[*] Binary protection state of libcjson.so.1.7.7
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH Symbols
[*] Function strcpy tear down of libcjson.so.1.7.7
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libcjson.so.1.7.7 @ 0x1fe4 */
| #include <stdint.h>
|
; (fcn) sym.print_value () | void print_value (uint32_t arg1, void * arg2) {
| int32_t var_0h;
| int32_t var_0h_3;
| char * dest;
| int32_t var_1h;
| int32_t var_2ch;
| int8_t var_0h_2;
| r0 = arg1;
| r1 = arg2;
0x00001fe4 cmp r0, 0 |
0x00001fe8 clz r3, r1 | r3 &= r1;
0x00001fec lsr r3, r3, 5 | r3 >>= 5;
0x00001ff0 push {r4, r5, r6, r7, r8, sb, lr} |
| if (r0 == 0) {
0x00001ff4 movne r7, r3 | r7 = r3;
| }
| if (r0 != 0) {
0x00001ff8 moveq r7, 1 | r7 = 1;
| }
0x00001ffc cmp r7, 0 |
0x00002000 sub sp, sp, 0x2c |
0x00002004 beq 0x2010 |
| while (r5 != 1) {
| label_0:
0x00002008 mov r0, 0 | r0 = 0;
0x0000200c b 0x207c | goto label_1;
0x00002010 ldrb r5, [r0, 0xc] | r5 = *((r0 + 0xc));
0x00002014 mov r4, r1 | r4 = r1;
0x00002018 cmp r5, 8 |
0x0000201c mov r6, r0 | r6 = r0;
| if (r5 == 8) {
0x00002020 beq 0x2114 | goto label_12;
| }
| if (r5 > 8) {
0x00002024 bgt 0x2060 | goto label_13;
| }
0x00002028 cmp r5, 2 |
| if (r5 == 2) {
0x0000202c beq 0x20f4 | goto label_14;
| }
0x00002030 cmp r5, 4 |
| if (r5 == 4) {
0x00002034 beq 0x20cc | goto label_15;
| }
0x00002038 cmp r5, 1 |
0x0000203c bne 0x2008 |
| }
0x00002040 mov r1, 6 | r1 = 6;
0x00002044 mov r0, r4 | r0 = r4;
0x00002048 bl 0x1be0 | r0 = ensure ();
0x0000204c cmp r0, 0 |
| if (r0 == 0) {
0x00002050 beq 0x2008 | goto label_0;
| }
0x00002054 ldr r1, [pc, 0x4ac] | r1 = *(0x2504);
0x00002058 add r1, pc, r1 | r1 = pc + r1;
0x0000205c b 0x20e8 | goto label_2;
| label_13:
0x00002060 cmp r5, 0x20 |
| if (r5 == 0x20) {
0x00002064 beq 0x2218 | goto label_16;
| }
| if (r5 > 0x20) {
0x00002068 bgt 0x2084 | goto label_17;
| }
0x0000206c cmp r5, 0x10 |
| if (r5 != 0x10) {
0x00002070 bne 0x2008 | goto label_0;
| }
0x00002074 ldr r0, [r0, 0x10] | r0 = *((r0 + 0x10));
0x00002078 bl 0x1e0c | print_string_ptr ();
| label_1:
0x0000207c add sp, sp, 0x2c |
0x00002080 pop {r4, r5, r6, r7, r8, sb, pc} |
| label_17:
0x00002084 cmp r5, 0x40 |
| if (r5 == 0x40) {
0x00002088 beq 0x2308 | goto label_18;
| }
0x0000208c cmp r5, 0x80 |
| if (r5 != 0x80) {
0x00002090 bne 0x2008 | goto label_0;
| }
0x00002094 ldr r0, [r0, 0x10] | r0 = *((r0 + 0x10));
0x00002098 cmp r0, 0 |
| if (r0 == 0) {
0x0000209c beq 0x2008 | goto label_0;
