[*] Binary protection state of ubiblock
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of ubiblock
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubiblock @ 0x110e0 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.000110e0 () | void fcn_000110e0 (int32_t arg1, int32_t arg2) {
| int32_t var_14h_2;
| int32_t var_14h;
| r0 = arg1;
| r1 = arg2;
0x000110e0 push {r4, r5, r6, r7, fp, lr} |
0x000110e4 add fp, sp, 0x14 |
0x000110e8 mov r6, r1 | r6 = r1;
0x000110ec mov r7, r2 | r7 = r2;
0x000110f0 mov r4, r3 | r4 = r3;
0x000110f4 mov r5, r0 | r5 = r0;
0x000110f8 bl 0x108f4 | strlen (r0);
0x000110fc mov r3, r7 | r3 = r7;
0x00011100 mov r2, r6 | r2 = r6;
0x00011104 mov r1, r5 | r1 = r5;
0x00011108 add r0, r0, 0x6b | r0 += 0x6b;
0x0001110c bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00011110 sub sp, sp, r0 |
0x00011114 mov r0, sp | r0 = sp;
0x00011118 bl 0x108d0 | sprintf (r0, r1, r2)
0x0001111c mov r1, r4 | r1 = r4;
0x00011120 mov r0, sp | r0 = sp;
0x00011124 bl 0x11024 | fcn_00011024 (r0, r1);
0x00011128 sub sp, fp, 0x14 |
0x0001112c pop {r4, r5, r6, r7, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubiblock @ 0x11584 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00011584 () | void fcn_00011584 (int32_t arg2, char * s) {
| int32_t var_14h_2;
| int32_t var_14h;
| r1 = arg2;
| r0 = s;
0x00011584 push {r4, r5, r6, r7, fp, lr} |
0x00011588 ldr r4, [r0] | r4 = *(r0);
0x0001158c add fp, sp, 0x14 |
0x00011590 mov r0, r4 | r0 = r4;
0x00011594 mov r6, r3 | r6 = r3;
0x00011598 mov r7, r1 | r7 = r1;
0x0001159c mov r5, r2 | r5 = r2;
0x000115a0 bl 0x108f4 | strlen (r0);
0x000115a4 mov r2, r7 | r2 = r7;
0x000115a8 mov r1, r4 | r1 = r4;
0x000115ac add r0, r0, 0x39 | r0 += 0x39;
0x000115b0 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x000115b4 sub sp, sp, r0 |
0x000115b8 mov r0, sp | r0 = sp;
0x000115bc bl 0x108d0 | sprintf (r0, r1, r2)
0x000115c0 mov r2, r6 | r2 = r6;
0x000115c4 mov r1, r5 | r1 = r5;
0x000115c8 mov r0, sp | r0 = sp;
0x000115cc bl 0x114ac | fcn_000114ac (r0, r1);
0x000115d0 sub sp, fp, 0x14 |
0x000115d4 pop {r4, r5, r6, r7, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubiblock @ 0x11f58 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00011f58 () | void fcn_00011f58 (int32_t arg2, char * s) {
| int32_t var_b4h;
| int32_t var_ach;
| int32_t var_a8h;
| int32_t var_a4h;
| int32_t var_a0h;
| int32_t var_9ch;
| int32_t var_8ch;
| int32_t var_7ch;
| int32_t var_6ch;
| int32_t var_0h;
| int32_t var_4h;
| int32_t var_sp_b4h;
| int32_t var_sp_6ch;
| int32_t var_20h_2;
| int32_t var_20h;
| r1 = arg2;
| r0 = s;
0x00011f58 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00011f5c add fp, sp, 0x20 |
0x00011f60 sub sp, sp, 0x9c |
0x00011f64 mov r6, r0 | r6 = r0;
0x00011f68 ldr r0, [r0, 0x40] | r0 = *((r0 + 0x40));
0x00011f6c mov r5, r1 | r5 = r1;
0x00011f70 bl 0x108f4 | strlen (r0);
0x00011f74 sub r1, fp, 0x8c | r1 -= var_8ch;
0x00011f78 add r0, r0, 0x6b | r0 += 0x6b;
0x00011f7c bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00011f80 sub sp, sp, r0 |
0x00011f84 mov r0, r5 | r0 = r5;
0x00011f88 bl 0x107d4 | r0 = stat64 ();
0x00011f8c cmp r0, 0 |
| if (r0 == 0) {
0x00011f90 beq 0x11fe8 | goto label_5;
| }
