[*] Binary protection state of ubinize
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of ubinize
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubinize @ 0x135b4 */
| #include <stdint.h>
|
; (fcn) fcn.000135b4 () | void fcn_000135b4 (FILE * stream, int32_t arg1) {
| char * src;
| char * var_400h;
| char * var_4h;
| char * var_800h;
| char * var_8h;
| int32_t var_810h;
| int32_t var_8h_2;
| char * var_c00h;
| char * var_ch;
| char * var_1000h;
| char * s1;
| char * s;
| char * dest;
| int32_t var_1800h;
| int32_t var_18h;
| int32_t var_1ch;
| r0 = arg1;
0x000135b4 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x000135b8 ldr r1, [pc, 0x480] | r1 = *(0x13a3c);
0x000135bc sub sp, sp, 0x1800 |
0x000135c0 sub sp, sp, 0x1c |
0x000135c4 mov r8, r0 | r8 = r0;
0x000135c8 bl 0x10c80 | r0 = fopen64 ();
0x000135cc subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 != r0) {
0x000135d0 bne 0x135fc | goto label_8;
| }
0x000135d4 ldr r3, [pc, 0x468] | r3 = *(0x13a40);
0x000135d8 mov r2, r8 | r2 = r8;
0x000135dc ldr r1, [pc, 0x464] | r1 = stderr;
0x000135e0 ldr r0, [r3] | r0 = *(0x13a40);
0x000135e4 bl 0x10b48 | fprintf (r0, r1, r2, r3);
| label_2:
0x000135e8 mov r5, 0 | r5 = 0;
| do {
0x000135ec mov r0, r5 | r0 = r5;
0x000135f0 add sp, sp, 0x1800 |
0x000135f4 add sp, sp, 0x1c |
0x000135f8 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_8:
0x000135fc mov r0, 0 | r0 = 0;
0x00013600 bl 0x13b3c | r0 = fcn_00013b3c (r0);
0x00013604 subs r5, r0, 0 | r5 = r0 - 0;
| if (r5 != r0) {
0x00013608 bne 0x13618 | goto label_9;
| }
| label_0:
0x0001360c mov r0, r6 | r0 = r6;
0x00013610 bl 0x10bcc | fclose (r0);
0x00013614 b 0x135ec |
| } while (1);
| label_9:
0x00013618 mov r2, 0x400 | r2 = 0x400;
0x0001361c mov r1, 0 | r1 = 0;
0x00013620 mov r0, sp | r0 = sp;
0x00013624 bl 0x10bb4 | memset (r0, r1, r2);
0x00013628 add r0, sp, 0x400 | r0 += var_400h;
0x0001362c mov r2, 0x400 | r2 = 0x400;
0x00013630 mov r1, 0 | r1 = 0;
0x00013634 add r0, r0, 4 | r0 += var_4h;
0x00013638 bl 0x10bb4 | memset (r0, r1, r2);
0x0001363c add r0, sp, 0x800 | r0 += var_800h;
0x00013640 mov r2, 0x400 | r2 = 0x400;
0x00013644 mov r1, 0 | r1 = 0;
0x00013648 add r0, r0, 8 | r0 += var_8h;
0x0001364c bl 0x10bb4 | memset (r0, r1, r2);
0x00013650 ldr sl, [pc, 0x3f4] | sl = obj.__ctype_b;
0x00013654 add r0, sp, 0x1000 | r0 += var_1000h;
0x00013658 mov r4, 0 | r4 = 0;
0x0001365c mov r2, 0x400 | r2 = 0x400;
0x00013660 mov r1, 0 | r1 = 0;
0x00013664 add r0, r0, 0x10 | r0 += s1;
0x00013668 bl 0x10bb4 | memset (r0, r1, r2);
0x0001366c mov r7, r4 | r7 = r4;
0x00013670 mov r0, r4 | r0 = r4;
0x00013674 mov sb, r4 | sb = r4;
| label_1:
0x00013678 rsb r1, r0, 0x400 | r1 = 0x400 - r0;
0x0001367c mov r2, r6 | r2 = r6;
0x00013680 add r0, sp, r0 | r0 = sp + r0;
0x00013684 bl 0x10ad0 | r0 = fgets (r0, r1, r2);
