[*] Binary protection state of libpacsiod.so
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of libpacsiod.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libpacsiod.so @ 0x192c */
| #include <stdint.h>
|
; (fcn) fcn.0000192c () | void fcn_0000192c (int16_t arg1, int16_t arg2) {
| int32_t var_0h;
| int32_t var_0h_2;
| int32_t var_8h;
| int32_t var_8h_2;
| int32_t var_10h;
| int32_t var_10h_2;
| r0 = arg1;
| r1 = arg2;
0x0000192c invalid |
0x00001930 ldr r4, [r0, 0x18] | r4 = *((r0 + 0x18));
0x00001932 sub sp, 0x18 |
0x00001934 mov r5, r1 | r5 = r1;
| if (r4 != 0) {
0x00001936 cbnz r4, 0x193e | goto label_0;
| }
0x00001938 b 0x194e | goto label_1;
| do {
0x0000193a ldr r4, [r4, 4] | r4 = *((r4 + 4));
| if (r4 == 0) {
0x0000193c cbz r4, 0x194e | goto label_1;
| }
| label_0:
0x0000193e ldr r0, [r4] | r0 = *(r4);
0x00001940 mov r1, r5 | r1 = r5;
0x00001942 blx 0x1638 | r0 = fcn_00001638 ();
0x00001946 cmp r0, 0 |
0x00001948 bne 0x193a |
| } while (r0 != 0);
0x0000194a add sp, 0x18 |
0x0000194c pop {r4, r5, r6, pc} |
| label_1:
0x0000194e ldr r3, [pc, 0x3c] |
0x00001950 movs r1, 0 | r1 = 0;
0x00001952 ldr r0, [pc, 0x3c] |
0x00001954 ldr r2, [pc, 0x3c] |
0x00001956 add r3, pc | r3 = 0x32e8;
0x00001958 strd r6, r1, [sp, 0x10] | __asm ("strd r6, r1, [var_10h]");
0x0000195c add r0, pc | r0 = 0x32f2;
0x0000195e strd r1, r3, [sp, 8] | __asm ("strd r1, r3, [var_8h]");
0x00001962 add r2, pc | r2 = 0x32fa;
0x00001964 mov r3, r5 | r3 = r5;
0x00001966 strd r0, r1, [sp] | __asm ("strd r0, r1, [sp]");
0x0000196a ldr r0, [r6, 8] | r0 = *((r6 + 8));
0x0000196c blx 0x180c | r0 = fcn_0000180c ();
0x00001970 mov r1, r0 | r1 = r0;
0x00001972 ldr r0, [r6, 0x14] | r0 = *((r6 + 0x14));
0x00001974 blx 0x172c | r0 = g_variant_builder_new ();
0x00001978 mov r3, r0 | r3 = r0;
0x0000197a mov r1, r5 | r1 = r5;
0x0000197c ldr r0, [r6, 0x18] | r0 = *((r6 + 0x18));
0x0000197e str r3, [r6, 0x14] | *((r6 + 0x14)) = r3;
0x00001980 blx 0x172c | g_variant_builder_new ();
0x00001984 str r0, [r6, 0x18] | *((r6 + 0x18)) = r0;
0x00001986 add sp, 0x18 |
0x00001988 pop {r4, r5, r6, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libpacsiod.so @ 0x2478 */
| #include <stdint.h>
|
; (fcn) sym.pio_unlock_device () | void pio_unlock_device (int16_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_0h_4;
| int16_t var_4h_4;
| int16_t var_8h_4;
| int16_t var_ch_4;
| int16_t var_10h_4;
| int16_t var_14h_4;
| int16_t var_18h_4;
| int16_t var_24h_4;
| int16_t var_28h_4;
| int16_t var_2ch_4;
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_14h;
| int16_t var_18h;
| int16_t var_24h;
