File Information hashes and primary classification
File name
a344eab689251264b208fabbbf23c7d12e652e9b372957af916446142398c382
File size
915.2 KiB
Architecture
ARMV7
- MD5
- 3038fe4a6ea146f660b42f5813a5b6f6
- SHA1
- 87ef4b1f9579a2acf618ba97ba8d4a0a37fe5a02
- SHA256
- a344eab689251264b208fabbbf23c7d12e652e9b372957af916446142398c382
- TLSH
- T1201519a9f880df72c6c0667afb8dc25533131779d3de720ac918573437ab46b0a3aa45
- Imphash
- -
- Rich header
- -
Metadata parser-extracted fields
YARA Signatures 2 matching rules
Type.UNCOMMON
network
PostHttpForm
Type.INFO
library
Zlib
Kesakode similarity verdict
No Kesakode verdict available.
Anomalies signals worth reviewing
strings:
BigStringHiScore
code:
HighXrefLoopingFunction
ManyHighValueImmediates
ManyUniqueImmediateBytes
SequentialFunction
SpaghettiFunction
XorInLoop
Constants identified constants and patterns
compress:
zinflate_distanceExtraBits__8_byt_30
2
zinflate_lengthExtraBits__8_byt_29
2
unlzx_table_three__16_lil_32
1
zinflate_distanceStarts__16_lil_60
1
zinflate_lengthStarts__16_lil_58
1
crypto:
B64EncodeTable__8_byt_ASC_64
1
Crypton_kp__32_lil_16
1
DES_initial_permutation_IP__8_byt_64
1
DES_p32i__8_byt_32
1
DES_permuted_choice_key__table___8_byt_48
1
DES_permuted_choice_table__key___8_byt_56
1
Misty_md5const__32_lil_256
1
UUEncodeTable__8_byt_ASC_64
1
hash:
Hash_constant_words_K_for_SHA_384_and_SHA_512__64_lil_640
1
Strings highest-value extracted strings
| Address | String | Refs | Encoding | Score |
|---|---|---|---|---|
| 0xE0FD2 | <HTML><HEAD><TITLE>%d %s</TITLE></HEAD>\n<BODY><H1>%d %s</H1>\n%s\n</BODY></HTML>\n | 1 | ASCII | 170 |
| 0xE3E4A | Content-Type: application/x-www-form-urlencoded\r\nContent-Length: %u\r\n\r\n%s | 0 | ASCII | 164 |
| 0xE820B | /sys/class/tty/console/active | 1 | ASCII | 163 |
| 0xE52BE | /usr/share/udhcpc/default.script | 1 | ASCII | 162 |
| 0xDB836 | Copyright (C) 1998-2011 Erik Andersen, Rob Landley, Denys Vlasenko\nand others. Licensed under GPLv2.\nSee source dis... | 1 | ASCII | 161 |
| 0xE9E84 | Building a new %s. Changes will remain in memory only,\nuntil you decide to write them. After that the previous conte... | 1 | ASCII | 161 |
| 0xEC134 | Device '%s':\nheads:%u, sectors/track:%u, bytes/sector:%u\nmedia descriptor:%02x\ntotal sectors:%llu, clusters:%u, se... | 1 | ASCII | 160 |
| 0xEB7D5 | \nShared memory Segment shmid=%d\nuid=%d gid=%d cuid=%d cgid=%d\nmode=%#o access_perms=%#o\nbytes=%ld lpid=%d cpid=%d... | 1 | ASCII | 160 |
| 0xEABD1 | %6u zones used (%u%%)\n\n%6u regular files\n%6u directories\n%6u character device files\n%6u block device files\n%6u ... | 1 | ASCII | 159 |
| 0xE171A | bootpc[[ --bootfile %bootfile%]] --dev %iface%[[ --server %server%]][[ --hwaddr %hwaddr%]] --returniffail --serverbcast | 1 | ASCII | 159 |
| 0xEED3C | File: %N\n Size: %-10s Blocks: %-10b IO Block: %-6o %F\nDevice: %Dh/%dd Inode: %-10i Links: %-5h Device type: %t,... | 1 | ASCII | 158 |
| 0xE1818 | udhcpc -R -n -p /var/run/udhcpc.%iface%.pid -i %iface%[[ -H %hostname%]][[ -c %client%]][[ -s %script%]][[ %udhcpc_op... | 1 | ASCII | 158 |
| 0xEB897 | \nSemaphore Array semid=%d\nuid=%d gid=%d cuid=%d cgid=%d\nmode=%#o, access_perms=%#o\nnsems = %ld\notime = %-26.2... | 1 | ASCII | 158 |
| 0xE4449 | /proc/sys/net/ipv4/route/flush | 1 | ASCII | 158 |
| 0xE15B4 | /etc/ifplugd/ifplugd.action | 1 | ASCII | 158 |
| 0xE4D3B | /etc/iproute2/rt_scopes | 1 | ASCII | 158 |
| 0xE4CF7 | /etc/iproute2/rt_protos | 1 | ASCII | 158 |
| 0xEBB29 | /sys/bus/usb/devices | 1 | ASCII | 158 |
| 0xDFB23 | Command being timed: "%C"\n User time (seconds): %U\n System time (seconds): %S\n Percent of CPU this job got: %P\n ... | 1 | ASCII | 157 |
| 0xEBD6B | Filesystem label=%s\nOS type: Linux\nBlock size=%u (log=%u)\nFragment size=%u (log=%u)\n%u inodes, %u blocks\n%u bloc... | 1 | ASCII | 157 |
| 0xE35EA | \r\nConsole escape. Commands are:\r\n\n l go to line mode\r\n c go to character mode\r\n z suspend telnet\r\n e exit ... | 1 | ASCII | 157 |
