[*] Binary protection state of libstatuscache.so.1.1.0
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of libstatuscache.so.1.1.0
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libstatuscache.so.1.1.0 @ 0x1280 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) sym.sc_set_group () | void sc_set_group (int16_t arg_4h, int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h;
| int16_t var_4h_4;
| int16_t var_8h_2;
| int16_t var_ch_5;
| int16_t var_10h;
| int16_t var_14h_3;
| int16_t var_18h;
| int16_t var_1ch_2;
| int16_t var_24h;
| int16_t var_26h;
| int16_t var_2ch;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x00001280 svcmi 0xf0e92d | __asm ("svcmi 0xf0e92d");
0x00001284 sub sp, 0x34 |
0x00001286 str r2, [sp] | *(sp) = r2;
0x00001288 ldr r2, [pc, 0x2c0] |
0x0000128a ldr r3, [pc, 0x2c4] | r3 = *(0x1552);
0x0000128c add r2, pc | r2 = 0x27dc;
0x0000128e ldr r3, [r2, r3] |
0x00001290 ldr r3, [r3] | r3 = *(0x27dc);
0x00001292 str r3, [sp, 0x2c] | var_2ch = r3;
0x00001294 mov.w r3, 0 | r3 = 0;
| if (r0 == 0) {
0x00001298 cbz r0, 0x12e4 | goto label_7;
| }
0x0000129a mov r6, r1 | r6 = r1;
0x0000129c mov r8, r0 | r8 = r0;
0x0000129e blx 0x930 | strlen (r0);
0x000012a2 clz r3, r6 | r3 &= r6;
0x000012a6 subs r0, 1 | r0--;
0x000012a8 lsrs r3, r3, 5 | r3 >>= 5;
0x000012aa cmp r0, 0x1e |
0x000012ac it hi |
| if (r0 <= 0x1e) {
0x000012ae orrhi r3, r3, 1 | r3 |= 1;
| }
| if (r3 != 0) {
0x000012b2 cbnz r3, 0x12e4 | goto label_7;
| }
0x000012b4 ldr r4, [r6] | r4 = *(r6);
| if (r4 == 0) {
0x000012b6 cbz r4, 0x12e4 | goto label_7;
| }
0x000012b8 mov r7, r6 | r7 = r6;
0x000012ba add.w r5, r6, 0xc8 | r5 = r6 + 0xc8;
0x000012be b 0x12d0 |
| while (r3 != 0) {
0x000012c0 ldr r3, [r4, 4] | r3 = *((r4 + 4));
0x000012c2 cmp r3, 0 |
| if (r3 <= 0) {
0x000012c4 ble 0x12e4 | goto label_7;
| }
0x000012c6 ldr r4, [r7, 4]! | r4 = *((r7 += 4));
| if (r4 == 0) {
0x000012ca cbz r4, 0x130e | goto label_8;
| }
0x000012cc cmp r7, r5 |
| if (r7 == r5) {
0x000012ce beq 0x12e4 | goto label_7;
| }
0x000012d0 ldr r0, [r4] | r0 = *(r4);
| if (r0 == 0) {
0x000012d2 cbz r0, 0x12e4 | goto label_7;
| }
0x000012d4 blx 0x930 | strlen (r0);
0x000012d8 subs r0, 1 | r0--;
0x000012da cmp r0, 0x1e |
| if (r0 > 0x1e) {
0x000012dc bhi 0x12e4 | goto label_7;
| }
0x000012de ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x000012e0 cmp r3, 0 |
0x000012e2 bne 0x12c0 |
| }
| label_7:
0x000012e4 blx 0x93c | errno_location ();
0x000012e8 movs r3, 0x16 | r3 = 0x16;