| }
0x000020a0 bl 0x1638 | r0 = strlen (r0);
0x000020a4 add r5, r0, 1 | r5 = r0 + 1;
0x000020a8 mov r1, r5 | r1 = r5;
0x000020ac mov r0, r4 | r0 = r4;
0x000020b0 bl 0x1be0 | r0 = ensure ();
0x000020b4 cmp r0, 0 |
| if (r0 == 0) {
0x000020b8 beq 0x2008 | goto label_0;
| }
0x000020bc mov r2, r5 | r2 = r5;
0x000020c0 ldr r1, [r6, 0x10] | r1 = *((r6 + 0x10));
0x000020c4 bl 0x1500 | memcpy (r0, r1, r2);
0x000020c8 b 0x20ec | goto label_3;
| label_15:
0x000020cc mov r1, 5 | r1 = 5;
0x000020d0 mov r0, r4 | r0 = r4;
0x000020d4 bl 0x1be0 | r0 = ensure ();
0x000020d8 cmp r0, 0 |
| if (r0 == 0) {
0x000020dc beq 0x2008 | goto label_0;
| }
0x000020e0 ldr r1, [pc, 0x424] | r1 = *(0x2508);
0x000020e4 add r1, pc, r1 | r1 = pc + r1;
| label_2:
0x000020e8 bl 0x14d0 | strcpy (r0, r1)
| label_3:
0x000020ec mov r0, 1 | r0 = 1;
0x000020f0 b 0x207c | goto label_1;
| label_14:
0x000020f4 mov r1, 5 | r1 = 5;
0x000020f8 mov r0, r4 | r0 = r4;
0x000020fc bl 0x1be0 | r0 = ensure ();
0x00002100 cmp r0, 0 |
| if (r0 == 0) {
0x00002104 beq 0x2008 | goto label_0;
| }
0x00002108 ldr r1, [pc, 0x400] | r1 = *(0x250c);
0x0000210c add r1, pc, r1 | r1 = pc + r1;
0x00002110 b 0x20e8 | goto label_2;
| label_12:
0x00002114 ldrd r8, sb, [r0, 0x18] | __asm ("ldrd r8, sb, [r0, 0x18]");
0x00002118 mov r2, 0 | r2 = 0;
0x0000211c mov r3, 0 | r3 = 0;
0x00002120 mov r0, r8 | r0 = r8;
0x00002124 mov r1, sb | r1 = sb;
0x00002128 bl 0x44ac | aeabi_dmul ();
0x0000212c mov r2, 0 | r2 = 0;
0x00002130 mov r3, 0 | r3 = 0;
0x00002134 bl 0x49e4 | aeabi_dcmpeq ();
0x00002138 add r6, sp, 0xc | r6 += dest;
0x0000213c cmp r0, 0 |
| if (r0 != 0) {
0x00002140 bne 0x2190 | goto label_19;
| }
0x00002144 ldr r1, [pc, 0x3c8] | r1 = *(0x2510);
0x00002148 mov r0, r6 | r0 = r6;
0x0000214c add r1, pc, r1 | r1 = pc + r1;
0x00002150 bl 0x14d0 | strcpy (r0, r1)
0x00002154 mov r5, 4 | r5 = 4;
| label_4:
0x00002158 add r1, r5, 1 | r1 += var_1h;
0x0000215c mov r0, r4 | r0 = r4;
0x00002160 bl 0x1be0 | r0 = ensure ();
0x00002164 cmp r0, 0 |
| if (r0 != 0) {
0x00002168 movne r3, 0 | r3 = 0;
| goto label_20;
| }
| if (r0 == 0) {
| label_20:
0x0000216c beq 0x2008 | goto label_0;
| }
| label_5:
0x00002170 cmp r5, r3 |
| if (r5 != r3) {
0x00002174 bne 0x2208 | goto label_21;
| }
0x00002178 mov r3, 0 | r3 = 0;
0x0000217c strb r3, [r0, r5] | *((r0 + r5)) = r3;
0x00002180 ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x00002184 add r5, r3, r5 | r5 = r3 + r5;
