_3 ,mem_patch2c +6b6e 20407591 call sp_calc_sequence +6b6f 2040756a call simple_pairing_sequence +6b70 2040757b call master_simple_paring_sequence +6b71 20405648 call l2cap_malloc_is_fifo_full +6b72 247a0000 nrtn blank +6b73 20405183 call l2cap_call_proc_sigal_pending +6b74 20405648 call l2cap_malloc_is_fifo_full +6b75 247a0000 nrtn blank +6b76 4732402c bpatchx patch2c_4 ,mem_patch2c +6b77 20406bb4 call process_upper_sm +6b78 2040533e call l2cap_send_config_req +6b79 20406a59 call rfcomm_send_more_pkt + +scheduler_process0: +6b7a 20406b7d call scheduler_tx_disconnect_hid +6b7b 4732c02c bpatchx patch2c_5 ,mem_patch2c +6b7c 20204c8b branch app_process_bt + +scheduler_tx_disconnect_hid: +6b7d 6fe2027b fetch 1 ,mem_control_tasks +6b7e c2805461 bbit1 l2cap_disconnect_interrupt ,l2cap_disconnect_interrupt_req +6b7f c283d46b bbit1 l2cap_disconnect_control ,l2cap_disconnect_control_req +6b80 20600000 rtn + +scheduler_tx_l2cap_pkt: +6b81 4733402c bpatchx patch2c_6 ,mem_patch2c +6b82 2040564e call l2cap_malloc_is_fifo_empty +6b83 207a0000 rtn blank +6b84 6fe2004b fetch 1 ,mem_op +6b85 c3830000 rtnbit1 op_txl2cap +6b86 20405632 call l2cap_malloc_fifo_out +6b87 67e4016d store 2 ,mem_txptr +6b88 1fe20c00 copy pdata ,contr +6b89 efe40006 ifetch 2 ,contr +6b8a 1fe0fe04 increase 4 ,pdata +6b8b 67e441dd store 2 ,mem_tx_len +6b8c 7041dc06 jam 6 ,mem_tx_lch +6b8d 4733c02c bpatchx patch2c_7 ,mem_patch2c +6b8e 6fe44218 fetch 2 ,mem_l2cap_tx_multi_offset +6b8f 203a6b9c branch scheduler_tx_l2cap_start_pkt ,blank +6b90 6fe2004b fetch 1 ,mem_op +6b91 c4038000 rtnbit0 op_pkt_comp +6b92 793ffe07 set0 op_pkt_comp ,pdata +6b93 67e2004b store 1 ,mem_op +6b94 7041dc05 jam 5 ,mem_tx_lch +6b95 68444218 fetcht 2 ,mem_l2cap_tx_multi_offset +6b96 6fe4016d fetch 2 ,mem_txptr +6b97 9840fe00 iadd temp ,pdata +6b98 67e4016d store 2 ,mem_txptr +6b99 6fe441dd fetch 2 ,mem_tx_len +6b9a 98467e00 isub temp ,pdata +6b9b 67e441dd store 2 ,mem_tx_len + +scheduler_tx_l2cap_start_pkt: +6b9c 4734402d bpatchx patch2d_0 ,mem_patch2d +6b9d 6fe441dd fetch 2 ,mem_tx_len +6b9e 203a4a8b branch assert ,blank +6b9f d8400104 arg l2cap_max_pkt_len ,temp +6ba0 98467e00 isub temp ,pdata +6ba1 24216ba8 nbranch scheduler_tx_l2cap_last_pkt ,positive +6ba2 4734c02d bpatchx patch2d_1 ,mem_patch2d +6ba3 604441dd storet 2 ,mem_tx_len +6ba4 6fe44218 fetch 2 ,mem_l2cap_tx_multi_offset +6ba5 9840fe00 iadd temp ,pdata +6ba6 67e44218 store 2 ,mem_l2cap_tx_multi_offset +6ba7 20206baa branch scheduler_tx_l2cap_pkt_end + +scheduler_tx_l2cap_last_pkt: +6ba8 58000000 setarg 0 +6ba9 67e44218 store 2 ,mem_l2cap_tx_multi_offset + +scheduler_tx_l2cap_pkt_end: +6baa 6fe2004b fetch 1 ,mem_op +6bab 79207e06 set1 op_txl2cap ,pdata +6bac 67e2004b store 1 ,mem_op +6bad 20600000 rtn + +scheduler_start_upper_sm: +6bae 6fe24654 fetch 1 ,mem_ui_profile_supported +6baf c2806bb2 bbit1 support_hid ,scheduler_start_upper_sm_hid +6bb0 70028301 jam uppersm_reconn_sdp_conn ,mem_upper_sm_reconn +6bb1 20600000 rtn + +scheduler_start_upper_sm_hid: +6bb2 7002830f jam uppersm_reconn_hid_ctrl_conn ,mem_upper_sm_reconn +6bb3 20600000 rtn + +process_upper_sm: +6bb4 6fe24651 fetch 1 ,memui_reconnect_mode +6bb5 243a6bba nbranch process_upper_sm_reconn ,blank + +process_upper_sm_remote_page: +6bb6 6fe20282 fetch 1 ,mem_upper_sm_remote_page +6bb7 207a0000 rtn blank +6bb8 70028200 jam 0 ,mem_upper_sm_remote_page + +process_upper_sm_rp_wait: +6bb9 20600000 rtn + +process_upper_sm_reconn: +6bba 4735402d bpatchx patch2d_2 ,mem_patch2d +6bbb 6fe20283 fetch 1 ,mem_upper_sm_reconn +6bbc 207a0000 rtn blank +6bbd c000ebda beq uppersm_reconn_sdp_conn ,process_upper_sm_reconn_sdp_conn +6bbe c0016c33 beq uppersm_reconn_sdp_conn_wait ,process_upper_sm_reconn_sdp_conn_wait +6bbf c001ebe0 beq uppersm_reconn_sdp_cfg ,process_upper_sm_reconn_sdp_cfg +6bc0 c0026c37 beq uppersm_reconn_sdp_cfg_wait ,process_upper_sm_reconn_sdp_cfg_wait +6bc1 c01debea beq uppersm_reconn_ss_spp ,process_upper_sm_reconn_ss_spp +6bc2 c01e6c3a beq uppersm_reconn_ss_spp_wait ,process_upper_sm_reconn_ss_spp_wait +6bc3 c006ebef beq uppersm_reconn_sdp_disconn ,process_upper_sm_reconn_sdp_disconn +6bc4 c0076c3f beq uppersm_reconn_sdp_disconn_wait ,process_upper_sm_reconn_sdp_disconn_wait +6bc5 c007ebf2 beq uppersm_reconn_hid_ctrl_conn ,process_upper_sm_reconn_hid_ctrl_conn +6bc6 c0086c45 beq uppersm_reconn_hid_ctrl_conn_wait ,process_upper_sm_reconn_hid_ctrl_conn_wait +6bc7 c008ebf8 beq uppersm_reconn_hid_ctrl_cfg ,process_upper_sm_reconn_hid_ctrl_cfg +6bc8 c0096c49 beq uppersm_reconn_hid_ctrl_cfg_wait ,process_upper_sm_reconn_hid_ctrl_cfg_wait +6bc9 c009ebfe beq uppersm_reconn_hid_int_conn ,process_upper_sm_reconn_hid_int_conn +6bca c00a6c4d beq uppersm_reconn_hid_int_conn_wait ,process_upper_sm_reconn_hid_int_conn_wait +6bcb c00aec04 beq uppersm_reconn_hid_int_cfg ,process_upper_sm_reconn_hid_int_cfg +6bcc c00b6c51 beq uppersm_reconn_hid_int_cfg_wait ,process_upper_sm_reconn_hid_int_cfg_wait +6bcd c00bec0a beq uppersm_reconn_rfcomm_conn ,process_upper_sm_reconn_rfcomm_conn +6bce c00c6c56 beq uppersm_reconn_rfcomm_conn_wait ,process_upper_sm_reconn_rfcomm_conn_wait +6bcf c00cec10 beq uppersm_reconn_rfcomm_cfg ,process_upper_sm_reconn_rfcomm_cfg +6bd0 c00d6c5a beq uppersm_reconn_rfcomm_cfg_wait ,process_upper_sm_reconn_rfcomm_cfg_wait +6bd1 c00dec16 beq uppersm_reconn_rfcomm_sabm ,process_upper_sm_reconn_rfcomm_sabm +6bd2 c00e6c5e beq uppersm_reconn_rfcomm_sabm_wait ,process_upper_sm_reconn_rfcomm_sabm_wait +6bd3 c00eec1c beq uppersm_reconn_spp_cmd_pn ,process_upper_sm_reconn_spp_cmd_pn +6bd4 c00f6c63 beq uppersm_reconn_spp_cmd_pn_wait ,process_upper_sm_reconn_spp_cmd_pn_wait +6bd5 c00fec22 beq uppersm_reconn_spp_sabm ,process_upper_sm_reconn_spp_sabm +6bd6 c0106c67 beq uppersm_reconn_spp_sabm_wait ,process_upper_sm_reconn_spp_sabm_wait +6bd7 c010ec2d beq uppersm_reconn_spp_cmd_ms ,process_upper_sm_reconn_spp_cmd_ms +6bd8 c0116c6b beq uppersm_reconn_spp_cmd_ms_wait ,process_upper_sm_reconn_spp_cmd_ms_wait + +process_upper_sm_reconn_wait: +6bd9 20600000 rtn + +process_upper_sm_reconn_sdp_conn: +6bda 20406c76 call upper_sm_send_sdp_conn +6bdb 70028302 jam uppersm_reconn_sdp_conn_wait ,mem_upper_sm_reconn +6bdc 6fe24222 fetch 1 ,mem_sdp_state +6bdd 79207e00 set1 l2cap_channel_state_conn_req ,pdata +6bde 67e24222 store 1 ,mem_sdp_state +6bdf 20600000 rtn + +process_upper_sm_reconn_sdp_cfg: +6be0 70028304 jam uppersm_reconn_sdp_cfg_wait ,mem_upper_sm_reconn +6be1 6fe24222 fetch 1 ,mem_sdp_state +6be2 c3810000 rtnbit1 l2cap_channel_state_snd_cfg_req +6be3 70028303 jam uppersm_reconn_sdp_cfg ,mem_upper_sm_reconn +6be4 20406c7d call upper_sm_send_sdp_cfg +6be5 70028304 jam uppersm_reconn_sdp_cfg_wait ,mem_upper_sm_reconn +6be6 6fe24222 fetch 1 ,mem_sdp_state +6be7 79207e02 set1 l2cap_channel_state_snd_cfg_req ,pdata +6be8 67e24222 store 1 ,mem_sdp_state +6be9 20600000 rtn + +process_upper_sm_reconn_ss_spp: +6bea 2040564e call l2cap_malloc_is_fifo_empty +6beb 247a0000 nrtn blank +6bec 20406c8c call upper_sm_send_ss_spp +6bed 7002833c jam uppersm_reconn_ss_spp_wait ,mem_upper_sm_reconn +6bee 20600000 rtn + +process_upper_sm_reconn_sdp_disconn: +6bef 20406c82 call upper_sm_send_sdp_disconn +6bf0 7002830e jam uppersm_reconn_sdp_disconn_wait ,mem_upper_sm_reconn +6bf1 20600000 rtn + +process_upper_sm_reconn_hid_ctrl_conn: +6bf2 20406c9c call upper_sm_send_hid_ctrl_conn +6bf3 70028310 jam uppersm_reconn_hid_ctrl_conn_wait ,mem_upper_sm_reconn +6bf4 6fe24224 fetch 1 ,mem_hid_control_state +6bf5 79207e00 set1 l2cap_channel_state_conn_req ,pdata +6bf6 67e24224 store 1 ,mem_hid_control_state +6bf7 20600000 rtn + +process_upper_sm_reconn_hid_ctrl_cfg: +6bf8 20406ca3 call upper_sm_send_hid_ctrl_cfg +6bf9 70028312 jam uppersm_reconn_hid_ctrl_cfg_wait ,mem_upper_sm_reconn +6bfa 6fe24224 fetch 1 ,mem_hid_control_state +6bfb 79207e02 set1 l2cap_channel_state_snd_cfg_req ,pdata +6bfc 67e24224 store 1 ,mem_hid_control_state +6bfd 20600000 rtn + +process_upper_sm_reconn_hid_int_conn: +6bfe 20406ca8 call upper_sm_send_hid_int_conn +6bff 70028314 jam uppersm_reconn_hid_int_conn_wait ,mem_upper_sm_reconn +6c00 6fe24225 fetch 1 ,mem_hid_interrupt_state +6c01 79207e00 set1 l2cap_channel_state_conn_req ,pdata +6c02 67e24225 store 1 ,mem_hid_interrupt_state +6c03 20600000 rtn + +process_upper_sm_reconn_hid_int_cfg: +6c04 20406caf call upper_sm_send_hid_int_cfg +6c05 70028316 jam uppersm_reconn_hid_int_cfg_wait ,mem_upper_sm_reconn +6c06 6fe24225 fetch 1 ,mem_hid_interrupt_state +6c07 79207e02 set1 l2cap_channel_state_snd_cfg_req ,pdata +6c08 67e24225 store 1 ,mem_hid_interrupt_state +6c09 20600000 rtn + +process_upper_sm_reconn_rfcomm_conn: +6c0a 20406c90 call upper_sm_send_rfcomm_conn +6c0b 70028318 jam uppersm_reconn_rfcomm_conn_wait ,mem_upper_sm_reconn +6c0c 6fe24223 fetch 1 ,mem_rfcomm_state +6c0d 79207e00 set1 l2cap_channel_state_conn_req ,pdata +6c0e 67e24223 store 1 ,mem_rfcomm_state +6c0f 20600000 rtn + +process_upper_sm_reconn_rfcomm_cfg: +6c10 20406c97 call upper_sm_send_rfcomm_cfg +6c11 7002831a jam uppersm_reconn_rfcomm_cfg_wait ,mem_upper_sm_reconn +6c12 6fe24223 fetch 1 ,mem_rfcomm_state +6c13 79207e02 set1 l2cap_channel_state_snd_cfg_req ,pdata +6c14 67e24223 store 1 ,mem_rfcomm_state +6c15 20600000 rtn + +process_upper_sm_reconn_rfcomm_sabm: +6c16 20406cb4 call upper_sm_send_rfcomm_sabm +6c17 7002831c jam uppersm_reconn_rfcomm_sabm_wait ,mem_upper_sm_reconn +6c18 6fe24223 fetch 1 ,mem_rfcomm_state +6c19 79207e06 set1 l2cap_channel_rfcomm_only_sabm ,pdata +6c1a 67e24223 store 1 ,mem_rfcomm_state +6c1b 20600000 rtn + +process_upper_sm_reconn_spp_cmd_pn: +6c1c 20406cbb call upper_sm_send_spp_cmd_pn +6c1d 6fe24226 fetch 1 ,mem_spp_state +6c1e 79207e00 set1 rfcomm_channel_state_pn_cmd +6c1f 67e24226 store 1 ,mem_spp_state +6c20 7002831e jam uppersm_reconn_spp_cmd_pn_wait ,mem_upper_sm_reconn +6c21 20600000 rtn + +process_upper_sm_reconn_spp_sabm: +6c22 20406cc1 call upper_sm_send_spp_sabm +6c23 6fe24226 fetch 1 ,mem_spp_state +6c24 79207e02 set1 rfcomm_channel_state_sabm +6c25 67e24226 store 1 ,mem_spp_state +6c26 70028320 jam uppersm_reconn_spp_sabm_wait ,mem_upper_sm_reconn +6c27 6fe24536 fetch 1 ,mem_remote_spp_channel +6c28 1fe9fe00 lshift3 pdata ,pdata +6c29 1fe1fe03 or_into 3 ,pdata +6c2a d8404537 arg mem_hiufcs_spp ,temp +6c2b 604404f3 storet 2 ,mem_contw_temp +6c2c 202068f6 branch rfcomm_save_fcs_uih + +process_upper_sm_reconn_spp_cmd_ms: +6c2d 20406ccb call upper_sm_send_spp_cmd_ms +6c2e 6fe24226 fetch 1 ,mem_spp_state +6c2f 79207e04 set1 rfcomm_channel_state_snd_ms_cmd +6c30 67e24226 store 1 ,mem_spp_state +6c31 70028322 jam uppersm_reconn_spp_cmd_ms_wait ,mem_upper_sm_reconn +6c32 20600000 rtn + +process_upper_sm_reconn_sdp_conn_wait: +6c33 6fe24222 fetch 1 ,mem_sdp_state +6c34 c4008000 rtnbit0 l2cap_channel_state_conn_res +6c35 70028303 jam uppersm_reconn_sdp_cfg ,mem_upper_sm_reconn +6c36 20206bba branch process_upper_sm_reconn + +process_upper_sm_reconn_sdp_cfg_wait: +6c37 6fe24222 fetch 1 ,mem_sdp_state +6c38 c19f8000 rtnne l2cap_channel_setup_complete +6c39 7002833b jam uppersm_reconn_ss_spp ,mem_upper_sm_reconn + +process_upper_sm_reconn_ss_spp_wait: +6c3a 6fe20281 fetch 1 ,mem_message_to_uppersm +6c3b c18b8000 rtnne recieve_ss_reasult_hf +6c3c 70028100 jam 0 ,mem_message_to_uppersm +6c3d 7002830d jam uppersm_reconn_sdp_disconn ,mem_upper_sm_reconn +6c3e 20206bba branch process_upper_sm_reconn + +process_upper_sm_reconn_sdp_disconn_wait: +6c3f 6fe24222 fetch 1 ,mem_sdp_state +6c40 247a0000 nrtn blank +6c41 6fe24654 fetch 1 ,mem_ui_profile_supported +6c42 c2806c6e bbit1 support_hid ,process_upper_sm_reconn_setup_hid +6c43 c2836c70 bbit1 support_spp ,process_upper_sm_reconn_setup_rfcomm +6c44 20206c74 branch process_upper_sm_reconn_termination + +process_upper_sm_reconn_hid_ctrl_conn_wait: +6c45 6fe24224 fetch 1 ,mem_hid_control_state +6c46 c4008000 rtnbit0 l2cap_channel_state_conn_res +6c47 70028311 jam uppersm_reconn_hid_ctrl_cfg ,mem_upper_sm_reconn +6c48 20206bba branch process_upper_sm_reconn + +process_upper_sm_reconn_hid_ctrl_cfg_wait: +6c49 6fe24224 fetch 1 ,mem_hid_control_state +6c4a c19f8000 rtnne l2cap_channel_setup_complete +6c4b 70028313 jam uppersm_reconn_hid_int_conn ,mem_upper_sm_reconn +6c4c 20206bba branch process_upper_sm_reconn + +process_upper_sm_reconn_hid_int_conn_wait: +6c4d 6fe24225 fetch 1 ,mem_hid_interrupt_state +6c4e c4008000 rtnbit0 l2cap_channel_state_conn_res +6c4f 70028315 jam uppersm_reconn_hid_int_cfg ,mem_upper_sm_reconn +6c50 20206bba branch process_upper_sm_reconn + +process_upper_sm_reconn_hid_int_cfg_wait: +6c51 6fe24225 fetch 1 ,mem_hid_interrupt_state +6c52 c19f8000 rtnne l2cap_channel_setup_complete +6c53 6fe24654 fetch 1 ,mem_ui_profile_supported +6c54 c2836c70 bbit1 support_spp ,process_upper_sm_reconn_setup_rfcomm +6c55 20206c74 branch process_upper_sm_reconn_termination + +process_upper_sm_reconn_rfcomm_conn_wait: +6c56 6fe24223 fetch 1 ,mem_rfcomm_state +6c57 c4008000 rtnbit0 l2cap_channel_state_conn_res +6c58 70028319 jam uppersm_reconn_rfcomm_cfg ,mem_upper_sm_reconn +6c59 20206bba branch process_upper_sm_reconn + +process_upper_sm_reconn_rfcomm_cfg_wait: +6c5a 6fe24223 fetch 1 ,mem_rfcomm_state +6c5b c19f8000 rtnne l2cap_channel_setup_complete +6c5c 7002831b jam uppersm_reconn_rfcomm_sabm ,mem_upper_sm_reconn +6c5d 20206bba branch process_upper_sm_reconn + +process_upper_sm_reconn_rfcomm_sabm_wait: +6c5e 6fe24223 fetch 1 ,mem_rfcomm_state +6c5f c1ff8000 rtnne l2cap_channel_rfcomm_dlci0_opened +6c60 6fe24654 fetch 1 ,mem_ui_profile_supported +6c61 c2836c72 bbit1 support_spp ,process_upper_sm_reconn_setup_spp +6c62 20206c74 branch process_upper_sm_reconn_termination + +process_upper_sm_reconn_spp_cmd_pn_wait: +6c63 6fe24226 fetch 1 ,mem_spp_state +6c64 c4008000 rtnbit0 rfcomm_channel_state_pn_res +6c65 7002831f jam uppersm_reconn_spp_sabm ,mem_upper_sm_reconn +6c66 20206bba branch process_upper_sm_reconn + +process_upper_sm_reconn_spp_sabm_wait: +6c67 6fe24226 fetch 1 ,mem_spp_state +6c68 c4018000 rtnbit0 rfcomm_channel_state_ua +6c69 70028321 jam uppersm_reconn_spp_cmd_ms ,mem_upper_sm_reconn +6c6a 20206bba branch process_upper_sm_reconn + +process_upper_sm_reconn_spp_cmd_ms_wait: +6c6b 6fe24226 fetch 1 ,mem_spp_state +6c6c c1ff8000 rtnne rfcomm_channel_setup_complete +6c6d 20206c74 branch process_upper_sm_reconn_termination + +process_upper_sm_reconn_setup_hid: +6c6e 7002830f jam uppersm_reconn_hid_ctrl_conn ,mem_upper_sm_reconn +6c6f 20206bba branch process_upper_sm_reconn + +process_upper_sm_reconn_setup_rfcomm: +6c70 70028317 jam uppersm_reconn_rfcomm_conn ,mem_upper_sm_reconn +6c71 20206bba branch process_upper_sm_reconn + +process_upper_sm_reconn_setup_spp: +6c72 7002831d jam uppersm_reconn_spp_cmd_pn ,mem_upper_sm_reconn +6c73 20206bba branch process_upper_sm_reconn + +process_upper_sm_reconn_termination: +6c74 70028300 jam 0 ,mem_upper_sm_reconn +6c75 20600000 rtn + +upper_sm_send_sdp_conn: +6c76 4735c02d bpatchx patch2d_3 ,mem_patch2d +6c77 20405692 call l2cap_malloc_signal_channel +6c78 58000001 setarg psm_sdp +6c79 1fe20400 copy pdata ,temp +6c7a 58000050 setarg l2cap_sdp_channel +6c7b 1fe21600 copy pdata ,timeup +6c7c 20205482 branch ml2cap_send_signal_connect_req + +upper_sm_send_sdp_cfg: +6c7d 4736402d bpatchx patch2d_4 ,mem_patch2d +6c7e 20405692 call l2cap_malloc_signal_channel +6c7f 6fe4421a fetch 2 ,mem_sdp_remote_cid +6c80 1fe20400 copy pdata ,temp +6c81 20205491 branch ml2cap_send_signal_config_req + +upper_sm_send_sdp_disconn: +6c82 4736c02d bpatchx patch2d_5 ,mem_patch2d +6c83 20405692 call l2cap_malloc_signal_channel +6c84 6fe4421a fetch 2 ,mem_sdp_remote_cid +6c85 1fe20400 copy pdata ,temp +6c86 d9600050 arg l2cap_sdp_channel ,timeup +6c87 204054a6 call ml2cap_send_signal_disconn_req +6c88 6fe24222 fetch 1 ,mem_sdp_state +6c89 793ffe05 set0 l2cap_channel_state_rcv_cfg_res ,pdata +6c8a 67e24222 store 1 ,mem_sdp_state +6c8b 20600000 rtn + +upper_sm_send_ss_spp: +6c8c 4737402d bpatchx patch2d_6 ,mem_patch2d +6c8d 2040569f call l2cap_malloc_sdp_channel +6c8e 20406ff7 call sdp_send_spp_request +6c8f 202054c1 branch msdp_send_req_done + +upper_sm_send_rfcomm_conn: +6c90 4737c02d bpatchx patch2d_7 ,mem_patch2d +6c91 20405692 call l2cap_malloc_signal_channel +6c92 58000003 setarg psm_rfcomm +6c93 1fe20400 copy pdata ,temp +6c94 58000051 setarg l2cap_rfcomm_channel +6c95 1fe21600 copy pdata ,timeup +6c96 20205482 branch ml2cap_send_signal_connect_req + +upper_sm_send_rfcomm_cfg: +6c97 4738402e bpatchx patch2e_0 ,mem_patch2e +6c98 20405692 call l2cap_malloc_signal_channel +6c99 6fe4421c fetch 2 ,mem_rfcomm_remote_cid +6c9a 1fe20400 copy pdata ,temp +6c9b 20205491 branch ml2cap_send_signal_config_req + +upper_sm_send_hid_ctrl_conn: +6c9c 4738c02e bpatchx patch2e_1 ,mem_patch2e +6c9d 20405692 call l2cap_malloc_signal_channel +6c9e 58000011 setarg psm_hid_control +6c9f 1fe20400 copy pdata ,temp +6ca0 58000052 setarg l2cap_hid_control_channel +6ca1 1fe21600 copy pdata ,timeup +6ca2 20205482 branch ml2cap_send_signal_connect_req + +upper_sm_send_hid_ctrl_cfg: +6ca3 4739402e bpatchx patch2e_2 ,mem_patch2e +6ca4 20405692 call l2cap_malloc_signal_channel +6ca5 6fe4421e fetch 2 ,mem_hid_ctrl_remote_cid +6ca6 1fe20400 copy pdata ,temp +6ca7 20205491 branch ml2cap_send_signal_config_req + +upper_sm_send_hid_int_conn: +6ca8 4739c02e bpatchx patch2e_3 ,mem_patch2e +6ca9 20405692 call l2cap_malloc_signal_channel +6caa 58000013 setarg psm_hid_interrupt +6cab 1fe20400 copy pdata ,temp +6cac 58000053 setarg l2cap_hid_interrupt_channel +6cad 1fe21600 copy pdata ,timeup +6cae 20205482 branch ml2cap_send_signal_connect_req + +upper_sm_send_hid_int_cfg: +6caf 473a402e bpatchx patch2e_4 ,mem_patch2e +6cb0 20405692 call l2cap_malloc_signal_channel +6cb1 6fe44220 fetch 2 ,mem_hid_int_remote_cid +6cb2 1fe20400 copy pdata ,temp +6cb3 20205491 branch ml2cap_send_signal_config_req + +upper_sm_send_rfcomm_sabm: +6cb4 473ac02e bpatchx patch2e_5 ,mem_patch2e +6cb5 204056ac call l2cap_malloc_rfcomm_channel +6cb6 7004f703 jam 3 ,mem_current_adss +6cb7 7004fa1c jam 0x1c ,mem_current_fcs +6cb8 20406a6a call rfcomm_send_sabm +6cb9 70453501 jam 1 ,mem_rfcomm_initiator +6cba 20600000 rtn + +upper_sm_send_spp_cmd_pn: +6cbb 473b402e bpatchx patch2e_6 ,mem_patch2e +6cbc 204056ac call l2cap_malloc_rfcomm_channel +6cbd 68424536 fetcht 1 ,mem_remote_spp_channel +6cbe 2040693a call channel_to_dlci +6cbf 6042452f storet 1 ,mem_pn_dlci +6cc0 20206a85 branch rfcomm_send_param_neg_cmd + +upper_sm_send_spp_sabm: +6cc1 473bc02e bpatchx patch2e_7 ,mem_patch2e +6cc2 204056ac call l2cap_malloc_rfcomm_channel +6cc3 6842452f fetcht 1 ,mem_pn_dlci +6cc4 20406934 call dlci_to_address_cmd +6cc5 204068db call rfcomm_calculate_fcs_sabm +6cc6 67e204fa store 1 ,mem_current_fcs +6cc7 6842452f fetcht 1 ,mem_pn_dlci +6cc8 20406934 call dlci_to_address_cmd +6cc9 604204f7 storet 1 ,mem_current_adss +6cca 20206a6a branch rfcomm_send_sabm + +upper_sm_send_spp_cmd_ms: +6ccb 473c402f bpatchx patch2f_0 ,mem_patch2f +6ccc 204056ac call l2cap_malloc_rfcomm_channel +6ccd 6842452f fetcht 1 ,mem_pn_dlci +6cce 20406934 call dlci_to_address_cmd +6ccf 20206abd branch rfcomm_send_modem_status_cmd + +sdp_process: +6cd0 473cc02f bpatchx patch2f_1 ,mem_patch2f +6cd1 6fe40260 fetch 2 ,mem_l2cap_payload_ptr +6cd2 98000c00 iforce contr +6cd3 efe20006 ifetch 1 ,contr +6cd4 1fe22400 copy pdata ,regb +6cd5 67e20517 store 1 ,mem_sdp_pduid +6cd6 efe40006 ifetch 2 ,contr +6cd7 67e40518 store 2 ,mem_sdp_transactionid +6cd8 efe20006 ifetch 1 ,contr +6cd9 1fed1600 lshift8 pdata ,timeup +6cda efe20006 ifetch 1 ,contr +6cdb 99609600 iadd timeup ,timeup +6cdc 473d402f bpatchx patch2f_2 ,mem_patch2f +6cdd 18c20400 copy contr ,temp +6cde df200004 arg 4 ,loopcnt +6cdf d8a00526 arg mem_sdp_handle_list ,contw +6ce0 20407ca1 call memset0 +6ce1 18420c00 copy temp ,contr +6ce2 1a427e00 deposit regb +6ce3 c000ee79 beq sdp_error_res ,sdp_process_error_res +6ce4 c0016ceb beq sdp_search_req ,sdp_process_ss_req +6ce5 c001ee79 beq sdp_search_res ,sdp_process_ss_res +6ce6 c0026d13 beq sdp_attribute_req ,sdp_process_sa_req +6ce7 c002ee79 beq sdp_attribute_res ,sdp_process_sa_res +6ce8 c0036dc1 beq sdp_searchattrib_req ,sdp_process_ssa_req +6ce9 c003ee79 beq sdp_searchattrib_res ,sdp_process_ssa_res +6cea 20206e80 branch sdp_insufficient_resource + +sdp_process_ss_req: +6ceb 473dc02f bpatchx patch2f_3 ,mem_patch2f +6cec 20406e8f call ask_serviceclassid +6ced 2841fe01 compare 1 ,temp ,0xff +6cee 2020eeff branch ss_empty_rsp ,true +6cef 2841feff compare 0xff ,temp ,0xff +6cf0 2020ee83 branch sdp_invalid_request_syntax ,true +6cf1 efe40006 ifetch 2 ,contr +6cf2 67e4051e store 2 ,mem_sdp_record_maxcnt +6cf3 196097fe increase -2 ,timeup +6cf4 196097ff increase -1 ,timeup +6cf5 2422ee7d nbranch sdp_invalid_pdu_size ,zero +6cf6 d960050d arg mem_sdp_uuid_search_ptr ,timeup +6cf7 efe4000b ifetch 2 ,timeup +6cf8 207a0000 rtn blank +6cf9 20406f41 call search_all_uuid +6cfa 204056aa call l2cap_get_sdp_tx_payload +6cfb 18007e03 force 3 ,pdata +6cfc e7e20005 istore 1 ,contw +6cfd 6fe40518 fetch 2 ,mem_sdp_transactionid +6cfe e7e40005 istore 2 ,contw +6cff 18ebfe00 lshift2 queue ,pdata +6d00 1fe0fe05 add pdata ,5 ,pdata +6d01 1fe0a605 add pdata ,5 ,regc +6d02 1ff0fe00 byteswap pdata ,pdata +6d03 e7e40005 istore 2 ,contw +6d04 18e27e00 deposit queue +6d05 1ff0fe00 byteswap pdata ,pdata +6d06 e7e40005 istore 2 ,contw +6d07 e7e40005 istore 2 ,contw +6d08 d8c00526 arg mem_sdp_handle_list ,contr +6d09 18e27200 copy queue ,loopcnt +6d0a 2022ed0e branch ss_req_blank ,zero + +ss_req_loop: +6d0b efe80006 ifetch 4 ,contr +6d0c e7e80005 istore 4 ,contw +6d0d c2006d0b loop ss_req_loop + +ss_req_blank: +6d0e 18007e00 force 0 ,pdata +6d0f e7e20005 istore 1 ,contw +6d10 1a627e00 deposit regc +6d11 67e40271 store 2 ,mem_sdp_tx_pkt_length +6d12 20600000 rtn + +sdp_process_sa_req: +6d13 473e402f bpatchx patch2f_4 ,mem_patch2f +6d14 efe80006 ifetch 4 ,contr +6d15 67e80520 store 4 ,mem_sdp_record_handle +6d16 196097fc increase -4 ,timeup +6d17 20406ded call sdp_store_maxbyte +6d18 67e4051c store 2 ,mem_sdp_attribute_maxbyte +6d19 196097fe increase -2 ,timeup +6d1a 20406ee7 call dataelementtype6 +6d1b 2022ee83 branch sdp_invalid_request_syntax ,zero +6d1c 2a21fe05 compare 5 ,rega ,0xff +6d1d 2020ed21 branch sa_judge_wholerange ,true + +sa_isnot_wholerange: +6d1e d8a00526 arg mem_sdp_attrib_list ,contw +6d1f 18000e00 force 0 ,queue +6d20 20206d30 branch sa_req_loop + +sa_judge_wholerange: +6d21 efe20006 ifetch 1 ,contr +6d22 c0856e83 bne sdp_attribute_range ,sdp_invalid_request_syntax +6d23 efe40006 ifetch 2 ,contr +6d24 243a6d2e nbranch sa_judge_wholerange_false1 ,blank +6d25 efe20006 ifetch 1 ,contr +6d26 c0ffed2c bne 0xff ,sa_judge_wholerange_false2 +6d27 efe20006 ifetch 1 ,contr +6d28 c0ffed2a bne 0xff ,sa_judge_wholerange_false3 +6d29 20206d77 branch sa_req_all + +sa_judge_wholerange_false3: +6d2a 18c08dfb increase -5 ,contr +6d2b 20206d1e branch sa_isnot_wholerange + +sa_judge_wholerange_false2: +6d2c 18c08dfc increase -4 ,contr +6d2d 20206d1e branch sa_isnot_wholerange + +sa_judge_wholerange_false1: +6d2e 18c08dfd increase -3 ,contr +6d2f 20206d1e branch sa_isnot_wholerange + +sa_req_loop: +6d30 efe20006 ifetch 1 ,contr +6d31 c004ed45 beq sdp_attribute_id ,sa_req_one_id +6d32 c0056d33 beq sdp_attribute_range ,sa_req_range + +sa_req_range: +6d33 efe40006 ifetch 2 ,contr +6d34 e7e40005 istore 2 ,contw +6d35 18e08e01 increase 1 ,queue +6d36 1ff0a400 byteswap pdata ,regb +6d37 efe40006 ifetch 2 ,contr +6d38 1ff0fe00 byteswap pdata ,pdata + +sa_req_range_id_increase: +6d39 1a40a401 increase 1 ,regb +6d3a 9a467c00 isub regb ,null +6d3b 24216d42 nbranch sa_req_range_id_finish ,positive +6d3c 1fe22600 copy pdata ,regc +6d3d 1a50fe00 byteswap regb ,pdata +6d3e e7e40005 istore 2 ,contw +6d3f 18e08e01 increase 1 ,queue +6d40 1a627e00 copy regc ,pdata +6d41 20206d39 branch sa_req_range_id_increase + +sa_req_range_id_finish: +6d42 196097fb increase -5 ,timeup +6d43 1a20a3fb increase -5 ,rega +6d44 20206d4a branch sa_req_check_next_id + +sa_req_one_id: +6d45 efe40006 ifetch 2 ,contr +6d46 e7e40005 istore 2 ,contw +6d47 18e08e01 increase 1 ,queue +6d48 196097fd increase -3 ,timeup +6d49 1a20a3fd increase -3 ,rega + +sa_req_check_next_id: +6d4a 24216e83 nbranch sdp_invalid_request_syntax ,positive +6d4b 2422ed30 nbranch sa_req_loop ,zero +6d4c 196097ff increase -1 ,timeup +6d4d 2422ee83 nbranch sdp_invalid_request_syntax ,zero +6d4e 204056aa call l2cap_get_sdp_tx_payload +6d4f 18a08a0a increase 10 ,contw +6d50 da200526 arg mem_sdp_attrib_list ,rega + +sa_req_handle_attributelist_next: +6d51 18e27e00 copy queue ,pdata +6d52 203a6d64 branch sa_req_handle_attributelist_end ,blank +6d53 efe40011 ifetch 2 ,rega +6d54 203a6d64 branch sa_req_handle_attributelist_end ,blank +6d55 98002400 iforce regb +6d56 6fe80520 fetch 4 ,mem_sdp_record_handle +6d57 98000400 iforce temp +6d58 20406fa6 call search_handle_attrib +6d59 18c27e00 copy contr ,pdata +6d5a 203a6d61 branch sa_req_handle_attributelist_notfound ,blank +6d5b 18c08dfd increase -3 ,contr +6d5c efe60006 ifetch 3 ,contr +6d5d e7e60005 istore 3 ,contw +6d5e 20406f1a call sdp_data_len +6d5f 98007200 iforce loopcnt +6d60 20407cdc call memcpy + +sa_req_handle_attributelist_notfound: +6d61 1a20a202 increase 2 ,rega +6d62 18e08fff increase -1 ,queue +6d63 20206d51 branch sa_req_handle_attributelist_next + +sa_req_handle_attributelist_end: +6d64 da200005 arg sdp_attribute_res ,rega +6d65 20406e43 call ssa_req_range_lastfreg_common +6d66 6fe40271 fetch 2 ,mem_sdp_tx_pkt_length +6d67 c005ef02 beq 11 ,sa_empty_rsp +6d68 20206e59 branch ssa_req_range_attrbutes_length_no_continue + +sdp_store_continue_common: +6d69 efe20006 ifetch 1 ,contr +6d6a c0006d6d beq 0 ,sdp_store_continue_0byte +6d6b c000ed6f beq 1 ,sdp_store_continue_1byte +6d6c c0016d72 beq 2 ,sdp_store_continue_2byte + +sdp_store_continue_0byte: +6d6d 196097ff increase -1 ,timeup +6d6e 20206d75 branch sdp_store_continue_end + +sdp_store_continue_1byte: +6d6f efe20006 ifetch 1 ,contr +6d70 196097fe increase -2 ,timeup +6d71 20206d75 branch sdp_store_continue_end + +sdp_store_continue_2byte: +6d72 efe40006 ifetch 2 ,contr +6d73 1ff0fe00 byteswap pdata ,pdata +6d74 196097fd increase -3 ,timeup + +sdp_store_continue_end: +6d75 67e40515 store 2 ,mem_sdp_continue_byte +6d76 20600000 rtn + +sa_req_all: +6d77 196097fb increase -5 ,timeup +6d78 20406d69 call sdp_store_continue_common +6d79 2422ee7d nbranch sdp_invalid_pdu_size ,zero +6d7a 68480520 fetcht 4 ,mem_sdp_record_handle +6d7b 20406f70 call search_handle +6d7c 2422ee7a nbranch sdp_invalid_service_record_handle ,zero +6d7d 18c22200 copy contr ,rega +6d7e 204056aa call l2cap_get_sdp_tx_payload +6d7f 1a220c00 copy rega ,contr +6d80 18a08a03 increase 3 ,contw +6d81 18c21600 copy contr ,timeup +6d82 20406f21 call sdp_get_data +6d83 1fe22200 copy pdata ,rega +6d84 6fe40515 fetch 2 ,mem_sdp_continue_byte +6d85 1fe22400 copy pdata ,regb +6d86 1a227e00 copy rega ,pdata +6d87 9a462400 isub regb ,regb +6d88 6fe4051c fetch 2 ,mem_sdp_attribute_maxbyte +6d89 9a467c00 isub regb ,null +6d8a 24216da6 nbranch sa_req_all_fragment_sdp ,positive +6d8b 78547c00 disable user +6d8c 6fe40515 fetch 2 ,mem_sdp_continue_byte +6d8d 203a6d99 branch sa_req_all_fisrt_fragment ,blank +6d8e 99608c00 iadd timeup ,contr +6d8f 1a40a403 increase 3 ,regb +6d90 1a427200 copy regb ,loopcnt +6d91 1f227e00 copy loopcnt ,pdata +6d92 1fe0fe03 increase 3 ,pdata +6d93 1ff0fe00 byteswap pdata ,pdata +6d94 e7e40005 istore 2 ,contw +6d95 1f227e00 copy loopcnt ,pdata +6d96 1ff0fe00 byteswap pdata ,pdata +6d97 e7e40005 istore 2 ,contw +6d98 20206db4 branch sa_req_all_answer_attributelist_full_loop + +sa_req_all_fisrt_fragment: +6d99 1a20f206 add rega ,6 ,loopcnt +6d9a 20346d9d branch sa_req_all_parlength_continue_byte ,user +6d9b 1f30fe00 byteswap loopcnt ,pdata +6d9c 20206da0 branch sa_req_all_parlength_continue_byte_end + +sa_req_all_parlength_continue_byte: +6d9d 1f227e00 copy loopcnt ,pdata +6d9e 1fe0fe02 increase 2 ,pdata +6d9f 1ff0fe00 byteswap pdata ,pdata + +sa_req_all_parlength_continue_byte_end: +6da0 e7e40005 istore 2 ,contw +6da1 1f20f3fd increase -3 ,loopcnt +6da2 1f30fe00 byteswap loopcnt ,pdata +6da3 e7e40005 istore 2 ,contw +6da4 19620c00 copy timeup ,contr +6da5 20206db4 branch sa_req_all_answer_attributelist_full_loop + +sa_req_all_fragment_sdp: +6da6 78347c00 enable user +6da7 6fe4051c fetch 2 ,mem_sdp_attribute_maxbyte +6da8 1fe22200 copy pdata ,rega +6da9 1a227200 copy rega ,loopcnt +6daa 6fe40515 fetch 2 ,mem_sdp_continue_byte +6dab 203a6d99 branch sa_req_all_fisrt_fragment ,blank +6dac 99608c00 iadd timeup ,contr +6dad 1a227e00 copy rega ,pdata +6dae 1fe0fe05 increase 5 ,pdata +6daf 1ff0fe00 byteswap pdata ,pdata +6db0 e7e40005 istore 2 ,contw +6db1 1a227e00 copy rega ,pdata +6db2 1ff0fe00 byteswap pdata ,pdata +6db3 e7e40005 istore 2 ,contw + +sa_req_all_answer_attributelist_full_loop: +6db4 20407cdc call memcpy +6db5 24346dbd nbranch sa_req_all_last_frag_continue ,user +6db6 18007e02 force 2 ,pdata +6db7 e7e20005 istore 1 ,contw +6db8 18c27e00 copy contr ,pdata +6db9 99667e00 isub timeup ,pdata +6dba 1ff0fe00 byteswap pdata ,pdata +6dbb e7e40005 istore 2 ,contw +6dbc 20206dbf branch sa_req_all_frag_end + +sa_req_all_last_frag_continue: +6dbd 18007e00 force 0 ,pdata +6dbe e7e20005 istore 1 ,contw + +sa_req_all_frag_end: +6dbf da200005 arg sdp_attribute_res ,rega +6dc0 20206e6f branch ssa_req_range_common + +sdp_process_ssa_req: +6dc1 473ec02f bpatchx patch2f_5 ,mem_patch2f +6dc2 20406e8f call ask_serviceclassid +6dc3 2841feff compare 0xff ,temp ,0xff +6dc4 2020ee83 branch sdp_invalid_request_syntax ,true +6dc5 20406ded call sdp_store_maxbyte +6dc6 67e4051c store 2 ,mem_sdp_attribute_maxbyte +6dc7 196097fe increase -2 ,timeup +6dc8 20406ee7 call dataelementtype6 +6dc9 d8a00526 arg mem_sdp_attrib_list ,contw +6dca 18000e00 force 0 ,queue + +ssa_req_loop: +6dcb efe20006 ifetch 1 ,contr +6dcc c0056df5 beq sdp_attribute_range ,ssa_req_range +6dcd efe40006 ifetch 2 ,contr +6dce e7e40005 istore 2 ,contw +6dcf 18e08e01 increase 1 ,queue +6dd0 196097fd increase -3 ,timeup +6dd1 1a20a3fd increase -3 ,rega +6dd2 24216e83 nbranch sdp_invalid_request_syntax ,positive +6dd3 2422edcb nbranch ssa_req_loop ,zero +6dd4 196097ff increase -1 ,timeup +6dd5 2422ee83 nbranch sdp_invalid_request_syntax ,zero +6dd6 204056aa call l2cap_get_sdp_tx_payload +6dd7 18a08a0d increase 13 ,contw +6dd8 6fe4050d fetch 2 ,mem_sdp_uuid_search_ptr +6dd9 98002600 iforce regc +6dda da200526 arg mem_sdp_attrib_list ,rega + +ssa_req_attributelist_next: +6ddb efe40011 ifetch 2 ,rega +6ddc 203a6de8 branch ssa_req_attributelist_end ,blank +6ddd 98002400 iforce regb +6dde 20406f85 call search_attrib +6ddf 203a6de6 branch ssa_req_attributelist_notfound ,blank +6de0 18c08dfd increase -3 ,contr +6de1 efe60006 ifetch 3 ,contr +6de2 e7e60005 istore 3 ,contw +6de3 20406f1a call sdp_data_len +6de4 98007200 iforce loopcnt +6de5 20407cdc call memcpy + +ssa_req_attributelist_notfound: +6de6 1a20a202 increase 2 ,rega +6de7 20206ddb branch ssa_req_attributelist_next + +ssa_req_attributelist_end: +6de8 20406e42 call ssa_req_range_lastfreg +6de9 6fe40271 fetch 2 ,mem_sdp_tx_pkt_length +6dea c0076f05 beq 14 ,ssa_empty_rsp +6deb 20406e59 call ssa_req_range_attrbutes_length_no_continue +6dec 20206e59 branch ssa_req_range_attrbutes_length_no_continue + +sdp_store_maxbyte: +6ded efe40006 ifetch 2 ,contr +6dee 1ff0fe00 byteswap pdata ,pdata +6def 1fe0fffd increase -3 ,pdata +6df0 d84000c8 arg 200 ,temp +6df1 98467c00 isub temp ,null +6df2 24610000 nrtn positive +6df3 580000c8 setarg 200 +6df4 20600000 rtn + +ssa_req_range: +6df5 18c08c04 increase 4 ,contr +6df6 196097fb increase -5 ,timeup +6df7 1a20a3fb increase -5 ,rega +6df8 2422ee83 nbranch sdp_invalid_request_syntax ,zero +6df9 20406d69 call sdp_store_continue_common +6dfa 2422ee7d nbranch sdp_invalid_pdu_size ,zero +6dfb d960050d arg mem_sdp_uuid_search_ptr ,timeup +6dfc 20406f41 call search_all_uuid +6dfd 18e27e00 deposit queue +6dfe 203a6f05 branch ssa_empty_rsp ,blank +6dff 67e2054a store 1 ,mem_handle_humber +6e00 1a427e00 copy regb ,pdata +6e01 67e40548 store 2 ,mem_sdp_all_length +6e02 d8e00000 arg 0 ,queue +6e03 da200000 arg 0 ,rega +6e04 204056aa call l2cap_get_sdp_tx_payload +6e05 18a08a0a increase 10 ,contw + +ssa_req_range_find_handle: +6e06 20406e2b call ssa_req_range_get_length +6e07 24344a8b nbranch assert ,user +6e08 18c21600 copy contr ,timeup +6e09 1fe22600 copy pdata ,regc +6e0a 9a20a200 iadd rega ,rega +6e0b 6fe40515 fetch 2 ,mem_sdp_continue_byte +6e0c 1fe22400 copy pdata ,regb +6e0d 203a6e34 branch ssa_req_range_first_freg ,blank + +ssa_req_range_later_freg_with_continue: +6e0e 1a227e00 copy rega ,pdata +6e0f 9a462400 isub regb ,regb +6e10 2022ee26 branch ssa_req_range_next_handle ,zero +6e11 24216e26 nbranch ssa_req_range_next_handle ,positive +6e12 6fe4051c fetch 2 ,mem_sdp_attribute_maxbyte +6e13 9a467c00 isub regb ,null +6e14 2022ee1d branch ssa_req_range_maxbyte_with_continue ,zero +6e15 24216e1d nbranch ssa_req_range_maxbyte_with_continue ,positive + +ssa_req_range_send_not_maxbyte: +6e16 1a427200 copy regb ,loopcnt +6e17 20406e20 call ssa_req_range_maxbyte_with_continue_cpy +6e18 6fe2054a fetch 1 ,mem_handle_humber +6e19 18e08e01 increase 1 ,queue +6e1a 98e67c00 isub queue ,null +6e1b 2022ee42 branch ssa_req_range_lastfreg ,zero +6e1c 20206e5f branch ssa_req_range_freg_with_continue + +ssa_req_range_maxbyte_with_continue: +6e1d 1fe27200 copy pdata ,loopcnt +6e1e 20406e20 call ssa_req_range_maxbyte_with_continue_cpy +6e1f 20206e5f branch ssa_req_range_freg_with_continue + +ssa_req_range_maxbyte_with_continue_cpy: +6e20 18a08bfd increase -3 ,contw +6e21 1f220400 copy loopcnt ,temp +6e22 1a627e00 copy regc ,pdata +6e23 9a467e00 isub regb ,pdata +6e24 99608c00 iadd timeup ,contr +6e25 20207cdc branch memcpy + +ssa_req_range_next_handle: +6e26 6fe2054a fetch 1 ,mem_handle_humber +6e27 18e08e01 increase 1 ,queue +6e28 98e67c00 isub queue ,null +6e29 20628000 rtn zero +6e2a 20206e06 branch ssa_req_range_find_handle + +ssa_req_range_get_length: +6e2b 20407dc1 call disable_user +6e2c d8c00526 arg mem_sdp_handle_list ,contr +6e2d 18ebfe00 lshift2 queue ,pdata +6e2e 98c08c00 iadd contr ,contr +6e2f e8480006 ifetcht 4 ,contr +6e30 20406f70 call search_handle +6e31 24628000 nrtn zero +6e32 20406f1a call sdp_data_len +6e33 20207dbf branch enable_user + +ssa_req_range_first_freg: +6e34 6fe4051c fetch 2 ,mem_sdp_attribute_maxbyte +6e35 9a267c00 isub rega ,null +6e36 24216e4e nbranch ssa_req_range_firstfreg_maxbyte_with_continue ,positive +6e37 1a227200 copy rega ,loopcnt +6e38 1f220400 copy loopcnt ,temp +6e39 19620c00 copy timeup ,contr +6e3a 20407cdc call memcpy +6e3b 6fe40548 fetch 2 ,mem_sdp_all_length +6e3c 9a267c00 isub rega ,null +6e3d 2022ee40 branch ssa_req_range_freg_no_continue ,zero + +ssa_req_range_firstfreg_not_maxbyte_with_continue: +6e3e 20406e5f call ssa_req_range_freg_with_continue +6e3f 20206e53 branch ssa_req_range_attrbutes_length + +ssa_req_range_freg_no_continue: +6e40 20406e42 call ssa_req_range_lastfreg +6e41 20206e53 branch ssa_req_range_attrbutes_length + +ssa_req_range_lastfreg: +6e42 da200007 arg sdp_searchattrib_res ,rega + +ssa_req_range_lastfreg_common: +6e43 18007e00 force 0 ,pdata +6e44 e7e20005 istore 1 ,contw +6e45 20406e6f call ssa_req_range_common +6e46 68440271 fetcht 2 ,mem_sdp_tx_pkt_length +6e47 184085fb increase -5 ,temp +6e48 1850fe00 byteswap temp ,pdata +6e49 e7e40005 istore 2 ,contw +6e4a 184085fd increase -3 ,temp +6e4b 1850fe00 byteswap temp ,pdata +6e4c e7e40005 istore 2 ,contw +6e4d 20600000 rtn + +ssa_req_range_firstfreg_maxbyte_with_continue: +6e4e 1fe27200 copy pdata ,loopcnt +6e4f 1f220400 copy loopcnt ,temp +6e50 19620c00 copy timeup ,contr +6e51 20407cdc call memcpy +6e52 20406e5f call ssa_req_range_freg_with_continue + +ssa_req_range_attrbutes_length: +6e53 58000036 setarg 0x36 +6e54 e7e20005 istore 1 ,contw +6e55 6fe40548 fetch 2 ,mem_sdp_all_length +6e56 1ff0fe00 byteswap pdata ,pdata +6e57 e7e40005 istore 2 ,contw +6e58 20600000 rtn + +ssa_req_range_attrbutes_length_no_continue: +6e59 58000036 setarg 0x36 +6e5a e7e20005 istore 1 ,contw +6e5b 184085fd increase -3 ,temp +6e5c 1850fe00 byteswap temp ,pdata +6e5d e7e40005 istore 2 ,contw +6e5e 20600000 rtn + +ssa_req_range_freg_with_continue: +6e5f da200007 arg sdp_searchattrib_res ,rega +6e60 58000002 setarg 2 +6e61 e7e20005 istore 1 ,contw +6e62 6fe40515 fetch 2 ,mem_sdp_continue_byte +6e63 98408400 iadd temp ,temp +6e64 1850fe00 byteswap temp ,pdata +6e65 e7e40005 istore 2 ,contw +6e66 20406e6f call ssa_req_range_common +6e67 68440271 fetcht 2 ,mem_sdp_tx_pkt_length +6e68 184085fb increase -5 ,temp +6e69 1850fe00 byteswap temp ,pdata +6e6a e7e40005 istore 2 ,contw +6e6b 184085fb increase -5 ,temp +6e6c 1850fe00 byteswap temp ,pdata +6e6d e7e40005 istore 2 ,contw +6e6e 20600000 rtn + +ssa_req_range_common: +6e6f 6fe4026f fetch 2 ,mem_sdp_tx_payload_ptr +6e70 98a67e00 isub contw ,pdata +6e71 1fe67e00 sub pdata ,0 ,pdata +6e72 67e40271 store 2 ,mem_sdp_tx_pkt_length +6e73 204056aa call l2cap_get_sdp_tx_payload +6e74 1a227e00 copy rega ,pdata +6e75 e7e20005 istore 1 ,contw +6e76 6fe40518 fetch 2 ,mem_sdp_transactionid +6e77 e7e40005 istore 2 ,contw +6e78 20600000 rtn + +sdp_process_ssa_res: + +sdp_process_ss_res: + +sdp_process_sa_res: + +sdp_process_error_res: +6e79 20600000 rtn + +sdp_invalid_service_record_handle: +6e7a 58000200 setarg 0x0200 +6e7b 67e40546 store 2 ,mem_sdp_error_code +6e7c 20206e85 branch sdp_error_response + +sdp_invalid_pdu_size: +6e7d 58000400 setarg 0x0400 +6e7e 67e40546 store 2 ,mem_sdp_error_code +6e7f 20206e85 branch sdp_error_response + +sdp_insufficient_resource: +6e80 58000600 setarg 0x0600 +6e81 67e40546 store 2 ,mem_sdp_error_code +6e82 20206e85 branch sdp_error_response + +sdp_invalid_request_syntax: +6e83 58000300 setarg 0x0300 +6e84 67e40546 store 2 ,mem_sdp_error_code + +sdp_error_response: +6e85 204056aa call l2cap_get_sdp_tx_payload +6e86 e7e20005 istore 1 ,contw +6e87 6fe40518 fetch 2 ,mem_sdp_transactionid +6e88 e7e40005 istore 2 ,contw +6e89 58000200 setarg 0x0200 +6e8a e7e40005 istore 2 ,contw +6e8b 6fe40546 fetch 2 ,mem_sdp_error_code +6e8c e7e40005 istore 2 ,contw +6e8d 70027107 jam 7 ,mem_sdp_tx_pkt_length +6e8e 20600000 rtn + +ask_serviceclassid: +6e8f da400000 arg 0 ,regb +6e90 18000400 force 0 ,temp +6e91 d8a0050d arg mem_sdp_uuid_search_ptr ,contw +6e92 20406ee7 call dataelementtype6 +6e93 2022eee5 branch asksrv_error ,zero + +classidloop: +6e94 1a40a401 increase 1 ,regb +6e95 efe20006 ifetch 1 ,contr +6e96 1a20a3ff increase -1 ,rega +6e97 196097ff increase -1 ,timeup +6e98 2fe1f018 compare 0x18 ,pdata ,0xf8 +6e99 2420eee5 nbranch asksrv_error ,true +6e9a 2fe00e04 compare 0x04 ,pdata ,0x07 +6e9b 2420eeb2 nbranch cmp032 ,true +6e9c 18000401 force 1 ,temp + +skip2bytes: +6e9d efe20006 ifetch 1 ,contr +6e9e 1a20a3ff increase -1 ,rega +6e9f 196097ff increase -1 ,timeup +6ea0 c0806ea6 bne 0x00 ,frstbwrong +6ea1 efe20006 ifetch 1 ,contr +6ea2 1a20a3ff increase -1 ,rega +6ea3 196097ff increase -1 ,timeup +6ea4 c0006eb7 beq 0x00 ,cmpuuid +6ea5 20206ea9 branch scndbwrong + +frstbwrong: +6ea6 18c08c01 increase 1 ,contr +6ea7 1a20a3ff increase -1 ,rega +6ea8 196097ff increase -1 ,timeup + +scndbwrong: +6ea9 18c08c02 increase 2 ,contr +6eaa 1a20a3fe increase -2 ,rega +6eab 196097fe increase -2 ,timeup +6eac 2841fe00 compare 0x00 ,temp ,0xff +6ead 2020eedf branch loopornot ,true +6eae 18c08c0c increase 12 ,contr +6eaf 1a20a3f4 increase -12 ,rega +6eb0 196097f4 increase -12 ,timeup +6eb1 20206edf branch loopornot + +cmp032: +6eb2 2fe00e02 compare 0x02 ,pdata ,0x07 +6eb3 2420eeb5 nbranch cmp016 ,true +6eb4 20206e9d branch skip2bytes + +cmp016: +6eb5 2fe00e01 compare 0x01 ,pdata ,0x07 +6eb6 2420eee5 nbranch asksrv_error ,true + +cmpuuid: +6eb7 1a20a3fe increase -2 ,rega +6eb8 196097fe increase -2 ,timeup +6eb9 efe40006 ifetch 2 ,contr +6eba 1a467c04 sub regb ,4 ,null +6ebb 2022eebd branch uuidsize ,zero +6ebc e7e40005 istore 2 ,contw + +uuidsize: +6ebd 2841fe00 compare 0x00 ,temp ,0xff +6ebe 2020eedf branch loopornot ,true +6ebf 18c20400 copy contr ,temp +6ec0 efe20006 ifetch 1 ,contr +6ec1 c0806ed8 bne 0x00 ,wrong12b +6ec2 efe20006 ifetch 1 ,contr +6ec3 c0806ed8 bne 0x00 ,wrong12b +6ec4 efe20006 ifetch 1 ,contr +6ec5 c0886ed8 bne 0x10 ,wrong12b +6ec6 efe20006 ifetch 1 ,contr +6ec7 c0806ed8 bne 0x00 ,wrong12b +6ec8 efe20006 ifetch 1 ,contr +6ec9 c0c06ed8 bne 0x80 ,wrong12b +6eca efe20006 ifetch 1 ,contr +6ecb c0806ed8 bne 0x00 ,wrong12b +6ecc efe20006 ifetch 1 ,contr +6ecd c0806ed8 bne 0x00 ,wrong12b +6ece efe20006 ifetch 1 ,contr +6ecf c0c06ed8 bne 0x80 ,wrong12b +6ed0 efe20006 ifetch 1 ,contr +6ed1 c0afeed8 bne 0x5f ,wrong12b +6ed2 efe20006 ifetch 1 ,contr +6ed3 c0cdeed8 bne 0x9b ,wrong12b +6ed4 efe20006 ifetch 1 ,contr +6ed5 c09a6ed8 bne 0x34 ,wrong12b +6ed6 efe20006 ifetch 1 ,contr +6ed7 c07deedd beq 0xfb ,chck12dn + +wrong12b: +6ed8 18420c00 copy temp ,contr + +wrong12b1: +6ed9 18c08c0c increase 12 ,contr +6eda 18000e00 force 0x00 ,queue +6edb 18000400 force 0x00 ,temp +6edc 20206edd branch chck12dn + +chck12dn: +6edd 196097f4 increase -12 ,timeup +6ede 1a20a3f4 increase -12 ,rega + +loopornot: +6edf 18000400 force 0x00 ,temp +6ee0 2a21fe00 compare 0x00 ,rega ,0xff +6ee1 2420ee94 nbranch classidloop ,true +6ee2 18007e00 force 0 ,pdata +6ee3 e7e40005 istore 2 ,contw +6ee4 20600000 rtn + +asksrv_error: +6ee5 d84000ff arg 0xff ,temp +6ee6 20600000 rtn + +dataelementtype6: +6ee7 47404030 bpatchx patch30_0 ,mem_patch30 +6ee8 efe20006 ifetch 1 ,contr +6ee9 196097ff increase -1 ,timeup +6eea 2fe1f030 compare 0x30 ,pdata ,0xf8 +6eeb 2420eefd nbranch dsize_error ,true +6eec 2fe00e07 compare 0x07 ,pdata ,0x07 +6eed 2020eef6 branch dsize32 ,true +6eee 2fe00e06 compare 0x06 ,pdata ,0x07 +6eef 2020eef8 branch dsize16 ,true +6ef0 2fe00e05 compare 0x05 ,pdata ,0x07 +6ef1 2420eefd nbranch dsize_error ,true +6ef2 efe20006 ifetch 1 ,contr +6ef3 1fe22200 copy pdata ,rega +6ef4 196097ff increase -1 ,timeup +6ef5 20206efb branch dsize + +dsize32: +6ef6 18c08c02 increase 2 ,contr +6ef7 196097fe increase -2 ,timeup + +dsize16: +6ef8 efe40006 ifetch 2 ,contr +6ef9 1ff0a200 byteswap pdata ,rega +6efa 196097fe increase -2 ,timeup + +dsize: +6efb 18007e01 force 0x01 ,pdata +6efc 20600000 rtn + +dsize_error: +6efd 18007e00 force 0x00 ,pdata +6efe 20600000 rtn + +ss_empty_rsp: +6eff 58000003 setarg sdp_search_res +6f00 67e20517 store 1 ,mem_sdp_pduid +6f01 20206f07 branch empty_response + +sa_empty_rsp: +6f02 58000005 setarg sdp_attribute_res +6f03 67e20517 store 1 ,mem_sdp_pduid +6f04 20206f07 branch empty_response + +ssa_empty_rsp: +6f05 58000007 setarg sdp_searchattrib_res +6f06 67e20517 store 1 ,mem_sdp_pduid + +empty_response: +6f07 204056aa call l2cap_get_sdp_tx_payload +6f08 6fe20517 fetch 1 ,mem_sdp_pduid +6f09 1fe22400 copy pdata ,regb +6f0a e7e20005 istore 1 ,contw +6f0b 6fe40518 fetch 2 ,mem_sdp_transactionid +6f0c e7e40005 istore 2 ,contw +6f0d 58000500 setarg 0x0500 +6f0e e7e40005 istore 2 ,contw +6f0f 2a41fe05 compare sdp_attribute_res ,regb ,0xff +6f10 2020ef16 branch fullsearch ,true +6f11 2a41fe07 compare sdp_searchattrib_res ,regb ,0xff +6f12 2020ef16 branch fullsearch ,true +6f13 58000000 setarg 0x000000 +6f14 e7ea0005 istore 5 ,contw +6f15 20206f18 branch outempty + +fullsearch: +6f16 58350200 setarg 0x350200 +6f17 e7ea0005 istore 5 ,contw + +outempty: +6f18 7002710a jam 10 ,mem_sdp_tx_pkt_length +6f19 20600000 rtn + +sdp_data_len: +6f1a 20407c7d call store_contw +6f1b 20407c80 call store_contr +6f1c 20406f21 call sdp_get_data +6f1d 20407c77 call get_contw +6f1e 20407c7a call get_contr +6f1f 18427e00 copy temp ,pdata +6f20 20600000 rtn + +sdp_get_data: +6f21 efe20006 ifetch 1 ,contr +6f22 1fe17207 and pdata ,0x7 ,loopcnt +6f23 1fe97e00 rshift3 pdata ,pdata +6f24 c0806f2b bne 0 ,sdp_get_data_type_not0 + +sdp_get_data_type0: +6f25 18007e01 force 1 ,pdata +6f26 18000401 force 1 ,temp +6f27 20600000 rtn + +sdp_get_data_type_not0_sizeindex01234: +6f28 20407c51 call left_shift_n +6f29 1fe08401 add pdata ,1 ,temp +6f2a 20600000 rtn + +sdp_get_data_type_not0: +6f2b 1f227e00 deposit loopcnt +6f2c 1fe67c04 sub pdata ,4 ,null +6f2d 20216f28 branch sdp_get_data_type_not0_sizeindex01234 ,positive +6f2e c002ef32 beq 5 ,sdp_get_data_type_not0_sizeindex5 +6f2f c0036f35 beq 6 ,sdp_get_data_type_not0_sizeindex6 +6f30 c003ef39 beq 7 ,sdp_get_data_type_not0_sizeindex7 +6f31 20600000 rtn + +sdp_get_data_type_not0_sizeindex5: +6f32 efe20006 ifetch 1 ,contr +6f33 1fe08402 add pdata ,2 ,temp +6f34 20600000 rtn + +sdp_get_data_type_not0_sizeindex6: +6f35 efe40006 ifetch 2 ,contr +6f36 1ff0fe00 byteswap pdata ,pdata +6f37 1fe08403 add pdata ,3 ,temp +6f38 20600000 rtn + +sdp_get_data_type_not0_sizeindex7: +6f39 efe40006 ifetch 2 ,contr +6f3a 1ff0fe00 byteswap pdata ,pdata +6f3b e8440006 ifetcht 2 ,contr +6f3c 18508400 byteswap temp ,temp +6f3d 18500400 lshift16 temp ,temp +6f3e 9840fe00 iadd temp ,pdata +6f3f 1fe08405 add pdata ,5 ,temp +6f40 20600000 rtn + +search_all_uuid: +6f41 4740c030 bpatchx patch30_1 ,mem_patch30 +6f42 18000e00 force 0 ,queue +6f43 da400000 arg 0 ,regb +6f44 d8a00526 arg mem_sdp_handle_list ,contw + +search_all_uuid_llop: +6f45 efe4000b ifetch 2 ,timeup +6f46 207a0000 rtn blank +6f47 20406f4c call search_uuid +6f48 18e27e00 copy queue ,pdata +6f49 c1038000 rtneq sdp_max_handle_number +6f4a 19609602 increase 2 ,timeup +6f4b 20206f45 branch search_all_uuid_llop + +search_uuid: +6f4c 98002600 iforce regc +6f4d 6fe44547 fetch 2 ,mem_ui_uuid_table +6f4e 98000c00 iforce contr + +search_uuid_next: +6f4f 18e27e00 copy queue ,pdata +6f50 c1038000 rtneq sdp_max_handle_number +6f51 78547c00 disable user +6f52 efe20006 ifetch 1 ,contr +6f53 207a0000 rtn blank +6f54 98007200 iforce loopcnt + +search_uuid_loop: +6f55 efe40006 ifetch 2 ,contr +6f56 9a667c00 isub regc ,null +6f57 2422ef59 nbranch search_uuid_not_found ,zero +6f58 78347c00 enable user + +search_uuid_not_found: +6f59 c2006f55 loop search_uuid_loop +6f5a e8480006 ifetcht 4 ,contr +6f5b 18c22200 copy contr ,rega +6f5c 24346f6c nbranch search_uuid_nomatch ,user +6f5d d8c00526 arg mem_sdp_handle_list ,contr +6f5e df200007 arg sdp_max_handle_number ,loopcnt + +search_uuid_check_same_handle: +6f5f efe80006 ifetch 4 ,contr +6f60 203a6f65 branch search_uuid_store_handle ,blank +6f61 98467c00 isub temp ,null +6f62 2022ef6c branch search_uuid_nomatch ,zero +6f63 c2006f5f loop search_uuid_check_same_handle +6f64 20600000 rtn + +search_uuid_store_handle: +6f65 e0480005 istoret 4 ,contw +6f66 18e08e01 increase 1 ,queue +6f67 1a220c00 copy rega ,contr +6f68 20406f1a call sdp_data_len +6f69 9a40a400 iadd regb ,regb +6f6a 98c08c00 iadd contr ,contr +6f6b 20206f4f branch search_uuid_next + +search_uuid_nomatch: +6f6c 1a220c00 copy rega ,contr +6f6d 20406f21 call sdp_get_data +6f6e 98c08c00 iadd contr ,contr +6f6f 20206f4f branch search_uuid_next + +search_handle: +6f70 47414030 bpatchx patch30_2 ,mem_patch30 +6f71 6fe44547 fetch 2 ,mem_ui_uuid_table +6f72 98000c00 iforce contr + +search_handle_loop: +6f73 efe20006 ifetch 1 ,contr +6f74 203a7dbb branch disable_zero ,blank +6f75 1fe3fe00 lshift pdata ,pdata +6f76 98c08c00 iadd contr ,contr +6f77 efe80006 ifetch 4 ,contr +6f78 98467c00 isub temp ,null +6f79 20628000 rtn zero +6f7a 18a27e00 deposit contw +6f7b 67e40ab7 store 2 ,mem_contw +6f7c 60500a9e storet 8 ,mem_temp +6f7d 20406f21 call sdp_get_data +6f7e 98c08c00 iadd contr ,contr +6f7f 18c27e00 copy contr ,pdata +6f80 68440ab7 fetcht 2 ,mem_contw +6f81 18420a00 copy temp ,contw +6f82 68500a9e fetcht 8 ,mem_temp +6f83 1fe20c00 copy pdata ,contr +6f84 20206f73 branch search_handle_loop + +search_attrib: +6f85 4741c030 bpatchx patch30_3 ,mem_patch30 +6f86 6fe44547 fetch 2 ,mem_ui_uuid_table +6f87 98000c00 iforce contr + +search_attrib_next: +6f88 efe20006 ifetch 1 ,contr +6f89 203a6fa3 branch search_attrib_end ,blank +6f8a 98007200 iforce loopcnt + +search_attrib_loop: +6f8b efe40006 ifetch 2 ,contr +6f8c 9a667c00 isub regc ,null +6f8d 2022ef93 branch search_attrib_found_uuid ,zero +6f8e c2006f8b loop search_attrib_loop +6f8f 18c08c04 increase 4 ,contr +6f90 20406f21 call sdp_get_data +6f91 98c08c00 iadd contr ,contr +6f92 20206f88 branch search_attrib_next + +search_attrib_found_uuid: +6f93 1f20f3ff increase -1 ,loopcnt +6f94 1f23fe00 lshift loopcnt ,pdata +6f95 98c08c00 iadd contr ,contr +6f96 18c08c04 increase 4 ,contr +6f97 20406f21 call sdp_get_data +6f98 98c09600 iadd contr ,timeup + +search_attrib_loop_attribs: +6f99 18c08c01 increase 1 ,contr +6f9a efe40006 ifetch 2 ,contr +6f9b 9a467c00 isub regb ,null +6f9c 2022fdc7 branch disable_blank ,zero +6f9d 20406f1a call sdp_data_len +6f9e 98c08c00 iadd contr ,contr +6f9f 19627e00 deposit timeup +6fa0 98c67c00 isub contr ,null +6fa1 2022efa3 branch search_attrib_end ,zero +6fa2 20206f99 branch search_attrib_loop_attribs + +search_attrib_end: +6fa3 18000c00 force 0 ,contr +6fa4 18007e00 force 0 ,pdata +6fa5 20600000 rtn + +search_handle_attrib: +6fa6 47424030 bpatchx patch30_4 ,mem_patch30 +6fa7 6fe44547 fetch 2 ,mem_ui_uuid_table +6fa8 98000c00 iforce contr + +search_handle_attrib_next: +6fa9 efe20006 ifetch 1 ,contr +6faa 203a6fbf branch search_handle_attrib_end ,blank +6fab 1fe3fe00 lshift pdata ,pdata +6fac 98c08c00 iadd contr ,contr +6fad efe80006 ifetch 4 ,contr +6fae 98467c00 isub temp ,null +6faf 2022efb3 branch search_handl_attrib_found_handle ,zero +6fb0 20406f21 call sdp_get_data +6fb1 98c08c00 iadd contr ,contr +6fb2 20206fa9 branch search_handle_attrib_next + +search_handl_attrib_found_handle: +6fb3 20406f21 call sdp_get_data +6fb4 98c09600 iadd contr ,timeup + +search_handle_attrib_loop_attribs: +6fb5 18c08c01 increase 1 ,contr +6fb6 efe40006 ifetch 2 ,contr +6fb7 9a467c00 isub regb ,null +6fb8 20628000 rtn zero +6fb9 20406f1a call sdp_data_len +6fba 98c08c00 iadd contr ,contr +6fbb 19627e00 deposit timeup +6fbc 98c67c00 isub contr ,null +6fbd 2022efbf branch search_handle_attrib_end ,zero +6fbe 20206fb5 branch search_handle_attrib_loop_attribs + +search_handle_attrib_end: +6fbf 18000c00 force 0 ,contr +6fc0 20600000 rtn + +search_rfcomm_cn: +6fc1 da400400 arg 0x0400 ,regb +6fc2 20406fb3 call search_handl_attrib_found_handle +6fc3 da400300 arg 0x0300 ,regb +6fc4 20406fcc call search_uuid_in_data +6fc5 24740000 nrtn user +6fc6 1a267c03 sub rega ,3 ,null +6fc7 20217dc1 branch disable_user ,positive +6fc8 efe20006 ifetch 1 ,contr +6fc9 c0847dc1 bne 0x08 ,disable_user +6fca efe20006 ifetch 1 ,contr +6fcb 20600000 rtn + +search_uuid_in_data: +6fcc 4742c030 bpatchx patch30_5 ,mem_patch30 +6fcd 20406f21 call sdp_get_data +6fce 1fe22200 copy pdata ,rega + +search_uuid_in_data_loop: +6fcf efe20006 ifetch 1 ,contr +6fd0 1fe17207 and pdata ,0x7 ,loopcnt +6fd1 1fe97e00 rshift3 pdata ,pdata +6fd2 1fe67c03 sub pdata ,3 ,null +6fd3 2022efe8 branch search_uuid_in_data_found_uuid ,zero +6fd4 1f227e00 copy loopcnt ,pdata +6fd5 c002efdf beq 5 ,search_uuid_in_data_found_element_index5 +6fd6 c0036fe2 beq 6 ,search_uuid_in_data_found_element_index6 +6fd7 c003efe5 beq 7 ,search_uuid_in_data_found_element_index7 +6fd8 18c08dff increase -1 ,contr +6fd9 20406f21 call sdp_get_data +6fda 98c08c00 iadd contr ,contr +6fdb 1a227e00 copy rega ,pdata +6fdc 98462200 isub temp ,rega +6fdd 2022fdc1 branch disable_user ,zero +6fde 20206fcf branch search_uuid_in_data_loop + +search_uuid_in_data_found_element_index5: +6fdf 1a20a3fe increase -2 ,rega +6fe0 18c08c01 increase 1 ,contr +6fe1 20206fcf branch search_uuid_in_data_loop + +search_uuid_in_data_found_element_index6: +6fe2 1a20a3fd increase -3 ,rega +6fe3 18c08c02 increase 2 ,contr +6fe4 20206fcf branch search_uuid_in_data_loop + +search_uuid_in_data_found_element_index7: +6fe5 1a20a3fb increase -5 ,rega +6fe6 18c08c04 increase 4 ,contr +6fe7 20206fcf branch search_uuid_in_data_loop + +search_uuid_in_data_found_uuid: +6fe8 1a20a3ff increase -1 ,rega +6fe9 1f227e00 copy loopcnt ,pdata +6fea c000eff1 beq 1 ,search_uuid_in_data_type_uuid_16 +6feb c0016fef beq 2 ,search_uuid_in_data_type_uuid_32 +6fec c0026fee beq 4 ,search_uuid_in_data_type_uuid_128 +6fed 20207dc1 branch disable_user + +search_uuid_in_data_type_uuid_128: +6fee 1a20a3f4 increase -12 ,rega + +search_uuid_in_data_type_uuid_32: +6fef efe40006 ifetch 2 ,contr +6ff0 1a20a3fe increase -2 ,rega + +search_uuid_in_data_type_uuid_16: +6ff1 efe40006 ifetch 2 ,contr +6ff2 9a467c00 isub regb ,null +6ff3 2022fdbf branch enable_user ,zero +6ff4 1a20a3fe increase -2 ,rega +6ff5 2022fdc1 branch disable_user ,zero +6ff6 20206fcf branch search_uuid_in_data_loop + +sdp_send_spp_request: +6ff7 204056aa call l2cap_get_sdp_tx_payload +6ff8 1fe20a00 copy pdata ,contw +6ff9 58000006 setarg 6 +6ffa e7e20005 istore 1 ,contw +6ffb 5800006e setarg sdp_tid_spp +6ffc e7e40005 istore 2 ,contw +6ffd 58000f00 setarg 0x0f00 +6ffe e7e40005 istore 2 ,contw +6fff 581a0535 setarg 0x1a0535 +7000 e7e60005 istore 3 ,contw +7001 58000111 setarg 0x0111 +7002 1ff07e00 lshift16 pdata ,pdata +7003 e7e80005 istore 4 ,contw +7004 58002600 setarg 0x2600 +7005 e7e40005 istore 2 ,contw +7006 58000335 setarg 0x0335 +7007 e7e40005 istore 2 ,contw +7008 58000009 setarg 0x0009 +7009 e7e40005 istore 2 ,contw +700a 58000004 setarg 0x0004 +700b e7e40005 istore 2 ,contw +700c 70027114 jam 0x14 ,mem_sdp_tx_pkt_length +700d 20600000 rtn + +function_g2: +700e 47434030 bpatchx patch30_6 ,mem_patch30 +700f 7005e150 jam 80 ,mem_aes_cmac_data_length +7010 d8a005e2 arg memdat ,contw +7011 d8c0440c arg mem_le_srand ,contr +7012 20407c9a call memcpy16 +7013 d8c045a4 arg mem_le_pubkey_local_x_256 ,contr +7014 20407c98 call memcpy32 +7015 d8c009ba arg mem_le_pubkey_remote_x_256 ,contr +7016 20407c98 call memcpy32 +7017 204070c9 call inverse_memdat +7018 d8c0042b arg mem_le_mrand ,contr +7019 204070c4 call store_inverse_k +701a 2040708f call function_aes_cmac +701b d8a00aee arg mem_aes_cmac_temp ,contw +701c 204070c0 call load_inverse_result +701d 580f4240 setarg 1000000 +701e 1fe22200 copy pdata ,rega +701f 6fe80aee fetch 4 ,mem_aes_cmac_temp +7020 9a26fc00 idiv rega +7021 20407d61 call wait_div_end +7022 18077e00 remainder pdata +7023 67e809b6 store 4 ,mem_gkey +7024 20600000 rtn + +function_f6_eb: +7025 7005e141 jam 65 ,mem_aes_cmac_data_length +7026 d8a005e2 arg memdat ,contw +7027 20407074 call store_addr_common_a +7028 2040706f call store_addr_common_b +7029 6fe64426 fetch 3 ,mem_le_pres + 1 +702a e7e60005 istore 3 ,contw +702b 20407035 call get_r +702c d8c0042b arg mem_le_mrand ,contr +702d 20407c9a call memcpy16 +702e d8c0440c arg mem_le_srand ,contr +702f 20407c9a call memcpy16 +7030 204070c9 call inverse_memdat +7031 d8c00b0e arg mem_le_mackey ,contr +7032 d8a00abe arg mem_aes_cmac_k ,contw +7033 20407c9a call memcpy16 +7034 2020708f branch function_aes_cmac + +get_r: +7035 6fe84499 fetch 4 ,mem_le_tk +7036 e7e80005 istore 4 ,contw +7037 20407ca8 call memset0_4 +7038 20207ca5 branch memset0_8 + +function_f6_ea: +7039 4743c030 bpatchx patch30_7 ,mem_patch30 +703a 7005e141 jam 65 ,mem_aes_cmac_data_length +703b d8a005e2 arg memdat ,contw +703c 2040706f call store_addr_common_b +703d 20407074 call store_addr_common_a +703e 6fe6441f fetch 3 ,mem_le_preq + 1 +703f e7e60005 istore 3 ,contw +7040 20407035 call get_r +7041 d8c0440c arg mem_le_srand ,contr +7042 20407c9a call memcpy16 +7043 d8c0042b arg mem_le_mrand ,contr +7044 20407c9a call memcpy16 +7045 204070c9 call inverse_memdat +7046 d8c00b0e arg mem_le_mackey ,contr +7047 d8a00abe arg mem_aes_cmac_k ,contw +7048 20407c9a call memcpy16 +7049 2040708f call function_aes_cmac +704a d8a00aee arg mem_aes_cmac_temp ,contw +704b 202070c0 branch load_inverse_result + +function_f5: +704c 7005e120 jam 32 ,mem_aes_cmac_data_length +704d d8c009fa arg mem_le_dhkey_256 ,contr +704e d8a005e2 arg memdat ,contw +704f 20407c98 call memcpy32 +7050 204070c9 call inverse_memdat +7051 d8c0099a arg mem_le_slat ,contr +7052 204070c4 call store_inverse_k +7053 2040708f call function_aes_cmac +7054 d8a00abe arg mem_aes_cmac_k ,contw +7055 2040734c call store_aes_result +7056 d8400001 arg 1 ,temp +7057 2040705e call function_f5_common +7058 d8a043eb arg mem_le_ltk ,contw +7059 204070c0 call load_inverse_result +705a d8400000 arg 0 ,temp +705b 2040705e call function_f5_common +705c d8a00b0e arg mem_le_mackey ,contw +705d 2020734c branch store_aes_result + +function_f5_common: +705e 47444031 bpatchx patch31_0 ,mem_patch31 +705f 7005e135 jam 53 ,mem_aes_cmac_data_length +7060 58000100 setarg 0x100 +7061 67e405e2 store 2 ,memdat +7062 2040706f call store_addr_common_b +7063 20407074 call store_addr_common_a +7064 d8c0440c arg mem_le_srand ,contr +7065 20407c9a call memcpy16 +7066 d8c0042b arg mem_le_mrand ,contr +7067 20407c9a call memcpy16 +7068 58006c65 setarg 0x6c65 +7069 e7e40005 istore 2 ,contw +706a 58006274 setarg 0x6274 +706b e7e40005 istore 2 ,contw +706c e0420005 istoret 1 ,contw +706d 204070c9 call inverse_memdat +706e 2020708f branch function_aes_cmac + +store_addr_common_b: +706f 6fec4472 fetch 6 ,mem_le_lap +7070 e7ec0005 istore 6 ,contw +7071 6fe24467 fetch 1 ,mem_le_conn_own_addr_type +7072 e7e20005 istore 1 ,contw +7073 20600000 rtn + +store_addr_common_a: +7074 6fec044b fetch 6 ,mem_le_plap +7075 e7ec0005 istore 6 ,contw +7076 6fe24460 fetch 1 ,mem_le_conn_peer_addr_type +7077 e7e20005 istore 1 ,contw +7078 20600000 rtn + +function_f4_ca: +7079 7005e141 jam 65 ,mem_aes_cmac_data_length +707a 6fe24636 fetch 1 ,mem_passkey_1bit +707b 67e205e2 store 1 ,memdat +707c d8c045a4 arg mem_le_pubkey_local_x_256 ,contr +707d 20407c98 call memcpy32 +707e d8c009ba arg mem_le_pubkey_remote_x_256 ,contr +707f 20407c98 call memcpy32 +7080 204070c9 call inverse_memdat +7081 d8c0042b arg mem_le_mrand ,contr +7082 204070c4 call store_inverse_k +7083 2020708f branch function_aes_cmac + +function_f4_cb: +7084 7005e141 jam 65 ,mem_aes_cmac_data_length +7085 6fe24636 fetch 1 ,mem_passkey_1bit +7086 67e205e2 store 1 ,memdat +7087 d8c009ba arg mem_le_pubkey_remote_x_256 ,contr +7088 20407c98 call memcpy32 +7089 d8c045a4 arg mem_le_pubkey_local_x_256 ,contr +708a 20407c98 call memcpy32 +708b 204070c9 call inverse_memdat +708c d8c0440c arg mem_le_srand ,contr +708d 204070c4 call store_inverse_k +708e 2020708f branch function_aes_cmac + +function_aes_cmac: +708f 4744c031 bpatchx patch31_1 ,mem_patch31 +7090 204070de call function_aes_cmac_generate_subkey +7091 6fe205e1 fetch 1 ,mem_aes_cmac_data_length +7092 1fe20400 copy pdata ,temp + +function_ceil16: +7093 1fe0fe0f increase 15 ,pdata +7094 1ff1fe00 rshift4 pdata ,pdata +7095 1fe22400 copy pdata ,regb +7096 203a70a1 branch function_aes_cmac_set_flag_0_balnk ,blank +7097 18417e0f and temp ,0x0f ,pdata +7098 243a70a4 nbranch function_aes_cmac_set_flag_0 ,blank +7099 da600ace arg mem_aes_cmac_k1 ,regc +709a dfe005e2 arg memdat ,pdata +709b 1fe0fff0 increase -16 ,pdata +709c 9840a200 iadd temp ,rega +709d d8a00afe arg mem_aes_cmac_m_last ,contw +709e df200004 arg 4 ,loopcnt +709f 20407cb8 call xor_loop +70a0 202070af branch function_aes_cmac_aes + +function_aes_cmac_set_flag_0_balnk: +70a1 da400001 arg 1 ,regb +70a2 da200000 arg 0 ,rega +70a3 202070a5 branch function_aes_cmac_set_flag_0_common + +function_aes_cmac_set_flag_0: +70a4 1841220f and temp ,0x0f ,rega + +function_aes_cmac_set_flag_0_common: +70a5 dfe005e2 arg memdat ,pdata +70a6 9840fe00 iadd temp ,pdata +70a7 9a260c00 isub rega ,contr +70a8 d8a00aee arg mem_aes_cmac_temp ,contw +70a9 20407104 call function_aes_cmac_padding +70aa da600ade arg mem_aes_cmac_k2 ,regc +70ab da200aee arg mem_aes_cmac_temp ,rega +70ac d8a00afe arg mem_aes_cmac_m_last ,contw +70ad df200004 arg 4 ,loopcnt +70ae 20407cb8 call xor_loop + +function_aes_cmac_aes: +70af 20407346 call aes_clear_data +70b0 204072e8 call aes_init +70b1 d8c005e2 arg memdat ,contr + +function_aes_cmac_aes_loop: +70b2 1a40a5ff increase -1 ,regb +70b3 1a427e00 deposit regb +70b4 203a70b8 branch function_aes_cmac_aes_loop_end ,blank +70b5 2040733b call load_data128 +70b6 204072dc call do_aes_cbc +70b7 202070b2 branch function_aes_cmac_aes_loop + +function_aes_cmac_aes_loop_end: +70b8 d8a00aee arg mem_aes_cmac_temp ,contw +70b9 2040734c call store_aes_result +70ba d8c00afe arg mem_aes_cmac_m_last ,contr +70bb 2040733b call load_data128 +70bc 204072e8 call aes_init +70bd d8c00aee arg mem_aes_cmac_temp ,contr +70be 2040733b call load_data128 +70bf 202072dc branch do_aes_cbc + +load_inverse_result: +70c0 18a22200 copy contw ,rega +70c1 2040734c call store_aes_result +70c2 df200010 arg 16 ,loopcnt +70c3 20207cc0 branch inverse_data + +store_inverse_k: +70c4 d8a00abe arg mem_aes_cmac_k ,contw +70c5 20407c9a call memcpy16 + +inverse_k: +70c6 df200010 arg 16 ,loopcnt +70c7 da200abe arg mem_aes_cmac_k ,rega +70c8 20207cc0 branch inverse_data + +inverse_memdat: +70c9 6fe205e1 fetch 1 ,mem_aes_cmac_data_length +70ca 1fe27200 copy pdata ,loopcnt +70cb da2005e2 arg memdat ,rega +70cc 20207cc0 branch inverse_data + +bn_lshift_0_inverse: +70cd efe20011 ifetch 1 ,rega +70ce 1fe3fe00 lshift pdata ,pdata +70cf 2a6ffe00 isolate1 0 ,regc +70d0 7920fe00 setflag true ,0 ,pdata +70d1 2feffe08 isolate1 8 ,pdata +70d2 7920a600 setflag true ,0 ,regc +70d3 e7e20011 istore 1 ,rega +70d4 1a20a3ff increase -1 ,rega +70d5 c20070cd loop bn_lshift_0_inverse +70d6 20600000 rtn + +function_aes_cmac_k1_inverse: +70d7 da200ace arg mem_aes_cmac_k1 ,rega + +function_aes_cmac_inverse_common: +70d8 1a20a20f increase 15 ,rega +70d9 18007210 force 16 ,loopcnt +70da 18002600 force 0 ,regc +70db 202070cd branch bn_lshift_0_inverse + +function_aes_cmac_k2_inverse: +70dc da200ade arg mem_aes_cmac_k2 ,rega +70dd 202070d8 branch function_aes_cmac_inverse_common + +function_aes_cmac_generate_subkey: +70de d8c00abe arg mem_aes_cmac_k ,contr +70df 20407338 call load_key128 +70e0 18007008 force regidx_xor ,regext_index +70e1 20407347 call aes_clear +70e2 20407346 call aes_clear_data +70e3 204072d9 call do_aes_ecb +70e4 d8a00ace arg mem_aes_cmac_k1 ,contw +70e5 2040734c call store_aes_result + +function_aes_cmac_k1: +70e6 47454031 bpatchx patch31_2 ,mem_patch31 +70e7 6fe20ace fetch 1 ,mem_aes_cmac_k1 +70e8 2feffe07 isolate1 7 ,pdata +70e9 2420f0ef nbranch function_aes_cmac_k1_0 ,true +70ea 204070d7 call function_aes_cmac_k1_inverse +70eb da600ace arg mem_aes_cmac_k1 ,regc +70ec d8a00ace arg mem_aes_cmac_k1 ,contw +70ed 204070f9 call function_aes_cmac_xor_rb +70ee 202070f0 branch function_aes_cmac_k2 + +function_aes_cmac_k1_0: +70ef 204070d7 call function_aes_cmac_k1_inverse + +function_aes_cmac_k2: +70f0 d8c00ace arg mem_aes_cmac_k1 ,contr +70f1 d8a00ade arg mem_aes_cmac_k2 ,contw +70f2 20407c9a call memcpy16 +70f3 6fe20ade fetch 1 ,mem_aes_cmac_k2 +70f4 2feffe07 isolate1 7 ,pdata +70f5 2420f0dc nbranch function_aes_cmac_k2_inverse ,true +70f6 204070dc call function_aes_cmac_k2_inverse +70f7 da600ade arg mem_aes_cmac_k2 ,regc +70f8 d8a00ade arg mem_aes_cmac_k2 ,contw + +function_aes_cmac_xor_rb: +70f9 df200003 arg 3 ,loopcnt + +function_aes_cmac_xor_rb_loop: +70fa d8400000 arg 0 ,temp +70fb 20407100 call function_aes_cmac_xor_loop_common +70fc 1a60a604 increase 4 ,regc +70fd c20070fa loop function_aes_cmac_xor_rb_loop +70fe d8408700 arg 0x8700 ,temp +70ff 18500400 lshift16 temp ,temp + +function_aes_cmac_xor_loop_common: +7100 efe80013 ifetch 4 ,regc +7101 9842fe00 ixor temp ,pdata +7102 e7e80005 istore 4 ,contw +7103 20600000 rtn + +function_aes_cmac_padding: +7104 4745c031 bpatchx patch31_3 ,mem_patch31 +7105 df200010 arg 16 ,loopcnt +7106 dfe00000 arg 0 ,pdata + +function_aes_cmac_padding_loop: +7107 9a267c00 isub rega ,null +7108 2022f10f branch function_aes_cmac_padding_beq_length ,zero +7109 20217112 branch function_aes_cmac_padding_big_length ,positive +710a e8420006 ifetcht 1 ,contr +710b e0420005 istoret 1 ,contw + +function_aes_cmac_padding_loop2: +710c 1fe0fe01 increase 1 ,pdata +710d c2007107 loop function_aes_cmac_padding_loop +710e 20600000 rtn + +function_aes_cmac_padding_beq_length: +710f d8400080 arg 0x80 ,temp + +function_aes_cmac_padding_common: +7110 e0420005 istoret 1 ,contw +7111 2020710c branch function_aes_cmac_padding_loop2 + +function_aes_cmac_padding_big_length: +7112 d8400000 arg 0 ,temp +7113 20207110 branch function_aes_cmac_padding_common + +generate_kinit: +7114 20407127 call function_e22 +7115 d8c0058e arg mem_input_store ,contr +7116 d8a0057e arg mem_kinit ,contw +7117 20207c9a branch memcpy16 + +function_e21: +7118 78547c00 disable user +7119 20407215 call function_expand +711a d8c0055e arg mem_random_number ,contr +711b d8a0059e arg mem_x ,contw +711c 1800720f force 15 ,loopcnt +711d 20407cdc call memcpy +711e efe20006 ifetch 1 ,contr +711f 1fe2fe06 xor_into 6 ,pdata +7120 e7e20005 istore 1 ,contw +7121 580005ae setarg mem_y +7122 67e405d2 store 2 ,memp_ar_input +7123 5800059e setarg mem_x +7124 67e405d0 store 2 ,memp_ar_key +7125 79200012 set1 mark_ar2 ,mark +7126 20207167 branch function_ar + +function_e22: +7127 68424657 fetcht 1 ,mem_pin_length +7128 18002410 force 16 ,regb +7129 1840a606 add temp ,6 ,regc +712a 1a667c10 sub regc ,16 ,null +712b 2021712d branch function_e22_pin_init ,positive +712c 18002610 force 16 ,regc + +function_e22_pin_init: +712d d8a0059e arg mem_x ,contw + +function_e22_genx_pin: +712e d8c04658 arg mem_pin ,contr +712f 18427200 copy temp ,loopcnt +7130 78547c00 disable user + +function_e22_genx_loop: +7131 efe20006 ifetch 1 ,contr +7132 e7e20005 istore 1 ,contw +7133 1a40a5ff increase -1 ,regb +7134 2022f13b branch function_e22_genx_end ,zero +7135 c2007131 loop function_e22_genx_loop +7136 2034712e branch function_e22_genx_pin ,user +7137 78347c00 enable user +7138 18007206 force 6 ,loopcnt +7139 1a220c00 copy rega ,contr +713a 20207131 branch function_e22_genx_loop + +function_e22_genx_end: +713b d8c0055e arg mem_random_number ,contr +713c d8a005ae arg mem_y ,contw +713d 20407c9a call memcpy16 +713e 6fe205bd fetch 1 ,mem_y15 +713f 9a62fe00 ixor regc ,pdata +7140 67e205bd store 1 ,mem_y15 +7141 580005ae setarg mem_y +7142 67e405d2 store 2 ,memp_ar_input +7143 5800059e setarg mem_x +7144 67e405d0 store 2 ,memp_ar_key +7145 79200012 set1 mark_ar2 ,mark +7146 20207167 branch function_ar + +function_e1: +7147 78547c00 disable user +7148 20407215 call function_expand +7149 20207151 branch function_hash + +function_e3: +714a da200056 arg mem_aco ,rega +714b 78347c00 enable user +714c 20407215 call function_expand +714d 20407151 call function_hash +714e d8c0058e arg mem_input_store ,contr +714f d8a00062 arg mem_kc ,contw +7150 20207c9a branch memcpy16 + +function_hash: +7151 5800055e setarg mem_random_number +7152 67e405d2 store 2 ,memp_ar_input +7153 580041bf setarg mem_link_key +7154 67e405d0 store 2 ,memp_ar_key +7155 793f8012 set0 mark_ar2 ,mark +7156 20407167 call function_ar +7157 da20058e arg mem_input_store ,rega +7158 da40055e arg mem_random_number ,regb +7159 d8a0059e arg mem_x ,contw +715a 20407208 call xor16 +715b da20059e arg mem_x ,rega +715c da4005ae arg mem_y ,regb +715d 1a420a00 copy regb ,contw +715e 78347c00 enable user +715f 20407206 call add16 +7160 20407220 call key_offset +7161 580005ae setarg mem_y +7162 67e405d2 store 2 ,memp_ar_input +7163 5800059e setarg mem_x +7164 67e405d0 store 2 ,memp_ar_key +7165 79200012 set1 mark_ar2 ,mark +7166 20207167 branch function_ar + +function_ar: +7167 7005d400 jam 0 ,mem_ar_hround +7168 6fe405d0 fetch 2 ,memp_ar_key +7169 98000c00 iforce contr +716a d8a005be arg mem_key_store ,contw +716b 20407c9a call memcpy16 +716c 6fe405d2 fetch 2 ,memp_ar_input +716d 98000c00 iforce contr +716e d8a0058e arg mem_input_store ,contw +716f 20407c9a call memcpy16 + +function_ar_loop: +7170 2040718d call key_scheduling +7171 78547c00 disable user +7172 c5897177 bmark0 mark_ar2 ,function_ar_original +7173 6fe205d4 fetch 1 ,mem_ar_hround +7174 c0827177 bne 4 ,function_ar_original +7175 6a4405d2 fetchr regb ,2 ,memp_ar_input +7176 204071bf call xor_mod32_ar2 + +function_ar_original: +7177 204071be call xor_mod32 +7178 204071d0 call el_boxes +7179 6fe205d4 fetch 1 ,mem_ar_hround +717a 1fe0fe01 increase 1 ,pdata +717b 67e205d4 store 1 ,mem_ar_hround +717c 2040718d call key_scheduling +717d 78347c00 enable user +717e 204071be call xor_mod32 +717f 204071df call pht +7180 204071ec call permute +7181 204071df call pht +7182 204071ec call permute +7183 204071df call pht +7184 204071ec call permute +7185 204071df call pht +7186 6fe205d4 fetch 1 ,mem_ar_hround +7187 1fe0fe01 increase 1 ,pdata +7188 67e205d4 store 1 ,mem_ar_hround +7189 c0887170 bne 16 ,function_ar_loop +718a 2040718d call key_scheduling +718b 78547c00 disable user +718c 202071be branch xor_mod32 + +key_scheduling: +718d 6fe205d4 fetch 1 ,mem_ar_hround +718e d8c005be arg mem_key_store ,contr +718f 203a71b4 branch key_sched_zero ,blank +7190 98002400 iforce regb +7191 18007211 force 17 ,loopcnt +7192 18c20a00 copy contr ,contw + +key_rotateloop: +7193 efe20006 ifetch 1 ,contr +7194 1fe98400 lshift3 pdata ,temp +7195 1feb7e00 rshift2 pdata ,pdata +7196 1fe97e00 rshift3 pdata ,pdata +7197 9841fe00 ior temp ,pdata +7198 e7e20005 istore 1 ,contw +7199 c2007193 loop key_rotateloop +719a 580005be setarg mem_key_store +719b 9a408c00 iadd regb ,contr +719c 18007210 force 16 ,loopcnt +719d d8a0056e arg mem_round_key ,contw + +key_select_octet_loop: +719e efe20006 ifetch 1 ,contr +719f e7e20005 istore 1 ,contw +71a0 28c1ffcf compare mem_key_store_end ,contr ,0xff +71a1 2420f1a3 nbranch key_select_octet_nwrap ,true +71a2 18c08def increase -17 ,contr + +key_select_octet_nwrap: +71a3 c200719e loop key_select_octet_loop +71a4 18002200 force 0 ,rega +71a5 1a40a7ff add regb ,-1 ,regc +71a6 1a6ba600 lshift2 regc ,regc +71a7 1a6ba600 lshift2 regc ,regc +71a8 2040736e call enable_authrom +71a9 58008400 setarg mem_b_box +71aa 9a60a600 iadd regc ,regc +71ab d8a0056e arg mem_round_key ,contw +71ac 18007210 force 16 ,loopcnt + +bias_round_key_loop: +71ad e8420013 ifetcht 1 ,regc +71ae efe20005 ifetch 1 ,contw +71af 9840fe00 iadd temp ,pdata +71b0 e7e20005 istore 1 ,contw +71b1 1a60a601 increase 1 ,regc +71b2 c20071ad loop bias_round_key_loop +71b3 20207372 branch disable_authrom + +key_sched_zero: +71b4 18007210 force 16 ,loopcnt +71b5 18000400 force 0 ,temp + +create_byte_16_loop: +71b6 efe20006 ifetch 1 ,contr +71b7 98428400 ixor temp ,temp +71b8 c20071b6 loop create_byte_16_loop +71b9 18427e00 deposit temp +71ba e7e20006 istore 1 ,contr +71bb d8c005be arg mem_key_store ,contr +71bc d8a0056e arg mem_round_key ,contw +71bd 20207c9a branch memcpy16 + +xor_mod32: +71be da40056e arg mem_round_key ,regb + +xor_mod32_ar2: +71bf 18007210 force 16 ,loopcnt +71c0 da20058e arg mem_input_store ,rega +71c1 1a220a00 copy rega ,contw + +xor_mod32_loop: +71c2 e8420011 ifetcht 1 ,rega +71c3 efe20012 ifetch 1 ,regb +71c4 9842e000 ixor temp ,alarm +71c5 1f212603 and loopcnt ,3 ,regc +71c6 243471c8 nbranch xor_mod32_invert ,user +71c7 1a62a603 xor_into 3 ,regc + +xor_mod32_invert: +71c8 1a662601 sub regc ,1 ,regc +71c9 202171cb branch xor_even ,positive +71ca 9840e000 iadd temp ,alarm + +xor_even: +71cb e6020005 istorer alarm ,1 ,contw +71cc 1a20a201 increase 1 ,rega +71cd 1a40a401 increase 1 ,regb +71ce c20071c2 loop xor_mod32_loop +71cf 20600000 rtn + +el_boxes: +71d0 2040736e call enable_authrom +71d1 18007210 force 16 ,loopcnt +71d2 da20058e arg mem_input_store ,rega + +el_box_loop: +71d3 efe20011 ifetch 1 ,rega +71d4 d8c08500 arg mem_e_box ,contr +71d5 1f212603 and loopcnt ,3 ,regc +71d6 1a667c01 sub regc ,1 ,null +71d7 202171d9 branch e_boxes ,positive +71d8 d8c08600 arg mem_l_box ,contr + +e_boxes: +71d9 98c08c00 iadd contr ,contr +71da efe20006 ifetch 1 ,contr +71db e7e20011 istore 1 ,rega +71dc 1a20a201 increase 1 ,rega +71dd c20071d3 loop el_box_loop +71de 20207372 branch disable_authrom + +pht: +71df 18007208 force 8 ,loopcnt +71e0 d8c0058e arg mem_input_store ,contr +71e1 18c20a00 copy contr ,contw + +pht_loop: +71e2 ea220006 ifetchr rega ,1 ,contr +71e3 ea420006 ifetchr regb ,1 ,contr +71e4 1a23fe00 lshift rega ,pdata +71e5 9a40fe00 iadd regb ,pdata +71e6 e7e20005 istore 1 ,contw +71e7 1a227e00 deposit rega +71e8 9a40fe00 iadd regb ,pdata +71e9 e7e20005 istore 1 ,contw +71ea c20071e2 loop pht_loop +71eb 20600000 rtn + +permute: +71ec 588ae42c setarg 0x8ae42c +71ed 98000400 iforce temp +71ee 18007207 force 7 ,loopcnt +71ef 204071f9 call permute_exchange +71f0 580d751b setarg 0xd751b +71f1 98000400 iforce temp +71f2 18007205 force 5 ,loopcnt +71f3 204071f9 call permute_exchange +71f4 6a22059d fetchr rega ,1 ,mem_input_store + 15 +71f5 6fe20591 fetch 1 ,mem_input_store + 3 +71f6 67e2059d store 1 ,mem_input_store + 15 +71f7 62220591 storer rega ,1 ,mem_input_store + 3 +71f8 20600000 rtn + +permute_exchange: +71f9 1841240f and temp ,0xf ,regb + +permute_loop: +71fa 18417e0f and temp ,0xf ,pdata +71fb d8a0058e arg mem_input_store ,contw +71fc 98a08a00 iadd contw ,contw +71fd ea620005 ifetchr regc ,1 ,contw +71fe e2220005 istorer rega ,1 ,contw +71ff 1a622200 copy regc ,rega +7200 18518400 rshift4 temp ,temp +7201 c20071fa loop permute_loop +7202 5800058e setarg mem_input_store +7203 9a408a00 iadd regb ,contw +7204 e2220005 istorer rega ,1 ,contw +7205 20600000 rtn + +add16: +7206 78347c00 enable user +7207 20207209 branch xor_add16 + +xor16: +7208 78547c00 disable user + +xor_add16: +7209 18007210 force 16 ,loopcnt + +xoradd_loop: +720a e8420011 ifetcht 1 ,rega +720b efe20012 ifetch 1 ,regb +720c 2034720f branch xoradd_add ,user +720d 9842fe00 ixor temp ,pdata +720e 20207210 branch xoradd_store + +xoradd_add: +720f 9840fe00 iadd temp ,pdata + +xoradd_store: +7210 e7e20005 istore 1 ,contw +7211 1a20a201 increase 1 ,rega +7212 1a40a401 increase 1 ,regb +7213 c200720a loop xoradd_loop +7214 20600000 rtn + +function_expand: +7215 d8a005ae arg mem_y ,contw +7216 efec0011 ifetch 6 ,rega +7217 e7ec0005 istore 6 ,contw +7218 2034721b branch expand_12 ,user +7219 efec0011 ifetch 6 ,rega +721a 2020721c branch expand_cont + +expand_12: +721b efec0006 ifetch 6 ,contr + +expand_cont: +721c e7ec0005 istore 6 ,contw +721d efe80011 ifetch 4 ,rega +721e e7e80005 istore 4 ,contw +721f 20600000 rtn + +key_offset: +7220 d8c041bf arg mem_link_key ,contr +7221 d8a0059e arg mem_x ,contw +7222 d8400000 arg 0 ,temp +7223 588395a7 setarg 0x8395a7 +7224 20407241 call concatenate_temp24 +7225 58b3c1df setarg 0xb3c1df +7226 20407241 call concatenate_temp24 +7227 5800e5e9 setarg 0xe5e9 +7228 20407242 call concatenate_temp16 +7229 18422800 copy temp ,regab +722a 78547c00 disable user +722b 2040722f call key_addxor +722c 1a820400 copy regab ,temp +722d 78347c00 enable user +722e 2020722f branch key_addxor + +key_addxor: +722f 18007208 force 8 ,loopcnt + +key_addxor_loop: +7230 efe20006 ifetch 1 ,contr +7231 2f200201 compare 1 ,loopcnt ,1 +7232 20347236 branch key_high ,user +7233 2020f237 branch key_xor ,true + +key_add: +7234 9840fe00 iadd temp ,pdata +7235 20207238 branch key_store + +key_high: +7236 2020f234 branch key_add ,true + +key_xor: +7237 9842fe00 ixor temp ,pdata + +key_store: +7238 e7e20005 istore 1 ,contw +7239 184c8400 rshift8 temp ,temp +723a c2007230 loop key_addxor_loop +723b 20600000 rtn + +copy_aco: +723c 6fec0592 fetch 6 ,mem_input_store + 4 +723d 67ec0056 store 6 ,mem_aco +723e efec0006 ifetch 6 ,contr +723f e7ec0005 istore 6 ,contw +7240 20600000 rtn + +concatenate_temp24: +7241 184d0400 lshift8 temp ,temp + +concatenate_temp16: +7242 18500400 lshift16 temp ,temp +7243 98418400 ior temp ,temp +7244 20600000 rtn + +loop1: +7245 20207245 branch loop1 + +generate_stk: +7246 47464031 bpatchx patch31_4 ,mem_patch31 +7247 204072eb call function_s1 +7248 d8a043eb arg mem_le_ltk ,contw +7249 2020734c branch store_aes_result + +authenticate_rconfirm: +724a d8a0440c arg mem_le_srand ,contw +724b 2034f24d branch authenticate_mconfirm ,master +724c d8a0042b arg mem_le_mrand ,contw + +authenticate_mconfirm: +724d 18c22200 copy contr ,rega +724e 20407c9a call memcpy16 +724f 204072fd call function_c1 +7250 d8c043fc arg mem_le_rconfirm ,contr +7251 20207365 branch compare_res + +generate_confirm: +7252 da20042b arg mem_le_mrand ,rega +7253 2034f255 branch generate_mrand ,master +7254 da20440c arg mem_le_srand ,rega + +generate_mrand: +7255 1a220a00 copy rega ,contw +7256 204066ee call generate_random +7257 202072fd branch function_c1 + +generate_sk: +7258 d8c0447c arg mem_le_skdm ,contr +7259 2040733b call load_data128 +725a d8c043eb arg mem_le_ltk ,contr +725b 20407338 call load_key128 +725c 18006c50 force aes_big_endian | aes_load ,aes_ctrl +725d 18006c00 force 0 ,aes_ctrl +725e 204072d1 call wait_aes +725f d8a00478 arg mem_le_sk ,contw +7260 2020734c branch store_aes_result + +first_block_counter: +7261 18007e49 force 0x49 ,pdata +7262 20207264 branch first_block + +first_block_data: +7263 18007e01 force 1 ,pdata + +first_block: +7264 18007000 force regidx_data ,regext_index +7265 184d5e00 lshift8 temp ,regext +7266 9de1de00 ior regext ,regext +7267 1f00f001 increase 1 ,regext_index +7268 184cde00 rshift8 temp ,regext +7269 1df15e00 rshift16 regext ,regext +726a 6fe443e3 fetch 2 ,mem_le_ivm +726b 1ff07e00 lshift16 pdata ,pdata +726c 9de1de00 ior regext ,regext +726d 1f00f001 increase 1 ,regext_index +726e efe80006 ifetch 4 ,contr +726f 98005e00 iforce regext +7270 1f00f001 increase 1 ,regext_index +7271 efe40006 ifetch 2 ,contr +7272 1a30de00 byteswap rega ,regext +7273 1df05e00 lshift16 regext ,regext +7274 9de1de00 ior regext ,regext +7275 1f00f001 increase 1 ,regext_index +7276 20600000 rtn + +generate_mic: +7277 1a608c01 add regc ,1 ,contr +7278 ea220006 ifetchr rega ,1 ,contr +7279 20407261 call first_block_counter +727a 204072d9 call do_aes_ecb +727b 18007000 force regidx_data ,regext_index +727c efe20013 ifetch 1 ,regc +727d 1fe17e03 and_into 0x3 ,pdata +727e 1ff05e00 lshift16 pdata ,regext +727f 79205e08 set1 8 ,regext +7280 20407344 call clear_hidata +7281 204072dc call do_aes_cbc +7282 1a227200 copy rega ,loopcnt +7283 1a608c02 add regc ,2 ,contr +7284 20407320 call padding_data + +generate_mic_loop: +7285 2040732a call aes_load_data +7286 204072dc call do_aes_cbc +7287 1f227e00 deposit loopcnt +7288 203a728a branch generate_mic_end ,blank +7289 20207285 branch generate_mic_loop + +generate_mic_end: +728a 1800700c force regidx_result ,regext_index +728b 1de22400 copy regext ,regb +728c 62480413 storer regb ,4 ,mem_le_mic +728d 20600000 rtn + +aes_crypt_data: +728e 1a20a201 increase 1 ,rega +728f 20407263 call first_block_data +7290 204072e8 call aes_init +7291 1a620c00 copy regc ,contr +7292 2040733b call load_data128 +7293 204072df call do_aes_cfb +7294 20407353 call store_enc_data +7295 1a60a610 increase 16 ,regc +7296 1a40a5f0 increase -16 ,regb +7297 2021728e branch aes_crypt_data ,positive +7298 20600000 rtn + +le_encrypt: +7299 4746c031 bpatchx patch31_5 ,mem_patch31 +729a da6043ae arg mem_le_txheader ,regc +729b 684a43d5 fetcht 5 ,mem_le_pcnt_tx +729c 20407277 call generate_mic +729d 18002200 force 0 ,rega +729e 20407263 call first_block_data +729f 204072e8 call aes_init +72a0 18007000 force regidx_data ,regext_index +72a1 1a425e00 copy regb ,regext +72a2 204072df call do_aes_cfb +72a3 da6043b0 arg mem_le_txpayload ,regc +72a4 6fe243af fetch 1 ,mem_le_txlen +72a5 1fe0a5ff add pdata ,-1 ,regb +72a6 9a608a00 iadd regc ,contw +72a7 1800700c force regidx_result ,regext_index +72a8 e5e80005 istorer regext ,4 ,contw +72a9 18002200 force 0 ,rega +72aa 2040728e call aes_crypt_data +72ab 6fe243af fetch 1 ,mem_le_txlen +72ac 1fe0fe04 increase 4 ,pdata +72ad 67e243af store 1 ,mem_le_txlen +72ae 684a43d5 fetcht 5 ,mem_le_pcnt_tx +72af 18408401 increase 1 ,temp +72b0 604a43d5 storet 5 ,mem_le_pcnt_tx +72b1 20600000 rtn + +le_decrypt: +72b2 684a43da fetcht 5 ,mem_le_pcnt_rx +72b3 18002200 force 0 ,rega +72b4 20407263 call first_block_data +72b5 204072e8 call aes_init +72b6 6fe202d6 fetch 1 ,mem_le_rxbuf + 1 +72b7 da6002d7 arg mem_le_rxbuf + 2 ,regc +72b8 1fe0a5ff add pdata ,-1 ,regb +72b9 1fe0fffc increase -4 ,pdata +72ba 67e202d6 store 1 ,mem_le_rxbuf + 1 +72bb 9a608c00 iadd regc ,contr +72bc 18007000 force regidx_data ,regext_index +72bd ede80006 ifetchr regext ,4 ,contr +72be 204072df call do_aes_cfb +72bf 1800700c force regidx_result ,regext_index +72c0 65e80417 storer regext ,4 ,mem_le_peer_mic +72c1 18002200 force 0 ,rega +72c2 2040728e call aes_crypt_data +72c3 da6002d5 arg mem_le_rxbuf ,regc +72c4 20407277 call generate_mic +72c5 6fe80417 fetch 4 ,mem_le_peer_mic +72c6 9a467e00 isub regb ,pdata +72c7 247a0000 nrtn blank +72c8 6fe843df fetch 4 ,mem_le_last_mic +72c9 9a467e00 isub regb ,pdata +72ca 207a0000 rtn blank +72cb 604843df storet 4 ,mem_le_last_mic +72cc 6fea43da fetch 5 ,mem_le_pcnt_rx +72cd 1fe0fe01 increase 1 ,pdata +72ce 67ea43da store 5 ,mem_le_pcnt_rx +72cf 18007e00 force 0 ,pdata +72d0 20600000 rtn + +wait_aes: +72d1 243bf2d1 nbranch wait_aes ,aes_ready +72d2 20600000 rtn + +do_aes_ecb256: +72d3 18006c48 force aes_load | aes_256 ,aes_ctrl +72d4 18006c08 force aes_256 ,aes_ctrl +72d5 202072d1 branch wait_aes + +do_aes_ecb192: +72d6 18006c44 force aes_load | aes_192 ,aes_ctrl +72d7 18006c04 force aes_192 ,aes_ctrl +72d8 202072d1 branch wait_aes + +do_aes_ecb: +72d9 18006c40 force aes_load ,aes_ctrl +72da 18006c00 force 0 ,aes_ctrl +72db 202072d1 branch wait_aes + +do_aes_cbc: +72dc 18006c41 force aes_load | aes_cbc ,aes_ctrl +72dd 18006c00 force 0 ,aes_ctrl +72de 202072d1 branch wait_aes + +do_aes_cfb: +72df 18006c42 force aes_load | aes_cfb ,aes_ctrl +72e0 18006c02 force aes_cfb ,aes_ctrl +72e1 202072d1 branch wait_aes + +do_aes_ecb_be: +72e2 18006c50 force aes_big_endian | aes_load ,aes_ctrl +72e3 18006c10 force aes_big_endian ,aes_ctrl +72e4 202072d1 branch wait_aes + +do_aes_cbc_be: +72e5 18006c51 force aes_big_endian | aes_load | aes_cbc ,aes_ctrl +72e6 18006c10 force aes_big_endian ,aes_ctrl +72e7 202072d1 branch wait_aes + +aes_init: +72e8 18006c20 force aes_initialize ,aes_ctrl +72e9 18006c00 force 0 ,aes_ctrl +72ea 20600000 rtn + +function_s1: +72eb 18007000 force regidx_data ,regext_index +72ec 6fe8042b fetch 4 ,mem_le_mrand +72ed 98005e00 iforce regext +72ee 1f00f001 increase 1 ,regext_index +72ef efe80006 ifetch 4 ,contr +72f0 98005e00 iforce regext +72f1 1f00f001 increase 1 ,regext_index +72f2 6fe8440c fetch 4 ,mem_le_srand +72f3 98005e00 iforce regext +72f4 1f00f001 increase 1 ,regext_index +72f5 efe80006 ifetch 4 ,contr +72f6 98005e00 iforce regext +72f7 1f00f001 increase 1 ,regext_index +72f8 20407347 call aes_clear +72f9 1f00f1fc increase -4 ,regext_index +72fa 6fe84499 fetch 4 ,mem_le_tk +72fb 1fe25e00 copy pdata ,regext +72fc 202072e2 branch do_aes_ecb_be + +function_c1: +72fd 1a220c00 copy rega ,contr +72fe 2040733b call load_data128 +72ff 18006c30 force aes_big_endian | aes_initialize ,aes_ctrl +7300 18006c00 force 0 ,aes_ctrl +7301 6fe24460 fetch 1 ,mem_le_conn_peer_addr_type +7302 68424457 fetcht 1 ,mem_le_adv_own_addr_type +7303 2434f306 nbranch function_c1_irat ,master +7304 6fe24467 fetch 1 ,mem_le_conn_own_addr_type +7305 68424460 fetcht 1 ,mem_le_conn_peer_addr_type + +function_c1_irat: +7306 67e2441c store 1 ,mem_le_iat +7307 6042441d storet 1 ,mem_le_rat +7308 d8c0441c arg mem_le_iat ,contr +7309 2040733b call load_data128 +730a 20407347 call aes_clear +730b 1f00f1fc increase -4 ,regext_index +730c 6fe84499 fetch 4 ,mem_le_tk +730d 1fe25e00 copy pdata ,regext +730e 18006c51 force aes_big_endian | aes_cbc | aes_load ,aes_ctrl +730f 18006c10 force aes_big_endian ,aes_ctrl +7310 6fec4472 fetch 6 ,mem_le_lap +7311 684c044b fetcht 6 ,mem_le_plap +7312 2034f315 branch function_c1_master ,master +7313 6fec044b fetch 6 ,mem_le_plap +7314 684c4472 fetcht 6 ,mem_le_lap + +function_c1_master: +7315 18007000 force regidx_data ,regext_index +7316 18425e00 copy temp ,regext +7317 1f00f001 increase 1 ,regext_index +7318 184f5e00 rshift32 temp ,regext +7319 1ff07e00 lshift16 pdata ,pdata +731a 9de1de00 ior regext ,regext +731b 1f00f001 increase 1 ,regext_index +731c 1fef5e00 rshift32 pdata ,regext +731d 1f00f001 increase 1 ,regext_index +731e 18005e00 force 0 ,regext +731f 202072e5 branch do_aes_cbc_be + +padding_data: +7320 2f200600 compare 0 ,loopcnt ,3 +7321 20608000 rtn true +7322 18c27e00 deposit contr +7323 9f208a00 iadd loopcnt ,contw +7324 18007e00 force 0 ,pdata + +padding_loop: +7325 e7e20005 istore 1 ,contw +7326 1f20f201 increase 1 ,loopcnt +7327 2f200600 compare 0 ,loopcnt ,3 +7328 20608000 rtn true +7329 20207325 branch padding_loop + +aes_load_data: +732a 18007000 force regidx_data ,regext_index + +load_data_loop: +732b 1f227e00 deposit loopcnt +732c 203a732f branch load_data_padding ,blank +732d efe80006 ifetch 4 ,contr +732e 1f20f3fc increase -4 ,loopcnt + +load_data_padding: +732f 98005e00 iforce regext +7330 1f00f001 increase 1 ,regext_index +7331 2f001e04 compare regidx_key ,regext_index ,0xf +7332 20608000 rtn true +7333 2020732b branch load_data_loop + +load_key256: +7334 18007208 force 8 ,loopcnt +7335 20207339 branch load_key + +load_key192: +7336 18007206 force 6 ,loopcnt +7337 20207339 branch load_key + +load_key128: +7338 18007204 force 4 ,loopcnt + +load_key: +7339 18007004 force regidx_key ,regext_index +733a 2020733d branch load_regext_loop + +load_data128: +733b 18007000 force regidx_data ,regext_index +733c 18007204 force 4 ,loopcnt + +load_regext_loop: +733d efe80006 ifetch 4 ,contr +733e 1fe25e00 icopy regext +733f 1f00f001 increase 1 ,regext_index +7340 c200733d loop load_regext_loop +7341 20600000 rtn + +load_sk: +7342 d8c00478 arg mem_le_sk ,contr +7343 20207338 branch load_key128 + +clear_hidata: +7344 18007204 force 4 ,loopcnt +7345 20207349 branch clear_data_rest + +aes_clear_data: +7346 18007000 force regidx_data ,regext_index + +aes_clear: +7347 18007204 force 4 ,loopcnt + +clear_loop: +7348 18005e00 force 0 ,regext + +clear_data_rest: +7349 1f00f001 increase 1 ,regext_index +734a c2007348 loop clear_loop +734b 20600000 rtn + +store_aes_result: +734c 1800700c force regidx_result ,regext_index +734d 18007204 force 4 ,loopcnt + +send_aes_result_loop: +734e 1de27e00 deposit regext +734f e7e80005 istore 4 ,contw +7350 1f00f001 increase 1 ,regext_index +7351 c200734e loop send_aes_result_loop +7352 20600000 rtn + +store_enc_data: +7353 1800700c force regidx_result ,regext_index +7354 1a620a00 copy regc ,contw +7355 1a40f201 add regb ,1 ,loopcnt +7356 1f267c0f sub loopcnt ,15 ,null +7357 20217359 branch store_enc_loop ,positive +7358 18007210 force 16 ,loopcnt + +store_enc_loop: +7359 1de27e00 deposit regext +735a 1f267c03 sub loopcnt ,3 ,null +735b 20217361 branch store_enc_byte ,positive +735c e7e80005 istore 4 ,contw +735d 1f20f3fc increase -4 ,loopcnt +735e 20628000 rtn zero +735f 1f00f001 increase 1 ,regext_index +7360 20207359 branch store_enc_loop + +store_enc_byte: +7361 e7e20005 istore 1 ,contw +7362 1fecfe00 rshift8 pdata ,pdata +7363 c2007361 loop store_enc_byte +7364 20600000 rtn + +compare_res: +7365 1800700c force regidx_result ,regext_index +7366 18007204 force 4 ,loopcnt + +compare_res_loop: +7367 efe80006 ifetch 4 ,contr +7368 9de67c00 isub regext ,null +7369 24628000 nrtn zero +736a 1f00f001 increase 1 ,regext_index +736b c2007367 loop compare_res_loop +736c 18007c00 force 0 ,null +736d 20600000 rtn + +enable_authrom: +736e 6fe28043 fetch 1 ,core_config +736f 79207e03 set1 clock_on_auth_rom ,pdata +7370 67e28043 store 1 ,core_config +7371 20600000 rtn + +disable_authrom: +7372 6fe28043 fetch 1 ,core_config +7373 793ffe03 set0 clock_on_auth_rom ,pdata +7374 67e28043 store 1 ,core_config +7375 20600000 rtn + +init_memp: +7376 d8a00882 arg mem_p ,contw +7377 3803ffff setsect 0 ,0x3ffff +7378 3807ffff setsect 1 ,0x3ffff +7379 380bffff setsect 2 ,0x3ffff +737a 380ffbff setsect 3 ,0x3fbff +737b e7f20005 istore 9 ,contw +737c 3803ffff setsect 0 ,0x3ffff +737d 3807ffff setsect 1 ,0x3ffff +737e 380bffff setsect 2 ,0x3ffff +737f 380fffff setsect 3 ,0x3ffff +7380 e7f20005 istore 9 ,contw +7381 3803ffff setsect 0 ,0x3ffff +7382 3807ffff setsect 1 ,0x3ffff +7383 380bcfff setsect 2 ,0x3cfff +7384 380fffff setsect 3 ,0x3ffff +7385 e7f20005 istore 9 ,contw +7386 3803ffff setsect 0 ,0x3ffff +7387 3807ffff setsect 1 ,0x3ffff +7388 380bffef setsect 2 ,0x3ffef +7389 380fffff setsect 3 ,0x3ffff +738a e7f20005 istore 9 ,contw +738b 3803ffff setsect 0 ,0x3ffff +738c 3807ffff setsect 1 ,0x3ffff +738d 380bffff setsect 2 ,0x3ffff +738e 380fffff setsect 3 ,0x3ffff +738f e7f20005 istore 9 ,contw +7390 3803ffff setsect 0 ,0x3ffff +7391 38066c7f setsect 1 ,0x26c7f +7392 3808146b setsect 2 ,0x146b +7393 380f7bb3 setsect 3 ,0x37bb3 +7394 e7f20005 istore 9 ,contw +7395 3801feb8 setsect 0 ,0x1feb8 +7396 38050c12 setsect 1 ,0x10c12 +7397 380ab722 setsect 2 ,0x2b722 +7398 380e9fa6 setsect 3 ,0x29fa6 +7399 e7f20005 istore 9 ,contw +739a 3800e70f setsect 0 ,0xe70f +739b 38056720 setsect 1 ,0x16720 +739c 3808519e setsect 2 ,0x519e +739d 380d9084 setsect 3 ,0x19084 +739e e7f20005 istore 9 ,contw +739f 38031012 setsect 0 ,0x31012 +73a0 380760bf setsect 1 ,0x360bf +73a1 380bf0af setsect 2 ,0x3f0af +73a2 380c03d3 setsect 3 ,0x3d3 +73a3 e7f20005 istore 9 ,contw +73a4 3803a188 setsect 0 ,0x3a188 +73a5 38043ad0 setsect 1 ,0x3ad0 +73a6 380bcbf2 setsect 2 ,0x3cbf2 +73a7 380e43d9 setsect 3 ,0x243d9 +73a8 e7f20005 istore 9 ,contw +73a9 3802b030 setsect 0 ,0x2b030 +73aa 38076a03 setsect 1 ,0x36a03 +73ab 38091188 setsect 2 ,0x11188 +73ac 380de520 setsect 3 ,0x1e520 +73ad e7f20005 istore 9 ,contw +73ae 3803a11e setsect 0 ,0x3a11e +73af 3804fe5d setsect 1 ,0xfe5d +73b0 3808dd57 setsect 2 ,0xdd57 +73b1 380dac93 setsect 3 ,0x1ac93 +73b2 e7f20005 istore 9 ,contw +73b3 380011ed setsect 0 ,0x11ed +73b4 380618c4 setsect 1 ,0x218c4 +73b5 38088da7 setsect 2 ,0x8da7 +73b6 380e57ff setsect 3 ,0x257ff +73b7 e7f20005 istore 9 ,contw +73b8 3803192b setsect 0 ,0x3192b +73b9 38074641 setsect 1 ,0x34641 +73ba 3809be0c setsect 2 ,0x1be0c +73bb 380f66ad setsect 3 ,0x366ad +73bc e7f20005 istore 9 ,contw +73bd 38001f83 setsect 0 ,0x1f83 +73be 38055a23 setsect 1 ,0x15a23 +73bf 380bf9b0 setsect 2 ,0x3f9b0 +73c0 380c3949 setsect 3 ,0x3949 +73c1 e7f20005 istore 9 ,contw +73c2 38013a51 setsect 0 ,0x13a51 +73c3 380553fd setsect 1 ,0x153fd +73c4 380b372a setsect 2 ,0x3372a +73c5 380cf1bb setsect 3 ,0xf1bb +73c6 e7f20005 istore 9 ,contw +73c7 3803ae85 setsect 0 ,0x3ae85 +73c8 3805eed9 setsect 1 ,0x1eed9 +73c9 38089e66 setsect 2 ,0x9e66 +73ca 380c01a8 setsect 3 ,0x1a8 +73cb e7f00005 istore 8 ,contw +73cc 20600000 rtn + +init_memp_256: +73cd d8a0091a arg mem_p_256 ,contw +73ce 3803ffff setsect 0 ,0x3ffff +73cf 3807ffff setsect 1 ,0x3ffff +73d0 380bffff setsect 2 ,0x3ffff +73d1 380fffff setsect 3 ,0x3ffff +73d2 e7f20005 istore 9 ,contw +73d3 3803ffff setsect 0 ,0x3ffff +73d4 3804003f setsect 1 ,0x3f +73d5 38080000 setsect 2 ,0x0 +73d6 380c0000 setsect 3 ,0x0 +73d7 e7f20005 istore 9 ,contw +73d8 38000000 setsect 0 ,0x0 +73d9 38040000 setsect 1 ,0x0 +73da 38081000 setsect 2 ,0x1000 +73db 380c0000 setsect 3 ,0x0 +73dc e7f20005 istore 9 ,contw +73dd 3803ff00 setsect 0 ,0x3ff00 +73de 3807ffff setsect 1 ,0x3ffff +73df 380bffcf setsect 2 ,0x3ffcf +73e0 380fffff setsect 3 ,0x3ffff +73e1 e7f20005 istore 9 ,contw +73e2 3803ffff setsect 0 ,0x3ffff +73e3 3807ffff setsect 1 ,0x3ffff +73e4 380bffff setsect 2 ,0x3ffff +73e5 380c03ff setsect 3 ,0x3ff +73e6 e7f20005 istore 9 ,contw +73e7 38000000 setsect 0 ,0x0 +73e8 38040000 setsect 1 ,0x0 +73e9 38080000 setsect 2 ,0x0 +73ea 380c0000 setsect 3 ,0x0 +73eb e7f20005 istore 9 ,contw +73ec 38010000 setsect 0 ,0x10000 +73ed 38040000 setsect 1 ,0x0 +73ee 380bf000 setsect 2 ,0x3f000 +73ef 380fffff setsect 3 ,0x3ffff +73f0 e7f20005 istore 9 ,contw +73f1 380296ff setsect 0 ,0x296ff +73f2 38062630 setsect 1 ,0x22630 +73f3 380b945d setsect 2 ,0x3945d +73f4 380fd284 setsect 3 ,0x3d284 +73f5 e7f20005 istore 9 ,contw +73f6 380333a0 setsect 0 ,0x333a0 +73f7 38044b7a setsect 1 ,0x4b7a +73f8 380837d8 setsect 2 ,0x37d8 +73f9 380fc9dc setsect 3 ,0x3c9dc +73fa e7f20005 istore 9 ,contw +73fb 3803a440 setsect 0 ,0x3a440 +73fc 3805b958 setsect 1 ,0x1b958 +73fd 380b8bce setsect 2 ,0x38bce +73fe 380d091f setsect 3 ,0x1091f +73ff e7f20005 istore 9 ,contw +7400 3802e12c setsect 0 ,0x2e12c +7401 3805f47c setsect 1 ,0x1f47c +7402 380b56b1 setsect 2 ,0x356b1 +7403 380efd47 setsect 3 ,0x2fd47 +7404 e7f20005 istore 9 ,contw +7405 38006837 setsect 0 ,0x6837 +7406 3806ed90 setsect 1 ,0x2ed90 +7407 3809ecec setsect 2 ,0x1ecec +7408 380dacc5 setsect 3 ,0x1acc5 +7409 e7f20005 istore 9 ,contw +740a 38023357 setsect 0 ,0x23357 +740b 38058af3 setsect 1 ,0x18af3 +740c 3808f9e1 setsect 2 ,0xf9e1 +740d 380d29f0 setsect 3 ,0x129f0 +740e e7f20005 istore 9 ,contw +740f 3802e7eb setsect 0 ,0x2e7eb +7410 3807e6e3 setsect 1 ,0x3e6e3 +7411 380be1a7 setsect 2 ,0x3e1a7 +7412 380d0b8b setsect 3 ,0x10b8b +7413 e7f20005 istore 9 ,contw +7414 38024fe3 setsect 0 ,0x24fe3 +7415 380420ef setsect 1 ,0x20ef +7416 3809b5a6 setsect 2 ,0x1b5a6 +7417 380cdc2f setsect 3 ,0xdc2f +7418 e7f20005 istore 9 ,contw +7419 38013860 setsect 0 ,0x13860 +741a 3806bd69 setsect 1 ,0x2bd69 +741b 3808391a setsect 2 ,0x391a +741c 380db222 setsect 3 ,0x1b222 +741d e7f20005 istore 9 ,contw +741e 20600000 rtn + +publickey_init: +741f 6fe2462c fetch 1 ,mem_ssp_enable +7420 243a7432 nbranch sp_initialize ,blank +7421 2020792c branch sp_initialize_256 + +sp_calc_sequence_256_check: +7422 47474031 bpatchx patch31_6 ,mem_patch31 +7423 6fe2462c fetch 1 ,mem_ssp_enable +7424 207a0000 rtn blank +7425 6fe24583 fetch 1 ,mem_sp_local_key_invalid +7426 c1808000 rtnne sp_key_valid +7427 6fe24490 fetch 1 ,mem_le_secure_connect_enable +7428 207a0000 rtn blank +7429 6fe24495 fetch 1 ,mem_le_sc_local_key_invalid +742a c1018000 rtneq sp_key_valid_256 +742b 6fe44652 fetch 2 ,mem_ui_state_map +742c c2807430 bbit1 ui_state_bt_connected ,stop_publickey_calc_256 +742d 6fe24492 fetch 1 ,mem_le_sc_calc +742e c000792c beq sp_calc_standby ,sp_initialize_256 +742f 20600000 rtn + +stop_publickey_calc_256: +7430 70449200 jam sp_calc_standby ,mem_le_sc_calc +7431 20600000 rtn + +sp_initialize: +7432 4747c031 bpatchx patch31_7 ,mem_patch31 +7433 6fe2462c fetch 1 ,mem_ssp_enable +7434 203a650d branch ssp_disable ,blank +7435 20406506 call ssp_enable +7436 20407438 call sp_clear_flags +7437 20207522 branch sp_pubkey_calc + +sp_clear_flags: +7438 58000000 setarg 0 +7439 67f009aa store 8 ,mem_sp_state_start +743a 67e809b2 store 4 ,mem_sp_flag_start +743b 67ee4630 store 7 ,mem_sp_iocap_remote +743c 20600000 rtn + +sp_generate_local_key: +743d 7009ac01 jam sp_flag_commit ,mem_sp_flag +743e 20207442 branch sp_generate_local_key0 + +sp_master_generate_local_key: +743f 6fe24583 fetch 1 ,mem_sp_local_key_invalid +7440 c000f53f beq sp_key_valid ,sp_dhkey_calc +7441 20204a8b branch assert + +sp_generate_local_key0: +7442 6fe24583 fetch 1 ,mem_sp_local_key_invalid +7443 c000f445 beq sp_key_valid ,sp_start_send_pubkey +7444 20207522 branch sp_pubkey_calc + +sp_start_send_pubkey: +7445 2040753f call sp_dhkey_calc +7446 6fe209ab fetch 1 ,mem_master_sp_state +7447 247a0000 nrtn blank +7448 7009aa03 jam sp_stat_key_send ,mem_sp_state +7449 20600000 rtn + +sp_calc_check_publickey_256: +744a 20407465 call sp_calc_b256 +744b da2009da arg mem_le_pubkey_remote_y_256 ,rega +744c d8a00862 arg mem_t7_256 ,contw +744d 20407b2e call bn_sqrmod_256 +744e da2009ba arg mem_le_pubkey_remote_x_256 ,rega +744f d8a00822 arg mem_t2_256 ,contw +7450 20407b2e call bn_sqrmod_256 +7451 da200822 arg mem_t2_256 ,rega +7452 da4009ba arg mem_le_pubkey_remote_x_256 ,regb +7453 d8a00822 arg mem_t2_256 ,contw +7454 20407a96 call bn_mulmod_256 +7455 da20093a arg mem_a_256 ,rega +7456 da4009ba arg mem_le_pubkey_remote_x_256 ,regb +7457 d8a00842 arg mem_t3_256 ,contw +7458 20407a96 call bn_mulmod_256 +7459 da200842 arg mem_t3_256 ,rega +745a da400822 arg mem_t2_256 ,regb +745b d8a00822 arg mem_t2_256 ,contw +745c 20407b32 call bn_addmod_256 +745d da200802 arg mem_t0_256 ,rega +745e da400822 arg mem_t2_256 ,regb +745f d8a00802 arg mem_t0_256 ,contw +7460 20407b32 call bn_addmod_256 +7461 df200020 arg 32 ,loopcnt +7462 da200862 arg mem_t7_256 ,rega +7463 da400802 arg mem_t0_256 ,regb +7464 20207d63 branch string_compare + +sp_calc_b256: +7465 da20097a arg mem_gy_256 ,rega +7466 d8a00802 arg mem_t0_256 ,contw +7467 20407b2e call bn_sqrmod_256 +7468 da20095a arg mem_gx_256 ,rega +7469 d8a00822 arg mem_t2_256 ,contw +746a 20407b2e call bn_sqrmod_256 +746b da200822 arg mem_t2_256 ,rega +746c da40095a arg mem_gx_256 ,regb +746d d8a00822 arg mem_t2_256 ,contw +746e 20407a96 call bn_mulmod_256 +746f da20093a arg mem_a_256 ,rega +7470 da40095a arg mem_gx_256 ,regb +7471 d8a00842 arg mem_t3_256 ,contw +7472 20407a96 call bn_mulmod_256 +7473 da200842 arg mem_t3_256 ,rega +7474 da400822 arg mem_t2_256 ,regb +7475 d8a00822 arg mem_t2_256 ,contw +7476 20407b32 call bn_addmod_256 +7477 da200802 arg mem_t0_256 ,rega +7478 da400822 arg mem_t2_256 ,regb +7479 d8a00802 arg mem_t0_256 ,contw +747a 20207b4b branch bn_submod_256 + +sp_calc_check_publickey: +747b 20407496 call sp_calc_b +747c da2009e2 arg mem_sp_pubkey_remote_y ,rega +747d d8a00862 arg mem_t7_256 ,contw +747e 2040765d call bn_sqrmod +747f da2009c2 arg mem_sp_pubkey_remote_x ,rega +7480 d8a00822 arg mem_t2_256 ,contw +7481 2040765d call bn_sqrmod +7482 da200822 arg mem_t2_256 ,rega +7483 da4009c2 arg mem_sp_pubkey_remote_x ,regb +7484 d8a00822 arg mem_t2_256 ,contw +7485 2040763b call bn_mulmod +7486 da20089a arg mem_a ,rega +7487 da4009c2 arg mem_sp_pubkey_remote_x ,regb +7488 d8a00842 arg mem_t3_256 ,contw +7489 2040763b call bn_mulmod +748a da200842 arg mem_t3_256 ,rega +748b da400822 arg mem_t2_256 ,regb +748c d8a00822 arg mem_t2_256 ,contw +748d 2040760a call bn_addmod +748e da200802 arg mem_t0_256 ,rega +748f da400822 arg mem_t2_256 ,regb +7490 d8a00802 arg mem_t0_256 ,contw +7491 2040760a call bn_addmod +7492 df200018 arg 24 ,loopcnt +7493 da200862 arg mem_t7_256 ,rega +7494 da400802 arg mem_t0_256 ,regb +7495 20207d63 branch string_compare + +sp_calc_b: +7496 da2008e2 arg mem_gy ,rega +7497 d8a00802 arg mem_t0_256 ,contw +7498 2040765d call bn_sqrmod +7499 da2008ca arg mem_gx ,rega +749a d8a00822 arg mem_t2_256 ,contw +749b 2040765d call bn_sqrmod +749c da200822 arg mem_t2_256 ,rega +749d da4008ca arg mem_gx ,regb +749e d8a00822 arg mem_t2_256 ,contw +749f 2040763b call bn_mulmod +74a0 da20089a arg mem_a ,rega +74a1 da4008ca arg mem_gx ,regb +74a2 d8a00842 arg mem_t3_256 ,contw +74a3 2040763b call bn_mulmod +74a4 da200842 arg mem_t3_256 ,rega +74a5 da400822 arg mem_t2_256 ,regb +74a6 d8a00822 arg mem_t2_256 ,contw +74a7 2040760a call bn_addmod +74a8 da200802 arg mem_t0_256 ,rega +74a9 da400822 arg mem_t2_256 ,regb +74aa d8a00802 arg mem_t0_256 ,contw +74ab 2020760d branch bn_submod + +sp_calculate_commitment: +74ac 6fe209ae fetch 1 ,mem_sp_calc +74ad c08074ca bne sp_calc_standby ,sp_calculate_commitment_wait_dhkey_calc +74ae 204074c7 call sp_local_random_key_generator +74af d8a00a7a arg mem_sp_prarm_stack ,contw +74b0 58000a2a setarg mem_sp_random_local_end +74b1 e7e40005 istore 2 ,contw +74b2 58004614 setarg mem_sp_pubkey_local_x_end +74b3 e7e40005 istore 2 ,contw +74b4 580009da setarg mem_sp_pubkey_remote_x_end +74b5 e7e40005 istore 2 ,contw +74b6 202074be branch sp_calculate_commitment0 + +master_sp_calculate_commitment: +74b7 d8a00a7a arg mem_sp_prarm_stack ,contw +74b8 58000a3a setarg mem_sp_random_remote_end +74b9 e7e40005 istore 2 ,contw +74ba 580009da setarg mem_sp_pubkey_remote_x_end +74bb e7e40005 istore 2 ,contw +74bc 58004614 setarg mem_sp_pubkey_local_x_end +74bd e7e40005 istore 2 ,contw + +sp_calculate_commitment0: +74be 20407855 call function_f1 +74bf 6fe209ab fetch 1 ,mem_master_sp_state +74c0 c00274c4 beq sp_stat_commit_calc ,master_sp_calculate_commitment0 +74c1 7009ac01 jam sp_flag_commit ,mem_sp_flag +74c2 7009aa05 jam sp_stat_commit_send ,mem_sp_state +74c3 20600000 rtn + +master_sp_calculate_commitment0: +74c4 7009ab14 jam sp_stat_commitment_compare ,mem_master_sp_state +74c5 2040743f call sp_master_generate_local_key +74c6 2020758d branch master_set_mem_master_sp_flag + +sp_local_random_key_generator: +74c7 d8a00a1a arg mem_sp_random_local ,contw +74c8 18000e08 force 8 ,queue +74c9 20207557 branch random_generator + +sp_calculate_commitment_wait_dhkey_calc: +74ca 7009ac01 jam sp_flag_commit ,mem_sp_flag +74cb 20600000 rtn + +sp_confirm_check: +74cc 47484032 bpatchx patch32_0 ,mem_patch32 +74cd d8a00723 arg mem_addr_value ,contw +74ce 6fec40a0 fetch 6 ,mem_lap +74cf e7ec0005 istore 6 ,contw +74d0 6fec0040 fetch 6 ,mem_plap +74d1 e7ec0005 istore 6 ,contw +74d2 6fe64630 fetch 3 ,mem_sp_iocap_remote +74d3 e7e60005 istore 3 ,contw +74d4 204078c2 call function_f3a +74d5 da200a4a arg mem_sp_calc_result_high ,rega +74d6 da400a5a arg mem_sp_check_result ,regb +74d7 18000e04 force 4 ,queue +74d8 2040755c call compare4 +74d9 2420f4e6 nbranch sp_confirm_check_failed ,true +74da 204074dd call sp_confirm_check_success +74db 70007d41 jam lmp_dhkey_check ,mem_lmi_opcode2 +74dc 202066da branch tid_set_reply + +sp_confirm_check_success: +74dd 6fe209ab fetch 1 ,mem_master_sp_state +74de c004f4e3 beq sp_stat_confirm_check ,sp_confirm_check_success_master +74df 7009aa0a jam sp_stat_confirm_calc ,mem_sp_state +74e0 7009ac01 jam sp_flag_commit ,mem_sp_flag +74e1 70007c03 jam lmp_accepted ,mem_lmo_opcode2 +74e2 20600000 rtn + +sp_confirm_check_success_master: +74e3 70007c03 jam lmp_accepted ,mem_lmo_opcode2 +74e4 7009ab15 jam sp_state_end ,mem_master_sp_state +74e5 2020758d branch master_set_mem_master_sp_flag + +sp_confirm_check_failed: +74e6 6fe209ab fetch 1 ,mem_master_sp_state +74e7 c004f4ec beq sp_stat_confirm_check ,sp_confirm_check_failed_master +74e8 7009aa00 jam sp_stat_null ,mem_sp_state +74e9 70007c04 jam lmp_not_accepted ,mem_lmo_opcode2 +74ea 70007e05 jam authentication_failure_error ,mem_lmo_reason2 +74eb 20600000 rtn + +sp_confirm_check_failed_master: +74ec 70007c04 jam lmp_not_accepted ,mem_lmo_opcode2 +74ed 7009ab00 jam sp_stat_null ,mem_master_sp_state +74ee 20600000 rtn + +sp_confirm_calc: +74ef 6fe209af fetch 1 ,mem_sp_dh_ready +74f0 c000f4f3 beq sp_flag_commit ,sp_confirm_calc_ready +74f1 7009ab0a jam sp_stat_confirm_calc ,mem_master_sp_state +74f2 2020758d branch master_set_mem_master_sp_flag + +sp_confirm_calc_ready: +74f3 d8a00723 arg mem_addr_value ,contw +74f4 6fec0040 fetch 6 ,mem_plap +74f5 e7ec0005 istore 6 ,contw +74f6 6fec40a0 fetch 6 ,mem_lap +74f7 e7ec0005 istore 6 ,contw +74f8 6fe6462d fetch 3 ,mem_sp_iocap_local +74f9 e7e60005 istore 3 ,contw +74fa 204078d9 call function_f3b +74fb 6fe209ab fetch 1 ,mem_master_sp_state +74fc c0057500 beq sp_stat_confirm_calc ,sp_confirm_calc_master +74fd 7009aa0b jam sp_stat_confirm_send ,mem_sp_state +74fe 7009ac01 jam sp_flag_commit ,mem_sp_flag +74ff 20600000 rtn + +sp_confirm_calc_master: +7500 7009ab0b jam sp_stat_confirm_send ,mem_master_sp_state +7501 7009ad01 jam sp_flag_commit ,mem_master_sp_flag +7502 20600000 rtn + +sp_master_key_prarm_push: +7503 d8a00a7a arg mem_sp_prarm_stack ,contw +7504 6fec0040 fetch 6 ,mem_plap +7505 e7ec0005 istore 6 ,contw +7506 6fec40a0 fetch 6 ,mem_lap +7507 e7ec0005 istore 6 ,contw +7508 58000a2a setarg mem_sp_random_local_end +7509 e7e40005 istore 2 ,contw +750a 58000a3a setarg mem_sp_random_remote_end +750b e7e40005 istore 2 ,contw +750c 20207517 branch sp_link_key_calc + +sp_link_key_prarm_push: +750d 7009aa0f jam sp_stat_done ,mem_sp_state +750e d8a00a7a arg mem_sp_prarm_stack ,contw +750f 6fec40a0 fetch 6 ,mem_lap +7510 e7ec0005 istore 6 ,contw +7511 6fec0040 fetch 6 ,mem_plap +7512 e7ec0005 istore 6 ,contw +7513 58000a3a setarg mem_sp_random_remote_end +7514 e7e40005 istore 2 ,contw +7515 58000a2a setarg mem_sp_random_local_end +7516 e7e40005 istore 2 ,contw + +sp_link_key_calc: +7517 d8a00723 arg mem_addr_value ,contw +7518 6fec0a7a fetch 6 ,mem_sp_prarm_stack +7519 e7ec0005 istore 6 ,contw +751a 6fec0a80 fetch 6 ,mem_sp_prarm_stack + 6 +751b e7ec0005 istore 6 ,contw +751c 2040788c call function_f2 +751d 7041be01 jam 1 ,mem_link_key_exists +751e d8a041bf arg mem_link_key ,contw +751f d8c00a4a arg mem_sp_calc_result_high ,contr +7520 20407c9a call memcpy16 +7521 202041c0 branch generate_linkkey_continue + +sp_pubkey_calc: +7522 4748c032 bpatchx patch32_1 ,mem_patch32 +7523 6fe24583 fetch 1 ,mem_sp_local_key_invalid +7524 c1800000 rtnne sp_key_invalid +7525 6fe209ae fetch 1 ,mem_sp_calc +7526 c1800000 rtnne sp_calc_standby +7527 d8a045e4 arg mem_sp_private_key ,contw +7528 18000e0b force 11 ,queue +7529 20407557 call random_generator +752a 180a7e00 random pdata +752b 1fe37e00 rshift pdata ,pdata +752c e7e40005 istore 2 ,contw +752d d8a006ba arg mem_k ,contw +752e d8c045e4 arg mem_sp_private_key ,contr +752f 20407c99 call memcpy24 +7530 d8a005e2 arg mem_ax ,contw +7531 d8c008ca arg mem_gx ,contr +7532 20407c97 call memcpy48 +7533 d8a00612 arg mem_az ,contw +7534 20407ca0 call bn_zero +7535 70061201 jam 1 ,mem_az +7536 20407912 call eckp_calc_init +7537 7009ae01 jam sp_calc_pubkey ,mem_sp_calc +7538 20600000 rtn + +sp_pubkey_generated: +7539 d8a045fc arg mem_sp_pubkey_local ,contw +753a d8c0062a arg mem_bx ,contr +753b 20407c97 call memcpy48 +753c 70458301 jam sp_key_valid ,mem_sp_local_key_invalid +753d 7009ae00 jam sp_calc_standby ,mem_sp_calc +753e 20600000 rtn + +sp_dhkey_calc: +753f 47494032 bpatchx patch32_2 ,mem_patch32 +7540 6fe209b5 fetch 1 ,mem_sp_dhkey_invalid +7541 c1800000 rtnne sp_key_invalid +7542 6fe209ae fetch 1 ,mem_sp_calc +7543 c1800000 rtnne sp_calc_standby +7544 d8a006ba arg mem_k ,contw +7545 d8c045e4 arg mem_sp_private_key ,contr +7546 20407c99 call memcpy24 +7547 d8a005e2 arg mem_ax ,contw +7548 d8c009c2 arg mem_sp_pubkey_remote ,contr +7549 20407c97 call memcpy48 +754a d8a00612 arg mem_az ,contw +754b 20407ca0 call bn_zero +754c 70061201 jam 1 ,mem_az +754d 20407912 call eckp_calc_init +754e 7009ae02 jam sp_calc_dhkey ,mem_sp_calc +754f 20600000 rtn + +sp_dhkey_generated: +7550 7009af01 jam sp_flag_commit ,mem_sp_dh_ready +7551 d8a00a02 arg mem_sp_dhkey ,contw +7552 d8c0062a arg mem_bx ,contr +7553 20407c99 call memcpy24 +7554 7009b501 jam sp_key_valid ,mem_sp_dhkey_invalid +7555 7009ae00 jam sp_calc_standby ,mem_sp_calc +7556 20600000 rtn + +random_generator: +7557 18e08fff increase -1 ,queue +7558 24610000 nrtn positive +7559 180a7e00 random pdata +755a e7e40005 istore 2 ,contw +755b 20207557 branch random_generator + +compare4: +755c 18e08fff increase -1 ,queue +755d 24217568 nbranch compare4_success ,positive +755e efe80011 ifetch 4 ,rega +755f 1fe20400 copy pdata ,temp +7560 efe80012 ifetch 4 ,regb +7561 9842fe00 iflip temp ,pdata +7562 2422f566 nbranch compare4_failed ,zero +7563 1a20a204 increase 4 ,rega +7564 1a40a404 increase 4 ,regb +7565 2020755c branch compare4 + +compare4_failed: +7566 7840fc00 disable true +7567 20600000 rtn + +compare4_success: +7568 7820fc00 enable true +7569 20600000 rtn + +simple_pairing_sequence: +756a 4749c032 bpatchx patch32_3 ,mem_patch32 +756b 6fe209ac fetch 1 ,mem_sp_flag +756c 207a0000 rtn blank +756d 2040669e call lmo_fifo_check +756e 247a0000 nrtn blank +756f 7009ac00 jam sp_flag_standby ,mem_sp_flag +7570 6fe209aa fetch 1 ,mem_sp_state +7571 c001e5df beq sp_stat_key_send ,sp_send_lmp_encapsulated_header +7572 c002e5fc beq sp_stat_commit_send ,sp_send_lmp_simple_pairing_comfirm +7573 c003e607 beq sp_stat_random_send ,sp_send_lmp_simple_pairing_number +7574 c005e61c beq sp_stat_confirm_send ,sp_send_lmp_dhkey_check +7575 c001743d beq sp_stat_key_generate ,sp_generate_local_key +7576 c00274ac beq sp_stat_commit_calc ,sp_calculate_commitment +7577 c004f4cc beq sp_stat_confirm_check ,sp_confirm_check +7578 c00574ef beq sp_stat_confirm_calc ,sp_confirm_calc +7579 c006750d beq sp_stat_link_key_calc ,sp_link_key_prarm_push +757a 20600000 rtn + +master_simple_paring_sequence: +757b 474a4032 bpatchx patch32_4 ,mem_patch32 +757c 6fe209ad fetch 1 ,mem_master_sp_flag +757d 207a0000 rtn blank +757e 2040669e call lmo_fifo_check +757f 247a0000 nrtn blank +7580 7009ad00 jam sp_flag_standby ,mem_master_sp_flag +7581 6fe209ab fetch 1 ,mem_master_sp_state +7582 c00965c2 beq sp_master_stat_start_skip ,sp_master_send_io_cap_get +7583 c009e5c7 beq sp_master_stat_start_done ,sp_master_send_io_cap_send +7584 c001e5cb beq sp_stat_key_send ,sp_master_send_lmp_encapsulated_header +7585 c00274b7 beq sp_stat_commit_calc ,master_sp_calculate_commitment +7586 c00a65cf beq sp_stat_commitment_compare ,sp_master_commitment_compare +7587 c003e5dd beq sp_stat_random_send ,sp_master_send_lmp_simple_pairing_number +7588 c00574ef beq sp_stat_confirm_calc ,sp_confirm_calc +7589 c005e61b beq sp_stat_confirm_send ,master_sp_send_lmp_dhkey_check +758a c004f4cc beq sp_stat_confirm_check ,sp_confirm_check +758b c00ae615 beq sp_state_end ,master_sp_sm_end +758c 20600000 rtn + +master_set_mem_master_sp_flag: +758d 7009ad01 jam sp_flag_commit ,mem_master_sp_flag +758e 20600000 rtn + +master_clear_mem_master_sp_flag: +758f 7009ad00 jam sp_flag_standby ,mem_master_sp_flag +7590 20600000 rtn + +sp_calc_sequence: +7591 474ac032 bpatchx patch32_5 ,mem_patch32 +7592 6fe2462c fetch 1 ,mem_ssp_enable +7593 207a0000 rtn blank +7594 6fe209ae fetch 1 ,mem_sp_calc +7595 207a0000 rtn blank +7596 1fe0fe80 increase 0x80 ,pdata +7597 67e209ae store 1 ,mem_sp_calc +7598 c3838000 rtnbit1 7 +7599 6fe205df fetch 1 ,mem_ec_loopc +759a 203a759c branch sp_calc_sequence_done ,blank +759b 2020791d branch eckp_calc + +sp_calc_sequence_done: +759c 20407788 call ecunmapz +759d 6fe209ae fetch 1 ,mem_sp_calc +759e c000f539 beq sp_calc_pubkey ,sp_pubkey_generated +759f c0017550 beq sp_calc_dhkey ,sp_dhkey_generated +75a0 20600000 rtn + +bn_testbit: +75a1 1fe10e07 and pdata ,7 ,queue +75a2 1fe97e00 rshift3 pdata ,pdata +75a3 98c08c00 iadd contr ,contr +75a4 efe20006 ifetch 1 ,contr +75a5 afec0000 qisolate0 pdata +75a6 20600000 rtn + +ec_copy: +75a7 20407c99 call memcpy24 +75a8 20407c99 call memcpy24 +75a9 20207c99 branch memcpy24 + +bn_eq_zero: +75aa eff00006 ifetch 8 ,contr +75ab 247a0000 nrtn blank +75ac eff00006 ifetch 8 ,contr +75ad 247a0000 nrtn blank +75ae eff00006 ifetch 8 ,contr +75af 20600000 rtn + +bn_eq_0: +75b0 efe80011 ifetch 4 ,rega +75b1 98000400 iforce temp +75b2 efe80012 ifetch 4 ,regb +75b3 98467c00 isub temp ,null +75b4 24628000 nrtn zero +75b5 1a20a204 increase 4 ,rega +75b6 1a40a404 increase 4 ,regb +75b7 c20075b0 loop bn_eq_0 +75b8 20600000 rtn + +bn_bigeq: +75b9 18007206 force 6 ,loopcnt +75ba 1a20a214 increase 20 ,rega +75bb 1a40a414 increase 20 ,regb + +bn_bigeq_0: +75bc efe80012 ifetch 4 ,regb +75bd 98000400 iforce temp +75be efe80011 ifetch 4 ,rega +75bf 98467e00 isub temp ,pdata +75c0 24610000 nrtn positive +75c1 247a0000 nrtn blank +75c2 1a20a3fc increase -4 ,rega +75c3 1a40a5fc increase -4 ,regb +75c4 c20075bc loop bn_bigeq_0 +75c5 20600000 rtn + +bn_add: +75c6 18007206 force 6 ,loopcnt +75c7 18002600 force 0 ,regc + +bn_add_0: +75c8 efe80011 ifetch 4 ,rega +75c9 98000400 iforce temp +75ca efe80012 ifetch 4 ,regb +75cb 9840fe00 iadd temp ,pdata +75cc 9a60fe00 iadd regc ,pdata +75cd e7e80005 istore 4 ,contw +75ce 2feffe20 isolate1 32 ,pdata +75cf 7920a600 setflag true ,0 ,regc +75d0 1a20a204 increase 4 ,rega +75d1 1a40a404 increase 4 ,regb +75d2 c20075c8 loop bn_add_0 +75d3 20600000 rtn + +bn_sub: +75d4 18007206 force 6 ,loopcnt +75d5 18002600 force 0 ,regc + +bn_sub_0: +75d6 efe80012 ifetch 4 ,regb +75d7 98000400 iforce temp +75d8 efe80011 ifetch 4 ,rega +75d9 98467e00 isub temp ,pdata +75da 9a667e00 isub regc ,pdata +75db e7e80005 istore 4 ,contw +75dc 2feffe20 isolate1 32 ,pdata +75dd 7920a600 setflag true ,0 ,regc +75de 1a20a204 increase 4 ,rega +75df 1a40a404 increase 4 ,regb +75e0 c20075d6 loop bn_sub_0 +75e1 20600000 rtn + +bn_rshift6: +75e2 18007206 force 6 ,loopcnt +75e3 1a20a214 increase 20 ,rega + +bn_rshift: +75e4 18002600 force 0 ,regc + +bn_rshift_0: +75e5 efe80011 ifetch 4 ,rega +75e6 2feffe00 isolate1 0 ,pdata +75e7 7920a601 setflag true ,1 ,regc +75e8 1fe37e00 rshift pdata ,pdata +75e9 2a6ffe00 isolate1 0 ,regc +75ea 7920fe1f setflag true ,31 ,pdata +75eb e7e80011 istore 4 ,rega +75ec 1a20a3fc increase -4 ,rega +75ed 1a632600 rshift regc ,regc +75ee c20075e5 loop bn_rshift_0 +75ef 20600000 rtn + +bn_lshift: +75f0 18007206 force 6 ,loopcnt +75f1 18002600 force 0 ,regc + +bn_lshift_0: +75f2 efe80011 ifetch 4 ,rega +75f3 2feffe1f isolate1 31 ,pdata +75f4 7920a601 setflag true ,1 ,regc +75f5 1fe3fe00 lshift pdata ,pdata +75f6 2a6ffe00 isolate1 0 ,regc +75f7 7920fe00 setflag true ,0 ,pdata +75f8 e7e80011 istore 4 ,rega +75f9 1a20a204 increase 4 ,rega +75fa 1a632600 rshift regc ,regc +75fb c20075f2 loop bn_lshift_0 +75fc 20600000 rtn + +bn_lshiftmod: +75fd 204075f0 call bn_lshift + +bn_lshiftmod_ismod: +75fe 2a6ffe00 isolate1 0 ,regc +75ff 2020f606 branch bn_lshiftmod_0 ,true +7600 da400882 arg mem_p ,regb +7601 1a222600 copy rega ,regc +7602 1a20a3e8 increase -24 ,rega +7603 204075b9 call bn_bigeq +7604 24610000 nrtn positive +7605 1a622200 copy regc ,rega + +bn_lshiftmod_0: +7606 1a20a3e8 increase -24 ,rega +7607 da400882 arg mem_p ,regb +7608 1a220a00 copy rega ,contw +7609 202075d4 branch bn_sub + +bn_addmod: +760a 204075c6 call bn_add +760b 18a22200 copy contw ,rega +760c 202075fe branch bn_lshiftmod_ismod + +bn_submod: +760d 204075d4 call bn_sub +760e 2a6c0000 isolate0 0 ,regc +760f 20608000 rtn true +7610 da400882 arg mem_p ,regb +7611 18a0a3e8 add contw ,-24 ,rega +7612 1a220a00 copy rega ,contw +7613 202075c6 branch bn_add + +bn_p192mod: +7614 18a21600 copy contw ,timeup +7615 1a226000 copy rega ,alarm +7616 da400712 arg mem_tmp2 ,regb +7617 1a420a00 copy regb ,contw +7618 1a208c18 add rega ,24 ,contr +7619 eff00006 ifetch 8 ,contr +761a e7f00005 istore 8 ,contw +761b e7f00005 istore 8 ,contw +761c 18007e00 force 0 ,pdata +761d e7f00005 istore 8 ,contw +761e 19620a00 copy timeup ,contw +761f 2040760a call bn_addmod +7620 da400712 arg mem_tmp2 ,regb +7621 1a420a00 copy regb ,contw +7622 18007e00 force 0 ,pdata +7623 e7f00005 istore 8 ,contw +7624 1e008c20 add alarm ,32 ,contr +7625 eff00006 ifetch 8 ,contr +7626 e7f00005 istore 8 ,contw +7627 e7f00005 istore 8 ,contw +7628 19622200 copy timeup ,rega +7629 1a220a00 copy rega ,contw +762a 2040760a call bn_addmod +762b da400712 arg mem_tmp2 ,regb +762c 1a420a00 copy regb ,contw +762d 1e008c28 add alarm ,40 ,contr +762e eff00006 ifetch 8 ,contr +762f e7f00005 istore 8 ,contw +7630 e7f00005 istore 8 ,contw +7631 e7f00005 istore 8 ,contw +7632 19622200 copy timeup ,rega +7633 1a220a00 copy rega ,contw +7634 2020760a branch bn_addmod + +bn_load: +7635 18007206 force 6 ,loopcnt + +bn_load_0: +7636 efe80006 ifetch 4 ,contr +7637 98005e00 iforce regext +7638 1f00f001 increase 1 ,regext_index +7639 c2007636 loop bn_load_0 +763a 20600000 rtn + +bn_mulmod: +763b 18a21600 copy contw ,timeup +763c d8a006e2 arg mem_tmp1 ,contw +763d 20407ca0 call bn_zero +763e d8a006e2 arg mem_tmp1 ,contw +763f 1a220c00 copy rega ,contr +7640 18007000 force 0 ,regext_index +7641 20407635 call bn_load +7642 1a420c00 copy regb ,contr +7643 20407635 call bn_load +7644 18002400 force 0 ,regb + +bn_mulmod_1: +7645 18000400 force 0 ,temp +7646 18002606 force 6 ,regc + +bn_mulmod_0: +7647 efe80005 ifetch 4 ,contw +7648 98002200 iforce rega +7649 1a427000 copy regb ,regext_index +764a 1de27e00 deposit regext +764b 1a627000 copy regc ,regext_index +764c 9deffe00 imul32 regext ,pdata +764d 9a20fe00 iadd rega ,pdata +764e 9840fe00 iadd temp ,pdata +764f e7e80005 istore 4 ,contw +7650 1fef0400 rshift32 pdata ,temp +7651 1a60a601 increase 1 ,regc +7652 2a61fe0c compare 12 ,regc ,0xff +7653 2420f647 nbranch bn_mulmod_0 ,true +7654 18427e00 deposit temp +7655 e7e80005 istore 4 ,contw +7656 18a08be8 increase -24 ,contw +7657 1a40a401 increase 1 ,regb +7658 2a41fe06 compare 6 ,regb ,0xff +7659 2420f645 nbranch bn_mulmod_1 ,true +765a da2006e2 arg mem_tmp1 ,rega +765b 19620a00 copy timeup ,contw +765c 20207614 branch bn_p192mod + +bn_sqrmod: +765d 1a222400 copy rega ,regb +765e 2020763b branch bn_mulmod + +bn_rshifteven: +765f 1a226000 copy rega ,alarm + +bn_rshifteven_1: +7660 1e022200 copy alarm ,rega +7661 efe20011 ifetch 1 ,rega +7662 2feffe00 isolate1 0 ,pdata +7663 20608000 rtn true +7664 204075e2 call bn_rshift6 +7665 efe20012 ifetch 1 ,regb +7666 2fec0000 isolate0 0 ,pdata +7667 2020f66f branch bn_rshifteven_0 ,true +7668 da200882 arg mem_p ,rega +7669 1a420a00 copy regb ,contw +766a 204075c6 call bn_add +766b efe20012 ifetch 1 ,regb +766c 9a60fe00 iadd regc ,pdata +766d e7e20012 istore 1 ,regb +766e 1a40a5e8 increase -24 ,regb + +bn_rshifteven_0: +766f 1a40a218 add regb ,24 ,rega +7670 18007207 force 7 ,loopcnt +7671 204075e4 call bn_rshift +7672 20207660 branch bn_rshifteven_1 + +bn_invmod: +7673 18a21600 copy contw ,timeup +7674 d8a00742 arg mem_tmp0 ,contw +7675 20407ca0 call bn_zero +7676 18007e00 force 0 ,pdata +7677 67e806fa store 4 ,mem_tmp5 +7678 67e8075a store 4 ,mem_t2 +7679 70074201 jam 1 ,mem_tmp0 +767a d8a006e2 arg mem_tmp1 ,contw +767b 20407ca0 call bn_zero +767c d8c00882 arg mem_p ,contr +767d d8a00712 arg mem_tmp2 ,contw +767e 20407c99 call memcpy24 +767f 1a220c00 copy rega ,contr +7680 d8a0072a arg mem_tmp3 ,contw +7681 20407c99 call memcpy24 + +bn_invmod_2: +7682 d8c0072a arg mem_tmp3 ,contr +7683 204075aa call bn_eq_zero +7684 203a76ab branch bn_invmod_0 ,blank +7685 da20072a arg mem_tmp3 ,rega +7686 da400742 arg mem_tmp0 ,regb +7687 2040765f call bn_rshifteven +7688 da200712 arg mem_tmp2 ,rega +7689 da4006e2 arg mem_tmp1 ,regb +768a 2040765f call bn_rshifteven +768b da20072a arg mem_tmp3 ,rega +768c da400712 arg mem_tmp2 ,regb +768d 204075b9 call bn_bigeq +768e 2021769d branch bn_invmod_1 ,positive +768f da200712 arg mem_tmp2 ,rega +7690 da40072a arg mem_tmp3 ,regb +7691 1a220a00 copy rega ,contw +7692 204075d4 call bn_sub +7693 da200742 arg mem_tmp0 ,rega +7694 da4006e2 arg mem_tmp1 ,regb +7695 1a420a00 copy regb ,contw +7696 204075c6 call bn_add +7697 efe20011 ifetch 1 ,rega +7698 9a60a600 iadd regc ,regc +7699 efe20012 ifetch 1 ,regb +769a 9a60fe00 iadd regc ,pdata +769b e7e20012 istore 1 ,regb +769c 20207682 branch bn_invmod_2 + +bn_invmod_1: +769d da20072a arg mem_tmp3 ,rega +769e da400712 arg mem_tmp2 ,regb +769f 1a220a00 copy rega ,contw +76a0 204075d4 call bn_sub +76a1 da2006e2 arg mem_tmp1 ,rega +76a2 da400742 arg mem_tmp0 ,regb +76a3 1a420a00 copy regb ,contw +76a4 204075c6 call bn_add +76a5 efe20011 ifetch 1 ,rega +76a6 9a60a600 iadd regc ,regc +76a7 efe20012 ifetch 1 ,regb +76a8 9a60fe00 iadd regc ,pdata +76a9 e7e20012 istore 1 ,regb +76aa 20207682 branch bn_invmod_2 + +bn_invmod_0: +76ab d8a00742 arg mem_tmp0 ,contw +76ac 20407ca0 call bn_zero +76ad 6fe206fa fetch 1 ,mem_tmp5 +76ae 67e20742 store 1 ,mem_tmp0 +76af 67e2074a store 1 ,mem_tmp0a +76b0 da200742 arg mem_tmp0 ,rega +76b1 da4006e2 arg mem_tmp1 ,regb +76b2 1a420a00 copy regb ,contw +76b3 2040760a call bn_addmod +76b4 da200882 arg mem_p ,rega +76b5 da4006e2 arg mem_tmp1 ,regb +76b6 19620a00 copy timeup ,contw +76b7 2020760d branch bn_submod + +ecdbl: +76b8 da2006a2 arg mem_cz ,rega +76b9 d8a0075a arg mem_t2 ,contw +76ba 2040765d call bn_sqrmod +76bb da20075a arg mem_t2 ,rega +76bc d8a00772 arg mem_t3 ,contw +76bd 2040765d call bn_sqrmod +76be da20089a arg mem_a ,rega +76bf da400772 arg mem_t3 ,regb +76c0 d8a00772 arg mem_t3 ,contw +76c1 2040763b call bn_mulmod +76c2 da200672 arg mem_cx ,rega +76c3 d8a0075a arg mem_t2 ,contw +76c4 2040765d call bn_sqrmod +76c5 d8c0075a arg mem_t2 ,contr +76c6 d8a0072a arg mem_t1 ,contw +76c7 20407c99 call memcpy24 +76c8 da20072a arg mem_t1 ,rega +76c9 204075fd call bn_lshiftmod +76ca da20075a arg mem_t2 ,rega +76cb da40072a arg mem_t1 ,regb +76cc d8a0075a arg mem_t2 ,contw +76cd 2040760a call bn_addmod +76ce da20075a arg mem_t2 ,rega +76cf da400772 arg mem_t3 ,regb +76d0 d8a0075a arg mem_t2 ,contw +76d1 2040760a call bn_addmod +76d2 d8c00672 arg mem_cx ,contr +76d3 d8a0072a arg mem_t1 ,contw +76d4 20407c99 call memcpy24 +76d5 da20068a arg mem_cy ,rega +76d6 d8a00772 arg mem_t3 ,contw +76d7 2040765d call bn_sqrmod +76d8 da20072a arg mem_t1 ,rega +76d9 204075fd call bn_lshiftmod +76da da20072a arg mem_t1 ,rega +76db 204075fd call bn_lshiftmod +76dc da20072a arg mem_t1 ,rega +76dd da400772 arg mem_t3 ,regb +76de d8a0072a arg mem_t1 ,contw +76df 2040763b call bn_mulmod +76e0 da200772 arg mem_t3 ,rega +76e1 d8a00742 arg mem_t0 ,contw +76e2 2040765d call bn_sqrmod +76e3 da200742 arg mem_t0 ,rega +76e4 204075fd call bn_lshiftmod +76e5 da200742 arg mem_t0 ,rega +76e6 204075fd call bn_lshiftmod +76e7 da200742 arg mem_t0 ,rega +76e8 204075fd call bn_lshiftmod +76e9 d8c0068a arg mem_cy ,contr +76ea d8a00772 arg mem_t3 ,contw +76eb 20407c99 call memcpy24 +76ec da200772 arg mem_t3 ,rega +76ed 204075fd call bn_lshiftmod +76ee da200772 arg mem_t3 ,rega +76ef da4006a2 arg mem_cz ,regb +76f0 d8a006a2 arg mem_cz ,contw +76f1 2040763b call bn_mulmod +76f2 da20075a arg mem_t2 ,rega +76f3 d8a00772 arg mem_t3 ,contw +76f4 2040765d call bn_sqrmod +76f5 da200772 arg mem_t3 ,rega +76f6 da40072a arg mem_t1 ,regb +76f7 d8a00772 arg mem_t3 ,contw +76f8 2040760d call bn_submod +76f9 da200772 arg mem_t3 ,rega +76fa da40072a arg mem_t1 ,regb +76fb d8a00672 arg mem_cx ,contw +76fc 2040760d call bn_submod +76fd da20072a arg mem_t1 ,rega +76fe da400672 arg mem_cx ,regb +76ff d8a00772 arg mem_t3 ,contw +7700 2040760d call bn_submod +7701 da200772 arg mem_t3 ,rega +7702 da40075a arg mem_t2 ,regb +7703 d8a00772 arg mem_t3 ,contw +7704 2040763b call bn_mulmod +7705 da200772 arg mem_t3 ,rega +7706 da400742 arg mem_t0 ,regb +7707 d8a0068a arg mem_cy ,contw +7708 2020760d branch bn_submod + +ecadd: +7709 da200612 arg mem_az ,rega +770a d8a0078a arg mem_t7 ,contw +770b 2040765d call bn_sqrmod +770c da200672 arg mem_cx ,rega +770d da40078a arg mem_t7 ,regb +770e d8a00742 arg mem_t0 ,contw +770f 2040763b call bn_mulmod +7710 da200612 arg mem_az ,rega +7711 da40078a arg mem_t7 ,regb +7712 d8a0078a arg mem_t7 ,contw +7713 2040763b call bn_mulmod +7714 da20068a arg mem_cy ,rega +7715 da40078a arg mem_t7 ,regb +7716 d8a0072a arg mem_t1 ,contw +7717 2040763b call bn_mulmod +7718 da2006a2 arg mem_cz ,rega +7719 d8a0078a arg mem_t7 ,contw +771a 2040765d call bn_sqrmod +771b da2005e2 arg mem_ax ,rega +771c da40078a arg mem_t7 ,regb +771d d8a0075a arg mem_t2 ,contw +771e 2040763b call bn_mulmod +771f da2006a2 arg mem_cz ,rega +7720 da40078a arg mem_t7 ,regb +7721 d8a0078a arg mem_t7 ,contw +7722 2040763b call bn_mulmod +7723 da2005fa arg mem_ay ,rega +7724 da40078a arg mem_t7 ,regb +7725 d8a00772 arg mem_t3 ,contw +7726 2040763b call bn_mulmod +7727 da200742 arg mem_t0 ,rega +7728 da40075a arg mem_t2 ,regb +7729 d8a0078a arg mem_t7 ,contw +772a 2040760d call bn_submod +772b da200742 arg mem_t0 ,rega +772c da40075a arg mem_t2 ,regb +772d d8a00742 arg mem_t0 ,contw +772e 2040760a call bn_addmod +772f da20072a arg mem_t1 ,rega +7730 da400772 arg mem_t3 ,regb +7731 d8a0075a arg mem_t2 ,contw +7732 2040760d call bn_submod +7733 da20072a arg mem_t1 ,rega +7734 da400772 arg mem_t3 ,regb +7735 d8a0072a arg mem_t1 ,contw +7736 2040760a call bn_addmod +7737 da20072a arg mem_t1 ,rega +7738 da40078a arg mem_t7 ,regb +7739 d8a0072a arg mem_t1 ,contw +773a 2040763b call bn_mulmod +773b da2006a2 arg mem_cz ,rega +773c da400612 arg mem_az ,regb +773d d8a00772 arg mem_t3 ,contw +773e 2040763b call bn_mulmod +773f da200772 arg mem_t3 ,rega +7740 da40078a arg mem_t7 ,regb +7741 d8a006a2 arg mem_cz ,contw +7742 2040763b call bn_mulmod +7743 da20078a arg mem_t7 ,rega +7744 d8a0078a arg mem_t7 ,contw +7745 2040765d call bn_sqrmod +7746 da20078a arg mem_t7 ,rega +7747 da400742 arg mem_t0 ,regb +7748 d8a00772 arg mem_t3 ,contw +7749 2040763b call bn_mulmod +774a da20078a arg mem_t7 ,rega +774b da40072a arg mem_t1 ,regb +774c d8a0072a arg mem_t1 ,contw +774d 2040763b call bn_mulmod +774e da20075a arg mem_t2 ,rega +774f d8a00672 arg mem_cx ,contw +7750 2040765d call bn_sqrmod +7751 da200672 arg mem_cx ,rega +7752 da400772 arg mem_t3 ,regb +7753 d8a00672 arg mem_cx ,contw +7754 2040760d call bn_submod +7755 d8c00672 arg mem_cx ,contr +7756 d8a0078a arg mem_t7 ,contw +7757 20407c99 call memcpy24 +7758 da20078a arg mem_t7 ,rega +7759 204075fd call bn_lshiftmod +775a da200772 arg mem_t3 ,rega +775b da40078a arg mem_t7 ,regb +775c d8a00772 arg mem_t3 ,contw +775d 2040760d call bn_submod +775e da200772 arg mem_t3 ,rega +775f da40075a arg mem_t2 ,regb +7760 d8a0075a arg mem_t2 ,contw +7761 2040763b call bn_mulmod +7762 da20075a arg mem_t2 ,rega +7763 da40072a arg mem_t1 ,regb +7764 d8a0068a arg mem_cy ,contw +7765 2040760d call bn_submod +7766 da20068a arg mem_cy ,rega +7767 da400882 arg mem_p ,regb +7768 d8a0068a arg mem_cy ,contw +7769 18002600 force 0 ,regc +776a 6fe2068a fetch 1 ,mem_cy +776b 2feffe00 isolate1 0 ,pdata +776c 2040f5c6 call bn_add ,true +776d 1a626000 copy regc ,alarm +776e da20068a arg mem_cy ,rega +776f 204075e2 call bn_rshift6 +7770 6fe206a1 fetch 1 ,mem_cy5 +7771 2e0ffe00 isolate1 0 ,alarm +7772 7920fe07 setflag true ,7 ,pdata +7773 67e206a1 store 1 ,mem_cy5 +7774 20600000 rtn + +eckp_0: +7775 6fe205df fetch 1 ,mem_ec_loopc +7776 1fe0ffff increase -1 ,pdata +7777 24610000 nrtn positive +7778 67e205df store 1 ,mem_ec_loopc +7779 6fe205de fetch 1 ,mem_ec_infinite +777a 205a76b8 call ecdbl ,blank +777b 6fe205df fetch 1 ,mem_ec_loopc +777c d8c006ba arg mem_k ,contr +777d 204075a1 call bn_testbit +777e 2020f775 branch eckp_0 ,true +777f 6fe205de fetch 1 ,mem_ec_infinite +7780 243a7783 nbranch eckp_1 ,blank +7781 20407709 call ecadd +7782 20207775 branch eckp_0 + +eckp_1: +7783 7005de00 jam 0 ,mem_ec_infinite +7784 d8c005e2 arg mem_ax ,contr +7785 d8a00672 arg mem_cx ,contw +7786 204075a7 call ec_copy +7787 20207775 branch eckp_0 + +ecunmapz: +7788 da2006a2 arg mem_cz ,rega +7789 d8a00772 arg mem_t3 ,contw +778a 20407673 call bn_invmod +778b da200772 arg mem_t3 ,rega +778c d8a0072a arg mem_t1 ,contw +778d 2040765d call bn_sqrmod +778e da200672 arg mem_cx ,rega +778f da40072a arg mem_t1 ,regb +7790 d8a0062a arg mem_bx ,contw +7791 2040763b call bn_mulmod +7792 da200772 arg mem_t3 ,rega +7793 da40072a arg mem_t1 ,regb +7794 d8a0075a arg mem_t2 ,contw +7795 2040763b call bn_mulmod +7796 da20068a arg mem_cy ,rega +7797 da40075a arg mem_t2 ,regb +7798 d8a00642 arg mem_by ,contw +7799 2020763b branch bn_mulmod + +sha_endian_swap2: +779a efe80006 ifetch 4 ,contr +779b 18002204 force 4 ,rega +779c 18a08a03 increase 3 ,contw + +sha_endian_loop: +779d e7e20005 istore 1 ,contw +779e 1fecfe00 rshift8 pdata ,pdata +779f 18a08bfe increase -2 ,contw +77a0 1a20a3ff increase -1 ,rega +77a1 2422f79d nbranch sha_endian_loop ,zero +77a2 18a08a05 increase 5 ,contw +77a3 c200779a loop sha_endian_swap2 +77a4 20600000 rtn + +sha_getw: +77a5 18ebfe00 lshift2 queue ,pdata +77a6 99608c00 iadd timeup ,contr +77a7 efe80006 ifetch 4 ,contr +77a8 20600000 rtn + +sha_r: +77a9 18006010 force 16 ,alarm +77aa d96005e2 arg memdat ,timeup + +sha_r_loop: +77ab 1e008ff9 add alarm ,-7 ,queue +77ac 204077a5 call sha_getw +77ad 98000400 iforce temp +77ae 1e008ff0 add alarm ,-16 ,queue +77af 204077a5 call sha_getw +77b0 98408400 iadd temp ,temp +77b1 1e008ffe add alarm ,-2 ,queue +77b2 204077a5 call sha_getw +77b3 1fee7e01 shasx pdata ,1 ,pdata +77b4 98408400 iadd temp ,temp +77b5 1e008ff1 add alarm ,-15 ,queue +77b6 204077a5 call sha_getw +77b7 1fee7e00 shasx pdata ,0 ,pdata +77b8 98408400 iadd temp ,temp +77b9 1e0bfe00 lshift2 alarm ,pdata +77ba 99608a00 iadd timeup ,contw +77bb e0480005 istoret 4 ,contw +77bc 1e00e001 increase 1 ,alarm +77bd 2e01fe40 compare 64 ,alarm ,0xff +77be 2420f7ab nbranch sha_r_loop ,true +77bf 20600000 rtn + +sha_init: +77c0 d8c008fa arg memh0 ,contr +77c1 18007007 force 7 ,regext_index + +sha_init_0: +77c2 efe80006 ifetch 4 ,contr +77c3 98005e00 iforce regext +77c4 1f00f1ff increase -1 ,regext_index +77c5 202177c2 branch sha_init_0 ,positive +77c6 20600000 rtn + +sha: +77c7 474b4032 bpatchx patch32_6 ,mem_patch32 +77c8 204077a9 call sha_r +77c9 d8a006e2 arg memahbak ,contw +77ca 18007000 force 0 ,regext_index + +sha_0: +77cb 1de27e00 deposit regext +77cc e7e80005 istore 4 ,contw +77cd 1f00f001 increase 1 ,regext_index +77ce 2f01fe08 compare 8 ,regext_index ,0xff +77cf 2420f7cb nbranch sha_0 ,true +77d0 2040736e call enable_authrom +77d1 d9608700 arg memk ,timeup +77d2 de0005e2 arg memdat ,alarm +77d3 18007240 force 64 ,loopcnt + +sha_loop: +77d4 e8480030 ifetcht 4 ,alarm +77d5 efe8000b ifetch 4 ,timeup +77d6 19609604 increase 4 ,timeup +77d7 1e00e004 increase 4 ,alarm +77d8 9840fe00 iadd temp ,pdata +77d9 18007007 force 7 ,regext_index +77da 9de08400 iadd regext ,temp +77db 18007004 force 4 ,regext_index +77dc 1dee7e03 shasx regext ,3 ,pdata +77dd 98408400 iadd temp ,temp +77de 18007005 force 5 ,regext_index +77df 1de27e00 deposit regext +77e0 18007006 force 6 ,regext_index +77e1 9de2fe00 ixor regext ,pdata +77e2 18007004 force 4 ,regext_index +77e3 9de17e00 iand regext ,pdata +77e4 18007006 force 6 ,regext_index +77e5 9de2fe00 ixor regext ,pdata +77e6 98408400 iadd temp ,temp +77e7 18007007 force 7 ,regext_index +77e8 18425e00 copy temp ,regext +77e9 18007003 force 3 ,regext_index +77ea 1de27e00 deposit regext +77eb 9840de00 iadd temp ,regext +77ec 18007000 force 0 ,regext_index +77ed 1de27e00 deposit regext +77ee 18007001 force 1 ,regext_index +77ef 9de10400 iand regext ,temp +77f0 9de1fe00 ior regext ,pdata +77f1 18007002 force 2 ,regext_index +77f2 9de17e00 iand regext ,pdata +77f3 98418400 ior temp ,temp +77f4 18007000 force 0 ,regext_index +77f5 1dee7e02 shasx regext ,2 ,pdata +77f6 9840fe00 iadd temp ,pdata +77f7 18007007 force 7 ,regext_index +77f8 9de0de00 iadd regext ,regext +77f9 980efc00 regexrot +77fa c20077d4 loop sha_loop +77fb d8c006e2 arg memahbak ,contr +77fc 18007000 force 0 ,regext_index + +sha_1: +77fd efe80006 ifetch 4 ,contr +77fe 9de0de00 iadd regext ,regext +77ff 1f00f001 increase 1 ,regext_index +7800 2f01fe08 compare 8 ,regext_index ,0xff +7801 2420f7fd nbranch sha_1 ,true +7802 20207372 branch disable_authrom + +sha_result: +7803 d8a00a3a arg memresult ,contw +7804 18007007 force 7 ,regext_index + +sha_regext_save: +7805 1de27e00 deposit regext +7806 e7e80005 istore 4 ,contw +7807 1f00f1ff increase -1 ,regext_index +7808 20217805 branch sha_regext_save ,positive +7809 20600000 rtn + +pad_xor: +780a d8a005e2 arg memdat ,contw +780b 18c08dfc increase -4 ,contr +780c 1f262210 sub loopcnt ,16 ,rega + +pad_xor_0: +780d efe80006 ifetch 4 ,contr +780e 9842fe00 ixor temp ,pdata +780f e7e80005 istore 4 ,contw +7810 18c08df8 increase -8 ,contr +7811 c200780d loop pad_xor_0 +7812 1a227200 copy rega ,loopcnt +7813 18427e00 deposit temp + +pad_xor_1: +7814 e7e80005 istore 4 ,contw +7815 c2007814 loop pad_xor_1 +7816 20600000 rtn + +g_noninit_number_confirm: +7817 2040781c call g_noninit0 +7818 20407803 call sha_result +7819 20207842 branch g_common0 + +g_noninit: +781a 2040781c call g_noninit0 +781b 20207842 branch g_common0 + +g_noninit0: +781c d8c009da arg mem_sp_pubkey_remote_x_end ,contr +781d d8a005e2 arg memdat ,contw +781e 18007206 force 6 ,loopcnt +781f 20407926 call memcpy_dword_swap +7820 d8c04614 arg mem_sp_pubkey_local_x_end ,contr +7821 18007206 force 6 ,loopcnt +7822 20407926 call memcpy_dword_swap +7823 d8c00a3a arg mem_sp_random_remote_end ,contr +7824 20407925 call memcpy_dword_swap4 +7825 204077c0 call sha_init +7826 204077c7 call sha +7827 d8c00a2a arg mem_sp_random_local_end ,contr +7828 d8a005e2 arg memdat ,contw +7829 20207839 branch g_common + +g_init: +782a d8c04614 arg mem_sp_pubkey_local_x_end ,contr +782b d8a005e2 arg memdat ,contw +782c 18007206 force 6 ,loopcnt +782d 20407926 call memcpy_dword_swap +782e d8c009da arg mem_sp_pubkey_remote_x_end ,contr +782f 18007206 force 6 ,loopcnt +7830 20407926 call memcpy_dword_swap +7831 d8c00a2a arg mem_sp_random_local_end ,contr +7832 20407925 call memcpy_dword_swap4 +7833 204077c0 call sha_init +7834 204077c7 call sha +7835 d8c00a3a arg mem_sp_random_remote_end ,contr +7836 d8a005e2 arg memdat ,contw +7837 20407839 call g_common +7838 20207842 branch g_common0 + +g_common: +7839 20407925 call memcpy_dword_swap4 +783a 58800000 setarg 0x800000 +783b 1fed7e00 lshift8 pdata ,pdata +783c e7e80005 istore 4 ,contw +783d 18007205 force 5 ,loopcnt +783e 20407ca1 call memset0 +783f 58000280 setarg 640 +7840 e7e80005 istore 4 ,contw +7841 202077c7 branch sha + +g_common0: +7842 6fe80a3a fetch 4 ,memresult +7843 da2003e8 arg 1000 ,rega +7844 9a26fc00 idiv rega +7845 20407d61 call wait_div_end +7846 18077e00 remainder pdata +7847 67e809b6 store 4 ,mem_gkey +7848 1807fe00 quotient pdata +7849 da2003e8 arg 1000 ,rega +784a 9a26fc00 idiv rega +784b 20407d61 call wait_div_end +784c 18077e00 remainder pdata +784d da2003e8 arg 1000 ,rega +784e 9a2ffe00 imul32 rega ,pdata +784f 684809b6 fetcht 4 ,mem_gkey +7850 9840fe00 iadd temp ,pdata +7851 67e809b6 store 4 ,mem_gkey +7852 20600000 rtn + +function_f1_no_key: +7853 70463600 jam 0 ,mem_passkey_1bit +7854 20207857 branch function_f1_common + +function_f1: +7855 6fe24634 fetch 1 ,mem_ssp_mode_flag +7856 c0817853 bne ssp_mode_passkey_entry_flag ,function_f1_no_key + +function_f1_common: +7857 474bc032 bpatchx patch32_7 ,mem_patch32 +7858 58363636 setarg 0x363636 +7859 1fed0400 lshift8 pdata ,temp +785a 18418436 or_into 0x36 ,temp +785b 6fe40a7a fetch 2 ,mem_sp_prarm_stack +785c 1fe20c00 copy pdata ,contr +785d 18007204 force 4 ,loopcnt +785e 2040780a call pad_xor +785f 204077c0 call sha_init +7860 204077c7 call sha +7861 6fe40a7c fetch 2 ,mem_sp_prarm_stack + 2 +7862 1fe20c00 copy pdata ,contr +7863 d8a005e2 arg memdat ,contw +7864 18007206 force 6 ,loopcnt +7865 20407926 call memcpy_dword_swap +7866 6fe40a7e fetch 2 ,mem_sp_prarm_stack + 4 +7867 1fe20c00 copy pdata ,contr +7868 18007206 force 6 ,loopcnt +7869 20407926 call memcpy_dword_swap +786a 58800000 setarg 0x800000 +786b e7e60005 istore 3 ,contw +786c 6fe24636 fetch 1 ,mem_passkey_1bit +786d e7e20005 istore 1 ,contw +786e 18007e00 force 0 ,pdata +786f e7f00005 istore 8 ,contw +7870 58000388 setarg 0x0388 +7871 e7e80005 istore 4 ,contw +7872 204077c7 call sha +7873 20407803 call sha_result +7874 d8c00a3a arg memresult ,contr +7875 d8a00702 arg memahsave ,contw +7876 20407c98 call memcpy32 +7877 585c5c5c setarg 0x5c5c5c +7878 1fed0400 lshift8 pdata ,temp +7879 1841845c or_into 0x5c ,temp +787a 6fe40a7a fetch 2 ,mem_sp_prarm_stack +787b 1fe20c00 copy pdata ,contr +787c 18007204 force 4 ,loopcnt +787d 2040780a call pad_xor +787e 204077c0 call sha_init +787f 204077c7 call sha +7880 d8c00722 arg memahsave_end ,contr +7881 d8a005e2 arg memdat ,contw +7882 18007208 force 8 ,loopcnt +7883 20407926 call memcpy_dword_swap +7884 58800000 setarg 0x800000 +7885 1fed7e00 lshift8 pdata ,pdata +7886 e7e80005 istore 4 ,contw +7887 20407ca0 call bn_zero +7888 58000300 setarg 0x0300 +7889 e7e80005 istore 4 ,contw +788a 204077c7 call sha +788b 20207803 branch sha_result + +function_f2: +788c 58363636 setarg 0x363636 +788d 1fed0400 lshift8 pdata ,temp +788e 18418436 or_into 0x36 ,temp +788f d8c00a1a arg mem_sp_dhkey_end ,contr +7890 18007206 force 6 ,loopcnt +7891 2040780a call pad_xor +7892 204077c0 call sha_init +7893 204077c7 call sha +7894 6fe40a86 fetch 2 ,mem_sp_prarm_stack + 12 +7895 1fe20c00 copy pdata ,contr +7896 d8a005e2 arg memdat ,contw +7897 20407925 call memcpy_dword_swap4 +7898 6fe40a88 fetch 2 ,mem_sp_prarm_stack + 14 +7899 1fe20c00 copy pdata ,contr +789a 20407925 call memcpy_dword_swap4 +789b 5862746c setarg 0x62746c +789c 1fed7e00 lshift8 pdata ,pdata +789d 1fe1fe6b or_into 0x6b ,pdata +789e e7e80005 istore 4 ,contw +789f d8c0072f arg mem_addr_value_end ,contr +78a0 18007203 force 3 ,loopcnt +78a1 20407926 call memcpy_dword_swap +78a2 58800000 setarg 0x800000 +78a3 1fed7e00 lshift8 pdata ,pdata +78a4 e7e80005 istore 4 ,contw +78a5 18007e00 force 0 ,pdata +78a6 e7f00005 istore 8 ,contw +78a7 58000380 setarg 0x0380 +78a8 e7e80005 istore 4 ,contw +78a9 204077c7 call sha +78aa 20407803 call sha_result +78ab d8c00a3a arg memresult ,contr +78ac d8a00702 arg memahsave ,contw +78ad 20407c98 call memcpy32 +78ae 585c5c5c setarg 0x5c5c5c +78af 1fed0400 lshift8 pdata ,temp +78b0 1841845c or_into 0x5c ,temp +78b1 d8c00a1a arg mem_sp_dhkey_end ,contr +78b2 18007206 force 6 ,loopcnt +78b3 2040780a call pad_xor +78b4 204077c0 call sha_init +78b5 204077c7 call sha +78b6 d8c00722 arg memahsave_end ,contr +78b7 d8a005e2 arg memdat ,contw +78b8 18007208 force 8 ,loopcnt +78b9 20407926 call memcpy_dword_swap +78ba 58800000 setarg 0x800000 +78bb 1fed7e00 lshift8 pdata ,pdata +78bc e7e80005 istore 4 ,contw +78bd 20407ca0 call bn_zero +78be 58000300 setarg 0x0300 +78bf e7e80005 istore 4 ,contw +78c0 204077c7 call sha +78c1 20207803 branch sha_result + +function_f3a: +78c2 6fe24634 fetch 1 ,mem_ssp_mode_flag +78c3 c08178d3 bne ssp_mode_passkey_entry_flag ,function_f3a_no_pin + +function_f3a_common: +78c4 474c4033 bpatchx patch33_0 ,mem_patch33 +78c5 58363636 setarg 0x363636 +78c6 1fed0400 lshift8 pdata ,temp +78c7 18418436 or_into 0x36 ,temp +78c8 d8c00a1a arg mem_sp_dhkey_end ,contr +78c9 18007206 force 6 ,loopcnt +78ca 2040780a call pad_xor +78cb 204077c0 call sha_init +78cc 204077c7 call sha +78cd d8c00a3a arg mem_sp_random_remote_end ,contr +78ce d8a005e2 arg memdat ,contw +78cf 20407925 call memcpy_dword_swap4 +78d0 d8c00a2a arg mem_sp_random_local_end ,contr +78d1 20407925 call memcpy_dword_swap4 +78d2 202078e8 branch function_f3_common + +function_f3a_no_pin: +78d3 58000000 setarg 0 +78d4 67e84658 store 4 ,mem_pin +78d5 202078c4 branch function_f3a_common + +function_f3b_no_pin: +78d6 58000000 setarg 0 +78d7 67e84658 store 4 ,mem_pin +78d8 202078db branch function_f3b_common + +function_f3b: +78d9 6fe24634 fetch 1 ,mem_ssp_mode_flag +78da c08178d6 bne ssp_mode_passkey_entry_flag ,function_f3b_no_pin + +function_f3b_common: +78db 58363636 setarg 0x363636 +78dc 1fed0400 lshift8 pdata ,temp +78dd 18418436 or_into 0x36 ,temp +78de d8c00a1a arg mem_sp_dhkey_end ,contr +78df 18007206 force 6 ,loopcnt +78e0 2040780a call pad_xor +78e1 204077c0 call sha_init +78e2 204077c7 call sha +78e3 d8c00a2a arg mem_sp_random_local_end ,contr +78e4 d8a005e2 arg memdat ,contw +78e5 20407925 call memcpy_dword_swap4 +78e6 d8c00a3a arg mem_sp_random_remote_end ,contr +78e7 20407925 call memcpy_dword_swap4 + +function_f3_common: +78e8 58000000 setarg 0x0 +78e9 e7f00005 istore 8 ,contw +78ea e7e80005 istore 4 ,contw +78eb 6fe84658 fetch 4 ,mem_pin +78ec e7e80005 istore 4 ,contw +78ed 18a20400 copy contw ,temp +78ee 70072280 jam 0x80 ,mem_addr_padding +78ef 18420a00 copy temp ,contw +78f0 d8c00732 arg mem_addr_iocap_end ,contr +78f1 20407925 call memcpy_dword_swap4 +78f2 204077c7 call sha +78f3 d8a005e2 arg memdat ,contw +78f4 18007207 force 7 ,loopcnt +78f5 20407ca1 call memset0 +78f6 e7e80005 istore 4 ,contw +78f7 580003f8 setarg 0x03F8 +78f8 e7e80005 istore 4 ,contw +78f9 204077c7 call sha +78fa 20407803 call sha_result +78fb d8c00a3a arg memresult ,contr +78fc d8a00702 arg memahsave ,contw +78fd 20407c98 call memcpy32 +78fe 585c5c5c setarg 0x5c5c5c +78ff 1fed0400 lshift8 pdata ,temp +7900 1841845c or_into 0x5c ,temp +7901 d8c00a1a arg mem_sp_dhkey_end ,contr +7902 18007206 force 6 ,loopcnt +7903 2040780a call pad_xor +7904 204077c0 call sha_init +7905 204077c7 call sha +7906 d8c00722 arg memahsave_end ,contr +7907 d8a005e2 arg memdat ,contw +7908 18007208 force 8 ,loopcnt +7909 20407926 call memcpy_dword_swap +790a 58800000 setarg 0x800000 +790b 1fed7e00 lshift8 pdata ,pdata +790c e7e80005 istore 4 ,contw +790d 20407ca0 call bn_zero +790e 58000300 setarg 0x0300 +790f e7e80005 istore 4 ,contw +7910 204077c7 call sha +7911 20207803 branch sha_result + +eckp_calc_init: +7912 7005dfc0 jam 192 ,mem_ec_loopc + +eckp_calc_init_1: +7913 6fe205df fetch 1 ,mem_ec_loopc +7914 207a0000 rtn blank +7915 1fe0ffff increase -1 ,pdata +7916 67e205df store 1 ,mem_ec_loopc +7917 d8c006ba arg mem_k ,contr +7918 204075a1 call bn_testbit +7919 2020f913 branch eckp_calc_init_1 ,true +791a d8c005e2 arg mem_ax ,contr +791b d8a00672 arg mem_cx ,contw +791c 202075a7 branch ec_copy + +eckp_calc: +791d 204076b8 call ecdbl +791e 6fe205df fetch 1 ,mem_ec_loopc +791f 1fe0ffff increase -1 ,pdata +7920 67e205df store 1 ,mem_ec_loopc +7921 d8c006ba arg mem_k ,contr +7922 204075a1 call bn_testbit +7923 20608000 rtn true +7924 20207709 branch ecadd + +memcpy_dword_swap4: +7925 18007204 force 4 ,loopcnt + +memcpy_dword_swap: +7926 18c08dfc increase -4 ,contr + +memcpy_dword_swap_loop: +7927 efe80006 ifetch 4 ,contr +7928 e7e80005 istore 4 ,contw +7929 18c08df8 increase -8 ,contr +792a c2007927 loop memcpy_dword_swap_loop +792b 20600000 rtn + +sp_initialize_256: +792c 474cc033 bpatchx patch33_1 ,mem_patch33 +792d 6fe24490 fetch 1 ,mem_le_secure_connect_enable +792e 203a5ed0 branch le_secure_connection_disable ,blank +792f 20405ecc call le_secure_connection_enable +7930 20407438 call sp_clear_flags +7931 20207932 branch sp_pubkey_calc_256 + +sp_pubkey_calc_256: +7932 6fe24495 fetch 1 ,mem_le_sc_local_key_invalid +7933 c1800000 rtnne sp_key_invalid +7934 6fe24492 fetch 1 ,mem_le_sc_calc +7935 c1800000 rtnne sp_calc_standby +7936 d8a04584 arg mem_le_private_key_256 ,contw +7937 18000e0f force 15 ,queue +7938 20407557 call random_generator +7939 180a7e00 random pdata +793a 1fe37e00 rshift pdata ,pdata +793b e7e40005 istore 2 ,contw +793c d8a00762 arg mem_k_256 ,contw +793d d8c04584 arg mem_le_private_key_256 ,contr +793e 20407c98 call memcpy32 +793f d8a00642 arg mem_ax_256 ,contw +7940 d8c0095a arg mem_gx_256 ,contr +7941 20407c8e call memcpy64 +7942 d8a00682 arg mem_az_256 ,contw +7943 20407cab call clear_mem_256 +7944 70068201 jam 1 ,mem_az_256 +7945 2040797c call eckp_calc_init_256 +7946 70449203 jam sp_calc_pubkey_256 ,mem_le_sc_calc +7947 20600000 rtn + +sp_pubkey_generated_256: +7948 d8a045a4 arg mem_le_pubkey_local_x_256 ,contw +7949 d8c006a2 arg mem_bx_256 ,contr +794a 20407c8e call memcpy64 +794b 70449503 jam sp_key_valid_256 ,mem_le_sc_local_key_invalid +794c 70449200 jam sp_calc_standby ,mem_le_sc_calc +794d 20600000 rtn + +sp_dhkey_calc_256: +794e 6fe209b5 fetch 1 ,mem_sp_dhkey_invalid +794f c1800000 rtnne sp_key_invalid +7950 6fe24492 fetch 1 ,mem_le_sc_calc +7951 c1800000 rtnne sp_calc_standby +7952 d8a00762 arg mem_k_256 ,contw +7953 d8c04584 arg mem_le_private_key_256 ,contr +7954 20407c98 call memcpy32 +7955 d8a00642 arg mem_ax_256 ,contw +7956 d8c009ba arg mem_le_pubkey_remote_x_256 ,contr +7957 20407c8e call memcpy64 +7958 d8a00682 arg mem_az_256 ,contw +7959 20407cab call clear_mem_256 +795a 70068201 jam 1 ,mem_az_256 +795b 2040797c call eckp_calc_init_256 +795c 70449204 jam sp_calc_dhkey_256 ,mem_le_sc_calc +795d 20600000 rtn + +sp_dhkey_generated_256: +795e d8a009fa arg mem_le_dhkey_256 ,contw +795f d8c006a2 arg mem_bx_256 ,contr +7960 20407c98 call memcpy32 +7961 7009b503 jam sp_key_valid_256 ,mem_sp_dhkey_invalid +7962 70449200 jam sp_calc_standby ,mem_le_sc_calc +7963 20600000 rtn + +sp_calc_sequence_256: +7964 6fe24490 fetch 1 ,mem_le_secure_connect_enable +7965 207a0000 rtn blank +7966 6fe24492 fetch 1 ,mem_le_sc_calc +7967 207a0000 rtn blank +7968 1fe0fe80 increase 0x80 ,pdata +7969 67e24492 store 1 ,mem_le_sc_calc +796a c3838000 rtnbit1 7 +796b 6fe405df fetch 2 ,mem_ec_loopc +796c 203a796e branch sp_calc_sequence_done_256 ,blank +796d 20207974 branch eckp_calc_256 + +sp_calc_sequence_done_256: +796e 474d4033 bpatchx patch33_2 ,mem_patch33 +796f 20407989 call ecunmapz_256 +7970 6fe24492 fetch 1 ,mem_le_sc_calc +7971 c001f948 beq sp_calc_pubkey_256 ,sp_pubkey_generated_256 +7972 c002795e beq sp_calc_dhkey_256 ,sp_dhkey_generated_256 +7973 20600000 rtn + +eckp_calc_256: +7974 2040799b call ecdbl_256 +7975 6fe405df fetch 2 ,mem_ec_loopc +7976 1fe0ffff increase -1 ,pdata +7977 67e405df store 2 ,mem_ec_loopc +7978 d8c00762 arg mem_k_256 ,contr +7979 204075a1 call bn_testbit +797a 20608000 rtn true +797b 202079ec branch ecadd_256 + +eckp_calc_init_256: +797c 474dc033 bpatchx patch33_3 ,mem_patch33 +797d 58000100 setarg 256 ,pdata +797e 67e405df store 2 ,mem_ec_loopc + +eckp_calc_init_256_1: +797f 6fe405df fetch 2 ,mem_ec_loopc +7980 207a0000 rtn blank +7981 1fe0ffff increase -1 ,pdata +7982 67e405df store 2 ,mem_ec_loopc +7983 d8c00762 arg mem_k_256 ,contr +7984 204075a1 call bn_testbit +7985 2020f97f branch eckp_calc_init_256_1 ,true +7986 d8c00642 arg mem_ax_256 ,contr +7987 d8a00702 arg mem_cx_256 ,contw +7988 20207c8d branch memcpy96 + +ecunmapz_256: +7989 da200742 arg mem_cz_256 ,rega +798a d8a00842 arg mem_t3_256 ,contw +798b 20407a58 call bn_invmod_256 +798c da200842 arg mem_t3_256 ,rega +798d d8a007e2 arg mem_t1_256 ,contw +798e 20407b2e call bn_sqrmod_256 +798f da200702 arg mem_cx_256 ,rega +7990 da4007e2 arg mem_t1_256 ,regb +7991 d8a006a2 arg mem_bx_256 ,contw +7992 20407a96 call bn_mulmod_256 +7993 da200842 arg mem_t3_256 ,rega +7994 da4007e2 arg mem_t1_256 ,regb +7995 d8a00822 arg mem_t2_256 ,contw +7996 20407a96 call bn_mulmod_256 +7997 da200722 arg mem_cy_256 ,rega +7998 da400822 arg mem_t2_256 ,regb +7999 d8a006c2 arg mem_by_256 ,contw +799a 20207a96 branch bn_mulmod_256 + +ecdbl_256: +799b da200742 arg mem_cz_256 ,rega +799c d8a00822 arg mem_t2_256 ,contw +799d 20407b2e call bn_sqrmod_256 +799e da200822 arg mem_t2_256 ,rega +799f d8a00842 arg mem_t3_256 ,contw +79a0 20407b2e call bn_sqrmod_256 +79a1 da20093a arg mem_a_256 ,rega +79a2 da400842 arg mem_t3_256 ,regb +79a3 d8a00842 arg mem_t3_256 ,contw +79a4 20407a96 call bn_mulmod_256 +79a5 da200702 arg mem_cx_256 ,rega +79a6 d8a00822 arg mem_t2_256 ,contw +79a7 20407b2e call bn_sqrmod_256 +79a8 d8c00822 arg mem_t2_256 ,contr +79a9 d8a007e2 arg mem_t1_256 ,contw +79aa 20407c98 call memcpy32 +79ab da2007e2 arg mem_t1_256 ,rega +79ac 20407b35 call bn_lshiftmod_256 +79ad da200822 arg mem_t2_256 ,rega +79ae da4007e2 arg mem_t1_256 ,regb +79af d8a00822 arg mem_t2_256 ,contw +79b0 20407b32 call bn_addmod_256 +79b1 da200822 arg mem_t2_256 ,rega +79b2 da400842 arg mem_t3_256 ,regb +79b3 d8a00822 arg mem_t2_256 ,contw +79b4 20407b32 call bn_addmod_256 +79b5 d8c00702 arg mem_cx_256 ,contr +79b6 d8a007e2 arg mem_t1_256 ,contw +79b7 20407c98 call memcpy32 +79b8 da200722 arg mem_cy_256 ,rega +79b9 d8a00842 arg mem_t3_256 ,contw +79ba 20407b2e call bn_sqrmod_256 +79bb da2007e2 arg mem_t1_256 ,rega +79bc 20407b35 call bn_lshiftmod_256 +79bd da2007e2 arg mem_t1_256 ,rega +79be 20407b35 call bn_lshiftmod_256 +79bf da2007e2 arg mem_t1_256 ,rega +79c0 da400842 arg mem_t3_256 ,regb +79c1 d8a007e2 arg mem_t1_256 ,contw +79c2 20407a96 call bn_mulmod_256 +79c3 da200842 arg mem_t3_256 ,rega +79c4 d8a00802 arg mem_t0_256 ,contw +79c5 20407b2e call bn_sqrmod_256 +79c6 da200802 arg mem_t0_256 ,rega +79c7 20407b35 call bn_lshiftmod_256 +79c8 da200802 arg mem_t0_256 ,rega +79c9 20407b35 call bn_lshiftmod_256 +79ca da200802 arg mem_t0_256 ,rega +79cb 20407b35 call bn_lshiftmod_256 +79cc d8c00722 arg mem_cy_256 ,contr +79cd d8a00842 arg mem_t3_256 ,contw +79ce 20407c98 call memcpy32 +79cf da200842 arg mem_t3_256 ,rega +79d0 20407b35 call bn_lshiftmod_256 +79d1 da200842 arg mem_t3_256 ,rega +79d2 da400742 arg mem_cz_256 ,regb +79d3 d8a00742 arg mem_cz_256 ,contw +79d4 20407a96 call bn_mulmod_256 +79d5 da200822 arg mem_t2_256 ,rega +79d6 d8a00842 arg mem_t3_256 ,contw +79d7 20407b2e call bn_sqrmod_256 +79d8 da200842 arg mem_t3_256 ,rega +79d9 da4007e2 arg mem_t1_256 ,regb +79da d8a00842 arg mem_t3_256 ,contw +79db 20407b4b call bn_submod_256 +79dc da200842 arg mem_t3_256 ,rega +79dd da4007e2 arg mem_t1_256 ,regb +79de d8a00702 arg mem_cx_256 ,contw +79df 20407b4b call bn_submod_256 +79e0 da2007e2 arg mem_t1_256 ,rega +79e1 da400702 arg mem_cx_256 ,regb +79e2 d8a00842 arg mem_t3_256 ,contw +79e3 20407b4b call bn_submod_256 +79e4 da200842 arg mem_t3_256 ,rega +79e5 da400822 arg mem_t2_256 ,regb +79e6 d8a00842 arg mem_t3_256 ,contw +79e7 20407a96 call bn_mulmod_256 +79e8 da200842 arg mem_t3_256 ,rega +79e9 da400802 arg mem_t0_256 ,regb +79ea d8a00722 arg mem_cy_256 ,contw +79eb 20207b4b branch bn_submod_256 + +ecadd_256: +79ec da200682 arg mem_az_256 ,rega +79ed d8a00862 arg mem_t7_256 ,contw +79ee 20407b2e call bn_sqrmod_256 +79ef da200702 arg mem_cx_256 ,rega +79f0 da400862 arg mem_t7_256 ,regb +79f1 d8a00802 arg mem_t0_256 ,contw +79f2 20407a96 call bn_mulmod_256 +79f3 da200682 arg mem_az_256 ,rega +79f4 da400862 arg mem_t7_256 ,regb +79f5 d8a00862 arg mem_t7_256 ,contw +79f6 20407a96 call bn_mulmod_256 +79f7 da200722 arg mem_cy_256 ,rega +79f8 da400862 arg mem_t7_256 ,regb +79f9 d8a007e2 arg mem_t1_256 ,contw +79fa 20407a96 call bn_mulmod_256 +79fb da200742 arg mem_cz_256 ,rega +79fc d8a00862 arg mem_t7_256 ,contw +79fd 20407b2e call bn_sqrmod_256 +79fe da200642 arg mem_ax_256 ,rega +79ff da400862 arg mem_t7_256 ,regb +7a00 d8a00822 arg mem_t2_256 ,contw +7a01 20407a96 call bn_mulmod_256 +7a02 da200742 arg mem_cz_256 ,rega +7a03 da400862 arg mem_t7_256 ,regb +7a04 d8a00862 arg mem_t7_256 ,contw +7a05 20407a96 call bn_mulmod_256 +7a06 da200662 arg mem_ay_256 ,rega +7a07 da400862 arg mem_t7_256 ,regb +7a08 d8a00842 arg mem_t3_256 ,contw +7a09 20407a96 call bn_mulmod_256 +7a0a da400802 arg mem_t0_256 ,regb +7a0b da200822 arg mem_t2_256 ,rega +7a0c d8a00862 arg mem_t7_256 ,contw +7a0d 20407b4b call bn_submod_256 +7a0e da200802 arg mem_t0_256 ,rega +7a0f da400822 arg mem_t2_256 ,regb +7a10 d8a00802 arg mem_t0_256 ,contw +7a11 20407b32 call bn_addmod_256 +7a12 da4007e2 arg mem_t1_256 ,regb +7a13 da200842 arg mem_t3_256 ,rega +7a14 d8a00822 arg mem_t2_256 ,contw +7a15 20407b4b call bn_submod_256 +7a16 da2007e2 arg mem_t1_256 ,rega +7a17 da400842 arg mem_t3_256 ,regb +7a18 d8a007e2 arg mem_t1_256 ,contw +7a19 20407b32 call bn_addmod_256 +7a1a da2007e2 arg mem_t1_256 ,rega +7a1b da400862 arg mem_t7_256 ,regb +7a1c d8a007e2 arg mem_t1_256 ,contw +7a1d 20407a96 call bn_mulmod_256 +7a1e da200742 arg mem_cz_256 ,rega +7a1f da400682 arg mem_az_256 ,regb +7a20 d8a00842 arg mem_t3_256 ,contw +7a21 20407a96 call bn_mulmod_256 +7a22 da200842 arg mem_t3_256 ,rega +7a23 da400862 arg mem_t7_256 ,regb +7a24 d8a00742 arg mem_cz_256 ,contw +7a25 20407a96 call bn_mulmod_256 +7a26 da200862 arg mem_t7_256 ,rega +7a27 d8a00862 arg mem_t7_256 ,contw +7a28 20407b2e call bn_sqrmod_256 +7a29 da200862 arg mem_t7_256 ,rega +7a2a da400802 arg mem_t0_256 ,regb +7a2b d8a00842 arg mem_t3_256 ,contw +7a2c 20407a96 call bn_mulmod_256 +7a2d da200862 arg mem_t7_256 ,rega +7a2e da4007e2 arg mem_t1_256 ,regb +7a2f d8a007e2 arg mem_t1_256 ,contw +7a30 20407a96 call bn_mulmod_256 +7a31 da200822 arg mem_t2_256 ,rega +7a32 d8a00702 arg mem_cx_256 ,contw +7a33 20407b2e call bn_sqrmod_256 +7a34 da200702 arg mem_cx_256 ,rega +7a35 da400842 arg mem_t3_256 ,regb +7a36 d8a00702 arg mem_cx_256 ,contw +7a37 20407b4b call bn_submod_256 +7a38 d8c00702 arg mem_cx_256 ,contr +7a39 d8a00862 arg mem_t7_256 ,contw +7a3a 20407c98 call memcpy32 +7a3b da200862 arg mem_t7_256 ,rega +7a3c 20407b35 call bn_lshiftmod_256 +7a3d da200842 arg mem_t3_256 ,rega +7a3e da400862 arg mem_t7_256 ,regb +7a3f d8a00842 arg mem_t3_256 ,contw +7a40 20407b4b call bn_submod_256 +7a41 da200842 arg mem_t3_256 ,rega +7a42 da400822 arg mem_t2_256 ,regb +7a43 d8a00822 arg mem_t2_256 ,contw +7a44 20407a96 call bn_mulmod_256 +7a45 da200822 arg mem_t2_256 ,rega +7a46 da4007e2 arg mem_t1_256 ,regb +7a47 d8a00722 arg mem_cy_256 ,contw +7a48 20407b4b call bn_submod_256 +7a49 da200722 arg mem_cy_256 ,rega +7a4a da40091a arg mem_p_256 ,regb +7a4b d8a00722 arg mem_cy_256 ,contw +7a4c 18002600 force 0 ,regc +7a4d 6fe20722 fetch 1 ,mem_cy_256 +7a4e 2feffe00 isolate1 0 ,pdata +7a4f 2040fb30 call bn_add_256 ,true +7a50 1a626000 copy regc ,alarm +7a51 da200722 arg mem_cy_256 ,rega +7a52 20407b60 call bn_rshift_256 +7a53 6fe20741 fetch 1 ,mem_cy5_256 +7a54 2e0ffe00 isolate1 0 ,alarm +7a55 7920fe07 setflag true ,7 ,pdata +7a56 67e20741 store 1 ,mem_cy5_256 +7a57 20600000 rtn + +bn_invmod_256: +7a58 18a21600 copy contw ,timeup +7a59 d8a00802 arg mem_tmp0_256 ,contw +7a5a 20407cab call clear_mem_256 +7a5b 18007e00 force 0 ,pdata +7a5c 67e80822 store 4 ,mem_t2_256 +7a5d 70080201 jam 1 ,mem_tmp0_256 +7a5e d8a00782 arg mem_tmp1_256 ,contw +7a5f 20407cad call clear_mem_512 +7a60 d8c0091a arg mem_p_256 ,contr +7a61 d8a007c2 arg mem_tmp2_256 ,contw +7a62 20407c98 call memcpy32 +7a63 1a220c00 copy rega ,contr +7a64 d8a007e2 arg mem_tmp3_256 ,contw +7a65 20407c98 call memcpy32 + +bn_invmod_256_2: +7a66 d8c007e2 arg mem_tmp3_256 ,contr +7a67 20407b6a call bn_eq_zero_256 +7a68 203a7a8f branch bn_invmod_256_0 ,blank +7a69 da2007e2 arg mem_tmp3_256 ,rega +7a6a da400802 arg mem_tmp0_256 ,regb +7a6b 20407b6d call bn_rshifteven_256 +7a6c da2007c2 arg mem_tmp2_256 ,rega +7a6d da400782 arg mem_tmp1_256 ,regb +7a6e 20407b6d call bn_rshifteven_256 +7a6f da2007e2 arg mem_tmp3_256 ,rega +7a70 da4007c2 arg mem_tmp2_256 ,regb +7a71 20407b66 call bn_bigeq_256 +7a72 20217a81 branch bn_invmod_256_1 ,positive +7a73 da2007c2 arg mem_tmp2_256 ,rega +7a74 da4007e2 arg mem_tmp3_256 ,regb +7a75 1a220a00 copy rega ,contw +7a76 20407b5e call bn_sub_256 +7a77 da200802 arg mem_tmp0_256 ,rega +7a78 da400782 arg mem_tmp1_256 ,regb +7a79 1a420a00 copy regb ,contw +7a7a 20407b30 call bn_add_256 +7a7b efe20011 ifetch 1 ,rega +7a7c 9a60a600 iadd regc ,regc +7a7d efe20012 ifetch 1 ,regb +7a7e 9a60fe00 iadd regc ,pdata +7a7f e7e20012 istore 1 ,regb +7a80 20207a66 branch bn_invmod_256_2 + +bn_invmod_256_1: +7a81 da2007e2 arg mem_tmp3_256 ,rega +7a82 da4007c2 arg mem_tmp2_256 ,regb +7a83 1a220a00 copy rega ,contw +7a84 20407b5e call bn_sub_256 +7a85 da200782 arg mem_tmp1_256 ,rega +7a86 da400802 arg mem_tmp0_256 ,regb +7a87 1a420a00 copy regb ,contw +7a88 20407b30 call bn_add_256 +7a89 efe20011 ifetch 1 ,rega +7a8a 9a60a600 iadd regc ,regc +7a8b efe20012 ifetch 1 ,regb +7a8c 9a60fe00 iadd regc ,pdata +7a8d e7e20012 istore 1 ,regb +7a8e 20207a66 branch bn_invmod_256_2 + +bn_invmod_256_0: +7a8f da200782 arg mem_tmp1_256 ,rega +7a90 19620a00 copy timeup ,contw +7a91 20407abf call bn_p256mod +7a92 da20091a arg mem_p_256 ,rega +7a93 19622400 copy timeup ,regb +7a94 19620a00 copy timeup ,contw +7a95 20207b4b branch bn_submod_256 + +bn_mulmod_256: +7a96 18a21600 copy contw ,timeup +7a97 18007000 force 0 ,regext_index +7a98 d8a00782 arg mem_tmp1_256 ,contw +7a99 20407cad call clear_mem_512 +7a9a d8a00ace arg mem_regext ,contw +7a9b 20407cad call clear_mem_512 +7a9c 1a220c00 copy rega ,contr +7a9d 700ace00 jam 0 ,mem_regext +7a9e 58000000 setarg 0 +7a9f 20407b28 call bn_load_mem +7aa0 1a420c00 copy regb ,contr +7aa1 20407b2c call bn_load_256 +7aa2 18000e00 force 0 ,queue +7aa3 d8a00782 arg mem_tmp1_256 ,contw + +bn_mulmod_256_1: +7aa4 d8400ace arg mem_regext ,temp +7aa5 18e22400 copy queue ,regb +7aa6 1a4bfe00 lshift2 regb ,pdata +7aa7 9840a400 iadd temp ,regb +7aa8 18000400 force 0 ,temp +7aa9 18002600 force 0 ,regc + +bn_mulmod_256_0: +7aaa efe80005 ifetch 4 ,contw +7aab 98002200 iforce rega +7aac efe80012 ifetch 4 ,regb +7aad 1a627000 copy regc ,regext_index +7aae 9deffe00 imul32 regext ,pdata +7aaf 9a20fe00 iadd rega ,pdata +7ab0 9840fe00 iadd temp ,pdata +7ab1 e7e80005 istore 4 ,contw +7ab2 1fef0400 rshift32 pdata ,temp +7ab3 1a60a601 increase 1 ,regc +7ab4 2a61fe08 compare 8 ,regc ,0xff +7ab5 2420faaa nbranch bn_mulmod_256_0 ,true +7ab6 18427e00 deposit temp +7ab7 e7e80005 istore 4 ,contw +7ab8 18a08be0 increase -32 ,contw +7ab9 18e08e01 increase 1 ,queue +7aba 28e1fe08 compare 8 ,queue ,0xff +7abb 2420faa4 nbranch bn_mulmod_256_1 ,true +7abc da200782 arg mem_tmp1_256 ,rega +7abd 19620a00 copy timeup ,contw +7abe 20207abf branch bn_p256mod + +bn_p256mod: +7abf 474e4033 bpatchx patch33_4 ,mem_patch33 +7ac0 18a21600 copy contw ,timeup +7ac1 1a226000 copy rega ,alarm +7ac2 da4007c2 arg mem_tmp2_256 ,regb +7ac3 1a420a00 copy regb ,contw +7ac4 20407ca8 call memset0_4 +7ac5 e7f00005 istore 8 ,contw +7ac6 1a208c2c add rega ,44 ,contr +7ac7 20407c94 call memcpy8 +7ac8 20407c90 call memcpy12 +7ac9 1a422200 copy regb ,rega +7aca 20407b35 call bn_lshiftmod_256 +7acb da4007c2 arg mem_tmp2_256 ,regb +7acc 1e022200 copy alarm ,rega +7acd 19620a00 copy timeup ,contw +7ace 20407b32 call bn_addmod_256 +7acf da4007c2 arg mem_tmp2_256 ,regb +7ad0 1a420a00 copy regb ,contw +7ad1 20407ca8 call memset0_4 +7ad2 e7f00005 istore 8 ,contw +7ad3 1e008c30 add alarm ,48 ,contr +7ad4 20407c9a call memcpy16 +7ad5 20407ca8 call memset0_4 +7ad6 1a422200 copy regb ,rega +7ad7 20407b35 call bn_lshiftmod_256 +7ad8 da4007c2 arg mem_tmp2_256 ,regb +7ad9 19622200 copy timeup ,rega +7ada 1a220a00 copy rega ,contw +7adb 20407b32 call bn_addmod_256 +7adc da4007c2 arg mem_tmp2_256 ,regb +7add 1a420a00 copy regb ,contw +7ade 1e008c20 add alarm ,32 ,contr +7adf 20407c90 call memcpy12 +7ae0 20407ca8 call memset0_4 +7ae1 e7f00005 istore 8 ,contw +7ae2 1e008c38 add alarm ,56 ,contr +7ae3 20407c94 call memcpy8 +7ae4 19622200 copy timeup ,rega +7ae5 1a220a00 copy rega ,contw +7ae6 20407b32 call bn_addmod_256 +7ae7 da4007c2 arg mem_tmp2_256 ,regb +7ae8 1a420a00 copy regb ,contw +7ae9 1e008c24 add alarm ,36 ,contr +7aea 20407c90 call memcpy12 +7aeb 1e008c34 add alarm ,52 ,contr +7aec 20407c90 call memcpy12 +7aed 1e008c34 add alarm ,52 ,contr +7aee 20407c91 call memcpy4 +7aef 1e008c20 add alarm ,32 ,contr +7af0 20407c91 call memcpy4 +7af1 19622200 copy timeup ,rega +7af2 1a220a00 copy rega ,contw +7af3 20407b32 call bn_addmod_256 +7af4 da4007c2 arg mem_tmp2_256 ,regb +7af5 1a420a00 copy regb ,contw +7af6 1e008c2c add alarm ,44 ,contr +7af7 20407c90 call memcpy12 +7af8 20407ca8 call memset0_4 +7af9 e7f00005 istore 8 ,contw +7afa 1e008c20 add alarm ,32 ,contr +7afb 20407c91 call memcpy4 +7afc 1e008c28 add alarm ,40 ,contr +7afd 20407c91 call memcpy4 +7afe 19622200 copy timeup ,rega +7aff 1a220a00 copy rega ,contw +7b00 20407b4b call bn_submod_256 +7b01 da4007c2 arg mem_tmp2_256 ,regb +7b02 1a420a00 copy regb ,contw +7b03 1e008c30 add alarm ,48 ,contr +7b04 20407c94 call memcpy8 +7b05 20407c94 call memcpy8 +7b06 18007e00 force 0 ,pdata +7b07 e7f00005 istore 8 ,contw +7b08 1e008c24 add alarm ,36 ,contr +7b09 20407c91 call memcpy4 +7b0a 1e008c2c add alarm ,44 ,contr +7b0b 20407c91 call memcpy4 +7b0c 19622200 copy timeup ,rega +7b0d 1a220a00 copy rega ,contw +7b0e 20407b4b call bn_submod_256 +7b0f da4007c2 arg mem_tmp2_256 ,regb +7b10 1a420a00 copy regb ,contw +7b11 1e008c34 add alarm ,52 ,contr +7b12 20407c90 call memcpy12 +7b13 1e008c20 add alarm ,32 ,contr +7b14 20407c90 call memcpy12 +7b15 20407ca8 call memset0_4 +7b16 1e008c30 add alarm ,48 ,contr +7b17 20407c91 call memcpy4 +7b18 19622200 copy timeup ,rega +7b19 1a220a00 copy rega ,contw +7b1a 20407b4b call bn_submod_256 +7b1b da4007c2 arg mem_tmp2_256 ,regb +7b1c 1a420a00 copy regb ,contw +7b1d 1e008c38 add alarm ,56 ,contr +7b1e 20407c94 call memcpy8 +7b1f 20407ca8 call memset0_4 +7b20 1e008c24 add alarm ,36 ,contr +7b21 20407c90 call memcpy12 +7b22 20407ca8 call memset0_4 +7b23 1e008c34 add alarm ,52 ,contr +7b24 20407c91 call memcpy4 +7b25 19622200 copy timeup ,rega +7b26 1a220a00 copy rega ,contw +7b27 20207b4b branch bn_submod_256 + +bn_load_mem: +7b28 18007220 force 32 ,loopcnt +7b29 d8a00ace arg mem_regext ,contw +7b2a 98a08a00 iadd contw ,contw +7b2b 20207cdc branch memcpy + +bn_load_256: +7b2c 18007208 force 8 ,loopcnt +7b2d 20207636 branch bn_load_0 + +bn_sqrmod_256: +7b2e 1a222400 copy rega ,regb +7b2f 20207a96 branch bn_mulmod_256 + +bn_add_256: +7b30 18007208 force 8 ,loopcnt +7b31 202075c7 branch bn_add + 1 + +bn_addmod_256: +7b32 20407b30 call bn_add_256 +7b33 18a22200 copy contw ,rega +7b34 20207b36 branch bn_lshiftmod_ismod_256 + +bn_lshiftmod_256: +7b35 20407b63 call bn_lshift_256 + +bn_lshiftmod_ismod_256: +7b36 2a6ffe00 isolate1 0 ,regc +7b37 2020fb3f branch bn_lshiftmod_p_256 ,true +7b38 da40091a arg mem_p_256 ,regb +7b39 1a222600 copy rega ,regc +7b3a 1a20a3e0 increase -32 ,rega +7b3b 20407b66 call bn_bigeq_256 +7b3c 24610000 nrtn positive +7b3d 1a622200 copy regc ,rega +7b3e 20207b47 branch sub_p2_256 + +bn_lshiftmod_p_256: +7b3f 20407b47 call sub_p2_256 +7b40 1a222600 copy rega ,regc +7b41 1a20a3e0 increase -32 ,rega +7b42 da40091a arg mem_p_256 ,regb +7b43 20407b66 call bn_bigeq_256 +7b44 24610000 nrtn positive +7b45 1a622200 copy regc ,rega +7b46 20207b47 branch sub_p2_256 + +sub_p2_256: +7b47 1a20a3e0 increase -32 ,rega +7b48 da40091a arg mem_p_256 ,regb +7b49 1a220a00 copy rega ,contw +7b4a 20207b5e branch bn_sub_256 + +bn_submod_256: +7b4b 20407b5e call bn_sub_256 +7b4c 2020fb55 branch bn_submod_256_np ,true +7b4d 18a0a3e0 add contw ,-32 ,rega +7b4e da40091a arg mem_p_256 ,regb +7b4f 20407b66 call bn_bigeq_256 +7b50 24610000 nrtn positive +7b51 da40091a arg mem_p_256 ,regb +7b52 18a0a3e0 add contw ,-32 ,rega +7b53 1a220a00 copy rega ,contw +7b54 20207b5e branch bn_sub_256 + +bn_submod_256_np: +7b55 18a0a3e0 add contw ,-32 ,rega +7b56 da40091a arg mem_p_256 ,regb +7b57 1a220a00 copy rega ,contw +7b58 20407b30 call bn_add_256 +7b59 20608000 rtn true +7b5a 18a0a3e0 add contw ,-32 ,rega +7b5b da40091a arg mem_p_256 ,regb +7b5c 1a220a00 copy rega ,contw +7b5d 20207b30 branch bn_add_256 + +bn_sub_256: +7b5e 18007208 force 8 ,loopcnt +7b5f 202075d5 branch bn_sub + 1 + +bn_rshift_256: +7b60 18007208 force 8 ,loopcnt +7b61 1a20a21c increase 28 ,rega +7b62 202075e4 branch bn_rshift + +bn_lshift_256: +7b63 18007208 force 8 ,loopcnt +7b64 18002600 force 0 ,regc +7b65 202075f2 branch bn_lshift_0 + +bn_bigeq_256: +7b66 18007208 force 8 ,loopcnt +7b67 1a20a21c increase 28 ,rega +7b68 1a40a41c increase 28 ,regb +7b69 202075bc branch bn_bigeq_0 + +bn_eq_zero_256: +7b6a eff00006 ifetch 8 ,contr +7b6b 247a0000 nrtn blank +7b6c 202075aa branch bn_eq_zero + +bn_rshifteven_256: +7b6d 1a226000 copy rega ,alarm + +bn_rshifteven_256_1: +7b6e 1e022200 copy alarm ,rega +7b6f efe20011 ifetch 1 ,rega +7b70 2feffe00 isolate1 0 ,pdata +7b71 20608000 rtn true +7b72 20407b60 call bn_rshift_256 +7b73 efe20012 ifetch 1 ,regb +7b74 2fec0000 isolate0 0 ,pdata +7b75 2020fb7d branch bn_rshifteven_256_0 ,true +7b76 da20091a arg mem_p_256 ,rega +7b77 1a420a00 copy regb ,contw +7b78 20407b30 call bn_add_256 +7b79 efe20012 ifetch 1 ,regb +7b7a 9a60fe00 iadd regc ,pdata +7b7b e7e20012 istore 1 ,regb +7b7c 1a40a5e0 increase -32 ,regb + +bn_rshifteven_256_0: +7b7d 1a40a220 add regb ,32 ,rega +7b7e 18007209 force 9 ,loopcnt +7b7f 204075e4 call bn_rshift +7b80 20207b6e branch bn_rshifteven_256_1 + +ui_init: +7b81 20404c20 call lpm_disable_exen_output +7b82 20758000 rtn wake +7b83 20207b9a branch ui_timer_init + +ui_dispatch: +7b84 20207b89 branch ui_timer_check + +ui_timer_timeout: +7b85 58001000 setarg 0x1000 +7b86 1ff07e00 lshift16 pdata ,pdata +7b87 9a40a400 iadd regb ,regb +7b88 20600000 rtn + +ui_timer_check: +7b89 474ec033 bpatchx patch33_5 ,mem_patch33 +7b8a da200000 arg 0 ,rega +7b8b 6848464a fetcht 4 ,mem_ui_timer_last_btclk +7b8c 1c422400 copy clkn_bt ,regb +7b8d 1a427e00 copy regb ,pdata +7b8e 98467c00 isub temp ,null +7b8f 24417b85 ncall ui_timer_timeout ,positive + +ui_timer_check_loop: +7b90 1a427e00 copy regb ,pdata +7b91 184084a0 increase 160 ,temp +7b92 184084a0 increase 160 ,temp +7b93 98467c00 isub temp ,null +7b94 24217b9d nbranch ui_timer_check_end ,positive +7b95 1a20a201 increase 1 ,rega +7b96 1a217e0f and rega ,0x0f ,pdata +7b97 243a7b90 nbranch ui_timer_check_loop ,blank +7b98 da200000 arg 0 ,rega +7b99 20407ba4 call ui_timer_check_send_evt + +ui_timer_init: +7b9a 1c427e00 copy clkn_bt ,pdata +7b9b 67e8464a store 4 ,mem_ui_timer_last_btclk +7b9c 20600000 rtn + +ui_timer_check_end: +7b9d 474f4033 bpatchx patch33_6 ,mem_patch33 +7b9e 1a227e00 copy rega ,pdata +7b9f 207a0000 rtn blank +7ba0 18408560 increase -160 ,temp +7ba1 18408560 increase -160 ,temp +7ba2 793f841c set0 28 ,temp +7ba3 6048464a storet 4 ,mem_ui_timer_last_btclk + +ui_timer_check_send_evt: +7ba4 20204cf8 branch app_evt_timer + +ui_ipc_get_lock: +7ba5 70463801 jam 1 ,mem_ipc_lock_bt + +ui_ipc_get_lock_wait: +7ba6 6fe24639 fetch 1 ,mem_ipc_lock_c51 +7ba7 243a7ba6 nbranch ui_ipc_get_lock_wait ,blank +7ba8 20600000 rtn + +ui_ipc_put_lock: +7ba9 70463800 jam 0 ,mem_ipc_lock_bt +7baa 20600000 rtn + +ui_ipc_send_event: +7bab 474fc033 bpatchx patch33_7 ,mem_patch33 +7bac 20407ba5 call ui_ipc_get_lock +7bad 1a227e00 copy rega ,pdata +7bae 67e80a8d store 4 ,mem_ipc_rega_temp +7baf da20463a arg mem_ipc_fifo_bt2c51 ,rega +7bb0 20407d90 call fifo_in +7bb1 6fe80a8d fetch 4 ,mem_ipc_rega_temp +7bb2 1fe22200 copy pdata ,rega +7bb3 20207ba9 branch ui_ipc_put_lock + +ui_ipc_send_cmd: +7bb4 47504034 bpatchx patch34_0 ,mem_patch34 +7bb5 20407ba5 call ui_ipc_get_lock +7bb6 1a227e00 copy rega ,pdata +7bb7 67e80a8d store 4 ,mem_ipc_rega_temp +7bb8 da204642 arg mem_ipc_fifo_c512bt ,rega +7bb9 20407d90 call fifo_in +7bba 6fe80a8d fetch 4 ,mem_ipc_rega_temp +7bbb 1fe22200 copy pdata ,rega +7bbc 20207ba9 branch ui_ipc_put_lock + +ui_ipc_clean_all_fifo: +7bbd 58000000 setarg 0 +7bbe 67f04642 store util_fifo_len ,mem_ipc_fifo_c512bt +7bbf 67f0463a store util_fifo_len ,mem_ipc_fifo_bt2c51 +7bc0 20600000 rtn + +check_51cmd: +7bc1 4750c034 bpatchx patch34_1 ,mem_patch34 +7bc2 6fe241cf fetch 1 ,mem_hci_cmd +7bc3 247a0000 nrtn blank +7bc4 da204642 arg mem_ipc_fifo_c512bt ,rega +7bc5 20407da8 call fifo_is_empty +7bc6 207a0000 rtn blank +7bc7 700a8c00 jam ipc_continue_process ,mem_ipc_skip_continue_proc +7bc8 20407bcc call check_51cmd_once +7bc9 6fe20a8c fetch 1 ,mem_ipc_skip_continue_proc +7bca 203a7bc1 branch check_51cmd ,blank +7bcb 20600000 rtn + +check_51cmd_once: +7bcc 20407ba5 call ui_ipc_get_lock +7bcd da204642 arg mem_ipc_fifo_c512bt ,rega +7bce 20407d9c call fifo_out +7bcf 1fe20400 copy pdata ,temp +7bd0 20407ba9 call ui_ipc_put_lock +7bd1 47514034 bpatchx patch34_2 ,mem_patch34 +7bd2 18427e00 copy temp ,pdata +7bd3 207a0000 rtn blank +7bd4 c000fbff beq bt_cmd_start_discovery ,check_51cmd_start_discovery +7bd5 c0017c04 beq bt_cmd_stop_discovery ,check_51cmd_stop_discovery +7bd6 c001fc0a beq bt_cmd_reconnect ,check_51cmd_reconnect +7bd7 c003fc0f beq bt_cmd_enter_sniff_subrating ,check_51cmd_enter_sniff_subrating +7bd8 c0047c10 beq bt_cmd_exit_sniff_subrating ,check_51cmd_exit_sniff_subrating +7bd9 c004fc11 beq bt_cmd_sniff_test ,check_51cmd_sniff_test +7bda c005fc14 beq bt_cmd_start_inquiry ,check_51cmd_inq +7bdb c0067c15 beq bt_cmd_stop_inquiry ,check_51cmd_stop_inq +7bdc c006fc16 beq bt_cmd_start_adv ,check_51cmd_adv +7bdd c0077c1c beq bt_cmd_stop_adv ,check_51cmd_stop_adv +7bde c007fc21 beq bt_cmd_start_direct_adv ,check_51cmd_direct_adv +7bdf c0087c27 beq bt_cmd_stop_direct_adv ,check_51cmd_stop_direct_adv +7be0 c00b7c31 beq bt_cmd_le_start_conn ,check_51cmd_le_start_con +7be1 c00bfc34 beq bt_cmd_le_start_scan ,check_51cmd_start_scan +7be2 c00c7c36 beq bt_cmd_le_stop_scan ,check_51cmd_stop_scan +7be3 c00cfc39 beq bt_cmd_enter_hibernate ,check_51cmd_hibernate +7be4 c00dfc3d beq bt_cmd_le_smp_security_request ,check_51cmd_le_smp_sec_req +7be5 c00f7c47 beq bt_cmd_bb_reconn_cancel ,check_51cmd_bb_reconn_cancel +7be6 67e20a95 store 1 ,mem_fifo_temp +7be7 4751c034 bpatchx patch34_3 ,mem_patch34 +7be8 2040669e call lmo_fifo_check +7be9 243a7bfd nbranch check_51cmd_restore ,blank + +check_51cmd_once_continue: +7bea 6fe20a95 fetch 1 ,mem_fifo_temp +7beb c584fbf8 bmark0 mark_context ,check_51cmd_check_idle +7bec c0027c0c beq bt_cmd_disconnect ,check_51cmd_disconnect +7bed c002d0fd beq bt_cmd_enter_sniff ,cmd_in_sniff +7bee c003510c beq bt_cmd_exit_sniff ,cmd_exit_sniff +7bef c0057c12 beq bt_cmd_set_pin_code ,check_51cmd_pincode +7bf0 c008fc2c beq bt_cmd_le_disconnect ,check_51cmd_le_disconnect +7bf1 c0097c30 beq bt_cmd_le_update_conn ,check_51cmd_ble_update_connect_param +7bf2 c00efc3e beq bt_cmd_role_switch ,check_51cmd_role_switch +7bf3 c00fe7fd beq bt_cmd_store_reconn_info_le ,eeprom_store_le_reconn_info +7bf4 c01067fd beq bt_cmd_store_reconn_info_bt ,eeprom_store_bd_reconn_info +7bf5 c010fc49 beq bt_cmd_dhkey_not_accept ,check_51cmd_dhkey_not_accept +7bf6 c012e7fd beq bt_cmd_store_reconn_info ,check_51cmd_store_reconn_info +7bf7 20600000 rtn + +check_51cmd_check_idle: +7bf8 67e20a95 store 1 ,mem_fifo_temp +7bf9 2040424e call context_check_idle +7bfa 2022fbfd branch check_51cmd_restore ,zero +7bfb 20404256 call context_search_plap +7bfc 24628000 nrtn zero + +check_51cmd_restore: +7bfd 700a8c01 jam ipc_skip_continue_process ,mem_ipc_skip_continue_proc +7bfe 20207bb4 branch ui_ipc_send_cmd + +check_51cmd_start_discovery: +7bff 6fe44652 fetch 2 ,mem_ui_state_map +7c00 79207e06 set1 ui_state_bt_discovery +7c01 67e44652 store 2 ,mem_ui_state_map +7c02 70409303 jam 3 ,mem_scan_mode +7c03 20600000 rtn + +check_51cmd_stop_discovery: +7c04 70465000 jam 0 ,mem_hid_handshake_timer_count +7c05 70409300 jam 0 ,mem_scan_mode +7c06 6fe44652 fetch 2 ,mem_ui_state_map +7c07 793ffe06 set0 ui_state_bt_discovery +7c08 67e44652 store 2 ,mem_ui_state_map +7c09 20600000 rtn + +check_51cmd_reconnect: +7c0a 7041cf05 jam hci_cmd_create_conn ,mem_hci_cmd +7c0b 20600000 rtn + +check_51cmd_disconnect: +7c0c 70007c07 jam lmp_detach ,mem_lmo_opcode2 +7c0d 7004c613 jam other_end_terminated ,mem_disconn_reason_send +7c0e 20600000 rtn + +check_51cmd_enter_sniff_subrating: +7c0f 20600000 rtn + +check_51cmd_exit_sniff_subrating: +7c10 20600000 rtn + +check_51cmd_sniff_test: +7c11 20600000 rtn + +check_51cmd_pincode: +7c12 7004d002 jam pincode_state_pincode_ready ,mem_pincode_state +7c13 202050f0 branch cmd_pair + +check_51cmd_inq: +7c14 20600000 rtn + +check_51cmd_stop_inq: +7c15 20600000 rtn + +check_51cmd_adv: +7c16 70434001 jam on ,mem_le_adv_enable +7c17 70445600 jam adv_ind ,mem_le_adv_type +7c18 6fe44652 fetch 2 ,mem_ui_state_map +7c19 79207e0b set1 ui_state_ble_adv ,pdata +7c1a 67e44652 store 2 ,mem_ui_state_map +7c1b 20600000 rtn + +check_51cmd_stop_adv: +7c1c 6fe44652 fetch 2 ,mem_ui_state_map +7c1d 793ffe0b set0 ui_state_ble_adv ,pdata +7c1e 67e44652 store 2 ,mem_ui_state_map +7c1f 70434000 jam off ,mem_le_adv_enable +7c20 20600000 rtn + +check_51cmd_direct_adv: +7c21 70434001 jam on ,mem_le_adv_enable +7c22 70445601 jam adv_direct_ind ,mem_le_adv_type +7c23 6fe44652 fetch 2 ,mem_ui_state_map +7c24 79207e0b set1 ui_state_ble_adv ,pdata +7c25 67e44652 store 2 ,mem_ui_state_map +7c26 20600000 rtn + +check_51cmd_stop_direct_adv: +7c27 6fe44652 fetch 2 ,mem_ui_state_map +7c28 793ffe0b set0 ui_state_ble_adv ,pdata +7c29 67e44652 store 2 ,mem_ui_state_map +7c2a 70434000 jam off ,mem_le_adv_enable +7c2b 20600000 rtn + +check_51cmd_le_disconnect: +7c2c 58000014 setarg 20 +7c2d 67e40469 store 2 ,mem_le_superto +7c2e 67e4448c store 2 ,mem_le_init_superto +7c2f 20206073 branch le_send_terminate_ind_user_terminated + +check_51cmd_ble_update_connect_param: +7c30 20205e9f branch le_l2cap_tx_update_req + +check_51cmd_le_start_con: +7c31 70433b01 jam on ,mem_le_scan_enable +7c32 7041cf1b jam hci_cmd_le_create_conn ,mem_hci_cmd +7c33 20600000 rtn + +check_51cmd_start_scan: +7c34 70433b01 jam on ,mem_le_scan_enable +7c35 20600000 rtn + +check_51cmd_stop_scan: +7c36 70433b00 jam off ,mem_le_scan_enable +7c37 7041cf00 jam 0 ,mem_hci_cmd +7c38 20600000 rtn + +check_51cmd_hibernate: +7c39 6fe441ec fetch 2 ,mem_cb_before_hibernate +7c3a 20407d77 call callback_func +7c3b 20407bbd call ui_ipc_clean_all_fifo +7c3c 20204afe branch lpm_hibernate + +check_51cmd_le_smp_sec_req: +7c3d 20205ee2 branch le_send_smp_security_request + +check_51cmd_role_switch: +7c3e 70007c34 jam lmp_slot_offset ,mem_lmo_opcode2 +7c3f 79200003 set1 mark_switch_initiated ,mark +7c40 24748000 nrtn master +7c41 70452d00 jam switch_flag_init ,mem_switch_flag +7c42 70007c13 jam lmp_switch_req ,mem_lmo_opcode2 +7c43 6fe2016b fetch 1 ,mem_connection_options +7c44 793ffe02 set0 connection_switch ,pdata +7c45 67e2016b store 1 ,mem_connection_options +7c46 20600000 rtn + +check_51cmd_bb_reconn_cancel: +7c47 18000e03 force page_length_timer ,queue +7c48 20207ce2 branch timer_stop + +check_51cmd_dhkey_not_accept: +7c49 204066da call tid_set_reply +7c4a 70007d41 jam lmp_dhkey_check ,mem_lmi_opcode2 +7c4b 2020637f branch parse_lmp_dhkey_check_reject + +right_shift_n: +7c4c 1f267c00 sub loopcnt ,0 ,null +7c4d 20628000 rtn zero + +right_shift_n_loop: +7c4e 1fe37e00 rshift pdata ,pdata +7c4f c2007c4e loop right_shift_n_loop +7c50 20600000 rtn + +left_shift_n: +7c51 18007e01 force 1 ,pdata +7c52 1f267c00 sub loopcnt ,0 ,null +7c53 20628000 rtn zero + +left_shift_n_loop: +7c54 1fe3fe00 lshift pdata ,pdata +7c55 c2007c54 loop left_shift_n_loop +7c56 20600000 rtn + +push_stack: +7c57 18a27e00 deposit contw +7c58 67e40ab7 store 2 ,mem_contw +7c59 60500a9e storet 8 ,mem_temp +7c5a 19627e00 deposit timeup +7c5b 67e80aa6 store 4 ,mem_timeup +7c5c 20407c60 call push_stack_rega_b_c +7c5d 18c27e00 deposit contr +7c5e 67e40ab5 store 2 ,mem_contr +7c5f 20600000 rtn + +push_stack_rega_b_c: +7c60 1a227e00 deposit rega +7c61 67e80aaa store 4 ,mem_rega +7c62 1a427e00 deposit regb +7c63 67e80aae store 4 ,mem_regb +7c64 1a627e00 deposit regc +7c65 67e60ab2 store 3 ,mem_regc +7c66 20600000 rtn + +pop_stack: +7c67 68500a9e fetcht 8 ,mem_temp +7c68 6fe80aa6 fetch 4 ,mem_timeup +7c69 98001600 iforce timeup +7c6a 20407c70 call pop_stack_rega_b_c +7c6b 6fe40ab7 fetch 2 ,mem_contw +7c6c 98000a00 iforce contw +7c6d 6fe40ab5 fetch 2 ,mem_contr +7c6e 98000c00 iforce contr +7c6f 20600000 rtn + +pop_stack_rega_b_c: +7c70 6fe80aaa fetch 4 ,mem_rega +7c71 98002200 iforce rega +7c72 6fe80aae fetch 4 ,mem_regb +7c73 98002400 iforce regb +7c74 6fe60ab2 fetch 3 ,mem_regc +7c75 98002600 iforce regc +7c76 20600000 rtn + +get_contw: +7c77 6fe40ab7 fetch 2 ,mem_contw +7c78 1fe20a00 copy pdata ,contw +7c79 20600000 rtn + +get_contr: +7c7a 6fe40ab5 fetch 2 ,mem_contr +7c7b 1fe20c00 copy pdata ,contr +7c7c 20600000 rtn + +store_contw: +7c7d 18a27e00 copy contw ,pdata +7c7e 67e40ab7 store 2 ,mem_contw +7c7f 20600000 rtn + +store_contr: +7c80 18c27e00 copy contr ,pdata +7c81 67e40ab5 store 2 ,mem_contr +7c82 20600000 rtn + +save_cont_pointers: +7c83 18a27e00 copy contw ,pdata +7c84 67e40a93 store 2 ,mem_hold_contw +7c85 18c27e00 copy contr ,pdata +7c86 67e40a91 store 2 ,mem_hold_contr +7c87 20600000 rtn + +load_cont_pointers: +7c88 6fe40a93 fetch 2 ,mem_hold_contw +7c89 1fe20a00 copy pdata ,contw +7c8a 6fe40a91 fetch 2 ,mem_hold_contr +7c8b 1fe20c00 copy pdata ,contr +7c8c 20600000 rtn + +memcpy96: +7c8d 20407c98 call memcpy32 + +memcpy64: +7c8e 20407c98 call memcpy32 +7c8f 20207c98 branch memcpy32 + +memcpy12: +7c90 20407c94 call memcpy8 + +memcpy4: +7c91 efe80006 ifetch 4 ,contr +7c92 e7e80005 istore 4 ,contw +7c93 20600000 rtn + +memcpy8: +7c94 eff00006 ifetch 8 ,contr +7c95 e7f00005 istore 8 ,contw +7c96 20600000 rtn + +memcpy48: +7c97 20407c9a call memcpy16 + +memcpy32: +7c98 20407c94 call memcpy8 + +memcpy24: +7c99 20407c94 call memcpy8 + +memcpy16: +7c9a 20407c94 call memcpy8 +7c9b 20207c94 branch memcpy8 + +delay_10ms: +7c9c df20000a arg 10 ,loopcnt + +delay_ms_wait: +7c9d 20002ee0 nop 12000 +7c9e c2007c9d loop delay_ms_wait +7c9f 20600000 rtn + +bn_zero: +7ca0 18007203 force 3 ,loopcnt + +memset0: +7ca1 18007e00 force 0 ,pdata + +memset8: +7ca2 e7f00005 istore 8 ,contw +7ca3 c2007ca2 loop memset8 +7ca4 20600000 rtn + +memset0_8: +7ca5 18007e00 force 0 ,pdata +7ca6 e7f00005 istore 8 ,contw +7ca7 20600000 rtn + +memset0_4: +7ca8 18007e00 force 0 ,pdata +7ca9 e7e80005 istore 4 ,contw +7caa 20600000 rtn + +clear_mem_256: +7cab 18007204 force 4 ,loopcnt +7cac 20207ca1 branch memset0 + +clear_mem_512: +7cad 18007208 force 8 ,loopcnt +7cae 20207ca1 branch memset0 + +clear_mem: +7caf 1f227e00 deposit loopcnt +7cb0 207a0000 rtn blank +7cb1 58000000 setarg 0 + +clear_mem_loop: +7cb2 e7e20005 istore 1 ,contw +7cb3 c2007cb2 loop clear_mem_loop +7cb4 20600000 rtn + +clear_temp_block: +7cb5 df200020 arg 32 ,loopcnt +7cb6 d8a00abe arg mem_temp_block0 ,contw +7cb7 20207caf branch clear_mem + +xor_loop: +7cb8 efe80013 ifetch 4 ,regc +7cb9 e8480011 ifetcht 4 ,rega +7cba 9842fe00 ixor temp ,pdata +7cbb e7e80005 istore 4 ,contw +7cbc 1a20a204 increase 4 ,rega +7cbd 1a60a604 increase 4 ,regc +7cbe c2007cb8 loop xor_loop +7cbf 20600000 rtn + +inverse_data: +7cc0 47524034 bpatchx patch34_4 ,mem_patch34 +7cc1 1f227e00 copy loopcnt ,pdata +7cc2 1fe67c01 sub pdata ,1 ,null +7cc3 20610000 rtn positive +7cc4 9a20a400 iadd rega ,regb +7cc5 1a40a5ff increase -1 ,regb +7cc6 1f237200 rshift loopcnt ,loopcnt + +inverse_loop: +7cc7 e8420011 ifetcht 1 ,rega +7cc8 efe20012 ifetch 1 ,regb +7cc9 e7e20011 istore 1 ,rega +7cca e0420012 istoret 1 ,regb +7ccb 1a40a5ff increase -1 ,regb +7ccc 1a20a201 increase 1 ,rega +7ccd c2007cc7 loop inverse_loop +7cce 20600000 rtn + +memcpy_fast: +7ccf 1f227e00 deposit loopcnt +7cd0 207a0000 rtn blank + +memcpy_fast_loop: +7cd1 1f20f3f8 increase -8 ,loopcnt +7cd2 20417c94 call memcpy8 ,positive +7cd3 20628000 rtn zero +7cd4 20217cd1 branch memcpy_fast_loop ,positive +7cd5 1f20f208 increase 8 ,loopcnt + +memcpy_fast_loop_four: +7cd6 1f20f3fc increase -4 ,loopcnt +7cd7 20417c91 call memcpy4 ,positive +7cd8 20628000 rtn zero +7cd9 20217cd6 branch memcpy_fast_loop_four ,positive +7cda 1f20f204 increase 4 ,loopcnt +7cdb 20207cdc branch memcpy + +memcpy: +7cdc 1f227e00 deposit loopcnt +7cdd 207a0000 rtn blank + +memcpy_loop: +7cde efe20006 ifetch 1 ,contr +7cdf e7e20005 istore 1 ,contw +7ce0 c2007cde loop memcpy_loop +7ce1 20600000 rtn + +timer_stop: +7ce2 58000000 setarg 0 + +timer_init: +7ce3 1c430400 rshift clkn_bt ,temp +7ce4 60484094 storet 4 ,mem_last_clkn +7ce5 d8a0419e arg mem_timers ,contw +7ce6 98000400 iforce temp +7ce7 18e3fe00 lshift queue ,pdata +7ce8 98a08a00 iadd contw ,contw +7ce9 e0440005 istoret 2 ,contw +7cea 4752c034 bpatchx patch34_5 ,mem_patch34 +7ceb 20600000 rtn + +timer_check_timeout: +7cec d9600800 arg 0x800 ,timeup +7ced 19701600 lshift16 timeup ,timeup +7cee 9960fe00 iadd timeup ,pdata +7cef 20600000 rtn + +timer_reinit: +7cf0 d8e00000 arg 0 ,queue + +timer_check: +7cf1 47534034 bpatchx patch34_6 ,mem_patch34 +7cf2 68484094 fetcht 4 ,mem_last_clkn +7cf3 1c437e00 rshift clkn_bt ,pdata +7cf4 67e84094 store 4 ,mem_last_clkn +7cf5 98467c00 isub temp ,null +7cf6 24417cec ncall timer_check_timeout ,positive +7cf7 98461600 isub temp ,timeup +7cf8 19620400 copy timeup ,temp +7cf9 d8c0419e arg mem_timers ,contr +7cfa 18c20a00 copy contr ,contw +7cfb df200010 arg 16 ,loopcnt + +timer_loop: +7cfc efe40006 ifetch 2 ,contr +7cfd 98467e00 isub temp ,pdata +7cfe 20217d00 branch timer_counting ,positive +7cff 18007e00 force 0 ,pdata + +timer_counting: +7d00 e7e40005 istore 2 ,contw +7d01 c2007cfc loop timer_loop +7d02 d8c0419e arg mem_timers ,contr +7d03 18e3fe00 lshift queue ,pdata +7d04 98c08c00 iadd contr ,contr +7d05 efe40006 ifetch 2 ,contr +7d06 20600000 rtn + +clk_add: +7d07 98408400 iadd temp ,temp +7d08 18427200 copy temp ,loopcnt +7d09 58000ea6 setarg 3750 +7d0a 9f267e00 isub loopcnt ,pdata +7d0b 20610000 rtn positive +7d0c 1fe67e00 sub pdata ,0 ,pdata +7d0d 18510400 rshift16 temp ,temp +7d0e 18408401 increase 1 ,temp +7d0f 18500400 lshift16 temp ,temp +7d10 98418400 ior temp ,temp +7d11 20600000 rtn + +clk_diff_rt: +7d12 20407d14 call clk_diff +7d13 20207d1e branch clk2rt + +clk_diff: +7d14 78547c00 disable user +7d15 98467e00 isub temp ,pdata +7d16 20217d19 branch clk_diff_pos ,positive +7d17 78347c00 enable user +7d18 1fe67e00 sub pdata ,0 ,pdata + +clk_diff_pos: +7d19 c4078000 rtnbit0 15 +7d1a d85f0ea6 arg -61786 ,temp +7d1b 9840fe00 iadd temp ,pdata +7d1c 793ffe40 set0 64 ,pdata +7d1d 20600000 rtn + +clk2rt: +7d1e 98000c00 iforce contr +7d1f 1ff17e00 rshift16 pdata ,pdata +7d20 d8400ea6 arg 3750 ,temp +7d21 984ffe00 imul32 temp ,pdata +7d22 98c0fe00 iadd contr ,pdata +7d23 20600000 rtn + +clk2lpo: +7d24 1fed7e00 lshift8 pdata ,pdata +7d25 1ff27e00 lshift4 pdata ,pdata +7d26 68464170 fetcht 3 ,mem_clks_per_lpo +7d27 9846fc00 idiv temp +7d28 20407d61 call wait_div_end +7d29 18078400 quotient temp +7d2a 20600000 rtn + +clk2bt: +7d2b d8400ea6 arg 3750 ,temp +7d2c 9846fc00 idiv temp +7d2d 20407d61 call wait_div_end +7d2e 1807fe00 quotient pdata +7d2f 1ff07e00 lshift16 pdata ,pdata +7d30 18070400 remainder temp +7d31 98418400 ior temp ,temp +7d32 20600000 rtn + +string2dec_from_uart: +7d33 d8400000 arg 0 ,temp + +string2dec_from_uart_done: +7d34 18422600 copy temp ,regc +7d35 efe20003 ifetch 1 ,contru +7d36 20407d3f call uchar2dialog +7d37 1a620400 copy regc ,temp +7d38 20407d70 call swap +7d39 da40000a arg 10 ,regb +7d3a 9a4ffe00 imul32 regb ,pdata +7d3b 9840fe00 iadd temp ,pdata +7d3c 1fe20400 copy pdata ,temp +7d3d c2007d34 loop string2dec_from_uart_done +7d3e 20600000 rtn + +uchar2dialog: +7d3f d840003a arg 0x3a ,temp +7d40 98467c00 isub temp ,null +7d41 24217d48 nbranch uchar2dialog_number ,positive +7d42 d8400061 arg 0x61 ,temp +7d43 98467c00 isub temp ,null +7d44 20217d4b branch uchar2dialog_a2f ,positive +7d45 d8400037 arg 0x37 ,temp +7d46 98467e00 isub temp ,pdata +7d47 20600000 rtn + +uchar2dialog_number: +7d48 d8400030 arg 0x30 ,temp +7d49 98467e00 isub temp ,pdata +7d4a 20600000 rtn + +uchar2dialog_a2f: +7d4b d8400057 arg 0x57 ,temp +7d4c 98467e00 isub temp ,pdata +7d4d 20600000 rtn + +pn9: +7d4e 18426000 copy temp ,alarm +7d4f 580001ff setarg 0x1ff +7d50 18002400 force 0 ,regb + +pn9_loop: +7d51 1fe92200 rshift3 pdata ,rega +7d52 1a232200 rshift rega ,rega +7d53 9a22a200 ixor rega ,rega +7d54 2a2ffe00 isolate1 0 ,rega +7d55 7920fe09 setflag true ,9 ,pdata +7d56 18430400 rshift temp ,temp +7d57 2feffe00 isolate1 0 ,pdata +7d58 79208407 setflag true ,7 ,temp +7d59 1fe37e00 rshift pdata ,pdata +7d5a 1a40a401 increase 1 ,regb +7d5b 2a400e00 compare 0 ,regb ,0x7 +7d5c 2420fd51 nbranch pn9_loop ,true +7d5d e0420005 istoret 1 ,contw +7d5e c2007d51 loop pn9_loop +7d5f 1e020400 copy alarm ,temp +7d60 20600000 rtn + +wait_div_end: +7d61 207a8000 rtn modone +7d62 20207d61 branch wait_div_end + +compare_loop: + +string_compare: +7d63 efe20011 ifetch 1 ,rega +7d64 e8420012 ifetcht 1 ,regb +7d65 98467c00 isub temp ,null +7d66 24628000 nrtn zero +7d67 1a20a201 increase 1 ,rega +7d68 1a40a401 increase 1 ,regb +7d69 c2007d63 loop string_compare +7d6a 18007c00 force 0 ,null +7d6b 20600000 rtn + +ceiling: +7d6c 98467c00 isub temp ,null +7d6d 24610000 nrtn positive +7d6e 18427e00 deposit temp +7d6f 20600000 rtn + +swap: +7d70 9840fe00 iadd temp ,pdata +7d71 98460400 isub temp ,temp +7d72 98467e00 isub temp ,pdata +7d73 20600000 rtn + +clean_mem: +7d74 df200200 arg 0x200 ,loopcnt +7d75 d8a04000 arg 0x4000 ,contw +7d76 20207ca1 branch memset0 + +callback_func: +7d77 207a0000 rtn blank +7d78 1fe27a00 copy pdata ,pc + +ice_break: +7d79 70820301 hjam 0x1 ,core_ice_ctrl +7d7a 20600000 rtn + +ice_setbp: +7d7b 67e48205 hstore 2 ,core_ice_break0 +7d7c 6fe28203 hfetch 1 ,core_ice_ctrl +7d7d 79207e04 set1 4 ,pdata +7d7e 67e28203 hstore 1 ,core_ice_ctrl +7d7f 20600000 rtn + +ice_setbp2: +7d80 67e48207 hstore 2 ,core_ice_break1 +7d81 6fe28203 hfetch 1 ,core_ice_ctrl +7d82 79207e06 set1 6 ,pdata +7d83 67e28203 hstore 1 ,core_ice_ctrl +7d84 20600000 rtn + +ice_set_write_bp: +7d85 67e48205 hstore 2 ,core_ice_break0 +7d86 70820330 hjam 0x30 ,core_ice_ctrl +7d87 20600000 rtn + +test_no_white: +7d88 6fe28043 hfetch 1 ,core_config +7d89 79207e04 set1 whiteoff_bit ,pdata +7d8a 67e28043 hstore 1 ,core_config +7d8b 20600000 rtn + +test_enable_white: +7d8c 6fe28043 hfetch 1 ,core_config +7d8d 793ffe04 set0 whiteoff_bit ,pdata +7d8e 67e28043 hstore 1 ,core_config +7d8f 20600000 rtn + +fifo_in: +7d90 4753c034 bpatchx patch34_7 ,mem_patch34 +7d91 e8500011 ifetcht util_fifo_len ,rega +7d92 18417eff and temp ,0xff ,pdata +7d93 243a7d96 nbranch fifo_in_push ,blank +7d94 184cfe00 rshift8 temp ,pdata +7d95 e7f00011 istore util_fifo_len ,rega + +fifo_in_push: +7d96 1a20a207 increase util_fifo_len + util_fifo_offset ,rega +7d97 efe20011 ifetch 1 ,rega +7d98 243a4a8b nbranch assert ,blank +7d99 6fe20a95 fetch 1 ,mem_fifo_temp +7d9a e7e20011 istore 1 ,rega +7d9b 20600000 rtn + +fifo_out: +7d9c 47544035 bpatchx patch35_0 ,mem_patch35 +7d9d df200008 arg util_fifo_len ,loopcnt +7d9e eff00011 ifetch util_fifo_len ,rega +7d9f 207a0000 rtn blank + +fifo_out_loop: +7da0 efe20011 ifetch 1 ,rega +7da1 243a7da5 nbranch fifo_out_end ,blank +7da2 1a20a201 increase 1 ,rega +7da3 c2007da0 loop fifo_out_loop +7da4 20204a8b branch assert + +fifo_out_end: +7da5 d8400000 arg 0 ,temp +7da6 e0420011 istoret 1 ,rega +7da7 20600000 rtn + +fifo_is_empty: +7da8 eff00011 ifetch util_fifo_len ,rega +7da9 20600000 rtn + +fifo_is_full: +7daa efe20011 ifetch 1 ,rega +7dab 20600000 rtn + +fifo_is_near_full: +7dac efe40011 ifetch 2 ,rega +7dad 20600000 rtn + +fifo_content_count: +7dae d8400000 arg 0 ,temp + +fifo_content_count_loop: +7daf 6fe20006 fetch 1 ,contr +7db0 c2007daf loop fifo_content_count_loop ,blank +7db1 18408401 increase 1 ,temp +7db2 c2007daf loop fifo_content_count_loop +7db3 18427e00 copy temp ,pdata +7db4 20600000 rtn + +not_greater_than: +7db5 98467c00 isub temp ,null +7db6 24610000 nrtn positive +7db7 18427e00 copy temp ,pdata +7db8 20600000 rtn + +disable_positive: +7db9 18007dff force -1 ,null +7dba 20600000 rtn + +enable_positive: + +disable_zero: +7dbb 18007c01 force 1 ,null +7dbc 20600000 rtn + +enable_zero: +7dbd 18007c00 force 0 ,null +7dbe 20600000 rtn + +enable_user: +7dbf 78347c00 enable user +7dc0 20600000 rtn + +disable_user: +7dc1 78547c00 disable user +7dc2 20600000 rtn + +enable_user2: +7dc3 78367c00 enable user2 +7dc4 20600000 rtn + +disable_user2: +7dc5 78567c00 disable user2 +7dc6 20600000 rtn + +disable_blank: +7dc7 58000001 setarg 1 +7dc8 20600000 rtn + +enable_blank: +7dc9 58000000 setarg 0 +7dca 20600000 rtn + +reverse_byte: +7dcb 1f227e00 copy loopcnt ,pdata +7dcc 207a0000 rtn blank +7dcd 18c27e00 copy contr ,pdata +7dce 9f20fe00 iadd loopcnt ,pdata +7dcf 1fe0ffff increase -1 ,pdata +7dd0 1fe20c00 copy pdata ,contr + +reverse_loop: +7dd1 efe20006 ifetch 1 ,contr +7dd2 18c08dfe increase -2 ,contr +7dd3 e7e20005 istore 1 ,contw +7dd4 c2007dd1 loop reverse_loop +7dd5 20600000 rtn + Index: dukaqi/senrui/program/app.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/app.