[*] Binary protection state of AJAJPost.dll
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH Symbols
[*] Function fprintf tear down of AJAJPost.dll
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/root/AJAJPost.dll @ 0x10e44 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
| int32_t var_10h;
| int32_t var_ch;
| int32_t var_8h;
| int32_t var_4h_2;
| int32_t var_4h;
0x00010e44 push {fp, lr} |
0x00010e48 add fp, sp, 4 |
0x00010e4c sub sp, sp, 0x10 |
0x00010e50 ldr r0, [pc, 0x154] | r0 = *(0x10fa8);
0x00010e54 bl 0x137c0 | r0 = scgi_initialize ();
0x00010e58 mov r3, r0 | r3 = r0;
0x00010e5c cmp r3, 0 |
| if (r3 == 0) {
0x00010e60 movne r3, 1 | r3 = 1;
| }
| if (r3 != 0) {
0x00010e64 moveq r3, 0 | r3 = 0;
| }
0x00010e68 and r3, r3, 0xff | r3 &= 0xff;
0x00010e6c cmp r3, 0 |
| if (r3 != 0) {
0x00010e70 beq 0x10e90 |
0x00010e74 ldr r3, [pc, 0x134] |
0x00010e78 ldr r3, [r3] | r3 = $d;
0x00010e7c ldr r2, [pc, 0x128] | r2 = *(0x10fa8);
0x00010e80 ldr r1, [pc, 0x12c] | r1 = stderr;
0x00010e84 mov r0, r3 | r0 = r3;
0x00010e88 bl 0x10c60 | fprintf (r0, r1, r2, r3)
0x00010e8c b 0x10eb0 |
| } else {
0x00010e90 ldr r3, [pc, 0x118] |
0x00010e94 ldr r3, [r3] | r3 = $d;
0x00010e98 ldr r2, [pc, 0x10c] | r2 = *(0x10fa8);
0x00010e9c ldr r1, [pc, 0x114] | r1 = "Successfully_AJAJPost.dll_port__d.";
0x00010ea0 mov r0, r3 | r0 = r3;
0x00010ea4 bl 0x10c60 | fprintf (r0, "Successfully_AJAJPost.dll_port__d.", r2, r3)
0x00010ea8 mov r3, 0 | r3 = 0;
0x00010eac b 0x10fa0 | goto label_2;
| }
| do {
| label_1:
0x00010eb0 ldr r0, [pc, 0x104] | r0 = "Failed_AJAJPost.dll_port__d.";
0x00010eb4 bl 0x10b88 | usleep ("Failed_AJAJPost.dll_port__d.");
0x00010eb8 mov r3, 0 | r3 = 0;
0x00010ebc str r3, [fp, -8] | var_8h = r3;
| label_0:
0x00010ec0 ldr r3, [fp, -8] | r3 = var_8h;
0x00010ec4 cmp r3, 4 |
0x00010ec8 bgt 0x10eb0 |
| } while (r3 > 4);
0x00010ecc bl 0x13ae4 | r0 = scgi_recv ();
0x00010ed0 mov r3, r0 | r3 = r0;
0x00010ed4 str r3, [fp, -0xc] | var_ch = r3;
0x00010ed8 ldr r3, [fp, -0xc] | r3 = var_ch;
0x00010edc cmp r3, 0 |
| if (r3 == 0) {
0x00010ee0 beq 0x10f98 | goto label_3;
| }
0x00010ee4 ldr r3, [fp, -8] | r3 = var_8h;
0x00010ee8 add r3, r3, 1 | r3++;
0x00010eec str r3, [fp, -8] | var_8h = r3;
0x00010ef0 mov r3, 0 | r3 = 0;
0x00010ef4 str r3, [fp, -0x10] | var_10h = r3;
0x00010ef8 ldr r3, [fp, -0xc] | r3 = var_ch;
0x00010efc sub r2, fp, 0x10 | r2 -= var_10h;
0x00010f00 str r2, [r3, 0x28] | *((r3 + 0x28)) = r2;
0x00010f04 ldr r3, [fp, -0xc] | r3 = var_ch;
0x00010f08 ldr r3, [r3, 0x2c] | r3 = *((r3 + 0x2c));
0x00010f0c cmp r3, 3 |
| if (r3 == 3) {
0x00010f10 bne 0x10f34 |
0x00010f14 ldr r3, [fp, -0xc] | r3 = var_ch;
0x00010f18 ldr r1, [r3, 0x1c] | r1 = *((r3 + 0x1c));
0x00010f1c ldr r3, [fp, -0xc] | r3 = var_ch;
0x00010f20 ldr r3, [r3, 0x20] | r3 = *((r3 + 0x20));
0x00010f24 mov r2, r3 | r2 = r3;
0x00010f28 ldr r0, [fp, -0xc] | r0 = var_ch;
0x00010f2c bl 0x112ac | sym ();
0x00010f30 b 0x10f58 |
| } else {
0x00010f34 ldr r1, [pc, 0x84] | r1 = *(0x10fbc);
0x00010f38 ldr r0, [fp, -0xc] | r0 = var_ch;
0x00010f3c bl 0x111f8 | sym ();
0x00010f40 ldr r3, [pc, 0x68] |
0x00010f44 ldr r3, [r3] | r3 = $d;
0x00010f48 mov r2, 0x14 | r2 = 0x14;
0x00010f4c mov r1, 1 | r1 = 1;
0x00010f50 ldr r0, [pc, 0x6c] | r0 = "_01_Not_Implemented";
0x00010f54 bl 0x10b7c | fwrite ("_01_Not_Implemented", r1, r2, r3);
| }
0x00010f58 ldr r3, [fp, -0x10] | r3 = var_10h;
0x00010f5c cmp r3, 1 |
| if (r3 == 1) {
0x00010f60 bne 0x10f7c |
0x00010f64 ldr r3, [pc, 0x44] |
0x00010f68 ldr r3, [r3] | r3 = $d;
0x00010f6c mov r2, 0x6f | r2 = 0x6f;
0x00010f70 mov r1, 1 | r1 = 1;
0x00010f74 ldr r0, [pc, 0x4c] | r0 = "Only_POST_supported";
0x00010f78 bl 0x10b7c | fwrite ("Only_POST_supported", r1, r2, r3);
| }
0x00010f7c ldr r3, [fp, -0x10] | r3 = var_10h;
0x00010f80 cmp r3, 0 |
| if (r3 != 0) {
0x00010f84 bne 0x10ec0 | goto label_0;
| }
0x00010f88 ldr r3, [fp, -0xc] | r3 = var_ch;
0x00010f8c mov r2, 0 | r2 = 0;
0x00010f90 str r2, [r3, 0x28] | *((r3 + 0x28)) = r2;
0x00010f94 b 0x10ec0 | goto label_0;
| label_3:
0x00010f98 mov r0, r0 |
0x00010f9c b 0x10eb0 | goto label_1;
| label_2:
0x00010fa0 mov r0, r3 | r0 = r3;
0x00010fa4 sub sp, fp, 4 |
0x00010fa8 pop {fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/root/AJAJPost.dll @ 0x10fcc */
| #include <stdint.h>
|
; (fcn) sym.CreateSocketTCP_unsigned_int_ () | void CreateSocketTCP_unsigned_int_ (int32_t arg1) {
| int32_t var_28h;
| int32_t var_21h;
| void * addr;
| int32_t var_1eh;
| int32_t var_1ch;
| int32_t var_10h;
| int32_t var_0h;
| int32_t var_ch_2;
| int32_t var_ch;
| r0 = arg1;
| /* CreateSocketTCP(unsigned int*) */
0x00010fcc push {r4, r5, fp, lr} |
0x00010fd0 add fp, sp, 0xc |
0x00010fd4 sub sp, sp, 0x28 |
0x00010fd8 str r0, [fp, -0x28] | var_28h = r0;
0x00010fdc mov r3, 1 | r3 = 1;
0x00010fe0 str r3, [fp, -0x10] | var_10h = r3;
0x00010fe4 mov r3, 1 | r3 = 1;
0x00010fe8 strb r3, [fp, -0x21] | var_21h = r3;
0x00010fec mov r2, 0 | r2 = 0;
0x00010ff0 mov r1, 1 | r1 = 1;
0x00010ff4 mov r0, 2 | r0 = 2;
0x00010ff8 bl 0x10c90 | r0 = socket (r0, r1, r2);
0x00010ffc mov r3, r0 | r3 = r0;
0x00011000 mov r2, r3 | r2 = r3;
0x00011004 ldr r3, [fp, -0x28] | r3 = var_28h;
0x00011008 str r2, [r3] | *(r3) = r2;
0x0001100c ldr r3, [fp, -0x28] | r3 = var_28h;
0x00011010 ldr r3, [r3] | r3 = *(r3);
0x00011014 cmn r3, 1 |
| if (r3 != 1) {
0x00011018 beq 0x11174 |
0x0001101c ldr r3, [fp, -0x28] | r3 = var_28h;
0x00011020 ldr r3, [r3] | r3 = *(r3);
0x00011024 mov r0, r3 | r0 = r3;
0x00011028 sub r2, fp, 0x10 | r2 -= var_10h;
0x0001102c mov r3, 4 | r3 = 4;
0x00011030 str r3, [sp] | *(sp) = r3;
0x00011034 mov r3, r2 | r3 = r2;
0x00011038 mov r2, 1 | r2 = 1;
0x0001103c mov r1, 6 | r1 = 6;
0x00011040 bl 0x10c30 | r0 = setsockopt ();
0x00011044 mov r3, r0 | r3 = r0;
0x00011048 cmn r3, 1 |
| if (r3 != 1) {
0x0001104c moveq r3, 1 | r3 = 1;
| }
| if (r3 == 1) {
0x00011050 movne r3, 0 | r3 = 0;
| }
0x00011054 and r3, r3, 0xff | r3 &= 0xff;
0x00011058 cmp r3, 0 |
| if (r3 != 0) {
0x0001105c beq 0x11084 |
0x00011060 ldr r3, [pc, 0x174] | r3 = *(0x111d8);
0x00011064 ldr r4, [r3] | r4 = *(0x111d8);
0x00011068 bl 0x10b70 | r0 = errno_location ();
0x0001106c mov r3, r0 | r3 = r0;
0x00011070 ldr r3, [r3] | r3 = *(r3);
0x00011074 mov r2, r3 | r2 = r3;
0x00011078 ldr r1, [pc, 0x160] | r1 = stderr;
0x0001107c mov r0, r4 | r0 = r4;
0x00011080 bl 0x10c60 | fprintf (r0, r1, r2, r3)
| }
0x00011084 sub r3, fp, 0x20 | r3 -= addr;
0x00011088 mov r2, 0x10 | r2 = 0x10;
0x0001108c mov r1, 0 | r1 = 0;
0x00011090 mov r0, r3 | r0 = r3;
0x00011094 bl 0x10c48 | memset (r0, r1, r2);
0x00011098 mov r3, 2 | r3 = 2;
0x0001109c strh r3, [fp, -0x20] | addr = r3;
0x000110a0 ldr r0, [pc, 0x13c] | r0 = "AJAJPost_TCP_setsocketopt_error:_d";
0x000110a4 bl 0x10c6c | r0 = inet_addr ();
0x000110a8 mov r3, r0 | r3 = r0;
0x000110ac str r3, [fp, -0x1c] | var_1ch = r3;