0x00011f94 bl 0x108dc | errno_location ();
0x00011f98 ldr r6, [pc, 0x1e8] | r6 = *(0x12184);
0x00011f9c mov r3, r5 | r3 = r5;
0x00011fa0 ldr r2, [pc, 0x1e4] | r2 = stderr;
0x00011fa4 ldr r1, [pc, 0x1e4] | r1 = "libubi";
0x00011fa8 ldr r4, [r0] | r4 = *(r0);
0x00011fac ldr r0, [r6] | r0 = *(0x12184);
0x00011fb0 bl 0x10840 | fprintf (r0, "libubi", r2, r3, r4, r5, r6);
0x00011fb4 mov r0, r4 | r0 = r4;
0x00011fb8 ldr r5, [r6] | r5 = *(0x12184);
0x00011fbc bl 0x107c8 | strerror (r0);
0x00011fc0 str r4, [sp] | *(sp) = r4;
0x00011fc4 ldr r3, [pc, 0x1c8] | r3 = "%s: error!: cannot get information about \"%s\"\n";
0x00011fc8 mov r2, 8 | r2 = 8;
0x00011fcc ldr r1, [pc, 0x1c4] | r1 = *(0x12194);
0x00011fd0 str r0, [sp, 4] | var_4h = r0;
0x00011fd4 mov r0, r5 | r0 = r5;
0x00011fd8 bl 0x10840 | fprintf (r0, r1, r2, "%s: error!: cannot get information about \"%s\"\n", r4);
| do {
| label_0:
0x00011fdc mvn r0, 0 | r0 = ~0;
| label_4:
0x00011fe0 sub sp, fp, 0x20 |
0x00011fe4 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_5:
0x00011fe8 ldr r3, [fp, -0x7c] | r3 = var_7ch;
0x00011fec and r3, r3, 0xf000 | r3 &= 0xf000;
0x00011ff0 cmp r3, 0x2000 |
| if (r3 == 0x2000) {
0x00011ff4 beq 0x12020 | goto label_6;
| }
0x00011ff8 ldr r0, [pc, 0x188] |
0x00011ffc mov r3, r5 | r3 = r5;
0x00012000 ldr r2, [pc, 0x184] | r2 = stderr;
0x00012004 ldr r1, [pc, 0x190] | r1 = "_serror__d___s_";
0x00012008 ldr r0, [r0] | r0 = *(0x12184);
0x0001200c bl 0x10840 | r0 = fprintf (r0, "_serror__d___s_", r2, r3);
0x00012010 bl 0x108dc | errno_location ();
0x00012014 mov r3, 0x16 | r3 = 0x16;
| label_1:
0x00012018 str r3, [r0] | *(r0) = r3;
0x0001201c b 0x11fdc |
| } while (1);
| label_6:
0x00012020 ldrd r2, r3, [fp, -0x6c] | __asm ("ldrd r2, r3, [var_6ch]");
0x00012024 mov r1, r3 | r1 = r3;
0x00012028 mov r0, r2 | r0 = r2;
0x0001202c strd r2, r3, [fp, -0xb4] | __asm ("strd r2, r3, [var_b4h]");
0x00012030 bl 0x107ec | gnu_dev_major ();
0x00012034 ldrd r2, r3, [fp, -0xb4] | __asm ("ldrd r2, r3, [var_b4h]");
0x00012038 mov r1, r3 | r1 = r3;
0x0001203c mov sb, r0 | sb = r0;
0x00012040 mov r0, r2 | r0 = r2;
0x00012044 bl 0x1081c | gnu_dev_minor ();
0x00012048 sub r1, fp, 0xa4 | r1 -= var_a4h;
0x0001204c mov r7, r0 | r7 = r0;
0x00012050 mov r0, r6 | r0 = r6;
0x00012054 bl 0x11c28 | r0 = fcn_00011c28 (r0, r1);
0x00012058 cmp r0, 0 |
| if (r0 != 0) {
0x0001205c addeq r8, sp, 8 | r8 += var_b4h;
| }
| if (r0 != 0) {
0x00012060 ldreq r4, [fp, -0xa0] | r4 = var_a0h;
| }
| if (r0 == 0) {
0x00012064 addeq sl, r6, 0x18 | sl = r6 + 0x18;
| goto label_7;
| }
| if (r0 != 0) {
| label_7:
0x00012068 bne 0x11fdc | goto label_0;
| }
| do {
0x0001206c ldr r3, [fp, -0x9c] | r3 = var_9ch;
0x00012070 cmp r4, r3 |
| if (r4 > r3) {
0x00012074 bgt 0x120ec | goto label_8;
| }
0x00012078 sub r3, fp, 0xa8 | r3 -= var_a8h;
0x0001207c sub r2, fp, 0xac | r2 -= var_ach;
0x00012080 mov r1, r4 | r1 = r4;
0x00012084 mov r0, sl | r0 = sl;
0x00012088 bl 0x11584 | r0 = fcn_00011584 (r0, r1);
0x0001208c cmp r0, 0 |
| if (r0 == 0) {
0x00012090 beq 0x120e0 | goto label_9;
| }
0x00012094 bl 0x108dc | r0 = errno_location ();
0x00012098 ldr r3, [r0] | r3 = *(r0);
0x0001209c cmp r3, 2 |
| if (r3 != 2) {
0x000120a0 bne 0x120ac | goto label_10;
| }
| label_2:
0x000120a4 add r4, r4, 1 | r4++;
