[*] Binary protection state of filefrag
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of filefrag
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/sbin/filefrag @ 0x1b00 */
| #include <stdint.h>
|
; (fcn) fcn.00001b00 () | void fcn_00001b00 (int16_t arg_1a0h, int16_t arg_1a4h, int16_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_ch_2;
| int16_t var_10h;
| int16_t var_14h;
| int16_t var_18h;
| int16_t var_20h;
| int16_t var_24h;
| int16_t var_28h;
| int32_t var_30h;
| int32_t var_30h_2;
| int32_t var_38h;
| int32_t var_38h_2;
| int16_t var_40h;
| int16_t var_4ch;
| int16_t var_50h;
| int16_t var_54h;
| int16_t var_58h;
| int16_t var_5ch;
| int16_t var_60h;
| int16_t var_64h;
| int16_t var_68h;
| int16_t var_6ch;
| int16_t var_74h;
| void * s;
| int16_t var_174h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x00001b00 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00001b04 sub sp, 0x17c |
0x00001b06 strd r2, r3, [sp, 0x58] | __asm ("strd r2, r3, [var_58h]");
0x00001b0a movs r7, 0 | r7 = 0;
0x00001b0c mov r4, r0 | r4 = r0;
0x00001b0e add.w sb, sp, 0x74 | sb += var_74h;
0x00001b12 ldr r2, [pc, 0x1f8] |
0x00001b14 add r0, sp, 0x78 | r0 += s;
0x00001b16 ldr r3, [pc, 0x1f8] | r3 = *(0x1d12);
0x00001b18 str r1, [sp, 0x60] | var_60h = r1;
0x00001b1a mov r1, r7 | r1 = r7;
0x00001b1c add r2, pc | r2 = 0x382e;
0x00001b1e ldr r5, [sp, 0x1a0] | r5 = *(arg_1a0h);
0x00001b20 ldr r3, [r2, r3] |
0x00001b22 movs r2, 0xfc | r2 = 0xfc;
0x00001b24 ldr r3, [r3] | r3 = *(0x382e);
0x00001b26 str r3, [sp, 0x174] | var_174h = r3;
0x00001b28 mov.w r3, 0 | r3 = 0;
0x00001b2c ldr r3, [sp, 0x1a4] | r3 = *(arg_1a4h);
0x00001b2e str.w r7, [sb] | __asm ("str.w r7, [sb]");
0x00001b32 str r3, [sp, 0x64] | var_64h = r3;
0x00001b34 blx 0x970 | memset (r0, r1, r2);
0x00001b38 ldr r2, [r4, 0x14] | r2 = *((r4 + 0x14));
0x00001b3a ldr r1, [r4, 0x28] | r1 = *((r4 + 0x28));
0x00001b3c ldr r0, [r4, 0x10] | r0 = *((r4 + 0x10));
0x00001b3e str r2, [sp, 0x50] | var_50h = r2;
0x00001b40 ldr r2, [r4] | r2 = *(r4);
0x00001b42 tst.w r1, 0x200 |
0x00001b46 it ne |
| if ((r1 & 0x200) == 0) {
0x00001b48 movne r5, r7 | r5 = r7;
| }
0x00001b4a ldr r3, [r4, 4] | r3 = *((r4 + 4));
0x00001b4c subs r6, r0, 1 | r6 = r0 - 1;
0x00001b4e str r0, [sp, 0x6c] | var_6ch = r0;
0x00001b50 rsb.w r0, r5, 0x20 | r0 = 0x20 - r5;
0x00001b54 lsr.w r6, r6, r5 | r6 >>= r5;
0x00001b58 lsr.w r8, r2, r5 | r8 = r2 >> r5;
0x00001b5c ldr r2, [sp, 0x50] | r2 = var_50h;
0x00001b5e rsb.w fp, r5, 0x20 |
0x00001b62 sub.w sl, r5, 0x20 | sl = r5 - 0x20;
0x00001b66 adc r2, r2, -1 | __asm ("adc r2, r2, -1");