0x000110b0 ldr r0, [pc, 0x130] | r0 = "_27.0.0.1";
0x000110b4 bl 0x10b58 | r0 = htons ();
0x000110b8 mov r3, r0 | r3 = r0;
0x000110bc strh r3, [fp, -0x1e] | var_1eh = r3;
0x000110c0 ldr r3, [fp, -0x28] | r3 = var_28h;
0x000110c4 ldr r3, [r3] | r3 = *(r3);
0x000110c8 mov r0, r3 | r0 = r3;
0x000110cc sub r3, fp, 0x20 | r3 -= addr;
0x000110d0 mov r2, 0x10 | r2 = 0x10;
0x000110d4 mov r1, r3 | r1 = r3;
0x000110d8 bl 0x10ba0 | r0 = connect (r0, r1, r2);
0x000110dc mov r3, r0 | r3 = r0;
0x000110e0 cmn r3, 1 |
| if (r3 != 1) {
0x000110e4 moveq r3, 1 | r3 = 1;
| }
| if (r3 == 1) {
0x000110e8 movne r3, 0 | r3 = 0;
| }
0x000110ec and r3, r3, 0xff | r3 &= 0xff;
0x000110f0 cmp r3, 0 |
| if (r3 != 0) {
0x000110f4 beq 0x11144 |
0x000110f8 ldr r3, [pc, 0xdc] | r3 = *(0x111d8);
0x000110fc ldr r4, [r3] | r4 = *(0x111d8);
0x00011100 ldr r3, [fp, -0x28] | r3 = var_28h;
0x00011104 ldr r5, [r3] | r5 = *(0x111d8);
0x00011108 bl 0x10b70 | r0 = errno_location ();
0x0001110c mov r3, r0 | r3 = r0;
0x00011110 ldr r3, [r3] | r3 = *(r3);
0x00011114 mov r2, r5 | r2 = r5;
0x00011118 ldr r1, [pc, 0xcc] | r1 = *(0x111e8);
0x0001111c mov r0, r4 | r0 = r4;
0x00011120 bl 0x10c60 | fprintf (r0, r1, r2, r3)
0x00011124 ldr r3, [fp, -0x28] | r3 = var_28h;
0x00011128 ldr r3, [r3] | r3 = *(r3);
0x0001112c mov r0, r3 | r0 = r3;
0x00011130 bl 0x10c3c | close (r0);
0x00011134 ldr r3, [fp, -0x28] | r3 = var_28h;
0x00011138 mvn r2, 0 | r2 = ~0;
0x0001113c str r2, [r3] | *(r3) = r2;
0x00011140 b 0x11190 |
| } else {
0x00011144 ldr r3, [fp, -0x28] | r3 = var_28h;
0x00011148 ldr r3, [r3] | r3 = *(r3);
0x0001114c mov r0, r3 | r0 = r3;
0x00011150 sub r2, fp, 0x21 | r2 -= var_21h;
0x00011154 mov r3, 1 | r3 = 1;
0x00011158 str r3, [sp] | *(sp) = r3;
0x0001115c mov r3, r2 | r3 = r2;
0x00011160 mov r2, 1 | r2 = 1;
0x00011164 mov r1, 6 | r1 = 6;
0x00011168 bl 0x10c30 | setsockopt ();
0x0001116c mov r3, 1 | r3 = 1;
0x00011170 b 0x111d0 |
| } else {
0x00011174 ldr r3, [pc, 0x60] |
0x00011178 ldr r0, [r3] | r0 = *(0x111d8);
0x0001117c ldr r3, [fp, -0x28] | r3 = var_28h;
0x00011180 ldr r3, [r3] | r3 = *(0x111d8);
0x00011184 mov r2, r3 | r2 = r3;
0x00011188 ldr r1, [pc, 0x60] | r1 = "AJAJPost_TCP_Socket_was_unable_to_connect__d__errno:_d_";
0x0001118c bl 0x10c60 | fprintf (r0, "AJAJPost_TCP_Socket_was_unable_to_connect__d__errno:_d_", r2, r3)
| }
0x00011190 mov r3, 0 | r3 = 0;
0x00011194 b 0x111d0 |
| }
0x000111d0 mov r0, r3 | r0 = r3;
0x000111d4 sub sp, fp, 0xc |
0x000111d8 pop {r4, r5, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/root/AJAJPost.dll @ 0x112ac */
| #include <stdint.h>
|
; (fcn) sym.ExchangeData_SCGI_REQUEST__unsigned_char__unsigned_int_ () | void ExchangeData_SCGI_REQUEST_unsigned_char_unsigned_int_ (int32_t arg1, int32_t arg2) {
| void * buffer;
| int32_t var_b4h;
| int32_t var_b0h;
| int32_t var_ach;
| void * s1;
| void * var_28h;
| char * ptr;
| int32_t var_20h;
| int32_t var_1ch;
| int32_t var_18h;
| int32_t var_12h;
| int32_t var_11h;
| size_t nmeb;
| int32_t var_ch;
| int32_t var_0h;
| int32_t var_sp_b4h;
| int32_t var_sp_b0h;
| int32_t c;
| int32_t var_sp_2ch;
| int32_t var_sp_28h;
| int32_t var_sp_24h;
| int8_t var_sp_12h;
| int8_t var_sp_11h;
| int32_t var_8h;
| r0 = arg1;
| r1 = arg2;
| /* ExchangeData(SCGI_REQUEST*, unsigned char*, unsigned int) */
0x000112ac push {r4, fp, lr} |
0x000112b0 add fp, sp, 8 |
0x000112b4 sub sp, sp, 0x8000 |
0x000112b8 sub sp, sp, 0xcc |
0x000112bc sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x000112c0 sub r3, r3, 0xc | r3 -= 0xc;
0x000112c4 str r0, [r3, -0xb4] | *((r3 - 0xb4)) = r0;
0x000112c8 sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x000112cc sub r3, r3, 0xc | r3 -= 0xc;
0x000112d0 str r1, [r3, -0xb8] | *((r3 - 0xb8)) = r1;
0x000112d4 sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x000112d8 sub r3, r3, 0xc | r3 -= 0xc;
0x000112dc str r2, [r3, -0xbc] | *((r3 - 0xbc)) = r2;
0x000112e0 mov r3, 0 | r3 = 0;
0x000112e4 str r3, [fp, -0x2c] | s1 = r3;
0x000112e8 mov r3, 0 | r3 = 0;
0x000112ec strb r3, [fp, -0x11] | var_11h = r3;
0x000112f0 sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x000112f4 sub r3, r3, 0xc | r3 -= 0xc;
0x000112f8 sub r3, r3, 0xac | r3 -= 0xac;
0x000112fc mov r0, r3 | r0 = r3;
0x00011300 bl 0x10fcc | r0 = sym ();
0x00011304 mov r3, r0 | r3 = r0;
0x00011308 cmp r3, 0 |
| if (r3 == 0) {
0x0001130c beq 0x11680 | goto label_0;
| }
0x00011310 sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x00011314 sub r3, r3, 0xc | r3 -= 0xc;
0x00011318 ldr r3, [r3, -0xac] | r3 = *((r3 - 0xac));
0x0001131c mov r0, r3 | r0 = r3;
0x00011320 sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x00011324 sub r3, r3, 0xc | r3 -= 0xc;
0x00011328 mov r2, r3 | r2 = r3;
0x0001132c sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x00011330 sub r3, r3, 0xc | r3 -= 0xc;
0x00011334 mov r1, r3 | r1 = r3;
0x00011338 mov r3, 0 | r3 = 0;
0x0001133c ldr r2, [r2, -0xbc] | r2 = *((r2 - 0xbc));
0x00011340 ldr r1, [r1, -0xb8] | r1 = *((r1 - 0xb8));
0x00011344 bl 0x10bb8 | r0 = send (r0, r1, r2, r3);
0x00011348 mov r3, r0 | r3 = r0;
0x0001134c cmn r3, 1 |
| if (r3 != 1) {
0x00011350 moveq r3, 1 | r3 = 1;
| }
| if (r3 == 1) {
0x00011354 movne r3, 0 | r3 = 0;
| }
0x00011358 and r3, r3, 0xff | r3 &= 0xff;
0x0001135c cmp r3, 0 |
| if (r3 != 0) {
0x00011360 beq 0x1138c |
0x00011364 ldr r3, [pc, 0x320] | r3 = *(0x11688);
0x00011368 ldr r4, [r3] | r4 = *(0x11688);
0x0001136c bl 0x10b70 | r0 = errno_location ();
0x00011370 mov r3, r0 | r3 = r0;
0x00011374 ldr r3, [r3] | r3 = *(r3);
0x00011378 mov r2, r3 | r2 = r3;
0x0001137c ldr r1, [pc, 0x30c] | r1 = stderr;
0x00011380 mov r0, r4 | r0 = r4;
0x00011384 bl 0x10c60 | fprintf (r0, r1, r2, r3)
0x00011388 b 0x115a4 | goto label_1;
| }
0x0001138c sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x00011390 sub r3, r3, 0xc | r3 -= 0xc;
0x00011394 mov r2, r3 | r2 = r3;
0x00011398 sub r3, fp, 0xac | r3 -= c;
0x0001139c str r3, [r2, -0xb0] | *((r2 - 0xb0)) = r3;
0x000113a0 mov r3, 0 | r3 = 0;
0x000113a4 str r3, [fp, -0x18] | var_18h = r3;
| do {
0x000113a8 ldr r3, [fp, -0x18] | r3 = var_18h;
0x000113ac cmp r3, 0x1f |
| if (r3 > 0x1f) {
0x000113b0 bhi 0x113dc | goto label_2;
| }
0x000113b4 sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x000113b8 sub r3, r3, 0xc | r3 -= 0xc;
0x000113bc ldr r3, [r3, -0xb0] | r3 = *((r3 - 0xb0));
0x000113c0 ldr r2, [fp, -0x18] | r2 = var_18h;
0x000113c4 mov r1, 0 | r1 = 0;
0x000113c8 str r1, [r3, r2, lsl 2] | offset_0 = r2 << 2;
| *((r3 + offset_0)) = r1;
0x000113cc ldr r3, [fp, -0x18] | r3 = var_18h;
0x000113d0 add r3, r3, 1 | r3++;
0x000113d4 str r3, [fp, -0x18] | var_18h = r3;
0x000113d8 b 0x113a8 |
| } while (1);
| label_2:
0x000113dc sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x000113e0 sub r3, r3, 0xc | r3 -= 0xc;
0x000113e4 ldr r3, [r3, -0xac] | r3 = *((r3 - 0xac));
