[*] Binary protection state of libxt_rateest.so
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function printf tear down of libxt_rateest.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libxt_rateest.so @ 0x850 */
| #include <stdint.h>
|
; (fcn) fcn.00000850 () | void fcn_00000850 (int32_t arg1, uint32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00000850 cmp r1, 0 |
| if (r1 != 0) {
0x00000854 beq 0x868 |
0x00000858 mov r1, r0 | r1 = r0;
0x0000085c ldr r0, [pc, 0xa8] | r0 = *(0x908);
0x00000860 add r0, pc, r0 | r0 = pc + r0;
0x00000864 b 0x62c | void (*0x62c)() ();
| }
0x00000868 push {r4, r5, r6, lr} |
0x0000086c bl 0x16d4 | fcn_000016d4 (r0);
0x00000870 ldr r3, [pc, 0x98] | r3 = *(0x90c);
0x00000874 mov r2, 0 | r2 = 0;
0x00000878 bl 0x17dc | fcn_000017dc (r0);
0x0000087c mov r2, 0 | r2 = 0;
0x00000880 ldr r3, [pc, 0x8c] | r3 = *(0x910);
0x00000884 mov r4, r0 | r4 = r0;
0x00000888 mov r5, r1 | r5 = r1;
0x0000088c bl 0x1d50 | fcn_00001d50 ();
0x00000890 mov r2, 0 | r2 = 0;
0x00000894 ldr r3, [pc, 0x7c] | r3 = *(0x914);
0x00000898 mov r1, r5 | r1 = r5;
0x0000089c cmp r0, 0 |
0x000008a0 mov r0, r4 | r0 = r4;
| if (r0 == 0) {
0x000008a4 beq 0x8c4 | goto label_1;
| }
0x000008a8 bl 0x1a48 | r0 = fcn_00001a48 (r0);
0x000008ac mov r2, r0 | r2 = r0;
0x000008b0 ldr r0, [pc, 0x64] | r0 = *(0x918);
0x000008b4 mov r3, r1 | r3 = r1;
0x000008b8 add r0, pc, r0 | r0 = pc + r0;
| do {
| label_0:
0x000008bc pop {r4, r5, r6, lr} |
0x000008c0 b 0x62c | void (*0x62c)() ();
| label_1:
0x000008c4 bl 0x1d50 | r0 = fcn_00001d50 ();
0x000008c8 cmp r0, 0 |
| if (r0 == 0) {
0x000008cc beq 0x8f8 | goto label_2;
| }
0x000008d0 mov r2, 0 | r2 = 0;
0x000008d4 ldr r3, [pc, 0x44] | r3 = *(0x91c);
0x000008d8 mov r0, r4 | r0 = r4;
0x000008dc mov r1, r5 | r1 = r5;
0x000008e0 bl 0x1a48 | r0 = fcn_00001a48 (r0);
0x000008e4 mov r2, r0 | r2 = r0;
0x000008e8 ldr r0, [pc, 0x34] | r0 = *(0x920);
0x000008ec mov r3, r1 | r3 = r1;
0x000008f0 add r0, pc, r0 | r0 = pc + r0;
0x000008f4 b 0x8bc |
| } while (1);
| label_2:
0x000008f8 ldr r0, [pc, 0x28] | r0 = *(0x924);
0x000008fc mov r2, r4 | r2 = r4;
0x00000900 mov r3, r5 | r3 = r5;
0x00000904 add r0, pc, r0 | r0 = pc + r0;
0x00000908 b 0x8bc | goto label_0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libxt_rateest.so @ 0x92c */
| #include <stdint.h>
|
; (fcn) fcn.0000092c () | void fcn_0000092c (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x0000092c ldrh r3, [r0, 0x20] | r3 = *((r0 + 0x20));
0x00000930 push {r4, r5, r6, lr} |
0x00000934 tst r3, 1 |
0x00000938 mov r5, r0 | r5 = r0;
0x0000093c mov r4, r1 | r4 = r1;
| if ((r3 & 1) != 0) {
0x00000940 beq 0x950 |
0x00000944 ldr r0, [pc, 0x5c] | r0 = *(0x9a4);
0x00000948 add r0, pc, r0 | r0 = pc + r0;
0x0000094c bl 0x62c | printf (r0)
| }
0x00000950 ldrh r3, [r5, 0x22] | r3 = *((r5 + 0x22));
0x00000954 cmp r3, 2 |
| if (r3 == 2) {
0x00000958 beq 0x980 | goto label_1;
| }
0x0000095c cmp r3, 3 |
| if (r3 == 3) {
0x00000960 beq 0x990 | goto label_2;
