[*] Binary protection state of nandwrite

  
  	Partial RELRO  No Canary found   NX disabled  No PIE       No RPATH     No RUNPATH   No Symbols



[*] Function sprintf tear down of nandwrite




   11f2c:	e5904000 	ldr	r4, [r0]


   11f30:	e5960000 	ldr	r0, [r6]


   11f34:	ebfffade 	bl	10ab4 <fprintf@plt>


   11f38:	e5965000 	ldr	r5, [r6]


   11f3c:	e1a00004 	mov	r0, r4


   11f40:	ebfffab4 	bl	10a18 <strerror@plt>


   11f44:	e58d4000 	str	r4, [sp]


   11f48:	e59f308c 	ldr	r3, [pc, #140]	; 11fdc <free@plt+0x1408>


   11f4c:	e3a02008 	mov	r2, #8


   11f50:	e59f1088 	ldr	r1, [pc, #136]	; 11fe0 <free@plt+0x140c>


   11f54:	e58d0004 	str	r0, [sp, #4]


   11f58:	e1a00005 	mov	r0, r5


   11f5c:	eaffffc6 	b	11e7c <free@plt+0x12a8>


   11f60:	e3e06000 	mvn	r6, #0


   11f64:	eaffffe7 	b	11f08 <free@plt+0x1334>


   11f68:	e3760001 	cmn	r6, #1


   11f6c:	0affffda 	beq	11edc <free@plt+0x1308>


   11f70:	e1a02006 	mov	r2, r6


   11f74:	e595100c 	ldr	r1, [r5, #12]


   11f78:	e1a00007 	mov	r0, r7


   11f7c:	ebfffaf0 	bl	10b44 <sprintf@plt>


   11f80:	e3a01702 	mov	r1, #524288	; 0x80000


   11f84:	e1a00007 	mov	r0, r7


--


   12320:	00015b34 	andeq	r5, r1, r4, lsr fp


   12324:	00016156 	andeq	r6, r1, r6, asr r1


   12328:	00015a1b 	andeq	r5, r1, fp, lsl sl


   1232c:	000161bb 			; <UNDEFINED> instruction: 0x000161bb


   12330:	000161e7 	andeq	r6, r1, r7, ror #3


   12334:	00016116 	andeq	r6, r1, r6, lsl r1


   12338:	e92d48f0 	push	{r4, r5, r6, r7, fp, lr}


   1233c:	e28db014 	add	fp, sp, #20


   12340:	e24dd018 	sub	sp, sp, #24


   12344:	e1a07001 	mov	r7, r1


   12348:	e1a06000 	mov	r6, r0


   1234c:	e1a05002 	mov	r5, r2


   12350:	ebfffa0a 	bl	10b80 <strlen@plt>


   12354:	e1a02007 	mov	r2, r7


   12358:	e1a01006 	mov	r1, r6


   1235c:	e2800039 	add	r0, r0, #57	; 0x39


   12360:	e3c00007 	bic	r0, r0, #7


   12364:	e04dd000 	sub	sp, sp, r0


   12368:	e28d4010 	add	r4, sp, #16


   1236c:	e1a00004 	mov	r0, r4


   12370:	ebfff9f3 	bl	10b44 <sprintf@plt>


   12374:	e24b101c 	sub	r1, fp, #28


   12378:	e1a00004 	mov	r0, r4


--


   127b8:	0001609d 	muleq	r1, sp, r0


   127bc:	000163f5 	strdeq	r6, [r1], -r5


   127c0:	000161e6 	andeq	r6, r1, r6, ror #3


   127c4:	00015b34 	andeq	r5, r1, r4, lsr fp


   127c8:	e92d49f0 	push	{r4, r5, r6, r7, r8, fp, lr}


   127cc:	e28db018 	add	fp, sp, #24


   127d0:	e24dd044 	sub	sp, sp, #68	; 0x44


   127d4:	e5907000 	ldr	r7, [r0]


