[*] Binary protection state of connmand-wait-online
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of connmand-wait-online
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/connmand-wait-online @ 0x11cd0 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main (int32_t argc, char ** argv) {
| char ** var_0h;
| int32_t var_4h;
| int32_t var_8h;
| int32_t var_ch;
| int32_t var_10h;
| int32_t var_14h;
| int32_t var_18h;
| int32_t var_1ch;
| int32_t var_2ch;
| r0 = argc;
| r1 = argv;
| /* [12] -r-x section size 7964 named .text */
0x00011cd0 push {r4, r5, lr} |
0x00011cd4 mov r4, 0 | r4 = 0;
0x00011cd8 sub sp, sp, 0x2c |
0x00011cdc str r0, [sp, 4] | var_4h = r0;
0x00011ce0 mov r0, r4 | r0 = r4;
0x00011ce4 str r1, [sp] | *(sp) = r1;
0x00011ce8 str r4, [sp, 8] | var_8h = r4;
0x00011cec str r4, [sp, 0x10] | var_10h = r4;
0x00011cf0 str r4, [sp, 0x14] | var_14h = r4;
0x00011cf4 bl 0x11934 | g_option_context_new ();
0x00011cf8 mov r2, r4 | r2 = r4;
0x00011cfc ldr r1, [pc, 0x268] | r1 = *(0x11f68);
0x00011d00 mov r5, r0 | r5 = r0;
0x00011d04 bl 0x11a18 | g_option_context_add_main_entries ();
0x00011d08 add r3, sp, 8 | r3 += var_8h;
0x00011d0c mov r2, sp | r2 = sp;
0x00011d10 add r1, sp, 4 | r1 += var_4h;
0x00011d14 mov r0, r5 | r0 = r5;
0x00011d18 bl 0x11b80 | r0 = g_option_context_parse ();
0x00011d1c cmp r0, r4 |
| if (r0 != r4) {
0x00011d20 bne 0x11d68 | goto label_2;
| }
0x00011d24 ldr r3, [sp, 8] | r3 = var_8h;
0x00011d28 ldr r2, [pc, 0x240] | r2 = "interface";
0x00011d2c cmp r3, r4 |
0x00011d30 ldr r0, [r2] | r0 = "interface";
| if (r3 == r4) {
0x00011d34 beq 0x11d58 | goto label_3;
| }
0x00011d38 ldr r2, [r3, 8] | r2 = *((r3 + 8));
0x00011d3c ldr r1, [pc, 0x230] | r1 = stderr;
0x00011d40 bl 0x11af0 | fprintf (r0, r1, r2)
0x00011d44 ldr r0, [sp, 8] | r0 = var_8h;
0x00011d48 bl 0x11bec | g_error_free ();
| do {
0x00011d4c mov r0, 0x5f | r0 = 0x5f;
| label_0:
0x00011d50 add sp, sp, 0x2c |
0x00011d54 pop {r4, r5, pc} |
| label_3:
0x00011d58 mov r1, r0 | r1 = r0;
0x00011d5c ldr r0, [pc, 0x214] | r0 = *(0x11f74);
0x00011d60 bl 0x11ba4 | fputs (r0, r1);
0x00011d64 b 0x11d4c |
| } while (1);
| label_2:
0x00011d68 ldr r4, [pc, 0x20c] | r4 = "An_unknown_error_occurred";
0x00011d6c mov r0, r5 | r0 = r5;
0x00011d70 bl 0x11a78 | g_option_context_free ();
0x00011d74 ldr r0, [r4, 0x10] | r0 = "1.36";
0x00011d78 cmp r0, 0 |
| if (r0 != 0) {
0x00011d7c beq 0x11d98 |
0x00011d80 mvn r2, 0 | r2 = ~0;
0x00011d84 ldr r1, [pc, 0x1f4] | r1 = *(0x11f7c);
0x00011d88 bl 0x11c58 | g_strsplit ();
0x00011d8c str r0, [sp, 0x10] | var_10h = r0;
0x00011d90 ldr r0, [r4, 0x10] | r0 = *((r4 + 0x10));
0x00011d94 bl 0x11b20 | g_free ();
| }
0x00011d98 ldr r0, [r4, 0x14] | r0 = *((r4 + 0x14));
