[*] Binary protection state of flash_lock
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function printf tear down of flash_lock
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/flash_lock @ 0x104e0 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main (int32_t argc, char ** argv) {
| int32_t var_0h;
| int32_t var_4h;
| int32_t var_ch;
| int32_t var_10h;
| int32_t var_14h;
| int32_t var_18h;
| int32_t var_20h;
| int32_t var_24h;
| int32_t var_3ch;
| r0 = argc;
| r1 = argv;
| /* [10] -r-x section size 1560 named .text */
0x000104e0 push {r4, r5, r6, r7, r8, sb, lr} |
0x000104e4 ldr sb, [pc, 0x3bc] | sb = "help";
0x000104e8 ldr r4, [pc, 0x3bc] | r4 = "help";
0x000104ec mov r5, 0 | r5 = 0;
0x000104f0 sub sp, sp, 0x3c |
0x000104f4 mov r7, r0 | r7 = r0;
0x000104f8 mov r6, r1 | r6 = r1;
0x000104fc mov r8, r5 | r8 = r5;
0x00010500 str r5, [sp, 0xc] | var_ch = r5;
| label_0:
0x00010504 str r8, [sp] | *(sp) = r8;
0x00010508 mov r3, sb | r3 = sb;
0x0001050c ldr r2, [pc, 0x39c] | r2 = *(0x108ac);
0x00010510 mov r1, r6 | r1 = r6;
0x00010514 mov r0, r7 | r0 = r7;
0x00010518 bl 0x10468 | r0 = getopt_long ();
0x0001051c cmn r0, 1 |
| if (r0 == 1) {
0x00010520 beq 0x10594 | goto label_7;
| }
0x00010524 cmp r0, 0x69 |
| if (r0 == 0x69) {
0x00010528 beq 0x10564 | goto label_8;
| }
| if (r0 > 0x69) {
0x0001052c bgt 0x1054c | goto label_9;
| }
0x00010530 cmp r0, 0x56 |
| if (r0 == 0x56) {
0x00010534 beq 0x1057c | goto label_10;
| }
0x00010538 cmp r0, 0x68 |
| if (r0 != 0x68) {
0x0001053c moveq r0, 0 | r0 = 0;
| }
0x00010540 beq 0x10548 |
| while (r0 != 0x75) {
| label_1:
0x00010544 mov r0, 1 | r0 = 1;
0x00010548 bl 0x10a40 | r0 = fcn_00010a40 (r0);
| label_9:
0x0001054c cmp r0, 0x6c |
| if (r0 == 0x6c) {
0x00010550 beq 0x10570 | goto label_11;
| }
0x00010554 cmp r0, 0x75 |
0x00010558 bne 0x10544 |
| }
0x0001055c mov r3, 1 | r3 = 1;
0x00010560 b 0x10568 | goto label_12;
| label_8:
0x00010564 mov r3, 2 | r3 = 2;
| label_12:
0x00010568 str r3, [r4] | *(r4) = r3;
0x0001056c b 0x10574 | goto label_13;
| label_11:
0x00010570 str r8, [r4] | *(r4) = r8;
| label_13:
0x00010574 add r5, r5, 1 | r5++;
0x00010578 b 0x10504 | goto label_0;
| label_10:
0x0001057c ldr r2, [pc, 0x330] | r2 = "hiluV";
0x00010580 ldr r1, [pc, 0x330] | r1 = "2.1.0";
0x00010584 ldr r0, [pc, 0x330] | r0 = "flash_lock";
0x00010588 bl 0x10450 | printf ("flash_lock", "2.1.0", "hiluV")
0x0001058c mov r0, 0 | r0 = 0;
| label_4:
0x00010590 bl 0x104c8 | exit (r0);
| label_7:
0x00010594 cmp r5, 1 |
| if (r5 <= 1) {
0x00010598 ble 0x105b4 | goto label_14;
| }
0x0001059c ldr r2, [pc, 0x314] | r2 = "2.1.0";
0x000105a0 ldr r1, [pc, 0x318] | r1 = "%s (mtd-utils) %s\n";
