IDA - ibnative-lib.so

.text:00002460 .text:00002460 ; =============== S U B R O U T I N E ======================================= .text:00002460 .text:00002460 ; Attributes: bp-based frame .text:00002460 .text:00002460 EXPORT Java_com_h1702ctf_ctfone5_CruelIntentions_one .text:00002460 Java_com_h1702ctf_ctfone5_CruelIntentions_one .text:00002460 .text:00002460 var_968 = -0x968 .text:00002460 anonymous_1 = -0x938 .text:00002460 anonymous_0 = -0x930 .text:00002460 var_8F8 = -0x8F8 .text:00002460 var_8F4 = -0x8F4 .text:00002460 var_8F0 = -0x8F0 .text:00002460 var_8EC = -0x8EC .text:00002460 var_C = -0xC .text:00002460 .text:00002460 PUSH.W {R4-R9,LR} .text:00002464 ADD R7, SP, #0xC .text:00002466 SUB.W SP, SP, #0x950 .text:0000246A SUB SP, SP, #4 .text:0000246C MOV R6, SP .text:0000246E ADD.W R2, R6, #0x78 .text:00002472 MOV R3, R1 .text:00002474 MOV R12, R0 .text:00002476 LDR.W LR, =(__stack_chk_guard_ptr - 0x247E) .text:0000247A ADD LR, PC ; __stack_chk_guard_ptr .text:0000247C LDR.W LR, [LR] ; __stack_chk_guard .text:00002480 LDR.W LR, [LR] .text:00002484 STR.W LR, [R6,#0x960+var_8EC] .text:00002488 STR R0, [R2,#0xC] .text:0000248A STR R1, [R2,#8] .text:0000248C MOVS R0, #3 ; option .text:0000248E STR R2, [R6,#0x960+var_8F0] .text:00002490 STR R3, [R6,#0x960+var_8F4] .text:00002492 STR.W R12, [R6,#0x960+var_8F8] .text:00002496 BLX prctl .text:0000249A CMP R0, #0 .text:0000249C BEQ loc_24DE .text:0000249E B loc_24A0 .text:000024A0 ; --------------------------------------------------------------------------- .text:000024A0 .text:000024A0 loc_24A0 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+3Ej .text:000024A0 LDR.W R0, =(byte_D064 - 0x24A8) .text:000024A4 ADD R0, PC ; byte_D064 .text:000024A6 LDRB R0, [R0] .text:000024A8 TST.W R0, #1 .text:000024AC BEQ loc_24BA .text:000024AE B loc_24B0 .text:000024B0 ; --------------------------------------------------------------------------- .text:000024B0 .text:000024B0 loc_24B0 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+4Ej .text:000024B0 MOVS R0, #0xB ; sig .text:000024B2 BLX raise .text:000024B6 STR R0, [R6,#0x64] .text:000024B8 B loc_24BA .text:000024BA ; --------------------------------------------------------------------------- .text:000024BA .text:000024BA loc_24BA ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+4Cj .text:000024BA ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+58j .text:000024BA SUB SP, SP, #8 .text:000024BC MOV R0, SP .text:000024BE MOVS R1, #0 .text:000024C0 STR R1, [R0,#0x968+var_968] .text:000024C2 MOVS R0, #4 ; option .text:000024C4 STR R1, [R6,#0x60] .text:000024C6 LDR R2, [R6,#0x60] .text:000024C8 LDR R3, [R6,#0x60] .text:000024CA BLX prctl .text:000024CE ADD SP, SP, #8 .text:000024D0 LDR.W R1, =(byte_D064 - 0x24D8) .text:000024D4 ADD R1, PC ; byte_D064 .text:000024D6 MOVS R2, #1 .text:000024D8 STRB R2, [R1] .text:000024DA STR R0, [R6,#0x5C] .text:000024DC B loc_24DE .text:000024DE ; --------------------------------------------------------------------------- .text:000024DE .text:000024DE loc_24DE ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+3Cj .text:000024DE ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+7Cj .text:000024DE MOV.W R0, #0x400 .text:000024E2 LDR R1, [R6,#0x70] .text:000024E4 STR R0, [R1,#0x1C] .text:000024E6 BLX getpid .text:000024EA LDR R1, [R6,#0x70] .text:000024EC STR R0, [R1,#0x18] .text:000024EE LDR.W R2, =(aProcDStatus - 0x24F6) .text:000024F2 ADD R2, PC ; "/proc/%d/status" .text:000024F4 ADD.W R3, R6, #0x550 .text:000024F8 STR R0, [R6,#0x58] .text:000024FA MOV R0, R3 ; s .text:000024FC MOV R1, R2 ; format .text:000024FE LDR R2, [R6,#0x58] .text:00002500 STR R3, [R6,#0x54] .text:00002502 BLX sprintf .text:00002506 LDR.W R1, =(aR - 0x250E) .text:0000250A ADD R1, PC ; "r" .text:0000250C LDR R2, [R6,#0x54] .text:0000250E STR R0, [R6,#0x50] .text:00002510 MOV R0, R2 ; filename .text:00002512 BLX fopen .text:00002516 LDR R1, [R6,#0x70] .text:00002518 STR R0, [R1,#0x14] .text:0000251A CMP R0, #0 .text:0000251C BEQ loc_2590 .text:0000251E B loc_2520 .text:00002520 ; --------------------------------------------------------------------------- .text:00002520 .text:00002520 loc_2520 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+BEj .text:00002520 B loc_2522 .text:00002522 ; --------------------------------------------------------------------------- .text:00002522 .text:00002522 loc_2522 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one:loc_2520j .text:00002522 ; Java_com_h1702ctf_ctfone5_CruelIntentions_one:loc_257Cj .text:00002522 LDR R0, [R6,#0x70] .text:00002524 LDR R2, [R0,#0x14] ; stream .text:00002526 ADD.W R0, R6, #0x150 ; s .text:0000252A MOV.W R1, #0x400 ; n .text:0000252E BLX fgets .text:00002532 CMP R0, #0 .text:00002534 BEQ loc_257E .text:00002536 B loc_2538 .text:00002538 ; --------------------------------------------------------------------------- .text:00002538 .text:00002538 loc_2538 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+D6j .text:00002538 LDR.W R0, =(aTracerpid - 0x2540) .text:0000253C ADD R0, PC ; "TracerPid" .text:0000253E ADD.W R1, R6, #0x150 .text:00002542 MOVS R2, #9 ; n .text:00002544 STR R0, [R6,#0x4C] .text:00002546 MOV R0, R1 ; s1 .text:00002548 LDR R1, [R6,#0x4C] ; s2 .text:0000254A BLX strncmp .text:0000254E CMP R0, #0 .text:00002550 BNE loc_257C .text:00002552 B loc_2554 .text:00002554 ; --------------------------------------------------------------------------- .text:00002554 .text:00002554 loc_2554 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+F2j .text:00002554 ADD.W R0, R6, #0x150 .text:00002558 ADDS R0, #0xA ; nptr .text:0000255A BLX atoi .text:0000255E LDR R1, [R6,#0x70] .text:00002560 STR R0, [R1,#0x10] .text:00002562 CMP R0, #0 .text:00002564 BEQ loc_257A .text:00002566 B loc_2568 .text:00002568 ; --------------------------------------------------------------------------- .text:00002568 .text:00002568 loc_2568 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+106j .text:00002568 LDR R0, [R6,#0x70] .text:0000256A LDR R0, [R0,#0x14] ; stream .text:0000256C BLX fclose .text:00002570 MOVS R1, #1 .text:00002572 STRB.W R1, [R6,#0x9B] .text:00002576 STR R0, [R6,#0x48] .text:00002578 B loc_2598 .text:0000257A ; --------------------------------------------------------------------------- .text:0000257A .text:0000257A loc_257A ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+104j .text:0000257A B loc_257E .text:0000257C ; --------------------------------------------------------------------------- .text:0000257C .text:0000257C loc_257C ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+F0j .text:0000257C B loc_2522 .text:0000257E ; --------------------------------------------------------------------------- .text:0000257E .text:0000257E loc_257E ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+D4j .text:0000257E ; Java_com_h1702ctf_ctfone5_CruelIntentions_one:loc_257Aj .text:0000257E LDR R0, [R6,#0x70] .text:00002580 LDR R0, [R0,#0x14] ; stream .text:00002582 BLX fclose .text:00002586 MOVS R1, #0 .text:00002588 STRB.W R1, [R6,#0x9B] .text:0000258C STR R0, [R6,#0x44] .text:0000258E B loc_2598 .text:00002590 ; --------------------------------------------------------------------------- .text:00002590 .text:00002590 loc_2590 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+BCj .text:00002590 MOVS R0, #0 .text:00002592 STRB.W R0, [R6,#0x9B] .text:00002596 B loc_2598 .text:00002598 ; --------------------------------------------------------------------------- .text:00002598 .text:00002598 loc_2598 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+118j .text:00002598 ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+12Ej ... .text:00002598 LDRB.W R0, [R6,#0x9B] .text:0000259C CMP R0, #1 .text:0000259E BNE loc_25AC .text:000025A0 B loc_25A2 .text:000025A2 ; --------------------------------------------------------------------------- .text:000025A2 .text:000025A2 loc_25A2 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+140j .text:000025A2 MOVS R0, #0xB ; sig .text:000025A4 BLX raise .text:000025A8 STR R0, [R6,#0x40] .text:000025AA B loc_25AC .text:000025AC ; --------------------------------------------------------------------------- .text:000025AC .text:000025AC loc_25AC ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+13Ej .text:000025AC ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+14Aj .text:000025AC LDR.W R0, =(off_CD3C - 0x25B4) .text:000025B0 ADD R0, PC ; off_CD3C .text:000025B2 ADD.W R1, R6, #0x138 .text:000025B6 LDMIA.W R0, {R2-R5,R12,LR} .text:000025BA STMIA.W R1, {R2-R5,R12,LR} .text:000025BE MOVS R0, #0 .text:000025C0 LDR R1, [R6,#0x70] .text:000025C2 