[*] Binary protection state of dmonitord
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function system tear down of dmonitord
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/dmonitord @ 0x59b4 */
| #include <stdint.h>
|
; (fcn) sym.mcu_one_axis_bootloader () | void mcu_one_axis_bootloader () {
0x000059b4 lui gp, 2 |
0x000059b8 addiu gp, gp, -0x49a4 |
0x000059bc addu gp, gp, t9 | gp += t9;
0x000059c0 addiu sp, sp, -0x20 |
0x000059c4 lw t9, -0x7fc8(gp) | t9 = *(gp);
0x000059c8 sw s0, 0x18(sp) | *(var_18h_2) = s0;
0x000059cc move s0, a0 | s0 = a0;
0x000059d0 lw a0, 0x74(a0) | a0 = *((a0 + 29));
0x000059d4 sw ra, 0x1c(sp) | *(var_1ch_2) = ra;
0x000059d8 sw gp, 0x10(sp) | *(var_10h_2) = gp;
0x000059dc bal 0x4e68 | sym_restart_systemctl_service ()
0x000059e0 nop |
0x000059e4 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x000059e8 lui a0, 0x98 | a0 = 0x980000;
0x000059ec lw t9, -0x7e64(gp) | t9 = *(gp);
0x000059f0 ori a0, a0, 0x9680 | a0 |= 0x9680;
0x000059f4 jalr t9 | t9 ();
0x000059f8 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x000059fc lw t9, -0x7fa8(gp) | t9 = sym.print_STM32F0_rstat;
0x00005a00 move a0, s0 | a0 = s0;
0x00005a04 bal 0x42a0 | sym_print_STM32F0_rstat ();
0x00005a08 lw ra, 0x1c(sp) | ra = *(var_1ch_2);
0x00005a0c lw s0, 0x18(sp) | s0 = *(var_18h_2);
0x00005a10 move v0, zero | v0 = 0;
0x00005a14 addiu sp, sp, 0x20 |
0x00005a18 jr ra | return v0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/dmonitord @ 0x55e0 */
| #include <stdint.h>
|
; (fcn) sym.reset_ptz () | void reset_ptz () {
0x000055e0 lui gp, 2 |
0x000055e4 addiu gp, gp, -0x45d0 |
0x000055e8 addu gp, gp, t9 | gp += t9;
0x000055ec addiu sp, sp, -0x30 |
0x000055f0 lw a0, -0x7fd8(gp) | a0 = *((gp - 8182));
0x000055f4 lw t9, -0x7fc8(gp) | t9 = *(gp);
0x000055f8 sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x000055fc sw gp, 0x20(sp) | *(var_20h) = gp;
0x00005600 addiu a0, a0, 0x7e00 | a0 += str.ambad.service;
0x00005604 bal 0x4e68 | sym_restart_systemctl_service ()
0x00005608 lw gp, 0x20(sp) | gp = *(var_20h);
0x0000560c lw t9, -0x7fb0(gp) | t9 = sym.reset_pld;
0x00005610 bal 0x5484 | sym_reset_pld ();
0x00005614 nop |
0x00005618 lw gp, 0x20(sp) | gp = *(var_20h);
0x0000561c addiu a1, zero, 1 | a1 = 1;
0x00005620 addiu a0, zero, 6 | a0 = 6;
0x00005624 lw a2, -0x7fd8(gp) | a2 = *((gp - 8182));
0x00005628 lw t9, -0x7ed4(gp) | t9 = sym.imp.__syslog_chk;
0x0000562c addiu a2, a2, 0x7e10 | a2 += str.PTZ_auxiliary_reset_sent;
0x00005630 jalr t9 | t9 ();
0x00005634 lw gp, 0x20(sp) | gp = *(var_20h);
0x00005638 sw zero, 0x18(sp) | *(var_18h) = 0;
0x0000563c lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00005640 lw a3, -0x7fd8(gp) | a3 = *((gp - 8182));
0x00005644 lw a2, -0x7fd8(gp) | a2 = *((gp - 8182));
0x00005648 lw a0, -0x6cc8(v0) | a0 = *((v0 - 6962));
0x0000564c lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x00005650 addiu a3, a3, 0x7e2c | a3 += str.com.axis.PTZ.Coordinator;
0x00005654 addiu v0, v0, 0x7e64 | v0 += str.reset;
0x00005658 sw v0, 0x1c(sp) | *(var_1ch) = v0;
