[*] Binary protection state of keyctl
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of keyctl
push {r7, lr}
sub sp, 8
add r3, pc
ldr r0, [0x00001c64]
ldr r5, [r3, r4]
add r0, pc
ldr r4, str.new_session
ldr r7, [0x00001c6c]
ldr r3, [r5]
blx sym.imp.fwrite
ldr r3, [0x00001c70]
add r4, pc
add r7, pc
add r3, pc
ldr r6, [r4, 8]
mov r2, r7
ldr r0, [r5]
movs r1, 1
adds r4, 0xc
str r6, [sp]
blx sym.imp.__fprintf_chk
ldr r3, [r4, 4]
cmp r3, 0
--
ldr r3, [sp, 0xc]
eors r2, r3
mov.w r3, 0
bne 0x1dd4
add sp, 0x10
pop {r4, r5, r6, pc}
movs r2, 0
add r1, sp, 8
blx sym.imp.strtoul
ldr r3, [sp, 8]
ldrb r3, [r3]
cmp r3, 0
beq 0x1cf8
ldr r2, [0x00001e0c]
ldr r0, [0x00001e10]
add r2, pc
ldr r0, [r5, r0]
mov r3, r4
movs r1, 1
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
movs r1, 1
ldr r3, [r5, r3]
add r0, pc
ldr r3, [r3]
blx sym.imp.fwrite
movs r0, 2
blx sym.imp.exit
blx sym.imp.__stack_chk_fail
ldr r2, [0x00001e38]
ldr r0, [0x00001e10]
add r2, pc
b 0x1d26
ldr r1, [0x00001e10]
mov r3, r6
ldr r2, [0x00001e3c]
ldr r0, [r5, r1]
movs r1, 1
str r4, [sp]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 1
blx sym.imp.exit
--
ldr r0, [0x00001e84]
add r0, pc
bl 0x1e40
movs r6, 0xa6
movs r0, r0
ldr r3, [0x00001eb4]
movs r0, 1
ldr.w ip, [0x00001eb8]
push {lr}
sub sp, 0xc
add r3, pc
ldr r2, [0x00001ebc]
ldr.w r4, [r3, ip]
ldr r1, [0x00001ec0]
str r4, [sp]
ldr r3, [r3, r2]
add r1, pc
str r3, [sp, 4]
mov r3, r4
ldr r2, [sp, 4]
blx sym.imp.__printf_chk
movs r0, 0
blx sym.imp.exit
--
mov.w r3, 0
subs r3, r0, 2
cmp r3, 1
bls 0x1ee2
bl 0x1b70
mov r4, r0
ldr r0, [r1, 4]
mov r5, r1
bl 0x1ca0
cmp r4, 3
str r0, [sp]
beq 0x1f0e
ldr r0, [0x00001f30]
mov r1, sp
add r0, pc
blx sym.imp.recursive_session_key_scan
ldr r1, [0x00001f34]
mov r2, r0
movs r0, 1
add r1, pc
blx sym.imp.__printf_chk
movs r0, 0
blx sym.imp.exit
--
ldr r1, [0x00001f80]
ldr r0, [r3, 4]
add r1, pc
blx sym.imp.strcmp
cbnz r0, 0x1f7c
ldr r3, str.reap
subs r4, 1
movs r2, 1
add r3, pc
str r2, [r3]
cmp r4, 1
bne 0x1f7c
ldr r0, [0x00001f88]
movs r1, 0
add r0, pc
blx sym.imp.recursive_session_key_scan
ldr r1, [0x00001f8c]
mov r2, r0
mov r0, r4
add r1, pc
blx sym.imp.__printf_chk
movs r0, 0
blx sym.imp.exit
--
blx sym.imp.strlen
str r0, [sp, 0xc]
cbz r7, 0x2014
mov r0, r7
blx sym.imp.strlen
mov r7, r0
str r7, [sp, 8]
cbnz r6, 0x203c
cmp r4, 1
beq 0x204e
cmp r4, 2
bne 0x1ff0
ldr r0, [0x00002064]
add r0, pc
mov r1, r5
blx sym.imp.recursive_session_key_scan
ldr r1, [0x00002068]
mov r2, r0
movs r0, 1
add r1, pc
blx sym.imp.__printf_chk
movs r0, 0
blx sym.imp.exit
--
mov r6, r0
ldr r0, [r4, 8]
blx sym.imp.strtoul
ldr r3, [sp]
mov r1, r0
ldrb r7, [r3]
cbnz r7, 0x20c0
mov r0, r6
blx sym.imp.keyctl_set_timeout
cmp r0, 0
blt 0x20d8
mov r0, r7
blx sym.imp.exit
ldr r0, [0x000020ec]
movs r1, 1
ldr r2, [0x000020f0]
ldr r3, [r4, 8]
ldr r0, [r5, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
blx sym.imp.exit
ldr r0, [0x000021b4]
add r0, pc
bl 0x1e40
ldr r4, [0x000021b8]
ldr r2, [0x000021bc]
ldr r6, [0x000021c0]
add r4, pc
add r2, pc
add.w r4, r4, 0x27c
add r6, pc
ldr r3, [r4, 4]
movs r0, 1
ldrb r1, [r5, r3]
ldrb r3, [r4, 8]
tst r1, r3
mov r1, r6
ite eq
moveq r3, 0x30
movne r3, 0x31
blx sym.imp.__printf_chk
ldr r2, [r4, 0xc]!
