[*] Binary protection state of ubirename
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of ubirename
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubirename @ 0x10ef0 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00010ef0 () | void fcn_00010ef0 (int32_t arg1, int32_t arg2) {
| int32_t var_14h_2;
| int32_t var_14h;
| r0 = arg1;
| r1 = arg2;
0x00010ef0 push {r4, r5, r6, r7, fp, lr} |
0x00010ef4 add fp, sp, 0x14 |
0x00010ef8 mov r6, r1 | r6 = r1;
0x00010efc mov r7, r2 | r7 = r2;
0x00010f00 mov r4, r3 | r4 = r3;
0x00010f04 mov r5, r0 | r5 = r0;
0x00010f08 bl 0x1081c | strlen (r0);
0x00010f0c mov r3, r7 | r3 = r7;
0x00010f10 mov r2, r6 | r2 = r6;
0x00010f14 mov r1, r5 | r1 = r5;
0x00010f18 add r0, r0, 0x6b | r0 += 0x6b;
0x00010f1c bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00010f20 sub sp, sp, r0 |
0x00010f24 mov r0, sp | r0 = sp;
0x00010f28 bl 0x10804 | sprintf (r0, r1, r2)
0x00010f2c mov r1, r4 | r1 = r4;
0x00010f30 mov r0, sp | r0 = sp;
0x00010f34 bl 0x10e34 | fcn_00010e34 (r0, r1);
0x00010f38 sub sp, fp, 0x14 |
0x00010f3c pop {r4, r5, r6, r7, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubirename @ 0x11394 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00011394 () | void fcn_00011394 (int32_t arg2, char * s) {
| int32_t var_14h_2;
| int32_t var_14h;
| r1 = arg2;
| r0 = s;
0x00011394 push {r4, r5, r6, r7, fp, lr} |
0x00011398 ldr r4, [r0] | r4 = *(r0);
0x0001139c add fp, sp, 0x14 |
0x000113a0 mov r0, r4 | r0 = r4;
0x000113a4 mov r6, r3 | r6 = r3;
0x000113a8 mov r7, r1 | r7 = r1;
0x000113ac mov r5, r2 | r5 = r2;
0x000113b0 bl 0x1081c | strlen (r0);
0x000113b4 mov r2, r7 | r2 = r7;
0x000113b8 mov r1, r4 | r1 = r4;
0x000113bc add r0, r0, 0x39 | r0 += 0x39;
0x000113c0 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x000113c4 sub sp, sp, r0 |
0x000113c8 mov r0, sp | r0 = sp;
0x000113cc bl 0x10804 | sprintf (r0, r1, r2)
0x000113d0 mov r2, r6 | r2 = r6;
0x000113d4 mov r1, r5 | r1 = r5;
0x000113d8 mov r0, sp | r0 = sp;
0x000113dc bl 0x112bc | fcn_000112bc (r0, r1);
0x000113e0 sub sp, fp, 0x14 |
0x000113e4 pop {r4, r5, r6, r7, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubirename @ 0x11d68 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00011d68 () | void fcn_00011d68 (int32_t arg2, char * s) {
| int32_t var_b4h;
| int32_t var_ach;
| int32_t var_a8h;
| int32_t var_a4h;
| int32_t var_a0h;
| int32_t var_9ch;
| int32_t var_8ch;
| int32_t var_7ch;
| int32_t var_6ch;
| int32_t var_0h;
| int32_t var_4h;
| int32_t var_sp_b4h;
| int32_t var_sp_6ch;
| int32_t var_20h_2;
| int32_t var_20h;
| r1 = arg2;
| r0 = s;
0x00011d68 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00011d6c add fp, sp, 0x20 |
0x00011d70 sub sp, sp, 0x9c |
0x00011d74 mov r6, r0 | r6 = r0;
0x00011d78 ldr r0, [r0, 0x40] | r0 = *((r0 + 0x40));
0x00011d7c mov r5, r1 | r5 = r1;
0x00011d80 bl 0x1081c | strlen (r0);
0x00011d84 sub r1, fp, 0x8c | r1 -= var_8ch;
0x00011d88 add r0, r0, 0x6b | r0 += 0x6b;
0x00011d8c bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00011d90 sub sp, sp, r0 |
0x00011d94 mov r0, r5 | r0 = r5;
0x00011d98 bl 0x10720 | r0 = stat64 ();
0x00011d9c cmp r0, 0 |
| if (r0 == 0) {
0x00011da0 beq 0x11df8 | goto label_5;
| }
