The Avnera AV7300 series is a series of wireless audio chipsets used in some headsets. For example, the Corsair Vengeance H2100 and Turtle Beach PX3. The AV7320 member of the family is specific to the base station and most likely doesn't have a microphone input or speaker amplifier.

The instructions have been figured out purely from reverse engineering, and thus some are missing. Most of the missing ones are due to not knowing the meaning of all the processor flags. See "instruction set notes" for more info.

An IDA disassembler module can be found in the Disassembler directory. Copy the python file to your IDA 'procs' directory to install. Developed on IDA 7.2.

I made a quick and dirty assembler for this chip in Lua. Not all the discovered instructions are available here, but you can specify raw bytes to get around that. See the example *.s files and the readme.

I focused on my Corsair H2100 for all my REing. Both the headset and dongle have serial EEPROMs that I could dump and modify. This EEPROM contains blocks which can be code, comments, or various data structures. Block headers and code are checksummed with a single byte.

By modifying this EEPROM, I discovered the checksumming scheme, which allowed further modifications. Then, I set about making random changes until something significant occurred. That was modifying the LED behaviour of the dongle. From this I figured out the registers for controlling the LED and how the FW controlled the LED. At this point, I could start crafting experiments to see how instructions behaved while using the LED as an output. Later, I used the LED as a serial data output and dumped the entire memory space, which revealed a large ROM.

The AV7300 ROM was most likely supplied with the chip. Customers of Avnera would then use it like an SDK. The dongle version, AV7320, has a different ROM to the headset. Both of these ROMs can be found in the binary dumps in the disassembler directory from 0x0 - 0xBFFF.