[*] Binary protection state of ldd
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of ldd
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/bin/ldd @ 0x10bbc */
| #include <stdint.h>
|
; (fcn) fcn.00010bbc () | void fcn_00010bbc (int32_t arg1, int32_t arg2) {
| int32_t var_0h;
| int32_t var_10h;
| int32_t var_58h;
| r0 = arg1;
| r1 = arg2;
0x00010bbc push {r4, r5, r6, r7, r8, sb, sl, lr} |
0x00010bc0 mov r8, r0 | r8 = r0;
0x00010bc4 sub sp, sp, 0x58 |
0x00010bc8 mov r0, r2 | r0 = r2;
0x00010bcc mov r6, r1 | r6 = r1;
0x00010bd0 bl 0x107f4 | r0 = strdup (r0);
0x00010bd4 subs r5, r0, 0 | r5 = r0 - 0;
| if (r5 != r0) {
0x00010bd8 bne 0x10ca8 | goto label_3;
| }
0x00010bdc ldr r3, [pc, 0x118] | r3 = *(0x10cf8);
0x00010be0 ldr r2, [pc, 0x118] | r2 = stderr;
0x00010be4 ldr r1, [pc, 0x118] | r1 = "search_for_named_library";
0x00010be8 ldr r0, [r3] | r0 = *(0x10cf8);
0x00010bec bl 0x107b8 | fprintf (r0, "search_for_named_library", r2, r3);
0x00010bf0 mov r0, 1 | r0 = 1;
0x00010bf4 bl 0x10848 | r0 = exit (r0);
| do {
0x00010bf8 bl 0x1086c | strlen (r0);
0x00010bfc add r1, r4, 1 | r1 = r4 + 1;
0x00010c00 mov r7, r0 | r7 = r0;
0x00010c04 sub r2, r0, 1 | r2 = r0 - 1;
0x00010c08 add r7, r4, r7 | r7 = r4 + r7;
0x00010c0c mov r0, r4 | r0 = r4;
0x00010c10 bl 0x1074c | memmove (r0, r1, r2);
0x00010c14 strb sl, [r7, -1] | *((r7 - 1)) = sl;
| label_0:
0x00010c18 mov r0, r4 | r0 = r4;
0x00010c1c mov r1, sb | r1 = sb;
0x00010c20 bl 0x107dc | r0 = strstr (r0, r1);
0x00010c24 subs r4, r0, 0 | r4 = r0 - 0;
0x00010c28 bne 0x10bf8 |
| } while (r4 != r0);
0x00010c2c mov r0, r5 | r0 = r5;
0x00010c30 bl 0x1086c | strlen (r0);
0x00010c34 mov sb, 1 | sb = 1;
0x00010c38 add r0, r5, r0 | r0 = r5 + r0;
| do {
0x00010c3c sub r3, r0, r5 | r3 = r0 - r5;
0x00010c40 cmp r3, 0 |
| if (r3 <= 0) {
0x00010c44 bgt 0x10cb8 |
0x00010c48 ldr sl, [pc, 0xb8] | sl = "_s:_Out_of_memory_";
0x00010c4c mov r4, r5 | r4 = r5;
0x00010c50 mov r7, 0 | r7 = 0;
| label_1:
0x00010c54 mov r1, r4 | r1 = r4;
0x00010c58 mov r0, r6 | r0 = r6;
0x00010c5c bl 0x1071c | strcpy (r0, r1);
0x00010c60 mov r1, sl | r1 = sl;
0x00010c64 mov r0, r6 | r0 = r6;
0x00010c68 bl 0x107c4 | strcat (r0, r1)
0x00010c6c mov r1, r8 | r1 = r8;
0x00010c70 mov r0, r6 | r0 = r6;
0x00010c74 bl 0x107c4 | strcat (r0, r1)
0x00010c78 mov r1, sp | r1 = sp;
0x00010c7c mov r0, r6 | r0 = r6;
0x00010c80 bl 0x10830 | r0 = stat ();
0x00010c84 cmp r0, 0 |
| if (r0 != 0) {
0x00010c88 bne 0x10ccc | goto label_4;
| }
0x00010c8c ldr r3, [sp, 0x10] | r3 = var_10h;
0x00010c90 tst r3, 0x100 |
| if ((r3 & 0x100) == 0) {
0x00010c94 beq 0x10ccc | goto label_4;
| }
0x00010c98 mov r0, r5 | r0 = r5;
0x00010c9c bl 0x10884 | free (r0);
| label_2:
0x00010ca0 add sp, sp, 0x58 |
0x00010ca4 pop {r4, r5, r6, r7, r8, sb, sl, pc} |
| label_3:
0x00010ca8 mov r4, r5 | r4 = r5;
0x00010cac ldr sb, [pc, 0x58] | sb = "__";
0x00010cb0 mov sl, 0 | sl = 0;
0x00010cb4 b 0x10c18 | goto label_0;
| }
0x00010cb8 ldrb r3, [r0], -1 | r3 = *(r0);
| r0 += -1;
0x00010cbc cmp r3, 0x3a |
| if (r3 != 0x3a) {
0x00010cc0 strbeq r4, [r0, 1] | *((r0 + 1)) = r4;
| }
| if (r3 != 0x3a) {
0x00010cc4 addeq sb, sb, 1 | sb++;
| }
0x00010cc8 b 0x10c3c |
| } while (1);
| label_4:
0x00010ccc mov r0, r4 | r0 = r4;
0x00010cd0 bl 0x1086c | strlen (r0);
0x00010cd4 add r7, r7, 1 | r7++;
0x00010cd8 cmp sb, r7 |
0x00010cdc add r0, r0, 1 | r0++;
0x00010ce0 add r4, r4, r0 | r4 += r0;
| if (sb != r7) {
0x00010ce4 bne 0x10c54 | goto label_1;
| }
0x00010ce8 mov r0, r5 | r0 = r5;
0x00010cec bl 0x10884 | free (r0);
0x00010cf0 mov r3, 0 | r3 = 0;
0x00010cf4 strb r3, [r6] | *(r6) = r3;
0x00010cf8 b 0x10ca0 | goto label_2;
| }
[*] Function strcat used 3 times ldd
