[*] Binary protection state of liba7x_utils.so
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function printf tear down of liba7x_utils.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/liba7x_utils.so @ 0xb94 */
| #include <stdint.h>
|
; (fcn) sym.app_boot_Connect () | void app_boot_Connect (int16_t arg1) {
| int16_t var_2h;
| int16_t var_4h;
| int16_t var_1h;
| void * s;
| int16_t var_44h;
| r0 = arg1;
0x00000b94 mvnsmi lr, sp, lsr 18 | __asm ("mvnsmi lr, sp, lsr 18");
0x00000b98 movs r4, 0 | r4 = 0;
0x00000b9a ldr r5, [pc, 0x134] |
0x00000b9c sub sp, 0x48 |
0x00000b9e mov r7, r0 | r7 = r0;
0x00000ba0 movs r2, 0x3c | r2 = 0x3c;
0x00000ba2 ldr r3, [pc, 0x130] | r3 = *(0xcd6);
0x00000ba4 mov r1, r4 | r1 = r4;
0x00000ba6 add r5, pc | r5 = 0x187c;
0x00000ba8 add r0, sp, 8 | r0 += s;
0x00000baa ldr r3, [r5, r3] |
0x00000bac add r5, sp, 4 | r5 += var_4h;
0x00000bae ldr r3, [r3] | r3 = *(0x187c);
0x00000bb0 str r3, [sp, 0x44] | var_44h = r3;
0x00000bb2 mov.w r3, 0 | r3 = 0;
0x00000bb6 str r4, [sp, 4] | var_4h = r4;
0x00000bb8 blx 0x82c | memset (r0, r1, r2);
0x00000bbc movs r2, 0x40 | r2 = 0x40;
0x00000bbe add.w r3, sp, 2 | r3 += var_2h;
0x00000bc2 strh.w r2, [sp, 2] | var_2h = r2;
0x00000bc6 mov r1, r7 | r1 = r7;
0x00000bc8 mov r2, r5 | r2 = r5;
0x00000bca mov r0, r4 | r0 = r4;
0x00000bcc blx 0x8ac | fcn_000008ac ();
0x00000bd0 ldrh.w r3, [sp, 2] | r3 = var_2h;
0x00000bd4 mov r6, r0 | r6 = r0;
| if (r3 == 0) {
0x00000bd6 cbz r3, 0xbfa | goto label_1;
| }
0x00000bd8 ldr.w r8, [pc, 0xfc] |
0x00000bdc add r8, pc | r8 = 0x18b8;
| do {
0x00000bde movs r0, 1 | r0 = 1;
0x00000be0 ldrb r2, [r5], 1 | r2 = *(r5);
| r5++;
0x00000be4 mov r1, r8 | r1 = r8;
0x00000be6 add r4, r0 | r4 += r0;
0x00000be8 blx 0x850 | printf_chk ()
0x00000bec ldrh.w r3, [sp, 2] | r3 = var_2h;
0x00000bf0 cmp r4, r3 |
0x00000bf2 blt 0xbde |
| } while (r4 < r3);
0x00000bf4 movs r0, 0xa | r0 = 0xa;
0x00000bf6 blx 0x844 | putchar (r0);
| label_1:
0x00000bfa add.w r3, r6, 0x8f00 | r3 = r6 + 0x8f00;
0x00000bfe adds r3, 0xff | r3 += 0xff;
0x00000c00 uxth r3, r3 | r3 = (int16_t) r3;
0x00000c02 cmp r3, 1 |
| if (r3 < 1) {
0x00000c04 bls 0xc8e | goto label_2;
| }
0x00000c06 movw r3, 0x7012 | r3 = 0x7012;
0x00000c0a cmp r6, r3 |
| if (r6 == r3) {
0x00000c0c beq 0xc9e | goto label_3;
| }
0x00000c0e movw r3, 0x7013 | r3 = 0x7013;
0x00000c12 cmp r6, r3 |
| if (r6 == r3) {
0x00000c14 beq 0xcae | goto label_4;
| }
0x00000c16 cmp.w r6, 0x8000 |
| if (r6 == 0x8000) {
