diff --git a/README.md b/README.md
index e5c91c0..8126b86 100644
--- a/README.md
+++ b/README.md
@@ -79,6 +79,8 @@ usage:
     xrock flash write <sector> <file>            - Write file to flash sector
 extra:
     xrock extra maskrom --rc4 <on|off> [--sram <file> --delay <ms>] [--dram <file> --delay <ms>] [...]
+    xrock extra maskrom-dump-arm32 --rc4 <on|off> --uart <register> <address> <length>
+    xrock extra maskrom-dump-arm64 --rc4 <on|off> --uart <register> <address> <length>
     xrock extra maskrom-write-arm32 --rc4 <on|off> <address> <file>
     xrock extra maskrom-write-arm64 --rc4 <on|off> <address> <file>
     xrock extra maskrom-exec-arm32 --rc4 <on|off> <address>
@@ -111,98 +113,123 @@ diff --git a/u-boot/cmd/rockusb.c b/u-boot/cmd/rockusb.c
 ### RV1106
 
 ```shell
-sudo xrock maskrom rv1106_ddr_924MHz_v1.15.bin rv1106_usbplug_v1.09.bin --rc4-off
-sudo xrock version
+xrock maskrom rv1106_ddr_924MHz_v1.15.bin rv1106_usbplug_v1.09.bin --rc4-off
+xrock version
 ```
 
+- Initial ddr memory
+
+```shell
+xrock extra maskrom --rc4 off --sram rv1106_ddr_924MHz_v1.15.bin --delay 10
+```
+
+- Dump memory region in hex format by debug uart
+
+```shell
+xrock extra maskrom-dump-arm32 --rc4 off --uart 0xff4c0000 0xffff0000 1024
+```
+
+- Initial ddr memory and wirte `xstar.bin` to memory and jump to running
+
 ```shell
-sudo xrock extra maskrom --rc4 off --sram rv1106_ddr_924MHz_v1.15.bin --delay 10
-sudo xrock extra maskrom-write-arm32 --rc4 off 0x00000000 xstar.bin
-sudo xrock extra maskrom-exec-arm32 --rc4 off 0x00000000
+xrock extra maskrom --rc4 off --sram rv1106_ddr_924MHz_v1.15.bin --delay 10
+xrock extra maskrom-write-arm32 --rc4 off 0x00000000 xstar.bin
+xrock extra maskrom-exec-arm32 --rc4 off 0x00000000
 ```
 
 ### RK1808
 
 ```shell
-sudo xrock maskrom rk1808_ddr_933MHz_v1.05.bin rk1808_usbplug_v1.05.bin
-sudo xrock version
+xrock maskrom rk1808_ddr_933MHz_v1.05.bin rk1808_usbplug_v1.05.bin
+xrock version
 ```
 
 ### RK3128
 
 ```shell
-sudo xrock maskrom rk3128_ddr_300MHz_v2.12.bin rk3128_usbplug_v2.63.bin
-sudo xrock version
+xrock maskrom rk3128_ddr_300MHz_v2.12.bin rk3128_usbplug_v2.63.bin
+xrock version
 ```
 
 ### RK3288
 
 ```shell
-sudo xrock maskrom rk3288_ddr_400MHz_v1.11.bin rk3288_usbplug_v2.63.bin
-sudo xrock version
+xrock maskrom rk3288_ddr_400MHz_v1.11.bin rk3288_usbplug_v2.63.bin
+xrock version
 ```
 
 ### RK3399
 
 ```shell
-sudo xrock maskrom rk3399_ddr_800MHz_v1.25.bin rk3399_usbplug_v1.26.bin
-sudo xrock version
+xrock maskrom rk3399_ddr_800MHz_v1.25.bin rk3399_usbplug_v1.26.bin
+xrock version
 ```
 
 ### RK3399PRO
 
 ```shell
-sudo xrock maskrom rk3399pro_ddr_666MHz_v1.25.bin rk3399pro_usbplug_v1.26.bin
-sudo xrock version
+xrock maskrom rk3399pro_ddr_666MHz_v1.25.bin rk3399pro_usbplug_v1.26.bin
+xrock version
 ```
 
 ### PX30
 
 ```shell
-sudo xrock maskrom px30_ddr_333MHz_v1.16.bin px30_usbplug_v1.31.bin
-sudo xrock version
+xrock maskrom px30_ddr_333MHz_v1.16.bin px30_usbplug_v1.31.bin
+xrock version
 ```
 
 ### RK3308
 
 ```shell
-sudo xrock maskrom rk3308_ddr_589MHz_uart2_m1_v1.31.bin rk3308_usbplug_v1.27.bin
-sudo xrock version
+xrock maskrom rk3308_ddr_589MHz_uart2_m1_v1.31.bin rk3308_usbplug_v1.27.bin
+xrock version
 ```
 
