[*] Binary protection state of ubimkvol
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of ubimkvol
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubimkvol @ 0x11a70 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00011a70 () | void fcn_00011a70 (int32_t arg1, int32_t arg2) {
| int32_t var_14h_2;
| int32_t var_14h;
| r0 = arg1;
| r1 = arg2;
0x00011a70 push {r4, r5, r6, r7, fp, lr} |
0x00011a74 add fp, sp, 0x14 |
0x00011a78 mov r6, r1 | r6 = r1;
0x00011a7c mov r7, r2 | r7 = r2;
0x00011a80 mov r4, r3 | r4 = r3;
0x00011a84 mov r5, r0 | r5 = r0;
0x00011a88 bl 0x10b3c | strlen (r0);
0x00011a8c mov r3, r7 | r3 = r7;
0x00011a90 mov r2, r6 | r2 = r6;
0x00011a94 mov r1, r5 | r1 = r5;
0x00011a98 add r0, r0, 0x6b | r0 += 0x6b;
0x00011a9c bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00011aa0 sub sp, sp, r0 |
0x00011aa4 mov r0, sp | r0 = sp;
0x00011aa8 bl 0x10b18 | sprintf (r0, r1, r2)
0x00011aac mov r1, r4 | r1 = r4;
0x00011ab0 mov r0, sp | r0 = sp;
0x00011ab4 bl 0x119b4 | fcn_000119b4 (r0, r1);
0x00011ab8 sub sp, fp, 0x14 |
0x00011abc pop {r4, r5, r6, r7, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubimkvol @ 0x11f14 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00011f14 () | void fcn_00011f14 (int32_t arg2, char * s) {
| int32_t var_14h_2;
| int32_t var_14h;
| r1 = arg2;
| r0 = s;
0x00011f14 push {r4, r5, r6, r7, fp, lr} |
0x00011f18 ldr r4, [r0] | r4 = *(r0);
0x00011f1c add fp, sp, 0x14 |
0x00011f20 mov r0, r4 | r0 = r4;
0x00011f24 mov r6, r3 | r6 = r3;
0x00011f28 mov r7, r1 | r7 = r1;
0x00011f2c mov r5, r2 | r5 = r2;
0x00011f30 bl 0x10b3c | strlen (r0);
0x00011f34 mov r2, r7 | r2 = r7;
0x00011f38 mov r1, r4 | r1 = r4;
0x00011f3c add r0, r0, 0x39 | r0 += 0x39;
0x00011f40 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00011f44 sub sp, sp, r0 |
0x00011f48 mov r0, sp | r0 = sp;
0x00011f4c bl 0x10b18 | sprintf (r0, r1, r2)
0x00011f50 mov r2, r6 | r2 = r6;
0x00011f54 mov r1, r5 | r1 = r5;
0x00011f58 mov r0, sp | r0 = sp;
0x00011f5c bl 0x11e3c | fcn_00011e3c (r0, r1);
0x00011f60 sub sp, fp, 0x14 |
0x00011f64 pop {r4, r5, r6, r7, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubimkvol @ 0x128e8 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.000128e8 () | void fcn_000128e8 (int32_t arg2, char * s) {
| int32_t var_b4h;
| int32_t var_ach;
| int32_t var_a8h;
| int32_t var_a4h;
| int32_t var_a0h;
| int32_t var_9ch;
| int32_t var_8ch;
| int32_t var_7ch;
| int32_t var_6ch;
| int32_t var_0h;
| int32_t var_4h;
| int32_t var_sp_b4h;
| int32_t var_sp_6ch;
| int32_t var_20h_2;
| int32_t var_20h;
| r1 = arg2;
| r0 = s;
0x000128e8 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x000128ec add fp, sp, 0x20 |
0x000128f0 sub sp, sp, 0x9c |
0x000128f4 mov r6, r0 | r6 = r0;
0x000128f8 ldr r0, [r0, 0x40] | r0 = *((r0 + 0x40));
0x000128fc mov r5, r1 | r5 = r1;
0x00012900 bl 0x10b3c | strlen (r0);
0x00012904 sub r1, fp, 0x8c | r1 -= var_8ch;
0x00012908 add r0, r0, 0x6b | r0 += 0x6b;
0x0001290c bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012910 sub sp, sp, r0 |
0x00012914 mov r0, r5 | r0 = r5;
0x00012918 bl 0x109e0 | r0 = stat64 ();
0x0001291c cmp r0, 0 |
| if (r0 == 0) {
0x00012920 beq 0x12978 | goto label_5;
| }
0x00012924 bl 0x10b24 | errno_location ();
