[*] Binary protection state of wpa_supplicant
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of wpa_supplicant
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/wpa_supplicant @ 0x289b4 */
| #include <stdint.h>
|
; (fcn) fcn.000289b4 () | void fcn_000289b4 (int16_t arg1) {
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_14h;
| int16_t var_18h;
| int16_t var_1ch;
| r0 = arg1;
0x000289b4 blmi 0x1c3b378 | __asm ("blmi aav.0x0005ff60");
0x000289b8 push {r4, r5, r6, lr} |
0x000289ba mov r4, r0 | r4 = r0;
0x000289bc add r2, pc | r2 += pc;
0x000289be ldr r1, [pc, 0x1bc] |
0x000289c0 movs r5, 1 | r5 = 1;
0x000289c2 sub sp, 0x20 |
0x000289c4 strb.w r5, [r4, 0x54] | *((r4 + 0x54)) = r5;
0x000289c8 movs r0, 2 | r0 = 2;
0x000289ca ldr r3, [r2, r3] | r3 = *((r2 + r3));
0x000289cc add r1, pc | r1 = 0x5154e;
0x000289ce ldr r3, [r3] | r3 = *(r3);
0x000289d0 str r3, [sp, 0x1c] | var_1ch = r3;
0x000289d2 mov.w r3, 0 | r3 = 0;
0x000289d6 bl 0xe4b4 | fcn_0000e4b4 (r0, r1);
0x000289da ldr r3, [r4, 0x50] | r3 = *((r4 + 0x50));
0x000289dc movs r2, 5 | r2 = 5;
0x000289de str r2, [r4] | *(r4) = r2;
0x000289e0 cmp r3, 0 |
| if (r3 == 0) {
0x000289e2 beq.w 0x28b46 | goto label_3;
| }
0x000289e6 ldrd r0, r3, [r4, 0x58] | __asm ("ldrd r0, r3, [r4, 0x58]");
0x000289ea ldr r3, [r3, 0x14] | r3 = *((r3 + 0x14));
0x000289ec blx r3 | uint32_t (*r3)(uint32_t, uint32_t) (r0, r3);
0x000289ee ldr r3, [r4, 0x50] | r3 = *((r4 + 0x50));
0x000289f0 mov r6, r0 | r6 = r0;
0x000289f2 mov r1, r5 | r1 = r5;
0x000289f4 ldr r2, [r3] | r2 = *(r3);
| if (r2 == 0) {
0x000289f6 cbnz r2, 0x28a00 |
0x000289f8 ldr r1, [r3, 4] | r1 = *((r3 + 4));
0x000289fa subs r1, 0x11 | r1 -= 0x11;
0x000289fc it ne |
| if (r1 != 0x11) {
0x000289fe movne r1, 1 | r1 = 1;
| goto label_4;
| }
| }
| label_4:
0x00028a00 mov r0, r6 | r0 = r6;
0x00028a02 bl 0x407a4 | r0 = fcn_000407a4 (r0, r1);
| if (r0 == 0) {
0x00028a06 cbnz r0, 0x28a22 |
| label_0:
0x00028a08 ldr r2, [pc, 0x174] |
0x00028a0a ldr r3, [pc, 0x16c] | r3 = *(0x28b7a);
0x00028a0c add r2, pc | r2 = 0x51590;
0x00028a0e ldr r3, [r2, r3] | r3 = *(0x51590);
0x00028a10 ldr r2, [r3] | r2 = *(0x51590);
0x00028a12 ldr r3, [sp, 0x1c] | r3 = var_1ch;
0x00028a14 eors r2, r3 | r2 ^= r3;
0x00028a16 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00028a1a bne.w 0x28b6a | goto label_5;
| }
0x00028a1e add sp, 0x20 |
0x00028a20 pop {r4, r5, r6, pc} |
| }
0x00028a22 ldr r3, [r4, 0x14] | r3 = *((r4 + 0x14));
0x00028a24 movs r5, 0 | r5 = 0;
0x00028a26 ldrb.w r2, [r4, 0x2c] | r2 = *((r4 + 0x2c));
0x00028a2a ldr r1, [r4, 8] | r1 = *((r4 + 8));
0x00028a2c strd r3, r5, [sp, 0x14] | __asm ("strd r3, r5, [var_14h]");
0x00028a30 ldrb.w r3, [r4, 0x34] | r3 = *((r4 + 0x34));
0x00028a32 adds r0, 0x34 | r0 += 0x34;
0x00028a34 ldr r0, [r4, 0x38] | r0 = *((r4 + 0x38));
0x00028a36 strd r5, r1, [sp, 0xc] | __asm ("strd r5, r1, [var_ch]");
0x00028a3a strb.w r3, [sp, 0x18] | var_18h = r3;
0x00028a3e strb.w r2, [sp, 0xc] | var_ch = r2;
