[*] Binary protection state of nettle-hash
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of nettle-hash
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/bin/nettle-hash @ 0xd40 */
| #include <stdint.h>
|
; (fcn) fcn.00000d40 () | void fcn_00000d40 (int16_t arg_4000h, int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h_2;
| int16_t var_4h_3;
| int16_t var_10h_2;
| int16_t var_0h;
| int16_t var_4h_2;
| int16_t var_10h;
| int16_t var_10h_3;
| int16_t var_14h;
| int16_t var_18h;
| int16_t var_4000h;
| int16_t var_4h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x00000d40 mvnsmi lr, sp, lsr 18 | __asm ("mvnsmi lr, sp, lsr 18");
0x00000d44 mov r5, r2 | r5 = r2;
0x00000d46 ldr r2, [pc, 0x80] |
0x00000d48 sub.w sp, sp, 0x4000 |
0x00000d4c sub sp, 8 |
0x00000d4e mov r7, r1 | r7 = r1;
0x00000d50 ldr r3, [pc, 0x78] | r3 = *(0xdcc);
0x00000d52 add.w r1, sp, 0x4000 | r1 += arg_4000h;
0x00000d56 add r2, pc | r2 = 0x1b24;
0x00000d58 adds r1, 4 | r1 += 4;
0x00000d5a mov r8, r0 | r8 = r0;
0x00000d5c add r6, sp, 4 | r6 += var_4h;
0x00000d5e ldr r3, [r2, r3] |
0x00000d60 ldr r3, [r3] | r3 = *(0x1b24);
0x00000d62 str r3, [r1] | *(r1) = r3;
0x00000d64 mov.w r3, 0 | r3 = 0;
0x00000d68 b 0xd7e |
| while (r0 == 0) {
0x00000d6a mov r0, r7 | r0 = r7;
0x00000d6c ldr.w r3, [r8, 0x14] | r3 = *((r8 + 0x14));
0x00000d70 mov r2, r6 | r2 = r6;
0x00000d72 mov r1, r4 | r1 = r4;
0x00000d74 blx r3 | uint32_t (*r3)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00000d76 mov r0, r5 | r0 = r5;
0x00000d78 blx 0x928 | r0 = feof (r0);
| if (r0 != 0) {
0x00000d7c cbnz r0, 0xdbe | goto label_1;
| }
0x00000d7e mov r3, r5 | r3 = r5;
0x00000d80 mov.w r2, 0x4000 | r2 = 0x4000;
0x00000d84 movs r1, 1 | r1 = 1;
0x00000d86 mov r0, r6 | r0 = r6;
0x00000d88 blx 0x988 | r0 = fread (r0, r1, r2, r3);
0x00000d8c mov r4, r0 | r4 = r0;
0x00000d8e mov r0, r5 | r0 = r5;
0x00000d90 blx 0x994 | r0 = ferror (r0);
0x00000d94 cmp r0, 0 |
0x00000d96 beq 0xd6a |
| }
0x00000d98 movs r0, 0 | r0 = 0;
| do {
0x00000d9a ldr r2, [pc, 0x34] |
0x00000d9c add.w r1, sp, 0x4000 | r1 += arg_4000h;
0x00000da0 ldr r3, [pc, 0x28] | r3 = *(0xdcc);
0x00000da2 adds r1, 4 | r1 += 4;
0x00000da4 add r2, pc | r2 = 0x1b7a;
0x00000da6 ldr r3, [r2, r3] | r3 = *(0x1b7a);
0x00000da8 ldr r2, [r3] | r2 = *(0x1b7a);
0x00000daa ldr r3, [r1] | r3 = *(r1);
0x00000dac eors r2, r3 | r2 ^= r3;
0x00000dae mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00000db2 bne 0xdc2 | goto label_2;
| }
0x00000db4 add.w sp, sp, 0x4000 |
0x00000db8 add sp, 8 |
0x00000dba pop.w {r4, r5, r6, r7, r8, pc} |
| label_1:
0x00000dbe movs r0, 1 | r0 = 1;
0x00000dc0 b 0xd9a |
| } while (1);
| label_2:
0x00000dc2 blx 0x964 | stack_chk_fail ();
0x00000dc6 nop |
0x00000dc8 movs r2, 0xa | r2 = 0xa;
0x00000dca movs r0, r0 |
0x00000dcc lsls r0, r0, 2 | r0 <<= 2;
0x00000dce movs r0, r0 |
0x00000dd0 movs r1, 0xbc | r1 = 0xbc;
0x00000dd2 movs r0, r0 |
0x00000dd4 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00000dd8 mov r7, r2 | r7 = r2;
0x00000dda ldr r2, [pc, 0x100] |
0x00000ddc mov r4, r3 | r4 = r3;
0x00000dde sub sp, 0x1c |
0x00000de0 mov r8, r0 | r8 = r0;
0x00000de2 ldr r3, [pc, 0xfc] | r3 = *(0xee2);
0x00000de4 mov r5, r1 | r5 = r1;
0x00000de6 add r2, pc | r2 = 0x1cc8;
0x00000de8 ldr.w sl, [pc, 0xf8] | sl = *(0x00000ee4);
0x00000dec ldr r0, [r0, 4] | r0 = *((r0 + 4));
0x00000dee ldr r3, [r2, r3] |
0x00000df0 add sl, pc | sl += pc;
0x00000df2 ldr r3, [r3] | r3 = *(0x1cc8);
0x00000df4 str r3, [sp, 0x14] | var_14h = r3;
0x00000df6 mov.w r3, 0 | r3 = 0;
0x00000dfa bl 0xfb8 | fcn_00000fb8 ();
0x00000dfe ldr.w r3, [r8, 0x10] | r3 = *((r8 + 0x10));
0x00000e02 mov r6, r0 | r6 = r0;
0x00000e04 blx r3 | uint32_t (*r3)(uint32_t) (r3);
0x00000e06 mov r2, r4 | r2 = r4;
0x00000e08 mov r1, r6 | r1 = r6;
0x00000e0a mov r0, r8 | r0 = r8;
0x00000e0c bl 0xd40 | r0 = fcn_00000d40 (r0, r1, r2, r3);
0x00000e10 cmp r0, 0 |
| if (r0 == 0) {
0x00000e12 beq 0xecc | goto label_3;
| }
0x00000e14 mov r0, r5 | r0 = r5;
0x00000e16 bl 0xfb8 | fcn_00000fb8 ();
0x00000e1a ldr.w r3, [r8, 0x18] | r3 = *((r8 + 0x18));
0x00000e1e mov r2, r0 | r2 = r0;
0x00000e20 mov sb, r0 | sb = r0;
0x00000e22 mov r1, r5 | r1 = r5;
0x00000e24 mov r0, r6 | r0 = r6;
0x00000e26 blx r3 | uint32_t (*r3)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00000e28 mov r0, r6 | r0 = r6;
0x00000e2a blx 0x8f8 | free (r0);
0x00000e2e cmp r7, 0 |
| if (r7 != 0) {
0x00000e30 bne 0xeb8 | goto label_4;
| }
0x00000e32 cmp r5, 8 |
0x00000e34 itt ls |
| if (r5 > 8) {
0x00000e36 movls r2, sb | r2 = sb;
| }
| if (r5 > 8) {
0x00000e38 movls r6, sp | r6 = sp;
| }
| if (r5 < 8) {
0x00000e3a bls 0xe70 | goto label_5;
| }
0x00000e3c ldr.w fp, [pc, 0xa8] |
0x00000e40 movs r4, 8 | r4 = 8;
0x00000e42 sub.w sl, sb, 8 | sl = sb - 8;
0x00000e46 mov r6, sp | r6 = sp;
0x00000e48 add fp, pc | fp = 0x1d34;
| do {
0x00000e4a add.w r2, sl, r4 | r2 = sl + r4;
0x00000e4e movs r1, 8 | r1 = 8;
0x00000e50 mov r0, r6 | r0 = r6;
0x00000e52 blx 0x8c8 | nettle_base16_encode_update ();
0x00000e56 mov r2, r6 | r2 = r6;
0x00000e58 mov r1, fp | r1 = fp;
0x00000e5a movs r0, 1 | r0 = 1;
0x00000e5c strb.w r7, [sp, 0x10] | var_10h_3 = r7;
