[*] Binary protection state of libwpa_client.so
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of libwpa_client.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x4c4c */
| #include <stdint.h>
|
; (fcn) sym.hostapd_logger_register_cb () | uint32_t hostapd_logger_register_cb (int16_t arg1) {
| r0 = arg1;
0x00004c4c ldrbtmi r4, [fp], -0xb01 | __asm ("ldrbtmi r4, [fp], -aav.0x0000244a");
0x00004c50 str r0, [r3, 8] | *((r3 + 8)) = r0;
0x00004c52 bx lr | return r0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x4c58 */
| #include <stdint.h>
|
; (fcn) sym.hostapd_logger () | void hostapd_logger (int16_t arg_48h, int16_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_8h;
| int32_t var_ch;
| int32_t var_ch_2;
| int16_t var_18h;
| int16_t var_1ch;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x00004c58 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00004c5c mov sb, r2 | sb = r2;
0x00004c5e ldr r2, [pc, 0xcc] |
0x00004c60 mov sl, r3 | sl = r3;
0x00004c62 sub sp, 0x24 |
0x00004c64 mov r7, r1 | r7 = r1;
0x00004c66 ldr r3, [pc, 0xc8] | r3 = *(0x4d32);
0x00004c68 add r4, sp, 0x48 | r4 += arg_48h;
0x00004c6a add r2, pc | r2 = 0x999c;
0x00004c6c ldr fp, [r4], 4 | fp = *(r4);
| r4 += 4;
0x00004c70 movs r1, 0 | r1 = 0;
0x00004c72 mov r8, r0 | r8 = r0;
0x00004c74 ldr r3, [r2, r3] |
0x00004c76 mov r0, r1 | r0 = r1;
0x00004c78 movs r2, 1 | r2 = 1;
0x00004c7a ldr r3, [r3] | r3 = *(0x999c);
0x00004c7c str r3, [sp, 0x1c] | var_1ch = r3;
0x00004c7e mov.w r3, 0 | r3 = 0;
0x00004c82 mov.w r3, -1 | r3 = -1;
0x00004c86 strd fp, r4, [sp] | __asm ("strd fp, r4, [sp]");
0x00004c8a str r4, [sp, 0x18] | var_18h = r4;
0x00004c8c blx 0x2144 | r0 = fcn_00002144 ();
0x00004c90 adds r5, r0, 1 | r5 = r0 + 1;
0x00004c92 mov r0, r5 | r0 = r5;
0x00004c94 blx 0x2264 | r0 = fcn_00002264 ();
0x00004c98 cmp r0, 0 |
| if (r0 == 0) {
0x00004c9a beq 0x4d1e | goto label_1;
| }
0x00004c9c mov.w r3, -1 | r3 = -1;
0x00004ca0 strd fp, r4, [sp] | __asm ("strd fp, r4, [sp]");
0x00004ca4 movs r2, 1 | r2 = 1;
0x00004ca6 mov r1, r5 | r1 = r5;
0x00004ca8 str r4, [sp, 0x18] | var_18h = r4;
0x00004caa mov r6, r0 | r6 = r0;
0x00004cac blx 0x2144 | fcn_00002144 ();
0x00004cb0 ldr r3, [pc, 0x80] |
0x00004cb2 add r3, pc | r3 = 0x99ea;
0x00004cb4 ldr r4, [r3, 8] | r4 = *(0x99f2);
| if (r4 == 0) {
0x00004cb6 cbz r4, 0x4ce8 | goto label_2;
| }
0x00004cb8 str r0, [sp, 4] | var_4h = r0;
0x00004cba mov r3, sl | r3 = sl;
0x00004cbc mov r2, sb | r2 = sb;
0x00004cbe mov r1, r7 | r1 = r7;
0x00004cc0 mov r0, r8 | r0 = r8;
0x00004cc2 str r6, [sp] | *(sp) = r6;
0x00004cc4 blx r4 | uint32_t (*r4)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
| do {
0x00004cc6 mov r1, r5 | r1 = r5;
0x00004cc8 mov r0, r6 | r0 = r6;
0x00004cca blx 0x22c0 | fcn_000022c0 ();
| label_0:
0x00004cce ldr r2, [pc, 0x68] |
0x00004cd0 ldr r3, [pc, 0x5c] | r3 = *(0x4d30);
0x00004cd2 add r2, pc | r2 = 0x9a10;
0x00004cd4 ldr r3, [r2, r3] | r3 = *(0x9a10);
0x00004cd6 ldr r2, [r3] | r2 = *(0x9a10);
0x00004cd8 ldr r3, [sp, 0x1c] | r3 = var_1ch;
0x00004cda eors r2, r3 | r2 ^= r3;
0x00004cdc mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00004ce0 bne 0x4d1a | goto label_3;
| }
0x00004ce2 add sp, 0x24 |
0x00004ce4 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| if (r7 == 0) {
| label_2:
0x00004ce8 cbz r7, 0x4d0c | goto label_4;
| }
0x00004cea ldrb r2, [r7, 5] | r2 = *((r7 + 5));
0x00004cec movs r0, 2 | r0 = 2;
0x00004cee ldrb r3, [r7, 4] | r3 = *((r7 + 4));
0x00004cf0 ldr r1, [pc, 0x48] |
0x00004cf2 strd r2, r6, [sp, 0xc] | __asm ("strd r2, r6, [var_ch]");
0x00004cf6 str r3, [sp, 8] | var_8h = r3;
0x00004cf8 ldrb r2, [r7, 3] | r2 = *((r7 + 3));
0x00004cfa add r1, pc | r1 = 0x9a3a;
0x00004cfc ldrb r3, [r7, 2] | r3 = *((r7 + 2));
0x00004cfe strd r3, r2, [sp] | __asm ("strd r3, r2, [sp]");
0x00004d02 ldrb r3, [r7, 1] | r3 = *((r7 + 1));
0x00004d04 ldrb r2, [r7] | r2 = *(r7);
0x00004d06 blx 0x2274 | vfprintf_chk ()
0x00004d0a b 0x4cc6 |
| } while (1);
| label_4:
0x00004d0c ldr r1, [pc, 0x30] |
0x00004d0e mov r2, r6 | r2 = r6;
0x00004d10 movs r0, 2 | r0 = 2;
0x00004d12 add r1, pc | r1 = 0x9a56;
0x00004d14 blx 0x2274 | vfprintf_chk ()
0x00004d16 invalid |
| label_3:
0x00004d1a blx 0x21a0 | fcn_000021a0 ();
| label_1:
0x00004d1e ldr r1, [pc, 0x24] |
0x00004d20 movs r0, 5 | r0 = 5;
0x00004d22 add r1, pc | r1 = 0x9a6c;
0x00004d24 blx 0x2274 | vfprintf_chk ()
0x00004d28 b 0x4cce | goto label_0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x473c */
| #include <stdint.h>
|
; (fcn) sym.wpa_msg_register_cb () | uint32_t wpa_msg_register_cb (int16_t arg1) {
| r0 = arg1;
0x0000473c ldr r3, [pc, 4] |
0x0000473e add r3, pc | r3 = 0x8e86;
0x00004740 str r0, [r3] | *(r3) = r0;
0x00004742 bx lr | return r0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x4748 */
| #include <stdint.h>
|
; (fcn) sym.wpa_msg_register_ifname_cb () | uint32_t wpa_msg_register_ifname_cb (int16_t arg1) {
| r0 = arg1;
0x00004748 ldr r3, [pc, 4] |
0x0000474a add r3, pc | r3 = 0x8e9e;
0x0000474c str r0, [r3, 4] | *((r3 + 4)) = r0;
0x0000474e bx lr | return r0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x4754 */
| #include <stdint.h>
|
; (fcn) sym.wpa_msg () | void wpa_msg (int16_t arg1, int16_t arg2) {
| int16_t var_ch_2;
| int16_t var_30h;
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_94h;
| int16_t var_b8h;
| int16_t var_4h_2;
| r0 = arg1;
| r1 = arg2;
0x00004754 push {r2, r3} |
0x00004756 mov.w r3, -1 | r3 = -1;
0x0000475a push.w {r4, r5, r6, r7, r8, sb, sl, lr} |
0x0000475e mov r7, r1 | r7 = r1;
0x00004760 sub sp, 0x98 |
0x00004762 mov r8, r0 | r8 = r0;
0x00004764 add r5, sp, 0xb8 | r5 += var_b8h;
0x00004766 ldr r1, [pc, 0xe4] |
0x00004768 ldr r2, [pc, 0xe4] | r2 = *(0x4850);
0x0000476a ldr sb, [r5], 4 | sb = *(r5);
| r5 += 4;
0x0000476e add r1, pc | r1 = 0x8fc0;
0x00004770 ldr r2, [r1, r2] |
0x00004772 movs r1, 0 | r1 = 0;
0x00004774 mov r0, r1 | r0 = r1;
0x00004776 ldr r2, [r2] | r2 = *(0x8fc0);
0x00004778 str r2, [sp, 0x94] | var_94h = r2;
0x0000477a mov.w r2, 0 | r2 = 0;
0x0000477e movs r2, 1 | r2 = 1;
0x00004780 strd sb, r5, [sp] | __asm ("strd sb, r5, [sp]");
0x00004784 str r5, [sp, 0xc] | var_ch = r5;
