Radare2 代码反汇编为 C 语言
使用 Radare2 工具将汇编代码反汇编为 C 语言代码,并进行分析和理解。
[0x00000468]> pd ;-- section..text: ;-- entry.fini1: ;-- pc: ;-- r15: ; NULL XREF from aav.0x00000014 @ +0x4(r) ┌ 12: entry0 (); │ 0x00000468 04009fe5 ldr r0, [0x00000474] ; [0x474:4]=0x119c ; [13] -r-x section size 276 named .text │ 0x0000046c 00008fe0 add r0, pc, r0 ; 0x1610 │ ; segment.GNU_RELRO └ ┌─< 0x00000470 4a0000ea b sym.imp.__cxa_atexit ; sym.imp.__cxa_finalize+0xc │ ; DATA XREF from entry0 @ 0x468(r) │ 0x00000474 9c110000 muleq r0, ip, r1 │ │ ; CODE XREF from entry.fini0 @ 0x47c(x) │ ┌──> 0x00000478 1eff2fe1 bx lr ┌ 8: entry.fini0 (); │ └──< 0x0000047c fdffffea b 0x478 │ 0x00000480 000050e3 cmp r0, 0 │ 0x00000484 1eff2f01 bxeq lr │ 0x00000488 10ff2fe1 bx r0 │ 0x0000048c 0010a0e1 mov r1, r0 │ 0x00000490 0c009fe5 ldr r0, [0x000004a4] ; [0x4a4:4]=0xffffffe0 │ 0x00000494 0c209fe5 ldr r2, [0x000004a8] ; [0x4a8:4]=0x116c │ 0x00000498 00008fe0 add r0, pc, r0 │ 0x0000049c 02208fe0 add r2, pc, r2 ┌──< 0x000004a0 420000ea b 0x5b0 ; sym.imp.__strlen_chk+0x4 ││ ; DATA XREF from entry.fini0 @ +0x14(r) ││ 0x000004a4 e0ffffff invalid ││ ; DATA XREF from entry.fini0 @ +0x18(r) ││ 0x000004a8 6c110000 andeq r1, r0, ip, ror 2 ┌ 98: sym.xorEncryptDecrypt (int16_t arg1, int16_t arg2); │ ││ ; arg int16_t arg1 @ r0 │ ││ ; arg int16_t arg2 @ r1 │ ││ ; var int16_t var_4h @ sp+0x4 │ ││ ; var int16_t var_8h @ sp+0x8 │ ││ ; var char *s1 @ sp+0xc │ ││ ; var int8_t var_dh @ sp+0x13 │ ││ ; var int16_t var_14h @ sp+0x14 │ ││ ; var int16_t var_18h @ sp+0x18 │ ││ ; var int16_t var_1ch @ sp+0x1c │ ││ ; var int16_t var_0h @ sp+0x20 │ ││ 0x000004ac 80b5 push {r7, lr} │ ││ 0x000004ae 6f46 mov r7, sp │ ││ 0x000004b0 88b0 sub sp, 0x20 │ ││ 0x000004b2 0590 str r0, [var_14h] ; arg1 │ ││ 0x000004b4 07f80d1c strb r1, [var_dh] ; arg2 │ ││ 0x000004b8 0598 ldr r0, [var_14h] │ ││ ; CODE XREF from sym.xorEncryptDecrypt @ +0x62(x) │ ┌───> 0x000004ba 0790 str r0, [var_1ch] │ ╎││ 0x000004bc 4ff0ff30 mov.w r0, -1 │ ╎││ 0x000004c0 0690 str r0, [var_18h] │ ╎││ 0x000004c2 0798 ldr r0, [var_1ch] │ ╎││ 0x000004c4 0699 ldr r1, [var_18h] │ ╎││ 0x000004c6 00f07ce8 blx fcn.000005c0 │ ╎││ 0x000004ca 0390 str r0, [s1] │ ╎││ 0x000004cc 0398 ldr r0, [s1] │ ╎││ 0x000004ce 0130 adds r0, 1 ; const char *s1 │ ╎││ 0x000004d0 00f07ee8 blx sym.imp.strcmp ; int strcmp(const char *s1, const char *s2) │ ╎││ 0x000004d4 0290 str r0, [var_8h] │ ╎││ 0x000004d6 0020 movs r0, 0 │ ╎││ 0x000004d8 0190 str r0, [var_4h] │ ┌────< 0x000004da ffe7 b 0x4dc │ │╎││ ; CODE XREFS from sym.xorEncryptDecrypt @ 0x4da(x), 0x4fe(x) │ ┌└────> 0x000004dc 0198 ldr r0, [var_4h] │ ╎ ╎││ 0x000004de 0399 ldr r1, [s1] │ ╎ ╎││ 0x000004e0 8842 cmp r0, r1 │ ╎┌────< 0x000004e2 0dd2 bhs 0x500 │ ┌──────< 0x000004e4 ffe7 b 0x4e6 │ │╎│╎││ ; CODE XREF from sym.xorEncryptDecrypt @ 