[*] Binary protection state of libpaho-mqtt3c.so.1.3.11
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of libpaho-mqtt3c.so.1.3.11
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libpaho-mqtt3c.so.1.3.11 @ 0xa804 */
| #include <stdint.h>
|
; (fcn) fcn.0000a804 () | void fcn_0000a804 (int16_t arg_50h, int16_t arg_2c8h, int16_t arg1) {
| int16_t var_0h;
| int16_t var_4h;
| r0 = arg1;
0x0000a804 invalid |
0x0000a808 strb r2, [r7, 0xd] | *((r7 + 0xd)) = r2;
0x0000a80a mov r6, r0 | r6 = r0;
0x0000a80c ldr r0, [pc, 0xa8] |
0x0000a80e mul r4, r3, r1 | r4 = r3 * r1;
0x0000a812 movw r5, 0x1759 |
0x0000a816 ldr r1, [pc, 0xa4] | r1 = *(0xa8be);
0x0000a818 sub sp, 8 |
0x0000a81a add r0, pc | r0 = 0x150d6;
0x0000a81c ldr r3, [pc, 0xa0] |
0x0000a81e movt r5, 0xd1b7 | r5 = 0xd1b71759;
0x0000a820 asrs r7, r6, 0x16 | r7 = r6 >> 0x16;
0x0000a822 mov.w r2, -1 | r2 = -1;
0x0000a826 ldr r1, [r0, r1] |
0x0000a828 add r3, pc | r3 = 0x150ec;
0x0000a82a add.w r0, r3, 0x60 | r0 = r3 + 0x60;
0x0000a82e ldr r1, [r1] | r1 = *(0x150d6);
0x0000a830 str r1, [sp, 4] | var_4h = r1;
0x0000a832 mov.w r1, 0 | r1 = 0;
0x0000a836 umull r1, r5, r5, r4 | r1:r5 = r5 * r4;
0x0000a83a str r2, [sp] | *(sp) = r2;
0x0000a83c movw r1, 0x111 | r1 = 0x111;
0x0000a840 movs r2, 3 | r2 = 3;
0x0000a842 bl 0xf2c0 | fcn_0000f2c0 (r0, r1, r2);
0x0000a846 movw r3, 0x4e1f | r3 = 0x4e1f;
0x0000a84a cmp r4, r3 |
0x0000a84c itt hi |
| if (r4 <= r3) {
0x0000a84e lsrhi r5, r5, 0xd | r5 >>= 0xd;
| }
| if (r4 <= r3) {
0x0000a850 movhi r4, 1 | r4 = 1;
| }
| if (r4 > r3) {
0x0000a852 bhi 0xa874 | goto label_0;
| }
0x0000a854 b 0xa880 | goto label_1;
| do {
0x0000a856 adds r0, 1 | r0++;
| if (r0 == 1) {
0x0000a858 bne 0xa866 |
0x0000a85a blx 0x261c | r0 = fcn_0000261c ();
0x0000a85e ldr r3, [r0] | r3 = *(r0);
0x0000a860 cmp r3, 0xb |
0x0000a862 str r3, [sp] | *(sp) = r3;
| if (r3 != 0xb) {
0x0000a864 bne 0xa8ac | goto label_2;
| }
| }
0x0000a866 movw r0, 0x2710 | r0 = 0x2710;
0x0000a86a adds r4, 1 | r4++;
0x0000a86c blx 0x24ec | strcpy (r0, r1)
0x0000a870 cmp r5, r4 |
| if (r5 == r4) {
0x0000a872 beq 0xa880 | goto label_1;
| }
| label_0:
0x0000a874 mov r0, r6 | r0 = r6;
0x0000a876 blx 0x2410 | fcn_00002410 ();
0x0000a878 stcl p0, c9, [ip] | __asm ("stcl p0, c9, [ip]");
0x0000a87c cmp r0, 0 |
0x0000a87e bne 0xa856 |
| } while (r0 != 0);
| do {
| label_1:
0x0000a880 ldr r0, [pc, 0x40] |
0x0000a882 movs r3, 3 | r3 = 3;
0x0000a884 mov r2, sp | r2 = sp;
0x0000a886 mov.w r1, 0x132 | r1 = 0x132;
0x0000a88a add r0, pc | r0 = 0x15152;
0x0000a88c adds r0, 0x60 | r0 += 0x60;
0x0000a88e bl 0xf360 | fcn_0000f360 (r0, r1, r2, r3);