0x00000e60 blx 0x8e0 | printf_chk ();
0x00000e64 mov r2, r4 | r2 = r4;
0x00000e66 adds r4, 8 | r4 += 8;
0x00000e68 cmp r4, r5 |
0x00000e6a blo 0xe4a |
| } while (r4 <= r5);
0x00000e6c subs r5, r5, r2 | r5 -= r2;
0x00000e6e add r2, sb | r2 += sb;
| label_5:
0x00000e70 mov r1, r5 | r1 = r5;
0x00000e72 mov r0, r6 | r0 = r6;
0x00000e74 blx 0x8c8 | nettle_base16_encode_update ();
0x00000e78 add r3, sp, 0x18 | r3 += var_18h;
0x00000e7a movs r1, 0 | r1 = 0;
0x00000e7c add.w r5, r3, r5, lsl 1 | r5 = r3 + (r5 << 1);
0x00000e80 mov r2, r6 | r2 = r6;
0x00000e82 ldr.w r3, [r8] | r3 = *(r8);
0x00000e86 movs r0, 1 | r0 = 1;
0x00000e88 strb r1, [r5, -0x18] | *((r5 - 0x18)) = r1;
0x00000e8c ldr r1, [pc, 0x5c] |
0x00000e8e add r1, pc | r1 = 0x1d7e;
0x00000e90 blx 0x8e0 | printf_chk ();
| do {
0x00000e94 mov r0, sb | r0 = sb;
0x00000e96 movs r4, 1 | r4 = 1;
0x00000e98 blx 0x8f8 | free (r0);
| label_0:
0x00000e9c ldr r2, [pc, 0x50] |
0x00000e9e ldr r3, [pc, 0x40] | r3 = *(0xee2);
0x00000ea0 add r2, pc | r2 = 0x1d94;
0x00000ea2 ldr r3, [r2, r3] | r3 = *(0x1d94);
0x00000ea4 ldr r2, [r3] | r2 = *(0x1d94);
0x00000ea6 ldr r3, [sp, 0x14] | r3 = var_14h;
0x00000ea8 eors r2, r3 | r2 ^= r3;
0x00000eaa mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00000eae bne 0xed6 | goto label_6;
| }
0x00000eb0 mov r0, r4 | r0 = r4;
0x00000eb2 add sp, 0x1c |
0x00000eb4 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_4:
0x00000eb8 ldr r3, [pc, 0x38] |
0x00000eba movs r2, 1 | r2 = 1;
0x00000ebc mov r1, r5 | r1 = r5;
0x00000ebe mov r0, sb | r0 = sb;
0x00000ec0 ldr.w r3, [sl, r3] | r3 = *((sl + r3));
0x00000ec4 ldr r3, [r3] | r3 = *(0xef4);
0x00000ec6 blx 0x94c | fwrite (r0, r1, r2, r3);
0x00000eca b 0xe94 |
| } while (1);
| label_3:
0x00000ecc mov r4, r0 | r4 = r0;
0x00000ece mov r0, r6 | r0 = r6;
0x00000ed0 blx 0x8f8 | free (r0);
0x00000ed4 b 0xe9c | goto label_0;
| label_6:
0x00000ed6 blx 0x964 | stack_chk_fail ();
0x00000eda nop |
0x00000edc movs r1, 0x7a | r1 = 0x7a;
0x00000ede movs r0, r0 |
0x00000ee0 lsls r0, r0, 2 | r0 <<= 2;
0x00000ee2 movs r0, r0 |
0x00000ee4 movs r1, 0x70 | r1 = 0x70;
0x00000ee6 movs r0, r0 |
0x00000ee8 lsls r0, r0, 9 | r0 <<= 9;
0x00000eea movs r0, r0 |
0x00000eec lsls r6, r7, 7 | r6 = r7 << 7;
0x00000eee movs r0, r0 |
0x00000ef0 movs r0, 0xc0 | r0 = 0xc0;
0x00000ef2 movs r0, r0 |
0x00000ef4 lsls r0, r1, 2 | r0 = r1 << 2;
0x00000ef6 movs r0, r0 |
0x00000ef8 push {r0, r1, r2, r3} |
0x00000efa push {lr} |
0x00000efc sub sp, 0xc |
0x00000efe add r3, sp, 0x10 | r3 += var_10h;
0x00000f00 ldr.w lr, [pc, 0x34] |
0x00000f04 ldr.w ip, [pc, 0x34] |
