[*] Binary protection state of suexec
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of suexec
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/suexec @ 0x1534 */
| #include <stdint.h>
|
; (fcn) fcn.00001534 () | void fcn_00001534 (int16_t arg_0h, int16_t arg_24ch, int16_t arg_250h, int16_t arg_258h, int16_t arg_ch, int16_t arg_10h, int16_t arg_14h, int16_t arg_18h, int16_t arg_1ch, int16_t arg_20h, int16_t arg_24h, void * arg_28h, int16_t arg_2ch, void * buf, int16_t arg_10e0h) {
| int16_t var_0h;
| int16_t var_4h;
| label_1:
0x00000f88 ldr r3, [sp, 0x18] | r3 = *(arg_18h);
0x00000f8a ldr r2, [sp, 0xc] | r2 = *(arg_ch);
0x00000f8c str.w sb, [r3] | __asm ("str.w sb, [r3]");
0x00000f90 movs r3, 0 | r3 = 0;
0x00000f92 str.w r3, [sb, r2, lsl 2] | __asm ("str.w r3, [sb, r2, lsl 2]");
0x00000f96 blx 0xd98 | r0 = getuid ();
0x00000f9a mov r6, r0 | r6 = r0;
0x00000f9c blx 0xd8c | r0 = getpwuid ();
0x00000fa0 mov r4, r0 | r4 = r0;
0x00000fa2 cmp r0, 0 |
| if (r0 == 0) {
0x00000fa4 beq.w 0x1166 | goto label_9;
| }
0x00000fa8 ldr r3, [sp, 0x14] | r3 = *(arg_14h);
0x00000faa cmp r3, 1 |
| if (r3 <= 1) {
0x00000fac ble 0xfe4 | goto label_10;
| }
0x00000fae ldr r3, [sp, 0x1c] | r3 = *(arg_1ch);
0x00000fb0 ldr.w r1, [pc, 0x4e0] |
0x00000fb4 ldr r5, [r3, 4] | r5 = *((r3 + 4));
0x00000fb6 add r1, pc | r1 = 0x244e;
0x00000fb8 mov r0, r5 | r0 = r5;
0x00000fba blx 0xd5c | r0 = strcmp (r0, r1);
| if (r0 != 0) {
0x00000fbe cbnz r0, 0xfea | goto label_11;
| }
0x00000fc0 cmp r6, 0 |
| if (r6 == 0) {
0x00000fc2 beq.w 0x10e2 | goto label_12;
| }
0x00000fc6 ldr.w r0, [pc, 0x4d0] |
0x00000fca ldr r1, [r4] | r1 = *(r4);
0x00000fcc add r0, pc | r0 = 0x246a;
0x00000fce blx 0xd5c | r0 = strcmp (r0, r1);
0x00000fd2 cmp r0, 0 |
| if (r0 == 0) {
0x00000fd4 beq.w 0x10e2 | goto label_12;
| }
0x00000fd8 ldr r3, [sp, 0x14] | r3 = *(arg_14h);
0x00000fda cmp r3, 3 |
| if (r3 <= 3) {
0x00000fdc ble 0xfe4 | goto label_10;
| }
| label_0:
0x00000fde movs r0, 0x67 | r0 = 0x67;
0x00000fe0 blx 0xe04 | exit (r0);
| do {
| label_10:
0x00000fe4 movs r0, 0x65 | r0 = 0x65;
0x00000fe6 blx 0xe04 | exit (r0);
| label_11:
0x00000fea ldr r3, [sp, 0x14] | r3 = *(arg_14h);
0x00000fec cmp r3, 3 |
0x00000fee ble 0xfe4 |
| } while (r3 <= 3);
0x00000ff0 ldr.w r0, [pc, 0x4a8] |
0x00000ff4 ldr r1, [r4] | r1 = *(r4);
0x00000ff6 add r0, pc | r0 = 0x2496;
0x00000ff8 blx 0xd5c | strcmp (r0, r1);
0x00000ffc ldr r3, [sp, 0x1c] | r3 = *(arg_1ch);
0x00000ffe mov sb, r0 | sb = r0;
