[*] Binary protection state of libusb-1.0.so.0.3.0
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of libusb-1.0.so.0.3.0
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libusb-1.0.so.0.3.0 @ 0x2ea0 */
| #include <stdint.h>
|
; (fcn) sym.imp.__ctype_tolower_loc () | void ctype_tolower_loc () {
0x00002ea0 ldr pc, [ip, 0x18]! | pc = *((ip += 0x18));
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libusb-1.0.so.0.3.0 @ 0x4d80 */
| #include <stdint.h>
|
; (fcn) sym.libusb_exit () | void libusb_exit (int16_t arg1) {
| int16_t var_4h;
| int32_t var_4h_2;
| int16_t var_ch;
| r0 = arg1;
0x00004d80 svcmi 0xf0e92d | __asm ("svcmi 0xf0e92d");
0x00004d84 mov r4, r0 | r4 = r0;
0x00004d86 ldr r6, [pc, 0x210] |
0x00004d88 sub sp, 0x14 |
0x00004d8a movs r0, 0 | r0 = 0;
0x00004d8c movs r1, 4 | r1 = 4;
0x00004d8e ldr r5, [pc, 0x20c] | r5 = *(0x4f9e);
0x00004d90 ldr r2, [pc, 0x20c] | r2 = *(0x4fa0);
0x00004d92 add r6, pc | r6 = 0x9d30;
0x00004d94 ldr r3, [pc, 0x20c] | r3 = libusb_bulk_transfer;
0x00004d96 ldr r5, [r6, r5] | r5 = *(0x9d30);
0x00004d98 ldr r7, [pc, 0x20c] | r7 = *(0x4fa8);
0x00004d9a add r2, pc | r2 += pc;
0x00004d9c add r3, pc | r3 += pc;
0x00004d9e add.w r2, r2, 0x2c8 | r2 += 0x2c8;
0x00004da2 ldr r5, [r5] | r5 = *(r5);
0x00004da4 str r5, [sp, 0xc] | var_ch = r5;
0x00004da6 mov.w r5, 0 | r5 = 0;
0x00004daa invalid |
0x00004dac movs r1, r0 | r1 = r0;
0x00004dae add r7, pc | r7 += pc;
0x00004db0 bl 0x3a00 | fcn_00003a00 (r0, r1, r2);
0x00004db4 cmp r4, 0 |
| if (r4 == 0) {
0x00004db6 beq.w 0x4ed8 | goto label_6;
| }
| label_0:
0x00004dba ldr r5, [pc, 0x1f0] |
0x00004dbc add r5, pc | r5 = 0x9d6e;
0x00004dbe add.w r6, r5, 0x1c | r6 = r5 + 0x1c;
0x00004dc2 mov r0, r6 | r0 = r6;
0x00004dc4 blx 0x2c7c | r0 = fcn_00002c7c ();
0x00004dc8 cmp r0, 0 |
| if (r0 != 0) {
0x00004dca bne.w 0x4f8c | goto label_7;
| }
0x00004dce ldr r3, [r5] | r3 = *(r5);
0x00004dd0 cmp r3, r4 |
| if (r3 == r4) {
0x00004dd2 beq 0x4eb4 | goto label_8;
| }
0x00004dd4 mov r0, r6 | r0 = r6;
0x00004dd6 blx 0x2bc4 | r0 = pthread_mutex_unlock ();
0x00004dda mov r6, r0 | r6 = r0;
0x00004ddc cmp r0, 0 |
| if (r0 != 0) {
0x00004dde bne.w 0x4f52 | goto label_3;
| }
| do {
0x00004de2 ldr r5, [pc, 0x1cc] | r5 = *(0x4fb2);
0x00004de4 add r5, pc | r5 += pc;
0x00004de6 adds r5, 0x38 | r5 += 0x38;
0x00004de8 mov r0, r5 | r0 = r5;
0x00004dea blx 0x2c7c | fcn_00002c7c ();
0x00004dec vmax.s8 d20, d8, d3 | __asm ("vmax.s8 d20, d8, d3");
0x00004df0 cmp r0, 0 |
| if (r0 != 0) {
0x00004df2 bne.w 0x4f8c | goto label_7;
| }
0x00004df6 invalid |
