[*] Binary protection state of netd_migrate
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function popen tear down of netd_migrate
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/libexec/netd_migrate @ 0x4868 */
| #include <stdint.h>
|
; (fcn) fcn.00004868 () | void fcn_00004868 (int16_t arg2) {
| int16_t var_0h_2;
| int32_t var_0h_3;
| int16_t var_0h;
| r1 = arg2;
0x00004868 push {r4, lr} |
0x0000486a sub sp, 8 |
| if (r0 != 0) {
0x0000486c cbz r0, 0x4886 |
0x0000486e mov r4, r1 | r4 = r1;
| if (r1 != 0) {
0x00004870 cbz r1, 0x489e |
0x00004872 bl 0x41bc | r0 = fcn_000041bc (r0);
| if (r0 == 0) {
0x00004876 cbz r0, 0x48b8 | goto label_1;
| }
0x00004878 ldr r0, [r0, 4] | r0 = *((r0 + 4));
0x0000487a mov r1, r4 | r1 = r4;
0x0000487c add sp, 8 |
0x0000487e pop.w {r4, lr} |
0x00004882 b.w 0x6298 |
| } else {
0x00004886 ldr r1, [pc, 0x34] |
0x00004888 mov.w r2, 0x1cc | r2 = 0x1cc;
0x0000488c add r1, pc | r1 = 0x914e;
0x0000488e add.w r4, r1, 0x48 | r4 = r1 + 0x48;
0x00004892 add.w r3, r1, 0x2f4 | r3 = r1 + 0x2f4;
0x00004896 str r4, [sp] | *(sp) = r4;
0x00004898 adds r1, 0x10 | r1 += 0x10;
0x0000489a blx 0x24f0 | fcn_000024f0 ();
| }
0x0000489e ldr r1, [pc, 0x20] |
0x000048a0 mov r0, r4 | r0 = r4;
0x000048a2 movw r2, 0x1cd | r2 = 0x1cd;
0x000048a6 add r1, pc | r1 = "netd_util_string_contains_control_chars";
0x000048a8 add.w r4, r1, 0x314 | r4 = r1 + 0x314;
0x000048ac add.w r3, r1, 0x2f4 | r3 = r1 + 0x2f4;
0x000048b0 str r4, [sp] | *(sp) = r4;
0x000048b2 adds r1, 0x10 | r1 += 0x10;
0x000048b4 blx 0x24f0 | fcn_000024f0 ();
| label_1:
0x000048b8 add sp, 8 |
0x000048ba pop {r4, pc} |
| }
0x00006298 push.w {r4, r5, r6, r8, lr} |
0x0000629c sub sp, 0xc |
0x0000629e cmp r0, 0 |
| if (r0 == 0) {
0x000062a0 beq 0x638c | goto label_2;
| }
0x000062a2 mov r8, r1 | r8 = r1;
0x000062a4 cmp r1, 0 |
| if (r1 == 0) {
0x000062a6 beq 0x63a4 | goto label_3;
| }
0x000062a8 mov r4, r0 | r4 = r0;
0x000062aa ldr r0, [pc, 0x12c] |
0x000062ac add r0, pc |
0x000062ae add.w r0, r0, 0x348 | r0 = 0xc9d2;
0x000062b2 blx 0x2548 | policykit_system_reload_service ();
0x000062b6 ldr r3, [r4] | r3 = *(r4);
0x000062b8 mov r6, r0 | r6 = r0;
| if (r3 != 0) {
0x000062ba cbnz r3, 0x62c8 | goto label_4;
| }
0x000062bc b 0x63c8 | goto label_5;
| do {
0x000062be ldr r3, [r4, 4]! | r3 = *((r4 += 4));
0x000062c2 cmp r3, 0 |
| if (r3 == 0) {
0x000062c4 beq.w 0x63ce | goto label_6;
| }
| label_4:
0x000062c8 mov r1, r6 | r1 = r6;
0x000062ca mov r0, r3 | r0 = r3;
0x000062cc blx 0x26d0 | r0 = fcn_000026d0 ();
0x000062d0 cmp r0, 0 |
0x000062d2 beq 0x62be |
| } while (r0 == 0);
0x000062d4 movs r2, 2 | r2 = 2;
0x000062d6 mov r1, r6 | r1 = r6;
0x000062d8 ldr r0, [r4] | r0 = *(r4);
0x000062da blx 0x2788 | r0 = popen (r0, r1)
0x000062de mov r5, r0 | r5 = r0;
0x000062e0 blx 0x24cc | r0 = fcn_000024cc ();
