[*] Binary protection state of mod_proxy.so
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of mod_proxy.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/apache2/modules/mod_proxy.so @ 0xe8fc */
| #include <stdint.h>
|
; (fcn) sym.ap_proxy_backend_broke () | void ap_proxy_backend_broke (int16_t arg1, int16_t arg2) {
| r0 = arg1;
| r1 = arg2;
| if (? < ?) {
0x0000e8fc andhs r6, r1, 0x10c000 | r6 = r1 & 0x10c000;
| }
0x0000e900 push {r4, r5, r6, lr} |
0x0000e902 mov r4, r1 | r4 = r1;
0x0000e904 ldr r5, [r0, 4] | r5 = *((r0 + 4));
0x0000e906 str.w r2, [r0, 0x124] | __asm ("str.w r2, aav.0x000000ff");
| if (r3 != 0) {
0x0000e90a cbz r3, 0xe910 |
0x0000e90c str.w r2, [r3, 0x124] | __asm ("str.w r2, aav.0x000000ff");
| }
0x0000e910 ldr r3, [r5, 0x40] | r3 = *((r5 + 0x40));
0x0000e912 movs r1, 0 | r1 = 0;
0x0000e914 ldr r2, [r5] | r2 = *(r5);
0x0000e916 adds r6, r4, 4 | r6 = r4 + 4;
0x0000e918 mov.w r0, 0x1f6 | r0 = 0x1f6;
0x0000e91c blx 0x4774 | r0 = fcn_00004774 ();
0x0000e920 str r6, [r0] | *(r0) = r6;
0x0000e922 mov r3, r0 | r3 = r0;
0x0000e924 ldr r2, [r4, 8] | r2 = *((r4 + 8));
0x0000e926 ldr r0, [r5, 0x40] | r0 = *((r5 + 0x40));
0x0000e928 str r2, [r3, 4] | *((r3 + 4)) = r2;
0x0000e92a ldr r2, [r4, 8] | r2 = *((r4 + 8));
0x0000e92c str r3, [r2] | *(r2) = r3;
0x0000e92e str r3, [r4, 8] | *((r4 + 8)) = r3;
0x0000e930 blx 0x4928 | r0 = loc_imp_ap_rwrite ();
0x0000e934 str r6, [r0] | *(r0) = r6;
0x0000e936 ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x0000e938 str r3, [r0, 4] | *((r0 + 4)) = r3;
0x0000e93a ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x0000e93c str r0, [r3] | *(r3) = r0;
0x0000e93e str r0, [r4, 8] | *((r4 + 8)) = r0;
0x0000e940 pop {r4, r5, r6, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/apache2/modules/mod_proxy.so @ 0xea58 */
| #include <stdint.h>
|
; (fcn) sym.ap_proxy_location_reverse_map () | void ap_proxy_location_reverse_map (int16_t arg_40dh, int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_14h;
| int16_t var_18h;
| char * s2;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x0000ea58 push {r0, r1, sb, fp, sp, lr} |
0x0000ea5c ldr r7, [pc, 0x3c0] | r7 = *(0xee20);
0x0000ea5e sub sp, 0x24 |
0x0000ea60 ldr r4, [pc, 0x218] |
0x0000ea62 mov r7, r2 | r7 = r2;
0x0000ea64 cmp r3, 2 |
0x0000ea66 str r0, [sp, 0x10] | var_10h = r0;
