[*] Binary protection state of nanddump
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of nanddump
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/nanddump @ 0x11b04 */
| #include <stdint.h>
|
; (fcn) fcn.00011b04 () | void fcn_00011b04 (int32_t arg_18h, int32_t arg_20h, void * arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00011b04 cmp r3, 0 |
0x00011b08 push {r4, r5, r6, r7, r8, lr} |
0x00011b0c mov r7, r0 | r7 = r0;
0x00011b10 mov r6, r1 | r6 = r1;
0x00011b14 mov r5, r2 | r5 = r2;
| if (r3 == 0) {
0x00011b18 beq 0x11c10 | goto label_3;
| }
0x00011b1c ldrd r2, r3, [sp, 0x20] | __asm ("ldrd r2, r3, [arg_20h]");
0x00011b20 ldr r1, [pc, 0x134] | r1 = *(0x11c58);
0x00011b24 mov r0, r5 | r0 = r5;
0x00011b28 bl 0x10b84 | r0 = sprintf (r0, r1, r2)
0x00011b2c mov r4, r0 | r4 = r0;
| label_0:
0x00011b30 cmp r6, 0 |
| if (r6 == 0) {
0x00011b34 beq 0x11bf8 | goto label_4;
| }
0x00011b38 ldr ip, [pc, 0x120] | ip = "_123456789abcdef";
0x00011b3c cmp r6, 0x10 |
| if (r6 < 0x10) {
0x00011b40 movhs r6, 0x10 | r6 = 0x10;
| }
0x00011b44 mov r3, 0 | r3 = 0;
0x00011b48 mov lr, 0x20 | lr = 0x20;
| label_1:
0x00011b4c add r1, r4, 3 | r1 = r4 + 3;
0x00011b50 cmp r1, 0x50 |
| if (r1 < 0x50) {
0x00011b54 bls 0x11c24 | goto label_5;
| }
0x00011b58 cmp r3, 0 |
| if (r3 != 0) {
0x00011b5c bne 0x11c54 | goto label_6;
| }
| label_2:
0x00011b60 ldrb r3, [sp, 0x18] | r3 = *(arg_18h);
0x00011b64 cmp r3, 0 |
| if (r3 == 0) {
0x00011b68 beq 0x11bf8 | goto label_4;
| }
0x00011b6c rsb r2, r4, 0x3d | r2 = 0x3d - r4;
0x00011b70 cmp r2, 1 |
0x00011b74 ldr r3, [pc, 0xe8] | r3 = "_123456789abcdef";
| if (r2 >= 1) {
0x00011b78 movlo r2, 1 | r2 = 1;
| }
0x00011b7c ldr r1, [pc, 0xe4] | r1 = *(0x11c64);
0x00011b80 add r0, r5, r4 | r0 = r5 + r4;
0x00011b84 bl 0x10b84 | sprintf (r0, r1, r2)
0x00011b88 ldr lr, [pc, 0xdc] |
0x00011b8c mov r3, 0x7c | r3 = 0x7c;
0x00011b90 sub ip, r7, 1 |
0x00011b94 add r0, r0, r4 | r0 += r4;
0x00011b98 add r2, r0, 1 | r2 = r0 + 1;
0x00011b9c add r1, r5, r0 | r1 = r5 + r0;
0x00011ba0 strb r3, [r5, r0] | *((r5 + r0)) = r3;
| do {
0x00011ba4 add r3, r2, 2 | r3 = r2 + 2;
0x00011ba8 cmp r3, 0x4f |
| if (r3 > 0x4f) {
0x00011bac bhi 0x11bec | goto label_7;
| }
0x00011bb0 ldrb r3, [ip, 1]! | r3 = *((ip += 1));
0x00011bb4 tst r3, 0x80 |
| if ((r3 & 0x80) == 0) {
0x00011bb8 movne r3, 0x2e | r3 = 0x2e;
| }
| if ((r3 & 0x80) == 0) {
0x00011bbc bne 0x11bd4 |
0x00011bc0 ldr r7, [lr] | r7 = *(lr);
0x00011bc4 lsl r4, r3, 1 | r4 = r3 << 1;
0x00011bc8 ldrh r4, [r7, r4] | r4 = *((r7 + r4));
0x00011bcc tst r4, 0x40 |
| if ((r4 & 0x40) == 0) {
0x00011bd0 moveq r3, 0x2e | r3 = 0x2e;
| goto label_8;
| }
| }
| label_8:
0x00011bd4 strb r3, [r1, 1]! | *((r1 += 1)) = r3;
0x00011bd8 sub r3, r1, r5 | r3 = r1 - r5;
0x00011bdc sub r3, r3, r0 | r3 -= r0;
0x00011be0 cmp r6, r3 |
0x00011be4 add r2, r2, 1 | r2++;
0x00011be8 bhi 0x11ba4 |
| } while (r6 > r3);
| label_7:
0x00011bec mov r3, 0x7c | r3 = 0x7c;
0x00011bf0 add r4, r2, 1 | r4 = r2 + 1;
0x00011bf4 strb r3, [r5, r2] | *((r5 + r2)) = r3;
| label_4:
0x00011bf8 mov r2, r5 | r2 = r5;
0x00011bfc mov r3, 0xa | r3 = 0xa;
0x00011c00 strb r3, [r2, r4]! | *((r2 += r4)) = r3;
0x00011c04 mov r3, 0 | r3 = 0;
0x00011c08 strb r3, [r2, 1] | *((r2 + 1)) = r3;
0x00011c0c pop {r4, r5, r6, r7, r8, pc} |
| label_3:
0x00011c10 ldr r1, [pc, 0x58] | r1 = __ctype_b;
0x00011c14 mov r0, r2 | r0 = r2;
0x00011c18 bl 0x10a28 | strcpy (r0, r1);
0x00011c1c mov r4, 0xc | r4 = 0xc;
0x00011c20 b 0x11b30 | goto label_0;
| label_5:
0x00011c24 ldrb r2, [r7, r3] | r2 = *((r7 + r3));
0x00011c28 add r3, r3, 1 | r3++;
0x00011c2c ldrb r4, [ip, r2, lsr 4] | offset_0 = r2 >> 4;
| r4 = *((ip + offset_0));
0x00011c30 and r2, r2, 0xf | r2 &= 0xf;
0x00011c34 ldrb r2, [ip, r2] | r2 = *((ip + r2));
0x00011c38 add r0, r5, r1 | r0 = r5 + r1;
0x00011c3c cmp r3, r6 |
0x00011c40 strb r4, [r0, -3] | *((r0 - 3)) = r4;
0x00011c44 strb r2, [r0, -2] | *((r0 - 2)) = r2;
0x00011c48 strb lr, [r0, -1] |
0x00011c4c mov r4, r1 | r4 = r1;
| if (r3 <= r6) {
0x00011c50 blo 0x11b4c | goto label_1;
| }
| label_6:
0x00011c54 sub r4, r4, 1 | r4--;
