[*] Binary protection state of sshd
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of sshd
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/sshd @ 0x52440 */
| #include <stdint.h>
|
; (fcn) fcn.00052440 () | void fcn_00052440 (char * arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_4h_2;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_13h;
| int16_t var_1bh;
| int16_t var_1ch;
| int16_t var_2ch;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x00052440 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00052444 movs r5, 0 | r5 = 0;
0x00052446 sub sp, 0x34 |
0x00052448 mov sb, r3 | sb = r3;
0x0005244a cmp.w sb, 0xf |
0x0005244e mov.w r4, 1 | r4 = 1;
0x00052452 str r5, [sp, 0x10] | var_10h = r5;
0x00052454 mov fp, r0 |
0x00052456 strb.w r2, [sp, 0x13] | var_13h = r2;
0x0005245a mov r7, r1 | r7 = r1;
0x0005245c ldr r2, [pc, 0xe0] |
0x0005245e it le |
| if (sb > 0xf) {
0x00052460 addle r6, sp, 0x1c | r6 += var_1ch;
| }
0x00052462 ldr r3, [pc, 0xe0] | r3 = *(0x52546);
0x00052464 it le |
| if (sb > 0xf) {
0x00052466 addle r8, sp, 0xc | r8 += var_ch;
| }
0x0005246a strd r5, r5, [sp, 0x14] | __asm ("strd r5, r5, [sp, 0x14]");
0x0005246e add r2, pc | r2 = 0xa49b2;
0x00052470 ldr r3, [r2, r3] |
0x00052472 ldr r3, [r3] | r3 = *(0xa49b2);
0x00052474 str r3, [sp, 0x2c] | var_2ch = r3;
0x00052476 mov.w r3, 0 | r3 = 0;
0x0005247a str r5, [sp, 0xc] | var_ch = r5;
0x0005247c strb.w r4, [sp, 0x1b] | var_1bh = r4;
| if (sb <= 0xf) {
0x00052480 ble 0x52524 | goto label_0;
| }
0x00052482 sub.w r3, sb, 0x10 | r3 = sb - 0x10;
0x00052486 add.w r5, r0, 0x10 | r5 = r0 + 0x10;
0x0005248a lsrs r3, r3, 4 | r3 >>= 4;
0x0005248c add r6, sp, 0x1c | r6 += var_1ch;
0x0005248e add.w r8, sp, 0xc | r8 += var_ch;
0x00052492 add.w sl, r3, 2 | sl = r3 + 2;
0x00052496 str r3, [sp, 4] | var_4h_2 = r3;
| do {
0x00052498 mov r2, r7 | r2 = r7;
0x0005249a mov r1, r6 | r1 = r6;
0x0005249c mov r0, r8 | r0 = r8;
0x0005249e adds r5, 0x10 | r5 += 0x10;
0x000524a0 blx 0x540c | printf_chk ()
0x000524a2 invalid |
0x000524a6 ldm.w ip!, {r0, r1, r2, r3} | r0 = *(ip!);
| r1 = *((ip! + 4));
| r2 = *((ip! + 8));
| r3 = *((ip! + 12));
0x000524aa str r0, [r5, -0x20] | *((r5 - 0x20)) = r0;
0x000524ae mov r0, r4 | r0 = r4;
0x000524b0 str r1, [r5, -0x1c] | *((r5 - 0x1c)) = r1;
0x000524b4 movs r1, 1 | r1 = 1;
0x000524b6 str r2, [r5, -0x18] | *((r5 - 0x18)) = r2;
0x000524ba str r3, [r5, -0x14] | *((r5 - 0x14)) = r3;
0x000524be bl 0x66c04 | r0 = fcn_00066c04 (r0, r1);
0x000524c2 cmp r0, sl |
0x000524c4 mov r4, r0 | r4 = r0;
0x000524c6 strb.w r0, [sp, 0x1b] | var_1bh = r0;
0x000524ca bne 0x52498 |
| } while (r0 != sl);
0x000524cc mov r0, sb | r0 = sb;
0x000524ce mvn r1, 0xf | r1 = ~0xf;
0x000524d2 bl 0x66c04 | fcn_00066c04 (r0, r1);
0x000524d6 ldr r5, [sp, 4] | r5 = var_4h_2;
0x000524d8 mov r4, r0 | r4 = r0;
0x000524da mvn r1, 0xf | r1 = ~0xf;
0x000524de mov r0, r5 | r0 = r5;
0x000524e0 bl 0x66c38 | fcn_00066c38 (r0, r1);
0x000524e4 mov r1, r4 | r1 = r4;
0x000524e6 bl 0x66c04 | fcn_00066c04 (r0, r1);
0x000524ea mov r3, r5 | r3 = r5;
0x000524ec mov sb, r0 | sb = r0;
0x000524ee adds r3, 1 | r3++;
0x000524f0 add.w fp, fp, r3, lsl 4 |
0x000524f4 cbnz r0, 0x52524 |
| while (1) {
0x000524f6 movs r2, 0x10 | r2 = 0x10;
0x000524f8 mov r1, r2 | r1 = r2;
0x000524fa mov r0, r8 | r0 = r8;
0x000524fc blx 0x5a78 | chroot ();
0x00052500 movs r2, 0x10 | r2 = 0x10;
0x00052502 mov r0, r6 | r0 = r6;
0x00052504 mov r1, r2 | r1 = r2;
0x00052506 blx 0x5a78 | chroot ();
0x0005250a ldr r2, [pc, 0x3c] |
0x0005250c ldr r3, [pc, 0x34] | r3 = *(0x52544);
0x0005250e add r2, pc | r2 = 0xa4a5c;
0x00052510 ldr r3, [r2, r3] | r3 = *(0xa4a5c);
0x00052512 ldr r2, [r3] | r2 = *(0xa4a5c);
0x00052514 ldr r3, [sp, 0x2c] | r3 = var_2ch;
0x00052516 eors r2, r3 | r2 ^= r3;
0x00052518 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x0005251c bne 0x5253a | goto label_1;
| }
0x0005251e add sp, 0x34 |
0x00052520 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_0:
0x00052524 mov r2, r7 | r2 = r7;
0x00052526 mov r1, r6 | r1 = r6;
0x00052528 mov r0, r8 | r0 = r8;
0x0005252a blx 0x540c | printf_chk ()
0x0005252e mov r2, sb | r2 = sb;
0x00052530 mov r1, r6 | r1 = r6;
0x00052532 mov r0, fp | r0 = fp;
0x00052534 blx 0x59bc | fcn_000059bc ();
0x00052538 b 0x524f6 |
| }
| label_1:
0x0005253a blx 0x5d1c | fcn_00005d1c ();
0x0005253e nop |
0x00052540 strb r6, [r3, 0x12] | *((r3 + 0x12)) = r6;
0x00052542 movs r5, r0 | r5 = r0;
0x00052544 lsls r0, r2, 0x1a | r0 = r2 << 0x1a;
0x00052546 movs r0, r0 |
0x00052548 strb r6, [r7, 0xf] | *((r7 + 0xf)) = r6;
0x0005254a movs r5, r0 | r5 = r0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/sshd @ 0x52a10 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00052a10 () | void fcn_00052a10 (int16_t arg1) {
| int16_t var_0h;
| char * src;
| int16_t var_114h;
| int16_t var_154h;
| int16_t var_194h;
| r0 = arg1;
0x00052a10 vst1.32 {d20, d21}, [pc], sb | __asm ("vst1.32 {d20, d21}, [pc], sb");
0x00052a14 str r0, [r0, 0x1c] | *((r0 + 0x1c)) = r0;
0x00052a16 ldr r3, [pc, 0x224] |
0x00052a18 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00052a1c mov r4, r0 | r4 = r0;
0x00052a1e add r2, pc | r2 += pc;
0x00052a20 vpush {d8} | __asm ("vpush {d8}");
0x00052a24 movs r0, 1 | r0 = 1;
0x00052a26 sub sp, 0x19c |
0x00052a28 ldr r3, [r2, r3] | r3 = *((r2 + r3));
0x00052a2a ldr r3, [r3] | r3 = *(0x52c3e);
0x00052a2c str r3, [sp, 0x194] | var_194h = r3;
0x00052a2e mov.w r3, 0 | r3 = 0;
0x00052a32 bl 0x4a144 | fcn_0004a144 (r0, r1);
0x00052a34 smull r4, r6, r7, r3 | r4:r6 = r7 * r3;
0x00052a38 mov r6, r0 | r6 = r0;
0x00052a3a cmp r0, 0 |
| if (r0 == 0) {
0x00052a3c beq.w 0x52c06 | goto label_0;
| }
0x00052a40 and r6, r0, 0xf | r6 = r0 & 0xf;
0x00052a44 mov r8, sp | r8 = sp;
0x00052a46 rsbs.w r6, r6, 0x10 | r6 = 0x10 - r6;
0x00052a4a add.w sb, sp, 0xf4 | sb += src;
0x00052a4c lsrs r4, r6, 7 | r4 = r6 >> 7;
0x00052a4e add r6, r0 | r6 += r0;
0x00052a50 mov r2, r8 | r2 = r8;
0x00052a52 mov r0, r4 | r0 = r4;
0x00052a54 movs r1, 0x80 | r1 = 0x80;
0x00052a56 str.w r3, [r6, 0x5ec] | __asm ("str.w r3, aav.0x000000ff");
0x00052a5a add.w r4, r6, 0x4f8 | r4 = r6 + 0x4f8;
0x00052a5e blx 0x5910 | strndup (r0, r1);
0x00052a62 movs r3, 0x10 | r3 = 0x10;
0x00052a64 movs r2, 0 | r2 = 0;
0x00052a66 mov r1, r8 | r1 = r8;
0x00052a68 mov r0, sb | r0 = sb;
0x00052a6a bl 0x52440 | fcn_00052440 (r0, r1, r2, r3);
0x00052a6e movs r5, 0 | r5 = 0;
0x00052a70 mov r2, r4 | r2 = r4;
0x00052a72 movs r1, 0x80 | r1 = 0x80;
0x00052a74 add.w r7, r6, 0x4d8 | r7 = r6 + 0x4d8;
0x00052a78 mov r0, sb | r0 = sb;
0x00052a7a blx 0x5910 | strndup (r0, r1);
0x00052a7e mov r2, r4 | r2 = r4;
0x00052a80 mov r1, r7 | r1 = r7;
0x00052a82 add.w r0, r6, 0x4e8 | r0 = r6 + 0x4e8;
0x00052a86 str.w r5, [r6, 0x4e8] | __asm ("str.w r5, aav.0x000000ff");
0x00052a8a str.w r5, [r6, 0x4ec] | __asm ("str.w r5, aav.0x000000ff");
0x00052a8e mov r4, r6 | r4 = r6;
0x00052a90 str.w r5, [r6, 0x4f0] | __asm ("str.w r5, aav.0x000000ff");
0x00052a94 str.w r5, [r6, 0x4f4] | __asm ("str.w r5, aav.0x000000ff");
0x00052a98 blx 0x540c | printf_chk ()
0x00052a9c movs r2, 0x10 | r2 = 0x10;
0x00052a9e mov r0, sb | r0 = sb;
0x00052aa0 mov r1, r2 | r1 = r2;
0x00052aa2 blx 0x5a78 | chroot ();
