[*] Binary protection state of flash_erase
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of flash_erase
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/flash_erase @ 0x11aac */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00011aac () | void fcn_00011aac (int32_t arg1, int32_t arg2) {
| int32_t var_8h;
| char * s;
| int32_t var_1ch;
| int32_t var_14h_2;
| int32_t var_14h;
| r0 = arg1;
| r1 = arg2;
0x00011aac push {r4, r5, r6, r7, fp, lr} |
0x00011ab0 add fp, sp, 0x14 |
0x00011ab4 sub sp, sp, 0x18 |
0x00011ab8 mov r7, r1 | r7 = r1;
0x00011abc mov r6, r0 | r6 = r0;
0x00011ac0 mov r5, r2 | r5 = r2;
0x00011ac4 bl 0x10b74 | strlen (r0);
0x00011ac8 mov r2, r7 | r2 = r7;
0x00011acc mov r1, r6 | r1 = r6;
0x00011ad0 add r0, r0, 0x39 | r0 += 0x39;
0x00011ad4 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00011ad8 sub sp, sp, r0 |
0x00011adc add r4, sp, 0x10 | r4 += s;
0x00011ae0 mov r0, r4 | r0 = r4;
0x00011ae4 bl 0x10b44 | sprintf (r0, r1, r2)
0x00011ae8 sub r1, fp, 0x1c | r1 -= s;
0x00011aec mov r0, r4 | r0 = r4;
0x00011af0 bl 0x118f8 | r0 = fcn_000118f8 (r0, r1);
0x00011af4 cmp r0, 0 |
| if (r0 == 0) {
0x00011af8 bne 0x11b38 |
0x00011afc ldrd r2, r3, [fp, -0x1c] | __asm ("ldrd r2, r3, [s]");
0x00011b00 cmp r2, 0x80000000 |
0x00011b04 sbcs r1, r3, 0 | __asm ("sbcs r1, r3, 0");
| if (r2 >= 0x80000000) {
0x00011b08 strlt r2, [r5] | *(r5) = r2;
| }
| if (r2 < 0x80000000) {
0x00011b0c blt 0x11b3c | goto label_0;
| }
0x00011b10 strd r2, r3, [sp] | __asm ("strd r2, r3, [sp]");
0x00011b14 ldr r3, [pc, 0x28] | r3 = *(0x11b40);
0x00011b18 str r4, [sp, 8] | var_8h = r4;
0x00011b1c ldr r2, [pc, 0x24] | r2 = stderr;
0x00011b20 ldr r0, [r3] | r0 = *(0x11b40);
0x00011b24 ldr r1, [pc, 0x20] | r1 = "libmtd";
0x00011b28 bl 0x10aa8 | r0 = fprintf (r0, "libmtd", r2, r3, r4);
0x00011b2c bl 0x10b5c | errno_location ();
0x00011b30 mov r3, 0x16 | r3 = 0x16;
0x00011b34 str r3, [r0] | *(r0) = r3;
| }
0x00011b38 mvn r0, 0 | r0 = ~0;
| label_0:
0x00011b3c sub sp, fp, 0x14 |
0x00011b40 pop {r4, r5, r6, r7, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/flash_erase @ 0x11f3c */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00011f3c () | void fcn_00011f3c (int32_t arg2, char * s) {
| char * var_50h;
| int32_t var_0h;
| int32_t var_4h;
| char * var_8h;
| int32_t var_18h_2;
| int32_t var_18h;
| r1 = arg2;
| r0 = s;
0x00011f3c push {r4, r5, r6, r7, r8, fp, lr} |
0x00011f40 add fp, sp, 0x18 |
0x00011f44 sub sp, sp, 0x44 |
0x00011f48 ldr r7, [r0] | r7 = *(r0);
0x00011f4c mov r8, r1 | r8 = r1;
0x00011f50 mov r0, r7 | r0 = r7;
0x00011f54 mov r6, r3 | r6 = r3;
0x00011f58 mov r5, r2 | r5 = r2;
0x00011f5c bl 0x10b74 | strlen (r0);
0x00011f60 mov r2, r8 | r2 = r8;
0x00011f64 mov r1, r7 | r1 = r7;
0x00011f68 add r0, r0, 0x39 | r0 += 0x39;
0x00011f6c bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00011f70 sub sp, sp, r0 |
0x00011f74 add r4, sp, 8 | r4 += var_8h;
0x00011f78 mov r0, r4 | r0 = r4;
