[*] Binary protection state of conf-migrate
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of conf-migrate
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/libexec/conf-migrate @ 0x2b28 */
| #include <stdint.h>
|
; (fcn) fcn.00002b28 () | void fcn_00002b28 (uint32_t arg1) {
| int16_t var_4h;
| char * ptr;
| int16_t var_9h;
| int16_t var_ah;
| int16_t var_ch;
| int16_t var_34h;
| int16_t var_38h;
| r0 = arg1;
0x00002b28 push {r1, r2, r3} |
0x00002b2a cmp r0, 7 |
0x00002b2c ldr r2, [pc, 0x104] |
0x00002b2e ldr r3, [pc, 0x108] | r3 = *(0x2c3a);
0x00002b30 add r2, pc | r2 = 0x5768;
0x00002b32 push.w {r4, r5, r6, r7, r8, sb, sl, lr} |
0x00002b36 sub sp, 0x14 |
0x00002b38 mov r4, r0 | r4 = r0;
0x00002b3a ldr r3, [r2, r3] |
0x00002b3c ldr r7, [sp, 0x34] | r7 = var_34h;
0x00002b3e ldr r3, [r3] | r3 = *(0x5768);
0x00002b40 str r3, [sp, 0xc] | var_ch = r3;
0x00002b42 mov.w r3, 0 | r3 = 0;
| if (r0 == 7) {
0x00002b46 beq 0x2c08 | goto label_3;
| }
0x00002b48 blx 0xdb8 | errno_location ();
0x00002b4c subs r3, r4, 2 | r3 = r4 - 2;
0x00002b4e ldr.w sb, [r0] | sb = *(r0);
0x00002b52 cmp r3, 1 |
0x00002b54 mov r5, r0 | r5 = r0;
| if (r3 < 1) {
0x00002b56 bls 0x2bf8 | goto label_4;
| }
0x00002b58 cmp r4, 4 |
0x00002b5a it ne |
| if (r4 == 4) {
0x00002b5c movne r6, 1 | r6 = 1;
| }
| if (r4 == 4) {
0x00002b5e beq 0x2c20 | goto label_5;
| }
| do {
| label_1:
0x00002b60 ldr.w r8, [pc, 0xd8] |
0x00002b64 add.w sl, sp, 0x38 | sl += var_38h;
0x00002b68 mov r3, sl | r3 = sl;
0x00002b6a mov r2, r7 | r2 = r7;
0x00002b6c movs r1, 1 | r1 = 1;
0x00002b6e mov r0, r6 | r0 = r6;
0x00002b70 add r8, pc | r8 = 0x57b0;
0x00002b72 str.w sb, [r5] | __asm ("str.w sb, [r5]");
0x00002b76 str.w sl, [sp, 4] | __asm ("str.w sl, [var_4h]");
0x00002b7a blx 0xd1c | vdprintf_chk ()
0x00002b7e mov r0, r6 | r0 = r6;
0x00002b80 movs r2, 2 | r2 = 2;
0x00002b82 mov r1, r8 | r1 = r8;
0x00002b84 blx 0xde8 | write (r0, r1, r2);
0x00002b88 ldr r0, [pc, 0xb4] |
0x00002b8a mov.w r2, 0x1a4 | r2 = 0x1a4;
0x00002b8e movw r1, 0x441 | r1 = 0x441;
0x00002b92 add r0, pc | r0 = 0x57d6;
0x00002b94 blx 0xd4c | r0 = open (r0, r1, r2);
0x00002b98 subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 >= r0) {
0x00002b9a blt 0x2bda |
0x00002b9c movs r3, 0x3c | r3 = 0x3c;
0x00002b9e movs r2, 3 | r2 = 3;
0x00002ba0 add r1, sp, 8 | r1 += ptr;
0x00002ba2 strb.w r3, [sp, 8] | ptr = r3;
0x00002ba6 adds r4, 0x30 | r4 += 0x30;
0x00002ba8 movs r3, 0x3e | r3 = 0x3e;
0x00002baa strb.w r3, [sp, 0xa] | var_ah = r3;
0x00002bae strb.w r4, [sp, 9] | var_9h = r4;
0x00002bb2 blx 0xde8 | write (r0, r1, r2);