0x000113e8 lsr r2, r3, 5 | r2 = r3 >> 5;
0x000113ec lsl r3, r2, 2 | r3 = r2 << 2;
0x000113f0 sub r1, fp, 0xc | r1 -= var_18h;
0x000113f4 add r3, r1, r3 | r3 = r1 + r3;
0x000113f8 ldr r1, [r3, -0xa0] | r1 = c;
0x000113fc sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x00011400 sub r3, r3, 0xc | r3 -= 0xc;
0x00011404 ldr r3, [r3, -0xac] | r3 = *((r3 - 0xac));
0x00011408 and r3, r3, 0x1f | r3 &= 0x1f;
0x0001140c mov r0, 1 | r0 = 1;
0x00011410 lsl r3, r0, r3 | r3 = r0 << r3;
0x00011414 orr r1, r1, r3 | r1 |= r3;
0x00011418 lsl r3, r2, 2 | r3 = r2 << 2;
0x0001141c sub r2, fp, 0xc | r2 -= var_18h;
0x00011420 add r3, r2, r3 | r3 = r2 + r3;
0x00011424 str r1, [r3, -0xa0] | c = r1;
0x00011428 mov r3, 5 | r3 = 5;
0x0001142c str r3, [fp, -0xb4] | var_b4h = r3;
0x00011430 mov r3, 0 | r3 = 0;
0x00011434 str r3, [fp, -0xb0] | var_b0h = r3;
0x00011438 sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x0001143c sub r3, r3, 0xc | r3 -= 0xc;
0x00011440 sub r3, r3, 0xa8 | r3 -= 0xa8;
0x00011444 mov r2, 0x8000 | r2 = 0x8000;
0x00011448 mov r1, 0 | r1 = 0;
0x0001144c mov r0, r3 | r0 = r3;
0x00011450 bl 0x10c48 | memset (r0, r1, r2);
0x00011454 sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x00011458 sub r3, r3, 0xc | r3 -= 0xc;
0x0001145c ldr r3, [r3, -0xac] | r3 = *((r3 - 0xac));
0x00011460 add r3, r3, 1 | r3++;
0x00011464 mov r0, r3 | r0 = r3;
0x00011468 sub r1, fp, 0xac | r1 -= c;
0x0001146c sub r3, fp, 0xb4 | r3 -= var_sp_b4h;
0x00011470 str r3, [sp] | *(sp) = r3;
0x00011474 mov r3, 0 | r3 = 0;
0x00011478 mov r2, 0 | r2 = 0;
0x0001147c bl 0x10c24 | r0 = select ();
0x00011480 mov r3, r0 | r3 = r0;
0x00011484 str r3, [fp, -0x1c] | var_1ch = r3;
0x00011488 ldr r3, [fp, -0x1c] | r3 = var_1ch;
0x0001148c cmn r3, 1 |
| if (r3 != 1) {
0x00011490 beq 0x114a0 |
0x00011494 cmp r3, 0 |
| if (r3 != 0) {
0x00011498 beq 0x114bc |
0x0001149c b 0x114d8 |
| } else {
0x000114a0 ldr r3, [pc, 0x1e4] |
0x000114a4 ldr r3, [r3] | r3 = *(0x11688);
0x000114a8 mov r2, 0x19 | r2 = 0x19;
0x000114ac mov r1, 1 | r1 = 1;
0x000114b0 ldr r0, [pc, 0x1dc] | r0 = "AjajPost_TCP_error_sending:__d";
0x000114b4 bl 0x10b7c | fwrite ("AjajPost_TCP_error_sending:__d", r1, r2, r3);
0x000114b8 b 0x115a4 | goto label_1;
| }
0x000114bc ldr r3, [pc, 0x1c8] |
0x000114c0 ldr r3, [r3] | r3 = *(0x11688);
0x000114c4 mov r2, 0x1c | r2 = 0x1c;
0x000114c8 mov r1, 1 | r1 = 1;
0x000114cc ldr r0, [pc, 0x1c4] | r0 = "AJAJPost_Socket_error___";
0x000114d0 bl 0x10b7c | fwrite ("AJAJPost_Socket_error___", r1, r2, r3);
0x000114d4 b 0x115a4 | goto label_1;
| }
0x000114d8 mov r3, 0 | r3 = 0;
0x000114dc str r3, [fp, -0x10] | var_1ch = r3;
0x000114e0 mov r3, 0 | r3 = 0;
0x000114e4 strb r3, [fp, -0x12] | var_12h = r3;
| do {
0x000114e8 ldrb r3, [fp, -0x12] | r3 = var_12h;
0x000114ec cmp r3, 2 |
| if (r3 > 2) {
0x000114f0 bhi 0x115a0 | goto label_3;
| }
0x000114f4 sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x000114f8 sub r3, r3, 0xc | r3 -= 0xc;
0x000114fc ldr r3, [r3, -0xac] | r3 = *((r3 - 0xac));
0x00011500 mov r0, r3 | r0 = r3;
0x00011504 sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x00011508 sub r3, r3, 0xc | r3 -= 0xc;
0x0001150c sub r3, r3, 0xa8 | r3 -= 0xa8;
0x00011510 ldr r2, [fp, -0x10] | r2 = var_1ch;
0x00011514 add r1, r3, r2 | r1 = r3 + r2;
0x00011518 ldr r3, [fp, -0x10] | r3 = var_1ch;
0x0001151c rsb r2, r3, 0x8000 | r2 = 0x8000 - r3;
0x00011520 mov r3, 0 | r3 = 0;
0x00011524 bl 0x10c00 | r0 = recv (r0, r1);
0x00011528 mov r3, r0 | r3 = r0;
0x0001152c str r3, [fp, -0x20] | s1 = r3;
0x00011530 ldr r2, [fp, -0x10] | r2 = var_1ch;
0x00011534 ldr r3, [fp, -0x20] | r3 = s1;
0x00011538 add r3, r2, r3 | r3 = r2 + r3;
0x0001153c str r3, [fp, -0x10] | var_1ch = r3;
0x00011540 sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x00011544 sub r3, r3, 0xc | r3 -= 0xc;
0x00011548 sub r3, r3, 0xa8 | r3 -= 0xa8;
0x0001154c sub r0, fp, 0x2c | r0 -= var_sp_2ch;
0x00011550 mov r2, 4 | r2 = 4;
0x00011554 mov r1, r3 | r1 = r3;
0x00011558 bl 0x10b94 | memcpy (r0, r1, r2);
0x0001155c ldr r2, [fp, -0x10] | r2 = var_1ch;
0x00011560 ldr r3, [fp, -0x2c] | r3 = s1;
0x00011564 cmp r2, r3 |
| if (r2 == r3) {
0x00011568 bne 0x11588 |
0x0001156c ldr r3, [fp, -0x10] | r3 = var_1ch;
0x00011570 sub r3, r3, 4 | r3 -= 4;
0x00011574 str r3, [fp, -0x10] | var_1ch = r3;
0x00011578 mov r3, 1 | r3 = 1;
0x0001157c strb r3, [fp, -0x11] | var_11h = r3;
0x00011580 mov r0, r0 |
0x00011584 b 0x115a0 |
| } else {
0x00011588 ldr r0, [pc, 0x10c] | r0 = "AJAJPost_Receive_timeout___";
0x0001158c bl 0x10b88 | usleep ("AJAJPost_Receive_timeout___");
0x00011590 ldrb r3, [fp, -0x12] | r3 = var_12h;
0x00011594 add r3, r3, 1 | r3++;
0x00011598 strb r3, [fp, -0x12] | var_12h = r3;
0x0001159c b 0x114e8 |
| } while (1);
| }
| label_3:
0x000115a0 mov r0, r0 |
| label_1:
0x000115a4 sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x000115a8 sub r3, r3, 0xc | r3 -= 0xc;
0x000115ac ldr r3, [r3, -0xac] | r3 = *((r3 - 0xac));
0x000115b0 mov r1, 2 | r1 = 2;
0x000115b4 mov r0, r3 | r0 = r3;
0x000115b8 bl 0x10d20 | shutdown ();
0x000115bc sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x000115c0 sub r3, r3, 0xc | r3 -= 0xc;
0x000115c4 ldr r3, [r3, -0xac] | r3 = *((r3 - 0xac));
0x000115c8 mov r0, r3 | r0 = r3;
0x000115cc bl 0x10c3c | close (r0);
0x000115d0 ldrb r3, [fp, -0x11] | r3 = var_11h;
0x000115d4 cmp r3, 0 |
| if (r3 != 0) {
0x000115d8 beq 0x1166c |
0x000115dc ldr r3, [fp, -0x10] | r3 = var_1ch;
0x000115e0 add r3, r3, 0x80 | r3 += 0x80;
0x000115e4 mov r1, 1 | r1 = 1;
0x000115e8 mov r0, r3 | r0 = r3;
0x000115ec bl 0x10b64 | r0 = calloc (r0, r1);
0x000115f0 mov r3, r0 | r3 = r0;
0x000115f4 str r3, [fp, -0x24] | ptr = r3;
0x000115f8 ldr r3, [fp, -0x24] | r3 = ptr;
0x000115fc cmp r3, 0 |
| if (r3 == 0) {
0x00011600 beq 0x11680 | goto label_0;
| }
0x00011604 ldr r2, [pc, 0x94] | r2 = *(0x1169c);
0x00011608 ldr r1, [pc, 0x94] | r1 = "_00_OK";
0x0001160c ldr r0, [fp, -0x24] | r0 = ptr;
0x00011610 bl 0x10c84 | sprintf (r0, "_00_OK", r2);
0x00011614 str r0, [fp, -0x28] | var_28h = r0;
0x00011618 ldr r3, [fp, -0x28] | r3 = var_28h;
0x0001161c ldr r2, [fp, -0x24] | r2 = ptr;
0x00011620 add r0, r2, r3 | r0 = r2 + r3;
0x00011624 ldr r2, [fp, -0x10] | r2 = var_1ch;
0x00011628 sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x0001162c sub r3, r3, 0xc | r3 -= 0xc;
0x00011630 sub r3, r3, 0xa8 | r3 -= 0xa8;
0x00011634 add r3, r3, 4 | r3 += 4;
0x00011638 mov r1, r3 | r1 = r3;
0x0001163c bl 0x10b94 | memcpy (r0, r1, r2);
0x00011640 ldr r2, [fp, -0x28] | r2 = var_28h;
0x00011644 ldr r3, [fp, -0x10] | r3 = var_1ch;
0x00011648 add r2, r2, r3 | r2 += r3;
0x0001164c sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x00011650 sub r3, r3, 0xc | r3 -= 0xc;
0x00011654 ldr r1, [fp, -0x24] | r1 = ptr;
0x00011658 ldr r0, [r3, -0xb4] | r0 = *((r3 - 0xb4));
0x0001165c bl 0x13c44 | scgi_send ();
