[*] Binary protection state of libtsocks.so.1.8
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of libtsocks.so.1.8
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libtsocks.so.1.8 @ 0x25c4 */
| #include <stdint.h>
|
; (fcn) sym.pick_server () | void pick_server (int16_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_4h;
| int16_t var_ch;
| int16_t var_4ch;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x000025c4 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x000025c8 mov r6, r2 | r6 = r2;
0x000025ca sub sp, 0x54 |
0x000025cc mov r2, r0 | r2 = r0;
0x000025ce mov r4, r2 | r4 = r2;
0x000025d0 mov r8, r3 | r8 = r3;
0x000025d2 str r2, [sp, 4] | var_4h = r2;
0x000025d4 mov sb, r1 | sb = r1;
0x000025d6 ldr r2, [pc, 0xd8] |
0x000025d8 ldr r3, [pc, 0xd8] | r3 = *(0x26b4);
0x000025da ldr r0, [r6] | r0 = *(r6);
0x000025dc add r2, pc | r2 = 0x4c92;
0x000025de ldr r3, [r2, r3] |
0x000025e0 ldr r3, [r3] | r3 = *(0x4c92);
0x000025e2 str r3, [sp, 0x4c] | var_4ch = r3;
0x000025e4 mov.w r3, 0 | r3 = 0;
0x000025e8 blx 0xc04 | inet_ntoa (r0);
0x000025ec ldr r1, [pc, 0xc8] |
0x000025ee mov r2, r0 | r2 = r0;
0x000025f0 movs r0, 2 | r0 = 2;
0x000025f2 add r1, pc | r1 = 0x4cae;
0x000025f4 blx 0xc68 | fcn_00000c68 ();
0x000025f8 ldr r3, [r4, 0x24] | r3 = *((r4 + 0x24));
0x000025fa str.w r3, [sb] | __asm ("str.w r3, [sb]");
0x000025fe cmp r3, 0 |
| if (r3 == 0) {
0x00002600 beq 0x267c | goto label_1;
| }
0x00002602 ldr.w fp, [pc, 0xb8] |
0x00002606 ldr.w sl, [pc, 0xb8] |
0x0000260a ldr r7, [pc, 0xb8] |
0x0000260c add fp, pc | fp = 0x4cce;
0x0000260e add sl, pc | sl = 0x4cd4;
0x00002610 add r7, pc | r7 = 0x4cda;
| label_0:
0x00002612 ldr r2, [r3, 4] | r2 = *((r3 + 4));
0x00002614 mov r1, sl | r1 = sl;
0x00002616 movs r0, 2 | r0 = 2;
0x00002618 cmp r2, 0 |
0x0000261a it eq |
| if (r2 != 0) {
0x0000261c moveq r2, fp | r2 = fp;
| }
0x0000261e blx 0xc68 | fcn_00000c68 ();
0x00002622 ldr.w r3, [sb] | r3 = *(sb);
0x00002626 ldr r4, [r3, 0x18] | r4 = *((r3 + 0x18));
| if (r4 == 0) {
0x00002628 cbz r4, 0x2672 | goto label_2;
| }
0x0000262a add r5, sp, 0xc | r5 += var_ch;
| do {
0x0000262c ldr r0, [r4] | r0 = *(r4);
0x0000262e blx 0xc04 | inet_ntoa (r0);
0x00002632 movs r2, 0x40 | r2 = 0x40;
0x00002634 mov r1, r0 | r1 = r0;
0x00002636 mov r0, r5 | r0 = r5;
0x00002638 blx 0xc58 | strcpy_chk ()
0x0000263c ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0000263e blx 0xc04 | inet_ntoa (r0);
0x00002642 mov r2, r5 | r2 = r5;
0x00002644 mov r3, r0 | r3 = r0;
