[*] Binary protection state of mtdinfo
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of mtdinfo
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/mtdinfo @ 0x12c04 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00012c04 () | void fcn_00012c04 (int32_t arg1, int32_t arg2) {
| int32_t var_8h;
| char * s;
| int32_t var_1ch;
| int32_t var_14h_2;
| int32_t var_14h;
| r0 = arg1;
| r1 = arg2;
0x00012c04 push {r4, r5, r6, r7, fp, lr} |
0x00012c08 add fp, sp, 0x14 |
0x00012c0c sub sp, sp, 0x18 |
0x00012c10 mov r7, r1 | r7 = r1;
0x00012c14 mov r6, r0 | r6 = r0;
0x00012c18 mov r5, r2 | r5 = r2;
0x00012c1c bl 0x10ba0 | strlen (r0);
0x00012c20 mov r2, r7 | r2 = r7;
0x00012c24 mov r1, r6 | r1 = r6;
0x00012c28 add r0, r0, 0x39 | r0 += 0x39;
0x00012c2c bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012c30 sub sp, sp, r0 |
0x00012c34 add r4, sp, 0x10 | r4 += s;
0x00012c38 mov r0, r4 | r0 = r4;
0x00012c3c bl 0x10b70 | sprintf (r0, r1, r2)
0x00012c40 sub r1, fp, 0x1c | r1 -= s;
0x00012c44 mov r0, r4 | r0 = r4;
0x00012c48 bl 0x12a50 | r0 = fcn_00012a50 (r0, r1);
0x00012c4c cmp r0, 0 |
| if (r0 == 0) {
0x00012c50 bne 0x12c90 |
0x00012c54 ldrd r2, r3, [fp, -0x1c] | __asm ("ldrd r2, r3, [s]");
0x00012c58 cmp r2, 0x80000000 |
0x00012c5c sbcs r1, r3, 0 | __asm ("sbcs r1, r3, 0");
| if (r2 >= 0x80000000) {
0x00012c60 strlt r2, [r5] | *(r5) = r2;
| }
| if (r2 < 0x80000000) {
0x00012c64 blt 0x12c94 | goto label_0;
| }
0x00012c68 strd r2, r3, [sp] | __asm ("strd r2, r3, [sp]");
0x00012c6c ldr r3, [pc, 0x28] | r3 = *(0x12c98);
0x00012c70 str r4, [sp, 8] | var_8h = r4;
0x00012c74 ldr r2, [pc, 0x24] | r2 = stderr;
0x00012c78 ldr r0, [r3] | r0 = *(0x12c98);
0x00012c7c ldr r1, [pc, 0x20] | r1 = "libmtd";
0x00012c80 bl 0x10abc | r0 = fprintf (r0, "libmtd", r2, r3, r4);
0x00012c84 bl 0x10b88 | errno_location ();
0x00012c88 mov r3, 0x16 | r3 = 0x16;
0x00012c8c str r3, [r0] | *(r0) = r3;
| }
0x00012c90 mvn r0, 0 | r0 = ~0;
| label_0:
0x00012c94 sub sp, fp, 0x14 |
0x00012c98 pop {r4, r5, r6, r7, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/mtdinfo @ 0x13094 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00013094 () | void fcn_00013094 (int32_t arg2, char * s) {
| char * var_50h;
| int32_t var_0h;
| int32_t var_4h;
| char * var_8h;
| int32_t var_18h_2;
| int32_t var_18h;
| r1 = arg2;
| r0 = s;
0x00013094 push {r4, r5, r6, r7, r8, fp, lr} |
0x00013098 add fp, sp, 0x18 |
0x0001309c sub sp, sp, 0x44 |
0x000130a0 ldr r7, [r0] | r7 = *(r0);
0x000130a4 mov r8, r1 | r8 = r1;
0x000130a8 mov r0, r7 | r0 = r7;
0x000130ac mov r6, r3 | r6 = r3;
0x000130b0 mov r5, r2 | r5 = r2;
0x000130b4 bl 0x10ba0 | strlen (r0);
0x000130b8 mov r2, r8 | r2 = r8;
0x000130bc mov r1, r7 | r1 = r7;
0x000130c0 add r0, r0, 0x39 | r0 += 0x39;
0x000130c4 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x000130c8 sub sp, sp, r0 |
0x000130cc add r4, sp, 8 | r4 += var_8h;
0x000130d0 mov r0, r4 | r0 = r4;
