[*] Binary protection state of ubicrc32

  
  	Partial RELRO  No Canary found   NX disabled  No PIE       No RPATH     No RUNPATH   No Symbols


[*] Function fprintf tear down of ubicrc32

    ; assembly                                       | /* r2dec pseudo code output */
                                                     | /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/sbin/ubicrc32 @ 0x10610 */
                                                     | #include <stdint.h>
                                                     |  
    ; (fcn) main ()                                  | int32_t main (int32_t argc, char ** argv) {
                                                     |     int32_t var_0h;
                                                     |     int32_t var_4h;
                                                     |     void * ptr;
                                                     |     int32_t var_1000h;
                                                     |     int32_t var_ch;
                                                     |     r0 = argc;
                                                     |     r1 = argv;
                                                     |     /* [10] -r-x section size 908 named .text */
    0x00010610 push {r4, r5, r6, r7, r8, sb, lr}     |     
    0x00010614 ldr r6, [pc, 0x1f0]                   |     r6 = *(0x10808);
    0x00010618 sub sp, sp, 0x1000                    |     
    0x0001061c sub sp, sp, 0xc                       |     
    0x00010620 mov r7, 0                             |     r7 = 0;
    0x00010624 ldr r5, [r6]                          |     r5 = *(0x10808);
    0x00010628 ldr r3, [pc, 0x1e0]                   |     r3 = stdin;
    0x0001062c str r7, [sp]                          |     *(sp) = r7;
    0x00010630 ldr r2, [pc, 0x1dc]                   |     r2 = "help";
    0x00010634 mov sb, r0                            |     sb = r0;
    0x00010638 mov r8, r1                            |     r8 = r1;
    0x0001063c bl 0x1055c                            |     r0 = getopt_long ();
    0x00010640 cmn r0, 1                             |     
    0x00010644 mov r4, r0                            |     r4 = r0;
                                                     |     if (r0 == 1) {
    0x00010648 bne 0x106bc                           |         
    0x0001064c ldr r3, [pc, 0x1c4]                   |         
    0x00010650 ldr r3, [r3]                          |         r3 = "hV";
    0x00010654 cmp r3, sb                            |         
                                                     |         if (r3 >= sb) {
    0x00010658 bge 0x10804                           |             goto label_5;
                                                     |         }
    0x0001065c ldr r1, [pc, 0x1b8]                   |         r1 = optind;
    0x00010660 ldr r0, [r8, r3, lsl 2]               |         offset_0 = r3 << 2;
                                                     |         r0 = *((r8 + offset_0));
    0x00010664 bl 0x10604                            |         r0 = fopen64 ();
    0x00010668 subs r5, r0, 0                        |         r5 = r0 - 0;
                                                     |         if (r5 != r0) {
    0x0001066c bne 0x10804                           |             goto label_5;
                                                     |         }
    0x00010670 bl 0x105d4                            |         errno_location ();
    0x00010674 ldr r6, [pc, 0x1a4]                   |         
    0x00010678 ldr r3, [r8, 4]                       |         r3 = *((r8 + 4));
    0x0001067c ldr r2, [pc, 0x1a0]                   |         r2 = stderr;
    0x00010680 ldr r1, [pc, 0x1a0]                   |         r1 = "ubicrc32";
    0x00010684 ldr r5, [r0]                          |         r5 = *(r0);
    0x00010688 ldr r0, [r6]                          |         r0 = *(0x1081c);
    0x0001068c bl 0x1058c                            |         fprintf (r0, "ubicrc32", r2, r3, r4, r5, r6)
    0x00010690 mov r0, r5                            |         r0 = r5;
    0x00010694 ldr r6, [r6]                          |         r6 = *(0x1081c);
    0x00010698 bl 0x10550                            |         strerror (r0);
    0x0001069c str r5, [sp]                          |         *(sp) = r5;
    0x000106a0 ldr r3, [pc, 0x184]                   |         r3 = "%s: error!: cannot open \"%s\"\n";
    0x000106a4 mov r2, 0xa                           |         r2 = 0xa;
    0x000106a8 ldr r1, [pc, 0x180]                   |         r1 = *(0x1082c);
