[*] Binary protection state of debugfs
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of debugfs
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/sbin/debugfs @ 0x10a64 */
| #include <stdint.h>
|
; (fcn) fcn.00010a64 () | void fcn_00010a64 (int16_t arg_1h, int16_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_0h;
| int16_t var_ch;
| int16_t var_14h;
| int16_t var_18h;
| int16_t var_1ch;
| int16_t var_0h_2;
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_10h;
| int16_t var_2ch;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
| label_0:
0x000056c0 bx pc | return void (*pc)() ();
0x00010a64 push {r4, r5, r6, r7, lr} |
0x00010a66 mov r5, r2 | r5 = r2;
0x00010a68 ldr r2, [pc, 0x98] |
0x00010a6a mov r6, r3 | r6 = r3;
0x00010a6c sub sp, 0x34 |
0x00010a6e mov r4, r0 | r4 = r0;
0x00010a70 ldr r3, [pc, 0x94] | r3 = *(0x10b08);
0x00010a72 add r2, pc | r2 = 0x2157a;
0x00010a74 ldr r3, [r2, r3] |
0x00010a76 ldr r3, [r3] | r3 = *(0x2157a);
0x00010a78 str r3, [sp, 0x2c] | var_2ch = r3;
0x00010a7a mov.w r3, 0 | r3 = 0;
| if (r0 != 0) {
0x00010a7e cbz r0, 0x10a9a |
0x00010a80 ldr r2, [pc, 0x88] |
0x00010a82 movs r3, 0 | r3 = 0;
0x00010a84 str r3, [sp, 8] | var_8h = r3;
0x00010a86 movs r3, 1 | r3 = 1;
0x00010a88 mov r0, r1 | r0 = r1;
0x00010a8a str r4, [sp] | *(sp) = r4;
0x00010a8c add r2, pc | r2 = "Filesystem opened readonly";
0x00010a8e mov r1, r5 | r1 = r5;
0x00010a90 str r2, [sp, 4] | var_4h = r2;
0x00010a92 mov r2, r3 | r2 = r3;
0x00010a94 bl 0xac94 | r0 = fcn_0000ac94 (r0, r1, "Filesystem opened readonly", r3);
| if (r0 != 0) {
0x00010a98 cbnz r0, 0x10ab8 | goto label_1;
| }
| }
0x00010a9a ldr r3, [pc, 0x74] |
0x00010a9c add r3, pc | r3 = 0x215b2;
0x00010a9e ldr r4, [r3] | r4 = *(0x215b2);
| if (r4 == 0) {
0x00010aa0 cbz r4, 0x10ada | goto label_2;
| }
0x00010aa2 add r7, sp, 0x10 | r7 += var_10h;
0x00010aa4 mov r1, r6 | r1 = r6;
0x00010aa6 mov r2, r7 | r2 = r7;
0x00010aa8 mov r0, r4 | r0 = r4;
0x00010aaa blx 0x4fc8 | r0 = ext2fs_extent_get ();
0x00010aae mov r1, r0 | r1 = r0;
| if (r0 != 0) {
0x00010ab0 cbnz r0, 0x10ad0 | goto label_3;
| }
0x00010ab2 mov r0, r7 | r0 = r7;
0x00010ab4 bl 0x109a4 | fcn_000109a4 (r0, r1);
| do {
| label_1:
0x00010ab8 ldr r2, [pc, 0x58] |
0x00010aba ldr r3, [pc, 0x4c] | r3 = *(0x10b0a);
0x00010abc add r2, pc | r2 = 0x215d4;
0x00010abe ldr r3, [r2, r3] | r3 = *(0x215d4);