0x00004786 blx 0x2144 | r0 = fcn_00002144 ();
0x0000478a adds r6, r0, 1 | r6 = r0 + 1;
0x0000478c mov r0, r6 | r0 = r6;
0x0000478e blx 0x2264 | r0 = fcn_00002264 ();
0x00004792 cmp r0, 0 |
| if (r0 == 0) {
0x00004794 beq 0x483a | goto label_0;
| }
0x00004796 ldr r3, [pc, 0xbc] |
0x00004798 mov r4, r0 | r4 = r0;
0x0000479a str r5, [sp, 0xc] | var_ch = r5;
0x0000479c movs r5, 0 | r5 = 0;
0x0000479e strb.w r5, [sp, 0x10] | var_10h = r5;
0x000047a2 add r3, pc |
0x000047a4 ldr r3, [r3, 4] | r3 = *(0x9000);
| if (r3 != 0) {
0x000047a6 cbz r3, 0x47d0 |
0x000047a8 mov r0, r8 | r0 = r8;
0x000047aa blx r3 | r0 = uint32_t (*r3)(uint32_t) (r0);
| if (r0 != 0) {
0x000047ac cbz r0, 0x47d0 |
0x000047ae ldr r3, [pc, 0xa8] |
0x000047b0 add.w sl, sp, 0x10 | sl += var_10h;
0x000047b4 str r0, [sp, 4] | var_4h = r0;
0x000047b6 movs r2, 1 | r2 = 1;
0x000047b8 mov r0, sl | r0 = sl;
0x000047ba add r3, pc | r3 = 0x9018;
0x000047bc str r3, [sp] | *(sp) = r3;
0x000047be movs r3, 0x82 | r3 = 0x82;
0x000047c0 mov r1, r3 | r1 = r3;
0x000047c2 blx 0x2508 | r0 = fcn_00002508 ();
0x000047c6 cmp r0, 0x81 |
0x000047c8 it hi |
| if (r0 <= 0x81) {
0x000047ca strbhi r5, [sp, 0x10] | var_10h = r5;
| }
0x000047ce b 0x47d4 |
| }
| } else {
0x000047d0 add.w sl, sp, 0x10 | sl += var_10h;
| }
0x000047d4 ldr r3, [sp, 0xc] | r3 = var_ch;
0x000047d6 movs r2, 1 | r2 = 1;
0x000047d8 mov r1, r6 | r1 = r6;
0x000047da str.w sb, [sp] | __asm ("str.w sb, [sp]");
0x000047de mov r0, r4 | r0 = r4;
0x000047e0 str r3, [sp, 4] | var_4h = r3;
0x000047e2 mov.w r3, -1 | r3 = -1;
0x000047e6 blx 0x2144 | fcn_00002144 ();
0x000047ea ldr r1, [pc, 0x70] |
0x000047ec mov r3, r4 | r3 = r4;
0x000047ee mov r2, sl | r2 = sl;
0x000047f0 mov r5, r0 | r5 = r0;
0x000047f2 mov r0, r7 | r0 = r7;
0x000047f4 add r1, pc | r1 = 0x9056;
0x000047f6 blx 0x2274 | vfprintf_chk ()
0x000047fa ldr r3, [pc, 0x64] |
0x000047fc add r3, pc | r3 = 0x9062;
0x000047fe ldr.w sb, [r3] | sb = *(0x9062);
0x00004802 cmp.w sb, 0 |
| if (sb != 0) {
0x00004806 beq 0x4814 |
0x00004808 mov r1, r7 | r1 = r7;
0x0000480a mov r0, r8 | r0 = r8;
0x0000480c mov r3, r4 | r3 = r4;
0x0000480e movs r2, 0 | r2 = 0;
0x00004810 str r5, [sp] | *(sp) = r5;
0x00004812 blx sb | sb (r0, r1, r2, r3);
| }
0x00004814 mov r1, r6 | r1 = r6;
0x00004816 mov r0, r4 | r0 = r4;
0x00004818 blx 0x22c0 | fcn_000022c0 ();
| do {
0x0000481c ldr r2, [pc, 0x44] |
0x0000481e ldr r3, [pc, 0x30] | r3 = *(0x4852);
0x00004820 add r2, pc | r2 = 0x9088;
0x00004822 ldr r3, [r2, r3] | r3 = *(0x9088);
0x00004824 ldr r2, [r3] | r2 = *(0x9088);
0x00004826 ldr r3, [sp, 0x94] | r3 = var_94h;
0x00004828 eors r2, r3 | r2 ^= r3;
0x0000482a mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x0000482e bne 0x4846 | goto label_1;
| }
0x00004830 add sp, 0x98 |
0x00004832 pop.w {r4, r5, r6, r7, r8, sb, sl, lr} |
0x00004836 add sp, 8 |
0x00004838 bx lr | return;
| label_0:
0x0000483a ldr r1, [pc, 0x2c] |
0x0000483c movs r0, 5 | r0 = 5;
0x0000483e add r1, pc | r1 = 0x90ac;
0x00004840 blx 0x2274 | vfprintf_chk ()
0x00004844 b 0x481c |
| } while (1);
| label_1:
0x00004846 blx 0x21a0 | fcn_000021a0 ();
0x0000484a nop |
0x0000484c movs r6, 0xf6 | r6 = 0xf6;
0x0000484e movs r0, r0 |
0x00004850 lsls r0, r0, 6 | r0 <<= 6;
0x00004852 movs r0, r0 |
0x00004854 cmp r0, 0xf6 |
0x00004856 movs r0, r0 |
0x00004858 lsrs r6, r0, 6 | r6 = r0 >> 6;
0x0000485a movs r0, r0 |
0x0000485c lsrs r4, r2, 5 | r4 = r2 >> 5;
0x0000485e movs r0, r0 |
0x00004860 cmp r0, 0x9c |
0x00004862 movs r0, r0 |
0x00004864 movs r6, 0x44 | r6 = 0x44;
0x00004866 movs r0, r0 |
0x00004868 lsrs r6, r2, 3 | r6 = r2 >> 3;
0x0000486a movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x486c */
| #include <stdint.h>
|
; (fcn) sym.wpa_msg_ctrl () | void wpa_msg_ctrl (int16_t arg1, int16_t arg2) {
| int16_t var_0h;
| int32_t var_0h_2;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_30h;
| int16_t var_34h;
| r0 = arg1;
| r1 = arg2;
0x0000486c push {r2, r3, sl, ip, sp, pc} |
0x00004870 blx lr | lr ();
0x00004872 mov sl, r1 | sl = r1;
0x00004874 sub sp, 0x10 |
0x00004876 ldr.w r8, [pc, 0x9c] |
0x0000487a ldr r1, [pc, 0x9c] |
0x0000487c ldr r2, [pc, 0x9c] | r2 = *(0x491c);
0x0000487e add r8, pc | r8 = 0x9198;
0x00004880 ldr.w sb, [sp, 0x30] | sb = var_30h;
0x00004884 add r1, pc | r1 = 0x91a2;
0x00004886 ldr.w r3, [r8] | r3 = *(0x9198);
0x0000488a ldr r2, [r1, r2] |
0x0000488c ldr r2, [r2] | r2 = *(0x91a2);
0x0000488e str r2, [sp, 0xc] | var_ch = r2;
0x00004890 mov.w r2, 0 | r2 = 0;
| if (r3 == 0) {
0x00004894 cbz r3, 0x48e4 | goto label_0;
| }
0x00004896 movs r1, 0 | r1 = 0;
0x00004898 add r7, sp, 0x34 | r7 += var_34h;
0x0000489a mov.w r3, -1 | r3 = -1;
0x0000489e movs r2, 1 | r2 = 1;
0x000048a0 mov r6, r0 | r6 = r0;
0x000048a2 strd sb, r7, [sp] | __asm ("strd sb, r7, [sp]");
0x000048a6 mov r0, r1 | r0 = r1;
0x000048a8 str r7, [sp, 8] | var_8h = r7;
0x000048aa blx 0x2144 | r0 = fcn_00002144 ();
0x000048ae adds r5, r0, 1 | r5 = r0 + 1;
0x000048b0 mov r0, r5 | r0 = r5;
0x000048b2 blx 0x2264 | r0 = fcn_00002264 ();
0x000048b6 mov r4, r0 | r4 = r0;
| if (r0 == 0) {
0x000048b8 cbz r0, 0x4906 | goto label_1;
| }
0x000048ba mov.w r3, -1 | r3 = -1;
0x000048be movs r2, 1 | r2 = 1;
0x000048c0 mov r1, r5 | r1 = r5;
0x000048c2 strd sb, r7, [sp] | __asm ("strd sb, r7, [sp]");
0x000048c6 str r7, [sp, 8] | var_8h = r7;
0x000048c8 blx 0x2144 | fcn_00002144 ();
0x000048cc mov r1, sl | r1 = sl;
0x000048ce str r0, [sp] | *(sp) = r0;
0x000048d0 mov r3, r4 | r3 = r4;
0x000048d2 mov r0, r6 | r0 = r6;
0x000048d4 ldr.w r7, [r8] | r7 = *(r8);
0x000048d8 movs r2, 0 | r2 = 0;
0x000048da blx r7 | uint32_t (*r7)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x000048dc mov r1, r5 | r1 = r5;
0x000048de mov r0, r4 | r0 = r4;
0x000048e0 blx 0x22c0 | fcn_000022c0 ();
| do {
| label_0:
0x000048e4 ldr r2, [pc, 0x38] |
0x000048e6 ldr r3, [pc, 0x34] | r3 = *(0x491e);
0x000048e8 add r2, pc | r2 = 0x920c;
0x000048ea ldr r3, [r2, r3] | r3 = *(0x920c);
0x000048ec ldr r2, [r3] | r2 = *(0x920c);
0x000048ee ldr r3, [sp, 0xc] | r3 = var_ch;
0x000048f0 eors r2, r3 | r2 ^= r3;
0x000048f2 mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x000048f6 bne 0x4902 |
0x000048f8 add sp, 0x10 |
0x000048fa pop.w {r4, r5, r6, r7, r8, sb, sl, lr} |
