amyk,
Thanks for the explanation and the help! I appreciate it.
I'm trying to find where is the switch to THUMB occurs,
; Processor : ARMB
ROM:00C00000 ; Target assembler: Generic assembler for ARM
ROM:00C00000 ; Byte sex : Big endian
ROM:00C00000
ROM:00C00000 ; ===========================================================================
ROM:00C00000
ROM:00C00000 ; Segment type: Pure code
ROM:00C00000 AREA ROM, CODE, READWRITE, ALIGN=0
ROM:00C00000 ; ORG 0xC00000
ROM:00C00000 CODE32
ROM:00C00000 LDR PC, =loc_C0001C
ROM:00C00004 ; ---------------------------------------------------------------------------
ROM:00C00004 LDR PC, =loc_C00014
ROM:00C00004 ; ---------------------------------------------------------------------------
ROM:00C00008 DCD 0x5090701
ROM:00C0000C DCB 0x63, 0x75, 0x72, 0x6C, 0x79, 0, 0, 0
ROM:00C00014 ; ---------------------------------------------------------------------------
ROM:00C00014
ROM:00C00014 loc_C00014 ; CODE XREF: ROM:00C00004j
ROM:00C00014 ; DATA XREF: ROM:00C00004o ...
ROM:00C00014 MOV SP, #1
ROM:00C00018 B loc_C00208
ROM:00C0001C ; ---------------------------------------------------------------------------
ROM:00C0001C
ROM:00C0001C loc_C0001C ; CODE XREF: ROM:00C00000j
ROM:00C0001C ; DATA XREF: ROM:00C00000o ...
ROM:00C0001C MOV SP, #0
ROM:00C00020 MOV R1, #0xD3
ROM:00C00024 MSR CPSR_cxsf, R1
ROM:00C00028 MRC p15, 0, R0,c1,c0
ROM:00C0002C MOV R1, #0x80
ROM:00C00030 ORR R0, R1, R0
ROM:00C00034 MCR p15, 0, R0,c1,c0
ROM:00C00038 MOV R0, R1
ROM:00C0003C MOV R1, R0
ROM:00C00040 LDR R2, =0x20813500
ROM:00C00044 MOV R0, #0
ROM:00C00048 STRH R0, [R2,#0xA]
ROM:00C0004C MOV R0, 0x212C
ROM:00C00054 STRH R0, [R2,#6]
ROM:00C00058 MOV R0, 0x5060
ROM:00C00060 STRH R0, [R2]
ROM:00C00064 MOV R0, 0xCDA
ROM:00C0006C STRH R0, [R2,#2]
ROM:00C00070 MOV R0, 0x4E1
ROM:00C00078 STRH R0, [R2,#4]
ROM:00C0007C MOV R0, #3
ROM:00C00080 STRH R0, [R2,#8]
ROM:00C00084 MOV R0, #1
ROM:00C00088 STRH R0, [R2,#0xC]
ROM:00C0008C NOP
ROM:00C00090 NOP
ROM:00C00094 NOP
ROM:00C00098 NOP
ROM:00C0009C NOP
ROM:00C000A0 NOP
ROM:00C000A4 NOP
ROM:00C000A8 NOP
ROM:00C000AC MOV R3, #1
ROM:00C000B0
ROM:00C000B0 loc_C000B0 ; CODE XREF: ROM:00C000B8j
ROM:00C000B0 LDRH R0, [R2,#0xC]
ROM:00C000B4 ANDS R0, R0, R3
ROM:00C000B8 BNE loc_C000B0
ROM:00C000BC MOV R0, #8
ROM:00C000C0 STRH R0, [R2,#0xA]
ROM:00C000C4 MOV R3, #3
ROM:00C000C8
ROM:00C000C8 loc_C000C8 ; CODE XREF: ROM:00C000D4j
ROM:00C000C8 ; ROM:00C000E4j ...
