[*] Binary protection state of mod_reqtimeout.so
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of mod_reqtimeout.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/apache2/modules/mod_reqtimeout.so @ 0xf8c */
| #include <stdint.h>
|
; (fcn) fcn.00000f8c () | void fcn_00000f8c (int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h_2;
| int16_t var_ch;
| char * s2;
| int16_t var_14h;
| char * var_18h;
| int16_t var_1ch;
| char * * endptr;
| int16_t var_4h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x00000f8c invalid |
0x00000f90 ldr r0, [pc, 0x6c] |
0x00000f92 sub sp, 8 |
0x00000f94 mov r4, r1 | r4 = r1;
0x00000f96 mov r5, r2 | r5 = r2;
0x00000f98 ldr r3, [pc, 0x68] | r3 = *(0x1004);
0x00000f9a movs r2, 0xa | r2 = 0xa;
0x00000f9c add r0, pc | r0 = 0x1fa0;
0x00000f9e mov r1, sp | r1 = sp;
0x00000fa0 ldr r3, [r0, r3] |
0x00000fa2 mov r0, r4 | r0 = r4;
0x00000fa4 ldr r3, [r3] | r3 = *(0x1fa0);
0x00000fa6 str r3, [sp, 4] | var_4h = r3;
0x00000fa8 mov.w r3, 0 | r3 = 0;
0x00000fac blx 0x944 | strtol (r0, r1, r2);
0x00000fb0 ldr r2, [sp] | r2 = *(sp);
0x00000fb2 str r0, [r5] | *(r5) = r0;
0x00000fb4 cmp r2, r4 |
| if (r2 == r4) {
0x00000fb6 beq 0xfee | goto label_6;
| }
0x00000fb8 ldrb r3, [r2] | r3 = *(r2);
| if (r3 != 0) {
0x00000fba cbnz r3, 0xfe2 | goto label_7;
| }
0x00000fbc cmp r0, 0 |
0x00000fbe it ge |
| if (r0 < 0) {
0x00000fc0 movge r0, r3 | r0 = r3;
| }
0x00000fc2 blt 0xfdc |
| while (1) {
| label_0:
0x00000fc4 ldr r2, [pc, 0x40] |
0x00000fc6 ldr r3, [pc, 0x3c] | r3 = *(0x1006);
0x00000fc8 add r2, pc | r2 = 0x1fd4;
0x00000fca ldr r3, [r2, r3] | r3 = *(0x1fd4);
0x00000fcc ldr r2, [r3] | r2 = *(0x1fd4);
0x00000fce ldr r3, [sp, 4] | r3 = var_4h;
0x00000fd0 eors r2, r3 | r2 ^= r3;
0x00000fd2 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00000fd6 bne 0xffa | goto label_8;
| }
0x00000fd8 add sp, 8 |
0x00000fda pop {r4, r5, r6, pc} |
0x00000fdc ldr r0, [pc, 0x2c] |
0x00000fde add r0, pc | r0 = 0x1fee;
0x00000fe0 b 0xfc4 |
| }
| label_7:
0x00000fe2 ldr r1, [pc, 0x2c] |
0x00000fe4 mov r0, r6 | r0 = r6;
0x00000fe6 add r1, pc | r1 = 0x1ffc;
0x00000fe8 blx 0xa1c | loc_imp_apr_psprintf ()
0x00000fec b 0xfc4 | goto label_0;
| label_6:
0x00000fee ldr r1, [pc, 0x24] |
0x00000ff0 mov r0, r6 | r0 = r6;
0x00000ff2 add r1, pc | r1 = 0x200c;
0x00000ff4 blx 0xa1c | loc_imp_apr_psprintf ()
0x00000ff8 b 0xfc4 | goto label_0;
| label_8:
0x00000ffa blx 0x95c | stack_chk_fail ();
0x00000ffe nop |
0x00001000 lsrs r0, r6, 0x1e | r0 = r6 >> 0x1e;
0x00001002 movs r1, r0 | r1 = r0;
0x00001004 lsls r4, r3, 2 | r4 = r3 << 2;
0x00001006 movs r0, r0 |
0x00001008 lsrs r4, r0, 0x1e | r4 = r0 >> 0x1e;
0x0000100a movs r1, r0 | r1 = r0;
0x0000100c lsrs r6, r5, 7 | r6 = r5 >> 7;
0x0000100e movs r0, r0 |
0x00001010 lsrs r6, r3, 8 | r6 = r3 >> 8;
0x00001012 movs r0, r0 |
0x00001014 lsrs r6, r6, 7 | r6 >>= 7;
0x00001016 movs r0, r0 |
0x00001018 ldr r3, [pc, 0x17c] |
0x0000101a ldr r1, [pc, 0x180] | r1 = *(0x119e);
0x0000101c push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00001020 sub sp, 0x24 |
0x00001022 str r2, [sp, 0x1c] | var_1ch = r2;
0x00001024 add r3, pc |
0x00001026 mov r8, r0 | r8 = r0;
0x00001028 ldr r2, [pc, 0x174] |
0x0000102a ldr r3, [r3, r1] |
0x0000102c ldr r0, [r0, 0x30] | r0 = *((r0 + 0x30));
0x0000102e add r2, pc | r2 = 0x21d2;
0x00001030 ldr.w fp, [pc, 0x170] |
0x00001034 str r2, [sp, 0x10] | s2 = r2;
0x00001036 ldr r2, [r3, 8] | r2 = *(0x21c8);
0x00001038 ldr r3, [r0, 0x18] | r3 = *((r0 + 0x18));
0x0000103a add fp, pc | fp = 0x21e2;
0x0000103c ldr.w sl, [pc, 0x168] |
0x00001040 ldr.w r3, [r3, r2, lsl 2] | r3 = *(0x21c0);
0x00001044 add sl, pc | sl = 0x21f0;
0x00001046 str r3, [sp, 0xc] | var_ch = r3;
0x00001048 ldr r3, [pc, 0x160] |
0x0000104a add r3, pc | r3 = 0x21fa;
0x0000104c str r3, [sp, 0x18] | var_18h = r3;
| label_2:
0x0000104e ldr r3, [sp, 0x1c] | r3 = var_1ch;
0x00001050 ldrb r0, [r3] | r0 = *(r3);
0x00001052 cmp r0, 0 |
| if (r0 == 0) {
0x00001054 beq 0x10d6 | goto label_9;
| }
0x00001056 add r1, sp, 0x1c | r1 += var_1ch;
0x00001058 ldr.w r0, [r8, 0x2c] | r0 = *((r8 + 0x2c));
0x0000105c blx 0x9b0 | loc_imp_ap_getword_conf ();
0x00001060 movs r1, 0x3d | r1 = 0x3d;
0x00001062 mov r6, r0 | r6 = r0;
0x00001064 blx 0x9f8 | r0 = strchr (r0, r1);
0x00001068 mov r4, r0 | r4 = r0;
0x0000106a cmp r0, 0 |
| if (r0 == 0) {
0x0000106c beq.w 0x1188 | goto label_10;
| }
0x00001070 movs r3, 0 | r3 = 0;
0x00001072 mov r1, fp | r1 = fp;
0x00001074 strb r3, [r4], 1 | *(r4) = r3;
| r4++;
0x00001078 mov r0, r6 | r0 = r6;
0x0000107a ldr.w r7, [r8, 0x28] | r7 = *((r8 + 0x28));
0x0000107e blx 0x974 | r0 = strcasecmp (r0, r1);
0x00001082 cmp r0, 0 |
| if (r0 != 0) {
0x00001084 bne 0x113a | goto label_11;
| }
0x00001086 ldr r5, [sp, 0xc] | r5 = var_ch;
| label_3:
0x00001088 movs r3, 0 | r3 = 0;
0x0000108a mov r1, sl | r1 = sl;
0x0000108c mov r0, r4 | r0 = r4;
0x0000108e str r3, [r5] | *(r5) = r3;
0x00001090 str r3, [r5, 4] | *((r5 + 4)) = r3;
0x00001092 str r3, [r5, 8] | *((r5 + 8)) = r3;
0x00001094 str r3, [r5, 0xc] | *((r5 + 0xc)) = r3;
0x00001096 str r3, [r5, 0x10] | *((r5 + 0x10)) = r3;
0x00001098 str r3, [r5, 0x14] | *((r5 + 0x14)) = r3;
0x0000109a blx 0x968 | r0 = loc_imp_ap_strcasestr ();
0x0000109e mov sb, r0 | sb = r0;
0x000010a0 cmp r0, 0 |
| if (r0 == 0) {
0x000010a2 beq 0x114c | goto label_12;
| }
0x000010a4 subs r2, r0, r4 | r2 = r0 - r4;
0x000010a6 mov r1, r4 | r1 = r4;
0x000010a8 mov r0, r7 | r0 = r7;
0x000010aa blx 0xa7c | loc_imp_apr_pstrndup ();
0x000010ae add.w r1, sb, 9 | r1 = sb + 9;
0x000010b2 add.w r2, r5, 8 | r2 = r5 + 8;
0x000010b6 mov sb, r0 | sb = r0;
0x000010b8 mov r0, r7 | r0 = r7;
0x000010ba bl 0xf8c | r0 = fcn_00000f8c (r0, r1, r2);
0x000010be mov r3, r0 | r3 = r0;
0x000010c0 cbz r0, 0x10dc |
| while (r0 != 0) {
| label_1:
0x000010c2 mov r7, r3 | r7 = r3;
| label_4:
0x000010c4 ldr r1, [pc, 0xe8] |
0x000010c6 mov r3, r4 | r3 = r4;
0x000010c8 ldr.w r0, [r8, 0x2c] | r0 = *((r8 + 0x2c));
0x000010cc mov r2, r6 | r2 = r6;
0x000010ce str r7, [sp] | *(sp) = r7;
0x000010d0 add r1, pc | r1 = 0x2284;
0x000010d2 blx 0xa1c | loc_imp_apr_psprintf ()
| label_9:
0x000010d6 add sp, 0x24 |
0x000010d8 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x000010dc ldr r2, [r5, 8] | r2 = *((r5 + 8));
0x000010de str r0, [sp, 0x14] | var_14h = r0;
0x000010e0 cmp r2, 0 |
| if (r2 == 0) {
0x000010e2 beq 0x1182 | goto label_13;
| }
0x000010e4 movs r1, 0x2d | r1 = 0x2d;
0x000010e6 mov r0, sb | r0 = sb;
0x000010e8 blx 0x9f8 | strchr (r0, r1);
0x000010ec ldr r3, [sp, 0x14] | r3 = var_14h;
0x000010ee mov r1, r0 | r1 = r0;
| if (r0 == 0) {
0x000010f0 cbz r0, 0x1104 | goto label_14;
| }
0x000010f2 strb r3, [r1], 1 | *(r1) = r3;
| r1++;
0x000010f6 adds r2, r5, 4 | r2 = r5 + 4;
0x000010f8 mov r0, r7 | r0 = r7;
0x000010fa bl 0xf8c | r0 = fcn_00000f8c (r0, r1, r2);
0x000010fe mov r3, r0 | r3 = r0;
0x00001100 cmp r0, 0 |
0x00001102 bne 0x10c2 |
| }
| label_14:
0x00001104 mov r1, sb | r1 = sb;
0x00001106 mov r0, r7 | r0 = r7;
0x00001108 mov r2, r5 | r2 = r5;
0x0000110a bl 0xf8c | r0 = fcn_00000f8c (r0, r1, r2);
0x0000110e mov r3, r0 | r3 = r0;
| label_5:
0x00001110 cmp r3, 0 |
| if (r3 != 0) {
0x00001112 bne 0x10c2 | goto label_1;
