[*] Binary protection state of libaxhttp.so.1.0
Full RELRO Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of libaxhttp.so.1.0
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/lib/libaxhttp.so.1.0 @ 0x1314 */
| #include <stdint.h>
|
; (fcn) entry.fini0 () | void entry_fini0 () {
0x00001314 lui gp, 2 |
0x00001318 addiu gp, gp, -0x6324 |
0x0000131c addu gp, gp, t9 | gp += t9;
0x00001320 addiu sp, sp, -0x20 |
0x00001324 sw s0, 0x18(sp) | *(var_18h) = s0;
0x00001328 lw s0, -0x7fe4(gp) | s0 = *((gp - 8185));
0x0000132c sw gp, 0x10(sp) | *(var_10h) = gp;
0x00001330 sw ra, 0x1c(sp) | *(var_1ch) = ra;
0x00001334 lbu v0, 0x3140(s0) | v0 = *((s0 + 12608));
0x00001338 lw v0, -0x7ecc(gp) | v0 = *((gp - 8115));
| if (v0 == 0) {
0x0000133c bnez v0, 0x1370 |
0x00001340 lw v0, -0x7fe0(gp) | v0 = *((gp - 8184));
| if (v0 != 0) {
0x00001344 beqz v0, 0x1358 |
0x00001348 lw t9, -0x7ecc(gp) | t9 = *((gp - 8115));
0x0000134c lw a0, (v0) | a0 = *(v0);
0x00001350 jalr t9 | t9 ();
0x00001354 lw gp, 0x10(sp) | gp = *(var_10h);
| }
0x00001358 lw t9, -0x7fdc(gp) | t9 = *((gp - 8183));
0x0000135c addiu t9, t9, 0x1290 | t9 += entry0;
0x00001360 bal 0x1290 | entry0 ();
0x00001364 nop |
0x00001368 addiu v0, zero, 1 | v0 = 1;
0x0000136c sb v0, 0x3140(s0) | *((s0 + 12608)) = v0;
| }
0x00001370 lw ra, 0x1c(sp) | ra = *(var_1ch);
0x00001374 lw s0, 0x18(sp) | s0 = *(var_18h);
0x00001378 addiu sp, sp, 0x20 |
0x0000137c jr ra | return v0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/lib/libaxhttp.so.1.0 @ 0x1b80 */
| #include <stdint.h>
|
; (fcn) sym.ax_http_handler_new () | void ax_http_handler_new () {
0x00001b80 lui gp, 2 |
0x00001b84 addiu gp, gp, -0x6b90 |
0x00001b88 addu gp, gp, t9 | gp += t9;
0x00001b8c addiu sp, sp, -0x40 |
0x00001b90 sw s1, 0x30(sp) | *(var_30h) = s1;
0x00001b94 lw s1, -0x7ef4(gp) | s1 = *((gp - 8125));
0x00001b98 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00001b9c sw ra, 0x3c(sp) | *(var_3ch) = ra;
0x00001ba0 lw v0, (s1) | v0 = *(s1);
0x00001ba4 sw s3, 0x38(sp) | *(var_38h) = s3;
0x00001ba8 sw s2, 0x34(sp) | *(var_34h) = s2;
0x00001bac sw s0, 0x2c(sp) | *(var_2ch) = s0;
0x00001bb0 sw v0, 0x24(sp) | *(var_24h) = v0;
0x00001bb4 lw t9, -0x7f90(gp) | t9 = *((gp - 8164));
| if (a0 == 0) {
0x00001bb8 beqz a0, 0x1c8c | goto label_6;
| }
0x00001bbc move s2, a0 | s2 = a0;
0x00001bc0 addiu a0, zero, 0x10 | a0 = 0x10;
0x00001bc4 move s3, a1 | s3 = a1;
0x00001bc8 jalr t9 | t9 ();
0x00001bcc lw gp, 0x10(sp) | gp = *(var_10h);
0x00001bd0 addiu a1, sp, 0x20 | a1 = sp + 0x20;
