[*] Binary protection state of fsck.ext3
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function popen tear down of fsck.ext3
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/fsck.ext3 @ 0x27518 */
| #include <stdint.h>
|
; (fcn) sym.check_plausibility () | void check_plausibility (int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_14h;
| int16_t var_18h;
| int16_t var_1ch;
| int16_t var_20h;
| int16_t var_30h;
| int16_t var_8ch;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x00027518 push.w {r4, r5, r6, r7, r8, sb, lr} |
0x0002751c mov r6, r2 | r6 = r2;
0x0002751e ldr r2, [pc, 0x2c0] |
0x00027520 sub sp, 0x94 |
0x00027522 mov r5, r1 | r5 = r1;
0x00027524 movs r1, 0 | r1 = 0;
0x00027526 ldr r3, [pc, 0x2bc] | r3 = *(0x277e6);
0x00027528 mov r7, r0 | r7 = r0;
0x0002752a add r2, pc | r2 = 0x4ed10;
0x0002752c ldr.w r8, [pc, 0x2b8] | r8 = *(0x000277e8);
0x00027530 ldr r3, [r2, r3] |
0x00027532 mov.w r2, 0x1b6 | r2 = 0x1b6;
0x00027536 add r8, pc | r8 += pc;
0x00027538 ldr r3, [r3] | r3 = *(0x4ed10);
0x0002753a str r3, [sp, 0x8c] | var_8ch = r3;
0x0002753c mov.w r3, 0 | r3 = 0;
0x00027540 str r1, [sp, 0x14] | var_14h = r1;
0x00027542 blx 0x9784 | r0 = fcn_00009784 ();
0x00027546 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 < r0) {
0x00027548 blt 0x275b2 | goto label_10;
| }
| label_5:
0x0002754a add r1, sp, 0x20 | r1 += var_20h;
0x0002754c mov r0, r4 | r0 = r4;
0x0002754e blx 0x91b8 | r0 = ext2fs_test_inode_bitmap_range ();
0x00027552 cmp r0, 0 |
| if (r0 < 0) {
0x00027554 blt.w 0x277b6 | goto label_11;
| }
0x00027558 mov r0, r4 | r0 = r4;
0x0002755a blx 0x973c | fcn_0000973c ();
0x0002755e ldr r3, [sp, 0x30] | r3 = var_30h;
0x00027560 and r3, r3, 0xf000 | r3 &= 0xf000;
0x00027564 cmp.w r3, 0x6000 |
| if (r3 == 0x6000) {
0x00027568 beq 0x275a4 | goto label_12;
| }
0x0002756a and r3, r5, 1 | r3 = r5 & 1;
0x0002756e cmp r6, 0 |
| if (r6 == 0) {
0x00027570 beq 0x27642 | goto label_13;
| }
0x00027572 movs r2, 0 | r2 = 0;
0x00027574 str r2, [r6] | *(r6) = r2;
| if (r3 == 0) {
0x00027576 cbz r3, 0x275aa | goto label_2;
| }
| label_3:
0x00027578 ldr r1, [pc, 0x270] |
0x0002757a mov r2, r7 | r2 = r7;
0x0002757c movs r0, 1 | r0 = 1;
0x0002757e movs r4, 0 | r4 = 0;
0x00027580 add r1, pc | r1 = 0x4ed70;
0x00027582 blx 0x91c8 | fcn_000091c8 ();
| do {
| label_1:
0x00027586 ldr r2, [pc, 0x268] |
0x00027588 ldr r3, [pc, 0x258] | r3 = *(0x277e4);
0x0002758a add r2, pc | r2 = 0x4ed80;
0x0002758c ldr r3, [r2, r3] | r3 = *(0x4ed80);
0x0002758e ldr r2, [r3] | r2 = *(0x4ed80);