0x000012ea str r3, [r0] | *(r0) = r3;
| do {
| label_0:
0x000012ec mov.w fp, -1 |
| label_3:
0x000012f0 ldr r2, [pc, 0x260] |
0x000012f2 ldr r3, [pc, 0x25c] | r3 = *(0x1552);
0x000012f4 add r2, pc | r2 = 0x284c;
0x000012f6 ldr r3, [r2, r3] | r3 = *(0x284c);
0x000012f8 ldr r2, [r3] | r2 = *(0x284c);
0x000012fa ldr r3, [sp, 0x2c] | r3 = var_2ch;
0x000012fc eors r2, r3 | r2 ^= r3;
0x000012fe mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00001302 bne.w 0x1548 | goto label_9;
| }
0x00001306 mov r0, fp | r0 = fp;
0x00001308 add sp, 0x34 |
0x0000130a pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_8:
0x0000130e ldr r3, [sp] | r3 = *(sp);
0x00001310 and sb, r3, 1 | sb = r3 & 1;
0x00001314 mov r0, sb | r0 = sb;
0x00001316 bl 0xee0 | r0 = fcn_00000ee0 (r0);
0x0000131a cmp r0, 0 |
0x0000131c blt 0x12ec |
| } while (r0 < 0);
0x0000131e ldr r3, [pc, 0x238] |
0x00001320 add r3, pc | r3 = 0x287e;
0x00001322 ldr r5, [r3] | r5 = *(0x287e);
0x00001324 add.w fp, r5, 4 |
0x00001328 add.w sl, r5, 0x194 | sl = r5 + 0x194;
0x0000132c b 0x1330 |
| while (fp != sl) {
0x0000132e mov r4, r3 | r4 = r3;
0x00001330 ldr r1, [fp, 4]! | r1 = *(arg_4h);
| if (r1 == 0) {
0x00001334 cbz r1, 0x1346 | goto label_10;
| }
0x00001336 add r1, r5 | r1 += r5;
0x00001338 mov r0, r8 | r0 = r8;
0x0000133a blx 0x87c | strcmp (r0, r1);
0x0000133e adds r3, r4, 1 | r3 = r4 + 1;
| if (r0 == 0) {
0x00001340 cbz r0, 0x1370 | goto label_11;
| }
0x00001342 cmp fp, sl |
0x00001344 bne 0x132e |
| }
| label_10:
0x00001346 blx 0x93c | errno_location ();
0x0000134a movs r2, 0x3d | r2 = 0x3d;
0x0000134c movs r1, 0 | r1 = 0;
0x0000134e movs r3, 1 | r3 = 1;
0x00001350 str r2, [r0] | *(r0) = r2;
0x00001352 movt r3, 0x1000 | r3 = (r3 & 0xFFFF) | 0x10000000;
0x00001356 mov r4, r0 | r4 = r0;
0x00001358 movs r2, 1 | r2 = 1;
0x0000135a ldr r0, [r5, 4] | r0 = *((r5 + 4));
0x0000135c strh.w r1, [sp, 0x24] | var_24h = r1;
0x00001360 add r1, sp, 0x24 | r1 += var_24h;
0x00001362 str.w r3, [sp, 0x26] | __asm ("str.w r3, [var_26h]");
0x00001366 blx 0x8dc | semop ();
0x0000136a movs r3, 2 | r3 = 2;
0x0000136c str r3, [r4] | *(r4) = r3;
0x0000136e b 0x12ec | goto label_0;
| label_11:
0x00001370 mov r8, r3 | r8 = r3;
0x00001372 str r3, [sp, 0x18] | var_18h = r3;
0x00001374 add.w sl, sp, 0x24 | sl += var_24h;
0x00001378 movs r3, 1 |
0x0000137a movt r3, 0x1000 | r3 = 0x10000001;
0x0000137e mov r1, sl | r1 = sl;
0x00001380 movs r2, 1 | r2 = 1;
0x00001382 strh.w r0, [sp, 0x24] | var_24h = r0;