0x000048fe add sp, 8 |
0x00004900 bx lr | return;
| }
0x00004902 blx 0x21a0 | fcn_000021a0 ();
| label_1:
0x00004906 ldr r1, [pc, 0x1c] |
0x00004908 movs r0, 5 | r0 = 5;
0x0000490a add r1, pc | r1 = 0x9234;
0x0000490c blx 0x2274 | vfprintf_chk ()
0x00004910 b 0x48e4 |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x4928 */
| #include <stdint.h>
|
; (fcn) sym.wpa_msg_global () | void wpa_msg_global (int16_t arg1, int16_t arg2) {
| int16_t var_ch_2;
| int16_t var_30h_2;
| int16_t var_0h;
| int32_t var_0h_2;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_30h;
| int16_t var_4h;
| r0 = arg1;
| r1 = arg2;
0x00004928 push {r2, r3} |
0x0000492a mov.w r3, -1 | r3 = -1;
0x0000492e push.w {r4, r5, r6, r7, r8, sb, lr} |
0x00004932 mov r7, r1 | r7 = r1;
0x00004934 sub sp, 0x14 |
0x00004936 mov r8, r0 | r8 = r0;
0x00004938 add r4, sp, 0x30 | r4 += var_30h;
0x0000493a ldr r1, [pc, 0xa0] |
0x0000493c ldr r2, [pc, 0xa0] | r2 = *(0x49e0);
0x0000493e ldr sb, [r4], 4 | sb = *(r4);
| r4 += 4;
0x00004940 ldr r3, [sp, 0x10] | r3 = *((sp + 0x10));
0x00004942 add r1, pc | r1 = 0x9324;
0x00004944 ldr r2, [r1, r2] |
0x00004946 movs r1, 0 | r1 = 0;
0x00004948 mov r0, r1 | r0 = r1;
0x0000494a ldr r2, [r2] | r2 = *(0x9324);
0x0000494c str r2, [sp, 0xc] | var_ch = r2;
0x0000494e mov.w r2, 0 | r2 = 0;
0x00004952 movs r2, 1 | r2 = 1;
0x00004954 strd sb, r4, [sp] | __asm ("strd sb, r4, [sp]");
0x00004958 str r4, [sp, 8] | var_8h = r4;
0x0000495a blx 0x2144 | r0 = fcn_00002144 ();
0x0000495e adds r6, r0, 1 | r6 = r0 + 1;
0x00004960 mov r0, r6 | r0 = r6;
0x00004962 blx 0x2264 | r0 = fcn_00002264 ();
| if (r0 == 0) {
0x00004966 cbz r0, 0x49ca | goto label_0;
| }
0x00004968 mov.w r3, -1 | r3 = -1;
0x0000496c strd sb, r4, [sp] | __asm ("strd sb, r4, [sp]");
0x00004970 movs r2, 1 | r2 = 1;
0x00004972 mov r1, r6 | r1 = r6;
0x00004974 mov r5, r0 | r5 = r0;
0x00004976 str r4, [sp, 8] | var_8h = r4;
0x00004978 blx 0x2144 | fcn_00002144 ();
0x0000497c ldr r1, [pc, 0x64] |
0x0000497e mov r4, r0 | r4 = r0;
0x00004980 mov r2, r5 | r2 = r5;
0x00004982 mov r0, r7 | r0 = r7;
0x00004984 add r1, pc | r1 = 0x936c;
0x00004986 blx 0x2274 | vfprintf_chk ()
0x0000498a ldr r3, [pc, 0x5c] |
0x0000498c add r3, pc | r3 = 0x937a;
0x0000498e ldr.w sb, [r3] | sb = *(0x937a);
0x00004992 cmp.w sb, 0 |
| if (sb != 0) {
0x00004996 beq 0x49a4 |
0x00004998 mov r1, r7 | r1 = r7;
0x0000499a mov r0, r8 | r0 = r8;
0x0000499c mov r3, r5 | r3 = r5;
0x0000499e movs r2, 1 | r2 = 1;
0x000049a0 str r4, [sp] | *(sp) = r4;
0x000049a2 blx sb | sb (r0, r1, r2, r3);
| }
0x000049a4 mov r1, r6 | r1 = r6;
0x000049a6 mov r0, r5 | r0 = r5;
0x000049a8 blx 0x22c0 | fcn_000022c0 ();
| do {
0x000049ac ldr r2, [pc, 0x3c] |
0x000049ae ldr r3, [pc, 0x30] | r3 = *(0x49e2);
0x000049b0 add r2, pc | r2 = 0x93a0;
0x000049b2 ldr r3, [r2, r3] | r3 = *(0x93a0);
0x000049b4 ldr r2, [r3] | r2 = *(0x93a0);
0x000049b6 ldr r3, [sp, 0xc] | r3 = var_ch;
0x000049b8 eors r2, r3 | r2 ^= r3;
0x000049ba mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x000049be bne 0x49d6 | goto label_1;
| }
0x000049c0 add sp, 0x14 |
0x000049c2 pop.w {r4, r5, r6, r7, r8, sb, lr} |
0x000049c6 add sp, 8 |
0x000049c8 bx lr | return;
| label_0:
0x000049ca ldr r1, [pc, 0x24] |
0x000049cc movs r0, 5 | r0 = 5;
0x000049ce add r1, pc | r1 = 0x93c4;
0x000049d0 blx 0x2274 | vfprintf_chk ()
0x000049d4 b 0x49ac |
| } while (1);
| label_1:
0x000049d6 blx 0x21a0 | fcn_000021a0 ();
0x000049da nop |
0x000049dc movs r5, 0x22 | r5 = 0x22;
0x000049de movs r0, r0 |
0x000049e0 lsls r0, r0, 6 | r0 <<= 6;
0x000049e2 movs r0, r0 |
0x000049e4 lsrs r0, r6, 4 | r0 = r6 >> 4;
0x000049e6 movs r0, r0 |
0x000049e8 movs r7, 0xc | r7 = 0xc;
0x000049ea movs r0, r0 |
0x000049ec movs r4, 0xb4 | r4 = 0xb4;
0x000049ee movs r0, r0 |
0x000049f0 lsls r2, r6, 0x1e | r2 = r6 << 0x1e;
0x000049f2 movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x49f4 */
| #include <stdint.h>
|
; (fcn) sym.wpa_msg_global_ctrl () | void wpa_msg_global_ctrl (int16_t arg1, int16_t arg2) {
| int16_t var_0h;
| int32_t var_0h_2;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_30h;
| int16_t var_34h;
| r0 = arg1;
| r1 = arg2;
0x000049f4 push {r2, r3, sl, ip, sp, pc} |
0x000049f8 blx lr | lr ();
0x000049fa mov sl, r1 | sl = r1;
0x000049fc sub sp, 0x10 |
0x000049fe ldr.w r8, [pc, 0x9c] |
0x00004a02 ldr r1, [pc, 0x9c] |
0x00004a04 ldr r2, [pc, 0x9c] | r2 = *(0x4aa4);
0x00004a06 add r8, pc | r8 = 0x94a8;
0x00004a08 ldr.w sb, [sp, 0x30] | sb = var_30h;
0x00004a0c add r1, pc | r1 = 0x94b2;
0x00004a0e ldr.w r3, [r8] | r3 = *(0x94a8);
0x00004a12 ldr r2, [r1, r2] |
0x00004a14 ldr r2, [r2] | r2 = *(0x94b2);
0x00004a16 str r2, [sp, 0xc] | var_ch = r2;
0x00004a18 mov.w r2, 0 | r2 = 0;
| if (r3 == 0) {
0x00004a1c cbz r3, 0x4a6c | goto label_0;
| }
0x00004a1e movs r1, 0 | r1 = 0;
0x00004a20 add r7, sp, 0x34 | r7 += var_34h;
0x00004a22 mov.w r3, -1 | r3 = -1;
0x00004a26 movs r2, 1 | r2 = 1;
0x00004a28 mov r6, r0 | r6 = r0;
0x00004a2a strd sb, r7, [sp] | __asm ("strd sb, r7, [sp]");
0x00004a2e mov r0, r1 | r0 = r1;
0x00004a30 str r7, [sp, 8] | var_8h = r7;
0x00004a32 blx 0x2144 | r0 = fcn_00002144 ();
0x00004a36 adds r5, r0, 1 | r5 = r0 + 1;
0x00004a38 mov r0, r5 | r0 = r5;
0x00004a3a blx 0x2264 | r0 = fcn_00002264 ();
0x00004a3e mov r4, r0 | r4 = r0;
| if (r0 == 0) {
0x00004a40 cbz r0, 0x4a8e | goto label_1;
| }
0x00004a42 mov.w r3, -1 | r3 = -1;
0x00004a46 movs r2, 1 | r2 = 1;
0x00004a48 mov r1, r5 | r1 = r5;
0x00004a4a strd sb, r7, [sp] | __asm ("strd sb, r7, [sp]");
0x00004a4e str r7, [sp, 8] | var_8h = r7;
0x00004a50 blx 0x2144 | fcn_00002144 ();
0x00004a54 mov r1, sl | r1 = sl;
0x00004a56 str r0, [sp] | *(sp) = r0;
0x00004a58 mov r3, r4 | r3 = r4;
0x00004a5a mov r0, r6 | r0 = r6;
0x00004a5c ldr.w r7, [r8] | r7 = *(r8);
0x00004a60 movs r2, 1 | r2 = 1;
0x00004a62 blx r7 | uint32_t (*r7)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00004a64 mov r1, r5 | r1 = r5;
0x00004a66 mov r0, r4 | r0 = r4;
0x00004a68 blx 0x22c0 | fcn_000022c0 ();
0x00004a6a invalid |
| do {
| label_0:
0x00004a6c ldr r2, [pc, 0x38] |
0x00004a6e ldr r3, [pc, 0x34] | r3 = *(0x4aa6);
0x00004a70 add r2, pc | r2 = 0x951c;
