[*] Binary protection state of libiconv.so.2.6.0
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of libiconv.so.2.6.0
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libiconv.so.2.6.0 @ 0x14080 */
| #include <stdint.h>
|
; (fcn) fcn.00014080 () | void fcn_00014080 () {
| char * var_4h;
| char * dest;
| char * format;
| char * src;
| int32_t var_44h;
| int32_t var_7ch;
0x00014080 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00014084 mov r0, 0xa | r0 = 0xa;
0x00014088 sub sp, sp, 0x7c |
0x0001408c bl 0x1050 | r0 = nl_langinfo (r0);
0x00014090 subs r7, r0, 0 | r7 = r0 - 0;
| if (r7 != r0) {
0x00014094 ldreq r7, [pc, 0x33c] | r7 = *((pc + 0x33c));
| }
| if (r7 != r0) {
0x00014098 addeq r7, pc, r7 | r7 = pc + r7;
| }
0x0001409c ldr r3, [pc, 0x338] | r3 = *(0x143d8);
0x000140a0 ldr r4, [pc, r3] | r4 = *(0x000140a8);
0x000140a4 cmp r4, 0 |
| if (r4 != 0) {
0x000140a8 bne 0x14170 | goto label_10;
| }
0x000140ac ldr r0, [pc, 0x32c] | r0 = *(0x143dc);
0x000140b0 add r0, pc, r0 | r0 = pc + r0;
0x000140b4 bl 0xfe4 | r0 = getenv (r0);
0x000140b8 subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 != r0) {
0x000140bc beq 0x140cc |
0x000140c0 ldrb r3, [r6] | r3 = *(r6);
0x000140c4 cmp r3, 0 |
| if (r3 != 0) {
0x000140c8 bne 0x140dc | goto label_11;
| }
| }
0x000140cc ldr r0, [pc, 0x310] | r0 = "_ddVFF:K__84d_T:_d_MyDOfI_SQO3d8d9diLNLT_5d0A6dPNA_S5sHGU_I_8JdLdDQ:R_:T:Cdm5MW_dO_dAJLgJWDTLHdGdAdDd_5YSFdyRc44_nI_4l_MQmL5meG_TKdUWBd_EdfSIdxI_deSGI6T32WdBNMd_N_8VdJ_NSlCHEXdDMOdTdUd:fO_URdPdNdeMJ_SdH8gd4T_doAidgR_d_dO_KZdQdedHcdgDbda";
0x000140d0 add r0, pc, r0 | r0 = pc + r0;
0x000140d4 bl 0x144b8 | r0 = fcn_000144b8 (r0);
0x000140d8 mov r6, r0 | r6 = r0;
| label_11:
0x000140dc mov r0, r6 | r0 = r6;
0x000140e0 bl 0x10d4 | r0 = strlen (r0);
0x000140e4 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 != r0) {
0x000140e8 moveq r5, r4 | r5 = r4;
| }
| if (r4 != r0) {
0x000140ec beq 0x14100 |
0x000140f0 add r3, r6, r4 | r3 = r6 + r4;
0x000140f4 ldrb r5, [r3, -1] | r5 = *((r3 - 1));
0x000140f8 subs r5, r5, 0x2f | r5 -= 0x2f;
| if (r5 != r5) {
0x000140fc movne r5, 1 | r5 = 1;
| goto label_12;
| }
| }
| label_12:
0x00014100 add r8, r5, r4 | r8 = r5 + r4;
0x00014104 add r0, r8, 0xe | r0 = r8 + 0xe;
0x00014108 bl 0x1020 | r0 = malloc (r0);
0x0001410c subs sb, r0, 0 | sb = r0 - 0;
| if (sb == r0) {
0x00014110 beq 0x143a8 | goto label_13;
| }
0x00014114 mov r2, r4 | r2 = r4;
0x00014118 mov r1, r6 | r1 = r6;
0x0001411c bl 0x1008 | memcpy (r0, r1, r2);