0x00027590 ldr r3, [sp, 0x8c] | r3 = var_8ch;
0x00027592 eors r2, r3 | r2 ^= r3;
0x00027594 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00027598 bne.w 0x277c0 | goto label_14;
| }
0x0002759c mov r0, r4 | r0 = r4;
0x0002759e add sp, 0x94 |
0x000275a0 pop.w {r4, r5, r6, r7, r8, sb, pc} |
| if (r6 != 0) {
| label_12:
0x000275a4 cbz r6, 0x275aa |
0x000275a6 movs r3, 1 | r3 = 1;
0x000275a8 str r3, [r6] | *(r6) = r3;
| }
| label_2:
0x000275aa lsls r3, r5, 0x1d | r3 = r5 << 0x1d;
| if (r3 < r5) {
0x000275ac bmi 0x275ec | goto label_15;
| }
| label_0:
0x000275ae movs r4, 1 | r4 = 1;
0x000275b0 b 0x27586 |
| } while (1);
| label_10:
0x000275b2 blx 0x90e8 | r0 = fcn_000090e8 ();
0x000275b6 mov sb, r0 | sb = r0;
0x000275b8 ldr r0, [r0] | r0 = *(r0);
0x000275ba cmp r0, 2 |
| if (r0 == 2) {
0x000275bc beq.w 0x276f4 | goto label_16;
| }
| label_4:
0x000275c0 ldr r3, [pc, 0x230] | r3 = *(0x277f4);
0x000275c2 ldr.w r4, [r8, r3] | r4 = *((r8 + r3));
0x000275c6 ldr r5, [r4] | r5 = *(r4);
0x000275c8 blx 0x91d4 | fcn_000091d4 ();
0x000275cc ldr r2, [pc, 0x228] |
0x000275ce mov r3, r7 | r3 = r7;
0x000275d0 str r0, [sp] | *(sp) = r0;
0x000275d2 movs r1, 1 | r1 = 1;
0x000275d4 mov r0, r5 | r0 = r5;
0x000275d6 add r2, pc | r2 = 0x4edd2;
0x000275d8 blx 0x927c | fcn_0000927c ();
0x000275dc ldr.w r3, [sb] | r3 = *(sb);
0x000275e0 cmp r3, 2 |
| if (r3 == 2) {
0x000275e2 beq.w 0x27748 | goto label_17;
| }
| label_7:
0x000275e6 movs r0, 1 | r0 = 1;
0x000275e8 blx 0x8fc8 | fcn_00008fc8 ();
| label_15:
0x000275ec movs r1, 0 | r1 = 0;
0x000275ee add r0, sp, 0x14 | r0 += var_14h;
0x000275f0 blx 0x9694 | r0 = fcn_00009694 ();
0x000275f4 cmp r0, 0 |
| if (r0 >= 0) {
0x000275f6 bge 0x27648 | goto label_18;
| }
| label_6:
0x000275f8 mov r0, r7 | r0 = r7;
0x000275fa blx 0x8890 | r0 = fcn_00008890 ();
0x000275fe mov r5, r0 | r5 = r0;
0x00027600 cmp r0, 0 |
| if (r0 == 0) {
0x00027602 beq 0x275ae | goto label_0;
| }
0x00027604 movs r1, 1 | r1 = 1;
0x00027606 blx 0x89e4 | r0 = memcpy (r0, r1, r2);
0x0002760a cmp r0, 0 |
| if (r0 >= 0) {
0x0002760c blt 0x27638 |
0x0002760e movs r1, 0 | r1 = 0;
0x00027610 mov r0, r5 | r0 = r5;
0x00027612 blx 0x8990 | r0 = ext2fs_mmp_read ();
0x00027616 cmp r0, 0 |
| if (r0 < 0) {
0x00027618 blt 0x27638 | goto label_19;
| }
0x0002761a mov r0, r5 | r0 = r5;
0x0002761c blx 0x8f08 | r0 = fcn_00008f08 ();
0x00027620 cmp r0, 0 |
| if (r0 < 0) {
0x00027622 blt 0x27638 | goto label_19;
| }
0x00027624 ldr r1, [pc, 0x1d4] |
0x00027626 movs r3, 0 | r3 = 0;
