[*] Binary protection state of md4.ko
No RELRO No Canary found NX disabled REL No RPATH No RUNPATH Symbols
[*] Function strcat tear down of md4.ko
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis8/kernel/crypto/md4.ko @ 0x80006dc */
| #include <stdint.h>
|
; (fcn) sym.md4_final () | void md4_final (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x080006dc push {r4, r5, r6, r7, r8, lr} |
0x080006e0 add r6, r0, 0x18 | r6 = r0 + 0x18;
0x080006e4 mov r4, r0 | r4 = r0;
0x080006e8 ldr r3, [r0, 0x58] | r3 = *((r0 + 0x58));
0x080006ec add r7, r0, 8 | r7 = r0 + 8;
0x080006f0 mvn r2, 0x7f | r2 = ~0x7f;
0x080006f4 mov r5, r1 | r5 = r1;
0x080006f8 and r3, r3, 0x3f | r3 &= 0x3f;
0x080006fc add r0, r6, r3 | r0 = r6 + r3;
0x08000700 add r0, r0, 1 | r0++;
0x08000704 strb r2, [r6, r3] | *((r6 + r3)) = r2;
0x08000708 rsbs r2, r3, 0x37 | r2 = 0x37 - r3;
0x0800070c bmi 0x8000774 |
| while (1) {
0x08000710 mov r1, 0 | r1 = 0;
0x08000714 stmdaeq r0, {r2, r5, r6, r7, r8, sb, ip} | __asm ("stmdaeq r0, {r2, r5, r6, r7, r8, sb, ip}");
0x08000718 ldr r3, [r4, 0x58] | r3 = *((r4 + 0x58));
0x0800071c ldr ip, [r4, 0x5c] | ip = *((r4 + 0x5c));
0x08000720 mov r1, r6 | r1 = r6;
0x08000724 mov r0, r7 | r0 = r7;
0x08000728 lsr r2, r3, 0x1d | r2 = r3 >> 0x1d;
0x0800072c lsl r3, r3, 3 | r3 <<= 3;
0x08000730 orr r2, r2, ip, lsl 3 | r2 |= (ip << 3);
0x08000734 str r3, [r4, 0x50] | *((r4 + 0x50)) = r3;
0x08000738 str r2, [r4, 0x54] | *((r4 + 0x54)) = r2;
0x0800073c bl 0x8000070 | md4_transform ();
0x08000740 ldr r1, [r7, 4] | r1 = *((r7 + 4));
0x08000744 ldr r2, [r7, 8] | r2 = *((r7 + 8));
0x08000748 ldr ip, [r4, 8] | ip = *((r4 + 8));
0x0800074c ldr r3, [r7, 0xc] | r3 = *((r7 + 0xc));
0x08000750 str r3, [r5, 0xc] | *((r5 + 0xc)) = r3;
0x08000754 str r1, [r5, 4] | *((r5 + 4)) = r1;
0x08000758 mov r1, 0 | r1 = 0;
0x0800075c str r2, [r5, 8] | *((r5 + 8)) = r2;
0x08000760 mov r2, 0x58 | r2 = 0x58;
0x08000764 str ip, [r5] | *(r5) = ip;
0x08000768 stmdaeq r0, {r2, r5, r6, r7, r8, sb, ip} | __asm ("stmdaeq r0, {r2, r5, r6, r7, r8, sb, ip}");
0x0800076c mov r0, 0 | r0 = 0;
0x08000770 pop {r4, r5, r6, r7, r8, pc} |
0x08000774 rsb r2, r3, 0x3f | r2 = 0x3f - r3;
0x08000778 mov r1, 0 | r1 = 0;
0x0800077c stmdaeq r0, {r2, r5, r6, r7, r8, sb, ip} | __asm ("stmdaeq r0, {r2, r5, r6, r7, r8, sb, ip}");
0x08000780 mov r0, r7 | r0 = r7;
0x08000784 mov r1, r6 | r1 = r6;
0x08000788 bl 0x8000070 | md4_transform ();
0x0800078c mov r0, r6 | r0 = r6;
0x08000790 mov r2, 0x38 | r2 = 0x38;
0x08000794 b 0x8000710 |
| }
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis8/kernel/crypto/md4.ko @ 0x8000798 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) sym.md4_update () | void md4_update (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x08000798 push {r4, r5, r6, r7, r8, lr} |