0x00014120 ldr r1, [pc, 0x2c0] | r1 = "k_0d_E1dcU_:d7d_ddVFF:K__84d_T:_d_MyDOfI_SQO3d8d9diLNLT_5d0A6dPNA_S5sHGU_I_8JdLdDQ:R_:T:Cdm5MW_dO_dAJLgJWDTLHdGdAdDd_5YSFdyRc44_nI_4l_MQmL5meG_TKdUWBd_EdfSIdxI_deSGI6T32WdBNMd_N_8VdJ_NSlCHEXdDMOdTdUd:fO_URdPdNdeMJ_SdH8gd4T_doAidgR_d_dO_";
0x00014124 cmp r5, 0 |
| if (r5 == 0) {
0x00014128 movne r3, 0x2f | r3 = 0x2f;
| }
0x0001412c mov r2, 0xe | r2 = 0xe;
0x00014130 add r1, pc, r1 | r1 = pc + r1;
0x00014134 add r0, sb, r8 | r0 = sb + r8;
| if (r5 == 0) {
0x00014138 strbne r3, [sb, r4] | *((sb + r4)) = r3;
| }
0x0001413c bl 0x1008 | memcpy (r0, r1, r2);
0x00014140 mov r1, 0 | r1 = 0;
0x00014144 mov r0, sb | r0 = sb;
0x00014148 bl 0x10a4 | r0 = open64 ();
0x0001414c subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 >= r0) {
0x00014150 bge 0x141d0 | goto label_14;
| }
| label_0:
0x00014154 ldr r4, [pc, 0x290] | r4 = *(0x143e8);
0x00014158 add r4, pc, r4 | r4 = pc + r4;
| do {
| label_1:
0x0001415c mov r0, sb | r0 = sb;
0x00014160 bl 0x1104 | free (r0);
| label_9:
0x00014164 ldr r3, [pc, 0x284] | r3 = *(0x143ec);
0x00014168 add r3, pc, r3 | r3 = pc + r3;
0x0001416c str r4, [r3] | *(r3) = r4;
| label_10:
0x00014170 ldrb r5, [r4] | r5 = *(r4);
0x00014174 cmp r5, 0 |
| if (r5 != 0) {
0x00014178 beq 0x141b4 |
0x0001417c mov r1, r4 | r1 = r4;
0x00014180 mov r0, r7 | r0 = r7;
0x00014184 bl 0x10b0 | r0 = strcmp (r0, r1);
0x00014188 cmp r0, 0 |
| if (r0 != 0) {
0x0001418c beq 0x141a4 |
0x00014190 cmp r5, 0x2a |
| if (r5 != 0x2a) {
0x00014194 bne 0x143b4 | goto label_15;
| }
0x00014198 ldrb r3, [r4, 1] | r3 = *((r4 + 1));
0x0001419c cmp r3, 0 |
| if (r3 != 0) {
0x000141a0 bne 0x143b4 | goto label_15;
| }
| }
0x000141a4 mov r0, r4 | r0 = r4;
0x000141a8 bl 0x10d4 | r0 = strlen (r0);
0x000141ac add r0, r0, 1 | r0++;
0x000141b0 add r7, r4, r0 | r7 = r4 + r0;
| }
0x000141b4 ldrb r3, [r7] | r3 = *(r7);
0x000141b8 cmp r3, 0 |
| if (r3 != 0) {
0x000141bc ldreq r7, [pc, 0x230] | r7 = "bcO_cGI9:4QacjH_9_X3_N_LhcictM_L3_jckcZPFZ7_GJRVNdclcrIA3gccFec3mfc3IfE59_CccE_AYBW2mc__DpcZ_cucS:P7MSNVSUA94UXQ9PvGH42ZCnccoc_7wctc:7_Evc_E_2F_D_Wa_yczcc_Lsc_SC14mqcrcxc:PCFsTc_ddsQd_dwH4O_d.deB46r_di:d_d6V2d_d_dn__M_GIEwA_d3G__dGWb";
| }
| if (r3 != 0) {
0x000141c0 addeq r7, pc, r7 | r7 = pc + r7;
| }
0x000141c4 mov r0, r7 | r0 = r7;
0x000141c8 add sp, sp, 0x7c |
0x000141cc pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_14:
0x000141d0 ldr r1, [pc, 0x220] | r1 = "bcO_cGI9:4QacjH_9_X3_N_LhcictM_L3_jckcZPFZ7_GJRVNdclcrIA3gccFec3mfc3IfE59_CccE_AYBW2mc__DpcZ_cucS:P7MSNVSUA94UXQ9PvGH42ZCnccoc_7wctc:7_Evc_E_2F_D_Wa_yczcc_Lsc_SC14mqcrcxc:PCFsTc_ddsQd_dwH4O_d.deB46r_di:d_d6V2d_d_dn__M_GIEwA_d3G__dGWb";
