[*] Binary protection state of libcharset.so.1.0.0
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of libcharset.so.1.0.0
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libcharset.so.1.0.0 @ 0xcc8 */
| #include <stdint.h>
|
; (fcn) fcn.00000cc8 () | void fcn_00000cc8 (int32_t arg1) {
| r0 = arg1;
0x00000cc8 push {r4, r5, r6, r7, r8, lr} |
0x00000ccc ldr r4, [pc, 0xb0] | r4 = *(0xd80);
0x00000cd0 mov r7, r0 | r7 = r0;
0x00000cd4 add r4, pc, r4 | r4 = pc + r4;
0x00000cd8 ldr r1, [r4, 8] | r1 = _fini;
0x00000cdc cmp r1, 0 |
0x00000ce0 bne 0xcf0 |
| while (r5 == 0) {
| label_0:
0x00000ce4 mov r4, r7 | r4 = r7;
| label_1:
0x00000ce8 mov r0, r4 | r0 = r4;
0x00000cec pop {r4, r5, r6, r7, r8, pc} |
0x00000cf0 ldr r5, [r4, 0xc] | r5 = *((r4 + 0xc));
0x00000cf4 cmp r5, 0 |
0x00000cf8 beq 0xce4 |
| }
0x00000cfc ldr r6, [r4] | r6 = *(r4);
0x00000d00 mov r2, r6 | r2 = r6;
0x00000d04 bl 0x67c | r0 = strncmp (r0, r1, r2);
0x00000d08 cmp r0, 0 |
| if (r0 != 0) {
0x00000d0c bne 0xce4 | goto label_0;
| }
0x00000d10 ldrb r3, [r7, r6] | r3 = *((r7 + r6));
0x00000d14 add r8, r7, r6 | r8 = r7 + r6;
0x00000d18 cmp r3, 0 |
| if (r3 != 0) {
0x00000d1c bne 0xd44 | goto label_3;
| }
0x00000d20 mov r0, r5 | r0 = r5;
0x00000d24 bl 0x6d0 | r0 = strlen (r0);
0x00000d28 add r0, r0, 1 | r0++;
0x00000d2c bl 0x64c | r0 = malloc (r0);
0x00000d30 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 != r0) {
0x00000d34 movne r1, r5 | r1 = r5;
| goto label_4;
| }
| if (r4 == r0) {
| label_4:
0x00000d38 beq 0xce4 | goto label_0;
| }
| label_2:
0x00000d3c bl 0x604 | strcpy (r0, r1)
0x00000d40 b 0xce8 | goto label_1;
| label_3:
0x00000d44 cmp r3, 0x2f |
| if (r3 != 0x2f) {
0x00000d48 bne 0xce4 | goto label_0;
| }
0x00000d4c mov r0, r8 | r0 = r8;
0x00000d50 bl 0x6d0 | strlen (r0);
0x00000d54 ldr r6, [r4, 4] | r6 = *((r4 + 4));
0x00000d58 add r3, r6, 1 | r3 = r6 + 1;
0x00000d5c add r0, r3, r0 | r0 = r3 + r0;
0x00000d60 bl 0x64c | r0 = malloc (r0);
0x00000d64 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 == r0) {
0x00000d68 beq 0xce4 | goto label_0;
| }
0x00000d6c mov r1, r5 | r1 = r5;
0x00000d70 mov r2, r6 | r2 = r6;
0x00000d74 bl 0x634 | memcpy (r0, r1, r2);
0x00000d78 mov r1, r8 | r1 = r8;
0x00000d7c add r0, r4, r6 | r0 = r4 + r6;
0x00000d80 b 0xd3c | goto label_2;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libcharset.so.1.0.0 @ 0x890 */
