[*] Binary protection state of libscene.so
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of libscene.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libscene.so @ 0x3f54 */
| #include <stdint.h>
|
; (fcn) fcn.00003f54 () | void fcn_00003f54 (int16_t arg_0h, int16_t arg_4h, int16_t arg4) {
| r3 = arg4;
| do {
0x00003ef0 bleq 0x80304 | __asm ("bleq 0x80304");
0x00003ef4 cmp fp, r5 |
| if (fp <= r5) {
0x00003ef6 blo.w 0x4014 | goto label_10;
| }
| label_1:
0x00003efa ldrh r2, [r6, 0xa] | r2 = *((r6 + 0xa));
0x00003efc ldr r3, [r7, 0xc] | r3 = *((r7 + 0xc));
0x00003efe str.w fp, [r4, 8] | __asm ("str.w fp, [r4, 8]");
0x00003f02 ldr.w sl, [r3, r2, lsl 2] | offset_0 = r2 << 2;
| sl = *((r3 + offset_0));
0x00003f06 mov r0, sl | r0 = sl;
0x00003f08 blx 0x1420 | r0 = fcn_00001420 ();
0x00003f0c mov sb, r0 | sb = r0;
0x00003f0e add r0, fp | r0 += fp;
0x00003f10 cmp r0, r5 |
| if (r0 <= r5) {
0x00003f12 blo.w 0x4048 | goto label_11;
| }
| label_4:
0x00003f16 add.w sb, r0, 2 | sb = r0 + 2;
0x00003f1a str r0, [r4, 8] | *((r4 + 8)) = r0;
0x00003f1c cmp sb, r5 |
| if (sb <= r5) {
0x00003f1e blo.w 0x4038 | goto label_12;
| }
| label_3:
0x00003f22 str.w sb, [r4, 8] | __asm ("str.w sb, [r4, 8]");
0x00003f26 ldrb r2, [r6, 8] | r2 = *((r6 + 8));
0x00003f28 cmp r2, 4 |
| if (r2 > 4) {
0x00003f2a bhi.w 0x4168 | goto label_13;
| }
| /* switch table (5 cases) at 0x3f32 */
0x00003f2e tbb [pc, r2] | __asm ("tbb [0x00003f34]");
0x00003f38 ldr.w fp, [r6, 0xc] | fp = *((r6 + 0xc));
| label_0:
0x00003f3c mov r0, fp | r0 = fp;
0x00003f3e blx 0x1420 | fcn_00001420 ();
0x00003f42 ldr r5, [r4, 0xc] | r5 = *((r4 + 0xc));
0x00003f44 add.w r1, r0, sb | r1 = r0 + sb;
0x00003f48 mov sl, r0 | sl = r0;
0x00003f4a cmp r1, r5 |
| if (r1 <= r5) {
0x00003f4c blo 0x4024 | goto label_14;
| }
| label_2:
0x00003f4e adds r3, r1, 1 | r3 = r1 + 1;
0x00003f50 str r1, [r4, 8] | *((r4 + 8)) = r1;
0x00003f52 cmp r3, r5 |
| if (r3 <= r5) {
0x00003f54 blo 0x3ff6 | goto label_15;
| }
0x00003f56 ldr r6, [r6] | r6 = *(r6);
0x00003f58 str r3, [r4, 8] | *((r4 + 8)) = r3;
0x00003f5a cmp r6, 0 |
0x00003f5c bne 0x3ef0 |
| } while (r6 != 0);
| do {
0x00003f5e ldr r2, [sp] | r2 = *(sp);
0x00003f60 ldr r1, [r2, 0x10] | r1 = *((r2 + 0x10));
0x00003f62 cmp r1, 0 |
| if (r1 == 0) {
0x00003f64 beq.w 0x407c | goto label_16;
| }
0x00003f68 adds r6, r3, 1 | r6 = r3 + 1;
0x00003f6a cmp r6, r5 |
0x00003f6c it hs |
| if (r6 < r5) {
0x00003f6e strhs r6, [r4, 8] | *((r4 + 8)) = r6;
| }
| if (r6 <= r5) {
0x00003f70 blo 0x405c | goto label_6;
| }
| label_5:
0x00003f72 ldrb r3, [r1, 8] | r3 = *((r1 + 8));
0x00003f74 cmp r3, 4 |
| if (r3 > 4) {
0x00003f76 bhi.w 0x416e | goto label_17;
| }
| /* switch table (6 cases) at 0x3f7e */