0x00012928 ldr r6, [pc, 0x1e8] | r6 = *(0x12b14);
0x0001292c mov r3, r5 | r3 = r5;
0x00012930 ldr r2, [pc, 0x1e4] | r2 = stderr;
0x00012934 ldr r1, [pc, 0x1e4] | r1 = "libubi";
0x00012938 ldr r4, [r0] | r4 = *(r0);
0x0001293c ldr r0, [r6] | r0 = *(0x12b14);
0x00012940 bl 0x10a64 | fprintf (r0, "libubi", r2, r3, r4, r5, r6);
0x00012944 mov r0, r4 | r0 = r4;
0x00012948 ldr r5, [r6] | r5 = *(0x12b14);
0x0001294c bl 0x109d4 | strerror (r0);
0x00012950 str r4, [sp] | *(sp) = r4;
0x00012954 ldr r3, [pc, 0x1c8] | r3 = "_s:_error_:_cannot_get_information_about___s_";
0x00012958 mov r2, 8 | r2 = 8;
0x0001295c ldr r1, [pc, 0x1c4] | r1 = *(0x12b24);
0x00012960 str r0, [sp, 4] | var_4h = r0;
0x00012964 mov r0, r5 | r0 = r5;
0x00012968 bl 0x10a64 | fprintf (r0, r1, r2, "_s:_error_:_cannot_get_information_about___s_", r4);
| do {
| label_0:
0x0001296c mvn r0, 0 | r0 = ~0;
| label_4:
0x00012970 sub sp, fp, 0x20 |
0x00012974 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_5:
0x00012978 ldr r3, [fp, -0x7c] | r3 = var_7ch;
0x0001297c and r3, r3, 0xf000 | r3 &= 0xf000;
0x00012980 cmp r3, 0x2000 |
| if (r3 == 0x2000) {
0x00012984 beq 0x129b0 | goto label_6;
| }
0x00012988 ldr r0, [pc, 0x188] |
0x0001298c mov r3, r5 | r3 = r5;
0x00012990 ldr r2, [pc, 0x184] | r2 = stderr;
0x00012994 ldr r1, [pc, 0x190] | r1 = "_serror__d___s_";
0x00012998 ldr r0, [r0] | r0 = *(0x12b14);
0x0001299c bl 0x10a64 | r0 = fprintf (r0, "_serror__d___s_", r2, r3);
0x000129a0 bl 0x10b24 | errno_location ();
0x000129a4 mov r3, 0x16 | r3 = 0x16;
| label_1:
0x000129a8 str r3, [r0] | *(r0) = r3;
0x000129ac b 0x1296c |
| } while (1);
| label_6:
0x000129b0 ldrd r2, r3, [fp, -0x6c] | __asm ("ldrd r2, r3, [var_6ch]");
0x000129b4 mov r1, r3 | r1 = r3;
0x000129b8 mov r0, r2 | r0 = r2;
0x000129bc strd r2, r3, [fp, -0xb4] | __asm ("strd r2, r3, [var_b4h]");
0x000129c0 bl 0x10a04 | gnu_dev_major ();
0x000129c4 ldrd r2, r3, [fp, -0xb4] | __asm ("ldrd r2, r3, [var_b4h]");
0x000129c8 mov r1, r3 | r1 = r3;
0x000129cc mov sb, r0 | sb = r0;
0x000129d0 mov r0, r2 | r0 = r2;
0x000129d4 bl 0x10a40 | gnu_dev_minor ();
0x000129d8 sub r1, fp, 0xa4 | r1 -= var_a4h;
0x000129dc mov r7, r0 | r7 = r0;
0x000129e0 mov r0, r6 | r0 = r6;
0x000129e4 bl 0x125b8 | r0 = fcn_000125b8 (r0, r1);
0x000129e8 cmp r0, 0 |
| if (r0 != 0) {
0x000129ec addeq r8, sp, 8 | r8 += var_b4h;
| }
| if (r0 != 0) {
0x000129f0 ldreq r4, [fp, -0xa0] | r4 = var_a0h;
| }
| if (r0 == 0) {
0x000129f4 addeq sl, r6, 0x18 | sl = r6 + 0x18;
| goto label_7;
| }
| if (r0 != 0) {
| label_7:
0x000129f8 bne 0x1296c | goto label_0;
| }
| do {
0x000129fc ldr r3, [fp, -0x9c] | r3 = var_9ch;
0x00012a00 cmp r4, r3 |
| if (r4 > r3) {
0x00012a04 bgt 0x12a7c | goto label_8;
| }
0x00012a08 sub r3, fp, 0xa8 | r3 -= var_a8h;
0x00012a0c sub r2, fp, 0xac | r2 -= var_ach;
0x00012a10 mov r1, r4 | r1 = r4;
0x00012a14 mov r0, sl | r0 = sl;
0x00012a18 bl 0x11f14 | r0 = fcn_00011f14 (r0, r1);
0x00012a1c cmp r0, 0 |
| if (r0 == 0) {
0x00012a20 beq 0x12a70 | goto label_9;
| }
0x00012a24 bl 0x10b24 | r0 = errno_location ();
0x00012a28 ldr r3, [r0] | r3 = *(r0);
0x00012a2c cmp r3, 2 |
| if (r3 != 2) {
0x00012a30 bne 0x12a3c | goto label_10;
| }
| label_2:
0x00012a34 add r4, r4, 1 | r4++;