0x00028a42 bl 0xf0a8 | fcn_0000f0a8 (r0);
0x00028a46 ldr r1, [r4, 0x50] | r1 = *((r4 + 0x50));
0x00028a48 mov r3, r6 | r3 = r6;
0x00028a4a str r5, [r4, 0x38] | *((r4 + 0x38)) = r5;
0x00028a4c add r2, sp, 0xc | r2 += var_ch;
0x00028a4e mov r0, r4 | r0 = r4;
0x00028a50 ldr r5, [r1, 0x14] | r5 = *((r1 + 0x14));
0x00028a52 ldr r1, [r4, 0x60] | r1 = *((r4 + 0x60));
0x00028a54 blx r5 | uint32_t (*r5)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00028a56 ldrb.w r3, [sp, 0xc] | r3 = var_ch;
0x00028a5a str r0, [r4, 0x38] | *((r4 + 0x38)) = r0;
| if (r3 != 0) {
0x00028a5c cbnz r3, 0x28a74 | goto label_6;
| }
0x00028a5e ldr r2, [pc, 0x124] |
0x00028a60 add r2, pc | r2 = 0x515ea;
| do {
0x00028a62 ldr r3, [sp, 0x10] | r3 = var_10h;
0x00028a64 cmp r3, 4 |
| if (r3 > 4) {
0x00028a66 bhi.w 0x28b6e | goto label_7;
| }
| /* switch table (5 cases) at 0x28a6e */
0x00028a6a tbb [pc, r3] | __asm ("tbb [0x00028a70]");
| label_6:
0x00028a74 ldr r2, [pc, 0x110] |
0x00028a76 add r2, pc | r2 = 0x51602;
0x00028a78 b 0x28a62 |
| } while (1);
0x00028a7a ldr r3, [pc, 0x110] |
0x00028a7c add r3, pc | r3 = 0x5160e;
| label_1:
0x00028a7e ldr r1, [sp, 0x14] | r1 = var_14h;
0x00028a80 cmp r1, 1 |
| if (r1 == 1) {
0x00028a82 beq 0x28b40 | goto label_8;
| }
0x00028a84 cmp r1, 2 |
| if (r1 == 2) {
0x00028a86 beq 0x28b3a | goto label_9;
| }
0x00028a88 cmp r1, 0 |
| if (r1 == 0) {
0x00028a8a beq 0x28b34 | goto label_10;
| }
0x00028a8c ldr r5, [pc, 0x100] |
0x00028a8e add r5, pc | r5 = 0x51622;
| label_2:
0x00028a90 ldr r1, [pc, 0x100] |
0x00028a92 str r0, [sp, 4] | var_4h = r0;
0x00028a94 movs r0, 2 | r0 = 2;
0x00028a96 str r5, [sp] | *(sp) = r5;
0x00028a98 add r1, pc | r1 = 0x51630;
0x00028a9a bl 0xe4b4 | fcn_0000e4b4 (r0, r1);
0x00028a9e ldrb.w r5, [sp, 0xc] | r5 = var_ch;
0x00028aa2 strb.w r5, [r4, 0x2c] | *((r4 + 0x2c)) = r5;
0x00028aa6 cmp r5, 0 |
| if (r5 != 0) {
0x00028aa8 bne 0x28a08 | goto label_0;
| }
0x00028aaa ldrd r1, r2, [sp, 0x10] | __asm ("ldrd r1, r2, [var_14h]");
0x00028aae ldr r3, [r4, 0x50] | r3 = *((r4 + 0x50));
0x00028ab0 str r2, [r4, 0x14] | *((r4 + 0x14)) = r2;
0x00028ab2 ldr r2, [r3, 0x18] | r2 = *((r3 + 0x18));
0x00028ab4 str r1, [r4, 8] | *((r4 + 8)) = r1;
0x00028ab6 ldrb.w r1, [sp, 0x18] | r1 = var_18h;
0x00028aba strb.w r1, [r4, 0x34] | *((r4 + 0x34)) = r1;
0x00028abe cmp r2, 0 |
| if (r2 == 0) {
0x00028ac0 beq 0x28a08 | goto label_0;
| }
0x00028ac2 ldr r3, [r3, 0x1c] | r3 = *((r3 + 0x1c));
0x00028ac4 cmp r3, 0 |
| if (r3 == 0) {
0x00028ac6 beq 0x28a08 | goto label_0;
| }
0x00028ac8 ldr r1, [r4, 0x60] | r1 = *((r4 + 0x60));
0x00028aca mov r0, r4 | r0 = r4;
0x00028acc blx r2 | r0 = uint32_t (*r2)(uint32_t, uint32_t) (r0, r1);
0x00028ace cmp r0, 0 |
| if (r0 == 0) {
0x00028ad0 beq 0x28a08 | goto label_0;
| }
0x00028ad2 ldr r0, [r4, 0x40] | r0 = *((r4 + 0x40));
| if (r0 != 0) {
0x00028ad4 cbz r0, 0x28ade |
0x00028ad6 ldr r1, [r4, 0x44] | r1 = *((r4 + 0x44));
0x00028ad8 bl 0xe22c | fcn_0000e22c (r0);
0x00028adc str r5, [r4, 0x40] | *((r4 + 0x40)) = r5;