cmp r2, 0
--
str r0, [sp, 0x5c]
ite ne
movne r0, 0x77
moveq r0, 0x2d
tst.w r1, 2
str r0, [sp, 0x50]
ite ne
movne r0, 0x72
moveq r0, 0x2d
tst.w r1, 1
ite eq
moveq r1, 0x2d
movne r1, 0x76
str r1, [sp, 0x58]
ldr r1, [0x0000242c]
str r0, [sp, 0x54]
movs r0, 1
strd r6, r7, [sp, 4]
add r1, pc
str.w ip, [sp]
blx sym.imp.__printf_chk
mov r0, r5
blx sym.imp.exit
ldr r0, [0x00002430]
mov r3, r6
ldr r2, [0x00002434]
movs r1, 1
ldr r0, [r4, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 3
blx sym.imp.exit
--
beq 0x2458
bl 0x1b70
ldr r0, [r1, 4]
bl 0x1ca0
mov r1, sp
blx sym.imp.keyctl_read_alloc
cmp r0, 0
blt 0x24a8
lsrs r4, r0, 2
beq 0x24a0
ldr r5, [sp]
cmp r4, 1
ldr r6, [0x000024b8]
ldr r2, [r5], 4
add r6, pc
beq 0x248e
movs r3, 0x20
mov r1, r6
subs r4, 1
movs r0, 1
blx sym.imp.__printf_chk
cmp r4, 1
ldr r2, [r5], 4
bne 0x247a
ldr r1, [0x000024bc]
movs r3, 0xa
mov r0, r4
add r1, pc
blx sym.imp.__printf_chk
movs r0, 0
blx sym.imp.exit
--
moveq r3, 0x2d
tst.w r1, 4
str r3, [sp, 8]
ite ne
movne r4, 0x77
moveq r4, 0x2d
ldr r3, [0x00002600]
tst.w r1, 2
ite ne
movne r2, 0x72
moveq r2, 0x2d
tst.w r1, 1
str r4, [sp, 0xc]
ite eq
moveq r1, 0x2d
movne r1, 0x76
strd r2, r1, [sp, 0x10]
add r3, pc
mov.w r2, -1
movs r1, 1
blx sym.imp.__sprintf_chk
add sp, 0x1c
pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc}
--
add r6, pc
ldr r3, [r3]
str r3, [sp, 0x4c]
mov.w r3, 0
beq 0x2632
bl 0x1b70
ldr r0, [r1, 4]
bl 0x1ca0
add r1, sp, 0x28
blx sym.imp.keyctl_read_alloc
cmp r0, 0
blt 0x270a
lsrs r4, r0, 2
beq 0x26f6
cmp r4, 1
beq 0x272e
ldr r1, [0x00002744]
mov r2, r4
movs r0, 1
add r1, pc
blx sym.imp.__printf_chk
ldr r3, [0x00002748]
add r7, sp, 0x2c
--
add.w sl, sp, 0x40
ldrd r2, r3, [sp, 0x30]
ldr r1, [sp, 0x24]
mov r0, sl
bl 0x24c4
ldr r1, [sp, 0x2c]
mov r3, sl
ldr r0, [sp, 0x3c]
mov r2, r6
str r1, [sp, 0x10]
add r1, r0
movs r0, 1
str r1, [sp, 0x14]
ldr r1, [sp, 0x38]
strd r1, r1, [sp, 8]
ldr r1, [sp, 0x34]
str r1, [sp, 4]
ldr r1, [sp, 0x30]
str r1, [sp]
mov r1, sb
