EMBA firmware report

[*] Binary protection state of stm32flash

  	Full RELRO     Canary found      NX enabled   PIE enabled  No RPATH     No RUNPATH   No Symbols

[*] Function printf tear down of stm32flash

mov r0, r4

blx sym.imp.tcgetattr

mov r0, r4

add sp, 8

pop {r4, pc}

ldr r0, [0x00002120]

add r0, pc

bx lr

nop

strb r0, [r7, 1]

movs r0, r0

subs r1, 0x50

movs r0, r0

subs r1, 0x32

movs r0, r0

ldr r3, [r0, 0x28]

cbz r3, 0x213c

push {r4, lr}

mov r4, r2

ldr r0, [r3]

blx sym.imp.__fprintf_chk

cmp r4, r0

ite ne

--

movs r0, 3

bx lr

ldr r3, [r0, 0x28]

cbz r3, 0x2158

push {r4, lr}

mov r4, r2

ldr r0, [r3]

blx 0x1000

cmp r4, r0

ite ne

movne r0, 3

moveq r0, 0

pop {r4, pc}

movs r0, 3

bx lr

push {r3, r4, r5, lr}

ldr r5, [r0, 0x28]

cbz r5, 0x2178

mov r4, r0

ldr r0, [r5]

blx sym.imp.__snprintf_chk

mov r0, r5

blx 0x1028

--

movs r0, 3

b 0x2208

ldr r3, [0x000022d8]

movs r2, 0x25

ldr r0, [0x000022e0]

movs r1, 1

ldr r3, [r7, r3]

add r0, pc

ldr r3, [r3]

blx sym.imp.ioctl

b 0x223e

ldr r3, [0x000022d8]

movs r2, 0x2a

ldr r0, [0x000022e4]

movs r1, 1

ldr r3, [r7, r3]

add r0, pc

ldr r3, [r3]

blx sym.imp.ioctl

mov r0, sb

blx sym.imp.__snprintf_chk

mov r0, r6

blx 0x1028

b 0x223e

ldr r3, [0x000022d8]

ldr r3, [r7, r3]

ldr r4, [r3]

blx sym.imp.__sprintf_chk

ldr r2, [0x000022e8]

add r2, pc

ldr r3, [r0]

movs r1, 1

mov r0, r4

blx sym.imp.sigemptyset

mov r0, sb

blx sym.imp.__snprintf_chk

mov r0, r6

blx 0x1028

b 0x223e

ldr r3, [0x000022d8]

ldr r3, [r7, r3]

ldr r4, [r3]

blx sym.imp.__sprintf_chk

ldr r2, [0x000022ec]

add r2, pc

--

subs r0, 0x3e

movs r0, r0

subs r0, 0x60

movs r0, r0

adds r7, 0xd2

movs r0, r0

push {r3, r4, r5, r6, r7, lr}

mov r4, r1

ldr r6, [0x00002358]

movs r1, 1

mov r7, r0

blx sym.imp.__ctype_b_loc

subs r5, r0, 0

add r6, pc

blt 0x2326

mov r0, r4

blx sym.imp.strchr

mov r1, r4

mov r2, r0

mov r0, r5

blx sym.imp.__fprintf_chk

cmp r0, 0

blt 0x233c

mov r0, r5

blx sym.imp.__snprintf_chk

movs r0, 1

pop {r3, r4, r5, r6, r7, pc}

ldr r0, [0x0000235c]

mov r3, r7

ldr r2, [0x00002360]

movs r1, 1

ldr r0, [r6, r0]

add r2, pc

ldr r0, [r0]

blx sym.imp.sigemptyset

movs r0, 0

pop {r3, r4, r5, r6, r7, pc}

ldr r1, [0x0000235c]

mov r3, r7

ldr r2, [0x00002364]

ldr r1, [r6, r1]

add r2, pc

ldr r0, [r1]

movs r1, 1

blx sym.imp.sigemptyset

mov r0, r5

blx sym.imp.__snprintf_chk

b 0x2338

nop

--

mov r7, r0

blx sym.imp.__ctype_b_loc

subs r5, r0, 0

add r8, pc

blt 0x23dc

movs r2, 1

mov r1, r6

mov r0, r5

blx 0x1000

subs r4, r0, 0

ite ne

movne r2, 1

moveq r2, 0

and r2, r2, 1

it ne

movne r2, 0

blt 0x23ac

cmp r2, 0

bne 0x2380

mov r0, r5

blx sym.imp.__snprintf_chk

mov r0, r4

pop.w {r4, r5, r6, r7, r8, pc}

blx sym.imp.__sprintf_chk

ldr r3, [r0]

