[*] Binary protection state of libschedcore.so
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of libschedcore.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libschedcore.so @ 0x23fc */
| #include <stdint.h>
|
; (fcn) sym.schedule_deserialize () | void schedule_deserialize (int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h;
| int16_t var_8h;
| int16_t var_ch_2;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x000023fc mvnsmi lr, 0xb4000 | __asm ("mvnsmi lr, 0xb4000");
0x00002400 mov r8, r2 | r8 = r2;
0x00002402 ldr r2, [pc, 0xc4] |
0x00002404 sub sp, 0x14 |
0x00002406 mov r4, r1 | r4 = r1;
0x00002408 movs r6, 0 | r6 = 0;
0x0000240a ldr r3, [pc, 0xc0] | r3 = *(0x24ce);
0x0000240c add.w sb, sp, 8 | sb += var_8h;
0x00002410 add r2, pc | r2 = 0x48de;
0x00002412 mov r7, r0 | r7 = r0;
0x00002414 ldr r3, [r2, r3] |
0x00002416 ldr r3, [r3] | r3 = *(0x48de);
0x00002418 str r3, [sp, 0xc] | var_ch_2 = r3;
0x0000241a mov.w r3, 0 | r3 = 0;
0x0000241e str r6, [sp, 8] | var_8h = r6;
0x00002420 blx 0x176c | fcn_0000176c ();
0x00002424 mov r1, r4 | r1 = r4;
0x00002426 mov r3, sb | r3 = sb;
0x00002428 mov r2, r6 | r2 = r6;
0x0000242a mov r5, r0 | r5 = r0;
0x0000242c blx 0x1920 | r0 = fcn_00001920 ();
0x00002430 cmp r0, 0 |
| if (r0 == 0) {
0x00002432 beq 0x24b8 | goto label_1;
| }
0x00002434 ldr r4, [pc, 0x98] |
0x00002436 mov r3, r6 | r3 = r6;
0x00002438 ldr r2, [pc, 0x98] |
0x0000243a mov r0, r5 | r0 = r5;
0x0000243c add r4, pc | r4 = 0x4910;
0x0000243e mov r1, r4 | r1 = r4;
0x00002440 add r2, pc | r2 = 0x4918;
0x00002442 blx 0x173c | fcn_0000173c ();
0x00002446 ldr r2, [pc, 0x90] |
0x00002448 mov r1, r4 | r1 = r4;
0x0000244a mov r6, r0 | r6 = r0;
0x0000244c mov r3, sb | r3 = sb;
0x0000244e mov r0, r5 | r0 = r5;
0x00002450 add r2, pc | r2 = 0x492e;
0x00002452 blx 0x173c | r0 = fcn_0000173c ();
0x00002456 mov r4, r0 | r4 = r0;
| if (r0 == 0) {
0x00002458 cbz r0, 0x24c4 | goto label_2;
| }
0x0000245a mov r0, r7 | r0 = r7;
0x0000245c mov r3, sb | r3 = sb;
0x0000245e mov r2, r4 | r2 = r4;
0x00002460 mov r1, r6 | r1 = r6;
0x00002462 blx 0x179c | r0 = fcn_0000179c ();
0x00002466 mov r7, r0 | r7 = r0;
| do {
| label_0:
0x00002468 ldr r3, [sp, 8] | r3 = var_8h;
| if (r3 != 0) {
0x0000246a cbz r3, 0x248a |
0x0000246c blx 0x1784 | fcn_00001784 ();
0x00002470 ldr r3, [sp, 8] | r3 = var_8h;
0x00002472 mov r1, r0 | r1 = r0;
0x00002474 movs r2, 1 | r2 = 1;
0x00002476 mov r0, r8 | r0 = r8;
0x00002478 ldr r3, [r3, 8] | r3 = *((r3 + 8));
0x0000247a str r3, [sp] | *(sp) = r3;
0x0000247c ldr r3, [pc, 0x5c] |
0x0000247e add r3, pc | r3 = 0x495e;
0x00002480 blx 0x18ac | g_date_get_year ();
0x00002484 ldr r0, [sp, 8] | r0 = var_8h;
0x00002486 blx 0x19fc | g_sprintf ()
| }
0x0000248a mov r0, r5 | r0 = r5;
0x0000248c blx 0x19e4 | g_error_free ();