0x00002188 str r5, [r4, 8] | *((r4 + 8)) = r5;
0x0000218c b 0x20ec | goto label_3;
| label_19:
0x00002190 ldr r1, [pc, 0x380] | r1 = *(0x2514);
0x00002194 mov r2, r8 | r2 = r8;
0x00002198 mov r3, sb | r3 = sb;
0x0000219c add r1, pc, r1 | r1 = pc + r1;
0x000021a0 mov r0, r6 | r0 = r6;
0x000021a4 bl 0x1608 | sprintf (r0, r1, r2);
0x000021a8 ldr r1, [pc, 0x36c] | r1 = *(0x2518);
0x000021ac mov r2, sp | r2 = sp;
0x000021b0 add r1, pc, r1 | r1 = pc + r1;
0x000021b4 mov r5, r0 | r5 = r0;
0x000021b8 mov r0, r6 | r0 = r6;
0x000021bc bl 0x15a8 | r0 = sscanf (r0, r1, r2);
0x000021c0 cmp r0, 1 |
| if (r0 == 1) {
0x000021c4 bne 0x21e0 |
0x000021c8 ldrd r2, r3, [sp] | __asm ("ldrd r2, r3, [sp]");
0x000021cc mov r0, r8 | r0 = r8;
0x000021d0 mov r1, sb | r1 = sb;
0x000021d4 bl 0x49e4 | r0 = aeabi_dcmpeq ();
0x000021d8 cmp r0, 0 |
| if (r0 != 0) {
0x000021dc bne 0x21fc | goto label_22;
| }
| }
0x000021e0 ldr r1, [pc, 0x338] | r1 = *(0x251c);
0x000021e4 mov r2, r8 | r2 = r8;
0x000021e8 mov r3, sb | r3 = sb;
0x000021ec add r1, pc, r1 | r1 = pc + r1;
0x000021f0 mov r0, r6 | r0 = r6;
0x000021f4 bl 0x1608 | r0 = sprintf (r0, r1, r2);
0x000021f8 mov r5, r0 | r5 = r0;
| label_22:
0x000021fc cmp r5, 0x19 |
| if (r5 > 0x19) {
0x00002200 bhi 0x2008 | goto label_0;
| }
0x00002204 b 0x2158 | goto label_4;
| label_21:
0x00002208 ldrb r2, [r6, r3] | r2 = *((r6 + r3));
0x0000220c strb r2, [r0, r3] | *((r0 + r3)) = r2;
0x00002210 add r3, r3, 1 | r3++;
0x00002214 b 0x2170 | goto label_5;
| label_16:
0x00002218 ldr r6, [r0, 8] | r6 = *((r0 + 8));
0x0000221c mov r1, 1 | r1 = 1;
0x00002220 mov r0, r4 | r0 = r4;
0x00002224 bl 0x1be0 | r0 = ensure ();
0x00002228 cmp r0, 0 |
| if (r0 == 0) {
0x0000222c beq 0x2008 | goto label_0;
| }
0x00002230 mov r3, 0x5b | r3 = 0x5b;
0x00002234 strb r3, [r0] | *(r0) = r3;
0x00002238 ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x0000223c mov r8, 0x2c | r8 = 0x2c;
0x00002240 add r3, r3, 1 | r3++;
0x00002244 str r3, [r4, 8] | *((r4 + 8)) = r3;
0x00002248 ldr r3, [r4, 0xc] | r3 = *((r4 + 0xc));
0x0000224c add r3, r3, 1 | r3++;
0x00002250 str r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
| label_6:
0x00002254 cmp r6, 0 |
| if (r6 != 0) {
0x00002258 bne 0x228c | goto label_23;
| }
0x0000225c mov r1, 2 | r1 = 2;
0x00002260 mov r0, r4 | r0 = r4;
0x00002264 bl 0x1be0 | r0 = ensure ();
0x00002268 cmp r0, 0 |
| if (r0 == 0) {
0x0000226c movne r3, 0x5d | r3 = 0x5d;
| }
| if (r0 == 0) {
0x00002270 strbne r3, [r0] | *(r0) = r3;
