[*] Binary protection state of libsssapisw.so
Full RELRO Canary found NX enabled DSO No RPATH No RUNPATH No Symbols
[*] Function printf tear down of libsssapisw.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libsssapisw.so @ 0xc4dc */
| #include <stdint.h>
|
; (fcn) sym.emsa_decode_and_compare () | void emsa_decode_and_compare (int16_t arg_28h, int16_t arg_308h, int16_t arg_6b4h, int16_t arg_6e0h, int16_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_0h_3;
| int16_t var_4h_2;
| int16_t var_8h;
| int16_t var_ch_2;
| int16_t var_14h_2;
| int16_t var_18h;
| int16_t var_60h;
| int16_t var_ach_2;
| int16_t var_b4h;
| int16_t var_b8h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x0000c4dc svcmi 0xf0e92d | __asm ("svcmi aav.0x000000ff");
0x0000c4e0 mov r5, r2 | r5 = r2;
0x0000c4e2 ldr r2, [pc, 0x1dc] |
0x0000c4e4 mov r6, r3 | r6 = r3;
0x0000c4e6 subw sp, sp, 0x6bc | __asm ("subw sp, sp, aav.0x000000ff");
0x0000c4ea movs r4, 0 | r4 = 0;
0x0000c4ec ldr r3, [pc, 0x1d4] | r3 = *(0xc6c4);
0x0000c4ee mov fp, r1 |
0x0000c4f0 add r2, pc | r2 = 0x18bb6;
0x0000c4f2 mov r1, r4 | r1 = r4;
0x0000c4f4 add.w sb, sp, 0xb4 | sb += var_b4h;
0x0000c4f8 mov r8, r0 | r8 = r0;
0x0000c4fa ldr r3, [r2, r3] |
0x0000c4fc add r0, sp, 0xb8 | r0 += var_b8h;
0x0000c4fe add r7, sp, 0x60 | r7 += var_60h;
0x0000c500 mov.w r2, 0x1fc | r2 = 0x1fc;
0x0000c504 add.w sl, sp, 0x14 | sl += var_14h_2;
0x0000c508 ldr r3, [r3] | r3 = *(0x18bb6);
0x0000c50a str.w r3, [sp, 0x6b4] | __asm ("str.w r3, [arg_6b4h]");
0x0000c50e mov.w r3, 0 | r3 = 0;
0x0000c512 str.w r4, [sb] | __asm ("str.w r4, [sb]");
0x0000c514 ands r0, r0 | r0 &= r0;
0x0000c516 blx 0x8630 | fcn_00008630 ();
0x0000c51a mov r1, r4 | r1 = r4;
0x0000c51c mov.w r3, 0x200 | r3 = 0x200;
0x0000c520 movs r2, 0x4c | r2 = 0x4c;
0x0000c522 mov r0, r7 | r0 = r7;
0x0000c524 str.w r3, [sl] | __asm ("str.w r3, [sl]");
0x0000c528 blx 0x8630 | fcn_00008630 ();
0x0000c52c cmp r6, r4 |
0x0000c52e it ne |
| if (r6 != r4) {
0x0000c530 cmpne r5, r4 | __asm ("cmpne r5, r4");
| }
0x0000c532 ite eq |
| if (r6 != r4) {
0x0000c534 moveq r4, 1 | r4 = 1;
| }
| if (r6 == r4) {
0x0000c536 movne r4, 0 | r4 = 0;
| }
0x0000c538 cmp.w fp, 0 |
0x0000c53c it eq |
| if (fp != 0) {
0x0000c53e orreq r4, r4, 1 | r4 |= 1;
| }
0x0000c542 cbz r4, 0xc56e |
| while (r0 != 0x5a5a5a5a) {
| label_0:
0x0000c544 movs r4, 1 | r4 = 1;
| label_1:
0x0000c546 mov r0, r7 | r0 = r7;
0x0000c548 blx 0x8538 | fcn_00008538 ();
0x0000c54c ldr r2, [pc, 0x178] |
0x0000c54e ldr r3, [pc, 0x174] | r3 = *(0xc6c6);
0x0000c550 add r2, pc | r2 = 0x18c1c;
0x0000c552 ldr r3, [r2, r3] | r3 = *(0x18c1c);
0x0000c554 ldr r2, [r3] | r2 = *(0x18c1c);
0x0000c556 ldr.w r3, [sp, 0x6b4] | r3 = *(arg_6b4h);
0x0000c55a eors r2, r3 | r2 ^= r3;
0x0000c55c mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x0000c560 bne.w 0xc6bc | goto label_3;
| }
0x0000c564 mov r0, r4 | r0 = r4;
