EMBA firmware report

[*] Binary protection state of stm32flash

  	Full RELRO     Canary found      NX enabled   PIE enabled  No RPATH     No RUNPATH   No Symbols

[*] Function printf tear down of stm32flash

mov r0, r4

blx sym.imp.tcgetattr

mov r0, r4

add sp, 8

pop {r4, pc}

ldr r0, [0x0000207c]

add r0, pc

bx lr

nop

strb r4, [r2, 4]

movs r1, r0

subs r0, 0x24

movs r0, r0

subs r0, 6

movs r0, r0

ldr r3, [r0, 0x28]

cbz r3, 0x2098

push {r4, lr}

mov r4, r2

ldr r0, [r3]

blx sym.imp.__fprintf_chk

cmp r4, r0

ite ne

--

movs r0, 3

bx lr

ldr r3, [r0, 0x28]

cbz r3, 0x20b4

push {r4, lr}

mov r4, r2

ldr r0, [r3]

blx 0xfa0

cmp r4, r0

ite ne

movne r0, 3

moveq r0, 0

pop {r4, pc}

movs r0, 3

bx lr

push {r3, r4, r5, lr}

ldr r5, [r0, 0x28]

cbz r5, 0x20d4

mov r4, r0

ldr r0, [r5]

blx sym.imp.__snprintf_chk

mov r0, r5

blx 0xfc8

--

b 0x2164

ldr r0, [0x00002234]

movs r2, 0x25

ldr r3, [0x0000222c]

add r0, pc

ldr.w r3, [r8, r3]

movs r1, 1

ldr r3, [r3]

blx sym.imp.ioctl

movs r0, 3

b 0x2164

ldr r3, [0x0000222c]

movs r2, 0x2a

ldr r0, [0x00002238]

movs r1, 1

ldr.w r3, [r8, r3]

add r0, pc

ldr r3, [r3]

blx sym.imp.ioctl

mov r0, sl

blx sym.imp.__snprintf_chk

mov r0, r6

blx 0xfc8

movs r0, 3

b 0x2164

ldr r3, [0x0000222c]

ldr.w r3, [r8, r3]

ldr r4, [r3]

blx sym.imp.__sprintf_chk

ldr r2, [0x0000223c]

add r2, pc

ldr r3, [r0]

movs r1, 1

mov r0, r4

blx sym.imp.sigemptyset

b 0x21cc

ldr r3, [0x0000222c]

ldr.w r3, [r8, r3]

ldr r4, [r3]

blx sym.imp.__sprintf_chk

ldr r2, [0x00002240]

add r2, pc

--

adds r7, 6

movs r0, r0

adds r7, 0x32

movs r0, r0

adds r6, 0xa8

movs r0, r0

push {r3, r4, r5, r6, r7, lr}

mov r4, r1

ldr r6, [0x000022ac]

movs r1, 1

mov r7, r0

blx sym.imp.__ctype_b_loc

subs r5, r0, 0

add r6, pc

blt 0x227a

mov r0, r4

blx sym.imp.strchr

mov r1, r4

mov r2, r0

mov r0, r5

blx sym.imp.__fprintf_chk

cmp r0, 0

blt 0x2290

mov r0, r5

blx sym.imp.__snprintf_chk

movs r0, 1

pop {r3, r4, r5, r6, r7, pc}

ldr r0, [0x000022b0]

mov r3, r7

ldr r2, [0x000022b4]

movs r1, 1

ldr r0, [r6, r0]

add r2, pc

ldr r0, [r0]

blx sym.imp.sigemptyset

movs r0, 0

pop {r3, r4, r5, r6, r7, pc}

ldr r1, [0x000022b0]

mov r3, r7

ldr r2, [0x000022b8]

ldr r1, [r6, r1]

add r2, pc

ldr r0, [r1]

movs r1, 1

blx sym.imp.sigemptyset

mov r0, r5

blx sym.imp.__snprintf_chk

movs r0, 0

pop {r3, r4, r5, r6, r7, pc}

--

adds r6, 0xd4

movs r0, r0

adds r6, 0xd8

movs r0, r0

push.w {r4, r5, r6, r7, r8, lr}

mov r6, r1

ldr.w r8, [0x00002340]

