[*] Binary protection state of libteec.so.1.0.0
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of libteec.so.1.0.0
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libteec.so.1.0.0 @ 0x1128 */
| #include <stdint.h>
|
; (fcn) sym.TEEC_AllocateSharedMemory () | void TEEC_AllocateSharedMemory (uint32_t arg2, uint32_t fd) {
| int16_t var_0h_3;
| int16_t var_14h;
| int16_t var_18h;
| int16_t var_24h;
| int16_t var_2ch;
| int16_t var_34h;
| r1 = arg2;
| r0 = fd;
0x00001128 stmdbhs r0, {r0, r2, r6, sb, fp, lr} | __asm ("stmdbhs r0, {r0, r2, r6, sb, fp, lr}");
0x0000112c it ne |
| if (? != ?) {
0x0000112e cmpne r0, 0 | __asm ("cmpne var_0h_3");
| }
0x00001130 ldr r3, [pc, 0x110] |
0x00001132 push.w {r4, r5, r6, r7, r8, lr} |
0x00001136 sub sp, 0x38 |
0x00001138 add r2, pc | r2 += pc;
0x0000113a ite eq |
| if (? != ?) {
0x0000113c moveq r8, 1 | r8 = 1;
| }
| if (? != ?) {
0x00001140 mov.w r8, 0 | r8 = 0;
| }
0x00001144 ldr r3, [r2, r3] | r3 = *((r2 + r3));
0x00001146 ldr r3, [r3] | r3 = *(0x1244);
0x00001148 str r3, [sp, 0x34] | var_34h = r3;
0x0000114a mov.w r3, 0 | r3 = 0;
| if (? == ?) {
0x0000114e beq 0x1218 | goto label_2;
| }
0x00001150 ldr r3, [r1, 8] | r3 = *((r1 + 8));
0x00001152 mov r4, r1 | r4 = r1;
0x00001154 subs r3, 1 | r3--;
0x00001156 cmp r3, 2 |
| if (r3 > 2) {
0x00001158 bhi 0x1218 | goto label_2;
| }
0x0000115a ldr r7, [r1, 4] | r7 = *((r1 + 4));
0x0000115c mov r5, r0 | r5 = r0;
0x0000115e ldrb r6, [r0, 4] | r6 = *((r0 + 4));
0x00001160 cmp r7, 0 |
0x00001162 it eq |
| if (r7 != 0) {
0x00001164 moveq r7, 8 | r7 = 8;
| }
0x00001166 cmp r6, 0 |
| if (r6 != 0) {
0x00001168 bne 0x11d8 | goto label_3;
| }
0x0000116a movw r1, 0xa401 |
0x0000116e ldr r0, [r0] | r0 = *(r0);
0x00001170 add r2, sp, 0x18 | r2 += var_18h;
0x00001172 movt r1, 0xc010 | r1 = 0xc010a401;
0x00001176 strd r6, r6, [sp, 0x20] | __asm ("strd r6, r6, [sp, 0x20]");
0x0000117a strd r7, r6, [sp, 0x18] | __asm ("strd r7, r6, [sp, 0x18]");
0x0000117e blx 0x9e0 | r0 = ioctl (r0, r1);
0x00001182 subs r5, r0, 0 | r5 = r0 - 0;
| if (r5 < r0) {
0x00001184 blt 0x1224 | goto label_1;
| }
0x00001186 ldr r3, [sp, 0x24] | r3 = var_24h;
0x00001188 movs r2, 3 | r2 = 3;
0x0000118a vmov.i32 d16, 0 | __asm ("vmov.i32 d16, 0");
0x0000118e mov r1, r7 | r1 = r7;
0x00001190 str r5, [sp] | *(sp) = r5;
0x00001192 mov r0, r6 | r0 = r6;
0x00001194 str r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
0x00001196 movs r3, 1 | r3 = 1;
0x00001198 vstr d16, [sp, 8] | __asm ("vstr d16, [sp, 8]");
0x0000119c blx 0x9bc | mmap64 ()
0x000011a0 str r0, [r4] | *(r4) = r0;
0x000011a2 mov r0, r5 | r0 = r5;
0x000011a4 blx 0xa80 | fcn_00000a80 ();
0x000011a8 ldr r3, [r4] | r3 = *(r4);
0x000011aa adds r2, r3, 1 | r2 = r3 + 1;
| if (r2 == r3) {
0x000011ac beq 0x122c | goto label_4;
| }
0x000011ae mov.w r3, -1 | r3 = -1;
| do {
0x000011b2 movs r0, 0 | r0 = 0;
0x000011b4 movs r2, 1 | r2 = 1;
0x000011b6 strd r0, r3, [r4, 0x14] | __asm ("strd r0, r3, [r4, 0x14]");
0x000011ba str r7, [r4, 0x10] | *((r4 + 0x10)) = r7;
0x000011bc strb r2, [r4, 0x1c] | *((r4 + 0x1c)) = r2;
| label_0:
0x000011be ldr r2, [pc, 0x88] |
0x000011c0 ldr r3, [pc, 0x80] | r3 = *(0x1244);
0x000011c2 add r2, pc | r2 = 0x2410;
0x000011c4 ldr r3, [r2, r3] | r3 = *(0x2410);
0x000011c6 ldr r2, [r3] | r2 = *(0x2410);
0x000011c8 ldr r3, [sp, 0x34] | r3 = var_34h;
0x000011ca eors r2, r3 | r2 ^= r3;
0x000011cc mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x000011d0 bne 0x123a | goto label_5;
| }
0x000011d2 add sp, 0x38 |
0x000011d4 pop.w {r4, r5, r6, r7, r8, pc} |
| label_3:
0x000011d8 movs r0, 0x1e | r0 = 0x1e;
0x000011da blx 0x9d4 | sysconf ();
0x000011de mov r2, r7 | r2 = r7;
0x000011e0 mov r1, r0 | r1 = r0;
0x000011e2 add r0, sp, 0x14 | r0 += var_14h;
0x000011e4 blx 0xa28 | r0 = posix_memalign ();
0x000011e8 mov r6, r0 | r6 = r0;
| if (r0 != 0) {
0x000011ea cbnz r0, 0x1220 | goto label_6;
| }
0x000011ec ldr r3, [sp, 0x14] | r3 = var_14h;
0x000011ee str r3, [r4] | *(r4) = r3;
| if (r3 == 0) {
0x000011f0 cbz r3, 0x1224 | goto label_1;
| }
0x000011f2 movw r1, 0xa409 |
0x000011f6 ldr r0, [r5] | r0 = *(r5);
0x000011f8 add r2, sp, 0x18 | r2 += var_18h;
0x000011fa movt r1, 0xc018 | r1 = 0xc018a409;
0x000011fe str r3, [sp, 0x18] | var_18h = r3;
0x00001200 strd r6, r6, [sp, 0x28] | __asm ("strd r6, r6, [sp, 0x28]");
0x00001204 strd r6, r7, [sp, 0x1c] | __asm ("strd r6, r7, [sp, 0x1c]");
0x00001208 str r6, [sp, 0x24] | var_24h = r6;
0x0000120a blx 0x9e0 | r0 = ioctl (r0, r1);
0x0000120e subs r3, r0, 0 | r3 = r0 - 0;
| if (r3 < r0) {
0x00001210 blt 0x1230 | goto label_7;
| }
0x00001212 ldr r2, [sp, 0x2c] | r2 = var_2ch;
0x00001214 str r2, [r4, 0xc] | *((r4 + 0xc)) = r2;
0x00001216 b 0x11b2 |
| } while (1);
| label_2:
0x00001218 movs r0, 6 |
0x0000121a movt r0, 0xffff | r0 = 0x-fffa;
0x0000121e b 0x11be | goto label_0;
| label_6:
0x00001220 str.w r8, [r4] | __asm ("str.w r8, [r4]");
| do {
| label_1:
0x00001224 movs r0, 0xc |
0x00001226 movt r0, 0xffff | r0 = 0x-fff4;
0x0000122a b 0x11be | goto label_0;
| label_4:
0x0000122c str r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
0x0000122e b 0x1224 |
| } while (1);
| label_7:
0x00001230 ldr r0, [r4] | r0 = *(r4);
0x00001232 blx 0x98c | free (r0);
0x00001236 str r6, [r4] | *(r4) = r6;
0x00001238 b 0x1224 | goto label_1;
| label_5:
0x0000123a blx 0x9c8 | stack_chk_fail ();
0x0000123e nop |
0x00001240 subs r0, r7, 0 | r0 = r7 - 0;
0x00001242 movs r0, r0 |
0x00001244 lsls r4, r7, 1 | r4 = r7 << 1;
0x00001246 movs r0, r0 |
0x00001248 adds r6, r5, 6 | r6 = r5 + 6;
0x0000124a movs r0, r0 |
| }
[*] Function mmap used 2 times libteec.so.1.0.0
