[*] Binary protection state of snmp-confd
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of snmp-confd
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/bin/snmp-confd @ 0x76d8 */
| #include <stdint.h>
|
; (fcn) fcn.000076d8 () | void fcn_000076d8 (int16_t arg1) {
| int16_t var_4h;
| int16_t var_14h;
| int32_t var_14h_2;
| int16_t var_1ch;
| int16_t var_20h;
| int16_t var_24h;
| r0 = arg1;
0x000076d8 blmi 0x1199ff4 | __asm ("blmi 0x1199ff4");
0x000076dc push {r4, r5, lr} |
0x000076de mov r4, r0 | r4 = r0;
0x000076e0 add r2, pc | r2 += pc;
0x000076e2 ldrb r0, [r0] | r0 = *(r0);
0x000076e4 sub sp, 0x2c |
0x000076e6 ldr r3, [r2, r3] | r3 = *((r2 + r3));
0x000076e8 ldr r3, [r3] | r3 = *(r3);
0x000076ea str r3, [sp, 0x24] | var_24h = r3;
0x000076ec mov.w r3, 0 | r3 = 0;
0x000076f0 cbnz r0, 0x770a |
| while (1) {
| label_2:
0x000076f2 ldr r2, [pc, 0x104] |
0x000076f4 ldr r3, [pc, 0xfc] | r3 = *(0x77f4);
0x000076f6 add r2, pc | r2 = 0xeef4;
0x000076f8 ldr r3, [r2, r3] | r3 = *(0xeef4);
0x000076fa ldr r2, [r3] | r2 = *(0xeef4);
0x000076fc ldr r3, [sp, 0x24] | r3 = var_24h;
0x000076fe eors r2, r3 | r2 ^= r3;
0x00007700 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00007704 bne 0x77ea | goto label_4;
| }
0x00007706 add sp, 0x2c |
0x00007708 pop {r4, r5, pc} |
0x0000770a add r2, sp, 4 | r2 += var_4h;
0x0000770c mov r1, r4 | r1 = r4;
0x0000770e movs r0, 2 | r0 = 2;
0x00007710 blx 0x1768 | r0 = asprintf_chk ()
0x00007714 cmp r0, 1 |
0x00007716 it eq |
| if (r0 != 1) {
0x00007718 addeq r5, sp, 0x14 | r5 += var_14h;
| }
| if (r0 == 1) {
0x0000771a beq 0x7740 | goto label_5;
| }
0x0000771c ldrb r3, [r4] | r3 = *(r4);
| if (r3 != 0) {
0x0000771e cbnz r3, 0x7730 | goto label_6;
| }
| label_0:
0x00007720 ldr r1, [pc, 0xd8] |
0x00007722 mov r0, r4 | r0 = r4;
0x00007724 add r1, pc | r1 = 0xef24;
0x00007726 blx 0x1688 | fcn_00001688 ();
0x00007728 invalid |
| label_1:
0x0000772c movs r0, 0 | r0 = 0;
0x0000772e b 0x76f2 |
| }
| label_6:
0x00007730 add r5, sp, 0x14 | r5 += var_14h;
0x00007732 mov r1, r4 | r1 = r4;
0x00007734 mov r2, r5 | r2 = r5;
0x00007736 movs r0, 0xa | r0 = 0xa;
0x00007738 blx 0x1768 | r0 = asprintf_chk ()
0x0000773c cmp r0, 1 |
| if (r0 != 1) {
0x0000773e bne 0x7720 | goto label_0;
| }
| label_5:
0x00007740 mov r2, r5 | r2 = r5;
0x00007742 mov r1, r4 | r1 = r4;
0x00007744 movs r0, 2 | r0 = 2;
0x00007746 blx 0x1768 | r0 = asprintf_chk ()
0x0000774a cmp r0, 1 |
| if (r0 != 1) {
0x0000774c bne 0x77a0 | goto label_7;
| }
0x0000774e ldrb.w r3, [sp, 0x14] | r3 = var_14h;
0x00007752 subs r2, r3, 1 | r2 = r3 - 1;
0x00007754 sub.w r3, r3, 0x7f | r3 -= 0x7f;