0x00011f7c bl 0x10b44 | sprintf (r0, r1, r2)
0x00011f80 mov r2, 0x32 | r2 = 0x32;
0x00011f84 sub r1, fp, 0x50 | r1 -= var_50h;
0x00011f88 mov r0, r4 | r0 = r4;
0x00011f8c bl 0x11764 | r0 = fcn_00011764 (r0, r1);
0x00011f90 cmp r0, 0 |
| if (r0 < 0) {
0x00011f94 blt 0x11fdc | goto label_1;
| }
0x00011f98 mov r3, r6 | r3 = r6;
0x00011f9c mov r2, r5 | r2 = r5;
0x00011fa0 ldr r1, [pc, 0x8c] | r1 = *(0x12030);
0x00011fa4 sub r0, fp, 0x50 | r0 -= var_50h;
0x00011fa8 bl 0x10af0 | r0 = sscanf (r0, r1, r2);
0x00011fac cmp r0, 2 |
| if (r0 == 2) {
0x00011fb0 beq 0x11fe4 | goto label_2;
| }
0x00011fb4 bl 0x10b5c | errno_location ();
0x00011fb8 mov r3, 0x16 | r3 = 0x16;
0x00011fbc ldr r2, [pc, 0x74] | r2 = "_d:_d";
0x00011fc0 ldr r1, [pc, 0x74] | r1 = "libmtd";
0x00011fc4 str r3, [r0] | *(r0) = r3;
0x00011fc8 ldr r0, [pc, 0x70] |
0x00011fcc mov r3, r4 | r3 = r4;
0x00011fd0 ldr r0, [r0] | r0 = "%s: error!: \"%s\" does not have major:minor format\n";
0x00011fd4 bl 0x10aa8 | fprintf ("%s: error!: \"%s\" does not have major:minor format\n", "libmtd", "_d:_d", r3);
| label_0:
0x00011fd8 mvn r0, 0 | r0 = ~0;
| do {
| label_1:
0x00011fdc sub sp, fp, 0x18 |
0x00011fe0 pop {r4, r5, r6, r7, r8, fp, pc} |
| label_2:
0x00011fe4 ldr r3, [r5] | r3 = *(r5);
0x00011fe8 cmp r3, 0 |
| if (r3 < 0) {
0x00011fec blt 0x12000 | goto label_3;
| }
0x00011ff0 ldr r3, [r6] | r3 = *(r6);
0x00011ff4 cmp r3, 0 |
| if (r3 < 0) {
0x00011ff8 movge r0, 0 | r0 = 0;
| }
0x00011ffc bge 0x11fdc |
| } while (r3 >= 0);
| label_3:
0x00012000 bl 0x10b5c | errno_location ();
0x00012004 mov r3, 0x16 | r3 = 0x16;
0x00012008 ldr r2, [pc, 0x28] | r2 = "_d:_d";
0x0001200c ldr r1, [pc, 0x30] | r1 = stderr;
0x00012010 str r3, [r0] | *(r0) = r3;
0x00012014 ldr r0, [pc, 0x24] |
0x00012018 ldr r3, [r6] | r3 = *(r6);
0x0001201c str r4, [sp, 4] | var_4h = r4;
0x00012020 str r3, [sp] | *(sp) = r3;
0x00012024 ldr r3, [r5] | r3 = *(r5);
0x00012028 ldr r0, [r0] | r0 = "%s: error!: \"%s\" does not have major:minor format\n";
0x0001202c bl 0x10aa8 | fprintf ("%s: error!: \"%s\" does not have major:minor format\n", r1, "_d:_d", r3, r4);
0x00012030 b 0x11fd8 | goto label_0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/flash_erase @ 0x125e4 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.000125e4 () | void fcn_000125e4 (int32_t arg1, int32_t arg2) {
| int32_t var_7ch;
| int32_t var_10h_2;
| int32_t var_10h;
| r0 = arg1;
| r1 = arg2;
0x000125e4 push {r4, r5, r6, fp, lr} |
0x000125e8 add fp, sp, 0x10 |
0x000125ec sub sp, sp, 0x6c |
0x000125f0 ldrb r3, [r0, 0x34] | r3 = *((r0 + 0x34));
0x000125f4 mov r5, r1 | r5 = r1;
0x000125f8 tst r3, 1 |
| if ((r3 & 1) != 0) {
0x000125fc bne 0x1261c | goto label_0;
| }
0x00012600 mov r0, r1 | r0 = r1;
0x00012604 bl 0x13ee0 | r0 = fcn_00013ee0 (r0);
0x00012608 sub r0, r0, 1 | r0--;
0x0001260c clz r0, r0 | r0 &= r0;
0x00012610 lsr r0, r0, 5 | r0 >>= 5;
| do {
0x00012614 sub sp, fp, 0x10 |
