[*] Binary protection state of keyctl
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of keyctl
ldr r0, [0x00001bec]
ldr r5, [r3, r4]
add r0, pc
ldr r4, [0x00001bf0]
ldr r6, [0x00001bf4]
ldr r3, [r5]
ldr r7, [0x00001bf8]
add r4, pc
blx sym.imp.fwrite
ldr r3, [0x00001bfc]
add r6, pc
add r7, pc
add r3, pc
b 0x1b1e
ldr r6, [r4, 8]
ldr r0, [r5]
mov r2, r7
movs r1, 1
adds r4, 0xc
str r6, [sp]
blx sym.imp.__fprintf_chk
ldr r3, [r4, 4]
cmp r3, 0
--
ldr r3, [sp, 0xc]
eors r2, r3
mov.w r3, 0
bne 0x1d60
add sp, 0x10
pop {r4, r5, r6, pc}
movs r2, 0
add r1, sp, 8
blx sym.imp.strtoul
ldr r3, [sp, 8]
ldrb r3, [r3]
cmp r3, 0
beq 0x1c84
ldr r2, [0x00001d98]
ldr r0, [0x00001d9c]
add r2, pc
ldr r0, [r5, r0]
mov r3, r4
movs r1, 1
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
movs r1, 1
ldr r3, [r5, r3]
add r0, pc
ldr r3, [r3]
blx sym.imp.fwrite
movs r0, 2
blx sym.imp.exit
blx sym.imp.__stack_chk_fail
ldr r2, [0x00001dc4]
ldr r0, [0x00001d9c]
add r2, pc
b 0x1cb2
ldr r1, [0x00001d9c]
mov r3, r6
ldr r2, [0x00001dc8]
ldr r0, [r5, r1]
movs r1, 1
str r4, [sp]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 1
blx sym.imp.exit
--
mov r6, r0
ldr r0, [r4, 8]
blx sym.imp.strtoul
ldr r3, [sp]
mov r1, r0
ldrb r7, [r3]
cbnz r7, 0x203c
mov r0, r6
blx sym.imp.keyctl_set_timeout
cmp r0, 0
blt 0x2054
mov r0, r7
blx sym.imp.exit
ldr r0, [0x00002068]
movs r1, 1
ldr r2, [0x0000206c]
ldr r3, [r4, 8]
ldr r0, [r5, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
ite ne
movne r1, 0x76
moveq r1, 0x2d
str r1, [sp, 0x58]
ldr r1, [0x000023ac]
str r0, [sp, 0x54]
movs r0, 1
strd r6, r7, [sp, 4]
add r1, pc
str.w ip, [sp]
blx sym.imp.__printf_chk
mov r0, r5
blx sym.imp.exit
ldr r0, [0x000023b0]
mov r3, r6
ldr r2, [0x000023b4]
movs r1, 1
ldr r0, [r4, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 3
blx sym.imp.exit
--
strb.w r2, [sl, 0x1a]
strb.w r2, [sl, 0x1b]
ldr r2, [sp, 0x30]
add r2, r1
strb r3, [r2, 0x18]
b 0x2702
ldr r1, [0x0000280c]
add r1, pc
b 0x2650
ldr r1, [0x00002810]
add r1, pc
b 0x2744
blx sym.imp.__stack_chk_fail
ldr r0, [0x00002814]
mov r3, r4
ldr r2, [0x00002818]
movs r1, 1
ldr r0, [r7, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 3
blx sym.imp.exit
--
b 0x296e
ldr r0, [0x000029ec]
add r0, pc
blx sym.imp.puts
mov r0, r4
blx sym.imp.exit
mov r0, r4
blx sym.imp.exit
ldr r0, [0x000029f0]
add r0, pc
bl 0x1dcc
mov fp, r6
ldr r0, [0x000029f4]
ldr r6, [sp, 0x1c]
mov r3, fp
ldr r2, [0x000029f8]
movs r1, 1
ldr r0, [r6, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 3
blx sym.imp.exit
--
mov r6, r0
ldr r0, [r4, 8]
blx sym.imp.strtoul
ldr r3, [sp]
mov r1, r0
ldrb r7, [r3]
cbnz r7, 0x2a4c
mov r0, r6
blx sym.imp.keyctl_setperm
cmp r0, 0
blt 0x2a64
mov r0, r7
blx sym.imp.exit
ldr r0, [0x00002a78]
movs r1, 1
