[*] Binary protection state of sadf
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function popen tear down of sadf
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/sadf @ 0xa9f0 */
| #include <stdint.h>
|
; (fcn) sym.upgrade_magic_section () | void upgrade_magic_section () {
0x0000a9f0 lui gp, 7 |
0x0000a9f4 addiu gp, gp, 0x45d0 |
0x0000a9f8 addu gp, gp, t9 | gp += t9;
0x0000a9fc addiu sp, sp, -0xa8 |
0x0000aa00 lw t9, -0x7e9c(gp) | t9 = sym.sa_open_read_magic;
0x0000aa04 sw s2, 0x8c(sp) | *(var_8ch) = s2;
0x0000aa08 lw s2, -0x7b7c(gp) | s2 = *((gp - 7903));
0x0000aa0c sw s1, 0x88(sp) | *(var_88h) = s1;
0x0000aa10 lw s1, 0xc0(sp) | s1 = *(arg_c0h);
0x0000aa14 lw v0, (s2) | v0 = *(s2);
0x0000aa18 sw s6, 0x9c(sp) | *(var_9ch) = s6;
0x0000aa1c sw s0, 0x84(sp) | *(var_84h) = s0;
0x0000aa20 move s6, a1 | s6 = a1;
0x0000aa24 move s0, a3 | s0 = a3;
0x0000aa28 sw v0, 0x7c(sp) | *(var_7ch) = v0;
0x0000aa2c addiu v0, zero, 5 | v0 = 5;
0x0000aa30 sw gp, 0x18(sp) | *(var_18h) = gp;
0x0000aa34 sw s7, 0xa0(sp) | *(var_a0h) = s7;
0x0000aa38 sw s5, 0x98(sp) | *(var_98h) = s5;
0x0000aa3c sw s3, 0x90(sp) | *(var_90h) = s3;
0x0000aa40 move a1, a0 | a1 = a0;
0x0000aa44 sw ra, 0xa4(sp) | *(var_a4h) = ra;
0x0000aa48 sw s4, 0x94(sp) | *(var_94h) = s4;
0x0000aa4c move s3, a2 | s3 = a2;
0x0000aa50 sw zero, 0x14(sp) | *(var_14h) = 0;
0x0000aa54 sw s1, 0x10(sp) | *(var_10h) = s1;
0x0000aa58 addiu a3, zero, 1 | a3 = 1;
0x0000aa5c move a2, s0 | a2 = s0;
0x0000aa60 move a0, s6 | a0 = s6;
0x0000aa64 sw zero, 0x24(sp) | *(var_24h) = 0;
0x0000aa68 sw zero, 0x28(sp) | *(var_28h) = 0;
0x0000aa6c sw v0, 0x2c(sp) | *(var_2ch) = v0;
0x0000aa70 lw s7, 0xb8(sp) | s7 = *(arg_b8h);
0x0000aa74 lw s5, 0xbc(sp) | s5 = *(arg_bch);
0x0000aa78 jalr t9 | t9 ();
0x0000aa7c lhu v0, 2(s0) | v0 = *((s0 + 1));
0x0000aa80 addiu v1, zero, 0x2175 | v1 = 0x2175;
0x0000aa84 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == v1) {
0x0000aa88 beq v0, v1, 0xac9c | goto label_3;
| }
0x0000aa8c sltiu v1, v0, 0x2176 | v1 = (v0 < 0x2176) ? 1 : 0;
0x0000aa90 addiu v1, zero, 0x7321 | v1 = 0x7321;
| if (v1 != 0) {
0x0000aa94 bnez v1, 0xab10 | goto label_4;
| }
0x0000aa98 addiu v1, zero, 0x7521 | v1 = 0x7521;
| if (v0 == v1) {
0x0000aa9c beq v0, v1, 0xab24 | goto label_5;
| }
0x0000aaa0 addiu v1, zero, 0x7121 | v1 = 0x7121;
| if (v0 == v1) {
0x0000aaa4 beq v0, v1, 0xac9c | goto label_3;
| }
0x0000aaa8 addiu v0, zero, 0x2171 | v0 = 0x2171;
| if (v0 == v1) {
0x0000aaac beq v0, v1, 0xacb0 | goto label_6;
| }
0x0000aab0 lw v0, -0x7b6c(gp) | v0 = *((gp - 7899));
| do {
0x0000aab4 lw a0, -0x7fdc(gp) | a0 = *(gp);
0x0000aab8 lw t9, -0x7bb0(gp) | t9 = sym.imp.fwrite;
0x0000aabc lw a3, (v0) | a3 = *(v0);