0x00001bd4 move s0, v0 | s0 = v0;
0x00001bd8 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00001bdc lw t9, -0x7f54(gp) | t9 = *((gp - 8149));
0x00001be0 addiu a0, a0, 0x2c44 | a0 += str.APPNAME;
0x00001be4 jalr t9 | t9 ();
0x00001be8 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x00001bec beqz v0, 0x1c4c | goto label_7;
| }
0x00001bf0 lw t9, -0x7f98(gp) | t9 = *((gp - 8166));
0x00001bf4 lw a0, 0x20(sp) | a0 = *(var_20h);
0x00001bf8 jalr t9 | t9 ();
0x00001bfc lw gp, 0x10(sp) | gp = *(var_10h);
0x00001c00 sw v0, (s0) | *(s0) = v0;
0x00001c04 sw s2, 4(s0) | *((s0 + 1)) = s2;
0x00001c08 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00001c0c lw t9, -0x7f54(gp) | t9 = *((gp - 8149));
0x00001c10 sw s3, 8(s0) | *((s0 + 2)) = s3;
0x00001c14 addiu a1, sp, 0x1c | a1 = sp + 0x1c;
0x00001c18 addiu a0, a0, 0x2c4c | a0 += str.HTTPCGIPATHS;
0x00001c1c jalr t9 | t9 ();
0x00001c20 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x00001c24 beqz v0, 0x1c4c | goto label_7;
| }
0x00001c28 lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00001c2c lw t9, -0x7ee4(gp) | t9 = *((gp - 8121));
0x00001c30 lw a0, (s0) | a0 = *(s0);
0x00001c34 move a2, s0 | a2 = s0;
0x00001c38 addiu a1, a1, 0x1420 | a1 += 0x1420;
0x00001c3c jalr t9 | t9 ();
0x00001c40 lw gp, 0x10(sp) | gp = *(var_10h);
0x00001c44 sw v0, 0xc(s0) | *((s0 + 3)) = v0;
0x00001c48 bnez v0, 0x1c60 |
| while (1) {
| label_7:
0x00001c4c lw t9, -0x7f50(gp) | t9 = *((gp - 8148));
0x00001c50 move a0, s0 | a0 = s0;
0x00001c54 jalr t9 | t9 ();
0x00001c58 lw gp, 0x10(sp) | gp = *(var_10h);
0x00001c5c move s0, zero | s0 = 0;
0x00001c60 lw a0, 0x24(sp) | a0 = *(var_24h);
0x00001c64 lw v1, (s1) | v1 = *(s1);
0x00001c68 move v0, s0 | v0 = s0;
| if (a0 != v1) {
0x00001c6c bne a0, v1, 0x1c94 | goto label_8;
| }
0x00001c70 lw ra, 0x3c(sp) | ra = *(var_3ch);
0x00001c74 lw s3, 0x38(sp) | s3 = *(var_38h);
0x00001c78 lw s2, 0x34(sp) | s2 = *(var_34h);
0x00001c7c lw s1, 0x30(sp) | s1 = *(var_30h);
0x00001c80 lw s0, 0x2c(sp) | s0 = *(var_2ch);
0x00001c84 addiu sp, sp, 0x40 |
0x00001c88 jr ra | return v0;
| label_6:
0x00001c8c move s0, zero | s0 = 0;
0x00001c90 b 0x1c4c |
| }
| label_8:
0x00001c94 lw t9, -0x7f08(gp) | t9 = *((gp - 8130));
0x00001c98 jalr t9 | t9 ();
0x00001c9c nop |
0x00001ca0 lui gp, 2 |
0x00001ca4 addiu gp, gp, -0x6cb0 |
0x00001ca8 addu gp, gp, t9 | gp += t9;
0x00001cac addiu sp, sp, -0x7ff0 |
0x00001cb0 ori a0, zero, 0x9030 | a0 = 0x9030;
0x00001cb4 sw s4, 0x7fe4(sp) | *(arg_7fe4h) = s4;
0x00001cb8 sw s3, 0x7fe0(sp) | *(arg_7fe0h) = s3;