0x000130d4 bl 0x10b70 | sprintf (r0, r1, r2)
0x000130d8 mov r2, 0x32 | r2 = 0x32;
0x000130dc sub r1, fp, 0x50 | r1 -= var_50h;
0x000130e0 mov r0, r4 | r0 = r4;
0x000130e4 bl 0x128bc | r0 = fcn_000128bc (r0, r1);
0x000130e8 cmp r0, 0 |
| if (r0 < 0) {
0x000130ec blt 0x13134 | goto label_1;
| }
0x000130f0 mov r3, r6 | r3 = r6;
0x000130f4 mov r2, r5 | r2 = r5;
0x000130f8 ldr r1, [pc, 0x8c] | r1 = *(0x13188);
0x000130fc sub r0, fp, 0x50 | r0 -= var_50h;
0x00013100 bl 0x10b04 | r0 = sscanf (r0, r1, r2);
0x00013104 cmp r0, 2 |
| if (r0 == 2) {
0x00013108 beq 0x1313c | goto label_2;
| }
0x0001310c bl 0x10b88 | errno_location ();
0x00013110 mov r3, 0x16 | r3 = 0x16;
0x00013114 ldr r2, [pc, 0x74] | r2 = *(0x1318c);
0x00013118 ldr r1, [pc, 0x74] | r1 = "libmtd";
0x0001311c str r3, [r0] | *(r0) = r3;
0x00013120 ldr r0, [pc, 0x70] |
0x00013124 mov r3, r4 | r3 = r4;
0x00013128 ldr r0, [r0] | r0 = "_s:_error_:___s__does_not_have_major:minor_format";
0x0001312c bl 0x10abc | fprintf ("_s:_error_:___s__does_not_have_major:minor_format", "libmtd", r2, r3);
| label_0:
0x00013130 mvn r0, 0 | r0 = ~0;
| do {
| label_1:
0x00013134 sub sp, fp, 0x18 |
0x00013138 pop {r4, r5, r6, r7, r8, fp, pc} |
| label_2:
0x0001313c ldr r3, [r5] | r3 = *(r5);
0x00013140 cmp r3, 0 |
| if (r3 < 0) {
0x00013144 blt 0x13158 | goto label_3;
| }
0x00013148 ldr r3, [r6] | r3 = *(r6);
0x0001314c cmp r3, 0 |
| if (r3 < 0) {
0x00013150 movge r0, 0 | r0 = 0;
| }
0x00013154 bge 0x13134 |
| } while (r3 >= 0);
| label_3:
0x00013158 bl 0x10b88 | errno_location ();
0x0001315c mov r3, 0x16 | r3 = 0x16;
0x00013160 ldr r2, [pc, 0x28] | r2 = *(0x1318c);
0x00013164 ldr r1, [pc, 0x30] | r1 = stderr;
0x00013168 str r3, [r0] | *(r0) = r3;
0x0001316c ldr r0, [pc, 0x24] |
0x00013170 ldr r3, [r6] | r3 = *(r6);
0x00013174 str r4, [sp, 4] | var_4h = r4;
0x00013178 str r3, [sp] | *(sp) = r3;
0x0001317c ldr r3, [r5] | r3 = *(r5);
0x00013180 ldr r0, [r0] | r0 = "_s:_error_:___s__does_not_have_major:minor_format";
0x00013184 bl 0x10abc | fprintf ("_s:_error_:___s__does_not_have_major:minor_format", r1, r2, r3, r4);
0x00013188 b 0x13130 | goto label_0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/mtdinfo @ 0x1373c */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.0001373c () | void fcn_0001373c (int32_t arg1, int32_t arg2) {
| int32_t var_7ch;
| int32_t var_10h_2;
| int32_t var_10h;
| r0 = arg1;
| r1 = arg2;
0x0001373c push {r4, r5, r6, fp, lr} |
0x00013740 add fp, sp, 0x10 |
0x00013744 sub sp, sp, 0x6c |
0x00013748 ldrb r3, [r0, 0x34] | r3 = *((r0 + 0x34));
0x0001374c mov r5, r1 | r5 = r1;
0x00013750 tst r3, 1 |
| if ((r3 & 1) != 0) {
0x00013754 bne 0x13774 | goto label_0;
| }
0x00013758 mov r0, r1 | r0 = r1;
0x0001375c bl 0x15300 | r0 = fcn_00015300 (r0);
0x00013760 sub r0, r0, 1 | r0--;
0x00013764 clz r0, r0 | r0 &= r0;
0x00013768 lsr r0, r0, 5 | r0 >>= 5;
| do {
0x0001376c sub sp, fp, 0x10 |
0x00013770 pop {r4, r5, r6, fp, pc} |
