[*] Binary protection state of mpstat
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of mpstat
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/mpstat @ 0x53a4 */
| #include <stdint.h>
|
; (fcn) fcn.000053a4 () | void fcn_000053a4 () {
| int16_t var_0h;
| size_t n;
| int16_t var_ch;
| void * s;
| int16_t var_1ch;
0x000053a4 ldr r2, [pc, 0xd0] |
0x000053a6 ldr r3, [pc, 0xd4] | r3 = *(0x547e);
0x000053a8 push.w {r4, r5, r6, r7, r8, lr} |
0x000053ac sub sp, 0x20 |
0x000053ae ldr r4, [pc, 0xd0] |
0x000053b0 add r2, pc | r2 = 0xa82c;
0x000053b2 ldr r1, [pc, 0xd0] |
0x000053b4 ldr r3, [r2, r3] |
0x000053b6 add r4, pc | r4 = 0xa83c;
0x000053b8 ldr r6, [pc, 0xcc] |
0x000053ba mov r0, r4 | r0 = r4;
0x000053bc add r1, pc | r1 = 0xa846;
0x000053be ldr r3, [r3] | r3 = *(0xa82c);
0x000053c0 str r3, [sp, 0x1c] | var_1ch = r3;
0x000053c2 mov.w r3, 0 | r3 = 0;
0x000053c6 add r6, pc | r6 = 0xa852;
0x000053c8 blx 0xdf4 | r0 = fopen (r0, r1);
0x000053cc cmp r0, 0 |
| if (r0 == 0) {
0x000053ce beq 0x544c | goto label_2;
| }
0x000053d0 ldr.w r8, [pc, 0xb8] |
0x000053d4 movw r6, 0x7063 |
0x000053d8 mov r5, r0 | r5 = r0;
0x000053da mov.w r7, -1 | r7 = -1;
0x000053de add r4, sp, 0xc | r4 += var_ch;
0x000053e0 movt r6, 0x2075 | r6 = 0x20757063;
0x000053e4 add r8, pc | r8 = 0xa874;
| do {
| label_0:
0x000053e6 mov r2, r5 | r2 = r5;
0x000053e8 movs r1, 0x10 | r1 = 0x10;
0x000053ea mov r0, r4 | r0 = r4;
0x000053ec blx 0xe10 | r0 = fcn_00000e10 ();
| if (r0 == 0) {
0x000053f0 cbz r0, 0x542a | goto label_3;
| }
| label_1:
0x000053f2 ldr r3, [r4] | r3 = *(r4);
0x000053f4 cmp r3, r6 |
0x000053f6 beq 0x53e6 |
| } while (r3 == r6);
0x000053f8 ldrh r2, [r4] | r2 = *(r4);
0x000053fa movw r3, 0x7063 | r3 = 0x7063;
0x000053fe cmp r2, r3 |
| if (r2 != r3) {
0x00005400 bne 0x53e6 | goto label_0;
| }
0x00005402 ldrb r3, [r4, 2] | r3 = *((r4 + 2));
0x00005404 cmp r3, 0x75 |
| if (r3 != 0x75) {
0x00005406 bne 0x53e6 | goto label_0;
| }
0x00005408 add r2, sp, 8 | r2 += n;
0x0000540a mov r1, r8 | r1 = r8;
0x0000540c add.w r0, sp, 0xf | r0 += s;
0x00005410 blx 0xf98 | memset (r0, r1, r2);
0x00005414 ldr r3, [sp, 8] | r3 = n;
0x00005416 mov r2, r5 | r2 = r5;
0x00005418 movs r1, 0x10 | r1 = 0x10;
0x0000541a mov r0, r4 | r0 = r4;
0x0000541c cmp r7, r3 |
0x0000541e it lt |
| if (r7 >= r3) {
0x00005420 movlt r7, r3 | r7 = r3;
| }
0x00005422 blx 0xe10 | r0 = fcn_00000e10 ();
0x00005426 cmp r0, 0 |
| if (r0 != 0) {
0x00005428 bne 0x53f2 | goto label_1;
