[*] Binary protection state of libstatuscache.so.1.1.0
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of libstatuscache.so.1.1.0
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libstatuscache.so.1.1.0 @ 0x1214 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) sym.sc_set_group () | void sc_set_group (int16_t arg_4h, int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h_2;
| int16_t var_4h_4;
| int16_t var_8h_3;
| int16_t var_ch_5;
| int16_t var_10h_2;
| int16_t var_14h_3;
| int16_t var_18h_2;
| int16_t var_1ch_2;
| int16_t var_24h;
| int16_t var_26h;
| int16_t var_28h;
| int16_t var_2ch;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x00001214 svcmi 0xf0e92d | __asm ("svcmi 0xf0e92d");
0x00001218 mov sb, r2 | sb = r2;
0x0000121a ldr r2, [pc, 0x2c8] |
0x0000121c sub sp, 0x34 |
0x0000121e ldr r3, [pc, 0x2c8] | r3 = *(0x14ea);
0x00001220 add r2, pc | r2 = 0x270a;
0x00001222 ldr r3, [r2, r3] |
0x00001224 ldr r3, [r3] | r3 = *(0x270a);
0x00001226 str r3, [sp, 0x2c] | var_2ch = r3;
0x00001228 mov.w r3, 0 | r3 = 0;
| if (r0 == 0) {
0x0000122c cbz r0, 0x1278 | goto label_6;
| }
0x0000122e mov r6, r1 | r6 = r1;
0x00001230 mov r8, r0 | r8 = r0;
0x00001232 blx 0x888 | strlen (r0);
0x00001236 clz r3, r6 | r3 &= r6;
0x0000123a subs r0, 1 | r0--;
0x0000123c lsrs r3, r3, 5 | r3 >>= 5;
0x0000123e cmp r0, 0x1e |
0x00001240 it hi |
| if (r0 <= 0x1e) {
0x00001242 orrhi r3, r3, 1 | r3 |= 1;
| }
| if (r3 != 0) {
0x00001246 cbnz r3, 0x1278 | goto label_6;
| }
0x00001248 ldr r4, [r6] | r4 = *(r6);
| if (r4 == 0) {
0x0000124a cbz r4, 0x1278 | goto label_6;
| }
0x0000124c mov r7, r6 | r7 = r6;
0x0000124e add.w r5, r6, 0xc8 | r5 = r6 + 0xc8;
0x00001252 b 0x1264 |
| while (r3 != 0) {
0x00001254 ldr r3, [r4, 4] | r3 = *((r4 + 4));
0x00001256 cmp r3, 0 |
| if (r3 <= 0) {
0x00001258 ble 0x1278 | goto label_6;
| }
0x0000125a ldr r4, [r7, 4]! | r4 = *((r7 += 4));
| if (r4 == 0) {
0x0000125e cbz r4, 0x12a2 | goto label_7;
| }
0x00001260 cmp r5, r7 |
| if (r5 == r7) {
0x00001262 beq 0x1278 | goto label_6;
| }
0x00001264 ldr r0, [r4] | r0 = *(r4);
| if (r0 == 0) {
0x00001266 cbz r0, 0x1278 | goto label_6;
| }
0x00001268 blx 0x888 | strlen (r0);
0x0000126c subs r0, 1 | r0--;
0x0000126e cmp r0, 0x1e |
| if (r0 > 0x1e) {
0x00001270 bhi 0x1278 | goto label_6;
| }
0x00001272 ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x00001274 cmp r3, 0 |
0x00001276 bne 0x1254 |
| }
| label_6:
0x00001278 mov.w fp, -1 |
0x0000127c blx 0x894 | errno_location ();
