[*] Binary protection state of mod_http2.so
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of mod_http2.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/apache2/modules/mod_http2.so @ 0x1212c */
| #include <stdint.h>
|
; (fcn) fcn.0001212c () | void fcn_0001212c (int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_34h;
| int16_t var_60h;
| int16_t var_68h;
| int16_t var_6ch;
| int32_t var_10h;
| int32_t var_10h_2;
| int16_t var_18h;
| int16_t var_1ch;
| int16_t var_20h;
| int16_t var_24h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| if (? >= ?) {
0x0001212c ldrbmi lr, [r0, sp, lsr 18]! |
| }
0x00012130 mov r8, r0 | r8 = r0;
0x00012132 ldr r5, [pc, 0x134] |
0x00012134 mov r4, r2 | r4 = r2;
0x00012136 sub sp, 0x28 |
0x00012138 movs r3, 0 | r3 = 0;
0x0001213a ldr.w r0, [r2, 0x130] | r0 = *((r2 + 0x130));
0x0001213e ldr r2, [pc, 0x12c] | r2 = *(0x1226e);
0x00012140 add r5, pc | r5 = 0x243ae;
0x00012142 ldr r2, [r5, r2] |
0x00012144 mov r5, r1 | r5 = r1;
0x00012146 ldr r2, [r2] | r2 = *(0x243ae);
0x00012148 str r2, [sp, 0x24] | var_24h = r2;
0x0001214a mov.w r2, 0 | r2 = 0;
0x0001214e str.w r3, [r8] | __asm ("str.w r3, [r8]");
0x00012152 cmp r0, 0 |
| if (r0 == 0) {
0x00012154 beq 0x12228 | goto label_2;
| }
| label_1:
0x00012156 mov r1, r0 | r1 = r0;
0x00012158 mov r0, r5 | r0 = r5;
0x0001215a blx 0x4d08 | loc_imp_apr_thread_join ();
0x0001215c vldr d22, [r6, 0x84] | __asm ("vldr d22, [r6, 0x84]");
0x00012160 mov r7, r0 | r7 = r0;
0x00012162 mov r0, r5 | r0 = r5;
0x00012164 blx 0x4d08 | loc_imp_apr_thread_join ();
0x00012168 movs r2, 1 | r2 = 1;
0x0001216a mov r6, r0 | r6 = r0;
0x0001216c add.w r1, r4, 0x130 | r1 = r4 + 0x130;
0x00012170 mov r0, r5 | r0 = r5;
0x00012172 blx 0x46b4 | loc_imp_apr_uri_unparse ();
0x00012176 ldr r3, [r4, 0x4c] | r3 = *((r4 + 0x4c));
0x00012178 mov sl, r0 | sl = r0;
0x0001217a cmp r7, 0 |
0x0001217c it ne |
| if (r7 != 0) {
0x0001217e cmpne r3, 0 | __asm ("cmpne r3, 0");
| }
| if (r7 == 0) {
0x00012180 beq 0x1220c | goto label_3;
| }
0x00012182 ldr r3, [r4, 0x30] | r3 = *((r4 + 0x30));
0x00012184 cmp r0, 0 |
0x00012186 it ne |
| if (r0 != 0) {
0x00012188 cmpne r3, 0 | __asm ("cmpne r3, 0");
| }
| if (r0 == 0) {
0x0001218a beq 0x1220c | goto label_3;
| }
0x0001218c movs r1, 0x3a | r1 = 0x3a;
0x0001218e mov r0, r6 | r0 = r6;
0x00012190 blx 0x5298 | r0 = fcn_00005298 ();
0x00012194 cmp r0, 0 |
| if (r0 == 0) {
0x00012196 beq 0x12210 | goto label_4;
| }
| label_0:
0x00012198 movs r1, 0x30 | r1 = 0x30;
0x0001219a mov r0, r5 | r0 = r5;
0x0001219c blx 0x4c6c | loc_imp_apr_thread_mutex_create ();
0x000121a0 movs r2, 0x30 | r2 = 0x30;
0x000121a2 movs r1, 0 | r1 = 0;
0x000121a4 blx 0x4aa0 | fcn_00004aa0 ();
0x000121a8 ldr r1, [r4, 0x4c] | r1 = *((r4 + 0x4c));
0x000121aa mov sb, r0 | sb = r0;
0x000121ac mov r0, r5 | r0 = r5;
0x000121ae blx 0x4d08 | loc_imp_apr_thread_join ();
0x000121b2 strd r6, sl, [sp, 0x10] | __asm ("strd r6, sl, [var_10h]");
0x000121b6 movs r1, 0xa | r1 = 0xa;
0x000121b8 strd r0, r7, [sp, 8] | __asm ("strd r0, r7, [var_6ch]");
0x000121bc mov r0, r5 | r0 = r5;
0x000121be vldr d16, [sp, 8] | __asm ("vldr d16, [sp, 8]");
0x000121c2 vldr d17, [sp, 0x10] | __asm ("vldr d17, [sp, 0x10]");
0x000121c6 vst1.64 {d16, d17}, [sb:0x40] | __asm ("vst1.64 {d16, d17}, [sb:0x40]");
0x000121ca blx 0x4a70 | fcn_00004a70 ();