0x000120a8 b 0x1206c |
| } while (1);
| label_10:
0x000120ac cmp r3, 0 |
| if (r3 != 0) {
0x000120b0 bne 0x11fdc | goto label_0;
| }
| label_3:
0x000120b4 ldr r0, [pc, 0xcc] |
0x000120b8 mov r3, r5 | r3 = r5;
0x000120bc str r7, [sp, 4] | var_4h = r7;
0x000120c0 str sb, [sp] | *(sp) = sb;
0x000120c4 ldr r2, [pc, 0xc0] | r2 = stderr;
0x000120c8 ldr r1, [pc, 0xd0] | r1 = "_s:_error_:___s__is_not_a_character_device";
0x000120cc ldr r0, [r0] | r0 = *(0x12184);
0x000120d0 bl 0x10840 | r0 = fprintf (r0, "_s:_error_:___s__is_not_a_character_device", r2, r3);
0x000120d4 bl 0x108dc | errno_location ();
0x000120d8 mov r3, 0x13 | r3 = 0x13;
0x000120dc b 0x12018 | goto label_1;
| label_9:
0x000120e0 ldr r3, [fp, -0xac] | r3 = var_ach;
0x000120e4 cmp r3, sb |
| if (r3 != sb) {
0x000120e8 bne 0x120a4 | goto label_2;
| }
| label_8:
0x000120ec ldr r3, [fp, -0x9c] | r3 = var_9ch;
0x000120f0 cmp r4, r3 |
| if (r4 > r3) {
0x000120f4 bgt 0x120b4 | goto label_3;
| }
0x000120f8 cmp r7, 0 |
| if (r7 == 0) {
0x000120fc moveq r0, 1 | r0 = 1;
| goto label_11;
| }
| if (r7 == 0) {
| label_11:
0x00012100 beq 0x11fe0 | goto label_4;
| }
0x00012104 sub r3, r7, 1 | r3 = r7 - 1;
0x00012108 mov r2, r4 | r2 = r4;
0x0001210c ldr r1, [r6, 0x40] | r1 = *((r6 + 0x40));
0x00012110 mov r0, r8 | r0 = r8;
0x00012114 bl 0x108d0 | sprintf (r0, r1, r2)
0x00012118 mov r1, 0 | r1 = 0;
0x0001211c mov r0, r8 | r0 = r8;
0x00012120 bl 0x108ac | r0 = open64 ();
0x00012124 cmn r0, 1 |
| if (r0 == 1) {
0x00012128 beq 0x120b4 | goto label_3;
| }
0x0001212c bl 0x10924 | r0 = close (r0);
0x00012130 cmp r0, 0 |
| if (r0 != 0) {
0x00012134 beq 0x12180 |
0x00012138 bl 0x108dc | errno_location ();
0x0001213c ldr r5, [pc, 0x44] |
0x00012140 mov r3, r8 | r3 = r8;
0x00012144 ldr r2, [pc, 0x40] | r2 = stderr;
0x00012148 ldr r1, [pc, 0x54] | r1 = "_s:_error_:___s__has_major:minor__d:_d__but_this_does_not_correspond_to_any_existing_UBI_device_or_volume";
0x0001214c ldr r4, [r0] | r4 = *(r0);
0x00012150 ldr r0, [r5] | r0 = *(0x12184);
0x00012154 bl 0x10840 | fprintf (r0, "_s:_error_:___s__has_major:minor__d:_d__but_this_does_not_correspond_to_any_existing_UBI_device_or_volume", r2, r3, r4, r5);
0x00012158 mov r0, r4 | r0 = r4;
0x0001215c ldr r5, [r5] | r5 = *(0x12184);
0x00012160 bl 0x107c8 | strerror (r0);
0x00012164 str r4, [sp] | *(sp) = r4;
0x00012168 ldr r3, [pc, 0x24] | r3 = "%s: error!: cannot get information about \"%s\"\n";
0x0001216c mov r2, 8 | r2 = 8;
0x00012170 ldr r1, [pc, 0x20] | r1 = *(0x12194);
0x00012174 str r0, [sp, 4] | var_4h = r0;
0x00012178 mov r0, r5 | r0 = r5;
0x0001217c bl 0x10840 | fprintf (r0, r1, r2, "%s: error!: cannot get information about \"%s\"\n", r4);
| }
0x00012180 mov r0, 2 | r0 = 2;
0x00012184 b 0x11fe0 | goto label_4;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubiblock @ 0x12560 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00012560 () | void fcn_00012560 (int32_t arg2, char * s) {
| int32_t var_74h;
| int32_t var_ch_2;
| int32_t var_ch;
| r1 = arg2;
| r0 = s;
0x00012560 push {r4, r5, fp, lr} |
0x00012564 add fp, sp, 0xc |
0x00012568 sub sp, sp, 0x68 |
0x0001256c ldr r4, [r0, 0x10] | r4 = *((r0 + 0x10));
0x00012570 mov r5, r1 | r5 = r1;
0x00012574 mov r0, r4 | r0 = r4;