0x0000c566 addw sp, sp, 0x6bc | __asm ("addw sp, sp, aav.0x000000ff");
0x0000c56a pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x0000c56e mov r1, fp | r1 = fp;
0x0000c570 add.w fp, sp, 0x2b4 |
0x0000c574 mov.w r3, 0x400 | r3 = 0x400;
0x0000c578 mov r2, r5 | r2 = r5;
0x0000c57a mov r0, fp | r0 = fp;
0x0000c57c blx 0x8068 | fcn_00008068 ();
0x0000c580 mov r3, r4 | r3 = r4;
0x0000c582 mov r2, r4 | r2 = r4;
0x0000c584 mov.w r1, 0x102 | r1 = 0x102;
0x0000c588 mov r0, r7 | r0 = r7;
0x0000c58a str r4, [sp] | *(sp) = r4;
0x0000c58c blx 0x9358 | r0 = fcn_00009358 ();
0x0000c590 cmp.w r0, 0x5a5a5a5a |
0x0000c594 bne 0xc544 |
| }
0x0000c596 ldr.w r0, [r8, 8] | r0 = *((r8 + 8));
0x0000c59a mvn r3, 0x800 | r3 = ~0x800;
0x0000c59e adds r3, r0, r3 | r3 = r0 + r3;
0x0000c5a0 cmp r3, 4 |
| if (r3 > 4) {
0x0000c5a2 bhi 0xc544 | goto label_0;
| }
0x0000c5a4 ldr r2, [pc, 0x124] |
0x0000c5a6 add r2, pc | r2 = 0x18c76;
0x0000c5a8 add.w r3, r2, r3, lsl 2 | r3 = r2 + (r3 << 2);
0x0000c5ac ldr r3, [r3, 0x10] | r3 = *((r3 + 0x10));
0x0000c5ae str r3, [sp, 8] | var_8h = r3;
0x0000c5b0 subs r3, r5, 1 | r3 = r5 - 1;
0x0000c5b2 ldrb.w r2, [fp, r3] | r2 = *((fp + r3));
0x0000c5b6 cmp r2, 0xbc |
| if (r2 != 0xbc) {
0x0000c5b8 bne 0xc544 | goto label_0;
| }
0x0000c5ba ldr r1, [sp, 8] | r1 = var_8h;
0x0000c5bc strd r4, r4, [sp, 0xac] | __asm ("strd r4, r4, [sp, 0xac]");
0x0000c5c0 lsls r2, r1, 3 | r2 = r1 << 3;
0x0000c5c2 rsb.w r1, r5, 1 | r1 = 1 - r5;
0x0000c5c6 subs r2, 1 | r2--;
0x0000c5c8 add.w ip, r2, r1, lsl 3 |
0x0000c5cc ldrb.w r1, [fp] | r1 = *(fp);
0x0000c5d0 add r2, sp, 0xac | r2 += var_ach_2;
0x0000c5d2 str r2, [sp, 0xc] | var_ch_2 = r2;
0x0000c5d4 asrs.w r1, r1, ip | r1 >>= ip;
| if (r2 != 1) {
0x0000c5d8 bne 0xc544 | goto label_0;
| }
0x0000c5da ldr r1, [sp, 8] | r1 = var_8h;
0x0000c5dc adds r2, r1, 2 | r2 = r1 + 2;
0x0000c5de cmp r2, r5 |
| if (r2 > r5) {
0x0000c5e0 bhi 0xc544 | goto label_0;
| }
0x0000c5e2 mov r2, r1 | r2 = r1;
0x0000c5e4 subs r1, r3, r1 | r1 = r3 - r1;
0x0000c5e6 sub.w r4, r0, 0x500 | r4 = r0 - 0x500;
0x0000c5ea str.w r8, [sp, 4] | __asm ("str.w r8, [var_4h_2]");
0x0000c5ee add.w r8, fp, r1 | r8 = fp + r1;
0x0000c5f2 mov r3, r2 | r3 = r2;
0x0000c5f4 mov r0, fp | r0 = fp;
0x0000c5f6 mov r2, r8 | r2 = r8;
0x0000c5f8 str r4, [sp] | *(sp) = r4;
0x0000c5fa blx 0x8d90 | r0 = fcn_00008d90 ();
0x0000c5fe cmp r0, 0 |
| if (r0 != 0) {
0x0000c600 bne 0xc544 | goto label_0;
| }
0x0000c602 ldrb.w r3, [fp] | r3 = *(fp);
0x0000c606 add.w r2, r8, -1 | r2 = r8 + -1;
0x0000c60a cmp r2, fp |
0x0000c60c it ls |
| if (r2 > fp) {
0x0000c60e movls r5, fp | r5 = fp;
| }
0x0000c610 and r3, r3, 0x7f | r3 &= 0x7f;
0x0000c614 strb.w r3, [fp] | *(fp) = r3;
| if (r2 > fp) {
0x0000c618 bhi 0xc622 | goto label_4;
| }
0x0000c61a b 0xc62c | goto label_2;
| do {
0x0000c61c cmp r2, fp |
0x0000c61e ldrb r3, [r5, 1] | r3 = *((r5 + 1));
