[*] Binary protection state of snmp-confd
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of snmp-confd
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/libexec/snmp-confd @ 0x7840 */
| #include <stdint.h>
|
; (fcn) fcn.00007840 () | void fcn_00007840 (int16_t arg1) {
| int16_t var_4h;
| int16_t var_14h_4;
| int16_t var_1ch;
| int16_t var_20h;
| int16_t var_24h;
| r0 = arg1;
0x00007840 ldr r2, [pc, 0x108] |
0x00007842 ldr r3, [pc, 0x10c] | r3 = *(0x7952);
0x00007844 push {r4, r5, lr} |
0x00007846 mov r4, r0 | r4 = r0;
0x00007848 add r2, pc | r2 = 0xf198;
0x0000784a ldrb r0, [r0] | r0 = *(r0);
0x0000784c sub sp, 0x2c |
0x0000784e ldr r3, [r2, r3] |
0x00007850 ldr r3, [r3] | r3 = *(0xf198);
0x00007852 str r3, [sp, 0x24] | var_24h = r3;
0x00007854 mov.w r3, 0 | r3 = 0;
0x00007858 cbnz r0, 0x7872 |
| while (1) {
| label_2:
0x0000785a ldr r2, [pc, 0xf8] |
0x0000785c ldr r3, [pc, 0xf0] | r3 = *(0x7950);
0x0000785e add r2, pc | r2 = 0xf1b8;
0x00007860 ldr r3, [r2, r3] | r3 = *(0xf1b8);
0x00007862 ldr r2, [r3] | r2 = *(0xf1b8);
0x00007864 ldr r3, [sp, 0x24] | r3 = var_24h;
0x00007866 eors r2, r3 | r2 ^= r3;
0x00007868 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x0000786c bne 0x7948 | goto label_4;
| }
0x0000786e add sp, 0x2c |
0x00007870 pop {r4, r5, pc} |
0x00007872 add r2, sp, 4 | r2 += var_4h;
0x00007874 mov r1, r4 | r1 = r4;
0x00007876 movs r0, 2 | r0 = 2;
0x00007878 blx 0x17e8 | r0 = asprintf_chk ()
0x0000787c cmp r0, 1 |
0x0000787e it eq |
| if (r0 != 1) {
0x00007880 addeq r5, sp, 0x14 | r5 += var_14h_4;
| }
| if (r0 == 1) {
0x00007882 beq 0x78a8 | goto label_5;
| }
0x00007884 ldrb r3, [r4] | r3 = *(r4);
| if (r3 != 0) {
0x00007886 cbnz r3, 0x7898 | goto label_6;
| }
| label_0:
0x00007888 ldr r1, [pc, 0xcc] |
0x0000788a mov r0, r4 | r0 = r4;
0x0000788c add r1, pc | r1 = 0xf1e8;
0x0000788e blx 0x1708 | r0 = fcn_00001708 ();
| if (r0 != 0) {
0x00007892 cbnz r0, 0x78d6 | goto label_7;
| }
| label_1:
0x00007894 movs r0, 0 | r0 = 0;
0x00007896 b 0x785a |
| }
| label_6:
0x00007898 add r5, sp, 0x14 | r5 += var_14h_4;
0x0000789a mov r1, r4 | r1 = r4;
0x0000789c mov r2, r5 | r2 = r5;
0x0000789e movs r0, 0xa | r0 = 0xa;
0x000078a0 blx 0x17e8 | r0 = asprintf_chk ()
0x000078a4 cmp r0, 1 |
| if (r0 != 1) {
0x000078a6 bne 0x7888 | goto label_0;
| }
| label_5:
0x000078a8 mov r2, r5 | r2 = r5;
0x000078aa mov r1, r4 | r1 = r4;
0x000078ac movs r0, 2 | r0 = 2;
0x000078ae blx 0x17e8 | r0 = asprintf_chk ()
0x000078b2 cmp r0, 1 |
| if (r0 != 1) {
0x000078b4 bne 0x7908 | goto label_8;
| }
0x000078b6 ldrb.w r3, [sp, 0x14] | r3 = var_14h_4;
0x000078ba subs r2, r3, 1 | r2 = r3 - 1;
0x000078bc sub.w r3, r3, 0x7f | r3 -= 0x7f;
0x000078c0 clz r3, r3 | r3 &= r3;
0x000078c4 uxtb r2, r2 | r2 = (int8_t) r2;
0x000078c6 lsrs r3, r3, 5 | r3 >>= 5;
0x000078c8 cmp r2, 0xde |
