[*] Binary protection state of jitterentropy_rng.ko
No RELRO No Canary found NX disabled REL No RPATH No RUNPATH Symbols
[*] Function strcpy tear down of jitterentropy_rng.ko
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis9/kernel/crypto/jitterentropy_rng.ko @ 0x8000c64 */
| #include <stdint.h>
|
; (fcn) sym.jent_entropy_init () | void jent_entropy_init () {
| int32_t var_0h;
| int32_t var_0h_2;
| int32_t var_8h;
| int32_t var_10h;
| int32_t var_10h_2;
| int32_t var_18h;
| int32_t var_18h_2;
| int32_t var_20h;
| int32_t var_30h;
| int32_t var_30h_2;
| int32_t var_48h;
| int32_t var_78h;
| int32_t var_7ch;
| int32_t var_80h;
| int32_t var_80h_2;
| int32_t var_88h;
| int32_t var_8ch;
| int32_t var_90h;
| int32_t var_94h;
| int32_t var_98h;
| int32_t var_98h_2;
| int32_t var_a0h;
| int32_t var_a0h_2;
| int32_t var_ach;
| int32_t var_b4h;
0x08000c64 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x08000c68 sub sp, sp, 0xb4 |
0x08000c6c mov r2, 0 | r2 = 0;
0x08000c70 mov r3, 0 | r3 = 0;
0x08000c74 strd r2, r3, [sp, 0xa0] | __asm ("strd r2, r3, [var_a0h]");
0x08000c78 mov r2, 0 | r2 = 0;
0x08000c7c mov r3, 0 | r3 = 0;
0x08000c80 strd r2, r3, [sp, 0x98] | __asm ("strd r2, r3, [var_98h]");
0x08000c84 mov r3, 0 | r3 = 0;
0x08000c88 str r3, [sp, 0x94] | var_94h = r3;
0x08000c8c mov r3, 0 | r3 = 0;
0x08000c90 str r3, [sp, 0x90] | var_90h = r3;
0x08000c94 mov r3, 0 | r3 = 0;
0x08000c98 str r3, [sp, 0x8c] | var_8ch = r3;
0x08000c9c mov r3, 0 | r3 = 0;
0x08000ca0 str r3, [sp, 0x88] | var_88h = r3;
0x08000ca4 add r3, sp, 0x20 | r3 += var_20h;
0x08000ca8 mov r2, 0x58 | r2 = 0x58;
0x08000cac mov r1, 0 | r1 = 0;
0x08000cb0 mov r0, r3 | r0 = r3;
0x08000cb4 stmdaeq r0, {r0, r1, r2, r3, r4, r8, sb, sl, sp} | __asm ("stmdaeq r0, {r0, r1, r2, r3, r4, r8, sb, sl, sp}");
0x08000cb8 mov r3, 1 | r3 = 1;
0x08000cbc str r3, [sp, 0x48] | var_48h = r3;
0x08000cc0 mov r3, 0 | r3 = 0;
0x08000cc4 str r3, [sp, 0xac] | var_ach = r3;
0x08000cc8 b 0x8000f10 |
| while (r3 <= r2) {
0x08000ccc mov r2, 0 | r2 = 0;
0x08000cd0 mov r3, 0 | r3 = 0;
0x08000cd4 strd r2, r3, [sp, 0x18] | __asm ("strd r2, r3, [var_18h]");
0x08000cd8 mov r2, 0 | r2 = 0;
0x08000cdc mov r3, 0 | r3 = 0;
0x08000ce0 strd r2, r3, [sp, 0x10] | __asm ("strd r2, r3, [var_10h]");
0x08000ce4 mov r2, 0 | r2 = 0;
0x08000ce8 mov r3, 0 | r3 = 0;
