[*] Binary protection state of stm32flash
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of stm32flash
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/bin/stm32flash @ 0x2368 */
| #include <stdint.h>
|
; (fcn) fcn.00002368 () | void fcn_00002368 (char * arg1, int16_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00002368 push.w {r4, r5, r6, r7, r8, lr} |
0x0000236c mov r6, r1 | r6 = r1;
0x0000236e ldr.w r8, [pc, 0x84] |
0x00002372 movs r1, 0 | r1 = 0;
0x00002374 mov r7, r0 | r7 = r0;
0x00002376 blx 0x10ec | r0 = ctype_b_loc ();
0x0000237a subs r5, r0, 0 | r5 = r0 - 0;
0x0000237c add r8, pc | r8 = 0x4776;
| if (r5 < r0) {
0x0000237e blt 0x23dc | goto label_1;
| }
| do {
| label_0:
0x00002380 movs r2, 1 | r2 = 1;
0x00002382 mov r1, r6 | r1 = r6;
0x00002384 mov r0, r5 | r0 = r5;
0x00002386 blx 0x1000 | r0 = fcn_00001000 ();
0x0000238a subs r4, r0, 0 | r4 = r0 - 0;
0x0000238c ite ne |
| if (r4 == r0) {
0x0000238e movne r2, 1 | r2 = 1;
| }
| if (r4 != r0) {
0x00002390 moveq r2, 0 | r2 = 0;
| }
0x00002392 and r2, r2, 1 | r2 &= 1;
0x00002396 it ne |
| if (r4 == r0) {
0x00002398 movne r2, 0 | r2 = 0;
| }
| if (r4 < r0) {
0x0000239a blt 0x23ac | goto label_2;
| }
0x0000239c cmp r2, 0 |
0x0000239e bne 0x2380 |
| } while (r2 != 0);
0x000023a0 mov r0, r5 | r0 = r5;
0x000023a2 blx 0x11f4 | snprintf_chk ()
0x000023a6 mov r0, r4 | r0 = r4;
0x000023a8 pop.w {r4, r5, r6, r7, r8, pc} |
| label_2:
0x000023ac blx 0x114c | r0 = sprintf_chk ()
0x000023b0 ldr r3, [r0] | r3 = *(r0);
0x000023b2 cmp r3, 0xb |
0x000023b4 it ne |
| if (r3 == 0xb) {
0x000023b6 cmpne r3, 4 | __asm ("cmpne r3, 4");
| goto label_3;
| }
| if (r3 == 0xb) {
| label_3:
0x000023b8 beq 0x2380 | goto label_0;
| }
0x000023ba ldr r1, [pc, 0x3c] | r1 = *(0x23fa);
0x000023bc mov r3, r7 | r3 = r7;
0x000023be ldr r2, [pc, 0x3c] |
0x000023c0 ldr.w r1, [r8, r1] | r1 = *((r8 + r1));
0x000023c4 add r2, pc | r2 = 0x47c6;
0x000023c6 ldr r0, [r1] | r0 = *(0x23fa);
0x000023c8 movs r1, 1 | r1 = 1;
0x000023ca blx 0x11ac | sigemptyset ();
0x000023ce mov r0, r5 | r0 = r5;
0x000023d0 blx 0x11f4 | snprintf_chk ()
| do {
0x000023d4 movs r4, 0 | r4 = 0;
0x000023d6 mov r0, r4 | r0 = r4;
0x000023d8 pop.w {r4, r5, r6, r7, r8, pc} |
| label_1:
0x000023dc ldr r0, [pc, 0x18] |
0x000023de mov r3, r7 | r3 = r7;
0x000023e0 ldr r2, [pc, 0x1c] |
0x000023e2 movs r1, 1 | r1 = 1;
0x000023e4 ldr.w r0, [r8, r0] | r0 = *((r8 + r0));
0x000023e8 add r2, pc | r2 = 0x47ec;
0x000023ea ldr r0, [r0] | r0 = *(0x23f8);
0x000023ec blx 0x11ac | sigemptyset ();
0x000023f0 b 0x23d4 |
| } while (1);
| }
[*] Function printf used 4 times stm32flash