   127d8:	e1a08001 	mov	r8, r1


   127dc:	e1a00007 	mov	r0, r7


   127e0:	e1a06003 	mov	r6, r3


   127e4:	e1a05002 	mov	r5, r2


   127e8:	ebfff8e4 	bl	10b80 <strlen@plt>


   127ec:	e1a02008 	mov	r2, r8


   127f0:	e1a01007 	mov	r1, r7


   127f4:	e2800039 	add	r0, r0, #57	; 0x39


   127f8:	e3c00007 	bic	r0, r0, #7


   127fc:	e04dd000 	sub	sp, sp, r0


   12800:	e28d4008 	add	r4, sp, #8


   12804:	e1a00004 	mov	r0, r4


   12808:	ebfff8cd 	bl	10b44 <sprintf@plt>


   1280c:	e3a02032 	mov	r2, #50	; 0x32


   12810:	e24b1050 	sub	r1, fp, #80	; 0x50


--


   12e80:	e1a05001 	mov	r5, r1


   12e84:	e3130001 	tst	r3, #1


   12e88:	1a000006 	bne	12ea8 <free@plt+0x22d4>


   12e8c:	e1a00001 	mov	r0, r1


   12e90:	eb00062b 	bl	14744 <free@plt+0x3b70>


   12e94:	e2400001 	sub	r0, r0, #1


   12e98:	e16f0f10 	clz	r0, r0


   12e9c:	e1a002a0 	lsr	r0, r0, #5


   12ea0:	e24bd010 	sub	sp, fp, #16


   12ea4:	e8bd8870 	pop	{r4, r5, r6, fp, pc}


   12ea8:	e5904004 	ldr	r4, [r0, #4]


   12eac:	e1a0600d 	mov	r6, sp


   12eb0:	e1a00004 	mov	r0, r4


   12eb4:	ebfff731 	bl	10b80 <strlen@plt>


   12eb8:	e1a02005 	mov	r2, r5


   12ebc:	e1a01004 	mov	r1, r4


   12ec0:	e2800011 	add	r0, r0, #17


   12ec4:	e3c00007 	bic	r0, r0, #7


   12ec8:	e04dd000 	sub	sp, sp, r0


   12ecc:	e1a0000d 	mov	r0, sp


   12ed0:	ebfff71b 	bl	10b44 <sprintf@plt>


   12ed4:	e1a0000d 	mov	r0, sp


   12ed8:	e24b107c 	sub	r1, fp, #124	; 0x7c


--


   12fb0:	e2843008 	add	r3, r4, #8


   12fb4:	e1a02006 	mov	r2, r6


   12fb8:	e1a01005 	mov	r1, r5


   12fbc:	e2870008 	add	r0, r7, #8


   12fc0:	ebfffe00 	bl	127c8 <free@plt+0x1bf4>


   12fc4:	e250a000 	subs	sl, r0, #0


   12fc8:	1affffec 	bne	12f80 <free@plt+0x23ac>


   12fcc:	e597800c 	ldr	r8, [r7, #12]


   12fd0:	e1a0900d 	mov	r9, sp


   12fd4:	e1a00008 	mov	r0, r8


   12fd8:	ebfff6e8 	bl	10b80 <strlen@plt>


   12fdc:	e1a02005 	mov	r2, r5


   12fe0:	e1a01008 	mov	r1, r8


   12fe4:	e2846051 	add	r6, r4, #81	; 0x51


   12fe8:	e280006b 	add	r0, r0, #107	; 0x6b


   12fec:	e3c00007 	bic	r0, r0, #7


   12ff0:	e04dd000 	sub	sp, sp, r0


   12ff4:	e28d3010 	add	r3, sp, #16


   12ff8:	e1a00003 	mov	r0, r3


   12ffc:	e50b3068 	str	r3, [fp, #-104]	; 0xffffff98


   13000:	ebfff6cf 	bl	10b44 <sprintf@plt>


   13004:	e51b3068 	ldr	r3, [fp, #-104]	; 0xffffff98


   13008:	e3a02080 	mov	r2, #128	; 0x80


   1300c:	e1a01006 	mov	r1, r6


   13010:	e1a00003 	mov	r0, r3


   13014:	ebfffbf5 	bl	11ff0 <free@plt+0x141c>


   13018:	e1a0d009 	mov	sp, r9


   1301c:	e3500000 	cmp	r0, #0


   13020:	baffffd6 	blt	12f80 <free@plt+0x23ac>


   13024:	e0866000 	add	r6, r6, r0


   13028:	e546a001 	strb	sl, [r6, #-1]


