[*] Binary protection state of feature-flag-service
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function system tear down of feature-flag-service
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/feature-flag-service @ 0x2a20 */
| #include <stdint.h>
|
; (fcn) fcn.00002a20 () | void fcn_00002a20 (int16_t arg_140h, int16_t arg_238h, int16_t arg1, int16_t arg2) {
| int16_t var_0h;
| int16_t var_4h;
| r0 = arg1;
| r1 = arg2;
| /* [13] -r-x section size 30132 named .text */
0x00002a20 ldr r2, [pc, 0x78] |
0x00002a22 ldr r3, [pc, 0x7c] | r3 = *(0x2aa2);
0x00002a24 push {r4, r5, r6, r7, lr} |
0x00002a26 add.w r6, r0, 8 | r6 = r0 + 8;
0x00002a2a add r2, pc | r2 = 0x54ca;
0x00002a2c sub sp, 0xc |
0x00002a2e ldr r3, [r2, r3] |
0x00002a30 ldr r3, [r3] | r3 = *(0x54ca);
0x00002a32 str r3, [sp, 4] | var_4h = r3;
0x00002a34 mov.w r3, 0 | r3 = 0;
0x00002a38 str r6, [r0] | *(r0) = r6;
| if (r1 == 0) {
0x00002a3a cbz r1, 0x2a94 | goto label_0;
| }
0x00002a3c mov r4, r0 | r4 = r0;
0x00002a3e mov r0, r1 | r0 = r1;
0x00002a40 mov r5, r1 | r5 = r1;
0x00002a42 blx 0x28f0 | r0 = fcn_000028f0 ();
0x00002a46 cmp r0, 0xf |
0x00002a48 add.w r7, r5, r0 | r7 = r5 + r0;
0x00002a4c str r0, [sp] | *(sp) = r0;
0x00002a4e bhi 0x2a7c |
| while (1) {
0x00002a50 mov r2, r7 | r2 = r7;
0x00002a52 mov r1, r5 | r1 = r5;
0x00002a54 mov r0, r6 | r0 = r6;
0x00002a56 blx 0x2784 | sym ();
0x00002a5a ldr r3, [sp] | r3 = *(sp);
0x00002a5c movs r1, 0 | r1 = 0;
0x00002a5e ldr r2, [r4] | r2 = *(r4);
0x00002a60 str r3, [r4, 4] | *((r4 + 4)) = r3;
0x00002a62 strb r1, [r2, r3] | *((r2 + r3)) = r1;
0x00002a64 ldr r2, [pc, 0x3c] |
0x00002a66 ldr r3, [pc, 0x38] | r3 = *(0x2aa2);
0x00002a68 add r2, pc | r2 = 0x5510;
0x00002a6a ldr r3, [r2, r3] | r3 = *(0x5510);
0x00002a6c ldr r2, [r3] | r2 = *(0x5510);
0x00002a6e ldr r3, [sp, 4] | r3 = var_4h;
0x00002a70 eors r2, r3 | r2 ^= r3;
0x00002a72 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00002a76 bne 0x2a90 | goto label_1;
| }
0x00002a78 add sp, 0xc |
0x00002a7a pop {r4, r5, r6, r7, pc} |
0x00002a7c movs r2, 0 | r2 = 0;
0x00002a7e mov r1, sp | r1 = sp;
0x00002a80 mov r0, r4 | r0 = r4;
0x00002a82 blx 0x2950 | fcn_00002950 ();
0x00002a86 ldr r3, [sp] | r3 = *(sp);
0x00002a88 mov r6, r0 | r6 = r0;
0x00002a8a str r0, [r4] | *(r4) = r0;
0x00002a8c str r3, [r4, 8] | *((r4 + 8)) = r3;
0x00002a8e b 0x2a50 |
| }
| label_1:
0x00002a90 blx 0x279c | sd_bus_message_new_signal ();
| label_0:
0x00002a94 ldr r0, [pc, 0x10] |
0x00002a96 add r0, pc | r0 = 0x5542;
0x00002a98 blx 0x2688 | cxa_free_exception ();
0x00002a9c str r3, [sp, 0x238] | *(arg_238h) = r3;
0x00002a9e movs r1, r0 | r1 = r0;
0x00002aa0 lsls r4, r1, 7 | r4 = r1 << 7;
0x00002aa2 movs r0, r0 |
0x00002aa4 str r3, [sp, 0x140] | *(arg_140h) = r3;
0x00002aa6 movs r1, r0 | r1 = r0;
0x00002aa8 strb r6, [r2, 0x17] | *((r2 + 0x17)) = r6;
0x00002aaa movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/feature-flag-service @ 0x4344 */
| #include <stdint.h>
|
; (fcn) fcn.00004344 () | void fcn_00004344 (int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| if (? >= ?) {
0x00004344 ldrlt r4, [r0], -0xb14 | r4 = *(r0);
| r0 += -0xb14;
| }
0x00004348 ldrd r4, r2, [r1] | __asm ("ldrd r4, r2, [r1]");
0x0000434c add r3, pc | r3 += pc;
0x0000434e ldr r1, [pc, 0x4c] |
0x00004350 adds r3, 8 | r3 += 8;
0x00004352 str r3, [r0] | *(r0) = r3;
0x00004354 strd r4, r2, [r0, 4] | __asm ("strd r4, r2, [r0, 4]");
0x00004358 add r1, pc | r1 = 0x86fa;
| if (r2 != 0) {
0x0000435a cbz r2, 0x436a |
0x0000435c ldr r3, [pc, 0x40] | r3 = *(0x43a0);