0x00012578 bl 0x108f4 | strlen (r0);
0x0001257c mov r2, r5 | r2 = r5;
0x00012580 mov r1, r4 | r1 = r4;
0x00012584 add r0, r0, 0x39 | r0 += 0x39;
0x00012588 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x0001258c sub sp, sp, r0 |
0x00012590 mov r0, sp | r0 = sp;
0x00012594 bl 0x108d0 | sprintf (r0, r1, r2)
0x00012598 sub r1, fp, 0x74 | r1 -= var_74h;
0x0001259c mov r0, sp | r0 = sp;
0x000125a0 bl 0x107d4 | r0 = stat64 ();
0x000125a4 clz r0, r0 | r0 &= r0;
0x000125a8 lsr r0, r0, 5 | r0 >>= 5;
0x000125ac sub sp, fp, 0xc |
0x000125b0 pop {r4, r5, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubiblock @ 0x125b4 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.000125b4 () | void fcn_000125b4 (int32_t arg1, int32_t arg2) {
| int32_t var_128h;
| int32_t var_124h;
| int32_t var_0h;
| int32_t var_4h;
| char * s;
| int32_t var_20h_2;
| int32_t var_20h;
| r0 = arg1;
| r1 = arg2;
0x000125b4 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x000125b8 add sl, r2, 4 | sl = r2 + 4;
0x000125bc add fp, sp, 0x20 |
0x000125c0 sub sp, sp, 0x114 |
0x000125c4 mov r6, r1 | r6 = r1;
0x000125c8 mov r5, r0 | r5 = r0;
0x000125cc mov r4, r2 | r4 = r2;
0x000125d0 mov r1, 0 | r1 = 0;
0x000125d4 mov r2, 0x54 | r2 = 0x54;
0x000125d8 mov r0, sl | r0 = sl;
0x000125dc bl 0x108a0 | memset (r0, r1, r2);
0x000125e0 str r6, [r4] | *(r4) = r6;
0x000125e4 mov r1, r6 | r1 = r6;
0x000125e8 mov r0, r5 | r0 = r5;
0x000125ec bl 0x12560 | r0 = fcn_00012560 (r0, r1);
0x000125f0 cmp r0, 0 |
0x000125f4 bne 0x12600 |
| while (r8 == r0) {
| label_0:
0x000125f8 mvn r0, 0 | r0 = ~0;
0x000125fc b 0x128c4 | goto label_3;
0x00012600 ldr r0, [r5, 0xc] | r0 = *((r5 + 0xc));
0x00012604 bl 0x108b8 | r0 = opendir ();
0x00012608 subs r8, r0, 0 | r8 = r0 - 0;
0x0001260c beq 0x125f8 |
| }
0x00012610 mvn r3, 0x80000000 | r3 = ~0x80000000;
0x00012614 str r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
0x00012618 bl 0x108dc | r0 = errno_location ();
0x0001261c mov sb, r0 | sb = r0;
| do {
| label_1:
0x00012620 mov r3, 0 | r3 = 0;
0x00012624 str r3, [sb] | *(sb) = r3;
0x00012628 mov r0, r8 | r0 = r8;
0x0001262c bl 0x1087c | r0 = readdir64 ();
0x00012630 cmp r0, 0 |
| if (r0 == 0) {
0x00012634 beq 0x126d0 | goto label_4;
| }
0x00012638 add r7, r0, 0x13 | r7 = r0 + 0x13;
0x0001263c mov r0, r7 | r0 = r7;
0x00012640 bl 0x108f4 | r0 = strlen (r0);
0x00012644 cmp r0, 0xfe |
| if (r0 >= 0xfe) {
0x00012648 bls 0x12674 |
0x0001264c ldr r0, [pc, 0x278] |
0x00012650 str r7, [sp] | *(sp) = r7;
0x00012654 ldr r2, [pc, 0x274] | r2 = stderr;
0x00012658 ldr r3, [r5, 0xc] | r3 = *((r5 + 0xc));
0x0001265c ldr r1, [pc, 0x270] | r1 = "libubi";
0x00012660 ldr r0, [r0] | r0 = *(0x128c8);
0x00012664 bl 0x10840 | fprintf (r0, "libubi", r2, r3);
| label_2:
0x00012668 mov r0, r8 | r0 = r8;
0x0001266c bl 0x1090c | closedir ();
0x00012670 b 0x125f8 | goto label_0;
| }
0x00012674 sub r3, fp, 0x124 | r3 -= var_124h;
0x00012678 str r3, [sp] | *(sp) = r3;
0x0001267c sub r2, fp, 0x128 | r2 -= var_128h;
0x00012680 sub r3, fp, 0x12c | r3 -= s;
0x00012684 ldr r1, [pc, 0x24c] | r1 = "%s: error!: invalid entry in %s: \"%s\"\n";
0x00012688 mov r0, r7 | r0 = r7;
0x0001268c bl 0x10888 | r0 = sscanf (r0, "%s: error!: invalid entry in %s: \"%s\"\n", r2);