| do {
| label_2:
0x000105a4 ldr r3, [pc, 0x318] | r3 = "_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option";
0x000105a8 ldr r0, [r3] | r0 = "_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option";
0x000105ac bl 0x1048c | fprintf ("_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option", "%s (mtd-utils) %s\n", "2.1.0", "_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option")
0x000105b0 b 0x10544 | goto label_1;
| label_14:
0x000105b4 ldr r3, [pc, 0x30c] |
0x000105b8 ldr r3, [r3] | r3 = stderr;
0x000105bc sub r2, r7, r3 | r2 = r7 - r3;
0x000105c0 cmp r2, 0 |
| if (r2 > 0) {
0x000105c4 ldrle r2, [pc, 0x2ec] | r2 = "flash_lock";
| }
| if (r2 > 0) {
0x000105c8 ldrle r1, [pc, 0x2fc] | r1 = "_s:_error_:_too_few_arguments";
| }
0x000105cc ble 0x105a4 |
| } while (r2 <= 0);
0x000105d0 cmp r2, 3 |
| if (r2 <= 3) {
0x000105d4 ldrgt r2, [pc, 0x2dc] | r2 = "flash_lock";
| }
| if (r2 > 3) {
0x000105d8 ldrgt r1, [pc, 0x2f0] | r1 = "%s: error!: too many arguments\n";
| goto label_15;
| }
| if (r2 > 3) {
| label_15:
0x000105dc bgt 0x105a4 | goto label_2;
| }
0x000105e0 ldr r0, [r6, r3, lsl 2] | offset_0 = r3 << 2;
| r0 = *((r6 + offset_0));
0x000105e4 add r1, r3, 1 | r1 = r3 + 1;
0x000105e8 cmp r7, r1 |
0x000105ec lsl r2, r3, 2 | r2 = r3 << 2;
0x000105f0 str r0, [r4, 4] | *((r4 + 4)) = r0;
| if (r7 <= r1) {
0x000105f4 ble 0x10674 | goto label_16;
| }
0x000105f8 add r6, r6, r2 | r6 += r2;
0x000105fc ldr r2, [r6, 4] | r2 = *((r6 + 4));
0x00010600 add r3, r3, 2 | r3 += 2;
0x00010604 cmp r7, r3 |
0x00010608 str r2, [r4, 8] | *((r4 + 8)) = r2;
| if (r7 <= r3) {
0x0001060c ldrgt r3, [r6, 8] | r3 = *((r6 + 8));
| }
0x00010610 bgt 0x10618 |
| while (1) {
0x00010614 mov r3, 0 | r3 = 0;
0x00010618 mov r1, 2 | r1 = 2;
0x0001061c str r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
0x00010620 bl 0x104b0 | r0 = open64 ();
0x00010624 subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 >= r0) {
0x00010628 bge 0x1067c | goto label_17;
| }
0x0001062c bl 0x104bc | errno_location ();
0x00010630 ldr r6, [pc, 0x28c] | r6 = "_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option";
0x00010634 ldr r3, [r4, 4] | r3 = *((r4 + 4));
0x00010638 ldr r2, [pc, 0x278] | r2 = "2.1.0";
0x0001063c ldr r1, [pc, 0x290] | r1 = "%s: error!: too many arguments\n";
0x00010640 ldr r5, [r0] | r5 = *(r0);
| label_3:
0x00010644 ldr r0, [r6] | r0 = *(r6);
0x00010648 bl 0x1048c | fprintf (r0, "%s: error!: too many arguments\n", "2.1.0", r3, r4, r5, "_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option")
0x0001064c mov r0, r5 | r0 = r5;
0x00010650 ldr r4, [r6] | r4 = *(r6);
