A small update. Memory alignment took a few hours. I did this by dumping a lot of the string offsets in the firmware using standard unix console tools: strings -n 10 -o | grep "Audio" | awk '{print $2}' I then wrote a IDA script that dumped all load operation offsets, made a second script that brute-forced matching the offsets. The best match was 0x80010000 and not to anybody’s surprise this made IDA pro very happy and she started auto analyzing the firmware. Here is a screen shot of the memory-offsets:

IDA memory

Here is a in-action screen shot of IDA:

IDA action

I’ve done a good amount of reversing and everything is going well, still have no ETA on anything though. Subscribe to the blog or check back after the weekend if you are curious.