[*] Binary protection state of nandwrite
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of nandwrite
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/nandwrite @ 0x12338 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00012338 () | void fcn_00012338 (int32_t arg1, int32_t arg2) {
| int32_t var_8h;
| char * s;
| int32_t var_1ch;
| int32_t var_14h_2;
| int32_t var_14h;
| r0 = arg1;
| r1 = arg2;
0x00012338 push {r4, r5, r6, r7, fp, lr} |
0x0001233c add fp, sp, 0x14 |
0x00012340 sub sp, sp, 0x18 |
0x00012344 mov r7, r1 | r7 = r1;
0x00012348 mov r6, r0 | r6 = r0;
0x0001234c mov r5, r2 | r5 = r2;
0x00012350 bl 0x10b80 | strlen (r0);
0x00012354 mov r2, r7 | r2 = r7;
0x00012358 mov r1, r6 | r1 = r6;
0x0001235c add r0, r0, 0x39 | r0 += 0x39;
0x00012360 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012364 sub sp, sp, r0 |
0x00012368 add r4, sp, 0x10 | r4 += s;
0x0001236c mov r0, r4 | r0 = r4;
0x00012370 bl 0x10b44 | sprintf (r0, r1, r2)
0x00012374 sub r1, fp, 0x1c | r1 -= s;
0x00012378 mov r0, r4 | r0 = r4;
0x0001237c bl 0x12184 | r0 = fcn_00012184 (r0, r1);
0x00012380 cmp r0, 0 |
| if (r0 == 0) {
0x00012384 bne 0x123c4 |
0x00012388 ldrd r2, r3, [fp, -0x1c] | __asm ("ldrd r2, r3, [s]");
0x0001238c cmp r2, 0x80000000 |
0x00012390 sbcs r1, r3, 0 | __asm ("sbcs r1, r3, 0");
| if (r2 >= 0x80000000) {
0x00012394 strlt r2, [r5] | *(r5) = r2;
| }
| if (r2 < 0x80000000) {
0x00012398 blt 0x123c8 | goto label_0;
| }
0x0001239c strd r2, r3, [sp] | __asm ("strd r2, r3, [sp]");
0x000123a0 ldr r3, [pc, 0x28] | r3 = *(0x123cc);
0x000123a4 str r4, [sp, 8] | var_8h = r4;
0x000123a8 ldr r2, [pc, 0x24] | r2 = stderr;
0x000123ac ldr r0, [r3] | r0 = *(0x123cc);
0x000123b0 ldr r1, [pc, 0x20] | r1 = "libmtd";
0x000123b4 bl 0x10ab4 | r0 = fprintf (r0, "libmtd", r2, r3, r4);
0x000123b8 bl 0x10b5c | errno_location ();
0x000123bc mov r3, 0x16 | r3 = 0x16;
0x000123c0 str r3, [r0] | *(r0) = r3;
| }
0x000123c4 mvn r0, 0 | r0 = ~0;
| label_0:
0x000123c8 sub sp, fp, 0x14 |
0x000123cc pop {r4, r5, r6, r7, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/nandwrite @ 0x127c8 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.000127c8 () | void fcn_000127c8 (int32_t arg2, char * s) {
| char * var_50h;
| int32_t var_0h;
| int32_t var_4h;
| char * var_8h;
| int32_t var_18h_2;
| int32_t var_18h;
| r1 = arg2;
| r0 = s;
0x000127c8 push {r4, r5, r6, r7, r8, fp, lr} |
0x000127cc add fp, sp, 0x18 |
0x000127d0 sub sp, sp, 0x44 |
0x000127d4 ldr r7, [r0] | r7 = *(r0);
0x000127d8 mov r8, r1 | r8 = r1;
0x000127dc mov r0, r7 | r0 = r7;
0x000127e0 mov r6, r3 | r6 = r3;
0x000127e4 mov r5, r2 | r5 = r2;
0x000127e8 bl 0x10b80 | strlen (r0);
0x000127ec mov r2, r8 | r2 = r8;
0x000127f0 mov r1, r7 | r1 = r7;
0x000127f4 add r0, r0, 0x39 | r0 += 0x39;
0x000127f8 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x000127fc sub sp, sp, r0 |
0x00012800 add r4, sp, 8 | r4 += var_8h;
0x00012804 mov r0, r4 | r0 = r4;
