[*] Binary protection state of htdbm
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of htdbm
lbu a1, -0x24(a1)
sllv a1, a1, v0
or v1, v1, a1
addiu v0, v0, 8
andi a1, v1, 0x3f
addu a1, a3, a1
addiu a0, a0, 1
lbu a1, (a1)
srl v1, v1, 6
sb a1, -1(a0)
bne a0, t0, 0x2098
addiu v0, v0, -6
sb zero, 8(s0)
move v0, zero
lw a0, 0x3c(sp)
lw v1, (s1)
bne a0, v1, 0x2138
lw ra, 0x54(sp)
lw s3, 0x50(sp)
lw s2, 0x4c(sp)
lw s1, 0x48(sp)
lw s0, 0x44(sp)
jr ra
addiu sp, sp, 0x58
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_psprintf(gp)
addiu a2, sp, 0x18
addiu a1, a1, str.Unable_to_generate_random_bytes:__pm
jalr t9
move a0, s3
lw gp, 0x10(sp)
sw v0, (s2)
b 0x20e8
addiu v0, zero, 8
lw t9, -sym.imp.__stack_chk_fail(gp)
jalr t9
nop
lui gp, 2
addiu gp, gp, -0x6134
addu gp, gp, t9
addiu sp, sp, -0x28
sw s1, 0x1c(sp)
lw s1, -0x7fd8(gp)
sw s2, 0x20(sp)
sw s0, 0x18(sp)
sw gp, 0x10(sp)
--
lw v0, (s0)
sw ra, 0x2c(sp)
move s1, a0
sw v0, 0x1c(sp)
beqz a0, 0x223c
lw t9, -sym.imp.apr_file_puts(gp)
move a0, a1
jalr t9
move a1, s1
sw v0, 0x18(sp)
bnez v0, 0x2268
lw gp, 0x10(sp)
lw v1, 0x1c(sp)
lw v0, (s0)
bne v1, v0, 0x225c
lw ra, 0x2c(sp)
lw s1, 0x28(sp)
lw s0, 0x24(sp)
jr ra
addiu sp, sp, 0x30
lw t9, -sym.imp.__stack_chk_fail(gp)
jalr t9
nop
lw v0, -loc._edata(gp)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_file_printf(gp)
lw a0, (v0)
addiu a2, sp, 0x18
jalr t9
addiu a1, a1, str.Error_writing_temp_file:__pm
lw gp, 0x10(sp)
lw t9, -sym.imp.apr_file_close(gp)
jalr t9
move a0, s1
lw gp, 0x10(sp)
lw t9, -sym.imp.exit(gp)
jalr t9
addiu a0, zero, 1
lui gp, 2
addiu gp, gp, -0x6294
addu gp, gp, t9
addiu sp, sp, -0x140
addiu v1, zero, 2
sw s1, 0x12c(sp)
lw s1, -0x7ee8(gp)
sw s0, 0x128(sp)
--
move a0, s3
bnez v0, 0x24ec
lw gp, 0x10(sp)
lw a0, 0x124(sp)
lw v1, (s1)
bne a0, v1, 0x2528
lw ra, 0x13c(sp)
lw s4, 0x138(sp)
lw s3, 0x134(sp)
lw s2, 0x130(sp)
lw s1, 0x12c(sp)
lw s0, 0x128(sp)
jr ra
addiu sp, sp, 0x140
lw a0, -0x7fd8(gp)
addiu v0, zero, 0x101
addiu s2, sp, 0x20
addiu a2, sp, 0x1c
move a1, s2
addiu a0, a0, str.Enter_password:_
jalr t9
sw v0, 0x1c(sp)
beqz v0, 0x24b8
lw gp, 0x10(sp)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_psprintf(gp)
lw a0, (s0)
addiu a2, zero, 0x100
jalr t9
addiu a1, a1, str.password_too_long____u_
lw gp, 0x10(sp)
sw v0, 4(s0)
b 0x237c
addiu v0, zero, 5
lw t9, -sym.imp.apr_file_open_stdin(gp)
lw a1, (s0)
jalr t9
addiu a0, sp, 0x18
bnez v0, 0x24d8