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/app.prog (working copy) @@ -0,0 +1,469 @@ +app_init: + bpatch patch16_2,mem_patch16 + fetch 1,mem_device_option + branch app_init,blank /* wait ram to be initialized */ + beq dvc_op_module,module_init + rtn + +app_lpm_init: + bpatch patch16_3,mem_patch16 + jam 0,mem_tester_emulate + jam 0,mem_debug_config + jam 0, mem_lch_code + setarg 0 + store 5,mem_sp_state_start + fetch 1,mem_device_option + branch app_lpm_init,blank /* wait ram to be initialized */ + beq dvc_op_module,module_lpm_init +app_lpm_init0: + rtn + + +app_process_idle: + call ui_dispatch + call check_51cmd + call app_process_bb_event + fetch 2,mem_cb_idle_process + branch callback_func + +app_process_bt: + fetch 2,mem_cb_bt_process + branch callback_func + +app_process_ble: + fetch 2,mem_cb_le_process + branch callback_func + +app_process_bb_event: + bpatch patch16_4,mem_patch16 + //return if c51 need to process bb event + arg mem_ipc_fifo_bt2c51,rega + call fifo_out + rtn blank + //reaching here mains c51 cannot get bb event. + copy pdata,regc + call app_event_normal_process + branch app_process_bb_event_priority + +app_discard_event: + arg 0,regc + rtn + +//************************************************// +//*APP BB EVENT NORMAL PROCESS**// +//************************************************// +app_event_normal_process: + beq BT_EVT_BB_CONNECTED,app_evt_bt_conn + beq BT_EVT_BUTTON_LONG_PRESSED,app_evt_button_long_pressed + beq BT_EVT_SETUP_COMPLETE,app_evt_setup_complete + beq BT_EVT_HID_HANDSHAKE,app_evt_hid_handshake + beq BT_EVT_HID_CONNECTED,app_bb_event_hid_connected + beq BT_EVT_RECONN_FAILED,app_bb_event_reconn_failed + beq BT_EVT_BB_DISCONNECTED,app_bb_event_bb_disconn + beq BT_EVT_RECONN_PAGE_TIMEOUT,app_bb_event_reconn_failed + beq BT_EVT_LE_CONNECTED,app_le_event_bb_connected + beq BT_EVT_LE_DISCONNECTED,app_le_event_bb_disconn + beq BT_EVT_RECONN_STARTED,app_event_reconn_start + beq BT_EVT_ENTER_SNIFF,app_event_enter_sniff + beq BT_EVT_EXIT_SNIFF,app_event_exit_sniff + + beq BT_EVT_ML2CAP_CONN_REFUSED,app_event_ml2cap_conn_refused + beq BT_EVT_LINKKEY_GENERATE,app_event_linkkey_generate + beq BT_EVT_SWITCH_FAIL_MASTER,app_event_switch_fail_master + beq BT_EVT_SWITCH_SUCCESS_MASTER,app_event_switch_success + rtn + + +app_evt_bt_conn: + fetch 2,mem_ui_state_map + set1 UI_STATE_BT_CONNECTED,pdata + store 2,mem_ui_state_map + fetch APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + set0 APP_DISC_BY_BUTTON ,pdata + store APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + rtn + +app_event_switch_success: + jam 0,mem_switch_fail_master_count + rtn + +app_event_switch_fail_master: + fetch 1,mem_switch_fail_master_count + increase 1,pdata + store 1,mem_switch_fail_master_count + sub pdata,1,null + branch app_bt_role_switch,positive + jam 0,mem_switch_fail_master_count + fetch APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + set1 APP_DISC_SWITCH_FAIL,pdata + store APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + branch app_bt_disconnect + +app_process_bb_event_priority: + fetch 2,mem_cb_bb_event_process + branch callback_func + +app_check_wake_lock: + fetch 2,mem_cb_check_wakelock + branch callback_func + +app_will_enter_lpm: + fetch 2,mem_cb_before_lpm + branch callback_func + +app_event_linkkey_generate: + fetch APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + set1 APP_DISC_AFTER_PAIRING ,pdata + store APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + branch app_bt_store_reconn_info + +app_event_reconn_start: + fetch 2,mem_ui_state_map + set1 UI_STATE_BT_RECONNECT,pdata + store 2,mem_ui_state_map + fetch APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + set1 APP_DISC_AFTER_RECONN,pdata + store APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + rtn + +app_evt_setup_complete: + fetch 2,mem_ui_state_map + set1 UI_STATE_BT_SETUP_COMPLETE,pdata + store 2,mem_ui_state_map + fetch APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + set1 APP_DISC_AFTER_SETUP_DONE,pdata + store APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + rtn + +app_evt_hid_handshake: + fetch 2,mem_ui_state_map + set1 UI_STATE_BT_HID_HANDSHAKE,pdata + store 2,mem_ui_state_map + rtn + +app_event_enter_sniff: + fetch 2,mem_ui_state_map + set1 UI_STATE_BT_SNIFF,pdata + store 2,mem_ui_state_map + fetch APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + set1 APP_DISC_AFTER_SNIFF,pdata + store APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + rtn + +app_event_exit_sniff: + fetch 2,mem_ui_state_map + set0 UI_STATE_BT_SNIFF,pdata + store 2,mem_ui_state_map + rtn + +app_le_event_bb_connected: + fetch 2,mem_ui_state_map + set1 UI_STATE_BLE_CONNECTED,pdata + store 2,mem_ui_state_map + rtn + +app_le_event_bb_disconn: + fetch 2,mem_ui_state_map + set0 UI_STATE_BLE_CONNECTED,pdata + store 2,mem_ui_state_map + branch app_lpm_mult_disable + +app_bb_event_hid_connected: + fetch 2,mem_ui_state_map + set1 UI_STATE_BT_HID_CONN,pdata + store 2,mem_ui_state_map + rtn + +app_evt_button_long_pressed: + fetch APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + set1 APP_DISC_BY_BUTTON,pdata + store APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + rtn + +app_event_ml2cap_conn_refused: + fetch APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + set1 APP_DISC_L2CAP_REFUSED,pdata + store APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + branch app_bt_disconnect + + +app_evt_timer: + bpatch patch16_5,mem_patch16 + store 1,mem_app_evt_timer_count +app_evt_100ms_loop: + fetch 1,mem_app_evt_timer_count + rtn blank + increase -1,pdata + store 1,mem_app_evt_timer_count + call app_lpm_wake_auto_lock_timer + call app_unsniff_delay_timer + call app_discovery_timer + fetch 2,mem_cb_event_timer + call callback_func + branch app_evt_100ms_loop + + +//regc:timer addr +//regb:timer up call back fuction +timer_single_step: + ifetch 1,regc + rtn blank + pincrease -1 + istore 1,regc + nrtn blank + copy regb,pdata + branch callback_func + +//regc:timer addr +//regb:timer up call back fuction +timer_single_step_2B: + ifetch 2,regc + rtn blank + pincrease -1 + istore 2,regc + nrtn blank + copy regb,pdata + branch callback_func + +app_unsniff_delay_timer: + arg mem_unsniff2sniff_timer_count,regc + arg app_unsniff_delay_timeout,regb + branch timer_single_step + +app_unsniff_delay_timeout: + call context_check_idle + branch app_bt_enter_sniff,zero + rtn + + +app_discovery_timer: + arg mem_discovery_timeout_timer_count,regc + arg app_discovery_timeout,regb + branch timer_single_step_2B + +app_discovery_timeout: + call app_bt_stop_discovery + call app_led_off + fetch 2,mem_cb_discovry_timeout + branch callback_func + + +app_bb_event_reconn_failed: + call app_disconn_reason_flag_clear +app_clear_reconnect_flag: + fetch 2,mem_ui_state_map + set0 UI_STATE_BT_RECONNECT,pdata + store 2,mem_ui_state_map + rtn + +app_bb_event_bb_disconn: + jam 0,mem_unsniff2sniff_timer_count + fetch 2,mem_ui_state_map + bbit1 UI_STATE_BT_RECONNECT,app_bb_event_bb_reconn_disconn + isolate0 UI_STATE_BT_SETUP_COMPLETE,pdata + call app_discard_event,true +app_bb_event_bb_reconn_disconn: + bpatch patch16_6,mem_patch16 + fetch 2,mem_ui_state_map + set0 UI_STATE_BT_CONNECTED,pdata + set0 UI_STATE_BT_SETUP_COMPLETE,pdata + set0 UI_STATE_BT_HID_CONN,pdata + set0 UI_STATE_BT_HID_HANDSHAKE,pdata + set0 UI_STATE_BT_RECONNECT,pdata + store 2,mem_ui_state_map + branch app_lpm_mult_disable + +app_bb_hibernate: + call app_disconn_reason_clear + branch app_enter_hibernate + + +app_disconn_reason_clear: + setarg 0 + store APP_DISC_RSN_SIZE,mem_app_disconn_reason + rtn +app_disconn_reason_flag_clear: + setarg 0 + store APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + rtn + +app_disconn_reason_collect_bt: + fetch APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + store APP_DISC_RSN_SIZE,mem_app_disconn_reason + setarg 0 + store APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + rtn + +app_disconn_reason_collect_ble: + fetch APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + set1 APP_DISC_BLE,pdata + store APP_DISC_RSN_SIZE,mem_app_disconn_reason + setarg 0 + store APP_DISC_RSN_SIZE,mem_app_disconn_reason_flag + rtn + + +//************************************************// +//********APP SHARED FUNCSIONS*******// +//************************************************// + + +app_check_sniff: + fetch 1,mem_ui_state_map + isolate1 UI_STATE_BT_SNIFF,pdata + rtn + +//*****************************************// +//*****************API********************// +//*****************************************// +//app_clearflag_store: +// setarg 0 +// branch app_flag_store + +app_start_auto_sniff: + fetch 1,mem_unsniff2sniff_timer + store 1,mem_unsniff2sniff_timer_count + rtn + +app_get_lpm_wake_lock: + arg wake_lock_app,queue + branch lpm_get_wake_lock + +app_put_lpm_wake_lock: + arg wake_lock_app,queue + branch lpm_put_wake_lock + +app_lpm_wake_auto_lock: + jam LPM_WAKE_UP_DELAY_TIMER,mem_wake_up_delay_timer + branch app_get_lpm_wake_lock + +app_lpm_wake_auto_lock_timer: + arg mem_wake_up_delay_timer,regc + arg app_put_lpm_wake_lock,regb + branch timer_single_step + +app_l2cap_flow_control_enable: + jam L2CAP_FLOW_CTRL_ENABLE,mem_l2cap_flow_ctrl_flag + rtn + +app_l2cap_flow_control_disable: + jam L2CAP_FLOW_CTRL_DISABLE,mem_l2cap_flow_ctrl_flag + rtn + +app_bt_set_pincode: + jam BT_CMD_SET_PIN_CODE,mem_fifo_temp + branch ui_ipc_send_cmd + +app_bt_role_switch: + jam BT_CMD_ROLE_SWITCH,mem_fifo_temp + branch ui_ipc_send_cmd + +app_bt_start_reconnect: + bpatch patch16_7,mem_patch16 + fetch 1,mem_app_connection_options + store 1,mem_connection_options + jam APP_FLAG_RECONNECT,mem_reconnect_flag + jam BT_CMD_RECONNECT,mem_fifo_temp + branch ui_ipc_send_cmd + +app_bt_reconnect_cancel: + jam BT_CMD_BB_RECONN_CANCEL,mem_fifo_temp + branch ui_ipc_send_cmd + +app_bt_disconnect: + jam BT_CMD_DISCONNECT,mem_fifo_temp + branch ui_ipc_send_cmd + +app_bt_start_discovery_short: + fetch 2,mem_discovery_timeout + store 2,mem_discovery_timeout_timer_count +app_bt_start_discovery_led_blink: + call app_led_start_blink +app_bt_start_discovery: + jam BT_CMD_START_DISCOVERY,mem_fifo_temp + branch ui_ipc_send_cmd + +app_bt_stop_discovery: + setarg 0 + store 2,mem_discovery_timeout_timer_count + jam BT_CMD_STOP_DISCOVERY,mem_fifo_temp + branch ui_ipc_send_cmd + +app_ble_start_direct_adv: + jam BT_CMD_START_DIRECT_ADV,mem_fifo_temp + branch ui_ipc_send_cmd + +app_ble_stop_direct_adv: + jam BT_CMD_STOP_DIRECT_ADV,mem_fifo_temp + branch ui_ipc_send_cmd + +app_ble_stop_adv: + jam BT_CMD_STOP_ADV,mem_fifo_temp + branch ui_ipc_send_cmd + +app_ble_start_adv: + jam BT_CMD_START_ADV,mem_fifo_temp + branch ui_ipc_send_cmd + +app_ble_start_scan: + jam BT_CMD_LE_START_SCAN,mem_fifo_temp + branch ui_ipc_send_cmd + +app_ble_stop_scan: + jam BT_CMD_LE_STOP_SCAN,mem_fifo_temp + branch ui_ipc_send_cmd + +app_ble_start_conn: + jam BT_CMD_LE_START_CONN,mem_fifo_temp + branch ui_ipc_send_cmd + +app_ble_disconnect: + jam BT_CMD_LE_DISCONNECT,mem_fifo_temp + branch ui_ipc_send_cmd + +app_led_start_blink: + jam BT_CMD_LED_BLINK,mem_fifo_temp + branch ui_ipc_send_cmd + +app_led_on: + jam BT_CMD_LED_ON,mem_fifo_temp + branch ui_ipc_send_cmd + +app_led_stop_blink: +app_led_off: + jam BT_CMD_LED_OFF,mem_fifo_temp + branch ui_ipc_send_cmd + +app_enter_hibernate: + jam BT_CMD_ENTER_HIBERNATE,mem_fifo_temp + branch ui_ipc_send_cmd + +app_bt_sniff_exit: + jam BT_CMD_EXIT_SNIFF,mem_fifo_temp + branch ui_ipc_send_cmd + +app_bt_enter_sniff: + jam BT_CMD_ENTER_SNIFF,mem_fifo_temp + branch ui_ipc_send_cmd + +app_ble_store_reconn_info: + jam BT_CMD_STORE_RECONN_INFO_LE,mem_fifo_temp + branch ui_ipc_send_cmd + +app_bt_store_reconn_info: + jam BT_CMD_STORE_RECONN_INFO_BT,mem_fifo_temp + branch ui_ipc_send_cmd + +app_store_reconn_info: + jam BT_CMD_STORE_RECONN_INFO,mem_fifo_temp + branch ui_ipc_send_cmd + +app_lpm_mult_enable: + set1 mark_lpm_mult_enable,mark + rtn + +app_lpm_mult_disable: + set0 mark_lpm_mult_enable,mark + rtn + + Index: dukaqi/senrui/program/app_module.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/app_module.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/app_module.prog (working copy) @@ -0,0 +1,1336 @@ + +ifdef COMPILE_MODULE + + + + +module_init: + rtn wake + call le_modified_name + setarg module_process_idle + store 2,mem_cb_idle_process + setarg module_bt_conn_process + store 2,mem_cb_bt_process + setarg module_process_bb_event + store 2,mem_cb_bb_event_process + setarg module_le_conn_process + store 2,mem_cb_le_process + setarg module_lpm_lock + store 2,mem_cb_check_wakelock + setarg module_hci_cmd_transmit_le_notify + store 2,mem_cb_ble_transmit + setarg module_hci_event_receive_spp_data + store 2,mem_cb_receive_spp_data + setarg module_le_receive_data + store 2,mem_cb_att_write + setarg module_bb_event_timer + store 2,mem_cb_event_timer + + call module_spp_clear_last_transmite_clock + bpatch patch17_0,mem_patch17 + call module_lpm_uart_init + call module_gpio_init + call check_module_disabled + branch module_hci_event_enter_standby_mode + + +module_lpm_uart_init: + fetch 2,IPC_M02BT_END_ADDR + store 2,core_sec_readdr + fetch 2,IPC_M02BT_START_ADDR + store 2,core_sec_rsaddr + copy pdata,contru + + fetch 2,IPC_BT2M0_END_ADDR + store 2,core_sec_teaddr + fetch 2,IPC_BT2M0_START_ADDR + store 2,core_sec_tsaddr + copy pdata,contwu + rtn + + + +module_lpm_init: + call module_lpm_uart_init + branch module_spp_clear_last_transmite_clock +// branch module_gpio_init + +module_gpio_init: + rtn +module_lpm_lock: + fetch 1,IPC_HOLD_BT + beq 1,app_get_lpm_wake_lock + fetch 1,mem_le_pairing_state + bne FLAG_LE_PAIRING_NULL,module_lpm_lock_check_pairing + branch app_put_lpm_wake_lock +module_lpm_lock_check_pairing: + beq FLAG_LE_PAIRING_END,app_put_lpm_wake_lock + branch app_get_lpm_wake_lock + +module_le_conn_process: + rtn + +module_bt_conn_process: + call module_spp_enter_sniff + branch module_control_air_flow + +module_spp_enter_sniff: + rtn + fetch 1,mem_ui_state_map + bbit0 UI_STATE_BT_SPP_CONN,module_spp_clear_last_transmite_clock + bpatch patch17_1,mem_patch17 + setarg 0x3eff + fetcht 4,mem_last_transmite_clock + iadd temp,temp + copy clkn_bt,pdata + isub temp,null + nrtn positive + fetch 2,mem_ui_state_map + bbit1 UI_STATE_BT_SNIFF,module_spp_clear_last_transmite_clock + fetch 1,mem_module_flag + rtnbit1 MOUDLE_TASK_SNIFF + call module_set_sniff_task_flag + call app_bt_enter_sniff +module_spp_clear_last_transmite_clock: + copy clkn_bt,pdata + store 4,mem_last_transmite_clock + rtn + + +module_process_idle: + call module_control_air_flow + call l2cap_malloc_is_fifo_full + nrtn blank + branch module_process + + +module_process_bb_event: + copy regc,pdata + beq BT_EVT_BB_CONNECTED,module_process_bb_conn + beq BT_EVT_BB_DISCONNECTED,module_process_bb_event_disconned + beq BT_EVT_RECONN_FAILED,module_process_reconn_fail + beq BT_EVT_SETUP_COMPLETE,module_process_setup_complete + beq BT_EVT_SPP_CONNECTED,module_process_spp_connected + beq BT_EVT_SPP_DISCONNECTED,module_process_spp_disconnected + beq BT_EVT_PINCODE_REQ,module_process_evt_pincode_req + beq BT_EVT_ENTER_SNIFF,module_process_enter_sniff + beq BT_EVT_EXIT_SNIFF,module_process_exit_sniff + beq BT_EVT_RECONN_PAGE_TIMEOUT,module_process_page_time_out + beq BT_EVT_LE_CONNECTED,module_process_le_conn + beq BT_EVT_LE_DISCONNECTED,module_process_bb_even_le_disconn + beq BT_EVT_SNIFF_NOT_ACCEPT,module_process_sniff_not_accept + beq BT_EVT_UNSNIFF_ACCEPT,module_process_unsniff_accept + beq BT_EVT_UNSNIFF_NOT_ACCEPT,module_process_unsniff_not_accept + beq BT_EVT_LE_PAIRING_FAIL,module_hci_event_le_pairing_fail + beq BT_EVT_LE_PAIRING_SUCCESS,module_hci_event_le_pairing_success + beq BT_EVT_LE_START_ENC,module_hci_event_start_enc + beq BT_EVT_LE_PAUSE_ENC,module_hci_event_pause_enc + beq BT_EVT_LE_TK_GENERATE,module_hci_event_le_tk + beq BT_EVT_BT_GKEY_GENERATE,module_hci_event_gkey_generate + beq BT_EVT_BT_GET_PASSKEY,module_hci_event_passkey_entry_mode + beq BT_EVT_BT_PAIRING_FAIL,module_hci_event_bt_pairing_fail + beq BT_EVT_BT_PAIRING_SUCCESS,module_hci_event_bt_pairing_success +ifdef SECURE_CONNECTION + beq BT_EVT_LE_GKEY_GENERATE,module_hci_event_le_gkey +endif + beq BT_EVT_STORE_NVRAM,module_hci_event_store_device + beq BT_EVT_LE_LTK_LOST,module_process_ble_ltk_lost + rtn + + +module_process_bb_event_disconned: + call module_spp_clear_last_transmite_clock + fetch 1,mem_flag_pairing_state + ncall module_hci_event_bt_pairing_fail,blank + call module_disconn_start + fetch 2,mem_ui_state_map + rtnbit0 UI_STATE_BT_SPP_CONN + branch module_spp_disconnected + +module_process_spp_connected: + fetch 2,mem_ui_state_map + set1 UI_STATE_BT_SPP_CONN,pdata + store 2,mem_ui_state_map + fetch 1,mem_module_spp_lpm_mult + store 1,mem_lpm_mult + branch module_hci_event_spp_connect + +module_process_spp_disconnected: +// branch module_spp_disconnected +module_spp_disconnected: + fetch 2,mem_ui_state_map + rtnbit0 UI_STATE_BT_SPP_CONN + set0 UI_STATE_BT_SPP_CONN ,pdata + store 2,mem_ui_state_map + branch module_hci_event_spp_disconnect + + +module_process_enter_sniff: + +module_sniff_param_check: + call module_spp_clear_last_transmite_clock + //fetch 1,mem_context + //rtnbit0 state_insniff + fetch 2,mem_context+coffset_tsniff + rshift pdata,pdata + fetcht 2,mem_sniff_param_interval + isub temp,null + nbranch module_sniff_param_check_unsniff,zero + branch app_lpm_mult_enable +module_sniff_param_check_unsniff: + fetch 1,mem_module_flag + rtnbit1 MOUDLE_TASK_UNSNIFF +// fethc 2,core_uart_rxitems //* + fetch 2,IPC_M02BT_READ_PTR + fetcht 2,IPC_M02BT_WRITE_PTR + isub temp,null + ncall module_set_unsniff_task_flag,zero //*¼ÓƠâÁ½¾ä»° + branch app_bt_sniff_exit + +module_process_exit_sniff: + call module_clear_sniff_task_flag + branch app_lpm_mult_disable + +module_process_setup_complete: + call module_spp_clear_last_transmite_clock + branch module_conn_start + +module_process_bb_even_le_disconn: + call le_clr_config_more_data + call module_disconn_start + branch module_hci_event_le_disconnect + +module_process_evt_pincode_req: + branch app_bt_set_pincode + + +module_process_sniff_not_accept: + branch module_clear_sniff_task_flag + + +module_process_unsniff_accept: + fetch 1,mem_module_flag + bbit0 MOUDLE_TASK_UNSNIFF,app_bt_enter_sniff + branch module_clear_unsniff_task_flag + + +module_process_unsniff_not_accept: + branch module_clear_unsniff_task_flag + + +module_process_le_conn: +// call le_send_att_exchange_mtu_requset + call module_conn_start + fetch 1,mem_module_le_lpm_mult + store 1,mem_lpm_mult + branch module_hci_event_le_connect + + +module_process_bb_conn: + jam 0,mem_flag_mode_ssp_pin + call module_clear_sniff_task_flag + branch module_clear_unsniff_task_flag + +module_process_page_time_out: +module_process_reconn_fail: +module_disconn_start: + branch module_start_adv_discovery_by_command + + +module_process_ble_ltk_lost: + call le_send_reject_ind + branch le_send_smp_security_request + + +module_conn_start: + branch module_stop_adv_discovery + +module_stop_adv_discovery: + fetch 1,mem_module_state + isolate1 MOUDLE_STATE_BT_BIT,pdata + call app_bt_stop_discovery,true + fetch 1,mem_module_state + isolate1 MOUDLE_STATE_BLE_BIT,pdata + call app_ble_stop_adv,true + rtn + +module_process_with_credit: + fetch 1,mem_credit_flag + rtneq CREDIT_DISABLE + branch rfcomm_send_uih_without_payload + +module_process: + fetch 2,IPC_M02BT_READ_PTR + fetcht 2,IPC_M02BT_WRITE_PTR + isub temp,null + branch module_process_with_credit,zero + call uartd_prepare_rx + ifetch 1,contru + bne 0x01,module_hci_in_excp + ifetch 1,contru + store 1,mem_module_uart_opcode + ifetcht 1,contru + copy contru,rega + storet 1,mem_module_uart_len + jam HCI_DISCARD_PACKET,mem_module_temp_nl_discard_packet + call module_hci_cmd_control + fetch 1,mem_module_temp_nl_discard_packet + rtneq HCI_NOT_DISCARD_PACKET + branch module_hci_dicard_packet //discard this packet + +module_hci_in_excp: + call delay_10ms + call module_hci_event_invalid_packet + branch module_hci_release_except + + +module_hci_release_except: + bpatch patch17_2,mem_patch17 + fetch 2,IPC_M02BT_WRITE_PTR + store 2,IPC_M02BT_READ_PTR + rtn + + +module_hci_dicard_packet: + call uartd_prepare_rx + increase 2,contru + ifetch 1,contru + iadd contru,contru +module_hci_dicard_bytes: + branch uartd_rxdone + +/*********************HCI CONTROL*********************/ +module_hci_cmd_control: + bpatch patch17_3,mem_patch17 + fetch 1,mem_module_uart_opcode + beq HCI_CMD_SET_BT_ADDR_REQ,module_hci_cmd_set_bt_addr + beq HCI_CMD_SET_LE_ADDR_REQ,module_hci_cmd_set_le_addr + beq HCI_CMD_SET_VISIBILITY_REQ,module_hci_cmd_set_visibility + beq HCI_CMD_SET_BT_NAME_REQ,module_hci_cmd_set_bt_name + beq HCI_CMD_SET_LE_NAME_REQ,module_hci_cmd_set_le_name + beq HCI_CMD_SPP_DATA_REQ,module_hci_cmd_receive_spp_data + beq HCI_CMD_LE_DATA_REQ,module_hci_cmd_receive_le_data + beq HCI_CMD_STATUS_IRQ,module_hci_cmd_inquire_status + beq HCI_CMD_SET_PAIRING_REQ,module_hci_cmd_set_pairing_mode + beq HCI_CMD_SET_PINCODE_REQ,module_hci_cmd_set_pincode + beq HCI_CMD_VERSION_REQ,module_hci_cmd_version_request + beq HCI_CMD_BT_DISCONNECT,module_hci_cmd_bt_disconnect + beq HCI_CMD_BLE_DISCONNECT,module_hci_cmd_ble_disconnect + beq HCI_CMD_SET_NVRAM_REQ,module_hci_cmd_set_nvram + beq HCI_CMD_CONFIRM_GKEY,module_hci_cmd_confirm_gkey + beq HCI_CMD_SET_CREDIT_GIVEN,module_hci_cmd_set_credit_given + beq HCI_CMD_AUTO_ADV_SCAN,module_hci_cmd_auto_adv + beq HCI_CMD_PASSKEY_ENTRY,module_hci_cmd_passkey_entry + beq HCI_CMD_LE_SET_PAIRING,module_hci_cmd_le_set_pairing_mode + beq HCI_CMD_LE_SET_ADV_DATA,module_hci_cmd_le_set_adv_data + beq HCI_CMD_LE_SET_SCAN_DATA,module_hci_cmd_le_set_scan_data + beq HCI_CMD_LE_SEND_CONN_UPDATE_REQ,module_hci_cmd_le_send_conn_update_req + beq HCI_CMD_LE_SET_ADV_PARM,module_hci_cmd_set_le_adv_parameter + beq HCI_CMD_LE_START_PAIRING,module_hci_cmd_le_start_pairing + beq HCI_CMD_SET_TX_POWER,module_hci_cmd_set_tx_power + beq HCI_CMD_LE_CONFIRM_GKEY,module_hci_cmd_le_confirm_gkey + beq HCI_CMD_REJECT_JUSTWORK,module_hci_cmd_set_reject_justwork_flag + beq HCI_CMD_RESET_CHIP_REQ,module_hci_cmd_reset_chip + beq HCI_CMD_LE_SET_FIXED_PASSKEY,module_hci_cmd_le_set_fixed_passkey + beq HCI_TEST_CMD_CLOSE_LPM,module_hci_test_cmde_close_lpm + beq HCI_TEST_CMD_REBACK,module_hci_test_cmd_reback + branch module_hci_event_receive_invalid_cmd + +/*********************HCI COMMAND*********************/ + +//command opcode 0x00 +module_hci_cmd_set_bt_addr: + fetch 1,mem_module_uart_len + bne 6,module_hci_event_receive_invalid_cmd + ifetch 6,contru + store 6,mem_lap + branch module_hci_event_receive_valid_cmd + +//command opcode 0x01 +module_hci_cmd_set_le_addr: + fetch 1,mem_module_uart_len + bne 6,module_hci_event_receive_invalid_cmd + ifetch 6,contru + store 6,mem_le_lap + branch module_hci_event_receive_valid_cmd + + +//command opcode 0x02 +module_hci_cmd_set_visibility: + fetch 1,mem_module_uart_len + bne 1,module_hci_event_receive_invalid_cmd + copy rega,contru + call module_hci_event_receive_valid_cmd + ifetcht 1,contru + storet 1,mem_module_bluetooth_stauts_by_command + fetch 2,mem_ui_state_map + rtnbit1 UI_STATE_BLE_CONNECTED + rtnbit1 UI_STATE_BT_CONNECTED +module_start_adv_discovery_by_command: + fetch 1,mem_module_state + isolate1 MOUDLE_STATE_BT_BIT,pdata + nbranch moudle_start_adv_by_command,true + fetcht 1,mem_module_bluetooth_stauts_by_command + and temp,0x03,pdata + store 1,mem_scan_mode +moudle_start_adv_by_command: + fetch 1,mem_module_state + isolate1 MOUDLE_STATE_BLE_BIT,pdata + nrtn true + fetcht 1,mem_module_bluetooth_stauts_by_command + isolate1 2,temp + branch app_ble_start_adv,true + branch app_ble_stop_adv + + +//command opcode 0x03 +module_hci_cmd_set_bt_name: + fetch 1,mem_module_uart_len + sub pdata,67,null + nbranch module_hci_event_receive_invalid_cmd,positive + store 1,mem_local_name_length + arg 8,loopcnt + call memset0 + fetch 1,mem_module_uart_len + copy pdata,loopcnt + copy rega,contru + arg mem_local_name,contw + call uart_copy_rx_bytes_fast + branch module_hci_event_receive_valid_cmd + + +//command opcode 0x04 +module_hci_cmd_set_le_name: + fetch 1,mem_module_uart_len + sub pdata,29,null + nbranch module_hci_event_receive_invalid_cmd,positive + store 1,mem_le_name_len + copy pdata,loopcnt + copy rega,contru + arg mem_le_name,contw + call uart_copy_rx_bytes_fast + call le_modified_name + branch module_hci_event_receive_valid_cmd + + +//command opcode 0x05 +module_hci_cmd_receive_spp_data: + fetch 1,mem_ui_state_map + bbit0 UI_STATE_BT_SPP_CONN,module_hci_event_receive_invalid_cmd + call app_check_sniff + branch module_hci_cmd_spp_exit_sniff,true + jam HCI_NOT_DISCARD_PACKET,mem_module_temp_nl_discard_packet +// call p_nl_clear_last_transmite_clock + call module_spp_clear_last_transmite_clock + fetch 1,mem_remote_credits + rtn blank + fetch 2,mem_nl_rx_len_all + bne 0,module_hci_cmd_pass_init_ng_rx_len_all + fetch 1,mem_module_uart_len + store 2,mem_nl_rx_len_all + + copy rega,contru +// ifetch 2,contru +// store 2,mem_nl_rx_handle + copy contru,pdata + store 2,mem_nl_rx_data_src +module_hci_cmd_pass_init_ng_rx_len_all: + call module_hci_cmd_get_current_packet_len_and_remain_len + branch spp_tx_rfcomm_packet + +module_hci_cmd_spp_exit_sniff: + jam HCI_NOT_DISCARD_PACKET,mem_module_temp_nl_discard_packet + branch module_exit_sniff + +module_hci_cmd_get_current_packet_len_and_remain_len: + call module_hci_cmd_get_current_patcket_len + fetch 2,mem_nl_rx_len_all + fetcht 2,mem_current_packet_length + isub temp,pdata + store 2,mem_nl_rx_len_all + rtn + +module_hci_cmd_get_current_patcket_len: + fetch 2,mem_nl_rx_len_all + arg NL_RFCOMM_BUFF_LEN,temp + call not_greater_than + fetcht 2,mem_rfcomm_max_frame_size + call not_greater_than + fetcht 2,mem_pn_max_frame_size + call not_greater_than + store 2,mem_current_packet_length + rtn + +module_hci_command_tx_spp_tx_complete: + jam HCI_DISCARD_PACKET,mem_module_temp_nl_discard_packet + jam HCI_CMD_SPP_DATA_REQ,mem_module_uart_opcode + branch module_hci_event_receive_valid_cmd + + +//command opcode 0x09 +module_hci_cmd_receive_le_data: + fetch 2,mem_ui_state_map + bbit0 UI_STATE_BLE_CONNECTED,module_hci_event_receive_invalid_cmd + call module_check_ble_encrypt_state + branch module_hci_event_receive_invalid_cmd,user + jam HCI_NOT_DISCARD_PACKET,mem_module_temp_nl_discard_packet + fetch 1,mem_module_flag + bbit1 MODULE_FLAG_BLE_DATA_FINISH,module_hci_cmd_receive_le_data_finish + fetch 1,mem_module_hci_notify_len + nrtn blank + jam HCI_DISCARD_PACKET,mem_module_temp_nl_discard_packet + ifetch 2,contru //handle + store 2,mem_module_hci_notify_handle + copy contru,pdata + store 2,mem_module_hci_nofiy_addr + fetch 1,mem_module_uart_len + pincrease -2 + nbranch module_hci_event_receive_invalid_cmd,positive + branch module_hci_event_receive_invalid_cmd,zero + store 1,mem_module_hci_notify_len + jam HCI_NOT_DISCARD_PACKET,mem_module_temp_nl_discard_packet + call le_set_config_more_data + call module_hci_cmd_transmit_le_notify + call module_hci_cmd_transmit_le_notify + call module_hci_cmd_transmit_le_notify + fetch 1,mem_module_flag + rtnbit0 MODULE_FLAG_BLE_DATA_FINISH +module_hci_cmd_receive_le_data_finish: + jam HCI_DISCARD_PACKET,mem_module_temp_nl_discard_packet + call module_clear_le_tx_data_flag + branch module_hci_event_receive_valid_cmd + +module_hci_cmd_transmit_le_notify: + fetch 1,mem_module_hci_notify_len + rtn blank + call le_fifo_check_nearly_full + nrtn blank //no fifo + call module_get_le_remote_mtu + bpatch patch17_4,mem_patch17 + add temp,-3,pdata //sub handle and opcode + fetcht 1,mem_module_hci_notify_len + call not_greater_than + copy pdata,rega + copy temp,pdata + isub rega,pdata + store 1,mem_module_hci_notify_len + fetcht 2,mem_module_hci_notify_handle + call le_att_malloc_tx_notify + fetch 2,mem_module_hci_nofiy_addr + copy pdata,contru + copy rega,loopcnt + call uart_copy_rx_bytes_fast + copy contru,pdata + store 2,mem_module_hci_nofiy_addr + fetch 1,mem_module_hci_notify_len + nrtn blank + branch module_set_le_tx_data_flag + + +//output: temp is master mtu +module_get_le_remote_mtu: + arg 0x17,temp + fetch 1,mem_module_flag + rtnbit1 MODULE_FLAG_BLE_SEND_MTU23 + fetcht 2,mem_le_remote_mtu + rtn + +module_check_ble_encrypt_state: + fetch 1,mem_module_flag + bbit1 MODULE_FLAG_BLE_DATA_ENCRYPT,le_check_encrypt_state + branch disable_user + + +//command opcode 0x0b +module_hci_cmd_inquire_status: + branch module_hci_event_status_res + + +//command opcode 0x0c +module_hci_cmd_set_pairing_mode: + copy rega,contru + ifetch 1,contru + beq PAIRING_PINCODE,module_hci_pairing_pincode_mode + beq PAIRING_JUSTWORK,module_hci_pairing_just_work_mode + beq PAIRING_PASSKEY,module_hci_pairing_passkey + beq PAIRING_CONFIRM,module_hci_pairing_numeric_comparison + branch module_hci_event_receive_invalid_cmd +module_hci_pairing_pincode_mode: + call ssp_disable + jam 0,mem_ssp_enable + branch module_hci_event_receive_valid_cmd +module_hci_pairing_just_work_mode: + setarg SSP_MODE_JUST_WORK_IO_CAP_DATA +module_hci_sspairing_mode: + store 3,mem_sp_iocap_local + store 1,mem_ssp_mode_flag + call ssp_enable + jam 1,mem_ssp_enable + branch module_hci_event_receive_valid_cmd +module_hci_pairing_passkey: + setarg SSP_MODE_PASSKEY_IO_CAP_DATA + branch module_hci_sspairing_mode + +module_hci_pairing_numeric_comparison: + setarg SSP_MODE_SSP_PIN_IO_CAP_DATA + branch module_hci_sspairing_mode + +//command opcode 0x0d +module_hci_cmd_set_pincode: + fetch 1,mem_module_uart_len + sub pdata,16,null + nbranch module_hci_event_receive_invalid_cmd,positive + store 1,mem_pin_length + copy pdata,loopcnt + arg mem_pin,contw + call uart_copy_rx_bytes + branch module_hci_event_receive_valid_cmd + + + + + +//command opcode 0x10 +module_hci_cmd_version_request: + arg 2,rega + arg mem_soft_version_num,regb + arg 0,temp + branch module_hci_event_set_cmd +module_hci_event_set_cmd_send_response: + store 2,mem_event_cmd_response_content + arg mem_event_cmd_response_content,regb + arg 0,temp + branch module_hci_event_set_cmd + + +//command opcode 0x11 +module_hci_cmd_bt_disconnect: + fetch 2,mem_ui_state_map + bbit0 UI_STATE_BT_CONNECTED,module_hci_event_receive_invalid_cmd +module_hci_cmd_bt_disconnect_doing: + call module_hci_event_receive_valid_cmd + branch app_bt_disconnect + + +//command opcode 0x12 +module_hci_cmd_ble_disconnect: + fetch 2,mem_ui_state_map + bbit0 UI_STATE_BLE_CONNECTED,module_hci_event_receive_invalid_cmd +module_hci_cmd_ble_disconnect_doing: + call module_hci_event_receive_valid_cmd + branch app_ble_disconnect + + + + +//command opcode 0x26 +module_hci_cmd_set_nvram: + fetch 1,mem_module_uart_len + copy pdata,loopcnt + copy rega,contru + fetch 2,mem_nv_data_ptr + icopy contw + call uart_copy_rx_bytes_fast + branch module_hci_event_receive_valid_cmd + + +//command opcode 0x28 +module_hci_cmd_confirm_gkey: + fetch 1,mem_ui_state_map + bbit0 UI_STATE_BT_CONNECTED,module_hci_event_receive_invalid_cmd + ifetch 1,contru + fetcht 1,mem_flag_mode_ssp_pin + setflag blank,FLAG_MODE_SSP_PIN_COMPARISON_RESULT_BIT,temp + set1 FLAG_MODE_SSP_PIN_REVICEVE_COMPARISON_BIT ,temp + storet 1,mem_flag_mode_ssp_pin + + call module_hci_event_receive_valid_cmd + + fetch 1,mem_flag_mode_ssp_pin + bbit1 FLAG_MODE_SSP_PIN_RECIEVE_DHKEY_BIT,module_hci_cmd_spp_number_comparison_result_is1 + rtn + +dhkey_not_accept: + jam 0,mem_flag_mode_ssp_pin + jam BT_CMD_DHKEY_NOT_ACCEPT,mem_fifo_temp + branch ui_ipc_send_cmd + + +module_hci_cmd_spp_number_comparison_result_is1: + bbit1 FLAG_MODE_SSP_PIN_COMPARISON_RESULT_BIT,number_comparison_successed + branch dhkey_not_accept + + +//command opcode 0x29 +module_hci_cmd_set_credit_given: + fetch 1,mem_ui_state_map + rtnbit0 UI_STATE_BT_SPP_CONN + fetch 1,mem_credit_flag + rtneq CREDIT_DISABLE + ifetch 1,contru + fetcht 1,mem_credit_given + iadd temp,temp + storet 1,mem_credit_given + rtn + + +//command opcode 0x2a +module_hci_cmd_auto_adv: + arg 0x40,loopcnt + arg mem_le_adv_data_len,contw + call clear_mem + setarg 0 + store 1,mem_regb + copy rega,contru +module_hci_cmd_auto_adv_loop: + copy contru,pdata + store 2,mem_regc + call module_hci_cmd_auto_adv_adv_analys + + fetch 1,mem_regb + fetcht 1,mem_temp + increase 1,temp + iadd temp,pdata + store 1,mem_regb + + sub pdata,31,null + nbranch module_hci_cmd_auto_adv_store_scan,positive +module_hci_cmd_auto_adv_store_adv: + fetcht 1,mem_le_adv_data_len + setarg mem_le_adv_data + iadd temp,pdata + store 2,mem_contw + fetcht 1,mem_temp + increase 1,temp + fetch 1,mem_le_adv_data_len + iadd temp,pdata + store 1,mem_le_adv_data_len + branch module_hci_cmd_auto_adv_store_common +module_hci_cmd_auto_adv_store_scan: + fetcht 1,mem_le_scan_data_len + setarg mem_le_scan_data + iadd temp,pdata + store 2,mem_contw + fetcht 1,mem_temp + increase 1,temp + fetch 1,mem_le_scan_data_len + iadd temp,pdata + store 1,mem_le_scan_data_len +module_hci_cmd_auto_adv_store_common: + fetch 2,mem_contw + copy pdata,contw + fetch 2,mem_regc + copy pdata,contru + + copy temp,loopcnt + call uart_copy_rx_bytes_fast + + fetch 1,mem_module_uart_len + fetcht 1,mem_regb + isub temp,null + nbranch module_hci_cmd_auto_adv_loop,zero + branch module_hci_event_receive_valid_cmd + +//block of adv len in mem_temp +module_hci_cmd_auto_adv_adv_analys: + ifetch 1,contru + store 1,mem_temp + ifetch 1,contru + store 1,mem_rega + rtn + + + +//command opcode 0x30 +module_hci_cmd_passkey_entry: + ifetch 4,contru + store 4,mem_pin + jam 4,mem_pin_length + jam 0,mem_authentication_passkey_times + call module_hci_event_receive_valid_cmd + branch authentication_passkey + + + +//command opcode 0x33 +module_hci_cmd_le_set_pairing_mode: + copy rega,contru + ifetch 1,contru + copy pdata,temp +ifdef SECURE_CONNECTION + beq LE_PAIRING_MODE_SECURE_CONNECT_JUSTWORK,module_le_set_pairing_mode_secure_justwork + beq LE_PAIRING_MODE_SECURE_CONNECT_NUMERIC,module_le_set_pairing_mode_secure_numeric + beq LE_PAIRING_MODE_SECURE_CONNECT_PASSKEY,module_le_set_pairing_mode_secure_passkey +endif + store 1,mem_le_pairing_mode + beq LE_PAIRING_MODE_NONE, module_le_set_no_pairing + beq LE_PAIRING_MODE_LAGACY_JUSTWORK,module_le_set_pairing_mode_lagacy_just_work + beq LE_PAIRING_MODE_LAGACY_PASSKEY,module_le_set_pairing_mode_lagacy_passkey + branch module_hci_event_receive_invalid_cmd + +ifdef SECURE_CONNECTION +module_le_set_pairing_mode_secure_justwork: + fetch 1,mem_le_secure_connect_enable + branch module_hci_event_receive_invalid_cmd,blank + storet 1,mem_le_pairing_mode + jam FLAG_LE_BONDING_MITM_SECURE,mem_le_pres_auth + branch module_le_set_noinputnooutput +module_le_set_pairing_mode_secure_numeric: + fetch 1,mem_le_secure_connect_enable + branch module_hci_event_receive_invalid_cmd,blank + storet 1,mem_le_pairing_mode + jam FLAG_LE_BONDING_MITM_SECURE,mem_le_pres_auth + jam FLAG_IOCAP_DISPLAYYESNO,mem_le_pres_iocap + branch module_hci_event_receive_valid_cmd +module_le_set_pairing_mode_secure_passkey: + fetch 1,mem_le_secure_connect_enable + branch module_hci_event_receive_invalid_cmd,blank + storet 1,mem_le_pairing_mode + jam FLAG_LE_BONDING_MITM_SECURE,mem_le_pres_auth + branch module_le_set_displayonly +endif +module_le_set_no_pairing: + jam FLAG_LE_NO_BONDING_NO_MITM,mem_le_pres_auth +module_le_set_noinputnooutput: + jam FLAG_IOCAP_NOINPUTNOOUTPUT,mem_le_pres_iocap + branch module_hci_event_receive_valid_cmd +module_le_set_pairing_mode_lagacy_just_work: + jam FLAG_LE_BONDING_MITM,mem_le_pres_auth + branch module_le_set_noinputnooutput +module_le_set_pairing_mode_lagacy_passkey: + jam FLAG_LE_BONDING_MITM,mem_le_pres_auth +module_le_set_displayonly: + jam FLAG_IOCAP_DISPLAYONLY,mem_le_pres_iocap + branch module_hci_event_receive_valid_cmd + + +//command opcode 0x34 +module_hci_cmd_le_set_adv_data: + fetch 1,mem_module_uart_len + sub pdata,31,null + nbranch module_hci_event_receive_invalid_cmd,positive + store 1,mem_le_adv_data_len + copy pdata,loopcnt + copy rega,contru + arg mem_le_adv_data,contw + call uart_copy_rx_bytes_fast + branch module_hci_event_receive_valid_cmd + + +//command opcode 0x35 +module_hci_cmd_le_set_scan_data: + fetch 1,mem_module_uart_len + sub pdata,31,null + nbranch module_hci_event_receive_invalid_cmd,positive + store 1,mem_le_scan_data_len + copy pdata,loopcnt + copy rega,contru + arg mem_le_scan_data,contw + call uart_copy_rx_bytes_fast + branch module_hci_event_receive_valid_cmd + + +//command opcode 0x36 +module_hci_cmd_le_send_conn_update_req: + fetch 2,mem_ui_state_map + bbit0 UI_STATE_BLE_CONNECTED,module_hci_event_receive_invalid_cmd + fetch 1,mem_module_uart_len + bne 0x08,module_hci_event_receive_invalid_cmd + copy rega,contru + ifetch 8,contru + store 8,mem_le_interval_min + jam BT_CMD_LE_UPDATE_CONN,mem_fifo_temp + call ui_ipc_send_cmd + branch module_hci_event_receive_valid_cmd + + +//command opcode 0x37 +module_hci_cmd_set_le_adv_parameter: + ifetch 2,contru + store 2,mem_le_adv_interval + branch module_hci_event_receive_valid_cmd + + +//command opcode 0x38 +module_hci_cmd_le_start_pairing: + fetch 1,mem_le_pairing_mode + branch module_hci_event_receive_invalid_cmd,blank + fetch 1,mem_le_pairing_state + bne FLAG_LE_PAIRING_NULL,module_hci_event_receive_invalid_cmd + fetch 1,mem_le_enc_state + bne FLAG_LE_ENC_NULL,module_hci_event_receive_invalid_cmd + call check_51cmd_le_smp_sec_req + branch module_hci_event_receive_valid_cmd + + + +//command opcode 0x42 +module_hci_cmd_set_tx_power: + fetch 1,mem_module_uart_len + bne 0x01,module_hci_event_receive_invalid_cmd + ifetch 1,contru + store 1,mem_tx_power + branch module_hci_event_receive_valid_cmd + + +//command opcode 0x48 +module_hci_cmd_le_confirm_gkey: + ifetch 1,contru + beq 0x01,module_hci_cmd_le_confirm_gkey_fail + fetch 1,mem_le_secure_connect_state + beq LE_SC_STAT_SEND_PUBLIC_KEY,module_hci_cmd_le_confirm_gkey_ok + beq LE_SC_STAT_RECEIVE_DHKEY,module_hci_cmd_le_confirm_gkey_ok + beq LE_SC_STAT_WAIT_CONFIRM_GKEY,module_hci_cmd_le_confirm_gkey_ok + branch module_hci_event_receive_invalid_cmd +module_hci_cmd_le_confirm_gkey_ok: + jam FLAG_LE_SC_CONFRIM_GKEY_OK,mem_le_sc_confirm_gkey_flag + branch module_hci_event_receive_valid_cmd + +module_hci_cmd_le_confirm_gkey_fail: + call le_send_pairing_confirm_value_failed + branch module_hci_event_receive_valid_cmd + + +//command opcode 0x49 +module_hci_cmd_set_reject_justwork_flag: + fetch 1,mem_module_uart_len + bne 0x01,module_hci_event_receive_invalid_cmd + call module_hci_event_receive_valid_cmd + ifetch 1,contru + branch classic_bt_clr_reject_justwork_flag,blank + branch classic_bt_set_reject_justwork_flag + + +//command opcode 0x51 +module_hci_cmd_reset_chip: + call module_hci_event_receive_valid_cmd +// call wait_uarttx + hjam 0x01,core_reset // rest YC1021 + branch loop + + +//command opcode 0x61 +module_hci_cmd_le_set_fixed_passkey: + fetch 1,mem_module_uart_len + beq 0,module_hci_event_receive_invalid_cmd + ifetch 1,contru + branch module_hci_cmd_le_set_random_passkey,blank + fetch 1,mem_module_uart_len + bne 5,module_hci_event_receive_invalid_cmd + ifetch 4,contru + arg 1000000,temp + isub temp,null + branch module_hci_event_receive_invalid_cmd,positive + store 4,mem_le_tk + call le_set_config_fixed_tk + branch module_hci_event_receive_valid_cmd + +module_hci_cmd_le_set_random_passkey: + call le_clr_config_fixed_tk + branch module_hci_event_receive_valid_cmd + + +//command opcode 0xff +module_hci_test_cmde_close_lpm: + ifetch 1,contru + store 1,mem_lpm_mode + branch module_hci_event_receive_valid_cmd + +//command opcode 0xee +module_hci_test_cmd_reback: + fetch 1,mem_module_uart_len + call module_hci_prepare_tx + fetch 1,mem_module_uart_len + copy pdata,loopcnt + copy rega,contru + call copy_tx_bytes + branch uartd_send + +copy_tx_bytes: + deposit loopcnt + rtn blank +copy_tx_bytes_loop: + ifetch 1,contru + istore 1,contwu + loop copy_tx_bytes_loop + rtn + +/*********************HCI EVENT*********************/ + +module_hci_event_receive_invalid_cmd: + arg 1,temp + arg 0,rega + branch module_hci_event_set_cmd + + +module_hci_event_receive_valid_cmd: + arg 0,temp + arg 0,rega + branch module_hci_event_set_cmd + + +//event opcode 0x00 +module_hci_event_spp_connect: + jam HCI_EVENT_SPP_CONN_REP,mem_module_uart_opcode + branch module_hci_event_enter_standby_mode_len0 + + +//event opcode 0x02 +module_hci_event_le_connect: + jam HCI_EVENT_LE_CONN_REP,mem_module_uart_opcode + branch module_hci_event_enter_standby_mode_len0 + + +//event opcode 0x03 +module_hci_event_spp_disconnect: + jam HCI_EVENT_SPP_DIS_REP,mem_module_uart_opcode + branch module_hci_event_enter_standby_mode_len0 + + +//event opcode 0x05 +module_hci_event_le_disconnect: + jam HCI_EVENT_LE_DIS_REP,mem_module_uart_opcode + branch module_hci_event_enter_standby_mode_len0 + + +//event opcode 0x06 +//input: +// temp: success 0; fail 1 +// rega:Response Content length +// regb:Response Content address +module_hci_event_set_cmd: + fetch 1,mem_module_uart_opcode + copy pdata,regc + jam HCI_EVENT_CMD_RES,mem_module_uart_opcode + setarg 2 + iadd rega,pdata + call module_hci_prepare_tx + copy regc,pdata + istore 1,contwu + istoret 1,contwu + copy rega,loopcnt + copy regb,contr + call uart_copy_tx_bytes + branch uartd_send + + +//event opcode 0x07 +module_hci_event_receive_spp_data: +// call p_nl_clear_last_transmite_clock + call module_spp_clear_last_transmite_clock + jam HCI_EVENT_SPP_DATA_REP,mem_module_uart_opcode + fetch 1,mem_current_length + rtn blank + call module_hci_prepare_tx + fetch 1,mem_current_length + copy pdata,loopcnt + fetch 2,mem_rfcomm_uih_payload_ptr + copy pdata,contr + call uart_copy_tx_bytes_fast + branch uartd_send + + +//event opcode 0x08 +module_hci_event_receive_le_data: + jam HCI_EVENT_LE_DATA_REP,mem_module_uart_opcode + fetch 1,mem_module_le_rx_data_len + icopy loopcnt + increase 2,pdata + call module_hci_prepare_tx + fetch 2,mem_module_le_rx_data_handle // Attribute handle + istore 2,contwu + fetch 2,mem_module_le_rx_data_address + icopy contr + call uart_copy_tx_bytes_fast + branch uartd_send + + +//event opcode 0x09 +module_hci_event_enter_standby_mode: + jam HCI_EVENT_STANDBY_REP,mem_module_uart_opcode +module_hci_event_enter_standby_mode_len0: + setarg 0 + call module_hci_prepare_tx + branch uartd_send + + +//event opcode 0x0a +module_hci_event_status_res: + jam HCI_EVENT_STATUS_RES,mem_module_uart_opcode + setarg 1 + call module_hci_prepare_tx + + call module_hci_read_bt_status + + fetch 2,mem_ui_state_map + arg UI_STATE_BT_HID_CONN,queue + qisolate1 pdata + setflag true,3,temp + + arg UI_STATE_BLE_CONNECTED,queue + qisolate1 pdata + setflag true,5,temp + + fetch 1,mem_ui_state_map + arg UI_STATE_BT_SPP_CONN,queue + qisolate1 pdata + setflag true,4,temp + + istoret 1,contwu + branch uartd_send + +// temp: bit0 3.0 inquiry;bit1 3.0 scan;bit2 ble adv; + +module_hci_read_bt_status: + arg 0,temp + fetch 1,mem_scan_mode + arg inq_scan_mode,queue + qisolate1 pdata + setflag true,0,temp + arg page_scan_mode,queue + qisolate1 pdata + setflag true,1,temp + + fetch 1,mem_le_adv_enable + arg 0,queue + qisolate1 pdata + setflag true,2,temp + rtn + + +//event opcode 0x0d +module_hci_event_store_device: + jam HCI_EVENT_NVRAM_REP,mem_module_uart_opcode + fetch 1,mem_nv_data_number + mul32 pdata,34,pdata + icopy loopcnt + call module_hci_prepare_tx + fetch 2,mem_nv_data_ptr + icopy contr + call uart_copy_tx_bytes_fast + branch uartd_send + + +//event opcode 0x0e +module_hci_event_gkey_generate: + jam HCI_EVENT_GKEY,mem_module_uart_opcode + setarg 4 + call module_hci_prepare_tx + fetch 4,mem_gkey + istore 4,contwu + branch uartd_send + + +//event opcode 0x0f +module_hci_event_invalid_packet: + jam HCI_EVENT_INVALID_PACKET,mem_module_uart_opcode + branch module_hci_event_enter_standby_mode_len0 + + +//event opcode 0x10 +module_hci_event_passkey_entry_mode: + jam HCI_EVENT_GET_PASSKEY,mem_module_uart_opcode + branch module_hci_event_enter_standby_mode_len0 + + +//event opcode 0x11 +module_hci_event_le_tk: + jam HCI_EVENT_LE_TK,mem_module_uart_opcode + setarg 4 + call module_hci_prepare_tx + fetch 4,mem_le_tk + istore 4,contwu + branch uartd_send + + +//event opcode 0x14 +module_hci_event_le_pairing_fail: + arg FLAG_BLE_PAIRING_FAIL,rega + branch module_hci_event_pairing_completed + +module_hci_event_le_pairing_success: + arg FLAG_BLE_PAIRING_SUCCESS,rega + branch module_hci_event_pairing_completed + +module_hci_event_bt_pairing_fail: + arg FLAG_BT_PAIRING_FAIL,rega + branch module_hci_event_pairing_completed + +module_hci_event_bt_pairing_success: + arg FLAG_BT_PAIRING_SUCCESS,rega + +module_hci_event_pairing_completed: + jam 0,mem_flag_mode_ssp_pin + jam HCI_EVENT_LE_PAIRING_STATE,mem_module_uart_opcode + setarg 2 + call module_hci_prepare_tx + copy rega,pdata + istore 2,contwu + branch uartd_send + + +//event opcode 0x15 +module_hci_event_pause_enc: + arg FLAG_EVENT_PAUSE_ENC,regc + branch module_hci_event_enc + +module_hci_event_start_enc: + arg FLAG_EVENT_START_ENC,regc + +module_hci_event_enc: + jam HCI_EVENT_LE_ENCRYPTION_STATE,mem_module_uart_opcode + setarg 1 + call module_hci_prepare_tx + copy regc,pdata + istore 1,contwu + branch uartd_send + + +//event opcode 0x1d +module_hci_event_le_gkey: + jam HCI_EVENT_LE_GKEY,mem_module_uart_opcode + setarg 4 + call module_hci_prepare_tx + fetch 4,mem_gkey + istore 4,contwu + branch uartd_send + + +//****************************************************************// + //module_hci_prepare_tx + //function:write hci packet header + //input: pdata-----packet length (1byte) + //input: mem_uart_opcode------opcode (1byte) + //output:contwu --- pointer to packet payload + //use reg: contwu,pdata +//****************************************************************// +module_hci_prepare_tx: + jam 0x02,mem_module_uart_cmd + store 1,mem_module_uart_len + storet 8,mem_temp + bpatch patch17_5,mem_patch17 + fetcht 8,mem_temp + call uartd_prepare_tx + fetch 3,mem_module_uart_cmd + istore 3,contwu + rtn + + + + +/*********************hci command end*********************/ + +/*********************hci ble receive data start*********************/ + +//rega is le rx data address +//regb is le rx data length +//mem_le_att_handle is write handle +module_le_receive_data: + call module_check_ble_encrypt_state + rtn user + copy rega,pdata + store 2,mem_module_le_rx_data_address + copy regb,pdata + store 1,mem_module_le_rx_data_len + fetch 2,mem_le_att_handle + fetcht 2,mem_module_data_write_handle + isub temp,null + branch module_le_receive_data_ok,zero + fetcht 2,mem_module_data_write_handle2 + isub temp,null + nrtn zero +module_le_receive_data_ok: + store 2,mem_module_le_rx_data_handle + branch module_hci_event_receive_le_data + + +/*********************hci ble receive data end*********************/ + +module_exit_sniff: + fetch 1,mem_module_flag + rtnbit1 MOUDLE_TASK_UNSNIFF + call module_set_unsniff_task_flag + branch app_bt_sniff_exit + + +module_set_lpm_mult_2: + jam 2,mem_lpm_mult + rtn + + + +module_bb_event_timer: + rtn + + +check_ipc_tx_buff: + call get_ipc_tx_buff + arg UART_AIR_CONTROL_THRESHOLD,temp +pdata_sub_temp: + isub temp,null + rtn + +calc_ipc_tx_buff_pos: + isub rega,pdata + sub pdata,0,pdata + rtn + +get_ipc_tx_buff: + fetcht 2,IPC_BT2M0_START_ADDR + fetch 2,IPC_BT2M0_END_ADDR + isub temp,rega + fetcht 2,IPC_BT2M0_READ_PTR + fetch 2,IPC_BT2M0_WRITE_PTR + isub temp,pdata + ncall calc_ipc_tx_buff_pos,positive + rtn + +module_control_air_flow: + call check_ipc_tx_buff + branch app_l2cap_flow_control_enable,positive + branch app_l2cap_flow_control_disable + + +/**************module state *******************/ +module_set_sniff_task_flag: + arg MOUDLE_TASK_SNIFF,queue + branch module_set_state + +module_clear_sniff_task_flag: + arg MOUDLE_TASK_SNIFF,queue + branch module_clr_state + +module_set_unsniff_task_flag: + arg MOUDLE_TASK_UNSNIFF,queue + branch module_set_state + +module_clear_unsniff_task_flag: + arg MOUDLE_TASK_UNSNIFF,queue + branch module_clr_state + +module_set_le_tx_data_flag: + arg MODULE_FLAG_BLE_DATA_FINISH,queue + branch module_set_state + +module_clear_le_tx_data_flag: + arg MODULE_FLAG_BLE_DATA_FINISH,queue + branch module_clr_state + +module_clr_state: + fetch 1,mem_module_flag + qset0 pdata + store 1,mem_module_flag + rtn + +module_set_state: + fetch 1,mem_module_flag + qset1 pdata + store 1,mem_module_flag + rtn + +/**************module state end*******************/ + + +else + +endif Index: dukaqi/senrui/program/bt.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/bt.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/bt.prog (working copy) @@ -0,0 +1,4130 @@ +define REVD +//define FPGA +define ROMCODE +define PATCH +define ADC +//define RAM_VERSION +//define CLK6M +//define DEBUG_MALLOC +//define DEBUG_H4LOG_ENABLE +//define DEBUG_LIGHT_STATE +//define E2_LOG +//define LMP_DBG +//define ACL_DEBUG +//define DCDC +define NVRAM +define RELEASE +define SECURE_CONNECTION +define DEBUG_RF_INIT +//define SPI_SIMULATE +//define ROM_RESPIN_OPTIONAL + +define SIMPLE_PAIRING +define COMPILE_RFCOMM +define COMPILE_SHUTTER +define COMPILE_AntiLost +//define COMPILE_IR +define COMPILE_KEYBOARD +define COMPILE_MOUSE +define COMPILE_MODULE +//define COMPILE_AT +//define COMPILE_PRCP +//define COMPILE_USB +//define COMPILE_DONGLE +define COMPILE_LE +define COMPILE_24G +define COMPILE_CAR +define COMPILE_REMOTE_CAR + +INCLUDE "bt_format" + +org 0x0000 // start from patch ram address start +ifdef SIM +include sim.prog +else +include patch.prog +endif + +/******************************************/ +/*********** ROM Start ***************/ +/******************************************/ + +org 0x4000 // start from rom address start +start: + call lpmstate +soft_reset: + bpatch patch00_0,mem_patch00 + clear_stack + call initialize_radio + call init_param + call l2cap_init + bpatch patch00_1,mem_patch00 + call rfcomm_init + call init_lmp + call ui_init + call app_init + bpatch patch00_2,mem_patch00 + call app_lpm_init,wake +ifdef SIMPLE_PAIRING + call publickey_init +else + call ssp_disable +ifdef SECURE_CONNECTION + call publickey_init + +endif +endif + call lpm_recover_clk,wake +main_loop: + bpatch patch00_3,mem_patch00 +ifdef SIMPLE_PAIRING + call sp_calc_sequence +endif +ifdef SECURE_CONNECTION + call sp_calc_sequence_256 +endif +ifdef SIMPLE_PAIRING +ifdef SECURE_CONNECTION + call sp_calc_sequence_256_check +endif +endif + call le_dispatch + bpatch patch00_4,mem_patch00 + call idle_dispatch + call app_process_idle + call inquiry_dispatch + call inquiry_scan_dispatch + call page_scan_dispatch + call connection_dispatch + call lpm_dispatch + branch main_loop + +connection_dispatch: + call connection_incontext + rtnmark0 mark_context + set0 mark_context,mark + call context_save + branch le_disable + +connection_incontext: + bpatch patch00_5,mem_patch00 + call context_search_insniff + nbranch connection_nosniff,zero + call context_load + add rega,coffset_mode,contr + ifetch 1,contr + bbit1 mode_le,le_conn_dispatch + bbit1 mode_master, master_dispatch + branch slave_dispatch +connection_nosniff: + call context_get_next + copy loopcnt,null + rtn zero + call context_load + fetch 1,mem_state + bbit1 state_inpage,master_page + fetch 1,mem_mode + bbit1 mode_master, master_dispatch + branch slave_dispatch + + + +/**************************************/ +/**************idle dispatch*********/ +/**************************************/ + +idle_dispatch: + fetch 1,mem_hci_cmd + rtn blank + beq hci_cmd_inquiry,idle_inquiry + beq hci_cmd_inquiry_cancel,idle_inquiry_cancel + beq hci_cmd_remote_name_req,idle_remote_name_req + beq hci_cmd_create_conn,idle_create_conn + beq hci_cmd_le_create_conn,idle_le_create_conn + call context_search_conn_handle + rtn zero + call context_search_plap + rtn zero +idle_exit: + jam 0,mem_hci_cmd + rtn + +idle_le_create_conn: + jam hci_cmd_le_create_conn,mem_cmd_le_create_conn + jam 0,mem_hci_cmd + rtn + +idle_inquiry: + set1 mark_inquiry_on,mark + set0 mark_inquiry_trainb,mark + jam param_ninquiry,mem_ninqy_index + jam 31,mem_nfreq_index_inq + branch idle_exit + +idle_inquiry_cancel: + set0 mark_inquiry_on,mark + force 0,stop_watch + branch idle_exit + +idle_remote_name_req: + call context_search_plap + rtn zero + force LMP_NAME_REQ,temp + jam 5,mem_nameres_cnt + branch idle_start_page + +idle_create_conn: + bpatch patch00_6,mem_patch00 +idle_create_conn_device: + fetch 6,mem_hci_plap + branch idle_exit,blank + jam RECONNECT_HID,memui_reconnect_mode + //jam HS_INIT_CALL,mem_hs_mode //init as master + jam CONN_SM_WAIT_FEATURES_RES,mem_conn_sm + branch idle_create_conn_cont + +idle_create_conn_cont: + force LMP_VERSION_REQ,temp +idle_start_page: + bpatch patch00_7,mem_patch00 + fetch 1,mem_page_mode + branch idle_page_mode_r0,blank + lshift3 pdata,pdata + lshift4 pdata,pdata + increase -1,pdata +idle_page_mode_r0: + store 1,mem_npage + store 1,mem_npage_index + jam 31,mem_nfreq_index_page + set0 mark_page_trainb,mark + call context_new + nbranch idle_page_fail,zero + call get_free_amaddr + store 1,mem_amaddr + storet 1,mem_lmo_opcode2 + fetch 6,mem_hci_plap + store 6,mem_plap + bpatch patch01_0,mem_patch01 + call timer_reinit + force 0,pdata + compare LMP_NAME_REQ,temp,0xff + nsetflag true,state_init_seq,pdata + set1 state_inpage,pdata + store 1,mem_state + jam BT_EVT_RECONN_STARTED,mem_fifo_temp + call ui_ipc_send_event + force 0,pdata + setflag true,smap_name_req,pdata + store 1,mem_state_map + setarg 0 + set1 mode_master,pdata + store 1,mem_mode + enable master + call context_save + disable master + force page_length_timer,queue + fetch 2,mem_page_to + call timer_init + branch idle_exit +idle_page_fail: + bpatch patch01_1,mem_patch01 + fetch 6,mem_hci_plap + store 6,mem_plap + compare LMP_NAME_REQ,temp,0xff + branch idle_name_fail,true + branch idle_exit +idle_name_fail: + arg mem_tmp_buffer,contw + arg 8,loopcnt + call memset0 + jam BT_EVT_RECONN_FAILED,mem_fifo_temp + call ui_ipc_send_event + branch idle_exit + + +/******************************************/ +/************** Inquiry *****************/ +/******************************************/ + +inquiry_dispatch: + rtnmark0 mark_inquiry_on + force inquiry_length_timer,queue + call timer_check + nsetflag blank,mark_inquiry_on,mark + nbranch inquiry_start,blank + rtn + + + +inquiry_start: + bpatch patch01_2,mem_patch01 + fetcht 2,mem_inq_window + force 4,queue + call sniff_check_window + rtn user + call afh_clear + force 0,freq_mode +inquiry_restart: + rtn timeout + set0 mark_fhs_already_good,mark + set0 mark_fhs_eir,mark +inquiry_rx_restart: + add clkn_bt,1,bt_clk + isolate1 mark_inquiry_trainb,mark + setflag true,2,freq_mode + compare 0x00,bt_clk,0x02 /* see if this is even slot */ + nbranch inquiry_receive,true + +inquiry_transmit: + bpatch patch01_3,mem_patch01 + fetch 1,mem_inquiry_transmit + increase 1,pdata + store 1,mem_inquiry_transmit + call fetch_giac + call tx_radio_freq + call fetch_diac + call start_transmitter /* get ready for that id packet */ + call start_tx_native + call send_access_word + call end_of_packet + call inquiry_check_train + branch inquiry_restart + +inquiry_check_train: + bpatch patch01_4,mem_patch01 + fetch 1,mem_nfreq_index_inq + increase -1,pdata + store 1,mem_nfreq_index_inq + rtn positive /* if it's time to incremnt N */ + jam 31,mem_nfreq_index_inq + fetch 1,mem_ninqy_index + increase -1,pdata + store 1,mem_ninqy_index + rtn positive /* if it's time to change train */ + setflip mark_inquiry_trainb,mark + jam param_ninquiry,mem_ninqy_index + rtn + +inquiry_receive: + bpatch patch01_5,mem_patch01 + call fetch_giac + call rx_radio_freq + call fetch_diac + call start_rx_native + call start_receiver /* get ready for that id packet */ + call wait_access_clkn_rt + branch inquiry_sync,sync /* try look for id packet again if not found */ + call inquiry_check_train + branch inquiry_rx_restart +inquiry_sync: + bpatch patch01_6,mem_patch01 + call save_rssi + call scan_mode_whiten + call receive_packet_whitened + set0 mark_rxbuf_inuse,mark + rtnmark0 mark_fhs_already_good +inquiry_receive_rtn: + bpatch patch01_7,mem_patch01 +inquiry_receive_eir_rtn: + fetch 1,mem_inquiry_rcv + increase 1,pdata + store 1,mem_inquiry_rcv + rtn + +/******************************************/ +/************** Master Dispatch *************/ +/******************************************/ + + + +master_page: + bpatch patch02_0,mem_patch02 + enable master + enable clknt + fetch 2,mem_page_interval + branch master_page_no_interval,blank + force page_interval_timer,queue + call timer_check + nrtn blank +master_page_no_interval: + bpatch patch02_1,mem_patch02 + fetcht 2,mem_page_window + force 40,queue + call sniff_check_window + branch page_exit,user + force page_length_timer,queue + call timer_check + nbranch page_start,blank + fetch 1,mem_state_map + bbit1 smap_name_req,master_npage_timeout + branch master_page_timeout +master_npage_timeout: + arg mem_tmp_buffer,contw + arg 8,loopcnt + call memset0 +master_page_timeout: + bpatch patch02_2,mem_patch02 + jam 0,mem_state + call init_lmp_work + jam 0,memui_reconnect_mode + jam BT_EVT_RECONN_PAGE_TIMEOUT,mem_fifo_temp + call ui_ipc_send_event + branch page_exit + +page_start: + bpatch patch02_3,mem_patch02 + force 0,timeup + until clkn_rt,meet + fetch 1,mem_page_clk + increase -1,pdata + ixor clkn_bt,pdata + compare 0,pdata,3 + nbranch page_start,true + deposit am_addr + store 1,mem_fhs_am_addr + force 0,N_tx_slot + force 0,freq_mode + +page_restart: + bpatch patch02_4,mem_patch02 + branch page_exit,timeout + call fetch_page_bt_adr + arg param_rf_setup, timeup + until clkn_rt,meet /* wait for the start_receiver time against native real clk */ +page_rx_restart: + bpatch patch02_5,mem_patch02 + fetch 4,mem_page_clk /* deposit clk_estimate */ + iforce bt_clk + increase 1,pdata + store 4,mem_page_clk + isolate1 mark_page_trainb,mark + setflag true,2,freq_mode + compare 0x00,bt_clk,0x02 /* see if this is even slot */ + nbranch page_receive,true + fetch 1, mem_page_transmit + increase 1,pdata + store 1, mem_page_transmit + call tx_radio_freq + call start_transmitter /* get ready for that id packet */ + call start_tx_native + call send_access_word + call end_of_packet + call page_check_train + branch page_restart +page_exit: + bpatch patch02_6,mem_patch02 + disable master + fetch 2,mem_page_interval + rtn blank + force page_interval_timer,queue + branch timer_init + +page_check_train: + bpatch patch02_7,mem_patch02 + fetch 1,mem_nfreq_index_page + increase -1,pdata + store 1,mem_nfreq_index_page + rtn positive + jam 31,mem_nfreq_index_page + fetch 1,mem_npage_index + increase -1,pdata /* increment N */ + store 1,mem_npage_index + rtn positive /* if it's time to change train */ + setflip mark_page_trainb,mark /* change train */ + fetch 1,mem_npage + store 1,mem_npage_index + rtn + +page_receive: + bpatch patch03_0,mem_patch03 + call rx_radio_freq + call start_rx_native + call start_receiver /* get ready for that id packet */ + call wait_access_clkn_rt /* try id look for id packet again */ + branch page_sync,sync /* restart if didn't receive anything */ + call page_check_train + branch page_rx_restart +page_sync: + call end_of_packet + fetch 1, mem_page_rcv + increase 1,pdata + store 1, mem_page_rcv + force 0,stop_watch + fetch 4,mem_page_clk +page_send_fhs: + bpatch patch03_1,mem_patch03 + call rf_setup_time_master_slot + call fetch_page_bt_adr + increase 1,N_tx_slot +page_send_fhs_continue: + and_into 0x1fd,bt_clk + and_into 0x1fc,freq_mode /* master response = x00, even_train settin must remain the same */ + call tx_radio_freq + call start_transmitter /* get ready for that id packet */ + call start_tx_native + call send_access_word + deposit clkn_bt + store 4,mem_clkn_bt + force 0,am_addr + force type_fhs,type + call scan_mode_whiten + call transmit_packet_whitened +page_wait_fhs_reply: + bpatch patch03_2,mem_patch03 + call rf_setup_time_slave_slot + or_into 0x02,bt_clk + and_into 0x1fc,freq_mode /* master response sequence = x00, even train setting must be preserved */ + call rx_radio_freq + call start_rx_native + call start_receiver /* get ready for that id packet */ + call wait_access_clkn_rt /* look for that reply */ + call end_of_packet,sync /* id reply is enough */ + branch page_wait_fhs_reply_ok,sync /* no reply then send fhs again */ + fetch 1,mem_fhs_wait_counter + branch page_restart,blank + increase -1,pdata + store 1,mem_fhs_wait_counter + branch page_send_fhs + +page_wait_fhs_reply_ok: + bpatch patch03_3,mem_patch03 + fetch 1, mem_page_rcv_fhs + increase 1,pdata + store 1, mem_page_rcv_fhs + call prepare_newconn +master_newconn_loop: + call master_newconn_once + branch newconn_poll_responded,sync + call new_conn_timeout + nbranch master_newconn_loop,blank + branch page_restart + +newconn_poll_responded: + bpatch patch03_4,mem_patch03 + fetch 1,mem_state + set0 state_inpage,pdata + store 1,mem_state + call newconn_init + disable master + rtn + + +master_dispatch: + bpatch patch03_5,mem_patch03 + enable master + enable clknt + call role_switch_master + rtn user + call check_bt_disabled + call rf_setup_time_master_slot + add clkn_bt,1,bt_clk + call fetch_self_bt_adr + force 0x03,freq_mode + call scheduler_tx_l2cap_pkt + call prepare_tx + call tx_radio_freq + call start_transmitter + call start_tx_native + call send_access_word + call transmit_packet +master_loop: + bpatch patch03_6,mem_patch03 + call parse_lmp + call master_conn_recv_packet + nbranch master_notmatch,match + call supervision_flush + call parse_l2cap + fetch 1,mem_master_rcvcnt + increase 1,pdata + store 1,mem_master_rcvcnt +master_notmatch: + bpatch patch03_7,mem_patch03 + call scheduler_process + call check_master_disconnect + nrtn master /* disconnected */ + call check_attempt + nbranch master_attempt,blank +master_exit: + disable master + rtn + +master_attempt: + call prepare_tx + call master_conn_send_packet + branch master_loop + + +check_master_disconnect: + branch check_master_match,match + call supervision_update + branch master_disconnect,positive +check_master_match: + call check_disconnect_timeout + nbranch master_disconnect,user + fetch 1,mem_state_map + rtnbit0 smap_name_req + rtnbit1 smap_name_res + fetch 1,mem_op + rtnbit1 op_disconn + call conn_timer_expired + nrtn blank + fetch 1,mem_nameres_cnt + increase -1,pdata + store 1,mem_nameres_cnt + nrtn blank + branch lmp_disconnect + +master_disconnect: + bpatch patch04_0,mem_patch04 + call quit_connection + disable master + fetch 1,mem_state_map + bbit1 smap_name_req,master_name_disconnect + rtn + +master_name_disconnect: + fetch 1,mem_state_map + rtnbit1 smap_name_res +master_name_error: + arg mem_tmp_buffer,contw + arg 8,loopcnt + branch memset0 + +check_disconnect_timeout: + bpatch patch04_1,mem_patch04 + enable user + fetch 1,mem_op + rtnbit0 op_disconn + call conn_timer_expired + nrtn blank + branch disable_user + +conn_timer_expired: + fetch 1,mem_conn_timer + increase -1,pdata + store 1,mem_conn_timer + rtn + +linkkey_ready: + bpatch patch04_2,mem_patch04 + fetch 1,mem_state + bbit1 state_linkkey,linkkey_set + fetch 1,mem_pairing_auth + branch linkkey_set,blank + jam DEFALT_PAIRING_AUTH,mem_pairing_auth + jam BT_EVT_LINKKEY_GENERATE,mem_fifo_temp + call ui_ipc_send_event + branch linkkey_set +linkkey_set: + bpatch patch04_3,mem_patch04 + call context_traverse_linkkey + fetch 1,mem_state + set1 state_linkkey,pdata + store 1,mem_state + jam 1,mem_link_key_exists + fetch 1,mem_conn_sm + bne CONN_SM_PAIRING,linkkey_set_continue +linkkey_set_continue: + rtn + +generate_linkkey_continue: + jam PAIRING_AUTH,mem_pairing_auth +clear_linkstate: + fetch 1,mem_state + set0 state_linkkey,pdata + store 1,mem_state + rtn + + + /* rtn user if switch */ +role_switch_check: + bpatch patch04_4,mem_patch04 + disable user + fetch 2,mem_tsniff + arg 0xffff,temp + isub temp,null + nrtn zero + fetch 4,mem_sniff_anchor + branch role_switch_clkn,clknt + isub clke_bt,pdata + branch role_switch_clke +role_switch_clkn: + isub clkn_bt,pdata +role_switch_clke: + sub pdata,4,null + nrtn positive + force 0,pdata + store 2,mem_tsniff + branch enable_user + + + /* pdata: switch instant, set tsniff=0 for special sniff */ +role_switch_prepare: + copy pdata,temp + bpatch patch04_5,mem_patch04 + storet 4,mem_sniff_anchor +role_switch_prepare0: + jam SWITCH_FLAG_ACCEPT,mem_switch_flag + setarg 0xffff + store 2,mem_tsniff + jam 1,mem_sniff_attempt + rtn + + +role_switch_master: + bpatch patch04_6,mem_patch04 + call role_switch_check + nrtn user + disable user + jam param_newconnto,mem_newconnto_counter + set0 mark_fhs_already_good,mark +roles_waitfhs_loop: + call rf_setup_time_master_slot + call master_recv_packet + bmark1 mark_fhs_already_good,roles_replyto_fhs + call new_conn_timeout + nbranch roles_waitfhs_loop,blank +role_switch_fail_master: + bpatch patch04_7,mem_patch04 + disable user + deposit clkn_bt + store 4,mem_next_btclk + enable clknt + enable master + jam BT_EVT_SWITCH_FAIL_MASTER,mem_fifo_temp + branch ui_ipc_send_event + +roles_replyto_fhs: + bpatch patch05_0,mem_patch05 + call rf_setup_time_slave_slot + arg type_id,type + call master_send_packet + disable clknt + disable master + call apply_switch_clke + call prepare_newconn +roles_newconns_loop: + bpatch patch05_1,mem_patch05 + call slave_newconn_once + branch roles_newconns_responded,match + call new_conn_timeout + nbranch roles_newconns_loop,blank + branch role_switch_fail_master +roles_newconns_responded: + fetch 1,mem_mode + set0 mode_master,pdata + store 1,mem_mode + call supervision_flush + call calc_clke_offset + enable user + jam BT_EVT_SWITCH_SUCCESS_MASTER,mem_fifo_temp + branch ui_ipc_send_event + + + + +context_load: + bpatch patch05_2,mem_patch05 + set1 mark_context,mark + deposit rega + store 2,mem_context_ptr + force context_size,loopcnt + arg mem_le_state,contw + add rega,coffset_mode,contr + ifetch 1,contr + copy rega,contr + bbit1 mode_le,memcpy + arg mem_state,contw + call memcpy + disable attempt + fetch 1,mem_amaddr + iforce am_addr + jam 1,mem_current_sniff_attempt + branch context_load_master,master + jam 1,mem_current_sniff_attempt +context_load_master: + fetch 1,mem_state + rtnbit0 state_insniff + fetch 1,mem_sniff_attempt + store 1,mem_current_sniff_attempt + fetch 1,mem_sniff_timeout + store 1,mem_current_sniff_timeout + rtn + +context_save: + bpatch patch05_3,mem_patch05 + fetch 2,mem_context_ptr + iforce contw + force context_size,loopcnt + arg mem_le_state,contr + branch memcpy,le + arg mem_state,contr + branch memcpy + + + +context_get_next: + arg context_num,loopcnt + fetcht 1,mem_current_context +context_get_next_loop: + increase 1,temp + compare context_num,temp,0xff + nbranch context_get_next_cont,true + arg 0,temp +context_get_next_cont: + storet 1,mem_current_context + mul32 temp,context_size,pdata + arg mem_context,rega + iadd rega,rega + ifetch 1,rega + bbit1 state_insniff,context_get_next_sniff + rtnbit1 state_inconn + rtnbit1 state_inpage +context_get_next_sniff: + loop context_get_next_loop + rtn + +context_new: + bpatch patch05_4,mem_patch05 + arg context_search_empty,regc + call context_search + nrtn zero // all occupied + deposit rega + store 2,mem_context_ptr + force 0,null + rtn + + //return zero if anyone's wack is 1. + //return nzero if all wack is 0 +context_check_all_wack: + call check_esco_amaddr + branch context_check_esco_wack,true + fetch 2,mem_context_ptr + add pdata,coffset_arq,contw + fetch 1,mem_arq + istore 1,contw + arg context_check_a_wack,regc + branch context_search + +context_check_esco_wack: + fetch 1,mem_arq + isolate1 wack,pdata + branch context_esco_wack,true + force 1,null + rtn +context_esco_wack: + force 0,null + rtn + + //rtn nzero if idle(no conn) +context_check_idle: + arg context_check_inconn,regc + branch context_search + +context_traverse_linkkey: + fetcht 2,mem_context_ptr + arg context_traverse_clearkey,regc + branch context_search + + + /* return zero if conn handle is found */ +context_search_conn_handle: + fetcht 1,mem_hci_conn_handle +context_search_conn_handle2: + arg context_search_handle,regc + branch context_search + /* return zero if plap is found */ +context_search_plap: + bpatch patch05_5,mem_patch05 + fetcht 6,mem_hci_plap +context_search_plap2: + arg context_search_lap,regc + branch context_search + /* return zero if sniff anchor is meet and rega pointers to context */ +context_search_insniff: + arg context_search_sniff,regc + branch context_search + /* return zero if sniff window is in content with current transaction */ +context_search_sniff_window: + arg context_search_window,regc +context_search: + bpatch patch05_6,mem_patch05 + arg mem_context,rega + arg context_num,loopcnt +context_search_loop: + ifetch 1,rega + copy regc,pc +context_search_next: + increase context_size,rega + loop context_search_loop + force 1,null + rtn + +context_search_empty: + bbit1 state_inconn,context_search_next + bbit1 state_inpage,context_search_next + force 0,null + rtn + +context_search_lap: + bbit1 state_inpage,context_search_lap_cont + bbit0 state_inconn,context_search_next +context_search_lap_cont: + add rega,coffset_plap,contr + ifetch 6,contr + isub temp,null + rtn zero + branch context_search_next + +context_search_handle: + bbit0 state_inconn,context_search_next + add rega,coffset_conn_handle,contr + ifetch 1,contr + isub temp,null + rtn zero + branch context_search_next + +context_search_sniff: + bbit0 state_insniff,context_search_next +context_search_sniff_loop: + call context_get_anchor + call sign_pdata_temp + isub temp,pdata + increase 1,pdata + branch context_search_sniff_miss,positive + copy contr,regb + store 9,mem_temp + fetch 1,mem_le_sc_calc + nbranch context_search_sniff_sc,blank + fetch 9,mem_temp + copy regb,contr + increase 5,pdata + branch context_search_meet1 +context_search_sniff_sc: + fetch 9,mem_temp + copy regb,contr + increase 20,pdata +context_search_meet1: + nbranch context_search_next,positive +context_search_meet: + copy temp,bt_clk + call context_next_anchor + force 0,null + rtn + + +context_search_sniff_miss: + iforce regb + add rega,coffset_tsniff,contr + ifetch 2,contr + branch context_search_meet,blank + call context_next_anchor + branch context_search_sniff_loop + +sign_pdata_temp: + rshift16 pdata,timeup + rshift8 timeup,timeup + branch sign_pdata_temp_p0,zero + compare 0xf,timeup,0xf + nrtn true + rshift16 temp,timeup + rshift8 timeup,timeup + nrtn zero + set1 28,temp + rtn +sign_pdata_temp_p0: + rshift16 temp,timeup + rshift8 timeup,timeup + compare 0xf,timeup,0xf + nrtn true + set1 28,pdata + rtn + +context_check_inconn: + bbit0 state_inconn,context_search_next + force 0,null // found + rtn + +context_check_a_wack: + bbit0 state_inconn,context_search_next + add rega,coffset_mode,contr + ifetch 1,contr + bbit1 mode_le,context_search_next + add rega,coffset_arq,contr + ifetch 1,contr + bbit0 wack,context_search_next + force 0,null // found + rtn + +context_get_anchor: + add rega,coffset_mode,contr + ifetcht 1,contr + deposit clkn_bt + isolate1 mode_master,temp + add rega,coffset_sniff_anchor,contr + ifetcht 4,contr + rtn true + add rega,coffset_clk_offset,contr + ifetch 6,contr + call calc_clke2 + deposit clke_bt + rtn + +context_next_anchor: + add rega,coffset_tsniff,contr + add rega,coffset_sniff_anchor,contw + ifetch 2,contr + iadd temp,timeup /* wrap to 28 bits */ + deposit timeup + istore 4,contw + branch le_context_nexthop + + +context_search_window: + bbit0 state_insniff,context_search_next + call context_get_anchor + iadd stop_watch,pdata + iadd stop_watch,pdata + iadd queue,pdata + isub temp,null + nbranch context_search_next,positive + force 0,null + rtn + +context_traverse_clearkey: + bbit0 state_inconn,context_search_next + deposit temp + isub rega,null + branch context_search_next,null + add rega,coffset_mode,contr + ifetch 1,contr + bbit1 mode_le,context_search_next + ifetch 1,rega + set0 state_linkkey,pdata + istore 1,rega + branch context_search_next + + +master_conn_send_packet: + bpatch patch05_7,mem_patch05 + call rf_setup_time_master_slot +master_send_packet: + add clkn_bt,1,bt_clk /* master start to use native clock */ + call fetch_self_bt_adr + force 0x03,freq_mode /* we are in connection!! */ + call tx_radio_freq + call start_transmitter + call start_tx_native + call send_access_word + branch transmit_packet + +master_conn_recv_packet: + bpatch patch06_0,mem_patch06 + call rf_setup_time_slave_slot +master_recv_packet: + add clkn_bt,1,bt_clk /* master start to use native clock */ + call fetch_self_bt_adr + force 0x03,freq_mode /* we are in connection!! */ + call rx_radio_freq + call init_rx_packet_flags + call prep_crypt + call start_rx_native /* start listening at start_rx time */ + call start_receiver +master_rx_conn_finish_packet: + call wait_access_clkn_rt /* master use native clock */ + nrtn sync + call save_rssi + branch receive_packet + + + +master_newconn_once: + bpatch patch06_1,mem_patch06 + fetch 1,mem_fhs_am_addr + iforce am_addr //review + force type_poll,type + call master_conn_send_packet + branch master_conn_recv_packet + + + + + + +/******************************************/ +/************* Inquiry Scan ***************/ +/******************************************/ + +inquiry_scan_dispatch: + fetch 1,mem_scan_mode + rtnbit0 inq_scan_mode + force iscan_interval_timer,queue + call timer_check + nrtn blank + fetcht 2,mem_iscan_window + force 4,queue + call sniff_check_window + rtn user + call inquiry_scan_start + force iscan_interval_timer,queue + fetch 2,mem_iscan_interval + nbranch timer_init,sync + random pdata /* inquiry scan backoff */ + iand mask3ff,pdata + branch timer_init + + +inquiry_scan_start: + bpatch patch06_2,mem_patch06 + jam 0,mem_fhs_am_addr + disable clknt + disable attempt + call afh_clear + and clkn_bt,0x1fc,bt_clk /* freeze the clock, set bit[1] 0, this is version 1.1 */ + force 0x01,freq_mode /* slave in inquiry scan, kind of same as inquriy_response, this is version 1.1 */ + call fetch_giac + call rx_radio_freq + setflip mark_inquiry_state,mark + fetch 1,mem_inquiryscan_waitcnt + increase 1,pdata + store 1,mem_inquiryscan_waitcnt + call fetch_diac + call start_receiver /* get ready for that id packet */ + call wait_access_forever /* until there is timeout, or matched (true) */ + nrtn sync + bpatch patch06_3,mem_patch06 + force 0,stop_watch + call shutdown_radio /* must have heard */ + fetch 1,mem_inquiryscan_rcvcnt + increase 1,pdata + store 1,mem_inquiryscan_rcvcnt + call fetch_giac + call rf_setup_time_slave_slot + or_into 0x002,bt_clk /* put clk(1) to 1 */ + force 0x01,freq_mode /* slave in inquriy and page, response only */ + call tx_radio_freq + call fetch_diac + call start_transmitter /* get ready for that id packet */ + call start_tx_external + deposit clkn_bt + store 4,mem_clkn_bt + call send_access_word + force type_fhs,type + force 0,am_addr /* put 0 into am_addr field for fhs */ + call scan_mode_whiten + call transmit_packet_whitened + call send_eir + and_into 0x1fd,bt_clk /* put clk(1) back to 0 */ + increase 1,N_tx_slot + rtn + +send_eir: + bpatch patch06_4,mem_patch06 + fetch 1,mem_eir_enable + rtn blank + arg mem_eir,contw + fetch 1,mem_local_name_length + copy pdata,loopcnt + increase 1,pdata + istore 1,contw + copy contw,temp + increase 1,pdata + store 2,mem_tx_len + copy temp,contw + setarg 0x09 //type:name + istore 1,contw + arg mem_local_name,contr + call memcpy //name + + arg mem_all_uuid_128bits,regc + arg 4,loopcnt + call get_all_uuid + arg mem_all_uuid_16bits,regc + arg 1,loopcnt + call get_all_uuid + + force type_dm3,type /* DM3 */ + jam 2,mem_tx_lch + setarg mem_eir + store 2,mem_txptr + call rf_setup_time_slave_slot + call tx_radio_freq + call start_transmitter /* get ready for that id packet */ + call start_tx_external + call send_access_word + call scan_mode_whiten + call transmit_packet_whitened + rtn + + +get_all_uuid: + copy contw,temp + copy regc,contr + ifetch 1,contr + rtn blank +lshift_loop: + lshift pdata,pdata + loop lshift_loop + copy pdata,rega + increase 2,pdata + copy pdata,queue + fetch 2,mem_tx_len + iadd queue,pdata + store 2,mem_tx_len + copy temp,contw + copy rega,pdata + increase 1,pdata + istore 1,contw + copy regc,contr + ifetch 1,contr + ifetch 1,contr //fetch type + istore 1,contw + copy rega,loopcnt + branch memcpy //copy uuid + +/******************************************/ +/******** Slave dispatch ***********/ +/******************************************/ + +page_scan_dispatch: + fetch 1,mem_scan_mode + rtnbit0 page_scan_mode + force pscan_interval_timer,queue + call timer_check + nrtn blank + fetcht 2,mem_pscan_window + force 40,queue + call sniff_check_window + rtn user + force 0,am_addr + jam param_pagerespto,mem_fhs_wait_counter + set0 mark_fhs_already_good,mark + call page_scan_start + force pscan_interval_timer,queue + fetch 2,mem_pscan_interval + branch timer_init + + +page_scan_start: + bpatch patch06_5,mem_patch06 + disable clknt + call afh_clear + fetch 1,mem_pagescan_waitcnt + increase 1,pdata + store 1,mem_pagescan_waitcnt + force 0,N_tx_slot + call fetch_self_bt_adr + add clkn_bt,1,bt_clk /* freeze the clock on native clock until scan window is up */ + force 0x02, freq_mode /* slave in inquiry and page, not response */ + bpatch patch06_6,mem_patch06 + call rx_radio_freq + call start_receiver /* wait for that id packet from master */ + call wait_access_forever + nrtn sync /* pscan window timeout occured, back to dispatch */ + call shutdown_radio /* got the id packet */ + fetch 1,mem_pagescan_rcvcnt + increase 1,pdata + store 1,mem_pagescan_rcvcnt + force 0,stop_watch + call rf_setup_time_slave_slot + or_into 0x002,bt_clk /* put clk(1) to 1 */ + force 0x01,freq_mode /* slave in inquriy and page, response only */ + call tx_radio_freq + call start_transmitter + call start_tx_external + call send_access_word + call end_of_packet + force 0,am_addr + arg param_rf_setup, timeup + until clke_rt,meet + or_into 0x03,clke_bt + and_into 0x1fd,bt_clk +page_scan_wait_fhs_restart: + bpatch patch06_7,mem_patch06 + increase 1,N_tx_slot + call rx_radio_freq + call start_receiver + call wait_access_mhalfbnd + nbranch page_scan_wait_fhs_again,sync /* go back if didn't find access code */ + call scan_mode_whiten + call receive_packet_whitened + bmark1 mark_fhs_already_good,page_scan_reply_to_fhs +page_scan_wait_fhs_again: + bpatch patch07_0,mem_patch07 + fetch 1,mem_fhs_wait_counter + rtn blank + increase -1,pdata + store 1,mem_fhs_wait_counter + call rf_setup_time_master_slot /* set up expiration time */ + branch page_scan_wait_fhs_restart + + +page_scan_reply_to_fhs: + bpatch patch07_1,mem_patch07 + set0 1,clke_bt + set1 0,clke_bt + fetch 1,mem_pagescan_rcvfhscnt + increase 1,pdata + store 1,mem_pagescan_rcvfhscnt + call rf_setup_time_slave_slot + or_into 0x02,bt_clk + call tx_radio_freq + call start_transmitter + call start_tx_external + call send_access_word + call end_of_packet +slave_apply_clke_bt: + compare 0x03,clke_bt,0x03 + branch slave_apply_clke_bt_now,true + until null,mhalfbnd + branch slave_apply_clke_bt +slave_apply_clke_bt_now: + fetch 4,mem_clke_bt + or_into 0x03,pdata + icopy clke_bt + +start_slave_connection: + bpatch patch07_2,mem_patch07 + fetch 6,extm_lap + store 6,mem_plap + call prepare_newconn +slave_newconn_loop: + call slave_newconn_once + branch sconn_successful,match /* we were talked to */ + call new_conn_timeout + nbranch slave_newconn_loop,blank + rtn + + +sconn_successful: + bpatch patch07_3,mem_patch07 + call newconn_init + call context_new + nrtn zero + jam 0,mem_mode + call calc_clke_offset + branch context_save + + + + +slave_dispatch: + bpatch patch07_4,mem_patch07 + call calc_clke + call role_switch_slave + rtn user +slave_loop: + bpatch patch07_5,mem_patch07 + call check_bt_disabled + call scheduler_process + call slave_conn_recv_packet /* go listen for a packet */ + nbranch slave_notmatch,match + call supervision_flush + call scheduler_tx_l2cap_pkt + call prepare_tx + call slave_conn_send_packet + call parse_l2cap + call parse_lmp + fetch 1,mem_slave_rcvcnt + increase 1,pdata + store 1,mem_slave_rcvcnt + call calc_clke_offset +slave_notmatch: + bpatch patch07_6,mem_patch07 + call lpm_set_mult + call supervision_update + branch slave_disconnect,positive + call check_disconnect_timeout + nbranch slave_disconnect,user + call check_attempt + nbranch slave_loop,blank + rtn + +slave_disconnect: + bpatch patch07_7,mem_patch07 + jam 0,mem_tester_emulate + jam 0,mem_debug_config + call quit_connection + set0 mark_testmode,mark + call test_enable_white + fetch 1,mem_state + rtn + + +role_switch_slave: + bpatch patch08_0,mem_patch08 + call role_switch_check + nrtn user + copy am_addr,temp + call get_free_amaddr + store 1,mem_fhs_am_addr + copy temp,am_addr + jam param_newconnto,mem_newconnto_counter +roles_sendfhs_loop: + bpatch patch08_1,mem_patch08 + call rf_setup_time_master_slot + force type_fhs,type + call slave_send_access + deposit clkn_bt + store 4,mem_clkn_bt + call transmit_packet + call rf_setup_time_slave_slot + enable user3 + call slave_receive_access + branch roles_got_fhs_reply,sync + call shutdown_radio + call new_conn_timeout + nbranch roles_sendfhs_loop,blank + rtnmark0 mark_accept_switch + jam LMP_SLOT_OFFSET,mem_lmo_opcode2 + set1 mark_switch_initiated,mark + rtn +roles_got_fhs_reply: + enable clknt + call prepare_newconn + call afh_clear +roles_newconn_loop: + bpatch patch08_2,mem_patch08 + call master_newconn_once + branch roles_newconn_responded,sync + call new_conn_timeout + nbranch roles_newconn_loop,blank + disable clknt + deposit clke_bt + store 4,mem_next_btclk + rtn +roles_newconn_responded: + enable master + bmark0 mark_accept_switch,roles_newconn_nolmp + set0 mark_accept_switch,mark + jam LMP_ACCEPTED,mem_lmo_opcode2 + jam LMP_HOST_CONNECTION_REQ,mem_lmi_opcode2 + call tid_set_reply +roles_newconn_nolmp: + deposit am_addr + store 1,mem_amaddr + force 0,pdata + store 6,mem_clk_offset + fetch 1,mem_mode + set1 mode_master,pdata + store 1,mem_mode + call supervision_flush + disable master + enable user + rtn + + + +init_rx_packet_flags: + bpatch patch08_3,mem_patch08 + disable match + set0 mark_loopback,mark + set0 mark_am_addr_broadcast,mark /* initialize slave flags */ + set0 mark_longpacket,mark + set0 mark_old_packet,mark + fetch 1,mem_arq /* mem_arq + am_addr */ + set0 arqnx,pdata + set1 flowx,pdata + store 1,mem_arq + rtn + +prepare_newconn: + bpatch patch08_4,mem_patch08 + jam param_newconnto,mem_newconnto_counter + jam param_newconn_arq,mem_arq + fetch 2,mem_rx_window_init + store 2,mem_rx_window + deposit clkn_bt + store 4,mem_next_btclk + rtn clknt + deposit clke_bt + store 4,mem_next_btclk + rtn + +newconn_init: + bpatch patch08_5,mem_patch08 + call init_lmp_reinit + call new_conn_handle + store 1,mem_conn_handle + setarg 0 + store 2,mem_l2cap_rxbuff1_len + setarg param_supervision_to + store 2,mem_supervision_to + fetch 1,mem_state + set1 state_inconn,pdata + store 1,mem_state + jam 0,mem_op + jam 0,mem_state_map + jam 0,mem_lpm_current_mult + branch supervision_flush + + +clear_linkkey: + bpatch patch08_6,mem_patch08 + force 0,pdata + store 8,mem_link_key + istore 8,contw + call clear_linkstate + branch context_traverse_linkkey + +new_conn_timeout: + fetch 1,mem_newconnto_counter + increase -1,pdata + store 1,mem_newconnto_counter + rtn + +new_conn_handle: + fetch 1,mem_handle_num + increase 1,pdata + store 1,mem_handle_num + rtn + + +quit_connection: + bpatch patch08_7,mem_patch08 + fetch 1,mem_hci_cmd + beq hci_cmd_remote_name_req,quit_connection_name + fetch 1,mem_lmp_to_send + bne LMP_NAME_REQ,quit_connection_cont +quit_connection_name: + call cmd_check_plap + nbranch quit_connection_cont,zero + call master_name_error + jam 0,mem_hci_cmd +quit_connection_cont: + bpatch patch09_0,mem_patch09 + call app_disconn_reason_collect_bt + call sniff_exit + jam BT_EVT_BB_DISCONNECTED,mem_fifo_temp + call ui_ipc_send_event + call init_lmp_work + call l2cap_init_work +ifdef SIMPLE_PAIRING + call sp_initialize +endif + fetch 1,mem_state + set0 state_inconn + store 1,mem_state + jam 0,memui_reconnect_mode + + fetch 1,mem_state_map + compare 0x0,pdata,0xc0 + branch quit_connection_not_clear_mark,true + set0 mark_rxbuf_inuse,mark +quit_connection_not_clear_mark: + fetch 1,mem_arq + bbit0 wack,quit_connection_not_clear_tx +quit_connection_not_clear_tx: + fetch 1,mem_op + rtnbit0 op_txl2cap + set0 mark_tx_l2cap,mark + rtn + +slave_newconn_once: + bpatch patch09_1,mem_patch09 + fetch 1,extm_newconn_am_addr + rtn blank + icopy am_addr + call slave_conn_recv_packet + nrtn match + force type_null,type + call slave_conn_send_packet + deposit am_addr + store 1,mem_amaddr /* now the new am_addr is official */ + force 0,pdata + store 1,extm_newconn_am_addr + rtn + + +/******************************************/ +/******** Time consuming task ***********/ +/******************************************/ +prepare_tx: + bpatch patch09_2,mem_patch09 + fetch 1,mem_state + bbit0 state_insco,prepare_tx_not_sco + force type_hv3,type + bmark0 mark_esco,prepare_tx_not_esco + call check_esco_amaddr + nbranch prepare_tx_not_sco,true + branch prepare_tx_not_sco,attempt + call set_wait_ack /* send esco only at the first attempt */ + setarg 2 /* esco only has 1 retry */ + store 2,mem_retransmission_cnt + rtn +prepare_tx_not_esco: + nrtn attempt /* send sco only at the first attempt */ +prepare_tx_not_sco: + bpatch patch09_3,mem_patch09 + call context_check_all_wack //abandon mark_retransmit, use context_check_all_wack instead. + nbranch prepare_tx_no_retransmit,zero + fetch 1,mem_arq + bbit0 wack,prepare_tx_pollnull /* other wack, tx buffer in use, but not me */ +prepare_tx_retransmit: + bmark1 mark_loopback,prepare_tx_loopback + fetch 1,mem_debug_config + bbit1 debug_tx_pattern,prepare_tx_txpat + fetch 2,mem_retransmission_cnt + increase -1,pdata + store 2,mem_retransmission_cnt + branch prepare_tx_nomore_retransmit,blank + fetch 1,mem_last_type + iforce type + rtn + +prepare_tx_nomore_retransmit: + bpatch patch09_4,mem_patch09 + call clear_got_tx +prepare_tx_no_retransmit: + call check_esco_amaddr + branch prepare_tx_pollnull,true + call send_lmp + branch prepare_tx_sendlmp,user + fetch 1,mem_op + bbit1 op_txl2cap,prepare_tx_sendl2cap + bmark1 mark_loopback,prepare_tx_loopback + fetch 1,mem_debug_config + bbit1 debug_tx_pattern,prepare_tx_txpat +prepare_tx_pollnull: + force type_poll,type /* POLL for master */ + rtn master + force type_null,type /* default is NULL */ + rtn +prepare_tx_loopback: + bpatch patch09_5,mem_patch09 + fetch 1,mem_rx_type + iforce type + rtnne 1 + force type_null,type + rtn +prepare_tx_txpat: + fetch 1,test_mode_packet_type + and pdata,0xf,type + set1 mark_loopback,mark + rtn +prepare_tx_sendlmp: + force type_lmp,type + branch set_wait_ack +prepare_tx_sendl2cap: + call tx_l2cap_type + +set_wait_ack: + bpatch patch09_6,mem_patch09 + fetcht 1,mem_arq + set1 wack,temp + storet 1,mem_arq + deposit type + store 1,mem_last_type + setarg 0xffff + store 2,mem_retransmission_cnt + rtn + +tx_l2cap_type: + bpatch patch09_7,mem_patch09 + fetch 1,mem_state_map + isolate1 smap_edr,pdata + fetch 2,mem_tx_len + branch tx_l2cap_type_edr,true + force type_dm1,type /* DM1 */ + sub pdata,17,null + rtn positive + force type_dh1,type /* DH1 */ + sub pdata,27,null + rtn positive + force type_dm3,type /* DM3 */ + sub pdata,121,null + rtn positive + force type_dh3,type /* DH3 */ + sub pdata,183,null + rtn positive + force type_dm5,type /* DM5 */ + sub pdata,224,null + rtn positive + force type_dh5,type /* DH5 */ + rtn +tx_l2cap_type_edr: + force type_dm1,type + sub pdata,17,null + rtn positive + force type_dh1,type /*2-DH1*/ + sub pdata,54,null + rtn positive + force type_dm3,type /*2-DH3*/ + arg 367,temp + isub temp,null + nrtn positive + force type_dm5,type /*2-DH5*/ + arg 679,temp + isub temp,null + nrtn positive + force type_dh5,type /*3-DH5*/ + rtn + + +/******************************************/ +/*********** Receive Packet *************/ +/******************************************/ + + + +slave_receive_master_slot: + fetch 1,mem_state + bbit0 state_insniff,slave_receive_notsniff + fetch 2,mem_tsniff + branch slave_receive_notsniff,blank /* role switch */ + nbranch slave_receive_sniff,attempt +slave_receive_notsniff: + call rf_setup_time_master_slot +slave_receive_access: + add clke_bt,1,bt_clk +slave_receive_sniff: + enable swfine + fetch 2,mem_rx_window + rshift pdata,pdata + arg param_pll_setup,temp + iadd temp,pdata + call ahead_window + call fetch_extm_bt_adr + force 0x03,freq_mode /* connection hop */ + call rx_radio_freq + call init_rx_packet_flags + call prep_crypt + bpatch patch0a_0,mem_patch0a + fetch 2,mem_rx_window + rshift pdata,pdata + call ahead_window + call start_receiver + enable decode_fec0 + fetch 2,mem_rx_window + arg param_clke_cal,temp + iadd temp,stop_watch + correlate null,timeout + copy clke,temp + storet 6,mem_sync_clke + disable decode_fec0 + nrtn sync + arg param_clke_cal,clke_rt + copy bt_clk,clke_bt + branch lpm_adjust_clk,wake + rtn + + +slave_conn_recv_packet: + bpatch patch0a_1,mem_patch0a + call slave_receive_master_slot + nbranch shutdown_radio,sync + call save_rssi + bmark0 mark_testmode,receive_packet + fetch 2,mem_tst_pktcnt_sync + increase 1,pdata + store 2,mem_tst_pktcnt_sync +receive_packet: + rshift bt_clk,temp + or temp,0x40,white_init +receive_packet_whitened: + bpatch patch0a_2,mem_patch0a + enable enable_white + enable enable_hec + enable decode_fec1 + parse demod,bucket,3 /* get am_addr */ + rshift8 pwindow,pdata + store 1,mem_temp_am_addr + parse demod,bucket,4 /* get type */ + inject bucket,7 /* align up to pwindow */ + copy pwindow,pdata + store 1,mem_rx_type + parse demod,bucket,3 /* get arq */ + rshift8 pwindow,pdata + store 1,mem_temp_arq + fetch 1,mem_rx_type + sub pdata,3,null + branch receive_packet_noedr,positive + beq 7,receive_packet_noedr /* esco packet */ + fetch 1,mem_state_map + isolate1 smap_edr,pdata + setflag true,PSK,radio_ctrl +receive_packet_noedr: + bpatch patch0a_3,mem_patch0a + parse demod,bucket,8 /* cycle thru hec */ + disable decode_fec1 + disable enable_hec /* at this moment, 1 seqn + 8 hec is in shift */ + branch error_header,crc_failed /* if hec error, nothing is valid */ + bmark0 mark_testmode,receive_packet_amchk + fetch 2,mem_tst_pktcnt_hec + increase 1,pdata + store 2,mem_tst_pktcnt_hec +receive_packet_amchk: + bpatch patch0a_4,mem_patch0a + fetch 1,mem_temp_am_addr + compare 0,pdata,0x07 /* check for broadcast */ + setflag true,mark_am_addr_broadcast,mark /* received a broadcast message, can fire ar_addr if during unpark_req */ + branch am_addr_ok,true + icompare 0x07,am_addr + branch am_addr_match,true + bmark0 mark_esco,end_of_packet + fetcht 1,mem_saved_amaddr + icompare 0x7,temp + nbranch end_of_packet,true + fetch 1,mem_arq /* mem_arq + am_addr */ + set0 arqnx,pdata + set1 flowx,pdata + store 1,mem_arq +am_addr_match: + enable match +am_addr_ok: + bpatch patch0a_5,mem_patch0a + fetch 1,mem_rx_type + icopy type + bmark1 mark_am_addr_broadcast,arqn_bypass /* arqn doesn't make sense */ + fetcht 1,mem_temp_arq + fetch 1,mem_arq + set0 flow,pdata + isolate1 flow,temp + setflag true,flow,pdata + isolate1 arqn,temp + setflag true,arqn,pdata + store 1,mem_arq + isolate0 arqn,temp + branch arqn_bypass,true + call clear_got_tx +arqn_bypass: + bpatch patch0a_6,mem_patch0a + arg 0,temp + call reserve_slot + and type,0xf,pdata + beq type_poll,process_poll + beq type_null,end_of_packet /* null */ + beq type_fhs,process_fhs + fetcht 1,mem_temp_arq + fetch 1,mem_arq + icompare 0x04,temp /* bit 2 is seqn */ + nbranch rx_type_dispatch,true /* different then it's new */ + bmark0 mark_am_addr_broadcast,failed_seqn /* seqn failed, and not broadcast */ + bbit0 bcast1,rx_type_dispatch /* first broadcast never fail seqn */ +failed_seqn: + set1 mark_old_packet,mark +rx_type_dispatch: + bpatch patch0a_7,mem_patch0a + deposit type + beq type_dm1, process_dm1 + beq type_dh1, process_dh1 + beq type_hv3, process_hev + beq type_3dh1, process_3dh1 + arg 4,temp + call reserve_slot + beq type_dm3, process_dm3 + beq type_dh3, process_dh3 + arg 8,temp + call reserve_slot + beq type_dm5, process_dm5 + beq type_dh5, process_dh5 + rtn + + +process_hev: + bpatch patch0b_0,mem_patch0b + enable decode_fec0 + enable enable_crc + enable encrypt + arg mem_sco_ibuf,contw + force 30,loopcnt +process_hev_loop: + parse demod,bucket,8 + rshift3 pwindow,pdata + istore 1,contw + loop process_hev_loop + bmark0 mark_esco,end_of_packet + parse demod,bucket,16 /* cycle through the crc */ + nsetflag crc_failed,mark_esco_rxok,mark + branch error_payload,crc_failed + branch ack_payload + + +process_poll: + branch end_of_packet + +process_dm3: +process_dm5: + set1 mark_longpacket,mark +process_dm1: + enable decode_fec2 + branch process_dmh + +process_dh3: +process_dh5: + set1 mark_longpacket,mark +process_3dh1: + set1 PSK3M,radio_ctrl +process_dh1: + enable decode_fec0 +process_dmh: + bpatch patch0b_1,mem_patch0b + bmark1 mark_rxbuf_inuse,end_of_packet /* buffer in use, nack */ + isolate0 PSK,radio_ctrl + branch process_dmh_noedr,true + disable enable_white + enable decode_fec0 + disable decode_fec2 + add clkn_bt,2,timeup + correlate clkn_bt,meet + nbranch error_payload,sync + set1 mark_longpacket,mark + enable enable_white +process_dmh_noedr: + bpatch patch0b_2,mem_patch0b + enable encrypt + enable enable_crc + parse demod,bucket,3 /* parse in lch+l2cap flow */ + rshift8 pwindow,pdata + store 1,mem_lch_code /* for loopback */ + parse demod,bucket,5 /* parse in 5 bit packetlength */ + bmark1 mark_longpacket,process_dmh_long + rshift3 pwindow,loopcnt + rshift3 loopcnt,loopcnt + branch process_dmh_common +process_dmh_long: + parse demod,bucket,5 /* multi slot packet length of dh3 dh5 dm3 dm5 */ + rshift pwindow,loopcnt + parse demod,bucket,3 /* undefined+bit 9 of length */ +process_dmh_common: + bpatch patch0b_3,mem_patch0b + deposit loopcnt + store 2,mem_len + branch process_dmh_data_end,blank + isub mask3ff,null + branch error_payload,positive /* packet too large, discard */ + bpatch