0x0000ea68 add r4, pc | r4 = 0x1d6e8;
0x0000ea6a str r1, [sp, 0x14] | var_14h = r1;
| if (r3 != 2) {
0x0000ea6c bne.w 0xec02 | goto label_7;
| }
0x0000ea70 mov r0, r2 | r0 = r2;
0x0000ea72 blx 0x45dc | fcn_000045dc ();
0x0000ea76 ldr r3, [sp, 0x14] | r3 = var_14h;
0x0000ea78 str r0, [sp] | *(sp) = r0;
0x0000ea7a ldrsb.w r2, [r3, 0x15] | r2 = *((r3 + 0x15));
0x0000ea7e ldr r3, [r3, 8] | r3 = *((r3 + 8));
0x0000ea80 cmp r2, 1 |
0x0000ea82 it ne |
| if (r2 == 1) {
0x0000ea84 ldrne r2, [r3, 0x10] | r2 = *((r3 + 0x10));
| }
| if (r2 == 1) {
0x0000ea86 beq.w 0xec38 | goto label_9;
| }
| label_6:
0x0000ea8a ldr r3, [r3, 8] | r3 = *((r3 + 8));
0x0000ea8c cmp r3, 0 |
| if (r3 <= 0) {
0x0000ea8e ble.w 0xec02 | goto label_7;
| }
0x0000ea92 ldr r3, [pc, 0x1ec] | r3 = *(0xec82);
0x0000ea94 str r2, [sp, 8] | var_8h = r2;
0x0000ea96 ldr r3, [r4, r3] | r3 = *((r4 + r3));
0x0000ea98 str r3, [sp, 0x18] | var_18h = r3;
0x0000ea9a ldr r3, [pc, 0x1e8] |
0x0000ea9c add r3, pc | r3 = 0x1d726;
0x0000ea9e str r3, [sp, 0x1c] | s2 = r3;
0x0000eaa0 movs r3, 0 | r3 = 0;
0x0000eaa2 str r3, [sp, 0xc] | var_ch = r3;
0x0000eaa4 b 0xeaea |
| while (r0 == 0) {
| label_0:
0x0000eaa6 mov r0, r6 | r0 = r6;
0x0000eaa8 blx 0x45dc | fcn_000045dc ();
0x0000eaac ldrb r5, [r6] | r5 = *(r6);
0x0000eaae mov r4, r0 | r4 = r0;
0x0000eab0 cmp r5, 0x2f |
| if (r5 == 0x2f) {
0x0000eab2 beq.w 0xec0a | goto label_10;
| }
| label_3:
0x0000eab6 ldr r0, [sp] | r0 = *(sp);
0x0000eab8 mov r5, r7 | r5 = r7;
| label_4:
0x0000eaba cmp r0, r4 |
0x0000eabc it ge |
| if (r0 >= r4) {
0x0000eabe cmpge r4, 0 | __asm ("cmpge r4, 0");
| }
| if (r0 > r4) {
0x0000eac0 ble 0xead2 |
0x0000eac2 mov r0, r6 | r0 = r6;
0x0000eac4 mov r2, r4 | r2 = r4;
0x0000eac6 mov r1, r5 | r1 = r5;
0x0000eac8 blx 0x46e4 | r0 = fcn_000046e4 ();
0x0000eacc cmp r0, 0 |
| if (r0 == 0) {
0x0000eace beq.w 0xec72 | goto label_11;
| }
| }
| label_1:
0x0000ead2 ldr r3, [sp, 0x14] | r3 = var_14h;
0x0000ead4 ldr r2, [sp, 0xc] | r2 = var_ch;
0x0000ead6 ldr r1, [sp, 8] | r1 = var_8h;
0x0000ead8 ldr r3, [r3, 8] | r3 = *((r3 + 8));
0x0000eada adds r2, 1 | r2++;
0x0000eadc adds r1, 0x14 | r1 += 0x14;
0x0000eade str r2, [sp, 0xc] | var_ch = r2;
0x0000eae0 ldr r3, [r3, 8] | r3 = *((r3 + 8));
0x0000eae2 str r1, [sp, 8] | var_8h = r1;
0x0000eae4 cmp r3, r2 |
| if (r3 <= r2) {
0x0000eae6 ble.w 0xec02 | goto label_7;