0x0000a892 ldr r2, [pc, 0x34] |
0x0000a894 ldr r3, [pc, 0x24] | r3 = *(0xa8bc);
0x0000a896 ldr r0, [sp] | r0 = *(sp);
0x0000a898 add r2, pc | r2 = 0x15166;
0x0000a89a ldr r3, [r2, r3] | r3 = *(0x15166);
0x0000a89c ldr r2, [r3] | r2 = *(0x15166);
0x0000a89e ldr r3, [sp, 4] | r3 = var_4h;
0x0000a8a0 eors r2, r3 | r2 ^= r3;
0x0000a8a2 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x0000a8a6 bne 0xa8b2 | goto label_3;
| }
0x0000a8a8 add sp, 8 |
0x0000a8aa pop {r4, r5, r6, pc} |
| label_2:
0x0000a8ac movs r3, 0 | r3 = 0;
0x0000a8ae str r3, [sp] | *(sp) = r3;
0x0000a8b0 b 0xa880 |
| } while (1);
| label_3:
0x0000a8b2 blx 0x2438 | pthread_cond_init ();
0x0000a8b6 nop |
0x0000a8b8 sub.w r0, lr, 0x800000 | r0 = lr - 0x800000;
0x0000a8bc lsls r0, r5, 7 | r0 = r5 << 7;
0x0000a8be movs r0, r0 |
0x0000a8c0 add r5, sp, 0x50 | r5 += arg_50h;
0x0000a8c2 movs r0, r0 |
0x0000a8c4 add r4, sp, 0x2c8 | r4 += arg_2c8h;
0x0000a8c6 movs r0, r0 |
0x0000a8c8 invalid |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libpaho-mqtt3c.so.1.3.11 @ 0xf038 */
| #include <stdint.h>
|
; (fcn) fcn.0000f038 () | void fcn_0000f038 (int16_t arg_1e0h, int16_t arg_250h, int16_t arg1, int16_t arg3) {
| int16_t var_0h;
| int32_t var_4h;
| int32_t var_4h_2;
| int16_t var_ch;
| int32_t var_10h;
| int32_t var_10h_2;
| int16_t var_18h;
| int16_t var_20h;
| int16_t var_24h;
| int16_t var_28h;
| int16_t var_2ch;
| int16_t var_30h;
| int16_t var_34h;
| int16_t var_38h;
| int8_t var_17h;
| int16_t var_3ch;
| int8_t var_19h_2;
| int32_t var_0h_2;
| int16_t var_4ch;
| int8_t var_19h;
| r0 = arg1;
| r2 = arg3;
0x0000f038 svcmi 0xf0e92d | __asm ("svcmi aav.0x000000ff");
0x0000f03c mov r7, r2 | r7 = r2;
0x0000f03e ldr r2, [pc, 0x1c0] |
0x0000f040 sub sp, 0x54 |
0x0000f042 mov r5, r0 | r5 = r0;
0x0000f044 add r6, sp, 0x38 | r6 += var_38h;
0x0000f046 ldr r3, [pc, 0x1bc] | r3 = *(0xf206);
0x0000f048 mov.w sb, 0 | sb = 0;
0x0000f04c ldr.w lr, [pc, 0x1b8] |
0x0000f050 add r2, pc | r2 = 0x1e256;
0x0000f052 ldr.w fp, [pc, 0x1b8] |
0x0000f056 mov sl, sb | sl = sb;
0x0000f058 ldr r3, [r2, r3] |
0x0000f05a mov r4, sb | r4 = sb;
0x0000f05c add lr, pc | lr = 0x1e268;
0x0000f05e mov r8, sb | r8 = sb;
0x0000f060 mov ip, lr |
0x0000f062 add fp, pc | fp = 0x1e274;
0x0000f064 ldr r3, [r3] | r3 = imp.__aeabi_unwind_cpp_pr0;
0x0000f066 str r3, [sp, 0x4c] | var_4ch = r3;
0x0000f068 mov.w r3, 0 | r3 = 0;
0x0000f06c ldm.w ip!, {r0, r1, r2, r3} | r0 = *(ip!);
| r1 = *((ip! + 4));
| r2 = *((ip! + 8));
| r3 = *((ip! + 12));
0x0000f070 strd sb, sb, [sp, 0x24] | __asm ("strd sb, sb, [var_24h]");
