[*] Binary protection state of libdbus-1.so.3.19.8
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of libdbus-1.so.3.19.8
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libdbus-1.so.3.19.8 @ 0x30ea8 */
| #include <stdint.h>
|
; (fcn) fcn.00030ea8 () | void fcn_00030ea8 (int32_t arg1, int32_t arg2) {
| int32_t var_0h;
| int32_t fildes;
| int32_t var_ch;
| int32_t var_14h;
| r0 = arg1;
| r1 = arg2;
0x00030ea8 push {r4, r5, r6, r7, r8, sb, lr} |
0x00030eac ldr r7, [pc, 0x1a4] | r7 = *(0x31054);
0x00030eb0 sub sp, sp, 0x14 |
0x00030eb4 add r8, sp, 8 | r8 += fildes;
0x00030eb8 mov r5, r0 | r5 = r0;
0x00030ebc mov sb, r1 | sb = r1;
0x00030ec0 mov r4, r2 | r4 = r2;
0x00030ec4 mov r3, r8 | r3 = r8;
0x00030ec8 mov r2, 0 | r2 = 0;
0x00030ecc ldr r1, [pc, 0x188] | r1 = *(0x31058);
0x00030ed0 mov r0, 1 | r0 = 1;
0x00030ed4 bl 0xb3b0 | socketpair ();
0x00030ed8 add r7, pc, r7 | r7 = pc + r7;
0x00030edc cmp r0, 0 |
| if (r0 >= 0) {
0x00030ee0 bge 0x30f5c | goto label_1;
| }
0x00030ee4 bl 0xb548 | r0 = errno_location ();
0x00030ee8 ldr r3, [r0] | r3 = *(r0);
0x00030eec mov r6, r0 | r6 = r0;
0x00030ef0 cmp r3, 0x5b |
0x00030ef4 cmpne r3, 0x16 | __asm ("cmpne r3, 0x16");
0x00030ef8 beq 0x30f30 |
| while (r0 < 0) {
0x00030efc ldr r0, [r6] | r0 = *(r6);
0x00030f00 bl 0xb56c | r0 = fcn_0000b56c ();
0x00030f04 mov r5, r0 | r5 = r0;
0x00030f08 ldr r0, [r6] | r0 = *(r6);
0x00030f0c bl 0xa6a8 | fcn_0000a6a8 ();
0x00030f10 ldr r2, [pc, 0x148] | r2 = *(0x3105c);
0x00030f14 mov r1, r5 | r1 = r5;
0x00030f18 add r2, pc, r2 | r2 = pc + r2;
0x00030f1c mov r3, r0 | r3 = r0;
0x00030f20 mov r0, r4 | r0 = r4;
0x00030f24 bl 0xb050 | fcn_0000b050 ();
| label_0:
0x00030f28 mvn r0, 0 | r0 = ~0;
0x00030f2c b 0x31050 | goto label_2;
0x00030f30 mov r1, 1 | r1 = 1;
0x00030f34 mov r3, r8 | r3 = r8;
0x00030f38 mov r2, 0 | r2 = 0;
0x00030f3c mov r0, r1 | r0 = r1;
0x00030f40 bl 0xb3b0 | r0 = socketpair ();
0x00030f44 cmp r0, 0 |
0x00030f48 blt 0x30efc |
| }
0x00030f4c ldr r0, [sp, 8] | r0 = fildes;
0x00030f50 bl 0xb704 | fcn_0000b704 ();
0x00030f54 ldr r0, [sp, 0xc] | r0 = var_ch;
0x00030f58 bl 0xb704 | fcn_0000b704 ();
| label_1:
0x00030f5c bl 0xaef4 | r0 = fork ();
0x00030f60 subs r6, r0, 0 | r6 = r0 - 0;
| if (r6 >= r0) {
0x00030f64 bge 0x30fb4 | goto label_3;
| }
0x00030f68 bl 0xb548 | r0 = errno_location ();
0x00030f6c mov r6, r0 | r6 = r0;
0x00030f70 ldr r0, [r0] | r0 = *(r0);
0x00030f74 bl 0xb56c | r0 = fcn_0000b56c ();
