[*] Binary protection state of openssl
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of openssl
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/bin/openssl @ 0x34fe8 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00034fe8 () | void fcn_00034fe8 (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00034fe8 push {r4, r5, r6, r7, r8, sb, sl, lr} |
0x00034fec mov r6, r0 | r6 = r0;
0x00034ff0 mov r0, r2 | r0 = r2;
0x00034ff4 mov sb, r1 | sb = r1;
0x00034ff8 mov r7, r2 | r7 = r2;
0x00034ffc bl 0x24eec | strlen (r0);
0x00035000 ldr r4, [r6] | r4 = *(r6);
0x00035004 cmp r4, 0 |
| if (r4 != 0) {
0x00035008 bne 0x3503c | goto label_0;
| }
0x0003500c add r0, r0, 0x100 | r0 += 0x100;
0x00035010 bic r0, r0, 0xff | r0 = BIT_MASK (r0, 0xff);
0x00035014 str r0, [sb] | *(sb) = r0;
0x00035018 ldr r1, [pc, 0xb0] | r1 = *(0x350cc);
0x0003501c bl 0x5d7f8 | r0 = fcn_0005d7f8 (r0, r1);
0x00035020 mov r4, r0 | r4 = r0;
0x00035024 str r0, [r6] | *(r6) = r0;
| do {
0x00035028 mov r1, r7 | r1 = r7;
0x0003502c mov r0, r4 | r0 = r4;
0x00035030 bl 0x27a84 | strcpy (r0, r1)
0x00035034 mov r0, 1 | r0 = 1;
0x00035038 pop {r4, r5, r6, r7, r8, sb, sl, pc} |
| label_0:
0x0003503c add r5, r0, 1 | r5 = r0 + 1;
0x00035040 mov r0, r4 | r0 = r4;
0x00035044 bl 0x24eec | r0 = strlen (r0);
0x00035048 subs r8, r0, 0 | r8 = r0 - 0;
| if (r8 == r0) {
0x0003504c addne r3, r8, 2 | r3 = r8 + 2;
| }
| if (r8 == r0) {
0x00035050 addne r5, r5, r3 | r5 += r3;
| }
0x00035054 ldr r3, [sb] | r3 = *(sb);
0x00035058 cmp r3, r5 |
| if (r3 < r5) {
0x0003505c bge 0x350b0 |
0x00035060 add r5, r5, 0xff | r5 += 0xff;
0x00035064 cmp r5, 0 |
0x00035068 add r1, r5, 0xff | r1 = r5 + 0xff;
| if (r5 >= 0) {
0x0003506c movlt r5, r1 | r5 = r1;
| }
0x00035070 bic r1, r5, 0xff | r1 = BIT_MASK (r5, 0xff);
0x00035074 mov r0, r4 | r0 = r4;
0x00035078 str r1, [sb] | *(sb) = r1;
0x0003507c mov r3, 0x43 | r3 = 0x43;
0x00035080 ldr r2, [pc, 0x4c] | r2 = "engine_buffer";
0x00035084 bl 0x25fa8 | r0 = CRYPTO_realloc ();
0x00035088 subs r4, r0, 0 | r4 = r0 - 0;
| if (r4 == r0) {
0x0003508c strne r4, [r6] | *(r6) = r4;
| }
| if (r4 != r0) {
0x00035090 bne 0x350b0 | goto label_1;
| }
0x00035094 ldr r0, [r6] | r0 = *(r6);
0x00035098 mov r2, 0x45 | r2 = 0x45;
0x0003509c ldr r1, [pc, 0x30] | r1 = "engine_buffer";
0x000350a0 bl 0x251d4 | CRYPTO_free ();
0x000350a4 str r4, [r6] | *(r6) = r4;
0x000350a8 mov r0, r4 | r0 = r4;