0x00001280 movs r3, 0x16 | r3 = 0x16;
0x00001282 str r3, [r0] | *(r0) = r3;
| label_0:
0x00001284 ldr r2, [pc, 0x264] |
0x00001286 ldr r3, [pc, 0x260] | r3 = *(0x14ea);
0x00001288 add r2, pc | r2 = 0x2778;
0x0000128a ldr r3, [r2, r3] | r3 = *(0x2778);
0x0000128c ldr r2, [r3] | r2 = *(0x2778);
0x0000128e ldr r3, [sp, 0x2c] | r3 = var_2ch;
0x00001290 eors r2, r3 | r2 ^= r3;
0x00001292 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00001296 bne.w 0x14de | goto label_8;
| }
0x0000129a mov r0, fp | r0 = fp;
0x0000129c add sp, 0x34 |
0x0000129e pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_7:
0x000012a2 and r3, sb, 1 | r3 = sb & 1;
0x000012a6 mov r0, r3 | r0 = r3;
0x000012a8 str r3, [sp] | *(sp) = r3;
0x000012aa bl 0xe1c | r0 = fcn_00000e1c (r0);
0x000012ae cmp r0, 0 |
| if (r0 < 0) {
0x000012b0 blt.w 0x14c4 | goto label_9;
| }
0x000012b4 ldr r3, [pc, 0x238] |
0x000012b6 add r3, pc | r3 = 0x27aa;
0x000012b8 ldr r5, [r3] | r5 = *(0x27aa);
0x000012ba add.w fp, r5, 4 |
0x000012be add.w sl, r5, 0x194 | sl = r5 + 0x194;
0x000012c2 b 0x12c6 |
| while (fp != sl) {
0x000012c4 mov r4, r3 | r4 = r3;
0x000012c6 ldr r1, [fp, 4]! | r1 = *(arg_4h);
| if (r1 == 0) {
0x000012ca cbz r1, 0x12dc | goto label_10;
| }
0x000012cc add r1, r5 | r1 += r5;
0x000012ce mov r0, r8 | r0 = r8;
0x000012d0 blx 0x7d4 | strcmp (r0, r1);
0x000012d4 adds r3, r4, 1 | r3 = r4 + 1;
| if (r0 == 0) {
0x000012d6 cbz r0, 0x1308 | goto label_11;
| }
0x000012d8 cmp fp, sl |
0x000012da bne 0x12c4 |
| }
| label_10:
0x000012dc blx 0x894 | errno_location ();
0x000012e0 movs r2, 0x3d | r2 = 0x3d;
0x000012e2 mov.w r3, 0x10000 | r3 = 0x10000;
0x000012e6 str r2, [r0] | *(r0) = r2;
0x000012e8 mov r4, r0 | r4 = r0;
0x000012ea str r3, [sp, 0x24] | var_24h = r3;
0x000012ec movs r2, 1 | r2 = 1;
0x000012ee mov.w r3, 0x1000 | r3 = 0x1000;
0x000012f2 ldr r0, [r5, 4] | r0 = *((r5 + 4));
0x000012f4 add r1, sp, 0x24 | r1 += var_24h;
0x000012f6 strh.w r3, [sp, 0x28] | var_28h = r3;
0x000012fa blx 0x834 | semop ();
0x000012fe movs r3, 2 | r3 = 2;
0x00001300 mov.w fp, -1 |
0x00001304 str r3, [r4] | *(r4) = r3;
0x00001306 b 0x1284 | goto label_0;
| label_11:
0x00001308 mov r8, r3 | r8 = r3;
0x0000130a str r3, [sp, 0x18] | var_18h_2 = r3;
0x0000130c mov.w r3, 0x10000 | r3 = 0x10000;
0x00001310 add r1, sp, 0x24 | r1 += var_24h;
0x00001312 str r3, [sp, 0x24] | var_24h = r3;
0x00001314 movs r2, 1 | r2 = 1;
0x00001316 mov.w r3, 0x1000 | r3 = 0x1000;
0x0000131a mov r7, r0 | r7 = r0;
