[*] Binary protection state of ip_set_hash_net.ko
No RELRO No Canary found NX disabled REL No RPATH No RUNPATH Symbols
[*] Function strcpy tear down of ip_set_hash_net.ko
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis8/kernel/net/netfilter/ipset/ip_set_hash_net.ko @ 0x8000f1c */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) sym.hash_net4_flush () | void hash_net4_flush (int32_t arg_8h, int32_t arg_10h, int32_t arg1) {
| int32_t var_0h_2;
| int32_t var_4h;
| int32_t var_8h;
| int32_t var_ch;
| int32_t var_14h;
| r0 = arg1;
0x08000f1c push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x08000f20 mov r5, r0 | r5 = r0;
0x08000f24 mov r7, 0 | r7 = 0;
0x08000f28 sub sp, sp, 0x14 |
0x08000f2c mov r3, sp | r3 = sp;
0x08000f30 bic r3, r3, 0x1fc0 | r3 = BIT_MASK (r3, 0x1fc0);
0x08000f34 bic r3, r3, 0x3f | r3 = BIT_MASK (r3, 0x3f);
0x08000f38 str r3, [sp, 8] | var_8h = r3;
0x08000f3c ldr r3, [r0, 0x54] | r3 = *((r0 + 0x54));
0x08000f40 str r3, [sp, 0xc] | var_ch = r3;
0x08000f44 ldr fp, [r3] | fp = *(r3);
| label_1:
0x08000f48 ldrb r3, [fp, 8] | r3 = *(arg_8h);
0x08000f4c cmp r3, 9 |
| if (r3 <= 9) {
0x08000f50 subhi r3, r3, 0xa | r3 -= 0xa;
| }
| if (r3 <= 9) {
0x08000f54 movhi r1, 1 | r1 = 1;
| }
| if (r3 > 9) {
0x08000f58 movls r3, 1 | r3 = 1;
| }
| if (r3 <= 9) {
0x08000f5c lslhi r3, r1, r3 | r3 = r1 << r3;
| }
0x08000f60 cmp r7, r3 |
| if (r7 >= r3) {
0x08000f64 bhs 0x8001040 | goto label_2;
| }
0x08000f68 ldr r2, [sp, 8] | r2 = var_8h;
0x08000f6c lsl r1, r7, 3 | r1 = r7 << 3;
0x08000f70 str r1, [sp] | *(sp) = r1;
0x08000f74 ldr r3, [r2, 4] | r3 = *((r2 + 4));
0x08000f78 add r3, r3, 0x200 | r3 += 0x200;
0x08000f7c add r3, r3, 1 | r3++;
0x08000f80 str r3, [r2, 4] | *((r2 + 4)) = r3;
0x08000f84 ldrb r0, [fp, 8] | r0 = *(arg_8h);
0x08000f88 mov sb, 1 | sb = 1;
0x08000f8c mov r6, 0 | r6 = 0;
0x08000f90 cmp r0, 9 |
| if (r0 <= 9) {
0x08000f94 lslhi r4, r7, 0xa | r4 = r7 << 0xa;
| }
0x08000f98 add r7, r7, 1 | r7++;
| if (r0 > 9) {
0x08000f9c movls r4, 0 | r4 = 0;
| }
0x08000fa0 str r7, [sp, 4] | var_4h = r7;
0x08000fa4 add r3, fp, r4, lsl 2 | r3 = fp + (r4 << 2);
0x08000fa8 lsl r8, r7, 0xa | r8 = r7 << 0xa;
0x08000fac add sl, r3, 0x10 | sl = r3 + 0x10;
0x08000fb0 b 0x8000fd4 | goto label_3;
| label_0:
0x08000fb4 add r3, r4, 4 | r3 = r4 + 4;
0x08000fb8 mov r0, r7 | r0 = r7;
0x08000fbc mov r1, 0 | r1 = 0;
0x08000fc0 add r3, fp, r3, lsl 2 | r3 = fp + (r3 << 2);
0x08000fc4 str r6, [r3, 4] | *((r3 + 4)) = r6;
0x08000fc8 stmdaeq r0, {r1, r2, r5, fp, pc} | __asm ("stmdaeq r0, {r1, r2, r5, fp, pc}");
0x08000fcc ldrb r0, [fp, 8] | r0 = *(arg_8h);
| do {
0x08000fd0 add r4, r4, 1 | r4++;
| label_3:
0x08000fd4 cmp r0, 9 |
| if (r0 > 9) {
0x08000fd8 lslls r3, sb, r0 | r3 = sb << r0;
| }
| if (r0 <= 9) {
0x08000fdc movhi r3, r8 | r3 = r8;
| }
0x08000fe0 cmp r4, r3 |