0x00012618 pop {r4, r5, r6, fp, pc} |
| label_0:
0x0001261c ldr r4, [r0, 4] | r4 = *((r0 + 4));
0x00012620 mov r6, sp | r6 = sp;
0x00012624 mov r0, r4 | r0 = r4;
0x00012628 bl 0x10b74 | strlen (r0);
0x0001262c mov r2, r5 | r2 = r5;
0x00012630 mov r1, r4 | r1 = r4;
0x00012634 add r0, r0, 0x11 | r0 += 0x11;
0x00012638 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x0001263c sub sp, sp, r0 |
0x00012640 mov r0, sp | r0 = sp;
0x00012644 bl 0x10b44 | sprintf (r0, r1, r2)
0x00012648 mov r0, sp | r0 = sp;
0x0001264c sub r1, fp, 0x7c | r1 -= var_7ch;
0x00012650 bl 0x10a18 | stat64 ();
0x00012654 mov sp, r6 |
0x00012658 clz r0, r0 | r0 &= r0;
0x0001265c lsr r0, r0, 5 | r0 >>= 5;
0x00012660 b 0x12614 |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/flash_erase @ 0x126a4 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.000126a4 () | void fcn_000126a4 (int32_t arg1, int32_t arg2) {
| int32_t var_68h;
| int32_t var_64h;
| char * buf;
| int32_t var_24h;
| int32_t var_0h;
| int32_t var_4h;
| int32_t var_8h;
| char * s;
| int32_t var_sp_64h;
| int32_t var_20h_2;
| int32_t var_20h;
| r0 = arg1;
| r1 = arg2;
0x000126a4 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x000126a8 add r6, r2, 4 | r6 = r2 + 4;
0x000126ac add fp, sp, 0x20 |
0x000126b0 sub sp, sp, 0x5c |
0x000126b4 mov r5, r1 | r5 = r1;
0x000126b8 mov r7, r0 | r7 = r0;
0x000126bc mov r4, r2 | r4 = r2;
0x000126c0 mov r1, 0 | r1 = 0;
0x000126c4 mov r2, 0xfc | r2 = 0xfc;
0x000126c8 mov r0, r6 | r0 = r6;
0x000126cc bl 0x10b14 | memset (r0, r1, r2);
0x000126d0 str r5, [r4] | *(r4) = r5;
0x000126d4 mov r1, r5 | r1 = r5;
0x000126d8 mov r0, r7 | r0 = r7;
0x000126dc bl 0x125e4 | r0 = fcn_000125e4 (r0, r1);
0x000126e0 cmp r0, 0 |
| if (r0 != 0) {
0x000126e4 bne 0x126fc | goto label_4;
| }
0x000126e8 bl 0x10b5c | errno_location ();
0x000126ec mov r3, 0x13 | r3 = 0x13;
0x000126f0 str r3, [r0] | *(r0) = r3;
| do {
| label_0:
0x000126f4 mvn r5, 0 | r5 = ~0;
0x000126f8 b 0x12718 | goto label_1;
| label_4:
0x000126fc ldrb r3, [r7, 0x34] | r3 = *((r7 + 0x34));
0x00012700 tst r3, 1 |
| if ((r3 & 1) == 0) {
0x00012704 bne 0x12724 |
0x00012708 mov r0, r5 | r0 = r5;
0x0001270c mov r1, r4 | r1 = r4;
0x00012710 bl 0x14654 | r0 = fcn_00014654 (r0, r1);
0x00012714 mov r5, r0 | r5 = r0;
| label_1:
0x00012718 mov r0, r5 | r0 = r5;
0x0001271c sub sp, fp, 0x20 |
0x00012720 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x00012724 add r3, r4, 8 | r3 = r4 + 8;
0x00012728 mov r2, r6 | r2 = r6;
0x0001272c mov r1, r5 | r1 = r5;
0x00012730 add r0, r7, 8 | r0 = r7 + 8;
0x00012734 bl 0x11f3c | r0 = fcn_00011f3c (r0, r1);
0x00012738 subs sl, r0, 0 | sl = r0 - 0;
0x0001273c bne 0x126f4 |
| } while (sl != r0);
0x00012740 ldr r8, [r7, 0xc] | r8 = *((r7 + 0xc));
0x00012744 mov sb, sp | sb = sp;
0x00012748 mov r0, r8 | r0 = r8;
0x0001274c bl 0x10b74 | strlen (r0);
0x00012750 mov r2, r5 | r2 = r5;
0x00012754 mov r1, r8 | r1 = r8;
0x00012758 add r6, r4, 0x51 | r6 = r4 + 0x51;
