mbm (also known as RAMLD or ramloader).
it can talk with pc over usb. It have this commands:
cmd_ADDR EQU 1 cmd_BIN EQU 2 cmd_START EQU 3 cmd_HSYNC EQU 4 cmd_POWER_DOWN EQU 5 cmd_RQHW EQU 7 cmd_RQRC EQU 8 cmd_RQUID EQU 0xA cmd_RQVN EQU 0xB cmd_JUMP EQU 0xC cmd_RESTART EQU 0xE cmd_RQSW EQU 0x12 cmd_READ EQU 0x15 cmd_RQINFO EQU 0x17 cmd_FL_RESTART EQU 0x18
And this is a section inside mbm which parse this commands:
ROM:8F31657A
ROM:8F31657A ; =============== S U B R O U T I N E =======================================
ROM:8F31657A
ROM:8F31657A
ROM:8F31657A ; int __fastcall cmd_handler()
ROM:8F31657A cmd_handler ; CODE XREF: parser+256p
ROM:8F31657A
ROM:8F31657A var_28 = -0x28
ROM:8F31657A var_27 = -0x27
ROM:8F31657A
ROM:8F31657A ; FUNCTION CHUNK AT ROM:8F3166BC SIZE 00000018 BYTES
ROM:8F31657A
ROM:8F31657A 000 2D E9 F8 4F PUSH.W {R3-R11,LR} ; Push registers
ROM:8F31657E 028 80 46 MOV R8, R0 ; Rd = Op2
ROM:8F316580 028 89 46 MOV R9, R1 ; Rd = Op2
ROM:8F316582 028 92 46 MOV R10, R2 ; Rd = Op2
ROM:8F316584 028 FB F7 C5 FB BL check_security_type ; Branch with Link
ROM:8F316588 028 F3 4C LDR R4, =cmds_list ; Load from Memory
ROM:8F31658A 028 00 25 MOVS R5, #0 ; Rd = Op2
ROM:8F31658C 028 1A 26 MOVS R6, #0x1A ; Rd = Op2
ROM:8F31658E 028 07 46 MOV R7, R0 ; Rd = Op2
ROM:8F316590
ROM:8F316590 read_command ; CODE XREF: cmd_handler+2Cj
ROM:8F316590 028 41 46 MOV R1, R8 ; Rd = Op2
ROM:8F316592 028 20 68 LDR R0, [R4] ; Load from Memory
ROM:8F316594 028 FD F7 C0 FA BL str_compare_0 ; Branch with Link
ROM:8F316598 028 08 B1 CBZ R0, read_next ; Compare and Branch on Zero
ROM:8F31659A 028 26 79 LDRB R6, [R4,#4] ; Load from Memory
ROM:8F31659C 028 04 E0 B parse_CMD ; Branch
ROM:8F31659E ; ---------------------------------------------------------------------------
ROM:8F31659E
ROM:8F31659E read_next ; CODE XREF: cmd_handler+1Ej
ROM:8F31659E 028 68 1C ADDS R0, R5, #1 ; Rd = Op1 + Op2
ROM:8F3165A0 028 08 34 ADDS R4, #8 ; Rd = Op1 + Op2
ROM:8F3165A2 028 C5 B2 UXTB R5, R0 ; Unsigned extend byte to word
ROM:8F3165A4 028 0F 2D CMP R5, #0xF ; Set cond. codes on Op1 - Op2
ROM:8F3165A6 028 F3 D3 BCC read_command ; Branch
ROM:8F3165A8
ROM:8F3165A8 parse_CMD ; CODE XREF: cmd_handler+22j
ROM:8F3165A8 028 42 46 MOV R2, R8 ; Rd = Op2
ROM:8F3165AA 028 49 46 MOV R1, R9 ; Rd = Op2
ROM:8F3165AC 028 30 46 MOV R0, R6 ; Rd = Op2
ROM:8F3165AE 028 FC F7 36 F8 BL chk_sec ; Branch with Link
ROM:8F3165B2 028 23 28 CMP R0, #0x23 ; Set cond. codes on Op1 - Op2
ROM:8F3165B4 028 23 D0 BEQ exit ; Branch
ROM:8F3165B6 028 19 2E CMP R6, #0x19 ; switch 25 cases
ROM:8F3165B8 028 7D D2 BCS if_other ; default
ROM:8F3165BA
ROM:8F3165BA CMD_choise ; switch jump
