[*] Binary protection state of pacsiod
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of pacsiod
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/pacsiod @ 0xe038 */
| #include <stdint.h>
|
; (fcn) fcn.0000e038 () | void fcn_0000e038 (int16_t arg1) {
| int16_t var_0h_2;
| int16_t var_8h_2;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_14h;
| int16_t var_0h_3;
| int16_t var_8h;
| int16_t var_ch_2;
| int16_t var_10h_2;
| int16_t var_14h_2;
| r0 = arg1;
0x0000e038 push {r4, r5, r6, lr} |
0x0000e03a mov r4, r0 | r4 = r0;
0x0000e03c ldr r6, [pc, 0xc8] |
0x0000e03e sub sp, 0x18 |
0x0000e040 movs r5, 0 | r5 = 0;
0x0000e042 add r2, sp, 0x10 | r2 += var_10h;
0x0000e044 ldr r3, [r0] | r3 = *(r0);
0x0000e046 add r1, sp, 0xc | r1 += var_ch;
0x0000e048 ldr r0, [pc, 0xc0] | r0 = *(0xe10c);
0x0000e04a add r6, pc | r6 = 0x1c156;
0x0000e04c ldr r0, [r6, r0] |
0x0000e04e ldr r0, [r0] | r0 = *(0x1c156);
0x0000e050 str r0, [sp, 0x14] | var_14h = r0;
0x0000e052 mov.w r0, 0 | r0 = 0;
0x0000e056 ldr r0, [r3, 0x14] | r0 = *((r3 + 0x14));
0x0000e058 strd r5, r5, [sp, 8] | __asm ("strd r5, r5, [sp, 8]");
0x0000e05c str r5, [sp, 0x10] | var_10h = r5;
0x0000e05e bl 0xdf90 | r0 = fcn_0000df90 (r0, r1, r2);
| if (r0 == 0) {
0x0000e062 cbz r0, 0xe09c | goto label_3;
| }
0x0000e064 ldrd r6, r1, [sp, 0xc] | __asm ("ldrd r6, r1, [var_ch]");
0x0000e068 mov r0, r6 | r0 = r6;
0x0000e06a bl 0xef9c | fcn_0000ef9c (r0, r1);
0x0000e06e str r0, [r4, 0xc] | *((r4 + 0xc)) = r0;
0x0000e070 mov r0, r6 | r0 = r6;
0x0000e072 blx 0x4628 | aadp_device_register_event_callback ();
0x0000e076 ldr r0, [r4, 0xc] | r0 = *((r4 + 0xc));
| if (r0 == 0) {
0x0000e078 cbz r0, 0xe084 | goto label_0;
| }
0x0000e07a add r6, sp, 8 | r6 += var_8h_2;
0x0000e07c mov r1, r6 | r1 = r6;
0x0000e07e bl 0xf088 | r0 = fcn_0000f088 (r0, r1);
| if (r0 != 0) {
0x0000e082 cbnz r0, 0xe0b2 | goto label_4;
| }
| do {
| label_0:
0x0000e084 ldr r2, [pc, 0x88] |
0x0000e086 ldr r3, [pc, 0x84] | r3 = *(0xe10e);
0x0000e088 add r2, pc | r2 = 0x1c19c;
0x0000e08a ldr r3, [r2, r3] | r3 = *(0x1c19c);
0x0000e08c ldr r2, [r3] | r2 = *(0x1c19c);
0x0000e08e ldr r3, [sp, 0x14] | r3 = var_14h;
0x0000e090 eors r2, r3 | r2 ^= r3;
0x0000e092 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x0000e096 bne 0xe102 | goto label_5;
| }
0x0000e098 add sp, 0x18 |
0x0000e09a pop {r4, r5, r6, pc} |
| label_3:
0x0000e09c ldr r4, [r4] | r4 = *(r4);
0x0000e09e movs r1, 0x10 | r1 = 0x10;