0x000141d4 add r1, pc, r1 | r1 = pc + r1;
0x000141d8 bl 0x1080 | r0 = fdopen ();
0x000141dc subs r5, r0, 0 | r5 = r0 - 0;
| if (r5 != r0) {
0x000141e0 bne 0x141f8 | goto label_16;
| }
0x000141e4 mov r0, r4 | r0 = r4;
0x000141e8 ldr r4, [pc, 0x20c] | r4 = *(0x143f8);
0x000141ec bl 0x10ec | close (r0);
0x000141f0 add r4, pc, r4 | r4 = pc + r4;
0x000141f4 b 0x1415c |
| } while (1);
| label_16:
0x000141f8 add r3, sp, 0x44 | r3 += var_44h;
0x000141fc str r3, [sp, 4] | var_4h = r3;
0x00014200 ldr r3, [pc, 0x1f8] | r3 = *(0x143fc);
0x00014204 mov r6, 0 | r6 = 0;
0x00014208 add r3, pc, r3 | r3 = pc + r3;
0x0001420c mov r4, r6 | r4 = r6;
0x00014210 add fp, sp, 0x10 |
0x00014214 str r3, [sp, 0xc] | format = r3;
0x00014218 b 0x1430c | goto label_17;
| label_3:
0x0001421c mov r0, r5 | r0 = r5;
0x00014220 bl 0x10bc | fgetc (r0);
0x00014224 b 0x1433c | goto label_18;
| label_6:
0x00014228 mov r0, r5 | r0 = r5;
0x0001422c bl 0x10bc | fgetc (r0);
0x00014230 b 0x1438c | goto label_19;
| label_5:
0x00014234 mov r1, r5 | r1 = r5;
0x00014238 bl 0xfd8 | ungetc (r0, r1);
0x0001423c ldr r3, [sp, 4] | r3 = var_4h;
0x00014240 mov r2, fp | r2 = fp;
0x00014244 ldr r1, [sp, 0xc] | r1 = format;
0x00014248 mov r0, r5 | r0 = r5;
0x0001424c bl 0xffc | r0 = fscanf (r0, r1, r2, r3);
0x00014250 cmp r0, 1 |
| if (r0 > 1) {
0x00014254 ble 0x142a8 |
0x00014258 mov r0, fp | r0 = fp;
0x0001425c bl 0x10d4 | strlen (r0);
0x00014260 str r0, [sp, 8] | dest = r0;
0x00014264 ldr r0, [sp, 4] | r0 = var_4h;
0x00014268 bl 0x10d4 | strlen (r0);
0x0001426c ldr r3, [sp, 8] | r3 = dest;
0x00014270 cmp r6, 0 |
0x00014274 mov r8, r0 | r8 = r0;
0x00014278 add r0, r3, r0 | r0 = r3 + r0;
| if (r6 != 0) {
0x0001427c bne 0x142c4 | goto label_20;
| }
0x00014280 add r6, r0, 2 | r6 = r0 + 2;
0x00014284 add r0, r0, 3 | r0 += 3;
0x00014288 bl 0x1020 | r0 = malloc (r0);
| label_2:
0x0001428c cmp r0, 0 |
0x00014290 mov sl, r0 | sl = r0;
| if (r0 != 0) {
0x00014294 bne 0x142dc | goto label_21;
| }
0x00014298 mov r0, r4 | r0 = r4;
0x0001429c bl 0x1104 | free (r0);
0x000142a0 mov r4, sl | r4 = sl;
0x000142a4 mov r6, sl | r6 = sl;
| }
| label_4:
0x000142a8 mov r0, r5 | r0 = r5;
0x000142ac bl 0x1098 | fclose (r0);
0x000142b0 cmp r6, 0 |
| if (r6 == 0) {
0x000142b4 beq 0x14154 | goto label_0;
| }
0x000142b8 mov r3, 0 | r3 = 0;
0x000142bc strb r3, [r4, r6] | *((r4 + r6)) = r3;
0x000142c0 b 0x1415c | goto label_1;
| label_20:
0x000142c4 add r1, r6, r0 | r1 = r6 + r0;
0x000142c8 add r6, r1, 2 | r6 = r1 + 2;
0x000142cc mov r0, r4 | r0 = r4;
0x000142d0 add r1, r1, 3 | r1 += 3;
0x000142d4 bl 0x1068 | realloc (r0, r1);
