[*] Binary protection state of sshd
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of sshd
pop.w {r3, r4, r5, lr}
b.w 0x639c0
ldr r0, [r0, 0x34]
blx 0x5710
ldr r0, [r4, 0x3c]
bl 0x2e580
ldr r0, [r4, 0x40]
bl 0x2e580
ldr r0, [r4, 0x1c]
movs r1, 0x20
movs r5, 0
bl 0x639c0
movs r1, 0x40
ldr r0, [r4, 0x18]
str r5, [r4, 0x1c]
bl 0x639c0
ldr r1, [r4]
str r5, [r4, 0x18]
b 0x2f8fa
ldr r0, [r0, 8]
blx sym.imp.snprintf
movs r3, 0
ldr r1, [r4]
--
pop.w {r4, r5, r6, r7, r8, sb, sl, pc}
sub.w r3, r5, 0x400
cmp.w r3, 0x3c00
bhi.w 0x30916
mov.w sl, 0
str.w sl, [r0, 8]
blx sym.imp.setuid
mov r8, r0
cmp r0, 0
beq 0x308b0
blx sym.imp.raise
mov sb, r0
cmp r0, 0
beq.w 0x30904
mov.w r1, 0x10001
blx sym.imp.mktime
cmp r0, 0
bne 0x308ca
mov r0, r8
mvn r5, 0x15
blx sym.imp.snprintf
mov r0, sb
blx 0x62ec
--
blx 0x5d4c
b 0x30804
mov.w r0, 0x2cc
mov.w r8, 0
strd r0, r8, [r4, 0x10]
blx sym.imp.getpwuid
mov r5, r0
cbz r0, 0x308a6
blx 0x57f8
cmp r0, 1
beq 0x308f2
mov r0, r5
mvn r5, 0x15
blx 0x5188
b 0x30804
movw r0, 0x19f
b 0x3087c
mvn r5, 1
blx 0x5188
b 0x30804
blx sym.imp.snprintf
mov r0, r8
mvn r5, 1
blx 0x62ec
b 0x30804
mvn r5, 1
blx 0x5d4c
b 0x30804
mov r1, r5
mov r3, sl
mov r2, sb
mov r0, r8
blx 0x5648
cmp r0, 0
beq 0x307f4
mov r0, sl
str.w r8, [r4, 8]
blx sym.imp.snprintf
mov r0, sb
blx 0x62ec
b 0x307b0
movw r0, 0x2cb
b 0x3087c
mov r1, r0
mov r0, r5
blx 0x60c4
mov r0, r8
str r5, [r4, 0x14]
blx 0x5188
b 0x307b0
mov r0, r8
mvn r5, 1
blx sym.imp.snprintf
mov r0, sb
blx 0x62ec
--
ble 0x31970
mov r0, r6
blx 0x5558
mov sl, r0
cmp r0, 0
beq 0x319a6
movs r2, 0
mov r1, r0
mov r3, fp
mov r0, r6
str r4, [sp]
str r2, [sp, 4]
blx sym.imp.time
cmp r0, 1
bne 0x3196a
mov r0, r6
mov r1, sl
blx 0x530c
cmp r0, 1
bne 0x31964
blx sym.imp.__vsnprintf_chk
mov r1, r4
mov r2, r0
--
ldrsh r3, [r1, r2]
ldr r3, [0x00032434]
blx 0x5710
mov r0, sl
bl 0x2e580
b 0x320a0
bl 0x2e580
b 0x320a0
ldr.w r3, [r8, 0x10]
ldr r2, [sp]
cmp r3, r2
beq 0x32196
mov r0, r8
mvn r6, 0xe
bl 0x2f8bc
b 0x320a0
ldr r3, [r6, 0x10]
str r3, [sp]
b 0x320e2
ldr.w r0, [sb, 8]
blx sym.imp.snprintf
ldr.w r3, [r8, 8]
str.w r3, [sb, 8]
--
cbz r0, 0x3248c
blx sym.imp.raise
mov r5, r0
cbz r0, 0x3248c
mov r0, r7
blx 0x5684
movs r2, 0
mov r1, r4
blx 0x5c00
cmp r0, 1
bne 0x32480
mov r0, r7
blx sym.imp.closefrom
blx 0x5600
mov r6, r0
mov r0, r4
blx 0x5600
add.w r3, r0, r0, lsr 31
cmp.w r6, r3, asr 1
ble 0x32486
blx sym.imp.__vsnprintf_chk