| }
0x00001114 ldr r3, [r5, 4] | r3 = *((r5 + 4));
| if (r3 != 0) {
0x00001116 cbz r3, 0x111e |
0x00001118 ldr r2, [r5] | r2 = *(r5);
0x0000111a cmp r3, r2 |
| if (r3 <= r2) {
0x0000111c ble 0x1192 | goto label_15;
| }
| }
0x0000111e ldr r2, [r5, 8] | r2 = *((r5 + 8));
0x00001120 cmp r2, 0 |
| if (r2 == 0) {
0x00001122 beq 0x104e | goto label_2;
| }
0x00001124 movw r0, 0x4240 |
0x00001128 asrs r3, r2, 0x1f | r3 = r2 >> 0x1f;
0x0000112a movt r0, 0xf | r0 = 0xf4240;
0x0000112e movs r1, 0 | r1 = 0;
0x00001130 bl 0x1768 | fcn_00001768 (r0, r1, r2, r3);
0x00001134 strd r0, r1, [r5, 0x10] | __asm ("strd r0, r1, [r5, 0x10]");
0x00001138 b 0x104e | goto label_2;
| label_11:
0x0000113a ldr r1, [sp, 0x10] | r1 = s2;
0x0000113c mov r0, r6 | r0 = r6;
0x0000113e blx 0x974 | r0 = strcasecmp (r0, r1);
| if (r0 == 0) {
0x00001142 cbnz r0, 0x115c |
0x00001144 ldr r3, [sp, 0xc] | r3 = var_ch;
0x00001146 add.w r5, r3, 0x18 | r5 = r3 + 0x18;
0x0000114a b 0x1088 | goto label_3;
| label_12:
0x0000114c movs r1, 0x2d | r1 = 0x2d;
0x0000114e mov r0, r4 | r0 = r4;
0x00001150 blx 0x9f8 | r0 = strchr (r0, r1);
| if (r0 == 0) {
0x00001154 cbz r0, 0x116e | goto label_16;
| }
0x00001156 ldr r7, [pc, 0x5c] |
0x00001158 add r7, pc | r7 = 0x2312;
0x0000115a b 0x10c4 | goto label_4;
| }
0x0000115c ldr r1, [sp, 0x18] | r1 = var_18h;
0x0000115e mov r0, r6 | r0 = r6;
0x00001160 blx 0x974 | r0 = strcasecmp (r0, r1);
| if (r0 == 0) {
0x00001164 cbnz r0, 0x117c |
0x00001166 ldr r3, [sp, 0xc] | r3 = var_ch;
0x00001168 add.w r5, r3, 0x30 | r5 = r3 + 0x30;
0x0000116c b 0x1088 | goto label_3;
| label_16:
0x0000116e mov r0, r7 | r0 = r7;
0x00001170 mov r2, r5 | r2 = r5;
0x00001172 mov r1, r4 | r1 = r4;
0x00001174 bl 0xf8c | r0 = fcn_00000f8c (r0, r1, r2);
0x00001178 mov r3, r0 | r3 = r0;
0x0000117a b 0x1110 | goto label_5;
| }
0x0000117c ldr r7, [pc, 0x38] |
0x0000117e add r7, pc | r7 = 0x233a;
0x00001180 b 0x10c4 | goto label_4;
| label_13:
0x00001182 ldr r7, [pc, 0x38] |
0x00001184 add r7, pc | r7 = 0x2346;
0x00001186 b 0x10c4 | goto label_4;
| label_10:
0x00001188 ldr r0, [pc, 0x34] |
0x0000118a add r0, pc | r0 = 0x234e;
0x0000118c add sp, 0x24 |
0x0000118e pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_15:
0x00001192 ldr r7, [pc, 0x30] |
0x00001194 add r7, pc | r7 = 0x235e;
0x00001196 b 0x10c4 | goto label_4;
| }
[*] Function sprintf used 4 times mod_reqtimeout.so