0x00004a72 ldr r3, [r2, r3] | r3 = *(0x951c);
0x00004a74 ldr r2, [r3] | r2 = *(0x951c);
0x00004a76 ldr r3, [sp, 0xc] | r3 = var_ch;
0x00004a78 eors r2, r3 | r2 ^= r3;
0x00004a7a mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x00004a7e bne 0x4a8a |
0x00004a80 add sp, 0x10 |
0x00004a82 pop.w {r4, r5, r6, r7, r8, sb, sl, lr} |
0x00004a86 add sp, 8 |
0x00004a88 bx lr | return;
| }
0x00004a8a blx 0x21a0 | fcn_000021a0 ();
| label_1:
0x00004a8e ldr r1, [pc, 0x1c] |
0x00004a90 movs r0, 5 | r0 = 5;
0x00004a92 add r1, pc | r1 = 0x9544;
0x00004a94 blx 0x2274 | vfprintf_chk ()
0x00004a98 b 0x4a6c |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x4ab0 */
| #include <stdint.h>
|
; (fcn) sym.wpa_msg_no_global () | void wpa_msg_no_global (int16_t arg1, int16_t arg2) {
| int16_t var_0h_2;
| int32_t var_0h;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_30h;
| int16_t var_4h;
| r0 = arg1;
| r1 = arg2;
0x00004ab0 push {r2, r3} |
0x00004ab2 mov.w r3, -1 | r3 = -1;
0x00004ab6 push.w {r4, r5, r6, r7, r8, sb, lr} |
0x00004aba mov r7, r1 | r7 = r1;
0x00004abc sub sp, 0x14 |
0x00004abe mov r8, r0 | r8 = r0;
0x00004ac0 add r4, sp, 0x30 | r4 += var_30h;
0x00004ac2 ldr r1, [pc, 0xa0] |
0x00004ac4 ldr r2, [pc, 0xa0] | r2 = *(0x4b68);
0x00004ac6 ldr sb, [r4], 4 | sb = *(r4);
| r4 += 4;
0x00004ac8 ldr r3, [sp, 0x10] | r3 = *((sp + 0x10));
0x00004aca add r1, pc | r1 = 0x9634;
0x00004acc ldr r2, [r1, r2] |
0x00004ace movs r1, 0 | r1 = 0;
0x00004ad0 mov r0, r1 | r0 = r1;
0x00004ad2 ldr r2, [r2] | r2 = *(0x9634);
0x00004ad4 str r2, [sp, 0xc] | var_ch = r2;
0x00004ad6 mov.w r2, 0 | r2 = 0;
0x00004ada movs r2, 1 | r2 = 1;
0x00004adc strd sb, r4, [sp] | __asm ("strd sb, r4, [sp]");
0x00004ae0 str r4, [sp, 8] | var_8h = r4;
0x00004ae2 blx 0x2144 | r0 = fcn_00002144 ();
0x00004ae6 adds r6, r0, 1 | r6 = r0 + 1;
0x00004ae8 mov r0, r6 | r0 = r6;
0x00004aea blx 0x2264 | r0 = fcn_00002264 ();
| if (r0 == 0) {
0x00004aee cbz r0, 0x4b52 | goto label_0;
| }
0x00004af0 mov.w r3, -1 | r3 = -1;
0x00004af4 strd sb, r4, [sp] | __asm ("strd sb, r4, [sp]");
0x00004af8 movs r2, 1 | r2 = 1;
0x00004afa mov r1, r6 | r1 = r6;
0x00004afc mov r5, r0 | r5 = r0;
0x00004afe str r4, [sp, 8] | var_8h = r4;
0x00004b00 blx 0x2144 | fcn_00002144 ();
0x00004b04 ldr r1, [pc, 0x64] |
0x00004b06 mov r4, r0 | r4 = r0;
0x00004b08 mov r2, r5 | r2 = r5;
0x00004b0a mov r0, r7 | r0 = r7;
0x00004b0c add r1, pc | r1 = 0x967c;
0x00004b0e blx 0x2274 | vfprintf_chk ()
0x00004b12 ldr r3, [pc, 0x5c] |
0x00004b14 add r3, pc | r3 = 0x968a;
0x00004b16 ldr.w sb, [r3] | sb = *(0x968a);
0x00004b1a cmp.w sb, 0 |
| if (sb != 0) {
0x00004b1e beq 0x4b2c |
0x00004b20 mov r1, r7 | r1 = r7;
0x00004b22 mov r0, r8 | r0 = r8;
0x00004b24 mov r3, r5 | r3 = r5;
0x00004b26 movs r2, 2 | r2 = 2;
0x00004b28 str r4, [sp] | *(sp) = r4;
0x00004b2a blx sb | sb (r0, r1, r2, r3);
| }
0x00004b2c mov r1, r6 | r1 = r6;
0x00004b2e mov r0, r5 | r0 = r5;
0x00004b30 blx 0x22c0 | fcn_000022c0 ();
| do {
0x00004b34 ldr r2, [pc, 0x3c] |
0x00004b36 ldr r3, [pc, 0x30] | r3 = *(0x4b6a);
0x00004b38 add r2, pc | r2 = 0x96b0;
0x00004b3a ldr r3, [r2, r3] | r3 = *(0x96b0);
0x00004b3c ldr r2, [r3] | r2 = *(0x96b0);
0x00004b3e ldr r3, [sp, 0xc] | r3 = var_ch;
0x00004b40 eors r2, r3 | r2 ^= r3;
0x00004b42 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00004b46 bne 0x4b5e | goto label_1;
| }
0x00004b48 add sp, 0x14 |
0x00004b4a pop.w {r4, r5, r6, r7, r8, sb, lr} |
0x00004b4e add sp, 8 |
0x00004b50 bx lr | return;
| label_0:
0x00004b52 ldr r1, [pc, 0x24] |
0x00004b54 movs r0, 5 | r0 = 5;
0x00004b56 add r1, pc | r1 = 0x96d4;
0x00004b58 blx 0x2274 | vfprintf_chk ()
0x00004b5c b 0x4b34 |
| } while (1);
| label_1:
0x00004b5e blx 0x21a0 | fcn_000021a0 ();
0x00004b62 nop |
0x00004b64 movs r3, 0x9a | r3 = 0x9a;
0x00004b66 movs r0, r0 |
0x00004b68 lsls r0, r0, 6 | r0 <<= 6;
0x00004b6a movs r0, r0 |
0x00004b6c lsls r0, r5, 0x1e | r0 = r5 << 0x1e;
0x00004b6e movs r0, r0 |
0x00004b70 movs r5, 0x84 | r5 = 0x84;
0x00004b72 movs r0, r0 |
0x00004b74 movs r3, 0x2c | r3 = 0x2c;
0x00004b76 movs r0, r0 |
0x00004b78 lsls r6, r2, 0x1a | r6 = r2 << 0x1a;
0x00004b7a movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x4b7c */
| #include <stdint.h>
|
; (fcn) sym.wpa_msg_global_only () | void wpa_msg_global_only (int16_t arg1, int16_t arg2) {
| int16_t var_0h;
| int16_t var_8h_2;
| int16_t var_ch_2;
| int16_t var_30h_2;
| r0 = arg1;
| r1 = arg2;
0x00004b7c invalid |
0x00004b80 adds r3, 0xff | r3 += 0xff;
0x00004b82 push.w {r4, r5, r6, r7, r8, sb, lr} |
0x00004b86 mov r7, r1 | r7 = r1;
0x00004b88 sub sp, 0x14 |
0x00004b8a mov r8, r0 | r8 = r0;
0x00004b8c add r4, sp, 0x30 | r4 += var_30h_2;
0x00004b8e ldr r1, [pc, 0xa0] |
0x00004b90 ldr r2, [pc, 0xa0] | r2 = *(0x4c34);
0x00004b92 ldr sb, [r4], 4 | sb = *(r4);
| r4 += 4;
0x00004b96 add r1, pc | r1 = 0x97cc;
0x00004b98 ldr r2, [r1, r2] |
0x00004b9a movs r1, 0 | r1 = 0;
0x00004b9c mov r0, r1 | r0 = r1;
0x00004b9e ldr r2, [r2] | r2 = *(0x97cc);
0x00004ba0 str r2, [sp, 0xc] | var_ch_2 = r2;
0x00004ba2 mov.w r2, 0 | r2 = 0;
0x00004ba6 movs r2, 1 | r2 = 1;
0x00004ba8 strd sb, r4, [sp] | __asm ("strd sb, r4, [sp]");
0x00004bac str r4, [sp, 8] | var_8h_2 = r4;
0x00004bae blx 0x2144 | r0 = fcn_00002144 ();
0x00004bb2 adds r6, r0, 1 | r6 = r0 + 1;
0x00004bb4 mov r0, r6 | r0 = r6;
0x00004bb6 blx 0x2264 | r0 = fcn_00002264 ();
| if (r0 == 0) {
0x00004bba cbz r0, 0x4c18 | goto label_0;
| }
0x00004bbc mov r1, r6 | r1 = r6;
0x00004bbe mov.w r3, -1 | r3 = -1;
0x00004bc2 movs r2, 1 | r2 = 1;
0x00004bc4 strd r4, r4, [sp, 4] | __asm ("strd r4, r4, [sp, 4]");
0x00004bc8 str.w sb, [sp] | __asm ("str.w sb, [sp]");
0x00004bcc mov r5, r0 | r5 = r0;
0x00004bce blx 0x2144 | fcn_00002144 ();
0x00004bd2 ldr r1, [pc, 0x64] |
0x00004bd4 mov r2, r5 | r2 = r5;
0x00004bd6 mov r4, r0 | r4 = r0;
0x00004bd8 mov r0, r7 | r0 = r7;
0x00004bda add r1, pc | r1 = 0x9818;
0x00004bdc blx 0x2274 | vfprintf_chk ()
0x00004be0 ldr r3, [pc, 0x58] |
0x00004be2 add r3, pc | r3 = 0x9822;
0x00004be4 ldr r6, [r3] | r6 = *(0x9822);
| if (r6 != 0) {
0x00004be6 cbz r6, 0x4bf4 |
0x00004be8 mov r1, r7 | r1 = r7;
0x00004bea mov r0, r8 | r0 = r8;
0x00004bec mov r3, r5 | r3 = r5;
0x00004bee movs r2, 3 | r2 = 3;