 ### RK3566
 
 ```shell
-sudo xrock maskrom rk3566_ddr_1056MHz_v1.11.bin rk356x_usbplug_v1.13.bin --rc4-off
-sudo xrock version
+xrock maskrom rk3566_ddr_1056MHz_v1.11.bin rk356x_usbplug_v1.13.bin --rc4-off
+xrock version
 ```
 
 ### RK3568
 
 ```shell
-sudo xrock maskrom rk3568_ddr_1560MHz_v1.11.bin rk356x_usbplug_v1.13.bin --rc4-off
-sudo xrock version
+xrock maskrom rk3568_ddr_1560MHz_v1.11.bin rk356x_usbplug_v1.13.bin --rc4-off
+xrock version
 ```
 
 ### RK3588
 
 ```shell
-sudo xrock maskrom rk3588_ddr_lp4_2112MHz_lp5_2736MHz_v1.05.bin rk3588_usbplug_v1.07.bin --rc4-off
-sudo xrock version
+xrock maskrom rk3588_ddr_lp4_2112MHz_lp5_2736MHz_v1.05.bin rk3588_usbplug_v1.07.bin --rc4-off
+xrock version
 ```
 
 ### RK3562
 
 ```shell
-sudo xrock maskrom rk3562_ddr_1332MHz_v1.05.bin rk3562_usbplug_v1.04.bin --rc4-off
-sudo xrock version
+xrock maskrom rk3562_ddr_1332MHz_v1.05.bin rk3562_usbplug_v1.04.bin --rc4-off
+xrock version
 ```
 
 ### RK3576
 
 ```shell
-sudo xrock maskrom rk3576_ddr_lp4_2112MHz_lp5_2736MHz_v1.05.bin  rk3576_usbplug_v1.02.bin --rc4-off
-sudo xrock version
+xrock maskrom rk3576_ddr_lp4_2112MHz_lp5_2736MHz_v1.05.bin rk3576_usbplug_v1.02.bin --rc4-off
+xrock version
+```
+- Initial ddr memory
+
+```shell
+xrock extra maskrom --rc4 off --sram rk3576_ddr_lp4_2112MHz_lp5_2736MHz_v1.05.bin --delay 10
+```
+
+- Dump memory region in hex format by debug uart
+
+```shell
+xrock extra maskrom-dump-arm64 --rc4 off --uart 0x2ad40000 0x3ff81000 1024
 ```
 
 ## Links
diff --git a/main.c b/main.c
index 4a78be0..02b78fa 100644
--- a/main.c
+++ b/main.c
@@ -45,6 +45,7 @@ static void usage(void)
 
