[*] Binary protection state of ubimkvol.mtd-utils
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of ubimkvol.mtd-utils
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/ubimkvol.mtd-utils @ 0x14bc */
| #include <stdint.h>
|
; (fcn) fcn.000014bc () | void fcn_000014bc (int16_t arg_8h, int16_t arg_a0h, int16_t arg_a4h, int16_t arg_b4h, int16_t arg_c0h, int16_t arg_c8h, int16_t arg_cch, int16_t arg_d4h, int16_t arg_15ch) {
| int16_t var_0h;
| int16_t var_4h;
| do {
| label_1:
0x00000c92 ldr.w r2, [pc, 0x690] | r2 = *(0x00001324);
0x00000c96 ldr.w r3, [pc, 0x670] | r3 = *(0x130a);
0x00000c9a add r2, pc | r2 += pc;
0x00000c9c ldr r3, [r2, r3] | r3 = *((r2 + r3));
0x00000c9e ldr r2, [r3] | r2 = *(0x130a);
0x00000ca0 ldr r3, [sp, 0x15c] | r3 = *(arg_15ch);
0x00000ca2 eors r2, r3 | r2 ^= r3;
0x00000ca4 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00000ca8 bne.w 0x12be | goto label_4;
| }
0x00000cac mov r0, fp | r0 = fp;
0x00000cae add sp, 0x164 |
0x00000cb0 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_3:
0x00001000 ldrb.w r3, [sl, 0x18] | r3 = *((sl + 0x18));
0x00001004 orr r3, r3, 1 | r3 |= 1;
0x00001008 strb.w r3, [sl, 0x18] | *((sl + 0x18)) = r3;
0x0000100c ldr r5, [pc, 0x3ac] |
0x0000100e mov r2, sl | r2 = sl;
0x00001010 mov r0, r4 | r0 = r4;
0x00001012 add r5, pc | r5 = 0x23d2;
0x00001014 ldr r1, [r5, 0x1c] | r1 = *(0x23ee);
0x00001016 bl 0x2c5c | r0 = fcn_00002c5c (r0, r1);
0x0000101a cmp r0, 0 |
| if (r0 < 0) {
0x0000101c blt.w 0x11ce | goto label_5;
| }
0x00001020 ldr.w r2, [sl] | r2 = *(sl);
0x00001024 add r3, sp, 0xa0 | r3 += arg_a0h;
0x00001026 ldr r1, [r6] | r1 = *(r6);
0x00001028 mov r0, r4 | r0 = r4;
0x0000102a str r2, [r5] | *(r5) = r2;
0x0000102c bl 0x3720 | r0 = fcn_00003720 (r0, r1, r2, r3, r4);
0x00001030 mov r5, r0 | r5 = r0;
0x00001032 cmp r0, 0 |
| if (r0 != 0) {
0x00001034 bne.w 0x1192 | goto label_6;
| }
0x00001038 ldr r1, [pc, 0x384] |
0x0000103a movs r0, 1 | r0 = 1;
0x0000103c ldr r3, [sp, 0xc8] | r3 = *(arg_c8h);
0x0000103e ldr r2, [sp, 0xa4] | r2 = *(arg_a4h);
0x00001040 add r1, pc | r1 = 0x2404;
0x00001042 blx 0xb44 | fprintf_chk ()
0x00001046 ldrd r0, r1, [sp, 0xc0] | __asm ("ldrd r0, r1, [arg_c0h]");
0x0000104a mov r2, r5 | r2 = r5;
0x0000104c bl 0x171c | fcn_0000171c (r0, r1, r2);
0x00001050 ldr r1, [pc, 0x370] |
0x00001052 movs r0, 1 | r0 = 1;
0x00001054 add r1, pc | r1 = 0x241c;
0x00001056 blx 0xb44 | fprintf_chk ()