0x00007758 clz r3, r3 | r3 &= r3;
0x0000775c uxtb r2, r2 | r2 = (int8_t) r2;
0x0000775e lsrs r3, r3, 5 | r3 >>= 5;
0x00007760 cmp r2, 0xde |
0x00007762 it hi |
| if (r2 <= 0xde) {
0x00007764 orrhi r3, r3, 1 | r3 |= 1;
| }
0x00007766 lsls r1, r0, 0xc | r1 = r0 << 0xc;
0x00007768 cmp r3, 0 |
| if (r3 != 0) {
0x0000776a bne 0x7720 | goto label_0;
| }
0x0000776c b 0x77ae | goto label_3;
0x0000776e ldr r1, [pc, 0x90] |
0x00007770 mov r0, r4 | r0 = r4;
0x00007772 add r1, pc | r1 = 0xef78;
0x00007774 blx 0x1688 | r0 = fcn_00001688 ();
0x00007778 cmp r0, 0 |
| if (r0 == 0) {
0x0000777a beq 0x772c | goto label_1;
| }
0x0000777c ldr r1, [pc, 0x84] |
0x0000777e mov r0, r4 | r0 = r4;
0x00007780 add r1, pc | r1 = 0xef88;
0x00007782 blx 0x1688 | r0 = fcn_00001688 ();
0x00007786 cmp r0, 0 |
| if (r0 == 0) {
0x00007788 beq 0x772c | goto label_1;
| }
0x0000778a ldr r0, [pc, 0x7c] |
0x0000778c movs r3, 0 | r3 = 0;
0x0000778e mov r2, r3 | r2 = r3;
0x00007790 mov r1, r4 | r1 = r4;
0x00007792 add r0, pc | r0 = 0xefa0;
0x00007794 blx 0x1950 | fcn_00001950 ();
0x00007798 subs r0, 0 |
0x0000779a it ne |
| if (r0 == 0) {
0x0000779c movne r0, 1 | r0 = 1;
| }
0x0000779e b 0x76f2 | goto label_2;
| label_7:
0x000077a0 mov r2, r5 | r2 = r5;
0x000077a2 mov r1, r4 | r1 = r4;
0x000077a4 movs r0, 0xa | r0 = 0xa;
0x000077a6 blx 0x1768 | r0 = asprintf_chk ()
0x000077aa cmp r0, 1 |
| if (r0 != 1) {
0x000077ac beq 0x77b2 |
| label_3:
0x000077ae movs r0, 1 | r0 = 1;
0x000077b0 b 0x76f2 | goto label_2;
| }
0x000077b2 mov r2, r5 | r2 = r5;
0x000077b4 add r1, sp, 0x24 | r1 += var_24h;
| do {
0x000077b6 ldrb r3, [r2], 1 | r3 = *(r2);
| r2++;
| if (r3 != 0) {
0x000077ba cbnz r3, 0x77c2 | goto label_8;
| }
0x000077bc cmp r2, r1 |
0x000077be bne 0x77b6 |
| } while (r2 != r1);
0x000077c0 b 0x7720 | goto label_0;
| label_8:
0x000077c2 ldrd r3, r1, [sp, 0x14] | __asm ("ldrd r3, r1, [var_14h]");
0x000077c6 ldr r2, [sp, 0x1c] | r2 = var_1ch;
0x000077c8 orrs r3, r1 | r3 |= r1;
0x000077ca orrs r3, r2 | r3 |= r2;
| if (r3 != r2) {
0x000077cc bne 0x77d6 | goto label_9;
| }
0x000077ce ldr r3, [sp, 0x20] | r3 = var_20h;
0x000077d0 cmp.w r3, 0x1000000 |
| if (r3 == 0x1000000) {
0x000077d4 beq 0x7720 | goto label_0;
| }
| label_9:
0x000077d6 ldrb.w r3, [sp, 0x14] | r3 = var_14h;
0x000077da sub.w r3, r3, 0xff | r3 -= 0xff;
0x000077de clz r3, r3 | r3 &= r3;
0x000077e2 lsrs r3, r3, 5 | r3 >>= 5;
0x000077e4 cmp r3, 0 |
| if (r3 != 0) {
0x000077e6 bne 0x7720 | goto label_0;
| }
0x000077e8 b 0x77ae | goto label_3;
| label_4:
0x000077ea blx 0x1914 | fcn_00001914 ();
0x000077ee nop |
0x000077f0 invalid |
| }
[*] Function sprintf used 5 times snmp-confd