| label_0:
0x00013774 ldr r4, [r0, 4] | r4 = *((r0 + 4));
0x00013778 mov r6, sp | r6 = sp;
0x0001377c mov r0, r4 | r0 = r4;
0x00013780 bl 0x10ba0 | strlen (r0);
0x00013784 mov r2, r5 | r2 = r5;
0x00013788 mov r1, r4 | r1 = r4;
0x0001378c add r0, r0, 0x11 | r0 += 0x11;
0x00013790 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00013794 sub sp, sp, r0 |
0x00013798 mov r0, sp | r0 = sp;
0x0001379c bl 0x10b70 | sprintf (r0, r1, r2)
0x000137a0 mov r0, sp | r0 = sp;
0x000137a4 sub r1, fp, 0x7c | r1 -= var_7ch;
0x000137a8 bl 0x10a38 | stat64 ();
0x000137ac mov sp, r6 |
0x000137b0 clz r0, r0 | r0 &= r0;
0x000137b4 lsr r0, r0, 5 | r0 >>= 5;
0x000137b8 b 0x1376c |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/mtdinfo @ 0x137fc */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.000137fc () | void fcn_000137fc (int32_t arg1, int32_t arg2) {
| int32_t var_68h;
| int32_t var_64h;
| char * buf;
| int32_t var_24h;
| int32_t var_0h;
| int32_t var_4h;
| int32_t var_8h;
| char * s;
| int32_t var_sp_64h;
| int32_t var_20h_2;
| int32_t var_20h;
| r0 = arg1;
| r1 = arg2;
0x000137fc push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00013800 add r6, r2, 4 | r6 = r2 + 4;
0x00013804 add fp, sp, 0x20 |
0x00013808 sub sp, sp, 0x5c |
0x0001380c mov r5, r1 | r5 = r1;
0x00013810 mov r7, r0 | r7 = r0;
0x00013814 mov r4, r2 | r4 = r2;
0x00013818 mov r1, 0 | r1 = 0;
0x0001381c mov r2, 0xfc | r2 = 0xfc;
0x00013820 mov r0, r6 | r0 = r6;
0x00013824 bl 0x10b34 | memset (r0, r1, r2);
0x00013828 str r5, [r4] | *(r4) = r5;
0x0001382c mov r1, r5 | r1 = r5;
0x00013830 mov r0, r7 | r0 = r7;
0x00013834 bl 0x1373c | r0 = fcn_0001373c (r0, r1);
0x00013838 cmp r0, 0 |
| if (r0 != 0) {
0x0001383c bne 0x13854 | goto label_4;
| }
0x00013840 bl 0x10b88 | errno_location ();
0x00013844 mov r3, 0x13 | r3 = 0x13;
0x00013848 str r3, [r0] | *(r0) = r3;
| do {
| label_0:
0x0001384c mvn r5, 0 | r5 = ~0;
0x00013850 b 0x13870 | goto label_1;
| label_4:
0x00013854 ldrb r3, [r7, 0x34] | r3 = *((r7 + 0x34));
0x00013858 tst r3, 1 |
| if ((r3 & 1) == 0) {
0x0001385c bne 0x1387c |
0x00013860 mov r0, r5 | r0 = r5;
0x00013864 mov r1, r4 | r1 = r4;
0x00013868 bl 0x15a74 | r0 = fcn_00015a74 (r0, r1);
0x0001386c mov r5, r0 | r5 = r0;
| label_1:
0x00013870 mov r0, r5 | r0 = r5;
0x00013874 sub sp, fp, 0x20 |
0x00013878 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x0001387c add r3, r4, 8 | r3 = r4 + 8;
0x00013880 mov r2, r6 | r2 = r6;
0x00013884 mov r1, r5 | r1 = r5;
0x00013888 add r0, r7, 8 | r0 = r7 + 8;
0x0001388c bl 0x13094 | r0 = fcn_00013094 (r0, r1);
0x00013890 subs sl, r0, 0 | sl = r0 - 0;
0x00013894 bne 0x1384c |
| } while (sl != r0);
0x00013898 ldr r8, [r7, 0xc] | r8 = *((r7 + 0xc));
0x0001389c mov sb, sp | sb = sp;
0x000138a0 mov r0, r8 | r0 = r8;
0x000138a4 bl 0x10ba0 | strlen (r0);
0x000138a8 mov r2, r5 | r2 = r5;
0x000138ac mov r1, r8 | r1 = r8;
0x000138b0 add r6, r4, 0x51 | r6 = r4 + 0x51;