0x0000aac0 addiu a2, zero, 0x27 | a2 = 0x27;
0x0000aac4 addiu a1, zero, 1 | a1 = 1;
| /* str.Cannot_convert_the_format_of_this_file_n */
0x0000aac8 addiu a0, a0, -0x21d0 | a0 += -0x21d0;
0x0000aacc jalr t9 | t9 ();
0x0000aad0 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000aad4 addiu v0, zero, -1 | v0 = -1;
| label_0:
0x0000aad8 lw a0, 0x7c(sp) | a0 = *(var_7ch);
0x0000aadc lw v1, (s2) | v1 = *(s2);
0x0000aae0 lw ra, 0xa4(sp) | ra = *(var_a4h);
| if (a0 != v1) {
0x0000aae4 bne a0, v1, 0xad6c | goto label_7;
| }
0x0000aae8 lw s7, 0xa0(sp) | s7 = *(var_a0h);
0x0000aaec lw s6, 0x9c(sp) | s6 = *(var_9ch);
0x0000aaf0 lw s5, 0x98(sp) | s5 = *(var_98h);
0x0000aaf4 lw s4, 0x94(sp) | s4 = *(var_94h);
0x0000aaf8 lw s3, 0x90(sp) | s3 = *(var_90h);
0x0000aafc lw s2, 0x8c(sp) | s2 = *(var_8ch);
0x0000ab00 lw s1, 0x88(sp) | s1 = *(var_88h);
0x0000ab04 lw s0, 0x84(sp) | s0 = *(var_84h);
0x0000ab08 addiu sp, sp, 0xa8 |
0x0000ab0c jr ra | return v0;
| label_4:
0x0000ab10 addiu v1, zero, 0x2171 | v1 = 0x2171;
0x0000ab14 addiu v1, zero, 0x2173 | v1 = 0x2173;
| if (v0 == v1) {
0x0000ab18 beq v0, v1, 0xacac | goto label_8;
| }
0x0000ab1c lw v0, -0x7b6c(gp) | v0 = *((gp - 7899));
0x0000ab20 bne v0, v1, 0xaab4 |
| } while (v0 != v1);
| label_5:
0x0000ab24 addiu v0, zero, 0x2173 | v0 = 0x2173;
0x0000ab28 sw v0, (s5) | *(s5) = v0;
| label_1:
0x0000ab2c lw s4, -0x7b6c(gp) | s4 = *((gp - 7899));
0x0000ab30 lw a0, -0x7fdc(gp) | a0 = *(gp);
0x0000ab34 lw t9, -0x7bb0(gp) | t9 = sym.imp.fwrite;
0x0000ab38 lw a3, (s4) | a3 = *(s4);
0x0000ab3c addiu a2, zero, 0xc | a2 = 0xc;
0x0000ab40 addiu a1, zero, 1 | a1 = 1;
| /* str.file_magic:_ */
0x0000ab44 addiu a0, a0, -0x21a8 | a0 += -0x21a8;
0x0000ab48 jalr t9 | t9 ();
0x0000ab4c lw v1, (s5) | v1 = *(s5);
0x0000ab50 addiu v0, zero, 0x2171 | v0 = 0x2171;
0x0000ab54 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v1 == v0) {
0x0000ab58 beq v1, v0, 0xacd4 | goto label_9;
| }
| label_2:
0x0000ab5c lw v0, (s1) | v0 = *(s1);
0x0000ab60 addiu a1, zero, 0x7521 | a1 = 0x7521;
0x0000ab64 addiu v1, zero, 0x2175 | v1 = 0x2175;
| if (v0 == 0) {
0x0000ab68 movn v1, a1, v0 | v1 = a1;
| }
0x0000ab6c lw a0, 8(s0) | a0 = *((s0 + 2));
0x0000ab70 move v0, v1 | v0 = v1;
0x0000ab74 sh v0, 2(s0) | *((s0 + 1)) = v0;
0x0000ab78 addiu v0, zero, 0x148 | v0 = aav.0x00000148;
0x0000ab7c sw a0, (s7) | *(s7) = a0;
0x0000ab80 addiu v1, zero, 1 | v1 = 1;
0x0000ab84 lw t9, -0x7bf4(gp) | t9 = sym.imp.memset;
0x0000ab88 sw v0, 8(s0) | *((s0 + 2)) = v0;
0x0000ab8c addiu v0, zero, 0xb | v0 = 0xb;
0x0000ab90 sw v1, 0x10(s0) | *((s0 + 4)) = v1;
0x0000ab94 sw v1, 0x14(s0) | *((s0 + 5)) = v1;
0x0000ab98 addiu a2, zero, 0x30 | a2 = 0x30;
0x0000ab9c move a1, zero | a1 = 0;