0x00012a38 b 0x129fc |
| } while (1);
| label_10:
0x00012a3c cmp r3, 0 |
| if (r3 != 0) {
0x00012a40 bne 0x1296c | goto label_0;
| }
| label_3:
0x00012a44 ldr r0, [pc, 0xcc] |
0x00012a48 mov r3, r5 | r3 = r5;
0x00012a4c str r7, [sp, 4] | var_4h = r7;
0x00012a50 str sb, [sp] | *(sp) = sb;
0x00012a54 ldr r2, [pc, 0xc0] | r2 = stderr;
0x00012a58 ldr r1, [pc, 0xd0] | r1 = "%s: error!: \"%s\" is not a character device\n";
0x00012a5c ldr r0, [r0] | r0 = *(0x12b14);
0x00012a60 bl 0x10a64 | r0 = fprintf (r0, "%s: error!: \"%s\" is not a character device\n", r2, r3);
0x00012a64 bl 0x10b24 | errno_location ();
0x00012a68 mov r3, 0x13 | r3 = 0x13;
0x00012a6c b 0x129a8 | goto label_1;
| label_9:
0x00012a70 ldr r3, [fp, -0xac] | r3 = var_ach;
0x00012a74 cmp r3, sb |
| if (r3 != sb) {
0x00012a78 bne 0x12a34 | goto label_2;
| }
| label_8:
0x00012a7c ldr r3, [fp, -0x9c] | r3 = var_9ch;
0x00012a80 cmp r4, r3 |
| if (r4 > r3) {
0x00012a84 bgt 0x12a44 | goto label_3;
| }
0x00012a88 cmp r7, 0 |
| if (r7 == 0) {
0x00012a8c moveq r0, 1 | r0 = 1;
| goto label_11;
| }
| if (r7 == 0) {
| label_11:
0x00012a90 beq 0x12970 | goto label_4;
| }
0x00012a94 sub r3, r7, 1 | r3 = r7 - 1;
0x00012a98 mov r2, r4 | r2 = r4;
0x00012a9c ldr r1, [r6, 0x40] | r1 = *((r6 + 0x40));
0x00012aa0 mov r0, r8 | r0 = r8;
0x00012aa4 bl 0x10b18 | sprintf (r0, r1, r2)
0x00012aa8 mov r1, 0 | r1 = 0;
0x00012aac mov r0, r8 | r0 = r8;
0x00012ab0 bl 0x10af4 | r0 = open64 ();
0x00012ab4 cmn r0, 1 |
| if (r0 == 1) {
0x00012ab8 beq 0x12a44 | goto label_3;
| }
0x00012abc bl 0x10b6c | r0 = close (r0);
0x00012ac0 cmp r0, 0 |
| if (r0 != 0) {
0x00012ac4 beq 0x12b10 |
0x00012ac8 bl 0x10b24 | errno_location ();
0x00012acc ldr r5, [pc, 0x44] |
0x00012ad0 mov r3, r8 | r3 = r8;
0x00012ad4 ldr r2, [pc, 0x40] | r2 = stderr;
0x00012ad8 ldr r1, [pc, 0x54] | r1 = "%s: error!: \"%s\" has major:minor %d:%d, but this does not correspond to any existing UBI device or volume\n";
0x00012adc ldr r4, [r0] | r4 = *(r0);
0x00012ae0 ldr r0, [r5] | r0 = *(0x12b14);
0x00012ae4 bl 0x10a64 | fprintf (r0, "%s: error!: \"%s\" has major:minor %d:%d, but this does not correspond to any existing UBI device or volume\n", r2, r3, r4, r5);
0x00012ae8 mov r0, r4 | r0 = r4;
0x00012aec ldr r5, [r5] | r5 = *(0x12b14);
0x00012af0 bl 0x109d4 | strerror (r0);
0x00012af4 str r4, [sp] | *(sp) = r4;
0x00012af8 ldr r3, [pc, 0x24] | r3 = "_s:_error_:_cannot_get_information_about___s_";
0x00012afc mov r2, 8 | r2 = 8;
0x00012b00 ldr r1, [pc, 0x20] | r1 = *(0x12b24);
0x00012b04 str r0, [sp, 4] | var_4h = r0;
0x00012b08 mov r0, r5 | r0 = r5;
0x00012b0c bl 0x10a64 | fprintf (r0, r1, r2, "_s:_error_:_cannot_get_information_about___s_", r4);
| }
0x00012b10 mov r0, 2 | r0 = 2;
0x00012b14 b 0x12970 | goto label_4;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubimkvol @ 0x12ef0 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00012ef0 () | void fcn_00012ef0 (int32_t arg2, char * s) {
| int32_t var_74h;
| int32_t var_ch_2;
| int32_t var_ch;
| r1 = arg2;
| r0 = s;
0x00012ef0 push {r4, r5, fp, lr} |
0x00012ef4 add fp, sp, 0xc |
0x00012ef8 sub sp, sp, 0x68 |
0x00012efc ldr r4, [r0, 0x10] | r4 = *((r0 + 0x10));
0x00012f00 mov r5, r1 | r5 = r1;
0x00012f04 mov r0, r4 | r0 = r4;