0x0000435e ldr r3, [r1, r3] | r3 = *((r1 + r3));
0x00004360 ldrb r3, [r3] | r3 = *(r3);
| if (r3 == 0) {
0x00004362 cbz r3, 0x437c | goto label_1;
| }
0x00004364 ldr r3, [r2, 4] | r3 = *((r2 + 4));
0x00004366 adds r3, 1 | r3++;
0x00004368 str r3, [r2, 4] | *((r2 + 4)) = r3;
| }
| label_0:
0x0000436a ldr r3, [pc, 0x38] |
0x0000436c movs r2, 0 | r2 = 0;
0x0000436e ldr r4, [sp], 4 | r4 = *(sp);
| sp += 4;
0x00004372 strd r2, r2, [r0, 0x10] | __asm ("strd r2, r2, [r0, 0x10]");
0x00004376 add r3, pc | r3 = 0x8720;
0x00004378 str r3, [r0, 0xc] | *((r0 + 0xc)) = r3;
0x0000437a bx lr | return;
| label_1:
0x0000437c adds r2, 4 | r2 += 4;
0x0000437e dmb ish | __asm ("dmb ish");
| do {
0x00004382 ldrex r3, [r2] | __asm ("ldrex r3, [r2]");
0x00004386 adds r3, 1 | r3++;
0x00004388 strex r1, r3, [r2] | __asm ("strex r1, r3, [r2]");
0x0000438c cmp r1, 0 |
0x0000438e bne 0x4382 |
| } while (r1 != 0);
0x00004390 dmb ish | __asm ("dmb ish");
0x00004394 b 0x436a | goto label_0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/feature-flag-service @ 0x7868 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00007868 () | void fcn_00007868 (int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h;
| int16_t var_4h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x00007868 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x0000786c mov r4, r2 | r4 = r2;
0x0000786e ldrd sl, r8, [r0] | __asm ("ldrd sl, r8, [r0]");
0x00007872 movw r2, 0x4ec5 |
0x00007876 movt r2, 0xc4ec | r2 = 0xc4ec4ec5;
0x0000787a sub sp, 0xc |
0x0000787c sub.w r3, r8, sl | r3 = r8 - sl;
0x00007880 asrs r3, r3, 2 | r3 >>= 2;
0x00007882 mul r3, r2, r3 | r3 = r2 * r3;
0x00007886 movw r2, 0x2762 |
0x0000788a movt r2, 0x276 | r2 = 0x2762762;
0x0000788e cmp r3, r2 |
| if (r3 == r2) {
0x00007890 beq.w 0x7adc | goto label_6;
| }
0x00007894 cmp r3, 1 |
0x00007896 mov r7, r1 | r7 = r1;
0x00007898 mov r1, r3 | r1 = r3;
0x0000789a it lo |
| if (r3 >= 1) {
0x0000789c movlo r1, 1 | r1 = 1;
| }
0x0000789e adds r3, r3, r1 | r3 += r1;
0x000078a0 mov sb, r0 | sb = r0;
0x000078a2 sub.w r6, r7, sl | r6 = r7 - sl;
0x000078a6 str r3, [sp, 4] | var_4h = r3;
| if (r3 >= r3) {
0x000078a8 bhs.w 0x7ab8 | goto label_7;
| }
0x000078ac cmp r3, 0 |
| if (r3 != 0) {
0x000078ae bne.w 0x7aca | goto label_8;
| }
0x000078b2 str r3, [sp] | *(sp) = r3;
| label_4:
0x000078b4 ldr r0, [sp] | r0 = *(sp);
0x000078b6 ldrd r1, r2, [r4] | __asm ("ldrd r1, r2, [r4]");
0x000078ba adds r5, r0, r6 | r5 = r0 + r6;
0x000078bc add.w r3, r5, 8 | r3 = r5 + 8;
0x000078c0 add r2, r1 | r2 += r1;
0x000078c2 str r3, [r0, r6] | *((r0 + r6)) = r3;
0x000078c4 mov r0, r5 | r0 = r5;
0x000078c6 bl 0x6b6c | fcn_00006b6c (r0, r1, r2);
0x000078ca ldrd r1, r2, [r4, 0x18] | __asm ("ldrd r1, r2, [r4, 0x18]");
0x000078ce add.w r3, r5, 0x20 | r3 = r5 + 0x20;
0x000078d2 add.w r0, r5, 0x18 | r0 = r5 + 0x18;
0x000078d6 str r3, [r5, 0x18] | *((r5 + 0x18)) = r3;
0x000078d8 add r2, r1 | r2 += r1;
0x000078da bl 0x6b6c | fcn_00006b6c (r0, r1, r2);
0x000078de ldrh r3, [r4, 0x30] | r3 = *((r4 + 0x30));
0x000078e0 cmp r7, sl |
0x000078e2 strh r3, [r5, 0x30] | *((r5 + 0x30)) = r3;
0x000078e4 it eq |
| if (r7 != sl) {
0x000078e6 ldreq r5, [sp] | r5 = *(sp);
| }
| if (r7 == sl) {
0x000078e8 beq 0x79c0 | goto label_9;
| }
0x000078ea ldr r3, [sp] | r3 = *(sp);
0x000078ec add.w fp, sl, 8 |
0x000078f0 add.w r4, sl, 0x20 | r4 = sl + 0x20;
0x000078f4 movs r2, 0 | r2 = 0;
0x000078f6 mov r5, fp | r5 = fp;
0x000078f8 add.w r6, r3, 0x34 | r6 = r3 + 0x34;
0x000078fc b 0x7970 |
| while (r3 != r5) {
0x000078fe str r3, [r6, -0x34] | *((r6 - 0x34)) = r3;