0x00001000 ldrd r6, r4, [r3, 8] | __asm ("ldrd r6, r4, [r3, 8]");
0x00001004 cmp r0, 0 |
| if (r0 != 0) {
0x00001006 bne 0xfde | goto label_0;
| }
0x00001008 ldrb r3, [r4] | r3 = *(r4);
0x0000100a cmp r3, 0x2f |
| if (r3 == 0x2f) {
0x0000100c beq 0x101e | goto label_13;
| }
0x0000100e ldr.w r1, [pc, 0x490] |
0x00001012 movs r2, 3 | r2 = 3;
0x00001014 mov r0, r4 | r0 = r4;
0x00001016 add r1, pc | r1 = 0x24bc;
0x00001018 blx 0xe4c | r0 = strncmp (r0, r1, r2);
0x0000101c cbnz r0, 0x1024 |
| while (r0 != 0) {
| label_13:
0x0000101e movs r0, 0x68 | r0 = 0x68;
0x00001020 blx 0xe04 | exit (r0);
0x00001024 ldr.w r1, [pc, 0x47c] |
0x00001028 mov r0, r4 | r0 = r4;
0x0000102a add r1, pc | r1 = 0x24d2;
0x0000102c blx 0xd38 | r0 = strstr (r0, r1);
0x00001030 cmp r0, 0 |
0x00001032 bne 0x101e |
| }
0x00001034 ldrb r3, [r5] | r3 = *(r5);
0x00001036 ldr.w r1, [pc, 0x470] |
0x0000103a cmp r3, 0x7e |
0x0000103c itt eq |
| if (r3 != 0x7e) {
0x0000103e addeq r5, 1 | r5++;
| }
| if (r3 != 0x7e) {
0x00001040 moveq r3, 1 | r3 = 1;
| }
0x00001042 add r1, pc | r1 = 0x24f0;
0x00001044 mov r0, r5 | r0 = r5;
0x00001046 ite eq |
| if (r3 != 0x7e) {
0x00001048 streq r3, [sp, 0x10] | *(arg_10h) = r3;
| }
| if (r3 == 0x7e) {
0x0000104a strne sb, [sp, 0x10] | *(arg_10h) = sb;
| }
0x0000104e blx 0xe94 | r0 = strspn (r0, r1);
0x00001052 mov r7, r0 | r7 = r0;
0x00001054 mov r0, r5 | r0 = r5;
0x00001056 blx 0xe10 | r0 = strlen (r0);
0x0000105a cmp r7, r0 |
0x0000105c mov r0, r5 | r0 = r5;
| if (r7 == r0) {
0x0000105e beq.w 0x1172 | goto label_14;
| }
0x00001062 blx 0xd44 | r0 = getpwnam ();
0x00001066 mov r5, r0 | r5 = r0;
0x00001068 cmp r0, 0 |
| if (r0 == 0) {
0x0000106a beq.w 0x11bc | goto label_15;
| }
| do {
0x0000106e ldr.w r1, [pc, 0x43c] |
0x00001072 mov r0, r6 | r0 = r6;
0x00001074 add r1, pc | r1 = 0x2526;
0x00001076 blx 0xe94 | strspn (r0, r1);
| label_8:
0x00001078 vmax.s8 d4, d14, d7 | __asm ("vmax.s8 d4, d14, d7");
0x0000107c mov r0, r6 | r0 = r6;
0x0000107e blx 0xe10 | r0 = strlen (r0);
0x00001082 cmp r7, r0 |
0x00001084 mov r0, r6 | r0 = r6;
| if (r7 == r0) {
0x00001086 beq.w 0x11a2 | goto label_16;
| }
0x0000108a blx 0xe7c | r0 = getgrnam ();
0x0000108e mov r3, r0 | r3 = r0;
0x00001090 cmp r0, 0 |
| if (r0 == 0) {
0x00001092 beq.w 0x11b6 | goto label_17;
| }
| label_2:
0x00001096 ldr r0, [r3] | r0 = *(r3);
0x00001098 ldr r7, [r3, 8] | r7 = *((r3 + 8));
0x0000109a blx 0xda4 | r0 = strdup (r0);
0x0000109e cmp r0, 0 |
| if (r0 == 0) {
0x000010a0 beq.w 0x11c2 | goto label_18;
| }
0x000010a4 ldr r3, [r5, 8] | r3 = *((r5 + 8));