cmp r3, 0xb

it ne

cmpne r3, 4

beq 0x2380

ldr r1, [0x000023f8]

mov r3, r7

ldr r2, [0x000023fc]

ldr.w r1, [r8, r1]

add r2, pc

ldr r0, [r1]

movs r1, 1

blx sym.imp.sigemptyset

mov r0, r5

blx sym.imp.__snprintf_chk

movs r4, 0

mov r0, r4

--

b 0x3788

blx 0x1058

ldrsb r6, [r7, r6]

movs r0, r0

lsls r0, r3, 3

movs r0, r0

ldrsb r4, [r3, r6]

movs r0, r0

push {r4, r5, r6, lr}

ldr r6, [r0, 0x28]

cbz r6, 0x37ea

mov r5, r1

mov r4, r2

cbnz r2, 0x37da

b 0x37ee

subs r4, r4, r0

beq 0x37ee

mov r1, r5

ldr r0, [r6]

mov r2, r4

blx sym.imp.__fprintf_chk

cmp r0, 0

add r5, r0

--

cbz r3, 0x3836

ldr r0, [r3]

movs r1, 0

blx 0x100c

movs r0, 0

pop {r3, pc}

push {r4, lr}

movs r1, 0

mov r4, r0

ldr r0, [r0]

blx 0x100c

mov r2, r4

movs r1, 0

ldr r0, [r2], 4

blx sym.imp.malloc

movs r2, 0

ldr r0, [r4]

mov r1, r2

blx sym.imp.memset

ldr r0, [r4]

blx sym.imp.__snprintf_chk

mov r0, r4

pop.w {r4, lr}

--

blx sym.imp.__ctype_b_loc

mov r3, r0

sub.w r0, r0, -1

clz r0, r0

str r3, [r4]

lsrs r0, r0, 5

strb r6, [r4, 4]

b 0x5270

mov r0, r2

str r2, [r4]

strb r6, [r4, 4]

b 0x5270

push {r4, lr}

mov r4, r0

ldr r0, [r0]

cbnz r0, 0x52be

mov r0, r4

blx 0x1028

movs r0, 0

pop {r4, pc}

blx sym.imp.__snprintf_chk

mov r0, r4

blx 0x1028

--

movs r0, 0

pop {r3, r4, r5, r6, r7, pc}

movs r0, 3

pop {r3, r4, r5, r6, r7, pc}

ldrb r3, [r0, 4]

cbz r3, 0x533a

push {r4, r5, r6, lr}

mov r5, r0

mov r6, r1

mov r4, r2

cbnz r2, 0x5322

b 0x5336

ldr r3, [r5, 0x34]

subs r4, r4, r0

add r3, r0

str r3, [r5, 0x34]

beq 0x5336

mov r1, r6

ldr r0, [r5]

mov r2, r4

blx sym.imp.__fprintf_chk

cmp r0, 0

add r6, r0

--

bne 0x5508

ldr r1, [0x000055c4]

mov r0, r6

add r2, sp, 0x20

add r1, pc

blx sym.imp.fcntl

cmp r0, 1

bne 0x5508

ldr r3, [sp, 0x20]

add r4, r3

ands r4, r4, 0xff

bne 0x5508

ldr r3, [sp, 0x2c]

cmp r3, 2

beq 0x554c

cmp r3, 4

beq 0x5548

cmp r3, 1

bne.w 0x53de

mov r0, r7

blx sym.imp.__snprintf_chk

mov r0, r4

ldr r2, [0x000055c8]

ldr r3, [0x000055b8]

add r2, pc

ldr r3, [r2, r3]

ldr r2, [r3]

ldr r3, [sp, 0x3c]

eors r2, r3

mov.w r3, 0

bne 0x55ae

add sp, 0x44

pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc}

orr.w sl, r2, sl, lsl 8

b 0x545c

mov r0, r7

blx sym.imp.__snprintf_chk

movs r0, 2

b 0x54e8

[*] Function printf used 18 times stm32flash