[*] Binary protection state of libnsl.so.1
Full RELRO No Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of libnsl.so.1
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libnsl.so.1 @ 0xa064 */
| #include <stdint.h>
|
; (fcn) fcn.0000a064 () | void fcn_0000a064 (int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_12h;
| int16_t var_14h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x0000a064 mvnsmi lr, 0xb4000 | __asm ("mvnsmi lr, 0xb4000");
0x0000a068 movs r3, 0x10 | r3 = 0x10;
0x0000a06a sub sp, 0x24 |
0x0000a06c mov r8, r1 | r8 = r1;
0x0000a06e mov sb, r0 | sb = r0;
0x0000a070 movs r1, 0x34 | r1 = 0x34;
0x0000a072 movs r0, 1 | r0 = 1;
0x0000a074 mov r7, r2 | r7 = r2;
0x0000a076 str r3, [sp, 0xc] | var_ch = r3;
0x0000a078 blx 0x2ab8 | r0 = fcn_00002ab8 ();
0x0000a07c cmp r0, 0 |
| if (r0 == 0) {
0x0000a07e beq.w 0xa19e | goto label_4;
| }
0x0000a082 add.w r3, r0, 0x1c | r3 = r0 + 0x1c;
0x0000a086 mov r4, r0 | r4 = r0;
0x0000a088 str r3, [r0] | *(r0) = r3;
0x0000a08a bl 0x4e68 | nis_local_principal ();
0x0000a08e ldr r5, [r4] | r5 = *(r4);
0x0000a090 blx 0x2c38 | fcn_00002c38 ();
0x0000a094 str r0, [r5] | *(r5) = r0;
0x0000a096 cmp r0, 0 |
| if (r0 == 0) {
0x0000a098 beq 0xa182 | goto label_5;
| }
0x0000a09a movs r1, 0xc | r1 = 0xc;
0x0000a09c movs r0, 2 | r0 = 2;
0x0000a09e blx 0x2ab8 | r0 = fcn_00002ab8 ();
0x0000a0a2 mov r6, r0 | r6 = r0;
0x0000a0a4 str r0, [r5, 8] | *((r5 + 8)) = r0;
0x0000a0a6 cmp r0, 0 |
| if (r0 == 0) {
0x0000a0a8 beq 0xa182 | goto label_5;
| }
0x0000a0aa ldr r0, [pc, 0x190] |
0x0000a0ac movs r3, 1 | r3 = 1;
0x0000a0ae str r3, [r5, 4] | *((r5 + 4)) = r3;
0x0000a0b0 add r0, pc | r0 = 0x142f2;
0x0000a0b2 blx 0x2c38 | fcn_00002c38 ();
0x0000a0b6 str r0, [r6, 4] | *((r6 + 4)) = r0;
0x0000a0b8 cmp r0, 0 |
| if (r0 == 0) {
0x0000a0ba beq 0xa182 | goto label_5;
| }
0x0000a0bc strd sb, r8, [r4, 0x14] | __asm ("strd sb, r8, [r4, 0x14]");
0x0000a0c0 ands r8, r7, 0x20000 | r8 = r7 & 0x20000;
| if (r8 == r7) {
0x0000a0c4 beq 0xa176 | goto label_6;
| }
| label_0:
0x0000a0c6 vmov.i32 d16, 0 | __asm ("vmov.i32 d16, 0");
0x0000a0ca movs r3, 0 | r3 = 0;
0x0000a0cc str r3, [r5, 0x14] | *((r5 + 0x14)) = r3;
0x0000a0ce adds r5, 0xc | r5 += 0xc;
0x0000a0d0 vst1.32 {d16}, [r5] | __asm ("vst1.32 {d16}, [r5]");
| label_2:
0x0000a0d4 lsls r3, r7, 0xf | r3 = r7 << 0xf;
