[*] Binary protection state of e4crypt
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of e4crypt
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/e4crypt @ 0x1580 */
| #include <stdint.h>
|
; (fcn) fcn.00001580 () | void fcn_00001580 () {
0x00001580 lui gp, 2 |
0x00001584 addiu gp, gp, -0x4570 |
0x00001588 addu gp, gp, t9 | gp += t9;
0x0000158c addiu sp, sp, -0xd8 |
0x00001590 slt v0, a2, a0 | v0 = (a2 < a0) ? 1 : 0;
0x00001594 sw s4, 0xc4(sp) | *(var_c4h) = s4;
0x00001598 lw s4, -0x7ed4(gp) | s4 = *((gp - 8117));
0x0000159c sw gp, 0x10(sp) | *(var_10h) = gp;
0x000015a0 sw ra, 0xd4(sp) | *(var_d4h) = ra;
0x000015a4 lw v1, (s4) | v1 = *(s4);
0x000015a8 sw s7, 0xd0(sp) | *(var_d0h) = s7;
0x000015ac sw s6, 0xcc(sp) | *(var_cch) = s6;
0x000015b0 sw s5, 0xc8(sp) | *(var_c8h) = s5;
0x000015b4 sw s3, 0xc0(sp) | *(var_c0h) = s3;
0x000015b8 sw s2, 0xbc(sp) | *(var_bch) = s2;
0x000015bc sw s1, 0xb8(sp) | *(var_b8h) = s1;
0x000015c0 sw s0, 0xb4(sp) | *(var_b4h) = s0;
0x000015c4 sw v1, 0xac(sp) | *(var_ach) = v1;
0x000015c8 sll a2, a2, 2 | a2 <<= 2;
| if (v0 == 0) {
0x000015cc beqz v0, 0x1670 | goto label_2;
| }
0x000015d0 lw s6, -0x7fdc(gp) | s6 = *((gp - 8183));
0x000015d4 sll a0, a0, 2 | a0 <<= 2;
0x000015d8 lw s5, -0x7ec8(gp) | s5 = *((gp - 8114));
0x000015dc addu s0, a1, a2 | s0 = a1 + a2;
0x000015e0 addu s1, a1, a0 | s1 = a1 + a0;
0x000015e4 addiu s2, zero, 1 | s2 = 1;
0x000015e8 addiu s7, sp, 0x1c | s7 = sp + 0x1c;
0x000015ec addiu s3, zero, 0x4000 | s3 = 0x4000;
0x000015f0 addiu s6, s6, 0x3684 | s6 += str._s_is_not_a_directory_n;
0x000015f4 b 0x1630 |
| while (v0 == 0) {
0x000015f8 lw t9, -0x7ef0(gp) | t9 = sym.imp.__xstat;
0x000015fc lw a1, (s0) | a1 = *(s0);
0x00001600 move a2, s7 | a2 = s7;
0x00001604 addiu a0, zero, 3 | a0 = 3;
0x00001608 jalr t9 | t9 ();
0x0000160c lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 < 0) {
0x00001610 bltz v0, 0x1648 | goto label_3;
| }
0x00001614 lw v0, 0x30(sp) | v0 = *(var_30h);
0x00001618 andi v0, v0, 0xf000 | v0 &= 0xf000;
0x0000161c lw t9, -0x7f78(gp) | t9 = sym.imp.__fprintf_chk
| if (v0 != s3) {
0x00001620 bne v0, s3, 0x16a8 | goto label_4;
| }
0x00001624 addiu s0, s0, 4 | s0 += 4;
| if (s0 == s1) {
0x00001628 beq s0, s1, 0x1668 | goto label_5;
| }
0x0000162c nop |
0x00001630 lw t9, -0x7f54(gp) | t9 = sym.imp.access;
| label_0:
0x00001634 lw a0, (s0) | a0 = *(s0);
0x00001638 addiu a1, zero, 2 | a1 = 2;
0x0000163c jalr t9 | t9 ();
0x00001640 lw gp, 0x10(sp) | gp = *(var_10h);
0x00001644 beqz v0, 0x15f8 |
| }
| label_3:
0x00001648 lw t9, -0x7ef4(gp) | t9 = sym.imp.perror;
