[*] Binary protection state of filefrag
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of filefrag
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/filefrag @ 0x1a6c */
| #include <stdint.h>
|
; (fcn) fcn.00001a6c () | void fcn_00001a6c (int16_t arg_1a0h, int16_t arg_1a4h, int16_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_34h;
| int16_t var_10h;
| int16_t var_14h;
| int16_t var_18h;
| int16_t var_20h;
| int16_t var_24h;
| int16_t var_28h;
| int32_t var_30h;
| int32_t var_30h_2;
| int32_t var_38h;
| int32_t var_38h_2;
| int16_t var_40h;
| int16_t var_4ch;
| int16_t var_50h;
| int16_t var_54h;
| int16_t var_58h;
| int16_t var_5ch;
| int16_t var_60h;
| int16_t var_64h;
| int16_t var_68h;
| int16_t var_6ch;
| int16_t var_74h;
| void * s;
| int16_t var_174h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x00001a6c push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00001a70 sub sp, 0x17c |
0x00001a72 strd r2, r3, [sp, 0x58] | __asm ("strd r2, r3, [var_58h]");
0x00001a76 movs r7, 0 | r7 = 0;
0x00001a78 mov r4, r0 | r4 = r0;
0x00001a7a add.w sb, sp, 0x74 | sb += var_74h;
0x00001a7e ldr r2, [pc, 0x1f8] |
0x00001a80 add r0, sp, 0x78 | r0 += s;
0x00001a82 ldr r3, [pc, 0x1f8] | r3 = *(0x1c7e);
0x00001a84 str r1, [sp, 0x60] | var_60h = r1;
0x00001a86 mov r1, r7 | r1 = r7;
0x00001a88 add r2, pc | r2 = 0x3706;
0x00001a8a ldr r5, [sp, 0x1a0] | r5 = *(arg_1a0h);
0x00001a8c ldr r3, [r2, r3] |
0x00001a8e movs r2, 0xfc | r2 = 0xfc;
0x00001a90 ldr r3, [r3] | r3 = *(0x3706);
0x00001a92 str r3, [sp, 0x174] | var_174h = r3;
0x00001a94 mov.w r3, 0 | r3 = 0;
0x00001a98 ldr r3, [sp, 0x1a4] | r3 = *(arg_1a4h);
0x00001a9a str.w r7, [sb] | __asm ("str.w r7, [sb]");
0x00001a9e str r3, [sp, 0x64] | var_64h = r3;
0x00001aa0 blx 0x8e8 | memset (r0, r1, r2);
0x00001aa4 ldr r2, [r4, 0x14] | r2 = *((r4 + 0x14));
0x00001aa6 ldr r1, [r4, 0x28] | r1 = *((r4 + 0x28));
0x00001aa8 ldr r0, [r4, 0x10] | r0 = *((r4 + 0x10));
0x00001aaa str r2, [sp, 0x50] | var_50h = r2;
0x00001aac ldr r2, [r4] | r2 = *(r4);
0x00001aae tst.w r1, 0x200 |
0x00001ab2 it ne |
| if ((r1 & 0x200) == 0) {
0x00001ab4 movne r5, r7 | r5 = r7;
| }
0x00001ab6 ldr r3, [r4, 4] | r3 = *((r4 + 4));
0x00001ab8 subs r6, r0, 1 | r6 = r0 - 1;
0x00001aba str r0, [sp, 0x6c] | var_6ch = r0;
0x00001abc rsb.w r0, r5, 0x20 | r0 = 0x20 - r5;
0x00001ac0 lsr.w r6, r6, r5 | r6 >>= r5;
0x00001ac4 lsr.w r8, r2, r5 | r8 = r2 >> r5;
0x00001ac8 ldr r2, [sp, 0x50] | r2 = var_50h;
0x00001aca rsb.w fp, r5, 0x20 |
0x00001ace sub.w sl, r5, 0x20 | sl = r5 - 0x20;
0x00001ad2 adc r2, r2, -1 | __asm ("adc r2, r2, -1");
0x00001ad6 lsl.w r0, r2, r0 | r0 = r2 << r0;