0x00052aa4 invalid |
0x00052aa8 mov.w r2, 0x4d8 | r2 = 0x4d8;
0x00052aac mov r0, r6 | r0 = r6;
0x00052aae blx 0x5530 | fcn_00005530 ();
0x00052ab2 mov.w r3, 0x410 | r3 = 0x410;
0x00052ab6 movs r2, 1 | r2 = 1;
0x00052ab8 mov r1, r8 | r1 = r8;
0x00052aba mov r0, r6 | r0 = r6;
0x00052abc adds r5, r6, r3 | r5 = r6 + r3;
0x00052abe bl 0x52440 | fcn_00052440 (r0, r1, r2, r3);
| do {
0x00052ac2 mov r0, r4 | r0 = r4;
0x00052ac4 bl 0x4d440 | fcn_0004d440 (r0);
0x00052ac8 str r0, [r4], 4 | *(r4) = r0;
| r4 += 4;
0x00052acc cmp r5, r4 |
0x00052ace bne 0x52ac2 |
| } while (r5 != r4);
0x00052ad0 vmov.i32 d16, 0 | __asm ("vmov.i32 d16, 0");
0x00052ad4 movs r2, 0 | r2 = 0;
0x00052ad6 vldr d8, [pc, 0x158] | __asm ("vldr d8, aav.0x000000ff");
0x00052ada add.w r3, r6, 0x460 | r3 = r6 + 0x460;
0x00052ade add.w r4, r6, 0x468 | r4 = r6 + 0x468;
0x00052ae2 mov r7, sb | r7 = sb;
0x00052ae4 add.w sl, r6, 0x478 | sl = r6 + 0x478;
0x00052ae8 str.w r2, [r6, 0x454] | __asm ("str.w r2, aav.0x000000ff");
0x00052aec str.w r2, [r6, 0x450] | __asm ("str.w r2, aav.0x000000ff");
0x00052aee movs r4, 0x50 | r4 = 0x50;
0x00052af0 mov r1, r8 | r1 = r8;
0x00052af2 vstr d16, [r3, -8] | __asm ("vstr d16, [r3, -8]");
0x00052af6 movs r2, 2 | r2 = 2;
0x00052af8 vstr d16, [r3] | __asm ("vstr d16, [r3]");
0x00052afa lsrs r0, r0, 0xc | r0 >>= 0xc;
0x00052afc mov r0, sb | r0 = sb;
0x00052afe movs r3, 0xa0 | r3 = 0xa0;
0x00052b00 bl 0x52440 | fcn_00052440 (r0, r1, r2, r3);
0x00052b02 invalid |
| do {
0x00052b04 mov r3, r7 | r3 = r7;
0x00052b06 adds r7, 0x18 | r7 += 0x18;
0x00052b08 ldm r3!, {r0, r1} | r0 = *(r3!);
| r1 = *((r3! + 4));
0x00052b0a str r0, [r4] | *(r4) = r0;
0x00052b0c mov r0, r4 | r0 = r4;
0x00052b0e str r1, [r0, 4]! | *((r0 += 4)) = r1;
0x00052b12 bl 0x4d440 | r0 = fcn_0004d440 (r0);
0x00052b16 mov r5, r0 | r5 = r0;
0x00052b18 mov r0, r4 | r0 = r4;
0x00052b1a bl 0x4d440 | fcn_0004d440 (r0);
0x00052b1e bic r5, r5, 0xfe000000 | r5 = BIT_MASK (r5, 0xfe000000);
0x00052b22 bic r0, r0, 0xfe000000 | r0 = BIT_MASK (r0, 0xfe000000);
0x00052b26 str r5, [r4] | *(r4) = r5;
0x00052b28 adds r4, 8 | r4 += 8;
0x00052b2a str r0, [r4, -0x4] | *((r4 - 0x4)) = r0;
0x00052b2e vstr d8, [r4, 8] | __asm ("vstr d8, [r4, 8]");
0x00052b32 cmp sl, r4 |
0x00052b34 bne 0x52b04 |
| } while (sl != r4);
0x00052b36 movs r3, 0xa0 | r3 = 0xa0;
0x00052b38 movs r2, 3 | r2 = 3;
0x00052b3a mov r1, r8 | r1 = r8;
0x00052b3c mov r0, sb | r0 = sb;
0x00052b3e bl 0x52440 | fcn_00052440 (r0, r1, r2, r3);
0x00052b42 add.w lr, sp, 0x114 | lr += var_114h;
0x00052b46 add.w r5, r6, 0x488 | r5 = r6 + 0x488;
0x00052b4a ldm.w lr!, {r0, r1, r2, r3} | r0 = *(lr!);
| r1 = *((lr! + 4));
| r2 = *((lr! + 8));
| r3 = *((lr! + 12));
0x00052b4e add.w ip, sp, 0x154 |
0x00052b52 mov r4, r5 | r4 = r5;
0x00052b54 addw r7, r6, 0x48c | __asm ("addw r7, r6, aav.0x000000ff");
0x00052b58 add.w sl, r6, 0x4c8 | sl = r6 + 0x4c8;
0x00052b5c str.w r0, [r6, 0x488] | __asm ("str.w r0, aav.0x000000ff");
0x00052b60 str r1, [r5, 4] | *((r5 + 4)) = r1;
0x00052b62 str r2, [r5, 8] | *((r5 + 8)) = r2;
0x00052b64 str r3, [r5, 0xc] | *((r5 + 0xc)) = r3;
0x00052b66 ldm.w lr!, {r0, r1, r2, r3} | r0 = *(lr!);
| r1 = *((lr! + 4));
| r2 = *((lr! + 8));
| r3 = *((lr! + 12));
0x00052b6a str r0, [r5, 0x10] | *((r5 + 0x10)) = r0;
0x00052b6c str r1, [r5, 0x14] | *((r5 + 0x14)) = r1;
0x00052b6e str r2, [r5, 0x18] | *((r5 + 0x18)) = r2;
0x00052b70 str r3, [r5, 0x1c] | *((r5 + 0x1c)) = r3;
0x00052b72 ldm.w ip!, {r0, r1, r2, r3} | r0 = *(ip!);
| r1 = *((ip! + 4));
| r2 = *((ip! + 8));
| r3 = *((ip! + 12));
0x00052b76 str.w r0, [r6, 0x4a8] | __asm ("str.w r0, aav.0x000000ff");
0x00052b7a str.w r1, [r6, 0x4ac] | __asm ("str.w r1, aav.0x000000ff");
0x00052b7e str.w r2, [r6, 0x4b0] | __asm ("str.w r2, aav.0x000000ff");
0x00052b82 str.w r3, [r6, 0x4b4] | __asm ("str.w r3, aav.0x000000ff");
0x00052b86 ldm.w ip!, {r0, r1, r2, r3} | r0 = *(ip!);
| r1 = *((ip! + 4));
| r2 = *((ip! + 8));
| r3 = *((ip! + 12));
0x00052b8a str.w r0, [r6, 0x4b8] | __asm ("str.w r0, aav.0x000000ff");
0x00052b8e str.w r1, [r6, 0x4bc] | __asm ("str.w r1, aav.0x000000ff");
0x00052b92 str.w r2, [r6, 0x4c0] | __asm ("str.w r2, aav.0x000000ff");
0x00052b96 str.w r3, [r6, 0x4c4] | __asm ("str.w r3, aav.0x000000ff");
| do {
0x00052b9a mov r0, r7 | r0 = r7;
0x00052b9c adds r7, 8 | r7 += 8;
0x00052b9e bl 0x4d440 | r0 = fcn_0004d440 (r0);
0x00052ba2 mov fp, r0 |
0x00052ba4 mov r0, r4 | r0 = r4;
0x00052ba6 bl 0x4d440 | fcn_0004d440 (r0);
0x00052baa adds r4, 8 | r4 += 8;
0x00052bac str r0, [r4, -0x4] | *((r4 - 0x4)) = r0;
0x00052bb0 cmp sl, r4 |
0x00052bb2 str fp, [r7, -0xc] | *((r7 - 0xc)) = fp;
0x00052bb6 bne 0x52b9a |
| } while (sl != r4);
| do {
0x00052bb8 ldrd r0, r1, [r5] | __asm ("ldrd r0, r1, [r5]");
0x00052bbc mvn r2, 4 | r2 = ~4;
0x00052bc0 movs r3, 0xf | r3 = 0xf;
0x00052bc2 bl 0x66bc8 | fcn_00066bc8 (r0, r1, r2, r3);
0x00052bc4 invalid |
0x00052bc8 movs r3, 2 | r3 = 2;
0x00052bca cmp r5, sl |
0x00052bcc bne 0x52bb8 |
| } while (r5 != sl);
0x00052bce movs r3, 8 | r3 = 8;
0x00052bd0 mov r1, r8 | r1 = r8;
0x00052bd2 movs r2, 4 | r2 = 4;
0x00052bd4 mov r0, r5 | r0 = r5;
0x00052bd6 bl 0x52440 | fcn_00052440 (r0, r1, r2, r3);
0x00052bda mov r0, r5 | r0 = r5;
0x00052bdc bl 0x4d440 | fcn_0004d440 (r0);
0x00052be0 str.w r0, [r6, 0x4c8] | __asm ("str.w r0, aav.0x000000ff");
0x00052be4 addw r0, r6, 0x4cc | __asm ("addw r0, r6, aav.0x000000ff");
0x00052be8 bl 0x4d440 | fcn_0004d440 (r0);
0x00052bec movs r2, 0xa0 | r2 = 0xa0;
0x00052bee mov r3, r0 | r3 = r0;
0x00052bf0 mov r1, r2 | r1 = r2;
0x00052bf2 mov r0, sb | r0 = sb;
0x00052bf4 str.w r3, [r6, 0x4cc] | __asm ("str.w r3, aav.0x000000ff");
0x00052bf8 blx 0x5a78 | chroot ();
0x00052bfc movs r2, 0xf4 | r2 = 0xf4;
0x00052bfe mov r0, r8 | r0 = r8;
0x00052c00 mov r1, r2 | r1 = r2;
0x00052c02 blx 0x5a78 | chroot ();
0x00052c04 invalid |
| label_0:
0x00052c06 ldr r2, [pc, 0x38] |
0x00052c08 ldr r3, [pc, 0x30] | r3 = *(0x52c3c);
0x00052c0a add r2, pc | r2 = 0xa5850;
0x00052c0c ldr r3, [r2, r3] | r3 = *(0xa5850);
0x00052c0e ldr r2, [r3] | r2 = *(0xa5850);
0x00052c10 ldr r3, [sp, 0x194] | r3 = var_194h;
0x00052c12 eors r2, r3 | r2 ^= r3;
0x00052c14 mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x00052c18 bne 0x52c26 |
0x00052c1a mov r0, r6 | r0 = r6;
0x00052c1c add sp, 0x19c |
0x00052c1e vpop {d8} | __asm ("vpop {d8}");
0x00052c22 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x00052c26 blx 0x5d1c | fcn_00005d1c ();
0x00052c2a nop |
0x00052c2c nop.w |
0x00052c30 movs r1, r0 | r1 = r0;
0x00052c32 movs r0, r0 |
0x00052c34 movs r0, r0 |
0x00052c36 movs r0, r0 |
0x00052c38 ldr r6, [r5, 0x6c] | r6 = *((r5 + 0x6c));
0x00052c3a movs r5, r0 | r5 = r0;
0x00052c3c lsls r0, r2, 0x1a | r0 = r2 << 0x1a;
0x00052c3e movs r0, r0 |
0x00052c40 ldr r2, [r0, 0x50] | r2 = *((r0 + 0x50));
0x00052c42 movs r5, r0 | r5 = r0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/sshd @ 0x52c44 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00052c44 () | void fcn_00052c44 (int16_t arg_0h, int16_t arg_4h, int16_t arg_7h, int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_4h_3;
| int16_t var_8h_3;
| int16_t var_ch_2;
| int16_t var_10h;
| int16_t var_18h;