0x000138b4 add r0, r0, 0x6b | r0 += 0x6b;
0x000138b8 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x000138bc sub sp, sp, r0 |
0x000138c0 add r3, sp, 0x10 | r3 += s;
0x000138c4 mov r0, r3 | r0 = r3;
0x000138c8 str r3, [fp, -0x68] | var_68h = r3;
0x000138cc bl 0x10b70 | sprintf (r0, r1, r2)
0x000138d0 ldr r3, [fp, -0x68] | r3 = var_68h;
0x000138d4 mov r2, 0x80 | r2 = 0x80;
0x000138d8 mov r1, r6 | r1 = r6;
0x000138dc mov r0, r3 | r0 = r3;
0x000138e0 bl 0x128bc | fcn_000128bc (r0, r1);
0x000138e4 mov sp, sb |
0x000138e8 cmp r0, 0 |
| if (r0 < 0) {
0x000138ec blt 0x1384c | goto label_0;
| }
0x000138f0 add r6, r6, r0 | r6 += r0;
0x000138f4 strb sl, [r6, -1] | *((r6 - 1)) = sl;
0x000138f8 ldr r6, [r7, 0x10] | r6 = *((r7 + 0x10));
0x000138fc add r8, r4, 0x10 | r8 = r4 + 0x10;
0x00013900 mov r0, r6 | r0 = r6;
0x00013904 bl 0x10ba0 | strlen (r0);
0x00013908 mov r2, r5 | r2 = r5;
0x0001390c mov r1, r6 | r1 = r6;
0x00013910 add r0, r0, 0x6b | r0 += 0x6b;
0x00013914 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00013918 sub sp, sp, r0 |
0x0001391c add r3, sp, 0x10 | r3 += s;
0x00013920 mov r0, r3 | r0 = r3;
0x00013924 str r3, [fp, -0x68] | var_68h = r3;
0x00013928 bl 0x10b70 | sprintf (r0, r1, r2)
0x0001392c ldr r3, [fp, -0x68] | r3 = var_68h;
0x00013930 mov r2, 0x41 | r2 = 0x41;
0x00013934 mov r1, r8 | r1 = r8;
0x00013938 mov r0, r3 | r0 = r3;
0x0001393c bl 0x128bc | fcn_000128bc (r0, r1);
0x00013940 mov sp, sb |
0x00013944 cmp r0, 0 |
| if (r0 < 0) {
0x00013948 blt 0x1384c | goto label_0;
| }
0x0001394c add r0, r8, r0 | r0 = r8 + r0;
0x00013950 strb sl, [r0, -1] | *((r0 - 1)) = sl;
0x00013954 add r2, r4, 0xe4 | r2 = r4 + 0xe4;
0x00013958 mov r1, r5 | r1 = r5;
0x0001395c ldr r0, [r7, 0x14] | r0 = *((r7 + 0x14));
0x00013960 bl 0x12c04 | r0 = fcn_00012c04 (r0, r1);
0x00013964 cmp r0, 0 |
| if (r0 != 0) {
0x00013968 bne 0x1384c | goto label_0;
| }
0x0001396c ldr sl, [r7, 0x18] | sl = *((r7 + 0x18));
0x00013970 mov r0, sl | r0 = sl;
0x00013974 bl 0x10ba0 | strlen (r0);
0x00013978 mov r2, r5 | r2 = r5;
0x0001397c mov r1, sl | r1 = sl;
0x00013980 add r0, r0, 0x39 | r0 += 0x39;
0x00013984 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00013988 sub sp, sp, r0 |
0x0001398c add r6, sp, 0x10 | r6 += s;
0x00013990 mov r0, r6 | r0 = r6;
0x00013994 bl 0x10b70 | sprintf (r0, r1, r2)
0x00013998 add r1, r4, 0xd8 | r1 = r4 + 0xd8;
0x0001399c mov r0, r6 | r0 = r6;
0x000139a0 bl 0x12a50 | fcn_00012a50 (r0, r1);
0x000139a4 mov sp, sb |
0x000139a8 cmp r0, 0 |
| if (r0 != 0) {
0x000139ac bne 0x1384c | goto label_0;
| }
0x000139b0 add r2, r4, 0xe8 | r2 = r4 + 0xe8;
0x000139b4 mov r1, r5 | r1 = r5;
0x000139b8 ldr r0, [r7, 0x1c] | r0 = *((r7 + 0x1c));
0x000139bc bl 0x12c04 | r0 = fcn_00012c04 (r0, r1);
0x000139c0 cmp r0, 0 |
| if (r0 != 0) {
0x000139c4 bne 0x1384c | goto label_0;
| }
0x000139c8 add r2, r4, 0xec | r2 = r4 + 0xec;
0x000139cc mov r1, r5 | r1 = r5;
0x000139d0 ldr r0, [r7, 0x20] | r0 = *((r7 + 0x20));
