[*] Binary protection state of mpstat
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of mpstat
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/bin/mpstat @ 0x53ec */
| #include <stdint.h>
|
; (fcn) fcn.000053ec () | void fcn_000053ec () {
| int16_t var_0h;
| size_t n;
| int16_t var_ch;
| void * s;
| int16_t var_1ch;
0x000053ec ldr r2, [pc, 0xd0] |
0x000053ee ldr r3, [pc, 0xd4] | r3 = *(0x54c6);
0x000053f0 push.w {r4, r5, r6, r7, r8, lr} |
0x000053f4 sub sp, 0x20 |
0x000053f6 ldr r4, [pc, 0xd0] |
0x000053f8 add r2, pc | r2 = 0xa8bc;
0x000053fa ldr r1, [pc, 0xd0] |
0x000053fc ldr r3, [r2, r3] |
0x000053fe add r4, pc | r4 = 0xa8cc;
0x00005400 ldr r6, [pc, 0xcc] |
0x00005402 mov r0, r4 | r0 = r4;
0x00005404 add r1, pc | r1 = 0xa8d6;
0x00005406 ldr r3, [r3] | r3 = *(0xa8bc);
0x00005408 str r3, [sp, 0x1c] | var_1ch = r3;
0x0000540a mov.w r3, 0 | r3 = 0;
0x0000540e add r6, pc | r6 = 0xa8e2;
0x00005410 blx 0xe7c | r0 = fopen (r0, r1);
0x00005414 cmp r0, 0 |
| if (r0 == 0) {
0x00005416 beq 0x5492 | goto label_2;
| }
0x00005418 movw r6, 0x7063 |
0x0000541c mov r5, r0 | r5 = r0;
0x0000541e mov.w r8, -1 | r8 = -1;
0x00005422 add r4, sp, 0xc | r4 += var_ch;
0x00005424 movt r6, 0x2075 | r6 = 0x20757063;
0x00005428 movw r7, 0x7063 | r7 = 0x7063;
| do {
| label_0:
0x0000542c mov r2, r5 | r2 = r5;
0x0000542e movs r1, 0x10 | r1 = 0x10;
0x00005430 mov r0, r4 | r0 = r4;
0x00005432 blx 0xe98 | r0 = fcn_00000e98 ();
| if (r0 == 0) {
0x00005436 cbz r0, 0x546e | goto label_3;
| }
| label_1:
0x00005438 ldr r3, [r4] | r3 = *(r4);
0x0000543a cmp r3, r6 |
0x0000543c beq 0x542c |
| } while (r3 == r6);
0x0000543e ldrh r3, [r4] | r3 = *(r4);
0x00005440 cmp r3, r7 |
| if (r3 != r7) {
0x00005442 bne 0x542c | goto label_0;
| }
0x00005444 ldrb r3, [r4, 2] | r3 = *((r4 + 2));
0x00005446 cmp r3, 0x75 |
| if (r3 != 0x75) {
0x00005448 bne 0x542c | goto label_0;
| }
0x0000544a ldr r1, [pc, 0x88] |
0x0000544c add r2, sp, 8 | r2 += n;
0x0000544e add.w r0, sp, 0xf | r0 += s;
0x00005452 add r1, pc | r1 = 0xa92c;
0x00005454 blx 0x1020 | memset (r0, r1, r2);
0x00005458 ldr r3, [sp, 8] | r3 = n;
0x0000545a mov r2, r5 | r2 = r5;
0x0000545c movs r1, 0x10 | r1 = 0x10;
0x0000545e mov r0, r4 | r0 = r4;
0x00005460 cmp r8, r3 |
0x00005462 it lt |
| if (r8 >= r3) {
0x00005464 movlt r8, r3 | r8 = r3;
| }
0x00005466 blx 0xe98 | r0 = fcn_00000e98 ();
0x0000546a cmp r0, 0 |
| if (r0 != 0) {
0x0000546c bne 0x5438 | goto label_1;
| }
| label_3:
0x0000546e mov r0, r5 | r0 = r5;