| int16_t var_28h;
| int16_t var_2ch;
| int16_t var_6ch;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x00002478 mvnsmi lr, 0xb4000 | __asm ("mvnsmi lr, 0xb4000");
0x0000247c mov r7, r1 | r7 = r1;
0x0000247e ldr r1, [pc, 0xf4] |
0x00002480 mov r8, r2 | r8 = r2;
0x00002482 sub sp, 0x74 |
0x00002484 movs r4, 0 | r4 = 0;
0x00002486 ldr r2, [pc, 0xf0] | r2 = *(0x257a);
0x00002488 add r1, pc | r1 = 0x4a02;
0x0000248a ldr r2, [r1, r2] |
0x0000248c ldr r2, [r2] | r2 = *(0x4a02);
0x0000248e str r2, [sp, 0x6c] | var_6ch = r2;
0x00002490 mov.w r2, 0 | r2 = 0;
0x00002494 mov.w r2, -1 | r2 = -1;
0x00002498 strd r2, r4, [sp, 0x24] | __asm ("strd r2, r4, [var_28h]");
| if (r0 == 0) {
0x0000249c cbz r0, 0x24cc | goto label_1;
| }
0x0000249e movs r1, 1 | r1 = 1;
0x000024a0 ldr r2, [r7, 4] | r2 = *((r7 + 4));
0x000024a2 str r1, [sp] | *(sp) = r1;
0x000024a4 ldr r1, [pc, 0xd4] |
0x000024a6 str.w r8, [sp, 4] | __asm ("str.w r8, [var_4h]");
0x000024aa add r1, pc | r1 = 0x4a2a;
0x000024ac blx 0x1604 | fcn_00001604 ();
0x000024b0 mov r0, r4 | r0 = r4;
| do {
0x000024b2 ldr r2, [pc, 0xcc] |
0x000024b4 ldr r3, [pc, 0xc0] | r3 = *(0x2578);
0x000024b6 add r2, pc | r2 = 0x4a3c;
0x000024b8 ldr r3, [r2, r3] | r3 = *(0x4a3c);
0x000024ba ldr r2, [r3] | r2 = *(0x4a3c);
0x000024bc ldr r3, [sp, 0x6c] | r3 = var_6ch;
0x000024be eors r2, r3 | r2 ^= r3;
0x000024c0 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x000024c4 bne 0x256e | goto label_2;
| }
0x000024c6 add sp, 0x74 |
0x000024c8 pop.w {r4, r5, r6, r7, r8, sb, pc} |
| label_1:
0x000024cc ldr r1, [pc, 0xb4] |
0x000024ce add r4, sp, 0x2c | r4 += var_2ch;
0x000024d0 mov r5, r0 | r5 = r0;
0x000024d2 mov r0, r4 | r0 = r4;
0x000024d4 mov r6, r3 | r6 = r3;
0x000024d6 ldr.w sb, [r7] | sb = *(r7);
0x000024da add r1, pc | r1 = 0x4a62;
0x000024dc blx 0x1614 | fcn_00001614 ();
0x000024e0 ldr r1, [pc, 0xa4] |
0x000024e2 mov r3, r8 | r3 = r8;
0x000024e4 str r6, [sp] | *(sp) = r6;
0x000024e6 mov r0, r4 | r0 = r4;
0x000024e8 ldr r2, [r7, 4] | r2 = *((r7 + 4));
0x000024ea add r1, pc | r1 = 0x4a76;
0x000024ec ldr r6, [pc, 0x9c] |
0x000024ee blx 0x1604 | fcn_00001604 ();
0x000024f2 mov r0, r4 | r0 = r4;
0x000024f4 blx 0x16e8 | r0 = fcn_000016e8 ();
0x000024f8 mov r1, r0 | r1 = r0;
0x000024fa ldr r0, [pc, 0x94] |
0x000024fc add r6, pc | r6 = 0x4a8c;
0x000024fe ldr.w r7, [sb, 8] | r7 = *((sb + 8));
0x00002502 add r0, pc | r0 = 0x4a98;
0x00002504 blx 0x183c | r0 = fcn_0000183c ();
0x00002508 mov r4, r0 | r4 = r0;
0x0000250a mov r0, r6 | r0 = r6;
0x0000250c blx 0x16b4 | fcn_000016b4 ();
0x00002510 ldr r3, [pc, 0x80] |