0x000142d8 b 0x1428c | goto label_2;
| label_21:
0x000142dc ldr r3, [sp, 8] | r3 = dest;
0x000142e0 sub r8, r6, r8 | r8 = r6 - r8;
0x000142e4 sub r0, r8, r3 | r0 = r8 - r3;
0x000142e8 sub r0, r0, 2 | r0 -= 2;
0x000142ec mov r1, fp | r1 = fp;
0x000142f0 add r0, sl, r0 | r0 = sl + r0;
0x000142f4 sub r8, r8, 1 | r8--;
0x000142f8 bl 0xfcc | strcpy (r0, r1)
0x000142fc ldr r1, [sp, 4] | r1 = var_4h;
0x00014300 add r0, sl, r8 | r0 = sl + r8;
0x00014304 bl 0xfcc | strcpy (r0, r1)
| label_8:
0x00014308 mov r4, sl | r4 = sl;
| label_17:
0x0001430c ldr r3, [r5, 0x34] | r3 = *((r5 + 0x34));
0x00014310 cmp r3, 0 |
| if (r3 == 0) {
0x00014314 beq 0x1421c | goto label_3;
| }
0x00014318 ldr r3, [r5, 0x10] | r3 = *((r5 + 0x10));
0x0001431c ldr r2, [r5, 0x18] | r2 = *((r5 + 0x18));
0x00014320 cmp r3, r2 |
| if (r3 >= r2) {
0x00014324 addlo r2, r3, 1 | r2 = r3 + 1;
| }
| if (r3 >= r2) {
0x00014328 strlo r2, [r5, 0x10] | *((r5 + 0x10)) = r2;
| }
| if (r3 >= r2) {
0x0001432c ldrblo r0, [r3] | r0 = *(r3);
| }
| if (r3 <= r2) {
0x00014330 blo 0x14344 | goto label_22;
| }
0x00014334 mov r0, r5 | r0 = r5;
0x00014338 bl 0x102c | r0 = fgetc_unlocked ();
| label_18:
0x0001433c cmn r0, 1 |
| if (r0 == 1) {
0x00014340 beq 0x142a8 | goto label_4;
| }
| label_22:
0x00014344 sub r3, r0, 9 | r3 = r0 - 9;
0x00014348 cmp r0, 0x20 |
0x0001434c cmpne r3, 1 | __asm ("cmpne r3, 1");
| if (r0 < 0x20) {
0x00014350 bls 0x143a0 | goto label_23;
| }
0x00014354 cmp r0, 0x23 |
| if (r0 != 0x23) {
0x00014358 bne 0x14234 | goto label_5;
| }
| label_7:
0x0001435c ldr r3, [r5, 0x34] | r3 = *((r5 + 0x34));
0x00014360 cmp r3, 0 |
| if (r3 == 0) {
0x00014364 beq 0x14228 | goto label_6;
| }
0x00014368 ldr r3, [r5, 0x10] | r3 = *((r5 + 0x10));
0x0001436c ldr r2, [r5, 0x18] | r2 = *((r5 + 0x18));
0x00014370 cmp r3, r2 |
| if (r3 >= r2) {
0x00014374 addlo r2, r3, 1 | r2 = r3 + 1;
| }
| if (r3 >= r2) {
0x00014378 strlo r2, [r5, 0x10] | *((r5 + 0x10)) = r2;
| }
| if (r3 >= r2) {
0x0001437c ldrblo r0, [r3] | r0 = *(r3);
| }
| if (r3 > r2) {
0x00014380 blo 0x1438c |
0x00014384 mov r0, r5 | r0 = r5;
0x00014388 bl 0x102c | r0 = fgetc_unlocked ();
| }
| label_19:
0x0001438c cmp r0, 0xa |
0x00014390 cmnne r0, 1 | __asm ("cmnne r0, 1");
| if (r0 != 0xa) {
0x00014394 bne 0x1435c | goto label_7;
| }
0x00014398 cmn r0, 1 |
| if (r0 == 1) {
0x0001439c beq 0x142a8 | goto label_4;
| }
| label_23:
0x000143a0 mov sl, r4 | sl = r4;
0x000143a4 b 0x14308 | goto label_8;
| label_13:
0x000143a8 ldr r4, [pc, 0x54] | r4 = *(0x14400);
0x000143ac add r4, pc, r4 | r4 = pc + r4;
0x000143b0 b 0x14164 | goto label_9;
