[*] Binary protection state of wpa_supplicant
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of wpa_supplicant
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/sbin/wpa_supplicant @ 0x3f22c */
| #include <stdint.h>
|
; (fcn) fcn.0003f22c () | void fcn_0003f22c (int16_t arg1) {
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_14h;
| int16_t var_94h;
| int16_t var_98h;
| int16_t var_9ah;
| int16_t var_194h;
| r0 = arg1;
0x0003f22c svcmi 0xf0e92d | __asm ("svcmi 0xf0e92d");
0x0003f230 mov r4, r0 | r4 = r0;
0x0003f232 ldr r3, [r0, 4] | r3 = *((r0 + 4));
0x0003f234 sub sp, 0x19c |
0x0003f236 add r6, sp, 0x10 | r6 += var_10h;
0x0003f238 movs r2, 0x80 | r2 = 0x80;
0x0003f23a ldr r0, [pc, 0x168] |
0x0003f23c ldr r1, [pc, 0x168] | r1 = *(0x3f3a8);
0x0003f23e adds r3, 1 | r3++;
0x0003f240 add r0, pc | r0 = 0x7e5ea;
0x0003f242 ldr r1, [r0, r1] |
0x0003f244 ldr r1, [r1] | r1 = *(0x7e5ea);
0x0003f246 str r1, [sp, 0x194] | var_194h = r1;
0x0003f248 mov.w r1, 0 | r1 = 0;
0x0003f24c str r2, [r6] | *(r6) = r2;
| if (r3 == 1) {
0x0003f24e beq.w 0x3f36e | goto label_3;
| }
0x0003f252 ldr.w r8, [pc, 0x158] |
0x0003f256 movw sb, 0x5441 |
0x0003f25a ldr r3, [pc, 0x154] |
0x0003f25c add r5, sp, 0x94 | r5 += var_94h;
0x0003f25e add.w sl, r4, 8 | sl = r4 + 8;
0x0003f262 movt sb, 0x4154 | sb = 0x41545441;
0x0003f266 add r8, pc | r8 = 0x7e618;
0x0003f268 add r7, sp, 0x14 | r7 += var_14h;
0x0003f26a add r3, pc | r3 = 0x7e620;
0x0003f26c str r7, [sp, 8] | var_8h = r7;
0x0003f26e str r3, [sp, 0xc] | var_ch = r3;
| do {
| label_2:
0x0003f270 ldr r2, [r4] | r2 = *(r4);
0x0003f272 mov r1, r8 | r1 = r8;
0x0003f274 movs r0, 2 | r0 = 2;
0x0003f276 adds r2, 0x50 | r2 += 0x50;
0x0003f278 bl 0xe3e0 | fcn_0000e3e0 (r0);
0x0003f27c ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0003f27e bl 0x156e0 | fcn_000156e0 (r0);
0x0003f282 ldr r7, [sp, 8] | r7 = var_8h;
0x0003f284 movs r3, 0 | r3 = 0;
0x0003f286 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0003f288 movs r2, 0xff | r2 = 0xff;
0x0003f28a mov r1, r5 | r1 = r5;
0x0003f28c str r6, [sp, 4] | var_4h = r6;
0x0003f28e str r7, [sp] | *(sp) = r7;
0x0003f290 blx 0x623c | r0 = fcn_0000623c ();
0x0003f294 cmp r0, 0 |
| if (r0 < 0) {
0x0003f296 blt 0x3f33c | goto label_4;
| }
0x0003f298 movs r3, 0 | r3 = 0;
0x0003f29a strb r3, [r5, r0] | *((r5 + r0)) = r3;
0x0003f29c ldr r3, [r5] | r3 = *(r5);
0x0003f29e cmp r3, sb |
| if (r3 == sb) {
0x0003f2a0 beq 0x3f2f0 | goto label_5;
| }
| label_0:
0x0003f2a2 mov.w fp, 1 |
0x0003f2a6 ldr r1, [r6] | r1 = *(r6);
0x0003f2a8 cmp.w fp, 0 |
| if (fp != 0) {
0x0003f2ac bne 0x3f30e | goto label_6;
| }
| label_1:
0x0003f2ae mov r2, r1 | r2 = r1;
0x0003f2b0 mov r3, fp | r3 = fp;
0x0003f2b2 ldr r1, [sp, 8] | r1 = var_8h;
0x0003f2b4 mov r0, sl | r0 = sl;
