[*] Binary protection state of libssl.so.1.1
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of libssl.so.1.1
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libssl.so.1.1 @ 0x44210 */
| #include <stdint.h>
|
; (fcn) fcn.00044210 () | void fcn_00044210 (int32_t arg1, void * s) {
| int32_t var_0h;
| int32_t var_4h;
| int32_t var_ch;
| int32_t var_14h;
| r0 = arg1;
| r1 = s;
0x00044210 push {r4, r5, r6, r7, lr} |
0x00044214 mov r6, r3 | r6 = r3;
0x00044218 ldr r3, [r0, 4] | r3 = *((r0 + 4));
0x0004421c mov r7, r2 | r7 = r2;
0x00044220 ldr r2, [r3, 0x64] | r2 = *((r3 + 0x64));
0x00044224 sub sp, sp, 0x14 |
0x00044228 ldr r2, [r2, 0x30] | r2 = *((r2 + 0x30));
0x0004422c mov r4, r0 | r4 = r0;
0x00044230 tst r2, 8 |
| if ((r2 & 8) != 0) {
0x00044234 bne 0x442fc | goto label_3;
| }
0x00044238 ldr r3, [r3] | r3 = *(r3);
0x0004423c subs r2, r3, 0x10000 | r2 = r3 - 0x10000;
| if (r2 == r3) {
0x00044240 movne r2, 1 | r2 = 1;
| }
0x00044244 cmp r3, 0x304 |
| if (r3 >= 0x304) {
0x00044248 movlt r2, 0 | r2 = 0;
| }
0x0004424c cmp r2, 0 |
| if (r2 == 0) {
0x00044250 beq 0x442fc | goto label_3;
| }
0x00044254 mov r5, r1 | r5 = r1;
0x00044258 mov r2, 0x40 | r2 = 0x40;
0x0004425c mov r1, 0x20 | r1 = 0x20;
0x00044260 mov r0, r5 | r0 = r5;
0x00044264 bl 0x118cc | memset (r0, r1, r2);
0x00044268 ldr r3, [r4, 0x40] | r3 = *((r4 + 0x40));
0x0004426c add r0, r5, 0x40 | r0 = r5 + 0x40;
0x00044270 sub r3, r3, 0x27 | r3 -= 0x27;
0x00044274 cmp r3, 1 |
| if (r3 > 1) {
0x00044278 bhi 0x442cc | goto label_4;
| }
0x0004427c ldr r1, [pc, 0xcc] | r1 = *(0x4434c);
0x00044280 add r1, pc, r1 | r1 = pc + r1;
| do {
0x00044284 bl 0x11fd4 | strcpy (r0, r1)
0x00044288 ldr r3, [r4, 0x40] | r3 = *((r4 + 0x40));
0x0004428c add r0, r5, 0x62 | r0 = r5 + 0x62;
0x00044290 cmp r3, 0x1d |
0x00044294 cmpne r3, 0x27 | __asm ("cmpne r3, 0x27");
| if (r3 != 0x1d) {
0x00044298 bne 0x442d8 | goto label_5;
| }
0x0004429c add r1, r4, 0x400 | r1 = r4 + 0x400;
0x000442a0 ldr r2, [r4, 0x444] | r2 = *((r4 + 0x444));
0x000442a4 add r1, r1, 4 | r1 += 4;
0x000442a8 bl 0x10dec | memcpy (r0, r1, r2);
0x000442ac ldr r3, [r4, 0x444] | r3 = *((r4 + 0x444));
0x000442b0 str r3, [sp, 0xc] | var_ch = r3;
| label_0:
0x000442b4 ldr r3, [sp, 0xc] | r3 = var_ch;
0x000442b8 str r5, [r7] | *(r7) = r5;
0x000442bc add r3, r3, 0x62 | r3 += 0x62;
0x000442c0 str r3, [r6] | *(r6) = r3;
| label_1:
0x000442c4 mov r0, 1 | r0 = 1;