blx sym.imp.__printf_chk
ldr r0, [sp, 0x2c]
blx sym.imp.free
subs r4, 1
beq 0x2704
ldr r6, [r5], 4
mov r1, r7
mov r0, r6
blx sym.imp.keyctl_describe_alloc
cmp r0, 0
bge 0x2670
mov r2, r6
mov r1, fp
movs r0, 1
blx sym.imp.__printf_chk
b 0x26d6
ldr r0, [0x00002754]
add r0, pc
blx sym.imp.puts
mov r0, r4
blx sym.imp.exit
mov r0, r4
blx sym.imp.exit
ldr r0, [0x00002758]
add r0, pc
bl 0x1e40
mov sl, r6
ldr r0, [0x0000275c]
ldr r6, [sp, 0x1c]
mov r3, sl
ldr r2, [0x00002760]
movs r1, 1
ldr r0, [r6, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 3
blx sym.imp.exit
--
mov r6, r0
ldr r0, [r4, 8]
blx sym.imp.strtoul
ldr r3, [sp]
mov r1, r0
ldrb r7, [r3]
cbnz r7, 0x27b4
mov r0, r6
blx sym.imp.keyctl_setperm
cmp r0, 0
blt 0x27cc
mov r0, r7
blx sym.imp.exit
ldr r0, [0x000027e0]
movs r1, 1
ldr r2, [0x000027e4]
ldr r3, [r4, 8]
ldr r0, [r5, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
beq 0x283a
ldr r7, [r1, 4]
mov r5, r1
ldr r1, [0x00002884]
mov r0, r7
add r1, pc
blx sym.imp.strcmp
cmp r0, 0
ite ne
movne r0, r7
moveq r0, 0
blx sym.imp.keyctl_join_session_keyring
subs r3, r0, 0
blt 0x2870
ldr r2, [0x00002888]
ldr r1, [r6, r2]
ldr r2, [0x0000288c]
ldr r0, [r1]
movs r1, 1
add r2, pc
blx sym.imp.__fprintf_chk
cmp r4, 2
beq 0x2854
ldr r0, [r5, 8]
add.w r1, r5, 8
blx sym.imp.execvp
ldr r0, [r5, 8]
bl 0x1e40
movs r0, 0
blx sym.imp.keyctl_join_session_keyring
subs r3, r0, 0
blt 0x2870
ldr r0, [0x00002888]
mov r1, r4
ldr r2, [0x00002890]
ldr r0, [r6, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
ldr r0, [0x00002894]
add r0, pc
--
subs r3, r0, 4
cmp r3, 1
bls 0x28f8
bl 0x1b70
mov r4, r0
ldr r0, [r1, 4]
mov r5, r1
bl 0x1ca0
cmp r4, 5
mov r6, r0
beq 0x2930
movs r3, 0
ldrd r1, r2, [r5, 8]
mov r0, r6
blx sym.imp.keyctl_search
subs r2, r0, 0
blt 0x2928
ldr r1, [0x0000293c]
movs r0, 1
add r1, pc
blx sym.imp.__printf_chk
movs r0, 0
blx sym.imp.exit
--
b 0x2992
nop
subs r6, r4, 2
movs r0, r0
push {r3, lr}
subs r3, r0, 4
cmp r3, 1
bhi 0x29e6
cmp r0, 5
