[*] Binary protection state of libstd2parser.so
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of libstd2parser.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libstd2parser.so @ 0x1d40 */
| #include <stdint.h>
|
; (fcn) fcn.00001d40 () | void fcn_00001d40 (int16_t arg1) {
| r0 = arg1;
0x00001d40 mvnsmi lr, sp, lsr 18 | __asm ("mvnsmi lr, sp, lsr 18");
0x00001d44 mov r4, r0 | r4 = r0;
0x00001d46 mov r0, r1 | r0 = r1;
0x00001d48 mov r6, r1 | r6 = r1;
0x00001d4a blx 0x1504 | sprintf_chk ()
0x00001d4e ldrd r3, r2, [r4, 4] | __asm ("ldrd r3, r2, [r4, 4]");
0x00001d52 mov r5, r0 | r5 = r0;
0x00001d54 ldr.w r8, [r4] | r8 = *(r4);
0x00001d58 subs r1, r2, r3 | r1 = r2 - r3;
0x00001d5a cmp r1, r0 |
0x00001d5c it gt |
| if (r1 <= r0) {
0x00001d5e addgt r0, r8, r3 | r0 = r8 + r3;
| }
| if (r1 <= r0) {
0x00001d62 bgt 0x1d84 |
0x00001d64 movw r7, 0x1ff | r7 = 0x1ff;
0x00001d68 mov r0, r8 | r0 = r8;
0x00001d6a cmp r7, r5 |
0x00001d6c it lt |
| if (r7 >= r5) {
0x00001d6e movlt r7, r5 | r7 = r5;
| }
0x00001d70 adds r7, 1 | r7++;
0x00001d72 add r7, r2 | r7 += r2;
0x00001d74 mov r1, r7 | r1 = r7;
0x00001d76 blx 0x13d0 | fcn_000013d0 ();
0x00001d7a str r0, [r4] | *(r4) = r0;
| if (r0 == 0) {
0x00001d7c cbz r0, 0x1d92 | goto label_0;
| }
0x00001d7e ldr r3, [r4, 4] | r3 = *((r4 + 4));
0x00001d80 str r7, [r4, 8] | *((r4 + 8)) = r7;
0x00001d82 add r0, r3 | r0 += r3;
| }
0x00001d84 add r5, r3 | r5 += r3;
0x00001d86 mov r1, r6 | r1 = r6;
0x00001d88 str r5, [r4, 4] | *((r4 + 4)) = r5;
0x00001d8a pop.w {r4, r5, r6, r7, r8, lr} |
0x00001d8e b.w 0x142c | void (*0x142c)() ();
| label_0:
0x00001d92 str.w r8, [r4] | __asm ("str.w r8, [r4]");
0x00001d96 pop.w {r4, r5, r6, r7, r8, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libstd2parser.so @ 0x19c8 */
| #include <stdint.h>
|
; (fcn) sym.std2parser_load_dyncfg () | void std2parser_load_dyncfg (int16_t arg1, int16_t arg2) {
| int32_t var_0h;
| int32_t var_0h_2;
| int16_t var_ch;
| char * mode;
| int16_t var_14h;
| int16_t var_18h;
| int16_t var_28h;
| int16_t var_74h;
| r0 = arg1;
| r1 = arg2;
0x000019c8 ldr r2, [pc, 0x1d4] |
0x000019ca ldr r3, [pc, 0x1d8] | r3 = *(0x1ba6);
0x000019cc push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x000019d0 sub sp, 0x7c |
0x000019d2 add r2, pc | r2 = 0x3576;
0x000019d4 mov r5, r0 | r5 = r0;
0x000019d6 mov r4, r1 | r4 = r1;
0x000019d8 ldr r3, [r2, r3] |
0x000019da ldr r3, [r3] | r3 = *(0x3576);
0x000019dc str r3, [sp, 0x74] | var_74h = r3;
0x000019de mov.w r3, 0 | r3 = 0;
0x000019e2 blx 0x13ec | r0 = fcn_000013ec ();
| if (r0 == 0) {
0x000019e6 cbnz r0, 0x1a04 |
| label_2:
0x000019e8 ldr r2, [pc, 0x1bc] |
0x000019ea ldr r3, [pc, 0x1b8] | r3 = *(0x1ba6);
