[*] Binary protection state of jbd2.ko
No RELRO No Canary found NX disabled REL No RPATH No RUNPATH Symbols
[*] Function strcpy tear down of jbd2.ko
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis8/kernel/fs/jbd2/jbd2.ko @ 0x8001dd8 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) sym.__jbd2_journal_file_buffer () | void jbd2_journal_file_buffer (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x08001dd8 push {r4, r5, r6, r7, r8, lr} |
0x08001ddc mov r6, r2 | r6 = r2;
0x08001de0 ldr r2, [r0, 8] | r2 = *((r0 + 8));
0x08001de4 ldr r7, [r0] | r7 = *(r0);
0x08001de8 cmp r2, 4 |
| if (r2 > 4) {
0x08001dec bhi 0x8001f70 | goto label_3;
| }
0x08001df0 ldr r3, [r0, 0x18] | r3 = *((r0 + 0x18));
0x08001df4 mov r4, r0 | r4 = r0;
0x08001df8 mov r5, r1 | r5 = r1;
0x08001dfc cmp r3, 0 |
0x08001e00 cmpne r3, r1 | __asm ("cmpne r3, r1");
| if (r3 == 0) {
0x08001e04 movne r8, 1 | r8 = 1;
| }
| if (r3 != 0) {
0x08001e08 moveq r8, 0 | r8 = 0;
| }
| if (r3 != 0) {
0x08001e0c bne 0x8001f70 | goto label_3;
| }
0x08001e10 cmp r3, 0 |
| if (r3 == 0) {
0x08001e14 beq 0x8001eb8 | goto label_4;
| }
0x08001e18 cmp r2, r6 |
0x08001e1c popeq {r4, r5, r6, r7, r8, pc} |
0x08001e20 sub r3, r6, 1 | r3 = r6 - 1;
0x08001e24 cmp r3, 3 |
| if (r3 > 3) {
0x08001e28 bhi 0x8001e68 | goto label_5;
| }
| label_0:
0x08001e2c ldr r3, [r7] | r3 = *(r7);
0x08001e30 tst r3, 2 |
| if ((r3 & 2) != 0) {
0x08001e34 bne 0x8001f7c | goto label_6;
| }
| label_2:
0x08001e38 mrs r2, apsr | r2 = apsr;
0x08001e3c cpsid i | __asm ("cpsid i");
0x08001e40 ldr r3, [r7] | r3 = *(r7);
0x08001e44 bic r1, r3, 2 | r1 = BIT_MASK (r3, 2);
0x08001e48 str r1, [r7] | *(r7) = r1;
0x08001e4c msr cpsr_c, r2 | cpsr_c = r2;
0x08001e50 tst r3, 2 |
| if ((r3 & 2) == 0) {
0x08001e54 beq 0x8001e94 | goto label_7;
| }
0x08001e58 ldr r3, [r4, 0x18] | r3 = *((r4 + 0x18));
0x08001e5c mov r8, 1 | r8 = 1;
| do {
0x08001e60 cmp r3, 0 |
| if (r3 == 0) {
0x08001e64 beq 0x8001ec8 | goto label_8;
| }
| label_5:
0x08001e68 mov r0, r4 | r0 = r4;
0x08001e6c bl 0x80002a8 | jbd2_journal_temp_unlink_buffer ();
| label_1:
0x08001e70 str r5, [r4, 0x18] | *((r4 + 0x18)) = r5;
0x08001e74 cmp r6, 4 |
| if (r6 > 4) {
| /* switch table (5 cases) at 0x8001e80 */
0x08001e78 ldrls pc, [pc, r6, lsl 2] | offset_0 = r6 << 2;
| pc = *((pc + offset_0));
| }
0x08001e7c b 0x8001f74 | goto label_9;
| label_7:
0x08001e94 mrs r3, apsr | r3 = apsr;
0x08001e98 cpsid i | __asm ("cpsid i");
0x08001e9c ldr r8, [r7] | r8 = *(r7);
0x08001ea0 bic r2, r8, 0x200000 | r2 = BIT_MASK (r8, 0x200000);
0x08001ea4 str r2, [r7] | *(r7) = r2;
0x08001ea8 msr cpsr_c, r3 | cpsr_c = r3;
0x08001eac ldr r3, [r4, 0x18] | r3 = *((r4 + 0x18));
0x08001eb0 ubfx r8, r8, 0x15, 1 | r8 = (r8 >> 0x15) & ((1 << 1) - 1);
0x08001eb4 b 0x8001e60 |
| } while (1);
| label_4:
0x08001eb8 sub r2, r6, 1 | r2 = r6 - 1;
0x08001ebc cmp r2, 3 |
| if (r2 > 3) {
0x08001ec0 movhi r8, r3 | r8 = r3;
| goto label_10;
| }
| if (r2 < 3) {
| label_10:
0x08001ec4 bls 0x8001e2c | goto label_0;
| }
| label_8:
0x08001ec8 mov r0, r7 | r0 = r7;
0x08001ecc stmdaeq r0, {r3, r4, r5, r6, r7, r8, sl, lr, pc} | __asm ("stmdaeq r0, {r3, r4, r5, r6, r7, r8, sl, lr, pc}");
0x08001ed0 b 0x8001e70 | goto label_1;
| do {
0x08001ed8 ldr r3, [r5] | r3 = *(r5);
0x08001edc cmp r3, 0 |
| if (r3 != 0) {
0x08001ee0 streq r4, [r4, 0x24] | *((r4 + 0x24)) = r4;
| }
| if (r3 != 0) {
0x08001ee4 streq r4, [r4, 0x20] | *((r4 + 0x20)) = r4;
| }
| if (r3 != 0) {
0x08001ee8 streq r4, [r5] | *(r5) = r4;
| }
