From 9ef310746309af9e25d08cebd1ddc3fabdb1a31d Mon Sep 17 00:00:00 2001
From: Sylvain Munaut <tnt@246tNt.com>
Date: Thu, 11 Mar 2010 22:25:50 +0100
Subject: [PATCH] target_dsp/calypso: Add some pointers to get started in IDA

Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
---
 src/target_dsp/calypso/ida/README.txt    |  73 ++++++
 src/target_dsp/calypso/ida/ndb.h         | 294 +++++++++++++++++++++++
 src/target_dsp/calypso/ida/tms320c54.cfg | 136 +++++++++++
 3 files changed, 503 insertions(+)
 create mode 100644 src/target_dsp/calypso/ida/README.txt
 create mode 100644 src/target_dsp/calypso/ida/ndb.h
 create mode 100644 src/target_dsp/calypso/ida/tms320c54.cfg

diff --git a/src/target_dsp/calypso/ida/README.txt b/src/target_dsp/calypso/ida/README.txt
new file mode 100644
index 000000000..a7939083e
--- /dev/null
+++ b/src/target_dsp/calypso/ida/README.txt
@@ -0,0 +1,73 @@
+Here's a few steps to get started quickly and get something readable:
+
+ - Compile a patched for the IDA TMS320C54 module
+
+   I made several enhancement to it to support the calypso better (the tms320c54
+   module is part of the SDK and can be modded and recompiled) :
+
+   - Add support for memory mappings so that the same memory zone can
+     'appear' at several place in the address space (to handle data & code
+		 overlay)
+   - Fix the section handling when loading a file:
+     . to set XPC properly,
+     . to not override section name
+     . to support more than 2 sections
+   - Fix a bug in cross reference detection when dealing with section
+     having selectors != 0
+   - Add stub support for the type system. This allows loading of a .h
+     header file with the NDB structure definition
+   - Add definition for the IO ports so that they are symbolically
+     displayed
+
+   I can't publically distribute the IDA processor module modification
+   because even just the patch contains some hex-rays code, so I'll handle
+   this on a case by case basis. (just ask me privately and we'll work it out)
+
+ - Dump the DSP ROM
+
+   Using the compal_dsp_dump.bin, you must create a text dump of the DSP ROM,
+   just piping the console output to a text file.
+
+ - Generate COFF image
+
+   The dump2coff.py script can convert the text dump into a usable COFF file
+   containing all the correct sections and addresses.
+
+ - Load this COFF image into IDA
+
+   In the load dialog make sure :
+    - Uncheck the 'Fill segment gaps (COFF)' checkbox
+    - Select 'TMS320C54' in 'Change processor'
+    - In 'Analysis Options/Processor specific analysis options' :
+      - 'Choose device name': CALYPSO
+      - 'Data segment address': 0x80000000
+      - 'Add mapping' (do it several time)
+        - From 0x00000060 -> 0x80000060  size 0x6FA0
+        - From 0x00010060 -> 0x80000060  size 0x6FA0
+        - From 0x00020060 -> 0x80000060  size 0x6FA0
+        - From 0x00030060 -> 0x80000060  size 0x6FA0
+        - From 0x8000E000 -> 0x0000E000  size 0x2000
+
+ - Set 'stub' compiler options to allow the type system to load .h files
+
+   In 'Options/Compiler':
+     - Compiler: 'GNU C++'
+     - Calling convention: 'Cdecl'
+     - Memory model: 'Code Near, Data Near'
+     - Pointer size: 'Near 16bit, Far 32bit'
+     - Include directory: '/usr/include' (or a directory with your includes
+       ... needs to exist)
+
+ - Load the NDB types
+
+   - Load the ndb.h file
+   - In the local types view, import all structure / enum into the database
+   - Then declare the following symbol and set them as struct type
+     appropriately.