0x00002bb6 mov r3, sl | r3 = sl;
0x00002bb8 mov r2, r7 | r2 = r7;
0x00002bba movs r1, 1 | r1 = 1;
0x00002bbc mov r0, r6 | r0 = r6;
0x00002bbe str.w sb, [r5] | __asm ("str.w sb, [r5]");
0x00002bc2 str.w sl, [sp, 4] | __asm ("str.w sl, [var_4h]");
0x00002bc6 blx 0xd1c | vdprintf_chk ()
0x00002bca movs r2, 2 | r2 = 2;
0x00002bcc mov r1, r8 | r1 = r8;
0x00002bce mov r0, r6 | r0 = r6;
0x00002bd0 blx 0xde8 | write (r0, r1, r2);
0x00002bd4 mov r0, r6 | r0 = r6;
0x00002bd6 blx 0xe9c | close (r0);
| }
| label_0:
0x00002bda ldr r2, [pc, 0x68] |
0x00002bdc ldr r3, [pc, 0x58] | r3 = *(0x2c38);
0x00002bde add r2, pc | r2 = 0x5828;
0x00002be0 ldr r3, [r2, r3] | r3 = *(0x5828);
0x00002be2 ldr r2, [r3] | r2 = *(0x5828);
0x00002be4 ldr r3, [sp, 0xc] | r3 = var_ch;
0x00002be6 eors r2, r3 | r2 ^= r3;
0x00002be8 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00002bec bne 0x2c2e | goto label_6;
| }
0x00002bee add sp, 0x14 |
0x00002bf0 pop.w {r4, r5, r6, r7, r8, sb, sl, lr} |
0x00002bf4 add sp, 0xc |
0x00002bf6 bx lr | return;
| label_4:
0x00002bf8 ldr r1, [pc, 0x4c] |
0x00002bfa movs r2, 7 | r2 = 7;
0x00002bfc movs r0, 2 | r0 = 2;
0x00002bfe add r1, pc | r1 = 0x584a;
0x00002c00 blx 0xde8 | write (r0, r1, r2);
| label_2:
0x00002c04 movs r6, 2 | r6 = 2;
0x00002c06 b 0x2b60 |
| } while (1);
| label_3:
0x00002c08 ldr r3, [pc, 0x40] |
0x00002c0a add r3, pc | r3 = 0x585a;
0x00002c0c ldrb r3, [r3] | r3 = *(r3);
0x00002c0e cmp r3, 0 |
| if (r3 == 0) {
0x00002c10 beq 0x2bda | goto label_0;
| }
0x00002c12 blx 0xdb8 | errno_location ();
0x00002c16 movs r6, 1 | r6 = 1;
0x00002c18 ldr.w sb, [r0] | sb = *(r0);
0x00002c1c mov r5, r0 | r5 = r0;
0x00002c1e b 0x2b60 | goto label_1;
| label_5:
0x00002c20 ldr r1, [pc, 0x2c] |
0x00002c22 movs r2, 9 | r2 = 9;
0x00002c24 movs r0, 2 | r0 = 2;
0x00002c26 add r1, pc | r1 = 0x587a;
0x00002c28 blx 0xde8 | write (r0, r1, r2);
0x00002c2c b 0x2c04 | goto label_2;
| label_6:
0x00002c2e blx 0xc98 | stack_chk_fail ();
0x00002c32 nop |
0x00002c34 movs r3, 0xbc | r3 = 0xbc;
0x00002c36 movs r0, r0 |
0x00002c38 lsls r4, r7, 3 | r4 = r7 << 3;
0x00002c3a movs r0, r0 |
0x00002c3c lsrs r4, r4, 0x1a | r4 >>= 0x1a;
0x00002c3e movs r0, r0 |
0x00002c40 lsrs r6, r0, 0x1a | r6 = r0 >> 0x1a;
0x00002c42 movs r0, r0 |
0x00002c44 movs r3, 0xe | r3 = 0xe;
0x00002c46 movs r0, r0 |
0x00002c48 lsrs r2, r0, 0x18 | r2 = r0 >> 0x18;
0x00002c4a movs r0, r0 |
0x00002c4c movs r4, 0x12 | r4 = 0x12;
0x00002c4e movs r0, r0 |
0x00002c50 lsrs r2, r4, 0x17 | r2 = r4 >> 0x17;
0x00002c52 movs r0, r0 |
| }
[*] Function printf used 3 times conf-migrate