0x00005470 blx 0x10a0 | fcn_000010a0 ();
0x00005474 ldr r2, [pc, 0x60] |
0x00005476 add.w r0, r8, 1 | r0 = r8 + 1;
0x0000547a ldr r3, [pc, 0x48] | r3 = *(0x54c6);
0x0000547c add r2, pc | r2 = 0xa958;
0x0000547e ldr r3, [r2, r3] | r3 = *(0xa958);
0x00005480 ldr r2, [r3] | r2 = *(0xa958);
0x00005482 ldr r3, [sp, 0x1c] | r3 = var_1ch;
0x00005484 eors r2, r3 | r2 ^= r3;
0x00005486 mov.w r3, 0 | r3 = 0;
| if (r2 == r3) {
0x0000548a bne 0x54ba |
0x0000548c add sp, 0x20 |
0x0000548e pop.w {r4, r5, r6, r7, r8, pc} |
| label_2:
0x00005492 ldr r3, [pc, 0x48] | r3 = *(0x54de);
0x00005494 ldr r3, [r6, r3] | r3 = *((r6 + r3));
0x00005496 ldr r6, [r3] | r6 = *(0x54de);
0x00005498 blx 0xffc | r0 = strcat_chk ()
0x0000549c ldr r0, [r0] | r0 = *(r0);
0x0000549e blx 0xf84 | strftime (r0, r1, r2, r3);
0x000054a2 ldr r2, [pc, 0x3c] |
0x000054a4 mov r5, r0 | r5 = r0;
0x000054a6 mov r3, r4 | r3 = r4;
0x000054a8 movs r1, 1 | r1 = 1;
0x000054aa mov r0, r6 | r0 = r6;
0x000054ac str r5, [sp] | *(sp) = r5;
0x000054ae add r2, pc | r2 = 0xa994;
0x000054b0 blx 0x1088 | fcn_00001088 ();
0x000054b2 stcl p0, c2, [sl, 4]! | __asm ("stcl p0, c2, [sl, 4]!");
0x000054b6 blx 0xfcc | r0 = strtoul (r0, r1, r2);
| }
0x000054ba blx 0xed4 | fcn_00000ed4 ();
0x000054be nop |
0x000054c0 ldrh r0, [r0, r3] | r0 = *((r0 + r3));
0x000054c2 movs r0, r0 |
0x000054c4 lsls r4, r4, 4 | r4 <<= 4;
0x000054c6 movs r0, r0 |
0x000054c8 adds r3, 0x22 | r3 += 0x22;
0x000054ca movs r0, r0 |
0x000054cc adds r6, 0x50 | r6 += 0x50;
0x000054ce movs r0, r0 |
0x000054d0 ldrh r2, [r5, r2] | r2 = *((r5 + r2));
0x000054d2 movs r0, r0 |
0x000054d4 cmp r5, 0x66 |
0x000054d6 movs r0, r0 |
0x000054d8 ldrh r4, [r7, r0] | r4 = *((r7 + r0));
0x000054da movs r0, r0 |
0x000054dc lsls r0, r5, 4 | r0 = r5 << 4;
0x000054de movs r0, r0 |
0x000054e0 adds r2, 0xf6 | r2 += 0xf6;
0x000054e2 movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/bin/mpstat @ 0x78a4 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.000078a4 () | void fcn_000078a4 (int16_t arg1, int16_t arg2) {
| int16_t var_0h;
| int32_t var_4h;
| int32_t var_4h_2;
| int16_t var_14h;
| int16_t var_18h;
| int16_t var_38h;
| int32_t var_38h_2;
| int16_t var_74h;
| int16_t var_1d8h;
| int16_t var_273h;
| int16_t var_274h;
| int16_t var_27ch;
| r0 = arg1;
| r1 = arg2;
0x000078a4 blmi 0x111a1b8 | __asm ("blmi aav.0x00003606");
0x000078a8 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x000078ac sub.w sp, sp, 0x27c |
0x000078b0 ldr r4, [pc, 0x108] |
