[*] Binary protection state of apac-update
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of apac-update
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/sbin/apac-update @ 0xd58 */
| #include <stdint.h>
|
; (fcn) fcn.00000d58 () | void fcn_00000d58 () {
| int16_t var_0h;
0x00000d58 strdhs fp, ip, [r0, -r0] | __asm ("strdhs fp, ip, [r0, -r0]");
0x00000d5c ldr r6, [pc, 0xa0] |
0x00000d5e sub sp, 0xc |
0x00000d60 ldr r5, [pc, 0xa0] |
0x00000d62 add r6, pc | r6 = 0x1b66;
0x00000d64 mov r0, r6 | r0 = r6;
0x00000d66 blx 0x938 | r0 = open64 ();
0x00000d6a subs r4, r0, 0 | r4 = r0 - 0;
0x00000d6c add r5, pc | r5 = 0x1b74;
| if (r4 < r0) {
0x00000d6e blt 0xdd8 | goto label_1;
| }
0x00000d70 blx 0x8d8 | r0 = fsync ();
| if (r0 != 0) {
0x00000d74 cbnz r0, 0xdaa | goto label_2;
| }
0x00000d76 mov r0, r4 | r0 = r4;
0x00000d78 blx 0x95c | r0 = close (r0);
0x00000d7c cbnz r0, 0xd82 |
| while (r0 == 0) {
0x00000d7e add sp, 0xc |
0x00000d80 pop {r4, r5, r6, r7, pc} |
| label_0:
0x00000d82 ldr r3, [pc, 0x84] | r3 = *(0xe0a);
0x00000d84 ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x00000d86 ldr r5, [r3] | r5 = *(0xe0a);
0x00000d88 blx 0x9e0 | r0 = errno_location ();
0x00000d8c ldr r0, [r0] | r0 = *(r0);
0x00000d8e blx 0x9b0 | g_strerror ();
0x00000d92 ldr r3, [pc, 0x78] |
0x00000d94 mov r4, r0 | r4 = r0;
0x00000d96 ldr r2, [pc, 0x78] |
0x00000d98 movs r1, 1 | r1 = 1;
0x00000d9a mov r0, r5 | r0 = r5;
0x00000d9c str r4, [sp] | *(sp) = r4;
0x00000d9e add r3, pc | r3 = 0x1bb0;
0x00000da0 add r2, pc | r2 = 0x1bb6;
0x00000da2 blx 0x98c | fprintf_chk ()
0x00000da6 add sp, 0xc |
0x00000da8 pop {r4, r5, r6, r7, pc} |
| label_2:
0x00000daa ldr r3, [pc, 0x5c] | r3 = *(0xe0a);
0x00000dac ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x00000dae ldr r7, [r3] | r7 = *(0xe0a);
0x00000db0 blx 0x9e0 | r0 = errno_location ();
0x00000db4 ldr r0, [r0] | r0 = *(r0);
0x00000db6 blx 0x9b0 | r0 = g_strerror ();
0x00000dba mov r2, r0 | r2 = r0;
0x00000dbc mov r3, r6 | r3 = r6;
0x00000dbe str r2, [sp] | *(sp) = r2;
0x00000dc0 mov r0, r7 | r0 = r7;
0x00000dc2 ldr r2, [pc, 0x50] |
0x00000dc4 movs r1, 1 | r1 = 1;
0x00000dc6 add r2, pc | r2 = 0x1be0;
0x00000dc8 blx 0x98c | fprintf_chk ()
0x00000dcc mov r0, r4 | r0 = r4;
0x00000dce blx 0x95c | r0 = close (r0);
0x00000dd2 cmp r0, 0 |
0x00000dd4 beq 0xd7e |
| }
0x00000dd6 b 0xd82 | goto label_0;
| label_1:
0x00000dd8 ldr r3, [pc, 0x2c] | r3 = *(0xe08);
0x00000dda ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x00000ddc ldr r5, [r3] | r5 = *(0xe08);
0x00000dde blx 0x9e0 | r0 = errno_location ();
0x00000de2 ldr r0, [r0] | r0 = *(r0);
0x00000de4 blx 0x9b0 | g_strerror ();
0x00000de8 ldr r2, [pc, 0x2c] |
0x00000dea mov r4, r0 | r4 = r0;
0x00000dec mov r3, r6 | r3 = r6;
0x00000dee movs r1, 1 | r1 = 1;
0x00000df0 mov r0, r5 | r0 = r5;
0x00000df2 str r4, [sp] | *(sp) = r4;
0x00000df4 add r2, pc | r2 = 0x1c10;
0x00000df6 blx 0x98c | fprintf_chk ()
0x00000dfa add sp, 0xc |
0x00000dfc pop {r4, r5, r6, r7, pc} |
| }
[*] Function fprintf used 4 times apac-update