 	printf("extra:\r\n");
 	printf("    xrock extra maskrom --rc4 <on|off> [--sram <file> --delay <ms>] [--dram <file> --delay <ms>] [...]\r\n");
+	printf("    xrock extra maskrom-dump-arm32 --rc4 <on|off> --uart <register> <address> <length>\r\n");
 	printf("    xrock extra maskrom-dump-arm64 --rc4 <on|off> --uart <register> <address> <length>\r\n");
 	printf("    xrock extra maskrom-write-arm32 --rc4 <on|off> <address> <file>\r\n");
 	printf("    xrock extra maskrom-write-arm64 --rc4 <on|off> <address> <file>\r\n");
@@ -658,6 +659,54 @@ int main(int argc, char * argv[])
 			else
 				usage();
 		}
+		else if(!strcmp(argv[0], "maskrom-dump-arm32"))
+		{
+			argc -= 1;
+			argv += 1;
+			if(argc >= 2)
+			{
+				if(ctx.maskrom)
+				{
+					int rc4 = 0;
+					uint32_t uart = 0x0;
+					uint32_t addr = 0x0;
+					uint32_t len = 0x0;
+					for(int i = 0, idx = 0; i < argc; i++)
+					{
+						if(!strcmp(argv[i], "--rc4") && (argc > i + 1))
+						{
+							if(!strcmp(argv[i + 1], "on"))
+								rc4 = 1;
+							else if(!strcmp(argv[i + 1], "off"))
+								rc4 = 0;
+							i++;
+						}
+						else if(!strcmp(argv[i], "--uart") && (argc > i + 1))
+						{
+							uart = strtoul(argv[i + 1], NULL, 0);
+							i++;
+						}
+						else if(*argv[i] == '-')
+						{
+							usage();
+						}
+						else if(*argv[i] != '-' && strcmp(argv[i], "-") != 0)
+						{
+							if(idx == 0)
+								addr = strtoul(argv[i], NULL, 0);
+							else if(idx == 1)
+								len = strtoul(argv[i], NULL, 0);
+							idx++;
+						}
+					}
+					rock_maskrom_dump_arm32(&ctx, uart, addr, len, rc4);
+				}
+				else
+					printf("ERROR: The chip '%s' does not in maskrom mode\r\n", ctx.chip->name);
+			}
+			else
+				usage();
+		}
 		else if(!strcmp(argv[0], "maskrom-dump-arm64"))
 		{
 			argc -= 1;
diff --git a/payloads/dump-arm32/.gitignore b/payloads/dump-arm32/.gitignore
new file mode 100644
index 0000000..88f9697
--- /dev/null
+++ b/payloads/dump-arm32/.gitignore
@@ -0,0 +1,10 @@
+#
+# Normal rules
+#
+*~
+
+#
+# Generated files
+#
+/.obj
+/output
diff --git a/payloads/dump-arm32/Makefile b/payloads/dump-arm32/Makefile
new file mode 100644
index 0000000..58c7b4e
--- /dev/null
+++ b/payloads/dump-arm32/Makefile
@@ -0,0 +1,121 @@
+#
+# Top makefile
+#
+
+CROSS		?= arm-none-eabi-
+NAME		:= dump-arm32
+
+#
+# System environment variable.
+#
+ifeq ($(OS), Windows_NT)
+	HOSTOS		:= windows
+else
+	ifneq (,$(findstring Linux, $(shell uname -a)))
+		HOSTOS	:= linux
+	endif
+endif
+
+#
+# Load default variables.
+#
+ASFLAGS		:=	-Wall -O3 -ffunction-sections -fdata-sections -ffreestanding -std=gnu99
+CFLAGS		:=	-Wall -O3 -ffunction-sections -fdata-sections -ffreestanding -std=gnu99
+CXXFLAGS	:=	-Wall -O3 -ffunction-sections -fdata-sections -ffreestanding
+LDFLAGS		:=	-Wl,-gc-sections -T link.ld -nostartfiles -nostdinc -nostdlib
+OCFLAGS		:=	-v -O binary
+ODFLAGS		:=