| if (r2 == fp) {
0x0000c620 beq 0xc6b8 | goto label_5;
| }
| label_4:
0x0000c622 mov r5, fp | r5 = fp;
0x0000c624 add.w fp, fp, 1 |
0x0000c628 cmp r3, 0 |
0x0000c62a beq 0xc61c |
| } while (r3 == 0);
| label_2:
0x0000c62c cmp r3, 1 |
| if (r3 != 1) {
0x0000c62e bne 0xc544 | goto label_0;
| }
0x0000c630 mov r2, r4 | r2 = r4;
0x0000c632 add r4, sp, 0x18 | r4 += var_18h;
0x0000c634 movs r3, 6 | r3 = 6;
0x0000c636 mov r1, r7 | r1 = r7;
0x0000c638 mov r0, r4 | r0 = r4;
0x0000c63a blx 0x8684 | r0 = fcn_00008684 ();
0x0000c63e cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c642 bne.w 0xc544 | goto label_0;
| }
0x0000c646 mov r0, r4 | r0 = r4;
0x0000c648 blx 0x8cc8 | r0 = fcn_00008cc8 ();
0x0000c64c cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c650 bne.w 0xc544 | goto label_0;
| }
0x0000c654 ldr r1, [sp, 0xc] | r1 = var_ch_2;
0x0000c656 movs r2, 8 | r2 = 8;
0x0000c658 mov r0, r4 | r0 = r4;
0x0000c65a blx 0x8e40 | r0 = snprintf_chk ()
0x0000c65e cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c662 bne.w 0xc544 | goto label_0;
| }
0x0000c664 add r7, sp, 0x1bc | r7 = sp + 0x1bc;
0x0000c666 ldr.w r2, [sp, 0x6e0] | r2 = *(arg_6e0h);
0x0000c66a mov r1, r6 | r1 = r6;
0x0000c66c mov r0, r4 | r0 = r4;
0x0000c66e blx 0x8e40 | r0 = snprintf_chk ()
0x0000c672 cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c676 bne.w 0xc544 | goto label_0;
| }
0x0000c67a adds r1, r5, 1 | r1 = r5 + 1;
0x0000c67c mov r0, r4 | r0 = r4;
0x0000c67e sub.w r2, r8, r1 | r2 = r8 - r1;
0x0000c682 blx 0x8e40 | r0 = snprintf_chk ()
0x0000c686 cmp.w r0, 0x5a5a5a5a |
0x0000c688 subs r7, 0x5a | r7 -= 0x5a;
| if (r7 != 0x5a) {
0x0000c68a bne.w 0xc544 | goto label_0;
| }
0x0000c68e mov r2, sl | r2 = sl;
0x0000c690 mov r1, sb | r1 = sb;
0x0000c692 mov r0, r4 | r0 = r4;
0x0000c694 blx 0x9174 | r0 = fcn_00009174 ();
0x0000c698 cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c69c bne.w 0xc544 | goto label_0;
| }
0x0000c6a0 mov r0, r4 | r0 = r4;
0x0000c6a2 blx 0x8ebc | fcn_00008ebc ();
0x0000c6a6 ldr r2, [sp, 8] | r2 = var_8h;
0x0000c6a8 mov r1, sb | r1 = sb;
0x0000c6aa mov r0, r8 | r0 = r8;
0x0000c6ac blx 0x92f8 | r0 = fcn_000092f8 ();
0x0000c6b0 subs r4, r0, 0 | r4 = r0 - 0;
0x0000c6b2 it ne |
| if (r4 == r0) {
0x0000c6b4 movne r4, 1 | r4 = 1;
| }
0x0000c6b6 b 0xc546 | goto label_1;
| label_5:
0x0000c6b8 mov r5, r2 | r5 = r2;
0x0000c6ba b 0xc62c | goto label_2;
| label_3:
0x0000c6bc blx 0x8b14 | fcn_00008b14 ();
0x0000c6c0 stm r3!, {r2, r7} | *(r3!) = r2;
| *((r3! + 4)) = r7;
0x0000c6c2 movs r0, r0 |
0x0000c6c4 lsls r4, r5, 0x1b | r4 = r5 << 0x1b;
0x0000c6c6 movs r0, r0 |
0x0000c6c8 stm r3!, {r2, r5} | *(r3!) = r2;
| *((r3! + 4)) = r5;
0x0000c6ca movs r0, r0 |
0x0000c6cc add r1, sp, 0x308 | r1 += arg_308h;
0x0000c6ce movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libsssapisw.so @ 0xc2d0 */
| #include <stdint.h>
|
