[*] Binary protection state of chacl
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of chacl
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/bin/chacl @ 0x12f4 */
| #include <stdint.h>
|
; (fcn) fcn.000012f4 () | void fcn_000012f4 (int16_t arg1, int16_t arg2, int16_t arg3) {
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_ch;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
0x000012f4 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x000012f8 mov r7, r0 | r7 = r0;
0x000012fa ldr.w r8, [pc, 0x1ac] | r8 = *(0x000014a8);
0x000012fe sub sp, 0x14 |
0x00001300 mov r6, r1 | r6 = r1;
0x00001302 mov r5, r2 | r5 = r2;
0x00001304 ldr.w sb, [pc, 0x1a4] | sb = *(0x000014ac);
0x00001308 add r8, pc | r8 += pc;
0x0000130a ldr.w r3, [r8, 4] | r3 = *((r8 + 4));
0x0000130e add sb, pc | sb += pc;
| if (r3 == 0) {
0x00001310 cbnz r3, 0x1342 |
| label_4:
0x00001312 mov.w r8, 0 | r8 = 0;
| if (r7 != 0) {
| label_2:
0x00001316 cbz r7, 0x1328 |
0x00001318 mov r2, r7 | r2 = r7;
0x0000131a mov.w r1, 0x8000 | r1 = 0x8000;
0x0000131e mov r0, r5 | r0 = r5;
0x00001320 blx 0x9c4 | acl_set_file ();
0x00001324 adds r0, 1 | r0++;
| if (r0 == 1) {
0x00001326 beq 0x1414 | goto label_5;
| }
| }
| if (r6 != 0) {
| label_3:
0x00001328 cbz r6, 0x133a |
0x0000132a mov r2, r6 | r2 = r6;
0x0000132c mov.w r1, 0x4000 | r1 = 0x4000;
0x00001330 mov r0, r5 | r0 = r5;
0x00001332 blx 0x9c4 | acl_set_file ();
0x00001336 adds r0, 1 | r0++;
| if (r0 == 1) {
0x00001338 beq 0x13dc | goto label_6;
| }
| }
0x0000133a mov r0, r8 | r0 = r8;
0x0000133c add sp, 0x14 |
0x0000133e pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x00001342 mov r0, r2 | r0 = r2;
0x00001344 blx 0x9b8 | r0 = opendir ();
0x00001348 mov r4, r0 | r4 = r0;
0x0000134a cmp r0, 0 |
| if (r0 == 0) {
0x0000134c beq.w 0x1474 | goto label_7;
| }
0x00001350 ldr r3, [pc, 0x15c] |
0x00001352 mov.w r8, 0 | r8 = 0;
0x00001356 add r3, pc | r3 = 0x280a;
0x00001358 str r3, [sp, 0xc] | var_ch = r3;
| do {
| label_0:
0x0000135a mov r0, r4 | r0 = r4;
0x0000135c blx 0xa90 | r0 = readdir64 ();
0x00001360 cmp r0, 0 |
| if (r0 == 0) {
0x00001362 beq 0x13d4 | goto label_8;
| }
| label_1:
0x00001364 ldrb r2, [r0, 0x13] | r2 = *((r0 + 0x13));
0x00001366 add.w sl, r0, 0x13 | sl = r0 + 0x13;
0x0000136a cmp r2, 0x2e |
| if (r2 != 0x2e) {
0x0000136c bne 0x1376 | goto label_9;
| }
0x0000136e ldrb.w r2, [sl, 1] | r2 = *((sl + 1));
0x00001372 cmp r2, 0 |
0x00001374 beq 0x135a |
| } while (r2 == 0);
| label_9:
0x00001376 ldrb r2, [r0, 0x13] | r2 = *((r0 + 0x13));
0x00001378 cmp r2, 0x2e |
| if (r2 != 0x2e) {
0x0000137a bne 0x138c | goto label_10;
| }
0x0000137c ldrb.w r2, [sl, 1] | r2 = *((sl + 1));
0x00001380 cmp r2, 0x2e |
| if (r2 != 0x2e) {
0x00001382 bne 0x138c | goto label_10;
| }
0x00001384 ldrb.w r2, [sl, 2] | r2 = *((sl + 2));
0x00001388 cmp r2, 0 |
| if (r2 == 0) {
0x0000138a beq 0x135a | goto label_0;
| }
| label_10:
0x0000138c mov r0, r5 | r0 = r5;
0x0000138e blx 0xa0c | r0 = strlen (r0);
0x00001392 mov fp, r0 |
0x00001394 mov r0, sl | r0 = sl;
0x00001396 blx 0xa0c | strlen (r0);
0x0000139a add r0, fp | r0 += fp;
0x0000139c adds r0, 2 | r0 += 2;
0x0000139e blx 0x9d0 | r0 = malloc (r0);
0x000013a2 mov fp, r0 |
0x000013a4 cmp r0, 0 |
| if (r0 == 0) {
0x000013a6 beq 0x1444 | goto label_11;
| }
0x000013a8 ldr r3, [sp, 0xc] | r3 = var_ch;
0x000013aa mov.w r2, -1 | r2 = -1;
0x000013ae movs r1, 1 | r1 = 1;
0x000013b0 strd r5, sl, [sp] | __asm ("strd r5, sl, [sp]");
0x000013b4 blx 0xa3c | sprintf_chk ();
0x000013b8 mov r2, fp | r2 = fp;
0x000013ba mov r1, r6 | r1 = r6;