ROM:8F3165BA 028 DF E8 06 F0 TBB.W [PC,R6]
ROM:8F3165BA 028 ; ---------------------------------------------------------------------------
ROM:8F3165BE 028 7F cmd_choise DCB 0x7F ; jump table for switch statement
ROM:8F3165BF 028 0D DCB 0xD
ROM:8F3165C0 028 22 DCB 0x22
ROM:8F3165C1 028 7F DCB 0x7F
ROM:8F3165C2 028 7F DCB 0x7F
ROM:8F3165C3 028 28 DCB 0x28
ROM:8F3165C4 028 7F DCB 0x7F
ROM:8F3165C5 028 37 DCB 0x37
ROM:8F3165C6 028 64 DCB 0x64
ROM:8F3165C7 028 7F DCB 0x7F
ROM:8F3165C8 028 5A DCB 0x5A
ROM:8F3165C9 028 5F DCB 0x5F
ROM:8F3165CA 028 73 DCB 0x73
ROM:8F3165CB 028 7F DCB 0x7F
ROM:8F3165CC 028 2D DCB 0x2D
ROM:8F3165CD 028 7F DCB 0x7F
ROM:8F3165CE 028 7F DCB 0x7F
ROM:8F3165CF 028 7F DCB 0x7F
ROM:8F3165D0 028 6E DCB 0x6E
ROM:8F3165D1 028 7F DCB 0x7F
ROM:8F3165D2 028 7F DCB 0x7F
ROM:8F3165D3 028 32 DCB 0x32
ROM:8F3165D4 028 7F DCB 0x7F
ROM:8F3165D5 028 69 DCB 0x69
ROM:8F3165D6 028 78 DCB 0x78
ROM:8F3165D7 028 00 ALIGN 2
ROM:8F3165D8
ROM:8F3165D8 is_ADDR ; CODE XREF: cmd_handler:CMD_choisej
ROM:8F3165D8 028 E0 48 LDR R0, =byte_8F32D150 ; jumptable 8F3165BA case 1
ROM:8F3165DA 028 00 78 LDRB R0, [R0] ; Load from Memory
ROM:8F3165DC 028 01 28 CMP R0, #1 ; Set cond. codes on Op1 - Op2
ROM:8F3165DE 028 04 D1 BNE error ; Branch
ROM:8F3165E0 028 48 46 MOV R0, R9 ; Rd = Op2
ROM:8F3165E2 028 BD E8 F8 4F POP.W {R3-R11,LR} ; Pop registers
ROM:8F3165E6 000 FC F7 38 BC B.W cmd_handler_ADDR ; Branch
ROM:8F3165EA ; ---------------------------------------------------------------------------
ROM:8F3165EA
ROM:8F3165EA error ; CODE XREF: cmd_handler+64j
ROM:8F3165EA 028 77 20 MOVS R0, #0x77 ; Rd = Op2
ROM:8F3165EC 028 69 46 MOV R1, SP ; Rd = Op2
ROM:8F3165EE 028 8D F8 00 00 STRB.W R0, [SP,#0x28+var_28] ; Store to Memory
ROM:8F3165F2 028 00 20 MOVS R0, #0 ; Rd = Op2
ROM:8F3165F4 028 8D F8 01 00 STRB.W R0, [SP,#0x28+var_27] ; Store to Memory
ROM:8F3165F8 028 D6 48 LDR R0, =ANSWER_ERR ; "ERR"
ROM:8F3165FA 028 FF F7 67 FF BL usb_send ; Branch with Link
ROM:8F3165FE
ROM:8F3165FE exit ; CODE XREF: cmd_handler+3Aj
ROM:8F3165FE 028 BD E8 F8 8F POP.W {R3-R11,PC} ; Pop registers
ROM:8F316602 ; ---------------------------------------------------------------------------
ROM:8F316602
ROM:8F316602 is_BIN ; CODE XREF: cmd_handler:CMD_choisej
ROM:8F316602 028 51 46 MOV R1, R10 ; jumptable 8F3165BA case 2
ROM:8F316604 028 48 46 MOV R0, R9 ; Rd = Op2
ROM:8F316606 028 BD E8 F8 4F POP.W {R3-R11,LR} ; Pop registers
ROM:8F31660A 000 FC F7 7A BC B.W cmd_handler_BIN ; Branch
ROM:8F31660E ; ---------------------------------------------------------------------------
ROM:8F31660E
ROM:8F31660E is_POWER_DOWN ; CODE XREF: cmd_handler:CMD_choisej
