[*] Binary protection state of libex_common.so
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function printf tear down of libex_common.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libex_common.so @ 0x150c */
| #include <stdint.h>
|
; (fcn) sym.app_boot_Connect () | void app_boot_Connect (int16_t arg1) {
| int16_t var_2h;
| int16_t var_4h;
| int16_t var_1h;
| int16_t var_8h;
| int16_t var_44h;
| r0 = arg1;
0x0000150c mvnsmi lr, sp, lsr 18 | __asm ("mvnsmi lr, sp, lsr 18");
0x00001510 movs r4, 0 | r4 = 0;
0x00001512 ldr r5, [pc, 0x134] |
0x00001514 sub sp, 0x48 |
0x00001516 mov r7, r0 | r7 = r0;
0x00001518 movs r2, 0x3c | r2 = 0x3c;
0x0000151a ldr r3, [pc, 0x130] | r3 = *(0x164e);
0x0000151c mov r1, r4 | r1 = r4;
0x0000151e add r5, pc | r5 = 0x2b6c;
0x00001520 add r0, sp, 8 | r0 += var_8h;
0x00001522 ldr r3, [r5, r3] |
0x00001524 add r5, sp, 4 | r5 += var_4h;
0x00001526 ldr r3, [r3] | r3 = *(0x2b6c);
0x00001528 str r3, [sp, 0x44] | var_44h = r3;
0x0000152a mov.w r3, 0 | r3 = 0;
0x0000152e str r4, [sp, 4] | var_4h = r4;
0x00001530 blx 0x1148 | fcn_00001148 ();
0x00001534 movs r2, 0x40 | r2 = 0x40;
0x00001536 add.w r3, sp, 2 | r3 += var_2h;
0x0000153a strh.w r2, [sp, 2] | var_2h = r2;
0x0000153e mov r1, r7 | r1 = r7;
0x00001540 mov r2, r5 | r2 = r5;
0x00001542 mov r0, r4 | r0 = r4;
0x00001544 blx 0x122c | fcn_0000122c ();
0x00001548 ldrh.w r3, [sp, 2] | r3 = var_2h;
0x0000154c mov r6, r0 | r6 = r0;
| if (r3 == 0) {
0x0000154e cbz r3, 0x1572 | goto label_1;
| }
0x00001550 ldr.w r8, [pc, 0xfc] |
0x00001554 add r8, pc | r8 = 0x2ba8;
| do {
0x00001556 movs r0, 1 | r0 = 1;
0x00001558 ldrb r2, [r5], 1 | r2 = *(r5);
| r5++;
0x0000155c mov r1, r8 | r1 = r8;
0x0000155e add r4, r0 | r4 += r0;
0x00001560 blx 0x1108 | printf_chk ()
0x00001564 ldrh.w r3, [sp, 2] | r3 = var_2h;
0x00001568 cmp r4, r3 |
0x0000156a blt 0x1556 |
| } while (r4 < r3);
0x0000156c movs r0, 0xa | r0 = 0xa;
0x0000156e blx 0x1114 | putchar (r0);
| label_1:
0x00001572 add.w r3, r6, 0x8f00 | r3 = r6 + 0x8f00;
0x00001576 adds r3, 0xff | r3 += 0xff;
0x00001578 uxth r3, r3 | r3 = (int16_t) r3;
0x0000157a cmp r3, 1 |
| if (r3 < 1) {
0x0000157c bls 0x1606 | goto label_2;
| }
0x0000157e movw r3, 0x7012 | r3 = 0x7012;
0x00001582 cmp r6, r3 |
| if (r6 == r3) {
0x00001584 beq 0x1616 | goto label_3;
| }
0x00001586 movw r3, 0x7013 | r3 = 0x7013;
0x0000158a cmp r6, r3 |
| if (r6 == r3) {
0x0000158c beq 0x1626 | goto label_4;
| }
0x0000158e cmp.w r6, 0x8000 |
| if (r6 == 0x8000) {