0x00002646 mov r1, r7 | r1 = r7;
0x00002648 movs r0, 2 | r0 = 2;
0x0000264a blx 0xc68 | fcn_00000c68 ();
0x0000264e ldrd r1, r2, [r4] | __asm ("ldrd r1, r2, [r4]");
0x00002652 ldr r3, [r6] | r3 = *(r6);
0x00002654 eors r3, r1 | r3 ^= r1;
0x00002656 tst r3, r2 |
| if ((r3 & r2) == 0) {
0x00002658 bne 0x2668 |
0x0000265a ldr r3, [r4, 8] | r3 = *((r4 + 8));
| if (r3 == 0) {
0x0000265c cbz r3, 0x2686 | goto label_3;
| }
0x0000265e cmp r3, r8 |
| if (r3 > r8) {
0x00002660 bhi 0x2668 | goto label_4;
| }
0x00002662 ldr r3, [r4, 0xc] | r3 = *((r4 + 0xc));
0x00002664 cmp r3, r8 |
| if (r3 >= r8) {
0x00002666 bhs 0x2686 | goto label_3;
| }
| }
| label_4:
0x00002668 ldr r4, [r4, 0x10] | r4 = *((r4 + 0x10));
0x0000266a cmp r4, 0 |
0x0000266c bne 0x262c |
| } while (r4 != 0);
0x0000266e ldr.w r3, [sb] | r3 = *(sb);
| label_2:
0x00002672 ldr r3, [r3, 0x1c] | r3 = *((r3 + 0x1c));
0x00002674 str.w r3, [sb] | __asm ("str.w r3, [sb]");
0x00002678 cmp r3, 0 |
| if (r3 != 0) {
0x0000267a bne 0x2612 | goto label_0;
| }
| label_1:
0x0000267c ldr r3, [sp, 4] | r3 = var_4h;
0x0000267e adds r3, 4 | r3 += 4;
0x00002680 str.w r3, [sb] | __asm ("str.w r3, [sb]");
0x00002684 b 0x2690 | goto label_5;
| label_3:
0x00002686 ldr r1, [pc, 0x40] |
0x00002688 movs r0, 2 | r0 = 2;
0x0000268a add r1, pc | r1 = 0x4d58;
0x0000268c blx 0xc68 | fcn_00000c68 ();
| label_5:
0x00002690 ldr r2, [pc, 0x38] |
0x00002692 ldr r3, [pc, 0x20] | r3 = *(0x26b6);
0x00002694 add r2, pc | r2 = 0x4d64;
0x00002696 ldr r3, [r2, r3] | r3 = *(0x4d64);
0x00002698 ldr r2, [r3] | r2 = *(0x4d64);
0x0000269a ldr r3, [sp, 0x4c] | r3 = var_4ch;
0x0000269c eors r2, r3 | r2 ^= r3;
0x0000269e mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x000026a2 bne 0x26ac |
0x000026a4 movs r0, 0 | r0 = 0;
0x000026a6 add sp, 0x54 |
0x000026a8 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x000026ac blx 0xc1c | stack_chk_fail ();
0x000026b0 subs r1, 0x28 | r1 -= 0x28;
0x000026b2 movs r1, r0 | r1 = r0;
0x000026b4 lsls r4, r4, 3 | r4 <<= 3;
0x000026b6 movs r0, r0 |
0x000026b8 subs r6, r4, r6 | r6 = r4 - r6;
0x000026ba movs r0, r0 |
0x000026bc subs r4, r7, r5 | r4 = r7 - r5;
0x000026be movs r0, r0 |
0x000026c0 subs r6, r5, r6 | r6 = r5 - r6;
0x000026c2 movs r0, r0 |
0x000026c4 subs r0, r1, r7 | r0 = r1 - r7;
0x000026c6 movs r0, r0 |
0x000026c8 subs r6, r4, r5 | r6 = r4 - r5;
0x000026ca movs r0, r0 |
0x000026cc subs r0, 0x70 | r0 -= 0x70;
0x000026ce movs r1, r0 | r1 = r0;
| }
[*] Function strcpy used 2 times libtsocks.so.1.8
