[*] Binary protection state of libtyco_services.so.1.0.0
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH Symbols
[*] Function printf tear down of libtyco_services.so.1.0.0
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libtyco_services.so.1.0.0 @ 0xb88 */
| #include <stdint.h>
|
; (fcn) dbg.read_mtd_part () | void dbg_read_mtd_part (int32_t arg1, int32_t arg2) {
| loff_t loff;
| mtd_info_t mtd_info;
| int32_t var_0h;
| int32_t var_8h;
| char * format;
| int32_t var_10h;
| int32_t var_18h;
| int32_t var_20h;
| int32_t var_24h;
| r0 = arg1;
| r1 = arg2;
| /* int read_mtd_part(char * part_name,uint8_t * buf,uint32_t size); */
0x00000b88 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00000b8c mov fp, r1 |
0x00000b90 sub sp, sp, 0x3c |
0x00000b94 mov r1, 2 | r1 = 2;
0x00000b98 mov r5, r0 | r5 = r0;
0x00000b9c mov r4, r2 | r4 = r2;
0x00000ba0 bl 0x77c | r0 = open64 ();
0x00000ba4 cmn r0, 1 |
| if (r0 == 1) {
0x00000ba8 bne 0xbd4 |
0x00000bac bl 0x6f8 | errno_location ();
0x00000bb0 mov r2, r5 | r2 = r5;
0x00000bb4 mov r5, 0 | r5 = 0;
0x00000bb8 ldr r1, [r0] | r1 = *(r0);
0x00000bbc ldr r0, [pc, 0xf8] | r0 = *(0xcb8);
0x00000bc0 add r0, pc, r0 | r0 = pc + r0;
0x00000bc4 bl 0x794 | printf (r0, r1, r2, r3, r4, r5)
| label_1:
0x00000bc8 mov r0, r5 | r0 = r5;
0x00000bcc add sp, sp, 0x3c |
0x00000bd0 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x00000bd4 add r2, sp, 0x18 | r2 += var_18h;
0x00000bd8 ldr r1, [pc, 0xe0] | r1 = *(0xcbc);
0x00000bdc mov r6, r0 | r6 = r0;
0x00000be0 bl 0x728 | r0 = ioctl (r0, r1);
0x00000be4 subs r7, r0, 0 | r7 = r0 - 0;
| if (r7 != r0) {
0x00000be8 bne 0xcb4 | goto label_2;
| }
0x00000bec add r3, sp, 0x10 | r3 += var_10h;
0x00000bf0 str r3, [sp, 8] | var_8h = r3;
0x00000bf4 ldr r3, [pc, 0xc8] | r3 = *(0xcc0);
0x00000bf8 ldr sl, [sp, 0x24] | sl = var_24h;
0x00000bfc add r3, pc, r3 | r3 = pc + r3;
0x00000c00 str r3, [sp, 0xc] | format = r3;
| do {
0x00000c04 ldr r3, [sp, 0x20] | r3 = loff;
0x00000c08 cmp r3, r7 |
| if (r3 <= r7) {
0x00000c0c ble 0xcb4 | goto label_2;
| }
0x00000c10 mov r8, r7 | r8 = r7;
0x00000c14 asr sb, r7, 0x1f | sb = r7 >> 0x1f;
0x00000c18 ldr r2, [sp, 8] | r2 = var_8h;
0x00000c1c ldr r1, [pc, 0xa4] | r1 = *(0xcc4);
0x00000c20 mov r0, r6 | r0 = r6;
0x00000c24 strd r8, sb, [sp, 0x10] | __asm ("strd r8, sb, [var_10h]");
0x00000c28 bl 0x728 | r0 = ioctl (r0, r1);
0x00000c2c subs r5, r0, 0 | r5 = r0 - 0;
| if (r5 == r0) {
0x00000c30 beq 0xc48 | goto label_3;
| }
0x00000c34 mov r1, r7 | r1 = r7;
0x00000c38 ldr r0, [sp, 0xc] | r0 = format;
0x00000c3c bl 0x794 | printf (r0, r1)
| label_0:
0x00000c40 add r7, r7, sl | r7 += sl;
0x00000c44 b 0xc04 |
| } while (1);
| label_3:
0x00000c48 mov r2, r7 | r2 = r7;
0x00000c4c mov r3, sb | r3 = sb;
0x00000c50 str r5, [sp] | *(sp) = r5;