0x00001386 mov r7, r0 | r7 = r0;
0x00001388 ldr r0, [r5, 4] | r0 = *((r5 + 4));
0x0000138a str.w r3, [sp, 0x26] | __asm ("str.w r3, [var_26h]");
0x0000138e blx 0x8dc | semop ();
0x00001392 movs r1, 1 | r1 = 1;
0x00001394 mov r3, sb | r3 = sb;
0x00001396 mov r2, r8 | r2 = r8;
0x00001398 mov r0, r1 | r0 = r1;
0x0000139a bl 0xdf8 | r0 = fcn_00000df8 (r0, r1, r2, r3);
0x0000139e cmp r0, 0 |
| if (r0 < 0) {
0x000013a0 blt.w 0x1536 | goto label_12;
| }
0x000013a4 ldr r3, [sp] | r3 = *(sp);
0x000013a6 add.w lr, r5, r4, lsl 3 | lr = r5 + (r4 << 3);
0x000013aa ldr.w r8, [r6] | r8 = *(r6);
0x000013ae and r3, r3, 2 | r3 &= 2;
0x000013b2 str r3, [sp, 8] | var_8h_2 = r3;
0x000013b4 ldr.w r3, [lr, 0x19c] | r3 = *((lr + 0x19c));
0x000013b8 adds r3, r5, r3 | r3 = r5 + r3;
0x000013ba str r3, [sp, 4] | *(arg_4h) = r3;
0x000013bc cmp.w r8, 0 |
| if (r8 == 0) {
0x000013c0 beq.w 0x1532 | goto label_13;
| }
0x000013c4 mov fp, r7 |
0x000013c6 subs r3, 4 | r3 -= 4;
0x000013c8 str r3, [sp] | *(sp) = r3;
0x000013ca str.w lr, [sp, 0xc] | __asm ("str.w lr, [var_ch_5]");
0x000013ce str.w sl, [sp, 0x1c] | __asm ("str.w sl, [var_1ch_2]");
| label_2:
0x000013d2 ldr.w r7, [r8] | r7 = *(r8);
0x000013d6 movs r4, 0 | r4 = 0;
0x000013d8 ldr.w sb, [sp] | sb = *(sp);
0x000013dc b 0x13f2 |
| while (r7 != 0) {
0x000013de cmp r1, 0 |
| if (r1 == 0) {
0x000013e0 beq 0x1464 | goto label_14;
| }
0x000013e2 add r1, r5 | r1 += r5;
0x000013e4 mov r0, r7 | r0 = r7;
0x000013e6 blx 0x87c | r0 = strcmp (r0, r1);
| if (r0 == 0) {
0x000013ea cbz r0, 0x13fe | goto label_15;
| }
| label_1:
0x000013ec adds r4, 1 | r4++;
0x000013ee cmp r4, 0x32 |
| if (r4 == 0x32) {
0x000013f0 beq 0x1464 | goto label_14;
| }
0x000013f2 ldr r1, [sb, 4]! | r1 = *((sb += 4));
0x000013f6 cmp r7, 0 |
0x000013f8 bne 0x13de |
| }
0x000013fa cmp r1, 0 |
| if (r1 != 0) {
0x000013fc bne 0x13ec | goto label_1;
| }
| label_15:
0x000013fe lsl.w r8, r4, 4 | r8 = r4 << 4;
| label_4:
0x00001402 ldr r3, [sp, 4] | r3 = *(arg_4h);
0x00001404 add r8, r3 | r8 += r3;
0x00001406 ldr r3, [r6] | r3 = *(r6);
0x00001408 ldr.w r1, [r8, 0xcc] | r1 = *((r8 + 0xcc));
0x0000140c ldr r2, [r3, 4] | r2 = *((r3 + 4));
0x0000140e cmp r2, r1 |
0x00001410 itt hi |
| if (r2 <= r1) {
0x00001412 movhi r2, -1 | r2 = -1;
| }
| if (r2 > r1) {
0x00001416 str r2, [r3, 4] | *((r3 + 4)) = r2;
| }
| if (r2 <= r1) {
0x00001418 bhi 0x143a |
0x0000141a ldr.w r0, [r8, 0xd4] | r0 = *((r8 + 0xd4));
0x0000141e ldr r1, [r3, 8] | r1 = *((r3 + 8));