0x00004bf0 str r4, [sp] | *(sp) = r4;
0x00004bf2 blx r6 | uint32_t (*r6)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
| }
0x00004bf4 mov r0, r5 | r0 = r5;
0x00004bf6 blx 0x2120 | fcn_00002120 ();
| do {
0x00004bfa ldr r2, [pc, 0x44] |
0x00004bfc ldr r3, [pc, 0x34] | r3 = *(0x4c34);
0x00004bfe add r2, pc | r2 = 0x9844;
0x00004c00 ldr r3, [r2, r3] | r3 = *(0x9844);
0x00004c02 ldr r2, [r3] | r2 = *(0x9844);
0x00004c04 ldr r3, [sp, 0xc] | r3 = var_ch_2;
0x00004c06 eors r2, r3 | r2 ^= r3;
0x00004c08 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00004c0c bne 0x4c2a | goto label_1;
| }
0x00004c0e add sp, 0x14 |
0x00004c10 pop.w {r4, r5, r6, r7, r8, sb, lr} |
0x00004c14 add sp, 8 |
0x00004c16 bx lr | return;
| label_0:
0x00004c18 ldr r2, [pc, 0x28] |
0x00004c1a movs r0, 5 | r0 = 5;
0x00004c1c ldr r1, [pc, 0x28] |
0x00004c1e add r2, pc | r2 = 0x9866;
0x00004c20 add r1, pc | r1 = 0x986c;
0x00004c22 adds r2, 0x14 | r2 += 0x14;
0x00004c24 blx 0x2274 | vfprintf_chk ()
0x00004c28 b 0x4bfa |
| } while (1);
| label_1:
0x00004c2a blx 0x21a0 | fcn_000021a0 ();
0x00004c2e nop |
0x00004c30 movs r2, 0xce | r2 = 0xce;
0x00004c32 movs r0, r0 |
0x00004c34 lsls r0, r0, 6 | r0 <<= 6;
0x00004c36 movs r0, r0 |
0x00004c38 lsls r2, r3, 0x1b | r2 = r3 << 0x1b;
0x00004c3a movs r0, r0 |
0x00004c3c movs r4, 0xb6 | r4 = 0xb6;
0x00004c3e movs r0, r0 |
0x00004c40 movs r2, 0x66 | r2 = 0x66;
0x00004c42 movs r0, r0 |
0x00004c44 lsls r6, r4, 0x1b | r6 = r4 << 0x1b;
0x00004c46 movs r0, r0 |
0x00004c48 lsls r4, r0, 0x18 | r4 = r0 << 0x18;
0x00004c4a movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x486c */
| #include <stdint.h>
|
; (fcn) sym.wpa_msg_ctrl () | void wpa_msg_ctrl (int16_t arg1, int16_t arg2) {
| int16_t var_0h;
| int32_t var_0h_2;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_30h;
| int16_t var_34h;
| r0 = arg1;
| r1 = arg2;
0x0000486c push {r2, r3, sl, ip, sp, pc} |
0x00004870 blx lr | lr ();
0x00004872 mov sl, r1 | sl = r1;
0x00004874 sub sp, 0x10 |
0x00004876 ldr.w r8, [pc, 0x9c] |
0x0000487a ldr r1, [pc, 0x9c] |
0x0000487c ldr r2, [pc, 0x9c] | r2 = *(0x491c);
0x0000487e add r8, pc | r8 = 0x9198;
0x00004880 ldr.w sb, [sp, 0x30] | sb = var_30h;
0x00004884 add r1, pc | r1 = 0x91a2;
0x00004886 ldr.w r3, [r8] | r3 = *(0x9198);
0x0000488a ldr r2, [r1, r2] |
0x0000488c ldr r2, [r2] | r2 = *(0x91a2);
0x0000488e str r2, [sp, 0xc] | var_ch = r2;
0x00004890 mov.w r2, 0 | r2 = 0;
| if (r3 == 0) {
0x00004894 cbz r3, 0x48e4 | goto label_0;
| }
0x00004896 movs r1, 0 | r1 = 0;
0x00004898 add r7, sp, 0x34 | r7 += var_34h;
0x0000489a mov.w r3, -1 | r3 = -1;
0x0000489e movs r2, 1 | r2 = 1;
0x000048a0 mov r6, r0 | r6 = r0;
0x000048a2 strd sb, r7, [sp] | __asm ("strd sb, r7, [sp]");
0x000048a6 mov r0, r1 | r0 = r1;
0x000048a8 str r7, [sp, 8] | var_8h = r7;
0x000048aa blx 0x2144 | r0 = fcn_00002144 ();
0x000048ae adds r5, r0, 1 | r5 = r0 + 1;
0x000048b0 mov r0, r5 | r0 = r5;
0x000048b2 blx 0x2264 | r0 = fcn_00002264 ();
0x000048b6 mov r4, r0 | r4 = r0;
| if (r0 == 0) {
0x000048b8 cbz r0, 0x4906 | goto label_1;
| }
0x000048ba mov.w r3, -1 | r3 = -1;
0x000048be movs r2, 1 | r2 = 1;
0x000048c0 mov r1, r5 | r1 = r5;
0x000048c2 strd sb, r7, [sp] | __asm ("strd sb, r7, [sp]");
0x000048c6 str r7, [sp, 8] | var_8h = r7;
0x000048c8 blx 0x2144 | fcn_00002144 ();
0x000048cc mov r1, sl | r1 = sl;
0x000048ce str r0, [sp] | *(sp) = r0;
0x000048d0 mov r3, r4 | r3 = r4;
0x000048d2 mov r0, r6 | r0 = r6;
0x000048d4 ldr.w r7, [r8] | r7 = *(r8);
0x000048d8 movs r2, 0 | r2 = 0;
0x000048da blx r7 | uint32_t (*r7)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x000048dc mov r1, r5 | r1 = r5;
0x000048de mov r0, r4 | r0 = r4;
0x000048e0 blx 0x22c0 | fcn_000022c0 ();
| do {
| label_0:
0x000048e4 ldr r2, [pc, 0x38] |
0x000048e6 ldr r3, [pc, 0x34] | r3 = *(0x491e);
0x000048e8 add r2, pc | r2 = 0x920c;
0x000048ea ldr r3, [r2, r3] | r3 = *(0x920c);
0x000048ec ldr r2, [r3] | r2 = *(0x920c);
0x000048ee ldr r3, [sp, 0xc] | r3 = var_ch;
0x000048f0 eors r2, r3 | r2 ^= r3;
0x000048f2 mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x000048f6 bne 0x4902 |
0x000048f8 add sp, 0x10 |
0x000048fa pop.w {r4, r5, r6, r7, r8, sb, sl, lr} |
0x000048fe add sp, 8 |
0x00004900 bx lr | return;
| }
0x00004902 blx 0x21a0 | fcn_000021a0 ();
| label_1:
0x00004906 ldr r1, [pc, 0x1c] |
0x00004908 movs r0, 5 | r0 = 5;
0x0000490a add r1, pc | r1 = 0x9234;
0x0000490c blx 0x2274 | vfprintf_chk ()
0x00004910 b 0x48e4 |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x4928 */
| #include <stdint.h>
|
; (fcn) sym.wpa_msg_global () | void wpa_msg_global (int16_t arg1, int16_t arg2) {
| int16_t var_ch_2;
| int16_t var_30h_2;
| int16_t var_0h;
| int32_t var_0h_2;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_30h;
| int16_t var_4h;
| r0 = arg1;
| r1 = arg2;
0x00004928 push {r2, r3} |
0x0000492a mov.w r3, -1 | r3 = -1;
0x0000492e push.w {r4, r5, r6, r7, r8, sb, lr} |
0x00004932 mov r7, r1 | r7 = r1;
0x00004934 sub sp, 0x14 |
0x00004936 mov r8, r0 | r8 = r0;
0x00004938 add r4, sp, 0x30 | r4 += var_30h;
0x0000493a ldr r1, [pc, 0xa0] |
0x0000493c ldr r2, [pc, 0xa0] | r2 = *(0x49e0);
0x0000493e ldr sb, [r4], 4 | sb = *(r4);
| r4 += 4;
0x00004940 ldr r3, [sp, 0x10] | r3 = *((sp + 0x10));
0x00004942 add r1, pc | r1 = 0x9324;
0x00004944 ldr r2, [r1, r2] |
0x00004946 movs r1, 0 | r1 = 0;
0x00004948 mov r0, r1 | r0 = r1;
0x0000494a ldr r2, [r2] | r2 = *(0x9324);
0x0000494c str r2, [sp, 0xc] | var_ch = r2;
0x0000494e mov.w r2, 0 | r2 = 0;
0x00004952 movs r2, 1 | r2 = 1;
0x00004954 strd sb, r4, [sp] | __asm ("strd sb, r4, [sp]");
0x00004958 str r4, [sp, 8] | var_8h = r4;
0x0000495a blx 0x2144 | r0 = fcn_00002144 ();
0x0000495e adds r6, r0, 1 | r6 = r0 + 1;
0x00004960 mov r0, r6 | r0 = r6;
0x00004962 blx 0x2264 | r0 = fcn_00002264 ();
| if (r0 == 0) {
0x00004966 cbz r0, 0x49ca | goto label_0;
| }
0x00004968 mov.w r3, -1 | r3 = -1;
0x0000496c strd sb, r4, [sp] | __asm ("strd sb, r4, [sp]");
0x00004970 movs r2, 1 | r2 = 1;
0x00004972 mov r1, r6 | r1 = r6;
0x00004974 mov r5, r0 | r5 = r0;
0x00004976 str r4, [sp, 8] | var_8h = r4;
0x00004978 blx 0x2144 | fcn_00002144 ();
0x0000497c ldr r1, [pc, 0x64] |
0x0000497e mov r4, r0 | r4 = r0;