| 0xE9561 | Type 0 means free space to many systems\n(but not to Linux). Having partitions of\ntype 0 is probably unwise. | 1 | ASCII | 157 |
| 0xEB575 | max number of segments = %lu\nmax seg size (kbytes) = %lu\nmax total shared memory (pages) = %lu\nmin seg size (bytes... | 1 | ASCII | 156 |
| 0xE70AE | write supervise/status.new | 1 | ASCII | 156 |
| 0xE18EB | /etc/network/interfaces | 1 | ASCII | 156 |
| 0xDBB7A | 0123456789ABCDEF | 1 | ASCII | 156 |
| 0xE5EE1 | /tmp/lprXXXXXX | 1 | ASCII | 156 |
| 0xEE38F | warning: '%s': using '^' as the first character\nof a basic regular expression is not portable; it is ignored | 1 | ASCII | 155 |
| 0xDD8F0 | }\n RawCHS=%u/%u/%u, TrkSize=%u, SectSize=%u, ECCbytes=%u\n BuffType=(%u) %s, BuffSize=%ukB, MaxMultSect=%u | 1 | ASCII | 155 |
| 0xE1BC4 | ip addr add %address%/%bnmask%[[ broadcast %broadcast%]] dev %iface%[[ peer %pointopoint%]][[ label %label%]] | 1 | ASCII | 154 |
| 0xEAA0D | %u inodes\n%u blocks\nFirstdatazone=%u (%u)\nZonesize=%u\nMaxsize=%u\nFilesystem state=%u\nnamelen=%u\n\n | 1 | ASCII | 154 |
| 0xE4CDE | /etc/iproute2/rt_dsfield | 1 | ASCII | 154 |
| 0xE8D5E | /dev/input/event | 1 | ASCII | 154 |
| 0xEBC05 | /sys/class/block | 1 | ASCII | 154 |
| 0xED2AB | Length Method Size Ratio Date Time CRC-32 Name\n-------- ------ ------- ----- ---- ---- -----... | 1 | ASCII | 153 |
| 0xE2C9C | reply from %s: offset:%+f delay:%f status:0x%02x strat:%d refid:0x%08x rootdelay:%f reach:0x%02x | 1 | ASCII | 153 |
| 0xE1792 | test -f /var/run/udhcpc.%iface%.pid && kill `cat /var/run/udhcpc.%iface%.pid` 2>/dev/null | 1 | ASCII | 153 |
| 0xE1E55 | start-stop-daemon --start -x wvdial -p /var/run/wvdial.%iface% -b -m --[[ %provider%]] | 1 | ASCII | 153 |
| 0xDC4D7 | Give root password for system maintenance\n(or type Control-D for normal startup): | 1 | ASCII | 153 |
| 0xE4D0F | /etc/iproute2/rt_realms | 1 | ASCII | 153 |
| 0xE8DA0 | /var/run/acpid.pid | 1 | ASCII | 153 |
| 0xE0CC5 | /cgi-bin/index.cgi | 1 | ASCII | 153 |
| 0xE0367 | 255.255.255.255 | 1 | ASCII | 153 |
| 0xEBB56 | /sys/class/ | 1 | ASCII | 153 |
| 0xDC9DE | )\n-p timeconstant: %ld\n precision: %ld\n tolerance: %ld\n-t tick: %ld\n time.tv_sec: %ld\... | 1 | ASCII | 152 |
| 0xEEEE6 | File: "%n"\n ID: %-8i Namelen: %-7l Type: %T\nBlock size: %-10s\nBlocks: Total: %-10b Free: %-10f Available: %a\... | 2 | ASCII | 152 |
| 0xE98FD | Device contains neither a valid DOS partition table, nor Sun, SGI, OSF or GPT disklabel | 1 | ASCII | 152 |
| 0xF1203 | /etc/bootchartd.conf | 1 | ASCII | 152 |
| 0xE682D | /proc/acpi/processor | 2 | ASCII | 152 |
| 0xEC85D | /sys/power/state | 1 | ASCII | 152 |
| 0xE9B46 | /proc/partitions | 1 | ASCII | 152 |
| 0xE32A6 | /proc/net/route | 1 | ASCII | 152 |
| 0xE3B3C | /dev/net/tun | 1 | ASCII | 152 |
| 0xDC8AA | 127.0.0.1 | 1 | ASCII | 152 |
| 0xF0AA5 | These features are available:\n Pattern searches with / and ?\n Last command repeat with '.'\n Line marking with 'x\n... | 2 | ASCII | 151 |
| 0xEB1EB | max queues system wide = %d\nmax size of message (bytes) = %d\ndefault max size of queue (bytes) = %d\n | 1 | ASCII | 151 |
| 0xDDCE8 | \n WARNING: ID response incomplete.\n Following data may be incorrect.\n | 1 | ASCII | 151 |
| 0xE928B | Partition %u has different physical/logical beginnings (non-Linux?):\n | 1 | ASCII | 151 |
| 0xDDAD7 | gfu::n::p:r::m::c::k::a::B:tTiId::S:D:P:X:K:A:L:W:CyYzZU:Q:wx::b:R: | 1 | ASCII | 151 |
| 0xDCD76 | /var/spool/cron/crontabs | 2 | ASCII | 151 |
| 0xE1600 | /var/run/ifplugd.%s.pid | 1 | ASCII | 151 |
| 0xDCDE3 | /var/run/crond.pid | 1 | ASCII | 151 |
| 0xE8D6F | /var/log/acpid.log | 1 | ASCII | 151 |
| 0xE36FE | /etc/issue.net | 1 | ASCII | 151 |
| 0xE291A | /proc/net/tcp6 | 1 | ASCII | 151 |
| 0xE290C | /proc/net/tcp | 1 | ASCII | 151 |
| 0xEBC21 | /sys/class | 1 | ASCII | 151 |
| 0xF1265 | /sbin/init | 1 | ASCII | 151 |
| 0xEEE0C | File: %N\n Size: %-10s Blocks: %-10b IO Block: %-6o %F\nDevice: %Dh/%dd Inode: %-10i Links: %h\nAccess: (%04a/%10... | 2 | ASCII | 150 |
| 0xE1E12 | start-stop-daemon --stop -x wvdial -p /var/run/wvdial.%iface% -s 2 | 1 | ASCII | 150 |
