[*] Binary protection state of connmand
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of connmand
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/connmand @ 0x6cfac */
| #include <stdint.h>
|
; (fcn) fcn.0006cfac () | void fcn_0006cfac (int32_t arg1, char * dest) {
| r0 = arg1;
| r1 = dest;
0x0006cfac push {r4, r5, r6, lr} |
0x0006cfb0 mov r5, r1 | r5 = r1;
0x0006cfb4 ldr r1, [pc, 0xd0] | r1 = *(0x6d088);
0x0006cfb8 mov r6, r0 | r6 = r0;
0x0006cfbc add r1, pc, r1 | r1 = pc + r1;
0x0006cfc0 mov r0, r5 | r0 = r5;
0x0006cfc4 bl 0x1bd5c | strcpy (r0, r1)
0x0006cfc8 ldr r3, [r6, 8] | r3 = *((r6 + 8));
0x0006cfcc cmp r3, 0 |
| if (r3 == 0) {
0x0006cfd0 bne 0x6cfe4 |
0x0006cfd4 ldr r3, [r6, 0xc] | r3 = *((r6 + 0xc));
0x0006cfd8 cmp r3, 0 |
| if (r3 != 0) {
0x0006cfdc moveq r4, 0xd | r4 = 0xd;
| }
| if (r3 == 0) {
0x0006cfe0 beq 0x6cffc | goto label_0;
| }
| }
0x0006cfe4 ldr r2, [pc, 0xa4] | r2 = *(0x6d08c);
0x0006cfe8 ldr r1, [pc, 0xa4] | r1 = *(0x6d090);
0x0006cfec add r2, pc, r2 | r2 = pc + r2;
0x0006cff0 add r0, r5, 0xd | r0 = r5 + 0xd;
0x0006cff4 bl 0x1c074 | r0 = snprintf (r0, r1, r2, r3);
0x0006cff8 add r4, r0, 0xd | r4 = r0 + 0xd;
| label_0:
0x0006cffc ldr r3, [r6, 0x10] | r3 = *((r6 + 0x10));
0x0006d000 cmp r3, 0 |
| if (r3 != 0) {
0x0006d004 beq 0x6d020 |
0x0006d008 ldr r2, [pc, 0x88] | r2 = *(0x6d094);
0x0006d00c rsb r1, r4, 0x400 | r1 = 0x400 - r4;
0x0006d010 add r0, r5, r4 | r0 = r5 + r4;
0x0006d014 add r2, pc, r2 | r2 = pc + r2;
0x0006d018 bl 0x1c074 | r0 = snprintf (r0, r1, r2, r3);
0x0006d01c add r4, r4, r0 | r4 += r0;
| }
0x0006d020 ldr r3, [r6, 0x14] | r3 = *((r6 + 0x14));
0x0006d024 cmp r3, 0 |
| if (r3 != 0) {
0x0006d028 beq 0x6d044 |
0x0006d02c ldr r2, [pc, 0x68] | r2 = *(0x6d098);
0x0006d030 rsb r1, r4, 0x400 | r1 = 0x400 - r4;
0x0006d034 add r0, r5, r4 | r0 = r5 + r4;
0x0006d038 add r2, pc, r2 | r2 = pc + r2;
0x0006d03c bl 0x1c074 | r0 = snprintf (r0, r1, r2, r3);
0x0006d040 add r4, r4, r0 | r4 += r0;
| }
0x0006d044 ldr r3, [r6, 0x18] | r3 = *((r6 + 0x18));
0x0006d048 cmp r3, 0 |
| if (r3 != 0) {
0x0006d04c beq 0x6d068 |
0x0006d050 ldr r2, [pc, 0x48] | r2 = "_";
0x0006d054 rsb r1, r4, 0x400 | r1 = 0x400 - r4;
0x0006d058 add r0, r5, r4 | r0 = r5 + r4;
0x0006d05c add r2, pc, r2 | r2 = pc + r2;
0x0006d060 bl 0x1c074 | r0 = snprintf (r0, r1, "_", r3);
0x0006d064 add r4, r4, r0 | r4 += r0;
| }
0x0006d068 ldr r3, [r6, 0x1c] | r3 = *((r6 + 0x1c));
0x0006d06c cmp r3, 0 |
0x0006d070 popeq {r4, r5, r6, pc} |
0x0006d074 ldr r2, [pc, 0x28] | r2 = *(0x6d0a0);
0x0006d078 rsb r1, r4, 0x400 | r1 = 0x400 - r4;
0x0006d07c add r0, r5, r4 | r0 = r5 + r4;
0x0006d080 add r2, pc, r2 | r2 = pc + r2;
0x0006d084 pop {r4, r5, r6, lr} |
0x0006d088 b 0x1c074 | return void (*0x1c074)() ();
| }
[*] Function strcpy used 2 times connmand
