Tiens, le code de TIOSMOD (merci Lionel) pour t'aider :

    // 1b) Disable Flash execution protection:
    //         * on HW2+, by setting a higher value in port 700012;
    //         * on HW1, by turning reads from three stealth I/O ranges to writes to those ranges.
    {
        // * HW2+: 1 direct write early in the reset code.
        temp = ROM_base + 0x12188;
        Seek(temp);
        temp = SearchLong(UINT32_C(0x700012));
        printf("Killing Flash execution protection initialization at %06" PRIX32 "\n", temp - 8);
        PutShort(0x003F, temp - 6);
        // * HW1: three references to the stealth I/O ports in the early reset code
        PutShort(0x33C0, temp - 26);
        PutShort(0x33C0, temp - 20);
        PutShort(0x33C0, temp - 14);
        // * HW2+: 1 reference in a subroutine of the trap #$B, function $10 handler.
        temp = GetAMSTrapBFunction(0x10);
        printf("Killing Flash execution protection update at %06" PRIX32 "\n", temp);
        Seek(temp);
        WriteLong(UINT32_C(0x33FC003F));
        WriteLong(UINT32_C(0x700012));
        WriteShort(0x4E75);
    }