[*] Binary protection state of libaes.ko
No RELRO No Canary found NX disabled REL No RPATH No RUNPATH Symbols
[*] Function mmap tear down of libaes.ko
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis8/kernel/lib/crypto/libaes.ko @ 0x8000108 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) sym.aes_expandkey () | uint32_t aes_expandkey (int32_t arg1, int32_t arg2) {
| int32_t var_4h;
| int32_t var_8h;
| int32_t var_ch;
| int32_t var_14h;
| r0 = arg1;
| r1 = arg2;
0x08000108 sub ip, r2, 0x10 |
0x0800010c cmp ip, 0x10 |
| if (ip <= 0x10) {
0x08000110 bhi 0x8000128 |
0x08000114 movw r3, 0x101 |
0x08000118 movt r3, 1 | r3 = 0x10101;
0x0800011c lsr r3, r3, ip | r3 >>= ip;
0x08000120 tst r3, 1 |
| if ((r3 & 1) != 0) {
0x08000124 bne 0x8000130 | goto label_1;
| }
| }
0x08000128 mvn r0, 0x15 | r0 = ~0x15;
0x0800012c bx lr | return r0;
| label_1:
0x08000130 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x08000134 lsr lr, r2, 2 | lr = r2 >> 2;
0x08000138 cmp lr, 0 |
0x0800013c sub sp, sp, 0x14 |
0x08000140 mov sl, r2 | sl = r2;
0x08000144 mov r7, r0 | r7 = r0;
| if (lr == 0) {
0x08000148 movne r3, r0 | r3 = r0;
| }
| if (lr == 0) {
0x0800014c addne ip, r0, lr, lsl 2 |
| }
0x08000150 str r2, [r0, 0x1e0] | *((r0 + 0x1e0)) = r2;
| if (lr == 0) {
0x08000154 beq 0x8000168 | goto label_2;
| }
| do {
0x08000158 ldr r2, [r1], 4 | r2 = *(r1);
| r1 += 4;
0x0800015c str r2, [r3], 4 | *(r3) = r2;
| r3 += 4;
0x08000160 cmp r3, ip |
0x08000164 bne 0x8000158 |
| } while (r3 != ip);
| label_2:
0x08000168 sub lr, lr, 0xc0000001 | lr -= 0xc0000001;
0x0800016c mov r8, 1 | r8 = 1;
0x08000170 bic r6, sl, 3 | r6 = BIT_MASK (sl, 3);
0x08000174 mov fp, r8 |
0x08000178 lsl r3, lr, 2 | r3 = lr << 2;
0x0800017c str r3, [sp, 4] | var_4h = r3;
0x08000180 add r2, r3, 4 | r2 = r3 + 4;
0x08000184 movw r3, 0xfefe |
0x08000188 movt r3, 0xfefe | r3 = 0xfefefefe;
0x0800018c add r6, r7, r6 | r6 = r7 + r6;
0x08000190 mov r5, r7 | r5 = r7;
0x08000194 mov r4, r8 | r4 = r8;
0x08000198 movw sb, 0x101 |
0x0800019c movt sb, 0x101 | sb = 0x1010101;
0x080001a0 str r7, [sp, 8] | var_8h = r7;
0x080001a4 mov r8, r2 | r8 = r2;
0x080001a8 str r7, [sp, 0xc] | var_ch = r7;
0x080001ac mov r7, fp | r7 = fp;
0x080001b0 mov fp, r3 |
0x080001b4 b 0x80001d8 |
| while (sl != 0x18) {
0x080001b8 cmp sl, 0x20 |
| if (sl == 0x20) {
0x080001bc beq 0x800026c | goto label_3;
| }
