[*] Binary protection state of libkeystore.so.1.2
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function printf tear down of libkeystore.so.1.2
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libkeystore.so.1.2 @ 0xb1c */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00000b1c () | void fcn_00000b1c (int16_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_0h;
| int16_t var_4h;
| int32_t var_8h;
| int32_t var_8h_2;
| int16_t var_10h;
| int16_t var_14h;
| int16_t var_18h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x00000b1c mvnsmi lr, 0xb4000 | __asm ("mvnsmi lr, 0xb4000");
0x00000b20 mov sb, r2 | sb = r2;
0x00000b22 sub sp, 0x24 |
0x00000b24 mov r8, r0 | r8 = r0;
0x00000b26 mov r0, r1 | r0 = r1;
0x00000b28 mov r6, r1 | r6 = r1;
0x00000b2a mov r7, r3 | r7 = r3;
0x00000b2c blx 0x964 | g_variant_ref_sink ();
0x00000b30 cmp.w sb, 0 |
| if (sb == 0) {
0x00000b34 beq.w 0xc94 | goto label_3;
| }
0x00000b38 ldrb.w r4, [sb] | r4 = *(sb);
0x00000b3c cmp r4, 0 |
| if (r4 == 0) {
0x00000b3e beq.w 0xc78 | goto label_4;
| }
0x00000b42 add.w r5, sb, 1 | r5 = sb + 1;
0x00000b46 b 0xb4a |
| while (r4 != 0) {
0x00000b48 mov r5, lr | r5 = lr;
0x00000b4a bic ip, r4, 0x20 | ip = BIT_MASK (r4, 0x20);
0x00000b4e mov lr, r5 | lr = r5;
0x00000b50 sub.w ip, ip, 0x41 |
0x00000b54 sub.w r3, r4, 0x30 | r3 = r4 - 0x30;
0x00000b58 cmp.w ip, 0x19 |
| if (ip >= 0x19) {
0x00000b5c bls 0xb68 |
0x00000b5e cmp r4, 0x5f |
0x00000b60 it ne |
| if (r4 != 0x5f) {
0x00000b62 cmpne r3, 9 | __asm ("cmpne r3, 9");
| }
| if (r4 > 0x5f) {
0x00000b64 bhi.w 0xc78 | goto label_4;
| }
| }
0x00000b68 ldrb r4, [lr], 1 | r4 = *(lr);
| lr++;
0x00000b6c cmp r4, 0 |
0x00000b6e bne 0xb48 |
| }
0x00000b70 sub.w r5, r5, sb | r5 -= sb;
0x00000b74 subs r5, 1 | r5--;
0x00000b76 cmp r5, 0x3f |
| if (r5 > 0x3f) {
0x00000b78 bhi 0xc78 | goto label_4;
| }
0x00000b7a ldr r1, [pc, 0x15c] |
0x00000b7c mov r2, sb | r2 = sb;
0x00000b7e ldr r0, [pc, 0x15c] |
0x00000b80 add r1, pc | r1 = 0x185e;
0x00000b82 add r0, pc | r0 = 0x1864;
0x00000b84 blx 0x9ac | r0 = g_strdup_printf ()
0x00000b88 mov r5, r0 | r5 = r0;
| label_1:
0x00000b8a ldr r4, [pc, 0x154] |
0x00000b8c add r4, pc | r4 = 0x1872;
0x00000b8e ldr r3, [r4] | r3 = *(0x1872);
0x00000b90 cbz r3, 0xbf6 |
| while (1) {
0x00000b92 mov r2, r7 | r2 = r7;
0x00000b94 movs r1, 0 | r1 = 0;
0x00000b96 movs r0, 1 | r0 = 1;
0x00000b98 blx 0xa24 | r0 = g_bus_get_sync ();
0x00000b9c mov sb, r0 | sb = r0;
