[*] Binary protection state of libnsl.so.1
Full RELRO No Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of libnsl.so.1
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libnsl.so.1 @ 0xaa38 */
| #include <stdint.h>
|
; (fcn) fcn.0000aa38 () | void fcn_0000aa38 (int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_12h;
| int16_t var_14h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x0000aa38 mvnsmi lr, 0xb4000 | __asm ("mvnsmi lr, 0xb4000");
0x0000aa3c movs r3, 0x10 | r3 = 0x10;
0x0000aa3e sub sp, 0x24 |
0x0000aa40 mov r8, r1 | r8 = r1;
0x0000aa42 mov sb, r0 | sb = r0;
0x0000aa44 movs r1, 0x34 | r1 = 0x34;
0x0000aa46 movs r0, 1 | r0 = 1;
0x0000aa48 mov r7, r2 | r7 = r2;
0x0000aa4a str r3, [sp, 0xc] | var_ch = r3;
0x0000aa4c blx 0x34d8 | r0 = fcn_000034d8 ();
0x0000aa50 cmp r0, 0 |
| if (r0 == 0) {
0x0000aa52 beq.w 0xab98 | goto label_3;
| }
0x0000aa56 add.w r3, r0, 0x1c | r3 = r0 + 0x1c;
0x0000aa5a mov r4, r0 | r4 = r0;
0x0000aa5c str r3, [r0] | *(r0) = r3;
0x0000aa5e bl 0x5808 | nis_local_principal ();
0x0000aa62 ldr r6, [r4] | r6 = *(r4);
0x0000aa64 blx 0x3658 | fcn_00003658 ();
0x0000aa68 str r0, [r6] | *(r6) = r0;
0x0000aa6a cmp r0, 0 |
| if (r0 == 0) {
0x0000aa6c beq.w 0xab7c | goto label_4;
| }
0x0000aa70 movs r1, 0xc | r1 = 0xc;
0x0000aa72 movs r0, 2 | r0 = 2;
0x0000aa74 blx 0x34d8 | r0 = fcn_000034d8 ();
0x0000aa78 mov r5, r0 | r5 = r0;
0x0000aa7a str r0, [r6, 8] | *((r6 + 8)) = r0;
0x0000aa7c cmp r0, 0 |
| if (r0 == 0) {
0x0000aa7e beq 0xab7c | goto label_4;
| }
0x0000aa80 ldr r0, [pc, 0x1a0] |
0x0000aa82 movs r3, 1 | r3 = 1;
0x0000aa84 str r3, [r6, 4] | *((r6 + 4)) = r3;
0x0000aa86 add r0, pc | r0 = 0x156ae;
0x0000aa88 blx 0x3658 | fcn_00003658 ();
0x0000aa8c str r0, [r5, 4] | *((r5 + 4)) = r0;
0x0000aa8e cmp r0, 0 |
| if (r0 == 0) {
0x0000aa90 beq 0xab7c | goto label_4;
| }
0x0000aa92 strd sb, r8, [r4, 0x14] | __asm ("strd sb, r8, [r4, 0x14]");
0x0000aa96 ands r8, r7, 0x20000 | r8 = r7 & 0x20000;
| if (r8 == r7) {
0x0000aa9a beq 0xab70 | goto label_5;
| }
| label_0:
0x0000aa9c movs r3, 0 | r3 = 0;
0x0000aa9e str r3, [r6, 0xc] | *((r6 + 0xc)) = r3;
0x0000aaa0 strd r3, r3, [r6, 0x10] | __asm ("strd r3, r3, [r6, 0x10]");
| label_1:
0x0000aaa4 lsls r3, r7, 0xf | r3 = r7 << 0xf;
| if (r3 < r7) {
0x0000aaa6 bmi 0xab34 | goto label_6;
| }
0x0000aaa8 ldr r0, [pc, 0x17c] |
0x0000aaaa add r0, pc | r0 = 0x156d6;
