[*] Binary protection state of apac-update
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of apac-update
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/apac-update @ 0xcd0 */
| #include <stdint.h>
|
; (fcn) fcn.00000cd0 () | void fcn_00000cd0 () {
| int16_t var_0h;
0x00000cd0 strdhs fp, ip, [r0, -r0] | __asm ("strdhs fp, ip, [r0, -r0]");
0x00000cd4 ldr r6, [pc, 0xa0] |
0x00000cd6 sub sp, 0xc |
0x00000cd8 ldr r5, [pc, 0xa0] |
0x00000cda add r6, pc | r6 = 0x1a56;
0x00000cdc mov r0, r6 | r0 = r6;
0x00000cde blx 0x8a4 | r0 = open64 ();
0x00000ce2 subs r4, r0, 0 | r4 = r0 - 0;
0x00000ce4 add r5, pc | r5 = 0x1a64;
| if (r4 < r0) {
0x00000ce6 blt 0xd50 | goto label_1;
| }
0x00000ce8 blx 0x808 | r0 = fsync ();
| if (r0 != 0) {
0x00000cec cbnz r0, 0xd22 | goto label_2;
| }
0x00000cee mov r0, r4 | r0 = r4;
0x00000cf0 blx 0x958 | r0 = close (r0);
0x00000cf4 cbnz r0, 0xcfa |
| while (r0 == 0) {
0x00000cf6 add sp, 0xc |
0x00000cf8 pop {r4, r5, r6, r7, pc} |
| label_0:
0x00000cfa ldr r3, [pc, 0x84] | r3 = *(0xd82);
0x00000cfc ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x00000cfe ldr r5, [r3] | r5 = *(0xd82);
0x00000d00 blx 0x8ec | r0 = errno_location ();
0x00000d04 ldr r0, [r0] | r0 = *(r0);
0x00000d06 blx 0x880 | g_strerror ();
0x00000d0a ldr r3, [pc, 0x78] |
0x00000d0c mov r4, r0 | r4 = r0;
0x00000d0e ldr r2, [pc, 0x78] |
0x00000d10 movs r1, 1 | r1 = 1;
0x00000d12 mov r0, r5 | r0 = r5;
0x00000d14 str r4, [sp] | *(sp) = r4;
0x00000d16 add r3, pc | r3 = 0x1aa0;
0x00000d18 add r2, pc | r2 = 0x1aa6;
0x00000d1a blx 0x904 | fprintf_chk ()
0x00000d1e add sp, 0xc |
0x00000d20 pop {r4, r5, r6, r7, pc} |
| label_2:
0x00000d22 ldr r3, [pc, 0x5c] | r3 = *(0xd82);
0x00000d24 ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x00000d26 ldr r7, [r3] | r7 = *(0xd82);
0x00000d28 blx 0x8ec | r0 = errno_location ();
0x00000d2c ldr r0, [r0] | r0 = *(r0);
0x00000d2e blx 0x880 | r0 = g_strerror ();
0x00000d32 mov r2, r0 | r2 = r0;
0x00000d34 mov r3, r6 | r3 = r6;
0x00000d36 str r2, [sp] | *(sp) = r2;
0x00000d38 mov r0, r7 | r0 = r7;
0x00000d3a ldr r2, [pc, 0x50] |
0x00000d3c movs r1, 1 | r1 = 1;
0x00000d3e add r2, pc | r2 = 0x1ad0;
0x00000d40 blx 0x904 | fprintf_chk ()
0x00000d44 mov r0, r4 | r0 = r4;
0x00000d46 blx 0x958 | r0 = close (r0);
0x00000d4a cmp r0, 0 |
0x00000d4c beq 0xcf6 |
| }
0x00000d4e b 0xcfa | goto label_0;
| label_1:
0x00000d50 ldr r3, [pc, 0x2c] | r3 = *(0xd80);
0x00000d52 ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x00000d54 ldr r5, [r3] | r5 = *(0xd80);
0x00000d56 blx 0x8ec | r0 = errno_location ();
0x00000d5a ldr r0, [r0] | r0 = *(r0);
0x00000d5c blx 0x880 | g_strerror ();
0x00000d60 ldr r2, [pc, 0x2c] |
0x00000d62 mov r4, r0 | r4 = r0;
0x00000d64 mov r3, r6 | r3 = r6;
0x00000d66 movs r1, 1 | r1 = 1;
0x00000d68 mov r0, r5 | r0 = r5;
0x00000d6a str r4, [sp] | *(sp) = r4;
0x00000d6c add r2, pc | r2 = 0x1b00;
0x00000d6e blx 0x904 | fprintf_chk ()
0x00000d72 add sp, 0xc |
0x00000d74 pop {r4, r5, r6, r7, pc} |
| }
[*] Function fprintf used 4 times apac-update