0x0000565c lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x00005660 lw t9, -0x7fac(gp) | t9 = sym.dbus_call_method_sis;
0x00005664 addiu v0, v0, 0x7e6c | v0 += str.Event;
0x00005668 sw v0, 0x14(sp) | *(var_14h) = v0;
0x0000566c lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x00005670 move a1, a3 | a1 = a3;
0x00005674 addiu v0, v0, 0x7e74 | v0 += str.Auxiliary;
0x00005678 addiu a2, a2, 0x7e48 | a2 += str._com_axis_PTZ_Coordinator_1;
0x0000567c sw v0, 0x10(sp) | *(var_10h) = v0;
0x00005680 bal 0x3e4c | sym_dbus_call_method_sis ();
0x00005684 lw gp, 0x20(sp) | gp = *(var_20h);
0x00005688 lw t9, -0x7fcc(gp) | t9 = sym.dbus_msg_void;
0x0000568c move a0, v0 | a0 = v0;
0x00005690 bal 0x3aec | sym_dbus_msg_void ();
0x00005694 lw gp, 0x20(sp) | gp = *(var_20h);
0x00005698 addiu a1, zero, 1 | a1 = 1;
0x0000569c addiu a0, zero, 6 | a0 = 6;
0x000056a0 lw a2, -0x7fd8(gp) | a2 = *((gp - 8182));
0x000056a4 lw t9, -0x7ed4(gp) | t9 = sym.imp.__syslog_chk;
0x000056a8 addiu a2, a2, 0x7e80 | a2 += str.PTZ_auxiliary_reset_done;
0x000056ac jalr t9 | t9 ();
0x000056b0 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x000056b4 move v0, zero | v0 = 0;
0x000056b8 addiu sp, sp, 0x30 |
0x000056bc jr ra | return v0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/dmonitord @ 0x525c */
| #include <stdint.h>
|
; (fcn) sym.restart_camblock () | void restart_camblock () {
0x0000525c lui gp, 2 |
0x00005260 addiu gp, gp, -0x424c |
0x00005264 addu gp, gp, t9 | gp += t9;
0x00005268 addiu sp, sp, -0x40 |
0x0000526c lw a3, -0x7fd8(gp) | a3 = *((gp - 8182));
0x00005270 sw s1, 0x2c(sp) | *(var_2ch) = s1;
0x00005274 lw s1, -0x7fd8(gp) | s1 = *((gp - 8182));
0x00005278 sw s4, 0x38(sp) | *(var_38h) = s4;
0x0000527c addiu v0, s1, 0x7ca4 | v0 = s1 + str.camblock.service;
0x00005280 lw s4, -0x7fdc(gp) | s4 = *((gp - 8183));
0x00005284 sw v0, 0x14(sp) | *(var_14h) = v0;
0x00005288 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x0000528c lw a2, -0x7fd8(gp) | a2 = *((gp - 8182));
0x00005290 sw s3, 0x34(sp) | *(var_34h) = s3;
0x00005294 lw s3, -0x7fd8(gp) | s3 = *((gp - 8182));
0x00005298 lw t9, -0x7fd0(gp) | t9 = sym.dbus_call_method_ss;
0x0000529c sw s2, 0x30(sp) | *(var_30h) = s2;
0x000052a0 addiu v0, v0, 0x7cb8 | v0 += str.GetUnit;
0x000052a4 move s2, a0 | s2 = a0;
0x000052a8 lw a0, -0x6cc8(s4) | a0 = *((s4 - 6962));
0x000052ac sw gp, 0x20(sp) | *(var_20h) = gp;
0x000052b0 sw ra, 0x3c(sp) | *(var_3ch) = ra;
0x000052b4 addiu a3, a3, 0x7b10 | a3 += str.org.freedesktop.systemd1.Manager
0x000052b8 addiu a2, a2, 0x7b34 | a2 += str._org_freedesktop_systemd1
0x000052bc sw s0, 0x28(sp) | *(var_28h) = s0;
0x000052c0 sw zero, 0x18(sp) | *(var_18h) = 0;
0x000052c4 sw v0, 0x10(sp) | *(var_10h) = v0;
0x000052c8 addiu a1, s3, 0x7b50 | a1 = s3 + str.org.freedesktop.systemd1
0x000052cc bal 0x3c30 | sym_dbus_call_method_ss ();
0x000052d0 lw gp, 0x20(sp) | gp = *(var_20h);
0x000052d4 lw t9, -0x7fbc(gp) | t9 = sym.dbus_msg_objpath;
0x000052d8 move a0, v0 | a0 = v0;
0x000052dc bal 0x3b28 | sym_dbus_msg_objpath ();
0x000052e0 lw gp, 0x20(sp) | gp = *(var_20h);
| if (v0 == 0) {
0x000052e4 beqz v0, 0x53c8 | goto label_0;
| }