+
+     0x80000800 api_w_page_0	db_mcu_to_dsp
+     0x80000814 api_w_page_1	db_mcu_to_dsp
+     0x80000828 api_r_page_0	db_dsp_to_mcu
+     0x8000083c api_r_page_1	db_dsp_to_mcu
+     0x800008d4 ndb           	ndb_mcu_dsp
+
diff --git a/src/target_dsp/calypso/ida/ndb.h b/src/target_dsp/calypso/ida/ndb.h
new file mode 100644
index 000000000..ad9c10560
--- /dev/null
+++ b/src/target_dsp/calypso/ida/ndb.h
@@ -0,0 +1,294 @@
+typedef unsigned char API;
+typedef signed char API_SIGNED;
+
+struct db_mcu_to_dsp
+{
+	API d_task_d;
+	API d_burst_d;
+	API d_task_u;
+	API d_burst_u;
+	API d_task_md;
+	API d_background;
+	API d_debug;
+	API d_task_ra;
+	API d_fn;
+	API d_ctrl_tch;
+	API hole;
+	API d_ctrl_abb;
+	API a_a5fn[2];
+	API d_power_ctl;
+	API d_afc;
+	API d_ctrl_system;
+};
+
+struct db_dsp_to_mcu
+{
+	API d_task_d;
+	API d_burst_d;
+	API d_task_u;
+	API d_burst_u;
+	API d_task_md;
+	API d_background;
+	API d_debug;
+	API d_task_ra;
+	API a_serv_demod[4];
+	API a_pm[3];
+	API a_sch[5];
+};
+
+struct param_mcu_dsp
+{
+	API_SIGNED d_transfer_rate;
+	API_SIGNED d_lat_mcu_bridge;
+	API_SIGNED d_lat_mcu_hom2sam;
+	API_SIGNED d_lat_mcu_bef_fast_access;
+	API_SIGNED d_lat_dsp_after_sam;
+	API_SIGNED d_gprs_install_address;
+	API_SIGNED d_misc_config;
+	API_SIGNED d_cn_sw_workaround;
+	API_SIGNED d_hole2_param[4];
+	API_SIGNED d_fb_margin_beg;
+	API_SIGNED d_fb_margin_end;
+	API_SIGNED d_nsubb_idle;
+	API_SIGNED d_nsubb_dedic;
+	API_SIGNED d_fb_thr_det_iacq;
+	API_SIGNED d_fb_thr_det_track;
+	API_SIGNED d_dc_off_thres;
+	API_SIGNED d_dummy_thres;
+	API_SIGNED d_dem_pond_gewl;
+	API_SIGNED d_dem_pond_red;
+	API_SIGNED d_maccthresh1;
+	API_SIGNED d_mldt;
+	API_SIGNED d_maccthresh;
+	API_SIGNED d_gu;
+	API_SIGNED d_go;
+	API_SIGNED d_attmax;
+	API_SIGNED d_sm;
+	API_SIGNED d_b;
+	API_SIGNED d_v42b_switch_hyst;
+	API_SIGNED d_v42b_switch_min;
+	API_SIGNED d_v42b_switch_max;
+	API_SIGNED d_v42b_reset_delay;
+	API_SIGNED d_ldT_hr;
+	API_SIGNED d_maccthresh_hr;
+	API_SIGNED d_maccthresh1_hr;
+	API_SIGNED d_gu_hr;
+	API_SIGNED d_go_hr;
+	API_SIGNED d_b_hr;
+	API_SIGNED d_sm_hr;
+	API_SIGNED d_attmax_hr;
+	API_SIGNED c_mldt_efr;
+	API_SIGNED c_maccthresh_efr;
+	API_SIGNED c_maccthresh1_efr;
+	API_SIGNED c_gu_efr;
+	API_SIGNED c_go_efr;
+	API_SIGNED c_b_efr;
+	API_SIGNED c_sm_efr;
+	API_SIGNED c_attmax_efr;
+	API_SIGNED d_sd_min_thr_tchfs;
+	API_SIGNED d_ma_min_thr_tchfs;
+	API_SIGNED d_md_max_thr_tchfs;