0x000010a6 ldr r0, [r5] | r0 = *(r5);
0x000010a8 str r3, [sp, 0xc] | *(arg_ch) = r3;
0x000010aa blx 0xda4 | r0 = strdup (r0);
0x000010ae mov r6, r0 | r6 = r0;
0x000010b0 ldr r0, [r5, 0x14] | r0 = *((r5 + 0x14));
0x000010b2 blx 0xda4 | strdup (r0);
0x000010b6 str r0, [sp, 0x18] | *(arg_18h) = r0;
0x000010b8 cmp r6, 0 |
| if (r6 == 0) {
0x000010ba beq.w 0x11d4 | goto label_19;
| }
0x000010be clz r8, r0 | r8 &= r0;
0x000010c2 lsr.w r8, r8, 5 | r8 >>= 5;
0x000010c6 cmp r0, 0 |
| if (r0 == 0) {
0x000010c8 beq.w 0x11d4 | goto label_19;
| }
0x000010cc ldr r3, [sp, 0xc] | r3 = *(arg_ch);
0x000010ce subs r3, 0x97 | r3 -= 0x97;
0x000010d0 cmp r3, 0xf |
| if (r3 > 0xf) {
0x000010d2 bhi 0x119c | goto label_20;
| }
0x000010d4 sub.w r3, r7, 0x65 | r3 = r7 - 0x65;
0x000010d8 cmp r3, 4 |
| if (r3 < 4) {
0x000010da bls 0x118c | goto label_21;
| }
0x000010dc movs r0, 0x6c | r0 = 0x6c;
0x000010de blx 0xe04 | exit (r0);
| label_12:
0x000010e2 ldr r0, [pc, 0x3cc] | r0 = *(0x14b2);
0x000010e4 movs r1, 1 | r1 = 1;
0x000010e6 ldr r4, [sp, 0x24] | r4 = *(arg_24h);
0x000010e8 ldr r3, [pc, 0x3c8] |
0x000010ea ldr r2, [pc, 0x3cc] |
0x000010ec ldr r4, [r4, r0] | r4 = *((r4 + r0));
0x000010ee add r3, pc | r3 = 0x25a6;
0x000010f0 add r2, pc | r2 = 0x25ae;
0x000010f2 ldr r0, [r4] | r0 = *(r4);
0x000010f4 blx 0xe34 | fprintf_chk ()
0x000010f8 ldr r2, [pc, 0x3c0] |
0x000010fa movs r3, 0x65 | r3 = 0x65;
0x000010fc movs r1, 1 | r1 = 1;
0x000010fe ldr r0, [r4] | r0 = *(r4);
0x00001100 add r2, pc | r2 = 0x25c0;
0x00001102 blx 0xe34 | fprintf_chk ()
0x00001106 ldr r3, [pc, 0x3b8] |
0x00001108 movs r1, 1 | r1 = 1;
0x0000110a ldr r2, [pc, 0x3b8] |
0x0000110c ldr r0, [r4] | r0 = *(r4);
0x0000110e add r3, pc | r3 = 0x25d4;
0x00001110 add r2, pc | r2 = 0x25da;
0x00001112 blx 0xe34 | fprintf_chk ()
0x00001116 ldr r3, [pc, 0x3b0] |
0x00001118 movs r1, 1 | r1 = 1;
0x0000111a ldr r2, [pc, 0x3b0] |
0x0000111c ldr r0, [r4] | r0 = *(r4);
0x0000111e add r3, pc | r3 = 0x25ec;
0x00001120 add r2, pc | r2 = 0x25f2;
0x00001122 blx 0xe34 | fprintf_chk ()
0x00001126 ldr r2, [pc, 0x3a8] |
0x00001128 movs r3, 0x97 | r3 = 0x97;
0x0000112a movs r1, 1 | r1 = 1;
0x0000112c ldr r0, [r4] | r0 = *(r4);
0x0000112e add r2, pc | r2 = 0x2604;
0x00001130 blx 0xe34 | fprintf_chk ()
0x00001134 ldr r3, [pc, 0x39c] |
0x00001136 movs r1, 1 | r1 = 1;
0x00001138 ldr r2, [pc, 0x39c] |
0x0000113a ldr r0, [r4] | r0 = *(r4);
0x0000113c add r3, pc | r3 = 0x2614;
0x0000113e add r2, pc | r2 = 0x261a;