0x00010ac0 ldr r2, [r3] | r2 = *(0x215d4);
0x00010ac2 ldr r3, [sp, 0x2c] | r3 = var_2ch;
0x00010ac4 eors r2, r3 | r2 ^= r3;
0x00010ac6 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00010aca bne 0x10b00 | goto label_4;
| }
0x00010acc add sp, 0x34 |
0x00010ace pop {r4, r5, r6, r7, pc} |
| label_3:
0x00010ad0 ldr r0, [r5] | r0 = *(r5);
0x00010ad2 movs r2, 0 | r2 = 0;
0x00010ad4 blx 0x50ec | fcn_000050ec ();
0x00010ad8 b 0x10ab8 |
| } while (1);
| label_2:
0x00010ada ldr r2, [pc, 0x3c] |
0x00010adc ldr r3, [pc, 0x28] | r3 = *(0x10b08);
0x00010ade add r2, pc | r2 = 0x215fc;
0x00010ae0 ldr r3, [r2, r3] | r3 = *(0x215fc);
0x00010ae2 ldr r2, [r3] | r2 = *(0x215fc);
0x00010ae4 ldr r3, [sp, 0x2c] | r3 = var_2ch;
0x00010ae6 eors r2, r3 | r2 ^= r3;
0x00010ae8 mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x00010aec bne 0x10b00 |
0x00010aee ldr r2, [pc, 0x2c] |
0x00010af0 mov r1, r4 | r1 = r4;
0x00010af2 ldr r0, [r5] | r0 = *(r5);
0x00010af4 add r2, pc | r2 = 0x21616;
0x00010af6 add sp, 0x34 |
0x00010af8 pop.w {r4, r5, r6, r7, lr} |
0x00010afc b.w 0x50e8 | void (*0x50e8)() ();
| }
| label_4:
0x00010b00 blx 0x55b8 | fcn_000055b8 ();
0x00010b04 str r6, [r4, r4] | *((r4 + r4)) = r6;
0x00010b06 movs r1, r0 | r1 = r0;
0x00010b08 lsls r0, r5, 0x10 | r0 = r5 << 0x10;
0x00010b0a movs r0, r0 |
0x00010b0c asrs r0, r1, 0x20 | r0 = r1 >> 0x20;
0x00010b0e movs r1, r0 | r1 = r0;
0x00010b10 strb r0, [r3] | *(r3) = r0;
0x00010b12 movs r1, r0 | r1 = r0;
0x00010b14 str r4, [r3, r3] | *((r3 + r3)) = r4;
0x00010b16 movs r1, r0 | r1 = r0;
0x00010b18 str r2, [r7, r2] | *((r7 + r2)) = r2;
0x00010b1a movs r1, r0 | r1 = r0;
0x00010b1c lsls r0, r7, 0xa | r0 = r7 << 0xa;
0x00010b1e movs r1, r0 | r1 = r0;
0x00010b20 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00010b24 mov r6, r2 | r6 = r2;
0x00010b26 ldr r2, [pc, 0x154] |
0x00010b28 sub sp, 0x24 |
0x00010b2a mov r5, r0 | r5 = r0;
0x00010b2c mov r4, r1 | r4 = r1;
0x00010b2e ldr r3, [pc, 0x150] | r3 = *(0x10c82);
0x00010b30 add r2, pc | r2 = 0x217b2;
0x00010b32 ldr r7, [pc, 0x150] |
0x00010b34 ldr r0, [r1] | r0 = *(r1);
0x00010b36 ldr r3, [r2, r3] |
0x00010b38 add r7, pc | r7 = 0x217c2;
0x00010b3a ldr r3, [r3] | r3 = *(0x217b2);
0x00010b3c str r3, [sp, 0x1c] | var_1ch = r3;
0x00010b3e mov.w r3, 0 | r3 = 0;
0x00010b42 bl 0xa6e0 | r0 = fcn_0000a6e0 ();
0x00010b46 cmp r0, 0 |
| if (r0 != 0) {
0x00010b48 bne 0x10bf4 | goto label_5;