0x0000f074 stm r6!, {r0, r1, r2, r3} | *(r6!) = r0;
| *((r6! + 4)) = r1;
| *((r6! + 8)) = r2;
| *((r6! + 12)) = r3;
0x0000f076 add.w r0, lr, 0x14 | r0 = lr + 0x14;
0x0000f07a ldr.w r3, [ip] | r3 = *(ip);
0x0000f07e movs r2, 3 | r2 = 3;
0x0000f080 movs r1, 0x3d | r1 = 0x3d;
0x0000f082 str r3, [r6] | *(r6) = r3;
0x0000f084 bl 0xf2c0 | fcn_0000f2c0 (r0, r1, r2);
0x0000f088 mov r2, sb | r2 = sb;
0x0000f08a movw r3, 0x1f90 | r3 = 0x1f90;
0x0000f08e add r1, sp, 0x20 | r1 += var_20h;
0x0000f090 mov r0, r7 | r0 = r7;
0x0000f092 bl 0xac14 | fcn_0000ac14 (r0, r1, r2, r3);
0x0000f096 ldr r3, [r5, 0x20] | r3 = *((r5 + 0x20));
0x0000f098 mov r6, r0 | r6 = r0;
0x0000f09a ldr r2, [sp, 0x20] | r2 = var_20h;
| if (r3 == 0) {
0x0000f09c cbz r3, 0xf0e0 | goto label_3;
| }
| do {
0x0000f09e mov r1, r4 | r1 = r4;
0x0000f0a0 str r3, [sp, 0x18] | var_18h = r3;
0x0000f0a2 str r2, [sp, 0xc] | var_ch = r2;
0x0000f0a4 mov.w r3, -1 | r3 = -1;
0x0000f0a8 movs r2, 1 | r2 = 1;
0x0000f0aa mov r0, sl | r0 = sl;
0x0000f0ac strd r6, r7, [sp, 0x10] | __asm ("strd r6, r7, [var_10h]");
0x0000f0b0 strd r6, r7, [sp, 4] | __asm ("strd r6, r7, [var_4h]");
0x0000f0b4 str.w fp, [sp] | __asm ("str.w fp, [sp]");
0x0000f0b8 blx 0x284c | r0 = fcn_0000284c ();
0x0000f0bc mov r4, r0 | r4 = r0;
| label_0:
0x0000f0be eor r3, r8, 1 | r3 = r8 ^ 1;
0x0000f0c2 cmp r4, 0 |
0x0000f0c4 ite le |
| if (r4 > 0) {
0x0000f0c6 movle r3, 0 | r3 = 0;
| }
| if (r4 <= 0) {
0x0000f0c8 andgt r3, r3, 1 | r3 &= 1;
| }
| if (r3 != 0) {
0x0000f0cc cbnz r3, 0xf102 | goto label_4;
| }
| label_1:
0x0000f0ce cmp.w r8, 0 |
| if (r8 != 0) {
0x0000f0d2 bne 0xf14a | goto label_5;
| }
0x0000f0d4 ldr r3, [r5, 0x20] | r3 = *((r5 + 0x20));
0x0000f0d6 mov.w r8, 1 | r8 = 1;
0x0000f0da ldr r2, [sp, 0x20] | r2 = var_20h;
0x0000f0dc cmp r3, 0 |
0x0000f0de bne 0xf09e |
| } while (r3 != 0);
| label_3:
0x0000f0e0 ldr r3, [pc, 0x12c] |
0x0000f0e2 mov r1, r4 | r1 = r4;
0x0000f0e4 str r2, [sp, 0xc] | var_ch = r2;
0x0000f0e6 mov r0, sl | r0 = sl;
0x0000f0e8 movs r2, 1 | r2 = 1;
0x0000f0ea strd r6, r7, [sp, 0x10] | __asm ("strd r6, r7, [var_10h]");
0x0000f0ee add r3, pc | r3 = 0x1e302;
0x0000f0f0 strd r6, r7, [sp, 4] | __asm ("strd r6, r7, [var_4h]");
0x0000f0f4 str r3, [sp] | *(sp) = r3;
0x0000f0f6 mov.w r3, -1 | r3 = -1;
0x0000f0fa blx 0x284c | fcn_0000284c ();
0x0000f0fc sub.w r6, r8, r4, lsl 16 | r6 = r8 - (r4 << 16);
0x0000f100 b 0xf0be | goto label_0;
| label_4:
0x0000f102 ldr r0, [pc, 0x110] |
0x0000f104 adds r4, 1 | r4++;
0x0000f106 mov r2, r4 | r2 = r4;
0x0000f108 movs r1, 0x68 | r1 = 0x68;
0x0000f10a add r0, pc | r0 = 0x1e324;