0x00012690 cmp r0, 2 |
0x00012694 bne 0x12620 |
| } while (r0 != 2);
0x00012698 ldr r3, [fp, -0x128] | r3 = var_128h;
0x0001269c cmp r3, r6 |
| if (r3 != r6) {
0x000126a0 bne 0x12620 | goto label_1;
| }
0x000126a4 ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x000126a8 ldr r2, [r4, 0x10] | r2 = *((r4 + 0x10));
0x000126ac add r3, r3, 1 | r3++;
0x000126b0 str r3, [r4, 8] | *((r4 + 8)) = r3;
0x000126b4 ldr r3, [fp, -0x12c] | r3 = s;
0x000126b8 cmp r2, r3 |
0x000126bc ldr r2, [r4, 0xc] | r2 = *((r4 + 0xc));
| if (r2 >= r3) {
0x000126c0 strlt r3, [r4, 0x10] | *((r4 + 0x10)) = r3;
| }
0x000126c4 cmp r3, r2 |
| if (r3 >= r2) {
0x000126c8 strlt r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
| }
0x000126cc b 0x12620 | goto label_1;
| label_4:
0x000126d0 ldr r7, [sb] | r7 = *(sb);
0x000126d4 cmp r7, 0 |
| if (r7 != 0) {
0x000126d8 beq 0x12720 |
0x000126dc ldr r4, [pc, 0x1e8] |
0x000126e0 ldr r3, [r5, 0xc] | r3 = *((r5 + 0xc));
0x000126e4 ldr r2, [pc, 0x1e4] | r2 = stderr;
0x000126e8 ldr r1, [pc, 0x1ec] | r1 = "ubi%d_%d%s";
0x000126ec ldr r0, [r4] | r0 = *(0x128c8);
0x000126f0 bl 0x10840 | fprintf (r0, "ubi%d_%d%s", r2, r3, r4);
0x000126f4 mov r0, r7 | r0 = r7;
0x000126f8 ldr r4, [r4] | r4 = *(0x128c8);
0x000126fc bl 0x107c8 | strerror (r0);
0x00012700 str r7, [sp] | *(sp) = r7;
0x00012704 ldr r3, [pc, 0x1d4] | r3 = "_s:_error_:_readdir_failed_on___s_";
0x00012708 mov r2, 8 | r2 = 8;
0x0001270c ldr r1, [pc, 0x1d0] | r1 = *(0x128e0);
0x00012710 str r0, [sp, 4] | var_4h = r0;
0x00012714 mov r0, r4 | r0 = r4;
0x00012718 bl 0x10840 | fprintf (r0, r1, r2, "_s:_error_:_readdir_failed_on___s_");
0x0001271c b 0x12668 | goto label_2;
| }
0x00012720 mov r0, r8 | r0 = r8;
0x00012724 bl 0x1090c | r0 = closedir ();
0x00012728 cmp r0, 0 |
| if (r0 != 0) {
0x0001272c beq 0x12778 |
0x00012730 ldr r6, [pc, 0x194] | r6 = *(0x128c8);
0x00012734 ldr r4, [sb] | r4 = *(sb);
0x00012738 ldr r3, [r5, 0xc] | r3 = *((r5 + 0xc));
0x0001273c ldr r2, [pc, 0x18c] | r2 = stderr;
0x00012740 ldr r1, [pc, 0x1a0] | r1 = "_serror__d___s_";
0x00012744 ldr r0, [r6] | r0 = *(0x128c8);
0x00012748 bl 0x10840 | fprintf (r0, "_serror__d___s_", r2, r3, r4, r5, r6);
0x0001274c mov r0, r4 | r0 = r4;
0x00012750 ldr r5, [r6] | r5 = *(0x128c8);
0x00012754 bl 0x107c8 | strerror (r0);
0x00012758 str r4, [sp] | *(sp) = r4;
0x0001275c ldr r3, [pc, 0x17c] | r3 = "_s:_error_:_readdir_failed_on___s_";
0x00012760 mov r2, 8 | r2 = 8;
0x00012764 ldr r1, [pc, 0x178] | r1 = *(0x128e0);
0x00012768 str r0, [sp, 4] | var_4h = r0;
0x0001276c mov r0, r5 | r0 = r5;
0x00012770 bl 0x10840 | fprintf (r0, r1, r2, "_s:_error_:_readdir_failed_on___s_", r4);
0x00012774 b 0x125f8 | goto label_0;
| }
0x00012778 ldr r3, [r4, 0xc] | r3 = *((r4 + 0xc));
0x0001277c add r2, r4, 0x14 | r2 = r4 + 0x14;
0x00012780 cmn r3, 0x80000001 |
| if (r3 != 0x80000001) {
0x00012784 streq r0, [r4, 0xc] | *((r4 + 0xc)) = r0;
| }
0x00012788 add r3, r4, 0x18 | r3 = r4 + 0x18;
0x0001278c mov r1, r6 | r1 = r6;
0x00012790 add r0, r5, 0x18 | r0 = r5 + 0x18;
0x00012794 bl 0x11584 | r0 = fcn_00011584 (r0, r1);
0x00012798 cmp r0, 0 |
| if (r0 != 0) {
0x0001279c bne 0x125f8 | goto label_0;
| }
0x000127a0 mov r2, sl | r2 = sl;
0x000127a4 mov r1, r6 | r1 = r6;
