[*] Binary protection state of ntpq
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of ntpq
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/bin/ntpq @ 0x25634 */
| #include <stdint.h>
|
; (fcn) fcn.00025634 () | void fcn_00025634 (char * arg1, int32_t arg2) {
| int32_t var_0h;
| int32_t var_8h;
| int32_t var_8h_2;
| int32_t var_10h;
| int32_t var_20h;
| int32_t var_40h;
| int32_t var_7ch;
| r0 = arg1;
| r1 = arg2;
0x00025634 push {r4, r5, r6, r7, lr} |
0x00025638 mov r4, r3 | r4 = r3;
0x0002563c mov r5, r1 | r5 = r1;
0x00025640 mov r6, r2 | r6 = r2;
0x00025644 mov r1, 0 | r1 = 0;
0x00025648 sub sp, sp, 0x7c |
0x0002564c mov r7, r0 | r7 = r0;
0x00025650 mov r2, 0x18 | r2 = 0x18;
0x00025654 mov r0, r3 | r0 = r3;
0x00025658 bl 0x128b0 | memset (r0, r1, r2);
0x0002565c mvn r3, 0 | r3 = ~0;
0x00025660 str r5, [r4, 0x18] | *((r4 + 0x18)) = r5;
0x00025664 ands r5, r5, 2 | r5 &= 2;
0x00025668 str r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
0x0002566c str r6, [r4, 0x1c] | *((r4 + 0x1c)) = r6;
| if (r5 != r5) {
0x00025670 moveq r1, r5 | r1 = r5;
| }
| if (r5 != r5) {
0x00025674 beq 0x25688 |
0x00025678 and r3, r6, 3 | r3 = r6 & 3;
0x0002567c cmp r3, 1 |
| if (r3 != 1) {
0x00025680 moveq r1, 2 | r1 = 2;
| }
| if (r3 != 1) {
0x00025684 movne r1, 0 | r1 = 0;
| goto label_3;
| }
| }
| label_3:
0x00025688 cmp r5, 0 |
0x0002568c mvn r6, r6 | r6 = ~r6;
| if (r5 == 0) {
0x00025690 andne r5, r6, 1 | r5 = r6 & 1;
| }
| if (r5 != 0) {
0x00025694 moveq r5, 0 | r5 = 0;
| }
0x00025698 cmp r5, 0 |
| if (r5 == 0) {
0x0002569c orrne r1, r1, 0x80 | r1 |= 0x80;
| }
0x000256a0 mov r0, r7 | r0 = r7;
0x000256a4 bl 0x12a18 | r0 = open64 ();
0x000256a8 cmp r0, 0 |
0x000256ac str r0, [r4, 0xc] | *((r4 + 0xc)) = r0;
| if (r0 >= 0) {
0x000256b0 bge 0x25748 | goto label_4;
| }
0x000256b4 bl 0x12430 | r0 = errno_location ();
0x000256b8 ldr r3, [r0] | r3 = *(r0);
0x000256bc str r3, [r4, 0x14] | *((r4 + 0x14)) = r3;
0x000256c0 mvn r3, 0 | r3 = ~0;
0x000256c4 str r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
| do {
| label_1:
0x000256c8 ldr r5, [r4, 0x14] | r5 = *((r4 + 0x14));
0x000256cc cmp r5, 0 |
| if (r5 == 0) {
0x000256d0 mvnne r0, 0 | r0 = ~0;
| }
| if (r5 != 0) {
0x000256d4 bne 0x25820 | goto label_5;
| }
0x000256d8 mov r0, 0x1e | r0 = 0x1e;
0x000256dc bl 0x123dc | sysconf ();
0x000256e0 ldr r1, [r4, 4] | r1 = *((r4 + 4));
0x000256e4 add r1, r0, r1 | r1 = r0 + r1;
0x000256e8 rsb r0, r0, 0 | r0 -= ;
0x000256ec and r0, r0, r1 | r0 &= r1;
0x000256f0 cmp r1, r0 |
0x000256f4 str r0, [r4, 8] | *((r4 + 8)) = r0;
| if (r1 == r0) {
0x000256f8 movne r0, r5 | r0 = r5;
| }
| if (r1 != r0) {
0x000256fc bne 0x257b4 | goto label_6;
| }
0x00025700 mov r2, 0 | r2 = 0;
0x00025704 mov r3, 0 | r3 = 0;
0x00025708 strd r2, r3, [sp, 8] | __asm ("strd r2, r3, [var_8h]");
0x0002570c mvn r3, 0 | r3 = ~0;
0x00025710 str r3, [sp] | *(sp) = r3;
0x00025714 mov r2, 3 | r2 = 3;
0x00025718 mov r3, 0x22 | r3 = 0x22;
0x0002571c mov r0, r5 | r0 = r5;
0x00025720 bl 0x1285c | r0 = mmap64 ()