0x00001140 blx 0xe34 | fprintf_chk ()
0x00001144 ldr r2, [pc, 0x394] |
0x00001146 movs r3, 0xa6 | r3 = 0xa6;
0x00001148 movs r1, 1 | r1 = 1;
0x0000114a ldr r0, [r4] | r0 = *(r4);
0x0000114c add r2, pc | r2 = 0x262c;
0x0000114e blx 0xe34 | fprintf_chk ()
0x00001152 ldr r2, [pc, 0x38c] |
0x00001154 movs r3, 0x69 | r3 = 0x69;
0x00001156 ldr r0, [r4] | r0 = *(r4);
0x00001158 movs r1, 1 | r1 = 1;
0x0000115a add r2, pc | r2 = 0x2640;
0x0000115c blx 0xe34 | fprintf_chk ()
0x00001160 movs r0, 0 | r0 = 0;
0x00001162 blx 0xe04 | exit (r0);
| label_9:
0x00001166 movs r0, 0x66 | r0 = 0x66;
0x00001168 blx 0xe04 | exit (r0);
0x0000116c movs r3, 1 | r3 = 1;
0x0000116e str r3, [sp, 0xc] | *(arg_ch) = r3;
0x00001170 b 0xf88 | goto label_1;
| label_14:
0x00001172 movs r2, 0xa | r2 = 0xa;
0x00001174 movs r1, 0 | r1 = 0;
0x00001176 blx 0xd74 | r0 = strtol (r0, r1, r2);
0x0000117a blx 0xd8c | r0 = getpwuid ();
0x0000117e mov r5, r0 | r5 = r0;
0x00001180 cmp r0, 0 |
0x00001182 bne.w 0x106e |
| } while (r0 != 0);
| label_5:
0x00001186 movs r0, 0x79 | r0 = 0x79;
0x00001188 blx 0xe04 | exit (r0);
| label_21:
0x0000118c mov r0, r4 | r0 = r4;
0x0000118e blx 0xd80 | r0 = basename (r0);
0x00001192 cmp r4, r0 |
| if (r4 == r0) {
0x00001194 beq 0x11da | goto label_22;
| }
0x00001196 movs r0, 0x7f | r0 = 0x7f;
0x00001198 blx 0xe04 | exit (r0);
| label_20:
0x0000119c movs r0, 0x6b | r0 = 0x6b;
0x0000119e blx 0xe04 | exit (r0);
| label_16:
0x000011a2 movs r2, 0xa | r2 = 0xa;
0x000011a4 movs r1, 0 | r1 = 0;
0x000011a6 blx 0xd74 | r0 = strtol (r0, r1, r2);
0x000011aa blx 0xe70 | r0 = getgrgid ();
0x000011ae mov r3, r0 | r3 = r0;
0x000011b0 cmp r0, 0 |
| if (r0 != 0) {
0x000011b2 bne.w 0x1096 | goto label_2;
| }
| label_17:
0x000011b6 movs r0, 0x6a | r0 = 0x6a;
0x000011b8 blx 0xe04 | exit (r0);
| label_15:
0x000011bc movs r0, 0x69 | r0 = 0x69;
0x000011be blx 0xe04 | exit (r0);
| label_18:
0x000011c2 movs r0, 0x7d | r0 = 0x7d;
0x000011c4 blx 0xe04 | exit (r0);
0x000011c8 movs r0, 0x7b | r0 = 0x7b;
0x000011ca blx 0xe04 | exit (r0);
0x000011ce movs r0, 0x7c | r0 = 0x7c;
0x000011d0 blx 0xe04 | exit (r0);
| label_19:
0x000011d4 movs r0, 0x7e | r0 = 0x7e;
0x000011d6 blx 0xe04 | exit (r0);
| label_22:
0x000011da ldr r3, [sp, 0x20] | r3 = *(arg_20h);
0x000011dc mov.w r1, 0x1000 | r1 = 0x1000;
0x000011e0 subs r5, r3, 4 | r5 = r3 - 4;
0x000011e2 mov r0, r5 | r0 = r5;
0x000011e4 blx 0xdf8 | r0 = getcwd ();
0x000011e8 cmp r0, 0 |
| if (r0 == 0) {
0x000011ea beq 0x126e | goto label_23;
| }
0x000011ec ldr.w sl, [pc, 0x2f4] | sl = *(0x000014e4);