0x00011c58 b 0x11b60 | goto label_2;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/nanddump @ 0x11c74 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00011c74 () | void fcn_00011c74 (char * s) {
| int32_t var_120h;
| int32_t var_11ch;
| int32_t var_0h;
| int32_t var_4h;
| int32_t var_8h;
| int32_t var_18h_2;
| int32_t var_18h;
| r0 = s;
0x00011c74 push {r4, r5, r6, r7, r8, fp, lr} |
0x00011c78 add fp, sp, 0x18 |
0x00011c7c sub sp, sp, 0x114 |
0x00011c80 mov r5, r0 | r5 = r0;
0x00011c84 ldr r0, [r0, 0xc] | r0 = *((r0 + 0xc));
0x00011c88 bl 0x10bb4 | r0 = strlen (r0);
0x00011c8c add r0, r0, 0x11 | r0 += 0x11;
0x00011c90 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00011c94 sub sp, sp, r0 |
0x00011c98 ldr r0, [r5] | r0 = *(r5);
0x00011c9c bl 0x10b6c | r0 = opendir ();
0x00011ca0 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 == r0) {
0x00011ca4 addne r7, sp, 8 | r7 += var_8h;
| }
| if (r4 == r0) {
0x00011ca8 ldrne r8, [pc, 0x1a0] | r8 = "mtd_d_s";
| }
| if (r4 != r0) {
0x00011cac bne 0x11d08 | goto label_3;
| }
0x00011cb0 bl 0x10b9c | r0 = errno_location ();
0x00011cb4 ldr r6, [r0] | r6 = *(r0);
0x00011cb8 cmp r6, 2 |
| if (r6 != 2) {
0x00011cbc streq r4, [r0] | *(r0) = r4;
| }
| if (r6 == 2) {
0x00011cc0 beq 0x11d60 | goto label_1;
| }
0x00011cc4 ldr r4, [pc, 0x188] |
0x00011cc8 ldr r3, [r5] | r3 = *(r5);
0x00011ccc ldr r2, [pc, 0x184] | r2 = stderr;
0x00011cd0 ldr r1, [pc, 0x184] | r1 = "libmtd";
0x00011cd4 ldr r0, [r4] | r0 = "mtd_d_s";
0x00011cd8 bl 0x10ae8 | fprintf ("mtd_d_s", "libmtd", r2, r3, "mtd_d_s");
0x00011cdc mov r0, r6 | r0 = r6;
0x00011ce0 ldr r4, [r4] | r4 = "mtd_d_s";
0x00011ce4 bl 0x10a4c | strerror (r0);
0x00011ce8 ldr r3, [pc, 0x170] | r3 = "%s: error!: cannot open \"%s\"\n";
0x00011cec ldr r1, [pc, 0x170] | r1 = *(0x11e60);
0x00011cf0 mov r2, 8 | r2 = 8;
0x00011cf4 str r6, [sp] | *(sp) = r6;
0x00011cf8 str r0, [sp, 4] | var_4h = r0;
0x00011cfc mov r0, r4 | r0 = r4;
| label_0:
0x00011d00 bl 0x10ae8 | fprintf (r0, r1, r2, "%s: error!: cannot open \"%s\"\n", r4, r5, r6);
0x00011d04 b 0x11d5c |
| while (r0 != 1) {
| label_3:
0x00011d08 mov r0, r4 | r0 = r4;
0x00011d0c bl 0x10b18 | r0 = readdir64 ();
0x00011d10 cmp r0, 0 |
| if (r0 == 0) {
0x00011d14 beq 0x11de4 | goto label_4;
| }
0x00011d18 add r6, r0, 0x13 | r6 = r0 + 0x13;
0x00011d1c mov r0, r6 | r0 = r6;
0x00011d20 bl 0x10bb4 | r0 = strlen (r0);
0x00011d24 cmp r0, 0xfe |
| if (r0 >= 0xfe) {
0x00011d28 bls 0x11d6c |
0x00011d2c ldr r0, [pc, 0x120] |
0x00011d30 str r6, [sp] | *(sp) = r6;
0x00011d34 ldr r2, [pc, 0x11c] | r2 = stderr;
0x00011d38 ldr r3, [r5] | r3 = *(r5);
0x00011d3c ldr r1, [pc, 0x124] | r1 = "_serror__d___s_";
0x00011d40 ldr r0, [r0] | r0 = "mtd_d_s";
0x00011d44 bl 0x10ae8 | r0 = fprintf ("mtd_d_s", "_serror__d___s_", r2, r3, r4, r5, r6);
0x00011d48 bl 0x10b9c | errno_location ();
0x00011d4c mov r3, 0x16 | r3 = 0x16;
0x00011d50 str r3, [r0] | *(r0) = r3;
0x00011d54 mov r0, r4 | r0 = r4;
0x00011d58 bl 0x10bd8 | closedir ();
0x00011d5c mvn r4, 0 | r4 = ~0;
| label_1:
0x00011d60 mov r0, r4 | r0 = r4;
0x00011d64 sub sp, fp, 0x18 |
0x00011d68 pop {r4, r5, r6, r7, r8, fp, pc} |
| }
0x00011d6c sub r3, fp, 0x11c | r3 -= var_11ch;
0x00011d70 sub r2, fp, 0x120 | r2 -= var_120h;
0x00011d74 mov r1, r8 | r1 = r8;
0x00011d78 mov r0, r6 | r0 = r6;
0x00011d7c bl 0x10b30 | r0 = sscanf (r0, r1, r2);
0x00011d80 cmp r0, 1 |
0x00011d84 bne 0x11d08 |
| }
0x00011d88 ldr r6, [fp, -0x120] | r6 = var_120h;
| do {
0x00011d8c mov r0, r4 | r0 = r4;
0x00011d90 bl 0x10bd8 | r0 = closedir ();
0x00011d94 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 == r0) {
0x00011d98 beq 0x11dec | goto label_5;
| }
0x00011d9c bl 0x10b9c | errno_location ();
0x00011da0 ldr r6, [pc, 0xac] | r6 = "mtd_d_s";
0x00011da4 ldr r3, [r5] | r3 = *(r5);
0x00011da8 ldr r2, [pc, 0xa8] | r2 = stderr;
0x00011dac ldr r1, [pc, 0xb8] | r1 = "%s: error!: invalid entry in %s: \"%s\"\n";
0x00011db0 ldr r4, [r0] | r4 = *(r0);
0x00011db4 ldr r0, [r6] | r0 = "mtd_d_s";
0x00011db8 bl 0x10ae8 | fprintf ("mtd_d_s", "%s: error!: invalid entry in %s: \"%s\"\n", r2, r3, r4, r5, "mtd_d_s");
0x00011dbc ldr r5, [r6] | r5 = "mtd_d_s";
| label_2:
0x00011dc0 mov r0, r4 | r0 = r4;
