06: 00 B5 push {lr}
08: 42 40 eors r2, r0
0a: 00 2A cmp r2, #0
0c: 00 F0 02 F8 bl #0x14
14: 70 46 mov r0, lr
16: 00 47 bx r0
None of the previous three instructions modifies the flags. (I checked in the ARM reference manual.) Thus, “BHS” (branch unsigned higher or same) uses the flags from the “CMP R2,#0” above. _Every_ value of R2 is higher (in the unsigned sense) or same as 0. Hence, the following branch is always taken:
10: F6 D2 bhs #0
00: 11 38 subs r0, #0x11
02: C0 7A ldrb r0, [r0, #0xb]
04: 00 BD pop {pc}
0x2A is 42 (decimal)! Could this be an Easter egg; a very obfuscated way of returning 42, the Answer to the Ultimate Question of Life, the Universe, and Everything? (Remember that the Raspberry design team is from Britain, same as Douglas Adams.)
After the addition of double-precision floating point support in V2 of the boot ROM (B1 silicon), we had just over 30 bytes spare. Removing any of the slightly obtuse space-saving techniques already used in the code always resulted in code that didn't fit, so we were left with the free space.
Nature abhors a vacuum, so I decided on an Easter Egg (note there is no secure code in the RP2040 boot ROM). It was surprisingly challenging to come up with some very short code which actually did something, but whose purpose was not immediately obvious. I was also super interested to see how long it would take someone to find it - 15 months apparently :-)
Hopefully it provided you some amusement/puzzle value... I sort of hoped it would be more confusing the more ARM assembly you knew, as it potentially sets off all sorts of wrong pattern-matching in the brain.
It does indeed return 42
Also returns 42.
And Eben studied at St John's College, Cambridge, same as Douglas Adams
00: 11 38 subs r0, #0x11
02: C0 7A ldrb r0, [r0, #0xb]
04: 00 BD pop {pc}
06: 00 B5 push {lr}
08: 42 40 eors r2, r0
0a: 00 2A cmp r2, #0
0c: 00 F0 02 F8 bl #0x14
10: F6 D2 bhs #0
12: 8E 46 mov lr, r1
14: 70 46 mov r0, lr
16: 00 47 bx r0
Edit2: I take that back - it's just very "creatively" written.
04 pop {pc} -> this is an odd way to return from a function on ARM, and likely means that these first bytes would be a very odd function.
06 push {lr} -> OK, maybe a valid prologue, but this function ignores the result of the cmp and calls 0x14.
// r0 = arg1, r1 = arg2, r2 = arg3
if (arg3 ^ arg1 >= 0u)
return 42; // edited //*(u8 *)(r0 - 17 + 11);
else // dead code (edited)
return arg2(); 06: 00 B5 push {lr}
EDIT: I spoke too quickly, looking at the disassembly in the sibling comment.
EDIT 2: That disassembly looks like data, TBH.
In this case, the use is documented where it's implemented: https://github.com/raspberrypi/pico-bootrom/blob/master/boot... . It's a custom wrapper to call ROM functions. When the ROM function returns, the trampoline executes a debugger breakpoint. This is done so that the debugger can call into ROM easily without needing to set a hardware breakpoint.
"Why No Easter Eggs"
https://docs.microsoft.com/en-us/archive/blogs/larryosterman...
https://hn.algolia.com/?query=Why%20no%20Easter%20Eggs
... and
The idea that Easter Eggs are security risks comes across as the most pedantic paranoid position. Statistically speaking software is not failing because of Easter eggs.
This does not seem to be about security but about typical American style “cover your ass” legalize thinking.
Sure if you create a space rocket control system I would not put in an Easter egg. But if it is a code editor, word processor, email reading client etc then who cares? Nobody will die and million dollar equipment is not going to blow up.
Disclaimer: I have never made an Easter Egg and I get that companies don’t do it if it causes problems with customers. I just think customers who complain about this should get a life.
Cute, condescending error messages are unprofessional and unhelpful. If fewer programs were steaming piles of garbage I might feel differently about it.
It's probably an Easter egg or an undocumented workaround for something.
https://github.com/raspberrypi/pico-bootrom/blob/ef22cd8ede5...
(@dang, worth updating the link?)