[*] Binary protection state of mod_reqtimeout.so
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of mod_reqtimeout.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/apache2/modules/mod_reqtimeout.so @ 0x1028 */
| #include <stdint.h>
|
; (fcn) fcn.00001028 () | void fcn_00001028 (int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h_2;
| int16_t var_ch;
| char * s2;
| int16_t var_14h;
| char * var_18h;
| int16_t var_1ch;
| char * * endptr;
| int16_t var_4h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x00001028 invalid |
0x0000102c ldr r0, [pc, 0x6c] |
0x0000102e sub sp, 8 |
0x00001030 mov r4, r1 | r4 = r1;
0x00001032 mov r5, r2 | r5 = r2;
0x00001034 ldr r3, [pc, 0x68] | r3 = *(0x10a0);
0x00001036 movs r2, 0xa | r2 = 0xa;
0x00001038 add r0, pc | r0 = 0x20d8;
0x0000103a mov r1, sp | r1 = sp;
0x0000103c ldr r3, [r0, r3] |
0x0000103e mov r0, r4 | r0 = r4;
0x00001040 ldr r3, [r3] | r3 = *(0x20d8);
0x00001042 str r3, [sp, 4] | var_4h = r3;
0x00001044 mov.w r3, 0 | r3 = 0;
0x00001048 blx 0x9cc | strtol (r0, r1, r2);
0x0000104c ldr r2, [sp] | r2 = *(sp);
0x0000104e str r0, [r5] | *(r5) = r0;
0x00001050 cmp r2, r4 |
| if (r2 == r4) {
0x00001052 beq 0x108a | goto label_5;
| }
0x00001054 ldrb r3, [r2] | r3 = *(r2);
| if (r3 != 0) {
0x00001056 cbnz r3, 0x107e | goto label_6;
| }
0x00001058 cmp r0, 0 |
0x0000105a it ge |
| if (r0 < 0) {
0x0000105c movge r0, r3 | r0 = r3;
| }
0x0000105e blt 0x1078 |
| while (1) {
| label_0:
0x00001060 ldr r2, [pc, 0x40] |
0x00001062 ldr r3, [pc, 0x3c] | r3 = *(0x10a2);
0x00001064 add r2, pc | r2 = 0x210c;
0x00001066 ldr r3, [r2, r3] | r3 = *(0x210c);
0x00001068 ldr r2, [r3] | r2 = *(0x210c);
0x0000106a ldr r3, [sp, 4] | r3 = var_4h;
0x0000106c eors r2, r3 | r2 ^= r3;
0x0000106e mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00001072 bne 0x1096 | goto label_7;
| }
0x00001074 add sp, 8 |
0x00001076 pop {r4, r5, r6, pc} |
0x00001078 ldr r0, [pc, 0x2c] |
0x0000107a add r0, pc | r0 = 0x2126;
0x0000107c b 0x1060 |
| }
| label_6:
0x0000107e ldr r1, [pc, 0x2c] |
0x00001080 mov r0, r6 | r0 = r6;
0x00001082 add r1, pc | r1 = 0x2134;
0x00001084 blx 0xaa4 | loc_imp_apr_psprintf ()
0x00001088 b 0x1060 | goto label_0;
| label_5:
0x0000108a ldr r1, [pc, 0x24] |
0x0000108c mov r0, r6 | r0 = r6;
0x0000108e add r1, pc | r1 = 0x2144;
0x00001090 blx 0xaa4 | loc_imp_apr_psprintf ()
0x00001094 b 0x1060 | goto label_0;
| label_7:
0x00001096 blx 0x9e4 | stack_chk_fail ();
0x0000109a nop |
0x0000109c subs r4, r2, 4 | r4 = r2 - 4;
0x0000109e movs r0, r0 |
0x000010a0 lsls r4, r3, 2 | r4 = r3 << 2;
0x000010a2 movs r0, r0 |
0x000010a4 subs r0, r5, 3 | r0 = r5 - 3;
0x000010a6 movs r0, r0 |
0x000010a8 lsrs r6, r3, 6 | r6 = r3 >> 6;
0x000010aa movs r0, r0 |
0x000010ac lsrs r6, r1, 7 | r6 = r1 >> 7;
0x000010ae movs r0, r0 |
0x000010b0 lsrs r6, r4, 6 | r6 = r4 >> 6;
0x000010b2 movs r0, r0 |
0x000010b4 ldr r3, [pc, 0x174] |
0x000010b6 ldr r1, [pc, 0x178] | r1 = *(0x1232);
0x000010b8 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x000010bc sub sp, 0x24 |
0x000010be str r2, [sp, 0x1c] | var_1ch = r2;
0x000010c0 add r3, pc |
0x000010c2 mov r8, r0 | r8 = r0;