0x00000c1a beq 0xcbe | goto label_5;
| }
0x00000c1c cmp.w r6, 0x9000 |
| if (r6 == 0x9000) {
0x00000c20 beq 0xc36 | goto label_6;
| }
0x00000c22 cbz r6, 0xc36 |
| while (1) {
| label_0:
0x00000c24 ldr r0, [pc, 0xb4] |
0x00000c26 add r0, pc | r0 = 0x1906;
0x00000c28 blx 0x808 | puts (r0);
0x00000c2c ldr r0, [pc, 0xb0] |
0x00000c2e add r0, pc | r0 = 0x1912;
0x00000c30 blx 0x808 | puts (r0);
0x00000c34 b 0xc72 | goto label_7;
| label_6:
0x00000c36 ldr r1, [pc, 0xac] |
0x00000c38 movs r0, 1 | r0 = 1;
0x00000c3a movs r6, 0 | r6 = 0;
0x00000c3c add r1, pc | r1 = 0x1926;
0x00000c3e blx 0x850 | printf_chk ()
0x00000c42 ldr r0, [pc, 0xa4] |
0x00000c44 add r0, pc | r0 = 0x1932;
0x00000c46 blx 0x808 | puts (r0);
0x00000c4a ldr r1, [pc, 0xa0] |
0x00000c4c movs r0, 1 | r0 = 1;
0x00000c4e ldr r2, [r7, 8] | r2 = *((r7 + 8));
0x00000c50 add r1, pc | r1 = 0x1942;
0x00000c52 blx 0x850 | printf_chk ()
0x00000c56 ldr r1, [pc, 0x98] |
0x00000c58 movs r0, 1 | r0 = 1;
0x00000c5a ldrh r2, [r7, 0xc] | r2 = *((r7 + 0xc));
0x00000c5c add r1, pc | r1 = 0x1952;
0x00000c5e blx 0x850 | printf_chk ()
0x00000c62 ldr r0, [pc, 0x90] |
0x00000c64 add r0, pc | r0 = 0x195e;
0x00000c66 blx 0x808 | puts (r0);
0x00000c6a ldr r0, [pc, 0x8c] |
0x00000c6c add r0, pc | r0 = 0x196a;
0x00000c6e blx 0x808 | puts (r0);
| label_7:
0x00000c72 ldr r2, [pc, 0x88] |
0x00000c74 ldr r3, [pc, 0x5c] | r3 = *(0xcd4);
0x00000c76 add r2, pc | r2 = 0x1978;
0x00000c78 ldr r3, [r2, r3] | r3 = *(0x1978);
0x00000c7a ldr r2, [r3] | r2 = *(0x1978);
0x00000c7c ldr r3, [sp, 0x44] | r3 = var_44h;
0x00000c7e eors r2, r3 | r2 ^= r3;
0x00000c80 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00000c84 bne 0xcca | goto label_8;
| }
0x00000c86 mov r0, r6 | r0 = r6;
0x00000c88 add sp, 0x48 |
0x00000c8a pop.w {r4, r5, r6, r7, r8, pc} |
| label_2:
0x00000c8e ldr r1, [pc, 0x70] |
0x00000c90 mov r2, r6 | r2 = r6;
0x00000c92 movs r0, 1 | r0 = 1;
0x00000c94 movs r6, 2 | r6 = 2;
0x00000c96 add r1, pc | r1 = 0x199c;
0x00000c98 blx 0x850 | printf_chk ()
0x00000c9c b 0xc24 |
| }
| label_3:
0x00000c9e ldr r1, [pc, 0x64] |
0x00000ca0 mov r2, r6 | r2 = r6;
0x00000ca2 movs r0, 1 | r0 = 1;
0x00000ca4 movs r6, 4 | r6 = 4;
0x00000ca6 add r1, pc | r1 = 0x19b0;
0x00000ca8 blx 0x850 | printf_chk ()
0x00000cac b 0xc24 | goto label_0;
| label_4:
0x00000cae ldr r1, [pc, 0x58] |
0x00000cb0 mov r2, r6 | r2 = r6;
0x00000cb2 movs r0, 1 | r0 = 1;
0x00000cb4 movs r6, 5 | r6 = 5;
0x00000cb6 add r1, pc | r1 = 0x19c4;
0x00000cb8 blx 0x850 | printf_chk ()