| }
0x0000eaea ldr r2, [sp, 8] | r2 = var_8h;
0x0000eaec movs r1, 0 | r1 = 0;
0x0000eaee ldr r3, [sp, 0x10] | r3 = var_10h;
0x0000eaf0 ldr r6, [r2] | r6 = *(r2);
0x0000eaf2 ldr r3, [r3, 8] | r3 = *((r3 + 8));
0x0000eaf4 ldr r2, [sp, 0x18] | r2 = var_18h;
0x0000eaf6 mov r0, r6 | r0 = r6;
0x0000eaf8 ldr r3, [r3, 0x18] | r3 = *((r3 + 0x18));
0x0000eafa ldr r2, [r2, 8] | r2 = *((r2 + 8));
0x0000eafc ldr.w r4, [r3, r2, lsl 2] | offset_0 = r2 << 2;
| r4 = *((r3 + offset_0));
0x0000eb00 blx 0x43e8 | r0 = loc_imp_ap_regexec ();
0x0000eb04 cmp r0, 0 |
0x0000eb06 beq 0xeaa6 |
| }
0x0000eb08 ldr r3, [sp, 0x10] | r3 = var_10h;
0x0000eb0a mov r1, r4 | r1 = r4;
0x0000eb0c mov r2, r6 | r2 = r6;
0x0000eb0e ldr r0, [r3] | r0 = *(r3);
0x0000eb10 movs r3, 1 | r3 = 1;
0x0000eb12 blx 0x43a8 | r0 = fcn_000043a8 ();
0x0000eb16 cmp r0, 0 |
| if (r0 == 0) {
0x0000eb18 beq 0xeaa6 | goto label_0;
| }
0x0000eb1a ldr r4, [r0] | r4 = *(r0);
0x0000eb1c movs r1, 0x2f | r1 = 0x2f;
0x0000eb1e add.w r0, r6, 0xb | r0 = r6 + 0xb;
0x0000eb22 blx 0x4600 | fcn_00004600 ();
0x0000eb26 ldr r6, [r4, 0x10] | r6 = *((r4 + 0x10));
0x0000eb28 mov r8, r0 | r8 = r0;
0x0000eb2a cmp r0, 0 |
| if (r0 == 0) {
0x0000eb2c beq.w 0xec34 | goto label_12;
| }
0x0000eb30 ldrb r3, [r0, 1] | r3 = *((r0 + 1));
0x0000eb32 cmp r3, 0 |
| if (r3 == 0) {
0x0000eb34 beq 0xec32 | goto label_13;
| }
0x0000eb36 blx 0x45dc | r0 = fcn_000045dc ();
0x0000eb3a mov sl, r0 | sl = r0;
| label_5:
0x0000eb3c ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x0000eb3e cmp r3, 0 |
0x0000eb40 str r3, [sp, 4] | var_4h = r3;
| if (r3 <= 0) {
0x0000eb42 ble 0xead2 | goto label_1;
| }
0x0000eb44 mov r3, r7 | r3 = r7;
0x0000eb46 subs r6, 4 | r6 -= 4;
0x0000eb48 mov r7, r8 | r7 = r8;
0x0000eb4a movs r5, 0 | r5 = 0;
0x0000eb4c mov r8, r3 | r8 = r3;
0x0000eb4e b 0xeb8e |
| while (r7 != 0) {
0x0000eb50 add.w lr, r0, -1 | lr = r0 + -1;
0x0000eb54 mov r0, sb | r0 = sb;
0x0000eb56 add.w ip, fp, lr |
0x0000eb5a mov r1, r8 | r1 = r8;
0x0000eb5c ldrb.w r3, [ip, 0x40d] | r3 = *((ip + 0x40d));
0x0000eb60 cmp r3, 0x2f |
0x0000eb62 it eq |
| if (r3 != 0x2f) {
0x0000eb64 moveq r4, lr | r4 = lr;
| }
0x0000eb66 ldr r3, [sp] | r3 = *(sp);
0x0000eb68 add.w sb, r4, sl | sb = r4 + sl;
0x0000eb6c mov r2, r4 | r2 = r4;
0x0000eb6e cmp sb, r3 |
| if (sb <= r3) {
0x0000eb70 bgt 0xeb88 |