0x00030f78 mov r7, r0 | r7 = r0;
0x00030f7c ldr r0, [r6] | r0 = *(r6);
0x00030f80 bl 0xa6a8 | fcn_0000a6a8 ();
0x00030f84 ldr r2, [pc, 0xd8] | r2 = *(0x31060);
0x00030f88 mov r3, r5 | r3 = r5;
0x00030f8c add r2, pc, r2 | r2 = pc + r2;
0x00030f90 mov r1, r7 | r1 = r7;
0x00030f94 str r0, [sp] | *(sp) = r0;
0x00030f98 mov r0, r4 | r0 = r4;
0x00030f9c bl 0xb050 | fcn_0000b050 ();
0x00030fa0 ldr r0, [sp, 8] | r0 = fildes;
0x00030fa4 bl 0xb7a0 | close (r0);
0x00030fa8 ldr r0, [sp, 0xc] | r0 = var_ch;
| do {
0x00030fac bl 0xb7a0 | close (r0);
0x00030fb0 b 0x30f28 | goto label_0;
| if (r6 == r0) {
| label_3:
0x00030fb4 bne 0x31030 |
0x00030fb8 ldr r0, [sp, 8] | r0 = fildes;
0x00030fbc bl 0xb7a0 | close (r0);
0x00030fc0 mov r1, r6 | r1 = r6;
0x00030fc4 ldr r0, [sp, 0xc] | r0 = var_ch;
0x00030fc8 bl 0xa6cc | dup2 ();
0x00030fcc mov r1, 1 | r1 = 1;
0x00030fd0 ldr r0, [sp, 0xc] | r0 = var_ch;
0x00030fd4 bl 0xa6cc | dup2 ();
0x00030fd8 ldr r0, [sp, 0xc] | r0 = var_ch;
0x00030fdc cmp r0, 1 |
| if (r0 >= 1) {
0x00030fe0 bls 0x30fe8 |
0x00030fe4 bl 0xb7a0 | r0 = close (r0);
| }
0x00030fe8 bl 0xa810 | fcn_0000a810 ();
0x00030fec mov r1, sb | r1 = sb;
0x00030ff0 mov r0, r5 | r0 = r5;
0x00030ff4 bl 0xb6d4 | execvp ();
0x00030ff8 ldr r3, [pc, 0x68] | r3 = "dbus_getuid";
0x00030ffc ldr r3, [r7, r3] | r3 = *((r7 + r3));
0x00031000 ldr r4, [r3] | r4 = "dbus_getuid";
0x00031004 bl 0xb548 | r0 = errno_location ();
0x00031008 ldr r0, [r0] | r0 = *(r0);
0x0003100c bl 0xa6a8 | fcn_0000a6a8 ();
0x00031010 ldr r1, [pc, 0x54] | r1 = *(0x31068);
0x00031014 mov r2, r5 | r2 = r5;
0x00031018 add r1, pc, r1 | r1 = pc + r1;
0x0003101c mov r3, r0 | r3 = r0;
0x00031020 mov r0, r4 | r0 = r4;
0x00031024 bl 0xaaec | fprintf (r0, r1, r2, r3)
0x00031028 mov r0, 1 | r0 = 1;
0x0003102c bl 0xb620 | exit (r0);
| }
0x00031030 ldr r0, [sp, 0xc] | r0 = var_ch;
0x00031034 bl 0xb7a0 | close (r0);
0x00031038 mov r1, r4 | r1 = r4;
0x0003103c ldr r0, [sp, 8] | r0 = fildes;
0x00031040 bl 0x2eb6c | r0 = fcn_0002eb6c (r0, r1);
0x00031044 cmp r0, 0 |
0x00031048 ldr r0, [sp, 8] | r0 = fildes;
0x0003104c beq 0x30fac |
| } while (r0 == 0);
| label_2:
0x00031050 add sp, sp, 0x14 |
0x00031054 pop {r4, r5, r6, r7, r8, sb, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libdbus-1.so.3.19.8 @ 0x323c8 */
| #include <stdint.h>
|
; (fcn) sym._dbus_abort () | void dbus_abort () {
0x000323c8 push {r4, lr} |
0x000323cc bl 0xb074 | fcn_0000b074 ();