0x000011f0 add sl, pc | sl += pc;
0x000011f2 add.w sl, sl, 0x1a0 | sl += 0x1a0;
0x000011f6 b 0x121c |
| while (fp != 0) {
0x000011f8 mov r0, fp | r0 = fp;
0x000011fa blx 0xd80 | r0 = basename (r0);
0x000011fe mov r1, r0 | r1 = r0;
0x00001200 mov r0, r4 | r0 = r4;
0x00001202 blx 0xd5c | r0 = strcmp (r0, r1);
| if (r0 == 0) {
0x00001206 cbnz r0, 0x1214 |
0x00001208 ldr.w r1, [sl] | r1 = *(sl);
0x0000120c mov r0, r5 | r0 = r5;
0x0000120e blx 0xd5c | r0 = strcmp (r0, r1);
| if (r0 == 0) {
0x00001212 cbz r0, 0x1274 | goto label_24;
| }
| }
0x00001214 add.w r8, r8, 1 | r8++;
0x00001218 add.w sl, sl, 0x18 | sl += 0x18;
0x0000121c ldr.w fp, [sl, 4] | fp = *((sl + 4));
0x00001220 cmp.w fp, 0 |
0x00001224 bne 0x11f8 |
| }
0x00001226 mov r1, fp | r1 = fp;
0x00001228 mov r0, r4 | r0 = r4;
0x0000122a blx 0xe64 | r0 = realpath ();
0x0000122e mov sl, r0 | sl = r0;
0x00001230 cmp r0, 0 |
| if (r0 == 0) {
0x00001232 beq 0x12f2 | goto label_25;
| }
0x00001234 ldr r3, [pc, 0x2b0] |
0x00001236 mov r8, fp | r8 = fp;
0x00001238 str r5, [sp, 0x14] | *(arg_14h) = r5;
0x0000123a movs r2, 0x14 | r2 = 0x14;
0x0000123c add r3, pc | r3 = 0x2728;
0x0000123e add.w r1, r3, 0x248 | r1 = r3 + 0x248;
0x00001242 mov r5, r3 | r5 = r3;
0x00001244 str r1, [sp, 0x24] | *(arg_24h) = r1;
0x00001246 b 0x125c |
| while (r1 != 0) {
0x00001248 mov r0, sl | r0 = sl;
0x0000124a str r1, [sp, 0x2c] | *(arg_2ch) = r1;
0x0000124c blx 0xd5c | strcmp (r0, r1);
0x00001250 ldr r1, [sp, 0x2c] | r1 = *(arg_2ch);
0x00001252 movs r2, 0x14 | r2 = 0x14;
0x00001254 cmp r0, 0 |
| if (r0 == 0) {
0x00001256 beq 0x12f8 | goto label_26;
| }
0x00001258 add.w r8, r8, 1 | r8++;
0x0000125c mul fp, r2, r8 |
0x00001260 ldr r3, [sp, 0x24] | r3 = *(arg_24h);
0x00001262 ldr.w r1, [fp, r3] | r1 = *((fp + r3));
0x00001266 cmp r1, 0 |
0x00001268 bne 0x1248 |
| }
0x0000126a ldr r5, [sp, 0x14] | r5 = *(arg_14h);
0x0000126c b 0x12d0 | goto label_27;
| label_23:
0x0000126e movs r0, 0x6f | r0 = 0x6f;
0x00001270 blx 0xe04 | exit (r0);
| label_24:
0x00001274 movs r1, 0x10 | r1 = 0x10;
0x00001276 movs r0, 1 | r0 = 1;
0x00001278 blx 0xd2c | calloc (r0, r1);
0x0000127c movs r1, 0x10 | r1 = 0x10;
0x0000127e mov r6, r0 | r6 = r0;
0x00001280 movs r0, 1 | r0 = 1;
0x00001282 mov r4, fp | r4 = fp;
0x00001284 blx 0xd2c | r0 = calloc (r0, r1);
0x00001288 mov r7, r0 | r7 = r0;
0x0000128a mov r0, r6 | r0 = r6;
0x0000128c ldr r6, [pc, 0x25c] |
0x0000128e movs r3, 0x18 | r3 = 0x18;
0x00001290 mov.w sb, 1 | sb = 1;