0x00012808 bl 0x10b44 | sprintf (r0, r1, r2)
0x0001280c mov r2, 0x32 | r2 = 0x32;
0x00012810 sub r1, fp, 0x50 | r1 -= var_50h;
0x00012814 mov r0, r4 | r0 = r4;
0x00012818 bl 0x11ff0 | r0 = fcn_00011ff0 (r0, r1);
0x0001281c cmp r0, 0 |
| if (r0 < 0) {
0x00012820 blt 0x12868 | goto label_1;
| }
0x00012824 mov r3, r6 | r3 = r6;
0x00012828 mov r2, r5 | r2 = r5;
0x0001282c ldr r1, [pc, 0x8c] | r1 = *(0x128bc);
0x00012830 sub r0, fp, 0x50 | r0 -= var_50h;
0x00012834 bl 0x10afc | r0 = sscanf (r0, r1, r2);
0x00012838 cmp r0, 2 |
| if (r0 == 2) {
0x0001283c beq 0x12870 | goto label_2;
| }
0x00012840 bl 0x10b5c | errno_location ();
0x00012844 mov r3, 0x16 | r3 = 0x16;
0x00012848 ldr r2, [pc, 0x74] | r2 = "_d:_d";
0x0001284c ldr r1, [pc, 0x74] | r1 = "libmtd";
0x00012850 str r3, [r0] | *(r0) = r3;
0x00012854 ldr r0, [pc, 0x70] |
0x00012858 mov r3, r4 | r3 = r4;
0x0001285c ldr r0, [r0] | r0 = "%s: error!: \"%s\" does not have major:minor format\n";
0x00012860 bl 0x10ab4 | fprintf ("%s: error!: \"%s\" does not have major:minor format\n", "libmtd", "_d:_d", r3);
| label_0:
0x00012864 mvn r0, 0 | r0 = ~0;
| do {
| label_1:
0x00012868 sub sp, fp, 0x18 |
0x0001286c pop {r4, r5, r6, r7, r8, fp, pc} |
| label_2:
0x00012870 ldr r3, [r5] | r3 = *(r5);
0x00012874 cmp r3, 0 |
| if (r3 < 0) {
0x00012878 blt 0x1288c | goto label_3;
| }
0x0001287c ldr r3, [r6] | r3 = *(r6);
0x00012880 cmp r3, 0 |
| if (r3 < 0) {
0x00012884 movge r0, 0 | r0 = 0;
| }
0x00012888 bge 0x12868 |
| } while (r3 >= 0);
| label_3:
0x0001288c bl 0x10b5c | errno_location ();
0x00012890 mov r3, 0x16 | r3 = 0x16;
0x00012894 ldr r2, [pc, 0x28] | r2 = "_d:_d";
0x00012898 ldr r1, [pc, 0x30] | r1 = stderr;
0x0001289c str r3, [r0] | *(r0) = r3;
0x000128a0 ldr r0, [pc, 0x24] |
0x000128a4 ldr r3, [r6] | r3 = *(r6);
0x000128a8 str r4, [sp, 4] | var_4h = r4;
0x000128ac str r3, [sp] | *(sp) = r3;
0x000128b0 ldr r3, [r5] | r3 = *(r5);
0x000128b4 ldr r0, [r0] | r0 = "%s: error!: \"%s\" does not have major:minor format\n";
0x000128b8 bl 0x10ab4 | fprintf ("%s: error!: \"%s\" does not have major:minor format\n", r1, "_d:_d", r3, r4);
0x000128bc b 0x12864 | goto label_0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/nandwrite @ 0x12e70 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00012e70 () | void fcn_00012e70 (int32_t arg1, int32_t arg2) {
| int32_t var_7ch;
| int32_t var_10h_2;
| int32_t var_10h;
| r0 = arg1;
| r1 = arg2;
0x00012e70 push {r4, r5, r6, fp, lr} |
0x00012e74 add fp, sp, 0x10 |
0x00012e78 sub sp, sp, 0x6c |
0x00012e7c ldrb r3, [r0, 0x34] | r3 = *((r0 + 0x34));
0x00012e80 mov r5, r1 | r5 = r1;
0x00012e84 tst r3, 1 |
| if ((r3 & 1) != 0) {
0x00012e88 bne 0x12ea8 | goto label_0;
| }
0x00012e8c mov r0, r1 | r0 = r1;
0x00012e90 bl 0x14744 | r0 = fcn_00014744 (r0);
0x00012e94 sub r0, r0, 1 | r0--;
0x00012e98 clz r0, r0 | r0 &= r0;
0x00012e9c lsr r0, r0, 5 | r0 >>= 5;
| do {
0x00012ea0 sub sp, fp, 0x10 |