0x00000f08 ldr r1, [pc, 0x34] |
0x00000f0a add lr, pc | lr += pc;
0x00000f0c ldr r2, [r3], 4 | r2 = *(r3);
| r3 += 4;
0x00000f10 ldr.w ip, [lr, ip] | ip = *((lr + ip));
0x00000f14 ldr r0, [pc, 0x2c] | r0 = *(0xf44);
0x00000f16 add r1, pc | r1 = 0x1e5a;
0x00000f18 ldr.w ip, [ip] | ip = *(0xf3c);
0x00000f1c str.w ip, [sp, 4] | __asm ("str.w ip, [var_4h_2]");
0x00000f20 mov.w ip, 0 |
0x00000f24 str r3, [sp] | *(sp) = r3;
0x00000f26 ldr r0, [r1, r0] |
0x00000f28 movs r1, 1 | r1 = 1;
0x00000f2a ldr r0, [r0] | r0 = *(0x1e5a);
0x00000f2c blx 0x940 | vfprintf_chk ()
0x00000f30 movs r0, 1 | r0 = 1;
0x00000f32 blx 0x9ac | exit (r0);
0x00000f36 nop |
0x00000f38 movs r0, 0x56 | r0 = 0x56;
0x00000f3a movs r0, r0 |
0x00000f3c lsls r0, r0, 2 | r0 <<= 2;
0x00000f3e movs r0, r0 |
0x00000f40 movs r0, 0x4a | r0 = 0x4a;
0x00000f42 movs r0, r0 |
0x00000f44 lsls r4, r1, 2 | r4 = r1 << 2;
0x00000f46 movs r0, r0 |
0x00000f48 push {r0, r1, r2, r3} |
0x00000f4a push {lr} |
0x00000f4c sub sp, 0xc |
0x00000f4e add r3, sp, 0x10 | r3 += var_10h_2;
0x00000f50 ldr.w lr, [pc, 0x50] |
0x00000f54 ldr.w ip, [pc, 0x50] |
0x00000f58 ldr r1, [pc, 0x50] |
0x00000f5a add lr, pc | lr += pc;
0x00000f5c ldr r2, [r3], 4 | r2 = *(r3);
| r3 += 4;
0x00000f60 ldr.w ip, [lr, ip] | ip = *((lr + ip));
0x00000f64 ldr r0, [pc, 0x48] | r0 = *(0xfb0);
0x00000f66 add r1, pc | r1 = 0x1f16;
0x00000f68 ldr.w ip, [ip] | ip = *(0xfa8);
0x00000f6c str.w ip, [sp, 4] | __asm ("str.w ip, [var_4h_3]");
0x00000f70 mov.w ip, 0 |
0x00000f74 str r3, [sp] | *(sp) = r3;
0x00000f76 ldr r0, [r1, r0] |
0x00000f78 movs r1, 1 | r1 = 1;
0x00000f7a ldr r0, [r0] | r0 = *(0x1f16);
0x00000f7c blx 0x940 | vfprintf_chk ()
0x00000f80 ldr r2, [pc, 0x30] |
0x00000f82 ldr r3, [pc, 0x24] | r3 = *(0xfaa);
0x00000f84 add r2, pc | r2 = 0x1f3c;
0x00000f86 ldr r3, [r2, r3] | r3 = *(0x1f3c);
0x00000f88 ldr r2, [r3] | r2 = *(0x1f3c);
0x00000f8a ldr r3, [sp, 4] | r3 = var_4h_3;
0x00000f8c eors r2, r3 | r2 ^= r3;
0x00000f8e mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x00000f92 bne 0xf9e |
0x00000f94 add sp, 0xc |
0x00000f96 ldr lr, [sp], 4 |
0x00000f9a add sp, 0x10 |
0x00000f9c bx lr | return;
| }
0x00000f9e blx 0x964 | stack_chk_fail ();
0x00000fa2 nop |
0x00000fa4 movs r0, 6 | r0 = 6;
0x00000fa6 movs r0, r0 |
0x00000fa8 lsls r0, r0, 2 | r0 <<= 2;
0x00000faa movs r0, r0 |
0x00000fac subs r2, r7, 7 | r2 = r7 - 7;
0x00000fae movs r0, r0 |
0x00000fb0 lsls r4, r1, 2 | r4 = r1 << 2;
0x00000fb2 movs r0, r0 |
0x00000fb4 subs r4, r3, 7 | r4 = r3 - 7;
0x00000fb6 movs r0, r0 |
| }
[*] Function fprintf used 3 times nettle-hash
