[*] Binary protection state of ubiattach.mtd-utils
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of ubiattach.mtd-utils
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/ubiattach.mtd-utils @ 0x142c */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.0000142c () | void fcn_0000142c (int16_t arg1, int16_t arg2, uint32_t arg3) {
| int16_t var_0h_3;
| int16_t var_4h_3;
| int16_t var_8h_2;
| int16_t var_ch_2;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| label_1:
0x00000b04 bx pc | return void (*pc)() ();
0x0000142c push.w {r4, r5, r6, r7, r8, lr} |
0x00001430 mov r4, r0 | r4 = r0;
0x00001432 sub sp, 0x10 |
0x00001434 mov r5, r1 | r5 = r1;
0x00001436 mov r6, r2 | r6 = r2;
0x00001438 cmp r2, 0 |
| if (r2 != 0) {
0x0000143a bne 0x14de | goto label_3;
| }
0x0000143c ldr r7, [pc, 0x15c] |
0x0000143e add r7, pc | r7 = 0x29de;
| do {
0x00001440 ldr r1, [pc, 0x15c] |
0x00001442 mov r3, r5 | r3 = r5;
0x00001444 mov r2, r4 | r2 = r4;
0x00001446 movs r0, 1 | r0 = 1;
0x00001448 add r1, pc | r1 = 0x29ec;
0x0000144a blx 0xb2c | fprintf_chk ()
0x0000144e movs r3, 1 |
0x00001450 movt r3, 0x4000 | r3 = 0x40000001;
0x00001454 cmp r4, r3 |
0x00001456 sbcs r3, r5, 0 | __asm ("sbcs r3, r5, 0");
| if (r4 >= r3) {
0x0000145a bge 0x1528 | goto label_4;
| }
0x0000145c movs r3, 1 |
0x0000145e movt r3, 0x10 | r3 = 0x100001;
0x00001462 cmp r4, r3 |
0x00001464 sbcs r3, r5, 0 | __asm ("sbcs r3, r5, 0");
| if (r4 >= r3) {
0x00001468 bge 0x14e4 | goto label_5;
| }
0x0000146a movw r3, 0x401 | r3 = 0x401;
0x0000146e cmp r4, r3 |
0x00001470 sbcs r3, r5, 0 | __asm ("sbcs r3, r5, 0");
| if (r4 >= r3) {
0x00001474 blt 0x14d8 |
0x00001476 ubfx r3, r4, 0, 0xa | r3 = (r4 >> 0) & ((1 << 0xa) - 1);
0x0000147a lsrs r4, r4, 0xa | r4 >>= 0xa;
0x0000147c movw r0, 0xa0a1 |
0x00001480 ldr r1, [pc, 0x120] |
0x00001482 orr.w r4, r4, r5, lsl 22 | r4 |= (r5 << 22);
0x00001486 movt r0, 0xa0a0 |
0x0000148a asrs r5, r5, 0xa | r5 >>= 0xa;
0x0000148c mov r2, r7 | r2 = r7;
0x0000148e str r4, [sp] | *(sp) = r4;
0x00001490 umull r4, r0, r0, r3 | r4:r0 = r0 * r3;
0x00001494 movw r4, 0xfafb |
0x00001498 str r5, [sp, 4] | var_4h_3 = r5;
0x0000149a movt r4, 0xfafa | r4 = 0xfafafafb;
0x0000149e add r1, pc | r1 = 0x2a46;
0x000014a0 lsrs r0, r0, 5 | r0 >>= 5;
0x000014a2 add.w r0, r0, r0, lsl 1 |
| /* if there is a right shift of 7, then it's a division by 1/204 */
0x000014a6 add.w r0, r0, r0, lsl 4 | r0 = 0xa0a0a0a1;
0x000014aa subs r0, r3, r0 | r0 = r3 - r0;
0x000014ac subs r3, r3, r0 | r3 -= r0;
0x000014ae mov.w r0, -0x5050506 | r0 = -0x5050506;
0x000014b2 mul r0, r3, r0 | r0 = r3 * r0;
0x000014b6 sbc.w r5, r5, r5 | __asm ("sbc.w r5, r5, r5");
0x000014ba mla r0, r4, r5, r0 | __asm ("mla r0, r4, r5, r0");
0x000014be umull r3, r4, r3, r4 | r3:r4 = r3 * r4;
0x000014c2 lsrs r3, r3, 1 | r3 >>= 1;
0x000014c4 add r0, r4 | r0 += r4;
0x000014c6 orr.w r3, r3, r0, lsl 31 | r3 |= (r0 << 31);
0x000014ca lsrs r0, r0, 1 | r0 >>= 1;
0x000014cc str r3, [sp, 8] | var_8h_2 = r3;
0x000014ce str r0, [sp, 0xc] | var_ch_2 = r0;
0x000014d0 movs r0, 1 | r0 = 1;