patch0b_4,mem_patch0b + set0 mark_fhs_eir,mark + fetch 1,mem_lch_code + and_into 0x03,pdata + arg mem_rxbuf,contw //lmp_data or test packet + beq LLID_LMP,process_lmp + bmark1 mark_testmode,process_dmh_data + //non-HCI mode + fetch 1,mem_lch_code + and_into 0x03,pdata + beq LLID_L2CAP_START,process_dmh_data_l2cap_start_pkt + beq LLID_L2CAP_CONT,process_dmh_data_l2cap_continue_pkt + branch error_payload + +process_lmp: + fetch 2,mem_len + sub pdata,0x70,null //lmp buffer size + nbranch error_payload,positive + bmark1 mark_old_packet,ack_payload + branch process_dmh_data + + +process_dmh_data_l2cap_start_pkt: + bpatch patch0b_5,mem_patch0b + bmark1 mark_old_packet,ack_payload + fetch 2,mem_len + arg 0x2e0,temp //l2cap buffer size + isub temp,null + branch error_payload,positive + fetch 1,mem_l2cap_rxbuff_inuse + bbit0 L2CAP_INUSE_BUFF1,process_dmh_data_into_buff1 + bbit0 L2CAP_INUSE_BUFF2,process_dmh_data_into_buff2 + branch end_of_packet +process_dmh_data_into_buff1: + jam 1,mem_l2cap_rxbuff_new //new data in buff 1 + fetch 2,mem_l2cap_rxbuff1_len + bne 0,end_of_packet //baseband head error + arg mem_l2cap_rxbuff1,contw + branch process_dmh_data +process_dmh_data_into_buff2: + jam 2,mem_l2cap_rxbuff_new //new data in buff 2 + fetch 2,mem_l2cap_rxbuff2_len + bne 0,end_of_packet + arg mem_l2cap_rxbuff2,contw + branch process_dmh_data + +process_dmh_data_l2cap_continue_pkt: + bpatch patch0b_6,mem_patch0b + bmark1 mark_old_packet,ack_payload + fetch 2,mem_len + arg 0x2e0,temp //l2cap buffer size + isub temp,null + branch error_payload,positive + fetch 1,mem_l2cap_rxbuff_new + beq 1,process_dmh_data_l2cap_continue_pkt1 + beq 2,process_dmh_data_l2cap_continue_pkt2 + branch end_of_packet +process_dmh_data_l2cap_continue_pkt1: + arg mem_l2cap_rxbuff1,contw + fetch 2,mem_l2cap_rxbuff1_len + iadd contw,contw + branch process_dmh_data +process_dmh_data_l2cap_continue_pkt2: + arg mem_l2cap_rxbuff2,contw + fetch 2,mem_l2cap_rxbuff2_len + iadd contw,contw +process_dmh_data: + parse demod,bucket,8 + rshift3 pwindow,pdata + istore 1,contw + loop process_dmh_data +process_dmh_data_end: + bpatch patch0b_7,mem_patch0b + parse demod,bucket,16 /* cycle through the crc */ + branch error_payload_crc,crc_failed + fetch 1,mem_l2cap_flow_ctrl_flag + beq L2CAP_FLOW_CTRL_ENABLE,end_of_packet + bmark1 mark_testmode,process_dmh_cont + bmark1 mark_old_packet,redundant_payload + fetch 1,mem_lch_code + compare 3,pdata,3 + branch process_dmh_cont,true + fetch 2,mem_len + branch process_dmh_cont,blank + bpatch patch0c_0,mem_patch0c + fetch 1,mem_l2cap_rxbuff_new + beq 1,process_l2cap_pass_crc_buff1 + beq 2,process_l2cap_pass_crc_buff2 + branch assert +process_l2cap_pass_crc_buff1: + fetch 2,mem_l2cap_rxbuff1_len + fetcht 2,mem_len + iadd temp,pdata + store 2,mem_l2cap_rxbuff1_len + beq 0,assert + fetcht 2,mem_l2cap_rxbuff1// l2cap payload length + increase 4,temp + isub temp,null + call l2cap_buff1_inuse,zero //l2cap pkts not ended + branch process_dmh_cont +process_l2cap_pass_crc_buff2: + fetch 2,mem_l2cap_rxbuff2_len + fetcht 2,mem_len + iadd temp,pdata + store 2,mem_l2cap_rxbuff2_len + beq 0,assert + fetcht 2,mem_l2cap_rxbuff2// l2cap payload length + add temp,4,temp + isub temp,null + call l2cap_buff2_inuse,zero //l2cap pkts not ended + branch process_dmh_cont +process_dmh_cont: + bpatch patch0c_1,mem_patch0c + fetcht 1,mem_state_map + fetch 1,mem_lch_code + compare 3,pdata,0x03 + setflag true,smap_rxlmp,temp + nsetflag true,smap_rxl2cap,temp + storet 1,mem_state_map + nbranch process_dmh_cont_rxbuf_not_use,true + set1 mark_rxbuf_inuse,mark +process_dmh_cont_rxbuf_not_use: + bmark0 mark_testmode,ack_payload + isolate1 smap_rxlmp,temp + branch ack_payload,true + fetch 2,mem_tst_pktcnt_crc + increase 1,pdata + store 2,mem_tst_pktcnt_crc + set1 mark_loopback,mark + set0 smap_rxl2cap,temp + set0 mark_rxbuf_inuse,mark + storet 1,mem_state_map +ack_payload: + bpatch patch0c_2,mem_patch0c + fetcht 1,mem_temp_arq + fetch 1,mem_arq + set1 arqnx,pdata + isolate1 seqn,temp /* if accept, seqn always copies from the header */ + setflag true,seqn,pdata + isolate1 mark_am_addr_broadcast,mark + setflag true,bcast1,pdata + store 1,mem_arq + fetch 2,mem_len + nbranch end_of_packet,blank + fetch 1,mem_state_map + set0 smap_rxl2cap,pdata//better to do this in l2cap_flow_ctrl_stop + store 1,mem_state_map + fetch 1,mem_lch_code + compare 0x01,pdata,0x07 + //call l2cap_flow_ctrl_stop,true + branch end_of_packet + +error_header: + bpatch patch0c_3,mem_patch0c + disable match + fetch 2,mem_rx_hec_err + increase 1,pdata + store 2,mem_rx_hec_err + branch end_of_packet +error_payload_crc: + fetch 2,mem_rx_crc_err + increase 1,pdata + store 2,mem_rx_crc_err + call discard_pkt + bmark0 mark_testmode,error_payload + set1 mark_loopback,mark +error_payload: + branch end_of_packet + +discard_pkt: + bpatch patch0c_4,mem_patch0c + fetch 1,mem_lch_code + compare 3,pdata,0x03 + nbranch discard_pkt_l2cap,true +discard_pkt_lmp: + fetcht 1,mem_state_map + set0 smap_rxlmp,temp + storet 1,mem_state_map + rtn +discard_pkt_l2cap: +// isolate1 mark_testmode,mark +// setflag true,mark_loopback,mark + fetcht 1,mem_state_map + set0 smap_rxl2cap,temp + storet 1,mem_state_map + rtn + +redundant_payload: + fetch 1,mem_arq + set1 arqnx,pdata + store 1,mem_arq +end_of_packet: + bpatch patch0c_5,mem_patch0c + disable encode_fec0 + disable encode_fec2 + disable decode_fec0 + disable decode_fec2 + disable enable_crc + disable encrypt + disable enable_white + branch shutdown_radio,is_rx + until null,tx_clear + nop 100 /* flush out the last bit */ + branch shutdown_radio + +process_fhs: + bpatch patch0c_6,mem_patch0c + enable enable_crc + enable decode_fec2 + parse demod,bucket,72 + isolate1 58,pdata + setflag true,mark_fhs_eir,mark + copy bt_adr,temp /* save current address to aside */ + ialigned bt_adr /* send it to access gen */ + ialigned fhs0 /* get fhs_misc */ + pulse recalc /* calc the lap just received from the other guy */ + setsect 2,0xfffff /* preset ms of shift reg as big mask */ + setsect 3,0x0ffff /* preset ms of shift reg as big mask */ + nop 32 /* 30 cycles after recalc */ + iverify fhs_parity /* check fhs_parity against ls 34 bits at shift reg, with msb 36 bits as mask */ + deposit lap + store 3,extm_lap + deposit uap + store 1,extm_uap + copy temp,bt_adr /* put the address back */ + branch fhs_parity_ok,true /* fhs parity failed */ + branch error_payload +fhs_parity_ok: + bpatch patch0c_7,mem_patch0c + parse demod,bucket,72 + ialigned fhs1 /* give host the information on class and fhs_misc */ + ialigned am_addr /* store the am_addr the master assigned us */ + ialigned nap + ialigned regb /* store external clock in regb according to clock format */ + force 0,pdata + parse demod,bucket,16 /* cycle through the crc */ + branch error_payload,crc_failed + setarg 0x0ffffffc + iand regb,pdata + store 4,mem_clke_bt + deposit fhs_class + store 3,extm_class + deposit fhs_misc + store 1,extm_fhs_misc + deposit am_addr + store 1,extm_newconn_am_addr + deposit nap + store 2,extm_nap + deposit bt_clk + inject rxf,32 + compare type_fhs,type,0x0f /* see if this was fhs packet */ + setflag true,mark_fhs_already_good,mark + branch end_of_packet + +clear_got_tx: + bpatch patch0d_0,mem_patch0d + fetch 1,mem_arq + rtnbit0 wack + set0 wack,pdata + setflip seqnx,pdata + store 1,mem_arq + fetch 1,mem_last_type + beq type_lmp,clear_got_txlmp + rtneq type_hv3 + fetch 1,mem_op + rtnbit0 op_txl2cap,pdata + set0 op_txl2cap,pdata + set1 op_pkt_comp,pdata + store 1,mem_op + set0 mark_tx_l2cap,mark + fetch 2,mem_l2cap_tx_multi_offset + nrtn blank + fetch 1,mem_op + set0 op_pkt_comp,pdata + store 1,mem_op + branch l2cap_malloc_free + +clear_got_txlmp: + bpatch patch0d_1,mem_patch0d + fetch 1,mem_lmo_header_opcode + rshift pdata,pdata + beq LMP_START_ENCRYPTION_REQ,start_encryption + beq LMP_STOP_ENCRYPTION_REQ,stop_encryption + beq LMP_UNSNIFF_REQ, sniff_exit + beq LMP_ESCAPE,clear_lmp_escape + rtnne LMP_ACCEPTED + fetch 1,mem_lmo_payload + beq LMP_SCO_LINK_REQ,sco_link_req_by_slave + beq LMP_START_ENCRYPTION_REQ,clear_send_setup_complete + rtn + +clear_lmp_escape: + fetch 1,mem_lmo_payload + set1 7,pdata + rtn +clear_send_setup_complete: + rtn master + fetch 1,mem_state + rtnbit1 state_conn_comp + jam LMP_SETUP_COMPLETE,mem_lmo_opcode2 + rtn + +// nokia BH-105 CALLING when reconnection +sco_link_req_by_slave: + rtn master + fetch 1,mem_mode + isolate1 send_sco_when_slave,pdata + branch clean_mem_mode,true + //jam LMP_REMOVE_SCO_LINK_REQ,mem_lmo_opcode2 + rtn +clean_mem_mode: + set0 send_sco_when_slave,pdata + store 1,mem_mode + rtn + +start_encryption: + bpatch patch0d_2,mem_patch0d + fetch 1,mem_state_map + set1 smap_encryption,pdata + store 1,mem_state_map + hjam 1,core_encrypt + fetch 1,mem_state + isolate1 state_conn_comp,pdata + rtn + +stop_encryption: + bpatch patch0d_3,mem_patch0d + fetch 1,mem_state_map + set0 smap_encryption,pdata + store 1,mem_state_map + hjam 0,core_encrypt + rtn + + +sniff_init: + bpatch patch0d_4,mem_patch0d + copy clkn_bt,pdata + store 4,mem_lpm_delay_after_sniff + add clkn_bt,3,rega + branch sniff_init_master,master + add clke_bt,3,rega +sniff_init_master: + fetcht 2,mem_tsniff + deposit rega + set0 27,pdata + idiv temp + fetch 2,mem_dsniff + call wait_div_end + remainder regc + isub regc,pdata + branch sniff_init_nowrap,positive + iadd temp,pdata +sniff_init_nowrap: + iadd rega,pdata + store 4,mem_sniff_anchor + jam SWITCH_FLAG_INIT,mem_switch_flag + fetch 1,mem_state + set1 state_insniff,pdata + store 1,mem_state + fetch 1,mem_sniff_attempt + store 1,mem_current_sniff_attempt + setarg 0 + store 3,mem_sniff_rcv + store 3,mem_sniff_lost + store 1,mem_sniff_unint_lost + jam BT_EVT_ENTER_SNIFF,mem_fifo_temp + call ui_ipc_send_event + fetch 2,mem_rx_window_sniff + store 2,mem_rx_window + nrtn master + add am_addr,-1,queue + rtn + +sniff_exit: + bpatch patch0d_5,mem_patch0d + fetch 1,mem_state + rtnbit0 state_insniff + set0 state_insniff,pdata + store 1,mem_state + fetch 2,mem_rx_window_init + store 2,mem_rx_window + disable wake + jam BT_EVT_EXIT_SNIFF,mem_fifo_temp + branch ui_ipc_send_event + + +check_attempt: + bpatch patch0d_6,mem_patch0d + enable attempt + fetch 1,mem_state + bbit1 state_insniff,check_attempt_sniff + rtnmark1 mark_testmode /* pdata won't be blank now, try attempt */ + fetch 1,mem_arq + rtnbit1 wack + fetch 1,mem_lmp_to_send + nrtn blank + fetch 1,mem_op + rtnbit1 op_txl2cap +check_attempt_nomore: + force 0,pdata + rtn + +check_attempt_sniff: + bbit0 state_insco,check_attempt_not_sco + fetch 1,mem_current_sniff_attempt + beq 2,check_attempt_sniff_restore_sco + fetch 1,mem_arq + bbit1 wack,check_attempt_notimeout + bmark0 mark_esco_rxok,check_attempt_notimeout +check_attempt_sniff_restore_sco: + nbranch check_attempt_notimeout,master + fetch 1,mem_lmp_to_send + nbranch check_attempt_notimeout,blank +check_attempt_sco_master: + fetch 1,mem_sco_poll + increase -1,pdata + store 1,mem_sco_poll + nbranch check_attempt_nomore,blank + jam param_sco_poll,mem_sco_poll + branch check_attempt_notimeout + + + + + + +check_attempt_not_sco: + fetch 1,mem_current_sniff_attempt + bne 1,check_attempt_notimeout + fetch 1,mem_current_sniff_timeout + branch check_attempt_notimeout,blank + increase -1,pdata + store 1,mem_current_sniff_timeout + fetch 1,mem_arq + rtnbit1 wack // waiting for next ack + nrtn match // waiting for next poll +check_attempt_notimeout: + fetch 1,mem_current_sniff_attempt + increase -1,pdata + store 1,mem_current_sniff_attempt + rtn + + + + + + + + + + /* enable user if sniff window vialation, queue is extra overhead */ +sniff_check_window: + bpatch patch0d_7,mem_patch0d + disable swfine + copy temp,stop_watch + call context_search_sniff_window + disable user + nrtn zero + force 0,stop_watch + enable user + rtn + + //return true if it is esco context +check_esco_amaddr: + fetch 1,mem_esco_addr + icompare 0xff,am_addr + rtn + + +parse_l2cap: + bpatch patch0e_0,mem_patch0e + set0 mark_rxbuf_inuse,mark +parse_l2cap_cont: + jam L2CAP_RX_CLEAR,mem_l2cap_rx_done + fetch 1,mem_l2cap_rxbuff_inuse + rtn blank + isolate1 L2CAP_INUSE_BUFF1,pdata + arg mem_l2cap_rxbuff1,contr + call process_rx_l2cap_pkt,true + bpatch patch0e_1,mem_patch0e + fetch 1,mem_l2cap_rx_done + beq L2CAP_RX_DONE,parse_l2cap_release_buff1 + + jam L2CAP_RX_CLEAR,mem_l2cap_rx_done + fetch 1,mem_l2cap_rxbuff_inuse + rtnbit0 L2CAP_INUSE_BUFF2 + arg mem_l2cap_rxbuff2,contr + call process_rx_l2cap_pkt + fetch 1,mem_l2cap_rx_done + beq L2CAP_RX_DONE,parse_l2cap_release_buff2 + rtn + +parse_l2cap_release_buff1: + fetch 1,mem_l2cap_rxbuff_inuse + set0 L2CAP_INUSE_BUFF1,pdata + store 1,mem_l2cap_rxbuff_inuse + setarg 0 + store 2,mem_l2cap_rxbuff1_len + rtn +parse_l2cap_release_buff2: + fetch 1,mem_l2cap_rxbuff_inuse + set0 L2CAP_INUSE_BUFF2,pdata + store 1,mem_l2cap_rxbuff_inuse + setarg 0 + store 2,mem_l2cap_rxbuff2_len + rtn + +l2cap_buff1_inuse: + fetch 1,mem_l2cap_rxbuff_inuse + set1 L2CAP_INUSE_BUFF1,pdata + store 1,mem_l2cap_rxbuff_inuse + rtn + +l2cap_buff2_inuse: + fetch 1,mem_l2cap_rxbuff_inuse + set1 L2CAP_INUSE_BUFF2,pdata + store 1,mem_l2cap_rxbuff_inuse + rtn + +/******************************************/ +/********** Transmit Packet *************/ +/******************************************/ + +slave_send_access: + bpatch patch0e_2,mem_patch0e + add clke_bt,1,bt_clk /* slave start to use native clock */ + call fetch_extm_bt_adr + force 0x03,freq_mode /* connection frequency */ + call tx_radio_freq + call start_transmitter + call start_tx_external + branch send_access_word + + +slave_conn_send_packet: + bpatch patch0e_3,mem_patch0e + call rf_setup_time_slave_slot + deposit clke_bt + fetcht 4,mem_next_btclk + isub temp,pdata + rtnne 1 /* missed slave slot */ + compare type_null,type,0x1f + nbranch slave_conn_send_access,true + fetch 1,mem_rx_type + rtn blank /* null packet, do nothing */ +slave_conn_send_access: + call slave_send_access +transmit_packet: + compare type_id,type,0x1f /* is this id only ? */ + branch end_of_packet,true + rshift bt_clk,temp + or temp,0x40,white_init +transmit_packet_whitened: + bpatch patch0e_4,mem_patch0e + enable enable_white + enable enable_hec + enable encode_fec1 + set0 mark_longpacket,mark + deposit am_addr + inject mod,3 /* am_addr, temp is disabled */ + deposit type + inject mod,4 + fetch 1,mem_arq /* aka mem_arq */ + inject bucket,4 /* align up to flowx, arqnx, seqnx */ + inject mod,3 + enable enable_parity + inject mod,8 /* transmit parity */ + disable encode_fec1 + disable enable_parity + disable enable_hec + set0 PSK3M,radio_ctrl + arg 0,temp + call reserve_slot + bpatch patch0e_5,mem_patch0e + and type,0x1f,pdata + beq type_lmp, transmit_lmp + beq type_null, end_of_packet + beq type_poll, end_of_packet + beq type_fhs, transmit_fhs /* master mode fhs need got_tx and ack */ + beq type_dm1, transmit_dm1 + beq type_dh1, transmit_dh1 + beq type_hv3, transmit_hev + beq type_3dh1, transmit_3dh1 + arg 4,temp + call reserve_slot + beq type_dm3, transmit_dm3 + beq type_dh3, transmit_dh3 + arg 8,temp + call reserve_slot + beq type_dh5, transmit_dh5 + branch transmit_dm5 /* must be 14, dm5 */ + + +transmit_hev: + bpatch patch0e_6,mem_patch0e + enable encode_fec0 + enable enable_crc + enable encrypt + force 30,loopcnt + arg mem_sco_obuf,contr +transmit_ev_loop: + ifetch 1,contr + inject mod,8 + loop transmit_ev_loop + bmark1 mark_esco,transmit_end + branch end_of_packet + +transmit_fhs: + bpatch patch0e_7,mem_patch0e + fetch 1,mem_fhs_am_addr /* this is the am_addr to assign to slave */ + icopy am_addr + fetch 1,mem_fhs_misc + icopy fhs_misc /* [7:6]SR [5:4]SP [3:1]PS [0]undef */ + fetch 3,mem_class /* store away class */ + icopy fhs_class + fetch 2,mem_nap + icopy nap + enable enable_crc + enable encode_fec2 + copy bt_adr,rega + call fetch_self_bt_adr + pulse recalc + nop 32 /* 30 cycles after recalc for sync word generation */ + copy bt_clk,timeup + fetch 4,mem_clkn_bt + icopy bt_clk + preload fhs0 + set1 58,pdata /* eir */ + inject mod,72 + preload fhs1 + inject mod,72 + copy timeup,bt_clk + copy rega,bt_adr + enable enable_parity + inject mod,16 /* generate CRC */ + disable enable_parity + branch end_of_packet + +transmit_lmp: /* expect the payload ready as in bb spec */ + bpatch patch0f_0,mem_patch0f + enable encrypt + enable enable_crc + enable encode_fec2 + fetch 1,mem_lmo_header_length /* this is the payload header */ + and pdata,0x1f8,temp /* temp is number of bits, check payload header format */ + arg mem_lmo_header_length,contr + increase 8,temp /* temp is in bits */ +transmit_lmp_loop: + add temp,-72,regc /* regc is remainder */ + nbranch transmit_lmp_finish,positive + ifetch 9,contr + inject mod,72 + copy regc,temp + branch transmit_lmp_loop +transmit_lmp_finish: + ifetch 9,contr + iinject mod,temp + branch transmit_end + +transmit_dm1: + enable encode_fec2 + branch transmit_dmh +transmit_dm3: +transmit_dm5: + enable encode_fec2 + set1 mark_longpacket,mark + branch transmit_dmh + +transmit_3dh1: + set1 PSK3M,radio_ctrl +transmit_dh1: + enable encode_fec0 + branch transmit_dmh + +transmit_dh3: +transmit_dh5: + set1 PSK3M,radio_ctrl + enable encode_fec0 + set1 mark_longpacket,mark + +transmit_dmh: + bpatch patch0f_1,mem_patch0f + fetch 1,mem_state_map + bbit0 smap_edr,transmit_noedr + sub type,3,null + branch transmit_noedr,positive + disable encrypt + disable encode_fec2 + enable encode_fec0 + disable enable_white + set1 PSK,radio_ctrl + isolate1 PSK3M,radio_ctrl + branch transmit_edr3m,true + setarg 0xabeee + inject mod,20 + branch transmit_edr_sync_end +transmit_edr3m: + setarg 0x5faeba + inject mod,24 + setarg 0x12 + inject mod,6 +transmit_edr_sync_end: + enable enable_white + set1 mark_longpacket,mark +transmit_noedr: + enable encrypt + enable enable_crc + bmark1 mark_loopback,transmit_loopback + fetch 1,mem_tx_lch + inject mod,3 + fetch 2,mem_tx_len + iforce loopcnt + bmark1 mark_longpacket,transmit_long + inject mod,5 + branch transmit_stuff +transmit_long: + inject mod,13 +transmit_stuff: + deposit loopcnt + branch transmit_end,blank + fetch 2,mem_txptr + iforce contr +transmit_stuff_loop: + ifetch 1,contr + inject mod,8 + loop transmit_stuff_loop +// branch transmit_end + +transmit_end: + enable enable_parity + inject mod,16 + disable enable_parity + call set_wait_ack + fetch 1,mem_state_map + bbit0 smap_edr,end_of_packet + force 0,pdata + inject mod,6 /* edr trailer */ + branch end_of_packet + + +transmit_loopback: + bpatch patch0f_2,mem_patch0f + bmark1 mark_longpacket,transmit_loopback_long +transmit_loopback_short: + fetch 1,mem_lch_code + inject mod,3 /* LLID and FLOW */ + fetch 1,mem_len /* take packet length */ + iforce regc + inject mod,5 + branch transmit_loopback_cont +transmit_loopback_long: + fetch 1,mem_lch_code + inject mod,3 /* LLID and FLOW */ + fetch 2,mem_len /* take packet length */ + iforce regc + inject mod,13 +transmit_loopback_cont: + arg mem_rxbuf,contr +transmit_loopback_loop: + copy regc,null + branch transmit_loopback_end,zero + ifetch 1,contr + inject mod,8 + increase -1,regc + branch transmit_loopback_loop +transmit_loopback_end: + fetch 2,mem_tst_pktcnt_dmh + increase 1,pdata + store 2,mem_tst_pktcnt_dmh + branch transmit_end + + +apply_switch_clke: + fetch 4,mem_clke_bt + add pdata,7,rega + fetch 2,mem_slot_offset + nbranch apply_switch_nozero,blank + increase -3,rega + branch apply_switch_wait_loop +apply_switch_nozero: + mul32 pdata,12,pdata + fetcht 2,core_rthalfslot + increase 1,temp +apply_switch_loop: + isub temp,pdata + nbranch apply_switch_bt,positive + increase -1,rega + branch apply_switch_loop +apply_switch_bt: + sub pdata,0,pdata +apply_switch_wait_loop: + until null,oneslot + compare 0,clkn_bt,3 + nbranch apply_switch_wait_loop,true + iforce clke_rt + copy rega,clke_bt + iforce clke_rt + rtn + + +calc_slot_offset: + bpatch patch0f_3,mem_patch0f + until null,halfslot + deposit clke + iforce contr + rshift16,pdata,pdata + isub clkn_bt,loopcnt + and_into 3,loopcnt /* bt portion */ + nbranch calc_bt_portion,zero + force 0,pdata + branch calc_skip_bt +calc_bt_portion: + arg 3750,temp + force 0,pdata +calc_slot_offset_loop: + iadd temp,pdata + loop calc_slot_offset_loop +calc_skip_bt: + iadd contr,pdata /* add rt portion */ + div pdata,12 + call wait_div_end + quotient pdata + store 2,mem_slot_offset + rtn + +calc_clke_offset: + bpatch patch0f_4,mem_patch0f + deposit clke + copy clkn,temp + isub temp,null + nsetflag positive,44,pdata + isub temp,temp + setarg 3750 + isolate0 15,temp + branch calc_clke_pos,true + setarg -61786 + iadd temp,temp +calc_clke_pos: + storet 6,mem_le_clk_offset + rtn le + storet 6,mem_clk_offset + rtn + +calc_clke: + disable clknt + fetch 6,mem_le_clk_offset + branch calc_clke2,le + fetch 6,mem_clk_offset +calc_clke2: + iadd clkn,alarm + increase 10,alarm + setarg 3750 + isub alarm,pdata + isolate0 15,pdata + branch calc_clke_pos_adj,true + setarg 0xf15a + iadd alarm,alarm +calc_clke_pos2: + copy alarm,clke + rtn +calc_clke_pos_adj: /* add 2 clock */ + force 0,null + branch calc_clke_pos2 + +/******************************************/ +/********* RF related functions ***********/ +/******************************************/ + + +calc_radio_freq: + bpatch patch0f_5,mem_patch0f + call set_sync_on + copy bt_clk,pdata + and_into 0x180,pdata + compare 3,freq_mode,0x07 + nbranch freq_not_connection,true /* don't do the hack if not in connection */ + rshift3 pdata,pdata + iadd freq_index,pdata + branch do_hop_mod_now +freq_not_connection: + copy freq_index,pdata +do_hop_mod_now: + div pdata,79 + pulse recalc /* now is good time to recalc id */ + call wait_div_end + remainder rega + add rega,-40,temp + branch odd_half,positive + lshift rega,temp + branch freq_result +odd_half: + lshift temp,temp + increase 1,temp +freq_result: + bpatch patch0f_6,mem_patch0f + fetch 1,mem_mode + bbit0 afh_change,afh_process_con +afh_process_0: + fetch 4, mem_afh_instant + isub bt_clk, null + branch afh_process_con,positive + call afh_clear + fetch 1,mem_afh_new_mod + rtn blank + fetch 1,mem_mode + set1 afh_enable,pdata + store 1,mem_mode + fetch 5,mem_afh_map_new + store 5,mem_afh_map_lo + ifetch 5,contr + store 5,mem_afh_map_hi + call afh_process_freq_map +afh_process_con: + fetch 1,mem_mode + rtnbit0 afh_enable + isolate1 1,bt_clk + branch afh_same_channel,true /* at odd slot, use the same as last even */ + rshift3 temp,rega + and temp,7,queue + setarg mem_afh_map_lo + iadd rega, rega + ifetch 1, rega + qisolate0 pdata + branch afh_process_1,true /* not in map, do afh */ + deposit temp + branch afh_process_end +afh_process_1: + fetch 1, mem_afh_used + iforce regb + deposit bt_clk + and_into 0x180, pdata + rshift3 pdata,pdata + iadd freq_index,pdata + idiv regb + setarg mem_afh_map + call wait_div_end + remainder rega + iadd rega,contr + ifetch 1,contr +afh_process_end: + store 1,mem_afh_index + iforce temp + rtn + +afh_same_channel: + fetch 1, mem_afh_index /* last afh index */ + iforce temp + rtn + +afh_clear: + fetch 1,mem_mode + set0 afh_enable,pdata + set0 afh_change,pdata + store 1,mem_mode + rtn +/* +fixed_frequency: + fetcht 1,mem_fixed_freq + rtn +*/ +afh_process_freq_map: + bpatch patch0f_7,mem_patch0f + arg mem_afh_map,contw + force 10,loopcnt + call memset0 + arg mem_afh_map,contw + force 0,regC + force 2,queue +process_freq_3: + fetch 5,mem_afh_map_lo + iforce temp + compare 2,queue,0xff + branch process_freq_1,true + rshift temp,temp +process_freq_1: + isolate0 0,temp + branch process_freq_0,true + deposit regC + istore 1,contw +process_freq_0: + rshift2 temp,temp + increase 2,regC + compare 40,regC,0xfe + nbranch process_freq_2,true + fetch 5,mem_afh_map_hi + iforce temp + compare 2,queue,0xff + branch process_freq_2,true + rshift temp,temp +process_freq_2: + sub regC,78,null + branch process_freq_1,positive + force 1,regC + increase -1,queue + nbranch process_freq_3,zero + arg mem_afh_map,rega + deposit contw + isub rega,pdata + store 1,mem_afh_used + rtn + +rx_radio_freq: + bpatch patch10_0,mem_patch10 + call calc_radio_freq + fetch 1,mem_debug_config + bbit0 debug_rx_fixed_freq,rx_radio_freq_now + fetcht 1,mem_rx_fixed_freq +rx_radio_freq_now: + branch set_freq_rx + + +tx_radio_freq: + bpatch patch10_1,mem_patch10 + call calc_radio_freq + fetch 1,mem_debug_config + bbit0 debug_tx_fixed_freq,tx_radio_freq_now + fetcht 1,mem_tx_fixed_freq +tx_radio_freq_now: + branch set_freq_tx + + +fetch_giac: + force 0,uap + fetch 3,mem_glap + iforce lap + rtn + +fetch_page_bt_adr: + bpatch patch10_2,mem_patch10 + fetch 1,mem_hci_puap + icopy uap + fetch 3,mem_hci_plap + icopy lap + rtn + +fetch_self_bt_adr: + bpatch patch10_3,mem_patch10 + fetch 2,mem_nap + icopy nap + fetch 1,mem_uap + icopy uap + fetch 3,mem_lap + icopy lap /* copy self_adr,bt_adr */ /* use own address */ + rtn + +fetch_extm_bt_adr: + bpatch patch10_4,mem_patch10 + fetch 2,mem_pnap + icopy nap + fetch 1,mem_puap + icopy uap + fetch 3,mem_plap + icopy lap + rtn + + +fetch_diac: + bmark1 mark_all_diac,fetch_diac_do + rtnmark0 mark_inquiry_state + rtnmark0 mark_periodical_diac +fetch_diac_do: + and_into -256,lap + pulse recalc + nop 32 + rtn + + +shutdown_radio: + bpatch patch10_5,mem_patch10 + branch shutdown_radio0,is_rx + hjam 0xd4, 0x955 + nop 4 + hjam 0xd2, 0x955 + nop 4 + hjam 0xd1, 0x955 + nop 4 + fetch 1,mem_tx_power + beq TX_POWER_0DB,shutdown_radio_0db + beq TX_POWER_3DB,shutdown_radio_3db + beq TX_POWER_5DB,shutdown_radio_5db + beq TX_POWER_f3DB,shutdown_radio_f3db + beq TX_POWER_f5DB,shutdown_radio_f5db + beq TX_POWER_PAIR,shutdown_radio_pair +shutdown_radio_5db: +shutdown_radio_0db: + hjam 0xd0, 0x955 + hjam 0xe0, 0x956 +shutdown_radio0: + force 0x08,radio_ctrl + force 0,radio_ctrl + disable is_rx + disable is_tx + pulse packet_end + hjam 0x0,rfen_mdm + hjam 0x0,rfen_tx + hjam 0x0,rfen_rx + hjam 0,rfen_sn + hjam 0x70,rfen_msc + hjam 0x0,rfen_adc + rtn + +shutdown_radio_pair: +shutdown_radio_f5db: +shutdown_radio_f3db: +shutdown_radio_3db: + hjam 0xd0,0x955 + hjam 0xc0,0x956 + branch shutdown_radio0 + +set_sync_on: + bpatch patch10_6,mem_patch10 + hjam 0x0,rfen_mdm /* if called from tx or rx */ + hjam 0x0,rfen_tx + hjam 0x18,rfen_rx + hjam 0xa7,rfen_sn + hjam 0x7f,rfen_msc + rtn + +set_freq_rx: + bpatch patch10_7,mem_patch10 + /* IF is +2MHz */ + storet 1,mem_last_freq + add temp,rx_freq_offset,rega /* index to frequency */ + hjam 0x07,0x96d /*Max added, for best sensitivity*/ + branch rf_write_freq +rf_rx_enable: + bpatch patch11_0,mem_patch11 + hjam 0xcf,rfen_tx + nop 10 /* wait adc clk48 ready */ + hjam 0xff,rfen_rx + hjam 0xaf,rfen_sn + hjam 0xff,rfen_msc + nop 10 + hjam 0xa0,rfen_mdm + rtn + +set_freq_tx_offset: + fetch 1,mem_250k_freq_enable //default: 0 + branch set_freq_tx_2M_offset,blank +set_freq_tx_0M_offset: + add temp,2,rega //250k + rtn +set_freq_tx_2M_offset: + add temp,0,rega // bt 2M Medium Frequency + rtn + +set_freq_tx: + bpatch patch11_1,mem_patch11 + storet 1,mem_last_freq + call set_freq_tx_offset + call rf_write_freq + setarg param_pll_setup + call sleep +txon: + hjam 0x1,rfen_adc + hjam 0x3c,rfen_rx + hjam 0xe0,rfen_tx + hjam 0x12,0x96d + nop 10 + hjam 0x01,rfen_mdm + hjam 0x3d,rfen_mdm + nop 10 + hjam 0xb7,rfen_sn + nop 10 + hjam 0x7f, rfen_mdm + fetch 1,mem_tx_power + beq TX_POWER_0DB,set_tx_power_0db + beq TX_POWER_3DB,set_tx_power_3db + beq TX_POWER_5DB,set_tx_power_5db + beq TX_POWER_f3DB,set_tx_power_f3db + beq TX_POWER_f5DB,set_tx_power_f5db + beq TX_POWER_PAIR,set_tx_power_pair +set_tx_power_0db: + hjam 0xf0,0x956 + call txon_common + hjam 0xd8,0x955 + rtn + +set_tx_power_3db: + hjam 0xdf,0x956 + call txon_common + hjam 0xdf,0x955 + rtn + +set_tx_power_5db: + hjam 0xff,0x956 + call txon_common + hjam 0xdf,0x955 + rtn +set_tx_power_f3db: + hjam 0xce,0x956 + call txon_common + hjam 0xd8,0x955 + rtn + +set_tx_power_f5db: + hjam 0xcb,0x956 + call txon_common + hjam 0xd8,0x955 + rtn + +set_tx_power_pair: + hjam 0xd0,0x955 + hjam 0xc0,0x956 + hjam 0x4c,0x957 + hjam 0x6c,0x958 + hjam 0x50,0x959 + rtn + +txon_common: + nop 4 + hjam 0xd1,0x955 + nop 4 + hjam 0xd2,0x955 + nop 4 + hjam 0xd4,0x955 + nop 4 + rtn + + +initialize_radio: + hjam clksel_rc,core_clksel + ncall wake_up_m0,wake +initialize_radio_wait: + fetch 2,mem_rf_init_ptr + bbit0 14,initialize_radio_wait + iforce contr + arg 0x8900,temp +initialize_radio_loop: + ifetch 1,contr + beq 0xff,initialize_radio_cont + ior temp,contw + ifetch 1,contr + istore 1,contw + branch initialize_radio_loop +initialize_radio_cont: + bpatch patch11_2,mem_patch11 + call lpm_cal_xtal_startup + call switchto_dpllclk +// ncall check_dpll,wake + setarg param_dpll_start_delay + iadd clkn_bt,pdata + store 4,mem_dpll_clkn + set1 RESET,radio_ctrl + force 0,radio_ctrl + ncall do_rccal,wake + branch set_rccal + + /* rega is frequency, 00=2400Mhz */ +rf_write_freq: + bpatch patch11_3,mem_patch11 + setarg 2400 + iadd rega,temp + fetch 1,mem_fcomp_mul + hjam 0x04,rf_pll_rstn + imul32 temp,pdata + fetcht 1,mem_fcomp_div + idiv temp + call wait_div_end + quotient rega /* rega is FLOOR(FVCO/fcomp) */ + remainder pdata + lshift16 pdata,pdata + lshift4 pdata,pdata /* pdata is frac * 2^20 */ + idiv temp + call wait_div_end + quotient pdata /* pdata is frac *2^20/fcomp */ + lshift8 pdata,pdata + lshift pdata,pdata + ior rega,pdata + hstore 4,rf_pll_intg + hjam 0x44,rf_pll_rstn + hjam 0xc4,rf_pll_rstn + rtn + + +do_rccal: + bpatch patch11_4,mem_patch11 + hjam 0x02,rfen_adc + setarg 250000 + call sleep /* wait clkpll&xtal stable */ + hjam 0x7f,rfen_rx + nop 130 + hjam 0x30,rf_rccal_ctrl + hjam 0xd0,rfen_tx + hjam 0x70,rf_rccal_ctrl + hjam 0xf0,rf_rccal_ctrl + force 50,loopcnt +do_rccal_loop: + hfetch 1,rf_rccal_result + bbit1 5,do_rccal_end + loop do_rccal_loop +do_rccal_end: + store 1,mem_rf_rccal + hjam 0,rfen_tx + hjam 0,rfen_rx + hjam 0x00,rfen_adc + rtn + +set_rccal: + bpatch patch11_5,mem_patch11 + fetch 1,mem_rf_rccal + set1 5,pdata + hstore 1,rf_rccal_ctrl + hfetcht 1,rf_bpf_ctrim + and_into 7,temp + lshift3 pdata,pdata + ior temp,pdata + hstore 1,rf_bpf_ctrim + hfetch 1,rf_bpf_ib + set0 bpf_rccal,pdata + hstore 1,rf_bpf_ib + hfetch 1,rf_adc_rccal + set0 adc_rccal,pdata + hstore 1,rf_adc_rccal + rtn + +save_rssi: + bpatch patch11_6,mem_patch11 + hfetch 2,rf_afc_d2a + rshift4 pdata,pdata + rshift3 pdata,pdata + sub pdata,0,pdata + and_into 0xff,pdata + div pdata,10 + call wait_div_end + quotient pdata + lshift4 pdata,pdata + remainder temp + ior temp,pdata + store 1,mem_rssi /* bcd value */ + rtn + + +switchto_dpllclk: + hjam clksel_rc,core_clksel + hfetch 1,rf_clkpll_frac+2 + set0 4,pdata + set0 5,pdata + hstore 1,rf_clkpll_frac+2 + hjam 0x00,rfen_ck + hjam 0x00,rfen_msc + hjam 0x70,rfen_msc + hjam 0xff,rfen_ck + hfetch 1,rf_clkpll_frac+2 + set1 4,pdata + set1 5,pdata + hstore 1,rf_clkpll_frac+2 + call init_lpm_ctrl + hfetch 1,rf_clkpll_int + set1 7,pdata + hstore 1,rf_clkpll_int + set0 7,pdata + hstore 1,rf_clkpll_int + set1 7,pdata + hstore 1,rf_clkpll_int + hjam clksel_dpll,core_clksel + nop 1 + hjam clksel_xtal,core_clksel + hfetch 1,rf_clkpll_frac+2 + and_into 0xcf,pdata + hstore 1,rf_clkpll_frac+2 + or_into 0x30,pdata + hstore 1,rf_clkpll_frac+2 + rtn + + +xtal_fast_wake: + setarg 0xf0f + branch lpm_write_config + +init_lpm_ctrl: + setarg 0x80f + branch lpm_write_config + + + +start_receiver: + bpatch patch11_7,mem_patch11 + call rf_rx_enable + disable is_tx + enable is_rx + pulse init_encrypt + rtn + +prep_crypt: + bpatch patch12_0,mem_patch12 + fetch 1,mem_state_map + isolate1 smap_encryption,pdata + setflag true,0,pdata + hstore 1,core_encrypt + arg mem_kc,contr + ifetch 9,contr + iforce kc_ls + ifetch 7,contr + iforce kc_ms + fetch 1,mem_key_size + add pdata,-1,g1l + pulse kc_p_activate /* immediately start calculating primary Key */ + rtn + +wait_access_end: + deposit clke + store 6,mem_sync_clke + disable decode_fec0 + nbranch shutdown_radio,sync + arg param_clke_cal,clke_rt + increase 1,clke_bt + and_into 0x1fc,clke_bt + rtn + + + +wait_access_mhalfbnd: + enable decode_fec0 +wait_access_mhalfbnd_correlate: + correlate null,mhalfbnd /* keep correlating until sync is found, or clke half */ + branch wait_access_end,sync + compare 0x02,clke_bt,0x02 + nbranch wait_access_mhalfbnd_correlate,true + branch wait_access_end + +wait_access_clkn_rt: + bpatch patch12_1,mem_patch12 + arg param_conn_access,timeup /* found sync must occur within this time */ + enable decode_fec0 + correlate clkn_rt,meet /* keep correlating until sync is found, or until clkn_rt timeup */ + disable decode_fec0 + nbranch shutdown_radio,sync + rtn + +wait_access_forever: + bpatch patch12_2,mem_patch12 + enable decode_fec0 + correlate null,timeout /* keep correlating until sync is found, or timeout */ + disable decode_fec0 + nbranch shutdown_radio,sync + arg param_clke_cal,clke_rt + and_into 0x1fc,clke_bt + rtn + + /* reserve slots for mult-slot packet */ +reserve_slot: + bpatch patch12_3,mem_patch12 + iforce rega + deposit bt_clk + iadd temp,timeup + copy timeup,pdata + store 4,mem_next_btclk + deposit rega + rtn + + /* pdata = clks ahead of bt_clk */ +ahead_window: + copy pdata,temp + bpatch patch12_4,mem_patch12 + copy temp,pdata + call clk2bt + lshift16 bt_clk,pdata + set1 44,pdata + call clk_diff + set0 44,pdata + call get_clk + call clk_diff + rtn user + call clk2rt + iforce stop_watch + until null,timeout + rtn + + +setup_clk: + bpatch patch12_5,mem_patch12 + branch setup_clkn,clknt + until clke_rt,meet +skip_setup_clke: + copy clke_bt,temp + branch setup_clknbt +setup_clkn: + branch skip_setup_clkn,attempt + until clkn_rt,meet +skip_setup_clkn: + copy clkn_bt,temp +setup_clknbt: + branch setup_clk11,user + compare 1,temp,3 + nbranch setup_clk,true +setup_complete: + bpatch patch12_6,mem_patch12 + fetch 1,mem_state + rtnbit0 state_inconn + fetch 4,mem_next_btclk + isub temp,pdata + nrtn positive + sub pdata,0xff,null + branch setup_clk,positive + rtn +setup_clk11: + compare 3,temp,3 + nbranch setup_clk,true + branch setup_complete + +rf_setup_time: + bpatch patch12_7,mem_patch12 + arg param_rf_setup,timeup + branch setup_clk + +rf_setup_time_slave_slot: + disable user + branch rf_setup_time + +rf_setup_time_master_slot: + enable user + branch rf_setup_time + +start_transmitter: + bpatch patch13_0,mem_patch13 + call prep_crypt + disable is_rx + enable is_tx + rtn + + + +start_tx_native: + bpatch patch13_1,mem_patch13 + arg param_tx_setup,timeup + until clkn_rt,meet /* wait until start_tx time */ + pulse init_encrypt + rtn + +start_rx_native: + bpatch patch13_2,mem_patch13 + arg param_rx_setup,timeup + until clkn_rt,meet + rtn + + +start_tx_external: + bpatch patch13_3,mem_patch13 + arg param_tx_setup,timeup + until clke_rt,meet /* wait until start_tx time */ + pulse init_encrypt + rtn + +send_access_word: + bpatch patch13_4,mem_patch13 + preload access /* load in access word ready to be sent */ + enable encode_fec0 + set1 TXGFSK,radio_ctrl + inject mod,72 + disable encode_fec0 + rtn + + +scan_mode_whiten: + copy xin,temp + or_into 0x60,temp /* extend xin with 5->1, 6->1 */ + copy temp,white_init + rtn + + + + /* return blank if free amaddr is found */ +get_free_amaddr: + bpatch patch13_5,mem_patch13 + fetch 1,mem_current_amaddr + increase 1,pdata + bne param_esco_addr,get_free_amaddr_cont + force 1,pdata +get_free_amaddr_cont: + store 1,mem_current_amaddr + iforce am_addr + rtn + +get_clk: + copy clkn,temp + rtn master + copy clke,temp + rtn + +get_clkbt: + deposit clkn_bt + rtn master + deposit clke_bt + rtn + + +supervision_update: + bpatch patch13_6,mem_patch13 + fetcht 4,mem_supervision_timer + call get_clkbt + isub temp,timeup /* and to 28 bits */ + deposit timeup + fetcht 2,mem_supervision_to + lshift temp,temp + isub temp,pdata + rtn + +supervision_flush: + bpatch patch13_7,mem_patch13 + call get_clkbt + store 4,mem_supervision_timer + rtn + +assert: + bpatch patch14_0,mem_patch14 + branch assert + +loop: + branch loop + +sleep: + rtn blank + /* sleep pdata clocks, only even clocks are accurate */ + rshift pdata,pdata + increase -3,pdata +sleep_loop: + increase -1,pdata + nbranch sleep_loop,zero + force 0,pdata + rtn + + + +init_param: + /* clear specified sched ram */ + arg 0x10,loopcnt + arg 0,contw + call memset0 + arg mem_le_state,contw + arg 10,loopcnt + call memset0 + jam 0,mem_sp_calc + jam 0,mem_fifo_temp + jam 0,mem_le_testtype + jam 0,mem_debug_config + jam 0,mem_lmp_conn_state + bpatch patch14_1,mem_patch14 + jam 0,mem_connection_options + jam 0,mem_tester_emulate + jam 0,mem_tester_cnt + setarg param_glap + store 3,mem_glap + setarg param_acl_pktlen + store 2,mem_acl_pktlen + jam param_sco_pktlen,mem_sco_pktlen + jam param_acl_pktcnt,mem_acl_pktcnt + jam param_sco_pktcnt,mem_sco_pktcnt + setarg param_hci_version + store 3,mem_hci_version +// setarg param_lmp_version +// store 3,mem_lmp_version +// setarg param_lmp_subversion +// store 2,mem_lmp_subversion + jam 0x60,mem_fhs_misc /* R1 for 1.28s ps interval,P2 */ + jam param_max_slot,mem_max_slot + jam 0x02,mem_fw_ver /* set firmware version */ +ifdef SIMPLE_PAIRING + fetch 1,mem_ssp_enable + ncall init_memp,blank +endif +ifdef SECURE_CONNECTION + fetch 1,mem_le_secure_connect_enable + ncall init_memp_256,blank +endif + bpatch patch14_2,mem_patch14 + rtn wake + setarg 0 + store 2,mem_tx_len + rshift clkn_bt,pdata + store 4,mem_last_clkn + rtn + + + + +/*****************************************LPO************************************************/ + +lpmstate: + fetch 4,core_lpm_xtalcnt + isolate1 hibernate,pdata + bbit0 isogate,lpm_open_isogate + nbranch clean_mem,true // power on + arg param_hibernate_clks,temp + deposit auxcnt + branch lpm_enter_sleep,blank // hibernate timeout, continue sleeping +lpm_open_isogate: + set1 isogate,pdata + set1 xram_switch,pdata + set1 pram_switch,pdata + store 4,core_lpm_reg + until null,lpo_edge // delay to wait lpo rstn release + until null,lpo_edge + call lpm_write_ctrl2 + fetch 1,core_lpm_isogate + set1 enable_retmem,pdata + store 1,core_lpm_isogate + call lpm_write_ctrl2 + branch clean_mem,true // doze or hibernate + enable wake +lpm_load_context: + jam 0x1,core_config // signal m0 for NOT loading patch + fetch 8,mem_saved_mark + iforce mark + fetch 6,core_gpio_wakeup + store 6,mem_gpio_wakeup + rtn + +lpm_save_context: + deposit mark + store 8,mem_saved_mark + branch lpm_write_gpio_wakeup + + +lpo_calibration: + fetcht 1,core_clksel + and temp,0xf0,pdata + nbranch lpo_cal_inited,blank + fetch 3,mem_clks_per_lpo + nrtn blank + and temp,0xf,pdata + or_into 0xc0,pdata + store 1,core_clksel + jam ccnt_start,core_dma_start +lpo_cal_inited: + fetch 1,core_misc_status + rtnbit0 CCNT_DONE + fetch 3,core_ccnt_counter + store 3,mem_clks_per_lpo + rtn + + + /* temp is synced clke */ +lpm_adjust_clk: + bpatch patch14_3,mem_patch14 + deposit clke + call clk_diff_rt + fetcht 4,mem_sleep_counter_all + sub temp,0xff,null + rtn positive // interval too small + lshift8 pdata,pdata + lshift4 pdata,pdata + idiv temp + call wait_div_end + quotient pdata + arg param_lpm_adjmax,temp + call ceiling + store 1,mem_lpm_adjust + nbranch lpm_adjust_positive,user + sub pdata,0,pdata +lpm_adjust_positive: + fetcht 3,mem_clks_per_lpo + iadd temp,pdata + store 3,mem_clks_per_lpo +lpm_clear_counter: + setarg 0 + store 4,mem_sleep_counter_all + rtn + +lpm_doze: + fetch 1,mem_lpm_doze_switch + branch lpm_hibernate_normal + + /* no retention memory at all */ +lpm_hibernate: + fetch 1,mem_lpm_hibernate_switch +lpm_hibernate_normal: + store 1,mem_lpm_xtalcnt + 3 + bpatch patch14_4,mem_patch14 + call lpm_write_gpio_wakeup + arg param_hibernate_clks,temp + fetch 1,mem_lpm_config+1 + set0 7,pdata /* lowest lpo */ + store 1,mem_lpm_config+1 + + /* temp is lpo clocks to sleep */ +lpm_sleep: + bpatch patch14_5,mem_patch14 + call xtal_fast_wake + fetch 4,mem_sleep_counter_all + iadd temp,pdata + store 4,mem_sleep_counter_all + call lpm_save_context + fetch 3,mem_lpm_xtalcnt + store 3,core_lpm_reg + ifetchr rega,1,contr + fetch 1,core_lpm_buckcfg + istore 1,contw + until null,lpo_edge + storer clkn,6,mem_sleep_clkn + hjam lpmreg_sel_ctrl2,core_lpm_wr + until null,lpo_edge + until null,lpo_edge + storer rega,1,core_lpm_isogate + hjam lpmreg_sel_ctrl2,core_lpm_wr +lpm_enter_sleep: + until null,lpo_edge + until null,lpo_edge + hstoret 4,core_lpm_reg + hjam lpmreg_sel_counter,core_lpm_wr + until null,never + + + + +lpm_recover_clk: + bpatch patch14_6,mem_patch14 + setarg 0 + copy auxcnt,null + branch lpm_recover_timeout,zero + hfetch 1,core_lpm_xtalcnt + hfetcht 1,core_lpm_buckcnt + isub temp,null + branch lpm_recover_xtal,positive + deposit temp +lpm_recover_xtal: + isub auxcnt,pdata + increase 1,pdata +lpm_recover_timeout: + increase 8,pdata + until null,lpo_edge + iadd lpo_time,pdata + fetcht 4,mem_sleep_counter + iadd temp,pdata + fetcht 3,mem_clks_per_lpo + imul32 temp,pdata + rshift8 pdata,pdata + rshift4 pdata,pdata + increase param_lpm_fix,pdata + arg 3750,temp + idiv temp + call wait_div_end + quotient pdata + lshift16 pdata,pdata + remainder temp + ior temp,pdata + fetcht 6,mem_sleep_clkn + call clk_add + copy temp,clkn + fetch 6,mem_context + coffset_clk_offset + call calc_clke2 + rtn + +lpm_dispatch: + bpatch patch14_7,mem_patch14 + call lpo_calibration + fetch 3,mem_clks_per_lpo + rtn blank + fetch 1,mem_lpm_mode + rtn blank + fetch 1,mem_ssp_enable + branch lpm_dispatch_next,blank + fetch 1,mem_sp_local_key_invalid // simple pairing is not ready + rtn blank +lpm_dispatch_next: + fetch 1,mem_le_sc_calc + nrtn blank + call lpm_check_wake_lock + nrtn blank + fetch 1,mem_context + compare 3,pdata,0x7 /* sco won't sleep */ + nbranch lpm_dispatch_unconn,true + fetch 2,mem_context + coffset_tsniff + rtn blank /* role switch */ + rtn wake + bpatch patch15_0,mem_patch15 + fetcht 1,mem_lpm_current_mult + fetch 2,mem_context + coffset_tsniff + imul32 temp,pdata + rshift4 temp,temp + rshift2 temp,temp + isub temp,pdata + fetcht 4,mem_context + coffset_sniff_anchor + iadd temp,pdata + fetcht 1,mem_lpm_overhead + isub temp,pdata + lshift16 pdata,alarm + bpatch patch15_1,mem_patch15 + fetch 2,mem_context + coffset_rx_window + rshift pdata,pdata + call clk2bt + deposit alarm + call clk_diff + copy clke,temp + call clk_diff_rt + rtn user +lpm_dispatch_sleep: + call clk2lpo +lpm_dispatch_lpo: + bpatch patch15_2,mem_patch15 + fetch 1,mem_lpm_xtalcnt + isub temp,null + branch lpm_clear_counter,positive + storet 4,mem_sleep_counter + call app_will_enter_lpm + call l2cap_lpm_save_txbuf + fetcht 4,mem_sleep_counter + branch lpm_sleep + +lpm_dispatch_unconn: + bpatch patch15_3,mem_patch15 + fetch 1,mem_context + rtnbit1 state_inconn // wont sleep in connection + rtnbit1 state_inpage // wont sleep when paging + fetch 1,mem_ssp_enable + branch lpm_unconn_nossp,blank + fetch 1,mem_sp_local_key_invalid // simple pairing is not ready + rtn blank +lpm_unconn_nossp: + bpatch patch15_4,mem_patch15 + fetch 1,mem_le_adv_enable + nbranch lpm_unconn_cont,blank + fetch 1,mem_scan_mode + rtn blank +lpm_unconn_cont: + fetch 2,mem_lpm_interval + rtn blank +lpm_sleep_btclk: + fetcht 1,mem_lpm_overhead + isub temp,pdata + arg 7500,temp /* 1.25ms */ + imul32 temp,pdata + branch lpm_dispatch_sleep + +lpm_set_mult: + bpatch patch15_5,mem_patch15 + disable wake + fetch 1,mem_state + rtnbit0 state_insniff + nbranch lpm_not_match,match + call lpm_match + fetch 2,mem_rx_window_sniff + store 2,mem_rx_window + fetch 1,mem_arq + bbit1 wack,lpm_mult_short + bmark0 mark_lpm_mult_enable,lpm_mult_short + call l2cap_malloc_is_fifo_empty + nbranch lpm_mult_short,blank + fetch 1,mem_classic_bt_flag + bbit1 SHORT_MULT_FLAG,lpm_mult_short +lpm_mult_wait_timeout: + jam 0,mem_lpm_current_mult + bmark0 mark_lpm_mult_enable,lpm_mult_short + fetch 1,mem_lpm_mult_cnt + branch lpm_mult_long,blank + increase -1,pdata + store 1,mem_lpm_mult_cnt + rtn + + +classic_bt_set_mult_short_flag: + arg SHORT_MULT_FLAG,queue + branch classic_bluetooth_set_flag + +classic_bt_clr_mult_short_flag: + arg SHORT_MULT_FLAG,queue + branch classic_bluetooth_clr_flag + + + +lpm_match: + jam 0,mem_sniff_unint_lost + fetch 3,mem_sniff_rcv + increase 1,pdata + store 3,mem_sniff_rcv + rtn + +lpm_not_match: + bpatch patch15_6,mem_patch15 + fetcht 2,mem_rx_window_sniff + rshift temp,temp + fetch 2,mem_rx_window + iadd temp,pdata + store 2,mem_rx_window +lpm_lost: + jam 0,mem_lpm_current_mult + fetch 3,mem_sniff_lost + increase 1,pdata + store 3,mem_sniff_lost + fetch 1,mem_sniff_unint_lost + increase 1,pdata + store 1,mem_sniff_unint_lost + rtn + +lpm_mult_short: + jam 0,mem_lpm_current_mult + fetch 1,mem_lpm_mult_timeout + store 1,mem_lpm_mult_cnt + rtn + +lpm_mult_long: + fetcht 1,mem_lpm_mult + storet 1,mem_lpm_current_mult + rtn + +lpm_cal_xtal_startup: + bpatch patch15_7,mem_patch15 + fetch 1,mem_lpm_xtalcnt + nrtn blank + hjam clksel_rc,core_clksel + setarg 0xf0c + call lpm_write_config + setarg 200000 + call sleep + until null,lpo_edge + copy lpo_time,alarm + call xtal_fast_wake + hjam clksel_xtal,core_clksel + nop 10 + until null,lpo_edge + deposit lpo_time + isub alarm,pdata + increase 0x30,pdata + arg 0xff,temp + call ceiling + store 1,mem_lpm_xtalcnt + nop 30000 + nop 30000 + nop 30000 + rtn + + + + /* pdata is lpm_reg[11:0] */ +lpm_write_config: + arg 0xfff,contw + iand contw,contw + fetch 1,mem_lpm_config + and_into 0xf0,pdata + lshift8 pdata,pdata + ior contw,pdata + hstore 2,core_lpm_reg + ifetch 2,contr + istore 2,contw + +lpm_write_ctrl: + setarg lpmreg_sel_ctrl + branch lpm_write + +lpm_write_ctrl2: + setarg lpmreg_sel_ctrl2 +lpm_write: + hstore 1,core_lpm_wr + until null,lpo_edge + until null,lpo_edge + until null,lpo_edge + rtn + + +lpm_write_gpio_wakeup: + bpatch patch16_0,mem_patch16 + fetch 4,mem_gpio_wakeup + store 4,core_lpm_reg + setarg lpmreg_sel_gpiolow + call lpm_write + ifetch 2,contr + store 4,core_lpm_reg + setarg lpmreg_sel_gpiohigh + branch lpm_write + +lpm_get_wake_lock: + fetch 2,mem_lpm_wake_lock + qset1 pdata + store 2,mem_lpm_wake_lock + rtn + +lpm_put_wake_lock: + fetch 2,mem_lpm_wake_lock + qset0 pdata + store 2,mem_lpm_wake_lock + rtn + + + +lpm_check_wake_lock: + bpatch patch16_1,mem_patch16 + call app_check_wake_lock + fetch 2,mem_lpm_wake_lock + copy pdata,rega + fetch 1,mem_state_map + isolate1 smap_rxlmp,pdata + setflag true,wake_lock_lmp_rx,rega + fetch 1,mem_lmo_opcode1 + fetcht 1,mem_lmo_opcode2 + iadd temp,pdata + fetcht 1,mem_lmp_to_send + iadd temp,pdata + nsetflag blank,wake_lock_lmp_tx,rega + fetch 1,mem_le_tx_buff_used + nsetflag blank,wake_lock_ble_tx,rega + fetch 2,mem_l2cap_rxbuff1_len + fetcht 2,mem_l2cap_rxbuff2_len + iadd temp,pdata + nsetflag blank,wake_lock_l2cap_rx,rega + fetch UTIL_FIFO_LEN,mem_ipc_fifo_bt2c51 + nsetflag blank,wake_lock_ipc_bt2c51,rega + fetch UTIL_FIFO_LEN,mem_ipc_fifo_c512bt + nsetflag blank,wake_lock_ipc_c512bt,rega + fetch 2,IPC_BT2M0_READ_PTR + fetcht 2,IPC_BT2M0_WRITE_PTR + isub temp,null + nsetflag zero,wake_lock_ipc_bt2m0,rega + fetch 2,IPC_M02BT_READ_PTR + fetcht 2,IPC_M02BT_WRITE_PTR + isub temp,null + nsetflag zero,wake_lock_ipc_m02bt,rega + fetch 1,core_config + isolate1 7,pdata + setflag true,wake_lock_m0_single,rega + fetch 1,mem_hci_cmd + nsetflag blank,wake_lock_cmd,rega + copy rega,pdata + store 2,mem_lpm_wake_lock + rtn + +lpm_shut_down: + hfetch 4,core_lpm_ctrl + set0 27,pdata + hstore 4,core_lpm_reg + call lpm_write_ctrl + branch assert + +lpm_disable_exen_output: + hfetch 4,core_lpm_xtalcnt + set0 20,pdata + hstore 4,core_lpm_reg + branch lpm_write_ctrl2 + +check_bt_disabled: + fetch 2,mem_chip_functions + bbit1 bt_disabled,assert + rtn +check_ble_disabled: + fetch 2,mem_chip_functions + bbit1 ble_disabled,assert + rtn +check_module_disabled: + fetch 2,mem_chip_functions + bbit1 module_disable,assert + rtn + +test_init: + setarg test_proc + store 2,mem_cb_bt_process + setarg test_sleep + store 2,mem_cb_bb_event_process + setarg test_proc + store 2,mem_cb_idle_process + rtn wake + rtn + +test_proc: + fetch 1,mem_state + bbit0 state_insniff,check_test_cond + set1 mark_lpm_mult_enable,mark + fetch 6,mem_sniff_rcv + store 6,mem_local_name + rtn + +check_test_cond: + fetch 1,mem_tester_emulate + rtnbit0 tester_change + fetch 1,mem_tester_cnt + increase 1,pdata + store 1,mem_tester_cnt + rtnne 5 + jam 0,mem_tester_cnt + fetch 1,mem_tester_emulate + set0 tester_change,pdata + store 1,mem_tester_emulate + bbit1 tester_exit,check_test_exit + isolate1 tester_no_whitening,pdata + call test_no_white,true + ncall test_enable_white,true + fetch 1,test_mode_packet_type + compare 0x20,pdata,0x30 + fetch 1,mem_state_map + setflag true,smap_edr,pdata + store 1,mem_state_map + fetch 1,mem_tester_emulate + fetcht 1,mem_debug_config + isolate1 tester_pattern_test,pdata + setflag true,debug_tx_pattern,temp + isolate1 tester_fixed_freq,pdata + setflag true,debug_tx_fixed_freq,temp + setflag true,debug_rx_fixed_freq,temp + storet 1,mem_debug_config + fetch 1,test_mode_tx_freq + store 1,mem_tx_fixed_freq + fetch 1,test_mode_rx_freq + store 1,mem_rx_fixed_freq + set1 mark_testmode,mark + rtn + + +check_test_exit: + set0 mark_testmode,mark + jam 0,mem_tester_emulate + fetch 1,mem_test_mode_old_debug_config + store 1,mem_debug_config + hfetch 1,core_config + and_into 0xfb,pdata /* whitening on */ + hstore 1,core_config + rtn + + +test_sleep: + deposit regc + rtnne BT_EVT_BUTTON_LONG_PRESSED +test_sleep_loop: +// call ui_button_polling +// fetch 1,mem_ui_button_last_state + rtn + beq 1,test_sleep_loop + branch lpm_hibernate + + +test_tx: + force 2,temp + increase -2,temp + call set_sync_on + call set_freq_tx + disable enable_white + enable encode_fec0 + set1 TXGFSK,radio_ctrl + call start_transmitter +test_tx_loop: + fetch 1,0 + inject mod,8 + branch test_tx_loop +wait_sec_powerup: + fetch 1,core_misc_status + bbit0 SEC_PWRUP, wait_sec_powerup + rtn + Index: dukaqi/senrui/program/hci_h4.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/hci_h4.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/hci_h4.prog (working copy) @@ -0,0 +1,4 @@ + + + + Index: dukaqi/senrui/program/hci_main.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/hci_main.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/hci_main.prog (working copy) @@ -0,0 +1,53 @@ +/*********************************/ +/********** HCI *****************/ +/*********************************/ + +cmd_exit: + jam 0,mem_hci_cmd + rtn +cmd_check_plap: + fetch 6,mem_hci_plap + fetcht 6,mem_plap + isub temp,null + rtn + + + +//enable ssp master sm +cmd_pair: + fetch 1,mem_op + bbit1 op_inrand_req,cmd_pair_passive + call tid_initiate + jam LMP_IN_RAND,mem_lmo_opcode2 + branch cmd_exit +cmd_pair_passive: + set0 op_inrand_req,pdata + store 1,mem_op + call lmp_accept_inrand + setarg 0 + setflag master,smap_lmptid,pdata + store 1,mem_lmo_tid2 + branch cmd_exit + rtn +cmd_in_sniff: + jam LMP_SNIFF_REQ,mem_lmo_opcode2 + arg mem_sniff_payload,contw + setarg 0 + isolate1 27,clke_bt + setflag true,1,pdata /* use init 2 if bit27 of clke is 1 */ + istore 1,contw + setarg 0 /* dsniff */ + istore 2,contw + fetch 2,mem_sniff_param_interval /* tsniff */ + istore 2,contw + fetch 1,mem_sniff_param_attempt /* attempt */ + istore 2,contw + fetch 1,mem_sniff_param_timeout /* timeout */ + istore 2,contw + branch cmd_exit + +cmd_exit_sniff: + jam LMP_UNSNIFF_REQ,mem_lmo_opcode2 + branch cmd_exit + + Index: dukaqi/senrui/program/hid.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/hid.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/hid.prog (working copy) @@ -0,0 +1,84 @@ +/** +* the following API is to send the HID data +* +*/ + +/** +* the following API is to process the hid rx data +* +*/ +//handle the hid data + +hid_rx_process: + bpatch patch17_6,mem_patch17 + fetch 2,mem_l2cap_payload_ptr + copy pdata,contr + ifetch 1,contr + and pdata,0x0f,temp + rshift4 pdata,pdata //hidtype + beq hid_type_set_idle,hid_rx_process_handshake + beq hid_type_set_protocol,hid_rx_process_handshake + beq hid_type_data,hid_rx_process_data + beq HID_TYPE_SET_REPORT,hid_rx_process_set_report + beq HID_TYPE_CONTROL,hid_rx_process_hid_control + rtn + +hid_rx_process_hid_control: + copy temp,pdata + beq HID_CONTROL_P_VIRTUALCABLEUNPLUG,hid_rx_process_virtual_cable_unplug + beq HID_CONTROL_P_SUSPEND,hid_rx_process_suspend + rtn + +hid_rx_process_virtual_cable_unplug: + jam BT_EVT_VIRTUAL_CABLE_UNPLUG,mem_fifo_temp + call ui_ipc_send_event + fetch 1,mem_device_option + rtnbit0 dvc_op_mouse + copy temp,pdata +// beq HID_CONTROL_P_VIRTUALCABLEUNPLUG,mouse_irtual_cable_unplug + rtn +hid_rx_process_suspend: + rtn + +hid_rx_process_set_report: + call hid_rx_process_data + arg 0x01,rega + call hid_malloc_tx_buff + fetch 2,mem_hid_ctrl_remote_cid + istore 2,contw + setarg 0x00 + istore 1,contw + rtn + +hid_rx_process_handshake: + arg 1,regA//payload length + call hid_malloc_tx_buff + fetch 2,mem_hid_ctrl_remote_cid + istore 2,contw + setarg 0 + istore 1,contw + jam 1,mem_ui_data_txbuff_length + fetch 1,mem_hid_control_state + set1 l2cap_channel_hid_handshake_done + store 1,mem_hid_control_state + jam BT_EVT_HID_HANDSHAKE,mem_fifo_temp + branch ui_ipc_send_event + +hid_rx_process_data: + ifetch 1,contr + beq HID_REPORT_ID_KB,hid_rx_process_data_hid_kb + rtn + +hid_rx_process_data_hid_kb: + rtn + + +hid_malloc_tx_buff: + call l2cap_malloc + copy rega,temp + storet 1,mem_ui_data_txbuff_length + copy pdata,contw + copy rega,pdata + istore 2,contw //hid payload length + rtn + Index: dukaqi/senrui/program/l2cap.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/l2cap.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/l2cap.prog (working copy) @@ -0,0 +1,1929 @@ +/************************************/ +/*initialize L2CAP related variables*/ +/************************************/ +l2cap_init: + branch l2cap_init_wake,wake +l2cap_init_work: + setarg mem_l2cap_xmem_end + arg mem_l2cap_xmem_start,contw + isub contw,loopcnt + call clear_mem +l2cap_init_wake: + bpatch patch17_7,mem_patch17 + setarg mem_sdp_mem_end + arg mem_sdp_mem_start,contw + isub contw,loopcnt + call clear_mem + setarg mem_l2cap_mem_end + arg mem_l2cap_mem_start,contw + isub contw,loopcnt + call clear_mem + branch l2cap_lpm_load_txbuf + +process_rx_l2cap_pkt: + bpatch patch18_0,mem_patch18 + copy contr,temp + //call l2cap_malloc_is_fifo_full + //nrtn blank + copy temp,contr + ifetch 2,contr + store 2,mem_l2cap_rx_pkt_length + ifetch 2,contr + store 2,mem_l2cap_rx_cid + deposit contr + store 2,mem_l2cap_payload_ptr + fetch 1,memui_reconnect_mode + beq NO_RECONNECTION,l2cap_rx_multiplexing + branch ml2cap_rx_multiplexing + +l2cap_rx_multiplexing: + fetch 2, mem_l2cap_rx_pkt_length + branch l2cap_rx_reset_state,blank + bpatch patch18_1,mem_patch18 + fetch 1,mem_l2cap_rx_cid + beq L2CAP_signal_channel,l2cap_call_proc_signal +l2cap_rx_multiplexing0: + beq L2CAP_SDP_channel,l2cap_call_proc_sdp + beq L2CAP_RFCOMM_channel,l2cap_call_proc_rfcomm + beq L2CAP_HID_Control_channel,l2cap_call_proc_hid + beq L2CAP_HID_Interrupt_channel,l2cap_call_proc_hid + branch l2cap_rx_reset_state + +l2cap_check_map: +// call l2cap_malloc_is_fifo_full +// nrtn blank + bpatch patch18_2,mem_patch18 + call l2cap_malloc_get_full_map + fetch 1,mem_used_map + beq 0,set_pdata_0 + beq 1,set_pdata_0 + beq 2,set_pdata_0 + beq 3,set_pdata_0 + beq 0x81,set_pdata_0 + beq 0xc0,set_pdata_0 + beq 0x80,set_pdata_0 + beq 0x40,set_pdata_0 + rtn + +set_pdata_0: + setarg 0 + rtn + + +l2cap_call_proc_signal: + call l2cap_check_map + nrtn blank +l2cap_call_proc_signal0: + call l2cap_malloc_signal_channel + call l2cap_process_signal_pkt + fetcht 2,mem_l2cap_signal_tx_length + branch l2cap_call_proc_no_reply,blank + call l2cap_get_signal_tx_buff + fetch 2,mem_l2cap_signal_tx_length + istore 2,contw + force L2CAP_signal_channel,pdata + istore 2,contw + branch l2cap_rx_reset_state + +l2cap_call_proc_sigal_pending: + fetch 1,mem_l2cap_pending_item + rtn blank + copy pdata,rega + bpatch patch18_3,mem_patch18 + fetch 4,mem_l2cap_sdpres_delay_time + arg 0x100,temp + iadd temp,temp + copy clkn_bt,pdata + isub temp,null + nrtn positive + jam 0,mem_l2cap_pending_item + copy rega,pdata + beq L2CAP_SDP_channel,l2cap_sdp_conn_succ + branch assert +l2cap_sdp_conn_succ: + arg 0,debug + call l2cap_malloc_signal_channel + call restore_l2cap_req_param + call l2cap_get_signal_tx_payload + call save_cont_pointers + call send_connection_sdp_res + call l2cap_get_signal_tx_buff + //fetch 2,mem_l2cap_signal_tx_length + setarg 0x000c + istore 2,contw + force L2CAP_signal_channel,pdata + istore 2,contw + branch l2cap_rx_reset_state + + + +l2cap_reset_sdp_map: + bpatch patch18_4,mem_patch18 + fetch 2,mem_sdp_tx_pkt_length + increase 4,pdata + rshift4 pdata,pdata + rshift3 pdata,pdata + add pdata,1,temp ///temp: how many128 + arg mem_tx_fifo3,contr + ifetch 3,contr + rtn blank + store 3,mem_tx_fifo_map_temp + fetch 1,mem_tx_fifo_map_temp + copy pdata,rega + call check_l2cap_map + copy regb,pdata + store 1,mem_tx_fifo3 + rtn + +check_l2cap_map: + arg 0,queue + arg 0,regb + +check_l2cap_map_loop: + sub queue,7,null + nrtn positive + qisolate1 rega + branch check_l2cap_map_used,true + branch check_l2cap_map_used2 + +check_l2cap_map_used: + copy temp,pdata + branch check_l2cap_map_used2,blank + qset1 regb + increase -1,temp + +check_l2cap_map_used2: + increase 1,queue + branch check_l2cap_map_loop + +l2cap_call_proc_sdp: + call l2cap_malloc_is_fifo_empty + nrtn blank// not process this packet until fifo empty + call l2cap_check_map + nrtn blank + call l2cap_malloc_sdp_channel + call sdp_process + call l2cap_reset_sdp_map + branch l2cap_call_proc_sdp_common + + +ml2cap_call_proc_sdp: + call l2cap_malloc_is_fifo_empty + nrtn blank// not process this packet until fifo empty + call l2cap_malloc_sdp_channel + call sdp_process +l2cap_call_proc_sdp_common: + call l2cap_get_sdp_tx_buff + fetch 2,mem_sdp_tx_pkt_length + branch l2cap_call_proc_no_reply,blank + istore 2,contw + fetch 2,mem_sdp_remote_cid + istore 2,contw + branch l2cap_rx_reset_state + +l2cap_call_proc_hid: + call hid_rx_process + branch l2cap_rx_reset_state + +l2cap_call_proc_rfcomm: + bpatch patch18_5,mem_patch18 + jam RFCOMM_MALLOC_SUCCEED,mem_rfcomm_malloc_fail_flag + call rfcomm_rx_process + fetch 1,mem_rfcomm_malloc_fail_flag + rtneq RFCOMM_MALLOC_FAIL + branch l2cap_rx_reset_state +l2cap_call_proc_no_reply: + call l2cap_malloc_discard + //fall through +l2cap_rx_reset_state: + setarg 0 + store 2,mem_l2cap_rx_pkt_length + store 2,mem_l2cap_rx_cid + jam L2CAP_RX_DONE,mem_l2cap_rx_done + rtn +/* To process one L2CAP signalling pkt consisting of 1 or more signalling commands. */ +l2cap_process_signal_pkt: + bpatch patch18_6,mem_patch18 + call l2cap_get_signal_tx_payload + force 0,regB + fetch 2,mem_l2cap_rx_pkt_length + copy pdata,regC + fetch 2,mem_l2cap_payload_ptr + iforce contr +l2cap_process_signal_pkt_loop: + call l2cap_process_one_signal + deposit regC + increase -4,regC + increase -4,pdata + nbranch l2cap_process_signal_pkt_loop,blank + copy regB,pdata + store 2,mem_l2cap_signal_tx_length + rtn + +l2cap_process_one_signal: + bpatch patch18_7,mem_patch18 + ifetch 1,contr + beq signal_cmd_reject,l2cap_proc_signal_cmd_reject + beq signal_connect_req,l2cap_proc_signal_connect_req + beq signal_connect_rsp,l2cap_proc_signal_connect_rsp + beq signal_config_req,l2cap_proc_signal_config_req + beq signal_config_rsp,l2cap_proc_signal_config_rsp + beq signal_disconnect_req,l2cap_proc_signal_disconnect_req + beq signal_disconnect_rsp,l2cap_proc_signal_disconnect_rsp + beq signal_echo_req,l2cap_proc_signal_echo_req + beq signal_echo_rsp,l2cap_proc_signal_echo_rsp + beq signal_info_req,l2cap_proc_signal_info_req + beq signal_info_rsp,l2cap_proc_signal_info_rsp + call l2cap_reject_command +l2cap_process_one_signal_rtn: + rtn + +l2cap_proc_signal_info_req: + ifetch 1,contr //IDs + copy pdata,queue + ifetch 2,contr //length + copy pdata,rega + copy regc,pdata + isub rega,regc + setarg signal_info_rsp + istore 1,contw + copy queue,pdata + istore 1, contw + ifetch 2,contr +l2cap_proc_signal_info_req_reply: + beq L2CAP_SIG_EXT_FEATRUE,l2cap_proc_signal_info_req_ext + beq L2CAP_SIG_FIX_FEATRUE,l2cap_proc_signal_info_req_fix + rtn +l2cap_proc_signal_info_req_ext: + setarg 0x020008 + istore 6, contw + setarg 0x0280 + istore 4, contw + force 12,pdata + branch l2cap_proc_signal_info_req_common +l2cap_proc_signal_info_req_fix: + setarg 0x3000c + istore 6, contw + setarg 0x0006 + istore 8, contw + force 16,pdata +l2cap_proc_signal_info_req_common: + iadd regb,regb + branch l2cap_process_one_signal_rtn + +ml2cap_proc_signal_info_req: + ifetch 1,contr //IDs + copy pdata,queue + ifetch 2,contr //length + copy pdata,rega + ifetch 2,contr + store 2,mem_temp + copy regc,pdata + isub rega,regc + call l2cap_get_signal_tx_payload + setarg signal_info_rsp + istore 1,contw + copy queue,pdata + istore 1,contw + fetch 2,mem_temp + branch l2cap_proc_signal_info_req_reply + + +/* Respond to the command reject signal sent from the remote BD. */ +l2cap_proc_signal_cmd_reject: + ifetch 1,contr + copy pdata,queue + ifetch 2,contr + copy pdata,regA + iadd contr,contr + copy regC,pdata + isub regA,regC +l2cap_proc_signal_cmd_reject_rtn: + branch l2cap_process_one_signal_rtn +/* Respond to an L2CAP connection request from remote BD. (generate a connection_rsp) */ +l2cap_proc_signal_connect_req: + call save_cont_pointers + //fetch 6,mem_inquiry_bd_addr + //store 6,mem_master_paged_bd_addr + call load_cont_pointers + arg 0,debug + ifetch 1,contr + copy pdata,queue + ifetch 2,contr + copy pdata,regA + ifetch 2,contr + copy pdata,temp //PSM + ifetch 2,contr + copy pdata,timeup + bpatch patch19_0,mem_patch19 + copy temp,pdata + beq PSM_SDP,l2cap_proc_signal_connect_req_sdp + beq PSM_RFCOMM,l2cap_proc_signal_connect_req_rfcomm + beq PSM_HID_control,l2cap_proc_signal_connect_req_hid_ctrl + beq PSM_HID_interrupt,l2cap_proc_signal_connect_req_hid_int + call l2cap_reject_command + branch l2cap_proc_signal_connect_req_rtn + +l2cap_proc_signal_connect_req_sdp: + call save_cont_pointers + arg L2CAP_SDP_channel,temp + fetch 2,mem_sdp_remote_cid + nbranch already_connected,blank + copy timeup,pdata + store 2,mem_sdp_remote_cid + copy clkn_bt,pdata + store 4,mem_l2cap_sdpres_delay_time + call store_l2cap_req_param + branch send_connection_pending + +store_l2cap_req_param: + storet 2,mem_psm + deposit timeup + store 2,mem_scid + deposit rega + store 2,mem_cmd_length + deposit regb + store 2,mem_tt2 + deposit regc + store 2,mem_tt3 + deposit queue + store 2,mem_id + rtn + +restore_l2cap_req_param: + fetcht 2,mem_psm + fetch 2,mem_scid + copy pdata,timeup + fetch 2,mem_cmd_length + copy pdata,rega + fetch 2,mem_tt2 + copy pdata,regb + fetch 2,mem_tt3 + copy pdata,regc + fetch 2,mem_id + copy pdata,queue + rtn + +l2cap_proc_signal_connect_req_rfcomm: + call save_cont_pointers + setarg L2CAP_RFCOMM_channel + arg L2CAP_RFCOMM_channel,temp + fetch 2,mem_RFCOMM_remote_CID + nbranch already_connected,blank + copy timeup,pdata + store 2,mem_RFCOMM_remote_CID + fetch 1,mem_rfcomm_state + set1 L2CAP_CHANNEL_STATE_CONN_REQ,pdata + set1 L2CAP_CHANNEL_STATE_CONN_RES,pdata + store 1,mem_rfcomm_state + branch send_connection_res +l2cap_proc_signal_connect_req_hid_ctrl: + call save_cont_pointers + arg L2CAP_HID_Control_channel,temp + fetch 2,mem_hid_ctrl_remote_cid + nbranch already_connected,blank + copy timeup,pdata + store 2,mem_hid_ctrl_remote_cid + fetch 1,mem_hid_control_state + set1 L2CAP_CHANNEL_STATE_CONN_REQ,pdata + set1 L2CAP_CHANNEL_STATE_CONN_RES,pdata + store 1,mem_hid_control_state + branch send_connection_res +l2cap_proc_signal_connect_req_hid_int: + call save_cont_pointers + deposit clke + arg L2CAP_HID_Interrupt_channel,temp + fetch 2,mem_hid_int_remote_cid + nbranch already_connected,blank + copy timeup,pdata + store 2,mem_hid_int_remote_cid + fetch 1,mem_hid_interrupt_state + set1 L2CAP_CHANNEL_STATE_CONN_REQ,pdata + set1 L2CAP_CHANNEL_STATE_CONN_RES,pdata + store 1,mem_hid_interrupt_state + branch send_connection_res + +send_connection_pending: + setarg L2CAP_connect_pending + store 2,memL2CAP_T1 + jam L2CAP_SDP_channel,mem_l2cap_pending_item + branch send_connection_res0 +send_connection_sdp_res: + fetch 1,mem_sdp_state + set1 L2CAP_CHANNEL_STATE_CONN_REQ,pdata + set1 L2CAP_CHANNEL_STATE_CONN_RES,pdata + store 1,mem_sdp_state +send_connection_res: + setarg L2CAP_connect_successful + store 2,memL2CAP_T1 +send_connection_res0: + bpatch patch19_1,mem_patch19 + call load_cont_pointers + setarg signal_connect_rsp + istore 1,contw + copy queue,pdata + istore 1,contw + setarg 0x0008 + istore 2,contw + copy temp,pdata + istore 2,contw + copy timeup,pdata + istore 2,contw + fetch 2,memL2CAP_T1 + beq L2CAP_connect_pending,connect_pending + isolate0 0,debug + branch connect_suc,true + setarg L2CAP_connect_refused_no_resources +connect_suc: + istore 2,contw + force 0x0000,pdata + istore 2,contw + setarg 12 + branch connect_req_update_byte_counts +connect_pending: + istore 2,contw + force 0x0002,pdata + istore 2,contw + setarg 12 + branch connect_req_update_byte_counts + +already_connected: + set1 0,debug + branch send_connection_res +connect_req_update_byte_counts: + iadd regB,regB + copy regC,pdata + isub regA,regC + branch l2cap_proc_signal_connect_req_rtn +l2cap_proc_signal_connect_req_rtn: + branch l2cap_process_one_signal_rtn + +l2cap_proc_signal_connect_rsp: + ifetch 1,contr //identifier + copy pdata,queue + ifetch 2,contr //length + copy pdata,regA + copy regC,pdata + isub regA,regC + ifetch 2,contr //remote cid + copy pdata,timeup + ifetch 2,contr //local cid + copy pdata,temp + bpatch patch19_2,mem_patch19 + setarg L2CAP_SDP_channel + isub temp,null + branch l2cap_proc_signal_connect_rsp_sdp,zero + setarg L2CAP_RFCOMM_channel + isub temp,null + branch l2cap_proc_signal_connect_rsp_rfcomm,zero + setarg L2CAP_HID_Control_channel + isub temp,null + branch l2cap_proc_signal_connect_rsp_hid_ctrl,zero + setarg L2CAP_HID_Interrupt_channel + isub temp,null + branch l2cap_proc_signal_connect_rsp_hid_int,zero + rtn + +l2cap_proc_signal_connect_rsp_sdp: + copy timeup,pdata + store 2,mem_sdp_remote_cid + fetch 1,mem_sdp_state + set1 L2CAP_CHANNEL_STATE_CONN_RES,pdata + store 1,mem_sdp_state + branch l2cap_process_one_signal_rtn +l2cap_proc_signal_connect_rsp_rfcomm: + copy timeup,pdata + store 2,mem_rfcomm_remote_CID + fetch 1,mem_rfcomm_state + set1 L2CAP_CHANNEL_STATE_CONN_RES,pdata + store 1,mem_rfcomm_state + rtn +l2cap_proc_signal_connect_rsp_hid_int: + copy timeup,pdata + store 2,mem_hid_ctrl_remote_cid + fetch 1,mem_hid_interrupt_state + set1 L2CAP_CHANNEL_STATE_CONN_RES,pdata + store 1,mem_hid_interrupt_state + rtn +l2cap_proc_signal_connect_rsp_hid_ctrl: + copy timeup,pdata + store 2,mem_hid_int_remote_cid + fetch 1,mem_hid_control_state + set1 L2CAP_CHANNEL_STATE_CONN_RES,pdata + store 1,mem_hid_control_state + rtn + +l2cap_proc_signal_config_req: + ifetch 1,contr//identifier + copy pdata,queue + ifetch 2,contr//length + copy pdata,regA + copy regC,pdata + isub regA,regC + ifetch 2,contr//dest cid + copy pdata,temp + copy temp,regA + bpatch patch19_3,mem_patch19 + setarg L2CAP_SDP_channel + isub temp,null + branch l2cap_proc_signal_config_req_sdp,zero + setarg L2CAP_RFCOMM_channel + isub temp,null + branch l2cap_proc_signal_config_req_rfcomm,zero + setarg L2CAP_HID_Control_channel + isub temp,null + branch l2cap_proc_signal_config_req_hid_ctrl,zero + setarg L2CAP_HID_Interrupt_channel + isub temp,null + branch l2cap_proc_signal_config_req_hid_int,zero + branch l2cap_reject_command + //branch L2CAP_proc_signal_config_req_rtn +l2cap_proc_signal_config_req_sdp: + copy contw, timeup + fetch 1,mem_sdp_state + set1 L2CAP_CHANNEL_STATE_RCV_CFG_REQ,pdata + set1 L2CAP_CHANNEL_STATE_SND_CFG_RES,pdata + //set1 L2CAP_CHANNEL_STATE_SND_CFG_REQ,pdata + store 1,mem_sdp_state + copy timeup,contw + arg L2CAP_SDP_channel,timeup + fetch 2,mem_sdp_remote_cid + copy pdata,temp + branch l2cap_send_config_rsp +l2cap_proc_signal_config_req_hid_ctrl: + copy contw, timeup + fetch 1,mem_hid_control_state + set1 L2CAP_CHANNEL_STATE_RCV_CFG_REQ,pdata + set1 L2CAP_CHANNEL_STATE_SND_CFG_RES,pdata + //set1 L2CAP_CHANNEL_STATE_SND_CFG_REQ,pdata + store 1,mem_hid_control_state + copy timeup,contw + arg L2CAP_HID_Control_channel,timeup + fetch 2,mem_hid_ctrl_remote_cid + copy pdata,temp + branch l2cap_send_config_rsp +l2cap_proc_signal_config_req_hid_int: + copy contw, timeup + fetch 1,mem_hid_interrupt_state + set1 L2CAP_CHANNEL_STATE_RCV_CFG_REQ,pdata + set1 L2CAP_CHANNEL_STATE_SND_CFG_RES,pdata + //set1 L2CAP_CHANNEL_STATE_SND_CFG_REQ,pdata + store 1,mem_hid_interrupt_state + copy timeup,contw + arg L2CAP_HID_Interrupt_channel,timeup + fetch 2,mem_hid_int_remote_cid + copy pdata,temp + branch l2cap_send_config_rsp +l2cap_proc_signal_config_req_rfcomm: + copy contw, timeup + fetch 1,mem_rfcomm_state + set1 L2CAP_CHANNEL_STATE_RCV_CFG_REQ,pdata + set1 L2CAP_CHANNEL_STATE_SND_CFG_RES,pdata + //set1 L2CAP_CHANNEL_STATE_SND_CFG_REQ,pdata + store 1,mem_rfcomm_state +// jam UPPERSM_RP_SDP_CONN,mem_upper_sm_remote_page + copy timeup,contw + arg L2CAP_RFCOMM_channel,timeup + fetch 2,mem_RFCOMM_remote_CID + copy pdata,temp +l2cap_send_config_rsp: + bpatch patch19_4,mem_patch19 + setarg signal_config_rsp + istore 1,contw + copy queue,pdata + istore 1,contw + setarg 0x0006 + istore 2,contw + copy temp,pdata + istore 2,contw + force 0x00,pdata + istore 2,contw + force L2CAP_config_success,pdata + istore 2,contw + force 10,pdata + iadd regB,regB + //copy temp,pdata + storet 2,mem_config_req_dest_CID + copy queue,pdata + store 1,mem_config_identifier + force L2CAP_SDP_channel,pdata + icompare 0xff,timeup + branch l2cap_send_config_rsp_is_sdp,true + increase 1,pdata +l2cap_send_config_rsp_is_sdp: + //store 1,mem_send_config_req + rtn +l2cap_check_channel_state: + disable user + rtnbit1 L2CAP_CHANNEL_STATE_SND_CFG_REQ,pdata + rtnbit0 L2CAP_CHANNEL_STATE_CONN_REQ,pdata + rtnbit0 L2CAP_CHANNEL_STATE_CONN_RES,pdata + set1 L2CAP_CHANNEL_STATE_SND_CFG_REQ,pdata + copy contr,contw + increase -1,contw + istore 1,contw + enable user + rtn +l2cap_send_config_req: +l2cap_send_config_req_sdp: + fetch 1,mem_sdp_state + call l2cap_check_channel_state + nbranch l2cap_send_config_req_rfcomm,user + jam L2CAP_SDP_channel,mem_send_config_req + fetch 2,mem_sdp_remote_cid + store 2,mem_config_req_dest_CID + branch l2cap_generate_config_req +l2cap_send_config_req_rfcomm: + fetch 1,mem_rfcomm_state + call l2cap_check_channel_state + nbranch l2cap_send_config_req_hid_ctrl,user + jam L2CAP_RFCOMM_channel,mem_send_config_req + fetch 2,mem_RFCOMM_remote_CID + store 2,mem_config_req_dest_CID + branch l2cap_generate_config_req +l2cap_send_config_req_hid_ctrl: + fetch 1,mem_hid_control_state + call l2cap_check_channel_state + nbranch l2cap_send_config_req_hid_int,user + jam L2CAP_HID_Control_channel,mem_send_config_req + fetch 2,mem_hid_ctrl_remote_cid + store 2,mem_config_req_dest_CID + branch l2cap_generate_config_req +l2cap_send_config_req_hid_int: + fetch 1,mem_hid_interrupt_state + call l2cap_check_channel_state + nrtn user//End of sending config req + jam L2CAP_HID_Interrupt_channel,mem_send_config_req + fetch 2,mem_hid_int_remote_cid + store 2,mem_config_req_dest_CID + //branch L2CAP_generate_config_req + +l2cap_generate_config_req: + bpatch patch19_5,mem_patch19 + call l2cap_get_req_id + call l2cap_malloc_signal_channel + force 0,regB + call l2cap_get_signal_tx_payload + force signal_config_req,pdata + istore 1,contw + fetch 1,mem_ML2CAP_comm_id + istore 1,contw + setarg 0x0008 + istore 2,contw + fetch 2,mem_config_req_dest_CID + istore 2,contw + setarg 0x0000 + istore 2,contw + force 1,pdata + istore 1,contw + force 2,pdata + istore 1,contw + fetch 1,mem_send_config_req + beq L2CAP_RFCOMM_channel,l2cap_generate_config_req_rfcomm + setarg L2CAP_config_MTU_SDP + istore 2,contw + branch l2cap_generate_config_req_done +l2cap_generate_config_req_rfcomm: + setarg L2CAP_config_MTU_RFCOMM + istore 2,contw +l2cap_generate_config_req_done: + arg 0x0c,temp + storet 2,mem_l2cap_signal_tx_length + call l2cap_get_signal_tx_buff + fetch 2,mem_l2cap_signal_tx_length + istore 2,contw + force L2CAP_signal_channel,pdata + istore 2,contw + jam 0,mem_send_config_req +l2cap_proc_signal_config_req_rtn: + branch l2cap_process_one_signal_rtn + +l2cap_proc_signal_config_rsp: + increase 1,contr + ifetch 2,contr + copy pdata,regA + copy regC,pdata + isub regA,regC + ifetch 2,contr //source cid + copy pdata,regA + bpatch patch19_6,mem_patch19 + setarg L2CAP_SDP_channel + isub rega,null + branch l2cap_proc_signal_config_rsp_sdp,zero + setarg L2CAP_RFCOMM_channel + isub rega,null + branch l2cap_proc_signal_config_rsp_rfcomm,zero + setarg L2CAP_HID_Control_channel + isub rega,null + branch l2cap_proc_signal_config_rsp_hid_ctrl,zero + setarg L2CAP_HID_Interrupt_channel + isub rega,null + branch l2cap_proc_signal_config_rsp_hid_int,zero + increase 2,contr + ifetch 2,contr + iforce null + branch l2cap_process_one_signal_rtn +l2cap_proc_signal_config_rsp_sdp: + fetch 1,mem_sdp_state + set1 L2CAP_CHANNEL_STATE_RCV_CFG_RES,pdata + store 1,mem_sdp_state + branch l2cap_process_one_signal_rtn +l2cap_proc_signal_config_rsp_rfcomm: + fetch 1,mem_rfcomm_state + set1 L2CAP_CHANNEL_STATE_RCV_CFG_RES,pdata + store 1,mem_rfcomm_state + branch l2cap_process_one_signal_rtn +l2cap_proc_signal_config_rsp_hid_ctrl: + fetch 1,mem_hid_control_state + set1 L2CAP_CHANNEL_STATE_RCV_CFG_RES,pdata + store 1,mem_hid_control_state + branch l2cap_process_one_signal_rtn +l2cap_proc_signal_config_rsp_hid_int: + fetch 1,mem_hid_interrupt_state + set1 L2CAP_CHANNEL_STATE_RCV_CFG_RES,pdata + store 1,mem_hid_interrupt_state + jam BT_EVT_HID_CONNECTED,mem_fifo_temp + branch ui_ipc_send_event + + + +l2cap_proc_signal_disconnect_req: + ifetch 1,contr + copy pdata,queue + ifetch 2,contr + copy pdata,regA + copy regC,pdata + isub regA,regC + ifetch 2,contr + copy pdata,regA + ifetch 2,contr + copy pdata,timeup + copy regA,temp + call save_cont_pointers + bpatch patch19_7,mem_patch19 + setarg L2CAP_SDP_channel + isub temp,null + branch l2cap_proc_signal_disconnect_req_sdp,zero + setarg L2CAP_RFCOMM_channel + isub temp,null + branch l2cap_proc_signal_disconnect_req_rfcomm,zero + setarg L2CAP_HID_Control_channel + isub temp,null + branch l2cap_proc_signal_disconnect_req_hid_ctrl,zero + setarg L2CAP_HID_Interrupt_channel + isub temp,null + branch l2cap_proc_signal_disconnect_req_hid_int,zero + call l2cap_reject_command + branch l2cap_proc_signal_disconnect_req_err_rtn +l2cap_proc_signal_disconnect_req_hid_ctrl: + copy timeup,temp + fetch 2,mem_hid_ctrl_remote_cid + isub temp,null + branch l2cap_disconnect_hid_control_now,zero + call l2cap_reject_command + branch l2cap_proc_signal_disconnect_req_err_rtn +l2cap_proc_signal_disconnect_req_hid_int: + copy timeup,temp + fetch 2,mem_hid_int_remote_cid + isub temp,null + branch l2cap_disconnect_hid_interrupt_now,zero + call l2cap_reject_command + branch l2cap_proc_signal_disconnect_req_err_rtn + +l2cap_proc_signal_disconnect_req_sdp: + copy timeup,temp + fetch 2,mem_sdp_remote_cid + isub temp,null + branch l2cap_disconnect_sdp_now,zero + call l2cap_reject_command + branch l2cap_proc_signal_disconnect_req_err_rtn +l2cap_disconnect_hid_control_now: + call l2cap_reset_hid_ctrl_state + branch l2cap_send_disconnect_rsp_pkt +l2cap_disconnect_hid_interrupt_now: + call l2cap_reset_hid_int_state + fetch 2, mem_hid_ctrl_remote_cid + branch l2cap_send_disconnect_rsp_pkt, blank + //set the flag,hid channel close + //should we set here? + //call HID_mem_lock + //fetch 1, mem_hid_cb1 + //set1 HID_CB_APP_HID_DISCONNECTED,pdata + //store 1, mem_hid_cb1 + //call HID_mem_unlock + branch l2cap_send_disconnect_rsp_pkt + +l2cap_disconnect_sdp_now: + call l2cap_reset_sdp_channel_state + fetch 1,mem_upper_sm_ss + nbranch l2cap_send_disconnect_rsp_pkt,blank + //jam LMP_ENCRYPTION_MODE_REQ,mem_lmo_opcode2 + //jam UPPERSM_RP_SDP_CONN,mem_upper_sm_remote_page + branch l2cap_send_disconnect_rsp_pkt +l2cap_proc_signal_disconnect_req_rfcomm: + copy timeup,temp + fetch 2, mem_RFCOMM_remote_CID + isub temp,null + branch l2cap_disconnect_rfcomm_now,zero + call l2cap_reject_command + branch l2cap_proc_signal_disconnect_req_err_rtn +l2cap_disconnect_rfcomm_now: + call l2cap_reset_rfcomm_channel_state + branch l2cap_send_disconnect_rsp_pkt +l2cap_send_disconnect_rsp_pkt: + call load_cont_pointers + setarg signal_disconnect_rsp + istore 1,contw + copy queue,pdata + istore 1,contw + setarg 0x0004 + istore 2,contw + copy regA,pdata + istore 2,contw + copy timeup,pdata + istore 2,contw + force 8,pdata + branch l2cap_proc_signal_disconnect_req_rtn +l2cap_proc_signal_disconnect_req_err_rtn: + call load_cont_pointers + branch l2cap_proc_signal_disconnect_req_rtn +l2cap_proc_signal_disconnect_req_rtn: + iadd regB,regB + branch l2cap_process_one_signal_rtn +l2cap_proc_signal_disconnect_rsp: + ifetch 1,contr + copy pdata,queue + ifetch 2,contr + copy pdata,regA + copy regC,pdata + isub regA,regC + ifetch 2,contr + copy pdata,timeup + ifetch 2,contr + copy pdata,temp + call save_cont_pointers + bpatch patch1a_0,mem_patch1a + setarg L2CAP_SDP_channel + isub temp,null + branch l2cap_proc_signal_disconnect_rsp_sdp,zero + setarg L2CAP_RFCOMM_channel + isub temp,null + branch l2cap_proc_signal_disconnect_rsp_rfcomm,zero + setarg L2CAP_HID_Control_channel + isub temp,null + branch l2cap_proc_signal_disconnect_rsp_hid_ctrl,zero + setarg L2CAP_HID_Interrupt_channel + isub temp,null + branch l2cap_proc_signal_disconnect_rsp_hid_int,zero + call l2cap_reject_command + branch l2cap_proc_signal_disconnect_rsp_err_rtn +l2cap_proc_signal_disconnect_rsp_sdp: + copy temp,regA + copy timeup,temp + fetch 2,mem_sdp_remote_cid + isub temp,null + call l2cap_reset_sdp_channel_state,zero + branch l2cap_proc_signal_disconnect_rsp_rtn +l2cap_proc_signal_disconnect_rsp_rfcomm: + copy temp,regA + copy timeup,temp + fetch 2,mem_rfcomm_remote_CID + isub temp,null + call l2cap_reset_rfcomm_channel_state,zero + branch l2cap_proc_signal_disconnect_rsp_rtn +l2cap_proc_signal_disconnect_rsp_hid_ctrl: + copy temp,regA + copy timeup,temp + fetch 2,mem_hid_ctrl_remote_cid + isub temp,null + call l2cap_reset_hid_ctrl_state,zero + branch l2cap_proc_signal_disconnect_rsp_rtn +l2cap_proc_signal_disconnect_rsp_hid_int: + copy temp,regA + copy timeup,temp + fetch 2,mem_hid_int_remote_cid + isub temp,null + call l2cap_reset_hid_int_state,zero + branch l2cap_proc_signal_disconnect_rsp_rtn +l2cap_proc_signal_disconnect_rsp_rtn: + call load_cont_pointers + branch l2cap_process_one_signal_rtn +l2cap_proc_signal_disconnect_rsp_err_rtn: + branch l2cap_process_one_signal_rtn + +/* received an echo request from remote BD. Will echo the 1st 1 byte back, */ +l2cap_proc_signal_echo_req: + ifetch 1,contr + copy pdata,queue + ifetch 2,contr + copy pdata,regA + iadd contr,contr + setarg 9 + istore 1,contw + copy queue,pdata + istore 1,contw + force 0x0000,pdata + istore 2,contw + force 4,pdata + iadd regB,regB + copy regC,pdata + isub regA,regC + branch l2cap_process_one_signal_rtn +l2cap_proc_signal_echo_rsp: + branch l2cap_process_one_signal_rtn + +l2cap_proc_signal_info_rsp: + branch l2cap_process_one_signal_rtn +l2cap_reject_command: + force 0,regB + call l2cap_get_signal_tx_payload + setarg signal_cmd_reject + istore 1,contw + copy queue,pdata + istore 1,contw + setarg 2 + istore 2,contw + setarg cmd_not_understood + istore 2,contw + increase 6,regB + arg 4,regC + branch l2cap_process_one_signal_rtn + + + +l2cap_reset_rfcomm_channel_state: + setarg 0 + store 2,mem_RFCOMM_Tx_pkt_length + store 2,mem_RFCOMM_remote_CID + jam 0,mem_rfcomm_state + rtn +l2cap_reset_sdp_channel_state: + setarg 0 + store 2,mem_sdp_tx_pkt_length + store 2,mem_sdp_remote_cid + jam 0,mem_sdp_state + rtn +l2cap_reset_hid_ctrl_state: + setarg 0 + store 2,mem_hid_ctrl_remote_cid + jam 0,mem_hid_control_state + fetch 1,mem_hid_interrupt_state + beq 0,l2cap_reset_hid_disconnected + rtn + +l2cap_reset_hid_int_state: + setarg 0 + store 2,mem_hid_int_remote_cid + jam 0,mem_hid_interrupt_state + fetch 1,mem_hid_control_state + beq 0,l2cap_reset_hid_disconnected + rtn + +l2cap_reset_hid_disconnected: + jam BT_EVT_HID_DISCONNECTED,mem_fifo_temp + branch ui_ipc_send_event + +l2cap_disconnect_interrupt_req: + fetch 1,mem_CONTROL_tasks + set0 L2CAP_DISCONNECT_INTERRUPT, pdata + store 1,mem_CONTROL_tasks + fetch 2, mem_hid_int_remote_cid + rtn blank + call l2cap_malloc_signal_channel + fetch 2, mem_hid_int_remote_cid + copy pdata,regA + force L2CAP_HID_Interrupt_channel,regB + branch l2cap_generate_disconnect_req +l2cap_disconnect_control_req: + fetch 1,mem_CONTROL_tasks + set0 L2CAP_DISCONNECT_CONTROL, pdata + store 1,mem_CONTROL_tasks + fetch 2, mem_hid_ctrl_remote_cid + rtn blank + call l2cap_malloc_signal_channel + fetch 2, mem_hid_ctrl_remote_cid + copy pdata,regA + force L2CAP_HID_Control_channel,regB +l2cap_generate_disconnect_req: + call l2cap_get_req_id + call l2cap_get_signal_tx_payload + force signal_disconnect_req,pdata + istore 1,contw + fetch 1,mem_ML2CAP_comm_id + istore 1,contw + setarg 0x0004 + istore 2,contw + copy regA,pdata + istore 2,contw + copy regB,pdata + istore 2,contw + force 0x08,temp //signal tx length in temp + branch ml2cap_send_signal + +ml2cap_send_signal_connect_req: + bpatch patch1a_1,mem_patch1a + call l2cap_get_req_id + call l2cap_get_signal_tx_payload + setarg signal_connect_req + istore 1,contw + fetch 1,mem_ML2CAP_comm_id + istore 1,contw + setarg 0x0004 + istore 2,contw + copy temp,pdata //PSM + istore 2,contw + copy timeup,pdata + istore 2,contw + arg 8,temp + branch ml2cap_send_signal +ml2cap_send_signal_config_req: + bpatch patch1a_2,mem_patch1a + call l2cap_get_req_id + call l2cap_get_signal_tx_payload + setarg signal_config_req + istore 1,contw + fetch 1,mem_ML2CAP_comm_id + istore 1,contw + setarg 0x0008 + istore 2,contw + /****modigy for nokia*****/ + copy temp,pdata + /*setarg 0x0040*/ + istore 2,contw + setarg 0x0000 + istore 2,contw + setarg 0x01 + istore 1,contw + setarg 0x02 + istore 1,contw + setarg L2CAP_config_MTU_RFCOMM + istore 2,contw + arg 0xc,temp + branch ml2cap_send_signal +ml2cap_send_signal_disconn_req: + bpatch patch1a_3,mem_patch1a + call l2cap_get_req_id + call l2cap_get_signal_tx_payload + setarg signal_disconnect_req + istore 1,contw + fetch 1,mem_ML2CAP_comm_id + increase 1,pdata + copy contw,regA + store 1,mem_ML2CAP_comm_id + copy regA,contw + istore 1,contw + setarg 0x0004 + istore 2,contw + copy temp,pdata + istore 2,contw + copy timeup,pdata + istore 2,contw + arg 0x8,temp + //branch ml2cap_send_signal + //Fall through +ml2cap_send_signal: + storet 2,mem_l2cap_signal_tx_length + copy temp,pdata + branch l2cap_malloc_discard,blank + call l2cap_get_signal_tx_buff + fetch 2,mem_l2cap_signal_tx_length + istore 2,contw //make sure that length is still in temp! + force L2CAP_signal_channel,pdata + istore 2,contw + rtn + +msdp_send_req_done: + fetch 2,mem_sdp_tx_pkt_length + branch assert,blank + call l2cap_get_sdp_tx_buff + fetch 2,mem_sdp_tx_pkt_length + istore 2,contw + fetch 2,mem_sdp_remote_cid + istore 2,contw + rtn +ml2cap_rx_multiplexing: + fetch 2, mem_l2cap_rx_pkt_length + branch l2cap_rx_reset_state,blank + bpatch patch1a_4,mem_patch1a + fetch 1,mem_l2cap_rx_cid + beq L2CAP_signal_channel,ml2cap_call_proc_signal + beq L2CAP_SDP_channel,ml2cap_call_proc_sdp + beq L2CAP_RFCOMM_channel,l2cap_call_proc_rfcomm + beq L2CAP_HID_Control_channel,l2cap_call_proc_hid + beq L2CAP_HID_Interrupt_channel,l2cap_call_proc_hid + branch l2cap_rx_reset_state + +ml2cap_call_proc_signal: + bpatch patch1a_5,mem_patch1a + call l2cap_malloc_signal_channel + force 0,regB + call l2cap_get_signal_tx_payload + copy pdata,contw + fetch 2,mem_l2cap_rx_pkt_length + copy pdata,regC + fetch 2,mem_l2cap_payload_ptr + iforce contr +ml2cap_proc_one_comm_loop: + call ml2cap_proc_one_comm + increase -4,regC + nbranch ml2cap_proc_one_comm_loop,zero + copy regB,temp + call ml2cap_send_signal + branch l2cap_rx_reset_state + +ml2cap_proc_one_comm: + ifetch 1,contr + beq signal_connect_req,ml2cap_proc_signal_connect_req + beq signal_cmd_reject,ml2cap_proc_signal_cmd_reject + beq signal_connect_rsp,ml2cap_proc_signal_connect_rsp + beq signal_config_rsp,ml2cap_proc_signal_config_rsp + beq signal_config_req,ml2cap_proc_signal_config_req + beq signal_disconnect_rsp,ml2cap_proc_signal_disconn_rsp + beq signal_disconnect_req,ml2cap_proc_signal_disconn_req + beq signal_echo_req,l2cap_proc_signal_echo_req + beq signal_info_req,ml2cap_proc_signal_info_req + branch ml2cap_proc_send_reject + +ml2cap_proc_signal_connect_req: + call save_cont_pointers + //jam NO_RECONNECTION,memui_reconnect_mode + call load_cont_pointers + branch l2cap_proc_signal_connect_req +ml2cap_proc_signal_cmd_reject: + ifetch 1,contr + copy pdata,queue + ifetch 2,contr + copy pdata,regA + copy regC,pdata + isub regA,regC +mvptr: + ifetch 1,contr + increase -1,regA + nbranch mvptr,zero + rtn +ml2cap_proc_signal_connect_rsp: + ifetch 1,contr //id + copy pdata,queue + ifetch 2,contr + copy pdata,regA //length + ifetch 2,contr + copy pdata,timeup //destination cid + ifetch 2,contr + copy pdata,temp //source cid + ifetch 2,contr // result + sub pdata,0,null + branch ml2cap_proc_signal_connect_rsp_sucessful,zero + beq L2CAP_connect_refused_PSM_unsupported,ml2cap_proc_signal_connect_refused_result + beq L2CAP_connect_refused_no_resources,ml2cap_proc_signal_connect_refused_result + branch ml2cap_proc_signal_connect_rsp_mnosucc +ml2cap_proc_signal_connect_refused_result: + jam BT_EVT_ML2CAP_CONN_REFUSED,mem_fifo_temp + call ui_ipc_send_event +ml2cap_proc_signal_connect_rsp_mnosucc: + ifetch 2,contr //reason + branch mnosucc +ml2cap_proc_signal_connect_rsp_sucessful: + call save_cont_pointers + //fetch 1,mem_ML2CAP_comm_id + //icompare 0xff,queue + //nbranch mnosucc1,true + bpatch patch1a_6,mem_patch1a + setarg L2CAP_SDP_channel + isub temp,null + branch ml2cap_proc_signal_connect_rsp_sdp,zero + setarg L2CAP_RFCOMM_channel + isub temp,null + branch ml2cap_proc_signal_connect_rsp_rfcomm,zero + setarg L2CAP_HID_Interrupt_channel + isub temp,null + branch ml2cap_proc_signal_connect_rsp_hid_int,zero + setarg L2CAP_HID_Control_channel + isub temp,null + branch ml2cap_proc_signal_connect_rsp_hid_ctrl,zero + branch mnosucc +ml2cap_proc_signal_connect_rsp_sdp: + copy timeup,pdata + store 2,mem_sdp_remote_cid + fetch 1,mem_sdp_state + set1 L2CAP_CHANNEL_STATE_CONN_RES + store 1,mem_sdp_state + branch mnosucc1 +ml2cap_proc_signal_connect_rsp_rfcomm: + copy timeup,pdata + store 2,mem_RFCOMM_remote_CID + fetch 1,mem_rfcomm_state + set1 L2CAP_CHANNEL_STATE_CONN_RES + store 1,mem_rfcomm_state + branch mnosucc1 +ml2cap_proc_signal_connect_rsp_hid_ctrl: + copy timeup,pdata + store 2,mem_hid_ctrl_remote_cid + fetch 1,mem_hid_control_state + set1 L2CAP_CHANNEL_STATE_CONN_RES + store 1,mem_hid_control_state + branch mnosucc1 +ml2cap_proc_signal_connect_rsp_hid_int: + copy timeup,pdata + store 2,mem_hid_int_remote_cid + fetch 1,mem_hid_interrupt_state + set1 L2CAP_CHANNEL_STATE_CONN_RES + store 1,mem_hid_interrupt_state + //branch mnosucc1 + +mnosucc1: + call load_cont_pointers +mnosucc: + copy regC,pdata + isub regA,regC + rtn + +ml2cap_proc_signal_config_rsp: + ifetch 1,contr // Ident + copy pdata,queue + ifetch 2,contr // SigLen + copy pdata,regA + copy regC,pdata + isub regA,regC + ifetch 2,contr // DestnCID + copy pdata,timeup + ifetch 2,contr + ifetch 2,contr // Get the result value, check success + nbranch mcrsdone1,blank + call save_cont_pointers + //fetch 1,mem_ML2CAP_comm_id + //icompare 0xff,queue + //nbranch mcfrsdone,true + copy timeup,temp + bpatch patch1a_7,mem_patch1a + setarg L2CAP_SDP_channel + isub temp,null + branch ml2cap_proc_signal_config_rsp_sdp,zero + setarg L2CAP_RFCOMM_channel + isub temp,null + branch ml2cap_proc_signal_config_rsp_rfcomm,zero + setarg L2CAP_HID_Control_channel + isub temp,null + branch ml2cap_proc_signal_config_rsp_hid_ctrl,zero + setarg L2CAP_HID_Interrupt_channel + isub temp,null + branch ml2cap_proc_signal_config_rsp_hid_int,zero +ml2cap_proc_signal_config_rsp_sdp: + fetch 1,mem_sdp_state + set1 L2CAP_CHANNEL_STATE_RCV_CFG_RES + store 1,mem_sdp_state + rtn +ml2cap_proc_signal_config_rsp_rfcomm: + fetch 1,mem_rfcomm_state + set1 L2CAP_CHANNEL_STATE_RCV_CFG_RES + store 1,mem_rfcomm_state + rtn +ml2cap_proc_signal_config_rsp_hid_ctrl: + fetch 1,mem_hid_control_state + set1 L2CAP_CHANNEL_STATE_RCV_CFG_RES + store 1,mem_hid_control_state + rtn +ml2cap_proc_signal_config_rsp_hid_int: + fetch 1,mem_hid_interrupt_state + set1 L2CAP_CHANNEL_STATE_RCV_CFG_RES + store 1,mem_hid_interrupt_state + jam BT_EVT_HID_CONNECTED,mem_fifo_temp + branch ui_ipc_send_event + + +mcfrsdone: + call load_cont_pointers +mcrsdone1: + increase -6,regA +mloop2: + branch mcrsdone,zero + increase 1,contr + increase -1,regA + branch mloop2 +mcrsdone: + rtn +ml2cap_proc_signal_config_req: + ifetch 1,contr // Ident + copy pdata,queue + ifetch 2,contr // SigLen + copy pdata,regA + copy regC,pdata + isub regA,regC + ifetch 2,contr // DestnCID + increase 2,contr + copy pdata,temp + setarg signal_config_rsp + istore 1,contw + copy queue,pdata + istore 1,contw + increase 2,regA + copy regA,pdata + istore 2,contw + call save_cont_pointers + bpatch patch1b_0,mem_patch1b + setarg L2CAP_SDP_channel + isub temp,null + branch ml2cap_proc_signal_config_req_sdp,zero + setarg L2CAP_RFCOMM_channel + isub temp,null + branch ml2cap_proc_signal_config_req_rfcomm,zero + setarg L2CAP_HID_Control_channel + isub temp,null + branch ml2cap_proc_signal_config_req_hid_ctrl,zero + setarg L2CAP_HID_Interrupt_channel + isub temp,null + branch ml2cap_proc_signal_config_req_hid_int,zero + branch mcfgrq_done +ml2cap_proc_signal_config_req_sdp: + fetch 1,mem_sdp_state + set1 L2CAP_CHANNEL_STATE_RCV_CFG_REQ,pdata + set1 L2CAP_CHANNEL_STATE_SND_CFG_RES,pdata + store 1,mem_sdp_state + bbit1 L2CAP_CHANNEL_STATE_SND_CFG_REQ,ml2cap_proc_signal_config_req_sdp_nsndreq + fetcht 1,mem_CONTROL_tasks + set1 L2CAP_init_Config_Req,temp + storet 1,mem_CONTROL_tasks + copy queue,pdata + increase 1,pdata + store 1,mem_config_identifier + fetch 1,mem_sdp_state + set1 L2CAP_CHANNEL_STATE_SND_CFG_REQ,pdata + store 1,mem_sdp_state +ml2cap_proc_signal_config_req_sdp_nsndreq: + fetch 2,mem_sdp_remote_cid + store 2,mem_config_req_dest_CID + branch mcfgrq_done +ml2cap_proc_signal_config_req_rfcomm: + fetch 1,mem_rfcomm_state + set1 L2CAP_CHANNEL_STATE_RCV_CFG_REQ,pdata + set1 L2CAP_CHANNEL_STATE_SND_CFG_RES,pdata + store 1,mem_rfcomm_state + fetch 2,mem_RFCOMM_remote_CID + branch mcfgrq_done +ml2cap_proc_signal_config_req_hid_ctrl: + fetch 1,mem_hid_control_state + set1 L2CAP_CHANNEL_STATE_RCV_CFG_REQ,pdata + set1 L2CAP_CHANNEL_STATE_SND_CFG_RES,pdata + store 1,mem_hid_control_state + fetch 2,mem_hid_ctrl_remote_cid + branch mcfgrq_done +ml2cap_proc_signal_config_req_hid_int: + fetch 1,mem_hid_interrupt_state + set1 L2CAP_CHANNEL_STATE_RCV_CFG_REQ,pdata + set1 L2CAP_CHANNEL_STATE_SND_CFG_RES,pdata + store 1,mem_hid_interrupt_state + fetch 2,mem_hid_int_remote_cid + //branch mcfgrq_done + +mcfgrq_done: + copy pdata,timeup + call load_cont_pointers +/*******for Nokia**************/ + copy timeup,pdata + /*setarg 0x0040*/ + istore 2,contw + force 0x0000,pdata + istore 2,contw + force 0x0000,pdata + istore 2,contw + force 10,pdata + iadd regB,regB + increase -6,regA +mloop1: + branch mcrqdone,zero + ifetch 1,contr + istore 1,contw + increase 1,regB + increase -1,regA + branch mloop1 +mcrqdone: + rtn +ml2cap_proc_signal_disconn_req: + ifetch 1,contr + copy pdata,queue + ifetch 2,contr + copy pdata,regA + copy regC,pdata + isub regA,regC + + ifetch 2,contr + copy pdata,regA + ifetch 2,contr + copy pdata,timeup + call save_cont_pointers + bpatch patch1b_1,mem_patch1b + setarg L2CAP_SDP_channel + copy regA,temp + isub temp,null + branch ml2cap_proc_signal_disconn_sdp,zero + setarg L2CAP_HID_Control_channel + copy regA,temp + isub temp,null + branch ml2cap_proc_signal_disconn_hid_ctrl,zero + setarg L2CAP_HID_Interrupt_channel + copy regA,temp + isub temp,null + branch ml2cap_proc_signal_disconn_hid_int,zero + branch mclsrfc +ml2cap_proc_signal_disconn_sdp: + setarg 0x0000 + store 2,mem_sdp_tx_pkt_length + store 2,mem_sdp_remote_cid + store 1,mem_sdp_state + branch mclssdp +ml2cap_proc_signal_disconn_hid_ctrl: + call l2cap_reset_hid_ctrl_state + branch mclssdp +ml2cap_proc_signal_disconn_hid_int: + call l2cap_reset_hid_int_state + //call HID_mem_lock + //fetch 1, mem_hid_cb1 + //set1 HID_CB_APP_HID_DISCONNECTED,pdata + //store 1, mem_hid_cb1 + //call HID_mem_unlock + branch mclssdp +mclsrfc: + setarg 0x0000 + store 2,mem_RFCOMM_Tx_pkt_length +mclssdp: + call load_cont_pointers + setarg signal_disconnect_rsp + istore 1,contw + copy queue,pdata + istore 1,contw + setarg 0x0004 + istore 2,contw + copy regA,pdata + istore 2,contw + copy timeup,pdata + istore 2,contw + force 8,pdata + iadd regB,regB + rtn + +ml2cap_proc_signal_disconn_rsp: + ifetch 1,contr + copy pdata,queue + ifetch 2,contr + copy pdata,regA + ifetch 2,contr + copy pdata,timeup + ifetch 2,contr + copy pdata,temp + call save_cont_pointers + bpatch patch1b_2,mem_patch1b + fetch 1,mem_ML2CAP_comm_id + icompare 0xff,queue + nbranch mdisdone,true + setarg L2CAP_SDP_channel + isub temp,null + branch ml2cap_proc_signal_disconn_rsp_sdp,zero + setarg L2CAP_RFCOMM_channel + isub temp,null + branch ml2cap_proc_signal_disconn_rsp_rfcomm,zero + branch mdisdone +ml2cap_proc_signal_disconn_rsp_sdp: + jam 0,mem_sdp_remote_cid + jam 0,mem_sdp_state + branch mdisdone +ml2cap_proc_signal_disconn_rsp_rfcomm: + // + // +mdisdone: + call load_cont_pointers + copy regC,pdata + isub regA,regC + rtn + +ml2cap_proc_send_reject: + setarg signal_cmd_reject + istore 1,contw + ifetch 1,contr + istore 1,contw + setarg 0x0002 + istore 2,contw + setarg 0x0000 + istore 2,contw + setarg 0x0006 + iadd regB,regB + force 4,regC + rtn + +//l2cap command id, 0 is not allowed +l2cap_get_req_id: + fetch 1,mem_ML2CAP_comm_id + increase 1,pdata + bne 0,l2cap_get_req_id_ok + increase 1,pdata +l2cap_get_req_id_ok: + store 1,mem_ML2CAP_comm_id + rtn + + +/*********************************************************/ +//char* malloc(short len) +//input: regA -> len +//rtn: regB -> pbuff;return from pdata +//val: queue -> i +//val: timeup -> buff_cnt +/*********************************************************/ +l2cap_malloc: + bpatch patch1b_3,mem_patch1b + arg 0,regb + call l2cap_malloc_is_fifo_full + nbranch assert,blank//assert when fifo full + call l2cap_malloc_get_full_map +ifdef DEBUG_MALLOC + call l2cap_malloc_log_get_ptr + copy regA,pdata + istore 2,contw + sub pdata,1024,null + branch assert,positive + branch assert,blank +endif + arg mem_tx_buff0,regB//pbuff = buff0; + arg 0,queue // i = 0; +l2cap_malloc_loop: + fetcht 1,mem_used_map + qisolate1 temp + branch l2cap_malloc_next,true//if(1 == (used_map & (1 << i)))goto next; + call l2cap_malloc_enough + sub timeup,0,null// (0 - timeup) + branch l2cap_malloc_next,positive//if(buff_cnt <= 0)goto next; + call l2cap_malloc_into_fifo + branch l2cap_malloc_rtn//return (pbuff); +l2cap_malloc_next: + increase 128,regB//pbuff += BUFF_SIZE;//point to next buff + increase 1,queue + setarg 8//BUFF_MAX_COUNT + isub queue,null //BUFF_MAX_COUNT - i + branch l2cap_malloc_loop,positive//while(i < buff_max_count) + arg 0,regB//return NULL +l2cap_malloc_rtn: +ifdef DEBUG_MALLOC + call l2cap_malloc_log_get_ptr + copy regB,pdata + istore 2,contw +endif + copy regB,pdata + branch assert,blank + rtn//return pointer via pdata + +/*********************************************************/ +//void* l2cap_malloc_fifo_out(void) +//output:len -> temp +//output:ptr ->pdata +//only get ptr,not free +/*********************************************************/ +l2cap_malloc_fifo_out: + bpatch patch1b_4,mem_patch1b + call l2cap_malloc_fifo_get_first_ptr + increase 1,contr + ifetch 2,contr //ptr ->pdata + rtn + +/*********************************************************/ +//void free_first_buff_in_fifo(void) +//only free the first one +/*********************************************************/ +l2cap_malloc_free: + bpatch patch1b_5,mem_patch1b + call l2cap_malloc_fifo_get_first_ptr + copy contr,contw + copy contr,temp + setarg 0 + istore 3,contw +ifdef DEBUG_MALLOC + call l2cap_malloc_log_get_ptr + setarg 0xaa + istore 1,contw + istoret 1,contw +endif + rtn +/*********************************************************/ +//void l2cap_malloc_discard(void) +//discard the latest malloc +/*********************************************************/ +l2cap_malloc_discard: + bpatch patch1b_6,mem_patch1b + call l2cap_malloc_is_fifo_empty + branch assert,blank + fetch 3,mem_tx_fifo2 + store 3,mem_tx_fifo3 + fetch 3,mem_tx_fifo1 + store 3,mem_tx_fifo2 + fetch 3,mem_tx_fifo0 + store 3,mem_tx_fifo1 + rtn +/*********************************************************/ +//bool fifo_is_full(void) +//blank == 1: not full +//blank == 0: full +/*********************************************************/ +l2cap_malloc_is_fifo_full: + bpatch patch1b_7,mem_patch1b + fetch 3,mem_tx_fifo0 + rtn +/*********************************************************/ +//bool fifo_nearly_full(void) +//blank == 1: nearly full +//blank == 0: not nearly full +/*********************************************************/ +l2cap_malloc_is_fifo_nearly_full: + bpatch patch1c_0,mem_patch1c + fetch 3,mem_tx_fifo1 + rtn +/*********************************************************/ +//bool fifo_is_empty(void) +//blank == 1: empty +//blank == 0: not empty +/*********************************************************/ +l2cap_malloc_is_fifo_empty: + bpatch patch1c_1,mem_patch1c + fetch 3,mem_tx_fifo3 + rtn +/*********************************************************/ +//char* l2cap_malloc_fifo_get_first_ptr(void) +//output:contr -->ptr +/*********************************************************/ +l2cap_malloc_fifo_get_first_ptr: + call l2cap_malloc_is_fifo_empty + branch assert,blank // fifo is empty + arg mem_tx_fifo0,contr +ifdef DEBUG_MALLOC + arg 5,loopcnt +l2cap_malloc_free_loop: + increase -1,loopcnt + copy loopcnt,pdata + branch assert,blank +else +l2cap_malloc_free_loop: +endif + ifetch 3,contr + branch l2cap_malloc_free_loop,blank + increase -3,contr + rtn + +/*********************************************************/ +//char* l2cap_malloc_get_full_map(void) +//output:mem_used_map -->full_map +//add all maps into one +/*********************************************************/ +l2cap_malloc_get_full_map: + bpatch patch1c_2,mem_patch1c + arg 4,loopcnt + arg mem_tx_fifo0_map,contr + arg 0,temp +l2cap_malloc_get_full_map_loop: + ifetch 3,contr + and pdata,0xff,pdata + ior temp,temp + loop l2cap_malloc_get_full_map_loop + storet 1,mem_used_map + rtn +/*********************************************************/ +//void buff_into_fifo(char buff_index, char buff_cnt, short len) +//input: regA -> len +//input: regC -> buff_index +//input: timeup -> buff_cnt +//val:temp -> (fifo->map) +/*********************************************************/ +l2cap_malloc_into_fifo: + bpatch patch1c_3,mem_patch1c + call l2cap_malloc_is_fifo_full + nbranch assert,blank //fifo full + call l2cap_malloc_is_fifo_empty + branch l2cap_malloc_into_fifo_no_push,blank//fifo empty, no need to push + fetch 3,mem_tx_fifo1 + store 3,mem_tx_fifo0 + ifetch 3,contr//mem_tx_fifo2 + istore 3,contw//mem_tx_fifo1 + ifetch 3,contr//mem_tx_fifo3 + istore 3,contw//mem_tx_fifo2 + setarg 0 + istore 3,contw//mem_tx_fifo3 +l2cap_malloc_into_fifo_no_push: + arg 0,temp + copy timeup,pdata + iadd queue,pdata +l2cap_malloc_into_fifo_loop: + qset1 temp//fifo->map |= 1 << i; + increase 1,queue + isub queue,null + nbranch l2cap_malloc_into_fifo_loop,zero + //map in temp + lshift8 regB,pdata + ior temp,pdata + store 3,mem_tx_fifo3 + rtn + +/*********************************************************/ +//char is_size_enough(char buff_index, short len) +//input: regA -> len +//input: queue -> buff_index +//rtn: timeup -> buff_cnt +//val: max_size_fom_buff_index -> temp +//val: i -> loopcnt +/*********************************************************/ +l2cap_malloc_enough: + bpatch patch1c_4,mem_patch1c + call l2cap_malloc_get_full_map + copy queue,regC//restore buff_index to regC + arg 0,temp + arg 0,timeup//default return val + //increase 1,queue +l2cap_malloc_enough_loop: + copy queue,pdata + beq 8,l2cap_malloc_enough_end + fetch 1,mem_used_map + qisolate1 pdata + branch l2cap_malloc_enough_end,true + increase 128,temp + increase 1,queue + copy regA,pdata + isub temp,null + branch l2cap_malloc_enough_end,zero//(max_size_fom_buff_index == len) + branch l2cap_malloc_enough_loop,positive//(max_size_fom_buff_index < len) +l2cap_malloc_enough_end: + copy temp,pdata + isub regA,null + nbranch l2cap_malloc_enough_rtn,positive// max_size_fom_buff_index - len > 0 + copy queue,pdata//i + copy regC,temp//buff_index + isub temp,timeup//return (i - buff_index) +l2cap_malloc_enough_rtn: + copy regC,queue//restore buff_index to queue + rtn + +ifdef DEBUG_MALLOC +l2cap_malloc_log_get_ptr: + fetch 2,mem_tx_malloc_log + increase 2,pdata + store 2,mem_tx_malloc_log + sub pdata,62,null + nbranch l2cap_malloc_log_clean,positive + increase -2,pdata + iadd contw,contw + rtn +l2cap_malloc_log_clean: + jam 0x00,mem_tx_malloc_log + branch l2cap_malloc_log_get_ptr +endif + +l2cap_malloc_signal_channel: + bpatch patch1c_5,mem_patch1c + arg L2CAP_SIGNAL_MALLOC_SIZE,regA + call l2cap_malloc + store 2,mem_l2cap_signal_tx_buff_ptr + increase 4,pdata + store 2,mem_l2cap_signal_tx_payload_ptr + setarg 0 + store 2,mem_l2cap_signal_tx_length + rtn + +l2cap_get_signal_tx_buff: + fetch 2,mem_l2cap_signal_tx_buff_ptr + branch l2cap_util_pdata_to_contw + +l2cap_get_signal_tx_payload: + fetch 2,mem_l2cap_signal_tx_payload_ptr + branch l2cap_util_pdata_to_contw + + +l2cap_malloc_sdp_channel: + bpatch patch1c_6,mem_patch1c + arg SDP_MALLOC_SIZE,regA + call l2cap_malloc + store 2,mem_sdp_tx_buff_ptr + increase 4,pdata + store 2,mem_sdp_tx_payload_ptr + setarg 0 + store 2,mem_sdp_tx_pkt_length + rtn + +l2cap_get_sdp_tx_buff: + fetch 2,mem_sdp_tx_buff_ptr + branch l2cap_util_pdata_to_contw + +l2cap_get_sdp_tx_payload: + fetch 2,mem_sdp_tx_payload_ptr + branch l2cap_util_pdata_to_contw + + +l2cap_malloc_rfcomm_channel: + bpatch patch1c_7,mem_patch1c + call push_stack + jam RFCOMM_MALLOC_FAIL,mem_rfcomm_malloc_fail_flag + call l2cap_malloc_is_fifo_full + nrtn blank + arg RFCOMM_MALLOC_SIZE,regA + call l2cap_malloc + store 2,mem_rfcomm_tx_buff_ptr + increase 4,pdata + store 2,mem_rfcomm_tx_payload_ptr + setarg 0 + store 2,mem_rfcomm_tx_pkt_length + jam RFCOMM_MALLOC_SUCCEED,mem_rfcomm_malloc_fail_flag + branch pop_stack + +l2cap_get_rfcomm_tx_buff: + fetch 2,mem_rfcomm_tx_buff_ptr + branch l2cap_util_pdata_to_contw + +l2cap_util_pdata_to_contw: + branch assert,blank + copy pdata,contw + rtn + + +l2cap_lpm_save_calc_len: + bpatch patch1d_0,mem_patch1d + arg 0,regb + arg mem_tx_fifo0_map,rega + increase -2,rega +l2cap_lpm_save_calc_len_loop: + increase 2,rega + setarg mem_tx_fifo_end + isub rega,null + branch l2cap_lpm_save_calc_len_end,zero //end of 2lcap tx fifo + ifetch 1,rega + increase 1,rega + branch l2cap_lpm_save_calc_len_loop,blank + ifetcht 2,rega + ifetch 2,temp + iadd regb,regb + increase 4,regb //l2cap header len + branch l2cap_lpm_save_calc_len_loop +l2cap_lpm_save_calc_len_end: + copy regb,pdata + rtn + + +l2cap_lpm_get_wake_lock: + arg wake_lock_l2cap_tx,queue + branch lpm_get_wake_lock + +l2cap_lpm_put_wake_lock: + arg wake_lock_l2cap_tx,queue + branch lpm_put_wake_lock + +l2cap_lpm_save_txbuf: + bpatch patch1d_1,mem_patch1d + call l2cap_malloc_get_full_map + fetch 1,mem_used_map + rtn blank + call l2cap_lpm_save_calc_len + arg l2cap_lpm_txbuf_len,temp + isub temp,null + branch l2cap_lpm_get_wake_lock,positive //no enougth space to save l2cap tx data + call l2cap_lpm_put_wake_lock + arg mem_l2cap_lpm_txbuf,contw + arg mem_tx_fifo0,rega +l2cap_lpm_save_txbuf_loop: + setarg mem_tx_fifo_end + isub rega,null + rtn zero //end of 2lcap tx fifo + ifetch 1,rega //mem_tx_fifoX_map + increase 1,rega + nbranch l2cap_lpm_save_txbuf_nempty,blank + istore 2,contw // length = 0 + increase 2,rega + branch l2cap_lpm_save_txbuf_loop +l2cap_lpm_save_txbuf_nempty: + ifetch 2,rega //ptr + increase 2,rega + copy pdata,contr + ifetch 2,contr //l2cap len + istore 2,contw + copy pdata,loopcnt + increase 2,loopcnt //add CID len + call memcpy + branch l2cap_lpm_save_txbuf_loop + +l2cap_lpm_load_txbuf: + bpatch patch1d_2,mem_patch1d + call l2cap_malloc_get_full_map + fetch 1,mem_used_map + rtn blank + arg mem_tx_fifo0_ptr,rega + increase -3,rega //mem_tx_fifo0_ptr -3 + arg mem_l2cap_lpm_txbuf,contr +l2cap_lpm_load_txbuf_loop: + increase 3,rega //mem_tx_fifoX_ptr + setarg mem_tx_fifo_end+1 + isub rega,null + rtn zero //end of 2lcap tx fifo + ifetch 2,contr + branch l2cap_lpm_load_txbuf_loop,blank + increase 4,pdata //l2cap header len + copy pdata,loopcnt + copy contr,regb + ifetch 2,rega //ptr + copy pdata,contw + copy regb,contr + increase -2,contr + call memcpy + branch l2cap_lpm_load_txbuf_loop + + + + Index: dukaqi/senrui/program/le.