0x00027628 add r2, sp, 0x1c | r2 += var_1ch;
0x0002762a mov r0, r5 | r0 = r5;
0x0002762c add r1, pc | r1 = 0x4ee2c;
0x0002762e blx 0x8848 | r0 = fcn_00008848 ();
0x00027632 mov r4, r0 | r4 = r0;
0x00027634 cmp r0, 0 |
| if (r0 == 0) {
0x00027636 beq 0x2772a | goto label_20;
| }
| }
| label_19:
0x00027638 mov r0, r5 | r0 = r5;
0x0002763a movs r4, 1 | r4 = 1;
0x0002763c blx 0x93a4 | popen (r0, r1)
0x00027640 b 0x27586 | goto label_1;
| label_13:
0x00027642 cmp r3, 0 |
| if (r3 == 0) {
0x00027644 beq 0x275aa | goto label_2;
| }
0x00027646 b 0x27578 | goto label_3;
| label_18:
0x00027648 ldr r1, [pc, 0x1b4] |
0x0002764a mov r2, r7 | r2 = r7;
0x0002764c ldr r0, [sp, 0x14] | r0 = var_14h;
0x0002764e add r1, pc | r1 = 0x4ee52;
0x00027650 blx 0x8bbc | r0 = fcn_00008bbc ();
0x00027654 mov r4, r0 | r4 = r0;
0x00027656 cmp r0, 0 |
| if (r0 == 0) {
0x00027658 beq 0x27722 | goto label_21;
| }
0x0002765a ldr r1, [pc, 0x1a8] |
0x0002765c mov r2, r7 | r2 = r7;
0x0002765e ldr r0, [sp, 0x14] | r0 = var_14h;
0x00027660 add r1, pc | r1 = 0x4ee6a;
0x00027662 blx 0x8bbc | r0 = fcn_00008bbc ();
0x00027666 mov r5, r0 | r5 = r0;
0x00027668 ldr r0, [sp, 0x14] | r0 = var_14h;
0x0002766a blx 0x8aa8 | fcn_00008aa8 ();
0x0002766e mov r3, r4 | r3 = r4;
0x00027670 cmp r5, 0 |
| if (r5 == 0) {
0x00027672 beq 0x27758 | goto label_22;
| }
0x00027674 ldr r1, [pc, 0x190] |
0x00027676 mov r2, r7 | r2 = r7;
0x00027678 movs r0, 1 | r0 = 1;
0x0002767a str r5, [sp] | *(sp) = r5;
0x0002767c add r1, pc | r1 = 0x4ee88;
0x0002767e blx 0x91c8 | fcn_000091c8 ();
| label_8:
0x00027682 ldrb r3, [r4] | r3 = *(r4);
0x00027684 cmp r3, 0x65 |
| if (r3 == 0x65) {
0x00027686 bne 0x276e4 |
0x00027688 ldrb r3, [r4, 1] | r3 = *((r4 + 1));
0x0002768a cmp r3, 0x78 |
| if (r3 != 0x78) {
0x0002768c bne 0x276e4 | goto label_23;
| }
0x0002768e ldrb r3, [r4, 2] | r3 = *((r4 + 2));
0x00027690 subs r3, 0x74 | r3 -= 0x74;
| if (r3 != 0x74) {
0x00027692 bne 0x276e4 | goto label_23;
| }
0x00027694 ldr r2, [pc, 0x174] |
0x00027696 add r6, sp, 0x18 | r6 += var_18h;
0x00027698 str r6, [sp, 8] | var_8h = r6;
0x0002769a mov r0, r7 | r0 = r7;
0x0002769c mov r1, r3 | r1 = r3;
0x0002769e ldr.w r2, [r8, r2] | r2 = *((r8 + r2));
0x000276a2 str r3, [sp] | *(sp) = r3;
0x000276a4 ldr r2, [r2] | r2 = *(0x2780c);
0x000276a6 str r2, [sp, 4] | var_4h = r2;
0x000276a8 mov.w r2, 0x20000 | r2 = 0x20000;
0x000276ac blx 0x9148 | r0 = fcn_00009148 ();
| if (r0 != 0) {
0x000276b0 cbnz r0, 0x276e4 | goto label_23;
| }
0x000276b2 ldr r3, [sp, 0x18] | r3 = var_18h;
