[*] Binary protection state of system-rtc-sync
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of system-rtc-sync
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/system-rtc-sync @ 0x1428 */
| #include <stdint.h>
|
; (fcn) fcn.00001428 () | void fcn_00001428 (int16_t arg_0h, int16_t arg_ch, FILE * stream, int16_t arg_14h, int16_t arg_18h, char * ptr, int16_t arg_4ch, void * s1, int16_t arg_13ch) {
| label_0:
0x00000d3c movs r1, 0 | r1 = 0;
0x00000d3e mov r2, fp | r2 = fp;
0x00000d40 mov r0, r1 | r0 = r1;
0x00000d42 str.w r1, [fp] | __asm ("str.w r1, [fp]");
0x00000d46 blx 0xb24 | r0 = sched_setscheduler ();
0x00000d4a cmp r0, 0 |
0x00000d4c blt.w 0xf48 |
| while (1) {
0x00000d50 mov r0, r5 | r0 = r5;
0x00000d52 blx 0xb18 | close (r0);
0x00000d56 cmp r4, 0 |
| if (r4 != 0) {
0x00000d58 beq 0xe3c |
0x00000d5a b 0xd9e |
0x00000d9e ldr r0, [pc, 0x21c] |
0x00000da0 add r0, pc | r0 = 0x1d62;
0x00000da2 blx 0xa40 | r0 = getenv (r0);
0x00000da6 cmp r0, 0 |
| if (r0 != 0) {
0x00000da8 beq 0xe3a |
0x00000daa ldr r3, [sp, 0x18] | r3 = *(arg_18h);
0x00000dac add r5, sp, 0xf4 | r5 += s1;
0x00000dae ldr r4, [pc, 0x210] |
0x00000db0 mov.w r6, -1 | r6 = -1;
0x00000db4 ldr r1, [pc, 0x20c] |
0x00000db6 movs r2, 0x46 | r2 = 0x46;
0x00000db8 str r6, [r3] | *(r3) = r6;
0x00000dba mov r0, r5 | r0 = r5;
0x00000dbc add r4, pc | r4 = 0x1d82;
0x00000dbe add r1, pc | r1 = 0x1d86;
0x00000dc0 blx 0x9e0 | memcpy (r0, r1, r2);
0x00000dc4 movs r3, 0 | r3 = 0;
0x00000dc6 ldr r1, [sp, 0x14] | r1 = *(arg_14h);
0x00000dc8 mov r0, r4 | r0 = r4;
0x00000dca str r3, [sp, 0x44] | *(ptr) = r3;
0x00000dcc blx 0xa88 | r0 = stat ();
0x00000dd0 cmp r0, 0 |
| if (r0 == 0) {
0x00000dd2 beq.w 0x111a | goto label_7;
| }
0x00000dd6 movs r6, 1 | r6 = 1;
| label_1:
0x00000dd8 mov r0, r5 | r0 = r5;
0x00000dda blx 0xaac | mkstemp (r0);
0x00000dde ldr r3, [sp, 0x18] | r3 = *(arg_18h);
0x00000de0 cmp r0, 0 |
0x00000de2 mov r4, r0 | r4 = r0;
0x00000de4 str r0, [r3] | *(r3) = r0;
| if (r0 < 0) {
0x00000de6 blt.w 0x1180 | goto label_8;
| }
0x00000dea ldr r2, [pc, 0x1dc] |
0x00000dec mov r0, r8 | r0 = r8;
0x00000dee mov r3, r6 | r3 = r6;
0x00000df0 movs r1, 1 | r1 = 1;
0x00000df2 add r2, pc | r2 = 0x1dc0;
0x00000df4 blx 0xa34 | r0 = asprintf_chk ();
0x00000df8 subs r7, r0, 0 | r7 = r0 - 0;
| if (r7 < r0) {
0x00000dfa blt.w 0x119c | goto label_9;
| }
0x00000dfe ldr r1, [sp, 0x44] | r1 = *(ptr);
0x00000e00 mov r2, r7 | r2 = r7;
0x00000e02 mov r0, r4 | r0 = r4;
0x00000e04 blx 0xadc | r0 = write (r0, r1, r2);
0x00000e08 cmp r7, r0 |
| if (r7 == r0) {