0x00002512 add r1, sp, 0x28 | r1 += var_28h;
0x00002514 ldr r2, [pc, 0x80] |
0x00002516 str r1, [sp, 0x18] | var_18h = r1;
0x00002518 mvn r1, 0x80000000 | r1 = ~0x80000000;
0x0000251c add r3, pc | r3 = 0x4ab4;
0x0000251e str r0, [sp, 8] | var_8h = r0;
0x00002520 str r3, [sp] | *(sp) = r3;
0x00002522 mov r0, r7 | r0 = r7;
0x00002524 ldr r3, [pc, 0x74] |
0x00002526 add r2, pc | r2 = 0x4ac2;
0x00002528 str r4, [sp, 4] | var_4h = r4;
0x0000252a str r1, [sp, 0x10] | var_10h = r1;
0x0000252c add r3, pc | r3 = 0x4acc;
0x0000252e str r5, [sp, 0x14] | var_14h = r5;
0x00002530 mov r1, r3 | r1 = r3;
0x00002532 str r5, [sp, 0xc] | var_ch = r5;
0x00002534 blx 0x1668 | r0 = fcn_00001668 ();
0x00002538 mov r4, r0 | r4 = r0;
| if (r0 == 0) {
0x0000253a cbz r0, 0x254e | goto label_3;
| }
0x0000253c add r2, sp, 0x24 | r2 += var_24h;
0x0000253e mov r1, r6 | r1 = r6;
0x00002540 blx 0x16f4 | fcn_000016f4 ();
0x00002544 mov r0, r4 | r0 = r4;
0x00002546 blx 0x1780 | g_mutex_lock ();
| label_0:
0x0000254a ldr r0, [sp, 0x24] | r0 = var_24h;
0x0000254c b 0x24b2 |
| } while (1);
| label_3:
0x0000254e ldr r4, [sp, 0x28] | r4 = var_28h;
0x00002550 movs r1, 0x10 | r1 = 0x10;
0x00002552 ldr r3, [pc, 0x4c] |
0x00002554 ldr r2, [pc, 0x4c] |
0x00002556 ldr r5, [r4, 4] | r5 = *((r4 + 4));
0x00002558 add r3, pc | r3 = 0x4afe;
0x0000255a add r2, pc | r2 = 0x4b02;
0x0000255c str r5, [sp, 4] | var_4h = r5;
0x0000255e ldr r4, [r4, 8] | r4 = *((r4 + 8));
0x00002560 str r4, [sp] | *(sp) = r4;
0x00002562 blx 0x1830 | fcn_00001830 ();
0x00002566 ldr r0, [sp, 0x28] | r0 = var_28h;
0x00002568 blx 0x17cc | fcn_000017cc ();
0x0000256c b 0x254a | goto label_0;
| label_2:
0x0000256e blx 0x1774 | g_malloc0 ();
0x00002572 nop |
0x00002574 cmp r2, 0x88 |
0x00002576 movs r1, r0 | r1 = r0;
0x00002578 lsls r4, r4, 3 | r4 <<= 3;
0x0000257a movs r0, r0 |
0x0000257c adds r2, r1, r4 | r2 = r1 + r4;
0x0000257e movs r0, r0 |
0x00002580 cmp r2, 0x5a |
0x00002582 movs r1, r0 | r1 = r0;
0x00002584 adds r2, r2, r2 | r2 += r2;
0x00002586 movs r0, r0 |
0x00002588 adds r6, r0, r2 | r6 = r0 + r2;
0x0000258a movs r0, r0 |
0x0000258c adds r0, r0, r2 | r0 += r2;
0x0000258e movs r0, r0 |
0x00002590 adds r6, r6, r1 | r6 += r1;
0x00002592 movs r0, r0 |
0x00002594 adds r4, r4, r1 | r4 += r1;
0x00002596 movs r0, r0 |
0x00002598 asrs r2, r4, 0x1a | r2 = r4 >> 0x1a;
0x0000259a movs r0, r0 |
0x0000259c asrs r0, r1, 0x1a | r0 = r1 >> 0x1a;
0x0000259e movs r0, r0 |
0x000025a0 asrs r4, r4, 0x1b | r4 >>= 0x1b;
0x000025a2 movs r0, r0 |
0x000025a4 adds r6, r6, r0 | r6 += r0;
0x000025a6 movs r0, r0 |
| }
[*] Function strcat used 1 times libpacsiod.so