0x0000e0a0 ldr r3, [pc, 0x70] |
0x0000e0a2 ldr r2, [pc, 0x74] |
0x0000e0a4 ldr r4, [r4, 0x14] | r4 = *((r4 + 0x14));
0x0000e0a6 add r3, pc | r3 = 0x1c1be;
0x0000e0a8 add r2, pc | r2 = 0x1c1c6;
0x0000e0aa str r4, [sp] | *(sp) = r4;
0x0000e0ac blx 0x4108 | fcn_00004108 ();
0x0000e0b0 b 0xe084 |
| } while (1);
| label_4:
0x0000e0b2 ldr r0, [r4, 0xc] | r0 = *((r4 + 0xc));
0x0000e0b4 bl 0xf100 | r0 = fcn_0000f100 (r0);
0x0000e0b8 blx 0x4790 | g_clear_error ();
0x0000e0bc mov r1, r5 | r1 = r5;
0x0000e0be mov r2, r6 | r2 = r6;
0x0000e0c0 str r0, [r4, 8] | *((r4 + 8)) = r0;
0x0000e0c2 blx 0x4198 | r0 = fcn_00004198 ();
0x0000e0c6 cmp r0, 1 |
0x0000e0c8 mov r1, r0 | r1 = r0;
| if (r0 != 1) {
0x0000e0ca beq 0xe0f0 |
0x0000e0cc ldr r1, [sp, 8] | r1 = var_8h_2;
0x0000e0ce mov r0, r5 | r0 = r5;
0x0000e0d0 ldr r3, [pc, 0x48] |
0x0000e0d2 ldr r2, [pc, 0x4c] |
0x0000e0d4 ldr r1, [r1, 8] | r1 = *((r1 + 8));
0x0000e0d6 add r3, pc | r3 = 0x1c1f6;
0x0000e0d8 add r2, pc | r2 = 0x1c1fe;
0x0000e0da str r1, [sp] | *(sp) = r1;
0x0000e0dc movs r1, 0x10 | r1 = 0x10;
0x0000e0de blx 0x4108 | fcn_00004108 ();
0x0000e0e2 ldr r0, [sp, 8] | r0 = var_8h_2;
0x0000e0e4 blx 0x3fe4 | fcn_00003fe4 ();
0x0000e0e8 mov r0, r4 | r0 = r4;
0x0000e0ea bl 0xd580 | fcn_0000d580 (r0);
0x0000e0ee b 0xe084 | goto label_0;
| }
0x0000e0f0 ldr r2, [pc, 0x30] |
0x0000e0f2 mov r3, r4 | r3 = r4;
0x0000e0f4 ldr r0, [r4, 8] | r0 = *((r4 + 8));
0x0000e0f6 add r2, pc | r2 = 0x1c21e;
0x0000e0f8 blx 0x4af4 | fcn_00004af4 ();
0x0000e0fc str.w r0, [r4, 0x118] | __asm ("str.w r0, [r4, 0x118]");
0x0000e100 b 0xe084 | goto label_0;
| label_5:
0x0000e102 blx 0x4600 | fcn_00004600 ();
0x0000e106 nop |
0x0000e108 ldrh r2, [r2, r2] | r2 = *((r2 + r2));
0x0000e10a movs r1, r0 | r1 = r0;
0x0000e10c lsls r4, r6, 0x12 | r4 = r6 << 0x12;
0x0000e10e movs r0, r0 |
0x0000e110 ldrh r4, [r2, r1] | r4 = *((r2 + r1));
0x0000e112 movs r1, r0 | r1 = r0;
0x0000e114 subs r0, 0x42 | r0 -= 0x42;
0x0000e116 movs r0, r0 |
0x0000e118 str r0, [r6, r0] | *((r6 + r0)) = r0;
0x0000e11a movs r0, r0 |
0x0000e11c subs r0, 0x12 | r0 -= 0x12;
0x0000e11e movs r0, r0 |
0x0000e120 str r0, [r3, r0] | *((r3 + r0)) = r0;
0x0000e122 movs r0, r0 |
0x0000e124 pld [pc, -0xfff] | __asm ("pld [0x0000d12d]");
0x0000e128 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x0000e12c mov r5, r2 | r5 = r2;
0x0000e12e ldr r2, [pc, 0x11c] |
0x0000e130 sub sp, 0x1c |
0x0000e132 ldr r3, [pc, 0x11c] | r3 = *(0xe252);
0x0000e134 add r2, pc | r2 = 0x1c386;