0x00007902 ldr r3, [r4, -0x18] | r3 = *((r4 - 0x18));
0x00007906 str r3, [r6, -0x2c] | *((r6 - 0x2c)) = r3;
| label_0:
0x0000790a ldr r3, [r4, -0x1c] | r3 = *((r4 - 0x1c));
0x0000790e sub.w r1, r6, 0x14 | r1 = r6 - 0x14;
0x00007912 strd r5, r2, [r4, -0x20] | __asm ("strd r5, r2, [r4, -0x20]");
0x00007916 str r3, [r6, -0x30] | *((r6 - 0x30)) = r3;
0x0000791a strb r2, [r4, -0x18] | *((r4 - 0x18)) = r2;
0x0000791e str r1, [r6, -0x1c] | *((r6 - 0x1c)) = r1;
0x00007922 ldr r3, [r4, -0x8] | r3 = *((r4 - 0x8));
0x00007926 cmp r3, r4 |
| if (r3 == r4) {
0x00007928 beq 0x79a0 | goto label_10;
| }
0x0000792a str r3, [r6, -0x1c] | *((r6 - 0x1c)) = r3;
0x0000792e ldr r3, [r4] | r3 = *(r4);
0x00007930 str r3, [r6, -0x14] | *((r6 - 0x14)) = r3;
| label_1:
0x00007934 ldr r3, [r4, -0x4] | r3 = *((r4 - 0x4));
0x00007938 ldr r0, [r4, -0x20] | r0 = *((r4 - 0x20));
0x0000793c str r3, [r6, -0x18] | *((r6 - 0x18)) = r3;
0x00007940 ldrb r3, [r4, 0x10] | r3 = *((r4 + 0x10));
0x00007942 cmp r0, r5 |
0x00007944 strb r3, [r6, -0x4] | *((r6 - 0x4)) = r3;
0x00007948 ldrb r3, [r4, 0x11] | r3 = *((r4 + 0x11));
0x0000794a strb r3, [r6, -0x3] | *((r6 - 0x3)) = r3;
| if (r0 != r5) {
0x0000794e beq 0x795c |
0x00007950 ldr r1, [r4, -0x18] | r1 = *((r4 - 0x18));
0x00007954 adds r1, 1 | r1++;
0x00007956 blx 0x267c | sym ();
0x0000795a movs r2, 0 | r2 = 0;
| }
0x0000795c add.w r3, r4, 0x34 | r3 = r4 + 0x34;
0x00007960 adds r4, 0x14 | r4 += 0x14;
0x00007962 cmp r7, r4 |
0x00007964 add.w r6, r6, 0x34 | r6 += 0x34;
0x00007968 add.w r5, r5, 0x34 | r5 += 0x34;
| if (r7 == r4) {
0x0000796c beq 0x79be | goto label_11;
| }
0x0000796e mov r4, r3 | r4 = r3;
0x00007970 sub.w r1, r6, 0x2c | r1 = r6 - 0x2c;
0x00007974 mov fp, r6 |
0x00007976 str r1, [r6, -0x34] | *((r6 - 0x34)) = r1;
0x0000797a ldr r3, [r4, -0x20] | r3 = *((r4 - 0x20));
0x0000797e cmp r3, r5 |
0x00007980 bne 0x78fe |
| }
0x00007982 ldr.w lr, [r5] |
0x00007986 ldr.w ip, [r5, 4] | ip = *((r5 + 4));
0x0000798a ldr r0, [r5, 8] | r0 = *((r5 + 8));
0x0000798c ldr r3, [r5, 0xc] | r3 = *((r5 + 0xc));
0x0000798e str lr, [r6, -0x2c] |
0x00007992 str ip, [r6, -0x28] | *((r6 - 0x28)) = ip;
0x00007996 str r0, [r6, -0x24] | *((r6 - 0x24)) = r0;
0x0000799a str r3, [r6, -0x20] | *((r6 - 0x20)) = r3;
0x0000799e b 0x790a | goto label_0;
| label_10:
0x000079a0 ldr.w lr, [r4] |
0x000079a4 ldr.w ip, [r4, 4] | ip = *((r4 + 4));
0x000079a8 ldr r0, [r4, 8] | r0 = *((r4 + 8));
0x000079aa ldr r3, [r4, 0xc] | r3 = *((r4 + 0xc));
0x000079ac str lr, [r6, -0x14] |
0x000079b0 str ip, [r6, -0x10] | *((r6 - 0x10)) = ip;
0x000079b4 str r0, [r6, -0xc] | *((r6 - 0xc)) = r0;
0x000079b8 str r3, [r6, -0x8] | *((r6 - 0x8)) = r3;
0x000079bc b 0x7934 | goto label_1;
| label_11:
0x000079be mov r5, fp | r5 = fp;
| label_9:
0x000079c0 cmp r7, r8 |
0x000079c2 add.w r4, r5, 0x34 | r4 = r5 + 0x34;
| if (r7 == r8) {
0x000079c6 beq 0x7a8c | goto label_12;
| }
0x000079c8 add.w r3, r5, 0x3c | r3 = r5 + 0x3c;
0x000079cc add.w r2, r7, 0x20 | r2 = r7 + 0x20;
0x000079d0 mov r1, r7 | r1 = r7;
0x000079d2 movs r5, 0 | r5 = 0;
0x000079d4 b 0x7a2e |
| while (r0 != r6) {
0x000079d6 str r6, [r3, -0x8] | *((r3 - 0x8)) = r6;
0x000079da ldr r6, [r2, -0x18] | r6 = *((r2 - 0x18));
0x000079de str r6, [r3] | *(r3) = r6;
| label_2:
0x000079e0 str r0, [r2, -0x20] | *((r2 - 0x20)) = r0;
0x000079e4 add.w r6, r3, 0x18 | r6 = r3 + 0x18;
0x000079e8 ldr r0, [r2, -0x1c] | r0 = *((r2 - 0x1c));
0x000079ec strb r5, [r2, -0x18] | *((r2 - 0x18)) = r5;
0x000079f0 str r6, [r3, 0x10] | *((r3 + 0x10)) = r6;
0x000079f2 str r0, [r3, -0x4] | *((r3 - 0x4)) = r0;
