[*] Binary protection state of ubirsvol
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of ubirsvol
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubirsvol @ 0x117d8 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.000117d8 () | void fcn_000117d8 (int32_t arg1, int32_t arg2) {
| int32_t var_14h_2;
| int32_t var_14h;
| r0 = arg1;
| r1 = arg2;
0x000117d8 push {r4, r5, r6, r7, fp, lr} |
0x000117dc add fp, sp, 0x14 |
0x000117e0 mov r6, r1 | r6 = r1;
0x000117e4 mov r7, r2 | r7 = r2;
0x000117e8 mov r4, r3 | r4 = r3;
0x000117ec mov r5, r0 | r5 = r0;
0x000117f0 bl 0x10b3c | strlen (r0);
0x000117f4 mov r3, r7 | r3 = r7;
0x000117f8 mov r2, r6 | r2 = r6;
0x000117fc mov r1, r5 | r1 = r5;
0x00011800 add r0, r0, 0x6b | r0 += 0x6b;
0x00011804 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00011808 sub sp, sp, r0 |
0x0001180c mov r0, sp | r0 = sp;
0x00011810 bl 0x10b18 | sprintf (r0, r1, r2)
0x00011814 mov r1, r4 | r1 = r4;
0x00011818 mov r0, sp | r0 = sp;
0x0001181c bl 0x1171c | fcn_0001171c (r0, r1);
0x00011820 sub sp, fp, 0x14 |
0x00011824 pop {r4, r5, r6, r7, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubirsvol @ 0x11c7c */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00011c7c () | void fcn_00011c7c (int32_t arg2, char * s) {
| int32_t var_14h_2;
| int32_t var_14h;
| r1 = arg2;
| r0 = s;
0x00011c7c push {r4, r5, r6, r7, fp, lr} |
0x00011c80 ldr r4, [r0] | r4 = *(r0);
0x00011c84 add fp, sp, 0x14 |
0x00011c88 mov r0, r4 | r0 = r4;
0x00011c8c mov r6, r3 | r6 = r3;
0x00011c90 mov r7, r1 | r7 = r1;
0x00011c94 mov r5, r2 | r5 = r2;
0x00011c98 bl 0x10b3c | strlen (r0);
0x00011c9c mov r2, r7 | r2 = r7;
0x00011ca0 mov r1, r4 | r1 = r4;
0x00011ca4 add r0, r0, 0x39 | r0 += 0x39;
0x00011ca8 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00011cac sub sp, sp, r0 |
0x00011cb0 mov r0, sp | r0 = sp;
0x00011cb4 bl 0x10b18 | sprintf (r0, r1, r2)
0x00011cb8 mov r2, r6 | r2 = r6;
0x00011cbc mov r1, r5 | r1 = r5;
0x00011cc0 mov r0, sp | r0 = sp;
0x00011cc4 bl 0x11ba4 | fcn_00011ba4 (r0, r1);
0x00011cc8 sub sp, fp, 0x14 |
0x00011ccc pop {r4, r5, r6, r7, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubirsvol @ 0x12650 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00012650 () | void fcn_00012650 (int32_t arg2, char * s) {
| int32_t var_b4h;
| int32_t var_ach;
| int32_t var_a8h;
| int32_t var_a4h;
| int32_t var_a0h;
| int32_t var_9ch;
| int32_t var_8ch;
| int32_t var_7ch;
| int32_t var_6ch;
| int32_t var_0h;
| int32_t var_4h;
| int32_t var_sp_b4h;
| int32_t var_sp_6ch;
| int32_t var_20h_2;
| int32_t var_20h;
| r1 = arg2;
| r0 = s;
0x00012650 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00012654 add fp, sp, 0x20 |
0x00012658 sub sp, sp, 0x9c |
0x0001265c mov r6, r0 | r6 = r0;
0x00012660 ldr r0, [r0, 0x40] | r0 = *((r0 + 0x40));
0x00012664 mov r5, r1 | r5 = r1;
0x00012668 bl 0x10b3c | strlen (r0);
0x0001266c sub r1, fp, 0x8c | r1 -= var_8ch;
0x00012670 add r0, r0, 0x6b | r0 += 0x6b;
0x00012674 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012678 sub sp, sp, r0 |
0x0001267c mov r0, r5 | r0 = r5;
0x00012680 bl 0x109e0 | r0 = stat64 ();
0x00012684 cmp r0, 0 |
| if (r0 == 0) {
0x00012688 beq 0x126e0 | goto label_5;
| }
0x0001268c bl 0x10b24 | errno_location ();