0x000323d0 ldr r0, [pc, 0x50] | r0 = *(0x32424);
0x000323d4 ldr r4, [pc, 0x50] | r4 = "ge_get_path";
0x000323d8 add r0, pc, r0 | r0 = pc + r0;
0x000323dc bl 0xaa2c | fcn_0000aa2c ();
0x000323e0 add r4, pc, r4 | r4 = pc + r4;
0x000323e4 cmp r0, 0 |
| if (r0 != 0) {
0x000323e8 beq 0x32424 |
0x000323ec ldrb r3, [r0] | r3 = *(r0);
0x000323f0 cmp r3, 0 |
| if (r3 == 0) {
0x000323f4 beq 0x32424 | goto label_0;
| }
0x000323f8 ldr r3, [pc, 0x30] | r3 = *(0x3242c);
0x000323fc ldr r3, [r4, r3] | r3 = *((r4 + r3));
0x00032400 ldr r4, [r3] | r4 = *(0x3242c);
0x00032404 bl 0x2e8fc | fcn_0002e8fc ();
0x00032408 ldr r1, [pc, 0x24] | r1 = *(0x32430);
0x0003240c add r1, pc, r1 | r1 = pc + r1;
0x00032410 mov r2, r0 | r2 = r0;
0x00032414 mov r0, r4 | r0 = r4;
0x00032418 bl 0xaaec | fprintf (r0, r1, r2)
0x0003241c ldr r0, [pc, 0x14] | r0 = "dbus_message_set_path";
0x00032420 bl 0xad5c | fcn_0000ad5c ();
| }
| label_0:
0x00032424 bl 0xa948 | r0 = abort ();
| if (r3 != 0) {
0x00032428 andeq r7, r0, r2, lsr 7 | r7 = r0 & (r2 >> 7);
| }
| if (r3 != 0) {
0x0003242c andeq r7, r1, r8, lsl ip | r7 = r1 & (r8 << ip);
| }
| if (r3 != 0) {
0x00032430 andeq r0, r0, r4, lsl 15 | r0 &= (r4 << 15);
| }
| if (r3 != 0) {
0x00032434 andeq r7, r0, r2, lsl 7 | r7 = r0 & (r2 << 7);
| }
| /* Beware that this jump is a conditional jump.
| * r2dec transformed it as a return, due being the
| * last instruction. Please, check 'pdda' output
| * for more hints. */
0x00032438 andeq fp, r2, r0, lsr 30 | return void (*0x32439)() ();
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libdbus-1.so.3.19.8 @ 0x312a0 */
| #include <stdint.h>
|
; (fcn) sym._dbus_logv () | void dbus_logv (uint32_t arg1, int32_t arg2) {
| int32_t var_4h;
| int32_t var_ch;
| r0 = arg1;
| r1 = arg2;
0x000312a0 push {r0, r1, r2, r4, r5, r6, r7, lr} |
0x000312a4 ldr r6, [pc, 0x110] | r6 = *(0x313b8);
0x000312a8 mov r4, r2 | r4 = r2;
0x000312ac ldr r2, [pc, 0x10c] |
0x000312b0 add r6, pc, r6 | r6 = pc + r6;
0x000312b4 add r2, pc, r2 | r2 = pc + r2;
0x000312b8 ldr r2, [r2] | r2 = *(0x313bc);
0x000312bc mov r5, r1 | r5 = r1;
0x000312c0 tst r2, 2 |
| if ((r2 & 2) == 0) {
0x000312c4 beq 0x312fc | goto label_2;
| }
0x000312c8 cmp r0, 3 |
| if (r0 > 3) {
| /* switch table (4 cases) at 0x312d4 */
0x000312cc addls pc, pc, r0, lsl 2 | pc += (r0 << 2);
| }
0x000312d0 b 0x312e8 | goto label_0;
0x000312d4 b 0x312e4 | goto label_3;
0x000312d8 b 0x3138c | goto label_4;