0x00004df8 movs r1, 0x56 | r1 = 0x56;
0x00004dfa mov r0, r5 | r0 = r5;
0x00004dfc str r2, [r1] | *(r1) = r2;
0x00004dfe str r1, [r2, 4] | *((r2 + 4)) = r1;
0x00004e00 strd r3, r3, [r4, 0x158] | __asm ("strd r3, r3, [r4, 0x158]");
0x00004e04 blx 0x2bc4 | r0 = pthread_mutex_unlock ();
0x00004e08 cmp r0, 0 |
| if (r0 != 0) {
0x00004e0a bne.w 0x4f52 | goto label_3;
| }
0x00004e0e movs r0, 1 | r0 = 1;
0x00004e10 add.w r8, r4, 0x34 | r8 = r4 + 0x34;
0x00004e12 lsrs r4, r6, 0x20 | r4 = r6 >> 0x20;
0x00004e14 add.w r5, r4, 0x14 | r5 = r4 + 0x14;
0x00004e16 lsls r4, r2, 0x14 | r4 = r2 << 0x14;
0x00004e18 blx 0x2e98 | r0 = fcn_00002e98 ();
0x00004e1c cmp r0, 0 |
| if (r0 != 0) {
0x00004e1e bne 0x4ee0 | goto label_9;
| }
| label_1:
0x00004e20 ldr r3, [r4, 0x18] | r3 = *((r4 + 0x18));
0x00004e22 cmp r3, r5 |
| if (r3 != r5) {
0x00004e24 beq 0x4e3a |
0x00004e26 ldr r2, [pc, 0x18c] |
0x00004e28 movs r1, 2 | r1 = 2;
0x00004e2a ldr r3, [pc, 0x18c] | r3 = *(0x4fba);
0x00004e2c mov r0, r4 | r0 = r4;
0x00004e2e add r2, pc |
0x00004e30 add.w r2, r2, 0x2c8 | r2 = 0xa0b0;
0x00004e34 add r3, pc | r3 += pc;
0x00004e36 bl 0x3a00 | fcn_00003a00 (r0, r1, r2);
| }
0x00004e3a ldr r3, [r4, 0x38] | r3 = *((r4 + 0x38));
0x00004e3c cmp r3, r8 |
| if (r3 != r8) {
0x00004e3e beq 0x4e54 |
0x00004e40 ldr r2, [pc, 0x178] |
0x00004e42 movs r1, 2 | r1 = 2;
0x00004e44 ldr r3, [pc, 0x178] |
0x00004e46 mov r0, r4 | r0 = r4;
0x00004e48 add r2, pc |
0x00004e4a add r3, pc | r3 = 0x9e0e;
0x00004e4c add.w r2, r2, 0x2c8 | r2 = 0xa0d0;
0x00004e4e strb r2, [r6, 8] | *((r6 + 8)) = r2;
0x00004e50 bl 0x3a00 | fcn_00003a00 (r0, r1, r2);
| }
0x00004e54 mov r0, r4 | r0 = r4;
0x00004e56 bl 0x833c | fcn_0000833c (r0);
0x00004e5a ldr r3, [pc, 0x168] |
0x00004e5c ldr r3, [r7, r3] | r3 = *((r7 + r3));
0x00004e5e ldr r3, [r3, 0xc] | r3 = *(0x4fd2);
| if (r3 != 0) {
0x00004e60 cbz r3, 0x4e66 |
0x00004e62 mov r0, r4 | r0 = r4;
0x00004e64 blx r3 | uint32_t (*r3)(uint32_t) (r0);
| }
0x00004e66 add.w r0, r4, 0x3c | r0 = r4 + 0x3c;
0x00004e6a blx 0x2c48 | r0 = pthread_mutex_destroy ();
0x00004e6e cmp r0, 0 |
| if (r0 != 0) {
0x00004e70 bne.w 0x4f88 | goto label_10;
| }
0x00004e74 add.w r0, r4, 0x1c | r0 = r4 + 0x1c;
0x00004e78 blx 0x2c48 | r0 = pthread_mutex_destroy ();
0x00004e7c cmp r0, 0 |
| if (r0 != 0) {
0x00004e7e bne.w 0x4f88 | goto label_10;
| }
0x00004e82 add.w r0, r4, 0x60 | r0 = r4 + 0x60;
0x00004e86 blx 0x2c48 | r0 = pthread_mutex_destroy ();
0x00004e8a mov r5, r0 | r5 = r0;
0x00004e8c cmp r0, 0 |
| if (r0 != 0) {
0x00004e8e bne 0x4f88 | goto label_10;
| }
0x00004e90 mov r0, r4 | r0 = r4;