0x08000cec strd r2, r3, [sp, 0x80] | __asm ("strd r2, r3, [var_80h]");
0x08000cf0 mov r3, 0 | r3 = 0;
0x08000cf4 str r3, [sp, 0x7c] | var_7ch = r3;
0x08000cf8 add r3, sp, 0x18 | r3 += var_18h;
0x08000cfc mov r0, r3 | r0 = r3;
0x08000d00 stmdaeq r0, {r2, r4, r5, r8, ip} | __asm ("stmdaeq r0, {r2, r4, r5, r8, ip}");
0x08000d04 ldrd r2, r3, [sp, 0x18] | __asm ("ldrd r2, r3, [var_18h]");
0x08000d08 strd r2, r3, [sp, 0x30] | __asm ("strd r2, r3, [var_30h]");
0x08000d0c ldrd r2, r3, [sp, 0x18] | __asm ("ldrd r2, r3, [var_18h]");
0x08000d10 add ip, sp, 0x20 |
0x08000d14 mov r1, 0 | r1 = 0;
0x08000d18 str r1, [sp, 8] | var_8h = r1;
0x08000d1c mov r0, 0 | r0 = 0;
0x08000d20 mov r1, 0 | r1 = 0;
0x08000d24 strd r0, r1, [sp] | __asm ("strd r0, r1, [sp]");
0x08000d28 mov r0, ip | r0 = ip;
0x08000d2c bl 0x80004e0 | jent_lfsr_time ();
0x08000d30 add r3, sp, 0x10 | r3 += var_10h;
0x08000d34 mov r0, r3 | r0 = r3;
0x08000d38 stmdaeq r0, {r2, r4, r5, r8, ip} | __asm ("stmdaeq r0, {r2, r4, r5, r8, ip}");
0x08000d3c ldrd r2, r3, [sp, 0x18] | __asm ("ldrd r2, r3, [var_18h]");
0x08000d40 orrs r3, r2, r3 | r3 = r2 | r3;
| if (r3 != r2) {
0x08000d44 beq 0x8000d54 |
0x08000d48 ldrd r2, r3, [sp, 0x10] | __asm ("ldrd r2, r3, [var_10h]");
0x08000d4c orrs r3, r2, r3 | r3 = r2 | r3;
| if (r3 != r2) {
0x08000d50 bne 0x8000d5c | goto label_0;
| }
| }
0x08000d54 mov r3, 1 | r3 = 1;
0x08000d58 b 0x8000f80 | goto label_1;
| label_0:
0x08000d5c ldrd r0, r1, [sp, 0x18] | __asm ("ldrd r0, r1, [var_18h]");
0x08000d60 ldrd r2, r3, [sp, 0x10] | __asm ("ldrd r2, r3, [var_10h]");
0x08000d64 bl 0x8000244 | jent_delta ();
0x08000d68 strd r0, r1, [sp, 0x80] | __asm ("strd r0, r1, [var_80h]");
0x08000d6c ldrd r2, r3, [sp, 0x80] | __asm ("ldrd r2, r3, [var_80h]");
0x08000d70 orrs r3, r2, r3 | r3 = r2 | r3;
| if (r3 == r2) {
0x08000d74 bne 0x8000d80 |
0x08000d78 mov r3, 2 | r3 = 2;
0x08000d7c b 0x8000f80 | goto label_1;
| }
0x08000d80 add r1, sp, 0x20 | r1 += var_20h;
0x08000d84 ldrd r2, r3, [sp, 0x80] | __asm ("ldrd r2, r3, [var_80h]");
0x08000d88 mov r0, r1 | r0 = r1;
0x08000d8c bl 0x8000280 | jent_stuck ();
0x08000d90 str r0, [sp, 0x78] | var_78h = r0;
0x08000d94 ldr r3, [sp, 0xac] | r3 = var_ach;
0x08000d98 cmp r3, 0x63 |
| if (r3 > 0x63) {
0x08000d9c ble 0x8000f00 |
0x08000da0 ldr r3, [sp, 0x78] | r3 = var_78h;
0x08000da4 cmp r3, 0 |
| if (r3 != 0) {
0x08000da8 beq 0x8000dbc |
