[*] Binary protection state of conf-migrate
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of conf-migrate
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/libexec/conf-migrate @ 0x2a88 */
| #include <stdint.h>
|
; (fcn) fcn.00002a88 () | void fcn_00002a88 (uint32_t arg1) {
| int16_t var_4h;
| char * ptr;
| int16_t var_9h;
| int16_t var_ah;
| int16_t var_ch;
| int16_t var_34h;
| int16_t var_38h;
| r0 = arg1;
0x00002a88 push {r1, r2, r3} |
0x00002a8a cmp r0, 7 |
0x00002a8c ldr r2, [pc, 0x100] |
0x00002a8e ldr r3, [pc, 0x104] | r3 = *(0x2b96);
0x00002a90 add r2, pc | r2 = 0x5624;
0x00002a92 push.w {r4, r5, r6, r7, r8, sb, sl, lr} |
0x00002a96 sub sp, 0x14 |
0x00002a98 mov r4, r0 | r4 = r0;
0x00002a9a ldr r3, [r2, r3] |
0x00002a9c ldr.w r8, [sp, 0x34] | r8 = var_34h;
0x00002aa0 ldr r3, [r3] | r3 = *(0x5624);
0x00002aa2 str r3, [sp, 0xc] | var_ch = r3;
0x00002aa4 mov.w r3, 0 | r3 = 0;
| if (r0 == 7) {
0x00002aa8 beq 0x2b64 | goto label_2;
| }
0x00002aaa blx 0xd30 | errno_location ();
0x00002aae subs r3, r4, 2 | r3 = r4 - 2;
0x00002ab0 ldr.w sb, [r0] | sb = *(r0);
0x00002ab4 cmp r3, 1 |
0x00002ab6 mov r5, r0 | r5 = r0;
| if (r3 < 1) {
0x00002ab8 bls 0x2b54 | goto label_3;
| }
0x00002aba cmp r4, 4 |
0x00002abc it ne |
| if (r4 == 4) {
0x00002abe movne r6, 1 | r6 = 1;
| }
| if (r4 == 4) {
0x00002ac0 beq 0x2b7c | goto label_4;
| }
| do {
| label_1:
0x00002ac2 ldr.w sl, [pc, 0xd4] |
0x00002ac6 add r7, sp, 0x38 | r7 += var_38h;
0x00002ac8 mov r3, r7 | r3 = r7;
0x00002aca mov r2, r8 | r2 = r8;
0x00002acc movs r1, 1 | r1 = 1;
0x00002ace mov r0, r6 | r0 = r6;
0x00002ad0 add sl, pc | sl = 0x566e;
0x00002ad2 str.w sb, [r5] | __asm ("str.w sb, [r5]");
0x00002ad6 str r7, [sp, 4] | var_4h = r7;
0x00002ad8 blx 0xc94 | vdprintf_chk ()
0x00002adc mov r0, r6 | r0 = r6;
0x00002ade movs r2, 2 | r2 = 2;
0x00002ae0 mov r1, sl | r1 = sl;
0x00002ae2 blx 0xd60 | write (r0, r1, r2);
0x00002ae6 ldr r0, [pc, 0xb4] |
0x00002ae8 mov.w r2, 0x1a4 | r2 = 0x1a4;
0x00002aec movw r1, 0x441 | r1 = 0x441;
0x00002af0 add r0, pc | r0 = 0x5692;
0x00002af2 blx 0xcc4 | r0 = open (r0, r1, r2);
0x00002af6 subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 >= r0) {
0x00002af8 blt 0x2b36 |
0x00002afa movs r3, 0x3c | r3 = 0x3c;
0x00002afc add r1, sp, 8 | r1 += ptr;
0x00002afe movs r2, 3 | r2 = 3;
0x00002b00 strb.w r3, [sp, 8] | ptr = r3;
0x00002b04 adds r4, 0x30 | r4 += 0x30;
0x00002b06 movs r3, 0x3e | r3 = 0x3e;
0x00002b08 strb.w r3, [sp, 0xa] | var_ah = r3;
0x00002b0c strb.w r4, [sp, 9] | var_9h = r4;
0x00002b10 blx 0xd60 | write (r0, r1, r2);
0x00002b14 mov r3, r7 | r3 = r7;