STR R0, [R1,#4] .text:000025C4 STR R0, [R1] .text:000025C6 STR R0, [R1,#0x24] .text:000025C8 B loc_25CA .text:000025CA ; --------------------------------------------------------------------------- .text:000025CA .text:000025CA loc_25CA ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+168j .text:000025CA ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+1A8j .text:000025CA LDR R0, [R6,#0x70] .text:000025CC LDR R1, [R0,#0x24] .text:000025CE CMP R1, #0xA .text:000025D0 BHI loc_260A .text:000025D2 B loc_25D4 .text:000025D4 ; --------------------------------------------------------------------------- .text:000025D4 .text:000025D4 loc_25D4 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+172j .text:000025D4 LDR R0, [R6,#0x70] .text:000025D6 LDR R1, [R0,#0x24] .text:000025D8 LDR.W R2, =(g_su_paths_ptr - 0x25E0) .text:000025DC ADD R2, PC ; g_su_paths_ptr .text:000025DE LDR R2, [R2] ; g_su_paths .text:000025E0 LDR.W R1, [R2,R1,LSL#2] .text:000025E4 STR R1, [R0,#0x2C] .text:000025E6 MOVS R2, #0 .text:000025E8 MOV R0, R1 ; name .text:000025EA MOV R1, R2 ; type .text:000025EC BLX access .text:000025F0 CMP.W R0, #0xFFFFFFFF .text:000025F4 BNE loc_2600 .text:000025F6 B loc_25F8 .text:000025F8 ; --------------------------------------------------------------------------- .text:000025F8 .text:000025F8 loc_25F8 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+196j .text:000025F8 MOVS R0, #1 .text:000025FA STRB.W R0, [R6,#0xA3] .text:000025FE B loc_2612 .text:00002600 ; --------------------------------------------------------------------------- .text:00002600 .text:00002600 loc_2600 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+194j .text:00002600 LDR R0, [R6,#0x70] .text:00002602 LDR R1, [R0,#0x24] .text:00002604 ADDS R1, #1 .text:00002606 STR R1, [R0,#0x24] .text:00002608 B loc_25CA .text:0000260A ; --------------------------------------------------------------------------- .text:0000260A .text:0000260A loc_260A ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+170j .text:0000260A MOVS R0, #0 .text:0000260C STRB.W R0, [R6,#0xA3] .text:00002610 B loc_2612 .text:00002612 ; --------------------------------------------------------------------------- .text:00002612 .text:00002612 loc_2612 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+19Ej .text:00002612 ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+1B0j .text:00002612 LDRB.W R0, [R6,#0xA3] .text:00002616 CMP R0, #0 .text:00002618 BNE loc_261E .text:0000261A B loc_261C .text:0000261C ; --------------------------------------------------------------------------- .text:0000261C .text:0000261C loc_261C ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+1BAj .text:0000261C B loc_2828 .text:0000261E ; --------------------------------------------------------------------------- .text:0000261E .text:0000261E loc_261E ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+1B8j .text:0000261E BL sub_29A8 .text:00002622 MOV R1, #0xAAAAAAAB .text:0000262A UMULL.W R1, R2, R0, R1 .text:0000262E LSRS R2, R2, #2 .text:00002630 ADD.W R2, R2, R2,LSL#1 .text:00002634 SUB.W R0, R0, R2,LSL#1 .text:00002638 LDR R2, [R6,#0x70] .text:0000263A STR R0, [R2,#4] .text:0000263C STR R1, [R6,#0x3C] .text:0000263E B loc_2640 .text:00002640 ; --------------------------------------------------------------------------- .text:00002640 .text:00002640 loc_2640 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+1DEj .text:00002640 ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+3C6j .text:00002640 LDR R0, [R6,#0x70] .text:00002642 LDR R1, [R0,#4] .text:00002644 ADD.W R2, R6, #0x138 .text:00002648 LDR.W R1, [R2,R1,LSL#2] .text:0000264C MOV R2, SP .text:0000264E STR R1, [R0,#0x4C] .text:00002650 MOVS R1, #1 .text:00002652 STRB.W R1, [R6,#0xC3] .text:00002656 MOVS R1, #0 .text:00002658 STR R1, [R0,#0x44] .text:0000265A STR R1, [R0,#0x40] .text:0000265C STR R1, [R0,#0x3C] .text:0000265E STR R1, [R0,#0x38] .text:00002660 STR R2, [R6,#0x38] .text:00002662 B loc_2664 .text:00002664 ; --------------------------------------------------------------------------- .text:00002664 .text:00002664 loc_2664 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+202j .text:00002664 ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+21Aj .text:00002664 LDR R0, [R6,#0x70] .text:00002666 LDR