0x00004e92 blx 0x2c70 | fcn_00002c70 ();
0x00004e96 cmp r6, 0 |
| if (r6 != 0) {
0x00004e98 bne 0x4f42 | goto label_11;
| }
| label_2:
0x00004e9a ldr r2, [pc, 0x12c] |
0x00004e9c ldr r3, [pc, 0xfc] | r3 = *(0x4f9c);
0x00004e9e add r2, pc | r2 = 0x9e6c;
0x00004ea0 ldr r3, [r2, r3] | r3 = *(0x9e6c);
0x00004ea2 ldr r2, [r3] | r2 = *(0x9e6c);
0x00004ea4 ldr r3, [sp, 0xc] | r3 = var_ch;
0x00004ea6 eors r2, r3 | r2 ^= r3;
0x00004ea8 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00004eac bne 0x4f90 | goto label_12;
| }
0x00004eae add sp, 0x14 |
0x00004eb0 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_8:
0x00004eb4 cmp r4, 0 |
| if (r4 == 0) {
0x00004eb6 beq 0x4f74 | goto label_13;
| }
0x00004eb8 ldr r3, [r5, 0x34] | r3 = *((r5 + 0x34));
0x00004eba subs r3, 1 | r3--;
0x00004ebc cmp r3, 0 |
0x00004ebe str r3, [r5, 0x34] | *((r5 + 0x34)) = r3;
| if (r3 > 0) {
0x00004ec0 bgt 0x4f56 | goto label_14;
| }
0x00004ec2 ldr r2, [pc, 0x108] |
0x00004ec4 movs r1, 4 | r1 = 4;
0x00004ec6 ldr r3, [pc, 0x108] |
0x00004ec8 movs r6, 1 | r6 = 1;
0x00004eca add r2, pc |
0x00004ecc add r3, pc | r3 = 0x9ea2;
0x00004ece add.w r2, r2, 0x2c8 | r2 = 0xa164;
0x00004ed2 bl 0x3a00 | fcn_00003a00 (r0, r1, r2);
0x00004ed6 b 0x4de2 |
| } while (1);
| label_6:
0x00004ed8 ldr r3, [pc, 0xf8] |
0x00004eda add r3, pc | r3 = 0x9eb2;
0x00004edc ldr r4, [r3] | r4 = *(0x9eb2);
0x00004ede b 0x4dba | goto label_0;
| label_9:
0x00004ee0 movs r1, 1 | r1 = 1;
0x00004ee2 mov r0, r4 | r0 = r4;
0x00004ee4 bl 0x6948 | fcn_00006948 (r0, r1);
0x00004ee8 ldr r3, [r4, 0x38] | r3 = *((r4 + 0x38));
0x00004eea cmp r3, r8 |
| if (r3 == r8) {
0x00004eec beq 0x4f7e | goto label_15;
| }
| label_5:
0x00004eee add.w sb, r4, 0x1c | sb = r4 + 0x1c;
0x00004ef2 mov r0, sb | r0 = sb;
0x00004ef4 blx 0x2c7c | r0 = fcn_00002c7c ();
0x00004ef8 mov fp, r0 |
0x00004efa cmp r0, 0 |
| if (r0 != 0) {
0x00004efc bne 0x4f94 | goto label_16;
| }
0x00004efe ldr r2, [r4, 0x18] | r2 = *((r4 + 0x18));
0x00004f00 add.w r5, r4, 0x14 | r5 = r4 + 0x14;
0x00004f02 lsls r4, r2, 0x14 | r4 = r2 << 0x14;
0x00004f04 ldr r3, [r2, 4] | r3 = *((r2 + 4));
0x00004f06 cmp r5, r2 |
0x00004f08 sub.w r0, r2, 0x2c | r0 = r2 - 0x2c;
0x00004f0c sub.w sl, r3, 0x2c | sl = r3 - 0x2c;
| if (r5 == r2) {
0x00004f10 beq 0x4f32 | goto label_17;
| }
| do {
0x00004f12 ldr r2, [r0, 0x2c] | r2 = *((r0 + 0x2c));
0x00004f14 str r2, [r3] | *(r3) = r2;
0x00004f16 str r3, [r2, 4] | *((r2 + 4)) = r3;
0x00004f18 strd fp, fp, [r0, 0x2c] | __asm ("strd fp, fp, [r0, 0x2c]");
0x00004f1c blx 0x3144 | fcn_00003144 ();