| #include <stdint.h>
|
; (fcn) sym.locale_charset () | void locale_charset () {
| char * var_4h;
| char * dest;
| char * format;
| char * src;
| int32_t var_44h;
| int32_t var_7ch;
0x00000890 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00000894 mov r0, 0xa | r0 = 0xa;
0x00000898 sub sp, sp, 0x7c |
0x0000089c bl 0x670 | r0 = nl_langinfo (r0);
0x000008a0 subs r7, r0, 0 | r7 = r0 - 0;
| if (r7 != r0) {
0x000008a4 ldreq r7, [pc, 0x33c] | r7 = *((pc + 0x33c));
| }
| if (r7 != r0) {
0x000008a8 addeq r7, pc, r7 | r7 = pc + r7;
| }
0x000008ac ldr r3, [pc, 0x338] | r3 = *(0xbe8);
0x000008b0 ldr r4, [pc, r3] | r4 = *(0x000008b8);
0x000008b4 cmp r4, 0 |
| if (r4 != 0) {
0x000008b8 bne 0x980 | goto label_10;
| }
0x000008bc ldr r0, [pc, 0x32c] | r0 = *(0xbec);
0x000008c0 add r0, pc, r0 | r0 = pc + r0;
0x000008c4 bl 0x61c | r0 = getenv (r0);
0x000008c8 subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 != r0) {
0x000008cc beq 0x8dc |
0x000008d0 ldrb r3, [r6] | r3 = *(r6);
0x000008d4 cmp r3, 0 |
| if (r3 != 0) {
0x000008d8 bne 0x8ec | goto label_11;
| }
| }
0x000008dc ldr r0, [pc, 0x310] | r0 = "trncmp";
0x000008e0 add r0, pc, r0 | r0 = pc + r0;
0x000008e4 bl 0xcc8 | r0 = fcn_00000cc8 (r0);
0x000008e8 mov r6, r0 | r6 = r0;
| label_11:
0x000008ec mov r0, r6 | r0 = r6;
0x000008f0 bl 0x6d0 | r0 = strlen (r0);
0x000008f4 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 != r0) {
0x000008f8 moveq r5, r4 | r5 = r4;
| }
| if (r4 != r0) {
0x000008fc beq 0x910 |
0x00000900 add r3, r6, r4 | r3 = r6 + r4;
0x00000904 ldrb r5, [r3, -1] | r5 = *((r3 - 1));
0x00000908 subs r5, r5, 0x2f | r5 -= 0x2f;
| if (r5 != r5) {
0x0000090c movne r5, 1 | r5 = 1;
| goto label_12;
| }
| }
| label_12:
0x00000910 add r8, r5, r4 | r8 = r5 + r4;
0x00000914 add r0, r8, 0xe | r0 = r8 + 0xe;
0x00000918 bl 0x64c | r0 = malloc (r0);
0x0000091c subs sb, r0, 0 | sb = r0 - 0;
| if (sb == r0) {
0x00000920 beq 0xbb8 | goto label_13;
| }
0x00000924 mov r2, r4 | r2 = r4;
0x00000928 mov r1, r6 | r1 = r6;
0x0000092c bl 0x634 | memcpy (r0, r1, r2);
0x00000930 ldr r1, [pc, 0x2c0] | r1 = "ocation_prefix";
0x00000934 cmp r5, 0 |
| if (r5 == 0) {
0x00000938 movne r3, 0x2f | r3 = 0x2f;
| }
0x0000093c mov r2, 0xe | r2 = 0xe;
0x00000940 add r1, pc, r1 | r1 = pc + r1;
0x00000944 add r0, sb, r8 | r0 = sb + r8;
| if (r5 == 0) {
0x00000948 strbne r3, [sb, r4] | *((sb + r4)) = r3;
| }