0x00011da4 bl 0x10810 | errno_location ();
0x00011da8 ldr r6, [pc, 0x1e8] | r6 = *(0x11f94);
0x00011dac mov r3, r5 | r3 = r5;
0x00011db0 ldr r2, [pc, 0x1e4] | r2 = stderr;
0x00011db4 ldr r1, [pc, 0x1e4] | r1 = "libubi";
0x00011db8 ldr r4, [r0] | r4 = *(r0);
0x00011dbc ldr r0, [r6] | r0 = *(0x11f94);
0x00011dc0 bl 0x10774 | fprintf (r0, "libubi", r2, r3, r4, r5, r6);
0x00011dc4 mov r0, r4 | r0 = r4;
0x00011dc8 ldr r5, [r6] | r5 = *(0x11f94);
0x00011dcc bl 0x10714 | strerror (r0);
0x00011dd0 str r4, [sp] | *(sp) = r4;
0x00011dd4 ldr r3, [pc, 0x1c8] | r3 = "_s:_error_:_cannot_get_information_about___s_";
0x00011dd8 mov r2, 8 | r2 = 8;
0x00011ddc ldr r1, [pc, 0x1c4] | r1 = *(0x11fa4);
0x00011de0 str r0, [sp, 4] | var_4h = r0;
0x00011de4 mov r0, r5 | r0 = r5;
0x00011de8 bl 0x10774 | fprintf (r0, r1, r2, "_s:_error_:_cannot_get_information_about___s_", r4);
| do {
| label_0:
0x00011dec mvn r0, 0 | r0 = ~0;
| label_4:
0x00011df0 sub sp, fp, 0x20 |
0x00011df4 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_5:
0x00011df8 ldr r3, [fp, -0x7c] | r3 = var_7ch;
0x00011dfc and r3, r3, 0xf000 | r3 &= 0xf000;
0x00011e00 cmp r3, 0x2000 |
| if (r3 == 0x2000) {
0x00011e04 beq 0x11e30 | goto label_6;
| }
0x00011e08 ldr r0, [pc, 0x188] |
0x00011e0c mov r3, r5 | r3 = r5;
0x00011e10 ldr r2, [pc, 0x184] | r2 = stderr;
0x00011e14 ldr r1, [pc, 0x190] | r1 = "%*serror %d (%s)\n";
0x00011e18 ldr r0, [r0] | r0 = *(0x11f94);
0x00011e1c bl 0x10774 | r0 = fprintf (r0, "%*serror %d (%s)\n", r2, r3);
0x00011e20 bl 0x10810 | errno_location ();
0x00011e24 mov r3, 0x16 | r3 = 0x16;
| label_1:
0x00011e28 str r3, [r0] | *(r0) = r3;
0x00011e2c b 0x11dec |
| } while (1);
| label_6:
0x00011e30 ldrd r2, r3, [fp, -0x6c] | __asm ("ldrd r2, r3, [var_6ch]");
0x00011e34 mov r1, r3 | r1 = r3;
0x00011e38 mov r0, r2 | r0 = r2;
0x00011e3c strd r2, r3, [fp, -0xb4] | __asm ("strd r2, r3, [var_b4h]");
0x00011e40 bl 0x1072c | gnu_dev_major ();
0x00011e44 ldrd r2, r3, [fp, -0xb4] | __asm ("ldrd r2, r3, [var_b4h]");
0x00011e48 mov r1, r3 | r1 = r3;
0x00011e4c mov sb, r0 | sb = r0;
0x00011e50 mov r0, r2 | r0 = r2;
0x00011e54 bl 0x10750 | gnu_dev_minor ();
0x00011e58 sub r1, fp, 0xa4 | r1 -= var_a4h;
0x00011e5c mov r7, r0 | r7 = r0;
0x00011e60 mov r0, r6 | r0 = r6;
0x00011e64 bl 0x11a38 | r0 = fcn_00011a38 (r0, r1);
0x00011e68 cmp r0, 0 |
| if (r0 != 0) {
0x00011e6c addeq r8, sp, 8 | r8 += var_b4h;
| }
| if (r0 != 0) {
0x00011e70 ldreq r4, [fp, -0xa0] | r4 = var_a0h;
| }
| if (r0 == 0) {
0x00011e74 addeq sl, r6, 0x18 | sl = r6 + 0x18;
| goto label_7;
| }
| if (r0 != 0) {
| label_7:
0x00011e78 bne 0x11dec | goto label_0;
| }
| do {
0x00011e7c ldr r3, [fp, -0x9c] | r3 = var_9ch;
0x00011e80 cmp r4, r3 |
| if (r4 > r3) {
0x00011e84 bgt 0x11efc | goto label_8;
| }
0x00011e88 sub r3, fp, 0xa8 | r3 -= var_a8h;
0x00011e8c sub r2, fp, 0xac | r2 -= var_ach;
0x00011e90 mov r1, r4 | r1 = r4;
0x00011e94 mov r0, sl | r0 = sl;
0x00011e98 bl 0x11394 | r0 = fcn_00011394 (r0, r1);
0x00011e9c cmp r0, 0 |
| if (r0 == 0) {
0x00011ea0 beq 0x11ef0 | goto label_9;
| }
0x00011ea4 bl 0x10810 | r0 = errno_location ();
0x00011ea8 ldr r3, [r0] | r3 = *(r0);
0x00011eac cmp r3, 2 |
| if (r3 != 2) {
0x00011eb0 bne 0x11ebc | goto label_10;
| }
| label_2:
0x00011eb4 add r4, r4, 1 | r4++;
