[*] Binary protection state of netd
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of netd
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/sbin/netd @ 0x2f640 */
| #include <stdint.h>
|
; (fcn) sym.netd_monitor_setup () | void netd_monitor_setup () {
| int16_t var_0h;
| int16_t var_8h;
| int16_t var_ch;
0x0002f640 push.w {r4, r5, r6, r7, r8, lr} |
0x0002f644 mov.w r3, 0x32000 | r3 = 0x32000;
0x0002f648 ldr r4, [pc, 0x150] |
0x0002f64a sub sp, 0x10 |
0x0002f64c ldr r1, [pc, 0x150] |
0x0002f64e ldr r2, [pc, 0x154] | r2 = *(0x2f7a6);
0x0002f650 add r4, pc | r4 = 0x5edf0;
0x0002f652 ldr r5, [r4] | r5 = *(0x5edf0);
0x0002f654 add r1, pc | r1 = 0x5edf8;
0x0002f656 ldr r2, [r1, r2] |
0x0002f658 ldr r2, [r2] | r2 = *(0x5edf8);
0x0002f65a str r2, [sp, 0xc] | var_ch = r2;
0x0002f65c mov.w r2, 0 | r2 = 0;
0x0002f660 str r3, [sp, 8] | var_8h = r3;
| if (r5 == 0) {
0x0002f662 cbz r5, 0x2f690 | goto label_2;
| }
0x0002f664 ldr r1, [pc, 0x140] |
0x0002f666 movs r0, 3 | r0 = 3;
0x0002f668 add r1, pc | r1 = 0x5ee14;
0x0002f66a addw r1, r1, 0xca4 | __asm ("addw r1, r1, 0xca4");
0x0002f66e bl 0x2a818 | netd_log_esc ();
| label_0:
0x0002f672 movs r0, 0 | r0 = 0;
| do {
0x0002f674 ldr r2, [pc, 0x134] |
0x0002f676 ldr r3, [pc, 0x12c] | r3 = *(0x2f7a6);
0x0002f678 add r2, pc | r2 = 0x5ee28;
0x0002f67a ldr r3, [r2, r3] | r3 = *(0x5ee28);
0x0002f67c ldr r2, [r3] | r2 = *(0x5ee28);
0x0002f67e ldr r3, [sp, 0xc] | r3 = var_ch;
0x0002f680 eors r2, r3 | r2 ^= r3;
0x0002f682 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x0002f686 bne.w 0x2f798 | goto label_3;
| }
0x0002f68a add sp, 0x10 |
0x0002f68c pop.w {r4, r5, r6, r7, r8, pc} |
| label_2:
0x0002f690 movs r0, 0x28 | r0 = 0x28;
0x0002f692 blx 0xca84 | g_str_has_suffix ();
0x0002f696 mov r2, r5 | r2 = r5;
0x0002f698 mov r3, r0 | r3 = r0;
0x0002f69a str r0, [r4] | *(r4) = r0;
0x0002f69c mov r1, r5 | r1 = r5;
0x0002f69e mov r0, r5 | r0 = r5;
0x0002f6a0 blx 0xbe10 | r0 = fcn_0000be10 ();
0x0002f6a4 cmp r0, 0 |
| if (r0 < 0) {
0x0002f6a6 blt 0x2f75e | goto label_4;
| }
0x0002f6a8 ldr r3, [r4] | r3 = *(r4);
0x0002f6aa ldr r7, [pc, 0x104] |
0x0002f6ac ldr r0, [r3] | r0 = *(r3);
0x0002f6ae blx 0xcbdc | fcn_0000cbdc ();
0x0002f6b2 movs r3, 4 | r3 = 4;
0x0002f6b4 movs r2, 8 | r2 = 8;
0x0002f6b6 movs r1, 1 | r1 = 1;