ldr r2, [0x00002a7c]
ldr r3, [r4, 8]
ldr r0, [r5, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
beq 0x2ad2
ldr r7, [r1, 4]
mov r5, r1
ldr r1, [0x00002b1c]
mov r0, r7
add r1, pc
blx sym.imp.strcmp
cmp r0, 0
ite ne
movne r0, r7
moveq r0, 0
blx sym.imp.keyctl_join_session_keyring
subs r3, r0, 0
blt 0x2b08
ldr r2, [0x00002b20]
ldr r1, [r6, r2]
ldr r2, [0x00002b24]
ldr r0, [r1]
movs r1, 1
add r2, pc
blx sym.imp.__fprintf_chk
cmp r4, 2
beq 0x2aec
ldr r0, [r5, 8]
add.w r1, r5, 8
blx sym.imp.execvp
ldr r0, [r5, 8]
bl 0x1dcc
movs r0, 0
blx sym.imp.keyctl_join_session_keyring
subs r3, r0, 0
blt 0x2b08
ldr r0, [0x00002b20]
mov r1, r4
ldr r2, [0x00002b28]
ldr r0, [r6, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
ldr r0, [0x00002b2c]
add r0, pc
--
ldr r0, [r4, 0x10]
bl 0x1c2c
mov r2, r7
mov r3, r0
mov r1, sb
mov r0, r6
blx sym.imp.keyctl_reject
cmp r0, 0
blt 0x2d86
movs r0, 0
blx sym.imp.exit
movs r7, 0x81
b 0x2d4e
ldr r2, [0x00002dc8]
ldr r0, [0x00002dcc]
ldr r3, [r4, 8]
add r2, pc
ldr r0, [r5, r0]
movs r1, 1
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
add r2, pc
ldr r3, [r2, r3]
ldr r2, [r3]
ldr r3, [sp, 0x5c]
eors r2, r3
mov.w r3, 0
bne 0x317a
mov r0, r4
add sp, 0x64
pop.w {r4, r5, r6, r7, r8, sb, pc}
mov r0, r7
bl 0x1dcc
blx sym.imp.__stack_chk_fail
ldr r0, [0x000031b0]
mov r3, r7
ldr r2, [0x000031b4]
movs r1, 1
ldr.w r0, [r8, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 1
blx sym.imp.exit
--
ldrb.w r8, [r3]
cmp.w r8, 0
bne 0x39fc
ldr r0, [r4, 0xc]
bl 0x1c2c
mov r1, r7
mov r2, r0
mov r0, r6
blx sym.imp.keyctl_negate
cmp r0, 0
blt 0x3a14
mov r0, r8
blx sym.imp.exit
ldr r0, [0x00003a28]
movs r1, 1
ldr r2, [0x00003a2c]
ldr r3, [r4, 8]
ldr r0, [r5, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
movs r0, 0
blx sym.imp.exit
ldr r0, [0x00003b64]
add r0, pc
bl 0x1dcc
ldr r0, [r5, 8]
movs r2, 0
mov r1, sp
blx sym.imp.strtoul
ldr r3, [sp]
ldrb r3, [r3]
cmp r3, 0
beq 0x3b06
ldr r0, [0x00003b68]
movs r1, 1
ldr r2, [0x00003b6c]
ldr r3, [r5, 8]
ldr r0, [r6, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
ldr r0, [r4, 8]
blx sym.imp.strtoul
ldr r3, [sp]
mov r1, r0
ldrb r7, [r3]
cbnz r7, 0x3f08
mov.w r2, -1
mov r0, r6
blx sym.imp.keyctl_chown
cmp r0, 0
blt 0x3f20
mov r0, r7
blx sym.imp.exit
ldr r0, [0x00003f34]
movs r1, 1
ldr r2, [0x00003f38]
ldr r3, [r4, 8]
ldr r0, [r5, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
ldr r0, [r4, 8]
blx sym.imp.strtoul
ldr r3, [sp]
mov r2, r0
ldrb r7, [r3]
cbnz r7, 0x3f90
mov.w r1, -1
mov r0, r6
blx sym.imp.keyctl_chown
cmp r0, 0
blt 0x3fa8
mov r0, r7
blx sym.imp.exit
ldr r0, [0x00003fbc]
movs r1, 1
ldr r2, [0x00003fc0]
ldr r3, [r4, 8]
ldr r0, [r5, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
[*] Function fprintf used 16 times keyctl