0x0000aba0 addiu a0, s0, 0x1c | a0 = s0 + 0x1c;
0x0000aba4 sw v0, 0x18(s0) | *((s0 + 6)) = v0;
0x0000aba8 jalr t9 | t9 ();
0x0000abac lw gp, 0x18(sp) | gp = *(var_18h);
0x0000abb0 addiu s5, sp, 0x30 | s5 = sp + 0x30;
0x0000abb4 lw t9, -0x7e98(gp) | t9 = sym.enum_version_nr;
0x0000abb8 move a0, s5 | a0 = s5;
0x0000abbc jalr t9 | t9 ();
0x0000abc0 lbu v1, 0x35(sp) | v1 = *(var_35h);
0x0000abc4 lbu v0, 0x36(sp) | v0 = *(var_36h);
0x0000abc8 sll v1, v1, 8 | v1 <<= 8;
0x0000abcc addu v1, v1, v0 | v1 += v0;
0x0000abd0 addiu v1, v1, 1 | v1++;
0x0000abd4 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000abd8 move v0, s0 | v0 = s0;
0x0000abdc sw v1, 0xc(s0) | *((s0 + 3)) = v1;
0x0000abe0 addiu t0, s0, 0x40 | t0 = s0 + 0x40;
0x0000abe4 move v1, s5 | v1 = s5;
| do {
0x0000abe8 lwl a3, 3(v0) | __asm ("lwl a3, 3(v0)");
0x0000abec lwl a2, 7(v0) | __asm ("lwl a2, 7(v0)");
0x0000abf0 lwl a1, 0xb(v0) | __asm ("lwl a1, 0xb(v0)");
0x0000abf4 lwl a0, 0xf(v0) | __asm ("lwl a0, 0xf(v0)");
0x0000abf8 lwr a3, (v0) | __asm ("lwr a3, (v0)");
0x0000abfc lwr a2, 4(v0) | __asm ("lwr a2, 4(v0)");
0x0000ac00 lwr a1, 8(v0) | __asm ("lwr a1, 8(v0)");
0x0000ac04 lwr a0, 0xc(v0) | __asm ("lwr a0, 0xc(v0)");
0x0000ac08 addiu v0, v0, 0x10 | v0 += 0x10;
0x0000ac0c sw a3, (v1) | *(v1) = a3;
0x0000ac10 sw a2, 4(v1) | *((v1 + 1)) = a2;
0x0000ac14 sw a1, 8(v1) | *((v1 + 2)) = a1;
0x0000ac18 sw a0, 0xc(v1) | *((v1 + 3)) = a0;
0x0000ac1c addiu v1, v1, 0x10 | v1 += 0x10;
0x0000ac20 bne v0, t0, 0xabe8 |
| } while (v0 != t0);
0x0000ac24 lwl a0, 0xb(v0) | __asm ("lwl a0, 0xb(v0)");
0x0000ac28 lwl a2, 3(v0) | __asm ("lwl a2, 3(v0)");
0x0000ac2c lwl a1, 7(v0) | __asm ("lwl a1, 7(v0)");
0x0000ac30 lwr a0, 8(v0) | __asm ("lwr a0, 8(v0)");
0x0000ac34 lwr a2, (v0) | __asm ("lwr a2, (v0)");
0x0000ac38 lwr a1, 4(v0) | __asm ("lwr a1, 4(v0)");
0x0000ac3c move v0, a0 | v0 = a0;
0x0000ac40 lw a0, (s1) | a0 = *(s1);
0x0000ac44 sw a2, (v1) | *(v1) = a2;
0x0000ac48 sw a1, 4(v1) | *((v1 + 1)) = a1;
0x0000ac4c sw v0, 8(v1) | *((v1 + 2)) = v0;
0x0000ac50 bnez a0, 0xacb8 |
| while (1) {
0x0000ac54 lw t9, -0x7e94(gp) | t9 = sym.write_all;
0x0000ac58 addiu a2, zero, 0x4c | a2 = 0x4c;
0x0000ac5c move a1, s5 | a1 = s5;
0x0000ac60 move a0, s3 | a0 = s3;
0x0000ac64 jalr t9 | t9 ();
0x0000ac68 addiu v1, zero, 0x4c | v1 = 0x4c;
0x0000ac6c lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != v1) {
0x0000ac70 bne v0, v1, 0xad38 | goto label_10;
| }
0x0000ac74 lw a0, -0x7fdc(gp) | a0 = *(gp);
0x0000ac78 lw t9, -0x7bb0(gp) | t9 = sym.imp.fwrite;
0x0000ac7c lw a3, (s4) | a3 = *(s4);
0x0000ac80 addiu a2, zero, 3 | a2 = 3;
0x0000ac84 addiu a1, zero, 1 | a1 = 1;
| /* esilref: 'OK
' */
