[*] Binary protection state of openssl
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of openssl
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/bin/openssl @ 0x29380 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) main () | int32_t main (char ** envp, int32_t argc, char ** argv) {
| int32_t var_4h;
| int32_t var_8h;
| int32_t var_ch;
| int32_t var_10h;
| int32_t var_14h;
| int32_t var_2h;
| char * s;
| int32_t var_420h;
| int32_t var_4h_2;
| r0 = argc;
| r1 = argv;
0x00029380 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00029384 sub sp, sp, 0x420 |
0x00029388 sub sp, sp, 4 |
0x0002938c mov r3, 0 | r3 = 0;
0x00029390 mov r5, r0 | r5 = r0;
0x00029394 ldr r0, [pc, 0x30c] | r0 = *(0x296a4);
0x00029398 mov r7, r1 | r7 = r1;
0x0002939c str r3, [sp, 0xc] | var_ch = r3;
0x000293a0 str r3, [sp, 4] | var_4h = r3;
0x000293a4 bl 0x24208 | r0 = getenv (r0);
0x000293a8 cmp r0, 0 |
| if (r0 == 0) {
0x000293ac beq 0x294c8 | goto label_3;
| }
0x000293b0 mov r2, 0x6a | r2 = 0x6a;
0x000293b4 ldr r1, [pc, 0x2f0] | r1 = "OPENSSL_CONF";
0x000293b8 bl 0x2500c | CRYPTO_strdup ();
| do {
0x000293bc ldr r4, [pc, 0x2ec] | r4 = "apps/openssl.c";
0x000293c0 str r0, [r4, 0x10] | *((r4 + 0x10)) = r0;
0x000293c4 ldr r0, [pc, 0x2e8] | r0 = *(0x296b0);
0x000293c8 bl 0x5f7a8 | fcn_0005f7a8 (r0);
0x000293cc str r0, [r4, 0x14] | *((r4 + 0x14)) = r0;
0x000293d0 ldr r0, [pc, 0x2dc] | r0 = *(0x296b0);
0x000293d4 bl 0x5fb84 | fcn_0005fb84 (r0);
0x000293d8 str r0, [r4] | *(r4) = r0;
0x000293dc ldr r0, [pc, 0x2d0] | r0 = *(0x296b0);
0x000293e0 bl 0x5fe98 | fcn_0005fe98 (r0);
0x000293e4 str r0, [r4, 4] | *((r4 + 4)) = r0;
0x000293e8 ldr r0, [pc, 0x2c8] | r0 = *(0x296b4);
0x000293ec bl 0x24208 | r0 = getenv (r0);
0x000293f0 cmp r0, 0 |
| if (r0 != 0) {
0x000293f4 beq 0x29410 |
0x000293f8 ldr r1, [pc, 0x2bc] | r1 = "OPENSSL_DEBUG_MEMORY";
0x000293fc bl 0x27154 | r0 = strcmp (r0, "OPENSSL_DEBUG_MEMORY");
0x00029400 cmp r0, 0 |
| if (r0 != 0) {
0x00029404 bne 0x29410 | goto label_4;
| }
0x00029408 mov r0, 1 | r0 = 1;
0x0002940c bl 0x258b8 | CRYPTO_set_mem_debug ();
| }
| label_4:
0x00029410 mov r0, 1 | r0 = 1;
0x00029414 bl 0x27ad8 | CRYPTO_mem_ctrl ();
0x00029418 ldr r0, [pc, 0x2a0] | r0 = *(0x296bc);
0x0002941c bl 0x24208 | r0 = getenv (r0);
0x00029420 subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 != r0) {
0x00029424 bne 0x2968c | goto label_5;
| }
0x00029428 mov r1, 1 | r1 = 1;
0x0002942c mov r0, 0xd | r0 = 0xd;
0x00029430 bl 0x278b0 | signal (r0);
0x00029434 mov r2, r6 | r2 = r6;
0x00029438 ldr r0, [pc, 0x284] | r0 = "OPENSSL_FIPS";
0x0002943c mov r1, 0 | r1 = 0;
0x00029440 bl 0x2695c | r0 = OPENSSL_init_ssl ();
0x00029444 subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 != r0) {
0x00029448 bne 0x294fc | goto label_6;
| }
0x0002944c ldr r1, [pc, 0x274] | r1 = *(0x296c4);
0x00029450 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x00029454 bl 0x23e48 | BIO_printf ();
0x00029458 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0002945c bl 0x27acc | ERR_print_errors ();
0x00029460 mov r5, 1 | r5 = 1;
| label_0:
0x00029464 mov r2, 0xff | r2 = 0xff;