| }
0x00000964 cmp r3, 1 |
| if (r3 != 1) {
0x00000968 bne 0x9a0 | goto label_3;
| }
0x0000096c ldr r0, [pc, 0x38] | r0 = *(0x9a8);
0x00000970 mov r1, r4 | r1 = r4;
0x00000974 add r0, pc, r0 | r0 = pc + r0;
| do {
| label_0:
0x00000978 pop {r4, r5, r6, lr} |
0x0000097c b 0x62c | void (*0x62c)() ();
| label_1:
0x00000980 ldr r0, [pc, 0x28] | r0 = *(0x9ac);
0x00000984 mov r1, r4 | r1 = r4;
0x00000988 add r0, pc, r0 | r0 = pc + r0;
0x0000098c b 0x978 |
| } while (1);
| label_2:
0x00000990 ldr r0, [pc, 0x1c] | r0 = *(0x9b0);
0x00000994 mov r1, r4 | r1 = r4;
0x00000998 add r0, pc, r0 | r0 = pc + r0;
0x0000099c b 0x978 | goto label_0;
| label_3:
0x000009a0 mov r0, 1 | r0 = 1;
0x000009a4 bl 0x698 | r0 = exit (r0);
| if (r3 != 1) {
0x000009a8 andeq r1, r0, sp, lsr 9 | r1 = r0 & (sp >> 9);
| }
| if (r3 != 1) {
0x000009ac andeq r1, r0, r4, lsl 9 | r1 = r0 & (r4 << 9);
| }
| if (r3 != 1) {
0x000009b0 andeq r1, r0, r6, ror r4 | r1 = r0 & (r6 >>> r4);
| }
| /* Beware that this jump is a conditional jump.
| * r2dec transformed it as a return, due being the
| * last instruction. Please, check 'pdda' output
| * for more hints. */
0x000009b4 andeq r1, r0, ip, ror 8 | return r1 = r0 & (ip >>> 8);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libxt_rateest.so @ 0x9b8 */
| #include <stdint.h>
|
; (fcn) fcn.000009b8 () | void fcn_000009b8 (int32_t arg1, int32_t arg2) {
| int32_t var_18h;
| r0 = arg1;
| r1 = arg2;
0x000009b8 push {r4, r5, r6, r7, r8, lr} |
0x000009bc ldr r5, [sp, 0x18] | r5 = var_18h;
0x000009c0 mov r7, r3 | r7 = r3;
0x000009c4 ldrh r3, [r0, 0x20] | r3 = *((r0 + 0x20));
0x000009c8 mov r4, r0 | r4 = r0;
0x000009cc tst r3, 8 |
0x000009d0 mov r6, r1 | r6 = r1;
| if ((r3 & 8) == 0) {
0x000009d4 beq 0xa30 | goto label_0;
| }
0x000009d8 ldr r0, [pc, 0x6c] | r0 = *(0xa48);
0x000009dc mov r8, r2 | r8 = r2;
0x000009e0 add r0, pc, r0 | r0 = pc + r0;
0x000009e4 bl 0x62c | printf (r0)
0x000009e8 mov r1, r5 | r1 = r5;
0x000009ec mov r0, r8 | r0 = r8;
0x000009f0 bl 0x850 | fcn_00000850 (r0, r1);
0x000009f4 ldr r1, [pc, 0x54] | r1 = *(0xa4c);
0x000009f8 mov r0, r4 | r0 = r4;
0x000009fc add r1, pc, r1 | r1 = pc + r1;
0x00000a00 bl 0x92c | fcn_0000092c (r0, r1);
0x00000a04 ldr r0, [pc, 0x48] | r0 = *(0xa50);
0x00000a08 mov r1, r6 | r1 = r6;
0x00000a0c add r0, pc, r0 | r0 = pc + r0;
| do {
0x00000a10 bl 0x62c | printf (r0, r1)
0x00000a14 ldrh r3, [r4, 0x20] | r3 = *((r4 + 0x20));
0x00000a18 tst r3, 0xa |
0x00000a1c popeq {r4, r5, r6, r7, r8, pc} |
0x00000a20 mov r1, r5 | r1 = r5;
0x00000a24 mov r0, r7 | r0 = r7;
0x00000a28 pop {r4, r5, r6, r7, r8, lr} |
0x00000a2c b 0x850 | void (*0x850)() ();
| label_0:
0x00000a30 ldr r1, [pc, 0x20] | r1 = *(0xa54);
0x00000a34 add r1, pc, r1 | r1 = pc + r1;
0x00000a38 bl 0x92c | fcn_0000092c (r0, r1);
0x00000a3c ldr r0, [pc, 0x18] | r0 = *(0xa58);
0x00000a40 mov r1, r6 | r1 = r6;
0x00000a44 add r0, pc, r0 | r0 = pc + r0;
0x00000a48 b 0xa10 |
| } while (1);
| }
[*] Function printf used 4 times libxt_rateest.so