0x080001c0 eor r7, ip, lr | r7 = ip ^ lr;
0x080001c4 cmp r4, 0xa |
| if (r4 == 0xa) {
0x080001c8 beq 0x80002b0 | goto label_4;
| }
| label_0:
0x080001cc add r5, r5, r8 | r5 += r8;
0x080001d0 add r6, r6, r8 | r6 += r8;
0x080001d4 add r4, r4, 1 | r4++;
0x080001d8 ldr r3, [sp, 4] | r3 = var_4h;
0x080001dc ldr r0, [r5, r3] | r0 = *((r5 + r3));
0x080001e0 bl 0x8000070 | subw ();
0x080001e4 ldr r1, [r5] | r1 = *(r5);
0x080001e8 eor r0, r7, r0, ror 8 | r0 = r7 ^ (r0 >>> 8);
0x080001ec and ip, sb, r7, lsr 7 |
0x080001f0 eor r0, r0, r1 | r0 ^= r1;
0x080001f4 str r0, [r6] | *(r6) = r0;
0x080001f8 mov r3, 0x1b | r3 = 0x1b;
0x080001fc and lr, fp, r7, lsl 1 | lr = fp & (r7 << 1);
0x08000200 ldr r1, [r5, 4] | r1 = *((r5 + 4));
0x08000204 cmp sl, 0x18 |
0x08000208 mul ip, r3, ip |
0x0800020c eor r0, r0, r1 | r0 ^= r1;
0x08000210 str r0, [r6, 4] | *((r6 + 4)) = r0;
0x08000214 ldr r1, [r5, 8] | r1 = *((r5 + 8));
0x08000218 eor r1, r1, r0 | r1 ^= r0;
0x0800021c str r1, [r6, 8] | *((r6 + 8)) = r1;
0x08000220 ldr r0, [r5, 0xc] | r0 = *((r5 + 0xc));
0x08000224 eor r0, r0, r1 | r0 ^= r1;
0x08000228 str r0, [r6, 0xc] | *((r6 + 0xc)) = r0;
0x0800022c bne 0x80001b8 |
| }
0x08000230 sub r1, r4, 1 | r1 = r4 - 1;
0x08000234 cmp r1, 6 |
| if (r1 > 6) {
0x08000238 bhi 0x80002b0 | goto label_4;
| }
0x0800023c ldr r1, [r5, 0x10] | r1 = *((r5 + 0x10));
0x08000240 eor r1, r1, r0 | r1 ^= r0;
0x08000244 str r1, [r6, 0x10] | *((r6 + 0x10)) = r1;
0x08000248 ldr r0, [r5, 0x14] | r0 = *((r5 + 0x14));
0x0800024c eor r1, r1, r0 | r1 ^= r0;
0x08000250 str r1, [r6, 0x14] | *((r6 + 0x14)) = r1;
| do {
0x08000254 and r1, sb, r7, lsr 7 | r1 = sb & (r7 >> 7);
0x08000258 mov r2, 0x1b | r2 = 0x1b;
0x0800025c and r3, fp, r7, lsl 1 | r3 = fp & (r7 << 1);
0x08000260 mul r1, r2, r1 | r1 = r2 * r1;
0x08000264 eor r7, r1, r3 | r7 = r1 ^ r3;
0x08000268 b 0x80001cc | goto label_0;
| label_3:
0x0800026c sub r1, r4, 1 | r1 = r4 - 1;
0x08000270 cmp r1, 5 |
| if (r1 > 5) {
0x08000274 bhi 0x80002b0 | goto label_4;
| }
0x08000278 bl 0x8000070 | subw ();
0x0800027c ldr r1, [r5, 0x10] | r1 = *((r5 + 0x10));
0x08000280 eor r1, r1, r0 | r1 ^= r0;
0x08000284 str r1, [r6, 0x10] | *((r6 + 0x10)) = r1;
0x08000288 ldr r0, [r5, 0x14] | r0 = *((r5 + 0x14));
0x0800028c eor r1, r1, r0 | r1 ^= r0;
0x08000290 str r1, [r6, 0x14] | *((r6 + 0x14)) = r1;
0x08000294 ldr r0, [r5, 0x18] | r0 = *((r5 + 0x18));
0x08000298 eor r1, r1, r0 | r1 ^= r0;