0x00003f7a tbh [pc, r3, lsl 1] | __asm ("tbh [pc, r3, lsl 1]");
0x00003f88 ldr r1, [r6, 0xc] | r1 = *((r6 + 0xc));
0x00003f8a ldr r2, [r7, 0xc] | r2 = *((r7 + 12));
0x00003f8c ldr.w fp, [r2, r1, lsl 2] | offset_1 = r1 << 2;
| fp = *((r2 + offset_1));
0x00003f90 b 0x3f3c | goto label_0;
0x00003f92 ldrd r2, r3, [r7, 0x14] | __asm ("ldrd r2, r3, [r7, 0x14]");
0x00003f96 mov r0, r8 | r0 = r8;
0x00003f98 ldr r1, [r6, 0xc] | r1 = *((r6 + 0xc));
0x00003f9a mov fp, r8 |
0x00003f9c blx 0x139c | fcn_0000139c ();
0x00003fa0 ldr.w sb, [r4, 8] | sb = *((r4 + 8));
0x00003fa4 b 0x3f3c | goto label_0;
0x00003fa6 ldr r1, [r6, 0xc] | r1 = *((r6 + 0xc));
0x00003fa8 mov r0, r8 | r0 = r8;
0x00003faa blx 0x146c | sprintf_chk ()
0x00003fae mov fp, r8 |
0x00003fb0 ldr.w sb, [r4, 8] | sb = *((r4 + 8));
0x00003fb4 b 0x3f3c | goto label_0;
0x00003fb6 ldr r2, [r7, 0x14] | r2 = *((r7 + 0x14));
0x00003fb8 movs r3, 1 | r3 = 1;
0x00003fba vldr s13, [r6, 0xc] | __asm ("vldr s13, [r6, 0xc]");
0x00003fbe mov r0, r8 | r0 = r8;
0x00003fc0 vmov.f32 s15, -5.000000e-01 | __asm ("vmov.f32 s15, -5");
0x00003fc4 mov fp, r8 |
0x00003fc6 lsls r3, r2 | r3 <<= r2;
0x00003fc8 vcmpe.f32 s13, 0 | __asm ("vcmpe.f32 s13, 0");
0x00003fcc vmrs apsr_nzcv, fpscr | __asm ("vmrs apsr_nzcv, fpscr");
0x00003fd0 vmov s14, r3 | __asm ("vmov s14, r3");
0x00003fd4 it gt |
| if (r3 > r2) {
0x00003fd6 vmovgt s15, s16 | __asm ("vmovgt s15, s16");
| }
0x00003fda vcvt.f32.u32 s14, s14 | __asm ("vcvt.f32.u32 s14, s14");
0x00003fde ldr r3, [r7, 0x18] | r3 = *((r7 + 0x18));
0x00003fe0 vmla.f32 s15, s14, s13 | __asm ("vmla.f32 s15, s14, s13");
0x00003fe4 vcvt.s32.f32 s15, s15 | __asm ("vcvt.s32.f32 s15, s15");
0x00003fe8 vmov r1, s15 | __asm ("vmov r1, s15");
0x00003fec blx 0x139c | fcn_0000139c ();
0x00003ff0 ldr.w sb, [r4, 8] | sb = *((r4 + 8));
0x00003ff4 b 0x3f3c | goto label_0;
| label_15:
0x00003ff6 ldr r3, [r4, 4] | r3 = *((r4 + 4));
0x00003ff8 movs r2, 0x22 | r2 = 0x22;
0x00003ffa strb r2, [r3, r1] | *((r3 + r1)) = r2;
0x00003ffc ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x00003ffe ldr r6, [r6] | r6 = *(r6);
0x00004000 ldr r5, [r4, 0xc] | r5 = *((r4 + 0xc));
0x00004002 adds r3, 1 | r3++;
0x00004004 str r3, [r4, 8] | *((r4 + 8)) = r3;
0x00004006 cmp r6, 0 |
0x00004008 beq 0x3f5e |
| } while (r6 == 0);
0x0000400a add.w fp, r3, 1 |
0x0000400e cmp fp, r5 |
| if (fp >= r5) {
0x00004010 bhs.w 0x3efa | goto label_1;
| }
| label_10:
0x00004014 ldr r2, [r4, 4] | r2 = *((r4 + 4));
0x00004016 movs r1, 0x20 | r1 = 0x20;
0x00004018 strb r1, [r2, r3] | *((r2 + r3)) = r1;
0x0000401a ldrd r3, r5, [r4, 8] | __asm ("ldrd r3, r5, [r4, 8]");
0x0000401e add.w fp, r3, 1 |
0x00004022 b 0x3efa | goto label_1;
| label_14:
0x00004024 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x00004026 mov r1, fp | r1 = fp;
0x00004028 mov r2, sl | r2 = sl;
0x0000402a add r0, sb | r0 += sb;
0x0000402c blx 0x136c | fcn_0000136c ();
0x00004030 ldrd r1, r5, [r4, 8] | __asm ("ldrd r1, r5, [r4, 8]");
0x00004034 add r1, sl | r1 += sl;
0x00004036 b 0x3f4e | goto label_2;
| label_12:
0x00004038 ldr r2, [sp, 4] | r2 = *(arg_4h);
0x0000403a ldr r3, [r4, 4] | r3 = *((r4 + 4));
0x0000403c ldrh r2, [r2] | r2 = *(r2);
0x0000403e strh r2, [r3, r0] | *((r3 + r0)) = r2;
0x00004040 ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x00004042 add.w sb, r3, 2 | sb = r3 + 2;
0x00004046 b 0x3f22 | goto label_3;
| label_11:
0x00004048 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0000404a mov r2, sb | r2 = sb;
0x0000404c mov r1, sl | r1 = sl;
0x0000404e add r0, fp | r0 += fp;
0x00004050 blx 0x136c | fcn_0000136c ();
0x00004054 ldrd r0, r5, [r4, 8] | __asm ("ldrd r0, r5, [r4, 8]");
0x00004058 add r0, sb | r0 += sb;
0x0000405a b 0x3f16 | goto label_4;
| label_6:
0x0000405c ldr r2, [r4, 4] | r2 = *((r4 + 4));
0x0000405e movs r1, 0x3e | r1 = 0x3e;
0x00004060 strb r1, [r2, r3] | *((r2 + r3)) = r1;
0x00004062 ldr r3, [sp] | r3 = *(sp);
0x00004064 ldr r6, [r4, 8] | r6 = *((r4 + 8));
0x00004066 ldr r1, [r3, 0x10] | r1 = *((r3 + 0x10));
0x00004068 adds r6, 1 | r6++;
0x0000406a str r6, [r4, 8] | *((r4 + 8)) = r6;
0x0000406c cmp r1, 0 |
| if (r1 != 0) {
0x0000406e bne 0x3f72 | goto label_5;
| }
0x00004070 movs r0, 0 | r0 = 0;
0x00004072 add sp, 0xc |
0x00004074 vpop {d8} | __asm ("vpop {d8}");
0x00004078 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_16:
0x0000407c ldr r2, [r2, 4] | r2 = *((r2 + 4));
0x0000407e cmp r2, 0 |
| if (r2 == 0) {
0x00004080 beq 0x4152 | goto label_18;
| }
0x00004082 adds r2, r3, 1 | r2 = r3 + 1;
0x00004084 cmp r2, r5 |
| if (r2 <= r5) {
0x00004086 blo 0x405c | goto label_6;
| }
| label_9:
0x00004088 movs r0, 0 | r0 = 0;
0x0000408a str r2, [r4, 8] | *((r4 + 8)) = r2;
0x0000408c add sp, 0xc |
0x0000408e vpop {d8} | __asm ("vpop {d8}");
0x00004092 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x000040b8 ldr.w r8, [r1, 0xc] | r8 = *((r1 + 0xc));
| do {
| label_7:
0x000040bc mov r0, r8 | r0 = r8;
0x000040be blx 0x1420 | fcn_00001420 ();
0x000040c2 ldr r2, [r4, 0xc] | r2 = *((r4 + 0xc));
0x000040c4 adds r3, r0, r6 | r3 = r0 + r6;
0x000040c6 mov r5, r0 | r5 = r0;
0x000040c8 cmp r3, r2 |
| if (r3 <= r2) {
0x000040ca blo 0x4140 | goto label_19;
| }
| label_8:
0x000040cc movs r0, 0 | r0 = 0;
0x000040ce str r3, [r4, 8] | *((r4 + 8)) = r3;
0x000040d0 add sp, 0xc |
0x000040d2 vpop {d8} | __asm ("vpop {d8}");
0x000040d6 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x000040da ldr r2, [r1, 0xc] | r2 = *((r1 + 0xc));
