[*] Binary protection state of mdhcp6
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function popen tear down of mdhcp6
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/mdhcp6 @ 0x50c8 */
| #include <stdint.h>
|
; (fcn) sym.optionmap_create_environ () | void optionmap_create_environ () {
0x000050c8 lui gp, 2 |
0x000050cc addiu gp, gp, -0x5ef8 |
0x000050d0 addu gp, gp, t9 | gp += t9;
0x000050d4 addiu sp, sp, -0x40 |
0x000050d8 sw s3, 0x28(sp) | *(var_18h) = s3;
0x000050dc addiu s3, zero, 0x14 | s3 = 0x14;
0x000050e0 mul v0, a1, s3 | __asm ("mul v0, a1, s3");
0x000050e4 sw s4, 0x2c(sp) | *(var_2ch_2) = s4;
0x000050e8 lw s4, -0x7fcc(gp) | s4 = *((gp - 8179));
0x000050ec sw s0, 0x1c(sp) | *(var_1ch) = s0;
0x000050f0 sw gp, 0x10(sp) | *(var_10h_2) = gp;
0x000050f4 sw ra, 0x3c(sp) | *(var_2ch) = ra;
0x000050f8 sw s7, 0x38(sp) | *(var_28h) = s7;
0x000050fc sw s6, 0x34(sp) | *(var_24h) = s6;
0x00005100 sw s5, 0x30(sp) | *(var_20h) = s5;
0x00005104 sw s2, 0x24(sp) | *(var_14h) = s2;
0x00005108 sw s1, 0x20(sp) | *(var_10h) = s1;
0x0000510c move s0, a0 | s0 = a0;
0x00005110 addu s3, v0, a0 | s3 = v0 + a0;
0x00005114 addiu s4, s4, 0x6bf0 | s4 += str._old;
| do {
| label_0:
0x00005118 lw s6, (s0) | s6 = *(s0);
| if (s0 != s3) {
0x0000511c bnel s0, s3, 0x514c |
0x00005120 lw ra, 0x3c(sp) | ra = *(var_2ch);
0x00005124 lw s7, 0x38(sp) | s7 = *(var_28h);
0x00005128 lw s6, 0x34(sp) | s6 = *(var_24h);
0x0000512c lw s5, 0x30(sp) | s5 = *(var_20h);
0x00005130 lw s4, 0x2c(sp) | s4 = *(var_2ch_2);
0x00005134 lw s3, 0x28(sp) | s3 = *(var_18h);
0x00005138 lw s2, 0x24(sp) | s2 = *(var_14h);
0x0000513c lw s1, 0x20(sp) | s1 = *(var_10h);
0x00005140 lw s0, 0x1c(sp) | s0 = *(var_1ch);
0x00005144 addiu sp, sp, 0x40 |
0x00005148 jr ra | return v0;
| }
0x0000514c beql s6, zero, 0x5118 |
| } while (s6 == 0);
0x00005150 addiu s0, s0, 0x14 | s0 += 0x14;
0x00005154 lw s5, 0xc(s0) | s5 = *((s0 + 3));
0x00005158 lw t9, -0x7e84(gp) | t9 = sym.imp.strlen;
| if (s5 != 0) {
0x0000515c beqz s5, 0x51fc |
0x00005160 move a0, s6 | a0 = s6;
0x00005164 jalr t9 | t9 ();
0x00005168 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x0000516c move a0, s5 | a0 = s5;
0x00005170 lw t9, -0x7e84(gp) | t9 = sym.imp.strlen;
0x00005174 move s1, v0 | s1 = v0;
0x00005178 jalr t9 | t9 ();
0x0000517c lw gp, 0x10(sp) | gp = *(var_10h_2);
0x00005180 addiu s7, v0, 1 | s7 = v0 + 1;
0x00005184 addiu a0, s1, 5 | a0 = s1 + 5;
0x00005188 lw t9, -0x7e5c(gp) | t9 = sym.imp.malloc;
0x0000518c addu a0, a0, s7 | a0 += s7;
0x00005190 jalr t9 | t9 ();
0x00005194 move s2, v0 | s2 = v0;
0x00005198 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x0000519c beqz v0, 0x51fc | goto label_1;
| }
0x000051a0 lw t9, -0x7e10(gp) | t9 = sym.imp.memcpy;
0x000051a4 move a2, s1 | a2 = s1;
0x000051a8 move a1, s6 | a1 = s6;
0x000051ac move a0, v0 | a0 = v0;
0x000051b0 jalr t9 | t9 ();
0x000051b4 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x000051b8 addu s1, s2, s1 | s1 = s2 + s1;
0x000051bc addiu a2, zero, 5 | a2 = 5;
0x000051c0 lw t9, -0x7e10(gp) | t9 = sym.imp.memcpy;
0x000051c4 move a1, s4 | a1 = s4;
0x000051c8 move a0, s1 | a0 = s1;
0x000051cc jalr t9 | t9 ();
0x000051d0 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x000051d4 move a2, s7 | a2 = s7;
0x000051d8 move a1, s5 | a1 = s5;
0x000051dc lw t9, -0x7e10(gp) | t9 = sym.imp.memcpy;
0x000051e0 addiu a0, s1, 5 | a0 = s1 + 5;
0x000051e4 jalr t9 | t9 ();
0x000051e8 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x000051ec lw t9, -0x7ec8(gp) | t9 = sym.imp.putenv;
0x000051f0 move a0, s2 | a0 = s2;
0x000051f4 jalr t9 | t9 ();
0x000051f8 lw gp, 0x10(sp) | gp = *(var_10h_2);
| }
| label_1:
0x000051fc lw a1, 8(s0) | a1 = *((s0 + 2));
0x00005200 lw t9, -0x7e8c(gp) | t9 = sym.imp.setenv;
| if (a1 != 0) {
0x00005204 beqz a1, 0x5218 |
0x00005208 lw a0, (s0) | a0 = *(s0);
0x0000520c addiu a2, zero, 1 | a2 = 1;
0x00005210 jalr t9 | t9 ();
0x00005214 lw gp, 0x10(sp) | gp = *(var_10h_2);
| }
0x00005218 addiu s0, s0, 0x14 | s0 += 0x14;
0x0000521c b 0x5118 | goto label_0;
| }
[*] Function popen used 1 times mdhcp6