0x000350ac pop {r4, r5, r6, r7, r8, sb, sl, pc} |
| }
| label_1:
0x000350b0 cmp r8, 0 |
| if (r8 == 0) {
0x000350b4 movne r2, 0x2c | r2 = 0x2c;
| }
| if (r8 == 0) {
0x000350b8 strbne r2, [r4, r8] | *((r4 + r8)) = r2;
| }
| if (r8 == 0) {
0x000350bc addne r3, r4, r8 | r3 = r4 + r8;
| }
| if (r8 == 0) {
0x000350c0 movne r2, 0x20 | r2 = 0x20;
| }
| if (r8 == 0) {
0x000350c4 addne r4, r3, 2 | r4 = r3 + 2;
| }
| if (r8 == 0) {
0x000350c8 strbne r2, [r3, 1] | *((r3 + 1)) = r2;
| }
0x000350cc b 0x35028 |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/bin/openssl @ 0x628fc */
| #include <stdint.h>
|
; (fcn) fcn.000628fc () | void fcn_000628fc (int32_t arg1) {
| int32_t var_4h;
| int32_t var_8h;
| int32_t var_ch;
| void * s;
| char * dest;
| int32_t var_17h;
| int8_t var_54h;
| int32_t var_64h;
| int32_t var_68h;
| int32_t var_6ch;
| int32_t var_0h;
| r0 = arg1;
0x000628fc push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x00062900 ldr r5, [pc, 0x234] | r5 = *(0x62b38);
0x00062904 mov r4, r0 | r4 = r0;
0x00062908 ldr sb, [r4], 0x10 | sb = *(r4);
| r4 += 0x10;
0x0006290c sub sp, sp, 0x6c |
0x00062910 mov r6, r4 | r6 = r4;
0x00062914 mov r7, 5 | r7 = 5;
0x00062918 add r5, pc, r5 | r5 = pc + r5;
| do {
0x0006291c ldr r0, [r6, -0x10] | r0 = *((r6 - 0x10));
0x00062920 cmp r0, 0 |
| if (r0 == 0) {
0x00062924 bne 0x62988 |
0x00062928 ldr r3, [pc, 0x210] | r3 = *(0x62b3c);
0x0006292c ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x00062930 cmp sb, r3 |
0x00062934 str r3, [sp, 4] | var_4h = r3;
| if (sb != r3) {
0x00062938 beq 0x6295c |
0x0006293c ldr r3, [pc, 0x200] | r3 = *(0x62b40);
0x00062940 ldr r2, [pc, 0x200] | r2 = *(0x62b44);
0x00062944 ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x00062948 ldr r1, [pc, 0x1fc] | r1 = *(0x62b48);
0x0006294c add r2, pc, r2 | r2 = pc + r2;
0x00062950 add r1, pc, r1 | r1 = pc + r1;
0x00062954 ldr r0, [r3] | r0 = *(0x62b40);
0x00062958 bl 0x23e48 | BIO_printf ();
| }
0x0006295c ldr r3, [pc, 0x1ec] | r3 = "et_certs";
0x00062960 add r3, pc, r3 | r3 = pc + r3;
0x00062964 str r3, [sp, 8] | var_8h = r3;
0x00062968 ldr r3, [pc, 0x1e4] | r3 = *(0x62b50);
0x0006296c add r3, pc, r3 | r3 = pc + r3;
0x00062970 str r3, [sp, 0xc] | var_ch = r3;
| label_0:
0x00062974 ldr r2, [r4, -0x10] | r2 = *((r4 - 0x10));
0x00062978 cmp r2, 0 |
| if (r2 != 0) {
0x0006297c bne 0x629e4 | goto label_2;
| }
0x00062980 add sp, sp, 0x6c |
