[*] Binary protection state of debugfs
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function popen tear down of debugfs
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/debugfs @ 0xb0e4 */
| #include <stdint.h>
|
; (fcn) fcn.0000b0e4 () | void fcn_0000b0e4 (int16_t arg_0h, int16_t arg2, int16_t arg3) {
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_14h;
| r1 = arg2;
| r2 = arg3;
0x0000b0e4 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x0000b0e8 sub sp, 0x1c |
0x0000b0ea strd r1, r2, [sp, 8] | __asm ("strd r1, r2, [var_8h]");
0x0000b0ee ldr r5, [r2] | r5 = *(r2);
0x0000b0f0 ldr r2, [pc, 0xf4] |
0x0000b0f2 ldr r3, [pc, 0xf8] | r3 = *(0xb1ee);
0x0000b0f4 ldr.w sb, [pc, 0xf8] |
0x0000b0f8 add r2, pc | r2 = 0x162e4;
0x0000b0fa ldr.w r8, [r1] | r8 = *(r1);
0x0000b0fe ldr r3, [r2, r3] |
0x0000b100 add sb, pc | sb = 0x162f4;
0x0000b102 mov r1, sb | r1 = sb;
0x0000b104 ldr r3, [r3] | r3 = *(0x162e4);
0x0000b106 str r3, [sp, 0x14] | var_14h = r3;
0x0000b108 mov.w r3, 0 | r3 = 0;
0x0000b10c add r3, sp, 0x10 | r3 += var_10h;
0x0000b10e str r3, [sp, 4] | var_4h = r3;
0x0000b110 blx 0x5604 | r0 = popen (r0, r1)
0x0000b114 mov r4, r0 | r4 = r0;
0x0000b116 cmp r0, 0 |
| if (r0 == 0) {
0x0000b118 beq 0xb190 | goto label_3;
| }
| label_0:
0x0000b11a blx 0x53f4 | sprintf_chk ();
0x0000b11e movs r2, 0 | r2 = 0;
0x0000b120 mov fp, r0 |
0x0000b122 str.w r2, [fp] | __asm ("str.w r2, [fp]");
0x0000b126 mov r0, r4 | r0 = r4;
0x0000b128 ldr r1, [sp, 4] | r1 = var_4h;
0x0000b12a blx 0x5488 | fcn_00005488 ();
0x0000b12e ldr.w r2, [fp] | r2 = *(fp);
0x0000b132 mov r4, r0 | r4 = r0;
0x0000b134 mov r6, r1 | r6 = r1;
0x0000b136 cmp r2, 0 |
| if (r2 != 0) {
0x0000b138 bne 0xb1d8 | goto label_4;
| }
0x0000b13a ldr r0, [sp, 0x10] | r0 = var_10h;
0x0000b13c ldrb r3, [r0] | r3 = *(r0);
0x0000b13e cmp r3, 0x2d |
| if (r3 == 0x2d) {
0x0000b140 beq 0xb194 | goto label_5;
| }
| if (r3 != 0) {
0x0000b142 cbnz r3, 0xb1ae | goto label_6;
| }
0x0000b144 mov r7, r4 | r7 = r4;
0x0000b146 mov fp, r1 |
| label_1:
0x0000b148 adds.w sl, r5, 1 | sl = r5 + 1;
0x0000b14c mov r0, r8 | r0 = r8;
0x0000b14e subs.w r1, sl, r4 | r1 = sl - r4;
0x0000b152 adds r1, r1, r7 | r1 += r7;
0x0000b154 lsls r1, r1, 3 | r1 <<= 3;
0x0000b156 blx 0x5074 | r0 = fcn_00005074 ();
0x0000b15a cmp r0, 0 |
| if (r0 == 0) {
