[*] Binary protection state of keyctl
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of keyctl
push {r7, lr}
sub sp, 8
add r3, pc
ldr r0, [0x00001c64]
ldr r5, [r3, r4]
add r0, pc
ldr r4, str.new_session
ldr r7, [0x00001c6c]
ldr r3, [r5]
blx sym.imp.fwrite
ldr r3, [0x00001c70]
add r4, pc
add r7, pc
add r3, pc
ldr r6, [r4, 8]
mov r2, r7
ldr r0, [r5]
movs r1, 1
adds r4, 0xc
str r6, [sp]
blx sym.imp.__fprintf_chk
ldr r3, [r4, 4]
cmp r3, 0
--
ldr r3, [sp, 0xc]
eors r2, r3
mov.w r3, 0
bne 0x1dd4
add sp, 0x10
pop {r4, r5, r6, pc}
movs r2, 0
add r1, sp, 8
blx sym.imp.strtoul
ldr r3, [sp, 8]
ldrb r3, [r3]
cmp r3, 0
beq 0x1cf8
ldr r2, [0x00001e0c]
ldr r0, [0x00001e10]
add r2, pc
ldr r0, [r5, r0]
mov r3, r4
movs r1, 1
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
movs r1, 1
ldr r3, [r5, r3]
add r0, pc
ldr r3, [r3]
blx sym.imp.fwrite
movs r0, 2
blx sym.imp.exit
blx sym.imp.__stack_chk_fail
ldr r2, [0x00001e38]
ldr r0, [0x00001e10]
add r2, pc
b 0x1d26
ldr r1, [0x00001e10]
mov r3, r6
ldr r2, [0x00001e3c]
ldr r0, [r5, r1]
movs r1, 1
str r4, [sp]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 1
blx sym.imp.exit
--
mov r6, r0
ldr r0, [r4, 8]
blx sym.imp.strtoul
ldr r3, [sp]
mov r1, r0
ldrb r7, [r3]
cbnz r7, 0x20c0
mov r0, r6
blx sym.imp.keyctl_set_timeout
cmp r0, 0
blt 0x20d8
mov r0, r7
blx sym.imp.exit
ldr r0, [0x000020ec]
movs r1, 1
ldr r2, [0x000020f0]
ldr r3, [r4, 8]
ldr r0, [r5, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
ite eq
moveq r1, 0x2d
movne r1, 0x76
str r1, [sp, 0x58]
ldr r1, [0x0000242c]
str r0, [sp, 0x54]
movs r0, 1
strd r6, r7, [sp, 4]
add r1, pc
str.w ip, [sp]
blx sym.imp.__printf_chk
mov r0, r5
blx sym.imp.exit
ldr r0, [0x00002430]
mov r3, r6
ldr r2, [0x00002434]
movs r1, 1
ldr r0, [r4, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 3
blx sym.imp.exit
--
b 0x26d6
ldr r0, [0x00002754]
add r0, pc
blx sym.imp.puts
mov r0, r4
blx sym.imp.exit
mov r0, r4
blx sym.imp.exit
ldr r0, [0x00002758]
add r0, pc
bl 0x1e40
mov sl, r6
ldr r0, [0x0000275c]
ldr r6, [sp, 0x1c]
mov r3, sl
ldr r2, [0x00002760]
movs r1, 1
ldr r0, [r6, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 3
blx sym.imp.exit
--
mov r6, r0
ldr r0, [r4, 8]
blx sym.imp.strtoul
ldr r3, [sp]
mov r1, r0
ldrb r7, [r3]
cbnz r7, 0x27b4
mov r0, r6
blx sym.imp.keyctl_setperm
cmp r0, 0
blt 0x27cc
mov r0, r7
blx sym.imp.exit
ldr r0, [0x000027e0]
movs r1, 1
ldr r2, [0x000027e4]
ldr r3, [r4, 8]
ldr r0, [r5, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
beq 0x283a
ldr r7, [r1, 4]
mov r5, r1
ldr r1, [0x00002884]
mov r0, r7
add r1, pc
blx sym.imp.strcmp
cmp r0, 0
ite ne
movne r0, r7
moveq r0, 0
blx sym.imp.keyctl_join_session_keyring
subs r3, r0, 0
blt 0x2870
ldr r2, [0x00002888]
ldr r1, [r6, r2]
ldr r2, [0x0000288c]