0x00001294 add r6, pc |
0x00001296 mla r6, r3, r8, r6 | __asm ("mla r6, r3, r8, r6");
0x0000129a ldr.w r8, [pc, 0x254] |
0x0000129e movs r3, 0x10 | r3 = 0x10;
0x000012a0 add r8, pc | r8 = 0x2796;
0x000012a2 mov r1, r3 | r1 = r3;
0x000012a4 ldr.w r2, [r6, 0x1ac] | r2 = *(0x2930);
0x000012a8 str.w r8, [sp] | __asm ("str.w r8, [sp]");
0x000012ac str r2, [sp, 4] | var_4h = r2;
0x000012ae str r2, [sp, 0xc] | *(arg_ch) = r2;
0x000012b0 movs r2, 1 | r2 = 1;
0x000012b2 blx 0xe88 | snprintf_chk ();
0x000012b6 mov r0, r7 | r0 = r7;
0x000012b8 ldr.w r7, [r6, 0x1b4] | r7 = *(0x2938);
0x000012bc movs r3, 0x10 | r3 = 0x10;
0x000012be movs r2, 1 | r2 = 1;
0x000012c0 mov r1, r3 | r1 = r3;
0x000012c2 str.w r8, [sp] | __asm ("str.w r8, [sp]");
0x000012c6 str r7, [sp, 4] | var_4h = r7;
0x000012c8 blx 0xe88 | snprintf_chk ();
0x000012cc ldr.w r6, [r6, 0x1a8] | r6 = *(0x292c);
| do {
| label_27:
0x000012d0 mov r0, r7 | r0 = r7;
0x000012d2 blx 0xdd4 | r0 = setgid ();
| if (r0 == 0) {
0x000012d6 cbnz r0, 0x12e2 |
0x000012d8 mov r1, r7 | r1 = r7;
0x000012da mov r0, r6 | r0 = r6;
0x000012dc blx 0xdb0 | r0 = initgroups ();
| if (r0 == 0) {
0x000012e0 cbz r0, 0x134a | goto label_28;
| }
| }
0x000012e2 blx 0xe28 | r0 = errno_location ();
0x000012e6 ldr r0, [r0] | r0 = *(r0);
0x000012e8 blx 0xde0 | strerror (r0);
0x000012ec movs r0, 0x6d | r0 = 0x6d;
0x000012ee blx 0xe04 | exit (r0);
| label_25:
0x000012f2 movs r0, 0x80 | r0 = 0x80;
0x000012f4 blx 0xe04 | exit (r0);
| label_26:
0x000012f8 mov r3, r5 | r3 = r5;
0x000012fa mov sb, r0 | sb = r0;
0x000012fc mov r4, r1 | r4 = r1;
0x000012fe movs r0, 1 | r0 = 1;
0x00001300 movs r1, 0x10 | r1 = 0x10;
0x00001302 add fp, r3 |
0x00001304 ldr r5, [sp, 0x14] | r5 = *(arg_14h);
0x00001306 blx 0xd2c | calloc (r0, r1);
0x0000130a movs r1, 0x10 | r1 = 0x10;
0x0000130c mov r8, r0 | r8 = r0;
0x0000130e movs r0, 1 | r0 = 1;
0x00001310 ldr r6, [pc, 0x1e0] |
0x00001312 blx 0xd2c | calloc (r0, r1);
0x00001316 ldr.w r3, [fp, 0x250] | r3 = *(arg_250h);
0x0000131a mov r7, r0 | r7 = r0;
0x0000131c add r6, pc | r6 = 0x2814;
0x0000131e movs r2, 1 | r2 = 1;
0x00001320 str r6, [sp] | *(sp) = r6;
0x00001322 mov r0, r8 | r0 = r8;
0x00001324 str r3, [sp, 4] | var_4h = r3;
0x00001326 str r3, [sp, 0xc] | *(arg_ch) = r3;
0x00001328 movs r3, 0x10 | r3 = 0x10;
0x0000132a mov r1, r3 | r1 = r3;
0x0000132c blx 0xe88 | snprintf_chk ();
0x00001330 mov r0, r7 | r0 = r7;
0x00001332 ldr.w r7, [fp, 0x258] | r7 = *(arg_258h);
0x00001336 movs r3, 0x10 | r3 = 0x10;
0x00001338 str r6, [sp] | *(sp) = r6;