0x00001b6a lsl.w r0, r2, r0 | r0 = r2 << r0;
0x00001b6e orrs r6, r0 | r6 |= r0;
0x00001b70 lsl.w r0, r3, fp | r0 = r3 << fp;
0x00001b74 orr.w r8, r8, r0 | r8 |= r0;
0x00001b78 sub.w r0, r5, 0x20 | r0 = r5 - 0x20;
0x00001b7c lsr.w r0, r2, r0 | r0 = r2 >> r0;
0x00001b80 lsrs r2, r5 | r2 >>= r5;
0x00001b82 str r2, [sp, 0x54] | var_54h = r2;
0x00001b84 lsr.w r2, r3, r5 | r2 = r3 >> r5;
0x00001b88 lsr.w r3, r3, sl | r3 >>= sl;
0x00001b8c orrs r6, r0 | r6 |= r0;
0x00001b8e str r2, [sp, 0x68] | var_68h = r2;
0x00001b90 orr.w r8, r8, r3 | r8 |= r3;
0x00001b94 lsls r3, r1, 0x1e | r3 = r1 << 0x1e;
0x00001b96 it mi |
| if (r3 >= r1) {
0x00001b98 strmi r7, [sp, 0x4c] | var_4ch = r7;
| }
| if (r3 >= r1) {
0x00001b9a bmi 0x1bb2 |
0x00001b9c ldrd r7, r3, [r4, 8] | __asm ("ldrd r7, r3, [r4, 8]");
0x00001ba0 lsl.w r2, r3, fp | r2 = r3 << fp;
0x00001ba4 lsrs r7, r5 | r7 >>= r5;
0x00001ba6 orrs r7, r2 | r7 |= r2;
0x00001ba8 lsr.w r2, r3, sl | r2 = r3 >> sl;
0x00001bac lsrs r3, r5 | r3 >>= r5;
0x00001bae orrs r7, r2 | r7 |= r2;
0x00001bb0 str r3, [sp, 0x4c] | var_4ch = r3;
| }
0x00001bb2 ldrd r3, r2, [sp, 0x58] | __asm ("ldrd r3, r2, [var_58h]");
0x00001bb6 orrs r3, r2 | r3 |= r2;
| if (r3 != r2) {
0x00001bb8 beq 0x1c06 |
0x00001bba movs r3, 2 |
0x00001bbc movt r3, 0x800 | r3 = 0x8000002;
0x00001bc0 tst r1, r3 |
| if ((r1 & r3) == 0) {
0x00001bc2 bne 0x1c06 |
0x00001bc4 ldr r3, [pc, 0x14c] |
0x00001bc6 add r3, pc | r3 = 0x38de;
0x00001bc8 ldrd r2, r3, [r3] | __asm ("ldrd r2, r3, [r3]");
0x00001bcc cmp r2, r3 |
| if (r2 == r3) {
0x00001bce beq.w 0x1d00 | goto label_2;
| }
0x00001bd2 ldr r3, [pc, 0x144] |
0x00001bd4 add r3, pc | r3 = 0x38f2;
| label_1:
0x00001bd6 ldr r1, [pc, 0x144] |
0x00001bd8 ldr r0, [sp, 0x5c] | r0 = var_5ch;
0x00001bda ldr r2, [sp, 0x58] | r2 = var_58h;
0x00001bdc add r1, pc |
0x00001bde ldr r1, [r1] | r1 = *(0x38fe);
0x00001be0 lsrs r2, r5 | r2 >>= r5;
0x00001be2 str r1, [sp] | *(sp) = r1;
0x00001be4 lsl.w r1, r0, fp | r1 = r0 << fp;
0x00001be8 orrs r2, r1 | r2 |= r1;
0x00001bea lsr.w r1, r0, sl | r1 = r0 >> sl;
0x00001bee orrs r2, r1 | r2 |= r1;
0x00001bf0 movs r1, 1 | r1 = 1;
0x00001bf2 str r2, [sp, 8] | var_8h = r2;
0x00001bf4 lsr.w r2, r0, r5 | r2 = r0 >> r5;
0x00001bf8 mov r0, sb | r0 = sb;
0x00001bfa str r2, [sp, 0xc] | var_ch_2 = r2;
0x00001bfc mov.w r2, 0x100 | r2 = 0x100;
0x00001c00 blx 0x964 | sprintf_chk ()
0x00001c04 b 0x1c24 |
| }
| } else {
0x00001c06 ldr r3, [pc, 0x118] |
0x00001c08 mov.w r2, 0x100 | r2 = 0x100;
0x00001c0c movs r1, 1 | r1 = 1;
0x00001c0e mov r0, sb | r0 = sb;
0x00001c10 add r3, pc |
0x00001c12 ldr r3, [r3] | r3 = *(0x3936);