0x000062e4 cmp r0, 2 |
| if (r0 == 2) {
0x000062e6 beq 0x6310 | goto label_7;
| }
0x000062e8 ldr r1, [pc, 0xf0] |
0x000062ea mov r2, r8 | r2 = r8;
0x000062ec ldr r3, [r4] | r3 = *(r4);
0x000062ee movs r0, 3 | r0 = 3;
0x000062f0 add r1, pc |
0x000062f2 add.w r1, r1, 0x34c | r1 = 0xca1c;
0x000062f6 bl 0x48c4 | fcn_000048c4 (r0);
0x000062fa mov r0, r5 | r0 = r5;
0x000062fc blx 0x2870 | fcn_00002870 ();
0x00006300 mov r0, r6 | r0 = r6;
0x00006302 blx 0x22b8 | fcn_000022b8 ();
| do {
| label_0:
0x00006306 movs r4, 0 | r4 = 0;
0x00006308 mov r0, r4 | r0 = r4;
0x0000630a add sp, 0xc |
0x0000630c pop.w {r4, r5, r6, r8, pc} |
| label_7:
0x00006310 ldr r0, [r5, 4] | r0 = *((r5 + 4));
0x00006312 blx 0x23c8 | r0 = g_clear_error ();
0x00006316 mov r8, r0 | r8 = r0;
0x00006318 mov r0, r5 | r0 = r5;
0x0000631a blx 0x2870 | fcn_00002870 ();
0x0000631e mov r0, r6 | r0 = r6;
0x00006320 blx 0x22b8 | fcn_000022b8 ();
0x00006324 cmp.w r8, 0 |
0x00006328 beq 0x6306 |
| } while (r8 == 0);
0x0000632a ldr r4, [pc, 0xb4] |
0x0000632c mov r0, r8 | r0 = r8;
0x0000632e add r4, pc | r4 = 0xc714;
0x00006330 add.w r1, r4, 0x374 | r1 = r4 + 0x374;
0x00006334 blx 0x26d0 | r0 = fcn_000026d0 ();
| if (r0 == 0) {
0x00006338 cbnz r0, 0x6348 |
0x0000633a add.w r1, r4, 0x378 | r1 = r4 + 0x378;
0x0000633e mov r0, r8 | r0 = r8;
0x00006340 blx 0x26d0 | r0 = fcn_000026d0 ();
0x00006344 cmp r0, 0 |
| if (r0 == 0) {
0x00006346 beq 0x63be | goto label_8;
| }
| }
0x00006348 ldr r4, [pc, 0x98] |
0x0000634a mov r0, r8 | r0 = r8;
0x0000634c add r4, pc | r4 = 0xc734;
0x0000634e add.w r1, r4, 0x374 | r1 = r4 + 0x374;
0x00006352 blx 0x287c | r0 = fcn_0000287c ();
| if (r0 == 0) {
0x00006356 cbnz r0, 0x6364 |
0x00006358 add.w r1, r4, 0x378 | r1 = r4 + 0x378;
0x0000635c mov r0, r8 | r0 = r8;
0x0000635e blx 0x287c | r0 = fcn_0000287c ();
| if (r0 == 0) {
0x00006362 cbz r0, 0x63be | goto label_8;
| }
| }
0x00006364 mov r0, r8 | r0 = r8;
0x00006366 blx 0x25c4 | r0 = fcn_000025c4 ();
0x0000636a subs r5, r0, 1 | r5 = r0 - 1;
0x0000636c mov r0, r5 | r0 = r5;
0x0000636e blx 0x2794 | g_set_error_literal ();
0x00006372 mov r2, r5 | r2 = r5;
0x00006374 add.w r1, r8, 1 | r1 = r8 + 1;
0x00006376 lsls r1, r0, 4 | r1 = r0 << 4;
0x00006378 mov r4, r0 | r4 = r0;
0x0000637a blx 0x2958 | fcn_00002958 ();
0x0000637e mov r0, r8 | r0 = r8;
0x00006380 blx 0x22b8 | fcn_000022b8 ();
0x00006384 mov r0, r4 | r0 = r4;
0x00006386 add sp, 0xc |
0x00006388 pop.w {r4, r5, r6, r8, pc} |
0x0000638a strh r0, [r6, 0xa] | *((r6 + 0xa)) = r0;
| label_2:
0x0000638c ldr r1, [pc, 0x58] |
0x0000638e movw r2, 0x2f6 | r2 = 0x2f6;
0x00006392 add r1, pc | r1 = 0xc77e;
0x00006394 add.w r4, r1, 0x324 | r4 = r1 + 0x324;
0x00006398 add.w r3, r1, 0x304 | r3 = r1 + 0x304;
0x0000639c str r4, [sp] | *(sp) = r4;
0x0000639e adds r1, 0x74 | r1 += 0x74;