0x00011eb8 b 0x11e7c |
| } while (1);
| label_10:
0x00011ebc cmp r3, 0 |
| if (r3 != 0) {
0x00011ec0 bne 0x11dec | goto label_0;
| }
| label_3:
0x00011ec4 ldr r0, [pc, 0xcc] |
0x00011ec8 mov r3, r5 | r3 = r5;
0x00011ecc str r7, [sp, 4] | var_4h = r7;
0x00011ed0 str sb, [sp] | *(sp) = sb;
0x00011ed4 ldr r2, [pc, 0xc0] | r2 = stderr;
0x00011ed8 ldr r1, [pc, 0xd0] | r1 = "_s:_error_:___s__is_not_a_character_device";
0x00011edc ldr r0, [r0] | r0 = *(0x11f94);
0x00011ee0 bl 0x10774 | r0 = fprintf (r0, "_s:_error_:___s__is_not_a_character_device", r2, r3);
0x00011ee4 bl 0x10810 | errno_location ();
0x00011ee8 mov r3, 0x13 | r3 = 0x13;
0x00011eec b 0x11e28 | goto label_1;
| label_9:
0x00011ef0 ldr r3, [fp, -0xac] | r3 = var_ach;
0x00011ef4 cmp r3, sb |
| if (r3 != sb) {
0x00011ef8 bne 0x11eb4 | goto label_2;
| }
| label_8:
0x00011efc ldr r3, [fp, -0x9c] | r3 = var_9ch;
0x00011f00 cmp r4, r3 |
| if (r4 > r3) {
0x00011f04 bgt 0x11ec4 | goto label_3;
| }
0x00011f08 cmp r7, 0 |
| if (r7 == 0) {
0x00011f0c moveq r0, 1 | r0 = 1;
| goto label_11;
| }
| if (r7 == 0) {
| label_11:
0x00011f10 beq 0x11df0 | goto label_4;
| }
0x00011f14 sub r3, r7, 1 | r3 = r7 - 1;
0x00011f18 mov r2, r4 | r2 = r4;
0x00011f1c ldr r1, [r6, 0x40] | r1 = *((r6 + 0x40));
0x00011f20 mov r0, r8 | r0 = r8;
0x00011f24 bl 0x10804 | sprintf (r0, r1, r2)
0x00011f28 mov r1, 0 | r1 = 0;
0x00011f2c mov r0, r8 | r0 = r8;
0x00011f30 bl 0x107e0 | r0 = open64 ();
0x00011f34 cmn r0, 1 |
| if (r0 == 1) {
0x00011f38 beq 0x11ec4 | goto label_3;
| }
0x00011f3c bl 0x10840 | r0 = close (r0);
0x00011f40 cmp r0, 0 |
| if (r0 != 0) {
0x00011f44 beq 0x11f90 |
0x00011f48 bl 0x10810 | errno_location ();
0x00011f4c ldr r5, [pc, 0x44] |
0x00011f50 mov r3, r8 | r3 = r8;
0x00011f54 ldr r2, [pc, 0x40] | r2 = stderr;
0x00011f58 ldr r1, [pc, 0x54] | r1 = "%s: error!: \"%s\" has major:minor %d:%d, but this does not correspond to any existing UBI device or volume\n";
0x00011f5c ldr r4, [r0] | r4 = *(r0);
0x00011f60 ldr r0, [r5] | r0 = *(0x11f94);
0x00011f64 bl 0x10774 | fprintf (r0, "%s: error!: \"%s\" has major:minor %d:%d, but this does not correspond to any existing UBI device or volume\n", r2, r3, r4, r5);
0x00011f68 mov r0, r4 | r0 = r4;
0x00011f6c ldr r5, [r5] | r5 = *(0x11f94);
0x00011f70 bl 0x10714 | strerror (r0);
0x00011f74 str r4, [sp] | *(sp) = r4;
0x00011f78 ldr r3, [pc, 0x24] | r3 = "_s:_error_:_cannot_get_information_about___s_";
0x00011f7c mov r2, 8 | r2 = 8;
0x00011f80 ldr r1, [pc, 0x20] | r1 = *(0x11fa4);
0x00011f84 str r0, [sp, 4] | var_4h = r0;
0x00011f88 mov r0, r5 | r0 = r5;
0x00011f8c bl 0x10774 | fprintf (r0, r1, r2, "_s:_error_:_cannot_get_information_about___s_", r4);
| }
0x00011f90 mov r0, 2 | r0 = 2;
0x00011f94 b 0x11df0 | goto label_4;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubirename @ 0x12370 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00012370 () | void fcn_00012370 (int32_t arg2, char * s) {
| int32_t var_74h;
| int32_t var_ch_2;
| int32_t var_ch;
| r1 = arg2;
| r0 = s;
0x00012370 push {r4, r5, fp, lr} |
0x00012374 add fp, sp, 0xc |
0x00012378 sub sp, sp, 0x68 |
0x0001237c ldr r4, [r0, 0x10] | r4 = *((r0 + 0x10));
0x00012380 mov r5, r1 | r5 = r1;
0x00012384 mov r0, r4 | r0 = r4;
