[*] Binary protection state of libstd2parser.so
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of libstd2parser.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libstd2parser.so @ 0x1e00 */
| #include <stdint.h>
|
; (fcn) fcn.00001e00 () | void fcn_00001e00 (int16_t arg1) {
| r0 = arg1;
0x00001e00 mvnsmi lr, sp, lsr 18 | __asm ("mvnsmi lr, sp, lsr 18");
0x00001e04 mov r4, r0 | r4 = r0;
0x00001e06 mov r0, r1 | r0 = r1;
0x00001e08 mov r6, r1 | r6 = r1;
0x00001e0a blx 0x15ac | sprintf_chk ()
0x00001e0e ldrd r3, r2, [r4, 4] | __asm ("ldrd r3, r2, [r4, 4]");
0x00001e12 mov r5, r0 | r5 = r0;
0x00001e14 ldr.w r8, [r4] | r8 = *(r4);
0x00001e18 subs r1, r2, r3 | r1 = r2 - r3;
0x00001e1a cmp r1, r0 |
0x00001e1c it gt |
| if (r1 <= r0) {
0x00001e1e addgt r0, r8, r3 | r0 = r8 + r3;
| }
| if (r1 <= r0) {
0x00001e22 bgt 0x1e44 |
0x00001e24 movw r7, 0x1ff | r7 = 0x1ff;
0x00001e28 mov r0, r8 | r0 = r8;
0x00001e2a cmp r7, r5 |
0x00001e2c it lt |
| if (r7 >= r5) {
0x00001e2e movlt r7, r5 | r7 = r5;
| }
0x00001e30 adds r7, 1 | r7++;
0x00001e32 add r7, r2 | r7 += r2;
0x00001e34 mov r1, r7 | r1 = r7;
0x00001e36 blx 0x1478 | fcn_00001478 ();
0x00001e3a str r0, [r4] | *(r4) = r0;
| if (r0 == 0) {
0x00001e3c cbz r0, 0x1e52 | goto label_0;
| }
0x00001e3e ldr r3, [r4, 4] | r3 = *((r4 + 4));
0x00001e40 str r7, [r4, 8] | *((r4 + 8)) = r7;
0x00001e42 add r0, r3 | r0 += r3;
| }
0x00001e44 add r5, r3 | r5 += r3;
0x00001e46 mov r1, r6 | r1 = r6;
0x00001e48 str r5, [r4, 4] | *((r4 + 4)) = r5;
0x00001e4a pop.w {r4, r5, r6, r7, r8, lr} |
0x00001e4e b.w 0x14d4 | void (*0x14d4)() ();
| label_0:
0x00001e52 str.w r8, [r4] | __asm ("str.w r8, [r4]");
0x00001e56 pop.w {r4, r5, r6, r7, r8, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libstd2parser.so @ 0x1a7c */
| #include <stdint.h>
|
; (fcn) sym.std2parser_load_dyncfg () | void std2parser_load_dyncfg (int16_t arg1, int16_t arg2) {
| int32_t var_0h;
| int32_t var_0h_2;
| int16_t var_8h;
| int16_t var_ch;
| int16_t var_10h;
| int16_t var_20h;
| int16_t var_6ch;
| r0 = arg1;
| r1 = arg2;
0x00001a7c ldr r2, [pc, 0x1d0] |
0x00001a7e ldr r3, [pc, 0x1d4] | r3 = *(0x1c56);
0x00001a80 push.w {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00001a84 sub sp, 0x74 |
0x00001a86 add r2, pc | r2 = 0x36da;
0x00001a88 mov r7, r0 | r7 = r0;
0x00001a8a mov r4, r1 | r4 = r1;
0x00001a8c ldr r3, [r2, r3] |
0x00001a8e ldr r3, [r3] | r3 = *(0x36da);
0x00001a90 str r3, [sp, 0x6c] | var_6ch = r3;
0x00001a92 mov.w r3, 0 | r3 = 0;
0x00001a96 blx 0x1494 | r0 = fcn_00001494 ();