0x00013688 cmp r0, 0 |
| if (r0 != 0) {
0x0001368c bne 0x1369c | goto label_10;
| }
0x00013690 cmp r4, 0 |
| if (r4 == 0) {
0x00013694 beq 0x1360c | goto label_0;
| }
0x00013698 b 0x13a28 | goto label_11;
| label_10:
0x0001369c mov r0, sp | r0 = sp;
0x000136a0 bl 0x10c20 | strlen (r0);
0x000136a4 add r3, sp, 0x810 | r3 += var_810h;
0x000136a8 add r3, r3, 8 | r3 += var_8h_2;
0x000136ac add r7, r7, 1 | r7++;
0x000136b0 sub r0, r0, 1 | r0--;
0x000136b4 add r3, r3, r0 | r3 += r0;
0x000136b8 ldrb r3, [r3, -0x818] | r3 = *((r3 - 0x818));
0x000136bc cmp r3, 0xa |
| if (r3 != 0xa) {
0x000136c0 bne 0x137d0 | goto label_12;
| }
0x000136c4 ldr r2, [sl] | r2 = *(sl);
| label_3:
0x000136c8 cmn r0, 1 |
| if (r0 != 1) {
0x000136cc beq 0x136ec |
0x000136d0 ldrb r3, [sp, r0] | r3 = *((sp + r0));
0x000136d4 cmp r3, 0xa |
| if (r3 == 0xa) {
0x000136d8 beq 0x137fc | goto label_13;
| }
0x000136dc lsl r3, r3, 1 | r3 <<= 1;
0x000136e0 ldrh r3, [r2, r3] | r3 = *((r2 + r3));
0x000136e4 tst r3, 0x20 |
| if ((r3 & 0x20) != 0) {
0x000136e8 bne 0x137fc | goto label_13;
| }
| }
0x000136ec add r3, sp, 0x810 | r3 += var_810h;
0x000136f0 add r3, r3, 8 | r3 += var_8h_2;
0x000136f4 add r3, r3, r0 | r3 += r0;
0x000136f8 ldrb r3, [r3, -0x818] | r3 = *((r3 - 0x818));
0x000136fc cmp r3, 0x5c |
| if (r3 == 0x5c) {
0x00013700 beq 0x13678 | goto label_1;
| }
0x00013704 mov r0, sp | r0 = sp;
0x00013708 bl 0x13160 | r0 = fcn_00013160 (r0);
0x0001370c mov r1, r0 | r1 = r0;
0x00013710 add r0, sp, 0x1400 | r0 += s;
0x00013714 add r0, r0, 0x14 | r0 += dest;
0x00013718 bl 0x10a88 | strcpy (r0, r1)
0x0001371c add r0, sp, 0x1400 | r0 += s;
0x00013720 add r0, r0, 0x14 | r0 += dest;
0x00013724 bl 0x10c20 | r0 = strlen (r0);
0x00013728 cmp r0, 0 |
| if (r0 == 0) {
0x0001372c beq 0x13a00 | goto label_14;
| }
0x00013730 add r3, sp, 0x1400 | r3 += s;
0x00013734 add r3, r3, 0x14 | r3 += dest;
0x00013738 ldrb r3, [r3] | r3 = *(r3);
0x0001373c cmp r3, 0x23 |
| if (r3 == 0x23) {
0x00013740 beq 0x13a00 | goto label_14;
| }
0x00013744 cmp r3, 0x5b |
| if (r3 == 0x5b) {
0x00013748 bne 0x13808 |
0x0001374c add r3, sp, 0x1800 | r3 += var_1800h;
0x00013750 add r3, r3, 0x18 | r3 += var_18h;
0x00013754 add r0, r3, r0 | r0 = r3 + r0;
0x00013758 ldrb r3, [r0, -0x405] | r3 = *((r0 - 0x405));
0x0001375c cmp r3, 0x5d |
| if (r3 != 0x5d) {
0x00013760 bne 0x13808 | goto label_15;
| }
0x00013764 add r2, sp, 0x400 | r2 += var_400h;
0x00013768 add r0, sp, 0x1400 | r0 += s;
0x0001376c add r2, r2, 4 | r2 += var_4h;
0x00013770 ldr r1, [pc, 0x2d8] | r1 = __ctype_b;
0x00013774 add r0, r0, 0x14 | r0 += dest;
0x00013778 bl 0x10b84 | sscanf (r0, r1, r2);
0x0001377c add r0, sp, 0x400 | r0 += var_400h;
0x00013780 add r0, r0, 4 | r0 += var_4h;
0x00013784 bl 0x13160 | r0 = fcn_00013160 (r0);
0x00013788 mov r1, r0 | r1 = r0;
