[*] Binary protection state of sit.ko
No RELRO No Canary found NX disabled REL No RPATH No RUNPATH Symbols
[*] Function sprintf tear down of sit.ko
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis8/kernel/net/ipv6/sit.ko @ 0x800227c */
| #include <stdint.h>
|
; (fcn) sym.ipip6_tunnel_ctl () | void ipip6_tunnel_ctl (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x0800227c sub r2, r2, 0x8900 | r2 -= 0x8900;
0x08002280 push {r4, r5, r6, r7, r8, sb, sl, lr} |
0x08002284 sub r2, r2, 0xf0 | r2 -= 0xf0;
0x08002288 mov r4, r0 | r4 = r0;
0x0800228c mov r6, r1 | r6 = r1;
0x08002290 cmp r2, 3 |
| if (r2 > 3) {
| /* switch table (4 cases) at 0x800229c */
0x08002294 ldrls pc, [pc, r2, lsl 2] | offset_0 = r2 << 2;
| pc = *((pc + offset_0));
| }
0x08002298 b 0x80024dc |
| while (1) {
0x08002404 mov r0, r5 | r0 = r5;
0x08002408 pop {r4, r5, r6, r7, r8, sb, sl, pc} |
0x080024dc mvn r5, 0x15 | r5 = ~0x15;
0x080024e0 b 0x8002404 |
| }
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis8/kernel/net/ipv6/sit.ko @ 0x8001db0 */
| #include <stdint.h>
|
; (fcn) sym.ipip6_tunnel_locate () | void ipip6_tunnel_locate (int32_t arg1, int32_t arg2) {
| int32_t var_0h;
| int32_t var_4h;
| int32_t var_8h;
| int32_t var_ch;
| int32_t var_1ch;
| r0 = arg1;
| r1 = arg2;
0x08001db0 push {r4, r5, r6, r7, r8, sb, lr} |
0x08001db4 stmdaeq r0, {r2, r4, r6, r8, sb, ip, sp} | __asm ("stmdaeq r0, {r2, r4, r6, r8, sb, ip, sp}");
0x08001db8 stmdaeq r0, {r2, r4, r6, r8, sb, ip, sp} | __asm ("stmdaeq r0, {r2, r4, r6, r8, sb, ip, sp}");
0x08001dbc mov r7, r0 | r7 = r0;
0x08001dc0 sub sp, sp, 0x1c |
0x08001dc4 mov sb, r2 | sb = r2;
0x08001dc8 mov r5, r1 | r5 = r1;
0x08001dcc ldr r8, [r1, 0x30] | r8 = *((r1 + 0x30));
0x08001dd0 ldr r6, [r1, 0x2c] | r6 = *((r1 + 0x2c));
0x08001dd4 ldr r4, [r3] | r4 = *(r3);
0x08001dd8 stmdaeq r0, {r0, r2, r4, r6, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r2, r4, r6, fp, ip, lr}");
0x08001ddc ldr r3, [r7, 0x6d8] | r3 = *((r7 + 0x6d8));
0x08001de0 ldr r4, [r3, r4, lsl 2] | offset_0 = r4 << 2;
| r4 = *((r3 + offset_0));
0x08001de4 stmdaeq r0, {r0, r3, r4, r6, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r3, r4, r6, fp, ip, lr}");
0x08001de8 ldr r3, [r5, 0x30] | r3 = *((r5 + 0x30));
0x08001dec ldr r1, [r5, 0x2c] | r1 = *((r5 + 0x2c));
0x08001df0 cmp r3, 0 |
| if (r3 == 0) {
0x08001df4 eorne r3, r3, r3, lsr 4 | r3 ^= (r3 >> 4);
| }
| if (r3 != 0) {
0x08001df8 moveq r2, r3 | r2 = r3;
| }
| if (r3 == 0) {
0x08001dfc movne r2, 2 | r2 = 2;
| }
| if (r3 == 0) {
0x08001e00 andne r3, r3, 0xf | r3 &= 0xf;
| }
0x08001e04 cmp r1, 0 |
| if (r1 == 0) {
0x08001e08 orrne r2, r2, 1 | r2 |= 1;