| if (r0 == 0) {
0x00001a9a cbnz r0, 0x1aba |
| label_7:
0x00001a9c movs r0, 0 | r0 = 0;
| label_2:
0x00001a9e ldr r2, [pc, 0x1b8] |
0x00001aa0 ldr r3, [pc, 0x1b0] | r3 = *(0x1c54);
0x00001aa2 add r2, pc | r2 = 0x3700;
0x00001aa4 ldr r3, [r2, r3] | r3 = *(0x3700);
0x00001aa6 ldr r2, [r3] | r2 = *(0x3700);
0x00001aa8 ldr r3, [sp, 0x6c] | r3 = var_6ch;
0x00001aaa eors r2, r3 | r2 ^= r3;
0x00001aac mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00001ab0 bne.w 0x1c42 | goto label_8;
| }
0x00001ab4 add sp, 0x74 |
0x00001ab6 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x00001aba mov r0, r4 | r0 = r4;
0x00001abc blx 0x1450 | r0 = stack_chk_fail ();
0x00001ac0 mov sl, r0 | sl = r0;
0x00001ac2 cmp r0, 0 |
| if (r0 == 0) {
0x00001ac4 beq.w 0x1c3c | goto label_9;
| }
0x00001ac8 movs r1, 0x2f | r1 = 0x2f;
0x00001aca blx 0x1660 | r0 = strncmp (r0, r1, r2);
0x00001ace mov sb, r0 | sb = r0;
0x00001ad0 cmp r0, 0 |
| if (r0 == 0) {
0x00001ad2 beq.w 0x1c08 | goto label_10;
| }
0x00001ad6 ldr r1, [pc, 0x184] |
0x00001ad8 movs r3, 0 | r3 = 0;
0x00001ada mov r6, r0 | r6 = r0;
0x00001adc mov sb, sl | sb = sl;
0x00001ade strb r3, [r6], 1 | *(r6) = r3;
| r6++;
0x00001ae2 mov r0, r6 | r0 = r6;
0x00001ae4 add r1, pc | r1 = 0x3746;
0x00001ae6 blx 0x13b4 | strstr (r0, r1);
0x00001aea movs r3, 0x5f | r3 = 0x5f;
0x00001aec strh r3, [r0] | *(r0) = r3;
0x00001aee mov r0, sl | r0 = sl;
0x00001af0 blx 0x1518 | r0 = fcn_00001518 ();
0x00001af4 mov r5, r0 | r5 = r0;
| label_6:
0x00001af6 cmp r5, 0 |
| if (r5 == 0) {
0x00001af8 beq.w 0x1c46 | goto label_11;
| }
0x00001afc ldr r3, [pc, 0x160] |
0x00001afe add.w fp, sp, 0x10 |
0x00001b02 add r3, pc | r3 = 0x3766;
0x00001b04 str r3, [sp, 8] | var_8h = r3;
| do {
| label_0:
0x00001b06 mov r0, r5 | r0 = r5;
0x00001b08 blx 0x1654 | r0 = isatty (r0);
0x00001b0c cmp r0, 0 |
| if (r0 == 0) {
0x00001b0e beq 0x1bb6 | goto label_12;
| }
| label_1:
0x00001b10 ldrb r3, [r0, 0xb] | r3 = *((r0 + 0xb));
0x00001b12 add.w r4, r0, 0xb | r4 = r0 + 0xb;
0x00001b16 cmp r3, 0x2e |
| if (r3 != 0x2e) {
0x00001b18 bne 0x1b20 | goto label_13;
| }
0x00001b1a ldrb r3, [r4, 1] | r3 = *((r4 + 1));
0x00001b1c cmp r3, 0 |
0x00001b1e beq 0x1b06 |
| } while (r3 == 0);
| label_13:
0x00001b20 ldrb r3, [r0, 0xb] | r3 = *((r0 + 0xb));
0x00001b22 cmp r3, 0x2e |
| if (r3 != 0x2e) {
0x00001b24 bne 0x1b32 | goto label_14;
| }
0x00001b26 ldrb r3, [r4, 1] | r3 = *((r4 + 1));
0x00001b28 cmp r3, 0x2e |
| if (r3 != 0x2e) {
0x00001b2a bne 0x1b32 | goto label_14;
| }
0x00001b2c ldrb r3, [r4, 2] | r3 = *((r4 + 2));
