The snapshot-packages contained some breaks too:
DAT v1.02:
Code:
... // Initialization etc.
TRAP_Finished;
break 0x110(0,0xFFFF);
TRAP_0x20(0,0x1000);
TRAP_Finished;
break 0x210(0,1);
TRAP_0x510(2,1,0x1EFB6C); // TRAP_DeviceAccess?
TRAP_0x510(0,1,0x1EFB6C); // TRAP_DeviceAccess?
TRAP_Finished;
break 0x110(0,1);
... // Lots of trap-testing here
TRAP_0x20(0xFCD9E,0xEFAF8);
TRAP_Finished;
break 0x010(0);
I Robot v1.02:
Code:
... // Initialization etc.
TRAP_Finished;
break 0x110(0,0xFFFF);
TRAP_0x20(0,0x1000);
TRAP_Finished;
break 0x210(0,1);
TRAP_0x510(2,1,0x3DFB70); // TRAP_DeviceAccess?
TRAP_0x510(0,1,0x3DFB70); // TRAP_DeviceAccess?
TRAP_Finished;
break 0x110(0,1);
... // Lots of trap-testing here
TRAP_0x20(0xFCBDA,0x2DFAFC);
TRAP_Finished;
break 0x010(0);
As you can see, the 'program' seems to be the same for both movies.
The player can tell the content code what to do by changing the first 20 bytes before it 'reactivates' the VM:
Code:
break 0x110(0,0xFFFF): ?
break 0x210(0,1): check whether disc is in drive and ready (?)
break 0x110(0,1): test bd+ system / player and get ready for playback
break 0x220(0,1,n): decrypt block <n>
break 0x010(0): shut down
Most interesting would be to see which traps are called after break 0x220(0,1,n) was invoked. The content code needs to get data, decrypt it and output it somehow. We don't know yet which traps are used for input and output (slots? 0x510? 0x20?).