| 0xEAE1D | Internal error: trying to write bad block\nWrite request ignored | 1 | ASCII | 150 |
| 0xE4657 | /proc/net/psched | 1 | ASCII | 150 |
| 0xE6A2E | /etc/sysctl.conf | 1 | ASCII | 150 |
| 0xE1F19 | /etc/inetd.conf | 1 | ASCII | 150 |
| 0xF1561 | /etc/init.d/rcS | 1 | ASCII | 150 |
| 0xEFFD8 | /dev/stderr | 1 | ASCII | 150 |
| 0xDBE65 | /etc/shells | 1 | ASCII | 150 |
| 0xE26D5 | /etc/mactab | 1 | ASCII | 150 |
| 0xDD0DD | /dev/mem | 1 | ASCII | 150 |
| 0xEFD15 | either all or none of the filesystem types passed to -t must be prefixed with 'no' or '!' | 1 | ASCII | 149 |
| 0xE6738 | no stats available; run as root or enable the cpufreq_stats module | 1 | ASCII | 149 |
| 0xDC5E2 | Mime-Version: 1.0\nContent-Type: multipart/mixed; boundary="%s"\n | 1 | ASCII | 149 |
| 0xE0EE7 | HTTP/1.0 %d %s\r\nContent-type: %s\r\nDate: %s\r\nConnection: close\r\n | 1 | ASCII | 149 |
| 0xEE641 | el:t-S:S-t:H-L:L-H:C-xl:x-Cl:l-xC:C-1:1-C:x-1:1-x:c-u:u-c:w+ | 1 | ASCII | 149 |
| 0xE8AB7 | -HSaf::t::d::s::c::m::l::p::n::v::w::e::r:: | 1 | ASCII | 149 |
| 0xE3F85 | whois-servers.net | 1 | ASCII | 149 |
| 0xEC61A | /proc/profile | 1 | ASCII | 149 |
| 0xE03B2 | /proc/net/arp | 1 | ASCII | 149 |
| 0xE8D92 | /etc/acpi.map | 1 | ASCII | 149 |
| 0xE7289 | /var/service | 1 | ASCII | 149 |
| 0xE3165 | Kernel IPv6 routing table\n%-44s%-40sFlags Metric Ref Use Iface\n | 1 | ASCII | 148 |
| 0xE2330 | TX packets:%llu errors:%lu dropped:%lu overruns:%lu carrier:%lu\n | 1 | ASCII | 148 |
| 0xE22D4 | RX packets:%llu errors:%lu dropped:%lu overruns:%lu frame:%lu\n | 1 | ASCII | 148 |
| 0xF0C40 | %sautoindent %sflash %signorecase %sshowmatch tabstop=%u | 1 | ASCII | 148 |
| 0xE57E8 | /var/lib/misc/udhcpd.leases | 2 | ASCII | 148 |
| 0xE8CC5 | /var/run/syslogd.pid | 1 | ASCII | 148 |
| 0xE07A9 | /etc/dnsd.conf | 1 | ASCII | 148 |
| 0xDC956 | mode: %d\n-o offset: %ld\n-f frequency: %ld\n maxerror: %ld\n esterror: %ld\n ... | 1 | ASCII | 147 |
| 0xE32B6 | Kernel IP routing table\nDestination Gateway Genmask Flags %s Iface\n | 1 | ASCII | 147 |
| 0xDDE62 | Logical max current\n cylinders %u %u\n heads %u %u\n sectors/track %u %u\n --\n | 1 | ASCII | 147 |
| 0xDE13B | Recommended acoustic management value: %u, current value: %u\n | 1 | ASCII | 147 |
| 0xE9F13 | Partition %u is already defined, delete it before re-adding\n | 1 | ASCII | 147 |
| 0xE92FF | Partition %u has different physical/logical endings:\n | 1 | ASCII | 147 |
| 0xF1270 | /tmp/bootchart.XXXXXX | 2 | ASCII | 147 |
| 0xE8C7E | /etc/syslog.conf | 1 | ASCII | 147 |
| 0xE5638 | /etc/udhcpd.conf | 1 | ASCII | 147 |
| 0xEC609 | /boot/System.map | 1 | ASCII | 147 |
| 0xEBB4A | /sys/block/ | 1 | ASCII | 147 |
| 0xEFFCC | /dev/stdout | 1 | ASCII | 147 |
| 0xDC100 | /etc/issue | 1 | ASCII | 147 |
| 0xE0584 | Sent %u probe(s) (%u broadcast(s))\nReceived %u repl%s (%u request(s), %u broadcast(s))\n | 1 | ASCII | 146 |
| 0xE1D71 | ip tunnel add %iface% mode sit remote %endpoint%[[ local %local%]][[ ttl %ttl%]] | 1 | ASCII | 146 |
| 0xE1C32 | [[ip route add default via %gateway% dev %iface%[[ prio %metric%]]]] | 1 | ASCII | 146 |
| 0xEC639 | assuming reversed byte order, use -n to force native byte order | 1 | ASCII | 146 |
| 0xE2DB9 | update from:%s offset:%+f jitter:%f clock drift:%+.3fppm tc:%d | 1 | ASCII | 146 |
| 0xEA393 | Partition %u: previous sectors %u disagrees with total %u\n | 1 | ASCII | 146 |
| 0xE724F | ; log: warning: can't change to log service directory: %s | 1 | ASCII | 146 |
| 0xE98C4 | device has more than 2^32 sectors, can't use all of them | 1 | ASCII | 146 |
| 0xEC282 | (Enter:next line Space:next page Q:quit R:show the rest) | 1 | ASCII | 146 |
| 0xEDF27 | with --parents, the destination must be a directory | 1 | ASCII | 146 |
| 0xE974A | Warning: setting sector offset for DOS compatiblity | 1 | ASCII | 146 |
| 0xE99FE | Warning: ignoring extra data in partition table %u\n | 1 | ASCII | 146 |
| 0xE9ADD | All primary partitions have been defined already! | 1 | ASCII | 146 |