0x00010654 bl 0x1045c | strerror (r0);
0x00010658 str r5, [sp] | *(sp) = r5;
0x0001065c str r0, [sp, 4] | var_4h = r0;
| label_6:
0x00010660 ldr r3, [pc, 0x270] | r3 = "%s: error!: could not open: %s\n";
0x00010664 mov r2, 0xc | r2 = 0xc;
0x00010668 ldr r1, [pc, 0x26c] | r1 = *(0x108d8);
0x0001066c mov r0, r4 | r0 = r4;
0x00010670 b 0x10790 | goto label_18;
| label_16:
0x00010674 str r8, [r4, 8] | *((r4 + 8)) = r8;
0x00010678 b 0x10614 |
| }
| label_17:
0x0001067c add r2, sp, 0x18 | r2 += var_18h;
0x00010680 ldr r1, [pc, 0x258] | r1 = "%*serror %d (%s)\n";
0x00010684 bl 0x10444 | r0 = ioctl (r0, "%*serror %d (%s)\n");
0x00010688 cmp r0, 0 |
| if (r0 != 0) {
0x0001068c beq 0x106ac |
0x00010690 bl 0x104bc | errno_location ();
0x00010694 ldr r6, [pc, 0x228] | r6 = "_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option";
0x00010698 ldr r3, [r4, 4] | r3 = *((r4 + 4));
0x0001069c ldr r2, [pc, 0x214] | r2 = "2.1.0";
0x000106a0 ldr r1, [pc, 0x23c] | r1 = *(0x108e0);
0x000106a4 ldr r5, [r0] | r5 = *(r0);
0x000106a8 b 0x10644 | goto label_3;
| }
0x000106ac ldr r0, [r4, 8] | r0 = *((r4 + 8));
0x000106b0 cmp r0, 0 |
| if (r0 == 0) {
0x000106b4 beq 0x106e8 | goto label_19;
| }
0x000106b8 add r1, sp, 0xc | r1 += var_ch;
0x000106bc bl 0x10a80 | fcn_00010a80 (r0, r1);
0x000106c0 ldr r3, [sp, 0xc] | r3 = var_ch;
0x000106c4 cmp r3, 0 |
0x000106c8 str r0, [sp, 0x10] | var_10h = r0;
| if (r3 == 0) {
0x000106cc beq 0x106ec | goto label_20;
| }
0x000106d0 ldr r2, [pc, 0x1e0] | r2 = "2.1.0";
0x000106d4 ldr r1, [pc, 0x20c] | r1 = "%s: error!: could not get mtd info: %s\n";
| do {
0x000106d8 ldr r3, [pc, 0x1e4] | r3 = "_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option";
0x000106dc ldr r0, [r3] | r0 = "_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option";
0x000106e0 bl 0x1048c | fprintf ("_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option", "%s: error!: could not get mtd info: %s\n", "2.1.0", "_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option")
0x000106e4 b 0x10714 | goto label_5;
| label_19:
0x000106e8 str r0, [sp, 0x10] | var_10h = r0;
| label_20:
0x000106ec ldr r3, [sp, 0x10] | r3 = var_10h;
0x000106f0 ldr r2, [sp, 0x20] | r2 = var_20h;
0x000106f4 cmp r3, r2 |
| if (r3 > r2) {
0x000106f8 blo 0x1071c |
0x000106fc ldr r0, [pc, 0x1c0] |
0x00010700 str r2, [sp] | *(sp) = r2;
0x00010704 ldr r1, [pc, 0x1e0] | r1 = "%s: error!: bad offset\n";
0x00010708 ldr r2, [pc, 0x1a8] | r2 = "2.1.0";
0x0001070c ldr r0, [r0] | r0 = "_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option";
0x00010710 bl 0x1048c | fprintf ("_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option", "%s: error!: bad offset\n", r2)