lw gp, 0x10(sp)
lw t9, -sym.imp.apr_file_read_full(gp)
addiu s2, sp, 0x20
lw a0, 0x18(sp)
addiu a3, sp, 0x1c
addiu a2, zero, 0x100
jalr t9
--
lw a1, 0x18(s0)
bnel a1, zero, 0x25d8
lw v1, 0xc(s0)
addiu v0, zero, 5
sw v0, 0x18(s0)
addiu a1, zero, 5
lw v1, 0xc(s0)
lw v0, 8(s0)
lw t9, -sym.imp.apr_bcrypt_encode(gp)
sw v1, 0x14(sp)
sw v0, 0x10(sp)
addiu a3, zero, 0x10
move a2, s2
jalr t9
move a0, s1
sw v0, 0x20(sp)
bnez v0, 0x292c
lw gp, 0x18(sp)
lw t9, -sym.imp.strlen(gp)
jalr t9
move a0, s1
move s2, zero
b 0x2690
lw gp, 0x18(sp)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_file_printf(gp)
lw a0, (v0)
jalr t9
addiu a1, a1, str.Warning:_Ignoring__C_argument_for_this_algorithm._n
lw gp, 0x18(sp)
lw s1, 0x10(s0)
beqz s1, 0x27c8
lw t9, -sym.get_password(gp)
lw s2, 0x14(s0)
sltiu v0, s2, 5
beqz v0, 0x2984
lw v1, -0x7fd8(gp)
sll v0, s2, 2
addiu v1, v1, 0x3b30
lwx v0, v0(v1)
addu v0, v0, gp
jr v0
nop
lw t9, -sym.imp.apr_cpystrn(gp)
lw a2, 0xc(s0)
lw a0, 8(s0)
--
lw t9, -sym.imp.strlen(gp)
jalr t9
move a0, s1
b 0x2690
lw gp, 0x18(sp)
lw t9, -0x7fd8(gp)
addiu s4, sp, 0x24
lw a2, (s0)
addiu a1, s0, 4
addiu t9, t9, 0x2020
bal 0x2020
move a0, s4
move s2, v0
bnez v0, 0x2730
lw gp, 0x18(sp)
lw t9, -sym.imp.apr_md5_encode(gp)
lw a3, 0xc(s0)
lw a2, 8(s0)
move a1, s4
jalr t9
move a0, s1
sw v0, 0x20(sp)
beqz v0, 0x2730
lw gp, 0x18(sp)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_psprintf(gp)
lw a0, (s0)
addiu a2, sp, 0x20
jalr t9
addiu a1, a1, str.could_not_encode_password:__pm
lw gp, 0x18(sp)
sw v0, 4(s0)
move a0, s1
lw t9, -sym.imp.strlen(gp)
jalr t9
addiu s2, zero, 9
b 0x2690
lw gp, 0x18(sp)
bal sym.get_password
move a0, s0
move s2, v0
bnez v0, 0x26a8
lw gp, 0x18(sp)
b 0x2640
lw s1, 0x10(s0)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_psprintf(gp)
lw a0, (s0)
addiu a2, sp, 0x20
jalr t9
addiu a1, a1, str.Unable_to_generate_random_bytes:__pm
lw gp, 0x18(sp)
sw v0, 4(s0)
move a0, s1
lw t9, -sym.imp.strlen(gp)
jalr t9
addiu s2, zero, 8
b 0x2690
lw gp, 0x18(sp)
lw t9, -sym.imp.crypt(gp)
move a1, s4
jalr t9
move a0, s1
beqz v0, 0x28e0
lw gp, 0x18(sp)
lw a2, 0xc(s0)
lw t9, -sym.imp.apr_cpystrn(gp)
--
lw gp, 0x18(sp)
move a1, v0
lw t9, -sym.imp.strcmp(gp)
jalr t9
move a0, s0
beqz v0, 0x2964
lw gp, 0x18(sp)
lw t9, -sym.imp.strlen(gp)
jalr t9
move a0, s1
lw gp, 0x18(sp)
move a2, v0
move a1, zero
lw t9, -sym.imp.memset(gp)
jalr t9
move a0, s5
b 0x2680
lw gp, 0x18(sp)