0x00000e0a beq.w 0x11ae | goto label_10;
| }
0x00000e0e ldr r3, [sp, 0x10] | r3 = *(stream);
0x00000e10 cmp r0, 0 |
0x00000e12 ldr r6, [r3] | r6 = *(r3);
| if (r0 < 0) {
0x00000e14 blt.w 0x1160 | goto label_11;
| }
0x00000e16 strh r4, [r4, 0xc] | *((r4 + 0xc)) = r4;
0x00000e18 ldr r3, [pc, 0x1b0] |
0x00000e1a add r3, pc | r3 = 0x1dea;
| label_2:
0x00000e1c ldr r2, [pc, 0x1b0] |
0x00000e1e mov r0, r6 | r0 = r6;
0x00000e20 movs r1, 1 | r1 = 1;
0x00000e22 add r2, pc | r2 = 0x1df6;
0x00000e24 blx 0xae8 | fprintf_chk ()
| label_4:
0x00000e28 mov r0, r4 | r0 = r4;
0x00000e2a blx 0xb18 | close (r0);
| label_5:
0x00000e2e mov r0, r5 | r0 = r5;
0x00000e30 blx 0x9f8 | unlink (r0);
0x00000e34 ldr r0, [sp, 0x44] | r0 = *(ptr);
0x00000e36 blx 0x9b0 | free (r0);
| }
| label_3:
0x00000e3a movs r4, 1 | r4 = 1;
| }
0x00000e3c ldr r2, [pc, 0x194] |
0x00000e3e ldr r3, [pc, 0x154] | r3 = *(0xf96);
0x00000e40 add r2, pc | r2 = 0x1e18;
0x00000e42 ldr r3, [r2, r3] | r3 = *(0x1e18);
0x00000e44 ldr r2, [r3] | r2 = *(0x1e18);
0x00000e46 ldr r3, [sp, 0x13c] | r3 = *(arg_13ch);
0x00000e48 eors r2, r3 | r2 ^= r3;
0x00000e4a mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00000e4e bne.w 0x13d6 | goto label_12;
| }
0x00000e52 mov r0, r4 | r0 = r4;
0x00000e54 add sp, 0x144 |
0x00000e56 vpop {d8, d9} | __asm ("vpop {d8, d9}");
0x00000e5a pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x00000f48 ldr r3, [sp, 0x10] | r3 = *(stream);
0x00000f4a ldr r6, [r3] | r6 = *(r3);
0x00000f4c ldr r3, [sp, 0xc] | r3 = *(arg_ch);
0x00000f4e ldr r0, [r3] | r0 = *(r3);
0x00000f50 blx 0xa64 | strerror (r0);
0x00000f54 ldr r2, [pc, 0x9c] |
0x00000f56 mov r3, r0 | r3 = r0;
0x00000f58 movs r1, 1 | r1 = 1;
0x00000f5a mov r0, r6 | r0 = r6;
0x00000f5c add r2, pc | r2 = 0x1f54;
0x00000f5e blx 0xae8 | fprintf_chk ()
0x00000f62 b 0xd50 |
| }
| label_6:
0x00000f6c blx 0xa64 | strerror (r0);
0x00000f70 ldr r2, [pc, 0x84] |
0x00000f72 mov r3, r0 | r3 = r0;
0x00000f74 movs r1, 1 | r1 = 1;
0x00000f76 mov r0, r6 | r0 = r6;
0x00000f78 add r2, pc | r2 = 0x1f74;
0x00000f7a blx 0xae8 | fprintf_chk ()
0x00000f7e b 0xd3c | goto label_0;
| label_7:
0x0000111a ldr r1, [pc, 0x1d8] |
0x0000111c mov r0, r4 | r0 = r4;
0x0000111e str r6, [sp, 0x4c] | *(arg_4ch) = r6;
0x00001120 add r1, pc | r1 = 0x241a;
0x00001122 blx 0x998 | r0 = fopen (r0, r1);
0x00001126 mov r4, r0 | r4 = r0;
| if (r0 == 0) {
0x00001128 cbz r0, 0x114c | goto label_13;
| }
0x0000112a ldr r1, [pc, 0x1cc] |
0x0000112c add r2, sp, 0x4c | r2 += arg_4ch;
0x0000112e add r1, pc | r1 = 0x242c;