; (fcn) sym.emsa_encode () | void emsa_encode (int16_t arg_1h, int16_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_bp_2h;
| int16_t var_0h_2;
| int16_t var_4h_3;
| int16_t var_ch;
| int16_t var_10h_2;
| int16_t var_14h_3;
| int16_t var_1ah;
| int16_t var_1ch;
| int16_t var_20h;
| int16_t var_50h;
| int16_t var_98h;
| int16_t var_e4h;
| int16_t var_e8h;
| int16_t var_124h;
| int16_t var_0h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x0000c2d0 svcmi 0xf0e92d | __asm ("svcmi aav.0x000000ff");
0x0000c2d4 mov r6, r2 | r6 = r2;
0x0000c2d6 sub sp, 0x12c |
0x0000c2d8 ldr r2, [pc, 0x1f4] |
0x0000c2da movs r7, 0 | r7 = 0;
0x0000c2dc mov r5, r0 | r5 = r0;
0x0000c2de str r3, [sp, 0xc] | var_ch = r3;
0x0000c2e0 mov r8, r1 | r8 = r1;
0x0000c2e2 ldr r3, [pc, 0x1f0] | r3 = *(0xc4d6);
0x0000c2e4 add r2, pc | r2 = 0x187b8;
0x0000c2e6 mov r1, r7 | r1 = r7;
0x0000c2e8 add r0, sp, 0xe8 | r0 += var_e8h;
0x0000c2ea add r4, sp, 0x98 | r4 += var_98h;
0x0000c2ec ldr.w sl, [sp, 0x150] | sl = var_0h;
0x0000c2f0 ldr r3, [r2, r3] |
0x0000c2f2 movs r2, 0x3c | r2 = 0x3c;
0x0000c2f4 add.w sb, sp, 0x1c | sb += var_1ch;
0x0000c2f8 ldr r3, [r3] | r3 = *(0x187b8);
0x0000c2fa str r3, [sp, 0x124] | var_124h = r3;
0x0000c2fc mov.w r3, 0 | r3 = 0;
0x0000c300 str r7, [sp, 0xe4] | var_e4h = r7;
0x0000c302 blx 0x8630 | fcn_00008630 ();
0x0000c306 mov.w r0, 0x200 | r0 = 0x200;
0x0000c30a movs r2, 0x4c | r2 = 0x4c;
0x0000c30c mov r1, r7 | r1 = r7;
0x0000c30e str.w r0, [sb] | __asm ("str.w r0, [sb]");
0x0000c312 mov r0, r4 | r0 = r4;
0x0000c314 strh.w r7, [sp, 0x1a] | var_1ah = r7;
0x0000c318 blx 0x8630 | fcn_00008630 ();
0x0000c31c mov r3, r7 | r3 = r7;
0x0000c31e mov r2, r7 | r2 = r7;
0x0000c320 mov.w r1, 0x102 | r1 = 0x102;
0x0000c324 mov r0, r4 | r0 = r4;
0x0000c326 str r7, [sp] | *(sp) = r7;
0x0000c328 blx 0x9358 | r0 = fcn_00009358 ();
0x0000c32c cmp.w r0, 0x5a5a5a5a |
0x0000c330 beq 0xc358 |
| while (r0 != fcn.00009000) {
| label_0:
0x0000c332 movs r5, 1 | r5 = 1;
| label_1:
0x0000c334 mov r0, r4 | r0 = r4;
0x0000c336 blx 0x8538 | fcn_00008538 ();
0x0000c33a ldr r2, [pc, 0x19c] |
0x0000c33c ldr r3, [pc, 0x194] | r3 = *(0xc4d4);
0x0000c33e add r2, pc | r2 = 0x1881c;
0x0000c340 ldr r3, [r2, r3] | r3 = imp.se05x_Transform_scp;
0x0000c342 ldr r2, [r3] | r2 = imp.se05x_Transform_scp;
0x0000c344 ldr r3, [sp, 0x124] | r3 = var_124h;
0x0000c346 eors r2, r3 | r2 ^= r3;
0x0000c348 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x0000c34c bne.w 0xc4cc | goto label_3;
| }
0x0000c350 mov r0, r5 | r0 = r5;
0x0000c352 add sp, 0x12c |
0x0000c354 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x0000c358 ldr r3, [r5, 4] | r3 = *((r5 + 4));
0x0000c35a add.w fp, sp, 0x1a |
0x0000c35e ldr r0, [r5] | r0 = *(r5);
0x0000c360 mov r2, fp | r2 = fp;
0x0000c362 ldr r1, [r3, 0xc] | r1 = *((r3 + 0xc));
0x0000c364 adds r0, 4 | r0 += 4;
0x0000c366 blx 0x93a0 | r0 = fcn_000093a0 ();
