[*] Binary protection state of libnl-3.so.200.26.0
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of libnl-3.so.200.26.0
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libnl-3.so.200.26.0 @ 0x8b4c */
| #include <stdint.h>
|
; (fcn) fcn.00008b4c () | void fcn_00008b4c (int16_t arg_38h, int16_t arg_3ch, int16_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_ch;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x00008b4c push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00008b50 mov r4, r2 | r4 = r2;
0x00008b52 ldr r2, [r2, 4] | r2 = *((r2 + 4));
0x00008b54 sub sp, 0x14 |
0x00008b56 mov r6, r1 | r6 = r1;
0x00008b58 ldr r5, [pc, 0x1f0] |
0x00008b5a subs r2, 1 | r2--;
0x00008b5c cmp r2, 1 |
0x00008b5e add r5, pc | r5 = 0x118ae;
| if (r2 < 1) {
0x00008b60 bls 0x8bac | goto label_6;
| }
0x00008b62 ldr r3, [pc, 0x1ec] |
0x00008b64 ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x00008b66 ldr r3, [r3] | r3 = *(0x8d52);
0x00008b68 cmp r3, 1 |
0x00008b6a bgt 0x8b74 |
| while (r4 != 1) {
| label_0:
0x00008b6c movs r0, 0 | r0 = 0;
0x00008b6e add sp, 0x14 |
0x00008b70 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x00008b74 blx 0x5e44 | fcn_00005e44 ();
0x00008b78 ldr r2, [pc, 0x1d8] | r2 = *(0x8d54);
0x00008b7a mov r4, r0 | r4 = r0;
0x00008b7c ldr r3, [pc, 0x1d8] |
0x00008b7e movw r1, 0x357 | r1 = 0x357;
0x00008b82 ldr r7, [r0] | r7 = *(r0);
0x00008b84 ldr r2, [r5, r2] | r2 = *((r5 + r2));
0x00008b86 add r3, pc |
0x00008b88 add.w r3, r3, 0x128 | r3 = 0x11a0a;
0x00008b8c strd r3, r6, [sp, 4] | __asm ("strd r3, r6, [var_4h]");
0x00008b90 ldr r3, [pc, 0x1c8] |
0x00008b92 ldr r0, [r2] | r0 = *(0x8d54);
0x00008b94 ldr r2, [pc, 0x1c8] |
0x00008b96 str r1, [sp] | *(sp) = r1;
0x00008b98 add r3, pc | r3 = 0x118f8;
0x00008b9a movs r1, 1 | r1 = 1;
0x00008b9c add r2, pc | r2 = 0x11900;
0x00008b9e blx 0x5f28 | fcn_00005f28 ();
0x00008ba2 movs r0, 0 | r0 = 0;
0x00008ba4 str r7, [r4] | *(r4) = r7;
0x00008ba6 add sp, 0x14 |
0x00008ba8 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_6:
0x00008bac mov r7, r0 | r7 = r0;
0x00008bae mov r8, r3 | r8 = r3;
0x00008bb0 blx 0x62bc | r0 = fcn_000062bc ();
0x00008bb4 mov r5, r0 | r5 = r0;
| if (r0 != 0) {
0x00008bb6 cbz r0, 0x8c10 |
0x00008bb8 ldr r3, [sp, 0x38] | r3 = *(arg_38h);
0x00008bba cmp r3, 0 |
| if (r3 == 0) {
0x00008bbc beq 0x8ca4 | goto label_7;
| }
0x00008bbe ldr r3, [r0, 4] | r3 = *((r0 + 4));
0x00008bc0 ldr r3, [r3, 0x28] | r3 = *((r3 + 0x28));
0x00008bc2 cmp r3, 0 |
| if (r3 == 0) {
0x00008bc4 beq 0x8c9a | goto label_8;
| }
0x00008bc6 blx 0x5ecc | fcn_00005ecc ();
0x00008bca mov r1, r6 | r1 = r6;
0x00008bcc mov sb, r0 | sb = r0;
0x00008bce mov r0, r5 | r0 = r5;
0x00008bd0 blx 0x5ec0 | r0 = fcn_00005ec0 ();
0x00008bd4 mov sl, r0 | sl = r0;
0x00008bd6 mov fp, r1 |
| label_2:
0x00008bd8 mov r1, r6 | r1 = r6;
0x00008bda mov r0, r5 | r0 = r5;
0x00008bdc blx 0x5d80 | r0 = fcn_00005d80 ();
| if (r0 != 0) {
0x00008be0 cbnz r0, 0x8c40 | goto label_9;
| }
0x00008be2 ldr r3, [sp, 0x3c] | r3 = *(arg_3ch);
0x00008be4 mov r0, r7 | r0 = r7;
0x00008be6 mov r2, r6 | r2 = r6;
0x00008be8 mov r1, sb | r1 = sb;
0x00008bea str.w sl, [sp] | __asm ("str.w sl, [sp]");
