[*] Binary protection state of libxt_owner.so
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function printf tear down of libxt_owner.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libxt_owner.so @ 0xf98 */
| #include <stdint.h>
|
; (fcn) fcn.00000f98 () | void fcn_00000f98 (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00000f98 ldrb ip, [r0, 0x10] | ip = *((r0 + 0x10));
0x00000f9c tst r2, ip |
| if ((r2 & ip) != 0) {
0x00000fa0 bxeq lr | return;
| }
0x00000fa4 push {r4, r5, r6, r7, r8, lr} |
0x00000fa8 mov r6, r3 | r6 = r3;
0x00000fac ldrb r3, [r0, 0x11] | r3 = *((r0 + 0x11));
0x00000fb0 mov r5, r2 | r5 = r2;
0x00000fb4 tst r2, r3 |
0x00000fb8 mov r8, r1 | r8 = r1;
0x00000fbc mov r4, r0 | r4 = r0;
| if ((r2 & r3) != 0) {
0x00000fc0 beq 0xfd0 |
0x00000fc4 ldr r0, [pc, 0xdc] | r0 = *(0x10a4);
0x00000fc8 add r0, pc, r0 | r0 = pc + r0;
0x00000fcc bl 0x664 | printf (r0)
| }
0x00000fd0 ldr r7, [pc, 0xd4] | r7 = *(0x10a8);
0x00000fd4 mov r1, r8 | r1 = r8;
0x00000fd8 add r7, pc, r7 | r7 = pc + r7;
0x00000fdc mov r0, r7 | r0 = r7;
0x00000fe0 bl 0x664 | printf (r0, r1)
0x00000fe4 ldrb r2, [r4, 0x10] | r2 = *((r4 + 0x10));
0x00000fe8 and r5, r5, r2 | r5 &= r2;
0x00000fec cmp r5, 1 |
| if (r5 != 1) {
0x00000ff0 beq 0x1018 |
0x00000ff4 cmp r5, 2 |
0x00000ff8 popne {r4, r5, r6, r7, r8, pc} |
0x00000ffc ldr r1, [r4, 8] | r1 = *((r4 + 8));
0x00001000 ldr r2, [r4, 0xc] | r2 = *((r4 + 0xc));
0x00001004 cmp r1, r2 |
| if (r1 == r2) {
0x00001008 beq 0x1074 | goto label_1;
| }
0x0000100c ldr r0, [pc, 0x9c] | r0 = *(0x10ac);
0x00001010 add r0, pc, r0 | r0 = pc + r0;
0x00001014 b 0x102c |
| } else {
0x00001018 ldm r4, {r1, r2} | r1 = *(r4);
| r2 = *((r4 + 4));
0x0000101c cmp r1, r2 |
| if (r1 == r2) {
0x00001020 beq 0x1034 | goto label_2;
| }
0x00001024 ldr r0, [pc, 0x88] | r0 = *(0x10b0);
0x00001028 add r0, pc, r0 | r0 = pc + r0;
| }
0x0000102c pop {r4, r5, r6, r7, r8, lr} |
0x00001030 b 0x664 | void (*0x664)() ();
| label_2:
0x00001034 cmp r6, 0 |
| if (r6 != 0) {
0x00001038 bne 0x1060 | goto label_3;
| }
0x0000103c mov r0, r1 | r0 = r1;
0x00001040 bl 0x6c4 | r0 = getpwuid ();
0x00001044 cmp r0, 0 |
| if (r0 == 0) {
0x00001048 beq 0x1060 | goto label_3;
| }
0x0000104c ldr r1, [r0] | r1 = *(r0);
0x00001050 cmp r1, 0 |
0x00001054 beq 0x1060 |
| while (r1 != 0) {
0x00001058 mov r0, r7 | r0 = r7;
0x0000105c b 0x106c | goto label_0;
| label_3:
0x00001060 ldr r0, [pc, 0x50] | r0 = *(0x10b4);
0x00001064 ldr r1, [r4] | r1 = *(r4);
0x00001068 add r0, pc, r0 | r0 = pc + r0;
| label_0:
0x0000106c pop {r4, r5, r6, r7, r8, lr} |
0x00001070 b 0x664 | void (*0x664)() ();
| label_1:
0x00001074 cmp r6, 0 |