0x0000164c lw a0, (s0) | a0 = *(s0);
0x00001650 move s2, zero | s2 = 0;
0x00001654 jalr t9 | t9 ();
0x00001658 lw gp, 0x10(sp) | gp = *(var_10h);
| label_1:
0x0000165c addiu s0, s0, 4 | s0 += 4;
0x00001660 lw t9, -0x7f54(gp) | t9 = sym.imp.access;
| if (s0 != s1) {
0x00001664 bne s0, s1, 0x1634 | goto label_0;
| }
| label_5:
0x00001668 lw t9, -0x7f20(gp) | t9 = sym.imp.exit;
| if (s2 != 0) {
0x0000166c beqz s2, 0x16e4 |
| label_2:
0x00001670 lw v1, 0xac(sp) | v1 = *(var_ach);
0x00001674 lw v0, (s4) | v0 = *(s4);
0x00001678 lw ra, 0xd4(sp) | ra = *(var_d4h);
| if (v1 == v0) {
0x0000167c bne v1, v0, 0x16d8 |
0x00001680 lw s7, 0xd0(sp) | s7 = *(var_d0h);
0x00001684 lw s6, 0xcc(sp) | s6 = *(var_cch);
0x00001688 lw s5, 0xc8(sp) | s5 = *(var_c8h);
0x0000168c lw s4, 0xc4(sp) | s4 = *(var_c4h);
0x00001690 lw s3, 0xc0(sp) | s3 = *(var_c0h);
0x00001694 lw s2, 0xbc(sp) | s2 = *(var_bch);
0x00001698 lw s1, 0xb8(sp) | s1 = *(var_b8h);
0x0000169c lw s0, 0xb4(sp) | s0 = *(var_b4h);
0x000016a0 addiu sp, sp, 0xd8 |
0x000016a4 jr ra | return v1;
| label_4:
0x000016a8 lw a3, (s0) | a3 = *(s0);
0x000016ac lw a0, (s5) | a0 = *(s5);
0x000016b0 move a2, s6 | a2 = s6;
0x000016b4 addiu a1, zero, 1 | a1 = 1;
0x000016b8 jalr t9 | t9 ();
0x000016bc lw gp, 0x10(sp) | gp = *(var_10h);
0x000016c0 lw a0, (s0) | a0 = *(s0);
0x000016c4 lw t9, -0x7ef4(gp) | t9 = sym.imp.perror;
0x000016c8 move s2, zero | s2 = 0;
0x000016cc jalr t9 | t9 ();
0x000016d0 lw gp, 0x10(sp) | gp = *(var_10h);
0x000016d4 b 0x165c | goto label_1;
| }
0x000016d8 lw t9, -0x7ee4(gp) | t9 = sym.imp.__stack_chk_fail;
0x000016dc jalr t9 | t9 ();
0x000016e0 nop |
| }
0x000016e4 addiu a0, zero, 1 | a0 = 1;
0x000016e8 jalr t9 | t9 ();
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/e4crypt @ 0x17b8 */
| #include <stdint.h>
|
; (fcn) fcn.000017b8 () | void fcn_000017b8 () {
0x000017b8 lui gp, 2 |
0x000017bc addiu gp, gp, -0x47a8 |
0x000017c0 addu gp, gp, t9 | gp += t9;
0x000017c4 lw v0, -0x7ed4(gp) | v0 = *((gp - 8117));
0x000017c8 addiu sp, sp, -0x78 |
0x000017cc addiu v1, a1, -4 | v1 = a1 + -4;
0x000017d0 lw t0, (v0) | t0 = *(v0);
0x000017d4 sw gp, 0x18(sp) | *(var_18h) = gp;
0x000017d8 sw v0, 0x2c(sp) | *(var_2ch) = v0;
0x000017dc sltiu v0, v1, 0x1d | v0 = (v1 < 0x1d) ? 1 : 0;
0x000017e0 sw s1, 0x54(sp) | *(var_54h) = s1;
0x000017e4 sw ra, 0x74(sp) | *(var_74h) = ra;
0x000017e8 sw fp, 0x70(sp) | *(var_70h) = fp;
0x000017ec sw s7, 0x6c(sp) | *(var_6ch) = s7;
0x000017f0 sw s6, 0x68(sp) | *(var_68h) = s6;
0x000017f4 sw s5, 0x64(sp) | *(var_64h) = s5;
0x000017f8 sw s4, 0x60(sp) | *(var_60h) = s4;