0x000010c4 ldr r2, [pc, 0x16c] |
0x000010c6 ldr r3, [r3, r1] | r3 = *(0x22f0);
0x000010c8 ldr r0, [r0, 0x30] | r0 = *((r0 + 0x30));
0x000010ca add r2, pc | r2 = 0x2302;
0x000010cc ldr.w fp, [pc, 0x168] |
0x000010d0 str r2, [sp, 0x10] | s2 = r2;
0x000010d2 ldr r2, [r3, 8] | r2 = *(0x22f8);
0x000010d4 ldr r3, [r0, 0x18] | r3 = *((r0 + 0x18));
0x000010d6 add fp, pc | fp = 0x2312;
0x000010d8 ldr.w sl, [r3, r2, lsl 2] | sl = *(0x22f0);
0x000010dc ldr r3, [pc, 0x15c] |
0x000010de add r3, pc | r3 = 0x231e;
0x000010e0 str r3, [sp, 0x18] | var_18h = r3;
0x000010e2 ldr r3, [pc, 0x15c] |
0x000010e4 add r3, pc | r3 = 0x232a;
0x000010e6 str r3, [sp, 0xc] | var_ch = r3;
| label_3:
0x000010e8 ldr r3, [sp, 0x1c] | r3 = var_1ch;
0x000010ea ldrb r0, [r3] | r0 = *(r3);
0x000010ec cmp r0, 0 |
| if (r0 == 0) {
0x000010ee beq 0x118c | goto label_8;
| }
0x000010f0 add r1, sp, 0x1c | r1 += var_1ch;
0x000010f2 ldr.w r0, [r8, 0x2c] | r0 = *((r8 + 0x2c));
0x000010f6 blx 0xa38 | loc_imp_ap_getword_conf ();
0x000010fa movs r1, 0x3d | r1 = 0x3d;
0x000010fc mov r6, r0 | r6 = r0;
0x000010fe blx 0xa80 | r0 = strchr (r0, r1);
0x00001102 mov r4, r0 | r4 = r0;
0x00001104 cmp r0, 0 |
| if (r0 == 0) {
0x00001106 beq.w 0x1220 | goto label_9;
| }
0x0000110a movs r3, 0 | r3 = 0;
0x0000110c mov r1, fp | r1 = fp;
0x0000110e strb r3, [r4], 1 | *(r4) = r3;
| r4++;
0x00001112 mov r0, r6 | r0 = r6;
0x00001114 ldr.w r7, [r8, 0x28] | r7 = *((r8 + 0x28));
0x00001116 strb r0, [r5] | *(r5) = r0;
0x00001118 mov r5, sl | r5 = sl;
0x0000111a blx 0x9fc | r0 = strcasecmp (r0, r1);
| if (r0 != 0) {
0x0000111e cbz r0, 0x113e |
0x00001120 ldr r1, [sp, 0x10] | r1 = s2;
0x00001122 mov r0, r6 | r0 = r6;
0x00001124 add.w r5, sl, 0x18 | r5 = sl + 0x18;
0x00001128 blx 0x9fc | r0 = strcasecmp (r0, r1);
| if (r0 == 0) {
0x0000112c cbz r0, 0x113e | goto label_10;
| }
0x0000112e ldr r1, [sp, 0x18] | r1 = var_18h;
0x00001130 mov r0, r6 | r0 = r6;
0x00001132 blx 0x9fc | r0 = strcasecmp (r0, r1);
0x00001136 cmp r0, 0 |
| if (r0 != 0) {
0x00001138 bne 0x1214 | goto label_11;
| }
0x0000113a add.w r5, sl, 0x30 | r5 = sl + 0x30;
| }
| label_10:
0x0000113e movs r3, 0 | r3 = 0;
0x00001140 ldr r1, [sp, 0xc] | r1 = var_ch;
0x00001142 mov r0, r4 | r0 = r4;
0x00001144 str r3, [r5] | *(r5) = r3;
0x00001146 str r3, [r5, 4] | *((r5 + 4)) = r3;
0x00001148 str r3, [r5, 8] | *((r5 + 8)) = r3;
0x0000114a str r3, [r5, 0xc] | *((r5 + 0xc)) = r3;
0x0000114c str r3, [r5, 0x10] | *((r5 + 0x10)) = r3;
0x0000114e str r3, [r5, 0x14] | *((r5 + 0x14)) = r3;
0x00001150 blx 0x9f0 | r0 = loc_imp_ap_strcasestr ();
0x00001154 mov sb, r0 | sb = r0;
0x00001156 cmp r0, 0 |
| if (r0 == 0) {
0x00001158 beq 0x11f6 | goto label_12;
| }
0x0000115a subs r2, r0, r4 | r2 = r0 - r4;
0x0000115c mov r1, r4 | r1 = r4;
0x0000115e mov r0, r7 | r0 = r7;
0x00001160 blx 0xb04 | loc_imp_apr_pstrndup ();
0x00001164 add.w r1, sb, 9 | r1 = sb + 9;
0x00001168 add.w r2, r5, 8 | r2 = r5 + 8;
0x0000116c mov sb, r0 | sb = r0;
0x0000116e mov r0, r7 | r0 = r7;
0x00001170 bl 0x1028 | r0 = fcn_00001028 (r0, r1, r2);
0x00001174 mov r3, r0 | r3 = r0;
0x00001176 cbz r0, 0x1192 |
| while (r0 != 0) {
| label_1:
0x00001178 mov r7, r3 | r7 = r3;
| label_2:
0x0000117a ldr r1, [pc, 0xc8] |
0x0000117c mov r3, r4 | r3 = r4;
0x0000117e ldr.w r0, [r8, 0x2c] | r0 = *((r8 + 0x2c));
0x00001182 mov r2, r6 | r2 = r6;
0x00001184 str r7, [sp] | *(sp) = r7;
0x00001186 add r1, pc | r1 = 0x23d0;
0x00001188 blx 0xaa4 | loc_imp_apr_psprintf ()
| label_8:
0x0000118c add sp, 0x24 |
0x0000118e pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x00001192 ldr r2, [r5, 8] | r2 = *((r5 + 8));
0x00001194 str r0, [sp, 0x14] | var_14h = r0;
0x00001196 cmp r2, 0 |
| if (r2 == 0) {
0x00001198 beq 0x121a | goto label_13;
| }
0x0000119a movs r1, 0x2d | r1 = 0x2d;
0x0000119c mov r0, sb | r0 = sb;
0x0000119e blx 0xa80 | strchr (r0, r1);
0x000011a2 ldr r3, [sp, 0x14] | r3 = var_14h;
0x000011a4 mov r1, r0 | r1 = r0;
| if (r0 == 0) {
0x000011a6 cbz r0, 0x11ba | goto label_14;
| }
0x000011a8 strb r3, [r1], 1 | *(r1) = r3;
| r1++;
0x000011ac adds r2, r5, 4 | r2 = r5 + 4;
0x000011ae mov r0, r7 | r0 = r7;
0x000011b0 bl 0x1028 | r0 = fcn_00001028 (r0, r1, r2);
0x000011b4 mov r3, r0 | r3 = r0;
0x000011b6 cmp r0, 0 |
0x000011b8 bne 0x1178 |
| }
| label_14:
0x000011ba mov r1, sb | r1 = sb;
0x000011bc mov r0, r7 | r0 = r7;
0x000011be mov r2, r5 | r2 = r5;
0x000011c0 bl 0x1028 | r0 = fcn_00001028 (r0, r1, r2);
0x000011c4 mov r3, r0 | r3 = r0;
| label_4:
0x000011c6 cmp r3, 0 |
| if (r3 != 0) {
0x000011c8 bne 0x1178 | goto label_1;
| }
0x000011ca ldr r3, [r5, 4] | r3 = *((r5 + 4));
| if (r3 != 0) {
0x000011cc cbz r3, 0x11da |
0x000011ce ldr r2, [r5] | r2 = *(r5);
0x000011d0 cmp r3, r2 |
| if (r3 > r2) {
0x000011d2 bgt 0x11da | goto label_15;
| }
0x000011d4 ldr r7, [pc, 0x70] |
0x000011d6 add r7, pc | r7 = 0x2422;
0x000011d8 b 0x117a | goto label_2;
| }
| label_15:
0x000011da ldr r2, [r5, 8] | r2 = *((r5 + 8));
0x000011dc cmp r2, 0 |
| if (r2 == 0) {
0x000011de beq 0x10e8 | goto label_3;
| }
0x000011e0 movw r0, 0x4240 |
0x000011e4 asrs r3, r2, 0x1f | r3 = r2 >> 0x1f;
0x000011e6 movt r0, 0xf | r0 = 0xf4240;
0x000011ea movs r1, 0 | r1 = 0;
0x000011ec bl 0x17b4 | fcn_000017b4 (r0, r1, r2, r3);
0x000011f0 strd r0, r1, [r5, 0x10] | __asm ("strd r0, r1, [r5, 0x10]");
0x000011f4 b 0x10e8 | goto label_3;
| label_12:
0x000011f6 movs r1, 0x2d | r1 = 0x2d;
0x000011f8 mov r0, r4 | r0 = r4;
0x000011fa blx 0xa80 | r0 = strchr (r0, r1);
| if (r0 != 0) {
0x000011fe cbz r0, 0x1206 |
0x00001200 ldr r7, [pc, 0x48] |
0x00001202 add r7, pc | r7 = 0x2452;
0x00001204 b 0x117a | goto label_2;
| }
0x00001206 mov r0, r7 | r0 = r7;
0x00001208 mov r2, r5 | r2 = r5;
0x0000120a mov r1, r4 | r1 = r4;
0x0000120c bl 0x1028 | r0 = fcn_00001028 (r0, r1, r2);
0x00001210 mov r3, r0 | r3 = r0;
0x00001212 b 0x11c6 | goto label_4;
| label_11:
0x00001214 ldr r7, [pc, 0x38] |
0x00001216 add r7, pc | r7 = 0x246a;
0x00001218 b 0x117a | goto label_2;
| label_13:
0x0000121a ldr r7, [pc, 0x38] |
0x0000121c add r7, pc | r7 = 0x2476;
0x0000121e b 0x117a | goto label_2;
| label_9:
0x00001220 ldr r0, [pc, 0x34] |
0x00001222 add r0, pc | r0 = 0x247e;
0x00001224 add sp, 0x24 |
0x00001226 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
[*] Function sprintf used 4 times mod_reqtimeout.so