The Stage 1 bootloader for the 2Wire modem contains raw Trimedia TM3260 object code.
A disassembler has been built to render this raw code into human-readable form. It produces output like that below:
It should be possible to extend the disassembler for the instruction set of the eight issue-slot TM3282 core.
If anyone would like to help test and debug this tool, please email.
$ ./tm32dis Usage: ./tm32dis <tm32 object filename> <byte skip> [count] $ ./tm32dis ./tinytest.o 0 Read in 82 bytes from file './tinytest.o' Skipping 0 bytes Disassembling file ./tinytest.o disassembly (* instruction 0 : 224 bits (28 bytes) long *) (* offset : 0x00000000 *) (* bytes : 7c 47 81 43 60 21 60 a0 85 50 80 30 03 c1 08 00 40 e0 60 45 60 11 40 0f 80 00 57 01 *) (* format bytes : 0x7c47 & 0xff03 = 0x7c03, format in little endian bit order: 00 11 11 10 11 *) IF r1 asli(7) r1 -> r34, (* 42 bits *) IF r1 iaddi(64) r33 -> r8, (* 42 bits *) IF r1 iadd r5 r33 -> r7, (* 42 bits *) IF r1 iimm(386) -> r35, (* 42 bits *) IF r1 nop; (* 42 bits *) (* instruction 1 : 72 bits (9 bytes) long *) (* offset : 0x0000001c *) (* bytes : d5 43 21 51 88 08 83 68 c1 *) (* format bytes : 0xd543 & 0xff03 = 0xd503, format in little endian bit order: 10 10 10 11 11 *) IF r1 iadd r33 r34 -> r33, (* 26 bits *) IF r1 nop, (* 0 bits *) IF r1 nop, (* 0 bits *) IF r1 ugeq r8 r6 -> r34, (* 34 bits *) IF r1 nop; (* 0 bits *) (* instruction 2 : 112 bits (14 bytes) long *) (* offset : 0x00000025 *) (* bytes : d7 21 21 83 68 01 81 28 06 04 22 c1 95 c1 *) (* format bytes : 0xd721 & 0xff03 = 0xd701, format in little endian bit order: 11 10 10 11 10 *) IF r1 ugeq r33 r6 -> r34, (* 34 bits *) IF r34 ijmpt r1 r2, (* 34 bits *) IF r1 ugtr r6 r8 -> r8, (* 34 bits *) IF r1 nop, (* 0 bits *) IF r1 nop; (* 0 bits *) (* instruction 3 : 112 bits (14 bytes) long *) (* offset : 0x00000033 *) (* bytes : fc a7 a2 11 a2 22 01 22 07 00 a0 95 95 fe *) (* format bytes : 0xfca7 & 0xff03 = 0xfc03, format in little endian bit order: 00 11 11 11 11 *) IF r1 nop, (* 0 bits *) IF r8 ijmpf r34 r35, (* 34 bits *) IF r8 ijmpt r34 r2, (* 34 bits *) IF r1 nop, (* 0 bits *) IF r0 dcb(0) r7; (* 34 bits *) (* instruction 4 : 40 bits (5 bytes) long *) (* offset : 0x00000041 *) (* bytes : ff 02 07 e0 a1 *) (* format bytes : 0xff02 & 0xff03 = 0xff02, format in little endian bit order: 11 11 11 11 01 *) IF r1 iaddi(64) r7 -> r7, (* 26 bits *) IF r1 nop, (* 0 bits *) IF r1 nop, (* 0 bits *) IF r1 nop, (* 0 bits *) IF r1 nop; (* 0 bits *) (* instruction 5 : 56 bits (7 bytes) long *) (* offset : 0x00000046 *) (* bytes : fc 43 07 00 a2 7e 01 *) (* format bytes : 0xfc43 & 0xff03 = 0xfc03, format in little endian bit order: 00 11 11 11 11 *) IF r1 nop, (* 0 bits *) IF r1 nop, (* 0 bits *) IF r1 nop, (* 0 bits *) IF r1 nop, (* 0 bits *) IF r8 dcb(0) r7; (* 42 bits *) (* instruction 6 : 40 bits (5 bytes) long *) (* offset : 0x0000004d *) (* bytes : aa 82 08 11 02 *) (* format bytes : 0xaa82 & 0xff03 = 0xaa02, format in little endian bit order: 01 01 01 01 01 *) IF r1 bitand r8 r34 -> r8, (* 26 bits *) IF r1 nop, (* 0 bits *) IF r1 nop, (* 0 bits *) IF r1 nop, (* 0 bits *) IF r1 nop; (* 0 bits *) end disassembly $
UPDATE:
The disassembler, in source code and Windows executable form, is here [1]
[1] https://docs.google.com/open?id=0B6wW18mYskvBMmIwMGJjOTQtZDMxNS00MzNiLThkYzgtMGE4N2ZiNTEwMGM3