| int16_t var_24h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x00052c44 svcmi 0xf0e92d | __asm ("svcmi aav.0x000000ff");
0x00052c48 sub sp, 0x2c |
0x00052c4a ldr r6, [pc, 0x300] |
0x00052c4c mov r4, r0 | r4 = r0;
0x00052c4e mov r7, r1 | r7 = r1;
0x00052c50 mov fp, r2 |
0x00052c52 ldr r5, [pc, 0x2fc] | r5 = *(0x52f52);
0x00052c54 ldr.w r3, [r0, 0x4d0] | r3 = *(arg_0hx4d0);
0x00052c58 add r6, pc | r6 = 0xa5baa;
0x00052c5a ldr r5, [r6, r5] |
0x00052c5c cmp.w r3, 0x400 |
0x00052c60 ldr r5, [r5] | r5 = *(0xa5baa);
0x00052c62 str r5, [sp, 0x24] | var_24h = r5;
0x00052c64 mov.w r5, 0 | r5 = 0;
| if (r3 < 0x400) {
0x00052c68 bls.w 0x52e12 | goto label_1;
| }
0x00052c6c ubfx r3, r3, 0, 0xa | r3 = (r3 >> 0) & ((1 << 0xa) - 1);
0x00052c70 cmp r3, 0 |
| if (r3 != 0) {
0x00052c72 bne.w 0x52e00 | goto label_2;
| }
0x00052c76 add.w r6, r4, 0x478 | r6 = r4 + 0x478;
0x00052c7a mov r8, r7 | r8 = r7;
0x00052c7c mov sl, r4 | sl = r4;
0x00052c7e add.w r3, r4, 0x4c8 | r3 = r4 + 0x4c8;
0x00052c82 add.w r5, r4, 0x488 | r5 = r4 + 0x488;
0x00052c86 str r7, [sp, 0xc] | var_ch_2 = r7;
0x00052c88 str r5, [sp, 8] | var_8h_3 = r5;
0x00052c8a str r3, [sp, 4] | *(arg_4h) = r3;
| do {
0x00052c8c ldrd r2, r1, [r6] | __asm ("ldrd r2, r1, [r6]");
0x00052c90 adds r6, 8 | r6 += 8;
0x00052c92 cmn.w r2, 0x3b |
0x00052c96 sbcs r3, r1, -1 | __asm ("sbcs r3, r1, -1");
| if (r2 >= 0x3b) {
0x00052c9a bhs.w 0x52df0 | goto label_3;
| }
0x00052c9e uxth r3, r2 | r3 = (int16_t) r2;
0x00052ca0 mov.w ip, 0 |
| label_0:
0x00052ca4 ldr r4, [r5, 0x1c] | r4 = *((r5 + 0x1c));
0x00052ca6 lsr.w sb, r1, 0x10 | sb = r1 >> 0x10;
0x00052caa ldr r0, [r5, 0x18] | r0 = *((r5 + 0x18));
0x00052cac uxth r1, r1 | r1 = (int16_t) r1;
0x00052cae ldr r7, [r5, 8] | r7 = *((r5 + 8));
0x00052cb0 lsrs r2, r2, 0x10 | r2 >>= 0x10;
0x00052cb2 mul r4, r3, r4 | r4 = r3 * r4;
0x00052cb6 mla r4, ip, r0, r4 | __asm ("mla r4, ip, r0, r4");
0x00052cba umull r3, r0, r0, r3 | r3:r0 = r0 * r3;
0x00052cbe add r4, r0 | r4 += r0;
0x00052cc0 ldr r0, [r5] | r0 = *(r5);
0x00052cc2 umull ip, r0, r0, sb | ip:r0 = r0 * sb;
0x00052cc6 adds.w r3, ip, r3 | r3 = ip + r3;
0x00052cca umull lr, ip, r7, r1 | lr:ip = r7 * r1;
0x00052cce ldr r7, [r5, 4] | r7 = *((r5 + 4));
0x00052cd0 mla r0, sb, r7, r0 | __asm ("mla r0, sb, r7, r0");
0x00052cd2 movs r7, r0 | r7 = r0;
0x00052cd4 adc.w sb, r0, r4 | __asm ("adc.w sb, r0, r4");
0x00052cd8 ldr r0, [r5, 0x10] | r0 = *((r5 + 0x10));
0x00052cda adds.w r3, r3, lr | r3 += lr;
0x00052cde umull lr, r4, r0, r2 | lr:r4 = r0 * r2;
0x00052ce2 ldr r0, [r5, 0xc] | r0 = *((r5 + 0xc));
0x00052ce4 mla ip, r1, r0, ip | __asm ("mla ip, r1, r0, ip");
0x00052ce8 ldr r0, [r5, 0x14] | r0 = *((r5 + 0x14));
0x00052cea mla r4, r2, r0, r4 | __asm ("mla r4, r2, r0, r4");
0x00052cee adc.w ip, ip, sb | __asm ("adc.w ip, ip, sb");
0x00052cf2 adds.w r3, r3, lr | r3 += lr;
0x00052cf6 adc.w r4, r4, ip | __asm ("adc.w r4, r4, ip");
0x00052cfa lsrs r2, r4, 4 | r2 = r4 >> 4;
0x00052cfc and r4, r4, 0xf | r4 &= 0xf;
0x00052d00 lsls r1, r2, 2 | r1 = r2 << 2;
0x00052d02 adds r1, r1, r2 | r1 += r2;
0x00052d04 mov.w r2, 0 | r2 = 0;
0x00052d08 adcs r2, r2 | __asm ("adcs r2, r2");
0x00052d0a adds.w lr, r1, r3 | lr = r1 + r3;
0x00052d0e adc.w r3, r2, r4 | __asm ("adc.w r3, r2, r4");
0x00052d12 mvn r2, 5 | r2 = ~5;
0x00052d16 cmp r2, lr |
0x00052d18 mov.w r2, 0xf | r2 = 0xf;
0x00052d1c sbcs.w r3, r2, r3 | __asm ("sbcs.w r3, r2, r3");
| if (r2 < lr) {
0x00052d20 bhs 0x52d26 |
0x00052d22 adds.w lr, lr, 5 | lr += 5;
| }
0x00052d26 ldr r3, [sp, 4] | r3 = *(arg_4h);
0x00052d28 mov r0, r8 | r0 = r8;
0x00052d2a adds r5, 0x20 | r5 += 0x20;
0x00052d2c add.w r8, r8, 4 | r8 += 4;
0x00052d30 ldr r1, [r3], 4 | r1 = *(r3);
| r3 += 4;
0x00052d34 eor.w r1, r1, lr | r1 ^= lr;
0x00052d38 str r3, [sp, 4] | *(arg_4h) = r3;
0x00052d3a bl 0x4d47c | fcn_0004d47c (r0, r1);
0x00052d3e ldr r3, [sp, 8] | r3 = var_8h_3;
0x00052d40 cmp r3, r6 |
0x00052d42 bne 0x52c8c |
| } while (r3 != r6);
0x00052d44 ldr r7, [sp, 0xc] | r7 = var_ch_2;
0x00052d46 mov r4, sl | r4 = sl;
| do {
0x00052d48 vmov.i32 d16, 0 | __asm ("vmov.i32 d16, 0");
0x00052d4c movs r2, 0 | r2 = 0;
0x00052d4e add.w r3, r4, 0x460 | r3 = r4 + 0x460;
0x00052d52 str.w r2, [r4, 0x454] | __asm ("str.w r2, aav.0x000000ff");
0x00052d56 str.w r2, [r4, 0x450] | __asm ("str.w r2, aav.0x000000ff");
0x00052d5a movs r1, 0 | r1 = 0;
0x00052d5c vstr d16, [r3, -8] | __asm ("vstr d16, [r3, -8]");
0x00052d60 movs r0, 1 | r0 = 1;
0x00052d62 vstr d16, [r3] | __asm ("vstr d16, [r3]");
0x00052d66 add.w r3, r4, 0x480 | r3 = r4 + 0x480;
0x00052d68 str r0, [r2, 0x38] | *((r2 + 0x38)) = r0;
0x00052d6a str.w r2, [r4, 0x4d0] | __asm ("str.w r2, aav.0x000000ff");
0x00052d6e add.w r6, r4, 0x4d8 | r6 = r4 + 0x4d8;
0x00052d72 strd r0, r1, [r3, -0x8] | __asm ("strd r0, r1, [r3, -0x8]");
0x00052d76 strd r0, r1, [r3] | __asm ("strd r0, r1, [r3]");
0x00052d7a ldr.w r3, [fp, 4] | r3 = *(arg_4h);
0x00052d7e ldr.w r1, [r4, 0x4ec] | r1 = *((r4 + 0x4ec));
0x00052d82 ldrb.w r5, [fp, 7] | r5 = *(arg_7h);
0x00052d86 ubfx r2, r3, 0x18, 8 | r2 = (r3 >> 0x18) & ((1 << 8) - 1);
0x00052d8a bic r2, r2, 1 | r2 = BIT_MASK (r2, 1);
0x00052d8c lsls r1, r0, 8 | r1 = r0 << 8;
0x00052d8e bfi r3, r2, 0x18, 8 | value_0 = BIT_MASK (0x18, 8);
| value_1 = r2 & value_0;
| value_0 = ~value_0;
| r3 &= value_0;
| r3 |= value_1;
0x00052d92 and r5, r5, 1 | r5 &= 1;
0x00052d96 cmp r3, r1 |
0x00052d98 ldr.w r2, [fp] | r2 = *(fp);
| if (r3 == r1) {
0x00052d9c bne 0x52da6 |
0x00052d9e ldr.w r1, [r4, 0x4e8] | r1 = *((r4 + 0x4e8));
0x00052da2 cmp r2, r1 |
| if (r2 == r1) {
0x00052da4 beq 0x52dbc | goto label_4;
| }
| }
0x00052da6 str.w r2, [r4, 0x4e8] | __asm ("str.w r2, aav.0x000000ff");
0x00052daa add.w r0, r4, 0x4e8 | r0 = r4 + 0x4e8;
0x00052dae add.w r2, r4, 0x4f8 | r2 = r4 + 0x4f8;
0x00052db2 mov r1, r6 | r1 = r6;
0x00052db4 str.w r3, [r4, 0x4ec] | __asm ("str.w r3, aav.0x000000ff");
0x00052db8 blx 0x540c | printf_chk ()
| label_4:
0x00052dbc add.w r1, r6, r5, lsl 3 | r1 = r6 + (r5 << 3);
0x00052dc0 ldrd r2, r3, [r7] | __asm ("ldrd r2, r3, [r7]");
0x00052dc4 ldr.w r0, [r6, r5, lsl 3] | offset_2 = r5 << 3;
| r0 = *((r6 + offset_2));
0x00052dc8 ldr r1, [r1, 4] | r1 = *((r1 + 4));
0x00052dca eors r2, r0 | r2 ^= r0;
0x00052dcc eors r3, r1 | r3 ^= r1;
0x00052dce strd r2, r3, [r7] | __asm ("strd r2, r3, [r7]");
0x00052dd2 ldr r2, [pc, 0x180] |
0x00052dd4 ldr r3, [pc, 0x178] | r3 = *(0x52f50);
0x00052dd6 add r2, pc | r2 = 0xa5d30;
0x00052dd8 ldr r3, [r2, r3] | r3 = *(0xa5d30);
0x00052dda ldr r2, [r3] | r2 = *(0xa5d30);
0x00052ddc ldr r3, [sp, 0x24] | r3 = var_24h;
0x00052dde eors r2, r3 | r2 ^= r3;
0x00052de0 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00052de4 bne.w 0x52f48 | goto label_5;
| }
0x00052de8 movs r0, 1 | r0 = 1;
0x00052dea add sp, 0x2c |
0x00052dec pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_3:
0x00052df0 adds r2, 0x3b | r2 += 0x3b;
0x00052df2 adc r1, r1, 0 | __asm ("adc r1, r1, 0");
0x00052df6 mov r3, r2 | r3 = r2;
0x00052df8 mov ip, r1 |
0x00052dfa strd r2, r1, [r6, -0x8] | __asm ("strd r2, r1, [r6, -0x8]");
0x00052dfe b 0x52ca4 | goto label_0;
| label_2:
0x00052e00 add r5, sp, 0x10 | r5 += var_10h;
0x00052e02 mov r1, r5 | r1 = r5;
0x00052e04 bl 0x52728 | fcn_00052728 (r0, r1);
