[*] Binary protection state of libip6t_DNAT.so
Partial RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function printf tear down of libip6t_DNAT.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libip6t_DNAT.so @ 0xd8c */
| #include <stdint.h>
|
; (fcn) fcn.00000d8c () | void fcn_00000d8c (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00000d8c ldr r3, [r0] | r3 = *(r0);
0x00000d90 push {r4, r5, r6, r7, r8, lr} |
0x00000d94 tst r3, 1 |
0x00000d98 mov r4, r0 | r4 = r0;
0x00000d9c mov r5, r1 | r5 = r1;
| if ((r3 & 1) != 0) {
0x00000da0 beq 0xe18 |
0x00000da4 tst r3, 2 |
| if ((r3 & 2) != 0) {
0x00000da8 beq 0xdb4 |
0x00000dac mov r0, 0x5b | r0 = 0x5b;
0x00000db0 bl 0x678 | putchar (r0);
| }
0x00000db4 add r7, r4, 4 | r7 = r4 + 4;
0x00000db8 mov r0, r7 | r0 = r7;
0x00000dbc bl 0x6b4 | xtables_ip6addr_to_numeric ();
0x00000dc0 add r6, r4, 0x14 | r6 = r4 + 0x14;
0x00000dc4 mov r1, r0 | r1 = r0;
0x00000dc8 ldr r0, [pc, 0xe0] | r0 = *(0xeac);
0x00000dcc add r0, pc, r0 | r0 = pc + r0;
0x00000dd0 bl 0x684 | printf (r0, r1, r2, r3, r4, r5, r6)
0x00000dd4 mov r2, 0x10 | r2 = 0x10;
0x00000dd8 mov r1, r6 | r1 = r6;
0x00000ddc mov r0, r7 | r0 = r7;
0x00000de0 bl 0x6e4 | r0 = memcmp (r0, r1, r2);
0x00000de4 cmp r0, 0 |
| if (r0 != 0) {
0x00000de8 beq 0xe04 |
0x00000dec mov r0, r6 | r0 = r6;
0x00000df0 bl 0x6b4 | r0 = xtables_ip6addr_to_numeric ();
0x00000df4 mov r1, r0 | r1 = r0;
0x00000df8 ldr r0, [pc, 0xb4] | r0 = *(0xeb0);
0x00000dfc add r0, pc, r0 | r0 = pc + r0;
0x00000e00 bl 0x684 | printf (r0, r1)
| }
0x00000e04 ldr r3, [r4] | r3 = *(r4);
0x00000e08 tst r3, 2 |
0x00000e0c popeq {r4, r5, r6, r7, r8, pc} |
0x00000e10 mov r0, 0x5d | r0 = 0x5d;
0x00000e14 bl 0x678 | putchar (r0);
| }
0x00000e18 ldr r3, [r4] | r3 = *(r4);
0x00000e1c tst r3, 2 |
0x00000e20 popeq {r4, r5, r6, r7, r8, pc} |
0x00000e24 mov r0, 0x3a | r0 = 0x3a;
0x00000e28 bl 0x678 | putchar (r0);
0x00000e2c ldrh r3, [r4, 0x24] | r3 = *((r4 + 0x24));
0x00000e30 ldr r0, [pc, 0x80] | r0 = *(0xeb4);
0x00000e34 lsr r1, r3, 8 | r1 = r3 >> 8;
0x00000e38 orr r1, r1, r3, lsl 8 | r1 |= (r3 << 8);
0x00000e3c lsl r1, r1, 0x10 | r1 <<= 0x10;
0x00000e40 lsr r1, r1, 0x10 | r1 >>= 0x10;
0x00000e44 add r0, pc, r0 | r0 = pc + r0;
0x00000e48 bl 0x684 | printf (r0, r1, r2, r3)
0x00000e4c ldrh r3, [r4, 0x26] | r3 = *((r4 + 0x26));
0x00000e50 ldrh r2, [r4, 0x24] | r2 = *((r4 + 0x24));
0x00000e54 cmp r2, r3 |
| if (r2 != r3) {
0x00000e58 beq 0xe78 |
0x00000e5c lsr r1, r3, 8 | r1 = r3 >> 8;
0x00000e60 ldr r0, [pc, 0x54] | r0 = *(0xeb8);
0x00000e64 orr r1, r1, r3, lsl 8 | r1 |= (r3 << 8);
0x00000e68 lsl r1, r1, 0x10 | r1 <<= 0x10;
0x00000e6c lsr r1, r1, 0x10 | r1 >>= 0x10;
0x00000e70 add r0, pc, r0 | r0 = pc + r0;
0x00000e74 bl 0x684 | printf (r0, r1)
| }
0x00000e78 cmp r5, 2 |
0x00000e7c popne {r4, r5, r6, r7, r8, pc} |
