[*] Binary protection state of dcore
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of dcore
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/bin/dcore @ 0x1da0 */
| #include <stdint.h>
|
; (fcn) fcn.00001da0 () | void fcn_00001da0 (int16_t arg_40h, int16_t arg_44h, char * arg1) {
| int16_t var_0h;
| char * ptr;
| int16_t var_10h;
| int16_t var_14h;
| r0 = arg1;
0x00001da0 svcmi 0xf0e92d | __asm ("svcmi aav.0x000000ff");
0x00001da4 movs r1, 0 | r1 = 0;
0x00001da6 ldr r4, [pc, 0xac] |
0x00001da8 sub sp, 0x1c |
0x00001daa mov r8, r1 | r8 = r1;
0x00001dac ldr r5, [pc, 0xa8] |
0x00001dae add r4, pc | r4 = 0x3c08;
0x00001db0 str r1, [sp] | *(sp) = r1;
0x00001db2 ldr r6, [sp, 0x44] | r6 = *(arg_44h);
0x00001db4 ldr r7, [sp, 0x40] | r7 = *(arg_40h);
0x00001db6 add r5, pc | r5 = 0x3c12;
0x00001db8 str r0, [sp, 0xc] | ptr = r0;
0x00001dba blx 0xf94 | malloc (r0);
0x00001dbe str r4, [sp, 0x10] | var_10h = r4;
0x00001dc0 b 0x1dcc |
| while (r0 == -1) {
| label_0:
0x00001dc2 cmp.w sl, 0 |
0x00001dc6 it ne |
| if (sl != 0) {
0x00001dc8 cmpne r7, 0 | __asm ("cmpne r7, 0");
| }
| if (sl == 0) {
0x00001dca beq 0x1e32 | goto label_5;
| }
| label_2:
0x00001dcc cmp.w r7, 0x4000 |
0x00001dd0 mov r2, r7 | r2 = r7;
0x00001dd2 ldrd r0, r1, [sp, 0xc] | __asm ("ldrd r0, r1, [ptr]");
0x00001dd6 it hs |
| if (r7 < 0x4000) {
0x00001dd8 movhs r2, 0x4000 | r2 = 0x4000;
| }
0x00001ddc blx 0xee0 | r0 = write (r0, r1, r2);
0x00001de0 cmp.w r0, -1 |
0x00001de4 mov sl, r0 | sl = r0;
0x00001de6 beq 0x1dc2 |
| }
0x00001de8 cmp r0, 0 |
| if (r0 <= 0) {
0x00001dea ble 0x1dc2 | goto label_0;
| }
0x00001dec movs r4, 0 | r4 = 0;
0x00001dee str r7, [sp, 0x14] | var_14h = r7;
0x00001df0 mov sl, r4 | sl = r4;
0x00001df2 mov r7, r0 | r7 = r0;
| label_1:
0x00001df4 sub.w sb, r7, sl | sb = r7 - sl;
0x00001df8 mov.w fp, 0 |
0x00001dfc mov r4, sl | r4 = sl;
| do {
0x00001dfe sub.w r2, sb, fp | r2 = sb - fp;
0x00001e02 adds r1, r5, r4 | r1 = r5 + r4;
0x00001e04 mov r0, r6 | r0 = r6;
0x00001e06 blx 0xeec | r0 = asprintf_chk ()
0x00001e0a cmp r0, 0 |
0x00001e0c itt ge |
| if (r0 < 0) {
0x00001e0e addge fp, r0 |
| }
| if (r0 < 0) {
0x00001e10 addge r4, sl, fp | r4 = sl + fp;
| }
| if (r0 < 0) {
0x00001e14 blt 0x1e3a | goto label_6;
| }
| label_3:
0x00001e16 cmp sb, fp |
0x00001e18 bhi 0x1dfe |
| } while (sb > fp);
| label_4:
0x00001e1a cmp r4, r7 |
0x00001e1c mov sl, r4 | sl = r4;
| if (r4 < r7) {
0x00001e1e blt 0x1df4 | goto label_1;
| }
0x00001e20 mov sl, r7 | sl = r7;
0x00001e22 ldr r7, [sp, 0x14] | r7 = var_14h;
0x00001e24 add r8, r4 | r8 += r4;
0x00001e26 subs r7, r7, r4 | r7 -= r4;
0x00001e28 cmp.w sl, 0 |
0x00001e2c it ne |
| if (sl == 0) {
0x00001e2e cmpne r7, 0 | __asm ("cmpne r7, 0");
| goto label_7;
| }
| if (sl != 0) {
| label_7:
0x00001e30 bne 0x1dcc | goto label_2;
| }
| label_5:
0x00001e32 mov r0, r8 | r0 = r8;
0x00001e34 add sp, 0x1c |
0x00001e36 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_6:
0x00001e3a blx 0x1078 | r0 = cxa_finalize ();
0x00001e3e ldr r3, [r0] | r3 = *(r0);
0x00001e40 cmp r3, 4 |
| if (r3 == 4) {
0x00001e42 beq 0x1e16 | goto label_3;
| }
0x00001e44 cmp r3, 0xb |
| if (r3 == 0xb) {
0x00001e46 beq 0x1e1a | goto label_4;
| }
0x00001e48 mov r4, sl | r4 = sl;
0x00001e4a mov sl, r7 | sl = r7;
0x00001e4c ldr r7, [sp, 0x14] | r7 = var_14h;
0x00001e4e add r8, r4 | r8 += r4;
0x00001e50 subs r7, r7, r4 | r7 -= r4;
0x00001e52 b 0x1dc2 | goto label_0;
| }
[*] Function sprintf used 2 times dcore