+MCFLAGS		:=	-march=armv7-a -mtune=cortex-a7 -mfpu=vfpv4 -mfloat-abi=softfp -marm -mno-thumb-interwork -mno-unaligned-access -fno-stack-protector
+
+LIBDIRS		:=
+LIBS 		:=
+INCDIRS		:=
+SRCDIRS		:=
+
+#
+# Add external library
+#
+INCDIRS		+= src
+SRCDIRS		+= src
+
+#
+# You shouldn't need to change anything below this point.
+#
+AS			:= $(CROSS)gcc -x assembler-with-cpp
+CC			:= $(CROSS)gcc
+CXX			:= $(CROSS)g++
+LD			:= $(CROSS)ld
+AR			:= $(CROSS)ar
+SZ			:= $(CROSS_COMPILE)size
+OC			:= $(CROSS)objcopy
+OD			:= $(CROSS)objdump
+STRIP		:= $(CROSS_COMPILE)strip
+MKDIR		:= mkdir -p
+CP			:= cp -af
+RM			:= rm -fr
+CD			:= cd
+FIND		:= find
+
+#
+# X variables
+#
+X_ASFLAGS	:= $(MCFLAGS) $(ASFLAGS)
+X_CFLAGS	:= $(MCFLAGS) $(CFLAGS)
+X_CXXFLAGS	:= $(MCFLAGS) $(CXXFLAGS)
+X_LDFLAGS	:= $(LDFLAGS)
+X_OCFLAGS	:= $(OCFLAGS)
+X_LIBDIRS	:= $(LIBDIRS)
+X_LIBS		:= $(LIBS) -lgcc
+
+X_OUT		:= output
+X_NAME		:= $(patsubst %, $(X_OUT)/%, $(NAME))
+X_INCDIRS	:= $(patsubst %, -I %, $(INCDIRS))
+X_SRCDIRS	:= $(patsubst %, %, $(SRCDIRS))
+X_OBJDIRS	:= $(patsubst %, .obj/%, $(X_SRCDIRS))
+
+X_SFILES	:= $(foreach dir, $(X_SRCDIRS), $(wildcard $(dir)/*.S))
+X_CFILES	:= $(foreach dir, $(X_SRCDIRS), $(wildcard $(dir)/*.c))
+X_CPPFILES	:= $(foreach dir, $(X_SRCDIRS), $(wildcard $(dir)/*.cpp))
+
+X_SDEPS		:= $(patsubst %, .obj/%, $(X_SFILES:.S=.o.d))
+X_CDEPS		:= $(patsubst %, .obj/%, $(X_CFILES:.c=.o.d))
+X_CPPDEPS	:= $(patsubst %, .obj/%, $(X_CPPFILES:.cpp=.o.d))
+X_DEPS		:= $(X_SDEPS) $(X_CDEPS) $(X_CPPDEPS)
+
+X_SOBJS		:= $(patsubst %, .obj/%, $(X_SFILES:.S=.o))
+X_COBJS		:= $(patsubst %, .obj/%, $(X_CFILES:.c=.o))
+X_CPPOBJS	:= $(patsubst %, .obj/%, $(X_CPPFILES:.cpp=.o)) 
+X_OBJS		:= $(X_SOBJS) $(X_COBJS) $(X_CPPOBJS)
+
+VPATH		:= $(X_OBJDIRS)
+
+.PHONY:	all clean
+all : $(X_NAME)
+
+$(X_NAME) : $(X_OBJS)
+	@echo [LD] Linking $@.elf
+	@$(CC) $(X_LDFLAGS) $(X_LIBDIRS) -Wl,--cref,-Map=$@.map $^ -o $@.elf $(X_LIBS)
+	@echo [OC] Objcopying $@.bin
+	@$(OC) $(X_OCFLAGS) $@.elf $@.bin
+	@echo [SZ] Listing $@.elf
+	@$(SZ) $@.elf
+
+$(X_SOBJS) : .obj/%.o : %.S
+	@echo [AS] $<
+	@$(AS) $(X_ASFLAGS) -MD -MP -MF $@.d $(X_INCDIRS) -c $< -o $@
+
+$(X_COBJS) : .obj/%.o : %.c
+	@echo [CC] $<
+	@$(CC) $(X_CFLAGS) -MD -MP -MF $@.d $(X_INCDIRS) -c $< -o $@
+
+$(X_CPPOBJS) : .obj/%.o : %.cpp
+	@echo [CXX] $<
+	@$(CXX) $(X_CXXFLAGS) -MD -MP -MF $@.d $(X_INCDIRS) -c $< -o $@
+
+clean:
+	@$(RM) .obj $(X_OUT)
+
+#
+# Include the dependency files, should be place the last of makefile
+#
+sinclude $(shell $(MKDIR) $(X_OBJDIRS) $(X_OUT)) $(X_DEPS)
diff --git a/payloads/dump-arm32/link.ld b/payloads/dump-arm32/link.ld
new file mode 100644
index 0000000..dc69edc
--- /dev/null
+++ b/payloads/dump-arm32/link.ld
@@ -0,0 +1,123 @@
+OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm")
+OUTPUT_ARCH(arm)
+ENTRY(_start)
+
+STACK_UND_SIZE = 0x010;
+STACK_ABT_SIZE = 0x010;
+STACK_IRQ_SIZE = 0x010;
