RK3588 DDR init blob reverse engineering

- Ghidra decompilation of v1.02-v1.19 blobs (118 functions)
- 53 functions renamed, 79 MMIO registers mapped to TRM
- 45 timeout-less poll loops identified and patched
- Production patcher (patch_prod.py) and QEMU emulator
- Comprehensive analysis, frequency tables, community research

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

ExportAsm.java

@@ -0,0 +1,35 @@
+//Exports disassembly listing
+//@category Export
+import ghidra.app.script.GhidraScript;
+import ghidra.program.model.listing.*;
+import ghidra.program.model.mem.*;
+import java.io.*;
+
+public class ExportAsm extends GhidraScript {
+    @Override
+    public void run() throws Exception {
+        String[] args = getScriptArgs();
+        String outPath = args.length > 0 ? args[0] : "/opt/work/ddr_asm.s";
+        
+        PrintWriter pw = new PrintWriter(new File(outPath));
+        Listing listing = currentProgram.getListing();
+        Memory memory = currentProgram.getMemory();
+        
+        InstructionIterator ii = listing.getInstructions(true);
+        while (ii.hasNext()) {
+            Instruction inst = ii.next();
+            String addr = inst.getAddress().toString();
+            String mnemonic = inst.toString();
+            
+            // Check if this is a function entry
+            Function func = currentProgram.getFunctionManager().getFunctionAt(inst.getAddress());
+            if (func != null) {
+                pw.println("\n// ============ " + func.getName() + " @ " + addr + " ============");
+            }
+            
+            pw.printf("  %s:  %s%n", addr, mnemonic);
+        }
+        pw.close();
+        println("Assembly exported to " + outPath);
+    }
+}