0x0000131c ldr r0, [r5, 4] | r0 = *((r5 + 4));
0x0000131e str r1, [sp, 0x1c] | var_1ch_2 = r1;
0x00001320 strh.w r3, [sp, 0x28] | var_28h = r3;
0x00001324 blx 0x834 | semop ();
0x00001328 movs r1, 1 | r1 = 1;
0x0000132a ldr r3, [sp] | r3 = *(sp);
0x0000132c mov r2, r8 | r2 = r8;
0x0000132e mov r0, r1 | r0 = r1;
0x00001330 bl 0xd30 | r0 = fcn_00000d30 (r0, r1, r2, r3);
0x00001334 cmp r0, 0 |
| if (r0 < 0) {
0x00001336 blt.w 0x14ca | goto label_12;
| }
0x0000133a add.w r3, r5, r4, lsl 3 | r3 = r5 + (r4 << 3);
0x0000133e ldr.w r8, [r6] | r8 = *(r6);
0x00001342 and r2, sb, 2 | r2 = sb & 2;
0x00001346 str r3, [sp, 0xc] | var_ch_5 = r3;
0x00001348 ldr.w r3, [r3, 0x19c] | r3 = *((r3 + 0x19c));
0x0000134c str r2, [sp, 8] | var_8h_3 = r2;
0x0000134e adds r3, r5, r3 | r3 = r5 + r3;
0x00001350 str r3, [sp, 4] | *(arg_4h) = r3;
0x00001352 cmp.w r8, 0 |
| if (r8 == 0) {
0x00001356 beq.w 0x14c0 | goto label_13;
| }
0x0000135a mov fp, r7 |
0x0000135c subs r3, 4 | r3 -= 4;
0x0000135e str r3, [sp] | *(sp) = r3;
| label_2:
0x00001360 ldr.w r7, [r8] | r7 = *(r8);
0x00001364 movs r4, 0 | r4 = 0;
0x00001366 ldr.w sb, [sp] | sb = *(sp);
0x0000136a b 0x1380 |
| while (r7 != 0) {
0x0000136c cmp r1, 0 |
| if (r1 == 0) {
0x0000136e beq 0x13f2 | goto label_14;
| }
0x00001370 add r1, r5 | r1 += r5;
0x00001372 mov r0, r7 | r0 = r7;
0x00001374 blx 0x7d4 | r0 = strcmp (r0, r1);
| if (r0 == 0) {
0x00001378 cbz r0, 0x138c | goto label_15;
| }
| label_1:
0x0000137a adds r4, 1 | r4++;
0x0000137c cmp r4, 0x32 |
| if (r4 == 0x32) {
0x0000137e beq 0x13f2 | goto label_14;
| }
0x00001380 ldr r1, [sb, 4]! | r1 = *((sb += 4));
0x00001384 cmp r7, 0 |
0x00001386 bne 0x136c |
| }
0x00001388 cmp r1, 0 |
| if (r1 != 0) {
0x0000138a bne 0x137a | goto label_1;
| }
| label_15:
0x0000138c lsl.w r8, r4, 4 | r8 = r4 << 4;
| label_3:
0x00001390 ldr r3, [sp, 4] | r3 = *(arg_4h);
0x00001392 add r8, r3 | r8 += r3;
0x00001394 ldr r3, [r6] | r3 = *(r6);
0x00001396 ldr.w r1, [r8, 0xcc] | r1 = *((r8 + 0xcc));
0x0000139a ldr r2, [r3, 4] | r2 = *((r3 + 4));
0x0000139c cmp r2, r1 |
0x0000139e itt hi |
| if (r2 <= r1) {
0x000013a0 movhi r2, -1 | r2 = -1;
| }
| if (r2 > r1) {
0x000013a4 str r2, [r3, 4] | *((r3 + 4)) = r2;
| }
| if (r2 <= r1) {
0x000013a6 bhi 0x13c8 |
0x000013a8 ldr.w r0, [r8, 0xd4] | r0 = *((r8 + 0xd4));
0x000013ac ldr r1, [r3, 8] | r1 = *((r3 + 8));
0x000013ae add r0, r5 | r0 += r5;
0x000013b0 blx 0x7f8 | memcpy (r0, r1, r2);
0x000013b4 ldr r3, [r6] | r3 = *(r6);
0x000013b6 ldr r2, [r3, 0xc] | r2 = *((r3 + 0xc));