0x0000c36a cmp.w r0, 0x9000 |
0x0000c36e bne 0xc332 |
| }
0x0000c370 ldrh.w fp, [sp, 0x1a] | fp = var_1ah;
0x0000c374 ldr.w r3, [sl] | r3 = *(sl);
0x0000c378 cmp r3, fp |
| if (r3 <= fp) {
0x0000c37a blo 0xc332 | goto label_0;
| }
0x0000c37c ldr r3, [r5, 8] | r3 = *((r5 + 8));
0x0000c37e mvn r2, 0x800 | r2 = ~0x800;
0x0000c382 add r3, r2 | r3 += r2;
0x0000c384 cmp r3, 4 |
| if (r3 > 4) {
0x0000c386 bhi 0xc332 | goto label_0;
| }
| /* switch table (5 cases) at 0xc38c */
0x0000c388 tbb [pc, r3] | __asm ("tbb aav.0x000000ff");
0x0000c392 movw r3, 0x302 | r3 = 0x302;
0x0000c396 str r3, [sp, 0x10] | var_10h_2 = r3;
0x0000c398 movs r3, 0x1c | r3 = 0x1c;
0x0000c39a mov r7, r3 | r7 = r3;
| label_2:
0x0000c39c cmp r7, r6 |
| if (r7 != r6) {
0x0000c39e bne 0xc332 | goto label_0;
| }
0x0000c3a0 add r6, sp, 0x20 | r6 += var_20h;
0x0000c3a2 mov r1, r4 | r1 = r4;
0x0000c3a4 mov r0, r6 | r0 = r6;
0x0000c3a6 str.w fp, [sl] | __asm ("str.w fp, [sl]");
0x0000c3aa blx 0x80e0 | r0 = fcn_000080e0 ();
0x0000c3ae cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c3b2 bne 0xc332 | goto label_0;
| }
0x0000c3b4 add.w sl, sp, 0xe4 | sl += var_e4h;
0x0000c3b8 mov r0, r6 | r0 = r6;
0x0000c3ba mov r2, r7 | r2 = r7;
0x0000c3bc mov r1, sl | r1 = sl;
0x0000c3be blx 0x8544 | r0 = fcn_00008544 ();
0x0000c3c2 cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c3c6 bne 0xc332 | goto label_0;
| }
0x0000c3c8 ldr r0, [sp, 0xc] | r0 = var_ch;
0x0000c3ca sub.w r3, fp, 2 | r3 = fp - 2;
0x0000c3ce sub.w r3, r3, r7, lsl 1 | r3 -= (r7 << 1);
0x0000c3d2 movs r2, 1 | r2 = 1;
0x0000c3d4 mov r1, sl | r1 = sl;
0x0000c3d6 strb r2, [r0, r3] | *((r0 + r3)) = r2;
0x0000c3d8 add r3, r0 | r3 += r0;
0x0000c3da adds r6, r3, r2 | r6 = r3 + r2;
0x0000c3dc mov r2, r7 | r2 = r7;
0x0000c3de mov r0, r6 | r0 = r6;
0x0000c3e0 blx 0x8f40 | fcn_00008f40 ();
0x0000c3e4 add r3, sp, 0x50 | r3 += var_50h;
0x0000c3e6 ldr r2, [sp, 0x10] | r2 = var_10h_2;
0x0000c3e8 mov r0, r3 | r0 = r3;
0x0000c3ea str r3, [sp, 0x14] | var_14h_3 = r3;
0x0000c3ec mov r1, r4 | r1 = r4;
0x0000c3ee movs r3, 6 | r3 = 6;
0x0000c3f0 blx 0x8684 | r0 = fcn_00008684 ();
0x0000c3f4 cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c3f8 bne 0xc332 | goto label_0;
| }
0x0000c3fa ldr r0, [sp, 0x14] | r0 = var_14h_3;
0x0000c3fc blx 0x8cc8 | r0 = fcn_00008cc8 ();
0x0000c400 cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c404 bne 0xc332 | goto label_0;
| }
0x0000c406 add r6, r7 | r6 += r7;
0x0000c408 ldr r0, [sp, 0x14] | r0 = var_14h_3;
0x0000c40a movs r2, 8 | r2 = 8;
0x0000c40c mov r1, r6 | r1 = r6;
0x0000c40e blx 0x8e40 | r0 = snprintf_chk ()
0x0000c412 cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c416 bne 0xc332 | goto label_0;
| }
0x0000c418 ldr r0, [sp, 0x14] | r0 = var_14h_3;
0x0000c41a mov r1, r8 | r1 = r8;
0x0000c41c mov r2, r7 | r2 = r7;
0x0000c41e blx 0x8e40 | r0 = snprintf_chk ()