0x00012ea4 pop {r4, r5, r6, fp, pc} |
| label_0:
0x00012ea8 ldr r4, [r0, 4] | r4 = *((r0 + 4));
0x00012eac mov r6, sp | r6 = sp;
0x00012eb0 mov r0, r4 | r0 = r4;
0x00012eb4 bl 0x10b80 | strlen (r0);
0x00012eb8 mov r2, r5 | r2 = r5;
0x00012ebc mov r1, r4 | r1 = r4;
0x00012ec0 add r0, r0, 0x11 | r0 += 0x11;
0x00012ec4 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012ec8 sub sp, sp, r0 |
0x00012ecc mov r0, sp | r0 = sp;
0x00012ed0 bl 0x10b44 | sprintf (r0, r1, r2)
0x00012ed4 mov r0, sp | r0 = sp;
0x00012ed8 sub r1, fp, 0x7c | r1 -= var_7ch;
0x00012edc bl 0x10a24 | stat64 ();
0x00012ee0 mov sp, r6 |
0x00012ee4 clz r0, r0 | r0 &= r0;
0x00012ee8 lsr r0, r0, 5 | r0 >>= 5;
0x00012eec b 0x12ea0 |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/nandwrite @ 0x12f30 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00012f30 () | void fcn_00012f30 (int32_t arg1, int32_t arg2) {
| int32_t var_68h;
| int32_t var_64h;
| char * buf;
| int32_t var_24h;
| int32_t var_0h;
| int32_t var_4h;
| int32_t var_8h;
| char * s;
| int32_t var_sp_64h;
| int32_t var_20h_2;
| int32_t var_20h;
| r0 = arg1;
| r1 = arg2;
0x00012f30 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00012f34 add r6, r2, 4 | r6 = r2 + 4;
0x00012f38 add fp, sp, 0x20 |
0x00012f3c sub sp, sp, 0x5c |
0x00012f40 mov r5, r1 | r5 = r1;
0x00012f44 mov r7, r0 | r7 = r0;
0x00012f48 mov r4, r2 | r4 = r2;
0x00012f4c mov r1, 0 | r1 = 0;
0x00012f50 mov r2, 0xfc | r2 = 0xfc;
0x00012f54 mov r0, r6 | r0 = r6;
0x00012f58 bl 0x10b14 | memset (r0, r1, r2);
0x00012f5c str r5, [r4] | *(r4) = r5;
0x00012f60 mov r1, r5 | r1 = r5;
0x00012f64 mov r0, r7 | r0 = r7;
0x00012f68 bl 0x12e70 | r0 = fcn_00012e70 (r0, r1);
0x00012f6c cmp r0, 0 |
| if (r0 != 0) {
0x00012f70 bne 0x12f88 | goto label_4;
| }
0x00012f74 bl 0x10b5c | errno_location ();
0x00012f78 mov r3, 0x13 | r3 = 0x13;
0x00012f7c str r3, [r0] | *(r0) = r3;
| do {
| label_0:
0x00012f80 mvn r5, 0 | r5 = ~0;
0x00012f84 b 0x12fa4 | goto label_1;
| label_4:
0x00012f88 ldrb r3, [r7, 0x34] | r3 = *((r7 + 0x34));
0x00012f8c tst r3, 1 |
| if ((r3 & 1) == 0) {
0x00012f90 bne 0x12fb0 |
0x00012f94 mov r0, r5 | r0 = r5;
0x00012f98 mov r1, r4 | r1 = r4;
0x00012f9c bl 0x14eb8 | r0 = fcn_00014eb8 (r0, r1);
0x00012fa0 mov r5, r0 | r5 = r0;
| label_1:
0x00012fa4 mov r0, r5 | r0 = r5;
0x00012fa8 sub sp, fp, 0x20 |
0x00012fac pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x00012fb0 add r3, r4, 8 | r3 = r4 + 8;
0x00012fb4 mov r2, r6 | r2 = r6;
0x00012fb8 mov r1, r5 | r1 = r5;
0x00012fbc add r0, r7, 8 | r0 = r7 + 8;
0x00012fc0 bl 0x127c8 | r0 = fcn_000127c8 (r0, r1);
0x00012fc4 subs sl, r0, 0 | sl = r0 - 0;
0x00012fc8 bne 0x12f80 |
| } while (sl != r0);
0x00012fcc ldr r8, [r7, 0xc] | r8 = *((r7 + 0xc));
0x00012fd0 mov sb, sp | sb = sp;
0x00012fd4 mov r0, r8 | r0 = r8;
0x00012fd8 bl 0x10b80 | strlen (r0);
0x00012fdc mov r2, r5 | r2 = r5;
0x00012fe0 mov r1, r8 | r1 = r8;
0x00012fe4 add r6, r4, 0x51 | r6 = r4 + 0x51;