+	API_SIGNED d_md1_max_thr_tchfs;
+	API_SIGNED d_sd_min_thr_tchhs;
+	API_SIGNED d_ma_min_thr_tchhs;
+	API_SIGNED d_sd_av_thr_tchhs;
+	API_SIGNED d_md_max_thr_tchhs;
+	API_SIGNED d_md1_max_thr_tchhs;
+	API_SIGNED d_sd_min_thr_tchefs;
+	API_SIGNED d_ma_min_thr_tchefs;
+	API_SIGNED d_md_max_thr_tchefs;
+	API_SIGNED d_md1_max_thr_tchefs;
+	API_SIGNED d_wed_fil_ini;
+	API_SIGNED d_wed_fil_tc;
+	API_SIGNED d_x_min;
+	API_SIGNED d_x_max;
+	API_SIGNED d_slope;
+	API_SIGNED d_y_min;
+	API_SIGNED d_y_max;
+	API_SIGNED d_wed_diff_threshold;
+	API_SIGNED d_mabfi_min_thr_tchhs;
+	API_SIGNED d_facch_thr;
+	API_SIGNED d_max_ovsp_ul;
+	API_SIGNED d_sync_thres;
+	API_SIGNED d_idle_thres;
+	API_SIGNED d_m1_thres;
+	API_SIGNED d_max_ovsp_dl;
+	API_SIGNED d_gsm_bgd_mgt;
+	API a_fir_holes[4];
+	API a_fir31_uplink[31];
+	API a_fir31_downlink[31];
+};
+
+struct ndb_mcu_dsp
+{
+	API d_dsp_page;
+	API d_error_status;
+	API d_spcx_rif;
+	API d_tch_mode;
+	API d_debug1;
+	API d_dsp_test;
+	API d_version_number1;
+	API d_version_number2;
+	API d_debug_ptr;
+	API d_debug_bk;
+	API d_pll_config;
+	API p_debug_buffer;
+	API d_debug_buffer_size;
+	API d_debug_trace_type;
+	API d_dsp_state;
+	API d_hole1_ndb[2];
+	API d_hole_debug_amr;
+	API d_hole2_ndb[1];
+	API d_mcsi_select;
+	API d_apcdel1_bis;
+	API d_apcdel2_bis;
+	API d_apcdel2;
+	API d_vbctrl2;
+	API d_bulgcal;
+	API d_afcctladd;
+	API d_vbuctrl;
+	API d_vbdctrl;
+	API d_apcdel1;
+	API d_apcoff;
+	API d_bulioff;
+	API d_bulqoff;
+	API d_dai_onoff;
+	API d_auxdac;
+	API d_vbctrl1;
+	API d_bbctrl;
+	API d_fb_det;
+	API d_fb_mode;
+	API a_sync_demod[4];
+	API a_sch26[5];
+	API d_audio_gain_ul;
+	API d_audio_gain_dl;
+	API d_audio_compressor_ctrl;
+	API d_audio_init;
+	API d_audio_status;
+	API d_toneskb_init;
+	API d_toneskb_status;
+	API d_k_x1_t0;
+	API d_k_x1_t1;
+	API d_k_x1_t2;
+	API d_pe_rep;
+	API d_pe_off;
+	API d_se_off;
+	API d_bu_off;
+	API d_t0_on;
+	API d_t0_off;
+	API d_t1_on;
+	API d_t1_off;
+	API d_t2_on;
+	API d_t2_off;
+	API d_k_x1_kt0;
+	API d_k_x1_kt1;
+	API d_dur_kb;
+	API d_shiftdl;
+	API d_shiftul;
+	API d_aec_ctrl;
+	API d_es_level_api;
+	API d_mu_api;
+	API d_melo_osc_used;
+	API d_melo_osc_active;
+	API a_melo_note0[4];
+	API a_melo_note1[4];
+	API a_melo_note2[4];
+	API a_melo_note3[4];
+	API a_melo_note4[4];
+	API a_melo_note5[4];
+	API a_melo_note6[4];
+	API a_melo_note7[4];
+	API d_melody_selection;
+	API a_melo_holes[3];
