[*] Binary protection state of ld-linux-armhf.so.3
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of ld-linux-armhf.so.3
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/ld-linux-armhf.so.3 @ 0xff34 */
| #include <stdint.h>
|
; (fcn) fcn.0000ff34 () | void fcn_0000ff34 (int16_t arg1, int16_t arg2) {
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_14h;
| int32_t var_14h_2;
| int16_t var_1ch;
| int16_t var_20h;
| int16_t var_2ch;
| int16_t var_34h;
| int16_t var_38h;
| int16_t var_44h;
| int16_t var_5ch;
| int32_t var_5ch_2;
| int16_t var_64h;
| int32_t var_64h_2;
| int16_t var_7ch;
| int16_t var_84h;
| int16_t var_88h;
| int16_t var_a4h;
| int16_t var_ech;
| int16_t var_f0h;
| r0 = arg1;
| r1 = arg2;
0x0000ff34 push {r1, r2, r4, r6, r8, sb, fp, lr} |
0x0000ff38 ldr r7, [pc, 0x3c0] | r7 = *(0x102fc);
0x0000ff3a mov r4, r0 | r4 = r0;
0x0000ff3c ldr r6, [pc, 0x154] |
0x0000ff3e mov r5, r1 | r5 = r1;
0x0000ff40 add r3, pc | r3 += pc;
0x0000ff42 sub sp, 0xf4 |
0x0000ff44 str r0, [r3] | *(r3) = r0;
0x0000ff46 ldr r2, [pc, 0x150] |
0x0000ff48 add r6, pc | r6 = 0x1ffe0;
0x0000ff4a ldr r3, [r4], 4 | r3 = *(r4);
| r4 += 4;
0x0000ff4e add r2, pc | r2 = 0x1ffec;
0x0000ff50 str r3, [r6] | *(r6) = r3;
0x0000ff52 adds r3, 1 | r3++;
0x0000ff54 str r4, [r2] | *(r2) = r4;
0x0000ff56 ldr.w r1, [r4, r3, lsl 2] | offset_0 = r3 << 2;
| r1 = *((r4 + offset_0));
0x0000ff5a add.w r4, r4, r3, lsl 2 | r4 += (r3 << 2);
0x0000ff5e ldr r2, [pc, 0x13c] |
0x0000ff60 mov r7, r4 | r7 = r4;
0x0000ff62 add r2, pc | r2 = 0x20004;
0x0000ff64 str r4, [r2] | *(r2) = r4;
| if (r1 == 0) {
0x0000ff66 cbz r1, 0xff70 | goto label_3;
| }
| do {
0x0000ff68 ldr r3, [r7, 4]! | r3 = *((r7 += 4));
0x0000ff6c cmp r3, 0 |
0x0000ff6e bne 0xff68 |
| } while (r3 != 0);
| label_3:
0x0000ff70 ldr r3, [pc, 0x12c] |
0x0000ff72 movs r2, 0xcc | r2 = 0xcc;
0x0000ff74 movs r1, 0 | r1 = 0;
0x0000ff76 adds r6, r7, 4 | r6 = r7 + 4;
0x0000ff78 add r0, sp, 0x20 | r0 += var_20h;
0x0000ff7a add r3, pc | r3 = 0x2001e;
0x0000ff7c str r6, [r3, 0x48] | *((r3 + 0x48)) = r6;
0x0000ff7e blx 0x159e0 | fcn_000159e0 (r0, r1);
0x0000ff82 ldr r0, [pc, 0x120] |
0x0000ff84 mov.w r2, 0x1000 | r2 = 0x1000;
0x0000ff88 ldr r3, [r7, 4] | r3 = *((r7 + 4));
0x0000ff8a mov.w r1, 0x800 | r1 = 0x800;
0x0000ff8e str r2, [sp, 0x38] | var_38h = r2;
0x0000ff90 add r0, pc | r0 = 0x2003a;
0x0000ff92 str r1, [sp, 0xec] | var_ech = r1;