0x00012690 ldr r6, [pc, 0x1e8] | r6 = *(0x1287c);
0x00012694 mov r3, r5 | r3 = r5;
0x00012698 ldr r2, [pc, 0x1e4] | r2 = stderr;
0x0001269c ldr r1, [pc, 0x1e4] | r1 = "libubi";
0x000126a0 ldr r4, [r0] | r4 = *(r0);
0x000126a4 ldr r0, [r6] | r0 = *(0x1287c);
0x000126a8 bl 0x10a64 | fprintf (r0, "libubi", r2, r3, r4, r5, r6);
0x000126ac mov r0, r4 | r0 = r4;
0x000126b0 ldr r5, [r6] | r5 = *(0x1287c);
0x000126b4 bl 0x109d4 | strerror (r0);
0x000126b8 str r4, [sp] | *(sp) = r4;
0x000126bc ldr r3, [pc, 0x1c8] | r3 = "%s: error!: cannot get information about \"%s\"\n";
0x000126c0 mov r2, 8 | r2 = 8;
0x000126c4 ldr r1, [pc, 0x1c4] | r1 = *(0x1288c);
0x000126c8 str r0, [sp, 4] | var_4h = r0;
0x000126cc mov r0, r5 | r0 = r5;
0x000126d0 bl 0x10a64 | fprintf (r0, r1, r2, "%s: error!: cannot get information about \"%s\"\n", r4);
| do {
| label_0:
0x000126d4 mvn r0, 0 | r0 = ~0;
| label_4:
0x000126d8 sub sp, fp, 0x20 |
0x000126dc pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_5:
0x000126e0 ldr r3, [fp, -0x7c] | r3 = var_7ch;
0x000126e4 and r3, r3, 0xf000 | r3 &= 0xf000;
0x000126e8 cmp r3, 0x2000 |
| if (r3 == 0x2000) {
0x000126ec beq 0x12718 | goto label_6;
| }
0x000126f0 ldr r0, [pc, 0x188] |
0x000126f4 mov r3, r5 | r3 = r5;
0x000126f8 ldr r2, [pc, 0x184] | r2 = stderr;
0x000126fc ldr r1, [pc, 0x190] | r1 = "%*serror %d (%s)\n";
0x00012700 ldr r0, [r0] | r0 = *(0x1287c);
0x00012704 bl 0x10a64 | r0 = fprintf (r0, "%*serror %d (%s)\n", r2, r3);
0x00012708 bl 0x10b24 | errno_location ();
0x0001270c mov r3, 0x16 | r3 = 0x16;
| label_1:
0x00012710 str r3, [r0] | *(r0) = r3;
0x00012714 b 0x126d4 |
| } while (1);
| label_6:
0x00012718 ldrd r2, r3, [fp, -0x6c] | __asm ("ldrd r2, r3, [var_6ch]");
0x0001271c mov r1, r3 | r1 = r3;
0x00012720 mov r0, r2 | r0 = r2;
0x00012724 strd r2, r3, [fp, -0xb4] | __asm ("strd r2, r3, [var_b4h]");
0x00012728 bl 0x10a04 | gnu_dev_major ();
0x0001272c ldrd r2, r3, [fp, -0xb4] | __asm ("ldrd r2, r3, [var_b4h]");
0x00012730 mov r1, r3 | r1 = r3;
0x00012734 mov sb, r0 | sb = r0;
0x00012738 mov r0, r2 | r0 = r2;
0x0001273c bl 0x10a40 | gnu_dev_minor ();
0x00012740 sub r1, fp, 0xa4 | r1 -= var_a4h;
0x00012744 mov r7, r0 | r7 = r0;
0x00012748 mov r0, r6 | r0 = r6;
0x0001274c bl 0x12320 | r0 = fcn_00012320 (r0, r1);
0x00012750 cmp r0, 0 |
| if (r0 != 0) {
0x00012754 addeq r8, sp, 8 | r8 += var_b4h;
| }
| if (r0 != 0) {
0x00012758 ldreq r4, [fp, -0xa0] | r4 = var_a0h;
| }
| if (r0 == 0) {
0x0001275c addeq sl, r6, 0x18 | sl = r6 + 0x18;
| goto label_7;
| }
| if (r0 != 0) {
| label_7:
0x00012760 bne 0x126d4 | goto label_0;
| }
| do {
0x00012764 ldr r3, [fp, -0x9c] | r3 = var_9ch;
0x00012768 cmp r4, r3 |
| if (r4 > r3) {
0x0001276c bgt 0x127e4 | goto label_8;
| }
0x00012770 sub r3, fp, 0xa8 | r3 -= var_a8h;
0x00012774 sub r2, fp, 0xac | r2 -= var_ach;
0x00012778 mov r1, r4 | r1 = r4;
0x0001277c mov r0, sl | r0 = sl;
0x00012780 bl 0x11c7c | r0 = fcn_00011c7c (r0, r1);
0x00012784 cmp r0, 0 |
| if (r0 == 0) {
0x00012788 beq 0x127d8 | goto label_9;
| }
0x0001278c bl 0x10b24 | r0 = errno_location ();
0x00012790 ldr r3, [r0] | r3 = *(r0);
0x00012794 cmp r3, 2 |
| if (r3 != 2) {
0x00012798 bne 0x127a4 | goto label_10;
| }
| label_2:
0x0001279c add r4, r4, 1 | r4++;
