[*] Binary protection state of libgio-2.0.so.0.5600.4
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of libgio-2.0.so.0.5600.4
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libgio-2.0.so.0.5600.4 @ 0x114388 */
| #include <stdint.h>
|
; (fcn) fcn.00114388 () | void fcn_00114388 (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00114388 push {r4, r5, r6, r7, r8, sb, sl, lr} |
0x0011438c mov r7, r0 | r7 = r0;
0x00114390 ldr r0, [pc, 0x124] | r0 = *(0x1144b8);
0x00114394 mov r8, r1 | r8 = r1;
0x00114398 add r0, pc, r0 | r0 = pc + r0;
0x0011439c bl 0x2cb88 | r0 = getenv (r0);
0x001143a0 cmp r0, 0 |
| if (r0 == 0) {
0x001143a4 beq 0x1143e8 | goto label_2;
| }
0x001143a8 mov r1, r8 | r1 = r8;
0x001143ac blx r7 | r0 = uint32_t (*r7)(uint32_t) (r1);
0x001143b0 cmp r0, 0 |
0x001143b4 popne {r4, r5, r6, r7, r8, sb, sl, pc} |
| do {
| label_0:
0x001143b8 ldr r0, [pc, 0x100] | r0 = *(0x1144bc);
0x001143bc add r0, pc, r0 | r0 = pc + r0;
0x001143c0 bl 0x2cb88 | r0 = getenv (r0);
0x001143c4 subs r5, r0, 0 | r5 = r0 - 0;
| if (r5 != r0) {
0x001143c8 ldreq r5, [pc, 0xf4] | r5 = *((pc + 0xf4));
| }
| if (r5 != r0) {
0x001143cc addeq r5, pc, r5 | r5 = pc + r5;
| }
0x001143d0 mov sl, 0 | sl = 0;
| label_1:
0x001143d4 ldrb r3, [r5] | r3 = *(r5);
0x001143d8 cmp r3, 0 |
0x001143dc popeq {r4, r5, r6, r7, r8, sb, sl, pc} |
0x001143e0 mov r4, r5 | r4 = r5;
0x001143e4 b 0x11444c | goto label_3;
| label_2:
0x001143e8 ldr r0, [pc, 0xd8] | r0 = *(0x1144c4);
0x001143ec add r0, pc, r0 | r0 = pc + r0;
0x001143f0 bl 0x2cb88 | r0 = getenv (r0);
0x001143f4 subs r5, r0, 0 | r5 = r0 - 0;
0x001143f8 beq 0x1143b8 |
| } while (r5 == r0);
0x001143fc bl 0x2e064 | r0 = strlen (r0);
0x00114400 add r0, r0, 0xf | r0 += 0xf;
0x00114404 bl 0x2e424 | malloc (r0);
0x00114408 mov r1, r5 | r1 = r5;
0x0011440c mov r4, r0 | r4 = r0;
0x00114410 bl 0x2d014 | strcpy (r0, r1)
0x00114414 ldr r1, [pc, 0xb0] | r1 = *(0x1144c8);
0x00114418 mov r0, r4 | r0 = r4;
0x0011441c add r1, pc, r1 | r1 = pc + r1;
0x00114420 bl 0x2d20c | strcat (r0, r1);
0x00114424 mov r1, r8 | r1 = r8;
0x00114428 mov r0, r4 | r0 = r4;
0x0011442c blx r7 | r0 = uint32_t (*r7)(uint32_t, uint32_t) (r0, r1);
0x00114430 mov r5, r0 | r5 = r0;
0x00114434 mov r0, r4 | r0 = r4;
0x00114438 bl 0x2c24c | free (r0);
0x0011443c cmp r5, 0 |
| if (r5 == 0) {
0x00114440 beq 0x1143b8 | goto label_0;
| }
0x00114444 pop {r4, r5, r6, r7, r8, sb, sl, pc} |
| do {
0x00114448 mov r4, r2 | r4 = r2;
| label_3:
0x0011444c ldrb r3, [r4] | r3 = *(r4);
0x00114450 add r2, r4, 1 | r2 = r4 + 1;
0x00114454 cmp r3, 0x3a |
0x00114458 cmpne r3, 0 | __asm ("cmpne r3, 0");
0x0011445c bne 0x114448 |
| } while (r3 != 0x3a);
0x00114460 cmp r5, r4 |
| if (r5 != r4) {
0x00114464 moveq r4, r2 | r4 = r2;
| }
| if (r5 != r4) {
0x00114468 beq 0x1144b4 |
0x0011446c cmp r3, 0x3a |
0x00114470 sub r6, r4, r5 | r6 = r4 - r5;
| if (r3 == 0x3a) {
0x00114474 addne r6, r6, 1 | r6++;
| }
0x00114478 add r0, r6, 1 | r0 = r6 + 1;
0x0011447c bl 0x2e424 | malloc (r0);
0x00114480 mov r2, r6 | r2 = r6;
0x00114484 mov r1, r5 | r1 = r5;
0x00114488 mov sb, r0 | sb = r0;
0x0011448c bl 0x2daf4 | strncpy (r0, r1, r2);
0x00114490 mov r1, r8 | r1 = r8;
0x00114494 mov r0, sb | r0 = sb;
0x00114498 strb sl, [sb, r6] | *((sb + r6)) = sl;
0x0011449c blx r7 | r0 = uint32_t (*r7)(uint32_t, uint32_t) (r0, r1);
0x001144a0 mov r5, r0 | r5 = r0;
0x001144a4 mov r0, sb | r0 = sb;
0x001144a8 bl 0x2c24c | free (r0);
0x001144ac cmp r5, 0 |
0x001144b0 popne {r4, r5, r6, r7, r8, sb, sl, pc} |
| }
0x001144b4 mov r5, r4 | r5 = r4;
0x001144b8 b 0x1143d4 | goto label_1;
| }
[*] Function strcpy used 2 times libgio-2.0.so.0.5600.4