0x0000ff94 str r0, [sp, 0x44] | var_44h = r0;
0x0000ff96 cmp r3, 0 |
| if (r3 == 0) {
0x0000ff98 beq 0x1006e | goto label_4;
| }
0x0000ff9a mov r2, r6 | r2 = r6;
| do {
0x0000ff9c cmp r3, 0x33 |
0x0000ff9e add r1, sp, 0xf0 | r1 += var_f0h;
0x0000ffa0 add.w r3, r1, r3, lsl 2 | r3 = r1 + (r3 << 2);
0x0000ffa4 itt ls |
| if (r3 > 0x33) {
0x0000ffa6 ldrls r1, [r2, 4] | r1 = *((r2 + 4));
| }
| if (r3 > 0x33) {
0x0000ffa8 strls r1, [r3, -0xd0] | *((r3 - 0xd0)) = r1;
| }
0x0000ffac ldr r3, [r2, 8]! | r3 = *((r2 += 8));
0x0000ffb0 cmp r3, 0 |
0x0000ffb2 bne 0xff9c |
| } while (r3 != 0);
0x0000ffb4 ldrd ip, r7, [sp, 0x64] | __asm ("ldrd ip, r7, [var_64h]");
0x0000ffb8 movs r1, 0 | r1 = 0;
0x0000ffba ldr.w fp, [sp, 0x2c] | fp = var_2ch;
0x0000ffbe mov lr, r1 | lr = r1;
0x0000ffc0 ldr r3, [sp, 0x34] | r3 = var_34h;
0x0000ffc2 str r7, [sp, 4] | var_4h = r7;
0x0000ffc4 ldr r7, [sp, 0x84] | r7 = var_84h;
0x0000ffc6 ldr r0, [sp, 0x44] | r0 = var_44h;
0x0000ffc8 ldr r2, [sp, 0x38] | r2 = var_38h;
0x0000ffca str r7, [sp, 8] | var_8h = r7;
0x0000ffcc ldr r7, [sp, 0xec] | r7 = var_ech;
0x0000ffce ldr r6, [sp, 0x7c] | r6 = var_7ch;
0x0000ffd0 ldrd sl, sb, [sp, 0x5c] | __asm ("ldrd sl, sb, [var_5ch]");
0x0000ffd4 str r7, [sp, 0xc] | var_ch = r7;
0x0000ffd6 ldr.w r8, [sp, 0x88] | r8 = var_88h;
0x0000ffda ldr r7, [sp, 0xa4] | r7 = var_a4h;
| label_1:
0x0000ffdc str r0, [sp, 0x1c] | var_1ch = r0;
0x0000ffde mov r0, r4 | r0 = r4;
0x0000ffe0 ldr r4, [pc, 0xc4] |
0x0000ffe2 strd fp, r3, [sp, 0x14] | __asm ("strd fp, r3, [var_14h]");
0x0000ffe6 ldr r3, [sp, 4] | r3 = var_4h;
0x0000ffe8 add r4, pc | r4 = 0x20094;
0x0000ffea str r2, [r4, 0xc] | *((r4 + 0xc)) = r2;
0x0000ffec str r3, [r4, 0x38] | *((r4 + 0x38)) = r3;
0x0000ffee ldr r3, [sp, 0xc] | r3 = var_ch;
0x0000fff0 ldr r2, [sp, 8] | r2 = var_8h;
0x0000fff2 strd sb, r1, [r4, 0x40] | __asm ("strd sb, r1, [r4, 0x40]");
0x0000fff6 str r3, [r4, 0x10] | *((r4 + 0x10)) = r3;
0x0000fff8 ldr r3, [pc, 0xb0] |
0x0000fffa strd r8, lr, [r4, 0x190] | __asm ("strd r8, lr, [r4, 0x190]");
0x0000fffe str.w ip, [r4, 0x20] | __asm ("str.w ip, [r4, 0x20]");
0x00010000 stm r0!, {r5} | *(r0!) = r5;
0x00010002 add r3, pc | r3 = 0x200b2;
0x00010004 str.w sl, [r4, 4] | __asm ("str.w sl, [r4, 4]");
0x00010008 str r6, [r3, 4] | *((r3 + 4)) = r6;
0x0001000a str r2, [r3, 8] | *((r3 + 8)) = r2;
0x0001000c str.w r7, [r4, 0x17c] | __asm ("str.w r7, [r4, 0x17c]");