0x00001ada orrs r6, r0 | r6 |= r0;
0x00001adc lsl.w r0, r3, fp | r0 = r3 << fp;
0x00001ae0 orr.w r8, r8, r0 | r8 |= r0;
0x00001ae4 sub.w r0, r5, 0x20 | r0 = r5 - 0x20;
0x00001ae8 lsr.w r0, r2, r0 | r0 = r2 >> r0;
0x00001aec lsrs r2, r5 | r2 >>= r5;
0x00001aee str r2, [sp, 0x54] | var_54h = r2;
0x00001af0 lsr.w r2, r3, r5 | r2 = r3 >> r5;
0x00001af4 lsr.w r3, r3, sl | r3 >>= sl;
0x00001af8 orrs r6, r0 | r6 |= r0;
0x00001afa str r2, [sp, 0x68] | var_68h = r2;
0x00001afc orr.w r8, r8, r3 | r8 |= r3;
0x00001b00 lsls r3, r1, 0x1e | r3 = r1 << 0x1e;
0x00001b02 it mi |
| if (r3 >= r1) {
0x00001b04 strmi r7, [sp, 0x4c] | var_4ch = r7;
| }
| if (r3 >= r1) {
0x00001b06 bmi 0x1b1e |
0x00001b08 ldrd r7, r3, [r4, 8] | __asm ("ldrd r7, r3, [r4, 8]");
0x00001b0c lsl.w r2, r3, fp | r2 = r3 << fp;
0x00001b10 lsrs r7, r5 | r7 >>= r5;
0x00001b12 orrs r7, r2 | r7 |= r2;
0x00001b14 lsr.w r2, r3, sl | r2 = r3 >> sl;
0x00001b16 addw r0, sl, 0x4eb | __asm ("addw r0, sl, 0x4eb");
0x00001b1a orrs r7, r2 | r7 |= r2;
0x00001b1c str r3, [sp, 0x4c] | var_4ch = r3;
| }
0x00001b1e ldrd r3, r2, [sp, 0x58] | __asm ("ldrd r3, r2, [var_58h]");
0x00001b22 orrs r3, r2 | r3 |= r2;
| if (r3 != r2) {
0x00001b24 beq 0x1b72 |
0x00001b26 movs r3, 2 |
0x00001b28 movt r3, 0x800 | r3 = 0x8000002;
0x00001b2c tst r1, r3 |
| if ((r1 & r3) == 0) {
0x00001b2e bne 0x1b72 |
0x00001b30 ldr r3, [pc, 0x14c] |
0x00001b32 add r3, pc | r3 = 0x37b6;
0x00001b34 ldrd r2, r3, [r3] | __asm ("ldrd r2, r3, [r3]");
0x00001b38 cmp r2, r3 |
| if (r2 == r3) {
0x00001b3a beq.w 0x1c6c | goto label_2;
| }
0x00001b3e ldr r3, [pc, 0x144] |
0x00001b40 add r3, pc | r3 = 0x37ca;
| label_1:
0x00001b42 ldr r1, [pc, 0x144] |
0x00001b44 ldr r0, [sp, 0x5c] | r0 = var_5ch;
0x00001b46 ldr r2, [sp, 0x58] | r2 = var_58h;
0x00001b48 add r1, pc |
0x00001b4a ldr r1, [r1] | r1 = *(0x37d6);
0x00001b4c lsrs r2, r5 | r2 >>= r5;
0x00001b4e str r1, [sp] | *(sp) = r1;
0x00001b50 lsl.w r1, r0, fp | r1 = r0 << fp;
0x00001b54 orrs r2, r1 | r2 |= r1;
0x00001b56 lsr.w r1, r0, sl | r1 = r0 >> sl;
0x00001b58 add.w r3, sl, -0x76000000 | r3 = sl + -0x76000000;
0x00001b5c movs r1, 1 | r1 = 1;
0x00001b5e str r2, [sp, 8] | var_8h = r2;
0x00001b60 lsr.w r2, r0, r5 | r2 = r0 >> r5;
0x00001b64 mov r0, sb | r0 = sb;
0x00001b66 str r2, [sp, 0xc] | var_34h = r2;
0x00001b68 mov.w r2, 0x100 | r2 = 0x100;
0x00001b6c blx 0x8dc | sprintf_chk ()
0x00001b70 b 0x1b90 |
| }
| } else {
0x00001b72 ldr r3, [pc, 0x118] |
0x00001b74 mov.w r2, 0x100 | r2 = 0x100;
0x00001b78 movs r1, 1 | r1 = 1;
0x00001b7a mov r0, sb | r0 = sb;
0x00001b7c add r3, pc |
0x00001b7e ldr r3, [r3] | r3 = *(0x380e);
0x00001b80 str r3, [sp] | *(sp) = r3;
