[*] Binary protection state of libnl-3.so.200.26.0
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of libnl-3.so.200.26.0
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libnl-3.so.200.26.0 @ 0x8b88 */
| #include <stdint.h>
|
; (fcn) fcn.00008b88 () | void fcn_00008b88 (int16_t arg_38h, int16_t arg_3ch, int16_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_ch;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x00008b88 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00008b8c mov r4, r2 | r4 = r2;
0x00008b8e ldr r2, [r2, 4] | r2 = *((r2 + 4));
0x00008b90 sub sp, 0x14 |
0x00008b92 mov r6, r1 | r6 = r1;
0x00008b94 ldr r5, [pc, 0x204] |
0x00008b96 subs r2, 1 | r2--;
0x00008b98 cmp r2, 1 |
0x00008b9a add r5, pc | r5 = 0x1193a;
| if (r2 < 1) {
0x00008b9c bls 0x8be8 | goto label_5;
| }
0x00008b9e ldr r3, [pc, 0x200] |
0x00008ba0 ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x00008ba2 ldr r3, [r3] | r3 = *(0x8da2);
0x00008ba4 cmp r3, 1 |
0x00008ba6 bgt 0x8bb0 |
| while (r4 != 1) {
| label_0:
0x00008ba8 movs r0, 0 | r0 = 0;
0x00008baa add sp, 0x14 |
0x00008bac pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x00008bb0 blx 0x5f10 | fcn_00005f10 ();
0x00008bb4 ldr r2, [pc, 0x1ec] | r2 = *(0x8da4);
0x00008bb6 mov r4, r0 | r4 = r0;
0x00008bb8 ldr r3, [pc, 0x1ec] |
0x00008bba movw r1, 0x351 | r1 = 0x351;
0x00008bbe ldr r7, [r0] | r7 = *(r0);
0x00008bc0 ldr r2, [r5, r2] | r2 = *((r5 + r2));
0x00008bc2 add r3, pc |
0x00008bc4 add.w r3, r3, 0x128 | r3 = 0x11a96;
0x00008bc8 strd r3, r6, [sp, 4] | __asm ("strd r3, r6, [var_4h]");
0x00008bcc ldr r3, [pc, 0x1dc] |
0x00008bce ldr r0, [r2] | r0 = *(0x8da4);
0x00008bd0 ldr r2, [pc, 0x1dc] |
0x00008bd2 str r1, [sp] | *(sp) = r1;
0x00008bd4 add r3, pc | r3 = 0x11984;
0x00008bd6 movs r1, 1 | r1 = 1;
0x00008bd8 add r2, pc | r2 = 0x1198c;
0x00008bda blx 0x5ff4 | fcn_00005ff4 ();
0x00008bde movs r0, 0 | r0 = 0;
0x00008be0 str r7, [r4] | *(r4) = r7;
0x00008be2 add sp, 0x14 |
0x00008be4 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_5:
0x00008be8 mov r7, r0 | r7 = r0;
0x00008bea mov r8, r3 | r8 = r3;
0x00008bec blx 0x6388 | r0 = fcn_00006388 ();
0x00008bf0 mov r5, r0 | r5 = r0;
| if (r0 != 0) {
0x00008bf2 cbz r0, 0x8c4c |
0x00008bf4 ldr r3, [sp, 0x38] | r3 = *(arg_38h);
0x00008bf6 cmp r3, 0 |
| if (r3 == 0) {
0x00008bf8 beq 0x8cae | goto label_6;
| }
0x00008bfa ldr r3, [r0, 4] | r3 = *((r0 + 4));
0x00008bfc ldr r3, [r3, 0x28] | r3 = *((r3 + 0x28));