0x00004980 mov r2, r5 | r2 = r5;
0x00004982 mov r0, r7 | r0 = r7;
0x00004984 add r1, pc | r1 = 0x936c;
0x00004986 blx 0x2274 | vfprintf_chk ()
0x0000498a ldr r3, [pc, 0x5c] |
0x0000498c add r3, pc | r3 = 0x937a;
0x0000498e ldr.w sb, [r3] | sb = *(0x937a);
0x00004992 cmp.w sb, 0 |
| if (sb != 0) {
0x00004996 beq 0x49a4 |
0x00004998 mov r1, r7 | r1 = r7;
0x0000499a mov r0, r8 | r0 = r8;
0x0000499c mov r3, r5 | r3 = r5;
0x0000499e movs r2, 1 | r2 = 1;
0x000049a0 str r4, [sp] | *(sp) = r4;
0x000049a2 blx sb | sb (r0, r1, r2, r3);
| }
0x000049a4 mov r1, r6 | r1 = r6;
0x000049a6 mov r0, r5 | r0 = r5;
0x000049a8 blx 0x22c0 | fcn_000022c0 ();
| do {
0x000049ac ldr r2, [pc, 0x3c] |
0x000049ae ldr r3, [pc, 0x30] | r3 = *(0x49e2);
0x000049b0 add r2, pc | r2 = 0x93a0;
0x000049b2 ldr r3, [r2, r3] | r3 = *(0x93a0);
0x000049b4 ldr r2, [r3] | r2 = *(0x93a0);
0x000049b6 ldr r3, [sp, 0xc] | r3 = var_ch;
0x000049b8 eors r2, r3 | r2 ^= r3;
0x000049ba mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x000049be bne 0x49d6 | goto label_1;
| }
0x000049c0 add sp, 0x14 |
0x000049c2 pop.w {r4, r5, r6, r7, r8, sb, lr} |
0x000049c6 add sp, 8 |
0x000049c8 bx lr | return;
| label_0:
0x000049ca ldr r1, [pc, 0x24] |
0x000049cc movs r0, 5 | r0 = 5;
0x000049ce add r1, pc | r1 = 0x93c4;
0x000049d0 blx 0x2274 | vfprintf_chk ()
0x000049d4 b 0x49ac |
| } while (1);
| label_1:
0x000049d6 blx 0x21a0 | fcn_000021a0 ();
0x000049da nop |
0x000049dc movs r5, 0x22 | r5 = 0x22;
0x000049de movs r0, r0 |
0x000049e0 lsls r0, r0, 6 | r0 <<= 6;
0x000049e2 movs r0, r0 |
0x000049e4 lsrs r0, r6, 4 | r0 = r6 >> 4;
0x000049e6 movs r0, r0 |
0x000049e8 movs r7, 0xc | r7 = 0xc;
0x000049ea movs r0, r0 |
0x000049ec movs r4, 0xb4 | r4 = 0xb4;
0x000049ee movs r0, r0 |
0x000049f0 lsls r2, r6, 0x1e | r2 = r6 << 0x1e;
0x000049f2 movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x49f4 */
| #include <stdint.h>
|
; (fcn) sym.wpa_msg_global_ctrl () | void wpa_msg_global_ctrl (int16_t arg1, int16_t arg2) {
| int16_t var_0h;
| int32_t var_0h_2;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_30h;
| int16_t var_34h;
| r0 = arg1;
| r1 = arg2;
0x000049f4 push {r2, r3, sl, ip, sp, pc} |
0x000049f8 blx lr | lr ();
0x000049fa mov sl, r1 | sl = r1;
0x000049fc sub sp, 0x10 |
0x000049fe ldr.w r8, [pc, 0x9c] |
0x00004a02 ldr r1, [pc, 0x9c] |
0x00004a04 ldr r2, [pc, 0x9c] | r2 = *(0x4aa4);
0x00004a06 add r8, pc | r8 = 0x94a8;
0x00004a08 ldr.w sb, [sp, 0x30] | sb = var_30h;
0x00004a0c add r1, pc | r1 = 0x94b2;
0x00004a0e ldr.w r3, [r8] | r3 = *(0x94a8);
0x00004a12 ldr r2, [r1, r2] |
0x00004a14 ldr r2, [r2] | r2 = *(0x94b2);
0x00004a16 str r2, [sp, 0xc] | var_ch = r2;
0x00004a18 mov.w r2, 0 | r2 = 0;
| if (r3 == 0) {
0x00004a1c cbz r3, 0x4a6c | goto label_0;
| }
0x00004a1e movs r1, 0 | r1 = 0;
0x00004a20 add r7, sp, 0x34 | r7 += var_34h;
0x00004a22 mov.w r3, -1 | r3 = -1;
0x00004a26 movs r2, 1 | r2 = 1;
0x00004a28 mov r6, r0 | r6 = r0;
0x00004a2a strd sb, r7, [sp] | __asm ("strd sb, r7, [sp]");
0x00004a2e mov r0, r1 | r0 = r1;
0x00004a30 str r7, [sp, 8] | var_8h = r7;
0x00004a32 blx 0x2144 | r0 = fcn_00002144 ();
0x00004a36 adds r5, r0, 1 | r5 = r0 + 1;
0x00004a38 mov r0, r5 | r0 = r5;
0x00004a3a blx 0x2264 | r0 = fcn_00002264 ();
0x00004a3e mov r4, r0 | r4 = r0;
| if (r0 == 0) {
0x00004a40 cbz r0, 0x4a8e | goto label_1;
| }
0x00004a42 mov.w r3, -1 | r3 = -1;
0x00004a46 movs r2, 1 | r2 = 1;
0x00004a48 mov r1, r5 | r1 = r5;
0x00004a4a strd sb, r7, [sp] | __asm ("strd sb, r7, [sp]");
0x00004a4e str r7, [sp, 8] | var_8h = r7;
0x00004a50 blx 0x2144 | fcn_00002144 ();
0x00004a54 mov r1, sl | r1 = sl;
0x00004a56 str r0, [sp] | *(sp) = r0;
0x00004a58 mov r3, r4 | r3 = r4;
0x00004a5a mov r0, r6 | r0 = r6;
0x00004a5c ldr.w r7, [r8] | r7 = *(r8);
0x00004a60 movs r2, 1 | r2 = 1;
0x00004a62 blx r7 | uint32_t (*r7)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00004a64 mov r1, r5 | r1 = r5;
0x00004a66 mov r0, r4 | r0 = r4;
0x00004a68 blx 0x22c0 | fcn_000022c0 ();
0x00004a6a invalid |
| do {
| label_0:
0x00004a6c ldr r2, [pc, 0x38] |
0x00004a6e ldr r3, [pc, 0x34] | r3 = *(0x4aa6);
0x00004a70 add r2, pc | r2 = 0x951c;
0x00004a72 ldr r3, [r2, r3] | r3 = *(0x951c);
0x00004a74 ldr r2, [r3] | r2 = *(0x951c);
0x00004a76 ldr r3, [sp, 0xc] | r3 = var_ch;
0x00004a78 eors r2, r3 | r2 ^= r3;
0x00004a7a mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x00004a7e bne 0x4a8a |
0x00004a80 add sp, 0x10 |
0x00004a82 pop.w {r4, r5, r6, r7, r8, sb, sl, lr} |
0x00004a86 add sp, 8 |
0x00004a88 bx lr | return;
| }
0x00004a8a blx 0x21a0 | fcn_000021a0 ();
| label_1:
0x00004a8e ldr r1, [pc, 0x1c] |
0x00004a90 movs r0, 5 | r0 = 5;
0x00004a92 add r1, pc | r1 = 0x9544;
0x00004a94 blx 0x2274 | vfprintf_chk ()
0x00004a98 b 0x4a6c |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x4b7c */
| #include <stdint.h>
|
; (fcn) sym.wpa_msg_global_only () | void wpa_msg_global_only (int16_t arg1, int16_t arg2) {
| int16_t var_0h;
| int16_t var_8h_2;
| int16_t var_ch_2;
| int16_t var_30h_2;
| r0 = arg1;
| r1 = arg2;
0x00004b7c push {r2, r3} |
0x00004b7e mov.w r3, -1 | r3 = -1;
0x00004b82 push.w {r4, r5, r6, r7, r8, sb, lr} |
0x00004b86 mov r7, r1 | r7 = r1;
0x00004b88 sub sp, 0x14 |
0x00004b8a mov r8, r0 | r8 = r0;
0x00004b8c add r4, sp, 0x30 | r4 += var_30h_2;
0x00004b8e ldr r1, [pc, 0xa0] |
0x00004b90 ldr r2, [pc, 0xa0] | r2 = *(0x4c34);
0x00004b92 ldr sb, [r4], 4 | sb = *(r4);
| r4 += 4;
0x00004b96 add r1, pc | r1 = 0x97cc;
0x00004b98 ldr r2, [r1, r2] |
0x00004b9a movs r1, 0 | r1 = 0;
0x00004b9c mov r0, r1 | r0 = r1;
0x00004b9e ldr r2, [r2] | r2 = *(0x97cc);
0x00004ba0 str r2, [sp, 0xc] | var_ch_2 = r2;
0x00004ba2 mov.w r2, 0 | r2 = 0;
0x00004ba6 movs r2, 1 | r2 = 1;
0x00004ba8 strd sb, r4, [sp] | __asm ("strd sb, r4, [sp]");
0x00004bac str r4, [sp, 8] | var_8h_2 = r4;
0x00004bae blx 0x2144 | r0 = fcn_00002144 ();
0x00004bb2 adds r6, r0, 1 | r6 = r0 + 1;
0x00004bb4 mov r0, r6 | r0 = r6;
0x00004bb6 blx 0x2264 | r0 = fcn_00002264 ();
| if (r0 == 0) {
0x00004bba cbz r0, 0x4c18 | goto label_0;
| }
0x00004bbc mov r1, r6 | r1 = r6;
0x00004bbe mov.w r3, -1 | r3 = -1;
0x00004bc2 movs r2, 1 | r2 = 1;
0x00004bc4 strd r4, r4, [sp, 4] | __asm ("strd r4, r4, [sp, 4]");