0x00052e08 mov r1, r5 | r1 = r5;
0x00052e0a mov r0, r4 | r0 = r4;
0x00052e0c bl 0x52854 | fcn_00052854 (r0, r1, r2);
0x00052e0e stc2 p7, c14, [r2, -0xc4]! | __asm ("stc2 p7, c14, [r2, -0xc4]!");
| label_1:
0x00052e12 add r1, sp, 0x10 | r1 += var_10h;
0x00052e14 bl 0x52728 | fcn_00052728 (r0, r1);
0x00052e18 ldrd r6, r3, [sp, 0x10] | __asm ("ldrd r6, r3, [var_10h]");
0x00052e1a str r4, [r0, 0x30] | *((r0 + 0x30)) = r4;
0x00052e1c ldr.w r1, [r4, 0x490] | r1 = *((r4 + 0x490));
0x00052e20 ldr.w r0, [r4, 0x488] | r0 = *((r4 + 0x488));
0x00052e24 ldr.w r5, [r4, 0x48c] | r5 = *((r4 + 0x48c));
0x00052e28 uxth.w sl, r3 | sl = (int16_t) r3;
0x00052e2c lsr.w r8, r3, 0x10 | r8 = r3 >> 0x10;
0x00052e30 lsr.w lr, r6, 0x10 | lr = r6 >> 0x10;
0x00052e34 uxth.w ip, r6 | ip = (int16_t) r6;
0x00052e38 umull sb, r1, r1, sl | sb:r1 = r1 * sl;
0x00052e3c ldr.w r3, [r4, 0x494] | r3 = *((r4 + 0x494));
0x00052e40 ldr.w r2, [r4, 0x498] | r2 = *((r4 + 0x498));
0x00052e44 umull r0, r6, r0, r8 | r0:r6 = r0 * r8;
0x00052e48 mla r1, sl, r3, r1 | __asm ("mla r1, sl, r3, r1");
0x00052e4c ldr.w r3, [r4, 0x4a0] | r3 = *((r4 + 0x4a0));
0x00052e50 adds.w r0, sb, r0 | r0 = sb + r0;
0x00052e54 mla r5, r8, r5, r6 | __asm ("mla r5, r8, r5, r6");
0x00052e58 umull r2, r6, r2, lr | r2:r6 = r2 * lr;
0x00052e5c adc.w r1, r1, r5 | __asm ("adc.w r1, r1, r5");
0x00052e60 ldr.w r5, [r4, 0x49c] | r5 = *((r4 + 0x49c));
0x00052e64 adds r2, r2, r0 | r2 += r0;
0x00052e66 umull r3, r0, r3, ip | r3:r0 = r3 * ip;
0x00052e6a mla r5, lr, r5, r6 | __asm ("mla r5, lr, r5, r6");
0x00052e6e mvn r6, 5 | r6 = ~5;
0x00052e70 lsls r5, r0, 0x18 | r5 = r0 << 0x18;
0x00052e72 adc.w r1, r5, r1 | __asm ("adc.w r1, r5, r1");
0x00052e76 adds r5, r3, r2 | r5 = r3 + r2;
0x00052e78 ldr.w r3, [r4, 0x4a4] | r3 = *((r4 + 0x4a4));
0x00052e7c mla r2, ip, r3, r0 | __asm ("mla r2, ip, r3, r0");
0x00052e80 adc.w r2, r2, r1 | __asm ("adc.w r2, r2, r1");
0x00052e84 movs r1, 0 | r1 = 0;
0x00052e86 lsrs r0, r2, 4 | r0 = r2 >> 4;
0x00052e88 and r2, r2, 0xf | r2 &= 0xf;
0x00052e8c lsls r3, r0, 2 | r3 = r0 << 2;
0x00052e8e adds r3, r3, r0 | r3 += r0;
0x00052e90 adcs r1, r1 | __asm ("adcs r1, r1");
0x00052e92 adds r3, r3, r5 | r3 += r5;
0x00052e94 adc.w r1, r1, r2 | __asm ("adc.w r1, r1, r2");
0x00052e98 movs r2, 0xf | r2 = 0xf;
0x00052e9a cmp r6, r3 |
0x00052e9c sbcs r2, r1 | __asm ("sbcs r2, r1");
| if (r6 < r3) {
0x00052e9e bhs 0x52ea2 |
0x00052ea0 adds r3, 5 | r3 += 5;
| }
0x00052ea2 ldr.w r1, [r4, 0x4c8] | r1 = *((r4 + 0x4c8));
0x00052ea6 mov r0, r7 | r0 = r7;
0x00052ea8 eors r1, r3 | r1 ^= r3;
0x00052eaa bl 0x4d47c | fcn_0004d47c (r0, r1);
0x00052eae ldrd r6, r3, [sp, 0x18] | __asm ("ldrd r6, r3, [var_18h]");
0x00052eb2 ldr.w r1, [r4, 0x4b0] | r1 = *((r4 + 0x4b0));
0x00052eb6 ldr.w r0, [r4, 0x4a8] | r0 = *((r4 + 0x4a8));
0x00052eba ldr.w r5, [r4, 0x4ac] | r5 = *((r4 + 0x4ac));
0x00052ebe uxth.w sl, r3 | sl = (int16_t) r3;
0x00052ec2 lsr.w sb, r3, 0x10 | sb = r3 >> 0x10;
0x00052ec4 ldr r1, [pc, 0x4c] | r1 = *(0x52f14);
0x00052ec6 lsr.w lr, r6, 0x10 | lr = r6 >> 0x10;
0x00052eca uxth.w ip, r6 | ip = (int16_t) r6;
0x00052ece umull r8, r1, r1, sl | r8:r1 = r1 * sl;
0x00052ed2 ldr.w r3, [r4, 0x4b4] | r3 = *((r4 + 0x4b4));
0x00052ed6 ldr.w r2, [r4, 0x4b8] | r2 = *((r4 + 0x4b8));
0x00052eda umull r0, r6, r0, sb | r0:r6 = r0 * sb;
0x00052ede mla r1, sl, r3, r1 | __asm ("mla r1, sl, r3, r1");
0x00052ee2 ldr.w r3, [r4, 0x4c0] | r3 = *((r4 + 0x4c0));
0x00052ee6 adds.w r0, r8, r0 | r0 = r8 + r0;
0x00052eea mla r5, sb, r5, r6 | __asm ("mla r5, sb, r5, r6");
0x00052eee umull r2, r6, r2, lr | r2:r6 = r2 * lr;
0x00052ef2 adc.w r1, r1, r5 | __asm ("adc.w r1, r1, r5");
0x00052ef6 ldr.w r5, [r4, 0x4bc] | r5 = *((r4 + 0x4bc));
0x00052ef8 strb r4, [r7, r2] | *((r7 + r2)) = r4;
0x00052efa adds r2, r2, r0 | r2 += r0;
0x00052efc umull r3, r0, r3, ip | r3:r0 = r3 * ip;
0x00052f00 mla r5, lr, r5, r6 | __asm ("mla r5, lr, r5, r6");
0x00052f04 mvn r6, 5 | r6 = ~5;
0x00052f08 adc.w r1, r5, r1 | __asm ("adc.w r1, r5, r1");
0x00052f0c adds r5, r3, r2 | r5 = r3 + r2;
0x00052f0e ldr.w r3, [r4, 0x4c4] | r3 = *((r4 + 0x4c4));
0x00052f12 mla r2, ip, r3, r0 | __asm ("mla r2, ip, r3, r0");
0x00052f16 adc.w r2, r2, r1 | __asm ("adc.w r2, r2, r1");
0x00052f1a movs r1, 0 | r1 = 0;
0x00052f1c lsrs r0, r2, 4 | r0 = r2 >> 4;
0x00052f1e and r2, r2, 0xf | r2 &= 0xf;
0x00052f22 lsls r3, r0, 2 | r3 = r0 << 2;
0x00052f24 adds r3, r3, r0 | r3 += r0;
0x00052f26 add.w r0, r7, 4 | r0 = r7 + 4;
0x00052f2a adcs r1, r1 | __asm ("adcs r1, r1");
0x00052f2c adds r3, r3, r5 | r3 += r5;
0x00052f2e adc.w r1, r1, r2 | __asm ("adc.w r1, r1, r2");
0x00052f32 movs r2, 0xf | r2 = 0xf;
0x00052f34 cmp r6, r3 |
0x00052f36 sbcs r2, r1 | __asm ("sbcs r2, r1");
| if (r6 < r3) {
0x00052f38 bhs 0x52f3c |
0x00052f3a adds r3, 5 | r3 += 5;
| }
0x00052f3c ldr.w r1, [r4, 0x4cc] | r1 = *((r4 + 0x4cc));
0x00052f40 eors r1, r3 | r1 ^= r3;
0x00052f42 bl 0x4d47c | fcn_0004d47c (r0, r1);
0x00052f46 b 0x52d48 |
| } while (1);
| label_5:
0x00052f48 blx 0x5d1c | fcn_00005d1c ();
0x00052f4c ldr r4, [r6, 0x48] | r4 = *((r6 + 0x48));
0x00052f4e movs r5, r0 | r5 = r0;
0x00052f50 lsls r0, r2, 0x1a | r0 = r2 << 0x1a;
0x00052f52 movs r0, r0 |
0x00052f54 ldr r6, [r6, 0x30] | r6 = *((r6 + 0x30));
0x00052f56 movs r5, r0 | r5 = r0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/sshd @ 0x53098 */
| #include <stdint.h>
|
; (fcn) fcn.00053098 () | void fcn_00053098 (char * arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_bp_10h;
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_bh;
| int16_t var_13h;
| int16_t var_14h_2;
| int16_t var_24h_2;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x00053098 svcmi 0xf0e92d | __asm ("svcmi aav.0x000000ff");
0x0005309c mov fp, r3 |
0x0005309e sub sp, 0x2c |
0x000530a0 movs r3, 0 | r3 = 0;
0x000530a2 mov r7, r1 | r7 = r1;
0x000530a4 sub.w sl, fp, 0x10 | sl = fp - 0x10;
0x000530a8 ldr r1, [pc, 0xc0] |
0x000530aa lsr.w sl, sl, 4 | sl >>= 4;
0x000530ae str r3, [sp, 8] | var_8h = r3;
0x000530b0 add.w r5, r0, 0x10 | r5 = r0 + 0x10;
0x000530b4 strb.w r2, [sp, 0xb] | var_bh = r2;
0x000530b8 add r6, sp, 0x14 | r6 += var_14h_2;
0x000530ba ldr r2, [pc, 0xb4] | r2 = *(0x53172);
0x000530bc add r1, pc | r1 = 0xa622c;
0x000530be strd r3, r3, [sp, 0xc] | __asm ("strd r3, r3, [sp, 0xc]");
0x000530c2 add.w r8, sp, 4 | r8 += var_4h;
0x000530c6 add.w sb, sl, 2 | sb = sl + 2;
0x000530ca movs r4, 1 | r4 = 1;
0x000530cc ldr r2, [r1, r2] |
0x000530ce ldr r2, [r2] | r2 = *(0xa622c);
0x000530d0 str r2, [sp, 0x24] | var_24h_2 = r2;
0x000530d2 mov.w r2, 0 | r2 = 0;
0x000530d6 str r3, [sp, 4] | var_4h = r3;
0x000530d8 strb.w r4, [sp, 0x13] | var_13h = r4;
| do {
0x000530dc mov r2, r7 | r2 = r7;
0x000530de mov r1, r6 | r1 = r6;
0x000530e0 mov r0, r8 | r0 = r8;
0x000530e2 adds r5, 0x10 | r5 += 0x10;
0x000530e4 blx 0x540c | printf_chk ()
0x000530e8 mov ip, r6 |
0x000530ea ldm.w ip!, {r0, r1, r2, r3} | r0 = *(ip!);
| r1 = *((ip! + 4));
| r2 = *((ip! + 8));
| r3 = *((ip! + 12));
0x000530ee str r0, [r5, -0x20] | *((r5 - 0x20)) = r0;
0x000530f2 mov r0, r4 | r0 = r4;
0x000530f4 str r1, [r5, -0x1c] | *((r5 - 0x1c)) = r1;
0x000530f8 movs r1, 1 | r1 = 1;
0x000530fa str r2, [r5, -0x18] | *((r5 - 0x18)) = r2;