0x00001b2e cmp r3, 0 |
| if (r3 == 0) {
0x00001b30 beq 0x1b06 | goto label_0;
| }
| label_14:
0x00001b32 mov r0, r6 | r0 = r6;
0x00001b34 blx 0x15ac | sprintf_chk ()
0x00001b38 mov r1, r6 | r1 = r6;
0x00001b3a mov r2, r0 | r2 = r0;
0x00001b3c mov r0, r4 | r0 = r4;
0x00001b3e blx 0x1690 | r0 = fcn_00001690 ();
0x00001b42 cmp r0, 0 |
| if (r0 != 0) {
0x00001b44 bne 0x1b06 | goto label_0;
| }
0x00001b46 ldrd r0, r1, [r7, 0x58] | __asm ("ldrd r0, r1, [r7, 0x58]");
0x00001b4a adds r1, 1 | r1++;
0x00001b4c lsls r1, r1, 2 | r1 <<= 2;
0x00001b4e blx 0x1478 | r0 = fcn_00001478 ();
0x00001b52 cmp r0, 0 |
| if (r0 == 0) {
0x00001b54 beq 0x1c30 | goto label_15;
| }
0x00001b56 str r0, [r7, 0x58] | *((r7 + 0x58)) = r0;
0x00001b58 cmp.w sb, 0 |
| if (sb == 0) {
0x00001b5c beq 0x1bc6 | goto label_16;
| }
0x00001b5e mov r0, sb | r0 = sb;
0x00001b60 blx 0x15ac | r0 = sprintf_chk ()
0x00001b64 mov r8, r0 | r8 = r0;
0x00001b66 mov r0, r4 | r0 = r4;
0x00001b68 blx 0x15ac | sprintf_chk ()
0x00001b6c add r0, r8 | r0 += r8;
0x00001b6e adds r0, 2 | r0 += 2;
0x00001b70 blx 0x1534 | r0 = fcn_00001534 ();
0x00001b74 mov r8, r0 | r8 = r0;
0x00001b76 cmp r0, 0 |
| if (r0 == 0) {
0x00001b78 beq 0x1c30 | goto label_15;
| }
0x00001b7a movs r1, 1 | r1 = 1;
0x00001b7c ldr r3, [sp, 8] | r3 = var_8h;
0x00001b7e mov.w r2, -1 | r2 = -1;
0x00001b82 strd sb, r4, [sp] | __asm ("strd sb, r4, [sp]");
0x00001b86 blx 0x15dc | fileno (r0);
0x00001b8a mov r1, fp | r1 = fp;
0x00001b8c mov r0, r8 | r0 = r8;
0x00001b8e blx 0x150c | r0 = fcn_0000150c ();
| if (r0 == 0) {
0x00001b92 cbnz r0, 0x1ba0 |
0x00001b94 ldr r3, [sp, 0x20] | r3 = var_20h;
0x00001b96 and r3, r3, 0xf000 | r3 &= 0xf000;
0x00001b9a cmp.w r3, 0x8000 |
| if (r3 == 0x8000) {
0x00001b9e beq 0x1be0 | goto label_17;
| }
| }
| label_5:
0x00001ba0 mov r0, r8 | r0 = r8;
0x00001ba2 blx 0x13e8 | fcn_000013e8 ();
| label_3:
0x00001ba6 ldr r3, [r7, 0x5c] | r3 = *((r7 + 0x5c));
| label_4:
0x00001ba8 adds r3, 1 | r3++;
0x00001baa mov r0, r5 | r0 = r5;
0x00001bac str r3, [r7, 0x5c] | *((r7 + 0x5c)) = r3;
0x00001bae blx 0x1654 | r0 = isatty (r0);
0x00001bb2 cmp r0, 0 |
| if (r0 != 0) {
0x00001bb4 bne 0x1b10 | goto label_1;
| }
| label_12:
0x00001bb6 mov r0, sl | r0 = sl;
0x00001bb8 blx 0x13e8 | fcn_000013e8 ();
0x00001bbc mov r0, r5 | r0 = r5;
0x00001bbe blx 0x16b4 | fcn_000016b4 ();
0x00001bc2 movs r0, 1 | r0 = 1;
0x00001bc4 b 0x1a9e | goto label_2;
| label_16:
0x00001bc6 mov r1, fp | r1 = fp;
0x00001bc8 mov r0, r4 | r0 = r4;
0x00001bca blx 0x150c | r0 = fcn_0000150c ();