| }
0x00028ade ldr r3, [r4, 0x50] | r3 = *((r4 + 0x50));
0x00028ae0 add.w r2, r4, 0x44 | r2 = r4 + 0x44;
0x00028ae4 ldr r1, [r4, 0x60] | r1 = *((r4 + 0x60));
0x00028ae6 mov r0, r4 | r0 = r4;
0x00028ae8 ldr r3, [r3, 0x1c] | r3 = *((r3 + 0x1c));
0x00028aea blx r3 | uint32_t (*r3)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00028aec str r0, [r4, 0x40] | *((r4 + 0x40)) = r0;
0x00028aee ldr r0, [r4, 0x48] | r0 = *((r4 + 0x48));
0x00028af0 blx 0x62c8 | fcn_000062c8 ();
0x00028af4 ldr r3, [r4, 0x50] | r3 = *((r4 + 0x50));
0x00028af6 movs r2, 0 | r2 = 0;
0x00028af8 str r2, [r4, 0x48] | *((r4 + 0x48)) = r2;
0x00028afa ldr r3, [r3, 0x48] | r3 = *((r3 + 0x48));
0x00028afc cmp r3, 0 |
| if (r3 == 0) {
0x00028afe beq 0x28a08 | goto label_0;
| }
0x00028b00 ldr r1, [r4, 0x60] | r1 = *((r4 + 0x60));
0x00028b02 add.w r2, r4, 0x4c | r2 = r4 + 0x4c;
0x00028b04 lsls r4, r1, 9 | r4 = r1 << 9;
0x00028b06 mov r0, r4 | r0 = r4;
0x00028b08 blx r3 | uint32_t (*r3)(uint32_t, uint32_t, uint32_t) (r0, r1, r2);
0x00028b0a ldr r1, [pc, 0x8c] |
0x00028b0c mov r2, r0 | r2 = r0;
0x00028b0e str r0, [r4, 0x48] | *((r4 + 0x48)) = r0;
0x00028b10 movs r0, 2 | r0 = 2;
0x00028b12 ldr r3, [r4, 0x4c] | r3 = *((r4 + 0x4c));
0x00028b14 add r1, pc | r1 = 0x516b2;
0x00028b16 bl 0xe848 | fcn_0000e848 (r0, r1, r2, r3);
0x00028b1a b 0x28a08 | goto label_0;
0x00028b1c ldr r3, [pc, 0x7c] |
0x00028b1e add r3, pc | r3 = 0x516be;
0x00028b20 b 0x28a7e | goto label_1;
0x00028b22 ldr r3, [pc, 0x7c] |
0x00028b24 add r3, pc | r3 = 0x516ca;
0x00028b26 b 0x28a7e | goto label_1;
0x00028b28 ldr r3, [pc, 0x78] |
0x00028b2a add r3, pc | r3 = 0x516d2;
0x00028b2c b 0x28a7e | goto label_1;
0x00028b2e ldr r3, [pc, 0x78] |
0x00028b30 add r3, pc | r3 = 0x516de;
0x00028b32 b 0x28a7e | goto label_1;
| label_10:
0x00028b34 ldr r5, [pc, 0x74] |
0x00028b36 add r5, pc | r5 = 0x516e6;
0x00028b38 b 0x28a90 | goto label_2;
| label_9:
0x00028b3a ldr r5, [pc, 0x74] |
0x00028b3c add r5, pc | r5 = 0x516f2;
0x00028b3e b 0x28a90 | goto label_2;
| label_8:
0x00028b40 ldr r5, [pc, 0x70] |
0x00028b42 add r5, pc | r5 = 0x516fa;
0x00028b44 b 0x28a90 | goto label_2;
| label_3:
0x00028b46 ldr r2, [pc, 0x70] |
0x00028b48 ldr r3, [pc, 0x2c] | r3 = *(0x28b78);
0x00028b4a add r2, pc | r2 = 0x51708;
0x00028b4c ldr r3, [r2, r3] | r3 = *(0x51708);
0x00028b4e ldr r2, [r3] | r2 = *(0x51708);
0x00028b50 ldr r3, [sp, 0x1c] | r3 = var_1ch;
0x00028b52 eors r2, r3 | r2 ^= r3;
0x00028b54 mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x00028b58 bne 0x28b6a |
0x00028b5a ldr r1, [pc, 0x60] |
0x00028b5c movs r0, 4 | r0 = 4;
0x00028b5e add r1, pc | r1 = 0x51720;
0x00028b60 add sp, 0x20 |
0x00028b62 pop.w {r4, r5, r6, lr} |
0x00028b66 b.w 0xe4b4 | void (*0xe4b4)() ();
| }
| label_5:
0x00028b6a blx 0x6b24 | fcn_00006b24 ();
| label_7:
0x00028b6e ldr r3, [pc, 0x50] |
0x00028b70 add r3, pc | r3 = 0x51736;
0x00028b72 b 0x28a7e | goto label_1;
| }
[*] Function strcpy used 1 times wpa_supplicant
