Write protected? That's possible, yes. I did some quick digging and though I can't guarantee anything, I think I found a piece of pretty independent code which will tell you if the card is write protected or not. sub_91C774(long *wp) (called on ROM:91BCFC) should return 1 (protected) or 0 (not protected) in wp.
I found this by backtracking from the string [CF] WriteProtect=%d, RotatingDevice=%d, which is not identified by itself (IDA identified WriteProtect........ and not the preceding [CF] with lots of spaces and tabs). That string is referenced at ROM:918B08 and then sent to some (probably) kind of printing/logging routine, which seems to have all it's arguments on the stack. Strings without values get five null values written on the stack anyway, and this one as R10 written as the first stack variable. R10 is assigned from R2 (ROM:918AD0) which is assigned from the calling routine (ROM:91C008 and further back) by "LDR R2, [SP,#0x20]". Right before calling sub_91C774 I was talking about, "ADD R0, SP, #0x20" happens and inside sub_91C774 a value is written into (effective) [R0].
Just in case anyone wants to backtrack/verify my findings before blindly executing something which I'm not 100% sure of it does only what it suggests and actually works.
mx3: I'm pretty sure the A:/ (with colon) syntax is correct, I saw this string in the firmware, prepended to some 'input filename, please' result and then fed into open(). Maybe the drive number is different indeed. I also saw some references to B:.