0x00000b9e mov r4, r0 | r4 = r0;
| if (r0 != 0) {
0x00000ba0 cbz r0, 0xbe2 |
0x00000ba2 ldr r3, [pc, 0x140] |
0x00000ba4 mov.w r2, 0x5300 |
0x00000ba8 movt r2, 7 | r2 = 0x75300;
0x00000bac str.w r8, [sp] | __asm ("str.w r8, [sp]");
0x00000bb0 str r2, [sp, 0x10] | var_10h = r2;
0x00000bb2 movs r2, 0 | r2 = 0;
0x00000bb4 add r3, pc | r3 = 0x189e;
0x00000bb6 str r2, [sp, 0x14] | var_14h = r2;
0x00000bb8 mov r1, r3 | r1 = r3;
0x00000bba strd r2, r2, [sp, 8] | __asm ("strd r2, r2, [var_8h]");
0x00000bbe str r7, [sp, 0x18] | var_18h = r7;
0x00000bc0 mov r2, r5 | r2 = r5;
0x00000bc2 str r6, [sp, 4] | var_4h = r6;
0x00000bc4 blx 0x9a0 | r0 = g_dbus_connection_call_sync ();
0x00000bc8 clz r3, r0 | r3 &= r0;
0x00000bcc cmp r7, 0 |
0x00000bce lsr.w r3, r3, 5 | r3 >>= 5;
0x00000bd2 it eq |
| if (r7 != 0) {
0x00000bd4 moveq r3, 0 | r3 = 0;
| }
0x00000bd6 mov r4, r0 | r4 = r0;
0x00000bd8 cmp r3, 0 |
| if (r3 != 0) {
0x00000bda bne 0xca4 | goto label_5;
| }
| label_2:
0x00000bdc mov r0, sb | r0 = sb;
0x00000bde blx 0x97c | g_object_unref ();
| }
| label_0:
0x00000be2 mov r0, r5 | r0 = r5;
0x00000be4 blx 0x958 | g_free ();
0x00000be8 mov r0, r6 | r0 = r6;
0x00000bea blx 0xa00 | g_variant_unref ();
0x00000bee mov r0, r4 | r0 = r4;
0x00000bf0 add sp, 0x24 |
0x00000bf2 pop.w {r4, r5, r6, r7, r8, sb, pc} |
0x00000bf6 ldr r0, [pc, 0xf0] |
0x00000bf8 add r0, pc | r0 = 0x18e6;
0x00000bfa blx 0x9e8 | g_quark_from_string ();
0x00000bfe ldr r2, [pc, 0xec] |
0x00000c00 movs r1, 1 | r1 = 1;
0x00000c02 str r0, [r4] | *(r4) = r0;
0x00000c04 add r2, pc | r2 = 0x18f6;
0x00000c06 blx 0xa18 | g_dbus_error_register_error ();
0x00000c0a ldr r2, [pc, 0xe4] |
0x00000c0c movs r1, 2 | r1 = 2;
0x00000c0e ldr r0, [r4] | r0 = *(r4);
0x00000c10 add r2, pc | r2 = 0x1906;
0x00000c12 blx 0xa18 | g_dbus_error_register_error ();
0x00000c16 ldr r2, [pc, 0xdc] |
0x00000c18 movs r1, 3 | r1 = 3;
0x00000c1a ldr r0, [r4] | r0 = *(r4);
0x00000c1c add r2, pc | r2 = 0x1916;
0x00000c1e blx 0xa18 | g_dbus_error_register_error ();
0x00000c22 ldr r2, [pc, 0xd4] |
0x00000c24 movs r1, 4 | r1 = 4;
0x00000c26 ldr r0, [r4] | r0 = *(r4);
0x00000c28 add r2, pc | r2 = 0x1926;
0x00000c2a blx 0xa18 | g_dbus_error_register_error ();
0x00000c2e ldr r2, [pc, 0xcc] |
0x00000c30 movs r1, 5 | r1 = 5;
0x00000c32 ldr r0, [r4] | r0 = *(r4);
0x00000c34 add r2, pc | r2 = 0x1936;
0x00000c36 blx 0xa18 | g_dbus_error_register_error ();
0x00000c3a ldr r2, [pc, 0xc4] |
0x00000c3c movs r1, 6 | r1 = 6;