0x00011dc4 bl 0x10a4c | strerror (r0);
0x00011dc8 str r4, [sp] | *(sp) = r4;
0x00011dcc ldr r3, [pc, 0x8c] | r3 = "%s: error!: cannot open \"%s\"\n";
0x00011dd0 mov r2, 8 | r2 = 8;
0x00011dd4 ldr r1, [pc, 0x88] | r1 = *(0x11e60);
0x00011dd8 str r0, [sp, 4] | var_4h = r0;
0x00011ddc mov r0, r5 | r0 = r5;
0x00011de0 b 0x11d00 | goto label_0;
| label_4:
0x00011de4 mvn r6, 0 | r6 = ~0;
0x00011de8 b 0x11d8c |
| } while (1);
| label_5:
0x00011dec cmn r6, 1 |
| if (r6 == 1) {
0x00011df0 beq 0x11d60 | goto label_1;
| }
0x00011df4 mov r2, r6 | r2 = r6;
0x00011df8 ldr r1, [r5, 0xc] | r1 = *((r5 + 0xc));
0x00011dfc mov r0, r7 | r0 = r7;
0x00011e00 bl 0x10b84 | sprintf (r0, r1, r2)
0x00011e04 mov r1, 0x80000 | r1 = 0x80000;
0x00011e08 mov r0, r7 | r0 = r7;
0x00011e0c bl 0x10b60 | r0 = open64 ();
0x00011e10 cmn r0, 1 |
| if (r0 == 1) {
0x00011e14 beq 0x11d60 | goto label_1;
| }
0x00011e18 bl 0x10bf0 | r0 = close (r0);
0x00011e1c cmp r0, 0 |
| if (r0 == 0) {
0x00011e20 moveq r4, 1 | r4 = 1;
| goto label_6;
| }
| if (r0 == 0) {
| label_6:
0x00011e24 beq 0x11d60 | goto label_1;
| }
0x00011e28 bl 0x10b9c | errno_location ();
0x00011e2c ldr r5, [pc, 0x20] |
0x00011e30 mov r3, r7 | r3 = r7;
0x00011e34 ldr r2, [pc, 0x1c] | r2 = stderr;
0x00011e38 ldr r1, [pc, 0x30] | r1 = "_s:_error_:_closedir_failed_on___s_";
0x00011e3c ldr r4, [r0] | r4 = *(r0);
0x00011e40 ldr r0, [r5] | r0 = "mtd_d_s";
0x00011e44 bl 0x10ae8 | fprintf ("mtd_d_s", "_s:_error_:_closedir_failed_on___s_", r2, r3, r4, "mtd_d_s");
0x00011e48 ldr r5, [r5] | r5 = "mtd_d_s";
0x00011e4c b 0x11dc0 | goto label_2;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/nanddump @ 0x121bc */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.000121bc () | void fcn_000121bc (int32_t arg1, int32_t arg2) {
| int32_t var_8h;
| char * s;
| int32_t var_1ch;
| int32_t var_14h_2;
| int32_t var_14h;
| r0 = arg1;
| r1 = arg2;
0x000121bc push {r4, r5, r6, r7, fp, lr} |
0x000121c0 add fp, sp, 0x14 |
0x000121c4 sub sp, sp, 0x18 |
0x000121c8 mov r7, r1 | r7 = r1;
0x000121cc mov r6, r0 | r6 = r0;
0x000121d0 mov r5, r2 | r5 = r2;
0x000121d4 bl 0x10bb4 | strlen (r0);
0x000121d8 mov r2, r7 | r2 = r7;
0x000121dc mov r1, r6 | r1 = r6;
0x000121e0 add r0, r0, 0x39 | r0 += 0x39;
0x000121e4 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x000121e8 sub sp, sp, r0 |
0x000121ec add r4, sp, 0x10 | r4 += s;
0x000121f0 mov r0, r4 | r0 = r4;
0x000121f4 bl 0x10b84 | sprintf (r0, r1, r2)
0x000121f8 sub r1, fp, 0x1c | r1 -= s;
0x000121fc mov r0, r4 | r0 = r4;
0x00012200 bl 0x12008 | r0 = fcn_00012008 (r0, r1);
0x00012204 cmp r0, 0 |
| if (r0 == 0) {
0x00012208 bne 0x12248 |
0x0001220c ldrd r2, r3, [fp, -0x1c] | __asm ("ldrd r2, r3, [s]");
0x00012210 cmp r2, 0x80000000 |
0x00012214 sbcs r1, r3, 0 | __asm ("sbcs r1, r3, 0");
| if (r2 >= 0x80000000) {
0x00012218 strlt r2, [r5] | *(r5) = r2;
| }
| if (r2 < 0x80000000) {
0x0001221c blt 0x1224c | goto label_0;
| }
0x00012220 strd r2, r3, [sp] | __asm ("strd r2, r3, [sp]");
0x00012224 ldr r3, [pc, 0x28] | r3 = *(0x12250);
0x00012228 str r4, [sp, 8] | var_8h = r4;
0x0001222c ldr r2, [pc, 0x24] | r2 = stderr;
0x00012230 ldr r0, [r3] | r0 = *(0x12250);
0x00012234 ldr r1, [pc, 0x20] | r1 = "libmtd";
0x00012238 bl 0x10ae8 | r0 = fprintf (r0, "libmtd", r2, r3, r4);
0x0001223c bl 0x10b9c | errno_location ();
0x00012240 mov r3, 0x16 | r3 = 0x16;
0x00012244 str r3, [r0] | *(r0) = r3;
| }
0x00012248 mvn r0, 0 | r0 = ~0;
| label_0:
0x0001224c sub sp, fp, 0x14 |
0x00012250 pop {r4, r5, r6, r7, fp, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/nanddump @ 0x1264c */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.0001264c () | void fcn_0001264c (int32_t arg2, char * s) {
| char * var_50h;
| int32_t var_0h;
| int32_t var_4h;
| char * var_8h;
| int32_t var_18h_2;
| int32_t var_18h;
| r1 = arg2;
| r0 = s;
0x0001264c push {r4, r5, r6, r7, r8, fp, lr} |
0x00012650 add fp, sp, 0x18 |
0x00012654 sub sp, sp, 0x44 |
0x00012658 ldr r7, [r0] | r7 = *(r0);
0x0001265c mov r8, r1 | r8 = r1;
0x00012660 mov r0, r7 | r0 = r7;
0x00012664 mov r6, r3 | r6 = r3;
0x00012668 mov r5, r2 | r5 = r2;
0x0001266c bl 0x10bb4 | strlen (r0);
0x00012670 mov r2, r8 | r2 = r8;