0x000121ce ldr.w r2, [r4, 0xb0] | r2 = *((r4 + 0xb0));
0x000121d2 movs r3, 0 | r3 = 0;
0x000121d4 str.w r0, [sb, 0x10] | __asm ("str.w r0, [sb, 0x10]");
0x000121d8 add r1, sp, 0x18 | r1 += var_18h;
0x000121da str r0, [sp, 0x18] | var_18h = r0;
0x000121dc ldr r0, [pc, 0x90] |
0x000121de str.w r3, [sb, 0x28] | __asm ("str.w r3, [sb, 0x28]");
0x000121e2 str r5, [sp, 0x1c] | var_1ch = r5;
0x000121e4 add r0, pc | r0 = 0x24458;
0x000121e6 str r3, [sp, 0x20] | var_20h = r3;
0x000121e8 blx 0x4ef4 | loc_imp_apr_hash_set ();
0x000121ec ldr r0, [sp, 0x20] | r0 = var_20h;
0x000121ee str.w sb, [r8] | __asm ("str.w sb, [r8]");
| do {
0x000121f2 ldr r2, [pc, 0x80] |
0x000121f4 ldr r3, [pc, 0x74] | r3 = *(0x1226c);
0x000121f6 add r2, pc | r2 = 0x24470;
0x000121f8 ldr r3, [r2, r3] | r3 = *(0x24470);
0x000121fa ldr r2, [r3] | r2 = *(0x24470);
0x000121fc ldr r3, [sp, 0x24] | r3 = var_24h;
0x000121fe eors r2, r3 | r2 ^= r3;
0x00012200 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00012204 bne 0x12262 | goto label_5;
| }
0x00012206 add sp, 0x28 |
0x00012208 pop.w {r4, r5, r6, r7, r8, sb, sl, pc} |
| label_3:
0x0001220c movs r0, 0x16 | r0 = 0x16;
0x0001220e b 0x121f2 |
| } while (1);
| label_4:
0x00012210 ldr.w r3, [r4, 0x144] | r3 = *((r4 + 0x144));
| if (r3 != 0) {
0x00012214 cbz r3, 0x12230 |
0x00012216 ldr r2, [pc, 0x60] |
0x00012218 mov r1, r6 | r1 = r6;
0x0001221a str r0, [sp] | *(sp) = r0;
0x0001221c mov r0, r5 | r0 = r5;
0x0001221e add r2, pc | r2 = 0x2449c;
0x00012220 blx 0x472c | r0 = loc_imp_apr_pstrcat ()
0x00012224 mov r6, r0 | r6 = r0;
0x00012226 b 0x12198 | goto label_0;
| label_2:
0x00012228 mov r0, r4 | r0 = r4;
0x0001222a blx 0x4df8 | loc_imp_apr_atomic_read32 ();
0x0001222e b 0x12156 | goto label_1;
| }
0x00012230 ldr.w r3, [r4, 0x140] | r3 = *((r4 + 0x140));
0x00012234 cmp r3, 0 |
| if (r3 != 0) {
0x00012236 bne 0x12198 | goto label_0;
| }
0x00012238 ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x0001223a cmp r3, 0 |
| if (r3 == 0) {
0x0001223c beq 0x12198 | goto label_0;
| }
0x0001223e ldrh r3, [r3, 0x2a] | r3 = *((r3 + 0x2a));
0x00012240 cmp r3, 0 |
| if (r3 == 0) {
0x00012242 beq 0x12198 | goto label_0;
| }
0x00012244 mov r0, r7 | r0 = r7;
0x00012246 blx 0x4e04 | strstr (r0, r1);
0x0001224a ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x0001224c ldrh r3, [r3, 0x2a] | r3 = *((r3 + 0x2a));
0x0001224e cmp r3, r0 |
| if (r3 == r0) {
0x00012250 beq 0x12198 | goto label_0;
| }
0x00012252 ldr r1, [pc, 0x28] |
0x00012254 mov r2, r6 | r2 = r6;
0x00012256 mov r0, r5 | r0 = r5;
0x00012258 add r1, pc | r1 = 0x244da;
0x0001225a blx 0x49f8 | r0 = fcn_000049f8 ();
0x0001225e mov r6, r0 | r6 = r0;
0x00012260 b 0x12198 | goto label_0;
| label_5:
0x00012262 blx 0x4d80 | loc_imp_apr_file_read ();
0x00012266 nop |
0x00012268 ldrh r4, [r0, r0] | r4 = *((r0 + r0));
0x0001226a movs r1, r0 | r1 = r0;
0x0001226c lsls r4, r6, 0x10 | r4 = r6 << 0x10;
0x0001226e movs r0, r0 |
0x00012270 mcr2 p15, 4, pc, c5, c15, 7 | __asm ("mcr2 p15, 4, pc, c5, c15, 7");
0x00012274 ldr r6, [r1, r5] | r6 = *((r1 + r5));
0x00012276 movs r1, r0 | r1 = r0;
0x00012278 lsrs r2, r5, 0xd | r2 = r5 >> 0xd;
0x0001227a movs r1, r0 | r1 = r0;
0x0001227c lsrs r4, r6, 0xc | r4 = r6 >> 0xc;
0x0001227e movs r1, r0 | r1 = r0;
| }
[*] Function strcat used 2 times mod_http2.so