0x000078b2 add r2, pc | r2 += pc;
0x000078b4 mov sl, r1 | sl = r1;
0x000078b6 str r0, [sp, 0x14] | var_14h = r0;
0x000078b8 ldr r5, [pc, 0x104] |
0x000078ba add r4, pc | r4 = 0xf27a;
0x000078bc ldr r3, [r2, r3] | r3 = *((r2 + r3));
0x000078be mov r0, r4 | r0 = r4;
0x000078c0 add r5, pc | r5 = 0xf284;
0x000078c2 ldr r3, [r3] | r3 = *(r3);
0x000078c4 str r3, [sp, 0x274] | var_274h = r3;
0x000078c6 mov.w r3, 0 | r3 = 0;
0x000078ca blx 0xf50 | r0 = fcn_00000f50 ();
0x000078cc adc.w r8, r2, r0, lsl 8 | __asm ("adc.w r8, r2, r0, lsl 8");
| if (? == ?) {
0x000078d0 beq 0x7986 | goto label_1;
| }
0x000078d2 ldr.w sb, [pc, 0xf0] |
0x000078d6 mov.w fp, 0xf000 |
0x000078da ldr.w r8, [pc, 0xec] |
0x000078de mov r7, r0 | r7 = r0;
0x000078e0 movt fp, 0xffff |
0x000078e4 add sb, pc | sb = 0xf2ae;
0x000078e6 add r8, pc | r8 = 0xf2b4;
| do {
| label_0:
0x000078e8 mov r0, r7 | r0 = r7;
0x000078ea blx 0x10d0 | r0 = fcn_000010d0 ();
| if (r0 == 0) {
0x000078ee cbz r0, 0x7960 | goto label_2;
| }
0x000078f0 mov.w r3, 0x200 | r3 = 0x200;
0x000078f4 add.w r4, r0, 0xb | r4 = r0 + 0xb;
0x000078f8 add r5, sp, 0x74 | r5 += var_74h;
0x000078fa mov r1, r3 | r1 = r3;
0x000078fc movs r2, 1 | r2 = 1;
0x000078fe mov r0, r5 | r0 = r5;
0x00007900 add r6, sp, 0x18 | r6 += var_18h;
0x00007902 strd sb, r4, [sp, 4] | __asm ("strd sb, r4, [var_4h]");
0x00007906 str.w r8, [sp] | __asm ("str.w r8, [sp]");
0x0000790a blx 0x1118 | fcn_00001118 ();
0x0000790e movs r3, 0 | r3 = 0;
0x00007910 mov r1, r6 | r1 = r6;
0x00007912 mov r0, r5 | r0 = r5;
0x00007914 strb.w r3, [sp, 0x273] | var_273h = r3;
0x00007918 blx 0xfb4 | r0 = ctype_b_loc ();
0x0000791c cmp r0, 0 |
0x0000791e bne 0x78e8 |
| } while (r0 != 0);
0x00007920 ldrd r3, r2, [sp, 0x38] | __asm ("ldrd r3, r2, [var_38h]");
0x00007924 ubfx r5, r3, 8, 0xc | r5 = (r3 >> 8) & ((1 << 0xc) - 1);
0x00007928 uxtb r1, r3 | r1 = (int8_t) r3;
0x0000792a lsrs r3, r3, 0xc | r3 >>= 0xc;
0x0000792c orr.w r3, r3, r2, lsl 20 | r3 |= (r2 << 20);
0x00007930 and.w r2, r2, fp | r2 &= fp;
0x00007934 orrs r2, r5 | r2 |= r5;
0x00007936 bic r3, r3, 0xff | r3 = BIT_MASK (r3, 0xff);
0x0000793a orrs r3, r1 | r3 |= r1;
0x0000793c ldr r1, [sp, 0x14] | r1 = var_14h;
0x0000793e cmp r3, sl |
0x00007940 it eq |
| if (r3 != sl) {
0x00007942 cmpeq r2, r1 | __asm ("cmpeq r2, r1");
| goto label_3;
| }
| if (r3 != sl) {
| label_3:
0x00007944 bne 0x78e8 | goto label_0;
| }
0x00007946 ldr r6, [pc, 0x84] |
0x00007948 mov r1, r4 | r1 = r4;
0x0000794a mov r5, r0 | r5 = r0;