0x00001130 blx 0x98c | r0 = isoc99_fscanf ();
0x00001134 mov r6, r0 | r6 = r0;
0x00001136 mov r0, r4 | r0 = r4;
0x00001138 blx 0xaf4 | fclose (r0);
0x0000113c cmp r6, 1 |
| if (r6 != 1) {
0x0000113e bne 0x114c | goto label_13;
| }
0x00001140 ldr r6, [sp, 0x4c] | r6 = *(arg_4ch);
0x00001142 cmp r6, 0 |
0x00001144 it ge |
| if (r6 >= 0) {
0x00001146 addge r6, 1 | r6++;
| goto label_14;
| }
| if (r6 >= 0) {
| label_14:
0x00001148 bge.w 0xdd8 | goto label_1;
| }
| label_13:
0x0000114c ldr r1, [sp, 0x10] | r1 = *(stream);
0x0000114e movs r3, 1 | r3 = 1;
0x00001150 ldr r2, [pc, 0x1a8] |
0x00001152 movs r6, 1 | r6 = 1;
0x00001154 ldr r0, [r1] | r0 = *(r1);
0x00001156 mov r1, r3 | r1 = r3;
0x00001158 add r2, pc | r2 = 0x2458;
0x0000115a blx 0xae8 | fprintf_chk ()
0x0000115e b 0xdd8 | goto label_1;
| label_11:
0x00001160 ldr r3, [sp, 0xc] | r3 = *(arg_ch);
0x00001162 ldr r0, [r3] | r0 = *(r3);
0x00001164 blx 0xa64 | r0 = strerror (r0);
0x00001168 mov r3, r0 | r3 = r0;
0x0000116a b 0xe1c | goto label_2;
| label_8:
0x00001180 ldr r3, [sp, 0x10] | r3 = *(stream);
0x00001182 ldr r4, [r3] | r4 = *(r3);
0x00001184 ldr r3, [sp, 0xc] | r3 = *(arg_ch);
0x00001186 ldr r0, [r3] | r0 = *(r3);
0x00001188 blx 0xa64 | strerror (r0);
0x0000118c ldr r2, [pc, 0x174] |
0x0000118e mov r3, r0 | r3 = r0;
0x00001190 movs r1, 1 | r1 = 1;
0x00001192 mov r0, r4 | r0 = r4;
0x00001194 add r2, pc | r2 = 0x249c;
0x00001196 blx 0xae8 | fprintf_chk ()
0x0000119a b 0xe3a | goto label_3;
| label_9:
0x0000119c ldr r3, [sp, 0x10] | r3 = *(stream);
0x0000119e movs r2, 0x29 | r2 = 0x29;
0x000011a0 ldr r0, [pc, 0x164] |
0x000011a2 movs r1, 1 | r1 = 1;
0x000011a4 ldr r3, [r3] | r3 = *(r3);
0x000011a6 add r0, pc | r0 = 0x24b2;
0x000011a8 blx 0xa04 | fwrite (r0, r1, r2, r3);
0x000011ac b 0xe28 | goto label_4;
| label_10:
0x000011ae mov.w r1, 0x1a4 | r1 = 0x1a4;
0x000011b2 mov r0, r4 | r0 = r4;
0x000011b4 blx 0xb30 | r0 = fchmod (r0, r1);
0x000011b8 cmp r0, 0 |
| if (r0 < 0) {
0x000011ba blt.w 0x134e | goto label_15;
| }
0x000011be ldr r1, [pc, 0x14c] |
0x000011c0 ldr r0, [sp, 0x18] | r0 = *(arg_18h);
0x000011c2 add r1, pc | r1 = 0x24d4;
0x000011c4 bl 0x14f0 | r0 = fcn_000014f0 (r0, r1);
0x000011c8 mov r4, r0 | r4 = r0;
| if (r0 == 0) {
0x000011ca cbnz r0, 0x122c |
0x000011cc ldr r1, [pc, 0x140] |
0x000011ce mov r0, r5 | r0 = r5;
0x000011d0 add r1, pc | r1 = 0x24e4;
0x000011d2 blx 0xaa0 | r0 = rename (r0, r1);
0x000011d6 cmp r0, 0 |
| if (r0 >= 0) {
0x000011d8 blt 0x1212 |
0x000011da ldr r0, [pc, 0x138] |
0x000011dc mov r1, r4 | r1 = r4;