0x000019ec add r2, pc | r2 = 0x3598;
0x000019ee ldr r3, [r2, r3] | r3 = *(0x3598);
0x000019f0 ldr r2, [r3] | r2 = *(0x3598);
0x000019f2 ldr r3, [sp, 0x74] | r3 = var_74h;
0x000019f4 eors r2, r3 | r2 ^= r3;
0x000019f6 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x000019fa bne.w 0x1b9c | goto label_8;
| }
0x000019fe add sp, 0x7c |
0x00001a00 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x00001a04 mov r0, r4 | r0 = r4;
0x00001a06 blx 0x13a8 | r0 = stack_chk_fail ();
0x00001a0a mov sb, r0 | sb = r0;
0x00001a0c cmp r0, 0 |
| if (r0 == 0) {
0x00001a0e beq.w 0x1b54 | goto label_7;
| }
0x00001a12 movs r1, 0x2f | r1 = 0x2f;
0x00001a14 blx 0x15b8 | strncmp (r0, r1, r2);
0x00001a16 ldcl p6, c4, [r0, 0x200] | __asm ("ldcl p6, c4, [r0, 0x200]");
0x00001a1a cmp r0, 0 |
| if (r0 == 0) {
0x00001a1c beq.w 0x1b74 | goto label_9;
| }
0x00001a20 ldr r1, [pc, 0x188] |
0x00001a22 movs r4, 0 | r4 = 0;
0x00001a24 mov r6, r0 | r6 = r0;
0x00001a26 mov r8, sb | r8 = sb;
0x00001a28 strb r4, [r6], 1 | *(r6) = r4;
| r6++;
0x00001a2c mov r0, r6 | r0 = r6;
0x00001a2e add r1, pc | r1 = 0x35de;
0x00001a30 blx 0x130c | strstr (r0, r1);
0x00001a34 movs r2, 0x5f | r2 = 0x5f;
0x00001a36 mov r3, r0 | r3 = r0;
0x00001a38 strb r4, [r0, 1] | *((r0 + 1)) = r4;
0x00001a3a mov r0, sb | r0 = sb;
0x00001a3c strb r2, [r3] | *(r3) = r2;
0x00001a3e blx 0x1470 | r0 = fcn_00001470 ();
0x00001a42 mov r4, r0 | r4 = r0;
| label_6:
0x00001a44 cmp r4, 0 |
| if (r4 == 0) {
0x00001a46 beq.w 0x1b94 | goto label_10;
| }
0x00001a4a ldr r3, [pc, 0x164] |
0x00001a4c add.w sl, sp, 0x18 | sl += var_18h;
0x00001a50 add r3, pc | r3 = 0x3606;
0x00001a52 str r3, [sp, 0x10] | mode = r3;
0x00001a54 ldr r3, [pc, 0x15c] |
0x00001a56 add r3, pc | r3 = 0x360e;
0x00001a58 str r3, [sp, 0xc] | var_ch = r3;
| do {
| label_0:
0x00001a5a mov r0, r4 | r0 = r4;
0x00001a5c blx 0x15ac | r0 = isatty (r0);
0x00001a60 cmp r0, 0 |
| if (r0 == 0) {
0x00001a62 beq 0x1b0c | goto label_11;
| }
| label_1:
0x00001a64 ldrb r3, [r0, 0xb] | r3 = *((r0 + 0xb));
0x00001a66 add.w r7, r0, 0xb | r7 = r0 + 0xb;
0x00001a6a cmp r3, 0x2e |
| if (r3 != 0x2e) {
0x00001a6c bne 0x1a74 | goto label_12;
| }
0x00001a6e ldrb r3, [r7, 1] | r3 = *((r7 + 1));
0x00001a70 cmp r3, 0 |
0x00001a72 beq 0x1a5a |
| } while (r3 == 0);
| label_12:
0x00001a74 ldrb r3, [r0, 0xb] | r3 = *((r0 + 0xb));
0x00001a76 cmp r3, 0x2e |
| if (r3 != 0x2e) {
0x00001a78 bne 0x1a86 | goto label_13;
| }
0x00001a7a ldrb r3, [r7, 1] | r3 = *((r7 + 1));
0x00001a7c cmp r3, 0x2e |
| if (r3 != 0x2e) {
0x00001a7e bne 0x1a86 | goto label_13;
| }
0x00001a80 ldrb r3, [r7, 2] | r3 = *((r7 + 2));
0x00001a82 cmp r3, 0 |
| if (r3 == 0) {