0x0000b15c beq 0xb1e0 | goto label_7;
| }
0x0000b15e add.w r1, r0, r5, lsl 3 | r1 = r0 + (r5 << 3);
0x0000b162 mov r3, r4 | r3 = r4;
0x0000b164 sub.w r2, sl, r4 | r2 = sl - r4;
| do {
0x0000b168 str r3, [r1] | *(r1) = r3;
0x0000b16a adds r5, r2, r3 | r5 = r2 + r3;
0x0000b16c adds r3, 1 | r3++;
0x0000b16e str r6, [r1, 4] | *((r1 + 4)) = r6;
0x0000b170 adc r6, r6, 0 | __asm ("adc r6, r6, 0");
0x0000b174 cmp r7, r3 |
0x0000b176 sbcs.w r4, fp, r6 | __asm ("sbcs.w r4, fp, r6");
0x0000b17a add.w r1, r1, 8 | r1 += 8;
0x0000b17e bhs 0xb168 |
| } while (r7 >= r3);
0x0000b180 mov r8, r0 | r8 = r0;
0x0000b182 mov r1, sb | r1 = sb;
0x0000b184 movs r0, 0 | r0 = 0;
0x0000b186 blx 0x5604 | r0 = popen (r0, r1)
0x0000b18a mov r4, r0 | r4 = r0;
0x0000b18c cmp r0, 0 |
| if (r0 != 0) {
0x0000b18e bne 0xb11a | goto label_0;
| }
| label_3:
0x0000b190 mov ip, r0 |
0x0000b192 b 0xb1b2 | goto label_2;
| label_5:
0x0000b194 mov r1, r2 | r1 = r2;
0x0000b196 adds r0, 1 | r0++;
0x0000b198 blx 0x5488 | fcn_00005488 ();
0x0000b19c ldr.w r2, [fp] | r2 = *(fp);
0x0000b19e movs r0, 0 | r0 = 0;
0x0000b1a0 mov r7, r0 | r7 = r0;
0x0000b1a2 mov fp, r1 |
| if (r2 != 0) {
0x0000b1a4 cbnz r2, 0xb1d8 | goto label_4;
| }
0x0000b1a6 cmp r0, r4 |
0x0000b1a8 sbcs.w r3, r1, r6 | __asm ("sbcs.w r3, r1, r6");
| if (r0 >= r4) {
0x0000b1ac bhs 0xb148 | goto label_1;
| }
| label_6:
0x0000b1ae mov.w ip, 0x16 |
| do {
| label_2:
0x0000b1b2 ldr r3, [sp, 8] | r3 = var_8h;
0x0000b1b4 ldr r2, [pc, 0x3c] |
0x0000b1b6 str.w r8, [r3] | __asm ("str.w r8, [r3]");
0x0000b1ba ldr r3, [sp, 0xc] | r3 = var_ch;
0x0000b1bc add r2, pc | r2 = 0x163b4;
0x0000b1be str r5, [r3] | *(r3) = r5;
0x0000b1c0 ldr r3, [pc, 0x28] | r3 = *(0xb1ec);
0x0000b1c2 ldr r3, [r2, r3] | r3 = *(0x163b4);
0x0000b1c4 ldr r2, [r3] | r2 = *(0x163b4);
0x0000b1c6 ldr r3, [sp, 0x14] | r3 = var_14h;
0x0000b1c8 eors r2, r3 | r2 ^= r3;
0x0000b1ca mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x0000b1ce bne 0xb1dc | goto label_8;
| }
0x0000b1d0 mov r0, ip | r0 = ip;
0x0000b1d2 add sp, 0x1c |
0x0000b1d4 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_4:
0x0000b1d8 mov ip, r2 |
0x0000b1da b 0xb1b2 |
| } while (1);
| label_8:
0x0000b1dc blx 0x5008 | fcn_00005008 ();
| label_7:
0x0000b1e0 mov.w ip, 0xc |
0x0000b1e4 b 0xb1b2 | goto label_2;
| }
[*] Function popen used 3 times debugfs