| }
0x00010b4a cmp r5, 1 |
| if (r5 == 1) {
0x00010b4c beq 0x10c0e | goto label_6;
| }
0x00010b4e mov r3, r0 | r3 = r0;
0x00010b50 add r2, sp, 0x14 | r2 += var_14h;
0x00010b52 mov r0, r5 | r0 = r5;
0x00010b54 mov r1, r4 | r1 = r4;
0x00010b56 bl 0xad54 | r0 = fcn_0000ad54 (r0, r1, r2, r3);
0x00010b5a cmp r0, 0 |
| if (r0 != 0) {
0x00010b5c bne 0x10bf4 | goto label_5;
| }
0x00010b5e ldr.w r8, [pc, 0x128] |
0x00010b62 ldr r3, [pc, 0x128] | r3 = *(0x10c8e);
0x00010b64 ldr r1, [sp, 0x14] | r1 = var_14h;
0x00010b66 add r8, pc | r8 = "project";
0x00010b68 str.w r0, [r8, 4] | __asm ("str.w r0, [r8, 4]");
0x00010b6c mov r2, r8 | r2 = r8;
0x00010b6e ldr r3, [r7, r3] | r3 = *((r7 + r3));
0x00010b70 ldr r0, [r3] | r0 = *(0x10c8e);
0x00010b72 blx 0x5970 | r0 = ext2fs_blocks_count_set ();
0x00010b76 mov sb, r0 | sb = r0;
0x00010b78 cmp r0, 0 |
| if (r0 != 0) {
0x00010b7a bne 0x10c5c | goto label_7;
| }
0x00010b7c ldr r3, [sp, 0x14] | r3 = var_14h;
0x00010b7e mov r0, r6 | r0 = r6;
0x00010b80 str.w r3, [r8, 4] | __asm ("str.w r3, [r8, 4]");
0x00010b84 blx 0x5748 | r0 = ext2fs_get_pathname ();
0x00010b88 mov sl, r0 | sl = r0;
0x00010b8a str.w r0, [r8, 8] | __asm ("str.w r0, [r8, 8]");
0x00010b8e blx 0x5324 | r0 = fcn_00005324 ();
0x00010b92 mov fp, r0 |
0x00010b94 adds r0, 0x20 | r0 += 0x20;
0x00010b96 blx 0x55a0 | r0 = fcn_000055a0 ();
0x00010b9a mov r5, r0 | r5 = r0;
0x00010b9c str.w r0, [r8, 0xc] | __asm ("str.w r0, [r8, 0xc]");
0x00010ba0 cmp r0, 0 |
| if (r0 == 0) {
0x00010ba2 beq 0x10c6e | goto label_8;
| }
0x00010ba4 mov r1, sl | r1 = sl;
0x00010ba6 add.w r2, fp, 1 | r2 += arg_1h;
0x00010baa blx 0x5378 | fcn_00005378 ();
0x00010bae movs r1, 0x3a | r1 = 0x3a;
0x00010bb0 mov r0, r5 | r0 = r5;
0x00010bb2 blx 0x5014 | r0 = fcn_00005014 ();
| if (r0 != 0) {
0x00010bb6 cbz r0, 0x10bbc |
0x00010bb8 strb.w sb, [r0] | *(r0) = sb;
| }
0x00010bbc ldr r4, [pc, 0xd0] |
0x00010bbe mov r0, r5 | r0 = r5;
0x00010bc0 blx 0x5324 | fcn_00005324 ();
0x00010bc4 ldr r3, [pc, 0xcc] |
0x00010bc6 movs r1, 1 | r1 = 1;
0x00010bc8 add r4, pc | r4 = 0x2185c;
0x00010bca add r0, r5 | r0 += r5;
0x00010bcc ldr r2, [r4, 4] | r2 = *(0x21860);
0x00010bce add r3, pc | r3 = 0x21866;
0x00010bd0 str r2, [sp] | *(sp) = r2;
0x00010bd2 mov.w r2, -1 | r2 = -1;
0x00010bd6 blx 0x57f0 | ext2fs_inode_bitmap_loc ();
0x00010bda ldr r2, [pc, 0xbc] | r2 = *(0x10c9a);
