[*] Binary protection state of KT-1
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of KT-1
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/windows/KT-1 @ 0xd38f0 */
| #include <stdint.h>
|
; (fcn) fcn.000d38f0 () | void fcn_000d38f0 (int32_t arg1) {
| int32_t var_0h;
| int32_t var_8h;
| int32_t var_9h;
| int32_t var_ah;
| int32_t var_bh;
| int32_t var_ch;
| int32_t var_dh;
| char * format;
| int32_t var_fh;
| int32_t var_10h;
| char * var_11h;
| int32_t var_12h;
| int32_t var_13h;
| char * s;
| int32_t var_24h;
| r0 = arg1;
0x000d38f0 ldrb r3, [r0, 5] | r3 = *((r0 + 5));
0x000d38f4 cmp r3, 0 |
| if (r3 != 0) {
0x000d38f8 bxeq lr | return;
| }
0x000d38fc push {r4, r5, lr} |
0x000d3900 sub sp, sp, 0x24 |
0x000d3904 mov r2, 0 | r2 = 0;
0x000d3908 add r1, sp, 8 | r1 += var_8h;
0x000d390c mov r4, r0 | r4 = r0;
0x000d3910 bl 0xd3838 | r0 = fcn_000d3838 (r0, r1);
0x000d3914 cmp r0, 0 |
| if (r0 != 0) {
0x000d3918 beq 0xd39ec |
0x000d391c ldrb r3, [sp, 8] | r3 = var_8h;
0x000d3920 ldrb r1, [sp, 0xe] | r1 = format;
0x000d3924 and r2, r3, 0xf | r2 = r3 & 0xf;
0x000d3928 asr r3, r3, 4 | r3 >>= 4;
0x000d392c strb r2, [r4, 0x1d] | *((r4 + 0x1d)) = r2;
0x000d3930 strb r3, [r4, 0x1c] | *((r4 + 0x1c)) = r3;
0x000d3934 ldrb r2, [sp, 0xa] | r2 = var_ah;
0x000d3938 ldrb r3, [sp, 0xb] | r3 = var_bh;
0x000d393c add r5, sp, 0x14 | r5 += s;
0x000d3940 add r3, r3, r2, lsl 8 | r3 += (r2 << 8);
0x000d3944 strh r3, [r4, 0x1e] | *((r4 + 0x1e)) = r3;
0x000d3948 ldrb r2, [sp, 0x12] | r2 = var_12h;
0x000d394c ldrb r3, [sp, 0x13] | r3 = var_13h;
0x000d3950 mov r0, r5 | r0 = r5;
0x000d3954 add r3, r3, r2, lsl 8 | r3 += (r2 << 8);
0x000d3958 strh r3, [r4, 0x20] | *((r4 + 0x20)) = r3;
0x000d395c str r1, [sp] | *(sp) = r1;
0x000d3960 ldr r1, [pc, 0x8c] | r1 = *(0xd39f0);
0x000d3964 ldrb r3, [sp, 0xd] | r3 = var_dh;
0x000d3968 ldrb r2, [sp, 0xc] | r2 = var_ch;
0x000d396c add r1, pc, r1 | r1 = pc + r1;
0x000d3970 bl 0x183f8 | sprintf (r0, r1, r2)
0x000d3974 mov r3, 8 | r3 = 8;
0x000d3978 mov r1, r3 | r1 = r3;
0x000d397c mov r2, r5 | r2 = r5;
0x000d3980 add r0, r4, r3 | r0 = r4 + r3;
0x000d3984 bl 0xb9ec8 | fcn_000b9ec8 (r0, r1);
0x000d3988 ldrb r1, [sp, 0x11] | r1 = var_11h;
0x000d398c ldrb r3, [sp, 0x10] | r3 = var_10h;
0x000d3990 str r1, [sp] | *(sp) = r1;
0x000d3994 ldr r1, [pc, 0x5c] | r1 = *(0xd39f4);
0x000d3998 ldrb r2, [sp, 0xf] | r2 = var_fh;
0x000d399c add r1, pc, r1 | r1 = pc + r1;
0x000d39a0 mov r0, r5 | r0 = r5;
0x000d39a4 bl 0x183f8 | sprintf (r0, r1, r2)
0x000d39a8 mov r3, 8 | r3 = 8;
0x000d39ac mov r1, r3 | r1 = r3;
0x000d39b0 mov r2, r5 | r2 = r5;
0x000d39b4 add r0, r4, 0x10 | r0 = r4 + 0x10;
0x000d39b8 bl 0xb9ec8 | fcn_000b9ec8 (r0, r1);
0x000d39bc ldrb r2, [sp, 9] | r2 = var_9h;
0x000d39c0 ldr r1, [pc, 0x34] | r1 = *(0xd39f8);
0x000d39c4 and r3, r2, 0xf | r3 = r2 & 0xf;
0x000d39c8 add r1, pc, r1 | r1 = pc + r1;
0x000d39cc lsr r2, r2, 4 | r2 >>= 4;
0x000d39d0 mov r0, r5 | r0 = r5;
0x000d39d4 bl 0x183f8 | sprintf (r0, r1, r2)
0x000d39d8 mov r3, 4 | r3 = 4;
0x000d39dc mov r2, r5 | r2 = r5;
0x000d39e0 mov r1, r3 | r1 = r3;
0x000d39e4 add r0, r4, 0x18 | r0 = r4 + 0x18;
0x000d39e8 bl 0xb9ec8 | fcn_000b9ec8 (r0, r1);
| }
0x000d39ec add sp, sp, 0x24 |
0x000d39f0 pop {r4, r5, pc} |
| }
[*] Function sprintf used 4 times KT-1
