[*] Binary protection state of liba7x_utils.so
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function printf tear down of liba7x_utils.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/liba7x_utils.so @ 0xc2c */
| #include <stdint.h>
|
; (fcn) sym.app_boot_Connect () | void app_boot_Connect (int16_t arg1) {
| int16_t var_2h;
| int16_t var_4h;
| int16_t var_1h;
| void * s;
| int16_t var_44h;
| r0 = arg1;
0x00000c2c mvnsmi lr, sp, lsr 18 | __asm ("mvnsmi lr, sp, lsr 18");
0x00000c30 movs r4, 0 | r4 = 0;
0x00000c32 ldr r5, [pc, 0x134] |
0x00000c34 sub sp, 0x48 |
0x00000c36 mov r7, r0 | r7 = r0;
0x00000c38 movs r2, 0x3c | r2 = 0x3c;
0x00000c3a ldr r3, [pc, 0x130] | r3 = *(0xd6e);
0x00000c3c mov r1, r4 | r1 = r4;
0x00000c3e add r5, pc | r5 = 0x19ac;
0x00000c40 add r0, sp, 8 | r0 += s;
0x00000c42 ldr r3, [r5, r3] |
0x00000c44 add r5, sp, 4 | r5 += var_4h;
0x00000c46 ldr r3, [r3] | r3 = *(0x19ac);
0x00000c48 str r3, [sp, 0x44] | var_44h = r3;
0x00000c4a mov.w r3, 0 | r3 = 0;
0x00000c4e str r4, [sp, 4] | var_4h = r4;
0x00000c50 blx 0x8cc | memset (r0, r1, r2);
0x00000c54 movs r2, 0x40 | r2 = 0x40;
0x00000c56 add.w r3, sp, 2 | r3 += var_2h;
0x00000c5a strh.w r2, [sp, 2] | var_2h = r2;
0x00000c5e mov r1, r7 | r1 = r7;
0x00000c60 mov r2, r5 | r2 = r5;
0x00000c62 mov r0, r4 | r0 = r4;
0x00000c64 blx 0x94c | fcn_0000094c ();
0x00000c68 ldrh.w r3, [sp, 2] | r3 = var_2h;
0x00000c6c mov r6, r0 | r6 = r0;
| if (r3 == 0) {
0x00000c6e cbz r3, 0xc92 | goto label_1;
| }
0x00000c70 ldr.w r8, [pc, 0xfc] |
0x00000c74 add r8, pc | r8 = 0x19e8;
| do {
0x00000c76 movs r0, 1 | r0 = 1;
0x00000c78 ldrb r2, [r5], 1 | r2 = *(r5);
| r5++;
0x00000c7c mov r1, r8 | r1 = r8;
0x00000c7e add r4, r0 | r4 += r0;
0x00000c80 blx 0x8f0 | printf_chk ()
0x00000c84 ldrh.w r3, [sp, 2] | r3 = var_2h;
0x00000c88 cmp r4, r3 |
0x00000c8a blt 0xc76 |
| } while (r4 < r3);
0x00000c8c movs r0, 0xa | r0 = 0xa;
0x00000c8e blx 0x8e4 | putchar (r0);
| label_1:
0x00000c92 add.w r3, r6, 0x8f00 | r3 = r6 + 0x8f00;
0x00000c96 adds r3, 0xff | r3 += 0xff;
0x00000c98 uxth r3, r3 | r3 = (int16_t) r3;
0x00000c9a cmp r3, 1 |
| if (r3 < 1) {
0x00000c9c bls 0xd26 | goto label_2;
| }
0x00000c9e movw r3, 0x7012 | r3 = 0x7012;
0x00000ca2 cmp r6, r3 |
| if (r6 == r3) {
0x00000ca4 beq 0xd36 | goto label_3;
| }
0x00000ca6 movw r3, 0x7013 | r3 = 0x7013;
0x00000caa cmp r6, r3 |
| if (r6 == r3) {
0x00000cac beq 0xd46 | goto label_4;
| }
0x00000cae cmp.w r6, 0x8000 |
| if (r6 == 0x8000) {