0x000052e8 move a2, v0 | a2 = v0;
0x000052ec move s0, v0 | s0 = v0;
0x000052f0 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x000052f4 lw a3, -0x7fd8(gp) | a3 = *((gp - 8182));
0x000052f8 addiu v0, v0, 0x7d00 | v0 += str.ActiveState;
0x000052fc sw v0, 0x18(sp) | *(var_18h) = v0;
0x00005300 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x00005304 lw t9, -0x7fd0(gp) | t9 = sym.dbus_call_method_ss;
0x00005308 addiu v0, v0, 0x7d0c | v0 += str.org.freedesktop.systemd1.Unit
0x0000530c sw v0, 0x14(sp) | *(var_14h) = v0;
0x00005310 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x00005314 lw a0, -0x6cc8(s4) | a0 = *((s4 - 6962));
0x00005318 addiu v0, v0, 0x7d2c | v0 += 0x7d2c;
0x0000531c addiu a1, s3, 0x7b50 | a1 = s3 + str.org.freedesktop.systemd1
0x00005320 addiu a3, a3, 0x7ce0 | a3 += str.org.freedesktop.DBus.Properties;
0x00005324 sw v0, 0x10(sp) | *(var_10h) = v0;
0x00005328 bal 0x3c30 | sym_dbus_call_method_ss ();
0x0000532c lw gp, 0x20(sp) | gp = *(var_20h);
0x00005330 lw t9, -0x7fb8(gp) | t9 = sym.dbus_msg_str;
0x00005334 move a0, v0 | a0 = v0;
0x00005338 bal 0x3950 | sym_dbus_msg_str ();
0x0000533c lw gp, 0x20(sp) | gp = *(var_20h);
0x00005340 move s3, v0 | s3 = v0;
0x00005344 lw s4, -0x7fc8(gp) | s4 = *(gp);
| if (v0 == 0) {
0x00005348 beqz v0, 0x53b4 | goto label_1;
| }
0x0000534c lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x00005350 lw t9, -0x7f24(gp) | t9 = sym.imp.strcmp;
0x00005354 addiu a1, a1, 0x7d30 | a1 += str.activating;
0x00005358 move a0, v0 | a0 = v0;
0x0000535c jalr t9 | t9 ();
0x00005360 lw gp, 0x20(sp) | gp = *(var_20h);
0x00005364 bnez v0, 0x53b4 |
| while (1) {
0x00005368 lw t9, -0x7e70(gp) | t9 = sym.imp.free;
0x0000536c move a0, s3 | a0 = s3;
0x00005370 jalr t9 | t9 ();
0x00005374 lw gp, 0x20(sp) | gp = *(var_20h);
0x00005378 lw t9, -0x7e70(gp) | t9 = sym.imp.free;
0x0000537c move a0, s0 | a0 = s0;
0x00005380 jalr t9 | t9 ();
0x00005384 move t9, s4 | t9 = s4;
0x00005388 lw a0, 8(s2) | a0 = *((s2 + 2));
0x0000538c bal 0x4e68 | sym_restart_systemctl_service ()
0x00005390 lw ra, 0x3c(sp) | ra = *(var_3ch);
0x00005394 lw s4, 0x38(sp) | s4 = *(var_38h);
0x00005398 lw s3, 0x34(sp) | s3 = *(var_34h);
0x0000539c lw s2, 0x30(sp) | s2 = *(var_30h);
0x000053a0 lw s1, 0x2c(sp) | s1 = *(var_2ch);
0x000053a4 lw s0, 0x28(sp) | s0 = *(var_28h);
0x000053a8 move v0, zero | v0 = 0;
0x000053ac addiu sp, sp, 0x40 |
0x000053b0 jr ra | return v0;
| label_1:
0x000053b4 move t9, s4 | t9 = s4;
0x000053b8 addiu a0, s1, 0x7ca4 | a0 = s1 + str.camblock.service;
0x000053bc bal 0x4e68 | sym_restart_systemctl_service ()
0x000053c0 lw gp, 0x20(sp) | gp = *(var_20h);
0x000053c4 b 0x5368 |
| }
| label_0:
0x000053c8 lw a3, -0x7fd4(gp) | a3 = *((gp - 8181));
0x000053cc lw a2, -0x7fd8(gp) | a2 = *((gp - 8182));
0x000053d0 lw t9, -0x7ed4(gp) | t9 = sym.imp.__syslog_chk;
0x000053d4 addiu a3, a3, -0x7a0c | a3 += -0x7a0c;
0x000053d8 addiu a2, a2, 0x7cc0 | a2 += str._s:_Unable_to_get_object_path;
0x000053dc addiu a1, zero, 1 | a1 = 1;
0x000053e0 addiu a0, zero, 3 | a0 = 3;
0x000053e4 jalr t9 | t9 ();
0x000053e8 lw ra, 0x3c(sp) | ra = *(var_3ch);