| 0xF18D7 | byte count with multiple conversion characters | 1 | ASCII | 146 |
| 0xEDFE8 | suppressing non-delimited lines makes sense%s | 1 | ASCII | 146 |
| 0xEBC5B | /lib/firmware | 1 | ASCII | 146 |
| 0xDF407 | /etc/man.conf | 1 | ASCII | 146 |
| 0xE2946 | /proc/net/raw | 1 | ASCII | 146 |
| 0xF207F | /dev/misc/rtc | 1 | ASCII | 146 |
| 0xE2929 | /proc/net/udp | 1 | ASCII | 146 |
| 0xF204C | /etc/adjtime | 1 | ASCII | 146 |
| 0xDC27A | /etc/nologin | 1 | ASCII | 146 |
| 0xE9F50 | /dev/hd | 1 | ASCII | 146 |
| 0xEFDE8 | /dev/md | 1 | ASCII | 146 |
| 0xE9A51 | Warning: invalid flag 0x%02x,0x%02x of partition table %u will be corrected by w(rite)\n | 2 | ASCII | 145 |
| 0xE95CD | You cannot change a partition into an extended one or vice versa | 1 | ASCII | 145 |
| 0xF08A1 | only a beginning address can be specified for edit commands | 1 | ASCII | 145 |
| 0xEA44E | Total allocated sectors %u greater than the maximum %u\n | 1 | ASCII | 145 |
| 0xDBFD0 | can't execute passwd, you must set password manually | 1 | ASCII | 145 |
| 0xE99CB | Warning: extra link pointer in partition table %u\n | 1 | ASCII | 145 |
| 0xE8B4F | can't get access to semaphores for syslogd buffer | 1 | ASCII | 145 |
| 0xEDAC5 | input file: bad length or unsupported font type | 1 | ASCII | 145 |
| 0xF1591 | \nPlease press Enter to activate this console. | 1 | ASCII | 145 |
| 0xEBFC6 | bad blocks before data-area: cannot make fs | 1 | ASCII | 145 |
| 0xEDEFD | -2:l--s:s--l:Pd:rRd:Rd:apdR | 1 | ASCII | 145 |
| 0xDF415 | /etc/man_db.conf | 1 | ASCII | 145 |
| 0xE8D82 | /etc/acpid.conf | 1 | ASCII | 145 |
| 0xDF3F7 | /etc/man.config | 1 | ASCII | 145 |
| 0xE2937 | /proc/net/udp6 | 1 | ASCII | 145 |
| 0xE2954 | /proc/net/raw6 | 1 | ASCII | 145 |
| 0xE29C1 | /proc/net/unix | 1 | ASCII | 145 |
| 0xEBBF6 | /etc/mdev.conf | 1 | ASCII | 145 |
| 0xF0536 | /tmp/difXXXXXX | 2 | ASCII | 145 |
| 0xE1C77 | ip addr add %address%/%netmask% dev %iface%[[ label %label%]] | 1 | ASCII | 144 |
| 0xECBAF | compressed data not read from terminal, use -f to force it | 1 | ASCII | 144 |
| 0xF114F | can't fit single argument within argument list size limit | 1 | ASCII | 144 |
| 0xE9147 | %s-sided, %d tracks, %d sec/track. Total capacity %d kB\n | 1 | ASCII | 144 |
| 0xE1CEF | [[ip route add ::/0 via %gateway%]][[ prio %metric%]] | 1 | ASCII | 144 |
| 0xE5EF9 | H%.32s\nP%.32s\nC%.32s\nJ%.99s\nL%.32s\nM%.32s\nld%.31s\n | 1 | ASCII | 144 |
| 0xE4F09 | command line is not complete, try option "help" | 1 | ASCII | 144 |
| 0xE9335 | Partition %u does not end on cylinder boundary\n | 1 | ASCII | 144 |
| 0xED021 | invalid RPM header magic or unsupported version | 1 | ASCII | 144 |
| 0xE56D6 | no or bad message type option, ignoring packet | 1 | ASCII | 144 |
| 0xE05EF | bridge name bridge id STP enabled interfaces | 1 | ASCII | 144 |
| 0xEC6E1 | profile address out of range. Wrong map file? | 1 | ASCII | 144 |
| 0xEA3CE | Warning: partition %u overlaps partition %u\n | 1 | ASCII | 144 |
| 0xE4143 | broadcast can be set only for IPv4 addresses | 1 | ASCII | 144 |
| 0xE49E6 | broadcast tunnel requires a source address | 1 | ASCII | 144 |
| 0xE6610 | run as root to collect enough information | 1 | ASCII | 144 |
| 0xE997B | Bad offset in primary extended partition | 1 | ASCII | 144 |
| 0xEC77D | /sys/class/rtc/%s/device/power/wakeup | 1 | ASCII | 144 |
| 0xEC2C3 | /etc/filesystems | 2 | ASCII | 144 |
| 0xE58CD | 192.168.0.20 | 2 | ASCII | 144 |
| 0xEFFC1 | /dev/stdin | 1 | ASCII | 144 |
| 0xEBC16 | /sys/block | 1 | ASCII | 144 |
| 0xF154D | /dev/tty3 | 1 | ASCII | 144 |
| 0xF1543 | /dev/tty2 | 1 | ASCII | 144 |
| 0xE8D54 | /etc/acpi | 1 | ASCII | 144 |
| 0xDBFC6 | /etc/skel | 1 | ASCII | 144 |
| 0xDF538 | /dev/tape | 1 | ASCII | 144 |
| 0xEDC8B | /dev/tty1 | 1 | ASCII | 144 |
| 0xF1557 | /dev/tty4 | 1 | ASCII | 144 |
| 0xDC2FB | /etc/motd | 1 | ASCII | 144 |
| 0xE2BA3 | timed out waiting for %s, reach 0x%02x, next query in %us | 1 | ASCII | 143 |
| 0xE30C1 | Scanning %s ports %u to %u\n Port Proto State Service\n | 1 | ASCII | 143 |