0x0000105a ldr r0, [sp, 0xcc] | r0 = *(arg_cch);
0x0000105c movs r2, 1 | r2 = 1;
0x0000105e asrs r1, r0, 0x1f | r1 = r0 >> 0x1f;
0x00001060 bl 0x171c | fcn_0000171c (r0, r1, r2);
0x00001064 ldr.w r3, [sl, 0x10] | r3 = *((sl + 0x10));
0x00001068 cmp r3, 3 |
| if (r3 == 3) {
0x0000106a beq 0x10da | goto label_7;
| }
0x0000106c ldr r2, [pc, 0x358] |
0x0000106e add r2, pc | r2 = 0x243a;
| label_0:
0x00001070 ldr r0, [sp, 0xb4] | r0 = *(arg_b4h);
0x00001072 add r3, sp, 0xd4 | r3 += arg_d4h;
0x00001074 ldr r1, [pc, 0x354] |
0x00001076 mov.w fp, 0 |
0x0000107a str r0, [sp] | *(sp) = r0;
0x0000107c movs r0, 1 | r0 = 1;
0x0000107e add r1, pc | r1 = 0x244e;
0x00001080 blx 0xb44 | fprintf_chk ()
0x00001084 mov r0, r4 | r0 = r4;
0x00001086 bl 0x20e8 | fcn_000020e8 (r0);
0x0000108a b 0xc92 |
| } while (1);
| label_7:
0x000010da ldr r2, [pc, 0x30c] |
0x000010dc add r2, pc | r2 = 0x24ca;
0x000010de b 0x1070 | goto label_0;
| do {
| label_2:
0x00001170 mov r0, r4 | r0 = r4;
0x00001172 bl 0x20e8 | fcn_000020e8 (r0);
0x00001176 b 0xc92 | goto label_1;
| label_6:
0x00001192 blx 0xaec | fcn_00000aec ();
0x00001196 ldr r3, [pc, 0x184] | r3 = *(0x131e);
0x00001198 movs r1, 1 | r1 = 1;
0x0000119a ldr r2, [pc, 0x27c] |
0x0000119c ldr r5, [r0] | r5 = *(r0);
0x0000119e ldr r6, [r7, r3] | r6 = *((r7 + r3));
0x000011a0 ldr r3, [pc, 0x278] |
0x000011a2 add r2, pc | r2 = 0x25c0;
0x000011a4 ldr r0, [r6] | r0 = *(r6);
0x000011a6 add r3, pc | r3 = 0x25c6;
0x000011a8 blx 0xb50 | readdir64 ();
0x000011ac mov r0, r5 | r0 = r5;
0x000011ae ldr r6, [r6] | r6 = *(r6);
0x000011b0 blx 0xa8c | fcn_00000a8c ();
0x000011b4 ldr r3, [pc, 0x268] |
0x000011b6 movs r1, 1 | r1 = 1;
0x000011b8 ldr r2, [pc, 0x268] |
0x000011ba str r0, [sp, 8] | *(arg_8h) = r0;
0x000011bc mov r0, r6 | r0 = r6;
0x000011be add r3, pc | r3 = 0x25e2;
0x000011c0 str r5, [sp, 4] | var_4h = r5;
0x000011c2 str r3, [sp] | *(sp) = r3;
0x000011c4 add r2, pc | r2 = 0x25ec;
0x000011c6 movs r3, 0xa | r3 = 0xa;
0x000011c8 blx 0xb50 | readdir64 ();
0x000011cc b 0x1170 |
| } while (1);
| label_5:
0x000011ce blx 0xaec | fcn_00000aec ();
0x000011d2 ldr r3, [pc, 0x148] | r3 = *(0x131e);
0x000011d4 movs r1, 1 | r1 = 1;
0x000011d6 ldr r2, [pc, 0x250] |
0x000011d8 ldr r5, [r0] | r5 = *(r0);
0x000011da ldr r6, [r7, r3] | r6 = *((r7 + r3));
0x000011dc ldr r3, [pc, 0x24c] |
0x000011de add r2, pc | r2 = 0x260c;
0x000011e0 ldr r0, [r6] | r0 = *(r6);