0x0000aaac blx 0x3658 | fcn_00003658 ();
0x0000aab0 str r0, [r5, 8] | *((r5 + 8)) = r0;
0x0000aab2 cmp r0, 0 |
| if (r0 == 0) {
0x0000aab4 beq 0xab7c | goto label_4;
| }
0x0000aab6 mov.w r2, 0x2000 | r2 = 0x2000;
0x0000aaba movs r1, 0x64 | r1 = 0x64;
0x0000aabc mov.w r0, -1 | r0 = -1;
0x0000aac0 blx 0x370c | r0 = fcn_0000370c ();
0x0000aac4 mov r5, r0 | r5 = r0;
0x0000aac6 str r5, [r4, 4] | *((r4 + 4)) = r5;
0x0000aac8 cmp r5, 0 |
| if (r5 == 0) {
0x0000aaca beq 0xab56 | goto label_7;
| }
| do {
0x0000aacc ldr r2, [r5] | r2 = *(r5);
0x0000aace movs r7, 0 | r7 = 0;
0x0000aad0 ldr r3, [pc, 0x158] |
0x0000aad2 movw r1, 0x87ce |
0x0000aad6 mov r0, r5 | r0 = r5;
0x0000aad8 movt r1, 1 | r1 = 0x187ce;
0x0000aadc str r2, [r4, 8] | *((r4 + 8)) = r2;
0x0000aade movs r2, 1 | r2 = 1;
0x0000aae0 add r3, pc | r3 = 0x15710;
0x0000aae2 str r7, [sp] | *(sp) = r7;
0x0000aae4 blx 0x390c | r0 = stpcpy ();
0x0000aae8 mov r5, r0 | r5 = r0;
0x0000aaea cmp r0, 0 |
| if (r0 == 0) {
0x0000aaec beq 0xabba | goto label_8;
| }
0x0000aaee add r6, sp, 0x10 | r6 += var_10h;
0x0000aaf0 ldr r0, [r4, 8] | r0 = *((r4 + 8));
0x0000aaf2 add r2, sp, 0xc | r2 += var_ch;
0x0000aaf4 mov r1, r6 | r1 = r6;
0x0000aaf6 blx 0x38d0 | rpc_thread_svc_max_pollfd ();
0x0000aafa adds r0, 1 | r0++;
| if (r0 == 1) {
0x0000aafc beq 0xabe6 | goto label_9;
| }
0x0000aafe ldrh.w r5, [sp, 0x12] | r5 = var_12h;
0x0000ab02 mov r0, r6 | r0 = r6;
0x0000ab04 blx 0x3970 | fcn_00003970 ();
0x0000ab08 ldr r3, [r4] | r3 = *(r4);
0x0000ab0a rev16 r5, r5 | __asm ("rev16 r5, r5");
0x0000ab0c ldr r0, [sp, 0x14] | r0 = var_14h;
0x0000ab0e uxth r5, r5 | r5 = (int16_t) r5;
0x0000ab10 ldr r6, [r3, 8] | r6 = *((r3 + 8));
0x0000ab12 blx 0x3620 | fcn_00003620 ();
0x0000ab16 uxtb r1, r5 | r1 = (int8_t) r5;
0x0000ab18 mov r2, r0 | r2 = r0;
0x0000ab1a lsrs r3, r5, 8 | r3 = r5 >> 8;
0x0000ab1c mov r0, r6 | r0 = r6;
0x0000ab1e str r1, [sp] | *(sp) = r1;
0x0000ab20 ldr r1, [pc, 0x10c] |
0x0000ab22 add r1, pc | r1 = 0x15756;
0x0000ab24 blx 0x3840 | r0 = clnt_create ();
0x0000ab28 cmp r0, 0 |
| if (r0 < 0) {
0x0000ab2a blt 0xab7c | goto label_4;
| }
| label_2:
0x0000ab2c mov r0, r4 | r0 = r4;
0x0000ab2e add sp, 0x24 |
0x0000ab30 pop.w {r4, r5, r6, r7, r8, sb, pc} |
| label_6:
0x0000ab34 ldr r0, [pc, 0xfc] |
0x0000ab36 add r0, pc | r0 = 0x1576e;
0x0000ab38 blx 0x3658 | fcn_00003658 ();
0x0000ab3c str r0, [r5, 8] | *((r5 + 8)) = r0;
| if (r0 == 0) {