| 0xE3036 | round-trip min/avg/max = %u.%03u/%u.%03u/%u.%03u ms\n | 1 | ASCII | 143 |
| 0xDDCB4 | powers-up in standby; SET FEATURES subcmd spins-up. | 1 | ASCII | 143 |
| 0xE5324 | option -h NAME is deprecated, use -x hostname:NAME | 1 | ASCII | 143 |
| 0xE5999 | %s belongs to someone, reserving it for %u seconds | 1 | ASCII | 143 |
| 0xE0F86 | Accept-Ranges: bytes\r\nLast-Modified: %s\r\n%s %llu\r\n | 1 | ASCII | 143 |
| 0xEA360 | Partition %u: cylinder %u greater than maximum %u\n | 1 | ASCII | 143 |
| 0xEBEF0 | incompatible size/inode count, try different -i N | 1 | ASCII | 143 |
| 0xEA32F | Partition %u: sector %u greater than maximum %u\n | 1 | ASCII | 143 |
| 0xE9F6B | Disk %s doesn't contain a valid partition table\n | 1 | ASCII | 143 |
| 0xE5B74 | Attaching option %02x to existing member of list | 1 | ASCII | 143 |
| 0xEDF8F | expected a list of bytes, characters, or fields | 1 | ASCII | 143 |
| 0xE9C78 | \nPartition table entries are not in disk order | 1 | ASCII | 143 |
| 0xE749C | can't read directory, want remove old logfile | 1 | ASCII | 143 |
| 0xE211F | %s: error fetching interface information: %s | 1 | ASCII | 143 |
| 0xEE466 | ?1:u--g:g--u:G--u:u--G:g--G:G--g:r?ugG:n?ugG | 1 | ASCII | 143 |
| 0xEA2B4 | Warning: bad start-of-data in partition %u\n | 1 | ASCII | 143 |
| 0xEF518 | %s: cannot perform all requested operations | 1 | ASCII | 143 |
| 0xF16A2 | recursion detected, omitting directory '%s' | 1 | ASCII | 143 |
| 0xDC037 | an error occurred updating password for %s | 1 | ASCII | 143 |
| 0xDBAA4 | you have no permission to run this applet | 1 | ASCII | 143 |
| 0xEDFBF | the delimiter must be a single character | 1 | ASCII | 143 |
| 0xDFFB9 | /sys/class/ubi/ubi%u_%u/usable_eb_size | 1 | ASCII | 143 |
| 0xEA87F | need terminal for interactive repairs | 1 | ASCII | 143 |
| 0xF087B | bad option in substitution expression | 1 | ASCII | 143 |
| 0xF0953 | bad format in substitution expression | 1 | ASCII | 143 |
| 0xDCD35 | janfebmaraprmayjunjulaugsepoctnovdec | 1 | ASCII | 143 |
| 0xE88AC | expression recursion loop detected | 1 | ASCII | 143 |
| 0xE1EFE | /var/run/inetd.pid | 2 | ASCII | 143 |
| 0xE00A1 | modules.dep.bb.new | 5 | ASCII | 143 |
| 0xF1311 | /proc/cmdline | 1 | ASCII | 143 |
| 0xDF00A | /var/log/wtmp | 1 | ASCII | 143 |
| 0xDBC85 | /dev/urandom | 1 | ASCII | 143 |
| 0xEACC6 | Inode %d is marked as 'unused', but it is used for file '%s'\n | 1 | ASCII | 142 |
| 0xE91BF | problem reading cylinder %d, expected %d, read %d | 1 | ASCII | 142 |
| 0xE5113 | Packet with bad UDP checksum received, ignoring | 1 | ASCII | 142 |
| 0xE93C6 | WARNING: Partition %u is an extended partition\n | 1 | ASCII | 142 |
| 0xEA300 | Partition %u: head %u greater than maximum %u\n | 1 | ASCII | 142 |
| 0xDF79B | unexpected block no, 0x%08x, expecting 0x%08x | 1 | ASCII | 142 |
| 0xED63F | %s not created: newer or same age file exists | 1 | ASCII | 142 |
| 0xEBCAF | cl:b:f:i:I:J:G:N:m:o:g:L:M:O:r:E:T:U:jnqvFS | 1 | ASCII | 142 |
| 0xEEB0F | warning: invalid width %u; using %d instead | 1 | ASCII | 142 |
| 0xEDC2A | COLUMNS=%d;LINES=%d;export COLUMNS LINES;\n | 1 | ASCII | 142 |
| 0xE6B11 | CPU%s:%susr%ssys%snic%sidle%sio%sirq%ssirq | 1 | ASCII | 142 |
| 0xE0960 | EPSV\r\n PASV\r\n REST STREAM\r\n MDTM\r\n SIZE\r\n | 1 | ASCII | 142 |
| 0xF1865 | bad byte count for conversion character %s | 1 | ASCII | 142 |
| 0xDC287 | \r\nSystem closed for routine maintenance\r | 1 | ASCII | 142 |
| 0xED25E | error exit delayed from previous errors | 1 | ASCII | 142 |
| 0xE54A0 | no message type option, ignoring packet | 1 | ASCII | 142 |
| 0xF0E4A | Trying to insert file outside of memory | 1 | ASCII | 142 |
| 0xE6663 | C-state information is not available\n | 1 | ASCII | 142 |
| 0xE9955 | Ignoring extra extended partition %u\n | 1 | ASCII | 142 |
| 0xE7D30 | illegal eof marker for << redirection | 1 | ASCII | 142 |
| 0xE1501 | netlink packet too small or truncated | 1 | ASCII | 142 |
| 0xECE02 | internal error - optimization failed | 1 | ASCII | 142 |