0x000079f6 ldr r0, [r2, -0x8] | r0 = *((r2 - 0x8));
0x000079fa str r5, [r2, -0x1c] | *((r2 - 0x1c)) = r5;
0x000079fe cmp r0, r2 |
| if (r0 == r2) {
0x00007a00 beq 0x7a5c | goto label_13;
| }
0x00007a02 str r0, [r3, 0x10] | *((r3 + 0x10)) = r0;
0x00007a04 ldr r0, [r2] | r0 = *(r2);
0x00007a06 str r0, [r3, 0x18] | *((r3 + 0x18)) = r0;
| label_3:
0x00007a08 ldr r0, [r2, -0x4] | r0 = *((r2 - 0x4));
0x00007a0c adds r1, 0x34 | r1 += 0x34;
0x00007a0e cmp r1, r8 |
0x00007a10 add.w r2, r2, 0x34 | r2 += 0x34;
0x00007a14 add.w r3, r3, 0x34 | r3 += 0x34;
0x00007a16 lsls r4, r6, 0xc | r4 = r6 << 0xc;
0x00007a18 str r0, [r3, -0x20] | *((r3 - 0x20)) = r0;
0x00007a1c ldrb r0, [r2, -0x24] | r0 = *((r2 - 0x24));
0x00007a20 strb r0, [r3, -0xc] | *((r3 - 0xc)) = r0;
0x00007a24 ldrb r0, [r2, -0x23] | r0 = *((r2 - 0x23));
0x00007a28 strb r0, [r3, -0xb] | *((r3 - 0xb)) = r0;
| if (r4 == r6) {
0x00007a2c beq 0x7a6e | goto label_14;
| }
0x00007a2e ldr r6, [r2, -0x20] | r6 = *((r2 - 0x20));
0x00007a32 add.w r0, r1, 8 | r0 = r1 + 8;
0x00007a36 str r3, [r3, -0x8] | *((r3 - 0x8)) = r3;
0x00007a3a cmp r0, r6 |
0x00007a3c bne 0x79d6 |
| }
0x00007a3e ldr.w fp, [r1, 8] | fp = *((r1 + 8));
0x00007a42 ldr.w lr, [r0, 4] |
0x00007a46 ldr.w ip, [r0, 8] | ip = *((r0 + 8));
0x00007a4a ldr r6, [r0, 0xc] | r6 = *((r0 + 0xc));
0x00007a4c str.w fp, [r3] | __asm ("str.w fp, [r3]");
0x00007a50 str.w lr, [r3, 4] | __asm ("str.w lr, [r3, 4]");
0x00007a54 str.w ip, [r3, 8] | __asm ("str.w ip, [r3, 8]");
0x00007a58 str r6, [r3, 0xc] | *((r3 + 0xc)) = r6;
0x00007a5a b 0x79e0 | goto label_2;
| label_13:
0x00007a5c ldr r0, [r2] | r0 = *(r2);
0x00007a5e str r0, [r3, 0x18] | *((r3 + 0x18)) = r0;
0x00007a60 ldr r0, [r2, 4] | r0 = *((r2 + 4));
0x00007a62 str r0, [r3, 0x1c] | *((r3 + 0x1c)) = r0;
0x00007a64 ldr r0, [r2, 8] | r0 = *((r2 + 8));
0x00007a66 str r0, [r3, 0x20] | *((r3 + 0x20)) = r0;
0x00007a68 ldr r0, [r2, 0xc] | r0 = *((r2 + 0xc));
0x00007a6a str r0, [r3, 0x24] | *((r3 + 0x24)) = r0;
0x00007a6c b 0x7a08 | goto label_3;
| label_14:
0x00007a6e subs r3, r1, r7 | r3 = r1 - r7;
0x00007a70 movw r2, 0x4ec5 |
0x00007a74 subs r3, 0x34 | r3 -= 0x34;
0x00007a76 movt r2, 0x4ec | r2 = 0x4ec4ec5;
0x00007a7a lsrs r3, r3, 2 | r3 >>= 2;
0x00007a7c mul r3, r2, r3 | r3 = r2 * r3;
0x00007a80 movs r2, 0x34 | r2 = 0x34;
0x00007a82 bic r3, r3, 0xc0000000 | r3 = BIT_MASK (r3, 0xc0000000);
0x00007a86 mla r2, r3, r2, r2 | __asm ("mla r2, r3, r2, r2");
0x00007a8a add r4, r2 | r4 += r2;
| label_12:
0x00007a8c cmp.w sl, 0 |
| if (sl != 0) {
0x00007a90 beq 0x7aa0 |
0x00007a92 ldr.w r1, [sb, 8] | r1 = *((sb + 8));
0x00007a96 mov r0, sl | r0 = sl;
0x00007a98 sub.w r1, r1, sl | r1 -= sl;
0x00007a9c blx 0x267c | sym ();
| }
0x00007aa0 ldr r2, [sp] | r2 = *(sp);
0x00007aa2 movs r3, 0x34 | r3 = 0x34;
0x00007aa4 ldr r1, [sp, 4] | r1 = var_4h;
0x00007aa6 str.w r2, [sb] | __asm ("str.w r2, [sb]");
0x00007aaa mla r3, r3, r1, r2 | __asm ("mla r3, r3, r1, r2");
0x00007aae strd r4, r3, [sb, 4] | __asm ("strd r4, r3, [sb, 4]");
0x00007ab2 add sp, 0xc |
0x00007ab4 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_7:
0x00007ab8 movw r0, 0xffe8 |
0x00007abc str r2, [sp, 4] | var_4h = r2;
0x00007abe movt r0, 0x7fff | r0 = 0x7fffffe8;
| do {
0x00007ac2 blx 0x24f0 | sym ();
0x00007ac6 str r0, [sp] | *(sp) = r0;
0x00007ac8 b 0x78b4 | goto label_4;
| label_8:
0x00007aca ldr r3, [sp, 4] | r3 = var_4h;
0x00007acc movs r0, 0x34 | r0 = 0x34;
0x00007ace cmp r3, r2 |
0x00007ad0 it hs |
| if (r3 < r2) {
0x00007ad2 movhs r3, r2 | r3 = r2;
| }
0x00007ad4 mul r0, r3, r0 | r0 = r3 * r0;
0x00007ad8 str r3, [sp, 4] | var_4h = r3;