0x0000133a movs r2, 1 | r2 = 1;
0x0000133c mov r1, r3 | r1 = r3;
0x0000133e str r7, [sp, 4] | var_4h = r7;
0x00001340 blx 0xe88 | snprintf_chk ();
0x00001344 ldr.w r6, [fp, 0x24c] | r6 = *(arg_24ch);
0x00001348 b 0x12d0 |
| } while (1);
| label_28:
0x0000134a ldr r0, [sp, 0xc] | r0 = *(arg_ch);
0x0000134c blx 0xe40 | r0 = setuid ();
| if (r0 != 0) {
0x00001350 cbnz r0, 0x13ac | goto label_29;
| }
0x00001352 ldr r3, [sp, 0x10] | r3 = *(arg_10h);
| if (r3 == 0) {
0x00001354 cbz r3, 0x136e | goto label_30;
| }
0x00001356 ldr r0, [sp, 0x18] | r0 = *(arg_18h);
0x00001358 blx 0xdbc | r0 = chdir ();
| if (r0 != 0) {
0x0000135c cbnz r0, 0x1368 | goto label_3;
| }
0x0000135e ldr r0, [pc, 0x198] |
0x00001360 add r0, pc | r0 = 0x285e;
0x00001362 blx 0xdbc | r0 = chdir ();
0x00001366 cbz r0, 0x13bc |
| while (r0 == 0) {
| label_3:
0x00001368 movs r0, 0x70 | r0 = 0x70;
0x0000136a blx 0xe04 | exit (r0);
| label_30:
0x0000136e ldr r0, [pc, 0x18c] |
0x00001370 add r0, pc | r0 = 0x2872;
0x00001372 blx 0xdbc | r0 = chdir ();
0x00001376 cmp r0, 0 |
| if (r0 != 0) {
0x00001378 bne 0x13fc | goto label_31;
| }
0x0000137a add.w r6, sp, 0x10e0 | r6 += arg_10e0h;
0x0000137e mov.w r1, 0x1000 | r1 = 0x1000;
0x00001382 adds r6, 4 | r6 += 4;
0x00001384 mov r0, r6 | r0 = r6;
0x00001386 blx 0xdf8 | r0 = getcwd ();
| if (r0 == 0) {
0x0000138a cbz r0, 0x13fc | goto label_31;
| }
0x0000138c mov r0, r5 | r0 = r5;
0x0000138e blx 0xdbc | r0 = chdir ();
| if (r0 != 0) {
0x00001392 cbnz r0, 0x13fc | goto label_31;
| }
| label_4:
0x00001394 mov r0, r6 | r0 = r6;
0x00001396 blx 0xe10 | strlen (r0);
0x0000139a mov r1, r6 | r1 = r6;
0x0000139c mov r2, r0 | r2 = r0;
0x0000139e mov r0, r5 | r0 = r5;
0x000013a0 blx 0xe4c | r0 = strncmp (r0, r1, r2);
| if (r0 == 0) {
0x000013a4 cbz r0, 0x13dc | goto label_32;
| }
0x000013a6 movs r0, 0x72 | r0 = 0x72;
0x000013a8 blx 0xe04 | r0 = exit (r0);
| label_29:
0x000013ac blx 0xe28 | r0 = errno_location ();
0x000013b0 ldr r0, [r0] | r0 = *(r0);
0x000013b2 blx 0xde0 | strerror (r0);
0x000013b6 movs r0, 0x6e | r0 = 0x6e;
0x000013b8 blx 0xe04 | exit (r0);
0x000013bc add.w r6, sp, 0x10e0 | r6 += arg_10e0h;
0x000013c0 mov.w r1, 0x1000 | r1 = 0x1000;
0x000013c4 adds r6, 4 | r6 += 4;
0x000013c6 mov r0, r6 | r0 = r6;
0x000013c8 blx 0xdf8 | r0 = getcwd ();
0x000013cc cmp r0, 0 |
0x000013ce beq 0x1368 |
| }
0x000013d0 mov r0, r5 | r0 = r5;
0x000013d2 blx 0xdbc | r0 = chdir ();
0x000013d6 cmp r0, 0 |
| if (r0 != 0) {
0x000013d8 bne 0x1368 | goto label_3;
| }