0x0000ab3e cbz r0, 0xab7c | goto label_4;
| }
0x0000ab40 mov.w r2, 0x2000 | r2 = 0x2000;
0x0000ab44 movs r1, 0x64 | r1 = 0x64;
0x0000ab46 mov.w r0, -1 | r0 = -1;
0x0000ab4a blx 0x3580 | r0 = fcn_00003580 ();
0x0000ab4e mov r5, r0 | r5 = r0;
0x0000ab50 str r5, [r4, 4] | *((r4 + 4)) = r5;
0x0000ab52 cmp r5, 0 |
0x0000ab54 bne 0xaacc |
| } while (r5 != 0);
| label_7:
0x0000ab56 ldr r0, [pc, 0xe0] |
0x0000ab58 ldr r1, [r4] | r1 = *(r4);
0x0000ab5a add r0, pc | r0 = 0x15798;
0x0000ab5c blx 0x37d4 | xdr_u_char ();
0x0000ab60 mov r0, r4 | r0 = r4;
0x0000ab62 mov r4, r5 | r4 = r5;
0x0000ab64 blx 0x35ac | poll ();
0x0000ab68 mov r0, r4 | r0 = r4;
0x0000ab6a add sp, 0x24 |
0x0000ab6c pop.w {r4, r5, r6, r7, r8, sb, pc} |
| label_5:
0x0000ab70 blx 0x35fc | r0 = fcn_000035fc ();
| if (r0 != 0) {
0x0000ab74 cbnz r0, 0xabac | goto label_10;
| }
0x0000ab76 ldr r6, [r4] | r6 = *(r4);
0x0000ab78 ldr r5, [r6, 8] | r5 = *((r6 + 8));
0x0000ab7a b 0xaa9c | goto label_0;
| label_4:
0x0000ab7c ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0000ab7e cmp r0, 0 |
| if (r0 == 0) {
0x0000ab80 beq 0xac12 | goto label_11;
| }
0x0000ab82 ldr r3, [r0, 8] | r3 = *((r0 + 8));
0x0000ab84 ldr r3, [r3, 0x14] | r3 = *((r3 + 0x14));
0x0000ab86 blx r3 | uint32_t (*r3)(uint32_t) (r3);
0x0000ab88 ldr r0, [pc, 0xb0] |
0x0000ab8a ldr r1, [r4] | r1 = *(r4);
0x0000ab8c add r0, pc | r0 = 0x157cc;
0x0000ab8e blx 0x37d4 | xdr_u_char ();
0x0000ab92 mov r0, r4 | r0 = r4;
0x0000ab94 blx 0x35ac | poll ();
| do {
| label_3:
0x0000ab98 ldr r1, [pc, 0xa4] |
0x0000ab9a movs r0, 3 | r0 = 3;
0x0000ab9c movs r4, 0 | r4 = 0;
0x0000ab9e add r1, pc | r1 = 0x157e2;
0x0000aba0 blx 0x38c4 | svc_register ();
0x0000aba4 mov r0, r4 | r0 = r4;
0x0000aba6 add sp, 0x24 |
0x0000aba8 pop.w {r4, r5, r6, r7, r8, sb, pc} |
| label_10:
0x0000abac ldr r3, [r4] | r3 = *(r4);
0x0000abae ldr r5, [r3, 8] | r5 = *((r3 + 8));
0x0000abb0 strd r8, r8, [r3, 0x10] | __asm ("strd r8, r8, [r3, 0x10]");
0x0000abb4 str.w r8, [r3, 0xc] | __asm ("str.w r8, [r3, 0xc]");
0x0000abb8 b 0xaaa4 | goto label_1;
| label_8:
0x0000abba ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0000abbc blx 0x36cc | strcpy (r0, r1)
0x0000abc0 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0000abc2 ldr r3, [r0, 8] | r3 = *((r0 + 8));
0x0000abc4 ldr r3, [r3, 0x14] | r3 = *((r3 + 0x14));
0x0000abc6 blx r3 | uint32_t (*r3)(uint32_t, uint32_t) (r0, r3);