0x00012674 mov r1, r7 | r1 = r7;
0x00012678 add r0, r0, 0x39 | r0 += 0x39;
0x0001267c bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012680 sub sp, sp, r0 |
0x00012684 add r4, sp, 8 | r4 += var_8h;
0x00012688 mov r0, r4 | r0 = r4;
0x0001268c bl 0x10b84 | sprintf (r0, r1, r2)
0x00012690 mov r2, 0x32 | r2 = 0x32;
0x00012694 sub r1, fp, 0x50 | r1 -= var_50h;
0x00012698 mov r0, r4 | r0 = r4;
0x0001269c bl 0x11e74 | r0 = fcn_00011e74 (r0, r1);
0x000126a0 cmp r0, 0 |
| if (r0 < 0) {
0x000126a4 blt 0x126ec | goto label_1;
| }
0x000126a8 mov r3, r6 | r3 = r6;
0x000126ac mov r2, r5 | r2 = r5;
0x000126b0 ldr r1, [pc, 0x8c] | r1 = *(0x12740);
0x000126b4 sub r0, fp, 0x50 | r0 -= var_50h;
0x000126b8 bl 0x10b30 | r0 = sscanf (r0, r1, r2);
0x000126bc cmp r0, 2 |
| if (r0 == 2) {
0x000126c0 beq 0x126f4 | goto label_2;
| }
0x000126c4 bl 0x10b9c | errno_location ();
0x000126c8 mov r3, 0x16 | r3 = 0x16;
0x000126cc ldr r2, [pc, 0x74] | r2 = "%d:%d\n";
0x000126d0 ldr r1, [pc, 0x74] | r1 = "libmtd";
0x000126d4 str r3, [r0] | *(r0) = r3;
0x000126d8 ldr r0, [pc, 0x70] |
0x000126dc mov r3, r4 | r3 = r4;
0x000126e0 ldr r0, [r0] | r0 = "_s:_error_:___s__does_not_have_major:minor_format";
0x000126e4 bl 0x10ae8 | fprintf ("_s:_error_:___s__does_not_have_major:minor_format", "libmtd", "%d:%d\n", r3);
| label_0:
0x000126e8 mvn r0, 0 | r0 = ~0;
| do {
| label_1:
0x000126ec sub sp, fp, 0x18 |
0x000126f0 pop {r4, r5, r6, r7, r8, fp, pc} |
| label_2:
0x000126f4 ldr r3, [r5] | r3 = *(r5);
0x000126f8 cmp r3, 0 |
| if (r3 < 0) {
0x000126fc blt 0x12710 | goto label_3;
| }
0x00012700 ldr r3, [r6] | r3 = *(r6);
0x00012704 cmp r3, 0 |
| if (r3 < 0) {
0x00012708 movge r0, 0 | r0 = 0;
| }
0x0001270c bge 0x126ec |
| } while (r3 >= 0);
| label_3:
0x00012710 bl 0x10b9c | errno_location ();
0x00012714 mov r3, 0x16 | r3 = 0x16;
0x00012718 ldr r2, [pc, 0x28] | r2 = "%d:%d\n";
0x0001271c ldr r1, [pc, 0x30] | r1 = stderr;
0x00012720 str r3, [r0] | *(r0) = r3;
0x00012724 ldr r0, [pc, 0x24] |
0x00012728 ldr r3, [r6] | r3 = *(r6);
0x0001272c str r4, [sp, 4] | var_4h = r4;
0x00012730 str r3, [sp] | *(sp) = r3;
0x00012734 ldr r3, [r5] | r3 = *(r5);
0x00012738 ldr r0, [r0] | r0 = "_s:_error_:___s__does_not_have_major:minor_format";
0x0001273c bl 0x10ae8 | fprintf ("_s:_error_:___s__does_not_have_major:minor_format", r1, "%d:%d\n", r3, r4);
0x00012740 b 0x126e8 | goto label_0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/nanddump @ 0x12cf4 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00012cf4 () | void fcn_00012cf4 (int32_t arg1, int32_t arg2) {
| int32_t var_7ch;
| int32_t var_10h_2;
| int32_t var_10h;
| r0 = arg1;
| r1 = arg2;
0x00012cf4 push {r4, r5, r6, fp, lr} |
0x00012cf8 add fp, sp, 0x10 |
0x00012cfc sub sp, sp, 0x6c |
0x00012d00 ldrb r3, [r0, 0x34] | r3 = *((r0 + 0x34));
0x00012d04 mov r5, r1 | r5 = r1;
0x00012d08 tst r3, 1 |
| if ((r3 & 1) != 0) {
0x00012d0c bne 0x12d2c | goto label_0;
| }
0x00012d10 mov r0, r1 | r0 = r1;
0x00012d14 bl 0x145c8 | r0 = fcn_000145c8 (r0);
0x00012d18 sub r0, r0, 1 | r0--;
0x00012d1c clz r0, r0 | r0 &= r0;
0x00012d20 lsr r0, r0, 5 | r0 >>= 5;
| do {
0x00012d24 sub sp, fp, 0x10 |
0x00012d28 pop {r4, r5, r6, fp, pc} |
| label_0:
0x00012d2c ldr r4, [r0, 4] | r4 = *((r0 + 4));
0x00012d30 mov r6, sp | r6 = sp;
0x00012d34 mov r0, r4 | r0 = r4;
0x00012d38 bl 0x10bb4 | strlen (r0);
0x00012d3c mov r2, r5 | r2 = r5;
0x00012d40 mov r1, r4 | r1 = r4;
0x00012d44 add r0, r0, 0x11 | r0 += 0x11;
0x00012d48 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012d4c sub sp, sp, r0 |
0x00012d50 mov r0, sp | r0 = sp;
0x00012d54 bl 0x10b84 | sprintf (r0, r1, r2)
0x00012d58 mov r0, sp | r0 = sp;
0x00012d5c sub r1, fp, 0x7c | r1 -= var_7ch;
0x00012d60 bl 0x10a58 | stat64 ();
0x00012d64 mov sp, r6 |
0x00012d68 clz r0, r0 | r0 &= r0;
0x00012d6c lsr r0, r0, 5 | r0 >>= 5;
0x00012d70 b 0x12d24 |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/nanddump @ 0x12db4 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00012db4 () | void fcn_00012db4 (int32_t arg1, int32_t arg2) {
| int32_t var_68h;
| int32_t var_64h;
| char * buf;
| int32_t var_24h;
| int32_t var_0h;
| int32_t var_4h;