0x00001b82 ldr r3, [pc, 0x10c] |
0x00001b84 add r3, pc | r3 = 0x381a;
0x00001b86 str r3, [sp, 4] | var_4h = r3;
0x00001b88 ldr r3, [pc, 0x108] |
0x00001b8a add r3, pc | r3 = 0x3822;
0x00001b8c blx 0x8dc | sprintf_chk ()
| }
0x00001b90 ldr r0, [r4, 0x28] | r0 = *((r4 + 0x28));
0x00001b92 movs r2, 1 | r2 = 1;
0x00001b94 mov r1, sb | r1 = sb;
0x00001b96 bl 0x1804 | fcn_00001804 (r0, r1, r2);
0x00001b9a ldr r2, [r4, 0x10] | r2 = *((r4 + 0x10));
0x00001b9c ldr r3, [r4] | r3 = *(r4);
0x00001b9e ldr r1, [r4, 0x14] | r1 = *((r4 + 0x14));
0x00001ba0 adds r3, r3, r2 | r3 += r2;
0x00001ba2 ldr r2, [r4, 4] | r2 = *((r4 + 4));
0x00001ba4 adc.w r2, r2, r1 | __asm ("adc.w r2, r2, r1");
0x00001ba8 ldr r1, [sp, 0x64] | r1 = var_64h;
0x00001baa ldrd r0, r1, [r1, 0x30] | __asm ("ldrd r0, r1, [r1, 0x30]");
0x00001bae cmp r3, r0 |
0x00001bb0 sbcs r2, r1 | __asm ("sbcs r2, r1");
| if (r3 > r0) {
0x00001bb2 blo 0x1bca |
0x00001bb4 ldrb.w r3, [sb] | r3 = *(sb);
0x00001bb8 cmp r3, 0 |
| if (r3 != 0) {
0x00001bba bne 0x1c66 | goto label_3;
| }
0x00001bbc ldr r1, [pc, 0xd8] |
0x00001bbe add r1, pc | r1 = 0x385a;
| label_0:
0x00001bc0 mov.w r2, 0x100 | r2 = 0x100;
0x00001bc4 mov r0, sb | r0 = sb;
0x00001bc6 blx 0x8d0 | strcat_chk ();
| }
0x00001bca ldr r2, [r4, 0x28] | r2 = *((r4 + 0x28));
0x00001bcc movs r3, 2 |
0x00001bce movt r3, 0x800 | r3 = 0x8000002;
0x00001bd2 tst r3, r2 |
| if ((r3 & r2) != 0) {
0x00001bd4 bne 0x1c5c | goto label_4;
| }
0x00001bd6 ldr r1, [sp, 0x50] | r1 = var_50h;
0x00001bd8 adds r0, r7, r6 | r0 = r7 + r6;
0x00001bda ldr r3, [sp, 0x6c] | r3 = var_6ch;
0x00001bdc lsl.w r2, r1, fp | r2 = r1 << fp;
0x00001be0 lsr.w r3, r3, r5 | r3 >>= r5;
0x00001be4 orr.w r3, r3, r2 | r3 |= r2;
0x00001be8 mov r2, r1 | r2 = r1;
0x00001bea lsr.w r1, r1, sl | r1 >>= sl;
0x00001bee lsr.w r5, r2, r5 | r5 = r2 >> r5;
0x00001bf2 ldr r2, [sp, 0x4c] | r2 = var_4ch;
0x00001bf4 orr.w r3, r3, r1 | r3 |= r1;
0x00001bf8 ldr r1, [sp, 0x54] | r1 = var_54h;
0x00001bfa adc.w r1, r2, r1 | __asm ("adc.w r1, r2, r1");
| do {
0x00001bfe strd r3, r5, [sp, 0x38] | __asm ("strd r3, r5, [var_38h]");
0x00001c02 adds.w r6, r6, r8 | r6 += r8;
0x00001c06 ldr r3, [sp, 0x4c] | r3 = var_4ch;
0x00001c08 strd r0, r1, [sp, 0x30] | __asm ("strd r0, r1, [var_30h]");
0x00001c0c mov.w r0, 1 | r0 = 1;
0x00001c10 ldr r1, [sp, 0x68] | r1 = var_68h;
0x00001c12 str r3, [sp, 0x24] | var_24h = r3;
0x00001c14 ldr r3, [sp, 0x54] | r3 = var_54h;
0x00001c16 strd r8, r1, [sp] | __asm ("strd r8, r1, [sp]");
0x00001c1a str.w sb, [sp, 0x40] | __asm ("str.w sb, [var_40h]");
0x00001c1e adc.w r3, r3, r1 | __asm ("adc.w r3, r3, r1");
0x00001c22 ldr r1, [pc, 0x78] |