0x00007ada b 0x7ac2 |
| } while (1);
| label_6:
0x00007adc ldr r0, [pc, 0x44] |
0x00007ade add r0, pc | r0 = 0xf606;
0x00007ae0 blx 0x260c | fcn_0000260c ();
| do {
0x00007ae4 blx 0x2594 | fcn_00002594 ();
0x00007ae8 ldr r3, [sp] | r3 = *(sp);
| if (r3 != 0) {
0x00007aea cbnz r3, 0x7b0a | goto label_15;
| }
0x00007aec add.w r0, r5, 0x18 | r0 = r5 + 0x18;
0x00007af0 blx 0x2800 | fcn_00002800 ();
0x00007af4 mov r0, r5 | r0 = r5;
0x00007af6 blx 0x2800 | fcn_00002800 ();
| label_5:
0x00007afa blx 0x28d8 | r0 = fcn_000028d8 ();
0x00007afe mov r4, r0 | r4 = r0;
0x00007b00 mov r0, r5 | r0 = r5;
0x00007b02 blx 0x2800 | fcn_00002800 ();
0x00007b06 mov r0, r4 | r0 = r4;
0x00007b08 b 0x7ae4 |
| } while (1);
| label_15:
0x00007b0a ldrd r0, r3, [sp] | __asm ("ldrd r0, r3, [sp]");
0x00007b0e movs r1, 0x34 | r1 = 0x34;
0x00007b10 mul r3, r1, r3 | r3 = r1 * r3;
0x00007b14 mov r1, r3 | r1 = r3;
0x00007b16 blx 0x267c | sym ();
0x00007b1a b 0x7afa | goto label_5;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/feature-flag-service @ 0x7b28 */
| #include <stdint.h>
|
; (fcn) fcn.00007b28 () | void fcn_00007b28 (int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h;
| int16_t var_4h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x00007b28 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00007b2c mov r7, r0 | r7 = r0;
0x00007b2e ldr r5, [r0] | r5 = *(r0);
0x00007b30 sub sp, 0xc |
0x00007b32 mov r4, r1 | r4 = r1;
0x00007b34 mov r8, r2 | r8 = r2;
0x00007b36 cmp r5, 0 |
| if (r5 == 0) {
0x00007b38 beq.w 0x7cba | goto label_5;
| }
0x00007b3c movs r3, 0 | r3 = 0;
0x00007b3e str r3, [sp, 4] | var_4h = r3;
| label_4:
0x00007b40 ldr r4, [r4, 8] | r4 = *((r4 + 8));
0x00007b42 cmp r4, 0 |
| if (r4 == 0) {
0x00007b44 beq 0x7bd6 | goto label_0;
| }
0x00007b46 ldr.w r6, [r8] | r6 = *(r8);
0x00007b4a cmp r6, 0 |
| if (r6 == 0) {
0x00007b4c beq 0x7bdc | goto label_6;
| }
0x00007b4e ldr r0, [r6, 0x34] | r0 = *((r6 + 0x34));
0x00007b50 add.w sb, r6, 0x3c | sb = r6 + 0x3c;
0x00007b54 ldr r3, [r6] | r3 = *(r6);
0x00007b56 mov r5, r6 | r5 = r6;
0x00007b58 cmp r0, sb |
0x00007b5a str.w r3, [r8] | __asm ("str.w r3, [r8]");
0x00007b5e mov.w r3, 0 | r3 = 0;
0x00007b62 str r3, [r5], 4 | *(r5) = r3;
| r5 += 4;
| if (r0 != sb) {
0x00007b66 beq 0x7b70 |
0x00007b68 ldr r1, [r6, 0x3c] | r1 = *((r6 + 0x3c));
0x00007b6a adds r1, 1 | r1++;
0x00007b6c blx 0x267c | sym ();
| }
0x00007b70 ldr r0, [r6, 0x1c] | r0 = *((r6 + 0x1c));
0x00007b72 add.w sl, r6, 0x24 | sl = r6 + 0x24;
0x00007b76 cmp r0, sl |
| if (r0 != sl) {
0x00007b78 beq 0x7b82 |
0x00007b7a ldr r1, [r6, 0x24] | r1 = *((r6 + 0x24));
0x00007b7c adds r1, 1 | r1++;
0x00007b7e blx 0x267c | sym ();
| }
0x00007b82 ldr r0, [r6, 4] | r0 = *((r6 + 4));
0x00007b84 add.w fp, r6, 0xc |
0x00007b88 cmp r0, fp |
| if (r0 != fp) {
0x00007b8a beq 0x7b94 |
0x00007b8c ldr r1, [r6, 0xc] | r1 = *((r6 + 0xc));
0x00007b8e adds r1, 1 | r1++;
0x00007b90 blx 0x267c | sym ();
| }
0x00007b94 str.w fp, [r6, 4] | __asm ("str.w fp, [r6, 4]");
0x00007b98 mov r0, r5 | r0 = r5;
0x00007b9a ldrd r1, r2, [r4, 4] | __asm ("ldrd r1, r2, [r4, 4]");
0x00007b9e add r2, r1 | r2 += r1;
0x00007ba0 bl 0x6b6c | fcn_00006b6c (r0, r1, r2);
0x00007ba4 str.w sl, [r6, 0x1c] | __asm ("str.w sl, [r6, 0x1c]");
0x00007ba8 add.w sl, r6, 0x1c | sl = r6 + 0x1c;
0x00007bac ldrd r1, r2, [r4, 0x1c] | __asm ("ldrd r1, r2, [r4, 0x1c]");
0x00007bb0 mov r0, sl | r0 = sl;
0x00007bb2 add r2, r1 | r2 += r1;
0x00007bb4 bl 0x6b6c | fcn_00006b6c (r0, r1, r2);
0x00007bb8 mov r0, r6 | r0 = r6;
0x00007bba str sb, [r0, 0x34]! | *((r0 += 0x34)) = sb;