0x0001378c add r0, sp, 0x400 | r0 += var_400h;
0x00013790 add r0, r0, 4 | r0 += var_4h;
0x00013794 bl 0x10a88 | strcpy (r0, r1)
0x00013798 add r0, sp, 0x400 | r0 += var_400h;
0x0001379c add r0, r0, 4 | r0 += var_4h;
0x000137a0 bl 0x130fc | r0 = fcn_000130fc (r0);
0x000137a4 mov r1, r0 | r1 = r0;
0x000137a8 add r0, sp, 0x400 | r0 += var_400h;
0x000137ac add r0, r0, 4 | r0 += var_4h;
0x000137b0 bl 0x10a88 | strcpy (r0, r1)
0x000137b4 add r1, sp, 0x400 | r1 += var_400h;
0x000137b8 mov r2, 0 | r2 = 0;
0x000137bc add r1, r1, 4 | r1 += var_4h;
| label_6:
0x000137c0 mov r0, r5 | r0 = r5;
0x000137c4 bl 0x13c88 | r0 = fcn_00013c88 (r0, r1);
0x000137c8 mov r4, r0 | r4 = r0;
0x000137cc b 0x13a00 | goto label_14;
| label_12:
0x000137d0 ldr r0, [pc, 0x26c] |
0x000137d4 mov r3, r7 | r3 = r7;
0x000137d8 mov r2, r8 | r2 = r8;
0x000137dc ldr r1, [pc, 0x270] | r1 = "[%[^]]";
0x000137e0 ldr r0, [r0] | r0 = *(0x13a40);
0x000137e4 bl 0x10b48 | fprintf (r0, "[%[^]]", r2, r3);
0x000137e8 mov r0, r5 | r0 = r5;
0x000137ec bl 0x13b9c | fcn_00013b9c (r0);
0x000137f0 mov r0, r6 | r0 = r6;
0x000137f4 bl 0x10bcc | fclose (r0);
0x000137f8 b 0x135e8 | goto label_2;
| label_13:
0x000137fc strb sb, [sp, r0] | *((sp + r0)) = sb;
0x00013800 sub r0, r0, 1 | r0--;
0x00013804 b 0x136c8 | goto label_3;
| }
| label_15:
0x00013808 add r3, sp, 0x1000 | r3 += var_1000h;
0x0001380c add r2, sp, 0x800 | r2 += var_800h;
0x00013810 add r0, sp, 0x1400 | r0 += s;
0x00013814 add r3, r3, 0x10 | r3 += s1;
0x00013818 add r2, r2, 8 | r2 += var_8h;
0x0001381c ldr r1, [pc, 0x234] | r1 = "iniparser:_input_line_too_long_in__s___d_";
0x00013820 add r0, r0, 0x14 | r0 += dest;
0x00013824 bl 0x10b84 | r0 = sscanf (r0, "iniparser:_input_line_too_long_in__s___d_", r2);
0x00013828 cmp r0, 2 |
0x0001382c bne 0x138ac |
| while (r0 == 2) {
| label_4:
0x00013830 add r0, sp, 0x800 | r0 += var_800h;
0x00013834 add r0, r0, 8 | r0 += var_8h;
0x00013838 bl 0x13160 | r0 = fcn_00013160 (r0);
0x0001383c mov r1, r0 | r1 = r0;
0x00013840 add r0, sp, 0x800 | r0 += var_800h;
0x00013844 add r0, r0, 8 | r0 += var_8h;
0x00013848 bl 0x10a88 | strcpy (r0, r1)
0x0001384c add r0, sp, 0x800 | r0 += var_800h;
0x00013850 add r0, r0, 8 | r0 += var_8h;
0x00013854 bl 0x130fc | r0 = fcn_000130fc (r0);
0x00013858 mov r1, r0 | r1 = r0;
0x0001385c add r0, sp, 0x800 | r0 += var_800h;
0x00013860 add r0, r0, 8 | r0 += var_8h;
0x00013864 bl 0x10a88 | strcpy (r0, r1)
0x00013868 add r0, sp, 0x1000 | r0 += var_1000h;
0x0001386c add r0, r0, 0x10 | r0 += s1;
0x00013870 bl 0x13160 | r0 = fcn_00013160 (r0);
0x00013874 mov r1, r0 | r1 = r0;
0x00013878 add r0, sp, 0x1000 | r0 += var_1000h;
0x0001387c add r0, r0, 0x10 | r0 += s1;
0x00013880 bl 0x10a88 | strcpy (r0, r1)
0x00013884 add r0, sp, 0x1000 | r0 += var_1000h;
0x00013888 ldr r1, [pc, 0x1cc] | r1 = "___________";
