I've been looking into reverse engineering the Gamecube's IPL and am looking for information on the AD16 EXI device. From what I understand, the common thought around the device is that it's used for debugging yet neither yagcd nor dolphin-emu provide much information on it.
Upon working on reversing the IPL I have found only 6 calls to the device and have found no other examples of it's use. Provided below is some code to write to the device.
Code: Select all
u32 __ad16_send_cmd(u32 cmd, u32 addr, u32 nMode)
{
u32 ad16_status;
u32 result = 1;
ad16_status = EXI_Lock(EXI_CHANNEL_2, EXI_DEVICE_0, NULL); // If the lock fails it will return = 0
if ((*AD16_DATA_UNK1 == 0) || (ad16_status == 0))
{
return 0;
}
if(EXI_Select(EXI_CHANNEL_2, EXI_DEVICE_0, EXI_SPEED1MHZ) == 0)
{
EXI_Unlock(EXI_CHANNEL_2);
return 0;
}
while(result)
{
if(!EXI_Imm(EXI_CHANNEL_2, cmd, 1, EXI_WRITE, NULL)) result = 0;
if(!EXISync(EXI_CHANNEL_2)) result = 0;
if(!EXI_Imm(EXI_CHANNEL_2, &addr, 4, nMode, NULL)) result = 0;
if(!EXISync(EXI_CHANNEL_2)) result = 0;
if(!EXI_Deselect(EXI_CHANNEL_2)) result = 0;
}
EXI_Unlock(EXI_CHANNEL_2);
return result;
}
What the IPL does is initialize the device upon entering it's main() function. It does so by sending it the 0x00000000 code. Basically the main function containing the 6 AD16 commands goes as follows(Although I've simplified it greatly):
Code: Select all
void main()
{
InitializeUART();
AD16_Init();
AD16_Write(0x80000000);
DVD_Init();
AD16_Write(0x90000000);
CARD_Init();
AD16_Write(0xa0000000);
VIDEO_Init();
AD16_Write(0xb0000000);
ReadDisc();
PAD_Init();
AD16_Write(0xc0000000);
MainMenu();
panic();
return;
}
What I don't know is what the device actually does. Has anyone played around with sending various commands to it or looking for some sort of response? I'm kinda just trying to gather whatever information people have before playing around with it some more myself.