[*] Binary protection state of e2mmpstatus
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of e2mmpstatus
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/sbin/e2mmpstatus @ 0x2b9c */
| #include <stdint.h>
|
; (fcn) fcn.00002b9c () | void fcn_00002b9c (int16_t arg1, int16_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00002b9c ldr.w ip, [pc, 0x30] |
0x00002ba0 mov r3, r1 | r3 = r1;
0x00002ba2 mov r2, r0 | r2 = r0;
0x00002ba4 add ip, pc | ip = 0x5778;
0x00002ba6 ldr.w r1, [ip] | r1 = *(0x5778);
| if (r1 != 0) {
0x00002baa cbz r1, 0x2bc6 |
0x00002bac ldr.w r1, [ip, 4] | r1 = *((ip + 4));
| if (r1 != 0) {
0x00002bb0 cbz r1, 0x2bbc |
0x00002bb2 ldr r1, [pc, 0x20] |
0x00002bb4 movs r0, 1 | r0 = 1;
0x00002bb6 add r1, pc | r1 = 0x5790;
0x00002bb8 b.w 0x13c4 | void (*0x13c4)() ();
| }
0x00002bbc ldr r1, [pc, 0x18] |
0x00002bbe movs r0, 1 | r0 = 1;
0x00002bc0 add r1, pc | r1 = 0x579c;
0x00002bc2 b.w 0x13c4 | void (*0x13c4)() ();
| }
0x00002bc6 ldr r1, [pc, 0x14] |
0x00002bc8 movs r0, 1 | r0 = 1;
0x00002bca add r1, pc | r1 = 0x57ac;
0x00002bcc b.w 0x13c4 | return void (*0x13c4)() ();
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/sbin/e2mmpstatus @ 0x2d5c */
| #include <stdint.h>
|
; (fcn) fcn.00002d5c () | void fcn_00002d5c (int16_t arg_18h, int16_t arg_20h, int16_t arg_24h, int16_t arg_28h, int16_t arg_2ch, int16_t arg1, uint32_t arg3, uint32_t arg4) {
| r0 = arg1;
| r2 = arg3;
| r3 = arg4;
0x00002d5c push.w {r4, r5, r6, r7, r8, lr} |
0x00002d60 mov r4, r2 | r4 = r2;
0x00002d62 ldr r7, [sp, 0x20] | r7 = *(arg_20h);
0x00002d64 ldr.w lr, [sp, 0x24] |
0x00002d68 ldr r6, [sp, 0x28] | r6 = *(arg_28h);
0x00002d6a cmp r2, r7 |
0x00002d6c sbcs.w r5, r3, lr | __asm ("sbcs.w r5, r3, lr");
0x00002d70 ite hs |
| if (r2 < r7) {
0x00002d72 movhs r5, 1 | r5 = 1;
| }
| if (r2 >= r7) {
0x00002d74 movlo r5, 0 | r5 = 0;
| }
0x00002d76 cmp r6, r2 |
0x00002d78 ldr r6, [sp, 0x2c] | r6 = *(arg_2ch);
0x00002d7a and r5, r5, 1 | r5 &= 1;
0x00002d7e sbcs.w ip, r6, r3 | __asm ("sbcs.w ip, r6, r3");
0x00002d82 ldr.w ip, [sp, 0x18] | ip = *(arg_18h);
0x00002d86 it lo |
| if (r6 >= r2) {
0x00002d88 movlo r5, 0 | r5 = 0;
| }
| if (r5 == 0) {
0x00002d8a cbz r5, 0x2da0 | goto label_0;
| }
0x00002d8c cmp r3, lr |
0x00002d8e it eq |
| if (r3 == lr) {
0x00002d90 cmpeq r2, r7 | __asm ("cmpeq r2, r7");
| }
0x00002d92 and r3, ip, 1 | r3 = ip & 1;
0x00002d96 it ne |
| if (r3 == lr) {
0x00002d98 movne r3, 0 | r3 = 0;
| }
| if (r3 == 0) {
0x00002d9a cbz r3, 0x2dca | goto label_1;
| }
| do {
0x00002d9c pop.w {r4, r5, r6, r7, r8, pc} |
| label_0:
0x00002da0 ldr r1, [r0, 0x10] | r1 = *(arg_18hx10);
0x00002da2 mov r8, r0 | r8 = r0;
0x00002da4 ldr r1, [r1, 0x60] | r1 = *((r1 + 0x60));
0x00002da6 lsls r1, r1, 0x16 | r1 <<= 0x16;
0x00002da8 bpl 0x2d9c |
| } while (r1 >= r1);
0x00002daa blx 0x1534 | r0 = fcn_00001534 ();
0x00002dae mov r5, r0 | r5 = r0;
0x00002db0 mov r0, r8 | r0 = r8;
0x00002db2 mov r1, r5 | r1 = r5;
0x00002db4 blx 0x1690 | fcn_00001690 ();
0x00002db8 ldr r1, [pc, 0x20] |
0x00002dba subs r3, r4, r0 | r3 = r4 - r0;
0x00002dbc mov r2, r5 | r2 = r5;
0x00002dbe movs r0, 1 | r0 = 1;
0x00002dc0 pop.w {r4, r5, r6, r7, r8, lr} |
0x00002dc4 add r1, pc | r1 = 0x5ba4;
0x00002dc6 b.w 0x13c4 | void (*0x13c4)() ();
| label_1:
0x00002dca ldr r1, [pc, 0x14] |
0x00002dcc subs r2, r2, r7 | r2 -= r7;
0x00002dce movs r0, 1 | r0 = 1;
0x00002dd0 pop.w {r4, r5, r6, r7, r8, lr} |
0x00002dd4 add r1, pc | r1 = 0x5bba;
0x00002dd6 b.w 0x13c4 | return void (*0x13c4)() ();
| }
[*] Function printf used 1 times e2mmpstatus