| }
| if (r0 != 0) {
0x00002274 strbne r6, [r0, 1] | *((r0 + 1)) = r6;
| goto label_24;
| }
| if (r0 == 0) {
| label_24:
0x00002278 beq 0x2008 | goto label_0;
| }
| label_7:
0x0000227c ldr r3, [r4, 0xc] | r3 = *((r4 + 0xc));
0x00002280 sub r3, r3, 1 | r3--;
0x00002284 str r3, [r4, 0xc] | *((r4 + 0xc)) = r3;
0x00002288 b 0x20ec | goto label_3;
| label_23:
0x0000228c mov r1, r4 | r1 = r4;
0x00002290 mov r0, r6 | r0 = r6;
0x00002294 bl 0x1fe4 | r0 = print_value ();
0x00002298 cmp r0, 0 |
| if (r0 == 0) {
0x0000229c beq 0x2008 | goto label_0;
| }
0x000022a0 mov r0, r4 | r0 = r4;
0x000022a4 bl 0x1bb0 | update_offset ();
0x000022a8 ldr r3, [r6] | r3 = *(r6);
0x000022ac cmp r3, 0 |
| if (r3 == 0) {
0x000022b0 beq 0x2300 | goto label_25;
| }
0x000022b4 ldr r3, [r4, 0x14] | r3 = *((r4 + 0x14));
0x000022b8 mov r0, r4 | r0 = r4;
0x000022bc cmp r3, 0 |
| if (r3 != 0) {
0x000022c0 moveq sb, 1 | sb = 1;
| }
| if (r3 == 0) {
0x000022c4 movne sb, 2 | sb = 2;
| }
0x000022c8 add r1, sb, 1 | r1 = sb + 1;
0x000022cc bl 0x1be0 | r0 = ensure ();
0x000022d0 cmp r0, 0 |
| if (r0 == 0) {
0x000022d4 beq 0x2008 | goto label_0;
| }
0x000022d8 strb r8, [r0] | *(r0) = r8;
0x000022dc ldr r3, [r4, 0x14] | r3 = *((r4 + 0x14));
0x000022e0 cmp r3, 0 |
| if (r3 != 0) {
0x000022e4 addeq r3, r0, 1 | r3 = r0 + 1;
| }
| if (r3 == 0) {
0x000022e8 addne r3, r0, 2 | r3 = r0 + 2;
| }
| if (r3 == 0) {
0x000022ec strbne r5, [r0, 1] | *((r0 + 1)) = r5;
| }
0x000022f0 strb r7, [r3] | *(r3) = r7;
0x000022f4 ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x000022f8 add r3, r3, sb | r3 += sb;
0x000022fc str r3, [r4, 8] | *((r4 + 8)) = r3;
| label_25:
0x00002300 ldr r6, [r6] | r6 = *(r6);
0x00002304 b 0x2254 | goto label_6;
| label_18:
0x00002308 ldr r3, [r1, 0x14] | r3 = *((r1 + 0x14));
0x0000230c ldr r5, [r0, 8] | r5 = *((r0 + 8));
0x00002310 cmp r3, 0 |
| if (r3 != 0) {
0x00002314 moveq r7, 1 | r7 = 1;
| }
| if (r3 == 0) {
0x00002318 movne r7, 2 | r7 = 2;
| }
0x0000231c add r1, r7, 1 | r1 = r7 + 1;
0x00002320 mov r0, r4 | r0 = r4;
0x00002324 bl 0x1be0 | r0 = ensure ();
0x00002328 cmp r0, 0 |
| if (r0 == 0) {
0x0000232c beq 0x2008 | goto label_0;
| }
0x00002330 mov r3, 0x7b | r3 = 0x7b;
0x00002334 strb r3, [r0] | *(r0) = r3;
0x00002338 ldr r3, [r4, 0x14] | r3 = *((r4 + 0x14));
0x0000233c ldr r2, [r4, 0xc] | r2 = *((r4 + 0xc));
0x00002340 cmp r3, 0 |
| if (r3 == 0) {
0x00002344 movne r3, 0xa | r3 = 0xa;
| }
0x00002348 add r2, r2, 1 | r2++;