0x000312dc b 0x31394 | goto label_5;
0x000312e0 b 0x3139c | goto label_6;
| label_3:
0x000312e4 mov r3, 0x1e | r3 = 0x1e;
| do {
| label_0:
0x000312e8 mov r2, r4 | r2 = r4;
0x000312ec mov r1, r5 | r1 = r5;
0x000312f0 mov r0, r3 | r0 = r3;
0x000312f4 str r4, [sp, 4] | var_4h = r4;
0x000312f8 bl 0xb5e4 | vsyslog ();
| label_2:
0x000312fc ldr r3, [pc, 0xc0] |
0x00031300 add r3, pc, r3 | r3 = pc + r3;
0x00031304 ldr r3, [r3] | r3 = *(0x313c0);
0x00031308 tst r3, 1 |
| if ((r3 & 1) != 0) {
0x0003130c beq 0x31384 |
0x00031310 ldr r3, [pc, 0xb0] | r3 = *(0x313c4);
0x00031314 str r4, [sp, 4] | var_4h = r4;
0x00031318 ldr r4, [r6, r3] | r4 = *((r6 + r3));
0x0003131c ldr r3, [pc, 0xa8] | r3 = *(0x313c8);
0x00031320 ldr r6, [r4] | r6 = *(r4);
0x00031324 ldr r7, [pc, r3] | r7 = *(0x0003132c);
0x00031328 bl 0xb464 | fcn_0000b464 ();
0x0003132c ldr r1, [pc, 0x9c] | r1 = *(0x313cc);
0x00031330 mov r2, r7 | r2 = r7;
0x00031334 add r1, pc, r1 | r1 = pc + r1;
0x00031338 mov r3, r0 | r3 = r0;
0x0003133c mov r0, r6 | r0 = r6;
0x00031340 bl 0xaaec | fprintf (r0, r1, r2, r3)
0x00031344 mov r1, r5 | r1 = r5;
0x00031348 ldr r2, [sp, 4] | r2 = var_4h;
0x0003134c ldr r0, [r4] | r0 = *(r4);
0x00031350 bl 0xb7dc | vfprintf (r0, r1, r2)
0x00031354 ldr r1, [r4] | r1 = *(r4);
0x00031358 ldr r3, [r1, 0x34] | r3 = *((r1 + 0x34));
0x0003135c cmp r3, 0 |
| if (r3 == 0) {
0x00031360 beq 0x313b0 | goto label_7;
| }
0x00031364 ldr r3, [r1, 0x10] | r3 = *((r1 + 0x10));
0x00031368 ldr r2, [r1, 0x1c] | r2 = *((r1 + 0x1c));
0x0003136c cmp r3, r2 |
| if (r3 >= r2) {
0x00031370 bhs 0x313a4 | goto label_8;
| }
0x00031374 add r2, r3, 1 | r2 = r3 + 1;
0x00031378 str r2, [r1, 0x10] | *((r1 + 0x10)) = r2;
0x0003137c mov r2, 0xa | r2 = 0xa;
0x00031380 strb r2, [r3] | *(r3) = r2;
| }
| label_1:
0x00031384 add sp, sp, 0xc |
0x00031388 pop {r4, r5, r6, r7, pc} |
| label_4:
0x0003138c mov r3, 0x1c | r3 = 0x1c;
0x00031390 b 0x312e8 |
| } while (1);
| label_5:
0x00031394 mov r3, 0x25 | r3 = 0x25;
0x00031398 b 0x312e8 | goto label_0;
| label_6:
0x0003139c mov r3, 0x1a | r3 = 0x1a;
0x000313a0 b 0x312e8 | goto label_0;
| label_8:
0x000313a4 mov r0, 0xa | r0 = 0xa;
0x000313a8 bl 0xb860 | fputc_unlocked ();
0x000313ac b 0x31384 | goto label_1;
| label_7:
0x000313b0 mov r0, 0xa | r0 = 0xa;
0x000313b4 bl 0xb320 | fputc (r0, r1);
0x000313b8 b 0x31384 | goto label_1;
| }
[*] Function fprintf used 5 times libdbus-1.so.3.19.8
