[*] Binary protection state of ldconfig
Partial RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of ldconfig
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/sbin/ldconfig @ 0x12138 */
| #include <stdint.h>
|
; (fcn) fcn.00012138 () | void fcn_00012138 (int32_t arg_1000h, char * src, int32_t arg1, char * arg2) {
| int32_t var_0h;
| int32_t var_4h;
| char * dest;
| int32_t var_ch;
| r0 = arg1;
| r1 = arg2;
0x00012138 push {r4, r5, r6, r7, r8, sb, sl, fp, lr} |
0x0001213c subs r4, r0, 0 | r4 = r0 - 0;
0x00012140 sub sp, sp, 0x3000 |
0x00012144 sub sp, sp, 0xc |
0x00012148 mov r5, r1 | r5 = r1;
0x0001214c mov r6, r2 | r6 = r2;
| if (r4 != r0) {
0x00012150 beq 0x12174 |
0x00012154 ldrb r3, [r4] | r3 = *(r4);
0x00012158 cmp r3, 0 |
| if (r3 == 0) {
0x0001215c beq 0x12174 | goto label_5;
| }
0x00012160 cmp r3, 0x2f |
| if (r3 != 0x2f) {
0x00012164 bne 0x12184 | goto label_6;
| }
0x00012168 ldrb r3, [r4, 1] | r3 = *((r4 + 1));
0x0001216c cmp r3, 0 |
| if (r3 != 0) {
0x00012170 bne 0x12184 | goto label_6;
| }
| }
| label_5:
0x00012174 mov r1, r5 | r1 = r5;
| do {
0x00012178 mov r0, r6 | r0 = r6;
0x0001217c bl 0x10ad0 | strcpy (r0, r1)
0x00012180 b 0x12374 | goto label_7;
| label_6:
0x00012184 mov r0, r4 | r0 = r4;
0x00012188 bl 0x10cb0 | r0 = strlen (r0);
0x0001218c mov sl, r0 | sl = r0;
0x00012190 mov r0, r5 | r0 = r5;
0x00012194 bl 0x10cb0 | strlen (r0);
0x00012198 ldr r3, [pc, 0x254] | r3 = *(0x123f0);
0x0001219c add r0, sl, r0 | r0 = sl + r0;
0x000121a0 cmp r0, r3 |
| if (r0 >= r3) {
0x000121a4 bls 0x121b4 |
| label_2:
0x000121a8 bl 0x10c8c | errno_location ();
0x000121ac mov r3, 0x24 | r3 = 0x24;
0x000121b0 b 0x12324 | goto label_8;
| }
0x000121b4 mov r1, r5 | r1 = r5;
0x000121b8 add r0, sp, 8 | r0 += dest;
0x000121bc bl 0x10ad0 | strcpy (r0, r1)
0x000121c0 add r5, sp, 0x2000 | r5 += src;
0x000121c4 rsb r3, sl, 0xff0 | r3 = 0xff0 - sl;
0x000121c8 add r2, sp, 8 | r2 += dest;
0x000121cc add r5, r5, 8 | r5 += 8;
0x000121d0 add r3, r3, 0xd | r3 += 0xd;
0x000121d4 add r3, r2, r3 | r3 = r2 + r3;
0x000121d8 mov r1, r4 | r1 = r4;
0x000121dc mov r0, r5 | r0 = r5;
0x000121e0 str r3, [sp] | *(sp) = r3;
0x000121e4 bl 0x10ad0 | strcpy (r0, r1)
0x000121e8 add sl, r5, sl | sl = r5 + sl;
| label_0:
0x000121ec ldrb r2, [sl] | r2 = *(sl);
0x000121f0 cmp sl, r5 |
0x000121f4 sub r3, r2, 0x2f | r3 = r2 - 0x2f;
0x000121f8 clz r3, r3 | r3 &= r3;
0x000121fc lsr r3, r3, 5 | r3 >>= 5;
| if (sl > r5) {
0x00012200 movls r3, 0 | r3 = 0;
| }
0x00012204 cmp r3, 0 |
| if (r3 != 0) {
0x00012208 bne 0x1226c | goto label_9;
| }