0x00012388 bl 0x1081c | strlen (r0);
0x0001238c mov r2, r5 | r2 = r5;
0x00012390 mov r1, r4 | r1 = r4;
0x00012394 add r0, r0, 0x39 | r0 += 0x39;
0x00012398 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x0001239c sub sp, sp, r0 |
0x000123a0 mov r0, sp | r0 = sp;
0x000123a4 bl 0x10804 | sprintf (r0, r1, r2)
0x000123a8 sub r1, fp, 0x74 | r1 -= var_74h;
0x000123ac mov r0, sp | r0 = sp;
0x000123b0 bl 0x10720 | r0 = stat64 ();
0x000123b4 clz r0, r0 | r0 &= r0;
0x000123b8 lsr r0, r0, 5 | r0 >>= 5;
0x000123bc sub sp, fp, 0xc |
0x000123c0 pop {r4, r5, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubirename @ 0x123c4 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.000123c4 () | void fcn_000123c4 (int32_t arg1, int32_t arg2) {
| int32_t var_128h;
| int32_t var_124h;
| int32_t var_0h;
| int32_t var_4h;
| char * s;
| int32_t var_20h_2;
| int32_t var_20h;
| r0 = arg1;
| r1 = arg2;
0x000123c4 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x000123c8 add sl, r2, 4 | sl = r2 + 4;
0x000123cc add fp, sp, 0x20 |
0x000123d0 sub sp, sp, 0x114 |
0x000123d4 mov r6, r1 | r6 = r1;
0x000123d8 mov r5, r0 | r5 = r0;
0x000123dc mov r4, r2 | r4 = r2;
0x000123e0 mov r1, 0 | r1 = 0;
0x000123e4 mov r2, 0x54 | r2 = 0x54;
0x000123e8 mov r0, sl | r0 = sl;
0x000123ec bl 0x107d4 | memset (r0, r1, r2);
0x000123f0 str r6, [r4] | *(r4) = r6;
0x000123f4 mov r1, r6 | r1 = r6;
0x000123f8 mov r0, r5 | r0 = r5;
0x000123fc bl 0x12370 | r0 = fcn_00012370 (r0, r1);
0x00012400 cmp r0, 0 |
0x00012404 bne 0x12410 |
| while (r8 == r0) {
| label_0:
0x00012408 mvn r0, 0 | r0 = ~0;
0x0001240c b 0x126d4 | goto label_3;
0x00012410 ldr r0, [r5, 0xc] | r0 = *((r5 + 0xc));
0x00012414 bl 0x107ec | r0 = opendir ();
0x00012418 subs r8, r0, 0 | r8 = r0 - 0;
0x0001241c beq 0x12408 |
| }
0x00012420 mvn r3, 0x80000000 | r3 = ~0x80000000;
0x00012424 str r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
0x00012428 bl 0x10810 | r0 = errno_location ();
0x0001242c mov sb, r0 | sb = r0;
| do {
| label_1:
0x00012430 mov r3, 0 | r3 = 0;
0x00012434 str r3, [sb] | *(sb) = r3;
0x00012438 mov r0, r8 | r0 = r8;
0x0001243c bl 0x107b0 | r0 = readdir64 ();
0x00012440 cmp r0, 0 |
| if (r0 == 0) {
0x00012444 beq 0x124e0 | goto label_4;
| }
0x00012448 add r7, r0, 0x13 | r7 = r0 + 0x13;
0x0001244c mov r0, r7 | r0 = r7;
0x00012450 bl 0x1081c | r0 = strlen (r0);
0x00012454 cmp r0, 0xfe |
| if (r0 >= 0xfe) {
0x00012458 bls 0x12484 |
0x0001245c ldr r0, [pc, 0x278] |
0x00012460 str r7, [sp] | *(sp) = r7;
0x00012464 ldr r2, [pc, 0x274] | r2 = stderr;
0x00012468 ldr r3, [r5, 0xc] | r3 = *((r5 + 0xc));
0x0001246c ldr r1, [pc, 0x270] | r1 = "libubi";
0x00012470 ldr r0, [r0] | r0 = *(0x126d8);
0x00012474 bl 0x10774 | fprintf (r0, "libubi", r2, r3);
| label_2:
0x00012478 mov r0, r8 | r0 = r8;
0x0001247c bl 0x10828 | closedir ();
0x00012480 b 0x12408 | goto label_0;
| }
0x00012484 sub r3, fp, 0x124 | r3 -= var_124h;
0x00012488 str r3, [sp] | *(sp) = r3;
0x0001248c sub r2, fp, 0x128 | r2 -= var_128h;
0x00012490 sub r3, fp, 0x12c | r3 -= s;
0x00012494 ldr r1, [pc, 0x24c] | r1 = "_s:_error_:_invalid_entry_in__s:___s_";
0x00012498 mov r0, r7 | r0 = r7;
0x0001249c bl 0x107bc | r0 = sscanf (r0, "_s:_error_:_invalid_entry_in__s:___s_", r2);
