[*] Binary protection state of libformatname.so
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of libformatname.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libformatname.so @ 0x1a8c */
| #include <stdint.h>
|
; (fcn) fcn.00001a8c () | void fcn_00001a8c (int16_t arg_30h, int16_t arg_34h, int16_t arg_38h, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_0h_2;
| int16_t domain;
| int16_t var_ch;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x00001a8c mvnsmi lr, 0xb4000 | __asm ("mvnsmi lr, 0xb4000");
0x00001a90 mov r4, r2 | r4 = r2;
0x00001a92 mov r5, r1 | r5 = r1;
0x00001a94 mov r1, r4 | r1 = r4;
0x00001a96 mov r2, r3 | r2 = r3;
0x00001a98 sub sp, 0x14 |
0x00001a9a ldr r4, [pc, 0x140] |
0x00001a9c ldr r3, [pc, 0x140] | r3 = *(0x1be0);
0x00001a9e ldr r6, [pc, 0x144] |
0x00001aa0 add r4, pc | r4 = 0x3682;
0x00001aa2 ldr.w r8, [sp, 0x34] | r8 = *(arg_34h);
0x00001aa6 ldr r3, [r4, r3] |
0x00001aa8 ldr r7, [sp, 0x38] | r7 = *(arg_38h);
0x00001aaa add r6, pc | r6 = 0x3694;
0x00001aac ldr r3, [r3] | r3 = *(0x3682);
0x00001aae str r3, [sp, 0xc] | var_ch = r3;
0x00001ab0 mov.w r3, 0 | r3 = 0;
0x00001ab4 ldr r3, [sp, 0x30] | r3 = *(arg_30h);
0x00001ab6 blx 0x1540 | r0 = fcn_00001540 ();
0x00001aba cmp r0, 0 |
| if (r0 == 0) {
0x00001abc beq.w 0x1bca | goto label_5;
| }
0x00001ac0 mov r4, r0 | r4 = r0;
0x00001ac2 cmp r5, 0 |
| if (r5 == 0) {
0x00001ac4 beq 0x1b52 | goto label_1;
| }
0x00001ac6 ldr r0, [pc, 0x120] |
0x00001ac8 add r0, pc | r0 = 0x36b6;
0x00001aca blx 0x14f8 | r0 = fcn_000014f8 ();
0x00001ace mov sb, r0 | sb = r0;
0x00001ad0 cmp r0, 0 |
| if (r0 == 0) {
0x00001ad2 beq 0x1b88 | goto label_6;
| }
0x00001ad4 movs r2, 0xa | r2 = 0xa;
0x00001ad6 movs r1, 0 | r1 = 0;
0x00001ad8 blx 0x15fc | strtol (r0, r1, r2);
0x00001adc ldr r3, [pc, 0x10c] | r3 = *(0x1bec);
0x00001ade str r0, [r4, 0x38] | *((r4 + 0x38)) = r0;
0x00001ae0 ldr r6, [r6, r3] | r6 = *((r6 + r3));
| label_3:
0x00001ae2 ldr r3, [pc, 0x10c] |
0x00001ae4 movs r1, 1 | r1 = 1;
0x00001ae6 ldr r2, [pc, 0x10c] |
0x00001ae8 add.w r0, r4, 0x10 | r0 = r4 + 0x10;
0x00001aec str r5, [sp] | *(sp) = r5;
0x00001aee add r3, pc | r3 = 0x36e4;
0x00001af0 add r2, pc | r2 = 0x36ea;
0x00001af2 blx 0x15a8 | socket (r0, r1, r2);
0x00001af6 ldr r1, [pc, 0x100] |
0x00001af8 movs r2, 0 | r2 = 0;
0x00001afa str r0, [r6] | *(r6) = r0;
0x00001afc ldr r0, [r4, 0x10] | r0 = *((r4 + 0x10));
0x00001afe add r1, pc | r1 = 0x36fc;
0x00001b00 bl 0x1838 | r0 = fcn_00001838 (r0, r1);
0x00001b04 mov r5, r0 | r5 = r0;
| if (r0 == 0) {
0x00001b06 cbz r0, 0x1b6e | goto label_7;
| }
0x00001b08 ldr r1, [pc, 0xf0] |
0x00001b0a add.w r2, r4, 0x34 | r2 = r4 + 0x34;
0x00001b0e add r1, pc | r1 = 0x370e;
0x00001b10 blx 0x1488 | r0 = isoc99_fscanf ();
0x00001b14 cmp r0, 1 |
0x00001b16 mov r0, r5 | r0 = r5;
| if (r0 == 1) {
0x00001b18 beq 0x1b4e | goto label_8;
| }
0x00001b1a bl 0x18a8 | fcn_000018a8 (r0);
| label_2:
0x00001b1e ldr r2, [pc, 0xe0] |
0x00001b20 movs r0, 4 | r0 = 4;