0x0000abc8 ldr r0, [pc, 0x78] |
0x0000abca ldr r1, [r4] | r1 = *(r4);
0x0000abcc add r0, pc | r0 = 0x15814;
0x0000abce blx 0x37d4 | xdr_u_char ();
0x0000abd2 mov r0, r4 | r0 = r4;
0x0000abd4 mov r4, r5 | r4 = r5;
0x0000abd6 blx 0x35ac | poll ();
0x0000abda ldr r1, [pc, 0x6c] |
0x0000abdc movs r0, 3 | r0 = 3;
0x0000abde add r1, pc | r1 = 0x1582c;
0x0000abe0 blx 0x38c4 | svc_register ();
0x0000abe4 b 0xab2c | goto label_2;
| label_9:
0x0000abe6 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0000abe8 blx 0x36cc | strcpy (r0, r1)
0x0000abec ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0000abee ldr r3, [r0, 8] | r3 = *((r0 + 8));
0x0000abf0 ldr r3, [r3, 0x14] | r3 = *((r3 + 0x14));
0x0000abf2 blx r3 | uint32_t (*r3)(uint32_t, uint32_t) (r0, r3);
0x0000abf4 ldr r0, [pc, 0x54] |
0x0000abf6 ldr r1, [r4] | r1 = *(r4);
0x0000abf8 add r0, pc | r0 = 0x15848;
0x0000abfa blx 0x37d4 | xdr_u_char ();
0x0000abfe mov r0, r4 | r0 = r4;
0x0000ac00 mov r4, r7 | r4 = r7;
0x0000ac02 blx 0x35ac | poll ();
0x0000ac06 ldr r1, [pc, 0x48] |
0x0000ac08 movs r0, 3 | r0 = 3;
0x0000ac0a add r1, pc | r1 = 0x15860;
0x0000ac0c blx 0x38c4 | svc_register ();
0x0000ac10 b 0xab2c | goto label_2;
| label_11:
0x0000ac12 ldr r0, [pc, 0x40] |
0x0000ac14 ldr r1, [r4] | r1 = *(r4);
0x0000ac16 add r0, pc | r0 = 0x15870;
0x0000ac18 blx 0x37d4 | xdr_u_char ();
0x0000ac1c mov r0, r4 | r0 = r4;
0x0000ac1e blx 0x35ac | poll ();
0x0000ac22 b 0xab98 |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libnsl.so.1 @ 0xac58 */
| #include <stdint.h>
|
; (fcn) fcn.0000ac58 () | void fcn_0000ac58 (char * dest) {
| r0 = dest;
0x0000ac58 push {r4, lr} |
0x0000ac5a mov r4, r0 | r4 = r0;
0x0000ac5c ldr r0, [r0, 4] | r0 = *((r0 + 4));
0x0000ac5e blx 0x36cc | strcpy (r0, r1)
0x0000ac62 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0000ac64 ldr r3, [r0, 8] | r3 = *((r0 + 8));
0x0000ac66 ldr r3, [r3, 0x14] | r3 = *((r3 + 0x14));
0x0000ac68 blx r3 | uint32_t (*r3)(uint32_t, uint32_t) (r0, r3);
0x0000ac6a ldr r0, [r4, 8] | r0 = *((r4 + 8));
0x0000ac6c blx 0x39b4 | fcn_000039b4 ();
0x0000ac70 ldr r0, [pc, 0x10] |
0x0000ac72 ldr r1, [r4] | r1 = *(r4);
0x0000ac74 add r0, pc | r0 = 0x158fc;
0x0000ac76 blx 0x37d4 | xdr_u_char ();
0x0000ac7a mov r0, r4 | r0 = r4;
0x0000ac7c blx 0x35ac | poll ();
0x0000ac80 movs r0, 0 | r0 = 0;
0x0000ac82 pop {r4, pc} |
| }
[*] Function strcpy used 4 times libnsl.so.1