0x00012f08 bl 0x10b3c | strlen (r0);
0x00012f0c mov r2, r5 | r2 = r5;
0x00012f10 mov r1, r4 | r1 = r4;
0x00012f14 add r0, r0, 0x39 | r0 += 0x39;
0x00012f18 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012f1c sub sp, sp, r0 |
0x00012f20 mov r0, sp | r0 = sp;
0x00012f24 bl 0x10b18 | sprintf (r0, r1, r2)
0x00012f28 sub r1, fp, 0x74 | r1 -= var_74h;
0x00012f2c mov r0, sp | r0 = sp;
0x00012f30 bl 0x109e0 | r0 = stat64 ();
0x00012f34 clz r0, r0 | r0 &= r0;
0x00012f38 lsr r0, r0, 5 | r0 >>= 5;
0x00012f3c sub sp, fp, 0xc |
0x00012f40 pop {r4, r5, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubimkvol @ 0x12f44 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00012f44 () | void fcn_00012f44 (int32_t arg1, int32_t arg2) {
| int32_t var_128h;
| int32_t var_124h;
| int32_t var_0h;
| int32_t var_4h;
| char * s;
| int32_t var_20h_2;
| int32_t var_20h;
| r0 = arg1;
| r1 = arg2;
0x00012f44 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00012f48 add sl, r2, 4 | sl = r2 + 4;
0x00012f4c add fp, sp, 0x20 |
0x00012f50 sub sp, sp, 0x114 |
0x00012f54 mov r6, r1 | r6 = r1;
0x00012f58 mov r5, r0 | r5 = r0;
0x00012f5c mov r4, r2 | r4 = r2;
0x00012f60 mov r1, 0 | r1 = 0;
0x00012f64 mov r2, 0x54 | r2 = 0x54;
0x00012f68 mov r0, sl | r0 = sl;
0x00012f6c bl 0x10adc | memset (r0, r1, r2);
0x00012f70 str r6, [r4] | *(r4) = r6;
0x00012f74 mov r1, r6 | r1 = r6;
0x00012f78 mov r0, r5 | r0 = r5;
0x00012f7c bl 0x12ef0 | r0 = fcn_00012ef0 (r0, r1);
0x00012f80 cmp r0, 0 |
0x00012f84 bne 0x12f90 |
| while (r8 == r0) {
| label_0:
0x00012f88 mvn r0, 0 | r0 = ~0;
0x00012f8c b 0x13254 | goto label_3;
0x00012f90 ldr r0, [r5, 0xc] | r0 = *((r5 + 0xc));
0x00012f94 bl 0x10b00 | r0 = opendir ();
0x00012f98 subs r8, r0, 0 | r8 = r0 - 0;
0x00012f9c beq 0x12f88 |
| }
0x00012fa0 mvn r3, 0x80000000 | r3 = ~0x80000000;
0x00012fa4 str r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
0x00012fa8 bl 0x10b24 | r0 = errno_location ();
0x00012fac mov sb, r0 | sb = r0;
| do {
| label_1:
0x00012fb0 mov r3, 0 | r3 = 0;
0x00012fb4 str r3, [sb] | *(sb) = r3;
0x00012fb8 mov r0, r8 | r0 = r8;
0x00012fbc bl 0x10aa0 | r0 = readdir64 ();
0x00012fc0 cmp r0, 0 |
| if (r0 == 0) {
0x00012fc4 beq 0x13060 | goto label_4;
| }
0x00012fc8 add r7, r0, 0x13 | r7 = r0 + 0x13;
0x00012fcc mov r0, r7 | r0 = r7;
0x00012fd0 bl 0x10b3c | r0 = strlen (r0);
0x00012fd4 cmp r0, 0xfe |
| if (r0 >= 0xfe) {
0x00012fd8 bls 0x13004 |
0x00012fdc ldr r0, [pc, 0x278] |
0x00012fe0 str r7, [sp] | *(sp) = r7;
0x00012fe4 ldr r2, [pc, 0x274] | r2 = stderr;
0x00012fe8 ldr r3, [r5, 0xc] | r3 = *((r5 + 0xc));
0x00012fec ldr r1, [pc, 0x270] | r1 = "libubi";
0x00012ff0 ldr r0, [r0] | r0 = *(0x13258);
0x00012ff4 bl 0x10a64 | fprintf (r0, "libubi", r2, r3);
| label_2:
0x00012ff8 mov r0, r8 | r0 = r8;
0x00012ffc bl 0x10b54 | closedir ();
0x00013000 b 0x12f88 | goto label_0;
| }
0x00013004 sub r3, fp, 0x124 | r3 -= var_124h;
0x00013008 str r3, [sp] | *(sp) = r3;
0x0001300c sub r2, fp, 0x128 | r2 -= var_128h;
0x00013010 sub r3, fp, 0x12c | r3 -= s;
0x00013014 ldr r1, [pc, 0x24c] | r1 = "_s:_error_:_invalid_entry_in__s:___s_";
0x00013018 mov r0, r7 | r0 = r7;
0x0001301c bl 0x10aac | r0 = sscanf (r0, "_s:_error_:_invalid_entry_in__s:___s_", r2);
0x00013020 cmp r0, 2 |