0x0001388c add r0, r0, 0x10 | r0 += s1;
0x00013890 bl 0x10be4 | r0 = strcmp (r0, "___________");
0x00013894 cmp r0, 0 |
| if (r0 != 0) {
0x00013898 bne 0x13960 | goto label_16;
| }
| label_5:
0x0001389c add r3, sp, 0x1000 | r3 += var_1000h;
0x000138a0 add r3, r3, 0x10 | r3 += s1;
0x000138a4 strb sb, [r3] | *(r3) = sb;
0x000138a8 b 0x13978 | goto label_17;
0x000138ac add r3, sp, 0x1000 | r3 += var_1000h;
0x000138b0 add r2, sp, 0x800 | r2 += var_800h;
0x000138b4 add r0, sp, 0x1400 | r0 += s;
0x000138b8 add r3, r3, 0x10 | r3 += s1;
0x000138bc add r2, r2, 8 | r2 += var_8h;
0x000138c0 ldr r1, [pc, 0x198] | r1 = "__";
0x000138c4 add r0, r0, 0x14 | r0 += dest;
0x000138c8 bl 0x10b84 | r0 = sscanf (r0, "__", r2);
0x000138cc cmp r0, 2 |
0x000138d0 beq 0x13830 |
| }
0x000138d4 add r3, sp, 0x1000 | r3 += var_1000h;
0x000138d8 add r2, sp, 0x800 | r2 += var_800h;
0x000138dc add r0, sp, 0x1400 | r0 += s;
0x000138e0 add r3, r3, 0x10 | r3 += s1;
0x000138e4 add r2, r2, 8 | r2 += var_8h;
0x000138e8 ldr r1, [pc, 0x174] | r1 = "%[^=] = '%[^']';
0x000138ec add r0, r0, 0x14 | r0 += dest;
0x000138f0 bl 0x10b84 | r0 = sscanf (r0, "%[^=] = '%[^']', r2);
0x000138f4 cmp r0, 2 |
| if (r0 == 2) {
0x000138f8 beq 0x13830 | goto label_4;
| }
0x000138fc add r3, sp, 0x1000 | r3 += var_1000h;
0x00013900 add r2, sp, 0x800 | r2 += var_800h;
0x00013904 add r0, sp, 0x1400 | r0 += s;
0x00013908 add r3, r3, 0x10 | r3 += s1;
0x0001390c add r2, r2, 8 | r2 += var_8h;
0x00013910 ldr r1, [pc, 0x150] | r1 = "%[^=] = %[^;#]";
0x00013914 add r0, r0, 0x14 | r0 += dest;
0x00013918 bl 0x10b84 | r0 = sscanf (r0, "%[^=] = %[^;#]", r2);
0x0001391c cmp r0, 2 |
| if (r0 != 2) {
0x00013920 bne 0x139ac | goto label_18;
| }
| label_7:
0x00013924 add r0, sp, 0x800 | r0 += var_800h;
0x00013928 add r0, r0, 8 | r0 += var_8h;
0x0001392c bl 0x13160 | r0 = fcn_00013160 (r0);
0x00013930 mov r1, r0 | r1 = r0;
0x00013934 add r0, sp, 0x800 | r0 += var_800h;
0x00013938 add r0, r0, 8 | r0 += var_8h;
0x0001393c bl 0x10a88 | strcpy (r0, r1)
0x00013940 add r0, sp, 0x800 | r0 += var_800h;
0x00013944 add r0, r0, 8 | r0 += var_8h;
0x00013948 bl 0x130fc | r0 = fcn_000130fc (r0);
0x0001394c mov r1, r0 | r1 = r0;
0x00013950 add r0, sp, 0x800 | r0 += var_800h;
0x00013954 add r0, r0, 8 | r0 += var_8h;
0x00013958 bl 0x10a88 | strcpy (r0, r1)
0x0001395c b 0x1389c | goto label_5;
| label_16:
0x00013960 add r0, sp, 0x1000 | r0 += var_1000h;
0x00013964 ldr r1, [pc, 0x100] | r1 = "%[^=] = %[;#]";
0x00013968 add r0, r0, 0x10 | r0 += s1;
0x0001396c bl 0x10be4 | r0 = strcmp (r0, "%[^=] = %[;#]");
0x00013970 cmp r0, 0 |
| if (r0 == 0) {
0x00013974 beq 0x1389c | goto label_5;
| }
| label_17:
0x00013978 add r3, sp, 0x800 | r3 += var_800h;
0x0001397c add r2, sp, 0x400 | r2 += var_400h;
0x00013980 add r0, sp, 0xc00 | r0 += var_c00h;