mov r4, r1
beq 0x29f2
movs r3, 0
ldrd r1, r2, [r4, 8]
ldr r0, [r4, 4]
blx sym.imp.request_key
subs r2, r0, 0
blt 0x29ea
ldr r1, [0x000029fc]
movs r0, 1
add r1, pc
blx sym.imp.__printf_chk
movs r0, 0
blx sym.imp.exit
--
subs r6, r5, 0
movs r0, r0
subs r4, r6, 1
movs r0, r0
push {r3, lr}
subs r3, r0, 3
cmp r3, 1
bhi 0x2a32
cmp r0, 4
mov r4, r1
beq 0x2a3e
movs r3, 0
movs r2, 0
ldrd r0, r1, [r4, 4]
blx sym.imp.request_key
subs r2, r0, 0
blt 0x2a36
ldr r1, [0x00002a48]
movs r0, 1
add r1, pc
blx sym.imp.__printf_chk
movs r0, 0
blx sym.imp.exit
--
ldr r0, [r4, 0x10]
bl 0x1ca0
mov r2, r7
mov r3, r0
mov r1, sb
mov r0, r6
blx sym.imp.keyctl_reject
cmp r0, 0
blt 0x2aee
movs r0, 0
blx sym.imp.exit
movs r7, 0x81
b 0x2ab6
ldr r2, [0x00002b30]
ldr r0, [0x00002b34]
ldr r3, [r4, 8]
add r2, pc
ldr r0, [r5, r0]
movs r1, 1
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
mov r0, r4
blx sym.imp.keyctl_unlink
cmp r0, 0
blt 0x2b78
ldr r3, [0x00002bac]
add r3, pc
ldr r3, [r3]
cbnz r3, 0x2b92
movs r0, 1
pop {r3, r4, r5, pc}
ldr r3, [0x00002bb0]
add r3, pc
ldr r3, [r3]
cbnz r3, 0x2b9a
movs r0, 0
pop {r3, r4, r5, pc}
ldr r1, [0x00002bb4]
mov r2, r4
movs r0, 1
add r1, pc
blx sym.imp.__printf_chk
b 0x2b60
movs r0, 0xa
blx sym.imp.putchar
b 0x2b74
ldr r1, [0x00002bb8]
movs r0, 1
add r1, pc
blx sym.imp.__printf_chk
b 0x2b80
nop
--
ldr r3, [r2, r3]
add r7, pc
ldr r3, [r3]
str r3, [sp, 4]
mov.w r3, 0
beq 0x2bdc
bl 0x1b70
ldr r0, [r1, 4]
bl 0x1ca0
mov r1, sp
blx sym.imp.keyctl_read_alloc
subs r6, r0, 0
blt 0x2c5e
beq 0x2c2a
ldr r1, [0x00002c74]
mov r2, r6
movs r0, 1
ldr.w r8, [0x00002c78]
movs r4, 0
add r1, pc
blx sym.imp.__printf_chk
ldr r5, [sp]
add r8, pc
add r6, r5
ldrb r2, [r5], 1
mov r1, r8
adds r4, 1
movs r0, 1
blx sym.imp.__printf_chk
lsls r3, r4, 0x1b
bne 0x2c38
--
blx sym.imp.keyctl_read_alloc
subs r5, r0, 0
blt 0x2e5e
ldr r6, [sp]
beq 0x2e52
blx sym.imp.__ctype_b_loc
subs r3, r6, 1
ldr r1, [r0]
adds r4, r3, r5
b 0x2e18
cmp r4, r3
beq 0x2e52
ldrb r2, [r3, 1]!
