[*] Binary protection state of libffi.so.7.1.0
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of libffi.so.7.1.0
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libffi.so.7.1.0 @ 0x1ef8 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00001ef8 () | void fcn_00001ef8 (int32_t arg1) {
| int32_t var_30h;
| int32_t var_2ch;
| int32_t var_28h;
| int32_t var_0h;
| void * s;
| int32_t var_20h_2;
| int32_t var_20h;
| r0 = arg1;
0x00001ef8 ldr r3, [pc, 0x2b4] |
0x00001efc push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00001f00 add r3, pc, r3 | r3 = pc + r3;
0x00001f04 add fp, sp, 0x20 |
0x00001f08 sub sp, sp, 0x24 |
0x00001f0c ldr r3, [r3] | r3 = *(0x21b0);
0x00001f10 mov r6, r0 | r6 = r0;
0x00001f14 cmn r3, 1 |
| if (r3 != 1) {
0x00001f18 bne 0x1fc8 | goto label_5;
| }
0x00001f1c ldr r3, [pc, 0x294] | r3 = *(0x21b4);
0x00001f20 mov r2, 0 | r2 = 0;
0x00001f24 add r3, pc, r3 | r3 = pc + r3;
0x00001f28 str r2, [r3] | *(r3) = r2;
| label_0:
0x00001f2c ldr r8, [pc, 0x288] | r8 = *(0x21b8);
0x00001f30 ldr r7, [pc, 0x288] | r7 = *(0x21bc);
0x00001f34 add r8, pc, r8 | r8 = pc + r8;
0x00001f38 add r7, pc, r7 | r7 = pc + r7;
0x00001f3c mov r5, 0xc | r5 = 0xc;
| do {
0x00001f40 ldr r3, [r8] | r3 = *(r8);
0x00001f44 mul r1, r5, r3 | r1 = r5 * r3;
0x00001f48 add r2, r7, r1 | r2 = r7 + r1;
0x00001f4c ldr r3, [r7, r1] | r3 = *((r7 + r1));
0x00001f50 ldr r0, [r2, 4] | r0 = *((r2 + 4));
0x00001f54 blx r3 | uint32_t (*r3)(uint32_t, uint32_t, uint32_t, uint32_t) (r0, r1, r2, r3);
0x00001f58 ldr r2, [r8] | r2 = *(r8);
0x00001f5c mla r3, r5, r2, r7 | __asm ("mla r3, r5, r2, r7");
0x00001f60 ldr r3, [r3, 8] | r3 = *((r3 + 8));
0x00001f64 cmn r0, 1 |
| if (r0 == 1) {
0x00001f68 movne r4, 0 | r4 = 0;
| }
| if (r0 != 1) {
0x00001f6c moveq r4, 1 | r4 = 1;
| }
0x00001f70 cmp r3, 0 |
| if (r3 == 0) {
0x00001f74 movne r3, r4 | r3 = r4;
| }
| if (r3 != 0) {
0x00001f78 moveq r3, 1 | r3 = 1;
| }
0x00001f7c cmp r3, 0 |
0x00001f80 mov sb, r0 | sb = r0;
| if (r3 == 0) {
0x00001f84 beq 0x1fa4 | goto label_6;
| }
0x00001f88 bl 0x1d78 | r0 = fcn_00001d78 (r0);
0x00001f8c cmp r0, 0 |
| if (r0 != 0) {
0x00001f90 moveq r0, r4 | r0 = r4;
| }
| if (r0 == 0) {
0x00001f94 movne r0, 0 | r0 = 0;
| }
0x00001f98 cmp r0, 0 |
0x00001f9c bne 0x1f40 |
| } while (r0 != 0);
0x00001fa0 mov r3, r4 | r3 = r4;
| label_6:
0x00001fa4 ldr r2, [pc, 0x218] | r2 = *(0x21c0);
0x00001fa8 cmp r3, 0 |
0x00001fac add r2, pc, r2 | r2 = pc + r2;
0x00001fb0 str sb, [r2] | *(r2) = sb;
0x00001fb4 beq 0x1fc8 |
| while (r0 != 0) {
| label_3:
0x00001fb8 mvn r4, 0 | r4 = ~0;
| label_4:
0x00001fbc mov r0, r4 | r0 = r4;
0x00001fc0 sub sp, fp, 0x20 |