0x00007bbe ldrd r1, r2, [r4, 0x34] | __asm ("ldrd r1, r2, [r4, 0x34]");
0x00007bc2 add r2, r1 | r2 += r1;
0x00007bc4 bl 0x6b6c | fcn_00006b6c (r0, r1, r2);
0x00007bc8 ldrh.w r3, [r4, 0x4c] | r3 = *((r4 + 0x4c));
0x00007bcc ldr r0, [r4, 0x50] | r0 = *((r4 + 0x50));
0x00007bce strh.w r3, [r6, 0x4c] | *((r6 + 0x4c)) = r3;
0x00007bd2 str r0, [r6, 0x50] | *((r6 + 0x50)) = r0;
0x00007bd4 b 0x7be8 |
| while (1) {
| label_0:
0x00007bd6 add sp, 0xc |
0x00007bd8 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_6:
0x00007bdc adds r0, r4, 4 | r0 = r4 + 4;
0x00007bde bl 0x6c04 | r0 = fcn_00006c04 (r0);
0x00007be2 mov r6, r0 | r6 = r0;
0x00007be4 ldr r0, [r4, 0x50] | r0 = *((r4 + 0x50));
0x00007be6 str r0, [r6, 0x50] | *((r6 + 0x50)) = r0;
0x00007be8 ldr r1, [r7, 4] | r1 = *((r7 + 4));
0x00007bea str r6, [r7, 8] | *((r7 + 8)) = r6;
0x00007bec blx 0x25a0 | fcn_000025a0 ();
0x00007bf0 mov r3, r7 | r3 = r7;
0x00007bf2 ldr r2, [r3], 8 | r2 = *(r3);
| r3 += 8;
0x00007bf6 str.w r3, [r2, r1, lsl 2] | __asm ("str.w r3, [r2, r1, lsl 2]");
0x00007bfa ldr r5, [r4] | r5 = *(r4);
0x00007bfc cmp r5, 0 |
| if (r5 != 0) {
0x00007bfe bne 0x7ca2 | goto label_7;
| }
0x00007c00 b 0x7bd6 |
| }
| label_1:
0x00007c02 ldr r0, [r4, 0x34] | r0 = *((r4 + 0x34));
0x00007c04 add.w sl, r4, 0x3c | sl = r4 + 0x3c;
0x00007c08 ldr r3, [r4] | r3 = *(r4);
0x00007c0a mov sb, r4 | sb = r4;
0x00007c0c cmp r0, sl |
0x00007c0e str.w r3, [r8] | __asm ("str.w r3, [r8]");
0x00007c12 mov.w r3, 0 | r3 = 0;
0x00007c16 str r3, [sb], 4 | *(sb) = r3;
| sb += 4;
| if (r0 != sl) {
0x00007c1a beq 0x7c24 |
0x00007c1c ldr r1, [r4, 0x3c] | r1 = *((r4 + 0x3c));
0x00007c1e adds r1, 1 | r1++;
0x00007c20 blx 0x267c | sym ();
| }
0x00007c24 ldr r0, [r4, 0x1c] | r0 = *((r4 + 0x1c));
0x00007c26 add.w fp, r4, 0x24 |
0x00007c2a cmp r0, fp |
| if (r0 != fp) {
0x00007c2c beq 0x7c36 |
0x00007c2e ldr r1, [r4, 0x24] | r1 = *((r4 + 0x24));
0x00007c30 adds r1, 1 | r1++;
0x00007c32 blx 0x267c | sym ();
| }
0x00007c36 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x00007c38 add.w r3, r4, 0xc | r3 = r4 + 0xc;
0x00007c3c cmp r0, r3 |
| if (r0 != r3) {
0x00007c3e beq 0x7c4c |
0x00007c40 ldr r1, [r4, 0xc] | r1 = *((r4 + 0xc));
0x00007c42 str r3, [sp] | *(sp) = r3;
0x00007c44 adds r1, 1 | r1++;
0x00007c46 blx 0x267c | sym ();
0x00007c4a ldr r3, [sp] | r3 = *(sp);
| }
0x00007c4c str r3, [r4, 4] | *((r4 + 4)) = r3;
0x00007c4e mov r0, sb | r0 = sb;
0x00007c50 ldrd r1, r2, [r5, 4] | __asm ("ldrd r1, r2, [r5, 4]");
0x00007c54 add r2, r1 | r2 += r1;
0x00007c56 bl 0x6b6c | fcn_00006b6c (r0, r1, r2);
0x00007c5a str.w fp, [r4, 0x1c] | __asm ("str.w fp, [r4, 0x1c]");
0x00007c5e add.w fp, r4, 0x1c |
0x00007c62 ldrd r1, r2, [r5, 0x1c] | __asm ("ldrd r1, r2, [r5, 0x1c]");
0x00007c66 mov r0, fp | r0 = fp;
0x00007c68 add r2, r1 | r2 += r1;
0x00007c6a bl 0x6b6c | fcn_00006b6c (r0, r1, r2);
0x00007c6e mov r0, r4 | r0 = r4;
0x00007c70 str sl, [r0, 0x34]! | *((r0 += 0x34)) = sl;
0x00007c74 ldrd r1, r2, [r5, 0x34] | __asm ("ldrd r1, r2, [r5, 0x34]");
0x00007c78 add r2, r1 | r2 += r1;
0x00007c7a bl 0x6b6c | fcn_00006b6c (r0, r1, r2);
0x00007c7e ldrh.w r3, [r5, 0x4c] | r3 = *((r5 + 0x4c));
0x00007c82 strh.w r3, [r4, 0x4c] | *((r4 + 0x4c)) = r3;
| label_2:
0x00007c86 ldr r0, [r5, 0x50] | r0 = *((r5 + 0x50));
0x00007c88 ldr r1, [r7, 4] | r1 = *((r7 + 4));
0x00007c8a str r4, [r6] | *(r6) = r4;
0x00007c8c str r0, [r4, 0x50] | *((r4 + 0x50)) = r0;
0x00007c8e blx 0x25a0 | fcn_000025a0 ();
0x00007c92 ldr r3, [r7] | r3 = *(r7);
0x00007c94 ldr.w r2, [r3, r1, lsl 2] | offset_0 = r1 << 2;
| r2 = *((r3 + offset_0));