0x00012fe8 add r0, r0, 0x6b | r0 += 0x6b;
0x00012fec bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012ff0 sub sp, sp, r0 |
0x00012ff4 add r3, sp, 0x10 | r3 += s;
0x00012ff8 mov r0, r3 | r0 = r3;
0x00012ffc str r3, [fp, -0x68] | var_68h = r3;
0x00013000 bl 0x10b44 | sprintf (r0, r1, r2)
0x00013004 ldr r3, [fp, -0x68] | r3 = var_68h;
0x00013008 mov r2, 0x80 | r2 = 0x80;
0x0001300c mov r1, r6 | r1 = r6;
0x00013010 mov r0, r3 | r0 = r3;
0x00013014 bl 0x11ff0 | fcn_00011ff0 (r0, r1);
0x00013018 mov sp, sb |
0x0001301c cmp r0, 0 |
| if (r0 < 0) {
0x00013020 blt 0x12f80 | goto label_0;
| }
0x00013024 add r6, r6, r0 | r6 += r0;
0x00013028 strb sl, [r6, -1] | *((r6 - 1)) = sl;
0x0001302c ldr r6, [r7, 0x10] | r6 = *((r7 + 0x10));
0x00013030 add r8, r4, 0x10 | r8 = r4 + 0x10;
0x00013034 mov r0, r6 | r0 = r6;
0x00013038 bl 0x10b80 | strlen (r0);
0x0001303c mov r2, r5 | r2 = r5;
0x00013040 mov r1, r6 | r1 = r6;
0x00013044 add r0, r0, 0x6b | r0 += 0x6b;
0x00013048 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x0001304c sub sp, sp, r0 |
0x00013050 add r3, sp, 0x10 | r3 += s;
0x00013054 mov r0, r3 | r0 = r3;
0x00013058 str r3, [fp, -0x68] | var_68h = r3;
0x0001305c bl 0x10b44 | sprintf (r0, r1, r2)
0x00013060 ldr r3, [fp, -0x68] | r3 = var_68h;
0x00013064 mov r2, 0x41 | r2 = 0x41;
0x00013068 mov r1, r8 | r1 = r8;
0x0001306c mov r0, r3 | r0 = r3;
0x00013070 bl 0x11ff0 | fcn_00011ff0 (r0, r1);
0x00013074 mov sp, sb |
0x00013078 cmp r0, 0 |
| if (r0 < 0) {
0x0001307c blt 0x12f80 | goto label_0;
| }
0x00013080 add r0, r8, r0 | r0 = r8 + r0;
0x00013084 strb sl, [r0, -1] | *((r0 - 1)) = sl;
0x00013088 add r2, r4, 0xe4 | r2 = r4 + 0xe4;
0x0001308c mov r1, r5 | r1 = r5;
0x00013090 ldr r0, [r7, 0x14] | r0 = *((r7 + 0x14));
0x00013094 bl 0x12338 | r0 = fcn_00012338 (r0, r1);
0x00013098 cmp r0, 0 |
| if (r0 != 0) {
0x0001309c bne 0x12f80 | goto label_0;
| }
0x000130a0 ldr sl, [r7, 0x18] | sl = *((r7 + 0x18));
0x000130a4 mov r0, sl | r0 = sl;
0x000130a8 bl 0x10b80 | strlen (r0);
0x000130ac mov r2, r5 | r2 = r5;
0x000130b0 mov r1, sl | r1 = sl;
0x000130b4 add r0, r0, 0x39 | r0 += 0x39;
0x000130b8 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x000130bc sub sp, sp, r0 |
0x000130c0 add r6, sp, 0x10 | r6 += s;
0x000130c4 mov r0, r6 | r0 = r6;
0x000130c8 bl 0x10b44 | sprintf (r0, r1, r2)
0x000130cc add r1, r4, 0xd8 | r1 = r4 + 0xd8;
0x000130d0 mov r0, r6 | r0 = r6;
0x000130d4 bl 0x12184 | fcn_00012184 (r0, r1);
0x000130d8 mov sp, sb |
0x000130dc cmp r0, 0 |
| if (r0 != 0) {
0x000130e0 bne 0x12f80 | goto label_0;
| }
0x000130e4 add r2, r4, 0xe8 | r2 = r4 + 0xe8;
0x000130e8 mov r1, r5 | r1 = r5;
0x000130ec ldr r0, [r7, 0x1c] | r0 = *((r7 + 0x1c));
0x000130f0 bl 0x12338 | r0 = fcn_00012338 (r0, r1);
0x000130f4 cmp r0, 0 |
| if (r0 != 0) {
0x000130f8 bne 0x12f80 | goto label_0;
| }
0x000130fc add r2, r4, 0xec | r2 = r4 + 0xec;
0x00013100 mov r1, r5 | r1 = r5;
0x00013104 ldr r0, [r7, 0x20] | r0 = *((r7 + 0x20));