0x000139d4 bl 0x12c04 | r0 = fcn_00012c04 (r0, r1);
0x000139d8 cmp r0, 0 |
| if (r0 != 0) {
0x000139dc bne 0x1384c | goto label_0;
| }
0x000139e0 add r2, r4, 0xf0 | r2 = r4 + 0xf0;
0x000139e4 mov r1, r5 | r1 = r5;
0x000139e8 ldr r0, [r7, 0x24] | r0 = *((r7 + 0x24));
0x000139ec bl 0x12c04 | r0 = fcn_00012c04 (r0, r1);
0x000139f0 cmp r0, 0 |
| if (r0 != 0) {
0x000139f4 bne 0x1384c | goto label_0;
| }
0x000139f8 add r2, r4, 0xf4 | r2 = r4 + 0xf4;
0x000139fc mov r1, r5 | r1 = r5;
0x00013a00 ldr r0, [r7, 0x28] | r0 = *((r7 + 0x28));
0x00013a04 bl 0x12c04 | r0 = fcn_00012c04 (r0, r1);
0x00013a08 cmp r0, 0 |
| if (r0 != 0) {
0x00013a0c beq 0x13a28 |
0x00013a10 mov r0, r5 | r0 = r5;
0x00013a14 bl 0x1555c | r0 = fcn_0001555c (r0);
0x00013a18 cmp r0, 0 |
| if (r0 >= 0) {
0x00013a1c movlt r3, 0 | r3 = 0;
| }
| if (r0 < 0) {
0x00013a20 strge r0, [r4, 0xf4] | *((r4 + 0xf4)) = r0;
| }
| if (r0 < 0) {
0x00013a24 strlt r3, [r4, 0xf4] | *((r4 + 0xf4)) = r3;
| goto label_5;
| }
| }
| label_5:
0x00013a28 add r2, r4, 0xf8 | r2 = r4 + 0xf8;
0x00013a2c mov r1, r5 | r1 = r5;
0x00013a30 ldr r0, [r7, 0x2c] | r0 = *((r7 + 0x2c));
0x00013a34 bl 0x12c04 | r0 = fcn_00012c04 (r0, r1);
0x00013a38 subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 != r0) {
0x00013a3c bne 0x1384c | goto label_0;
| }
0x00013a40 ldr r7, [r7, 0x30] | r7 = *((r7 + 0x30));
0x00013a44 mov sl, sp | sl = sp;
0x00013a48 mov r0, r7 | r0 = r7;
0x00013a4c bl 0x10ba0 | strlen (r0);
0x00013a50 mov r2, r5 | r2 = r5;
0x00013a54 mov r1, r7 | r1 = r7;
0x00013a58 add r0, r0, 0x39 | r0 += 0x39;
0x00013a5c bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00013a60 sub sp, sp, r0 |
0x00013a64 add sb, sp, 0x10 | sb += s;
0x00013a68 mov r0, sb | r0 = sb;
0x00013a6c bl 0x10b70 | sprintf (r0, r1, r2)
0x00013a70 mov r1, 0x80000 | r1 = 0x80000;
0x00013a74 mov r0, sb | r0 = sb;
0x00013a78 bl 0x10b4c | r0 = open64 ();
0x00013a7c cmn r0, 1 |
0x00013a80 mov r5, r0 | r5 = r0;
| if (r0 == 1) {
0x00013a84 bne 0x13a90 |
0x00013a88 mov sp, sl |
0x00013a8c b 0x13870 | goto label_1;
| }
0x00013a90 mov r2, 0x32 | r2 = 0x32;
0x00013a94 sub r1, fp, 0x58 | r1 -= buf;
0x00013a98 bl 0x10ae0 | r0 = read (r0, r1, r2);
0x00013a9c cmn r0, 1 |
| if (r0 != 1) {
0x00013aa0 bne 0x13af8 | goto label_6;
| }
0x00013aa4 bl 0x10b88 | errno_location ();
0x00013aa8 ldr r6, [pc, 0x294] |
0x00013aac mov r3, sb | r3 = sb;
0x00013ab0 ldr r2, [pc, 0x290] | r2 = stderr;
0x00013ab4 ldr r1, [pc, 0x290] | r1 = "libmtd";
0x00013ab8 ldr r4, [r0] | r4 = *(r0);
0x00013abc ldr r0, [r6] | r0 = *(0x13d40);
0x00013ac0 bl 0x10abc | fprintf (r0, "libmtd", r2, r3, r4, r5, r6);
0x00013ac4 mov r0, r4 | r0 = r4;
0x00013ac8 ldr r6, [r6] | r6 = *(0x13d40);
0x00013acc bl 0x10a2c | strerror (r0);
0x00013ad0 str r4, [sp] | *(sp) = r4;
0x00013ad4 ldr r3, [pc, 0x274] | r3 = "%s: error!: cannot read \"%s\"\n";
0x00013ad8 mov r2, 8 | r2 = 8;
0x00013adc ldr r1, [pc, 0x270] | r1 = *(0x13d50);
