[*] Binary protection state of ubicrc32
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function printf tear down of ubicrc32
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubicrc32 @ 0x10610 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main (int32_t argc, char ** argv) {
| int32_t var_0h;
| int32_t var_4h;
| void * ptr;
| int32_t var_1000h;
| int32_t var_ch;
| r0 = argc;
| r1 = argv;
| /* [10] -r-x section size 908 named .text */
0x00010610 push {r4, r5, r6, r7, r8, sb, lr} |
0x00010614 ldr r6, [pc, 0x1f0] | r6 = *(0x10808);
0x00010618 sub sp, sp, 0x1000 |
0x0001061c sub sp, sp, 0xc |
0x00010620 mov r7, 0 | r7 = 0;
0x00010624 ldr r5, [r6] | r5 = *(0x10808);
0x00010628 ldr r3, [pc, 0x1e0] | r3 = stdin;
0x0001062c str r7, [sp] | *(sp) = r7;
0x00010630 ldr r2, [pc, 0x1dc] | r2 = "help";
0x00010634 mov sb, r0 | sb = r0;
0x00010638 mov r8, r1 | r8 = r1;
0x0001063c bl 0x1055c | r0 = getopt_long ();
0x00010640 cmn r0, 1 |
0x00010644 mov r4, r0 | r4 = r0;
| if (r0 == 1) {
0x00010648 bne 0x106bc |
0x0001064c ldr r3, [pc, 0x1c4] |
0x00010650 ldr r3, [r3] | r3 = "hV";
0x00010654 cmp r3, sb |
| if (r3 >= sb) {
0x00010658 bge 0x10804 | goto label_5;
| }
0x0001065c ldr r1, [pc, 0x1b8] | r1 = optind;
0x00010660 ldr r0, [r8, r3, lsl 2] | offset_0 = r3 << 2;
| r0 = *((r8 + offset_0));
0x00010664 bl 0x10604 | r0 = fopen64 ();
0x00010668 subs r5, r0, 0 | r5 = r0 - 0;
| if (r5 != r0) {
0x0001066c bne 0x10804 | goto label_5;
| }
0x00010670 bl 0x105d4 | errno_location ();
0x00010674 ldr r6, [pc, 0x1a4] |
0x00010678 ldr r3, [r8, 4] | r3 = *((r8 + 4));
0x0001067c ldr r2, [pc, 0x1a0] | r2 = stderr;
0x00010680 ldr r1, [pc, 0x1a0] | r1 = "ubicrc32";
0x00010684 ldr r5, [r0] | r5 = *(r0);
0x00010688 ldr r0, [r6] | r0 = *(0x1081c);
0x0001068c bl 0x1058c | fprintf (r0, "ubicrc32", r2, r3, r4, r5, r6)
0x00010690 mov r0, r5 | r0 = r5;
0x00010694 ldr r6, [r6] | r6 = *(0x1081c);
0x00010698 bl 0x10550 | strerror (r0);
0x0001069c str r5, [sp] | *(sp) = r5;
0x000106a0 ldr r3, [pc, 0x184] | r3 = "%s: error!: cannot open \"%s\"\n";
0x000106a4 mov r2, 0xa | r2 = 0xa;
0x000106a8 ldr r1, [pc, 0x180] | r1 = *(0x1082c);
0x000106ac str r0, [sp, 4] | var_4h = r0;
0x000106b0 mov r0, r6 | r0 = r6;
0x000106b4 bl 0x1058c | fprintf (r0, r1, r2, "%s: error!: cannot open \"%s\"\n", r4, r5)
0x000106b8 b 0x106ec |
| } else {
0x000106bc cmp r0, 0x56 |
| if (r0 == 0x56) {
0x000106c0 beq 0x10724 | goto label_6;
| }
0x000106c4 cmp r0, 0x68 |
| if (r0 == 0x68) {
0x000106c8 beq 0x106fc | goto label_7;
| }
0x000106cc cmp r0, 0x3a |
0x000106d0 ldr r3, [pc, 0x148] | r3 = *(0x1081c);
| if (r0 != 0x3a) {
0x000106d4 bne 0x10738 | goto label_8;
| }
0x000106d8 ldr r2, [pc, 0x144] | r2 = stderr;
0x000106dc ldr r1, [pc, 0x150] | r1 = "%*serror %d (%s)\n";
0x000106e0 ldr r0, [r3] | r0 = *(r3);
0x000106e4 bl 0x1058c | fprintf (r0, "%*serror %d (%s)\n", r2)
| label_0:
0x000106e8 mvn r4, 0 | r4 = ~0;
| }
| label_1:
0x000106ec mov r0, r4 | r0 = r4;
0x000106f0 add sp, sp, 0x1000 |
0x000106f4 add sp, sp, 0xc |
0x000106f8 pop {r4, r5, r6, r7, r8, sb, pc} |
| label_7:
0x000106fc ldr r1, [pc, 0x134] | r1 = "_s:_error_:_parameter_is_missing";
0x00010700 ldr r0, [pc, 0x134] | r0 = "ubicrc32_version_2.1.0___a_tool_to_calculate_CRC32_with_UBI_start_value__0xFFFFFFFF_";
0x00010704 bl 0x10544 | printf ("ubicrc32_version_2.1.0___a_tool_to_calculate_CRC32_with_UBI_start_value__0xFFFFFFFF_", "_s:_error_:_parameter_is_missing")