0x00013024 bne 0x12fb0 |
| } while (r0 != 2);
0x00013028 ldr r3, [fp, -0x128] | r3 = var_128h;
0x0001302c cmp r3, r6 |
| if (r3 != r6) {
0x00013030 bne 0x12fb0 | goto label_1;
| }
0x00013034 ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x00013038 ldr r2, [r4, 0x10] | r2 = *((r4 + 0x10));
0x0001303c add r3, r3, 1 | r3++;
0x00013040 str r3, [r4, 8] | *((r4 + 8)) = r3;
0x00013044 ldr r3, [fp, -0x12c] | r3 = s;
0x00013048 cmp r2, r3 |
0x0001304c ldr r2, [r4, 0xc] | r2 = *((r4 + 0xc));
| if (r2 >= r3) {
0x00013050 strlt r3, [r4, 0x10] | *((r4 + 0x10)) = r3;
| }
0x00013054 cmp r3, r2 |
| if (r3 >= r2) {
0x00013058 strlt r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
| }
0x0001305c b 0x12fb0 | goto label_1;
| label_4:
0x00013060 ldr r7, [sb] | r7 = *(sb);
0x00013064 cmp r7, 0 |
| if (r7 != 0) {
0x00013068 beq 0x130b0 |
0x0001306c ldr r4, [pc, 0x1e8] |
0x00013070 ldr r3, [r5, 0xc] | r3 = *((r5 + 0xc));
0x00013074 ldr r2, [pc, 0x1e4] | r2 = stderr;
0x00013078 ldr r1, [pc, 0x1ec] | r1 = "ubi_d__d_s";
0x0001307c ldr r0, [r4] | r0 = *(0x13258);
0x00013080 bl 0x10a64 | fprintf (r0, "ubi_d__d_s", r2, r3, r4);
0x00013084 mov r0, r7 | r0 = r7;
0x00013088 ldr r4, [r4] | r4 = *(0x13258);
0x0001308c bl 0x109d4 | strerror (r0);
0x00013090 str r7, [sp] | *(sp) = r7;
0x00013094 ldr r3, [pc, 0x1d4] | r3 = "%s: error!: readdir failed on \"%s\"\n";
0x00013098 mov r2, 8 | r2 = 8;
0x0001309c ldr r1, [pc, 0x1d0] | r1 = *(0x13270);
0x000130a0 str r0, [sp, 4] | var_4h = r0;
0x000130a4 mov r0, r4 | r0 = r4;
0x000130a8 bl 0x10a64 | fprintf (r0, r1, r2, "%s: error!: readdir failed on \"%s\"\n");
0x000130ac b 0x12ff8 | goto label_2;
| }
0x000130b0 mov r0, r8 | r0 = r8;
0x000130b4 bl 0x10b54 | r0 = closedir ();
0x000130b8 cmp r0, 0 |
| if (r0 != 0) {
0x000130bc beq 0x13108 |
0x000130c0 ldr r6, [pc, 0x194] | r6 = *(0x13258);
0x000130c4 ldr r4, [sb] | r4 = *(sb);
0x000130c8 ldr r3, [r5, 0xc] | r3 = *((r5 + 0xc));
0x000130cc ldr r2, [pc, 0x18c] | r2 = stderr;
0x000130d0 ldr r1, [pc, 0x1a0] | r1 = "_serror__d___s_";
0x000130d4 ldr r0, [r6] | r0 = *(0x13258);
0x000130d8 bl 0x10a64 | fprintf (r0, "_serror__d___s_", r2, r3, r4, r5, r6);
0x000130dc mov r0, r4 | r0 = r4;
0x000130e0 ldr r5, [r6] | r5 = *(0x13258);
0x000130e4 bl 0x109d4 | strerror (r0);
0x000130e8 str r4, [sp] | *(sp) = r4;
0x000130ec ldr r3, [pc, 0x17c] | r3 = "%s: error!: readdir failed on \"%s\"\n";
0x000130f0 mov r2, 8 | r2 = 8;
0x000130f4 ldr r1, [pc, 0x178] | r1 = *(0x13270);
0x000130f8 str r0, [sp, 4] | var_4h = r0;
0x000130fc mov r0, r5 | r0 = r5;
0x00013100 bl 0x10a64 | fprintf (r0, r1, r2, "%s: error!: readdir failed on \"%s\"\n", r4);
0x00013104 b 0x12f88 | goto label_0;
| }
0x00013108 ldr r3, [r4, 0xc] | r3 = *((r4 + 0xc));
0x0001310c add r2, r4, 0x14 | r2 = r4 + 0x14;
0x00013110 cmn r3, 0x80000001 |
| if (r3 != 0x80000001) {
0x00013114 streq r0, [r4, 0xc] | *((r4 + 0xc)) = r0;
| }
0x00013118 add r3, r4, 0x18 | r3 = r4 + 0x18;
0x0001311c mov r1, r6 | r1 = r6;
0x00013120 add r0, r5, 0x18 | r0 = r5 + 0x18;
0x00013124 bl 0x11f14 | r0 = fcn_00011f14 (r0, r1);
0x00013128 cmp r0, 0 |
| if (r0 != 0) {
0x0001312c bne 0x12f88 | goto label_0;
| }
0x00013130 mov r2, sl | r2 = sl;
0x00013134 mov r1, r6 | r1 = r6;