0x00001bce cmp r0, 0 |
| if (r0 != 0) {
0x00001bd0 bne 0x1ba6 | goto label_3;
| }
0x00001bd2 ldr r3, [sp, 0x20] | r3 = var_20h;
0x00001bd4 and r3, r3, 0xf000 | r3 &= 0xf000;
0x00001bd8 cmp.w r3, 0x8000 |
| if (r3 != 0x8000) {
0x00001bdc bne 0x1ba6 | goto label_3;
| }
0x00001bde mov r8, r4 | r8 = r4;
| label_17:
0x00001be0 ldr r1, [pc, 0x80] |
0x00001be2 mov r0, r8 | r0 = r8;
0x00001be4 ldr r3, [r7, 0x5c] | r3 = *((r7 + 0x5c));
0x00001be6 ldr r4, [r7, 0x58] | r4 = *((r7 + 0x58));
0x00001be8 add r1, pc | r1 = 0x3850;
0x00001bea str r3, [sp, 0xc] | var_ch = r3;
0x00001bec blx 0x13d8 | fopen (r0, r1);
0x00001bf0 ldr r3, [sp, 0xc] | r3 = var_ch;
0x00001bf2 str.w r0, [r4, r3, lsl 2] | __asm ("str.w r0, [r4, r3, lsl 2]");
0x00001bf6 ldrd r2, r3, [r7, 0x58] | __asm ("ldrd r2, r3, [r7, 0x58]");
0x00001bfa ldr.w r2, [r2, r3, lsl 2] | offset_0 = r3 << 2;
| r2 = *((r2 + offset_0));
| if (r2 == 0) {
0x00001bfe cbz r2, 0x1c24 | goto label_18;
| }
0x00001c00 cmp.w sb, 0 |
| if (sb == 0) {
0x00001c04 beq 0x1ba8 | goto label_4;
| }
0x00001c06 b 0x1ba0 | goto label_5;
| label_10:
0x00001c08 ldr r0, [pc, 0x5c] |
0x00001c0a mov r6, sl | r6 = sl;
0x00001c0c add r0, pc | r0 = 0x3878;
0x00001c0e blx 0x1518 | fcn_00001518 ();
0x00001c12 ldr r1, [pc, 0x58] |
0x00001c14 mov r5, r0 | r5 = r0;
0x00001c16 mov r0, sl | r0 = sl;
0x00001c18 add r1, pc | r1 = 0x388a;
0x00001c1a blx 0x13b4 | strstr (r0, r1);
0x00001c1e movs r3, 0x5f | r3 = 0x5f;
0x00001c20 strh r3, [r0] | *(r0) = r3;
0x00001c22 b 0x1af6 | goto label_6;
| label_18:
0x00001c24 cmp.w sb, 0 |
| if (sb != 0) {
0x00001c28 beq 0x1c30 |
0x00001c2a mov r0, r8 | r0 = r8;
0x00001c2c blx 0x13e8 | fcn_000013e8 ();
0x00001c2e invalid |
| }
| label_15:
0x00001c30 mov r0, sl | r0 = sl;
0x00001c32 blx 0x13e8 | fcn_000013e8 ();
0x00001c36 mov r0, r5 | r0 = r5;
0x00001c38 blx 0x16b4 | fcn_000016b4 ();
| do {
| label_9:
0x00001c3c blx 0x14a0 | fcn_000014a0 ();
0x00001c40 b 0x1a9c | goto label_7;
| label_8:
0x00001c42 blx 0x145c | fcn_0000145c ();
| label_11:
0x00001c46 mov r0, sl | r0 = sl;
0x00001c48 blx 0x13e8 | fcn_000013e8 ();
0x00001c4c b 0x1c3c |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libstd2parser.so @ 0x2314 */
| #include <stdint.h>
|
; (fcn) sym.yy_scan_string () | void yy_scan_string (int16_t arg1, int16_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00002314 push {r3, r4, r5, lr} |
0x00002316 mov r5, r1 | r5 = r1;
0x00002318 mov r4, r0 | r4 = r0;
0x0000231a blx 0x15ac | sprintf_chk ()
0x0000231e mov r2, r5 | r2 = r5;