0x000276b4 ldr r7, [r3, 0x10] | r7 = *((r3 + 0x10));
0x000276b6 ldr r3, [r7, 0x2c] | r3 = *((r7 + 0x2c));
0x000276b8 cmp r3, 0 |
| if (r3 == 0) {
0x000276ba beq 0x2776c | goto label_24;
| }
0x000276bc str r3, [sp, 0x1c] | var_1ch = r3;
0x000276be add r0, sp, 0x1c | r0 += var_1ch;
0x000276c0 ldrb.w r3, [r7, 0x88] | r3 = *((r7 + 0x88));
0x000276c4 cmp r3, 0 |
| if (r3 == 0) {
0x000276c6 beq 0x2778e | goto label_25;
| }
0x000276c8 blx 0x8ac0 | fcn_00008ac0 ();
0x000276cc ldr r1, [pc, 0x140] |
0x000276ce add.w r3, r7, 0x88 | r3 = r7 + 0x88;
0x000276d2 str r0, [sp] | *(sp) = r0;
0x000276d4 movs r2, 0x40 | r2 = 0x40;
0x000276d6 movs r0, 1 | r0 = 1;
0x000276d8 add r1, pc | r1 = 0x4eeec;
0x000276da blx 0x91c8 | fcn_000091c8 ();
| label_9:
0x000276de mov r0, r6 | r0 = r6;
0x000276e0 blx 0x9340 | fcn_00009340 ();
| }
| label_23:
0x000276e4 mov r0, r4 | r0 = r4;
0x000276e6 movs r4, 0 | r4 = 0;
0x000276e8 blx 0x896c | ext2fs_sync_device ();
0x000276ec mov r0, r5 | r0 = r5;
0x000276ee blx 0x896c | ext2fs_sync_device ();
0x000276f2 b 0x27586 | goto label_1;
| label_16:
0x000276f4 lsls r4, r5, 0x1b | r4 = r5 << 0x1b;
| if (r4 < r5) {
0x000276f6 bmi 0x277c4 | goto label_26;
| }
0x000276f8 lsls r1, r5, 0x1e | r1 = r5 << 0x1e;
| if (r1 >= r5) {
0x000276fa bpl.w 0x275c0 | goto label_4;
| }
0x000276fe mov.w r2, 0x1b6 | r2 = 0x1b6;
0x00027702 movs r1, 0x40 | r1 = 0x40;
0x00027704 mov r0, r7 | r0 = r7;
0x00027706 blx 0x9784 | r0 = fcn_00009784 ();
0x0002770a subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 < r0) {
0x0002770c blt 0x27766 | goto label_27;
| }
0x0002770e lsls r2, r5, 0x1c | r2 = r5 << 0x1c;
| if (r2 >= r5) {
0x00027710 bpl.w 0x2754a | goto label_5;
| }
0x00027714 ldr r1, [pc, 0xfc] |
0x00027716 mov r2, r7 | r2 = r7;
0x00027718 movs r0, 1 | r0 = 1;
0x0002771a add r1, pc | r1 = 0x4ef32;
0x0002771c blx 0x91c8 | fcn_000091c8 ();
0x00027720 b 0x2754a | goto label_5;
| label_21:
0x00027722 ldr r0, [sp, 0x14] | r0 = var_14h;
0x00027724 blx 0x8aa8 | fcn_00008aa8 ();
0x00027728 b 0x275f8 | goto label_6;
| label_20:
0x0002772a ldr r3, [pc, 0xc8] | r3 = *(0x277f6);
0x0002772c movs r1, 1 | r1 = 1;
0x0002772e ldr.w r2, [r8, r3] | r2 = *((r8 + r3));
0x00027732 str r7, [sp] | *(sp) = r7;
0x00027734 ldr r3, [sp, 0x1c] | r3 = var_1ch;
0x00027736 ldr r0, [r2] | r0 = *(r2);
0x00027738 ldr r2, [pc, 0xdc] |
0x0002773a add r2, pc | r2 = 0x4ef56;
0x0002773c blx 0x927c | fcn_0000927c ();
0x00027740 mov r0, r5 | r0 = r5;
0x00027742 blx 0x93a4 | popen (r0, r1)
0x00027744 mrc p7, 1, lr, c0, c14, 0 | __asm ("mrc p7, 1, lr, c0, c14, 0");