0x000013b8 ldr r3, [r3, 4] | r3 = *((r3 + 4));
0x000013ba str.w r3, [r8, 0xd0] | __asm ("str.w r3, [r8, 0xd0]");
| if (r2 != 0) {
0x000013be cbz r2, 0x13c4 |
0x000013c0 str.w r2, [r8, 0xc8] | __asm ("str.w r2, [r8, 0xc8]");
| }
0x000013c4 add.w fp, fp, 1 |
| }
| label_4:
0x000013c8 ldr r8, [r6, 4]! | r8 = *((r6 += 4));
0x000013cc cmp.w r8, 0 |
| if (r8 != 0) {
0x000013d0 bne 0x1360 | goto label_2;
| }
| label_5:
0x000013d2 ldrd r2, r1, [sp, 0x18] | __asm ("ldrd r2, r1, [var_18h_2]");
0x000013d6 mov.w r3, 0x1000 | r3 = 0x1000;
0x000013da ldr r0, [r5, 4] | r0 = *((r5 + 4));
0x000013dc strh.w r3, [sp, 0x28] | var_28h = r3;
0x000013e0 movs r3, 5 | r3 = 5;
0x000013e2 strh.w r2, [sp, 0x24] | var_24h = r2;
0x000013e6 movs r2, 1 | r2 = 1;
0x000013e8 strh.w r3, [sp, 0x26] | var_26h = r3;
0x000013ec blx 0x834 | semop ();
0x000013f0 b 0x1284 | goto label_0;
| label_14:
0x000013f2 blx 0x894 | errno_location ();
0x000013f6 movs r3, 0x3d | r3 = 0x3d;
0x000013f8 mov sb, r0 | sb = r0;
0x000013fa str r3, [r0] | *(r0) = r3;
0x000013fc ldr r3, [sp, 8] | r3 = var_8h_3;
0x000013fe cmp r3, 0 |
| if (r3 == 0) {
0x00001400 beq 0x14a2 | goto label_16;
| }
0x00001402 ldr r3, [sp, 0xc] | r3 = var_ch_5;
0x00001404 movs r4, 0 | r4 = 0;
0x00001406 ldr.w sl, [r8, 4] | sl = *((r8 + 4));
0x0000140a ldr.w r8, [r3, 0x19c] | r8 = *((r3 + 0x19c));
0x0000140e add.w r1, r5, r8 | r1 = r5 + r8;
0x00001412 subs r3, r1, 4 | r3 = r1 - 4;
0x00001414 b 0x141c |
| while (r2 != 0) {
0x00001416 adds r4, 1 | r4++;
0x00001418 cmp r4, 0x32 |
| if (r4 == 0x32) {
0x0000141a beq 0x149c | goto label_17;
| }
0x0000141c ldr r2, [r3, 4]! | r2 = *((r3 += 4));
0x00001420 cmp r2, 0 |
0x00001422 bne 0x1416 |
| }
0x00001424 cmp r4, 0 |
| if (r4 != 0) {
0x00001426 bne 0x14ac | goto label_18;
| }
0x00001428 add.w r2, r8, 0x3e8 | r2 = r8 + 0x3e8;
0x0000142c str.w r2, [r5, r8] | __asm ("str.w r2, [r5, r8]");
| do {
0x00001430 mov r0, r7 | r0 = r7;
0x00001432 strd r1, r2, [sp, 0x10] | __asm ("strd r1, r2, [sp, 0x10]");
0x00001436 blx 0x888 | strlen (r0);
0x0000143a ldr r2, [sp, 0x14] | r2 = var_14h_3;
0x0000143c add.w ip, sl, 3 |
0x00001440 ldr r1, [sp, 0xc] | r1 = var_ch_5;
0x00001442 bic ip, ip, 3 | ip = BIT_MASK (ip, 3);
0x00001446 adds r3, r0, r2 | r3 = r0 + r2;
0x00001448 sub.w r0, ip, r8 | r0 = ip - r8;
0x0000144c ldr.w lr, [r1, 0x198] |
0x00001450 adds r3, 4 | r3 += 4;
0x00001452 ldr r1, [sp, 0x10] | r1 = var_10h_2;
0x00001454 bic r3, r3, 3 | r3 = BIT_MASK (r3, 3);