0x00013108 bl 0x12338 | r0 = fcn_00012338 (r0, r1);
0x0001310c cmp r0, 0 |
| if (r0 != 0) {
0x00013110 bne 0x12f80 | goto label_0;
| }
0x00013114 add r2, r4, 0xf0 | r2 = r4 + 0xf0;
0x00013118 mov r1, r5 | r1 = r5;
0x0001311c ldr r0, [r7, 0x24] | r0 = *((r7 + 0x24));
0x00013120 bl 0x12338 | r0 = fcn_00012338 (r0, r1);
0x00013124 cmp r0, 0 |
| if (r0 != 0) {
0x00013128 bne 0x12f80 | goto label_0;
| }
0x0001312c add r2, r4, 0xf4 | r2 = r4 + 0xf4;
0x00013130 mov r1, r5 | r1 = r5;
0x00013134 ldr r0, [r7, 0x28] | r0 = *((r7 + 0x28));
0x00013138 bl 0x12338 | r0 = fcn_00012338 (r0, r1);
0x0001313c cmp r0, 0 |
| if (r0 != 0) {
0x00013140 beq 0x1315c |
0x00013144 mov r0, r5 | r0 = r5;
0x00013148 bl 0x149a0 | r0 = fcn_000149a0 (r0);
0x0001314c cmp r0, 0 |
| if (r0 >= 0) {
0x00013150 movlt r3, 0 | r3 = 0;
| }
| if (r0 < 0) {
0x00013154 strge r0, [r4, 0xf4] | *((r4 + 0xf4)) = r0;
| }
| if (r0 < 0) {
0x00013158 strlt r3, [r4, 0xf4] | *((r4 + 0xf4)) = r3;
| goto label_5;
| }
| }
| label_5:
0x0001315c add r2, r4, 0xf8 | r2 = r4 + 0xf8;
0x00013160 mov r1, r5 | r1 = r5;
0x00013164 ldr r0, [r7, 0x2c] | r0 = *((r7 + 0x2c));
0x00013168 bl 0x12338 | r0 = fcn_00012338 (r0, r1);
0x0001316c subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 != r0) {
0x00013170 bne 0x12f80 | goto label_0;
| }
0x00013174 ldr r7, [r7, 0x30] | r7 = *((r7 + 0x30));
0x00013178 mov sl, sp | sl = sp;
0x0001317c mov r0, r7 | r0 = r7;
0x00013180 bl 0x10b80 | strlen (r0);
0x00013184 mov r2, r5 | r2 = r5;
0x00013188 mov r1, r7 | r1 = r7;
0x0001318c add r0, r0, 0x39 | r0 += 0x39;
0x00013190 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00013194 sub sp, sp, r0 |
0x00013198 add sb, sp, 0x10 | sb += s;
0x0001319c mov r0, sb | r0 = sb;
0x000131a0 bl 0x10b44 | sprintf (r0, r1, r2)
0x000131a4 mov r1, 0x80000 | r1 = 0x80000;
0x000131a8 mov r0, sb | r0 = sb;
0x000131ac bl 0x10b20 | r0 = open64 ();
0x000131b0 cmn r0, 1 |
0x000131b4 mov r5, r0 | r5 = r0;
| if (r0 == 1) {
0x000131b8 bne 0x131c4 |
0x000131bc mov sp, sl |
0x000131c0 b 0x12fa4 | goto label_1;
| }
0x000131c4 mov r2, 0x32 | r2 = 0x32;
0x000131c8 sub r1, fp, 0x58 | r1 -= buf;
0x000131cc bl 0x10ad8 | r0 = read (r0, r1, r2);
0x000131d0 cmn r0, 1 |
| if (r0 != 1) {
0x000131d4 bne 0x1322c | goto label_6;
| }
0x000131d8 bl 0x10b5c | errno_location ();
0x000131dc ldr r6, [pc, 0x294] |
0x000131e0 mov r3, sb | r3 = sb;
0x000131e4 ldr r2, [pc, 0x290] | r2 = stderr;
0x000131e8 ldr r1, [pc, 0x290] | r1 = "libmtd";
0x000131ec ldr r4, [r0] | r4 = *(r0);
0x000131f0 ldr r0, [r6] | r0 = *(0x13474);
0x000131f4 bl 0x10ab4 | fprintf (r0, "libmtd", r2, r3, r4, r5, r6);
0x000131f8 mov r0, r4 | r0 = r4;
0x000131fc ldr r6, [r6] | r6 = *(0x13474);
0x00013200 bl 0x10a18 | strerror (r0);
0x00013204 str r4, [sp] | *(sp) = r4;
0x00013208 ldr r3, [pc, 0x274] | r3 = "_s:_error_:_cannot_read___s_";
0x0001320c mov r2, 8 | r2 = 8;
0x00013210 ldr r1, [pc, 0x270] | r1 = *(0x13484);