| if (r6 != 0) {
0x00001078 bne 0x1098 | goto label_4;
| }
0x0000107c mov r0, r1 | r0 = r1;
0x00001080 bl 0x670 | r0 = getgrgid ();
0x00001084 cmp r0, 0 |
| if (r0 == 0) {
0x00001088 beq 0x1098 | goto label_4;
| }
0x0000108c ldr r1, [r0] | r1 = *(r0);
0x00001090 cmp r1, 0 |
0x00001094 bne 0x1058 |
| }
| label_4:
0x00001098 ldr r0, [pc, 0x1c] | r0 = *(0x10b8);
0x0000109c ldr r1, [r4, 8] | r1 = *((r4 + 8));
0x000010a0 add r0, pc, r0 | r0 = pc + r0;
0x000010a4 b 0x106c | goto label_0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libxt_owner.so @ 0x1188 */
| #include <stdint.h>
|
; (fcn) fcn.00001188 () | void fcn_00001188 (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00001188 ldrb ip, [r0, 0x20] | ip = *((r0 + 0x20));
0x0000118c tst r2, ip |
| if ((r2 & ip) != 0) {
0x00001190 bxeq lr | return;
| }
0x00001194 push {r4, r5, r6, r7, r8, lr} |
0x00001198 mov r6, r3 | r6 = r3;
0x0000119c ldrb r3, [r0, 0x21] | r3 = *((r0 + 0x21));
0x000011a0 mov r5, r2 | r5 = r2;
0x000011a4 tst r2, r3 |
0x000011a8 mov r7, r1 | r7 = r1;
0x000011ac mov r4, r0 | r4 = r0;
| if ((r2 & r3) != 0) {
0x000011b0 beq 0x11c0 |
0x000011b4 ldr r0, [pc, 0xf0] | r0 = *(0x12a8);
0x000011b8 add r0, pc, r0 | r0 = pc + r0;
0x000011bc bl 0x664 | printf (r0)
| }
0x000011c0 ldr r0, [pc, 0xe8] | r0 = *(0x12ac);
0x000011c4 mov r1, r7 | r1 = r7;
0x000011c8 add r0, pc, r0 | r0 = pc + r0;
0x000011cc bl 0x664 | printf (r0, r1)
0x000011d0 ldrb r2, [r4, 0x20] | r2 = *((r4 + 0x20));
0x000011d4 and r5, r5, r2 | r5 &= r2;
0x000011d8 sub r5, r5, 1 | r5--;
0x000011dc cmp r5, 7 |
| if (r5 > 7) {
| /* switch table (8 cases) at 0x11e8 */
0x000011e0 addls pc, pc, r5, lsl 2 | pc += (r5 << 2);
| }
0x000011e4 b 0x12a8 | goto label_1;
0x000011e8 b 0x1208 | goto label_2;
0x000011ec b 0x124c | goto label_3;
0x000011f0 b 0x12a8 | goto label_1;
0x000011f4 b 0x1288 | goto label_4;
0x000011f8 b 0x12a8 | goto label_1;
0x000011fc b 0x12a8 | goto label_1;
0x00001200 b 0x12a8 | goto label_1;
0x00001204 b 0x1298 | goto label_5;
| label_2:
0x00001208 cmp r6, 0 |
| if (r6 != 0) {
0x0000120c bne 0x123c | goto label_6;
| }
0x00001210 ldr r0, [r4] | r0 = *(r4);
0x00001214 bl 0x6c4 | r0 = getpwuid ();
0x00001218 cmp r0, 0 |
| if (r0 == 0) {
0x0000121c beq 0x123c | goto label_6;
| }
0x00001220 ldr r1, [r0] | r1 = *(r0);
0x00001224 cmp r1, 0 |
| if (r1 == 0) {
0x00001228 beq 0x123c | goto label_6;
| }
0x0000122c ldr r0, [pc, 0x80] | r0 = *(0x12b0);
0x00001230 add r0, pc, r0 | r0 = pc + r0;
| do {
| label_0:
0x00001234 pop {r4, r5, r6, r7, r8, lr} |
0x00001238 b 0x664 | void (*0x664)() ();
| label_6:
0x0000123c ldr r0, [pc, 0x74] | r0 = *(0x12b4);
0x00001240 ldr r1, [r4] | r1 = *(r4);