0x0000e136 ldr r3, [r2, r3] |
0x0000e138 ldr r3, [r3] | r3 = *(0x1c386);
0x0000e13a str r3, [sp, 0x14] | var_14h_2 = r3;
0x0000e13c mov.w r3, 0 | r3 = 0;
0x0000e140 cmp r0, 0 |
| if (r0 == 0) {
0x0000e142 beq 0xe210 | goto label_6;
| }
0x0000e144 add.w r3, r0, 0x11c | r3 = r0 + 0x11c;
0x0000e148 mov r6, r0 | r6 = r0;
0x0000e14a movs r4, 0 | r4 = 0;
0x0000e14c mov r0, r3 | r0 = r3;
0x0000e14e mov r7, r1 | r7 = r1;
0x0000e150 str r3, [sp, 0xc] | var_ch_2 = r3;
0x0000e152 str r4, [sp, 0x10] | var_10h_2 = r4;
0x0000e154 blx 0x45d0 | fcn_000045d0 ();
0x0000e158 ldr r0, [r6, 0xc] | r0 = *((r6 + 0xc));
0x0000e15a cmp r0, 0 |
| if (r0 == 0) {
0x0000e15c beq 0xe228 | goto label_7;
| }
0x0000e15e ldr r3, [pc, 0xf4] |
0x0000e160 mov r8, r4 | r8 = r4;
0x0000e162 ldr.w fp, [pc, 0xf4] |
0x0000e166 add.w sb, sp, 0x10 | sb += var_10h_2;
0x0000e16a ldr.w sl, [pc, 0xf0] |
0x0000e16e add r3, pc | r3 = 0x1c3c8;
0x0000e170 add fp, pc | fp = 0x1c3ce;
0x0000e172 str r3, [sp, 8] | var_8h = r3;
0x0000e174 add sl, pc | sl = 0x1c3d6;
0x0000e176 b 0xe1a4 |
| while (r3 != 0) {
0x0000e178 ldr r0, [r6, 0xc] | r0 = *((r6 + 0xc));
0x0000e17a mov r3, sb | r3 = sb;
0x0000e17c mov r2, r5 | r2 = r5;
0x0000e17e mov r1, r7 | r1 = r7;
0x0000e180 bl 0xef80 | r0 = fcn_0000ef80 (r0, r1);
0x0000e184 cmp r0, 0 |
| if (r0 <= 0) {
0x0000e186 ble 0xe1be | goto label_8;
| }
0x0000e188 cmp r5, r0 |
0x0000e18a add r8, r0 | r8 += r0;
0x0000e18c itee eq |
| if (r5 != r0) {
0x0000e18e moveq r3, r4 | r3 = r4;
| }
| if (r5 == r0) {
0x0000e190 addne r7, r7, r0 | r7 += r0;
| }
| if (r5 == r0) {
0x0000e192 movne r3, 1 | r3 = 1;
| }
0x0000e194 subs r5, r5, r0 | r5 -= r0;
| label_1:
0x0000e196 cmp r5, 0 |
0x0000e198 ite le |
| if (r5 > 0) {
0x0000e19a movle r3, 0 | r3 = 0;
| }
| if (r5 <= 0) {
0x0000e19c andgt r3, r3, 1 | r3 &= 1;
| }
0x0000e1a0 movs r4, 1 | r4 = 1;
| if (r3 == 0) {
0x0000e1a2 cbz r3, 0xe1da | goto label_9;
| }
0x0000e1a4 ldr.w r3, [r6, 0x118] | r3 = *((r6 + 0x118));
0x0000e1a8 cmp r3, 0 |
0x0000e1aa bne 0xe178 |
| }
0x0000e1ac blx 0x3f50 | g_io_error_quark ();
0x0000e1b0 ldr r3, [pc, 0xac] |
0x0000e1b2 mov r1, r0 | r1 = r0;
0x0000e1b4 movs r2, 0x2c | r2 = 0x2c;
0x0000e1b6 mov r0, sb | r0 = sb;
0x0000e1b8 add r3, pc | r3 = 0x1c41c;
0x0000e1ba blx 0x41c8 | fcn_000041c8 ();
| label_8:
0x0000e1be ldr r3, [sp, 0x10] | r3 = var_10h_2;
| if (r3 == 0) {
0x0000e1c0 cbz r3, 0xe20c | goto label_10;
| }
0x0000e1c2 ldr r2, [r3, 8] | r2 = *((r3 + 8));