0x00013214 str r0, [sp, 4] | var_4h = r0;
0x00013218 mov r0, r6 | r0 = r6;
0x0001321c bl 0x10ab4 | fprintf (r0, r1, r2, "_s:_error_:_cannot_read___s_", r4);
| do {
0x00013220 mov r0, r5 | r0 = r5;
0x00013224 bl 0x10bbc | close (r0);
0x00013228 b 0x13314 | goto label_7;
| label_6:
0x0001322c cmp r0, 0x32 |
| if (r0 != 0x32) {
0x00013230 bne 0x1325c | goto label_8;
| }
0x00013234 ldr r2, [pc, 0x240] | r2 = stderr;
0x00013238 ldr r1, [pc, 0x24c] | r1 = "_serror__d___s_";
0x0001323c mov r3, sb | r3 = sb;
| label_2:
0x00013240 ldr r0, [pc, 0x230] |
0x00013244 ldr r0, [r0] | r0 = *(0x13474);
0x00013248 bl 0x10ab4 | r0 = fprintf (r0, "_serror__d___s_", r2, r3);
| label_3:
0x0001324c bl 0x10b5c | errno_location ();
0x00013250 mov r3, 0x16 | r3 = 0x16;
0x00013254 str r3, [r0] | *(r0) = r3;
0x00013258 b 0x13220 |
| } while (1);
| label_8:
0x0001325c sub r3, fp, 0x24 | r3 -= var_24h;
0x00013260 add r0, r3, r0 | r0 = r3 + r0;
0x00013264 strb r6, [r0, -0x34] | *((r0 - 0x34)) = r6;
0x00013268 sub r2, fp, 0x64 | r2 -= var_64h;
0x0001326c ldr r1, [pc, 0x21c] | r1 = "_s:_error_:_contents_of___s__is_too_long";
0x00013270 sub r0, fp, 0x58 | r0 -= buf;
0x00013274 bl 0x10afc | r0 = sscanf (r0, "_s:_error_:_contents_of___s__is_too_long", r2);
0x00013278 cmp r0, 1 |
| if (r0 == 1) {
0x0001327c movne r3, sb | r3 = sb;
| }
| if (r0 == 1) {
0x00013280 ldrne r2, [pc, 0x1f4] | r2 = "libmtd";
| }
| if (r0 != 1) {
0x00013284 ldrne r1, [pc, 0x208] | r1 = "%s: error!: cannot read integer from \"%s\"\n\n";
| goto label_9;
| }
| if (r0 != 1) {
| label_9:
0x00013288 bne 0x13240 | goto label_2;
| }
0x0001328c ldrd r2, r3, [fp, -0x64] | __asm ("ldrd r2, r3, [var_64h]");
0x00013290 cmp r2, 0 |
0x00013294 sbcs r1, r3, 0 | __asm ("sbcs r1, r3, 0");
| if (r2 < 0) {
0x00013298 bge 0x132bc |
0x0001329c strd r2, r3, [sp] | __asm ("strd r2, r3, [sp]");
0x000132a0 ldr r3, [pc, 0x1d0] | r3 = *(0x13474);
0x000132a4 str sb, [sp, 8] | var_8h = sb;
0x000132a8 ldr r2, [pc, 0x1cc] | r2 = stderr;
0x000132ac ldr r1, [pc, 0x1e4] | r1 = "%s: error!: cannot read integer from \"%s\"\n\n";
0x000132b0 ldr r0, [r3] | r0 = *(0x13474);
0x000132b4 bl 0x10ab4 | fprintf (r0, "%s: error!: cannot read integer from \"%s\"\n\n", r2, r3);
0x000132b8 b 0x1324c | goto label_3;
| }
0x000132bc mov r0, r5 | r0 = r5;
0x000132c0 bl 0x10bbc | r0 = close (r0);
0x000132c4 subs r5, r0, 0 | r5 = r0 - 0;
| if (r5 == r0) {
0x000132c8 beq 0x1331c | goto label_10;
| }
0x000132cc bl 0x10b5c | errno_location ();
0x000132d0 ldr r5, [pc, 0x1a0] |
0x000132d4 mov r3, sb | r3 = sb;
0x000132d8 ldr r2, [pc, 0x19c] | r2 = stderr;
0x000132dc ldr r1, [pc, 0x1b8] | r1 = "%s: error!: negative value %lld in \"%s\"\n";
0x000132e0 ldr r4, [r0] | r4 = *(r0);
0x000132e4 ldr r0, [r5] | r0 = *(0x13474);
0x000132e8 bl 0x10ab4 | fprintf (r0, "%s: error!: negative value %lld in \"%s\"\n", r2, r3, r4, r5);
0x000132ec mov r0, r4 | r0 = r4;
0x000132f0 ldr r5, [r5] | r5 = *(0x13474);