0x00008bee str r3, [sp, 0xc] | var_ch = r3;
0x00008bf0 movs r3, 5 | r3 = 5;
0x00008bf2 str r3, [sp, 8] | var_8h = r3;
0x00008bf4 str.w fp, [sp, 4] | __asm ("str.w fp, [var_4h]");
0x00008bf8 ldr r3, [sp, 0x38] | r3 = *(arg_38h);
0x00008bfa blx r3 | uint32_t (*r3)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00008bfc mov r0, sb | r0 = sb;
0x00008bfe blx 0x5ed8 | fcn_00005ed8 ();
| label_1:
0x00008c02 mov r0, r5 | r0 = r5;
0x00008c04 blx 0x5ed8 | fcn_00005ed8 ();
0x00008c08 movs r0, 0 | r0 = 0;
0x00008c0a add sp, 0x14 |
0x00008c0c pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x00008c10 ldr r4, [r4, 4] | r4 = *((r4 + 4));
0x00008c12 cmp r4, 1 |
0x00008c14 bne 0x8b6c |
| }
0x00008c16 mov r1, r6 | r1 = r6;
0x00008c18 mov r0, r7 | r0 = r7;
0x00008c1a blx 0x5e1c | vasprintf_chk ()
0x00008c1e ldr r3, [sp, 0x38] | r3 = *(arg_38h);
0x00008c20 cmp r3, 0 |
| if (r3 == 0) {
0x00008c22 beq.w 0x8d38 | goto label_10;
| }
0x00008c26 ldr r3, [sp, 0x3c] | r3 = *(arg_3ch);
0x00008c28 mov r2, r6 | r2 = r6;
0x00008c2a vmov.i32 d16, 0 | __asm ("vmov.i32 d16, 0");
0x00008c2e mov r1, r5 | r1 = r5;
0x00008c30 mov r0, r7 | r0 = r7;
0x00008c32 strd r4, r3, [sp, 8] | __asm ("strd r4, r3, [var_8h]");
0x00008c36 vstr d16, [sp] | __asm ("vstr d16, [sp]");
0x00008c3a ldr r3, [sp, 0x38] | r3 = *(arg_38h);
0x00008c3c blx r3 | uint32_t (*r3)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00008c3e b 0x8b6c | goto label_0;
| label_9:
0x00008c40 mov r0, sb | r0 = sb;
0x00008c42 blx 0x5ed8 | fcn_00005ed8 ();
0x00008c46 mov r0, r5 | r0 = r5;
0x00008c48 blx 0x5f34 | fcn_00005f34 ();
0x00008c4c ldr r3, [r4, 4] | r3 = *((r4 + 4));
0x00008c4e cmp r3, 2 |
| if (r3 == 2) {
0x00008c50 beq 0x8ce8 | goto label_11;
| }
0x00008c52 cmp r3, 1 |
| if (r3 != 1) {
0x00008c54 bne 0x8b6c | goto label_0;
| }
0x00008c56 mov r1, r6 | r1 = r6;
0x00008c58 mov r0, r7 | r0 = r7;
0x00008c5a blx 0x5e1c | vasprintf_chk ()
| label_3:
0x00008c5e mov r1, r6 | r1 = r6;
0x00008c60 mov r0, r5 | r0 = r5;
0x00008c62 blx 0x5ec0 | r0 = fcn_00005ec0 ();
0x00008c66 orrs.w r2, r0, r1 | r2 = r0 | r1;
0x00008c6a mov r3, r1 | r3 = r1;
0x00008c6c ldr r1, [sp, 0x38] | r1 = *(arg_38h);
0x00008c6e ite ne |
| if (r2 == r0) {
0x00008c70 movne r2, 1 | r2 = 1;
| }
| if (r2 != r0) {
0x00008c72 moveq r2, 0 | r2 = 0;
| }
0x00008c74 cmp r1, 0 |
0x00008c76 ite eq |
| if (r1 != 0) {
0x00008c78 moveq r1, 0 | r1 = 0;
| }
| if (r1 == 0) {
0x00008c7a andne r1, r2, 1 | r1 = r2 & 1;
| }
0x00008c7e cmp r1, 0 |
| if (r1 == 0) {
0x00008c80 beq 0x8d1a | goto label_12;
| }
0x00008c82 ldr r4, [sp, 0x3c] | r4 = *(arg_3ch);
0x00008c84 mov r2, r6 | r2 = r6;
0x00008c86 str r3, [sp, 4] | var_4h = r3;
0x00008c88 movs r3, 5 | r3 = 5;
0x00008c8a str r0, [sp] | *(sp) = r0;
0x00008c8c mov r1, r5 | r1 = r5;
0x00008c8e str r3, [sp, 8] | var_8h = r3;
0x00008c90 mov r0, r7 | r0 = r7;
0x00008c92 ldr r3, [sp, 0x38] | r3 = *(arg_38h);
0x00008c94 str r4, [sp, 0xc] | var_ch = r4;
0x00008c96 blx r3 | uint32_t (*r3)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00008c98 b 0x8c02 | goto label_1;
| label_8:
0x00008c9a mov.w sl, 0 | sl = 0;
0x00008c9e mov sb, r3 | sb = r3;
0x00008ca0 mov fp, sl |