| if (r3 == 0) {
0x08001eec ldrne r2, [r3, 0x24] | r2 = *((r3 + 0x24));
| }
| if (r3 == 0) {
0x08001ef0 strne r2, [r4, 0x24] | *((r4 + 0x24)) = r2;
| }
| if (r3 == 0) {
0x08001ef4 strne r3, [r4, 0x20] | *((r4 + 0x20)) = r3;
| }
| if (r3 == 0) {
0x08001ef8 strne r4, [r3, 0x24] | *((r3 + 0x24)) = r4;
| }
| if (r3 == 0) {
0x08001efc strne r4, [r2, 0x20] | *((r2 + 0x20)) = r4;
| }
0x08001f00 cmp r8, 0 |
0x08001f04 str r6, [r4, 8] | *((r4 + 8)) = r6;
0x08001f08 popeq {r4, r5, r6, r7, r8, pc} |
0x08001f0c ldr r3, [r7] | r3 = *(r7);
0x08001f10 tst r3, 0x200000 |
0x08001f14 popne {r4, r5, r6, r7, r8, pc} |
0x08001f18 mrs r2, apsr | r2 = apsr;
0x08001f1c cpsid i | __asm ("cpsid i");
0x08001f20 ldr r3, [r7] | r3 = *(r7);
0x08001f24 orr r3, r3, 0x200000 | r3 |= 0x200000;
0x08001f28 str r3, [r7] | *(r7) = r3;
0x08001f2c msr cpsr_c, r2 | cpsr_c = r2;
0x08001f30 pop {r4, r5, r6, r7, r8, pc} |
| label_3:
0x08001f70 udf 0x12 | __asm ("udf 0x12");
| label_9:
0x08001f74 mov r5, 0 | r5 = 0;
0x08001f78 b 0x8001ed8 |
| } while (1);
| label_6:
0x08001f7c ldrd r2, r3, [r7, 0x10] | __asm ("ldrd r2, r3, [r7, 0x10]");
0x08001f80 stmdaeq r0, {r2, sb, sl, ip, lr, pc} | __asm ("stmdaeq r0, {r2, sb, sl, ip, lr, pc}");
0x08001f84 stmdaeq r0, {r2, sb, sl, ip, lr, pc} | __asm ("stmdaeq r0, {r2, sb, sl, ip, lr, pc}");
0x08001f88 ldr r1, [r7, 0x20] | r1 = *((r7 + 0x20));
0x08001f8c stmdaeq r1, {r0, r2, r7, sb, pc} | __asm ("stmdaeq r1, {r0, r2, r7, sb, pc}");
0x08001f90 b 0x8001e38 | goto label_2;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis8/kernel/fs/jbd2/jbd2.ko @ 0x8003860 */
| #include <stdint.h>
|
; (fcn) sym.jbd2_journal_inode_ranged_wait () | void jbd2_journal_inode_ranged_wait (int32_t arg_18h, int32_t arg_1ch, int32_t arg1, int32_t arg2) {
| int32_t var_0h;
| int32_t var_8h_2;
| int32_t var_8h;
| int32_t var_ch;
| int32_t var_14h;
| r0 = arg1;
| r1 = arg2;
0x08003860 str lr, [sp, -4]! |
0x08003864 sub sp, sp, 0x14 |
0x08003868 ldr ip, [sp, 0x18] | ip = *(arg_18h);
0x0800386c ldr lr, [sp, 0x1c] |
0x08003870 subs ip, ip, 1 |
0x08003874 strd r2, r3, [sp] | __asm ("strd r2, r3, [sp]");
0x08003878 sbc lr, lr, 0 | __asm ("sbc lr, lr, 0");
0x0800387c adds ip, ip, r2 |
0x08003880 adc r3, r3, lr | __asm ("adc r3, r3, lr");
0x08003884 str ip, [sp, 8] | var_8h = ip;
0x08003888 str r3, [sp, 0xc] | var_8h = r3;
0x0800388c mov r2, 4 | r2 = 4;
0x08003890 bl 0x8000070 | jbd2_journal_file_inode ();
0x08003894 add sp, sp, 0x14 |
0x08003898 pop {pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis8/kernel/fs/jbd2/jbd2.ko @ 0x8003824 */
| #include <stdint.h>
|
; (fcn) sym.jbd2_journal_inode_ranged_write () | void jbd2_journal_inode_ranged_write (int32_t arg_18h, int32_t arg_1ch, int32_t arg1, int32_t arg2) {
| int32_t var_0h;
| int32_t var_8h_2;
| int32_t var_8h;
| int32_t var_ch;
| int32_t var_14h;
| r0 = arg1;
| r1 = arg2;
0x08003824 str lr, [sp, -4]! |
0x08003828 sub sp, sp, 0x14 |
0x0800382c ldr ip, [sp, 0x18] | ip = *(arg_18h);
0x08003830 ldr lr, [sp, 0x1c] |
0x08003834 subs ip, ip, 1 |
0x08003838 strd r2, r3, [sp] | __asm ("strd r2, r3, [sp]");
0x0800383c sbc lr, lr, 0 | __asm ("sbc lr, lr, 0");
0x08003840 adds ip, ip, r2 |
0x08003844 adc r3, r3, lr | __asm ("adc r3, r3, lr");
0x08003848 str ip, [sp, 8] | var_8h = ip;
0x0800384c str r3, [sp, 0xc] | var_8h = r3;
0x08003850 mov r2, 6 | r2 = 6;
0x08003854 bl 0x8000070 | jbd2_journal_file_inode ();
0x08003858 add sp, sp, 0x14 |
0x0800385c pop {pc} |
| }
[*] Function strcpy used 1 times jbd2.ko