| 0xF062E | missing 2nd delimiter for substitute | 1 | ASCII | 142 |
| 0xEDB2E | unicode sequences not implemented | 1 | ASCII | 142 |
| 0xEC5E1 | timeout connecting to time server | 1 | ASCII | 142 |
| 0xEE2CB | h-km:k-hm:m-hk:H-L:L-H:s-d:d-s:d+ | 1 | ASCII | 142 |
| 0xDEE2F | no identification info available | 1 | ASCII | 142 |
| 0xEC5AA | current time matches remote time | 1 | ASCII | 142 |
| 0xED376 | can't open %s, %s.zip, %s.ZIP | 1 | ASCII | 142 |
| 0xEBA21 | ?2:d--of:o--df:f--do | 1 | ASCII | 142 |
| 0xE62EA | /proc/interrupts | 2 | ASCII | 142 |
| 0xE1B96 | /var/run/ifstate | 2 | ASCII | 142 |
| 0xDCF22 | /var/spool/cron | 4 | ASCII | 142 |
| 0xE638F | \n%-11s CPU %%usr %%nice %%sys %%iowait %%irq %%soft %%steal %%guest %%idle\n | 1 | ASCII | 141 |
| 0xE297F | \nProto RefCnt Flags Type State I-Node %sPath\n | 1 | ASCII | 141 |
| 0xE60FC | avg-cpu: %user %nice %system %iowait %steal %idle | 1 | ASCII | 141 |
| 0xE3106 | %d closed, %d open, %d timed out (or blocked) ports\n | 1 | ASCII | 141 |
| 0xEE6ED | WARNING: %d of %d computed checksums did NOT match | 1 | ASCII | 141 |
| 0xE1A7E | don't seem to have all the variables for %s/%s | 1 | ASCII | 141 |
Functions high-value functions
Function listings
0x23960 sub_23960 str 3 api 0 imm 1 Unknown
sub_23960() {
ldr $r3, [$pc+0x3C]
push $r4, $lr
add $r3, $pc, $r3
mov $r4, $r0
ldr $r3, [$r3]
ldr $r3, [$r3+0x8]
cmp $r3, 0x0
beq .1
mov $r1, $r0
ldr $r0, [$pc+0x1C]
add $r0, $pc, $r0
bl loc_1d8ac
.1:
ldr $r0, [$pc+0x14]
mov $r1, $r4
pop $r4, $lr
add $r0, $pc, $r0
b jmp_printf()
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_23960(undefined4 param_1)
{
if (*(*([0x0x239a4] + 0x23970) + 8) != 0) {
func_0x0001d8ac([0x0x239a8] + 0x23990, param_1);
}
/* WARNING: Could not recover jumptable at 0x00014c24. Too many branches */
/* WARNING: Treating indirect jump as call */
(*printf)([0x0x239ac] + 0x239a4, param_1);
return;
}
0x432A4 sub_432a4 str 2 api 0 imm 3 Unknown
sub_432a4() {
ldr $r2, [$pc+0x30]
mov $r3, 0x55
ldr $ip, [$pc+0x2C]
add $r2, $pc, $r2
strb $r3, [$r0], $r0+=0x1
add $ip, $pc, $ip
ldrb $r3, [$r2], $r2+=0x1
cmp $r3, 0x0
strb $r3, [$r0]
bxeq $lr
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_432a4(undefined *param_1,uint32_t param_2)
{
char cVar1;
int32_t iVar2;
char *pcVar3;
char *pcVar4;
char *pcVar5;
uint32_t uVar6;
uint32_t *puVar7;
uint32_t *puVar8;
iVar2 = [0x0x432e0];
pcVar4 = [0x0x432dc] + 0x432b8;
pcVar3 = param_1 + 1;
*param_1 = 0x55;
puVar7 = iVar2 + 0x432c0;
while( true ) {
pcVar5 = pcVar4 + 1;
cVar1 = *pcVar4;
*pcVar3 = cVar1;
if (cVar1 == '\0') break;
puVar8 = puVar7 + 1;
uVar6 = *puVar7;
pcVar4 = pcVar5;
puVar7 = puVar8;
if ((param_2 & uVar6) != 0) {
pcVar3 = pcVar3 + 1;
}
}
return;
}
0x1E784 sub_1e784 str 2 api 0 imm 2 Unknown
sub_1e784() {
push $r4, $lr
bl jmp_fork()
cmp $r0, 0x0
popge $r4, $pc
ldr $r0, [$pc+0x8]
add $r0, $pc, $r0
add $r0, $r0, 0x1
bl sub_1d5d4()
}
/* DISPLAY WARNING: Type casts are NOT being printed */
int32_t sub_1e784(void)
{
int32_t iVar1;
undefined4 uVar2;
int32_t iVar3;
int32_t iVar4;
iVar1 = jmp_fork();
if (-1 < iVar1) {
return iVar1;
}
uVar2 = sub_1d5d4([0x0x1e7a4] + 0x1e7a1);
iVar4 = 0;
iVar1 = 0;
do {
iVar4 = iVar4 + 0x50;
iVar1 = sub_1df18(iVar1, iVar4);
iVar3 = jmp_readlink(uVar2, iVar1, iVar4);
if (iVar3 == -1) {
jmp_free(iVar1);
return 0;
}
} while (iVar4 <= iVar3);
*(iVar1 + iVar3) = 0;
return iVar1;
}
0x20E3C sub_20e3c str 2 api 0 imm 2 Unknown
sub_20e3c() {
ldr $r3, [$pc+0x20]
push $r4, $lr
ldr $r0, [$pc+$r3]
add $r0, $r0, 0x48
bl sub_1dde8()
cmp $r0, 0x0
popge $r4, $pc
ldr $r0, [$pc+0x8]
add $r0, $pc, $r0
bl sub_1d5d4()
andeq $r5, $lr, $r0
}
/* WARNING: Possible PIC construction at 0x00020ed0: Changing call to branch */
/* WARNING: Removing unreachable block (ram,0x00020ed4) */
/* WARNING: Removing unreachable block (ram,0x0001eafc) */
/* WARNING: Removing unreachable block (ram,0x0001eb10) */
/* WARNING: Removing unreachable block (ram,0x0001eb18) */
/* WARNING: Removing unreachable block (ram,0x0001eb40) */
/* WARNING: Removing unreachable block (ram,0x0001eb30) */