0x00004bc8 str.w sb, [sp] | __asm ("str.w sb, [sp]");
0x00004bcc mov r5, r0 | r5 = r0;
0x00004bce blx 0x2144 | fcn_00002144 ();
0x00004bd2 ldr r1, [pc, 0x64] |
0x00004bd4 mov r2, r5 | r2 = r5;
0x00004bd6 mov r4, r0 | r4 = r0;
0x00004bd8 mov r0, r7 | r0 = r7;
0x00004bda add r1, pc | r1 = 0x9818;
0x00004bdc blx 0x2274 | vfprintf_chk ()
0x00004be0 ldr r3, [pc, 0x58] |
0x00004be2 add r3, pc | r3 = 0x9822;
0x00004be4 ldr r6, [r3] | r6 = *(0x9822);
| if (r6 != 0) {
0x00004be6 cbz r6, 0x4bf4 |
0x00004be8 mov r1, r7 | r1 = r7;
0x00004bea mov r0, r8 | r0 = r8;
0x00004bec mov r3, r5 | r3 = r5;
0x00004bee movs r2, 3 | r2 = 3;
0x00004bf0 str r4, [sp] | *(sp) = r4;
0x00004bf2 blx r6 | uint32_t (*r6)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
| }
0x00004bf4 mov r0, r5 | r0 = r5;
0x00004bf6 blx 0x2120 | fcn_00002120 ();
| do {
0x00004bfa ldr r2, [pc, 0x44] |
0x00004bfc ldr r3, [pc, 0x34] | r3 = *(0x4c34);
0x00004bfe add r2, pc | r2 = 0x9844;
0x00004c00 ldr r3, [r2, r3] | r3 = *(0x9844);
0x00004c02 ldr r2, [r3] | r2 = *(0x9844);
0x00004c04 ldr r3, [sp, 0xc] | r3 = var_ch_2;
0x00004c06 eors r2, r3 | r2 ^= r3;
0x00004c08 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00004c0c bne 0x4c2a | goto label_1;
| }
0x00004c0e add sp, 0x14 |
0x00004c10 pop.w {r4, r5, r6, r7, r8, sb, lr} |
0x00004c14 add sp, 8 |
0x00004c16 bx lr | return;
| label_0:
0x00004c18 ldr r2, [pc, 0x28] |
0x00004c1a movs r0, 5 | r0 = 5;
0x00004c1c ldr r1, [pc, 0x28] |
0x00004c1e add r2, pc | r2 = 0x9866;
0x00004c20 add r1, pc | r1 = 0x986c;
0x00004c22 adds r2, 0x14 | r2 += 0x14;
0x00004c24 blx 0x2274 | vfprintf_chk ()
0x00004c28 b 0x4bfa |
| } while (1);
| label_1:
0x00004c2a blx 0x21a0 | fcn_000021a0 ();
0x00004c2e nop |
0x00004c30 movs r2, 0xce | r2 = 0xce;
0x00004c32 movs r0, r0 |
0x00004c34 lsls r0, r0, 6 | r0 <<= 6;
0x00004c36 movs r0, r0 |
0x00004c38 lsls r2, r3, 0x1b | r2 = r3 << 0x1b;
0x00004c3a movs r0, r0 |
0x00004c3c movs r4, 0xb6 | r4 = 0xb6;
0x00004c3e movs r0, r0 |
0x00004c40 movs r2, 0x66 | r2 = 0x66;
0x00004c42 movs r0, r0 |
0x00004c44 lsls r6, r4, 0x1b | r6 = r4 << 0x1b;
0x00004c46 movs r0, r0 |
0x00004c48 lsls r4, r0, 0x18 | r4 = r0 << 0x18;
0x00004c4a movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x49f4 */
| #include <stdint.h>
|
; (fcn) sym.wpa_msg_global_ctrl () | void wpa_msg_global_ctrl (int16_t arg1, int16_t arg2) {
| int16_t var_0h;
| int32_t var_0h_2;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_30h;
| int16_t var_34h;
| r0 = arg1;
| r1 = arg2;
0x000049f4 push {r2, r3, sl, ip, sp, pc} |
0x000049f8 blx lr | lr ();
0x000049fa mov sl, r1 | sl = r1;
0x000049fc sub sp, 0x10 |
0x000049fe ldr.w r8, [pc, 0x9c] |
0x00004a02 ldr r1, [pc, 0x9c] |
0x00004a04 ldr r2, [pc, 0x9c] | r2 = *(0x4aa4);
0x00004a06 add r8, pc | r8 = 0x94a8;
0x00004a08 ldr.w sb, [sp, 0x30] | sb = var_30h;
0x00004a0c add r1, pc | r1 = 0x94b2;
0x00004a0e ldr.w r3, [r8] | r3 = *(0x94a8);
0x00004a12 ldr r2, [r1, r2] |
0x00004a14 ldr r2, [r2] | r2 = *(0x94b2);
0x00004a16 str r2, [sp, 0xc] | var_ch = r2;
0x00004a18 mov.w r2, 0 | r2 = 0;
| if (r3 == 0) {
0x00004a1c cbz r3, 0x4a6c | goto label_0;
| }
0x00004a1e movs r1, 0 | r1 = 0;
0x00004a20 add r7, sp, 0x34 | r7 += var_34h;
0x00004a22 mov.w r3, -1 | r3 = -1;
0x00004a26 movs r2, 1 | r2 = 1;
0x00004a28 mov r6, r0 | r6 = r0;
0x00004a2a strd sb, r7, [sp] | __asm ("strd sb, r7, [sp]");
0x00004a2e mov r0, r1 | r0 = r1;
0x00004a30 str r7, [sp, 8] | var_8h = r7;
0x00004a32 blx 0x2144 | r0 = fcn_00002144 ();
0x00004a36 adds r5, r0, 1 | r5 = r0 + 1;
0x00004a38 mov r0, r5 | r0 = r5;
0x00004a3a blx 0x2264 | r0 = fcn_00002264 ();
0x00004a3e mov r4, r0 | r4 = r0;
| if (r0 == 0) {
0x00004a40 cbz r0, 0x4a8e | goto label_1;
| }
0x00004a42 mov.w r3, -1 | r3 = -1;
0x00004a46 movs r2, 1 | r2 = 1;
0x00004a48 mov r1, r5 | r1 = r5;
0x00004a4a strd sb, r7, [sp] | __asm ("strd sb, r7, [sp]");
0x00004a4e str r7, [sp, 8] | var_8h = r7;
0x00004a50 blx 0x2144 | fcn_00002144 ();
0x00004a54 mov r1, sl | r1 = sl;
0x00004a56 str r0, [sp] | *(sp) = r0;
0x00004a58 mov r3, r4 | r3 = r4;
0x00004a5a mov r0, r6 | r0 = r6;
0x00004a5c ldr.w r7, [r8] | r7 = *(r8);
0x00004a60 movs r2, 1 | r2 = 1;
0x00004a62 blx r7 | uint32_t (*r7)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00004a64 mov r1, r5 | r1 = r5;
0x00004a66 mov r0, r4 | r0 = r4;
0x00004a68 blx 0x22c0 | fcn_000022c0 ();
0x00004a6a invalid |
| do {
| label_0:
0x00004a6c ldr r2, [pc, 0x38] |
0x00004a6e ldr r3, [pc, 0x34] | r3 = *(0x4aa6);
0x00004a70 add r2, pc | r2 = 0x951c;
0x00004a72 ldr r3, [r2, r3] | r3 = *(0x951c);
0x00004a74 ldr r2, [r3] | r2 = *(0x951c);
0x00004a76 ldr r3, [sp, 0xc] | r3 = var_ch;
0x00004a78 eors r2, r3 | r2 ^= r3;
0x00004a7a mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x00004a7e bne 0x4a8a |
0x00004a80 add sp, 0x10 |
0x00004a82 pop.w {r4, r5, r6, r7, r8, sb, sl, lr} |
0x00004a86 add sp, 8 |
0x00004a88 bx lr | return;
| }
0x00004a8a blx 0x21a0 | fcn_000021a0 ();
| label_1:
0x00004a8e ldr r1, [pc, 0x1c] |
0x00004a90 movs r0, 5 | r0 = 5;
0x00004a92 add r1, pc | r1 = 0x9544;
0x00004a94 blx 0x2274 | vfprintf_chk ()
0x00004a98 b 0x4a6c |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x4b7c */
| #include <stdint.h>
|
; (fcn) sym.wpa_msg_global_only () | void wpa_msg_global_only (int16_t arg1, int16_t arg2) {
| int16_t var_0h;
| int16_t var_8h_2;
| int16_t var_ch_2;
| int16_t var_30h_2;
| r0 = arg1;
| r1 = arg2;
0x00004b7c push {r2, r3} |
0x00004b7e mov.w r3, -1 | r3 = -1;
0x00004b82 push.w {r4, r5, r6, r7, r8, sb, lr} |
0x00004b86 mov r7, r1 | r7 = r1;
0x00004b88 sub sp, 0x14 |
0x00004b8a mov r8, r0 | r8 = r0;
0x00004b8c add r4, sp, 0x30 | r4 += var_30h_2;
0x00004b8e ldr r1, [pc, 0xa0] |
0x00004b90 ldr r2, [pc, 0xa0] | r2 = *(0x4c34);
0x00004b92 ldr sb, [r4], 4 | sb = *(r4);
| r4 += 4;
0x00004b96 add r1, pc | r1 = 0x97cc;
0x00004b98 ldr r2, [r1, r2] |
0x00004b9a movs r1, 0 | r1 = 0;
0x00004b9c mov r0, r1 | r0 = r1;
0x00004b9e ldr r2, [r2] | r2 = *(0x97cc);
0x00004ba0 str r2, [sp, 0xc] | var_ch_2 = r2;
0x00004ba2 mov.w r2, 0 | r2 = 0;
0x00004ba6 movs r2, 1 | r2 = 1;
0x00004ba8 strd sb, r4, [sp] | __asm ("strd sb, r4, [sp]");
0x00004bac str r4, [sp, 8] | var_8h_2 = r4;