0x000017fc sw s3, 0x5c(sp) | *(var_5ch) = s3;
0x00001800 sw s2, 0x58(sp) | *(var_58h) = s2;
0x00001804 sw s0, 0x50(sp) | *(var_50h) = s0;
0x00001808 lw s1, 0x88(sp) | s1 = *(arg_88h);
0x0000180c sw t0, 0x4c(sp) | *(var_4ch) = t0;
0x00001810 lui v0, 0x1000 | v0 = 0x10000000;
0x00001814 bnez v0, 0x1848 |
| while (v0 == 0) {
0x00001818 lw v0, -0x7ec8(gp) | v0 = *((gp - 8114));
0x0000181c lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00001820 lw t9, -0x7f78(gp) | t9 = sym.imp.__fprintf_chk
0x00001824 lw a0, (v0) | a0 = *(v0);
0x00001828 move a3, a1 | a3 = a1;
0x0000182c addiu a2, a2, 0x369c | a2 += str.Invalid_padding__d_n;
| label_3:
0x00001830 addiu a1, zero, 1 | a1 = 1;
0x00001834 jalr t9 | t9 ();
0x00001838 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000183c lw t9, -0x7f20(gp) | t9 = sym.imp.exit;
0x00001840 addiu a0, zero, 1 | a0 = 1;
0x00001844 jalr t9 | t9 ();
0x00001848 addiu v0, v0, 0x1011 | v0 += 0x1011;
0x0000184c srlv v0, v0, v1 | v0 >>= v1;
0x00001850 ext v0, v0, 0, 1 | __asm ("ext v0, v0, 0, 1");
0x00001854 slt v0, s1, a2 | v0 = (s1 < a2) ? 1 : 0;
0x00001858 beqz v0, 0x1818 |
| }
0x0000185c move s4, a2 | s4 = a2;
| if (v0 == 0) {
0x00001860 beqz v0, 0x195c | goto label_5;
| }
0x00001864 lw s7, -0x7fdc(gp) | s7 = *((gp - 8183));
0x00001868 sll v0, s1, 2 | v0 = s1 << 2;
0x0000186c lw v1, -0x7fdc(gp) | v1 = *((gp - 8183));
0x00001870 lw s5, -0x7fdc(gp) | s5 = *((gp - 8183));
0x00001874 addu s0, a3, v0 | s0 = a3 + v0;
0x00001878 addiu v0, s7, 0x16ec | v0 = s7 + fcn.000016ec;
0x0000187c move s3, a0 | s3 = a0;
0x00001880 sw v1, 0x24(sp) | *(var_24h) = v1;
0x00001884 sra s2, a1, 3 | s2 = a1 >> 3;
0x00001888 sw v0, 0x28(sp) | *(var_28h) = v0;
0x0000188c addiu s5, s5, 0x3760 | s5 += str.Key_with_descriptor___s__applied_to__s._n;
| label_0:
0x00001890 lw t9, -0x7f24(gp) | t9 = sym.imp.open;
0x00001894 lw a0, (s0) | a0 = *(s0);
0x00001898 lui a1, 1 | a1 = 0x10000;
0x0000189c jalr t9 | t9 ();
0x000018a0 move s6, v0 | s6 = v0;
0x000018a4 addiu v0, zero, -1 | v0 = -1;
0x000018a8 lw gp, 0x18(sp) | gp = *(var_18h);
| if (s6 == v0) {
0x000018ac beq s6, v0, 0x1a80 | goto label_6;
| }
0x000018b0 move s7, s3 | s7 = s3;
| if (s3 == 0) {
0x000018b4 beqz s3, 0x19ec | goto label_7;
| }
| label_2:
0x000018b8 addiu v0, zero, 0x100 | v0 = 0x100;
0x000018bc sh v0, 0x30(sp) | *(var_30h) = v0;
0x000018c0 addiu v0, zero, 4 | v0 = 4;
0x000018c4 sb v0, 0x32(sp) | *(var_32h) = v0;
| if (s2 == 0) {
0x000018c8 beqz s2, 0x1a48 | goto label_8;
| }
0x000018cc move v0, s2 | v0 = s2;
0x000018d0 move v1, zero | v1 = 0;
| do {
