[*] Binary protection state of libteec.so.1.0.0
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of libteec.so.1.0.0
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libteec.so.1.0.0 @ 0x1064 */
| #include <stdint.h>
|
; (fcn) sym.TEEC_AllocateSharedMemory () | void TEEC_AllocateSharedMemory (uint32_t arg2, uint32_t fd) {
| int16_t var_0h_2;
| int16_t var_14h;
| int16_t var_18h;
| int16_t var_24h;
| int16_t var_2ch;
| int16_t var_34h;
| r1 = arg2;
| r0 = fd;
0x00001064 stmdbhs r0, {r0, r2, r6, sb, fp, lr} | __asm ("stmdbhs r0, {r0, r2, r6, sb, fp, lr}");
0x00001068 it ne |
| if (? != ?) {
0x0000106a cmpne r0, 0 | __asm ("cmpne var_0h_2");
| }
0x0000106c ldr r3, [pc, 0x110] |
0x0000106e push {r4, r5, r6, r7, lr} |
0x00001070 sub sp, 0x3c |
0x00001072 add r2, pc | r2 += pc;
0x00001074 ldr r3, [r2, r3] | r3 = *((r2 + r3));
0x00001076 ldr r3, [r3] | r3 = *(0x1180);
0x00001078 str r3, [sp, 0x34] | var_34h = r3;
0x0000107a mov.w r3, 0 | r3 = 0;
| if (? != ?) {
0x0000107e beq 0x10ee |
0x00001080 ldr r5, [r1, 8] | r5 = *((r1 + 8));
0x00001082 mov r4, r1 | r4 = r1;
0x00001084 cmp r5, 0 |
| if (r5 != 0) {
0x00001086 beq 0x10ee |
0x00001088 bics r5, r5, 3 | __asm ("bics r5, r5, 3");
| if (r5 != 0) {
0x0000108c bne 0x10ee | goto label_1;
| }
0x0000108e ldr r7, [r1, 4] | r7 = *((r1 + 4));
0x00001090 mov r6, r0 | r6 = r0;
0x00001092 ldrb r3, [r0, 4] | r3 = *((r0 + 4));
0x00001094 cmp r7, 0 |
0x00001096 it eq |
| if (r7 != 0) {
0x00001098 moveq r7, 8 | r7 = 8;
| }
0x0000109a cmp r3, 0 |
| if (r3 == 0) {
0x0000109c beq 0x110e | goto label_2;
| }
0x0000109e movs r0, 0x1e | r0 = 0x1e;
0x000010a0 blx 0x92c | sysconf ();
0x000010a4 mov r2, r7 | r2 = r7;
0x000010a6 mov r1, r0 | r1 = r0;
0x000010a8 add r0, sp, 0x14 | r0 += var_14h;
0x000010aa blx 0x980 | r0 = posix_memalign ();
| if (r0 == 0) {
0x000010ae cbnz r0, 0x10e4 |
0x000010b0 ldr r3, [sp, 0x14] | r3 = var_14h;
0x000010b2 str r3, [r4] | *(r4) = r3;
0x000010b4 cmp r3, 0 |
| if (r3 == 0) {
0x000010b6 beq 0x116e | goto label_3;
| }
0x000010b8 movw r1, 0xa409 |
0x000010bc ldr r0, [r6] | r0 = *(r6);
0x000010be add r2, sp, 0x18 | r2 += var_18h;
0x000010c0 movt r1, 0xc018 | r1 = 0xc018a409;
0x000010c4 str r3, [sp, 0x18] | var_18h = r3;
0x000010c6 strd r5, r5, [sp, 0x28] | __asm ("strd r5, r5, [sp, 0x28]");
0x000010ca strd r5, r7, [sp, 0x1c] | __asm ("strd r5, r7, [sp, 0x1c]");
0x000010ce str r5, [sp, 0x24] | var_24h = r5;
0x000010d0 blx 0x938 | r0 = ioctl (r0, r1);
0x000010d4 cmp r0, 0 |
0x000010d6 itt ge |
| if (r0 < 0) {
0x000010d8 ldrge r3, [sp, 0x2c] | r3 = var_2ch;
| }
| if (r0 < 0) {
0x000010da strge r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
| }
| if (r0 >= 0) {
0x000010dc bge 0x1160 | goto label_4;
| }
0x000010de ldr r0, [r4] | r0 = *(r4);
0x000010e0 blx 0x8e4 | free (r0);
| }
0x000010e4 str r5, [r4] | *(r4) = r5;
0x000010e6 movs r5, 0xc |