0x000127a0 b 0x12764 |
| } while (1);
| label_10:
0x000127a4 cmp r3, 0 |
| if (r3 != 0) {
0x000127a8 bne 0x126d4 | goto label_0;
| }
| label_3:
0x000127ac ldr r0, [pc, 0xcc] |
0x000127b0 mov r3, r5 | r3 = r5;
0x000127b4 str r7, [sp, 4] | var_4h = r7;
0x000127b8 str sb, [sp] | *(sp) = sb;
0x000127bc ldr r2, [pc, 0xc0] | r2 = stderr;
0x000127c0 ldr r1, [pc, 0xd0] | r1 = "%s: error!: \"%s\" is not a character device\n";
0x000127c4 ldr r0, [r0] | r0 = *(0x1287c);
0x000127c8 bl 0x10a64 | r0 = fprintf (r0, "%s: error!: \"%s\" is not a character device\n", r2, r3);
0x000127cc bl 0x10b24 | errno_location ();
0x000127d0 mov r3, 0x13 | r3 = 0x13;
0x000127d4 b 0x12710 | goto label_1;
| label_9:
0x000127d8 ldr r3, [fp, -0xac] | r3 = var_ach;
0x000127dc cmp r3, sb |
| if (r3 != sb) {
0x000127e0 bne 0x1279c | goto label_2;
| }
| label_8:
0x000127e4 ldr r3, [fp, -0x9c] | r3 = var_9ch;
0x000127e8 cmp r4, r3 |
| if (r4 > r3) {
0x000127ec bgt 0x127ac | goto label_3;
| }
0x000127f0 cmp r7, 0 |
| if (r7 == 0) {
0x000127f4 moveq r0, 1 | r0 = 1;
| goto label_11;
| }
| if (r7 == 0) {
| label_11:
0x000127f8 beq 0x126d8 | goto label_4;
| }
0x000127fc sub r3, r7, 1 | r3 = r7 - 1;
0x00012800 mov r2, r4 | r2 = r4;
0x00012804 ldr r1, [r6, 0x40] | r1 = *((r6 + 0x40));
0x00012808 mov r0, r8 | r0 = r8;
0x0001280c bl 0x10b18 | sprintf (r0, r1, r2)
0x00012810 mov r1, 0 | r1 = 0;
0x00012814 mov r0, r8 | r0 = r8;
0x00012818 bl 0x10af4 | r0 = open64 ();
0x0001281c cmn r0, 1 |
| if (r0 == 1) {
0x00012820 beq 0x127ac | goto label_3;
| }
0x00012824 bl 0x10b6c | r0 = close (r0);
0x00012828 cmp r0, 0 |
| if (r0 != 0) {
0x0001282c beq 0x12878 |
0x00012830 bl 0x10b24 | errno_location ();
0x00012834 ldr r5, [pc, 0x44] |
0x00012838 mov r3, r8 | r3 = r8;
0x0001283c ldr r2, [pc, 0x40] | r2 = stderr;
0x00012840 ldr r1, [pc, 0x54] | r1 = "_s:_error_:___s__has_major:minor__d:_d__but_this_does_not_correspond_to_any_existing_UBI_device_or_volume";
0x00012844 ldr r4, [r0] | r4 = *(r0);
0x00012848 ldr r0, [r5] | r0 = *(0x1287c);
0x0001284c bl 0x10a64 | fprintf (r0, "_s:_error_:___s__has_major:minor__d:_d__but_this_does_not_correspond_to_any_existing_UBI_device_or_volume", r2, r3, r4, r5);
0x00012850 mov r0, r4 | r0 = r4;
0x00012854 ldr r5, [r5] | r5 = *(0x1287c);
0x00012858 bl 0x109d4 | strerror (r0);
0x0001285c str r4, [sp] | *(sp) = r4;
0x00012860 ldr r3, [pc, 0x24] | r3 = "%s: error!: cannot get information about \"%s\"\n";
0x00012864 mov r2, 8 | r2 = 8;
0x00012868 ldr r1, [pc, 0x20] | r1 = *(0x1288c);
0x0001286c str r0, [sp, 4] | var_4h = r0;
0x00012870 mov r0, r5 | r0 = r5;
0x00012874 bl 0x10a64 | fprintf (r0, r1, r2, "%s: error!: cannot get information about \"%s\"\n", r4);
| }
0x00012878 mov r0, 2 | r0 = 2;
0x0001287c b 0x126d8 | goto label_4;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubirsvol @ 0x12c58 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00012c58 () | void fcn_00012c58 (int32_t arg2, char * s) {
| int32_t var_74h;
| int32_t var_ch_2;
| int32_t var_ch;
| r1 = arg2;
| r0 = s;
0x00012c58 push {r4, r5, fp, lr} |
0x00012c5c add fp, sp, 0xc |
0x00012c60 sub sp, sp, 0x68 |
0x00012c64 ldr r4, [r0, 0x10] | r4 = *((r0 + 0x10));
0x00012c68 mov r5, r1 | r5 = r1;
0x00012c6c mov r0, r4 | r0 = r4;