0x00010bdc mov r0, r6 | r0 = r6;
0x00010bde add r3, sp, 0x18 | r3 += var_18h;
0x00010be0 ldr r2, [r7, r2] | r2 = *((r7 + r2));
0x00010be2 mov r1, r2 | r1 = r2;
0x00010be4 str r2, [sp, 0xc] | var_ch = r2;
0x00010be6 movs r2, 1 | r2 = 1;
0x00010be8 blx 0x539c | fcn_0000539c ();
0x00010bec ldr r1, [r4, 0xc] | r1 = *(0x21868);
0x00010bee mov r0, r6 | r0 = r6;
0x00010bf0 blx 0x5638 | fcn_00005638 ();
| do {
| label_5:
0x00010bf4 ldr r2, [pc, 0xa4] |
0x00010bf6 ldr r3, [pc, 0x88] | r3 = *(0x10c82);
0x00010bf8 add r2, pc | r2 = 0x21898;
0x00010bfa ldr r3, [r2, r3] | r3 = *(0x21898);
0x00010bfc ldr r2, [r3] | r2 = *(0x21898);
0x00010bfe ldr r3, [sp, 0x1c] | r3 = var_1ch;
0x00010c00 eors r2, r3 | r2 ^= r3;
0x00010c02 mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x00010c06 bne 0x10c6a |
0x00010c08 add sp, 0x24 |
0x00010c0a pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_6:
0x00010c0e ldr r3, [pc, 0x90] |
0x00010c10 add r3, pc | r3 = 0x218b6;
0x00010c12 ldr r2, [r3, 4] | r2 = *(0x218ba);
| if (r2 != 0) {
0x00010c14 cbz r2, 0x10c3a |
0x00010c16 ldr r1, [pc, 0x8c] |
0x00010c18 ldr r3, [pc, 0x64] | r3 = *(0x10c80);
0x00010c1a add r1, pc | r1 = 0x218c4;
0x00010c1c ldr r3, [r1, r3] | r3 = *(0x218c4);
0x00010c1e ldr r1, [r3] | r1 = *(0x218c4);
0x00010c20 ldr r3, [sp, 0x1c] | r3 = var_1ch;
0x00010c22 eors r1, r3 | r1 ^= r3;
0x00010c24 mov.w r3, 0 | r3 = 0;
| if (r1 != r3) {
0x00010c28 bne 0x10c6a | goto label_9;
| }
0x00010c2a ldr r1, [pc, 0x7c] |
0x00010c2c mov r0, r5 | r0 = r5;
0x00010c2e add r1, pc | r1 = "name = ";
0x00010c30 add sp, 0x24 |
0x00010c32 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00010c34 ldr r7, [pc, 0x3c0] | r7 = *(0x10ff8);
0x00010c36 b.w 0x5004 | void (*0x5004)() ();
| }
0x00010c3a ldr r2, [pc, 0x70] |
0x00010c3c ldr r3, [pc, 0x40] | r3 = *(0x10c80);
0x00010c3e add r2, pc | r2 = 0x218f0;
0x00010c40 ldr r3, [r2, r3] | r3 = *(0x218f0);
0x00010c42 ldr r2, [r3] | r2 = *(0x218f0);
0x00010c44 ldr r3, [sp, 0x1c] | r3 = var_1ch;
0x00010c46 eors r2, r3 | r2 ^= r3;
0x00010c48 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00010c4c bne 0x10c6a | goto label_9;
| }
0x00010c4e ldr r0, [pc, 0x60] |
0x00010c50 add r0, pc | r0 = 0x21906;
0x00010c52 add sp, 0x24 |
0x00010c54 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00010c58 b.w 0x56c0 | goto label_0;
| label_7:
0x00010c5c ldr r2, [pc, 0x54] |
0x00010c5e mov r1, sb | r1 = sb;