0x00010010 bl 0xda94 | r0 = fcn_0000da94 (r0);
0x00010014 bl 0xb900 | fcn_0000b900 ();
0x00010018 movs r0, 0 | r0 = 0;
0x0001001a bl 0x13fd8 | fcn_00013fd8 (r0);
0x0001001e ldr r0, [r4, 4] | r0 = *(0x20098);
| if (r0 == 0) {
0x00010020 cbz r0, 0x1002c | goto label_5;
| }
0x00010022 ldrb r3, [r0] | r3 = *(r0);
| if (r3 == 0) {
0x00010024 cbz r3, 0x10058 | goto label_6;
| }
0x00010026 bl 0x161c0 | fcn_000161c0 (r0, r1);
0x0001002a str r0, [r4, 8] | *((r4 + 8)) = r0;
| do {
| label_5:
0x0001002c movs r0, 0 | r0 = 0;
0x0001002e bl 0x1400c | fcn_0001400c (r0);
0x00010032 ldr r3, [pc, 0x7c] |
0x00010034 add r3, pc | r3 = 0x200ea;
0x00010036 cmp r0, r3 |
| if (r0 == r3) {
0x00010038 beq 0x1005c | goto label_7;
| }
| label_0:
0x0001003a ldr r3, [pc, 0x78] |
0x0001003c add r3, pc |
0x0001003e ldr r3, [r3, 4] | r3 = *(0x200fa);
| if (r3 != 0) {
0x00010040 cbnz r3, 0x10088 | goto label_8;
| }
| label_2:
0x00010042 ldr r3, [pc, 0x74] |
0x00010044 add r2, sp, 0x1c | r2 += var_1ch;
0x00010046 ldrd r0, r1, [sp, 0x14] | __asm ("ldrd r0, r1, [var_14h]");
0x0001004a add r3, pc |
0x0001004c ldr r3, [r3, 0x48] | r3 = *(0x20150);
0x0001004e blx r5 | uint32_t (*r5)(uint32_t, uint32_t, uint32_t) (r0, r2, r3);
0x00010050 ldr r0, [sp, 0x1c] | r0 = var_1ch;
0x00010052 add sp, 0xf4 |
0x00010054 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_6:
0x00010058 str r3, [r4, 4] | *((r4 + 4)) = r3;
0x0001005a b 0x1002c |
| } while (1);
| label_7:
0x0001005c ldr r3, [pc, 0x5c] |
0x0001005e add r3, pc | r3 = 0x2011e;
0x00010060 ldr r2, [r3, 0xc] | r2 = *(0x2012a);
0x00010062 subs r3, r2, 1 | r3 = r2 - 1;
0x00010064 ands r0, r3 | r0 &= r3;
0x00010066 subs r0, r2, r0 | r0 = r2 - r0;
0x00010068 bl 0x1400c | fcn_0001400c (r0);
0x0001006c b 0x1003a | goto label_0;
| label_4:
0x0001006e str r1, [sp, 0xc] | var_ch = r1;
0x00010070 mov r7, r3 | r7 = r3;
0x00010072 mov ip, r3 |
0x00010074 mov r8, r3 | r8 = r3;
0x00010076 mov lr, r3 | lr = r3;
0x00010078 mov sb, r3 | sb = r3;
0x0001007a mov r1, r3 | r1 = r3;
0x0001007c mov sl, r3 | sl = r3;
0x0001007e mov r6, r3 | r6 = r3;
0x00010080 mov fp, r3 |
0x00010082 str r3, [sp, 4] | var_4h = r3;
0x00010084 str r3, [sp, 8] | var_8h = r3;
0x00010086 b 0xffdc | goto label_1;
| label_8:
0x00010088 bl 0x146d4 | fcn_000146d4 ();
0x0001008c b 0x10042 | goto label_2;
| }
[*] Function fprintf used 1 times ld-linux-armhf.so.3