0x00001fc4 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_5:
0x00001fc8 ldr r4, [pc, 0x1f8] | r4 = *(0x21c4);
0x00001fcc mov r8, r6 | r8 = r6;
0x00001fd0 add r4, pc, r4 | r4 = pc + r4;
0x00001fd4 ldr r3, [r4, 0x214] | r3 = *(0x23d8);
0x00001fd8 mov sb, 0 | sb = 0;
0x00001fdc str r3, [fp, -0x28] | var_28h = r3;
0x00001fe0 ldr r3, [pc, 0x1e4] |
0x00001fe4 str sp, [fp, -0x30] | var_30h = sp;
0x00001fe8 add r3, pc, r3 | r3 = pc + r3;
0x00001fec ldr r3, [r3] | r3 = *(0x21c8);
0x00001ff0 str r3, [fp, -0x2c] | var_2ch = r3;
0x00001ff4 ldr r3, [r4, 0x218] | r3 = *(0x23dc);
0x00001ff8 cmp r3, 0 |
| if (r3 == 0) {
0x00001ffc bne 0x200c |
0x00002000 mov r0, 0x1e | r0 = 0x1e;
0x00002004 bl 0x139c | sysconf ();
0x00002008 str r0, [r4, 0x218] | *((r4 + 0x218)) = r0;
| }
0x0000200c ldr r3, [pc, 0x1bc] | r3 = *(0x21cc);
0x00002010 mov r1, 0 | r1 = 0;
0x00002014 add r3, pc, r3 | r3 = pc + r3;
0x00002018 ldr r2, [r3, 0x218] | r2 = *(0x23e4);
0x0000201c mov sl, 0 | sl = 0;
0x00002020 add r3, r2, 7 | r3 = r2 + 7;
0x00002024 bic r3, r3, 7 | r3 = BIT_MASK (r3, 7);
0x00002028 sub sp, sp, r3 |
0x0000202c add r7, sp, 0x10 | r7 += s;
0x00002030 mov r0, r7 | r0 = r7;
0x00002034 bl 0x1294 | memset (r0, r1, r2);
0x00002038 ldr r3, [pc, 0x194] | r3 = *(0x21d0);
0x0000203c add r3, pc, r3 | r3 = pc + r3;
| label_1:
0x00002040 cmp r8, 1 |
0x00002044 sbcs r2, sb, 0 | __asm ("sbcs r2, sb, 0");
| if (r8 >= 1) {
0x00002048 bge 0x20a4 | goto label_7;
| }
0x0000204c mov r0, 0 | r0 = 0;
| label_2:
0x00002050 cmp r0, 0 |
0x00002054 ldr sp, [fp, -0x30] | sp = var_30h;
0x00002058 bne 0x1fb8 |
| }
0x0000205c ldr r3, [pc, 0x174] | r3 = *(0x21d4);
0x00002060 ldr r8, [fp, -0x28] | r8 = var_28h;
0x00002064 ldr r4, [pc, r3] | r4 = *(0x0000206c);
0x00002068 mov sb, 0 | sb = 0;
0x0000206c strd r8, sb, [sp, 8] | __asm ("strd r8, sb, [sp, 8]");
0x00002070 str r4, [sp] | *(sp) = r4;
0x00002074 mov r3, 1 | r3 = 1;
0x00002078 mov r2, 5 | r2 = 5;
0x0000207c mov r1, r6 | r1 = r6;
0x00002080 bl 0x1420 | r0 = mmap64 ()
0x00002084 cmn r0, 1 |
0x00002088 mov r5, r0 | r5 = r0;
| if (r0 == 1) {
0x0000208c bne 0x210c |
0x00002090 orrs r3, r8, sb | r3 = r8 | sb;
| if (r3 == r8) {
0x00002094 bne 0x20f8 |
0x00002098 mov r0, r4 | r0 = r4;
0x0000209c bl 0x1390 | close (r0);
0x000020a0 b 0x1f2c | goto label_0;
| label_7:
0x000020a4 ldr r4, [r3, 0x218] | r4 = *((r3 + 0x218));
0x000020a8 mov r1, r7 | r1 = r7;
0x000020ac cmp r8, r4 |
0x000020b0 sbcs r2, sb, sl | __asm ("sbcs r2, sb, sl");
| if (r8 >= r4) {
0x000020b4 movlt r4, r8 | r4 = r8;
| }
0x000020b8 mov r2, r4 | r2 = r4;
0x000020bc ldr r0, [fp, -0x2c] | r0 = var_2ch;