0x08000dac ldr r3, [sp, 0x88] | r3 = var_88h;
0x08000db0 add r3, r3, 1 | r3++;
0x08000db4 str r3, [sp, 0x88] | var_88h = r3;
0x08000db8 b 0x8000e10 |
| } else {
0x08000dbc ldr r3, [sp, 0x94] | r3 = var_94h;
0x08000dc0 add r3, r3, 1 | r3++;
0x08000dc4 str r3, [sp, 0x94] | var_94h = r3;
0x08000dc8 ldr r3, [sp, 0x94] | r3 = var_94h;
0x08000dcc ubfx r3, r3, 0, 9 | r3 = (r3 >> 0) & ((1 << 9) - 1);
0x08000dd0 cmp r3, 0 |
| if (r3 != 0) {
0x08000dd4 bne 0x8000e10 | goto label_2;
| }
0x08000dd8 ldr r3, [sp, 0x80] | r3 = var_80h;
0x08000ddc and r2, r3, 0xf | r2 = r3 & 0xf;
0x08000de0 add r3, sp, 0x20 | r3 += var_20h;
0x08000de4 mov r1, r2 | r1 = r2;
0x08000de8 mov r0, r3 | r0 = r3;
0x08000dec bl 0x8000070 | jent_apt_reset ();
0x08000df0 add r3, sp, 0x20 | r3 += var_20h;
0x08000df4 mov r0, r3 | r0 = r3;
0x08000df8 bl 0x8000344 | r0 = jent_health_failure ();
0x08000dfc mov r3, r0 | r3 = r0;
0x08000e00 cmp r3, 0 |
| if (r3 == 0) {
0x08000e04 beq 0x8000e10 | goto label_2;
| }
0x08000e08 mov r3, 9 | r3 = 9;
0x08000e0c b 0x8000f80 | goto label_1;
| }
| label_2:
0x08000e10 add r3, sp, 0x20 | r3 += var_20h;
0x08000e14 mov r0, r3 | r0 = r3;
0x08000e18 bl 0x8000214 | r0 = jent_rct_failure ();
0x08000e1c mov r3, r0 | r3 = r0;
0x08000e20 cmp r3, 0 |
| if (r3 != 0) {
0x08000e24 beq 0x8000e30 |
0x08000e28 mov r3, 0xa | r3 = 0xa;
0x08000e2c b 0x8000f80 | goto label_1;
| }
0x08000e30 ldrd r2, r3, [sp, 0x10] | __asm ("ldrd r2, r3, [var_10h]");
0x08000e34 ldrd r0, r1, [sp, 0x18] | __asm ("ldrd r0, r1, [var_18h]");
0x08000e38 cmp r0, r2 |
0x08000e3c sbcs r3, r1, r3 | __asm ("sbcs r3, r1, r3");
| if (r0 > r2) {
0x08000e40 blo 0x8000e50 |
0x08000e44 ldr r3, [sp, 0x90] | r3 = var_90h;
0x08000e48 add r3, r3, 1 | r3++;
0x08000e4c str r3, [sp, 0x90] | var_90h = r3;
| }
0x08000e50 ldrd r2, r3, [sp, 0x10] | __asm ("ldrd r2, r3, [var_10h]");
0x08000e54 mov r1, r2 | r1 = r2;
0x08000e58 ldrd r2, r3, [sp, 0x18] | __asm ("ldrd r2, r3, [var_18h]");
0x08000e5c mov r3, r2 | r3 = r2;
0x08000e60 sub r3, r1, r3 | r3 = r1 - r3;
0x08000e64 str r3, [sp, 0x7c] | var_7ch = r3;
0x08000e68 ldr r2, [sp, 0x7c] | r2 = var_7ch;
0x08000e6c movw r3, 0x851f |
| /* if there is a right shift of 5, then it's a division by 1/100 */
0x08000e70 movt r3, 0x51eb | r3 = 0x51eb851f;
0x08000e74 umull r1, r3, r3, r2 | r1:r3 = r3 * r2;
0x08000e78 lsr r3, r3, 5 | r3 >>= 5;