0x0000c422 cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c426 bne 0xc332 | goto label_0;
| }
0x0000c428 ldr r0, [sp, 0x14] | r0 = var_14h_3;
0x0000c42a mov r1, sl | r1 = sl;
0x0000c42c mov r2, r7 | r2 = r7;
0x0000c42e blx 0x8e40 | r0 = snprintf_chk ()
0x0000c432 cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c436 bne.w 0xc332 | goto label_0;
| }
0x0000c43a ldr r0, [sp, 0x14] | r0 = var_14h_3;
0x0000c43c mov r2, sb | r2 = sb;
0x0000c43e mov r1, r6 | r1 = r6;
0x0000c440 blx 0x9174 | r0 = fcn_00009174 ();
0x0000c444 cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c448 bne.w 0xc332 | goto label_0;
| }
0x0000c44c ldr r0, [sp, 0x14] | r0 = var_14h_3;
0x0000c44e mov r8, r7 | r8 = r7;
0x0000c450 blx 0x8ebc | fcn_00008ebc ();
0x0000c454 ldr r3, [sp, 0x10] | r3 = var_10h_2;
0x0000c456 add.w r1, fp, -1 | r1 = fp + -1;
0x0000c45a subs r1, r1, r7 | r1 -= r7;
0x0000c45c str r5, [sp, 4] | var_4h_3 = r5;
0x0000c45e mov r2, r6 | r2 = r6;
0x0000c460 str r3, [sp] | *(sp) = r3;
0x0000c462 mov r3, r7 | r3 = r7;
0x0000c464 ldr r7, [sp, 0xc] | r7 = var_ch;
0x0000c466 mov r0, r7 | r0 = r7;
0x0000c468 blx 0x8d90 | r0 = fcn_00008d90 ();
0x0000c46c mov r5, r0 | r5 = r0;
0x0000c46e cmp r0, 0 |
| if (r0 != 0) {
0x0000c470 bne.w 0xc332 | goto label_0;
| }
0x0000c474 ldrb r3, [r7] | r3 = *(r7);
0x0000c476 and r3, r3, 0x7f | r3 &= 0x7f;
0x0000c47a strb r3, [r7] | *(r7) = r3;
0x0000c47c movs r3, 0xbc | r3 = 0xbc;
0x0000c47e strb.w r3, [r6, r8] | *((r6 + r8)) = r3;
0x0000c482 b 0xc334 | goto label_1;
0x0000c484 movw r3, 0x301 | r3 = 0x301;
0x0000c488 str r3, [sp, 0x10] | var_10h_2 = r3;
0x0000c48a movs r3, 0x14 | r3 = 0x14;
0x0000c48c mov r7, r3 | r7 = r3;
0x0000c48e b 0xc39c | goto label_2;
0x0000c490 cmp.w fp, 0x80 |
| if (fp < 0x80) {
0x0000c494 bls.w 0xc332 | goto label_0;
| }
0x0000c498 movw r3, 0x305 | r3 = 0x305;
0x0000c49c str r3, [sp, 0x10] | var_10h_2 = r3;
0x0000c49e movs r3, 0x40 | r3 = 0x40;
0x0000c4a0 mov r7, r3 | r7 = r3;
0x0000c4a2 b 0xc39c | goto label_2;
0x0000c4a4 cmp.w fp, 0x40 |
| if (fp < 0x40) {
0x0000c4a8 bls.w 0xc332 | goto label_0;
| }
0x0000c4ac mov.w r3, 0x304 | r3 = 0x304;
0x0000c4b0 str r3, [sp, 0x10] | var_10h_2 = r3;
0x0000c4b2 movs r3, 0x30 | r3 = 0x30;
0x0000c4b4 mov r7, r3 | r7 = r3;
0x0000c4b6 b 0xc39c | goto label_2;
0x0000c4b8 cmp.w fp, 0x40 |
| if (fp < 0x40) {
0x0000c4bc bls.w 0xc332 | goto label_0;
| }
0x0000c4c0 movw r3, 0x303 | r3 = 0x303;
0x0000c4c4 str r3, [sp, 0x10] | var_10h_2 = r3;
0x0000c4c6 movs r3, 0x20 | r3 = 0x20;
0x0000c4c8 mov r7, r3 | r7 = r3;
0x0000c4ca b 0xc39c | goto label_2;
| label_3:
0x0000c4cc blx 0x8b14 | fcn_00008b14 ();
0x0000c4d0 stm r5!, {r4, r7} | *(r5!) = r4;
| *((r5! + 4)) = r7;
0x0000c4d2 movs r0, r0 |
0x0000c4d4 lsls r4, r5, 0x1b | r4 = r5 << 0x1b;
0x0000c4d6 movs r0, r0 |
0x0000c4d8 stm r5!, {r1, r2, r4, r5} | *(r5!) = r1;
| *((r5! + 4)) = r2;
| *((r5! + 8)) = r4;