0x00001b22 movs r1, 1 | r1 = 1;
0x00001b24 add r2, pc | r2 = 0x372a;
0x00001b26 blx 0x1658 | fcn_00001658 ();
0x00001b2a mov r0, r4 | r0 = r4;
0x00001b2c blx 0x163c | fcn_0000163c ();
| label_4:
0x00001b30 movs r4, 0 | r4 = 0;
| do {
| label_0:
0x00001b32 ldr r2, [pc, 0xd0] |
0x00001b34 ldr r3, [pc, 0xa8] | r3 = *(0x1be0);
0x00001b36 add r2, pc | r2 = 0x3740;
0x00001b38 ldr r3, [r2, r3] | r3 = *(0x3740);
0x00001b3a ldr r2, [r3] | r2 = *(0x3740);
0x00001b3c ldr r3, [sp, 0xc] | r3 = var_ch;
0x00001b3e eors r2, r3 | r2 ^= r3;
0x00001b40 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00001b44 bne 0x1bd8 | goto label_9;
| }
0x00001b46 mov r0, r4 | r0 = r4;
0x00001b48 add sp, 0x14 |
0x00001b4a pop.w {r4, r5, r6, r7, r8, sb, pc} |
| label_8:
0x00001b4e bl 0x18a8 | fcn_000018a8 (r0);
| label_1:
0x00001b52 cmp.w r8, 0 |
| if (r8 != 0) {
0x00001b56 beq 0x1b60 |
0x00001b58 mov r0, r8 | r0 = r8;
0x00001b5a blx 0x1680 | g_key_file_load_from_file ();
0x00001b5e str r0, [r4, 0x2c] | *((r4 + 0x2c)) = r0;
| }
0x00001b60 cmp r7, 0 |
0x00001b62 beq 0x1b32 |
| } while (r7 == 0);
0x00001b64 mov r0, r7 | r0 = r7;
0x00001b66 blx 0x1680 | g_key_file_load_from_file ();
0x00001b6a str r0, [r4, 0x30] | *((r4 + 0x30)) = r0;
0x00001b6c b 0x1b32 | goto label_0;
| label_7:
0x00001b6e blx 0x174c | r0 = fcn_0000174c ();
0x00001b72 ldr r3, [r0] | r3 = *(r0);
0x00001b74 cmp r3, 2 |
0x00001b76 itt eq |
| if (r3 != 2) {
0x00001b78 moveq r3, 1 | r3 = 1;
| }
| if (r3 == 2) {
0x00001b7a streq r3, [r4, 0x34] | *((r4 + 0x34)) = r3;
| goto label_10;
| }
| if (r3 == 2) {
| label_10:
0x00001b7c beq 0x1b52 | goto label_1;
| }
0x00001b7e ldr r0, [r4, 0x10] | r0 = *((r4 + 0x10));
0x00001b80 blx 0x159c | asprintf_chk ()
0x00001b84 str r5, [r4, 0x10] | *((r4 + 0x10)) = r5;
0x00001b86 b 0x1b1e | goto label_2;
| label_6:
0x00001b88 ldr r3, [pc, 0x7c] |
0x00001b8a movs r1, 1 | r1 = 1;
0x00001b8c ldr r2, [pc, 0x7c] |
0x00001b8e add r0, sp, 8 | r0 += domain;
0x00001b90 str r5, [sp] | *(sp) = r5;
0x00001b92 add r3, pc | r3 = 0x379e;
0x00001b94 add r2, pc | r2 = 0x37a4;
0x00001b96 blx 0x15a8 | socket (r0, r1, r2);
0x00001b9a ldr r3, [pc, 0x50] | r3 = *(0x1bee);
0x00001b9c mov r2, sb | r2 = sb;
0x00001b9e ldr r1, [pc, 0x70] |
0x00001ba0 ldr r6, [r6, r3] | r6 = *((r6 + r3));
0x00001ba2 add r1, pc | r1 = 0x37b8;
0x00001ba4 str r0, [r6] | *(r6) = r0;
0x00001ba6 ldr r0, [sp, 8] | r0 = domain;
0x00001ba8 bl 0x1838 | r0 = fcn_00001838 (r0, r1);
0x00001bac mov sb, r0 | sb = r0;
| if (r0 != 0) {
0x00001bae cbz r0, 0x1bc2 |
0x00001bb0 ldr r1, [pc, 0x60] |
0x00001bb2 add.w r2, r4, 0x38 | r2 = r4 + 0x38;
0x00001bb6 add r1, pc | r1 = 0x37ce;
0x00001bb8 blx 0x1488 | isoc99_fscanf ();
0x00001bbc mov r0, sb | r0 = sb;
0x00001bbe bl 0x18a8 | fcn_000018a8 (r0);
| }
0x00001bc2 ldr r0, [sp, 8] | r0 = domain;
0x00001bc4 blx 0x159c | asprintf_chk ()
0x00001bc8 b 0x1ae2 | goto label_3;
| label_5:
0x00001bca ldr r2, [pc, 0x4c] |
0x00001bcc movs r1, 1 | r1 = 1;