0x00012c70 bl 0x10b3c | strlen (r0);
0x00012c74 mov r2, r5 | r2 = r5;
0x00012c78 mov r1, r4 | r1 = r4;
0x00012c7c add r0, r0, 0x39 | r0 += 0x39;
0x00012c80 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012c84 sub sp, sp, r0 |
0x00012c88 mov r0, sp | r0 = sp;
0x00012c8c bl 0x10b18 | sprintf (r0, r1, r2)
0x00012c90 sub r1, fp, 0x74 | r1 -= var_74h;
0x00012c94 mov r0, sp | r0 = sp;
0x00012c98 bl 0x109e0 | r0 = stat64 ();
0x00012c9c clz r0, r0 | r0 &= r0;
0x00012ca0 lsr r0, r0, 5 | r0 >>= 5;
0x00012ca4 sub sp, fp, 0xc |
0x00012ca8 pop {r4, r5, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubirsvol @ 0x12cac */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00012cac () | void fcn_00012cac (int32_t arg1, int32_t arg2) {
| int32_t var_128h;
| int32_t var_124h;
| int32_t var_0h;
| int32_t var_4h;
| char * s;
| int32_t var_20h_2;
| int32_t var_20h;
| r0 = arg1;
| r1 = arg2;
0x00012cac push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00012cb0 add sl, r2, 4 | sl = r2 + 4;
0x00012cb4 add fp, sp, 0x20 |
0x00012cb8 sub sp, sp, 0x114 |
0x00012cbc mov r6, r1 | r6 = r1;
0x00012cc0 mov r5, r0 | r5 = r0;
0x00012cc4 mov r4, r2 | r4 = r2;
0x00012cc8 mov r1, 0 | r1 = 0;
0x00012ccc mov r2, 0x54 | r2 = 0x54;
0x00012cd0 mov r0, sl | r0 = sl;
0x00012cd4 bl 0x10adc | memset (r0, r1, r2);
0x00012cd8 str r6, [r4] | *(r4) = r6;
0x00012cdc mov r1, r6 | r1 = r6;
0x00012ce0 mov r0, r5 | r0 = r5;
0x00012ce4 bl 0x12c58 | r0 = fcn_00012c58 (r0, r1);
0x00012ce8 cmp r0, 0 |
0x00012cec bne 0x12cf8 |
| while (r8 == r0) {
| label_0:
0x00012cf0 mvn r0, 0 | r0 = ~0;
0x00012cf4 b 0x12fbc | goto label_3;
0x00012cf8 ldr r0, [r5, 0xc] | r0 = *((r5 + 0xc));
0x00012cfc bl 0x10b00 | r0 = opendir ();
0x00012d00 subs r8, r0, 0 | r8 = r0 - 0;
0x00012d04 beq 0x12cf0 |
| }
0x00012d08 mvn r3, 0x80000000 | r3 = ~0x80000000;
0x00012d0c str r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
0x00012d10 bl 0x10b24 | r0 = errno_location ();
0x00012d14 mov sb, r0 | sb = r0;
| do {
| label_1:
0x00012d18 mov r3, 0 | r3 = 0;
0x00012d1c str r3, [sb] | *(sb) = r3;
0x00012d20 mov r0, r8 | r0 = r8;
0x00012d24 bl 0x10aa0 | r0 = readdir64 ();
0x00012d28 cmp r0, 0 |
| if (r0 == 0) {
0x00012d2c beq 0x12dc8 | goto label_4;
| }
0x00012d30 add r7, r0, 0x13 | r7 = r0 + 0x13;
0x00012d34 mov r0, r7 | r0 = r7;
0x00012d38 bl 0x10b3c | r0 = strlen (r0);
0x00012d3c cmp r0, 0xfe |
| if (r0 >= 0xfe) {
0x00012d40 bls 0x12d6c |
0x00012d44 ldr r0, [pc, 0x278] |
0x00012d48 str r7, [sp] | *(sp) = r7;
0x00012d4c ldr r2, [pc, 0x274] | r2 = stderr;
0x00012d50 ldr r3, [r5, 0xc] | r3 = *((r5 + 0xc));
0x00012d54 ldr r1, [pc, 0x270] | r1 = "libubi";
0x00012d58 ldr r0, [r0] | r0 = *(0x12fc0);
0x00012d5c bl 0x10a64 | fprintf (r0, "libubi", r2, r3);
| label_2:
0x00012d60 mov r0, r8 | r0 = r8;
0x00012d64 bl 0x10b54 | closedir ();
0x00012d68 b 0x12cf0 | goto label_0;
| }
0x00012d6c sub r3, fp, 0x124 | r3 -= var_124h;
0x00012d70 str r3, [sp] | *(sp) = r3;
0x00012d74 sub r2, fp, 0x128 | r2 -= var_128h;
0x00012d78 sub r3, fp, 0x12c | r3 -= s;
0x00012d7c ldr r1, [pc, 0x24c] | r1 = "%s: error!: invalid entry in %s: \"%s\"\n";
0x00012d80 mov r0, r7 | r0 = r7;
0x00012d84 bl 0x10aac | r0 = sscanf (r0, "%s: error!: invalid entry in %s: \"%s\"\n", r2);