0x000124a0 cmp r0, 2 |
0x000124a4 bne 0x12430 |
| } while (r0 != 2);
0x000124a8 ldr r3, [fp, -0x128] | r3 = var_128h;
0x000124ac cmp r3, r6 |
| if (r3 != r6) {
0x000124b0 bne 0x12430 | goto label_1;
| }
0x000124b4 ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x000124b8 ldr r2, [r4, 0x10] | r2 = *((r4 + 0x10));
0x000124bc add r3, r3, 1 | r3++;
0x000124c0 str r3, [r4, 8] | *((r4 + 8)) = r3;
0x000124c4 ldr r3, [fp, -0x12c] | r3 = s;
0x000124c8 cmp r2, r3 |
0x000124cc ldr r2, [r4, 0xc] | r2 = *((r4 + 0xc));
| if (r2 >= r3) {
0x000124d0 strlt r3, [r4, 0x10] | *((r4 + 0x10)) = r3;
| }
0x000124d4 cmp r3, r2 |
| if (r3 >= r2) {
0x000124d8 strlt r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
| }
0x000124dc b 0x12430 | goto label_1;
| label_4:
0x000124e0 ldr r7, [sb] | r7 = *(sb);
0x000124e4 cmp r7, 0 |
| if (r7 != 0) {
0x000124e8 beq 0x12530 |
0x000124ec ldr r4, [pc, 0x1e8] |
0x000124f0 ldr r3, [r5, 0xc] | r3 = *((r5 + 0xc));
0x000124f4 ldr r2, [pc, 0x1e4] | r2 = stderr;
0x000124f8 ldr r1, [pc, 0x1ec] | r1 = "ubi_d__d_s";
0x000124fc ldr r0, [r4] | r0 = *(0x126d8);
0x00012500 bl 0x10774 | fprintf (r0, "ubi_d__d_s", r2, r3, r4);
0x00012504 mov r0, r7 | r0 = r7;
0x00012508 ldr r4, [r4] | r4 = *(0x126d8);
0x0001250c bl 0x10714 | strerror (r0);
0x00012510 str r7, [sp] | *(sp) = r7;
0x00012514 ldr r3, [pc, 0x1d4] | r3 = "%s: error!: readdir failed on \"%s\"\n";
0x00012518 mov r2, 8 | r2 = 8;
0x0001251c ldr r1, [pc, 0x1d0] | r1 = *(0x126f0);
0x00012520 str r0, [sp, 4] | var_4h = r0;
0x00012524 mov r0, r4 | r0 = r4;
0x00012528 bl 0x10774 | fprintf (r0, r1, r2, "%s: error!: readdir failed on \"%s\"\n");
0x0001252c b 0x12478 | goto label_2;
| }
0x00012530 mov r0, r8 | r0 = r8;
0x00012534 bl 0x10828 | r0 = closedir ();
0x00012538 cmp r0, 0 |
| if (r0 != 0) {
0x0001253c beq 0x12588 |
0x00012540 ldr r6, [pc, 0x194] | r6 = *(0x126d8);
0x00012544 ldr r4, [sb] | r4 = *(sb);
0x00012548 ldr r3, [r5, 0xc] | r3 = *((r5 + 0xc));
0x0001254c ldr r2, [pc, 0x18c] | r2 = stderr;
0x00012550 ldr r1, [pc, 0x1a0] | r1 = "%*serror %d (%s)\n";
0x00012554 ldr r0, [r6] | r0 = *(0x126d8);
0x00012558 bl 0x10774 | fprintf (r0, "%*serror %d (%s)\n", r2, r3, r4, r5, r6);
0x0001255c mov r0, r4 | r0 = r4;
0x00012560 ldr r5, [r6] | r5 = *(0x126d8);
0x00012564 bl 0x10714 | strerror (r0);
0x00012568 str r4, [sp] | *(sp) = r4;
0x0001256c ldr r3, [pc, 0x17c] | r3 = "%s: error!: readdir failed on \"%s\"\n";
0x00012570 mov r2, 8 | r2 = 8;
0x00012574 ldr r1, [pc, 0x178] | r1 = *(0x126f0);
0x00012578 str r0, [sp, 4] | var_4h = r0;
0x0001257c mov r0, r5 | r0 = r5;
0x00012580 bl 0x10774 | fprintf (r0, r1, r2, "%s: error!: readdir failed on \"%s\"\n", r4);
0x00012584 b 0x12408 | goto label_0;
| }
0x00012588 ldr r3, [r4, 0xc] | r3 = *((r4 + 0xc));
0x0001258c add r2, r4, 0x14 | r2 = r4 + 0x14;
0x00012590 cmn r3, 0x80000001 |
| if (r3 != 0x80000001) {
0x00012594 streq r0, [r4, 0xc] | *((r4 + 0xc)) = r0;
| }
0x00012598 add r3, r4, 0x18 | r3 = r4 + 0x18;
0x0001259c mov r1, r6 | r1 = r6;
0x000125a0 add r0, r5, 0x18 | r0 = r5 + 0x18;
0x000125a4 bl 0x11394 | r0 = fcn_00011394 (r0, r1);
0x000125a8 cmp r0, 0 |
| if (r0 != 0) {
0x000125ac bne 0x12408 | goto label_0;
| }
0x000125b0 mov r2, sl | r2 = sl;
0x000125b4 mov r1, r6 | r1 = r6;