0x00025724 cmn r0, 1 |
| if (r0 == 1) {
0x00025728 ldrne r3, [r4, 0x1c] | r3 = *((r4 + 0x1c));
| }
| if (r0 == 1) {
0x0002572c orrne r3, r3, 0x10 | r3 |= 0x10;
| }
| if (r0 == 1) {
0x00025730 strne r3, [r4, 0x1c] | *((r4 + 0x1c)) = r3;
| }
| if (r0 != 1) {
0x00025734 bne 0x257b4 | goto label_6;
| }
| label_2:
0x00025738 bl 0x12430 | r0 = errno_location ();
0x0002573c ldr r3, [r0] | r3 = *(r0);
0x00025740 str r3, [r4, 0x14] | *((r4 + 0x14)) = r3;
0x00025744 b 0x257e4 | goto label_7;
| label_4:
0x00025748 add r1, sp, 0x10 | r1 += var_10h;
0x0002574c bl 0x12520 | r0 = fstat64 ();
0x00025750 cmp r0, 0 |
| if (r0 == 0) {
0x00025754 beq 0x25770 | goto label_8;
| }
0x00025758 bl 0x12430 | r0 = errno_location ();
0x0002575c ldr r3, [r0] | r3 = *(r0);
| label_0:
0x00025760 str r3, [r4, 0x14] | *((r4 + 0x14)) = r3;
0x00025764 ldr r0, [r4, 0xc] | r0 = *((r4 + 0xc));
0x00025768 bl 0x127f0 | close (r0);
0x0002576c b 0x256c8 |
| } while (1);
| label_8:
0x00025770 ldr r3, [sp, 0x20] | r3 = var_20h;
0x00025774 and r3, r3, 0xf000 | r3 &= 0xf000;
0x00025778 cmp r3, 0x8000 |
| if (r3 != 0x8000) {
0x0002577c beq 0x25790 |
0x00025780 bl 0x12430 | errno_location ();
0x00025784 mov r3, 0x16 | r3 = 0x16;
0x00025788 str r3, [r0] | *(r0) = r3;
0x0002578c b 0x25760 | goto label_0;
| }
0x00025790 ldr r3, [sp, 0x40] | r3 = var_40h;
0x00025794 str r3, [r4, 4] | *((r4 + 4)) = r3;
0x00025798 ldr r3, [r4, 0xc] | r3 = *((r4 + 0xc));
0x0002579c cmn r3, 1 |
| if (r3 != 1) {
0x000257a0 bne 0x256c8 | goto label_1;
| }
0x000257a4 bl 0x12430 | r0 = errno_location ();
0x000257a8 ldr r3, [r0] | r3 = *(r0);
0x000257ac str r3, [r4, 0x14] | *((r4 + 0x14)) = r3;
0x000257b0 b 0x256c8 | goto label_1;
| label_6:
0x000257b4 mov r2, 0 | r2 = 0;
0x000257b8 mov r3, 0 | r3 = 0;
0x000257bc strd r2, r3, [sp, 8] | __asm ("strd r2, r3, [var_8h]");
0x000257c0 ldr r3, [r4, 0xc] | r3 = *((r4 + 0xc));
0x000257c4 ldr r2, [r4, 0x18] | r2 = *((r4 + 0x18));
0x000257c8 str r3, [sp] | *(sp) = r3;
0x000257cc ldr r1, [r4, 4] | r1 = *((r4 + 4));
0x000257d0 ldr r3, [r4, 0x1c] | r3 = *((r4 + 0x1c));
0x000257d4 bl 0x1285c | r0 = mmap64 ()
0x000257d8 cmn r0, 1 |
0x000257dc str r0, [r4] | *(r4) = r0;
| if (r0 == 1) {
0x000257e0 beq 0x25738 | goto label_2;
| }
| label_7:
0x000257e4 ldr r3, [r4, 0x14] | r3 = *((r4 + 0x14));
0x000257e8 cmp r3, 0 |
| if (r3 != 0) {
0x000257ec ldreq r0, [r4] | r0 = *(r4);
| }
| if (r3 != 0) {
0x000257f0 beq 0x25820 |
0x000257f4 ldr r0, [r4, 0xc] | r0 = *((r4 + 0xc));
0x000257f8 cmn r0, 1 |
| if (r0 != 1) {
0x000257fc beq 0x2580c |
0x00025800 bl 0x127f0 | close (r0);
0x00025804 mvn r3, 0 | r3 = ~0;
0x00025808 str r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
| }
0x0002580c bl 0x12430 | errno_location ();
0x00025810 ldr r3, [r4, 0x14] | r3 = *((r4 + 0x14));
0x00025814 str r3, [r0] | *(r0) = r3;
0x00025818 mvn r0, 0 | r0 = ~0;
0x0002581c str r0, [r4] | *(r4) = r0;
| }
| label_5:
0x00025820 add sp, sp, 0x7c |
0x00025824 pop {r4, r5, r6, r7, pc} |
| }
[*] Function mmap used 3 times ntpq