0x00011660 ldr r0, [fp, -0x24] | r0 = ptr;
0x00011664 bl 0x10cd8 | free (r0);
0x00011668 b 0x11680 |
| } else {
0x0001166c sub r3, fp, 0x8000 | r3 = fp - 0x8000;
0x00011670 sub r3, r3, 0xc | r3 -= 0xc;
0x00011674 ldr r1, [pc, 0x2c] | r1 = "Status:__sContent_Type:_text_plain";
0x00011678 ldr r0, [r3, -0xb4] | r0 = *((r3 - 0xb4));
0x0001167c bl 0x111f8 | r0 = sym ();
| }
| label_0:
0x00011680 mov r0, r0 |
0x00011684 sub sp, fp, 8 |
0x00011688 pop {r4, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/root/AJAJPost.dll @ 0x111f8 */
| #include <stdint.h>
|
; (fcn) sym.SendWebAcknowledge_SCGI_REQUEST__char_ () | void SendWebAcknowledge_SCGI_REQUEST_char_ (int32_t arg1, int32_t arg2) {
| int32_t var_8ch;
| int32_t var_88h;
| char * s;
| int32_t var_4h_2;
| int32_t var_4h;
| r0 = arg1;
| r1 = arg2;
| /* SendWebAcknowledge(SCGI_REQUEST*, char*) */
0x000111f8 push {fp, lr} |
0x000111fc add fp, sp, 4 |
0x00011200 sub sp, sp, 0x88 |
0x00011204 str r0, [fp, -0x88] | var_88h = r0;
0x00011208 str r1, [fp, -0x8c] | var_8ch = r1;
0x0001120c sub r3, fp, 0x84 | r3 -= s;
0x00011210 mov r2, 0x80 | r2 = 0x80;
0x00011214 mov r1, 0 | r1 = 0;
0x00011218 mov r0, r3 | r0 = r3;
0x0001121c bl 0x10c48 | memset (r0, r1, r2);
0x00011220 sub r3, fp, 0x84 | r3 -= s;
0x00011224 ldr r2, [fp, -0x8c] | r2 = var_8ch;
0x00011228 ldr r1, [pc, 0x6c] | r1 = *(0x11298);
0x0001122c mov r0, r3 | r0 = r3;
0x00011230 bl 0x10c84 | sprintf (r0, r1, r2);
0x00011234 ldr r3, [pc, 0x64] |
0x00011238 ldr r3, [r3] | r3 = "Status:__sContent_Type:_text_plain";
0x0001123c sub r2, fp, 0x84 | r2 -= s;
0x00011240 ldr r1, [pc, 0x5c] | r1 = stderr;
0x00011244 mov r0, r3 | r0 = r3;
0x00011248 bl 0x10c60 | fprintf (r0, r1, r2, "Status:__sContent_Type:_text_plain")
0x0001124c sub r3, fp, 0x84 | r3 -= s;
0x00011250 mov r1, r3 | r1 = r3;
0x00011254 ldr r0, [fp, -0x88] | r0 = var_88h;
0x00011258 bl 0x13c00 | r0 = scgi_write ();
0x0001125c mov r3, r0 | r3 = r0;
0x00011260 cmp r3, 0 |
| if (r3 != 0) {
0x00011264 moveq r3, 1 | r3 = 1;
| }
| if (r3 == 0) {
0x00011268 movne r3, 0 | r3 = 0;
| }
0x0001126c and r3, r3, 0xff | r3 &= 0xff;
0x00011270 cmp r3, 0 |
| if (r3 != 0) {
0x00011274 beq 0x11290 |
0x00011278 ldr r3, [pc, 0x20] |
0x0001127c ldr r3, [r3] | r3 = "Status:__sContent_Type:_text_plain";
0x00011280 mov r2, 0x48 | r2 = 0x48;
0x00011284 mov r1, 1 | r1 = 1;
0x00011288 ldr r0, [pc, 0x18] | r0 = "ack:__s";
0x0001128c bl 0x10b7c | r0 = fwrite ("ack:__s", r1, r2, "Status:__sContent_Type:_text_plain");
| }
0x00011290 mov r0, r0 |
0x00011294 sub sp, fp, 4 |
0x00011298 pop {fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/root/AJAJPost.dll @ 0x11f94 */
| #include <stdint.h>
|
; (fcn) sym.scgi_answer_the_phone () | void scgi_answer_the_phone (int32_t arg1) {
| int32_t var_a8h;
| int32_t var_a4h;
| int32_t var_9ch;
| int32_t var_98h;
| int32_t var_94h;
| int32_t var_90h;
| int32_t fildes;
| int32_t var_sp_94h;
| int32_t var_sp_10h;
| int32_t var_8h_2;
| int32_t var_8h;
| r0 = arg1;
0x00011f94 push {r4, fp, lr} |
0x00011f98 add fp, sp, 8 |
0x00011f9c sub sp, sp, 0xa4 |
0x00011fa0 str r0, [fp, -0xa8] | var_a8h = r0;
0x00011fa4 mov r3, 0x80 | r3 = 0x80;
0x00011fa8 str r3, [fp, -0x94] | var_94h = r3;
0x00011fac sub r3, fp, 0xa4 | r3 = fp - 0xa4;
0x00011fb0 mov r1, 0 | r1 = 0;
0x00011fb4 mov r0, r3 | r0 = r3;
0x00011fb8 bl 0x10bc4 | gettimeofday ();
0x00011fbc ldr r3, [fp, -0xa8] | r3 = var_a8h;
0x00011fc0 ldr r3, [r3, 0x14] | r3 = *((r3 + 0x14));
0x00011fc4 sub r2, fp, 0x94 | r2 -= var_sp_94h;
0x00011fc8 sub r1, fp, 0x90 | r1 -= var_9ch;
0x00011fcc mov r0, r3 | r0 = r3;
0x00011fd0 bl 0x10ccc | r0 = accept (r0, r1, r2);
0x00011fd4 mov r3, r0 | r3 = r0;
0x00011fd8 str r3, [fp, -0x10] | fildes = r3;
0x00011fdc ldr r3, [fp, -0x10] | r3 = fildes;
0x00011fe0 lsr r3, r3, 0x1f | r3 >>= 0x1f;
0x00011fe4 and r3, r3, 0xff | r3 &= 0xff;
0x00011fe8 cmp r3, 0 |
| if (r3 != 0) {
0x00011fec beq 0x11ffc |
0x00011ff0 ldr r0, [pc, 0x4c8] | r0 = *(0x124bc);
0x00011ff4 bl 0x128dc | scgi_perror ();
0x00011ff8 b 0x124b8 |
| } else {
0x00011ffc ldr r3, [pc, 0x4c0] |
0x00012000 ldr r3, [r3] | r3 = "Warning:_scgilibs_phone_rang_but_something_prevented_scgilib_from_answering_it.";
0x00012004 cmp r3, 0 |
| if (r3 > 0) {
0x00012008 ble 0x12024 |
0x0001200c ldr r3, [pc, 0x4b4] |
0x00012010 ldr r3, [r3] | r3 = *(0x124c4);
0x00012014 ldr r2, [fp, -0x10] | r2 = fildes;
0x00012018 ldr r1, [pc, 0x4ac] | r1 = stderr;
0x0001201c mov r0, r3 | r0 = r3;
0x00012020 bl 0x10c60 | fprintf (r0, r1, r2, r3)
| }
0x00012024 mov r2, 0x800 | r2 = 0x800;
0x00012028 mov r1, 4 | r1 = 4;
0x0001202c ldr r0, [fp, -0x10] | r0 = fildes;
0x00012030 bl 0x10c18 | r0 = fcntl ();
0x00012034 mov r3, r0 | r3 = r0;
0x00012038 cmn r3, 1 |
| if (r3 != 1) {
0x0001203c moveq r3, 1 | r3 = 1;
| }
| if (r3 == 1) {
0x00012040 movne r3, 0 | r3 = 0;
| }
0x00012044 and r3, r3, 0xff | r3 &= 0xff;
0x00012048 cmp r3, 0 |
| if (r3 != 0) {
0x0001204c beq 0x12064 |
0x00012050 ldr r0, [pc, 0x478] | r0 = "scgi_answer_the_phone:_accept_on_port__d";
0x00012054 bl 0x128dc | scgi_perror ();
0x00012058 ldr r0, [fp, -0x10] | r0 = fildes;
0x0001205c bl 0x10c3c | close (r0);
0x00012060 b 0x124b8 |
| } else {
0x00012064 mov r1, 0x50 | r1 = 0x50;
0x00012068 mov r0, 1 | r0 = 1;
0x0001206c bl 0x10b64 | r0 = calloc (r0, r1);
0x00012070 mov r3, r0 | r3 = r0;
0x00012074 str r3, [fp, -0x98] | var_a4h = r3;
0x00012078 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x0001207c cmp r3, 0 |
| if (r3 != 0) {
0x00012080 moveq r3, 1 | r3 = 1;
| }
| if (r3 == 0) {
0x00012084 movne r3, 0 | r3 = 0;
| }
0x00012088 and r3, r3, 0xff | r3 &= 0xff;
0x0001208c cmp r3, 0 |
| if (r3 != 0) {
0x00012090 beq 0x120a0 |
0x00012094 ldr r0, [pc, 0x438] | r0 = "Warning:_scgilib_was_unable_to_set_a_socket_to_non_blocking_mode.__scgilib_hung_up_the_phone_on_this_socket.";
0x00012098 bl 0x128dc | scgi_perror ();
0x0001209c bl 0x10c78 | abort ();
| }
0x000120a0 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x000120a4 mov r2, 0 | r2 = 0;
0x000120a8 str r2, [r3] | *(r3) = r2;
0x000120ac ldr r3, [fp, -0x98] | r3 = var_a4h;
0x000120b0 mov r2, 0 | r2 = 0;
0x000120b4 str r2, [r3, 4] | *((r3 + 4)) = r2;
0x000120b8 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x000120bc ldr r2, [fp, -0xa8] | r2 = var_a8h;
0x000120c0 str r2, [r3, 8] | *((r3 + 8)) = r2;
0x000120c4 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x000120c8 ldr r2, [fp, -0x10] | r2 = fildes;
0x000120cc str r2, [r3, 0x10] | *((r3 + 0x10)) = r2;
0x000120d0 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x000120d4 ldr r2, [fp, -0xa4] | r2 = var_a4h;
0x000120d8 str r2, [r3, 0x2c] | *((r3 + 0x2c)) = r2;
0x000120dc ldr r3, [fp, -0x98] | r3 = var_a4h;
0x000120e0 mov r2, 0 | r2 = 0;
0x000120e4 str r2, [r3, 0x30] | *((r3 + 0x30)) = r2;
0x000120e8 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x000120ec mov r2, 0 | r2 = 0;