0x0001275c add r0, r0, 0x6b | r0 += 0x6b;
0x00012760 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012764 sub sp, sp, r0 |
0x00012768 add r3, sp, 0x10 | r3 += s;
0x0001276c mov r0, r3 | r0 = r3;
0x00012770 str r3, [fp, -0x68] | var_68h = r3;
0x00012774 bl 0x10b44 | sprintf (r0, r1, r2)
0x00012778 ldr r3, [fp, -0x68] | r3 = var_68h;
0x0001277c mov r2, 0x80 | r2 = 0x80;
0x00012780 mov r1, r6 | r1 = r6;
0x00012784 mov r0, r3 | r0 = r3;
0x00012788 bl 0x11764 | fcn_00011764 (r0, r1);
0x0001278c mov sp, sb |
0x00012790 cmp r0, 0 |
| if (r0 < 0) {
0x00012794 blt 0x126f4 | goto label_0;
| }
0x00012798 add r6, r6, r0 | r6 += r0;
0x0001279c strb sl, [r6, -1] | *((r6 - 1)) = sl;
0x000127a0 ldr r6, [r7, 0x10] | r6 = *((r7 + 0x10));
0x000127a4 add r8, r4, 0x10 | r8 = r4 + 0x10;
0x000127a8 mov r0, r6 | r0 = r6;
0x000127ac bl 0x10b74 | strlen (r0);
0x000127b0 mov r2, r5 | r2 = r5;
0x000127b4 mov r1, r6 | r1 = r6;
0x000127b8 add r0, r0, 0x6b | r0 += 0x6b;
0x000127bc bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x000127c0 sub sp, sp, r0 |
0x000127c4 add r3, sp, 0x10 | r3 += s;
0x000127c8 mov r0, r3 | r0 = r3;
0x000127cc str r3, [fp, -0x68] | var_68h = r3;
0x000127d0 bl 0x10b44 | sprintf (r0, r1, r2)
0x000127d4 ldr r3, [fp, -0x68] | r3 = var_68h;
0x000127d8 mov r2, 0x41 | r2 = 0x41;
0x000127dc mov r1, r8 | r1 = r8;
0x000127e0 mov r0, r3 | r0 = r3;
0x000127e4 bl 0x11764 | fcn_00011764 (r0, r1);
0x000127e8 mov sp, sb |
0x000127ec cmp r0, 0 |
| if (r0 < 0) {
0x000127f0 blt 0x126f4 | goto label_0;
| }
0x000127f4 add r0, r8, r0 | r0 = r8 + r0;
0x000127f8 strb sl, [r0, -1] | *((r0 - 1)) = sl;
0x000127fc add r2, r4, 0xe4 | r2 = r4 + 0xe4;
0x00012800 mov r1, r5 | r1 = r5;
0x00012804 ldr r0, [r7, 0x14] | r0 = *((r7 + 0x14));
0x00012808 bl 0x11aac | r0 = fcn_00011aac (r0, r1);
0x0001280c cmp r0, 0 |
| if (r0 != 0) {
0x00012810 bne 0x126f4 | goto label_0;
| }
0x00012814 ldr sl, [r7, 0x18] | sl = *((r7 + 0x18));
0x00012818 mov r0, sl | r0 = sl;
0x0001281c bl 0x10b74 | strlen (r0);
0x00012820 mov r2, r5 | r2 = r5;
0x00012824 mov r1, sl | r1 = sl;
0x00012828 add r0, r0, 0x39 | r0 += 0x39;
0x0001282c bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012830 sub sp, sp, r0 |
0x00012834 add r6, sp, 0x10 | r6 += s;
0x00012838 mov r0, r6 | r0 = r6;
0x0001283c bl 0x10b44 | sprintf (r0, r1, r2)
0x00012840 add r1, r4, 0xd8 | r1 = r4 + 0xd8;
0x00012844 mov r0, r6 | r0 = r6;
0x00012848 bl 0x118f8 | fcn_000118f8 (r0, r1);
0x0001284c mov sp, sb |
0x00012850 cmp r0, 0 |
| if (r0 != 0) {
0x00012854 bne 0x126f4 | goto label_0;
| }
0x00012858 add r2, r4, 0xe8 | r2 = r4 + 0xe8;
0x0001285c mov r1, r5 | r1 = r5;
0x00012860 ldr r0, [r7, 0x1c] | r0 = *((r7 + 0x1c));
0x00012864 bl 0x11aac | r0 = fcn_00011aac (r0, r1);
0x00012868 cmp r0, 0 |
| if (r0 != 0) {
0x0001286c bne 0x126f4 | goto label_0;
| }
0x00012870 add r2, r4, 0xec | r2 = r4 + 0xec;
0x00012874 mov r1, r5 | r1 = r5;
0x00012878 ldr r0, [r7, 0x20] | r0 = *((r7 + 0x20));