0x000078ca it hi |
| if (r2 <= 0xde) {
0x000078cc orrhi r3, r3, 1 | r3 |= 1;
| }
0x000078d0 cmp r3, 0 |
| if (r3 != 0) {
0x000078d2 bne 0x7888 | goto label_0;
| }
0x000078d4 b 0x7916 | goto label_3;
| label_7:
0x000078d6 ldr r1, [pc, 0x84] |
0x000078d8 mov r0, r4 | r0 = r4;
0x000078da add r1, pc | r1 = 0xf23c;
0x000078dc blx 0x1708 | r0 = fcn_00001708 ();
0x000078e0 cmp r0, 0 |
| if (r0 == 0) {
0x000078e2 beq 0x7894 | goto label_1;
| }
0x000078e4 ldr r1, [pc, 0x78] |
0x000078e6 mov r0, r4 | r0 = r4;
0x000078e8 add r1, pc | r1 = 0xf24c;
0x000078ea blx 0x1708 | r0 = fcn_00001708 ();
0x000078ee cmp r0, 0 |
| if (r0 == 0) {
0x000078f0 beq 0x7894 | goto label_1;
| }
0x000078f2 ldr r0, [pc, 0x70] |
0x000078f4 movs r3, 0 | r3 = 0;
0x000078f6 mov r2, r3 | r2 = r3;
0x000078f8 mov r1, r4 | r1 = r4;
0x000078fa add r0, pc | r0 = 0xf264;
0x000078fc blx 0x19d0 | fcn_000019d0 ();
0x00007900 subs r0, 0 |
0x00007902 it ne |
| if (r0 == 0) {
0x00007904 movne r0, 1 | r0 = 1;
| }
0x00007906 b 0x785a | goto label_2;
| label_8:
0x00007908 mov r2, r5 | r2 = r5;
0x0000790a mov r1, r4 | r1 = r4;
0x0000790c movs r0, 0xa | r0 = 0xa;
0x0000790e blx 0x17e8 | r0 = asprintf_chk ()
0x00007912 cmp r0, 1 |
| if (r0 != 1) {
0x00007914 beq 0x791a |
| label_3:
0x00007916 movs r0, 1 | r0 = 1;
0x00007918 b 0x785a | goto label_2;
| }
0x0000791a mov r2, r5 | r2 = r5;
0x0000791c add r1, sp, 0x24 | r1 += var_24h;
| do {
0x0000791e ldrb r3, [r2], 1 | r3 = *(r2);
| r2++;
| if (r3 != 0) {
0x00007922 cbnz r3, 0x792a | goto label_9;
| }
0x00007924 cmp r2, r1 |
0x00007926 bne 0x791e |
| } while (r2 != r1);
0x00007928 b 0x7888 | goto label_0;
| label_9:
0x0000792a ldrd r3, r1, [sp, 0x14] | __asm ("ldrd r3, r1, [var_14h_4]");
0x0000792e ldr r2, [sp, 0x1c] | r2 = var_1ch;
0x00007930 orrs r3, r1 | r3 |= r1;
0x00007932 orrs r3, r2 | r3 |= r2;
| if (r3 != r2) {
0x00007934 bne 0x793e | goto label_10;
| }
0x00007936 ldr r3, [sp, 0x20] | r3 = var_20h;
0x00007938 cmp.w r3, 0x1000000 |
| if (r3 == 0x1000000) {
0x0000793c beq 0x7888 | goto label_0;
| }
| label_10:
0x0000793e ldrb.w r3, [sp, 0x14] | r3 = var_14h_4;
0x00007942 cmp r3, 0xff |
| if (r3 != 0xff) {
0x00007944 bne 0x7916 | goto label_3;
| }
0x00007946 b 0x7888 | goto label_0;
| label_4:
0x00007948 blx 0x1994 | fcn_00001994 ();
0x0000794c ldrsb r4, [r4, r0] | r4 = *((r4 + r0));
0x0000794e movs r0, r0 |
0x00007950 lsls r0, r0, 6 | r0 <<= 6;
0x00007952 movs r0, r0 |
0x00007954 ldrsb r6, [r1, r0] | r6 = *((r1 + r0));
0x00007956 movs r0, r0 |
0x00007958 adds r5, 0xe4 | r5 += 0xe4;
0x0000795a movs r0, r0 |
0x0000795c adds r5, 0x92 | r5 += 0x92;
0x0000795e movs r0, r0 |
0x00007960 adds r5, 0x94 | r5 += 0x94;
0x00007962 movs r0, r0 |
0x00007964 adds r5, 0x92 | r5 += 0x92;
0x00007966 movs r0, r0 |
| }
[*] Function sprintf used 5 times snmp-confd