0x000125b8 ldr r0, [r5, 0x3c] | r0 = *((r5 + 0x3c));
0x000125bc bl 0x10ea8 | r0 = fcn_00010ea8 (r0, r1);
0x000125c0 cmp r0, 0 |
| if (r0 != 0) {
0x000125c4 bne 0x12408 | goto label_0;
| }
0x000125c8 add r2, r4, 0x20 | r2 = r4 + 0x20;
0x000125cc mov r1, r6 | r1 = r6;
0x000125d0 ldr r0, [r5, 0x1c] | r0 = *((r5 + 0x1c));
0x000125d4 bl 0x10ea8 | r0 = fcn_00010ea8 (r0, r1);
0x000125d8 cmp r0, 0 |
| if (r0 != 0) {
0x000125dc bne 0x12408 | goto label_0;
| }
0x000125e0 add r2, r4, 0x1c | r2 = r4 + 0x1c;
0x000125e4 mov r1, r6 | r1 = r6;
0x000125e8 ldr r0, [r5, 0x20] | r0 = *((r5 + 0x20));
0x000125ec bl 0x10ea8 | r0 = fcn_00010ea8 (r0, r1);
0x000125f0 cmp r0, 0 |
| if (r0 != 0) {
0x000125f4 bne 0x12408 | goto label_0;
| }
0x000125f8 add r2, r4, 0x38 | r2 = r4 + 0x38;
0x000125fc mov r1, r6 | r1 = r6;
0x00012600 ldr r0, [r5, 0x24] | r0 = *((r5 + 0x24));
0x00012604 bl 0x10ea8 | r0 = fcn_00010ea8 (r0, r1);
0x00012608 cmp r0, 0 |
| if (r0 != 0) {
0x0001260c bne 0x12408 | goto label_0;
| }
0x00012610 add r2, r4, 0x3c | r2 = r4 + 0x3c;
0x00012614 mov r1, r6 | r1 = r6;
0x00012618 ldr r0, [r5, 0x28] | r0 = *((r5 + 0x28));
0x0001261c bl 0x10ea8 | r0 = fcn_00010ea8 (r0, r1);
0x00012620 cmp r0, 0 |
| if (r0 != 0) {
0x00012624 bne 0x12408 | goto label_0;
| }
0x00012628 add r2, r4, 0x48 | r2 = r4 + 0x48;
0x0001262c mov r1, r6 | r1 = r6;
0x00012630 ldr r0, [r5, 0x30] | r0 = *((r5 + 0x30));
0x00012634 bl 0x10ea8 | r0 = fcn_00010ea8 (r0, r1);
0x00012638 cmp r0, 0 |
| if (r0 != 0) {
0x0001263c bne 0x12408 | goto label_0;
| }
0x00012640 ldr r8, [r5, 0x2c] | r8 = *((r5 + 0x2c));
0x00012644 mov sb, sp | sb = sp;
0x00012648 mov r0, r8 | r0 = r8;
0x0001264c bl 0x1081c | strlen (r0);
0x00012650 mov r2, r6 | r2 = r6;
0x00012654 mov r1, r8 | r1 = r8;
0x00012658 add r0, r0, 0x39 | r0 += 0x39;
0x0001265c bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012660 sub sp, sp, r0 |
0x00012664 add r7, sp, 8 | r7 += s;
0x00012668 mov r0, r7 | r0 = r7;
0x0001266c bl 0x10804 | sprintf (r0, r1, r2)
0x00012670 add r1, r4, 0x40 | r1 = r4 + 0x40;
0x00012674 mov r0, r7 | r0 = r7;
0x00012678 bl 0x10c84 | fcn_00010c84 (r0, r1);
0x0001267c mov sp, sb |
0x00012680 cmp r0, 0 |
| if (r0 != 0) {
0x00012684 bne 0x12408 | goto label_0;
| }
0x00012688 add r2, r4, 0x4c | r2 = r4 + 0x4c;
0x0001268c mov r1, r6 | r1 = r6;
0x00012690 ldr r0, [r5, 0x34] | r0 = *((r5 + 0x34));
0x00012694 bl 0x10ea8 | r0 = fcn_00010ea8 (r0, r1);
0x00012698 cmp r0, 0 |
| if (r0 != 0) {
0x0001269c bne 0x12408 | goto label_0;
| }
0x000126a0 add r2, r4, 0x50 | r2 = r4 + 0x50;
0x000126a4 mov r1, r6 | r1 = r6;
0x000126a8 ldr r0, [r5, 0x38] | r0 = *((r5 + 0x38));
0x000126ac bl 0x10ea8 | r0 = fcn_00010ea8 (r0, r1);
0x000126b0 cmp r0, 0 |
| if (r0 != 0) {
0x000126b4 bne 0x12408 | goto label_0;
| }
0x000126b8 ldr r3, [r4, 0x3c] | r3 = *((r4 + 0x3c));
0x000126bc ldr r2, [r4, 0x20] | r2 = *((r4 + 0x20));
0x000126c0 smull r6, r7, r2, r3 | r6:r7 = r2 * r3;
0x000126c4 ldr r2, [r4, 0x1c] | r2 = *((r4 + 0x1c));
0x000126c8 strd r6, r7, [r4, 0x30] | __asm ("strd r6, r7, [r4, 0x30]");
0x000126cc smull r6, r7, r2, r3 | r6:r7 = r2 * r3;
0x000126d0 strd r6, r7, [r4, 0x28] | __asm ("strd r6, r7, [r4, 0x28]");
| label_3:
0x000126d4 sub sp, fp, 0x20 |