ROM:00C000C8 LDRH R0, [R2,#0xE]
ROM:00C000CC ANDS R0, R0, R3
ROM:00C000D0 CMP R3, R0
ROM:00C000D4 BNE loc_C000C8
ROM:00C000D8 LDRH R0, [R2,#0xE]
ROM:00C000DC AND R0, R0, R3
ROM:00C000E0 CMP R3, R0
ROM:00C000E4 BNE loc_C000C8
ROM:00C000E8 LDRH R0, [R2,#0xE]
ROM:00C000EC AND R0, R0, R3
ROM:00C000F0 CMP R3, R0
ROM:00C000F4 BNE loc_C000C8
ROM:00C000F8 NOP
ROM:00C000FC NOP
ROM:00C00100 NOP
ROM:00C00104 NOP
ROM:00C00108 MOV R0, #0xA
ROM:00C0010C STRH R0, [R2,#0xA]
ROM:00C00110 MOV R7, 0x20814400
ROM:00C00118 LDRH R1, [R7,#4]
ROM:00C0011C ORR R1, R1, #1
ROM:00C00120 STRH R1, [R7,#4]
ROM:00C00124 MOV R1, 0x404
ROM:00C0012C STRH R1, [R7]
ROM:00C00130 MOV R1, #0x15
ROM:00C00134 STRH R1, [R7,#2]
ROM:00C00138 MOV R1, 0x827
ROM:00C00140 STRH R1, [R7,#6]
ROM:00C00144 MOV R1, 0x311
ROM:00C0014C STRH R1, [R7,#8]
ROM:00C00150 MOV R1, #5
ROM:00C00154 STRH R1, [R7,#0xA]
ROM:00C00158 MOV R1, #0x66
ROM:00C0015C STRH R1, [R7,#0xC]
ROM:00C00160 MOV R1, 0x3FF
ROM:00C00168 STRH R1, [R7,#0xE]
ROM:00C0016C MOV R1, #0x14
ROM:00C00170 STRH R1, [R7,#0x12]
ROM:00C00174 MOV R1, #0x60
ROM:00C00178 STRH R1, [R7,#0x1E]
ROM:00C0017C MOV R1, #0xF
ROM:00C00180 STRH R1, [R7,#0x1C]
ROM:00C00184 ADD R6, R7, #0x32
ROM:00C00188 ADD R5, R7, #0x14
ROM:00C0018C MOV R4, #8
ROM:00C00190 BLX loc_C00314
ROM:00C00194 ADD R5, R7, #0x1A
ROM:00C00198 MOV R4, #2
ROM:00C0019C BLX loc_C00314
ROM:00C001A0 ADD R5, R7, #0x16
ROM:00C001A4 MOV R4, #1
ROM:00C001A8 BLX loc_C00314
ROM:00C001AC LDR R6, =0x2081FE00
ROM:00C001B0 MOV R1, #0x30
ROM:00C001B4 STRH R1, [R6,#0x1E]
ROM:00C001B8 MOV R0, #0xC8
ROM:00C001BC BLX loc_C0034C
ROM:00C001C0 MOV R1, #0
ROM:00C001C4 STRH R1, [R7,#0x22]
ROM:00C001C8 MOV R0, #1
ROM:00C001CC BLX loc_C0034C
ROM:00C001D0 MOV R1, 0x4002
ROM:00C001D8 STRH R1, [R7,#0x10]
ROM:00C001DC MOV R0, #1
ROM:00C001E0 BLX loc_C0034C
ROM:00C001E4 MOV R1, 0x121
ROM:00C001EC STRH R1, [R7,#0x10]
ROM:00C001F0 MOV R0, #4
ROM:00C001F4 BLX loc_C0034C
ROM:00C001F8 MOV R1, #0x21
ROM:00C001FC STRH R1, [R7,#0x10]
ROM:00C00200 MOV R0, #0x2D
ROM:00C00204 BLX loc_C0034C
ROM:00C00208
ROM:00C00208 loc_C00208 ; CODE XREF: ROM:00C00018j
ROM:00C00208 MRC p15, 0, R0,c1,c0
ROM:00C0020C MOV R1, 0x1005
ROM:00C00214 BIC R0, R0, R1
ROM:00C00218 MCR p15, 0, R0,c1,c0
ROM:00C0021C MOV R1, #0x3F
