[*] Binary protection state of libxt_tcp.so
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function printf tear down of libxt_tcp.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libxt_tcp.so @ 0xc0c */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00000c0c () | void fcn_00000c0c (int32_t arg1) {
| r0 = arg1;
0x00000c0c push {r4, r5, r6, r7, r8, lr} |
0x00000c10 ldr r6, [pc, 0x84] |
0x00000c14 ldr r8, [pc, 0x84] | r8 = *(0xc9c);
0x00000c18 add r6, pc, r6 | r6 = pc + r6;
0x00000c1c mov r4, r0 | r4 = r0;
0x00000c20 mov r3, 0 | r3 = 0;
0x00000c24 add r6, r6, 0x30 | r6 = 0xcc8;
0x00000c28 add r8, pc, r8 | r8 = pc + r8;
| label_0:
0x00000c2c cmp r4, 0 |
| if (r4 != 0) {
0x00000c30 bne 0xc94 | goto label_2;
| }
0x00000c34 cmp r3, 0 |
0x00000c38 popne {r4, r5, r6, r7, r8, pc} |
0x00000c3c ldr r0, [pc, 0x60] | r0 = *(0xca0);
0x00000c40 pop {r4, r5, r6, r7, r8, lr} |
0x00000c44 add r0, pc, r0 | r0 = pc + r0;
0x00000c48 b 0x6b4 | void (*0x6b4)() ();
| do {
0x00000c4c add r2, r2, 1 | r2++;
| label_1:
0x00000c50 lsl r5, r2, 3 | r5 = r2 << 3;
0x00000c54 add r1, r6, r5 | r1 = r6 + r5;
0x00000c58 ldr r7, [r1, 4] | r7 = *((r1 + 4));
0x00000c5c tst r4, r7 |
0x00000c60 beq 0xc4c |
| } while ((r4 & r7) == 0);
0x00000c64 cmp r3, 0 |
| if (r3 != 0) {
0x00000c68 beq 0xc74 |
0x00000c6c mov r0, 0x2c | r0 = 0x2c;
0x00000c70 bl 0x6a8 | putchar (r0);
| }
0x00000c74 ldr r0, [pc, 0x2c] | r0 = *(0xca4);
0x00000c78 add r5, r8, r5 | r5 = r8 + r5;
0x00000c7c ldr r1, [r5, 0x30] | r1 = *((r5 + 0x30));
0x00000c80 add r0, pc, r0 | r0 = pc + r0;
0x00000c84 bl 0x6b4 | printf (r0, r1, r2, r3, r4, r5)
0x00000c88 bic r4, r4, r7 | r4 = BIT_MASK (r4, r7);
0x00000c8c mov r3, 1 | r3 = 1;
0x00000c90 b 0xc2c | goto label_0;
| label_2:
0x00000c94 mov r2, 0 | r2 = 0;
0x00000c98 b 0xc50 | goto label_1;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libxt_tcp.so @ 0xe40 */
| #include <stdint.h>
|
; (fcn) fcn.00000e40 () | void fcn_00000e40 (int32_t arg1, uint32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00000e40 cmp r1, 0 |
0x00000e44 push {r4, lr} |
0x00000e48 mov r4, r0 | r4 = r0;
0x00000e4c beq 0xe64 |
| while (r0 == 0) {
| label_0:
0x00000e50 ldr r0, [pc, 0x48] | r0 = *(0xe9c);
0x00000e54 mov r1, r4 | r1 = r4;
0x00000e58 add r0, pc, r0 | r0 = pc + r0;
| label_1:
0x00000e5c pop {r4, lr} |
0x00000e60 b 0x6b4 | void (*0x6b4)() ();
0x00000e64 lsr r0, r0, 8 | r0 >>= 8;
0x00000e68 ldr r1, [pc, 0x34] | r1 = *(0xea0);
0x00000e6c orr r0, r0, r4, lsl 8 | r0 |= (r4 << 8);
0x00000e70 lsl r0, r0, 0x10 | r0 <<= 0x10;