0x0000f10c bl 0xf7c8 | r0 = fcn_0000f7c8 (r0, r1, r2);
0x0000f110 mov sl, r0 | sl = r0;
0x0000f112 cmp r0, 0 |
| if (r0 != 0) {
0x0000f114 bne 0xf0ce | goto label_1;
| }
0x0000f116 add r7, sp, 0x24 | r7 += var_24h;
0x0000f118 mvn r3, 0x62 | r3 = ~0x62;
0x0000f11c str r3, [sp, 0x24] | var_24h = r3;
| label_2:
0x0000f11e ldr r0, [pc, 0xf8] |
0x0000f120 movs r3, 3 | r3 = 3;
0x0000f122 mov r2, r7 | r2 = r7;
0x0000f124 movs r1, 0x98 | r1 = 0x98;
0x0000f126 add r0, pc | r0 = 0x1e344;
0x0000f128 adds r0, 0x14 | r0 += 0x14;
0x0000f12a bl 0xf360 | fcn_0000f360 (r0, r1, r2, r3);
0x0000f12e ldr r2, [pc, 0xec] |
0x0000f130 ldr r3, [pc, 0xd0] | r3 = *(0xf204);
0x0000f132 ldr r0, [sp, 0x24] | r0 = var_24h;
0x0000f134 add r2, pc | r2 = 0x1e356;
0x0000f136 ldr r3, [r2, r3] | r3 = imp.__aeabi_unwind_cpp_pr0;
0x0000f138 ldr r2, [r3] | r2 = imp.__aeabi_unwind_cpp_pr0;
0x0000f13a ldr r3, [sp, 0x4c] | r3 = var_4ch;
0x0000f13c eors r2, r3 | r2 ^= r3;
0x0000f13e mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x0000f142 bne 0xf1fa | goto label_6;
| }
0x0000f144 add sp, 0x54 |
0x0000f146 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_5:
0x0000f14a ldr r2, [pc, 0xd4] |
0x0000f14c mov r3, sl | r3 = sl;
0x0000f14e mov.w r1, -1 | r1 = -1;
0x0000f152 movs r0, 4 | r0 = 4;
0x0000f154 movw r8, 0xd090 |
0x0000f158 add r7, sp, 0x24 | r7 += var_24h;
0x0000f15a add r2, pc | r2 = 0x1e380;
0x0000f15c movt r8, 3 | r8 = 0x3d090;
0x0000f160 bl 0x8e64 | fcn_00008e64 (r0, r1);
0x0000f164 add r3, sp, 0x3c | r3 += var_3ch;
0x0000f166 add r6, sp, 0x28 | r6 += var_28h;
0x0000f168 ldm r3, {r0, r1, r2, r3} | r0 = *(r3);
| r1 = *((r3 + 4));
| r2 = *((r3 + 8));
| r3 = *((r3 + 12));
0x0000f16a add.w sb, sp, 0x2c | sb += var_2ch;
0x0000f16e stm.w sp, {r0, r1, r2, r3} | *(sp) = r0;
| *((sp + 4)) = r1;
| *((sp + 8)) = r2;
| *((sp + 12)) = r3;
0x0000f172 mov r2, r4 | r2 = r4;
0x0000f174 ldr r3, [sp, 0x38] | r3 = var_38h;
0x0000f176 mov r1, sl | r1 = sl;
0x0000f178 ldr r0, [r5] | r0 = *(r5);
0x0000f17a bl 0x7744 | fcn_00007744 (r0, r1, r2, r3, r4, r5);
0x0000f17e ldr r0, [pc, 0xa4] |
0x0000f180 mov r2, sl | r2 = sl;
0x0000f182 movs r1, 0x73 | r1 = 0x73;
0x0000f184 add r0, pc | r0 = 0x1e3ae;
0x0000f186 bl 0xf8e8 | fcn_0000f8e8 (r0, r1, r2);
0x0000f18a add r0, sp, 0x30 | r0 += var_30h;
0x0000f18c blx 0x23ec | fcn_000023ec ();
0x0000f190 ldr r3, [sp, 0x30] | r3 = var_30h;
0x0000f192 adds r3, 0xa | r3 += 0xa;
0x0000f194 str r3, [sp, 0x30] | var_30h = r3;
0x0000f196 b 0xf1ac |
| while (r3 == 0) {
0x0000f198 mov r0, sb | r0 = sb;
0x0000f19a blx 0x23ec | fcn_000023ec ();