0x0000094c bl 0x634 | memcpy (r0, r1, r2);
0x00000950 mov r1, 0 | r1 = 0;
0x00000954 mov r0, sb | r0 = sb;
0x00000958 bl 0x6ac | r0 = open64 ();
0x0000095c subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 >= r0) {
0x00000960 bge 0x9e0 | goto label_14;
| }
| label_0:
0x00000964 ldr r4, [pc, 0x290] | r4 = *(0xbf8);
0x00000968 add r4, pc, r4 | r4 = pc + r4;
| do {
| label_1:
0x0000096c mov r0, sb | r0 = sb;
0x00000970 bl 0x6f4 | free (r0);
| label_9:
0x00000974 ldr r3, [pc, 0x284] | r3 = *(0xbfc);
0x00000978 add r3, pc, r3 | r3 = pc + r3;
0x0000097c str r4, [r3] | *(r3) = r4;
| label_10:
0x00000980 ldrb r5, [r4] | r5 = *(r4);
0x00000984 cmp r5, 0 |
| if (r5 != 0) {
0x00000988 beq 0x9c4 |
0x0000098c mov r1, r4 | r1 = r4;
0x00000990 mov r0, r7 | r0 = r7;
0x00000994 bl 0x6b8 | r0 = strcmp (r0, r1);
0x00000998 cmp r0, 0 |
| if (r0 != 0) {
0x0000099c beq 0x9b4 |
0x000009a0 cmp r5, 0x2a |
| if (r5 != 0x2a) {
0x000009a4 bne 0xbc4 | goto label_15;
| }
0x000009a8 ldrb r3, [r4, 1] | r3 = *((r4 + 1));
0x000009ac cmp r3, 0 |
| if (r3 != 0) {
0x000009b0 bne 0xbc4 | goto label_15;
| }
| }
0x000009b4 mov r0, r4 | r0 = r4;
0x000009b8 bl 0x6d0 | r0 = strlen (r0);
0x000009bc add r0, r0, 1 | r0++;
0x000009c0 add r7, r4, r0 | r7 = r4 + r0;
| }
0x000009c4 ldrb r3, [r7] | r3 = *(r7);
0x000009c8 cmp r3, 0 |
| if (r3 != 0) {
0x000009cc ldreq r7, [pc, 0x230] | r7 = "sterTMCloneTable";
| }
| if (r3 != 0) {
0x000009d0 addeq r7, pc, r7 | r7 = pc + r7;
| }
0x000009d4 mov r0, r7 | r0 = r7;
0x000009d8 add sp, sp, 0x7c |
0x000009dc pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_14:
0x000009e0 ldr r1, [pc, 0x220] | r1 = "sterTMCloneTable";
0x000009e4 add r1, pc, r1 | r1 = pc + r1;
0x000009e8 bl 0x694 | r0 = fdopen ();
0x000009ec subs r5, r0, 0 | r5 = r0 - 0;
| if (r5 != r0) {
0x000009f0 bne 0xa08 | goto label_16;
| }
0x000009f4 mov r0, r4 | r0 = r4;
0x000009f8 ldr r4, [pc, 0x20c] | r4 = *(0xc08);
0x000009fc bl 0x6e8 | close (r0);
0x00000a00 add r4, pc, r4 | r4 = pc + r4;
0x00000a04 b 0x96c |
| } while (1);
| label_16:
0x00000a08 add r3, sp, 0x44 | r3 += var_44h;
0x00000a0c str r3, [sp, 4] | var_4h = r3;
0x00000a10 ldr r3, [pc, 0x1f8] | r3 = *(0xc0c);
0x00000a14 mov r6, 0 | r6 = 0;
0x00000a18 add r3, pc, r3 | r3 = pc + r3;
0x00000a1c mov r4, r6 | r4 = r6;
0x00000a20 add fp, sp, 0x10 |
0x00000a24 str r3, [sp, 0xc] | format = r3;
0x00000a28 b 0xb1c | goto label_17;