0x00013ae0 str r0, [sp, 4] | var_4h = r0;
0x00013ae4 mov r0, r6 | r0 = r6;
0x00013ae8 bl 0x10abc | fprintf (r0, r1, r2, "%s: error!: cannot read \"%s\"\n", r4);
| do {
0x00013aec mov r0, r5 | r0 = r5;
0x00013af0 bl 0x10bdc | close (r0);
0x00013af4 b 0x13be0 | goto label_7;
| label_6:
0x00013af8 cmp r0, 0x32 |
| if (r0 != 0x32) {
0x00013afc bne 0x13b28 | goto label_8;
| }
0x00013b00 ldr r2, [pc, 0x240] | r2 = stderr;
0x00013b04 ldr r1, [pc, 0x24c] | r1 = "%*serror %d (%s)\n";
0x00013b08 mov r3, sb | r3 = sb;
| label_2:
0x00013b0c ldr r0, [pc, 0x230] |
0x00013b10 ldr r0, [r0] | r0 = *(0x13d40);
0x00013b14 bl 0x10abc | r0 = fprintf (r0, "%*serror %d (%s)\n", r2, r3);
| label_3:
0x00013b18 bl 0x10b88 | errno_location ();
0x00013b1c mov r3, 0x16 | r3 = 0x16;
0x00013b20 str r3, [r0] | *(r0) = r3;
0x00013b24 b 0x13aec |
| } while (1);
| label_8:
0x00013b28 sub r3, fp, 0x24 | r3 -= var_24h;
0x00013b2c add r0, r3, r0 | r0 = r3 + r0;
0x00013b30 strb r6, [r0, -0x34] | *((r0 - 0x34)) = r6;
0x00013b34 sub r2, fp, 0x64 | r2 -= var_64h;
0x00013b38 ldr r1, [pc, 0x21c] | r1 = "%s: error!: contents of \"%s\" is too long\n";
0x00013b3c sub r0, fp, 0x58 | r0 -= buf;
0x00013b40 bl 0x10b04 | r0 = sscanf (r0, "%s: error!: contents of \"%s\" is too long\n", r2);
0x00013b44 cmp r0, 1 |
| if (r0 == 1) {
0x00013b48 movne r3, sb | r3 = sb;
| }
| if (r0 == 1) {
0x00013b4c ldrne r2, [pc, 0x1f4] | r2 = "libmtd";
| }
| if (r0 != 1) {
0x00013b50 ldrne r1, [pc, 0x208] | r1 = "_s:_error_:_cannot_read_integer_from___s_";
| goto label_9;
| }
| if (r0 != 1) {
| label_9:
0x00013b54 bne 0x13b0c | goto label_2;
| }
0x00013b58 ldrd r2, r3, [fp, -0x64] | __asm ("ldrd r2, r3, [var_64h]");
0x00013b5c cmp r2, 0 |
0x00013b60 sbcs r1, r3, 0 | __asm ("sbcs r1, r3, 0");
| if (r2 < 0) {
0x00013b64 bge 0x13b88 |
0x00013b68 strd r2, r3, [sp] | __asm ("strd r2, r3, [sp]");
0x00013b6c ldr r3, [pc, 0x1d0] | r3 = *(0x13d40);
0x00013b70 str sb, [sp, 8] | var_8h = sb;
0x00013b74 ldr r2, [pc, 0x1cc] | r2 = stderr;
0x00013b78 ldr r1, [pc, 0x1e4] | r1 = "_s:_error_:_cannot_read_integer_from___s_";
0x00013b7c ldr r0, [r3] | r0 = *(0x13d40);
0x00013b80 bl 0x10abc | fprintf (r0, "_s:_error_:_cannot_read_integer_from___s_", r2, r3);
0x00013b84 b 0x13b18 | goto label_3;
| }
0x00013b88 mov r0, r5 | r0 = r5;
0x00013b8c bl 0x10bdc | r0 = close (r0);
0x00013b90 subs r5, r0, 0 | r5 = r0 - 0;
| if (r5 == r0) {
0x00013b94 beq 0x13be8 | goto label_10;
| }
0x00013b98 bl 0x10b88 | errno_location ();
0x00013b9c ldr r5, [pc, 0x1a0] |
0x00013ba0 mov r3, sb | r3 = sb;
0x00013ba4 ldr r2, [pc, 0x19c] | r2 = stderr;
0x00013ba8 ldr r1, [pc, 0x1b8] | r1 = "_s:_error_:_negative_value__lld_in___s_";
0x00013bac ldr r4, [r0] | r4 = *(r0);
0x00013bb0 ldr r0, [r5] | r0 = *(0x13d40);
0x00013bb4 bl 0x10abc | fprintf (r0, "_s:_error_:_negative_value__lld_in___s_", r2, r3, r4, r5);
0x00013bb8 mov r0, r4 | r0 = r4;
0x00013bbc ldr r5, [r5] | r5 = *(0x13d40);