0x000020c0 mov r5, sl | r5 = sl;
0x000020c4 str r3, [fp, -0x34] | s = r3;
| if (r8 >= r4) {
0x000020c8 movlt r5, sb | r5 = sb;
| }
0x000020cc bl 0x1270 | r0 = write (r0, r1, r2);
0x000020d0 asr r1, r0, 0x1f | r1 = r0 >> 0x1f;
0x000020d4 cmp r0, r4 |
0x000020d8 sbcs r3, r1, r5 | __asm ("sbcs r3, r1, r5");
| if (r0 >= r4) {
0x000020dc blt 0x20f0 |
0x000020e0 subs r8, r8, r4 | r8 -= r4;
0x000020e4 sbc sb, sb, r5 | __asm ("sbc sb, sb, r5");
0x000020e8 ldr r3, [fp, -0x34] | r3 = s;
0x000020ec b 0x2040 | goto label_1;
| }
0x000020f0 mvn r0, 0 | r0 = ~0;
0x000020f4 b 0x2050 | goto label_2;
| }
0x000020f8 mov r2, r8 | r2 = r8;
0x000020fc mov r3, sb | r3 = sb;
0x00002100 mov r0, r4 | r0 = r4;
0x00002104 bl 0x1300 | ftruncate64 ();
0x00002108 b 0x1fb8 | goto label_3;
| }
0x0000210c orrs r3, r8, sb | r3 = r8 | sb;
| if (r3 == r8) {
0x00002110 bne 0x2140 |
0x00002114 ldr r3, [pc, 0xc0] | r3 = *(0x21d8);
0x00002118 mov r1, 0xc | r1 = 0xc;
0x0000211c ldr r2, [pc, r3] | r2 = *(0x00002124);
0x00002120 ldr r3, [pc, 0xb8] |
0x00002124 add r3, pc, r3 | r3 = pc + r3;
0x00002128 mov r0, r3 | r0 = r3;
0x0000212c mla r3, r1, r2, r0 | __asm ("mla r3, r1, r2, r0");
0x00002130 ldr r3, [r3, 8] | r3 = *(0x21e4);
0x00002134 cmp r3, 0 |
| if (r3 == 0) {
0x00002138 beq 0x2140 | goto label_8;
| }
0x0000213c bl 0x1d78 | fcn_00001d78 (r0);
| }
| label_8:
0x00002140 ldr r3, [pc, 0x9c] | r3 = *(0x21e0);
0x00002144 mov r2, 3 | r2 = 3;
0x00002148 ldr r7, [pc, r3] | r7 = *(0x00002150);
0x0000214c mov r1, r6 | r1 = r6;
0x00002150 strd r8, sb, [sp, 8] | __asm ("strd r8, sb, [sp, 8]");
0x00002154 str r7, [sp] | *(sp) = r7;
0x00002158 mov r3, 1 | r3 = 1;
0x0000215c mov r0, 0 | r0 = 0;
0x00002160 bl 0x1420 | r0 = mmap64 ()
0x00002164 cmn r0, 1 |
0x00002168 mov r4, r0 | r4 = r0;
| if (r0 == 1) {
0x0000216c bne 0x2190 |
0x00002170 mov r1, r6 | r1 = r6;
0x00002174 mov r0, r5 | r0 = r5;
0x00002178 bl 0x1318 | munmap (r0, r1);
0x0000217c mov r2, r8 | r2 = r8;
0x00002180 mov r3, sb | r3 = sb;
0x00002184 mov r0, r7 | r0 = r7;
0x00002188 bl 0x1300 | ftruncate64 ();
0x0000218c b 0x1fbc | goto label_4;
| }
0x00002190 ldr r2, [pc, 0x50] | r2 = *(0x21e4);
0x00002194 add r3, r0, r6 | r3 = r0 + r6;
0x00002198 add r2, pc, r2 | r2 = pc + r2;
0x0000219c sub r5, r5, r0 | r5 -= r0;
0x000021a0 str r5, [r3, -4] | *((r3 - 4)) = r5;
0x000021a4 ldr r3, [r2, 0x214] | r3 = *(0x23f8);
0x000021a8 add r6, r3, r6 | r6 = r3 + r6;
0x000021ac str r6, [r2, 0x214] | *((r2 + 0x214)) = r6;
0x000021b0 b 0x1fbc | goto label_4;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libffi.so.7.1.0 @ 0x21ec */
| #include <stdint.h>
|
; (fcn) fcn.000021ec () | void fcn_000021ec (int32_t arg1) {