0x00013138 ldr r0, [r5, 0x3c] | r0 = *((r5 + 0x3c));
0x0001313c bl 0x11a28 | r0 = fcn_00011a28 (r0, r1);
0x00013140 cmp r0, 0 |
| if (r0 != 0) {
0x00013144 bne 0x12f88 | goto label_0;
| }
0x00013148 add r2, r4, 0x20 | r2 = r4 + 0x20;
0x0001314c mov r1, r6 | r1 = r6;
0x00013150 ldr r0, [r5, 0x1c] | r0 = *((r5 + 0x1c));
0x00013154 bl 0x11a28 | r0 = fcn_00011a28 (r0, r1);
0x00013158 cmp r0, 0 |
| if (r0 != 0) {
0x0001315c bne 0x12f88 | goto label_0;
| }
0x00013160 add r2, r4, 0x1c | r2 = r4 + 0x1c;
0x00013164 mov r1, r6 | r1 = r6;
0x00013168 ldr r0, [r5, 0x20] | r0 = *((r5 + 0x20));
0x0001316c bl 0x11a28 | r0 = fcn_00011a28 (r0, r1);
0x00013170 cmp r0, 0 |
| if (r0 != 0) {
0x00013174 bne 0x12f88 | goto label_0;
| }
0x00013178 add r2, r4, 0x38 | r2 = r4 + 0x38;
0x0001317c mov r1, r6 | r1 = r6;
0x00013180 ldr r0, [r5, 0x24] | r0 = *((r5 + 0x24));
0x00013184 bl 0x11a28 | r0 = fcn_00011a28 (r0, r1);
0x00013188 cmp r0, 0 |
| if (r0 != 0) {
0x0001318c bne 0x12f88 | goto label_0;
| }
0x00013190 add r2, r4, 0x3c | r2 = r4 + 0x3c;
0x00013194 mov r1, r6 | r1 = r6;
0x00013198 ldr r0, [r5, 0x28] | r0 = *((r5 + 0x28));
0x0001319c bl 0x11a28 | r0 = fcn_00011a28 (r0, r1);
0x000131a0 cmp r0, 0 |
| if (r0 != 0) {
0x000131a4 bne 0x12f88 | goto label_0;
| }
0x000131a8 add r2, r4, 0x48 | r2 = r4 + 0x48;
0x000131ac mov r1, r6 | r1 = r6;
0x000131b0 ldr r0, [r5, 0x30] | r0 = *((r5 + 0x30));
0x000131b4 bl 0x11a28 | r0 = fcn_00011a28 (r0, r1);
0x000131b8 cmp r0, 0 |
| if (r0 != 0) {
0x000131bc bne 0x12f88 | goto label_0;
| }
0x000131c0 ldr r8, [r5, 0x2c] | r8 = *((r5 + 0x2c));
0x000131c4 mov sb, sp | sb = sp;
0x000131c8 mov r0, r8 | r0 = r8;
0x000131cc bl 0x10b3c | strlen (r0);
0x000131d0 mov r2, r6 | r2 = r6;
0x000131d4 mov r1, r8 | r1 = r8;
0x000131d8 add r0, r0, 0x39 | r0 += 0x39;
0x000131dc bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x000131e0 sub sp, sp, r0 |
0x000131e4 add r7, sp, 8 | r7 += s;
0x000131e8 mov r0, r7 | r0 = r7;
0x000131ec bl 0x10b18 | sprintf (r0, r1, r2)
0x000131f0 add r1, r4, 0x40 | r1 = r4 + 0x40;
0x000131f4 mov r0, r7 | r0 = r7;
0x000131f8 bl 0x11804 | fcn_00011804 (r0, r1);
0x000131fc mov sp, sb |
0x00013200 cmp r0, 0 |
| if (r0 != 0) {
0x00013204 bne 0x12f88 | goto label_0;
| }
0x00013208 add r2, r4, 0x4c | r2 = r4 + 0x4c;
0x0001320c mov r1, r6 | r1 = r6;
0x00013210 ldr r0, [r5, 0x34] | r0 = *((r5 + 0x34));
0x00013214 bl 0x11a28 | r0 = fcn_00011a28 (r0, r1);
0x00013218 cmp r0, 0 |
| if (r0 != 0) {
0x0001321c bne 0x12f88 | goto label_0;
| }
0x00013220 add r2, r4, 0x50 | r2 = r4 + 0x50;
0x00013224 mov r1, r6 | r1 = r6;
0x00013228 ldr r0, [r5, 0x38] | r0 = *((r5 + 0x38));
0x0001322c bl 0x11a28 | r0 = fcn_00011a28 (r0, r1);
0x00013230 cmp r0, 0 |
| if (r0 != 0) {
0x00013234 bne 0x12f88 | goto label_0;
| }
0x00013238 ldr r3, [r4, 0x3c] | r3 = *((r4 + 0x3c));
0x0001323c ldr r2, [r4, 0x20] | r2 = *((r4 + 0x20));
0x00013240 smull r6, r7, r2, r3 | r6:r7 = r2 * r3;
0x00013244 ldr r2, [r4, 0x1c] | r2 = *((r4 + 0x1c));
0x00013248 strd r6, r7, [r4, 0x30] | __asm ("strd r6, r7, [r4, 0x30]");
0x0001324c smull r6, r7, r2, r3 | r6:r7 = r2 * r3;
0x00013250 strd r6, r7, [r4, 0x28] | __asm ("strd r6, r7, [r4, 0x28]");
| label_3:
0x00013254 sub sp, fp, 0x20 |