0x0000eb72 blx 0x46e4 | r0 = fcn_000046e4 ();
0x0000eb76 mov r3, r0 | r3 = r0;
0x0000eb78 mov r2, sl | r2 = sl;
0x0000eb7a add.w r1, r8, r4 | r1 = r8 + r4;
0x0000eb7e mov r0, r7 | r0 = r7;
| if (r3 != 0) {
0x0000eb80 cbnz r3, 0xeb88 | goto label_2;
| }
0x0000eb82 blx 0x4ae8 | r0 = fcn_00004ae8 ();
| if (r0 == 0) {
0x0000eb86 cbz r0, 0xebe6 | goto label_14;
| }
| }
| label_2:
0x0000eb88 ldr r3, [sp, 4] | r3 = var_4h;
0x0000eb8a cmp r3, r5 |
| if (r3 == r5) {
0x0000eb8c beq 0xec2e | goto label_15;
| }
0x0000eb8e ldr r3, [r6, 4]! | r3 = *((r6 += 4));
0x0000eb92 adds r5, 1 | r5++;
0x0000eb94 ldr.w fp, [r3, 0x10] | fp = *((r3 + 0x10));
0x0000eb98 addw sb, fp, 0x40d | __asm ("addw sb, arg_40dh");
0x0000eb9c mov r0, sb | r0 = sb;
0x0000eb9e blx 0x45dc | r0 = fcn_000045dc ();
0x0000eba2 mov r4, r0 | r4 = r0;
0x0000eba4 cmp r7, 0 |
0x0000eba6 bne 0xeb50 |
| }
0x0000eba8 ldr r3, [sp] | r3 = *(sp);
0x0000ebaa mov r2, r0 | r2 = r0;
0x0000ebac mov r1, r8 | r1 = r8;
0x0000ebae mov r0, sb | r0 = sb;
0x0000ebb0 cmp r3, r4 |
| if (r3 < r4) {
0x0000ebb2 blt 0xeb88 | goto label_2;
| }
0x0000ebb4 blx 0x46e4 | r0 = fcn_000046e4 ();
0x0000ebb8 cmp r0, 0 |
| if (r0 != 0) {
0x0000ebba bne 0xeb88 | goto label_2;
| }
0x0000ebbc ldr r3, [sp, 8] | r3 = var_8h;
0x0000ebbe mov r7, r8 | r7 = r8;
0x0000ebc0 adds r2, r7, r4 | r2 = r7 + r4;
0x0000ebc2 ldr r1, [r3, 4] | r1 = *((r3 + 4));
0x0000ebc4 ldr r3, [sp, 0x10] | r3 = var_10h;
0x0000ebc6 ldr r0, [r3] | r0 = *(r3);
0x0000ebc8 ldrb r3, [r1] | r3 = *(r1);
0x0000ebca cmp r3, 0x2f |
| if (r3 != 0x2f) {
0x0000ebcc bne 0xec4e | goto label_16;
| }
0x0000ebce ldrb r3, [r1, 1] | r3 = *((r1 + 1));
0x0000ebd0 cmp r3, 0 |
| if (r3 != 0) {
0x0000ebd2 bne 0xec4e | goto label_16;
| }
0x0000ebd4 ldrb.w r3, [r8, r4] | r3 = *((r8 + r4));
0x0000ebd8 cmp r3, 0x2f |
| if (r3 != 0x2f) {
0x0000ebda bne 0xec4e | goto label_16;
| }
0x0000ebdc mov r1, r2 | r1 = r2;
0x0000ebde blx 0x45e8 | r0 = fcn_000045e8 ();
0x0000ebe2 mov r7, r0 | r7 = r0;
0x0000ebe4 b 0xec56 | goto label_17;
| label_14:
0x0000ebe6 ldr r3, [sp, 8] | r3 = var_8h;
0x0000ebe8 mov r4, sb | r4 = sb;
0x0000ebea mov r7, r8 | r7 = r8;
0x0000ebec adds r2, r7, r4 | r2 = r7 + r4;
0x0000ebee ldr r1, [r3, 4] | r1 = *((r3 + 4));
0x0000ebf0 mov r3, r0 | r3 = r0;
| label_8:
0x0000ebf2 ldr r0, [sp, 0x10] | r0 = var_10h;
0x0000ebf4 ldr r0, [r0] | r0 = *(r0);