| int32_t var_0h;
| int32_t var_8h;
| int32_t var_8h_2;
| char * ptr;
| int32_t var_14h;
| int32_t var_18h;
| int32_t var_74h;
| r0 = arg1;
0x000021ec ldr r3, [pc, 0x1ec] | r3 = *(0x23dc);
0x000021f0 push {r4, r5, r6, r7, r8, sb, lr} |
0x000021f4 add r3, pc, r3 | r3 = pc + r3;
0x000021f8 ldr r2, [r3] | r2 = *(0x23dc);
0x000021fc sub sp, sp, 0x74 |
0x00002200 cmn r2, 1 |
0x00002204 mov r6, r0 | r6 = r0;
0x00002208 beq 0x224c |
| while (r0 == 0) {
| label_0:
0x0000220c ldr r3, [pc, 0x1d0] |
0x00002210 add r3, pc, r3 | r3 = pc + r3;
0x00002214 ldr r3, [r3, 0x214] | r3 = *(0x25f4);
0x00002218 cmp r3, 0 |
| if (r3 != 0) {
0x0000221c bne 0x23bc | goto label_7;
| }
| label_5:
0x00002220 ldr r5, [pc, 0x1c0] |
0x00002224 add r5, pc, r5 | r5 = pc + r5;
0x00002228 add r5, r5, 0x21c | r5 = 0x2600;
0x0000222c mov r0, r5 | r0 = r5;
0x00002230 bl 0x13f0 | pthread_mutex_lock ();
0x00002234 mov r0, r6 | r0 = r6;
0x00002238 bl 0x1ef8 | r0 = fcn_00001ef8 (r0);
0x0000223c mov r4, r0 | r4 = r0;
0x00002240 mov r0, r5 | r0 = r5;
0x00002244 bl 0x13cc | pthread_mutex_unlock ();
0x00002248 b 0x22b0 | goto label_6;
0x0000224c ldr r3, [r3, 4] | r3 = *((r3 + 4));
0x00002250 cmp r3, 0 |
| if (r3 < 0) {
0x00002254 blt 0x22bc | goto label_8;
| }
| if (r3 != 0) {
0x00002258 moveq r0, 1 | r0 = 1;
| }
| if (r3 == 0) {
0x0000225c movne r0, 0 | r0 = 0;
| }
| label_1:
0x00002260 cmp r0, 0 |
0x00002264 beq 0x220c |
| }
0x00002268 mov r2, 0 | r2 = 0;
0x0000226c mov r3, 0 | r3 = 0;
0x00002270 strd r2, r3, [sp, 8] | __asm ("strd r2, r3, [var_8h]");
0x00002274 mvn r3, 0 | r3 = ~0;
0x00002278 str r3, [sp] | *(sp) = r3;
0x0000227c mov r2, 7 | r2 = 7;
0x00002280 mov r3, 0x22 | r3 = 0x22;
0x00002284 mov r1, r6 | r1 = r6;
0x00002288 mov r0, 0 | r0 = 0;
0x0000228c bl 0x1420 | r0 = mmap64 ()
0x00002290 cmn r0, 1 |
0x00002294 mov r4, r0 | r4 = r0;
| if (r0 != 1) {
0x00002298 bne 0x22b0 | goto label_6;
| }
0x0000229c bl 0x13b4 | r0 = errno_location ();
0x000022a0 ldr r3, [r0] | r3 = *(r0);
0x000022a4 cmp r3, 1 |
0x000022a8 cmpne r3, 0xd | __asm ("cmpne r3, 0xd");
| if (r3 == 1) {
0x000022ac beq 0x220c | goto label_0;
| }
| label_6:
0x000022b0 mov r0, r4 | r0 = r4;
0x000022b4 add sp, sp, 0x74 |
0x000022b8 pop {r4, r5, r6, r7, r8, sb, pc} |
| label_8:
0x000022bc ldr r0, [pc, 0x128] | r0 = *(0x23e8);
0x000022c0 mov r3, 0 | r3 = 0;
0x000022c4 add r1, sp, 0x18 | r1 += var_18h;
0x000022c8 add r0, pc, r0 | r0 = pc + r0;
0x000022cc str r3, [sp, 0x10] | ptr = r3;
0x000022d0 str r3, [sp, 0x14] | var_14h = r3;
0x000022d4 bl 0x12b8 | r0 = statfs64 ();
0x000022d8 cmp r0, 0 |
| if (r0 >= 0) {
0x000022dc blt 0x22f0 |
