[*] Binary protection state of libweb_encoding.so
Full RELRO No Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of libweb_encoding.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libweb_encoding.so @ 0x4a0 */
| #include <stdint.h>
|
; (fcn) sym.web_encoding_encode () | void web_encoding_encode (uint32_t arg1, int16_t arg2) {
| int16_t var_0h;
| r0 = arg1;
| r1 = arg2;
| if (? >= ?) {
0x000004a0 ldrbmi lr, [r0, sp, lsr 18]! |
| }
0x000004a4 sub sp, 8 |
0x000004a6 cmp r0, 0 |
| if (r0 == 0) {
0x000004a8 beq.w 0x690 | goto label_3;
| }
0x000004ac mov r6, r1 | r6 = r1;
0x000004ae mov r4, r0 | r4 = r0;
0x000004b0 blx 0x3c0 | r0 = strlen (r0);
0x000004b4 add.w r0, r0, r0, lsl 2 | r0 += (r0 << 2);
0x000004b8 adds r0, 1 | r0++;
0x000004ba blx 0x39c | r0 = malloc (r0);
0x000004be mov r7, r0 | r7 = r0;
0x000004c0 cmp r0, 0 |
| if (r0 == 0) {
0x000004c2 beq.w 0x690 | goto label_3;
| }
0x000004c6 ldrb r3, [r4] | r3 = *(r4);
| if (r3 == 0) {
0x000004c8 cbz r3, 0x508 | goto label_4;
| }
0x000004ca ldr.w sl, [pc, 0x1d0] |
0x000004ce movw r8, 0x2635 |
0x000004d2 ldr.w sb, [pc, 0x1cc] |
0x000004d6 movs r5, 0 | r5 = 0;
0x000004d8 movt r8, 0x7f00 | r8 = 0x7f002635;
0x000004dc add sl, pc | sl = 0xb7e;
0x000004de add sb, pc | sb = 0xb84;
| do {
0x000004e0 cmp r6, 5 |
| if (r6 <= 5) {
0x000004e2 bhi 0x500 |
| /* switch table (5 cases) at 0x4e8 */
0x000004e4 tbb [pc, r6] | __asm ("tbb [0x000004ec]");
0x000004ee cmp r3, 0x22 |
| if (r3 == 0x22) {
0x000004f0 beq.w 0x688 | goto label_5;
| }
0x000004f4 cmp r3, 0x27 |
| if (r3 == 0x27) {
0x000004f6 beq.w 0x688 | goto label_5;
| }
| label_0:
0x000004fa invalid |
0x000004fc strb r3, [r0] | *(r0) = r3;
0x000004fe adds r0, r7, r5 | r0 = r7 + r5;
| }
| label_1:
0x00000500 ldrb r3, [r4, 1]! | r3 = *((r4 += 1));
0x00000504 cmp r3, 0 |
0x00000506 bne 0x4e0 |
| } while (r3 != 0);
| label_4:
0x00000508 movs r3, 0 | r3 = 0;
0x0000050a strb r3, [r0] | *(r0) = r3;
0x0000050c mov r0, r7 | r0 = r7;
0x0000050e add sp, 8 |
0x00000510 pop.w {r4, r5, r6, r7, r8, sb, sl, pc} |
0x00000548 cmp r3, 0x3e |
| if (r3 > 0x3e) {
0x0000054a bhi 0x5e4 | goto label_6;
| }
0x0000054c cmp r3, 0x1f |
| if (r3 < 0x1f) {
0x0000054e bls 0x4fa | goto label_0;
| }
0x00000550 sub.w r1, r3, 0x20 | r1 = r3 - 0x20;
0x00000554 movw r2, 0x3af |
0x00000558 uxtb r1, r1 | r1 = (int8_t) r1;
0x0000055a movt r2, 0x5800 | r2 = 0x580003af;
0x0000055e lsrs r2, r1 | r2 >>= r1;
0x00000560 lsls r2, r2, 0x1f | r2 <<= 0x1f;
| if (r2 >= r2) {
0x00000562 bpl 0x4fa | goto label_0;
| }
0x00000564 str r3, [sp] | *(sp) = r3;
0x00000566 mov r3, sb | r3 = sb;
| label_2:
0x00000568 mov.w r2, -1 | r2 = -1;
0x0000056c movs r1, 1 | r1 = 1;
0x0000056e blx 0x3cc | r0 = sprintf_chk ()
0x00000572 add r5, r0 | r5 += r0;
