[*] Binary protection state of htdbm
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of htdbm
lbu a1, -0x24(a1)
sllv a1, a1, v0
or v1, v1, a1
addiu v0, v0, 8
andi a1, v1, 0x3f
addu a1, a3, a1
addiu a0, a0, 1
lbu a1, (a1)
srl v1, v1, 6
sb a1, -1(a0)
bne a0, t0, 0x2098
addiu v0, v0, -6
sb zero, 8(s0)
move v0, zero
lw a0, 0x3c(sp)
lw v1, (s1)
bne a0, v1, 0x2138
lw ra, 0x54(sp)
lw s3, 0x50(sp)
lw s2, 0x4c(sp)
lw s1, 0x48(sp)
lw s0, 0x44(sp)
jr ra
addiu sp, sp, 0x58
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_psprintf(gp)
addiu a2, sp, 0x18
addiu a1, a1, str.Unable_to_generate_random_bytes:__pm
jalr t9
move a0, s3
lw gp, 0x10(sp)
sw v0, (s2)
b 0x20e8
addiu v0, zero, 8
lw t9, -sym.imp.__stack_chk_fail(gp)
jalr t9
nop
lui gp, 2
addiu gp, gp, -0x6134
addu gp, gp, t9
addiu sp, sp, -0x28
sw s1, 0x1c(sp)
lw s1, -0x7fd8(gp)
sw s2, 0x20(sp)
sw s0, 0x18(sp)
sw gp, 0x10(sp)
--
move a0, s3
bnez v0, 0x24ec
lw gp, 0x10(sp)
lw a0, 0x124(sp)
lw v1, (s1)
bne a0, v1, 0x2528
lw ra, 0x13c(sp)
lw s4, 0x138(sp)
lw s3, 0x134(sp)
lw s2, 0x130(sp)
lw s1, 0x12c(sp)
lw s0, 0x128(sp)
jr ra
addiu sp, sp, 0x140
lw a0, -0x7fd8(gp)
addiu v0, zero, 0x101
addiu s2, sp, 0x20
addiu a2, sp, 0x1c
move a1, s2
addiu a0, a0, str.Enter_password:_
jalr t9
sw v0, 0x1c(sp)
beqz v0, 0x24b8
lw gp, 0x10(sp)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_psprintf(gp)
lw a0, (s0)
addiu a2, zero, 0x100
jalr t9
addiu a1, a1, str.password_too_long____u_
lw gp, 0x10(sp)
sw v0, 4(s0)
b 0x237c
addiu v0, zero, 5
lw t9, -sym.imp.apr_file_open_stdin(gp)
lw a1, (s0)
jalr t9
addiu a0, sp, 0x18
bnez v0, 0x24d8
lw gp, 0x10(sp)
lw t9, -sym.imp.apr_file_read_full(gp)
addiu s2, sp, 0x20
lw a0, 0x18(sp)
addiu a3, sp, 0x1c
addiu a2, zero, 0x100
jalr t9
--
lw t9, -sym.imp.strlen(gp)
jalr t9
move a0, s1
b 0x2690
lw gp, 0x18(sp)
lw t9, -0x7fd8(gp)
addiu s4, sp, 0x24
lw a2, (s0)
addiu a1, s0, 4
addiu t9, t9, 0x2020
bal 0x2020
move a0, s4
move s2, v0
bnez v0, 0x2730
lw gp, 0x18(sp)
lw t9, -sym.imp.apr_md5_encode(gp)
lw a3, 0xc(s0)
lw a2, 8(s0)
move a1, s4
jalr t9
move a0, s1
sw v0, 0x20(sp)
beqz v0, 0x2730
lw gp, 0x18(sp)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_psprintf(gp)
lw a0, (s0)
addiu a2, sp, 0x20
jalr t9
addiu a1, a1, str.could_not_encode_password:__pm
lw gp, 0x18(sp)
sw v0, 4(s0)
move a0, s1
lw t9, -sym.imp.strlen(gp)
jalr t9
addiu s2, zero, 9
b 0x2690
lw gp, 0x18(sp)
bal sym.get_password
move a0, s0
move s2, v0
bnez v0, 0x26a8
lw gp, 0x18(sp)
b 0x2640
lw s1, 0x10(s0)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_psprintf(gp)
lw a0, (s0)
addiu a2, sp, 0x20
jalr t9
addiu a1, a1, str.Unable_to_generate_random_bytes:__pm
lw gp, 0x18(sp)
sw v0, 4(s0)
move a0, s1
lw t9, -sym.imp.strlen(gp)
jalr t9
addiu s2, zero, 8
b 0x2690
lw gp, 0x18(sp)
lw t9, -sym.imp.crypt(gp)
move a1, s4
jalr t9
move a0, s1
beqz v0, 0x28e0
lw gp, 0x18(sp)
lw a2, 0xc(s0)
lw t9, -sym.imp.apr_cpystrn(gp)
--
lw gp, 0x18(sp)
move a1, v0
lw t9, -sym.imp.strcmp(gp)
jalr t9
move a0, s0
beqz v0, 0x2964
lw gp, 0x18(sp)
lw t9, -sym.imp.strlen(gp)
jalr t9
move a0, s1
lw gp, 0x18(sp)
move a2, v0
move a1, zero
lw t9, -sym.imp.memset(gp)
jalr t9
move a0, s5
b 0x2680
lw gp, 0x18(sp)
lw t9, -sym.imp.__errno_location(gp)
jalr t9
addiu s2, zero, 3
lw gp, 0x18(sp)
lw v0, (v0)
lw a0, (s0)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_psprintf(gp)
addiu a2, sp, 0x20
addiu a1, a1, str.crypt___failed:__pm
jalr t9
sw v0, 0x20(sp)
lw gp, 0x18(sp)
sw v0, 4(s0)
lw t9, -sym.imp.strlen(gp)
jalr t9
move a0, s1
b 0x2690
lw gp, 0x18(sp)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_psprintf(gp)
lw a0, (s0)
addiu a2, sp, 0x20
jalr t9
addiu a1, a1, str.Unable_to_encode_with_bcrypt:__pm
lw gp, 0x18(sp)
sw v0, 4(s0)
move a0, s1
lw t9, -sym.imp.strlen(gp)
jalr t9
addiu s2, zero, 3
b 0x2690
lw gp, 0x18(sp)
lw v0, -loc._edata(gp)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_file_printf(gp)
lw a0, (v0)
jalr t9
addiu a1, a1, str.Warning:_Password_truncated_to_8_characters_by_CRYPT_algorithm._n
b 0x28b4
lw gp, 0x18(sp)
[*] Function sprintf used 6 times htdbm