ROM:00C00220 MCR p15, 0, R1,c6,c0
ROM:00C00224 MOV R1, #0x33
ROM:00C00228 MCR p15, 0, R1,c6,c1
ROM:00C0022C MOV R1, 0xDC000031
ROM:00C00234 MCR p15, 0, R1,c6,c2
ROM:00C00238 MOV R1, 0xFC000031
ROM:00C00240 MCR p15, 0, R1,c6,c3
ROM:00C00244 MOV R1, 0xFE000031
ROM:00C0024C MCR p15, 0, R1,c6,c4
ROM:00C00250 LDR R1, =0x2081001F
ROM:00C00254 MCR p15, 0, R1,c6,c5
ROM:00C00258 MOV R1, 0x20000023
ROM:00C00260 MCR p15, 0, R1,c6,c6
ROM:00C00264 MOV R1, #0x40000037
ROM:00C00268 MCR p15, 0, R1,c6,c7
ROM:00C0026C MOV R1, #0x1E
ROM:00C00270 MCR p15, 0, R1,c2,c0, 1
ROM:00C00274 MOV R1, #0xE
ROM:00C00278 MCR p15, 0, R1,c2,c0
ROM:00C0027C MOV R1, #0xFC
ROM:00C00280 MCR p15, 0, R1,c3,c0
ROM:00C00284 MOV R1, 0xFFFF
ROM:00C0028C MCR p15, 0, R1,c5,c0, 1
ROM:00C00290 MCR p15, 0, R1,c5,c0
ROM:00C00294 MRC p15, 0, R0,c1,c0
ROM:00C00298 MOV R1, 0x1005
ROM:00C002A0 ORR R0, R1, R0
ROM:00C002A4 MCR p15, 0, R0,c1,c0
ROM:00C002A8 MOV R0, #8
ROM:00C002AC LDR R0, [R0]
ROM:00C002B0 MOV R1, SP
ROM:00C002B4 MRC p15, 0, R2,c1,c0
ROM:00C002B8 ORR R2, R2, #0x40000
ROM:00C002BC MCR p15, 0, R2,c1,c0
ROM:00C002C0 LDR SP, =0xFC0009D0
ROM:00C002C4 LDR PC, =(loc_C005B8+1)
all seems like native ARM, including the jump to C005B8
but after that it looks all scrambled.
LDRLTB R11, [R0,#0x87]!
ROM:00C005BC ANDLS R9, R6, R5,LSL#2
ROM:00C005C0 MRRCMI p9, 5, R4,R10,c11
ROM:00C005C4 SMLABBLS R3, R12, R2, R4
ROM:00C005C8 ANDLE R12, R5, #0x700
ROM:00C005CC LDRNVB PC, [PC,R4,ROR#29]!
ROM:00C005D0 STMLSDA R3, {R2,R7,R9,LR}
ROM:00C005D4 MOVLES R4, 0xFFFFEA3F
ROM:00C005D8 LDMMIDB R7, {R2,R8,R12,PC}^
ROM:00C005DC ADDMI SP, SP, #0x50000000
ROM:00C005E0 STCGT p7, c15, [R7,#-0x3FC]
ROM:00C005E4 CDP2 p8, 0xE, c9,c5,c4
ROM:00C005E8 ADDMI SP, R5, #0xE4000003
ROM:00C005EC ANDNV PC, R0, R1,LSL#27
ROM:00C005F0 SUBGES PC, R2, R0
ROM:00C005F4 STC2L p2, c2, [R1]!
ROM:00C005F8 ANDLS R4, R0, #0x550
ROM:00C005FC STMLSDB R6, {R0,R1,R3,R8-R11}
ROM:00C00600 LDCPLL p0, c15, [R0]
ROM:00C00604 LDC2L p9, c9, [R0,#-0x18]
ROM:00C00608 TSTEQ R9, R6,LSL#2
which makes me believe it happens after the jump.
Is my assumption correct.
Still trying to pinpoint what type of Marvell SoC this is, most of the ones I've found are the modern ones.
88F5182 looks close, but seems unlikely that it's used (too overpowered for this application)