0x0800029c str r1, [r6, 0x18] | *((r6 + 0x18)) = r1;
0x080002a0 ldr r0, [r5, 0x1c] | r0 = *((r5 + 0x1c));
0x080002a4 eor r1, r1, r0 | r1 ^= r0;
0x080002a8 str r1, [r6, 0x1c] | *((r6 + 0x1c)) = r1;
0x080002ac b 0x8000254 |
| } while (1);
| label_4:
0x080002b0 ldr r7, [sp, 0xc] | r7 = var_ch;
0x080002b4 add r8, sl, 0x18 | r8 = sl + 0x18;
0x080002b8 ldr r4, [sp, 8] | r4 = var_8h;
0x080002bc mov r6, 4 | r6 = 4;
0x080002c0 add r5, r7, sl, lsl 2 | r5 = r7 + (sl << 2);
0x080002c4 ldr r3, [r5, 0x60] | r3 = *((r5 + 0x60));
0x080002c8 str r3, [r7, 0xf0] | *((r7 + 0xf0)) = r3;
0x080002cc ldr r3, [r5, 0x64] | r3 = *((r5 + 0x64));
0x080002d0 str r3, [r7, 0xf4] | *((r7 + 0xf4)) = r3;
0x080002d4 ldr r3, [r5, 0x68] | r3 = *((r5 + 0x68));
0x080002d8 str r3, [r7, 0xf8] | *((r7 + 0xf8)) = r3;
0x080002dc ldr r3, [r5, 0x6c] | r3 = *((r5 + 0x6c));
0x080002e0 str r3, [r7, 0xfc] | *((r7 + 0xfc)) = r3;
| do {
0x080002e4 add r4, r4, 0x10 | r4 += 0x10;
0x080002e8 ldr r0, [r5, 0x50] | r0 = *((r5 + 0x50));
0x080002ec sub r5, r5, 0x10 | r5 -= 0x10;
0x080002f0 bl 0x80000a4 | inv_mix_columns ();
0x080002f4 str r0, [r4, 0xf0] | *((r4 + 0xf0)) = r0;
0x080002f8 ldr r0, [r5, 0x64] | r0 = *((r5 + 0x64));
0x080002fc bl 0x80000a4 | inv_mix_columns ();
0x08000300 str r0, [r4, 0xf4] | *((r4 + 0xf4)) = r0;
0x08000304 ldr r0, [r5, 0x68] | r0 = *((r5 + 0x68));
0x08000308 bl 0x80000a4 | inv_mix_columns ();
0x0800030c str r0, [r4, 0xf8] | *((r4 + 0xf8)) = r0;
0x08000310 ldr r0, [r5, 0x6c] | r0 = *((r5 + 0x6c));
0x08000314 bl 0x80000a4 | inv_mix_columns ();
0x08000318 mov r3, r6 | r3 = r6;
0x0800031c add r6, r6, 4 | r6 += 4;
0x08000320 str r0, [r4, 0xfc] | *((r4 + 0xfc)) = r0;
0x08000324 cmp r8, r6 |
0x08000328 bne 0x80002e4 |
| } while (r8 != r6);
0x0800032c add r3, r7, r3, lsl 2 | r3 = r7 + (r3 << 2);
0x08000330 ldr r2, [r7] | r2 = *(r7);
0x08000334 mov r0, 0 | r0 = 0;
0x08000338 str r2, [r3, 0x100] | *((r3 + 0x100)) = r2;
0x0800033c ldr r2, [r7, 4] | r2 = *((r7 + 4));
0x08000340 str r2, [r3, 0x104] | *((r3 + 0x104)) = r2;
0x08000344 ldr r2, [r7, 8] | r2 = *((r7 + 8));
0x08000348 str r2, [r3, 0x108] | *((r3 + 0x108)) = r2;
0x0800034c ldr r2, [r7, 0xc] | r2 = *((r7 + 0xc));
0x08000350 str r2, [r3, 0x10c] | *((r3 + 0x10c)) = r2;
0x08000354 add sp, sp, 0x14 |
0x08000358 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
[*] Function mmap used 1 times libaes.ko