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/le.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/le.prog (working copy) @@ -0,0 +1,1849 @@ +ifdef COMPILE_LE +//******************************************// +//*************LE INIT ****************// +//******************************************// + + +le_init_conn: + bpatch patch1d_3,mem_patch1d + disable wake + jam 1,mem_le_conn_handle + jam 3,mem_le_state + jam 1,mem_le_arq + setarg -1 + store 2,mem_le_event_count + force 0,pdata + store 1,mem_le_ch + store 1,mem_le_op + store 3,mem_sniff_rcv + store 3,mem_sniff_lost + store 5,mem_le_pcnt_tx + set1 39,pdata + store 5,mem_le_pcnt_rx + jam 1,mem_le_txheader + jam 0,mem_le_txlen + branch le_supervision_flush + +le_init_master: + bpatch patch1d_4,mem_patch1d + enable master + jam lemode_master,mem_le_mode + jam 1,mem_le_att_handle + jam 1,mem_le_search_handle_start + setarg 0xffff + store 2,mem_le_search_handle_end + force 0,pdata + store 5,mem_le_pcnt_rx + set1 39,pdata + store 5,mem_le_pcnt_tx + branch le_init_conn + + +le_init_slave: + bpatch patch1d_5,mem_patch1d + disable master + setarg 0x17 + store 2,mem_le_remote_mtu + jam lemode_slave,mem_le_mode + jam 0,mem_le_adv_enable + jam 0,mem_lpm_current_mult + jam FLAG_LE_PAIRING_NULL,mem_le_pairing_state + jam FLAG_LE_ENC_NULL,mem_le_enc_state + fetch 2,mem_le_superto + store 2,mem_le_init_superto + fetch 2,mem_le_tsniff + mul32 pdata,5,pdata + rshift4 pdata,pdata + store 2,mem_le_superto // vol.6 part B 4.5.2 only 6*conninterval before establish + branch le_init_conn + + +//******************************************// +//*************LE main process*********// +//******************************************// +le_dispatch: + call le_enable + call le_scan + call le_adv + branch le_disable + +le_conn_dispatch: + bpatch patch1d_6,mem_patch1d + call le_enable + call app_process_ble + fetch 1,mem_le_mode + beq lemode_master,le_master_dispatch + branch le_slave_dispatch + +//******************************************// +//***********LE master process*********// +//******************************************// + +le_master_dispatch: + bpatch patch1d_7,mem_patch1d + enable master + call le_supervision_update + branch le_master_disconn,positive + call check_ble_disabled + call le_setup + call le_prepare_tx + disable match + call le_transmit_receive_sifs + nrtn match + bpatch patch1e_0,mem_patch1e + fetch 1,mem_le_conn_rcv + increase 1,pdata + store 1,mem_le_conn_rcv + call le_acknowledge + disable master + rtn + +le_master_disconn: + call le_disconnect + disable master + rtn + +//******************************************// +//***********LE slave process***********// +//******************************************// +le_slave_dispatch: + bpatch patch1e_1,mem_patch1e + jam 0,mem_le_md_count +ifdef SECURE_CONNECTION + call sp_calc_sequence_256 + call le_secure_connect_sm +endif + disable attempt + call le_supervision_update + branch le_slave_disconn,positive + call check_ble_disabled + call le_setup + call le_receive_slave + nbranch le_slave_unsync,sync // vol.6 part B 4.5.1 respond even crc error + call le_got_first_packet + branch le_slave_match,match + branch le_slave_cont + + +le_slave_match: + bpatch patch1e_2,mem_patch1e + fetch 1,mem_le_md_count + pincrease 1 + store 1,mem_le_md_count + beq LE_MD_MAX_COUNT,le_slave_cont + call le_acknowledge + call le_prepare_tx + call le_transmit_norx + call le_parse + fetch 2,mem_cb_ble_transmit + call callback_func + call le_check_md + branch le_slave_more_data,user +le_slave_cont: + bpatch patch1e_3,mem_patch1e + call le_pairing_sm + call le_check_paring_time + call check_51cmd + fetch 1,mem_le_op + bbit1 op_disconn,le_slave_disconn +le_slave_unsync: + bpatch patch1e_4,mem_patch1e + call le_lpm_set_mult + call le_update_channel_map + call le_update_param + branch calc_clke_offset + + +le_check_md: + disable user + bmark1 mark_ble_rx_md,enable_user + bmark1 mark_ble_tx_md,enable_user + rtn + + +le_slave_more_data: + bpatch patch1e_5,mem_patch1e + enable attempt + call le_transmit_receive_sifs_notx + branch le_slave_match,match + branch le_slave_cont + +le_slave_disconn: + + //fall through +le_disconnect: + bpatch patch1e_6,mem_patch1e + call le_clear_connection_info + call app_disconn_reason_collect_ble +ifdef SECURE_CONNECTION + call sp_initialize_256 +endif + jam BT_EVT_LE_DISCONNECTED,mem_fifo_temp + branch ui_ipc_send_event + +le_clear_connection_info: + setarg 0 + store 9,mem_le_tx_buff_used + jam 0,mem_le_conn_handle + jam lemode_idle,mem_le_mode + jam 0,mem_le_state + jam FLAG_LE_ENC_NULL,mem_le_enc_state + jam FLAG_LE_PAIRING_NULL,mem_le_pairing_state + rtn + +le_got_first_packet: + bpatch patch1e_7,mem_patch1e + fetch 1,mem_le_conn_rcv + increase 1,pdata + store 1,mem_le_conn_rcv + fetch 1,mem_le_state + rtnbit1 lestate_got_first_packet + set1 lestate_got_first_packet + store 1,mem_le_state + fetch 2,mem_le_init_superto + store 2,mem_le_superto + setarg 0 + store 4,mem_le_transmit_window + rtn + + +le_enable: + bpatch patch1f_0,mem_patch1f + hjam 0x36,0x90f /*For BLE, tune AGC_gain_offset, Max added*/ + hjam 0x5f,0x90b //for BLE + enable le + hjam 7,rfen_ulp /* enable ulp */ + call check_ble_disabled + fetch 1,mem_250k_freq_enable //default: 0 + rtn blank + hjam 0xb8,0x90a + rtn + +le_disable: + bpatch patch1f_1,mem_patch1f + hjam 0x2e,0x90f /*For BR/EDR, tune AGC_gain_offset, Max added*/ + hjam 0xff,0x90b //for EDR&BR + disable le + hjam 3,rfen_ulp + arg 0,stop_watch + rtn + +le_prep: + disable enable_crc + disable enable_white + fetch 3,mem_le_crcinit + iforce crc24_init + fetch 1,mem_le_ch_mapped + reverse pdata,temp + set1 1,temp + rshift temp,white_init + rtn + + +lerx_setfreq: + call le_setfreq + call set_freq_rx + setarg param_pll_setup + call sleep + branch rf_rx_enable + +letx_setfreq: + branch txon,match +letx_setfreq0: + call le_setfreq + branch set_freq_tx +le_setfreq: + bpatch patch1f_2,mem_patch1f + call set_sync_on + fetch 1, mem_le_testtype + nbranch le_ctf_test,blank + fetch 1,mem_le_ch_mapped + sub pdata,36,null + branch le_ctf_normal,positive + force 0,temp + rtneq 37 + force 24,temp + rtneq 38 + force 78,temp + rtn + +le_ctf_normal: + sub pdata,10,null + branch le_ctf_low,positive + increase 1,pdata + +le_ctf_low: + lshift pdata,pdata + add pdata,2,temp + rtn + +le_ctf_test: + fetch 1,mem_le_ch_mapped + lshift pdata,temp + rtn + +le_sca_map: + arg 500,temp + rtn blank + arg 250,temp + rtneq 1 + arg 150,temp + rtneq 2 + arg 100,temp + rtneq 3 + arg 75,temp + rtneq 4 + arg 50,temp + rtneq 5 + arg 40,temp + rtneq 6 + arg 20,temp + rtn + + + +le_adv_access: + setarg 0x8e89be + lshift8 pdata,pdata + or_into 0xd6,pdata + iforce access + setarg 0x555555 + store 3,mem_le_crcinit + rtn + +le_setup: + bpatch patch1f_3,mem_patch1f + enable swfine + fetch 4,mem_le_access + iforce access + call le_map_channel + setarg 0x200 + branch le_setup_master,master + fetch 2,mem_le_receive_window + rshift pdata,pdata +le_setup_master: + arg param_pll_setup,temp + iadd temp,pdata + call ahead_window + deposit clke + store 6,mem_le_rxon_ts + rtn + +le_next_adv_channel: + bpatch patch1f_4,mem_patch1f + fetch 1,mem_le_ch_mapped + beq 37,le_next_adv_channel_curr_channel_37 + beq 38,le_next_adv_channel_curr_channel_38 + beq 39,le_next_adv_channel_curr_channel_39 + branch le_next_adv_channel_curr_channel_39 + +le_next_adv_channel_curr_channel_37: + fetcht 1,mem_le_adv_channel_map + isolate1 BIT_ADV_CHANNEL_MAP_38,temp //check 38 channel enable + branch set_le_next_adv_channel_38,true + isolate1 BIT_ADV_CHANNEL_MAP_39,temp //check 39 channel enable + branch set_le_next_adv_channel_39,true + branch set_le_next_adv_channel_37 + + +le_next_adv_channel_curr_channel_38: + fetcht 1,mem_le_adv_channel_map + isolate1 BIT_ADV_CHANNEL_MAP_39,temp //check 39 channel enable + branch set_le_next_adv_channel_39,true + isolate1 BIT_ADV_CHANNEL_MAP_37,temp //check 37 channel enable + branch set_le_next_adv_channel_37,true + branch set_le_next_adv_channel_38 + + +le_next_adv_channel_curr_channel_39: + fetcht 1,mem_le_adv_channel_map + isolate1 BIT_ADV_CHANNEL_MAP_37,temp //check 37 channel enable + branch set_le_next_adv_channel_37,true + isolate1 BIT_ADV_CHANNEL_MAP_38,temp //check 38 channel enable + branch set_le_next_adv_channel_38,true + branch set_le_next_adv_channel_39 + + + +set_le_next_adv_channel_37: + jam 37,mem_le_ch_mapped + fetch 1,mem_le_adv_channel_map_temp + set1 BIT_ADV_CHANNEL_MAP_37,pdata + store 1,mem_le_adv_channel_map_temp + rtn + +set_le_next_adv_channel_38: + jam 38,mem_le_ch_mapped + fetch 1,mem_le_adv_channel_map_temp + set1 BIT_ADV_CHANNEL_MAP_38,pdata + store 1,mem_le_adv_channel_map_temp + rtn + +set_le_next_adv_channel_39: + jam 39,mem_le_ch_mapped + fetch 1,mem_le_adv_channel_map_temp + set1 BIT_ADV_CHANNEL_MAP_39,pdata + store 1,mem_le_adv_channel_map_temp + rtn + + + +le_context_nexthop: + bpatch patch1f_5,mem_patch1f + add rega,coffset_mode,contr + ifetch 1,contr + rtnbit0 mode_le + add rega,coffset_le_event_cnt,contw + ifetch 2,contw + increase 1,pdata + istore 2,contw + add rega,coffset_le_hop,contr + ifetch 1,contr + add rega,coffset_le_ch,contw + ifetcht 1,contw + iadd temp,pdata + sub pdata,36,null + branch le_nexthop_nowrap,positive + increase -37,pdata +le_nexthop_nowrap: + istore 1,contw + rtn + + +le_calc_channel_map: + bpatch patch1f_6,mem_patch1f + fetch 5,mem_le_channel_map + force 0,temp + force 37,loopcnt +le_count_channels_loop: + bbit0 0,le_count_channels_notused + increase 1,temp +le_count_channels_notused: + rshift pdata,pdata + loop le_count_channels_loop + add temp,-1,pdata + store 1,mem_le_channels + rtn + +le_map_channel: + bpatch patch1f_7,mem_patch1f + fetch 1,mem_le_ch + iforce queue + fetcht 5,mem_le_channel_map + qisolate1 temp + branch le_map_channel_end,true +le_map_channel_next: + bpatchx patch20_0,mem_patch20 + fetch 1,mem_le_channels + isub queue,pdata + branch le_map_channel_cont,positive + sub pdata,-1,queue + branch le_map_channel_next +le_map_channel_cont: + copy queue,loopcnt + force 0,queue +le_map_channel_loop: + qisolate1 temp + branch le_map_channel_skip,true + increase 1,loopcnt +le_map_channel_skip: + deposit loopcnt + branch le_map_channel_end,blank + increase 1,queue + increase -1,loopcnt + branch le_map_channel_loop +le_map_channel_end: + deposit queue + store 1,mem_le_ch_mapped + rtn + + +le_wait_tx: + branch le_wait_master,master + until null,timeout + rtn + +le_wait_master: + arg 0xea0,timeup + until clkn_rt,meet + rtn + +le_receive_adv: + disable swfine + fetch 2,mem_le_scan_window + copy pdata,timeup + branch le_receive_packet + + +le_receive_slave: + bpatchx patch20_1,mem_patch20 + enable swfine + fetch 2,mem_le_receive_window + fetcht 4,mem_le_transmit_window + iadd temp,timeup +le_receive_packet: + call lerx_setfreq +le_receive_rxon: + bpatchx patch20_2,mem_patch20 + call le_prep + disable match + enable decode_fec0 + enable is_rx + disable is_tx + copy timeup,stop_watch + correlate null,timeout + branch le_receive_on_attempt,attempt + copy clke,temp + storet 6,mem_sync_clke +le_receive_on_attempt: + nbranch end_of_packet,sync + branch le_receive_skip,attempt + arg param_clke_cal_le,clke_rt + copy bt_clk,clke_bt + fetch 1,mem_le_state + bbit0 lestate_got_first_packet,le_receive_skip + call lpm_adjust_clk,wake +le_receive_skip: + bpatchx patch20_3,mem_patch20 + call save_rssi + enable enable_white + enable enable_crc + parse demod,bucket,8 + rshift3 pwindow,pdata + store 1,mem_le_rxbuf + parse demod,bucket,8 + rshift3 pwindow,pdata + istore 1,contw + and pdata,0x3f,loopcnt + branch lerx_nopayload,zero + +lerx_loop: + parse demod,bucket,8 + rshift3 pwindow,pdata + istore 1,contw + loop lerx_loop + +lerx_nopayload: + bpatchx patch20_4,mem_patch20 + parse demod,bucket,24 + enable swfine + arg param_sifs,stop_watch // start SIFS timer after last bit of crc + rshift32 pdata,pdata + rshift16 pdata,pdata + istore 3,contw + branch end_of_packet,crc_failed + enable match + fetch 1,mem_last_freq + add pdata,0,rega // ble 2M Medium Frequency + call rf_write_freq /* set frequency to tx mode freq */ + disable decode_fec0 + branch set_sync_on + +le_transmit_receive_sifs: + bpatchx patch20_5,mem_patch20 + call le_transmit +le_transmit_receive_sifs_notx: + fetcht 1,mem_last_freq + call set_freq_rx + call rf_rx_enable + enable swfine + arg 5500,timeup + branch le_receive_rxon + +le_transmit_norx: + call le_transmit + branch end_of_packet + +le_transmit: + bpatchx patch20_6,mem_patch20 + call le_prep + call letx_setfreq + branch le_transmit0 + +le_transmit0: + set1 TXGFSK,radio_ctrl + enable encode_fec0 + enable is_tx + disable is_rx + call le_wait_tx + rshift16 access,pdata + rshift8 pdata,pdata + rshift4 pdata,pdata + inject mod,40 + enable enable_white + enable enable_crc + bpatchx patch20_7,mem_patch20 + fetch 1,mem_le_txheader + inject mod,8 + ifetch 1,contr + and pdata,0x3f,loopcnt + inject mod,8 + branch letr_nopayload,zero +letr_loop: + ifetch 1,contr + inject mod,8 + loop letr_loop + +letr_nopayload: + enable enable_parity + inject mod,24 + disable enable_parity + until null,tx_clear + nop 100 /* flush out the last bit */ + disable encode_fec0 + rtn + +le_send_adv_ind: + bpatchx patch21_0,mem_patch21 + fetch 1,mem_le_adv_type + beq ADV_DIRECT_IND,le_send_adv_direct_ind + fetch 1,mem_le_adv_own_addr_type + lshift4 pdata,pdata + lshift2 pdata,pdata + store 1,mem_le_txheader + fetcht 1,mem_le_adv_data_len + add temp,6,pdata + store 1,mem_le_txlen + fetch 6,mem_le_lap + store 6,mem_le_txpayload + copy temp,loopcnt + arg mem_le_adv_data,contr + call memcpy_fast + branch le_send_adv_transmit +le_send_adv_direct_ind: + fetch 1,mem_le_adv_direct_addr_type + lshift4 pdata,pdata + lshift2 pdata,pdata + increase 1,pdata + store 1,mem_le_txheader + setarg 12 + store 1,mem_le_txlen + fetch 6,mem_le_lap + store 6,mem_le_txpayload + fetch 6,mem_hci_plap + istore 6,contw +le_send_adv_transmit: + bpatchx patch21_1,mem_patch21 + fetch 1,mem_le_adv_transmit + increase 1,pdata + store 1,mem_le_adv_transmit + arg 1800,stop_watch + disable match + branch le_transmit_receive_sifs + +le_send_scan_request: + bpatchx patch21_2,mem_patch21 + fetch 1,mem_le_scan_type + rtnne LE_SCAN_TYPE_ACTIVE + fetch 1,mem_le_adv_transmit + increase 1,pdata + store 1,mem_le_adv_transmit + arg 0x0c03,temp// length + SCAN_REQ PDU + fetch 1,mem_le_scan_own_addr_type + nsetflag blank,LE_SENDER_ADDR_BIT,temp + copy regA,pdata + nsetflag blank,LE_RECEIVER_ADDR_BIT,temp + storet 2,mem_le_txheader + fetch 6,mem_le_lap + istore 6,contw + fetch 6,mem_le_plap + istore 6,contw + branch le_transmit_receive_sifs + + +le_send_scan_response: + bpatchx patch21_3,mem_patch21 + arg SCAN_RSP,temp + fetch 1,mem_le_adv_own_addr_type + nsetflag blank,LE_SENDER_ADDR_BIT,temp + storet 1,mem_le_txheader + fetcht 1,mem_le_scan_data_len + add temp,6,pdata + store 1,mem_le_txlen + fetch 6,mem_le_lap + store 6,mem_le_txpayload + arg mem_le_scan_data,contr + copy temp,loopcnt + call memcpy_fast + call le_transmit_norx + branch le_adv_not_match + +le_connect_request: + bpatchx patch21_4,mem_patch21 + force -1,pdata + setsect 2,1 + store 5,mem_le_channel_map + call le_calc_channel_map + force 4,loopcnt + arg mem_le_access,contw + call generate_random_loop + fetch 2,mem_le_timeout + store 2,mem_le_superto +le_con_req_hop_retry: + random pdata + and_into 0xf,pdata + sub pdata,4,null + branch le_con_req_hop_retry,positive + store 1,mem_le_hop + store 1,mem_tmp1 + bpatchx patch21_5,mem_patch21 + fetcht 2,mem_le_conn_interval + storet 2,mem_le_tsniff + copy temp,regc // tsniff in regc + add clkn_bt,7,pdata // leave space for offset + idiv regc + call wait_div_end + remainder rega + isub rega,pdata + iadd regc,pdata + fetcht 2,mem_le_dsniff + iadd temp,pdata + store 4,mem_le_anchor + isub clkn_bt,rega + increase -6,rega // window offset + arg 0x2205,regb // length & CONN_REQ PDU + fetch 1,mem_le_conn_own_addr_type + nsetflag blank,LE_SENDER_ADDR_BIT,regb + fetch 1,mem_le_conn_peer_addr_type + nsetflag blank,LE_RECEIVER_ADDR_BIT,regb + copy regb,pdata + store 2,mem_le_txheader + fetch 6,mem_le_lap + istore 6,contw//own addr + fetch 6,mem_le_plap + istore 6,contw// peer addr + fetch 4,mem_le_access + istore 4,contw + random pdata + istore 2,contw /* crc init */ + random pdata + istore 1,contw + force 2,pdata /* window size */ + istore 1,contw + rshift2 rega,pdata + istore 2,contw /* window offset */ + rshift2 regc,pdata + istore 2,contw /* conn Interval */ + bpatchx patch21_6,mem_patch21 + setarg 0 /* slave latency */ + istore 2,contw + fetch 2,mem_le_timeout + istore 2,contw + fetch 5,mem_le_channel_map + istore 5,contw /* channel map */ + fetch 1,mem_le_hop + arg param_le_sca,temp + ior temp,pdata + istore 1,contw + call le_transmit_norx + setarg mem_le_txheader + add pdata,18,contr + ifetch 3,contr + store 3,mem_le_crcinit + rtn + +le_init_adv: + bpatchx patch21_7,mem_patch21 + disable master + branch le_adv_access + + + +le_update_param: + fetch 1,mem_le_state + rtnbit0 lestate_update_param + fetch 2,mem_le_event_count + fetcht 2,mem_le_instant + isub temp,pdata + nrtn positive + store 2,mem_pdatatemp + bpatchx patch22_0,mem_patch22 + fetch 1,mem_le_state + set0 lestate_update_param,pdata + set0 lestate_got_first_packet,pdata + store 1,mem_le_state + fetch 4,mem_le_anchor + fetcht 2,mem_le_tsniff + storet 2,mem_temp + isub temp,rega + bpatchx patch22_1,mem_patch22 + fetch 1,mem_le_new_param + store 1,mem_le_window_size + ifetcht 2,contr + ifetch 2,contr + lshift2 pdata,pdata + store 2,mem_le_tsniff + lshift2 temp,temp + iadd temp,pdata + ifetcht 4,contr + storet 4,mem_le_slave_latency // and superTO + iadd rega,pdata + copy pdata,regab + fetch 2,mem_le_tsniff + fetcht 2,mem_temp //last sniff + isub temp,pdata //last sniff - new sniff + fetcht 2,mem_pdatatemp + imul32 temp,pdata + iadd regab,pdata + store 4,mem_le_anchor + call le_receive_window_size + fetch 2,mem_le_superto + store 2,mem_le_init_superto + rtn + + +le_update_channel_map: + bpatchx patch22_2,mem_patch22 + fetch 1,mem_le_state + rtnbit0 lestate_update_map + fetch 2,mem_le_event_count + fetcht 2,mem_le_instant + isub temp,pdata + nrtn positive + fetch 1,mem_le_state + set0 lestate_update_map,pdata + store 1,mem_le_state + fetch 5,mem_le_new_map + store 5,mem_le_channel_map + branch le_calc_channel_map + + +le_acknowledge: + bpatchx patch22_3,mem_patch22 + call le_supervision_flush + call le_check_wak + fetch 1,mem_le_rxbuf + isolate1 md,pdata + setflag true,mark_ble_rx_md,mark + rshift pdata,pdata + ixor temp,pdata + isolate1 nesn,pdata + setflag true,mark_old_packet,mark /* retransmit */ + rtnmark1 mark_old_packet + fetch 1,mem_le_rxbuf+1 + branch le_ack_unenc,blank /* empty packet, no decryption */ + fetch 1,mem_le_state + bbit0 lestate_encryption,le_ack_unenc + call load_sk + call le_decrypt + nrtn blank +le_ack_unenc: + fetcht 1,mem_le_arq + setflip nesn,temp + storet 1,mem_le_arq + rtn + + +le_check_wak: + bpatchx patch22_4,mem_patch22 + fetcht 1,mem_le_arq + isolate0 wak,temp + rtn true + fetch 1,mem_le_rxbuf + lshift pdata,pdata + ixor temp,pdata + rtnbit0 sn /* received NESN is same as SN, NAK */ + set0 wak,temp + setflip sn,temp + storet 1,mem_le_arq + compare 3,temp,3 + nrtn true + fetch 1,mem_le_txpayload + beq LL_START_ENC_REQ,le_set_enc + fetch 1,mem_le_enc_state + beq FLAG_LE_ENC_PAUSE,le_clear_enc + rtn + + +le_set_enc: + fetch 1,mem_le_state + set1 lestate_encryption,pdata + store 1,mem_le_state + rtn + +le_clear_enc: + bpatchx patch22_5,mem_patch22 + jam FLAG_LE_ENC_NULL,mem_le_enc_state + arg 0,pdata + store 4,mem_le_last_mic + store 5,mem_le_pcnt_tx + set1 39,pdata + store 5,mem_le_pcnt_rx + fetch 1,mem_le_state + set0 lestate_encryption,pdata + store 1,mem_le_state + rtn + + +le_wait_adv: + bpatchx patch22_6,mem_patch22 + call le_next_adv_channel + call le_receive_adv + fetch 1,mem_le_adv_waitcnt + increase 1,pdata + store 1,mem_le_adv_waitcnt + rtn + + +le_scan: + bpatchx patch22_7,mem_patch22 + fetch 1,mem_le_scan_enable + rtnne LE_SCAN_ENABLE + arg le_scan_interval_timer,queue + call timer_check + nrtn blank + fetch 2,mem_le_scan_interval + fetcht 2,mem_le_scan_window + isub temp,pdata + arg le_scan_interval_timer,queue + call timer_init + disable master + call le_init_adv + call le_wait_adv + nrtn match + bpatchx patch23_0,mem_patch23 + fetch 6,mem_le_rxbuf+2 + store 6,mem_le_plap +// call le_scan_dongle + + fetch 1,mem_le_adv_rcv + increase 1,pdata + store 1,mem_le_adv_rcv + call le_create_conn + rtn master + call le_send_scan_request + nrtn match + bpatchx patch23_1,mem_patch23 + fetch 1,mem_le_scanrsp_rcv + increase 1,pdata + store 1,mem_le_scanrsp_rcv + fetch 9,mem_le_rxbuf+8 + store 9,mem_tmp_buffer + rtn + +le_create_conn: + bpatchx patch23_2,mem_patch23 + fetch 1,mem_cmd_le_create_conn + rtnne hci_cmd_le_create_conn + fetch 6,mem_le_plap + fetcht 6,mem_le_conn_peer_addr + isub temp,null + nrtn zero + call context_new + nrtn zero + call le_connect_request + call le_init_master + bpatchx patch23_3,mem_patch23 + jam 0,mem_hci_cmd + jam 0,mem_le_peer_sca + jam 0,mem_le_scan_enable + jam 0,mem_cmd_le_create_conn + branch context_save + +le_scan_check_sender_addr_type: + arg 1,rega// sender_addr_type + fetch 1,mem_le_rxbuf + rtnbit1 LE_SENDER_ADDR_BIT + arg 0,rega + rtn + + + +le_prepare_tx: + bpatchx patch23_4,mem_patch23 + fetch 1,mem_le_arq + rtnbit1 wak + call le_check_tx_md + call le_fifo_get_first_tx_ptr //no packet to send + branch le_send_empty,blank + ifetch 1,contr + ifetcht 1,contr + copy temp,rega + isub rega,pdata + arg LE_MAX_PAKET_LEN,temp + call not_greater_than + copy pdata,temp + ifetch 1,contr + copy pdata,type + copy rega,pdata + iadd contr,contr + arg mem_le_txpayload,contw + copy temp,loopcnt + call memcpy + call le_update_tx_type + call le_send_packet + + call le_fifo_get_first_tx_ptr + ifetch 1,contr + copy pdata,rega + copy contr,regc + ifetcht 1,contr + copy temp,regb + isub regb,pdata + arg LE_MAX_PAKET_LEN,temp + call not_greater_than + iadd regb,pdata + istore 1,regc + isub rega,null + nrtn zero + branch le_fifo_release_first_node + + +le_check_tx_md: + call le_check_continue + rtnmark1 mark_ble_tx_md + fetch 1,mem_le_configuration + bbit0 BIT_BLE_TRANSMIT_PACKET_BY_MD,le_clear_md + call le_fifo_get_second_tx_ptr //no packet to send + branch le_clear_md,blank + branch le_set_md + + +le_check_continue: + call le_fifo_get_first_tx_ptr //no packet to send + branch le_clear_md,blank + ifetch 1,contr //pdata:length + ifetcht 1,contr //temp:offest + isub temp,pdata //pdata:length - offset + sub pdata,LE_MAX_PAKET_LEN,null + branch le_clear_md,positive //27 > length -offset +le_set_md: + set1 mark_ble_tx_md,mark + rtn + +le_clear_md: + set0 mark_ble_tx_md,mark + rtn + +le_update_tx_type: + copy rega,pdata + rtn blank + arg LLID_CONTINUE,type + rtn + + +le_att_check_notification_enable: // temp ->handle,output-> pdata,output :contr->rega + bpatchx patch23_5,mem_patch23 + increase 1,temp + call le_att_get_handle_ptr + increase -2,contr + ifetch 2,contr + arg CLIENT_CHARACTERTIC_CONFIGURATION,temp + isub temp,null + nrtn zero + increase 1,contr + copy contr,rega + ifetch 1,contr + rtn + + +le_send_empty: + force 0,temp + force 1,type + +le_send_packet: + bpatchx patch23_6,mem_patch23 + storet 1,mem_le_txlen + fetcht 1,mem_le_arq + set1 wak,temp + and temp,0xfc,pdata + ior type,pdata + store 1,mem_le_arq + and_into 0x1f,pdata + isolate1 mark_ble_tx_md,mark + setflag true,md,pdata + store 1,mem_le_txheader + + fetch 1,mem_le_txheader + compare 1,type,3 + nbranch le_send_no_txlen,true + fetch 1,mem_le_txlen + rtn blank +le_send_no_txlen: + fetch 1,mem_le_state + rtnbit0 lestate_encryption + call load_sk + branch le_encrypt + + +get_lpm_wake_ble_rx_lock: + arg wake_lock_ble_rx,queue + branch lpm_get_wake_lock + +put_lpm_wake_ble_rx_lock: + arg wake_lock_ble_rx,queue + branch lpm_put_wake_lock + + +le_parse: + bpatchx patch23_7,mem_patch23 + rtnmark1 mark_old_packet + call le_fifo_check_full + nrtn blank + fetch 1,mem_le_rxbuf + and pdata,0x3,pdata + store 1,mem_le_packet_llid + ifetch 1,contr + and pdata,0x1f,pdata + store 1,mem_le_packet_size + rtn blank //empty rtn + copy contr,pdata + store 2,mem_le_payload_ptr + bpatchx patch24_0,mem_patch24 + fetch 1,mem_le_packet_llid + beq LLID_LE_LL,le_parse_ll +le_parse_l2cap: + bpatchx patch24_1,mem_patch24 + call le_check_l2cap_complete + nbranch get_lpm_wake_ble_rx_lock,user + call put_lpm_wake_ble_rx_lock + fetch 2,mem_le_payload_ptr + copy pdata,contr + ifetch 2,contr //l2cap len + store 2,mem_le_l2cap_size + bpatchx patch24_2,mem_patch24 + ifetch 2,contr + beq LE_L2CAP_CID_ATT,le_parse_att + beq LE_L2CAP_CID_SMP,le_parse_smp + beq LE_L2CAP_CID_SIGNAL,le_parse_signaling + rtn + + +le_check_l2cap_complete: + fetch 1,mem_le_packet_llid + beq LLID_START,le_check_l2cap_llid_start + beq LLID_CONTINUE,le_check_l2cap_llid_continue + rtn + +//input: pdata is CID number +//output: if CID is legal ,enable user +// if ICD is illegal,disable user +le_check_l2cap_CID_legal: + call enable_user + arg LE_L2CAP_CID_ATT,temp + isub pdata,null + rtn zero + arg LE_L2CAP_CID_SIGNAL,temp + isub pdata,null + rtn zero + arg LE_L2CAP_CID_SMP,temp + isub pdata,null + rtn zero + branch disable_user + + +le_check_l2cap_llid_start: + fetch 2,mem_le_payload_ptr + copy pdata,contr + ifetch 2,contr + store 2,mem_le_l2cap_size + ifetch 2,contr //CID + call le_check_l2cap_CID_legal + nrtn user + fetcht 1,mem_le_packet_size + storet 1,mem_le_packet_len_recved + fetch 2,mem_le_l2cap_size + increase 4,pdata + isub temp,null + branch enable_user,zero + fetch 1,mem_le_packet_size + copy pdata,loopcnt + arg mem_le_l2capbuf,contw + fetch 2,mem_le_payload_ptr + copy pdata,contr + call memcpy + branch disable_user + +//no input +//output: if CID is legal ,enable user +// if ICD is illegal,disable user +le_check_l2cap_continue_legal: + call enable_user + fetch 1,mem_le_packet_len_recved + nrtn blank + branch disable_user + +le_check_l2cap_llid_continue: + call le_check_l2cap_continue_legal + nrtn user + fetch 1,mem_le_packet_len_recved + arg mem_le_l2capbuf,contw + iadd contw,rega + fetcht 1,mem_le_packet_size + iadd temp,pdata + store 1,mem_le_packet_len_recved + fetch 1,mem_le_packet_size + copy pdata,loopcnt + copy rega,contw + fetch 2,mem_le_payload_ptr + copy pdata,contr + call memcpy_fast + setarg mem_le_l2capbuf + store 2,mem_le_payload_ptr //update ptr->mem_le_l2capbuff + fetch 2,mem_le_l2cap_size + increase 4,pdata + fetcht 1,mem_le_packet_len_recved + isub temp,null + branch enable_user,zero + branch disable_user + + + + + +le_get_search_att_type: + call store_contr + arg mem_le_search_att_type_length,contw +le_get_search_common: + fetch 2,mem_le_l2cap_size + increase -5,pdata +le_get_search_common2: + istore 1,contw + copy pdata,loopcnt + call get_contr + branch memcpy_fast + +le_get_search_att_uuid: + call store_contr + arg mem_le_search_uuid_length,contw + branch le_get_search_common + + + /* rega pointers to data, regb is length */ +le_writeatt_cb: + fetch 2,mem_cb_att_write + branch callback_func + +le_supervision_update: + fetcht 4,mem_le_supervision_timer + call get_clkbt + isub temp,timeup /* and to 28 bits */ + deposit timeup + fetcht 2,mem_le_superto + lshift4 temp,temp + lshift temp,temp + isub temp,pdata + rtn + +le_supervision_flush: + call get_clkbt + store 4,mem_le_supervision_timer + rtn + + +le_adv: + jam 36,mem_le_ch_mapped + jam 0,mem_le_adv_channel_map_temp +le_adv_loop: + bpatchx patch24_3,mem_patch24 + fetch 1,mem_le_adv_enable + rtn blank + arg le_adv_interval_timer,queue + call timer_check + nrtn blank + bpatchx patch24_4,mem_patch24 +le_adv_loop_tx: + disable master + enable swfine + call le_init_adv + call le_next_adv_channel + call le_send_adv_ind + nbranch le_adv_not_match,match + fetch 1,mem_le_req_rcv + increase 1,pdata + store 1,mem_le_req_rcv + fetch 1,mem_le_rxbuf + and pdata,0x0f,pdata + beq SCAN_REQ,le_send_scan_response + beq CONNECT_REQ,le_parse_connect_req +le_adv_not_match: + bpatchx patch24_5,mem_patch24 + random pdata + arg 0x1ff,temp + iand temp,pdata + add pdata,250,pdata + call delay + fetch 1,mem_le_adv_channel_map_temp + fetcht 1,mem_le_adv_channel_map + isub temp,null + nbranch le_adv_loop,zero + arg le_adv_interval_timer,queue + fetch 2,mem_le_adv_interval + branch timer_init + +delay: + increase -1,pdata + nop 38 + nbranch delay,blank + rtn + + +le_receive_window_size: + bpatchx patch24_6,mem_patch24 + fetch 1,mem_le_peer_sca + call le_sca_map + fetch 2,mem_le_tsniff + imul32 temp,pdata + arg 375,temp + imul32 temp,pdata + arg 100000,temp + idiv temp + fetch 1,mem_le_window_size + arg 20000,temp + imul32 temp,pdata + iadd temp,pdata + store 4,mem_le_transmit_window + bpatchx patch24_7,mem_patch24 + fetch 2,mem_rx_window_sniff + call wait_div_end + quotient temp + iadd temp,pdata + store 2,mem_le_receive_window + rtn + +le_parse_connect_req: + bpatchx patch25_0,mem_patch25 + fetch 6,mem_le_rxbuf+8 + fetcht 6,mem_le_lap + isub temp,null + nrtn zero + call le_scan_check_sender_addr_type + copy rega,pdata + store 1,mem_le_conn_peer_addr_type + fetch 7,mem_le_rxbuf+21 + store 7,mem_tmp_buffer + ifetch 8,contr + istore 8,contw + fetch 6,mem_le_rxbuf+2 + store 6,mem_le_plap + increase 6,contr + ifetch 8,contr + store 8,mem_le_access // and crcinit & window size + ifetcht 2,contr // transmit offset + bpatchx patch25_1,mem_patch25 +// increase 1,temp + lshift2 temp,temp + ifetch 2,contr // connInterval + lshift2 pdata,pdata + store 2,mem_le_tsniff + store 4,mem_le_anchor + isub temp,pdata + add pdata,-2,clke_bt + ifetch 9,contr + store 9,mem_le_slave_latency// and super to & channel map + bpatchx patch25_2,mem_patch25 + ifetch 1,contr + rshift4 pdata,temp + rshift temp,temp + storet 1,mem_le_peer_sca + and_into 0x1f,pdata + store 1,mem_le_hop + call le_receive_window_size + call le_calc_channel_map + call le_init_slave + call context_new + nrtn zero + bpatchx patch25_3,mem_patch25 + call calc_clke_offset + call le_l2cap_reset_signaling_identifier + jam BT_EVT_LE_CONNECTED,mem_fifo_temp + call ui_ipc_send_event +// call app_get_lpm_wake_lock + branch context_save + + +le_init_attlist_search: + bpatchx patch25_4,mem_patch25 + fetch 2,mem_le_search_handle_start + iforce regb + fetch 2,mem_le_search_handle_end + iforce regc + fetch 2,mem_ui_le_uuid_table + iforce contr + enable user + rtn + + /* return handle in pdata, blank:end of list, positive:in range */ +le_att_handle_inrange: + ifetch 2,contr + rtn blank + isub regb,null /* less than start ? */ + nrtn positive + isub regc,null /* greater than end ? */ + rtn zero + branch le_att_handle_blank,positive + force 1,null + rtn +le_att_handle_blank: + force 0,pdata + rtn + + + /* handle in temp, return pointer in contr to length, blank not found */ +le_att_get_handle_ptr: + call le_att_get_handle_ptr2 + branch le_att_get_handle_ptr_found,zero + rtn + +le_att_get_handle_ptr2: + bpatchx patch25_5,mem_patch25 + fetch 2,mem_ui_le_uuid_table + iforce contr +le_att_get_handle_loop1: + ifetch 2,contr + rtn blank + isub temp,null + rtn zero + ifetch 1,contr + iadd contr,contr + ifetch 1,contr // length + iadd contr,contr + branch le_att_get_handle_loop1 +le_att_get_handle_ptr_found: + ifetch 1,contr + iadd contr,contr + rtn + + + +le_att_get_short_uuid_ptr: + bpatchx patch25_6,mem_patch25 + fetch 2,mem_ui_le_uuid_table + iforce contr +le_att_get_short_uuid_loop: + ifetch 2,contr + rtn blank + ifetch 1,contr + iadd contr,contr + increase -2,contr + ifetch 2,contr + isub temp,null + rtn zero + ifetch 1,contr + iadd contr,contr + branch le_att_get_short_uuid_loop + + + +le_att_get_handle_info_from_ptr: + fetch 2, mem_le_cur_attlist_start_ptr + branch le_att_get_handle_info_fast + +le_att_get_handle_info: + bpatchx patch25_7,mem_patch25 + fetch 2,mem_ui_le_uuid_table +le_att_get_handle_info_fast: + iforce contr + copy temp,rega +le_att_get_handle_loop: + ifetch 2,contr + branch le_att_unfind_handle,blank + isub rega,null + branch le_att_finded_handle, zero + ifetch 1,contr // length + iadd contr,contr + ifetch 1,contr //length + iadd contr,contr + branch le_att_get_handle_loop +le_att_unfind_handle: + branch disable_blank + +le_att_finded_handle: + ifetch 1,contr + store 1,mem_le_cur_uuid_length + copy pdata,loopcnt + arg mem_le_cur_uuid,contw + call memcpy_fast + ifetch 1,contr + store 1,mem_le_curr_att_len + call store_contr + branch enable_blank + + +le_modified_name: + bpatchx patch26_0,mem_patch26 + call le_modified_name_att_list + branch le_modified_name_adv + +le_modified_name_att_list: + arg UUID_CHRCTR_DEVICE_NAME,temp + call le_att_get_short_uuid_ptr + rtn blank + ifetch 1,contr // attribute length + copy contr,contw + fetcht 1,mem_le_name_len + copy temp,loopcnt + isub temp,null + nbranch le_name_length_longer_than_att,positive + isub temp,temp + arg mem_le_name,contr + call memcpy + copy temp,loopcnt + ncall memcpy_empty,zero + rtn +le_name_length_longer_than_att: + copy pdata,loopcnt + arg mem_le_name,contr + branch memcpy_fast + + +le_modified_name_adv: + arg mem_le_adv_data_len+32,regc + arg mem_le_adv_data,rega + call le_modified_name_adv_and_scan + setarg 0 + setflag user,0,pdata + store 1,mem_pdatatemp + arg mem_le_scan_data_len+32,regc + arg mem_le_scan_data,rega + call le_modified_name_adv_and_scan + rtn user + fetch 1,mem_pdatatemp + branch assert,blank + rtn + + +le_modified_name_adv_and_scan: + bpatchx patch26_1,mem_patch26 + call enable_user + call clear_temp_block + arg 0,regb //current length + arg mem_le_data_temp,contw + call le_modified_name_adv_loop + fetch 1,mem_le_name_len + add pdata,1,temp + iadd regb,rega + increase 2,rega + sub rega,0x1f,null + nbranch le_modified_name_adv_and_scan_name_overflow,positive + istoret 1,contw //store ble name length + arg GAP_ADTYPE_LOCAL_NAME_COMPLETE,temp + istoret 1,contw //store ble name type + iforce loopcnt + call memcpy_fast + copy rega,regb +le_modified_name_adv_and_scan_store_data: + deposit regb + store 1,mem_le_data_len_temp + arg mem_le_data_len_temp,contr + setarg -32 + iadd regc,contw + branch memcpy32 + +le_modified_name_adv_and_scan_name_overflow: + call disable_user + branch le_modified_name_adv_and_scan_store_data + +le_modified_name_adv_loop: + ifetch 1,rega //pdata:length + rtn blank //length is zero,ending find + pincrease 1 //length += 1 + ifetcht 1,contr //pdata:type + sub temp,GAP_ADTYPE_LOCAL_NAME_COMPLETE,null + branch le_modified_name_adv_found_name,zero + iadd regb,regb + copy rega,contr + iforce loopcnt + call memcpy_fast + copy contr,rega +le_modified_name_adv_loop2: + deposit rega + isub regc,null + rtn positive + branch le_modified_name_adv_loop + +le_modified_name_adv_found_name: + iadd rega,rega + branch le_modified_name_adv_loop2 + + +memcpy_empty: + setarg SPACE + istore 1,contw + loop memcpy_empty + rtn + + +le_lpm_set_mult: + bpatchx patch26_2,mem_patch26 + disable wake + branch le_lpm_set_mult_attempt,attempt + nbranch le_lpm_lost,match +le_lpm_set_mult_attempt: + call lpm_match + fetch 2,mem_rx_window_sniff + store 2,mem_le_receive_window + + nbranch lpm_mult_short,match + bmark1 mark_old_packet,lpm_mult_short + + fetch 1,mem_le_packet_size + nbranch lpm_mult_short,blank // rx not empty, short interval + fetch 1,mem_le_txlen + nbranch lpm_mult_short,blank // tx not empty, short interval + + fetch 1,mem_le_configuration + bbit1 BIT_BLE_SHORT_MULT,lpm_mult_short //check flag,if flag is 1,always short mult + + fetch 1,mem_le_state + bbit1 lestate_update_param,lpm_mult_short + branch lpm_mult_wait_timeout + +le_lpm_lost: + fetcht 2,mem_rx_window_sniff + rshift temp,temp + fetch 2,mem_le_receive_window + iadd temp,pdata + store 2,mem_le_receive_window + branch lpm_lost + +///////////////////////////////BLE CONFIG////////////////////////////////////////// +le_set_config_fixed_tk: + arg BIT_BLE_PASSKEY_FIXED_KEY,queue + branch le_set_config + +le_clr_config_fixed_tk: + arg BIT_BLE_PASSKEY_FIXED_KEY,queue + branch le_clr_config + +le_set_config_fixed_ltk: + arg BIT_BLE_PAIRING_FIXED_LTK,queue + branch le_set_config + +le_clr_config_fixed_ltk: + arg BIT_BLE_PAIRING_FIXED_LTK,queue + branch le_clr_config + +le_set_config_more_data: + arg BIT_BLE_TRANSMIT_PACKET_BY_MD,queue + branch le_set_config + +le_clr_config_more_data: + arg BIT_BLE_TRANSMIT_PACKET_BY_MD,queue + branch le_clr_config + +le_set_config_read_authentication: + arg BIT_BLE_READ_AUTH,queue + branch le_set_config + +le_clr_config_read_authentication: + arg BIT_BLE_READ_AUTH,queue + branch le_clr_config + +le_set_config_write_authentication: + arg BIT_BLE_WRITE_AUTH,queue + branch le_set_config + +le_clr_config_write_authentication: + arg BIT_BLE_WRITE_AUTH,queue + branch le_clr_config + +le_set_config_short_mult: + arg BIT_BLE_SHORT_MULT,queue + branch le_set_config + +le_clr_config_short_mult: + arg BIT_BLE_SHORT_MULT,queue + branch le_clr_config + + +le_set_config: + fetch 1,mem_le_configuration + qset1 pdata + store 1,mem_le_configuration + rtn + +le_clr_config: + fetch 1,mem_le_configuration + qset0 pdata + store 1,mem_le_configuration + rtn + +le_set_fixed_ltk: + setarg 0x112233 + store 3,mem_le_fixed_ltk + setarg 0x445566 + istore 3,contw + setarg 0x778899 + istore 3,contw + setarg 0x001122 + istore 3,contw + setarg 0x334455 + istore 3,contw + setarg 0x66 + istore 1,contw + rtn + + +le_set_justwork: + setarg 0x01000302 + store 4,mem_le_pres + setarg 0x010010 + store 3,mem_le_pres_max_keysize + jam 1,mem_le_pairing_mode + rtn + +///////////////////////////////////////////////////////////////////////// + +le_fifo_malloc_tx_empty: + arg 0,rega + arg LLID_EMPTY,type + branch le_fifo_malloc_tx + + +//rega:len regb:ll opcode +le_fifo_malloc_tx_ll: + arg LLID_LE_LL,type + call le_fifo_malloc_tx + copy regb,pdata + istore 1,contw + rtn + + +//rega:len regb:cid +le_fifo_malloc_tx_l2cap: + force LLID_L2CAP_START,type + increase 4,rega + call le_fifo_malloc_tx + increase -4,rega + copy rega,pdata + istore 2,contw + copy regb,pdata + istore 2,contw + rtn + + +//rega:len type:llid +le_fifo_malloc_tx: + sub rega,240,null //check max len + nbranch assert,positive + fetch 1,mem_le_tx_buff_used + arg 1,temp + arg LE_TX_BUFF_COUNT,loopcnt +le_fifo_malloc_tx_loop: + iand temp,null + branch le_fifo_malloc_tx_got_empty,zero + lshift temp,temp + loop le_fifo_malloc_tx_loop + branch assert //no empty buff +le_fifo_malloc_tx_got_empty: + ixor temp,pdata + store 1,mem_le_tx_buff_used + sub loopcnt,LE_TX_BUFF_COUNT,pdata + lshift4 pdata,pdata + lshift4 pdata,pdata + arg mem_le_tx_buffer0,temp + iadd temp,temp +le_fifo_tx_find_empty_ptr: + arg 0,loopcnt + arg mem_le_tx_ptr0,contr +le_fifo_tx_find_empty_ptr_loop: + ifetch 2,contr + branch le_fifo_tx_found_empty_ptr,blank + copy loopcnt,pdata + increase 1,loopcnt + bne LE_TX_BUFF_COUNT,le_fifo_tx_find_empty_ptr_loop + branch assert + + +le_fifo_tx_found_empty_ptr: + increase -2,contr + istoret 2,contr + copy temp,contw + copy rega,pdata + istore 1,contw //lengh + setarg 0 + istore 1,contw //offset + copy type,pdata + istore 1,contw //LLID + rtn + + + +le_fifo_get_first_tx_ptr: + fetch 2,mem_le_tx_ptr0 + copy pdata,contr + rtn + +le_fifo_get_second_tx_ptr: + fetch 2,mem_le_tx_ptr1 + copy pdata,contr + rtn + +le_fifo_get_last_tx_ptr: + call le_fifo_get_last_tx_ptr0 + copy pdata,contr + rtn +le_fifo_get_last_tx_ptr0: + fetch 2,mem_le_tx_ptr3 + nrtn blank + fetch 2,mem_le_tx_ptr2 + nrtn blank + fetch 2,mem_le_tx_ptr1 + nrtn blank + fetch 2,mem_le_tx_ptr0 + rtn + +le_fifo_get_first_l2cap_ptr: + call le_fifo_get_first_tx_ptr + increase 3,contr + rtn + +le_fifo_get_first_att_ptr: + call le_fifo_get_first_tx_ptr + increase 7,contr + rtn + +le_fifo_get_last_att_ptr: + call le_fifo_get_last_tx_ptr + increase 7,contr + rtn + +le_fifo_get_last_l2cap_ptr: + call le_fifo_get_last_tx_ptr + increase 3,contr + rtn + + + +le_fifo_check_full: + fetch 2,mem_le_tx_ptr3 + rtn + + +le_fifo_check_nearly_full: + fetch 2,mem_le_tx_ptr2 + rtn + + +le_fifo_check_empty: + fetch 2,mem_le_tx_ptr0 + rtn + + +le_fifo_release_first_node: + fetch 2,mem_le_tx_ptr0 + arg mem_le_tx_buffer0,temp + isub temp,pdata + rshift4 pdata,pdata + rshift4 pdata,queue + fetch 1,mem_le_tx_buff_used + qset0 pdata + store 1,mem_le_tx_buff_used + arg 0,loopcnt +le_fifo_release_first_node_loop: + lshift loopcnt,pdata + arg mem_le_tx_ptr1,temp + iadd temp,temp + ifetch 2,temp + increase -2,temp + istore 2,temp + copy loopcnt,pdata + increase 1,loopcnt + bne LE_TX_BUFF_UPDATE_LOOPCNT,le_fifo_release_first_node_loop + setarg 0 + istore 2,temp + rtn + + + Index: dukaqi/senrui/program/le_l2cap_att.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/le_l2cap_att.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/le_l2cap_att.prog (working copy) @@ -0,0 +1,713 @@ + + +le_parse_att: + ifetch 3,contr + store 3,mem_le_att_opcode + beq ATTOP_EXCHANGE_MTU_REQUEST,le_parse_att_exchange_mtu_request + beq ATTOP_EXCHANGE_MTU_RESPONSE,le_parse_att_exchange_mtu_response + beq ATTOP_FIND_INFORMATION_REQUEST,le_parse_att_find_information_request + beq ATTOP_FIND_BY_TYPE_VALUE_REQUEST,le_parse_att_find_by_type_value_request + beq ATTOP_READ_BY_TYPE_REQUEST,le_parse_att_read_by_type_request + beq ATTOP_READ_REQUEST,le_parse_att_read_request + beq ATTOP_READ_BLOB_REQUEST,le_parse_att_read_blob_request + beq ATTOP_READ_BY_GROUP_TYPE_REQUEST,le_parse_att_read_by_group_type_request + beq ATTOP_WRITE_REQUEST,le_parse_att_write_request + beq ATTOP_PREPARE_WRITE_REQUEST,le_parse_att_prepare_write_request + beq ATTOP_EXECUTE_WRITE_REQUEST,le_parse_att_execute_write_request + beq ATTOP_WRITE_COMMAND,le_parse_att_write_command + rtn + + +le_send_att_exchange_mtu_requset: + force 3,rega + call le_fifo_malloc_tx_l2cap_gatt + setarg ATTOP_EXCHANGE_MTU_REQUEST + istore 1,contw + fetch 2,mem_le_local_mtu + istore 2,contw + rtn + + +le_parse_att_exchange_mtu_request: + call le_parse_att_exchange_mtu_response +le_send_att_exchange_mtu_response: + force 3,rega + call le_fifo_malloc_tx_l2cap_gatt + setarg ATTOP_EXCHANGE_MTU_RESPONSE + istore 1,contw + fetch 2,mem_le_local_mtu + istore 2,contw + rtn + +le_parse_att_exchange_mtu_response: + rshift8 pdata,pdata + store 2,mem_le_remote_mtu + rtn + +le_parse_att_find_information_request: + call le_get_search_handle_start_end_common + call enable_user + branch le_send_att_find_information_response + +le_send_att_find_information_response: + arg 3,timeup + call le_init_attlist_search +le_send_att_find_information_res_loop: + call le_att_handle_inrange + branch le_send_att_find_information_res_end,blank + nbranch le_send_att_find_information_res_next,positive + increase -2,contr + call store_contr + call get_contw + nbranch le_send_att_find_information_res_store_info,user + call push_stack_rega_b_c + call disable_user + force 20,rega + call le_fifo_malloc_tx_l2cap_gatt + call pop_stack_rega_b_c + setarg ATTOP_FIND_INFORMATION_RESPONSE + istore 1,contw + setarg UUID_SIZE_16BIT + istore 1,contw +le_send_att_find_information_res_store_info: + call get_contr + ifetch 2,contr + istore 2,contw + ifetch 1,contr + copy pdata,loopcnt + call memcpy + call store_contw + increase -1,timeup + branch le_send_att_find_information_res_end,zero +le_send_att_find_information_res_cont: + ifetch 1,contr + iadd contr,contr + branch le_send_att_find_information_res_loop +le_send_att_find_information_res_next: + ifetch 1,contr + iadd contr,contr + branch le_send_att_find_information_res_cont +le_send_att_find_information_res_end: + branch le_send_att_error_response_notfound,user + branch le_send_auto_len_by_mem + + +le_parse_att_find_by_type_value_request: + call le_get_search_handle_start_end_common + ifetch 2,contr + store 2,mem_le_search_uuid + call store_contr + arg mem_le_search_att_type_length,contw + fetch 2,mem_le_l2cap_size + increase -7,pdata + call le_get_search_common2 + branch le_send_att_find_by_type_value_response + + +le_start_end_handle_check_1: + disable user + fetcht 2,mem_le_search_handle_start + fetch 2,mem_le_search_handle_end + isub temp,null + nbranch le_start_end_handle_check_1_fail,positive + deposit temp + rtnne 0 +le_start_end_handle_check_1_fail: + enable user + jam ATT_ERR_INVALID_HANDLE,mem_le_err_code + branch le_send_att_error_response + + +le_send_att_find_by_type_value_response: + call le_start_end_handle_check_1 + rtn user + fetcht 2,mem_le_search_uuid + setarg UUID_GATT_PRIMARY_SERVICE + isub temp,null + branch le_send_att_find_by_type_value_res_primary,zero + branch le_send_att_error_response_notfound + + +le_send_att_find_by_type_value_res_primary: + jam LE_FIND_BY_TYPE_VAL_RES_NOT_FOUND,mem_le_search_res + fetcht 2,mem_le_search_handle_start + storet 2,mem_temp + call le_att_get_handle_info + nbranch le_send_att_error_response_notfound,blank +le_send_att_find_primary_search_loop: + fetcht 2,mem_temp + call le_att_get_handle_info + nbranch le_send_att_error_response_notfound2,blank + copy contr,rega + fetch 1,mem_le_curr_att_len + copy pdata,loopcnt + fetcht 1,mem_le_search_att_type_length + isub temp,null + nbranch le_send_att_find_primary_search_loop1,zero + arg mem_le_search_att_type,regb + call string_compare + + branch le_send_att_find_primary_search_end_start_handle_found,zero + + fetch 2,mem_le_cur_uuid + fetcht 2,mem_le_search_uuid + isub temp,null + branch le_send_att_find_primary_search_end_ending_handle_found,zero +le_send_att_find_primary_search_loop1: + fetch 2,mem_temp + increase 1,pdata + store 2,mem_temp + branch le_send_att_find_primary_search_loop + +le_send_att_error_response_notfound2: + fetch 1,mem_le_search_res + beq LE_FIND_BY_TYPE_VAL_RES_FOUND_STARTING_HANDLE,le_send_att_find_primary_search_end_ending_handle_found + branch le_send_att_error_response_notfound + + +le_send_att_find_primary_search_end_start_handle_found: + fetch 2,mem_le_cur_uuid + fetcht 2,mem_le_search_uuid + isub temp,null + nbranch le_send_att_find_primary_search_loop1,zero + jam LE_FIND_BY_TYPE_VAL_RES_FOUND_STARTING_HANDLE,mem_le_search_res +// copy rega,temp + fetcht 2,mem_temp + storet 2,mem_le_cur_handle_start + branch le_send_att_find_primary_search_loop1 + +le_send_att_find_primary_search_end_ending_handle_found: + fetch 1,mem_le_search_res + beq LE_FIND_BY_TYPE_VAL_RES_NOT_FOUND,le_send_att_find_primary_search_loop1 + jam LE_FIND_BY_TYPE_VAL_RES_FOUND_ENDING_HANDLE,mem_le_search_res + fetcht 2,mem_temp + increase -1,temp + storet 2,mem_le_cur_handle_end + +le_send_att_find_primary_search_end: + arg 5,rega + call le_fifo_malloc_tx_l2cap_gatt + setarg ATTOP_FIND_BY_TYPE_VALUE_RESPONSE + istore 1,contw + fetch 2,mem_le_cur_handle_start + istore 2,contw + fetch 2,mem_le_cur_handle_end + istore 2,contw + rtn + + + +le_parse_att_read_by_type_request: + call le_get_search_handle_start_end_common + call le_get_search_att_uuid + branch le_send_att_read_by_type_response + +le_send_att_read_by_type_response: + fetcht 2,mem_le_search_handle_start + storet 2,mem_temp + call le_init_attlist_search + call le_att_get_handle_ptr2 + increase -2,contr + copy contr,pdata + store 2,mem_le_cur_attlist_start_ptr + + fetcht 2,mem_le_search_uuid + setarg UUID_CHRCTR_DEVICE_NAME + isub temp,null + branch le_send_att_read_by_type_res_device_name,zero + setarg UUID_GATT_CHARACTERISTIC + isub temp,null + nbranch le_send_att_read_by_type_res_not_characteristic,zero + arg 2,timeup +le_send_att_read_by_type_response_loop: + call le_att_check_handle_end + nbranch le_send_att_read_by_type_response_end,positive + fetcht 2,mem_temp + call le_att_get_handle_info_from_ptr + beq 1,le_send_att_read_by_type_response_end + call le_att_same_uuid + nbranch le_send_att_read_by_type_response_next_handle,zero + nbranch le_send_att_read_by_type_res_found_next,user + disable user + arg 20,rega + call le_fifo_malloc_tx_l2cap_gatt + setarg ATTOP_READ_BY_TYPE_RESPONSE + istore 1,contw + copy contw,alarm + increase 1,contw + + call le_send_att_read_by_type_write_properties + call le_att_next_handle + call le_att_get_handle_info_from_ptr + call le_send_att_read_by_type_write_uuid + fetch 1,mem_le_cur_uuid_length + increase 5,pdata + istore 1,alarm + fetch 1,mem_le_cur_uuid_length + beq 16,le_send_att_read_by_type_response_end + increase -1,timeup + branch le_send_att_read_by_type_response_end,zero +le_send_att_read_by_type_response_next_handle: + call le_att_next_handle + branch le_send_att_read_by_type_response_loop +le_send_att_read_by_type_response_end: + branch le_send_att_error_response_notfound,user + branch le_send_auto_len_by_mem + +le_send_att_read_by_type_res_found_next: + call le_store_att_record + call le_att_next_handle + call le_att_get_handle_info_from_ptr + fetch 1,mem_le_cur_uuid_length + beq 16,le_send_att_read_by_type_response_end + + call get_contw + fetch 2,mem_temp + increase -1,pdata + istore 2,contw + call le_write_att_record_common + call le_send_att_read_by_type_write_uuid + increase -1,timeup + branch le_send_att_read_by_type_response_end,zero + branch le_send_att_read_by_type_response_next_handle + + +le_send_att_read_by_type_write_properties: + fetch 2,mem_temp + istore 2,contw + + fetch 1,mem_le_curr_att_len + copy pdata,loopcnt + call get_contr + call memcpy_fast + branch store_contw +le_send_att_read_by_type_write_uuid: + call get_contw + fetch 2,mem_temp + istore 2,contw + call store_contw + fetch 1,mem_le_cur_uuid_length + copy pdata,loopcnt + call get_contw + call get_contr + isub loopcnt,contr + increase -1,contr + call memcpy_fast + branch store_contw + + + +le_send_att_read_by_type_res_not_characteristic: + fetcht 2,mem_le_search_handle_start + storet 2,mem_temp +le_send_att_read_by_type_res_not_char_loop: + call le_att_check_handle_end + nbranch le_send_att_error_response_notfound,positive + call le_att_get_handle_info_from_ptr + beq 1,le_send_att_error_response_notfound + call le_att_same_uuid + nbranch le_send_att_read_by_type_res_not_char_next,zero + +le_send_att_read_by_type_res_not_char_common: + arg 20,rega + call le_fifo_malloc_tx_l2cap_gatt + setarg ATTOP_READ_BY_TYPE_RESPONSE + istore 1,contw + fetch 1,mem_le_curr_att_len + copy pdata,loopcnt + increase 2,pdata + istore 1,contw + fetch 2,mem_temp + istore 2,contw + call get_contr + call memcpy_fast + call store_contw + branch le_send_auto_len_by_mem + +le_send_att_read_by_type_res_not_char_next: + call le_att_next_handle + branch le_send_att_read_by_type_res_not_char_loop + + +le_send_att_read_by_type_res_device_name: + arg UUID_CHRCTR_DEVICE_NAME,temp + call le_att_get_short_uuid_ptr + rtn blank + increase -5,contr // point to handle + ifetch 2,contr + store 2,mem_temp + arg 20,rega + call le_fifo_malloc_tx_l2cap_gatt + setarg ATTOP_READ_BY_TYPE_RESPONSE + istore 1,contw + fetch 1,mem_le_name_len + copy pdata,loopcnt + increase 2,pdata + istore 1,contw + fetch 2,mem_temp + istore 2,contw + arg mem_le_name,contr + call memcpy_fast + call store_contw + branch le_send_auto_len_by_mem + + + +le_parse_att_read_request: + fetcht 2,mem_le_att_handle + fetch 1,mem_le_configuration + bbit1 BIT_BLE_READ_AUTH,le_send_att_read_response_check_auth + +le_send_att_read_response: + call le_att_get_handle_ptr + branch le_send_att_error_response_notfound,blank + increase -2,contr + ifetch 2,contr + arg UUID_CHRCTR_DEVICE_NAME,temp + isub temp,null + branch le_send_device_name,zero + ifetch 1,contr + sub pdata,22,null + branch le_send_att_read_response_less,positive + force 22,pdata +le_send_att_read_response_less: + copy pdata,regc + call store_contr + add regc,1,rega + call le_fifo_malloc_tx_l2cap_gatt + setarg ATTOP_READ_RESPONSE + istore 1,contw + copy regc,loopcnt + call get_contr + branch memcpy + +le_send_device_name: + call store_contr + fetch 1,mem_le_name_len + add pdata,1,rega + call le_fifo_malloc_tx_l2cap_gatt + setarg ATTOP_READ_RESPONSE + istore 1,contw + fetch 1,mem_le_name_len + copy pdata,loopcnt + arg mem_le_name,contr + branch memcpy + + +le_send_att_read_response_check_auth: + fetch 2,mem_le_pairing_handle + isub temp,null + nbranch le_send_att_read_response,zero +//le_send_att_read_response_error_insufficient_auth: + call le_check_encrypt_state + nbranch le_send_att_read_response,user + jam ATT_ERR_INSUFFICIENT_AUTHENTICATION,mem_le_err_code + branch le_send_att_error_response + + +le_parse_att_read_blob_request: + ifetch 2,contr + store 2,mem_le_att_offset +le_send_att_read_blob_response: + arg 20,rega + call le_fifo_malloc_tx_l2cap_gatt + setarg ATTOP_READ_BLOB_RESPONSE + istore 1,contw + fetch 2,mem_le_att_offset + iforce rega + fetcht 2,mem_le_att_handle + call le_att_get_handle_ptr + branch le_send_att_error_response_notfound,blank + ifetch 1,contr + isub rega,loopcnt + nbranch le_send_att_error_response_notfound,positive + sub loopcnt,22,null + branch le_send_att_read_blob_response_less,positive + force 22,loopcnt +le_send_att_read_blob_response_less: + deposit rega + iadd contr,contr + call memcpy_fast + call store_contw + branch le_send_auto_len_by_mem + + +le_parse_att_read_by_group_type_request: + call le_get_search_handle_start_end_common + call le_get_search_att_type + branch le_send_att_read_by_group_type_response + +//mem_le_search_att_type +//mem_le_search_handle_start +//mem_le_search_handle_end +le_send_att_read_by_group_type_response: + arg 2,timeup + fetcht 2,mem_le_search_handle_start +// arg 23,pdata +// isub temp,null +// call ice_break,zero + storet 2,mem_temp + call le_init_attlist_search + call le_att_get_handle_ptr2 + increase -2,contr + copy contr,pdata + store 2,mem_le_cur_attlist_start_ptr +le_send_att_read_by_group_type_response_loop: + call le_att_check_handle_end + nbranch le_send_att_read_by_group_type_end0,positive + fetcht 2,mem_temp + call le_att_get_handle_info_from_ptr + beq 1,le_send_att_read_by_group_type_end1 + + call le_att_same_type + nbranch le_send_att_read_by_group_type_next_handle,zero + copy timeup,pdata + beq 0,le_send_att_read_by_group_type_end1 + nbranch le_send_att_read_by_group_type_store_write_record,user //un first + disable user + //first att uuid + arg 20,rega + call le_fifo_malloc_tx_l2cap_gatt + setarg ATTOP_READ_BY_GROUP_TYPE_RESPONSE + istore 1,contw + fetch 1,mem_le_curr_att_len + increase 4,pdata + istore 1,contw + call store_contw + branch le_send_att_read_by_group_type_store_record +le_send_att_read_by_group_type_store_write_record: + fetch 1,mem_le_curr_att_len + beq 16,le_send_att_read_by_group_type_end1 + fetch 2,mem_temp + increase -1,pdata + store 2,mem_le_cur_handle_end + call le_write_att_record +le_send_att_read_by_group_type_store_record: + fetch 2,mem_temp + store 2,mem_le_cur_handle_start + call le_store_att_record + increase -1,timeup +// branch le_send_att_read_by_group_type_last_find,zero +le_send_att_read_by_group_type_next_handle: + call le_att_next_handle + branch le_send_att_read_by_group_type_response_loop + +le_send_att_read_by_group_type_end0: //> att handle end + fetch 2,mem_temp + store 2,mem_le_cur_handle_end + branch le_send_att_read_by_group_type_end_common +le_send_att_read_by_group_type_end1: //>att max list handle or diff len + fetch 2,mem_temp + increase -1,pdata + store 2,mem_le_cur_handle_end + branch le_send_att_read_by_group_type_end_common +le_send_att_read_by_group_type_end_common: + branch le_send_att_error_response_notfound,user + call le_write_att_record + branch le_send_auto_len_by_mem + + + + +le_parse_att_write_request: + copy contr,rega + fetch 2,mem_le_l2cap_size + add pdata,-3,regb + call le_writeatt_cb +le_send_att_write_response_check_auth: + fetch 1,mem_le_configuration + bbit0 BIT_BLE_WRITE_AUTH,le_send_att_write_response + + fetcht 2,mem_le_att_handle + fetch 2,mem_le_pairing_handle + isub temp,null + nbranch le_send_att_write_response,zero + call le_check_encrypt_state + nbranch le_send_att_write_response,user + jam ATT_ERR_INSUFFICIENT_AUTHENTICATION,mem_le_err_code + branch le_send_att_error_response + +le_send_att_write_response: + force 1,rega + call le_fifo_malloc_tx_l2cap_gatt + setarg ATTOP_WRITE_RESPONSE + istore 1,contw + rtn + +le_check_encrypt_state: + call disable_user + fetch 1,mem_le_pairing_mode + rtneq LE_PAIRING_MODE_NONE + fetch 1,mem_context + rtnbit1 lestate_encryption + branch enable_user + + +le_parse_att_prepare_write_request: + add contr,2,rega + fetch 2,mem_le_l2cap_size + add pdata,-5,regb + call le_writeatt_cb + branch le_send_att_prepare_write_response + + +le_send_att_prepare_write_response: + fetch 2,mem_le_l2cap_size + copy pdata,rega + call le_fifo_malloc_tx_l2cap_gatt + setarg ATTOP_PREPARE_WRITE_RESPONSE + istore 1,contw + fetch 2,mem_le_att_handle + istore 2,contw + fetch 2,mem_le_l2cap_size + add pdata,-5,loopcnt + fetch 2,mem_le_payload_ptr + add pdata,7,contr + ifetch 2,contr //offset + istore 2,contw + branch memcpy_fast + + + +le_parse_att_execute_write_request: + +le_send_att_execute_write_response: + force 1,rega + call le_fifo_malloc_tx_l2cap_gatt + setarg ATTOP_EXECUTE_WRITE_RESPONSE + istore 1,contw + rtn + + + +le_parse_att_write_command: + copy contr,rega + fetch 2,mem_le_l2cap_size + add pdata,-3,regb + branch le_writeatt_cb + + + +//rga:len temp:handle;rgea,regb,regc already used +le_att_malloc_tx_notify: + copy temp,regc + increase 3,rega + call le_fifo_malloc_tx_l2cap_gatt + increase -3,rega + setarg ATTOP_HANDLE_VALUE_NOTIFICATION + istore 1,contw + copy regc,temp + istoret 2,contw + rtn + +//rga:len temp:handle;rgea,regb,regc already used +le_att_malloc_tx_indication: + copy temp,regc + increase 3,rega + call le_fifo_malloc_tx_l2cap_gatt + increase -3,rega + setarg ATTOP_HANDLE_VALUE_INDICATION + istore 1,contw + copy regc,temp + istoret 2,contw + rtn + + +///////////////////////////ATT common function//////////////////////////////////// + +le_send_att_error_response_notfound: + jam ATT_ERR_ATTRIBUTE_NOT_FOUND,mem_le_err_code +le_send_att_error_response: + force 5,rega + call le_fifo_malloc_tx_l2cap_gatt + setarg ATTOP_ERROR_RESPONSE + istore 1,contw + fetch 1,mem_le_att_opcode + istore 1,contw + fetch 2,mem_le_att_handle + istore 2,contw + fetch 1,mem_le_err_code + istore 1,contw + rtn + + +le_fifo_malloc_tx_l2cap_gatt: + force LE_L2CAP_CID_ATT,regb + branch le_fifo_malloc_tx_l2cap + + +le_att_next_handle: + fetcht 2,mem_temp + increase 1,temp + storet 2,mem_temp + rtn + +le_att_check_handle_end: + fetcht 2,mem_temp + fetch 2,mem_le_search_handle_end + isub temp,null + rtn + + +le_att_same_type: + fetcht 1,mem_le_search_att_type_length + arg mem_le_search_att_type,rega +le_att_check_same_common: + fetch 1,mem_le_cur_uuid_length + copy pdata,loopcnt + isub temp,null + nrtn zero + arg mem_le_cur_uuid ,regb + branch string_compare + +le_att_same_uuid: + fetcht 1,mem_le_search_uuid_length + arg mem_le_search_uuid,rega + branch le_att_check_same_common + + +le_store_att_record: + fetch 1,mem_le_curr_att_len + store 1, mem_tmp_buffer + copy pdata,loopcnt + call get_contr + branch memcpy_fast + + +le_write_att_record: + call get_contw + fetch 2,mem_le_cur_handle_start + istore 2,contw + fetch 2,mem_le_cur_handle_end + istore 2,contw +le_write_att_record_common: + fetch 1,mem_tmp_buffer + copy pdata,loopcnt + call memcpy_fast + branch store_contw + + + +le_send_auto_len_by_mem: + call get_contw + call le_fifo_get_last_att_ptr + copy contw,pdata + isub contr,rega + call le_fifo_get_last_l2cap_ptr + copy rega,pdata + istore 2,contr + increase 4,rega + call le_fifo_get_last_tx_ptr + copy rega,pdata + istore 1,contr + rtn + + +le_get_search_handle_start_end_common: + rshift8 pdata,pdata + store 2,mem_le_search_handle_start + ifetch 2,contr + store 2,mem_le_search_handle_end + rtn + + Index: dukaqi/senrui/program/le_l2cap_signalling.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/le_l2cap_signalling.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/le_l2cap_signalling.prog (working copy) @@ -0,0 +1,54 @@ + + +le_parse_signaling: + ifetch 1,contr + ifetcht 1,contr //id + ifetcht 2,contr //length + beq L2CAP_CONNECTION_PARAMETER_UPDATE_RESPONSE,le_l2cap_parse_conn_parameter_update_rsp + rtn +le_l2cap_parse_conn_parameter_update_rsp: + ifetch 2,contr //result + store 2,mem_le_l2cap_signaling_conn_param_update_rsp_result + jam BT_EVT_LE_PARSE_CONN_PAPA_UPDATE_RSP,mem_fifo_temp + branch ui_ipc_send_event + + +//mem_le_interval_min:the ptr that connection parameter, +//include ConnIntervalMin,ConnIntervalMax, +// ConnSlaveLatency,ConnSupervisionTimeout +le_l2cap_tx_update_req: + arg 0x0c,rega + arg L2CAP_CONNECTION_PARAMETER_UPDATE_REQUEST,regc + call le_fifo_malloc_tx_l2cap_signaling + setarg 0x08 + istore 2,contw + fetch 8,mem_le_interval_min + istore 8,contw + rtn + + +//rega:len regc:signaling opcode +le_fifo_malloc_tx_l2cap_signaling: + call le_l2cap_update_signaling_identifier + arg LE_L2CAP_CID_SIGNAL,regb + call le_fifo_malloc_tx_l2cap + copy regc,pdata + istore 1,contw + fetch 1,mem_le_signaling_identifier + istore 1,contw + rtn + + +le_l2cap_update_signaling_identifier: + fetch 1,mem_le_signaling_identifier + //beq 0xff,le_l2cap_signaling_identifier_set_1 + pincrease 1 + store 1,mem_le_signaling_identifier + rtnne 0 + +le_l2cap_reset_signaling_identifier: + jam 1,mem_le_signaling_identifier + rtn + + + Index: dukaqi/senrui/program/le_l2cap_smp.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/le_l2cap_smp.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/le_l2cap_smp.prog (working copy) @@ -0,0 +1,594 @@ + +le_pairing_mode_init: + fetch 1,mem_le_pairing_mode + beq LE_PAIRING_MODE_NONE, le_set_no_pairing + beq LE_PAIRING_MODE_LAGACY_JUSTWORK,le_set_pairing_mode_lagacy_just_work + beq LE_PAIRING_MODE_LAGACY_PASSKEY,le_set_pairing_mode_lagacy_passkey +ifdef SECURE_CONNECTION + beq LE_PAIRING_MODE_SECURE_CONNECT_JUSTWORK,le_set_pairing_mode_secure_justwork + beq LE_PAIRING_MODE_SECURE_CONNECT_NUMERIC,le_set_pairing_mode_secure_numeric + beq LE_PAIRING_MODE_SECURE_CONNECT_PASSKEY,le_set_pairing_mode_secure_passkey +endif + rtn + +ifdef SECURE_CONNECTION +le_set_pairing_mode_secure_justwork: + jam FLAG_LE_BONDING_MITM_SECURE,mem_le_pres_auth + branch le_set_noinputnooutput +le_set_pairing_mode_secure_numeric: + jam FLAG_LE_BONDING_MITM_SECURE,mem_le_pres_auth + jam FLAG_IOCAP_DISPLAYYESNO,mem_le_pres_iocap + rtn +le_set_pairing_mode_secure_passkey: + jam FLAG_LE_BONDING_MITM_SECURE,mem_le_pres_auth + branch le_set_displayonly +endif +le_set_no_pairing: + jam FLAG_LE_NO_BONDING_NO_MITM,mem_le_pres_auth +le_set_noinputnooutput: + jam FLAG_IOCAP_NOINPUTNOOUTPUT,mem_le_pres_iocap + rtn +le_set_pairing_mode_lagacy_just_work: + jam FLAG_LE_BONDING_MITM,mem_le_pres_auth + branch le_set_noinputnooutput +le_set_pairing_mode_lagacy_passkey: + jam FLAG_LE_BONDING_MITM,mem_le_pres_auth +le_set_displayonly: + jam FLAG_IOCAP_DISPLAYONLY,mem_le_pres_iocap + rtn + + +le_secure_connection_enable: + fetch 1,mem_le_pres_auth + set1 LE_AUTH_SECURE_CONNECTION_PAIRING_BIT,pdata + store 1,mem_le_pres_auth + rtn +le_secure_connection_disable: + fetch 1,mem_le_pres_auth + set0 LE_AUTH_SECURE_CONNECTION_PAIRING_BIT,pdata + store 1,mem_le_pres_auth + rtn + +le_parse_smp: + ifetch 1,contr + beq SMP_PAIRING_REQUEST,le_parse_smp_pairing_request +// beq SMP_PAIRING_RESPONSE,le_parse_smp_pairing_response + beq SMP_PAIRING_CONFIRM,le_parse_smp_pairing_confirm + beq SMP_PAIRING_RANDOM,le_parse_smp_pairing_random + beq SMP_PAIRING_FAILED,le_parse_smp_pairing_failed + beq SMP_ENCRYPTION_INFORMATION,le_parse_smp_encryption_information + beq SMP_MASTER_IDENTIFICATION,le_parse_smp_master_identification + beq SMP_IDENTITY_INFORMATION,le_parse_smp_identity_information + beq SMP_IDENTITY_ADDRESS_INFORMATION,le_parse_smp_identity_address_information + beq SMP_SIGNING_INFORMATION,le_parse_smp_signing_information + beq SMP_SECURITY_REQUEST,le_parse_smp_security_request +ifdef SECURE_CONNECTION + beq SMP_PAIRING_PUBLIC_KEY,le_parse_smp_public_key + beq SMP_PAIRING_DHKEY_CHECK,le_parse_smp_dhkey_check +endif + rtn + + + +le_send_smp_security_request: + force 2,rega + call le_fifo_malloc_tx_l2cap_smp + setarg SMP_SECURITY_REQUEST + istore 1,contw + fetch 1,mem_le_pres_auth + istore 1,contw + rtn + +le_parse_smp_pairing_request: + store 1,mem_le_preq + ifetch 6,contr + istore 6,contw + fetch 1,mem_le_pairing_mode + beq LE_PAIRING_MODE_NONE,le_smp_pairing_fail_reason_not_support_pairing + call le_send_smp_pairing_response + call le_check_master_support_secure_connect + jam FLAG_LE_PAIRING_RCV_PAIRING_REQ,mem_le_pairing_state + fetch 1,mem_le_preq_iocap + beq FLAG_IOCAP_DISPlAYONLY,le_set_tk_0 + beq FLAG_IOCAP_DISPLAYYESNO,le_set_tk_0 + beq FLAG_IOCAP_NOINPUTNOOUTPUT,le_set_tk_0 + fetch 1,mem_le_pairing_mode + beq LE_PAIRING_MODE_LAGACY_PASSKEY,le_parse_smp_pairing_req_passkey + rtneq LE_PAIRING_MODE_SECURE_CONNECT_PASSKEY +le_set_tk_0: + arg 0,pdata + store 4,mem_le_tk + rtn + +le_parse_smp_pairing_req_passkey: + fetch 1,mem_le_configuration + bbit1 BIT_BLE_PASSKEY_FIXED_KEY,le_parse_smp_pairing_req_fixed_passkey +le_genernate_tk: + arg mem_le_tk,rega + copy rega,contw + arg 3,loopcnt + call generate_random_loop + fetch 2,mem_le_tk + 2 + and_into 0x7,pdata + store 2,mem_le_tk + 2 +le_parse_smp_pairing_req_fixed_passkey: + jam BT_EVT_LE_TK_GENERATE,mem_fifo_temp + branch ui_ipc_send_event + +le_check_master_support_secure_connect: + fetch 1,mem_le_preq_auth + rtnbit1 LE_AUTH_SECURE_CONNECTION_PAIRING_BIT + fetch 1,mem_le_pairing_mode + rtnbit0 LE_PAIRING_MODE_SECURE_CONNECT_BIT + branch app_ble_disconnect + +le_send_smp_pairing_response: + force 7,rega + call le_fifo_malloc_tx_l2cap_smp + fetch 7,mem_le_pres + istore 7,contw + rtn + + +le_parse_smp_pairing_confirm: +ifdef SECURE_CONNECTION + copy contr,rega + fetch 1,mem_le_pairing_mode + beq LE_PAIRING_MODE_SECURE_CONNECT_PASSKEY,le_parse_smp_pairing_confirm_secure_passkey + copy rega,contr +endif + arg mem_le_rconfirm,contw + call memcpy16 + branch le_send_smp_pairing_confirm +ifdef SECURE_CONNECTION +le_parse_smp_pairing_confirm_secure_passkey: + copy rega,contr + arg mem_le_rconfirm,contw + call memcpy16 + jam LE_SP_FLAG_COMMIT_256,mem_le_secure_connect_flag + jam LE_SC_STAT_PASSKEY_WAIT_CONFIRM,mem_le_secure_connect_state + rtn +endif + + +le_send_smp_pairing_confirm: +ifdef SECURE_CONNECTION + fetch 1,mem_le_pairing_mode + bbit1 LE_PAIRING_MODE_SECURE_CONNECT_BIT,le_send_smp_pairing_confirm_sc +endif + call generate_confirm + force 17,rega + call le_fifo_malloc_tx_l2cap_smp + setarg SMP_PAIRING_CONFIRM + istore 1,contw + branch store_aes_result + + +ifdef SECURE_CONNECTION +le_send_smp_pairing_confirm_sc: + arg mem_le_srand,contw + call generate_random + call function_f4_cb + force 17,rega + call le_fifo_malloc_tx_l2cap_smp + setarg SMP_PAIRING_CONFIRM + istore 1,contw + branch load_inverse_result + +endif + + +le_parse_smp_pairing_random: +ifdef SECURE_CONNECTION + copy contr,rega + fetch 1,mem_le_pairing_mode + bbit1 LE_PAIRING_MODE_SECURE_CONNECT_BIT,le_parse_smp_pairing_random_sc + copy rega,contr +endif + call authenticate_rconfirm + branch le_parse_smp_pairing_random_success,zero +le_send_pairing_confirm_value_failed: + jam PAIRING_FAILED_CONFIRM_VALUE_FAILED,mem_le_ll_pairing_fail_reason +le_send_pairing_failed: + force 2,rega + call le_fifo_malloc_tx_l2cap_smp + setarg SMP_PAIRING_FAILED + istore 1,contw + fetch 1,mem_le_ll_pairing_fail_reason + istore 1,contw +le_parse_smp_pairing_failed: + force smp_pairing_timer,queue + call timer_stop + jam FLAG_LE_PAIRING_NULL,mem_le_pairing_state + jam BT_EVT_LE_PAIRING_FAIL,mem_fifo_temp + branch ui_ipc_send_event + +le_smp_pairing_fail_reason_not_support_pairing: + jam PAIRING_FAILED_PAIRING_NOT_SUPPORTED,mem_le_ll_pairing_fail_reason + branch le_send_pairing_failed + + +ifdef SECURE_CONNECTION +le_parse_smp_pairing_random_sc: + arg mem_le_mrand,contw + copy rega,contr + call memcpy16 + fetch 1,mem_le_pairing_mode + beq LE_PAIRING_MODE_SECURE_CONNECT_PASSKEY,le_parse_smp_pairing_random_sc_passkey + call function_g2 +// jam LE_SC_STAT_RECEIVE_RANDOM,mem_le_secure_connect_state +// jam LE_SP_FLAG_COMMIT_256,mem_le_secure_connect_flag + call le_send_smp_pairing_random + fetch 1,mem_le_pairing_mode + rtnne LE_PAIRING_MODE_SECURE_CONNECT_NUMERIC + jam BT_EVT_LE_GKEY_GENERATE,mem_fifo_temp + branch ui_ipc_send_event + +le_parse_smp_pairing_random_sc_passkey: + call function_f4_ca + arg mem_AES_CMAC_temp,contw + call load_inverse_result + arg mem_AES_CMAC_temp,rega + arg mem_le_rconfirm ,regb + arg 16,loopcnt + call string_compare + nbranch le_send_pairing_confirm_value_failed,zero + branch le_send_smp_pairing_random +endif + +le_parse_smp_pairing_random_success: + call generate_stk + jam BT_EVT_LE_PAIRING_SUCCESS,mem_fifo_temp + call ui_ipc_send_event + jam 1,mem_ltk_exists + jam FLAG_LE_PAIRING_AFTER_AUTH,mem_le_pairing_state + +le_send_smp_pairing_random: + force 17,rega + call le_fifo_malloc_tx_l2cap_smp + setarg SMP_PAIRING_RANDOM + istore 1,contw + arg mem_le_srand,contr + branch memcpy16 + +le_parse_smp_encryption_information: + arg mem_le_peer_ltk,contw + branch memcpy16 + +le_send_smp_encryption_information: + force 17,rega + call le_fifo_malloc_tx_l2cap_smp + setarg SMP_ENCRYPTION_INFORMATION + istore 1,contw + fetch 1,mem_le_configuration + bbit1 BIT_BLE_PAIRING_FIXED_LTK,le_send_fixed_ltk + arg mem_le_ltk,contr + branch memcpy16 + +le_send_fixed_ltk: + arg mem_le_fixed_ltk,contr + branch memcpy16 + + +le_send_smp_master_identification: + arg mem_le_ediv,contw + force 10,loopcnt + call generate_random_loop + force 11,rega + call le_fifo_malloc_tx_l2cap_smp + setarg SMP_MASTER_IDENTIFICATION + istore 1,contw + fetch 2,mem_le_ediv + istore 2,contw + fetch 8,mem_le_rand + istore 8,contw + rtn + +le_send_smp_identity_information: + force 17,rega + call le_fifo_malloc_tx_l2cap_smp + setarg SMP_IDENTITY_INFORMATION + istore 1,contw + setarg 0 + istore 8,contw + istore 8,contw + rtn + + +le_send_smp_identity_address_information: + force 8,rega + call le_fifo_malloc_tx_l2cap_smp + setarg SMP_IDENTITY_ADDRESS_INFORMATION + istore 1,contw + fetch 1,mem_le_conn_own_addr_type + istore 1,contw + fetch 6,mem_le_lap + istore 6,contw + rtn + + +le_send_pairing_fail_unspecified_reason: + jam PAIRING_FAILED_UNSPECIFIED_REASON,mem_le_ll_pairing_fail_reason + branch le_send_pairing_failed + +le_check_init_key_distribution: + fetch 1,mem_le_pres_init_key_distribution + fetcht 1,mem_le_pres_init_key_distribution + iand temp,pdata + rtn + +le_parse_smp_identity_information: + arg mem_le_irk,contw + call memcpy16 + call le_check_init_key_distribution + isolate0 LE_INITATOR_IRK_BIT,pdata + branch le_send_pairing_fail_unspecified_reason,true + fetch 1,mem_device_option + rtnne dvc_op_module + call le_check_master_addr_type + nrtn user + branch app_ble_store_reconn_info + +//output:user is enable ,random addr type +le_check_master_addr_type: + call disable_user + fetch 1,mem_le_conn_peer_addr_type + rtneq MASTER_PUBLIC_ADDR + fetch 1,mem_le_plap+5 + compare 0xc0,pdata,0xc0 + rtn true + branch enable_user + +le_parse_smp_identity_address_information: + call le_check_init_key_distribution + isolate0 LE_INITATOR_IRK_BIT,pdata + branch le_send_pairing_fail_unspecified_reason,true + rtn + +le_parse_smp_master_identification: +le_parse_smp_signing_information: +le_parse_smp_security_request: + rtn + +ifdef SECURE_CONNECTION +le_parse_smp_public_key: + arg mem_le_pubkey_remote_x_256,contw + call memcpy64 + jam LE_SP_FLAG_COMMIT_256,mem_le_secure_connect_flag + jam LE_SC_STAT_RECEIVE_PUBLIC_KEY,mem_le_secure_connect_state + rtn + +le_parse_smp_dhkey_check: + arg mem_sp_confirm_remote,contw + call memcpy16 + jam LE_SC_STAT_RECEIVE_DHKEY,mem_le_secure_connect_state + jam LE_SP_FLAG_COMMIT_256,mem_le_secure_connect_flag + rtn + +le_send_smp_pairing_public_key: + force 65,rega + call le_fifo_malloc_tx_l2cap_smp + setarg SMP_PAIRING_PUBLIC_KEY + istore 1,contw + arg mem_le_pubkey_local_x_256,contr + branch memcpy64 + +le_send_smp_pairing_dhkey_check: + call function_f6_eb + force 17,rega + call le_fifo_malloc_tx_l2cap_smp + setarg SMP_PAIRING_DHKEY_CHECK + istore 1,contw + branch load_inverse_result + +endif + +le_check_paring_time: + fetch 1,mem_le_pairing_state + rtneq FLAG_LE_PAIRING_END + arg FLAG_LE_PAIRING_RCV_PAIRING_REQ,temp + isub temp,null + nrtn positive + arg smp_pairing_timer,queue + call timer_check + nrtn blank + branch le_send_pairing_fail_unspecified_reason + +le_pairing_sm: + bpatchx patch26_3,mem_patch26 + fetch 1,mem_le_pairing_state + beq FLAG_LE_PAIRING_NULL,le_pairing_sm_null + beq FLAG_LE_PAIRING_START,le_pairing_sm_start + beq FLAG_LE_PAIRING_SEND_RECURITY_REQ,le_pairing_sm_send_sec_req + beq FLAG_LE_PAIRING_RCV_PAIRING_REQ,le_pairing_sm_rcv_pairing_req + beq FLAG_LE_PAIRING_AFTER_AUTH,le_pairing_sm_after_auth + beq FLAG_LE_PARING_SEND_ENC_INFORMATION,le_pairng_sm_send_enc_information + beq FLAG_LE_PARING_SEND_MASTER_IDENTIFICATION,le_pairng_sm_send_master_indentification + beq FLAG_LE_PARING_SEND_INDENTITY_INFORMATION,le_pairng_sm_send_indentity_information + rtn + +le_pairing_sm_null: +le_pairing_sm_send_sec_req: + fetch 1,mem_le_enc_state + rtnne FLAG_LE_SEND_START_ENC_RSP + jam FLAG_LE_ENC_END,mem_le_enc_state + jam FLAG_LE_PAIRING_END,mem_le_pairing_state + jam BT_EVT_LE_RECONNECT_COMPLETE ,mem_fifo_temp + branch ui_ipc_send_event + + +le_pairing_sm_start: + jam FLAG_LE_PAIRING_SEND_RECURITY_REQ,mem_le_pairing_state + branch le_send_smp_security_request + +le_pairing_sm_rcv_pairing_req: + jam FLAG_LE_PAIRING_AUTH,mem_le_pairing_state + setarg TIMER_SMP_PAIRING_TIMEOUT + arg smp_pairing_timer,queue + branch timer_init + +le_pairing_sm_after_auth: + fetch 1,mem_le_enc_state + beq FLAG_LE_SEND_START_ENC_RSP,le_pairing_sm_after_auth_start_enc + rtn + +le_pairing_sm_after_auth_start_enc: + jam FLAG_LE_PARING_SEND_ENC_INFORMATION,mem_le_pairing_state + jam BT_EVT_LE_ENC_INFO,mem_fifo_temp + call ui_ipc_send_event + call le_send_smp_encryption_information + fetch 1,mem_device_option + rtnne dvc_op_module + call le_check_master_addr_type + rtn user + branch app_ble_store_reconn_info + + +le_pairng_sm_send_enc_information: + jam FLAG_LE_PARING_SEND_MASTER_IDENTIFICATION,mem_le_pairing_state + branch le_send_smp_master_identification + +le_pairng_sm_send_master_indentification: + fetch 1,mem_le_preq_resp_key_distribution + fetcht 1,mem_le_pres_resp_key_distribution + iand temp,pdata + isolate0 LE_INITATOR_IRK_BIT,pdata + branch le_parse_start_enc_rsp_after_auth_end,true + jam FLAG_LE_PARING_SEND_INDENTITY_INFORMATION,mem_le_pairing_state + branch le_send_smp_identity_information + +le_pairng_sm_send_indentity_information: + call le_send_smp_identity_address_information + branch le_parse_start_enc_rsp_after_auth_end + + +le_parse_start_enc_rsp_after_auth_end: + force smp_pairing_timer,queue + call timer_stop + jam FLAG_LE_ENC_END,mem_le_enc_state + jam FLAG_LE_PAIRING_END,mem_le_pairing_state + jam BT_EVT_LE_PAIRING_COMPLETE ,mem_fifo_temp + branch ui_ipc_send_event + + +ifdef SECURE_CONNECTION + +le_secure_connect_sm: + bpatchx patch26_4,mem_patch26 + fetch 1,mem_le_pairing_mode + rtnbit0 LE_PAIRING_MODE_SECURE_CONNECT_BIT + fetch 1,mem_le_secure_connect_flag + rtnne LE_SP_FLAG_COMMIT_256 + jam SP_FLAG_STANDBY,mem_le_secure_connect_flag + fetch 1,mem_le_secure_connect_state + beq LE_SC_STAT_RECEIVE_PUBLIC_KEY,le_sc_sm_receive_public_key + beq LE_SC_STAT_WAIT_SEND_PUBLIC_KEY,le_sc_sm_wait_send_public_key + beq LE_SC_STAT_SEND_PUBLIC_KEY,le_sc_sm_send_public_key + beq LE_SC_STAT_RECEIVE_DHKEY,le_sc_sm_receive_dhkey + beq LE_SC_STAT_WAIT_CONFIRM_GKEY,le_sc_sm_wait_confirm_gkey + beq LE_SC_STAT_PASSKEY_WAIT_CONFIRM,le_sc_sm_passkey_wait_confirm + rtn + + +le_sc_sm_passkey_wait_confirm: + fetch 1,mem_authentication_passkey_times + copy pdata,queue + increase 1,pdata + store 1,mem_authentication_passkey_times + fetch 4,mem_le_tk + qisolate1 pdata + setarg 0x80 + setflag true,0,pdata + store 1,mem_passkey_1bit + branch le_sc_sm_ready_send_pairing_confirm + +le_sc_sm_wait_confirm_gkey: + fetch 1,mem_le_sc_confirm_gkey_flag + jam FLAG_LE_SC_CONFRIM_NULL,mem_le_sc_confirm_gkey_flag + beq FLAG_LE_SC_CONFRIM_GKEY_OK,le_sc_confirm_gkey_ok + jam LE_SP_FLAG_COMMIT_256,mem_le_secure_connect_flag + rtn + +le_sc_confirm_gkey_ok: + jam BT_EVT_LE_PAIRING_SUCCESS,mem_fifo_temp + call ui_ipc_send_event + jam FLAG_LE_PAIRING_AFTER_AUTH,mem_le_pairing_state + branch le_send_smp_pairing_dhkey_check + +le_sc_sm_receive_dhkey: + fetch 1,mem_sp_dhkey_invalid + beq SP_KEY_VALID_256,le_dhkey_ready + jam LE_SP_FLAG_COMMIT_256,mem_le_secure_connect_flag + rtn + +le_dhkey_ready: + call function_f5 +// arg mem_le_r,contw +// force 2,loopcnt +// call memset0 + fetch 1,mem_le_pairing_mode + beq LE_PAIRING_MODE_SECURE_CONNECT_PASSKEY ,le_dhkey_ready_common + call le_set_tk_0 +le_dhkey_ready_common: + call function_f6_ea + arg mem_AES_CMAC_temp,rega + arg mem_sp_confirm_remote ,regb + arg 16,loopcnt + call string_compare + branch le_dhkey_check_ok,zero +le_dhkey_check_fail: + jam PAIRING_FAILED_DHKEY_CHECK_FAILED,mem_le_ll_pairing_fail_reason + branch le_send_pairing_failed + + +le_dhkey_check_ok: + call sp_calc_check_publickey_256 + nbranch le_dhkey_check_fail,zero + jam 1,mem_ltk_exists + fetch 1,mem_le_pairing_mode + beq LE_PAIRING_MODE_SECURE_CONNECT_JUSTWORK,le_sc_confirm_gkey_ok + beq LE_PAIRING_MODE_SECURE_CONNECT_PASSKEY ,le_sc_confirm_gkey_ok + jam LE_SP_FLAG_COMMIT_256,mem_le_secure_connect_flag + jam LE_SC_STAT_WAIT_CONFIRM_GKEY,mem_le_secure_connect_state + rtn + +le_sc_sm_send_public_key: + fetch 1,mem_le_pairing_mode + beq LE_PAIRING_MODE_SECURE_CONNECT_PASSKEY,le_sc_sm_send_public_key_passkey + jam 0,mem_passkey_1bit +le_sc_sm_ready_send_pairing_confirm: + branch le_send_smp_pairing_confirm + +le_sc_sm_send_public_key_passkey: +// jam LE_SP_FLAG_COMMIT_256,mem_le_secure_connect_flag +// jam LE_SC_STAT_PASSKEY_WAIT_CONFIRM,mem_le_secure_connect_state +// branch p_ng_event_le_get_passkey + jam 0,mem_authentication_passkey_times + branch le_parse_smp_pairing_req_passkey + + +le_sc_sm_receive_public_key: + jam LE_SP_FLAG_COMMIT_256,mem_le_secure_connect_flag + fetch 1,mem_le_sc_local_key_invalid + beq SP_KEY_VALID_256,le_public_key_ready +// jam LE_SP_FLAG_COMMIT_256,mem_le_secure_connect_flag + rtn + +le_public_key_ready: + jam LE_SC_STAT_WAIT_SEND_PUBLIC_KEY,mem_le_secure_connect_state + jam SP_KEY_INVALID,mem_sp_dhkey_invalid + branch sp_dhkey_calc_256 + +le_sc_sm_wait_send_public_key: + jam LE_SP_FLAG_COMMIT_256,mem_le_secure_connect_flag + jam LE_SC_STAT_SEND_PUBLIC_KEY,mem_le_secure_connect_state + branch le_send_smp_pairing_public_key + +endif + + +le_fifo_malloc_tx_l2cap_smp: + force LE_L2CAP_CID_SMP,regb + branch le_fifo_malloc_tx_l2cap + + Index: dukaqi/senrui/program/le_ll.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/le_ll.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/le_ll.prog (working copy) @@ -0,0 +1,213 @@ + +le_parse_ll: + bpatchx patch26_5,mem_patch26 + fetch 1,mem_le_rxbuf+2 + beq LL_CONNECTION_UPDATE_REQ,le_parse_connection_update_req + beq LL_CHANNEL_MAP_REQ,le_parse_channel_map_req + beq LL_TERMINATE_IND,le_parse_terminate_ind + beq LL_ENC_REQ,le_parse_enc_req + beq LL_ENC_RSP,le_parse_enc_rsp + beq LL_START_ENC_REQ,le_parse_start_enc_req + beq LL_START_ENC_RSP,le_parse_start_enc_rsp + beq LL_UNKNOWN_RSP,le_parse_unknown_rsp + beq LL_FEATURE_REQ,le_parse_feature_req + beq LL_FEATURE_RSP,le_parse_feature_rsp + beq LL_PAUSE_ENC_REQ,le_parse_pause_enc_req + beq LL_PAUSE_ENC_RSP,le_parse_pause_enc_rsp + beq LL_VERSION_IND,le_parse_version_ind + beq LL_REJECT_IND,le_parse_reject_ind + beq LL_PING_REQ,le_parse_ping_req + beq LL_PING_RSP,le_parse_ping_rsp + arg 2,rega + arg LL_UNKNOWN_RSP,regb + call le_fifo_malloc_tx_ll + fetch 1,mem_le_rxbuf+2 + istore 1,contw + rtn + + +le_parse_connection_update_req: + ifetch 9,contr + store 9,mem_le_new_param + ifetch 2,contr + store 2,mem_le_instant + fetch 1,mem_le_state + set1 lestate_update_param,pdata + store 1,mem_le_state + rtn + +le_parse_channel_map_req: + ifetch 5,contr + store 5,mem_le_new_map + ifetch 2,contr + store 2,mem_le_instant + fetcht 2,mem_le_event_count + isub temp,null + nbranch le_parse_terminate_ind,positive + fetch 1,mem_le_state + set1 lestate_update_map,pdata + store 1,mem_le_state + rtn + + +le_parse_terminate_ind: + setarg 20 // 200ms + store 2,mem_le_superto + store 2,mem_le_init_superto + rtn + +le_send_terminate_ind_user_terminated: + arg ERROR_REMOTE_USER_TERMINATED_CONNECTION,regc + +//regc:The ErrorCode field shall be set to inform the remote device why the connection is about to be terminated. +le_send_terminate_ind: + arg 2,rega + arg LL_TERMINATE_IND,regb + call le_fifo_malloc_tx_ll + copy regc,pdata + istore 1,contw + rtn + +le_parse_feature_req: + +le_send_feature_rsp: + arg 9,rega + arg LL_FEATURE_RSP,regb + call le_fifo_malloc_tx_ll + setarg param_le_features + istore 8,contw + rtn + + +le_parse_version_ind: + rtn master +le_send_version_ind: + arg 6,rega + arg LL_VERSION_IND,regb + call le_fifo_malloc_tx_ll + fetch 5,mem_lmp_version + istore 5,contw + rtn + + +le_parse_ping_req: + arg LL_PING_RSP,regb + branch le_send_ll_one_lenth + +//regb:ll opcode +le_send_ll_one_lenth: + arg 1,rega + branch le_fifo_malloc_tx_ll + + +le_parse_enc_req: + ifetch 8,contr + store 8,mem_le_rand + ifetch 2,contr + store 2,mem_le_ediv + ifetch 8,contr + store 8,mem_le_skdm + ifetch 4,contr + store 4,mem_le_ivm + call le_send_enc_rsp + bpatchx patch26_6,mem_patch26 + fetch 1,mem_le_pairing_state + beq FLAG_LE_PAIRING_AFTER_AUTH,le_parse_enc_req_after_auth + fetch 1,mem_le_configuration + bbit1 BIT_BLE_PAIRING_FIXED_LTK,le_parse_enc_req_fixed_ltk + fetch 1,mem_nv_data_number + ncall load_device_list_mode_4,blank + fetch 1,mem_ltk_exists + beq 0,le_ltk_lost +le_parse_enc_req_after_auth: + jam FLAG_LE_RCV_ENC_START,mem_le_enc_state + call le_send_start_enc_req + branch generate_sk + +le_parse_enc_req_fixed_ltk: + jam 1,mem_ltk_exists + arg mem_le_fixed_ltk,contr + arg mem_le_ltk,contw + call memcpy16 + branch le_parse_enc_req_after_auth + + +le_ltk_lost: + bpatchx patch26_7,mem_patch26 + jam FLAG_LE_ENC_NULL,mem_le_enc_state + jam FLAG_LE_ENC_NULL,mem_le_pairing_state + jam BT_EVT_LE_LTK_LOST,mem_fifo_temp + branch ui_ipc_send_event + +le_send_reject_ind: + arg 2,rega + arg LL_REJECT_IND,regb + call le_fifo_malloc_tx_ll + setarg LE_ERR_PIN_OR_KEY_MISSING + istore 1,contw + rtn + +le_send_enc_rsp: + arg mem_le_skds,contw + force 8,loopcnt + call generate_random_loop + arg mem_le_ivs,contw + force 4,loopcnt + call generate_random_loop + arg 13,rega + arg LL_ENC_RSP,regb + call le_fifo_malloc_tx_ll + fetch 8,mem_le_skds + istore 8,contw + fetch 4,mem_le_ivs + istore 4,contw + rtn + +le_send_start_enc_req: + arg LL_START_ENC_REQ,regb + branch le_send_ll_one_lenth + +le_send_start_enc_rsp: + arg LL_START_ENC_RSP,regb + branch le_send_ll_one_lenth + + +le_parse_enc_rsp: + ifetch 8,contr + store 8,mem_le_skds + ifetch 4,contr + store 4,mem_le_ivs + branch generate_sk + +le_parse_start_enc_req: + fetch 1,mem_le_state + set1 lestate_encryption,pdata + store 1,mem_le_state + rtn + +le_parse_start_enc_rsp: + rtn master + jam BT_EVT_LE_START_ENC,mem_fifo_temp + call ui_ipc_send_event + jam FLAG_LE_SEND_START_ENC_RSP,mem_le_enc_state + branch le_send_start_enc_rsp + +le_parse_pause_enc_req: + jam FLAG_LE_ENC_PAUSE,mem_le_enc_state + call le_send_pause_enc_rsp + jam BT_EVT_LE_PAUSE_ENC,mem_fifo_temp + branch ui_ipc_send_event + +le_send_pause_enc_rsp: + arg LL_PAUSE_ENC_RSP,regb + branch le_send_ll_one_lenth + + +le_parse_feature_rsp: +le_parse_unknown_rsp: +le_parse_pause_enc_rsp: +le_parse_reject_ind: +le_parse_ping_rsp: + rtn + + Index: dukaqi/senrui/program/lmp.