+STACK_FIQ_SIZE = 0x010;
+STACK_SRV_SIZE = 0x010;
+
+MEMORY
+{
+	ram : org = 0x00000000, len = 0x00004000	/* 16KB */
+}
+
+SECTIONS
+{
+	.text :
+	{
+		PROVIDE(__image_start = .);
+		PROVIDE(__text_start = .);
+		.obj/src/start.o
+		.obj/src/hexdump.o
+		*libgcc.a:*.o (.text*)
+		*(.text*)
+		*(.glue*)
+		*(.note.gnu.build-id)
+		PROVIDE(__text_end = .);
+	} > ram
+
+	.ARM.exidx ALIGN(8) :
+	{
+		PROVIDE (__exidx_start = .);
+		*(.ARM.exidx*)
+		PROVIDE (__exidx_end = .);
+	} > ram
+
+	.ARM.extab ALIGN(8) :
+	{
+		PROVIDE (__extab_start = .);
+		*(.ARM.extab*)
+		PROVIDE (__extab_end = .);
+	} > ram
+
+	.ksymtab ALIGN(16) :
+	{
+		PROVIDE(__ksymtab_start = .);
+		KEEP(*(.ksymtab.text))
+		PROVIDE(__ksymtab_end = .);
+	} > ram
+
+	.romdisk ALIGN(8) :
+	{
+		PROVIDE(__romdisk_start = .);
+		KEEP(*(.romdisk))
+		PROVIDE(__romdisk_end = .);
+	} > ram
+
+	.rodata ALIGN(8) :
+	{
+		PROVIDE(__rodata_start = .);
+		*(SORT_BY_ALIGNMENT(SORT_BY_NAME(.rodata*)))
+		PROVIDE(__rodata_end = .);
+	} > ram
+
+	.data ALIGN(8) :
+	{
+		PROVIDE(__data_start = .);
+		*(.data*)
+		. = ALIGN(8);
+  		PROVIDE(__data_end = .);
+		PROVIDE(__image_end = .);
+	} > ram
+
+	.bss ALIGN(8) (NOLOAD) :
+	{
+		PROVIDE(__bss_start = .);
+		*(.bss*)
+		*(.sbss*)
+		*(COMMON)
+		. = ALIGN(8);
+		PROVIDE(__bss_end = .);
+	} > ram
+
+	.stack ALIGN(8) (NOLOAD) :
+	{
+		PROVIDE(__stack_start = .);
+		PROVIDE(__stack_und_start = .);
+		. += STACK_UND_SIZE;
+		PROVIDE(__stack_und_end = .);
+		. = ALIGN(8);
+		PROVIDE(__stack_abt_start = .);
+		. += STACK_ABT_SIZE;
+		PROVIDE(__stack_abt_end = .);
+		. = ALIGN(8);
+		PROVIDE(__stack_irq_start = .);
+		. += STACK_IRQ_SIZE;
+		PROVIDE(__stack_irq_end = .);
+		. = ALIGN(8);
+		PROVIDE(__stack_fiq_start = .);
+		. += STACK_FIQ_SIZE;
+		PROVIDE(__stack_fiq_end = .);
+		. = ALIGN(8);
+		PROVIDE(__stack_srv_start = .);
+		. += STACK_SRV_SIZE;
+		PROVIDE(__stack_srv_end = .);
+		. = ALIGN(8);
+		PROVIDE(__stack_end = .);
+	} > ram
+
+	.stab 0 : { *(.stab) }
+	.stabstr 0 : { *(.stabstr) }
+	.stab.excl 0 : { *(.stab.excl) }
+	.stab.exclstr 0 : { *(.stab.exclstr) }
+	.stab.index 0 : { *(.stab.index) }
+	.stab.indexstr 0 : { *(.stab.indexstr) }
+	.comment 0 : { *(.comment) }
+	.debug_abbrev 0 : { *(.debug_abbrev) }
+	.debug_info 0 : { *(.debug_info) }
+	.debug_line 0 : { *(.debug_line) }
+	.debug_pubnames 0 : { *(.debug_pubnames) }
+	.debug_aranges 0 : { *(.debug_aranges) }
+}
diff --git a/payloads/dump-arm32/src/hexdump.c b/payloads/dump-arm32/src/hexdump.c
new file mode 100644
index 0000000..29cb251
--- /dev/null
+++ b/payloads/dump-arm32/src/hexdump.c
@@ -0,0 +1,57 @@
+extern void sys_uart_putc(char c);
+
+static inline unsigned char tohex(unsigned char v)
+{
+	return ((v < 10) ? (v + '0') : (v - 10 + 'a'));
+}
+
+void hexdump(unsigned long base, void * buf, int len)
+{
+	unsigned long o = (unsigned long)base;
+	unsigned char * p = (unsigned char *)buf;