| do {
0x0000e1c4 movs r0, 0 | r0 = 0;
0x0000e1c6 str r2, [sp] | *(sp) = r2;
0x0000e1c8 mov r3, fp | r3 = fp;
0x0000e1ca mov r2, sl | r2 = sl;
0x0000e1cc movs r1, 0x10 | r1 = 0x10;
0x0000e1ce blx 0x4108 | fcn_00004108 ();
0x0000e1d2 mov r0, sb | r0 = sb;
0x0000e1d4 blx 0x47c0 | g_option_context_add_main_entries ();
| if (r4 != 0) {
0x0000e1d8 cbz r4, 0xe1fc |
| label_9:
0x0000e1da ldr r0, [sp, 0xc] | r0 = var_ch_2;
0x0000e1dc blx 0x4680 | fcn_00004680 ();
| label_2:
0x0000e1e0 ldr r2, [pc, 0x80] |
0x0000e1e2 ldr r3, [pc, 0x6c] | r3 = *(0xe252);
0x0000e1e4 add r2, pc | r2 = 0x1c44c;
0x0000e1e6 ldr r3, [r2, r3] | r3 = *(0x1c44c);
0x0000e1e8 ldr r2, [r3] | r2 = *(0x1c44c);
0x0000e1ea ldr r3, [sp, 0x14] | r3 = var_14h_2;
0x0000e1ec eors r2, r3 | r2 ^= r3;
0x0000e1ee mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x0000e1f2 bne 0xe248 | goto label_11;
| }
0x0000e1f4 mov r0, r8 | r0 = r8;
0x0000e1f6 add sp, 0x1c |
0x0000e1f8 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x0000e1fc mov r0, r6 | r0 = r6;
0x0000e1fe bl 0xd580 | fcn_0000d580 (r0);
0x0000e202 mov r0, r6 | r0 = r6;
0x0000e204 bl 0xe038 | fcn_0000e038 (r0);
0x0000e208 movs r3, 1 | r3 = 1;
0x0000e20a b 0xe196 | goto label_1;
| label_10:
0x0000e20c ldr r2, [sp, 8] | r2 = var_8h;
0x0000e20e b 0xe1c4 |
| } while (1);
| label_6:
0x0000e210 ldr r3, [pc, 0x54] |
0x0000e212 movs r2, 0x6b | r2 = 0x6b;
0x0000e214 ldr r4, [pc, 0x54] |
0x0000e216 ldr r1, [pc, 0x58] |
0x0000e218 add r3, pc |
0x0000e21a add r4, pc | r4 = 0x1c48a;
0x0000e21c add.w r3, r3, 0x148 | r3 = 0x1c5cc;
0x0000e220 add r1, pc | r1 = 0x1c496;
0x0000e222 str r4, [sp] | *(sp) = r4;
0x0000e224 blx 0x4a5c | fcn_00004a5c ();
| label_7:
0x0000e228 ldr r1, [r6] | r1 = *(r6);
0x0000e22a mov.w r8, -1 | r8 = -1;
0x0000e22e ldr r3, [pc, 0x44] |
0x0000e230 ldr r2, [pc, 0x44] |
0x0000e232 ldr r1, [r1, 0x14] | r1 = *((r1 + 0x14));
0x0000e234 add r3, pc | r3 = 0x1c4ae;
0x0000e236 add r2, pc | r2 = 0x1c4b2;
0x0000e238 str r1, [sp] | *(sp) = r1;
0x0000e23a movs r1, 8 | r1 = 8;
0x0000e23c blx 0x4108 | fcn_00004108 ();
0x0000e240 ldr r0, [sp, 0xc] | r0 = var_ch_2;
0x0000e242 blx 0x4680 | fcn_00004680 ();
0x0000e246 b 0xe1e0 | goto label_2;
| label_11:
0x0000e248 blx 0x4600 | fcn_00004600 ();
0x0000e24c ldr r0, [r5, r6] | r0 = *((r5 + r6));
0x0000e24e movs r1, r0 | r1 = r0;
0x0000e250 lsls r4, r6, 0x12 | r4 = r6 << 0x12;
0x0000e252 movs r0, r0 |
0x0000e254 invalid |
| }
[*] Function strcat used 1 times pacsiod