R1, [R0,#0x44] .text:00002668 LDR R2, [R0,#0x4C] .text:0000266A LDRB R1, [R2,R1] .text:0000266C CMP R1, #0 .text:0000266E BEQ loc_267C .text:00002670 B loc_2672 .text:00002672 ; --------------------------------------------------------------------------- .text:00002672 .text:00002672 loc_2672 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+210j .text:00002672 LDR R0, [R6,#0x70] .text:00002674 LDR R1, [R0,#0x44] .text:00002676 ADDS R1, #1 .text:00002678 STR R1, [R0,#0x44] .text:0000267A B loc_2664 .text:0000267C ; --------------------------------------------------------------------------- .text:0000267C .text:0000267C loc_267C ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+20Ej .text:0000267C LDR R0, [R6,#0x70] .text:0000267E LDR R1, [R0,#0x44] .text:00002680 MOV R2, SP .text:00002682 STR R2, [R0,#0x34] .text:00002684 ADDS R1, #8 .text:00002686 BIC.W R1, R1, #7 .text:0000268A MOV R2, SP .text:0000268C SUBS R1, R2, R1 .text:0000268E MOV SP, R1 .text:00002690 STR R1, [R6,#0x34] .text:00002692 B loc_2694 .text:00002694 ; --------------------------------------------------------------------------- .text:00002694 .text:00002694 loc_2694 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+232j .text:00002694 ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+2DCj .text:00002694 LDR R0, [R6,#0x70] .text:00002696 LDR R1, [R0,#0x40] .text:00002698 LDR R2, [R0,#0x44] .text:0000269A CMP R1, R2 .text:0000269C BGE loc_273E .text:0000269E B loc_26A0 .text:000026A0 ; --------------------------------------------------------------------------- .text:000026A0 .text:000026A0 loc_26A0 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+23Ej .text:000026A0 B loc_26A2 .text:000026A2 ; --------------------------------------------------------------------------- .text:000026A2 .text:000026A2 loc_26A2 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one:loc_26A0j .text:000026A2 ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+2A0j .text:000026A2 LDR R0, [R6,#0x70] .text:000026A4 LDR R1, [R0,#0x40] .text:000026A6 LDR R2, [R0,#0x4C] .text:000026A8 LDRB R1, [R2,R1] .text:000026AA CMP R1, #0x41 .text:000026AC BLT loc_26C2 .text:000026AE B loc_26B0 .text:000026B0 ; --------------------------------------------------------------------------- .text:000026B0 .text:000026B0 loc_26B0 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+24Ej .text:000026B0 LDR R0, [R6,#0x70] .text:000026B2 LDR R1, [R0,#0x40] .text:000026B4 LDR R2, [R0,#0x4C] .text:000026B6 LDRB R1, [R2,R1] .text:000026B8 MOVS R2, #1 .text:000026BA CMP R1, #0x5B .text:000026BC STR R2, [R6,#0x30] .text:000026BE BLT loc_26EE .text:000026C0 B loc_26C2 .text:000026C2 ; --------------------------------------------------------------------------- .text:000026C2 .text:000026C2 loc_26C2 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+24Cj .text:000026C2 ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+260j .text:000026C2 LDR R0, [R6,#0x70] .text:000026C4 LDR R1, [R0,#0x40] .text:000026C6 LDR R2, [R0,#0x4C] .text:000026C8 LDRB R1, [R2,R1] .text:000026CA MOVS R2, #0 .text:000026CC CMP R1, #0x61 .text:000026CE STR R2, [R6,#0x2C] .text:000026D0 BLT loc_26E8 .text:000026D2 B loc_26D4 .text:000026D4 ; --------------------------------------------------------------------------- .text:000026D4 .text:000026D4 loc_26D4 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+272j .text:000026D4 LDR R0, [R6,#0x70] .text:000026D6 LDR R1, [R0,#0x40] .text:000026D8 LDR R2, [R0,#0x4C] .text:000026DA LDRB R1, [R2,R1] .text:000026DC MOVS R2, #0 .text:000026DE CMP R1, #0x7B .text:000026E0 IT LT .text:000026E2 MOVLT R2, #1 .text:000026E4 STR R2, [R6,#0x2C] .text:000026E6 B loc_26E8 .text:000026E8 ; --------------------------------------------------------------------------- .text:000026E8 .text:000026E8 loc_26E8 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+270j .text:000026E8 ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+286j .text:000026E8 LDR R0, [R6,#0x2C] .text:000026EA STR R0, [R6,#0x30] .text:000026EC B loc_26EE .text:000026EE ; --------------------------------------------------------------------------- .text:000026EE .text:000026EE loc_26EE ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+25Ej .text:000026EE ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+28Cj .text:000026EE LDR