0x000022e0 ldr r3, [pc, 0x108] | r3 = *(0x23ec);
0x000022e4 ldr r2, [sp, 0x18] | r2 = var_18h;
0x000022e8 cmp r2, r3 |
| if (r2 == r3) {
0x000022ec beq 0x23b4 | goto label_9;
| }
| }
0x000022f0 ldr r1, [pc, 0xfc] | r1 = *(0x23f0);
0x000022f4 ldr r0, [pc, 0xfc] | r0 = *(0x23f4);
0x000022f8 add r1, pc, r1 | r1 = pc + r1;
0x000022fc add r0, pc, r0 | r0 = pc + r0;
0x00002300 bl 0x1348 | r0 = fopen64 ();
0x00002304 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 != r0) {
0x00002308 moveq r0, r4 | r0 = r4;
| }
| if (r4 == r0) {
0x0000230c beq 0x234c | goto label_4;
| }
0x00002310 ldr sb, [pc, 0xe4] | sb = *(0x23f8);
0x00002314 add r8, sp, 0x14 | r8 += var_14h;
0x00002318 add r7, sp, 0x10 | r7 += ptr;
0x0000231c add sb, pc, sb | sb = pc + sb;
| label_3:
0x00002320 mov r2, r4 | r2 = r4;
0x00002324 mov r1, r8 | r1 = r8;
0x00002328 mov r0, r7 | r0 = r7;
0x0000232c bl 0x145c | r0 = getline ();
0x00002330 cmp r0, 0 |
0x00002334 bge 0x2360 |
| while (r0 == 0) {
| label_2:
0x00002338 ldr r0, [sp, 0x10] | r0 = ptr;
0x0000233c bl 0x13fc | free (r0);
0x00002340 mov r0, r4 | r0 = r4;
0x00002344 bl 0x12e8 | fclose (r0);
0x00002348 mov r0, 0 | r0 = 0;
| label_4:
0x0000234c ldr r3, [pc, 0xac] | r3 = *(0x23fc);
0x00002350 add r3, pc, r3 | r3 = pc + r3;
0x00002354 str r0, [r3, 4] | *((r3 + 4)) = r0;
0x00002358 eor r0, r0, 1 | r0 ^= 1;
0x0000235c b 0x2260 | goto label_1;
0x00002360 ldr r5, [sp, 0x10] | r5 = ptr;
0x00002364 mov r1, 0x20 | r1 = 0x20;
0x00002368 mov r0, r5 | r0 = r5;
0x0000236c bl 0x1324 | r0 = strchr (r0, r1);
0x00002370 cmp r0, 0 |
0x00002374 beq 0x2338 |
| }
0x00002378 mov r1, 0x20 | r1 = 0x20;
0x0000237c add r0, r0, 1 | r0++;
0x00002380 bl 0x1324 | r0 = strchr (r0, r1);
0x00002384 cmp r0, 0 |
| if (r0 == 0) {
0x00002388 beq 0x2338 | goto label_2;
| }
0x0000238c mov r2, 0xa | r2 = 0xa;
0x00002390 mov r1, sb | r1 = sb;
0x00002394 add r0, r0, 1 | r0++;
0x00002398 bl 0x12d0 | r0 = strncmp (r0, r1, r2);
0x0000239c cmp r0, 0 |
| if (r0 != 0) {
0x000023a0 bne 0x2320 | goto label_3;
| }
0x000023a4 mov r0, r5 | r0 = r5;
0x000023a8 bl 0x13fc | free (r0);
0x000023ac mov r0, r4 | r0 = r4;
0x000023b0 bl 0x12e8 | fclose (r0);
| label_9:
0x000023b4 mov r0, 1 | r0 = 1;
0x000023b8 b 0x234c | goto label_4;
| label_7:
0x000023bc ldr r3, [pc, 0x40] |
0x000023c0 add r3, pc, r3 | r3 = pc + r3;
0x000023c4 ldr r3, [r3] | r3 = *(0x2400);
0x000023c8 cmn r3, 1 |
| if (r3 == 1) {
0x000023cc beq 0x2220 | goto label_5;
| }
0x000023d0 mov r0, r6 | r0 = r6;
0x000023d4 bl 0x1ef8 | r0 = fcn_00001ef8 (r0);
0x000023d8 mov r4, r0 | r4 = r0;
0x000023dc b 0x22b0 | goto label_6;
| }
[*] Function mmap used 4 times libffi.so.7.1.0