0x0003f2b6 bl 0x35060 | r0 = fcn_00035060 (r0, r1, r2, r3);
0x0003f2ba cmp r0, 0 |
| if (r0 == 0) {
0x0003f2bc beq 0x3f354 | goto label_7;
| }
0x0003f2be ldr r7, [sp, 8] | r7 = var_8h;
0x0003f2c0 mov r3, fp | r3 = fp;
0x0003f2c2 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0003f2c4 movs r2, 5 | r2 = 5;
0x0003f2c6 ldr r1, [pc, 0xec] |
0x0003f2c8 str r7, [sp] | *(sp) = r7;
0x0003f2ca ldr r7, [r6] | r7 = *(r6);
0x0003f2cc add r1, pc | r1 = 0x7e686;
0x0003f2ce str r7, [sp, 4] | var_4h = r7;
0x0003f2d0 blx 0x667c | r0 = fprintf_chk ()
0x0003f2d4 cmp r0, 0 |
0x0003f2d6 bge 0x3f270 |
| } while (r0 >= 0);
0x0003f2d8 blx 0x71a8 | r0 = fcn_000071a8 ();
0x0003f2dc ldr r0, [r0] | r0 = *(r0);
0x0003f2de blx 0x64f8 | fcn_000064f8 ();
0x0003f2e2 ldr r1, [pc, 0xd4] |
0x0003f2e4 mov r2, r0 | r2 = r0;
0x0003f2e6 movs r0, 2 | r0 = 2;
0x0003f2e8 add r1, pc | r1 = 0x7e6a6;
0x0003f2ea bl 0xe3e0 | fcn_0000e3e0 (r0);
0x0003f2ec invalid |
| label_5:
0x0003f2f0 ldrh.w r3, [sp, 0x98] | r3 = var_98h;
0x0003f2f4 movw r2, 0x4843 | r2 = 0x4843;
0x0003f2f8 cmp r3, r2 |
| if (r3 != r2) {
0x0003f2fa bne 0x3f2a2 | goto label_0;
| }
0x0003f2fc ldrb.w r3, [sp, 0x9a] | r3 = var_9ah;
0x0003f300 mov fp, r3 |
0x0003f302 cmp r3, 0 |
| if (r3 != 0) {
0x0003f304 bne 0x3f2a2 | goto label_0;
| }
0x0003f306 ldr r1, [r6] | r1 = *(r6);
0x0003f308 cmp.w fp, 0 |
| if (fp == 0) {
0x0003f30c beq 0x3f2ae | goto label_1;
| }
| label_6:
0x0003f30e str r1, [sp, 4] | var_4h = r1;
0x0003f310 movs r3, 0 | r3 = 0;
0x0003f312 ldr r1, [sp, 8] | r1 = var_8h;
0x0003f314 movs r2, 5 | r2 = 5;
0x0003f316 str r1, [sp] | *(sp) = r1;
0x0003f318 ldr r1, [sp, 0xc] | r1 = var_ch;
0x0003f31a ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0003f31c blx 0x667c | r0 = fprintf_chk ()
0x0003f320 cmp r0, 0 |
| if (r0 >= 0) {
0x0003f322 bge 0x3f270 | goto label_2;
| }
0x0003f324 blx 0x71a8 | r0 = fcn_000071a8 ();
0x0003f328 ldr r0, [r0] | r0 = *(r0);
0x0003f32a blx 0x64f8 | fcn_000064f8 ();
0x0003f32e ldr r1, [pc, 0x8c] |
0x0003f330 mov r2, r0 | r2 = r0;
0x0003f332 movs r0, 2 | r0 = 2;
0x0003f334 add r1, pc | r1 = 0x7e6f6;
0x0003f336 bl 0xe3e0 | fcn_0000e3e0 (r0);
0x0003f33a b 0x3f270 | goto label_2;
| label_4:
0x0003f33c blx 0x71a8 | r0 = fcn_000071a8 ();
0x0003f340 ldr r0, [r0] | r0 = *(r0);
0x0003f342 blx 0x64f8 | fcn_000064f8 ();
0x0003f346 ldr r1, [pc, 0x78] |
0x0003f348 mov r2, r0 | r2 = r0;
0x0003f34a movs r0, 5 | r0 = 5;
0x0003f34c add r1, pc | r1 = 0x7e712;
0x0003f34e bl 0xe3e0 | fcn_0000e3e0 (r0);
0x0003f352 b 0x3f270 | goto label_2;
| label_7:
0x0003f354 ldr r7, [sp, 8] | r7 = var_8h;
0x0003f356 mov r3, fp | r3 = fp;
0x0003f358 ldr r5, [r6] | r5 = *(r6);
0x0003f35a movs r2, 3 | r2 = 3;
0x0003f35c ldr r1, [pc, 0x64] |
0x0003f35e ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0003f360 strd r7, r5, [sp] | __asm ("strd r7, r5, [sp]");