0x000530fe str r3, [r5, -0x14] | *((r5 - 0x14)) = r3;
0x00053102 bl 0x66c04 | r0 = fcn_00066c04 (r0, r1);
0x00053106 cmp r0, sb |
0x00053108 mov r4, r0 | r4 = r0;
0x0005310a strb.w r0, [sp, 0x13] | var_13h = r0;
0x0005310e bne 0x530dc |
| } while (r0 != sb);
0x00053110 mvn r1, 0xf | r1 = ~0xf;
0x00053114 mov r0, fp | r0 = fp;
0x00053116 bl 0x66c04 | fcn_00066c04 (r0, r1);
0x0005311a mvn r1, 0xf | r1 = ~0xf;
0x0005311e mov r4, r0 | r4 = r0;
0x00053120 mov r0, sl | r0 = sl;
0x00053122 bl 0x66c38 | fcn_00066c38 (r0, r1);
0x00053126 mov r1, r4 | r1 = r4;
0x00053128 bl 0x66c04 | r0 = fcn_00066c04 (r0, r1);
0x0005312c cbnz r0, 0x5315c |
| while (1) {
0x0005312e movs r2, 0x10 | r2 = 0x10;
0x00053130 mov r0, r8 | r0 = r8;
0x00053132 mov r1, r2 | r1 = r2;
0x00053134 blx 0x5a78 | chroot ();
0x00053138 movs r2, 0x10 | r2 = 0x10;
0x0005313a mov r0, r6 | r0 = r6;
0x0005313c mov r1, r2 | r1 = r2;
0x0005313e blx 0x5a78 | chroot ();
0x00053142 ldr r2, [pc, 0x30] |
0x00053144 ldr r3, [pc, 0x28] | r3 = *(0x53170);
0x00053146 add r2, pc | r2 = 0xa62c0;
0x00053148 ldr r3, [r2, r3] | r3 = *(0xa62c0);
0x0005314a ldr r2, [r3] | r2 = *(0xa62c0);
0x0005314c ldr r3, [sp, 0x24] | r3 = var_24h_2;
0x0005314e eors r2, r3 | r2 ^= r3;
0x00053150 mov.w r3, 0 | r3 = 0;
0x00053152 lsls r0, r0, 0xc | r0 <<= 0xc;
| if (r0 != r0) {
0x00053154 bne 0x53168 | goto label_0;
| }
0x00053156 add sp, 0x2c |
0x00053158 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x0005315c mov r2, r7 | r2 = r7;
0x0005315e mov r1, r6 | r1 = r6;
0x00053160 mov r0, r8 | r0 = r8;
0x00053162 blx 0x540c | printf_chk ()
0x00053166 b 0x5312e |
| }
| label_0:
0x00053168 blx 0x5d1c | fcn_00005d1c ();
0x0005316c ldr r0, [r2, 4] | r0 = *((r2 + 4));
0x0005316e movs r5, r0 | r5 = r0;
0x00053170 lsls r0, r2, 0x1a | r0 = r2 << 0x1a;
0x00053172 movs r0, r0 |
0x00053174 str r6, [r0, 0x7c] | *((r0 + 0x7c)) = r6;
0x00053176 movs r5, r0 | r5 = r0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/sshd @ 0x53788 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00053788 () | void fcn_00053788 (int16_t arg1) {
| int16_t var_0h;
| char * src;
| int16_t var_114h;
| int16_t var_40h;
| int16_t var_214h;
| int16_t var_218h;
| r0 = arg1;
0x00053788 vst1.32 {d20, d21}, [pc], sb | __asm ("vst1.32 {d20, d21}, [pc], sb");
0x0005378c str r3, [r2, 0x1c] | *((r2 + 0x1c)) = r3;
0x0005378e ldr r3, [pc, 0x224] |
0x00053790 push.w {r4, r5, r6, r7, r8, sb, sl, lr} |
0x00053794 mov r4, r0 | r4 = r0;
0x00053796 add r2, pc | r2 += pc;
0x00053798 vpush {d8} | __asm ("vpush {d8}");
0x0005379c movs r0, 1 | r0 = 1;
0x0005379e sub.w sp, sp, 0x218 |
0x000537a2 ldr r3, [r2, r3] | r3 = *((r2 + r3));
0x000537a4 ldr r3, [r3] | r3 = *(0x539b6);
0x000537a6 str r3, [sp, 0x214] | var_214h = r3;
0x000537a8 mov.w r3, 0 | r3 = 0;
0x000537ac bl 0x4a144 | r0 = fcn_0004a144 (r0, r1);
0x000537b0 mov r3, r0 | r3 = r0;
0x000537b2 mov r7, r0 | r7 = r0;
0x000537b4 cmp r0, 0 |
| if (r0 == 0) {
0x000537b6 beq.w 0x53982 | goto label_0;
| }
0x000537ba and r7, r0, 0xf | r7 = r0 & 0xf;
0x000537be mov r8, sp | r8 = sp;
0x000537c0 rsbs.w r7, r7, 0x10 | r7 = 0x10 - r7;
0x000537c4 add.w sb, sp, 0xf4 | sb += src;
0x000537c8 add r7, r0 | r7 += r0;
0x000537ca mov r2, r8 | r2 = r8;
0x000537cc mov r0, r4 | r0 = r4;
0x000537ce movs r1, 0x80 | r1 = 0x80;
0x000537d0 str.w r3, [r7, 0x684] | __asm ("str.w r3, aav.0x000000ff");
0x000537d4 add.w r4, r7, 0x590 | r4 = r7 + 0x590;
0x000537d8 blx 0x5910 | strndup (r0, r1);
0x000537dc movs r3, 0x10 | r3 = 0x10;
0x000537de movs r2, 0 | r2 = 0;
0x000537e0 mov r1, r8 | r1 = r8;
0x000537e2 mov r0, sb | r0 = sb;
0x000537e4 bl 0x53098 | fcn_00053098 (r0, r1, r2, r3);
0x000537e6 mrrc2 p5, 0, r2, r8, c0 | __asm ("mrrc2 p5, 0, r2, r8, c0");
0x000537ea mov r2, r4 | r2 = r4;
0x000537ec movs r1, 0x80 | r1 = 0x80;
0x000537ee add.w r6, r7, 0x570 | r6 = r7 + 0x570;
0x000537f2 mov r0, sb | r0 = sb;
0x000537f4 blx 0x5910 | strndup (r0, r1);
0x000537f8 mov r2, r4 | r2 = r4;
0x000537fa mov r1, r6 | r1 = r6;
0x000537fc add.w r0, r7, 0x580 | r0 = r7 + 0x580;
0x00053800 str.w r5, [r7, 0x580] | __asm ("str.w r5, aav.0x000000ff");
0x00053804 str.w r5, [r7, 0x584] | __asm ("str.w r5, aav.0x000000ff");
0x00053808 mov r4, r7 | r4 = r7;
0x0005380a str.w r5, [r7, 0x588] | __asm ("str.w r5, aav.0x000000ff");
0x0005380e str.w r5, [r7, 0x58c] | __asm ("str.w r5, aav.0x000000ff");
0x00053812 blx 0x540c | printf_chk ()
0x00053816 movs r2, 0x10 | r2 = 0x10;
0x00053818 mov r0, sb | r0 = sb;
0x0005381a mov r1, r2 | r1 = r2;
0x0005381c blx 0x5a78 | chroot ();
0x00053820 mov r1, r5 | r1 = r5;
0x00053822 mov.w r2, 0x570 | r2 = 0x570;
0x00053826 mov r0, r7 | r0 = r7;
0x00053828 blx 0x5530 | fcn_00005530 ();
0x0005382c mov.w r3, 0x430 | r3 = 0x430;
0x0005382e str r6, [r0, 0x38] | *((r0 + 0x38)) = r6;
0x00053830 movs r2, 1 | r2 = 1;
0x00053832 mov r1, r8 | r1 = r8;
0x00053834 mov r0, r7 | r0 = r7;
0x00053836 adds r5, r7, r3 | r5 = r7 + r3;
0x00053838 bl 0x53098 | fcn_00053098 (r0, r1, r2, r3);
| do {
0x0005383c mov r0, r4 | r0 = r4;
0x0005383e bl 0x4d440 | fcn_0004d440 (r0);
0x00053842 str r0, [r4], 4 | *(r4) = r0;
| r4 += 4;
0x00053846 cmp r4, r5 |
0x00053848 bne 0x5383c |
| } while (r4 != r5);
0x0005384a vmov.i32 d16, 0 | __asm ("vmov.i32 d16, 0");
0x0005384e movs r2, 0 | r2 = 0;
0x00053850 vldr d8, [pc, 0x154] | __asm ("vldr d8, aav.0x000000ff");
0x00053854 add.w r3, r7, 0x480 | r3 = r7 + 0x480;
0x00053858 str.w r2, [r7, 0x474] | __asm ("str.w r2, aav.0x000000ff");
0x0005385c add.w r4, r7, 0x498 | r4 = r7 + 0x498;
0x00053860 str.w r2, [r7, 0x470] | __asm ("str.w r2, aav.0x000000ff");
0x00053864 mov r6, sb | r6 = sb;
0x00053866 add.w r2, r7, 0x490 | r2 = r7 + 0x490;
0x0005386a add.w sl, r7, 0x4b8 | sl = r7 + 0x4b8;
0x0005386e vstr d16, [r3, -8] | __asm ("vstr d16, [r3, -8]");
0x00053872 mov r1, r8 | r1 = r8;
0x00053874 vstr d16, [r3] | __asm ("vstr d16, [r3]");
0x00053878 mov r0, sb | r0 = sb;
0x0005387a vstr d16, [r2, -8] | __asm ("vstr d16, [r2, -8]");
0x0005387e mov.w r3, 0x120 | r3 = 0x120;
0x00053882 vstr d16, [r2] | __asm ("vstr d16, [r2]");
0x00053886 movs r2, 2 | r2 = 2;
0x00053888 bl 0x53098 | fcn_00053098 (r0, r1, r2, r3);
| do {
0x0005388c mov r3, r6 | r3 = r6;
0x0005388e mov r2, r4 | r2 = r4;
0x00053890 ldm r3!, {r0, r1} | r0 = *(r3!);
| r1 = *((r3! + 4));
0x00053892 adds r6, 0x18 | r6 += 0x18;
0x00053894 str r0, [r4] | *(r4) = r0;
0x00053896 str r1, [r2, 4]! | *((r2 += 4)) = r1;
0x0005389a mov r0, r2 | r0 = r2;
0x0005389c bl 0x4d440 | r0 = fcn_0004d440 (r0);
0x000538a0 mov r5, r0 | r5 = r0;
0x000538a2 mov r0, r4 | r0 = r4;
0x000538a4 bl 0x4d440 | fcn_0004d440 (r0);
0x000538a8 bic r5, r5, 0xfe000000 | r5 = BIT_MASK (r5, 0xfe000000);
0x000538ac bic r0, r0, 0xfe000000 | r0 = BIT_MASK (r0, 0xfe000000);
0x000538b0 vstr d8, [r4, 0x20] | __asm ("vstr d8, [r4, 0x20]");
0x000538b4 strd r5, r0, [r4] | __asm ("strd r5, r0, [r4]");
0x000538b8 adds r4, 8 | r4 += 8;
0x000538ba cmp r4, sl |
0x000538bc bne 0x5388c |
| } while (r4 != sl);
0x000538be mov.w r3, 0x120 | r3 = 0x120;
0x000538c2 movs r2, 3 | r2 = 3;
0x000538c4 mov r1, r8 | r1 = r8;
0x000538c6 mov r0, sb | r0 = sb;
0x000538c8 add.w r6, r7, 0x4d8 | r6 = r7 + 0x4d8;
0x000538cc add.w r5, r7, 0x558 | r5 = r7 + 0x558;