0x00001458 lsl.w r8, r4, 4 | r8 = r4 << 4;
0x0000145c add r0, r3 | r0 += r3;
0x0000145e cmp r0, lr |
0x00001460 add.w sl, r1, r8 | sl = r1 + r8;
0x00001464 str.w r3, [sl, 0xd4] | __asm ("str.w r3, [sl, 0xd4]");
0x00001468 mov.w r3, 0 | r3 = 0;
0x0000146c str.w ip, [sl, 0xcc] | __asm ("str.w ip, [sl, 0xcc]");
0x00001470 str.w r3, [sl, 0xd0] | __asm ("str.w r3, [sl, 0xd0]");
| if (r0 <= lr) {
0x00001474 bhi 0x1490 |
0x00001476 mov r1, r7 | r1 = r7;
0x00001478 adds r0, r5, r2 | r0 = r5 + r2;
0x0000147a blx 0x840 | strcpy (r0, r1)
0x0000147e ldr.w r0, [sl, 0xd4] | r0 = *((sl + 0xd4));
0x00001482 movs r1, 0 | r1 = 0;
0x00001484 ldr.w r2, [sl, 0xcc] | r2 = *((sl + 0xcc));
0x00001488 add r0, r5 | r0 += r5;
0x0000148a blx 0x8c4 | memset (r0, r1, r2);
0x0000148e b 0x1390 | goto label_3;
| }
0x00001490 str.w r3, [r1, r4, lsl 2] | __asm ("str.w r3, [r1, r4, lsl 2]");
0x00001494 str.w r3, [sl, 0xd4] | __asm ("str.w r3, [sl, 0xd4]");
0x00001498 str.w r3, [sl, 0xcc] | __asm ("str.w r3, [sl, 0xcc]");
| label_17:
0x0000149c movs r3, 0x1c | r3 = 0x1c;
0x0000149e str.w r3, [sb] | __asm ("str.w r3, [sb]");
| label_16:
0x000014a2 ldr r3, [r6] | r3 = *(r6);
0x000014a4 mov.w r2, -1 | r2 = -1;
0x000014a8 str r2, [r3, 4] | *((r3 + 4)) = r2;
0x000014aa b 0x13c8 | goto label_4;
| label_18:
0x000014ac add.w r3, r1, r4, lsl 4 | r3 = r1 + (r4 << 4);
0x000014b0 ldr.w r2, [r3, 0xc4] | r2 = *((r3 + 0xc4));
0x000014b4 ldr.w r3, [r3, 0xbc] | r3 = *((r3 + 0xbc));
0x000014b8 add r2, r3 | r2 += r3;
0x000014ba str.w r2, [r1, r4, lsl 2] | __asm ("str.w r2, [r1, r4, lsl 2]");
0x000014be b 0x1430 |
| } while (1);
| label_13:
0x000014c0 mov fp, r8 |
0x000014c2 b 0x13d2 | goto label_5;
| do {
| label_9:
0x000014c4 mov.w fp, -1 |
0x000014c8 b 0x1284 | goto label_0;
| label_12:
0x000014ca ldr r3, [sp] | r3 = *(sp);
0x000014cc cmp r3, 0 |
0x000014ce beq 0x14c4 |
| } while (r3 == 0);
0x000014d0 blx 0x894 | errno_location ();
0x000014d4 movs r3, 0xb | r3 = 0xb;
0x000014d6 mov.w fp, -1 |
0x000014da str r3, [r0] | *(r0) = r3;
0x000014dc b 0x1284 | goto label_0;
| label_8:
0x000014de blx 0x81c | stack_chk_fail ();
0x000014e2 nop |
0x000014e4 lsrs r4, r1, 0x15 | r4 = r1 >> 0x15;
0x000014e6 movs r1, r0 | r1 = r0;
0x000014e8 lsls r4, r0, 2 | r4 = r0 << 2;
0x000014ea movs r0, r0 |
0x000014ec lsrs r4, r4, 0x13 | r4 >>= 0x13;
0x000014ee movs r1, r0 | r1 = r0;
0x000014f0 lsrs r6, r1, 0x15 | r6 = r1 >> 0x15;
0x000014f2 movs r1, r0 | r1 = r0;
| }
[*] Function strcpy used 2 times libstatuscache.so.1.1.0