0x0003f364 add r1, pc | r1 = 0x7e72c;
0x0003f366 blx 0x667c | r0 = fprintf_chk ()
0x0003f36a cmp r0, 0 |
0x0003f36c blt 0x3f388 |
| while (1) {
| label_3:
0x0003f36e ldr r2, [pc, 0x58] |
0x0003f370 ldr r3, [pc, 0x34] | r3 = *(0x3f3a8);
0x0003f372 add r2, pc | r2 = 0x7e740;
0x0003f374 ldr r3, [r2, r3] | r3 = *(0x7e740);
0x0003f376 ldr r2, [r3] | r2 = *(0x7e740);
0x0003f378 ldr r3, [sp, 0x194] | r3 = var_194h;
0x0003f37a eors r2, r3 | r2 ^= r3;
0x0003f37c mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x0003f380 bne 0x3f3a0 | goto label_8;
| }
0x0003f382 add sp, 0x19c |
0x0003f384 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x0003f388 blx 0x71a8 | r0 = fcn_000071a8 ();
0x0003f38c ldr r0, [r0] | r0 = *(r0);
0x0003f38e blx 0x64f8 | fcn_000064f8 ();
0x0003f392 ldr r1, [pc, 0x38] |
0x0003f394 mov r2, r0 | r2 = r0;
0x0003f396 movs r0, 2 | r0 = 2;
0x0003f398 add r1, pc | r1 = 0x7e76a;
0x0003f39a bl 0xe3e0 | fcn_0000e3e0 (r0);
0x0003f39e b 0x3f36e |
| }
| label_8:
0x0003f3a0 blx 0x6b88 | fcn_00006b88 ();
0x0003f3a4 lsls r0, r4, 0x1b | r0 = r4 << 0x1b;
0x0003f3a6 movs r4, r0 | r4 = r0;
0x0003f3a8 lsls r4, r6, 0x19 | r4 = r6 << 0x19;
0x0003f3aa movs r0, r0 |
0x0003f3ac orr r0, sl, 0x820000 | r0 = sl | 0x820000;
0x0003f3b0 ldm.w sl, {r1} | r1 = *(sl);
0x0003f3b4 invalid |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/sbin/wpa_supplicant @ 0x5727c */
| #include <stdint.h>
|
; (fcn) fcn.0005727c () | void fcn_0005727c (int16_t arg_28h, int16_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_58h;
| int16_t var_4h_2;
| int16_t var_8h;
| int16_t var_ah;
| int16_t var_ch;
| int16_t var_10h_2;
| int16_t var_13h;
| int16_t var_14h_2;
| int16_t var_18h;
| int16_t var_1ch;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x0005727c ldmdami r1!, {r2, r7, sb, sl, lr} | __asm ("ldmdami r1!, {r2, r7, sb, sl, lr}");
0x00057280 push {r4, lr} |
0x00057282 mov r4, r1 | r4 = r1;
0x00057284 mov r1, r3 | r1 = r3;
0x00057286 ldr r3, [pc, 0xc0] |
0x00057288 add r0, pc | r0 += pc;
0x0005728a sub sp, 0x20 |
0x0005728c ldr r3, [r0, r3] | r3 = *((r0 + r3));
0x0005728e ldr r3, [r3] | r3 = *(0x5734a);
0x00057290 str r3, [sp, 0x1c] | var_1ch = r3;
0x00057292 mov.w r3, 0 | r3 = 0;
0x00057296 cmp.w ip, 0 |
| if (ip == 0) {
0x0005729a beq 0x57338 | goto label_1;
| }
0x0005729c ldr.w r3, [ip, 0x2c] | r3 = *((ip + 0x2c));
| if (r3 != 0) {
0x000572a0 cbnz r3, 0x572f8 | goto label_2;
| }
0x000572a2 ldr r0, [r4] | r0 = *(r4);
0x000572a4 rev16 r2, r2 | __asm ("rev16 r2, r2");
0x000572a6 ldrh r4, [r4, 4] | r4 = *((r4 + 4));
0x000572a8 strh.w r2, [sp, 0xa] | var_ah = r2;
0x000572ac movs r2, 6 | r2 = 6;
0x000572ae str r3, [sp, 0x10] | var_10h_2 = r3;
0x000572b0 strb.w r2, [sp, 0x13] | var_13h = r2;