0x00008bfe cmp r3, 0 |
| if (r3 == 0) {
0x00008c00 beq 0x8ca4 | goto label_7;
| }
0x00008c02 blx 0x5f98 | fcn_00005f98 ();
0x00008c06 mov r1, r6 | r1 = r6;
0x00008c08 mov sb, r0 | sb = r0;
0x00008c0a mov r0, r5 | r0 = r5;
0x00008c0c blx 0x5f8c | r0 = fcn_00005f8c ();
0x00008c10 mov sl, r0 | sl = r0;
0x00008c12 mov fp, r1 |
| label_2:
0x00008c14 mov r1, r6 | r1 = r6;
0x00008c16 mov r0, r5 | r0 = r5;
0x00008c18 blx 0x5e4c | r0 = fcn_00005e4c ();
| if (r0 != 0) {
0x00008c1c cbnz r0, 0x8c7c | goto label_8;
| }
0x00008c1e ldr r3, [sp, 0x3c] | r3 = *(arg_3ch);
0x00008c20 mov r0, r7 | r0 = r7;
0x00008c22 mov r2, r6 | r2 = r6;
0x00008c24 mov r1, sb | r1 = sb;
0x00008c26 str.w sl, [sp] | __asm ("str.w sl, [sp]");
0x00008c2a str r3, [sp, 0xc] | var_ch = r3;
0x00008c2c movs r3, 5 | r3 = 5;
0x00008c2e str r3, [sp, 8] | var_8h = r3;
0x00008c30 str.w fp, [sp, 4] | __asm ("str.w fp, [var_4h]");
0x00008c34 ldr r3, [sp, 0x38] | r3 = *(arg_38h);
0x00008c36 blx r3 | uint32_t (*r3)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00008c38 mov r0, sb | r0 = sb;
0x00008c3a blx 0x5fa4 | fcn_00005fa4 ();
| label_1:
0x00008c3e mov r0, r5 | r0 = r5;
0x00008c40 blx 0x5fa4 | fcn_00005fa4 ();
0x00008c44 movs r0, 0 | r0 = 0;
0x00008c46 add sp, 0x14 |
0x00008c48 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x00008c4c ldr r4, [r4, 4] | r4 = *((r4 + 4));
0x00008c4e cmp r4, 1 |
0x00008c50 bne 0x8ba8 |
| }
0x00008c52 mov r1, r6 | r1 = r6;
0x00008c54 mov r0, r7 | r0 = r7;
0x00008c56 blx 0x5ee8 | vasprintf_chk ()
0x00008c5a ldr r3, [sp, 0x38] | r3 = *(arg_38h);
0x00008c5c cmp r3, 0 |
| if (r3 == 0) {
0x00008c5e beq.w 0x8d6e | goto label_9;
| }
0x00008c62 ldr r3, [sp, 0x3c] | r3 = *(arg_3ch);
0x00008c64 mov r2, r6 | r2 = r6;
0x00008c66 vmov.i32 d16, 0 | __asm ("vmov.i32 d16, 0");
0x00008c6a mov r1, r5 | r1 = r5;
0x00008c6c mov r0, r7 | r0 = r7;
0x00008c6e strd r4, r3, [sp, 8] | __asm ("strd r4, r3, [var_8h]");
0x00008c72 vstr d16, [sp] | __asm ("vstr d16, [sp]");
0x00008c76 ldr r3, [sp, 0x38] | r3 = *(arg_38h);
0x00008c78 blx r3 | uint32_t (*r3)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00008c7a b 0x8ba8 | goto label_0;
| label_8:
0x00008c7c mov r0, sb | r0 = sb;
0x00008c7e blx 0x5fa4 | fcn_00005fa4 ();
0x00008c82 mov r0, r5 | r0 = r5;
0x00008c84 blx 0x6000 | fcn_00006000 ();
0x00008c88 ldr r2, [r4, 4] | r2 = *((r4 + 4));
0x00008c8a cmp r2, 2 |
| if (r2 == 2) {
0x00008c8c beq 0x8d3c | goto label_10;
| }
