[*] Binary protection state of libupnp.so.17.1.8
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of libupnp.so.17.1.8
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libupnp.so.17.1.8 @ 0x172f0 */
| #include <stdint.h>
|
; (fcn) sym.UpnpActionRequest_assign () | void UpnpActionRequest_assign (uint32_t arg1, int16_t arg2) {
| r0 = arg1;
| r1 = arg2;
| if (? >= ?) {
0x000172f0 ldrlt r4, [r8, -0x288]! | r4 = *((r8 -= 0x288));
| }
0x000172f4 mov r4, r0 | r4 = r0;
0x000172f6 mov r5, r1 | r5 = r1;
| if (? == ?) {
0x000172f8 beq 0x173c6 | goto label_2;
| }
0x000172fa mov r0, r1 | r0 = r1;
0x000172fc blx 0x8efc | r0 = fcn_00008efc ();
0x00017300 mov r1, r0 | r1 = r0;
0x00017302 mov r0, r4 | r0 = r4;
0x00017304 blx 0x91b8 | r0 = fcn_000091b8 ();
0x00017308 cbnz r0, 0x1730e |
| while (r0 == 0) {
| label_0:
0x0001730a movs r0, 0 | r0 = 0;
| label_1:
0x0001730c pop {r3, r4, r5, pc} |
0x0001730e mov r0, r5 | r0 = r5;
0x00017310 blx 0x8c10 | r0 = fcn_00008c10 ();
0x00017314 mov r1, r0 | r1 = r0;
0x00017316 mov r0, r4 | r0 = r4;
0x00017318 blx 0x94e0 | r0 = fcn_000094e0 ();
0x0001731c cmp r0, 0 |
0x0001731e beq 0x1730a |
| }
0x00017320 mov r0, r5 | r0 = r5;
0x00017322 blx 0x9254 | r0 = fcn_00009254 ();
0x00017326 mov r1, r0 | r1 = r0;
0x00017328 mov r0, r4 | r0 = r4;
0x0001732a blx 0x8714 | r0 = fcn_00008714 ();
0x0001732e cmp r0, 0 |
| if (r0 == 0) {
0x00017330 beq 0x1730a | goto label_0;
| }
0x00017332 mov r0, r5 | r0 = r5;
0x00017334 blx 0x9384 | r0 = fcn_00009384 ();
0x00017338 mov r1, r0 | r1 = r0;
0x0001733a mov r0, r4 | r0 = r4;
0x0001733c blx 0x95cc | r0 = fcn_000095cc ();
0x00017340 cmp r0, 0 |
| if (r0 == 0) {
0x00017342 beq 0x1730a | goto label_0;
| }
0x00017344 mov r0, r5 | r0 = r5;
0x00017346 blx 0x8cbc | r0 = strcat (r0, r1)
0x0001734a mov r1, r0 | r1 = r0;
0x0001734c mov r0, r4 | r0 = r4;
0x0001734e blx 0x8cd4 | r0 = pthread_getschedparam ();
0x00017352 cmp r0, 0 |
| if (r0 == 0) {
0x00017354 beq 0x1730a | goto label_0;
| }
0x00017356 mov r0, r5 | r0 = r5;
0x00017358 blx 0x8d28 | r0 = fcn_00008d28 ();
0x0001735c mov r1, r0 | r1 = r0;
0x0001735e mov r0, r4 | r0 = r4;
0x00017360 blx 0x8de0 | r0 = fcn_00008de0 ();
0x00017364 cmp r0, 0 |
| if (r0 == 0) {
0x00017366 beq 0x1730a | goto label_0;
| }
0x00017368 mov r0, r5 | r0 = r5;
0x0001736a blx 0x8850 | r0 = fcn_00008850 ();
0x0001736e mov r1, r0 | r1 = r0;
0x00017370 mov r0, r4 | r0 = r4;
0x00017372 blx 0x893c | r0 = fcn_0000893c ();
0x00017376 cmp r0, 0 |
| if (r0 == 0) {
0x00017378 beq 0x1730a | goto label_0;
| }
0x0001737a mov r0, r5 | r0 = r5;
0x0001737c blx 0x9510 | r0 = fcn_00009510 ();
0x00017380 mov r1, r0 | r1 = r0;
0x00017382 mov r0, r4 | r0 = r4;
0x00017384 blx 0x8af4 | r0 = recvfrom (r0, r1, r2, r3, r4, r5);
0x00017388 cmp r0, 0 |
| if (r0 == 0) {
0x0001738a beq 0x1730a | goto label_0;
| }
0x0001738c mov r0, r5 | r0 = r5;
0x0001738e blx 0x8720 | r0 = fcn_00008720 ();
0x00017392 mov r1, r0 | r1 = r0;
0x00017394 mov r0, r4 | r0 = r4;
0x00017396 blx 0x9474 | r0 = fcn_00009474 ();
0x0001739a cmp r0, 0 |
| if (r0 == 0) {
0x0001739c beq 0x1730a | goto label_0;
| }
0x0001739e mov r0, r5 | r0 = r5;
0x000173a0 blx 0x8c40 | r0 = fcn_00008c40 ();
0x000173a4 mov r1, r0 | r1 = r0;
0x000173a6 mov r0, r4 | r0 = r4;
0x000173a8 blx 0x87cc | r0 = fcn_000087cc ();
0x000173ac cmp r0, 0 |
| if (r0 == 0) {
0x000173ae beq 0x1730a | goto label_0;
| }
0x000173b0 mov r0, r5 | r0 = r5;
0x000173b2 blx 0x9348 | r0 = fcn_00009348 ();
0x000173b6 mov r1, r0 | r1 = r0;
0x000173b8 mov r0, r4 | r0 = r4;
0x000173ba blx 0x8868 | fcn_00008868 ();
0x000173be subs r0, 0 |
0x000173c0 it ne |
| if (r0 == 0) {
0x000173c2 movne r0, 1 | r0 = 1;
| }
0x000173c4 b 0x1730c | goto label_1;
| label_2:
0x000173c6 movs r0, 1 | r0 = 1;
0x000173c8 b 0x1730c | goto label_1;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libupnp.so.17.1.8 @ 0x17230 */
| #include <stdint.h>
|
; (fcn) sym.UpnpActionRequest_get_DevUDN_cstr () | void UpnpActionRequest_get_DevUDN_cstr (char * s1, const char * s2) {
| r0 = s1;
| r1 = s2;
0x00017230 push {r3, lr} |
0x00017232 blx 0x8cbc | strcat (r0, r1)
0x00017236 pop.w {r3, lr} |
0x0001723a b.w 0x9180 | return void (*0x9180)() ();
| }
[*] Function strcat used 3 times libupnp.so.17.1.8