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/lmp.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/lmp.prog (working copy) @@ -0,0 +1,2522 @@ + +/******************************************/ +/************* LMP Parse **************/ +/******************************************/ +init_lmp: + rtn wake +init_lmp_work: + bpatchx patch27_0,mem_patch27 + setarg 0 + store 1,mem_lmp_to_send + store 1,mem_conn_sm + store 1,mem_lmo_opcode1 + store 1,mem_lmo_opcode2 + store 1,mem_esco_addr + store 1,mem_auth_enable + store 1,mem_connection_options + store 1,mem_pairing_auth + jam SWITCH_FLAG_INIT,mem_switch_flag + jam 0,mem_switch_fail_master_count + jam NULL_ENCRYP,mem_wait_encryption +init_lmp_reinit: + jam 0,mem_pairing_auth + jam 0,mem_sp_localsm + jam 0,mem_lmp_conn_state + //fall through +parse_rx_done: + rtn + +parse_lmp: + bpatchx patch27_1,mem_patch27 + call setlocalsm_master,master //use this flag in hci + ncall setlocalsm_slave,master + call lmo_fifo_check + nrtn blank + fetch 1,mem_state_map + rtnbit0 smap_rxlmp + set0 smap_rxlmp,pdata + set0 mark_rxbuf_inuse,mark + store 1,mem_state_map + fetch 1,mem_rxbuf + fetcht 1,mem_state_map + isolate1 smap_lmptidinit,pdata + setflag true,smap_lmptid,temp + storet 1,mem_state_map + and_into 0x2,temp //smap_lmptid only + storet 1,mem_lmo_tid2 + fetcht 1,mem_state_map + rshift pdata,pdata /* align lmp_opcode */ + store 1,mem_lmi_opcode2 + bpatchx patch27_2,mem_patch27 + fetch 1,mem_lmi_opcode2 + beq LMP_ESCAPE,parse_lmp_escape//multi + beq LMP_ACCEPTED,parse_lmp_accepted//multi + beq LMP_NOT_ACCEPTED,parse_lmp_not_accepted//multi + beq LMP_SET_AFH, parse_lmp_set_afh + beq LMP_CLKOFFSET_REQ, parse_lmp_clkoffset_req + beq LMP_ENCRYPTION_MODE_REQ, parse_lmp_encryption_mode_req + beq LMP_ENCRYPTION_KEY_SIZE_REQ,parse_lmp_crypt_key + beq LMP_AUTO_RATE,parse_lmp_auto_rate + beq LMP_TEST_CONTROL,parse_lmp_test_control//multi + beq LMP_TEST_ACTIVATE,parse_lmp_test_activate + beq LMP_SETUP_COMPLETE,parse_lmp_setup_complete + beq LMP_SUPERVISION_TIMEOUT,parse_lmp_supervision_timeout + beq LMP_FEATURES_REQ,parse_lmp_features_req + beq LMP_HOST_CONNECTION_REQ,parse_lmp_conn_req + beq LMP_VERSION_REQ,parse_lmp_version_req + beq LMP_VERSION_RES,parse_lmp_version_res + beq LMP_DETACH,parse_lmp_detach + beq LMP_MAX_SLOT,parse_lmp_max_slot + beq LMP_MAX_SLOT_REQ,parse_lmp_max_slot_req + beq LMP_NAME_REQ,parse_lmp_name_req + beq LMP_NAME_RES,parse_lmp_name_res + beq LMP_FEATURES_RES,parse_lmp_features_res + beq LMP_COMB_KEY,parse_lmp_comb_key + beq LMP_AU_RAND, parse_lmp_au_rand + beq LMP_IN_RAND,parse_lmp_in_rand + beq LMP_SRES,parse_lmp_sres + beq LMP_INCR_POWER_REQ,parse_lmp_incr_power + beq LMP_DECR_POWER_REQ,parse_lmp_decr_power + beq LMP_MAX_POWER, parse_lmp_max_power + beq LMP_MIN_POWER, parse_lmp_min_power + beq LMP_PAGE_MODE_REQ, parse_lmp_page_mode_req + beq LMP_PAGE_SCAN_MODE_REQ, parse_lmp_page_scan_mode_req + beq LMP_PREFERRED_RATE, parse_lmp_preferred_rate + beq LMP_SLOT_OFFSET, parse_lmp_slot_offset + beq LMP_SNIFF_REQ, parse_lmp_sniff_req + beq LMP_START_ENCRYPTION_REQ, parse_lmp_start_encryption_req + beq LMP_STOP_ENCRYPTION_REQ, parse_lmp_stop_encryption_req + beq LMP_SWITCH_REQ, parse_lmp_switch_req + beq LMP_TEMP_RAND, parse_lmp_temp_rand + beq LMP_TEMP_KEY, parse_lmp_temp_key + beq LMP_TIMING_ACCURACY_REQ, parse_lmp_timing_accuracy_req + beq LMP_TIMING_ACCURACY_RES, parse_lmp_timing_accuracy_res + beq LMP_UNIT_KEY, parse_lmp_unit_key + beq LMP_UNSNIFF_REQ, parse_lmp_unsniff_req + beq LMP_USE_SEMI_PERMANENT_KEY, parse_lmp_use_semi_permanend_key + beq LMP_ENCAPSULATED_HEADER,parse_lmp_encapsulated_header + beq LMP_ENCAPSULATED_PAYLOAD,parse_lmp_encapsulated_payload + beq LMP_SIMPLE_PAIRING_CONFIRM,parse_simple_pairing_confirm + beq LMP_SIMPLE_PAIRING_NUMBER,parse_lmp_simple_pairing_number + beq LMP_DHKEY_CHECK,parse_dhkey_check + beq LMP_CLKOFFSET_RES, parse_lmp_clkoffset_res + beq LMP_ENC_KEY_SIZE_MASK_REQ,parse_enc_key_size_mask_req +/* lmp is not recognized, check to see if we respond to all messages */ +/* rejecting the unrecognized message with PDU not recognized */ +reject_unknown_packet: + jam UNKNOWN_LMP_PDU,mem_lmo_reason2 +reject_lmp_packet: + jam LMP_NOT_ACCEPTED,mem_lmo_opcode2 + rtn + +parse_lmp_clkoffset_req: + jam LMP_CLKOFFSET_RES,mem_lmo_opcode2 + rtn + +parse_enc_key_size_mask_req: + jam LMP_ENC_KEY_SIZE_MASK_RES,mem_lmo_opcode2 + rtn + +parse_lmp_set_afh: + fetch 4,mem_rxbuf+1 + lshift pdata,pdata + store 4,mem_afh_instant + fetch 1,mem_rxbuf+5 + store 1,mem_afh_new_mod + fetch 5,mem_rxbuf+6 + store 5,mem_afh_map_new + fetch 5,mem_rxbuf+11 + istore 5,contw + fetch 1,mem_mode + set1 afh_change,pdata + store 1,mem_mode + rtn +parse_lmp_escape: + bpatchx patch27_3,mem_patch27 + fetch 1,mem_rxbuf+1 + set1 7,pdata + store 1,mem_lmi_opcode2 + beq LMP_EXT_ACCEPTED,parse_lmpext_accepted + beq LMP_NOT_ACCEPTED_EXT,parse_lmpext_not_accepted + beq LMP_SNIFF_SUBRATING_REQ, parse_lmp_sniff_subrating_req + beq LMP_SNIFF_SUBRATING_RES, parse_lmp_sniff_subrating_res + beq LMP_PACKET_TYPE_TABLE_REQ,parse_lmpext_packet_type_table_req + beq LMP_EXT_FEATURES_REQ,parse_lmpext_features_req + beq LMP_EXT_FEATURES_RES,parse_lmpext_features_res + beq LMP_EXT_CHN_CLASSIFICATION_REQ,parse_lmpext_chn_classification_req + beq LMP_PAUSE_ENCRYPTION_REQ,parse_lmpext_pause_encrypt + beq LMP_RESUME_ENCRYPTION_REQ,parse_lmpext_resume_encrypt + beq LMP_IO_CAP_REQ,parse_lmpext_iocap_req + beq LMP_IO_CAP_RES,parse_lmpext_iocap_res + rtneq LMP_EXT_FEATURES_RES + + +reject_unknown_ext_packet: + jam LMP_NOT_ACCEPTED_EXT,mem_lmo_opcode2 + jam UNKNOWN_LMP_PDU,mem_lmo_reason2 + + rtn +parse_lmpext_chn_classification_req: + jam LMP_NOT_ACCEPTED_EXT,mem_lmo_opcode2 + jam NOT_SUPPORT_CHN_CLASSIFICATION,mem_lmo_reason2 + rtn + +parse_lmpext_iocap_req: + call iocap_lmpext_load + jam LMP_IO_CAP_RES,mem_lmo_opcode2 + rtn + +parse_lmpext_iocap_res: + call iocap_lmpext_load + branch iocap_lmpext_common + +iocap_lmpext_load: + arg mem_sp_iocap_remote,contw + fetch 3, mem_rxbuf+2 + istore 3,contw + rtn + +iocap_lmpext_common: +ifdef SIMPLE_PAIRING + branch master_set_mem_master_sp_flag,true//is un very ok to use master flag,but we have to add many codes if wo don't +endif + rtn +parse_lmpext_accepted: + fetch 1,mem_rxbuf+3 + set1 7,pdata + store 1,mem_lmi_accepted_opcode + beq LMP_PACKET_TYPE_TABLE_REQ,parse_lmpext_accepted_ptt + rtn + + +parse_lmpext_not_accepted: + fetch 1,mem_rxbuf+3 + set1 7,pdata + store 1,mem_lmi_accepted_opcode + beq LMP_PACKET_TYPE_TABLE_REQ,parse_lmpext_not_accepted_ptt + rtn + +parse_lmpext_accepted_ptt: + fetch 1,mem_ptt + fetcht 1,mem_state_map + nsetflag blank,smap_edr,temp + storet 1,mem_state_map +parse_lmpext_not_accepted_ptt: + fetch 1,mem_state + rtnbit0 state_init_seq + set0 state_init_seq,pdata + store 1,mem_state + fetch 1,mem_auth_enable + nrtn blank + jam LMP_SETUP_COMPLETE,mem_lmo_opcode2 + rtn + +parse_lmpext_pause_encrypt: + nbranch parse_lmpext_pause_encrypt_slave, master + jam LMP_STOP_ENCRYPTION_REQ,mem_lmo_opcode2 + branch tid_reply + +parse_lmpext_pause_encrypt_slave: + jam LMP_PAUSE_ENCRYPTION_REQ, mem_lmo_opcode2 + rtn + +parse_lmpext_resume_encrypt: +//trans file to pc may cause pause/resume encrypt +//if ms is conn_sm_wait_end the controllor won't send ack after recieved start_encypt_accept + call tid_reply + branch lmp_start_encryption + +parse_lmpext_features_req: + jam LMP_EXT_FEATURES_RES,mem_lmo_opcode2 + rtn + +parse_lmpext_features_res: + fetcht 1,mem_rxbuf+4 + and temp,0x1,temp + storet 1,mem_remote_sppcap + fetch 1,mem_hci_cmd + bne hci_cmd_wait_remote_ext_feature,parse_lmpext_features_res_not_hci + jam 0,mem_hci_cmd +parse_lmpext_features_res_not_hci: + fetch 1,mem_conn_sm + rtnne CONN_SM_WAIT_FEATURES_EXT + jam CONN_SM_SEND_CONN_REQ,mem_conn_sm + branch process_conn_sm + +parse_lmp_accepted: + bpatchx patch27_4,mem_patch27 + fetch 1,mem_rxbuf+1 + store 1,mem_lmi_accepted_opcode + beq LMP_HOST_CONNECTION_REQ,parse_lmp_accepted_hostconn//ok + beq LMP_IN_RAND,parse_lmp_accepted_inrand//ok + beq LMP_ENCRYPTION_MODE_REQ,parse_lmp_accepted_enc_mode//ok + beq LMP_ENCRYPTION_KEY_SIZE_REQ,parse_lmp_accepted_enc_keysize//ok + beq LMP_START_ENCRYPTION_REQ,parse_lmp_accepted_start_enc//ok + beq LMP_STOP_ENCRYPTION_REQ,parse_lmp_accepted_stop_enc//ok + beq LMP_UNSNIFF_REQ,parse_lmp_accepted_unsniff_req//ok + beq LMP_SNIFF_REQ,parse_lmp_accepted_sniff_req//ok + beq LMP_SWITCH_REQ,parse_lmp_accepted_switch + // simple pairing + beq LMP_ENCAPSULATED_HEADER,parse_lmp_accepted_encapsulated_header//ok + beq LMP_ENCAPSULATED_PAYLOAD,parse_lmp_accepted_encapsulated_payload//ok + beq LMP_SIMPLE_PAIRING_NUMBER,parse_lmp_accepted_simple_pairing_number//ok + beq LMP_DHKEY_CHECK,parse_lmp_accepted_dhkey_check//ok + rtn + +parse_lmp_not_accepted: + bpatchx patch27_5,mem_patch27 + fetch 1,mem_rxbuf+1 + store 1,mem_lmi_accepted_opcode + beq LMP_NAME_REQ,parse_lmp_not_accepted_name_req//ok + beq LMP_HOST_CONNECTION_REQ,parse_lmp_not_accepted_hostconn//ok + beq LMP_AU_RAND,parse_lmp_not_accepted_aurand//ok + beq LMP_IN_RAND,parse_lmp_not_accepted_inrand//ok + beq LMP_SWITCH_REQ,parse_lmp_not_accepted_switch//ok + /* simple pairing support */ + beq LMP_SIMPLE_PAIRING_NUMBER,parse_lmp_not_accepted_simple_pairing_number//ok + beq LMP_DHKEY_CHECK,parse_lmp_not_accepted_dhkey_check//ok + beq LMP_UNSNIFF_REQ,parse_lmp_not_accepted_unsniff_req + beq LMP_SNIFF_REQ,parse_lmp_not_acdcept_sniff_req + rtn + +parse_lmp_accepted_switch: + jam BT_EVT_SWITCH_ACCEPT,mem_fifo_temp + call ui_ipc_send_event + branch role_switch_prepare0 +parse_lmp_not_accepted_switch: + jam BT_EVT_SWITCH_NOT_ACCEPT,mem_fifo_temp + call ui_ipc_send_event + jam SWITCH_FLAG_NOT_ACCEPT,mem_switch_flag + setarg TIMER_SWITCH_WAITE + arg switch_wait_timer,queue + branch timer_init + + +parse_lmp_accepted_hostconn: + //fetch 1,mem_state + //rtnbit0 state_init_seq + fetch 1,mem_lmp_conn_state + set1 RECEIVED_CONN_REQ,pdata + store 1,mem_lmp_conn_state + jam BT_EVT_BB_CONNECTED,mem_fifo_temp + call ui_ipc_send_event + jam LMP_PACKET_TYPE_TABLE_REQ,mem_lmo_opcode2 + //nbranch parse_lmp_accepted_hostconn_ctn,master +parse_lmp_accepted_hostconn_ctn: + /* checking to see if we requested host connection */ + fetch 1,mem_conn_sm + bne CONN_SM_WAIT_CONN_ACCEPT, parse_rx_done + //branch parse_lmp_accepted_hostconn_master,master + /* continuing on with host connection state machine */ + jam CONN_SM_AUTH_PAIR,mem_conn_sm + rtn + //branch host_create_conn_auth_pair + + /* we need to move fast and send au_rand...jumping to next part of state machine for conn */ +//parse_lmp_accepted_hostconn_master: + //jam CONN_SM_AUTH_PAIR ,mem_conn_sm +// rtn + +parse_lmp_not_accepted_hostconn: + jam ACL_CONNECTION_ALREADY_EXISTS,mem_disconn_reason_send + jam LMP_DETACH,mem_lmo_opcode2 + /* clearing connection state machine */ + jam CONN_SM_STANDBY,mem_conn_sm + /* sending error message to host */ + branch parse_rx_done,true + rtn + +parse_lmp_accepted_inrand: + fetch 1,mem_link_key_exists + nrtn blank + call clear_linkkey + call lmp_generate_key + rtn master + set1 mark_slave_in_rand_accepted,mark + rtn + +parse_lmp_accepted_enc_mode: + nrtn master + jam LMP_ENCRYPTION_KEY_SIZE_REQ,mem_lmo_opcode2 + fetch 1,mem_state_map + rtnbit0 smap_encryption + jam LMP_STOP_ENCRYPTION_REQ,mem_lmo_opcode2 + rtn + +parse_lmp_accepted_enc_keysize: + branch lmp_start_encryption + +parse_lmp_accepted_start_enc: + call send_create_conn_start_l2cap_timer_sm + fetch 1,mem_state + rtnbit1 state_conn_comp + jam LMP_SETUP_COMPLETE,mem_lmo_opcode2 + fetch 1,mem_conn_sm + rtnne CONN_SM_ENCRYPT_WAIT + jam CONN_SM_ENCRYPT_WAIT_CLEAR,mem_conn_sm + rtn + +parse_lmp_accepted_stop_enc: + /* again this won't work with multipoint. keep track of anyone else encrypting */ + //jam HOST_STOP_ENCRYPTION,message_queue_B0 + //jam 1,message_queue_B1 + //jam HOST_RETURN_SUCCESS,message_queue_B2 + //fetch 1,mem_lmp_state2 + //set1 MESSAGE_QUEUE,pdata + //store 1,mem_lmp_state2 + rtn + +parse_lmp_not_accepted_aurand: +parse_lmp_not_accepted_aurand_send_detach: + jam LMP_DETACH,mem_lmo_opcode2 + jam OTHER_END_TERMINATED,mem_disconn_reason_send + rtn +/*in pair remote cancel the pair*/ +parse_lmp_not_accepted_inrand: + fetch 1,mem_rxbuf+2 + beq KEY_MISSING,parse_lmp_inrand_key_missing + rtnne PAIRING_NOT_ALLOWED + jam PAIRING_NOT_ALLOWED,mem_disconn_reason_send + jam LMP_DETACH,mem_lmo_opcode2 + rtn +parse_lmp_inrand_key_missing: + jam KEY_MISSING,mem_disconn_reason_send + jam LMP_DETACH,mem_lmo_opcode2 + rtn + +parse_lmp_not_accepted_name_req: + rtn + +parse_lmp_not_accepted_simple_pairing_number: + jam SP_STAT_NULL,mem_sp_state + jam LMP_DETACH,mem_lmo_opcode2 + branch parse_rx_done + +parse_lmp_not_accepted_dhkey_check: +ifdef LMP_DBG + call ice_break +endif + jam SP_STAT_NULL,mem_sp_state + jam LMP_DETACH,mem_lmo_opcode2 + branch parse_rx_done +parse_lmp_not_accepted_unsniff_req: + jam BT_EVT_UNSNIFF_NOT_ACCEPT,mem_fifo_temp + branch ui_ipc_send_event + +parse_lmp_accepted_unsniff_req: + jam BT_EVT_UNSNIFF_ACCEPT,mem_fifo_temp + call ui_ipc_send_event + branch sniff_exit + +parse_lmp_accepted_sniff_req: + jam BT_EVT_SNIFF_ACCEPT,mem_fifo_temp + call ui_ipc_send_event + setarg 0 + store 2,mem_dsniff + fetch 2,mem_sniff_param_interval + lshift pdata,pdata + store 2,mem_tsniff + fetch 1,mem_sniff_param_attempt + store 1,mem_sniff_attempt + fetch 1,mem_sniff_param_timeout + store 1,mem_sniff_timeout + branch sniff_init + +parse_lmp_not_acdcept_sniff_req: + jam BT_EVT_SNIFF_NOT_ACCEPT,mem_fifo_temp + branch ui_ipc_send_event + +parse_lmp_crypt_key: + fetcht 1,mem_rxbuf+1 + storet 1,mem_key_size + branch accept_lmp_msg + +parse_lmp_setup_complete: + fetch 1,mem_lmp_conn_state + set1 RECEIVED_SETUP_COMPLETE,pdata + store 1,mem_lmp_conn_state + rtnbit1 SENT_SETUP_COMPLETE + jam LMP_SETUP_COMPLETE,mem_lmo_opcode2 + branch parse_rx_done + +parse_lmp_max_slot: + //jam LMP_MAX_SLOT,mem_lmi_opcode2 + //branch accept_lmp_msg + rtn + +parse_lmp_max_slot_req: + fetch 1,mem_max_slot + fetcht 1,mem_rxbuf+1 + isub temp,null + //jam LMP_MAX_SLOT_REQ,mem_lmi_opcode2 + branch accept_lmp_msg,positive + jam LMP_NOT_ACCEPTED,mem_lmo_opcode2 + jam UNSPECIFIED_ERROR,mem_lmo_reason2 + jam LMP_MAX_SLOT_REQ,mem_lmi_opcode2 + rtn + +parse_lmp_detach: + call prepare_disconnect + branch accept_lmp_msg + +accept_lmp_msg: + jam LMP_ACCEPTED,mem_lmo_opcode2 + rtn + +parse_lmp_incr_power: + jam LMP_MAX_POWER,mem_lmo_opcode2 + rtn + +parse_lmp_decr_power: + jam LMP_MIN_POWER,mem_lmo_opcode2 + rtn + +parse_lmp_version_res: + fetch 1,mem_conn_sm + rtneq CONN_SM_WAIT_VERSION + /* continuing on with host connection state machine */ + jam CONN_SM_SEND_FEATURES ,mem_conn_sm + /* we need to move fast and send au_rand...jumping to next part of state machine for conn */ + rtn + + +parse_lmp_auto_rate: + rtn + +parse_lmp_in_rand: + call lmp_copy_rand + jam pincode_state_wait_pincode,mem_pincode_state + jam BT_EVT_PINCODE_REQ,mem_fifo_temp + call ui_ipc_send_event + + call tid_check + nbranch lmp_accept_inrand,true + //fetch 1,mem_auth_enable + nbranch parse_lmp_inrand_res,master // ignore this because of not ssp temporary + jam LMP_NOT_ACCEPTED,mem_lmo_opcode2 + jam LMP_IN_RAND,mem_lmi_opcode2 + jam TRANSACTION_COLLISION,mem_lmo_reason2 + rtn +parse_lmp_inrand_res: + fetch 1,mem_op + set1 op_inrand_req,pdata + store 1,mem_op + rtn + +//store current tid +pop_tid_follow: + fetcht 1,mem_state_map + nsetflag blank,smap_lmptid,temp + storet 1,mem_state_map + rtn + +//restore current tid +push_tid_follow: + fetch 1,mem_lmo_tid2 + rshift pdata,pdata + and_into 1,pdata + rtn + +parse_lmp_au_rand_moudle: + fetch 1,mem_nv_data_number + rtn blank + fetch 1,mem_pairing_auth + call load_device_list,blank + rtn + +parse_lmp_au_rand: + call parse_lmp_au_rand_moudle + call push_tid_follow + store 1,mem_sres_tid + call lmp_copy_rand + jam LMP_SRES,mem_lmo_opcode2 + fetch 1,mem_link_key_exists + nrtn blank + fetch 1,mem_state + rtnbit1 state_combkey /* we have comb key, but not verified */ + jam KEY_MISSING,mem_lmo_reason2 + branch reject_lmp_packet + +parse_lmp_sres: + arg mem_plap,rega + call function_e1 + fetch 4,mem_rxbuf+1 + fetcht 4,mem_input_store + isub temp,null + branch authentication_ok,zero + jam LMP_DETACH,mem_lmo_opcode2 + jam AUTHENTICATION_FAILURE_ERROR,mem_disconn_reason_send + rtn +authentication_ok: + call authentication_ok_common + fetch 1,mem_ssp_enable + branch pairing_success,blank + rtn + + +authentication_ok_common: + call copy_aco + call linkkey_ready///save link key + fetch 1,mem_op + isolate1 op_auth_req,pdata + set0 op_auth_req,pdata + store 1,mem_op + fetch 1,mem_conn_sm + beq CONN_SM_AUTH_WAIT,authentication_ok_conn_sm + beq CONN_SM_PAIRING_WAIT,authentication_ok_conn_sm + rtn +authentication_ok_conn_sm: + fetch 1,mem_pairing_auth + rtnne DEFALT_PAIRING_AUTH + fetch 1,mem_state_map + rtnbit1 smap_encryption + branch host_create_conn_encrypt + +parse_lmp_comb_key: + arg mem_rxbuf+1,rega + arg mem_kinit,regb + arg mem_random_number,contw + call xor16 + arg mem_plap,rega + call generate_linkkey + jam LMP_AU_RAND,mem_lmo_opcode2 + fetch 1,mem_state + bbit0 state_combkey,lmp_generate_key + rtn + +parse_lmp_name_res: + fetch 2,mem_len + add pdata,-3,loopcnt //for remote name length error + fetcht 1,mem_rxbuf+1 + setarg mem_tmp_buffer + iadd temp,contw + arg mem_rxbuf+3,contr + call memcpy + fetcht 1,mem_name_offset + fetch 1,mem_rxbuf+2 + isub temp,pdata + sub pdata,14,null + branch parse_lmp_name_res_end,positive + add temp,14,pdata + store 1,mem_name_offset + jam LMP_NAME_REQ,mem_lmo_opcode2 + rtn +parse_lmp_name_res_end: + fetch 1,mem_state_map + set1 smap_name_res,pdata + store 1,mem_state_map + bbit1 smap_name_req,lmp_disconnect + rtn +parse_lmp_name_req: + fetch 1,mem_rxbuf+1 + store 1,mem_lmi_opcode2 //offset + jam LMP_NAME_RES,mem_lmo_opcode2 + rtn + +parse_lmp_conn_req: + branch accept_lmp_msg + +parse_lmp_timing_accuracy_req: + jam LMP_TIMING_ACCURACY_RES,mem_lmo_opcode2 + rtn + +parse_lmp_features_req: + jam LMP_FEATURES_RES,mem_lmo_opcode2 + rtn + +parse_lmp_version_req: + jam LMP_VERSION_RES,mem_lmo_opcode2 + rtn + +parse_lmp_supervision_timeout: +// fetch 2,mem_rxbuf+1 +// store 2,mem_supervision_to + rtn + + + +parse_lmp_sniff_subrating_req: + fetch 2,mem_tsniff + iforce temp + fetch 1,mem_rxbuf+2 + store 1,mem_subsniff_rate + imul32 temp,temp + fetch 2,mem_rxbuf+3 + lshift pdata,pdata + store 2,mem_subsniff_tcmax + fetch 4,mem_rxbuf+5 + lshift pdata,pdata + store 4,mem_subsniff_instant + //product pdata + deposit temp + store 2,mem_subsniff_tsniff + rtn +parse_lmpext_packet_type_table_req: + fetcht 1,mem_ptt + fetch 1,mem_rxbuf+2 + ixor temp,null + nbranch reject_unknown_ext_packet,zero + isolate1 0,pdata + fetch 1,mem_state_map + setflag true,smap_edr,pdata + store 1,mem_state_map + jam LMP_EXT_ACCEPTED,mem_lmo_opcode2 + jam LMP_PACKET_TYPE_TABLE_REQ,mem_lmi_opcode2 + rtn + + +parse_lmp_sniff_subrating_res: +parse_lmp_preferred_rate: +parse_lmp_max_power: +parse_lmp_min_power: + rtn +parse_lmp_page_mode_req: + //jam LMP_PAGE_MODE_REQ,mem_lmi_opcode2 + branch accept_lmp_msg +parse_lmp_page_scan_mode_req: + //this can influence connection. need accepted + //jam LMP_PAGE_SCAN_MODE_REQ,mem_lmi_opcode2 + branch accept_lmp_msg + + + +parse_lmp_slot_offset: + fetch 2,mem_rxbuf+1 + store 2,mem_slot_offset + rtn + +parse_lmp_sniff_req_check_sniff_para: + fetch 2,mem_rxbuf+4 /* tsniff */ + fetcht 1,mem_lpm_mult + imul32 temp,pdata + arg 0x640,temp + isub temp,null +// branch lmp_reject_sniff,positive + rtn + +parse_lmp_sniff_req: + branch lmp_reject_sniff + fetch 2,mem_rxbuf+6 + branch lmp_reject_sniff,blank + call parse_lmp_sniff_req_check_sniff_para + branch lmp_reject_sniff,positive + fetch 1,mem_device_option + sub pdata,dvc_op_module,null + call module_set_lpm_mult_2,zero + fetch 1,mem_state + bbit1 state_insniff,lmp_reject_sniff + fetch 2,mem_rxbuf+2 /* dsniff */ + lshift pdata,pdata + store 2,mem_dsniff + fetch 2,mem_rxbuf+4 /* tsniff */ + lshift pdata,pdata + store 2,mem_tsniff + fetch 2,mem_rxbuf+6 /* sniff attempt */ + store 1,mem_sniff_attempt + iforce temp + fetch 2,mem_rxbuf+8 /* sniff timeout */ + store 1,mem_sniff_timeout + isub temp,null + nbranch set_big_value_to_attempt,positive + store 1,mem_sniff_attempt +set_big_value_to_attempt: + //call sniff_init + jam LMP_ACCEPTED,mem_lmo_opcode2 + jam LMP_SNIFF_REQ,mem_lmi_opcode2 + rtn + +lmp_reject_sniff: + jam PDU_NOT_ALLOWED,mem_lmo_reason2 + branch reject_lmp_packet + +parse_lmp_start_encryption_req: + call accept_lmp_msg + call lmp_copy_rand + call function_e3 + branch start_encryption + +parse_lmp_stop_encryption_req: + call accept_lmp_msg + branch stop_encryption + + +parse_lmp_switch_req: + fetch 4,mem_rxbuf+1 + lshift pdata,pdata + //branch parse_lmp_switch_req_not_accept + branch parse_lmp_switch_accept,master + fetcht 1,mem_link_key_exists + nbranch parse_lmp_switch_req_clear_mark,blank +parse_lmp_switch_req_not_accept: + jam LMP_NOT_ACCEPTED,mem_lmo_opcode2 + jam LMP_SWITCH_REQ,mem_lmi_opcode2 + jam PDU_NOT_ALLOWED,mem_lmo_reason2 + rtn +parse_lmp_switch_req_clear_mark: + jam LMP_SLOT_OFFSET,mem_lmo_opcode2 + jam 0,mem_conn_sm + branch role_switch_prepare + +parse_lmp_switch_accept: + call role_switch_prepare + set1 mark_reconn_recieve_switch,mark + fetch 1,mem_connection_options + set0 CONNECTION_SWITCH,pdata + store 1,mem_connection_options + branch accept_lmp_msg + + + +parse_lmp_temp_rand: +parse_lmp_temp_key: +parse_lmp_timing_accuracy_res: +parse_lmp_unit_key: +parse_lmp_use_semi_permanend_key: + rtn + + +parse_lmp_unsniff_req: + jam LMP_ACCEPTED,mem_lmo_opcode2 + jam LMP_UNSNIFF_REQ,mem_lmi_opcode2 + jam BT_EVT_REMOTE_UNSNIFF,mem_fifo_temp + call ui_ipc_send_event + branch sniff_exit + +parse_lmp_encapsulated_header: + fetch 1,mem_rxbuf+1 + bne ENCAPSULATED_MAJOR_TYPE_P192,parse_lmp_encapsulated_header_reject + fetch 1,mem_rxbuf+2 + bne ENCAPSULATED_MINOR_TYPE_P192,parse_lmp_encapsulated_header_reject + fetch 1,mem_rxbuf+3 + bne ENCAPSULATED_LEN_P192,parse_lmp_encapsulated_header_reject + call check_localsm + branch parse_lmp_encapsulated_header_master,true + jam SP_STAT_KEY_RECV,mem_sp_state +parse_lmp_encapsulated_header_master: + jam LMP_ACCEPTED,mem_lmo_opcode2 + jam LMP_ENCAPSULATED_HEADER,mem_lmi_opcode2 + branch parse_rx_done + +parse_lmp_encapsulated_header_reject: + jam PDU_NOT_ALLOWED,mem_lmo_reason2 + branch reject_lmp_packet + +parse_lmp_accepted_encapsulated_header: + //jam LMP_ENCAPSULATED_PAYLOAD,mem_lmi_opcode2 + //branch accept_lmp_msg + jam LMP_ENCAPSULATED_PAYLOAD,mem_lmo_opcode2 + // branch accept_lmp_msg + rtn +parse_lmp_accepted_simple_pairing_number: + fetch 1,mem_ssp_mode_flag + beq SSP_MODE_SSP_PIN_FLAG,parse_lmp_accepted_simple_pairing_number_ssp_pin + beq SSP_MODE_PASSKEY_ENTRY_FLAG,parse_lmp_accepted_simple_pairing_number_passkey +parse_lmp_accepted_simple_pairing_number_common: + call check_localsm + rtn true + jam SP_STAT_CONFIRM_RECV,mem_sp_state + rtn + +parse_lmp_accepted_simple_pairing_number_ssp_pin: + call g_noninit_number_confirm + jam BT_EVT_BT_GKEY_GENERATE,mem_fifo_temp + call ui_ipc_send_event + branch parse_lmp_accepted_simple_pairing_number_common + + +parse_lmp_accepted_simple_pairing_number_passkey: + call check_localsm + rtn true + fetch 1,mem_authentication_passkey_times + beq 19,authentication_passkey_end + increase 1,pdata + store 1,mem_authentication_passkey_times +// branch p_authentication_passkey + +authentication_passkey: + jam SP_FLAG_COMMIT,mem_sp_flag + jam SP_STAT_COMMIT_CALC,mem_sp_state + fetch 1,mem_authentication_passkey_times + copy pdata,queue + fetch 6,mem_pin + qisolate1 pdata + setarg 0x80 + setflag true,0,pdata + store 1,mem_passkey_1bit + rtn + +authentication_passkey_end: + jam SP_STAT_CONFIRM_RECV,mem_sp_state + rtn + +parse_lmp_accepted_dhkey_check: + call parse_lmp_accepted_dhkey_check_common +pairing_success: + fetch 1,mem_flag_pairing_state + rtn blank + jam FLAG_PAIRING_STATE_NOT_PAIRING,mem_flag_pairing_state + jam BT_EVT_BT_PAIRING_SUCCESS,mem_fifo_temp + branch ui_ipc_send_event + + +parse_lmp_accepted_dhkey_check_common: + //here must be change*** shyd + call check_localsm +ifdef SIMPLE_PAIRING + ncall g_noninit,true //when be master call g_init + call g_init,true +endif + call check_localsm + rtn true + jam SP_STAT_LINK_KEY_CALC,mem_sp_state + jam SP_FLAG_COMMIT,mem_sp_flag + rtn + +parse_simple_pairing_confirm: + arg mem_sp_confirm_remote,contw + arg mem_rxbuf+1,contr + call memcpy16 + fetch 1,mem_ssp_mode_flag + rtneq SSP_MODE_PASSKEY_ENTRY_FLAG +ifdef SIMPLE_PAIRING + branch master_set_mem_master_sp_flag +endif + +parse_lmp_encapsulated_payload: + fetch 1,mem_master_sp_state + beq SP_STAT_RANDOM_SEND,parse_encapsulated_payload_master + fetch 1,mem_sp_state + bne SP_STAT_KEY_RECV,parse_lmp_encapsulated_payload_reject +parse_encapsulated_payload_master: + fetch 1,mem_sp_remote_key_recv_count + sub pdata,0x20,contw + nbranch parse_lmp_encapsulated_payload_reject,positive + arg mem_sp_pubkey_remote,contw + iadd contw,contw + fetch 8,mem_rxbuf+1 + istore 8,contw + fetch 8,mem_rxbuf+9 + istore 8,contw + fetch 1,mem_sp_remote_key_recv_count + increase 16,pdata + store 1,mem_sp_remote_key_recv_count + bne ENCAPSULATED_LEN_P192,accept_lmp_msg +parse_lmp_encapsulated_payload_completed: + call check_localsm + branch accept_lmp_msg,true + jam SP_KEY_VALID,mem_sp_remote_key_invalid + jam SP_STAT_KEY_GENERATE,mem_sp_state + jam SP_FLAG_COMMIT,mem_sp_flag + branch accept_lmp_msg +parse_lmp_encapsulated_payload_reject: + jam PDU_NOT_ALLOWED,mem_lmo_reason2 + branch reject_lmp_packet +parse_lmp_accepted_encapsulated_payload: + fetch 1,mem_sp_local_key_send_count + beq ENCAPSULATED_LEN_P192,parse_lmp_encapsulated_payload_all_accepted + jam LMP_ENCAPSULATED_PAYLOAD,mem_lmo_opcode2 + branch parse_rx_done + +parse_lmp_encapsulated_payload_all_accepted: + call check_localsm + branch parse_lmp_encapsulated_payload_all_accepted_master,true + fetch 1,mem_ssp_mode_flag + beq SSP_MODE_PASSKEY_ENTRY_FLAG,parse_lmp_encapsulated_payload_all_accepted_get_passkey + jam SP_FLAG_COMMIT,mem_sp_flag + jam SP_STAT_COMMIT_CALC,mem_sp_state + branch parse_rx_done + +parse_lmp_encapsulated_payload_all_accepted_get_passkey: + jam BT_EVT_BT_GET_PASSKEY,mem_fifo_temp + branch ui_ipc_send_event + + +parse_lmp_encapsulated_payload_all_accepted_master: + //call sp_master_generate_local_key + branch parse_rx_done + +parse_lmp_simple_pairing_number: + fetch 1,mem_master_sp_state + beq SP_STAT_RANDOM_SEND,parse_lmp_simple_pairing_number_master + fetch 1,mem_sp_state + bne SP_STAT_RANDOM_RECV,parse_lmp_simple_pairing_number_reject +parse_lmp_simple_pairing_number_master: + arg mem_sp_random_remote,contw + fetch 8,mem_rxbuf+1 + istore 8,contw + fetch 8,mem_rxbuf+9 + istore 8,contw + call check_localsm + branch parse_lmp_simple_pairing_number_master0,true + jam SP_STAT_RANDOM_SEND,mem_sp_state + jam SP_FLAG_COMMIT,mem_sp_flag + branch accept_lmp_msg +parse_lmp_simple_pairing_number_master0: + jam SP_STAT_COMMIT_CALC,mem_master_sp_state +ifdef SIMPLE_PAIRING + branch master_set_mem_master_sp_flag +endif + //jam LMP_SIMPLE_PAIRING_NUMBER,mem_lmi_opcode2 + //branch accept_lmp_msg +parse_lmp_simple_pairing_number_reject: + jam PDU_NOT_ALLOWED,mem_lmo_reason2 + branch reject_lmp_packet + +parse_dhkey_check: + fetch 1,mem_master_sp_state + beq SP_STAT_CONFIRM_SEND,parse_dhkey_check_master + fetch 1,mem_sp_state + bne SP_STAT_CONFIRM_RECV,parse_lmp_dhkey_check_reject +parse_dhkey_check_master: + arg mem_sp_check_result,contw + arg mem_rxbuf+1,contr + call memcpy16 + call check_localsm + branch parse_dhkey_check_master0,true + fetch 1,mem_ssp_mode_flag + beq SSP_MODE_SSP_PIN_FLAG,number_comparison_mode +number_comparison_successed: + jam 0,mem_flag_mode_ssp_pin + jam SP_STAT_CONFIRM_CHECK,mem_sp_state + jam SP_FLAG_COMMIT,mem_sp_flag + jam LMP_DHKey_Check,mem_lmi_opcode2 + branch parse_rx_done + +parse_dhkey_check_master0: + jam SP_STAT_CONFIRM_CHECK,mem_master_sp_state + jam SP_FLAG_COMMIT,mem_master_sp_flag + branch parse_rx_done +parse_lmp_dhkey_check_reject: + jam PDU_NOT_ALLOWED,mem_lmo_reason2 + branch reject_lmp_packet + +number_comparison_mode: + fetch 1,mem_flag_mode_ssp_pin + bbit1 FLAG_MODE_SSP_PIN_REVICEVE_COMPARISON_BIT ,comparison_result + set1 FLAG_MODE_SSP_PIN_RECIEVE_DHKEY_BIT,pdata + store 1,mem_flag_mode_ssp_pin + rtn + +comparison_result: + bbit1 FLAG_MODE_SSP_PIN_COMPARISON_RESULT_BIT,number_comparison_successed + jam 0,mem_flag_mode_ssp_pin + branch parse_lmp_dhkey_check_reject + + +parse_lmp_clkoffset_res: + branch parse_rx_done + +parse_lmp_encryption_mode_req: + fetch 1,mem_connection_options + set0 CONNECTION_ENCRYPT + store 1,mem_connection_options + call accept_lmp_msg + nrtn master /* do sth only if we're master */ + fetch 1,mem_rxbuf+1 + fetcht 1,mem_op + setflag blank,op_stop_enc,temp + nsetflag blank,op_start_enc,temp + storet 1,mem_op + rtn + +parse_lmp_features_res: + fetcht 8,mem_rxbuf+1 /*fix bcp(baoshijie) err*/ +parse_lmp_features_res_not_hci: + fetch 1,mem_conn_sm + rtnne CONN_SM_WAIT_FEATURES_RES + + fetch 1,mem_connection_options + bbit0 CONNECTION_FEATURE_EXT,parse_lmp_send_conn + + jam CONN_SM_SEND_FEATURES_EXT,mem_conn_sm + rtn +parse_lmp_send_conn: + jam CONN_SM_SEND_CONN_REQ,mem_conn_sm + rtn +parse_lmp_test_activate: + fetch 1,mem_debug_config + store 1,mem_test_mode_old_debug_config + jam LMP_ACCEPTED,mem_lmo_opcode2 + jam LMP_TEST_ACTIVATE,mem_lmi_opcode2 + rtn +parse_lmp_test_control: + /* the 9 test control parameters are XORed with 0x55 */ + /* doing the XOR here and storing in mem_temp_payload */ + jam LMP_ACCEPTED,mem_lmo_opcode2 + jam LMP_TEST_CONTROL,mem_lmi_opcode2 + force 9,loopcnt + arg mem_rxbuf+1,contr + arg mem_temp_payload,contw +parse_lmp_test_xor: + ifetch 1,contr + xor_into 0x55,pdata + istore 1,contw + loop parse_lmp_test_xor + fetch 1,test_mode_scenario + fetcht 1,mem_tester_emulate + set0 tester_no_whitening,temp + set0 tester_pattern_test,temp + beq EXIT_TEST_MODE, parse_lmp_test_control_exit + beq PAUSE_TEST_MODE, parse_lmp_test_control_pause + beq CLOSED_LOOP_BACK_ACL, parse_lmp_test_control_loopback + beq ACL_WITHOUT_WHITENING, parse_lmp_test_control_loopback_nowhite + beq CLOSED_LOOP_BACK_SCO, parse_lmp_test_control_loopback + beq SCO_WITHOUT_WHITENING, parse_lmp_test_control_loopback_nowhite + beq ZERO_PATTERN, parse_lmp_test_control_pattern + beq ONE_PATTERN, parse_lmp_test_control_pattern + beq ALT_PATTERN, parse_lmp_test_control_pattern + beq ALT2_PATTERN, parse_lmp_test_control_pattern + beq PSEUDORANDOM, parse_lmp_test_control_pattern + rtn +parse_lmp_test_control_exit: + /* restoring old parameters */ + fetch 1,mem_tester_emulate + set1 tester_exit,pdata + set1 tester_change,pdata + store 1,mem_tester_emulate + rtn +parse_lmp_test_control_pattern: + set1 tester_pattern_test,temp + jam 5,mem_lch_code + fetch 2,test_mode_data_length + iforce loopcnt + store 2,mem_len + arg mem_rxbuf,contw + call pn9 +parse_lmp_test_control_loopback_nowhite: + set1 tester_no_whitening,temp +parse_lmp_test_control_loopback: + set1 tester_change,temp + force 0,pdata + store 1,mem_slave_rcvcnt + store 2,mem_tst_pktcnt_crc + store 2,mem_tst_pktcnt_dmh + store 2,mem_tst_pktcnt_hec + store 2,mem_tst_pktcnt_sync + fetch 1,test_mode_hopping_mode + compare FIXED_FREQ,pdata,0xff + setflag true,tester_fixed_freq,temp + storet 1,mem_tester_emulate + rtn + +parse_lmp_test_control_pause: + set0 mark_testmode,mark + jam 0,mem_tester_emulate + fetch 1,mem_debug_config + set0 debug_tx_pattern,pdata + store 1,mem_debug_config + rtn + + + + + +lmp_copy_rand: + arg mem_rxbuf+1,contr + arg mem_random_number,contw + branch memcpy16 + +lmp_generate_key: + jam LMP_COMB_KEY,mem_lmo_opcode2 + rtn + +lmp_start_encryption: + nrtn master + jam LMP_START_ENCRYPTION_REQ,mem_lmo_opcode2 + rtn + +lmp_accept_inrand: + arg mem_lap,rega + call generate_kinit + jam LMP_ACCEPTED,mem_lmo_opcode2 + jam LMP_IN_RAND,mem_lmi_opcode2 + rtn + +lmp_disconnect: + jam 10,mem_conn_timer + jam LMP_DETACH,mem_lmo_opcode2 + jam LOCAL_HOST,mem_disconn_reason_send + rtn + +/*********************************/ +/*********lmp send*************/ +/********************************/ + /* enable user if a lmp packet is to send */ +send_lmp: + bpatchx patch27_6,mem_patch27 + disable user + call lmo_fifo_process + fetch 1,mem_lmp_to_send + rtn blank +/* lmp message to be processed. this will either be because host??? */ +/* wants to send a lmp message or because one resulted from the LMP */ +/* processing section */ +/********* outgoing lmp lookup table *************/ + bbit1 7,send_lmp_escape +send_lmp0: + beq LMP_NAME_REQ, send_lmp_name_req + beq LMP_NAME_RES, send_lmp_name_res + beq LMP_ACCEPTED, send_lmp_accepted + beq LMP_NOT_ACCEPTED, send_lmp_not_accepted + beq LMP_FEATURES_REQ, send_lmp_features_req + beq LMP_FEATURES_RES, send_lmp_features_res + beq LMP_TIMING_ACCURACY_RES, send_lmp_timing_accuracy_res + beq LMP_VERSION_REQ, send_lmp_version_req + beq LMP_VERSION_RES, send_lmp_version_res + beq LMP_SETUP_COMPLETE, send_lmp_setup_complete + beq LMP_SUPERVISION_TIMEOUT, send_lmp_superto + beq LMP_HOST_CONNECTION_REQ,send_lmp_no_payload + beq LMP_IN_RAND,send_lmp_inrand + beq LMP_COMB_KEY,send_lmp_comb_key + beq LMP_AU_RAND,send_lmp_aurand + beq LMP_SRES,send_lmp_sres + beq LMP_ENCRYPTION_MODE_REQ,send_lmp_encryption_mode_req + beq LMP_ENCRYPTION_KEY_SIZE_REQ,send_lmp_encryption_key_size_req + beq LMP_START_ENCRYPTION_REQ,send_lmp_start_encryption + beq LMP_DETACH,send_lmp_detach + beq LMP_QUALITY_OF_SERVICE_REQ, send_lmp_quality_of_service_req + beq LMP_UNIT_KEY,send_lmp_unit_key + //Optional (O) + beq LMP_INCR_POWER_REQ,send_lmp_inc_power + beq LMP_CLKOFFSET_RES, send_lmp_clkoffset_res + beq LMP_MAX_POWER,send_lmp_nopayload_reply + beq LMP_MAX_SLOT, send_lmp_max_slot + beq LMP_MAX_SLOT_REQ, send_lmp_max_slot_req + beq LMP_MIN_POWER,send_lmp_nopayload_reply + beq LMP_SLOT_OFFSET, send_lmp_slot_offset + beq LMP_SWITCH_REQ, send_lmp_switch_req + beq LMP_SNIFF_REQ, send_lmp_sniff_req + beq LMP_STOP_ENCRYPTION_REQ, send_lmp_stop_encryption_req + beq LMP_TIMING_ACCURACY_REQ, send_lmp_timing_accuracy_req + beq LMP_UNSNIFF_REQ, send_lmp_unsniff_req + beq LMP_ENCAPSULATED_HEADER,send_lmp_encapsulated_header + beq LMP_ENCAPSULATED_PAYLOAD,send_lmp_encapsulated_payload + beq LMP_SIMPLE_PAIRING_CONFIRM,send_lmp_simple_pairing_comfirm + beq LMP_SIMPLE_PAIRING_NUMBER,send_lmp_simple_pairing_number + beq LMP_DHKEY_CHECK,send_lmp_dhkey_check + beq LMP_AUTO_RATE,send_lmp_auto_rate + beq LMP_ENC_KEY_SIZE_MASK_RES,send_lmp_enc_key_size_mask_res + //master only must(M) + beq LMP_CLKOFFSET_REQ, send_lmp_clkoffset_req + beq LMP_QUALITY_OF_SERVICE, send_lmp_quality_of_service + beq LMP_TEST_ACTIVATE, send_lmp_test_activate + beq LMP_TEST_CONTROL, send_lmp_test_control +send_lmp_error: + branch assert + rtn +send_lmp_escape: + beq LMP_EXT_ACCEPTED,send_lmpext_accepted + beq LMP_EXT_FEATURES_RES,send_lmpext_features_res + beq LMP_NOT_ACCEPTED_EXT,send_lmpext_not_accepted + beq LMP_EXT_FEATURES_REQ,send_lmpext_features_req + beq LMP_PACKET_TYPE_TABLE_REQ,send_lmpext_packet_type_table_req + beq LMP_PAUSE_ENCRYPTION_REQ,send_lmpext_pause_encryption_req + beq LMP_IO_CAP_REQ,send_lmp_io_cap_req + beq LMP_IO_CAP_RES,send_lmpext_io_cap_res + beq LMP_SNIFF_SUBRATING_REQ,send_lmpext_sniff_subrating_req + beq LMP_SNIFF_SUBRATING_RES,send_lmpext_sniff_subrating_res + branch assert + + +/******** LMP follow messages **********/ +/****** TID follow received packet *******/ + +send_lmp_accepted: + force 2,pdata + call msg_send_lmp + fetch 1,mem_lmi_opcode + istore 1,contw + call send_lmp_follow + bpatchx patch27_7,mem_patch27 + fetch 1,mem_lmi_opcode + beq LMP_IN_RAND,send_lmp_accepted_inrand + beq LMP_ENCRYPTION_MODE_REQ,send_lmp_accepted_enc_mode + beq LMP_ENCRYPTION_KEY_SIZE_REQ,send_lmp_accepted_enc_key + beq LMP_SNIFF_REQ,send_lmp_accept_sniff_req + beq LMP_HOST_CONNECTION_REQ,send_lmp_accepted_connection + beq LMP_DHKEY_CHECK,send_lmp_accept_dhkey_check + beq LMP_START_ENCRYPTION_REQ,send_create_conn_start_l2cap_timer_sm + rtn + +send_create_conn_start_l2cap_timer_sm: + fetch 1,mem_conn_sm + rtn blank + jam CONN_SM_WAIT_DONE,mem_conn_sm + setarg TIMER_ENPT_WAITE + arg enpt_delay_timer,queue + branch timer_init + +send_lmp_accept_sniff_req: + branch sniff_init +send_lmp_not_accepted: + force 3,pdata + call msg_send_lmp + fetch 1,mem_lmi_opcode + beq LMP_AU_RAND,send_not_accept_aurand + istore 1,contw + fetch 1,mem_lmo_reason + istore 1,contw + branch send_lmp_follow + +send_not_accept_aurand: + istore 1,contw + fetch 1,mem_lmo_reason + istore 1,contw + arg mem_sres_tid,temp + branch special_tid_store + +send_lmpext_accepted: + force 4,queue + call send_lmpext + setarg LMP_ESCAPE + istore 1,contw + fetch 1,mem_lmi_opcode + set0 7,pdata + istore 1,contw + fetch 1,mem_lmi_opcode + branch send_lmp_follow + +send_lmpext_not_accepted: + force 5,queue + call send_lmpext + setarg LMP_ESCAPE + istore 1,contw + fetch 1,mem_lmi_opcode + set0 7,pdata + istore 1,contw + fetch 1,mem_lmo_reason + istore 1,contw + branch send_lmp_follow + + +send_lmp_accepted_inrand: + call clear_linkkey + call tid_check + rtn true + branch lmp_generate_key + +send_lmp_accepted_enc_mode: + fetch 1,mem_op + bbit1 op_start_enc,send_lmp_accepted_enc_start + rtnbit0 op_stop_enc + jam LMP_STOP_ENCRYPTION_REQ,mem_lmo_opcode2 + set0 op_stop_enc,pdata + call tid_reply + branch send_lmp_accepted_enc_exit +send_lmp_accepted_enc_start: + jam LMP_ENCRYPTION_KEY_SIZE_REQ,mem_lmo_opcode2 + set0 op_start_enc,pdata +send_lmp_accepted_enc_exit: + store 1,mem_op + rtn + +send_lmp_accepted_enc_key: + call check_localsm + branch lmp_start_encryption,true + rtn + +send_lmp_accepted_connection: + jam LMP_PACKET_TYPE_TABLE_REQ,mem_lmo_opcode2 + //jam LMP_SETUP_COMPLETE,mem_lmo_opcode2 + fetch 1,mem_lmp_conn_state + set1 RECEIVED_CONN_REQ,pdata + store 1,mem_lmp_conn_state + jam BT_EVT_BB_CONNECTED,mem_fifo_temp + branch ui_ipc_send_event + + +send_lmp_accept_dhkey_check: + rtn +/******** LMP reply messages **********/ +/****** TID always set to remote *******/ + +send_lmpext_features_res: + force 12,queue + call send_lmpext + setarg 0x01 + istore 1,contw + fetch 2,mem_lmpext_ssp_enable + istore 2,contw + setarg 0 + istore 3,contw + setarg 0x00 + istore 4,contw + branch send_lmp_reply +send_lmpext_io_cap_res: + force 5,queue + call send_lmpext + fetch 3,mem_sp_iocap_local + istore 3,contw + call send_lmp_reply + jam FLAG_PAIRING_STATE_PAIRING,mem_flag_pairing_state + fetch 1,mem_sp_iocap_local + beq DISPLAY_YESNO,responder_iocap_display_yesno + beq KEYBOARD_ONLY,responder_iocap_keyboard_only + beq NO_INPUT_NO_OUTPUT,responder_iocap_no_input_no_output + rtn + +responder_iocap_keyboard_only: + fetch 1,mem_sp_iocap_remote + beq DISPLAY_ONLY,responder_iocap_keyboard_only_initiator_iocap_display_only + beq DISPLAY_YESNO,responder_iocap_keyboard_only_initiator_iocap_display_yesno + beq KEYBOARD_ONLY,responder_iocap_keyboard_only_initiator_iocap_keyboard_only + beq NO_INPUT_NO_OUTPUT,responder_iocap_keyboard_only_initiator_iocap_no_input_no_output + rtn + + +responder_iocap_display_yesno: + fetch 1,mem_sp_iocap_remote + beq DISPLAY_ONLY,responder_iocap_display_yesno_initiator_iocap_display_only + beq DISPLAY_YESNO,responder_iocap_display_yesno_initiator_iocap_display_yesno + beq KEYBOARD_ONLY,responder_iocap_display_yesno_initiator_iocap_keyboard_only + beq NO_INPUT_NO_OUTPUT,responder_iocap_display_yesno_initiator_iocap_no_input_no_output + rtn + + +responder_iocap_no_input_no_output: + fetch 1,mem_sp_iocap_remote + beq DISPLAY_ONLY,responder_iocap_no_input_no_output_initiator_iocap_display_only + beq DISPLAY_YESNO,responder_iocap_no_input_no_output_initiator_iocap_display_yesno + beq KEYBOARD_ONLY,responder_iocap_no_input_no_output_initiator_iocap_keyboard_only + beq NO_INPUT_NO_OUTPUT,responder_iocap_no_input_no_output_initiator_iocap_no_input_no_output + rtn + +responder_iocap_keyboard_only_initiator_iocap_no_input_no_output: +responder_iocap_display_yesno_initiator_iocap_no_input_no_output: +responder_iocap_display_yesno_initiator_iocap_display_only: +responder_iocap_no_input_no_output_initiator_iocap_display_only: +responder_iocap_no_input_no_output_initiator_iocap_display_yesno: +responder_iocap_no_input_no_output_initiator_iocap_keyboard_only: +responder_iocap_no_input_no_output_initiator_iocap_no_input_no_output: +set_ssp_mode_justwork: + jam SSP_MODE_JUST_WORK_FLAG,mem_ssp_mode_flag + fetch 1,mem_classic_bt_flag + bbit1 FLAG_SSP_REJECT_JUSTWORK,app_bt_disconnect + rtn + +responder_iocap_display_yesno_initiator_iocap_display_yesno: +set_ssp_mode_numeric_comparison: + jam SSP_MODE_SSP_PIN_FLAG,mem_ssp_mode_flag + rtn + +responder_iocap_keyboard_only_initiator_iocap_display_yesno: +responder_iocap_keyboard_only_initiator_iocap_keyboard_only: +responder_iocap_keyboard_only_initiator_iocap_display_only: +responder_iocap_display_yesno_initiator_iocap_keyboard_only: +set_ssp_mode_passkey: + jam SSP_MODE_PASSKEY_ENTRY_FLAG,mem_ssp_mode_flag + rtn + + +classic_bt_set_reject_justwork_flag: + arg FLAG_SSP_REJECT_JUSTWORK,queue + branch classic_bluetooth_set_flag + +classic_bt_clr_reject_justwork_flag: + arg FLAG_SSP_REJECT_JUSTWORK,queue + branch classic_bluetooth_clr_flag + +classic_bluetooth_set_flag: + fetch 1,mem_classic_bt_flag + qset1 pdata + store 1,mem_classic_bt_flag + rtn + +classic_bluetooth_clr_flag: + fetch 1,mem_classic_bt_flag + qset0 pdata + store 1,mem_classic_bt_flag + rtn + + +send_lmp_io_cap_req: + force 5,queue + call send_lmpext + fetch 3,mem_sp_iocap_local + istore 3,contw + branch send_lmp_request + + +send_lmpext_sniff_subrating_req: + + rtn +send_lmpext_sniff_subrating_res: + force 9,queue + call send_lmpext + fetch 1,mem_subsniff_rate + istore 1,contw + fetch 2,mem_subsniff_tcmax + istore 2,contw + fetch 4,mem_subsniff_instant + istore 4,contw + branch send_lmp_reply + +send_lmp_name_res: + force 17,pdata + call msg_send_lmp + fetch 1,mem_lmi_opcode /* loading name offset */ + copy pdata,temp + beq 0x00,send_lmp_name_res_offset_ok + beq 0x0e,send_lmp_name_res_offset_ok + beq 0x1c,send_lmp_name_res_offset_ok + rtn +send_lmp_name_res_offset_ok: + istore 1,contw /* writing name offset */ + fetch 1,mem_local_name_length + istore 1,contw /* writing name length */ + arg 14,loopcnt + setarg mem_local_name + iadd temp,contr /* setting read location */ + call memcpy + branch send_lmp_reply + + +send_lmp_timing_accuracy_res: + force 3,pdata + call msg_send_lmp + setarg 0x0114 + istore 2,contw + branch send_lmp_reply + +send_lmp_clkoffset_res: + // dopod s505 must wait for this res + force 3,pdata + call msg_send_lmp + fetch 4,mem_clke_bt + isub clkn_bt,pdata + branch send_lmp_clkoffset_res_master,master + sub pdata,0,pdata /* our role is slave */ +send_lmp_clkoffset_res_master: + // bit 16-2 of clkslave-clkmaster + rshift2 pdata,pdata + set0 15,pdata + istore 2,contw + branch send_lmp_reply + +send_lmp_version_res: + force 6,pdata + call msg_send_lmp + fetch 5,mem_lmp_version + istore 5,contw + branch send_lmp_reply + +send_lmp_features_res: + force 9,pdata + call msg_send_lmp + fetch 8,mem_features + istore 8,contw + branch send_lmp_reply + + +/******** LMP request messages **********/ +/****** TID always set to local initiated *******/ + + +send_lmpext_features_req: + force 12,queue + call send_lmpext + setarg 0x01 + istore 1,contw + fetch 2,mem_lmpext_ssp_enable + istore 2,contw + setarg 0 + istore 3,contw + setarg 0x00 + istore 4,contw + branch send_lmp_request + +send_lmpext_packet_type_table_req: + force 3,queue + call send_lmpext + fetch 1,mem_ptt + istore 1,contw + disable user + call send_lmp_request + nrtn user + nrtn master + fetch 1,mem_afh_cfg + rtnbit0 AFH_CFG_ON + call afh_init + branch afh_open_all_channels + +//default:featrue is enable,extfeature is disable +ssp_enable: + bpatchx patch28_0,mem_patch28 + fetch 1,mem_features+6 + set1 param_featrue_ssp,pdata + store 1,mem_features+6 + setarg param_lmpext_ssp_enable + store 2,mem_lmpext_ssp_enable + rtn + +ssp_disable: + bpatchx patch28_1,mem_patch28 + fetch 1,mem_features+6 + set0 param_featrue_ssp,pdata + store 1,mem_features+6 + setarg 0 + store 2,mem_lmpext_ssp_enable + rtn + +afh_init: + jam 0x3,mem_afh_cfg + setarg 0 + store 4,mem_afh_timer + arg mem_afh_map_lo,contw + call afh_reset_map + arg mem_afh_map_new,contw + call afh_reset_map + arg mem_afh_classify_channel_map,contw + call afh_reset_map + branch afh_clear_error_counter +afh_open_all_channels: + arg mem_afh_map_new,contw + call afh_reset_map + call afh_clear_error_counter + branch afh_set_send_flag + + +afh_reset_map: + setarg 0xffffff + istore 3,contw + istore 3,contw + istore 3,contw + setarg 0x7f + istore 1,contw + rtn +afh_clear_error_counter: + setarg 0 + store 2,mem_afh_error_total + rtn +afh_set_send_flag: + fetch 1,mem_afh_cfg + set1 send_lmp_set_afh,pdata + store 1,mem_afh_cfg + rtn + + +send_lmpext_pause_encryption_req: + force 2,queue + call send_lmpext + nbranch send_lmp_reply,master + // assume slave will not send pause req firstly??? + branch send_lmp_request + + + +send_lmp_detach: + force 2,pdata + call msg_send_lmp + fetch 1,mem_disconn_reason_send + istore 1,contw + call send_lmp_request +prepare_disconnect: + fetch 1,mem_op + set1 op_disconn,pdata + store 1,mem_op + jam 50,mem_conn_timer + rtn + + +send_lmp_no_payload: + force 1,pdata + call msg_send_lmp + branch send_lmp_request +send_lmp_nopayload_reply: + force 1,pdata + call msg_send_lmp + branch send_lmp_reply + + +send_lmp_encryption_mode_req: + force 2,pdata + call msg_send_lmp + fetch 1,mem_state_map + isolate0 smap_encryption,pdata + setflag true,0,pdata + and_into 1,pdata + istore 1,contw + branch send_lmp_request + + +send_lmp_superto: + force 3,pdata + call msg_send_lmp + fetch 2,mem_supervision_to + istore 2,contw + branch send_lmp_request + +send_lmp_name_req: + jam 250,mem_conn_timer + force 2,pdata + call msg_send_lmp + fetch 1,mem_name_offset + istore 1,contw + branch send_lmp_request + +send_lmp_test_control: + force 10,pdata + call msg_send_lmp + arg mem_temp_payload,contr + force 9,loopcnt +send_lmp_test_control_loop: + ifetch 1,contr + xor_into 0x55,pdata + istore 1,contw + loop send_lmp_test_control_loop + branch send_lmp_request + +send_lmp_quality_of_service_req: + branch send_lmp_request +send_lmp_unit_key: + branch send_lmp_request + +send_lmp_slot_offset: + rtn master + call calc_slot_offset + force 9,pdata + call msg_send_lmp + fetch 2,mem_slot_offset + istore 2,contw + fetch 3,mem_lap + istore 3,contw + fetch 1,mem_uap + istore 1,contw + fetch 2,mem_nap + istore 2,contw + bmark0 mark_switch_initiated,send_lmp_slot_offset_reply + set0 mark_switch_initiated,mark + call send_lmp_request + jam LMP_SWITCH_REQ,mem_lmo_opcode2 + rtn +send_lmp_slot_offset_reply: + call send_lmp_reply + jam LMP_ACCEPTED,mem_lmo_opcode2 + jam LMP_SWITCH_REQ,mem_lmi_opcode2 + rtn + +send_lmp_switch_req: + arg 0x200,temp + branch switch_on_native,master + deposit clke_bt + branch switch_slack +switch_on_native: + deposit clkn_bt +switch_slack: + deposit bt_clk + iadd temp,pdata + and_into 0x1fc,pdata + store 4,mem_sniff_anchor + force 5,pdata + call msg_send_lmp + fetch 4,mem_sniff_anchor /* reused as switch instant */ + rshift pdata,pdata + istore 4,contw + branch send_lmp_request + +send_lmp_sniff_req: + force 10,pdata + call msg_send_lmp + arg mem_sniff_payload,contr + ifetch 9,contr + istore 9,contw + branch send_lmp_request + + +send_lmp_timing_accuracy_req: +/* default to TID_NORM_SEND */ + force 3,pdata + call msg_send_lmp + setarg 0x0114 + istore 2,contw + branch send_lmp_request + +send_lmp_unsniff_req: +//--------------------need to completa + force 1,pdata + call msg_send_lmp + //fetch 1,mem_unsniff_pending + //nbranch send_msg_done,blank + //jam 1,mem_unsniff_pending + //fetch 2,mem_sniff_attempt + //fetch 2,mem_nsniff_attempt + //lshift3 pdata,pdata + //lshift pdata,pdata + //store 1,mem_unsniff_cnt + branch send_lmp_request + + +send_lmp_max_slot: + force 2,pdata + call msg_send_lmp + fetch 1,mem_max_slot + istore 1,contw + branch send_lmp_request + + +send_lmp_max_slot_req: + force 2,pdata + call msg_send_lmp + setarg 0x05 /*5 slot*/ + istore 1,contw + branch send_lmp_request + + +send_lmp_inc_power: + force 2,pdata + call msg_send_lmp + setarg 0x00 /*5 slot*/ + istore 1,contw + branch send_lmp_request + + +send_lmp_setup_complete_by_module: + jam LMP_MAX_SLOT_REQ,mem_lmo_opcode2 + rtn +send_lmp_setup_complete: + fetch 1,mem_device_option + sub pdata,dvc_op_module,null + call send_lmp_setup_complete_by_module,zero + fetch 1,mem_state + set1 state_conn_comp,pdata + store 1,mem_state + copy clkn_bt,pdata + store 4,mem_aurand_send_delay_time + fetch 1,mem_lmp_conn_state + bbit1 SENT_SETUP_COMPLETE,send_lmp_setup_complete_has_sent + set1 SENT_SETUP_COMPLETE,pdata + store 1,mem_lmp_conn_state + jam BT_EVT_SETUP_COMPLETE,mem_fifo_temp + call ui_ipc_send_event + force 1,pdata + call msg_send_lmp + branch send_lmp_request +send_lmp_setup_complete_has_sent: + jam 0,mem_lmp_to_send + rtn + +send_lmp_version_req: + force 6,pdata + call msg_send_lmp + fetch 5,mem_lmp_version + istore 5,contw + branch send_lmp_request + +send_lmp_features_req: + force 9,pdata + call msg_send_lmp + fetch 8,mem_features + istore 8,contw + branch send_lmp_request + +sp_master_send_io_cap_get: + jam SP_FLAG_COMMIT,mem_master_sp_flag + fetch 1,mem_sp_local_key_invalid + rtnne SP_KEY_VALID + jam SP_MASTER_STAT_START_DONE,mem_master_sp_state + rtn + +sp_master_send_io_cap_send: + call tid_initiate + jam LMP_IO_CAP_REQ,mem_lmo_opcode2 + jam SP_STAT_KEY_SEND,mem_master_sp_state + rtn + + +sp_master_send_LMP_ENCAPSULATED_HEADER: + call tid_initiate + jam LMP_ENCAPSULATED_HEADER,mem_lmo_opcode2 + jam SP_STAT_RANDOM_SEND,mem_master_sp_state + rtn + +sp_master_commitment_compare: + arg mem_sp_calc_result_high,rega + arg mem_sp_confirm_remote,regb + arg 16,loopcnt + call string_compare + branch sp_master_commitment_compare_success,zero + jam SP_STAT_NULL,mem_master_sp_state +ifdef SIMPLE_PAIRING + call master_clear_mem_master_sp_flag +endif + jam PDU_NOT_ALLOWED,mem_lmo_reason2 + jam LMP_SIMPLE_PAIRING_NUMBER,mem_lmi_opcode2 +ifdef LMP_DBG + call ice_break +endif + branch reject_lmp_packet +sp_master_commitment_compare_success: + jam SP_STAT_CONFIRM_CALC,mem_master_sp_state +ifdef SIMPLE_PAIRING + call master_set_mem_master_sp_flag +endif + jam LMP_SIMPLE_PAIRING_NUMBER,mem_lmi_opcode2 + branch accept_lmp_msg + + + +sp_master_send_lmp_simple_pairing_number: + jam LMP_SIMPLE_PAIRING_NUMBER,mem_lmo_opcode2 + rtn + + + +sp_send_lmp_encapsulated_header: + // calculate the private & public key here + //jam LMP_ENCAPSULATED_HEADER,mem_lmp_to_send + jam LMP_ENCAPSULATED_HEADER,mem_lmo_opcode2 + //jam TID_PAIRING,mem_lmp_tid + rtn + //fetch 1,mem_tid_table + //set1 TID_PAIRING,pdata + //store 1,mem_tid_table + + +send_lmp_encapsulated_header: + jam 0,mem_sp_local_key_send_count + force 4,pdata + call msg_send_lmp + force ENCAPSULATED_MAJOR_TYPE_P192,pdata + istore 1,contw + force ENCAPSULATED_MINOR_TYPE_P192,pdata + istore 1,contw + force ENCAPSULATED_LEN_P192,pdata + istore 1,contw + call check_localsm + branch send_lmp_request,true + branch send_lmp_reply + +send_lmp_encapsulated_payload: + //jam TID_PAIRING,mem_lmp_tid + force 17,pdata + call msg_send_lmp + fetch 1,mem_sp_local_key_send_count + arg mem_sp_pubkey_local,contr + iadd contr,contr + ifetch 8,contr + istore 8,contw + ifetch 8,contr + istore 8,contw + fetch 1,mem_sp_local_key_send_count + increase 16,pdata + store 1,mem_sp_local_key_send_count + call check_localsm + branch send_lmp_request,true + branch send_lmp_reply + //branch send_lmp_request + +sp_send_lmp_simple_pairing_comfirm: + jam SP_STAT_RANDOM_RECV,mem_sp_state + jam LMP_SIMPLE_PAIRING_CONFIRM,mem_lmo_opcode2 + rtn +send_lmp_simple_pairing_comfirm: + //jam SP_STAT_RANDOM_RECV,mem_sp_state + //jam TID_PAIRING,mem_lmp_tid + force 17,pdata + call msg_send_lmp + arg mem_sp_calc_result_high,contr + ifetch 8,contr + istore 8,contw + ifetch 8,contr + istore 8,contw + branch send_lmp_reply + +sp_send_lmp_simple_pairing_number: + jam LMP_SIMPLE_PAIRING_NUMBER,mem_lmo_opcode2 + rtn + +send_lmp_simple_pairing_number: + //jam TID_PAIRING,mem_lmp_tid + call check_localsm +ifdef SIMPLE_PAIRING + call sp_local_random_key_generator,true +endif + force 17,pdata + call msg_send_lmp + arg mem_sp_random_local,contr + ifetch 8,contr + istore 8,contw + ifetch 8,contr + istore 8,contw + call check_localsm + nbranch send_lmp_reply,true + branch send_lmp_request,true + +master_sp_sm_end: + //jam DEFAULT_STATEMACHINE,mem_sp_localsm + jam SP_STAT_DONE,mem_master_sp_state +sp_aurand_send: + call tid_initiate + jam LMP_AU_RAND,mem_lmo_opcode2 + call check_localsm_master +ifdef SIMPLE_PAIRING + branch sp_master_key_prarm_push,true + branch sp_link_key_prarm_push +endif +master_sp_send_lmp_dhkey_check: + call tid_reply +sp_send_lmp_dhkey_check: + jam LMP_DHKEY_CHECK,mem_lmo_opcode2 + rtn +send_lmp_dhkey_check: + //jam TID_PAIRING,mem_lmp_tid + force 17,pdata + call msg_send_lmp + arg mem_sp_calc_result_high,contr + ifetch 8,contr + istore 8,contw + ifetch 8,contr + istore 8,contw + call check_localsm + nbranch send_lmp_reply,true + branch send_lmp_request,true + +send_lmp_enc_key_size_mask_res: + force 3,pdata + call msg_send_lmp + setarg 0xfffe //enc key size mask + istore 2,contw + branch send_lmp_reply + +send_lmp_auto_rate: + branch send_lmp_request +send_lmp_clkoffset_req: + branch send_lmp_request +send_lmp_quality_of_service: + branch send_lmp_request +send_lmp_test_activate: + branch send_lmp_request + +/******** LMP request/reply messages **********/ +/****** TID transaction specific *******/ + +send_lmp_comb_key: + call generate_random_number + arg mem_lap,rega + call generate_linkkey + force 17,pdata + call msg_send_lmp + arg mem_kinit,rega + arg mem_random_number,regb + call xor16 + nbranch send_lmp_follow,master + branch send_lmp_tid + +send_lmp_inrand: + call generate_random_number + arg mem_plap,rega + call generate_kinit +send_lmp_rand: /* used by in_rand,au_rand,start_encrypt */ + force 17,pdata + call msg_send_lmp + arg mem_random_number,contr + call memcpy16 + fetch 1,mem_conn_sm + beq CONN_SM_AUTH_WAIT,send_lmp_request + beq CONN_SM_PAIRING_WAIT,send_lmp_request + branch send_lmp_tid + +send_lmp_aurand: + fetch 1,mem_pairing_auth + branch send_lmp_aurand_notpairing,blank + call check_localsm + call tid_initiate,true + ncall tid_reply,true + branch send_lmp_aurand_common +send_lmp_aurand_notpairing: + call tid_initiate +send_lmp_aurand_common: + call generate_random_number + branch send_lmp_rand + +send_lmp_sres: + arg mem_lap,rega + call function_e1 + force 5,pdata + call msg_send_lmp + fetch 4,mem_input_store + istore 4,contw + arg mem_sres_tid,temp + call special_tid_store + call copy_aco + call check_localsm + branch send_lmp_sres_master,true + jam DONE_ENCRYP,mem_wait_encryption + fetch 1,mem_pairing_auth + rtn blank + jam LMP_AU_RAND,mem_lmo_opcode2 +send_lmp_sres_master: + fetch 1,mem_link_key_exists + rtn blank +send_lmp_sres_startenc: + call check_localsm + nbranch send_lmp_sres_startenc_slave,true + fetch 1,mem_auth_enable + rtn blank + jam LMP_ENCRYPTION_MODE_REQ, mem_lmo_opcode2 + rtn +send_lmp_sres_startenc_slave: + rtnmark0 mark_slave_in_rand_accepted + set0 mark_slave_in_rand_accepted,mark + jam LMP_ENCRYPTION_MODE_REQ, mem_lmo_opcode2 + rtn + + + +send_lmp_start_encryption: + call generate_random_number + call function_e3 + force 17,pdata + call msg_send_lmp + arg mem_random_number,contr + call memcpy16 + branch send_lmp_tid + +send_lmp_stop_encryption_req: + force 1,pdata + call msg_send_lmp + branch send_lmp_tid + +send_lmp_encryption_key_size_req: + force 2,pdata + call msg_send_lmp + force 16,pdata + istore 1,contw + store 1,mem_key_size + branch send_lmp_tid + +msg_send_lmp: +/* FLOW is set high and LMP is indicated */ + lshift3 pdata,pdata + or_into 0x07,pdata + store 1,mem_lmo_header_length + arg 17,loopcnt + arg mem_lmo_payload,contw + call clear_mem + arg mem_lmo_payload,contw + rtn + +send_lmpext: + and pdata,0x7f,rega + jam LMP_ESCAPE,mem_lmp_to_send + deposit queue + call msg_send_lmp + deposit rega + istore 1,contw + rtn + +send_lmp_follow: + fetch 1,mem_lmp_to_send + lshift pdata,pdata + fetcht 1,mem_state_map + isolate1 smap_lmptid,temp + setflag true,0,pdata + branch send_lmp_exit + + +send_lmp_tid: + fetcht 1,mem_state_map + and_into 1,temp + branch send_lmp_end + +send_lmp_reply: + force 0,temp + branch send_lmp_end + +send_lmp_request: + force 1,temp +send_lmp_end: + fetch 1,mem_lmp_to_send + lshift pdata,pdata + setflag master,0,pdata + ixor temp,pdata +send_lmp_exit: + store 1,mem_lmo_header_opcode + jam 0,mem_lmp_to_send + call lmo_fifo_process_lmo0empty + enable user + rtn + +//blank : not full +lmo_fifo_check: + fetch 1,mem_lmo_opcode2 + rtn blank + call lmo_fifo_process + fetch 1,mem_lmo_opcode2 + rtn + +lmo_fifo_process: + bpatchx patch28_2,mem_patch28 + fetch 1,mem_lmp_to_send + branch lmo_fifo_process_lmo0empty,blank + fetch 1,mem_lmo_opcode1 + nrtn blank + branch lmo_fifo_process_lmo2to1 +lmo_fifo_process_lmo0empty: + fetch 1,mem_lmo_opcode1 + branch lmo_fifo_process_lmo1_empty,blank + fetch 3,mem_lmo_opcode1 + store 3,mem_lmp_to_send//1=>0 + fetcht 1,mem_lmo_tid1 + fetch 1,mem_state_map + set0 smap_lmptid,pdata + ior temp,pdata + store 1,mem_state_map + jam 0,mem_lmo_opcode1 +lmo_fifo_process_lmo2to1: + fetch 1,mem_lmo_opcode2 + rtn blank + fetch 4,mem_lmo_opcode2 + store 4,mem_lmo_opcode1//2=>1 + jam 0,mem_lmo_opcode2 + rtn +lmo_fifo_process_lmo1_empty: + fetch 1,mem_lmo_opcode2 + rtn blank + fetch 3,mem_lmo_opcode2 + store 3,mem_lmp_to_send//2=>0 + fetcht 1,mem_lmo_tid2 + fetch 1,mem_state_map + set0 smap_lmptid,pdata + ior temp,pdata + store 1,mem_state_map + jam 0,mem_lmo_opcode2 + rtn + +//input:temp +special_tid_store: + bpatchx patch28_3,mem_patch28 + fetch 1,mem_state_map + copy pdata,regc + ifetch 1,temp + call pop_tid_follow + call send_lmp_follow + copy regc,pdata + store 1,mem_state_map + rtn + +tid_reply: + fetcht 1,mem_state_map + set0 smap_lmptidinit,temp + storet 1,mem_state_map + rtn + +tid_initiate: + fetcht 1,mem_state_map + set1 smap_lmptidinit,temp + storet 1,mem_state_map + rtn + + /* true if transaction from remote */ +tid_check: + nsetflag master,smap_lmptid,pdata //it is ok + fetcht 1,mem_state_map + ixor temp,pdata + isolate1 smap_lmptid,pdata + rtn + + /* set to remote */ +tid_set_reply: + fetch 1,mem_state_map + setflag master,smap_lmptid,pdata //it is ok + store 1,mem_state_map + rtn + + /*rtn true when we lead lmp*/ +check_localsm: + fetch 1,mem_sp_localsm + compare LOCAL_STATEMACHINE,pdata,0x7f + rtn +setlocalsm_master: + fetch 1,mem_sp_localsm + set1 7,pdata + store 1,mem_sp_localsm + rtn +setlocalsm_slave: + fetch 1,mem_sp_localsm + set0 7,pdata + store 1,mem_sp_localsm + rtn +check_localsm_master: + fetch 1,mem_sp_localsm + isolate1 7,pdata + store 1,mem_sp_localsm + rtn + +generate_random_number: + /* generating a 16 byte random number,storing in ape_random_number */ + arg mem_random_number,contw +generate_random: + force 16,loopcnt +generate_random_another: +generate_random_loop: + random pdata + istore 1,contw + loop generate_random_another + rtn + +generate_linkkey: + call function_e21 + arg mem_link_key,rega + arg mem_input_store,regb + ifetch 8,rega /* check if already got comb key */ + fetcht 1,mem_state + nsetflag blank,state_combkey,temp + storet 1,mem_state + copy rega,contw + call xor16 + branch generate_linkkey_continue + +/*********************************/ +/*********lmp send*************/ +/********************************/ + +process_conn_sm: + //nrtn master + bpatchx patch28_4,mem_patch28 + + call lmo_fifo_check + nrtn blank +process_conn_sm_continue: + fetch 1,mem_conn_sm + rtn blank + /* state machine begins in standby */ + //beq CONN_SM_STANDBY, host_create_conn_begin + //beq CONN_SM_WAIT_PAGE, host_create_conn_wait_page + beq CONN_SM_SEND_CONN_REQ, host_create_conn_send_conn_req + beq CONN_SM_WAIT_CONN_ACCEPT, host_create_conn_wait_accept + beq CONN_SM_SEND_FEATURES, host_create_conn_send_features + beq CONN_SM_WAIT_FEATURES_RES, host_create_conn_waiting + beq CONN_SM_SEND_SWITCH,host_create_conn_send_switch + beq CONN_SM_AUTH_PAIR, host_create_conn_auth_pair + beq CONN_SM_AUTH_PAIR_WAIT, host_create_conn_auth_pair_wait + beq CONN_SM_ENCRYPT, host_create_conn_encrypt + beq CONN_SM_ENCRYPT_WAIT, host_create_conn_encrypt_wait + beq CONN_SM_ENCRYPT_WAIT_CLEAR, host_create_conn_encrypt_wait_clear + beq CONN_SM_SEND_SETUP_COMPLETE, host_create_conn_send_setup_complete + beq CONN_SM_WAIT_SETUP_COMPLETE, host_create_conn_wait_setup_complete + beq CONN_SM_DETACH_DELAY,host_create_conn_master_detach + beq CONN_SM_SEND_VERSION, host_create_conn_send_version + beq CONN_SM_WAIT_VERSION, host_create_conn_waiting + beq CONN_SM_WAIT_SWITCH_AFTER_HOST_CONNECTION, host_creat_conn_wait_switch + beq CONN_SM_SEND_FEATURES_EXT,host_creat_conn_send_feat_ext + beq CONN_SM_WAIT_FEATURES_EXT,host_create_conn_waiting + beq CONN_SM_PAIRING,host_create_conn_pairing + beq CONN_SM_PAIRING_WAIT,host_create_conn_pairing_wait + beq CONN_SM_AUTH,host_create_conn_auth + beq CONN_SM_AUTH_WAIT,host_create_conn_auth_wait + beq CONN_SM_DONE,host_create_conn_done + beq CONN_SM_WAIT_DONE,host_create_conn_done_wait + jam CONN_SM_STANDBY,mem_conn_sm + /* sending error message to host */ + rtn +host_create_conn_done: + fetch 1,mem_lmp_conn_state + rtnbit0 RECEIVED_SETUP_COMPLETE + rtnbit0 SENT_SETUP_COMPLETE + jam CONN_SM_STANDBY,mem_conn_sm + call host_conn_judge_encrypt + branch scheduler_start_upper_sm + +host_conn_judge_encrypt: + fetch 1,mem_connection_options + rtnbit0 CONNECTION_ENCRYPT + jam CONN_SM_ENCRYPT_WAIT,mem_conn_sm + rtn + +host_create_conn_done_wait: + arg enpt_delay_timer,queue + call timer_check + nrtn blank + jam CONN_SM_DONE,mem_conn_sm + rtn + +host_create_conn_auth: + fetch 1,mem_connection_options + set0 CONNECTION_AUTH,pdata + store 1,mem_connection_options + jam CONN_SM_AUTH_WAIT,mem_conn_sm + jam LMP_AU_RAND,mem_lmo_opcode2 + rtn +host_create_conn_auth_wait: + rtn +host_create_conn_pairing: + fetch 1,mem_pincode_state + rtnne pincode_state_pincode_ready //wait for pincode + call host_auth + jam CONN_SM_PAIRING_WAIT,mem_conn_sm + rtn + +host_create_conn_pairing_wait: + rtn +host_creat_conn_send_feat_ext: + jam CONN_SM_WAIT_FEATURES_EXT,mem_conn_sm + jam LMP_EXT_FEATURES_REQ,mem_lmo_opcode2 + rtn +host_create_conn_send_version: + jam CONN_SM_WAIT_VERSION,mem_conn_sm + jam LMP_VERSION_REQ,mem_lmo_opcode2 + rtn + +host_creat_conn_wait_switch: + fetch 1,mem_switch_flag + rtneq SWITCH_FLAG_INIT + beq SWITCH_FLAG_ACCEPT,host_create_conn_switch_accept + arg switch_wait_timer,queue + call timer_check + nrtn blank + jam SWITCH_FLAG_INIT,mem_switch_flag + branch host_create_conn_switch +host_create_conn_switch_accept: + rtn master + branch host_create_conn_auth_pair + +host_create_conn_send_features: + jam CONN_SM_WAIT_FEATURES_RES,mem_conn_sm + jam LMP_FEATURES_REQ,mem_lmo_opcode2 + rtn +host_create_conn_send_switch: + jam LMP_SWITCH_REQ,mem_lmo_opcode2 + set1 mark_switch_initiated,mark + jam CONN_SM_WAIT_CONN_ACCEPT,mem_conn_sm + setarg 0x1ff + store 2, mem_soft_timer + rtn +host_create_conn_send_conn_req: + jam CONN_SM_WAIT_CONN_ACCEPT,mem_conn_sm + jam 0xff,mem_soft_timer + set0 mark_reconn_recieve_switch,mark + jam LMP_HOST_CONNECTION_REQ,mem_lmo_opcode2 + branch init_lmp_reinit +host_create_conn_wait_accept: + rtnmark1 mark_reconn_recieve_switch + fetch 2,mem_soft_timer + sub pdata,1,pdata + branch host_create_conn_resend,zero + store 2, mem_soft_timer + rtn +host_create_conn_resend: + jam CONN_SM_SEND_SWITCH,mem_conn_sm + rtn +host_create_conn_waiting: + /* we will exit waiting for connection request accepted, features res, or other commands to finish */ + rtn + +host_create_conn_switch: + fetch 1,mem_lmp_conn_state + rtnbit0 SENT_SETUP_COMPLETE + rtnbit0 RECEIVED_SETUP_COMPLETE + fetch 1,mem_connection_options + set0 CONNECTION_SWITCH,pdata + store 1,mem_connection_options + jam LMP_SWITCH_REQ,mem_lmo_opcode2 + jam CONN_SM_WAIT_SWITCH_AFTER_HOST_CONNECTION,mem_conn_sm + rtn + +host_create_conn_send_setup_complete: + jam CONN_SM_WAIT_SETUP_COMPLETE,mem_conn_sm + jam LMP_SETUP_COMPLETE,mem_lmo_opcode2 + rtn + +host_create_conn_wait_setup_complete: + fetch 1,mem_lmp_conn_state + rtnbit0 RECEIVED_SETUP_COMPLETE + jam CONN_SM_STANDBY,mem_conn_sm + + rtn +host_create_conn_wait_setup_complete_rtn: + jam CONN_SM_AUTH_PAIR ,mem_conn_sm + rtn + +host_create_conn_master_detach: + fetch 1, mem_soft_timer + increase -1,pdata + branch host_create_conn_send_detach,blank//detach + store 1, mem_soft_timer + rtn +host_create_conn_send_detach: + jam LMP_DETACH,mem_lmo_opcode2 + jam LOCAL_HOST,mem_disconn_reason_send + jam 0,mem_conn_sm + rtn +host_create_conn_auth_pair: + /* checking whether or not to do m/s switch */ + fetch 1,mem_connection_options + bbit1 CONNECTION_SWITCH,host_create_conn_switch + bbit1 CONNECTION_AUTH,host_create_conn_auth_pair_true +host_create_conn_sm_done: + jam CONN_SM_DONE,mem_conn_sm + rtn +host_create_conn_auth_pair_true: + fetch 1,mem_link_key_exists + branch host_create_conn_auth_pair_nokey,blank + fetch 1,mem_lmp_conn_state + rtnbit0 SENT_SETUP_COMPLETE + rtnbit0 RECEIVED_SETUP_COMPLETE + fetch 4,mem_aurand_send_delay_time + arg 100,temp + iadd temp,temp + copy clkn_bt,pdata + isub temp,null + nrtn positive + branch host_create_conn_auth + + + +host_create_conn_auth_pair_nokey: + jam CONN_SM_PAIRING,mem_conn_sm + jam 4,mem_pin_length + setarg 0x3030 + store 2,mem_pin + istore 2,contw + jam pincode_state_pincode_ready,mem_pincode_state + branch host_create_conn_pairing + +host_create_conn_auth_pair_wait: + rtn +host_create_conn_encrypt: + fetch 1,mem_connection_options + bbit1 CONNECTION_ENCRYPT,host_create_conn_encrypt_start + jam CONN_SM_DONE,mem_conn_sm + rtn + +host_create_conn_encrypt_start: + fetch 1,mem_connection_options + set0 CONNECTION_ENCRYPT,pdata + store 1,mem_connection_options + jam LMP_ENCRYPTION_MODE_REQ,mem_lmo_opcode2 + rtn + +host_create_conn_encrypt_wait: + fetch 1, mem_wait_encryption + rtn blank + jam CONN_SM_STANDBY,mem_conn_sm + branch host_create_conn_encrypt_start + +host_create_conn_encrypt_wait_clear: + jam CONN_SM_SEND_SETUP_COMPLETE,mem_conn_sm + rtn + +host_auth: + fetch 1,mem_op + bbit1 op_inrand_req,remote_auth + call tid_initiate + jam LMP_IN_RAND,mem_lmo_opcode2 + branch cmd_exit +remote_auth: + fetch 1,mem_op + set0 op_inrand_req,pdata + store 1,mem_op + call lmp_accept_inrand + call tid_set_reply + branch cmd_exit + +pincode_reinit: + setarg 4 + store 1,mem_pin_length + setarg 0x3030 + istore 2,contw + istore 2,contw + rtn + + Index: dukaqi/senrui/program/patch.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/patch.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/patch.prog (working copy) @@ -0,0 +1,430 @@ + + +/******************************************/ +/************** Start *****************/ +/******************************************/ + +p_start: + bbit1 8,pf_patch_ext + beq patch00_1,p_soft_reset + beq patch10_5,p_shutdown_radio + beq patch11_1,p_set_freq_tx + beq patch14_2,p_init_param + beq patch17_0,p_module_init + beq patch17_3,p_module_hci_cmd_control + beq patch17_4,p_module_hci_cmd_transmit_le_notify + branch assert +pf_patch_ext: + beq patch20_3,p_le_receive_skip + beq patch20_5,p_le_transmit_receive_sifs + beq patch20_6,p_le_transmit + beq patch27_2,p_parse_lmp + beq patch27_6,p_send_lmp + beq patch28_1,p_ssp_disable + beq patch2a_2,p_parse_dlci0_rp + beq patch33_1,p_sp_initialize_256 + branch assert + +p_soft_reset: + call rfcomm_init + call init_lmp + call p_ui_init + branch soft_reset + 9 + +p_ui_init: + rtn wake + branch ui_timer_init + + +p_shutdown_radio: + branch p_shutdown_radio0,is_rx + hjam 0xd4, 0x955 + nop 4 + hjam 0xd2, 0x955 + nop 4 + hjam 0xd1, 0x955 + nop 4 + fetch 1,mem_tx_power + beq TX_POWER_0DB,p_shutdown_radio_0db + beq TX_POWER_3DB,p_shutdown_radio_3db + beq TX_POWER_5DB,p_shutdown_radio_5db + beq TX_POWER_f3DB,p_shutdown_radio_f3db + beq TX_POWER_f5DB,p_shutdown_radio_f5db + beq TX_POWER_PAIR,p_shutdown_radio_pair +p_shutdown_radio_5db: +p_shutdown_radio_0db: + hjam 0xd0, 0x955 + hjam 0xe0, 0x956 +p_shutdown_radio0: + force 0x08,radio_ctrl + force 0,radio_ctrl + disable is_rx + disable is_tx + pulse packet_end + hjam 0x0,rfen_mdm + hjam 0x0,rfen_tx + hjam 0x0,rfen_rx + hjam 0,rfen_sn + hjam 0x70,rfen_msc + fetch 1,rfen_adc + set1 0,pdata + store 1,rfen_adc + rtn + +p_shutdown_radio_pair: +p_shutdown_radio_f5db: +p_shutdown_radio_f3db: +p_shutdown_radio_3db: + hjam 0xd0,0x955 + hjam 0xc0,0x956 + branch p_shutdown_radio0 + +p_set_freq_tx: + storet 1,mem_last_freq + call set_freq_tx_offset + call rf_write_freq + setarg param_pll_setup + call sleep +p_txon: + fetch 1,rfen_adc + set1 0,pdata + store 1,rfen_adc + branch txon+1 + +p_init_param: + hjam 0x7c,rfen_adc + rtn wake + setarg 0 + store 2,mem_tx_len + rshift clkn_bt,pdata + store 4,mem_last_clkn + rtn + + +p_module_init: + setarg p_module_process_bb_event + store 2,mem_cb_bb_event_process + + setarg p_module_bb_event_timer + store 2,mem_cb_event_timer + + setarg p_module_le_receive_data + store 2,mem_cb_att_write + + call module_lpm_uart_init + call module_gpio_init + call check_module_disabled + branch module_hci_event_enter_standby_mode + +p_module_process_bb_event: + copy regc,pdata + beq BT_EVT_SPP_DISCONNECTED,p_module_process_spp_disconnected + beq BT_EVT_BB_DISCONNECTED,p_module_process_bb_event_disconned + branch module_process_bb_event + 1 + +p_module_process_bb_event_disconned: + jam 0,mem_module_rfcomm_disconnect_count + branch module_process_bb_event_disconned + +p_module_process_spp_disconnected: + jam 6,mem_module_rfcomm_disconnect_count + branch module_process_spp_disconnected + +p_module_bb_event_timer: + call p_module_rfcomm_disconnect_timer + branch module_bb_event_timer + +p_module_rfcomm_disconnect_timer: + fetch 1,mem_module_rfcomm_disconnect_count + rtn blank + increase -1,pdata + store 1,mem_module_rfcomm_disconnect_count + nrtn blank + fetch 2,mem_ui_state_map + bbit1 UI_STATE_BT_CONNECTED,app_bt_disconnect + rtn + +p_module_le_receive_data: + call module_check_ble_encrypt_state + rtn user + copy rega,pdata + store 2,mem_module_le_rx_data_address + copy regb,pdata + store 1,mem_module_le_rx_data_len + fetcht 2,mem_le_att_handle + storet 2,mem_module_le_rx_data_handle + + call le_att_get_handle_info + nbranch assert,blank + fetch 1,mem_le_cur_uuid_length // uuid length + bne 0x02,module_hci_event_receive_le_data + ifetcht 2,contr + setarg CLIENT_CHARACTERTIC_CONFIGURATION + isub temp,null + rtn zero //filter ccc handle data + branch module_hci_event_receive_le_data + +p_module_hci_cmd_control: + fetch 1,mem_module_uart_opcode + beq HCI_CMD_SLEEP,p_module_hci_cmd_enter_sleep + beq HCI_CMD_SET_PAIRING_REQ,p_module_hci_cmd_set_pairing_mode + beq HCI_CMD_DELETE_CUSTOMIZE_SERVICE,module_hci_cmd_delete_customize_service + beq HCI_CMD_ADD_SERVICE_UUID,module_hci_cmd_add_service_uuid + beq HCI_CMD_ADD_CHARACTERISTIC_UUID,module_hci_cmd_add_characteristic_uuid + beq HCI_CMD_SET_COD,module_hci_cmd_le_set_adv_data_set_cod + branch module_hci_cmd_control + 2 + +p_module_hci_cmd_set_pairing_mode: + copy rega,contru + ifetch 1,contru + beq PAIRING_PINCODE,module_hci_pairing_pincode_mode + beq PAIRING_JUSTWORK,module_hci_pairing_just_work_mode + beq PAIRING_PASSKEY,module_hci_pairing_passkey + beq PAIRING_CONFIRM,p_module_hci_pairing_numeric_comparison + branch module_hci_event_receive_invalid_cmd + +p_module_hci_pairing_numeric_comparison: + setarg 0x000001 + branch module_hci_sspairing_mode + +module_hci_cmd_delete_customize_service: + arg 0x0028,temp + call le_att_get_handle_ptr2 + add contr,-2,contw + setarg 0x0000 + istore 2,contw + branch module_hci_event_receive_valid_cmd + +module_hci_cmd_add_service_uuid: + call module_hci_cmd_add_service_uuid_set_uuid + call uart_copy_rx_bytes_len_data + setarg 0x0000 + istore 2,contw + branch module_hci_event_uuid_handle + +module_hci_cmd_add_characteristic_uuid: + ifetch 1,contru //Characteristic + call module_hci_cmd_add_characteristic_uuid_set_handle + call module_hci_cmd_add_characteristic_uuid_set_uuid + branch module_hci_event_uuid_handle + +module_hci_cmd_add_service_uuid_set_uuid: + call le_att_creat_new_handle + setarg 0x280002 + istore 3,contw + rtn + +module_hci_cmd_add_characteristic_uuid_set_handle: + store 1,mem_pdatatemp + call le_att_creat_new_handle + setarg 0x01280302 + istore 4,contw + fetch 1,mem_pdatatemp + istore 3,contw + rtn + +module_hci_cmd_add_characteristic_uuid_set_uuid: + call le_att_creat_new_handle + call uart_copy_rx_bytes_len_data //uuid + call uart_copy_rx_bytes_len_data //data + setarg 0 + istore 2,contw + increase -1,temp + call le_att_get_handle_ptr2 + add contr,4,contr + ifetch 1,contr //characteristic data + bbit1 BIT_CHARACTERISTIC_NOTIFY,module_hci_cmd_add_characteristic_uuid_set_ccc_uuid + bbit1 BIT_CHARACTERISTIC_INDICATE,module_hci_cmd_add_characteristic_uuid_set_ccc_uuid + increase 1,temp + rtn + +module_hci_cmd_add_characteristic_uuid_set_ccc_uuid: + call le_att_creat_new_handle + setarg 0x02290202 + istore 8,contw + increase -1,temp + rtn + + +uart_copy_rx_bytes_len_data: + ifetch 1,contru + copy pdata,loopcnt + istore 1,contw + branch uart_copy_rx_bytes + + +le_att_creat_new_handle: + call le_att_get_last_handle + istoret 2,contw + rtn + +//output:temp:new handle num +//contr:address write data +le_att_get_last_handle: + fetch 2,mem_ui_le_uuid_table + iforce contr +le_att_get_last_handle_loop: + ifetch 2,contr + rtn blank + add pdata,1,temp + ifetch 1,contr + iadd contr,contr + ifetch 1,contr // length + iadd contr,contr + copy contr,contw + branch le_att_get_last_handle_loop + + +//input:temp uuid number +module_hci_event_uuid_handle: + storet 2,mem_temp + jam HCI_EVENT_UUID_HANDLE,mem_module_uart_opcode + setarg 2 + call module_hci_prepare_tx + fetcht 2,mem_temp + istoret 2,contwu + branch uartd_send + +module_hci_cmd_le_set_adv_data_set_cod: + ifetch 3,contru + store 3,mem_class + branch module_hci_event_receive_valid_cmd + + +p_module_hci_cmd_enter_sleep: + call module_hci_event_receive_valid_cmd + branch app_enter_hibernate + +p_module_hci_cmd_transmit_le_notify: + fetch 2,mem_le_local_mtu + call not_greater_than + copy pdata,temp + branch module_hci_cmd_transmit_le_notify+6 + + + +p_le_receive_skip: + call save_rssi + enable enable_white + enable enable_crc + parse demod,bucket,8 + rshift3 pwindow,pdata + store 1,mem_le_rxbuf + parse demod,bucket,8 + rshift3 pwindow,pdata + istore 1,contw + and pdata,0x3f,loopcnt + branch lerx_nopayload,zero + sub pdata,51,null + ncall p_lerx_max_length,positive + branch lerx_loop + +p_lerx_max_length: + arg 51,loopcnt + rtn + +p_le_transmit_receive_sifs: + call le_transmit + call set_sync_on + fetcht 1,mem_last_freq + call set_freq_rx + nop 1500 + call rf_rx_enable + enable swfine + arg 5500,timeup + branch le_receive_rxon + +p_le_transmit: + call le_prep + call p_letx_setfreq + branch le_transmit0 + +p_letx_setfreq: + branch p_txon,match + branch letx_setfreq+1 + +p_parse_lmp: + fetch 1,mem_lmi_opcode2 + beq LMP_ENCRYPTION_KEY_SIZE_REQ,p_parse_lmp_crypt_key + + branch parse_lmp + 21 + +p_parse_lmp_crypt_key: + fetcht 1,mem_rxbuf+1 + sub temp,6,null + branch reject_lmp_packet_pdu_not_allowed,positive + branch parse_lmp_crypt_key + 1 + +reject_lmp_packet_pdu_not_allowed: + jam PDU_NOT_ALLOWED,mem_lmo_reason2 + branch reject_lmp_packet + + +p_send_lmp: + disable user + call lmo_fifo_process + fetch 1,mem_lmp_to_send + rtn blank + bbit1 7,p_send_lmp_escape + branch send_lmp0 + +p_send_lmp_escape: + beq LMP_EXT_FEATURES_RES,p_send_lmpext_features_res + beq LMP_EXT_FEATURES_REQ,p_send_lmpext_features_req + branch send_lmp_escape + +p_send_lmpext_features_res: + call p_check_ssp_enable + fetch 1,mem_lmp_to_send + branch send_lmpext_features_res +p_send_lmpext_features_req: + call p_check_ssp_enable + fetch 1,mem_lmp_to_send + branch send_lmpext_features_req + +p_check_ssp_enable: + fetch 1,mem_ssp_enable + branch ssp_disable, blank + branch ssp_enable + +p_ssp_disable: + fetch 1,mem_features+6 + set0 param_featrue_ssp,pdata + store 1,mem_features+6 + setarg 0x1 + store 2,mem_lmpext_ssp_enable + rtn + + +p_parse_dlci0_rp: + fetch 1,mem_current_frame_type + beq RFCOMM_FRAME_TYPE_SABM,rfcomm_rx_process_DLCI0_sabm + beq RFCOMM_FRAME_TYPE_UA,rfcomm_rx_process_DLCI0_ua + beq RFCOMM_FRAME_TYPE_UIH,p_parse_DLCI0_rp_uih + beq RFCOMM_FRAME_TYPE_DISCONN,parse_uih_rp_spp_disconn_send_event + rtn +p_parse_DLCI0_rp_uih: + fetch 2,mem_rfcomm_uih_payload_ptr + copy pdata,contr + call get_rfcomm_uih_head_struct + fetch 1,mem_uih_cmd_type + beq UIH_PARAM_NEG_CMD,parse_DLCI0_rp_uih_pn_cmd + beq UIH_PARAM_NEG_RES,parse_DLCI0_rp_uih_pn_res + beq UIH_MODEM_STATUS_CMD,parse_DLCI0_rp_uih_ms_cmd + beq UIH_MODEM_STATUS_RES,p_parse_DLCI0_rp_uih_ms_res + beq UIH_PARAM_CMD_REMOVE_PORT,parse_DLCI0_rp_uih_cmd_port + branch rfcomm_rx_process_end +p_parse_DLCI0_rp_uih_ms_res: + jam BT_EVT_SPP_CONNECTED,mem_fifo_temp + call ui_ipc_send_event + call get_rfcomm_param_modem_status + branch parse_DLCI0_rp_uih_ms_res_spp + +p_sp_initialize_256: + fetch 1,mem_le_secure_connect_enable + branch le_secure_connection_disable,blank +// call le_secure_connection_enable + call sp_clear_flags + branch sp_pubkey_calc_256 + + Index: dukaqi/senrui/program/peripherals.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/peripherals.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/peripherals.prog (working copy) @@ -0,0 +1,387 @@ + +/* ===================== SPI dma ======================= */ + +/***************************************************************************** +*soft reset chip +*****************************************************************************/ +soft_reset_chip: + hjam 1,core_reset + rtn + +/* ===================== uart dma ======================= */ +uartd_prepare_tx: + bpatchx patch29_0,mem_patch29 + fetch 2,IPC_BT2M0_WRITE_PTR + copy pdata,contwu + rtn + +uartd_send: + bpatchx patch29_1,mem_patch29 + copy contwu,pdata + store 2,IPC_BT2M0_WRITE_PTR +wake_up_m0: + fetch 1,core_config + rtnbit1 7 + set1 7,pdata + store 1,core_config + rtn + + +uart_copy_tx_bytes_fast: + deposit loopcnt + rtn blank +uart_copy_tx_bytes_fast_loop: + increase -8,loopcnt + call uart_tx_8_bytes,positive + rtn zero + branch uart_copy_tx_bytes_fast_loop,positive + increase 8,loopcnt +uart_copy_tx_bytes_fast_loop_four: + increase -4,loopcnt + call uart_tx_4_bytes,positive + rtn zero + branch uart_copy_tx_bytes_fast_loop_four,positive + increase 4,loopcnt + branch uart_copy_tx_bytes + +uart_tx_8_bytes: + ifetch 8,contr + istore 8,contwu + rtn + +uart_tx_4_bytes: + ifetch 4,contr + istore 4,contwu + rtn + +uart_copy_tx_bytes: + deposit loopcnt + rtn blank +uart_copy_tx_bytes_loop: + ifetch 1,contr + istore 1,contwu + loop uart_copy_tx_bytes_loop + rtn + +uart_copy_rx_bytes_fast: + deposit loopcnt + rtn blank +uart_copy_rx_bytes_fast_loop: + increase -8,loopcnt + call uart_rx_8_bytes,positive + rtn zero + branch uart_copy_rx_bytes_fast_loop,positive + increase 8,loopcnt +uart_copy_rx_bytes_fast_loop_four: + increase -4,loopcnt + call uart_rx_4_bytes,positive + rtn zero + branch uart_copy_rx_bytes_fast_loop_four,positive + increase 4,loopcnt + branch uart_copy_rx_bytes + +uart_rx_8_bytes: + ifetch 8,contru + istore 8,contw + rtn + +uart_rx_4_bytes: + ifetch 4,contru + istore 4,contw + rtn + + +uart_copy_rx_bytes: + deposit loopcnt + rtn blank +uart_copy_rx_bytes_loop: + ifetch 1,contru + istore 1,contw + loop uart_copy_rx_bytes_loop + rtn + +uartd_rxdone: + bpatchx patch29_2,mem_patch29 + copy contru,pdata + store 2,IPC_M02BT_READ_PTR + rtn + +uartd_prepare_rx: + bpatchx patch29_3,mem_patch29 + fetch 2,IPC_M02BT_READ_PTR + copy pdata,contru + rtn + +/* ===================== eeprom data ======================= */ + +app_store_nvram_event: + jam BT_EVT_STORE_NVRAM,mem_fifo_temp + branch ui_ipc_send_event + +eeprom_store_le_reconn_info: +eeprom_store_bd_reconn_info: +check_51cmd_store_reconn_info: +check_51cmd_update_device_record: + bpatchx patch29_4,mem_patch29 + fetch 1,mem_nv_data_number + rtn blank // not nv data + call check_nvram + call init_device_list,zero + call nvram_find_addr_from_bd_list +write_device_record: + fetch 1,mem_nv_data_number + icopy regc + fetcht 2,mem_nv_data_ptr + storet 2,mem_list_item_ptr +write_device_loop_find: + copy regc,pdata + branch app_store_nvram_event,blank //EEPROM + increase -1,regc + copy temp,rega + ifetch 1,rega + fetcht 1,mem_select_list_item + isub temp,null + call set_index_finded_device,zero + branch write_device_loop_find0,positive + ifetch 1,rega + increase 1,pdata + istore 1,rega +write_device_loop_find0: + fetcht 2,mem_list_item_ptr + increase NV_DATA_LEN,temp + storet 2,mem_list_item_ptr + branch write_device_loop_find + +set_index_finded_device: + setarg 0 + istore 1,rega + fetch 1,mem_temp_reconn_record + istore 1,contw + bne REC_3_MODE,set_index_finded_device_ble_mode + arg mem_link_key,regb +set_index_find_device_MASTER_ADDR: + ifetch 6,contr + istore 8,contw + setarg 0 + istore 8,contw + copy regb,contr +store_rec_data_common: + call memcpy16 + force 1,null + rtn + +set_index_finded_device_ble_mode: + beq REC_4_MODE_RANDOM_RESOLVABLE_PRIVATE_ADDRESS,set_index_finded_device_IRK + beq REC_4_MODE_RANDOM_NON_RESOLVABLE_PRIVATE_ADDRESS,set_index_finded_device_EDIV + arg mem_le_ltk,regb + branch set_index_find_device_MASTER_ADDR + +set_index_finded_device_IRK: + arg mem_le_irk,contr + call memcpy16 +store_ble_rec_data_common: + arg mem_le_ltk,contr + branch store_rec_data_common + +set_index_finded_device_EDIV: + arg mem_le_rand,contr + call memcpy16 + branch store_ble_rec_data_common + + +nvram_find_addr_from_bd_list: + call disable_user + fetch 1,mem_nv_data_number + rtn blank // not nv data + fetch 2,mem_ui_state_map + bbit1 UI_STATE_BT_CONNECTED,find_addr_from_bd_list_SPP_mode +find_addr_from_bd_list_ble_mode: + bpatchx patch29_5,mem_patch29 + fetch 1,mem_le_conn_peer_addr_type + beq MASTER_PUBLIC_ADDR,find_addr_from_bd_list_static_addr + fetch 1,mem_le_plap+5 + compare 0xc0,pdata,0xc0 + branch find_addr_from_bd_list_static_addr,true + compare 0x40,pdata,0xc0 + branch find_addr_from_bd_list_random_addr,true + compare 0x00,pdata,0xc0 + branch find_addr_from_bd_list_random_non_resolvable_private_address,true +find_addr_from_bd_list_static_addr: + jam REC_4_MODE_STATIC_ADDRESS,mem_temp_reconn_record + fetch 6,mem_le_plap + branch find_addr_from_bd_list_common + +find_addr_from_bd_list_random_non_resolvable_private_address: + jam REC_4_MODE_RANDOM_NON_RESOLVABLE_PRIVATE_ADDRESS,mem_temp_reconn_record + branch find_addr_from_bd_list_common + +//input :pdata EDIV and rands +find_addr_from_bd_list_random_addr: + jam REC_4_MODE_RANDOM_RESOLVABLE_PRIVATE_ADDRESS,mem_temp_reconn_record + branch find_addr_from_bd_list_common + +//input :pdata EDIV and rands +find_addr_from_bd_list_SPP_mode: + bpatchx patch29_6,mem_patch29 + jam REC_3_MODE,mem_temp_reconn_record + fetch 6,mem_plap +find_addr_from_bd_list_common: + store 6,mem_temp_reconn_record+1 + fetch 2,mem_nv_data_ptr + ifetcht 1,pdata + pincrease 1 + store 2,mem_list_item_ptr + storet 1,mem_select_list_item + fetch 1,mem_nv_data_number + icopy regc +nvram_find_addr_from_list: + fetch 2,mem_list_item_ptr + copy pdata,rega + call nvram_find_addr_from_list_compare + rtn user + fetcht 2,mem_list_item_ptr + increase NV_DATA_LEN,temp + storet 2,mem_list_item_ptr + increase -1,temp + ifetch 1,temp + store 1,mem_select_list_item + increase -1,regc + nbranch nvram_find_addr_from_list,zero + fetch 1,mem_nv_data_number + pincrease DECREASED_ONE + store 1,mem_select_list_item + rtn +nvram_find_addr_from_list_compare: + fetch 1,mem_temp_reconn_record + bne REC_3_MODE,find_addr_from_list_compare_ble_mode +find_master_addr_from_list_compare: + arg mem_temp_reconn_record,regb + arg 7,loopcnt + call string_compare + branch enable_user,zero + rtn + +find_addr_from_list_compare_ble_mode: + beq REC_4_MODE_RANDOM_RESOLVABLE_PRIVATE_ADDRESS,find_irk_form_list_compare + beq REC_4_MODE_RANDOM_NON_RESOLVABLE_PRIVATE_ADDRESS,find_ediv_form_list_compare + branch find_master_addr_from_list_compare + +find_irk_form_list_compare: + ifetcht 1,rega + isub temp,null + nrtn zero + arg mem_le_prand,contw + arg 16,loopcnt + call clear_mem + fetch 3,mem_le_plap+3 + store 3,mem_le_prand + call genernate_master_MacAddress + fetch 2,mem_le_aes_128+13 + byteswap pdata,pdata + lshift8 pdata,temp + ifetch 1,contr + iadd temp,pdata + fetcht 3,mem_le_plap + isub temp,null + branch enable_user,zero + rtn + + +genernate_master_MacAddress: + arg mem_le_prand ,contr + call load_data128 +// arg mem_le_irk,contr + ifetch 1,rega + call load_key128 + force aes_big_endian | aes_load,aes_ctrl + force 0,aes_ctrl // change result to little endian + call wait_aes + arg mem_le_aes_128,contw + branch store_aes_result + +find_ediv_form_list_compare: + ifetcht 1,rega + isub temp,null + nrtn zero + copy contr,rega + add contr,8,regc + arg mem_le_rand,regb + arg 8,loopcnt + call string_compare + branch enable_user,zero + copy regc,rega + arg mem_le_irk,regb + arg 8,loopcnt + call string_compare + branch enable_user,zero + rtn + +check_nvram: + fetch 2,mem_nv_data_ptr + ifetcht 1,pdata + pincrease NV_DATA_LEN + ifetch 1,pdata + isub temp,null + rtn + +init_device_list: + fetch 1,mem_nv_data_number + icopy loopcnt + fetcht 2,mem_nv_data_ptr + setarg 0 +init_device_list_loop: + istore 1,temp + increase NV_DATA_LEN,temp + pincrease 1 + loop init_device_list_loop + rtn + +load_device_list: + bpatchx patch29_7,mem_patch29 + call nvram_find_addr_from_bd_list + fetch 1,mem_state + setflag user,state_combkey,pdata /* we have link key */ + store 1,mem_state + nbranch clear_key_exists,user + add rega,10,contr +// copy rega,contr + arg mem_link_key,contw + call memcpy16 + branch check_link_key_load +clear_key_exists: + jam 0,mem_link_key_exists + rtn + +load_device_list_mode_4: + fetch 9,mem_le_ediv + branch clear_ltk_exists,blank + call nvram_find_addr_from_bd_list + nbranch clear_ltk_exists,user + fetch 2,mem_list_item_ptr + add pdata,1,contr + arg mem_le_irk,contw + call memcpy16 + arg mem_le_ltk,contw + call memcpy16 + jam 1,mem_ltk_exists + rtn + +clear_ltk_exists: + jam 0,mem_ltk_exists + rtn + + + + +check_link_key_load: + fetch 8,mem_link_key + fetcht 8,mem_link_key+8 + ior temp,pdata + rtn blank + jam 1,mem_link_key_exists + rtn + + +/* =============== GPIO CONTROL ================= */ + + Index: dukaqi/senrui/program/rfcomm.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/rfcomm.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/rfcomm.prog (working copy) @@ -0,0 +1,960 @@ + +ifdef COMPILE_RFCOMM +rfcomm_init: + rtn wake + jam 0,mem_rfcomm_send_more_pkt + jam BITS9600,memRemoteRPNBitRate + jam DATABITS8,memRemotePRNDataBits + jam 0x11,memRemotePRNXon + jam 0x13,memRemotePRNXoff + setarg 0 + store 3,memRemotePRNStopBit + store 1,mem_spp_state + jam 0,memui_reconnect_mode + //branch rfcomm_init_spp +rfcomm_init_spp: + bpatchx patch2a_0,mem_patch2a + setarg 0 + store 1,mem_spp_state + store 1,mem_remote_spp_channel + store 1,mem_pn_dlci + fetch 1,mem_credit_flag + beq CREDIT_ENABLE,rfcomm_init_spp_with_credit + jam 0x50,mem_credit_given + rtn + +rfcomm_init_spp_with_credit: + jam 0x00,mem_credit_given + rtn + +set_CR_bit: + or_into 0x02,temp + rtn + + +/*below added by koufan*/ + +/*rfcomm_send */ + + + + /*rfcomm_calculate_FCS_sabm*/ + /*input: address in temp*/ + /*output: FCS in pdata */ +rfcomm_calculate_FCS_sabm: + copy temp,pdata + reverse pdata,pdata //address + store 1,memFCStemp3 + force INI_TX_SABM,pdata + reverse pdata,pdata + store 1,memFCStemp2 + force 0x01,pdata + reverse pdata,pdata + store 1,memFCStemp1 + call caculate_fcs + copy temp,pdata + rtn +rfcomm_calculate_FCS_ua: + reverse pdata,pdata //address + store 1,memFCStemp3 + force RSP_TX_UA, pdata + reverse pdata, pdata + store 1, memFCStemp2 + force 0x01, pdata + reverse pdata, pdata + store 1, memFCStemp1 + branch caculate_fcs + /* FCS return from temp */ +rfcomm_calculate_FCS_dlci0: + fetch 1,mem_rfcomm_initiator + branch rfcomm_calculate_FCS_dlci0_res,blank + setarg 0x70 //FCS of initiator + rtn +rfcomm_calculate_FCS_dlci0_res: + setarg 0xaa//FCS of responder + rtn + +rfcomm_save_FCS_uih: + reverse pdata, pdata //address + store 1,memFCStemp3 /* contw distroided */ + force RSP_RX_UIH,pdata + call caculate_UIHdata_fcs + fetcht 2,mem_contw_temp + copy temp,contw + istore 1,contw /* save FCS for later use */ + copy contw,temp + storet 2,mem_contw_temp + force RSP_RX_UIH_WDATA,pdata /* P/F =1 + RSP_RX_UIH */ + call caculate_UIHdata_fcs + fetcht 2,mem_contw_temp + copy temp,contw + istore 1,contw /* save FCS for later use */ + rtn +/**********************************************************************/ +/* This subroutine caculates the FCS for UIH data */ +/* Input: */ +/* the address byte at memFCStemp3(bit reversed), control byte */ +/* at pdata (not bit reversed) */ +/* Output: */ +/* pdata: the FCS */ +/**********************************************************************/ +caculate_UIHdata_fcs: + reverse pdata,pdata + store 1,memFCStemp2 + fetch 2, memFCStemp2 + lshift8 pdata,pdata + store 3,mem_mod2div_temp + arg 0x107,regA + arg 0xf,regB + call mod2div + xor_into 0xd7, pdata + invert pdata,pdata + reverse pdata,pdata + rtn + +/**********************************************************************/ +/* This subroutine caculates the FCS */ +/* Input: */ +/* the address byte at memFCStemp3, control byte at memFCStemp2*/ +/* lenght at memFCStemp1 (all above data are bit reversed) */ +/* Output: */ +/* temp: the FCS */ +/**********************************************************************/ +caculate_fcs: + fetch 3, memFCStemp1 /* load 3 bytes start at memFCStemp1 */ + store 3,mem_mod2div_temp + arg 0x107,regA + arg 0xf,regB //24bit(memFCStemp1+..