| *((r5! + 12)) = r5;
0x0000c4da movs r0, r0 |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/lib/libsssapisw.so @ 0xc188 */
| #include <stdint.h>
|
; (fcn) sym.sss_mgf_mask_func () | void sss_mgf_mask_func (int16_t arg1, int16_t arg2, int16_t arg3, int16_t arg4) {
| int16_t var_0h;
| int16_t var_8h_2;
| int16_t var_ch_3;
| int16_t var_10h;
| int16_t var_14h;
| int16_t var_a8h;
| int16_t var_abh;
| int16_t var_ach;
| int16_t var_ech;
| int16_t var_118h;
| r0 = arg1;
| r1 = arg2;
| r2 = arg3;
| r3 = arg4;
0x0000c188 svcmi 0xf0e92d | __asm ("svcmi aav.0x000000ff");
0x0000c18c mov sl, r2 | sl = r2;
0x0000c18e ldr r2, [pc, 0x134] |
0x0000c190 mov r8, r3 | r8 = r3;
0x0000c192 sub sp, 0xf4 |
0x0000c194 mov.w r6, 0x200 | r6 = 0x200;
0x0000c198 ldr r3, [pc, 0x12c] | r3 = *(0xc2c8);
0x0000c19a add.w fp, sp, 0x5c |
0x0000c19e add r2, pc | r2 = 0x18468;
0x0000c1a0 mov r4, r0 | r4 = r0;
0x0000c1a2 mov r5, r1 | r5 = r1;
0x0000c1a4 mov r0, fp | r0 = fp;
0x0000c1a6 ldr r3, [r2, r3] |
0x0000c1a8 movs r1, 0 | r1 = 0;
0x0000c1aa add.w sb, sp, 0xac | sb += var_ach;
0x0000c1ae movs r2, 0x4c | r2 = 0x4c;
0x0000c1b0 ldr r3, [r3] | r3 = *(0x18468);
0x0000c1b2 str r3, [sp, 0xec] | var_ech = r3;
0x0000c1b4 mov.w r3, 0 | r3 = 0;
0x0000c1b8 str r6, [sp, 0x10] | var_10h = r6;
0x0000c1ba blx 0x8630 | fcn_00008630 ();
0x0000c1be movs r2, 0x40 | r2 = 0x40;
0x0000c1c0 movs r1, 0 | r1 = 0;
0x0000c1c2 mov r0, sb | r0 = sb;
0x0000c1c4 blx 0x8630 | fcn_00008630 ();
0x0000c1c8 movs r3, 0 | r3 = 0;
0x0000c1ca mov.w r1, 0x102 | r1 = 0x102;
0x0000c1ce mov r2, r3 | r2 = r3;
0x0000c1d0 mov r0, fp | r0 = fp;
0x0000c1d2 str r3, [sp] | *(sp) = r3;
0x0000c1d4 str r3, [sp, 0xa8] | var_a8h = r3;
0x0000c1d6 blx 0x9358 | r0 = fcn_00009358 ();
0x0000c1da cmp.w r0, 0x5a5a5a5a |
0x0000c1de beq 0xc204 |
| while (r0 != 0x5a5a5a5a) {
| label_1:
0x0000c1e0 movs r4, 1 | r4 = 1;
| label_2:
0x0000c1e2 mov r0, fp | r0 = fp;
0x0000c1e4 blx 0x8538 | fcn_00008538 ();
0x0000c1e8 ldr r2, [pc, 0xe0] |
0x0000c1ea ldr r3, [pc, 0xdc] | r3 = *(0xc2ca);
0x0000c1ec add r2, pc | r2 = 0x184bc;
0x0000c1ee ldr r3, [r2, r3] | r3 = *(0x184bc);
0x0000c1f0 ldr r2, [r3] | r2 = *(0x184bc);
0x0000c1f2 ldr r3, [sp, 0xec] | r3 = var_ech;
0x0000c1f4 eors r2, r3 | r2 ^= r3;
0x0000c1f6 mov.w r3, 0 | r3 = 0;
| if (r2 != r3) {
0x0000c1fa bne 0xc2be | goto label_3;
| }
0x0000c1fc mov r0, r4 | r0 = r4;
0x0000c1fe add sp, 0xf4 |
0x0000c200 pop.w {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x0000c204 add r7, sp, 0x14 | r7 += var_14h;
0x0000c206 ldr r2, [sp, 0x118] | r2 = var_118h;
0x0000c208 movs r3, 6 | r3 = 6;
0x0000c20a mov r1, fp | r1 = fp;
0x0000c20c mov r0, r7 | r0 = r7;
0x0000c20e blx 0x8684 | r0 = fcn_00008684 ();
0x0000c212 cmp.w r0, 0x5a5a5a5a |
0x0000c216 bne 0xc1e0 |
| }
0x0000c218 cmp r5, 0 |
| if (r5 == 0) {
0x0000c21a beq 0xc2b4 | goto label_4;
| }
0x0000c21c add r3, sp, 0xa8 | r3 += var_a8h;