0x000120f0 str r2, [r3, 0x34] | *((r3 + 0x34)) = r2;
0x000120f4 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x000120f8 mov r2, 0 | r2 = 0;
0x000120fc str r2, [r3, 0x3c] | *((r3 + 0x3c)) = r2;
0x00012100 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x00012104 mov r2, 0 | r2 = 0;
0x00012108 str r2, [r3, 0x40] | *((r3 + 0x40)) = r2;
0x0001210c ldr r3, [fp, -0x98] | r3 = var_a4h;
0x00012110 mov r2, 0 | r2 = 0;
0x00012114 str r2, [r3, 0x4c] | *((r3 + 0x4c)) = r2;
0x00012118 ldr r3, [pc, 0x3b8] |
0x0001211c ldr r3, [r3] | r3 = "scgilib:_Out_of_RAM__Emergency_shutdown.";
0x00012120 cmp r3, 0 |
| if (r3 != 0) {
0x00012124 beq 0x12148 |
0x00012128 ldr r3, [pc, 0x3a8] |
0x0001212c ldr r3, [r3] | r3 = "scgilib:_Out_of_RAM__Emergency_shutdown.";
0x00012130 ldr r4, [fp, -0x98] | r4 = var_a4h;
0x00012134 mov r1, 1 | r1 = 1;
0x00012138 ldr r0, [fp, -0x10] | r0 = fildes;
0x0001213c blx r3 | r0 = uint32_t (*r3)(uint32_t, uint32_t, char*) (r0, r1, "scgilib:_Out_of_RAM__Emergency_shutdown.");
0x00012140 mov r3, r0 | r3 = r0;
0x00012144 str r3, [r4, 0x38] | *((r4 + 0x38)) = r3;
| }
0x00012148 ldr r4, [fp, -0x98] | r4 = var_a4h;
0x0001214c mov r1, 1 | r1 = 1;
0x00012150 ldr r0, [pc, 0x384] | r0 = scgi_fd_newfd_cb;
0x00012154 bl 0x10b64 | r0 = calloc (r0, r1);
0x00012158 mov r3, r0 | r3 = r0;
0x0001215c str r3, [r4, 0x14] | *((r4 + 0x14)) = r3;
0x00012160 ldr r3, [r4, 0x14] | r3 = *((r4 + 0x14));
0x00012164 cmp r3, 0 |
| if (r3 != 0) {
0x00012168 moveq r3, 1 | r3 = 1;
| }
| if (r3 == 0) {
0x0001216c movne r3, 0 | r3 = 0;
| }
0x00012170 and r3, r3, 0xff | r3 &= 0xff;
0x00012174 cmp r3, 0 |
| if (r3 != 0) {
0x00012178 beq 0x12188 |
0x0001217c ldr r0, [pc, 0x350] | r0 = "Warning:_scgilib_was_unable_to_set_a_socket_to_non_blocking_mode.__scgilib_hung_up_the_phone_on_this_socket.";
0x00012180 bl 0x128dc | scgi_perror ();
0x00012184 bl 0x10c78 | abort ();
| }
0x00012188 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x0001218c mov r2, 0x20000 | r2 = 0x20000;
0x00012190 str r2, [r3, 0x18] | *((r3 + 0x18)) = r2;
0x00012194 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x00012198 mov r2, 0 | r2 = 0;
0x0001219c str r2, [r3, 0x1c] | *((r3 + 0x1c)) = r2;
0x000121a0 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x000121a4 ldr r3, [r3, 0x14] | r3 = *((r3 + 0x14));
0x000121a8 mov r2, 0 | r2 = 0;
0x000121ac strb r2, [r3] | *(r3) = r2;
0x000121b0 ldr r4, [fp, -0x98] | r4 = var_a4h;
0x000121b4 mov r1, 1 | r1 = 1;
0x000121b8 ldr r0, [pc, 0x320] | r0 = *(0x124dc);
0x000121bc bl 0x10b64 | r0 = calloc (r0, r1);
0x000121c0 mov r3, r0 | r3 = r0;
0x000121c4 str r3, [r4, 0x20] | *((r4 + 0x20)) = r3;
0x000121c8 ldr r3, [r4, 0x20] | r3 = *((r4 + 0x20));
0x000121cc cmp r3, 0 |
| if (r3 != 0) {
0x000121d0 moveq r3, 1 | r3 = 1;
| }
| if (r3 == 0) {
0x000121d4 movne r3, 0 | r3 = 0;
| }
0x000121d8 and r3, r3, 0xff | r3 &= 0xff;
0x000121dc cmp r3, 0 |
| if (r3 != 0) {
0x000121e0 beq 0x121f0 |
0x000121e4 ldr r0, [pc, 0x2e8] | r0 = "Warning:_scgilib_was_unable_to_set_a_socket_to_non_blocking_mode.__scgilib_hung_up_the_phone_on_this_socket.";
0x000121e8 bl 0x128dc | scgi_perror ();
0x000121ec bl 0x10c78 | abort ();
| }
0x000121f0 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x000121f4 mov r2, 0x4000 | r2 = 0x4000;
0x000121f8 str r2, [r3, 0x24] | *((r3 + 0x24)) = r2;
0x000121fc ldr r3, [fp, -0x98] | r3 = var_a4h;
0x00012200 mov r2, 0 | r2 = 0;
0x00012204 str r2, [r3, 0x28] | *((r3 + 0x28)) = r2;
0x00012208 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x0001220c ldr r3, [r3, 0x20] | r3 = *((r3 + 0x20));
0x00012210 mov r2, 0 | r2 = 0;
0x00012214 strb r2, [r3] | *(r3) = r2;
0x00012218 mov r1, 0x6c | r1 = 0x6c;
0x0001221c mov r0, 1 | r0 = 1;
0x00012220 bl 0x10b64 | r0 = calloc (r0, r1);
0x00012224 mov r3, r0 | r3 = r0;
0x00012228 str r3, [fp, -0x9c] | var_a8h = r3;
0x0001222c ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012230 cmp r3, 0 |
| if (r3 != 0) {
0x00012234 moveq r3, 1 | r3 = 1;
| }
| if (r3 == 0) {
0x00012238 movne r3, 0 | r3 = 0;
| }
0x0001223c and r3, r3, 0xff | r3 &= 0xff;
0x00012240 cmp r3, 0 |
| if (r3 != 0) {
0x00012244 beq 0x12254 |
0x00012248 ldr r0, [pc, 0x284] | r0 = "Warning:_scgilib_was_unable_to_set_a_socket_to_non_blocking_mode.__scgilib_hung_up_the_phone_on_this_socket.";
0x0001224c bl 0x128dc | scgi_perror ();
0x00012250 bl 0x10c78 | abort ();
| }
0x00012254 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012258 mov r2, 0 | r2 = 0;
0x0001225c str r2, [r3] | *(r3) = r2;
0x00012260 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012264 mov r2, 0 | r2 = 0;
0x00012268 str r2, [r3, 4] | *((r3 + 4)) = r2;
0x0001226c ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012270 mov r2, 0 | r2 = 0;
0x00012274 str r2, [r3, 8] | *((r3 + 8)) = r2;
0x00012278 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x0001227c mov r2, 0 | r2 = 0;
0x00012280 str r2, [r3, 0xc] | *((r3 + 0xc)) = r2;
0x00012284 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012288 ldr r2, [fp, -0x98] | r2 = var_a4h;
0x0001228c str r2, [r3, 0x10] | *((r3 + 0x10)) = r2;
0x00012290 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012294 mov r2, 0 | r2 = 0;
0x00012298 str r2, [r3, 0x14] | *((r3 + 0x14)) = r2;
0x0001229c ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x000122a0 mov r2, 0 | r2 = 0;
0x000122a4 str r2, [r3, 0x18] | *((r3 + 0x18)) = r2;
0x000122a8 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x000122ac mov r2, 0 | r2 = 0;
0x000122b0 str r2, [r3, 0x1c] | *((r3 + 0x1c)) = r2;
0x000122b4 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x000122b8 mvn r2, 0 | r2 = ~0;
0x000122bc str r2, [r3, 0x20] | *((r3 + 0x20)) = r2;
0x000122c0 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x000122c4 mov r2, 0 | r2 = 0;
0x000122c8 strb r2, [r3, 0x24] | *((r3 + 0x24)) = r2;
0x000122cc ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x000122d0 mov r2, 0 | r2 = 0;
0x000122d4 str r2, [r3, 0x28] | *((r3 + 0x28)) = r2;
0x000122d8 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x000122dc mov r2, 0 | r2 = 0;
0x000122e0 str r2, [r3, 0x2c] | *((r3 + 0x2c)) = r2;
0x000122e4 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x000122e8 mov r2, 0 | r2 = 0;
0x000122ec str r2, [r3, 0x30] | *((r3 + 0x30)) = r2;
0x000122f0 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x000122f4 mov r2, 0 | r2 = 0;
0x000122f8 str r2, [r3, 0x34] | *((r3 + 0x34)) = r2;
0x000122fc ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012300 mov r2, 0 | r2 = 0;
0x00012304 str r2, [r3, 0x38] | *((r3 + 0x38)) = r2;
0x00012308 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x0001230c mov r2, 0 | r2 = 0;
0x00012310 str r2, [r3, 0x3c] | *((r3 + 0x3c)) = r2;
0x00012314 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012318 mov r2, 0 | r2 = 0;