0x00001592 beq 0x1636 | goto label_5;
| }
0x00001594 cmp.w r6, 0x9000 |
| if (r6 == 0x9000) {
0x00001598 beq 0x15ae | goto label_6;
| }
0x0000159a cbz r6, 0x15ae |
| while (1) {
| label_0:
0x0000159c ldr r0, [pc, 0xb4] |
0x0000159e add r0, pc | r0 = 0x2bf6;
0x000015a0 blx 0x1268 | fcn_00001268 ();
0x000015a4 ldr r0, [pc, 0xb0] |
0x000015a6 add r0, pc | r0 = 0x2c02;
0x000015a8 blx 0x1268 | fcn_00001268 ();
0x000015ac b 0x15ea | goto label_7;
| label_6:
0x000015ae ldr r1, [pc, 0xac] |
0x000015b0 movs r0, 1 | r0 = 1;
0x000015b2 movs r6, 0 | r6 = 0;
0x000015b4 add r1, pc | r1 = 0x2c16;
0x000015b6 blx 0x1108 | printf_chk ()
0x000015ba ldr r0, [pc, 0xa4] |
0x000015bc add r0, pc | r0 = 0x2c22;
0x000015be blx 0x1268 | fcn_00001268 ();
0x000015c2 ldr r1, [pc, 0xa0] |
0x000015c4 movs r0, 1 | r0 = 1;
0x000015c6 ldr r2, [r7, 8] | r2 = *((r7 + 8));
0x000015c8 add r1, pc | r1 = 0x2c32;
0x000015ca blx 0x1108 | printf_chk ()
0x000015ce ldr r1, [pc, 0x98] |
0x000015d0 movs r0, 1 | r0 = 1;
0x000015d2 ldrh r2, [r7, 0xc] | r2 = *((r7 + 0xc));
0x000015d4 add r1, pc | r1 = 0x2c42;
0x000015d6 blx 0x1108 | printf_chk ()
0x000015da ldr r0, [pc, 0x90] |
0x000015dc add r0, pc | r0 = 0x2c4e;
0x000015de blx 0x1268 | fcn_00001268 ();
0x000015e2 ldr r0, [pc, 0x8c] |
0x000015e4 add r0, pc | r0 = 0x2c5a;
0x000015e6 blx 0x1268 | fcn_00001268 ();
| label_7:
0x000015ea ldr r2, [pc, 0x88] |
0x000015ec ldr r3, [pc, 0x5c] | r3 = *(0x164c);
0x000015ee add r2, pc | r2 = 0x2c68;
0x000015f0 ldr r3, [r2, r3] | r3 = *(0x2c68);
0x000015f2 ldr r2, [r3] | r2 = *(0x2c68);
0x000015f4 ldr r3, [sp, 0x44] | r3 = var_44h;
0x000015f6 eors r2, r3 | r2 ^= r3;
0x000015f8 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x000015fc bne 0x1642 | goto label_8;
| }
0x000015fe mov r0, r6 | r0 = r6;
0x00001600 add sp, 0x48 |
0x00001602 pop.w {r4, r5, r6, r7, r8, pc} |
| label_2:
0x00001606 ldr r1, [pc, 0x70] |
0x00001608 mov r2, r6 | r2 = r6;
0x0000160a movs r0, 1 | r0 = 1;
0x0000160c movs r6, 2 | r6 = 2;
0x0000160e add r1, pc | r1 = 0x2c8c;
0x00001610 blx 0x1108 | printf_chk ()
0x00001614 b 0x159c |
| }
| label_3:
0x00001616 ldr r1, [pc, 0x64] |
0x00001618 mov r2, r6 | r2 = r6;
0x0000161a movs r0, 1 | r0 = 1;
0x0000161c movs r6, 4 | r6 = 4;
0x0000161e add r1, pc | r1 = 0x2ca0;
0x00001620 blx 0x1108 | printf_chk ()
0x00001624 b 0x159c | goto label_0;
| label_4:
0x00001626 ldr r1, [pc, 0x58] |
0x00001628 mov r2, r6 | r2 = r6;
0x0000162a movs r0, 1 | r0 = 1;
0x0000162c movs r6, 5 | r6 = 5;