0x0000234c str r2, [r4, 0xc] | *((r4 + 0xc)) = r2;
| if (r3 == 0) {
0x00002350 strbne r3, [r0, 1] | *((r0 + 1)) = r3;
| }
0x00002354 ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x00002358 mov r8, 0x3a | r8 = 0x3a;
0x0000235c add r3, r3, r7 | r3 += r7;
0x00002360 mov r7, 9 | r7 = 9;
0x00002364 str r3, [r4, 8] | *((r4 + 8)) = r3;
| label_8:
0x00002368 cmp r5, 0 |
0x0000236c ldr r3, [r4, 0x14] | r3 = *((r4 + 0x14));
| if (r5 != 0) {
0x00002370 bne 0x23b8 | goto label_26;
| }
0x00002374 cmp r3, 0 |
| if (r3 == 0) {
0x00002378 ldrne r1, [r4, 0xc] | r1 = *((r4 + 0xc));
| }
| if (r3 != 0) {
0x0000237c moveq r1, 2 | r1 = 2;
| }
| if (r3 == 0) {
0x00002380 addne r1, r1, 1 | r1++;
| }
0x00002384 mov r0, r4 | r0 = r4;
0x00002388 bl 0x1be0 | r0 = ensure ();
0x0000238c cmp r0, 0 |
| if (r0 == 0) {
0x00002390 beq 0x2008 | goto label_0;
| }
0x00002394 ldr r3, [r4, 0x14] | r3 = *((r4 + 0x14));
0x00002398 cmp r3, 0 |
0x0000239c mov r3, r0 | r3 = r0;
| if (r3 != 0) {
0x000023a0 bne 0x2500 | goto label_27;
| }
| label_10:
0x000023a4 mov r2, 0x7d | r2 = 0x7d;
0x000023a8 strb r2, [r3] | *(r3) = r2;
0x000023ac mov r2, 0 | r2 = 0;
0x000023b0 strb r2, [r3, 1] | *((r3 + 1)) = r2;
0x000023b4 b 0x227c | goto label_7;
| label_26:
0x000023b8 cmp r3, 0 |
| if (r3 == 0) {
0x000023bc beq 0x23f4 | goto label_28;
| }
0x000023c0 ldr r1, [r4, 0xc] | r1 = *((r4 + 0xc));
0x000023c4 mov r0, r4 | r0 = r4;
0x000023c8 bl 0x1be0 | r0 = ensure ();
0x000023cc cmp r0, 0 |
| if (r0 == 0) {
0x000023d0 beq 0x2008 | goto label_0;
| }
0x000023d4 mov r2, r0 | r2 = r0;
| label_9:
0x000023d8 ldr r1, [r4, 0xc] | r1 = *((r4 + 0xc));
0x000023dc sub r3, r2, r0 | r3 = r2 - r0;
0x000023e0 cmp r3, r1 |
| if (r3 <= r1) {
0x000023e4 blo 0x24dc | goto label_29;
| }
0x000023e8 ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x000023ec add r3, r3, r1 | r3 += r1;
0x000023f0 str r3, [r4, 8] | *((r4 + 8)) = r3;
| label_28:
0x000023f4 mov r1, r4 | r1 = r4;
0x000023f8 ldr r0, [r5, 0x20] | r0 = *((r5 + 0x20));
0x000023fc bl 0x1e0c | r0 = print_string_ptr ();
0x00002400 cmp r0, 0 |
| if (r0 == 0) {
0x00002404 beq 0x2008 | goto label_0;
| }
0x00002408 mov r0, r4 | r0 = r4;
0x0000240c bl 0x1bb0 | update_offset ();
0x00002410 ldr r3, [r4, 0x14] | r3 = *((r4 + 0x14));
0x00002414 mov r0, r4 | r0 = r4;
0x00002418 cmp r3, 0 |
| if (r3 != 0) {
0x0000241c moveq r6, 1 | r6 = 1;
| }
| if (r3 == 0) {
0x00002420 movne r6, 2 | r6 = 2;
| }
0x00002424 mov r1, r6 | r1 = r6;
