[*] Binary protection state of libxt_dccp.so
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function printf tear down of libxt_dccp.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libxt_dccp.so @ 0xa28 */
| #include <stdint.h>
|
| #define BIT_MASK(t,v) ((t)(-((v)!= 0)))&(((t)-1)>>((sizeof(t)*CHAR_BIT)-(v)))
|
; (fcn) fcn.00000a28 () | void fcn_00000a28 (int32_t arg1, uint32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00000a28 cmp r1, 0 |
0x00000a2c push {r4, r5, r6, r7, r8, sb, sl, lr} |
0x00000a30 mov r5, r0 | r5 = r0;
0x00000a34 mov r6, r2 | r6 = r2;
| if (r1 != 0) {
0x00000a38 beq 0xa48 |
0x00000a3c ldr r0, [pc, 0x80] | r0 = *(0xac0);
0x00000a40 add r0, pc, r0 | r0 = pc + r0;
0x00000a44 bl 0x648 | printf (r0)
| }
0x00000a48 ldr r7, [pc, 0x78] | r7 = *(0xac4);
0x00000a4c ldr r8, [pc, 0x78] | r8 = *(0xac8);
0x00000a50 ldr sb, [pc, 0x78] | sb = *(0xacc);
0x00000a54 mov r0, 0x20 | r0 = 0x20;
0x00000a58 bl 0x63c | putchar (r0);
0x00000a5c add r7, pc, r7 | r7 = pc + r7;
0x00000a60 mov r3, 0 | r3 = 0;
0x00000a64 add r8, pc, r8 | r8 = pc + r8;
0x00000a68 add sb, pc, sb | sb = pc + sb;
| label_0:
0x00000a6c cmp r5, 0 |
0x00000a70 popeq {r4, r5, r6, r7, r8, sb, sl, pc} |
0x00000a74 mov r4, 0 | r4 = 0;
0x00000a78 b 0xa80 |
| while (sl == r2) {
0x00000a7c add r4, r4, 1 | r4++;
0x00000a80 asr r2, r5, r4 | r2 = r5 >> r4;
0x00000a84 ands sl, r2, 1 | sl = r2 & 1;
0x00000a88 beq 0xa7c |
| }
0x00000a8c cmp r3, 0 |
| if (r3 != 0) {
0x00000a90 beq 0xa9c |
0x00000a94 mov r0, 0x2c | r0 = 0x2c;
0x00000a98 bl 0x63c | putchar (r0);
| }
0x00000a9c cmp r6, 0 |
| if (r6 == 0) {
0x00000aa0 movne r1, r4 | r1 = r4;
| }
| if (r6 == 0) {
0x00000aa4 movne r0, sb | r0 = sb;
| }
| if (r6 != 0) {
0x00000aa8 ldreq r1, [r7, r4, lsl 2] | offset_0 = r4 << 2;
| r1 = *((r7 + offset_0));
| }
| if (r6 != 0) {
0x00000aac moveq r0, r8 | r0 = r8;
| }
0x00000ab0 bl 0x648 | printf (r0, r1, r2, r3, r4, r5, r6)
0x00000ab4 mov r3, 1 | r3 = 1;
0x00000ab8 bic r5, r5, r3, lsl r4 | r5 = BIT_MASK (r5, r3);
0x00000abc mov r3, sl | r3 = sl;
0x00000ac0 b 0xa6c | goto label_0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libxt_dccp.so @ 0xc34 */
| #include <stdint.h>
|
; (fcn) fcn.00000c34 () | void fcn_00000c34 (int32_t arg1, uint32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00000c34 cmp r1, 0 |
0x00000c38 push {r4, lr} |
0x00000c3c mov r4, r0 | r4 = r0;
0x00000c40 beq 0xc58 |
| while (r0 == 0) {
| label_0:
0x00000c44 ldr r0, [pc, 0x48] | r0 = *(0xc90);
0x00000c48 mov r1, r4 | r1 = r4;
0x00000c4c add r0, pc, r0 | r0 = pc + r0;
| label_1:
0x00000c50 pop {r4, lr} |
0x00000c54 b 0x648 | void (*0x648)() ();
0x00000c58 lsr r0, r0, 8 | r0 >>= 8;