0x0000f19e ldrd r2, r3, [sp, 0x2c] | __asm ("ldrd r2, r3, [var_2ch]");
0x0000f1a2 cmp r2, r3 |
| if (r2 > r3) {
0x0000f1a4 bgt 0xf1da | goto label_7;
| }
0x0000f1a6 mov r0, r8 | r0 = r8;
0x0000f1a8 blx 0x24ec | strcpy (r0, r1)
0x0000f1ac mov r3, r7 | r3 = r7;
0x0000f1ae ldr r0, [r5] | r0 = *(r5);
0x0000f1b0 mov r2, r6 | r2 = r6;
0x0000f1b2 movs r1, 0xc | r1 = 0xc;
0x0000f1b4 bl 0x7570 | fcn_00007570 (r0, r1, r2, r3);
0x0000f1b8 ldr r3, [sp, 0x28] | r3 = var_28h;
0x0000f1ba mov r4, r0 | r4 = r0;
0x0000f1bc cmp r3, 0 |
0x0000f1be beq 0xf198 |
| }
0x0000f1c0 ldr r1, [pc, 0x64] |
0x0000f1c2 movs r2, 0xc | r2 = 0xc;
0x0000f1c4 add r1, pc | r1 = 0x1e3f0;
0x0000f1c6 blx 0x27ec | r0 = close (r0);
| if (r0 != 0) {
0x0000f1ca cbz r0, 0xf1e0 |
0x0000f1cc ldr r1, [pc, 0x5c] |
0x0000f1ce movs r2, 0xc | r2 = 0xc;
0x0000f1d0 mov r0, r4 | r0 = r4;
0x0000f1d2 add r1, pc | r1 = 0x1e402;
0x0000f1d4 blx 0x27ec | r0 = close (r0);
| if (r0 == 0) {
0x0000f1d8 cbz r0, 0xf1e0 | goto label_8;
| }
| label_7:
0x0000f1da mov.w r3, -1 | r3 = -1;
0x0000f1de str r3, [sp, 0x24] | var_24h = r3;
| }
| label_8:
0x0000f1e0 add r4, sp, 0x34 | r4 += var_34h;
0x0000f1e2 movs r3, 1 | r3 = 1;
0x0000f1e4 str r3, [sp, 0x28] | var_28h = r3;
| do {
0x0000f1e6 mov r3, r4 | r3 = r4;
0x0000f1e8 ldr r0, [r5] | r0 = *(r5);
0x0000f1ea mov r2, r6 | r2 = r6;
0x0000f1ec movs r1, 1 | r1 = 1;
0x0000f1ee bl 0x7570 | fcn_00007570 (r0, r1, r2, r3);
0x0000f1f2 ldr r3, [sp, 0x28] | r3 = var_28h;
0x0000f1f4 cmp r3, 0 |
0x0000f1f6 bne 0xf1e6 |
| } while (r3 != 0);
0x0000f1f8 b 0xf11e | goto label_2;
| label_6:
0x0000f1fa blx 0x2438 | pthread_cond_init ();
0x0000f1fe nop |
0x0000f200 add r5, sp, 0x1e0 | r5 += arg_1e0h;
0x0000f202 movs r0, r0 |
0x0000f204 lsls r0, r5, 7 | r0 = r5 << 7;
0x0000f206 movs r0, r0 |
0x0000f208 strb r4, [r1, 0x1e] | *((r1 + 0x1e)) = r4;
0x0000f20a movs r0, r0 |
0x0000f20c strb r2, [r5, 0x1a] | *((r5 + 0x1a)) = r2;
0x0000f20e movs r0, r0 |
0x0000f210 strb r6, [r4, 0x19] | var_19h = r6;
0x0000f212 movs r0, r0 |
0x0000f214 strb r6, [r6, 0x19] | var_19h_2 = r6;
0x0000f216 movs r0, r0 |
0x0000f218 strb r2, [r0, 0x1b] | *((r0 + 0x1b)) = r2;
0x0000f21a movs r0, r0 |
0x0000f21c add r4, sp, 0x250 | r4 += arg_250h;
0x0000f21e movs r0, r0 |
0x0000f220 strb r2, [r3, 0x19] | *((r3 + 0x19)) = r2;
0x0000f222 movs r0, r0 |
0x0000f224 strb r4, [r7, 0x17] | var_17h = r4;
0x0000f226 movs r0, r0 |
0x0000f228 strb r4, [r0, 0x18] | *((r0 + 0x18)) = r4;
0x0000f22a movs r0, r0 |
0x0000f22c strb r6, [r0, 0x18] | *((r0 + 0x18)) = r6;
0x0000f22e movs r0, r0 |
| }
[*] Function strcpy used 3 times libpaho-mqtt3c.so.1.3.11