0x00002428 bl 0x1be0 | r0 = ensure ();
0x0000242c cmp r0, 0 |
| if (r0 == 0) {
0x00002430 beq 0x2008 | goto label_0;
| }
0x00002434 strb r8, [r0] | *(r0) = r8;
0x00002438 ldr r3, [r4, 0x14] | r3 = *((r4 + 0x14));
0x0000243c cmp r3, 0 |
| if (r3 == 0) {
0x00002440 strbne r7, [r0, 1] | *((r0 + 1)) = r7;
| }
0x00002444 ldr r1, [r4, 8] | r1 = *((r4 + 8));
0x00002448 mov r0, r5 | r0 = r5;
0x0000244c add r1, r1, r6 | r1 += r6;
0x00002450 str r1, [r4, 8] | *((r4 + 8)) = r1;
0x00002454 mov r1, r4 | r1 = r4;
0x00002458 bl 0x1fe4 | r0 = print_value ();
0x0000245c cmp r0, 0 |
| if (r0 == 0) {
0x00002460 beq 0x2008 | goto label_0;
| }
0x00002464 mov r0, r4 | r0 = r4;
0x00002468 bl 0x1bb0 | update_offset ();
0x0000246c ldr r6, [r5] | r6 = *(r5);
0x00002470 ldr r3, [r4, 0x14] | r3 = *((r4 + 0x14));
0x00002474 adds r6, r6, 0 | r6 += 0;
| if (r6 == r6) {
0x00002478 movne r6, 1 | r6 = 1;
| }
0x0000247c cmp r3, 0 |
| if (r3 == 0) {
0x00002480 addne r6, r6, 1 | r6++;
| }
0x00002484 add r1, r6, 1 | r1 = r6 + 1;
0x00002488 mov r0, r4 | r0 = r4;
0x0000248c bl 0x1be0 | r0 = ensure ();
0x00002490 cmp r0, 0 |
| if (r0 == 0) {
0x00002494 beq 0x2008 | goto label_0;
| }
0x00002498 ldr r3, [r5] | r3 = *(r5);
0x0000249c cmp r3, 0 |
| if (r3 == 0) {
0x000024a0 movne r3, 0x2c | r3 = 0x2c;
| }
| if (r3 == 0) {
0x000024a4 strbne r3, [r0] | *(r0) = r3;
| }
0x000024a8 ldr r3, [r4, 0x14] | r3 = *((r4 + 0x14));
| if (r3 == 0) {
0x000024ac addne r0, r0, 1 | r0++;
| }
0x000024b0 cmp r3, 0 |
| if (r3 == 0) {
0x000024b4 movne r3, 0xa | r3 = 0xa;
| }
| if (r3 == 0) {
0x000024b8 strbne r3, [r0] | *(r0) = r3;
| }
0x000024bc mov r3, 0 | r3 = 0;
| if (r3 == 0) {
0x000024c0 addne r0, r0, 1 | r0++;
| }
0x000024c4 strb r3, [r0] | *(r0) = r3;
0x000024c8 ldr r3, [r4, 8] | r3 = *((r4 + 8));
0x000024cc ldr r5, [r5] | r5 = *(r5);
0x000024d0 add r6, r3, r6 | r6 = r3 + r6;
0x000024d4 str r6, [r4, 8] | *((r4 + 8)) = r6;
0x000024d8 b 0x2368 | goto label_8;
| label_29:
0x000024dc strb r7, [r2], 1 | *(r2) = r7;
| r2++;
0x000024e0 b 0x23d8 | goto label_9;
| do {
0x000024e4 strb ip, [r3], 1 | *(r3) = ip;
| r3++;
| label_11:
0x000024e8 ldr r2, [r4, 0xc] | r2 = *((r4 + 0xc));
0x000024ec sub r1, r3, r0 | r1 = r3 - r0;
0x000024f0 sub r2, r2, 1 | r2--;
0x000024f4 cmp r1, r2 |
0x000024f8 blo 0x24e4 |
| } while (r1 <= r2);
0x000024fc b 0x23a4 | goto label_10;
| label_27:
0x00002500 mov ip, 9 |
0x00002504 b 0x24e8 | goto label_11;
| }
[*] Function strcpy used 3 times libcjson.so.1.7.7