0x00010c60 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x00010c62 add r2, pc | r2 = 0x2191a;
0x00010c64 blx 0x50ec | fcn_000050ec ();
0x00010c66 orr.w r7, r2, r4, lsl 27 | r7 = r2 | (r4 << 27);
| }
| label_9:
0x00010c6a blx 0x55b8 | fcn_000055b8 ();
| label_8:
0x00010c6e ldr r2, [pc, 0x48] |
0x00010c70 mov r1, r5 | r1 = r5;
0x00010c72 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x00010c74 add r2, pc | r2 = 0x21932;
0x00010c76 blx 0x50ec | fcn_000050ec ();
0x00010c7a b 0x10bf4 |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/sbin/debugfs @ 0x144e4 */
| #include <stdint.h>
|
; (fcn) fcn.000144e4 () | void fcn_000144e4 (int16_t arg1) {
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_ch;
| r0 = arg1;
| label_1:
0x000144e4 ldr r2, [pc, 0x80] |
0x000144e6 ldr r3, [pc, 0x84] | r3 = *(0x1456e);
0x000144e8 push {r4, r5, lr} |
0x000144ea sub sp, 0x14 |
0x000144ec add r2, pc | r2 = 0x28a58;
0x000144ee ldr.w ip, [pc, 0x80] |
0x000144f0 stm r0!, {r7} | *(r0!) = r7;
0x000144f2 add r5, sp, 4 | r5 += var_4h;
0x000144f4 mov r4, r0 | r4 = r0;
0x000144f6 ldr r3, [r2, r3] |
0x000144f8 mov r2, r5 | r2 = r5;
0x000144fa ldr.w lr, [pc, 0x78] | lr = *(0x14576);
0x000144fe add ip, pc | ip = 0x28a74;
0x00014500 ldr r3, [r3] | r3 = imp.__aeabi_unwind_cpp_pr0;
0x00014502 str r3, [sp, 0xc] | var_ch = r3;
0x00014504 mov.w r3, 0 | r3 = 0;
0x00014508 ldr.w r3, [ip, lr] | r3 = imp.__aeabi_unwind_cpp_pr0;
0x0001450c ldr r0, [r3] | r0 = imp.__aeabi_unwind_cpp_pr0;
0x0001450e blx 0x4efc | r0 = ext2fs_xattrs_open ();
0x00014512 cbz r0, 0x1452c |
| while (1) {
| label_0:
0x00014514 ldr r2, [pc, 0x60] |
0x00014516 ldr r3, [pc, 0x54] | r3 = *(0x1456e);
0x00014518 add r2, pc | r2 = 0x28a94;
0x0001451a ldr r3, [r2, r3] | r3 = imp.__aeabi_unwind_cpp_pr0;
0x0001451c ldr r2, [r3] | r2 = imp.__aeabi_unwind_cpp_pr0;
0x0001451e ldr r3, [sp, 0xc] | r3 = var_ch;
0x00014520 eors r2, r3 | r2 ^= r3;
0x00014522 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00014526 bne 0x14564 | goto label_2;
| }
0x00014528 add sp, 0x14 |
0x0001452a pop {r4, r5, pc} |
0x0001452c ldr r0, [sp, 4] | r0 = var_4h;
0x0001452e blx 0x4e9c | r0 = ext2fs_xattrs_read ();
| if (r0 == 0) {
0x00014532 cbnz r0, 0x1455c |
0x00014534 ldr r0, [sp, 4] | r0 = var_4h;
0x00014536 add r1, sp, 8 | r1 += var_8h;
0x00014538 blx 0x5360 | r0 = fcn_00005360 ();
| if (r0 != 0) {
