Full Keyroll 7 ASM as requested
;------------------------------------------------------------------------------------------------
; Keychange Method 7
;------------------------------------------------------------------------------------------------
;
; This is to handle the new keyroll method as implemented on 08/04/08 by NTL/TW
;
KEYMASK7_data:
.DB 0x3F,0x00,0x01,0xFA,0xB6,0x02,0x4E,0xA4
.DB 0x00,0xB8,0x00,0xB7,0x00,0x9B,0x11,0x02
.DB 0x1E,0x02,0xB6,0x02,0x4E,0xA4,0x00,0xB8
.DB 0x00,0xB7,0x00,0x1F,0x02,0x9A,0xA6,0x26
.DB 0xCC,0x6B,0x01,0x00,0x00,0x00,0x00,0x00
.DB 0x00,0x83,0x00,0x01,0x42,0x05,0x11,0x11
.DB 0x11,0x11,0x11,0x11,0x11,0x11,0x42,0x85
.DB 0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22
;0x11 and 0x22 just used to mark key locations
CHKKEYMASK7:
LDI YH, high(M) ;Set Y pointer to start of decrypted EMM in RAM (0x019B)
LDI YL, low(M)
LDI ZH, high(KEYMASK7_data * 2) ;Set Z pointer to start of KEYMASK7 * 2 in Flash
LDI ZL, low(KEYMASK7_data * 2)
CLR R18
KEYMASK7TOP:
CPI R18,0x01
BREQ KEYMASK7CHKLOOP
CPI R18,0x08
BREQ KEYMASK7CHKLOOP
CPI R18,0x0A
BREQ KEYMASK7CHKLOOP
CPI R18,0x0C
BREQ KEYMASK7CHKLOOP
CPI R18,0x16
BREQ KEYMASK7CHKLOOP
CPI R18,0x18
BREQ KEYMASK7CHKLOOP
CPI R18,0x1A
BREQ KEYMASK7CHKLOOP
CPI R18,0x2A
BREQ KEYMASK7CHKLOOP
; Byte is a mask byte so check that its what we expect
LPM
LDD R17,Y+0
CP R0,R17
BRNE KEYMASK7CHKLOOPEND ; No, not an EMM we can use so exit
KEYMASK7CHKLOOP:
ADIW R30,0x01 ;Increase the ZL Flash pointer
INC R28 ;Increase the YL EMM Buffer pointer
INC R18
CPI R18,0x2A ;Have we done all 2A bytes of the EMM ?
BRNE KEYMASK7TOP ;Nope .. carry on checking the mask
RCALL DOKEYROLL7 ;Yes, This is a keychange EMM so handle keyroll
KEYMASK7CHKLOOPEND:
RET
;If the mask check above passed then we are going to do the following block of code to process
;a Type 7 Keyroll (Map call).
;
DOKEYROLL7:
; Key0 start address =0x2E
; Key1 start address=0x38
; bytes to xor =0x0A, 0X0C, 0x18, 0x1A (-0x79 offset) to give buffer byte location
; key roll address byte offset= +0x7d
; Do first Byte of key
LDI YH, high(MP) ;load Y with memory pointer
LDI YL, low( MP)
CLR R18 ;Clear R18
LDS R18,(MP + 0x0A) ;Load R18 with Key Byte Offset from emm
SUBI R18,0x7d ;Subtract difference in memory position from offset to emm buffer byte
ADD R28,R18 ;Set Y to point to byte (r28=YL)
LD R16,Y ;load keyByte from emm position
LDS R17,(MP + 0x08) ;load xor value
EOR R16,R17 ;XOR byte
ST Y, R16 ;Write keyByte back to emm position
; Do second Byte of key
LDI YH, high(MP) ;load Y with memory pointer
LDI YL, low( MP)
CLR R18 ;Clear R18
LDS R18,(MP + 0x18) ;Load R18 with Key Byte Offset from emm
SUBI R18,0x7d ;Subtract difference in memory position from offset to emm buffer byte
ADD R28,R18 ;Set Y to point to calculated byte (r28=YL)
LD R16,Y ;load keyByte from emm position
LDS R17,(MP + 0x16) ;load xor value
EOR R16,R17 ;XOR byte
ST Y, R16 ;Write keyByte back to emm position
; Copy new Key 0 to buffer
LDI XH, high( MP + 0x2E)
LDI XL, low( MP + 0x2E )
LDI R29,0x02
LDI R28,0x63
LDI R18,0x08
KR7_1: LD R16,X+
ST Y+,R16
DEC R18
BRNE KR7_1
; Copy new Key 1 to buffer
LDI XH, high( MP + 0x38 )
LDI XL, low( MP + 0x38 )
LDI R29,0x02
LDI R28,0x6B
LDI R18,0x08
KR7_2: LD R16,X+
ST Y+,R16
DEC R18
BRNE KR7_2
; Write new keys to ext EEprom
RCALL Update_Keys
RET