0x00013984 add r2, r2, 4 | r2 += var_4h;
0x00013988 ldr r1, [pc, 0xe0] | r1 = "_";
0x0001398c add r3, r3, 8 | r3 += var_8h;
0x00013990 add r0, r0, 0xc | r0 += var_ch;
0x00013994 bl 0x10bf0 | sprintf (r0, "_", r2);
0x00013998 add r2, sp, 0x1000 | r2 += var_1000h;
0x0001399c add r1, sp, 0xc00 | r1 += var_c00h;
0x000139a0 add r2, r2, 0x10 | r2 += s1;
0x000139a4 add r1, r1, 0xc | r1 += var_ch;
0x000139a8 b 0x137c0 | goto label_6;
| label_18:
0x000139ac add r3, sp, 0x1000 | r3 += var_1000h;
0x000139b0 add r2, sp, 0x800 | r2 += var_800h;
0x000139b4 add r0, sp, 0x1400 | r0 += s;
0x000139b8 add r3, r3, 0x10 | r3 += s1;
0x000139bc add r2, r2, 8 | r2 += var_8h;
0x000139c0 ldr r1, [pc, 0xac] | r1 = "_s:_s";
0x000139c4 add r0, r0, 0x14 | r0 += dest;
0x000139c8 bl 0x10b84 | r0 = sscanf (r0, "_s:_s", r2);
0x000139cc cmp r0, 2 |
| if (r0 == 2) {
0x000139d0 beq 0x13924 | goto label_7;
| }
0x000139d4 ldr fp, [pc, 0x68] | fp = obj.stderr;
0x000139d8 mov r3, r7 | r3 = r7;
0x000139dc mov r2, r8 | r2 = r8;
0x000139e0 ldr r1, [pc, 0x90] | r1 = "%[^=] %[=]";
0x000139e4 ldr r0, [fp] | r0 = *(fp);
0x000139e8 bl 0x10b48 | fprintf (r0, "%[^=] %[=]", r2, r3);
0x000139ec mov r2, sp | r2 = sp;
0x000139f0 ldr r1, [pc, 0x84] | r1 = "iniparser:_syntax_error_in__s___d_:";
0x000139f4 ldr r0, [fp] | r0 = *(fp);
0x000139f8 bl 0x10b48 | fprintf (r0, "iniparser:_syntax_error_in__s___d_:", r2);
0x000139fc add r4, r4, 1 | r4++;
| label_14:
0x00013a00 mov r2, 0x400 | r2 = 0x400;
0x00013a04 mov r1, 0 | r1 = 0;
0x00013a08 mov r0, sp | r0 = sp;
0x00013a0c bl 0x10bb4 | memset (r0, r1, r2);
0x00013a10 cmp r4, 0 |
| if (r4 < 0) {
0x00013a14 bge 0x13a38 |
0x00013a18 ldr r3, [pc, 0x24] | r3 = *(0x13a40);
0x00013a1c ldr r0, [pc, 0x5c] | r0 = "-> %s\n";
0x00013a20 ldr r1, [r3] | r1 = *(0x13a40);
0x00013a24 bl 0x10c44 | fputs ("-> %s\n", r1);
| label_11:
0x00013a28 mov r0, r5 | r0 = r5;
0x00013a2c bl 0x13b9c | fcn_00013b9c (r0);
0x00013a30 mov r5, 0 | r5 = 0;
0x00013a34 b 0x1360c | goto label_0;
| }
0x00013a38 mov r0, 0 | r0 = 0;
0x00013a3c b 0x13678 | goto label_1;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubinize @ 0x13ac4 */
| #include <stdint.h>
|
; (fcn) fcn.00013ac4 () | void fcn_00013ac4 (int32_t arg1) {
| r0 = arg1;
0x00013ac4 push {r4, r5, r6, lr} |
0x00013ac8 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 != r0) {
0x00013acc beq 0x13af0 |
0x00013ad0 bl 0x10c20 | strlen (r0);
0x00013ad4 mov r5, r4 | r5 = r4;
0x00013ad8 add r0, r0, 1 | r0++;
0x00013adc bl 0x10af4 | r0 = malloc (r0);
0x00013ae0 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 == r0) {
0x00013ae4 beq 0x13af0 | goto label_0;
| }
0x00013ae8 mov r1, r5 | r1 = r5;
0x00013aec bl 0x10a88 | strcpy (r0, r1)
| }
| label_0:
0x00013af0 mov r0, r4 | r0 = r4;
0x00013af4 pop {r4, r5, r6, pc} |
| }
[*] Function strcpy used 10 times ubinize