0x4e4(x) │ └──────> 0x000004e6 0598 ldr r0, [var_14h] │ ╎│╎││ 0x000004e8 019a ldr r2, [var_4h] │ ╎│╎││ 0x000004ea 805c ldrb r0, [r0, r2] │ ╎│╎││ 0x000004ec 17f80d1c ldrb r1, [var_dh] │ ╎│╎││ 0x000004f0 4840 eors r0, r1 │ ╎│╎││ 0x000004f2 0299 ldr r1, [var_8h] │ ╎│╎││ 0x000004f4 8854 strb r0, [r1, r2] │ ┌──────< 0x000004f6 ffe7 b 0x4f8 │ │╎│╎││ ; CODE XREF from sym.xorEncryptDecrypt @ 0x4f6(x) │ └──────> 0x000004f8 0198 ldr r0, [var_4h] │ ╎│╎││ 0x000004fa 0130 adds r0, 1 │ ╎│╎││ 0x000004fc 0190 str r0, [var_4h] │ └─────< 0x000004fe ede7 b 0x4dc │ │╎││ ; CODE XREF from sym.xorEncryptDecrypt @ 0x4e2(x) │ └────> 0x00000500 0299 ldr r1, [var_8h] │ ╎││ 0x00000502 039a ldr r2, [s1] │ ╎││ 0x00000504 0020 movs r0, 0 │ ╎││ 0x00000506 8854 strb r0, [r1, r2] │ ╎││ 0x00000508 0298 ldr r0, [var_8h] │ ╎││ 0x0000050a 08b0 add sp, 0x20 └ ╎││ 0x0000050c 80bd pop {r7, pc} └───< 0x0000050e d4d4 bmi 0x4ba ; sym.xorEncryptDecrypt+0xe ┌ 102: sym.Java_com_example_decryptdemo_MainActivity_checkPassword (int16_t arg1, int16_t arg2, int16_t arg3); │ ││ ; arg int16_t arg1 @ r0 │ ││ ; arg int16_t arg2 @ r1 │ ││ ; arg int16_t arg3 @ r2 │ ││ ; var int16_t var_0h @ sp+0x0 │ ││ ; var int8_t var_19h @ sp+0x7 │ ││ ; var int16_t var_8h @ sp+0x8 │ ││ ; var int16_t var_ch @ sp+0xc │ ││ ; var int16_t var_10h @ sp+0x10 │ ││ ; var int16_t var_14h @ sp+0x14 │ ││ ; var int16_t var_18h @ sp+0x18 │ ││ ; var int16_t var_1ch @ sp+0x1c │ ││ ; var int16_t var_0h_2 @ sp+0x20 │ ││ 0x00000510 80b5 push {r7, lr} │ ││ 0x00000512 6f46 mov r7, sp
转成c语言内容:以下是将给定的Radare2代码转换为C语言代码的结果:
void entry0() {
r0 = 0x119c;
r0 = pc + r0;
b sym.imp.__cxa_atexit;
}
void entry.fini0() {
if (r0 == 0) {
bx lr;
}
else {
bx r0;
}
}
int16_t sym.xorEncryptDecrypt(int16_t arg1, int16_t arg2) {
int16_t var_4h;
int16_t var_8h;
char *s1;
int8_t var_dh;
int16_t var_14h;
int16_t var_18h;
int16_t var_1ch;
int16_t var_0h;
push {r7, lr};
r7 = sp;
sp = sp - 0x20;
var_14h = arg1;
var_dh = (int8_t)arg2;
r0 = var_14h;
[var_1ch] = r0;
r0 = -1;
[var_18h] = r0;
r0 = [var_1ch];
r1 = [var_18h];
blx fcn.000005c0;
s1 = r0;
r0 = s1;
r0 = r0 + 1;
r0 = strcmp(r0, s1);
[var_8h] = r0;
r0 = 0;
[var_4h] = r0;
while (true) {
if ([var_4h] >= s1) {
break;
}
r0 = var_14h;
r2 = [var_4h];
r0 = r0[r2];
r1 = var_dh;
r0 = r0 ^ r1;
r1 = [var_8h];
r1[r2] = r0;
r0 = [var_4h] + 1;
[var_4h] = r0;
}
r1 = [var_8h];
r2 = s1;
r0 = 0;
r1[r2] = r0;
r0 = [var_8h];
sp = sp + 0x20;
pop {r7, pc};
if (pc < 0) {
b 0x4ba;
}
}
int16_t sym.Java_com_example_decryptdemo_MainActivity_checkPassword(int16_t arg1, int16_t arg2, int16_t arg3) {
int16_t var_0h;
int8_t var_19h;
int16_t var_8h;
int16_t var_ch;
int16_t var_10h;
int16_t var_14h;
int16_t var_18h;
int16_t var_1ch;
int16_t var_0h_2;
push {r7, lr};
r7 = sp;
}
原文地址: http://www.cveoy.top/t/topic/bFBX 著作权归作者所有。请勿转载和采集!