0x0000162e add r1, pc | r1 = 0x2cb4;
0x00001630 blx 0x1108 | printf_chk ()
0x00001634 b 0x159c | goto label_0;
| label_5:
0x00001636 ldr r0, [pc, 0x4c] |
0x00001638 movs r6, 3 | r6 = 3;
0x0000163a add r0, pc | r0 = 0x2cc4;
0x0000163c blx 0x1268 | fcn_00001268 ();
0x00001640 b 0x159c | goto label_0;
| label_8:
0x00001642 blx 0x125c | fcn_0000125c ();
0x00001646 nop |
0x00001648 cmp r2, 0xa |
0x0000164a movs r0, r0 |
0x0000164c lsls r4, r1, 3 | r4 = r1 << 3;
0x0000164e movs r0, r0 |
0x00001650 asrs r4, r2, 7 | r4 = r2 >> 7;
0x00001652 movs r0, r0 |
0x00001654 asrs r6, r2, 0xd | r6 = r2 >> 0xd;
0x00001656 movs r0, r0 |
0x00001658 asrs r6, r5, 0xc | r6 = r5 >> 0xc;
0x0000165a movs r0, r0 |
0x0000165c asrs r0, r2, 0xa | r0 = r2 >> 0xa;
0x0000165e movs r0, r0 |
0x00001660 asrs r4, r2, 0xa | r4 = r2 >> 0xa;
0x00001662 movs r0, r0 |
0x00001664 asrs r4, r6, 0xa | r4 = r6 >> 0xa;
0x00001666 movs r0, r0 |
0x00001668 asrs r4, r0, 0xb | r4 = r0 >> 0xb;
0x0000166a movs r0, r0 |
0x0000166c asrs r0, r3, 0xc | r0 = r3 >> 0xc;
0x0000166e movs r0, r0 |
0x00001670 asrs r0, r2, 0xb | r0 = r2 >> 0xb;
0x00001672 movs r0, r0 |
0x00001674 cmp r1, 0x3a |
0x00001676 movs r0, r0 |
0x00001678 asrs r2, r4, 4 | r2 = r4 >> 4;
0x0000167a movs r0, r0 |
0x0000167c asrs r2, r7, 4 | r2 = r7 >> 4;
0x0000167e movs r0, r0 |
0x00001680 asrs r6, r6, 5 | r6 >>= 5;
0x00001682 movs r0, r0 |
0x00001684 asrs r6, r7, 6 | r6 = r7 >> 6;
0x00001686 movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libex_common.so @ 0x1688 */
| #include <stdint.h>
|
; (fcn) sym.app_test_status () | void app_test_status (uint32_t arg1) {
| int16_t var_0h;
| r0 = arg1;
| if (? >= ?) {
0x00001688 strlt r2, [r0, -0x801] | *((r0 - 0x801)) = r2;
| }
0x0000168c sub sp, 0xc |
| if (? == ?) {
0x0000168e beq 0x16b2 | goto label_0;
| }
0x00001690 ldr r2, [pc, 0x24] |
0x00001692 add r2, pc | r2 = 0x2d4e;
| do {
0x00001694 ldr.w ip, [pc, 0x24] | ip = *(0x000016bc);
0x00001698 movs r0, 1 | r0 = 1;
0x0000169a ldr r3, [pc, 0x24] |
0x0000169c ldr r1, [pc, 0x24] |
0x0000169e add ip, pc |
0x000016a0 add r3, pc | r3 = 0x2d66;
0x000016a2 str.w ip, [sp] | __asm ("str.w ip, [sp]");
0x000016a6 add r1, pc | r1 = 0x2d6e;
0x000016a8 blx 0x1108 | printf_chk ()
0x000016ac add sp, 0xc |
0x000016ae ldr pc, [sp], 4 | pc = *(sp);
| sp += 4;
| label_0:
0x000016b2 ldr r2, [pc, 0x14] |
0x000016b4 add r2, pc | r2 = 0x2d82;
0x000016b6 b 0x1694 |
| } while (1);
| }
[*] Function printf used 9 times libex_common.so
