[*] Binary protection state of lldpd
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of lldpd
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/lldpd @ 0xe3b8 */
| #include <stdint.h>
|
; (fcn) fcn.0000e3b8 () | void fcn_0000e3b8 (int16_t arg1, int16_t arg2) {
| int16_t var_0h_2;
| int32_t var_4h;
| int16_t var_0h_3;
| int16_t var_0h;
| r0 = arg1;
| r1 = arg2;
| do {
0x00002650 bx pc | return void (*pc)() ();
0x0000e3b8 mov.w ip, 0x1000 |
0x0000e3bc push {r3, r4, r7, lr} |
0x0000e3be sub.w ip, sp, ip |
0x0000e3c2 str.w r0, [ip, 0xff0] | __asm ("str.w r0, aav.0x000000ff");
0x0000e3c6 adds r3, r0, 1 | r3 = r0 + 1;
0x0000e3c8 add r7, sp, 0 | r7 += var_0h;
| if (r3 == r0) {
0x0000e3ca beq 0xe3fe | goto label_0;
| }
| if (r0 != 0) {
0x0000e3cc cbnz r0, 0xe3e0 | goto label_1;
| }
0x0000e3ce ldr r3, [pc, 0x3c] |
0x0000e3d0 movs r1, 0xf | r1 = 0xf;
0x0000e3d2 add r3, pc | r3 = 0x1c7e4;
0x0000e3d4 ldr r0, [r3] | r0 = *(0x1c7e4);
0x0000e3d6 mov sp, r7 |
0x0000e3d8 pop.w {r3, r4, r7, lr} |
0x0000e3dc b.w 0x2650 |
| } while (1);
| label_1:
0x0000e3e0 ands r4, r1, 0x7f | r4 = r1 & 0x7f;
| if (r4 != r1) {
0x0000e3e4 beq 0xe404 |
0x0000e3e6 adds r3, r4, 1 | r3 = r4 + 1;
0x0000e3e8 sbfx r3, r3, 1, 7 | __asm ("sbfx r3, r3, 1, 7");
0x0000e3ec cmp r3, 0 |
| if (r3 > 0) {
0x0000e3ee ble 0xe3fe |
0x0000e3f0 movs r1, 0 | r1 = 0;
0x0000e3f2 mov r0, r4 | r0 = r4;
0x0000e3f4 blx 0x23b0 | fcn_000023b0 ();
0x0000e3f6 vsubhn.i32 d20, q6, q8 | __asm ("vsubhn.i32 d20, q6, q8");
0x0000e3fa blx 0x2248 | fcn_00002248 ();
| }
| label_0:
0x0000e3fe movs r0, 1 | r0 = 1;
0x0000e400 blx 0x2370 | vsnprintf_chk ()
| }
0x0000e404 ubfx r0, r1, 8, 8 | r0 = (r1 >> 8) & ((1 << 8) - 1);
0x0000e408 blx 0x2370 | vsnprintf_chk ()
0x0000e40c orn r0, r2, 0x820000 | r0 = r2 | 0x820000;
| r0 = ~r0;
0x0000e410 mov.w ip, 0x1000 |
0x0000e414 push {r7, lr} |
0x0000e416 sub.w ip, sp, ip |
0x0000e41a str.w r0, [ip, 0xff0] | __asm ("str.w r0, aav.0x000000ff");
0x0000e41e ldr.w ip, [pc, 0x48] | ip = *(0x0000e468);
0x0000e422 sub sp, 8 |
0x0000e424 ldr r0, [pc, 0x44] |
0x0000e426 ldr r3, [pc, 0x48] |
0x0000e428 add r7, sp, 0 | r7 += var_0h_2;
0x0000e42a add ip, pc |
0x0000e42c movs r2, 1 | r2 = 1;
0x0000e42e ldr.w r0, [ip, r0] | r0 = *((ip + r0));
0x0000e432 mov r1, r7 | r1 = r7;
0x0000e434 add r3, pc | r3 = 0x1c8aa;
0x0000e436 ldr r0, [r0] | r0 = *(0xe46c);
0x0000e438 str r0, [r7, 4] | var_4h = r0;
0x0000e43a mov.w r0, 0 | r0 = 0;
0x0000e43e ldr r0, [r3] | r0 = *(0x1c8aa);
0x0000e440 blx 0x2564 | fcn_00002564 ();
0x0000e444 ldr r1, [r7] | r1 = *(r7);
0x0000e446 bl 0xe3b8 | fcn_0000e3b8 (r0, r1);
0x0000e44a ldr r2, [pc, 0x28] |
0x0000e44c ldr r3, [pc, 0x1c] | r3 = *(0xe46c);
0x0000e44e add r2, pc | r2 = 0x1c8c8;
0x0000e450 ldr r3, [r2, r3] | r3 = *(0x1c8c8);
0x0000e452 ldr r2, [r3] | r2 = *(0x1c8c8);
0x0000e454 ldr r3, [r7, 4] | r3 = var_4h;
0x0000e456 eors r2, r3 | r2 ^= r3;
0x0000e458 mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x0000e45c bne 0xe464 |
0x0000e45e adds r7, 8 | r7 += 8;
0x0000e460 mov sp, r7 |
0x0000e462 pop {r7, pc} |
| }
0x0000e464 blx 0x241c | fcn_0000241c ();
0x0000e468 invalid |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/lldpd @ 0xf0fc */
| #include <stdint.h>
|
; (fcn) fcn.0000f0fc () | void fcn_0000f0fc (int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x0000f0fc invalid | goto label_1;
