[*] Binary protection state of kmod
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of kmod
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/bin/kmod @ 0x11878 */
| #include <stdint.h>
|
; (fcn) fcn.00011878 () | void fcn_00011878 (int16_t arg2, int16_t arg3) {
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_14h;
| int16_t var_18h;
| int16_t var_1ch;
| int16_t var_24h;
| int16_t var_28h;
| int16_t var_4h_2;
| int16_t var_30h;
| int16_t var_1020h;
| int32_t var_0h_2;
| r1 = arg2;
| r2 = arg3;
0x00011878 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x0001187c mov r4, r1 | r4 = r1;
0x0001187e ldr r1, [pc, 0x188] |
0x00011880 mov sl, r2 | sl = r2;
0x00011882 sub.w sp, sp, 0x1020 |
0x00011886 movs r3, 0 | r3 = 0;
0x00011888 ldr r2, [pc, 0x180] | r2 = *(0x11a0c);
0x0001188a sub sp, 0x14 |
0x0001188c add r1, pc | r1 = 0x2329a;
0x0001188e add.w r5, sp, 0x1020 | r5 += var_1020h;
0x00011892 add.w r8, sp, 0x30 | r8 += var_30h;
0x00011896 adds r5, 0xc | r5 += 0xc;
0x00011898 ldr r2, [r1, r2] |
0x0001189a ldr r2, [r2] | r2 = *(0x2329a);
0x0001189c str r2, [r5] | *(r5) = r2;
0x0001189e mov.w r2, 0 | r2 = 0;
0x000118a2 str r3, [r8, -0xc] | var_24h = r3;
0x000118a6 bl 0x11588 | r0 = fcn_00011588 (r0);
0x000118aa cmp r0, 0 |
| if (r0 == 0) {
0x000118ac beq.w 0x119e2 | goto label_1;
| }
0x000118b0 mov r6, r0 | r6 = r0;
0x000118b2 sub.w r5, r8, 4 | r5 -= var_4h_2;
| do {
0x000118b6 mov r0, r6 | r0 = r6;
0x000118b8 bl 0x11680 | r0 = fcn_00011680 (r0);
0x000118bc cmp r0, 0 |
| if (r0 == 0) {
0x000118be beq.w 0x119ee | goto label_2;
| }
0x000118c2 mov r1, r5 | r1 = r5;
0x000118c4 mov r0, r6 | r0 = r6;
0x000118c6 bl 0x117bc | r0 = fcn_000117bc (r0, r1);
0x000118ca cmp r0, 0 |
| if (r0 == 0) {
0x000118cc beq.w 0x119f6 | goto label_3;
| }
0x000118d0 mov r1, r5 | r1 = r5;
0x000118d2 mov r0, r4 | r0 = r4;
0x000118d4 blx 0x2058 | r0 = fcn_00002058 ();
0x000118d8 mov fp, r0 |
0x000118da cmp r0, 0 |
0x000118dc bne 0x118b6 |
| } while (r0 != 0);
0x000118de mov r0, r4 | r0 = r4;
0x000118e0 blx 0x1d74 | fcn_00001d74 ();
0x000118e4 ldr r2, [r6, 0x20] | r2 = *((r6 + 0x20));
0x000118e6 add.w sb, r0, 1 | sb = r0 + 1;
0x000118ea ldr r3, [r6, 0x1c] | r3 = *((r6 + 0x1c));
0x000118ec ldr r7, [r6, 0x18] | r7 = *((r6 + 0x18));
0x000118ee ldr r4, [r6, 0x10] | r4 = *((r6 + 0x10));
0x000118f0 mla r0, r0, r2, r2 | __asm ("mla r0, r0, r2, r2");
0x000118f4 str r2, [sp, 0x1c] | var_1ch = r2;