0x00012d88 cmp r0, 2 |
0x00012d8c bne 0x12d18 |
| } while (r0 != 2);
0x00012d90 ldr r3, [fp, -0x128] | r3 = var_128h;
0x00012d94 cmp r3, r6 |
| if (r3 != r6) {
0x00012d98 bne 0x12d18 | goto label_1;
| }
0x00012d9c ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x00012da0 ldr r2, [r4, 0x10] | r2 = *((r4 + 0x10));
0x00012da4 add r3, r3, 1 | r3++;
0x00012da8 str r3, [r4, 8] | *((r4 + 8)) = r3;
0x00012dac ldr r3, [fp, -0x12c] | r3 = s;
0x00012db0 cmp r2, r3 |
0x00012db4 ldr r2, [r4, 0xc] | r2 = *((r4 + 0xc));
| if (r2 >= r3) {
0x00012db8 strlt r3, [r4, 0x10] | *((r4 + 0x10)) = r3;
| }
0x00012dbc cmp r3, r2 |
| if (r3 >= r2) {
0x00012dc0 strlt r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
| }
0x00012dc4 b 0x12d18 | goto label_1;
| label_4:
0x00012dc8 ldr r7, [sb] | r7 = *(sb);
0x00012dcc cmp r7, 0 |
| if (r7 != 0) {
0x00012dd0 beq 0x12e18 |
0x00012dd4 ldr r4, [pc, 0x1e8] |
0x00012dd8 ldr r3, [r5, 0xc] | r3 = *((r5 + 0xc));
0x00012ddc ldr r2, [pc, 0x1e4] | r2 = stderr;
0x00012de0 ldr r1, [pc, 0x1ec] | r1 = "ubi%d_%d%s";
0x00012de4 ldr r0, [r4] | r0 = *(0x12fc0);
0x00012de8 bl 0x10a64 | fprintf (r0, "ubi%d_%d%s", r2, r3, r4);
0x00012dec mov r0, r7 | r0 = r7;
0x00012df0 ldr r4, [r4] | r4 = *(0x12fc0);
0x00012df4 bl 0x109d4 | strerror (r0);
0x00012df8 str r7, [sp] | *(sp) = r7;
0x00012dfc ldr r3, [pc, 0x1d4] | r3 = "_s:_error_:_readdir_failed_on___s_";
0x00012e00 mov r2, 8 | r2 = 8;
0x00012e04 ldr r1, [pc, 0x1d0] | r1 = *(0x12fd8);
0x00012e08 str r0, [sp, 4] | var_4h = r0;
0x00012e0c mov r0, r4 | r0 = r4;
0x00012e10 bl 0x10a64 | fprintf (r0, r1, r2, "_s:_error_:_readdir_failed_on___s_");
0x00012e14 b 0x12d60 | goto label_2;
| }
0x00012e18 mov r0, r8 | r0 = r8;
0x00012e1c bl 0x10b54 | r0 = closedir ();
0x00012e20 cmp r0, 0 |
| if (r0 != 0) {
0x00012e24 beq 0x12e70 |
0x00012e28 ldr r6, [pc, 0x194] | r6 = *(0x12fc0);
0x00012e2c ldr r4, [sb] | r4 = *(sb);
0x00012e30 ldr r3, [r5, 0xc] | r3 = *((r5 + 0xc));
0x00012e34 ldr r2, [pc, 0x18c] | r2 = stderr;
0x00012e38 ldr r1, [pc, 0x1a0] | r1 = "%*serror %d (%s)\n";
0x00012e3c ldr r0, [r6] | r0 = *(0x12fc0);
0x00012e40 bl 0x10a64 | fprintf (r0, "%*serror %d (%s)\n", r2, r3, r4, r5, r6);
0x00012e44 mov r0, r4 | r0 = r4;
0x00012e48 ldr r5, [r6] | r5 = *(0x12fc0);
0x00012e4c bl 0x109d4 | strerror (r0);
0x00012e50 str r4, [sp] | *(sp) = r4;
0x00012e54 ldr r3, [pc, 0x17c] | r3 = "_s:_error_:_readdir_failed_on___s_";
0x00012e58 mov r2, 8 | r2 = 8;
0x00012e5c ldr r1, [pc, 0x178] | r1 = *(0x12fd8);
0x00012e60 str r0, [sp, 4] | var_4h = r0;
0x00012e64 mov r0, r5 | r0 = r5;
0x00012e68 bl 0x10a64 | fprintf (r0, r1, r2, "_s:_error_:_readdir_failed_on___s_", r4);
0x00012e6c b 0x12cf0 | goto label_0;
| }
0x00012e70 ldr r3, [r4, 0xc] | r3 = *((r4 + 0xc));
0x00012e74 add r2, r4, 0x14 | r2 = r4 + 0x14;
0x00012e78 cmn r3, 0x80000001 |
| if (r3 != 0x80000001) {
0x00012e7c streq r0, [r4, 0xc] | *((r4 + 0xc)) = r0;
| }
0x00012e80 add r3, r4, 0x18 | r3 = r4 + 0x18;
0x00012e84 mov r1, r6 | r1 = r6;
0x00012e88 add r0, r5, 0x18 | r0 = r5 + 0x18;
0x00012e8c bl 0x11c7c | r0 = fcn_00011c7c (r0, r1);
0x00012e90 cmp r0, 0 |
| if (r0 != 0) {
0x00012e94 bne 0x12cf0 | goto label_0;
| }
0x00012e98 mov r2, sl | r2 = sl;
0x00012e9c mov r1, r6 | r1 = r6;