| }
| if (r1 == 0) {
0x08001e0c eorne r1, r1, r1, lsr 4 | r1 ^= (r1 >> 4);
| }
| if (r1 == 0) {
0x08001e10 andne r1, r1, 0xf | r1 &= 0xf;
| }
0x08001e14 add r4, r4, r2, lsl 2 | r4 += (r2 << 2);
| if (r1 == 0) {
0x08001e18 eorne r3, r3, r1 | r3 ^= r1;
| }
0x08001e1c ldr r2, [r4, 0xc4] | r2 = *((r4 + 0xc4));
0x08001e20 ldr r4, [r2, r3, lsl 2] | offset_1 = r3 << 2;
| r4 = *((r2 + offset_1));
0x08001e24 cmp r4, 0 |
| if (r4 != 0) {
0x08001e28 bne 0x8001e3c | goto label_4;
| }
0x08001e2c b 0x8001e7c | goto label_5;
| do {
| label_0:
0x08001e30 ldr r4, [r4] | r4 = *(r4);
0x08001e34 cmp r4, 0 |
| if (r4 == 0) {
0x08001e38 beq 0x8001e7c | goto label_5;
| }
| label_4:
0x08001e3c ldr r3, [r4, 0x64] | r3 = *((r4 + 0x64));
0x08001e40 cmp r3, r6 |
0x08001e44 bne 0x8001e30 |
| } while (r3 != r6);
0x08001e48 ldr r3, [r4, 0x68] | r3 = *((r4 + 0x68));
0x08001e4c cmp r3, r8 |
| if (r3 != r8) {
0x08001e50 bne 0x8001e30 | goto label_0;
| }
0x08001e54 ldr r3, [r4, 0x48] | r3 = *((r4 + 0x48));
0x08001e58 ldr r2, [r5, 0x10] | r2 = *((r5 + 0x10));
0x08001e5c cmp r2, r3 |
| if (r2 != r3) {
0x08001e60 bne 0x8001e30 | goto label_0;
| }
0x08001e64 cmp sb, 0 |
| if (sb == 0) {
0x08001e68 beq 0x8001f18 | goto label_3;
| }
| do {
| label_1:
0x08001e6c mov r4, 0 | r4 = 0;
0x08001e70 mov r0, r4 | r0 = r4;
0x08001e74 add sp, sp, 0x1c |
0x08001e78 pop {r4, r5, r6, r7, r8, sb, pc} |
| label_5:
0x08001e7c cmp sb, 0 |
0x08001e80 beq 0x8001e6c |
| } while (sb == 0);
0x08001e84 ldrb r3, [r5] | r3 = *(r5);
0x08001e88 cmp r3, 0 |
| if (r3 != 0) {
0x08001e8c bne 0x8001f24 | goto label_6;
| }
0x08001e90 stmdaeq r0, {r5, r7, r8, sb, sl, fp, sp} | __asm ("stmdaeq r0, {r5, r7, r8, sb, sl, fp, sp}");
0x08001e94 stmdaeq r0, {r5, r7, r8, sb, sl, fp, sp} | __asm ("stmdaeq r0, {r5, r7, r8, sb, sl, fp, sp}");
0x08001e98 add r4, sp, 8 | r4 += var_8h;
0x08001e9c ldm r3, {r0, r1} | r0 = *(r3);
| r1 = *((r3 + 4));
0x08001ea0 str r0, [sp, 8] | var_8h = r0;
0x08001ea4 strh r1, [sp, 0xc] | var_ch = r1;
| label_2:
0x08001ea8 mov r3, 1 | r3 = 1;
0x08001eac mov r1, r4 | r1 = r4;
0x08001eb0 str r3, [sp, 4] | var_4h = r3;
0x08001eb4 mov r2, 0 | r2 = 0;
0x08001eb8 str r3, [sp] | *(sp) = r3;
0x08001ebc mov r0, 0x98 | r0 = 0x98;
0x08001ec0 stmdaeq r0, {r4, r5, r6} | __asm ("stmdaeq r0, {r4, r5, r6}");
0x08001ec4 stmdaeq r0, {r4, r5, r6} | __asm ("stmdaeq r0, {r4, r5, r6}");
0x08001ec8 stmdaeq r0, {r0, r4, r5, r6, r7, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r4, r5, r6, r7, fp, ip, lr}");
0x08001ecc subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 == r0) {
0x08001ed0 beq 0x8001e6c | goto label_1;
| }
