[*] Binary protection state of apac-update
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of apac-update
cbnz r0, 0xdaa
mov r0, r4
blx sym.imp.close
cbnz r0, 0xd82
add sp, 0xc
pop {r4, r5, r6, r7, pc}
ldr r3, [0x00000e08]
ldr r3, [r5, r3]
ldr r5, [r3]
blx sym.imp.__errno_location
ldr r0, [r0]
blx sym.imp.g_strerror
ldr r3, [0x00000e0c]
mov r4, r0
ldr r2, [0x00000e10]
movs r1, 1
mov r0, r5
str r4, [sp]
add r3, pc
add r2, pc
blx sym.imp.__fprintf_chk
add sp, 0xc
pop {r4, r5, r6, r7, pc}
ldr r3, [0x00000e08]
ldr r3, [r5, r3]
ldr r7, [r3]
blx sym.imp.__errno_location
ldr r0, [r0]
blx sym.imp.g_strerror
mov r2, r0
mov r3, r6
str r2, [sp]
mov r0, r7
ldr r2, [0x00000e14]
movs r1, 1
add r2, pc
blx sym.imp.__fprintf_chk
mov r0, r4
blx sym.imp.close
cmp r0, 0
beq 0xd7e
b 0xd82
ldr r3, [0x00000e08]
ldr r3, [r5, r3]
ldr r5, [r3]
blx sym.imp.__errno_location
ldr r0, [r0]
blx sym.imp.g_strerror
ldr r2, [0x00000e18]
mov r4, r0
mov r3, r6
movs r1, 1
mov r0, r5
str r4, [sp]
add r2, pc
blx sym.imp.__fprintf_chk
add sp, 0xc
pop {r4, r5, r6, r7, pc}
--
lsls r6, r7, 0x12
movs r0, r0
lsls r4, r2, 0x14
movs r0, r0
lsls r2, r1, 0x13
movs r0, r0
lsls r0, r7, 0x11
movs r0, r0
push {r4, r5, r6, lr}
sub sp, 8
ldr r6, [0x00000ea8]
mov r4, r0
add r6, pc
bl 0xf7c
cbz r0, 0xe60
ldr r1, [0x00000eac]
mov r2, r4
ldr r0, [0x00000eb0]
add r1, pc
add r0, pc
blx sym.imp.g_strdup_printf
mov r5, r0
blx sym.imp.unlink
--
blx sym.imp.__errno_location
ldr r0, [r0]
cmp r0, 2
bne 0xe80
mov r0, r5
movs r4, 1
blx sym.imp.g_free
mov r0, r4
add sp, 8
pop {r4, r5, r6, pc}
bl 0xd58
b 0xe4c
ldr r3, [0x00000eb4]
mov r4, r0
ldr r2, [0x00000eb8]
movs r1, 1
mov r5, r4
ldr r3, [r6, r3]
add r2, pc
ldr r0, [r3]
blx sym.imp.__fprintf_chk
mov r0, r5
blx sym.imp.g_free
mov r0, r4
add sp, 8
pop {r4, r5, r6, pc}
ldr r3, [0x00000eb4]
ldr r3, [r6, r3]
ldr r4, [r3]
blx sym.imp.g_strerror
ldr r2, [0x00000ebc]
mov r3, r5
movs r1, 1
str r0, [sp]
mov r0, r4
movs r4, 0
add r2, pc
blx sym.imp.__fprintf_chk
mov r0, r5
blx sym.imp.g_free
--
blx sym.imp.fread
cmp r7, r0
it eq
strbeq r8, [r6, r7]
bne 0x108a
mov r0, r4
blx sym.imp.fclose
mov r0, r6
add sp, 8
pop.w {r4, r5, r6, r7, r8, pc}
cbz r5, 0x107c
ldr r2, [0x000010dc]
mov r0, r5
movs r1, 0
mov.w r3, -1
str r1, [r0], 4
mov.w r1, 0x100
add r2, pc
str r2, [sp]
movs r2, 1
blx sym.imp.__snprintf_chk
b 0x107c
cbz r5, 0x107c
ldr r1, [0x000010e0]
add r1, pc
mov r0, r5
mov.w r3, -1
str r6, [r0], 4
movs r2, 1
str r1, [sp]
mov.w r1, 0x100
blx sym.imp.__snprintf_chk
movs r6, 0
b 0x1032
--
ldm r7!, {r0, r1, r2, r3}
str r0, [r5, 4]
str.w r1, [ip, 4]
ldm r7!, {r0, r1}
str.w r2, [ip, 8]
str.w r3, [ip, 0xc]
str.w r0, [ip, 0x10]
str.w r1, [ip, 0x14]
mov r0, r6
blx sym.imp.free
b 0x107c
cbz r5, 0x10d4
ldr r6, [0x000010ec]
mov r0, r5
str r4, [r0], 4
mov.w r3, -1
movs r2, 1
mov.w r1, 0x100
add r6, pc
str r6, [sp]
blx sym.imp.__snprintf_chk
movs r6, 0
b 0x1038
--
mov r4, r0
mov r0, r7
mov r3, r5
mov r2, r4
movs r1, 1
blx sym.imp.fwrite
cmp r4, r0
beq 0x115a
cbz r6, 0x114c
ldr r1, [0x000011b8]
mov.w r3, -1
str r0, [sp, 0xc]
mov r0, r6
strd r8, r4, [sp, 4]
movs r2, 1
add r1, pc
str r1, [sp]
movs r1, 0
str r1, [r0], 4
mov.w r1, 0x100
blx sym.imp.__snprintf_chk
mov r0, r5
blx sym.imp.fclose
--
add sp, 0x10
pop.w {r4, r5, r6, r7, r8, pc}
mov r0, r5
blx sym.imp.fclose
cbnz r0, 0x116a
movs r0, 1
add sp, 0x10
pop.w {r4, r5, r6, r7, r8, pc}
cmp r6, 0
beq 0x1152
ldr r4, [0x000011bc]
mov r0, r6
movs r2, 0
mov.w r3, -1
str r2, [r0], 4
mov.w r1, 0x100
add r4, pc
movs r2, 1
str.w r8, [sp, 4]
str r4, [sp]
blx sym.imp.__snprintf_chk
b 0x1152
cmp r6, 0
beq 0x1152
ldr r1, [0x000011c0]
mov r0, r6
str r5, [r0], 4
mov.w r3, -1
movs r2, 1
add r1, pc
strd r1, r8, [sp]
mov.w r1, 0x100
blx sym.imp.__snprintf_chk
b 0x1152
nop
[*] Function printf used 12 times apac-update
