[*] Binary protection state of wpa_supplicant
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of wpa_supplicant
r2dec has crashed (info: /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/wpa_supplicant @ 0x3c870).
Please report the bug at https://github.com/radareorg/r2dec-js/issues
Use the option '--issue' or the command 'pddi' to generate
the needed data for the issue.
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/wpa_supplicant @ 0x545d8 */
| #include <stdint.h>
|
; (fcn) fcn.000545d8 () | void fcn_000545d8 (int16_t arg_28h, int16_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_58h;
| int16_t var_4h_2;
| int16_t var_8h;
| int16_t var_ah;
| int16_t var_ch;
| int16_t var_10h_2;
| int16_t var_13h;
| int16_t var_14h_2;
| int16_t var_18h;
| int16_t var_1ch;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x000545d8 mov ip, r0 |
0x000545da ldr r0, [pc, 0xc4] |
0x000545dc push {r4, lr} |
0x000545de mov r4, r1 | r4 = r1;
0x000545e0 mov r1, r3 | r1 = r3;
0x000545e2 ldr r3, [pc, 0xc0] | r3 = *(0x546a6);
0x000545e4 add r0, pc | r0 = 0xa8c8a;
0x000545e6 sub sp, 0x20 |
0x000545e8 ldr r3, [r0, r3] |
0x000545ea ldr r3, [r3] | r3 = *(0xa8c8a);
0x000545ec str r3, [sp, 0x1c] | var_1ch = r3;
0x000545ee mov.w r3, 0 | r3 = 0;
0x000545f2 cmp.w ip, 0 |
| if (ip == 0) {
0x000545f6 beq 0x54694 | goto label_1;
| }
0x000545f8 ldr.w r3, [ip, 0x2c] | r3 = *((ip + 0x2c));
| if (r3 != 0) {
0x000545fc cbnz r3, 0x54654 | goto label_2;
| }
0x000545fe ldr r0, [r4] | r0 = *(r4);
0x00054600 rev16 r2, r2 | __asm ("rev16 r2, r2");
0x00054602 ldrh r4, [r4, 4] | r4 = *((r4 + 4));
0x00054604 strh.w r2, [sp, 0xa] | var_ah = r2;
0x00054608 movs r2, 6 | r2 = 6;
0x0005460a str r3, [sp, 0x10] | var_10h_2 = r3;
0x0005460c strb.w r2, [sp, 0x13] | var_13h = r2;
0x00054610 movs r2, 0x14 | r2 = 0x14;
0x00054612 str r2, [sp, 4] | var_4h_2 = r2;
0x00054614 str r3, [sp, 0x18] | var_18h = r3;
0x00054616 strh.w r4, [sp, 0x18] | var_18h = r4;
0x0005461a ldr.w r4, [ip, 0x18] | r4 = *((ip + 0x18));
0x0005461e str r0, [sp, 0x14] | var_14h_2 = r0;
0x00054620 ldr r2, [sp, 0x28] | r2 = *(arg_28h);
0x00054622 str r4, [sp, 0xc] | var_ch = r4;
0x00054624 add r4, sp, 8 | r4 += var_8h;
0x00054626 ldr.w r0, [ip] | r0 = *(ip);
0x0005462a str r4, [sp] | *(sp) = r4;
0x0005462c movs r4, 0x11 | r4 = 0x11;
0x0005462e strh.w r4, [sp, 8] | var_8h = r4;
0x00054632 blx 0x6618 | r0 = fprintf_chk ()
0x00054636 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 < r0) {
0x00054638 blt 0x5467c | goto label_3;
| }
| do {
| label_0:
0x0005463a ldr r2, [pc, 0x6c] |
0x0005463c ldr r3, [pc, 0x64] | r3 = *(0x546a4);
0x0005463e add r2, pc | r2 = 0xa8cec;
0x00054640 ldr r3, [r2, r3] | r3 = *(0xa8cec);
0x00054642 ldr r2, [r3] | r2 = *(0xa8cec);
0x00054644 ldr r3, [sp, 0x1c] | r3 = var_1ch;
0x00054646 eors r2, r3 | r2 ^= r3;
0x00054648 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x0005464c bne 0x5469a | goto label_4;
| }
0x0005464e mov r0, r4 | r0 = r4;
0x00054650 add sp, 0x20 |
0x00054652 pop {r4, pc} |
| label_2:
0x00054654 ldr.w r0, [ip] | r0 = *(ip);
0x00054658 movs r3, 0 | r3 = 0;
0x0005465a ldr r2, [sp, 0x28] | r2 = *(arg_28h);
0x0005465c blx 0x7174 | r0 = fcn_00007174 ();
0x00054660 subs r4, r0, 0 | r4 = r0 - 0;
0x00054662 bge 0x5463a |
| } while (r4 >= r0);
0x00054664 blx 0x7150 | r0 = fcn_00007150 ();
0x00054668 ldr r0, [r0] | r0 = *(r0);
0x0005466a blx 0x6494 | fcn_00006494 ();
0x0005466e ldr r1, [pc, 0x3c] |
0x00054670 mov r2, r0 | r2 = r0;
0x00054672 movs r0, 5 | r0 = 5;
0x00054674 add r1, pc | r1 = 0xa8d26;
0x00054676 bl 0xe4b4 | fcn_0000e4b4 (r0, r1);
0x0005467a b 0x5463a | goto label_0;
| label_3:
0x0005467c blx 0x7150 | r0 = fcn_00007150 ();
0x00054680 ldr r0, [r0] | r0 = *(r0);
0x00054682 blx 0x6494 | fcn_00006494 ();
0x00054686 ldr r1, [pc, 0x28] |
0x00054688 mov r2, r0 | r2 = r0;
0x0005468a movs r0, 5 | r0 = 5;
0x0005468c add r1, pc | r1 = 0xa8d42;
0x0005468e bl 0xe4b4 | fcn_0000e4b4 (r0, r1);
0x00054692 b 0x5463a | goto label_0;
| label_1:
0x00054694 mov.w r4, -1 | r4 = -1;
0x00054698 b 0x5463a | goto label_0;
| label_4:
0x0005469a blx 0x6b24 | fcn_00006b24 ();
0x0005469e nop |
0x000546a0 orrs r0, r7 | r0 |= r7;
0x000546a2 movs r3, r0 | r3 = r0;
0x000546a4 lsls r0, r7, 0x19 | r0 = r7 << 0x19;
0x000546a6 movs r0, r0 |
0x000546a8 cmn r6, r3 |
0x000546aa movs r3, r0 | r3 = r0;
0x000546ac asrs r4, r0, 6 | r4 = r0 >> 6;
0x000546ae movs r2, r0 | r2 = r0;
0x000546b0 asrs r0, r1, 6 | r0 = r1 >> 6;
0x000546b2 movs r2, r0 | r2 = r0;
| }
[*] Function fprintf used 2 times wpa_supplicant