R0, [R6,#0x30] .text:000026F0 TST.W R0, #1 .text:000026F4 BEQ loc_2702 .text:000026F6 B loc_26F8 .text:000026F8 ; --------------------------------------------------------------------------- .text:000026F8 .text:000026F8 loc_26F8 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+296j .text:000026F8 LDR R0, [R6,#0x70] .text:000026FA LDR R1, [R0,#0x40] .text:000026FC ADDS R1, #1 .text:000026FE STR R1, [R0,#0x40] .text:00002700 B loc_26A2 .text:00002702 ; --------------------------------------------------------------------------- .text:00002702 .text:00002702 loc_2702 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+294j .text:00002702 LDR R0, [R6,#0x70] .text:00002704 LDR R1, [R0,#0x3C] .text:00002706 STR R1, [R0,#0x30] .text:00002708 B loc_270A .text:0000270A ; --------------------------------------------------------------------------- .text:0000270A .text:0000270A loc_270A ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+2A8j .text:0000270A ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+2D0j .text:0000270A LDR R0, [R6,#0x70] .text:0000270C LDR R1, [R0,#0x30] .text:0000270E LDR R2, [R0,#0x40] .text:00002710 CMP R1, R2 .text:00002712 BGE loc_2732 .text:00002714 B loc_2716 .text:00002716 ; --------------------------------------------------------------------------- .text:00002716 .text:00002716 loc_2716 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+2B4j .text:00002716 LDR R0, [R6,#0x70] .text:00002718 LDR R1, [R0,#0x30] .text:0000271A LDR R2, [R0,#0x4C] .text:0000271C LDRB R1, [R2,R1] .text:0000271E LDR R2, [R0,#0x38] .text:00002720 LDR R3, [R6,#0x34] .text:00002722 STRB R1, [R3,R2] .text:00002724 LDR R1, [R0,#0x38] .text:00002726 ADDS R1, #1 .text:00002728 STR R1, [R0,#0x38] .text:0000272A LDR R1, [R0,#0x30] .text:0000272C ADDS R1, #1 .text:0000272E STR R1, [R0,#0x30] .text:00002730 B loc_270A .text:00002732 ; --------------------------------------------------------------------------- .text:00002732 .text:00002732 loc_2732 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+2B2j .text:00002732 LDR R0, [R6,#0x70] .text:00002734 LDR R1, [R0,#0x40] .text:00002736 ADDS R1, #1 .text:00002738 STR R1, [R0,#0x40] .text:0000273A STR R1, [R0,#0x3C] .text:0000273C B loc_2694 .text:0000273E ; --------------------------------------------------------------------------- .text:0000273E .text:0000273E loc_273E ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+23Cj .text:0000273E LDR R0, [R6,#0x70] .text:00002740 LDR R1, [R0,#0x38] .text:00002742 MOVS R2, #0 .text:00002744 LDR R3, [R6,#0x34] .text:00002746 STRB R2, [R3,R1] .text:00002748 STR R2, [R0,#0x40] .text:0000274A B loc_274C .text:0000274C ; --------------------------------------------------------------------------- .text:0000274C .text:0000274C loc_274C ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+2EAj .text:0000274C ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+3A6j .text:0000274C LDR R0, [R6,#0x70] .text:0000274E LDR R1, [R0,#0x40] .text:00002750 LDR R2, [R0,#0x38] .text:00002752 SUBS R2, #1 .text:00002754 ADD.W R2, R2, R2,LSR#31 .text:00002758 MOVS R3, #0 .text:0000275A CMP.W R1, R2,ASR#1 .text:0000275E STR R3, [R6,#0x28] .text:00002760 BGT loc_276C .text:00002762 B loc_2764 .text:00002764 ; --------------------------------------------------------------------------- .text:00002764 .text:00002764 loc_2764 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+302j .text:00002764 LDRB.W R0, [R6,#0xC3] .text:00002768 STR R0, [R6,#0x28] .text:0000276A B loc_276C .text:0000276C ; --------------------------------------------------------------------------- .text:0000276C .text:0000276C loc_276C ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+300j .text:0000276C ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+30Aj .text:0000276C LDR R0, [R6,#0x28] .text:0000276E TST.W R0, #1 .text:00002772 BEQ loc_2808 .text:00002774 B loc_2776 .text:00002776 ; --------------------------------------------------------------------------- .text:00002776 .text:00002776 loc_2776 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+314j .text:00002776 LDR R0, [R6,#0x70] .text:00002778 LDR R1, [R0,#0x40] .text:0000277A LDR R2, [R0,#0x38] .text:0000277C SUBS R2, R2, R1 .text:0000277E LDR R3, [R6,#0x34] .text:00002780 ADD R2, R3 .text:00002782 LDRB R1, [R3,R1] .text:00002784 