[*] Binary protection state of drbg.ko
No RELRO No Canary found NX disabled REL No RPATH No RUNPATH Symbols
[*] Function strcat tear down of drbg.ko
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis9/kernel/crypto/drbg.ko @ 0x8000f4c */
| #include <stdint.h>
|
; (fcn) sym.drbg_fill_array () | void drbg_fill_array (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
| /* [05] -r-x section size 356 named .init.text */
0x08000f4c stmdaeq r0, {r2, r6, r7, ip} | __asm ("stmdaeq r0, {r2, r6, r7, ip}");
0x08000f50 stmdaeq r0, {r2, r6, r7, ip} | __asm ("stmdaeq r0, {r2, r6, r7, ip}");
0x08000f54 push {r4, r5, r6, r7, r8, lr} |
0x08000f58 mov r4, r0 | r4 = r0;
0x08000f5c mov r5, r1 | r5 = r1;
0x08000f60 ldm r3, {r0, r1} | r0 = *(r3);
| r1 = *((r3 + 4));
0x08000f64 cmp r2, 0 |
0x08000f68 add r6, r4, 0xe8 | r6 = r4 + 0xe8;
0x08000f6c str r0, [r4, 0x68] | *((r4 + 0x68)) = r0;
0x08000f70 strh r1, [r4, 0x6c] | *((r4 + 0x6c)) = r1;
| if (r2 != 0) {
0x08000f74 beq 0x8000f90 |
0x08000f78 stmdaeq r0, {r2, r3, r6, r7, ip} | __asm ("stmdaeq r0, {r2, r3, r6, r7, ip}");
0x08000f7c stmdaeq r0, {r2, r3, r6, r7, ip} | __asm ("stmdaeq r0, {r2, r3, r6, r7, ip}");
0x08000f80 mov r7, 8 | r7 = 8;
0x08000f84 ldm r3, {r0, r1} | r0 = *(r3);
| r1 = *((r3 + 4));
0x08000f88 stm r6, {r0, r1} | *(r6) = r0;
| *((r6 + 4)) = r1;
0x08000f8c b 0x8000fac |
| } else {
0x08000f90 stmdaeq r0, {r3, r4, r6, r7, ip} | __asm ("stmdaeq r0, {r3, r4, r6, r7, ip}");
0x08000f94 stmdaeq r0, {r3, r4, r6, r7, ip} | __asm ("stmdaeq r0, {r3, r4, r6, r7, ip}");
0x08000f98 mov r3, r6 | r3 = r6;
0x08000f9c mov r7, 0xa | r7 = 0xa;
0x08000fa0 ldm r2, {r0, r1, r2} | r0 = *(r2);
| r1 = *((r2 + 4));
| r2 = *((r2 + 8));
0x08000fa4 stm r3!, {r0, r1} | *(r3!) = r0;
| *((r3! + 4)) = r1;
0x08000fa8 strh r2, [r3] | *(r3) = r2;
| }
0x08000fac add r5, r5, 6 | r5 += 6;
0x08000fb0 mov r0, r5 | r0 = r5;
0x08000fb4 stmdaeq r0, {r1, r2, r3, r4, r5, r6, sb, sl, fp, sp} | __asm ("stmdaeq r0, {r1, r2, r3, r4, r5, r6, sb, sl, fp, sp}");
0x08000fb8 mov r1, r5 | r1 = r5;
0x08000fbc mov r2, r0 | r2 = r0;
0x08000fc0 add r0, r6, r7 | r0 = r6 + r7;
0x08000fc4 stmdaeq r0, {r1, r3, r5, r6, sb, sl, fp, sp} | __asm ("stmdaeq r0, {r1, r3, r5, r6, sb, sl, fp, sp}");
0x08000fc8 stmdaeq r0, {r4, r8, fp, ip} | __asm ("stmdaeq r0, {r4, r8, fp, ip}");
0x08000fcc stmdaeq r0, {r4, r8, fp, ip} | __asm ("stmdaeq r0, {r4, r8, fp, ip}");
0x08000fd0 mov ip, 0xb4 |
0x08000fd4 stmdaeq r0, {r6, r8, fp, ip} | __asm ("stmdaeq r0, {r6, r8, fp, ip}");
0x08000fd8 stmdaeq r0, {r6, r8, fp, ip} | __asm ("stmdaeq r0, {r6, r8, fp, ip}");
0x08000fdc stmdaeq r0, {r4, r5, r8, sl} | __asm ("stmdaeq r0, {r4, r5, r8, sl}");
0x08000fe0 stmdaeq r0, {r4, r5, r8, sl} | __asm ("stmdaeq r0, {r4, r5, r8, sl}");
0x08000fe4 ldr r2, [r3] | r2 = *(r3);
0x08000fe8 str r2, [r4, 0x60] | *((r4 + 0x60)) = r2;
0x08000fec str r1, [r4, 0x18c] | *((r4 + 0x18c)) = r1;
0x08000ff0 add r2, r2, 1 | r2++;
0x08000ff4 stmdaeq r0, {r2, r7, r8, sb} | __asm ("stmdaeq r0, {r2, r7, r8, sb}");
0x08000ff8 stmdaeq r0, {r2, r7, r8, sb} | __asm ("stmdaeq r0, {r2, r7, r8, sb}");
0x08000ffc str r2, [r3] | *(r3) = r2;
0x08001000 stmdaeq r0, {r4, r5, r6, r7, sb, sl} | __asm ("stmdaeq r0, {r4, r5, r6, r7, sb, sl}");
0x08001004 stmdaeq r0, {r4, r5, r6, r7, sb, sl} | __asm ("stmdaeq r0, {r4, r5, r6, r7, sb, sl}");
0x08001008 stmdaeq r0, {r2, r3, r4, r8, sb, fp} | __asm ("stmdaeq r0, {r2, r3, r4, r8, sb, fp}");
0x0800100c stmdaeq r0, {r2, r3, r4, r8, sb, fp} | __asm ("stmdaeq r0, {r2, r3, r4, r8, sb, fp}");
0x08001010 str r0, [r4, 0x180] | *((r4 + 0x180)) = r0;
0x08001014 str r3, [r4, 0x184] | *((r4 + 0x184)) = r3;
0x08001018 mov r0, 0 | r0 = 0;
0x0800101c stmdaeq r0, {r4, r5, r6} | __asm ("stmdaeq r0, {r4, r5, r6}");
0x08001020 stmdaeq r0, {r4, r5, r6} | __asm ("stmdaeq r0, {r4, r5, r6}");
0x08001024 str ip, [r4, 0x58] | *((r4 + 0x58)) = ip;
0x08001028 stm r4, {r1, r2, r3} | *(r4) = r1;
| *((r4 + 4)) = r2;
| *((r4 + 8)) = r3;
0x0800102c str r0, [r4, 0xc] | *((r4 + 0xc)) = r0;
0x08001030 pop {r4, r5, r6, r7, r8, pc} |
| }
[*] Function strcat used 1 times drbg.ko