[*] Binary protection state of ntpd
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of ntpd
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ntpd @ 0x71dcc */
| #include <stdint.h>
|
; (fcn) fcn.00071dcc () | void fcn_00071dcc (char * arg1, int32_t arg2) {
| int32_t var_0h;
| int32_t var_8h;
| int32_t var_8h_2;
| int32_t var_10h;
| int32_t var_20h;
| int32_t var_40h;
| int32_t var_7ch;
| r0 = arg1;
| r1 = arg2;
0x00071dcc push {r4, r5, r6, r7, lr} |
0x00071dd0 mov r4, r3 | r4 = r3;
0x00071dd4 mov r5, r1 | r5 = r1;
0x00071dd8 mov r6, r2 | r6 = r2;
0x00071ddc mov r1, 0 | r1 = 0;
0x00071de0 sub sp, sp, 0x7c |
0x00071de4 mov r7, r0 | r7 = r0;
0x00071de8 mov r2, 0x18 | r2 = 0x18;
0x00071dec mov r0, r3 | r0 = r3;
0x00071df0 bl 0x15034 | memset (r0, r1, r2);
0x00071df4 mvn r3, 0 | r3 = ~0;
0x00071df8 str r5, [r4, 0x18] | *((r4 + 0x18)) = r5;
0x00071dfc ands r5, r5, 2 | r5 &= 2;
0x00071e00 str r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
0x00071e04 str r6, [r4, 0x1c] | *((r4 + 0x1c)) = r6;
| if (r5 != r5) {
0x00071e08 moveq r1, r5 | r1 = r5;
| }
| if (r5 != r5) {
0x00071e0c beq 0x71e20 |
0x00071e10 and r3, r6, 3 | r3 = r6 & 3;
0x00071e14 cmp r3, 1 |
| if (r3 != 1) {
0x00071e18 moveq r1, 2 | r1 = 2;
| }
| if (r3 != 1) {
0x00071e1c movne r1, 0 | r1 = 0;
| goto label_3;
| }
| }
| label_3:
0x00071e20 cmp r5, 0 |
0x00071e24 mvn r6, r6 | r6 = ~r6;
| if (r5 == 0) {
0x00071e28 andne r5, r6, 1 | r5 = r6 & 1;
| }
| if (r5 != 0) {
0x00071e2c moveq r5, 0 | r5 = 0;
| }
0x00071e30 cmp r5, 0 |
| if (r5 == 0) {
0x00071e34 orrne r1, r1, 0x80 | r1 |= 0x80;
| }
0x00071e38 mov r0, r7 | r0 = r7;
0x00071e3c bl 0x152e0 | r0 = open64 ();
0x00071e40 cmp r0, 0 |
0x00071e44 str r0, [r4, 0xc] | *((r4 + 0xc)) = r0;
| if (r0 >= 0) {
0x00071e48 bge 0x71ee0 | goto label_4;
| }
0x00071e4c bl 0x1471c | r0 = errno_location ();
0x00071e50 ldr r3, [r0] | r3 = *(r0);
0x00071e54 str r3, [r4, 0x14] | *((r4 + 0x14)) = r3;
0x00071e58 mvn r3, 0 | r3 = ~0;
0x00071e5c str r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
| do {
| label_1:
0x00071e60 ldr r5, [r4, 0x14] | r5 = *((r4 + 0x14));
0x00071e64 cmp r5, 0 |
| if (r5 == 0) {
0x00071e68 mvnne r0, 0 | r0 = ~0;
| }
| if (r5 != 0) {
0x00071e6c bne 0x71fb8 | goto label_5;
| }
0x00071e70 mov r0, 0x1e | r0 = 0x1e;
0x00071e74 bl 0x14680 | sysconf ();
0x00071e78 ldr r1, [r4, 4] | r1 = *((r4 + 4));
0x00071e7c add r1, r0, r1 | r1 = r0 + r1;
0x00071e80 rsb r0, r0, 0 | r0 -= ;
0x00071e84 and r0, r0, r1 | r0 &= r1;
0x00071e88 cmp r1, r0 |
0x00071e8c str r0, [r4, 8] | *((r4 + 8)) = r0;
| if (r1 == r0) {
0x00071e90 movne r0, r5 | r0 = r5;
| }
| if (r1 != r0) {
0x00071e94 bne 0x71f4c | goto label_6;
| }
0x00071e98 mov r2, 0 | r2 = 0;
0x00071e9c mov r3, 0 | r3 = 0;
0x00071ea0 strd r2, r3, [sp, 8] | __asm ("strd r2, r3, [var_8h]");
0x00071ea4 mvn r3, 0 | r3 = ~0;
0x00071ea8 str r3, [sp] | *(sp) = r3;
0x00071eac mov r2, 3 | r2 = 3;
0x00071eb0 mov r3, 0x22 | r3 = 0x22;
0x00071eb4 mov r0, r5 | r0 = r5;
0x00071eb8 bl 0x14f44 | r0 = mmap64 ()