movs r1, 0

mov r7, r0

blx sym.imp.__ctype_b_loc

subs r5, r0, 0

add r8, pc

blt 0x2324

movs r2, 1

mov r1, r6

mov r0, r5

blx 0xfa0

subs r4, r0, 0

blt 0x22ee

mov r0, r5

blx sym.imp.__snprintf_chk

mov r0, r4

pop.w {r4, r5, r6, r7, r8, pc}

blx sym.imp.__sprintf_chk

ldr r0, [r0]

cmp r0, 0xb

it ne

cmpne r0, 4

ite eq

moveq r0, 1

movne r0, 0

beq 0x22d4

ldr r2, [0x00002344]

mov r3, r7

mov r4, r0

ldr.w r1, [r8, r2]

ldr r2, [0x00002348]

ldr r0, [r1]

movs r1, 1

add r2, pc

blx sym.imp.sigemptyset

mov r0, r5

blx sym.imp.__snprintf_chk

mov r0, r4

pop.w {r4, r5, r6, r7, r8, pc}

--

b 0x365c

blx 0xff8

ldr r6, [r4, r3]

movs r1, r0

lsls r4, r3, 3

movs r0, r0

ldr r4, [r0, r3]

movs r1, r0

push {r4, r5, r6, lr}

ldr r6, [r0, 0x28]

cbz r6, 0x36be

mov r5, r1

mov r4, r2

cbnz r2, 0x36ae

b 0x36c2

subs r4, r4, r0

beq 0x36c2

mov r1, r5

ldr r0, [r6]

mov r2, r4

blx sym.imp.__fprintf_chk

cmp r0, 0

add r5, r0

--

cbz r3, 0x370a

ldr r0, [r3]

movs r1, 0

blx 0xfac

movs r0, 0

pop {r3, pc}

push {r4, lr}

movs r1, 0

mov r4, r0

ldr r0, [r0]

blx 0xfac

mov r2, r4

movs r1, 0

ldr r0, [r2], 4

blx sym.imp.malloc

movs r2, 0

ldr r0, [r4]

mov r1, r2

blx sym.imp.memset

ldr r0, [r4]

blx sym.imp.__snprintf_chk

mov r0, r4

pop.w {r4, lr}

--

blx sym.imp.__ctype_b_loc

mov r3, r0

sub.w r0, r0, -1

clz r0, r0

str r3, [r4]

lsrs r0, r0, 5

strb r6, [r4, 4]

b 0x508c

mov r0, r2

str r2, [r4]

strb r6, [r4, 4]

b 0x508c

push {r4, lr}

mov r4, r0

ldr r0, [r0]

cbnz r0, 0x50da

mov r0, r4

blx 0xfc8

movs r0, 0

pop {r4, pc}

blx sym.imp.__snprintf_chk

mov r0, r4

blx 0xfc8

--

pop {r3, r4, r5, r6, r7, pc}

movs r0, 3

pop {r3, r4, r5, r6, r7, pc}

nop

ldrb r3, [r0, 4]

cbz r3, 0x515a

push {r4, r5, r6, lr}

mov r5, r0

mov r6, r1

mov r4, r2

cbnz r2, 0x5142

b 0x5156

ldr r3, [r5, 0x34]

subs r4, r4, r0

add r3, r0

str r3, [r5, 0x34]

beq 0x5156

mov r1, r6

ldr r0, [r5]

mov r2, r4

blx sym.imp.__fprintf_chk

cmp r0, 0

add r6, r0

--

bne 0x532a

ldr r1, [0x000053f8]

mov r0, r6

add r2, sp, 0x20

add r1, pc

blx sym.imp.fcntl

cmp r0, 1

bne 0x532a

ldr r3, [sp, 0x20]

add r4, r3

ands r4, r4, 0xff

bne 0x532a

ldr r3, [sp, 0x2c]

cmp r3, 2

beq 0x5370

cmp r3, 4

beq 0x536c

cmp r3, 1

bne.w 0x51fe

mov r0, r7

blx sym.imp.__snprintf_chk

mov r0, r4

ldr r2, [0x000053fc]

ldr r3, [0x000053ec]

add r2, pc

ldr r3, [r2, r3]

ldr r2, [r3]

ldr r3, [sp, 0x3c]

eors r2, r3

mov.w r3, 0

bne 0x53e2

add sp, 0x44

pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc}

orr.w fp, r2, fp, lsl 8

b 0x527e

mov r0, r7

blx sym.imp.__snprintf_chk

movs r0, 2

b 0x530a

[*] Function printf used 17 times stm32flash