0x000118f6 str r3, [sp, 0xc] | var_ch = r3;
0x000118f8 adds r2, 1 | r2++;
0x000118fa ldr r5, [r6, 0x14] | r5 = *((r6 + 0x14));
0x000118fc lsls r3, r2, 2 | r3 = r2 << 2;
0x000118fe subs r2, r7, r4 | r2 = r7 - r4;
0x00011900 add r2, r3 | r2 += r3;
0x00011902 str r3, [sp, 0x14] | var_14h = r3;
0x00011904 subs r0, r2, r0 | r0 = r2 - r0;
0x00011906 blx 0x1ec0 | fcn_00001ec0 ();
0x0001190a ldr r3, [sp, 0xc] | r3 = var_ch;
0x0001190c mov ip, r0 |
0x0001190e str.w r0, [sl] | __asm ("str.w r0, [sl]");
0x00011912 cmp r0, 0 |
| if (r0 == 0) {
0x00011914 beq 0x119f6 | goto label_3;
| }
0x00011916 cmp r4, r7 |
0x00011918 sbcs.w r3, r5, r3 | __asm ("sbcs.w r3, r5, r3");
| if (r4 >= r7) {
0x0001191c bge 0x119aa | goto label_0;
| }
0x0001191e add r3, sp, 0x28 | r3 += var_28h;
0x00011920 mov r7, fp | r7 = fp;
0x00011922 str r3, [sp, 0x10] | var_10h = r3;
0x00011924 add r3, sp, 0x24 | r3 += var_24h;
0x00011926 str r3, [sp, 0xc] | var_ch = r3;
0x00011928 mov r3, r5 | r3 = r5;
0x0001192a str.w ip, [sp, 0x18] | __asm ("str.w ip, [var_18h]");
0x0001192e mov r5, sl | r5 = sl;
0x00011930 mov sl, r3 | sl = r3;
0x00011932 b 0x11968 |
| while (r0 >= 1) {
0x00011934 ldr r3, [sp, 0x14] | r3 = var_14h;
0x00011936 ldr r1, [r8, -0xc] | r1 = var_24h;
0x0001193a adds r2, r3, r7 | r2 = r3 + r7;
0x0001193c ldr r3, [sp, 0x18] | r3 = var_18h;
0x0001193e add r1, sb | r1 += sb;
0x00011940 add r2, r3 | r2 += r3;
0x00011942 mov r0, r2 | r0 = r2;
0x00011944 blx 0x1de4 | vfprintf_chk ()
0x00011948 ldr r1, [r8, -0x8] | r1 = *((r8 - 0x8));
0x0001194c sub.w r1, r1, sb | r1 -= sb;
0x00011950 add r7, r1 | r7 += r1;
0x00011952 ldr r1, [r5] | r1 = *(r5);
0x00011954 str.w r0, [r1, fp] | __asm ("str.w r0, [r1, fp]");
0x00011958 add.w fp, fp, 4 |
0x0001195c ldrd r1, r2, [r6, 0x18] | __asm ("ldrd r1, r2, [r6, 0x18]");
0x00011960 cmp r4, r1 |
0x00011962 sbcs.w r2, sl, r2 | __asm ("sbcs.w r2, sl, r2");
| if (r4 >= r1) {
0x00011966 bge 0x119aa | goto label_0;
| }
0x00011968 ldr r1, [sp, 0x10] | r1 = var_10h;
0x0001196a mov r2, r4 | r2 = r4;
0x0001196c mov r3, sl | r3 = sl;
0x0001196e mov r0, r6 | r0 = r6;
0x00011970 str r1, [sp, 4] | var_4h = r1;
0x00011972 ldr r1, [sp, 0xc] | r1 = var_ch;
0x00011974 str r1, [sp] | *(sp) = r1;
0x00011976 bl 0x11440 | r0 = fcn_00011440 (r0, r1, r2, r3, r4, r5);
0x0001197a cmp r0, 1 |
0x0001197c mov r4, r0 | r4 = r0;
0x0001197e sbcs r2, r1, 0 | __asm ("sbcs r2, r1, 0");
0x00011982 mov sl, r1 | sl = r1;
0x00011984 bge 0x11934 |