0x00000e74 add r1, pc, r1 | r1 = pc + r1;
0x00000e78 lsr r0, r0, 0x10 | r0 >>= 0x10;
0x00000e7c bl 0x714 | r0 = getservbyport ();
0x00000e80 cmp r0, 0 |
0x00000e84 beq 0xe50 |
| }
0x00000e88 ldr r1, [r0] | r1 = *(r0);
0x00000e8c cmp r1, 0 |
| if (r1 == 0) {
0x00000e90 beq 0xe50 | goto label_0;
| }
0x00000e94 ldr r0, [pc, 0xc] | r0 = *(0xea4);
0x00000e98 add r0, pc, r0 | r0 = pc + r0;
0x00000e9c b 0xe5c | goto label_1;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libxt_tcp.so @ 0xeac */
| #include <stdint.h>
|
; (fcn) fcn.00000eac () | void fcn_00000eac (int32_t arg_18h, int32_t arg1, uint32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00000eac push {r4, r5, r6, r7, r8, lr} |
0x00000eb0 ldr r6, [sp, 0x18] | r6 = *(arg_18h);
0x00000eb4 subs ip, r3, 0 |
| if (ip != r3) {
0x00000eb8 bne 0xf28 | goto label_1;
| }
0x00000ebc ldr r7, [pc, 0x9c] | r7 = *(0xf5c);
0x00000ec0 add r7, pc, r7 | r7 = pc + r7;
| do {
0x00000ec4 ldr r3, [pc, 0x98] | r3 = *(0xf60);
0x00000ec8 subs r3, r2, r3 | r3 = r2 - r3;
| if (r3 == r2) {
0x00000ecc movne r3, 1 | r3 = 1;
| }
0x00000ed0 cmp r1, 0 |
| if (r1 == 0) {
0x00000ed4 movne r3, 1 | r3 = 1;
| }
0x00000ed8 cmp ip, 0 |
| if (ip == 0) {
0x00000edc movne r3, 1 | r3 = 1;
| }
0x00000ee0 cmp r3, 0 |
0x00000ee4 popeq {r4, r5, r6, r7, r8, pc} |
0x00000ee8 mov r4, r1 | r4 = r1;
0x00000eec mov r1, r0 | r1 = r0;
0x00000ef0 ldr r0, [pc, 0x70] | r0 = *(0xf64);
0x00000ef4 mov r5, r2 | r5 = r2;
0x00000ef8 add r0, pc, r0 | r0 = pc + r0;
0x00000efc bl 0x6b4 | printf (r0, r1, r2, r3, r4, r5)
0x00000f00 cmp r4, r5 |
0x00000f04 mov r1, r7 | r1 = r7;
| if (r4 != r5) {
0x00000f08 bne 0xf34 | goto label_2;
| }
0x00000f0c ldr r0, [pc, 0x58] | r0 = *(0xf68);
0x00000f10 add r0, pc, r0 | r0 = pc + r0;
0x00000f14 bl 0x6b4 | printf (r0)
0x00000f18 mov r1, r6 | r1 = r6;
0x00000f1c mov r0, r4 | r0 = r4;
| label_0:
0x00000f20 pop {r4, r5, r6, r7, r8, lr} |
0x00000f24 b 0xe40 | void (*0xe40)() ();
| label_1:
0x00000f28 ldr r7, [pc, 0x40] | r7 = *(0xf6c);
0x00000f2c add r7, pc, r7 | r7 = pc + r7;
0x00000f30 b 0xec4 |
| } while (1);
| label_2:
0x00000f34 ldr r0, [pc, 0x38] | r0 = *(0xf70);
0x00000f38 add r0, pc, r0 | r0 = pc + r0;
0x00000f3c bl 0x6b4 | printf (r0)
0x00000f40 mov r1, r6 | r1 = r6;
0x00000f44 mov r0, r4 | r0 = r4;
0x00000f48 bl 0xe40 | fcn_00000e40 (r0, r1);
0x00000f4c mov r0, 0x3a | r0 = 0x3a;
0x00000f50 bl 0x6a8 | putchar (r0);
0x00000f54 mov r1, r6 | r1 = r6;
0x00000f58 mov r0, r5 | r0 = r5;
0x00000f5c b 0xf20 | goto label_0;
| }
[*] Function printf used 5 times libxt_tcp.so