0x000442c8 b 0x442f4 | goto label_2;
| label_4:
0x000442cc ldr r1, [pc, 0x80] | r1 = *(0x44350);
0x000442d0 add r1, pc, r1 | r1 = pc + r1;
0x000442d4 b 0x44284 |
| } while (1);
| label_5:
0x000442d8 mov r1, r0 | r1 = r0;
0x000442dc add r3, sp, 0xc | r3 += var_ch;
0x000442e0 mov r2, 0x40 | r2 = 0x40;
0x000442e4 mov r0, r4 | r0 = r4;
0x000442e8 bl 0x2ae6c | r0 = fcn_0002ae6c (r0, r1);
0x000442ec cmp r0, 0 |
| if (r0 != 0) {
0x000442f0 bne 0x442b4 | goto label_0;
| }
| label_2:
0x000442f4 add sp, sp, 0x14 |
0x000442f8 pop {r4, r5, r6, r7, pc} |
| label_3:
0x000442fc ldr r0, [r4, 0x7c] | r0 = *((r4 + 0x7c));
0x00044300 mov r3, r7 | r3 = r7;
0x00044304 mov r2, 0 | r2 = 0;
0x00044308 mov r1, 3 | r1 = 3;
0x0004430c ldr r0, [r0, 0xd4] | r0 = *((r0 + 0xd4));
0x00044310 bl 0x11dc4 | r0 = BIO_ctrl ();
0x00044314 cmp r0, 0 |
| if (r0 > 0) {
0x00044318 strgt r0, [r6] | *(r6) = r0;
| goto label_6;
| }
| if (r0 > 0) {
| label_6:
0x0004431c bgt 0x442c4 | goto label_1;
| }
0x00044320 mov r3, 0xd3 | r3 = 0xd3;
0x00044324 str r3, [sp, 4] | var_4h = r3;
0x00044328 ldr r3, [pc, 0x28] | r3 = "_";
0x0004432c mov r0, r4 | r0 = r4;
0x00044330 add r3, pc, r3 | r3 = pc + r3;
0x00044334 str r3, [sp] | *(sp) = r3;
0x00044338 mov r2, 0x24c | r2 = 0x24c;
0x0004433c mov r3, 0x44 | r3 = 0x44;
0x00044340 mov r1, 0x50 | r1 = 0x50;
0x00044344 bl 0x3bd84 | fcn_0003bd84 (r0, r1, r2, r3);
0x00044348 mov r0, 0 | r0 = 0;
0x0004434c b 0x442f4 | goto label_2;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libssl.so.1.1 @ 0x28aa8 */
| #include <stdint.h>
|
; (fcn) sym.SSL_get_shared_ciphers () | void SSL_get_shared_ciphers (int32_t arg1, int32_t arg2) {
| int32_t var_4h;
| int32_t var_ch;
| r0 = arg1;
| r1 = arg2;
0x00028aa8 push {r0, r1, r2, r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00028aac mov r8, r2 | r8 = r2;
0x00028ab0 ldr r2, [r0, 0x1c] | r2 = *((r0 + 0x1c));
0x00028ab4 cmp r2, 0 |
0x00028ab8 bne 0x28acc |
| while (r3 == 0) {
| label_0:
0x00028abc mov r6, 0 | r6 = 0;
| label_1:
0x00028ac0 mov r0, r6 | r0 = r6;
0x00028ac4 add sp, sp, 0xc |
0x00028ac8 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
0x00028acc ldr r3, [r0, 0x470] | r3 = *((r0 + 0x470));
0x00028ad0 cmp r3, 0 |
0x00028ad4 beq 0x28abc |
| }
0x00028ad8 ldr r7, [r3, 0x1c4] | r7 = *((r3 + 0x1c4));
0x00028adc cmp r7, 0 |
0x00028ae0 cmpne r8, 1 | __asm ("cmpne r8, 1");
| if (r7 > 0) {
0x00028ae4 movle r5, 1 | r5 = 1;