0x000132f4 bl 0x10a18 | strerror (r0);
0x000132f8 str r4, [sp] | *(sp) = r4;
0x000132fc ldr r3, [pc, 0x180] | r3 = "_s:_error_:_cannot_read___s_";
0x00013300 mov r2, 8 | r2 = 8;
0x00013304 ldr r1, [pc, 0x17c] | r1 = *(0x13484);
0x00013308 str r0, [sp, 4] | var_4h = r0;
0x0001330c mov r0, r5 | r0 = r5;
0x00013310 bl 0x10ab4 | fprintf (r0, r1, r2, "_s:_error_:_cannot_read___s_", r4);
| do {
| label_7:
0x00013314 mov sp, sl |
0x00013318 b 0x12f80 | goto label_0;
| label_10:
0x0001331c ldrd r2, r3, [fp, -0x64] | __asm ("ldrd r2, r3, [var_64h]");
0x00013320 mov r1, 0 | r1 = 0;
0x00013324 adds r6, r2, 0x80000000 | r6 = r2 + 0x80000000;
0x00013328 adc r7, r3, 0 | __asm ("adc r7, r3, 0");
0x0001332c mvn r0, 0 | r0 = ~0;
0x00013330 cmp r7, r1 |
0x00013334 cmpeq r6, r0 | __asm ("cmpeq r6, r0");
| if (r7 < r1) {
0x00013338 bls 0x13368 | goto label_11;
| }
0x0001333c strd r2, r3, [sp] | __asm ("strd r2, r3, [sp]");
0x00013340 ldr r3, [pc, 0x130] | r3 = *(0x13474);
0x00013344 str sb, [sp, 8] | var_8h = sb;
0x00013348 ldr r2, [pc, 0x12c] | r2 = stderr;
0x0001334c ldr r0, [r3] | r0 = *(0x13474);
0x00013350 ldr r1, [pc, 0x148] | r1 = "_s:_error_:_close_failed_on___s_";
0x00013354 bl 0x10ab4 | r0 = fprintf (r0, "_s:_error_:_close_failed_on___s_", r2, r3);
0x00013358 bl 0x10b5c | errno_location ();
0x0001335c mov r3, 0x16 | r3 = 0x16;
0x00013360 str r3, [r0] | *(r0) = r3;
0x00013364 b 0x13314 |
| } while (1);
| label_11:
0x00013368 lsl r3, r2, 0x15 | r3 = r2 << 0x15;
0x0001336c ldrb r2, [r4, 0xfc] | r2 = *((r4 + 0xfc));
0x00013370 mov sp, sl |
0x00013374 bic r2, r2, 1 | r2 = BIT_MASK (r2, 1);
0x00013378 orr r2, r2, r3, lsr 31 | r2 |= (r3 >> 31);
0x0001337c strb r2, [r4, 0xfc] | *((r4 + 0xfc)) = r2;
0x00013380 ldr r2, [r4, 0xe4] | r2 = *((r4 + 0xe4));
0x00013384 ldrd r0, r1, [r4, 0xd8] | __asm ("ldrd r0, r1, [r4, 0xd8]");
0x00013388 asr r3, r2, 0x1f | r3 = r2 >> 0x1f;
0x0001338c bl 0x150b0 | fcn_000150b0 (r0);
0x00013390 ldr r1, [pc, 0x10c] | r1 = "_s:_error_:_value__lld_read_from_file___s__is_out_of_range";
0x00013394 str r0, [r4, 0xe0] | *((r4 + 0xe0)) = r0;
0x00013398 mov r0, r8 | r0 = r8;
0x0001339c bl 0x10b38 | r0 = strcmp (r0, r1);
0x000133a0 cmp r0, 0 |
| if (r0 != 0) {
0x000133a4 moveq r0, 4 | r0 = 4;
| }
| if (r0 != 0) {
0x000133a8 beq 0x13450 |
0x000133ac ldr r1, [pc, 0xf4] | r1 = *(0x134a4);
0x000133b0 mov r0, r8 | r0 = r8;
0x000133b4 bl 0x10b38 | r0 = strcmp (r0, r1);
0x000133b8 cmp r0, 0 |
| if (r0 != 0) {
0x000133bc moveq r0, 8 | r0 = 8;
| }
| if (r0 == 0) {
0x000133c0 beq 0x13450 | goto label_12;
| }
0x000133c4 ldr r1, [pc, 0xe0] | r1 = "mlc-nand";
0x000133c8 mov r0, r8 | r0 = r8;
0x000133cc bl 0x10b38 | r0 = strcmp (r0, "mlc-nand");
0x000133d0 cmp r0, 0 |
| if (r0 != 0) {
0x000133d4 moveq r0, 3 | r0 = 3;
| }
| if (r0 == 0) {
0x000133d8 beq 0x13450 | goto label_12;
| }
0x000133dc ldr r1, [pc, 0xcc] | r1 = "nor";
0x000133e0 mov r0, r8 | r0 = r8;
0x000133e4 bl 0x10b38 | r0 = strcmp (r0, "nor");