0x0001231c str r2, [r3, 0x40] | *((r3 + 0x40)) = r2;
0x00012320 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012324 mov r2, 0 | r2 = 0;
0x00012328 str r2, [r3, 0x44] | *((r3 + 0x44)) = r2;
0x0001232c ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012330 mov r2, 0 | r2 = 0;
0x00012334 str r2, [r3, 0x48] | *((r3 + 0x48)) = r2;
0x00012338 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x0001233c mov r2, 0 | r2 = 0;
0x00012340 str r2, [r3, 0x4c] | *((r3 + 0x4c)) = r2;
0x00012344 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012348 mov r2, 0 | r2 = 0;
0x0001234c str r2, [r3, 0x50] | *((r3 + 0x50)) = r2;
0x00012350 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012354 mov r2, 0 | r2 = 0;
0x00012358 str r2, [r3, 0x54] | *((r3 + 0x54)) = r2;
0x0001235c ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012360 mov r2, 0 | r2 = 0;
0x00012364 str r2, [r3, 0x58] | *((r3 + 0x58)) = r2;
0x00012368 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x0001236c mov r2, 0 | r2 = 0;
0x00012370 str r2, [r3, 0x5c] | *((r3 + 0x5c)) = r2;
0x00012374 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012378 mov r2, 0 | r2 = 0;
0x0001237c str r2, [r3, 0x60] | *((r3 + 0x60)) = r2;
0x00012380 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012384 mov r2, 0 | r2 = 0;
0x00012388 str r2, [r3, 0x64] | *((r3 + 0x64)) = r2;
0x0001238c ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012390 mov r2, 0 | r2 = 0;
0x00012394 str r2, [r3, 0x68] | *((r3 + 0x68)) = r2;
0x00012398 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x0001239c ldr r2, [fp, -0x9c] | r2 = var_a8h;
0x000123a0 str r2, [r3, 0xc] | *((r3 + 0xc)) = r2;
0x000123a4 ldr r3, [pc, 0x138] |
0x000123a8 ldr r3, [r3] | r3 = *(0x124e0);
0x000123ac cmp r3, 0 |
| if (r3 == 0) {
0x000123b0 bne 0x123d0 |
0x000123b4 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x000123b8 ldr r2, [pc, 0x124] | r2 = *(0x124e0);
0x000123bc str r3, [r2] | *(r2) = r3;
0x000123c0 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x000123c4 ldr r2, [pc, 0x11c] | r2 = *(0x124e4);
0x000123c8 str r3, [r2] | *(r2) = r3;
0x000123cc b 0x123e0 |
| } else {
0x000123d0 ldr r3, [pc, 0x110] |
0x000123d4 ldr r3, [r3] | r3 = *(0x124e4);
0x000123d8 ldr r2, [fp, -0x9c] | r2 = var_a8h;
0x000123dc str r2, [r3] | *(r3) = r2;
| }
0x000123e0 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x000123e4 mov r2, 0 | r2 = 0;
0x000123e8 str r2, [r3] | *(r3) = r2;
0x000123ec ldr r3, [pc, 0xf0] | r3 = *(0x124e0);
0x000123f0 ldr r2, [r3] | r2 = *(0x124e0);
0x000123f4 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x000123f8 cmp r2, r3 |
| if (r2 == r3) {
0x000123fc bne 0x12410 |
0x00012400 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012404 mov r2, 0 | r2 = 0;
0x00012408 str r2, [r3, 4] | *((r3 + 4)) = r2;
0x0001240c b 0x12420 |
| } else {
0x00012410 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012414 ldr r2, [pc, 0xcc] |
0x00012418 ldr r2, [r2] | r2 = *(0x124e4);
0x0001241c str r2, [r3, 4] | *((r3 + 4)) = r2;
| }
0x00012420 ldr r3, [fp, -0x9c] | r3 = var_a8h;
0x00012424 ldr r2, [pc, 0xbc] | r2 = *(0x124e4);
0x00012428 str r3, [r2] | *(r2) = r3;
0x0001242c ldr r3, [fp, -0xa8] | r3 = var_a8h;
0x00012430 ldr r3, [r3, 8] | r3 = *((r3 + 8));
0x00012434 cmp r3, 0 |
| if (r3 == 0) {
0x00012438 bne 0x12458 |
0x0001243c ldr r2, [fp, -0x98] | r2 = var_a4h;
0x00012440 ldr r3, [fp, -0xa8] | r3 = var_a8h;
0x00012444 str r2, [r3, 8] | *((r3 + 8)) = r2;
0x00012448 ldr r2, [fp, -0x98] | r2 = var_a4h;
0x0001244c ldr r3, [fp, -0xa8] | r3 = var_a8h;
0x00012450 str r2, [r3, 0xc] | *((r3 + 0xc)) = r2;
0x00012454 b 0x12468 |
| } else {
0x00012458 ldr r3, [fp, -0xa8] | r3 = var_a8h;
0x0001245c ldr r3, [r3, 0xc] | r3 = *((r3 + 0xc));
0x00012460 ldr r2, [fp, -0x98] | r2 = var_a4h;
0x00012464 str r2, [r3] | *(r3) = r2;
| }
0x00012468 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x0001246c mov r2, 0 | r2 = 0;
0x00012470 str r2, [r3] | *(r3) = r2;
0x00012474 ldr r3, [fp, -0xa8] | r3 = var_a8h;
0x00012478 ldr r2, [r3, 8] | r2 = *((r3 + 8));
0x0001247c ldr r3, [fp, -0x98] | r3 = var_a4h;
0x00012480 cmp r2, r3 |
| if (r2 == r3) {
0x00012484 bne 0x12498 |
0x00012488 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x0001248c mov r2, 0 | r2 = 0;
0x00012490 str r2, [r3, 4] | *((r3 + 4)) = r2;
0x00012494 b 0x124a8 |
| } else {
0x00012498 ldr r3, [fp, -0x98] | r3 = var_a4h;
0x0001249c ldr r2, [fp, -0xa8] | r2 = var_a8h;
0x000124a0 ldr r2, [r2, 0xc] | r2 = *((r2 + 0xc));
0x000124a4 str r2, [r3, 4] | *((r3 + 4)) = r2;
| }
0x000124a8 ldr r2, [fp, -0x98] | r2 = var_a4h;
0x000124ac ldr r3, [fp, -0xa8] | r3 = var_a8h;
0x000124b0 str r2, [r3, 0xc] | *((r3 + 0xc)) = r2;
0x000124b4 mov r0, r0 |
| }
| }
0x000124b8 sub sp, fp, 8 |
0x000124bc pop {r4, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/root/AJAJPost.dll @ 0x137c0 */
| #include <stdint.h>
|
; (fcn) sym.scgi_initialize () | void scgi_initialize (int32_t arg1) {
| int32_t var_c8h;
| int32_t var_c0h;
| int32_t var_40h;
| int32_t var_3ch;
| int32_t var_38h;
| int32_t var_34h;
| int32_t var_1ch;
| int32_t var_18h;
| int32_t fildes;
| int32_t var_10h;
| int32_t var_0h;
| char * var_sp_c0h;
| int32_t var_sp_40h;
| void * s;
| int32_t var_sp_38h;
| int32_t var_sp_1ch;
| int32_t var_sp_18h;
| int32_t var_sp_14h;
| int32_t var_8h;
| r0 = arg1;
0x000137c0 push {r4, fp, lr} |
0x000137c4 add fp, sp, 8 |
0x000137c8 sub sp, sp, 0xcc |
0x000137cc str r0, [fp, -0xc8] | var_c8h = r0;
0x000137d0 mov r3, 1 | r3 = 1;
0x000137d4 str r3, [fp, -0x1c] | var_1ch = r3;
0x000137d8 sub r3, fp, 0x3c | r3 -= s;
0x000137dc mov r2, 0x20 | r2 = 0x20;
0x000137e0 mov r1, 0 | r1 = 0;
0x000137e4 mov r0, r3 | r0 = r3;
0x000137e8 bl 0x10c48 | memset (r0, r1, r2);
0x000137ec mov r3, 2 | r3 = 2;
0x000137f0 str r3, [fp, -0x38] | var_38h = r3;
0x000137f4 mov r3, 1 | r3 = 1;
0x000137f8 str r3, [fp, -0x34] | var_34h = r3;
0x000137fc mov r3, 1 | r3 = 1;
0x00013800 str r3, [fp, -0x3c] | var_3ch = r3;
0x00013804 sub r3, fp, 0xc0 | r3 -= var_sp_c0h;
0x00013808 ldr r2, [fp, -0xc8] | r2 = var_c8h;
0x0001380c ldr r1, [pc, 0x2ac] | r1 = *(0x13abc);
0x00013810 mov r0, r3 | r0 = r3;
0x00013814 bl 0x10c84 | sprintf (r0, r1, r2);
0x00013818 sub r3, fp, 0x40 | r3 -= var_sp_40h;
0x0001381c sub r2, fp, 0x3c | r2 -= s;
0x00013820 sub r1, fp, 0xc0 | r1 -= var_sp_c0h;
0x00013824 mov r0, 0 | r0 = 0;
0x00013828 bl 0x10cfc | r0 = getaddrinfo ();
0x0001382c mov r3, r0 | r3 = r0;
0x00013830 str r3, [fp, -0x10] | var_1ch = r3;
0x00013834 ldr r3, [fp, -0x10] | r3 = var_1ch;
0x00013838 cmp r3, 0 |
| if (r3 == 0) {
0x0001383c movne r3, 1 | r3 = 1;
| }
| if (r3 != 0) {
0x00013840 moveq r3, 0 | r3 = 0;
| }
0x00013844 and r3, r3, 0xff | r3 &= 0xff;
0x00013848 cmp r3, 0 |
| if (r3 != 0) {
0x0001384c beq 0x13870 |
0x00013850 ldr r3, [pc, 0x26c] |
0x00013854 ldr r3, [r3] | r3 = "_d";