mov r1, r4
mov r2, r0
--
cmp r0, 0
beq 0x50f8a
ldr r0, [sp, 0x18]
blx 0x57b0
mov r7, r0
cmp r0, 0
beq 0x50f38
mov r0, fp
blx 0x57b0
mov fp, r0
cmp r0, 0
beq 0x50f40
movs r1, 4
mov r0, r6
blx 0x51c4
movs r1, 4
mov r0, r7
blx 0x51c4
ldr r1, [sp, 0x14]
str r1, [sp, 0xc]
blx sym.imp.__vsnprintf_chk
ldr r1, [sp, 0xc]
mov r2, r0
--
blx 0x5270
ldr r2, [0x00050fa4]
ldr r3, [0x00050fa0]
add r2, pc
ldr r3, [r2, r3]
ldr r2, [r3]
ldr r3, [sp, 0x1c]
eors r2, r3
mov.w r3, 0
bne 0x50f96
mov r0, r5
add sp, 0x24
pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc}
mov fp, r0
mvn r5, 1
b 0x50ef8
mvn r5, 1
b 0x50ef8
ldr r1, [sp, 0x10]
str r1, [sp, 0xc]
blx sym.imp.__vsnprintf_chk
ldr r1, [sp, 0xc]
mov r2, r0
--
movs r2, 0x8d
add r0, pc
str r6, [sp, 0xc]
str r5, [sp, 4]
bl 0x42b34
b 0x5159a
ldr r5, [0x0005185c]
movs r2, 2
ldr r1, [0x00051860]
movs r3, 0
ldr r0, [0x00051864]
add r5, pc
strd r2, r3, [sp]
add r1, pc
movs r2, 0x81
add r0, pc
str r5, [sp, 8]
bl 0x42b34
b 0x5159a
ldr r7, [r4, 4]
blx sym.imp.__vsnprintf_chk
mov r1, r0
mov r0, r7
--
add r2, pc
sub sp, 0x20
mov r0, r1
mov r4, r1
ldr r3, [r2, r3]
ldr r3, [r3]
str r3, [sp, 0x1c]
mov.w r3, 0
blx 0x5600
movs r3, 0
mov r6, r0
mov r2, r3
mov r0, r5
add r1, sp, 0x18
blx 0x62bc
mov r0, r4
blx 0x5630
cmp r0, 0
bne.w 0x51a04
mov r5, r0
blx sym.imp.__vsnprintf_chk
mov r1, r0
mov r0, r4
--
movs r2, 0xfb
add r0, pc
bl 0x42b34
ldr r2, [0x00051a90]
ldr r3, [0x00051a80]
add r2, pc
ldr r3, [r2, r3]
ldr r2, [r3]
ldr r3, [sp, 0x1c]
eors r2, r3
mov.w r3, 0
bne.w 0x51a76
mov r0, r5
add sp, 0x20
pop.w {r4, r5, r6, r7, r8, pc}
blx sym.imp.raise
mov r8, r0
cmp r0, 0
beq 0x51a26
ldr r7, [sp, 0x18]
blx sym.imp.__vsnprintf_chk
mov r2, r0
mov r0, r8
--
strd r5, r5, [sp, 0x14]
add r2, pc
ldr r3, [r2, r3]
ldr r3, [r3]
str r3, [sp, 0x2c]
mov.w r3, 0
str r5, [sp, 0xc]
strb.w r4, [sp, 0x1b]
ble 0x52524
sub.w r3, sb, 0x10
add.w r5, r0, 0x10
lsrs r3, r3, 4
add r6, sp, 0x1c
add.w r8, sp, 0xc
add.w sl, r3, 2
str r3, [sp, 4]
mov r2, r7
mov r1, r6
mov r0, r8
adds r5, 0x10
blx sym.imp.__printf_chk
mov ip, r6
ldm.w ip!, {r0, r1, r2, r3}
--
mov r0, r8
blx sym.imp.chroot
movs r2, 0x10
mov r0, r6
mov r1, r2
blx sym.imp.chroot
ldr r2, [0x00052548]
ldr r3, [0x00052544]
add r2, pc
ldr r3, [r2, r3]
ldr r2, [r3]
ldr r3, [sp, 0x2c]
eors r2, r3
mov.w r3, 0
bne 0x5253a
add sp, 0x34
pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc}
mov r2, r7