0x000011de add r0, pc | r0 = 0x24f8;
0x000011e0 blx 0xa94 | open (r0, r1, r2);
0x000011e4 ldr r3, [sp, 0x18] | r3 = *(arg_18h);
0x000011e6 cmp r0, 0 |
0x000011e8 str r0, [r3] | *(r3) = r0;
| if (r0 < 0) {
0x000011ea blt.w 0x139c | goto label_16;
| }
0x000011ee ldr r1, [pc, 0x128] |
0x000011f0 ldr r0, [sp, 0x18] | r0 = *(arg_18h);
0x000011f2 add r1, pc | r1 = 0x2510;
0x000011f4 bl 0x14f0 | r0 = fcn_000014f0 (r0, r1);
| if (r0 != 0) {
0x000011f8 cbnz r0, 0x122c | goto label_17;
| }
0x000011fa ldr r3, [sp, 0x10] | r3 = *(stream);
0x000011fc movs r1, 1 | r1 = 1;
0x000011fe ldr r2, [pc, 0x11c] |
0x00001200 ldr r0, [r3] | r0 = *(r3);
0x00001202 mov r3, r6 | r3 = r6;
0x00001204 add r2, pc | r2 = 0x2526;
0x00001206 blx 0xae8 | fprintf_chk ()
0x0000120a ldr r0, [sp, 0x44] | r0 = *(ptr);
0x0000120c blx 0x9b0 | free (r0);
0x00001210 b 0xe3a | goto label_3;
| }
0x00001212 ldr r3, [sp, 0x10] | r3 = *(stream);
0x00001214 ldr r4, [r3] | r4 = *(r3);
0x00001216 ldr r3, [sp, 0xc] | r3 = *(arg_ch);
0x00001218 ldr r0, [r3] | r0 = *(r3);
0x0000121a blx 0xa64 | strerror (r0);
0x0000121e ldr r2, [pc, 0x100] |
0x00001220 mov r3, r0 | r3 = r0;
0x00001222 movs r1, 1 | r1 = 1;
0x00001224 mov r0, r4 | r0 = r4;
0x00001226 add r2, pc | r2 = 0x254c;
0x00001228 blx 0xae8 | fprintf_chk ()
| }
| label_17:
0x0000122c ldr r3, [sp, 0x18] | r3 = *(arg_18h);
0x0000122e ldr r4, [r3] | r4 = *(r3);
0x00001230 cmp r4, 0 |
| if (r4 < 0) {
0x00001232 blt.w 0xe2e | goto label_5;
| }
0x00001236 b 0xe28 | goto label_4;
| label_15:
0x0000134e ldr r3, [sp, 0x10] | r3 = *(stream);
0x00001350 ldr r6, [r3] | r6 = *(r3);
0x00001352 ldr r3, [sp, 0xc] | r3 = *(arg_ch);
0x00001354 ldr r0, [r3] | r0 = *(r3);
0x00001356 blx 0xa64 | strerror (r0);
0x0000135a ldr r2, [pc, 0x84] |
0x0000135c mov r3, r0 | r3 = r0;
0x0000135e movs r1, 1 | r1 = 1;
0x00001360 mov r0, r6 | r0 = r6;
0x00001362 add r2, pc | r2 = 0x2748;
0x00001364 blx 0xae8 | fprintf_chk ()
0x00001368 b 0xe28 | goto label_4;
| label_16:
0x0000139c ldr r3, [sp, 0x10] | r3 = *(stream);
0x0000139e ldr r4, [r3] | r4 = *(r3);
0x000013a0 ldr r3, [sp, 0xc] | r3 = *(arg_ch);
0x000013a2 ldr r0, [r3] | r0 = *(r3);
0x000013a4 blx 0xa64 | strerror (r0);
0x000013a8 ldr r2, [pc, 0x40] |
0x000013aa mov r3, r0 | r3 = r0;
0x000013ac movs r1, 1 | r1 = 1;
0x000013ae mov r0, r4 | r0 = r4;
0x000013b0 add r2, pc | r2 = 0x27a0;
0x000013b2 blx 0xae8 | fprintf_chk ()
0x000013b6 b 0xe2e | goto label_5;
| label_12:
0x000013d6 blx 0x9ec | stack_chk_fail ();
0x000013da nop |
0x000013dc lsls r2, r0, 0x15 | r2 = r0 << 0x15;