0x00002490 mov r0, r6 | r0 = r6;
0x00002492 blx 0x16f4 | fcn_000016f4 ();
0x00002496 mov r0, r4 | r0 = r4;
0x00002498 blx 0x16f4 | fcn_000016f4 ();
0x0000249c ldr r2, [pc, 0x40] |
0x0000249e ldr r3, [pc, 0x2c] | r3 = *(0x24ce);
0x000024a0 add r2, pc | r2 = 0x4984;
0x000024a2 ldr r3, [r2, r3] | r3 = *(0x4984);
0x000024a4 ldr r2, [r3] | r2 = *(0x4984);
0x000024a6 ldr r3, [sp, 0xc] | r3 = var_ch_2;
0x000024a8 eors r2, r3 | r2 ^= r3;
0x000024aa mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x000024ae bne 0x24c0 | goto label_3;
| }
0x000024b0 mov r0, r7 | r0 = r7;
0x000024b2 add sp, 0x14 |
0x000024b4 pop.w {r4, r5, r6, r7, r8, sb, pc} |
| label_1:
0x000024b8 mov r4, r0 | r4 = r0;
0x000024ba mov r6, r0 | r6 = r0;
0x000024bc mov r7, r0 | r7 = r0;
0x000024be b 0x2468 |
| } while (1);
| label_3:
0x000024c0 blx 0x192c | r0 = fcn_0000192c ();
| label_2:
0x000024c4 mov r7, r0 | r7 = r0;
0x000024c6 b 0x2468 | goto label_0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libschedcore.so @ 0x22fc */
| #include <stdint.h>
|
; (fcn) sym.schedule_serialize () | void schedule_serialize (int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h_2;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_14h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x000022fc push.w {r4, r5, r6, r7, r8, lr} |
0x00002300 mov r8, r1 | r8 = r1;
0x00002302 ldr r1, [pc, 0xd4] |
0x00002304 mov r7, r2 | r7 = r2;
0x00002306 sub sp, 0x18 |
0x00002308 movs r3, 0 | r3 = 0;
0x0000230a ldr r2, [pc, 0xd0] | r2 = *(0x23de);
0x0000230c mov r5, r0 | r5 = r0;
0x0000230e add r1, pc | r1 = 0x46ec;
0x00002310 ldr r2, [r1, r2] |
0x00002312 ldr r2, [r2] | r2 = *(0x46ec);
0x00002314 str r2, [sp, 0x14] | var_14h = r2;
0x00002316 mov.w r2, 0 | r2 = 0;
0x0000231a str r3, [sp, 0xc] | var_ch = r3;
0x0000231c blx 0x176c | fcn_0000176c ();
0x00002320 ldr r3, [r5, 0x10] | r3 = *((r5 + 0x10));
0x00002322 mov r4, r0 | r4 = r0;
| if (r3 != 0) {
0x00002324 cbz r3, 0x2332 |
0x00002326 ldr r2, [pc, 0xb8] |
0x00002328 ldr r1, [pc, 0xb8] |
0x0000232a add r2, pc | r2 = 0x4710;
0x0000232c add r1, pc | r1 = 0x4714;
0x0000232e blx 0x1790 | fcn_00001790 ();
| }
0x00002332 ldr r2, [pc, 0xb4] |
0x00002334 mov r0, r4 | r0 = r4;
0x00002336 ldr r1, [pc, 0xb4] |
0x00002338 add r6, sp, 0xc | r6 += var_ch;
0x0000233a ldr r3, [r5, 0x14] | r3 = *((r5 + 0x14));
0x0000233c add r2, pc | r2 = 0x472a;
0x0000233e add r1, pc | r1 = 0x4730;
0x00002340 blx 0x1790 | fcn_00001790 ();
0x00002344 mov r2, r6 | r2 = r6;
0x00002346 add r1, sp, 0x10 | r1 += var_10h;
0x00002348 mov r0, r4 | r0 = r4;
0x0000234a blx 0x1870 | r0 = g_date_valid_dmy ();
0x0000234e mov r5, r0 | r5 = r0;
| if (r0 == 0) {
0x00002350 cbz r0, 0x23ae | goto label_0;
| }
0x00002352 mov r3, r6 | r3 = r6;
0x00002354 ldr r2, [sp, 0x10] | r2 = var_10h;