0x00012ea0 ldr r0, [r5, 0x3c] | r0 = *((r5 + 0x3c));
0x00012ea4 bl 0x11790 | r0 = fcn_00011790 (r0, r1);
0x00012ea8 cmp r0, 0 |
| if (r0 != 0) {
0x00012eac bne 0x12cf0 | goto label_0;
| }
0x00012eb0 add r2, r4, 0x20 | r2 = r4 + 0x20;
0x00012eb4 mov r1, r6 | r1 = r6;
0x00012eb8 ldr r0, [r5, 0x1c] | r0 = *((r5 + 0x1c));
0x00012ebc bl 0x11790 | r0 = fcn_00011790 (r0, r1);
0x00012ec0 cmp r0, 0 |
| if (r0 != 0) {
0x00012ec4 bne 0x12cf0 | goto label_0;
| }
0x00012ec8 add r2, r4, 0x1c | r2 = r4 + 0x1c;
0x00012ecc mov r1, r6 | r1 = r6;
0x00012ed0 ldr r0, [r5, 0x20] | r0 = *((r5 + 0x20));
0x00012ed4 bl 0x11790 | r0 = fcn_00011790 (r0, r1);
0x00012ed8 cmp r0, 0 |
| if (r0 != 0) {
0x00012edc bne 0x12cf0 | goto label_0;
| }
0x00012ee0 add r2, r4, 0x38 | r2 = r4 + 0x38;
0x00012ee4 mov r1, r6 | r1 = r6;
0x00012ee8 ldr r0, [r5, 0x24] | r0 = *((r5 + 0x24));
0x00012eec bl 0x11790 | r0 = fcn_00011790 (r0, r1);
0x00012ef0 cmp r0, 0 |
| if (r0 != 0) {
0x00012ef4 bne 0x12cf0 | goto label_0;
| }
0x00012ef8 add r2, r4, 0x3c | r2 = r4 + 0x3c;
0x00012efc mov r1, r6 | r1 = r6;
0x00012f00 ldr r0, [r5, 0x28] | r0 = *((r5 + 0x28));
0x00012f04 bl 0x11790 | r0 = fcn_00011790 (r0, r1);
0x00012f08 cmp r0, 0 |
| if (r0 != 0) {
0x00012f0c bne 0x12cf0 | goto label_0;
| }
0x00012f10 add r2, r4, 0x48 | r2 = r4 + 0x48;
0x00012f14 mov r1, r6 | r1 = r6;
0x00012f18 ldr r0, [r5, 0x30] | r0 = *((r5 + 0x30));
0x00012f1c bl 0x11790 | r0 = fcn_00011790 (r0, r1);
0x00012f20 cmp r0, 0 |
| if (r0 != 0) {
0x00012f24 bne 0x12cf0 | goto label_0;
| }
0x00012f28 ldr r8, [r5, 0x2c] | r8 = *((r5 + 0x2c));
0x00012f2c mov sb, sp | sb = sp;
0x00012f30 mov r0, r8 | r0 = r8;
0x00012f34 bl 0x10b3c | strlen (r0);
0x00012f38 mov r2, r6 | r2 = r6;
0x00012f3c mov r1, r8 | r1 = r8;
0x00012f40 add r0, r0, 0x39 | r0 += 0x39;
0x00012f44 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012f48 sub sp, sp, r0 |
0x00012f4c add r7, sp, 8 | r7 += s;
0x00012f50 mov r0, r7 | r0 = r7;
0x00012f54 bl 0x10b18 | sprintf (r0, r1, r2)
0x00012f58 add r1, r4, 0x40 | r1 = r4 + 0x40;
0x00012f5c mov r0, r7 | r0 = r7;
0x00012f60 bl 0x1156c | fcn_0001156c (r0, r1);
0x00012f64 mov sp, sb |
0x00012f68 cmp r0, 0 |
| if (r0 != 0) {
0x00012f6c bne 0x12cf0 | goto label_0;
| }
0x00012f70 add r2, r4, 0x4c | r2 = r4 + 0x4c;
0x00012f74 mov r1, r6 | r1 = r6;
0x00012f78 ldr r0, [r5, 0x34] | r0 = *((r5 + 0x34));
0x00012f7c bl 0x11790 | r0 = fcn_00011790 (r0, r1);
0x00012f80 cmp r0, 0 |
| if (r0 != 0) {
0x00012f84 bne 0x12cf0 | goto label_0;
| }
0x00012f88 add r2, r4, 0x50 | r2 = r4 + 0x50;
0x00012f8c mov r1, r6 | r1 = r6;
0x00012f90 ldr r0, [r5, 0x38] | r0 = *((r5 + 0x38));
0x00012f94 bl 0x11790 | r0 = fcn_00011790 (r0, r1);
0x00012f98 cmp r0, 0 |
| if (r0 != 0) {
0x00012f9c bne 0x12cf0 | goto label_0;
| }
0x00012fa0 ldr r3, [r4, 0x3c] | r3 = *((r4 + 0x3c));
0x00012fa4 ldr r2, [r4, 0x20] | r2 = *((r4 + 0x20));
0x00012fa8 smull r6, r7, r2, r3 | r6:r7 = r2 * r3;
0x00012fac ldr r2, [r4, 0x1c] | r2 = *((r4 + 0x1c));
0x00012fb0 strd r6, r7, [r4, 0x30] | __asm ("strd r6, r7, [r4, 0x30]");
0x00012fb4 smull r6, r7, r2, r3 | r6:r7 = r2 * r3;
0x00012fb8 strd r6, r7, [r4, 0x28] | __asm ("strd r6, r7, [r4, 0x28]");
| label_3:
0x00012fbc sub sp, fp, 0x20 |