0x000011e2 add r3, pc | r3 = 0x2612;
0x000011e4 blx 0xb50 | readdir64 ();
0x000011e8 mov r0, r5 | r0 = r5;
0x000011ea ldr r6, [r6] | r6 = *(r6);
0x000011ec blx 0xa8c | fcn_00000a8c ();
0x000011f0 ldr r3, [pc, 0x23c] |
0x000011f2 movs r1, 1 | r1 = 1;
0x000011f4 ldr r2, [pc, 0x23c] |
0x000011f6 str r0, [sp, 8] | *(arg_8h) = r0;
0x000011f8 mov r0, r6 | r0 = r6;
0x000011fa add r3, pc | r3 = 0x262e;
0x000011fc str r5, [sp, 4] | var_4h = r5;
0x000011fe str r3, [sp] | *(sp) = r3;
0x00001200 add r2, pc | r2 = 0x2638;
0x00001202 movs r3, 0xa | r3 = 0xa;
0x00001204 blx 0xb50 | readdir64 ();
0x00001208 b 0x1170 | goto label_2;
| label_4:
0x000012be blx 0xa1c | fcn_00000a1c ();
0x000012c2 ldr r1, [pc, 0x58] | r1 = *(0x131e);
0x000012c4 ldr r3, [pc, 0x1a8] |
0x000012c6 ldr r2, [pc, 0x1ac] |
0x000012c8 ldr r1, [r7, r1] | r1 = *((r7 + r1));
0x000012ca add r3, pc | r3 = 0x273e;
0x000012cc add r2, pc | r2 = 0x2746;
0x000012ce ldr r0, [r1] | r0 = *(0x131e);
0x000012d0 movs r1, 1 | r1 = 1;
0x000012d2 blx 0xb50 | readdir64 ();
0x000012d6 b 0xc92 | goto label_1;
0x000014bc adds r0, 0x14 | r0 += 0x14;
0x000014be b 0x1000 | goto label_3;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/ubimkvol.mtd-utils @ 0x171c */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.0000171c () | void fcn_0000171c (int16_t arg1, int16_t arg2, uint32_t arg3) {
| int16_t var_0h_3;
| int16_t var_4h_3;
| int16_t var_8h_2;
| int16_t var_ch_2;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| label_1:
0x00000b1c bx pc | return void (*pc)() ();
0x0000171c push.w {r4, r5, r6, r7, r8, lr} |
0x00001720 mov r4, r0 | r4 = r0;
0x00001722 sub sp, 0x10 |
0x00001724 mov r5, r1 | r5 = r1;
0x00001726 mov r6, r2 | r6 = r2;
0x00001728 cmp r2, 0 |
| if (r2 != 0) {
0x0000172a bne 0x17ce | goto label_3;
| }
0x0000172c ldr r7, [pc, 0x15c] |
0x0000172e add r7, pc | r7 = 0x2fbe;
| do {
0x00001730 ldr r1, [pc, 0x15c] |
0x00001732 mov r3, r5 | r3 = r5;
0x00001734 mov r2, r4 | r2 = r4;
0x00001736 movs r0, 1 | r0 = 1;
0x00001738 add r1, pc | r1 = 0x2fcc;
0x0000173a blx 0xb44 | fprintf_chk ()
0x0000173e movs r3, 1 |
0x00001740 movt r3, 0x4000 | r3 = 0x40000001;
0x00001744 cmp r4, r3 |
0x00001746 sbcs r3, r5, 0 | __asm ("sbcs r3, r5, 0");
| if (r4 >= r3) {
0x0000174a bge 0x1818 | goto label_4;
| }
0x0000174c movs r3, 1 |
0x0000174e movt r3, 0x10 | r3 = 0x100001;
0x00001752 cmp r4, r3 |
0x00001754 sbcs r3, r5, 0 | __asm ("sbcs r3, r5, 0");