+memFCStemp3) - 9bit(regA) = 15bit + call mod2div + lshift8 pdata,pdata + arg 0x7, regB //16bit(lshift8 pdata,pdata ) - 9bit(regA) = 7bit + call mod2div + xor_into 0x2b, pdata //0x3d + invert pdata, pdata + reverse pdata, pdata /* FCS at pdata */ + copy pdata, temp + rtn + +mod2div: + arg 0,regC + copy regB,loopcnt + call right_shift_n // right shift pdata (regB)bit + icopy temp +mod2div_loop: + //jam 1,0x1fff +//mod2div_loop1: + //fetch 1,0x1fff + //nbranch mod2div_loop1,blank + copy temp,pdata + lshift regC,regC//quotient + bbit0 8, mod2div_not_enough_reduction//the high bit of 0x107 + ixor regA,temp// temp----remainer + increase 1,regC// quotient +mod2div_not_enough_reduction: //Minuend smaller than Subtrahend + lshift temp,temp + fetch 3,mem_mod2div_temp + increase -1,regB + compare 0xff,regB,0xff + branch mod2div_end,true + copy regB,loopcnt + call right_shift_n // right shift pdata (regB)bit + isolate1 0,pdata + setflag true,0,temp //move a new bit from Dividend(queue) into Minuend(pdata) + branch mod2div_loop +mod2div_end: + //output:remainer in pdata + rshift temp,pdata + rtn + +get_rfcomm_snd_adss: + fetcht 1,mem_pn_dlci +dlci_to_address_cmd: + //input DLCI from temp + lshift2 temp,temp + set1 RFCOMM_ADDRESS_EXT_LEN,temp + fetch 1,mem_rfcomm_initiator + ncall set_CR_bit,blank + storet 1,mem_rfcomm_send_adss + rtn + +channel_to_dlci: + //input channel from temp + lshift temp,temp + fetch 1,mem_rfcomm_initiator + setflag blank,0,temp //direction in dlci + //output dlci to temp + rtn +rfcomm_rx_process_DLCI0_sabm: + fetcht 1,mem_current_channel //address + jam 0xd7,mem_current_fcs //FCS + call rfcomm_send_ua + fetch 1,mem_rfcomm_state + set1 L2CAP_CHANNEL_RFCOMM_ONLY_SABM,pdata + set1 L2CAP_CHANNEL_RFCOMM_ONLY_UA,pdata + store 1,mem_rfcomm_state + jam 0,mem_rfcomm_initiator + branch rfcomm_rx_process_end +rfcomm_rx_process_DLCI0_ua: + fetch 1,mem_rfcomm_state + set1 L2CAP_CHANNEL_RFCOMM_ONLY_UA,pdata + store 1,mem_rfcomm_state + branch rfcomm_rx_process_end + + +rfcomm_rx_process: + bpatchx patch2a_1,mem_patch2a + fetch 1,memui_reconnect_mode + beq NO_RECONNECTION,rfcomm_rx_process_remote_page + branch rfcomm_rx_process_reconn + +rfcomm_rx_process_remote_page: + fetch 2,mem_l2cap_payload_ptr + copy pdata,contr + call get_rfcomm_head_struct + fetch 1,mem_current_channel + beq 0,parse_dlci0_rp + branch parse_uih_rp +parse_dlci0_rp: + bpatchx patch2a_2,mem_patch2a + fetch 1,mem_current_frame_type + beq RFCOMM_FRAME_TYPE_SABM,rfcomm_rx_process_DLCI0_sabm + beq RFCOMM_FRAME_TYPE_UA,rfcomm_rx_process_DLCI0_ua + beq RFCOMM_FRAME_TYPE_UIH,parse_DLCI0_rp_uih + beq RFCOMM_FRAME_TYPE_DISCONN,parse_uih_rp_spp_disconn_send_event + rtn + + +parse_DLCI0_rp_uih: + fetch 2,mem_rfcomm_uih_payload_ptr + copy pdata,contr + call get_rfcomm_uih_head_struct + fetch 1,mem_uih_cmd_type + beq UIH_PARAM_NEG_CMD,parse_DLCI0_rp_uih_pn_cmd + beq UIH_PARAM_NEG_RES,parse_DLCI0_rp_uih_pn_res + beq UIH_MODEM_STATUS_CMD,parse_DLCI0_rp_uih_ms_cmd + beq UIH_MODEM_STATUS_RES,parse_DLCI0_rp_uih_ms_res + beq UIH_PARAM_CMD_REMOVE_PORT,parse_DLCI0_rp_uih_cmd_port + branch rfcomm_rx_process_end + +parse_DLCI0_rp_uih_pn_cmd: + call parse_DLCI0_rp_uih_pn_res_common + + branch parse_DLCI0_rp_uih_pn_cmd_spp + +parse_DLCI0_rp_uih_pn_cmd_spp: + fetch 1,mem_spp_state + set1 RFCOMM_CHANNEL_STATE_PN_CMD,pdata + set1 RFCOMM_CHANNEL_STATE_PN_RES,pdata + store 1,mem_spp_state + call rfcomm_send_param_neg_res + branch rfcomm_rx_process_end + +parse_DLCI0_rp_uih_pn_res: + call parse_DLCI0_rp_uih_pn_res_common + branch rfcomm_rx_process_end + +parse_DLCI0_rp_uih_pn_res_common: + call get_param_payload_ptr + branch get_rfcomm_prarmer_negotiation + +get_rfcomm_param_modem_status: + call get_param_payload_ptr + ifetch 1,contr + rshift3 pdata,pdata + store 1,mem_ms_channel + ifetch 1,contr + store 1,mem_ms_param + rtn + + +get_rfcomm_head_struct: + ifetch 1,contr + store 1,mem_current_adss + rshift3 pdata,pdata + store 1,mem_current_channel + ifetch 1,contr + store 1,mem_current_frame_type +get_rfcomm_current_length: + call get_rfcomm_length_common + storet 2,mem_current_length + copy contr,pdata + store 2,mem_rfcomm_uih_payload_ptr + rtn + +get_rfcomm_uih_head_struct: + ifetch 1,contr + rshift pdata,pdata + store 1,mem_uih_cmd_type + call get_rfcomm_length_common + storet 2,mem_uih_length + copy contr,pdata + store 2,mem_param_payload_ptr + rtn + + +get_param_payload_ptr: + fetch 2,mem_param_payload_ptr + copy pdata,contr + rtn + +get_rfcomm_length_common: + ifetch 1,contr + copy pdata,temp + rshift temp,temp + rtnbit1 0 + ifetch 1,contr + lshift3 pdata,pdata + lshift4 pdata,pdata + iadd temp,temp + rtn + +get_rfcomm_prarmer_negotiation: + ifetch 1,contr + store 1,mem_pn_dlci + ifetch 1,contr + store 1,mem_pn_credit_flow_type_info + ifetch 1,contr + store 1,mem_pn_priority + ifetch 1,contr + store 1,mem_pn_acknowledg_timer + ifetch 2,contr + store 2,mem_pn_max_frame_size + ifetch 1,contr + store 1,mem_pn_max_retrans + ifetch 1,contr + store 1,mem_remote_credits + rtn + + +parse_DLCI0_rp_uih_ms_cmd: + call get_rfcomm_param_modem_status + + branch parse_DLCI0_rp_uih_ms_cmd_spp + +parse_DLCI0_rp_uih_ms_cmd_spp: + fetch 1,mem_spp_state + set1 RFCOMM_CHANNEL_STATE_RCV_MS_CMD,pdata + set1 RFCOMM_CHANNEL_STATE_SND_MS_RES,pdata + store 1,mem_spp_state + fetcht 1,mem_pn_dlci + lshift2 temp,temp + or_into 3,temp + call rfcomm_send_modem_status_res + jam MORE_PKT_MSC_CMD_SPP,mem_rfcomm_send_more_pkt + branch rfcomm_rx_process_end + +parse_DLCI0_rp_uih_ms_res: + jam BT_EVT_SPP_CONNECTED,mem_fifo_temp + call ui_ipc_send_event + call get_rfcomm_param_modem_status + fetch 1,mem_ms_channel + sub pdata,1,null + branch parse_DLCI0_rp_uih_MS_RES_spp,zero + branch assert +parse_DLCI0_rp_uih_ms_res_spp: + fetch 1,mem_spp_state + set1 RFCOMM_CHANNEL_STATE_RCV_MS_RES,pdata + store 1,mem_spp_state + branch rfcomm_rx_process_end + +parse_DLCI0_rp_uih_cmd_port: + call get_param_payload_ptr + ifetch 1,contr + store 1,mem_rpn_dlci + call l2cap_malloc_rfcomm_channel + call l2cap_get_rfcomm_tx_buff + setarg 0x000e + istore 2,contw //l2cap len + fetch 2,mem_rfcomm_remote_cid + istore 2,contw//cid + fetch 1,mem_rfcomm_initiator + //setarg 5 + lshift pdata,pdata + set1 0,pdata //ext len + istore 1,contw //DLCI0 address + bpatchx patch2a_3,mem_patch2a + setarg 0x15ef + istore 2,contw + setarg 0x1191 + istore 2,contw + //fetch 1,mem_pn_dlci + //setarg 0x0b + fetch 1,mem_rpn_dlci + istore 1,contw //DLCI + setarg 0x000007 + istore 5,contw +// setarg 0 //max frame size +// istore 2,contw + setarg 0x01 //max retrans + istore 2,contw +// setarg 0x00 +// istore 1,contw // init credits + call rfcomm_calculate_FCS_dlci0 + istore 1,contw + rtn + + + +parse_uih_rp: + branch parse_uih_rp_spp + +parse_uih_rp_spp: + bpatchx patch2a_4,mem_patch2a + fetch 1,mem_current_frame_type + beq RFCOMM_FRAME_TYPE_UA,parse_uih_rp_spp_ua + beq RFCOMM_FRAME_TYPE_SABM,parse_uih_rp_spp_sabm + beq RFCOMM_FRAME_TYPE_UIH,parse_uih_spp_uih + beq RFCOMM_FRAME_TYPE_UIH_CREDITS,parse_uih_spp_uih_credits + beq RFCOMM_FRAME_TYPE_DISCONN,parse_uih_rp_spp_disconn + rtn +parse_uih_rp_spp_ua: + fetch 1,mem_spp_state + set1 RFCOMM_CHANNEL_STATE_UA,pdata + store 1,mem_spp_state + branch rfcomm_rx_process_end +parse_uih_rp_spp_sabm: + fetch 1,mem_spp_state + set1 RFCOMM_CHANNEL_STATE_UA,pdata + set1 RFCOMM_CHANNEL_STATE_SABM,pdata + store 1,mem_spp_state + fetch 1,mem_current_adss + call rfcomm_calculate_FCS_ua + store 1,mem_current_fcs + call rfcomm_send_ua + fetch 1,mem_current_adss + rshift2 pdata,pdata + store 1,mem_pn_dlci + lshift2 pdata,pdata + set0 RFCOMM_ADDRESS_CR,pdata + set1 RFCOMM_ADDRESS_EXT_LEN,pdata + arg mem_HIUfcs_spp,temp // mem_HIUfcs_HF_WCredits in regB++ + storet 2,mem_contw_temp + call rfcomm_save_FCS_uih + branch rfcomm_rx_process_end + +parse_uih_spp_uih_credits: + fetch 2,mem_rfcomm_uih_payload_ptr + copy pdata,contr + increase 1,pdata + store 2,mem_rfcomm_uih_payload_ptr + ifetch 1,contr //remote credits + fetcht 1,mem_remote_credits + iadd temp,pdata + store 1,mem_remote_credits +parse_uih_spp_uih: + call rfcomm_increase_credit_given +parse_uih_spp_uih_cont: + call get_rfcomm_snd_adss + call rfcomm_send_uih_without_payload + call spp_process_rx_data + branch rfcomm_rx_process_end + +parse_uih_rp_spp_disconn_send_event: + jam BT_EVT_SPP_DISCONNECTED,mem_fifo_temp + call ui_ipc_send_event +parse_uih_rp_spp_disconn: + call rfcomm_init_spp + fetch 1,mem_current_adss + call rfcomm_calculate_FCS_ua + store 1,mem_current_fcs + call rfcomm_send_ua + branch rfcomm_rx_process_end + +/////////////////////////////////////////// +/////////////////////////////////////////// +/////////////////////////////////////////// +rfcomm_rx_process_reconn: + fetch 2,mem_l2cap_payload_ptr + copy pdata,contr + call get_rfcomm_head_struct + fetch 1,mem_current_channel + beq 0,parse_DLCI0_reconn + branch parse_uih_reconn + +parse_DLCI0_reconn: + bpatchx patch2a_5,mem_patch2a + fetch 1,mem_current_frame_type + beq RFCOMM_FRAME_TYPE_SABM,rfcomm_rx_process_DLCI0_sabm + beq RFCOMM_FRAME_TYPE_UA,rfcomm_rx_process_DLCI0_ua + beq RFCOMM_FRAME_TYPE_UIH,parse_DLCI0_reconn_uih + branch rfcomm_rx_process_end +parse_DLCI0_reconn_uih: + fetch 2,mem_rfcomm_uih_payload_ptr + copy pdata,contr + call get_rfcomm_uih_head_struct + fetch 1,mem_uih_cmd_type + beq UIH_PARAM_NEG_CMD,parse_DLCI0_reconn_uih_pn_cmd + beq UIH_PARAM_NEG_RES,parse_DLCI0_reconn_uih_pn_cmd + beq UIH_MODEM_STATUS_CMD,parse_DLCI0_reconn_uih_ms_cmd + beq UIH_MODEM_STATUS_RES,parse_DLCI0_reconn_uih_ms_res + branch rfcomm_rx_process_end + +parse_DLCI0_reconn_uih_pn_cmd: + call parse_DLCI0_rp_uih_pn_res_common + fetch 1,mem_pn_dlci + rshift pdata,pdata + fetcht 1,mem_remote_spp_channel + isub temp,null + branch parse_DLCI0_reconn_uih_pn_cmd_spp,zero + branch assert +parse_DLCI0_reconn_uih_pn_cmd_spp: + fetch 1,mem_spp_state + set1 RFCOMM_CHANNEL_STATE_PN_RES,pdata + store 1,mem_spp_state + branch rfcomm_rx_process_end + +parse_DLCI0_reconn_uih_ms_cmd: + call get_rfcomm_param_modem_status + fetch 1,mem_ms_channel + fetcht 1,mem_remote_spp_channel + isub temp,null + branch parse_DLCI0_reconn_uih_ms_cmd_spp,zero + branch assert + branch rfcomm_rx_process_end +parse_DLCI0_reconn_uih_ms_cmd_spp: + fetch 1,mem_spp_state + set1 RFCOMM_CHANNEL_STATE_RCV_MS_CMD,pdata + set1 RFCOMM_CHANNEL_STATE_SND_MS_RES,pdata + store 1,mem_spp_state + fetcht 1,mem_pn_dlci + lshift2 temp,temp + or_into 3,temp + call rfcomm_send_modem_status_res + branch rfcomm_rx_process_end + +parse_DLCI0_reconn_uih_ms_res: + call get_rfcomm_param_modem_status + fetch 1,mem_ms_channel + fetcht 1,mem_remote_spp_channel + isub temp,null + branch parse_DLCI0_reconn_uih_ms_res_spp,zero + branch assert +parse_DLCI0_reconn_uih_ms_res_spp: + fetch 1,mem_spp_state + set1 RFCOMM_CHANNEL_STATE_RCV_MS_RES,pdata + store 1,mem_spp_state + branch rfcomm_rx_process_end + +parse_uih_reconn: + fetch 1,mem_current_channel + fetcht 1,mem_remote_spp_channel + isub temp,null + branch parse_uih_reconn_spp,zero + branch assert + branch rfcomm_rx_process_end + +parse_uih_reconn_spp: + fetch 1,mem_current_frame_type + beq RFCOMM_FRAME_TYPE_UA,parse_uih_reconn_spp_ua + beq RFCOMM_FRAME_TYPE_UIH,parse_uih_spp_uih + beq RFCOMM_FRAME_TYPE_UIH_CREDITS,parse_uih_spp_uih_credits + beq RFCOMM_FRAME_TYPE_DISCONN,parse_uih_reconn_spp_disconn +parse_uih_reconn_spp_ua: + fetch 1,mem_spp_state + set1 RFCOMM_CHANNEL_STATE_UA,pdata + store 1,mem_spp_state + branch rfcomm_rx_process_end +parse_uih_reconn_spp_sabm: + branch parse_uih_reconn_spp_sabm//loop +parse_uih_reconn_spp_disconn: + branch parse_uih_rp_spp_disconn +rfcomm_rx_process_end: + rtn + +rfcomm_send_more_pkt: + fetch 1,mem_rfcomm_send_more_pkt + rtn blank + beq MORE_PKT_MSC_CMD_SPP,rfcomm_send_more_pkt_msc_cmd_spp + branch assert + +rfcomm_send_more_pkt_msc_cmd_spp: + jam 0,mem_rfcomm_send_more_pkt + call l2cap_malloc_rfcomm_channel + arg SPP_SLAVE_CHANNEL,temp + fetcht 1,mem_pn_dlci + lshift2 temp,temp +rfcomm_send_more_pkt_msc_cmd_spp0: + or_into 0x03,temp + arg 0xaa,regA + call rfcomm_send_modem_status_cmd + call l2cap_get_rfcomm_tx_buff + copy contw,contr + ifetch 2, contr + branch assert,blank + rtn + +rfcomm_send_sabm: + call l2cap_get_rfcomm_tx_buff + setarg 0x0004 + istore 2,contw //l2cap len + fetch 2,mem_rfcomm_remote_cid + istore 2,contw//cid + fetch 1,mem_current_adss + istore 1,contw //address + bpatchx patch2a_6,mem_patch2a + setarg 0x013f + istore 2,contw + fetch 1,mem_current_fcs + istore 1,contw + rtn +rfcomm_send_ua: + call l2cap_malloc_rfcomm_channel + call l2cap_get_rfcomm_tx_buff + setarg 0x0004 + istore 2,contw //l2cap len + fetch 2,mem_rfcomm_remote_cid + istore 2,contw//cid + fetch 1,mem_current_adss + istore 1,contw //address + bpatchx patch2a_7,mem_patch2a + setarg 0x0173 + istore 2,contw + fetch 1,mem_current_fcs + istore 1,contw + rtn +rfcomm_send_param_neg_cmd: + call l2cap_get_rfcomm_tx_buff + setarg 0x000e + istore 2,contw //l2cap len + fetch 2,mem_rfcomm_remote_cid + istore 2,contw//cid + fetch 1,mem_rfcomm_initiator + lshift pdata,pdata + set1 0,pdata //ext len + istore 1,contw //DLCI0 address + bpatchx patch2b_0,mem_patch2b + setarg 0x15ef + istore 2,contw + setarg 0x1183 + istore 2,contw + copy temp,pdata //DLCI in temp + istore 1,contw + setarg 0x0000f0 + istore 3,contw + setarg RFCOMM_MAX_FRAME_SIZE + istore 2,contw + setarg 0 + istore 1,contw + setarg 0x01 //change here later + istore 1,contw + call rfcomm_calculate_FCS_dlci0 + istore 1,contw + jam 0x10,mem_credit_given + rtn +rfcomm_send_param_neg_res: + call l2cap_malloc_rfcomm_channel + call l2cap_get_rfcomm_tx_buff + setarg 0x000e + istore 2,contw //l2cap len + fetch 2,mem_rfcomm_remote_cid + istore 2,contw//cid + fetch 1,mem_rfcomm_initiator + lshift pdata,pdata + set1 0,pdata //ext len + istore 1,contw //DLCI0 address + bpatchx patch2b_1,mem_patch2b + setarg 0x15ef + istore 2,contw + setarg 0x1181 + istore 2,contw + fetch 1,mem_pn_dlci + istore 1,contw //DLCI + setarg 0x0000e0 + istore 3,contw + fetch 2,mem_rfcomm_max_frame_size + istore 2,contw + setarg 0x00 //max retrans + istore 1,contw + fetch 1,mem_rfcomm_credit_init_data + istore 1,contw // init credits + call rfcomm_calculate_FCS_dlci0 + istore 1,contw + rtn +rfcomm_send_modem_status_cmd: + call l2cap_get_rfcomm_tx_buff + setarg 0x0008 + istore 2,contw //l2cap len + fetch 2,mem_rfcomm_remote_cid + istore 2,contw//cid + fetch 1,mem_rfcomm_initiator + lshift pdata,pdata + set1 0,pdata //ext len + istore 1,contw //DLCI0 address + bpatchx patch2b_2,mem_patch2b + setarg 0x09ef + istore 2,contw + setarg 0x05e3 + istore 2,contw + copy temp,pdata //DLCI adress + istore 1,contw + setarg 0x8d + istore 1,contw + call rfcomm_calculate_FCS_dlci0 + istore 1,contw + rtn + +rfcomm_send_modem_status_res: + call l2cap_malloc_rfcomm_channel + call l2cap_get_rfcomm_tx_buff + setarg 0x0008 + istore 2,contw //l2cap len + fetch 2,mem_rfcomm_remote_cid + istore 2,contw//cid + copy temp,timeup + fetch 1,mem_rfcomm_initiator + lshift pdata,pdata + set1 0,pdata //ext len + istore 1,contw //DLCI0 address + bpatchx patch2b_3,mem_patch2b + setarg 0x09ef + istore 2,contw + setarg 0x05e1 + istore 2,contw + copy timeup,pdata //DLCI address in temp + istore 1,contw + setarg 0x8d + istore 1,contw + call rfcomm_calculate_FCS_dlci0 + istore 1,contw + rtn + +rfcomm_send_uih_without_payload: + bpatchx patch2b_4,mem_patch2b + fetch 1,mem_credit_given + rtn blank +// hfetch 2,core_uart_rxitems +// nrtn blank + copy rega,pdata + store 1,mem_pdatatemp+1 + storet 1,mem_pdatatemp + call l2cap_malloc_is_fifo_full + nrtn blank + call l2cap_malloc_rfcomm_channel + call l2cap_get_rfcomm_tx_buff + setarg 0x05 + istore 2,contw + fetch 2,mem_RFCOMM_remote_CID + istore 2,contw + fetch 1,mem_rfcomm_send_adss + istore 1,contw + setarg 0x01ff + istore 2,contw + fetch 1,mem_credit_given + istore 1,contw + fetch 1,mem_HIUfcs_SPP_WCredits + istore 1,contw + jam 0,mem_credit_given + rtn + +rfcomm_increase_credit_given: + bpatchx patch2b_5,mem_patch2b + fetch 1,mem_credit_flag + rtneq CREDIT_ENABLE + fetch 2,mem_current_length + rtn blank + fetch 1,mem_credit_given + increase 1,pdata + store 1,mem_credit_given + rtn + +spp_process_rx_data: + fetch 2,mem_cb_receive_spp_data + branch callback_func + +spp_tx_rfcomm_packet: + bpatchx patch2b_6,mem_patch2b + //credit + fetch 1,mem_remote_credits + rtn blank + increase -1,pdata + store 1,mem_remote_credits + fetch 2,mem_pn_max_frame_size + fetcht 2,mem_current_packet_length + isub temp,null + branch ssp_tx_rfcomm_from_uart,positive + store 2,mem_current_packet_length +ssp_tx_rfcomm_from_uart: + fetch 1,mem_credit_given + branch ssp_tx_rfcomm_from_uart_without_credit,blank + jam 1,mem_rfcomm_send_offset + fetch 1,mem_HIUfcs_SPP_WCredits + store 1,mem_rfcomm_send_fcs + setarg RSP_RX_UIH_WDATA + store 1,mem_rfcomm_send_frame_type + branch ssp_tx_rfcomm_from_uart_common +ssp_tx_rfcomm_from_uart_without_credit: + jam 0,mem_rfcomm_send_offset + fetch 1,mem_HIUfcs_SPP + store 1,mem_rfcomm_send_fcs + setarg RSP_TX_UIH + store 1,mem_rfcomm_send_frame_type +ssp_tx_rfcomm_from_uart_common: + bpatchx patch2b_7,mem_patch2b + fetch 2,mem_current_packet_length + sub pdata,127,null + branch ssp_tx_rfcomm_from_uart_common0,positive + fetch 1,mem_rfcomm_send_offset + increase 1,pdata + store 1,mem_rfcomm_send_offset +ssp_tx_rfcomm_from_uart_common0: + call get_rfcomm_snd_adss + fetch 2,mem_current_packet_length + increase 8,pdata //fcs + rfcommhead + l2caphead == 8 + fetcht 1,mem_rfcomm_send_offset + iadd temp,rega + //rfcomm payload + call l2cap_malloc + store 2,mem_rfcomm_tx_buff_ptr + increase 4,pdata + store 2,mem_rfcomm_tx_payload_ptr + copy pdata,contw + fetch 1,mem_rfcomm_send_adss + istore 1,contw + fetch 1,mem_rfcomm_send_frame_type + istore 1,contw + call ssp_tx_write_length + call ssp_tx_write_given_credit + bpatchx patch2c_0,mem_patch2c + fetch 2,mem_nl_rx_data_src //src + copy pdata,contru + fetch 2,mem_current_packet_length + copy pdata,loopcnt + call uart_copy_rx_bytes_fast + copy contw,temp + copy contru,pdata + store 2,mem_nl_rx_data_src + copy temp,contw + fetch 1,mem_rfcomm_send_fcs + istore 1,contw + fetch 2,mem_rfcomm_tx_buff_ptr + copy pdata,contw + fetch 2,mem_current_packet_length + fetcht 1,mem_rfcomm_send_offset + iadd temp,pdata + increase 4,pdata + istore 2,contw + fetch 2,mem_rfcomm_remote_cid + istore 2,contw + jam 0,mem_credit_given //whatever mem_credit_given is set to 0 + fetch 2,mem_nl_rx_len_all + beq 0,module_hci_command_tx_spp_tx_complete + jam HCI_NOT_DISCARD_PACKET,mem_module_temp_nl_discard_packet + rtn + +ssp_tx_write_length: + bpatchx patch2c_1,mem_patch2c + fetch 2,mem_current_packet_length + sub pdata,0x7f,null + nbranch ssp_tx_write_long_packet,positive + lshift pdata,pdata + set1 0,pdata + istore 1,contw + rtn +ssp_tx_write_long_packet: + fetch 2,mem_current_packet_length + rshift3 pdata,pdata + rshift4 pdata,temp + and_into 0x7f,pdata + lshift pdata,pdata + set0 0,pdata + istore 1,contw + istoret 1,contw + rtn +ssp_tx_write_given_credit: + fetch 1,mem_credit_given + rtn blank + istore 1,contw + rtn + + + + +else + +rfcomm_init: + rtn +rfcomm_init_spp: +set_CR_bit: +rfcomm_calculate_FCS_sabm: +rfcomm_calculate_FCS_ua: +rfcomm_calculate_FCS_dlci0: +rfcomm_calculate_FCS_dlci0_res: +rfcomm_save_FCS_uih: +caculate_UIHdata_fcs: +caculate_fcs: +mod2div: +mod2div_loop: +mod2div_not_enough_reduction: +mod2div_end: +get_rfcomm_snd_adss: +dlci_to_address_cmd: +dlci_to_address_res: +channel_to_dlci: +rfcomm_rx_process_DLCI0_sabm: +rfcomm_rx_process_DLCI0_ua: +rfcomm_rx_process: +rfcomm_rx_process_remote_page: +parse_dlci0_rp: +parse_DLCI0_rp_uih: +parse_DLCI0_rp_uih_pn_cmd: +parse_DLCI0_rp_uih_pn_cmd_spp: +parse_DLCI0_rp_uih_pn_res: +parse_DLCI0_rp_uih_pn_res_common: +get_rfcomm_param_modem_status: +get_rfcomm_head_struct: +get_rfcomm_current_length: +get_rfcomm_uih_head_struct: +get_param_payload_ptr: +get_rfcomm_param_length_common: +get_rfcomm_length_common: +get_rfcomm_prarmer_negotiation: +parse_DLCI0_rp_uih_ms_cmd: +parse_DLCI0_rp_uih_ms_cmd_spp: +parse_DLCI0_rp_uih_ms_res: +parse_DLCI0_rp_uih_ms_res_spp: +parse_uih_rp: +parse_uih_rp_spp: +parse_uih_rp_spp_ua: +parse_uih_rp_spp_sabm: +parse_uih_spp_uih_credits: +parse_uih_spp_uih: +parse_uih_spp_uih_cont: +parse_uih_rp_spp_disconn: +rfcomm_rx_process_reconn: + branch assert +parse_DLCI0_reconn: +parse_DLCI0_reconn_uih: +parse_DLCI0_reconn_uih_pn_cmd: +parse_DLCI0_reconn_uih_pn_cmd_spp: +parse_DLCI0_reconn_uih_ms_cmd: +parse_DLCI0_reconn_uih_ms_cmd_spp: +parse_DLCI0_reconn_uih_ms_res: +parse_DLCI0_reconn_uih_ms_res_noext: +parse_DLCI0_reconn_uih_ms_res_spp: +parse_uih_reconn: +parse_uih_reconn_spp: +parse_uih_reconn_spp_ua: +parse_uih_reconn_spp_sabm: +parse_uih_reconn_spp_disconn: +rfcomm_rx_process_end: +rfcomm_send_more_pkt: +rfcomm_send_more_pkt_msc_cmd_spp: +rfcomm_send_sabm: +rfcomm_send_ua: +rfcomm_send_param_neg_cmd: +rfcomm_send_param_neg_res: +rfcomm_send_modem_status_cmd: +rfcomm_send_modem_status_res: +rfcomm_send_uih_without_payload: +rfcomm_increase_credit_given: +spp_process_rx_data: +spp_tx_rfcomm_packet: +ssp_tx_rfcomm_from_uart: +ssp_tx_rfcomm_from_uart_without_credit: +ssp_tx_rfcomm_from_uart_common: +ssp_tx_rfcomm_from_uart_common0: +ssp_tx_write_length: +ssp_tx_write_long_packet: +ssp_tx_write_given_credit: + branch assert +endif Index: dukaqi/senrui/program/scheduler.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/scheduler.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/scheduler.prog (working copy) @@ -0,0 +1,461 @@ +scheduler_process: + bpatchx patch2c_2,mem_patch2c + call check_51cmd + call app_process_bb_event + call process_conn_sm +/* check the connection state sequence byte */ + bpatchx patch2c_3,mem_patch2c +ifdef SIMPLE_PAIRING + call sp_calc_sequence + call simple_pairing_sequence + call master_simple_paring_sequence +endif +//return if it is hci mode. 'cause the following is host part. +//notify BB to tx a l2cap packet + call l2cap_malloc_is_fifo_full + nrtn blank + //for conn to MTK + call l2cap_call_proc_sigal_pending + call l2cap_malloc_is_fifo_full + nrtn blank + bpatchx patch2c_4,mem_patch2c +//to generat a new l2cap packet + call process_upper_sm + call l2cap_send_config_req +ifdef COMPILE_RFCOMM + call rfcomm_send_more_pkt//use this function to send msc_cmd after msc_rep sent +endif +scheduler_process0: + call scheduler_tx_disconnect_hid //may not used + bpatchx patch2c_5,mem_patch2c +// call l2cap_malloc_is_fifo_full +// nrtn blank + branch app_process_bt + +scheduler_tx_disconnect_hid: + fetch 1,mem_CONTROL_tasks + bbit1 L2CAP_DISCONNECT_INTERRUPT,L2CAP_disconnect_interrupt_req + bbit1 L2CAP_DISCONNECT_CONTROL,L2CAP_disconnect_control_req + rtn + +scheduler_tx_l2cap_pkt: + bpatchx patch2c_6,mem_patch2c + call l2cap_malloc_is_fifo_empty + rtn blank //empty + fetch 1,mem_op + rtnbit1 op_txl2cap + call l2cap_malloc_fifo_out + store 2,mem_txptr + copy pdata,contr + ifetch 2,contr + increase 4,pdata + store 2,mem_tx_len + jam 6,mem_tx_lch//start pkt + bpatchx patch2c_7,mem_patch2c + fetch 2,mem_l2cap_tx_multi_offset + branch scheduler_tx_l2cap_start_pkt,blank + fetch 1,mem_op + rtnbit0 op_pkt_comp + set0 op_pkt_comp,pdata + store 1,mem_op + jam 5,mem_tx_lch//continue pkt + fetcht 2,mem_l2cap_tx_multi_offset + fetch 2,mem_txptr + iadd temp,pdata + store 2,mem_txptr + fetch 2,mem_tx_len + isub temp,pdata + store 2,mem_tx_len +scheduler_tx_l2cap_start_pkt: + bpatchx patch2d_0,mem_patch2d + fetch 2,mem_tx_len + branch assert,blank + arg l2cap_max_pkt_len,temp //max len of dh3 pkt + isub temp,pdata + nbranch scheduler_Tx_l2cap_last_pkt,positive + bpatchx patch2d_1,mem_patch2d + storet 2,mem_tx_len //l2cap_max_pkt_len + fetch 2,mem_l2cap_tx_multi_offset + iadd temp,pdata + store 2,mem_l2cap_tx_multi_offset + branch scheduler_Tx_l2cap_pkt_end +scheduler_Tx_l2cap_last_pkt: + setarg 0 + store 2,mem_l2cap_tx_multi_offset +scheduler_Tx_l2cap_pkt_end: + fetch 1,mem_op + set1 op_txl2cap,pdata + store 1,mem_op + rtn + +scheduler_start_upper_sm: + fetch 1,mem_UI_profile_supported + bbit1 support_HID,scheduler_start_upper_sm_hid + jam UPPERSM_RECONN_SDP_CONN,mem_upper_sm_reconn + rtn +scheduler_start_upper_sm_hid: + jam UPPERSM_RECONN_HID_CTRL_CONN,mem_upper_sm_reconn + rtn + +process_upper_sm: + fetch 1,memui_reconnect_mode + nbranch process_upper_sm_reconn,blank +process_upper_sm_remote_page: + fetch 1,mem_upper_sm_remote_page + //beq UPPERSM_RP_IDLE,process_upper_sm_rp_idle + rtn blank + //nothing to do when remote page to create a connection. + jam 0,mem_upper_sm_remote_page +process_upper_sm_rp_wait: + rtn + + +process_upper_sm_reconn: + bpatchx patch2d_2,mem_patch2d + fetch 1,mem_upper_sm_reconn + rtn blank + beq UPPERSM_RECONN_SDP_CONN,process_upper_sm_reconn_sdp_conn + beq UPPERSM_RECONN_SDP_CONN_WAIT,process_upper_sm_reconn_sdp_conn_wait + beq UPPERSM_RECONN_SDP_CFG,process_upper_sm_reconn_sdp_cfg + beq UPPERSM_RECONN_SDP_CFG_WAIT,process_upper_sm_reconn_sdp_cfg_wait + beq UPPERSM_RECONN_SS_SPP,process_upper_sm_reconn_ss_spp + beq UPPERSM_RECONN_SS_SPP_WAIT,process_upper_sm_reconn_ss_spp_wait + beq UPPERSM_RECONN_SDP_DISCONN,process_upper_sm_reconn_sdp_disconn + beq UPPERSM_RECONN_SDP_DISCONN_WAIT,process_upper_sm_reconn_sdp_disconn_wait + beq UPPERSM_RECONN_HID_CTRL_CONN,process_upper_sm_reconn_hid_ctrl_conn + beq UPPERSM_RECONN_HID_CTRL_CONN_WAIT,process_upper_sm_reconn_hid_ctrl_conn_wait + beq UPPERSM_RECONN_HID_CTRL_CFG,process_upper_sm_reconn_hid_ctrl_cfg + beq UPPERSM_RECONN_HID_CTRL_CFG_WAIT,process_upper_sm_reconn_hid_ctrl_cfg_wait + beq UPPERSM_RECONN_HID_INT_CONN,process_upper_sm_reconn_hid_int_conn + beq UPPERSM_RECONN_HID_INT_CONN_WAIT,process_upper_sm_reconn_hid_int_conn_wait + beq UPPERSM_RECONN_HID_INT_CFG,process_upper_sm_reconn_hid_int_cfg + beq UPPERSM_RECONN_HID_INT_CFG_WAIT,process_upper_sm_reconn_hid_int_cfg_wait + beq UPPERSM_RECONN_RFCOMM_CONN,process_upper_sm_reconn_rfcomm_conn + beq UPPERSM_RECONN_RFCOMM_CONN_WAIT,process_upper_sm_reconn_rfcomm_conn_wait + beq UPPERSM_RECONN_RFCOMM_CFG,process_upper_sm_reconn_rfcomm_cfg + beq UPPERSM_RECONN_RFCOMM_CFG_WAIT,process_upper_sm_reconn_rfcomm_cfg_wait + beq UPPERSM_RECONN_RFCOMM_SABM,process_upper_sm_reconn_rfcomm_sabm + beq UPPERSM_RECONN_RFCOMM_SABM_WAIT,process_upper_sm_reconn_rfcomm_sabm_wait + beq UPPERSM_RECONN_SPP_CMD_PN,process_upper_sm_reconn_spp_cmd_pn + beq UPPERSM_RECONN_SPP_CMD_PN_WAIT,process_upper_sm_reconn_spp_cmd_pn_wait + beq UPPERSM_RECONN_SPP_SABM,process_upper_sm_reconn_spp_sabm + beq UPPERSM_RECONN_SPP_SABM_WAIT,process_upper_sm_reconn_spp_sabm_wait + beq UPPERSM_RECONN_SPP_CMD_MS,process_upper_sm_reconn_spp_cmd_ms + beq UPPERSM_RECONN_SPP_CMD_MS_WAIT,process_upper_sm_reconn_spp_cmd_ms_wait +process_upper_sm_reconn_wait: + rtn +process_upper_sm_reconn_sdp_conn: + call upper_sm_send_sdp_conn //return n-user if sending failed + jam UPPERSM_RECONN_SDP_CONN_WAIT,mem_upper_sm_reconn + fetch 1,mem_sdp_state + set1 L2CAP_CHANNEL_STATE_CONN_REQ,pdata + store 1,mem_sdp_state + rtn +process_upper_sm_reconn_sdp_cfg: + jam UPPERSM_RECONN_SDP_CFG_WAIT,mem_upper_sm_reconn + fetch 1,mem_sdp_state + rtnbit1 L2CAP_CHANNEL_STATE_SND_CFG_REQ + jam UPPERSM_RECONN_SDP_CFG,mem_upper_sm_reconn + call upper_sm_send_sdp_cfg //return n-user if sending failed + jam UPPERSM_RECONN_SDP_CFG_WAIT,mem_upper_sm_reconn + fetch 1,mem_sdp_state + set1 L2CAP_CHANNEL_STATE_SND_CFG_REQ,pdata + store 1,mem_sdp_state + rtn +process_upper_sm_reconn_ss_spp: + call l2cap_malloc_is_fifo_empty + nrtn blank + call upper_sm_send_ss_spp + jam UPPERSM_RECONN_SS_SPP_WAIT,mem_upper_sm_reconn + rtn +process_upper_sm_reconn_sdp_disconn: + call upper_sm_send_sdp_disconn + jam UPPERSM_RECONN_SDP_DISCONN_WAIT,mem_upper_sm_reconn + rtn +process_upper_sm_reconn_hid_ctrl_conn: + call upper_sm_send_hid_ctrl_conn + jam UPPERSM_RECONN_HID_CTRL_CONN_WAIT,mem_upper_sm_reconn + fetch 1,mem_hid_control_state + set1 L2CAP_CHANNEL_STATE_CONN_REQ,pdata + store 1,mem_hid_control_state + rtn +process_upper_sm_reconn_hid_ctrl_cfg: + call upper_sm_send_hid_ctrl_cfg + jam UPPERSM_RECONN_HID_CTRL_CFG_WAIT,mem_upper_sm_reconn + fetch 1,mem_hid_control_state + set1 L2CAP_CHANNEL_STATE_SND_CFG_REQ,pdata + store 1,mem_hid_control_state + rtn +process_upper_sm_reconn_hid_int_conn: + call upper_sm_send_hid_int_conn + jam UPPERSM_RECONN_HID_INT_CONN_WAIT,mem_upper_sm_reconn + fetch 1,mem_hid_interrupt_state + set1 L2CAP_CHANNEL_STATE_CONN_REQ,pdata + store 1,mem_hid_interrupt_state + rtn +process_upper_sm_reconn_hid_int_cfg: + call upper_sm_send_hid_int_cfg + jam UPPERSM_RECONN_HID_INT_CFG_WAIT,mem_upper_sm_reconn + fetch 1,mem_hid_interrupt_state + set1 L2CAP_CHANNEL_STATE_SND_CFG_REQ,pdata + store 1,mem_hid_interrupt_state + rtn +process_upper_sm_reconn_rfcomm_conn: + call upper_sm_send_rfcomm_conn + jam UPPERSM_RECONN_RFCOMM_CONN_WAIT,mem_upper_sm_reconn + fetch 1,mem_rfcomm_state + set1 L2CAP_CHANNEL_STATE_CONN_REQ,pdata + store 1,mem_rfcomm_state + rtn +process_upper_sm_reconn_rfcomm_cfg: + call upper_sm_send_rfcomm_cfg + jam UPPERSM_RECONN_RFCOMM_CFG_WAIT,mem_upper_sm_reconn + fetch 1,mem_rfcomm_state + set1 L2CAP_CHANNEL_STATE_SND_CFG_REQ,pdata + store 1,mem_rfcomm_state + rtn +process_upper_sm_reconn_rfcomm_sabm: + call upper_sm_send_rfcomm_sabm + jam UPPERSM_RECONN_RFCOMM_SABM_WAIT,mem_upper_sm_reconn + fetch 1,mem_rfcomm_state + set1 L2CAP_CHANNEL_RFCOMM_ONLY_SABM,pdata + store 1,mem_rfcomm_state + rtn +process_upper_sm_reconn_spp_cmd_pn: + call upper_sm_send_spp_cmd_pn + fetch 1,mem_spp_state + set1 RFCOMM_CHANNEL_STATE_PN_CMD + store 1,mem_spp_state + jam UPPERSM_RECONN_SPP_CMD_PN_WAIT,mem_upper_sm_reconn + rtn +process_upper_sm_reconn_spp_sabm: + call upper_sm_send_spp_sabm + fetch 1,mem_spp_state + set1 RFCOMM_CHANNEL_STATE_SABM + store 1,mem_spp_state + jam UPPERSM_RECONN_SPP_SABM_WAIT,mem_upper_sm_reconn + fetch 1,mem_remote_spp_channel //address in pdata + lshift3 pdata,pdata + or_into 3,pdata + arg mem_HIUfcs_SPP,temp // mem_HIUfcs_spp_WCredits in regB++ + storet 2,mem_contw_temp + branch rfcomm_save_FCS_uih +process_upper_sm_reconn_spp_cmd_ms: + call upper_sm_send_spp_cmd_ms + fetch 1,mem_spp_state + set1 RFCOMM_CHANNEL_STATE_SND_MS_CMD + store 1,mem_spp_state + jam UPPERSM_RECONN_SPP_CMD_MS_WAIT,mem_upper_sm_reconn + rtn + +process_upper_sm_reconn_sdp_conn_wait: + fetch 1,mem_sdp_state + rtnbit0 L2CAP_CHANNEL_STATE_CONN_RES + jam UPPERSM_RECONN_SDP_CFG,mem_upper_sm_reconn + branch process_upper_sm_reconn +process_upper_sm_reconn_sdp_cfg_wait: + fetch 1,mem_sdp_state + rtnne L2CAP_CHANNEL_SETUP_COMPLETE + jam UPPERSM_RECONN_SS_SPP ,mem_upper_sm_reconn +process_upper_sm_reconn_ss_spp_wait: + fetch 1,mem_message_to_uppersm + rtnne RECIEVE_SS_REASULT_HF + jam 0,mem_message_to_uppersm + jam UPPERSM_RECONN_SDP_DISCONN,mem_upper_sm_reconn + branch process_upper_sm_reconn +process_upper_sm_reconn_sdp_disconn_wait: + fetch 1,mem_sdp_state + nrtn blank + fetch 1,mem_UI_profile_supported + bbit1 support_HID,process_upper_sm_reconn_setup_hid + bbit1 support_SPP,process_upper_sm_reconn_setup_rfcomm + branch process_upper_sm_reconn_termination +process_upper_sm_reconn_hid_ctrl_conn_wait: + fetch 1,mem_hid_control_state + rtnbit0 L2CAP_CHANNEL_STATE_CONN_RES + jam UPPERSM_RECONN_HID_CTRL_CFG,mem_upper_sm_reconn + branch process_upper_sm_reconn +process_upper_sm_reconn_hid_ctrl_cfg_wait: + fetch 1,mem_hid_control_state + rtnne L2CAP_CHANNEL_SETUP_COMPLETE + jam UPPERSM_RECONN_HID_INT_CONN,mem_upper_sm_reconn + branch process_upper_sm_reconn +process_upper_sm_reconn_hid_int_conn_wait: + fetch 1,mem_hid_interrupt_state + rtnbit0 L2CAP_CHANNEL_STATE_CONN_RES + jam UPPERSM_RECONN_HID_INT_CFG,mem_upper_sm_reconn + branch process_upper_sm_reconn +process_upper_sm_reconn_hid_int_cfg_wait: + fetch 1,mem_hid_interrupt_state + rtnne L2CAP_CHANNEL_SETUP_COMPLETE + fetch 1,mem_UI_profile_supported + bbit1 support_SPP,process_upper_sm_reconn_setup_rfcomm + branch process_upper_sm_reconn_termination +process_upper_sm_reconn_rfcomm_conn_wait: + fetch 1,mem_rfcomm_state + rtnbit0 L2CAP_CHANNEL_STATE_CONN_RES + jam UPPERSM_RECONN_RFCOMM_CFG,mem_upper_sm_reconn + branch process_upper_sm_reconn +process_upper_sm_reconn_rfcomm_cfg_wait: + fetch 1,mem_rfcomm_state + rtnne L2CAP_CHANNEL_SETUP_COMPLETE + jam UPPERSM_RECONN_RFCOMM_SABM,mem_upper_sm_reconn + branch process_upper_sm_reconn +process_upper_sm_reconn_rfcomm_sabm_wait: + fetch 1,mem_rfcomm_state + rtnne L2CAP_CHANNEL_RFCOMM_DLCI0_OPENED + fetch 1,mem_UI_profile_supported + bbit1 support_SPP,process_upper_sm_reconn_setup_spp + branch process_upper_sm_reconn_termination +process_upper_sm_reconn_spp_cmd_pn_wait: + fetch 1,mem_spp_state + rtnbit0 RFCOMM_CHANNEL_STATE_PN_RES + jam UPPERSM_RECONN_SPP_SABM,mem_upper_sm_reconn + branch process_upper_sm_reconn +process_upper_sm_reconn_spp_sabm_wait: + fetch 1,mem_spp_state + rtnbit0 RFCOMM_CHANNEL_STATE_UA + jam UPPERSM_RECONN_SPP_CMD_MS ,mem_upper_sm_reconn + branch process_upper_sm_reconn +process_upper_sm_reconn_spp_cmd_ms_wait: + fetch 1,mem_spp_state + rtnne RFCOMM_CHANNEL_SETUP_COMPLETE + branch process_upper_sm_reconn_termination + +process_upper_sm_reconn_setup_hid: + jam UPPERSM_RECONN_HID_CTRL_CONN,mem_upper_sm_reconn + branch process_upper_sm_reconn + +process_upper_sm_reconn_setup_rfcomm: + jam UPPERSM_RECONN_RFCOMM_CONN,mem_upper_sm_reconn + branch process_upper_sm_reconn +process_upper_sm_reconn_setup_spp: + jam UPPERSM_RECONN_SPP_CMD_PN,mem_upper_sm_reconn + branch process_upper_sm_reconn + + + +process_upper_sm_reconn_termination: + jam 0,mem_upper_sm_reconn + rtn +upper_sm_send_sdp_conn: + bpatchx patch2d_3,mem_patch2d + call l2cap_malloc_signal_channel + setarg PSM_SDP + copy pdata,temp + setarg L2CAP_SDP_channel + copy pdata,timeup + branch ML2CAP_send_signal_connect_req + +upper_sm_send_sdp_cfg: + bpatchx patch2d_4,mem_patch2d + call l2cap_malloc_signal_channel + fetch 2,mem_SDP_remote_CID + copy pdata,temp + branch ML2CAP_send_signal_config_req + +upper_sm_send_sdp_disconn: + bpatchx patch2d_5,mem_patch2d + call l2cap_malloc_signal_channel + fetch 2,mem_SDP_remote_CID + copy pdata,temp + arg L2CAP_SDP_channel,timeup + call ML2CAP_send_signal_disconn_req + fetch 1,mem_sdp_state + set0 L2CAP_CHANNEL_STATE_RCV_CFG_RES ,pdata + store 1,mem_sdp_state + rtn +//service search +upper_sm_send_ss_spp: + bpatchx patch2d_6,mem_patch2d + call l2cap_malloc_sdp_channel + call sdp_send_spp_request + branch MSDP_send_req_done + +upper_sm_send_rfcomm_conn: + bpatchx patch2d_7,mem_patch2d + call l2cap_malloc_signal_channel + setarg PSM_RFCOMM + copy pdata,temp + setarg L2CAP_RFCOMM_channel + copy pdata,timeup + branch ML2CAP_send_signal_connect_req + +upper_sm_send_rfcomm_cfg: + bpatchx patch2e_0,mem_patch2e + call l2cap_malloc_signal_channel + fetch 2,mem_rfcomm_remote_cid + copy pdata,temp + branch ML2CAP_send_signal_config_req + +upper_sm_send_hid_ctrl_conn: + bpatchx patch2e_1,mem_patch2e + call l2cap_malloc_signal_channel + setarg PSM_HID_control + copy pdata,temp + setarg L2CAP_HID_Control_channel + copy pdata,timeup + branch ML2CAP_send_signal_connect_req + +upper_sm_send_hid_ctrl_cfg: + bpatchx patch2e_2,mem_patch2e + call l2cap_malloc_signal_channel + fetch 2,mem_hid_ctrl_remote_cid + copy pdata,temp + branch ML2CAP_send_signal_config_req + +upper_sm_send_hid_int_conn: + bpatchx patch2e_3,mem_patch2e + call l2cap_malloc_signal_channel + setarg PSM_HID_interrupt + copy pdata,temp + setarg L2CAP_HID_interrupt_channel + copy pdata,timeup + branch ML2CAP_send_signal_connect_req + +upper_sm_send_hid_int_cfg: + bpatchx patch2e_4,mem_patch2e + call l2cap_malloc_signal_channel + fetch 2,mem_hid_int_remote_cid + copy pdata,temp + branch ML2CAP_send_signal_config_req + +upper_sm_send_rfcomm_sabm: + bpatchx patch2e_5,mem_patch2e + call l2cap_malloc_rfcomm_channel + //force 3,temp //address + jam 3,mem_current_adss + jam 0x1c,mem_current_fcs + call rfcomm_send_sabm + jam 1,mem_rfcomm_initiator + rtn + +upper_sm_send_spp_cmd_pn: + bpatchx patch2e_6,mem_patch2e + call l2cap_malloc_rfcomm_channel + fetcht 1,mem_remote_spp_channel + call channel_to_dlci + storet 1,mem_pn_dlci + branch rfcomm_send_param_neg_cmd + +upper_sm_send_spp_sabm: + bpatchx patch2e_7,mem_patch2e + call l2cap_malloc_rfcomm_channel + fetcht 1,mem_pn_dlci + call dlci_to_address_cmd + call rfcomm_calculate_FCS_sabm //sabm fcs use once only,not need to save + store 1,mem_current_fcs + fetcht 1,mem_pn_dlci + call dlci_to_address_cmd + storet 1,mem_current_adss + branch rfcomm_send_sabm + +upper_sm_send_spp_cmd_ms: + bpatchx patch2f_0,mem_patch2f + call l2cap_malloc_rfcomm_channel + fetcht 1,mem_pn_dlci + call dlci_to_address_cmd //address in temp + branch rfcomm_send_modem_status_cmd + + + Index: dukaqi/senrui/program/sdp.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/sdp.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/sdp.prog (working copy) @@ -0,0 +1,1206 @@ +/**********************************************************************/ +/* Subroutine: sdp_process */ +/* Process Service Discovery Request */ +/* Called from L2CAP, check PDUID, branch to different req processings*/ +/* */ +/* Input: mem_L2CAP_Rx_payload */ +/* Output: mem_SDP_Tx_payload, mem_SDP_Tx_pkt_length */ +/* */ +/**********************************************************************/ +sdp_process: + bpatchx patch2f_1,mem_patch2f + fetch 2,mem_l2cap_payload_ptr + iforce contr +// ifetchr regb,1,contr /* PDUID */ +// storer regb,1,mem_sdp_pduid + ifetch 1,contr + copy pdata,regb + store 1,mem_sdp_pduid + ifetch 2,contr + store 2,mem_sdp_transactionid /* save transaction id */ + ifetch 1,contr /* higher byte of parameter length */ + lshift8 pdata,timeup + ifetch 1,contr /* lower byte of parameter length */ + iadd timeup,timeup /* parameter length stored in "timeup" */ + bpatchx patch2f_2,mem_patch2f + copy contr,temp + arg 4,loopcnt + arg mem_sdp_handle_list,contw + call memset0 + copy temp,contr + deposit regb /* PDUID */ + beq SDP_ERROR_RES,sdp_process_error_res + beq SDP_SEARCH_REQ,sdp_process_ss_req + beq SDP_SEARCH_RES,sdp_process_ss_res + beq SDP_ATTRIBUTE_REQ,sdp_process_sa_req + beq SDP_ATTRIBUTE_RES,sdp_process_sa_res + beq SDP_SEARCHATTRIB_REQ,sdp_process_ssa_req + beq SDP_SEARCHATTRIB_RES,sdp_process_ssa_res + branch sdp_insufficient_resource + +/**********************************************************************/ +/* ss_req */ +/* Processing Service Search Request */ +/* Call: ask_serviceclassid, empty_response */ +/* */ +/* Input: mem_L2CAP_Rx_payload pointer in contr */ +/* Output: mem_SDP_Tx_payload, mem_SDP_Tx_pkt_length */ +/* */ +/**********************************************************************/ +sdp_process_ss_req: + bpatchx patch2f_3,mem_patch2f + call ask_serviceclassid + compare 1,temp,0xff + branch ss_empty_rsp,true + compare 0xff,temp,0xff + branch sdp_invalid_request_syntax,true + + ifetch 2,contr /* max aservice record count */ + store 2,mem_sdp_record_maxcnt + increase -2,timeup + + increase -1,timeup /* continuation state 1 byte (0) */ + nbranch sdp_invalid_pdu_size,zero /* invalid pdu size */ + arg mem_sdp_uuid_search_ptr,timeup + ifetch 2,timeup + rtn blank + call search_all_uuid + call l2cap_get_sdp_tx_payload /* put the pointer to Tx buffer */ + force 3,pdata /* PDUID 3, Service Search Response */ + istore 1,contw + fetch 2,mem_sdp_transactionid /* write transaction id */ + istore 2,contw + lshift2 queue,pdata + add pdata,5,pdata + add pdata,5,regc + byteswap pdata,pdata + istore 2,contw /* write parLength */ + deposit queue + byteswap pdata,pdata + istore 2,contw /* write TotSrvRecCount */ + istore 2,contw /* write CurSrvRecCount */ + arg mem_sdp_handle_list,contr + copy queue,loopcnt + branch ss_req_blank,zero +ss_req_loop: + ifetch 4,contr + istore 4,contw + loop ss_req_loop +ss_req_blank: + force 0,pdata + istore 1,contw /* continuation state */ + deposit regc + store 2,mem_sdp_tx_pkt_length +// branch assert,blank + rtn + +/**********************************************************************/ +/* sa_req */ +/* Processing Service Attribute Request */ +/* Call: ask_attributeid, empty_response (if 3 stored attr. */ +/* not asked) or answer_attributelist */ +/* Input: mem_L2CAP_Rx_payload pointer in contr */ +/* Output: mem_SDP_Tx_payload, mem_SDP_Tx_pkt_length */ +/* */ +/**********************************************************************/ +sdp_process_sa_req: + bpatchx patch2f_4,mem_patch2f + ifetch 4,contr /* service record handle */ + store 4,mem_sdp_record_handle + increase -4,timeup + call sdp_store_maxbyte + store 2,mem_sdp_attribute_maxbyte + increase -2,timeup + call dataelementtype6 /* result: data size stored in rega */ + branch sdp_invalid_request_syntax,zero + compare 5,rega,0xff // length + //branch sa_req_all,true + branch sa_judge_wholerange,true +sa_isnot_wholerange: + arg mem_sdp_attrib_list,contw + force 0,queue + branch sa_req_loop +sa_judge_wholerange: + ifetch 1,contr + bne SDP_ATTRIBUTE_RANGE,sdp_invalid_request_syntax + ifetch 2,contr + nbranch sa_judge_wholerange_false1,blank + ifetch 1,contr + bne 0xff,sa_judge_wholerange_false2 + ifetch 1,contr + bne 0xff,sa_judge_wholerange_false3 //also exist potential bug because mem_sdp_attrib_list length is only 7f + branch sa_req_all +sa_judge_wholerange_false3: + increase -5,contr + branch sa_isnot_wholerange +sa_judge_wholerange_false2: + increase -4,contr + branch sa_isnot_wholerange +sa_judge_wholerange_false1: + increase -3,contr + branch sa_isnot_wholerange +sa_req_loop: + ifetch 1,contr + beq SDP_ATTRIBUTE_ID, sa_req_one_id + beq SDP_ATTRIBUTE_RANGE, sa_req_range +sa_req_range: + ifetch 2, contr + istore 2, contw + increase 1,queue + byteswap pdata,regb + ifetch 2, contr + byteswap pdata,pdata +sa_req_range_id_increase: + increase 1, regb + isub regb, null + nbranch sa_req_range_id_finish,positive + copy pdata, regc + byteswap regb,pdata + istore 2, contw + increase 1,queue + copy regc, pdata + branch sa_req_range_id_increase +sa_req_range_id_finish: + increase -5,timeup + increase -5,rega + branch sa_req_check_next_id +sa_req_one_id: + ifetch 2,contr + istore 2,contw //save the attribute id in mem_sdp_attrib_list + increase 1,queue + increase -3,timeup + increase -3,rega +sa_req_check_next_id: + nbranch sdp_invalid_request_syntax,positive + nbranch sa_req_loop,zero //another attribute + increase -1,timeup + nbranch sdp_invalid_request_syntax,zero + + call l2cap_get_sdp_tx_payload + increase 10,contw + arg mem_sdp_attrib_list,rega +sa_req_handle_attributelist_next: + copy queue,pdata + branch sa_req_handle_attributelist_end,blank + ifetch 2,rega + branch sa_req_handle_attributelist_end,blank + iforce regb /* regb is the attribute ID */ + fetch 4,mem_sdp_record_handle + iforce temp + call search_handle_attrib + copy contr,pdata + branch sa_req_handle_attributelist_notfound,blank + increase -3,contr + ifetch 3,contr + istore 3,contw + call sdp_data_len + iforce loopcnt + call memcpy +sa_req_handle_attributelist_notfound: + increase 2,rega + increase -1, queue + branch sa_req_handle_attributelist_next + +sa_req_handle_attributelist_end: + arg SDP_ATTRIBUTE_RES,rega + call ssa_req_range_lastfreg_common + fetch 2,mem_sdp_tx_pkt_length + beq 11,sa_empty_rsp + branch ssa_req_range_attrbutes_length_no_continue + + +sdp_store_continue_common: + ifetch 1, contr + beq 0, sdp_store_continue_0byte + beq 1,sdp_store_continue_1byte + beq 2, sdp_store_continue_2byte +sdp_store_continue_0byte: + increase -1,timeup /* continuation state byte (0) */ + branch sdp_store_continue_end +sdp_store_continue_1byte: + ifetch 1, contr + increase -2,timeup /* continuation state byte (1) */ + branch sdp_store_continue_end +sdp_store_continue_2byte: + ifetch 2, contr + byteswap pdata,pdata + increase -3,timeup /* continuation state byte (2) */ +sdp_store_continue_end: + store 2, mem_sdp_continue_byte + rtn + +sa_req_all: + increase -5,timeup + call sdp_store_continue_common + nbranch sdp_invalid_pdu_size,zero + fetcht 4,mem_sdp_record_handle + call search_handle + nbranch sdp_invalid_service_record_handle,zero + copy contr,rega + call l2cap_get_sdp_tx_payload + copy rega,contr + increase 3,contw//arg mem_SDP_Tx_payload+3,contw + copy contr,timeup //sdp start pointer + call sdp_get_data + copy pdata, rega //sdp total length +// fetchr regb,2,mem_sdp_continue_byte + fetch 2,mem_sdp_continue_byte + copy pdata,regb + copy rega,pdata + isub regb,regb //total_length - continue_byte in regb + fetch 2, mem_sdp_attribute_maxbyte + isub regb, null + nbranch sa_req_all_fragment_sdp, positive + // the last fragment + disable user + fetch 2, mem_sdp_continue_byte + branch sa_req_all_fisrt_fragment,blank + iadd timeup, contr //set the read pointer + increase 3,regb //include the total length field, 3 bytes + copy regb, loopcnt + copy loopcnt, pdata + increase 3, pdata + byteswap pdata,pdata + istore 2, contw + copy loopcnt, pdata + byteswap pdata,pdata + istore 2, contw + branch sa_req_all_answer_attributelist_full_loop +sa_req_all_fisrt_fragment: + add rega,6,loopcnt + branch sa_req_all_parlength_continue_byte, user + byteswap loopcnt,pdata + branch sa_req_all_parlength_continue_byte_end +sa_req_all_parlength_continue_byte: + copy loopcnt, pdata + increase 2, pdata + byteswap pdata,pdata +sa_req_all_parlength_continue_byte_end: + istore 2,contw /* ParLength */ + increase -3,loopcnt + byteswap loopcnt,pdata + istore 2,contw /* AttrListByteCount */ + copy timeup,contr + branch sa_req_all_answer_attributelist_full_loop +sa_req_all_fragment_sdp: + enable user +// fetchr rega,2,mem_sdp_attribute_maxbyte + fetch 2,mem_sdp_attribute_maxbyte + copy pdata,rega + copy rega,loopcnt + fetch 2, mem_sdp_continue_byte + branch sa_req_all_fisrt_fragment,blank + iadd timeup, contr + copy rega,pdata + increase 5,pdata + byteswap pdata,pdata + istore 2, contw + copy rega,pdata + byteswap pdata,pdata + istore 2, contw +sa_req_all_answer_attributelist_full_loop: + call memcpy + nbranch sa_req_all_last_frag_continue, user + force 2,pdata + istore 1,contw + copy contr, pdata + isub timeup, pdata + byteswap pdata,pdata + istore 2, contw // continuation length + branch sa_req_all_frag_end +sa_req_all_last_frag_continue: + force 0,pdata + istore 1,contw +sa_req_all_frag_end: + arg SDP_ATTRIBUTE_RES,rega + branch ssa_req_range_common + +/**********************************************************************/ +/* ssa_req */ +/* Processing Service Search Attribute Request */ +/* Call: ask_serviceclassid, ask_attributeid, empty_response */ +/* or answer_attributelist */ +/* Input: contr */ +/* Output: mem_SDP_Tx_payload, mem_SDP_Tx_pkt_length */ +/* */ +/**********************************************************************/ +sdp_process_ssa_req: + bpatchx patch2f_5,mem_patch2f + call ask_serviceclassid + compare 0xff,temp,0xff + branch sdp_invalid_request_syntax,true + call sdp_store_maxbyte + store 2,mem_sdp_attribute_maxbyte + increase -2,timeup + call dataelementtype6 + arg mem_sdp_attrib_list,contw + force 0,queue +ssa_req_loop: + ifetch 1,contr + beq SDP_ATTRIBUTE_RANGE,ssa_req_range + ifetch 2,contr + istore 2,contw //save the attribute id in mem_sdp_attrib_list + increase 1,queue + increase -3,timeup + increase -3,rega + nbranch sdp_invalid_request_syntax,positive + nbranch ssa_req_loop,zero + increase -1,timeup + nbranch sdp_invalid_request_syntax,zero + call l2cap_get_sdp_tx_payload + increase 13,contw//arg mem_SDP_Tx_payload+13,contw + fetch 2,mem_sdp_uuid_search_ptr + iforce regc + arg mem_sdp_attrib_list,rega +ssa_req_attributelist_next: + ifetch 2,rega + branch ssa_req_attributelist_end,blank + iforce regb /* regb is the attribute ID */ + call search_attrib + branch ssa_req_attributelist_notfound,blank + increase -3,contr + ifetch 3,contr + istore 3,contw + call sdp_data_len + iforce loopcnt + call memcpy +ssa_req_attributelist_notfound: + increase 2,rega + branch ssa_req_attributelist_next + +ssa_req_attributelist_end: + call ssa_req_range_lastfreg + fetch 2,mem_sdp_tx_pkt_length + beq 14,ssa_empty_rsp + call ssa_req_range_attrbutes_length_no_continue + branch ssa_req_range_attrbutes_length_no_continue + + +sdp_store_maxbyte: + ifetch 2,contr + byteswap pdata,pdata + increase -3,pdata + arg 200,temp + isub temp,null + nrtn positive + setarg 200 + rtn + + +ssa_req_range: + increase 4,contr + increase -5,timeup + increase -5,rega + nbranch sdp_invalid_request_syntax,zero + call sdp_store_continue_common + nbranch sdp_invalid_pdu_size,zero + arg mem_sdp_uuid_search_ptr,timeup + call search_all_uuid + deposit queue + branch ssa_empty_rsp,blank + store 1,mem_handle_humber +// storer regb,2,mem_sdp_all_length + copy regb,pdata + store 2,mem_sdp_all_length + arg 0,queue + arg 0,rega + call l2cap_get_sdp_tx_payload + increase 10,contw +ssa_req_range_find_handle: + call ssa_req_range_get_length + nbranch assert,user + copy contr,timeup + copy pdata,regc + iadd rega,rega +// copy pdata,rega +// fetch 2,mem_sdp_all_length + fetch 2,mem_sdp_continue_byte + copy pdata,regb + branch ssa_req_range_first_freg,blank +ssa_req_range_later_freg_with_continue: + copy rega,pdata + isub regb,regb //total_length - continue_byte in rega + branch ssa_req_range_next_handle,zero + nbranch ssa_req_range_next_handle,positive + fetch 2, mem_sdp_attribute_maxbyte + isub regb, null + branch ssa_req_range_maxbyte_with_continue,zero + nbranch ssa_req_range_maxbyte_with_continue, positive + + // data length < =maxbyte +ssa_req_range_send_not_maxbyte: + copy regb,loopcnt + call ssa_req_range_maxbyte_with_continue_cpy + fetch 1,mem_handle_humber + increase 1,queue + isub queue,null + branch ssa_req_range_lastfreg,zero + branch ssa_req_range_freg_with_continue + +ssa_req_range_maxbyte_with_continue: + copy pdata,loopcnt + call ssa_req_range_maxbyte_with_continue_cpy + branch ssa_req_range_freg_with_continue + +ssa_req_range_maxbyte_with_continue_cpy: + increase -3,contw + copy loopcnt,temp + copy regc,pdata + isub regb,pdata + iadd timeup,contr + branch memcpy + +ssa_req_range_next_handle: + fetch 1,mem_handle_humber + increase 1,queue + isub queue,null + rtn zero // + branch ssa_req_range_find_handle + +ssa_req_range_get_length: + call disable_user + arg mem_sdp_handle_list,contr + lshift2 queue,pdata + iadd contr,contr + ifetcht 4, contr + call search_handle + nrtn zero + call sdp_data_len + branch enable_user + +ssa_req_range_first_freg: + fetch 2, mem_sdp_attribute_maxbyte + isub rega, null + nbranch ssa_req_range_firstfreg_maxbyte_with_continue,positive + copy rega,loopcnt + copy loopcnt,temp + copy timeup,contr + call memcpy + fetch 2,mem_sdp_all_length + isub rega,null + branch ssa_req_range_freg_no_continue,zero +ssa_req_range_firstfreg_not_maxbyte_with_continue: + call ssa_req_range_freg_with_continue + branch ssa_req_range_attrbutes_length + +ssa_req_range_freg_no_continue: + call ssa_req_range_lastfreg + branch ssa_req_range_attrbutes_length + +ssa_req_range_lastfreg: + arg SDP_SEARCHATTRIB_RES,rega //PUD ID +ssa_req_range_lastfreg_common: + force 0,pdata + istore 1,contw + call ssa_req_range_common + fetcht 2,mem_sdp_tx_pkt_length + increase -5,temp + byteswap temp,pdata + istore 2, contw + increase -3,temp + byteswap temp,pdata + istore 2, contw //attribute length + rtn + +ssa_req_range_firstfreg_maxbyte_with_continue: + copy pdata,loopcnt + copy loopcnt,temp + copy timeup,contr + call memcpy + call ssa_req_range_freg_with_continue +ssa_req_range_attrbutes_length: + setarg 0x36 + istore 1,contw + fetch 2,mem_sdp_all_length + byteswap pdata,pdata + istore 2, contw + rtn + +ssa_req_range_attrbutes_length_no_continue: + setarg 0x36 + istore 1,contw + increase -3,temp + byteswap temp,pdata + istore 2, contw + rtn + +ssa_req_range_freg_with_continue: + arg SDP_SEARCHATTRIB_RES,rega //PUD ID + setarg 2 + istore 1,contw + fetch 2,mem_sdp_continue_byte + iadd temp,temp + byteswap temp,pdata + istore 2,contw + call ssa_req_range_common + fetcht 2,mem_sdp_tx_pkt_length + increase -5,temp + byteswap temp,pdata + istore 2, contw + increase -5,temp + byteswap temp,pdata + istore 2, contw + rtn + +ssa_req_range_common: + fetch 2,mem_sdp_tx_payload_ptr + isub contw,pdata + sub pdata,0,pdata + store 2,mem_sdp_tx_pkt_length + call l2cap_get_sdp_tx_payload + copy rega,pdata //PUD ID + istore 1,contw + fetch 2,mem_sdp_transactionid + istore 2,contw + rtn + + + + +/**********************************************************************/ +/* ssa_res */ +/* Processing Service Search Attribute Response */ +/* Call: dataelementtype6, attribute_reading */ +/* Input: contr */ +/* Output: mem_sdp_record_handle,mem_sdp_search_failed */ +/* */ +/**********************************************************************/ +sdp_process_ssa_res: +sdp_process_ss_res: +sdp_process_sa_res: +sdp_process_error_res: + rtn +/* +sdp_process_ss_res: + bpatchx patch2f_6,mem_patch2f + ifetch 2,contr + ifetch 2,contr + byteswap pdata,pdata + bne 1,assert + ifetch 4,contr + store 4,mem_sdp_record_handle + fetchr regc,2,mem_sdp_l2capch_ptr + add regc,offset_lc_state,regc + ifetch 1,regc + set1 L2CAP_CHANNEL_STATE_RECV_SEARCH_RES,pdata + istore 1,regc + rtn + +sdp_process_sa_res: + bpatchx patch2f_7,mem_patch2f + fetchr regc,2,mem_sdp_l2capch_ptr + add regc,offset_lc_state,regc + ifetch 1,regc + set1 L2CAP_CHANNEL_STATE_RECV_ATTRIB_RES,pdata + istore 1,regc + copy temp,contr + ifetch 2,contr + call search_rfcomm_cn + store 1,mem_profile_channel + rtn +*/ + + + +sdp_invalid_service_record_handle: + setarg 0x0200 + store 2,mem_sdp_error_code + branch sdp_error_response +sdp_invalid_pdu_size: + setarg 0x0400 + store 2,mem_sdp_error_code + branch sdp_error_response +sdp_insufficient_resource: + setarg 0x0600 + store 2,mem_sdp_error_code + branch sdp_error_response +sdp_invalid_request_syntax: + setarg 0x0300 + store 2,mem_sdp_error_code +sdp_error_response: + call l2cap_get_sdp_tx_payload + istore 1,contw + fetch 2,mem_sdp_transactionid + istore 2,contw + setarg 0x0200 + istore 2,contw + fetch 2,mem_sdp_error_code + istore 2,contw + jam 7,mem_sdp_tx_pkt_length + rtn + + +//store uuid in mem_sdp_uuid_search_ptr, +//return temp 0xff if wrong +ask_serviceclassid: + arg 0,regb + force 0,temp /* use "temp" to mark syntax error or to mark 128 bit uuid */ + arg mem_sdp_uuid_search_ptr,contw + call dataelementtype6 + branch asksrv_error,zero +classidloop: + increase 1,regb + ifetch 1,contr + increase -1,rega + increase -1,timeup + compare 0x18,pdata,0xf8 /* 5 MSB: b00011: uuid */ + nbranch asksrv_error,true + compare 0x04,pdata,0x07 /* 3 LSB: b100 128 bits uuid */ + nbranch cmp032,true + force 1,temp /* mark it as 128 bit uuid */ +skip2bytes: + ifetch 1,contr + increase -1,rega + increase -1,timeup + bne 0x00, frstbwrong + ifetch 1,contr + increase -1,rega + increase -1,timeup + beq 0x00, cmpuuid + branch scndbwrong +frstbwrong: + increase 1,contr + increase -1,rega + increase -1,timeup +scndbwrong: + increase 2,contr /* skip 2 bytes, first 2 bytes already wrong */ + increase -2,rega + increase -2,timeup + compare 0x00,temp,0xff /* 128 bits or 32 bits ? */ + branch loopornot,true + increase 12,contr /* skip 12 bytes, first 2 bytes already wrong */ + increase -12,rega + increase -12,timeup + branch loopornot +cmp032: + compare 0x02,pdata,0x07 /* 3 LSB: b010 32 bits uuid */ + nbranch cmp016,true + branch skip2bytes +cmp016: + compare 0x01,pdata,0x07 /* 3 LSB: b001 16 bit uuid */ + nbranch asksrv_error,true +cmpuuid: + increase -2,rega + increase -2,timeup + ifetch 2,contr /* higher order byte */ + sub regb,4,null + branch uuidsize,zero //max store uuids =3 + istore 2,contw +uuidsize: + compare 0x00,temp,0xff /* is this 128 bits uuid */ + branch loopornot,true + copy contr,temp + ifetch 1,contr + bne 0x00, wrong12b + ifetch 1,contr + bne 0x00, wrong12b + ifetch 1,contr + bne 0x10, wrong12b + ifetch 1,contr + bne 0x00, wrong12b + ifetch 1,contr + bne 0x80, wrong12b + ifetch 1,contr + bne 0x00, wrong12b + ifetch 1,contr + bne 0x00, wrong12b + ifetch 1,contr + bne 0x80, wrong12b + ifetch 1,contr + bne 0x5f, wrong12b + ifetch 1,contr + bne 0x9b, wrong12b + ifetch 1,contr + bne 0x34, wrong12b + ifetch 1,contr + beq 0xfb, chck12dn +wrong12b: + copy temp,contr +wrong12b1: + increase 12,contr /* skip 12 bytes */ + force 0x00,queue + force 0x00,temp + branch chck12dn + +chck12dn: + increase -12,timeup + increase -12,rega +loopornot: + force 0x00,temp + compare 0x00,rega,0xff + nbranch classidloop,true + force 0,pdata + istore 2,contw /* end list with null */ + rtn +asksrv_error: + arg 0xff,temp + rtn + +/**********************************************************************/ +/* Subroutine: dataelementtype6 */ +/* Parse Data Element Sequence, obtain the data size */ +/* Input: SDP Rx Buf Pointer in contr, parameter count in timeup */ +/* Output: data length in rega, data pointer in contr */ +/* and parameter count in timeup, return with zero flag set: */ +/* syntax error */ +/**********************************************************************/ +dataelementtype6: + bpatchx patch30_0,mem_patch30 + ifetch 1,contr + increase -1,timeup + compare 0x30,pdata,0xf8 /* 5 MSB: b00110: type 6 */ + nbranch dsize_error,true + compare 0x07,pdata,0x07 /* 3 LSB: b111: 32 bits */ + branch dsize32,true + compare 0x06,pdata,0x07 /* 3 LSB: b110: 16 bits */ + branch dsize16,true + compare 0x05,pdata,0x07 /* 3 LSB: b101: 8 bits */ + nbranch dsize_error,true +// ifetchr rega,1,contr /* data length in reg A */ + ifetch 1,contr + copy pdata,rega + increase -1,timeup + branch dsize +dsize32: + increase 2,contr + increase -2,timeup +dsize16: + ifetch 2,contr + byteswap pdata,rega + increase -2,timeup +dsize: + force 0x01,pdata + rtn +dsize_error: + force 0x00,pdata + rtn + +/**********************************************************************/ +/* Subroutine: sa_empty_rsp */ +/* Send empty response */ +/* */ +/* Input: mem_sdp_pduid, mem_sdp_transactionid */ +/* Output: mem_SDP_Tx_payload, mem_SDP_Tx_pkt_length */ +/* */ +/**********************************************************************/ +ss_empty_rsp: + setarg SDP_SEARCH_RES + store 1, mem_sdp_pduid + branch empty_response +sa_empty_rsp: + setarg SDP_ATTRIBUTE_RES + store 1, mem_sdp_pduid + branch empty_response +ssa_empty_rsp: + setarg SDP_SEARCHATTRIB_RES + store 1, mem_sdp_pduid +empty_response: + call l2cap_get_sdp_tx_payload /* empty attribute list */ +// fetchr regb,1,mem_sdp_pduid /* PDUID */ +// istorer regb,1,contw + fetch 1,mem_sdp_pduid + copy pdata,regb + istore 1,contw + fetch 2,mem_sdp_transactionid /* copy back transaction id */ + istore 2,contw + setarg 0x0500 + istore 2, contw + compare SDP_ATTRIBUTE_RES,regb,0xff + branch fullsearch,true + compare SDP_SEARCHATTRIB_RES,regb,0xff + branch fullsearch,true + setarg 0x000000 + istore 5,contw + branch outempty + +fullsearch: /* pduid must be 5 or 7 */ + setarg 0x350200 + istore 5,contw +outempty: + jam 10,mem_sdp_tx_pkt_length + rtn + +//return length in pdata(whole element ,include header and data ), contr not change +sdp_data_len: + call store_contw + call store_contr + call sdp_get_data + call get_contw + call get_contr + copy temp,pdata + rtn + +//return data length in pdata, contr is data pionter,return length in temp(whole element ,include header and data ) +sdp_get_data: + ifetch 1,contr + and pdata,0x7,loopcnt + rshift3 pdata,pdata + bne 0,sdp_get_data_type_not0 +sdp_get_data_type0: + force 1,pdata + force 1,temp + rtn + +sdp_get_data_type_not0_sizeindex01234: + call left_shift_n + add pdata,1,temp //add header length + rtn +sdp_get_data_type_not0: + deposit loopcnt + sub pdata,4,null + branch sdp_get_data_type_not0_sizeindex01234,positive + beq 5,sdp_get_data_type_not0_sizeindex5 + beq 6,sdp_get_data_type_not0_sizeindex6 + beq 7,sdp_get_data_type_not0_sizeindex7 + rtn + +sdp_get_data_type_not0_sizeindex5: + ifetch 1,contr + add pdata,2,temp //add header length + rtn +sdp_get_data_type_not0_sizeindex6: + ifetch 2,contr + byteswap pdata,pdata + add pdata,3,temp //add header length + rtn +sdp_get_data_type_not0_sizeindex7: + ifetch 2,contr + byteswap pdata,pdata + ifetcht 2,contr + byteswap temp,temp + lshift16 temp,temp + iadd temp,pdata + add pdata,5,temp //add header length + rtn + +/* find with uuids +input uuids pionter in timeup +return handles in mem_sdp_handle_list; handles number in queue if found +return regb all length*/ +search_all_uuid: + bpatchx patch30_1,mem_patch30 + force 0,queue + arg 0,regb + arg mem_sdp_handle_list,contw +search_all_uuid_llop: + ifetch 2,timeup + rtn blank + call search_uuid + copy queue,pdata + rtneq SDP_MAX_HANDLE_NUMBER + increase 2,timeup + branch search_all_uuid_llop + +search_uuid: +// arg 0,regb + iforce regc +// force 0,queue + fetch 2, mem_ui_uuid_table + iforce contr +search_uuid_next: + copy queue,pdata + rtneq SDP_MAX_HANDLE_NUMBER + disable user + ifetch 1,contr + rtn blank + iforce loopcnt +search_uuid_loop: + ifetch 2,contr + isub regc,null + nbranch search_uuid_not_found,zero + enable user // uuid match +search_uuid_not_found: + loop search_uuid_loop + ifetcht 4,contr // get handle + copy contr,rega + nbranch search_uuid_nomatch,user + arg mem_sdp_handle_list,contr + arg SDP_MAX_HANDLE_NUMBER,loopcnt +search_uuid_check_same_handle: + ifetch 4,contr + branch search_uuid_store_handle,blank + isub temp,null + branch search_uuid_nomatch,zero + loop search_uuid_check_same_handle + rtn +search_uuid_store_handle: + istoret 4,contw + increase 1,queue + copy rega,contr + call sdp_data_len + iadd regb,regb + iadd contr,contr + branch search_uuid_next +search_uuid_nomatch: + copy rega,contr + call sdp_get_data + iadd contr,contr // next paragraph + branch search_uuid_next + +/* temp is handle, +return zero if found +return data pointer in contr +*/ +search_handle: + bpatchx patch30_2,mem_patch30 + fetch 2,mem_ui_uuid_table + iforce contr +search_handle_loop: + ifetch 1,contr + branch disable_zero,blank + lshift pdata,pdata + iadd contr,contr + ifetch 4,contr + isub temp,null + rtn zero + deposit contw + store 2,mem_contw + storet 8,mem_temp + call sdp_get_data + iadd contr,contr + copy contr,pdata + fetcht 2,mem_contw + copy temp,contw + fetcht 8,mem_temp + copy pdata,contr + branch search_handle_loop + +/** +* input regb and regc.regb is the attribute ID and regc is UUID. +* set contr if find attribute or 0 if not +*/ +search_attrib: + bpatchx patch30_3,mem_patch30 + fetch 2,mem_ui_uuid_table + iforce contr +search_attrib_next: + ifetch 1,contr + branch search_attrib_end, blank + iforce loopcnt +search_attrib_loop: + ifetch 2,contr + isub regc,null /* regc is UUID, compare it */ + branch search_attrib_found_uuid,zero + loop search_attrib_loop + increase 4,contr + call sdp_get_data + iadd contr,contr /* next paragraph */ + branch search_attrib_next +search_attrib_found_uuid: + increase -1,loopcnt + lshift loopcnt,pdata + iadd contr,contr + increase 4,contr + call sdp_get_data + iadd contr,timeup /* attribute list end */ +search_attrib_loop_attribs: + increase 1,contr + ifetch 2,contr + isub regb,null + //force 0x1,pdata,zero +// setflag zero, 0,pdata +// copy timeup, timeup + branch disable_blank,zero /* attribute found */ + call sdp_data_len + iadd contr,contr + deposit timeup + isub contr,null + branch search_attrib_end, zero /*attribute end, not found the attribute, return contr = 0*/ + branch search_attrib_loop_attribs +search_attrib_end: + force 0,contr + force 0,pdata + rtn + + +//search the attribute according the record handle +//record handle in temp, attribute in regb +//set the contr to zero if not found +search_handle_attrib: + bpatchx patch30_4,mem_patch30 + fetch 2,mem_ui_uuid_table + iforce contr +search_handle_attrib_next: + ifetch 1,contr + branch search_handle_attrib_end, blank + lshift pdata,pdata + iadd contr, contr + ifetch 4,contr + isub temp,null /* regc is UUID, compare it */ + branch search_handl_attrib_found_handle,zero + call sdp_get_data + iadd contr,contr /* next paragraph */ + branch search_handle_attrib_next +search_handl_attrib_found_handle: + call sdp_get_data + iadd contr,timeup /* attribute list end */ +search_handle_attrib_loop_attribs: + increase 1,contr + ifetch 2,contr + isub regb,null + rtn zero /* attribute found */ + call sdp_data_len + iadd contr,contr + deposit timeup + isub contr,null + branch search_handle_attrib_end, zero /*attribute end, not found the attribute, return contr = 0*/ + branch search_handle_attrib_loop_attribs +search_handle_attrib_end: + force 0,contr + rtn + + +//enable user if find rfcomm channel number, pdata is channel number +search_rfcomm_cn: + arg 0x0400,regb // attribute protocol edscriptor list + call search_handl_attrib_found_handle + arg 0x0300,regb // uuid rfcomm + call search_uuid_in_data + nrtn user + sub rega,3,null + branch disable_user,positive + ifetch 1,contr + bne 0x08,disable_user + ifetch 1,contr + rtn + + //input timeup is lenth + //input contr is data ptr + //return contr is end of uuid; enable user if found uuid +search_uuid_in_data: + bpatchx patch30_5,mem_patch30 + call sdp_get_data + copy pdata,rega +search_uuid_in_data_loop: + ifetch 1,contr + and pdata,0x7,loopcnt + rshift3 pdata,pdata + sub pdata,3,null + branch search_uuid_in_data_found_uuid,zero + copy loopcnt,pdata + beq 5,search_uuid_in_data_found_element_index5 + beq 6,search_uuid_in_data_found_element_index6 + beq 7,search_uuid_in_data_found_element_index7 + increase -1,contr + call sdp_get_data + iadd contr,contr + copy rega,pdata + isub temp,rega + branch disable_user,zero + branch search_uuid_in_data_loop + +search_uuid_in_data_found_element_index5: + increase -2,rega + increase 1,contr + branch search_uuid_in_data_loop +search_uuid_in_data_found_element_index6: + increase -3,rega + increase 2,contr + branch search_uuid_in_data_loop +search_uuid_in_data_found_element_index7: + increase -5,rega + increase 4,contr + branch search_uuid_in_data_loop + +search_uuid_in_data_found_uuid: + increase -1,rega + copy loopcnt,pdata + beq 1,search_uuid_in_data_type_uuid_16 + beq 2,search_uuid_in_data_type_uuid_32 + beq 4,search_uuid_in_data_type_uuid_128 + branch disable_user +search_uuid_in_data_type_uuid_128: + increase -12,rega +search_uuid_in_data_type_uuid_32: + ifetch 2,contr + increase -2,rega +search_uuid_in_data_type_uuid_16: + ifetch 2,contr + isub regb,null + branch enable_user,zero + increase -2,rega + branch disable_user,zero + branch search_uuid_in_data_loop + +/* +//rega:l2cap len ,mem_search_uuid:uuid to search +sdp_send_search_req: + call l2cap_malloc_sdp_req + setarg SDP_SEARCH_REQ + istore 1,contw + fetch 2,mem_sdp_transactionid_local + byteswap pdata,pdata + istore 2,contw + increase -5,rega + byteswap rega,rega + //istorer rega,2,contw + copy rega,pdata + istore 2,contw + setarg 0x0335 + istore 2,contw + setarg 0x19 + istore 1,contw + fetch 2,mem_search_uuid + istore 2,contw + setarg 0x0008 + istore 2,contw + setarg 0 + istore 1,contw + rtn + +//rega:l2cap len +sdp_send_attribute_req: + call l2cap_malloc_sdp_req + setarg SDP_ATTRIBUTE_REQ + istore 1,contw + fetch 2,mem_sdp_transactionid_local + byteswap pdata,pdata + istore 2,contw + increase -5,rega + byteswap rega,rega +// istorer rega,2,contw + copy rega,pdata + istore 2,contw + fetch 4,mem_sdp_record_handle + istore 4,contw + setarg 0x2c01 + istore 2,contw + setarg 0x0535 + istore 2,contw + setarg 0x0a + istore 1,contw + setarg 0 + istore 2,contw + setarg -1 + istore 2,contw + setarg 0 + istore 1,contw + rtn +*/ + + +sdp_send_spp_request: + call l2cap_get_sdp_tx_payload + copy pdata,contw + setarg 6//Search Attr Req + istore 1,contw + setarg sdp_tid_spp + istore 2,contw + setarg 0x0f00 //length15 + istore 2,contw + setarg 0x1a0535 + istore 3,contw + setarg 0x0111 + lshift16 pdata,pdata //UUID + istore 4,contw + setarg 0x2600 //max return len + istore 2,contw + setarg 0x0335 + istore 2,contw + setarg 0x0009 + istore 2,contw + setarg 0x0004 + istore 2,contw + jam 0x14,mem_sdp_tx_pkt_length + rtn + Index: dukaqi/senrui/program/security.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/security.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/security.prog (working copy) @@ -0,0 +1,1642 @@ + +ifdef SECURE_CONNECTION + +function_g2: + bpatchx patch30_6,mem_patch30 + jam 80,mem_AES_CMAC_data_length + arg memdat,contw + arg mem_le_srand,contr + call memcpy16 + arg mem_le_pubkey_local_x_256,contr + call memcpy32 + arg mem_le_pubkey_remote_x_256,contr + call memcpy32 + call inverse_memdat + arg mem_le_mrand,contr + call store_inverse_k + call function_AES_CMAC + + arg mem_AES_CMAC_temp,contw + call load_inverse_result + setarg 1000000 + copy pdata,rega + fetch 4,mem_AES_CMAC_temp + idiv rega + call wait_div_end + remainder pdata + store 4,mem_gkey +//call ice_break + rtn + +function_f6_eb: + jam 65,mem_AES_CMAC_data_length + arg memdat,contw + call store_addr_common_a + call store_addr_common_b + fetch 3,mem_le_pres+1 + istore 3,contw +// arg mem_le_r,contr +// call memcpy16 + call get_r + + arg mem_le_mrand,contr + call memcpy16 + arg mem_le_srand,contr + call memcpy16 + call inverse_memdat + arg mem_le_mackey ,contr + arg mem_AES_CMAC_k,contw + call memcpy16 +// call p_store_inverse_k + branch function_AES_CMAC +// arg mem_AES_CMAC_temp,contw +// branch p_load_inverse_result + +get_r: + fetch 4,mem_le_tk + istore 4,contw + call memset0_4 + branch memset0_8 + +function_f6_ea: + bpatchx patch30_7,mem_patch30 + jam 65,mem_AES_CMAC_data_length + arg memdat,contw + call store_addr_common_b + call store_addr_common_a + fetch 3,mem_le_preq+1 + istore 3,contw +// arg mem_le_r,contr +// call memcpy16 + call get_r + arg mem_le_srand,contr + call memcpy16 + arg mem_le_mrand,contr + call memcpy16 + call inverse_memdat + arg mem_le_mackey ,contr + arg mem_AES_CMAC_k,contw + call memcpy16 +// call p_store_inverse_k + call function_AES_CMAC + arg mem_AES_CMAC_temp,contw + branch load_inverse_result + +function_f5: + jam 32,mem_AES_CMAC_data_length + arg mem_le_dhkey_256 ,contr + arg memdat,contw + call memcpy32 + call inverse_memdat + arg mem_le_slat,contr + call store_inverse_k + call function_AES_CMAC + arg mem_AES_CMAC_k,contw + call store_aes_result + arg 1,temp + call function_f5_common + arg mem_le_ltk,contw + call load_inverse_result + arg 0,temp + call function_f5_common + arg mem_le_mackey,contw +// branch p_load_inverse_result + branch store_aes_result + + +function_f5_common: + bpatchx patch31_0,mem_patch31 + jam 53,mem_AES_CMAC_data_length + setarg 0x100 + store 2,memdat + call store_addr_common_b + call store_addr_common_a + arg mem_le_srand,contr + call memcpy16 + arg mem_le_mrand,contr + call memcpy16 +// fetch 4,mem_le_keyid 0x62746c65 + setarg 0x6c65 + istore 2,contw + setarg 0x6274 + istore 2,contw + istoret 1,contw //counter + call inverse_memdat + branch function_AES_CMAC + +store_addr_common_b: + fetch 6,mem_le_lap + istore 6,contw + fetch 1,mem_le_conn_own_addr_type + istore 1,contw + rtn + +store_addr_common_a: + fetch 6,mem_le_plap + istore 6,contw +// setarg 0x2dcfc1 +// istore 3,contw +// setarg 0xa71370 +// istore 3,contw + fetch 1,mem_le_conn_peer_addr_type + istore 1,contw + rtn + +function_f4_ca: + jam 65,mem_AES_CMAC_data_length + fetch 1,mem_passkey_1bit + store 1,memdat + arg mem_le_pubkey_local_x_256,contr + call memcpy32 + arg mem_le_pubkey_remote_x_256,contr + call memcpy32 + call inverse_memdat + arg mem_le_mrand,contr + call store_inverse_k + branch function_AES_CMAC + + +function_f4_cb: + jam 65,mem_AES_CMAC_data_length + fetch 1,mem_passkey_1bit + store 1,memdat + arg mem_le_pubkey_remote_x_256,contr + call memcpy32 + arg mem_le_pubkey_local_x_256,contr + call memcpy32 + call inverse_memdat + arg mem_le_srand,contr + call store_inverse_k + branch function_AES_CMAC + +function_AES_CMAC: + bpatchx patch31_1,mem_patch31 + call function_AES_CMAC_Generate_Subkey +//call ice_break +// jam 65,mem_AES_CMAC_data_length +//call ice_break + fetch 1,mem_AES_CMAC_data_length + copy pdata,temp +function_ceil16: + increase 15,pdata + rshift4 pdata,pdata + copy pdata,regb + branch function_AES_CMAC_set_flag_0_balnk,blank + and temp,0x0f,pdata + nbranch function_AES_CMAC_set_flag_0,blank +// flag =1; + arg mem_AES_CMAC_k1,regc + arg memdat,pdata + increase -16,pdata +// iadd temp,pdata +// isub rega,rega + iadd temp,rega + arg mem_AES_CMAC_M_last,contw + arg 4,loopcnt + call xor_loop +//call ice_break +// arg mem_f4_k1,contr +// call load_key + branch function_AES_CMAC_aes + +function_AES_CMAC_set_flag_0_balnk: + arg 1,regb + arg 0,rega +// arg mem_f4_test_data,pdata + branch function_AES_CMAC_set_flag_0_common +//call ice_break + +function_AES_CMAC_set_flag_0: +// flag = 0; + and temp,0x0f,rega +function_AES_CMAC_set_flag_0_common: + arg memdat,pdata + iadd temp,pdata + isub rega,contr +//call ice_break + arg mem_AES_CMAC_temp,contw + call function_AES_CMAC_padding +//call ice_break + arg mem_AES_CMAC_k2,regc + arg mem_AES_CMAC_temp,rega + arg mem_AES_CMAC_M_last,contw + arg 4,loopcnt + call xor_loop +//call ice_break + +// arg mem_f4_k2,contr +// call load_key + +// branch p_function_f4_aes +function_AES_CMAC_aes: +// arg mem_f4_k,contr +// call load_key +// arg mem_AES_CMAC_xor,contr +// call load_data128 + call aes_clear_data + call aes_init +// arg mem_f4_k,contr +// call load_key + arg memdat,contr +function_AES_CMAC_aes_loop: +//generate_mic_loop: + increase -1,regb + deposit regb + branch function_AES_CMAC_aes_loop_end,blank + call load_data128 + call do_aes_cbc + branch function_AES_CMAC_aes_loop +//generate_mic_end: +function_AES_CMAC_aes_loop_end: + arg mem_AES_CMAC_temp,contw + call store_aes_result + arg mem_AES_CMAC_M_last,contr + call load_data128 + call aes_init + arg mem_AES_CMAC_temp,contr + call load_data128 + branch do_aes_cbc + + + +load_inverse_result: +// arg mem_AES_CMAC_temp,contw + copy contw,rega + call store_aes_result +// arg mem_AES_CMAC_temp,rega + arg 16,loopcnt + branch inverse_data + +store_inverse_k: + arg mem_AES_CMAC_k,contw + call memcpy16 +inverse_k: + arg 16,loopcnt + arg mem_AES_CMAC_k,rega + branch inverse_data + +inverse_memdat: + fetch 1,mem_AES_CMAC_data_length + copy pdata,loopcnt + arg memdat,rega + branch inverse_data + +bn_lshift_0_inverse: + ifetch 1,regA + lshift pdata,pdata + isolate1 0,regC + setflag true,0,pdata + isolate1 8,pdata + setflag true,0,regC + istore 1,rega + increase -1,rega + loop bn_lshift_0_inverse + rtn + +function_AES_CMAC_k1_inverse: + arg mem_AES_CMAC_k1,regA +function_AES_CMAC_inverse_common: + increase 15,rega + force 16,loopcnt + force 0,regC + branch bn_lshift_0_inverse + +function_AES_CMAC_k2_inverse: + arg mem_AES_CMAC_k2,regA + branch function_AES_CMAC_inverse_common + + +function_AES_CMAC_Generate_Subkey: + arg mem_AES_CMAC_k,contr + call load_key128 +// arg mem_AES_CMAC_xor,contr +// call aes_load_xor + force regidx_xor,regext_index + call aes_clear + call aes_clear_data + + call do_aes_ecb + +// force 0x38,aes_ctrl +// force 0x0,aes_ctrl +// call wait_aes + arg mem_AES_CMAC_k1,contw + call store_aes_result +function_AES_CMAC_k1: + bpatchx patch31_2,mem_patch31 + fetch 1,mem_AES_CMAC_k1 + isolate1 7,pdata + nbranch function_AES_CMAC_k1_0,true + call function_AES_CMAC_k1_inverse + +//p_function_f4_k1_xor: + arg mem_AES_CMAC_k1,regc +// arg mem_AES_CMAC_rb,rega + arg mem_AES_CMAC_k1,contw +// arg 3,loopcnt +// call xor_loop + call function_AES_CMAC_xor_rb + branch function_AES_CMAC_k2 +function_AES_CMAC_k1_0: + call function_AES_CMAC_k1_inverse +function_AES_CMAC_k2: +//call ice_break + arg mem_AES_CMAC_k1,contr + arg mem_AES_CMAC_k2,contw + call memcpy16 + fetch 1,mem_AES_CMAC_k2 + isolate1 7,pdata + nbranch function_AES_CMAC_k2_inverse,true + call function_AES_CMAC_k2_inverse +//p_function_f4_k2_xor: + arg mem_AES_CMAC_k2,regc +// arg mem_AES_CMAC_rb,rega + arg mem_AES_CMAC_k2,contw +// arg 3,loopcnt +// branch xor_loop + + +//rb:00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 87 +function_AES_CMAC_xor_rb: + arg 3,loopcnt +function_AES_CMAC_xor_rb_loop: + arg 0,temp + call function_AES_CMAC_xor_loop_common + increase 4,regc + loop function_AES_CMAC_xor_rb_loop + arg 0x8700,temp + lshift16 temp,temp +function_AES_CMAC_xor_loop_common: + ifetch 4,regc + ixor temp,pdata + istore 4,contw + rtn + + + + +//input rega :length <16 contr,contw +function_AES_CMAC_padding: + bpatchx patch31_3,mem_patch31 + arg 16,loopcnt + arg 0,pdata +function_AES_CMAC_padding_loop: + isub rega,null + branch function_AES_CMAC_padding_beq_length,zero + branch function_AES_CMAC_padding_big_length,positive + ifetcht 1,contr + istoret 1,contw +function_AES_CMAC_padding_loop2: + increase 1,pdata + loop function_AES_CMAC_padding_loop + rtn +function_AES_CMAC_padding_beq_length: + arg 0x80,temp +function_AES_CMAC_padding_common: + istoret 1,contw + branch function_AES_CMAC_padding_loop2 + +function_AES_CMAC_padding_big_length: + arg 0,temp + branch function_AES_CMAC_padding_common + +endif + +generate_kinit: + call function_e22 + arg mem_input_store,contr + arg mem_kinit,contw /* Kinit is ready */ + branch memcpy16 + + +function_e21: /* rega pointers to bdaddr */ + disable user + call function_expand + arg mem_random_number,contr + arg mem_x,contw + force 15,loopcnt + call memcpy + ifetch 1,contr + xor_into 6,pdata + istore 1,contw + setarg mem_y + store 2,memp_ar_input + setarg mem_x + store 2,memp_ar_key + set1 mark_ar2,mark + branch function_ar + + + +function_e22: /* rega pointers to bdaddr */ + fetcht 1,mem_pin_length + force 16,regb /* total 16 bytes */ + add temp,6,regc /* regc is l' */ + sub regc,16,null + branch function_e22_pin_init,positive + force 16,regc +function_e22_pin_init: /* generate x from pin and bdaddr */ + arg mem_x,contw +function_e22_genx_pin: + arg mem_pin,contr + copy temp,loopcnt + disable user +function_e22_genx_loop: + ifetch 1,contr + istore 1,contw + increase -1,regb + branch function_e22_genx_end,zero + loop function_e22_genx_loop + branch function_e22_genx_pin,user + enable user + force 6,loopcnt + copy rega,contr + branch function_e22_genx_loop +function_e22_genx_end: + arg mem_random_number,contr + arg mem_y,contw + call memcpy16 + fetch 1,mem_y15 + ixor regc,pdata + store 1,mem_y15 /* inpy[15] = rand_num[15]^l'; */ + setarg mem_y + store 2,memp_ar_input + setarg mem_x + store 2,memp_ar_key + set1 mark_ar2,mark + branch function_ar + + + + +function_e1: /* rega pointers to bdaddr */ + disable user + call function_expand + branch function_hash + +function_e3: + arg mem_aco,rega + enable user + call function_expand + call function_hash + arg mem_input_store,contr + arg mem_kc,contw + branch memcpy16 + + /* costs 41769 clocks */ +function_hash: + setarg mem_random_number + store 2,memp_ar_input + setarg mem_link_key + store 2,memp_ar_key + set0 mark_ar2,mark + call function_ar + arg mem_input_store,rega + arg mem_random_number,regb + arg mem_x,contw + call xor16 + arg mem_x,rega + arg mem_y,regb + copy regb,contw + enable user + call add16 + call key_offset + setarg mem_y + store 2,memp_ar_input + setarg mem_x + store 2,memp_ar_key + set1 mark_ar2,mark + branch function_ar + + + /* totally costs 20700 clocks */ +function_ar: + jam 0,mem_ar_hround + fetch 2,memp_ar_key + iforce contr + arg mem_key_store,contw + call memcpy16 + fetch 2,memp_ar_input + iforce contr + arg mem_input_store,contw + call memcpy16 + +function_ar_loop: + call key_scheduling + disable user + bmark0 mark_ar2,function_ar_original + fetch 1,mem_ar_hround + bne 4,function_ar_original + fetchr regb,2,memp_ar_input + call xor_mod32_ar2 +function_ar_original: + call xor_mod32 + call el_boxes + fetch 1,mem_ar_hround + increase 1,pdata + store 1,mem_ar_hround + + call key_scheduling + enable user + call xor_mod32 + call pht + call permute + call pht + call permute + call pht + call permute + call pht + fetch 1,mem_ar_hround + increase 1,pdata + store 1,mem_ar_hround + bne 16,function_ar_loop + call key_scheduling + disable user + branch xor_mod32 + +/* input round number and temp key in mem_key_store, and output the next temp key in mem_key_store */ +/* round key is generated and store in mem_round_key */ +key_scheduling: + fetch 1,mem_ar_hround + arg mem_key_store,contr + branch key_sched_zero,blank + iforce regb /* regb is half round */ + force 17,loopcnt + copy contr,contw +key_rotateloop: + ifetch 1,contr + lshift3 pdata,temp + rshift2 pdata,pdata + rshift3 pdata,pdata + ior temp,pdata + istore 1,contw + loop key_rotateloop + setarg mem_key_store + iadd regb,contr + force 16,loopcnt + arg mem_round_key,contw +key_select_octet_loop: + ifetch 1,contr + istore 1,contw + compare mem_key_store_end,contr,0xff + nbranch key_select_octet_nwrap,true + increase -17,contr +key_select_octet_nwrap: + loop key_select_octet_loop + force 0,rega /* rega is index of octet within row */ + add regb,-1,regc /* this is the row index, half_round#1 is 0 */ + lshift2 regc,regc + lshift2 regc,regc + call enable_authrom + setarg mem_b_box + iadd regc,regc /* regc hold the starting address of the row */ + arg mem_round_key,contw + force 16,loopcnt +bias_round_key_loop: + ifetcht 1,regc + ifetch 1,contw + iadd temp,pdata + istore 1,contw + increase 1,regc + loop bias_round_key_loop + branch disable_authrom + +key_sched_zero: /* round 0, key1 */ + force 16,loopcnt + force 0,temp +create_byte_16_loop: + ifetch 1,contr + ixor temp,temp + loop create_byte_16_loop + deposit temp + istore 1,contr /* store the byte #16 */ + arg mem_key_store,contr + arg mem_round_key,contw + branch memcpy16 + +xor_mod32: /* xor on 0,3, add on 1,2. if user is set, invert. x in rega and y in regb, out in contw */ + arg mem_round_key,regb +xor_mod32_ar2: + force 16,loopcnt + arg mem_input_store,rega + copy rega,contw +xor_mod32_loop: + ifetcht 1,rega + ifetch 1,regb + ixor temp,alarm + and loopcnt,3,regc + nbranch xor_mod32_invert,user + xor_into 3,regc +xor_mod32_invert: + sub regc,1,regc + branch xor_even,positive + iadd temp,alarm +xor_even: + istorer alarm,1,contw + increase 1,rega + increase 1,regb + loop xor_mod32_loop + rtn + +el_boxes: + call enable_authrom + force 16,loopcnt + arg mem_input_store,rega +el_box_loop: + ifetch 1,rega + arg mem_e_box,contr + and loopcnt,3,regc + sub regc,1,null + branch e_boxes,positive + arg mem_l_box,contr +e_boxes: + iadd contr,contr + ifetch 1,contr + istore 1,rega + increase 1,rega + loop el_box_loop + branch disable_authrom + +pht: + force 8,loopcnt + arg mem_input_store,contr + copy contr,contw +pht_loop: + ifetchr rega,1,contr + ifetchr regb,1,contr + lshift rega,pdata + iadd regb,pdata + istore 1,contw + deposit rega + iadd regb,pdata + istore 1,contw + loop pht_loop + rtn + +/* 8 11 12 15 2 1 6 5 10 9 14 13 0 7 4 3 */ +permute: + setarg 0x8ae42c + iforce temp + force 7,loopcnt + call permute_exchange + setarg 0xd751b + iforce temp + force 5,loopcnt + call permute_exchange + fetchr rega,1,mem_input_store+15 + fetch 1,mem_input_store+3 + store 1,mem_input_store+15 + storer rega,1,mem_input_store+3 + rtn + +permute_exchange: + and temp,0xf,regb +permute_loop: + and temp,0xf,pdata + arg mem_input_store,contw + iadd contw,contw + ifetchr regc,1,contw + istorer rega,1,contw + copy regc,rega + rshift4 temp,temp + loop permute_loop + setarg mem_input_store + iadd regb,contw + istorer rega,1,contw + rtn + +add16: + enable user + branch xor_add16 + +xor16: + disable user +xor_add16: /* if user is set, do add, else do xor */ + force 16,loopcnt /* rega and regb pointers to src, contw is result */ +xoradd_loop: + ifetcht 1,rega + ifetch 1,regb + branch xoradd_add,user + ixor temp,pdata + branch xoradd_store +xoradd_add: + iadd temp,pdata +xoradd_store: + istore 1,contw + increase 1,rega + increase 1,regb + loop xoradd_loop + rtn + + +function_expand: /* rega pointers to bdaddr, or aco and user is set */ + arg mem_y,contw + ifetch 6,rega + istore 6,contw + branch expand_12,user + ifetch 6,rega + branch expand_cont +expand_12: + ifetch 6,contr +expand_cont: + istore 6,contw + ifetch 4,rega + istore 4,contw + rtn + +key_offset: + arg mem_link_key,contr + arg mem_x,contw + arg 0,temp + setarg 0x8395a7 + call concatenate_temp24 + setarg 0xb3c1df + call concatenate_temp24 + setarg 0xe5e9 + call concatenate_temp16 + copy temp,regab + disable user + call key_addxor + copy regab,temp + enable user + branch key_addxor + +key_addxor: + force 8,loopcnt +key_addxor_loop: + ifetch 1,contr + compare 1,loopcnt,1 + branch key_high,user + branch key_xor,true +key_add: + iadd temp,pdata + branch key_store +key_high: + branch key_add,true +key_xor: + ixor temp,pdata +key_store: + istore 1,contw + rshift8 temp,temp + loop key_addxor_loop + rtn + +copy_aco: + fetch 6,mem_input_store+4 + store 6,mem_aco + ifetch 6,contr + istore 6,contw + rtn + +concatenate_temp24: + lshift8 temp,temp +concatenate_temp16: + lshift16 temp,temp + ior temp,temp + rtn + +ifdef TESTING +test_security: + fetch 1,0xff + branch test_security,blank + + /* inrand */ + setarg 0x1BC683 + store 3,0x0 + setarg 0x122980 + istore 3,contw + setarg 0xD0DB17 + istore 3,contw + setarg 0x2B1D78 + istore 3,contw + setarg 0x2743A6 + istore 3,contw + setarg 0xD8 + istore 1,contw + + /* comb A */ + setarg 0xA6D0C9 + store 3,0x10 + setarg 0xA9E86C + istore 3,contw + setarg 0x9E89D5 + istore 3,contw + setarg 0xC61838 + istore 3,contw + setarg 0x6F0318 + istore 3,contw + setarg 0x9F + istore 1,contw + + /* comb B */ + setarg 0x7F6833 + store 3,0x20 + setarg 0xE62E1B + istore 3,contw + setarg 0x9F67FC + istore 3,contw + setarg 0x8D3712 + istore 3,contw + setarg 0x0B846C + istore 3,contw + setarg 0x4A + istore 1,contw + + /* auth rand A */ + setarg 0xFBB686 + store 3,0x30 + setarg 0x19FE7F + istore 3,contw + setarg 0x16A439 + istore 3,contw + setarg 0xF4F6A4 + istore 3,contw + setarg 0x10D61D + istore 3,contw + setarg 0xDE + istore 1,contw + + /* auth rand B */ + setarg 0x735B0C + store 3,0x40 + setarg 0xA7F06B + istore 3,contw + setarg 0x04625E + istore 3,contw + setarg 0x3463B0 + istore 3,contw + setarg 0xB8F17A + istore 3,contw + setarg 0x7C + istore 1,contw + + /* address A */ + setarg 0xf91330 + store 3,0xb0 + setarg 0x664c7d + istore 3,contw + + /* address B */ + setarg 0xdc7100 + store 3,0xb8 + setarg 0x2ea003 + istore 3,contw + + /* sres A */ + setarg 0x2EEE19 + store 3,0x50 + setarg 0x7E + istore 1,contw + + /* sres B */ + setarg 0x4231A4 + store 3,0x58 + setarg 0xD1 + istore 1,contw + + /* linkA */ + setarg 0xa6a026 + store 3,0x60 + setarg 0x2569d2 + istore 3,contw + setarg 0xab4a9d + istore 3,contw + setarg 0x5e87c0 + istore 3,contw + setarg 0x792aa9 + istore 3,contw + setarg 0x4b + istore 1,contw + + /* linkB */ + setarg 0xa1f07d + store 3,0x70 + setarg 0xec97a6 + istore 3,contw + setarg 0xae31eb + istore 3,contw + setarg 0x6fe3c4 + istore 3,contw + setarg 0xa1ae1a + istore 3,contw + setarg 0x3a + istore 1,contw + + /* linkkey */ + setarg 0x07505b + store 3,0x80 + setarg 0xc9fe74 + istore 3,contw + setarg 0x057b76 + istore 3,contw + setarg 0x316404 + istore 3,contw + setarg 0xd884b3 + istore 3,contw + setarg 0x71 + istore 1,contw + + /* K */ + setarg 0x0c333f + store 3,0x90 + setarg 0x41de70 + istore 3,contw + setarg 0x9b05a2 + istore 3,contw + setarg 0xb954a2 + istore 3,contw + setarg 0xb37516 + istore 3,contw + setarg 0x36 + istore 1,contw + + /* kinit */ + setarg 0x5ff91a + store 3,0xa0 + setarg 0x39b5a4 + istore 3,contw + setarg 0x258f2d + istore 3,contw + setarg 0x5d4a85 + istore 3,contw + setarg 0x656ad3 + istore 3,contw + setarg 0xab + istore 1,contw + + arg 0,contr + arg mem_random_number,contw + call memcpy16 + setarg 0x3131 + store 2,mem_pin + istore 2,contw + jam 4,mem_pin_length + arg 0xb8,rega + call function_e22 + arg mem_input_store,contr + arg mem_kinit,contw + call memcpy16 + arg 0x10,rega + arg mem_kinit,regb + arg mem_random_number,contw + call xor16 + arg 0xb0,rega + call function_e21 + arg 0x60,regb + call compare16 +error_lka: + nbranch error_lka,zero + arg mem_input_store,contr + arg mem_link_key,contw + call memcpy16 + arg 0x20,rega + arg mem_kinit,regb + arg mem_random_number,contw + call xor16 + arg 0xb8,rega + call function_e21 + arg 0x70,regb + call compare16 +error_lkb: + nbranch error_lkb,zero + arg mem_input_store,rega + arg mem_link_key,regb + arg mem_link_key,contw + call xor16 + arg 0x30,contr + arg mem_random_number,contw + call memcpy16 + arg 0xb8,rega + call function_e1 + arg 0x50,regb + force 4,loopcnt + call compare_key +error_sresa: + nbranch error_sresa,zero + arg 0x40,contr + arg mem_random_number,contw + call memcpy16 + arg 0xb0,rega + call function_e1 + arg 0x58,regb + force 4,loopcnt + call compare_key +error_sresb: + nbranch error_sresb,zero + branch loop1 + + arg 0,contr + arg mem_random_number,contw + call memcpy16 + force 12,loopcnt + call memcpy + arg 0x1c,contr + arg mem_link_key,contw + call memcpy16 + arg 0x10,rega + call function_e3 + branch loop1 + +compare16: + force 16,loopcnt +compare_key: + arg mem_input_store,rega +compare_loop: + ifetch 1,rega + ifetcht 1,regb + isub temp,null + nrtn zero + increase 1,rega + increase 1,regb + loop compare_loop + force 0,pdata + rtn + +endif + + +loop1: + branch loop1 + +/* ==================== LE security ================= */ + +generate_stk: + bpatchx patch31_4,mem_patch31 + call function_s1 + arg mem_le_ltk,contw + branch store_aes_result + + /* contr = rand pointer */ +authenticate_rconfirm: + arg mem_le_srand,contw + branch authenticate_mconfirm,master + arg mem_le_mrand,contw +authenticate_mconfirm: + copy contr,rega + call memcpy16 + call function_c1 + arg mem_le_rconfirm,contr + branch compare_res + +generate_confirm: + arg mem_le_mrand,rega + branch generate_mrand,master + arg mem_le_srand,rega +generate_mrand: + copy rega,contw + call generate_random + branch function_c1 + +generate_sk: + arg mem_le_skdm,contr + call load_data128 + arg mem_le_ltk,contr + call load_key128 + force aes_big_endian | aes_load,aes_ctrl + force 0,aes_ctrl // change result to little endian + call wait_aes + arg mem_le_sk,contw + branch store_aes_result + + /* temp=packet counter, rega = length or block counter*/ +first_block_counter: + force 0x49,pdata + branch first_block +first_block_data: + force 1,pdata +first_block: + force regidx_data,regext_index /* B0 */ + lshift8 temp,regext + ior regext,regext + increase 1,regext_index + rshift8 temp,regext + rshift16 regext,regext + fetch 2,mem_le_ivm + lshift16 pdata,pdata + ior regext,regext /* octet3&octet4 of counter and low 16 bit of IV */ + increase 1,regext_index + ifetch 4,contr /* IV2-IV5 */ + iforce regext + increase 1,regext_index + ifetch 2,contr /* IV6-IV7 */ + byteswap rega,regext + lshift16 regext,regext + ior regext,regext + increase 1,regext_index + rtn + + + /* temp=packet counter, regc pointers to header, return mic in regb */ +generate_mic: + add regc,1,contr + ifetchr rega,1,contr + call first_block_counter + call do_aes_ecb + + force regidx_data,regext_index /* B1 */ + ifetch 1,regc + and_into 0x3,pdata + lshift16 pdata,regext + set1 8,regext + call clear_hidata + call do_aes_cbc + + copy rega,loopcnt + add regc,2,contr + call padding_data +generate_mic_loop: + call aes_load_data + call do_aes_cbc + deposit loopcnt + branch generate_mic_end,blank + branch generate_mic_loop +generate_mic_end: + force regidx_result,regext_index + copy regext,regb + storer regb,4,mem_le_mic + rtn + +aes_crypt_data: + increase 1,rega + call first_block_data + call aes_init + copy regc,contr + call load_data128 + call do_aes_cfb + call store_enc_data + increase 16,regc + increase -16,regb + branch aes_crypt_data,positive + rtn + +le_encrypt: + bpatchx patch31_5,mem_patch31 + arg mem_le_txheader,regc + fetcht 5,mem_le_pcnt_tx + call generate_mic + force 0,rega + call first_block_data + call aes_init + force regidx_data,regext_index + copy regb,regext + call do_aes_cfb + arg mem_le_txpayload,regc + fetch 1,mem_le_txlen + add pdata,-1,regb + iadd regc,contw + force regidx_result,regext_index + istorer regext,4,contw + force 0,rega /* rega is block counter */ + call aes_crypt_data + fetch 1,mem_le_txlen + increase 4,pdata + store 1,mem_le_txlen + fetcht 5,mem_le_pcnt_tx + increase 1,temp + storet 5,mem_le_pcnt_tx + rtn + +le_decrypt: + fetcht 5,mem_le_pcnt_rx + force 0,rega + call first_block_data + call aes_init + fetch 1,mem_le_rxbuf+1 + arg mem_le_rxbuf+2,regc + add pdata,-1,regb + increase -4,pdata /* mic will be discarded */ + store 1,mem_le_rxbuf+1 + iadd regc,contr + force regidx_data,regext_index + ifetchr regext,4,contr + call do_aes_cfb + force regidx_result,regext_index + storer regext,4,mem_le_peer_mic + force 0,rega /* rega is block counter */ + call aes_crypt_data + arg mem_le_rxbuf,regc + call generate_mic + fetch 4,mem_le_peer_mic + isub regb,pdata /* MIC ok? */ + nrtn blank + fetch 4,mem_le_last_mic /* reduntdant packet? */ + isub regb,pdata + rtn blank + storet 4,mem_le_last_mic + fetch 5,mem_le_pcnt_rx + increase 1,pdata + store 5,mem_le_pcnt_rx + force 0,pdata + rtn + +wait_aes: + nbranch wait_aes,aes_ready + rtn + + +do_aes_ecb256: + force aes_load | aes_256,aes_ctrl + force aes_256,aes_ctrl + branch wait_aes + +do_aes_ecb192: + force aes_load | aes_192,aes_ctrl + force aes_192,aes_ctrl + branch wait_aes + +do_aes_ecb: + force aes_load,aes_ctrl + force 0,aes_ctrl + branch wait_aes + + +do_aes_cbc: + force aes_load | aes_cbc,aes_ctrl + force 0,aes_ctrl + branch wait_aes + +do_aes_cfb: + force aes_load | aes_cfb,aes_ctrl + force aes_cfb,aes_ctrl + branch wait_aes + +do_aes_ecb_be: + force aes_big_endian | aes_load,aes_ctrl + force aes_big_endian,aes_ctrl + branch wait_aes + +do_aes_cbc_be: + force aes_big_endian | aes_load | aes_cbc,aes_ctrl + force aes_big_endian,aes_ctrl + branch wait_aes + + +aes_init: + force aes_initialize,aes_ctrl + force 0,aes_ctrl + rtn + +function_s1: + force regidx_data,regext_index + fetch 4,mem_le_mrand + iforce regext + increase 1,regext_index + ifetch 4,contr + iforce regext + increase 1,regext_index + fetch 4,mem_le_srand + iforce regext + increase 1,regext_index + ifetch 4,contr + iforce regext + increase 1,regext_index + call aes_clear + increase -4,regext_index + fetch 4,mem_le_tk + copy pdata,regext + branch do_aes_ecb_be + + /* rega pointers to random number */ +function_c1: + copy rega,contr + call load_data128 // load r + force aes_big_endian | aes_initialize,aes_ctrl + force 0,aes_ctrl + fetch 1,mem_le_conn_peer_addr_type + fetcht 1,mem_le_adv_own_addr_type + nbranch function_c1_irat,master + fetch 1,mem_le_conn_own_addr_type + fetcht 1,mem_le_conn_peer_addr_type +function_c1_irat: + store 1,mem_le_iat + storet 1,mem_le_rat + arg mem_le_iat,contr + call load_data128 // load p1 + call aes_clear + increase -4,regext_index + fetch 4,mem_le_tk + copy pdata,regext + force aes_big_endian | aes_cbc | aes_load,aes_ctrl + force aes_big_endian,aes_ctrl + fetch 6,mem_le_lap + fetcht 6,mem_le_plap + branch function_c1_master,master + fetch 6,mem_le_plap + fetcht 6,mem_le_lap +function_c1_master: + force regidx_data,regext_index + copy temp,regext + increase 1,regext_index + rshift32 temp,regext + lshift16 pdata,pdata + ior regext,regext + increase 1,regext_index + rshift32 pdata,regext + increase 1,regext_index + force 0,regext /* p2 = ia || ra */ + branch do_aes_cbc_be + + +padding_data: + compare 0,loopcnt,3 + rtn true + deposit contr + iadd loopcnt,contw + force 0,pdata +padding_loop: + istore 1,contw + increase 1,loopcnt + compare 0,loopcnt,3 + rtn true + branch padding_loop + +aes_load_data: + force regidx_data,regext_index +load_data_loop: + deposit loopcnt + branch load_data_padding,blank + ifetch 4,contr + increase -4,loopcnt +load_data_padding: + iforce regext + increase 1,regext_index + compare regidx_key,regext_index,0xf + rtn true + branch load_data_loop + +load_key256: + force 8,loopcnt + branch load_key +load_key192: + force 6,loopcnt + branch load_key +load_key128: + force 4,loopcnt +load_key: + force regidx_key,regext_index + branch load_regext_loop +load_data128: + force regidx_data,regext_index + force 4,loopcnt +load_regext_loop: +// ifetchr regext,4,contr + ifetch 4,contr + icopy regext + increase 1,regext_index + loop load_regext_loop + rtn + + +load_sk: + arg mem_le_sk,contr + branch load_key128 + +clear_hidata: + force 4,loopcnt + branch clear_data_rest + +aes_clear_data: + force regidx_data,regext_index +aes_clear: + force 4,loopcnt +clear_loop: + force 0,regext +clear_data_rest: + increase 1,regext_index + loop clear_loop + rtn + +store_aes_result: + force regidx_result,regext_index + force 4,loopcnt +send_aes_result_loop: + deposit regext + istore 4,contw + increase 1,regext_index + loop send_aes_result_loop + rtn + +store_enc_data: + force regidx_result,regext_index + copy regc,contw + add regb,1,loopcnt + sub loopcnt,15,null + branch store_enc_loop,positive + force 16,loopcnt +store_enc_loop: + deposit regext + sub loopcnt,3,null + branch store_enc_byte,positive + istore 4,contw + increase -4,loopcnt + rtn zero + increase 1,regext_index + branch store_enc_loop +store_enc_byte: + istore 1,contw + rshift8 pdata,pdata + loop store_enc_byte + rtn + + /* contr pointers to value to be compared */ +compare_res: + force regidx_result,regext_index + force 4,loopcnt +compare_res_loop: + ifetch 4,contr + isub regext,null + nrtn zero + increase 1,regext_index + loop compare_res_loop + force 0,null + rtn + +enable_authrom: + fetch 1,core_config + set1 CLOCK_ON_AUTH_ROM,pdata + store 1,core_config + rtn + +disable_authrom: + fetch 1,core_config + set0 CLOCK_ON_AUTH_ROM,pdata + store 1,core_config + rtn + +init_memp: + arg mem_p,contw + setsect 0,0x3ffff + setsect 1,0x3ffff + setsect 2,0x3ffff + setsect 3,0x3fbff + istore 9,contw + setsect 0,0x3ffff + setsect 1,0x3ffff + setsect 2,0x3ffff + setsect 3,0x3ffff + istore 9,contw + setsect 0,0x3ffff + setsect 1,0x3ffff + setsect 2,0x3cfff + setsect 3,0x3ffff + istore 9,contw + setsect 0,0x3ffff + setsect 1,0x3ffff + setsect 2,0x3ffef + setsect 3,0x3ffff + istore 9,contw + setsect 0,0x3ffff + setsect 1,0x3ffff + setsect 2,0x3ffff + setsect 3,0x3ffff + istore 9,contw + setsect 0,0x3ffff + setsect 1,0x26c7f + setsect 2,0x146b + setsect 3,0x37bb3 + istore 9,contw + setsect 0,0x1feb8 + setsect 1,0x10c12 + setsect 2,0x2b722 + setsect 3,0x29fa6 + istore 9,contw + setsect 0,0xe70f + setsect 1,0x16720 + setsect 2,0x519e + setsect 3,0x19084 + istore 9,contw + setsect 0,0x31012 + setsect 1,0x360bf + setsect 2,0x3f0af + setsect 3,0x3d3 + istore 9,contw + setsect 0,0x3a188 + setsect 1,0x3ad0 + setsect 2,0x3cbf2 + setsect 3,0x243d9 + istore 9,contw + setsect 0,0x2b030 + setsect 1,0x36a03 + setsect 2,0x11188 + setsect 3,0x1e520 + istore 9,contw + setsect 0,0x3a11e + setsect 1,0xfe5d + setsect 2,0xdd57 + setsect 3,0x1ac93 + istore 9,contw + setsect 0,0x11ed + setsect 1,0x218c4 + setsect 2,0x8da7 + setsect 3,0x257ff + istore 9,contw + setsect 0,0x3192b + setsect 1,0x34641 + setsect 2,0x1be0c + setsect 3,0x366ad + istore 9,contw + setsect 0,0x1f83 + setsect 1,0x15a23 + setsect 2,0x3f9b0 + setsect 3,0x3949 + istore 9,contw + setsect 0,0x13a51 + setsect 1,0x153fd + setsect 2,0x3372a + setsect 3,0xf1bb + istore 9,contw + setsect 0,0x3ae85 + setsect 1,0x1eed9 + setsect 2,0x9e66 + setsect 3,0x1a8 + istore 8,contw + rtn + +ifdef SECURE_CONNECTION + + +init_memp_256: + arg mem_p_256,contw + setsect 0,0x3ffff + setsect 1,0x3ffff + setsect 2,0x3ffff + setsect 3,0x3ffff + istore 9,contw + setsect 0,0x3ffff + setsect 1,0x3f + setsect 2,0x0 + setsect 3,0x0 + istore 9,contw + setsect 0,0x0 + setsect 1,0x0 + setsect 2,0x1000 + setsect 3,0x0 + istore 9,contw + setsect 0,0x3ff00 + setsect 1,0x3ffff + setsect 2,0x3ffcf + setsect 3,0x3ffff + istore 9,contw + setsect 0,0x3ffff + setsect 1,0x3ffff + setsect 2,0x3ffff + setsect 3,0x3ff + istore 9,contw + setsect 0,0x0 + setsect 1,0x0 + setsect 2,0x0 + setsect 3,0x0 + istore 9,contw + setsect 0,0x10000 + setsect 1,0x0 + setsect 2,0x3f000 + setsect 3,0x3ffff + istore 9,contw + setsect 0,0x296ff + setsect 1,0x22630 + setsect 2,0x3945d + setsect 3,0x3d284 + istore 9,contw + setsect 0,0x333a0 + setsect 1,0x4b7a + setsect 2,0x37d8 + setsect 3,0x3c9dc + istore 9,contw + setsect 0,0x3a440 + setsect 1,0x1b958 + setsect 2,0x38bce + setsect 3,0x1091f + istore 9,contw + setsect 0,0x2e12c + setsect 1,0x1f47c + setsect 2,0x356b1 + setsect 3,0x2fd47 + istore 9,contw + setsect 0,0x6837 + setsect 1,0x2ed90 + setsect 2,0x1ecec + setsect 3,0x1acc5 + istore 9,contw + setsect 0,0x23357 + setsect 1,0x18af3 + setsect 2,0xf9e1 + setsect 3,0x129f0 + istore 9,contw + setsect 0,0x2e7eb + setsect 1,0x3e6e3 + setsect 2,0x3e1a7 + setsect 3,0x10b8b + istore 9,contw + setsect 0,0x24fe3 + setsect 1,0x20ef + setsect 2,0x1b5a6 + setsect 3,0xdc2f + istore 9,contw + setsect 0,0x13860 + setsect 1,0x2bd69 + setsect 2,0x391a + setsect 3,0x1b222 + istore 9,contw + rtn +endif + Index: dukaqi/senrui/program/sim.