/* WARNING: Removing unreachable block (ram,0x0001eb34) */
/* WARNING: Removing unreachable block (ram,0x0001eb38) */
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_20e3c(void)
{
int32_t iVar1;
uint32_t uVar2;
undefined4 unaff_r4;
undefined4 in_lr;
undefined4 uVar3;
while( true ) {
*(register0x00000054 + -4) = in_lr;
*(register0x00000054 + -8) = unaff_r4;
iVar1 = sub_1dde8(*([0x0x20e64] + 0x20e4c) + 0x48);
if (-1 < iVar1) break;
uVar3 = 0x20e64;
sub_1d5d4([0x0x20e68] + 0x20e64);
*(register0x00000054 + -0xc) = uVar3;
register0x00000054 = register0x00000054 + -0x10;
*register0x00000054 = unaff_r4;
iVar1 = *([0x0x20eec] + 0x20e7c);
uVar2 = *(iVar1 + 0x48);
*(iVar1 + 0x48) = uVar2 | 0x1400;
if (*(iVar1 + 0x44) == '\r') {
*(iVar1 + 0x48) = uVar2 | 0x1500;
}
*(iVar1 + 0x54) = *(iVar1 + 0x54) | 0x83b;
*(iVar1 + 0x59) = 3;
*(iVar1 + 0x5a) = 0x1c;
*(iVar1 + 100) = 10;
*(iVar1 + 0x60) = 0;
*(iVar1 + 0x5c) = 0x415;
in_lr = 0x20ed4;
}
return;
}
0x23914 sub_23914 str 2 api 0 imm 2 Unknown
sub_23914() {
push $r4, $lr
mov $r1, $r0
mov $r4, $r0
ldr $r0, [$pc+0x24]
mvn $r2, 0x0
add $r0, $pc, $r0
bl sub_23820()
cmp $r0, 0xFA
popeq $r4, $pc
ldr $r0, [$pc+0x10]
mov $r1, $r4
pop $r4, $lr
add $r0, $pc, $r0
b loc_1d8ac
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_23914(undefined4 param_1)
{
int32_t iVar1;
undefined4 uStack_c;
iVar1 = sub_23820([0x0x2394c] + 0x23930, param_1);
if (iVar1 == 0xfa) {
return;
}
uStack_c = param_1;
sub_1d6b4([0x0x23950] + 0x2394c, &uStack_c, 0);
return;
}
0x2737C sub_2737c str 2 api 0 imm 2 Unknown
sub_2737c() {
ldr $r3, [$pc+0x38]
add $r3, $pc, $r3
ldr $r2, [$r3]
cmp $r2, 0x0
bne .2
ldr $r0, [$pc+0x28]
push $r4, $lr
add $r0, $pc, $r0
bl sub_1d88c()
.2:
sub $r1, $r2, 0x1
str $r1, [$r3]
add $r3, $r3, $r2
ldr $r0, [$r3]
ldr $r1, [$r3+0x4]
vmov $d0, $r0, $r1
bx $lr
}
/* DISPLAY WARNING: Type casts are NOT being printed */
undefined8 sub_2737c(void)
{
int32_t iVar1;
int32_t *piVar2;
piVar2 = [0x0x273bc] + 0x27388;
iVar1 = *piVar2;
if (iVar1 == 0) {
sub_1d88c([0x0x273c0] + 0x273a0);
}
*piVar2 = iVar1 + -1;
return *(piVar2 + iVar1 * 2);
}
0x61DE4 sub_61de4 str 2 api 0 imm 2 Unknown
sub_61de4() {
ldr $r3, [$pc+0x30]
push $r0, $r1, $r2, $lr
add $r3, $pc, $r3
ldr $r2, [$pc+0x28]
ldr $ip, [$r3+0x4]
mov $r3, $r0
ldr $r0, [$pc+0x20]
add $r2, $pc, $r2
str $r1, [$sp]
add $r0, $pc, $r0
mov $r1, $ip
bl loc_1d8ac
add $sp, $sp, 0xC
pop $pc
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_61de4(undefined4 param_1,undefined4 param_2,undefined4 param_3)
{
code *UNRECOVERED_JUMPTABLE;
func_0x0001d8ac([0x0x61e24] + 0x61e10, *([0x0x61e1c] + 0x61df8), [0x0x61e20] + 0x61e08, param_1, param_2, param_2
, param_3);
/* WARNING: Could not recover jumptable at 0x00061e18. Too many branches */
/* WARNING: Treating indirect jump as call */
(*UNRECOVERED_JUMPTABLE)();
return;
}
0x63E58 sub_63e58 str 2 api 0 imm 2 Unknown
sub_63e58() {
ldr $r1, [$pc+0x1C]
ldr $r0, [$pc+0x1C]
push $r4, $lr
add $r0, $pc, $r0
add $r1, $pc, $r1
bl sub_1d584()
mov $r0, 0x3
pop $r4, $lr
b jmp_sleep()
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_63e58(void)
{
sub_1d584([0x0x63e80] + 0x63e6c, [0x0x63e7c] + 0x63e70);
/* WARNING: Could not recover jumptable at 0x00014e4c. Too many branches */
/* WARNING: Treating indirect jump as call */
(*sleep)(3);
return;
}
0x288A4 sub_288a4 str 2 api 0 imm 1 Unknown
sub_288a4() {
cmp $r0, 0x0
bne .2
ldr $r0, [$pc+0x10]
add $r0, $pc, $r0
.1:
b jmp_puts()
.2:
ldr $r0, [$pc+0x8]
add $r0, $pc, $r0
b .1
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_288a4(int32_t param_1)
{
int32_t iVar1;
if (param_1 == 0) {
iVar1 = [0x0x288c4] + 0x288b8;
}
else {
iVar1 = [0x0x288c8] + 0x288c4;
}
/* WARNING: Could not recover jumptable at 0x000151f4. Too many branches */
/* WARNING: Treating indirect jump as call */
(*puts)(iVar1);
return;
}
0x34430 sub_34430 str 2 api 0 imm 0 Unknown
sub_34430() {
ldr $r1, [$pc+0x24]
push $r4, $lr
add $r1, $pc, $r1
mov $r4, $r0
bl jmp_strcspn()
mov $r2, $r4
pop $r4, $lr
mov $r1, $r0
ldr $r0, [$pc+0x8]