LDRB.W R2, [R2,#-1] .text:00002788 CMP R1, R2 .text:0000278A BEQ loc_27FE .text:0000278C B loc_278E .text:0000278E ; --------------------------------------------------------------------------- .text:0000278E .text:0000278E loc_278E ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+32Cj .text:0000278E LDR R0, [R6,#0x70] .text:00002790 LDR R1, [R0,#0x40] .text:00002792 LDR R2, [R0,#0x38] .text:00002794 SUBS R2, R2, R1 .text:00002796 LDR R3, [R6,#0x34] .text:00002798 ADD R2, R3 .text:0000279A LDRB R1, [R3,R1] .text:0000279C LDRB.W R2, [R2,#-1] .text:000027A0 SUBS R2, #0x20 .text:000027A2 CMP R1, R2 .text:000027A4 BEQ loc_27FE .text:000027A6 B loc_27A8 .text:000027A8 ; --------------------------------------------------------------------------- .text:000027A8 .text:000027A8 loc_27A8 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+346j .text:000027A8 LDR R0, [R6,#0x70] .text:000027AA LDR R1, [R0,#0x40] .text:000027AC LDR R2, [R0,#0x38] .text:000027AE SUBS R2, R2, R1 .text:000027B0 LDR R3, [R6,#0x34] .text:000027B2 ADD R2, R3 .text:000027B4 LDRB R1, [R3,R1] .text:000027B6 LDRB.W R2, [R2,#-1] .text:000027BA ADDS R2, #0x20 .text:000027BC CMP R1, R2 .text:000027BE BEQ loc_27FE .text:000027C0 B loc_27C2 .text:000027C2 ; --------------------------------------------------------------------------- .text:000027C2 .text:000027C2 loc_27C2 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+360j .text:000027C2 LDR R0, [R6,#0x70] .text:000027C4 LDR R1, [R0,#0x40] .text:000027C6 LDR R2, [R0,#0x38] .text:000027C8 SUBS R2, R2, R1 .text:000027CA LDR R3, [R6,#0x34] .text:000027CC ADD R2, R3 .text:000027CE LDRB R1, [R3,R1] .text:000027D0 SUBS R1, #0x20 .text:000027D2 LDRB.W R2, [R2,#-1] .text:000027D6 CMP R1, R2 .text:000027D8 BEQ loc_27FE .text:000027DA B loc_27DC .text:000027DC ; --------------------------------------------------------------------------- .text:000027DC .text:000027DC loc_27DC ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+37Aj .text:000027DC LDR R0, [R6,#0x70] .text:000027DE LDR R1, [R0,#0x40] .text:000027E0 LDR R2, [R0,#0x38] .text:000027E2 SUBS R2, R2, R1 .text:000027E4 LDR R3, [R6,#0x34] .text:000027E6 ADD R2, R3 .text:000027E8 LDRB R1, [R3,R1] .text:000027EA ADDS R1, #0x20 .text:000027EC LDRB.W R2, [R2,#-1] .text:000027F0 CMP R1, R2 .text:000027F2 BEQ loc_27FE .text:000027F4 B loc_27F6 .text:000027F6 ; --------------------------------------------------------------------------- .text:000027F6 .text:000027F6 loc_27F6 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+394j .text:000027F6 MOVS R0, #0 .text:000027F8 STRB.W R0, [R6,#0xC3] .text:000027FC B loc_27FE .text:000027FE ; --------------------------------------------------------------------------- .text:000027FE .text:000027FE loc_27FE ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+32Aj .text:000027FE ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+344j ... .text:000027FE LDR R0, [R6,#0x70] .text:00002800 LDR R1, [R0,#0x40] .text:00002802 ADDS R1, #1 .text:00002804 STR R1, [R0,#0x40] .text:00002806 B loc_274C .text:00002808 ; --------------------------------------------------------------------------- .text:00002808 .text:00002808 loc_2808 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+312j .text:00002808 LDRB.W R0, [R6,#0xC3] .text:0000280C LDR R1, [R6,#0x70] .text:0000280E LDR R2, [R1,#0x34] .text:00002810 MOV SP, R2 .text:00002812 LDR R2, [R6,#0x38] .text:00002814 MOV SP, R2 .text:00002816 TST.W R0, #1 .text:0000281A BEQ loc_2820 .text:0000281C B loc_281E .text:0000281E ; --------------------------------------------------------------------------- .text:0000281E .text:0000281E loc_281E ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+3BCj .text:0000281E B loc_2940 .text:00002820 ; --------------------------------------------------------------------------- .text:00002820 .text:00002820 loc_2820 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+3BAj .text:00002820 MOVS R0, #0 .text:00002822 LDR R1, [R6,#0x70] .text:00002824 STR R0, [R1,#4] .text:00002826 B loc_2640 .text:00002828 ; --------------------------------------------------------------------------- .text:00002828 .text:00002828 loc_2828 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one:loc_261Cj .text:00002828 MOV.W R0, #0x400 .text:0000282C LDR R1, [R6,#0x70] .text:0000282E STR