   1302c:	e5976010 	ldr	r6, [r7, #16]


   13030:	e2848010 	add	r8, r4, #16


   13034:	e1a00006 	mov	r0, r6


   13038:	ebfff6d0 	bl	10b80 <strlen@plt>


   1303c:	e1a02005 	mov	r2, r5


   13040:	e1a01006 	mov	r1, r6


   13044:	e280006b 	add	r0, r0, #107	; 0x6b


   13048:	e3c00007 	bic	r0, r0, #7


   1304c:	e04dd000 	sub	sp, sp, r0


   13050:	e28d3010 	add	r3, sp, #16


   13054:	e1a00003 	mov	r0, r3


   13058:	e50b3068 	str	r3, [fp, #-104]	; 0xffffff98


   1305c:	ebfff6b8 	bl	10b44 <sprintf@plt>


   13060:	e51b3068 	ldr	r3, [fp, #-104]	; 0xffffff98


   13064:	e3a02041 	mov	r2, #65	; 0x41


--


   13078:	e3500000 	cmp	r0, #0


   1307c:	baffffbf 	blt	12f80 <free@plt+0x23ac>


   13080:	e0880000 	add	r0, r8, r0


   13084:	e540a001 	strb	sl, [r0, #-1]


   13088:	e28420e4 	add	r2, r4, #228	; 0xe4


   1308c:	e1a01005 	mov	r1, r5


   13090:	e5970014 	ldr	r0, [r7, #20]


   13094:	ebfffca7 	bl	12338 <free@plt+0x1764>


   13098:	e3500000 	cmp	r0, #0


   1309c:	1affffb7 	bne	12f80 <free@plt+0x23ac>


   130a0:	e597a018 	ldr	sl, [r7, #24]