0x00002b16 mov r2, r8 | r2 = r8;
0x00002b18 movs r1, 1 | r1 = 1;
0x00002b1a mov r0, r6 | r0 = r6;
0x00002b1c str.w sb, [r5] | __asm ("str.w sb, [r5]");
0x00002b20 str r7, [sp, 4] | var_4h = r7;
0x00002b22 blx 0xc94 | vdprintf_chk ()
0x00002b26 movs r2, 2 | r2 = 2;
0x00002b28 mov r1, sl | r1 = sl;
0x00002b2a mov r0, r6 | r0 = r6;
0x00002b2c blx 0xd60 | write (r0, r1, r2);
0x00002b30 mov r0, r6 | r0 = r6;
0x00002b32 blx 0xe14 | close (r0);
| }
| label_0:
0x00002b36 ldr r2, [pc, 0x68] |
0x00002b38 ldr r3, [pc, 0x58] | r3 = *(0x2b94);
0x00002b3a add r2, pc | r2 = 0x56e0;
0x00002b3c ldr r3, [r2, r3] | r3 = *(0x56e0);
0x00002b3e ldr r2, [r3] | r2 = *(0x56e0);
0x00002b40 ldr r3, [sp, 0xc] | r3 = var_ch;
0x00002b42 eors r2, r3 | r2 ^= r3;
0x00002b44 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00002b48 bne 0x2b8c | goto label_5;
| }
0x00002b4a add sp, 0x14 |
0x00002b4c pop.w {r4, r5, r6, r7, r8, sb, sl, lr} |
0x00002b50 add sp, 0xc |
0x00002b52 bx lr | return;
| label_3:
0x00002b54 ldr r1, [pc, 0x4c] |
0x00002b56 movs r2, 7 | r2 = 7;
0x00002b58 movs r0, 2 | r0 = 2;
0x00002b5a movs r6, 2 | r6 = 2;
0x00002b5c add r1, pc | r1 = 0x5704;
0x00002b5e blx 0xd60 | write (r0, r1, r2);
0x00002b62 b 0x2ac2 |
| } while (1);
| label_2:
0x00002b64 ldr r3, [pc, 0x40] |
0x00002b66 add r3, pc | r3 = 0x5712;
0x00002b68 ldrb r3, [r3] | r3 = *(r3);
0x00002b6a cmp r3, 0 |
| if (r3 == 0) {
0x00002b6c beq 0x2b36 | goto label_0;
| }
0x00002b6e blx 0xd30 | errno_location ();
0x00002b72 movs r6, 1 | r6 = 1;
0x00002b74 ldr.w sb, [r0] | sb = *(r0);
0x00002b78 mov r5, r0 | r5 = r0;
0x00002b7a b 0x2ac2 | goto label_1;
| label_4:
0x00002b7c ldr r1, [pc, 0x2c] |
0x00002b7e movs r2, 9 | r2 = 9;
0x00002b80 movs r0, 2 | r0 = 2;
0x00002b82 movs r6, 2 | r6 = 2;
0x00002b84 add r1, pc | r1 = 0x5734;
0x00002b86 blx 0xd60 | write (r0, r1, r2);
0x00002b8a b 0x2ac2 | goto label_1;
| label_5:
0x00002b8c blx 0xc10 | stack_chk_fail ();
0x00002b90 asrs r4, r3, 0x11 | r4 = r3 >> 0x11;
0x00002b92 movs r1, r0 | r1 = r0;
0x00002b94 lsls r4, r7, 3 | r4 = r7 << 3;
0x00002b96 movs r0, r0 |
0x00002b98 lsrs r4, r4, 0x1a | r4 >>= 0x1a;
0x00002b9a movs r0, r0 |
0x00002b9c lsrs r0, r1, 0x1a | r0 = r1 >> 0x1a;
0x00002b9e movs r0, r0 |
0x00002ba0 asrs r2, r6, 0xe | r2 = r6 >> 0xe;
0x00002ba2 movs r1, r0 | r1 = r0;
0x00002ba4 lsrs r4, r0, 0x18 | r4 = r0 >> 0x18;
0x00002ba6 movs r0, r0 |
0x00002ba8 asrs r6, r6, 0x12 | r6 >>= 0x12;
0x00002baa movs r1, r0 | r1 = r0;
0x00002bac lsrs r4, r4, 0x17 | r4 >>= 0x17;
0x00002bae movs r0, r0 |
| }
[*] Function printf used 3 times conf-migrate
