[*] Binary protection state of libxt_udp.so
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function printf tear down of libxt_udp.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libxt_udp.so @ 0x9a0 */
| #include <stdint.h>
|
; (fcn) fcn.000009a0 () | void fcn_000009a0 (int32_t arg1, uint32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x000009a0 cmp r1, 0 |
0x000009a4 push {r4, lr} |
0x000009a8 mov r4, r0 | r4 = r0;
0x000009ac beq 0x9c4 |
| while (r0 == 0) {
| label_0:
0x000009b0 ldr r0, [pc, 0x48] | r0 = *(0x9fc);
0x000009b4 mov r1, r4 | r1 = r4;
0x000009b8 add r0, pc, r0 | r0 = pc + r0;
| label_1:
0x000009bc pop {r4, lr} |
0x000009c0 b 0x4ac | void (*0x4ac)() ();
0x000009c4 lsr r0, r0, 8 | r0 >>= 8;
0x000009c8 ldr r1, [pc, 0x34] | r1 = *(0xa00);
0x000009cc orr r0, r0, r4, lsl 8 | r0 |= (r4 << 8);
0x000009d0 lsl r0, r0, 0x10 | r0 <<= 0x10;
0x000009d4 add r1, pc, r1 | r1 = pc + r1;
0x000009d8 lsr r0, r0, 0x10 | r0 >>= 0x10;
0x000009dc bl 0x4e8 | r0 = getservbyport ();
0x000009e0 cmp r0, 0 |
0x000009e4 beq 0x9b0 |
| }
0x000009e8 ldr r1, [r0] | r1 = *(r0);
0x000009ec cmp r1, 0 |
| if (r1 == 0) {
0x000009f0 beq 0x9b0 | goto label_0;
| }
0x000009f4 ldr r0, [pc, 0xc] | r0 = *(0xa04);
0x000009f8 add r0, pc, r0 | r0 = pc + r0;
0x000009fc b 0x9bc | goto label_1;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libxt_udp.so @ 0xa0c */
| #include <stdint.h>
|
; (fcn) fcn.00000a0c () | void fcn_00000a0c (int32_t arg_18h, int32_t arg1, uint32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00000a0c push {r4, r5, r6, r7, r8, lr} |
0x00000a10 ldr r6, [sp, 0x18] | r6 = *(arg_18h);
0x00000a14 subs ip, r3, 0 |
| if (ip != r3) {
0x00000a18 bne 0xa88 | goto label_1;
| }
0x00000a1c ldr r7, [pc, 0x9c] | r7 = *(0xabc);
0x00000a20 add r7, pc, r7 | r7 = pc + r7;
| do {
0x00000a24 ldr r3, [pc, 0x98] | r3 = *(0xac0);
0x00000a28 subs r3, r2, r3 | r3 = r2 - r3;
| if (r3 == r2) {
0x00000a2c movne r3, 1 | r3 = 1;
| }
0x00000a30 cmp r1, 0 |
| if (r1 == 0) {
0x00000a34 movne r3, 1 | r3 = 1;
| }
0x00000a38 cmp ip, 0 |
| if (ip == 0) {
0x00000a3c movne r3, 1 | r3 = 1;
| }
0x00000a40 cmp r3, 0 |
0x00000a44 popeq {r4, r5, r6, r7, r8, pc} |
0x00000a48 mov r4, r1 | r4 = r1;
0x00000a4c mov r1, r0 | r1 = r0;
0x00000a50 ldr r0, [pc, 0x70] | r0 = *(0xac4);
0x00000a54 mov r5, r2 | r5 = r2;
0x00000a58 add r0, pc, r0 | r0 = pc + r0;
0x00000a5c bl 0x4ac | printf (r0, r1, r2, r3, r4, r5)
0x00000a60 cmp r4, r5 |
0x00000a64 mov r1, r7 | r1 = r7;
| if (r4 != r5) {
0x00000a68 bne 0xa94 | goto label_2;
| }
0x00000a6c ldr r0, [pc, 0x58] | r0 = *(0xac8);
0x00000a70 add r0, pc, r0 | r0 = pc + r0;
0x00000a74 bl 0x4ac | printf (r0)
0x00000a78 mov r1, r6 | r1 = r6;
0x00000a7c mov r0, r4 | r0 = r4;
| label_0:
0x00000a80 pop {r4, r5, r6, r7, r8, lr} |
0x00000a84 b 0x9a0 | void (*0x9a0)() ();
| label_1:
0x00000a88 ldr r7, [pc, 0x40] | r7 = "_";
0x00000a8c add r7, pc, r7 | r7 = pc + r7;
0x00000a90 b 0xa24 |
| } while (1);
| label_2:
0x00000a94 ldr r0, [pc, 0x38] | r0 = *(0xad0);
0x00000a98 add r0, pc, r0 | r0 = pc + r0;
0x00000a9c bl 0x4ac | printf (r0)
0x00000aa0 mov r1, r6 | r1 = r6;
0x00000aa4 mov r0, r4 | r0 = r4;
0x00000aa8 bl 0x9a0 | fcn_000009a0 (r0, r1);
0x00000aac mov r0, 0x3a | r0 = 0x3a;
0x00000ab0 bl 0x4a0 | putchar (r0);
0x00000ab4 mov r1, r6 | r1 = r6;
0x00000ab8 mov r0, r5 | r0 = r5;
0x00000abc b 0xa80 | goto label_0;
| }
[*] Function printf used 4 times libxt_udp.so