add $r0, $pc, $r0
b loc_1d8ac
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_34430(undefined4 param_1)
{
undefined4 uStack_c;
uStack_c = jmp_strcspn(param_1, [0x0x3445c] + 0x34440);
sub_1d6b4([0x0x34460] + 0x3445c, &uStack_c, 0);
return;
}
0x227CC sub_227cc str 1 api 0 imm 3 Unknown
sub_227cc() {
ldr $r3, [$pc+0x14]
movw $r1, 0x5605
mov $r0, 0x0
ldr $r2, [$pc+$r3]
clz $r2, $r2
lsr $r2, $r2
b jmp_ioctl()
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_227cc(void)
{
/* WARNING: Could not recover jumptable at 0x0001508c. Too many branches */
/* WARNING: Treating indirect jump as call */
(*ioctl)(0, 0x5605, *([0x0x227e8] + 0x227e0) == 0);
return;
}
0x2B1D8 sub_2b1d8 str 1 api 0 imm 3 Unknown
sub_2b1d8() {
push $r4, $lr
bl sub_1e2c4()
mov $r1, 0x0
ldr $r3, [$pc+0x14]
pop $r4, $lr
add $r3, $pc, $r3
ldr $r3, [$r3]
add $r2, $r3, 0x104
ldr $r0, [$r3+0x4]
b jmp_tcsetattr()
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_2b1d8(void)
{
sub_1e2c4();
/* WARNING: Could not recover jumptable at 0x000150f8. Too many branches */
/* WARNING: Treating indirect jump as call */
(*tcsetattr)(*(*([0x0x2b200] + 0x2b1f4) + 4), 0, *([0x0x2b200] + 0x2b1f4) + 0x104);
return;
}
0x5C21C sub_5c21c str 1 api 0 imm 3 Unknown
sub_5c21c() {
push $r4, $r5, $r6, $lr
sub $sp, $sp, 0x140
add $r5, $sp, 0x40
ldr $r3, [$pc+0xCC]
mov $r2, $r0
mov $r6, $r0
add $r3, $pc, $r3
mov $r4, $r1
andeq $lr, $r5, $r0
mov $r0, $r5
}
/* DISPLAY WARNING: Type casts are NOT being printed */
int32_t sub_5c21c(undefined4 param_1,uint32_t param_2)
{
int32_t iVar1;
undefined8 uStack_148;
undefined8 uStack_140;
undefined8 uStack_138;
undefined8 uStack_130;
undefined8 uStack_128;
undefined8 uStack_120;
undefined8 uStack_118;
undefined auStack_110 [256];
sub_ccc70(auStack_110, 0x100, param_1, [0x0x5c2fc] + 0x5c23c);
jmp_printf([0x0x5c300] + 0x5c25c, param_1, auStack_110);
if ((param_2 & 3) == 1) {
jmp_puts([0x0x5c304] + 0x5c274);
}
uStack_148 = 0;
uStack_140 = 0;
uStack_138 = 0;
uStack_130 = 0;
uStack_128 = 0;
uStack_120 = 0;
uStack_118 = 0;
iVar1 = sub_cc2d4(param_1, &uStack_148, [0x0x5c308] + 0x5c294, param_2);
if ((iVar1 == 0) && ((param_2 & 2) == 0)) {
if ((param_2 & 1) == 0) {
jmp_printf([0x0x5c310] + 0x5c2f8, uStack_128._4_4_);
}
else {
jmp_printf([0x0x5c30c] + 0x5c2dc, uStack_128._4_4_, uStack_130._4_4_, uStack_138._4_4_, uStack_128);
}
}
return iVar1;
}
0x72630 sub_72630 str 1 api 0 imm 3 Unknown
sub_72630() {
push $r1, $r2, $r3
push $r0, $r1, $lr
add $r1, $sp, 0x10
ldr $r0, [$pc+0x14]
str $r1, [$sp+0x4]
add $r0, $pc, $r0
bl sub_68030()
bl sub_66028()
mov $r0, 0x3
bl sub_65f24()
}
/* WARNING: Control flow encountered bad instruction data */
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_72630(void)
{
sub_68030([0x0x72658] + 0x7264c);
sub_66028();
sub_65f24(3);
/* WARNING: Bad instruction - Truncating control flow here */
halt_baddata();
}
0x74138 sub_74138 str 1 api 0 imm 3 Unknown
sub_74138() {
push $r0, $r1, $r2, $lr
add $r1, $sp, 0x4
strb $r0, [$sp+0x4]
mov $r3, 0x0
ldr $r0, [$pc+0x10]
strb $r3, [$sp+0x5]
add $r0, $pc, $r0
bl loc_1d8ac
add $sp, $sp, 0xC
pop $pc
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void sub_74138(undefined4 param_1,undefined4 param_2,undefined4 param_3)
{
code *in_lr;
undefined4 uStack_c;
undefined4 uStack_8;
code *UNRECOVERED_JUMPTABLE;
uStack_8 = param_3;
UNRECOVERED_JUMPTABLE = in_lr;
func_0x0001d8ac([0x0x74160] + 0x74158, &uStack_c, param_3, 0, param_1);
/* WARNING: Could not recover jumptable at 0x0007415c. Too many branches */
/* WARNING: Treating indirect jump as call */
(*UNRECOVERED_JUMPTABLE)();
return;
}
0x1587C jmp_clearerr str 1 api 0 imm 2 Unknown
jmp_clearerr() {
add $ip, $pc, 0x0, 0xC
add $ip, $ip, 0xEE000
ldr $pc, [$ip+=0xC24]
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void jmp_clearerr(void)
{
/* WARNING: Could not recover jumptable at 0x00015884. Too many branches */
/* WARNING: Treating indirect jump as call */
(*clearerr)();
return;
}
| Library | Functions |
|---|---|
| libpng | 2 |
| libsdl | 2 |
| zlib | 1 |