0x0001287c bl 0x11aac | r0 = fcn_00011aac (r0, r1);
0x00012880 cmp r0, 0 |
| if (r0 != 0) {
0x00012884 bne 0x126f4 | goto label_0;
| }
0x00012888 add r2, r4, 0xf0 | r2 = r4 + 0xf0;
0x0001288c mov r1, r5 | r1 = r5;
0x00012890 ldr r0, [r7, 0x24] | r0 = *((r7 + 0x24));
0x00012894 bl 0x11aac | r0 = fcn_00011aac (r0, r1);
0x00012898 cmp r0, 0 |
| if (r0 != 0) {
0x0001289c bne 0x126f4 | goto label_0;
| }
0x000128a0 add r2, r4, 0xf4 | r2 = r4 + 0xf4;
0x000128a4 mov r1, r5 | r1 = r5;
0x000128a8 ldr r0, [r7, 0x28] | r0 = *((r7 + 0x28));
0x000128ac bl 0x11aac | r0 = fcn_00011aac (r0, r1);
0x000128b0 cmp r0, 0 |
| if (r0 != 0) {
0x000128b4 beq 0x128d0 |
0x000128b8 mov r0, r5 | r0 = r5;
0x000128bc bl 0x1413c | r0 = fcn_0001413c (r0);
0x000128c0 cmp r0, 0 |
| if (r0 >= 0) {
0x000128c4 movlt r3, 0 | r3 = 0;
| }
| if (r0 < 0) {
0x000128c8 strge r0, [r4, 0xf4] | *((r4 + 0xf4)) = r0;
| }
| if (r0 < 0) {
0x000128cc strlt r3, [r4, 0xf4] | *((r4 + 0xf4)) = r3;
| goto label_5;
| }
| }
| label_5:
0x000128d0 add r2, r4, 0xf8 | r2 = r4 + 0xf8;
0x000128d4 mov r1, r5 | r1 = r5;
0x000128d8 ldr r0, [r7, 0x2c] | r0 = *((r7 + 0x2c));
0x000128dc bl 0x11aac | r0 = fcn_00011aac (r0, r1);
0x000128e0 subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 != r0) {
0x000128e4 bne 0x126f4 | goto label_0;
| }
0x000128e8 ldr r7, [r7, 0x30] | r7 = *((r7 + 0x30));
0x000128ec mov sl, sp | sl = sp;
0x000128f0 mov r0, r7 | r0 = r7;
0x000128f4 bl 0x10b74 | strlen (r0);
0x000128f8 mov r2, r5 | r2 = r5;
0x000128fc mov r1, r7 | r1 = r7;
0x00012900 add r0, r0, 0x39 | r0 += 0x39;
0x00012904 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012908 sub sp, sp, r0 |
0x0001290c add sb, sp, 0x10 | sb += s;
0x00012910 mov r0, sb | r0 = sb;
0x00012914 bl 0x10b44 | sprintf (r0, r1, r2)
0x00012918 mov r1, 0x80000 | r1 = 0x80000;
0x0001291c mov r0, sb | r0 = sb;
0x00012920 bl 0x10b20 | r0 = open64 ();
0x00012924 cmn r0, 1 |
0x00012928 mov r5, r0 | r5 = r0;
| if (r0 == 1) {
0x0001292c bne 0x12938 |
0x00012930 mov sp, sl |
0x00012934 b 0x12718 | goto label_1;
| }
0x00012938 mov r2, 0x32 | r2 = 0x32;
0x0001293c sub r1, fp, 0x58 | r1 -= buf;
0x00012940 bl 0x10acc | r0 = read (r0, r1, r2);
0x00012944 cmn r0, 1 |
| if (r0 != 1) {
0x00012948 bne 0x129a0 | goto label_6;
| }
0x0001294c bl 0x10b5c | errno_location ();
0x00012950 ldr r6, [pc, 0x294] |
0x00012954 mov r3, sb | r3 = sb;
0x00012958 ldr r2, [pc, 0x290] | r2 = stderr;
0x0001295c ldr r1, [pc, 0x290] | r1 = "libmtd";
0x00012960 ldr r4, [r0] | r4 = *(r0);
0x00012964 ldr r0, [r6] | r0 = *(0x12be8);
0x00012968 bl 0x10aa8 | fprintf (r0, "libmtd", r2, r3, r4, r5, r6);
0x0001296c mov r0, r4 | r0 = r4;
0x00012970 ldr r6, [r6] | r6 = *(0x12be8);
0x00012974 bl 0x10a0c | strerror (r0);
0x00012978 str r4, [sp] | *(sp) = r4;
0x0001297c ldr r3, [pc, 0x274] | r3 = "%s: error!: cannot read \"%s\"\n";
0x00012980 mov r2, 8 | r2 = 8;
0x00012984 ldr r1, [pc, 0x270] | r1 = *(0x12bf8);