0x0800079c add r5, r0, 0x18 | r5 = r0 + 0x18;
0x080007a0 add r7, r0, 8 | r7 = r0 + 8;
0x080007a4 ldr ip, [r0, 0x58] | ip = *((r0 + 0x58));
0x080007a8 ldr lr, [r0, 0x5c] |
0x080007ac and r6, ip, 0x3f | r6 = ip & 0x3f;
0x080007b0 adds ip, r2, ip |
0x080007b4 rsb r8, r6, 0x40 | r8 = 0x40 - r6;
0x080007b8 str ip, [r0, 0x58] | *((r0 + 0x58)) = ip;
0x080007bc adc ip, lr, 0 | __asm ("adc ip, lr, 0");
0x080007c0 cmp r8, r2 |
0x080007c4 str ip, [r0, 0x5c] | *((r0 + 0x5c)) = ip;
0x080007c8 add r0, r5, r6 | r0 = r5 + r6;
| if (r8 > r2) {
0x080007cc bhi 0x8000868 | goto label_1;
| }
0x080007d0 sub r3, r2, 0x40 | r3 = r2 - 0x40;
0x080007d4 mov r2, r8 | r2 = r8;
0x080007d8 mov r4, r1 | r4 = r1;
0x080007dc add r6, r6, r3 | r6 += r3;
0x080007e0 stmdaeq r0, {r3, r5, r6, r7, r8, sb, ip} | __asm ("stmdaeq r0, {r3, r5, r6, r7, r8, sb, ip}");
0x080007e4 mov r1, r5 | r1 = r5;
0x080007e8 mov r0, r7 | r0 = r7;
0x080007ec add r4, r4, r8 | r4 += r8;
0x080007f0 bl 0x8000070 | md4_transform ();
0x080007f4 cmp r6, 0x3f |
| if (r6 < 0x3f) {
0x080007f8 bls 0x8000874 | goto label_2;
| }
0x080007fc sub r8, r6, 0x40 | r8 = r6 - 0x40;
0x08000800 bic r8, r8, 0x3f | r8 = BIT_MASK (r8, 0x3f);
0x08000804 add r8, r8, 0x40 | r8 += 0x40;
0x08000808 add r8, r4, r8 | r8 = r4 + r8;
| label_0:
0x0800080c mov r3, r5 | r3 = r5;
0x08000810 add lr, r4, 0x40 | lr = r4 + 0x40;
| do {
0x08000814 ldr ip, [r4] | ip = *(r4);
0x08000818 add r4, r4, 0x10 | r4 += 0x10;
0x0800081c ldr r0, [r4, -0xc] | r0 = *((r4 - 0xc));
0x08000820 add r3, r3, 0x10 | r3 += 0x10;
0x08000824 ldr r2, [r4, -8] | r2 = *((r4 - 8));
0x08000828 ldr r1, [r4, -4] | r1 = *((r4 - 4));
0x0800082c cmp r4, lr |
0x08000830 str ip, [r3, -0x10] | *((r3 - 0x10)) = ip;
0x08000834 str r0, [r3, -0xc] | *((r3 - 0xc)) = r0;
0x08000838 str r2, [r3, -8] | *((r3 - 8)) = r2;
0x0800083c str r1, [r3, -4] | *((r3 - 4)) = r1;
0x08000840 bne 0x8000814 |
| } while (r4 != lr);
0x08000844 mov r1, r5 | r1 = r5;
0x08000848 mov r0, r7 | r0 = r7;
0x0800084c bl 0x8000070 | md4_transform ();
0x08000850 cmp r4, r8 |
| if (r4 != r8) {
0x08000854 bne 0x800080c | goto label_0;
| }
0x08000858 and r6, r6, 0x3f | r6 &= 0x3f;
| do {
0x0800085c mov r2, r6 | r2 = r6;
0x08000860 mov r1, r8 | r1 = r8;
0x08000864 mov r0, r5 | r0 = r5;
| label_1:
0x08000868 stmdaeq r0, {r3, r5, r6, r7, r8, sb, ip} | __asm ("stmdaeq r0, {r3, r5, r6, r7, r8, sb, ip}");
0x0800086c mov r0, 0 | r0 = 0;
0x08000870 pop {r4, r5, r6, r7, r8, pc} |
| label_2:
0x08000874 mov r8, r4 | r8 = r4;
0x08000878 b 0x800085c |
| } while (1);
| }
[*] Function strcat used 1 times md4.ko
