[*] Binary protection state of libdbus-1.so.3.19.13
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of libdbus-1.so.3.19.13
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libdbus-1.so.3.19.13 @ 0x1fc80 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) sym.dbus_signature_iter_recurse () | void dbus_signature_iter_recurse (int16_t arg1, int16_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x0001fc80 invalid |
0x0001fc84 mov r5, r0 | r5 = r0;
0x0001fc86 blx 0x9d9c | vsprintf_chk ()
0x0001fc8a blx 0xafac | r0 = fcn_0000afac ();
| if (r0 != 0) {
0x0001fc8e cbz r0, 0x1fcba |
0x0001fc90 ldm.w r5, {r0, r1} | r0 = *(r5);
| r1 = *((r5 + 4));
0x0001fc94 stm.w r4, {r0, r1} | *(r4) = r0;
| *((r4 + 4)) = r1;
0x0001fc98 mov r3, r0 | r3 = r0;
0x0001fc9a ldrb r2, [r4, 4] | r2 = *((r4 + 4));
0x0001fc9c adds r3, 1 | r3++;
0x0001fc9e str r3, [r4] | *(r4) = r3;
0x0001fca0 mov r0, r5 | r0 = r5;
0x0001fca2 bfc r2, 1, 1 | value_0 = BIT_MASK (1, );
| value_0 = ~value_0;
| r2 &= value_0;
0x0001fca6 strb r2, [r4, 4] | *((r4 + 4)) = r2;
0x0001fca8 blx 0x9d9c | r0 = vsprintf_chk ()
0x0001fcac cmp r0, 0x61 |
0x0001fcae ittt eq |
| if (r0 != 0x61) {
0x0001fcb0 ldrbeq r3, [r4, 4] | r3 = *((r4 + 4));
| }
| if (r0 != 0x61) {
0x0001fcb2 orreq r3, r3, 2 | r3 |= 2;
| }
| if (r0 == 0x61) {
0x0001fcb6 strb r3, [r4, 4] | *((r4 + 4)) = r3;
| }
0x0001fcb8 pop {r4, r5, r6, pc} |
| }
0x0001fcba ldr r0, [pc, 0x18] |
0x0001fcbc movs r3, 0xd5 | r3 = 0xd5;
0x0001fcbe ldr r2, [pc, 0x18] |
0x0001fcc0 ldr r1, [pc, 0x18] |
0x0001fcc2 add r0, pc | r0 = 0x3f99c;
0x0001fcc4 pop.w {r4, r5, r6, lr} |
0x0001fcc8 add r2, pc | r2 = 0x3f9a6;
0x0001fcca adds r0, 0x40 | r0 += 0x40;
0x0001fccc add r1, pc | r1 = 0x3f9ac;
0x0001fcce b.w 0x9f44 | return void (*0x9f44)() ();
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libdbus-1.so.3.19.13 @ 0x1fb90 */
| #include <stdint.h>
|
; (fcn) sym.dbus_signature_validate_single () | void dbus_signature_validate_single (int16_t arg1, int16_t arg2) {
| int16_t var_0h;
| int16_t var_14h;
| r0 = arg1;
| r1 = arg2;
0x0001fb90 ldr r2, [pc, 0x68] |
0x0001fb92 ldr r3, [pc, 0x6c] | r3 = *(0x1fc02);
0x0001fb94 push {r4, r5, r6, lr} |
0x0001fb96 sub sp, 0x18 |
0x0001fb98 add r2, pc | r2 = 0x3f798;
0x0001fb9a mov r4, r0 | r4 = r0;
0x0001fb9c mov r5, r1 | r5 = r1;
0x0001fb9e ldr r3, [r2, r3] |
0x0001fba0 ldr r3, [r3] | r3 = *(0x3f798);
0x0001fba2 str r3, [sp, 0x14] | var_14h = r3;
0x0001fba4 mov.w r3, 0 | r3 = 0;
0x0001fba8 blx 0xad2c | r0 = fcn_0000ad2c ();
0x0001fbac cbnz r0, 0x1fbc6 |
| while (1) {
| label_0:
0x0001fbae ldr r2, [pc, 0x54] |
0x0001fbb0 ldr r3, [pc, 0x4c] | r3 = *(0x1fc00);
0x0001fbb2 add r2, pc | r2 = 0x3f7bc;
0x0001fbb4 ldr r3, [r2, r3] | r3 = *(0x3f7bc);
0x0001fbb6 ldr r2, [r3] | r2 = *(0x3f7bc);
0x0001fbb8 ldr r3, [sp, 0x14] | r3 = var_14h;
0x0001fbba eors r2, r3 | r2 ^= r3;
0x0001fbbc mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x0001fbc0 bne 0x1fbf6 | goto label_1;
| }
0x0001fbc2 add sp, 0x18 |
0x0001fbc4 pop {r4, r5, r6, pc} |
0x0001fbc6 mov r6, sp | r6 = sp;
0x0001fbc8 mov r1, r4 | r1 = r4;
0x0001fbca mov r0, r6 | r0 = r6;
0x0001fbcc blx 0xa174 | fcn_0000a174 ();
0x0001fbd0 mov r0, r6 | r0 = r6;
0x0001fbd2 blx 0x9d9c | r0 = vsprintf_chk ()
| if (r0 != 0) {
0x0001fbd6 cbz r0, 0x1fbe0 |
0x0001fbd8 mov r0, r6 | r0 = r6;
0x0001fbda blx 0xab30 | r0 = fcn_0000ab30 ();
| if (r0 == 0) {
0x0001fbde cbz r0, 0x1fbf2 | goto label_2;
| }
| }
0x0001fbe0 ldr r2, [pc, 0x24] |
0x0001fbe2 mov r0, r5 | r0 = r5;
0x0001fbe4 ldr r1, [pc, 0x24] |
0x0001fbe6 add r2, pc | r2 = 0x3f7f2;
0x0001fbe8 add r1, pc | r1 = 0x3f7f8;
0x0001fbea blx 0xa60c | mkdir ();
0x0001fbee movs r0, 0 | r0 = 0;
0x0001fbf0 b 0x1fbae |
| }
| label_2:
0x0001fbf2 movs r0, 1 | r0 = 1;
0x0001fbf4 b 0x1fbae | goto label_0;
| label_1:
0x0001fbf6 blx 0x9e60 | fcn_00009e60 ();
0x0001fbfa nop |
0x0001fbfc adds r4, r7, 2 | r4 = r7 + 2;
0x0001fbfe movs r2, r0 | r2 = r0;
0x0001fc00 lsls r4, r5, 0x1d | r4 = r5 << 0x1d;
0x0001fc02 movs r0, r0 |
0x0001fc04 adds r2, r4, 2 | r2 = r4 + 2;
0x0001fc06 movs r2, r0 | r2 = r0;
0x0001fc08 rsbs.w r0, r6, 0 | r0 = r6 - ;
0x0001fc0c sub.w r0, r8, 0 | r0 = r8 - 0;
| }
[*] Function sprintf used 4 times libdbus-1.so.3.19.13