0x00062984 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| }
0x00062988 ldr r3, [pc, 0x1c8] | r3 = "_DigestFinal_ex";
0x0006298c ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x00062990 cmp r0, r3 |
| if (r0 != r3) {
0x00062994 beq 0x629dc |
0x00062998 bl 0x24eec | r0 = strlen (r0);
0x0006299c mov r8, r0 | r8 = r0;
0x000629a0 add r3, r0, 2 | r3 = r0 + 2;
0x000629a4 ldr r0, [r6, -8] | r0 = *((r6 - 8));
0x000629a8 cmp r0, 0x2d |
| if (r0 != 0x2d) {
0x000629ac beq 0x629c0 |
0x000629b0 bl 0x61634 | r0 = fcn_00061634 (r0);
0x000629b4 bl 0x24eec | strlen (r0);
0x000629b8 add r3, r8, 3 | r3 = r8 + 3;
0x000629bc add r3, r3, r0 | r3 += r0;
| }
0x000629c0 cmp r3, 0x1d |
| if (r3 > 0x1d) {
0x000629c4 movle r2, 1 | r2 = 1;
| }
| if (r3 <= 0x1d) {
0x000629c8 movgt r2, 0 | r2 = 0;
| }
0x000629cc cmp r3, r7 |
| if (r3 > r7) {
0x000629d0 movle r2, 0 | r2 = 0;
| }
0x000629d4 cmp r2, 0 |
| if (r2 != 0) {
0x000629d8 movne r7, r3 | r7 = r3;
| goto label_3;
| }
| }
| label_3:
0x000629dc add r6, r6, 0x10 | r6 += 0x10;
0x000629e0 b 0x6291c |
| } while (1);
| label_2:
0x000629e4 ldr fp, [r4, -4] | fp = *((r4 - 4));
0x000629e8 ldr r3, [sp, 8] | r3 = var_8h;
0x000629ec cmp fp, 0 |
| if (fp != 0) {
0x000629f0 moveq fp, r3 |
| }
0x000629f4 ldr r3, [sp, 4] | r3 = var_4h;
0x000629f8 cmp r2, r3 |
0x000629fc ldr r2, [pc, 0x140] | r2 = *(0x62b40);
0x00062a00 ldr r8, [r5, r2] | r8 = *((r5 + r2));
| if (r2 != r3) {
0x00062a04 bne 0x62a24 | goto label_4;
| }
0x00062a08 ldr r2, [pc, 0x14c] | r2 = *(0x62b58);
0x00062a0c mov r1, fp | r1 = fp;
0x00062a10 add r2, pc, r2 | r2 = pc + r2;
0x00062a14 ldr r0, [r8] | r0 = *(r8);
0x00062a18 bl 0x23e48 | BIO_printf ();
| do {
0x00062a1c add r4, r4, 0x10 | r4 += 0x10;
0x00062a20 b 0x62974 | goto label_0;
| label_4:
0x00062a24 add r6, sp, 0x14 | r6 += s;
0x00062a28 mov r2, 0x50 | r2 = 0x50;
0x00062a2c mov r1, 0x20 | r1 = 0x20;
0x00062a30 mov r0, r6 | r0 = r6;
0x00062a34 bl 0x264c4 | memset (r0, r1, r2);
0x00062a38 ldr r1, [pc, 0x118] | r1 = "_DigestFinal_ex";
0x00062a3c mov r2, 0 | r2 = 0;
0x00062a40 strb r2, [sp, 0x64] | var_64h = r2;
0x00062a44 ldr r0, [r5, r1] | r0 = *((r5 + r1));
0x00062a48 ldr r1, [r4, -0x10] | r1 = *((r4 - 0x10));
0x00062a4c add r3, sp, 0x68 | r3 += var_68h;
0x00062a50 cmp r1, r0 |
0x00062a54 add sb, r3, r7 | sb = r3 + r7;
| if (r1 != r0) {
0x00062a58 bne 0x62a7c | goto label_5;
| }