+	API d_sr_status;
+	API d_sr_param;
+	API d_sr_bit_exact_test;
+	API d_sr_nb_words;
+	API d_sr_db_level;
+	API d_sr_db_noise;
+	API d_sr_mod_size;
+	API a_n_best_words[4];
+	API a_n_best_score[8];
+	API a_dd_1[22];
+	API a_du_1[22];
+	API d_v42b_nego0;
+	API d_v42b_nego1;
+	API d_v42b_control;
+	API d_v42b_ratio_ind;
+	API d_mcu_control;
+	API d_mcu_control_sema;
+	API d_background_enable;
+	API d_background_abort;
+	API d_background_state;
+	API d_max_background;
+	API a_background_tasks[16];
+	API a_back_task_io[16];
+	API d_gea_mode_ovly;
+	API a_gea_kc_ovly[4];
+	API d_hole3_ndb[7];
+	API d_thr_usf_detect;
+	API d_a5mode;
+	API d_sched_mode_gprs_ovly;
+	API d_hole4_ndb[5];
+	API a_ramp[16];
+	API a_cd[15];
+	API a_fd[15];
+	API a_dd_0[22];
+	API a_cu[15];
+	API a_fu[15];
+	API a_du_0[22];
+	API d_rach;
+	API a_kc[4];
+	API d_ra_conf;
+	API d_ra_act;
+	API d_ra_test;
+	API d_ra_statu;
+	API d_ra_statd;
+	API d_fax;
+	API a_data_buf_ul[21];
+	API a_data_buf_dl[37];
+	API a_tty_holes[8];
+	API a_sr_holes0[414];
+	API a_new_aec_holes[12];
+	// API a_sr_holes1[145];
+	struct param_mcu_dsp params;
+	API d_cport_init;
+	API d_cport_ctrl;
+	API a_cport_cfr[2];
+	API d_cport_tcl_tadt;
+	API d_cport_tdat;
+	API d_cport_tvs;
+	API d_cport_status;
+	API d_cport_reg_value;
+	API a_cport_holes[1011];
+	API a_model[1041];
+	API a_eotd_holes[22];
+	API a_amr_config[4];
+	API a_ratscch_ul[6];
+	API a_ratscch_dl[6];
+	API d_amr_snr_est;
+	API a_voice_memo_amr_holes[1];
+	API d_thr_onset_afs;
+	API d_thr_sid_first_afs;
+	API d_thr_ratscch_afs;
+	API d_thr_update_afs;
+	API d_thr_onset_ahs;
+	API d_thr_sid_ahs;
+	API d_thr_ratscch_marker;
+	API d_thr_sp_dgr;
+	API d_thr_soft_bits;
+	API d_holes[61];
+};
+
+enum dsp_error {
+	DSP_ERR_RHEA		= 0x0001,
+	DSP_ERR_IQ_SAMPLES	= 0x0004,
+	DSP_ERR_DMA_PROG	= 0x0008,
+	DSP_ERR_DMA_TASK	= 0x0010,
+	DSP_ERR_DMA_PEND	= 0x0020,
+	DSP_ERR_VM		= 0x0080,
+	DSP_ERR_DMA_UL_TASK	= 0x0100,
+	DSP_ERR_DMA_UL_PROG	= 0x0200,
+	DSP_ERR_DMA_UL_PEND	= 0x0400,
+	DSP_ERR_STACK_OV	= 0x0800,
+};
diff --git a/src/target_dsp/calypso/ida/tms320c54.cfg b/src/target_dsp/calypso/ida/tms320c54.cfg
new file mode 100644
index 000000000..7962bee22
--- /dev/null
+++ b/src/target_dsp/calypso/ida/tms320c54.cfg
@@ -0,0 +1,136 @@
+; Append this to the tms320c54.cfg shipped with IDA
+
+.CALYPSO
+
+; entry _reset 0xff80 Reset vector
+
+;	RIF
+RIF_DXR			0x0000
+RIF_DRR			0x0001
+RIF_SPCX		0x0002