0x00001244 add r0, pc, r0 | r0 = pc + r0;
0x00001248 b 0x1234 |
| } while (1);
| label_3:
0x0000124c cmp r6, 0 |
| if (r6 != 0) {
0x00001250 bne 0x1278 | goto label_7;
| }
0x00001254 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x00001258 bl 0x670 | r0 = getgrgid ();
0x0000125c cmp r0, 0 |
| if (r0 == 0) {
0x00001260 beq 0x1278 | goto label_7;
| }
0x00001264 ldr r1, [r0] | r1 = *(r0);
0x00001268 cmp r1, 0 |
| if (r1 == 0) {
0x0000126c ldrne r0, [pc, 0x48] | r0 = *(0x000012bc);
| }
| if (r1 != 0) {
0x00001270 addne r0, pc, r0 | r0 = pc + r0;
| goto label_8;
| }
| if (r1 != 0) {
| label_8:
0x00001274 bne 0x1234 | goto label_0;
| }
| label_7:
0x00001278 ldr r0, [pc, 0x40] | r0 = *(0x12bc);
0x0000127c ldr r1, [r4, 4] | r1 = *((r4 + 4));
0x00001280 add r0, pc, r0 | r0 = pc + r0;
0x00001284 b 0x1234 | goto label_0;
| label_4:
0x00001288 ldr r0, [pc, 0x34] | r0 = *(0x12c0);
0x0000128c ldr r1, [r4, 8] | r1 = *((r4 + 8));
0x00001290 add r0, pc, r0 | r0 = pc + r0;
0x00001294 b 0x1234 | goto label_0;
| label_5:
0x00001298 ldr r0, [pc, 0x28] | r0 = *(0x12c4);
0x0000129c ldr r1, [r4, 0xc] | r1 = *((r4 + 0xc));
0x000012a0 add r0, pc, r0 | r0 = pc + r0;
0x000012a4 b 0x1234 | goto label_0;
| label_1:
0x000012a8 pop {r4, r5, r6, r7, r8, pc} |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libxt_owner.so @ 0x13cc */
| #include <stdint.h>
|
; (fcn) fcn.000013cc () | void fcn_000013cc (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x000013cc ldrb ip, [r0, 0x20] | ip = *((r0 + 0x20));
0x000013d0 tst r2, ip |
| if ((r2 & ip) != 0) {
0x000013d4 bxeq lr | return;
| }
0x000013d8 push {r4, r5, r6, r7, r8, lr} |
0x000013dc mov r6, r3 | r6 = r3;
0x000013e0 ldrb r3, [r0, 0x21] | r3 = *((r0 + 0x21));
0x000013e4 mov r5, r2 | r5 = r2;
0x000013e8 tst r2, r3 |
0x000013ec mov r7, r1 | r7 = r1;
0x000013f0 mov r4, r0 | r4 = r0;
| if ((r2 & r3) != 0) {
0x000013f4 beq 0x1404 |
0x000013f8 ldr r0, [pc, 0x128] | r0 = *(0x1524);
0x000013fc add r0, pc, r0 | r0 = pc + r0;
0x00001400 bl 0x664 | printf (r0)
| }
0x00001404 ldr r0, [pc, 0x120] | r0 = *(0x1528);
0x00001408 mov r1, r7 | r1 = r7;
0x0000140c add r0, pc, r0 | r0 = pc + r0;
0x00001410 bl 0x664 | printf (r0, r1)
0x00001414 ldrb r2, [r4, 0x20] | r2 = *((r4 + 0x20));
0x00001418 and r5, r5, r2 | r5 &= r2;
0x0000141c sub r5, r5, 1 | r5--;
0x00001420 cmp r5, 0xf |
| if (r5 > 0xf) {
| /* switch table (16 cases) at 0x142c */
0x00001424 addls pc, pc, r5, lsl 2 | pc += (r5 << 2);
| }
0x00001428 b 0x1524 | goto label_1;
0x0000142c b 0x146c | goto label_2;
0x00001430 b 0x14b0 | goto label_3;
0x00001434 b 0x1524 | goto label_1;
0x00001438 b 0x14ec | goto label_4;