0x00000c3e ldr r0, [r4] | r0 = *(r4);
0x00000c40 add r2, pc | r2 = 0x1946;
0x00000c42 blx 0xa18 | g_dbus_error_register_error ();
0x00000c46 ldr r2, [pc, 0xbc] |
0x00000c48 movs r1, 7 | r1 = 7;
0x00000c4a ldr r0, [r4] | r0 = *(r4);
0x00000c4c add r2, pc | r2 = 0x1956;
0x00000c4e blx 0xa18 | g_dbus_error_register_error ();
0x00000c52 ldr r2, [pc, 0xb4] |
0x00000c54 movs r1, 9 | r1 = 9;
0x00000c56 ldr r0, [r4] | r0 = *(r4);
0x00000c58 add r2, pc | r2 = 0x1966;
0x00000c5a blx 0xa18 | g_dbus_error_register_error ();
0x00000c5e ldr r2, [pc, 0xac] |
0x00000c60 movs r1, 8 | r1 = 8;
0x00000c62 ldr r0, [r4] | r0 = *(r4);
0x00000c64 add r2, pc | r2 = 0x1976;
0x00000c66 blx 0xa18 | g_dbus_error_register_error ();
0x00000c6a ldr r2, [pc, 0xa4] |
0x00000c6c movs r1, 0xa | r1 = 0xa;
0x00000c6e ldr r0, [r4] | r0 = *(r4);
0x00000c70 add r2, pc | r2 = 0x1986;
0x00000c72 blx 0xa18 | g_dbus_error_register_error ();
0x00000c76 b 0xb92 |
| }
| label_4:
0x00000c78 ldr r0, [pc, 0x98] |
0x00000c7a movs r5, 0 | r5 = 0;
0x00000c7c mov r4, r5 | r4 = r5;
0x00000c7e add r0, pc | r0 = 0x1996;
0x00000c80 blx 0x9e8 | g_quark_from_string ();
0x00000c84 ldr r3, [pc, 0x90] |
0x00000c86 mov r1, r0 | r1 = r0;
0x00000c88 movs r2, 3 | r2 = 3;
0x00000c8a mov r0, r7 | r0 = r7;
0x00000c8c add r3, pc | r3 = 0x19a8;
0x00000c8e blx 0x9d0 | g_set_error ();
0x00000c92 b 0xbe2 | goto label_0;
| label_3:
0x00000c94 ldr r1, [pc, 0x84] |
0x00000c96 ldr r0, [pc, 0x88] |
0x00000c98 add r1, pc | r1 = 0x19b8;
0x00000c9a add r0, pc | r0 = 0x19c0;
0x00000c9c blx 0x9ac | r0 = g_strdup_printf ()
0x00000ca0 mov r5, r0 | r5 = r0;
0x00000ca2 b 0xb8a | goto label_1;
| label_5:
0x00000ca4 ldr r4, [r7] | r4 = *(r7);
0x00000ca6 blx 0xa0c | g_dbus_error_quark ();
0x00000caa movs r2, 0x13 | r2 = 0x13;
0x00000cac mov r1, r0 | r1 = r0;
0x00000cae mov r0, r4 | r0 = r4;
0x00000cb0 blx 0x9dc | r0 = g_error_matches ();
0x00000cb4 cbnz r0, 0xcba |
| while (1) {
0x00000cb6 movs r4, 0 | r4 = 0;
0x00000cb8 b 0xbdc | goto label_2;
0x00000cba mov r0, r7 | r0 = r7;
0x00000cbc blx 0x988 | g_clear_error ();
0x00000cc0 ldr r0, [pc, 0x60] |
0x00000cc2 add r0, pc | r0 = 0x19ea;
0x00000cc4 blx 0x9e8 | g_quark_from_string ();
0x00000cc8 ldr r3, [pc, 0x5c] |
0x00000cca mov r1, r0 | r1 = r0;
0x00000ccc movs r2, 3 | r2 = 3;
0x00000cce mov r0, r7 | r0 = r7;
0x00000cd0 add r3, pc | r3 = 0x19fc;
0x00000cd2 blx 0x9d0 | g_set_error ();
0x00000cd6 b 0xcb6 |
| }
| }
[*] Function printf used 3 times libkeystore.so.1.2