| }
| label_3:
0x0000542a mov r0, r5 | r0 = r5;
0x0000542c blx 0x1018 | fcn_00001018 ();
0x00005430 ldr r2, [pc, 0x5c] |
0x00005432 adds r0, r7, 1 | r0 = r7 + 1;
0x00005434 ldr r3, [pc, 0x44] | r3 = *(0x547c);
0x00005436 add r2, pc | r2 = 0xa8ca;
0x00005438 ldr r3, [r2, r3] | r3 = *(0xa8ca);
0x0000543a ldr r2, [r3] | r2 = *(0xa8ca);
0x0000543c ldr r3, [sp, 0x1c] | r3 = var_1ch;
0x0000543e eors r2, r3 | r2 ^= r3;
0x00005440 mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x00005444 bne 0x5474 |
0x00005446 add sp, 0x20 |
0x00005448 pop.w {r4, r5, r6, r7, r8, pc} |
| label_2:
0x0000544c ldr r3, [pc, 0x44] | r3 = *(0x5494);
0x0000544e ldr r3, [r6, r3] | r3 = *((r6 + r3));
0x00005450 ldr r6, [r3] | r6 = *(0x5494);
0x00005452 blx 0xf74 | r0 = strcat_chk ()
0x00005456 ldr r0, [r0] | r0 = *(r0);
0x00005458 blx 0xefc | strftime (r0, r1, r2, r3);
0x0000545c ldr r2, [pc, 0x38] |
0x0000545e mov r5, r0 | r5 = r0;
0x00005460 mov r3, r4 | r3 = r4;
0x00005462 movs r1, 1 | r1 = 1;
0x00005464 mov r0, r6 | r0 = r6;
0x00005466 str r5, [sp] | *(sp) = r5;
0x00005468 add r2, pc | r2 = 0xa904;
0x0000546a blx 0x1000 | fcn_00001000 ();
0x0000546e movs r0, 1 | r0 = 1;
0x00005470 blx 0xf44 | r0 = strtoul (r0, r1, r2);
| }
0x00005474 blx 0xe4c | fcn_00000e4c ();
0x00005478 ldr r3, [pc, 0x20] | r3 = *(0x549c);
0x0000547a movs r1, r0 | r1 = r0;
0x0000547c lsls r4, r4, 4 | r4 <<= 4;
0x0000547e movs r0, r0 |
0x00005480 adds r4, 0x2a | r4 += 0x2a;
0x00005482 movs r0, r0 |
0x00005484 adds r7, 0x10 | r7 += 0x10;
0x00005486 movs r0, r0 |
0x00005488 ldr r2, [pc, 0x3c8] | r2 = *(0x5854);
0x0000548a movs r1, r0 | r1 = r0;
0x0000548c cmp r6, 0x24 |
0x0000548e movs r0, r0 |
0x00005490 ldr r2, [pc, 0x208] | r2 = *(0x569c);
0x00005492 movs r1, r0 | r1 = r0;
0x00005494 lsls r0, r5, 4 | r0 = r5 << 4;
0x00005496 movs r0, r0 |
0x00005498 adds r3, 0x84 | r3 += 0x84;
0x0000549a movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/mpstat @ 0x78f8 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.000078f8 () | void fcn_000078f8 (int16_t arg1, int16_t arg2) {
| int16_t var_0h;
| int32_t var_4h;
| int32_t var_4h_2;
| int16_t var_14h;
| int16_t var_18h;
| int16_t var_38h;
| int32_t var_38h_2;
| int16_t var_74h;
| int16_t var_273h;
| int16_t var_274h;
| int16_t var_27ch;
| r0 = arg1;
| r1 = arg2;
0x000078f8 blmi 0x111a20c | __asm ("blmi 0x111a20c");
0x000078fc push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00007900 sub.w sp, sp, 0x27c |