| label_5:
0x00010714 mvn r0, 0 | r0 = ~0;
0x00010718 b 0x10590 | goto label_4;
| }
0x0001071c ldr r0, [r4, 0xc] | r0 = *((r4 + 0xc));
0x00010720 cmp r0, 0 |
| if (r0 == 0) {
0x00010724 beq 0x10798 | goto label_21;
| }
0x00010728 add r1, sp, 0xc | r1 += var_ch;
0x0001072c bl 0x10a80 | fcn_00010a80 (r0, r1);
0x00010730 ldr r3, [sp, 0xc] | r3 = var_ch;
0x00010734 cmp r3, 0 |
0x00010738 mov r2, r0 | r2 = r0;
| if (r3 == 0) {
0x0001073c ldrne r2, [pc, 0x174] | r2 = "flash_lock";
| }
| if (r3 == 0) {
0x00010740 ldrne r1, [pc, 0x1a8] | r1 = "%s: error!: bad count\n";
| }
0x00010744 bne 0x106d8 |
| } while (r3 != 0);
0x00010748 cmn r0, 1 |
| if (r0 == 1) {
0x0001074c ldrne r3, [sp, 0x24] | r3 = var_24h;
| }
| if (r0 != 1) {
0x00010750 ldreq r3, [sp, 0x20] | r3 = var_20h;
| }
| if (r0 == 1) {
0x00010754 mulne r0, r3, r2 | r0 = r3 * r2;
| }
| if (r0 != 1) {
0x00010758 streq r3, [sp, 0x14] | var_14h = r3;
| }
0x0001075c strne r0, [sp, 0x14] | var_14h = r0;
| while (1) {
0x00010760 ldr r3, [sp, 0x10] | r3 = var_10h;
0x00010764 ldr r2, [sp, 0x14] | r2 = var_14h;
0x00010768 ldr r1, [sp, 0x20] | r1 = var_20h;
0x0001076c add r0, r3, r2 | r0 = r3 + r2;
0x00010770 cmp r0, r1 |
| if (r0 < r1) {
0x00010774 bls 0x107a0 | goto label_22;
| }
0x00010778 ldr r0, [pc, 0x144] |
0x0001077c str r1, [sp, 4] | var_4h = r1;
0x00010780 str r2, [sp] | *(sp) = r2;
0x00010784 ldr r1, [pc, 0x168] | r1 = "%s: error!: bad count\n";
0x00010788 ldr r2, [pc, 0x128] | r2 = "2.1.0";
0x0001078c ldr r0, [r0] | r0 = "_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option";
| label_18:
0x00010790 bl 0x1048c | fprintf ("_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option", r1, r2)
0x00010794 b 0x10714 | goto label_5;
| label_21:
0x00010798 str r2, [sp, 0x14] | var_14h = r2;
0x0001079c b 0x10760 |
| }
| label_22:
0x000107a0 ldr r5, [r4] | r5 = *(r4);
0x000107a4 cmp r5, 1 |
| if (r5 == 1) {
0x000107a8 beq 0x1083c | goto label_23;
| }
| if (r5 > 1) {
0x000107ac blo 0x107d8 |
0x000107b0 cmp r5, 2 |
| if (r5 != 2) {
0x000107b4 ldreq r1, [pc, 0x13c] | r1 = *(0x000108f8);
| }
| if (r5 == 2) {
0x000107b8 beq 0x107dc | goto label_24;
| }
0x000107bc ldr r0, [pc, 0x100] |
0x000107c0 mov r3, r5 | r3 = r5;
0x000107c4 ldr r2, [pc, 0xec] | r2 = "2.1.0";
0x000107c8 ldr r1, [pc, 0x12c] | r1 = *(0x108f8);
0x000107cc ldr r0, [r0] | r0 = "_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option";
0x000107d0 bl 0x1048c | fprintf ("_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option", r1, "2.1.0", r3)
0x000107d4 b 0x10714 | goto label_5;
| }
0x000107d8 ldr r1, [pc, 0x120] | r1 = "_s:_error_:_unknown_request_type:__d";
| do {