0x00001a84 beq 0x1a5a | goto label_0;
| }
| label_13:
0x00001a86 mov r0, r6 | r0 = r6;
0x00001a88 blx 0x1504 | sprintf_chk ()
0x00001a8c mov r1, r6 | r1 = r6;
0x00001a8e mov r2, r0 | r2 = r0;
0x00001a90 mov r0, r7 | r0 = r7;
0x00001a92 blx 0x15e8 | r0 = fcn_000015e8 ();
0x00001a96 cmp r0, 0 |
| if (r0 != 0) {
0x00001a98 bne 0x1a5a | goto label_0;
| }
0x00001a9a ldr r1, [r5, 0x5c] | r1 = *((r5 + 0x5c));
0x00001a9c ldr r0, [r5, 0x58] | r0 = *((r5 + 0x58));
0x00001a9e adds r1, 1 | r1++;
0x00001aa0 lsls r1, r1, 2 | r1 <<= 2;
0x00001aa2 blx 0x13d0 | r0 = fcn_000013d0 ();
0x00001aa6 cmp r0, 0 |
| if (r0 == 0) {
0x00001aa8 beq 0x1b48 | goto label_14;
| }
0x00001aaa str r0, [r5, 0x58] | *((r5 + 0x58)) = r0;
0x00001aac cmp.w r8, 0 |
| if (r8 == 0) {
0x00001ab0 beq 0x1b64 | goto label_15;
| }
0x00001ab2 mov r0, r8 | r0 = r8;
0x00001ab4 blx 0x1504 | r0 = sprintf_chk ()
0x00001ab8 mov fp, r0 |
0x00001aba mov r0, r7 | r0 = r7;
0x00001abc blx 0x1504 | sprintf_chk ()
0x00001ac0 add r0, fp | r0 += fp;
0x00001ac2 adds r0, 2 | r0 += 2;
0x00001ac4 blx 0x148c | r0 = fcn_0000148c ();
0x00001ac8 mov fp, r0 |
0x00001aca cmp r0, 0 |
| if (r0 == 0) {
0x00001acc beq 0x1b48 | goto label_14;
| }
0x00001ace movs r1, 1 | r1 = 1;
0x00001ad0 ldr r3, [sp, 0xc] | r3 = var_ch;
0x00001ad2 mov.w r2, -1 | r2 = -1;
0x00001ad6 strd r8, r7, [sp] | __asm ("strd r8, r7, [sp]");
0x00001ada blx 0x1534 | fileno (r0);
0x00001ade mov r1, sl | r1 = sl;
0x00001ae0 mov r0, fp | r0 = fp;
0x00001ae2 blx 0x1464 | r0 = fcn_00001464 ();
0x00001ae6 cmp r0, 0 |
| if (r0 != 0) {
0x00001ae8 bne 0x1b5c | goto label_16;
| }
| label_5:
0x00001aea ldr r3, [sp, 0x28] | r3 = var_28h;
0x00001aec and r3, r3, 0xf000 | r3 &= 0xf000;
0x00001af0 cmp.w r3, 0x8000 |
| if (r3 == 0x8000) {
0x00001af4 beq 0x1b1c | goto label_17;
| }
| label_3:
0x00001af6 cmp.w r8, 0 |
| if (r8 != 0) {
0x00001afa bne 0x1b5c | goto label_16;
| }
| label_4:
0x00001afc ldr r3, [r5, 0x5c] | r3 = *((r5 + 0x5c));
0x00001afe mov r0, r4 | r0 = r4;
0x00001b00 adds r3, 1 | r3++;
0x00001b02 str r3, [r5, 0x5c] | *((r5 + 0x5c)) = r3;
0x00001b04 blx 0x15ac | r0 = isatty (r0);
0x00001b08 cmp r0, 0 |
| if (r0 != 0) {
0x00001b0a bne 0x1a64 | goto label_1;
| }
| label_11:
0x00001b0c mov r0, sb | r0 = sb;
0x00001b0e blx 0x1340 | fcn_00001340 ();
0x00001b12 mov r0, r4 | r0 = r4;
0x00001b14 blx 0x160c | fcn_0000160c ();
0x00001b16 ldcl p0, c2, [sl, -4]! | __asm ("ldcl p0, c2, [sl, -4]!");
0x00001b1a b 0x19e8 | goto label_2;
| label_17:
0x00001b1c ldr r3, [r5, 0x5c] | r3 = *((r5 + 0x5c));
0x00001b1e mov r0, fp | r0 = fp;
0x00001b20 ldr r1, [sp, 0x10] | r1 = mode;
0x00001b22 ldr r7, [r5, 0x58] | r7 = *((r5 + 0x58));
