[*] Binary protection state of drbg.ko
No RELRO No Canary found NX disabled REL No RPATH No RUNPATH Symbols
[*] Function printf tear down of drbg.ko
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis8/kernel/crypto/drbg.ko @ 0x8000f74 */
| #include <stdint.h>
|
; (fcn) sym.drbg_fill_array () | void drbg_fill_array (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
| /* [05] -r-x section size 364 named .init.text */
0x08000f74 stmdaeq r0, {r2, r4, r5, r6, r7, ip} | __asm ("stmdaeq r0, {r2, r4, r5, r6, r7, ip}");
0x08000f78 stmdaeq r0, {r2, r4, r5, r6, r7, ip} | __asm ("stmdaeq r0, {r2, r4, r5, r6, r7, ip}");
0x08000f7c push {r4, r5, r6, r7, r8, lr} |
0x08000f80 mov r4, r0 | r4 = r0;
0x08000f84 mov r5, r1 | r5 = r1;
0x08000f88 ldm r3, {r0, r1} | r0 = *(r3);
| r1 = *((r3 + 4));
0x08000f8c cmp r2, 0 |
0x08000f90 add r6, r4, 0xe8 | r6 = r4 + 0xe8;
0x08000f94 str r0, [r4, 0x68] | *((r4 + 0x68)) = r0;
0x08000f98 strh r1, [r4, 0x6c] | *((r4 + 0x6c)) = r1;
| if (r2 != 0) {
0x08000f9c beq 0x8000fbc |
0x08000fa0 stmdaeq r0, {r2, r3, r4, r5, r6, r7, ip} | __asm ("stmdaeq r0, {r2, r3, r4, r5, r6, r7, ip}");
0x08000fa4 stmdaeq r0, {r2, r3, r4, r5, r6, r7, ip} | __asm ("stmdaeq r0, {r2, r3, r4, r5, r6, r7, ip}");
0x08000fa8 mov r7, 8 | r7 = 8;
0x08000fac ldm r3!, {r0, r1} | r0 = *(r3!);
| r1 = *((r3! + 4));
0x08000fb0 str r0, [r4, 0xe8] | *((r4 + 0xe8)) = r0;
0x08000fb4 str r1, [r6, 4] | *((r6 + 4)) = r1;
0x08000fb8 b 0x8000fdc |
| } else {
0x08000fbc stmdaeq r0, {r3, r8, ip} | __asm ("stmdaeq r0, {r3, r8, ip}");
0x08000fc0 stmdaeq r0, {r3, r8, ip} | __asm ("stmdaeq r0, {r3, r8, ip}");
0x08000fc4 mov r7, 0xa | r7 = 0xa;
0x08000fc8 ldm r3!, {r0, r1} | r0 = *(r3!);
| r1 = *((r3! + 4));
0x08000fcc str r0, [r4, 0xe8] | *((r4 + 0xe8)) = r0;
0x08000fd0 str r1, [r6, 4] | *((r6 + 4)) = r1;
0x08000fd4 ldrh r3, [r3] | r3 = *(r3);
0x08000fd8 strh r3, [r6, 8] | *((r6 + 8)) = r3;
| }
0x08000fdc add r5, r5, 6 | r5 += 6;
0x08000fe0 mov r0, r5 | r0 = r5;
0x08000fe4 stmdaeq r0, {r0, r1, r3, r5, r6, r7, sb, sl, fp, sp} | __asm ("stmdaeq r0, {r0, r1, r3, r5, r6, r7, sb, sl, fp, sp}");
0x08000fe8 mov r1, r5 | r1 = r5;
0x08000fec mov r2, r0 | r2 = r0;
0x08000ff0 add r0, r6, r7 | r0 = r6 + r7;
0x08000ff4 stmdaeq r0, {r0, r1, r2, r4, r6, r7, sb, sl, fp, sp} | __asm ("stmdaeq r0, {r0, r1, r2, r4, r6, r7, sb, sl, fp, sp}");
0x08000ff8 stmdaeq r0, {r2, r4, r5, r6, r8, fp, ip} | __asm ("stmdaeq r0, {r2, r4, r5, r6, r8, fp, ip}");
0x08000ffc stmdaeq r0, {r2, r4, r5, r6, r8, fp, ip} | __asm ("stmdaeq r0, {r2, r4, r5, r6, r8, fp, ip}");
0x08001000 mov ip, 0xb4 |
0x08001004 stmdaeq r0, {r7, r8, fp, ip} | __asm ("stmdaeq r0, {r7, r8, fp, ip}");
0x08001008 stmdaeq r0, {r7, r8, fp, ip} | __asm ("stmdaeq r0, {r7, r8, fp, ip}");
0x0800100c stmdaeq r0, {r2, r6, r8, sl} | __asm ("stmdaeq r0, {r2, r6, r8, sl}");
0x08001010 stmdaeq r0, {r2, r6, r8, sl} | __asm ("stmdaeq r0, {r2, r6, r8, sl}");
0x08001014 ldr r2, [r3] | r2 = *(r3);
0x08001018 str r2, [r4, 0x60] | *((r4 + 0x60)) = r2;
0x0800101c str r1, [r4, 0x18c] | *((r4 + 0x18c)) = r1;
0x08001020 add r2, r2, 1 | r2++;
0x08001024 stmdaeq r0, {r2, r3, r4, r5, r6, r8, sb} | __asm ("stmdaeq r0, {r2, r3, r4, r5, r6, r8, sb}");
0x08001028 stmdaeq r0, {r2, r3, r4, r5, r6, r8, sb} | __asm ("stmdaeq r0, {r2, r3, r4, r5, r6, r8, sb}");
0x0800102c str r2, [r3] | *(r3) = r2;
0x08001030 stmdaeq r0, {r8, sb, sl} | __asm ("stmdaeq r0, {r8, sb, sl}");
0x08001034 stmdaeq r0, {r8, sb, sl} | __asm ("stmdaeq r0, {r8, sb, sl}");
0x08001038 stmdaeq r0, {r4, r8, sb, fp} | __asm ("stmdaeq r0, {r4, r8, sb, fp}");
0x0800103c stmdaeq r0, {r4, r8, sb, fp} | __asm ("stmdaeq r0, {r4, r8, sb, fp}");
0x08001040 str r0, [r4, 0x180] | *((r4 + 0x180)) = r0;
0x08001044 str r3, [r4, 0x184] | *((r4 + 0x184)) = r3;
0x08001048 mov r0, 0 | r0 = 0;
0x0800104c stmdaeq r0, {r4, r5, r6} | __asm ("stmdaeq r0, {r4, r5, r6}");
0x08001050 stmdaeq r0, {r4, r5, r6} | __asm ("stmdaeq r0, {r4, r5, r6}");
0x08001054 str ip, [r4, 0x58] | *((r4 + 0x58)) = ip;
0x08001058 stm r4, {r1, r2, r3} | *(r4) = r1;
| *((r4 + 4)) = r2;
| *((r4 + 8)) = r3;
0x0800105c str r0, [r4, 0xc] | *((r4 + 0xc)) = r0;
0x08001060 pop {r4, r5, r6, r7, r8, pc} |
| }
[*] Function printf used 1 times drbg.ko