0x00001bce movs r0, 4 | r0 = 4;
0x00001bd0 add r2, pc | r2 = 0x37ee;
0x00001bd2 blx 0x1658 | fcn_00001658 ();
0x00001bd6 b 0x1b30 | goto label_4;
| label_9:
0x00001bd8 blx 0x16b0 | getifaddrs ();
0x00001bdc add r0, r5 | r0 += r5;
0x00001bde movs r0, r0 |
0x00001be0 lsls r4, r5, 4 | r4 = r5 << 4;
0x00001be2 movs r0, r0 |
0x00001be4 add r6, r3 | r6 += r3;
0x00001be6 movs r0, r0 |
0x00001be8 movs r5, 0xa0 | r5 = 0xa0;
0x00001bea movs r0, r0 |
0x00001bec lsls r0, r5, 4 | r0 = r5 << 4;
0x00001bee movs r0, r0 |
0x00001bf0 movs r5, 0xb2 | r5 = 0xb2;
0x00001bf2 movs r0, r0 |
0x00001bf4 movs r5, 0xc0 | r5 = 0xc0;
0x00001bf6 movs r0, r0 |
0x00001bf8 movs r5, 0x96 | r5 = 0x96;
0x00001bfa movs r0, r0 |
0x00001bfc movs r5, 0xae | r5 = 0xae;
0x00001bfe movs r0, r0 |
0x00001c00 movs r5, 0xa4 | r5 = 0xa4;
0x00001c02 movs r0, r0 |
0x00001c04 bics r2, r2 | __asm ("bics r2, r2");
0x00001c06 movs r0, r0 |
0x00001c08 movs r4, 0xea | r4 = 0xea;
0x00001c0a movs r0, r0 |
0x00001c0c movs r4, 0xf4 | r4 = 0xf4;
0x00001c0e movs r0, r0 |
0x00001c10 movs r4, 0xf2 | r4 = 0xf2;
0x00001c12 movs r0, r0 |
0x00001c14 movs r4, 0xe2 | r4 = 0xe2;
0x00001c16 movs r0, r0 |
0x00001c18 movs r4, 0x70 | r4 = 0x70;
0x00001c1a movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libformatname.so @ 0x1a3c */
| #include <stdint.h>
|
; (fcn) sym.formatname_free () | void formatname_free (int16_t arg1) {
| r0 = arg1;
| do {
0x00001598 invalid | void (*0x159c)() ();
0x00001a3c push {r4, lr} |
0x00001a3e mov r4, r0 | r4 = r0;
0x00001a40 ldr r0, [r0, 0x10] | r0 = *((r0 + 0x10));
0x00001a42 blx 0x159c | asprintf_chk ()
0x00001a46 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x00001a48 blx 0x159c | asprintf_chk ()
0x00001a4c ldr r0, [r4, 0xc] | r0 = *((r4 + 0xc));
0x00001a4e blx 0x159c | asprintf_chk ()
0x00001a52 ldr r0, [r4, 8] | r0 = *((r4 + 8));
0x00001a54 blx 0x159c | asprintf_chk ()
0x00001a58 ldr r0, [r4, 0x1c] | r0 = *((r4 + 0x1c));
0x00001a5a blx 0x159c | asprintf_chk ()
0x00001a5e ldr r0, [r4, 0x20] | r0 = *((r4 + 0x20));
0x00001a60 blx 0x159c | asprintf_chk ()
0x00001a64 ldr r0, [r4, 0x18] | r0 = *((r4 + 0x18));
0x00001a66 blx 0x159c | asprintf_chk ()
0x00001a6a ldr r0, [r4, 0x24] | r0 = *((r4 + 0x24));
0x00001a6c blx 0x159c | asprintf_chk ()
0x00001a70 ldr r0, [r4, 0x28] | r0 = *((r4 + 0x28));
0x00001a72 blx 0x159c | asprintf_chk ()
0x00001a76 ldr r0, [r4, 0x2c] | r0 = *((r4 + 0x2c));
0x00001a78 blx 0x159c | asprintf_chk ()
0x00001a7c ldr r0, [r4, 0x30] | r0 = *((r4 + 0x30));
0x00001a7e blx 0x159c | asprintf_chk ()
0x00001a82 mov r0, r4 | r0 = r4;
0x00001a84 pop.w {r4, lr} |
0x00001a88 b.w 0x1598 |
| } while (1);
| }
r2dec has crashed (info: /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libformatname.so @ 0x2084).
Please report the bug at https://github.com/radareorg/r2dec-js/issues
Use the option '--issue' or the command 'pddi' to generate
the needed data for the issue.
[*] Function sprintf used 14 times libformatname.so
