[*] Binary protection state of pzstd
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of pzstd
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/pzstd @ 0x2718 */
| #include <stdint.h>
|
; (fcn) fcn.00002718 () | void fcn_00002718 (int16_t arg_c8h, int16_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_0h;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_14h;
| int16_t var_18h;
| int16_t var_1ch;
| int16_t var_20h;
| int16_t var_24h;
| int16_t var_28h;
| int16_t var_2ch;
| int16_t var_30h;
| int16_t var_40h;
| int16_t var_9ch;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x00002718 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x0000271c sub sp, 0xa4 |
0x0000271e strd r2, r1, [sp, 0xc] | __asm ("strd r2, r1, [var_10h]");
0x00002722 mov fp, r0 |
0x00002724 ldr r2, [pc, 0x270] |
0x00002726 str r3, [sp, 0x14] | var_14h = r3;
0x00002728 ldr r3, [pc, 0x270] | r3 = *(0x299c);
0x0000272a add r2, pc | r2 = 0x50c6;
0x0000272c ldr r3, [r2, r3] |
0x0000272e ldr r3, [r3] | r3 = *(0x50c6);
0x00002730 str r3, [sp, 0x9c] | var_9ch = r3;
0x00002732 mov.w r3, 0 | r3 = 0;
0x00002736 blx 0x1f14 | sym ();
0x0000273a ldr r3, [pc, 0x264] |
0x0000273c mov r8, r0 | r8 = r0;
0x0000273e add r3, pc | r3 = 0x50e4;
0x00002740 str r3, [sp, 0x24] | var_24h = r3;
0x00002742 cmp r0, 0 |
| if (r0 == 0) {
0x00002744 beq.w 0x2936 | goto label_5;
| }
0x00002748 mov r0, fp | r0 = fp;
0x0000274a blx 0x2114 | r0 = fcn_00002114 ();
0x0000274e mov r7, r0 | r7 = r0;
0x00002750 blx 0x21ac | fcn_000021ac ();
0x00002754 movs r3, 0 | r3 = 0;
0x00002756 str r0, [sp, 0x1c] | var_1ch = r0;
0x00002758 str r3, [r0] | *(r0) = r3;
0x0000275a str r3, [sp, 0x18] | var_18h = r3;
0x0000275c ldr r3, [pc, 0x244] |
0x0000275e add r3, pc | r3 = 0x5106;
0x00002760 str r3, [sp, 0x20] | var_20h = r3;
0x00002762 ldr r3, [pc, 0x244] |
0x00002764 add r3, pc | r3 = 0x5112;
0x00002766 str r3, [sp, 0x28] | var_28h = r3;
| do {
| label_0:
0x00002768 mov r0, r8 | r0 = r8;
0x0000276a blx 0x1ee4 | r0 = fprintf_chk ()
0x0000276e cmp r0, 0 |
| if (r0 == 0) {
0x00002770 beq 0x2850 | goto label_6;
| }
0x00002772 ldrb r3, [r0, 0x13] | r3 = *((r0 + 0x13));
0x00002774 add.w r5, r0, 0x13 | r5 = r0 + 0x13;
0x00002778 cmp r3, 0x2e |
| if (r3 != 0x2e) {
0x0000277a bne 0x2788 | goto label_7;
| }
0x0000277c ldrb r3, [r5, 1] | r3 = *((r5 + 1));
0x0000277e cmp r3, 0x2e |
| if (r3 != 0x2e) {
0x00002780 bne 0x2788 | goto label_7;
| }
0x00002782 ldrb r3, [r5, 2] | r3 = *((r5 + 2));
0x00002784 cmp r3, 0 |
0x00002786 beq 0x2768 |
| } while (r3 == 0);
| label_7:
0x00002788 ldrb r3, [r0, 0x13] | r3 = *((r0 + 0x13));
0x0000278a cmp r3, 0x2e |
| if (r3 != 0x2e) {
0x0000278c bne 0x2794 | goto label_8;
| }
0x0000278e ldrb r3, [r5, 1] | r3 = *((r5 + 1));
0x00002790 cmp r3, 0 |
| if (r3 == 0) {
0x00002792 beq 0x2768 | goto label_0;
| }
| label_8:
0x00002794 mov r0, r5 | r0 = r5;