0x00013858 mov r2, 0x13 | r2 = 0x13;
0x0001385c mov r1, 1 | r1 = 1;
0x00013860 ldr r0, [pc, 0x260] | r0 = stderr;
0x00013864 bl 0x10b7c | fwrite (r0, r1, r2, "_d");
0x00013868 mov r3, 0 | r3 = 0;
0x0001386c b 0x13ab4 |
| } else {
0x00013870 ldr r3, [fp, -0x40] | r3 = var_40h;
0x00013874 ldr r0, [r3, 4] | r0 = *((r3 + 4));
0x00013878 ldr r3, [fp, -0x40] | r3 = var_40h;
0x0001387c ldr r1, [r3, 8] | r1 = *((r3 + 8));
0x00013880 ldr r3, [fp, -0x40] | r3 = var_40h;
0x00013884 ldr r3, [r3, 0xc] | r3 = *((r3 + 0xc));
0x00013888 mov r2, r3 | r2 = r3;
0x0001388c bl 0x10c90 | socket (r0, r1, r2);
0x00013890 str r0, [fp, -0x14] | fildes = r0;
0x00013894 ldr r3, [fp, -0x14] | r3 = fildes;
0x00013898 cmn r3, 1 |
| if (r3 == 1) {
0x0001389c bne 0x138cc |
0x000138a0 ldr r3, [pc, 0x21c] | r3 = "_d";
0x000138a4 ldr r4, [r3] | r4 = "_d";
0x000138a8 bl 0x10b70 | r0 = errno_location ();
0x000138ac mov r3, r0 | r3 = r0;
0x000138b0 ldr r3, [r3] | r3 = *(r3);
0x000138b4 mov r2, r3 | r2 = r3;
0x000138b8 ldr r1, [pc, 0x20c] | r1 = "scgi_initialize:_1";
0x000138bc mov r0, r4 | r0 = r4;
0x000138c0 bl 0x10c60 | fprintf (r0, "scgi_initialize:_1", r2, r3)
0x000138c4 mov r3, 0 | r3 = 0;
0x000138c8 b 0x13ab4 |
| } else {
0x000138cc sub r2, fp, 0x1c | r2 -= var_sp_1ch;
0x000138d0 mov r3, 4 | r3 = 4;
0x000138d4 str r3, [sp] | *(sp) = r3;
0x000138d8 mov r3, r2 | r3 = r2;
0x000138dc mov r2, 2 | r2 = 2;
0x000138e0 mov r1, 1 | r1 = 1;
0x000138e4 ldr r0, [fp, -0x14] | r0 = fildes;
0x000138e8 bl 0x10c30 | setsockopt ();
0x000138ec ldr r3, [fp, -0x40] | r3 = var_40h;
0x000138f0 ldr r1, [r3, 0x14] | r1 = *((r3 + 0x14));
0x000138f4 ldr r3, [fp, -0x40] | r3 = var_40h;
0x000138f8 ldr r3, [r3, 0x10] | r3 = *((r3 + 0x10));
0x000138fc mov r2, r3 | r2 = r3;
0x00013900 ldr r0, [fp, -0x14] | r0 = fildes;
0x00013904 bl 0x10b40 | r0 = bind (r0, r1, r2);
0x00013908 mov r3, r0 | r3 = r0;
0x0001390c cmn r3, 1 |
| if (r3 != 1) {
0x00013910 beq 0x1392c |
0x00013914 mov r1, 0x20 | r1 = 0x20;
0x00013918 ldr r0, [fp, -0x14] | r0 = fildes;
0x0001391c bl 0x10cf0 | r0 = listen (r0, r1);
0x00013920 mov r3, r0 | r3 = r0;
0x00013924 cmn r3, 1 |
| if (r3 != 1) {
0x00013928 bne 0x13934 | goto label_0;
| }
| }
0x0001392c mov r3, 1 | r3 = 1;
0x00013930 b 0x13938 | goto label_1;
| label_0:
0x00013934 mov r3, 0 | r3 = 0;
| label_1:
0x00013938 cmp r3, 0 |
| if (r3 != 0) {
0x0001393c beq 0x13968 |
0x00013940 ldr r3, [pc, 0x17c] |
0x00013944 ldr r3, [r3] | r3 = "_d";
0x00013948 mov r2, 0x13 | r2 = 0x13;
0x0001394c mov r1, 1 | r1 = 1;
0x00013950 ldr r0, [pc, 0x178] | r0 = "socket_failed:__d";
0x00013954 bl 0x10b7c | fwrite ("socket_failed:__d", r1, r2, "_d");
0x00013958 ldr r0, [fp, -0x14] | r0 = fildes;
0x0001395c bl 0x10c3c | close (r0);
0x00013960 mov r3, 0 | r3 = 0;
0x00013964 b 0x13ab4 |
| } else {
0x00013968 ldr r3, [fp, -0x40] | r3 = var_40h;
0x0001396c mov r0, r3 | r0 = r3;
0x00013970 bl 0x10bd0 | freeaddrinfo ();
0x00013974 mov r1, 0x1c | r1 = 0x1c;
0x00013978 mov r0, 1 | r0 = 1;
0x0001397c bl 0x10b64 | r0 = calloc (r0, r1);
0x00013980 mov r3, r0 | r3 = r0;
0x00013984 str r3, [fp, -0x18] | var_18h = r3;
0x00013988 ldr r3, [fp, -0x18] | r3 = var_18h;
0x0001398c cmp r3, 0 |
| if (r3 != 0) {
0x00013990 moveq r3, 1 | r3 = 1;
| }
| if (r3 == 0) {
0x00013994 movne r3, 0 | r3 = 0;
| }
0x00013998 and r3, r3, 0xff | r3 &= 0xff;
0x0001399c cmp r3, 0 |
| if (r3 != 0) {
0x000139a0 beq 0x139b0 |
0x000139a4 ldr r0, [pc, 0x128] | r0 = "scgi_initialize:_3";
0x000139a8 bl 0x128dc | scgi_perror ();
0x000139ac bl 0x10c78 | abort ();
| }
0x000139b0 ldr r3, [fp, -0x18] | r3 = var_18h;
0x000139b4 mov r2, 0 | r2 = 0;
0x000139b8 str r2, [r3] | *(r3) = r2;
0x000139bc ldr r3, [fp, -0x18] | r3 = var_18h;
0x000139c0 mov r2, 0 | r2 = 0;
0x000139c4 str r2, [r3, 4] | *((r3 + 4)) = r2;
0x000139c8 ldr r3, [fp, -0x18] | r3 = var_18h;
0x000139cc mov r2, 0 | r2 = 0;
0x000139d0 str r2, [r3, 8] | *((r3 + 8)) = r2;
0x000139d4 ldr r3, [fp, -0x18] | r3 = var_18h;
0x000139d8 mov r2, 0 | r2 = 0;
0x000139dc str r2, [r3, 0xc] | *((r3 + 0xc)) = r2;
0x000139e0 ldr r3, [fp, -0x18] | r3 = var_18h;
0x000139e4 ldr r2, [fp, -0xc8] | r2 = var_c8h;
0x000139e8 str r2, [r3, 0x10] | *((r3 + 0x10)) = r2;
0x000139ec ldr r3, [fp, -0x18] | r3 = var_18h;
0x000139f0 ldr r2, [fp, -0x14] | r2 = fildes;
0x000139f4 str r2, [r3, 0x14] | *((r3 + 0x14)) = r2;
0x000139f8 ldr r3, [pc, 0xd8] |
0x000139fc ldr r3, [r3] | r3 = "scgilib:_Out_of_RAM__Emergency_shutdown.";
0x00013a00 cmp r3, 0 |
| if (r3 != 0) {
0x00013a04 beq 0x13a28 |
0x00013a08 ldr r3, [pc, 0xc8] |
0x00013a0c ldr r3, [r3] | r3 = "scgilib:_Out_of_RAM__Emergency_shutdown.";
0x00013a10 ldr r4, [fp, -0x18] | r4 = var_18h;
0x00013a14 mov r1, 0 | r1 = 0;
0x00013a18 ldr r0, [fp, -0x14] | r0 = fildes;
0x00013a1c blx r3 | r0 = uint32_t (*r3)(uint32_t, uint32_t, char*) (r0, r1, "scgilib:_Out_of_RAM__Emergency_shutdown.");
0x00013a20 mov r3, r0 | r3 = r0;
0x00013a24 str r3, [r4, 0x18] | *((r4 + 0x18)) = r3;
| }
0x00013a28 ldr r3, [pc, 0xac] |
0x00013a2c ldr r3, [r3] | r3 = scgi_fd_newfd_cb;
0x00013a30 cmp r3, 0 |
| if (r3 == 0) {
0x00013a34 bne 0x13a54 |
0x00013a38 ldr r3, [fp, -0x18] | r3 = var_18h;
0x00013a3c ldr r2, [pc, 0x98] | r2 = scgi_fd_newfd_cb;
0x00013a40 str r3, [r2] | *(r2) = r3;
0x00013a44 ldr r3, [fp, -0x18] | r3 = var_18h;
0x00013a48 ldr r2, [pc, 0x90] | r2 = *(0x13adc);
0x00013a4c str r3, [r2] | *(r2) = r3;
0x00013a50 b 0x13a64 |
| } else {
0x00013a54 ldr r3, [pc, 0x84] |
0x00013a58 ldr r3, [r3] | r3 = *(0x13adc);
0x00013a5c ldr r2, [fp, -0x18] | r2 = var_18h;
0x00013a60 str r2, [r3] | *(r3) = r2;
| }
0x00013a64 ldr r3, [fp, -0x18] | r3 = var_18h;
0x00013a68 mov r2, 0 | r2 = 0;
0x00013a6c str r2, [r3] | *(r3) = r2;
0x00013a70 ldr r3, [pc, 0x64] | r3 = scgi_fd_newfd_cb;
0x00013a74 ldr r2, [r3] | r2 = scgi_fd_newfd_cb;
0x00013a78 ldr r3, [fp, -0x18] | r3 = var_18h;
0x00013a7c cmp r2, r3 |
| if (r2 == r3) {
0x00013a80 bne 0x13a94 |
0x00013a84 ldr r3, [fp, -0x18] | r3 = var_18h;
0x00013a88 mov r2, 0 | r2 = 0;
0x00013a8c str r2, [r3, 4] | *((r3 + 4)) = r2;
0x00013a90 b 0x13aa4 |
| } else {
0x00013a94 ldr r3, [fp, -0x18] | r3 = var_18h;
0x00013a98 ldr r2, [pc, 0x40] |
0x00013a9c ldr r2, [r2] | r2 = *(0x13adc);
0x00013aa0 str r2, [r3, 4] | *((r3 + 4)) = r2;
| }
0x00013aa4 ldr r3, [fp, -0x18] | r3 = var_18h;
0x00013aa8 ldr r2, [pc, 0x30] | r2 = *(0x13adc);
0x00013aac str r3, [r2] | *(r2) = r3;
0x00013ab0 mov r3, 1 | r3 = 1;
| }
| }
| }
0x00013ab4 mov r0, r3 | r0 = r3;
0x00013ab8 sub sp, fp, 8 |
0x00013abc pop {r4, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/root/AJAJPost.dll @ 0x125d8 */
| #include <stdint.h>
|
; (fcn) sym.scgi_listen_to_request () | void scgi_listen_to_request (int32_t arg1) {
| int32_t var_30h;
| int32_t var_28h;
| int32_t var_24h;
| int32_t var_20h;
| int32_t var_1ch;
| int32_t var_15h;
| int32_t var_14h;
| void * buffer;
| int32_t var_sp_28h;