0x00008ca2 b 0x8bd8 | goto label_2;
| label_7:
0x00008ca4 mov r1, r6 | r1 = r6;
0x00008ca6 blx 0x5d80 | r0 = fcn_00005d80 ();
| if (r0 != 0) {
0x00008caa cbnz r0, 0x8cbe | goto label_13;
| }
0x00008cac cmp.w r8, 0 |
| if (r8 == 0) {
0x00008cb0 beq 0x8c02 | goto label_1;
| }
0x00008cb2 ldr r3, [sp, 0x3c] | r3 = *(arg_3ch);
0x00008cb4 movs r2, 5 | r2 = 5;
0x00008cb6 mov r0, r7 | r0 = r7;
0x00008cb8 mov r1, r5 | r1 = r5;
0x00008cba blx r8 | uint32_t (*r8)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00008cbc b 0x8c02 | goto label_1;
| label_13:
0x00008cbe ldr r0, [sp, 0x38] | r0 = *(arg_38h);
0x00008cc0 blx 0x5ed8 | fcn_00005ed8 ();
0x00008cc4 mov r0, r5 | r0 = r5;
0x00008cc6 blx 0x5f34 | fcn_00005f34 ();
0x00008cca ldr r2, [r4, 4] | r2 = *((r4 + 4));
0x00008ccc cmp r2, 2 |
| if (r2 == 2) {
0x00008cce beq 0x8d0a | goto label_14;
| }
| label_4:
0x00008cd0 cmp r2, 1 |
| if (r2 != 1) {
0x00008cd2 bne.w 0x8b6c | goto label_0;
| }
0x00008cd6 mov r1, r6 | r1 = r6;
0x00008cd8 mov r0, r7 | r0 = r7;
0x00008cda blx 0x5e1c | vasprintf_chk ()
0x00008cde ldr r3, [sp, 0x38] | r3 = *(arg_38h);
0x00008ce0 orrs.w r3, r3, r8 | r3 |= r8;
| if (r3 == r3) {
0x00008ce4 beq 0x8c02 | goto label_1;
| }
0x00008ce6 b 0x8c5e | goto label_3;
| label_11:
0x00008ce8 vmov.i32 d16, 0 | __asm ("vmov.i32 d16, 0");
0x00008cec movs r2, 0 | r2 = 0;
0x00008cee str r3, [sp, 8] | var_8h = r3;
0x00008cf0 mov r1, r5 | r1 = r5;
0x00008cf2 ldr r3, [sp, 0x3c] | r3 = *(arg_3ch);
0x00008cf4 mov r0, r7 | r0 = r7;
0x00008cf6 vstr d16, [sp] | __asm ("vstr d16, [sp]");
0x00008cfa str r3, [sp, 0xc] | var_ch = r3;
0x00008cfc ldr r3, [sp, 0x38] | r3 = *(arg_38h);
0x00008cfe blx r3 | uint32_t (*r3)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
| do {
| label_5:
0x00008d00 mov r0, r5 | r0 = r5;
0x00008d02 blx 0x5ed8 | fcn_00005ed8 ();
0x00008d06 ldr r2, [r4, 4] | r2 = *((r4 + 4));
0x00008d08 b 0x8cd0 | goto label_4;
| label_14:
0x00008d0a cmp.w r8, 0 |
0x00008d0e beq 0x8d00 |
| } while (r8 == 0);
0x00008d10 ldr r3, [sp, 0x3c] | r3 = *(arg_3ch);
0x00008d12 mov r1, r5 | r1 = r5;
0x00008d14 mov r0, r7 | r0 = r7;
0x00008d16 blx r8 | uint32_t (*r8)(uint32_t, uint32_t, uint32_t) (r0, r1, r3);
0x00008d18 b 0x8d00 | goto label_5;
| label_12:
0x00008d1a cmp.w r8, 0 |
0x00008d1e ite eq |
| if (r8 != 0) {
0x00008d20 moveq r2, 0 | r2 = 0;
| }
| if (r8 == 0) {
0x00008d22 andne r2, r2, 1 | r2 &= 1;
| }
0x00008d26 cmp r2, 0 |
| if (r2 == 0) {
0x00008d28 beq.w 0x8c02 | goto label_1;
| }
0x00008d2c ldr r3, [sp, 0x3c] | r3 = *(arg_3ch);
0x00008d2e mov r1, r6 | r1 = r6;
0x00008d30 mov r0, r7 | r0 = r7;
0x00008d32 movs r2, 5 | r2 = 5;
0x00008d34 blx r8 | uint32_t (*r8)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00008d36 b 0x8c02 | goto label_1;
| label_10:
0x00008d38 cmp.w r8, 0 |
| if (r8 == 0) {
0x00008d3c beq.w 0x8b6c | goto label_0;
| }
0x00008d40 ldr r3, [sp, 0x3c] | r3 = *(arg_3ch);
0x00008d42 mov r2, r4 | r2 = r4;
0x00008d44 mov r1, r6 | r1 = r6;
0x00008d46 mov r0, r7 | r0 = r7;
0x00008d48 blx r8 | uint32_t (*r8)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00008d4a b 0x8b6c | goto label_0;
| }
[*] Function sprintf used 4 times libnl-3.so.200.26.0
