EMBA firmware report

[*] Binary protection state of stclient.cgi

  	Full RELRO     Canary found      NX enabled   PIE enabled  No RPATH     No RUNPATH   No Symbols

[*] Function printf tear down of stclient.cgi

    ; assembly                               | /* r2dec pseudo code output */

                                             | /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/stclient.cgi @ 0x2bcc */

                                             | #include <stdint.h>

    ; (fcn) fcn.00002bcc ()                  | void fcn_00002bcc (int16_t arg1) {

                                             |     r0 = arg1;

    0x00002bcc push {r3, r4, r5, lr}         |

    0x00002bce mov r4, r0                    |     r4 = r0;

    0x00002bd0 ldr r5, [pc, 0x28]            |

    0x00002bd2 add r5, pc                    |     r5 = 0x57d2;

    0x00002bd4 blx 0x12b8                    |     CGI_xml_setup ();

                                             |     if (r4 == 0) {

    0x00002bd8 cbz r4, 0x2bf2                |         goto label_0;

                                             |     }

    0x00002bda ldr r0, [pc, 0x24]            |

    0x00002bdc mov r1, r4                    |     r1 = r4;

    0x00002bde add r0, pc                    |     r0 = 0x57e4;

    0x00002be0 blx 0x1258                    |     g_printf ()

                                             |     do {

    0x00002be4 ldr r3, [pc, 0x1c]            |         r3 = *(0x2c04);

    0x00002be6 ldr r3, [r5, r3]              |         r3 = *((r5 + r3));

    0x00002be8 ldr r0, [r3]                  |         r0 = *(0x2c04);

    0x00002bea pop.w {r3, r4, r5, lr}        |

    0x00002bee b.w 0x14a4                    |         void (*0x14a4)() ();

                                             | label_0:

    0x00002bf2 ldr r0, [pc, 0x14]            |

    0x00002bf4 add r0, pc                    |         r0 = 0x5802;

    0x00002bf6 blx 0x1258                    |         g_printf ()

    0x00002bfa b 0x2be4                      |

                                             |     } while (1);

| }

    ; assembly                                   | /* r2dec pseudo code output */

                                                 | /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-50593792.squashfs_v4_le_extract/usr/sbin/stclient.cgi @ 0x2c0c */

                                                 | #include <stdint.h>

    ; (fcn) fcn.00002c0c ()                      | void fcn_00002c0c (int16_t arg1) {

                                                 |     r0 = arg1;

    0x00002c0c push {r3, r4, r5, lr}             |

    0x00002c0e mov r4, r0                        |     r4 = r0;

    0x00002c10 blx 0x12b8                        |     CGI_xml_setup ();

    0x00002c14 rsbs r1, r4, 0                    |     r1 = r4 - ;

    0x00002c16 ldr r3, [pc, 0x20]                |

    0x00002c18 ldr r0, [pc, 0x20]                |

    0x00002c1a ldr r5, [pc, 0x24]                |

    0x00002c1c add r3, pc                        |     r3 = 0x585a;

    0x00002c1e ldr.w r2, [r3, r1, lsl 2]         |     r2 = *(0x585a);

    0x00002c22 add r0, pc                        |     r0 = 0x5862;

    0x00002c24 blx 0x1258                        |     g_printf ()

    0x00002c28 ldr r3, [pc, 0x18]                |     r3 = *(0x2c44);

    0x00002c2a add r5, pc                        |     r5 = 0x5870;

    0x00002c2c ldr r3, [r5, r3]                  |     r3 = *(0x5870);

    0x00002c2e ldr r0, [r3]                      |     r0 = *(0x5870);

    0x00002c30 pop.w {r3, r4, r5, lr}            |

    0x00002c34 b.w 0x14a4                        |     return void (*0x14a4)() ();

| }

[*] Function printf used 4 times stclient.cgi