| int32_t var_8h;
| char * s;
| int32_t var_sp_64h;
| int32_t var_20h_2;
| int32_t var_20h;
| r0 = arg1;
| r1 = arg2;
0x00012db4 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00012db8 add r6, r2, 4 | r6 = r2 + 4;
0x00012dbc add fp, sp, 0x20 |
0x00012dc0 sub sp, sp, 0x5c |
0x00012dc4 mov r5, r1 | r5 = r1;
0x00012dc8 mov r7, r0 | r7 = r0;
0x00012dcc mov r4, r2 | r4 = r2;
0x00012dd0 mov r1, 0 | r1 = 0;
0x00012dd4 mov r2, 0xfc | r2 = 0xfc;
0x00012dd8 mov r0, r6 | r0 = r6;
0x00012ddc bl 0x10b54 | memset (r0, r1, r2);
0x00012de0 str r5, [r4] | *(r4) = r5;
0x00012de4 mov r1, r5 | r1 = r5;
0x00012de8 mov r0, r7 | r0 = r7;
0x00012dec bl 0x12cf4 | r0 = fcn_00012cf4 (r0, r1);
0x00012df0 cmp r0, 0 |
| if (r0 != 0) {
0x00012df4 bne 0x12e0c | goto label_4;
| }
0x00012df8 bl 0x10b9c | errno_location ();
0x00012dfc mov r3, 0x13 | r3 = 0x13;
0x00012e00 str r3, [r0] | *(r0) = r3;
| do {
| label_0:
0x00012e04 mvn r5, 0 | r5 = ~0;
0x00012e08 b 0x12e28 | goto label_1;
| label_4:
0x00012e0c ldrb r3, [r7, 0x34] | r3 = *((r7 + 0x34));
0x00012e10 tst r3, 1 |
| if ((r3 & 1) == 0) {
0x00012e14 bne 0x12e34 |
0x00012e18 mov r0, r5 | r0 = r5;
0x00012e1c mov r1, r4 | r1 = r4;
0x00012e20 bl 0x14d3c | r0 = fcn_00014d3c (r0, r1);
0x00012e24 mov r5, r0 | r5 = r0;
| label_1:
0x00012e28 mov r0, r5 | r0 = r5;
0x00012e2c sub sp, fp, 0x20 |
0x00012e30 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x00012e34 add r3, r4, 8 | r3 = r4 + 8;
0x00012e38 mov r2, r6 | r2 = r6;
0x00012e3c mov r1, r5 | r1 = r5;
0x00012e40 add r0, r7, 8 | r0 = r7 + 8;
0x00012e44 bl 0x1264c | r0 = fcn_0001264c (r0, r1);
0x00012e48 subs sl, r0, 0 | sl = r0 - 0;
0x00012e4c bne 0x12e04 |
| } while (sl != r0);
0x00012e50 ldr r8, [r7, 0xc] | r8 = *((r7 + 0xc));
0x00012e54 mov sb, sp | sb = sp;
0x00012e58 mov r0, r8 | r0 = r8;
0x00012e5c bl 0x10bb4 | strlen (r0);
0x00012e60 mov r2, r5 | r2 = r5;
0x00012e64 mov r1, r8 | r1 = r8;
0x00012e68 add r6, r4, 0x51 | r6 = r4 + 0x51;
0x00012e6c add r0, r0, 0x6b | r0 += 0x6b;
0x00012e70 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012e74 sub sp, sp, r0 |
0x00012e78 add r3, sp, 0x10 | r3 += s;
0x00012e7c mov r0, r3 | r0 = r3;
0x00012e80 str r3, [fp, -0x68] | var_68h = r3;
0x00012e84 bl 0x10b84 | sprintf (r0, r1, r2)
0x00012e88 ldr r3, [fp, -0x68] | r3 = var_68h;
0x00012e8c mov r2, 0x80 | r2 = 0x80;
0x00012e90 mov r1, r6 | r1 = r6;
0x00012e94 mov r0, r3 | r0 = r3;
0x00012e98 bl 0x11e74 | fcn_00011e74 (r0, r1);
0x00012e9c mov sp, sb |
0x00012ea0 cmp r0, 0 |
| if (r0 < 0) {
0x00012ea4 blt 0x12e04 | goto label_0;
| }
0x00012ea8 add r6, r6, r0 | r6 += r0;
0x00012eac strb sl, [r6, -1] | *((r6 - 1)) = sl;
0x00012eb0 ldr r6, [r7, 0x10] | r6 = *((r7 + 0x10));
0x00012eb4 add r8, r4, 0x10 | r8 = r4 + 0x10;
0x00012eb8 mov r0, r6 | r0 = r6;
0x00012ebc bl 0x10bb4 | strlen (r0);
0x00012ec0 mov r2, r5 | r2 = r5;
0x00012ec4 mov r1, r6 | r1 = r6;
0x00012ec8 add r0, r0, 0x6b | r0 += 0x6b;
0x00012ecc bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012ed0 sub sp, sp, r0 |
0x00012ed4 add r3, sp, 0x10 | r3 += s;
0x00012ed8 mov r0, r3 | r0 = r3;
0x00012edc str r3, [fp, -0x68] | var_68h = r3;
0x00012ee0 bl 0x10b84 | sprintf (r0, r1, r2)
0x00012ee4 ldr r3, [fp, -0x68] | r3 = var_68h;
0x00012ee8 mov r2, 0x41 | r2 = 0x41;
0x00012eec mov r1, r8 | r1 = r8;
0x00012ef0 mov r0, r3 | r0 = r3;
0x00012ef4 bl 0x11e74 | fcn_00011e74 (r0, r1);
0x00012ef8 mov sp, sb |
0x00012efc cmp r0, 0 |
| if (r0 < 0) {
0x00012f00 blt 0x12e04 | goto label_0;
| }
0x00012f04 add r0, r8, r0 | r0 = r8 + r0;
0x00012f08 strb sl, [r0, -1] | *((r0 - 1)) = sl;
0x00012f0c add r2, r4, 0xe4 | r2 = r4 + 0xe4;
0x00012f10 mov r1, r5 | r1 = r5;
0x00012f14 ldr r0, [r7, 0x14] | r0 = *((r7 + 0x14));
0x00012f18 bl 0x121bc | r0 = fcn_000121bc (r0, r1);
0x00012f1c cmp r0, 0 |
| if (r0 != 0) {
0x00012f20 bne 0x12e04 | goto label_0;
| }
0x00012f24 ldr sl, [r7, 0x18] | sl = *((r7 + 0x18));
0x00012f28 mov r0, sl | r0 = sl;
0x00012f2c bl 0x10bb4 | strlen (r0);
0x00012f30 mov r2, r5 | r2 = r5;
0x00012f34 mov r1, sl | r1 = sl;
0x00012f38 add r0, r0, 0x39 | r0 += 0x39;
0x00012f3c bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00012f40 sub sp, sp, r0 |