0x0001453c cbnz r0, 0x1455c | goto label_3;
| }
0x0001453e ldr r3, [sp, 8] | r3 = var_8h;
| if (r3 == 0) {
0x00014540 cbz r3, 0x1455c | goto label_3;
| }
0x00014542 ldr r0, [pc, 0x38] |
0x00014544 movs r1, 1 | r1 = 1;
0x00014546 movs r2, 0x15 | r2 = 0x15;
0x00014548 mov r3, r4 | r3 = r4;
0x0001454a add r0, pc | r0 = 0x28acc;
0x0001454c blx 0x54f0 | uuid_clear ();
0x00014550 ldr r1, [pc, 0x2c] |
0x00014552 mov r2, r4 | r2 = r4;
0x00014554 ldr r0, [sp, 4] | r0 = var_4h;
0x00014556 add r1, pc | r1 = 0x28ada;
0x00014558 blx 0x4e78 | ext2fs_xattrs_iterate ();
| }
| label_3:
0x0001455c mov r0, r5 | r0 = r5;
0x0001455e blx 0x51b8 | fcn_000051b8 ();
0x00014562 b 0x14514 |
| }
| label_2:
0x00014564 blx 0x55b8 | fcn_000055b8 ();
0x00014568 asrs r4, r5, 0x1a | r4 = r5 >> 0x1a;
0x0001456a movs r1, r0 | r1 = r0;
0x0001456c lsls r0, r5, 0x10 | r0 = r5 << 0x10;
0x0001456e movs r0, r0 |
0x00014570 asrs r2, r3, 0x1a | r2 = r3 >> 0x1a;
0x00014572 movs r1, r0 | r1 = r0;
0x00014574 lsls r0, r1, 0x10 | r0 = r1 << 0x10;
0x00014576 movs r0, r0 |
0x00014578 asrs r0, r0, 0x1a | r0 >>= 0x1a;
0x0001457a movs r1, r0 | r1 = r0;
| if (r1 <= r0) {
0x0001457c blo 0x14514 | goto label_0;
| }
0x0001457e movs r0, r0 |
0x00014580 ldc2l p15, c15, [fp], 0x3fc | __asm ("ldc2l p15, c15, [fp], 0x3fc");
0x00014584 push {r4, r5, r6, lr} |
0x00014586 cmp r0, 2 |
0x00014588 ldr r5, [pc, 0x3c] |
0x0001458a ldr r3, [r1] | r3 = *(r1);
0x0001458c add r5, pc | r5 = 0x28b58;
| if (r0 != 2) {
0x0001458e beq 0x145a0 |
0x00014590 ldr r1, [pc, 0x38] |
0x00014592 mov r2, r3 | r2 = r3;
0x00014594 pop.w {r4, r5, r6, lr} |
0x00014598 movs r0, 1 | r0 = 1;
0x0001459a add r1, pc | r1 = 0x28b6a;
0x0001459c b.w 0x5004 | void (*0x5004)() ();
| }
0x000145a0 mov r0, r3 | r0 = r3;
0x000145a2 mov r4, r1 | r4 = r1;
0x000145a4 bl 0xa6e0 | r0 = fcn_0000a6e0 ();
0x000145a8 cbz r0, 0x145ac |
| while (r0 == 0) {
0x000145aa pop {r4, r5, r6, pc} |
0x000145ac ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x000145ae bl 0xa604 | r0 = fcn_0000a604 (r0);
0x000145b2 cmp r0, 0 |
0x000145b4 beq 0x145aa |
| }
0x000145b6 ldr r3, [pc, 0x18] | r3 = *(0x145d2);
0x000145b8 mov r1, r0 | r1 = r0;
0x000145ba ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x000145bc pop.w {r4, r5, r6, lr} |
0x000145c0 ldr r0, [r3] | r0 = *(0x145d2);
0x000145c2 b.w 0x144e4 | goto label_1;
| }
[*] Function printf used 1 times debugfs