0x000014d2 blx 0xb2c | fprintf_chk ()
| if (r6 != 0) {
| label_2:
0x000014d6 cbnz r6, 0x151c | goto label_6;
| }
| }
| label_0:
0x000014d8 add sp, 0x10 |
0x000014da pop.w {r4, r5, r6, r7, r8, pc} |
| label_3:
0x000014de ldr r7, [pc, 0xc8] |
0x000014e0 add r7, pc | r7 = 0x2a8e;
0x000014e2 b 0x1440 |
| } while (1);
| label_5:
0x000014e4 ubfx r0, r4, 0, 0x14 | r0 = (r4 >> 0) & ((1 << 0x14) - 1);
0x000014e8 ldr.w r8, [pc, 0xc0] |
0x000014ec lsrs r4, r4, 0x14 | r4 >>= 0x14;
0x000014ee movw r2, 0x9999 |
0x000014f2 movt r2, 1 | r2 = 0x19999;
0x000014f6 orr.w r4, r4, r5, lsl 12 | r4 |= (r5 << 12);
0x000014fa asrs r5, r5, 0x14 | r5 >>= 0x14;
0x000014fc add r8, pc | r8 = 0x2aac;
0x000014fe movs r1, 0 | r1 = 0;
0x00001500 movs r3, 0 | r3 = 0;
0x00001502 bl 0x3b60 | fcn_00003b60 (r0, r1, r2, r3);
0x00001504 invalid |
0x00001508 strd r0, r1, [sp, 8] | __asm ("strd r0, r1, [sp, 8]");
0x0000150c str r4, [sp] | *(sp) = r4;
0x0000150e mov r1, r8 | r1 = r8;
0x00001510 movs r0, 1 | r0 = 1;
0x00001512 str r5, [sp, 4] | var_4h_3 = r5;
0x00001514 blx 0xb2c | r0 = fprintf_chk ()
0x00001516 add.w lr, sl, r0, lsl 8 | lr = sl + (r0 << 8);
| if (r0 == 1) {
0x0000151a beq 0x14d8 | goto label_0;
| }
| label_6:
0x0000151c movs r0, 0x29 | r0 = 0x29;
0x0000151e add sp, 0x10 |
0x00001520 pop.w {r4, r5, r6, r7, r8, lr} |
0x00001524 b.w 0xb04 | goto label_1;
| label_4:
0x00001528 bic r3, r4, 0xc0000000 | r3 = BIT_MASK (r4, 0xc0000000);
0x0000152c bic lr, r4, 0xf0000000 | lr = BIT_MASK (r4, 0xf0000000);
0x00001530 lsrs r4, r4, 0x1e | r4 >>= 0x1e;
0x00001532 add.w lr, lr, r3, lsr 28 | lr += (r3 >> 28);
0x00001536 ldr r1, [pc, 0x78] |
0x00001538 orr.w r4, r4, r5, lsl 2 | r4 |= (r5 << 2);
0x0000153c asrs r5, r5, 0x1e | r5 >>= 0x1e;
0x0000153e str r5, [sp, 4] | var_4h_3 = r5;
0x00001540 movs r5, 0x15 |
0x00001542 movt r5, 0x4000 | r5 = 0x40000015;
0x00001546 mov r2, r7 | r2 = r7;
0x00001548 umull r0, r5, r5, lr | r0:r5 = r5 * lr;
0x0000154c movw r7, 0x3333 |
0x00001550 movt r7, 0x333 | r7 = 0x3333333;
0x00001554 str r4, [sp] | *(sp) = r4;
0x00001556 mvn r4, 0x5000000 | r4 = ~0x5000000;
0x0000155a movw ip, 0xfffb |
0x0000155e movt ip, 0xafff | ip = 0xaffffffb;
0x00001562 movs r0, 1 | r0 = 1;
0x00001564 add r1, pc | r1 = 0x2b1a;
0x00001566 sub.w r8, lr, r5 | r8 = lr - r5;
0x0000156a add.w r5, r5, r8, lsr 1 | r5 += (r8 >> 1);
0x0000156e lsrs r5, r5, 0x19 | r5 >>= 0x19;
0x00001570 mls lr, r7, r5, lr | __asm ("mls lr, r7, r5, lr");
0x00001574 subs.w r3, r3, lr | r3 -= lr;
0x00001578 mul r4, r3, r4 | r4 = r3 * r4;
0x0000157c sbc.w r7, r7, r7 | __asm ("sbc.w r7, r7, r7");
0x00001580 umull r3, r5, r3, ip | r3:r5 = r3 * ip;
0x00001584 mla r4, ip, r7, r4 | __asm ("mla r4, ip, r7, r4");
0x00001588 lsrs r3, r0 | r3 >>= r0;
0x0000158a add r4, r5 | r4 += r5;
0x0000158c orr.w r3, r3, r4, lsl 31 | r3 |= (r4 << 31);
0x00001590 lsrs r4, r0 | r4 >>= r0;
0x00001592 str r3, [sp, 8] | var_8h_2 = r3;
0x00001594 str r4, [sp, 0xc] | var_ch_2 = r4;
0x00001596 blx 0xb2c | fprintf_chk ()
0x0000159a b 0x14d6 | goto label_2;
| }
[*] Function fprintf used 5 times ubiattach.mtd-utils