0x00001b24 str r3, [sp, 0x14] | var_14h = r3;
0x00001b26 blx 0x1330 | fopen (r0, r1);
0x00001b2a ldr r3, [sp, 0x14] | r3 = var_14h;
0x00001b2c str.w r0, [r7, r3, lsl 2] | __asm ("str.w r0, [r7, r3, lsl 2]");
0x00001b30 ldrd r3, r2, [r5, 0x58] | __asm ("ldrd r3, r2, [r5, 0x58]");
0x00001b34 ldr.w r3, [r3, r2, lsl 2] | offset_0 = r2 << 2;
| r3 = *((r3 + offset_0));
0x00001b38 cmp r3, 0 |
| if (r3 != 0) {
0x00001b3a bne 0x1af6 | goto label_3;
| }
0x00001b3c cmp.w r8, 0 |
| if (r8 != 0) {
0x00001b40 beq 0x1b48 |
0x00001b42 mov r0, fp | r0 = fp;
0x00001b44 blx 0x1340 | fcn_00001340 ();
| }
| label_14:
0x00001b48 mov r0, sb | r0 = sb;
0x00001b4a blx 0x1340 | fcn_00001340 ();
0x00001b4e mov r0, r4 | r0 = r4;
0x00001b50 blx 0x160c | fcn_0000160c ();
| label_7:
0x00001b54 blx 0x13f8 | fcn_000013f8 ();
0x00001b58 movs r0, 0 | r0 = 0;
0x00001b5a b 0x19e8 | goto label_2;
| label_16:
0x00001b5c mov r0, fp | r0 = fp;
0x00001b5e blx 0x1340 | fcn_00001340 ();
0x00001b62 b 0x1afc | goto label_4;
| label_15:
0x00001b64 mov r1, sl | r1 = sl;
0x00001b66 mov r0, r7 | r0 = r7;
0x00001b68 blx 0x1464 | r0 = fcn_00001464 ();
0x00001b6c cmp r0, 0 |
| if (r0 != 0) {
0x00001b6e bne 0x1afc | goto label_4;
| }
0x00001b70 mov fp, r7 |
0x00001b72 b 0x1aea | goto label_5;
| label_9:
0x00001b74 ldr r0, [pc, 0x40] |
0x00001b76 mov r6, sb | r6 = sb;
0x00001b78 add r0, pc | r0 = 0x3734;
0x00001b7a blx 0x1470 | fcn_00001470 ();
0x00001b7e ldr r1, [pc, 0x3c] |
0x00001b80 mov r4, r0 | r4 = r0;
0x00001b82 mov r0, sb | r0 = sb;
0x00001b84 add r1, pc | r1 = 0x3746;
0x00001b86 blx 0x130c | strstr (r0, r1);
0x00001b8a movs r3, 0x5f | r3 = 0x5f;
0x00001b8c strb.w r8, [r0, 1] | *((r0 + 1)) = r8;
0x00001b90 strb r3, [r0] | *(r0) = r3;
0x00001b92 b 0x1a44 | goto label_6;
| label_10:
0x00001b94 mov r0, sb | r0 = sb;
0x00001b96 blx 0x1340 | fcn_00001340 ();
0x00001b9a b 0x1b54 | goto label_7;
| label_8:
0x00001b9c blx 0x13b4 | fcn_000013b4 ();
0x00001ba0 adds r4, 0xf6 | r4 += 0xf6;
0x00001ba2 movs r1, r0 | r1 = r0;
0x00001ba4 lsls r4, r3, 4 | r4 = r3 << 4;
0x00001ba6 movs r0, r0 |
0x00001ba8 adds r4, 0xdc | r4 += 0xdc;
0x00001baa movs r1, r0 | r1 = r0;
0x00001bac subs r6, r5, r7 | r6 = r5 - r7;
0x00001bae movs r0, r0 |
0x00001bb0 movs r7, 0x18 | r7 = 0x18;
0x00001bb2 movs r0, r0 |
0x00001bb4 subs r2, r2, r7 | r2 -= r7;
0x00001bb6 movs r0, r0 |
0x00001bb8 subs r4, r5, r2 | r4 = r5 - r2;
0x00001bba movs r0, r0 |
0x00001bbc subs r0, r3, r2 | r0 = r3 - r2;
0x00001bbe movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libstd2parser.so @ 0x2230 */
| #include <stdint.h>
|
; (fcn) sym.yy_scan_string () | void yy_scan_string (int16_t arg1, int16_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00002230 invalid |