| label_15:
0x000143b4 mov r0, r4 | r0 = r4;
0x000143b8 bl 0x10d4 | r0 = strlen (r0);
0x000143bc add r0, r0, 1 | r0++;
0x000143c0 add r4, r4, r0 | r4 += r0;
0x000143c4 mov r0, r4 | r0 = r4;
0x000143c8 bl 0x10d4 | r0 = strlen (r0);
0x000143cc add r0, r0, 1 | r0++;
0x000143d0 add r4, r4, r0 | r4 += r0;
0x000143d4 b 0x14170 | goto label_10;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libiconv.so.2.6.0 @ 0x144b8 */
| #include <stdint.h>
|
; (fcn) fcn.000144b8 () | void fcn_000144b8 (int32_t arg1) {
| r0 = arg1;
0x000144b8 push {r4, r5, r6, r7, r8, lr} |
0x000144bc ldr r4, [pc, 0xb0] | r4 = *(0x14570);
0x000144c0 mov r7, r0 | r7 = r0;
0x000144c4 add r4, pc, r4 | r4 = pc + r4;
0x000144c8 ldr r1, [r4, 8] | r1 = *(0x14578);
0x000144cc cmp r1, 0 |
0x000144d0 bne 0x144e0 |
| while (r5 == 0) {
| label_0:
0x000144d4 mov r4, r7 | r4 = r7;
| label_1:
0x000144d8 mov r0, r4 | r0 = r4;
0x000144dc pop {r4, r5, r6, r7, r8, pc} |
0x000144e0 ldr r5, [r4, 0xc] | r5 = *((r4 + 0xc));
0x000144e4 cmp r5, 0 |
0x000144e8 beq 0x144d4 |
| }
0x000144ec ldr r6, [r4] | r6 = *(r4);
0x000144f0 mov r2, r6 | r2 = r6;
0x000144f4 bl 0x105c | r0 = strncmp (r0, r1, r2);
0x000144f8 cmp r0, 0 |
| if (r0 != 0) {
0x000144fc bne 0x144d4 | goto label_0;
| }
0x00014500 ldrb r3, [r7, r6] | r3 = *((r7 + r6));
0x00014504 add r8, r7, r6 | r8 = r7 + r6;
0x00014508 cmp r3, 0 |
| if (r3 != 0) {
0x0001450c bne 0x14534 | goto label_3;
| }
0x00014510 mov r0, r5 | r0 = r5;
0x00014514 bl 0x10d4 | r0 = strlen (r0);
0x00014518 add r0, r0, 1 | r0++;
0x0001451c bl 0x1020 | r0 = malloc (r0);
0x00014520 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 != r0) {
0x00014524 movne r1, r5 | r1 = r5;
| goto label_4;
| }
| if (r4 == r0) {
| label_4:
0x00014528 beq 0x144d4 | goto label_0;
| }
| label_2:
0x0001452c bl 0xfcc | strcpy (r0, r1)
0x00014530 b 0x144d8 | goto label_1;
| label_3:
0x00014534 cmp r3, 0x2f |
| if (r3 != 0x2f) {
0x00014538 bne 0x144d4 | goto label_0;
| }
0x0001453c mov r0, r8 | r0 = r8;
0x00014540 bl 0x10d4 | strlen (r0);
0x00014544 ldr r6, [r4, 4] | r6 = *((r4 + 4));
0x00014548 add r3, r6, 1 | r3 = r6 + 1;
0x0001454c add r0, r3, r0 | r0 = r3 + r0;
0x00014550 bl 0x1020 | r0 = malloc (r0);
0x00014554 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 == r0) {
0x00014558 beq 0x144d4 | goto label_0;
| }
0x0001455c mov r1, r5 | r1 = r5;
0x00014560 mov r2, r6 | r2 = r6;
0x00014564 bl 0x1008 | memcpy (r0, r1, r2);
0x00014568 mov r1, r8 | r1 = r8;
0x0001456c add r0, r4, r6 | r0 = r4 + r6;
0x00014570 b 0x1452c | goto label_2;
| }
[*] Function strcpy used 4 times libiconv.so.2.6.0