0x000127a8 ldr r0, [r5, 0x3c] | r0 = *((r5 + 0x3c));
0x000127ac bl 0x11098 | r0 = fcn_00011098 (r0, r1);
0x000127b0 cmp r0, 0 |
| if (r0 != 0) {
0x000127b4 bne 0x125f8 | goto label_0;
| }
0x000127b8 add r2, r4, 0x20 | r2 = r4 + 0x20;
0x000127bc mov r1, r6 | r1 = r6;
0x000127c0 ldr r0, [r5, 0x1c] | r0 = *((r5 + 0x1c));
0x000127c4 bl 0x11098 | r0 = fcn_00011098 (r0, r1);
0x000127c8 cmp r0, 0 |
| if (r0 != 0) {
0x000127cc bne 0x125f8 | goto label_0;
| }
0x000127d0 add r2, r4, 0x1c | r2 = r4 + 0x1c;
0x000127d4 mov r1, r6 | r1 = r6;
0x000127d8 ldr r0, [r5, 0x20] | r0 = *((r5 + 0x20));
0x000127dc bl 0x11098 | r0 = fcn_00011098 (r0, r1);
0x000127e0 cmp r0, 0 |
| if (r0 != 0) {
0x000127e4 bne 0x125f8 | goto label_0;
| }
0x000127e8 add r2, r4, 0x38 | r2 = r4 + 0x38;
0x000127ec mov r1, r6 | r1 = r6;
0x000127f0 ldr r0, [r5, 0x24] | r0 = *((r5 + 0x24));
0x000127f4 bl 0x11098 | r0 = fcn_00011098 (r0, r1);
0x000127f8 cmp r0, 0 |
| if (r0 != 0) {
0x000127fc bne 0x125f8 | goto label_0;
| }
0x00012800 add r2, r4, 0x3c | r2 = r4 + 0x3c;
0x00012804 mov r1, r6 | r1 = r6;
0x00012808 ldr r0, [r5, 0x28] | r0 = *((r5 + 0x28));
0x0001280c bl 0x11098 | r0 = fcn_00011098 (r0, r1);
0x00012810 cmp r0, 0 |
| if (r0 != 0) {
0x00012814 bne 0x125f8 | goto label_0;
| }
0x00012818 add r2, r4, 0x48 | r2 = r4 + 0x48;
0x0001281c mov r1, r6 | r1 = r6;
0x00012820 ldr r0, [r5, 0x30] | r0 = *((r5 + 0x30));
0x00012824 bl 0x11098 | r0 = fcn_00011098 (r0, r1);
0x00012828 cmp r0, 0 |
| if (r0 != 0) {
0x0001282c bne 0x125f8 | goto label_0;
| }
0x00012830 ldr r8, [r5, 0x2c] | r8 = *((r5 + 0x2c));
0x00012834 mov sb, sp | sb = sp;
0x00012838 mov r0, r8 | r0 = r8;
0x0001283c bl 0x108f4 | strlen (r0);
0x00012840 mov r2, r6 | r2 = r6;
0x00012844 mov r1, r8 | r1 = r8;
0x00012848 add r0, r0, 0x39 | r0 += 0x39;
0x0001284c bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012850 sub sp, sp, r0 |
0x00012854 add r7, sp, 8 | r7 += s;
0x00012858 mov r0, r7 | r0 = r7;
0x0001285c bl 0x108d0 | sprintf (r0, r1, r2)
0x00012860 add r1, r4, 0x40 | r1 = r4 + 0x40;
0x00012864 mov r0, r7 | r0 = r7;
0x00012868 bl 0x10e74 | fcn_00010e74 (r0, r1);
0x0001286c mov sp, sb |
0x00012870 cmp r0, 0 |
| if (r0 != 0) {
0x00012874 bne 0x125f8 | goto label_0;
| }
0x00012878 add r2, r4, 0x4c | r2 = r4 + 0x4c;
0x0001287c mov r1, r6 | r1 = r6;
0x00012880 ldr r0, [r5, 0x34] | r0 = *((r5 + 0x34));
0x00012884 bl 0x11098 | r0 = fcn_00011098 (r0, r1);
0x00012888 cmp r0, 0 |
| if (r0 != 0) {
0x0001288c bne 0x125f8 | goto label_0;
| }
0x00012890 add r2, r4, 0x50 | r2 = r4 + 0x50;
0x00012894 mov r1, r6 | r1 = r6;
0x00012898 ldr r0, [r5, 0x38] | r0 = *((r5 + 0x38));
0x0001289c bl 0x11098 | r0 = fcn_00011098 (r0, r1);
0x000128a0 cmp r0, 0 |
| if (r0 != 0) {
0x000128a4 bne 0x125f8 | goto label_0;
| }
0x000128a8 ldr r3, [r4, 0x3c] | r3 = *((r4 + 0x3c));
0x000128ac ldr r2, [r4, 0x20] | r2 = *((r4 + 0x20));
0x000128b0 smull r6, r7, r2, r3 | r6:r7 = r2 * r3;
0x000128b4 ldr r2, [r4, 0x1c] | r2 = *((r4 + 0x1c));
0x000128b8 strd r6, r7, [r4, 0x30] | __asm ("strd r6, r7, [r4, 0x30]");
0x000128bc smull r6, r7, r2, r3 | r6:r7 = r2 * r3;
0x000128c0 strd r6, r7, [r4, 0x28] | __asm ("strd r6, r7, [r4, 0x28]");
| label_3:
0x000128c4 sub sp, fp, 0x20 |