| }
0x00011986 orrs r4, r1 | r4 |= r1;
0x00011988 mov r3, r1 | r3 = r1;
0x0001198a it eq |
| if (r4 != r1) {
0x0001198c mvneq r3, 0x15 | r3 = ~0x15;
| }
0x00011990 mov sl, r5 | sl = r5;
0x00011992 it eq |
| if (r4 != r1) {
0x00011994 streq r3, [sp, 0x1c] | var_1ch = r3;
| }
| if (r4 != r1) {
0x00011996 beq 0x119a2 |
0x00011998 blx 0x207c | r0 = fcn_0000207c ();
0x0001199c ldr r3, [r0] | r3 = *(r0);
0x0001199e rsbs r3, r3, 0 | r3 -= ;
0x000119a0 str r3, [sp, 0x1c] | var_1ch = r3;
| }
0x000119a2 ldr.w r0, [sl] | r0 = *(sl);
0x000119a6 blx 0x1cb0 | fcn_00001cb0 ();
| label_0:
0x000119aa ldr r0, [r6, 4] | r0 = *((r6 + 4));
0x000119ac blx 0x1e60 | fcn_00001e60 ();
0x000119b0 ldr r0, [r6, 0x28] | r0 = *((r6 + 0x28));
0x000119b2 blx 0x1cb0 | fcn_00001cb0 ();
0x000119b6 mov r0, r6 | r0 = r6;
0x000119b8 blx 0x1cb0 | fcn_00001cb0 ();
| do {
0x000119bc ldr r2, [pc, 0x50] |
0x000119be add.w r1, sp, 0x1020 | r1 += var_1020h;
0x000119c2 ldr r3, [pc, 0x48] | r3 = *(0x11a0e);
0x000119c4 adds r1, 0xc | r1 += 0xc;
0x000119c6 add r2, pc | r2 = 0x233da;
0x000119c8 ldr r3, [r2, r3] | r3 = *(0x233da);
0x000119ca ldr r2, [r3] | r2 = *(0x233da);
0x000119cc ldr r3, [r1] | r3 = *(r1);
0x000119ce eors r2, r3 | r2 ^= r3;
0x000119d0 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x000119d4 bne 0x11a02 | goto label_4;
| }
0x000119d6 ldr r0, [sp, 0x1c] | r0 = var_1ch;
0x000119d8 add.w sp, sp, 0x1020 |
0x000119dc add sp, 0x14 |
0x000119de pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_1:
0x000119e2 blx 0x207c | r0 = fcn_0000207c ();
0x000119e6 ldr r3, [r0] | r3 = *(r0);
0x000119e8 rsbs r3, r3, 0 | r3 -= ;
0x000119ea str r3, [sp, 0x1c] | var_1ch = r3;
0x000119ec b 0x119bc |
| } while (1);
| label_2:
0x000119ee mvn r3, 0x25 | r3 = ~0x25;
0x000119f2 str r3, [sp, 0x1c] | var_1ch = r3;
0x000119f4 b 0x119aa | goto label_0;
| label_3:
0x000119f6 blx 0x207c | r0 = fcn_0000207c ();
0x000119fa ldr r3, [r0] | r3 = *(r0);
0x000119fc rsbs r3, r3, 0 | r3 -= ;
0x000119fe str r3, [sp, 0x1c] | var_1ch = r3;
0x00011a00 b 0x119aa | goto label_0;
| label_4:
0x00011a02 blx 0x1ed8 | fcn_00001ed8 ();
0x00011a06 nop |
0x00011a08 str r4, [r5, 0x54] | *((r5 + 0x54)) = r4;
0x00011a0a movs r0, r0 |
0x00011a0c lsls r4, r4, 7 | r4 <<= 7;
0x00011a0e movs r0, r0 |
0x00011a10 str r2, [r6, 0x40] | *((r6 + 0x40)) = r2;
0x00011a12 movs r0, r0 |
0x00011a14 movs r0, r0 |
0x00011a16 movs r0, r0 |
| }
[*] Function fprintf used 2 times kmod