0x00001c24 str r7, [sp, 0x20] | var_20h = r7;
0x00001c26 str r6, [sp, 0x10] | var_10h = r6;
0x00001c28 add r1, pc | r1 = 0x38ca;
0x00001c2a str r3, [sp, 0x14] | var_14h = r3;
0x00001c2c ldrd r1, r3, [r1] | __asm ("ldrd r1, r3, [r1]");
0x00001c30 ldr r2, [sp, 0x60] | r2 = var_60h;
0x00001c32 str r1, [sp, 0x28] | var_28h = r1;
0x00001c34 str r1, [sp, 0x18] | var_18h = r1;
0x00001c36 ldr r1, [pc, 0x68] |
0x00001c38 str r3, [sp, 8] | var_8h = r3;
0x00001c3a add r1, pc |
0x00001c3c ldr r1, [r1] | r1 = *(0x38e0);
0x00001c3e blx 0x8f4 | printf_chk ();
0x00001c42 ldr r2, [pc, 0x60] |
0x00001c44 ldr r3, [pc, 0x34] | r3 = *(0x1c7c);
0x00001c46 add r2, pc | r2 = 0x38f0;
0x00001c48 ldr r3, [r2, r3] | r3 = *(0x38f0);
0x00001c4a ldr r2, [r3] | r2 = *(0x38f0);
0x00001c4c ldr r3, [sp, 0x174] | r3 = var_174h;
0x00001c4e eors r2, r3 | r2 ^= r3;
0x00001c50 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00001c54 bne 0x1c72 | goto label_5;
| }
0x00001c56 add sp, 0x17c |
0x00001c58 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_4:
0x00001c5c movs r3, 0 | r3 = 0;
0x00001c5e ldr r1, [sp, 0x4c] | r1 = var_4ch;
0x00001c60 mov r0, r7 | r0 = r7;
0x00001c62 mov r5, r3 | r5 = r3;
0x00001c64 b 0x1bfe |
| } while (1);
| label_3:
0x00001c66 ldr r1, [pc, 0x40] |
0x00001c68 add r1, pc | r1 = 0x3916;
0x00001c6a b 0x1bc0 | goto label_0;
| label_2:
0x00001c6c ldr r3, [pc, 0x3c] |
0x00001c6e add r3, pc | r3 = 0x391e;
0x00001c70 b 0x1b42 | goto label_1;
| label_5:
0x00001c72 blx 0x834 | stack_chk_fail ();
0x00001c76 nop |
0x00001c78 asrs r0, r2, 0x13 | r0 = r2 >> 0x13;
0x00001c7a movs r1, r0 | r1 = r0;
0x00001c7c lsls r4, r0, 2 | r4 = r0 << 2;
0x00001c7e movs r0, r0 |
0x00001c80 asrs r2, r3, 0x13 | r2 = r3 >> 0x13;
0x00001c82 movs r1, r0 | r1 = r0;
0x00001c84 lsrs r4, r0, 0x14 | r4 = r0 >> 0x14;
0x00001c86 movs r0, r0 |
0x00001c88 asrs r4, r7, 0x12 | r4 = r7 >> 0x12;
0x00001c8a movs r1, r0 | r1 = r0;
0x00001c8c asrs r0, r1, 0x12 | r0 = r1 >> 0x12;
0x00001c8e movs r1, r0 | r1 = r0;
0x00001c90 lsrs r4, r3, 0x13 | r4 = r3 >> 0x13;
0x00001c92 movs r0, r0 |
0x00001c94 lsrs r6, r1, 0x13 | r6 = r1 >> 0x13;
0x00001c96 movs r0, r0 |
0x00001c98 lsrs r6, r2, 0x12 | r6 = r2 >> 0x12;
0x00001c9a movs r0, r0 |
0x00001c9c asrs r4, r3, 0xf | r4 = r3 >> 0xf;
0x00001c9e movs r1, r0 | r1 = r0;
0x00001ca0 asrs r2, r2, 0xf | r2 >>= 0xf;
0x00001ca2 movs r1, r0 | r1 = r0;
0x00001ca4 asrs r2, r2, 0xc | r2 >>= 0xc;
0x00001ca6 movs r1, r0 | r1 = r0;
0x00001ca8 lsrs r4, r4, 0xf | r4 >>= 0xf;
0x00001caa movs r0, r0 |
0x00001cac lsrs r6, r1, 0xf | r6 = r1 >> 0xf;
0x00001cae movs r0, r0 |
| }
[*] Function sprintf used 3 times filefrag