0x0000794c movs r2, 0x80 | r2 = 0x80;
0x0000794e add r6, pc | r6 = 0xf320;
0x00007950 sub.w r4, r6, 0xa8 | r4 = r6 - 0xa8;
0x00007954 mov r0, r4 | r0 = r4;
0x00007956 blx 0x1054 | fcn_00001054 ();
0x0000795a strb r5, [r6, -0x29] | *((r6 - 0x29)) = r5;
0x0000795e b 0x7962 | goto label_4;
| label_2:
0x00007960 mov r4, r0 | r4 = r0;
| label_4:
0x00007962 mov r0, r7 | r0 = r7;
0x00007964 blx 0x110c | fcn_0000110c ();
0x00007968 ldr r2, [pc, 0x64] |
0x0000796a ldr r3, [pc, 0x4c] | r3 = *(0x79ba);
0x0000796c add r2, pc | r2 = 0xf340;
0x0000796e ldr r3, [r2, r3] | r3 = imp.__aeabi_unwind_cpp_pr0;
0x00007970 ldr r2, [r3] | r2 = imp.__aeabi_unwind_cpp_pr0;
0x00007972 ldr r3, [sp, 0x274] | r3 = var_274h;
0x00007974 eors r2, r3 | r2 ^= r3;
0x00007976 mov.w r3, 0 | r3 = 0;
0x00007978 lsls r0, r0, 0xc | r0 <<= 0xc;
| if (r0 == r0) {
0x0000797a bne 0x79ae |
0x0000797c mov r0, r4 | r0 = r4;
0x0000797e add.w sp, sp, 0x27c |
0x00007982 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_1:
0x00007986 ldr r3, [pc, 0x4c] | r3 = *(0x79d6);
0x00007988 ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x0000798a ldr r6, [r3] | r6 = *(0x79d6);
0x0000798c blx 0xffc | r0 = strcat_chk ()
0x00007990 ldr r0, [r0] | r0 = *(r0);
0x00007992 blx 0xf84 | strftime (r0, r1, r2, r3);
0x00007996 ldr r2, [pc, 0x40] |
0x00007998 mov r5, r0 | r5 = r0;
0x0000799a mov r3, r4 | r3 = r4;
0x0000799c movs r1, 1 | r1 = 1;
0x0000799e mov r0, r6 | r0 = r6;
0x000079a0 str r5, [sp] | *(sp) = r5;
0x000079a2 add r2, pc | r2 = 0xf380;
0x000079a4 blx 0x1088 | fcn_00001088 ();
0x000079a8 movs r0, 4 | r0 = 4;
0x000079aa blx 0xfcc | r0 = strtoul (r0, r1, r2);
| }
0x000079ae blx 0xed4 | fcn_00000ed4 ();
0x000079b2 nop |
0x000079b4 adds r6, 6 | r6 += 6;
0x000079b6 movs r0, r0 |
0x000079b8 lsls r4, r4, 4 | r4 <<= 4;
0x000079ba movs r0, r0 |
0x000079bc asrs r2, r2, 0x15 | r2 >>= 0x15;
0x000079be movs r0, r0 |
0x000079c0 adds r5, 0xf8 | r5 += 0xf8;
0x000079c2 movs r0, r0 |
0x000079c4 asrs r0, r5, 0x14 | r0 = r5 >> 0x14;
0x000079c6 movs r0, r0 |
0x000079c8 asrs r2, r2, 1 | r2 >>= 1;
0x000079ca movs r0, r0 |
0x000079cc ldr r0, [sp, 0x1d8] | r0 = var_1d8h;
0x000079ce movs r0, r0 |
0x000079d0 adds r5, 0x4c | r5 += 0x4c;
0x000079d2 movs r0, r0 |
0x000079d4 lsls r0, r5, 4 | r0 = r5 << 4;
0x000079d6 movs r0, r0 |
0x000079d8 lsrs r2, r0, 0x18 | r2 = r0 >> 0x18;
0x000079da movs r0, r0 |
0x000079dc movs r0, r0 |
0x000079de movs r0, r0 |
| }
[*] Function strcat used 3 times mpstat