0x000013bc mov r0, r7 | r0 = r7;
0x000013be bl 0x12f4 | r0 = fcn_000012f4 (r0, r1, r2);
0x000013c2 add r8, r0 | r8 += r0;
0x000013c4 mov r0, fp | r0 = fp;
0x000013c6 blx 0x97c | free (r0);
0x000013ca mov r0, r4 | r0 = r4;
0x000013cc blx 0xa90 | r0 = readdir64 ();
0x000013d0 cmp r0, 0 |
| if (r0 != 0) {
0x000013d2 bne 0x1364 | goto label_1;
| }
| label_8:
0x000013d4 mov r0, r4 | r0 = r4;
0x000013d6 blx 0xac0 | closedir ();
0x000013da b 0x1316 | goto label_2;
| label_6:
0x000013dc ldr r2, [pc, 0xd4] | r2 = *(0x14b4);
0x000013de add.w r8, r8, 1 | r8++;
0x000013e2 ldr r3, [pc, 0xd4] |
0x000013e4 ldr.w r2, [sb, r2] | r2 = *((sb + r2));
0x000013e8 add r3, pc | r3 = 0x28a6;
0x000013ea ldr r6, [r3] | r6 = *(0x28a6);
0x000013ec ldr r4, [r2] | r4 = *(0x14b4);
0x000013ee blx 0xa30 | r0 = errno_location ();
0x000013f2 ldr r0, [r0] | r0 = *(r0);
0x000013f4 blx 0x9dc | r0 = strerror (r0);
0x000013f8 mov r2, r0 | r2 = r0;
0x000013fa mov r3, r6 | r3 = r6;
0x000013fc str r2, [sp, 4] | var_4h = r2;
0x000013fe mov r0, r4 | r0 = r4;
0x00001400 ldr r2, [pc, 0xb8] |
0x00001402 movs r1, 1 | r1 = 1;
0x00001404 str r5, [sp] | *(sp) = r5;
0x00001406 add r2, pc | r2 = 0x28c6;
0x00001408 blx 0xa6c | fprintf_chk ()
0x0000140c mov r0, r8 | r0 = r8;
0x0000140e add sp, 0x14 |
0x00001410 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_5:
0x00001414 ldr r3, [pc, 0x9c] | r3 = *(0x14b4);
0x00001416 add.w r8, r8, 1 | r8++;
0x0000141a ldr.w r3, [sb, r3] | r3 = *((sb + r3));
0x0000141e ldr r4, [r3] | r4 = *(0x14b4);
0x00001420 ldr r3, [pc, 0x9c] |
0x00001422 add r3, pc | r3 = 0x28e6;
0x00001424 ldr r7, [r3] | r7 = *(0x28e6);
0x00001426 blx 0xa30 | r0 = errno_location ();
0x0000142a ldr r0, [r0] | r0 = *(r0);
0x0000142c blx 0x9dc | strerror (r0);
0x00001430 ldr r2, [pc, 0x90] |
0x00001432 mov r3, r7 | r3 = r7;
0x00001434 str r0, [sp, 4] | var_4h = r0;
0x00001436 movs r1, 1 | r1 = 1;
0x00001438 mov r0, r4 | r0 = r4;
0x0000143a str r5, [sp] | *(sp) = r5;
0x0000143c add r2, pc | r2 = 0x2904;
0x0000143e blx 0xa6c | fprintf_chk ()
0x00001442 b 0x1328 | goto label_3;
| label_11:
0x00001444 ldr r2, [pc, 0x6c] | r2 = *(0x14b4);
0x00001446 ldr r3, [pc, 0x80] |
0x00001448 ldr.w r2, [sb, r2] | r2 = *((sb + r2));
0x0000144c add r3, pc | r3 = 0x291a;
0x0000144e ldr r6, [r3] | r6 = *(0x291a);
0x00001450 ldr r5, [r2] | r5 = *(0x14b4);
0x00001452 blx 0xa30 | r0 = errno_location ();
0x00001456 ldr r0, [r0] | r0 = *(r0);
0x00001458 blx 0x9dc | strerror (r0);
0x0000145c ldr r2, [pc, 0x6c] |
0x0000145e mov r4, r0 | r4 = r0;
0x00001460 mov r3, r6 | r3 = r6;
0x00001462 movs r1, 1 | r1 = 1;
0x00001464 mov r0, r5 | r0 = r5;
0x00001466 str r4, [sp] | *(sp) = r4;
0x00001468 add r2, pc | r2 = 0x2938;
0x0000146a blx 0xa6c | fprintf_chk ()
0x0000146e movs r0, 1 | r0 = 1;
0x00001470 blx 0x9f4 | r0 = exit (r0);
| label_7:
0x00001474 blx 0xa30 | r0 = errno_location ();
0x00001478 ldr r0, [r0] | r0 = *(r0);
0x0000147a cmp r0, 0x14 |
| if (r0 == 0x14) {
0x0000147c beq.w 0x1312 | goto label_4;
| }
0x00001480 ldr r3, [pc, 0x30] | r3 = *(0x14b4);
0x00001482 ldr.w r8, [r8] | r8 = *(r8);
0x00001486 ldr.w r3, [sb, r3] | r3 = *((sb + r3));
0x0000148a ldr r4, [r3] | r4 = *(0x14b4);
0x0000148c blx 0x9dc | strerror (r0);
0x00001490 ldr r2, [pc, 0x3c] |
0x00001492 mov r3, r8 | r3 = r8;
0x00001494 str r0, [sp] | *(sp) = r0;
0x00001496 movs r1, 1 | r1 = 1;
0x00001498 mov r0, r4 | r0 = r4;
0x0000149a mov.w r8, 1 | r8 = 1;
0x0000149e add r2, pc | r2 = 0x2972;
0x000014a0 blx 0xa6c | fprintf_chk ()
0x000014a4 b 0x1316 | goto label_2;
| }
[*] Function fprintf used 5 times chacl