0x0000ac88 addiu a0, a0, -0x2180 | a0 += -0x2180;
0x0000ac8c jalr t9 | t9 ();
0x0000ac90 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000ac94 move v0, zero | v0 = 0;
0x0000ac98 b 0xaad8 | goto label_0;
| label_3:
0x0000ac9c addiu v0, zero, 0x2175 | v0 = 0x2175;
0x0000aca0 sw v0, (s5) | *(s5) = v0;
0x0000aca4 move v0, zero | v0 = 0;
0x0000aca8 b 0xaad8 | goto label_0;
| label_8:
0x0000acac addiu v0, zero, 0x2171 | v0 = 0x2171;
| label_6:
0x0000acb0 sw v0, (s5) | *(s5) = v0;
0x0000acb4 b 0xab2c | goto label_1;
0x0000acb8 lw t9, -0x7e90(gp) | t9 = sym.swap_struct;
0x0000acbc move a2, zero | a2 = 0;
0x0000acc0 addiu a1, sp, 0x38 | a1 = sp + 0x38;
0x0000acc4 addiu a0, sp, 0x24 | a0 = sp + 0x24;
0x0000acc8 jalr t9 | t9 ();
0x0000accc lw gp, 0x18(sp) | gp = *(var_18h);
0x0000acd0 b 0xac54 |
| }
| label_9:
0x0000acd4 lw t9, -0x7b88(gp) | t9 = sym.imp.lseek;
0x0000acd8 lw a0, (s6) | a0 = *(s6);
0x0000acdc addiu a2, zero, 1 | a2 = 1;
0x0000ace0 addiu a1, zero, -0x44 | a1 = -0x44;
0x0000ace4 jalr t9 | t9 ();
0x0000ace8 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 >= 0) {
0x0000acec bgez v0, 0xab5c | goto label_2;
| }
0x0000acf0 lw t9, -0x7bfc(gp) | t9 = sym.imp.__errno_location;
0x0000acf4 lw s0, (s4) | s0 = *(s4);
0x0000acf8 jalr t9 | t9 ();
0x0000acfc lw gp, 0x18(sp) | gp = *(var_18h);
0x0000ad00 lw t9, -0x7bc8(gp) | t9 = sym.imp.strerror;
0x0000ad04 lw a0, (v0) | a0 = *(v0);
0x0000ad08 jalr t9 | t9 ();
0x0000ad0c lw gp, 0x18(sp) | gp = *(var_18h);
0x0000ad10 move a3, v0 | a3 = v0;
0x0000ad14 lw a2, -0x7fdc(gp) | a2 = *(gp);
0x0000ad18 lw t9, -0x7c44(gp) | t9 = sym.imp.__fprintf_chk;
| /* str._nlseek:__s_n */
0x0000ad1c addiu a2, a2, -0x2198 | a2 += -0x2198;
| do {
0x0000ad20 addiu a1, zero, 1 | a1 = 1;
0x0000ad24 move a0, s0 | a0 = s0;
0x0000ad28 jalr t9 | t9 ();
0x0000ad2c lw gp, 0x18(sp) | gp = *(var_18h);
0x0000ad30 addiu v0, zero, -1 | v0 = -1;
0x0000ad34 b 0xaad8 | goto label_0;
| label_10:
0x0000ad38 lw t9, -0x7bfc(gp) | t9 = sym.imp.__errno_location;
0x0000ad3c lw s0, (s4) | s0 = *(s4);
0x0000ad40 jalr t9 | t9 ();
0x0000ad44 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000ad48 lw t9, -0x7bc8(gp) | t9 = sym.imp.strerror;
0x0000ad4c lw a0, (v0) | a0 = *(v0);
0x0000ad50 jalr t9 | t9 ();
0x0000ad54 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000ad58 move a3, v0 | a3 = v0;
0x0000ad5c lw a2, -0x7fdc(gp) | a2 = *(gp);
0x0000ad60 lw t9, -0x7c44(gp) | t9 = sym.imp.__fprintf_chk;
| /* str._nwrite:__s_n */
0x0000ad64 addiu a2, a2, -0x218c | a2 += -0x218c;
0x0000ad68 b 0xad20 |
| } while (1);
| label_7:
0x0000ad6c lw t9, -0x7b90(gp) | t9 = sym.imp.__stack_chk_fail;
0x0000ad70 jalr t9 | t9 ();
0x0000ad74 nop |
| }
[*] Function popen used 1 times sadf