| label_3:
0x00008c8e cmp r2, 1 |
| if (r2 != 1) {
0x00008c90 bne 0x8ba8 | goto label_0;
| }
0x00008c92 mov r1, r6 | r1 = r6;
0x00008c94 mov r0, r7 | r0 = r7;
0x00008c96 blx 0x5ee8 | vasprintf_chk ()
0x00008c9a ldr r3, [sp, 0x38] | r3 = *(arg_38h);
0x00008c9c orrs.w r3, r3, r8 | r3 |= r8;
| if (r3 == r3) {
0x00008ca0 beq 0x8c3e | goto label_1;
| }
0x00008ca2 b 0x8cfe | goto label_11;
| label_7:
0x00008ca4 mov.w sl, 0 | sl = 0;
0x00008ca8 mov sb, r3 | sb = r3;
0x00008caa mov fp, sl |
0x00008cac b 0x8c14 | goto label_2;
| label_6:
0x00008cae mov r1, r6 | r1 = r6;
0x00008cb0 blx 0x5e4c | r0 = fcn_00005e4c ();
| if (r0 != 0) {
0x00008cb4 cbnz r0, 0x8cc8 | goto label_12;
| }
0x00008cb6 cmp.w r8, 0 |
| if (r8 == 0) {
0x00008cba beq 0x8c3e | goto label_1;
| }
0x00008cbc ldr r3, [sp, 0x3c] | r3 = *(arg_3ch);
0x00008cbe movs r2, 5 | r2 = 5;
0x00008cc0 mov r0, r7 | r0 = r7;
0x00008cc2 mov r1, r5 | r1 = r5;
0x00008cc4 blx r8 | uint32_t (*r8)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00008cc6 b 0x8c3e | goto label_1;
| label_12:
0x00008cc8 ldr r0, [sp, 0x38] | r0 = *(arg_38h);
0x00008cca blx 0x5fa4 | fcn_00005fa4 ();
0x00008cce mov r0, r5 | r0 = r5;
0x00008cd0 blx 0x6000 | fcn_00006000 ();
0x00008cd4 ldr r2, [r4, 4] | r2 = *((r4 + 4));
0x00008cd6 cmp r2, 2 |
| if (r2 != 2) {
0x00008cd8 bne 0x8c8e | goto label_3;
| }
0x00008cda cmp.w r8, 0 |
| if (r8 == 0) {
0x00008cde beq 0x8d82 | goto label_13;
| }
0x00008ce0 ldr r3, [sp, 0x3c] | r3 = *(arg_3ch);
0x00008ce2 mov r1, r5 | r1 = r5;
0x00008ce4 mov r0, r7 | r0 = r7;
0x00008ce6 blx r8 | uint32_t (*r8)(uint32_t, uint32_t, uint32_t) (r0, r1, r3);
| label_4:
0x00008ce8 mov r0, r5 | r0 = r5;
0x00008cea blx 0x5fa4 | fcn_00005fa4 ();
0x00008cee ldr r3, [r4, 4] | r3 = *((r4 + 4));
0x00008cf0 cmp r3, 1 |
| if (r3 != 1) {
0x00008cf2 bne.w 0x8ba8 | goto label_0;
| }
0x00008cf6 mov r1, r6 | r1 = r6;
0x00008cf8 mov r0, r7 | r0 = r7;
0x00008cfa blx 0x5ee8 | vasprintf_chk ()
| label_11:
0x00008cfe mov r1, r6 | r1 = r6;
0x00008d00 mov r0, r5 | r0 = r5;
0x00008d02 blx 0x5f8c | r0 = fcn_00005f8c ();
0x00008d06 orrs.w r2, r0, r1 | r2 = r0 | r1;
0x00008d0a mov r3, r1 | r3 = r1;
0x00008d0c ldr r1, [sp, 0x38] | r1 = *(arg_38h);
0x00008d0e ite ne |
| if (r2 == r0) {
0x00008d10 movne r2, 1 | r2 = 1;
| }
| if (r2 != r0) {
0x00008d12 moveq r2, 0 | r2 = 0;
| }
0x00008d14 cmp r1, 0 |
0x00008d16 ite eq |
| if (r1 != 0) {
0x00008d18 moveq r1, 0 | r1 = 0;
| }
| if (r1 == 0) {