0x00013bc0 bl 0x10a2c | strerror (r0);
0x00013bc4 str r4, [sp] | *(sp) = r4;
0x00013bc8 ldr r3, [pc, 0x180] | r3 = "%s: error!: cannot read \"%s\"\n";
0x00013bcc mov r2, 8 | r2 = 8;
0x00013bd0 ldr r1, [pc, 0x17c] | r1 = *(0x13d50);
0x00013bd4 str r0, [sp, 4] | var_4h = r0;
0x00013bd8 mov r0, r5 | r0 = r5;
0x00013bdc bl 0x10abc | fprintf (r0, r1, r2, "%s: error!: cannot read \"%s\"\n", r4);
| do {
| label_7:
0x00013be0 mov sp, sl |
0x00013be4 b 0x1384c | goto label_0;
| label_10:
0x00013be8 ldrd r2, r3, [fp, -0x64] | __asm ("ldrd r2, r3, [var_64h]");
0x00013bec mov r1, 0 | r1 = 0;
0x00013bf0 adds r6, r2, 0x80000000 | r6 = r2 + 0x80000000;
0x00013bf4 adc r7, r3, 0 | __asm ("adc r7, r3, 0");
0x00013bf8 mvn r0, 0 | r0 = ~0;
0x00013bfc cmp r7, r1 |
0x00013c00 cmpeq r6, r0 | __asm ("cmpeq r6, r0");
| if (r7 < r1) {
0x00013c04 bls 0x13c34 | goto label_11;
| }
0x00013c08 strd r2, r3, [sp] | __asm ("strd r2, r3, [sp]");
0x00013c0c ldr r3, [pc, 0x130] | r3 = *(0x13d40);
0x00013c10 str sb, [sp, 8] | var_8h = sb;
0x00013c14 ldr r2, [pc, 0x12c] | r2 = stderr;
0x00013c18 ldr r0, [r3] | r0 = *(0x13d40);
0x00013c1c ldr r1, [pc, 0x148] | r1 = "%s: error!: close failed on \"%s\"\n";
0x00013c20 bl 0x10abc | r0 = fprintf (r0, "%s: error!: close failed on \"%s\"\n", r2, r3);
0x00013c24 bl 0x10b88 | errno_location ();
0x00013c28 mov r3, 0x16 | r3 = 0x16;
0x00013c2c str r3, [r0] | *(r0) = r3;
0x00013c30 b 0x13be0 |
| } while (1);
| label_11:
0x00013c34 lsl r3, r2, 0x15 | r3 = r2 << 0x15;
0x00013c38 ldrb r2, [r4, 0xfc] | r2 = *((r4 + 0xfc));
0x00013c3c mov sp, sl |
0x00013c40 bic r2, r2, 1 | r2 = BIT_MASK (r2, 1);
0x00013c44 orr r2, r2, r3, lsr 31 | r2 |= (r3 >> 31);
0x00013c48 strb r2, [r4, 0xfc] | *((r4 + 0xfc)) = r2;
0x00013c4c ldr r2, [r4, 0xe4] | r2 = *((r4 + 0xe4));
0x00013c50 ldrd r0, r1, [r4, 0xd8] | __asm ("ldrd r0, r1, [r4, 0xd8]");
0x00013c54 asr r3, r2, 0x1f | r3 = r2 >> 0x1f;
0x00013c58 bl 0x15c6c | fcn_00015c6c (r0);
0x00013c5c ldr r1, [pc, 0x10c] | r1 = "%s: error!: value %lld read from file \"%s\" is out of range\n";
0x00013c60 str r0, [r4, 0xe0] | *((r4 + 0xe0)) = r0;
0x00013c64 mov r0, r8 | r0 = r8;
0x00013c68 bl 0x10b64 | r0 = strcmp (r0, r1);
0x00013c6c cmp r0, 0 |
| if (r0 != 0) {
0x00013c70 moveq r0, 4 | r0 = 4;
| }
| if (r0 != 0) {
0x00013c74 beq 0x13d1c |
0x00013c78 ldr r1, [pc, 0xf4] | r1 = "nand";
0x00013c7c mov r0, r8 | r0 = r8;
0x00013c80 bl 0x10b64 | r0 = strcmp (r0, "nand");
0x00013c84 cmp r0, 0 |
| if (r0 != 0) {
0x00013c88 moveq r0, 8 | r0 = 8;
| }
| if (r0 == 0) {
0x00013c8c beq 0x13d1c | goto label_12;
| }
0x00013c90 ldr r1, [pc, 0xe0] | r1 = "mlc_nand";
0x00013c94 mov r0, r8 | r0 = r8;
0x00013c98 bl 0x10b64 | r0 = strcmp (r0, "mlc_nand");
0x00013c9c cmp r0, 0 |
| if (r0 != 0) {
0x00013ca0 moveq r0, 3 | r0 = 3;
| }
| if (r0 == 0) {
0x00013ca4 beq 0x13d1c | goto label_12;
| }
0x00013ca8 ldr r1, [pc, 0xcc] | r1 = *(0x13d78);
0x00013cac mov r0, r8 | r0 = r8;