0x00002796 blx 0x2114 | r0 = fcn_00002114 ();
0x0000279a add.w sb, r7, r0 | sb = r7 + r0;
0x0000279e mov r6, r0 | r6 = r0;
0x000027a0 add.w sl, sb, 2 | sl = sb + 2;
0x000027a4 mov r0, sl | r0 = sl;
0x000027a6 blx 0x20fc | r0 = fcn_000020fc ();
0x000027aa mov r4, r0 | r4 = r0;
0x000027ac cmp r0, 0 |
| if (r0 == 0) {
0x000027ae beq.w 0x297e | goto label_9;
| }
0x000027b2 mov r2, r7 | r2 = r7;
0x000027b4 mov r1, fp | r1 = fp;
0x000027b6 blx 0x20ec | fcn_000020ec ();
0x000027ba mov.w r3, 0x2f | r3 = 0x2f;
0x000027be adds r0, r7, 1 | r0 = r7 + 1;
0x000027c0 mov r1, r5 | r1 = r5;
0x000027c2 strb r3, [r4, r7] | *((r4 + r7)) = r3;
0x000027c4 mov r2, r6 | r2 = r6;
0x000027c6 add r0, r4 | r0 += r4;
0x000027c8 blx 0x20ec | fcn_000020ec ();
0x000027cc add.w sb, sb, 1 | sb++;
0x000027d0 movs r3, 0 | r3 = 0;
0x000027d2 strb.w r3, [r4, sb] | *((r4 + sb)) = r3;
0x000027d6 add r5, sp, 0x30 | r5 += var_30h;
0x000027d8 ldr r3, [sp, 0xc8] | r3 = *(arg_c8h);
| if (r3 == 0) {
0x000027da cbnz r3, 0x27f4 |
0x000027dc mov r0, r4 | r0 = r4;
0x000027de mov r1, r5 | r1 = r5;
0x000027e0 blx 0x2094 | r0 = aeabi_uidiv ();
| if (r0 != 0) {
0x000027e4 cbnz r0, 0x27f4 | goto label_10;
| }
0x000027e6 ldr r3, [sp, 0x40] | r3 = var_40h;
0x000027e8 and r3, r3, 0xf000 | r3 &= 0xf000;
0x000027ec cmp.w r3, 0xa000 |
| if (r3 == 0xa000) {
0x000027f0 beq.w 0x290c | goto label_11;
| }
| }
| label_10:
0x000027f4 mov r1, r5 | r1 = r5;
0x000027f6 mov r0, r4 | r0 = r4;
0x000027f8 blx 0x2194 | r0 = fcn_00002194 ();
| if (r0 == 0) {
0x000027fc cbnz r0, 0x280a |
0x000027fe ldr r3, [sp, 0x40] | r3 = var_40h;
0x00002800 and r3, r3, 0xf000 | r3 &= 0xf000;
0x00002804 cmp.w r3, 0x4000 |
| if (r3 == 0x4000) {
0x00002808 beq 0x28aa | goto label_12;
| }
| }
0x0000280a lsrs r3, r0, 0x10 | r3 = r0 >> 0x10;
0x0000280c movs r4, r1 | r4 = r1;
0x0000280e movs r0, r0 |
0x00002810 movs r0, r0 |
0x00002812 movs r0, r0 |
0x00002814 movs r1, r0 | r1 = r0;
0x00002816 movs r0, r0 |
0x00002818 add r2, r6 | r2 += r6;
0x0000281a ldr r1, [r3] | r1 = *(r3);
0x0000281c movs r0, r0 |
0x0000281e movs r0, r0 |
| label_3:
0x00002820 strh r4, [r3, 2] | *((r3 + 2)) = r4;
0x00002822 movs r7, r2 | r7 = r2;
0x00002824 movs r4, r1 | r4 = r1;
0x00002826 lsrs r0, r0, 0x10 | r0 >>= 0x10;
0x00002828 movs r4, r1 | r4 = r1;
0x0000282a lsrs r0, r0, 0x10 | r0 >>= 0x10;
0x0000282c blx 0x20ec | fcn_000020ec ();
0x00002830 movs r7, r2 | r7 = r2;
0x00002832 movs r0, r0 |
0x00002834 adds r3, 1 | r3++;
0x00002836 add r3, sb | r3 += sb;
0x00002838 str r3, [r2] | *(r2) = r3;
| do {
| label_2:
0x0000283a mov r0, r4 | r0 = r4;
0x0000283c blx 0x1dfc | r0 = fcn_00001dfc ();
0x00002840 movs r0, r0 |
0x00002842 movs r0, r0 |
0x00002844 mov r0, r8 | r0 = r8;
0x00002846 str r3, [r2] | *(r2) = r3;
0x00002848 movs r0, r0 |
0x0000284a movs r0, r0 |
0x0000284c movs r0, r0 |
0x0000284e movs r0, r0 |