0x00000cb2 beq 0xd56 | goto label_5;
| }
0x00000cb4 cmp.w r6, 0x9000 |
| if (r6 == 0x9000) {
0x00000cb8 beq 0xcce | goto label_6;
| }
0x00000cba cbz r6, 0xcce |
| while (1) {
| label_0:
0x00000cbc ldr r0, [pc, 0xb4] |
0x00000cbe add r0, pc | r0 = 0x1a36;
0x00000cc0 blx 0x8a8 | puts (r0);
0x00000cc4 ldr r0, [pc, 0xb0] |
0x00000cc6 add r0, pc | r0 = 0x1a42;
0x00000cc8 blx 0x8a8 | puts (r0);
0x00000ccc b 0xd0a | goto label_7;
| label_6:
0x00000cce ldr r1, [pc, 0xac] |
0x00000cd0 movs r0, 1 | r0 = 1;
0x00000cd2 movs r6, 0 | r6 = 0;
0x00000cd4 add r1, pc | r1 = 0x1a56;
0x00000cd6 blx 0x8f0 | printf_chk ()
0x00000cda ldr r0, [pc, 0xa4] |
0x00000cdc add r0, pc | r0 = 0x1a62;
0x00000cde blx 0x8a8 | puts (r0);
0x00000ce2 ldr r1, [pc, 0xa0] |
0x00000ce4 movs r0, 1 | r0 = 1;
0x00000ce6 ldr r2, [r7, 8] | r2 = *((r7 + 8));
0x00000ce8 add r1, pc | r1 = 0x1a72;
0x00000cea blx 0x8f0 | printf_chk ()
0x00000cee ldr r1, [pc, 0x98] |
0x00000cf0 movs r0, 1 | r0 = 1;
0x00000cf2 ldrh r2, [r7, 0xc] | r2 = *((r7 + 0xc));
0x00000cf4 add r1, pc | r1 = 0x1a82;
0x00000cf6 blx 0x8f0 | printf_chk ()
0x00000cfa ldr r0, [pc, 0x90] |
0x00000cfc add r0, pc | r0 = 0x1a8e;
0x00000cfe blx 0x8a8 | puts (r0);
0x00000d02 ldr r0, [pc, 0x8c] |
0x00000d04 add r0, pc | r0 = 0x1a9a;
0x00000d06 blx 0x8a8 | puts (r0);
| label_7:
0x00000d0a ldr r2, [pc, 0x88] |
0x00000d0c ldr r3, [pc, 0x5c] | r3 = *(0xd6c);
0x00000d0e add r2, pc | r2 = 0x1aa8;
0x00000d10 ldr r3, [r2, r3] | r3 = *(0x1aa8);
0x00000d12 ldr r2, [r3] | r2 = *(0x1aa8);
0x00000d14 ldr r3, [sp, 0x44] | r3 = var_44h;
0x00000d16 eors r2, r3 | r2 ^= r3;
0x00000d18 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x00000d1c bne 0xd62 | goto label_8;
| }
0x00000d1e mov r0, r6 | r0 = r6;
0x00000d20 add sp, 0x48 |
0x00000d22 pop.w {r4, r5, r6, r7, r8, pc} |
| label_2:
0x00000d26 ldr r1, [pc, 0x70] |
0x00000d28 mov r2, r6 | r2 = r6;
0x00000d2a movs r0, 1 | r0 = 1;
0x00000d2c movs r6, 2 | r6 = 2;
0x00000d2e add r1, pc | r1 = 0x1acc;
0x00000d30 blx 0x8f0 | printf_chk ()
0x00000d34 b 0xcbc |
| }
| label_3:
0x00000d36 ldr r1, [pc, 0x64] |
0x00000d38 mov r2, r6 | r2 = r6;
0x00000d3a movs r0, 1 | r0 = 1;
0x00000d3c movs r6, 4 | r6 = 4;
0x00000d3e add r1, pc | r1 = 0x1ae0;
0x00000d40 blx 0x8f0 | printf_chk ()
0x00000d44 b 0xcbc | goto label_0;
| label_4:
0x00000d46 ldr r1, [pc, 0x58] |
0x00000d48 mov r2, r6 | r2 = r6;
0x00000d4a movs r0, 1 | r0 = 1;
0x00000d4c movs r6, 5 | r6 = 5;
0x00000d4e add r1, pc | r1 = 0x1af4;