0x00013258 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubimkvol @ 0x1346c */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.0001346c () | void fcn_0001346c (int32_t arg1, int32_t arg2) {
| char * s1;
| int32_t var_0h;
| int32_t var_20h_2;
| int32_t var_20h;
| r0 = arg1;
| r1 = arg2;
0x0001346c push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00013470 add sb, r3, 8 | sb = r3 + 8;
0x00013474 add fp, sp, 0x20 |
0x00013478 sub sp, sp, 0x3c |
0x0001347c mov r5, r1 | r5 = r1;
0x00013480 mov r6, r2 | r6 = r2;
0x00013484 mov r1, 0 | r1 = 0;
0x00013488 mov r2, 0xb0 | r2 = 0xb0;
0x0001348c mov r7, r0 | r7 = r0;
0x00013490 mov r0, sb | r0 = sb;
0x00013494 mov r4, r3 | r4 = r3;
0x00013498 bl 0x10adc | memset (r0, r1, r2);
0x0001349c ldr sl, [r7, 0x48] | sl = *((r7 + 0x48));
0x000134a0 stm r4, {r5, r6} | *(r4) = r5;
| *((r4 + 4)) = r6;
0x000134a4 mov r0, sl | r0 = sl;
0x000134a8 bl 0x10b3c | strlen (r0);
0x000134ac mov r8, sp | r8 = sp;
0x000134b0 mov r3, r6 | r3 = r6;
0x000134b4 mov r2, r5 | r2 = r5;
0x000134b8 mov r1, sl | r1 = sl;
0x000134bc add r0, r0, 0x6b | r0 += 0x6b;
0x000134c0 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x000134c4 sub sp, sp, r0 |
0x000134c8 mov r0, sp | r0 = sp;
0x000134cc bl 0x10b18 | sprintf (r0, r1, r2)
0x000134d0 mov r0, sp | r0 = sp;
0x000134d4 add r2, r4, 0xc | r2 = r4 + 0xc;
0x000134d8 mov r1, sb | r1 = sb;
0x000134dc bl 0x11e3c | fcn_00011e3c (r0, r1);
0x000134e0 mov sp, r8 |
0x000134e4 cmp r0, 0 |
0x000134e8 beq 0x134fc |
| while (r8 < r0) {
| label_0:
0x000134ec mvn r8, 0 | r8 = ~0;
| label_1:
0x000134f0 mov r0, r8 | r0 = r8;
0x000134f4 sub sp, fp, 0x20 |
0x000134f8 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x000134fc ldr sb, [r7, 0x44] | sb = *((r7 + 0x44));
0x00013500 mov r0, sb | r0 = sb;
0x00013504 bl 0x10b3c | strlen (r0);
0x00013508 mov r3, r6 | r3 = r6;
0x0001350c mov r2, r5 | r2 = r5;
0x00013510 mov r1, sb | r1 = sb;
0x00013514 add r0, r0, 0x6b | r0 += 0x6b;
0x00013518 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x0001351c sub sp, sp, r0 |
0x00013520 mov r0, sp | r0 = sp;
0x00013524 bl 0x10b18 | sprintf (r0, r1, r2)
0x00013528 mov r0, sp | r0 = sp;
0x0001352c mov r2, 0x32 | r2 = 0x32;
0x00013530 sub r1, fp, 0x58 | r1 -= s1;
0x00013534 bl 0x11ac0 | fcn_00011ac0 (r0, r1);
0x00013538 mov sp, r8 |
0x0001353c subs r8, r0, 0 | r8 = r0 - 0;
0x00013540 blt 0x134ec |
| }
0x00013544 mov r2, r8 | r2 = r8;
0x00013548 ldr r1, [pc, 0x174] | r1 = *(0x136c0);
0x0001354c sub r0, fp, 0x58 | r0 -= s1;
0x00013550 bl 0x10a88 | r0 = strncmp (r0, r1, r2);
0x00013554 cmp r0, 0 |
| if (r0 != 0) {
0x00013558 moveq r3, 4 | r3 = 4;
| }
| if (r0 != 0) {
0x0001355c beq 0x1357c |
0x00013560 mov r2, r8 | r2 = r8;
0x00013564 ldr r1, [pc, 0x15c] | r1 = "static";
0x00013568 sub r0, fp, 0x58 | r0 -= s1;
0x0001356c bl 0x10a88 | r0 = strncmp (r0, "static", r2);
0x00013570 cmp r0, 0 |
| if (r0 != 0) {
0x00013574 bne 0x1369c | goto label_2;
| }
0x00013578 mov r3, 3 | r3 = 3;
| }
0x0001357c str r3, [r4, 0x10] | *((r4 + 0x10)) = r3;
0x00013580 mov r2, r6 | r2 = r6;
0x00013584 add r3, r4, 0x14 | r3 = r4 + 0x14;
0x00013588 mov r1, r5 | r1 = r5;
0x0001358c ldr r0, [r7, 0x4c] | r0 = *((r7 + 0x4c));
0x00013590 bl 0x11a70 | r0 = fcn_00011a70 (r0, r1);
0x00013594 cmp r0, 0 |
