[*] Binary protection state of sar
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of sar
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/bin/sar @ 0xfd20 */
| #include <stdint.h>
|
; (fcn) fcn.0000fd20 () | void fcn_0000fd20 (int16_t arg1) {
| int32_t var_0h;
| int32_t var_0h_2;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_1ch;
| int16_t var_4h;
| r0 = arg1;
0x0000fd20 push {r1, r2, r3} |
0x0000fd22 mov.w r3, 0x400 | r3 = 0x400;
0x0000fd26 ldr r1, [pc, 0x74] |
0x0000fd28 ldr.w ip, [pc, 0x74] |
0x0000fd2c add r1, pc | r1 = 0x1face;
0x0000fd2e push {r4, r5, lr} |
0x0000fd30 mov r5, r0 | r5 = r0;
0x0000fd32 add.w r0, r1, 0x410 | r0 = r1 + 0x410;
0x0000fd36 sub sp, 0x10 |
0x0000fd38 add ip, pc | ip = 0x1fadc;
0x0000fd3a ldr r1, [pc, 0x68] | r1 = *(0xfda6);
0x0000fd3c add r2, sp, 0x1c | r2 += var_1ch;
0x0000fd3e ldr r4, [r2], 4 | r4 = *(r2);
| r2 += 4;
0x0000fd42 ldr.w r1, [ip, r1] |
0x0000fd46 ldr r1, [r1] | r1 = *(0x1fadc);
0x0000fd48 str r1, [sp, 0xc] | var_ch = r1;
0x0000fd4a mov.w r1, 0 | r1 = 0;
0x0000fd4e strd r4, r2, [sp] | __asm ("strd r4, r2, [sp]");
0x0000fd52 str r2, [sp, 8] | var_8h = r2;
0x0000fd54 mov r1, r3 | r1 = r3;
0x0000fd56 movs r2, 1 | r2 = 1;
0x0000fd58 blx 0x16e4 | vsnprintf_chk ()
0x0000fd5c cmp r5, 0 |
| if (r5 <= 0) {
0x0000fd5e ble 0xfd6e | goto label_0;
| }
0x0000fd60 movs r4, 0 | r4 = 0;
| do {
0x0000fd62 movs r0, 9 | r0 = 9;
0x0000fd64 adds r4, 1 | r4++;
0x0000fd66 blx 0x18c8 | fcn_000018c8 ();
0x0000fd68 ldc p2, c4, [r0, 0x294]! | __asm ("ldc p2, c4, [r0, 0x294]!");
0x0000fd6c bne 0xfd62 |
| } while (r4 != 1);
| label_0:
0x0000fd6e ldr r0, [pc, 0x38] |
0x0000fd70 add r0, pc |
0x0000fd72 add.w r0, r0, 0x410 | r0 = 0x1ff2e;
0x0000fd76 blx 0x17d8 | fcn_000017d8 ();
0x0000fd7a ldr r2, [pc, 0x30] |
0x0000fd7c ldr r3, [pc, 0x24] | r3 = *(0xfda4);
0x0000fd7e add r2, pc | r2 = 0x1fb30;
0x0000fd80 ldr r3, [r2, r3] | r3 = *(0x1fb30);
0x0000fd82 ldr r2, [r3] | r2 = *(0x1fb30);
0x0000fd84 ldr r3, [sp, 0xc] | r3 = var_ch;
0x0000fd86 eors r2, r3 | r2 ^= r3;
0x0000fd88 mov.w r3, 0 | r3 = 0;
0x0000fd8a lsls r0, r0, 0xc | r0 <<= 0xc;
| if (r0 == r0) {
0x0000fd8c bne 0xfd98 |
0x0000fd8e add sp, 0x10 |
0x0000fd90 pop.w {r4, r5, lr} |
0x0000fd94 add sp, 0xc |
0x0000fd96 bx lr | return;
| }
0x0000fd98 blx 0x172c | stack_chk_fail ();
0x0000fd9c strh r0, [r4, 0x32] | *((r4 + 0x32)) = r0;
0x0000fd9e movs r0, r0 |
0x0000fda0 str r0, [r7, 0x10] | *((r7 + 0x10)) = r0;
0x0000fda2 movs r0, r0 |
0x0000fda4 lsls r0, r2, 5 | r0 = r2 << 5;
0x0000fda6 movs r0, r0 |
0x0000fda8 strh r4, [r3, 0x30] | *((r3 + 0x30)) = r4;
0x0000fdaa movs r0, r0 |
0x0000fdac str r2, [r6, 0xc] | *((r6 + 0xc)) = r2;
0x0000fdae movs r0, r0 |
| }
[*] Function printf used 2 times sar