0x00011d9c cmp r0, 0 |
| if (r0 != 0) {
0x00011da0 beq 0x11dbc |
0x00011da4 mvn r2, 0 | r2 = ~0;
0x00011da8 ldr r1, [pc, 0x1d0] | r1 = *(0x11f7c);
0x00011dac bl 0x11c58 | g_strsplit ();
0x00011db0 str r0, [sp, 0x14] | var_14h = r0;
0x00011db4 ldr r0, [r4, 0x14] | r0 = *((r4 + 0x14));
0x00011db8 bl 0x11b20 | g_free ();
| }
0x00011dbc ldr r5, [r4, 0x18] | r5 = *((r4 + 0x18));
0x00011dc0 cmp r5, 0 |
| if (r5 == 0) {
0x00011dc4 beq 0x11e08 | goto label_4;
| }
0x00011dc8 ldr r3, [pc, 0x1b4] | r3 = *(0x11f80);
0x00011dcc ldr r2, [pc, 0x1b4] | r2 = stdout;
0x00011dd0 ldr r1, [pc, 0x19c] | r1 = stderr;
0x00011dd4 ldr r0, [r3] | r0 = *(0x11f80);
0x00011dd8 bl 0x11af0 | fprintf (r0, r1, r2, r3)
0x00011ddc mov r5, 0 | r5 = 0;
| do {
0x00011de0 ldr r0, [sp, 0x10] | r0 = var_10h;
0x00011de4 bl 0x118a4 | g_strfreev ();
0x00011de8 ldr r0, [sp, 0x14] | r0 = var_14h;
0x00011dec bl 0x118a4 | g_strfreev ();
0x00011df0 ldr r0, [r4, 8] | r0 = *((r4 + 8));
0x00011df4 cmp r0, 0 |
| if (r0 != 0) {
0x00011df8 beq 0x11e00 |
0x00011dfc bl 0x11c10 | g_source_remove ();
| }
0x00011e00 rsb r0, r5, 0 | r0 = r5 - ;
0x00011e04 b 0x11d50 | goto label_0;
| label_4:
0x00011e08 add r0, sp, 0x18 | r0 += var_18h;
0x00011e0c bl 0x118b0 | dbus_error_init ();
0x00011e10 mov r1, r5 | r1 = r5;
0x00011e14 add r2, sp, 0x18 | r2 += var_18h;
0x00011e18 mov r0, 1 | r0 = 1;
0x00011e1c bl 0x12afc | fcn_00012afc (r0);
0x00011e20 str r0, [r4, 0xc] | *((r4 + 0xc)) = r0;
0x00011e24 add r0, sp, 0x18 | r0 += var_18h;
0x00011e28 bl 0x118ec | dbus_error_is_set ();
0x00011e2c subs r5, r0, 0 | r5 -= var_18h;
| if (r5 == var_18h) {
0x00011e30 beq 0x11e58 | goto label_5;
| }
0x00011e34 ldr r3, [pc, 0x134] | r3 = "interface";
0x00011e38 ldr r2, [sp, 0x1c] | r2 = var_1ch;
0x00011e3c ldr r1, [pc, 0x148] | r1 = "1.36";
0x00011e40 ldr r0, [r3] | r0 = "interface";
0x00011e44 bl 0x11af0 | fprintf ("interface", "1.36", r2, "interface")
0x00011e48 mvn r5, 0x5b | r5 = ~0x5b;
| label_1:
0x00011e4c add r0, sp, 0x18 | r0 += var_18h;
0x00011e50 bl 0x11a3c | dbus_error_free ();
0x00011e54 b 0x11de0 |
| } while (1);
| label_5:
0x00011e58 mov r1, r5 | r1 = r5;
0x00011e5c bl 0x11b98 | g_main_loop_new ();
0x00011e60 mov r3, r5 | r3 = r5;
0x00011e64 add r2, sp, 0x10 | r2 += var_10h;
0x00011e68 ldr r1, [pc, 0x120] | r1 = "Error:__s";
0x00011e6c str r0, [r4, 4] | *((r4 + 4)) = r0;
0x00011e70 ldr r0, [r4, 0xc] | r0 = *((r4 + 0xc));
0x00011e74 bl 0x119b8 | dbus_connection_add_filter ();
0x00011e78 add r2, sp, 0x18 | r2 += var_18h;
0x00011e7c ldr r1, [pc, 0x110] | r1 = *(0x11f90);
0x00011e80 ldr r0, [r4, 0xc] | r0 = *((r4 + 0xc));
0x00011e84 bl 0x11bb0 | dbus_bus_add_match ();
0x00011e88 add r0, sp, 0x18 | r0 += var_18h;
0x00011e8c bl 0x118ec | dbus_error_is_set ();