0x00012f44 add r6, sp, 0x10 | r6 += s;
0x00012f48 mov r0, r6 | r0 = r6;
0x00012f4c bl 0x10b84 | sprintf (r0, r1, r2)
0x00012f50 add r1, r4, 0xd8 | r1 = r4 + 0xd8;
0x00012f54 mov r0, r6 | r0 = r6;
0x00012f58 bl 0x12008 | fcn_00012008 (r0, r1);
0x00012f5c mov sp, sb |
0x00012f60 cmp r0, 0 |
| if (r0 != 0) {
0x00012f64 bne 0x12e04 | goto label_0;
| }
0x00012f68 add r2, r4, 0xe8 | r2 = r4 + 0xe8;
0x00012f6c mov r1, r5 | r1 = r5;
0x00012f70 ldr r0, [r7, 0x1c] | r0 = *((r7 + 0x1c));
0x00012f74 bl 0x121bc | r0 = fcn_000121bc (r0, r1);
0x00012f78 cmp r0, 0 |
| if (r0 != 0) {
0x00012f7c bne 0x12e04 | goto label_0;
| }
0x00012f80 add r2, r4, 0xec | r2 = r4 + 0xec;
0x00012f84 mov r1, r5 | r1 = r5;
0x00012f88 ldr r0, [r7, 0x20] | r0 = *((r7 + 0x20));
0x00012f8c bl 0x121bc | r0 = fcn_000121bc (r0, r1);
0x00012f90 cmp r0, 0 |
| if (r0 != 0) {
0x00012f94 bne 0x12e04 | goto label_0;
| }
0x00012f98 add r2, r4, 0xf0 | r2 = r4 + 0xf0;
0x00012f9c mov r1, r5 | r1 = r5;
0x00012fa0 ldr r0, [r7, 0x24] | r0 = *((r7 + 0x24));
0x00012fa4 bl 0x121bc | r0 = fcn_000121bc (r0, r1);
0x00012fa8 cmp r0, 0 |
| if (r0 != 0) {
0x00012fac bne 0x12e04 | goto label_0;
| }
0x00012fb0 add r2, r4, 0xf4 | r2 = r4 + 0xf4;
0x00012fb4 mov r1, r5 | r1 = r5;
0x00012fb8 ldr r0, [r7, 0x28] | r0 = *((r7 + 0x28));
0x00012fbc bl 0x121bc | r0 = fcn_000121bc (r0, r1);
0x00012fc0 cmp r0, 0 |
| if (r0 != 0) {
0x00012fc4 beq 0x12fe0 |
0x00012fc8 mov r0, r5 | r0 = r5;
0x00012fcc bl 0x14824 | r0 = fcn_00014824 (r0);
0x00012fd0 cmp r0, 0 |
| if (r0 >= 0) {
0x00012fd4 movlt r3, 0 | r3 = 0;
| }
| if (r0 < 0) {
0x00012fd8 strge r0, [r4, 0xf4] | *((r4 + 0xf4)) = r0;
| }
| if (r0 < 0) {
0x00012fdc strlt r3, [r4, 0xf4] | *((r4 + 0xf4)) = r3;
| goto label_5;
| }
| }
| label_5:
0x00012fe0 add r2, r4, 0xf8 | r2 = r4 + 0xf8;
0x00012fe4 mov r1, r5 | r1 = r5;
0x00012fe8 ldr r0, [r7, 0x2c] | r0 = *((r7 + 0x2c));
0x00012fec bl 0x121bc | r0 = fcn_000121bc (r0, r1);
0x00012ff0 subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 != r0) {
0x00012ff4 bne 0x12e04 | goto label_0;
| }
0x00012ff8 ldr r7, [r7, 0x30] | r7 = *((r7 + 0x30));
0x00012ffc mov sl, sp | sl = sp;
0x00013000 mov r0, r7 | r0 = r7;
0x00013004 bl 0x10bb4 | strlen (r0);
0x00013008 mov r2, r5 | r2 = r5;
0x0001300c mov r1, r7 | r1 = r7;
0x00013010 add r0, r0, 0x39 | r0 += 0x39;
0x00013014 bic r0, r0, 7 | r0 = BIT_MASK (r0, 7);
0x00013018 sub sp, sp, r0 |
0x0001301c add sb, sp, 0x10 | sb += s;
0x00013020 mov r0, sb | r0 = sb;
0x00013024 bl 0x10b84 | sprintf (r0, r1, r2)
0x00013028 mov r1, 0x80000 | r1 = 0x80000;
0x0001302c mov r0, sb | r0 = sb;
0x00013030 bl 0x10b60 | r0 = open64 ();
0x00013034 cmn r0, 1 |
0x00013038 mov r5, r0 | r5 = r0;
| if (r0 == 1) {
0x0001303c bne 0x13048 |
0x00013040 mov sp, sl |
0x00013044 b 0x12e28 | goto label_1;
| }
0x00013048 mov r2, 0x32 | r2 = 0x32;
0x0001304c sub r1, fp, 0x58 | r1 -= buf;
0x00013050 bl 0x10b0c | r0 = read (r0, r1, r2);
0x00013054 cmn r0, 1 |
| if (r0 != 1) {
0x00013058 bne 0x130b0 | goto label_6;
| }
0x0001305c bl 0x10b9c | errno_location ();
0x00013060 ldr r6, [pc, 0x294] |
0x00013064 mov r3, sb | r3 = sb;
0x00013068 ldr r2, [pc, 0x290] | r2 = stderr;
0x0001306c ldr r1, [pc, 0x290] | r1 = "libmtd";
0x00013070 ldr r4, [r0] | r4 = *(r0);
0x00013074 ldr r0, [r6] | r0 = *(0x132f8);
0x00013078 bl 0x10ae8 | fprintf (r0, "libmtd", r2, r3, r4, r5, r6);
0x0001307c mov r0, r4 | r0 = r4;
0x00013080 ldr r6, [r6] | r6 = *(0x132f8);
0x00013084 bl 0x10a4c | strerror (r0);
0x00013088 str r4, [sp] | *(sp) = r4;
0x0001308c ldr r3, [pc, 0x274] | r3 = "%s: error!: cannot read \"%s\"\n";
0x00013090 mov r2, 8 | r2 = 8;
0x00013094 ldr r1, [pc, 0x270] | r1 = *(0x13308);
0x00013098 str r0, [sp, 4] | var_4h = r0;
0x0001309c mov r0, r6 | r0 = r6;
0x000130a0 bl 0x10ae8 | fprintf (r0, r1, r2, "%s: error!: cannot read \"%s\"\n", r4);
| do {
0x000130a4 mov r0, r5 | r0 = r5;
0x000130a8 bl 0x10bf0 | close (r0);
0x000130ac b 0x13198 | goto label_7;
| label_6:
0x000130b0 cmp r0, 0x32 |
| if (r0 != 0x32) {
0x000130b4 bne 0x130e0 | goto label_8;
| }
0x000130b8 ldr r2, [pc, 0x240] | r2 = stderr;
0x000130bc ldr r1, [pc, 0x24c] | r1 = "_serror__d___s_";