| label_17:
0x00027748 ldr r0, [pc, 0xd0] |
0x0002774a movs r2, 0x45 | r2 = 0x45;
0x0002774c ldr r3, [r4] | r3 = *(r4);
0x0002774e movs r1, 1 | r1 = 1;
0x00027750 add r0, pc | r0 = 0x4ef70;
0x00027752 blx 0x8cec | fcn_00008cec ();
0x00027756 b 0x275e6 | goto label_7;
| label_22:
0x00027758 ldr r1, [pc, 0xc4] |
0x0002775a mov r2, r7 | r2 = r7;
0x0002775c movs r0, 1 | r0 = 1;
0x0002775e add r1, pc | r1 = 0x4ef82;
0x00027760 blx 0x91c8 | fcn_000091c8 ();
0x00027764 b 0x27682 | goto label_8;
| label_27:
0x00027766 ldr.w r0, [sb] | r0 = *(sb);
0x0002776a b 0x275c0 | goto label_4;
| label_24:
0x0002776c ldr.w r3, [r7, 0x108] | r3 = *((r7 + 0x108));
| if (r3 != 0) {
0x00027770 cbnz r3, 0x277a0 | goto label_28;
| }
0x00027772 ldr r3, [r7, 0x30] | r3 = *((r7 + 0x30));
0x00027774 cmp r3, 0 |
| if (r3 == 0) {
0x00027776 beq 0x276de | goto label_9;
| }
0x00027778 add r0, sp, 0x1c | r0 += var_1ch;
0x0002777a str r3, [sp, 0x1c] | var_1ch = r3;
0x0002777c blx 0x8ac0 | fcn_00008ac0 ();
0x00027780 ldr r1, [pc, 0xa0] |
0x00027782 mov r2, r0 | r2 = r0;
0x00027784 movs r0, 1 | r0 = 1;
0x00027786 add r1, pc | r1 = 0x4efae;
0x00027788 blx 0x91c8 | fcn_000091c8 ();
0x0002778c b 0x276de | goto label_9;
| label_25:
0x0002778e blx 0x8ac0 | fcn_00008ac0 ();
0x00027792 ldr r1, [pc, 0x94] |
0x00027794 mov r2, r0 | r2 = r0;
0x00027796 movs r0, 1 | r0 = 1;
0x00027798 add r1, pc | r1 = 0x4efc6;
0x0002779a blx 0x91c8 | fcn_000091c8 ();
0x0002779e b 0x276de | goto label_9;
| label_28:
0x000277a0 add r0, sp, 0x1c | r0 += var_1ch;
0x000277a2 str r3, [sp, 0x1c] | var_1ch = r3;
0x000277a4 blx 0x8ac0 | fcn_00008ac0 ();
0x000277a8 ldr r1, [pc, 0x80] |
0x000277aa mov r2, r0 | r2 = r0;
0x000277ac movs r0, 1 | r0 = 1;
0x000277ae add r1, pc | r1 = 0x4efde;
0x000277b0 blx 0x91c8 | fcn_000091c8 ();
0x000277b4 b 0x276de | goto label_9;
| label_11:
0x000277b6 ldr r0, [pc, 0x78] |
0x000277b8 add r0, pc | r0 = 0x4efee;
0x000277ba blx 0x8c8c | fcn_00008c8c ();
0x000277be b 0x275e6 | goto label_7;
| label_14:
0x000277c0 blx 0x8b08 | fcn_00008b08 ();
| label_26:
0x000277c4 ldr r0, [pc, 0x2c] |
0x000277c6 mov r3, r7 | r3 = r7;
0x000277c8 ldr r2, [pc, 0x68] |
0x000277ca movs r1, 1 | r1 = 1;
0x000277cc ldr.w r0, [r8, r0] | r0 = *((r8 + r0));
0x000277d0 add r2, pc | r2 = 0x4f008;
0x000277d2 ldr r0, [r0] | r0 = *(0x277f4);
0x000277d4 blx 0x927c | fcn_0000927c ();
0x000277d8 movs r0, 1 | r0 = 1;
0x000277da blx 0x8fc8 | fcn_00008fc8 ();
0x000277de nop |
0x000277e0 invalid |
| }
[*] Function popen used 3 times fsck.ext3