0x0000c21e add r2, sp, 0x10 | r2 += var_10h;
0x0000c220 strd r2, fp, [sp, 8] | __asm ("strd r2, fp, [sp, 8]");
0x0000c224 mov fp, r3 |
| label_0:
0x0000c226 mov r0, r7 | r0 = r7;
0x0000c228 mov r6, r8 | r6 = r8;
0x0000c22a blx 0x8cc8 | fcn_00008cc8 ();
0x0000c22e cmp r8, r5 |
0x0000c230 it hs |
| if (r8 < r5) {
0x0000c232 movhs r6, r5 | r6 = r5;
| }
0x0000c234 cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c238 bne 0xc2aa | goto label_5;
| }
0x0000c23a mov r2, r8 | r2 = r8;
0x0000c23c mov r1, sl | r1 = sl;
0x0000c23e mov r0, r7 | r0 = r7;
0x0000c240 blx 0x8e40 | r0 = snprintf_chk ()
0x0000c244 cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c248 bne 0xc2aa | goto label_5;
| }
0x0000c24a movs r2, 4 | r2 = 4;
0x0000c24c mov r1, fp | r1 = fp;
0x0000c24e mov r0, r7 | r0 = r7;
0x0000c250 blx 0x8e40 | r0 = snprintf_chk ()
0x0000c254 cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c258 bne 0xc2aa | goto label_5;
| }
0x0000c25a ldr r2, [sp, 8] | r2 = var_8h_2;
0x0000c25c mov r1, sb | r1 = sb;
0x0000c25e mov r0, r7 | r0 = r7;
0x0000c260 blx 0x9174 | r0 = fcn_00009174 ();
0x0000c264 cmp.w r0, 0x5a5a5a5a |
| if (r0 != 0x5a5a5a5a) {
0x0000c268 bne 0xc2aa | goto label_5;
| }
| if (r6 == 0) {
0x0000c26a cbz r6, 0xc29a | goto label_6;
| }
0x0000c26c mov r1, sb | r1 = sb;
0x0000c26e add.w ip, r4, r6 |
| do {
0x0000c272 ldrb r2, [r4], 1 | r2 = *(r4);
| r4++;
0x0000c276 ldrb r3, [r1], 1 | r3 = *(r1);
| r1++;
0x0000c27a cmp ip, r4 |
0x0000c27c eor.w r3, r3, r2 | r3 ^= r2;
0x0000c280 strb r3, [r4, -0x1] | *((r4 - 0x1)) = r3;
0x0000c284 bne 0xc272 |
| } while (ip != r4);
0x0000c286 ldrb.w r3, [sp, 0xab] | r3 = var_abh;
0x0000c28a subs r5, r5, r6 | r5 -= r6;
0x0000c28c add.w r3, r3, 1 | r3++;
0x0000c290 strb.w r3, [sp, 0xab] | var_abh = r3;
| if (r5 != r5) {
0x0000c294 beq 0xc2b0 |
0x0000c296 mov r4, ip | r4 = ip;
0x0000c298 b 0xc226 | goto label_0;
| label_6:
0x0000c29a ldrb.w r3, [sp, 0xab] | r3 = var_abh;
0x0000c29e mov ip, r4 |
0x0000c2a0 mov r4, ip | r4 = ip;
0x0000c2a2 adds r3, 1 | r3++;
0x0000c2a4 strb.w r3, [sp, 0xab] | var_abh = r3;
0x0000c2a8 b 0xc226 | goto label_0;
| label_5:
0x0000c2aa ldr.w fp, [sp, 0xc] | fp = var_ch_3;
0x0000c2ae b 0xc1e0 | goto label_1;
| }
0x0000c2b0 ldr.w fp, [sp, 0xc] | fp = var_ch_3;
| label_4:
0x0000c2b4 mov r0, r7 | r0 = r7;
0x0000c2b6 movs r4, 0 | r4 = 0;
0x0000c2b8 blx 0x8ebc | fcn_00008ebc ();
0x0000c2bc b 0xc1e2 | goto label_2;
| label_3:
0x0000c2be blx 0x8b14 | fcn_00008b14 ();
0x0000c2c2 nop |
0x0000c2c4 stm r6!, {r1, r2, r4, r6, r7} | *(r6!) = r1;
| *((r6! + 4)) = r2;
| *((r6! + 8)) = r4;
| *((r6! + 12)) = r6;
| *((r6! + 16)) = r7;
0x0000c2c6 movs r0, r0 |
0x0000c2c8 lsls r4, r5, 0x1b | r4 = r5 << 0x1b;
0x0000c2ca movs r0, r0 |
0x0000c2cc stm r6!, {r3, r7} | *(r6!) = r3;
| *((r6! + 4)) = r7;
0x0000c2ce movs r0, r0 |
| }
[*] Function printf used 9 times libsssapisw.so