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/sim.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/sim.prog (working copy) @@ -0,0 +1,222 @@ +simstart: +// call sim_qspi + force 8,radio_ctrl + force 0,radio_ctrl + jam 0xe0,0x8907 // set if_phase=7 for simulation environment + jam 0xe0,0x890a + jam 0x25,0x8912 + jam 0xff,rfen_ck + jam 0x5,core_clksel + setarg 0x100 + store 2,core_sec_readdr + arg 0x133,contru + ifetch 1,contru + fetch 1,core_config +// jam 5,core_clksel +// call sim_dac +// call sim_cvsd + branch sim_lpm +// branch sim_aes +// branch sim_clk + branch sim_ahb +// call sim_adcd +// branch sim_assert +// call sim_aes +// branch test_tx +// branch sim_le +// branch sim_250k +// branch sim_clk +// branch sim_c1 +// branch loop + branch sim_main + +sim_assert: + branch sim_assert + +sim_ahb: + call wait_sec_powerup + arg 0xf,addhi + setarg 0 + store 3,0x10 + store 1,0x18532 +testbus_loop: + arg 0xf,addhi + fetch 1,0x18532 + fetcht 1,0x10 + isub temp,null + nbranch assert,zero + increase 1,pdata + store 1,0x10 + store 1,0x18532 + arg 0x100,addhi + fetcht 3,0x10091 + setarg 0x584049 + isub temp,null + nbranch assert,zero + branch testbus_loop + + +sim_main: + call init_param + setarg 0xff00 + store 2,core_lpm_reg+2 + jam lpmreg_sel_ctrl2,core_lpm_wr + jam 4,core_config + fetch 1,0x87ff + beq 1,sim_slave + jam dvc_op_hci,mem_device_option + fetch 6,mem_lap + store 6,mem_hci_plap + setarg 0xbdbdbd + store 3,mem_lap + istore 3,contw + jam hci_cmd_create_conn,mem_hci_cmd + force 0x10,pdata + add pdata,-2,clkn_bt + store 4,mem_page_clk + rshift clkn_bt,pdata + store 4,mem_last_clkn + jam 0,mem_scan_mode +sim_loop: + call idle_dispatch + fetch 1,mem_context + bbit0 state_inconn,sim_skip + set1 mark_tx_l2cap,mark + fetch 1,mem_context + coffset_state_map + set1 smap_edr,pdata + store 1,mem_context + coffset_state_map + fetch 1,mem_context + coffset_op + set1 op_txl2cap,pdata + store 1,mem_context + coffset_op + jam 0,mem_context + coffset_lmp_to_send + jam 0,mem_lmo_opcode2 + setarg 700 + store 2,mem_tx_len + setarg mem_tmp_buffer + store 2,mem_txptr + jam 6,mem_tx_lch + jam 1,mem_hci_conn_handle +sim_skip: + call connection_dispatch + branch sim_loop + +sim_slave: + jam 2,mem_scan_mode + call page_scan_dispatch + branch sim_loop + + +sim_lpm: + jam 0x40,mem_gpio_wakeup + 5 + branch sim_lpm_sleep + branch lpm_doze + branch lpm_hibernate + jam 0x30,core_clksel + jam ccnt_start,core_dma_start +sim_lpm_wait: + call lpo_calibration + fetch 3,mem_clks_per_lpo + branch sim_lpm_wait,blank + call lpm_recover_clk,wake +sim_lpm_sleep: + arg 30,temp + branch lpm_sleep + + +ifdef NULL + +sim_250k: + call init_250k + fetch 1,1 + bbit1 7,sim_250k_rx + call tx_radio_freq + call start_transmitter /* get ready for that id packet */ + nop 600 + enable encode_fec0 + set1 TXGFSK,radio_ctrl + force 0,pdata + inject mod,9 + setarg 0xaa + inject mod,8 + preload access + inject mod,32 + setarg 0x1da861 + inject mod,24 + setarg 0x94445b + inject mod,24 + setarg 0x1275f + inject mod,24 + branch loop +sim_250k_rx: + call rx_radio_freq + call start_receiver /* wait for that id packet from master */ + enable decode_fec0 + correlate null,never + parse demod,bucket,72 + branch loop + + + +sim_clk: + add lpo_time,12,alarm + snooze +clock_loop: + nop 10 + random pdata + and_into 0x1f,pdata + store 1,core_clksel + branch clock_loop + jam 2,core_kick + nop 200 + jam 2,core_clksel + setarg 1500 + call sleep + jam 0x42,core_clksel + add lpo_time,200,alarm + snooze + branch 0x4000 + + + + +sim_aes: + arg mem_x,contw + setsect 0,0x17e2b + setsect 1,0x20585 + setsect 2,0x12ae2 + setsect 3,0x2ae9b + istore 9,contw + setsect 0,0x15f7 + setsect 1,0x3c262 + setsect 2,0x3c4fc + setsect 3,0x0 + istore 7,contw + setsect 0,0x2c16b + setsect 1,0x3b8af + setsect 2,0x1f402 + setsect 3,0x3a65a + istore 9,contw + setsect 0,0x17e3d + setsect 1,0xdcc4 + setsect 2,0x2a179 + setsect 3,0x0 + istore 7,contw + setsect 0,0x3d73a + setsect 1,0x36d1e + setsect 2,0x367a0 + setsect 3,0x2a180 + istore 9,contw + setsect 0,0x3ca9e + setsect 1,0x1893c + setsect 2,0x17ef6 + setsect 3,0x2 + istore 7,contw + arg mem_x,contr + call load_key128 + call load_data128 + call do_aes_ecb + call compare_res + branch loop,zero + branch sim_assert + +endif Index: dukaqi/senrui/program/simple_pairing.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/simple_pairing.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/simple_pairing.prog (working copy) @@ -0,0 +1,2362 @@ + +publickey_init: + fetch 1,mem_ssp_enable + nbranch sp_initialize,blank + branch sp_initialize_256 + +sp_calc_sequence_256_check: + bpatchx patch31_6,mem_patch31 + fetch 1,mem_ssp_enable + rtn blank + fetch 1,mem_sp_local_key_invalid + rtnne SP_KEY_VALID + fetch 1,mem_le_secure_connect_enable + rtn blank + fetch 1,mem_le_sc_local_key_invalid + rtneq SP_KEY_VALID_256 + fetch 2,mem_ui_state_map + bbit1 UI_STATE_BT_CONNECTED,stop_publickey_calc_256 + fetch 1,mem_le_sc_calc + beq SP_CALC_STANDBY,sp_initialize_256 + rtn +stop_publickey_calc_256: + jam SP_CALC_STANDBY,mem_le_sc_calc + rtn + +ifdef SIMPLE_PAIRING + +sp_initialize: + bpatchx patch31_7,mem_patch31 + fetch 1,mem_ssp_enable + branch ssp_disable, blank + call ssp_enable + call sp_clear_flags + branch sp_pubkey_calc + +sp_clear_flags: + setarg 0 + store 8,mem_sp_state_start + store 4,mem_sp_flag_start + store 7,mem_sp_iocap_remote + rtn + +sp_generate_local_key: + jam SP_FLAG_COMMIT,mem_sp_flag + branch sp_generate_local_key0 +sp_master_generate_local_key: + fetch 1,mem_sp_local_key_invalid + beq SP_KEY_VALID,sp_dhkey_calc + branch assert +sp_generate_local_key0: + fetch 1,mem_sp_local_key_invalid + beq SP_KEY_VALID,sp_start_send_pubkey + branch sp_pubkey_calc + +sp_start_send_pubkey: + call sp_dhkey_calc + fetch 1,mem_master_sp_state + nrtn blank + jam SP_STAT_KEY_SEND,mem_sp_state + rtn + + +sp_calc_check_publickey_256: + call sp_calc_b256 + arg mem_le_pubkey_remote_y_256,regA + arg mem_t7_256,contw + call bn_sqrmod_256 + arg mem_le_pubkey_remote_x_256,regA + arg mem_t2_256,contw + call bn_sqrmod_256 + arg mem_t2_256,regA + arg mem_le_pubkey_remote_x_256,regB + arg mem_t2_256,contw + call bn_mulmod_256 + arg mem_a_256,regA + arg mem_le_pubkey_remote_x_256,regB + arg mem_t3_256,contw + call bn_mulmod_256 + arg mem_t3_256,regA + arg mem_t2_256,regB + arg mem_t2_256,contw + call bn_addmod_256 + arg mem_t0_256,regA + arg mem_t2_256,regB + arg mem_t0_256,contw + call bn_addmod_256 + arg 32,loopcnt + arg mem_t7_256,regA + arg mem_t0_256,regB + branch string_compare + +sp_calc_b256: + arg mem_gy_256,regA + arg mem_t0_256,contw + call bn_sqrmod_256 + arg mem_gx_256,regA + arg mem_t2_256,contw + call bn_sqrmod_256 + arg mem_t2_256,regA + arg mem_gx_256,regB + arg mem_t2_256,contw + call bn_mulmod_256 + arg mem_a_256,regA + arg mem_gx_256,regB + arg mem_t3_256,contw + call bn_mulmod_256 + arg mem_t3_256,regA + arg mem_t2_256,regB + arg mem_t2_256,contw + call bn_addmod_256 + arg mem_t0_256,regA + arg mem_t2_256,regB + arg mem_t0_256,contw + branch bn_submod_256 + +sp_calc_check_publickey: + call sp_calc_b + arg mem_sp_pubkey_remote_y,regA + arg mem_t7_256,contw + call bn_sqrmod + arg mem_sp_pubkey_remote_x,regA + arg mem_t2_256,contw + call bn_sqrmod + arg mem_t2_256,regA + arg mem_sp_pubkey_remote_x,regB + arg mem_t2_256,contw + call bn_mulmod + arg mem_a,regA + arg mem_sp_pubkey_remote_x,regB + arg mem_t3_256,contw + call bn_mulmod + arg mem_t3_256,regA + arg mem_t2_256,regB + arg mem_t2_256,contw + call bn_addmod + arg mem_t0_256,regA + arg mem_t2_256,regB + arg mem_t0_256,contw + call bn_addmod + arg 24,loopcnt + arg mem_t7_256,regA + arg mem_t0_256,regB + branch string_compare + +sp_calc_b: + arg mem_gy,regA + arg mem_t0_256,contw + call bn_sqrmod + arg mem_gx,regA + arg mem_t2_256,contw + call bn_sqrmod + arg mem_t2_256,regA + arg mem_gx,regB + arg mem_t2_256,contw + call bn_mulmod + arg mem_a,regA + arg mem_gx,regB + arg mem_t3_256,contw + call bn_mulmod + arg mem_t3_256,regA + arg mem_t2_256,regB + arg mem_t2_256,contw + call bn_addmod + arg mem_t0_256,regA + arg mem_t2_256,regB + arg mem_t0_256,contw + branch bn_submod + + +sp_calculate_commitment: + fetch 1,mem_sp_calc + bne SP_CALC_STANDBY,sp_calculate_commitment_wait_dhkey_calc + call sp_local_random_key_generator + arg mem_sp_prarm_stack,contw + setarg mem_sp_random_local_end + istore 2,contw + setarg mem_sp_pubkey_local_x_end + istore 2,contw + setarg mem_sp_pubkey_remote_x_end + istore 2,contw + branch sp_calculate_commitment0 +master_sp_calculate_commitment: + arg mem_sp_prarm_stack,contw + setarg mem_sp_random_remote_end + istore 2,contw + setarg mem_sp_pubkey_remote_x_end + istore 2,contw + setarg mem_sp_pubkey_local_x_end + istore 2,contw +sp_calculate_commitment0: + call function_f1 + fetch 1,mem_master_sp_state + beq SP_STAT_COMMIT_CALC,master_sp_calculate_commitment0 + jam SP_FLAG_COMMIT,mem_sp_flag + jam SP_STAT_COMMIT_SEND,mem_sp_state + rtn +master_sp_calculate_commitment0: + jam SP_STAT_COMMITMENT_COMPARE,mem_master_sp_state + call sp_master_generate_local_key + branch master_set_mem_master_sp_flag + +sp_local_random_key_generator: + arg mem_sp_random_local,contw + force 8,queue + branch random_generator + +sp_calculate_commitment_wait_dhkey_calc: + jam SP_FLAG_COMMIT,mem_sp_flag + rtn + +sp_confirm_check: + /* calculate Ea here */ + bpatchx patch32_0,mem_patch32 + arg mem_addr_value,contw + fetch 6,mem_lap + istore 6,contw + fetch 6,mem_plap + istore 6,contw + fetch 3,mem_sp_iocap_remote + istore 3,contw + + call function_f3a + + arg mem_sp_calc_result_high,regA + arg mem_sp_check_result,regB + force 4,queue + call compare4 + nbranch sp_confirm_check_failed,true + + call sp_confirm_check_success + jam LMP_DHKey_Check,mem_lmi_opcode2 + branch tid_set_reply + +sp_confirm_check_success: + fetch 1,mem_master_sp_state + beq SP_STAT_CONFIRM_CHECK,sp_confirm_check_success_master + jam SP_STAT_CONFIRM_CALC,mem_sp_state + jam SP_FLAG_COMMIT,mem_sp_flag + jam LMP_ACCEPTED,mem_lmo_opcode2 + rtn +sp_confirm_check_success_master: + jam LMP_ACCEPTED,mem_lmo_opcode2 + jam SP_STATE_END,mem_master_sp_state + branch master_set_mem_master_sp_flag + //accept opcode? + +sp_confirm_check_failed: + fetch 1,mem_master_sp_state + beq SP_STAT_CONFIRM_CHECK,sp_confirm_check_failed_master + jam SP_STAT_NULL,mem_sp_state + jam LMP_NOT_ACCEPTED,mem_lmo_opcode2 + //accept opcode? + jam AUTHENTICATION_FAILURE_ERROR,mem_lmo_reason2 + rtn +sp_confirm_check_failed_master: + jam LMP_NOT_ACCEPTED,mem_lmo_opcode2 + jam SP_STAT_NULL,mem_master_sp_state + rtn + +sp_confirm_calc: + fetch 1,mem_sp_dh_ready + beq SP_FLAG_COMMIT, sp_confirm_calc_ready + jam SP_STAT_CONFIRM_CALC,mem_master_sp_state + branch master_set_mem_master_sp_flag +sp_confirm_calc_ready: + arg mem_addr_value,contw + fetch 6,mem_plap + istore 6,contw + fetch 6,mem_lap + istore 6,contw + fetch 3,mem_sp_iocap_local + istore 3,contw + + call function_f3b + fetch 1,mem_master_sp_state + beq SP_STAT_CONFIRM_CALC,sp_confirm_calc_master + jam SP_STAT_CONFIRM_SEND,mem_sp_state + jam SP_FLAG_COMMIT,mem_sp_flag + rtn +sp_confirm_calc_master: + jam SP_STAT_CONFIRM_SEND,mem_master_sp_state + jam SP_FLAG_COMMIT,mem_master_sp_flag + rtn + +sp_master_key_prarm_push: + arg mem_sp_prarm_stack,contw + fetch 6,mem_plap + istore 6,contw + fetch 6,mem_lap + istore 6,contw + setarg mem_sp_random_local_end + istore 2,contw + setarg mem_sp_random_remote_end + istore 2,contw + branch sp_link_key_calc +sp_link_key_prarm_push: + jam SP_STAT_DONE,mem_sp_state + arg mem_sp_prarm_stack,contw + fetch 6,mem_lap + istore 6,contw + fetch 6,mem_plap + istore 6,contw + setarg mem_sp_random_remote_end + istore 2,contw + setarg mem_sp_random_local_end + istore 2,contw +sp_link_key_calc: + /*calculate Link key here */ + arg mem_addr_value,contw + fetch 6,mem_sp_prarm_stack + istore 6,contw + fetch 6,mem_sp_prarm_stack+6 + istore 6,contw + + call function_f2 + + /*handle linkkey */ + jam 1,mem_link_key_exists + arg mem_link_key,contw + arg mem_sp_calc_result_high,contr + call memcpy16 + branch generate_linkkey_continue + + +sp_pubkey_calc: + bpatchx patch32_1,mem_patch32 + fetch 1,mem_sp_local_key_invalid + rtnne SP_KEY_INVALID + fetch 1,mem_sp_calc + rtnne SP_CALC_STANDBY + arg mem_sp_private_key,contw + force 11,queue + call random_generator + random pdata + rshift pdata,pdata + istore 2,contw +/* we don't need fixed private key,generate random key instead */ + arg mem_k,contw + arg mem_sp_private_key,contr + call memcpy24 //mem_sp_private_key=>mem_k 24BYTES + + arg mem_ax,contw + arg mem_gx,contr + call memcpy48 //mem_gx=>mem_ax 48bytes + + arg mem_az,contw + call bn_zero + jam 1,mem_az //0=>mem_az 24bytes + + call eckp_calc_init + jam SP_CALC_PUBKEY,mem_sp_calc + rtn + +sp_pubkey_generated: + arg mem_sp_pubkey_local,contw + arg mem_bx,contr + call memcpy48 + jam SP_KEY_VALID,mem_sp_local_key_invalid + jam SP_CALC_STANDBY,mem_sp_calc + rtn + +sp_dhkey_calc: + bpatchx patch32_2,mem_patch32 + fetch 1,mem_sp_dhkey_invalid + rtnne SP_KEY_INVALID + fetch 1,mem_sp_calc + rtnne SP_CALC_STANDBY + + arg mem_k,contw + arg mem_sp_private_key,contr + call memcpy24 + + arg mem_ax,contw + arg mem_sp_pubkey_remote,contr + call memcpy48 + + arg mem_az,contw + call bn_zero + jam 1,mem_az + + call eckp_calc_init + jam SP_CALC_DHKEY,mem_sp_calc + rtn + +sp_dhkey_generated: + jam SP_FLAG_COMMIT,mem_sp_dh_ready + arg mem_sp_dhkey,contw + arg mem_bx,contr + call memcpy24 + jam SP_KEY_VALID,mem_sp_dhkey_invalid + jam SP_CALC_STANDBY,mem_sp_calc + rtn + +random_generator: + increase -1,queue + nrtn positive + random pdata + istore 2,contw + branch random_generator +compare4: + increase -1,queue + nbranch compare4_success,positive + ifetch 4,regA + copy pdata,temp + ifetch 4,regB + iflip temp,pdata + nbranch compare4_failed,zero + increase 4,regA + increase 4,regB + branch compare4 +compare4_failed: + disable true + rtn +compare4_success: + enable true + rtn + +/*************************************************/ +/** Message state machine routines ***************/ +/*************************************************/ +// simple pairing support + +simple_pairing_sequence: + bpatchx patch32_3,mem_patch32 + fetch 1,mem_sp_flag + rtn blank + call lmo_fifo_check + nrtn blank + jam SP_FLAG_STANDBY,mem_sp_flag + fetch 1,mem_sp_state + beq SP_STAT_KEY_SEND,sp_send_LMP_ENCAPSULATED_HEADER + beq SP_STAT_COMMIT_SEND,sp_send_LMP_SIMPLE_PAIRING_COMFIRM + beq SP_STAT_RANDOM_SEND,sp_send_LMP_SIMPLE_PAIRING_NUMBER + beq SP_STAT_CONFIRM_SEND,sp_send_LMP_DHKEY_CHECK + beq SP_STAT_KEY_GENERATE,sp_generate_local_key + beq SP_STAT_COMMIT_CALC,sp_calculate_commitment + beq SP_STAT_CONFIRM_CHECK,sp_confirm_check + beq SP_STAT_CONFIRM_CALC,sp_confirm_calc + beq SP_STAT_LINK_KEY_CALC,sp_link_key_prarm_push + //beq SP_STAT_FEATURE_EXT_SEND,send_LMP_FEATURES_REQ_EXT + rtn + +master_simple_paring_sequence: + bpatchx patch32_4,mem_patch32 + fetch 1,mem_master_sp_flag + rtn blank + call lmo_fifo_check + nrtn blank + jam SP_FLAG_STANDBY,mem_master_sp_flag + fetch 1,mem_master_sp_state + beq SP_MASTER_STAT_START_SKIP,sp_master_send_io_cap_get + beq SP_MASTER_STAT_START_DONE,sp_master_send_io_cap_send + beq SP_STAT_KEY_SEND,sp_master_send_LMP_ENCAPSULATED_HEADER + beq SP_STAT_COMMIT_CALC,master_sp_calculate_commitment + beq SP_STAT_COMMITMENT_COMPARE,sp_master_commitment_compare + beq SP_STAT_RANDOM_SEND,sp_master_send_LMP_SIMPLE_PAIRING_NUMBER + beq SP_STAT_CONFIRM_CALC,sp_confirm_calc + beq SP_STAT_CONFIRM_SEND,master_sp_send_lmp_dhkey_check + beq SP_STAT_CONFIRM_CHECK,sp_confirm_check + beq SP_STATE_END,master_sp_sm_end + rtn + +master_set_mem_master_sp_flag: + jam SP_FLAG_COMMIT,mem_master_sp_flag + rtn + +master_clear_mem_master_sp_flag: + jam SP_FLAG_STANDBY,mem_master_sp_flag + rtn +sp_calc_sequence: + bpatchx patch32_5,mem_patch32 + fetch 1,mem_ssp_enable + rtn blank + fetch 1,mem_sp_calc + rtn blank + increase 0x80,pdata + store 1,mem_sp_calc + rtnbit1 7 + fetch 1,mem_ec_loopc + branch sp_calc_sequence_done,blank + branch eckp_calc + +sp_calc_sequence_done: + call ecunmapz + fetch 1,mem_sp_calc + beq SP_CALC_PUBKEY,sp_pubkey_generated + beq SP_CALC_DHKEY,sp_dhkey_generated + rtn + + +bn_testbit: + and pdata,7,queue + rshift3 pdata,pdata + iadd contr,contr + ifetch 1,contr + qisolate0 pdata + rtn + + +ec_copy: + call memcpy24 + call memcpy24 + branch memcpy24 + + +bn_eq_zero: + ifetch 8,contr + nrtn blank + ifetch 8,contr + nrtn blank + ifetch 8,contr + rtn + + + /* return zero if eq */ + +bn_eq_0: + ifetch 4,regA + iforce temp + ifetch 4,regB + isub temp,null + nrtn zero + increase 4,regA + increase 4,regB + loop bn_eq_0 + rtn + + /* return positive if A >= B */ +bn_bigeq: + force 6,loopcnt + increase 20,regA + increase 20,regB +bn_bigeq_0: + ifetch 4,regB + iforce temp + ifetch 4,regA + isub temp,pdata + nrtn positive + nrtn blank + increase -4,regA + increase -4,regB + loop bn_bigeq_0 + rtn + +bn_add: + force 6,loopcnt + force 0,regC +bn_add_0: + ifetch 4,regA + iforce temp + ifetch 4,regB + iadd temp,pdata + iadd regC,pdata + istore 4,contw + isolate1 32,pdata + setflag true,0,regC + increase 4,regA + increase 4,regB + loop bn_add_0 + rtn + +bn_sub: + force 6,loopcnt + force 0,regC +bn_sub_0: + ifetch 4,regB + iforce temp + ifetch 4,regA + isub temp,pdata + isub regC,pdata + istore 4,contw + isolate1 32,pdata + setflag true,0,regC + increase 4,regA + increase 4,regB + loop bn_sub_0 + rtn + +bn_rshift6: + force 6,loopcnt + increase 20,regA +bn_rshift: + force 0,regC +bn_rshift_0: + ifetch 4,regA + isolate1 0,pdata + setflag true,1,regC + rshift pdata,pdata + isolate1 0,regC + setflag true,31,pdata + istore 4,regA + increase -4,regA + rshift regC,regC + loop bn_rshift_0 + rtn + +bn_lshift: + force 6,loopcnt + force 0,regC +bn_lshift_0: + ifetch 4,regA + isolate1 31,pdata + setflag true,1,regC + lshift pdata,pdata + isolate1 0,regC + setflag true,0,pdata + istore 4,regA + increase 4,regA + rshift regC,regC + loop bn_lshift_0 + rtn + +bn_lshiftmod: + call bn_lshift +bn_lshiftmod_ismod: + isolate1 0,regC + branch bn_lshiftmod_0,true + arg mem_p,regB + copy regA,regC + increase -24,regA + call bn_bigeq + nrtn positive + copy regC,regA +bn_lshiftmod_0: + increase -24,regA + arg mem_p,regB + copy regA,contw + branch bn_sub + + +bn_addmod: + call bn_add + copy contw,regA + branch bn_lshiftmod_ismod + +bn_submod: + call bn_sub + isolate0 0,regC + rtn true + arg mem_p,regB + add contw,-24,regA + copy regA,contw + branch bn_add + + +bn_p192mod: + copy contw,timeup /* save result ptr */ + copy regA,alarm /* temp save regA */ + arg mem_tmp2,regB + copy regB,contw + add regA,24,contr + ifetch 8,contr + istore 8,contw + istore 8,contw + force 0,pdata + istore 8,contw + copy timeup,contw + call bn_addmod + arg mem_tmp2,regB + copy regB,contw + force 0,pdata + istore 8,contw + add alarm,32,contr + ifetch 8,contr + istore 8,contw + istore 8,contw + copy timeup,regA + copy regA,contw + call bn_addmod + arg mem_tmp2,regB + copy regB,contw + add alarm,40,contr + ifetch 8,contr + istore 8,contw + istore 8,contw + istore 8,contw + copy timeup,regA + copy regA,contw + branch bn_addmod + + +bn_load: + force 6,loopcnt +bn_load_0: + ifetch 4,contr + iforce regext + increase 1,regext_index + loop bn_load_0 + rtn + + + /* cost 1562 clks */ +bn_mulmod: + copy contw,timeup /* save result ptr */ + arg mem_tmp1,contw + call bn_zero + arg mem_tmp1,contw + copy regA,contr + force 0,regext_index + call bn_load + copy regB,contr + call bn_load + force 0,regB +bn_mulmod_1: + force 0,temp + force 6,regC +bn_mulmod_0: + ifetch 4,contw /* d[i+j] */ + iforce regA + copy regB,regext_index + deposit regext + copy regC,regext_index + imul32 regext,pdata + iadd regA,pdata /* uv = a[i]*b[j] + d[i+j] */ + iadd temp,pdata /* uv += u */ + istore 4,contw /* ->d[i+j] */ + rshift32 pdata,temp /* temp = u = uv >> 32 */ + increase 1,regC + compare 12,regC,0xff + nbranch bn_mulmod_0,true + deposit temp + istore 4,contw /* d[i + 12] = u */ + increase -24,contw + increase 1,regB + compare 6,regB,0xff + nbranch bn_mulmod_1,true + arg mem_tmp1,regA + copy timeup,contw + branch bn_p192mod + + +bn_sqrmod: + copy regA,regB + branch bn_mulmod + +bn_rshifteven: + copy regA,alarm +bn_rshifteven_1: + copy alarm,regA + ifetch 1,regA + isolate1 0,pdata + rtn true + call bn_rshift6 + ifetch 1,regB + isolate0 0,pdata + branch bn_rshifteven_0,true + arg mem_p,regA + copy regB,contw + call bn_add + ifetch 1,regB + iadd regC,pdata + istore 1,regB /* [6] */ + increase -24,regB +bn_rshifteven_0: + add regB,24,regA + force 7,loopcnt + call bn_rshift + branch bn_rshifteven_1 + + /* cost 141910 clks */ +bn_invmod: + copy contw,timeup /* save result ptr */ + arg mem_tmp0,contw /* x */ + call bn_zero + force 0,pdata + store 4,mem_tmp5 + store 4,mem_t2 + jam 1,mem_tmp0 + arg mem_tmp1,contw /* y */ + call bn_zero + arg mem_p,contr + arg mem_tmp2,contw /* a */ + call memcpy24 + copy regA,contr + arg mem_tmp3,contw /* b */ + call memcpy24 +bn_invmod_2: + arg mem_tmp3,contr + call bn_eq_zero + branch bn_invmod_0,blank + arg mem_tmp3,regA + arg mem_tmp0,regB + call bn_rshifteven + + arg mem_tmp2,regA + arg mem_tmp1,regB + call bn_rshifteven + arg mem_tmp3,regA + arg mem_tmp2,regB + call bn_bigeq + branch bn_invmod_1,positive + arg mem_tmp2,regA + arg mem_tmp3,regB + copy regA,contw + call bn_sub + arg mem_tmp0,regA + arg mem_tmp1,regB + copy regB,contw + call bn_add + ifetch 1,regA + iadd regC,regC + ifetch 1,regB + iadd regC,pdata + istore 1,regB + branch bn_invmod_2 +bn_invmod_1: + arg mem_tmp3,regA + arg mem_tmp2,regB + copy regA,contw + call bn_sub + arg mem_tmp1,regA + arg mem_tmp0,regB + copy regB,contw + call bn_add + ifetch 1,regA + iadd regC,regC + ifetch 1,regB + iadd regC,pdata + istore 1,regB + branch bn_invmod_2 +bn_invmod_0: + arg mem_tmp0,contw + call bn_zero + fetch 1,mem_tmp5 + store 1,mem_tmp0 + store 1,mem_tmp0a + arg mem_tmp0,regA + arg mem_tmp1,regB + copy regB,contw + call bn_addmod + arg mem_p,regA + arg mem_tmp1,regB + copy timeup,contw + branch bn_submod + + + + /* cost 64742 clks */ +ecdbl: + arg mem_cz,regA + arg mem_t2,contw + call bn_sqrmod + arg mem_t2,regA + arg mem_t3,contw + call bn_sqrmod + arg mem_a,regA + arg mem_t3,regB + arg mem_t3,contw + call bn_mulmod /* t3=a*z4 */ + arg mem_cx,regA + arg mem_t2,contw + call bn_sqrmod + arg mem_t2,contr + arg mem_t1,contw + call memcpy24 + arg mem_t1,regA + call bn_lshiftmod + arg mem_t2,regA + arg mem_t1,regB + arg mem_t2,contw + call bn_addmod + arg mem_t2,regA + arg mem_t3,regB + arg mem_t2,contw + call bn_addmod /* t2=3*x2 + z*z4 D */ + arg mem_cx,contr + arg mem_t1,contw + call memcpy24 + arg mem_cy,regA + arg mem_t3,contw + call bn_sqrmod + arg mem_t1,regA + call bn_lshiftmod + arg mem_t1,regA + call bn_lshiftmod + arg mem_t1,regA + arg mem_t3,regB + arg mem_t1,contw + call bn_mulmod /* t1=4x*y2 B */ + arg mem_t3,regA + arg mem_t0,contw + call bn_sqrmod + arg mem_t0,regA + call bn_lshiftmod + arg mem_t0,regA + call bn_lshiftmod + arg mem_t0,regA + call bn_lshiftmod /* t0=8*y4 C */ + arg mem_cy,contr + arg mem_t3,contw + call memcpy24 + arg mem_t3,regA + call bn_lshiftmod + arg mem_t3,regA + arg mem_cz,regB + arg mem_cz,contw + call bn_mulmod + arg mem_t2,regA + arg mem_t3,contw + call bn_sqrmod + arg mem_t3,regA + arg mem_t1,regB + arg mem_t3,contw + call bn_submod + arg mem_t3,regA + arg mem_t1,regB + arg mem_cx,contw + call bn_submod + arg mem_t1,regA + arg mem_cx,regB + arg mem_t3,contw + call bn_submod + arg mem_t3,regA + arg mem_t2,regB + arg mem_t3,contw + call bn_mulmod + arg mem_t3,regA + arg mem_t0,regB + arg mem_cy,contw + branch bn_submod + + + /* cost 104904 clks */ +ecadd: + arg mem_az,regA + arg mem_t7,contw + call bn_sqrmod + arg mem_cx,regA + arg mem_t7,regB + arg mem_t0,contw + call bn_mulmod /* n1=t0=xa*zb2 */ + arg mem_az,regA + arg mem_t7,regB + arg mem_t7,contw + call bn_mulmod + arg mem_cy,regA + arg mem_t7,regB + arg mem_t1,contw + call bn_mulmod /* n2=t1=ya*zb3 */ + arg mem_cz,regA + arg mem_t7,contw + call bn_sqrmod + arg mem_ax,regA + arg mem_t7,regB + arg mem_t2,contw + call bn_mulmod /* n3=t2=xb*za2 */ + arg mem_cz,regA + arg mem_t7,regB + arg mem_t7,contw + call bn_mulmod + arg mem_ay,regA + arg mem_t7,regB + arg mem_t3,contw + call bn_mulmod /* n4=t3=yb*za3 */ + arg mem_t0,regA + arg mem_t2,regB + arg mem_t7,contw + call bn_submod /* n5=t7=n1-n3=t0-t2 */ + arg mem_t0,regA + arg mem_t2,regB + arg mem_t0,contw + call bn_addmod /* n7=t0=n1+n3=t0+t2 */ + arg mem_t1,regA + arg mem_t3,regB + arg mem_t2,contw + call bn_submod /* n6=t2=n2-n4=t1-t3 */ + arg mem_t1,regA + arg mem_t3,regB + arg mem_t1,contw + call bn_addmod /* n8=t1=n2+n4=t1+t3 */ + arg mem_t1,regA + arg mem_t7,regB + arg mem_t1,contw + call bn_mulmod /* t1=n8*n5 */ + arg mem_cz,regA + arg mem_az,regB + arg mem_t3,contw + call bn_mulmod + arg mem_t3,regA + arg mem_t7,regB + arg mem_cz,contw + call bn_mulmod /* z=za*zb*n5 */ + arg mem_t7,regA + arg mem_t7,contw + call bn_sqrmod /* t7=n5^2 */ + arg mem_t7,regA + arg mem_t0,regB + arg mem_t3,contw + call bn_mulmod /* t3=n5^2*n7 */ + arg mem_t7,regA + arg mem_t1,regB + arg mem_t1,contw + call bn_mulmod /* t1=n8*n5^3 */ + arg mem_t2,regA + arg mem_cx,contw + call bn_sqrmod + arg mem_cx,regA + arg mem_t3,regB + arg mem_cx,contw + call bn_submod /* x=n6^2-n5^2*n7 */ + arg mem_cx,contr + arg mem_t7,contw + call memcpy24 + arg mem_t7,regA + call bn_lshiftmod /* t7=2*x */ + arg mem_t3,regA + arg mem_t7,regB + arg mem_t3,contw + call bn_submod /* t3=n9 */ + arg mem_t3,regA + arg mem_t2,regB + arg mem_t2,contw + call bn_mulmod /* t2=n9*n6 */ + arg mem_t2,regA + arg mem_t1,regB + arg mem_cy,contw + call bn_submod + arg mem_cy,regA + arg mem_p,regB + arg mem_cy,contw + force 0,regC + fetch 1,mem_cy + isolate1 0,pdata + call bn_add,true + copy regC,alarm + arg mem_cy,regA + call bn_rshift6 + fetch 1,mem_cy5 + isolate1 0,alarm + setflag true,7,pdata + store 1,mem_cy5 + rtn + + /* cost 22276983 clks */ + +eckp_0: + fetch 1,mem_ec_loopc + increase -1,pdata + nrtn positive + store 1,mem_ec_loopc + fetch 1,mem_ec_infinite + call ecdbl,blank + fetch 1,mem_ec_loopc + arg mem_k,contr + call bn_testbit + branch eckp_0,true + fetch 1,mem_ec_infinite + nbranch eckp_1,blank + call ecadd + branch eckp_0 +eckp_1: + jam 0,mem_ec_infinite + arg mem_ax,contr + arg mem_cx,contw + call ec_copy + branch eckp_0 + + /* cost 162522 clks */ +ecunmapz: + arg mem_cz,regA + arg mem_t3,contw + call bn_invmod /* t3 = 1/z */ + arg mem_t3,regA + arg mem_t1,contw + call bn_sqrmod /* t1 = 1/z2 */ + arg mem_cx,regA + arg mem_t1,regB + arg mem_bx,contw + call bn_mulmod + arg mem_t3,regA + arg mem_t1,regB + arg mem_t2,contw + call bn_mulmod /* t2 = 1/z3 */ + arg mem_cy,regA + arg mem_t2,regB + arg mem_by,contw + branch bn_mulmod + + + +sha_endian_swap2: + ifetch 4,contr + force 4,regA + increase 3,contw +sha_endian_loop: + istore 1,contw + rshift8 pdata,pdata + increase -2,contw + increase -1,regA + nbranch sha_endian_loop,zero + increase 5,contw + loop sha_endian_swap2 + rtn + + +sha_getw: + lshift2 queue,pdata + iadd timeup,contr + ifetch 4,contr + rtn + +sha_r: + force 16,alarm + arg memdat,timeup +sha_r_loop: + add alarm,-7,queue + call sha_getw + iforce temp /* W[t - 7] */ + add alarm,-16,queue + call sha_getw + iadd temp,temp /* W[t-7] + W[t-16] */ + add alarm,-2,queue + call sha_getw + shasx pdata,1,pdata + iadd temp,temp /* S1(W[t - 2]) + W[t-7] + W[t-16] */ + add alarm,-15,queue + call sha_getw + shasx pdata,0,pdata + iadd temp,temp /* S0(W[t - 15]) + S1(W[t - 2]) + W[t-7] + W[t-16] */ + lshift2 alarm,pdata + iadd timeup,contw + istoret 4,contw + increase 1,alarm + compare 64,alarm,0xff + nbranch sha_r_loop,true + rtn + + +sha_init: + arg memh0,contr + force 7,regext_index +sha_init_0: + ifetch 4,contr + iforce regext + increase -1,regext_index + branch sha_init_0,positive + rtn + +sha: + bpatchx patch32_6,mem_patch32 + call sha_r /* preprocessing data into R() */ + arg memahbak,contw + force 0,regext_index +sha_0: + deposit regext + istore 4,contw + increase 1,regext_index + compare 8,regext_index,0xff + nbranch sha_0,true + call enable_authrom + arg memk,timeup + arg memdat,alarm + force 64,loopcnt +sha_loop: + ifetcht 4,alarm + ifetch 4,timeup + increase 4,timeup + increase 4,alarm + iadd temp,pdata /* x+K */ + force 7,regext_index + iadd regext,temp /* x+K+h */ + force 4,regext_index + shasx regext,3,pdata + iadd temp,temp /* temp = s3(e)+x+K+h */ + force 5,regext_index + deposit regext + force 6,regext_index + ixor regext,pdata + force 4,regext_index + iand regext,pdata /* (e & (f ^ g)) */ + force 6,regext_index + ixor regext,pdata /* F1(e, f, g) = g ^ (e & (f ^ g)) */ + iadd temp,temp /* temp1 = h + S3(e) + F1(e,f,g) + K + x */ + force 7,regext_index + copy temp,regext /* save to H */ + force 3,regext_index + deposit regext + iadd temp,regext /* save to D */ + force 0,regext_index + deposit regext + force 1,regext_index + iand regext,temp /* a & b */ + ior regext,pdata /* a | b */ + force 2,regext_index + iand regext,pdata /* (c & (a | b)) */ + ior temp,temp /* F0:(a & b) | (c & (a | b)) */ + force 0,regext_index + shasx regext,2,pdata + iadd temp,pdata /* temp2 = S2(a) + F0(a,b,c) */ + force 7,regext_index + iadd regext,regext /* h = temp1 + temp2 */ + regexrot /* rotate move h,a-g => a-h */ + loop sha_loop + arg memahbak,contr + force 0,regext_index +sha_1: + ifetch 4,contr + iadd regext,regext + increase 1,regext_index + compare 8,regext_index,0xff + nbranch sha_1,true + branch disable_authrom + + +sha_result: + arg memresult,contw + force 7,regext_index +sha_regext_save: + deposit regext + istore 4,contw + increase -1,regext_index + branch sha_regext_save,positive + rtn + +pad_xor: +// arg memx_end,contr + arg memdat,contw + increase -4,contr + sub loopcnt,16,regA +pad_xor_0: + ifetch 4,contr + ixor temp,pdata + istore 4,contw + increase -8,contr + loop pad_xor_0 + copy regA,loopcnt + deposit temp +pad_xor_1: + istore 4,contw + loop pad_xor_1 + rtn + +g_noninit_number_confirm: + call g_noninit0 + call sha_result + branch g_common0 + +g_noninit: + call g_noninit0 + branch g_common0 + +g_noninit0: + arg mem_sp_pubkey_remote_x_end,contr + arg memdat,contw + force 6,loopcnt + call memcpy_dword_swap + arg mem_sp_pubkey_local_x_end,contr + force 6,loopcnt + call memcpy_dword_swap + arg mem_sp_random_remote_end,contr + call memcpy_dword_swap4 + call sha_init + call sha + arg mem_sp_random_local_end,contr + arg memdat,contw + branch g_common + +g_init: + arg mem_sp_pubkey_local_x_end,contr + arg memdat,contw + force 6,loopcnt + call memcpy_dword_swap + arg mem_sp_pubkey_remote_x_end,contr + force 6,loopcnt + call memcpy_dword_swap + arg mem_sp_random_local_end,contr + call memcpy_dword_swap4 + call sha_init + call sha + arg mem_sp_random_remote_end,contr + arg memdat,contw + call g_common + branch g_common0 + +g_common: + call memcpy_dword_swap4 + setarg 0x800000 + lshift8 pdata,pdata + istore 4,contw + force 5,loopcnt + call memset0 + setarg 640 + istore 4,contw + branch sha +g_common0: + fetch 4,memresult +// store 4,mem_gkey + arg 1000,rega + idiv rega + call wait_div_end + remainder pdata + store 4,mem_gkey + quotient pdata + arg 1000,rega + idiv rega + call wait_div_end + remainder pdata + arg 1000,rega + imul32 rega,pdata + fetcht 4,mem_gkey + iadd temp,pdata + store 4,mem_gkey + rtn + +function_f1_no_key: + jam 0,mem_passkey_1bit + branch function_f1_common + +function_f1: + fetch 1,mem_ssp_mode_flag + bne SSP_MODE_PASSKEY_ENTRY_FLAG,function_f1_no_key +function_f1_common: + bpatchx patch32_7,mem_patch32 + setarg 0x363636 + lshift8 pdata,temp + or_into 0x36,temp + fetch 2,mem_sp_prarm_stack + copy pdata,contr + force 4,loopcnt + call pad_xor + call sha_init + call sha + fetch 2,mem_sp_prarm_stack+2 + copy pdata,contr + arg memdat,contw + force 6,loopcnt + call memcpy_dword_swap + fetch 2,mem_sp_prarm_stack+4 + copy pdata,contr + force 6,loopcnt + call memcpy_dword_swap + setarg 0x800000 + istore 3,contw + + fetch 1,mem_passkey_1bit + + istore 1,contw + force 0,pdata + istore 8,contw + setarg 0x0388 + istore 4,contw + call sha + call sha_result + arg memresult,contr + arg memahsave,contw + call memcpy32 + + setarg 0x5c5c5c + lshift8 pdata,temp + or_into 0x5c,temp + fetch 2,mem_sp_prarm_stack + copy pdata,contr + force 4,loopcnt + call pad_xor + call sha_init + call sha + arg memahsave_end,contr + arg memdat,contw + force 8,loopcnt + call memcpy_dword_swap + setarg 0x800000 + lshift8 pdata,pdata + istore 4,contw + call bn_zero + setarg 0x0300 + istore 4,contw + call sha + branch sha_result + + +function_f2: + setarg 0x363636 + lshift8 pdata,temp + or_into 0x36,temp + arg mem_sp_dhkey_end,contr + force 6,loopcnt + call pad_xor + call sha_init + call sha + fetch 2,mem_sp_prarm_stack+12 + copy pdata,contr + arg memdat,contw + call memcpy_dword_swap4 + fetch 2,mem_sp_prarm_stack+14 + copy pdata,contr + call memcpy_dword_swap4 + + setarg 0x62746c + lshift8 pdata,pdata + or_into 0x6b,pdata + istore 4,contw + arg mem_addr_value_end,contr + force 3,loopcnt + call memcpy_dword_swap + + setarg 0x800000 + lshift8 pdata,pdata + istore 4,contw + force 0,pdata + istore 8,contw + setarg 0x0380 + istore 4,contw + call sha + + call sha_result + arg memresult,contr + arg memahsave,contw + call memcpy32 + + setarg 0x5c5c5c + lshift8 pdata,temp + or_into 0x5c,temp + arg mem_sp_dhkey_end,contr + force 6,loopcnt + call pad_xor + call sha_init + call sha + arg memahsave_end,contr + arg memdat,contw + force 8,loopcnt + call memcpy_dword_swap + setarg 0x800000 + lshift8 pdata,pdata + istore 4,contw + call bn_zero + setarg 0x0300 + istore 4,contw + call sha + branch sha_result + + +function_f3a: + fetch 1,mem_ssp_mode_flag + bne SSP_MODE_PASSKEY_ENTRY_FLAG,function_f3a_no_pin +function_f3a_common: + bpatchx patch33_0,mem_patch33 + setarg 0x363636 + lshift8 pdata,temp + or_into 0x36,temp + arg mem_sp_dhkey_end,contr + force 6,loopcnt + call pad_xor + call sha_init + call sha + arg mem_sp_random_remote_end,contr + arg memdat,contw + call memcpy_dword_swap4 + arg mem_sp_random_local_end,contr + call memcpy_dword_swap4 + branch function_f3_common + +function_f3a_no_pin: + setarg 0 + store 4,mem_pin + branch function_f3a_common + +function_f3b_no_pin: + setarg 0 + store 4,mem_pin + branch function_f3b_common + + +function_f3b: + fetch 1,mem_ssp_mode_flag + bne SSP_MODE_PASSKEY_ENTRY_FLAG,function_f3b_no_pin +function_f3b_common: + setarg 0x363636 + lshift8 pdata,temp + or_into 0x36,temp + arg mem_sp_dhkey_end,contr + force 6,loopcnt + call pad_xor + call sha_init + call sha + + arg mem_sp_random_local_end,contr + arg memdat,contw + call memcpy_dword_swap4 + arg mem_sp_random_remote_end,contr + call memcpy_dword_swap4 +function_f3_common: + setarg 0x0 + istore 8,contw + istore 4,contw + fetch 4,mem_pin + istore 4,contw + + copy contw,temp + jam 0x80,mem_addr_padding + copy temp,contw + arg mem_addr_iocap_end,contr + call memcpy_dword_swap4 + + call sha + + arg memdat,contw + force 7,loopcnt + call memset0 + istore 4,contw + setarg 0x03F8 + istore 4,contw + call sha + call sha_result + + arg memresult,contr + arg memahsave,contw + call memcpy32 + + setarg 0x5c5c5c + lshift8 pdata,temp + or_into 0x5c,temp + arg mem_sp_dhkey_end,contr + force 6,loopcnt + call pad_xor + call sha_init + call sha + arg memahsave_end,contr + arg memdat,contw + force 8,loopcnt + call memcpy_dword_swap + setarg 0x800000 + lshift8 pdata,pdata + istore 4,contw + call bn_zero + setarg 0x0300 + istore 4,contw + call sha + branch sha_result + +/* +eckp: + jam 192,mem_ec_loopc + jam 1,mem_ec_infinite +*/ +eckp_calc_init: + jam 192,mem_ec_loopc +eckp_calc_init_1: + fetch 1,mem_ec_loopc + rtn blank + increase -1,pdata + store 1,mem_ec_loopc + arg mem_k,contr + call bn_testbit + branch eckp_calc_init_1,true + arg mem_ax,contr + arg mem_cx,contw + branch ec_copy + +eckp_calc: + call ecdbl + fetch 1,mem_ec_loopc + increase -1,pdata + store 1,mem_ec_loopc + arg mem_k,contr + call bn_testbit + rtn true + branch ecadd + +memcpy_dword_swap4: + force 4,loopcnt +memcpy_dword_swap: + increase -4,contr +memcpy_dword_swap_loop: + ifetch 4,contr + istore 4,contw + increase -8,contr + loop memcpy_dword_swap_loop + rtn + +else +sp_initialize: + rtn + +endif + + +ifdef SECURE_CONNECTION + +sp_initialize_256: + bpatchx patch33_1,mem_patch33 + fetch 1,mem_le_secure_connect_enable + branch le_secure_connection_disable,blank + call le_secure_connection_enable + call sp_clear_flags +// jam SP_KEY_INVALID_256,mem_le_sc_local_key_invalid + branch sp_pubkey_calc_256 + + + + +sp_pubkey_calc_256: + fetch 1,mem_le_sc_local_key_invalid + rtnne SP_KEY_INVALID + fetch 1,mem_le_sc_calc + rtnne SP_CALC_STANDBY + + arg mem_le_private_key_256,contw + force 15,queue + call random_generator + random pdata + rshift pdata,pdata + istore 2,contw + + arg mem_k_256,contw + arg mem_le_private_key_256,contr + call memcpy32 //mem_sp_private_key=>mem_k + + arg mem_ax_256,contw + arg mem_gx_256,contr + call memcpy64 //mem_gx=>mem_ax + + arg mem_az_256,contw + call clear_mem_256 + jam 1,mem_az_256 //0=>mem_az + + call eckp_calc_init_256 + jam SP_CALC_PUBKEY_256,mem_le_sc_calc + rtn + +sp_pubkey_generated_256: + arg mem_le_pubkey_local_x_256,contw + arg mem_bx_256,contr + call memcpy64 + jam SP_KEY_VALID_256,mem_le_sc_local_key_invalid + jam SP_CALC_STANDBY,mem_le_sc_calc + rtn + + + +sp_dhkey_calc_256: + fetch 1,mem_sp_dhkey_invalid + rtnne SP_KEY_INVALID + fetch 1,mem_le_sc_calc + rtnne SP_CALC_STANDBY + + arg mem_k_256,contw + arg mem_le_private_key_256,contr + call memcpy32 + + arg mem_ax_256,contw + arg mem_le_pubkey_remote_x_256,contr + call memcpy64 + + arg mem_az_256,contw + call clear_mem_256 + jam 1,mem_az_256 //0=>mem_az + + call eckp_calc_init_256 + jam SP_CALC_DHKEY_256,mem_le_sc_calc + rtn + + +sp_dhkey_generated_256: +// jam SP_FLAG_COMMIT,mem_sp_dh_ready + arg mem_le_dhkey_256,contw + arg mem_bx_256,contr + call memcpy32 + jam SP_KEY_VALID_256,mem_sp_dhkey_invalid + jam SP_CALC_STANDBY,mem_le_sc_calc + rtn + + + +sp_calc_sequence_256: + fetch 1,mem_le_secure_connect_enable + rtn blank + fetch 1,mem_le_sc_calc + rtn blank + increase 0x80,pdata + store 1,mem_le_sc_calc + rtnbit1 7 + fetch 2,mem_ec_loopc + branch sp_calc_sequence_done_256,blank + branch eckp_calc_256 + +sp_calc_sequence_done_256: + bpatchx patch33_2,mem_patch33 + call ecunmapz_256 + fetch 1,mem_le_sc_calc + beq SP_CALC_PUBKEY_256,sp_pubkey_generated_256 + beq SP_CALC_DHKEY_256,sp_dhkey_generated_256 + rtn + + +eckp_calc_256: + call ecdbl_256 + fetch 2,mem_ec_loopc + increase -1,pdata + store 2,mem_ec_loopc + arg mem_k_256,contr + call bn_testbit + rtn true + branch ecadd_256 + +eckp_calc_init_256: + bpatchx patch33_3,mem_patch33 + setarg 256,pdata + store 2,mem_ec_loopc +eckp_calc_init_256_1: + fetch 2,mem_ec_loopc + rtn blank + increase -1,pdata + store 2,mem_ec_loopc + arg mem_k_256,contr + call bn_testbit + branch eckp_calc_init_256_1,true + arg mem_ax_256,contr + arg mem_cx_256,contw + branch memcpy96 + + +ecunmapz_256: + arg mem_cz_256,regA + arg mem_t3_256,contw + call bn_invmod_256 /* t3 = 1/z */ + arg mem_t3_256,regA + arg mem_t1_256,contw + call bn_sqrmod_256 /* t1 = 1/z2 */ + arg mem_cx_256,regA + arg mem_t1_256,regB + arg mem_bx_256,contw + call bn_mulmod_256 + arg mem_t3_256,regA + arg mem_t1_256,regB + arg mem_t2_256,contw + call bn_mulmod_256 /* t2 = 1/z3 */ + arg mem_cy_256,regA + arg mem_t2_256,regB + arg mem_by_256,contw + branch bn_mulmod_256 + +ecdbl_256: + arg mem_cz_256,regA + arg mem_t2_256,contw + call bn_sqrmod_256 + arg mem_t2_256,regA + arg mem_t3_256,contw + call bn_sqrmod_256 +//call ice_break + arg mem_a_256,regA + arg mem_t3_256,regB + arg mem_t3_256,contw + call bn_mulmod_256 /* t3=a*z4 */ + arg mem_cx_256,regA + arg mem_t2_256,contw + call bn_sqrmod_256 +//call ice_break + arg mem_t2_256,contr + arg mem_t1_256,contw + call memcpy32 + arg mem_t1_256,regA + call bn_lshiftmod_256 + arg mem_t2_256,regA + arg mem_t1_256,regB + arg mem_t2_256,contw + call bn_addmod_256 +//call ice_break + arg mem_t2_256,regA + arg mem_t3_256,regB + arg mem_t2_256,contw + call bn_addmod_256 /* t2=3*x2 + z*z4 D */ +//call ice_break + arg mem_cx_256,contr + arg mem_t1_256,contw + call memcpy32 + arg mem_cy_256,regA + arg mem_t3_256,contw + call bn_sqrmod_256 + arg mem_t1_256,regA + call bn_lshiftmod_256 + arg mem_t1_256,regA + call bn_lshiftmod_256 + arg mem_t1_256,regA + arg mem_t3_256,regB + arg mem_t1_256,contw + call bn_mulmod_256 //S = 4X1Y1^2/* t1=4x*y2 B */ + arg mem_t3_256,regA + arg mem_t0_256,contw + call bn_sqrmod_256 + arg mem_t0_256,regA + call bn_lshiftmod_256 + arg mem_t0_256,regA + call bn_lshiftmod_256 + arg mem_t0_256,regA + call bn_lshiftmod_256 //T = 8Y1^4 /* t0=8*y4 C */ + arg mem_cy_256,contr + arg mem_t3_256,contw + call memcpy32 + arg mem_t3_256,regA + call bn_lshiftmod_256 + arg mem_t3_256,regA + arg mem_cz_256,regB + arg mem_cz_256,contw + call bn_mulmod_256 //z = 2Y1Z1 + + + arg mem_t2_256,regA + arg mem_t3_256,contw + call bn_sqrmod_256 // M ^2 +//call ice_break + arg mem_t3_256,regA + arg mem_t1_256,regB + arg mem_t3_256,contw + call bn_submod_256 // t2^2 - 4*cx *cy^2 + arg mem_t3_256,regA + arg mem_t1_256,regB + arg mem_cx_256,contw + call bn_submod_256 //X2 + arg mem_t1_256,regA + arg mem_cx_256,regB + arg mem_t3_256,contw + call bn_submod_256 //S-X2 + arg mem_t3_256,regA + arg mem_t2_256,regB + arg mem_t3_256,contw + call bn_mulmod_256 //M(S-X2) + arg mem_t3_256,regA + arg mem_t0_256,regB + arg mem_cy_256,contw + branch bn_submod_256 //M(S-X2)-T Y2 + +ecadd_256: + + arg mem_az_256,regA + arg mem_t7_256,contw + call bn_sqrmod_256 + arg mem_cx_256,regA + arg mem_t7_256,regB + arg mem_t0_256,contw + call bn_mulmod_256 /* n1=t0=xa*zb2 U1 = X1Z0^2*/ + + + arg mem_az_256,regA + arg mem_t7_256,regB + arg mem_t7_256,contw + call bn_mulmod_256 + arg mem_cy_256,regA + arg mem_t7_256,regB + arg mem_t1_256,contw + call bn_mulmod_256 /* n2=t1=ya*zb3 S1 = Y1Z0^3*/ + + + arg mem_cz_256,regA + arg mem_t7_256,contw + call bn_sqrmod_256 + arg mem_ax_256,regA + arg mem_t7_256,regB + arg mem_t2_256,contw + call bn_mulmod_256 /* n3=t2=xb*za2 U0 = X0Z1^2*/ + + arg mem_cz_256,regA + arg mem_t7_256,regB + arg mem_t7_256,contw + call bn_mulmod_256 + arg mem_ay_256,regA + arg mem_t7_256,regB + arg mem_t3_256,contw + call bn_mulmod_256 /* n4=t3=yb*za3 S0 = Y0Z1^3*/ + + +// arg mem_t0_256,regA +// arg mem_t2_256,regB + arg mem_t0_256,regb + arg mem_t2_256,rega + arg mem_t7_256,contw + call bn_submod_256 /* n5=t7=n1-n3=t0-t2 W=U1-U0*/ + arg mem_t0_256,regA + arg mem_t2_256,regB + arg mem_t0_256,contw + call bn_addmod_256 /* n7=t0=n1+n3=t0+t2 T=U1+U0 */ +// arg mem_t1_256,regA +// arg mem_t3_256,regB + arg mem_t1_256,regb + arg mem_t3_256,rega + arg mem_t2_256,contw + call bn_submod_256 /* n6=t2=n2-n4=t1-t3 S1-S0 */ + arg mem_t1_256,regA + arg mem_t3_256,regB + arg mem_t1_256,contw + call bn_addmod_256 /* n8=t1=n2+n4=t1+t3 M=S1+S0*/ + arg mem_t1_256,regA + arg mem_t7_256,regB + arg mem_t1_256,contw + call bn_mulmod_256 /* t1=n8*n5 MW */ + arg mem_cz_256,regA + arg mem_az_256,regB + arg mem_t3_256,contw + call bn_mulmod_256 //Z0Z1 + arg mem_t3_256,regA + arg mem_t7_256,regB + arg mem_cz_256,contw + call bn_mulmod_256 /* z=za*zb*n5 Z0Z1W */ + + arg mem_t7_256,regA + arg mem_t7_256,contw + call bn_sqrmod_256 /* t7=n5^2 */ + arg mem_t7_256,regA + arg mem_t0_256,regB + arg mem_t3_256,contw + call bn_mulmod_256 /* t3=n5^2*n7 */ + arg mem_t7_256,regA + arg mem_t1_256,regB + arg mem_t1_256,contw + call bn_mulmod_256 /* t1=n8*n5^3 */ + arg mem_t2_256,regA + arg mem_cx_256,contw + call bn_sqrmod_256 + arg mem_cx_256,regA + arg mem_t3_256,regB + arg mem_cx_256,contw + call bn_submod_256 /* x=n6^2-n5^2*n7 */ + arg mem_cx_256,contr + arg mem_t7_256,contw + call memcpy32 + arg mem_t7_256,regA + call bn_lshiftmod_256 /* t7=2*x */ + arg mem_t3_256,regA + arg mem_t7_256,regB + arg mem_t3_256,contw + call bn_submod_256 /* t3=n9 */ + arg mem_t3_256,regA + arg mem_t2_256,regB + arg mem_t2_256,contw + call bn_mulmod_256 /* t2=n9*n6 */ + arg mem_t2_256,regA + arg mem_t1_256,regB + arg mem_cy_256,contw + call bn_submod_256 + arg mem_cy_256,regA + arg mem_p_256,regB + arg mem_cy_256,contw + force 0,regC + fetch 1,mem_cy_256 + isolate1 0,pdata + call bn_add_256,true + copy regC,alarm + arg mem_cy_256,regA + call bn_rshift_256 + fetch 1,mem_cy5_256 + isolate1 0,alarm + setflag true,7,pdata + store 1,mem_cy5_256 + rtn + +bn_invmod_256: + copy contw,timeup + arg mem_tmp0_256,contw + call clear_mem_256 + force 0,pdata +// store 4,mem_tmp52 + store 4,mem_t2_256 + jam 1,mem_tmp0_256 //y1 + arg mem_tmp1_256,contw //y2 + call clear_mem_512 + arg mem_p_256,contr + arg mem_tmp2_256,contw //j + call memcpy32 + copy regA,contr + arg mem_tmp3_256,contw //i + call memcpy32 + +// arg mem_tmp22,regA +// arg mem_tmp32,regB +// call p_bn_bigeq_256 +// branch assert,positive +bn_invmod_256_2: + arg mem_tmp3_256,contr + call bn_eq_zero_256 + branch bn_invmod_256_0,blank +//call ice_break +//fetch 1,0x4ffe +//increase 1,pdata +//store 1,0x4ffe + arg mem_tmp3_256,regA + arg mem_tmp0_256,regB + call bn_rshifteven_256 + arg mem_tmp2_256,regA + arg mem_tmp1_256,regB + call bn_rshifteven_256 + + arg mem_tmp3_256,regA + arg mem_tmp2_256,regB + call bn_bigeq_256 + branch bn_invmod_256_1,positive + arg mem_tmp2_256,regA + arg mem_tmp3_256,regB + copy regA,contw + call bn_sub_256 + arg mem_tmp0_256,regA + arg mem_tmp1_256,regB + copy regB,contw + call bn_add_256 + ifetch 1,regA + iadd regC,regC + ifetch 1,regB + iadd regC,pdata + istore 1,regB + branch bn_invmod_256_2 +bn_invmod_256_1: + arg mem_tmp3_256,regA + arg mem_tmp2_256,regB + copy regA,contw + call bn_sub_256 + arg mem_tmp1_256,regA + arg mem_tmp0_256,regB + copy regB,contw + call bn_add_256 + ifetch 1,regA + iadd regC,regC + ifetch 1,regB + iadd regC,pdata + istore 1,regB + branch bn_invmod_256_2 +bn_invmod_256_0: +//call ice_break + arg mem_tmp1_256,regA + copy timeup,contw + call bn_p256mod +//call ice_break + arg mem_p_256,regA + copy timeup,regB + copy timeup,contw + branch bn_submod_256 + + +bn_mulmod_256: + copy contw,timeup /* save result ptr */ + + force 0,regext_index + + arg mem_tmp1_256,contw + call clear_mem_512 + arg mem_regext,contw + call clear_mem_512 +// jam 0,mem_regext_index + +// arg mem_tmp12,contw + copy regA,contr +// force 0,regext_index + jam 0,mem_regext + setarg 0 + call bn_load_mem + copy regB,contr + call bn_load_256 +// force 0,regB +// jam 0,mem_regb + force 0,queue + arg mem_tmp1_256,contw +bn_mulmod_256_1: +// copy regb,pdata +// store 1, + arg mem_regext,temp + copy queue,regb + lshift2 regb,pdata +// lshift4 pdata,pdata + iadd temp,regb + force 0,temp + force 0,regC +bn_mulmod_256_0: +// copy contw,pdata +// store 2,mem_contw +//call ice_break +// copy pdata,contw + ifetch 4,contw /* d[i+j] */ + iforce regA +// copy regB,regext_index +// deposit regext + ifetch 4,regb + copy regC,regext_index + imul32 regext,pdata + iadd regA,pdata /* uv = a[i]*b[j] + d[i+j] */ + iadd temp,pdata /* uv += u */ + istore 4,contw /* ->d[i+j] */ + rshift32 pdata,temp /* temp = u = uv >> 32 */ + increase 1,regC + compare 8,regC,0xff + nbranch bn_mulmod_256_0,true +//call ice_break + deposit temp + istore 4,contw /* d[i + 12] = u */ + increase -32,contw +// fetch 1,mem_regb +// copy pdata,regb + increase 1,queue + compare 8,queue,0xff + nbranch bn_mulmod_256_1,true + arg mem_tmp1_256,regA + copy timeup,contw + branch bn_p256mod + +bn_p256mod: + bpatchx patch33_4,mem_patch33 + copy contw,timeup /* save result ptr */ + copy regA,alarm /* temp save regA */ + arg mem_tmp2_256,regB + copy regB,contw + call memset0_4 + istore 8,contw + add regA,44,contr + call memcpy8 + call memcpy12 + copy regb,rega + call bn_lshiftmod_256 //2S1 + arg mem_tmp2_256,regB + copy alarm,rega + copy timeup,contw + call bn_addmod_256 //T+2S1 +//call ice_break + arg mem_tmp2_256,regB + copy regB,contw + call memset0_4 + istore 8,contw + add alarm,48,contr + call memcpy16 + call memset0_4 + copy regb,rega + call bn_lshiftmod_256 //2S2 +//call ice_break +// arg 0,regB + + arg mem_tmp2_256,regB + copy timeup,rega + copy regA,contw + call bn_addmod_256 //+2S2 +//call ice_break +// arg 0,regB + + arg mem_tmp2_256,regB + copy regB,contw + add alarm,32,contr + call memcpy12 + call memset0_4 + istore 8,contw + add alarm,56,contr + call memcpy8 + copy timeup,regA + copy regA,contw + call bn_addmod_256 //+S3 +//call ice_break +// arg 0,regB + + arg mem_tmp2_256,regB + copy regB,contw + add alarm,36,contr + call memcpy12 + add alarm,52,contr + call memcpy12 + add alarm,52,contr + call memcpy4 + add alarm,32,contr + call memcpy4 + copy timeup,regA + copy regA,contw + call bn_addmod_256 //+S4 +//call ice_break +// arg 1,regB + arg mem_tmp2_256,regB + copy regB,contw + add alarm,44,contr + call memcpy12 + call memset0_4 + istore 8,contw + add alarm,32,contr + call memcpy4 + add alarm,40,contr + call memcpy4 + copy timeup,regA + copy regA,contw + call bn_submod_256 //-D1 +//call ice_break +// arg 2,regB + arg mem_tmp2_256,regB + copy regB,contw + add alarm,48,contr + call memcpy8 + call memcpy8 + force 0,pdata + istore 8,contw + add alarm,36,contr + call memcpy4 + add alarm,44,contr + call memcpy4 + copy timeup,regA + copy regA,contw + call bn_submod_256 //-D2 +//call ice_break +// arg 3,regB + arg mem_tmp2_256,regB + copy regB,contw + add alarm,52,contr + call memcpy12 + add alarm,32,contr + call memcpy12 + call memset0_4 + add alarm,48,contr + call memcpy4 + copy timeup,regA + copy regA,contw + call bn_submod_256 //-D3 +//call ice_break +// arg 4,regB + arg mem_tmp2_256,regB + copy regB,contw + add alarm,56,contr + call memcpy8 + call memset0_4 + add alarm,36,contr + call memcpy12 + call memset0_4 + add alarm,52,contr + call memcpy4 + copy timeup,regA + copy regA,contw + branch bn_submod_256 //-D4 + + +bn_load_mem: + force 32,loopcnt + arg mem_regext,contw + iadd contw,contw + branch memcpy + +bn_load_256: + force 8,loopcnt + branch bn_load_0 + +bn_sqrmod_256: + copy regA,regB + branch bn_mulmod_256 + +bn_add_256: + force 8,loopcnt + branch bn_add+1 + +bn_addmod_256: + call bn_add_256 + copy contw,regA + branch bn_lshiftmod_ismod_256 + +bn_lshiftmod_256: + call bn_lshift_256 +bn_lshiftmod_ismod_256: + isolate1 0,regC + branch bn_lshiftmod_p_256,true + arg mem_p_256,regB + copy regA,regC + increase -32,regA + call bn_bigeq_256 + nrtn positive + copy regC,regA + branch sub_p2_256 + +bn_lshiftmod_p_256: + call sub_p2_256 +// nrtn true + copy regA,regC + increase -32,regA + arg mem_p_256,regB + call bn_bigeq_256 + nrtn positive + copy regC,regA + branch sub_p2_256 + + +sub_p2_256: + increase -32,regA + arg mem_p_256,regB + copy regA,contw + branch bn_sub_256 + + + + +bn_submod_256: + call bn_sub_256 +// isolate1 0,regC + branch bn_submod_256_np,true +// copy regA,regC +// increase -32,regA + add contw,-32,regA + arg mem_p_256,regB + call bn_bigeq_256 + nrtn positive + arg mem_p_256,regB + add contw,-32,regA +// copy regC,regA + copy rega,contw + branch bn_sub_256 +bn_submod_256_np: + add contw,-32,regA + arg mem_p_256,regB + copy regA,contw + call bn_add_256 +// isolate1 0,regC + rtn true + add contw,-32,regA + arg mem_p_256,regB + copy regA,contw + branch bn_add_256 + + + +bn_sub_256: + force 8,loopcnt + branch bn_sub+1 + +bn_rshift_256: + force 8,loopcnt + increase 28,regA + branch bn_rshift + +bn_lshift_256: + force 8,loopcnt + force 0,regC + branch bn_lshift_0 + +bn_bigeq_256: + force 8,loopcnt + increase 28,regA + increase 28,regB + branch bn_bigeq_0 + + +bn_eq_zero_256: + ifetch 8,contr + nrtn blank + branch bn_eq_zero + + + + +bn_rshifteven_256: + copy regA,alarm +bn_rshifteven_256_1: + copy alarm,regA + ifetch 1,regA + isolate1 0,pdata + rtn true + call bn_rshift_256 + ifetch 1,regB + isolate0 0,pdata + branch bn_rshifteven_256_0,true + arg mem_p_256,regA + copy regB,contw + call bn_add_256 + ifetch 1,regB + iadd regC,pdata + istore 1,regB + increase -32,regB +bn_rshifteven_256_0: + add regB,32,regA + force 9,loopcnt + call bn_rshift + branch bn_rshifteven_256_1 + +else +sp_initialize_256: + rtn + +endif + + Index: dukaqi/senrui/program/ui.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/ui.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/ui.prog (working copy) @@ -0,0 +1,349 @@ +ui_init: + call lpm_disable_exen_output + rtn wake + branch ui_timer_init + +ui_dispatch: + branch ui_timer_check + + + + +ui_timer_timeout: + setarg 0x1000 + lshift16 pdata,pdata + iadd regb,regb + rtn + +ui_timer_check: + bpatchx patch33_5,mem_patch33 + arg 0,rega + fetcht 4,mem_ui_timer_last_btclk + copy clkn_bt,regb + copy regb,pdata + isub temp,null + ncall ui_timer_timeout,positive + //call ice_break +ui_timer_check_loop: + copy regb,pdata + increase 160,temp //320btclk = 100ms + increase 160,temp + isub temp,null + nbranch ui_timer_check_end,positive + increase 1,rega //increase 1 every 100ms count + and rega,0x0f,pdata + nbranch ui_timer_check_loop,blank + arg 0,rega //reset timer if it's longer than 1.5s between 2 checks + call ui_timer_check_send_evt +ui_timer_init: + copy clkn_bt,pdata + store 4,mem_ui_timer_last_btclk + rtn +ui_timer_check_end: + bpatchx patch33_6,mem_patch33 + copy rega,pdata + rtn blank + increase -160,temp //320btclk = 100ms + increase -160,temp + set0 28,temp + storet 4,mem_ui_timer_last_btclk +ui_timer_check_send_evt: + branch app_evt_timer + + + +//**********************************************************// +//************UI Inter-Processor Communication*******// +//**********************************************************// +ui_ipc_get_lock: + jam 1,mem_ipc_lock_bt +ui_ipc_get_lock_wait: + fetch 1,mem_ipc_lock_c51 + nbranch ui_ipc_get_lock_wait,blank + rtn + +ui_ipc_put_lock: + jam 0,mem_ipc_lock_bt + rtn + + + +ui_ipc_send_event: + bpatchx patch33_7,mem_patch33 + call ui_ipc_get_lock + copy rega,pdata + store 4,mem_ipc_rega_temp + arg mem_ipc_fifo_bt2c51,rega + call fifo_in + fetch 4,mem_ipc_rega_temp + copy pdata,rega + branch ui_ipc_put_lock + +ui_ipc_send_cmd: + bpatchx patch34_0,mem_patch34 + call ui_ipc_get_lock + copy rega,pdata + store 4,mem_ipc_rega_temp + arg mem_ipc_fifo_c512bt,rega + call fifo_in + fetch 4,mem_ipc_rega_temp + copy pdata,rega + branch ui_ipc_put_lock + +ui_ipc_clean_all_fifo: + setarg 0 + store UTIL_FIFO_LEN,mem_ipc_fifo_c512bt + store UTIL_FIFO_LEN,mem_ipc_fifo_bt2c51 + rtn + +check_51cmd: + bpatchx patch34_1,mem_patch34 + fetch 1,mem_hci_cmd + nrtn blank + arg mem_ipc_fifo_c512bt,rega + call fifo_is_empty + rtn blank + jam IPC_CONTINUE_PROCESS,mem_ipc_skip_continue_proc + call check_51cmd_once + fetch 1,mem_ipc_skip_continue_proc + branch check_51cmd,blank + rtn + +check_51cmd_once: + call ui_ipc_get_lock + arg mem_ipc_fifo_c512bt,rega + call fifo_out + copy pdata,temp + call ui_ipc_put_lock + bpatchx patch34_2,mem_patch34 + copy temp,pdata + rtn blank + beq BT_CMD_START_DISCOVERY,check_51cmd_start_discovery + beq BT_CMD_STOP_DISCOVERY,check_51cmd_stop_discovery + beq BT_CMD_RECONNECT,check_51cmd_reconnect + beq BT_CMD_ENTER_SNIFF_SUBRATING,check_51cmd_enter_sniff_subrating + beq BT_CMD_EXIT_SNIFF_SUBRATING,check_51cmd_exit_sniff_subrating + beq BT_CMD_SNIFF_TEST,check_51cmd_sniff_test + beq BT_CMD_START_INQUIRY,check_51cmd_inq + beq BT_CMD_STOP_INQUIRY,check_51cmd_stop_inq + beq BT_CMD_START_ADV,check_51cmd_adv + beq BT_CMD_STOP_ADV,check_51cmd_stop_adv + beq BT_CMD_START_DIRECT_ADV,check_51cmd_direct_adv + beq BT_CMD_STOP_DIRECT_ADV,check_51cmd_stop_direct_adv + beq BT_CMD_LE_START_CONN,check_51cmd_le_start_con + beq BT_CMD_LE_START_SCAN,check_51cmd_start_scan + beq BT_CMD_LE_STOP_SCAN,check_51cmd_stop_scan + beq BT_CMD_ENTER_HIBERNATE,check_51cmd_hibernate + beq BT_CMD_LE_SMP_SECURITY_REQUEST,check_51cmd_le_smp_sec_req + beq BT_CMD_BB_RECONN_CANCEL,check_51cmd_bb_reconn_cancel + //context related, process in context + store 1,mem_fifo_temp + bpatchx patch34_3,mem_patch34 + call lmo_fifo_check + nbranch check_51cmd_restore,blank //process this cmd next time while lmo fifo is full +check_51cmd_once_continue: + fetch 1,mem_fifo_temp + bmark0 mark_context,check_51cmd_check_idle + beq BT_CMD_DISCONNECT,check_51cmd_disconnect + beq BT_CMD_ENTER_SNIFF,cmd_in_sniff + beq BT_CMD_EXIT_SNIFF,cmd_exit_sniff + beq BT_CMD_SET_PIN_CODE,check_51cmd_pincode + beq BT_CMD_LE_DISCONNECT,check_51cmd_le_disconnect + beq BT_CMD_LE_UPDATE_CONN,check_51cmd_ble_update_connect_param + beq BT_CMD_ROLE_SWITCH,check_51cmd_role_switch + beq BT_CMD_STORE_RECONN_INFO_LE,eeprom_store_le_reconn_info + beq BT_CMD_STORE_RECONN_INFO_BT,eeprom_store_bd_reconn_info + beq BT_CMD_DHKEY_NOT_ACCEPT,check_51cmd_dhkey_not_accept + beq BT_CMD_STORE_RECONN_INFO,check_51cmd_store_reconn_info + rtn + +check_51cmd_check_idle: + store 1,mem_fifo_temp + call context_check_idle + branch check_51cmd_restore,zero + call context_search_plap + nrtn zero +check_51cmd_restore: + jam IPC_SKIP_CONTINUE_PROCESS,mem_ipc_skip_continue_proc + branch ui_ipc_send_cmd + + /******************** 51COMMAND*********************/ + +//command opcode 0x01 +check_51cmd_start_discovery: + fetch 2,mem_ui_state_map + set1 UI_STATE_BT_DISCOVERY + store 2,mem_ui_state_map + jam 3,mem_scan_mode + rtn + + +//command opcode 0x02 +check_51cmd_stop_discovery: + jam 0,mem_hid_handshake_timer_count + jam 0,mem_scan_mode + fetch 2,mem_ui_state_map + set0 UI_STATE_BT_DISCOVERY + store 2,mem_ui_state_map + rtn + + +//command opcode 0x03 +check_51cmd_reconnect: + jam hci_cmd_create_conn,mem_hci_cmd + rtn + + +//command opcode 0x04 +check_51cmd_disconnect: + jam LMP_DETACH,mem_lmo_opcode2 + jam OTHER_END_TERMINATED,mem_disconn_reason_send + rtn + + +//command opcode 0x07 +check_51cmd_enter_sniff_subrating: + rtn + + +//command opcode 0x08 +check_51cmd_exit_sniff_subrating: + rtn + + +//command opcode 0x09 +check_51cmd_sniff_test: + rtn + + +//command opcode 0x10 +check_51cmd_pincode: + jam pincode_state_pincode_ready,mem_pincode_state + branch cmd_pair + + +//command opcode 0x11 +check_51cmd_inq: + rtn + + +//command opcode 0x12 +check_51cmd_stop_inq: + rtn + + +//command opcode 0x13 +check_51cmd_adv: + jam ON,mem_le_adv_enable + jam ADV_IND,mem_le_adv_type + fetch 2,mem_ui_state_map + set1 UI_STATE_BLE_ADV,pdata + store 2,mem_ui_state_map + rtn + + +//command opcode 0x14 +check_51cmd_stop_adv: + fetch 2,mem_ui_state_map + set0 UI_STATE_BLE_ADV,pdata + store 2,mem_ui_state_map + jam OFF,mem_le_adv_enable + rtn + + +//command opcode 0x15 +check_51cmd_direct_adv: + jam ON,mem_le_adv_enable + jam ADV_DIRECT_IND,mem_le_adv_type + fetch 2,mem_ui_state_map + set1 UI_STATE_BLE_ADV,pdata + store 2,mem_ui_state_map + rtn + + +//command opcode 0x16 +check_51cmd_stop_direct_adv: + fetch 2,mem_ui_state_map + set0 UI_STATE_BLE_ADV,pdata + store 2,mem_ui_state_map + jam OFF,mem_le_adv_enable + rtn + + +//command opcode 0x17 +check_51cmd_le_disconnect: + setarg 20 // 100ms + store 2,mem_le_superto + store 2,mem_le_init_superto + branch le_send_terminate_ind_user_terminated + + +//command opcode 0x18 +check_51cmd_ble_update_connect_param: + branch le_l2cap_tx_update_req + + + +//command opcode 0x22 +check_51cmd_le_start_con: + jam ON,mem_le_scan_enable + jam hci_cmd_le_create_conn,mem_hci_cmd +// fetch 6,mem_app_peer_addr +// store 6,mem_le_conn_peer_addr + rtn + + +//command opcode 0x23 +check_51cmd_start_scan: + jam ON,mem_le_scan_enable + rtn + + +//command opcode 0x24 +check_51cmd_stop_scan: + jam OFF,mem_le_scan_enable + jam 0,mem_hci_cmd + rtn + + +//command opcode 0x25 +check_51cmd_hibernate: + fetch 2,mem_cb_before_hibernate + call callback_func + call ui_ipc_clean_all_fifo + branch lpm_hibernate + + +//command opcode 0x27 +check_51cmd_le_smp_sec_req: + branch le_send_smp_security_request + + +//command opcode 0x29 +check_51cmd_role_switch: + jam LMP_SLOT_OFFSET,mem_lmo_opcode2 + set1 mark_switch_initiated,mark + nrtn master + jam SWITCH_FLAG_INIT,mem_switch_flag + jam LMP_SWITCH_REQ ,mem_lmo_opcode2 + fetch 1,mem_connection_options + set0 CONNECTION_SWITCH,pdata + store 1,mem_connection_options + rtn + + +//command opcode 0x30 +check_51cmd_bb_reconn_cancel: + force page_length_timer,queue + branch timer_stop + + +//command opcode 0x33 +check_51cmd_dhkey_not_accept: + call tid_set_reply + jam LMP_DHKey_Check,mem_lmi_opcode2 + branch parse_lmp_dhkey_check_reject + + + + Index: dukaqi/senrui/program/utility.prog =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/utility.prog (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/program/utility.prog (working copy) @@ -0,0 +1,609 @@ + +right_shift_n: //rshiftN pdata,pdata + sub loopcnt,0,null + rtn zero +right_shift_n_loop: + rshift pdata,pdata + loop right_shift_n_loop + rtn + +/* lshift. 0:1 byte; 1:2byte; 2:4byte; 3:8byte; 4:16byte*/ +left_shift_n: + force 1,pdata + sub loopcnt,0,null + rtn zero +left_shift_n_loop: + lshift pdata,pdata + loop left_shift_n_loop + rtn +push_stack: + deposit contw + store 2, mem_contw + storet 8,mem_temp + deposit timeup + store 4,mem_timeup + call push_stack_rega_b_c + deposit contr + store 2, mem_contr + rtn + +push_stack_rega_b_c: + deposit rega + store 4, mem_rega + deposit regb + store 4, mem_regb + deposit regc + store 3, mem_regc + rtn + +pop_stack: + fetcht 8,mem_temp + fetch 4,mem_timeup + iforce timeup + call pop_stack_rega_b_c + fetch 2, mem_contw + iforce contw + fetch 2, mem_contr + iforce contr + rtn + +pop_stack_rega_b_c: + fetch 4, mem_rega + iforce rega + fetch 4, mem_regb + iforce regb + fetch 3,mem_regc + iforce regc + rtn + +get_contw: + fetch 2,mem_contw + copy pdata,contw + rtn +get_contr: + fetch 2,mem_contr + copy pdata,contr + rtn +store_contw: + copy contw,pdata + store 2,mem_contw + rtn +store_contr: + copy contr,pdata + store 2,mem_contr + rtn + + +// +save_cont_pointers: + copy contw,pdata + store 2,mem_hold_contw + copy contr,pdata + store 2,mem_hold_contr + rtn +load_cont_pointers: + fetch 2,mem_hold_contw + copy pdata,contw + fetch 2,mem_hold_contr + copy pdata,contr + rtn + +memcpy96: + call memcpy32 +memcpy64: + call memcpy32 + branch memcpy32 +memcpy12: + call memcpy8 +memcpy4: + ifetch 4,contr + istore 4,contw + rtn +memcpy8: + ifetch 8,contr + istore 8,contw + rtn + +memcpy48: + call memcpy16 +memcpy32: + call memcpy8 +memcpy24: + call memcpy8 +memcpy16: + call memcpy8 + branch memcpy8 + + + +delay_10ms: + arg 10,loopcnt +delay_ms_wait: + nop 12000 + loop delay_ms_wait + rtn + +bn_zero: + force 3,loopcnt +memset0: + force 0,pdata +memset8: + istore 8,contw + loop memset8 + rtn + +memset0_8: + force 0,pdata + istore 8,contw + rtn +memset0_4: + force 0,pdata + istore 4,contw + rtn + +clear_mem_256: + force 4,loopcnt + branch memset0 +clear_mem_512: + force 8,loopcnt + branch memset0 + +clear_mem: + deposit loopcnt + rtn blank + setarg 0 +clear_mem_loop: + istore 1,contw + loop clear_mem_loop + rtn + + +clear_temp_block: + arg 32,loopcnt + arg mem_temp_block0,contw + branch clear_mem + +xor_loop: + ifetch 4,regc + ifetcht 4,rega + ixor temp,pdata + istore 4,contw + increase 4,rega + increase 4,regc + loop xor_loop + rtn + +// 11 22 -> 22 11; 11 22 33 -> 33 22 11 +// rega:data addr ;loopnct:length +inverse_data: + bpatchx patch34_4,mem_patch34 + copy loopcnt,pdata + sub pdata,1,null + rtn positive + iadd rega,regb + increase -1,regb + rshift loopcnt,loopcnt +inverse_loop: + ifetcht 1,rega + ifetch 1,regb + istore 1,rega + istoret 1,regb + increase -1,regb + increase 1,rega + loop inverse_loop + rtn + + +memcpy_fast: + deposit loopcnt + rtn blank +memcpy_fast_loop: + increase -8,loopcnt + call memcpy8,positive + rtn zero + branch memcpy_fast_loop,positive + increase 8,loopcnt +memcpy_fast_loop_four: + increase -4,loopcnt + call memcpy4,positive + rtn zero + branch memcpy_fast_loop_four,positive + increase 4,loopcnt + branch memcpy + +memcpy: + deposit loopcnt + rtn blank +memcpy_loop: + ifetch 1,contr + istore 1,contw + loop memcpy_loop + rtn + +timer_stop: + setarg 0 +timer_init: + rshift clkn_bt,temp + storet 4,mem_last_clkn + arg mem_timers,contw + iforce temp + lshift queue,pdata + iadd contw,contw + istoret 2,contw + bpatchx patch34_5,mem_patch34 + rtn + +timer_check_timeout: + arg 0x800,timeup + lshift16 timeup,timeup + iadd timeup,pdata + rtn + + +timer_reinit: + arg 0,queue +timer_check: + bpatchx patch34_6,mem_patch34 + fetcht 4,mem_last_clkn + rshift clkn_bt,pdata + store 4,mem_last_clkn + isub temp,null + ncall timer_check_timeout,positive + isub temp,timeup + copy timeup,temp + arg mem_timers,contr + copy contr,contw + arg 16,loopcnt +timer_loop: + ifetch 2,contr + isub temp,pdata + branch timer_counting,positive + force 0,pdata +timer_counting: + istore 2,contw + loop timer_loop + arg mem_timers,contr + lshift queue,pdata + iadd contr,contr + ifetch 2,contr + rtn + + + + /* pdata 28+16 bit add temp 26+16 bit, result in temp */ +clk_add: + iadd temp,temp + copy temp, loopcnt + setarg 3750 + isub loopcnt,pdata + rtn positive + sub pdata,0,pdata + rshift16 temp,temp + increase 1,temp + lshift16 temp,temp + ior temp,temp + rtn + +clk_diff_rt: + call clk_diff + branch clk2rt + +/* pdata -temp -> pdata, all are 28+16 bits, set user if negative */ +clk_diff: + disable user + isub temp,pdata + branch clk_diff_pos,positive + enable user + sub pdata,0,pdata +clk_diff_pos: + rtnbit0 15 + arg -61786,temp + iadd temp,pdata + set0 64,pdata + rtn + +clk2rt: + iforce contr + rshift16 pdata,pdata + arg 3750,temp + imul32 temp,pdata + iadd contr,pdata + rtn + + /* pdata = clks in, temp = lpo out */ +clk2lpo: + lshift8 pdata,pdata + lshift4 pdata,pdata + fetcht 3,mem_clks_per_lpo + idiv temp + call wait_div_end + quotient temp + rtn + + /* rt clk -> bt+rt clk */ +clk2bt: + arg 3750,temp + idiv temp + call wait_div_end + quotient pdata + lshift16 pdata,pdata + remainder temp + ior temp,temp + rtn + + + +//input:contru +//output:temp +//used register: temp regc +string2dec_from_uart: + arg 0,temp +string2dec_from_uart_done: + copy temp,regc + ifetch 1,contru + call uchar2dialog + copy regc,temp + call swap + arg 10,regb + imul32 regb,pdata + iadd temp,pdata + copy pdata,temp + loop string2dec_from_uart_done + rtn + + + +uchar2dialog: + arg 0x3a,temp + isub temp,null + nbranch uchar2dialog_number,positive + arg 0x61,temp + isub temp,null + branch uchar2dialog_a2f,positive + arg 0x37,temp + isub temp,pdata + rtn +uchar2dialog_number: + arg 0x30,temp + isub temp,pdata + rtn +uchar2dialog_a2f: + arg 0x57,temp + isub temp,pdata + rtn + +pn9: + copy temp,alarm + setarg 0x1ff + force 0,regb +pn9_loop: + rshift3 pdata,rega + rshift rega,rega + ixor rega,rega + isolate1 0,rega + setflag true,9,pdata + rshift temp,temp + isolate1 0,pdata + setflag true,7,temp + rshift pdata,pdata + increase 1,regb + compare 0,regb,0x7 + nbranch pn9_loop,true + istoret 1,contw + loop pn9_loop + copy alarm,temp + rtn + + +wait_div_end: + rtn modone + branch wait_div_end + + + +//input: +// count:loopcnt str1:rega str2:regb +//output: +// same:set falg true ,diff set falg false +// using: +// reg:temp null flag:zero +compare_loop: +string_compare: + ifetch 1,rega + ifetcht 1,regb + isub temp,null + nrtn zero + increase 1,rega + increase 1,regb + loop string_compare + force 0,null + rtn + + /* pdata = temp if pdata > temp */ +ceiling: + isub temp,null + nrtn positive + deposit temp + rtn + +swap: + iadd temp,pdata + isub temp,temp + isub temp,pdata + rtn + +clean_mem: + arg 0x200,loopcnt + arg 0x4000,contw + branch memset0 // clear xram at boot + + //cb function ptr in pdata +callback_func: + rtn blank + copy pdata,pc //rtn through cb functon. + //branch assert + + +ice_break: + hjam 0x1,core_ice_ctrl + rtn + +ice_setbp: + hstore 2,core_ice_break0 + hfetch 1,core_ice_ctrl + set1 4,pdata + hstore 1,core_ice_ctrl + rtn +ice_setbp2: + hstore 2,core_ice_break1 + hfetch 1,core_ice_ctrl + set1 6,pdata + hstore 1,core_ice_ctrl + rtn + +ice_set_write_bp: + hstore 2,core_ice_break0 + hjam 0x30,core_ice_ctrl + rtn + +test_no_white: + hfetch 1,core_config + set1 whiteoff_bit,pdata + hstore 1,core_config /* whitening off */ + rtn + + +test_enable_white: + hfetch 1,core_config + set0 whiteoff_bit,pdata + hstore 1,core_config /* whitening on */ + rtn + + + //fuction fifo_in + //rega pointer to fifo memory , *(rega+len) is the end of fifo + //mem_fifo_temp data into fifo + //assert if fifo was full +fifo_in: + bpatchx patch34_7,mem_patch34 + ifetcht UTIL_FIFO_LEN,rega + and temp,0xff,pdata + nbranch fifo_in_push,blank + rshift8 temp,pdata + istore UTIL_FIFO_LEN,rega +fifo_in_push: + increase UTIL_FIFO_LEN+UTIL_FIFO_OFFSET,rega + ifetch 1,rega + nbranch assert,blank //fifo full + fetch 1,mem_fifo_temp + istore 1,rega + rtn + + //fuction fifo_out + //rega pointer to fifo memory + //pdata data from fifo, blank mains fifo empty +fifo_out: + bpatchx patch35_0,mem_patch35 + arg UTIL_FIFO_LEN,loopcnt + ifetch UTIL_FIFO_LEN,rega + rtn blank +fifo_out_loop: + ifetch 1,rega + nbranch fifo_out_end,blank + increase 1,rega + loop fifo_out_loop + branch assert +fifo_out_end: + arg 0,temp + istoret 1,rega + rtn + + //fuction fifo_is_empty + //rega pointer to fifo memory + //blank--- fifo is empty +fifo_is_empty: + ifetch UTIL_FIFO_LEN,rega + rtn + + //fuction fifo_is_full + //rega pointer to fifo memory + //blank--- fifo is NOT full +fifo_is_full: + ifetch 1,rega + rtn + //rega pointer to fifo memory + //blank--- fifo is NOT near full +fifo_is_near_full: + ifetch 2,rega + rtn + + //rega pointer to fifo memory + //count output via pdata +fifo_content_count: + arg 0,temp +fifo_content_count_loop: + fetch 1,contr + loop fifo_content_count_loop,blank + increase 1,temp + loop fifo_content_count_loop + copy temp,pdata + rtn + +not_greater_than: + isub temp,null + nrtn positive + copy temp,pdata + rtn + + +disable_positive: + force -1,null + rtn +enable_positive: +disable_zero: + force 1,null + rtn +enable_zero: + force 0,null + rtn + +enable_user: + enable user + rtn + +disable_user: + disable user + rtn + +enable_user2: + enable user2 + rtn + +disable_user2: + disable user2 + rtn + +disable_blank: + setarg 1 + rtn + +enable_blank: + setarg 0 + rtn + + +reverse_byte: + copy loopcnt,pdata + rtn blank + copy contr,pdata + iadd loopcnt,pdata + increase -1,pdata + copy pdata,contr +reverse_loop: + ifetch 1,contr + increase -2,contr + istore 1,contw + loop reverse_loop + rtn + + Index: dukaqi/senrui/sched/109x.dat =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/sched/109x.dat (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/sched/109x.dat (working copy) @@ -0,0 +1,51 @@ +mem_patch00:02 +mem_patch10:20 +mem_patch11:02 +mem_patch14:04 +mem_patch17:19 +mem_patch20:68 +mem_patch27:44 +mem_patch28:02 +mem_patch2a:04 +mem_patch33:02 + +mem_lpm_config:0f 84 30 +mem_lpm_xtalcnt:0a 0b b2 32 +mem_lpm_hibernate_switch:8b +mem_lpm_doze_switch:0b +mem_gpio_wakeup:00 00 00 00 00 00 00 00 + +mem_fcomp_mul:02 +mem_fcomp_div:24 +mem_iscan_window:40 00 +mem_iscan_interval:00 02 +mem_pscan_window:32 00 +mem_pscan_interval:00 02 + +mem_inq_window:20 00 +mem_page_window:20 00 +mem_page_to:00 20 +mem_rx_window_init:80 04 +mem_rx_window_sniff:00 10 + + + +mem_lmp_version:08 0e 05 04 00 + +mem_eeprom_base:30 1f +mem_eeprom_block_size:20 +mem_context_number:01 + +mem_rf_init: +4b ba +55 d0 +56 e0 +57 88 +58 6c +59 10 +07 ff +ff +mem_rf_init_ptr:mem_rf_init + + + Index: dukaqi/senrui/sched/DM_module.dat =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/sched/DM_module.dat (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/sched/DM_module.dat (working copy) @@ -0,0 +1,351 @@ + +mem_device_option:0a +mem_ui_profile_supported:40 +mem_app_connection_options:13 + +mem_features: +ff +fb +8f +f8 #openACL3M fe +8B #AFHclose 83 +85 +59 +83 #83 ssp + + +##############NVRAM CONFIG############## +mem_nv_data_ptr:mem_module_nv_data +mem_nv_data_number:05 +##################################### + +##############SPP CONFIG############## +mem_credit_flag:00 +mem_rfcomm_max_frame_size:7f 00 +mem_rfcomm_credit_init_data:07 +##################################### + +##############SSP CONFIG############## +mem_sp_iocap_local:03 00 04 +mem_ssp_enable:01 +mem_pin_length:04 30 30 30 30 30 +##################################### + + +################IPC BUFFER INIT##################### +4FF0:00 1C +4FF2:FF 1F +4FF4:00 1C +4FF6:00 1C +4FF8:00 4C +4FFA:E0 4F +4FFC:00 4C +4FFE:00 4C +##################################### + + +##############BLUETOOTH CONFIG############## +###commom### +mem_soft_version_num:00 05 +mem_module_state:03 +mem_module_bluetooth_stauts_by_command:07 +mem_class:24 04 04 + +mem_module_flag:00 +#bit0 MODULE_FLAG_UART_FLOW_CONTROL +#bit1 MODULE_FLAG_BLE_SEND_MTU23 +#bit2 MODULE_FLAG_BLE_DATA_ENCRYPT + +mem_lpm_mode:00 +mem_lpm_interval:00 01 +mem_lpm_overhead:08 +mem_lpm_mult_timeout:02 + + +###3.0### +mem_scan_mode:00 +mem_module_spp_lpm_mult:28 +mem_lap:a7 2a 2a 21 10 3a +mem_local_name_length: +'3121 Mou Bt + +###3.0 sinff param### +mem_sniff_param_interval:20 00 +mem_sniff_param_attempt:01 +mem_sniff_param_timeout:00 + + +###ble### +mem_le_secure_connect_enable:01 +mem_le_adv_channel_map:07 +mem_le_pairing_mode:00 + +mem_module_data_write_handle:2d 00 +mem_module_data_write_handle2:2f 00 + + +mem_le_adv_enable:00 +mem_le_adv_interval:40 00 +mem_module_le_lpm_mult:05 +mem_le_lap:21 22 01 33 02 3a +mem_le_name_len: +'3121 Mou Ble + +mem_le_adv_data_len:03 +mem_le_adv_data: +02 01 02 + +mem_le_scan_data_len:0e + +mem_le_scan_data:# 1 byte length + 1 byte type + N bytes data +02 01 02 +'\09Yichip 1021s Mou + +mem_le_pres:02 03 00 05 10 02 03 + +mem_le_interval_min: +08 00 #min interval +10 00 #max interval +00 00 #latency +2c 01 #timeout + + +mem_le_local_mtu:b9 +mem_le_remote_mtu:17 + +mem_le_pairing_handle:31 00 + +##################################### + + +mem_eir_enable:01 +mem_all_uuid_16bits: +05 +03#Type: Complete list of 16-bit UUIDs +0012 0001 0100 0111 0300 + +mem_all_uuid_128bits: +00 + + +mem_ui_uuid_table:mem_module_uuid_list + +mem_module_uuid_list: +03 +12 +00 +01 +00 +00 +01 +00 +01 +00 +01 +36 +00 +52 +09 +00 +00 +0a +00 +01 +00 +01 +09 +00 +01 +35 +03 +19 +12 +00 +09 +00 +04 +35 +0d +35 +06 +19 +01 +00 +09 +00 +01 +35 +03 +19 +00 +01 +09 +00 +09 +35 +08 +35 +06 +19 +12 +00 +09 +01 +00 +09 +02 +00 +09 +01 +03 +09 +02 +01 +09 +05 +ac +09 +02 +02 +09 +02 +39 +09 +02 +03 +09 +06 +44 +09 +02 +04 +28 +01 +09 +02 +05 +09 +00 +02 +03 +11 +01 +00 +03 +01 +00 +00 +01 +00 +03 +36 +00 +46 +09 +00 +00 +0a +00 +01 +00 +03 +09 +00 +01 +35 +03 +19 +11 +01 +09 +00 +02 +0a +00 +00 +00 +00 +09 +00 +04 +35 +0c +35 +03 +19 +01 +00 +35 +05 +19 +00 +03 +08 +01 +09 +00 +06 +35 +09 +09 +65 +6e +09 +00 +6a +09 +01 +00 +09 +01 +00 +25 +0a +53 +50 +50 +20 +73 +6c +61 +76 +65 +00 +00 +00 +01 +00 + + +mem_ui_le_uuid_table:mem_module_le_att_list + +#attribute list: handle 2bytes, uuid 2bytes, length 1bytes, attribute Nbytes +mem_module_le_att_list: +#Primary service yichip transmit ------ +01 00 02 00 28 02 01 18 +#Service Changed +02 00 02 03 28 01 20 +03 00 02 05 2a 01 00 +#Client Characteristic Configuration +04 00 02 02 29 02 01 00 + +#Primary service GAP ------ +05 00 02 00 28 02 00 18 + +#Device name +06 00 02 03 28 01 4e +07 00 02 00 2a 13 41 73 74 20 4c 45 20 4d 6f 75 73 65 20 20 20 20 20 20 20 + +#Apperance +08 00 02 03 28 01 4e +09 00 02 01 2a 02 00 00 + +#Perpheral Preferred Connection Parameters +0a 00 02 03 28 01 02 +0b 00 02 04 2a 08 10 00 20 00 05 00 2c 01 + + +#End of Attribute list +00 00 + + Index: dukaqi/senrui/sched/DM_module.dat.bak =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/sched/DM_module.dat.bak (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/sched/DM_module.dat.bak (working copy) @@ -0,0 +1,431 @@ + +mem_device_option:0a +mem_ui_profile_supported:40 +mem_app_connection_options:13 + +mem_features: +ff +fb +8f +f8 #openACL3M fe +8B #AFHclose 83 +85 +59 +83 #83 ssp + + +##############NVRAM CONFIG############## +mem_nv_data_ptr:mem_module_nv_data +mem_nv_data_number:05 +##################################### + +##############SPP CONFIG############## +mem_credit_flag:00 +mem_rfcomm_max_frame_size:7f 00 +mem_rfcomm_credit_init_data:07 +##################################### + +##############SSP CONFIG############## +mem_sp_iocap_local:03 00 04 +mem_ssp_enable:01 +mem_pin_length:04 30 30 30 30 30 +##################################### + + +################IPC BUFFER INIT##################### +4FF0:00 1C +4FF2:FF 1F +4FF4:00 1C +4FF6:00 1C +4FF8:00 4C +4FFA:E0 4F +4FFC:00 4C +4FFE:00 4C +##################################### + + +##############BLUETOOTH CONFIG############## +###commom### +mem_soft_version_num:00 02 +mem_module_state:03 +mem_module_bluetooth_stauts_by_command:07 +mem_class:24 04 04 + +mem_module_flag:00 +#bit0 MODULE_FLAG_UART_FLOW_CONTROL +#bit1 MODULE_FLAG_BLE_SEND_MTU23 +#bit2 MODULE_FLAG_BLE_DATA_ENCRYPT + +mem_lpm_mode:00 +mem_lpm_interval:00 01 +mem_lpm_overhead:08 +mem_lpm_mult_timeout:02 + + +###3.0### +mem_scan_mode:00 +mem_module_spp_lpm_mult:28 +mem_lap:a7 2a 2a 21 10 3a +mem_local_name_length: +'3121 Mou Bt + +###3.0 sinff param### +mem_sniff_param_interval:20 00 +mem_sniff_param_attempt:01 +mem_sniff_param_timeout:00 + + +###ble### +mem_le_secure_connect_enable:01 +mem_le_adv_channel_map:07 +mem_le_pairing_mode:00 + +mem_module_data_write_handle:2d 00 +mem_module_data_write_handle2:2f 00 + + +mem_le_adv_enable:00 +mem_le_adv_interval:40 00 +mem_module_le_lpm_mult:05 +mem_le_lap:21 22 01 33 02 3a +mem_le_name_len: +'3121 Mou Ble + +mem_le_adv_data_len:03 +mem_le_adv_data: +02 01 02 + +mem_le_scan_data_len:0e + +mem_le_scan_data:# 1 byte length + 1 byte type + N bytes data +02 01 02 +'\09Yichip 1021s Mou + +mem_le_pres:02 03 00 05 10 02 03 + +mem_le_interval_min: +08 00 #min interval +10 00 #max interval +00 00 #latency +2c 01 #timeout + + +mem_le_local_mtu:b9 +mem_le_remote_mtu:17 + +mem_le_pairing_handle:31 00 + +##################################### + + +mem_eir_enable:01 +mem_all_uuid_16bits: +05 +03#Type: Complete list of 16-bit UUIDs +0012 0001 0100 0111 0300 + +mem_all_uuid_128bits: +00 + + +mem_ui_uuid_table:mem_module_uuid_list + +mem_module_uuid_list: +03 +12 +00 +01 +00 +00 +01 +00 +01 +00 +01 +36 +00 +52 +09 +00 +00 +0a +00 +01 +00 +01 +09 +00 +01 +35 +03 +19 +12 +00 +09 +00 +04 +35 +0d +35 +06 +19 +01 +00 +09 +00 +01 +35 +03 +19 +00 +01 +09 +00 +09 +35 +08 +35 +06 +19 +12 +00 +09 +01 +00 +09 +02 +00 +09 +01 +03 +09 +02 +01 +09 +05 +ac +09 +02 +02 +09 +02 +39 +09 +02 +03 +09 +06 +44 +09 +02 +04 +28 +01 +09 +02 +05 +09 +00 +02 +03 +11 +01 +00 +03 +01 +00 +00 +01 +00 +03 +36 +00 +46 +09 +00 +00 +0a +00 +01 +00 +03 +09 +00 +01 +35 +03 +19 +11 +01 +09 +00 +02 +0a +00 +00 +00 +00 +09 +00 +04 +35 +0c +35 +03 +19 +01 +00 +35 +05 +19 +00 +03 +08 +01 +09 +00 +06 +35 +09 +09 +65 +6e +09 +00 +6a +09 +01 +00 +09 +01 +00 +25 +0a +53 +50 +50 +20 +73 +6c +61 +76 +65 +00 +00 +00 +01 +00 + + +mem_ui_le_uuid_table:mem_module_le_att_list + +#attribute list: handle 2bytes, uuid 2bytes, length 1bytes, attribute Nbytes +mem_module_le_att_list: +#Primary service GAP ------ +01 00 02 00 28 02 00 18 + + +#Appearance +02 00 02 03 28 01 02 +03 00 02 01 2a 02 c8 00 #3c2=hid mouse + +#Device name +04 00 02 03 28 01 0a +05 00 02 00 2a 14 41 73 74 20 4c 45 20 4d 6f 75 73 65 20 20 20 20 20 20 20 20 + + +#Peripheral Preferred Connection Parameters +06 00 02 03 28 01 02 +07 00 02 04 2a 08 06 00 06 00 64 00 2c 01 # interval 6ms, latency 100, timeout 300 + + +#privcy flag +08 00 02 03 28 01 02 +09 00 02 02 2a 01 01 + +#reconnecting addr +0a 00 02 03 28 01 08 +0b 00 02 03 2a 06 00 00 00 00 00 00 + +#Primary service GATT ------ +0c 00 02 00 28 02 01 18 + +#Service changed +0d 00 02 03 28 01 20 +0e 00 02 05 2a 00 +#Client Characteristic Configuration +0f 00 02 02 29 02 00 00 + +#Primary service TX power ------ +10 00 02 00 28 02 04 18 +#Characteristic Tx power level +11 00 02 03 28 01 16 +12 00 02 07 2a 01 00 +13 00 02 02 29 02 00 00 + +#Primary service Battery ------ +14 00 02 00 28 02 0f 18 +#Characteristic Battery level +15 00 02 03 28 01 12 +16 00 02 19 2a 01 38 + +#Primary service device infomation +17 00 02 00 28 02 0a 18 +#Characteristic system id +18 00 02 03 28 01 02 +19 00 02 23 2a 03 00 00 00 + +#Characteristic manufactor name +1a 00 02 03 28 01 02 +1b 00 02 29 2a 08 46 6c 61 67 74 72 69 70 + +#Characteristic module number +1c 00 02 03 28 01 02 +1d 00 02 24 2a 06 79 69 63 68 69 70 + +#Characteristic serial number +1e 00 02 03 28 01 02 +1f 00 02 25 2a 04 63 6f 6d 33 + +#Characteristic firmware version +20 00 02 03 28 01 02 +21 00 02 26 2a 03 31 2e 30 + +#Characteristic software version +22 00 02 03 28 01 02 +23 00 02 28 2a 03 31 2e 30 + +#Characteristic hardware version +24 00 02 03 28 01 02 +25 00 02 2a 2a 03 31 2e 30 + +#Characteristic regulatory version +26 00 02 03 28 01 02 +27 00 02 25 2a 04 63 6f 6d 33 + +#Primary service yichip transmit ------ +28 00 02 00 28 10 55 e4 05 d2 af 9f a9 8f e5 4a 7d fe 43 53 53 49 +#Characteristic tx--notify read +29 00 02 03 28 01 12 +2a 00 10 16 96 24 47 C6 23 61 BA D9 4B 4D 1E 43 53 53 49 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +#Client Characteristic Configuration +2b 00 02 02 29 02 00 00 + +#Characteristic rx--write +2c 00 02 03 28 01 08 +2d 00 10 B3 9B 72 34 BE EC D4 A8 F4 43 41 88 43 53 53 49 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + +#Characteristic rx-- write without Response +2e 00 02 03 28 01 04 +2f 00 10 fe 69 ca 9a 56 19 f6 ab 02 4d aa 6d 43 53 53 49 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + +#Characteristic rx tx --read write notify +30 00 02 03 28 01 1a +31 00 10 18 03 A6 28 5E D8 EC 91 1C 48 A3 AC 43 53 53 49 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +#Client Characteristic Configuration +32 00 02 02 29 02 00 00 + +#End of Attribute list +00 00 + + Index: dukaqi/senrui/util/define_info.pl =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/util/define_info.pl (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/util/define_info.pl (working copy) @@ -0,0 +1,55 @@ +use strict; +use warnings; + +sub read_definfo{ + my $filename = shift(); + my $const_chip = "CHIP VERSION£º"; + my $const_config = "CONFIG: "; + my $version = ""; + my @res; + open(FILE,$filename) || die("can not open file:$filename £¡\n"); + while(my $line = ){ + next if ($line eq "\n"||$line =~ "REVD"); + last if ($line =~ "INCLUDE"); + last if ($line =~ "SIMPLE_PAIRING"); + + if ($line =~ "FPGA" && $line !~ "//"){ + $version = $version."FPGA"; + }elsif($line =~ "ROMCODE" && $line !~ "//"){ + $version = $version."ROMCODE"; + print $const_chip.$version."\n\n"; + }elsif($line !~ "//"){ # valid + if ($line =~"liandi"){ + print "baud rate : boot rate\n"; + } + elsif ($line =~ "CREDIT"){ + print "credit : from mcu\n"; + } + elsif ($line =~ "SSP_EXT"){ + print "ssp confirm: suport\n"; + } + elsif ($line =~ "NVRAM"){ + print "nvram : by mcu\n"; + }elsif ($line=~"RELEASE"){ + print "version : release\n"; + } + }elsif ($line =~ "//"){ #noted + if ($line =~"liandi"){ + print "baud rate : 115200 or other \n"; + } + elsif ($line =~ "CREDIT"){ + print "credit : auto\n"; + } + elsif ($line =~ "SSP_EXT"){ + print "ssp confirm: justwork only\n"; + } + elsif ($line =~ "NVRAM"){ + print "nvram : in eep\n"; + }elsif ($line =~ "RELEASE"){ + print "version : debug\n"; + } + } + } +} + +&read_definfo("bt.prog"); \ No newline at end of file Index: dukaqi/senrui/util/geneep.exe =================================================================== Cannot display: file marked as a binary type. svn:mime-type = application/octet-stream Property changes on: dukaqi/senrui/util/geneep.exe ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +application/octet-stream \ No newline at end of property Index: dukaqi/senrui/util/memalloc.pl =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/util/memalloc.pl (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/util/memalloc.pl (working copy) @@ -0,0 +1,59 @@ +$path="output/bt_format.meta"; +open file, $path; +@f = ; +close file; +open file, ">$path"; +$path =~ s/\/.*//; +open file1, ">output/memmap.format"; +$xaddr = 0x4000; +$addr = 0; +if($#ARGV == 1) { + $addr = hex($ARGV[0]); + $xaddr = hex($ARGV[1]); +} +for($i = 0;$i < @f;$i++) { + $_ = $f[$i]; + $start = 1 if(/^\s*memalloc\s*\(\s*$/); + $start = 2 if(/^\s*xmemalloc\s*\(\s*$/); + $start = 3 if(/^\s*omemalloc\s*\(\s*$/); + if($start) { + if(/^\s*([0-9]+)\s+([a-zA-Z0-9_]+)\s*(.*)$/) { + if($start == 1) { + $str = sprintf "0x%04x %s%s\n", $addr, $2, $3; + $addr += $1; + $bstr .= $str; + $sstr .= $str; + } elsif($start == 2) { + $str = sprintf "0x%04x %s%s\n", $xaddr, $2, $3; + $xaddr += $1; + $xstr .= $str; + } else { + push @ostr, $_; + } + } + if(/^\s*\)\s*$/) { + $start = 0; + push @omalloc,[@ostr] if(@ostr > 0); + @ostr = (); + } + } else { + $sstr .= $_; + } +} +$xend = $xaddr; +for($i = 0;$i <= $#omalloc;$i++) { + for($j = 0, $oaddr = $xaddr;$j <= $#{$omalloc[$i]};$j++) { + if($omalloc[$i][$j] =~ /^\s*([0-9]+)\s+([a-zA-Z0-9_]+)\s*(.*)$/) { + $str = sprintf "0x%04x %s%s\n", $oaddr, $2, $3; + $oaddr += $1; + $xstr .= $str; + } + } +} +$xend = $oaddr if($oaddr > $xend); +print file $xstr, $sstr; +print file1 $bstr, $xstr; +close file; +close file1; +printf "\nLast allocated address is %04x\n", $addr; +printf "\nLast allocated xmem address is %04x\n", $xend; Index: dukaqi/senrui/util/mergepatch.pl =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/util/mergepatch.pl (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/util/mergepatch.pl (working copy) @@ -0,0 +1,45 @@ +$defs = ""; +$fmt = 0; + + +sub parseif { + my($fname) = @_; + open file, $fname; + @f = ; + close file; + open file, ">$fname"; + @valid = (1); + for($i = 0;$i < @f;$i++) { + $_ = $f[$i]; + $defs .= $1 . " " if(/^define\s+(\w+)\s*/); + if(/^ifdef\s+(\w+)\s*/) { + push @valid, ($defs =~ /$1 / ? 1 : 0) & $valid[$#valid]; + } elsif(/^ifndef\s+(\w+)\s*/) { + push @valid, ($defs =~ /$1 / ? 0 : 1) & $valid[$#valid]; + } elsif(/^else/) { + printf "%s\nelse without if at line %d\n", $f[$i - 3], $i if($#valid == 0); + $valid[$#valid] = (1 - $valid[$#valid]) & $valid[$#valid - 1]; + } elsif(/^endif/) { + printf "%s\nendif without if at line %d\n", $_, $i if($#valid == 0); + pop @valid; + } elsif($valid[$#valid]) { + if(/^include\s+(.+)\s*/) { + open file2, "program/$1"; + @f2 = ; + close file2; + splice(@f, $i + 1, 0, @f2); + } else { + next if(/^\s*bpatch\s+/ && $defs !~ /ROMCODE/); + next if(/^\s*set[01] mark_ext_patch/ && $defs !~ /ROMCODE/); + print file $_; + } + } + } + close file; +} + +parseif("output/bt_program23.meta"); +$fmt = 1; +parseif("output/bt_format.meta"); + + Index: dukaqi/senrui/util/rom2h.pl =================================================================== --- /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/util/rom2h.pl (nonexistent) +++ /YC3121_demo/ModuleDemo/BlueTooth/BT_code_patch/dukaqi/senrui/util/rom2h.pl (working copy) @@ -0,0 +1,8 @@ +#!/usr/bin/perl +@dat = ; +printf "const unsigned char bt_code[] = {\n"; +for($i = 0;$i < @dat;$i++) { + $dat[$i] =~ s/\s//g; + printf "0x%s%s", $dat[$i], $i == $#dat ? "\n" : $i % 16 == 15 ? ",\n" : "," if(length($dat[$i]) == 2); +} +printf "};\n";