[*] Binary protection state of libwebsockets.so.15
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH Symbols
[*] Function sprintf tear down of libwebsockets.so.15
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/libwebsockets.so.15 @ 0x139f4 */
| #include <stdint.h>
|
; (fcn) sym.lws_generate_client_ws_handshake () | void lws_generate_client_ws_handshake (int32_t arg1, int32_t arg2) {
| int32_t var_4h;
| char * src;
| int32_t var_3fh;
| char * s;
| int32_t var_c0h;
| r0 = arg1;
| r1 = arg2;
0x000139f4 push {r4, r5, r6, r7, r8, lr} |
0x000139f8 sub sp, sp, 0xc0 |
0x000139fc add r6, sp, 4 | r6 += var_4h;
0x00013a00 mov r5, r0 | r5 = r0;
0x00013a04 mov r4, r1 | r4 = r1;
0x00013a08 mov r8, r2 | r8 = r2;
0x00013a0c mov r1, r6 | r1 = r6;
0x00013a10 mov r2, 0x10 | r2 = 0x10;
0x00013a14 ldr r0, [r0, 0xc0] | r0 = *((r0 + 0xc0));
0x00013a18 bl 0x70f8 | r0 = fcn_000070f8 ();
0x00013a1c cmp r0, 0x10 |
| if (r0 == 0x10) {
0x00013a20 beq 0x13a4c | goto label_0;
| }
0x00013a24 ldr r2, [pc, 0x128] | r2 = *(0x13b50);
0x00013a28 ldr r1, [pc, 0x128] | r1 = $d;
0x00013a2c add r2, pc, r2 | r2 = pc + r2;
0x00013a30 add r1, pc, r1 | r1 = pc + r1;
0x00013a34 mov r0, 1 | r0 = 1;
0x00013a38 bl 0x7254 | fcn_00007254 ();
0x00013a3c mov r4, 0 | r4 = 0;
| do {
0x00013a40 mov r0, r4 | r0 = r4;
0x00013a44 add sp, sp, 0xc0 |
0x00013a48 pop {r4, r5, r6, r7, r8, pc} |
| label_0:
0x00013a4c add r7, sp, 0x18 | r7 += src;
0x00013a50 mov r3, 0x28 | r3 = 0x28;
0x00013a54 mov r1, r0 | r1 = r0;
0x00013a58 mov r2, r7 | r2 = r7;
0x00013a5c mov r0, r6 | r0 = r6;
0x00013a60 bl 0x6ff0 | fcn_00006ff0 ();
0x00013a64 ldr r1, [pc, 0xf0] | r1 = *(0x13b58);
0x00013a68 mov r2, r8 | r2 = r8;
0x00013a6c add r1, pc, r1 | r1 = pc + r1;
0x00013a70 mov r0, r4 | r0 = r4;
0x00013a74 bl 0x72c0 | sprintf (r0, r1, r2)
0x00013a78 mov r1, r7 | r1 = r7;
0x00013a7c add r4, r4, r0 | r4 += r0;
0x00013a80 mov r0, r4 | r0 = r4;
0x00013a84 bl 0x765c | strcpy (r0, r1);
0x00013a88 mov r0, r7 | r0 = r7;
0x00013a8c bl 0x6d8c | strlen (r0);
0x00013a90 ldr r1, [pc, 0xc8] | r1 = *(0x13b5c);
0x00013a94 add r1, pc, r1 | r1 = pc + r1;
0x00013a98 add r4, r4, r0 | r4 += r0;
0x00013a9c mov r0, r4 | r0 = r4;
0x00013aa0 bl 0x765c | strcpy (r0, r1);
0x00013aa4 mov r1, 0x57 | r1 = 0x57;
0x00013aa8 mov r0, r5 | r0 = r5;
0x00013aac bl 0x10f20 | lws_hdr_simple_ptr ();
0x00013ab0 add r4, r4, 2 | r4 += 2;
0x00013ab4 cmp r0, 0 |
| if (r0 != 0) {
0x00013ab8 beq 0x13ae0 |
0x00013abc mov r1, 0x57 | r1 = 0x57;
0x00013ac0 mov r0, r5 | r0 = r5;
0x00013ac4 bl 0x10f20 | lws_hdr_simple_ptr ();
0x00013ac8 ldr r1, [pc, 0x94] | r1 = *(0x13b60);
0x00013acc add r1, pc, r1 | r1 = pc + r1;
0x00013ad0 mov r2, r0 | r2 = r0;
0x00013ad4 mov r0, r4 | r0 = r4;
0x00013ad8 bl 0x72c0 | r0 = sprintf (r0, r1, r2)
0x00013adc add r4, r4, r0 | r4 += r0;
| }
0x00013ae0 ldr r3, [r5, 0x60] | r3 = *((r5 + 0x60));
0x00013ae4 ldrb r2, [r3, 0xad] | r2 = *((r3 + 0xad));
0x00013ae8 cmp r2, 0 |
| if (r2 != 0) {
0x00013aec beq 0x13b04 |
0x00013af0 ldr r1, [pc, 0x70] | r1 = *(0x13b64);
0x00013af4 mov r0, r4 | r0 = r4;
0x00013af8 add r1, pc, r1 | r1 = pc + r1;
0x00013afc bl 0x72c0 | r0 = sprintf (r0, r1, r2)
0x00013b00 add r4, r4, r0 | r4 += r0;
| }
0x00013b04 ldr r1, [pc, 0x60] | r1 = *(0x13b68);
0x00013b08 mov r2, r7 | r2 = r7;
0x00013b0c add r7, sp, 0x40 | r7 += s;
0x00013b10 mov r3, 0 | r3 = 0;
0x00013b14 add r1, pc, r1 | r1 = pc + r1;
0x00013b18 mov r0, r7 | r0 = r7;
0x00013b1c strb r3, [sp, 0x3f] | var_3fh = r3;
0x00013b20 bl 0x72c0 | sprintf (r0, r1, r2)
0x00013b24 mov r2, r6 | r2 = r6;
0x00013b28 mov r1, r0 | r1 = r0;
0x00013b2c mov r0, r7 | r0 = r7;
0x00013b30 bl 0x7590 | fcn_00007590 ();
0x00013b34 ldr r2, [r5, 0x10] | r2 = *((r5 + 0x10));
0x00013b38 mov r3, 0x1e | r3 = 0x1e;
0x00013b3c add r2, r2, 0x368 | r2 += 0x368;
0x00013b40 add r2, r2, 3 | r2 += 3;
0x00013b44 mov r1, 0x14 | r1 = 0x14;
0x00013b48 mov r0, r6 | r0 = r6;
0x00013b4c bl 0x6ff0 | fcn_00006ff0 ();
0x00013b50 b 0x13a40 |
| } while (1);
| }
[*] Function sprintf used 5 times libwebsockets.so.15