0x00001cbc sw s2, 0x7fdc(sp) | *(arg_7fdch) = s2;
0x00001cc0 sw s1, 0x7fd8(sp) | *(arg_7fd8h) = s1;
0x00001cc4 sw s0, 0x7fd4(sp) | *(arg_7fd4h) = s0;
0x00001cc8 sw ra, 0x7fec(sp) | *(arg_7fech) = ra;
0x00001ccc sw s5, 0x7fe8(sp) | *(arg_7fe8h) = s5;
0x00001cd0 lui s1, 0xffff | s1 = 0xffff0000;
0x00001cd4 addiu sp, sp, -0x1060 |
0x00001cd8 addu a0, a0, sp | a0 += sp;
0x00001cdc addiu s0, s1, 0x6ffc | s0 = s1 + 0x6ffc;
0x00001ce0 lw s2, -0x7ef4(gp) | s2 = *((gp - 8125));
0x00001ce4 addu s0, a0, s0 | s0 = a0 + s0;
0x00001ce8 ori a0, zero, 0x9030 | a0 = 0x9030;
0x00001cec addu a0, a0, sp | a0 += sp;
0x00001cf0 addiu v0, s1, 0x6ff8 | v0 = s1 + 0x6ff8;
0x00001cf4 addu v0, a0, v0 | v0 = a0 + v0;
0x00001cf8 lw v1, (s2) | v1 = *(s2);
0x00001cfc lw a0, 0xc(a2) | a0 = *((a2 + 3));
0x00001d00 sw v0, 0x10(sp) | *(var_10h_2) = v0;
0x00001d04 ori v0, zero, 0x9030 | v0 = 0x9030;
0x00001d08 addu v0, v0, sp | v0 += sp;
0x00001d0c addiu a3, s1, 0x6ff4 | a3 = s1 + 0x6ff4;
0x00001d10 addu a3, v0, a3 | a3 = v0 + a3;
0x00001d14 ori v0, zero, 0x902c | v0 = 0x902c;
0x00001d18 addu v0, v0, sp | v0 += sp;
0x00001d1c sw gp, 0x18(sp) | *(var_18h) = gp;
0x00001d20 lw t9, -0x7f94(gp) | t9 = *((gp - 8165));
0x00001d24 move s3, a2 | s3 = a2;
0x00001d28 move a1, s0 | a1 = s0;
0x00001d2c ori a2, zero, 0x8ffe | a2 = 0x8ffe;
0x00001d30 sw v1, (v0) | *(v0) = v1;
0x00001d34 jalr t9 | t9 ();
0x00001d38 nop |
0x00001d3c move s4, v0 | s4 = v0;
0x00001d40 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x00001d44 bltz v0, 0x1ecc | goto label_9;
| }
0x00001d48 lw s5, -0x7fdc(gp) | s5 = *((gp - 8183));
0x00001d4c lw t9, -0x7ebc(gp) | t9 = *((gp - 8111));
0x00001d50 addiu a0, s5, 0x2c7c | a0 = s5 + 0x2c7c;
0x00001d54 jalr t9 | t9 ();
0x00001d58 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00001d5c beqz v0, 0x1f9c | goto label_10;
| }
0x00001d60 ori v1, zero, 0x9030 | v1 = 0x9030;
0x00001d64 addu v1, v1, sp | v1 += sp;
0x00001d68 addu s1, v1, s1 | s1 = v1 + s1;
0x00001d6c lw v0, 8(v0) | v0 = *((v0 + 2));
0x00001d70 lw a3, 0x6ff8(s1) | a3 = *((s1 + 7166));
0x00001d74 addu s1, s1, s4 | s1 += s4;
| if (a3 != v0) {
0x00001d78 bne a3, v0, 0x1e6c | goto label_11;
| }
0x00001d7c lw t9, -0x7f40(gp) | t9 = *((gp - 8144));
0x00001d80 move a0, s0 | a0 = s0;
0x00001d84 sb zero, 0x6ffc(s1) | *((s1 + 28668)) = 0;
0x00001d88 sb zero, 0x6ffd(s1) | *((s1 + 28669)) = 0;
0x00001d8c jalr t9 | t9 ();
0x00001d90 addiu v0, v0, 1 | v0++;
0x00001d94 addu s0, s0, v0 | s0 += v0;
0x00001d98 addiu v1, zero, 0x26 | v1 = 0x26;