0x00001c14 str r3, [sp] | *(sp) = r3;
0x00001c16 ldr r3, [pc, 0x10c] |
0x00001c18 add r3, pc | r3 = 0x3942;
0x00001c1a str r3, [sp, 4] | var_4h = r3;
0x00001c1c ldr r3, [pc, 0x108] |
0x00001c1e add r3, pc | r3 = 0x394a;
0x00001c20 blx 0x964 | sprintf_chk ()
| }
0x00001c24 ldr r0, [r4, 0x28] | r0 = *((r4 + 0x28));
0x00001c26 movs r2, 1 | r2 = 1;
0x00001c28 mov r1, sb | r1 = sb;
0x00001c2a bl 0x1898 | fcn_00001898 (r0, r1, r2);
0x00001c2e ldr r2, [r4, 0x10] | r2 = *((r4 + 0x10));
0x00001c30 ldr r3, [r4] | r3 = *(r4);
0x00001c32 ldr r1, [r4, 0x14] | r1 = *((r4 + 0x14));
0x00001c34 adds r3, r3, r2 | r3 += r2;
0x00001c36 ldr r2, [r4, 4] | r2 = *((r4 + 4));
0x00001c38 adc.w r2, r2, r1 | __asm ("adc.w r2, r2, r1");
0x00001c3c ldr r1, [sp, 0x64] | r1 = var_64h;
0x00001c3e ldrd r0, r1, [r1, 0x30] | __asm ("ldrd r0, r1, [r1, 0x30]");
0x00001c42 cmp r3, r0 |
0x00001c44 sbcs r2, r1 | __asm ("sbcs r2, r1");
| if (r3 > r0) {
0x00001c46 blo 0x1c5e |
0x00001c48 ldrb.w r3, [sb] | r3 = *(sb);
0x00001c4c cmp r3, 0 |
| if (r3 != 0) {
0x00001c4e bne 0x1cfa | goto label_3;
| }
0x00001c50 ldr r1, [pc, 0xd8] |
0x00001c52 add r1, pc | r1 = 0x3982;
| label_0:
0x00001c54 mov.w r2, 0x100 | r2 = 0x100;
0x00001c58 mov r0, sb | r0 = sb;
0x00001c5a blx 0x958 | strcat_chk ();
| }
0x00001c5e ldr r2, [r4, 0x28] | r2 = *((r4 + 0x28));
0x00001c60 movs r3, 2 |
0x00001c62 movt r3, 0x800 | r3 = 0x8000002;
0x00001c66 tst r3, r2 |
| if ((r3 & r2) != 0) {
0x00001c68 bne 0x1cf0 | goto label_4;
| }
0x00001c6a ldr r1, [sp, 0x50] | r1 = var_50h;
0x00001c6c adds r0, r7, r6 | r0 = r7 + r6;
0x00001c6e ldr r3, [sp, 0x6c] | r3 = var_6ch;
0x00001c70 lsl.w r2, r1, fp | r2 = r1 << fp;
0x00001c74 lsr.w r3, r3, r5 | r3 >>= r5;
0x00001c78 orr.w r3, r3, r2 | r3 |= r2;
0x00001c7c mov r2, r1 | r2 = r1;
0x00001c7e lsr.w r1, r1, sl | r1 >>= sl;
0x00001c82 lsr.w r5, r2, r5 | r5 = r2 >> r5;
0x00001c86 ldr r2, [sp, 0x4c] | r2 = var_4ch;
0x00001c88 orr.w r3, r3, r1 | r3 |= r1;
0x00001c8c ldr r1, [sp, 0x54] | r1 = var_54h;
0x00001c8e adc.w r1, r2, r1 | __asm ("adc.w r1, r2, r1");
| do {
0x00001c92 strd r3, r5, [sp, 0x38] | __asm ("strd r3, r5, [var_38h]");
0x00001c96 adds.w r6, r6, r8 | r6 += r8;
0x00001c9a ldr r3, [sp, 0x4c] | r3 = var_4ch;
0x00001c9c strd r0, r1, [sp, 0x30] | __asm ("strd r0, r1, [var_30h]");
0x00001ca0 mov.w r0, 1 | r0 = 1;
0x00001ca4 ldr r1, [sp, 0x68] | r1 = var_68h;
0x00001ca6 str r3, [sp, 0x24] | var_24h = r3;
0x00001ca8 ldr r3, [sp, 0x54] | r3 = var_54h;
0x00001caa strd r8, r1, [sp] | __asm ("strd r8, r1, [sp]");
0x00001cae str.w sb, [sp, 0x40] | __asm ("str.w sb, [var_40h]");