0x000010e8 movt r5, 0xffff | r5 = 0x-fff4;
0x000010ec b 0x10f4 |
| }
| } else {
| label_1:
0x000010ee movs r5, 6 |
0x000010f0 movt r5, 0xffff | r5 = 0x-fffa;
| }
| do {
| label_0:
0x000010f4 ldr r2, [pc, 0x8c] |
0x000010f6 ldr r3, [pc, 0x88] | r3 = *(0x1182);
0x000010f8 add r2, pc | r2 = 0x2280;
0x000010fa ldr r3, [r2, r3] | r3 = *(0x2280);
0x000010fc ldr r2, [r3] | r2 = *(0x2280);
0x000010fe ldr r3, [sp, 0x34] | r3 = var_34h;
0x00001100 eors r2, r3 | r2 ^= r3;
0x00001102 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00001106 bne 0x1176 | goto label_5;
| }
0x00001108 mov r0, r5 | r0 = r5;
0x0000110a add sp, 0x3c |
0x0000110c pop {r4, r5, r6, r7, pc} |
| label_2:
0x0000110e movw r1, 0xa401 |
0x00001112 ldr r0, [r0] | r0 = *(r0);
0x00001114 add r2, sp, 0x18 | r2 += var_18h;
0x00001116 movt r1, 0xc010 | r1 = 0xc010a401;
0x0000111a strd r5, r5, [sp, 0x20] | __asm ("strd r5, r5, [sp, 0x20]");
0x0000111e strd r7, r5, [sp, 0x18] | __asm ("strd r7, r5, [sp, 0x18]");
0x00001122 blx 0x938 | r0 = ioctl (r0, r1);
0x00001126 subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 < r0) {
0x00001128 blt 0x116e | goto label_3;
| }
0x0000112a ldr r3, [sp, 0x24] | r3 = var_24h;
0x0000112c movs r2, 3 | r2 = 3;
0x0000112e vmov.i32 d16, 0 | __asm ("vmov.i32 d16, 0");
0x00001132 mov r0, r5 | r0 = r5;
0x00001134 mov r1, r7 | r1 = r7;
0x00001136 str r6, [sp] | *(sp) = r6;
0x00001138 str r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
0x0000113a movs r3, 1 | r3 = 1;
0x0000113c vstr d16, [sp, 8] | __asm ("vstr d16, [sp, 8]");
0x00001140 blx 0x914 | mmap64 ()
0x00001144 str r0, [r4] | *(r4) = r0;
0x00001146 mov r0, r6 | r0 = r6;
0x00001148 blx 0x9d8 | fcn_000009d8 ();
0x0000114c ldr r3, [r4] | r3 = *(r4);
0x0000114e adds r2, r3, 1 | r2 = r3 + 1;
0x00001150 ittt eq |
| if (r2 != r3) {
0x00001152 moveq r5, 0xc | r5 = 0xc;
| }
| if (r2 != r3) {
0x00001154 streq r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
| }
| if (r2 == r3) {
0x00001156 movteq r5, 0xffff | __asm ("movteq r5, 0xffff");
| }
0x0000115a beq 0x10f4 |
| } while (r2 == r3);
0x0000115c mov.w r0, -1 | r0 = -1;
| label_4:
0x00001160 movs r3, 0 | r3 = 0;
0x00001162 str r7, [r4, 0x10] | *((r4 + 0x10)) = r7;
0x00001164 strd r3, r0, [r4, 0x14] | __asm ("strd r3, r0, [r4, 0x14]");
0x00001168 movs r3, 1 | r3 = 1;
0x0000116a strb r3, [r4, 0x1c] | *((r4 + 0x1c)) = r3;
0x0000116c b 0x10f4 | goto label_0;
| label_3:
0x0000116e movs r5, 0xc |
0x00001170 movt r5, 0xffff | r5 = 0x-fff4;
0x00001174 b 0x10f4 | goto label_0;
| label_5:
0x00001176 blx 0x920 | stack_chk_fail ();
0x0000117a nop |
0x0000117c lsrs r6, r7, 0x1b | r6 = r7 >> 0x1b;
0x0000117e movs r1, r0 | r1 = r0;
0x00001180 lsls r4, r7, 1 | r4 = r7 << 1;
0x00001182 movs r0, r0 |
0x00001184 lsrs r0, r7, 0x19 | r0 = r7 >> 0x19;
0x00001186 movs r1, r0 | r1 = r0;
| }
[*] Function mmap used 2 times libteec.so.1.0.0