0x0001220c add sb, sl, 1 | sb = sl + 1;
0x00012210 add r8, sp, 0x1000 | r8 += arg_1000h;
0x00012214 mov r1, 0x2f | r1 = 0x2f;
0x00012218 mov r4, sb | r4 = sb;
0x0001221c mov r2, r3 | r2 = r3;
0x00012220 add r5, sp, 8 | r5 += dest;
0x00012224 add r8, r8, 8 | r8 += 8;
0x00012228 strb r1, [sl] | *(sl) = r1;
| label_1:
0x0001222c ldrb r1, [r5] | r1 = *(r5);
0x00012230 cmp r1, 0 |
| if (r1 != 0) {
0x00012234 bne 0x12274 | goto label_10;
| }
| label_4:
0x00012238 add r3, sp, 0x2000 | r3 += src;
0x0001223c add r3, r3, 8 | r3 += 8;
0x00012240 add r3, r3, 1 | r3++;
0x00012244 cmp r4, r3 |
| if (r4 != r3) {
0x00012248 beq 0x12258 |
0x0001224c ldrb r3, [r4, -1] | r3 = *((r4 - 1));
0x00012250 cmp r3, 0x2f |
| if (r3 == 0x2f) {
0x00012254 subeq r4, r4, 1 | r4--;
| goto label_11;
| }
| }
| label_11:
0x00012258 mov r3, 0 | r3 = 0;
0x0001225c add r1, sp, 0x2000 | r1 += src;
0x00012260 strb r3, [r4] | *(r4) = r3;
0x00012264 add r1, r1, 8 | r1 += 8;
0x00012268 b 0x12178 |
| } while (1);
| label_9:
0x0001226c sub sl, sl, 1 | sl--;
0x00012270 b 0x121ec | goto label_0;
| label_10:
0x00012274 cmp r1, 0x2f |
0x00012278 bne 0x12284 |
| while (r1 == 0x2f) {
0x0001227c add r5, r5, 1 | r5++;
0x00012280 b 0x1222c | goto label_1;
0x00012284 cmp r1, 0x2e |
| if (r1 != 0x2e) {
0x00012288 bne 0x122ec | goto label_12;
| }
0x0001228c ldrb r1, [r5, 1] | r1 = *((r5 + 1));
0x00012290 cmp r1, 0x2f |
0x00012294 cmpne r1, 0 | __asm ("cmpne r1, 0");
0x00012298 beq 0x1227c |
| }
0x0001229c cmp r1, 0x2e |
| if (r1 != 0x2e) {
0x000122a0 bne 0x122ec | goto label_12;
| }
0x000122a4 ldrb r1, [r5, 2] | r1 = *((r5 + 2));
0x000122a8 cmp r1, 0x2f |
0x000122ac cmpne r1, 0 | __asm ("cmpne r1, 0");
| if (r1 != 0x2f) {
0x000122b0 bne 0x122ec | goto label_12;
| }
0x000122b4 cmp r4, sb |
0x000122b8 add r5, r5, 2 | r5 += 2;
| if (r4 == sb) {
0x000122bc beq 0x1222c | goto label_1;
| }
0x000122c0 sub r1, r4, 1 | r1 = r4 - 1;
| do {
0x000122c4 mov r4, r1 | r4 = r1;
0x000122c8 ldrb r0, [r1, -1]! | r0 = *((r1 -= 1));
0x000122cc cmp r0, 0x2f |
0x000122d0 bne 0x122c4 |
| } while (r0 != 0x2f);
0x000122d4 b 0x1222c | goto label_1;
| label_3:
0x000122d8 ldr r3, [sp] | r3 = *(sp);
0x000122dc cmp r5, r3 |
| if (r5 > r3) {
0x000122e0 bhi 0x121a8 | goto label_2;
| }
0x000122e4 add r5, r5, 1 | r5++;
0x000122e8 strb r1, [r4], 1 | *(r4) = r1;
| r4++;
| label_12:
0x000122ec ldrb r1, [r5] | r1 = *(r5);
0x000122f0 subs r7, r1, 0x2f | r7 = r1 - 0x2f;
| if (r7 == r1) {
0x000122f4 movne r7, 1 | r7 = 1;
| }
0x000122f8 cmp r1, 0 |
| if (r1 != 0) {
0x000122fc moveq r7, 0 | r7 = 0;
| }