0x00004f20 add.w r2, sl, 0x2c | r2 = sl + 0x2c;
0x00004f24 ldr.w r3, [sl, 0x30] | r3 = *((sl + 0x30));
0x00004f28 cmp r2, r5 |
0x00004f2a mov r0, sl | r0 = sl;
0x00004f2c sub.w sl, r3, 0x2c | sl = r3 - 0x2c;
0x00004f30 bne 0x4f12 |
| } while (r2 != r5);
| label_17:
0x00004f32 mov r0, sb | r0 = sb;
0x00004f34 blx 0x2bc4 | r0 = pthread_mutex_unlock ();
0x00004f38 cmp r0, 0 |
| if (r0 == 0) {
0x00004f3a beq.w 0x4e20 | goto label_1;
| }
0x00004f3e bl 0x3378 | fcn_00003378 (r0);
| label_11:
0x00004f42 ldr r0, [pc, 0x94] |
0x00004f44 add r0, pc | r0 = 0x9f22;
0x00004f46 str r5, [r0], 0x1c | *(r0) = r5;
| r0 += 0x1c;
0x00004f4a blx 0x2bc4 | r0 = pthread_mutex_unlock ();
0x00004f4e cmp r0, 0 |
| if (r0 == 0) {
0x00004f50 beq 0x4e9a | goto label_2;
| }
| label_3:
0x00004f52 bl 0x339c | fcn_0000339c ();
| label_14:
0x00004f56 ldr r2, [pc, 0x84] |
0x00004f58 ldr r3, [pc, 0x84] |
0x00004f5a add r2, pc | r2 = 0x9f3c;
0x00004f5c add r3, pc | r3 = 0x9f40;
| label_4:
0x00004f5e movs r1, 4 | r1 = 4;
0x00004f60 add.w r2, r2, 0x2c8 | r2 += 0x2c8;
0x00004f64 bl 0x3a00 | fcn_00003a00 (r0, r1, r2);
0x00004f68 mov r0, r6 | r0 = r6;
0x00004f6a blx 0x2bc4 | r0 = pthread_mutex_unlock ();
0x00004f6e cmp r0, 0 |
| if (r0 == 0) {
0x00004f70 beq 0x4e9a | goto label_2;
| }
0x00004f72 b 0x4f52 | goto label_3;
| label_13:
0x00004f74 ldr r2, [pc, 0x6c] |
0x00004f76 ldr r3, [pc, 0x70] |
0x00004f78 add r2, pc | r2 = 0x9f60;
0x00004f7a add r3, pc | r3 = 0x9f68;
0x00004f7c b 0x4f5e | goto label_4;
| label_15:
0x00004f7e add r1, sp, 4 | r1 += var_4h;
0x00004f80 mov r0, r4 | r0 = r4;
0x00004f82 blx 0x2fdc | fcn_00002fdc ();
0x00004f86 b 0x4eee | goto label_5;
0x00004f84 invalid |
| label_10:
0x00004f88 bl 0x33c0 | r0 = fcn_000033c0 (r0, r1);
| label_7:
0x00004f8c bl 0x3354 | r0 = fcn_00003354 (r0);
| label_12:
0x00004f90 blx 0x2d48 | fcn_00002d48 ();
| label_16:
0x00004f94 bl 0x3330 | fcn_00003330 (r0, r1);
| if (r0 == 0) {
0x00004f98 beq 0x4fe8 | goto label_18;
| }
0x00004f9a movs r1, r0 | r1 = r0;
0x00004f9c lsls r0, r4, 8 | r0 = r4 << 8;
0x00004f9e movs r0, r0 |
0x00004fa0 ldrh r2, [r2, 0x38] | r2 = *((r2 + 0x38));
0x00004fa2 movs r0, r0 |
0x00004fa4 ldrh r4, [r6, 0xa] | r4 = *((r6 + 0xa));
0x00004fa6 movs r0, r0 |
| if (r0 == r0) {
0x00004fa8 beq 0x4fc0 | goto label_19;
| }
0x00004faa movs r1, r0 | r1 = r0;
| if (r1 >= r0) {
0x00004fac bhs 0x5068 | void (*0x5068)() ();
| }
0x00004fae movs r1, r0 | r1 = r0;
| if (r1 >= r0) {
0x00004fb0 bhs 0x501c | goto label_20;
| }
0x00004fb2 movs r1, r0 | r1 = r0;
0x00004fb4 ldrh r6, [r7, 0x32] | r6 = *((r7 + 0x32));