| if (r3 < r7) {
0x0000a0d6 bmi 0xa15a | goto label_7;
| }
0x0000a0d8 ldr r0, [pc, 0x164] |
0x0000a0da add r0, pc | r0 = 0x1431e;
0x0000a0dc blx 0x2c38 | fcn_00002c38 ();
0x0000a0e0 str r0, [r6, 8] | *((r6 + 8)) = r0;
0x0000a0e2 cmp r0, 0 |
| if (r0 == 0) {
0x0000a0e4 beq 0xa182 | goto label_5;
| }
0x0000a0e6 mov.w r2, 0x2000 | r2 = 0x2000;
0x0000a0ea movs r1, 0x64 | r1 = 0x64;
0x0000a0ec mov.w r0, -1 | r0 = -1;
0x0000a0f0 blx 0x2cec | fcn_00002cec ();
| do {
0x0000a0f4 str r0, [r4, 4] | *((r4 + 4)) = r0;
0x0000a0f6 cmp r0, 0 |
| if (r0 == 0) {
0x0000a0f8 beq 0xa1c2 | goto label_8;
| }
0x0000a0fa ldr r1, [r0] | r1 = *(r0);
0x0000a0fc movs r2, 0 | r2 = 0;
0x0000a0fe ldr r3, [pc, 0x144] |
0x0000a100 str r1, [r4, 8] | *((r4 + 8)) = r1;
0x0000a102 movw r1, 0x87ce |
0x0000a106 str r2, [sp] | *(sp) = r2;
0x0000a108 add r3, pc | r3 = 0x14352;
0x0000a10a movs r2, 1 | r2 = 1;
0x0000a10c movt r1, 1 | r1 = 0x187ce;
0x0000a110 blx 0x2f10 | r0 = stpcpy ();
0x0000a114 cmp r0, 0 |
| if (r0 == 0) {
0x0000a116 beq 0xa1d4 | goto label_9;
| }
0x0000a118 add r5, sp, 0x10 | r5 += var_10h;
0x0000a11a ldr r0, [r4, 8] | r0 = *((r4 + 8));
0x0000a11c add r2, sp, 0xc | r2 += var_ch;
0x0000a11e mov r1, r5 | r1 = r5;
0x0000a120 blx 0x2ed4 | rpc_thread_svc_max_pollfd ();
0x0000a124 adds r0, 1 | r0++;
| if (r0 == 1) {
0x0000a126 beq 0xa210 | goto label_10;
| }
0x0000a128 mov r0, r5 | r0 = r5;
0x0000a12a ldrh.w r5, [sp, 0x12] | r5 = var_12h;
0x0000a12e blx 0x2f74 | fcn_00002f74 ();
0x0000a132 ldr r3, [r4] | r3 = *(r4);
0x0000a134 ldr r0, [sp, 0x14] | r0 = var_14h;
0x0000a136 ldr r6, [r3, 8] | r6 = *((r3 + 8));
0x0000a138 blx 0x2c00 | fcn_00002c00 ();
0x0000a13c lsrs r1, r5, 8 | r1 = r5 >> 8;
0x0000a13e mov r2, r0 | r2 = r0;
0x0000a140 uxtb r3, r5 | r3 = (int8_t) r5;
0x0000a142 mov r0, r6 | r0 = r6;
0x0000a144 str r1, [sp] | *(sp) = r1;
0x0000a146 ldr r1, [pc, 0x100] |
0x0000a148 add r1, pc | r1 = 0x14396;
0x0000a14a blx 0x2e44 | r0 = clnt_create ();
0x0000a14e cmp r0, 0 |
| if (r0 < 0) {
0x0000a150 blt 0xa182 | goto label_5;
| }
| label_1:
0x0000a152 mov r0, r4 | r0 = r4;
0x0000a154 add sp, 0x24 |
0x0000a156 pop.w {r4, r5, r6, r7, r8, sb, pc} |
| label_7:
0x0000a15a ldr r0, [pc, 0xf0] |
0x0000a15c add r0, pc | r0 = 0x143ae;
0x0000a15e blx 0x2c38 | fcn_00002c38 ();