0x00007904 ldr r4, [pc, 0x108] |
0x00007906 add r2, pc | r2 += pc;
0x00007908 mov sl, r1 | sl = r1;
0x0000790a str r0, [sp, 0x14] | var_14h = r0;
0x0000790c ldr r5, [pc, 0x104] |
0x0000790e add r4, pc | r4 = 0xf322;
0x00007910 ldr r3, [r2, r3] | r3 = *((r2 + r3));
0x00007912 mov r0, r4 | r0 = r4;
0x00007914 add r5, pc | r5 = 0xf32c;
0x00007916 ldr r3, [r3] | r3 = *(r3);
0x00007918 str r3, [sp, 0x274] | var_274h = r3;
0x0000791a mov.w r3, 0 | r3 = 0;
0x0000791e blx 0xec8 | r0 = fcn_00000ec8 ();
0x00007922 cmp r0, 0 |
| if (r0 == 0) {
0x00007924 beq 0x79da | goto label_1;
| }
0x00007926 ldr.w sb, [pc, 0xf0] |
0x0000792a mov.w fp, 0xf000 |
0x0000792e ldr.w r8, [pc, 0xec] |
0x00007932 mov r7, r0 | r7 = r0;
0x00007934 movt fp, 0xffff |
0x00007938 add sb, pc | sb = 0xf356;
0x0000793a add r8, pc | r8 = 0xf35c;
| do {
| label_0:
0x0000793c mov r0, r7 | r0 = r7;
0x0000793e blx 0x1048 | r0 = fcn_00001048 ();
| if (r0 == 0) {
0x00007942 cbz r0, 0x79b4 | goto label_2;
| }
0x00007944 mov.w r3, 0x200 | r3 = 0x200;
0x00007948 add.w r4, r0, 0xb | r4 = r0 + 0xb;
0x0000794c add r5, sp, 0x74 | r5 += var_74h;
0x0000794e mov r1, r3 | r1 = r3;
0x00007950 movs r2, 1 | r2 = 1;
0x00007952 mov r0, r5 | r0 = r5;
0x00007954 add r6, sp, 0x18 | r6 += var_18h;
0x00007956 strd sb, r4, [sp, 4] | __asm ("strd sb, r4, [var_4h]");
0x0000795a str.w r8, [sp] | __asm ("str.w r8, [sp]");
0x0000795e blx 0x1090 | fcn_00001090 ();
0x00007962 movs r3, 0 | r3 = 0;
0x00007964 mov r1, r6 | r1 = r6;
0x00007966 mov r0, r5 | r0 = r5;
0x00007968 strb.w r3, [sp, 0x273] | var_273h = r3;
0x0000796c blx 0xf2c | r0 = ctype_b_loc ();
0x00007970 cmp r0, 0 |
0x00007972 bne 0x793c |
| } while (r0 != 0);
0x00007974 ldrd r3, r2, [sp, 0x38] | __asm ("ldrd r3, r2, [var_38h]");
0x00007978 ubfx r5, r3, 8, 0xc | r5 = (r3 >> 8) & ((1 << 0xc) - 1);
0x0000797c uxtb r1, r3 | r1 = (int8_t) r3;
0x0000797e lsrs r3, r3, 0xc | r3 >>= 0xc;
0x00007980 orr.w r3, r3, r2, lsl 20 | r3 |= (r2 << 20);
0x00007984 and.w r2, r2, fp | r2 &= fp;
0x00007988 orrs r2, r5 | r2 |= r5;
0x0000798a bic r3, r3, 0xff | r3 = BIT_MASK (r3, 0xff);
0x0000798e orrs r3, r1 | r3 |= r1;
0x00007990 ldr r1, [sp, 0x14] | r1 = var_14h;
0x00007992 cmp r3, sl |
0x00007994 it eq |
| if (r3 != sl) {
0x00007996 cmpeq r2, r1 | __asm ("cmpeq r2, r1");
| goto label_3;
| }
| if (r3 != sl) {
| label_3:
0x00007998 bne 0x793c | goto label_0;
| }
0x0000799a ldr r6, [pc, 0x84] |