0x08001ed4 mov ip, r5 |
0x08001ed8 str r7, [r6, 0x2b4] | *((r6 + 0x2b4)) = r7;
0x08001edc add lr, r6, 0x570 | lr = r6 + 0x570;
0x08001ee0 add r4, r6, 0x540 | r4 = r6 + 0x540;
0x08001ee4 add lr, lr, 8 | lr += 8;
0x08001ee8 ldm ip!, {r0, r1, r2, r3} | r0 = *(ip!);
| r1 = *((ip! + 4));
| r2 = *((ip! + 8));
| r3 = *((ip! + 12));
0x08001eec stm lr!, {r0, r1, r2, r3} | *(lr!) = r0;
| *((lr! + 4)) = r1;
| *((lr! + 8)) = r2;
| *((lr! + 12)) = r3;
0x08001ef0 ldm ip!, {r0, r1, r2, r3} | r0 = *(ip!);
| r1 = *((ip! + 4));
| r2 = *((ip! + 8));
| r3 = *((ip! + 12));
0x08001ef4 stm lr!, {r0, r1, r2, r3} | *(lr!) = r0;
| *((lr! + 4)) = r1;
| *((lr! + 8)) = r2;
| *((lr! + 12)) = r3;
0x08001ef8 ldm ip!, {r0, r1, r2, r3} | r0 = *(ip!);
| r1 = *((ip! + 4));
| r2 = *((ip! + 8));
| r3 = *((ip! + 12));
0x08001efc stm lr!, {r0, r1, r2, r3} | *(lr!) = r0;
| *((lr! + 4)) = r1;
| *((lr! + 8)) = r2;
| *((lr! + 12)) = r3;
0x08001f00 mov r0, r6 | r0 = r6;
0x08001f04 ldr r3, [ip] | r3 = *(ip);
0x08001f08 str r3, [lr] | *(lr) = r3;
0x08001f0c bl 0x8001cf4 | r0 = ipip6_tunnel_create ();
0x08001f10 cmp r0, 0 |
| if (r0 < 0) {
0x08001f14 blt 0x8001f4c | goto label_7;
| }
| label_3:
0x08001f18 mov r0, r4 | r0 = r4;
0x08001f1c add sp, sp, 0x1c |
0x08001f20 pop {r4, r5, r6, r7, r8, sb, pc} |
| label_6:
0x08001f24 mov r0, r5 | r0 = r5;
0x08001f28 stmdaeq r0, {r0, r5, r8, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r5, r8, fp, ip, lr}");
0x08001f2c cmp r0, 0 |
| if (r0 == 0) {
0x08001f30 beq 0x8001e6c | goto label_1;
| }
0x08001f34 add r4, sp, 8 | r4 += var_8h;
0x08001f38 mov r1, r5 | r1 = r5;
0x08001f3c mov r0, r4 | r0 = r4;
0x08001f40 mov r2, 0x10 | r2 = 0x10;
0x08001f44 stmdaeq r0, {r0, r2, r5, r8, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r2, r5, r8, fp, ip, lr}");
0x08001f48 b 0x8001ea8 | goto label_2;
| label_7:
0x08001f4c mov r0, r6 | r0 = r6;
0x08001f50 mov r4, 0 | r4 = 0;
0x08001f54 stmdaeq r0, {r0, r3, r4, r5, r6, r7, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r3, r4, r5, r6, r7, fp, ip, lr}");
0x08001f58 b 0x8001f18 | goto label_3;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis8/kernel/net/ipv6/sit.ko @ 0x8001694 */
| #include <stdint.h>
|
; (fcn) sym.sit_init_net () | void sit_init_net (int32_t arg1) {
| int32_t var_0h;
| int32_t var_4h;
| int32_t var_ch;
| r0 = arg1;
0x08001694 push {r4, r5, r6, r7, r8, sb, lr} |
0x08001698 mov r6, r0 | r6 = r0;
0x0800169c stmdaeq r0, {r2, r4, r6, r8, sb, ip, sp} | __asm ("stmdaeq r0, {r2, r4, r6, r8, sb, ip, sp}");
0x080016a0 stmdaeq r0, {r2, r4, r6, r8, sb, ip, sp} | __asm ("stmdaeq r0, {r2, r4, r6, r8, sb, ip, sp}");
0x080016a4 sub sp, sp, 0xc |