| if (r2 == 0) {
0x00007c98 cbz r2, 0x7cb4 | goto label_8;
| }
| label_3:
0x00007c9a ldr r5, [r5] | r5 = *(r5);
0x00007c9c cmp r5, 0 |
| if (r5 == 0) {
0x00007c9e beq 0x7bd6 | goto label_0;
| }
0x00007ca0 mov r6, r4 | r6 = r4;
| label_7:
0x00007ca2 ldr.w r4, [r8] | r4 = *(r8);
0x00007ca6 cmp r4, 0 |
| if (r4 != 0) {
0x00007ca8 bne 0x7c02 | goto label_1;
| }
0x00007caa adds r0, r5, 4 | r0 = r5 + 4;
0x00007cac bl 0x6c04 | r0 = fcn_00006c04 (r0);
0x00007cb0 mov r4, r0 | r4 = r0;
0x00007cb2 b 0x7c86 | goto label_2;
| label_8:
0x00007cb4 str.w r6, [r3, r1, lsl 2] | __asm ("str.w r6, [r3, r1, lsl 2]");
0x00007cb8 b 0x7c9a | goto label_3;
| label_5:
0x00007cba ldr r6, [r0, 4] | r6 = *((r0 + 4));
0x00007cbc cmp r6, 1 |
0x00007cbe ittt eq |
| if (r6 != 1) {
0x00007cc0 moveq r3, r0 | r3 = r0;
| }
| if (r6 != 1) {
0x00007cc2 streq r5, [r3, 0x18]! | *((r3 += 0x18)) = r5;
| }
| if (r6 == 1) {
0x00007cc6 str r3, [sp, 4] | var_4h = r3;
| }
| if (r6 != 1) {
0x00007cc8 beq 0x7ce2 |
0x00007cca cmp.w r6, 0x20000000 |
| if (r6 >= 0x20000000) {
0x00007cce bhs 0x7ce8 | goto label_9;
| }
0x00007cd0 lsls r6, r6, 2 | r6 <<= 2;
0x00007cd2 mov r0, r6 | r0 = r6;
0x00007cd4 blx 0x24f0 | sym ();
0x00007cd8 mov r2, r6 | r2 = r6;
0x00007cda mov r1, r5 | r1 = r5;
0x00007cdc str r0, [sp, 4] | var_4h = r0;
0x00007cde blx 0x2660 | fcn_00002660 ();
| }
0x00007ce2 ldr r3, [sp, 4] | r3 = var_4h;
0x00007ce4 str r3, [r7] | *(r7) = r3;
0x00007ce6 b 0x7b40 | goto label_4;
| label_9:
0x00007ce8 cmp.w r6, 0x40000000 |
| if (r6 > 0x40000000) {
0x00007cec blo 0x7cf2 |
0x00007cee blx 0x26f4 | sd_bus_release_name_async ();
| }
0x00007cf2 blx 0x2564 | fcn_00002564 ();
| do {
0x00007cf6 blx 0x2594 | fcn_00002594 ();
0x00007cfa movs r1, 0x54 | r1 = 0x54;
0x00007cfc mov r0, r4 | r0 = r4;
0x00007cfe blx 0x267c | sym ();
0x00007d00 ldc p7, c15, [lr], 0x3e8 | __asm ("ldc p7, c15, [lr], 0x3e8");
0x00007d04 stcl p6, c4, [sl, 0x14]! | __asm ("stcl p6, c4, [sl, 0x14]!");
0x00007d08 mov r0, sb | r0 = sb;
0x00007d0a blx 0x2800 | fcn_00002800 ();
0x00007d0e mov r0, r5 | r0 = r5;
0x00007d10 b 0x7cf6 |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/feature-flag-service @ 0x7f7c */
| #include <stdint.h>
|
; (fcn) fcn.00007f7c () | void fcn_00007f7c (int16_t arg1) {
| r0 = arg1;
0x00007f7c push {r3, r4, r5, lr} |
0x00007f7e mov r5, r0 | r5 = r0;
0x00007f80 ldr r4, [r0, 4] | r4 = *((r0 + 4));
| if (r4 != 0) {
0x00007f82 cbz r4, 0x7fc2 |
0x00007f84 ldr r0, [r4, 0x34] | r0 = *((r4 + 0x34));
0x00007f86 add.w r3, r4, 0x3c | r3 = r4 + 0x3c;
0x00007f8a cmp r0, r3 |
| if (r0 != r3) {
0x00007f8c beq 0x7f96 |
0x00007f8e ldr r1, [r4, 0x3c] | r1 = *((r4 + 0x3c));
0x00007f90 adds r1, 1 | r1++;
0x00007f92 blx 0x267c | sym ();
| }
0x00007f96 ldr r0, [r4, 0x1c] | r0 = *((r4 + 0x1c));
0x00007f98 add.w r3, r4, 0x24 | r3 = r4 + 0x24;
0x00007f9c cmp r0, r3 |
| if (r0 != r3) {
0x00007f9e beq 0x7fa8 |
0x00007fa0 ldr r1, [r4, 0x24] | r1 = *((r4 + 0x24));
0x00007fa2 adds r1, 1 | r1++;
0x00007fa4 blx 0x267c | sym ();
| }
0x00007fa8 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x00007faa add.w r3, r4, 0xc | r3 = r4 + 0xc;
0x00007fae cmp r0, r3 |
| if (r0 != r3) {
0x00007fb0 beq 0x7fba |
0x00007fb2 ldr r1, [r4, 0xc] | r1 = *((r4 + 0xc));
0x00007fb4 adds r1, 1 | r1++;
0x00007fb6 blx 0x267c | sym ();
| }
0x00007fba movs r1, 0x54 | r1 = 0x54;
0x00007fbc mov r0, r4 | r0 = r4;
0x00007fbe blx 0x267c | sym ();
| }
0x00007fc2 mov r0, r5 | r0 = r5;
0x00007fc4 pop {r3, r4, r5, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/feature-flag-service @ 0x97a8 */
| #include <stdint.h>
