[*] Binary protection state of sexp-conv
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of sexp-conv
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/bin/sexp-conv @ 0x211c */
| #include <stdint.h>
|
; (fcn) fcn.0000211c () | void fcn_0000211c () {
| int16_t var_0h_2;
| int16_t var_4h_2;
| int16_t var_10h_2;
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_10h;
0x0000211c push {r0, r1, r2, r3} |
0x0000211e push {lr} |
0x00002120 sub sp, 0xc |
0x00002122 add r3, sp, 0x10 | r3 += var_10h;
0x00002124 ldr.w lr, [pc, 0x34] |
0x00002128 ldr.w ip, [pc, 0x34] | ip = *(0x2160);
0x0000212c ldr r1, [pc, 0x34] |
0x0000212e add lr, pc | lr = 0x428e;
0x00002130 ldr r2, [r3], 4 | r2 = *(r3);
| r3 += 4;
0x00002134 ldr.w ip, [lr, ip] |
0x00002138 ldr r0, [pc, 0x2c] | r0 = *(0x2168);
0x0000213a add r1, pc | r1 = 0x42a2;
0x0000213c ldr.w ip, [ip] | ip = *(0x428e);
0x00002140 str.w ip, [sp, 4] | __asm ("str.w ip, [var_4h]");
0x00002144 mov.w ip, 0 |
0x00002148 str r3, [sp] | *(sp) = r3;
0x0000214a ldr r0, [r1, r0] |
0x0000214c movs r1, 1 | r1 = 1;
0x0000214e ldr r0, [r0] | r0 = *(0x42a2);
0x00002150 blx 0xa70 | vfprintf_chk ()
0x00002154 movs r0, 1 | r0 = 1;
0x00002156 blx 0xb10 | fcn_00000b10 ();
0x0000215a nop |
0x0000215c cmp r6, 0x16 |
0x0000215e movs r0, r0 |
0x00002160 lsls r4, r2, 2 | r4 = r2 << 2;
0x00002162 movs r0, r0 |
0x00002164 cmp r6, 0xa |
0x00002166 movs r0, r0 |
0x00002168 lsls r0, r5, 2 | r0 = r5 << 2;
0x0000216a movs r0, r0 |
0x0000216c push {r0, r1, r2, r3} |
0x0000216e push {lr} |
0x00002170 sub sp, 0xc |
0x00002172 add r3, sp, 0x10 | r3 += var_10h_2;
0x00002174 ldr.w lr, [pc, 0x50] |
0x00002178 ldr.w ip, [pc, 0x50] | ip = *(0x21cc);
0x0000217c ldr r1, [pc, 0x50] |
0x0000217e add lr, pc | lr = 0x434a;
0x00002180 ldr r2, [r3], 4 | r2 = *(r3);
| r3 += 4;
0x00002184 ldr.w ip, [lr, ip] |
0x00002188 ldr r0, [pc, 0x48] | r0 = *(0x21d4);
0x0000218a add r1, pc | r1 = 0x435e;
0x0000218c ldr.w ip, [ip] | ip = *(0x434a);
0x00002190 str.w ip, [sp, 4] | __asm ("str.w ip, [var_4h_2]");
0x00002194 mov.w ip, 0 |
0x00002198 str r3, [sp] | *(sp) = r3;
0x0000219a ldr r0, [r1, r0] |
0x0000219c movs r1, 1 | r1 = 1;
0x0000219e ldr r0, [r0] | r0 = *(0x435e);
0x000021a0 blx 0xa70 | vfprintf_chk ()
0x000021a4 ldr r2, [pc, 0x30] |
0x000021a6 ldr r3, [pc, 0x24] | r3 = *(0x21ce);
0x000021a8 add r2, pc | r2 = 0x4384;
0x000021aa ldr r3, [r2, r3] | r3 = *(0x4384);
0x000021ac ldr r2, [r3] | r2 = *(0x4384);
0x000021ae ldr r3, [sp, 4] | r3 = var_4h_2;
0x000021b0 eors r2, r3 | r2 ^= r3;
0x000021b2 mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x000021b6 bne 0x21c2 |
0x000021b8 add sp, 0xc |
0x000021ba ldr lr, [sp], 4 |
0x000021be add sp, 0x10 |
0x000021c0 bx lr | return;
| }
0x000021c2 blx 0xaa0 | stack_chk_fail ();
0x000021c6 nop |
0x000021c8 cmp r5, 0xc6 |
0x000021ca movs r0, r0 |
0x000021cc lsls r4, r2, 2 | r4 = r2 << 2;
0x000021ce movs r0, r0 |
0x000021d0 cmp r5, 0xba |
0x000021d2 movs r0, r0 |
0x000021d4 lsls r0, r5, 2 | r0 = r5 << 2;
0x000021d6 movs r0, r0 |
0x000021d8 cmp r5, 0x9c |
0x000021da movs r0, r0 |
0x000021dc push {r3, lr} |
0x000021de blx 0xa94 | malloc (r0);
0x000021e2 ldr r3, [pc, 0x20] |
0x000021e4 add r3, pc | r3 = 0x43ee;
| if (r0 != 0) {
0x000021e6 cbz r0, 0x21ea |
0x000021e8 pop {r3, pc} |
| }
0x000021ea ldr.w ip, [pc, 0x1c] | ip = *(0x220a);
0x000021ee movs r2, 0x1a | r2 = 0x1a;
0x000021f0 ldr r0, [pc, 0x18] |
0x000021f2 movs r1, 1 | r1 = 1;
0x000021f4 ldr.w r3, [r3, ip] | r3 = *((r3 + ip));
0x000021f8 add r0, pc | r0 = 0x4408;
0x000021fa ldr r3, [r3] | r3 = *(r3);
0x000021fc blx 0xa88 | r0 = fwrite (r0, r1, r2, r3);
0x00002200 blx 0xa04 | abort ();
0x00002204 cmp r5, 0x60 |
0x00002206 movs r0, r0 |
0x00002208 lsls r0, r5, 2 | r0 = r5 << 2;
0x0000220a movs r0, r0 |
0x0000220c lsrs r4, r4, 0x1a | r4 >>= 0x1a;
0x0000220e movs r0, r0 |
| }
[*] Function fprintf used 3 times sexp-conv