0x00010708 ldr r1, [pc, 0x130] | r1 = "%s\n\n";
0x0001070c ldr r0, [pc, 0x128] | r0 = "ubicrc32_version_2.1.0___a_tool_to_calculate_CRC32_with_UBI_start_value__0xFFFFFFFF_";
0x00010710 bl 0x10544 | printf ("ubicrc32_version_2.1.0___a_tool_to_calculate_CRC32_with_UBI_start_value__0xFFFFFFFF_", "%s\n\n")
0x00010714 ldr r0, [pc, 0x128] | r0 = "Usage: ubicrc32 <file to calculate CRC32 for> [-h] [--help]";
0x00010718 bl 0x10568 | puts ("Usage: ubicrc32 <file to calculate CRC32 for> [-h] [--help]");
| do {
0x0001071c mov r0, r7 | r0 = r7;
0x00010720 bl 0x105e0 | exit (r0);
| label_6:
0x00010724 ldr r2, [pc, 0x11c] | r2 = "-h, --help print help message\n-V, --version print program version";
0x00010728 ldr r1, [pc, 0xf4] | r1 = stderr;
0x0001072c ldr r0, [pc, 0x118] | r0 = "_.1.0";
0x00010730 bl 0x10544 | printf ("_.1.0", r1, "-h, --help print help message\n-V, --version print program version")
0x00010734 b 0x1071c |
| } while (1);
| label_8:
0x00010738 ldr r1, [r3] | r1 = *(r3);
0x0001073c ldr r0, [pc, 0x10c] | r0 = "%s (mtd-utils) %s\n";
0x00010740 bl 0x105ec | fputs ("%s (mtd-utils) %s\n", r1);
0x00010744 b 0x106e8 | goto label_0;
| label_2:
0x00010748 mov r3, r5 | r3 = r5;
0x0001074c mov r2, 0x1000 | r2 = 0x1000;
0x00010750 mov r1, 1 | r1 = 1;
0x00010754 add r0, sp, 8 | r0 += ptr;
0x00010758 bl 0x105b0 | r0 = fread (r0, r1, r2, r3);
0x0001075c mov r8, r0 | r8 = r0;
0x00010760 mov r0, r5 | r0 = r5;
0x00010764 bl 0x105a4 | r0 = ferror (r0);
0x00010768 cmp r0, 0 |
| if (r0 == 0) {
0x0001076c beq 0x107cc | goto label_9;
| }
0x00010770 bl 0x105d4 | errno_location ();
0x00010774 ldr r8, [pc, 0xa4] |
0x00010778 ldr r2, [pc, 0xa4] | r2 = stderr;
0x0001077c ldr r1, [pc, 0xd0] | r1 = "Use__h_for_help";
0x00010780 ldr r7, [r0] | r7 = *(r0);
0x00010784 ldr r0, [r8] | r0 = *(0x1081c);
0x00010788 bl 0x1058c | fprintf (r0, "Use__h_for_help", r2)
0x0001078c mov r0, r7 | r0 = r7;
0x00010790 ldr r8, [r8] | r8 = *(0x1081c);
0x00010794 bl 0x10550 | strerror (r0);
0x00010798 str r7, [sp] | *(sp) = r7;
0x0001079c ldr r3, [pc, 0x88] | r3 = "%s: error!: cannot open \"%s\"\n";
0x000107a0 mov r2, 0xa | r2 = 0xa;
0x000107a4 ldr r1, [pc, 0x84] | r1 = *(0x1082c);
0x000107a8 str r0, [sp, 4] | var_4h = r0;
0x000107ac mov r0, r8 | r0 = r8;
0x000107b0 bl 0x1058c | fprintf (r0, r1, r2, "%s: error!: cannot open \"%s\"\n")
| label_3:
0x000107b4 ldr r3, [r6] | r3 = *(r6);
0x000107b8 cmp r3, r5 |
| if (r3 == r5) {
0x000107bc beq 0x106ec | goto label_1;
| }
0x000107c0 mov r0, r5 | r0 = r5;
0x000107c4 bl 0x105c8 | fclose (r0);
0x000107c8 b 0x106ec | goto label_1;
| label_9:
0x000107cc mov r0, r7 | r0 = r7;
0x000107d0 mov r2, r8 | r2 = r8;
0x000107d4 add r1, sp, 8 | r1 += ptr;
0x000107d8 bl 0x10974 | r0 = fcn_00010974 (r0);
0x000107dc mov r7, r0 | r7 = r0;
| label_4:
0x000107e0 mov r0, r5 | r0 = r5;
0x000107e4 bl 0x10574 | r0 = feof (r0);
0x000107e8 cmp r0, 0 |
| if (r0 == 0) {
0x000107ec beq 0x10748 | goto label_2;
| }
0x000107f0 mov r1, r7 | r1 = r7;
0x000107f4 ldr r0, [pc, 0x5c] | r0 = "%s: error!: cannot read input file\n";
0x000107f8 bl 0x10544 | printf ("%s: error!: cannot read input file\n", r1)
0x000107fc mov r4, 0 | r4 = 0;
0x00010800 b 0x107b4 | goto label_3;
| label_5:
0x00010804 mvn r7, 0 | r7 = ~0;
0x00010808 b 0x107e0 | goto label_4;
| }
[*] Function printf used 10 times ubicrc32
