Disassembling binary code is tedious and often boring work. Going through a 3MByte large binary such as the “os” file would take ages so I decided to cheat a little.
What I was mostly interested in was code that touched the hardware, that really means the GPIO pins. Most of the time when the code accesses GPIO register it loads the base address for the whole bank of GPIO registers into a CPU register and then uses that CPU register with an offset to access the other GPIO registers.
The base address for the GPIO registers is 0x56000000. And the binary code for an ARM instruction loading this value into a register is 0xe3a0?456. The ? is the CPU register number and the 56 at the end is the highest eight bits of the address. Finding instructions as this is trivial, show a hexdump of the file, pipe it to less and use the “/” command in less to search for the bytes making up that instruction: