[*] Binary protection state of scsi_id
Full RELRO Canary found NX enabled PIE enabled RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of scsi_id
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/udev/scsi_id @ 0x29f4 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.000029f4 () | void fcn_000029f4 (int16_t arg1, int16_t arg2) {
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_10h_2;
| int32_t var_20h;
| int32_t var_20h_2;
| void * s;
| int16_t var_84h;
| int16_t var_0h_2;
| int32_t var_20h_3;
| int16_t var_17ch;
| r0 = arg1;
| r1 = arg2;
0x000029f4 ldr r2, [pc, 0x14c] |
0x000029f6 ldr r3, [pc, 0x150] | r3 = *(0x2b4a);
0x000029f8 push {r4, r5, r6, r7, lr} |
0x000029fa mov r5, r1 | r5 = r1;
0x000029fc add r2, pc | r2 = 0x5544;
0x000029fe mov.w r1, 0x800 | r1 = 0x800;
0x00002a02 sub sp, 0x184 |
0x00002a04 mov r4, r0 | r4 = r0;
0x00002a06 ldr r3, [r2, r3] |
0x00002a08 movt r1, 8 | r1 = (r1 & 0xFFFF) | 0x80000;
0x00002a0c mov r0, r5 | r0 = r5;
0x00002a0e ldr r3, [r3] | r3 = imp.__stack_chk_guard;
0x00002a10 str r3, [sp, 0x17c] | var_17ch = r3;
0x00002a12 mov.w r3, 0 | r3 = 0;
0x00002a16 blx 0xe90 | r0 = open64 ();
0x00002a1a subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 < r0) {
0x00002a1c blt 0x2ae6 | goto label_2;
| }
0x00002a1e add r7, sp, 0x10 | r7 += var_10h_2;
0x00002a20 mov r1, r7 | r1 = r7;
0x00002a22 blx 0xf8c | r0 = fstat64 ();
0x00002a26 cmp r0, 0 |
| if (r0 < 0) {
0x00002a28 blt 0x2ada | goto label_3;
| }
0x00002a2a ldrd ip, lr, [r7, 0x20] | __asm ("ldrd ip, lr, [var_20h]");
0x00002a2e movs r2, 0x40 | r2 = 0x40;
0x00002a30 ldr r3, [pc, 0x118] |
0x00002a32 movs r1, 1 | r1 = 1;
0x00002a34 add r7, sp, 0x7c | r7 += s;
0x00002a36 bic r5, lr, 0xff0 | r5 = BIT_MASK (lr, 0xff0);
0x00002a3a lsr.w r0, ip, 0xc | r0 = ip >> 0xc;
0x00002a3e bic r5, r5, 0xf | r5 = BIT_MASK (r5, 0xf);
0x00002a42 add r3, pc | r3 = 0x5592;
0x00002a44 orr.w r0, r0, lr, lsl 20 | r0 |= (lr << 20);
0x00002a48 uxtb.w lr, ip | lr = (int8_t) ip;
0x00002a4c bic r0, r0, 0xff | r0 = BIT_MASK (r0, 0xff);
0x00002a50 ubfx ip, ip, 8, 0xc | ip = (ip >> 8) & ((1 << 0xc) - 1);
0x00002a54 orr.w r0, r0, lr | r0 |= lr;
0x00002a58 orr.w r5, r5, ip | r5 |= ip;
0x00002a5c str r0, [sp, 4] | var_4h = r0;
0x00002a5e add.w r0, r4, 0x1f | r0 = r4 + 0x1f;
0x00002a62 str r5, [sp] | *(sp) = r5;
0x00002a64 blx 0xfa4 | sprintf_chk ()
0x00002a68 movs r2, 0xfe | r2 = 0xfe;
0x00002a6a movs r1, 0 | r1 = 0;
0x00002a6c mov r0, r7 | r0 = r7;
0x00002a6e blx 0xe30 | memset (r0, r1, r2);
0x00002a72 movs r3, 0 | r3 = 0;
0x00002a74 mov r1, r6 | r1 = r6;
0x00002a76 mov r2, r3 | r2 = r3;
0x00002a78 mov r0, r4 | r0 = r4;
0x00002a7a str r7, [sp] | *(sp) = r7;
0x00002a7c bl 0x2208 | r0 = fcn_00002208 (r0, r1, r2, r3, r4);
0x00002a80 subs r5, r0, 0 | r5 = r0 - 0;
| if (r5 < r0) {
0x00002a82 blt 0x2aba | goto label_4;
| }
0x00002a84 add r3, sp, 0x84 | r3 += var_84h;
0x00002a86 ldr r2, [r7, 0x20] | r2 = var_20h_3;
0x00002a88 ldm r3!, {r0, r1} | r0 = *(r3!);
| r1 = *((r3! + 4));
0x00002a8a movs r5, 0 | r5 = 0;
0x00002a8c strb r5, [r4, 8] | *((r4 + 8)) = r5;
0x00002a8e str.w r2, [r4, 0x1a] | __asm ("str.w r2, [r4, 0x1a]");
0x00002a92 mov ip, r3 |
0x00002a94 ldrb r3, [r7] | r3 = *(r7);
0x00002a96 str r0, [r4] | *(r4) = r0;
0x00002a98 str r1, [r4, 4] | *((r4 + 4)) = r1;
0x00002a9a and r3, r3, 0x1f | r3 &= 0x1f;
0x00002a9e strb r5, [r4, 0x19] | *((r4 + 0x19)) = r5;
0x00002aa0 str.w r3, [r4, 0x260] | __asm ("str.w r3, [r4, 0x260]");
0x00002aa4 ldm.w ip!, {r0, r1, r2, r3} | r0 = *(ip!);
| r1 = *((ip! + 4));
| r2 = *((ip! + 8));
| r3 = *((ip! + 12));
0x00002aa8 strb r5, [r4, 0x1e] | *((r4 + 0x1e)) = r5;
0x00002aaa str.w r0, [r4, 9] | __asm ("str.w r0, [r4, 9]");
0x00002aae str.w r1, [r4, 0xd] | __asm ("str.w r1, [r4, 0xd]");
0x00002ab2 str.w r2, [r4, 0x11] | __asm ("str.w r2, [r4, 0x11]");
0x00002ab6 str.w r3, [r4, 0x15] | __asm ("str.w r3, [r4, 0x15]");
| do {
| label_4:
0x00002aba mov r0, r6 | r0 = r6;
0x00002abc blx 0xe54 | close (r0);
| label_0:
0x00002ac0 ldr r2, [pc, 0x8c] |
0x00002ac2 ldr r3, [pc, 0x84] | r3 = *(0x2b4a);
0x00002ac4 add r2, pc | r2 = 0x5618;
0x00002ac6 ldr r3, [r2, r3] | r3 = *(0x5618);
0x00002ac8 ldr r2, [r3] | r2 = *(0x5618);
0x00002aca ldr r3, [sp, 0x17c] | r3 = var_17ch;
0x00002acc eors r2, r3 | r2 ^= r3;
0x00002ace mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00002ad2 bne 0x2b3e | goto label_5;
| }
0x00002ad4 mov r0, r5 | r0 = r5;
0x00002ad6 add sp, 0x184 |
0x00002ad8 pop {r4, r5, r6, r7, pc} |
| label_3:
0x00002ada blx 0xe0c | r0 = log_get_max_level ();
0x00002ade cmp r0, 6 |
| if (r0 > 6) {
0x00002ae0 bgt 0x2af2 | goto label_6;
| }
| label_1:
0x00002ae2 movs r5, 2 | r5 = 2;
0x00002ae4 b 0x2aba |
| } while (1);
| label_2:
0x00002ae6 blx 0xe0c | r0 = log_get_max_level ();
0x00002aea cmp r0, 6 |
0x00002aec bgt 0x2b18 |
| while (1) {
0x00002aee movs r5, 1 | r5 = 1;
0x00002af0 b 0x2ac0 | goto label_0;
| label_6:
0x00002af2 blx 0xf5c | errno_location ();
0x00002af6 ldr r2, [pc, 0x5c] |
0x00002af8 ldr r1, [r0] | r1 = *(r0);
0x00002afa ldr r3, [pc, 0x5c] |
0x00002afc ldr r0, [pc, 0x5c] |
0x00002afe add r2, pc | r2 = 0x5658;
0x00002b00 adds r2, 7 | r2 += 7;
0x00002b02 str r5, [sp, 8] | var_8h = r5;
0x00002b04 add r3, pc | r3 = 0x5662;
0x00002b06 add r0, pc | r0 = 0x5666;
0x00002b08 str r3, [sp, 4] | var_4h = r3;
0x00002b0a str r0, [sp] | *(sp) = r0;
0x00002b0c movw r3, 0x2f5 | r3 = 0x2f5;
0x00002b10 movs r0, 7 | r0 = 7;
0x00002b12 blx 0xe9c | log_internal ();
0x00002b16 b 0x2ae2 | goto label_1;
0x00002b18 blx 0xf5c | errno_location ();
0x00002b1c ldr r2, [pc, 0x40] |
0x00002b1e ldr r1, [r0] | r1 = *(r0);
0x00002b20 ldr r3, [pc, 0x40] |
0x00002b22 ldr r0, [pc, 0x44] |
0x00002b24 add r2, pc | r2 = 0x5688;
0x00002b26 adds r2, 7 | r2 += 7;
0x00002b28 str r5, [sp, 8] | var_8h = r5;
0x00002b2a add r3, pc | r3 = 0x5692;
0x00002b2c add r0, pc | r0 = 0x569a;
0x00002b2e str r3, [sp, 4] | var_4h = r3;
0x00002b30 str r0, [sp] | *(sp) = r0;
0x00002b32 mov.w r3, 0x2f0 | r3 = 0x2f0;
0x00002b36 movs r0, 7 | r0 = 7;
0x00002b38 blx 0xe9c | log_internal ();
0x00002b3c b 0x2aee |
| }
| label_5:
0x00002b3e blx 0xeb4 | stack_chk_fail ();
0x00002b42 nop |
0x00002b44 movs r4, 0xf8 | r4 = 0xf8;
0x00002b46 movs r0, r0 |
0x00002b48 lsls r4, r4, 3 | r4 <<= 3;
0x00002b4a movs r0, r0 |
0x00002b4c lsrs r6, r2, 0x19 | r6 = r2 >> 0x19;
0x00002b4e movs r0, r0 |
0x00002b50 movs r4, 0x30 | r4 = 0x30;
0x00002b52 movs r0, r0 |
0x00002b54 lsrs r6, r7, 0xa | r6 = r7 >> 0xa;
0x00002b56 movs r0, r0 |
0x00002b58 lsrs r0, r7, 0x15 | r0 = r7 >> 0x15;
0x00002b5a movs r0, r0 |
0x00002b5c lsrs r6, r7, 0x1b | r6 = r7 >> 0x1b;
0x00002b5e movs r0, r0 |
0x00002b60 lsrs r0, r3, 0xa | r0 = r3 >> 0xa;
0x00002b62 movs r0, r0 |
0x00002b64 lsrs r6, r6, 0x14 | r6 >>= 0x14;
0x00002b66 movs r0, r0 |
0x00002b68 lsrs r0, r3, 0x1b | r0 = r3 >> 0x1b;
0x00002b6a movs r0, r0 |
| }
[*] Function sprintf used 2 times scsi_id