[*] Binary protection state of dcore
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of dcore
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/dcore @ 0x1d60 */
| #include <stdint.h>
|
; (fcn) fcn.00001d60 () | void fcn_00001d60 (int16_t arg_40h, int16_t arg_44h, int16_t arg1) {
| int16_t var_0h;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_14h;
| r0 = arg1;
0x00001d60 push {r2, r3, r5, r8, fp, lr} |
0x00001d64 ldr r7, [pc, 0x3c0] | r7 = *(0x2128);
0x00001d66 sub sp, 0x1c |
0x00001d68 ldr.w r8, [pc, 0xac] | r8 = *(0x00001e18);
0x00001d6c add r1, pc | r1 += pc;
0x00001d6e str r1, [sp, 0x10] | var_10h = r1;
0x00001d70 movs r1, 0 | r1 = 0;
0x00001d72 str r1, [sp] | *(sp) = r1;
0x00001d74 add r8, pc | r8 += pc;
0x00001d76 ldr.w sb, [sp, 0x44] | sb = *(arg_44h);
0x00001d7a ldr.w sl, [sp, 0x40] | sl = *(arg_40h);
0x00001d7e str r0, [sp, 0xc] | var_ch = r0;
0x00001d80 str r1, [sp, 0x14] | var_14h = r1;
0x00001d82 blx 0xe70 | usleep (r0);
0x00001d86 b 0x1d92 |
| while (r3 == r0) {
| label_0:
0x00001d88 cmp r7, 0 |
0x00001d8a it ne |
| if (r7 != 0) {
0x00001d8c cmpne sl, 0 | __asm ("cmpne sl, 0");
| }
| if (r7 == 0) {
0x00001d90 beq 0x1df2 | goto label_5;
| }
| label_2:
0x00001d92 mov.w r3, 0x4000 | r3 = 0x4000;
0x00001d96 mov r2, sl | r2 = sl;
0x00001d98 cmp sl, r3 |
0x00001d9a ldrd r0, r1, [sp, 0xc] | __asm ("ldrd r0, r1, [var_10h]");
0x00001d9e it hs |
| if (sl < r3) {
0x00001da0 movhs r2, r3 | r2 = r3;
| }
0x00001da2 blx 0xdb0 | r0 = read_chk ();
0x00001da6 adds r3, r0, 1 | r3 = r0 + 1;
0x00001da8 mov r7, r0 | r7 = r0;
0x00001daa beq 0x1d88 |
| }
0x00001dac cmp r0, 0 |
| if (r0 <= 0) {
0x00001dae ble 0x1d88 | goto label_0;
| }
0x00001db0 movs r6, 0 | r6 = 0;
| label_1:
0x00001db2 subs r5, r7, r6 | r5 = r7 - r6;
0x00001db4 mov.w fp, 0 |
0x00001db8 mov r4, r6 | r4 = r6;
| do {
0x00001dba sub.w r2, r5, fp | r2 = r5 - fp;
0x00001dbe add.w r1, r8, r4 | r1 = r8 + r4;
0x00001dc2 mov r0, sb | r0 = sb;
0x00001dc4 blx 0xf9c | r0 = fprintf_chk ()
0x00001dc8 cmp r0, 0 |
0x00001dca itt ge |
| if (r0 < 0) {
0x00001dcc addge fp, r0 |
| }
| if (r0 < 0) {
0x00001dce addge r4, r6, fp | r4 = r6 + fp;
| }
| if (r0 < 0) {
0x00001dd2 blt 0x1dfa | goto label_6;
| }
| label_3:
0x00001dd4 cmp r5, fp |
0x00001dd6 bhi 0x1dba |
| } while (r5 > fp);
| label_4:
0x00001dd8 cmp r4, r7 |
0x00001dda mov r6, r4 | r6 = r4;
| if (r4 < r7) {
0x00001ddc blt 0x1db2 | goto label_1;
| }
0x00001dde ldr r3, [sp, 0x14] | r3 = var_14h;
0x00001de0 sub.w sl, sl, r4 | sl -= r4;
0x00001de4 cmp r7, 0 |
0x00001de6 it ne |
| if (r7 != 0) {
0x00001de8 cmpne sl, 0 | __asm ("cmpne sl, 0");
| }
0x00001dec add r3, r4 | r3 += r4;
0x00001dee str r3, [sp, 0x14] | var_14h = r3;
| if (r7 != 0) {
0x00001df0 bne 0x1d92 | goto label_2;
| }
| label_5:
0x00001df2 ldr r0, [sp, 0x14] | r0 = var_14h;
0x00001df4 add sp, 0x1c |
0x00001df6 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_6:
0x00001dfa blx 0xf60 | r0 = isoc99_sscanf ();
0x00001dfe ldr r3, [r0] | r3 = *(r0);
0x00001e00 cmp r3, 4 |
| if (r3 == 4) {
0x00001e02 beq 0x1dd4 | goto label_3;
| }
0x00001e04 cmp r3, 0xb |
| if (r3 == 0xb) {
0x00001e06 beq 0x1dd8 | goto label_4;
| }
0x00001e08 ldr r3, [sp, 0x14] | r3 = var_14h;
0x00001e0a sub.w sl, sl, r6 | sl -= r6;
0x00001e0e add r3, r6 | r3 += r6;
0x00001e10 str r3, [sp, 0x14] | var_14h = r3;
0x00001e12 b 0x1d88 | goto label_0;
| }
[*] Function fprintf used 2 times dcore