0x00029468 ldr r1, [pc, 0x23c] | r1 = "OPENSSL_CONF";
0x0002946c mov r0, 0 | r0 = 0;
0x00029470 bl 0x251d4 | CRYPTO_free ();
0x00029474 mov r2, 0x100 | r2 = 0x100;
0x00029478 ldr r1, [pc, 0x22c] | r1 = "OPENSSL_CONF";
0x0002947c ldr r0, [r4, 0x10] | r0 = *((r4 + 0x10));
0x00029480 bl 0x251d4 | CRYPTO_free ();
0x00029484 mov r0, r6 | r0 = r6;
0x00029488 bl 0x24ff4 | OPENSSL_LH_free ();
0x0002948c ldr r2, [pc, 0x238] | r2 = "FATAL: Startup failure (dev note: apps_startup() failed)\n";
0x00029490 ldr r1, [pc, 0x214] | r1 = "OPENSSL_CONF";
0x00029494 ldr r0, [sp, 0xc] | r0 = var_ch;
0x00029498 bl 0x251d4 | CRYPTO_free ();
0x0002949c bl 0x5cc18 | fcn_0005cc18 ();
0x000294a0 ldr r0, [r4, 0x14] | r0 = *((r4 + 0x14));
0x000294a4 bl 0x27418 | BIO_free ();
0x000294a8 ldr r0, [r4] | r0 = *(r4);
0x000294ac bl 0x26770 | BIO_free_all ();
0x000294b0 bl 0x5d5e8 | fcn_0005d5e8 ();
0x000294b4 bl 0x5fec0 | fcn_0005fec0 ();
0x000294b8 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x000294bc bl 0x27418 | BIO_free ();
0x000294c0 mov r0, r5 | r0 = r5;
0x000294c4 bl 0x26ee4 | r0 = exit (r0);
| label_3:
0x000294c8 bl 0x26044 | r0 = X509_get_default_cert_area ();
0x000294cc mov r4, r0 | r4 = r0;
0x000294d0 bl 0x24eec | strlen (r0);
0x000294d4 ldr r1, [pc, 0x1f4] | r1 = *(0x296cc);
0x000294d8 add r0, r0, 0xd | r0 += 0xd;
0x000294dc bl 0x5d7f8 | fcn_0005d7f8 (r0, r1);
0x000294e0 mov r1, r4 | r1 = r4;
0x000294e4 bl 0x27a84 | strcpy (r0, r1);
0x000294e8 ldr r1, [pc, 0x1e4] | r1 = "config_filename_buffer";
0x000294ec bl 0x247fc | strcat (r0, "config_filename_buffer")
0x000294f0 ldr r1, [pc, 0x1e0] | r1 = *(0x296d4);
0x000294f4 bl 0x247fc | strcat (r0, r1)
0x000294f8 b 0x293bc |
| } while (1);
| label_6:
0x000294fc bl 0x5d560 | fcn_0005d560 ();
0x00029500 bl 0x39d24 | r0 = fcn_00039d24 ();
0x00029504 mov r6, r0 | r6 = r0;
0x00029508 ldr r0, [r7] | r0 = *(r7);
0x0002950c bl 0x617a8 | fcn_000617a8 (r0);
0x00029510 add r1, sp, 0x10 | r1 += var_10h;
0x00029514 str r0, [sp, 0x14] | var_14h = r0;
0x00029518 mov r8, r0 | r8 = r0;
0x0002951c mov r0, r6 | r0 = r6;
0x00029520 bl 0x2557c | r0 = OPENSSL_LH_retrieve ();
0x00029524 cmp r0, 0 |
| if (r0 == 0) {
0x00029528 beq 0x29548 | goto label_7;
| }
0x0002952c ldr r3, [r0, 8] | r3 = *((r0 + 8));
0x00029530 str r8, [r7] | *(r7) = r8;
0x00029534 mov r1, r7 | r1 = r7;
0x00029538 mov r0, r5 | r0 = r5;
0x0002953c blx r3 | r0 = uint32_t (*r3)(uint32_t, uint32_t, uint32_t) (r0, r1, r3);
| do {
0x00029540 mov r5, r0 | r5 = r0;
0x00029544 b 0x29464 | goto label_0;
| label_7:
0x00029548 cmp r5, 1 |
| if (r5 != 1) {
0x0002954c ldreq r8, [pc, 0x188] | r8 = obj.stdout;
| }
| if (r5 != 1) {
0x00029550 beq 0x295d8 |
0x00029554 sub r1, r5, 1 | r1 = r5 - 1;
0x00029558 cmp r1, 0 |
0x0002955c add r2, r7, 4 | r2 = r7 + 4;
| if (r1 <= 0) {
0x00029560 ble 0x29684 | goto label_8;
| }
0x00029564 mov r0, r6 | r0 = r6;
0x00029568 bl 0x39dc8 | r0 = fcn_00039dc8 (r0, r1);
0x0002956c bic r5, r0, r0, asr 31 | r5 = BIT_MASK (r0, r0);
0x00029570 b 0x29464 | goto label_0;
| label_2:
0x00029574 ldr r1, [sp, 8] | r1 = var_8h;
0x00029578 ldr r2, [sp, 0xc] | r2 = var_ch;
0x0002957c cmp r1, 0 |
| if (r1 > 0) {