0x00000cbc b 0xc24 | goto label_0;
| label_5:
0x00000cbe ldr r0, [pc, 0x4c] |
0x00000cc0 movs r6, 3 | r6 = 3;
0x00000cc2 add r0, pc | r0 = 0x19d4;
0x00000cc4 blx 0x808 | puts (r0);
0x00000cc8 b 0xc24 | goto label_0;
| label_8:
0x00000cca blx 0x7e4 | stack_chk_fail ();
0x00000cce nop |
0x00000cd0 asrs r6, r4, 0xf | r6 = r4 >> 0xf;
0x00000cd2 movs r1, r0 | r1 = r0;
0x00000cd4 lsls r4, r4, 1 | r4 <<= 1;
0x00000cd6 movs r0, r0 |
0x00000cd8 lsls r4, r1, 0x12 | r4 = r1 << 0x12;
0x00000cda movs r0, r0 |
0x00000cdc lsls r6, r1, 0x18 | r6 = r1 << 0x18;
0x00000cde movs r0, r0 |
0x00000ce0 lsls r6, r4, 0x17 | r6 = r4 << 0x17;
0x00000ce2 movs r0, r0 |
0x00000ce4 lsls r0, r1, 0x15 | r0 = r1 << 0x15;
0x00000ce6 movs r0, r0 |
0x00000ce8 lsls r4, r1, 0x15 | r4 = r1 << 0x15;
0x00000cea movs r0, r0 |
0x00000cec lsls r4, r5, 0x15 | r4 = r5 << 0x15;
0x00000cee movs r0, r0 |
0x00000cf0 lsls r4, r7, 0x15 | r4 = r7 << 0x15;
0x00000cf2 movs r0, r0 |
0x00000cf4 lsls r0, r2, 0x17 | r0 = r2 << 0x17;
0x00000cf6 movs r0, r0 |
0x00000cf8 lsls r0, r1, 0x16 | r0 = r1 << 0x16;
0x00000cfa movs r0, r0 |
0x00000cfc asrs r6, r2, 0xc | r6 = r2 >> 0xc;
0x00000cfe movs r1, r0 | r1 = r0;
0x00000d00 lsls r2, r3, 0xf | r2 = r3 << 0xf;
0x00000d02 movs r0, r0 |
0x00000d04 lsls r2, r6, 0xf | r2 = r6 << 0xf;
0x00000d06 movs r0, r0 |
0x00000d08 lsls r6, r5, 0x10 | r6 = r5 << 0x10;
0x00000d0a movs r0, r0 |
0x00000d0c lsls r6, r6, 0x11 | r6 <<= 0x11;
0x00000d0e movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/lib/liba7x_utils.so @ 0xd10 */
| #include <stdint.h>
|
; (fcn) sym.app_test_status () | void app_test_status (uint32_t arg1) {
| int16_t var_0h;
| r0 = arg1;
| if (? >= ?) {
0x00000d10 strlt r2, [r0, -0x801] | *((r0 - 0x801)) = r2;
| }
0x00000d14 sub sp, 0xc |
| if (? == ?) {
0x00000d16 beq 0xd3a | goto label_0;
| }
0x00000d18 ldr r2, [pc, 0x24] |
0x00000d1a add r2, pc | r2 = 0x1a5e;
| do {
0x00000d1c ldr.w ip, [pc, 0x24] |
0x00000d20 movs r0, 1 | r0 = 1;
0x00000d22 ldr r3, [pc, 0x24] |
0x00000d24 ldr r1, [pc, 0x24] |
0x00000d26 add ip, pc | ip = 0x1a6e;
0x00000d28 add r3, pc | r3 = 0x1a76;
0x00000d2a str.w ip, [sp] | __asm ("str.w ip, [sp]");
0x00000d2e add r1, pc | r1 = 0x1a7e;
0x00000d30 blx 0x850 | printf_chk ()
0x00000d34 add sp, 0xc |
0x00000d36 ldr pc, [sp], 4 | pc = *(sp);
| sp += 4;
| label_0:
0x00000d3a ldr r2, [pc, 0x14] |
0x00000d3c add r2, pc | r2 = 0x1a92;
0x00000d3e b 0xd1c |
| } while (1);
| }
[*] Function printf used 9 times liba7x_utils.so