0x000063a0 blx 0x24f0 | fcn_000024f0 ();
| label_3:
0x000063a4 ldr r1, [pc, 0x44] |
0x000063a6 movw r2, 0x2f7 | r2 = 0x2f7;
0x000063aa mov r0, r8 | r0 = r8;
0x000063ac add r1, pc | r1 = 0xc79c;
0x000063ae add.w r4, r1, 0x334 | r4 = r1 + 0x334;
0x000063b2 add.w r3, r1, 0x304 | r3 = r1 + 0x304;
0x000063b6 str r4, [sp] | *(sp) = r4;
0x000063b8 adds r1, 0x74 | r1 += 0x74;
0x000063ba blx 0x24f0 | fcn_000024f0 ();
| label_8:
0x000063be mov r4, r8 | r4 = r8;
0x000063c0 mov r0, r4 | r0 = r4;
0x000063c2 add sp, 0xc |
0x000063c4 pop.w {r4, r5, r6, r8, pc} |
| label_5:
0x000063c8 blx 0x22b8 | fcn_000022b8 ();
0x000063cc b 0x6306 | goto label_0;
| label_6:
0x000063ce mov r0, r6 | r0 = r6;
0x000063d0 blx 0x22b8 | fcn_000022b8 ();
0x000063d4 b 0x6306 | goto label_0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/libexec/netd_migrate @ 0x5b90 */
| #include <stdint.h>
|
; (fcn) fcn.00005b90 () | void fcn_00005b90 (int16_t arg1) {
| r0 = arg1;
0x00005b90 push.w {r3, r4, r5, r6, r8, lr} |
| if (r0 == 0) {
0x00005b94 cbz r0, 0x5bf6 | goto label_1;
| }
0x00005b96 ldr r5, [pc, 0x6c] |
0x00005b98 mov r4, r0 | r4 = r0;
0x00005b9a add r5, pc | r5 = 0xb7a4;
0x00005b9c add.w r6, r5, 0x40 | r6 = r5 + 0x40;
0x00005ba0 mov r1, r6 | r1 = r6;
0x00005ba2 blx 0x23ac | r0 = fcn_000023ac ();
| if (r0 == 0) {
0x00005ba6 cbz r0, 0x5bf6 | goto label_1;
| }
0x00005ba8 mov.w r2, -1 | r2 = -1;
0x00005bac add.w r1, r5, 0x138 | r1 = r5 + 0x138;
0x00005bb0 mov r0, r4 | r0 = r4;
0x00005bb2 blx 0x2788 | r0 = popen (r0, r1)
0x00005bb6 mov r8, r0 | r8 = r0;
0x00005bb8 ldr r0, [r0] | r0 = *(r0);
| if (r0 == 0) {
0x00005bba cbz r0, 0x5bfe | goto label_2;
| }
0x00005bbc mov r4, r8 | r4 = r8;
0x00005bbe movs r5, 0 | r5 = 0;
0x00005bc0 b 0x5bc8 |
| while (r0 == 0) {
0x00005bc2 ldr r0, [r4, 4]! | r0 = *((r4 += 4));
| if (r0 == 0) {
0x00005bc6 cbz r0, 0x5bea | goto label_3;
| }
| label_0:
0x00005bc8 mov r1, r6 | r1 = r6;
0x00005bca blx 0x23ac | r0 = fcn_000023ac ();
0x00005bce cmp r0, 0 |
0x00005bd0 beq 0x5bc2 |
| }
0x00005bd2 ldr r0, [r4] | r0 = *(r4);
0x00005bd4 blx 0x23c8 | r0 = g_clear_error ();
0x00005bd8 mov r1, r0 | r1 = r0;
0x00005bda mov r0, r5 | r0 = r5;
0x00005bdc blx 0x26ac | r0 = fcn_000026ac ();
0x00005be0 mov r5, r0 | r5 = r0;
0x00005be2 ldr r0, [r4, 4]! | r0 = *((r4 += 4));
0x00005be6 cmp r0, 0 |
| if (r0 != 0) {
0x00005be8 bne 0x5bc8 | goto label_0;
| }
| do {
| label_3:
0x00005bea mov r0, r8 | r0 = r8;
0x00005bec blx 0x2870 | fcn_00002870 ();
0x00005bf0 mov r0, r5 | r0 = r5;
0x00005bf2 pop.w {r3, r4, r5, r6, r8, pc} |
| label_1:
0x00005bf6 movs r5, 0 | r5 = 0;
0x00005bf8 mov r0, r5 | r0 = r5;
0x00005bfa pop.w {r3, r4, r5, r6, r8, pc} |
| label_2:
0x00005bfe mov r5, r0 | r5 = r0;
0x00005c00 b 0x5bea |
| } while (1);
| }
[*] Function popen used 3 times netd_migrate