| label_24:
0x000107dc add r2, sp, 0x10 | r2 += var_10h;
0x000107e0 mov r0, r6 | r0 = r6;
0x000107e4 bl 0x10444 | r0 = ioctl (r0, r1);
0x000107e8 cmp r0, 0 |
0x000107ec str r0, [sp, 0xc] | var_ch = r0;
| if (r0 >= 0) {
0x000107f0 bge 0x10844 | goto label_25;
| }
0x000107f4 bl 0x104bc | errno_location ();
0x000107f8 ldr r3, [pc, 0xa8] | r3 = *(0x108a4);
0x000107fc ldr r7, [pc, 0xc0] | r7 = "_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option";
0x00010800 add r5, r3, r5, lsl 2 | r5 = r3 + (r5 << 2);
0x00010804 ldr r3, [r4, 4] | r3 = *((r4 + 4));
0x00010808 ldr r2, [pc, 0xa8] | r2 = "2.1.0";
0x0001080c ldr r1, [pc, 0xf0] | r1 = *(0x10900);
0x00010810 ldr r6, [r0] | r6 = *(r0);
0x00010814 str r3, [sp] | *(sp) = r3;
0x00010818 ldr r3, [r5, 0x68] | r3 = *((r5 + 0x68));
0x0001081c ldr r0, [r7] | r0 = "_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option";
0x00010820 bl 0x1048c | fprintf ("_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option", r1, "2.1.0", r3, r4, r5, r6)
0x00010824 mov r0, r6 | r0 = r6;
0x00010828 ldr r4, [r7] | r4 = "_s:_error_:_cannot_specify_more_than_one_lock_unlock_islocked_option";
0x0001082c bl 0x1045c | strerror (r0);
0x00010830 str r6, [sp] | *(sp) = r6;
0x00010834 str r0, [sp, 4] | var_4h = r0;
0x00010838 b 0x10660 | goto label_6;
| label_23:
0x0001083c ldr r1, [pc, 0xc4] | r1 = "_s:_error_:_could_not__s_device:__s";
0x00010840 b 0x107dc |
| } while (1);
| label_25:
0x00010844 cmp r5, 2 |
| if (r5 == 2) {
0x00010848 bne 0x1089c |
0x0001084c ldr r1, [r4, 4] | r1 = *((r4 + 4));
0x00010850 ldr r0, [pc, 0xb4] | r0 = *(0x10908);
0x00010854 bl 0x10450 | printf (r0, r1)
0x00010858 ldr r1, [sp, 0x10] | r1 = var_10h;
0x0001085c ldr r0, [pc, 0xac] | r0 = "Device:__s";
0x00010860 bl 0x10450 | printf ("Device:__s", r1)
0x00010864 ldr r1, [sp, 0x14] | r1 = var_14h;
0x00010868 ldr r0, [pc, 0xa4] | r0 = "Start:__0x";
0x0001086c bl 0x10450 | printf ("Start:__0x", r1)
0x00010870 ldr r1, [sp, 0xc] | r1 = var_ch;
0x00010874 ldr r2, [pc, 0x9c] | r2 = "Len: %#0x\n";
0x00010878 ldr r3, [pc, 0x9c] | r3 = "unlocked";
0x0001087c cmp r1, 0 |
| if (r1 != 0) {
0x00010880 moveq r1, r2 | r1 = r2;
| }
| if (r1 == 0) {
0x00010884 movne r1, r3 | r1 = r3;
| }
0x00010888 ldr r0, [pc, 0x90] | r0 = "locked";
0x0001088c bl 0x10450 | printf ("locked", r1, "Len: %#0x\n", "unlocked")
0x00010890 ldr r1, [sp, 0xc] | r1 = var_ch;
0x00010894 ldr r0, [pc, 0x88] | r0 = "Lock_status:__s";
0x00010898 bl 0x10450 | printf ("Lock_status:__s", r1)
| }
0x0001089c mov r0, 0 | r0 = 0;
0x000108a0 add sp, sp, 0x3c |
0x000108a4 pop {r4, r5, r6, r7, r8, sb, pc} |
| }
[*] Function printf used 14 times flash_lock