0x00062a5c ldr r1, [pc, 0xfc] | r1 = *(0x62b5c);
0x00062a60 strb r2, [sb, -0x54] | var_54h = r2;
0x00062a64 mov r3, fp | r3 = fp;
0x00062a68 mov r2, r6 | r2 = r6;
0x00062a6c add r1, pc, r1 | r1 = pc + r1;
| label_1:
0x00062a70 ldr r0, [r8] | r0 = *(r8);
0x00062a74 bl 0x23e48 | BIO_printf ();
0x00062a78 b 0x62a1c |
| } while (1);
| label_5:
0x00062a7c ldr r3, [pc, 0xe0] | r3 = "d_PKCS8_bio";
0x00062a80 strh r3, [sp, 0x14] | s = r3;
0x00062a84 ldrb r2, [r1] | r2 = *(r1);
0x00062a88 cmp r2, 0 |
| if (r2 != 0) {
0x00062a8c moveq r2, 0x2a | r2 = 0x2a;
| }
| if (r2 != 0) {
0x00062a90 strbeq r2, [sp, 0x16] | dest = r2;
| }
| if (r2 != 0) {
0x00062a94 addeq r0, sp, 0x17 | r0 += var_17h;
| }
| if (r2 != 0) {
0x00062a98 beq 0x62ab0 |
0x00062a9c add sl, sp, 0x16 | sl += dest;
0x00062aa0 mov r0, sl | r0 = sl;
0x00062aa4 bl 0x27a84 | r0 = strcpy (r0, r1)
0x00062aa8 bl 0x24eec | r0 = strlen (r0);
0x00062aac add r0, sl, r0 | r0 = sl + r0;
| }
0x00062ab0 ldr r2, [r4, -8] | r2 = *((r4 - 8));
0x00062ab4 cmp r2, 0x2d |
| if (r2 != 0x2d) {
0x00062ab8 beq 0x62ae4 |
0x00062abc mov r2, 0x20 | r2 = 0x20;
0x00062ac0 strb r2, [r0] | *(r0) = r2;
0x00062ac4 add sl, r0, 1 | sl = r0 + 1;
0x00062ac8 ldr r0, [r4, -8] | r0 = *((r4 - 8));
0x00062acc bl 0x61634 | r0 = fcn_00061634 (r0);
0x00062ad0 mov r1, r0 | r1 = r0;
0x00062ad4 mov r0, sl | r0 = sl;
0x00062ad8 bl 0x27a84 | r0 = strcpy (r0, r1)
0x00062adc bl 0x24eec | r0 = strlen (r0);
0x00062ae0 add r0, sl, r0 | r0 = sl + r0;
| }
0x00062ae4 sub r2, r0, r6 | r2 = r0 - r6;
0x00062ae8 cmp r2, 0x1d |
| if (r2 > 0x1d) {
0x00062aec movle r2, 0x20 | r2 = 0x20;
| }
| if (r2 > 0x1d) {
0x00062af0 strble r2, [r0] | *(r0) = r2;
| }
| if (r2 > 0x1d) {
0x00062af4 ble 0x62b24 |
0x00062af8 ldr r1, [pc, 0x68] | r1 = *(0x62b64);
0x00062afc mov r2, 0 | r2 = 0;
0x00062b00 strb r2, [r0] | *(r0) = r2;
0x00062b04 add r1, pc, r1 | r1 = pc + r1;
0x00062b08 mov r2, r6 | r2 = r6;
0x00062b0c ldr r0, [r8] | r0 = *(r8);
0x00062b10 bl 0x23e48 | BIO_printf ();
0x00062b14 mov r2, 0x51 | r2 = 0x51;
0x00062b18 mov r1, 0x20 | r1 = 0x20;
0x00062b1c mov r0, r6 | r0 = r6;
0x00062b20 bl 0x264c4 | memset (r0, r1, r2);
| }
0x00062b24 mov r2, 0 | r2 = 0;
0x00062b28 strb r2, [sb, -0x54] | var_54h = r2;
0x00062b2c mov r3, fp | r3 = fp;
0x00062b30 mov r2, r6 | r2 = r6;
0x00062b34 ldr r1, [sp, 0xc] | r1 = var_ch;
0x00062b38 b 0x62a70 | goto label_1;
| }
[*] Function strcpy used 4 times openssl