0x08000e7c mov r1, 0x64 | r1 = 0x64;
0x08000e80 mul r3, r1, r3 | r3 = r1 * r3;
0x08000e84 sub r3, r2, r3 | r3 = r2 - r3;
0x08000e88 cmp r3, 0 |
| if (r3 == 0) {
0x08000e8c bne 0x8000e9c |
0x08000e90 ldr r3, [sp, 0x8c] | r3 = var_8ch;
0x08000e94 add r3, r3, 1 | r3++;
0x08000e98 str r3, [sp, 0x8c] | var_8ch = r3;
| }
0x08000e9c ldrd r2, r3, [sp, 0x80] | __asm ("ldrd r2, r3, [var_80h]");
0x08000ea0 ldrd r0, r1, [sp, 0x98] | __asm ("ldrd r0, r1, [var_98h]");
0x08000ea4 cmp r0, r2 |
0x08000ea8 sbcs r3, r1, r3 | __asm ("sbcs r3, r1, r3");
| if (r0 < r2) {
0x08000eac bhs 0x8000ed4 |
0x08000eb0 ldrd r0, r1, [sp, 0x80] | __asm ("ldrd r0, r1, [var_80h]");
0x08000eb4 ldrd r2, r3, [sp, 0x98] | __asm ("ldrd r2, r3, [var_98h]");
0x08000eb8 subs r4, r0, r2 | r4 = r0 - r2;
0x08000ebc sbc r5, r1, r3 | __asm ("sbc r5, r1, r3");
0x08000ec0 ldrd r2, r3, [sp, 0xa0] | __asm ("ldrd r2, r3, [var_a0h]");
0x08000ec4 adds r8, r2, r4 | r8 = r2 + r4;
0x08000ec8 adc sb, r3, r5 | __asm ("adc sb, r3, r5");
0x08000ecc strd r8, sb, [sp, 0xa0] | __asm ("strd r8, sb, [var_a0h]");
0x08000ed0 b 0x8000ef4 |
| } else {
0x08000ed4 ldrd r0, r1, [sp, 0x98] | __asm ("ldrd r0, r1, [var_98h]");
0x08000ed8 ldrd r2, r3, [sp, 0x80] | __asm ("ldrd r2, r3, [var_80h]");
0x08000edc subs r6, r0, r2 | r6 = r0 - r2;
0x08000ee0 sbc r7, r1, r3 | __asm ("sbc r7, r1, r3");
0x08000ee4 ldrd r2, r3, [sp, 0xa0] | __asm ("ldrd r2, r3, [var_a0h]");
0x08000ee8 adds sl, r2, r6 | sl = r2 + r6;
0x08000eec adc fp, r3, r7 | __asm ("adc fp, r3, r7");
0x08000ef0 strd sl, fp, [sp, 0xa0] | __asm ("strd sl, fp, [var_a0h]");
| }
0x08000ef4 ldrd r2, r3, [sp, 0x80] | __asm ("ldrd r2, r3, [var_80h]");
0x08000ef8 strd r2, r3, [sp, 0x98] | __asm ("strd r2, r3, [var_98h]");
0x08000efc b 0x8000f04 |
| } else {
0x08000f00 nop |
| }
0x08000f04 ldr r3, [sp, 0xac] | r3 = var_ach;
0x08000f08 add r3, r3, 1 | r3++;
0x08000f0c str r3, [sp, 0xac] | var_ach = r3;
0x08000f10 ldr r3, [sp, 0xac] | r3 = var_ach;
0x08000f14 movw r2, 0x463 | r2 = 0x463;
0x08000f18 cmp r3, r2 |
0x08000f1c ble 0x8000ccc |
| }
0x08000f20 ldr r3, [sp, 0x90] | r3 = var_90h;
0x08000f24 cmp r3, 3 |
| if (r3 > 3) {
0x08000f28 ble 0x8000f34 |
0x08000f2c mov r3, 3 | r3 = 3;
0x08000f30 b 0x8000f80 |
| } else {
0x08000f34 ldrd r2, r3, [sp, 0xa0] | __asm ("ldrd r2, r3, [var_a0h]");
0x08000f38 cmp r2, 2 |