ROM:8F31660E 028 48 46 MOV R0, R9 ; jumptable 8F3165BA case 5
ROM:8F316610 028 BD E8 F8 4F POP.W {R3-R11,LR} ; Pop registers
ROM:8F316614 000 FC F7 63 BF B.W cmd_handler_POWEROFF ; Branch
ROM:8F316618 ; ---------------------------------------------------------------------------
ROM:8F316618
ROM:8F316618 is_RESTART ; CODE XREF: cmd_handler:CMD_choisej
ROM:8F316618 028 48 46 MOV R0, R9 ; jumptable 8F3165BA case 14
ROM:8F31661A 028 BD E8 F8 4F POP.W {R3-R11,LR} ; Pop registers
ROM:8F31661E 000 FC F7 87 BF B.W cmd_handler_RESET ; Branch
ROM:8F316622 ; ---------------------------------------------------------------------------
ROM:8F316622
ROM:8F316622 is_READ ; CODE XREF: cmd_handler:CMD_choisej
ROM:8F316622 028 48 46 MOV R0, R9 ; jumptable 8F3165BA case 21
ROM:8F316624 028 BD E8 F8 4F POP.W {R3-R11,LR} ; Pop registers
ROM:8F316628 000 FC F7 D3 BF B.W cmd_handler_READ ; Branch
ROM:8F31662C ; ---------------------------------------------------------------------------
ROM:8F31662C
ROM:8F31662C is_RQ_type ; CODE XREF: cmd_handler:CMD_choisej
ROM:8F31662C 028 CC 48 LDR R0, =byte_8F32D18C ; jumptable 8F3165BA case 7
ROM:8F31662E 028 00 78 LDRB R0, [R0] ; Load from Memory
ROM:8F316630 028 F0 28 CMP R0, #0xF0 ; Set cond. codes on Op1 - Op2
ROM:8F316632 028 19 D0 BEQ is_RQHW ; Branch
ROM:8F316634 028 C8 49 LDR R1, =cmds_list ; Load from Memory
ROM:8F316636 028 91 F8 79 20 LDRB.W R2, [R1,#0x79] ; Load from Memory
ROM:8F31663A 028 01 2A CMP R2, #1 ; Set cond. codes on Op1 - Op2
ROM:8F31663C 028 14 D1 BNE is_RQHW ; Branch
ROM:8F31663E 028 4C F2 01 02 MOVW R2, #0xC001 ; Rd = Op2
ROM:8F316642 028 97 42 CMP R7, R2 ; Set cond. codes on Op1 - Op2
ROM:8F316644 028 03 D0 BEQ return_RQ_error ; Branch
ROM:8F316646 028 A7 F5 2B 42 SUB.W R2, R7, #0xAB00 ; Rd = Op1 - Op2
ROM:8F31664A 028 1E 3A SUBS R2, #0x1E ; Rd = Op1 - Op2
ROM:8F31664C 028 0C D1 BNE is_RQHW ; Branch
ROM:8F31664E
ROM:8F31664E return_RQ_error ; CODE XREF: cmd_handler+CAj
ROM:8F31664E 028 00 22 MOVS R2, #0 ; Rd = Op2
ROM:8F316650 028 81 F8 79 20 STRB.W R2, [R1,#0x79] ; Store to Memory
ROM:8F316654 028 69 46 MOV R1, SP ; Rd = Op2
ROM:8F316656 028 8D F8 00 00 STRB.W R0, [SP,#0x28+var_28] ; Store to Memory
ROM:8F31665A 028 BE 48 LDR R0, =ANSWER_ERR ; "ERR"
ROM:8F31665C 028 8D F8 01 20 STRB.W R2, [SP,#0x28+var_27] ; Store to Memory
ROM:8F316660 028 FF F7 34 FF BL usb_send ; Branch with Link
ROM:8F316664 028 BD E8 F8 8F POP.W {R3-R11,PC} ; Pop registers
ROM:8F316668 ; ---------------------------------------------------------------------------
ROM:8F316668
ROM:8F316668 is_RQHW ; CODE XREF: cmd_handler+B8j
ROM:8F316668 ; cmd_handler+C2j ...