0x0000a162 str r0, [r6, 8] | *((r6 + 8)) = r0;
| if (r0 == 0) {
0x0000a164 cbz r0, 0xa182 | goto label_5;
| }
0x0000a166 mov.w r2, 0x2000 | r2 = 0x2000;
0x0000a16a movs r1, 0x64 | r1 = 0x64;
0x0000a16c mov.w r0, -1 | r0 = -1;
0x0000a170 blx 0x2b60 | fcn_00002b60 ();
0x0000a174 b 0xa0f4 |
| } while (1);
| label_6:
0x0000a176 blx 0x2bdc | r0 = fcn_00002bdc ();
| if (r0 != 0) {
0x0000a17a cbnz r0, 0xa1ac | goto label_11;
| }
0x0000a17c ldr r5, [r4] | r5 = *(r4);
0x0000a17e ldr r6, [r5, 8] | r6 = *((r5 + 8));
0x0000a180 b 0xa0c6 | goto label_0;
| label_5:
0x0000a182 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0000a184 cmp r0, 0 |
| if (r0 == 0) {
0x0000a186 beq 0xa1fe | goto label_12;
| }
0x0000a188 ldr r3, [r0, 8] | r3 = *((r0 + 8));
0x0000a18a ldr r3, [r3, 0x14] | r3 = *((r3 + 0x14));
0x0000a18c blx r3 | uint32_t (*r3)(uint32_t) (r3);
0x0000a18e ldr r0, [pc, 0xc0] |
0x0000a190 ldr r1, [r4] | r1 = *(r4);
0x0000a192 add r0, pc | r0 = 0x143e8;
0x0000a194 blx 0x2dd8 | xdr_u_char ();
0x0000a198 mov r0, r4 | r0 = r4;
0x0000a19a blx 0x2b8c | poll ();
| label_4:
0x0000a19e ldr r1, [pc, 0xb4] |
0x0000a1a0 movs r0, 3 | r0 = 3;
0x0000a1a2 add r1, pc | r1 = 0x143fc;
0x0000a1a4 blx 0x2ec8 | svc_register ();
| do {
| label_3:
0x0000a1a8 movs r4, 0 | r4 = 0;
0x0000a1aa b 0xa152 | goto label_1;
| label_11:
0x0000a1ac ldr r3, [r4] | r3 = *(r4);
0x0000a1ae vmov.i32 d16, 0 | __asm ("vmov.i32 d16, 0");
0x0000a1b2 add.w r2, r3, 0xc | r2 = r3 + 0xc;
0x0000a1b6 ldr r6, [r3, 8] | r6 = *((r3 + 8));
0x0000a1b8 str.w r8, [r3, 0x14] | __asm ("str.w r8, [r3, 0x14]");
0x0000a1bc vst1.32 {d16}, [r2] | __asm ("vst1.32 {d16}, [r2]");
0x0000a1c0 b 0xa0d4 | goto label_2;
| label_8:
0x0000a1c2 ldr r0, [pc, 0x94] |
0x0000a1c4 ldr r1, [r4] | r1 = *(r4);
0x0000a1c6 add r0, pc | r0 = 0x14424;
0x0000a1c8 blx 0x2dd8 | xdr_u_char ();
0x0000a1cc mov r0, r4 | r0 = r4;
0x0000a1ce blx 0x2b8c | poll ();
0x0000a1d2 b 0xa1a8 |
| } while (1);
| label_9:
0x0000a1d4 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0000a1d6 blx 0x2cac | strcpy (r0, r1)
0x0000a1da ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0000a1dc ldr r3, [r0, 8] | r3 = *((r0 + 8));
0x0000a1de ldr r3, [r3, 0x14] | r3 = *((r3 + 0x14));
0x0000a1e0 blx r3 | uint32_t (*r3)(uint32_t, uint32_t) (r0, r3);
0x0000a1e2 ldr r0, [pc, 0x78] |