0x000538d0 bl 0x53098 | fcn_00053098 (r0, r1, r2, r3);
0x000538d2 invalid |
0x000538d6 add.w lr, sp, 0x114 | lr += var_114h;
| do {
0x000538da mov r4, lr | r4 = lr;
0x000538dc add.w ip, ip, 0x20 |
0x000538e0 ldm r4!, {r0, r1, r2, r3} | r0 = *(r4!);
| r1 = *((r4! + 4));
| r2 = *((r4! + 8));
| r3 = *((r4! + 12));
0x000538e2 add.w lr, lr, 0x40 | lr += var_40h;
0x000538e6 str r0, [ip, -0x20] | *((ip - 0x20)) = r0;
0x000538ea str r1, [ip, -0x1c] | *((ip - 0x1c)) = r1;
0x000538ee str r2, [ip, -0x18] | *((ip - 0x18)) = r2;
0x000538f2 str r3, [ip, -0x14] | *((ip - 0x14)) = r3;
0x000538f6 ldm r4!, {r0, r1, r2, r3} | r0 = *(r4!);
| r1 = *((r4! + 4));
| r2 = *((r4! + 8));
| r3 = *((r4! + 12));
0x000538f8 str r0, [ip, -0x10] | *((ip - 0x10)) = r0;
0x000538fc str r1, [ip, -0xc] | *((ip - 0xc)) = r1;
0x00053900 str r2, [ip, -0x8] | *((ip - 0x8)) = r2;
0x00053904 str r3, [ip, -0x4] | *((ip - 0x4)) = r3;
0x00053908 cmp ip, r5 |
0x0005390a bne 0x538da |
| } while (ip != r5);
0x0005390c addw r4, r7, 0x4dc | __asm ("addw r4, r7, aav.0x000000ff");
| do {
0x00053910 mov r0, r4 | r0 = r4;
0x00053912 adds r4, 8 | r4 += 8;
0x00053914 bl 0x4d440 | r0 = fcn_0004d440 (r0);
0x00053918 mov sl, r0 | sl = r0;
0x0005391a mov r0, r6 | r0 = r6;
0x0005391c bl 0x4d440 | fcn_0004d440 (r0);
0x00053920 adds r6, 8 | r6 += 8;
0x00053922 str r0, [r6, -0x4] | *((r6 - 0x4)) = r0;
0x00053926 cmp r5, r6 |
0x00053928 str sl, [r4, -0xc] | *((r4 - 0xc)) = sl;
0x0005392c bne 0x53910 |
| } while (r5 != r6);
0x0005392e add.w r4, r7, 0x4d0 | r4 = r7 + 0x4d0;
0x00053932 add.w r6, r7, 0x550 | r6 = r7 + 0x550;
| do {
0x00053936 ldrd r0, r1, [r4, 8]! | __asm ("ldrd r0, r1, [r4, 8]!");
0x0005393a mvn r2, 4 | r2 = ~4;
0x0005393e movs r3, 0xf | r3 = 0xf;
0x00053940 bl 0x66bc8 | fcn_00066bc8 (r0, r1, r2, r3);
0x00053944 cmp r6, r4 |
0x00053946 strd r2, r3, [r4] | __asm ("strd r2, r3, [r4]");
0x0005394a bne 0x53936 |
| } while (r6 != r4);
0x0005394c mov r4, r5 | r4 = r5;
0x0005394e movs r3, 0x10 | r3 = 0x10;
0x00053950 movs r2, 4 | r2 = 4;
0x00053952 mov r1, r8 | r1 = r8;
0x00053954 mov r0, r4 | r0 = r4;
0x00053956 add.w r5, r7, 0x568 | r5 = r7 + 0x568;
0x0005395a bl 0x53098 | fcn_00053098 (r0, r1, r2, r3);
| do {
0x0005395e mov r0, r4 | r0 = r4;
0x00053960 bl 0x4d440 | fcn_0004d440 (r0);
0x00053964 str r0, [r4], 4 | *(r4) = r0;
| r4 += 4;
0x00053968 cmp r5, r4 |
0x0005396a bne 0x5395e |
| } while (r5 != r4);
0x0005396c mov.w r2, 0x120 | r2 = 0x120;
0x00053970 mov r0, sb | r0 = sb;
0x00053972 mov r1, r2 | r1 = r2;
0x00053974 blx 0x5a78 | chroot ();
0x00053978 movs r2, 0xf4 | r2 = 0xf4;
0x0005397a mov r0, r8 | r0 = r8;
0x0005397c mov r1, r2 | r1 = r2;
0x0005397e blx 0x5a78 | chroot ();
| label_0:
0x00053982 ldr r2, [pc, 0x34] |
0x00053984 ldr r3, [pc, 0x2c] | r3 = *(0x539b4);
0x00053986 add r2, pc | r2 = 0xa7344;
0x00053988 ldr r3, [r2, r3] | r3 = *(0xa7344);
0x0005398a ldr r2, [r3] | r2 = *(0xa7344);
0x0005398c ldr r3, [sp, 0x214] | r3 = var_214h;
0x0005398e eors r2, r3 | r2 ^= r3;
0x00053990 mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x00053994 bne 0x539a4 |
0x00053996 mov r0, r7 | r0 = r7;
0x00053998 add.w sp, sp, 0x218 |
0x0005399c vpop {d8} | __asm ("vpop {d8}");
0x000539a0 pop.w {r4, r5, r6, r7, r8, sb, sl, pc} |
| }
0x000539a4 blx 0x5d1c | r0 = fcn_00005d1c ();
0x000539a8 movs r1, r0 | r1 = r0;
0x000539aa movs r0, r0 |
0x000539ac movs r0, r0 |
0x000539ae movs r0, r0 |
0x000539b0 str r6, [r6, 0x14] | *((r6 + 0x14)) = r6;
0x000539b2 movs r5, r0 | r5 = r0;
0x000539b4 lsls r0, r2, 0x1a | r0 = r2 << 0x1a;
0x000539b6 movs r0, r0 |
0x000539b8 ldrsh r6, [r0, r6] | r6 = *((r0 + r6));
0x000539ba movs r5, r0 | r5 = r0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/sshd @ 0x539bc */
| #include <stdint.h>
|
; (fcn) fcn.000539bc () | void fcn_000539bc (int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_18h;
| int16_t var_20h;
| int16_t var_28h;
| int16_t var_34h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x000539bc svcmi 0xf0e92d | __asm ("svcmi aav.0x000000ff");
0x000539c0 sub sp, 0x3c |
0x000539c2 ldr.w r6, [pc, 0x450] |
0x000539c6 mov r4, r0 | r4 = r0;
0x000539c8 mov r7, r1 | r7 = r1;
0x000539ca ldr.w r5, [pc, 0x44c] | r5 = *(0x53e1a);
0x000539ce ldr.w r3, [r0, 0x568] | r3 = *(var_0hx568);
0x000539d2 add r6, pc | r6 = 0xa77ec;
0x000539d4 ldr r5, [r6, r5] |
0x000539d6 cmp.w r3, 0x400 |
0x000539da ldr r5, [r5] | r5 = *(0xa77ec);
0x000539dc str r5, [sp, 0x34] | var_34h = r5;
0x000539de mov.w r5, 0 | r5 = 0;
0x000539e2 str r2, [sp, 8] | var_8h = r2;
| if (r3 < 0x400) {
0x000539e4 bls.w 0x53ba8 | goto label_3;
| }
0x000539e8 ubfx r3, r3, 0, 0xa | r3 = (r3 >> 0) & ((1 << 0xa) - 1);
0x000539ec cmp r3, 0 |
| if (r3 != 0) {
0x000539ee bne.w 0x53b92 | goto label_4;
| }
| label_1:
0x000539f2 add.w r6, r4, 0x4b8 | r6 = r4 + 0x4b8;
0x000539f6 add.w fp, r4, 0x558 |
0x000539fa mov r8, r7 | r8 = r7;
0x000539fc mov sl, r4 | sl = r4;
0x000539fe add.w r5, r4, 0x4d8 | r5 = r4 + 0x4d8;
0x00053a02 str r7, [sp, 0xc] | var_ch = r7;
0x00053a04 str r5, [sp, 4] | var_4h = r5;
| do {
0x00053a06 ldrd r2, r1, [r6] | __asm ("ldrd r2, r1, [r6]");
0x00053a0a adds r6, 8 | r6 += 8;
0x00053a0c cmn.w r2, 0x3b |
0x00053a10 sbcs r3, r1, -1 | __asm ("sbcs r3, r1, -1");
| if (r2 >= 0x3b) {
0x00053a14 bhs.w 0x53b82 | goto label_5;
| }
0x00053a18 uxth r3, r2 | r3 = (int16_t) r2;
0x00053a1a mov.w ip, 0 |
| label_0:
0x00053a1e ldr r4, [r5, 0x1c] | r4 = *((r5 + 0x1c));
0x00053a20 lsr.w sb, r1, 0x10 | sb = r1 >> 0x10;
0x00053a24 ldr r0, [r5, 0x18] | r0 = *((r5 + 0x18));
0x00053a26 uxth r1, r1 | r1 = (int16_t) r1;
0x00053a28 ldr r7, [r5, 8] | r7 = *((r5 + 8));
0x00053a2a lsrs r2, r2, 0x10 | r2 >>= 0x10;
0x00053a2c mul r4, r3, r4 | r4 = r3 * r4;
0x00053a30 mla r4, ip, r0, r4 | __asm ("mla r4, ip, r0, r4");
0x00053a34 umull r3, r0, r0, r3 | r3:r0 = r0 * r3;
0x00053a38 add r4, r0 | r4 += r0;
0x00053a3a ldr r0, [r5] | r0 = *(r5);
0x00053a3c umull ip, r0, r0, sb | ip:r0 = r0 * sb;
0x00053a40 adds.w r3, ip, r3 | r3 = ip + r3;
0x00053a44 umull lr, ip, r7, r1 | lr:ip = r7 * r1;
0x00053a48 ldr r7, [r5, 4] | r7 = *((r5 + 4));
0x00053a4a mla r0, sb, r7, r0 | __asm ("mla r0, sb, r7, r0");
0x00053a4c movs r7, r0 | r7 = r0;
0x00053a4e adc.w sb, r0, r4 | __asm ("adc.w sb, r0, r4");
0x00053a52 ldr r0, [r5, 0x10] | r0 = *((r5 + 0x10));
0x00053a54 adds.w r3, r3, lr | r3 += lr;
0x00053a58 umull lr, r4, r0, r2 | lr:r4 = r0 * r2;
0x00053a5c ldr r0, [r5, 0xc] | r0 = *((r5 + 0xc));
0x00053a5e mla ip, r1, r0, ip | __asm ("mla ip, r1, r0, ip");
0x00053a62 ldr r0, [r5, 0x14] | r0 = *((r5 + 0x14));
0x00053a64 mla r4, r2, r0, r4 | __asm ("mla r4, r2, r0, r4");
0x00053a68 adc.w ip, ip, sb | __asm ("adc.w ip, ip, sb");
0x00053a6c adds.w lr, r3, lr | lr = r3 + lr;
0x00053a70 mvn r2, 5 | r2 = ~5;
0x00053a74 adc.w r4, r4, ip | __asm ("adc.w r4, r4, ip");
0x00053a78 lsrs r3, r4, 4 | r3 = r4 >> 4;
0x00053a7a and r4, r4, 0xf | r4 &= 0xf;
0x00053a7e lsls r1, r3, 2 | r1 = r3 << 2;
0x00053a80 adds r1, r1, r3 | r1 += r3;
0x00053a82 mov.w r3, 0 | r3 = 0;
0x00053a86 adcs r3, r3 | __asm ("adcs r3, r3");
0x00053a88 adds.w lr, r1, lr | lr = r1 + lr;
0x00053a8a lsrs r6, r1, 0x18 | r6 = r1 >> 0x18;
0x00053a8c adc.w r3, r3, r4 | __asm ("adc.w r3, r3, r4");
