Eradicate all occurences of hardcoded memory addresses from all sources files, except for the FPGA bitstream fallback

armsrc/fpgaloader.c

@@ -275,14 +275,14 @@ void FpgaDownloadAndGo(void)
 	}
 	
 	/* Fallback for the old flash image format: Check for the magic marker 0xFFFFFFFF
-	 * 0xAA995566 at address 0x2000. This is raw bitstream with a size of 336,768 bits 
+	 * 0xAA995566 at address 0x102000. This is raw bitstream with a size of 336,768 bits 
 	 * = 10,524 DWORDs, stored as DWORDS e.g. little-endian in memory, but each DWORD
 	 * is still to be transmitted in MSBit first order. Set the invert flag to indicate
 	 * that the DownloadFPGA function should invert every 4 byte sequence when doing
 	 * the bytewise download.
 	 */
-	if( *(DWORD*)0x2000 == 0xFFFFFFFF && *(DWORD*)0x2004 == 0xAA995566 )
-		DownloadFPGA((DWORD *)0x2000, 10524, 1);
+	if( *(DWORD*)0x102000 == 0xFFFFFFFF && *(DWORD*)0x102004 == 0xAA995566 )
+		DownloadFPGA((DWORD *)0x102000, 10524, 1);
 }
 
 void FpgaGatherVersion(char *dst, int len)

bootrom/bootrom.c

@@ -107,6 +107,7 @@ void UsbPacketReceived(BYTE *packet, int len)
     UsbSendPacket(packet, len);
 }
 
+extern char _osimage_entry;
 void BootROM(void)
 {
     //------------
@@ -182,9 +183,8 @@ void BootROM(void)
             USB_D_PLUS_PULLUP_OFF();
             LED_B_ON();
 
-			// jump to Flash address 0x10000 (LSBit set for thumb mode, 0x100000 added for Flash base address)
-            asm("ldr r3, = 0x00110001\n");
-            asm("bx r3\n");
+			// jump to Flash address of the osimage entry point (LSBit set for thumb mode)
+            asm("bx %0\n" : : "r" ( ((int)&_osimage_entry) | 0x1 ) );
         }
     }
 }

bootrom/flash-reset.s

@@ -16,12 +16,17 @@ flashstart:
     b       Fiq
 
 Reset:
-    ldr     sp,     = 0x0020FFF8	@ initialize stack pointer to top of RAM
+    ldr     sp,     .stack_end	@ initialize stack pointer to top of RAM
     bl      CopyBootToRAM			@ copy bootloader to RAM (in case the
     								@ user re-flashes the bootloader)
-    ldr     r3,     = 0x00200000	@ start address of RAM bootloader
+    ldr     r3,     .bootphase2_start	@ start address of RAM bootloader
     bx      r3						@ jump to it
 
+	.stack_end:
+	.word _stack_end
+	.bootphase2_start:
+	.word __bootphase2_start__
+
 Fiq:
     b       Fiq
 UndefinedInstruction:

bootrom/fromflash.c

@@ -1,11 +1,13 @@
 #include <proxmark3.h>
 
+extern char __bootphase2_src_start__, __bootphase2_start__, __bootphase2_end__;
 void __attribute__((section(".bootphase1"))) CopyBootToRAM(void)
 {
 	int i;
 
-	volatile DWORD *s = (volatile DWORD *)0x200;
-	volatile DWORD *d = (volatile DWORD *)0x200000;
+	volatile DWORD *s = (volatile DWORD *)&__bootphase2_src_start__;
+	volatile DWORD *d = (volatile DWORD *)&__bootphase2_start__;
+	unsigned int l = (int)&__bootphase2_end__ - (int)&__bootphase2_start__;
 
-	for(i = 0; i < 1024; i++) *d++ = *s++;
+	for(i = 0; i < l/sizeof(DWORD); i++) *d++ = *s++;
 }

bootrom/ldscript-flash

@@ -25,6 +25,7 @@ SECTIONS
     	LONG(_version_information_start)
     } >bootphase1
     
+    __bootphase2_src_start__ = ORIGIN(bootphase2);
     .bootphase2 : {
     	__bootphase2_start__ = .;
     	*(.startphase2)

bootrom/ram-reset.s

@@ -6,5 +6,8 @@
 
 .global ramstart
 ramstart:
-    ldr     sp,     = 0x0020FFF8
+    ldr     sp,     .stack_end
     bl      BootROM
+
+	.stack_end:
+	.word _stack_end

common/ldscript.common

@@ -16,5 +16,7 @@ MEMORY
 
 /* Export some information that can be used from within the firmware */
 _bootphase1_version_pointer = ORIGIN(bootphase1) + LENGTH(bootphase1) - 0x4;
+_osimage_entry = ORIGIN(osimage);
 _flash_start = ORIGIN(bootphase1);
-_flash_end = ORIGIN(osimage) + LENGTH(osimage);
+_flash_end = ORIGIN(osimage) + LENGTH(osimage);
+_stack_end = ORIGIN(ram) + LENGTH(ram) - 8;