    0x000106ac str r0, [sp, 4]                       |         var_4h = r0;
    0x000106b0 mov r0, r6                            |         r0 = r6;
    0x000106b4 bl 0x1058c                            |         fprintf (r0, r1, r2, "%s: error!: cannot open \"%s\"\n", r4, r5)
    0x000106b8 b 0x106ec                             |         
                                                     |     } else {
    0x000106bc cmp r0, 0x56                          |         
                                                     |         if (r0 == 0x56) {
    0x000106c0 beq 0x10724                           |             goto label_6;
                                                     |         }
    0x000106c4 cmp r0, 0x68                          |         
                                                     |         if (r0 == 0x68) {
    0x000106c8 beq 0x106fc                           |             goto label_7;
                                                     |         }
    0x000106cc cmp r0, 0x3a                          |         
    0x000106d0 ldr r3, [pc, 0x148]                   |         r3 = *(0x1081c);
                                                     |         if (r0 != 0x3a) {
    0x000106d4 bne 0x10738                           |             goto label_8;
                                                     |         }
    0x000106d8 ldr r2, [pc, 0x144]                   |         r2 = stderr;
    0x000106dc ldr r1, [pc, 0x150]                   |         r1 = "%*serror %d (%s)\n";
    0x000106e0 ldr r0, [r3]                          |         r0 = *(r3);
    0x000106e4 bl 0x1058c                            |         fprintf (r0, "%*serror %d (%s)\n", r2)
                                                     | label_0:
    0x000106e8 mvn r4, 0                             |         r4 = ~0;
                                                     |     }
                                                     | label_1:
    0x000106ec mov r0, r4                            |     r0 = r4;
    0x000106f0 add sp, sp, 0x1000                    |     
    0x000106f4 add sp, sp, 0xc                       |     
    0x000106f8 pop {r4, r5, r6, r7, r8, sb, pc}      |     
                                                     | label_7:
    0x000106fc ldr r1, [pc, 0x134]                   |     r1 = "_s:_error_:_parameter_is_missing";
    0x00010700 ldr r0, [pc, 0x134]                   |     r0 = "ubicrc32_version_2.1.0___a_tool_to_calculate_CRC32_with_UBI_start_value__0xFFFFFFFF_";
    0x00010704 bl 0x10544                            |     printf ("ubicrc32_version_2.1.0___a_tool_to_calculate_CRC32_with_UBI_start_value__0xFFFFFFFF_", "_s:_error_:_parameter_is_missing");
    0x00010708 ldr r1, [pc, 0x130]                   |     r1 = "%s\n\n";
    0x0001070c ldr r0, [pc, 0x128]                   |     r0 = "ubicrc32_version_2.1.0___a_tool_to_calculate_CRC32_with_UBI_start_value__0xFFFFFFFF_";
    0x00010710 bl 0x10544                            |     printf ("ubicrc32_version_2.1.0___a_tool_to_calculate_CRC32_with_UBI_start_value__0xFFFFFFFF_", "%s\n\n");
    0x00010714 ldr r0, [pc, 0x128]                   |     r0 = "Usage: ubicrc32 <file to calculate CRC32 for> [-h] [--help]";
    0x00010718 bl 0x10568                            |     puts ("Usage: ubicrc32 <file to calculate CRC32 for> [-h] [--help]");
                                                     |     do {
    0x0001071c mov r0, r7                            |         r0 = r7;
    0x00010720 bl 0x105e0                            |         exit (r0);
                                                     | label_6:
    0x00010724 ldr r2, [pc, 0x11c]                   |         r2 = "-h, --help                    print help message\n-V, --version                 print program version";
    0x00010728 ldr r1, [pc, 0xf4]                    |         r1 = stderr;
    0x0001072c ldr r0, [pc, 0x118]                   |         r0 = "_.1.0";
    0x00010730 bl 0x10544                            |         printf ("_.1.0", r1, "-h, --help                    print help message\n-V, --version                 print program version");
    0x00010734 b 0x1071c                             |         
                                                     |     } while (1);
                                                     | label_8:
    0x00010738 ldr r1, [r3]                          |     r1 = *(r3);
    0x0001073c ldr r0, [pc, 0x10c]                   |     r0 = "%s (mtd-utils) %s\n";
    0x00010740 bl 0x105ec                            |     fputs ("%s (mtd-utils) %s\n", r1);