| if (r4 >= r3) {
0x00001758 bge 0x17d4 | goto label_5;
| }
0x0000175a movw r3, 0x401 | r3 = 0x401;
0x0000175e cmp r4, r3 |
0x00001760 sbcs r3, r5, 0 | __asm ("sbcs r3, r5, 0");
| if (r4 >= r3) {
0x00001764 blt 0x17c8 |
0x00001766 ubfx r3, r4, 0, 0xa | r3 = (r4 >> 0) & ((1 << 0xa) - 1);
0x0000176a lsrs r4, r4, 0xa | r4 >>= 0xa;
0x0000176c movw r0, 0xa0a1 |
0x00001770 ldr r1, [pc, 0x120] |
0x00001772 orr.w r4, r4, r5, lsl 22 | r4 |= (r5 << 22);
0x00001776 movt r0, 0xa0a0 |
0x0000177a asrs r5, r5, 0xa | r5 >>= 0xa;
0x0000177c mov r2, r7 | r2 = r7;
0x0000177e str r4, [sp] | *(sp) = r4;
0x00001780 umull r4, r0, r0, r3 | r4:r0 = r0 * r3;
0x00001784 movw r4, 0xfafb |
0x00001788 str r5, [sp, 4] | var_4h_3 = r5;
0x0000178a movt r4, 0xfafa | r4 = 0xfafafafb;
0x0000178e add r1, pc | r1 = 0x3026;
0x00001790 lsrs r0, r0, 5 | r0 >>= 5;
0x00001792 add.w r0, r0, r0, lsl 1 |
| /* if there is a right shift of 7, then it's a division by 1/204 */
0x00001796 add.w r0, r0, r0, lsl 4 | r0 = 0xa0a0a0a1;
0x00001798 asrs r0, r0, 0x20 | r0 >>= 0x20;
0x0000179a subs r0, r3, r0 | r0 = r3 - r0;
0x0000179c subs r3, r3, r0 | r3 -= r0;
0x0000179e mov.w r0, -0x5050506 | r0 = -0x5050506;
0x000017a0 adds r0, 0xfa | r0 += 0xfa;
0x000017a2 mul r0, r3, r0 | r0 = r3 * r0;
0x000017a6 sbc.w r5, r5, r5 | __asm ("sbc.w r5, r5, r5");
0x000017aa mla r0, r4, r5, r0 | __asm ("mla r0, r4, r5, r0");
0x000017ae umull r3, r4, r3, r4 | r3:r4 = r3 * r4;
0x000017b2 lsrs r3, r3, 1 | r3 >>= 1;
0x000017b4 add r0, r4 | r0 += r4;
0x000017b6 orr.w r3, r3, r0, lsl 31 | r3 |= (r0 << 31);
0x000017ba lsrs r0, r0, 1 | r0 >>= 1;
0x000017bc str r3, [sp, 8] | var_8h_2 = r3;
0x000017be str r0, [sp, 0xc] | var_ch_2 = r0;
0x000017c0 movs r0, 1 | r0 = 1;
0x000017c2 blx 0xb44 | fprintf_chk ()
| if (r6 != 0) {
| label_2:
0x000017c6 cbnz r6, 0x180c | goto label_6;
| }
| }
| label_0:
0x000017c8 add sp, 0x10 |
0x000017ca pop.w {r4, r5, r6, r7, r8, pc} |
| label_3:
0x000017ce ldr r7, [pc, 0xc8] |
0x000017d0 add r7, pc | r7 = 0x306e;
0x000017d2 b 0x1730 |
| } while (1);
| label_5:
0x000017d4 ubfx r0, r4, 0, 0x14 | r0 = (r4 >> 0) & ((1 << 0x14) - 1);
0x000017d8 ldr.w r8, [pc, 0xc0] |
0x000017dc lsrs r4, r4, 0x14 | r4 >>= 0x14;
0x000017de movw r2, 0x9999 |
0x000017e2 movt r2, 1 | r2 = 0x19999;
0x000017e6 orr.w r4, r4, r5, lsl 12 | r4 |= (r5 << 12);
0x000017ea asrs r5, r5, 0x14 | r5 >>= 0x14;
0x000017ec add r8, pc | r8 = 0x308c;
0x000017ee movs r1, 0 | r1 = 0;