0x0002f6b8 str r3, [sp] | *(sp) = r3;
0x0002f6ba add r3, sp, 8 | r3 += var_8h;
0x0002f6bc mov r8, r0 | r8 = r0;
0x0002f6be blx 0xc710 | fcn_0000c710 ();
0x0002f6c2 ldr r1, [r4] | r1 = *(r4);
0x0002f6c4 add r7, pc | r7 = 0x5ee7a;
0x0002f6c6 ldr r2, [pc, 0xec] |
0x0002f6c8 mov r3, r1 | r3 = r1;
0x0002f6ca ldr r0, [r1], 4 | r0 = *(r1);
| r1 += 4;
0x0002f6ce add r2, pc | r2 = 0x5ee88;
0x0002f6d0 str r1, [sp] | *(sp) = r1;
0x0002f6d2 add.w r1, r7, 0xcf0 | r1 = r7 + 0xcf0;
0x0002f6d4 str r7, [r1, 0x14] | *((r1 + 0x14)) = r7;
0x0002f6d6 blx 0xbff8 | r0 = vsnprintf_chk ()
0x0002f6da cmp r0, 0 |
| if (r0 < 0) {
0x0002f6dc blt 0x2f748 | goto label_5;
| }
0x0002f6de ldr r6, [r4] | r6 = *(r4);
0x0002f6e0 addw r1, r7, 0xd1c | __asm ("addw r1, r7, 0xd1c");
0x0002f6e4 ldr r2, [pc, 0xd0] |
0x0002f6e6 mov r3, r6 | r3 = r6;
0x0002f6e8 ldr r0, [r6], 8 | r0 = *(r6);
| r6 += 8;
0x0002f6ec add r2, pc | r2 = 0x5eea8;
0x0002f6ee str r6, [sp] | *(sp) = r6;
0x0002f6f0 blx 0xbff8 | r0 = vsnprintf_chk ()
0x0002f6f4 cmp r0, 0 |
| if (r0 < 0) {
0x0002f6f6 blt 0x2f748 | goto label_5;
| }
0x0002f6f8 ldr r6, [r4] | r6 = *(r4);
0x0002f6fa addw r1, r7, 0xd28 | __asm ("addw r1, r7, 0xd28");
0x0002f6fe ldr r2, [pc, 0xbc] |
0x0002f700 mov r3, r6 | r3 = r6;
0x0002f702 ldr r0, [r6], 0xc | r0 = *(r6);
| r6 += 0xc;
0x0002f706 add r2, pc | r2 = 0x5eec8;
0x0002f708 str r6, [sp] | *(sp) = r6;
0x0002f70a blx 0xbff8 | r0 = vsnprintf_chk ()
0x0002f70e cmp r0, 0 |
| if (r0 < 0) {
0x0002f710 blt 0x2f748 | goto label_5;
| }
0x0002f712 ldr r6, [r4] | r6 = *(r4);
0x0002f714 mov r0, r8 | r0 = r8;
0x0002f716 blx 0xc804 | fcn_0000c804 ();
0x0002f71a str r0, [r6, 0x14] | *((r6 + 0x14)) = r0;
0x0002f71c ldr r6, [r4] | r6 = *(r4);
0x0002f71e ldr r0, [r6, 0x14] | r0 = *((r6 + 0x14));
| if (r0 == 0) {
0x0002f720 cbz r0, 0x2f780 | goto label_6;
| }
0x0002f722 ldr r2, [pc, 0x9c] |
0x0002f724 mov r3, r6 | r3 = r6;
0x0002f726 movs r1, 1 | r1 = 1;
0x0002f728 add r2, pc | r2 = 0x5eeee;
0x0002f72a blx 0xcc04 | g_ptr_array_free ();
0x0002f72e ldr r3, [r4] | r3 = *(r4);
0x0002f730 str r0, [r6, 0x10] | *((r6 + 0x10)) = r0;
0x0002f732 ldr r3, [r3, 0x10] | r3 = *((r3 + 0x10));
| if (r3 == 0) {
0x0002f734 cbz r3, 0x2f774 | goto label_7;
| }
0x0002f736 ldr r1, [pc, 0x8c] |
0x0002f738 mov r2, r5 | r2 = r5;