ROM:8F316668 028 48 46 MOV R0, R9 ; Rd = Op2
ROM:8F31666A 028 BD E8 F8 4F POP.W {R3-R11,LR} ; Pop registers
ROM:8F31666E 000 FC F7 9C BC B.W cmd_handler_RQHW ; Branch
ROM:8F316672 ; ---------------------------------------------------------------------------
ROM:8F316672
ROM:8F316672 is_RQUID ; CODE XREF: cmd_handler:CMD_choisej
ROM:8F316672 028 48 46 MOV R0, R9 ; jumptable 8F3165BA case 10
ROM:8F316674 028 BD E8 F8 4F POP.W {R3-R11,LR} ; Pop registers
ROM:8F316678 000 FC F7 A6 BC B.W cmd_handler_RQUID ; Branch
ROM:8F31667C ; ---------------------------------------------------------------------------
ROM:8F31667C
ROM:8F31667C is_RQVN ; CODE XREF: cmd_handler:CMD_choisej
ROM:8F31667C 028 48 46 MOV R0, R9 ; jumptable 8F3165BA case 11
ROM:8F31667E 028 BD E8 F8 4F POP.W {R3-R11,LR} ; Pop registers
ROM:8F316682 000 FC F7 D4 BE B.W cmd_handler_RQVN ; Branch
ROM:8F316686 ; ---------------------------------------------------------------------------
ROM:8F316686
ROM:8F316686 is_RQRC ; CODE XREF: cmd_handler:CMD_choisej
ROM:8F316686 028 48 46 MOV R0, R9 ; jumptable 8F3165BA case 8
ROM:8F316688 028 BD E8 F8 4F POP.W {R3-R11,LR} ; Pop registers
ROM:8F31668C 000 FC F7 F0 BB B.W cmd_handler_RQRC ; Branch
ROM:8F316690 ; ---------------------------------------------------------------------------
ROM:8F316690
ROM:8F316690 is_RQINFO ; CODE XREF: cmd_handler:CMD_choisej
ROM:8F316690 028 48 46 MOV R0, R9 ; jumptable 8F3165BA case 23
ROM:8F316692 028 BD E8 F8 4F POP.W {R3-R11,LR} ; Pop registers
ROM:8F316696 000 FC F7 4E BD B.W cmd_handler_RQINFO ; Branch
ROM:8F31669A ; ---------------------------------------------------------------------------
ROM:8F31669A
ROM:8F31669A is_RQSW ; CODE XREF: cmd_handler:CMD_choisej
ROM:8F31669A 028 48 46 MOV R0, R9 ; jumptable 8F3165BA case 18
ROM:8F31669C 028 BD E8 F8 4F POP.W {R3-R11,LR} ; Pop registers
ROM:8F3166A0 000 FC F7 71 BF B.W cmd_handler_RQSW ; Branch
ROM:8F3166A4 ; ---------------------------------------------------------------------------
ROM:8F3166A4
ROM:8F3166A4 is_JUMP ; CODE XREF: cmd_handler:CMD_choisej
ROM:8F3166A4 028 48 46 MOV R0, R9 ; jumptable 8F3165BA case 12
ROM:8F3166A6 028 BD E8 F8 4F POP.W {R3-R11,LR} ; Pop registers
ROM:8F3166AA 000 FC F7 22 BF B.W cmd_handler_JUMP ; Branch
ROM:8F3166AE ; ---------------------------------------------------------------------------
ROM:8F3166AE
ROM:8F3166AE is_FL_RE ; CODE XREF: cmd_handler:CMD_choisej
ROM:8F3166AE 028 48 46 MOV R0, R9 ; jumptable 8F3165BA case 24
ROM:8F3166B0 028 BD E8 F8 4F POP.W {R3-R11,LR} ; Pop registers
ROM:8F3166B4 000 00 E0 B cmd_handler_FL_RE ; Branch
ROM:8F3166B6 ; ---------------------------------------------------------------------------
ROM:8F3166B6
ROM:8F3166B6 if_other ; CODE XREF: cmd_handler+3Ej
ROM:8F3166B6 028 01 E0 B print_error_msg ; default
ROM:8F3166B6 ; End of function cmd_handler
ROM:8F3166B6