0x000128c8 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubiblock @ 0x12adc */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00012adc () | void fcn_00012adc (int32_t arg1, int32_t arg2) {
| char * s1;
| int32_t var_0h;
| int32_t var_20h_2;
| int32_t var_20h;
| r0 = arg1;
| r1 = arg2;
0x00012adc push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00012ae0 add sb, r3, 8 | sb = r3 + 8;
0x00012ae4 add fp, sp, 0x20 |
0x00012ae8 sub sp, sp, 0x3c |
0x00012aec mov r5, r1 | r5 = r1;
0x00012af0 mov r6, r2 | r6 = r2;
0x00012af4 mov r1, 0 | r1 = 0;
0x00012af8 mov r2, 0xb0 | r2 = 0xb0;
0x00012afc mov r7, r0 | r7 = r0;
0x00012b00 mov r0, sb | r0 = sb;
0x00012b04 mov r4, r3 | r4 = r3;
0x00012b08 bl 0x108a0 | memset (r0, r1, r2);
0x00012b0c ldr sl, [r7, 0x48] | sl = *((r7 + 0x48));
0x00012b10 stm r4, {r5, r6} | *(r4) = r5;
| *((r4 + 4)) = r6;
0x00012b14 mov r0, sl | r0 = sl;
0x00012b18 bl 0x108f4 | strlen (r0);
0x00012b1c mov r8, sp | r8 = sp;
0x00012b20 mov r3, r6 | r3 = r6;
0x00012b24 mov r2, r5 | r2 = r5;
0x00012b28 mov r1, sl | r1 = sl;
0x00012b2c add r0, r0, 0x6b | r0 += 0x6b;
0x00012b30 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012b34 sub sp, sp, r0 |
0x00012b38 mov r0, sp | r0 = sp;
0x00012b3c bl 0x108d0 | sprintf (r0, r1, r2)
0x00012b40 mov r0, sp | r0 = sp;
0x00012b44 add r2, r4, 0xc | r2 = r4 + 0xc;
0x00012b48 mov r1, sb | r1 = sb;
0x00012b4c bl 0x114ac | fcn_000114ac (r0, r1);
0x00012b50 mov sp, r8 |
0x00012b54 cmp r0, 0 |
0x00012b58 beq 0x12b6c |
| while (r8 < r0) {
| label_0:
0x00012b5c mvn r8, 0 | r8 = ~0;
| label_1:
0x00012b60 mov r0, r8 | r0 = r8;
0x00012b64 sub sp, fp, 0x20 |
0x00012b68 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x00012b6c ldr sb, [r7, 0x44] | sb = *((r7 + 0x44));
0x00012b70 mov r0, sb | r0 = sb;
0x00012b74 bl 0x108f4 | strlen (r0);
0x00012b78 mov r3, r6 | r3 = r6;
0x00012b7c mov r2, r5 | r2 = r5;
0x00012b80 mov r1, sb | r1 = sb;
0x00012b84 add r0, r0, 0x6b | r0 += 0x6b;
0x00012b88 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012b8c sub sp, sp, r0 |
0x00012b90 mov r0, sp | r0 = sp;
0x00012b94 bl 0x108d0 | sprintf (r0, r1, r2)
0x00012b98 mov r0, sp | r0 = sp;
0x00012b9c mov r2, 0x32 | r2 = 0x32;
0x00012ba0 sub r1, fp, 0x58 | r1 -= s1;
0x00012ba4 bl 0x11130 | fcn_00011130 (r0, r1);
0x00012ba8 mov sp, r8 |
0x00012bac subs r8, r0, 0 | r8 = r0 - 0;
0x00012bb0 blt 0x12b5c |
| }
0x00012bb4 mov r2, r8 | r2 = r8;
0x00012bb8 ldr r1, [pc, 0x174] | r1 = *(0x12d30);
0x00012bbc sub r0, fp, 0x58 | r0 -= s1;
0x00012bc0 bl 0x10864 | r0 = strncmp (r0, r1, r2);
0x00012bc4 cmp r0, 0 |
| if (r0 != 0) {
0x00012bc8 moveq r3, 4 | r3 = 4;
| }
| if (r0 != 0) {
0x00012bcc beq 0x12bec |
0x00012bd0 mov r2, r8 | r2 = r8;
0x00012bd4 ldr r1, [pc, 0x15c] | r1 = "static\n";
0x00012bd8 sub r0, fp, 0x58 | r0 -= s1;
0x00012bdc bl 0x10864 | r0 = strncmp (r0, "static\n", r2);
0x00012be0 cmp r0, 0 |
| if (r0 != 0) {
0x00012be4 bne 0x12d0c | goto label_2;
| }
0x00012be8 mov r3, 3 | r3 = 3;
| }
0x00012bec str r3, [r4, 0x10] | *((r4 + 0x10)) = r3;
0x00012bf0 mov r2, r6 | r2 = r6;
0x00012bf4 add r3, r4, 0x14 | r3 = r4 + 0x14;
0x00012bf8 mov r1, r5 | r1 = r5;
0x00012bfc ldr r0, [r7, 0x4c] | r0 = *((r7 + 0x4c));
0x00012c00 bl 0x110e0 | r0 = fcn_000110e0 (r0, r1);
0x00012c04 cmp r0, 0 |