| int32_t var_sp_20h;
| int8_t var_sp_15h;
| int32_t var_8h;
| r0 = arg1;
0x000125d8 push {r4, fp, lr} |
0x000125dc add fp, sp, 8 |
0x000125e0 sub sp, sp, 0x2c |
0x000125e4 str r0, [fp, -0x30] | var_30h = r0;
0x000125e8 ldr r3, [fp, -0x30] | r3 = var_30h;
0x000125ec ldr r3, [r3, 0x1c] | r3 = *((r3 + 0x1c));
0x000125f0 str r3, [fp, -0x10] | buffer = r3;
0x000125f4 mov r3, 0 | r3 = 0;
0x000125f8 strb r3, [fp, -0x15] | var_15h = r3;
0x000125fc ldr r3, [fp, -0x30] | r3 = var_30h;
0x00012600 ldr r3, [r3, 0x10] | r3 = *((r3 + 0x10));
0x00012604 str r3, [fp, -0x28] | var_28h = r3;
0x00012608 mov r3, 1 | r3 = 1;
0x0001260c strh r3, [fp, -0x24] | var_30h = r3;
| do {
0x00012610 ldr r3, [fp, -0x30] | r3 = var_30h;
0x00012614 ldr r3, [r3, 0x18] | r3 = *((r3 + 0x18));
0x00012618 sub r2, r3, 5 | r2 = r3 - 5;
0x0001261c ldr r3, [fp, -0x10] | r3 = buffer;
0x00012620 sub r3, r2, r3 | r3 = r2 - r3;
0x00012624 cmp r3, 0x20000 |
| if (r3 > 0x20000) {
0x00012628 ble 0x12638 |
0x0001262c mov r3, 0x20000 | r3 = 0x20000;
0x00012630 str r3, [fp, -0x1c] | var_28h = r3;
0x00012634 b 0x12650 |
| } else {
0x00012638 ldr r3, [fp, -0x30] | r3 = var_30h;
0x0001263c ldr r3, [r3, 0x18] | r3 = *((r3 + 0x18));
0x00012640 sub r2, r3, 5 | r2 = r3 - 5;
0x00012644 ldr r3, [fp, -0x10] | r3 = buffer;
0x00012648 sub r3, r2, r3 | r3 = r2 - r3;
0x0001264c str r3, [fp, -0x1c] | var_28h = r3;
| }
0x00012650 sub r3, fp, 0x28 | r3 -= var_sp_28h;
0x00012654 mov r2, 2 | r2 = 2;
0x00012658 mov r1, 1 | r1 = 1;
0x0001265c mov r0, r3 | r0 = r3;
0x00012660 bl 0x10b34 | r0 = poll ();
0x00012664 mov r3, r0 | r3 = r0;
0x00012668 str r3, [fp, -0x20] | var_20h = r3;
0x0001266c ldr r3, [fp, -0x20] | r3 = var_20h;
0x00012670 cmn r3, 1 |
| if (r3 != 1) {
0x00012674 beq 0x12684 |
0x00012678 cmp r3, 0 |
| if (r3 != 0) {
0x0001267c beq 0x126b4 |
0x00012680 b 0x126c0 |
| } else {
0x00012684 ldr r3, [pc, 0x18c] | r3 = *(0x12814);
0x00012688 ldr r4, [r3] | r4 = *(0x12814);
0x0001268c bl 0x10b70 | r0 = errno_location ();
0x00012690 mov r3, r0 | r3 = r0;
0x00012694 ldr r3, [r3] | r3 = *(r3);
0x00012698 mov r2, r3 | r2 = r3;
0x0001269c ldr r1, [pc, 0x178] | r1 = stderr;
0x000126a0 mov r0, r4 | r0 = r4;
0x000126a4 bl 0x10c60 | fprintf (r0, r1, r2, r3)
0x000126a8 mvn r3, 0 | r3 = ~0;
0x000126ac str r3, [fp, -0x14] | var_20h = r3;
0x000126b0 b 0x126f0 | goto label_0;
| }
0x000126b4 mov r3, 0 | r3 = 0;
0x000126b8 str r3, [fp, -0x14] | var_20h = r3;
0x000126bc b 0x126f0 | goto label_0;
| }
0x000126c0 ldr r3, [fp, -0x30] | r3 = var_30h;
0x000126c4 ldr r0, [r3, 0x10] | r0 = *((r3 + 0x10));
0x000126c8 ldr r3, [fp, -0x30] | r3 = var_30h;
0x000126cc ldr r2, [r3, 0x14] | r2 = *((r3 + 0x14));
0x000126d0 ldr r3, [fp, -0x10] | r3 = buffer;
0x000126d4 add r1, r2, r3 | r1 = r2 + r3;
0x000126d8 ldr r2, [fp, -0x1c] | r2 = var_28h;
0x000126dc mov r3, 0 | r3 = 0;
0x000126e0 bl 0x10c00 | r0 = recv (r0, r1);
0x000126e4 mov r3, r0 | r3 = r0;
0x000126e8 str r3, [fp, -0x14] | var_20h = r3;
0x000126ec mov r0, r0 |
| label_0:
0x000126f0 ldr r3, [fp, -0x14] | r3 = var_20h;
0x000126f4 cmp r3, 0 |
| if (r3 > 0) {
0x000126f8 ble 0x1277c |
0x000126fc mov r3, 1 | r3 = 1;
0x00012700 strb r3, [fp, -0x15] | var_15h = r3;
0x00012704 ldr r3, [fp, -0x30] | r3 = var_30h;
0x00012708 ldr r2, [r3, 0x1c] | r2 = *((r3 + 0x1c));
0x0001270c ldr r3, [fp, -0x14] | r3 = var_20h;
0x00012710 add r2, r2, r3 | r2 += r3;
0x00012714 ldr r3, [fp, -0x30] | r3 = var_30h;
0x00012718 str r2, [r3, 0x1c] | *((r3 + 0x1c)) = r2;
0x0001271c ldr r2, [fp, -0x10] | r2 = buffer;
0x00012720 ldr r3, [fp, -0x14] | r3 = var_20h;
0x00012724 add r3, r2, r3 | r3 = r2 + r3;
0x00012728 str r3, [fp, -0x10] | buffer = r3;
0x0001272c ldr r3, [fp, -0x30] | r3 = var_30h;
0x00012730 ldr r3, [r3, 0x18] | r3 = *((r3 + 0x18));
0x00012734 sub r3, r3, 5 | r3 -= 5;
0x00012738 ldr r2, [fp, -0x10] | r2 = buffer;
0x0001273c cmp r2, r3 |
| if (r2 < r3) {
0x00012740 blt 0x127ac | goto label_1;
| }
0x00012744 ldr r3, [fp, -0x30] | r3 = var_30h;
0x00012748 add r3, r3, 0x14 | r3 += 0x14;
0x0001274c mov r1, r3 | r1 = r3;
0x00012750 ldr r0, [fp, -0x30] | r0 = var_30h;
0x00012754 bl 0x124ec | r0 = sym ();
0x00012758 mov r3, r0 | r3 = r0;
0x0001275c cmp r3, 0 |
| if (r3 != 0) {
0x00012760 moveq r3, 1 | r3 = 1;
| }
| if (r3 == 0) {
0x00012764 movne r3, 0 | r3 = 0;
| }
0x00012768 and r3, r3, 0xff | r3 &= 0xff;
0x0001276c cmp r3, 0 |
| if (r3 == 0) {
0x00012770 beq 0x127ac | goto label_1;
| }
0x00012774 mov r3, 0 | r3 = 0;
0x00012778 b 0x1280c | goto label_2;
| }
0x0001277c ldr r3, [fp, -0x14] | r3 = var_20h;
0x00012780 cmp r3, 0 |
| if (r3 < 0) {
0x00012784 bge 0x127ac |
0x00012788 ldr r3, [pc, 0x88] | r3 = *(0x12814);
0x0001278c ldr r4, [r3] | r4 = *(0x12814);
0x00012790 bl 0x10b70 | r0 = errno_location ();
0x00012794 mov r3, r0 | r3 = r0;
0x00012798 ldr r2, [r3] | r2 = *(r3);
0x0001279c ldr r3, [fp, -0x14] | r3 = var_20h;
0x000127a0 ldr r1, [pc, 0x78] | r1 = "poll__1_error:_d_";
0x000127a4 mov r0, r4 | r0 = r4;
0x000127a8 bl 0x10c60 | fprintf (r0, "poll__1_error:_d_", r2, r3)
| }
| label_1:
0x000127ac ldr r3, [fp, -0x14] | r3 = var_20h;
0x000127b0 cmp r3, 0 |
| if (r3 <= 0) {
0x000127b4 ble 0x127bc | goto label_3;
| }
0x000127b8 b 0x12610 |
| } while (1);
| label_3:
0x000127bc ldrb r3, [fp, -0x15] | r3 = var_15h;
0x000127c0 cmp r3, 0 |
| if (r3 != 0) {
0x000127c4 beq 0x127d8 |
0x000127c8 ldr r0, [fp, -0x30] | r0 = var_30h;
0x000127cc bl 0x12918 | sym ();
0x000127d0 mov r3, 1 | r3 = 1;
0x000127d4 b 0x1280c |
| } else {
0x000127d8 ldr r3, [fp, -0x14] | r3 = var_20h;
0x000127dc cmp r3, 0 |
| if (r3 != 0) {
0x000127e0 beq 0x127f8 |
0x000127e4 bl 0x10b70 | r0 = errno_location ();
0x000127e8 mov r3, r0 | r3 = r0;
0x000127ec ldr r3, [r3] | r3 = *(r3);
0x000127f0 cmp r3, 0xb |
| if (r3 == 0xb) {
0x000127f4 beq 0x12808 | goto label_4;
| }
| }
0x000127f8 ldr r0, [fp, -0x30] | r0 = var_30h;
0x000127fc bl 0x11bb0 | scgi_kill_socket ();
0x00012800 mov r3, 0 | r3 = 0;
0x00012804 b 0x1280c | goto label_2;
| label_4:
0x00012808 mov r3, 0 | r3 = 0;
| }
| label_2:
0x0001280c mov r0, r3 | r0 = r3;
0x00012810 sub sp, fp, 8 |
0x00012814 pop {r4, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/root/AJAJPost.dll @ 0x128dc */
| #include <stdint.h>
|
; (fcn) sym.scgi_perror () | void scgi_perror (int32_t arg1) {
| int32_t var_8h;
| int32_t var_4h_2;
| int32_t var_4h;
| r0 = arg1;
0x000128dc push {fp, lr} |
0x000128e0 add fp, sp, 4 |
0x000128e4 sub sp, sp, 8 |
0x000128e8 str r0, [fp, -8] | var_8h = r0;
0x000128ec ldr r3, [pc, 0x1c] |
0x000128f0 ldr r3, [r3] | r3 = *(0x1290c);
0x000128f4 ldr r2, [fp, -8] | r2 = var_8h;
0x000128f8 ldr r1, [pc, 0x14] | r1 = stderr;
0x000128fc mov r0, r3 | r0 = r3;
0x00012900 bl 0x10c60 | r0 = fprintf (r0, r1, r2, r3)
0x00012904 mov r0, r0 |
0x00012908 sub sp, fp, 4 |
0x0001290c pop {fp, pc} |
| }
[*] Function fprintf used 13 times AJAJPost.dll