0x00004fb6 movs r0, r0 |
0x00004fb8 ldrh r0, [r4, 0x20] | r0 = *((r4 + 0x20));
0x00004fba movs r0, r0 |
0x00004fbc ldrh r4, [r4, 0x32] | r4 = *((r4 + 0x32));
0x00004fbe movs r0, r0 |
| label_19:
0x00004fc0 ldrh r2, [r5, 0x20] | r2 = *((r5 + 0x20));
0x00004fc2 movs r0, r0 |
0x00004fc4 lsls r4, r4, 8 | r4 <<= 8;
0x00004fc6 movs r0, r0 |
0x00004fc8 ldm r7!, {r1, r3, r4} | r1 = *(r7!);
| r3 = *((r7! + 4));
| r4 = *((r7! + 8));
0x00004fca movs r1, r0 | r1 = r0;
0x00004fcc ldrh r2, [r4, 0x2e] | r2 = *((r4 + 0x2e));
0x00004fce movs r0, r0 |
0x00004fd0 ldrh r4, [r5, 0x1a] | r4 = *((r5 + 0x1a));
0x00004fd2 movs r0, r0 |
| if (r0 != r0) {
0x00004fd4 bne 0x5054 | goto label_21;
| }
0x00004fd6 movs r1, r0 | r1 = r0;
| if (r1 == r0) {
0x00004fd8 beq 0x4f84 | void (*0x4f84)() ();
| }
0x00004fda movs r1, r0 | r1 = r0;
0x00004fdc ldrh r2, [r2, 0x2a] | r2 = *((r2 + 0x2a));
0x00004fde movs r0, r0 |
0x00004fe0 ldrh r0, [r3, 0x16] | r0 = *((r3 + 0x16));
0x00004fe2 movs r0, r0 |
0x00004fe4 ldrh r4, [r6, 0x28] | r4 = *((r6 + 0x28));
0x00004fe6 movs r0, r0 |
| label_18:
0x00004fe8 ldrh r2, [r2, 0x14] | r2 = *((r2 + 0x14));
0x00004fea movs r0, r0 |
| label_20:
0x0000501c adds r5, 0x35 | r5 += 0x35;
0x0000501e adds r5, 0x35 | r5 += 53;
0x00005020 adds r5, 0x35 | r5 += 53;
0x00005022 adds r5, 0x35 | r5 += 53;
0x00005024 adds r5, 0x35 | r5 += 53;
0x00005026 adds r5, 0x35 | r5 += 53;
0x00005028 adds r5, 0x35 | r5 += 53;
0x0000502a adds r5, 0x35 | r5 += 53;
0x0000502c adds r5, 0x35 | r5 += 53;
0x0000502e adds r5, 0x35 | r5 += 53;
0x00005030 adds r5, 0x35 | r5 += 53;
0x00005032 adds r5, 0x35 | r5 += 53;
0x00005034 adds r5, 0x35 | r5 += 53;
0x00005036 adds r5, 0x35 | r5 += 53;
0x00005038 adds r5, 0x35 | r5 += 53;
0x0000503a adds r5, 0x35 | r5 += 53;
0x0000503c adds r5, 0x35 | r5 += 53;
0x0000503e adds r5, 0x35 | r5 += 53;
0x00005040 adds r5, 0x35 | r5 += 53;
0x00005042 adds r5, 0x35 | r5 += 53;
0x00005044 adds r5, 0x35 | r5 += 53;
0x00005046 adds r5, 0x35 | r5 += 53;
0x00005048 adds r5, 0x35 | r5 += 53;
0x0000504a adds r5, 0x35 | r5 += 53;
0x0000504c ldr r5, [r6] | r5 = *(r6);
0x0000504e str r5, [r4, 0x24] | *((r4 + 36)) = r5;
0x00005050 ldrb r7, [r3, r1] | r7 = *((r3 + r1));
0x00005052 ldrsb r1, [r3, r1] | r1 = *((r3 + r1));
| label_21:
0x00005054 str r3, [r2, r1] | *((r2 + r1)) = r3;
0x00005056 strb r5, [r1, 5] | *((r1 + 5)) = r5;
0x00005058 ldr r2, [pc, 0x1b8] | r2 = *(0x5214);
0x0000505a add r7, r8 | r7 += r8;
0x0000505c subs r6, 0x41 | r6 -= 65;
0x0000505e subs r0, 0x3b | r0 -= 59;
| }
[*] Function strcpy used 1 times libusb-1.0.so.0.3.0