0x00029580 ble 0x295b0 |
0x00029584 mov r0, r6 | r0 = r6;
0x00029588 bl 0x39dc8 | r0 = fcn_00039dc8 (r0, r1);
0x0002958c cmn r0, 1 |
| if (r0 == 1) {
0x00029590 beq 0x29684 | goto label_8;
| }
0x00029594 cmp r0, 0 |
| if (r0 == 0) {
0x00029598 beq 0x295b0 | goto label_9;
| }
0x0002959c ldr r3, [sp, 0xc] | r3 = var_ch;
0x000295a0 ldr r1, [pc, 0x138] | r1 = stdout;
0x000295a4 ldr r2, [r3] | r2 = *(r3);
0x000295a8 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x000295ac bl 0x23e48 | BIO_printf ();
| }
| label_9:
0x000295b0 mov r3, 0 | r3 = 0;
0x000295b4 mov r2, r3 | r2 = r3;
0x000295b8 mov r1, 0xb | r1 = 0xb;
0x000295bc ldr r0, [r4] | r0 = *(r4);
0x000295c0 bl 0x273d0 | BIO_ctrl ();
0x000295c4 mov r3, 0 | r3 = 0;
0x000295c8 mov r2, r3 | r2 = r3;
0x000295cc mov r1, 0xb | r1 = 0xb;
0x000295d0 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x000295d4 bl 0x273d0 | BIO_ctrl ();
| }
0x000295d8 ldr r0, [pc, 0x104] | r0 = "error_in__s";
0x000295dc ldr fp, [pc, 0x104] | fp = obj.stdin;
0x000295e0 add sb, sp, 0x20 | sb += s;
0x000295e4 mov r7, 0x400 | r7 = 0x400;
0x000295e8 mov sl, sb | sl = sb;
| label_1:
0x000295ec mov r2, 0 | r2 = 0;
0x000295f0 ldr r1, [r8] | r1 = *(r8);
0x000295f4 strb r2, [sb] | *(sb) = r2;
0x000295f8 bl 0x261c4 | fputs (r0, r1);
0x000295fc ldr r0, [r8] | r0 = *(r8);
0x00029600 bl 0x264ac | fflush (r0);
0x00029604 ldr r2, [fp] | r2 = *(fp);
0x00029608 mov r1, r7 | r1 = r7;
0x0002960c mov r0, sb | r0 = sb;
0x00029610 bl 0x25eb8 | r0 = fgets (r0, r1, r2);
0x00029614 cmp r0, 0 |
0x00029618 beq 0x29540 |
| } while (r0 == 0);
0x0002961c ldrb r2, [sb] | r2 = *(sb);
0x00029620 cmp r2, 0 |
| if (r2 == 0) {
0x00029624 beq 0x29684 | goto label_8;
| }
0x00029628 mov r0, sb | r0 = sb;
0x0002962c bl 0x24eec | r0 = strlen (r0);
0x00029630 cmp r0, 1 |
| if (r0 < 1) {
0x00029634 bls 0x29660 | goto label_10;
| }
0x00029638 add r2, sb, r0 | r2 = sb + r0;
0x0002963c ldrb r2, [r2, -2] | r2 = *((r2 - 2));
0x00029640 cmp r2, 0x5c |
| if (r2 != 0x5c) {
0x00029644 bne 0x29660 | goto label_10;
| }
0x00029648 sub r0, r0, 2 | r0 -= var_2h;
0x0002964c sub r7, r7, r0 | r7 -= r0;
0x00029650 cmp r7, 0 |
0x00029654 add sb, sb, r0 | sb += r0;
0x00029658 ldr r0, [pc, 0x8c] | r0 = stdin;
| if (r7 > 0) {
0x0002965c bgt 0x295ec | goto label_1;
| }
| label_10:
0x00029660 mov r1, sl | r1 = sl;
0x00029664 add r0, sp, 4 | r0 += var_4h;
0x00029668 bl 0x5d87c | r0 = fcn_0005d87c (r0, r1);
0x0002966c cmp r0, 0 |
| if (r0 != 0) {
0x00029670 bne 0x29574 | goto label_2;
| }
0x00029674 ldr r1, [pc, 0x74] | r1 = *(0x296ec);
0x00029678 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x0002967c bl 0x23e48 | BIO_printf ();
0x00029680 b 0x29464 | goto label_0;
| label_8:
0x00029684 mov r5, 0 | r5 = 0;
0x00029688 b 0x29464 | goto label_0;
| label_5:
0x0002968c ldr r1, [pc, 0x60] | r1 = "Can't parse (no memory?)\n";
0x00029690 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x00029694 bl 0x23e48 | BIO_printf ();
0x00029698 mov r0, 1 | r0 = 1;
0x0002969c add sp, sp, 0x420 |
0x000296a0 add sp, sp, 4 |
0x000296a4 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
[*] Function strcat used 3 times openssl
