[*] Binary protection state of ntpd
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of ntpd
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ntpd @ 0x60710 */
| #include <stdint.h>
|
; (fcn) aav.0x00060710 () | void aav_0x00060710 (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00060710 push {r4, r5, r6, lr} |
0x00060714 ldr r4, [pc, 0x40] | r4 = *(0x60758);
0x00060718 mov r5, r2 | r5 = r2;
0x0006071c mov r6, r3 | r6 = r3;
0x00060720 mov r2, r0 | r2 = r0;
0x00060724 mov r3, r1 | r3 = r1;
0x00060728 ldr r0, [r4] | r0 = *(0x60758);
0x0006072c ldr r1, [pc, 0x2c] | r1 = stderr;
0x00060730 bl 0x150dc | fprintf (r0, r1, r2, r3, r4, r5, r6)
0x00060734 mov r2, r6 | r2 = r6;
0x00060738 mov r1, r5 | r1 = r5;
0x0006073c ldr r0, [r4] | r0 = *(0x60758);
0x00060740 bl 0x14848 | vfprintf (r0, r1, r2)
0x00060744 ldr r1, [r4] | r1 = *(0x60758);
0x00060748 mov r0, 0xa | r0 = 0xa;
0x0006074c bl 0x14e54 | fputc (r0, r1);
0x00060750 ldr r0, [r4] | r0 = *(0x60758);
0x00060754 pop {r4, r5, r6, lr} |
0x00060758 b 0x15028 | return void (*0x15028)() ();
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ntpd @ 0x60764 */
| #include <stdint.h>
|
; (fcn) aav.0x00060764 () | void aav_0x00060764 (int32_t arg1, int32_t arg2) {
| int32_t var_0h;
| int32_t var_ch;
| r0 = arg1;
| r1 = arg2;
0x00060764 push {r0, r1, r2, r4, r5, r6, r7, r8, sb, lr} |
0x00060768 ldr r4, [pc, 0x6c] | r4 = *(0x607d8);
0x0006076c mov r8, r0 | r8 = r0;
0x00060770 ldr r0, [pc, 0x68] |
0x00060774 mov sb, r1 | sb = r1;
0x00060778 mov r5, r2 | r5 = r2;
0x0006077c mov r6, r3 | r6 = r3;
0x00060780 mov r2, 0x6e | r2 = 0x6e;
0x00060784 ldr r3, [pc, 0x58] | r3 = *(0x607e0);
0x00060788 mov r1, 1 | r1 = 1;
0x0006078c ldr r0, [r0] | r0 = stderr;
0x00060790 ldr r7, [r4] | r7 = *(0x607d8);
0x00060794 bl 0x63704 | fcn_00063704 (r0, r1);
0x00060798 mov r3, sb | r3 = sb;
0x0006079c mov r2, r8 | r2 = r8;
0x000607a0 ldr r1, [pc, 0x40] | r1 = "fatal_error";
0x000607a4 str r0, [sp] | *(sp) = r0;
0x000607a8 mov r0, r7 | r0 = r7;
0x000607ac bl 0x150dc | fprintf (r0, "fatal_error", r2, r3)
0x000607b0 mov r2, r6 | r2 = r6;
0x000607b4 mov r1, r5 | r1 = r5;
0x000607b8 ldr r0, [r4] | r0 = *(0x607d8);
0x000607bc bl 0x14848 | vfprintf (r0, r1, r2)
0x000607c0 ldr r1, [r4] | r1 = *(0x607d8);
0x000607c4 mov r0, 0xa | r0 = 0xa;
0x000607c8 bl 0x14e54 | fputc (r0, r1);
0x000607cc ldr r0, [r4] | r0 = *(0x607d8);
0x000607d0 add sp, sp, 0xc |
0x000607d4 pop {r4, r5, r6, r7, r8, sb, lr} |
0x000607d8 b 0x15028 | return void (*0x15028)() ();
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ntpd @ 0x59e04 */
| #include <stdint.h>
|
; (fcn) fcn.00059e04 () | void fcn_00059e04 (int32_t arg1, int32_t arg2) {
| char * format;
| int32_t var_100h;
| r0 = arg1;
| r1 = arg2;
0x00059e04 push {r4, r5, r6, lr} |
0x00059e08 sub sp, sp, 0x100 |
0x00059e0c mov r6, r1 | r6 = r1;
0x00059e10 mov r5, r2 | r5 = r2;
0x00059e14 mov r4, r0 | r4 = r0;
0x00059e18 bl 0x1471c | errno_location ();
0x00059e1c mov r2, r6 | r2 = r6;
0x00059e20 mov r1, 0x100 | r1 = 0x100;
0x00059e24 ldr r3, [r0] | r3 = *(r0);
0x00059e28 mov r0, sp | r0 = sp;
0x00059e2c bl 0x59b24 | fcn_00059b24 (r0, r1);
0x00059e30 mov r2, r5 | r2 = r5;
0x00059e34 mov r1, sp | r1 = sp;
0x00059e38 mov r0, r4 | r0 = r4;
0x00059e3c bl 0x14848 | vfprintf (r0, r1, r2)
0x00059e40 add sp, sp, 0x100 |
0x00059e44 pop {r4, r5, r6, pc} |
| }
[*] Function fprintf used 6 times ntpd