0x08000f3c sbcs r3, r3, 0 | __asm ("sbcs r3, r3, 0");
| if (r2 < 2) {
0x08000f40 bhs 0x8000f4c |
0x08000f44 mov r3, 5 | r3 = 5;
0x08000f48 b 0x8000f80 |
| } else {
0x08000f4c ldr r3, [sp, 0x8c] | r3 = var_8ch;
0x08000f50 movw r2, 0x396 | r2 = 0x396;
0x08000f54 cmp r3, r2 |
| if (r3 > r2) {
0x08000f58 ble 0x8000f64 |
0x08000f5c mov r3, 2 | r3 = 2;
0x08000f60 b 0x8000f80 |
| } else {
0x08000f64 ldr r3, [sp, 0x88] | r3 = var_88h;
0x08000f68 movw r2, 0x396 | r2 = 0x396;
0x08000f6c cmp r3, r2 |
| if (r3 > r2) {
0x08000f70 ble 0x8000f7c |
0x08000f74 mov r3, 8 | r3 = 8;
0x08000f78 b 0x8000f80 |
| } else {
0x08000f7c mov r3, 0 | r3 = 0;
| }
| }
| }
| }
| label_1:
0x08000f80 mov r0, r3 | r0 = r3;
0x08000f84 add sp, sp, 0xb4 |
0x08000f88 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/modules/5.10.52-axis9/kernel/crypto/jitterentropy_rng.ko @ 0x8000a1c */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) sym.jent_read_entropy () | void jent_read_entropy (int32_t arg1, int32_t arg2) {
| int32_t var_4h_2;
| int32_t var_4h;
| int32_t var_8h;
| int32_t var_ch;
| int32_t var_14h_2;
| int32_t var_14h;
| int32_t var_18h;
| int32_t var_1ch;
| int32_t var_24h;
| r0 = arg1;
| r1 = arg2;
0x08000a1c str lr, [sp, -4]! |
0x08000a20 sub sp, sp, 0x24 |
0x08000a24 str r0, [sp, 0xc] | var_ch = r0;
0x08000a28 str r1, [sp, 8] | var_8h = r1;
0x08000a2c str r2, [sp, 4] | var_4h = r2;
0x08000a30 ldr r3, [sp, 8] | r3 = var_8h;
0x08000a34 str r3, [sp, 0x1c] | var_1ch = r3;
0x08000a38 ldr r3, [sp, 0xc] | r3 = var_ch;
0x08000a3c cmp r3, 0 |
| if (r3 != 0) {
0x08000a40 bne 0x8000b3c | goto label_0;
| }
0x08000a44 mvn r3, 0 | r3 = ~0;
0x08000a48 b 0x8000b4c | goto label_1;
| do {
0x08000a4c ldr r0, [sp, 0xc] | r0 = var_ch;
0x08000a50 bl 0x80009ac | jent_gen_entropy ();
0x08000a54 ldr r0, [sp, 0xc] | r0 = var_ch;
0x08000a58 bl 0x8000344 | r0 = jent_health_failure ();
0x08000a5c mov r3, r0 | r3 = r0;
0x08000a60 cmp r3, 0 |
| if (r3 != 0) {
0x08000a64 beq 0x8000ae8 |
0x08000a68 ldr r0, [sp, 0xc] | r0 = var_ch;
0x08000a6c bl 0x8000214 | r0 = jent_rct_failure ();
0x08000a70 mov r3, r0 | r3 = r0;
0x08000a74 cmp r3, 0 |
| if (r3 != 0) {
0x08000a78 beq 0x8000a88 |
0x08000a7c mvn r3, 1 | r3 = ~1;
0x08000a80 str r3, [sp, 0x14] | var_14h = r3;
0x08000a84 b 0x8000a90 |
| } else {
0x08000a88 mvn r3, 2 | r3 = ~2;
0x08000a8c str r3, [sp, 0x14] | var_14h = r3;