0x00012988 str r0, [sp, 4] | var_4h = r0;
0x0001298c mov r0, r6 | r0 = r6;
0x00012990 bl 0x10aa8 | fprintf (r0, r1, r2, "%s: error!: cannot read \"%s\"\n", r4);
| do {
0x00012994 mov r0, r5 | r0 = r5;
0x00012998 bl 0x10ba4 | close (r0);
0x0001299c b 0x12a88 | goto label_7;
| label_6:
0x000129a0 cmp r0, 0x32 |
| if (r0 != 0x32) {
0x000129a4 bne 0x129d0 | goto label_8;
| }
0x000129a8 ldr r2, [pc, 0x240] | r2 = stderr;
0x000129ac ldr r1, [pc, 0x24c] | r1 = "%*serror %d (%s)\n";
0x000129b0 mov r3, sb | r3 = sb;
| label_2:
0x000129b4 ldr r0, [pc, 0x230] |
0x000129b8 ldr r0, [r0] | r0 = *(0x12be8);
0x000129bc bl 0x10aa8 | r0 = fprintf (r0, "%*serror %d (%s)\n", r2, r3);
| label_3:
0x000129c0 bl 0x10b5c | errno_location ();
0x000129c4 mov r3, 0x16 | r3 = 0x16;
0x000129c8 str r3, [r0] | *(r0) = r3;
0x000129cc b 0x12994 |
| } while (1);
| label_8:
0x000129d0 sub r3, fp, 0x24 | r3 -= var_24h;
0x000129d4 add r0, r3, r0 | r0 = r3 + r0;
0x000129d8 strb r6, [r0, -0x34] | *((r0 - 0x34)) = r6;
0x000129dc sub r2, fp, 0x64 | r2 -= var_64h;
0x000129e0 ldr r1, [pc, 0x21c] | r1 = "%s: error!: contents of \"%s\" is too long\n";
0x000129e4 sub r0, fp, 0x58 | r0 -= buf;
0x000129e8 bl 0x10af0 | r0 = sscanf (r0, "%s: error!: contents of \"%s\" is too long\n", r2);
0x000129ec cmp r0, 1 |
| if (r0 == 1) {
0x000129f0 movne r3, sb | r3 = sb;
| }
| if (r0 == 1) {
0x000129f4 ldrne r2, [pc, 0x1f4] | r2 = "libmtd";
| }
| if (r0 != 1) {
0x000129f8 ldrne r1, [pc, 0x208] | r1 = "_s:_error_:_cannot_read_integer_from___s_";
| goto label_9;
| }
| if (r0 != 1) {
| label_9:
0x000129fc bne 0x129b4 | goto label_2;
| }
0x00012a00 ldrd r2, r3, [fp, -0x64] | __asm ("ldrd r2, r3, [var_64h]");
0x00012a04 cmp r2, 0 |
0x00012a08 sbcs r1, r3, 0 | __asm ("sbcs r1, r3, 0");
| if (r2 < 0) {
0x00012a0c bge 0x12a30 |
0x00012a10 strd r2, r3, [sp] | __asm ("strd r2, r3, [sp]");
0x00012a14 ldr r3, [pc, 0x1d0] | r3 = *(0x12be8);
0x00012a18 str sb, [sp, 8] | var_8h = sb;
0x00012a1c ldr r2, [pc, 0x1cc] | r2 = stderr;
0x00012a20 ldr r1, [pc, 0x1e4] | r1 = "_s:_error_:_cannot_read_integer_from___s_";
0x00012a24 ldr r0, [r3] | r0 = *(0x12be8);
0x00012a28 bl 0x10aa8 | fprintf (r0, "_s:_error_:_cannot_read_integer_from___s_", r2, r3);
0x00012a2c b 0x129c0 | goto label_3;
| }
0x00012a30 mov r0, r5 | r0 = r5;
0x00012a34 bl 0x10ba4 | r0 = close (r0);
0x00012a38 subs r5, r0, 0 | r5 = r0 - 0;
| if (r5 == r0) {
0x00012a3c beq 0x12a90 | goto label_10;
| }
0x00012a40 bl 0x10b5c | errno_location ();
0x00012a44 ldr r5, [pc, 0x1a0] |
0x00012a48 mov r3, sb | r3 = sb;
0x00012a4c ldr r2, [pc, 0x19c] | r2 = stderr;
0x00012a50 ldr r1, [pc, 0x1b8] | r1 = "_s:_error_:_negative_value__lld_in___s_";
0x00012a54 ldr r4, [r0] | r4 = *(r0);
0x00012a58 ldr r0, [r5] | r0 = *(0x12be8);
0x00012a5c bl 0x10aa8 | fprintf (r0, "_s:_error_:_negative_value__lld_in___s_", r2, r3, r4, r5);
0x00012a60 mov r0, r4 | r0 = r4;
0x00012a64 ldr r5, [r5] | r5 = *(0x12be8);