0x00000c54 mov r0, r6 | r0 = r6;
0x00000c58 bl 0x740 | lseek64 ();
0x00000c5c cmp r4, sl |
| if (r4 >= sl) {
0x00000c60 movlt r8, r4 | r8 = r4;
| }
| if (r4 < sl) {
0x00000c64 movge r8, sl | r8 = sl;
| }
0x00000c68 mov r2, r8 | r2 = r8;
0x00000c6c mov r1, fp | r1 = fp;
0x00000c70 mov r0, r6 | r0 = r6;
0x00000c74 bl 0x734 | r0 = read (r0, r1, r2);
0x00000c78 cmp r8, r0 |
| if (r8 != r0) {
0x00000c7c bne 0xc94 | goto label_4;
| }
0x00000c80 subs r4, r4, r8 | r4 -= r8;
0x00000c84 add fp, fp, r8 |
| if (r4 != r4) {
0x00000c88 bne 0xc40 | goto label_0;
| }
0x00000c8c mov r5, 1 | r5 = 1;
0x00000c90 b 0xca8 | goto label_5;
| label_4:
0x00000c94 bl 0x6f8 | r0 = errno_location ();
0x00000c98 ldr r1, [r0] | r1 = *(r0);
0x00000c9c ldr r0, [pc, 0x28] | r0 = *(0xcc8);
0x00000ca0 add r0, pc, r0 | r0 = pc + r0;
0x00000ca4 bl 0x794 | printf (r0, r1)
| do {
| label_5:
0x00000ca8 mov r0, r6 | r0 = r6;
0x00000cac bl 0x758 | close (r0);
0x00000cb0 b 0xbc8 | goto label_1;
| label_2:
0x00000cb4 mov r5, 0 | r5 = 0;
0x00000cb8 b 0xca8 |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libtyco_services.so.1.0.0 @ 0x948 */
| #include <stdint.h>
|
; (fcn) dbg.write_mtd_part () | void dbg_write_mtd_part (int32_t arg1, int32_t arg2) {
| loff_t loff;
| erase_info_t ei;
| mtd_info_t mtd_info;
| int32_t var_0h;
| int32_t var_ch;
| int32_t var_10h;
| int32_t var_14h;
| int32_t var_18h;
| int32_t var_1ch;
| int32_t var_20h;
| int32_t var_28h;
| int32_t var_2ch;
| int32_t var_44h;
| r0 = arg1;
| r1 = arg2;
| /* int write_mtd_part(char * part_name,uint8_t * buf,uint32_t size); */
0x00000948 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x0000094c mov sl, r1 | sl = r1;
0x00000950 sub sp, sp, 0x44 |
0x00000954 mov r1, 2 | r1 = 2;
0x00000958 mov r5, r0 | r5 = r0;
0x0000095c mov r4, r2 | r4 = r2;
0x00000960 bl 0x77c | r0 = open64 ();
0x00000964 cmn r0, 1 |
| if (r0 == 1) {
0x00000968 bne 0x994 |
0x0000096c bl 0x6f8 | errno_location ();
0x00000970 mov r2, r5 | r2 = r5;
0x00000974 mov r5, 0 | r5 = 0;
0x00000978 ldr r1, [r0] | r1 = *(r0);
0x0000097c ldr r0, [pc, 0x1b4] | r0 = *(0xb34);
0x00000980 add r0, pc, r0 | r0 = pc + r0;
0x00000984 bl 0x794 | printf (r0, r1, r2, r3, r4, r5)
| label_0:
0x00000988 mov r0, r5 | r0 = r5;
0x0000098c add sp, sp, 0x44 |
0x00000990 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x00000994 add r2, sp, 0x20 | r2 += loff;
0x00000998 ldr r1, [pc, 0x19c] | r1 = *(0xb38);
0x0000099c ldr sb, [pc, 0x19c] | sb = *(0xb3c);
0x000009a0 mov r6, r0 | r6 = r0;
0x000009a4 ldr r8, [pc, 0x198] | r8 = *(0xb40);
0x000009a8 bl 0x728 | ioctl (r0, r1);
0x000009ac ldr fp, [pc, 0x194] | fp = *(0x00000b48);
0x000009b0 ldr r7, [sp, 0x2c] | r7 = var_2ch;
0x000009b4 mov r3, 0 | r3 = 0;
0x000009b8 add sb, pc, sb | sb = pc + sb;
0x000009bc str r7, [sp, 0x1c] | var_1ch = r7;