| label_3:
0x00000a2c mov r0, r5 | r0 = r5;
0x00000a30 bl 0x6c4 | fgetc (r0);
0x00000a34 b 0xb4c | goto label_18;
| label_6:
0x00000a38 mov r0, r5 | r0 = r5;
0x00000a3c bl 0x6c4 | fgetc (r0);
0x00000a40 b 0xb9c | goto label_19;
| label_5:
0x00000a44 mov r1, r5 | r1 = r5;
0x00000a48 bl 0x610 | ungetc (r0, r1);
0x00000a4c ldr r3, [sp, 4] | r3 = var_4h;
0x00000a50 mov r2, fp | r2 = fp;
0x00000a54 ldr r1, [sp, 0xc] | r1 = format;
0x00000a58 mov r0, r5 | r0 = r5;
0x00000a5c bl 0x628 | r0 = fscanf (r0, r1, r2, r3);
0x00000a60 cmp r0, 1 |
| if (r0 > 1) {
0x00000a64 ble 0xab8 |
0x00000a68 mov r0, fp | r0 = fp;
0x00000a6c bl 0x6d0 | strlen (r0);
0x00000a70 str r0, [sp, 8] | dest = r0;
0x00000a74 ldr r0, [sp, 4] | r0 = var_4h;
0x00000a78 bl 0x6d0 | strlen (r0);
0x00000a7c ldr r3, [sp, 8] | r3 = dest;
0x00000a80 cmp r6, 0 |
0x00000a84 mov r8, r0 | r8 = r0;
0x00000a88 add r0, r3, r0 | r0 = r3 + r0;
| if (r6 != 0) {
0x00000a8c bne 0xad4 | goto label_20;
| }
0x00000a90 add r6, r0, 2 | r6 = r0 + 2;
0x00000a94 add r0, r0, 3 | r0 += 3;
0x00000a98 bl 0x64c | r0 = malloc (r0);
| label_2:
0x00000a9c cmp r0, 0 |
0x00000aa0 mov sl, r0 | sl = r0;
| if (r0 != 0) {
0x00000aa4 bne 0xaec | goto label_21;
| }
0x00000aa8 mov r0, r4 | r0 = r4;
0x00000aac bl 0x6f4 | free (r0);
0x00000ab0 mov r4, sl | r4 = sl;
0x00000ab4 mov r6, sl | r6 = sl;
| }
| label_4:
0x00000ab8 mov r0, r5 | r0 = r5;
0x00000abc bl 0x6a0 | fclose (r0);
0x00000ac0 cmp r6, 0 |
| if (r6 == 0) {
0x00000ac4 beq 0x964 | goto label_0;
| }
0x00000ac8 mov r3, 0 | r3 = 0;
0x00000acc strb r3, [r4, r6] | *((r4 + r6)) = r3;
0x00000ad0 b 0x96c | goto label_1;
| label_20:
0x00000ad4 add r1, r6, r0 | r1 = r6 + r0;
0x00000ad8 add r6, r1, 2 | r6 = r1 + 2;
0x00000adc mov r0, r4 | r0 = r4;
0x00000ae0 add r1, r1, 3 | r1 += 3;
0x00000ae4 bl 0x688 | realloc (r0, r1);
0x00000ae8 b 0xa9c | goto label_2;
| label_21:
0x00000aec ldr r3, [sp, 8] | r3 = dest;
0x00000af0 sub r8, r6, r8 | r8 = r6 - r8;
0x00000af4 sub r0, r8, r3 | r0 = r8 - r3;
0x00000af8 sub r0, r0, 2 | r0 -= 2;
0x00000afc mov r1, fp | r1 = fp;
0x00000b00 add r0, sl, r0 | r0 = sl + r0;
0x00000b04 sub r8, r8, 1 | r8--;
0x00000b08 bl 0x604 | strcpy (r0, r1)
0x00000b0c ldr r1, [sp, 4] | r1 = var_4h;
0x00000b10 add r0, sl, r8 | r0 = sl + r8;
0x00000b14 bl 0x604 | strcpy (r0, r1)
| label_8:
0x00000b18 mov r4, sl | r4 = sl;
| label_17:
0x00000b1c ldr r3, [r5, 0x34] | r3 = *((r5 + 0x34));
