[*] Binary protection state of param_upgrader
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of param_upgrader
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/param_upgrader @ 0x29c4 */
| #include <stdint.h>
|
; (fcn) fcn.000029c4 () | void fcn_000029c4 (int16_t arg1, int16_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x000029c4 push {r3, r4, r5, r6, r7, lr} |
0x000029c6 mov r4, r0 | r4 = r0;
0x000029c8 bl 0x281c | r0 = fcn_0000281c (r0, r1);
| if (r0 != 0) {
0x000029cc cbz r0, 0x2a06 |
0x000029ce mov r5, r0 | r5 = r0;
0x000029d0 subs r7, r5, r4 | r7 = r5 - r4;
0x000029d2 bl 0x2718 | r0 = fcn_00002718 ();
0x000029d6 mov r6, r0 | r6 = r0;
| if (r0 == 0) {
0x000029d8 cbz r0, 0x2a0a | goto label_0;
| }
0x000029da subs r5, r6, r5 | r5 = r6 - r5;
0x000029dc mov r0, r4 | r0 = r4;
0x000029de rsb.w r5, r5, 1 | r5 = 1 - r5;
0x000029e2 blx 0x1218 | fcn_00001218 ();
0x000029e6 add r0, r5 | r0 += r5;
0x000029e8 blx 0x119c | g_dbus_proxy_get_object_path ();
0x000029ec mov r1, r4 | r1 = r4;
0x000029ee mov r2, r7 | r2 = r7;
0x000029f0 mov r4, r0 | r4 = r0;
0x000029f2 blx 0x1224 | fcn_00001224 ();
0x000029f6 mov r0, r6 | r0 = r6;
0x000029f8 blx 0x1218 | fcn_00001218 ();
0x000029fc mov r1, r6 | r1 = r6;
0x000029fe adds r2, r0, 1 | r2 = r0 + 1;
0x00002a00 adds r0, r4, r7 | r0 = r4 + r7;
0x00002a02 blx 0x1224 | fcn_00001224 ();
| }
0x00002a06 mov r0, r4 | r0 = r4;
0x00002a08 pop {r3, r4, r5, r6, r7, pc} |
| label_0:
0x00002a0a mov r1, r7 | r1 = r7;
0x00002a0c mov r0, r4 | r0 = r4;
0x00002a0e pop.w {r3, r4, r5, r6, r7, lr} |
0x00002a12 b.w 0x11cc | return void (*0x11cc)() ();
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/param_upgrader @ 0x2d8c */
| #include <stdint.h>
|
; (fcn) fcn.00002d8c () | void fcn_00002d8c (int16_t arg1, int16_t arg2, int16_t arg3) {
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x00002d8c invalid |
0x00002d90 bl 0x2b98 | r0 = fcn_00002b98 (r0, r1, r2);
| if (r0 != 0) {
0x00002d94 cbz r0, 0x2dce |
0x00002d96 mov r5, r0 | r5 = r0;
0x00002d98 subs r7, r5, r4 | r7 = r5 - r4;
0x00002d9a bl 0x2718 | r0 = fcn_00002718 ();
0x00002d9e mov r6, r0 | r6 = r0;
| if (r0 == 0) {
0x00002da0 cbz r0, 0x2dd2 | goto label_0;
| }
0x00002da2 subs r5, r6, r5 | r5 = r6 - r5;
0x00002da4 mov r0, r4 | r0 = r4;
0x00002da6 rsb.w r5, r5, 1 | r5 = 1 - r5;
0x00002daa blx 0x1218 | fcn_00001218 ();
0x00002dae add r0, r5 | r0 += r5;
0x00002db0 blx 0x119c | g_dbus_proxy_get_object_path ();
0x00002db4 mov r1, r4 | r1 = r4;
0x00002db6 mov r2, r7 | r2 = r7;
0x00002db8 mov r4, r0 | r4 = r0;
0x00002dba blx 0x1224 | fcn_00001224 ();
0x00002dbe mov r0, r6 | r0 = r6;
0x00002dc0 blx 0x1218 | fcn_00001218 ();
0x00002dc4 mov r1, r6 | r1 = r6;
0x00002dc6 adds r2, r0, 1 | r2 = r0 + 1;
0x00002dc8 adds r0, r4, r7 | r0 = r4 + r7;
0x00002dca blx 0x1224 | fcn_00001224 ();
| }
0x00002dce mov r0, r4 | r0 = r4;
0x00002dd0 pop {r3, r4, r5, r6, r7, pc} |
| label_0:
0x00002dd2 mov r1, r7 | r1 = r7;
0x00002dd4 mov r0, r4 | r0 = r4;
0x00002dd6 pop.w {r3, r4, r5, r6, r7, lr} |
0x00002dda b.w 0x11cc | return void (*0x11cc)() ();
| }
[*] Function printf used 1 times param_upgrader