| if (r0 != 0) {
0x00012c08 bne 0x12b5c | goto label_0;
| }
0x00012c0c ldr r8, [r7, 0x50] | r8 = *((r7 + 0x50));
0x00012c10 mov sb, sp | sb = sp;
0x00012c14 mov r0, r8 | r0 = r8;
0x00012c18 bl 0x108f4 | strlen (r0);
0x00012c1c mov r3, r6 | r3 = r6;
0x00012c20 mov r2, r5 | r2 = r5;
0x00012c24 mov r1, r8 | r1 = r8;
0x00012c28 add r0, r0, 0x6b | r0 += 0x6b;
0x00012c2c bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012c30 sub sp, sp, r0 |
0x00012c34 mov r0, sp | r0 = sp;
0x00012c38 bl 0x108d0 | sprintf (r0, r1, r2)
0x00012c3c mov r0, sp | r0 = sp;
0x00012c40 add r1, r4, 0x18 | r1 = r4 + 0x18;
0x00012c44 bl 0x10e74 | fcn_00010e74 (r0, r1);
0x00012c48 mov sp, sb |
0x00012c4c cmp r0, 0 |
| if (r0 != 0) {
0x00012c50 bne 0x12b5c | goto label_0;
| }
0x00012c54 add r3, r4, 0x28 | r3 = r4 + 0x28;
0x00012c58 mov r2, r6 | r2 = r6;
0x00012c5c mov r1, r5 | r1 = r5;
0x00012c60 ldr r0, [r7, 0x54] | r0 = *((r7 + 0x54));
0x00012c64 bl 0x110e0 | r0 = fcn_000110e0 (r0, r1);
0x00012c68 cmp r0, 0 |
| if (r0 != 0) {
0x00012c6c bne 0x12b5c | goto label_0;
| }
0x00012c70 add r3, r4, 0x2c | r3 = r4 + 0x2c;
0x00012c74 mov r2, r6 | r2 = r6;
0x00012c78 mov r1, r5 | r1 = r5;
0x00012c7c ldr r0, [r7, 0x58] | r0 = *((r7 + 0x58));
0x00012c80 bl 0x110e0 | r0 = fcn_000110e0 (r0, r1);
0x00012c84 cmp r0, 0 |
| if (r0 != 0) {
0x00012c88 bne 0x12b5c | goto label_0;
| }
0x00012c8c add r3, r4, 0x30 | r3 = r4 + 0x30;
0x00012c90 mov r2, r6 | r2 = r6;
0x00012c94 mov r1, r5 | r1 = r5;
0x00012c98 ldr r0, [r7, 0x5c] | r0 = *((r7 + 0x5c));
0x00012c9c bl 0x110e0 | r0 = fcn_000110e0 (r0, r1);
0x00012ca0 subs r8, r0, 0 | r8 = r0 - 0;
| if (r8 != r0) {
0x00012ca4 bne 0x12b5c | goto label_0;
| }
0x00012ca8 ldr r1, [r4, 0x28] | r1 = *((r4 + 0x28));
0x00012cac ldr r0, [r4, 0x2c] | r0 = *((r4 + 0x2c));
0x00012cb0 ldr r7, [r7, 0x60] | r7 = *((r7 + 0x60));
0x00012cb4 smull r2, r3, r0, r1 | r2:r3 = r0 * r1;
0x00012cb8 mov r0, r7 | r0 = r7;
0x00012cbc strd r2, r3, [r4, 0x20] | __asm ("strd r2, r3, [r4, 0x20]");
0x00012cc0 bl 0x108f4 | strlen (r0);
0x00012cc4 mov r3, r6 | r3 = r6;
0x00012cc8 mov r2, r5 | r2 = r5;
0x00012ccc mov r1, r7 | r1 = r7;
0x00012cd0 add r0, r0, 0x6b | r0 += 0x6b;
0x00012cd4 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012cd8 sub sp, sp, r0 |
0x00012cdc mov r0, sp | r0 = sp;
0x00012ce0 bl 0x108d0 | sprintf (r0, r1, r2)
0x00012ce4 mov r0, sp | r0 = sp;
0x00012ce8 mov r2, 0x81 | r2 = 0x81;
0x00012cec add r1, r4, 0x34 | r1 = r4 + 0x34;
0x00012cf0 bl 0x11130 | fcn_00011130 (r0, r1);
0x00012cf4 mov sp, sb |
0x00012cf8 cmp r0, 0 |
| if (r0 < 0) {
0x00012cfc blt 0x12b5c | goto label_0;
| }
0x00012d00 add r4, r4, r0 | r4 += r0;
0x00012d04 strb r8, [r4, 0x33] | *((r4 + 0x33)) = r8;
0x00012d08 b 0x12b60 | goto label_1;
| label_2:
0x00012d0c ldr r0, [pc, 0x28] |
0x00012d10 sub r3, fp, 0x58 | r3 -= s1;
0x00012d14 ldr r2, [pc, 0x24] | r2 = stderr;
0x00012d18 ldr r1, [pc, 0x24] | r1 = "libubi";
0x00012d1c ldr r0, [r0] | r0 = "dynamic\n";
0x00012d20 bl 0x10840 | r0 = fprintf ("dynamic\n", "libubi", r2, r3);
0x00012d24 bl 0x108dc | errno_location ();
0x00012d28 mov r3, 0x16 | r3 = 0x16;
0x00012d2c str r3, [r0] | *(r0) = r3;
0x00012d30 b 0x12b5c | goto label_0;
| }
[*] Function sprintf used 10 times ubiblock