R0, [R1,#0x5C] .text:00002830 BLX getpid .text:00002834 LDR R1, [R6,#0x70] .text:00002836 STR R0, [R1,#0x58] .text:00002838 LDR R2, =(aProcDStatus - 0x283E) .text:0000283A ADD R2, PC ; "/proc/%d/status" .text:0000283C ADD.W R3, R6, #0x550 .text:00002840 STR R0, [R6,#0x24] .text:00002842 MOV R0, R3 ; s .text:00002844 MOV R1, R2 ; format .text:00002846 LDR R2, [R6,#0x24] .text:00002848 STR R3, [R6,#0x20] .text:0000284A BLX sprintf .text:0000284E LDR R1, =(aR - 0x2854) .text:00002850 ADD R1, PC ; "r" .text:00002852 LDR R2, [R6,#0x20] .text:00002854 STR R0, [R6,#0x1C] .text:00002856 MOV R0, R2 ; filename .text:00002858 BLX fopen .text:0000285C LDR R1, [R6,#0x70] .text:0000285E STR R0, [R1,#0x54] .text:00002860 CMP R0, #0 .text:00002862 BEQ loc_28D4 .text:00002864 B loc_2866 .text:00002866 ; --------------------------------------------------------------------------- .text:00002866 .text:00002866 loc_2866 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+404j .text:00002866 B loc_2868 .text:00002868 ; --------------------------------------------------------------------------- .text:00002868 .text:00002868 loc_2868 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one:loc_2866j .text:00002868 ; Java_com_h1702ctf_ctfone5_CruelIntentions_one:loc_28C0j .text:00002868 LDR R0, [R6,#0x70] .text:0000286A LDR R2, [R0,#0x54] ; stream .text:0000286C ADD.W R0, R6, #0x150 ; s .text:00002870 MOV.W R1, #0x400 ; n .text:00002874 BLX fgets .text:00002878 CMP R0, #0 .text:0000287A BEQ loc_28C2 .text:0000287C B loc_287E .text:0000287E ; --------------------------------------------------------------------------- .text:0000287E .text:0000287E loc_287E ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+41Cj .text:0000287E LDR R0, =(aTracerpid - 0x2884) .text:00002880 ADD R0, PC ; "TracerPid" .text:00002882 ADD.W R1, R6, #0x150 .text:00002886 MOVS R2, #9 ; n .text:00002888 STR R0, [R6,#0x18] .text:0000288A MOV R0, R1 ; s1 .text:0000288C LDR R1, [R6,#0x18] ; s2 .text:0000288E BLX strncmp .text:00002892 CMP R0, #0 .text:00002894 BNE loc_28C0 .text:00002896 B loc_2898 .text:00002898 ; --------------------------------------------------------------------------- .text:00002898 .text:00002898 loc_2898 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+436j .text:00002898 ADD.W R0, R6, #0x150 .text:0000289C ADDS R0, #0xA ; nptr .text:0000289E BLX atoi .text:000028A2 LDR R1, [R6,#0x70] .text:000028A4 STR R0, [R1,#0x50] .text:000028A6 CMP R0, #0 .text:000028A8 BEQ loc_28BE .text:000028AA B loc_28AC .text:000028AC ; --------------------------------------------------------------------------- .text:000028AC .text:000028AC loc_28AC ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+44Aj .text:000028AC LDR R0, [R6,#0x70] .text:000028AE LDR R0, [R0,#0x54] ; stream .text:000028B0 BLX fclose .text:000028B4 MOVS R1, #1 .text:000028B6 STRB.W R1, [R6,#0xDB] .text:000028BA STR R0, [R6,#0x14] .text:000028BC B loc_28DC .text:000028BE ; --------------------------------------------------------------------------- .text:000028BE .text:000028BE loc_28BE ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+448j .text:000028BE B loc_28C2 .text:000028C0 ; --------------------------------------------------------------------------- .text:000028C0 .text:000028C0 loc_28C0 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+434j .text:000028C0 B loc_2868 .text:000028C2 ; --------------------------------------------------------------------------- .text:000028C2 .text:000028C2 loc_28C2 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+41Aj .text:000028C2 ; Java_com_h1702ctf_ctfone5_CruelIntentions_one:loc_28BEj .text:000028C2 LDR R0, [R6,#0x70] .text:000028C4 LDR R0, [R0,#0x54] ; stream .text:000028C6 BLX fclose .text:000028CA MOVS R1, #0 .text:000028CC STRB.W R1, [R6,#0xDB] .text:000028D0 STR R0, [R6,#0x10] .text:000028D2 B loc_28DC .text:000028D4 ; --------------------------------------------------------------------------- .text:000028D4 .text:000028D4 loc_28D4 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+402j .text:000028D4 MOVS R0, #0 .text:000028D6 STRB.W R0, [R6,#0xDB] .text:000028DA B loc_28DC .text:000028DC ; --------------------------------------------------------------------------- .text:000028DC .text:000028DC loc_28DC ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+45Cj .text:000028DC ; Java_com_h1702ctf_ctfone5_CruelIntentions_one+472j ... .text:000028DC LDRB.W R0, [R6,#0xDB] .text:000028E0 CMP R0, #1 .text:000028E2 BNE loc_28F0 .text:000028E4 B loc_28E6 .text:000028E6 ; --------------------------------------------------------------------------- .text:000028E6 .text:000028E6 loc_28E6 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+484j .text:000028E6 MOVS R0, #0xB ; sig .text:000028E8 BLX raise .text:000028EC STR R0, [R6,#0xC] .text:000028EE B loc_291E .text:000028F0 ; --------------------------------------------------------------------------- .text:000028F0 .text:000028F0 loc_28F0 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+482j .text:000028F0 ADD.W R0, R6, #0xDC .text:000028F4 MOVS R1, #0x5C .text:000028F6 STR R0, [R6,#8] .text:000028F8 BLX __aeabi_memclr .text:000028FC LDR R0, =(aMobsec_setme - 0x2902) .text:000028FE ADD R0, PC ; "mobsec.setme" .text:00002900 LDR R1, [R6,#8] .text:00002902 BLX __system_property_get .text:00002906 LDR R1, [R6,#8] .text:00002908 STR R0, [R6,#4] .text:0000290A MOV R0, R1 ; nptr .text:0000290C BLX atoi .text:00002910 LDR R1, [R6,#0x70] .text:00002912 STR R0, [R1] .text:00002914 CMP R0, #1 .text:00002916 BNE loc_291C .text:00002918 B loc_291A .text:0000291A ; --------------------------------------------------------------------------- .text:0000291A .text:0000291A loc_291A ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+4B8j .text:0000291A B loc_293E .text:0000291C ; --------------------------------------------------------------------------- .text:0000291C .text:0000291C loc_291C ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+4B6j .text:0000291C B loc_2940 .text:0000291E ; --------------------------------------------------------------------------- .text:0000291E .text:0000291E loc_291E ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+48Ej .text:0000291E B loc_2920 .text:00002920 ; --------------------------------------------------------------------------- .text:00002920 .text:00002920 loc_2920 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one:loc_291Ej .text:00002920 ; Java_com_h1702ctf_ctfone5_CruelIntentions_one:loc_293Ej .text:00002920 LDR R0, =0x5F53D58F .text:00002922 LDR R3, =0x5F53D58F .text:00002924 ADD R0, R3 .text:00002926 LDR R1, =0x7D670F2A .text:00002928 LDR R3, =0x7D670F2B .text:0000292A ADD R1, R3 .text:0000292C LDR R2, =0x6D3D5D2F .text:0000292E LDR R3, =0x6D3D5D2F .text:00002930 ADD R2, R3 .text:00002932 LDR R3, =0x6F56DD5F .text:00002934 LDR.W LR, =0x6F56DD5F .text:00002938 ADD LR, R3 .text:0000293A BX LR .text:0000293C ; --------------------------------------------------------------------------- .text:0000293C B loc_2940 .text:0000293E ; --------------------------------------------------------------------------- .text:0000293E .text:0000293E loc_293E ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one:loc_291Aj .text:0000293E B loc_2920 .text:00002940 ; --------------------------------------------------------------------------- .text:00002940 .text:00002940 loc_2940 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one:loc_281Ej .text:00002940 ; Java_com_h1702ctf_ctfone5_CruelIntentions_one:loc_291Cj ... .text:00002940 LDR R0, =(__stack_chk_guard_ptr - 0x2946) .text:00002942 ADD R0, PC ; __stack_chk_guard_ptr .text:00002944 LDR R0, [R0] ; __stack_chk_guard .text:00002946 LDR R0, [R0] .text:00002948 LDR R1, [R6,#0x74] .text:0000294A CMP R0, R1 .text:0000294C BNE loc_295A .text:0000294E B loc_2950 .text:00002950 ; --------------------------------------------------------------------------- .text:00002950 .text:00002950 loc_2950 ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+4EEj .text:00002950 SUB.W R4, R7, #-var_C .text:00002954 MOV SP, R4 .text:00002956 POP.W {R4-R9,PC} .text:0000295A ; --------------------------------------------------------------------------- .text:0000295A .text:0000295A loc_295A ; CODE XREF: Java_com_h1702ctf_ctfone5_CruelIntentions_one+4ECj .text:0000295A BLX __stack_chk_fail .text:0000295A ; End of function Java_com_h1702ctf_ctfone5_CruelIntentions_one .text:0000295A .text:0000295E ; --------------------------------------------------------------------------- .text:0000295E NOP .text:0000295E ; ---------------------------------------------------------------------------