| label_6:
0x00002850 ldr r3, [sp, 0x1c] | r3 = var_1ch;
0x00002852 ldr r0, [r3] | r0 = *(r3);
| if (r0 != 0) {
0x00002854 cbz r0, 0x2888 |
0x00002856 ldr r3, [pc, 0x154] |
0x00002858 add r3, pc |
0x0000285a ldr r3, [r3] | r3 = *(0x520a);
0x0000285c cmp r3, 0 |
| if (r3 > 0) {
0x0000285e ble 0x287c |
0x00002860 ldr r2, [sp, 0x24] | r2 = var_24h;
0x00002862 ldr r3, [pc, 0x14c] | r3 = *(0x29b2);
0x00002864 ldr r3, [r2, r3] | r3 = *((r2 + r3));
0x00002866 ldr r4, [r3] | r4 = *(0x29b2);
0x00002868 blx 0x1ea8 | sym ();
0x0000286c ldr r2, [pc, 0x144] |
0x0000286e mov r3, fp | r3 = fp;
0x00002870 str r0, [sp] | *(sp) = r0;
0x00002872 movs r1, 1 | r1 = 1;
0x00002874 mov r0, r4 | r0 = r4;
0x00002876 add r2, pc | r2 = 0x522e;
0x00002878 movs r0, r0 |
0x0000287a movs r0, r0 |
| }
0x0000287c movs r0, r0 |
0x0000287e movs r0, r0 |
0x00002880 movs r0, r0 |
0x00002882 movs r0, r0 |
0x00002884 movs r0, r0 |
0x00002886 movs r0, r0 |
| }
0x00002888 movs r0, r0 |
0x0000288a movs r0, r0 |
0x0000288c invalid |
| label_1:
0x0000288e ldr r2, [pc, 0x128] |
0x00002890 ldr r3, [pc, 0x108] | r3 = *(0x299c);
0x00002892 add r2, pc | r2 = 0x5250;
0x00002894 ldr r3, [r2, r3] | r3 = *(0x5250);
0x00002896 ldr r2, [r3] | r2 = *(0x5250);
0x00002898 ldr r3, [sp, 0x9c] | r3 = var_9ch;
0x0000289a eors r2, r3 | r2 ^= r3;
0x0000289c mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x000028a0 bne 0x2988 | goto label_13;
| }
0x000028a2 ldr r0, [sp, 0x18] | r0 = var_18h;
0x000028a4 add sp, 0xa4 |
0x000028a6 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_12:
0x000028aa ldr r3, [sp, 0xc8] | r3 = *(arg_c8h);
0x000028ac mov r0, r4 | r0 = r4;
0x000028ae ldrd r2, r5, [sp, 0xc] | __asm ("ldrd r2, r5, [var_10h]");
0x000028b2 str r3, [sp] | *(sp) = r3;
0x000028b4 mov r1, r5 | r1 = r5;
0x000028b6 ldr r3, [sp, 0x14] | r3 = var_14h;
0x000028b8 bl 0x2718 | fcn_00002718 (r0, r1, r2, r3, r4);
0x000028bc ldr r3, [sp, 0x18] | r3 = var_18h;
0x000028be add r3, r0 | r3 += r0;
0x000028c0 str r3, [sp, 0x18] | var_18h = r3;
0x000028c2 ldr r3, [r5] | r3 = *(r5);
0x000028c4 cmp r3, 0 |
0x000028c6 bne 0x283a |
| } while (r3 != 0);
0x000028c8 mov r0, r4 | r0 = r4;
0x000028ca str r3, [sp, 0x18] | var_18h = r3;
0x000028cc blx 0x1dfc | fcn_00001dfc ();
0x000028d0 mov r0, r8 | r0 = r8;
0x000028d2 blx 0x1e68 | fcn_00001e68 ();
0x000028d6 b 0x288e | goto label_1;
0x000028d8 subs r1, r1, r6 | r1 -= r6;
0x000028da mov r0, r6 | r0 = r6;
0x000028dc add.w r5, r1, 0x2000 | r5 = r1 + 0x2000;
0x000028e0 mov r1, r5 | r1 = r5;
0x000028e2 blx 0x1f98 | r0 = sym ();
0x000028e6 mov r3, r0 | r3 = r0;
0x000028e8 cmp r0, 0 |
| if (r0 == 0) {
0x000028ea beq 0x298c | goto label_14;
| }
| label_4:
0x000028ec ldr r2, [sp, 0x10] | r2 = var_10h;
0x000028ee add r5, r3 | r5 += r3;
0x000028f0 str r3, [r2] | *(r2) = r3;
0x000028f2 ldr r3, [sp, 0x14] | r3 = var_14h;
0x000028f4 str r5, [r3] | *(r3) = r5;