0x00053a90 cmp r2, lr |
0x00053a92 mov.w r2, 0xf | r2 = 0xf;
0x00053a96 sbcs.w r3, r2, r3 | __asm ("sbcs.w r3, r2, r3");
| if (r2 < lr) {
0x00053a9a bhs 0x53aa0 |
0x00053a9c adds.w lr, lr, 5 | lr += 5;
| }
0x00053aa0 ldr r1, [fp], 4 | r1 = *(fp);
| fp += 4;
0x00053aa4 mov r0, r8 | r0 = r8;
0x00053aa6 adds r5, 0x20 | r5 += 0x20;
0x00053aa8 add.w r8, r8, 4 | r8 += 4;
0x00053aac eor.w r1, r1, lr | r1 ^= lr;
0x00053ab0 bl 0x4d47c | fcn_0004d47c (r0, r1);
0x00053ab4 ldr r3, [sp, 4] | r3 = var_4h;
0x00053ab6 cmp r3, r6 |
0x00053ab8 bne 0x53a06 |
| } while (r3 != r6);
0x00053aba ldr r7, [sp, 0xc] | r7 = var_ch;
0x00053abc mov r4, sl | r4 = sl;
| label_2:
0x00053abe vmov.i32 d16, 0 | __asm ("vmov.i32 d16, 0");
0x00053ac2 movs r1, 0 | r1 = 0;
0x00053ac4 add.w r3, r4, 0x480 | r3 = r4 + 0x480;
0x00053ac8 str.w r1, [r4, 0x474] | __asm ("str.w r1, aav.0x000000ff");
0x00053acc str.w r1, [r4, 0x470] | __asm ("str.w r1, aav.0x000000ff");
0x00053ad0 movs r0, 1 | r0 = 1;
0x00053ad2 vstr d16, [r3, -8] | __asm ("vstr d16, [r3, -8]");
0x00053ad6 add.w r2, r4, 0x4c0 | r2 = r4 + 0x4c0;
0x00053ada vstr d16, [r3] | __asm ("vstr d16, [r3]");
0x00053adc lsrs r0, r0, 0xc | r0 >>= 0xc;
0x00053ade add.w r3, r4, 0x490 | r3 = r4 + 0x490;
0x00053ae2 vstr d16, [r3, -8] | __asm ("vstr d16, [r3, -8]");
0x00053ae6 add.w r5, r4, 0x570 | r5 = r4 + 0x570;
0x00053aea vstr d16, [r3] | __asm ("vstr d16, [r3]");
0x00053aee add.w r3, r4, 0x4d0 | r3 = r4 + 0x4d0;
0x00053af2 str.w r1, [r4, 0x568] | __asm ("str.w r1, aav.0x000000ff");
0x00053af6 movs r1, 0 | r1 = 0;
0x00053af8 strd r0, r1, [r2, -0x8] | __asm ("strd r0, r1, [r2, -0x8]");
0x00053afc strd r0, r1, [r2] | __asm ("strd r0, r1, [r2]");
0x00053b00 strd r0, r1, [r3, -0x8] | __asm ("strd r0, r1, [r3, -0x8]");
0x00053b02 lsls r2, r0, 4 | r2 = r0 << 4;
0x00053b04 strd r0, r1, [r3] | __asm ("strd r0, r1, [r3]");
0x00053b08 ldr r1, [sp, 8] | r1 = var_8h;
0x00053b0a ldr.w r2, [r4, 0x584] | r2 = *((r4 + 0x584));
0x00053b0e ldr r3, [r1, 4] | r3 = *((r1 + 4));
0x00053b10 cmp r3, r2 |
| if (r3 != r2) {
0x00053b12 bne 0x53ba4 | goto label_6;
| }
0x00053b14 ldr r2, [sp, 8] | r2 = var_8h;
0x00053b16 ldr.w r1, [r4, 0x580] | r1 = *((r4 + 0x580));
0x00053b1a ldr r2, [r2] | r2 = *(r2);
0x00053b1c cmp r2, r1 |
0x00053b1e it eq |
| if (r2 != r1) {
0x00053b20 addeq r6, r4, 0x580 | r6 = r4 + 0x580;
| }
0x00053b24 beq 0x53b3e |
| while (1) {
0x00053b26 add.w r6, r4, 0x580 | r6 = r4 + 0x580;
0x00053b2a str.w r2, [r4, 0x580] | __asm ("str.w r2, aav.0x000000ff");
0x00053b2e mov r1, r5 | r1 = r5;
0x00053b30 add.w r2, r4, 0x590 | r2 = r4 + 0x590;
0x00053b34 mov r0, r6 | r0 = r6;
0x00053b36 str.w r3, [r4, 0x584] | __asm ("str.w r3, aav.0x000000ff");
0x00053b3a blx 0x540c | printf_chk ()
0x00053b3e ldr.w r2, [r4, 0x570] | r2 = *((r4 + 0x570));
0x00053b42 ldr r3, [r7] | r3 = *(r7);
0x00053b44 ldr r1, [r5, 4] | r1 = *((r5 + 4));
0x00053b46 eors r3, r2 | r3 ^= r2;
0x00053b48 ldr r2, [r7, 8] | r2 = *((r7 + 8));
0x00053b4a str r3, [r7] | *(r7) = r3;
0x00053b4c ldr r3, [r7, 4] | r3 = *((r7 + 4));
0x00053b4e eors r3, r1 | r3 ^= r1;
0x00053b50 str r3, [r7, 4] | *((r7 + 4)) = r3;
0x00053b52 ldr r1, [r6, -0x8] | r1 = *((r6 - 0x8));
0x00053b56 ldr r3, [r7, 0xc] | r3 = *((r7 + 0xc));
0x00053b58 eors r2, r1 | r2 ^= r1;
0x00053b5a ldr r1, [r6, -0x4] | r1 = *((r6 - 0x4));
0x00053b5e str r2, [r7, 8] | *((r7 + 8)) = r2;
0x00053b60 ldr r2, [pc, 0x2b8] |
0x00053b62 eors r3, r1 | r3 ^= r1;
0x00053b64 str r3, [r7, 0xc] | *((r7 + 0xc)) = r3;
0x00053b66 ldr r3, [pc, 0x2b0] | r3 = *(0x53e1a);
0x00053b68 add r2, pc | r2 = 0xa7988;
0x00053b6a ldr r3, [r2, r3] | r3 = *(0xa7988);
0x00053b6c ldr r2, [r3] | r2 = *(0xa7988);
0x00053b6e ldr r3, [sp, 0x34] | r3 = var_34h;
0x00053b70 eors r2, r3 | r2 ^= r3;
0x00053b72 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00053b76 bne.w 0x53e0e | goto label_7;
| }
0x00053b7a movs r0, 1 | r0 = 1;
0x00053b7c add sp, 0x3c |
0x00053b7e pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_5:
0x00053b82 adds r2, 0x3b | r2 += 0x3b;
0x00053b84 adc r1, r1, 0 | __asm ("adc r1, r1, 0");
0x00053b86 lsls r0, r0, 4 | r0 <<= 4;
0x00053b88 mov r3, r2 | r3 = r2;
0x00053b8a mov ip, r1 |
0x00053b8c strd r2, r1, [r6, -0x8] | __asm ("strd r2, r1, [r6, -0x8]");
0x00053b90 b 0x53a1e | goto label_0;
| label_4:
0x00053b92 add r5, sp, 0x10 | r5 += var_10h;
0x00053b94 mov r1, r5 | r1 = r5;
0x00053b96 bl 0x53614 | fcn_00053614 (r0, r1);
0x00053b9a mov r1, r5 | r1 = r5;
0x00053b9c mov r0, r4 | r0 = r4;
0x00053b9e bl 0x53470 | fcn_00053470 (r0, r1, r2);
0x00053ba2 b 0x539f2 | goto label_1;
| label_6:
0x00053ba4 ldr r2, [r1] | r2 = *(r1);
0x00053ba6 b 0x53b26 |
| }
| label_3:
0x00053ba8 add r1, sp, 0x10 | r1 += var_10h;
0x00053baa bl 0x53614 | fcn_00053614 (r0, r1);
0x00053bae ldrd r6, r3, [sp, 0x10] | __asm ("ldrd r6, r3, [var_10h]");
0x00053bb2 ldr.w r1, [r4, 0x4e0] | r1 = *((r4 + 0x4e0));
0x00053bb6 ldr.w r0, [r4, 0x4d8] | r0 = *((r4 + 0x4d8));
0x00053bba ldr.w r5, [r4, 0x4dc] | r5 = *((r4 + 0x4dc));
0x00053bbe uxth.w sl, r3 | sl = (int16_t) r3;
0x00053bc2 lsr.w r8, r3, 0x10 | r8 = r3 >> 0x10;
0x00053bc6 lsr.w lr, r6, 0x10 | lr = r6 >> 0x10;
0x00053bca uxth.w ip, r6 | ip = (int16_t) r6;
0x00053bce umull sb, r1, r1, sl | sb:r1 = r1 * sl;
0x00053bd2 ldr.w r3, [r4, 0x4e4] | r3 = *((r4 + 0x4e4));
0x00053bd6 ldr.w r2, [r4, 0x4e8] | r2 = *((r4 + 0x4e8));
0x00053bda umull r0, r6, r0, r8 | r0:r6 = r0 * r8;
0x00053bde mla r1, sl, r3, r1 | __asm ("mla r1, sl, r3, r1");
0x00053be2 ldr.w r3, [r4, 0x4f0] | r3 = *((r4 + 0x4f0));
0x00053be6 adds.w r0, sb, r0 | r0 = sb + r0;
0x00053be8 movs r0, r0 |
0x00053bea mla r5, r8, r5, r6 | __asm ("mla r5, r8, r5, r6");
0x00053bee umull r2, r6, r2, lr | r2:r6 = r2 * lr;
0x00053bf2 adc.w r1, r1, r5 | __asm ("adc.w r1, r1, r5");
0x00053bf6 ldr.w r5, [r4, 0x4ec] | r5 = *((r4 + 0x4ec));
0x00053bfa adds r2, r2, r0 | r2 += r0;
0x00053bfc umull r3, r0, r3, ip | r3:r0 = r3 * ip;
0x00053c00 mla r5, lr, r5, r6 | __asm ("mla r5, lr, r5, r6");
0x00053c04 mvn r6, 5 | r6 = ~5;
0x00053c08 adc.w r1, r5, r1 | __asm ("adc.w r1, r5, r1");
0x00053c0a lsls r1, r0, 4 | r1 = r0 << 4;
0x00053c0c adds r5, r3, r2 | r5 = r3 + r2;
0x00053c0e ldr.w r3, [r4, 0x4f4] | r3 = *((r4 + 0x4f4));
0x00053c12 mla r2, ip, r3, r0 | __asm ("mla r2, ip, r3, r0");
0x00053c16 adc.w r2, r2, r1 | __asm ("adc.w r2, r2, r1");
0x00053c1a movs r1, 0 | r1 = 0;
0x00053c1c lsrs r0, r2, 4 | r0 = r2 >> 4;
0x00053c1e and r2, r2, 0xf | r2 &= 0xf;
0x00053c22 lsls r3, r0, 2 | r3 = r0 << 2;
0x00053c24 adds r3, r3, r0 | r3 += r0;
0x00053c26 adcs r1, r1 | __asm ("adcs r1, r1");
0x00053c28 adds r3, r3, r5 | r3 += r5;
0x00053c2a adc.w r1, r1, r2 | __asm ("adc.w r1, r1, r2");
0x00053c2e movs r2, 0xf | r2 = 0xf;
0x00053c30 cmp r6, r3 |
0x00053c32 sbcs r2, r1 | __asm ("sbcs r2, r1");
| if (r6 < r3) {
0x00053c34 bhs 0x53c38 |
0x00053c36 adds r3, 5 | r3 += 5;
| }
0x00053c38 ldr.w r1, [r4, 0x558] | r1 = *((r4 + 0x558));
0x00053c3c mov r0, r7 | r0 = r7;
0x00053c3e eors r1, r3 | r1 ^= r3;
0x00053c40 bl 0x4d47c | fcn_0004d47c (r0, r1);
0x00053c44 ldrd r6, r3, [sp, 0x18] | __asm ("ldrd r6, r3, [var_18h]");
0x00053c48 ldr.w r1, [r4, 0x500] | r1 = *((r4 + 0x500));
0x00053c4c ldr.w r0, [r4, 0x4f8] | r0 = *((r4 + 0x4f8));