0x080016a8 ldr r4, [r7] | r4 = *(r7);
0x080016ac stmdaeq r0, {r0, r2, r4, r6, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r2, r4, r6, fp, ip, lr}");
0x080016b0 ldr r3, [r6, 0x6d8] | r3 = *((r6 + 0x6d8));
0x080016b4 ldr r4, [r3, r4, lsl 2] | offset_0 = r4 << 2;
| r4 = *((r3 + offset_0));
0x080016b8 stmdaeq r0, {r0, r3, r4, r6, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r3, r4, r6, fp, ip, lr}");
0x080016bc stmdaeq r0, {r0, r3, r5, r6, r7, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r3, r5, r6, r7, fp, ip, lr}");
0x080016c0 stmdaeq r0, {r0, r3, r5, r6, r7, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r3, r5, r6, r7, fp, ip, lr}");
0x080016c4 add r2, r4, 0xc0 | r2 = r4 + 0xc0;
0x080016c8 str r4, [r4, 0xd0] | *((r4 + 0xd0)) = r4;
0x080016cc ldr r3, [r3] | r3 = *(r3);
0x080016d0 str r2, [r4, 0xc4] | *((r4 + 0xc4)) = r2;
0x080016d4 add r2, r4, 0x80 | r2 = r4 + 0x80;
0x080016d8 cmp r3, 0 |
0x080016dc str r2, [r4, 0xc8] | *((r4 + 0xc8)) = r2;
0x080016e0 add r2, r4, 0x40 | r2 = r4 + 0x40;
0x080016e4 str r2, [r4, 0xcc] | *((r4 + 0xcc)) = r2;
| if (r3 == 0) {
0x080016e8 beq 0x8001714 | goto label_0;
| }
0x080016ec stmdaeq r0, {r0, r2, r3, r5, r6, r7, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r2, r3, r5, r6, r7, fp, ip, lr}");
0x080016f0 stmdaeq r0, {r0, r2, r3, r5, r6, r7, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r2, r3, r5, r6, r7, fp, ip, lr}");
0x080016f4 cmp r3, 1 |
0x080016f8 cmpeq r6, r2 | __asm ("cmpeq r6, r2");
| if (r3 != 1) {
0x080016fc moveq r5, 1 | r5 = 1;
| }
| if (r3 == 1) {
0x08001700 movne r5, 0 | r5 = 0;
| }
0x08001704 beq 0x8001714 |
| while (1) {
0x08001708 mov r0, r5 | r0 = r5;
0x0800170c add sp, sp, 0xc |
0x08001710 pop {r4, r5, r6, r7, r8, sb, pc} |
| label_0:
0x08001714 mov r2, 1 | r2 = 1;
0x08001718 stmdaeq r0, {r4, r5, r6} | __asm ("stmdaeq r0, {r4, r5, r6}");
0x0800171c stmdaeq r0, {r4, r5, r6} | __asm ("stmdaeq r0, {r4, r5, r6}");
0x08001720 str r2, [sp, 4] | var_4h = r2;
0x08001724 str r2, [sp] | *(sp) = r2;
0x08001728 stmdaeq r0, {r2, r3, r4, r5, r6, r8, sb, sl, fp, sp} | __asm ("stmdaeq r0, {r2, r3, r4, r5, r6, r8, sb, sl, fp, sp}");
0x0800172c stmdaeq r0, {r2, r3, r4, r5, r6, r8, sb, sl, fp, sp} | __asm ("stmdaeq r0, {r2, r3, r4, r5, r6, r8, sb, sl, fp, sp}");
0x08001730 mov r2, 0 | r2 = 0;
0x08001734 mov r0, 0x98 | r0 = 0x98;
0x08001738 stmdaeq r0, {r0, r4, r5, r6, r7, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r4, r5, r6, r7, fp, ip, lr}");
0x0800173c cmp r0, 0 |
0x08001740 str r0, [r4, 0xd4] | *((r4 + 0xd4)) = r0;
| if (r0 != 0) {
0x08001744 beq 0x80017f0 |