0x000028f6 ldr r6, [r2] | r6 = *(r2);
0x000028f8 cmp r6, 0 |
| if (r6 == 0) {
0x000028fa beq 0x296e | goto label_15;
| }
0x000028fc ldr r3, [sp, 0xc] | r3 = var_ch;
0x000028fe ldr r0, [r3] | r0 = *(r3);
0x00002900 add.w r3, r0, sb | r3 = r0 + sb;
0x00002902 lsls r1, r1, 0xc | r1 <<= 0xc;
0x00002904 add r3, r6 | r3 += r6;
0x00002906 cmp r5, r3 |
| if (r5 < r3) {
0x00002908 bls 0x283a | goto label_2;
| }
0x0000290a b 0x2820 | goto label_3;
| label_11:
0x0000290c ldr r3, [sp, 0x20] | r3 = var_20h;
0x0000290e ldr r3, [r3] | r3 = *(r3);
0x00002910 cmp r3, 1 |
| if (r3 <= 1) {
0x00002912 bgt 0x291c |
0x00002914 mov r0, r4 | r0 = r4;
0x00002916 blx 0x1dfc | fcn_00001dfc ();
0x0000291a b 0x2768 | goto label_0;
| }
0x0000291c ldr r2, [sp, 0x24] | r2 = var_24h;
0x0000291e movs r1, 1 | r1 = 1;
0x00002920 ldr r3, [pc, 0x8c] | r3 = *(0x29b0);
0x00002922 ldr r3, [r2, r3] | r3 = *((r2 + r3));
0x00002924 ldr r2, [sp, 0x28] | r2 = var_28h;
0x00002926 ldr r0, [r3] | r0 = *(0x29b0);
0x00002928 mov r3, r4 | r3 = r4;
0x0000292a blx 0x1ef0 | sym ();
0x0000292e mov r0, r4 | r0 = r4;
0x00002930 blx 0x1dfc | fcn_00001dfc ();
0x00002934 b 0x2768 | goto label_0;
| label_5:
0x00002936 ldr r3, [pc, 0x84] |
0x00002938 add r3, pc |
0x0000293a ldr r3, [r3] | r3 = *(0x52fa);
0x0000293c cmp r3, 0 |
0x0000293e it le |
| if (r3 <= 0) {
0x00002940 strle r8, [sp, 0x18] | var_18h = r8;
| goto label_16;
| }
| if (r3 <= 0) {
| label_16:
0x00002944 ble 0x288e | goto label_1;
| }
0x00002946 ldr r2, [sp, 0x24] | r2 = var_24h;
0x00002948 ldr r3, [pc, 0x64] | r3 = *(0x29b0);
0x0000294a str r0, [sp, 0x18] | var_18h = r0;
0x0000294c ldr r3, [r2, r3] | r3 = *((r2 + r3));
0x0000294e ldr r4, [r3] | r4 = *(0x29b0);
0x00002950 blx 0x21ac | r0 = fcn_000021ac ();
0x00002954 ldr r0, [r0] | r0 = *(r0);
0x00002956 blx 0x1ea8 | sym ();
0x0000295a ldr r2, [pc, 0x64] |
0x0000295c mov r1, r0 | r1 = r0;
0x0000295e str r1, [sp] | *(sp) = r1;
0x00002960 mov r3, fp | r3 = fp;
0x00002962 mov r0, r4 | r0 = r4;
0x00002964 movs r1, 1 | r1 = 1;
0x00002966 add r2, pc | r2 = 0x532c;
0x00002968 blx 0x1ef0 | sym ();
0x0000296c b 0x288e | goto label_1;
| label_15:
0x0000296e mov r0, r4 | r0 = r4;
0x00002970 str r6, [sp, 0x18] | var_18h = r6;
0x00002972 blx 0x1dfc | fcn_00001dfc ();
0x00002976 mov r0, r8 | r0 = r8;
0x00002978 blx 0x1e68 | fcn_00001e68 ();
0x0000297c b 0x288e | goto label_1;
| label_9:
0x0000297e mov r0, r8 | r0 = r8;
0x00002980 str r4, [sp, 0x18] | var_18h = r4;
0x00002982 blx 0x1e68 | fcn_00001e68 ();
0x00002986 b 0x288e | goto label_1;
| label_13:
0x00002988 blx 0x2008 | fcn_00002008 ();
| label_14:
0x0000298c str r0, [sp, 0x2c] | var_2ch = r0;
0x0000298e mov r0, r6 | r0 = r6;
0x00002990 blx 0x1dfc | fcn_00001dfc ();
0x00002994 ldr r3, [sp, 0x2c] | r3 = var_2ch;
0x00002996 b 0x28ec | goto label_4;
| }
[*] Function fprintf used 2 times pzstd