0x00002320 mov r1, r0 | r1 = r0;
0x00002322 mov r0, r4 | r0 = r4;
0x00002324 pop.w {r3, r4, r5, lr} |
0x00002328 b.w 0x1558 | return void (*0x1558)() ();
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libstd2parser.so @ 0x2f00 */
| #include <stdint.h>
|
; (fcn) sym.yyerror () | void yyerror (int16_t arg3, int16_t arg4) {
| int16_t var_0h;
| int16_t var_4h;
| int16_t var_8h;
| int16_t var_ch;
| r2 = arg3;
| r3 = arg4;
0x00002f00 push.w {r4, r5, r6, r7, r8, lr} |
0x00002f04 mov r0, r3 | r0 = r3;
0x00002f06 mov r5, r2 | r5 = r2;
0x00002f08 sub sp, 0x10 |
0x00002f0a mov r6, r3 | r6 = r3;
0x00002f0c blx 0x15ac | sprintf_chk ()
0x00002f0e adc.w fp, lr, pc, asr 26 | __asm ("adc.w fp, lr, pc, asr 26");
0x00002f12 mov r4, r0 | r4 = r0;
| if (r7 == 0) {
0x00002f14 cbz r7, 0x2f70 | goto label_1;
| }
0x00002f16 mov r0, r7 | r0 = r7;
0x00002f18 blx 0x15ac | r0 = sprintf_chk ()
0x00002f1c mov r2, r0 | r2 = r0;
0x00002f1e mov r3, r0 | r3 = r0;
| if (r0 != 0) {
0x00002f20 cbnz r0, 0x2f66 | goto label_2;
| }
0x00002f22 ldr r7, [pc, 0x58] |
0x00002f24 add r7, pc | r7 = 0x5ea6;
0x00002f26 mov r8, r7 | r8 = r7;
| do {
| label_0:
0x00002f28 add.w r0, r4, 0x32 | r0 = r4 + 0x32;
0x00002f2c add r0, r2 | r0 += r2;
0x00002f2e add r0, r3 | r0 += r3;
0x00002f30 adds r0, 1 | r0++;
0x00002f32 blx 0x1534 | fcn_00001534 ();
0x00002f36 ldr r3, [pc, 0x48] |
0x00002f38 mov.w r2, -1 | r2 = -1;
0x00002f3c str r0, [r5, 0x34] | *((r5 + 0x34)) = r0;
0x00002f3e str r7, [sp, 0xc] | var_ch = r7;
0x00002f40 ldr r1, [r5, 0x28] | r1 = *((r5 + 0x28));
0x00002f42 add r3, pc | r3 = 0x5ec8;
0x00002f44 str.w r8, [sp, 8] | __asm ("str.w r8, [var_8h]");
0x00002f48 str r6, [sp] | *(sp) = r6;
0x00002f4a str r1, [sp, 4] | var_4h = r1;
0x00002f4c movs r1, 1 | r1 = 1;
0x00002f4e blx 0x15dc | fileno (r0);
0x00002f52 ldr r0, [r5, 0x38] | r0 = *((r5 + 0x38));
0x00002f54 blx 0x13e8 | fcn_000013e8 ();
0x00002f58 movs r0, 0 | r0 = 0;
0x00002f5a movs r3, 1 | r3 = 1;
0x00002f5c str r0, [r5, 0x38] | *((r5 + 0x38)) = r0;
0x00002f5e str r3, [r5, 0x30] | *((r5 + 0x30)) = r3;
0x00002f60 add sp, 0x10 |
0x00002f62 pop.w {r4, r5, r6, r7, r8, pc} |
| label_2:
0x00002f66 ldr.w r8, [pc, 0x1c] |
0x00002f6a movs r2, 2 | r2 = 2;
0x00002f6c add r8, pc | r8 = 0x5ef6;
0x00002f6e b 0x2f28 |
| } while (1);
| label_1:
0x00002f70 mov r2, r7 | r2 = r7;
0x00002f72 mov r3, r7 | r3 = r7;
0x00002f74 ldr r7, [pc, 0x10] |
0x00002f76 add r7, pc | r7 = 0x5f02;
0x00002f78 mov r8, r7 | r8 = r7;
0x00002f7a b 0x2f28 | goto label_0;
| }
[*] Function sprintf used 8 times libstd2parser.so