    0x00010744 b 0x106e8                             |     goto label_0;
                                                     | label_2:
    0x00010748 mov r3, r5                            |     r3 = r5;
    0x0001074c mov r2, 0x1000                        |     r2 = 0x1000;
    0x00010750 mov r1, 1                             |     r1 = 1;
    0x00010754 add r0, sp, 8                         |     r0 += ptr;
    0x00010758 bl 0x105b0                            |     r0 = fread (r0, r1, r2, r3);
    0x0001075c mov r8, r0                            |     r8 = r0;
    0x00010760 mov r0, r5                            |     r0 = r5;
    0x00010764 bl 0x105a4                            |     r0 = ferror (r0);
    0x00010768 cmp r0, 0                             |     
                                                     |     if (r0 == 0) {
    0x0001076c beq 0x107cc                           |         goto label_9;
                                                     |     }
    0x00010770 bl 0x105d4                            |     errno_location ();
    0x00010774 ldr r8, [pc, 0xa4]                    |     
    0x00010778 ldr r2, [pc, 0xa4]                    |     r2 = stderr;
    0x0001077c ldr r1, [pc, 0xd0]                    |     r1 = "Use__h_for_help";
    0x00010780 ldr r7, [r0]                          |     r7 = *(r0);
    0x00010784 ldr r0, [r8]                          |     r0 = *(0x1081c);
    0x00010788 bl 0x1058c                            |     fprintf (r0, "Use__h_for_help", r2)
    0x0001078c mov r0, r7                            |     r0 = r7;
    0x00010790 ldr r8, [r8]                          |     r8 = *(0x1081c);
    0x00010794 bl 0x10550                            |     strerror (r0);
    0x00010798 str r7, [sp]                          |     *(sp) = r7;
    0x0001079c ldr r3, [pc, 0x88]                    |     r3 = "%s: error!: cannot open \"%s\"\n";
    0x000107a0 mov r2, 0xa                           |     r2 = 0xa;
    0x000107a4 ldr r1, [pc, 0x84]                    |     r1 = *(0x1082c);
    0x000107a8 str r0, [sp, 4]                       |     var_4h = r0;
    0x000107ac mov r0, r8                            |     r0 = r8;
    0x000107b0 bl 0x1058c                            |     fprintf (r0, r1, r2, "%s: error!: cannot open \"%s\"\n")
                                                     | label_3:
    0x000107b4 ldr r3, [r6]                          |     r3 = *(r6);
    0x000107b8 cmp r3, r5                            |     
                                                     |     if (r3 == r5) {
    0x000107bc beq 0x106ec                           |         goto label_1;
                                                     |     }
    0x000107c0 mov r0, r5                            |     r0 = r5;
    0x000107c4 bl 0x105c8                            |     fclose (r0);
    0x000107c8 b 0x106ec                             |     goto label_1;
                                                     | label_9:
    0x000107cc mov r0, r7                            |     r0 = r7;
    0x000107d0 mov r2, r8                            |     r2 = r8;
    0x000107d4 add r1, sp, 8                         |     r1 += ptr;
    0x000107d8 bl 0x10974                            |     r0 = fcn_00010974 (r0);
    0x000107dc mov r7, r0                            |     r7 = r0;
                                                     | label_4:
    0x000107e0 mov r0, r5                            |     r0 = r5;
    0x000107e4 bl 0x10574                            |     r0 = feof (r0);
    0x000107e8 cmp r0, 0                             |     
                                                     |     if (r0 == 0) {
    0x000107ec beq 0x10748                           |         goto label_2;
                                                     |     }
    0x000107f0 mov r1, r7                            |     r1 = r7;
    0x000107f4 ldr r0, [pc, 0x5c]                    |     r0 = "%s: error!: cannot read input file\n";
    0x000107f8 bl 0x10544                            |     printf ("%s: error!: cannot read input file\n", r1);
    0x000107fc mov r4, 0                             |     r4 = 0;
    0x00010800 b 0x107b4                             |     goto label_3;
                                                     | label_5:
    0x00010804 mvn r7, 0                             |     r7 = ~0;
    0x00010808 b 0x107e0                             |     goto label_4;
                                                     | }

[*] Function fprintf used 6 times ubicrc32