{
if (11thDataSourceB != 0) return YES;
return NO;
}As a result, we can ignore data source A and concentrate on the finding of the 13th data
source B, hereafter referred to as the 13th data source. Since the 12th data source B is R5, we can
confirm that 13th data source must be written into R5 by a certain instruction, right? Click R5
and IDA will highlight all R5s as yellow to make it more convenient for tracing in the sea of
ARM assembly. Keep reversing to find where R5 is written.
When we’re searching upward to locate the 13th data source, we see there’re 4 branches to
loc_2903EAE0, as shown in figure 10-41.
Figure 10- 41 loc_2903EAE0
In figure 10-41, the left 3 branches all contain a "MOVS R5, #0", which contradicts the
result of R5 = 1, so loc_2903EAE0 must be reached via the rightmost branch, and the 13th data
source should be located in this branch. Follow this branch for R5.
When we trace into loc_2903EA3E, the situation is similar to loc_2903EAE0. Although
there are 3 branches upon it, the 1st and 2nd branches both contain a "MOVS R5, #0" as shown
in figure 10-42, so they can be excluded for now.
Figure 10- 42 loc_2903EA3E
As a result, the actual upstream is the 3rd branch, i.e. loc_2903E9C4, which has 2 branches