0x00008d1a andne r1, r2, 1 | r1 = r2 & 1;
| }
| if (r1 != 0) {
0x00008d1e cbnz r1, 0x8d56 | goto label_14;
| }
0x00008d20 cmp.w r8, 0 |
0x00008d24 ite eq |
| if (r8 != 0) {
0x00008d26 moveq r2, 0 | r2 = 0;
| }
| if (r8 == 0) {
0x00008d28 andne r2, r2, 1 | r2 &= 1;
| }
0x00008d2c cmp r2, 0 |
| if (r2 == 0) {
0x00008d2e beq 0x8c3e | goto label_1;
| }
0x00008d30 ldr r3, [sp, 0x3c] | r3 = *(arg_3ch);
0x00008d32 mov r1, r6 | r1 = r6;
0x00008d34 mov r0, r7 | r0 = r7;
0x00008d36 movs r2, 5 | r2 = 5;
0x00008d38 blx r8 | uint32_t (*r8)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00008d3a b 0x8c3e | goto label_1;
| label_10:
0x00008d3c ldr r3, [sp, 0x3c] | r3 = *(arg_3ch);
0x00008d3e mov r1, r5 | r1 = r5;
0x00008d40 vmov.i32 d16, 0 | __asm ("vmov.i32 d16, 0");
0x00008d44 mov r0, r7 | r0 = r7;
0x00008d46 str r2, [sp, 8] | var_8h = r2;
0x00008d48 movs r2, 0 | r2 = 0;
0x00008d4a str r3, [sp, 0xc] | var_ch = r3;
0x00008d4c vstr d16, [sp] | __asm ("vstr d16, [sp]");
0x00008d50 ldr r3, [sp, 0x38] | r3 = *(arg_38h);
0x00008d52 blx r3 | uint32_t (*r3)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00008d54 b 0x8ce8 | goto label_4;
| label_14:
0x00008d56 ldr r4, [sp, 0x3c] | r4 = *(arg_3ch);
0x00008d58 mov r2, r6 | r2 = r6;
0x00008d5a str r3, [sp, 4] | var_4h = r3;
0x00008d5c movs r3, 5 | r3 = 5;
0x00008d5e str r0, [sp] | *(sp) = r0;
0x00008d60 mov r1, r5 | r1 = r5;
0x00008d62 str r3, [sp, 8] | var_8h = r3;
0x00008d64 mov r0, r7 | r0 = r7;
0x00008d66 ldr r3, [sp, 0x38] | r3 = *(arg_38h);
0x00008d68 str r4, [sp, 0xc] | var_ch = r4;
0x00008d6a blx r3 | uint32_t (*r3)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00008d6c b 0x8c3e | goto label_1;
| label_9:
0x00008d6e cmp.w r8, 0 |
| if (r8 == 0) {
0x00008d72 beq.w 0x8ba8 | goto label_0;
| }
0x00008d76 ldr r3, [sp, 0x3c] | r3 = *(arg_3ch);
0x00008d78 mov r2, r4 | r2 = r4;
0x00008d7a mov r1, r6 | r1 = r6;
0x00008d7c mov r0, r7 | r0 = r7;
0x00008d7e blx r8 | uint32_t (*r8)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00008d80 b 0x8ba8 | goto label_0;
| label_13:
0x00008d82 mov r0, r5 | r0 = r5;
0x00008d84 blx 0x5fa4 | fcn_00005fa4 ();
0x00008d88 ldr r3, [r4, 4] | r3 = *((r4 + 4));
0x00008d8a cmp r3, 1 |
| if (r3 != 1) {
0x00008d8c bne.w 0x8ba8 | goto label_0;
| }
0x00008d90 mov r1, r6 | r1 = r6;
0x00008d92 mov r0, r7 | r0 = r7;
0x00008d94 blx 0x5ee8 | vasprintf_chk ()
0x00008d98 b 0x8c3e | goto label_1;
| }
[*] Function sprintf used 5 times libnl-3.so.200.26.0