mov r1, r6
mov r0, r8
blx sym.imp.__printf_chk
mov r2, sb
mov r1, r6
--
blx sym.imp.strndup
movs r3, 0x10
movs r2, 0
mov r1, r8
mov r0, sb
bl 0x52440
movs r5, 0
mov r2, r4
movs r1, 0x80
add.w r7, r6, 0x4d8
mov r0, sb
blx sym.imp.strndup
mov r2, r4
mov r1, r7
add.w r0, r6, 0x4e8
str.w r5, [r6, 0x4e8]
str.w r5, [r6, 0x4ec]
mov r4, r6
str.w r5, [r6, 0x4f0]
str.w r5, [r6, 0x4f4]
blx sym.imp.__printf_chk
movs r2, 0x10
mov r0, sb
--
strd r0, r1, [r3, -0x8]
strd r0, r1, [r3]
ldr.w r3, [fp, 4]
ldr.w r1, [r4, 0x4ec]
ldrb.w r5, [fp, 7]
ubfx r2, r3, 0x18, 8
bic r2, r2, 1
bfi r3, r2, 0x18, 8
and r5, r5, 1
cmp r3, r1
ldr.w r2, [fp]
bne 0x52da6
ldr.w r1, [r4, 0x4e8]
cmp r2, r1
beq 0x52dbc
str.w r2, [r4, 0x4e8]
add.w r0, r4, 0x4e8
add.w r2, r4, 0x4f8
mov r1, r6
str.w r3, [r4, 0x4ec]
blx sym.imp.__printf_chk
add.w r1, r6, r5, lsl 3
ldrd r2, r3, [r7]
--
str r3, [sp, 8]
add.w r5, r0, 0x10
strb.w r2, [sp, 0xb]
add r6, sp, 0x14
ldr r2, [0x00053170]
add r1, pc
strd r3, r3, [sp, 0xc]
add.w r8, sp, 4
add.w sb, sl, 2
movs r4, 1
ldr r2, [r1, r2]
ldr r2, [r2]
str r2, [sp, 0x24]
mov.w r2, 0
str r3, [sp, 4]
strb.w r4, [sp, 0x13]
mov r2, r7
mov r1, r6
mov r0, r8
adds r5, 0x10
blx sym.imp.__printf_chk
mov ip, r6
ldm.w ip!, {r0, r1, r2, r3}
--
mov r1, r2
blx sym.imp.chroot
movs r2, 0x10
mov r0, r6
mov r1, r2
blx sym.imp.chroot
ldr r2, [0x00053174]
ldr r3, [0x00053170]
add r2, pc
ldr r3, [r2, r3]
ldr r2, [r3]
ldr r3, [sp, 0x24]
eors r2, r3
mov.w r3, 0
bne 0x53168
add sp, 0x2c
pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc}
mov r2, r7
mov r1, r6
mov r0, r8
blx sym.imp.__printf_chk
b 0x5312e
blx 0x5d1c
--
blx sym.imp.strndup
movs r3, 0x10
movs r2, 0
mov r1, r8
mov r0, sb
bl 0x53098
movs r5, 0
mov r2, r4
movs r1, 0x80
add.w r6, r7, 0x570
mov r0, sb
blx sym.imp.strndup
mov r2, r4
mov r1, r6
add.w r0, r7, 0x580
str.w r5, [r7, 0x580]
str.w r5, [r7, 0x584]
mov r4, r7
str.w r5, [r7, 0x588]
str.w r5, [r7, 0x58c]
blx sym.imp.__printf_chk
movs r2, 0x10
mov r0, sb
--
strd r0, r1, [r3, -0x8]
strd r0, r1, [r3]
ldr r1, [sp, 8]
ldr.w r2, [r4, 0x584]
ldr r3, [r1, 4]
cmp r3, r2
bne 0x53ba4
ldr r2, [sp, 8]
ldr.w r1, [r4, 0x580]
ldr r2, [r2]
cmp r2, r1
it eq
addeq r6, r4, 0x580
beq 0x53b3e
add.w r6, r4, 0x580
str.w r2, [r4, 0x580]
mov r1, r5
add.w r2, r4, 0x590
mov r0, r6
str.w r3, [r4, 0x584]
blx sym.imp.__printf_chk
ldr.w r2, [r4, 0x570]
ldr r3, [r7]
[*] Function printf used 21 times sshd