0x00000e80 ldr r3, [r4] | r3 = *(r4);
0x00000e84 tst r3, 0x20 |
0x00000e88 popeq {r4, r5, r6, r7, r8, pc} |
0x00000e8c ldrh r3, [r4, 0x28] | r3 = *((r4 + 0x28));
0x00000e90 ldr r0, [pc, 0x28] | r0 = "_";
0x00000e94 lsr r1, r3, 8 | r1 = r3 >> 8;
0x00000e98 orr r1, r1, r3, lsl 8 | r1 |= (r3 << 8);
0x00000e9c lsl r1, r1, 0x10 | r1 <<= 0x10;
0x00000ea0 lsr r1, r1, 0x10 | r1 >>= 0x10;
0x00000ea4 add r0, pc, r0 | r0 = pc + r0;
0x00000ea8 pop {r4, r5, r6, r7, r8, lr} |
0x00000eac b 0x684 | return void (*0x684)() ();
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libip6t_DNAT.so @ 0xec4 */
| #include <stdint.h>
|
; (fcn) fcn.00000ec4 () | void fcn_00000ec4 (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00000ec4 push {r4, r5, r6, lr} |
0x00000ec8 mov r4, r0 | r4 = r0;
0x00000ecc ldr r0, [pc, 0x48] | r0 = *(0xf18);
0x00000ed0 mov r5, r1 | r5 = r1;
0x00000ed4 add r0, pc, r0 | r0 = pc + r0;
0x00000ed8 bl 0x684 | printf (r0, r1, r2, r3, r4, r5)
0x00000edc mov r1, r5 | r1 = r5;
0x00000ee0 mov r0, r4 | r0 = r4;
0x00000ee4 bl 0xd8c | fcn_00000d8c (r0, r1);
0x00000ee8 ldr r3, [r4] | r3 = *(r4);
0x00000eec tst r3, 4 |
| if ((r3 & 4) != 0) {
0x00000ef0 beq 0xf00 |
0x00000ef4 ldr r0, [pc, 0x24] | r0 = *(0xf1c);
0x00000ef8 add r0, pc, r0 | r0 = pc + r0;
0x00000efc bl 0x684 | printf (r0)
| }
0x00000f00 ldr r3, [r4] | r3 = *(r4);
0x00000f04 tst r3, 8 |
0x00000f08 popeq {r4, r5, r6, pc} |
0x00000f0c ldr r0, [pc, 0x10] | r0 = *(0xf20);
0x00000f10 pop {r4, r5, r6, lr} |
0x00000f14 add r0, pc, r0 | r0 = pc + r0;
0x00000f18 b 0x684 | return void (*0x684)() ();
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/56048-12514271.gzip_extract/gzip.uncompressed_extract/5243916-15068666.gzip_extract/gzip.uncompressed_extract/usr/lib/xtables/libip6t_DNAT.so @ 0xf34 */
| #include <stdint.h>
|
; (fcn) fcn.00000f34 () | void fcn_00000f34 (int32_t arg1, int32_t arg2) {
| r0 = arg1;
| r1 = arg2;
0x00000f34 push {r4, r5, r6, lr} |
0x00000f38 mov r4, r0 | r4 = r0;
0x00000f3c ldr r0, [pc, 0x48] | r0 = *(0xf88);
0x00000f40 mov r5, r1 | r5 = r1;
0x00000f44 add r0, pc, r0 | r0 = pc + r0;
0x00000f48 bl 0x684 | printf (r0, r1, r2, r3, r4, r5)
0x00000f4c mov r1, r5 | r1 = r5;
0x00000f50 mov r0, r4 | r0 = r4;
0x00000f54 bl 0xd8c | fcn_00000d8c (r0, r1);
0x00000f58 ldr r3, [r4] | r3 = *(r4);
0x00000f5c tst r3, 4 |
| if ((r3 & 4) != 0) {
0x00000f60 beq 0xf70 |
0x00000f64 ldr r0, [pc, 0x24] | r0 = *(0xf8c);
0x00000f68 add r0, pc, r0 | r0 = pc + r0;
0x00000f6c bl 0x684 | printf (r0)
| }
0x00000f70 ldr r3, [r4] | r3 = *(r4);
0x00000f74 tst r3, 8 |
0x00000f78 popeq {r4, r5, r6, pc} |
0x00000f7c ldr r0, [pc, 0x10] | r0 = "libxtables.so.12";
0x00000f80 pop {r4, r5, r6, lr} |
0x00000f84 add r0, pc, r0 | r0 = pc + r0;
0x00000f88 b 0x684 | return void (*0x684)() ();
| }
[*] Function printf used 9 times libip6t_DNAT.so