0x00012300 cmp r7, 0 |
| if (r7 != 0) {
0x00012304 bne 0x122d8 | goto label_3;
| }
0x00012308 cmp r1, 0 |
| if (r1 == 0) {
0x0001230c beq 0x12238 | goto label_4;
| }
0x00012310 cmp r2, 0x20 |
0x00012314 add fp, r2, 1 |
| if (r2 > 0x20) {
0x00012318 ble 0x1232c |
0x0001231c bl 0x10c8c | errno_location ();
0x00012320 mov r3, 0x28 | r3 = 0x28;
| label_8:
0x00012324 str r3, [r0] | *(r0) = r3;
0x00012328 b 0x12370 |
| } else {
0x0001232c add r0, sp, 0x2000 | r0 += src;
0x00012330 ldr r2, [pc, 0xc0] | r2 = *(0x123f4);
0x00012334 strb r7, [r4] | *(r4) = r7;
0x00012338 mov r1, r8 | r1 = r8;
0x0001233c add r0, r0, 8 | r0 += 8;
0x00012340 bl 0x10b30 | r0 = readlink ();
0x00012344 subs r2, r0, 0 | r2 = r0 - 0;
| if (r2 >= r0) {
0x00012348 bge 0x12384 | goto label_13;
| }
0x0001234c bl 0x10c8c | r0 = errno_location ();
0x00012350 ldr r2, [r0] | r2 = *(r0);
0x00012354 cmp r2, 0x16 |
| if (r2 == 0x16) {
0x00012358 beq 0x123e0 | goto label_14;
| }
0x0001235c add r1, sp, 0x2000 | r1 += src;
0x00012360 strb r7, [r4] | *(r4) = r7;
0x00012364 add r1, r1, 8 | r1 += 8;
0x00012368 mov r0, r6 | r0 = r6;
0x0001236c bl 0x10ad0 | strcpy (r0, r1)
| }
0x00012370 mov r6, 0 | r6 = 0;
| label_7:
0x00012374 mov r0, r6 | r0 = r6;
0x00012378 add sp, sp, 0x3000 |
0x0001237c add sp, sp, 0xc |
0x00012380 pop {r4, r5, r6, r7, r8, sb, sl, fp, pc} |
| label_13:
0x00012384 strb r7, [r8, r2] | *((r8 + r2)) = r7;
0x00012388 ldrb r1, [r8] | r1 = *(r8);
0x0001238c cmp r1, 0x2f |
| if (r1 != 0x2f) {
0x00012390 moveq r4, sl | r4 = sl;
| }
| if (r1 == 0x2f) {
0x00012394 beq 0x123a4 | goto label_15;
| }
| do {
0x00012398 ldrb r1, [r4, -1]! | r1 = *((r4 -= 1));
0x0001239c cmp r1, 0x2f |
0x000123a0 bne 0x12398 |
| } while (r1 != 0x2f);
| label_15:
0x000123a4 mov r0, r5 | r0 = r5;
0x000123a8 str r2, [sp, 4] | var_4h = r2;
0x000123ac bl 0x10cb0 | strlen (r0);
0x000123b0 ldr r2, [sp, 4] | r2 = var_4h;
0x000123b4 ldr r3, [pc, 0x40] | r3 = *(0x123f8);
0x000123b8 add r0, r2, r0 | r0 = r2 + r0;
0x000123bc cmp r0, r3 |
| if (r0 > r3) {
0x000123c0 bhi 0x121a8 | goto label_2;
| }
0x000123c4 mov r1, r5 | r1 = r5;
0x000123c8 mov r0, r8 | r0 = r8;
0x000123cc bl 0x10ba8 | strcat (r0, r1);
0x000123d0 mov r1, r8 | r1 = r8;
0x000123d4 add r0, sp, 8 | r0 += dest;
0x000123d8 bl 0x10ad0 | strcpy (r0, r1)
0x000123dc add r5, sp, 8 | r5 += dest;
| label_14:
0x000123e0 mov r2, 0x2f | r2 = 0x2f;
0x000123e4 strb r2, [r4] | *(r4) = r2;
0x000123e8 mov r2, fp | r2 = fp;
0x000123ec add r4, r4, 1 | r4++;
0x000123f0 b 0x1222c | goto label_1;
| }
[*] Function strcpy used 6 times ldconfig