   130a4:	e1a0000a 	mov	r0, sl


   130a8:	ebfff6b4 	bl	10b80 <strlen@plt>


   130ac:	e1a02005 	mov	r2, r5


   130b0:	e1a0100a 	mov	r1, sl


   130b4:	e2800039 	add	r0, r0, #57	; 0x39


   130b8:	e3c00007 	bic	r0, r0, #7


   130bc:	e04dd000 	sub	sp, sp, r0


   130c0:	e28d6010 	add	r6, sp, #16


   130c4:	e1a00006 	mov	r0, r6


   130c8:	ebfff69d 	bl	10b44 <sprintf@plt>


   130cc:	e28410d8 	add	r1, r4, #216	; 0xd8


   130d0:	e1a00006 	mov	r0, r6


--


   13150:	b3a03000 	movlt	r3, #0


   13154:	a58400f4 	strge	r0, [r4, #244]	; 0xf4


   13158:	b58430f4 	strlt	r3, [r4, #244]	; 0xf4


   1315c:	e28420f8 	add	r2, r4, #248	; 0xf8


   13160:	e1a01005 	mov	r1, r5


   13164:	e597002c 	ldr	r0, [r7, #44]	; 0x2c


   13168:	ebfffc72 	bl	12338 <free@plt+0x1764>


   1316c:	e2506000 	subs	r6, r0, #0


   13170:	1affff82 	bne	12f80 <free@plt+0x23ac>


   13174:	e5977030 	ldr	r7, [r7, #48]	; 0x30


   13178:	e1a0a00d 	mov	sl, sp


   1317c:	e1a00007 	mov	r0, r7


   13180:	ebfff67e 	bl	10b80 <strlen@plt>


   13184:	e1a02005 	mov	r2, r5


   13188:	e1a01007 	mov	r1, r7


   1318c:	e2800039 	add	r0, r0, #57	; 0x39


   13190:	e3c00007 	bic	r0, r0, #7


   13194:	e04dd000 	sub	sp, sp, r0


   13198:	e28d9010 	add	r9, sp, #16


   1319c:	e1a00009 	mov	r0, r9


   131a0:	ebfff667 	bl	10b44 <sprintf@plt>


   131a4:	e3a01702 	mov	r1, #524288	; 0x80000


   131a8:	e1a00009 	mov	r0, r9


--


   14964:	e58d0004 	str	r0, [sp, #4]


   14968:	e1a00007 	mov	r0, r7


   1496c:	ebfff050 	bl	10ab4 <fprintf@plt>


   14970:	e1a00004 	mov	r0, r4


   14974:	ebfff090 	bl	10bbc <close@plt>


   14978:	e1a04006 	mov	r4, r6


   1497c:	eaffffb9 	b	14868 <free@plt+0x3c94>


   14980:	000270d0 	ldrdeq	r7, [r2], -r0


   14984:	0001609d 	muleq	r1, sp, r0


   14988:	000160a4 	andeq	r6, r1, r4, lsr #1


   1498c:	000161e6 	andeq	r6, r1, r6, ror #3


   14990:	00015b34 	andeq	r5, r1, r4, lsr fp


   14994:	00016572 	andeq	r6, r1, r2, ror r5


   14998:	81484d11 	cmphi	r8, r1, lsl sp


   1499c:	00016a17 	andeq	r6, r1, r7, lsl sl


   149a0:	e52de004 	push	{lr}		; (str lr, [sp, #-4]!)


   149a4:	e59f101c 	ldr	r1, [pc, #28]	; 149c8 <free@plt+0x3df4>


   149a8:	e24dd024 	sub	sp, sp, #36	; 0x24


   149ac:	e1a02000 	mov	r2, r0


   149b0:	e1a0000d 	mov	r0, sp


   149b4:	ebfff062 	bl	10b44 <sprintf@plt>


   149b8:	e1a0000d 	mov	r0, sp


   149bc:	ebffff8f 	bl	14800 <free@plt+0x3c2c>


--


   14e80:	00016b21 	andeq	r6, r1, r1, lsr #22


   14e84:	00016b4a 	andeq	r6, r1, sl, asr #22


   14e88:	00016b83 	andeq	r6, r1, r3, lsl #23


   14e8c:	00016bb9 			; <UNDEFINED> instruction: 0x00016bb9


   14e90:	00016be6 	andeq	r6, r1, r6, ror #23


   14e94:	0001653b 	andeq	r6, r1, fp, lsr r5


   14e98:	000169c2 	andeq	r6, r1, r2, asr #19


   14e9c:	00016c1e 	andeq	r6, r1, lr, lsl ip


   14ea0:	00016526 	andeq	r6, r1, r6, lsr #10


   14ea4:	00016522 	andeq	r6, r1, r2, lsr #10


   14ea8:	0001651d 	andeq	r6, r1, sp, lsl r5


   14eac:	00016519 	andeq	r6, r1, r9, lsl r5


   14eb0:	00016531 	andeq	r6, r1, r1, lsr r5


   14eb4:	0001653f 	andeq	r6, r1, pc, lsr r5


   14eb8:	e92d4010 	push	{r4, lr}


   14ebc:	e24dd020 	sub	sp, sp, #32


   14ec0:	e1a02000 	mov	r2, r0


   14ec4:	e1a04001 	mov	r4, r1


   14ec8:	e1a0000d 	mov	r0, sp


   14ecc:	e59f1014 	ldr	r1, [pc, #20]	; 14ee8 <free@plt+0x4314>


   14ed0:	ebffef1b 	bl	10b44 <sprintf@plt>


   14ed4:	e1a01004 	mov	r1, r4


   14ed8:	e1a0000d 	mov	r0, sp






[*] Function sprintf used 10 times nandwrite