0x08001748 str r6, [r0, 0x2b4] | *((r0 + 0x2b4)) = r6;
0x0800174c ldr r2, [pc, 0xa4] | r2 = *(0x80017f4);
0x08001750 ldr r3, [r4, 0xd4] | r3 = *((r4 + 0xd4));
0x08001754 str r2, [r3, 0x494] | *((r3 + 0x494)) = r2;
0x08001758 ldr r2, [r4, 0xd4] | r2 = *((r4 + 0xd4));
0x0800175c ldr r3, [r2, 0x70] | r3 = *(0x8001864);
0x08001760 orr r3, r3, 0x2000 | r3 |= 0x2000;
0x08001764 str r3, [r2, 0x70] | *((r2 + 0x70)) = r3;
0x08001768 ldr r0, [r4, 0xd4] | r0 = *((r4 + 0xd4));
0x0800176c stmdaeq r0, {r0, r2, r4, r5, r6, r7, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r2, r4, r5, r6, r7, fp, ip, lr}");
0x08001770 ldr r6, [r4, 0xd4] | r6 = *((r4 + 0xd4));
0x08001774 subs r5, r0, 0 | r5 = r0 - 0;
| if (r5 == r0) {
0x08001778 bne 0x80017cc |
0x0800177c ldr sb, [r6, 0x2b4] | sb = *((r6 + 0x2b4));
0x08001780 add r8, r6, 0x540 | r8 = r6 + 0x540;
0x08001784 ldr r7, [r7] | r7 = *(r7);
0x08001788 stmdaeq r0, {r0, r2, r4, r6, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r2, r4, r6, fp, ip, lr}");
0x0800178c ldr r3, [sb, 0x6d8] | r3 = *((sb + 0x6d8));
0x08001790 ldr r7, [r3, r7, lsl 2] | offset_1 = r7 << 2;
| r7 = *((r3 + offset_1));
0x08001794 stmdaeq r0, {r0, r3, r4, r6, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r3, r4, r6, fp, ip, lr}");
0x08001798 add r3, r6, 0x5a0 | r3 = r6 + 0x5a0;
0x0800179c mov r2, 0x45 | r2 = 0x45;
0x080017a0 strb r2, [r6, 0x598] | *((r6 + 0x598)) = r2;
0x080017a4 mov r2, 0x2940 | r2 = 0x2940;
0x080017a8 strh r2, [r3] | *(r3) = r2;
0x080017ac str r8, [r7, 0xc0] | *((r7 + 0xc0)) = r8;
0x080017b0 ldr r1, [r4, 0xd4] | r1 = *((r4 + 0xd4));
0x080017b4 add r0, r1, 0x570 | r0 = r1 + 0x570;
0x080017b8 add r0, r0, 8 | r0 += 8;
0x080017bc stmdaeq r0, {r0, r2, r6, r7, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r2, r6, r7, fp, ip, lr}");
0x080017c0 mov r0, r5 | r0 = r5;
0x080017c4 add sp, sp, 0xc |
0x080017c8 pop {r4, r5, r6, r7, r8, sb, pc} |
| }
0x080017cc add r0, r6, 0x570 | r0 = r6 + 0x570;
0x080017d0 stmdaeq r0, {r0, r2, r5, r6, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r2, r5, r6, fp, ip, lr}");
0x080017d4 ldr r0, [r6, 0x2c0] | r0 = *((r6 + 0x2c0));
0x080017d8 stmdaeq r0, {r0, r3, r5, r6, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r3, r5, r6, fp, ip, lr}");
0x080017dc ldr r0, [r4, 0xd4] | r0 = *((r4 + 0xd4));
0x080017e0 stmdaeq r0, {r0, r3, r4, r5, r6, r7, fp, ip, lr} | __asm ("stmdaeq r0, {r0, r3, r4, r5, r6, r7, fp, ip, lr}");
0x080017e4 mov r0, r5 | r0 = r5;
0x080017e8 add sp, sp, 0xc |
0x080017ec pop {r4, r5, r6, r7, r8, sb, pc} |
| }
0x080017f0 mvn r5, 0xb | r5 = ~0xb;
0x080017f4 b 0x8001708 |
| }
| }
[*] Function sprintf used 1 times sit.ko