0x000009c0 str r3, [sp, 0x18] | var_18h = r3;
| label_1:
0x000009c4 ldr r3, [sp, 0x18] | r3 = var_18h;
0x000009c8 ldr r2, [sp, 0x28] | r2 = ei;
0x000009cc mov r5, 0 | r5 = 0;
0x000009d0 cmp r3, r2 |
| if (r3 <= r2) {
0x000009d4 blo 0xa2c | goto label_4;
| }
0x000009d8 ldr fp, [pc, 0x16c] | fp = *(0xb48);
0x000009dc add r3, sp, 0x10 | r3 += var_10h;
0x000009e0 add fp, pc, fp |
0x000009e4 str r3, [sp, 0xc] | var_ch = r3;
| do {
0x000009e8 ldr r3, [sp, 0x28] | r3 = ei;
0x000009ec cmp r3, r5 |
| if (r3 <= r5) {
0x000009f0 ble 0xb14 | goto label_5;
| }
0x000009f4 mov r8, r5 | r8 = r5;
0x000009f8 asr sb, r5, 0x1f | sb = r5 >> 0x1f;
0x000009fc ldr r2, [sp, 0xc] | r2 = var_ch;
0x00000a00 ldr r1, [pc, 0x13c] | r1 = *(0xb40);
0x00000a04 mov r0, r6 | r0 = r6;
0x00000a08 strd r8, sb, [sp, 0x10] | __asm ("strd r8, sb, [var_10h]");
0x00000a0c bl 0x728 | r0 = ioctl (r0, r1);
0x00000a10 cmp r0, 0 |
| if (r0 == 0) {
0x00000a14 beq 0xaac | goto label_6;
| }
0x00000a18 mov r1, r5 | r1 = r5;
0x00000a1c mov r0, fp | r0 = fp;
0x00000a20 bl 0x794 | printf (r0, r1)
| label_2:
0x00000a24 add r5, r5, r7 | r5 += r7;
0x00000a28 b 0x9e8 |
| } while (1);
| label_4:
0x00000a2c add r2, sp, 0x10 | r2 += var_10h;
0x00000a30 mov r1, r8 | r1 = r8;
0x00000a34 mov r0, r6 | r0 = r6;
0x00000a38 str r5, [sp, 0x14] | var_14h = r5;
0x00000a3c str r3, [sp, 0x10] | var_10h = r3;
0x00000a40 bl 0x728 | r0 = ioctl (r0, r1);
0x00000a44 subs r5, r0, 0 | r5 = r0 - 0;
| if (r5 == r0) {
0x00000a48 bne 0xa8c |
0x00000a4c add r2, sp, 0x18 | r2 += var_18h;
0x00000a50 mov r1, fp | r1 = fp;
0x00000a54 mov r0, r6 | r0 = r6;
0x00000a58 bl 0x728 | r0 = ioctl (r0, r1);
0x00000a5c subs r2, r0, 0 | r2 = r0 - 0;
| if (r2 == r0) {
0x00000a60 beq 0xa9c | goto label_7;
| }
0x00000a64 str r2, [sp, 0xc] | var_ch = r2;
0x00000a68 bl 0x6f8 | errno_location ();
0x00000a6c ldr r2, [sp, 0xc] | r2 = var_ch;
0x00000a70 ldr r1, [r0] | r1 = *(r0);
0x00000a74 ldr r0, [pc, 0xd4] | r0 = *(0xb4c);
0x00000a78 add r0, pc, r0 | r0 = pc + r0;
0x00000a7c bl 0x794 | printf (r0, r1, r2)
| label_3:
0x00000a80 mov r0, r6 | r0 = r6;
0x00000a84 bl 0x758 | close (r0);
0x00000a88 b 0x988 | goto label_0;
| }
0x00000a8c mov r2, r5 | r2 = r5;
0x00000a90 ldr r1, [sp, 0x18] | r1 = var_18h;
0x00000a94 mov r0, sb | r0 = sb;
0x00000a98 bl 0x794 | printf (r0, r1, r2)
| label_7:
0x00000a9c ldrd r2, r3, [sp, 0x18] | __asm ("ldrd r2, r3, [var_1ch]");
0x00000aa0 add r3, r3, r2 | r3 += r2;
0x00000aa4 str r3, [sp, 0x18] | var_18h = r3;
0x00000aa8 b 0x9c4 | goto label_1;
| label_6:
0x00000aac mov r3, sb | r3 = sb;
0x00000ab0 str r0, [sp] | *(sp) = r0;
0x00000ab4 mov r2, r5 | r2 = r5;
0x00000ab8 mov r0, r6 | r0 = r6;
0x00000abc bl 0x740 | lseek64 ();
0x00000ac0 cmp r4, r7 |
| if (r4 >= r7) {
0x00000ac4 movlt r8, r4 | r8 = r4;