0x00002234 mov r4, r0 | r4 = r0;
0x00002236 blx 0x1504 | sprintf_chk ()
0x0000223a mov r2, r5 | r2 = r5;
0x0000223c mov r1, r0 | r1 = r0;
0x0000223e mov r0, r4 | r0 = r4;
0x00002240 pop.w {r3, r4, r5, lr} |
0x00002244 b.w 0x14b0 | return void (*0x14b0)() ();
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/libstd2parser.so @ 0x2e00 */
| #include <stdint.h>
|
; (fcn) sym.yyerror () | void yyerror (int16_t arg3, int16_t arg4) {
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_ch;
| r2 = arg3;
| r3 = arg4;
0x00002e00 push.w {r4, r5, r6, r7, r8, lr} |
0x00002e04 mov r0, r3 | r0 = r3;
0x00002e06 mov r5, r2 | r5 = r2;
0x00002e08 sub sp, 0x10 |
0x00002e0a mov r6, r3 | r6 = r3;
0x00002e0c blx 0x1504 | sprintf_chk ()
0x00002e10 ldr r7, [r5, 0x38] | r7 = *((r5 + 0x38));
0x00002e12 mov r4, r0 | r4 = r0;
| if (r7 == 0) {
0x00002e14 cbz r7, 0x2e70 | goto label_1;
| }
0x00002e16 mov r0, r7 | r0 = r7;
0x00002e18 blx 0x1504 | r0 = sprintf_chk ()
0x00002e1c mov r2, r0 | r2 = r0;
0x00002e1e mov r3, r0 | r3 = r0;
| if (r0 != 0) {
0x00002e20 cbnz r0, 0x2e66 | goto label_2;
| }
0x00002e22 ldr r7, [pc, 0x58] |
0x00002e24 add r7, pc | r7 = 0x5ca6;
0x00002e26 mov r8, r7 | r8 = r7;
| do {
| label_0:
0x00002e28 add.w r0, r4, 0x32 | r0 = r4 + 0x32;
0x00002e2c add r0, r2 | r0 += r2;
0x00002e2e add r0, r3 | r0 += r3;
0x00002e30 adds r0, 1 | r0++;
0x00002e32 blx 0x148c | fcn_0000148c ();
0x00002e36 ldr r3, [pc, 0x48] |
0x00002e38 mov.w r2, -1 | r2 = -1;
0x00002e3c str r0, [r5, 0x34] | *((r5 + 0x34)) = r0;
0x00002e3e str r7, [sp, 0xc] | var_ch = r7;
0x00002e40 ldr r1, [r5, 0x28] | r1 = *((r5 + 0x28));
0x00002e42 add r3, pc | r3 = 0x5cc8;
0x00002e44 str.w r8, [sp, 8] | __asm ("str.w r8, [var_8h]");
0x00002e48 str r6, [sp] | *(sp) = r6;
0x00002e4a str r1, [sp, 4] | var_4h = r1;
0x00002e4c movs r1, 1 | r1 = 1;
0x00002e4e blx 0x1534 | fileno (r0);
0x00002e52 ldr r0, [r5, 0x38] | r0 = *((r5 + 0x38));
0x00002e54 blx 0x1340 | fcn_00001340 ();
0x00002e58 movs r0, 0 | r0 = 0;
0x00002e5a movs r3, 1 | r3 = 1;
0x00002e5c str r0, [r5, 0x38] | *((r5 + 0x38)) = r0;
0x00002e5e str r3, [r5, 0x30] | *((r5 + 0x30)) = r3;
0x00002e60 add sp, 0x10 |
0x00002e62 pop.w {r4, r5, r6, r7, r8, pc} |
| label_2:
0x00002e66 ldr.w r8, [pc, 0x1c] |
0x00002e6a movs r2, 2 | r2 = 2;
0x00002e6c add r8, pc | r8 = 0x5cf6;
0x00002e6e b 0x2e28 |
| } while (1);
| label_1:
0x00002e70 mov r2, r7 | r2 = r7;
0x00002e72 mov r3, r7 | r3 = r7;
0x00002e74 ldr r7, [pc, 0x10] |
0x00002e76 add r7, pc | r7 = 0x5d02;
0x00002e78 mov r8, r7 | r8 = r7;
0x00002e7a b 0x2e28 | goto label_0;
| }
[*] Function sprintf used 8 times libstd2parser.so