+RIF_SPCR		0x0003
+
+;	CYPHER
+CYPHER_CNTL		0x2800
+CYPHER_CNTL.START			0
+CYPHER_CNTL.RESETSW			1
+CYPHER_CNTL.MODE0			2
+CYPHER_CNTL.MODE1			3
+CYPHER_CNTL.CLK_EN			4
+CYPHER_CNTL.CYPHER_ONLY			5
+
+CYPHER_STATUS_IRQ	0x2801
+CYPHER_STATUS_IRQ.LT_FIN		0
+
+CYPHER_STATUS_WORK	0x2802
+CYPHER_STATUS_WORK.WORKING		0
+
+CYPHER_KC_1		0x2803
+CYPHER_KC_2		0x2804
+CYPHER_KC_3		0x2805
+CYPHER_KC_4		0x2806
+CYPHER_COUNT_1		0x2807
+CYPHER_COUNT_2		0x2808
+CYPHER_DECI_1		0x2809
+CYPHER_DECI_2		0x280A
+CYPHER_DECI_3		0x280B
+CYPHER_DECI_4		0x280C
+CYPHER_DECI_5		0x280D
+CYPHER_DECI_6		0x280E
+CYPHER_DECI_7		0x280F
+CYPHER_DECI_8		0x2810
+CYPHER_ENCI_1		0x2811
+CYPHER_ENCI_2		0x2812
+CYPHER_ENCI_3		0x2813
+CYPHER_ENCI_4		0x2814
+CYPHER_ENCI_5		0x2815
+CYPHER_ENCI_6		0x2816
+CYPHER_ENCI_7		0x2817
+CYPHER_ENCI_8		0x2818
+
+;	MCSI
+MCSI_CONTROL		0x0800
+MCSI_MAIN-PARAMETERS	0x0801
+MCSI_INTERRUPTS		0x0802
+MCSI_CHANNEL-USED	0x0803
+MCSI_OVER-CLK		0x0804
+MCSI_CLK-FREQ		0x0805
+MCSI_STATUS		0x0806
+MCSI_TX0		0x0820
+MCSI_TX1		0x0821
+MCSI_TX2		0x0822
+MCSI_TX3		0x0823
+MCSI_TX4		0x0824
+MCSI_TX5		0x0825
+MCSI_TX6		0x0826
+MCSI_TX7		0x0827
+MCSI_TX8		0x0828
+MCSI_TX9		0x0829
+MCSI_TX10		0x082A
+MCSI_TX11		0x082B
+MCSI_TX12		0x082C
+MCSI_TX13		0x082D
+MCSI_TX14		0x082E
+MCSI_TX15		0x082F
+MCSI_RX0		0x0830
+MCSI_RX1		0x0831
+MCSI_RX2		0x0832
+MCSI_RX3		0x0833
+MCSI_RX4		0x0834
+MCSI_RX5		0x0835
+MCSI_RX6		0x0836
+MCSI_RX7		0x0837
+MCSI_RX8		0x0838
+MCSI_RX9		0x0839
+MCSI_RX10		0x083A
+MCSI_RX11		0x083B
+MCSI_RX12		0x083C
+MCSI_RX13		0x083D
+MCSI_RX14		0x083E
+MCSI_RX15		0x083F
+
+;	RHEA
+RHEA_TRANSFER_RATE	0xF800
+
+RHEA_BRIDGE-CTRL	0xF801
+RHEA_BRIDGE-CTRL.TIMEOUT_ENABLE		8
+RHEA_BRIDGE-CTRL.NSUPV			9
+
+;	API
+API_CONF		0xF900
+API_CONF.RESERVED0			0
+API_CONF.API_HOM			1
+API_CONF.BRIDGE_CLK_EN			2
+
+;	Interrupts
+INT_CNTRL		0xFA00
+INT_CLEAR		0xFA01
+
+;	DMA
+DMA_CONTROLLER_CONF	0xFC00
+DMA_ALLOC_CONFIG	0xFC02
+DMA1_RAD		0xFC10
+DMA1_RDPTH		0xFC12
+DMA1_AAD		0xFC14
+DMA1_ALGTH		0xFC16
+DMA1_CTRL		0xFC18
+DMA1_CUR_OFFSET_API	0xFC1A
+DMA2_RAD		0xFC20
+DMA2_RDPTH		0xFC22
+DMA2_AAD		0xFC24
+DMA2_ALGTH		0xFC26
+DMA2_CTRL		0xFC28
+DMA2_CUR_OFFSET_API	0xFC2A
+DMA3_RAD		0xFC30
+DMA3_RDPTH		0xFC32
+DMA3_AAD		0xFC34
+DMA3_ALGTH		0xFC36
+DMA3_CTRL		0xFC38
+DMA3_CUR_OFFSET_API	0xFC3A
+DMA4_RAD		0xFC40
+DMA4_RDPTH		0xFC42
+DMA4_AAD		0xFC44
+DMA4_ALGTH		0xFC46
+DMA4_CTRL		0xFC48
+DMA4_CUR_OFFSET_API	0xFC4A
+