| }
0x08000a90 stmdaeq r0, {r2, r5, r6, sl, fp} | __asm ("stmdaeq r0, {r2, r5, r6, sl, fp}");
0x08000a94 mov r3, r0 | r3 = r0;
0x08000a98 cmp r3, 0 |
| if (r3 != 0) {
0x08000a9c beq 0x8000aa8 |
0x08000aa0 ldr r3, [sp, 0x14] | r3 = var_14h;
0x08000aa4 b 0x8000b4c | goto label_1;
| }
0x08000aa8 mov r1, 0 | r1 = 0;
0x08000aac ldr r0, [sp, 0xc] | r0 = var_ch;
0x08000ab0 bl 0x8000070 | jent_apt_reset ();
0x08000ab4 ldr r2, [sp, 0xc] | r2 = var_ch;
0x08000ab8 ldrb r3, [r2, 0x50] | r3 = *((r2 + 0x50));
0x08000abc bfc r3, 0, 1 | value_0 = BIT_MASK (1, );
| value_0 = ~value_0;
| r3 &= value_0;
0x08000ac0 strb r3, [r2, 0x50] | *((r2 + 0x50)) = r3;
0x08000ac4 ldr r3, [sp, 0xc] | r3 = var_ch;
0x08000ac8 mov r2, 0 | r2 = 0;
0x08000acc str r2, [r3, 0x40] | *((r3 + 0x40)) = r2;
0x08000ad0 ldr r2, [sp, 0xc] | r2 = var_ch;
0x08000ad4 ldrb r3, [r2, 0x50] | r3 = *((r2 + 0x50));
0x08000ad8 bfc r3, 1, 1 | value_1 = BIT_MASK (1, );
| value_1 = ~value_1;
| r3 &= value_1;
0x08000adc strb r3, [r2, 0x50] | *((r2 + 0x50)) = r3;
0x08000ae0 ldr r3, [sp, 0x14] | r3 = var_14h;
0x08000ae4 b 0x8000b4c | goto label_1;
| }
0x08000ae8 ldr r3, [sp, 4] | r3 = var_4h;
0x08000aec cmp r3, 8 |
| if (r3 >= 8) {
0x08000af0 bls 0x8000b00 |
0x08000af4 mov r3, 8 | r3 = 8;
0x08000af8 str r3, [sp, 0x18] | var_18h = r3;
0x08000afc b 0x8000b08 |
| } else {
0x08000b00 ldr r3, [sp, 4] | r3 = var_4h;
0x08000b04 str r3, [sp, 0x18] | var_18h = r3;
| }
0x08000b08 ldr r3, [sp, 0xc] | r3 = var_ch;
0x08000b0c ldr r2, [sp, 0x18] | r2 = var_18h;
0x08000b10 mov r1, r3 | r1 = r3;
0x08000b14 ldr r0, [sp, 0x1c] | r0 = var_1ch;
0x08000b18 stmdaeq r0, {r4, r5, r8, ip} | __asm ("stmdaeq r0, {r4, r5, r8, ip}");
0x08000b1c ldr r2, [sp, 4] | r2 = var_4h;
0x08000b20 ldr r3, [sp, 0x18] | r3 = var_18h;
0x08000b24 sub r3, r2, r3 | r3 = r2 - r3;
0x08000b28 str r3, [sp, 4] | var_4h = r3;
0x08000b2c ldr r2, [sp, 0x1c] | r2 = var_1ch;
0x08000b30 ldr r3, [sp, 0x18] | r3 = var_18h;
0x08000b34 add r3, r2, r3 | r3 = r2 + r3;
0x08000b38 str r3, [sp, 0x1c] | var_1ch = r3;
| label_0:
0x08000b3c ldr r3, [sp, 4] | r3 = var_4h;
0x08000b40 cmp r3, 0 |
0x08000b44 bne 0x8000a4c |
| } while (r3 != 0);
0x08000b48 mov r3, 0 | r3 = 0;
| label_1:
0x08000b4c mov r0, r3 | r0 = r3;
0x08000b50 add sp, sp, 0x24 |
0x08000b54 pop {pc} |
| }
[*] Function strcpy used 1 times jitterentropy_rng.ko