0x0000f0fe mov.w ip, 0x1000 |
0x0000f102 push.w {r3, r4, r5, r6, r7, r8, sb, lr} |
0x0000f106 sub.w ip, sp, ip |
0x0000f10a str.w r0, [ip, 0xfe0] | __asm ("str.w r0, aav.0x000000ff");
0x0000f10e movs r6, 0 | r6 = 0;
0x0000f110 add r7, sp, 0 | r7 += var_0h;
0x0000f112 mov r8, r0 | r8 = r0;
0x0000f114 mov sb, r1 | sb = r1;
0x0000f116 mov r4, r2 | r4 = r2;
0x0000f118 mov r5, r6 | r5 = r6;
| do {
0x0000f11a mov r0, r8 | r0 = r8;
0x0000f11c bl 0xf06c | fcn_0000f06c (r0);
0x0000f11e invalid |
0x0000f122 add.w r1, sb, r5 | r1 = sb + r5;
0x0000f126 blx 0x22f0 | r0 = fcn_000022f0 ();
0x0000f12a adds r2, r0, 1 | r2 = r0 + 1;
| if (r2 == r0) {
0x0000f12c beq 0xf13c | goto label_2;
| }
| if (r0 == 0) {
0x0000f12e cbz r0, 0xf154 | goto label_3;
| }
0x0000f130 add r6, r0 | r6 += r0;
| label_0:
0x0000f132 cmp r6, r4 |
0x0000f134 mov r5, r6 | r5 = r6;
0x0000f136 blo 0xf11a |
| } while (r6 <= r4);
0x0000f138 pop.w {r3, r4, r5, r6, r7, r8, sb, pc} |
| label_2:
0x0000f13c blx 0x26c0 | r0 = fcn_000026c0 ();
0x0000f140 ldr r0, [r0] | r0 = *(r0);
0x0000f142 cmp r0, 0xb |
0x0000f144 it ne |
| if (r0 != 0xb) {
0x0000f146 cmpne r0, 4 | __asm ("cmpne r0, 4");
| }
0x0000f148 ite eq |
| if (r0 != 0xb) {
0x0000f14a moveq r0, 1 | r0 = 1;
| }
| if (r0 != 0xb) {
0x0000f14c movne r0, 0 | r0 = 0;
| goto label_4;
| }
| if (r0 == 0xb) {
| label_4:
0x0000f14e beq 0xf132 | goto label_0;
| }
0x0000f150 blx 0x2370 | vsnprintf_chk ()
| label_3:
0x0000f154 blx 0x2370 | vsnprintf_chk ()
| label_1:
0x0000f158 bx lr | return;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/lldpd @ 0xf15c */
| #include <stdint.h>
|
; (fcn) fcn.0000f15c () | void fcn_0000f15c (int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x0000f15c invalid | goto label_1;
0x0000f15e mov.w ip, 0x1000 |
0x0000f162 push.w {r3, r4, r5, r6, r7, r8, sb, lr} |
0x0000f166 sub.w ip, sp, ip |
0x0000f16a str.w r0, [ip, 0xfe0] | __asm ("str.w r0, aav.0x000000ff");
0x0000f16e movs r6, 0 | r6 = 0;
0x0000f170 add r7, sp, 0 | r7 += var_0h;
0x0000f172 mov r8, r0 | r8 = r0;
0x0000f174 mov sb, r1 | sb = r1;
0x0000f176 mov r4, r2 | r4 = r2;
0x0000f178 mov r5, r6 | r5 = r6;
| do {
0x0000f17a mov r0, r8 | r0 = r8;
0x0000f17c bl 0xf06c | fcn_0000f06c (r0);
0x0000f180 subs r2, r4, r5 | r2 = r4 - r5;
0x0000f182 add.w r1, sb, r5 | r1 = sb + r5;
0x0000f186 blx 0x2758 | r0 = fcn_00002758 ();
0x0000f18a adds r2, r0, 1 | r2 = r0 + 1;
| if (r2 == r0) {
0x0000f18c beq 0xf19c | goto label_2;
| }
| if (r0 == 0) {
0x0000f18e cbz r0, 0xf1b4 | goto label_3;
| }
0x0000f190 add r6, r0 | r6 += r0;
| label_0:
0x0000f192 cmp r6, r4 |
0x0000f194 mov r5, r6 | r5 = r6;
0x0000f196 blo 0xf17a |
| } while (r6 <= r4);
0x0000f198 pop.w {r3, r4, r5, r6, r7, r8, sb, pc} |
| label_2:
0x0000f19c blx 0x26c0 | r0 = fcn_000026c0 ();
0x0000f1a0 ldr r0, [r0] | r0 = *(r0);
0x0000f1a2 cmp r0, 0xb |
0x0000f1a4 it ne |
| if (r0 != 0xb) {
0x0000f1a6 cmpne r0, 4 | __asm ("cmpne r0, 4");
| }
0x0000f1a8 ite eq |
| if (r0 != 0xb) {
0x0000f1aa moveq r0, 1 | r0 = 1;
| }
| if (r0 != 0xb) {
0x0000f1ac movne r0, 0 | r0 = 0;
| goto label_4;
| }
| if (r0 == 0xb) {
| label_4:
0x0000f1ae beq 0xf192 | goto label_0;
| }
0x0000f1b0 blx 0x2370 | vsnprintf_chk ()
| label_3:
0x0000f1b4 blx 0x2370 | vsnprintf_chk ()
| label_1:
0x0000f1b8 bx lr | return;
| }
[*] Function printf used 7 times lldpd