0x00000b20 cmp r3, 0 |
| if (r3 == 0) {
0x00000b24 beq 0xa2c | goto label_3;
| }
0x00000b28 ldr r3, [r5, 0x10] | r3 = *((r5 + 0x10));
0x00000b2c ldr r2, [r5, 0x18] | r2 = *((r5 + 0x18));
0x00000b30 cmp r3, r2 |
| if (r3 >= r2) {
0x00000b34 addlo r2, r3, 1 | r2 = r3 + 1;
| }
| if (r3 >= r2) {
0x00000b38 strlo r2, [r5, 0x10] | *((r5 + 0x10)) = r2;
| }
| if (r3 >= r2) {
0x00000b3c ldrblo r0, [r3] | r0 = *(r3);
| }
| if (r3 <= r2) {
0x00000b40 blo 0xb54 | goto label_22;
| }
0x00000b44 mov r0, r5 | r0 = r5;
0x00000b48 bl 0x658 | r0 = fgetc_unlocked ();
| label_18:
0x00000b4c cmn r0, 1 |
| if (r0 == 1) {
0x00000b50 beq 0xab8 | goto label_4;
| }
| label_22:
0x00000b54 sub r3, r0, 9 | r3 = r0 - 9;
0x00000b58 cmp r0, 0x20 |
0x00000b5c cmpne r3, 1 | __asm ("cmpne r3, 1");
| if (r0 < 0x20) {
0x00000b60 bls 0xbb0 | goto label_23;
| }
0x00000b64 cmp r0, 0x23 |
| if (r0 != 0x23) {
0x00000b68 bne 0xa44 | goto label_5;
| }
| label_7:
0x00000b6c ldr r3, [r5, 0x34] | r3 = *((r5 + 0x34));
0x00000b70 cmp r3, 0 |
| if (r3 == 0) {
0x00000b74 beq 0xa38 | goto label_6;
| }
0x00000b78 ldr r3, [r5, 0x10] | r3 = *((r5 + 0x10));
0x00000b7c ldr r2, [r5, 0x18] | r2 = *((r5 + 0x18));
0x00000b80 cmp r3, r2 |
| if (r3 >= r2) {
0x00000b84 addlo r2, r3, 1 | r2 = r3 + 1;
| }
| if (r3 >= r2) {
0x00000b88 strlo r2, [r5, 0x10] | *((r5 + 0x10)) = r2;
| }
| if (r3 >= r2) {
0x00000b8c ldrblo r0, [r3] | r0 = *(r3);
| }
| if (r3 > r2) {
0x00000b90 blo 0xb9c |
0x00000b94 mov r0, r5 | r0 = r5;
0x00000b98 bl 0x658 | r0 = fgetc_unlocked ();
| }
| label_19:
0x00000b9c cmp r0, 0xa |
0x00000ba0 cmnne r0, 1 | __asm ("cmnne r0, 1");
| if (r0 != 0xa) {
0x00000ba4 bne 0xb6c | goto label_7;
| }
0x00000ba8 cmn r0, 1 |
| if (r0 == 1) {
0x00000bac beq 0xab8 | goto label_4;
| }
| label_23:
0x00000bb0 mov sl, r4 | sl = r4;
0x00000bb4 b 0xb18 | goto label_8;
| label_13:
0x00000bb8 ldr r4, [pc, 0x54] | r4 = *(0xc10);
0x00000bbc add r4, pc, r4 | r4 = pc + r4;
0x00000bc0 b 0x974 | goto label_9;
| label_15:
0x00000bc4 mov r0, r4 | r0 = r4;
0x00000bc8 bl 0x6d0 | r0 = strlen (r0);
0x00000bcc add r0, r0, 1 | r0++;
0x00000bd0 add r4, r4, r0 | r4 += r0;
0x00000bd4 mov r0, r4 | r0 = r4;
0x00000bd8 bl 0x6d0 | r0 = strlen (r0);
0x00000bdc add r0, r0, 1 | r0++;
0x00000be0 add r4, r4, r0 | r4 += r0;
0x00000be4 b 0x980 | goto label_10;
| }
[*] Function strcpy used 4 times libcharset.so.1.0.0