| }
| if (r4 < r7) {
0x00000ac8 movge r8, r7 | r8 = r7;
| }
0x00000acc mov r2, r8 | r2 = r8;
0x00000ad0 mov r1, sl | r1 = sl;
0x00000ad4 mov r0, r6 | r0 = r6;
0x00000ad8 bl 0x74c | r0 = write (r0, r1, r2);
0x00000adc cmp r8, r0 |
0x00000ae0 mov sb, r0 | sb = r0;
| if (r8 != r0) {
0x00000ae4 bne 0xafc | goto label_8;
| }
0x00000ae8 subs r4, r4, r8 | r4 -= r8;
0x00000aec add sl, sl, r8 | sl += r8;
| if (r4 != r4) {
0x00000af0 bne 0xa24 | goto label_2;
| }
0x00000af4 mov r5, 1 | r5 = 1;
0x00000af8 b 0xa80 | goto label_3;
| label_8:
0x00000afc bl 0x6f8 | errno_location ();
0x00000b00 mov r2, sb | r2 = sb;
0x00000b04 ldr r1, [r0] | r1 = *(r0);
0x00000b08 ldr r0, [pc, 0x44] | r0 = *(0xb50);
0x00000b0c add r0, pc, r0 | r0 = pc + r0;
0x00000b10 bl 0x794 | printf (r0, r1, r2)
| label_5:
0x00000b14 ldr r0, [pc, 0x3c] | r0 = *(0xb54);
0x00000b18 mov r1, r4 | r1 = r4;
0x00000b1c add r0, pc, r0 | r0 = pc + r0;
0x00000b20 bl 0x794 | printf (r0, r1)
0x00000b24 ldr r0, [pc, 0x30] | r0 = *(0xb58);
0x00000b28 mov r5, 0 | r5 = 0;
0x00000b2c add r0, pc, r0 | r0 = pc + r0;
0x00000b30 bl 0x7a0 | puts (r0);
0x00000b34 b 0xa80 | goto label_3;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libtyco_services.so.1.0.0 @ 0xcd0 */
| #include <stdint.h>
|
; (fcn) sym.my_mmap_unsigned_int__unsigned_int_ () | void my_mmap_unsigned_int_unsigned_int_ (int32_t arg1, int32_t arg2) {
| int32_t var_0h;
| int32_t var_8h;
| int32_t var_ch;
| int32_t var_14h;
| r0 = arg1;
| r1 = arg2;
| /* my_mmap(unsigned int, unsigned int) */
0x00000cd0 push {r4, r5, lr} |
0x00000cd4 mov r5, r0 | r5 = r0;
0x00000cd8 ldr r0, [pc, 0x70] | r0 = *(0xd4c);
0x00000cdc mov r2, 0 | r2 = 0;
0x00000ce0 sub sp, sp, 0x14 |
0x00000ce4 mov r4, r1 | r4 = r1;
0x00000ce8 add r0, pc, r0 | r0 = pc + r0;
0x00000cec mov r1, 2 | r1 = 2;
0x00000cf0 bl 0x77c | open64 ();
0x00000cf4 ldr r2, [pc, 0x58] | r2 = *(0xd50);
0x00000cf8 add r2, pc, r2 | r2 = pc + r2;
0x00000cfc cmp r0, 0 |
0x00000d00 str r0, [r2] | *(r2) = r0;
| if (r0 >= 0) {
0x00000d04 bge 0xd28 | goto label_0;
| }
0x00000d08 bl 0x6f8 | r0 = errno_location ();
0x00000d0c ldr r1, [r0] | r1 = *(r0);
0x00000d10 ldr r0, [pc, 0x40] | r0 = *(0xd54);
0x00000d14 add r0, pc, r0 | r0 = pc + r0;
0x00000d18 bl 0x794 | printf (r0, r1)
0x00000d1c mov r0, 0 | r0 = 0;
| do {
0x00000d20 add sp, sp, 0x14 |
0x00000d24 pop {r4, r5, pc} |
| label_0:
0x00000d28 mov r3, r0 | r3 = r0;
0x00000d2c mov r0, 0 | r0 = 0;
0x00000d30 str r3, [sp] | *(sp) = r3;
0x00000d34 str r5, [sp, 8] | var_8h = r5;
0x00000d38 str r0, [sp, 0xc] | var_ch = r0;
0x00000d3c mov r3, 1 | r3 = 1;
0x00000d40 mov r2, 3 | r2 = 3;
0x00000d44 mov r1, r4 | r1 = r4;
0x00000d48 bl 0x764 | mmap64 ();
0x00000d4c b 0xd20 |
| } while (1);
| }
[*] Function printf used 11 times libtyco_services.so.1.0.0