0x000130c0 mov r3, sb | r3 = sb;
| label_2:
0x000130c4 ldr r0, [pc, 0x230] |
0x000130c8 ldr r0, [r0] | r0 = *(0x132f8);
0x000130cc bl 0x10ae8 | r0 = fprintf (r0, "_serror__d___s_", r2, r3);
| label_3:
0x000130d0 bl 0x10b9c | errno_location ();
0x000130d4 mov r3, 0x16 | r3 = 0x16;
0x000130d8 str r3, [r0] | *(r0) = r3;
0x000130dc b 0x130a4 |
| } while (1);
| label_8:
0x000130e0 sub r3, fp, 0x24 | r3 -= var_24h;
0x000130e4 add r0, r3, r0 | r0 = r3 + r0;
0x000130e8 strb r6, [r0, -0x34] | *((r0 - 0x34)) = r6;
0x000130ec sub r2, fp, 0x64 | r2 -= var_64h;
0x000130f0 ldr r1, [pc, 0x21c] | r1 = "%s: error!: contents of \"%s\" is too long\n";
0x000130f4 sub r0, fp, 0x58 | r0 -= buf;
0x000130f8 bl 0x10b30 | r0 = sscanf (r0, "%s: error!: contents of \"%s\" is too long\n", r2);
0x000130fc cmp r0, 1 |
| if (r0 == 1) {
0x00013100 movne r3, sb | r3 = sb;
| }
| if (r0 == 1) {
0x00013104 ldrne r2, [pc, 0x1f4] | r2 = "libmtd";
| }
| if (r0 != 1) {
0x00013108 ldrne r1, [pc, 0x208] | r1 = "_s:_error_:_cannot_read_integer_from___s_";
| goto label_9;
| }
| if (r0 != 1) {
| label_9:
0x0001310c bne 0x130c4 | goto label_2;
| }
0x00013110 ldrd r2, r3, [fp, -0x64] | __asm ("ldrd r2, r3, [var_64h]");
0x00013114 cmp r2, 0 |
0x00013118 sbcs r1, r3, 0 | __asm ("sbcs r1, r3, 0");
| if (r2 < 0) {
0x0001311c bge 0x13140 |
0x00013120 strd r2, r3, [sp] | __asm ("strd r2, r3, [sp]");
0x00013124 ldr r3, [pc, 0x1d0] | r3 = *(0x132f8);
0x00013128 str sb, [sp, 8] | var_8h = sb;
0x0001312c ldr r2, [pc, 0x1cc] | r2 = stderr;
0x00013130 ldr r1, [pc, 0x1e4] | r1 = "_s:_error_:_cannot_read_integer_from___s_";
0x00013134 ldr r0, [r3] | r0 = *(0x132f8);
0x00013138 bl 0x10ae8 | fprintf (r0, "_s:_error_:_cannot_read_integer_from___s_", r2, r3);
0x0001313c b 0x130d0 | goto label_3;
| }
0x00013140 mov r0, r5 | r0 = r5;
0x00013144 bl 0x10bf0 | r0 = close (r0);
0x00013148 subs r5, r0, 0 | r5 = r0 - 0;
| if (r5 == r0) {
0x0001314c beq 0x131a0 | goto label_10;
| }
0x00013150 bl 0x10b9c | errno_location ();
0x00013154 ldr r5, [pc, 0x1a0] |
0x00013158 mov r3, sb | r3 = sb;
0x0001315c ldr r2, [pc, 0x19c] | r2 = stderr;
0x00013160 ldr r1, [pc, 0x1b8] | r1 = "_s:_error_:_negative_value__lld_in___s_";
0x00013164 ldr r4, [r0] | r4 = *(r0);
0x00013168 ldr r0, [r5] | r0 = *(0x132f8);
0x0001316c bl 0x10ae8 | fprintf (r0, "_s:_error_:_negative_value__lld_in___s_", r2, r3, r4, r5);
0x00013170 mov r0, r4 | r0 = r4;
0x00013174 ldr r5, [r5] | r5 = *(0x132f8);
0x00013178 bl 0x10a4c | strerror (r0);
0x0001317c str r4, [sp] | *(sp) = r4;
0x00013180 ldr r3, [pc, 0x180] | r3 = "%s: error!: cannot read \"%s\"\n";
0x00013184 mov r2, 8 | r2 = 8;
0x00013188 ldr r1, [pc, 0x17c] | r1 = *(0x13308);
0x0001318c str r0, [sp, 4] | var_4h = r0;
0x00013190 mov r0, r5 | r0 = r5;
0x00013194 bl 0x10ae8 | fprintf (r0, r1, r2, "%s: error!: cannot read \"%s\"\n", r4);
| do {
| label_7:
0x00013198 mov sp, sl |
0x0001319c b 0x12e04 | goto label_0;
| label_10:
0x000131a0 ldrd r2, r3, [fp, -0x64] | __asm ("ldrd r2, r3, [var_64h]");
0x000131a4 mov r1, 0 | r1 = 0;
0x000131a8 adds r6, r2, 0x80000000 | r6 = r2 + 0x80000000;
0x000131ac adc r7, r3, 0 | __asm ("adc r7, r3, 0");
0x000131b0 mvn r0, 0 | r0 = ~0;
0x000131b4 cmp r7, r1 |
0x000131b8 cmpeq r6, r0 | __asm ("cmpeq r6, r0");
| if (r7 < r1) {
0x000131bc bls 0x131ec | goto label_11;
| }
0x000131c0 strd r2, r3, [sp] | __asm ("strd r2, r3, [sp]");
0x000131c4 ldr r3, [pc, 0x130] | r3 = *(0x132f8);
0x000131c8 str sb, [sp, 8] | var_8h = sb;
0x000131cc ldr r2, [pc, 0x12c] | r2 = stderr;
0x000131d0 ldr r0, [r3] | r0 = *(0x132f8);
0x000131d4 ldr r1, [pc, 0x148] | r1 = "%s: error!: close failed on \"%s\"\n";
0x000131d8 bl 0x10ae8 | r0 = fprintf (r0, "%s: error!: close failed on \"%s\"\n", r2, r3);
0x000131dc bl 0x10b9c | errno_location ();
0x000131e0 mov r3, 0x16 | r3 = 0x16;
0x000131e4 str r3, [r0] | *(r0) = r3;
0x000131e8 b 0x13198 |
| } while (1);
| label_11:
0x000131ec lsl r3, r2, 0x15 | r3 = r2 << 0x15;
0x000131f0 ldrb r2, [r4, 0xfc] | r2 = *((r4 + 0xfc));
0x000131f4 mov sp, sl |
0x000131f8 bic r2, r2, 1 | r2 = BIT_MASK (r2, 1);
0x000131fc orr r2, r2, r3, lsr 31 | r2 |= (r3 >> 31);
0x00013200 strb r2, [r4, 0xfc] | *((r4 + 0xfc)) = r2;