0x000133e8 cmp r0, 0 |
| if (r0 != 0) {
0x000133ec moveq r0, 2 | r0 = 2;
| }
| if (r0 == 0) {
0x000133f0 beq 0x13450 | goto label_12;
| }
0x000133f4 ldr r1, [pc, 0xb8] | r1 = "rom";
0x000133f8 mov r0, r8 | r0 = r8;
0x000133fc bl 0x10b38 | r0 = strcmp (r0, "rom");
0x00013400 cmp r0, 0 |
| if (r0 == 0) {
0x00013404 beq 0x13450 | goto label_12;
| }
0x00013408 ldr r1, [pc, 0xa8] | r1 = "absent";
0x0001340c mov r0, r8 | r0 = r8;
0x00013410 bl 0x10b38 | r0 = strcmp (r0, "absent");
0x00013414 cmp r0, 0 |
| if (r0 != 0) {
0x00013418 moveq r0, 6 | r0 = 6;
| }
| if (r0 == 0) {
0x0001341c beq 0x13450 | goto label_12;
| }
0x00013420 ldr r1, [pc, 0x94] | r1 = "dataflash";
0x00013424 mov r0, r8 | r0 = r8;
0x00013428 bl 0x10b38 | r0 = strcmp (r0, "dataflash");
0x0001342c cmp r0, 0 |
| if (r0 != 0) {
0x00013430 moveq r0, 1 | r0 = 1;
| }
| if (r0 == 0) {
0x00013434 beq 0x13450 | goto label_12;
| }
0x00013438 ldr r1, [pc, 0x80] | r1 = *(0x134bc);
0x0001343c mov r0, r8 | r0 = r8;
0x00013440 bl 0x10b38 | r0 = strcmp (r0, r1);
0x00013444 cmp r0, 0 |
| if (r0 != 0) {
0x00013448 moveq r0, 7 | r0 = 7;
| }
| if (r0 != 0) {
0x0001344c mvnne r0, 0 | r0 = ~0;
| goto label_12;
| }
| }
| label_12:
0x00013450 str r0, [r4, 0xc] | *((r4 + 0xc)) = r0;
0x00013454 sub r0, r0, 4 | r0 -= 4;
0x00013458 bics r3, r0, 4 | __asm ("bics r3, r0, 4");
0x0001345c ldrb r3, [r4, 0xfc] | r3 = *((r4 + 0xfc));
0x00013460 bic r2, r3, 2 | r2 = BIT_MASK (r3, 2);
| if (r0 != 0) {
0x00013464 moveq r3, 2 | r3 = 2;
| }
| if (r0 == 0) {
0x00013468 movne r3, 0 | r3 = 0;
| }
0x0001346c orr r3, r3, r2 | r3 |= r2;
0x00013470 strb r3, [r4, 0xfc] | *((r4 + 0xfc)) = r3;
0x00013474 b 0x12fa4 | goto label_1;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/nandwrite @ 0x149a0 */
| #include <stdint.h>
|
; (fcn) fcn.000149a0 () | void fcn_000149a0 (int32_t arg1) {
| int32_t var_24h;
| r0 = arg1;
0x000149a0 str lr, [sp, -4]! |
0x000149a4 ldr r1, [pc, 0x1c] | r1 = *(0x149c4);
0x000149a8 sub sp, sp, 0x24 |
0x000149ac mov r2, r0 | r2 = r0;
0x000149b0 mov r0, sp | r0 = sp;
0x000149b4 bl 0x10b44 | sprintf (r0, r1, r2)
0x000149b8 mov r0, sp | r0 = sp;
0x000149bc bl 0x14800 | fcn_00014800 (r0);
0x000149c0 add sp, sp, 0x24 |
0x000149c4 pop {pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/nandwrite @ 0x14eb8 */
| #include <stdint.h>
|
; (fcn) fcn.00014eb8 () | void fcn_00014eb8 (int32_t arg1, int32_t arg2) {
| char * s;
| int32_t var_20h;
| r0 = arg1;
| r1 = arg2;
0x00014eb8 push {r4, lr} |
0x00014ebc sub sp, sp, 0x20 |
0x00014ec0 mov r2, r0 | r2 = r0;
0x00014ec4 mov r4, r1 | r4 = r1;
0x00014ec8 mov r0, sp | r0 = sp;
0x00014ecc ldr r1, [pc, 0x14] | r1 = *(0x14ee4);
0x00014ed0 bl 0x10b44 | sprintf (r0, r1, r2)
0x00014ed4 mov r1, r4 | r1 = r4;
0x00014ed8 mov r0, sp | r0 = sp;
0x00014edc bl 0x149cc | fcn_000149cc (r0, r1);
0x00014ee0 add sp, sp, 0x20 |
0x00014ee4 pop {r4, pc} |
| }
[*] Function sprintf used 10 times nandwrite