0x00000c5c ldr r1, [pc, 0x34] | r1 = *(0xc94);
0x00000c60 orr r0, r0, r4, lsl 8 | r0 |= (r4 << 8);
0x00000c64 lsl r0, r0, 0x10 | r0 <<= 0x10;
0x00000c68 add r1, pc, r1 | r1 = pc + r1;
0x00000c6c lsr r0, r0, 0x10 | r0 >>= 0x10;
0x00000c70 bl 0x6a8 | r0 = getservbyport ();
0x00000c74 cmp r0, 0 |
0x00000c78 beq 0xc44 |
| }
0x00000c7c ldr r1, [r0] | r1 = *(r0);
0x00000c80 cmp r1, 0 |
| if (r1 == 0) {
0x00000c84 beq 0xc44 | goto label_0;
| }
0x00000c88 ldr r0, [pc, 0xc] | r0 = *(0xc98);
0x00000c8c add r0, pc, r0 | r0 = pc + r0;
0x00000c90 b 0xc50 | goto label_1;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libxt_dccp.so @ 0xca0 */
| #include <stdint.h>
|
; (fcn) fcn.00000ca0 () | void fcn_00000ca0 (int32_t arg_18h, int32_t arg1, uint32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00000ca0 push {r4, r5, r6, r7, r8, lr} |
0x00000ca4 ldr r6, [sp, 0x18] | r6 = *(arg_18h);
0x00000ca8 subs ip, r3, 0 |
| if (ip != r3) {
0x00000cac bne 0xd1c | goto label_1;
| }
0x00000cb0 ldr r7, [pc, 0x9c] | r7 = *(0xd50);
0x00000cb4 add r7, pc, r7 | r7 = pc + r7;
| do {
0x00000cb8 ldr r3, [pc, 0x98] | r3 = *(0xd54);
0x00000cbc subs r3, r2, r3 | r3 = r2 - r3;
| if (r3 == r2) {
0x00000cc0 movne r3, 1 | r3 = 1;
| }
0x00000cc4 cmp r1, 0 |
| if (r1 == 0) {
0x00000cc8 movne r3, 1 | r3 = 1;
| }
0x00000ccc cmp ip, 0 |
| if (ip == 0) {
0x00000cd0 movne r3, 1 | r3 = 1;
| }
0x00000cd4 cmp r3, 0 |
0x00000cd8 popeq {r4, r5, r6, r7, r8, pc} |
0x00000cdc mov r4, r1 | r4 = r1;
0x00000ce0 mov r1, r0 | r1 = r0;
0x00000ce4 ldr r0, [pc, 0x70] | r0 = *(0xd58);
0x00000ce8 mov r5, r2 | r5 = r2;
0x00000cec add r0, pc, r0 | r0 = pc + r0;
0x00000cf0 bl 0x648 | printf (r0, r1, r2, r3, r4, r5)
0x00000cf4 cmp r4, r5 |
0x00000cf8 mov r1, r7 | r1 = r7;
| if (r4 != r5) {
0x00000cfc bne 0xd28 | goto label_2;
| }
0x00000d00 ldr r0, [pc, 0x58] | r0 = *(0xd5c);
0x00000d04 add r0, pc, r0 | r0 = pc + r0;
0x00000d08 bl 0x648 | printf (r0)
0x00000d0c mov r1, r6 | r1 = r6;
0x00000d10 mov r0, r4 | r0 = r4;
| label_0:
0x00000d14 pop {r4, r5, r6, r7, r8, lr} |
0x00000d18 b 0xc34 | void (*0xc34)() ();
| label_1:
0x00000d1c ldr r7, [pc, 0x40] | r7 = *(0xd60);
0x00000d20 add r7, pc, r7 | r7 = pc + r7;
0x00000d24 b 0xcb8 |
| } while (1);
| label_2:
0x00000d28 ldr r0, [pc, 0x38] | r0 = *(0xd64);
0x00000d2c add r0, pc, r0 | r0 = pc + r0;
0x00000d30 bl 0x648 | printf (r0)
0x00000d34 mov r1, r6 | r1 = r6;
0x00000d38 mov r0, r4 | r0 = r4;
0x00000d3c bl 0xc34 | fcn_00000c34 (r0, r1);
0x00000d40 mov r0, 0x3a | r0 = 0x3a;
0x00000d44 bl 0x63c | putchar (r0);
0x00000d48 mov r1, r6 | r1 = r6;
0x00000d4c mov r0, r5 | r0 = r5;
0x00000d50 b 0xd14 | goto label_0;
| }
[*] Function printf used 6 times libxt_dccp.so