|
; (fcn) fcn.000097a8 () | void fcn_000097a8 (int16_t arg1, int16_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x000097a8 invalid |
0x000097ac lsls r0, r2, 0xc | r0 = r2 << 0xc;
0x000097ae ldr r5, [r1, 4] | r5 = *((r1 + 4));
0x000097b0 mov r4, r1 | r4 = r1;
0x000097b2 movs r7, 0 | r7 = 0;
0x000097b4 mov r6, r0 | r6 = r0;
0x000097b6 ldr r1, [r1, 0xc] | r1 = *((r1 + 0xc));
0x000097b8 strd r7, r5, [r0] | __asm ("strd r7, r5, [r0]");
0x000097bc cmp r5, 1 |
0x000097be str r7, [r0, 8] | *((r0 + 8)) = r7;
0x000097c0 str r1, [r0, 0xc] | *((r0 + 0xc)) = r1;
0x000097c2 ldm.w r3, {r0, r1} | r0 = *(r3);
| r1 = *((r3 + 4));
0x000097c6 add.w r3, r6, 0x10 | r3 = r6 + 0x10;
0x000097ca stm.w r3, {r0, r1} | *(r3) = r0;
| *((r3 + 4)) = r1;
0x000097ce str r7, [r6, 0x18] | *((r6 + 0x18)) = r7;
0x000097d0 it eq |
| if (r5 != 1) {
0x000097d2 addeq r7, r6, 0x18 | r7 = r6 + 0x18;
| }
| if (r5 != 1) {
0x000097d6 beq 0x97f0 |
0x000097d8 cmp.w r5, 0x20000000 |
| if (r5 >= 0x20000000) {
0x000097dc bhs 0x984a | goto label_1;
| }
0x000097de lsls r5, r5, 2 | r5 <<= 2;
0x000097e0 mov r0, r5 | r0 = r5;
0x000097e2 blx 0x24f0 | sym ();
0x000097e6 mov r1, r7 | r1 = r7;
0x000097e8 mov r2, r5 | r2 = r5;
0x000097ea mov r7, r0 | r7 = r0;
0x000097ec blx 0x2660 | fcn_00002660 ();
| }
0x000097f0 ldr r5, [r4, 8] | r5 = *((r4 + 8));
0x000097f2 str r7, [r6] | *(r6) = r7;
| if (r5 == 0) {
0x000097f4 cbz r5, 0x9846 | goto label_2;
| }
0x000097f6 adds r0, r5, 4 | r0 = r5 + 4;
0x000097f8 bl 0x851c | fcn_0000851c (r0);
0x000097fc ldr r3, [r5, 0x50] | r3 = *((r5 + 0x50));
0x000097fe mov r4, r0 | r4 = r0;
0x00009800 ldr r1, [r6, 4] | r1 = *((r6 + 4));
0x00009802 str r3, [r0, 0x50] | *((r0 + 0x50)) = r3;
0x00009804 mov r0, r3 | r0 = r3;
0x00009806 str r4, [r6, 8] | *((r6 + 8)) = r4;
0x00009808 blx 0x25a0 | fcn_000025a0 ();
0x0000980c mov r3, r6 | r3 = r6;
0x0000980e ldr r2, [r3], 8 | r2 = *(r3);
| r3 += 8;
0x00009812 str.w r3, [r2, r1, lsl 2] | __asm ("str.w r3, [r2, r1, lsl 2]");
| do {
0x00009816 ldr r5, [r5] | r5 = *(r5);
| if (r5 == 0) {
0x00009818 cbz r5, 0x9846 | goto label_2;
| }
| label_0:
0x0000981a adds r0, r5, 4 | r0 = r5 + 4;
0x0000981c mov r7, r4 | r7 = r4;
0x0000981e bl 0x851c | fcn_0000851c (r0);
0x00009822 ldr r3, [r5, 0x50] | r3 = *((r5 + 0x50));
0x00009824 mov r4, r0 | r4 = r0;
0x00009826 ldr r1, [r6, 4] | r1 = *((r6 + 4));
0x00009828 str r0, [r7] | *(r7) = r0;
0x0000982a mov r0, r3 | r0 = r3;
0x0000982c str r3, [r4, 0x50] | *((r4 + 0x50)) = r3;
0x0000982e blx 0x25a0 | fcn_000025a0 ();
0x00009832 ldr r3, [r6] | r3 = *(r6);
0x00009834 ldr.w r2, [r3, r1, lsl 2] | offset_0 = r1 << 2;
| r2 = *((r3 + offset_0));
0x00009838 cmp r2, 0 |
0x0000983a bne 0x9816 |
| } while (r2 != 0);
0x0000983c str.w r7, [r3, r1, lsl 2] | __asm ("str.w r7, [r3, r1, lsl 2]");
0x00009840 ldr r5, [r5] | r5 = *(r5);
0x00009842 cmp r5, 0 |
| if (r5 != 0) {
0x00009844 bne 0x981a | goto label_0;
| }
| label_2:
0x00009846 mov r0, r6 | r0 = r6;
0x00009848 pop {r3, r4, r5, r6, r7, pc} |
| label_1:
0x0000984a cmp.w r5, 0x40000000 |
| if (r5 > 0x40000000) {
0x0000984e blo 0x9854 |
0x00009850 blx 0x26f4 | sd_bus_release_name_async ();
| }
0x00009854 blx 0x2564 | fcn_00002564 ();
0x00009858 blx 0x2594 | fcn_00002594 ();
0x0000985c mov r0, r6 | r0 = r6;
0x0000985e bl 0x6630 | fcn_00006630 (r0, r1);
0x00009862 mov r0, r6 | r0 = r6;
0x00009864 bl 0x7850 | r0 = fcn_00007850 (r0);
0x00009868 blx 0x28d8 | fcn_000028d8 ();
0x0000986c blx 0x2914 | fcn_00002914 ();
0x00009870 blx 0x27b4 | g_key_file_set_boolean ();
| }
[*] Function system used 1 times feature-flag-service