0x000018d4 sra v0, v0, 1 | v0 >>= 1;
0x000018d8 addiu v1, v1, 1 | v1++;
0x000018dc bnez v0, 0x18d4 |
| } while (v0 != 0);
0x000018e0 seb v1, v1 | __asm ("seb v1, v1");
| label_4:
0x000018e4 lwl t1, 0x18(s7) | __asm ("lwl t1, 0x18(s7)");
0x000018e8 lwl v0, 0x1c(s7) | __asm ("lwl v0, 0x1c(s7)");
0x000018ec lw t9, -0x7eec(gp) | t9 = sym.imp.ioctl;
0x000018f0 lwr t1, 0x15(s7) | __asm ("lwr t1, 0x15(s7)");
0x000018f4 lwr v0, 0x19(s7) | __asm ("lwr v0, 0x19(s7)");
0x000018f8 lui a1, 0x400c | a1 = 0x400c0000;
0x000018fc addiu a2, sp, 0x30 | a2 = sp + 0x30;
0x00001900 addiu a1, a1, 0x6613 | a1 += 0x6613;
0x00001904 move a0, s6 | a0 = s6;
0x00001908 sw t1, 0x34(sp) | *(var_34h) = t1;
0x0000190c sb v1, 0x33(sp) | *(var_33h) = v1;
0x00001910 sw v0, 0x38(sp) | *(var_38h) = v0;
0x00001914 jalr t9 | t9 ();
0x00001918 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000191c move fp, v0 | fp = v0;
0x00001920 lw t9, -0x7f98(gp) | t9 = sym.imp.close;
0x00001924 move a0, s6 | a0 = s6;
0x00001928 jalr t9 | t9 ();
0x0000192c lw gp, 0x18(sp) | gp = *(var_18h);
0x00001930 addiu a2, s7, 4 | a2 = s7 + 4;
| if (fp != 0) {
0x00001934 bnez fp, 0x199c | goto label_9;
| }
0x00001938 lw t9, -0x7f60(gp) | t9 = sym.imp.__printf_chk;
0x0000193c lw a3, (s0) | a3 = *(s0);
0x00001940 move a1, s5 | a1 = s5;
0x00001944 addiu a0, zero, 1 | a0 = 1;
0x00001948 jalr t9 | t9 ();
0x0000194c lw gp, 0x18(sp) | gp = *(var_18h);
| label_1:
0x00001950 addiu s1, s1, 1 | s1++;
0x00001954 addiu s0, s0, 4 | s0 += 4;
| if (s4 != s1) {
0x00001958 bne s4, s1, 0x1890 | goto label_0;
| }
| label_5:
0x0000195c lw v0, 0x2c(sp) | v0 = *(var_2ch);
0x00001960 lw v1, 0x4c(sp) | v1 = *(var_4ch);
0x00001964 lw v0, (v0) | v0 = *(v0);
0x00001968 lw ra, 0x74(sp) | ra = *(var_74h);
| if (v1 != v0) {
0x0000196c bne v1, v0, 0x1a74 | goto label_10;
| }
0x00001970 lw fp, 0x70(sp) | fp = *(var_70h);
0x00001974 lw s7, 0x6c(sp) | s7 = *(var_6ch);
0x00001978 lw s6, 0x68(sp) | s6 = *(var_68h);
0x0000197c lw s5, 0x64(sp) | s5 = *(var_64h);
0x00001980 lw s4, 0x60(sp) | s4 = *(var_60h);
0x00001984 lw s3, 0x5c(sp) | s3 = *(var_5ch);
0x00001988 lw s2, 0x58(sp) | s2 = *(var_58h);
0x0000198c lw s1, 0x54(sp) | s1 = *(var_54h);
0x00001990 lw s0, 0x50(sp) | s0 = *(var_50h);
0x00001994 addiu sp, sp, 0x78 |
0x00001998 jr ra | return v1;
| label_9:
0x0000199c lw t9, -0x7f44(gp) | t9 = sym.imp.__errno_location;
0x000019a0 sw a2, 0x20(sp) | *(var_20h) = a2;
0x000019a4 jalr t9 | t9 ();
0x000019a8 lw gp, 0x18(sp) | gp = *(var_18h);
0x000019ac lw t9, -0x7f14(gp) | t9 = sym.imp.strerror;
0x000019b0 lw a0, (v0) | a0 = *(v0);