0x00053c50 ldr.w r5, [r4, 0x4fc] | r5 = *((r4 + 0x4fc));
0x00053c54 uxth.w sl, r3 | sl = (int16_t) r3;
0x00053c58 lsr.w r8, r3, 0x10 | r8 = r3 >> 0x10;
0x00053c5c lsr.w lr, r6, 0x10 | lr = r6 >> 0x10;
0x00053c60 uxth.w ip, r6 | ip = (int16_t) r6;
0x00053c64 umull sb, r1, r1, sl | sb:r1 = r1 * sl;
0x00053c68 ldr.w r3, [r4, 0x504] | r3 = *((r4 + 0x504));
0x00053c6c ldr.w r2, [r4, 0x508] | r2 = *((r4 + 0x508));
0x00053c70 umull r0, r6, r0, r8 | r0:r6 = r0 * r8;
0x00053c72 lsls r0, r1, 0x18 | r0 = r1 << 0x18;
0x00053c74 mla r1, sl, r3, r1 | __asm ("mla r1, sl, r3, r1");
0x00053c78 ldr.w r3, [r4, 0x510] | r3 = *((r4 + 0x510));
0x00053c7c adds.w r0, sb, r0 | r0 = sb + r0;
0x00053c80 mla r5, r8, r5, r6 | __asm ("mla r5, r8, r5, r6");
0x00053c82 str r5, [r0, 0x50] | *((r0 + 0x50)) = r5;
0x00053c84 umull r2, r6, r2, lr | r2:r6 = r2 * lr;
0x00053c88 adc.w r1, r1, r5 | __asm ("adc.w r1, r1, r5");
0x00053c8c ldr.w r5, [r4, 0x50c] | r5 = *((r4 + 0x50c));
0x00053c90 adds r2, r2, r0 | r2 += r0;
0x00053c92 umull r3, r0, r3, ip | r3:r0 = r3 * ip;
0x00053c94 adds r0, 0xc | r0 += 0xc;
0x00053c96 mla r5, lr, r5, r6 | __asm ("mla r5, lr, r5, r6");
0x00053c9a mvn r6, 5 | r6 = ~5;
0x00053c9e adc.w r1, r5, r1 | __asm ("adc.w r1, r5, r1");
0x00053ca2 adds r5, r3, r2 | r5 = r3 + r2;
0x00053ca4 ldr.w r3, [r4, 0x514] | r3 = *((r4 + 0x514));
0x00053ca8 mla r2, ip, r3, r0 | __asm ("mla r2, ip, r3, r0");
0x00053caa lsls r3, r0, 8 | r3 = r0 << 8;
0x00053cac adc.w r2, r2, r1 | __asm ("adc.w r2, r2, r1");
0x00053cb0 movs r1, 0 | r1 = 0;
0x00053cb2 lsrs r0, r2, 4 | r0 = r2 >> 4;
0x00053cb4 and r2, r2, 0xf | r2 &= 0xf;
0x00053cb8 lsls r3, r0, 2 | r3 = r0 << 2;
0x00053cba adds r3, r3, r0 | r3 += r0;
0x00053cbc add.w r0, r7, 4 | r0 = r7 + 4;
0x00053cc0 adcs r1, r1 | __asm ("adcs r1, r1");
0x00053cc2 adds r3, r3, r5 | r3 += r5;
0x00053cc4 adc.w r1, r1, r2 | __asm ("adc.w r1, r1, r2");
0x00053cc8 movs r2, 0xf | r2 = 0xf;
0x00053cca cmp r6, r3 |
0x00053ccc sbcs r2, r1 | __asm ("sbcs r2, r1");
| if (r6 < r3) {
0x00053cce bhs 0x53cd2 |
0x00053cd0 adds r3, 5 | r3 += 5;
| }
0x00053cd2 ldr.w r1, [r4, 0x55c] | r1 = *((r4 + 0x55c));
0x00053cd6 eors r1, r3 | r1 ^= r3;
0x00053cd8 bl 0x4d47c | fcn_0004d47c (r0, r1);
0x00053cdc ldrd r6, r3, [sp, 0x20] | __asm ("ldrd r6, r3, [var_20h]");
0x00053ce0 ldr.w r1, [r4, 0x520] | r1 = *((r4 + 0x520));
0x00053ce4 ldr.w r0, [r4, 0x518] | r0 = *((r4 + 0x518));
0x00053ce8 ldr.w r5, [r4, 0x51c] | r5 = *((r4 + 0x51c));
0x00053cec uxth.w sl, r3 | sl = (int16_t) r3;
0x00053cf0 lsr.w r8, r3, 0x10 | r8 = r3 >> 0x10;
0x00053cf4 lsr.w lr, r6, 0x10 | lr = r6 >> 0x10;
0x00053cf8 uxth.w ip, r6 | ip = (int16_t) r6;
0x00053cfc umull sb, r1, r1, sl | sb:r1 = r1 * sl;
0x00053d00 ldr.w r3, [r4, 0x524] | r3 = *((r4 + 0x524));
0x00053d04 ldr.w r2, [r4, 0x528] | r2 = *((r4 + 0x528));
0x00053d08 umull r0, r6, r0, r8 | r0:r6 = r0 * r8;
0x00053d0c mla r1, sl, r3, r1 | __asm ("mla r1, sl, r3, r1");
0x00053d10 ldr.w r3, [r4, 0x530] | r3 = *((r4 + 0x530));
0x00053d14 adds.w r0, sb, r0 | r0 = sb + r0;
0x00053d16 movs r0, r0 |
0x00053d18 mla r5, r8, r5, r6 | __asm ("mla r5, r8, r5, r6");
0x00053d1c umull r2, r6, r2, lr | r2:r6 = r2 * lr;
0x00053d20 adc.w r1, r1, r5 | __asm ("adc.w r1, r1, r5");
0x00053d24 ldr.w r5, [r4, 0x52c] | r5 = *((r4 + 0x52c));
0x00053d28 adds r2, r2, r0 | r2 += r0;
0x00053d2a umull r3, r0, r3, ip | r3:r0 = r3 * ip;
0x00053d2e mla r5, lr, r5, r6 | __asm ("mla r5, lr, r5, r6");
0x00053d32 mvn r6, 5 | r6 = ~5;
0x00053d36 adc.w r1, r5, r1 | __asm ("adc.w r1, r5, r1");
0x00053d38 lsls r1, r0, 4 | r1 = r0 << 4;
0x00053d3a adds r5, r3, r2 | r5 = r3 + r2;
0x00053d3c ldr.w r3, [r4, 0x534] | r3 = *((r4 + 0x534));
0x00053d40 mla r2, ip, r3, r0 | __asm ("mla r2, ip, r3, r0");
0x00053d44 adc.w r2, r2, r1 | __asm ("adc.w r2, r2, r1");
0x00053d48 movs r1, 0 | r1 = 0;
0x00053d4a lsrs r0, r2, 4 | r0 = r2 >> 4;
0x00053d4c and r2, r2, 0xf | r2 &= 0xf;
0x00053d50 lsls r3, r0, 2 | r3 = r0 << 2;
0x00053d52 adds r3, r3, r0 | r3 += r0;
0x00053d54 add.w r0, r7, 8 | r0 = r7 + 8;
0x00053d58 adcs r1, r1 | __asm ("adcs r1, r1");
0x00053d5a adds r3, r3, r5 | r3 += r5;
0x00053d5c adc.w r1, r1, r2 | __asm ("adc.w r1, r1, r2");
0x00053d60 movs r2, 0xf | r2 = 0xf;
0x00053d62 cmp r6, r3 |
0x00053d64 sbcs r2, r1 | __asm ("sbcs r2, r1");
| if (r6 < r3) {
0x00053d66 bhs 0x53d6a |
0x00053d68 adds r3, 5 | r3 += 5;
| }
0x00053d6a ldr.w r1, [r4, 0x560] | r1 = *((r4 + 0x560));
0x00053d6e eors r1, r3 | r1 ^= r3;
0x00053d70 bl 0x4d47c | fcn_0004d47c (r0, r1);
0x00053d74 ldrd r6, r3, [sp, 0x28] | __asm ("ldrd r6, r3, [var_28h]");
0x00053d78 ldr.w r1, [r4, 0x540] | r1 = *((r4 + 0x540));
0x00053d7c ldr.w r0, [r4, 0x538] | r0 = *((r4 + 0x538));
0x00053d80 ldr.w r5, [r4, 0x53c] | r5 = *((r4 + 0x53c));
0x00053d84 uxth.w sl, r3 | sl = (int16_t) r3;
0x00053d88 lsr.w sb, r3, 0x10 | sb = r3 >> 0x10;
0x00053d8c lsr.w lr, r6, 0x10 | lr = r6 >> 0x10;
0x00053d90 uxth.w ip, r6 | ip = (int16_t) r6;
0x00053d94 umull r8, r1, r1, sl | r8:r1 = r1 * sl;
0x00053d96 strh r2, [r1, 8] | *((r1 + 8)) = r2;
0x00053d98 ldr.w r3, [r4, 0x544] | r3 = *((r4 + 0x544));
0x00053d9c ldr.w r2, [r4, 0x548] | r2 = *((r4 + 0x548));
0x00053da0 umull r0, r6, r0, sb | r0:r6 = r0 * sb;
0x00053da4 mla r1, sl, r3, r1 | __asm ("mla r1, sl, r3, r1");
0x00053da8 ldr.w r3, [r4, 0x550] | r3 = *((r4 + 0x550));
0x00053dac adds.w r0, r8, r0 | r0 = r8 + r0;
0x00053db0 mla r5, sb, r5, r6 | __asm ("mla r5, sb, r5, r6");
0x00053db4 umull r2, r6, r2, lr | r2:r6 = r2 * lr;
0x00053db6 movs r6, 0xe | r6 = 0xe;
0x00053db8 adc.w r1, r1, r5 | __asm ("adc.w r1, r1, r5");
0x00053dbc ldr.w r5, [r4, 0x54c] | r5 = *((r4 + 0x54c));
0x00053dc0 adds r2, r2, r0 | r2 += r0;
0x00053dc2 umull r3, r0, r3, ip | r3:r0 = r3 * ip;
0x00053dc6 mla r5, lr, r5, r6 | __asm ("mla r5, lr, r5, r6");
0x00053dca mvn r6, 5 | r6 = ~5;
0x00053dce adc.w r1, r5, r1 | __asm ("adc.w r1, r5, r1");
0x00053dd2 adds r5, r3, r2 | r5 = r3 + r2;
0x00053dd4 ldr.w r3, [r4, 0x554] | r3 = *((r4 + 0x554));
0x00053dd8 mla r2, ip, r3, r0 | __asm ("mla r2, ip, r3, r0");
0x00053ddc adc.w r2, r2, r1 | __asm ("adc.w r2, r2, r1");
0x00053de0 movs r1, 0 | r1 = 0;
0x00053de2 lsrs r0, r2, 4 | r0 = r2 >> 4;
0x00053de4 and r2, r2, 0xf | r2 &= 0xf;
0x00053de8 lsls r3, r0, 2 | r3 = r0 << 2;
0x00053dea adds r3, r3, r0 | r3 += r0;
0x00053dec add.w r0, r7, 0xc | r0 = r7 + 0xc;
0x00053df0 adcs r1, r1 | __asm ("adcs r1, r1");
0x00053df2 adds r3, r3, r5 | r3 += r5;
0x00053df4 adc.w r1, r1, r2 | __asm ("adc.w r1, r1, r2");
0x00053df8 movs r2, 0xf | r2 = 0xf;
0x00053dfa cmp r6, r3 |
0x00053dfc sbcs r2, r1 | __asm ("sbcs r2, r1");
| if (r6 < r3) {
0x00053dfe bhs 0x53e02 |
0x00053e00 adds r3, 5 | r3 += 5;
| }
0x00053e02 ldr.w r1, [r4, 0x564] | r1 = *((r4 + 0x564));
0x00053e06 eors r1, r3 | r1 ^= r3;
0x00053e08 bl 0x4d47c | fcn_0004d47c (r0, r1);
0x00053e0c b 0x53abe | goto label_2;
| label_7:
0x00053e0e blx 0x5d1c | fcn_00005d1c ();
0x00053e12 nop |
0x00053e14 ldrsh r2, [r7, r4] | r2 = *((r7 + r4));
0x00053e16 movs r5, r0 | r5 = r0;
0x00053e18 lsls r0, r2, 0x1a | r0 = r2 << 0x1a;
0x00053e1a movs r0, r0 |
0x00053e1c ldrb r4, [r4, r6] | r4 = *((r4 + r6));
0x00053e1e movs r5, r0 | r5 = r0;
| }
[*] Function printf used 9 times sshd