0x00012fc0 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubirsvol @ 0x131d4 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.000131d4 () | void fcn_000131d4 (int32_t arg1, int32_t arg2) {
| char * s1;
| int32_t var_0h;
| int32_t var_20h_2;
| int32_t var_20h;
| r0 = arg1;
| r1 = arg2;
0x000131d4 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x000131d8 add sb, r3, 8 | sb = r3 + 8;
0x000131dc add fp, sp, 0x20 |
0x000131e0 sub sp, sp, 0x3c |
0x000131e4 mov r5, r1 | r5 = r1;
0x000131e8 mov r6, r2 | r6 = r2;
0x000131ec mov r1, 0 | r1 = 0;
0x000131f0 mov r2, 0xb0 | r2 = 0xb0;
0x000131f4 mov r7, r0 | r7 = r0;
0x000131f8 mov r0, sb | r0 = sb;
0x000131fc mov r4, r3 | r4 = r3;
0x00013200 bl 0x10adc | memset (r0, r1, r2);
0x00013204 ldr sl, [r7, 0x48] | sl = *((r7 + 0x48));
0x00013208 stm r4, {r5, r6} | *(r4) = r5;
| *((r4 + 4)) = r6;
0x0001320c mov r0, sl | r0 = sl;
0x00013210 bl 0x10b3c | strlen (r0);
0x00013214 mov r8, sp | r8 = sp;
0x00013218 mov r3, r6 | r3 = r6;
0x0001321c mov r2, r5 | r2 = r5;
0x00013220 mov r1, sl | r1 = sl;
0x00013224 add r0, r0, 0x6b | r0 += 0x6b;
0x00013228 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x0001322c sub sp, sp, r0 |
0x00013230 mov r0, sp | r0 = sp;
0x00013234 bl 0x10b18 | sprintf (r0, r1, r2)
0x00013238 mov r0, sp | r0 = sp;
0x0001323c add r2, r4, 0xc | r2 = r4 + 0xc;
0x00013240 mov r1, sb | r1 = sb;
0x00013244 bl 0x11ba4 | fcn_00011ba4 (r0, r1);
0x00013248 mov sp, r8 |
0x0001324c cmp r0, 0 |
0x00013250 beq 0x13264 |
| while (r8 < r0) {
| label_0:
0x00013254 mvn r8, 0 | r8 = ~0;
| label_1:
0x00013258 mov r0, r8 | r0 = r8;
0x0001325c sub sp, fp, 0x20 |
0x00013260 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x00013264 ldr sb, [r7, 0x44] | sb = *((r7 + 0x44));
0x00013268 mov r0, sb | r0 = sb;
0x0001326c bl 0x10b3c | strlen (r0);
0x00013270 mov r3, r6 | r3 = r6;
0x00013274 mov r2, r5 | r2 = r5;
0x00013278 mov r1, sb | r1 = sb;
0x0001327c add r0, r0, 0x6b | r0 += 0x6b;
0x00013280 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00013284 sub sp, sp, r0 |
0x00013288 mov r0, sp | r0 = sp;
0x0001328c bl 0x10b18 | sprintf (r0, r1, r2)
0x00013290 mov r0, sp | r0 = sp;
0x00013294 mov r2, 0x32 | r2 = 0x32;
0x00013298 sub r1, fp, 0x58 | r1 -= s1;
0x0001329c bl 0x11828 | fcn_00011828 (r0, r1);
0x000132a0 mov sp, r8 |
0x000132a4 subs r8, r0, 0 | r8 = r0 - 0;
0x000132a8 blt 0x13254 |
| }
0x000132ac mov r2, r8 | r2 = r8;
0x000132b0 ldr r1, [pc, 0x174] | r1 = *(0x13428);
0x000132b4 sub r0, fp, 0x58 | r0 -= s1;
0x000132b8 bl 0x10a88 | r0 = strncmp (r0, r1, r2);
0x000132bc cmp r0, 0 |
| if (r0 != 0) {
0x000132c0 moveq r3, 4 | r3 = 4;
| }
| if (r0 != 0) {
0x000132c4 beq 0x132e4 |
0x000132c8 mov r2, r8 | r2 = r8;
0x000132cc ldr r1, [pc, 0x15c] | r1 = "static\n";
0x000132d0 sub r0, fp, 0x58 | r0 -= s1;
0x000132d4 bl 0x10a88 | r0 = strncmp (r0, "static\n", r2);
0x000132d8 cmp r0, 0 |
| if (r0 != 0) {
0x000132dc bne 0x13404 | goto label_2;
| }
0x000132e0 mov r3, 3 | r3 = 3;
| }
0x000132e4 str r3, [r4, 0x10] | *((r4 + 0x10)) = r3;
0x000132e8 mov r2, r6 | r2 = r6;
0x000132ec add r3, r4, 0x14 | r3 = r4 + 0x14;
0x000132f0 mov r1, r5 | r1 = r5;
0x000132f4 ldr r0, [r7, 0x4c] | r0 = *((r7 + 0x4c));
0x000132f8 bl 0x117d8 | r0 = fcn_000117d8 (r0, r1);
0x000132fc cmp r0, 0 |
