[*] Binary protection state of libssl.so.1.1
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of libssl.so.1.1
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libssl.so.1.1 @ 0x26590 */
| #include <stdint.h>
|
; (fcn) fcn.00026590 () | void fcn_00026590 (int32_t arg_38h, int32_t arg_3ch, int32_t arg1, int32_t arg2) {
| int32_t var_0h;
| int32_t var_4h;
| int32_t var_ch;
| int32_t var_14h;
| r0 = arg1;
| r1 = arg2;
0x00026590 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00026594 ldr fp, [pc, 0x144] | fp = *(0x266dc);
0x00026598 sub sp, sp, 0x14 |
0x0002659c mov r8, r3 | r8 = r3;
0x000265a0 mov sb, r1 | sb = r1;
0x000265a4 mov r6, r2 | r6 = r2;
0x000265a8 mov r7, r0 | r7 = r0;
0x000265ac bl 0x111a0 | strlen (r0);
0x000265b0 ldr r3, [sp, 0x3c] | r3 = *(arg_3ch);
0x000265b4 add fp, pc, fp |
0x000265b8 add r5, r8, r3 | r5 = r8 + r3;
0x000265bc ldr r2, [pc, 0x120] | r2 = *(0x266e0);
0x000265c0 mov r1, fp | r1 = fp;
0x000265c4 add r5, r0, r5, lsl 1 | r5 = r0 + (r5 << 1);
0x000265c8 add r5, r5, 3 | r5 += 3;
0x000265cc mov sl, r0 | sl = r0;
0x000265d0 mov r0, r5 | r0 = r5;
0x000265d4 bl 0x111dc | r0 = CRYPTO_malloc ();
0x000265d8 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 == r0) {
0x000265dc bne 0x2660c |
0x000265e0 ldr r3, [pc, 0x100] | r3 = *(0x266e4);
0x000265e4 mov r0, sb | r0 = sb;
0x000265e8 str r3, [sp, 4] | var_4h = r3;
0x000265ec str fp, [sp] | *(sp) = fp;
0x000265f0 mov r3, 0x41 | r3 = 0x41;
0x000265f4 mov r2, 0x1f4 | r2 = 0x1f4;
0x000265f8 mov r1, 0x50 | r1 = 0x50;
0x000265fc bl 0x3bd84 | fcn_0003bd84 (r0, r1, r2, r3);
0x00026600 mov r0, r4 | r0 = r4;
| label_0:
0x00026604 add sp, sp, 0x14 |
0x00026608 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x0002660c mov r1, r7 | r1 = r7;
0x00026610 bl 0x11fd4 | strcpy (r0, r1);
0x00026614 mov r3, 0x20 | r3 = 0x20;
0x00026618 strb r3, [r4, sl] | *((r4 + sl)) = r3;
0x0002661c ldr r3, [pc, 0xc8] | r3 = *(0x266e8);
0x00026620 add r7, r4, sl | r7 = r4 + sl;
0x00026624 add r7, r7, 1 | r7++;
0x00026628 add fp, r6, r8 |
0x0002662c mov sl, r7 | sl = r7;
0x00026630 add r3, pc, r3 | r3 = pc + r3;
| do {
0x00026634 ldrb r2, [r6], 1 | r2 = *(r6);
| r6++;
0x00026638 mov r1, r3 | r1 = r3;
0x0002663c mov r0, sl | r0 = sl;
0x00026640 str r3, [sp, 0xc] | var_ch = r3;
0x00026644 bl 0x11b00 | sprintf (r0, r1, r2)
0x00026648 cmp r6, fp |
0x0002664c add sl, sl, 2 | sl += 2;
0x00026650 ldr r3, [sp, 0xc] | r3 = var_ch;
0x00026654 bne 0x26634 |
| } while (r6 != fp);
0x00026658 mov r3, 0x20 | r3 = 0x20;
0x0002665c add r6, r7, r8, lsl 1 | r6 = r7 + (r8 << 1);
0x00026660 strb r3, [r7, r8, lsl 1] | offset_0 = r8 << 1;
| *((r7 + offset_0)) = r3;
0x00026664 ldr fp, [pc, 0x84] | fp = *(0x000266f0);
0x00026668 ldr r7, [sp, 0x38] | r7 = *(arg_38h);
0x0002666c ldr r3, [sp, 0x3c] | r3 = *(arg_3ch);
0x00026670 add r6, r6, 1 | r6++;
0x00026674 add sl, r7, r3 | sl = r7 + r3;
0x00026678 mov r8, r6 | r8 = r6;
0x0002667c add fp, pc, fp |
| do {
0x00026680 cmp r7, sl |
| if (r7 == sl) {
0x00026684 bne 0x266c8 |
0x00026688 ldr r2, [sp, 0x3c] | r2 = *(arg_3ch);
0x0002668c mov r3, 0 | r3 = 0;
0x00026690 strb r3, [r6, r2, lsl 1] | offset_1 = r2 << 1;
| *((r6 + offset_1)) = r3;
0x00026694 ldr r3, [sb, 0x4cc] | r3 = *((sb + 0x4cc));
0x00026698 mov r1, r4 | r1 = r4;
0x0002669c ldr r3, [r3, 0x21c] | r3 = *((r3 + 0x21c));
0x000266a0 mov r0, sb | r0 = sb;
0x000266a4 blx r3 | uint32_t (*r3)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x000266a8 ldr r2, [pc, 0x44] | r2 = *(0x266f0);
0x000266ac mov r0, r4 | r0 = r4;
0x000266b0 ldr r3, [pc, 0x40] | r3 = *(0x266f4);
0x000266b4 add r2, pc, r2 | r2 = pc + r2;
0x000266b8 mov r1, r5 | r1 = r5;
0x000266bc bl 0x12040 | CRYPTO_clear_free ();
0x000266c0 mov r0, 1 | r0 = 1;
0x000266c4 b 0x26604 | goto label_0;
| }
0x000266c8 mov r0, r8 | r0 = r8;
0x000266cc ldrb r2, [r7], 1 | r2 = *(r7);
| r7++;
0x000266d0 mov r1, fp | r1 = fp;
0x000266d4 bl 0x11b00 | sprintf (r0, r1, r2)
0x000266d8 add r8, r8, 2 | r8 += 2;
0x000266dc b 0x26680 |
| } while (1);
| }
[*] Function sprintf used 3 times libssl.so.1.1
