ROM:FF85667C     loc_FF85667C:                           @ CODE XREF: sub_FF8565E4+88j
ROM:FF85667C 018                 MOV     R0, R8          @ This code is called from a jump table, R8 was set before there. I don't know where we came from.
ROM:FF856680 018                 BL      sub_FF94450C
ROM:FF856684 018                 LDRB    R1, [R4,#0x1C9] @ 4th byte of LBA
ROM:FF856688 018                 LDRB    R3, [R4,#0x1C8] @ 3rd byte of LBA
ROM:FF85668C 018                 LDRB    R12, [R4,#0x1CC] @ 3rd byte of partition length
ROM:FF856690 018                 MOV     R1, R1,LSL#24   @ Shift and...
ROM:FF856694 018                 ORR     R1, R1, R3,LSL#16 @ combine LBA bytes (endianness fix)
ROM:FF856698 018                 LDRB    R3, [R4,#0x1C7] @ 2nd byte of LBA
ROM:FF85669C 018                 LDRB    R2, [R4,#0x1BE] @ Partition status (0x00=nonboot, 0x80=boot, other=bad)
ROM:FF8566A0 018                 LDRB    LR, [R4,#0x1FF] @ Last MBR signature byte (0xAA)
ROM:FF8566A4 018                 ORR     R1, R1, R3,LSL#8 @ Combine more LBA bytes
ROM:FF8566A8 018                 LDRB    R3, [R4,#0x1C6] @ 1st byte of LBA
ROM:FF8566AC 018                 CMP     R2, #0          @ Check partition status
ROM:FF8566B0 018                 CMPNE   R2, #0x80       @ and again
ROM:FF8566B4 018                 ORR     R1, R1, R3      @ Combine LBA into final value
ROM:FF8566B8 018                 LDRB    R3, [R4,#0x1CD] @ 4th byte of partition length
ROM:FF8566BC 018                 MOV     R3, R3,LSL#24   @ Shift and...
ROM:FF8566C0 018                 ORR     R3, R3, R12,LSL#16 @ combine partition length bytes
ROM:FF8566C4 018                 LDRB    R12, [R4,#0x1CB] @ 2nd byte of partition length
ROM:FF8566C8 018                 ORR     R3, R3, R12,LSL#8 @ Combine partition length bytes
ROM:FF8566CC 018                 LDRB    R12, [R4,#0x1CA] @ 1st byte of partition length
ROM:FF8566D0 018                 ORR     R3, R3, R12     @ Combine partition length bytes into final value
ROM:FF8566D4 018                 LDRB    R12, [R4,#0x1FE] @ First MBR signature byte (0x55)
ROM:FF8566D8 018                 MOV     R4, #0          @ This value previously held a pointer to the partition table :(
ROM:FF8566D8                                             @ Now, R0 = ??
ROM:FF8566D8                                             @      R1 = partition LBA start address
ROM:FF8566D8                                             @      R2 = partition status
ROM:FF8566D8                                             @      R3 = partition length in sectors
ROM:FF8566DC 018                 BNE     loc_FF856704    @ Jump out if the partition is malformed (partition status 'other')
ROM:FF8566E0 018                 CMP     R0, R1
ROM:FF8566E4 018                 BCC     loc_FF856704    @ Jump out if R0 < R1 (probably checking for a valid LBA addr)
ROM:FF8566E8 018                 ADD     R2, R1, R3      @ R2 = partition start address + length = partition end address
ROM:FF8566EC 018                 CMP     R2, R0          @ Guess: CMPLS is used to check for an overflow, the partition end address cannot be negative.
ROM:FF8566F0 018                 CMPLS   R12, #0x55      @ Check MBR signature
ROM:FF8566F4 018                 CMPEQ   LR, #0xAA
ROM:FF8566F8 018                 MOVEQ   R6, R1
ROM:FF8566FC 018                 MOVEQ   R5, R3
ROM:FF856700 018                 MOVEQ   R4, #1