0x00013cb0 bl 0x10b64 | r0 = strcmp (r0, r1);
0x00013cb4 cmp r0, 0 |
| if (r0 != 0) {
0x00013cb8 moveq r0, 2 | r0 = 2;
| }
| if (r0 == 0) {
0x00013cbc beq 0x13d1c | goto label_12;
| }
0x00013cc0 ldr r1, [pc, 0xb8] | r1 = *(0x13d7c);
0x00013cc4 mov r0, r8 | r0 = r8;
0x00013cc8 bl 0x10b64 | r0 = strcmp (r0, r1);
0x00013ccc cmp r0, 0 |
| if (r0 == 0) {
0x00013cd0 beq 0x13d1c | goto label_12;
| }
0x00013cd4 ldr r1, [pc, 0xa8] | r1 = "absent";
0x00013cd8 mov r0, r8 | r0 = r8;
0x00013cdc bl 0x10b64 | r0 = strcmp (r0, "absent");
0x00013ce0 cmp r0, 0 |
| if (r0 != 0) {
0x00013ce4 moveq r0, 6 | r0 = 6;
| }
| if (r0 == 0) {
0x00013ce8 beq 0x13d1c | goto label_12;
| }
0x00013cec ldr r1, [pc, 0x94] | r1 = "dataflash";
0x00013cf0 mov r0, r8 | r0 = r8;
0x00013cf4 bl 0x10b64 | r0 = strcmp (r0, "dataflash");
0x00013cf8 cmp r0, 0 |
| if (r0 != 0) {
0x00013cfc moveq r0, 1 | r0 = 1;
| }
| if (r0 == 0) {
0x00013d00 beq 0x13d1c | goto label_12;
| }
0x00013d04 ldr r1, [pc, 0x80] | r1 = "ram";
0x00013d08 mov r0, r8 | r0 = r8;
0x00013d0c bl 0x10b64 | r0 = strcmp (r0, "ram");
0x00013d10 cmp r0, 0 |
| if (r0 != 0) {
0x00013d14 moveq r0, 7 | r0 = 7;
| }
| if (r0 != 0) {
0x00013d18 mvnne r0, 0 | r0 = ~0;
| goto label_12;
| }
| }
| label_12:
0x00013d1c str r0, [r4, 0xc] | *((r4 + 0xc)) = r0;
0x00013d20 sub r0, r0, 4 | r0 -= 4;
0x00013d24 bics r3, r0, 4 | __asm ("bics r3, r0, 4");
0x00013d28 ldrb r3, [r4, 0xfc] | r3 = *((r4 + 0xfc));
0x00013d2c bic r2, r3, 2 | r2 = BIT_MASK (r3, 2);
| if (r0 != 0) {
0x00013d30 moveq r3, 2 | r3 = 2;
| }
| if (r0 == 0) {
0x00013d34 movne r3, 0 | r3 = 0;
| }
0x00013d38 orr r3, r3, r2 | r3 |= r2;
0x00013d3c strb r3, [r4, 0xfc] | *((r4 + 0xfc)) = r3;
0x00013d40 b 0x13870 | goto label_1;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/mtdinfo @ 0x1555c */
| #include <stdint.h>
|
; (fcn) fcn.0001555c () | void fcn_0001555c (int32_t arg1) {
| int32_t var_24h;
| r0 = arg1;
0x0001555c str lr, [sp, -4]! |
0x00015560 ldr r1, [pc, 0x1c] | r1 = *(0x15580);
0x00015564 sub sp, sp, 0x24 |
0x00015568 mov r2, r0 | r2 = r0;
0x0001556c mov r0, sp | r0 = sp;
0x00015570 bl 0x10b70 | sprintf (r0, r1, r2)
0x00015574 mov r0, sp | r0 = sp;
0x00015578 bl 0x153bc | fcn_000153bc (r0);
0x0001557c add sp, sp, 0x24 |
0x00015580 pop {pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/mtdinfo @ 0x15a74 */
| #include <stdint.h>
|
; (fcn) fcn.00015a74 () | void fcn_00015a74 (int32_t arg1, int32_t arg2) {
| char * s;
| int32_t var_20h;
| r0 = arg1;
| r1 = arg2;
0x00015a74 push {r4, lr} |
0x00015a78 sub sp, sp, 0x20 |
0x00015a7c mov r2, r0 | r2 = r0;
0x00015a80 mov r4, r1 | r4 = r1;
0x00015a84 mov r0, sp | r0 = sp;
0x00015a88 ldr r1, [pc, 0x14] | r1 = *(0x15aa0);
0x00015a8c bl 0x10b70 | sprintf (r0, r1, r2)
0x00015a90 mov r1, r4 | r1 = r4;
0x00015a94 mov r0, sp | r0 = sp;
0x00015a98 bl 0x15588 | fcn_00015588 (r0, r1);
0x00015a9c add sp, sp, 0x20 |
0x00015aa0 pop {r4, pc} |
| }
[*] Function sprintf used 10 times mtdinfo