0x0000ebf6 blx 0x4910 | r0 = fcn_00004910 ();
0x0000ebfa mov r7, r0 | r7 = r0;
0x0000ebfc blx 0x475c | r0 = fcn_0000475c ();
| if (r0 == 0) {
0x0000ec00 cbz r0, 0xec60 | goto label_18;
| }
| label_7:
0x0000ec02 mov r0, r7 | r0 = r7;
0x0000ec04 add sp, 0x24 |
0x0000ec06 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_10:
0x0000ec0a ldr r1, [sp, 0x1c] | r1 = s2;
0x0000ec0c mov r0, r7 | r0 = r7;
0x0000ec0e blx 0x4004 | r0 = strstr (r0, r1);
0x0000ec12 cmp r0, 0 |
| if (r0 == 0) {
0x0000ec14 beq.w 0xeab6 | goto label_3;
| }
0x0000ec16 add r7, sp, 0x13c | r7 = sp + 0x13c;
0x0000ec18 mov r1, r5 | r1 = r5;
0x0000ec1a adds r0, 3 | r0 += 3;
0x0000ec1c blx 0x4600 | r0 = fcn_00004600 ();
0x0000ec20 mov r5, r0 | r5 = r0;
0x0000ec22 cmp r0, 0 |
| if (r0 == 0) {
0x0000ec24 beq.w 0xeab6 | goto label_3;
| }
0x0000ec28 blx 0x45dc | fcn_000045dc ();
0x0000ec2c b 0xeaba | goto label_4;
| label_15:
0x0000ec2e mov r7, r8 | r7 = r8;
0x0000ec30 b 0xead2 | goto label_1;
| label_13:
0x0000ec32 mov r8, r3 | r8 = r3;
| label_12:
0x0000ec34 mov sl, r8 | sl = r8;
0x0000ec36 b 0xeb3c | goto label_5;
| label_9:
0x0000ec38 ldr r2, [pc, 0x44] |
0x0000ec3a ldr r2, [r4, r2] | r2 = *((r4 + r2));
0x0000ec3c ldr r1, [r2, 8] | r1 = ap_proxy_define_balancer;
0x0000ec3e ldr r2, [sp, 0x10] | r2 = var_10h;
0x0000ec40 ldr.w r2, [r2, 0x104] |
0x0000ec44 ldr.w r2, [r2, r1, lsl 2] |
0x0000ec48 ldr r2, [r2] |
0x0000ec4a ldr r2, [r2, 0x10] | r2 = *(0xed94);
0x0000ec4c b 0xea8a | goto label_6;
| label_16:
0x0000ec4e movs r3, 0 | r3 = 0;
0x0000ec50 blx 0x4910 | r0 = fcn_00004910 ();
0x0000ec54 mov r7, r0 | r7 = r0;
| label_17:
0x0000ec56 mov r0, r7 | r0 = r7;
0x0000ec58 blx 0x475c | r0 = fcn_0000475c ();
0x0000ec5c cmp r0, 0 |
| if (r0 != 0) {
0x0000ec5e bne 0xec02 | goto label_7;
| }
| label_18:
0x0000ec60 ldr r3, [sp, 0x10] | r3 = var_10h;
0x0000ec62 mov r1, r7 | r1 = r7;
0x0000ec64 ldr r0, [r3] | r0 = *(r3);
0x0000ec66 mov r2, r3 | r2 = r3;
0x0000ec68 add sp, 0x24 |
0x0000ec6a pop.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x0000ec6e b.w 0x461c | void (*0x461c)() ();
| label_11:
0x0000ec72 ldr r3, [sp, 8] | r3 = var_8h;
0x0000ec74 adds r2, r5, r4 | r2 = r5 + r4;
0x0000ec76 ldr r1, [r3, 4] | r1 = *((r3 + 4));
0x0000ec78 mov r3, r0 | r3 = r0;
0x0000ec7a b 0xebf2 | goto label_8;
| }
[*] Function mmap used 1 times mod_proxy.so