| if (r4 >= r3) {
0x08000fe4 bhs 0x8001010 | goto label_4;
| }
0x08000fe8 ldr r7, [sl, 4]! | r7 = *((sl += 4));
0x08000fec cmp r7, 0 |
0x08000ff0 beq 0x8000fd0 |
| } while (r7 == 0);
0x08000ff4 ldrsb r3, [r5, 0x32] | r3 = *((r5 + 0x32));
0x08000ff8 cmp r3, 0 |
| if (r3 >= 0) {
0x08000ffc bge 0x8000fb4 | goto label_0;
| }
0x08001000 mov r1, r7 | r1 = r7;
0x08001004 mov r0, r5 | r0 = r5;
0x08001008 bl 0x8000bc8 | hash_net4_ext_cleanup ();
0x0800100c b 0x8000fb4 | goto label_0;
| label_4:
0x08001010 ldr r3, [fp, 0x10] | r3 = *(arg_10h);
0x08001014 mov ip, 0 |
0x08001018 ldr r2, [sp] | r2 = *(sp);
0x0800101c movw r1, 0x201 | r1 = 0x201;
0x08001020 ldr r0, [pc, 0x34] | r0 = *(0x8001058);
0x08001024 ldr r7, [sp, 4] | r7 = var_4h;
0x08001028 str ip, [r3, r2] | *((r3 + r2)) = ip;
0x0800102c ldr r3, [fp, 0x10] | r3 = *(arg_10h);
0x08001030 add r3, r3, r2 | r3 += r2;
0x08001034 str ip, [r3, 4] | *((r3 + 4)) = ip;
0x08001038 stmdaeq r0, {r1, fp, pc} | __asm ("stmdaeq r0, {r1, fp, pc}");
0x0800103c b 0x8000f48 | goto label_1;
| label_2:
0x08001040 ldr r3, [sp, 0xc] | r3 = var_ch;
0x08001044 mov r2, 0x100 | r2 = 0x100;
0x08001048 mov r1, 0 | r1 = 0;
0x0800104c add r0, r3, 0x50 | r0 = r3 + 0x50;
0x08001050 add sp, sp, 0x14 |
0x08001054 pop {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x08001058 stmdaeq r0, {r1, r2, r4, r5, r6, r7, r8, sb, sl, pc} | __asm ("stmdaeq r0, {r1, r2, r4, r5, r6, r7, r8, sb, sl, pc}");
0x0800105c stmdaeq r0, {r4, r5, r6} | __asm ("stmdaeq r0, {r4, r5, r6}");
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis8/kernel/net/netfilter/ipset/ip_set_hash_net.ko @ 0x8000534 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) sym.hash_net6_del_cidr.constprop.0 () | void hash_net6_del_cidr_constprop_0 (int32_t arg1, uint32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x08000534 str lr, [sp, -4]! |
0x08000538 mov r3, sp | r3 = sp;
0x0800053c bic r2, r3, 0x1fc0 | r2 = BIT_MASK (r3, 0x1fc0);
0x08000540 bic r2, r2, 0x3f | r2 = BIT_MASK (r2, 0x3f);
0x08000544 ldr r3, [r2, 4] | r3 = *((r2 + 4));
0x08000548 add r3, r3, 0x200 | r3 += 0x200;
0x0800054c add r3, r3, 1 | r3++;
0x08000550 str r3, [r2, 4] | *((r2 + 4)) = r3;
0x08000554 add lr, r0, 0x60 | lr = r0 + 0x60;
0x08000558 mov r2, 0 | r2 = 0;
| do {
0x0800055c ldrb ip, [lr, r2, lsl 3] | offset_0 = r2 << 3;
| ip = *((lr + offset_0));
0x08000560 uxtb r3, r2 | r3 = (int8_t) r2;
0x08000564 cmp ip, r1 |
| if (ip == r1) {
0x08000568 beq 0x8000588 | goto label_0;
| }
0x0800056c add r2, r2, 1 | r2++;
0x08000570 cmp r2, 0x80 |
0x08000574 bne 0x800055c |
| } while (r2 != 0x80);
0x08000578 ldr r0, [pc, 0x80] | r0 = *(0x80005fc);
0x0800057c movw r1, 0x201 | r1 = 0x201;
0x08000580 pop {lr} |
0x08000584 stmdaeq r0, {r1, fp, pc} | __asm ("stmdaeq r0, {r1, fp, pc}");
| label_0:
0x08000588 add r1, r0, r1, lsl 3 | r1 = r0 + (r1 << 3);
0x0800058c ldr r2, [r1, 0x4c] | r2 = *((r1 + 0x4c));
0x08000590 sub r2, r2, 1 | r2--;
0x08000594 str r2, [r1, 0x4c] | *((r1 + 0x4c)) = r2;
0x08000598 cmp r2, 0 |
| if (r2 == 0) {
0x0800059c beq 0x80005d4 | goto label_1;
| }
0x080005a0 ldr r0, [pc, 0x58] | r0 = *(0x80005fc);
0x080005a4 movw r1, 0x201 | r1 = 0x201;
0x080005a8 pop {lr} |
0x080005ac stmdaeq r0, {r1, fp, pc} | __asm ("stmdaeq r0, {r1, fp, pc}");
| do {
0x080005b0 add r2, r0, r3, lsl 3 | r2 = r0 + (r3 << 3);
0x080005b4 mov ip, r3 |
0x080005b8 ldrb r1, [r2, 0x60] | r1 = *((r2 + 0x60));
0x080005bc cmp r1, 0 |
| if (r1 == 0) {
0x080005c0 beq 0x80005e0 | goto label_2;
| }
0x080005c4 add r3, r3, 1 | r3++;
0x080005c8 ldrb r1, [r2, 0x68] | r1 = *((r2 + 0x68));
0x080005cc strb r1, [r2, 0x60] | *((r2 + 0x60)) = r1;
0x080005d0 uxtb r3, r3 | r3 = (int8_t) r3;
| label_1:
0x080005d4 cmp r3, 0x7f |
0x080005d8 bne 0x80005b0 |
| } while (r3 != 0x7f);
0x080005dc mov ip, 0x7f |
| label_2:
0x080005e0 add ip, ip, 0xb |
0x080005e4 mov r3, 0 | r3 = 0;
0x080005e8 movw r1, 0x201 | r1 = 0x201;
0x080005ec add r0, r0, ip, lsl 3 | r0 += (ip << 3);
0x080005f0 strb r3, [r0, 8] | *((r0 + 8)) = r3;
0x080005f4 pop {lr} |
0x080005f8 ldr r0, [pc] | r0 = *(0x80005f8);
0x080005fc stmdaeq r0, {r1, fp, pc} | __asm ("stmdaeq r0, {r1, fp, pc}");
0x08000600 stmdaeq r0, {r4, r5, r6} | __asm ("stmdaeq r0, {r4, r5, r6}");
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis8/kernel/net/netfilter/ipset/ip_set_hash_net.ko @ 0x8000c4c */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) sym.hash_net6_flush () | void hash_net6_flush (int32_t arg_8h, int32_t arg_10h, int32_t arg1) {
| int32_t var_0h;
| int32_t var_4h;
| int32_t var_8h;
| int32_t var_ch;
| int32_t var_14h;
| r0 = arg1;
0x08000c4c push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x08000c50 mov r5, r0 | r5 = r0;
0x08000c54 mov r7, 0 | r7 = 0;
0x08000c58 sub sp, sp, 0x14 |
0x08000c5c mov r3, sp | r3 = sp;
0x08000c60 bic r3, r3, 0x1fc0 | r3 = BIT_MASK (r3, 0x1fc0);
0x08000c64 bic r3, r3, 0x3f | r3 = BIT_MASK (r3, 0x3f);
0x08000c68 str r3, [sp, 8] | var_8h = r3;
0x08000c6c ldr r3, [r0, 0x54] | r3 = *((r0 + 0x54));
0x08000c70 str r3, [sp, 0xc] | var_ch = r3;
0x08000c74 ldr fp, [r3] | fp = *(r3);
| label_1:
0x08000c78 ldrb r3, [fp, 8] | r3 = *(arg_8h);
0x08000c7c cmp r3, 9 |
| if (r3 <= 9) {
0x08000c80 subhi r3, r3, 0xa | r3 -= 0xa;
| }
| if (r3 <= 9) {
0x08000c84 movhi r1, 1 | r1 = 1;
| }
| if (r3 > 9) {
0x08000c88 movls r3, 1 | r3 = 1;
| }
| if (r3 <= 9) {
0x08000c8c lslhi r3, r1, r3 | r3 = r1 << r3;
| }
0x08000c90 cmp r7, r3 |
| if (r7 >= r3) {
0x08000c94 bhs 0x8000d70 | goto label_2;
| }
0x08000c98 ldr r2, [sp, 8] | r2 = var_8h;
0x08000c9c lsl r1, r7, 3 | r1 = r7 << 3;
0x08000ca0 str r1, [sp] | *(sp) = r1;