| }
| if (r7 > 0) {
0x00028ae8 movgt r5, 0 | r5 = 0;
| goto label_3;
| }
| if (r7 <= 0) {
| label_3:
0x00028aec ble 0x28abc | goto label_0;
| }
0x00028af0 mov r6, r1 | r6 = r1;
0x00028af4 bl 0x28828 | r0 = SSL_get_ciphers ();
0x00028af8 subs sl, r0, 0 | sl = r0 - 0;
| if (sl == r0) {
0x00028afc beq 0x28abc | goto label_0;
| }
0x00028b00 mov r0, r7 | r0 = r7;
0x00028b04 bl 0x11e30 | r0 = OPENSSL_sk_num ();
0x00028b08 cmp r0, 0 |
| if (r0 == 0) {
0x00028b0c beq 0x28abc | goto label_0;
| }
0x00028b10 mov r0, sl | r0 = sl;
0x00028b14 bl 0x11e30 | r0 = OPENSSL_sk_num ();
0x00028b18 cmp r0, 0 |
| if (r0 == 0) {
0x00028b1c movne r4, r6 | r4 = r6;
| }
| if (r0 != 0) {
0x00028b20 movne fp, 0x3a | goto label_4;
| }
| if (r0 == 0) {
| label_4:
0x00028b24 beq 0x28abc | goto label_0;
| }
| label_2:
0x00028b28 mov r0, r7 | r0 = r7;
0x00028b2c bl 0x11e30 | r0 = OPENSSL_sk_num ();
0x00028b30 cmp r5, r0 |
| if (r5 < r0) {
0x00028b34 movge r3, 0 | r3 = 0;
| }
| if (r5 >= r0) {
0x00028b38 strbge r3, [r4, -1] | *((r4 - 1)) = r3;
| goto label_5;
| }
| if (r5 >= r0) {
| label_5:
0x00028b3c bge 0x28ac0 | goto label_1;
| }
0x00028b40 mov r1, r5 | r1 = r5;
0x00028b44 mov r0, r7 | r0 = r7;
0x00028b48 bl 0x10bd0 | r0 = OPENSSL_sk_value ();
0x00028b4c mov r1, r0 | r1 = r0;
0x00028b50 mov sb, r0 | sb = r0;
0x00028b54 mov r0, sl | r0 = sl;
0x00028b58 bl 0x11410 | r0 = OPENSSL_sk_find ();
0x00028b5c cmp r0, 0 |
| if (r0 >= 0) {
0x00028b60 blt 0x28bb8 |
0x00028b64 ldr r1, [sb, 4] | r1 = *((sb + 4));
0x00028b68 mov r0, r1 | r0 = r1;
0x00028b6c str r1, [sp, 4] | var_4h = r1;
0x00028b70 bl 0x111a0 | strlen (r0);
0x00028b74 ldr r1, [sp, 4] | r1 = var_4h;
0x00028b78 cmp r8, r0 |
0x00028b7c mov sb, r0 | sb = r0;
| if (r8 <= r0) {
0x00028b80 bgt 0x28b9c |
0x00028b84 cmp r4, r6 |
| if (r4 == r6) {
0x00028b88 subne r4, r4, 1 | r4--;
| }
| if (r4 != r6) {
0x00028b8c moveq r4, r6 | r4 = r6;
| }
0x00028b90 mov r3, 0 | r3 = 0;
0x00028b94 strb r3, [r4] | *(r4) = r3;
0x00028b98 b 0x28ac0 | goto label_1;
| }
0x00028b9c mov r0, r4 | r0 = r4;
0x00028ba0 bl 0x11fd4 | strcpy (r0, r1)
0x00028ba4 add r3, r4, sb | r3 = r4 + sb;
0x00028ba8 add sb, sb, 1 | sb++;
0x00028bac add r4, r3, 1 | r4 = r3 + 1;
0x00028bb0 sub r8, r8, sb | r8 -= sb;
0x00028bb4 strb fp, [r3] | *(r3) = fp;
| }
0x00028bb8 add r5, r5, 1 | r5++;
0x00028bbc b 0x28b28 | goto label_2;
| }
[*] Function strcpy used 3 times libssl.so.1.1