0x000053ec lw s4, 0x38(sp) | s4 = *(var_38h);
0x000053f0 lw s3, 0x34(sp) | s3 = *(var_34h);
0x000053f4 lw s2, 0x30(sp) | s2 = *(var_30h);
0x000053f8 lw s1, 0x2c(sp) | s1 = *(var_2ch);
0x000053fc lw s0, 0x28(sp) | s0 = *(var_28h);
0x00005400 move v0, zero | v0 = 0;
0x00005404 addiu sp, sp, 0x40 |
0x00005408 jr ra | return v0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/dmonitord @ 0x4f40 */
| #include <stdint.h>
|
; (fcn) sym.restart_imaging () | void restart_imaging () {
0x00004f40 lui gp, 2 |
0x00004f44 addiu gp, gp, -0x3f30 |
0x00004f48 addu gp, gp, t9 | gp += t9;
0x00004f4c addiu sp, sp, -0x20 |
0x00004f50 lw a0, 8(a0) | a0 = *((a0 + 2));
0x00004f54 lw t9, -0x7fc8(gp) | t9 = *(gp);
0x00004f58 sw ra, 0x1c(sp) | *(var_1ch) = ra;
0x00004f5c sw gp, 0x10(sp) | *(var_10h) = gp;
0x00004f60 bal 0x4e68 | sym_restart_systemctl_service ()
0x00004f64 nop |
0x00004f68 lw ra, 0x1c(sp) | ra = *(var_1ch);
0x00004f6c move v0, zero | v0 = 0;
0x00004f70 addiu sp, sp, 0x20 |
0x00004f74 jr ra | return v0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/dmonitord @ 0x4f08 */
| #include <stdint.h>
|
; (fcn) sym.restart_mcu_service () | void restart_mcu_service () {
0x00004f08 lui gp, 2 |
0x00004f0c addiu gp, gp, -0x3ef8 |
0x00004f10 addu gp, gp, t9 | gp += t9;
0x00004f14 addiu sp, sp, -0x20 |
0x00004f18 lw a0, 0x74(a0) | a0 = *((a0 + 29));
0x00004f1c lw t9, -0x7fc8(gp) | t9 = *(gp);
0x00004f20 sw ra, 0x1c(sp) | *(var_1ch) = ra;
0x00004f24 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00004f28 bal 0x4e68 | sym_restart_systemctl_service ()
0x00004f2c nop |
0x00004f30 lw ra, 0x1c(sp) | ra = *(var_1ch);
0x00004f34 move v0, zero | v0 = 0;
0x00004f38 addiu sp, sp, 0x20 |
0x00004f3c jr ra | return v0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/dmonitord @ 0x4f78 */
| #include <stdint.h>
|
; (fcn) sym.try_restart_imaging_then_reboot () | void try_restart_imaging_then_reboot () {
0x00004f78 lui gp, 2 |
0x00004f7c addiu gp, gp, -0x3f68 |
0x00004f80 addu gp, gp, t9 | gp += t9;
0x00004f84 addiu sp, sp, -0x20 |
0x00004f88 lw v0, 0xd4(a0) | v0 = *((a0 + 53));
0x00004f8c sw gp, 0x10(sp) | *(var_10h) = gp;
0x00004f90 slti v0, v0, 2 | v0 = (v0 < 2) ? 1 : 0;
0x00004f94 sw ra, 0x1c(sp) | *(var_1ch) = ra;
0x00004f98 lw t9, -0x7ea8(gp) | t9 = sym.imp.reboot;
| if (v0 != 0) {
0x00004f9c beqz v0, 0x4fb0 |
0x00004fa0 lw v0, 0x34(a0) | v0 = *((a0 + 13));
0x00004fa4 slti v0, v0, 2 | v0 = (v0 < 2) ? 1 : 0;
0x00004fa8 lw t9, -0x7fc8(gp) | t9 = *(gp);
| if (v0 == 0) {
0x00004fac bnel v0, zero, 0x4fcc | goto label_0;
| }
| }
0x00004fb0 lui a0, 0x123 | a0 = 0x1234567;
0x00004fb4 addiu a0, a0, 0x4567 |
0x00004fb8 jalr t9 | t9 ();
0x00004fbc lw ra, 0x1c(sp) | ra = *(var_1ch);
0x00004fc0 move v0, zero | v0 = 0;
0x00004fc4 addiu sp, sp, 0x20 |
0x00004fc8 jr ra | return v0;
| label_0:
0x00004fcc lw a0, 8(a0) | a0 = *((a0 + 2));
0x00004fd0 bal 0x4e68 | sym_restart_systemctl_service ()
0x00004fd4 lw ra, 0x1c(sp) | ra = *(var_1ch);
0x00004fd8 move v0, zero | v0 = 0;
0x00004fdc addiu sp, sp, 0x20 |
0x00004fe0 jr ra | return v0;
| }
[*] Function system used 13 times dmonitord