lw t9, -sym.imp.__errno_location(gp)
jalr t9
addiu s2, zero, 3
lw gp, 0x18(sp)
lw v0, (v0)
lw a0, (s0)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_psprintf(gp)
addiu a2, sp, 0x20
addiu a1, a1, str.crypt___failed:__pm
jalr t9
sw v0, 0x20(sp)
lw gp, 0x18(sp)
sw v0, 4(s0)
lw t9, -sym.imp.strlen(gp)
jalr t9
move a0, s1
b 0x2690
lw gp, 0x18(sp)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_psprintf(gp)
lw a0, (s0)
addiu a2, sp, 0x20
jalr t9
addiu a1, a1, str.Unable_to_encode_with_bcrypt:__pm
lw gp, 0x18(sp)
sw v0, 4(s0)
move a0, s1
lw t9, -sym.imp.strlen(gp)
jalr t9
addiu s2, zero, 3
b 0x2690
lw gp, 0x18(sp)
lw v0, -loc._edata(gp)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_file_printf(gp)
lw a0, (v0)
jalr t9
addiu a1, a1, str.Warning:_Password_truncated_to_8_characters_by_CRYPT_algorithm._n
b 0x28b4
lw gp, 0x18(sp)
lw v0, -loc._edata(gp)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_file_printf(gp)
lw a0, (v0)
move a2, s2
jalr t9
addiu a1, a1, str.mkhash__:_BUG:_invalid_algorithm__d
lw gp, 0x18(sp)
lw t9, -sym.imp.abort(gp)
jalr t9
nop
lw t9, -sym.imp.__stack_chk_fail(gp)
jalr t9
nop
lui gp, 2
addiu gp, gp, -0x69ac
addu gp, gp, t9
addiu sp, sp, -0x30
addiu v0, a1, -0x42
sw s0, 0x24(sp)
lw s0, -0x7ee8(gp)
andi v0, v0, 0xff
sw gp, 0x10(sp)
--
bnez v1, 0x2b1c
lw gp, 0x10(sp)
blez v0, 0x2b20
lw v1, -0x7fd8(gp)
sw v0, 0x18(s1)
b 0x2a20
move v0, zero
addiu v0, zero, 1
sw v0, 0x1c(a0)
b 0x2a20
move v0, zero
addiu v0, zero, 1
sw v0, 0x14(a0)
b 0x2a20
move v0, zero
addiu v0, zero, 2
sw v0, 0x1c(a0)
b 0x2a20
move v0, zero
addiu v0, zero, 2
sw v0, 0x14(a0)
b 0x2a20
move v0, zero
lw v0, -loc._edata(gp)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_file_printf(gp)
lw a0, (v0)
sw zero, 0x14(s1)
jalr t9
addiu a1, a1, str.Warning:_storing_passwords_as_plain_text_might_just_not_work_on_this_platform._n
lw gp, 0x10(sp)
b 0x2a20
move v0, zero
lw v0, -loc._edata(gp)
move a2, a1
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_file_printf(gp)
lw a0, (v0)
jalr t9
addiu a1, a1, str.parse_common_options__:_BUG:_invalid_option__c
lw gp, 0x10(sp)
lw t9, -sym.imp.abort(gp)
jalr t9
nop
lw v1, -0x7fd8(gp)
addiu v0, zero, 2
addiu v1, v1, str.argument_to__C_must_be_a_positive_integer
b 0x2a20
sw v1, 4(s1)
lw t9, -sym.imp.__stack_chk_fail(gp)
jalr t9
nop
nop
lui gp, 2
addiu gp, gp, -0x6b30
addu gp, gp, t9
addiu sp, sp, -0x38
[*] Function printf used 12 times htdbm