0x00004bae blx 0x2144 | r0 = fcn_00002144 ();
0x00004bb2 adds r6, r0, 1 | r6 = r0 + 1;
0x00004bb4 mov r0, r6 | r0 = r6;
0x00004bb6 blx 0x2264 | r0 = fcn_00002264 ();
| if (r0 == 0) {
0x00004bba cbz r0, 0x4c18 | goto label_0;
| }
0x00004bbc mov r1, r6 | r1 = r6;
0x00004bbe mov.w r3, -1 | r3 = -1;
0x00004bc2 movs r2, 1 | r2 = 1;
0x00004bc4 strd r4, r4, [sp, 4] | __asm ("strd r4, r4, [sp, 4]");
0x00004bc8 str.w sb, [sp] | __asm ("str.w sb, [sp]");
0x00004bcc mov r5, r0 | r5 = r0;
0x00004bce blx 0x2144 | fcn_00002144 ();
0x00004bd2 ldr r1, [pc, 0x64] |
0x00004bd4 mov r2, r5 | r2 = r5;
0x00004bd6 mov r4, r0 | r4 = r0;
0x00004bd8 mov r0, r7 | r0 = r7;
0x00004bda add r1, pc | r1 = 0x9818;
0x00004bdc blx 0x2274 | vfprintf_chk ()
0x00004be0 ldr r3, [pc, 0x58] |
0x00004be2 add r3, pc | r3 = 0x9822;
0x00004be4 ldr r6, [r3] | r6 = *(0x9822);
| if (r6 != 0) {
0x00004be6 cbz r6, 0x4bf4 |
0x00004be8 mov r1, r7 | r1 = r7;
0x00004bea mov r0, r8 | r0 = r8;
0x00004bec mov r3, r5 | r3 = r5;
0x00004bee movs r2, 3 | r2 = 3;
0x00004bf0 str r4, [sp] | *(sp) = r4;
0x00004bf2 blx r6 | uint32_t (*r6)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
| }
0x00004bf4 mov r0, r5 | r0 = r5;
0x00004bf6 blx 0x2120 | fcn_00002120 ();
| do {
0x00004bfa ldr r2, [pc, 0x44] |
0x00004bfc ldr r3, [pc, 0x34] | r3 = *(0x4c34);
0x00004bfe add r2, pc | r2 = 0x9844;
0x00004c00 ldr r3, [r2, r3] | r3 = *(0x9844);
0x00004c02 ldr r2, [r3] | r2 = *(0x9844);
0x00004c04 ldr r3, [sp, 0xc] | r3 = var_ch_2;
0x00004c06 eors r2, r3 | r2 ^= r3;
0x00004c08 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00004c0c bne 0x4c2a | goto label_1;
| }
0x00004c0e add sp, 0x14 |
0x00004c10 pop.w {r4, r5, r6, r7, r8, sb, lr} |
0x00004c14 add sp, 8 |
0x00004c16 bx lr | return;
| label_0:
0x00004c18 ldr r2, [pc, 0x28] |
0x00004c1a movs r0, 5 | r0 = 5;
0x00004c1c ldr r1, [pc, 0x28] |
0x00004c1e add r2, pc | r2 = 0x9866;
0x00004c20 add r1, pc | r1 = 0x986c;
0x00004c22 adds r2, 0x14 | r2 += 0x14;
0x00004c24 blx 0x2274 | vfprintf_chk ()
0x00004c28 b 0x4bfa |
| } while (1);
| label_1:
0x00004c2a blx 0x21a0 | fcn_000021a0 ();
0x00004c2e nop |
0x00004c30 movs r2, 0xce | r2 = 0xce;
0x00004c32 movs r0, r0 |
0x00004c34 lsls r0, r0, 6 | r0 <<= 6;
0x00004c36 movs r0, r0 |
0x00004c38 lsls r2, r3, 0x1b | r2 = r3 << 0x1b;
0x00004c3a movs r0, r0 |
0x00004c3c movs r4, 0xb6 | r4 = 0xb6;
0x00004c3e movs r0, r0 |
0x00004c40 movs r2, 0x66 | r2 = 0x66;
0x00004c42 movs r0, r0 |
0x00004c44 lsls r6, r4, 0x1b | r6 = r4 << 0x1b;
0x00004c46 movs r0, r0 |
0x00004c48 lsls r4, r0, 0x18 | r4 = r0 << 0x18;
0x00004c4a movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libwpa_client.so @ 0x4ab0 */
| #include <stdint.h>
|
; (fcn) sym.wpa_msg_no_global () | void wpa_msg_no_global (int16_t arg1, int16_t arg2) {
| int16_t var_0h_2;
| int32_t var_0h;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_30h;
| int16_t var_4h;
| r0 = arg1;
| r1 = arg2;
0x00004ab0 invalid |
0x00004ab4 adds r3, 0xff | r3 += 0xff;
0x00004ab6 push.w {r4, r5, r6, r7, r8, sb, lr} |
0x00004aba mov r7, r1 | r7 = r1;
0x00004abc sub sp, 0x14 |
0x00004abe mov r8, r0 | r8 = r0;
0x00004ac0 add r4, sp, 0x30 | r4 += var_30h;
0x00004ac2 ldr r1, [pc, 0xa0] |
0x00004ac4 ldr r2, [pc, 0xa0] | r2 = *(0x4b68);
0x00004ac6 ldr sb, [r4], 4 | sb = *(r4);
| r4 += 4;
0x00004ac8 ldr r3, [sp, 0x10] | r3 = *((sp + 0x10));
0x00004aca add r1, pc | r1 = 0x9634;
0x00004acc ldr r2, [r1, r2] |
0x00004ace movs r1, 0 | r1 = 0;
0x00004ad0 mov r0, r1 | r0 = r1;
0x00004ad2 ldr r2, [r2] | r2 = *(0x9634);
0x00004ad4 str r2, [sp, 0xc] | var_ch = r2;
0x00004ad6 mov.w r2, 0 | r2 = 0;
0x00004ada movs r2, 1 | r2 = 1;
0x00004adc strd sb, r4, [sp] | __asm ("strd sb, r4, [sp]");
0x00004ae0 str r4, [sp, 8] | var_8h = r4;
0x00004ae2 blx 0x2144 | r0 = fcn_00002144 ();
0x00004ae6 adds r6, r0, 1 | r6 = r0 + 1;
0x00004ae8 mov r0, r6 | r0 = r6;
0x00004aea blx 0x2264 | r0 = fcn_00002264 ();
| if (r0 == 0) {
0x00004aee cbz r0, 0x4b52 | goto label_0;
| }
0x00004af0 mov.w r3, -1 | r3 = -1;
0x00004af4 strd sb, r4, [sp] | __asm ("strd sb, r4, [sp]");
0x00004af8 movs r2, 1 | r2 = 1;
0x00004afa mov r1, r6 | r1 = r6;
0x00004afc mov r5, r0 | r5 = r0;
0x00004afe str r4, [sp, 8] | var_8h = r4;
0x00004b00 blx 0x2144 | fcn_00002144 ();
0x00004b04 ldr r1, [pc, 0x64] |
0x00004b06 mov r4, r0 | r4 = r0;
0x00004b08 mov r2, r5 | r2 = r5;
0x00004b0a mov r0, r7 | r0 = r7;
0x00004b0c add r1, pc | r1 = 0x967c;
0x00004b0e blx 0x2274 | vfprintf_chk ()
0x00004b12 ldr r3, [pc, 0x5c] |
0x00004b14 add r3, pc | r3 = 0x968a;
0x00004b16 ldr.w sb, [r3] | sb = *(0x968a);
0x00004b1a cmp.w sb, 0 |
| if (sb != 0) {
0x00004b1e beq 0x4b2c |
0x00004b20 mov r1, r7 | r1 = r7;
0x00004b22 mov r0, r8 | r0 = r8;
0x00004b24 mov r3, r5 | r3 = r5;
0x00004b26 movs r2, 2 | r2 = 2;
0x00004b28 str r4, [sp] | *(sp) = r4;
0x00004b2a blx sb | sb (r0, r1, r2, r3);
| }
0x00004b2c mov r1, r6 | r1 = r6;
0x00004b2e mov r0, r5 | r0 = r5;
0x00004b30 blx 0x22c0 | fcn_000022c0 ();
| do {
0x00004b34 ldr r2, [pc, 0x3c] |
0x00004b36 ldr r3, [pc, 0x30] | r3 = *(0x4b6a);
0x00004b38 add r2, pc | r2 = 0x96b0;
0x00004b3a ldr r3, [r2, r3] | r3 = *(0x96b0);
0x00004b3c ldr r2, [r3] | r2 = *(0x96b0);
0x00004b3e ldr r3, [sp, 0xc] | r3 = var_ch;
0x00004b40 eors r2, r3 | r2 ^= r3;
0x00004b42 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00004b46 bne 0x4b5e | goto label_1;
| }
0x00004b48 add sp, 0x14 |
0x00004b4a pop.w {r4, r5, r6, r7, r8, sb, lr} |
0x00004b4e add sp, 8 |
0x00004b50 bx lr | return;
| label_0:
0x00004b52 ldr r1, [pc, 0x24] |
0x00004b54 movs r0, 5 | r0 = 5;
0x00004b56 add r1, pc | r1 = 0x96d4;
0x00004b58 blx 0x2274 | vfprintf_chk ()
0x00004b5c b 0x4b34 |
| } while (1);
| label_1:
0x00004b5e blx 0x21a0 | fcn_000021a0 ();
0x00004b62 nop |
0x00004b64 movs r3, 0x9a | r3 = 0x9a;
0x00004b66 movs r0, r0 |
0x00004b68 lsls r0, r0, 6 | r0 <<= 6;
0x00004b6a movs r0, r0 |
0x00004b6c lsls r0, r5, 0x1e | r0 = r5 << 0x1e;
0x00004b6e movs r0, r0 |
0x00004b70 movs r5, 0x84 | r5 = 0x84;
0x00004b72 movs r0, r0 |
0x00004b74 movs r3, 0x2c | r3 = 0x2c;
0x00004b76 movs r0, r0 |
0x00004b78 lsls r6, r2, 0x1a | r6 = r2 << 0x1a;
0x00004b7a movs r0, r0 |
| }
[*] Function fprintf used 25 times libwpa_client.so