0x000572b4 movs r2, 0x14 | r2 = 0x14;
0x000572b6 str r2, [sp, 4] | var_4h_2 = r2;
0x000572b8 str r3, [sp, 0x18] | var_18h = r3;
0x000572ba strh.w r4, [sp, 0x18] | var_18h = r4;
0x000572be ldr.w r4, [ip, 0x18] | r4 = *((ip + 0x18));
0x000572c2 str r0, [sp, 0x14] | var_14h_2 = r0;
0x000572c4 ldr r2, [sp, 0x28] | r2 = *(arg_28h);
0x000572c6 str r4, [sp, 0xc] | var_ch = r4;
0x000572c8 add r4, sp, 8 | r4 += var_8h;
0x000572ca ldr.w r0, [ip] | r0 = *(ip);
0x000572ce str r4, [sp] | *(sp) = r4;
0x000572d0 movs r4, 0x11 | r4 = 0x11;
0x000572d2 strh.w r4, [sp, 8] | var_8h = r4;
0x000572d6 blx 0x667c | r0 = fprintf_chk ()
0x000572da subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 < r0) {
0x000572dc blt 0x57320 | goto label_3;
| }
| do {
| label_0:
0x000572de ldr r2, [pc, 0x6c] |
0x000572e0 ldr r3, [pc, 0x64] | r3 = *(0x57348);
0x000572e2 add r2, pc | r2 = 0xae634;
0x000572e4 ldr r3, [r2, r3] | r3 = *(0xae634);
0x000572e6 ldr r2, [r3] | r2 = *(0xae634);
0x000572e8 ldr r3, [sp, 0x1c] | r3 = var_1ch;
0x000572ea eors r2, r3 | r2 ^= r3;
0x000572ec mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x000572f0 bne 0x5733e | goto label_4;
| }
0x000572f2 mov r0, r4 | r0 = r4;
0x000572f4 add sp, 0x20 |
0x000572f6 pop {r4, pc} |
| label_2:
0x000572f8 ldr.w r0, [ip] | r0 = *(ip);
0x000572fc movs r3, 0 | r3 = 0;
0x000572fe ldr r2, [sp, 0x28] | r2 = *(arg_28h);
0x00057300 blx 0x71cc | r0 = fcn_000071cc ();
0x00057304 subs r4, r0, 0 | r4 = r0 - 0;
0x00057306 bge 0x572de |
| } while (r4 >= r0);
0x00057308 blx 0x71a8 | r0 = fcn_000071a8 ();
0x0005730c ldr r0, [r0] | r0 = *(r0);
0x0005730e blx 0x64f8 | fcn_000064f8 ();
0x00057312 ldr r1, [pc, 0x3c] |
0x00057314 mov r2, r0 | r2 = r0;
0x00057316 movs r0, 5 | r0 = 5;
0x00057318 add r1, pc | r1 = 0xae66e;
0x0005731a bl 0xe3e0 | fcn_0000e3e0 (r0);
0x0005731e b 0x572de | goto label_0;
| label_3:
0x00057320 blx 0x71a8 | r0 = fcn_000071a8 ();
0x00057324 ldr r0, [r0] | r0 = *(r0);
0x00057326 blx 0x64f8 | fcn_000064f8 ();
0x0005732a ldr r1, [pc, 0x28] |
0x0005732c mov r2, r0 | r2 = r0;
0x0005732e movs r0, 5 | r0 = 5;
0x00057330 add r1, pc | r1 = 0xae68a;
0x00057332 bl 0xe3e0 | fcn_0000e3e0 (r0);
0x00057336 b 0x572de | goto label_0;
| label_1:
0x00057338 mov.w r4, -1 | r4 = -1;
0x0005733c b 0x572de | goto label_0;
| label_4:
0x0005733e blx 0x6b88 | fcn_00006b88 ();
0x00057342 nop |
0x00057344 strh r0, [r3, 0x34] | *((r3 + 0x34)) = r0;
0x00057346 movs r2, r0 | r2 = r0;
0x00057348 lsls r4, r6, 0x19 | r4 = r6 << 0x19;
0x0005734a movs r0, r0 |
0x0005734c strh r6, [r7, 0x30] | *((r7 + 0x30)) = r6;
0x0005734e movs r2, r0 | r2 = r0;
0x00057350 cmp r3, 0x7c |
0x00057352 movs r2, r0 | r2 = r0;
0x00057354 cmp r3, 0x80 |
0x00057356 movs r2, r0 | r2 = r0;
| }
[*] Function fprintf used 5 times wpa_supplicant