0x00002356 mov r0, r8 | r0 = r8;
0x00002358 mov r1, r5 | r1 = r5;
0x0000235a blx 0x19c0 | g_list_first ();
0x0000235e ldr r3, [sp, 0xc] | r3 = var_ch;
0x00002360 mov r6, r0 | r6 = r0;
| if (r0 != 0) {
0x00002362 cbz r0, 0x2366 |
0x00002364 movs r6, 1 | r6 = 1;
| }
| if (r3 != 0) {
0x00002366 cbz r3, 0x2386 |
0x00002368 blx 0x1784 | fcn_00001784 ();
0x0000236c ldr r3, [sp, 0xc] | r3 = var_ch;
0x0000236e mov r1, r0 | r1 = r0;
0x00002370 movs r2, 1 | r2 = 1;
0x00002372 mov r0, r7 | r0 = r7;
0x00002374 ldr r3, [r3, 8] | r3 = *((r3 + 8));
0x00002376 str r3, [sp] | *(sp) = r3;
0x00002378 ldr r3, [pc, 0x74] |
0x0000237a add r3, pc | r3 = 0x476e;
0x0000237c blx 0x18ac | g_date_get_year ();
0x00002380 ldr r0, [sp, 0xc] | r0 = var_ch;
0x00002382 blx 0x19fc | g_sprintf ()
| }
0x00002386 mov r0, r5 | r0 = r5;
0x00002388 blx 0x16f4 | fcn_000016f4 ();
| do {
0x0000238c mov r0, r4 | r0 = r4;
0x0000238e blx 0x19e4 | g_error_free ();
0x00002392 ldr r2, [pc, 0x60] |
0x00002394 ldr r3, [pc, 0x44] | r3 = *(0x23dc);
0x00002396 add r2, pc | r2 = 0x4790;
0x00002398 ldr r3, [r2, r3] | r3 = *(0x4790);
0x0000239a ldr r2, [r3] | r2 = *(0x4790);
0x0000239c ldr r3, [sp, 0x14] | r3 = var_14h;
0x0000239e eors r2, r3 | r2 ^= r3;
0x000023a0 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x000023a4 bne 0x23d4 | goto label_1;
| }
0x000023a6 mov r0, r6 | r0 = r6;
0x000023a8 add sp, 0x18 |
0x000023aa pop.w {r4, r5, r6, r7, r8, pc} |
| label_0:
0x000023ae ldr r3, [sp, 0xc] | r3 = var_ch;
| if (r3 != 0) {
0x000023b0 cbz r3, 0x23d0 |
0x000023b2 blx 0x1784 | fcn_00001784 ();
0x000023b6 ldr r2, [sp, 0xc] | r2 = var_ch;
0x000023b8 mov r1, r0 | r1 = r0;
0x000023ba ldr r3, [pc, 0x3c] |
0x000023bc mov r0, r7 | r0 = r7;
0x000023be ldr r2, [r2, 8] | r2 = *((r2 + 8));
0x000023c0 add r3, pc | r3 = 0x47be;
0x000023c2 str r2, [sp] | *(sp) = r2;
0x000023c4 movs r2, 1 | r2 = 1;
0x000023c6 blx 0x18ac | g_date_get_year ();
0x000023ca ldr r0, [sp, 0xc] | r0 = var_ch;
0x000023cc blx 0x19fc | g_sprintf ()
| }
0x000023d0 movs r6, 0 | r6 = 0;
0x000023d2 b 0x238c |
| } while (1);
| label_1:
0x000023d4 blx 0x192c | fcn_0000192c ();
0x000023d8 cmp r3, 0x9a |
0x000023da movs r0, r0 |
0x000023dc lsls r0, r1, 5 | r0 = r1 << 5;
0x000023de movs r0, r0 |
0x000023e0 lsrs r2, r5, 0x11 | r2 = r5 >> 0x11;
0x000023e2 movs r0, r0 |
0x000023e4 lsrs r0, r6, 0x11 | r0 = r6 >> 0x11;
0x000023e6 movs r0, r0 |
0x000023e8 lsrs r0, r6, 0x11 | r0 = r6 >> 0x11;
0x000023ea movs r0, r0 |
0x000023ec lsrs r6, r3, 0x11 | r6 = r3 >> 0x11;
0x000023ee movs r0, r0 |
0x000023f0 lsrs r2, r7, 0x10 | r2 = r7 >> 0x10;
0x000023f2 movs r0, r0 |
0x000023f4 cmp r3, 0x12 |
0x000023f6 movs r0, r0 |
0x000023f8 lsrs r4, r6, 0xf | r4 = r6 >> 0xf;
0x000023fa movs r0, r0 |
| }
[*] Function sprintf used 4 times libschedcore.so