| if (r0 != 0) {
0x00013598 bne 0x134ec | goto label_0;
| }
0x0001359c ldr r8, [r7, 0x50] | r8 = *((r7 + 0x50));
0x000135a0 mov sb, sp | sb = sp;
0x000135a4 mov r0, r8 | r0 = r8;
0x000135a8 bl 0x10b3c | strlen (r0);
0x000135ac mov r3, r6 | r3 = r6;
0x000135b0 mov r2, r5 | r2 = r5;
0x000135b4 mov r1, r8 | r1 = r8;
0x000135b8 add r0, r0, 0x6b | r0 += 0x6b;
0x000135bc bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x000135c0 sub sp, sp, r0 |
0x000135c4 mov r0, sp | r0 = sp;
0x000135c8 bl 0x10b18 | sprintf (r0, r1, r2)
0x000135cc mov r0, sp | r0 = sp;
0x000135d0 add r1, r4, 0x18 | r1 = r4 + 0x18;
0x000135d4 bl 0x11804 | fcn_00011804 (r0, r1);
0x000135d8 mov sp, sb |
0x000135dc cmp r0, 0 |
| if (r0 != 0) {
0x000135e0 bne 0x134ec | goto label_0;
| }
0x000135e4 add r3, r4, 0x28 | r3 = r4 + 0x28;
0x000135e8 mov r2, r6 | r2 = r6;
0x000135ec mov r1, r5 | r1 = r5;
0x000135f0 ldr r0, [r7, 0x54] | r0 = *((r7 + 0x54));
0x000135f4 bl 0x11a70 | r0 = fcn_00011a70 (r0, r1);
0x000135f8 cmp r0, 0 |
| if (r0 != 0) {
0x000135fc bne 0x134ec | goto label_0;
| }
0x00013600 add r3, r4, 0x2c | r3 = r4 + 0x2c;
0x00013604 mov r2, r6 | r2 = r6;
0x00013608 mov r1, r5 | r1 = r5;
0x0001360c ldr r0, [r7, 0x58] | r0 = *((r7 + 0x58));
0x00013610 bl 0x11a70 | r0 = fcn_00011a70 (r0, r1);
0x00013614 cmp r0, 0 |
| if (r0 != 0) {
0x00013618 bne 0x134ec | goto label_0;
| }
0x0001361c add r3, r4, 0x30 | r3 = r4 + 0x30;
0x00013620 mov r2, r6 | r2 = r6;
0x00013624 mov r1, r5 | r1 = r5;
0x00013628 ldr r0, [r7, 0x5c] | r0 = *((r7 + 0x5c));
0x0001362c bl 0x11a70 | r0 = fcn_00011a70 (r0, r1);
0x00013630 subs r8, r0, 0 | r8 = r0 - 0;
| if (r8 != r0) {
0x00013634 bne 0x134ec | goto label_0;
| }
0x00013638 ldr r1, [r4, 0x28] | r1 = *((r4 + 0x28));
0x0001363c ldr r0, [r4, 0x2c] | r0 = *((r4 + 0x2c));
0x00013640 ldr r7, [r7, 0x60] | r7 = *((r7 + 0x60));
0x00013644 smull r2, r3, r0, r1 | r2:r3 = r0 * r1;
0x00013648 mov r0, r7 | r0 = r7;
0x0001364c strd r2, r3, [r4, 0x20] | __asm ("strd r2, r3, [r4, 0x20]");
0x00013650 bl 0x10b3c | strlen (r0);
0x00013654 mov r3, r6 | r3 = r6;
0x00013658 mov r2, r5 | r2 = r5;
0x0001365c mov r1, r7 | r1 = r7;
0x00013660 add r0, r0, 0x6b | r0 += 0x6b;
0x00013664 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00013668 sub sp, sp, r0 |
0x0001366c mov r0, sp | r0 = sp;
0x00013670 bl 0x10b18 | sprintf (r0, r1, r2)
0x00013674 mov r0, sp | r0 = sp;
0x00013678 mov r2, 0x81 | r2 = 0x81;
0x0001367c add r1, r4, 0x34 | r1 = r4 + 0x34;
0x00013680 bl 0x11ac0 | fcn_00011ac0 (r0, r1);
0x00013684 mov sp, sb |
0x00013688 cmp r0, 0 |
| if (r0 < 0) {
0x0001368c blt 0x134ec | goto label_0;
| }
0x00013690 add r4, r4, r0 | r4 += r0;
0x00013694 strb r8, [r4, 0x33] | *((r4 + 0x33)) = r8;
0x00013698 b 0x134f0 | goto label_1;
| label_2:
0x0001369c ldr r0, [pc, 0x28] |
0x000136a0 sub r3, fp, 0x58 | r3 -= s1;
0x000136a4 ldr r2, [pc, 0x24] | r2 = stderr;
0x000136a8 ldr r1, [pc, 0x24] | r1 = "libubi";
0x000136ac ldr r0, [r0] | r0 = "dynamic";
0x000136b0 bl 0x10a64 | r0 = fprintf ("dynamic", "libubi", r2, r3);
0x000136b4 bl 0x10b24 | errno_location ();
0x000136b8 mov r3, 0x16 | r3 = 0x16;
0x000136bc str r3, [r0] | *(r0) = r3;
0x000136c0 b 0x134ec | goto label_0;
| }
[*] Function sprintf used 10 times ubimkvol