0x0000799c mov r1, r4 | r1 = r4;
0x0000799e mov r5, r0 | r5 = r0;
0x000079a0 movs r2, 0x7f | r2 = 0x7f;
0x000079a2 add r6, pc | r6 = 0xf3c8;
0x000079a4 sub.w r4, r6, 0xb0 | r4 = r6 - 0xb0;
0x000079a8 mov r0, r4 | r0 = r4;
0x000079aa blx 0xfcc | fcn_00000fcc ();
0x000079ae strb r5, [r6, -0x31] | *((r6 - 0x31)) = r5;
0x000079b2 b 0x79b6 | goto label_4;
| label_2:
0x000079b4 mov r4, r0 | r4 = r0;
| label_4:
0x000079b6 mov r0, r7 | r0 = r7;
0x000079b8 blx 0x1084 | fcn_00001084 ();
0x000079bc ldr r2, [pc, 0x64] |
0x000079be ldr r3, [pc, 0x4c] | r3 = *(0x7a0e);
0x000079c0 add r2, pc | r2 = 0xf3e8;
0x000079c2 ldr r3, [r2, r3] | r3 = *(0xf3e8);
0x000079c4 ldr r2, [r3] | r2 = *(0xf3e8);
0x000079c6 ldr r3, [sp, 0x274] | r3 = var_274h;
0x000079c8 eors r2, r3 | r2 ^= r3;
0x000079ca mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x000079ce bne 0x7a02 |
0x000079d0 mov r0, r4 | r0 = r4;
0x000079d2 add.w sp, sp, 0x27c |
0x000079d6 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_1:
0x000079da ldr r3, [pc, 0x4c] | r3 = *(0x7a2a);
0x000079dc ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x000079de ldr r6, [r3] | r6 = *(0x7a2a);
0x000079e0 blx 0xf74 | r0 = strcat_chk ()
0x000079e4 ldr r0, [r0] | r0 = *(r0);
0x000079e6 blx 0xefc | strftime (r0, r1, r2, r3);
0x000079ea ldr r2, [pc, 0x40] |
0x000079ec mov r5, r0 | r5 = r0;
0x000079ee mov r3, r4 | r3 = r4;
0x000079f0 movs r1, 1 | r1 = 1;
0x000079f2 mov r0, r6 | r0 = r6;
0x000079f4 str r5, [sp] | *(sp) = r5;
0x000079f6 add r2, pc | r2 = 0xf428;
0x000079f8 blx 0x1000 | fcn_00001000 ();
0x000079fc movs r0, 4 | r0 = 4;
0x000079fe blx 0xf44 | r0 = strtoul (r0, r1, r2);
| }
0x00007a02 blx 0xe4c | fcn_00000e4c ();
0x00007a06 nop |
0x00007a08 movs r5, 0xb2 | r5 = 0xb2;
0x00007a0a movs r1, r0 | r1 = r0;
0x00007a0c lsls r4, r4, 4 | r4 <<= 4;
0x00007a0e movs r0, r0 |
0x00007a10 asrs r6, r6, 0x15 | r6 >>= 0x15;
0x00007a12 movs r0, r0 |
0x00007a14 movs r5, 0xa4 | r5 = 0xa4;
0x00007a16 movs r1, r0 | r1 = r0;
0x00007a18 asrs r4, r1, 0x15 | r4 = r1 >> 0x15;
0x00007a1a movs r0, r0 |
0x00007a1c asrs r6, r7, 0x20 | r6 = r7 >> 0x20;
0x00007a1e movs r0, r0 |
0x00007a20 ldrh r6, [r1] | r6 = *(r1);
0x00007a22 movs r1, r0 | r1 = r0;
0x00007a24 movs r4, 0xf8 | r4 = 0xf8;
0x00007a26 movs r1, r0 | r1 = r0;
0x00007a28 lsls r0, r5, 4 | r0 = r5 << 4;
0x00007a2a movs r0, r0 |
0x00007a2c lsrs r6, r6, 0x17 | r6 >>= 0x17;
0x00007a2e movs r0, r0 |
| }
[*] Function strcat used 3 times mpstat