0x00012a68 bl 0x10a0c | strerror (r0);
0x00012a6c str r4, [sp] | *(sp) = r4;
0x00012a70 ldr r3, [pc, 0x180] | r3 = "%s: error!: cannot read \"%s\"\n";
0x00012a74 mov r2, 8 | r2 = 8;
0x00012a78 ldr r1, [pc, 0x17c] | r1 = *(0x12bf8);
0x00012a7c str r0, [sp, 4] | var_4h = r0;
0x00012a80 mov r0, r5 | r0 = r5;
0x00012a84 bl 0x10aa8 | fprintf (r0, r1, r2, "%s: error!: cannot read \"%s\"\n", r4);
| do {
| label_7:
0x00012a88 mov sp, sl |
0x00012a8c b 0x126f4 | goto label_0;
| label_10:
0x00012a90 ldrd r2, r3, [fp, -0x64] | __asm ("ldrd r2, r3, [var_64h]");
0x00012a94 mov r1, 0 | r1 = 0;
0x00012a98 adds r6, r2, 0x80000000 | r6 = r2 + 0x80000000;
0x00012a9c adc r7, r3, 0 | __asm ("adc r7, r3, 0");
0x00012aa0 mvn r0, 0 | r0 = ~0;
0x00012aa4 cmp r7, r1 |
0x00012aa8 cmpeq r6, r0 | __asm ("cmpeq r6, r0");
| if (r7 < r1) {
0x00012aac bls 0x12adc | goto label_11;
| }
0x00012ab0 strd r2, r3, [sp] | __asm ("strd r2, r3, [sp]");
0x00012ab4 ldr r3, [pc, 0x130] | r3 = *(0x12be8);
0x00012ab8 str sb, [sp, 8] | var_8h = sb;
0x00012abc ldr r2, [pc, 0x12c] | r2 = stderr;
0x00012ac0 ldr r0, [r3] | r0 = *(0x12be8);
0x00012ac4 ldr r1, [pc, 0x148] | r1 = "%s: error!: close failed on \"%s\"\n";
0x00012ac8 bl 0x10aa8 | r0 = fprintf (r0, "%s: error!: close failed on \"%s\"\n", r2, r3);
0x00012acc bl 0x10b5c | errno_location ();
0x00012ad0 mov r3, 0x16 | r3 = 0x16;
0x00012ad4 str r3, [r0] | *(r0) = r3;
0x00012ad8 b 0x12a88 |
| } while (1);
| label_11:
0x00012adc lsl r3, r2, 0x15 | r3 = r2 << 0x15;
0x00012ae0 ldrb r2, [r4, 0xfc] | r2 = *((r4 + 0xfc));
0x00012ae4 mov sp, sl |
0x00012ae8 bic r2, r2, 1 | r2 = BIT_MASK (r2, 1);
0x00012aec orr r2, r2, r3, lsr 31 | r2 |= (r3 >> 31);
0x00012af0 strb r2, [r4, 0xfc] | *((r4 + 0xfc)) = r2;
0x00012af4 ldr r2, [r4, 0xe4] | r2 = *((r4 + 0xe4));
0x00012af8 ldrd r0, r1, [r4, 0xd8] | __asm ("ldrd r0, r1, [r4, 0xd8]");
0x00012afc asr r3, r2, 0x1f | r3 = r2 >> 0x1f;
0x00012b00 bl 0x1484c | fcn_0001484c (r0, r1);
0x00012b04 ldr r1, [pc, 0x10c] | r1 = "%s: error!: value %lld read from file \"%s\" is out of range\n";
0x00012b08 str r0, [r4, 0xe0] | *((r4 + 0xe0)) = r0;
0x00012b0c mov r0, r8 | r0 = r8;
0x00012b10 bl 0x10b38 | r0 = strcmp (r0, r1);
0x00012b14 cmp r0, 0 |
| if (r0 != 0) {
0x00012b18 moveq r0, 4 | r0 = 4;
| }
| if (r0 != 0) {
0x00012b1c beq 0x12bc4 |
0x00012b20 ldr r1, [pc, 0xf4] | r1 = *(0x12c18);
0x00012b24 mov r0, r8 | r0 = r8;
0x00012b28 bl 0x10b38 | r0 = strcmp (r0, r1);
0x00012b2c cmp r0, 0 |
| if (r0 != 0) {
0x00012b30 moveq r0, 8 | r0 = 8;
| }
| if (r0 == 0) {
0x00012b34 beq 0x12bc4 | goto label_12;
| }
0x00012b38 ldr r1, [pc, 0xe0] | r1 = "mlc-nand";
0x00012b3c mov r0, r8 | r0 = r8;
0x00012b40 bl 0x10b38 | r0 = strcmp (r0, "mlc-nand");
0x00012b44 cmp r0, 0 |
| if (r0 != 0) {
0x00012b48 moveq r0, 3 | r0 = 3;
| }
| if (r0 == 0) {
0x00012b4c beq 0x12bc4 | goto label_12;
| }
0x00012b50 ldr r1, [pc, 0xcc] | r1 = "nor";
0x00012b54 mov r0, r8 | r0 = r8;
0x00012b58 bl 0x10b38 | r0 = strcmp (r0, "nor");