ldrh.w r2, [r1, r2, lsl 1]
lsls r2, r2, 0x11
bmi 0x2e14
ldr r1, [0x00002e70]
movs r0, 1
ldr r6, [0x00002e74]
add r1, pc
blx sym.imp.__printf_chk
ldr r4, [sp]
add r6, pc
add r5, r4
ldrb r2, [r4], 1
mov r1, r6
movs r0, 1
blx sym.imp.__printf_chk
cmp r4, r5
bne 0x2e36
--
add r2, pc
ldr r3, [r2, r3]
ldr r2, [r3]
ldr r3, [sp, 0x5c]
eors r2, r3
mov.w r3, 0
bne 0x2fae
mov r0, r4
add sp, 0x64
pop.w {r4, r5, r6, r7, r8, sb, pc}
mov r0, r7
bl 0x1e40
blx sym.imp.__stack_chk_fail
ldr r0, [0x00002fe4]
mov r3, r7
ldr r2, [0x00002fe8]
movs r1, 1
ldr.w r0, [r8, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 1
blx sym.imp.exit
--
ldr r3, [0x000031f8]
movs r2, 0x26
ldr r0, [0x000031fc]
movs r1, 1
ldr r3, [r6, r3]
add r0, pc
ldr r3, [r3]
blx sym.imp.fwrite
movs r0, 2
blx sym.imp.exit
add r2, sp, 4
mov r1, r8
mov r0, r7
blx sym.imp.keyctl_pkey_query
cmp r0, 0
blt 0x31e0
ldr r1, [0x00003200]
movs r0, 1
ldr r2, [r5, -0x38]
add r1, pc
blx sym.imp.__printf_chk
ldr r1, [0x00003204]
movs r0, 1
ldrh r2, [r5, -0x34]
add r1, pc
blx sym.imp.__printf_chk
ldr r1, sym.imp.__sprintf_chk
movs r0, 1
ldrh r2, [r5, -0x32]
add r1, pc
blx sym.imp.__printf_chk
ldr r1, [0x0000320c]
movs r0, 1
ldrh r2, [r5, -0x30]
add r1, pc
blx sym.imp.__printf_chk
ldr r1, sym.imp.__isoc99_sscanf
movs r0, 1
ldrh r2, [r5, -0x2e]
add r1, pc
blx sym.imp.__printf_chk
ldr r3, [r5, -0x3c]
movs r0, 1
ldr r1, [0x00003214]
tst.w r3, 1
ite eq
moveq r2, 0x6e
movne r2, 0x79
add r1, pc
blx sym.imp.__printf_chk
ldr r3, [r5, -0x3c]
movs r0, 1
ldr r1, [0x00003218]
tst.w r3, 2
ite eq
moveq r2, 0x6e
movne r2, 0x79
add r1, pc
blx sym.imp.__printf_chk
ldr r3, [r5, -0x3c]
movs r0, 1
ldr r1, [0x0000321c]
tst.w r3, 4
ite eq
moveq r2, 0x6e
movne r2, 0x79
add r1, pc
blx sym.imp.__printf_chk
ldr r3, [r5, -0x3c]
movs r0, 1
ldr r1, [0x00003220]
tst.w r3, 8
add r1, pc
ite eq
moveq r2, 0x6e
movne r2, 0x79
blx sym.imp.__printf_chk
mov r0, r4
blx sym.imp.exit
--
str r3, [sp, 0xc]
mov.w r3, 0
beq 0x3688
bl 0x1b70
ldr r0, [r1, 0xc]
mov r4, r1
bl 0x1ca0
mov r5, r0
add r0, sp, 8
bl 0x2ccc
ldr r3, [sp, 8]
mov r2, r0
ldrd r0, r1, [r4, 4]
str r5, [sp]
blx sym.imp.add_key
subs r2, r0, 0
blt 0x36ba
ldr r1, [0x000036cc]
movs r0, 1
add r1, pc
blx sym.imp.__printf_chk
movs r0, 0
blx sym.imp.exit
--
push {lr}
sub sp, 0xc
beq 0x36e0
bl 0x1b70
ldr r0, [r1, 8]
mov r4, r1
bl 0x1ca0
mov r5, r0
ldr r0, [0x00003718]
movs r3, 0
ldr r1, [r4, 4]
mov r2, r3
str r5, [sp]
add r0, pc
blx sym.imp.add_key
subs r2, r0, 0
blt 0x370e
ldr r1, [0x0000371c]
movs r0, 1
add r1, pc
blx sym.imp.__printf_chk
movs r0, 0
blx sym.imp.exit