0x00013204 ldr r2, [r4, 0xe4] | r2 = *((r4 + 0xe4));
0x00013208 ldrd r0, r1, [r4, 0xd8] | __asm ("ldrd r0, r1, [r4, 0xd8]");
0x0001320c asr r3, r2, 0x1f | r3 = r2 >> 0x1f;
0x00013210 bl 0x14f34 | fcn_00014f34 (r0);
0x00013214 ldr r1, [pc, 0x10c] | r1 = "%s: error!: value %lld read from file \"%s\" is out of range\n";
0x00013218 str r0, [r4, 0xe0] | *((r4 + 0xe0)) = r0;
0x0001321c mov r0, r8 | r0 = r8;
0x00013220 bl 0x10b78 | r0 = strcmp (r0, r1);
0x00013224 cmp r0, 0 |
| if (r0 != 0) {
0x00013228 moveq r0, 4 | r0 = 4;
| }
| if (r0 != 0) {
0x0001322c beq 0x132d4 |
0x00013230 ldr r1, [pc, 0xf4] | r1 = "nand";
0x00013234 mov r0, r8 | r0 = r8;
0x00013238 bl 0x10b78 | r0 = strcmp (r0, "nand");
0x0001323c cmp r0, 0 |
| if (r0 != 0) {
0x00013240 moveq r0, 8 | r0 = 8;
| }
| if (r0 == 0) {
0x00013244 beq 0x132d4 | goto label_12;
| }
0x00013248 ldr r1, [pc, 0xe0] | r1 = "mlc_nand";
0x0001324c mov r0, r8 | r0 = r8;
0x00013250 bl 0x10b78 | r0 = strcmp (r0, "mlc_nand");
0x00013254 cmp r0, 0 |
| if (r0 != 0) {
0x00013258 moveq r0, 3 | r0 = 3;
| }
| if (r0 == 0) {
0x0001325c beq 0x132d4 | goto label_12;
| }
0x00013260 ldr r1, [pc, 0xcc] | r1 = *(0x13330);
0x00013264 mov r0, r8 | r0 = r8;
0x00013268 bl 0x10b78 | r0 = strcmp (r0, r1);
0x0001326c cmp r0, 0 |
| if (r0 != 0) {
0x00013270 moveq r0, 2 | r0 = 2;
| }
| if (r0 == 0) {
0x00013274 beq 0x132d4 | goto label_12;
| }
0x00013278 ldr r1, [pc, 0xb8] | r1 = *(0x13334);
0x0001327c mov r0, r8 | r0 = r8;
0x00013280 bl 0x10b78 | r0 = strcmp (r0, r1);
0x00013284 cmp r0, 0 |
| if (r0 == 0) {
0x00013288 beq 0x132d4 | goto label_12;
| }
0x0001328c ldr r1, [pc, 0xa8] | r1 = "absent";
0x00013290 mov r0, r8 | r0 = r8;
0x00013294 bl 0x10b78 | r0 = strcmp (r0, "absent");
0x00013298 cmp r0, 0 |
| if (r0 != 0) {
0x0001329c moveq r0, 6 | r0 = 6;
| }
| if (r0 == 0) {
0x000132a0 beq 0x132d4 | goto label_12;
| }
0x000132a4 ldr r1, [pc, 0x94] | r1 = "dataflash";
0x000132a8 mov r0, r8 | r0 = r8;
0x000132ac bl 0x10b78 | r0 = strcmp (r0, "dataflash");
0x000132b0 cmp r0, 0 |
| if (r0 != 0) {
0x000132b4 moveq r0, 1 | r0 = 1;
| }
| if (r0 == 0) {
0x000132b8 beq 0x132d4 | goto label_12;
| }
0x000132bc ldr r1, [pc, 0x80] | r1 = "ram";
0x000132c0 mov r0, r8 | r0 = r8;
0x000132c4 bl 0x10b78 | r0 = strcmp (r0, "ram");
0x000132c8 cmp r0, 0 |
| if (r0 != 0) {
0x000132cc moveq r0, 7 | r0 = 7;
| }
| if (r0 != 0) {
0x000132d0 mvnne r0, 0 | r0 = ~0;
| goto label_12;
| }
| }
| label_12:
0x000132d4 str r0, [r4, 0xc] | *((r4 + 0xc)) = r0;
0x000132d8 sub r0, r0, 4 | r0 -= 4;
0x000132dc bics r3, r0, 4 | __asm ("bics r3, r0, 4");
0x000132e0 ldrb r3, [r4, 0xfc] | r3 = *((r4 + 0xfc));
0x000132e4 bic r2, r3, 2 | r2 = BIT_MASK (r3, 2);
| if (r0 != 0) {
0x000132e8 moveq r3, 2 | r3 = 2;
| }
| if (r0 == 0) {
0x000132ec movne r3, 0 | r3 = 0;
| }
0x000132f0 orr r3, r3, r2 | r3 |= r2;
0x000132f4 strb r3, [r4, 0xfc] | *((r4 + 0xfc)) = r3;
0x000132f8 b 0x12e28 | goto label_1;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/nanddump @ 0x14824 */
| #include <stdint.h>
|
; (fcn) fcn.00014824 () | void fcn_00014824 (int32_t arg1) {
| int32_t var_24h;
| r0 = arg1;
0x00014824 str lr, [sp, -4]! |
0x00014828 ldr r1, [pc, 0x1c] | r1 = *(0x14848);
0x0001482c sub sp, sp, 0x24 |
0x00014830 mov r2, r0 | r2 = r0;
0x00014834 mov r0, sp | r0 = sp;
0x00014838 bl 0x10b84 | sprintf (r0, r1, r2)
0x0001483c mov r0, sp | r0 = sp;
0x00014840 bl 0x14684 | fcn_00014684 (r0);
0x00014844 add sp, sp, 0x24 |
0x00014848 pop {pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/nanddump @ 0x14d3c */
| #include <stdint.h>
|
; (fcn) fcn.00014d3c () | void fcn_00014d3c (int32_t arg1, int32_t arg2) {
| char * s;
| int32_t var_20h;
| r0 = arg1;
| r1 = arg2;
0x00014d3c push {r4, lr} |
0x00014d40 sub sp, sp, 0x20 |
0x00014d44 mov r2, r0 | r2 = r0;
0x00014d48 mov r4, r1 | r4 = r1;
0x00014d4c mov r0, sp | r0 = sp;
0x00014d50 ldr r1, [pc, 0x14] | r1 = *(0x14d68);
0x00014d54 bl 0x10b84 | sprintf (r0, r1, r2)
0x00014d58 mov r1, r4 | r1 = r4;
0x00014d5c mov r0, sp | r0 = sp;
0x00014d60 bl 0x14850 | fcn_00014850 (r0, r1);
0x00014d64 add sp, sp, 0x20 |
0x00014d68 pop {r4, pc} |
| }
[*] Function sprintf used 13 times nanddump
