[*] Binary protection state of 7zr
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of 7zr
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/bin/7zr @ 0x794e4 */
| #include <stdint.h>
|
; (fcn) fcn.000794e4 () | void fcn_000794e4 (int32_t arg1, int32_t arg2) {
| int32_t var_4h;
| int32_t var_10h;
| int32_t var_14h;
| int32_t var_1ch;
| int32_t var_2ch;
| r0 = arg1;
| r1 = arg2;
0x000794e4 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x000794e8 sub sp, sp, 0x2c |
0x000794ec mov r8, r0 | r8 = r0;
0x000794f0 add r0, sp, 4 | r0 += var_4h;
0x000794f4 mov r7, r1 | r7 = r1;
0x000794f8 mov r5, r2 | r5 = r2;
0x000794fc bl 0x70a94 | fcn_00070a94 (r0);
0x00079500 add r0, sp, 0x10 | r0 += var_10h;
0x00079504 bl 0x70a94 | fcn_00070a94 (r0);
0x00079508 ldr r1, [r7] | r1 = *(r7);
0x0007950c add r0, sp, 0x1c | r0 += var_1ch;
0x00079510 bl 0x70af4 | fcn_00070af4 (r0, r1);
0x00079514 add r2, sp, 0x10 | r2 += var_10h;
0x00079518 add r1, sp, 4 | r1 += var_4h;
0x0007951c add r0, sp, 0x1c | r0 += var_1ch;
0x00079520 bl 0x76a78 | fcn_00076a78 (r0, r1);
0x00079524 ldr r4, [pc, 0x24c] | r4 = *(0x79774);
0x00079528 add r0, sp, 0x1c | r0 += var_1ch;
0x0007952c bl 0x294b8 | fcn_000294b8 (r0);
0x00079530 ldr r3, [sp, 4] | r3 = var_4h;
0x00079534 ldr r2, [pc, 0x240] | r2 = *(0x79778);
0x00079538 mov r1, 0x1000 | r1 = 0x1000;
0x0007953c mov r0, r4 | r0 = r4;
0x00079540 bl 0x12188 | snprintf (r0, r1, r2, r3);
0x00079544 mov r6, 0 | r6 = 0;
0x00079548 mov r0, r4 | r0 = r4;
0x0007954c strb r6, [r4, 0xfff] | *((r4 + 0xfff)) = r6;
0x00079550 bl 0x12338 | putenv ();
0x00079554 add r0, sp, 0x10 | r0 += var_10h;
0x00079558 bl 0x294b8 | fcn_000294b8 (r0);
0x0007955c add r0, sp, 4 | r0 += var_4h;
0x00079560 bl 0x294b8 | fcn_000294b8 (r0);
0x00079564 ldr r1, [pc, 0x214] | r1 = "P7ZIP_HOME_DIR_s_";
0x00079568 mov r0, 6 | r0 = 6;
0x0007956c bl 0x1259c | setlocale (r0, "P7ZIP_HOME_DIR_s_");
0x00079570 mov r1, r6 | r1 = r6;
0x00079574 mov r0, r6 | r0 = r6;
0x00079578 bl 0x1259c | r0 = setlocale (r0, r1);
0x0007957c subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 == r0) {
0x00079580 beq 0x79608 | goto label_2;
| }
0x00079584 bl 0x1205c | r0 = strlen (r0);
0x00079588 mov sb, r0 | sb = r0;
0x0007958c add r0, r0, 1 | r0++;
0x00079590 bl 0x12344 | r0 = malloc (r0);
0x00079594 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 == r0) {
0x00079598 beq 0x79608 | goto label_2;
| }
0x0007959c mov r1, r6 | r1 = r6;
0x000795a0 bl 0x12290 | strcpy (r0, r1)
0x000795a4 mov r6, r4 | r6 = r4;
0x000795a8 add sb, r4, sb | sb = r4 + sb;
| do {
0x000795ac cmp r6, sb |
| if (r6 == sb) {
0x000795b0 beq 0x795c4 | goto label_3;
| }
0x000795b4 ldrb r0, [r6] | r0 = *(r6);
0x000795b8 bl 0x121c4 | toupper (r0);
0x000795bc strb r0, [r6], 1 | *(r6) = r0;
| r6++;
0x000795c0 b 0x795ac |
| } while (1);
| label_3:
0x000795c4 ldrb r3, [r4] | r3 = *(r4);
0x000795c8 cmp r3, 0 |
| if (r3 != 0) {
0x000795cc beq 0x79600 |
0x000795d0 ldr r1, [pc, 0x1ac] | r1 = *(0x79780);
0x000795d4 mov r0, r4 | r0 = r4;
0x000795d8 bl 0x121b8 | r0 = strcmp (r0, r1);
0x000795dc cmp r0, 0 |
| if (r0 == 0) {
0x000795e0 beq 0x79600 | goto label_4;
| }
0x000795e4 ldr r1, [pc, 0x19c] | r1 = *(0x79784);
0x000795e8 mov r0, r4 | r0 = r4;
0x000795ec bl 0x121b8 | r0 = strcmp (r0, r1);
0x000795f0 cmp r0, 0 |
| if (r0 == 0) {
0x000795f4 ldrne r3, [pc, 0x190] | r3 = *(0x0007978c);
| }
| if (r0 == 0) {
0x000795f8 movne r2, 1 | r2 = 1;
| }
| if (r0 != 0) {
0x000795fc strne r2, [r3] | *(r3) = r2;
| goto label_4;
| }
| }
| label_4:
0x00079600 mov r0, r4 | r0 = r4;
0x00079604 bl 0x1208c | free (r0);
| label_2:
0x00079608 ldr r4, [r5, 4] | r4 = *((r5 + 4));
0x0007960c lsl sb, r4, 2 | sb = r4 << 2;
| do {
0x00079610 cmp r4, 0 |
| if (r4 == 0) {
0x00079614 beq 0x7964c | goto label_5;
| }
0x00079618 ldr r3, [r5] | r3 = *(r5);
0x0007961c sub r4, r4, 1 | r4--;
0x00079620 add r3, r3, sb | r3 += sb;
0x00079624 ldr r6, [r3, -4] | r6 = *((r3 - 4));
0x00079628 cmp r6, 0 |
| if (r6 != 0) {
0x0007962c beq 0x79644 |
0x00079630 mov r0, r6 | r0 = r6;
0x00079634 bl 0x2b410 | fcn_0002b410 (r0);
0x00079638 mov r1, 0xc | r1 = 0xc;
0x0007963c mov r0, r6 | r0 = r6;
0x00079640 bl 0x121dc | sym ();
| }
0x00079644 sub sb, sb, 4 | sb -= 4;
0x00079648 b 0x79610 |
| } while (1);
| label_5:
0x0007964c ldr sl, [pc, 0x13c] | sl = "-no-utf16";
0x00079650 ldr fp, [pc, 0x13c] | fp = "_utf16";
0x00079654 ldr sb, [pc, 0x130] | sb = *(0x0007978c);
0x00079658 str r4, [r5, 4] | *((r5 + 4)) = r4;
| do {
0x0007965c cmp r4, r8 |
| if (r4 >= r8) {
0x00079660 bge 0x79770 | goto label_6;
| }
0x00079664 cmp r4, 2 |
0x00079668 ldr r6, [r7, r4, lsl 2] | offset_0 = r4 << 2;
| r6 = *((r7 + offset_0));
| if (r4 <= 2) {
0x0007966c bgt 0x796a4 |
0x00079670 mov r1, sl | r1 = sl;
0x00079674 mov r0, r6 | r0 = r6;
0x00079678 bl 0x121b8 | r0 = strcmp (r0, r1);
0x0007967c cmp r0, 0 |
| if (r0 != 0) {
0x00079680 streq r0, [sb] | *(sb) = r0;
| }
| if (r0 == 0) {
0x00079684 beq 0x796f0 | goto label_7;
| }
0x00079688 mov r1, fp | r1 = fp;
0x0007968c mov r0, r6 | r0 = r6;
0x00079690 bl 0x121b8 | r0 = strcmp (r0, r1);
0x00079694 cmp r0, 0 |
| if (r0 != 0) {
0x00079698 moveq r3, 1 | r3 = 1;
| }
| if (r0 != 0) {
0x0007969c streq r3, [sb] | *(sb) = r3;
| }
| if (r0 == 0) {
0x000796a0 beq 0x796f0 | goto label_7;
| }
| }
0x000796a4 mov r1, r6 | r1 = r6;
0x000796a8 add r0, sp, 0x1c | r0 += var_1ch;
0x000796ac bl 0x70af4 | fcn_00070af4 (r0, r1);
0x000796b0 mov r2, 0 | r2 = 0;
0x000796b4 add r1, sp, 0x1c | r1 += var_1ch;
0x000796b8 add r0, sp, 0x10 | r0 += var_10h;
0x000796bc bl 0x72c54 | fcn_00072c54 (r0, r1);
0x000796c0 add r0, sp, 0x1c | r0 += var_1ch;
0x000796c4 bl 0x294b8 | fcn_000294b8 (r0);
0x000796c8 ldr r3, [sp, 0x14] | r3 = var_14h;
0x000796cc cmp r3, 0 |
| if (r3 != 0) {
0x000796d0 bne 0x796f8 | goto label_8;
| }
| label_0:
0x000796d4 ldr r6, [r7, r4, lsl 2] | offset_1 = r4 << 2;
| r6 = *((r7 + offset_1));
0x000796d8 mov r0, r6 | r0 = r6;
0x000796dc bl 0x1205c | r0 = strlen (r0);
0x000796e0 cmp r0, 2 |
| if (r0 > 2) {
0x000796e4 bhi 0x79708 | goto label_9;
| }
| label_1:
0x000796e8 add r0, sp, 0x10 | r0 += var_10h;
0x000796ec bl 0x2b410 | fcn_0002b410 (r0);
| label_7:
0x000796f0 add r4, r4, 1 | r4++;
0x000796f4 b 0x7965c |
| } while (1);
| label_8:
0x000796f8 add r1, sp, 0x10 | r1 += var_10h;
0x000796fc mov r0, r5 | r0 = r5;
0x00079700 bl 0x42a50 | fcn_00042a50 (r0, r1);
0x00079704 b 0x796d4 | goto label_0;
| label_9:
0x00079708 ldrb r3, [r6] | r3 = *(r6);
0x0007970c cmp r3, 0x2d |
| if (r3 != 0x2d) {
0x00079710 bne 0x796e8 | goto label_1;
| }
0x00079714 ldrb r3, [r6, 1] | r3 = *((r6 + 1));
0x00079718 and r3, r3, 0xdf | r3 &= 0xdf;
0x0007971c cmp r3, 0x50 |
| if (r3 != 0x50) {
0x00079720 bne 0x796e8 | goto label_1;
| }
0x00079724 sub r2, r0, 2 | r2 = r0 - 2;
0x00079728 mov r1, 0x2a | r1 = 0x2a;
0x0007972c add r0, r6, 2 | r0 = r6 + 2;
0x00079730 bl 0x1223c | memset (r0, r1, r2);
0x00079734 b 0x796e8 | goto label_1;
| label_6:
0x00079770 add sp, sp, 0x2c |
0x00079774 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
[*] Function strcpy used 2 times 7zr