ldr r0, [r1]
movs r1, 1
add r2, pc
blx sym.imp.__fprintf_chk
cmp r4, 2
beq 0x2854
ldr r0, [r5, 8]
add.w r1, r5, 8
blx sym.imp.execvp
ldr r0, [r5, 8]
bl 0x1e40
movs r0, 0
blx sym.imp.keyctl_join_session_keyring
subs r3, r0, 0
blt 0x2870
ldr r0, [0x00002888]
mov r1, r4
ldr r2, [0x00002890]
ldr r0, [r6, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
ldr r0, [0x00002894]
add r0, pc
--
ldr r0, [r4, 0x10]
bl 0x1ca0
mov r2, r7
mov r3, r0
mov r1, sb
mov r0, r6
blx sym.imp.keyctl_reject
cmp r0, 0
blt 0x2aee
movs r0, 0
blx sym.imp.exit
movs r7, 0x81
b 0x2ab6
ldr r2, [0x00002b30]
ldr r0, [0x00002b34]
ldr r3, [r4, 8]
add r2, pc
ldr r0, [r5, r0]
movs r1, 1
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
add r2, pc
ldr r3, [r2, r3]
ldr r2, [r3]
ldr r3, [sp, 0x5c]
eors r2, r3
mov.w r3, 0
bne 0x2fae
mov r0, r4
add sp, 0x64
pop.w {r4, r5, r6, r7, r8, sb, pc}
mov r0, r7
bl 0x1e40
blx sym.imp.__stack_chk_fail
ldr r0, [0x00002fe4]
mov r3, r7
ldr r2, [0x00002fe8]
movs r1, 1
ldr.w r0, [r8, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 1
blx sym.imp.exit
--
ldrb.w r8, [r3]
cmp.w r8, 0
bne 0x3834
ldr r0, [r4, 0xc]
bl 0x1ca0
mov r1, r7
mov r2, r0
mov r0, r6
blx sym.imp.keyctl_negate
cmp r0, 0
blt 0x384c
mov r0, r8
blx sym.imp.exit
ldr r0, [0x00003860]
movs r1, 1
ldr r2, [0x00003864]
ldr r3, [r4, 8]
ldr r0, [r5, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
movs r0, 0
blx sym.imp.exit
ldr r0, [0x0000399c]
add r0, pc
bl 0x1e40
ldr r0, [r5, 8]
movs r2, 0
mov r1, sp
blx sym.imp.strtoul
ldr r3, [sp]
ldrb r3, [r3]
cmp r3, 0
beq 0x393e
ldr r0, [0x000039a0]
movs r1, 1
ldr r2, [0x000039a4]
ldr r3, [r5, 8]
ldr r0, [r6, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
ldr r0, [r4, 8]
blx sym.imp.strtoul
ldr r3, [sp]
mov r1, r0
ldrb r7, [r3]
cbnz r7, 0x3d64
mov.w r2, -1
mov r0, r6
blx sym.imp.keyctl_chown
cmp r0, 0
blt 0x3d7c
mov r0, r7
blx sym.imp.exit
ldr r0, [0x00003d90]
movs r1, 1
ldr r2, [0x00003d94]
ldr r3, [r4, 8]
ldr r0, [r5, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
ldr r0, [r4, 8]
blx sym.imp.strtoul
ldr r3, [sp]
mov r2, r0
ldrb r7, [r3]
cbnz r7, 0x3dec
mov.w r1, -1
mov r0, r6
blx sym.imp.keyctl_chown
cmp r0, 0
blt 0x3e04
mov r0, r7
blx sym.imp.exit
ldr r0, [0x00003e18]
movs r1, 1
ldr r2, [0x00003e1c]
ldr r3, [r4, 8]
ldr r0, [r5, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
ldr r1, [sp, 0x24]
mov.w r2, 0x20202020
str r2, [r1, r4]
add.w r2, sl, sb
strb r3, [r2, 0x18]
b 0x40c0
ldr r1, [0x000041b8]
add r1, pc
b 0x4018
ldr r1, [0x000041bc]
add r1, pc
b 0x40fe
blx sym.imp.__stack_chk_fail
ldr r0, [0x000041c0]
mov r3, r5
ldr r2, [0x000041c4]
movs r1, 1
ldr r0, [r7, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 3
blx sym.imp.exit
[*] Function fprintf used 16 times keyctl