0x00000574 adds r0, r7, r5 | r0 = r7 + r5;
0x00000576 b 0x500 | goto label_1;
0x00000578 cmp r3, 0x3e |
| if (r3 < 0x3e) {
0x0000057a bls 0x5b6 | goto label_7;
| }
0x0000057c cmp r3, 0x5c |
| if (r3 != 0x5c) {
0x0000057e bne 0x4fa | goto label_0;
| }
0x00000580 ldr r3, [pc, 0x120] |
0x00000582 adds r5, 2 | r5 += 2;
0x00000584 add r3, pc | r3 = 0xc2c;
0x00000586 ldrh r3, [r3] | r3 = *(r3);
0x00000588 strh r3, [r0] | *(r0) = r3;
0x0000058a adds r0, r7, r5 | r0 = r7 + r5;
0x0000058c b 0x500 | goto label_1;
0x0000058e sub.w r2, r3, 0x22 | r2 = r3 - 0x22;
0x00000592 uxtb r2, r2 | r2 = (int8_t) r2;
0x00000594 cmp r2, 0x1e |
| if (r2 > 0x1e) {
0x00000596 bhi 0x4fa | goto label_0;
| }
0x00000598 lsr.w r2, r8, r2 | r2 = r8 >> r2;
0x0000059c lsls r2, r2, 0x1f | r2 <<= 0x1f;
| if (r2 >= r2) {
0x0000059e bpl 0x4fa | goto label_0;
| }
0x000005a0 str r3, [sp] | *(sp) = r3;
0x000005a2 adds r5, 5 | r5 += 5;
0x000005a4 ldr r3, [pc, 0x100] |
0x000005a6 mov.w r2, -1 | r2 = -1;
0x000005aa movs r1, 1 | r1 = 1;
0x000005ac add r3, pc | r3 = 0xc58;
0x000005ae blx 0x3cc | sprintf_chk ()
0x000005b2 adds r0, r7, r5 | r0 = r7 + r5;
0x000005b4 b 0x500 | goto label_1;
| label_7:
0x000005b6 cmp r3, 0x21 |
| if (r3 < 0x21) {
0x000005b8 bls 0x4fa | goto label_0;
| }
0x000005ba sub.w r1, r3, 0x22 | r1 = r3 - 0x22;
0x000005be movw r2, 0x4f1 |
0x000005c2 uxtb r1, r1 | r1 = (int8_t) r1;
0x000005c4 movt r2, 0x1e00 | r2 = 0x1e0004f1;
0x000005c8 lsrs r2, r1 | r2 >>= r1;
0x000005ca lsls r1, r2, 0x1f | r1 = r2 << 0x1f;
| if (r1 >= r2) {
0x000005cc bpl 0x4fa | goto label_0;
| }
0x000005ce str r3, [sp] | *(sp) = r3;
0x000005d0 adds r5, 5 | r5 += 5;
0x000005d2 ldr r3, [pc, 0xd8] |
0x000005d4 mov.w r2, -1 | r2 = -1;
0x000005d8 movs r1, 1 | r1 = 1;
0x000005da add r3, pc | r3 = 0xc8c;
0x000005dc blx 0x3cc | sprintf_chk ()
0x000005e0 adds r0, r7, r5 | r0 = r7 + r5;
0x000005e2 b 0x500 | goto label_1;
| label_6:
0x000005e4 sub.w r2, r3, 0x5c | r2 = r3 - 0x5c;
0x000005e8 uxtb r1, r2 | r1 = (int8_t) r2;
0x000005ea cmp r1, 0x22 |
| if (r1 > 0x22) {
0x000005ec bhi 0x4fa | goto label_0;
| }
0x000005ee cmp r2, 0x22 |
| if (r2 > 0x22) {
0x000005f0 bhi 0x4fa | goto label_0;
| }
0x000005f2 adr r1, 8 | r1 = 8;
0x000005f4 ldr.w r2, [r1, r2, lsl 2] | offset_0 = r2 << 2;
| r2 = *((r1 + offset_0));
0x000005f8 add r1, r2 | r1 += r2;
| /* switch table (35 cases) at 0x5fc */
0x000005fa bx r1 | return uint32_t (*r1)() ();
| label_5:
0x00000688 str r3, [sp] | *(sp) = r3;
0x0000068a ldr r3, [pc, 0x24] |
0x0000068c add r3, pc | r3 = 0xd42;
0x0000068e b 0x568 | goto label_2;
| label_3:
0x00000690 movs r7, 0 | r7 = 0;
0x00000692 mov r0, r7 | r0 = r7;
0x00000694 add sp, 8 |
0x00000696 pop.w {r4, r5, r6, r7, r8, sb, sl, pc} |
| }
[*] Function sprintf used 4 times libweb_encoding.so