0x000126d8 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubirename @ 0x128ec */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.000128ec () | void fcn_000128ec (int32_t arg1, int32_t arg2) {
| char * s1;
| int32_t var_0h;
| int32_t var_20h_2;
| int32_t var_20h;
| r0 = arg1;
| r1 = arg2;
0x000128ec push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x000128f0 add sb, r3, 8 | sb = r3 + 8;
0x000128f4 add fp, sp, 0x20 |
0x000128f8 sub sp, sp, 0x3c |
0x000128fc mov r5, r1 | r5 = r1;
0x00012900 mov r6, r2 | r6 = r2;
0x00012904 mov r1, 0 | r1 = 0;
0x00012908 mov r2, 0xb0 | r2 = 0xb0;
0x0001290c mov r7, r0 | r7 = r0;
0x00012910 mov r0, sb | r0 = sb;
0x00012914 mov r4, r3 | r4 = r3;
0x00012918 bl 0x107d4 | memset (r0, r1, r2);
0x0001291c ldr sl, [r7, 0x48] | sl = *((r7 + 0x48));
0x00012920 stm r4, {r5, r6} | *(r4) = r5;
| *((r4 + 4)) = r6;
0x00012924 mov r0, sl | r0 = sl;
0x00012928 bl 0x1081c | strlen (r0);
0x0001292c mov r8, sp | r8 = sp;
0x00012930 mov r3, r6 | r3 = r6;
0x00012934 mov r2, r5 | r2 = r5;
0x00012938 mov r1, sl | r1 = sl;
0x0001293c add r0, r0, 0x6b | r0 += 0x6b;
0x00012940 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012944 sub sp, sp, r0 |
0x00012948 mov r0, sp | r0 = sp;
0x0001294c bl 0x10804 | sprintf (r0, r1, r2)
0x00012950 mov r0, sp | r0 = sp;
0x00012954 add r2, r4, 0xc | r2 = r4 + 0xc;
0x00012958 mov r1, sb | r1 = sb;
0x0001295c bl 0x112bc | fcn_000112bc (r0, r1);
0x00012960 mov sp, r8 |
0x00012964 cmp r0, 0 |
0x00012968 beq 0x1297c |
| while (r8 < r0) {
| label_0:
0x0001296c mvn r8, 0 | r8 = ~0;
| label_1:
0x00012970 mov r0, r8 | r0 = r8;
0x00012974 sub sp, fp, 0x20 |
0x00012978 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x0001297c ldr sb, [r7, 0x44] | sb = *((r7 + 0x44));
0x00012980 mov r0, sb | r0 = sb;
0x00012984 bl 0x1081c | strlen (r0);
0x00012988 mov r3, r6 | r3 = r6;
0x0001298c mov r2, r5 | r2 = r5;
0x00012990 mov r1, sb | r1 = sb;
0x00012994 add r0, r0, 0x6b | r0 += 0x6b;
0x00012998 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x0001299c sub sp, sp, r0 |
0x000129a0 mov r0, sp | r0 = sp;
0x000129a4 bl 0x10804 | sprintf (r0, r1, r2)
0x000129a8 mov r0, sp | r0 = sp;
0x000129ac mov r2, 0x32 | r2 = 0x32;
0x000129b0 sub r1, fp, 0x58 | r1 -= s1;
0x000129b4 bl 0x10f40 | fcn_00010f40 (r0, r1);
0x000129b8 mov sp, r8 |
0x000129bc subs r8, r0, 0 | r8 = r0 - 0;
0x000129c0 blt 0x1296c |
| }
0x000129c4 mov r2, r8 | r2 = r8;
0x000129c8 ldr r1, [pc, 0x174] | r1 = *(0x12b40);
0x000129cc sub r0, fp, 0x58 | r0 -= s1;
0x000129d0 bl 0x10798 | r0 = strncmp (r0, r1, r2);
0x000129d4 cmp r0, 0 |
| if (r0 != 0) {
0x000129d8 moveq r3, 4 | r3 = 4;
| }
| if (r0 != 0) {
0x000129dc beq 0x129fc |
0x000129e0 mov r2, r8 | r2 = r8;
0x000129e4 ldr r1, [pc, 0x15c] | r1 = "static";
0x000129e8 sub r0, fp, 0x58 | r0 -= s1;
0x000129ec bl 0x10798 | r0 = strncmp (r0, "static", r2);
0x000129f0 cmp r0, 0 |
| if (r0 != 0) {
0x000129f4 bne 0x12b1c | goto label_2;
| }
0x000129f8 mov r3, 3 | r3 = 3;
| }
0x000129fc str r3, [r4, 0x10] | *((r4 + 0x10)) = r3;
0x00012a00 mov r2, r6 | r2 = r6;
0x00012a04 add r3, r4, 0x14 | r3 = r4 + 0x14;
0x00012a08 mov r1, r5 | r1 = r5;
0x00012a0c ldr r0, [r7, 0x4c] | r0 = *((r7 + 0x4c));
0x00012a10 bl 0x10ef0 | r0 = fcn_00010ef0 (r0, r1);
0x00012a14 cmp r0, 0 |