0x000013da b 0x1394 | goto label_4;
| label_32:
0x000013dc mov r0, r5 | r0 = r5;
0x000013de add r1, sp, 0x30 | r1 += buf;
0x000013e0 blx 0xdc8 | r0 = lstat (r0, r1);
| if (r0 == 0) {
0x000013e4 cbnz r0, 0x13f6 |
0x000013e6 ldr r3, [sp, 0x20] | r3 = *(arg_20h);
0x000013e8 ldr r3, [r3, -0xa8] | r3 = *((r3 - 0xa8));
0x000013ec and r2, r3, 0xf000 | r2 = r3 & 0xf000;
0x000013f0 cmp.w r2, 0x4000 |
| if (r2 == 0x4000) {
0x000013f4 beq 0x1402 | goto label_33;
| }
| }
0x000013f6 movs r0, 0x73 | r0 = 0x73;
0x000013f8 blx 0xe04 | exit (r0);
| label_31:
0x000013fc movs r0, 0x71 | r0 = 0x71;
0x000013fe blx 0xe04 | exit (r0);
| label_33:
0x00001402 tst.w r3, 0x12 |
| if ((r3 & 0x12) != 0) {
0x00001406 beq 0x140e |
0x00001408 movs r0, 0x74 | r0 = 0x74;
0x0000140a blx 0xe04 | exit (r0);
| }
0x0000140e ldr r1, [sp, 0x28] | r1 = *(arg_28h);
0x00001410 mov r0, r4 | r0 = r4;
0x00001412 blx 0xdc8 | r0 = lstat (r0, r1);
| if (r0 != 0) {
0x00001416 cbnz r0, 0x145a | goto label_34;
| }
0x00001418 ldr r3, [sp, 0x20] | r3 = *(arg_20h);
0x0000141a ldr r3, [r3, -0x50] | r3 = *((r3 - 0x50));
0x0000141e and r2, r3, 0xf000 | r2 = r3 & 0xf000;
0x00001422 cmp.w sb, 0 |
| if (sb != 0) {
0x00001426 bne 0x146c | goto label_35;
| }
0x00001428 cmp.w r2, 0xa000 |
| if (r2 == 0xa000) {
0x0000142c beq 0x145a | goto label_34;
| }
| label_7:
0x0000142e tst.w r3, 0x12 |
| if ((r3 & 0x12) != 0) {
0x00001432 bne 0x1466 | goto label_36;
| }
| label_6:
0x00001434 tst.w r3, 0xc00 |
| if ((r3 & 0xc00) != 0) {
0x00001438 bne 0x1460 | goto label_37;
| }
0x0000143a lsls r3, r3, 0x19 | r3 <<= 0x19;
| if (r3 >= r3) {
0x0000143c bpl.w 0x1186 | goto label_5;
| }
0x00001440 ldr r1, [sp, 0x1c] | r1 = *(arg_1ch);
0x00001442 mov r0, r4 | r0 = r4;
0x00001444 adds r1, 0xc | r1 += 0xc;
0x00001446 blx 0xe1c | execv ();
0x0000144a blx 0xe28 | r0 = errno_location ();
0x0000144e ldr r0, [r0] | r0 = *(r0);
0x00001450 blx 0xde0 | strerror (r0);
0x00001454 movs r0, 0xff | r0 = 0xff;
0x00001456 blx 0xe04 | exit (r0);
| label_34:
0x0000145a movs r0, 0x75 | r0 = 0x75;
0x0000145c blx 0xe04 | exit (r0);
| label_37:
0x00001460 movs r0, 0x77 | r0 = 0x77;
0x00001462 blx 0xe04 | exit (r0);
| label_36:
0x00001466 movs r0, 0x76 | r0 = 0x76;
0x00001468 blx 0xe04 | exit (r0);
| label_35:
0x0000146c cmp.w r2, 0xa000 |
| if (r2 == 0xa000) {
0x00001470 beq 0x1434 | goto label_6;
| }
0x00001472 b 0x142e | goto label_7;
0x00001534 adds r0, 0x14 | r0 += 0x14;
0x00001536 b 0x1078 | goto label_8;
| }
[*] Function fprintf used 9 times suexec