0x00001cb2 adc.w r3, r3, r1 | __asm ("adc.w r3, r3, r1");
0x00001cb6 ldr r1, [pc, 0x78] |
0x00001cb8 str r7, [sp, 0x20] | var_20h = r7;
0x00001cba str r6, [sp, 0x10] | var_10h = r6;
0x00001cbc add r1, pc | r1 = 0x39f2;
0x00001cbe str r3, [sp, 0x14] | var_14h = r3;
0x00001cc0 ldrd r1, r3, [r1] | __asm ("ldrd r1, r3, [r1]");
0x00001cc4 ldr r2, [sp, 0x60] | r2 = var_60h;
0x00001cc6 str r1, [sp, 0x28] | var_28h = r1;
0x00001cc8 str r1, [sp, 0x18] | var_18h = r1;
0x00001cca ldr r1, [pc, 0x68] |
0x00001ccc str r3, [sp, 8] | var_8h = r3;
0x00001cce add r1, pc |
0x00001cd0 ldr r1, [r1] | r1 = *(0x3a08);
0x00001cd2 blx 0x97c | printf_chk ();
0x00001cd6 ldr r2, [pc, 0x60] |
0x00001cd8 ldr r3, [pc, 0x34] | r3 = *(0x1d10);
0x00001cda add r2, pc | r2 = 0x3a18;
0x00001cdc ldr r3, [r2, r3] | r3 = *(0x3a18);
0x00001cde ldr r2, [r3] | r2 = *(0x3a18);
0x00001ce0 ldr r3, [sp, 0x174] | r3 = var_174h;
0x00001ce2 eors r2, r3 | r2 ^= r3;
0x00001ce4 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00001ce8 bne 0x1d06 | goto label_5;
| }
0x00001cea add sp, 0x17c |
0x00001cec pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_4:
0x00001cf0 movs r3, 0 | r3 = 0;
0x00001cf2 ldr r1, [sp, 0x4c] | r1 = var_4ch;
0x00001cf4 mov r0, r7 | r0 = r7;
0x00001cf6 mov r5, r3 | r5 = r3;
0x00001cf8 b 0x1c92 |
| } while (1);
| label_3:
0x00001cfa ldr r1, [pc, 0x40] |
0x00001cfc add r1, pc | r1 = 0x3a3e;
0x00001cfe b 0x1c54 | goto label_0;
| label_2:
0x00001d00 ldr r3, [pc, 0x3c] |
0x00001d02 add r3, pc | r3 = 0x3a46;
0x00001d04 b 0x1bd6 | goto label_1;
| label_5:
0x00001d06 blx 0x8bc | stack_chk_fail ();
0x00001d0a nop |
0x00001d0c movs r4, 0x3c | r4 = 0x3c;
0x00001d0e movs r0, r0 |
0x00001d10 lsls r4, r0, 2 | r4 = r0 << 2;
0x00001d12 movs r0, r0 |
0x00001d14 movs r4, 0x46 | r4 = 0x46;
0x00001d16 movs r0, r0 |
0x00001d18 lsrs r0, r6, 0x13 | r0 = r6 >> 0x13;
0x00001d1a movs r0, r0 |
0x00001d1c movs r4, 0x28 | r4 = 0x28;
0x00001d1e movs r0, r0 |
0x00001d20 movs r3, 0xf4 | r3 = 0xf4;
0x00001d22 movs r0, r0 |
0x00001d24 lsrs r0, r1, 0x13 | r0 = r1 >> 0x13;
0x00001d26 movs r0, r0 |
0x00001d28 lsrs r2, r7, 0x12 | r2 = r7 >> 0x12;
0x00001d2a movs r0, r0 |
0x00001d2c lsrs r2, r0, 0x12 | r2 = r0 >> 0x12;
0x00001d2e movs r0, r0 |
0x00001d30 movs r3, 0x48 | r3 = 0x48;
0x00001d32 movs r0, r0 |
0x00001d34 movs r3, 0x3e | r3 = 0x3e;
0x00001d36 movs r0, r0 |
0x00001d38 movs r2, 0x7e | r2 = 0x7e;
0x00001d3a movs r0, r0 |
0x00001d3c lsrs r0, r2, 0xf | r0 = r2 >> 0xf;
0x00001d3e movs r0, r0 |
0x00001d40 lsrs r2, r7, 0xe | r2 = r7 >> 0xe;
0x00001d42 movs r0, r0 |
| }
[*] Function sprintf used 3 times filefrag