+	for(int n = 0; n < len; n += 16, o += 16)
+	{
+		sys_uart_putc(tohex((o >> 28) & 0xf));
+		sys_uart_putc(tohex((o >> 24) & 0xf));
+		sys_uart_putc(tohex((o >> 20) & 0xf));
+		sys_uart_putc(tohex((o >> 16) & 0xf));
+		sys_uart_putc(tohex((o >> 12) & 0xf));
+		sys_uart_putc(tohex((o >>  8) & 0xf));
+		sys_uart_putc(tohex((o >>  4) & 0xf));
+		sys_uart_putc(tohex((o >>  0) & 0xf));
+		sys_uart_putc(':');
+		sys_uart_putc(' ');
+		for(int i = 0; i < 16; i++)
+		{
+			if(n + i < len)
+			{
+				unsigned char c = p[n + i];
+				sys_uart_putc(tohex((c >> 4) & 0xf));
+				sys_uart_putc(tohex((c >> 0) & 0xf));
+				sys_uart_putc(' ');
+			}
+			else
+			{
+				sys_uart_putc(' ');
+				sys_uart_putc(' ');
+				sys_uart_putc(' ');
+			}
+		}
+		sys_uart_putc('|');
+		for(int i = 0; i < 16; i++)
+		{
+			if(n + i >= len)
+				sys_uart_putc(' ');
+			else
+			{
+				unsigned char c = p[n + i];
+				if(((unsigned int)c - 0x20) < 0x5f)
+					sys_uart_putc(c);
+				else
+					sys_uart_putc('.');
+			}
+		}
+		sys_uart_putc('\r');
+		sys_uart_putc('\n');
+	}
+}
diff --git a/payloads/dump-arm32/src/start.S b/payloads/dump-arm32/src/start.S
new file mode 100644
index 0000000..8189ce0
--- /dev/null
+++ b/payloads/dump-arm32/src/start.S
@@ -0,0 +1,67 @@
+.text
+	.arm
+
+	.global _start
+_start:
+	mov r0, #0
+	mcr p15, 0, r0, c8, c7, 0
+	mcr p15, 0, r0, c7, c5, 0
+	mcr p15, 0, r0, c7, c5, 6
+	mcr p15, 0, r0, c7, c10, 4
+	mcr p15, 0, r0, c7, c5, 4
+	b reset
+
+	.align 2
+_uart_address:
+	.long 0xff4c0000
+_dump_address:
+	.long 0x00000000
+_dump_size:
+	.long 0x00000000
+
+	.align 2
+_maskrom:
+	.long 0x0, 0x0, 0x0, 0x0, 0x0, 0x0
+
+reset:
+	adr r0, _maskrom
+	str sp, [r0, #0]
+	str lr, [r0, #4]
+	mrs lr, cpsr
+	str lr, [r0, #8]
+	mrc p15, 0, lr, c1, c0, 0
+	str lr, [r0, #12]
+	mrc p15, 0, lr, c12, c0, 0
+	str lr, [r0, #16]
+	mrc p15, 0, lr, c1, c0, 0
+	str lr, [r0, #20]
+
+	ldr r0, _dump_address
+	ldr r1, _dump_address
+	ldr r2, _dump_size
+	bl hexdump
+
+	adr r0, _maskrom
+	ldr sp, [r0, #0]
+	ldr lr, [r0, #4]
+	ldr r1, [r0, #20]
+	mcr p15, 0, r1, c1, c0, 0
+	ldr r1, [r0, #16]
+	mcr p15, 0, r1, c12, c0, 0
+	ldr r1, [r0, #12]
+	mcr p15, 0, r1, c1, c0, 0
+	ldr r1, [r0, #8]
+	msr cpsr, r1
+	bx lr
+
+	.global sys_uart_putc
+sys_uart_putc:
+	ldr r1, _uart_address
+wait:
+	add	r2, r1, #0x7c
+	ldr r2, [r2]
+	and	r2, r2, #0x2
+	cmp	r2, #0x0
+	beq wait
+	str r0, [r1]
+	bx lr
diff --git a/payloads/dump-arm64/src/hexdump.c b/payloads/dump-arm64/src/hexdump.c
index 1b6cab3..29cb251 100644
--- a/payloads/dump-arm64/src/hexdump.c
+++ b/payloads/dump-arm64/src/hexdump.c
@@ -55,4 +55,3 @@ void hexdump(unsigned long base, void * buf, int len)
 		sys_uart_putc('\n');
 	}
 }
-
diff --git a/rock.c b/rock.c
index f21eb00..35565e6 100644
--- a/rock.c
+++ b/rock.c
@@ -188,6 +188,84 @@ void rock_maskrom_upload_file(struct xrock_ctx_t * ctx, uint32_t code, const cha
 	}
 }
 