--
sub sp, 0xc
beq 0x3730
bl 0x1b70
mov r4, r1
ldr r0, [r1, 0x10]
bl 0x1ca0
ldr r6, [r4, 0xc]
mov r5, r0
mov r0, r6
blx sym.imp.strlen
mov r2, r6
mov r3, r0
ldrd r0, r1, [r4, 4]
str r5, [sp]
blx sym.imp.add_key
subs r2, r0, 0
blt 0x3764
ldr r1, [0x0000376c]
movs r0, 1
add r1, pc
blx sym.imp.__printf_chk
movs r0, 0
blx sym.imp.exit
--
cmp r0, 1
push {r3, lr}
beq 0x377e
bl 0x1b70
mov r4, r0
movs r0, 0
blx sym.imp.keyctl_join_session_keyring
cmp r0, 0
blt 0x37b8
blx sym.imp.keyctl_session_to_parent
cmp r0, 0
blt 0x37b0
movs r1, 0
mvn r0, 2
blx sym.imp.keyctl_get_keyring_ID
subs r2, r0, 0
blt 0x37c0
ldr r1, [0x000037c8]
mov r0, r4
add r1, pc
blx sym.imp.__printf_chk
movs r0, 0
blx sym.imp.exit
--
ldrb.w r8, [r3]
cmp.w r8, 0
bne 0x3834
ldr r0, [r4, 0xc]
bl 0x1ca0
mov r1, r7
mov r2, r0
mov r0, r6
blx sym.imp.keyctl_negate
cmp r0, 0
blt 0x384c
mov r0, r8
blx sym.imp.exit
ldr r0, [0x00003860]
movs r1, 1
ldr r2, [0x00003864]
ldr r3, [r4, 8]
ldr r0, [r5, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
add r6, pc
ldr r2, [r2]
str r2, [sp, 4]
mov.w r2, 0
bls 0x392c
bl 0x1b70
ldr r0, [r1, 4]
mov r5, r1
bl 0x1ca0
cmp r4, 3
mov r7, r0
beq 0x3960
mov.w r0, -1
mov r1, r7
blx sym.imp.keyctl_get_persistent
subs r2, r0, 0
blt 0x3958
ldr r1, [0x00003998]
movs r0, 1
add r1, pc
blx sym.imp.__printf_chk
movs r0, 0
blx sym.imp.exit
ldr r0, [0x0000399c]
add r0, pc
bl 0x1e40
ldr r0, [r5, 8]
movs r2, 0
mov r1, sp
blx sym.imp.strtoul
ldr r3, [sp]
ldrb r3, [r3]
cmp r3, 0
beq 0x393e
ldr r0, [0x000039a0]
movs r1, 1
ldr r2, [0x000039a4]
ldr r3, [r5, 8]
ldr r0, [r6, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
mov r2, sl
str r0, [sp]
mov r1, sb
ldr r3, [r4, 0x14]
mov r0, r8
ldr r4, [sp, 0x10]
str r7, [sp, 8]
str r4, [sp, 4]
blx sym.imp.keyctl_dh_compute_kdf
subs r2, r0, 0
blt 0x3a90
ldr.w sb, [0x00003ae4]
mov r4, r2
ldr r1, [0x00003ae8]
mov r5, r7
add.w sl, r4, 1
mov.w r8, 0
add sb, pc
movs r0, 1
add r1, pc
blx sym.imp.__printf_chk
ldrb r2, [r5]
mov r1, sb
movs r0, 1
blx sym.imp.__printf_chk
sub.w r3, sl, r4
strb.w r8, [r5]
--
beq 0x3bde
mov r0, r7
movs r7, 0
mov r2, sl
str r5, [sp, 0xc]
mov r1, sb
ldr r3, [r4, 0x14]
str.w r8, [sp, 8]
strd r7, r7, [sp]
blx sym.imp.keyctl_dh_compute_kdf
subs r2, r0, 0
blt 0x3b9e
ldr.w sl, [0x00003bec]
mov r4, r2
ldr r1, [0x00003bf0]
mov r5, r8
add.w sb, r4, 1
movs r0, 1
add sl, pc
add r1, pc
blx sym.imp.__printf_chk
ldrb r2, [r5]
mov r1, sl
movs r0, 1
blx sym.imp.__printf_chk
sub.w r3, sb, r4
strb r7, [r5]
--
ldr r0, [r4, 8]
bl 0x1ca0
mov r1, r0
ldr r0, [r4, 0xc]
mov r4, r1
bl 0x1ca0
mov r1, r4