| if (r0 != 0) {
0x00012a18 bne 0x1296c | goto label_0;
| }
0x00012a1c ldr r8, [r7, 0x50] | r8 = *((r7 + 0x50));
0x00012a20 mov sb, sp | sb = sp;
0x00012a24 mov r0, r8 | r0 = r8;
0x00012a28 bl 0x1081c | strlen (r0);
0x00012a2c mov r3, r6 | r3 = r6;
0x00012a30 mov r2, r5 | r2 = r5;
0x00012a34 mov r1, r8 | r1 = r8;
0x00012a38 add r0, r0, 0x6b | r0 += 0x6b;
0x00012a3c bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012a40 sub sp, sp, r0 |
0x00012a44 mov r0, sp | r0 = sp;
0x00012a48 bl 0x10804 | sprintf (r0, r1, r2)
0x00012a4c mov r0, sp | r0 = sp;
0x00012a50 add r1, r4, 0x18 | r1 = r4 + 0x18;
0x00012a54 bl 0x10c84 | fcn_00010c84 (r0, r1);
0x00012a58 mov sp, sb |
0x00012a5c cmp r0, 0 |
| if (r0 != 0) {
0x00012a60 bne 0x1296c | goto label_0;
| }
0x00012a64 add r3, r4, 0x28 | r3 = r4 + 0x28;
0x00012a68 mov r2, r6 | r2 = r6;
0x00012a6c mov r1, r5 | r1 = r5;
0x00012a70 ldr r0, [r7, 0x54] | r0 = *((r7 + 0x54));
0x00012a74 bl 0x10ef0 | r0 = fcn_00010ef0 (r0, r1);
0x00012a78 cmp r0, 0 |
| if (r0 != 0) {
0x00012a7c bne 0x1296c | goto label_0;
| }
0x00012a80 add r3, r4, 0x2c | r3 = r4 + 0x2c;
0x00012a84 mov r2, r6 | r2 = r6;
0x00012a88 mov r1, r5 | r1 = r5;
0x00012a8c ldr r0, [r7, 0x58] | r0 = *((r7 + 0x58));
0x00012a90 bl 0x10ef0 | r0 = fcn_00010ef0 (r0, r1);
0x00012a94 cmp r0, 0 |
| if (r0 != 0) {
0x00012a98 bne 0x1296c | goto label_0;
| }
0x00012a9c add r3, r4, 0x30 | r3 = r4 + 0x30;
0x00012aa0 mov r2, r6 | r2 = r6;
0x00012aa4 mov r1, r5 | r1 = r5;
0x00012aa8 ldr r0, [r7, 0x5c] | r0 = *((r7 + 0x5c));
0x00012aac bl 0x10ef0 | r0 = fcn_00010ef0 (r0, r1);
0x00012ab0 subs r8, r0, 0 | r8 = r0 - 0;
| if (r8 != r0) {
0x00012ab4 bne 0x1296c | goto label_0;
| }
0x00012ab8 ldr r1, [r4, 0x28] | r1 = *((r4 + 0x28));
0x00012abc ldr r0, [r4, 0x2c] | r0 = *((r4 + 0x2c));
0x00012ac0 ldr r7, [r7, 0x60] | r7 = *((r7 + 0x60));
0x00012ac4 smull r2, r3, r0, r1 | r2:r3 = r0 * r1;
0x00012ac8 mov r0, r7 | r0 = r7;
0x00012acc strd r2, r3, [r4, 0x20] | __asm ("strd r2, r3, [r4, 0x20]");
0x00012ad0 bl 0x1081c | strlen (r0);
0x00012ad4 mov r3, r6 | r3 = r6;
0x00012ad8 mov r2, r5 | r2 = r5;
0x00012adc mov r1, r7 | r1 = r7;
0x00012ae0 add r0, r0, 0x6b | r0 += 0x6b;
0x00012ae4 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012ae8 sub sp, sp, r0 |
0x00012aec mov r0, sp | r0 = sp;
0x00012af0 bl 0x10804 | sprintf (r0, r1, r2)
0x00012af4 mov r0, sp | r0 = sp;
0x00012af8 mov r2, 0x81 | r2 = 0x81;
0x00012afc add r1, r4, 0x34 | r1 = r4 + 0x34;
0x00012b00 bl 0x10f40 | fcn_00010f40 (r0, r1);
0x00012b04 mov sp, sb |
0x00012b08 cmp r0, 0 |
| if (r0 < 0) {
0x00012b0c blt 0x1296c | goto label_0;
| }
0x00012b10 add r4, r4, r0 | r4 += r0;
0x00012b14 strb r8, [r4, 0x33] | *((r4 + 0x33)) = r8;
0x00012b18 b 0x12970 | goto label_1;
| label_2:
0x00012b1c ldr r0, [pc, 0x28] |
0x00012b20 sub r3, fp, 0x58 | r3 -= s1;
0x00012b24 ldr r2, [pc, 0x24] | r2 = stderr;
0x00012b28 ldr r1, [pc, 0x24] | r1 = "libubi";
0x00012b2c ldr r0, [r0] | r0 = "dynamic";
0x00012b30 bl 0x10774 | r0 = fprintf ("dynamic", "libubi", r2, r3);
0x00012b34 bl 0x10810 | errno_location ();
0x00012b38 mov r3, 0x16 | r3 = 0x16;
0x00012b3c str r3, [r0] | *(r0) = r3;
0x00012b40 b 0x1296c | goto label_0;
| }
[*] Function sprintf used 10 times ubirename