0x000040dc ldr r3, [r7, 0xc] | r3 = *((r7 + 0xc));
0x000040de ldr.w r8, [r3, r2, lsl 2] | offset_2 = r2 << 2;
| r8 = *((r3 + offset_2));
0x000040e2 b 0x40bc |
| } while (1);
0x000040e4 ldr r2, [r7, 0x14] | r2 = *((r7 + 0x14));
0x000040e6 mov r0, r8 | r0 = r8;
0x000040e8 vldr s13, [r1, 0xc] | __asm ("vldr s13, [r1, 0xc]");
0x000040ec movs r1, 1 | r1 = 1;
0x000040ee vmov.f32 s15, 5.000000e-01 | __asm ("vmov.f32 s15, 5");
0x000040f2 vmov.f32 s14, -5.000000e-01 | __asm ("vmov.f32 s14, -5");
0x000040f6 lsls r1, r2 | r1 <<= r2;
0x000040f8 ldr r3, [r7, 0x18] | r3 = *((r7 + 0x18));
0x000040fa vcmpe.f32 s13, 0 | __asm ("vcmpe.f32 s13, 0");
0x000040fe vmrs apsr_nzcv, fpscr | __asm ("vmrs apsr_nzcv, fpscr");
0x00004102 it le |
| if (r1 <= r2) {
0x00004104 vmovle s15, s14 | __asm ("vmovle s15, s14");
| }
0x00004108 vmov s14, r1 | __asm ("vmov s14, r1");
0x0000410c vcvt.f32.u32 s14, s14 | __asm ("vcvt.f32.u32 s14, s14");
0x00004110 vmla.f32 s15, s14, s13 | __asm ("vmla.f32 s15, s14, s13");
0x00004114 vcvt.s32.f32 s15, s15 | __asm ("vcvt.s32.f32 s15, s15");
0x00004118 vmov r1, s15 | __asm ("vmov r1, s15");
0x0000411c blx 0x139c | fcn_0000139c ();
0x00004120 ldr r6, [r4, 8] | r6 = *((r4 + 8));
0x00004122 b 0x40bc | goto label_7;
0x00004124 ldrd r2, r3, [r7, 0x14] | __asm ("ldrd r2, r3, [r7, 0x14]");
0x00004128 mov r0, r8 | r0 = r8;
0x0000412a ldr r1, [r1, 0xc] | r1 = *((r1 + 0xc));
0x0000412c blx 0x139c | fcn_0000139c ();
0x00004130 ldr r6, [r4, 8] | r6 = *((r4 + 8));
0x00004132 b 0x40bc | goto label_7;
0x00004134 ldr r1, [r1, 0xc] | r1 = *((r1 + 0xc));
0x00004136 mov r0, r8 | r0 = r8;
0x00004138 blx 0x146c | sprintf_chk ()
0x0000413c ldr r6, [r4, 8] | r6 = *((r4 + 8));
0x0000413e b 0x40bc | goto label_7;
| label_19:
0x00004140 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x00004142 mov r1, r8 | r1 = r8;
0x00004144 mov r2, r5 | r2 = r5;
0x00004146 add r0, r6 | r0 += r6;
0x00004148 blx 0x136c | fcn_0000136c ();
0x0000414c ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x0000414e add r3, r5 | r3 += r5;
0x00004150 b 0x40cc | goto label_8;
| label_18:
0x00004152 adds r2, r3, 2 | r2 = r3 + 2;
0x00004154 cmp r2, r5 |
| if (r2 >= r5) {
0x00004156 bhs 0x4088 | goto label_9;
| }
0x00004158 ldr r2, [pc, 0x1c] |
0x0000415a ldr r1, [r4, 4] | r1 = *((r4 + 4));
0x0000415c add r2, pc | r2 = 0x82d8;
0x0000415e ldrh r2, [r2] | r2 = *(r2);
0x00004160 strh r2, [r1, r3] | *((r1 + r3)) = r2;
0x00004162 ldr r2, [r4, 8] | r2 = *((r4 + 8));
0x00004164 adds r2, 2 | r2 += 2;
0x00004166 b 0x4088 | goto label_9;
| label_13:
0x00004168 mov.w fp, 0 |
0x0000416c b 0x3f3c | goto label_0;
| label_17:
0x0000416e mov.w r8, 0 | r8 = 0;
0x00004172 b 0x40bc | goto label_7;
| }
[*] Function sprintf used 3 times libscene.so