mov r2, r0
mov r3, sp
mov r0, r5
blx sym.imp.keyctl_dh_compute_alloc
subs r2, r0, 0
blt 0x3cc2
ldr r1, [0x00003cd8]
movs r0, 1
ldr.w sb, [0x00003cdc]
mov r4, r2
add.w r8, r4, 1
movs r7, 0
add r1, pc
blx sym.imp.__printf_chk
ldr r5, [sp]
add sb, pc
ldrb r2, [r5]
mov r1, sb
movs r0, 1
blx sym.imp.__printf_chk
sub.w r3, r8, r4
strb r7, [r5]
--
ldr r0, [r4, 8]
blx sym.imp.strtoul
ldr r3, [sp]
mov r1, r0
ldrb r7, [r3]
cbnz r7, 0x3d64
mov.w r2, -1
mov r0, r6
blx sym.imp.keyctl_chown
cmp r0, 0
blt 0x3d7c
mov r0, r7
blx sym.imp.exit
ldr r0, [0x00003d90]
movs r1, 1
ldr r2, [0x00003d94]
ldr r3, [r4, 8]
ldr r0, [r5, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
ldr r0, [r4, 8]
blx sym.imp.strtoul
ldr r3, [sp]
mov r2, r0
ldrb r7, [r3]
cbnz r7, 0x3dec
mov.w r1, -1
mov r0, r6
blx sym.imp.keyctl_chown
cmp r0, 0
blt 0x3e04
mov r0, r7
blx sym.imp.exit
ldr r0, [0x00003e18]
movs r1, 1
ldr r2, [0x00003e1c]
ldr r3, [r4, 8]
ldr r0, [r5, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 2
blx sym.imp.exit
--
ldrb r1, [r3, 0x10]
ldr r2, [r3, 8]
cbz r1, 0x3f40
cmp r6, r2
blo 0x3ec4
ldr r3, [sp, 0x30]
ldrb r1, [r3, 0x11]
ldr r0, [r3, 4]
cbnz r1, 0x3f46
mov r1, r7
blx sym.imp.memcmp
cmp r0, 0
bne 0x3ec4
ldr r1, [0x00003f54]
mov r3, sl
mov r2, sl
movs r0, 1
str r7, [sp, 4]
add r1, pc
str r4, [sp]
blx sym.imp.__printf_chk
mov r1, r5
mov r0, sb
--
ble.w 0x4148
ldr r1, [0x0000418c]
add r1, pc
strd r3, r2, [sp]
movs r0, 1
ldr r3, [sp, 0x20]
str r1, [sp, 0xc]
ldr r1, [r3]
mov r3, r7
str.w fp, [sp, 0x10]
ldr r2, [r6]
add r2, r1
ldr r1, [0x00004190]
str r2, [sp, 0x14]
ldr r2, [0x00004194]
add r1, pc
add r2, pc
adds r2, 0x18
str r2, [sp, 8]
mov r2, r5
blx sym.imp.__printf_chk
ldr r0, [r6]
ldr r6, [0x00004198]
--
ble 0x414e
ldr r1, [0x000041a8]
add r1, pc
strd r3, r2, [sp]
movs r0, 1
ldr r3, [sp, 0x20]
str r1, [sp, 0xc]
ldr r1, [r3]
mov r3, r7
str.w fp, [sp, 0x10]
ldr r2, [r6]
add r2, r1
ldr r1, [0x000041ac]
str r2, [sp, 0x14]
ldr r2, [0x000041b0]
add r1, pc
add r2, pc
adds r2, 0x18
str r2, [sp, 8]
mov r2, r5
blx sym.imp.__printf_chk
b 0x4042
ldr r1, [0x000041b4]
mov r2, r5
movs r0, 1
add r1, pc
blx sym.imp.__printf_chk
b 0x3f7c
ldr r1, [sp, 0x24]
mov.w r2, 0x20202020
str r2, [r1, r4]
add.w r2, sl, sb
strb r3, [r2, 0x18]
b 0x40c0
ldr r1, [0x000041b8]
add r1, pc
b 0x4018
ldr r1, [0x000041bc]
add r1, pc
b 0x40fe
blx sym.imp.__stack_chk_fail
ldr r0, [0x000041c0]
mov r3, r5
ldr r2, [0x000041c4]
movs r1, 1
ldr r0, [r7, r0]
add r2, pc
ldr r0, [r0]
blx sym.imp.__fprintf_chk
movs r0, 3
blx sym.imp.exit
[*] Function printf used 61 times keyctl
