Here is the code from the USB_UpdateCreatePartitionWithImage routine:
Code:
.text:00009B04 MOV R0, R4
.text:00009B08 LDR R1, =signature_5
.text:00009B0C BL check_signature ; ############# HERE ##########
.text:00009B10 CMP R0, #0
.text:00009B14 BEQ checksum_ok
.text:00009B18
.text:00009B18 checksum_bad ; CODE XREF: USB_UpdateCreatePartitionWithImage+330j
.text:00009B18 LDR R5, =USB_FskErr_2
.text:00009B1C MVN R3, #4
.text:00009B20
.text:00009B20 loc_9B20 ; CODE XREF: USB_UpdateCreatePartitionWithImage+360j
.text:00009B20 STR R3, [R5]
.text:00009B24
.text:00009B24 loc_9B24 ; CODE XREF: USB_UpdateCreatePartitionWithImage+348j
.text:00009B24 LDR R0, =aTmpImage ; remove temp file of image to flash
.text:00009B28 BL _unlink
.text:00009B2C MOV R2, #0x1000 ; size_t
.text:00009B30 MOV R1, #0 ; int
.text:00009B34 MOV R0, R7 ; void *
.text:00009B38 BL _memset
.text:00009B3C LDR R1, [R5]
.text:00009B40 MOV R2, #0
.text:00009B44 MOV R3, #0xC
.text:00009B48 STR R3, [R7,#0xC]
.text:00009B4C STR R1, [R7,#0x14]
.text:00009B50 STR R2, [R7,#8]
.text:00009B54 STR R2, [R7,#0x18]
.text:00009B58 B loc_99F8 ; jump to error routine
.text:00009B5C ; ---------------------------------------------------------------------------
.text:00009B5C
.text:00009B5C checksum_ok ; CODE XREF: USB_UpdateCreatePartitionWithImage+2D8j
The actual flashing is done through the external nblsdm tool (attached). Igor wrote some more about the use of nblsdm in
this thread.