[*] Binary protection state of libxt_string.so
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function printf tear down of libxt_string.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libxt_string.so @ 0xcb0 */
| #include <stdint.h>
|
; (fcn) fcn.00000cb0 () | void fcn_00000cb0 (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00000cb0 push {r4, r5, r6, r7, r8, lr} |
0x00000cb4 ldr r7, [pc, 0x44] | r7 = *(0xcfc);
0x00000cb8 mov r5, r0 | r5 = r0;
0x00000cbc ldr r0, [pc, 0x40] | r0 = *(0xd00);
0x00000cc0 mov r6, r1 | r6 = r1;
0x00000cc4 add r0, pc, r0 | r0 = pc + r0;
0x00000cc8 bl 0x63c | printf (r0, r1, r2, r3, r4, r5, r6)
0x00000ccc mov r4, r5 | r4 = r5;
0x00000cd0 add r7, pc, r7 | r7 = pc + r7;
| do {
0x00000cd4 sub r3, r4, r5 | r3 = r4 - r5;
0x00000cd8 cmp r6, r3 |
| if (r6 <= r3) {
0x00000cdc bhi 0xcf0 |
0x00000ce0 ldr r0, [pc, 0x20] | r0 = *(0xd04);
0x00000ce4 pop {r4, r5, r6, r7, r8, lr} |
0x00000ce8 add r0, pc, r0 | r0 = pc + r0;
0x00000cec b 0x63c | void (*0x63c)() ();
| }
0x00000cf0 ldrb r1, [r4], 1 | r1 = *(r4);
| r4++;
0x00000cf4 mov r0, r7 | r0 = r7;
0x00000cf8 bl 0x63c | printf (r0, r1)
0x00000cfc b 0xcd4 |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libxt_string.so @ 0xd0c */
| #include <stdint.h>
|
; (fcn) fcn.00000d0c () | void fcn_00000d0c (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00000d0c push {r4, r5, r6, r7, r8, sb, sl, lr} |
0x00000d10 ldr r6, [pc, 0xa0] | r6 = *(0xdb4);
0x00000d14 mov r5, r0 | r5 = r0;
0x00000d18 ldr r0, [pc, 0x9c] | r0 = *(0xdb8);
0x00000d1c mov r7, r1 | r7 = r1;
0x00000d20 add r0, pc, r0 | r0 = pc + r0;
0x00000d24 bl 0x63c | printf (r0, r1, r2, r3, r4, r5, r6)
0x00000d28 mov r4, r5 | r4 = r5;
0x00000d2c mov r8, 0x5c | r8 = 0x5c;
0x00000d30 add r6, pc, r6 | r6 = pc + r6;
| do {
0x00000d34 sub r3, r4, r5 | r3 = r4 - r5;
0x00000d38 cmp r7, r3 |
| if (r7 <= r3) {
0x00000d3c bhi 0xd4c |
0x00000d40 mov r0, 0x22 | r0 = 0x22;
0x00000d44 pop {r4, r5, r6, r7, r8, sb, sl, lr} |
0x00000d48 b 0x630 | void (*0x630)() ();
| }
0x00000d4c ldrb r3, [r4] | r3 = *(r4);
0x00000d50 mov sb, r4 | sb = r4;
0x00000d54 cmp r3, 0x5c |
0x00000d58 cmpne r3, 0x22 | __asm ("cmpne r3, 0x22");
| if (r3 == 0x5c) {
0x00000d5c bne 0xd9c |
0x00000d60 ldr r3, [pc, 0x58] | r3 = *(0xdbc);
0x00000d64 ldr r3, [r6, r3] | r3 = *((r6 + r3));
0x00000d68 ldr r1, [r3] | r1 = *(0xdbc);
0x00000d6c ldr r3, [r1, 0x34] | r3 = *(0xdf0);
0x00000d70 cmp r3, 0 |
| if (r3 == 0) {
0x00000d74 beq 0xdac | goto label_1;
| }
0x00000d78 ldr r3, [r1, 0x10] | r3 = *((r1 + 0x10));
0x00000d7c ldr r2, [r1, 0x1c] | r2 = *((r1 + 0x1c));
0x00000d80 cmp r3, r2 |
| if (r3 >= r2) {
0x00000d84 addlo r2, r3, 1 | r2 = r3 + 1;
| }
| if (r3 >= r2) {
0x00000d88 strlo r2, [r1, 0x10] | *((r1 + 0x10)) = r2;
| }
| if (r3 >= r2) {
0x00000d8c strblo r8, [r3] | *(r3) = r8;
| }
| if (r3 <= r2) {
0x00000d90 blo 0xd9c | goto label_0;
| }
0x00000d94 mov r0, 0x5c | r0 = 0x5c;
0x00000d98 bl 0x6cc | fputc_unlocked ();
| }
| label_0:
0x00000d9c ldrb r0, [sb] | r0 = *(sb);
0x00000da0 add r4, r4, 1 | r4++;
0x00000da4 bl 0x630 | putchar (r0);
0x00000da8 b 0xd34 |
| } while (1);
| label_1:
0x00000dac mov r0, 0x5c | r0 = 0x5c;
0x00000db0 bl 0x6a8 | fputc (r0, r1);
0x00000db4 b 0xd9c | goto label_0;
| }
[*] Function printf used 4 times libxt_string.so