0x00011e90 subs r2, r0, 0 | r2 -= var_18h;
| if (r2 == var_18h) {
0x00011e94 beq 0x11ee4 | goto label_6;
| }
0x00011e98 ldr r3, [pc, 0xd0] | r3 = "interface";
0x00011e9c ldr r2, [sp, 0x1c] | r2 = var_1ch;
0x00011ea0 ldr r1, [pc, 0xe4] | r1 = "1.36";
0x00011ea4 ldr r0, [r3] | r0 = "interface";
0x00011ea8 bl 0x11af0 | fprintf ("interface", "1.36", r2, "interface")
0x00011eac mvn r5, 0x5b | r5 = ~0x5b;
| do {
0x00011eb0 ldr r0, [r4, 0xc] | r0 = *((r4 + 0xc));
0x00011eb4 mov r2, 0 | r2 = 0;
0x00011eb8 ldr r1, [pc, 0xd4] | r1 = *(0x11f90);
0x00011ebc bl 0x11b14 | dbus_bus_remove_match ();
0x00011ec0 add r2, sp, 0x10 | r2 += var_10h;
0x00011ec4 ldr r1, [pc, 0xc4] | r1 = "Error:__s";
0x00011ec8 ldr r0, [r4, 0xc] | r0 = *((r4 + 0xc));
0x00011ecc bl 0x11a0c | dbus_connection_remove_filter ();
0x00011ed0 ldr r0, [r4, 0xc] | r0 = *((r4 + 0xc));
0x00011ed4 bl 0x119c4 | dbus_connection_unref ();
0x00011ed8 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x00011edc bl 0x118e0 | g_main_loop_unref ();
0x00011ee0 b 0x11e4c | goto label_1;
| label_6:
0x00011ee4 ldr r3, [pc, 0x80] | r3 = *(0x11f68);
0x00011ee8 ldr r0, [r3, 0x8c] | r0 = *(0x11ff4);
0x00011eec cmp r0, 0 |
| if (r0 != 0) {
0x00011ef0 beq 0x11f00 |
0x00011ef4 ldr r1, [pc, 0x9c] | r1 = "type='signal',interface='net.connman.Manager';
0x00011ef8 bl 0x11940 | g_timeout_add_seconds ();
0x00011efc str r0, [r4, 8] | *((r4 + 8)) = r0;
| }
0x00011f00 ldr r3, [pc, 0x94] | r3 = *(0x11f98);
0x00011f04 ldr r2, [pc, 0x94] | r2 = "GetProperties";
0x00011f08 ldr r1, [pc, 0x94] | r1 = "net.connman.Manager";
0x00011f0c ldr r0, [pc, 0x94] | r0 = *(0x11fa4);
0x00011f10 bl 0x11a30 | r0 = dbus_message_new_method_call ();
0x00011f14 subs r5, r0, 0 | r5 = r0 - 0;
| if (r5 != r0) {
0x00011f18 beq 0x11f5c |
0x00011f1c mvn r3, 0 | r3 = ~0;
0x00011f20 add r2, sp, 0xc | r2 += var_ch;
0x00011f24 mov r1, r5 | r1 = r5;
0x00011f28 ldr r0, [r4, 0xc] | r0 = *((r4 + 0xc));
0x00011f2c bl 0x11c28 | r0 = dbus_connection_send_with_reply ();
0x00011f30 cmp r0, 0 |
| if (r0 != 0) {
0x00011f34 beq 0x11f54 |
0x00011f38 ldr r0, [sp, 0xc] | r0 = var_ch;
0x00011f3c cmp r0, 0 |
| if (r0 == 0) {
0x00011f40 beq 0x11f54 | goto label_7;
| }
0x00011f44 mov r3, 0 | r3 = 0;
0x00011f48 add r2, sp, 0x10 | r2 += var_10h;
0x00011f4c ldr r1, [pc, 0x58] | r1 = "net.connman";
0x00011f50 bl 0x11ac0 | dbus_pending_call_set_notify ();
| }
| label_7:
0x00011f54 mov r0, r5 | r0 = r5;
0x00011f58 bl 0x11b50 | dbus_message_unref ();
| }
0x00011f5c ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x00011f60 bl 0x11898 | g_main_loop_run ();
0x00011f64 ldr r5, [r4] | r5 = *(r4);
0x00011f68 b 0x11eb0 |
| } while (1);
| }
[*] Function fprintf used 5 times connmand-wait-online