0x0002f73a movs r0, 2 | r0 = 2;
0x0002f73c add r1, pc | r1 = 0x5ef06;
0x0002f73e bl 0xdda4 | r0 = netd_dbus_own_name ();
| if (r0 == 0) {
0x0002f742 cbz r0, 0x2f78c | goto label_8;
| }
0x0002f744 movs r0, 1 | r0 = 1;
0x0002f746 b 0x2f674 |
| } while (1);
| label_5:
0x0002f748 blx 0xcb78 | fcn_0000cb78 ();
0x0002f74c addw r1, r7, 0xcfc | __asm ("addw r1, r7, 0xcfc");
0x0002f750 mov r2, r0 | r2 = r0;
0x0002f752 movs r0, 3 | r0 = 3;
0x0002f754 bl 0x2a818 | netd_log_esc ();
| do {
| label_1:
0x0002f758 bl 0x2f55c | netd_monitor_teardown ();
0x0002f75c b 0x2f672 | goto label_0;
| label_4:
0x0002f75e blx 0xcb78 | fcn_0000cb78 ();
0x0002f762 ldr r1, [pc, 0x64] |
0x0002f764 mov r2, r0 | r2 = r0;
0x0002f766 movs r0, 3 | r0 = 3;
0x0002f768 add r1, pc |
0x0002f76a add.w r1, r1, 0xcd0 | r1 = 0x5fc06;
0x0002f76e bl 0x2a818 | netd_log_esc ();
0x0002f772 b 0x2f758 |
| } while (1);
| label_7:
0x0002f774 addw r1, r7, 0xd54 | __asm ("addw r1, r7, 0xd54");
0x0002f778 movs r0, 3 | r0 = 3;
0x0002f77a bl 0x2a818 | netd_log_esc ();
0x0002f77e b 0x2f758 | goto label_1;
| label_6:
0x0002f780 addw r1, r7, 0xd34 | __asm ("addw r1, r7, 0xd34");
0x0002f784 movs r0, 3 | r0 = 3;
0x0002f786 bl 0x2a818 | netd_log_esc ();
0x0002f78a b 0x2f758 | goto label_1;
| label_8:
0x0002f78c addw r1, r7, 0xd7c | __asm ("addw r1, r7, 0xd7c");
0x0002f790 movs r0, 3 | r0 = 3;
0x0002f792 bl 0x2a818 | netd_log_esc ();
0x0002f796 b 0x2f758 | goto label_1;
| label_3:
0x0002f798 blx 0xc59c | fcn_0000c59c ();
0x0002f79c asrs r4, r1, 0x10 | r4 = r1 >> 0x10;
0x0002f79e movs r3, r0 | r3 = r0;
0x0002f7a0 lsls r4, r2, 0xe | r4 = r2 << 0xe;
0x0002f7a2 movs r3, r0 | r3 = r0;
0x0002f7a4 lsls r0, r1, 0x17 | r0 = r1 << 0x17;
0x0002f7a6 movs r0, r0 |
0x0002f7a8 push {r2, r3, r4, r5, r6, r7, lr} |
0x0002f7aa movs r2, r0 | r2 = r0;
0x0002f7ac lsls r0, r6, 0xd | r0 = r6 << 0xd;
0x0002f7ae movs r3, r0 | r3 = r0;
0x0002f7b0 push {r5, r7, lr} |
0x0002f7b2 movs r2, r0 | r2 = r0;
0x0002f7b4 mrc p15, 5, apsr_nzcv, c3, c15, 7 | __asm ("mrc p15, 5, apsr_nzcv, c3, c15, 7");
0x0002f7b8 ldc p15, c15, [r5], {0xff} | __asm ("ldc p15, c15, [r5], {0xff}");
0x0002f7bc bl 0xffd077be | void (*0xffd077be)(uint32_t, uint32_t, uint32_t) (r0, r2, r3);
0x0002f7c0 invalid |
| }
[*] Function printf used 4 times netd