0x00071ebc cmn r0, 1 |
| if (r0 == 1) {
0x00071ec0 ldrne r3, [r4, 0x1c] | r3 = *((r4 + 0x1c));
| }
| if (r0 == 1) {
0x00071ec4 orrne r3, r3, 0x10 | r3 |= 0x10;
| }
| if (r0 == 1) {
0x00071ec8 strne r3, [r4, 0x1c] | *((r4 + 0x1c)) = r3;
| }
| if (r0 != 1) {
0x00071ecc bne 0x71f4c | goto label_6;
| }
| label_2:
0x00071ed0 bl 0x1471c | r0 = errno_location ();
0x00071ed4 ldr r3, [r0] | r3 = *(r0);
0x00071ed8 str r3, [r4, 0x14] | *((r4 + 0x14)) = r3;
0x00071edc b 0x71f7c | goto label_7;
| label_4:
0x00071ee0 add r1, sp, 0x10 | r1 += var_10h;
0x00071ee4 bl 0x148e4 | r0 = fstat64 ();
0x00071ee8 cmp r0, 0 |
| if (r0 == 0) {
0x00071eec beq 0x71f08 | goto label_8;
| }
0x00071ef0 bl 0x1471c | r0 = errno_location ();
0x00071ef4 ldr r3, [r0] | r3 = *(r0);
| label_0:
0x00071ef8 str r3, [r4, 0x14] | *((r4 + 0x14)) = r3;
0x00071efc ldr r0, [r4, 0xc] | r0 = *((r4 + 0xc));
0x00071f00 bl 0x14e48 | close (r0);
0x00071f04 b 0x71e60 |
| } while (1);
| label_8:
0x00071f08 ldr r3, [sp, 0x20] | r3 = var_20h;
0x00071f0c and r3, r3, 0xf000 | r3 &= 0xf000;
0x00071f10 cmp r3, 0x8000 |
| if (r3 != 0x8000) {
0x00071f14 beq 0x71f28 |
0x00071f18 bl 0x1471c | errno_location ();
0x00071f1c mov r3, 0x16 | r3 = 0x16;
0x00071f20 str r3, [r0] | *(r0) = r3;
0x00071f24 b 0x71ef8 | goto label_0;
| }
0x00071f28 ldr r3, [sp, 0x40] | r3 = var_40h;
0x00071f2c str r3, [r4, 4] | *((r4 + 4)) = r3;
0x00071f30 ldr r3, [r4, 0xc] | r3 = *((r4 + 0xc));
0x00071f34 cmn r3, 1 |
| if (r3 != 1) {
0x00071f38 bne 0x71e60 | goto label_1;
| }
0x00071f3c bl 0x1471c | r0 = errno_location ();
0x00071f40 ldr r3, [r0] | r3 = *(r0);
0x00071f44 str r3, [r4, 0x14] | *((r4 + 0x14)) = r3;
0x00071f48 b 0x71e60 | goto label_1;
| label_6:
0x00071f4c mov r2, 0 | r2 = 0;
0x00071f50 mov r3, 0 | r3 = 0;
0x00071f54 strd r2, r3, [sp, 8] | __asm ("strd r2, r3, [var_8h]");
0x00071f58 ldr r3, [r4, 0xc] | r3 = *((r4 + 0xc));
0x00071f5c ldr r2, [r4, 0x18] | r2 = *((r4 + 0x18));
0x00071f60 str r3, [sp] | *(sp) = r3;
0x00071f64 ldr r1, [r4, 4] | r1 = *((r4 + 4));
0x00071f68 ldr r3, [r4, 0x1c] | r3 = *((r4 + 0x1c));
0x00071f6c bl 0x14f44 | r0 = mmap64 ()
0x00071f70 cmn r0, 1 |
0x00071f74 str r0, [r4] | *(r4) = r0;
| if (r0 == 1) {
0x00071f78 beq 0x71ed0 | goto label_2;
| }
| label_7:
0x00071f7c ldr r3, [r4, 0x14] | r3 = *((r4 + 0x14));
0x00071f80 cmp r3, 0 |
| if (r3 != 0) {
0x00071f84 ldreq r0, [r4] | r0 = *(r4);
| }
| if (r3 != 0) {
0x00071f88 beq 0x71fb8 |
0x00071f8c ldr r0, [r4, 0xc] | r0 = *((r4 + 0xc));
0x00071f90 cmn r0, 1 |
| if (r0 != 1) {
0x00071f94 beq 0x71fa4 |
0x00071f98 bl 0x14e48 | close (r0);
0x00071f9c mvn r3, 0 | r3 = ~0;
0x00071fa0 str r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
| }
0x00071fa4 bl 0x1471c | errno_location ();
0x00071fa8 ldr r3, [r4, 0x14] | r3 = *((r4 + 0x14));
0x00071fac str r3, [r0] | *(r0) = r3;
0x00071fb0 mvn r0, 0 | r0 = ~0;
0x00071fb4 str r0, [r4] | *(r4) = r0;
| }
| label_5:
0x00071fb8 add sp, sp, 0x7c |
0x00071fbc pop {r4, r5, r6, r7, pc} |
| }
[*] Function mmap used 3 times ntpd