| if (r0 != 0) {
0x00013300 bne 0x13254 | goto label_0;
| }
0x00013304 ldr r8, [r7, 0x50] | r8 = *((r7 + 0x50));
0x00013308 mov sb, sp | sb = sp;
0x0001330c mov r0, r8 | r0 = r8;
0x00013310 bl 0x10b3c | strlen (r0);
0x00013314 mov r3, r6 | r3 = r6;
0x00013318 mov r2, r5 | r2 = r5;
0x0001331c mov r1, r8 | r1 = r8;
0x00013320 add r0, r0, 0x6b | r0 += 0x6b;
0x00013324 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00013328 sub sp, sp, r0 |
0x0001332c mov r0, sp | r0 = sp;
0x00013330 bl 0x10b18 | sprintf (r0, r1, r2)
0x00013334 mov r0, sp | r0 = sp;
0x00013338 add r1, r4, 0x18 | r1 = r4 + 0x18;
0x0001333c bl 0x1156c | fcn_0001156c (r0, r1);
0x00013340 mov sp, sb |
0x00013344 cmp r0, 0 |
| if (r0 != 0) {
0x00013348 bne 0x13254 | goto label_0;
| }
0x0001334c add r3, r4, 0x28 | r3 = r4 + 0x28;
0x00013350 mov r2, r6 | r2 = r6;
0x00013354 mov r1, r5 | r1 = r5;
0x00013358 ldr r0, [r7, 0x54] | r0 = *((r7 + 0x54));
0x0001335c bl 0x117d8 | r0 = fcn_000117d8 (r0, r1);
0x00013360 cmp r0, 0 |
| if (r0 != 0) {
0x00013364 bne 0x13254 | goto label_0;
| }
0x00013368 add r3, r4, 0x2c | r3 = r4 + 0x2c;
0x0001336c mov r2, r6 | r2 = r6;
0x00013370 mov r1, r5 | r1 = r5;
0x00013374 ldr r0, [r7, 0x58] | r0 = *((r7 + 0x58));
0x00013378 bl 0x117d8 | r0 = fcn_000117d8 (r0, r1);
0x0001337c cmp r0, 0 |
| if (r0 != 0) {
0x00013380 bne 0x13254 | goto label_0;
| }
0x00013384 add r3, r4, 0x30 | r3 = r4 + 0x30;
0x00013388 mov r2, r6 | r2 = r6;
0x0001338c mov r1, r5 | r1 = r5;
0x00013390 ldr r0, [r7, 0x5c] | r0 = *((r7 + 0x5c));
0x00013394 bl 0x117d8 | r0 = fcn_000117d8 (r0, r1);
0x00013398 subs r8, r0, 0 | r8 = r0 - 0;
| if (r8 != r0) {
0x0001339c bne 0x13254 | goto label_0;
| }
0x000133a0 ldr r1, [r4, 0x28] | r1 = *((r4 + 0x28));
0x000133a4 ldr r0, [r4, 0x2c] | r0 = *((r4 + 0x2c));
0x000133a8 ldr r7, [r7, 0x60] | r7 = *((r7 + 0x60));
0x000133ac smull r2, r3, r0, r1 | r2:r3 = r0 * r1;
0x000133b0 mov r0, r7 | r0 = r7;
0x000133b4 strd r2, r3, [r4, 0x20] | __asm ("strd r2, r3, [r4, 0x20]");
0x000133b8 bl 0x10b3c | strlen (r0);
0x000133bc mov r3, r6 | r3 = r6;
0x000133c0 mov r2, r5 | r2 = r5;
0x000133c4 mov r1, r7 | r1 = r7;
0x000133c8 add r0, r0, 0x6b | r0 += 0x6b;
0x000133cc bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x000133d0 sub sp, sp, r0 |
0x000133d4 mov r0, sp | r0 = sp;
0x000133d8 bl 0x10b18 | sprintf (r0, r1, r2)
0x000133dc mov r0, sp | r0 = sp;
0x000133e0 mov r2, 0x81 | r2 = 0x81;
0x000133e4 add r1, r4, 0x34 | r1 = r4 + 0x34;
0x000133e8 bl 0x11828 | fcn_00011828 (r0, r1);
0x000133ec mov sp, sb |
0x000133f0 cmp r0, 0 |
| if (r0 < 0) {
0x000133f4 blt 0x13254 | goto label_0;
| }
0x000133f8 add r4, r4, r0 | r4 += r0;
0x000133fc strb r8, [r4, 0x33] | *((r4 + 0x33)) = r8;
0x00013400 b 0x13258 | goto label_1;
| label_2:
0x00013404 ldr r0, [pc, 0x28] |
0x00013408 sub r3, fp, 0x58 | r3 -= s1;
0x0001340c ldr r2, [pc, 0x24] | r2 = stderr;
0x00013410 ldr r1, [pc, 0x24] | r1 = "libubi";
0x00013414 ldr r0, [r0] | r0 = "dynamic\n";
0x00013418 bl 0x10a64 | r0 = fprintf ("dynamic\n", "libubi", r2, r3);
0x0001341c bl 0x10b24 | errno_location ();
0x00013420 mov r3, 0x16 | r3 = 0x16;
0x00013424 str r3, [r0] | *(r0) = r3;
0x00013428 b 0x13254 | goto label_0;
| }
[*] Function sprintf used 10 times ubirsvol
