[*] Binary protection state of ssh-keygen
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of ssh-keygen
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/bin/ssh-keygen @ 0x21d8c */
| #include <stdint.h>
|
; (fcn) fcn.00021d8c () | void fcn_00021d8c (int16_t arg1, uint32_t arg2) {
| r0 = arg1;
| r1 = arg2;
| do {
0x00004918 bx pc | return void (*pc)() ();
0x00021d8c push.w {r4, r5, r6, r7, r8, lr} |
0x00021d90 sub sp, 8 |
0x00021d92 ldr r7, [pc, 0xec] |
0x00021d94 add r7, pc | r7 = 0x43c1a;
0x00021d96 cmp r1, 0 |
| if (r1 == 0) {
0x00021d98 beq 0x21e68 | goto label_1;
| }
0x00021d9a mov r8, r0 | r8 = r0;
0x00021d9c mov r5, r1 | r5 = r1;
0x00021d9e blx 0x4f1c | r0 = fcn_00004f1c ();
0x00021da2 mov r4, r0 | r4 = r0;
| if (r0 == 0) {
0x00021da4 cbz r0, 0x21de6 | goto label_2;
| }
0x00021da6 blx 0x4f1c | r0 = fcn_00004f1c ();
0x00021daa mov r6, r0 | r6 = r0;
| if (r0 == 0) {
0x00021dac cbz r0, 0x21de6 | goto label_2;
| }
0x00021dae mov r0, r8 | r0 = r8;
0x00021db0 blx 0x44d0 | fprintf_chk ()
0x00021db4 blx 0x4464 | r0 = DSA_SIG_free ();
0x00021db8 cmp.w r0, 0x196 |
| if (r0 == segment.PHDR) {
0x00021dbc beq 0x21e00 | goto label_3;
| }
0x00021dbe ldr r2, [pc, 0xc4] | r2 = *(0x21e86);
0x00021dc0 ldr r3, [pc, 0xc4] |
0x00021dc2 ldr r1, [r7, r2] | r1 = *((r7 + r2));
0x00021dc4 ldr r2, [pc, 0xc4] |
0x00021dc6 add r3, pc | r3 = 0x43c52;
0x00021dc8 adds r3, 0x10 | r3 += 0x10;
0x00021dca ldr r0, [r1] | r0 = *(r1);
0x00021dcc movs r1, 1 | r1 = 1;
0x00021dce add r2, pc | r2 = 0x43c5e;
0x00021dd0 blx 0x44e8 | ECDSA_do_sign ();
| label_0:
0x00021dd4 mov r0, r4 | r0 = r4;
0x00021dd6 blx 0x491c | fcn_0000491c ();
0x00021dda mov r0, r6 | r0 = r6;
0x00021ddc add sp, 8 |
0x00021dde pop.w {r4, r5, r6, r7, r8, lr} |
0x00021de2 b.w 0x4918 |
| } while (1);
| label_2:
0x00021de6 ldr r1, [pc, 0x9c] | r1 = *(0x21e86);
0x00021de8 movs r6, 0 | r6 = 0;
0x00021dea ldr r3, [pc, 0xa4] |
0x00021dec ldr r2, [pc, 0xa4] |
0x00021dee ldr r1, [r7, r1] | r1 = *((r7 + r1));
0x00021df0 add r3, pc | r3 = 0x43c86;
0x00021df2 add r2, pc | r2 = 0x43c8a;
0x00021df4 adds r3, 0x10 | r3 += 0x10;
0x00021df6 ldr r0, [r1] | r0 = *(0x21e86);
0x00021df8 movs r1, 1 | r1 = 1;
0x00021dfa blx 0x44e8 | ECDSA_do_sign ();
0x00021dfe b 0x21dd4 | goto label_0;
| label_3:
0x00021e00 movs r3, 0 | r3 = 0;
0x00021e02 mov r1, r5 | r1 = r5;
0x00021e04 str r3, [sp] | *(sp) = r3;
0x00021e06 mov r0, r8 | r0 = r8;
0x00021e08 mov r3, r6 | r3 = r6;
0x00021e0a mov r2, r4 | r2 = r4;
0x00021e0c blx 0x44dc | r0 = DSA_generate_key ();
0x00021e10 cmp r0, 1 |
0x00021e12 mov r5, r0 | r5 = r0;
| if (r0 != 1) {
0x00021e14 beq 0x21e2e |
0x00021e16 ldr r2, [pc, 0x6c] | r2 = *(0x21e86);
0x00021e18 ldr r3, [pc, 0x7c] |
0x00021e1a ldr r1, [r7, r2] | r1 = *((r7 + r2));
0x00021e1c ldr r2, [pc, 0x7c] |
0x00021e1e add r3, pc | r3 = 0x43cba;
0x00021e20 adds r3, 0x10 | r3 += 0x10;
0x00021e22 ldr r0, [r1] | r0 = *(r1);
0x00021e24 movs r1, 1 | r1 = 1;
0x00021e26 add r2, pc | r2 = 0x43cc6;
0x00021e28 blx 0x44e8 | ECDSA_do_sign ();
0x00021e2c b 0x21dd4 | goto label_0;
| }
0x00021e2e ldr r3, [pc, 0x54] | r3 = *(0x21e86);
0x00021e30 movs r2, 2 | r2 = 2;
0x00021e32 ldr r0, [pc, 0x6c] |
0x00021e34 mov r1, r5 | r1 = r5;
0x00021e36 ldr r7, [r7, r3] | r7 = *((r7 + r3));
0x00021e38 add r0, pc | r0 = 0x43cde;
0x00021e3a ldr r3, [r7] | r3 = *(r7);
0x00021e3c blx 0x4c0c | fcn_00004c0c ();
0x00021e40 mov r1, r4 | r1 = r4;
0x00021e42 ldr r0, [r7] | r0 = *(r7);
0x00021e44 blx 0x481c | fcn_0000481c ();
0x00021e48 ldr r0, [pc, 0x58] |
0x00021e4a mov r1, r5 | r1 = r5;
0x00021e4c ldr r3, [r7] | r3 = *(r7);
0x00021e4e movs r2, 3 | r2 = 3;
0x00021e50 add r0, pc | r0 = 0x43cf8;
0x00021e52 blx 0x4c0c | fcn_00004c0c ();
0x00021e56 mov r1, r6 | r1 = r6;
0x00021e58 ldr r0, [r7] | r0 = *(r7);
0x00021e5a blx 0x481c | fcn_0000481c ();
0x00021e5e ldr r1, [r7] | r1 = *(r7);
0x00021e60 movs r0, 0xa | r0 = 0xa;
0x00021e62 blx 0x4be4 | ASN1_OCTET_STRING_free ();
0x00021e66 b 0x21dd4 | goto label_0;
| label_1:
0x00021e68 ldr r3, [pc, 0x18] |
0x00021e6a movs r2, 0xd | r2 = 0xd;
0x00021e6c ldr r0, [pc, 0x38] |
0x00021e6e movs r1, 1 | r1 = 1;
0x00021e70 ldr r3, [r7, r3] | r3 = *((r7 + r3));
0x00021e72 add r0, pc | r0 = 0x43d1e;
0x00021e74 ldr r3, [r3] | r3 = *(0x21e84);
0x00021e76 add sp, 8 |
0x00021e78 pop.w {r4, r5, r6, r7, r8, lr} |
0x00021e7c b.w 0x4c08 | return void (*0x4c08)() ();
| }
[*] Function fprintf used 2 times ssh-keygen