0x00012b5c cmp r0, 0 |
| if (r0 != 0) {
0x00012b60 moveq r0, 2 | r0 = 2;
| }
| if (r0 == 0) {
0x00012b64 beq 0x12bc4 | goto label_12;
| }
0x00012b68 ldr r1, [pc, 0xb8] | r1 = "rom";
0x00012b6c mov r0, r8 | r0 = r8;
0x00012b70 bl 0x10b38 | r0 = strcmp (r0, "rom");
0x00012b74 cmp r0, 0 |
| if (r0 == 0) {
0x00012b78 beq 0x12bc4 | goto label_12;
| }
0x00012b7c ldr r1, [pc, 0xa8] | r1 = "absent";
0x00012b80 mov r0, r8 | r0 = r8;
0x00012b84 bl 0x10b38 | r0 = strcmp (r0, "absent");
0x00012b88 cmp r0, 0 |
| if (r0 != 0) {
0x00012b8c moveq r0, 6 | r0 = 6;
| }
| if (r0 == 0) {
0x00012b90 beq 0x12bc4 | goto label_12;
| }
0x00012b94 ldr r1, [pc, 0x94] | r1 = "dataflash";
0x00012b98 mov r0, r8 | r0 = r8;
0x00012b9c bl 0x10b38 | r0 = strcmp (r0, "dataflash");
0x00012ba0 cmp r0, 0 |
| if (r0 != 0) {
0x00012ba4 moveq r0, 1 | r0 = 1;
| }
| if (r0 == 0) {
0x00012ba8 beq 0x12bc4 | goto label_12;
| }
0x00012bac ldr r1, [pc, 0x80] | r1 = *(0x12c30);
0x00012bb0 mov r0, r8 | r0 = r8;
0x00012bb4 bl 0x10b38 | r0 = strcmp (r0, r1);
0x00012bb8 cmp r0, 0 |
| if (r0 != 0) {
0x00012bbc moveq r0, 7 | r0 = 7;
| }
| if (r0 != 0) {
0x00012bc0 mvnne r0, 0 | r0 = ~0;
| goto label_12;
| }
| }
| label_12:
0x00012bc4 str r0, [r4, 0xc] | *((r4 + 0xc)) = r0;
0x00012bc8 sub r0, r0, 4 | r0 -= 4;
0x00012bcc bics r3, r0, 4 | __asm ("bics r3, r0, 4");
0x00012bd0 ldrb r3, [r4, 0xfc] | r3 = *((r4 + 0xfc));
0x00012bd4 bic r2, r3, 2 | r2 = BIT_MASK (r3, 2);
| if (r0 != 0) {
0x00012bd8 moveq r3, 2 | r3 = 2;
| }
| if (r0 == 0) {
0x00012bdc movne r3, 0 | r3 = 0;
| }
0x00012be0 orr r3, r3, r2 | r3 |= r2;
0x00012be4 strb r3, [r4, 0xfc] | *((r4 + 0xfc)) = r3;
0x00012be8 b 0x12718 | goto label_1;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/flash_erase @ 0x1413c */
| #include <stdint.h>
|
; (fcn) fcn.0001413c () | void fcn_0001413c (int32_t arg1) {
| int32_t var_24h;
| r0 = arg1;
0x0001413c str lr, [sp, -4]! |
0x00014140 ldr r1, [pc, 0x1c] | r1 = *(0x14160);
0x00014144 sub sp, sp, 0x24 |
0x00014148 mov r2, r0 | r2 = r0;
0x0001414c mov r0, sp | r0 = sp;
0x00014150 bl 0x10b44 | sprintf (r0, r1, r2)
0x00014154 mov r0, sp | r0 = sp;
0x00014158 bl 0x13f9c | fcn_00013f9c (r0);
0x0001415c add sp, sp, 0x24 |
0x00014160 pop {pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/flash_erase @ 0x14654 */
| #include <stdint.h>
|
; (fcn) fcn.00014654 () | void fcn_00014654 (int32_t arg1, int32_t arg2) {
| char * s;
| int32_t var_20h;
| r0 = arg1;
| r1 = arg2;
0x00014654 push {r4, lr} |
0x00014658 sub sp, sp, 0x20 |
0x0001465c mov r2, r0 | r2 = r0;
0x00014660 mov r4, r1 | r4 = r1;
0x00014664 mov r0, sp | r0 = sp;
0x00014668 ldr r1, [pc, 0x14] | r1 = *(0x14680);
0x0001466c bl 0x10b44 | sprintf (r0, r1, r2)
0x00014670 mov r1, r4 | r1 = r4;
0x00014674 mov r0, sp | r0 = sp;
0x00014678 bl 0x14168 | fcn_00014168 (r0, r1);
0x0001467c add sp, sp, 0x20 |
0x00014680 pop {r4, pc} |
| }
[*] Function sprintf used 10 times flash_erase