+void rock_maskrom_dump_arm32(struct xrock_ctx_t * ctx, uint32_t uart, uint32_t addr, uint32_t len, int rc4)
+{
+	static uint8_t payload[] = {
+		0x00, 0x00, 0xa0, 0xe3, 0x17, 0x0f, 0x08, 0xee, 0x15, 0x0f, 0x07, 0xee,
+		0xd5, 0x0f, 0x07, 0xee, 0x9a, 0x0f, 0x07, 0xee, 0x95, 0x0f, 0x07, 0xee,
+		0x08, 0x00, 0x00, 0xea, 0x00, 0x00, 0x4c, 0xff, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x4f, 0xe2, 0x00, 0xd0, 0x80, 0xe5,
+		0x04, 0xe0, 0x80, 0xe5, 0x00, 0xe0, 0x0f, 0xe1, 0x08, 0xe0, 0x80, 0xe5,
+		0x10, 0xef, 0x11, 0xee, 0x0c, 0xe0, 0x80, 0xe5, 0x10, 0xef, 0x1c, 0xee,
+		0x10, 0xe0, 0x80, 0xe5, 0x10, 0xef, 0x11, 0xee, 0x14, 0xe0, 0x80, 0xe5,
+		0x54, 0x00, 0x1f, 0xe5, 0x58, 0x10, 0x1f, 0xe5, 0x58, 0x20, 0x1f, 0xe5,
+		0x1b, 0x00, 0x00, 0xeb, 0x5c, 0x00, 0x4f, 0xe2, 0x00, 0xd0, 0x90, 0xe5,
+		0x04, 0xe0, 0x90, 0xe5, 0x14, 0x10, 0x90, 0xe5, 0x10, 0x1f, 0x01, 0xee,
+		0x10, 0x10, 0x90, 0xe5, 0x10, 0x1f, 0x0c, 0xee, 0x0c, 0x10, 0x90, 0xe5,
+		0x10, 0x1f, 0x01, 0xee, 0x08, 0x10, 0x90, 0xe5, 0x01, 0xf0, 0x29, 0xe1,
+		0x1e, 0xff, 0x2f, 0xe1, 0x98, 0x10, 0x1f, 0xe5, 0x7c, 0x20, 0x81, 0xe2,
+		0x00, 0x20, 0x92, 0xe5, 0x02, 0x20, 0x02, 0xe2, 0x00, 0x00, 0x52, 0xe3,
+		0xfa, 0xff, 0xff, 0x0a, 0x00, 0x00, 0x81, 0xe5, 0x1e, 0xff, 0x2f, 0xe1,
+		0x41, 0x1e, 0x00, 0x00, 0x00, 0x61, 0x65, 0x61, 0x62, 0x69, 0x00, 0x01,
+		0x14, 0x00, 0x00, 0x00, 0x05, 0x37, 0x2d, 0x41, 0x00, 0x06, 0x0a, 0x07,
+		0x41, 0x08, 0x01, 0x09, 0x02, 0x0a, 0x05, 0x00, 0xf8, 0x4f, 0x2d, 0xe9,
+		0x00, 0x70, 0x52, 0xe2, 0xf8, 0x8f, 0xbd, 0xd8, 0x01, 0xa0, 0x47, 0xe2,
+		0x00, 0x90, 0xa0, 0xe1, 0x0f, 0xa0, 0xca, 0xe3, 0x01, 0x80, 0xa0, 0xe1,
+		0x10, 0x60, 0xa0, 0xe3, 0x20, 0xa0, 0x8a, 0xe2, 0x16, 0x02, 0x79, 0xe3,
+		0x10, 0x50, 0x46, 0xe2, 0x29, 0x0e, 0xa0, 0xe1, 0x05, 0xb0, 0xa0, 0xe1,
+		0x30, 0x00, 0x80, 0x92, 0x57, 0x00, 0x80, 0x82, 0xdf, 0xff, 0xff, 0xeb,
+		0x59, 0x0c, 0xe3, 0xe7, 0x09, 0x00, 0x50, 0xe3, 0x30, 0x00, 0x80, 0x92,
+		0x57, 0x00, 0x80, 0x82, 0xda, 0xff, 0xff, 0xeb, 0x59, 0x0a, 0xe3, 0xe7,
+		0x09, 0x00, 0x50, 0xe3, 0x30, 0x00, 0x80, 0x92, 0x57, 0x00, 0x80, 0x82,
+		0xd5, 0xff, 0xff, 0xeb, 0x59, 0x08, 0xe3, 0xe7, 0x09, 0x00, 0x50, 0xe3,
+		0x30, 0x00, 0x80, 0x92, 0x57, 0x00, 0x80, 0x82, 0xd0, 0xff, 0xff, 0xeb,
+		0x59, 0x06, 0xe3, 0xe7, 0x09, 0x00, 0x50, 0xe3, 0x30, 0x00, 0x80, 0x92,
+		0x57, 0x00, 0x80, 0x82, 0xcb, 0xff, 0xff, 0xeb, 0x59, 0x04, 0xe3, 0xe7,
+		0x09, 0x00, 0x50, 0xe3, 0x30, 0x00, 0x80, 0x92, 0x57, 0x00, 0x80, 0x82,
+		0xc6, 0xff, 0xff, 0xeb, 0x59, 0x02, 0xe3, 0xe7, 0x09, 0x00, 0x50, 0xe3,
+		0x30, 0x00, 0x80, 0x92, 0x57, 0x00, 0x80, 0x82, 0xc1, 0xff, 0xff, 0xeb,
+		0x0f, 0x00, 0x09, 0xe2, 0x09, 0x00, 0x50, 0xe3, 0x30, 0x00, 0x80, 0x92,
+		0x57, 0x00, 0x80, 0x82, 0xbc, 0xff, 0xff, 0xeb, 0x3a, 0x00, 0xa0, 0xe3,
+		0xba, 0xff, 0xff, 0xeb, 0x20, 0x00, 0xa0, 0xe3, 0xb8, 0xff, 0xff, 0xeb,
+		0x0f, 0x00, 0x00, 0xea, 0x0b, 0x40, 0xd8, 0xe7, 0x24, 0x32, 0xa0, 0xe1,
+		0x9f, 0x00, 0x54, 0xe3, 0x57, 0x00, 0x83, 0xe2, 0x0f, 0x40, 0x04, 0xe2,
+		0x30, 0x00, 0x83, 0x92, 0xb0, 0xff, 0xff, 0xeb, 0x09, 0x00, 0x54, 0xe3,