0x000013de movs r0, r0 |
0x000013e0 lsls r6, r1, 0x1d | r6 = r1 << 0x1d;
0x000013e2 movs r0, r0 |
0x000013e4 lsls r6, r4, 0x16 | r6 = r4 << 0x16;
0x000013e6 movs r0, r0 |
0x000013e8 lsls r4, r5, 0x15 | r4 = r5 << 0x15;
0x000013ea movs r0, r0 |
0x000013ec lsls r4, r3, 0x1e | r4 = r3 << 0x1e;
0x000013ee movs r0, r0 |
0x000013f0 lsls r2, r1, 0x16 | r2 = r1 << 0x16;
0x000013f2 movs r0, r0 |
0x00001428 adds r0, 0x14 | r0 += 0x14;
0x0000142a b 0xf6c | goto label_6;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/system-rtc-sync @ 0x14f0 */
| #include <stdint.h>
|
; (fcn) fcn.000014f0 () | void fcn_000014f0 (int16_t arg1, int16_t arg2) {
| int16_t var_0h;
| r0 = arg1;
| r1 = arg2;
0x000014f0 push {r4, r5, r6, lr} |
0x000014f2 mov r4, r0 | r4 = r0;
0x000014f4 ldr r5, [pc, 0x64] |
0x000014f6 sub sp, 8 |
0x000014f8 mov r6, r1 | r6 = r1;
0x000014fa ldr r0, [r0] | r0 = *(r0);
0x000014fc blx 0x968 | r0 = fsync ();
0x00001500 cmp r0, 0 |
0x00001502 add r5, pc | r5 = 0x2a62;
| if (r0 < 0) {
0x00001504 blt 0x151e | goto label_1;
| }
0x00001506 ldr r0, [r4] | r0 = *(r4);
0x00001508 blx 0xb18 | r0 = close (r0);
0x0000150c cmp r0, 0 |
0x0000150e mov.w r3, -1 | r3 = -1;
0x00001512 it ge |
| if (r0 < 0) {
0x00001514 movge r0, 0 | r0 = 0;
| }
0x00001516 str r3, [r4] | *(r4) = r3;
| if (r0 < 0) {
0x00001518 blt 0x1544 | goto label_2;
| }
| do {
0x0000151a add sp, 8 |
0x0000151c pop {r4, r5, r6, pc} |
| label_1:
0x0000151e ldr r3, [pc, 0x40] | r3 = *(0x1562);
0x00001520 ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x00001522 ldr r5, [r3] | r5 = *(0x1562);
0x00001524 blx 0xab8 | r0 = errno_location ();
0x00001528 ldr r0, [r0] | r0 = *(r0);
0x0000152a blx 0xa64 | strerror (r0);
0x0000152e ldr r2, [pc, 0x34] |
0x00001530 mov r4, r0 | r4 = r0;
0x00001532 add r2, pc | r2 = 0x2a9c;
| label_0:
0x00001534 mov r3, r6 | r3 = r6;
0x00001536 movs r1, 1 | r1 = 1;
0x00001538 mov r0, r5 | r0 = r5;
0x0000153a str r4, [sp] | *(sp) = r4;
0x0000153c blx 0xae8 | fprintf_chk ()
0x00001540 movs r0, 1 | r0 = 1;
0x00001542 b 0x151a |
| } while (1);
| label_2:
0x00001544 ldr r3, [pc, 0x18] | r3 = *(0x1560);
0x00001546 ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x00001548 ldr r5, [r3] | r5 = *(0x1560);
0x0000154a blx 0xab8 | r0 = errno_location ();
0x0000154e ldr r0, [r0] | r0 = *(r0);
0x00001550 blx 0xa64 | strerror (r0);
0x00001554 ldr r2, [pc, 0x10] |
0x00001556 mov r4, r0 | r4 = r0;
0x00001558 add r2, pc | r2 = 0x2ac4;
0x0000155a b 0x1534 | goto label_0;
| }
[*] Function fprintf used 11 times system-rtc-sync