0x000017f0 movs r3, 0 | r3 = 0;
0x000017f2 bl 0x4100 | fcn_00004100 (r0, r1, r2, r3);
0x000017f6 mov r2, r7 | r2 = r7;
0x000017f8 strd r0, r1, [sp, 8] | __asm ("strd r0, r1, [sp, 8]");
0x000017fc str r4, [sp] | *(sp) = r4;
0x000017fe mov r1, r8 | r1 = r8;
0x00001800 movs r0, 1 | r0 = 1;
0x00001802 str r5, [sp, 4] | var_4h_3 = r5;
0x00001804 blx 0xb44 | fprintf_chk ()
0x00001808 cmp r6, 0 |
| if (r6 == 0) {
0x0000180a beq 0x17c8 | goto label_0;
| }
| label_6:
0x0000180c movs r0, 0x29 | r0 = 0x29;
0x0000180e add sp, 0x10 |
0x00001810 pop.w {r4, r5, r6, r7, r8, lr} |
0x00001814 b.w 0xb1c | goto label_1;
| if (r2 != 0) {
0x00001816 cbnz r2, 0x183a | void (*0x183a)() ();
| }
| label_4:
0x00001818 bic r3, r4, 0xc0000000 | r3 = BIT_MASK (r4, 0xc0000000);
0x0000181c bic lr, r4, 0xf0000000 | lr = BIT_MASK (r4, 0xf0000000);
0x00001820 lsrs r4, r4, 0x1e | r4 >>= 0x1e;
0x00001822 add.w lr, lr, r3, lsr 28 | lr += (r3 >> 28);
0x00001826 ldr r1, [pc, 0x78] |
0x00001828 orr.w r4, r4, r5, lsl 2 | r4 |= (r5 << 2);
0x0000182c asrs r5, r5, 0x1e | r5 >>= 0x1e;
0x0000182e str r5, [sp, 4] | var_4h_3 = r5;
0x00001830 movs r5, 0x15 |
0x00001832 movt r5, 0x4000 | r5 = 0x40000015;
0x00001836 mov r2, r7 | r2 = r7;
0x00001838 umull r0, r5, r5, lr | r0:r5 = r5 * lr;
0x0000183c movw r7, 0x3333 |
0x00001840 movt r7, 0x333 | r7 = 0x3333333;
0x00001844 str r4, [sp] | *(sp) = r4;
0x00001846 mvn r4, 0x5000000 | r4 = ~0x5000000;
0x0000184a movw ip, 0xfffb |
0x0000184e movt ip, 0xafff | ip = 0xaffffffb;
0x00001852 movs r0, 1 | r0 = 1;
0x00001854 add r1, pc | r1 = 0x30fa;
0x00001856 sub.w r8, lr, r5 | r8 = lr - r5;
0x0000185a add.w r5, r5, r8, lsr 1 | r5 += (r8 >> 1);
0x0000185e lsrs r5, r5, 0x19 | r5 >>= 0x19;
0x00001860 mls lr, r7, r5, lr | __asm ("mls lr, r7, r5, lr");
0x00001864 subs.w r3, r3, lr | r3 -= lr;
0x00001868 mul r4, r3, r4 | r4 = r3 * r4;
0x0000186c sbc.w r7, r7, r7 | __asm ("sbc.w r7, r7, r7");
0x00001870 umull r3, r5, r3, ip | r3:r5 = r3 * ip;
0x00001874 mla r4, ip, r7, r4 | __asm ("mla r4, ip, r7, r4");
0x00001878 lsrs r3, r0 | r3 >>= r0;
0x0000187a add r4, r5 | r4 += r5;
0x0000187c orr.w r3, r3, r4, lsl 31 | r3 |= (r4 << 31);
0x00001880 lsrs r4, r0 | r4 >>= r0;
0x00001882 str r3, [sp, 8] | var_8h_2 = r3;
0x00001884 str r4, [sp, 0xc] | var_ch_2 = r4;
0x00001886 blx 0xb44 | fprintf_chk ()
0x0000188a b 0x17c6 | goto label_2;
| }
[*] Function fprintf used 8 times ubimkvol.mtd-utils