+		0x57, 0x00, 0x84, 0xe2, 0x30, 0x00, 0x84, 0x92, 0x01, 0xb0, 0x8b, 0xe2,
+		0xab, 0xff, 0xff, 0xeb, 0x20, 0x00, 0xa0, 0xe3, 0xa9, 0xff, 0xff, 0xeb,
+		0x0b, 0x00, 0x56, 0xe1, 0x05, 0x00, 0x00, 0x0a, 0x0b, 0x00, 0x57, 0xe1,
+		0xed, 0xff, 0xff, 0xca, 0x20, 0x00, 0xa0, 0xe3, 0xa3, 0xff, 0xff, 0xeb,
+		0x20, 0x00, 0xa0, 0xe3, 0xf3, 0xff, 0xff, 0xea, 0x7c, 0x00, 0xa0, 0xe3,
+		0x9f, 0xff, 0xff, 0xeb, 0x08, 0x00, 0x00, 0xea, 0x05, 0x30, 0xd8, 0xe7,
+		0x2e, 0x00, 0xa0, 0xe3, 0x01, 0x50, 0x85, 0xe2, 0x20, 0x20, 0x43, 0xe2,
+		0x5e, 0x00, 0x52, 0xe3, 0x03, 0x00, 0xa0, 0x91, 0x97, 0xff, 0xff, 0xeb,
+		0x05, 0x00, 0x56, 0xe1, 0x06, 0x00, 0x00, 0x0a, 0x05, 0x00, 0x57, 0xe1,
+		0xf4, 0xff, 0xff, 0xca, 0x20, 0x00, 0xa0, 0xe3, 0x01, 0x50, 0x85, 0xe2,
+		0x90, 0xff, 0xff, 0xeb, 0x05, 0x00, 0x56, 0xe1, 0xf8, 0xff, 0xff, 0x1a,
+		0x0d, 0x00, 0xa0, 0xe3, 0x10, 0x60, 0x86, 0xe2, 0x10, 0x90, 0x89, 0xe2,
+		0x8a, 0xff, 0xff, 0xeb, 0x0a, 0x00, 0xa0, 0xe3, 0x88, 0xff, 0xff, 0xeb,
+		0x06, 0x00, 0x5a, 0xe1, 0x9f, 0xff, 0xff, 0x1a, 0xf8, 0x8f, 0xbd, 0xe8,
+		0x47, 0x43, 0x43, 0x3a, 0x20, 0x28, 0x31, 0x35, 0x3a, 0x39, 0x2d, 0x32,
+		0x30, 0x31, 0x39, 0x2d, 0x71, 0x34, 0x2d, 0x30, 0x75, 0x62, 0x75, 0x6e,
+		0x74, 0x75, 0x31, 0x29, 0x20, 0x39, 0x2e, 0x32, 0x2e, 0x31, 0x20, 0x32,
+		0x30, 0x31, 0x39, 0x31, 0x30, 0x32, 0x35, 0x20, 0x28, 0x72, 0x65, 0x6c,
+		0x65, 0x61, 0x73, 0x65, 0x29, 0x20, 0x5b, 0x41, 0x52, 0x4d, 0x2f, 0x61,
+		0x72, 0x6d, 0x2d, 0x39, 0x2d, 0x62, 0x72, 0x61, 0x6e, 0x63, 0x68, 0x20,
+		0x72, 0x65, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x20, 0x32, 0x37, 0x37,
+		0x35, 0x39, 0x39, 0x5d, 0x00, 0x41, 0x2e, 0x00, 0x00, 0x00, 0x61, 0x65,
+		0x61, 0x62, 0x69, 0x00, 0x01, 0x24, 0x00, 0x00, 0x00, 0x05, 0x37, 0x2d,
+		0x41, 0x00, 0x06, 0x0a, 0x07, 0x41, 0x08, 0x01, 0x09, 0x02, 0x0a, 0x05,
+		0x12, 0x04, 0x14, 0x01, 0x15, 0x01, 0x17, 0x03, 0x18, 0x01, 0x19, 0x01,
+		0x1a, 0x01, 0x1e, 0x02,
+	};
+
+	put_unaligned_le32(&payload[0x1c], uart);
+	put_unaligned_le32(&payload[0x20], addr);
+	put_unaligned_le32(&payload[0x24], len);
+	rock_maskrom_upload_memory(ctx, 0x471, payload, sizeof(payload), rc4);
+}
+
 void rock_maskrom_dump_arm64(struct xrock_ctx_t * ctx, uint32_t uart, uint32_t addr, uint32_t len, int rc4)
 {
 	static uint8_t payload[] = {
diff --git a/rock.h b/rock.h
index be0b460..8ebfc2f 100644
--- a/rock.h
+++ b/rock.h
@@ -71,6 +71,7 @@ struct flash_info_t {
 int xrock_init(struct xrock_ctx_t * ctx);
 void rock_maskrom_upload_memory(struct xrock_ctx_t * ctx, uint32_t code, void * buf, uint64_t len, int rc4);
 void rock_maskrom_upload_file(struct xrock_ctx_t * ctx, uint32_t code, const char * filename, int rc4);
+void rock_maskrom_dump_arm32(struct xrock_ctx_t * ctx, uint32_t uart, uint32_t addr, uint32_t len, int rc4);
 void rock_maskrom_dump_arm64(struct xrock_ctx_t * ctx, uint32_t uart, uint32_t addr, uint32_t len, int rc4);
 void rock_maskrom_write_arm32_progress(struct xrock_ctx_t * ctx, uint32_t addr, void * buf, size_t len, int rc4);
 void rock_maskrom_write_arm64_progress(struct xrock_ctx_t * ctx, uint32_t addr, void * buf, size_t len, int rc4);