0x08000ca4 ldr r3, [r2, 4] | r3 = *((r2 + 4));
0x08000ca8 add r3, r3, 0x200 | r3 += 0x200;
0x08000cac add r3, r3, 1 | r3++;
0x08000cb0 str r3, [r2, 4] | *((r2 + 4)) = r3;
0x08000cb4 ldrb r0, [fp, 8] | r0 = *(arg_8h);
0x08000cb8 mov sb, 1 | sb = 1;
0x08000cbc mov r6, 0 | r6 = 0;
0x08000cc0 cmp r0, 9 |
| if (r0 <= 9) {
0x08000cc4 lslhi r4, r7, 0xa | r4 = r7 << 0xa;
| }
0x08000cc8 add r7, r7, 1 | r7++;
| if (r0 > 9) {
0x08000ccc movls r4, 0 | r4 = 0;
| }
0x08000cd0 str r7, [sp, 4] | var_4h = r7;
0x08000cd4 add r3, fp, r4, lsl 2 | r3 = fp + (r4 << 2);
0x08000cd8 lsl r8, r7, 0xa | r8 = r7 << 0xa;
0x08000cdc add sl, r3, 0x10 | sl = r3 + 0x10;
0x08000ce0 b 0x8000d04 | goto label_3;
| label_0:
0x08000ce4 add r3, r4, 4 | r3 = r4 + 4;
0x08000ce8 mov r0, r7 | r0 = r7;
0x08000cec mov r1, 0 | r1 = 0;
0x08000cf0 add r3, fp, r3, lsl 2 | r3 = fp + (r3 << 2);
0x08000cf4 str r6, [r3, 4] | *((r3 + 4)) = r6;
0x08000cf8 stmdaeq r0, {r1, r2, r5, fp, pc} | __asm ("stmdaeq r0, {r1, r2, r5, fp, pc}");
0x08000cfc ldrb r0, [fp, 8] | r0 = *(arg_8h);
| do {
0x08000d00 add r4, r4, 1 | r4++;
| label_3:
0x08000d04 cmp r0, 9 |
| if (r0 > 9) {
0x08000d08 lslls r3, sb, r0 | r3 = sb << r0;
| }
| if (r0 <= 9) {
0x08000d0c movhi r3, r8 | r3 = r8;
| }
0x08000d10 cmp r4, r3 |
| if (r4 >= r3) {
0x08000d14 bhs 0x8000d40 | goto label_4;
| }
0x08000d18 ldr r7, [sl, 4]! | r7 = *((sl += 4));
0x08000d1c cmp r7, 0 |
0x08000d20 beq 0x8000d00 |
| } while (r7 == 0);
0x08000d24 ldrsb r3, [r5, 0x32] | r3 = *((r5 + 0x32));
0x08000d28 cmp r3, 0 |
| if (r3 >= 0) {
0x08000d2c bge 0x8000ce4 | goto label_0;
| }
0x08000d30 mov r1, r7 | r1 = r7;
0x08000d34 mov r0, r5 | r0 = r5;
0x08000d38 bl 0x8000bc8 | hash_net4_ext_cleanup ();
0x08000d3c b 0x8000ce4 | goto label_0;
| label_4:
0x08000d40 ldr r3, [fp, 0x10] | r3 = *(arg_10h);
0x08000d44 mov ip, 0 |
0x08000d48 ldr r2, [sp] | r2 = *(sp);
0x08000d4c movw r1, 0x201 | r1 = 0x201;
0x08000d50 ldr r0, [pc, 0x34] | r0 = *(0x8000d88);
0x08000d54 ldr r7, [sp, 4] | r7 = var_4h;
0x08000d58 str ip, [r3, r2] | *((r3 + r2)) = ip;
0x08000d5c ldr r3, [fp, 0x10] | r3 = *(arg_10h);
0x08000d60 add r3, r3, r2 | r3 += r2;
0x08000d64 str ip, [r3, 4] | *((r3 + 4)) = ip;
0x08000d68 stmdaeq r0, {r1, fp, pc} | __asm ("stmdaeq r0, {r1, fp, pc}");
0x08000d6c b 0x8000c78 | goto label_1;
| label_2:
0x08000d70 ldr r3, [sp, 0xc] | r3 = var_ch;
0x08000d74 mov r2, 0x400 | r2 = 0x400;
0x08000d78 mov r1, 0 | r1 = 0;
0x08000d7c add r0, r3, 0x5c | r0 = r3 + 0x5c;
0x08000d80 add sp, sp, 0x14 |
0x08000d84 pop {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x08000d88 stmdaeq r0, {r1, r2, r4, r5, r6, r7, r8, sb, sl, pc} | __asm ("stmdaeq r0, {r1, r2, r4, r5, r6, r7, r8, sb, sl, pc}");
0x08000d8c stmdaeq r0, {r4, r5, r6} | __asm ("stmdaeq r0, {r4, r5, r6}");
| }
[*] Function strcpy used 1 times ip_set_hash_net.ko