0x000019b4 jalr t9 | t9 ();
0x000019b8 lw gp, 0x18(sp) | gp = *(var_18h);
0x000019bc lw a2, 0x20(sp) | a2 = *(var_20h);
0x000019c0 lw v1, (s0) | v1 = *(s0);
0x000019c4 move a3, a2 | a3 = a2;
0x000019c8 move a2, v0 | a2 = v0;
0x000019cc lw v0, 0x24(sp) | v0 = *(var_24h);
0x000019d0 lw t9, -0x7f60(gp) | t9 = sym.imp.__printf_chk;
0x000019d4 sw v1, 0x10(sp) | *(var_10h) = v1;
0x000019d8 addiu a1, v0, 0x36e8 | a1 = v0 + str.Error___s__setting_policy._nThe_key_descriptor___s__may_not_match_the_existing_encryption_context_for_directory___s_._n;
0x000019dc addiu a0, zero, 1 | a0 = 1;
0x000019e0 jalr t9 | t9 ();
0x000019e4 lw gp, 0x18(sp) | gp = *(var_18h);
0x000019e8 b 0x1950 | goto label_1;
| label_7:
0x000019ec lw t9, -0x7eec(gp) | t9 = sym.imp.ioctl;
0x000019f0 addiu s7, sp, 0x3c | s7 = sp + 0x3c;
0x000019f4 lui a1, 0x8010 | a1 = 0x80100000;
0x000019f8 move a2, s7 | a2 = s7;
0x000019fc addiu a1, a1, 0x6614 | a1 += 0x6614;
0x00001a00 move a0, s6 | a0 = s6;
0x00001a04 jalr t9 | t9 ();
0x00001a08 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x00001a0c bltz v0, 0x1a50 | goto label_11;
| }
0x00001a10 lw t9, 0x28(sp) | t9 = *(var_28h);
0x00001a14 move a0, s7 | a0 = s7;
0x00001a18 addiu a1, zero, 0x10 | a1 = 0x10;
0x00001a1c jalr t9 | t9 ();
0x00001a20 move s7, v0 | s7 = v0;
0x00001a24 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != 0) {
0x00001a28 bnez v0, 0x18b8 | goto label_2;
| }
0x00001a2c lw v0, -0x7ec8(gp) | v0 = *((gp - 8114));
0x00001a30 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00001a34 lw t9, -0x7ef8(gp) | t9 = sym.imp.fwrite;
0x00001a38 lw a3, (v0) | a3 = *(v0);
0x00001a3c addiu a0, a0, 0x36d0 | a0 += str.Couldnt_find_salt____n;
0x00001a40 addiu a2, zero, 0x16 | a2 = 0x16;
0x00001a44 b 0x1830 | goto label_3;
| label_8:
0x00001a48 move v1, zero | v1 = 0;
0x00001a4c b 0x18e4 | goto label_4;
| label_11:
0x00001a50 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00001a54 lw t9, -0x7ef4(gp) | t9 = sym.imp.perror;
0x00001a58 addiu a0, a0, 0x36b0 | a0 += str.EXT4_IOC_GET_ENCRYPTION_PWSALT;
| do {
0x00001a5c jalr t9 | t9 ();
0x00001a60 nop |
0x00001a64 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001a68 lw t9, -0x7f20(gp) | t9 = sym.imp.exit;
0x00001a6c addiu a0, zero, 1 | a0 = 1;
0x00001a70 jalr t9 | t9 ();
| label_10:
0x00001a74 lw t9, -0x7ee4(gp) | t9 = sym.imp.__stack_chk_fail;
0x00001a78 jalr t9 | t9 ();
0x00001a7c nop |
| label_6:
0x00001a80 lw a0, (s0) | a0 = *(s0);
0x00001a84 lw t9, -0x7ef4(gp) | t9 = sym.imp.perror;
0x00001a88 b 0x1a5c |
| } while (1);
| }
[*] Function fprintf used 3 times e4crypt