0x0000143c b 0x1524 | goto label_1;
0x00001440 b 0x1524 | goto label_1;
0x00001444 b 0x1524 | goto label_1;
0x00001448 b 0x14fc | goto label_5;
0x0000144c b 0x1524 | goto label_1;
0x00001450 b 0x1524 | goto label_1;
0x00001454 b 0x1524 | goto label_1;
0x00001458 b 0x1524 | goto label_1;
0x0000145c b 0x1524 | goto label_1;
0x00001460 b 0x1524 | goto label_1;
0x00001464 b 0x1524 | goto label_1;
0x00001468 b 0x150c | goto label_6;
| label_2:
0x0000146c cmp r6, 0 |
| if (r6 != 0) {
0x00001470 bne 0x14a0 | goto label_7;
| }
0x00001474 ldr r0, [r4] | r0 = *(r4);
0x00001478 bl 0x6c4 | r0 = getpwuid ();
0x0000147c cmp r0, 0 |
| if (r0 == 0) {
0x00001480 beq 0x14a0 | goto label_7;
| }
0x00001484 ldr r1, [r0] | r1 = *(r0);
0x00001488 cmp r1, 0 |
| if (r1 == 0) {
0x0000148c beq 0x14a0 | goto label_7;
| }
0x00001490 ldr r0, [pc, 0x98] | r0 = *(0x152c);
0x00001494 add r0, pc, r0 | r0 = pc + r0;
| do {
| label_0:
0x00001498 pop {r4, r5, r6, r7, r8, lr} |
0x0000149c b 0x664 | void (*0x664)() ();
| label_7:
0x000014a0 ldr r0, [pc, 0x8c] | r0 = *(0x1530);
0x000014a4 ldr r1, [r4] | r1 = *(r4);
0x000014a8 add r0, pc, r0 | r0 = pc + r0;
0x000014ac b 0x1498 |
| } while (1);
| label_3:
0x000014b0 cmp r6, 0 |
| if (r6 != 0) {
0x000014b4 bne 0x14dc | goto label_8;
| }
0x000014b8 ldr r0, [r4, 4] | r0 = *((r4 + 4));
0x000014bc bl 0x670 | r0 = getgrgid ();
0x000014c0 cmp r0, 0 |
| if (r0 == 0) {
0x000014c4 beq 0x14dc | goto label_8;
| }
0x000014c8 ldr r1, [r0] | r1 = *(r0);
0x000014cc cmp r1, 0 |
| if (r1 == 0) {
0x000014d0 ldrne r0, [pc, 0x60] | r0 = *(0x00001538);
| }
| if (r1 != 0) {
0x000014d4 addne r0, pc, r0 | r0 = pc + r0;
| goto label_9;
| }
| if (r1 != 0) {
| label_9:
0x000014d8 bne 0x1498 | goto label_0;
| }
| label_8:
0x000014dc ldr r0, [pc, 0x58] | r0 = *(0x1538);
0x000014e0 ldr r1, [r4, 4] | r1 = *((r4 + 4));
0x000014e4 add r0, pc, r0 | r0 = pc + r0;
0x000014e8 b 0x1498 | goto label_0;
| label_4:
0x000014ec ldr r0, [pc, 0x4c] | r0 = *(0x153c);
0x000014f0 ldr r1, [r4, 8] | r1 = *((r4 + 8));
0x000014f4 add r0, pc, r0 | r0 = pc + r0;
0x000014f8 b 0x1498 | goto label_0;
| label_5:
0x000014fc ldr r0, [pc, 0x40] | r0 = *(0x1540);
0x00001500 ldr r1, [r4, 0xc] | r1 = *((r4 + 0xc));
0x00001504 add r0, pc, r0 | r0 = pc + r0;
0x00001508 b 0x1498 | goto label_0;
| label_6:
0x0000150c ldr r0, [pc, 0x34] | r0 = *(0x1544);
0x00001510 add r2, r4, 0x10 | r2 = r4 + 0x10;
0x00001514 mov r1, 0x10 | r1 = 0x10;
0x00001518 add r0, pc, r0 | r0 = pc + r0;
0x0000151c pop {r4, r5, r6, r7, r8, lr} |
0x00001520 b 0x664 | void (*0x664)() ();
| label_1:
0x00001524 pop {r4, r5, r6, r7, r8, pc} |
| }
[*] Function printf used 7 times libxt_owner.so