0x0000a1e4 ldr r1, [r4] | r1 = *(r4);
0x0000a1e6 add r0, pc | r0 = 0x14448;
0x0000a1e8 blx 0x2dd8 | xdr_u_char ();
0x0000a1ec mov r0, r4 | r0 = r4;
0x0000a1ee blx 0x2b8c | poll ();
0x0000a1f2 ldr r1, [pc, 0x6c] |
0x0000a1f4 movs r0, 3 | r0 = 3;
0x0000a1f6 add r1, pc | r1 = 0x1445c;
0x0000a1f8 blx 0x2ec8 | svc_register ();
0x0000a1fc b 0xa1a8 | goto label_3;
| label_12:
0x0000a1fe ldr r0, [pc, 0x64] |
0x0000a200 ldr r1, [r4] | r1 = *(r4);
0x0000a202 add r0, pc | r0 = 0x1446c;
0x0000a204 blx 0x2dd8 | xdr_u_char ();
0x0000a208 mov r0, r4 | r0 = r4;
0x0000a20a blx 0x2b8c | poll ();
0x0000a20e b 0xa19e | goto label_4;
| label_10:
0x0000a210 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0000a212 blx 0x2cac | strcpy (r0, r1)
0x0000a216 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0000a218 ldr r3, [r0, 8] | r3 = *((r0 + 8));
0x0000a21a ldr r3, [r3, 0x14] | r3 = *((r3 + 0x14));
0x0000a21c blx r3 | uint32_t (*r3)(uint32_t, uint32_t) (r0, r3);
0x0000a21e ldr r0, [pc, 0x48] |
0x0000a220 ldr r1, [r4] | r1 = *(r4);
0x0000a222 add r0, pc | r0 = 0x14490;
0x0000a224 blx 0x2dd8 | xdr_u_char ();
0x0000a228 mov r0, r4 | r0 = r4;
0x0000a22a blx 0x2b8c | poll ();
0x0000a22e ldr r1, [pc, 0x3c] |
0x0000a230 movs r0, 3 | r0 = 3;
0x0000a232 add r1, pc | r1 = 0x144a4;
0x0000a234 blx 0x2ec8 | svc_register ();
0x0000a238 b 0xa1a8 | goto label_3;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libnsl.so.1 @ 0xa270 */
| #include <stdint.h>
|
; (fcn) fcn.0000a270 () | void fcn_0000a270 (char * dest) {
| r0 = dest;
0x0000a270 push {r4, lr} |
0x0000a272 mov r4, r0 | r4 = r0;
0x0000a274 ldr r0, [r0, 4] | r0 = *((r0 + 4));
0x0000a276 blx 0x2cac | strcpy (r0, r1)
0x0000a27a ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0000a27c ldr r3, [r0, 8] | r3 = *((r0 + 8));
0x0000a27e ldr r3, [r3, 0x14] | r3 = *((r3 + 0x14));
0x0000a280 blx r3 | uint32_t (*r3)(uint32_t, uint32_t) (r0, r3);
0x0000a282 ldr r0, [r4, 8] | r0 = *((r4 + 8));
0x0000a284 blx 0x2fb8 | fcn_00002fb8 ();
0x0000a288 ldr r0, [pc, 0x10] |
0x0000a28a ldr r1, [r4] | r1 = *(r4);
0x0000a28c add r0, pc | r0 = 0x1452c;
0x0000a28e blx 0x2dd8 | xdr_u_char ();
0x0000a292 mov r0, r4 | r0 = r4;
0x0000a294 blx 0x2b8c | poll ();
0x0000a298 movs r0, 0 | r0 = 0;
0x0000a29a pop {r4, pc} |
| }
[*] Function strcpy used 4 times libnsl.so.1