0x00000d50 blx 0x8f0 | printf_chk ()
0x00000d54 b 0xcbc | goto label_0;
| label_5:
0x00000d56 ldr r0, [pc, 0x4c] |
0x00000d58 movs r6, 3 | r6 = 3;
0x00000d5a add r0, pc | r0 = 0x1b04;
0x00000d5c blx 0x8a8 | puts (r0);
0x00000d60 b 0xcbc | goto label_0;
| label_8:
0x00000d62 blx 0x890 | stack_chk_fail ();
0x00000d66 nop |
0x00000d68 movs r3, 0x4e | r3 = 0x4e;
0x00000d6a movs r0, r0 |
0x00000d6c lsls r4, r4, 1 | r4 <<= 1;
0x00000d6e movs r0, r0 |
0x00000d70 lsls r0, r1, 0x12 | r0 = r1 << 0x12;
0x00000d72 movs r0, r0 |
0x00000d74 lsls r2, r1, 0x18 | r2 = r1 << 0x18;
0x00000d76 movs r0, r0 |
0x00000d78 lsls r2, r4, 0x17 | r2 = r4 << 0x17;
0x00000d7a movs r0, r0 |
0x00000d7c lsls r4, r0, 0x15 | r4 = r0 << 0x15;
0x00000d7e movs r0, r0 |
0x00000d80 lsls r0, r1, 0x15 | r0 = r1 << 0x15;
0x00000d82 movs r0, r0 |
0x00000d84 lsls r0, r5, 0x15 | r0 = r5 << 0x15;
0x00000d86 movs r0, r0 |
0x00000d88 lsls r0, r7, 0x15 | r0 = r7 << 0x15;
0x00000d8a movs r0, r0 |
0x00000d8c lsls r4, r1, 0x17 | r4 = r1 << 0x17;
0x00000d8e movs r0, r0 |
0x00000d90 lsls r4, r0, 0x16 | r4 = r0 << 0x16;
0x00000d92 movs r0, r0 |
0x00000d94 movs r2, 0x7e | r2 = 0x7e;
0x00000d96 movs r0, r0 |
0x00000d98 lsls r6, r2, 0xf | r6 = r2 << 0xf;
0x00000d9a movs r0, r0 |
0x00000d9c lsls r6, r5, 0xf | r6 = r5 << 0xf;
0x00000d9e movs r0, r0 |
0x00000da0 lsls r2, r5, 0x10 | r2 = r5 << 0x10;
0x00000da2 movs r0, r0 |
0x00000da4 lsls r2, r6, 0x11 | r2 = r6 << 0x11;
0x00000da6 movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/liba7x_utils.so @ 0xda8 */
| #include <stdint.h>
|
; (fcn) sym.app_test_status () | void app_test_status (uint32_t arg1) {
| int16_t var_0h;
| r0 = arg1;
| if (? >= ?) {
0x00000da8 strlt r2, [r0, -0x801] | *((r0 - 0x801)) = r2;
| }
0x00000dac sub sp, 0xc |
| if (? == ?) {
0x00000dae beq 0xdd2 | goto label_0;
| }
0x00000db0 ldr r2, [pc, 0x24] |
0x00000db2 add r2, pc | r2 = 0x1b8e;
| do {
0x00000db4 ldr.w ip, [pc, 0x24] |
0x00000db8 movs r0, 1 | r0 = 1;
0x00000dba ldr r3, [pc, 0x24] |
0x00000dbc ldr r1, [pc, 0x24] |
0x00000dbe add ip, pc | ip = 0x1b9e;
0x00000dc0 add r3, pc | r3 = 0x1ba6;
0x00000dc2 str.w ip, [sp] | __asm ("str.w ip, [sp]");
0x00000dc6 add r1, pc | r1 = 0x1bae;
0x00000dc8 blx 0x8f0 | printf_chk ()
0x00000dcc add sp, 0xc |
0x00000dce ldr pc, [sp], 4 | pc = *(sp);
| sp += 4;
| label_0:
0x00000dd2 ldr r2, [pc, 0x14] |
0x00000dd4 add r2, pc | r2 = 0x1bc2;
0x00000dd6 b 0xdb4 |
| } while (1);
| }
[*] Function printf used 9 times liba7x_utils.so