0x00001420 add r0, r5 | r0 += r5;
0x00001422 blx 0x8a0 | memcpy (r0, r1, r2);
0x00001426 ldr r3, [r6] | r3 = *(r6);
0x00001428 ldr r2, [r3, 0xc] | r2 = *((r3 + 0xc));
0x0000142a ldr r3, [r3, 4] | r3 = *((r3 + 4));
0x0000142c str.w r3, [r8, 0xd0] | __asm ("str.w r3, [r8, 0xd0]");
| if (r2 != 0) {
0x00001430 cbz r2, 0x1436 |
0x00001432 str.w r2, [r8, 0xc8] | __asm ("str.w r2, [r8, 0xc8]");
| }
0x00001436 add.w fp, fp, 1 |
| }
| label_5:
0x0000143a ldr r8, [r6, 4]! | r8 = *((r6 += 4));
0x0000143e cmp.w r8, 0 |
| if (r8 != 0) {
0x00001442 bne 0x13d2 | goto label_2;
| }
0x00001444 ldr.w sl, [sp, 0x1c] | sl = var_1ch_2;
| label_6:
0x00001448 ldr r2, [sp, 0x18] | r2 = var_18h;
0x0000144a movs r3, 5 | r3 = 5;
0x0000144c ldr r0, [r5, 4] | r0 = *((r5 + 4));
0x0000144e movt r3, 0x1000 | r3 = (r3 & 0xFFFF) | 0x10000000;
0x00001452 mov r1, sl | r1 = sl;
0x00001454 str.w r3, [sp, 0x26] | __asm ("str.w r3, [var_26h]");
0x00001458 strh.w r2, [sp, 0x24] | var_24h = r2;
0x0000145c movs r2, 1 | r2 = 1;
0x0000145e blx 0x8dc | semop ();
0x00001462 b 0x12f0 | goto label_3;
| label_14:
0x00001464 blx 0x93c | errno_location ();
0x00001468 movs r3, 0x3d | r3 = 0x3d;
0x0000146a mov sb, r0 | sb = r0;
0x0000146c str r3, [r0] | *(r0) = r3;
0x0000146e ldr r3, [sp, 8] | r3 = var_8h_2;
0x00001470 cmp r3, 0 |
| if (r3 == 0) {
0x00001472 beq 0x1514 | goto label_16;
| }
0x00001474 ldr r3, [sp, 0xc] | r3 = var_ch_5;
0x00001476 movs r4, 0 | r4 = 0;
0x00001478 ldr.w sl, [r8, 4] | sl = *((r8 + 4));
0x0000147c ldr.w r8, [r3, 0x19c] | r8 = *((r3 + 0x19c));
0x00001480 add.w r1, r5, r8 | r1 = r5 + r8;
0x00001484 subs r3, r1, 4 | r3 = r1 - 4;
0x00001486 b 0x148e |
| while (r2 != 0) {
0x00001488 adds r4, 1 | r4++;
0x0000148a cmp r4, 0x32 |
| if (r4 == 0x32) {
0x0000148c beq 0x150e | goto label_17;
| }
0x0000148e ldr r2, [r3, 4]! | r2 = *((r3 += 4));
0x00001492 cmp r2, 0 |
0x00001494 bne 0x1488 |
| }
0x00001496 cmp r4, 0 |
| if (r4 != 0) {
0x00001498 bne 0x151e | goto label_18;
| }
0x0000149a add.w r2, r8, 0x3e8 | r2 = r8 + 0x3e8;
0x0000149e str.w r2, [r5, r8] | __asm ("str.w r2, [r5, r8]");
| do {
0x000014a2 mov r0, r7 | r0 = r7;
0x000014a4 strd r2, r1, [sp, 0x10] | __asm ("strd r2, r1, [sp, 0x10]");
0x000014a8 blx 0x930 | strlen (r0);
0x000014ac ldr r2, [sp, 0x10] | r2 = var_10h;
0x000014ae add.w ip, sl, 3 |
0x000014b2 ldr r1, [sp, 0xc] | r1 = var_ch_5;
0x000014b4 bic ip, ip, 3 | ip = BIT_MASK (ip, 3);
0x000014b8 adds r3, r2, r0 | r3 = r2 + r0;
0x000014ba sub.w r0, ip, r8 | r0 = ip - r8;
0x000014be ldr.w lr, [r1, 0x198] |
0x000014c2 adds r3, 4 | r3 += 4;
0x000014c4 ldr r1, [sp, 0x14] | r1 = var_14h_3;
0x000014c6 bic r3, r3, 3 | r3 = BIT_MASK (r3, 3);
0x000014ca lsl.w r8, r4, 4 | r8 = r4 << 4;
0x000014ce add r0, r3 | r0 += r3;
0x000014d0 cmp r0, lr |
0x000014d2 add.w sl, r1, r8 | sl = r1 + r8;
0x000014d6 str.w r3, [sl, 0xd4] | __asm ("str.w r3, [sl, 0xd4]");
0x000014da mov.w r3, 0 | r3 = 0;
0x000014de str.w ip, [sl, 0xcc] | __asm ("str.w ip, [sl, 0xcc]");
0x000014e2 str.w r3, [sl, 0xd0] | __asm ("str.w r3, [sl, 0xd0]");
| if (r0 <= lr) {
0x000014e6 bhi 0x1502 |
0x000014e8 mov r1, r7 | r1 = r7;
0x000014ea adds r0, r5, r2 | r0 = r5 + r2;
0x000014ec blx 0x8e8 | strcpy (r0, r1)
0x000014f0 ldr.w r0, [sl, 0xd4] | r0 = *((sl + 0xd4));
0x000014f4 movs r1, 0 | r1 = 0;
0x000014f6 ldr.w r2, [sl, 0xcc] | r2 = *((sl + 0xcc));
0x000014fa add r0, r5 | r0 += r5;
0x000014fc blx 0x96c | memset (r0, r1, r2);
0x00001500 b 0x1402 | goto label_4;
| }
0x00001502 str.w r3, [r1, r4, lsl 2] | __asm ("str.w r3, [r1, r4, lsl 2]");
0x00001506 str.w r3, [sl, 0xd4] | __asm ("str.w r3, [sl, 0xd4]");
0x0000150a str.w r3, [sl, 0xcc] | __asm ("str.w r3, [sl, 0xcc]");
| label_17:
0x0000150e movs r3, 0x1c | r3 = 0x1c;
0x00001510 str.w r3, [sb] | __asm ("str.w r3, [sb]");
| label_16:
0x00001514 ldr r3, [r6] | r3 = *(r6);
0x00001516 mov.w r2, -1 | r2 = -1;
0x0000151a str r2, [r3, 4] | *((r3 + 4)) = r2;
0x0000151c b 0x143a | goto label_5;
| label_18:
0x0000151e add.w r3, r1, r4, lsl 4 | r3 = r1 + (r4 << 4);
0x00001522 ldr.w r2, [r3, 0xc4] | r2 = *((r3 + 0xc4));
0x00001526 ldr.w r3, [r3, 0xbc] | r3 = *((r3 + 0xbc));
0x0000152a add r2, r3 | r2 += r3;
0x0000152c str.w r2, [r1, r4, lsl 2] | __asm ("str.w r2, [r1, r4, lsl 2]");
0x00001530 b 0x14a2 |
| } while (1);
| label_13:
0x00001532 mov fp, r8 |
0x00001534 b 0x1448 | goto label_6;
| label_12:
0x00001536 cmp.w sb, 0 |
| if (sb == 0) {
0x0000153a beq.w 0x12ec | goto label_0;
| }
0x0000153e blx 0x93c | errno_location ();
0x00001542 movs r3, 0xb | r3 = 0xb;
0x00001544 str r3, [r0] | *(r0) = r3;
0x00001546 b 0x12ec | goto label_0;
| label_9:
0x00001548 blx 0x8c4 | stack_chk_fail ();
0x0000154c adds r0, r4, 3 | r0 = r4 + 3;
0x0000154e movs r0, r0 |
0x00001550 lsls r4, r0, 2 | r4 = r0 << 2;
0x00001552 movs r0, r0 |
0x00001554 adds r0, r7, 1 | r0 = r7 + 1;
0x00001556 movs r0, r0 |
0x00001558 adds r4, r4, 3 | r4 += 3;
0x0000155a movs r0, r0 |
| }
[*] Function strcpy used 2 times libstatuscache.so.1.1.0