0x00001d9c lb v0, (s0) | v0 = *(s0);
0x00001da0 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != v1) {
0x00001da4 bne v0, v1, 0x1db8 | goto label_12;
| }
0x00001da8 addiu s0, s0, 1 | s0++;
| do {
0x00001dac lb v0, (s0) | v0 = *(s0);
0x00001db0 beql v0, v1, 0x1dac |
| } while (v0 == v1);
0x00001db4 addiu s0, s0, 1 | s0++;
| label_12:
0x00001db8 move a3, zero | a3 = 0;
| if (v0 == 0) {
0x00001dbc beqz v0, 0x1ee0 | goto label_13;
| }
0x00001dc0 lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00001dc4 lw t9, -0x7fb8(gp) | t9 = *((gp - 8174));
0x00001dc8 addiu a2, zero, 5 | a2 = 5;
0x00001dcc addiu a1, a1, 0x2cc0 | a1 += str.POST:;
0x00001dd0 move a0, s0 | a0 = s0;
0x00001dd4 jalr t9 | t9 ();
0x00001dd8 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00001ddc beqz v0, 0x1f3c | goto label_14;
| }
0x00001de0 lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00001de4 lw t9, -0x7fb8(gp) | t9 = *((gp - 8174));
0x00001de8 addiu a2, zero, 4 | a2 = 4;
0x00001dec addiu a1, a1, 0x2cc8 | a1 += str.GET:;
0x00001df0 move a0, s0 | a0 = s0;
0x00001df4 jalr t9 | t9 ();
0x00001df8 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != 0) {
0x00001dfc bnez v0, 0x1f48 | goto label_15;
| }
0x00001e00 addiu v0, zero, 3 | v0 = 3;
0x00001e04 addiu s4, zero, 4 | s4 = 4;
| label_3:
0x00001e08 addu v0, s0, v0 | v0 = s0 + v0;
0x00001e0c addu s1, s0, s4 | s1 = s0 + s4;
0x00001e10 sb zero, (v0) | *(v0) = 0;
| if (s1 != 0) {
0x00001e14 bnez s1, 0x1f54 | goto label_16;
| }
| label_4:
0x00001e18 lb v1, (s0) | v1 = *(s0);
0x00001e1c addiu v0, zero, 0x26 | v0 = 0x26;
0x00001e20 addiu a1, zero, 0x26 | a1 = 0x26;
| if (v1 == v0) {
0x00001e24 beq v1, v0, 0x1f94 | goto label_17;
| }
0x00001e28 move v0, s0 | v0 = s0;
0x00001e2c lb v1, 1(v0) | v1 = *((v0 + 1));
0x00001e30 addiu a0, v0, 1 | a0 = v0 + 1;
| if (v1 == 0) {
0x00001e34 beqz v1, 0x1e50 | goto label_2;
| }
| do {
| if (v1 == a1) {
0x00001e38 beql v1, a1, 0x1f2c | goto label_18;
| }
0x00001e3c lb v1, -1(a0) | v1 = *((a0 - 1));
0x00001e40 move v0, a0 | v0 = a0;
| label_1:
0x00001e44 lb v1, 1(v0) | v1 = *((v0 + 1));
0x00001e48 addiu a0, v0, 1 | a0 = v0 + 1;
0x00001e4c bnez v1, 0x1e38 |
| } while (v1 != 0);
| label_2:
0x00001e50 lw t9, -0x7f7c(gp) | t9 = *((gp - 8159));
0x00001e54 move a0, s0 | a0 = s0;
0x00001e58 jalr t9 | t9 ();
0x00001e5c move a3, v0 | a3 = v0;
0x00001e60 move a2, s0 | a2 = s0;
0x00001e64 move s0, s1 | s0 = s1;
0x00001e68 b 0x1ee4 | goto label_19;
| label_11:
0x00001e6c lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00001e70 lw t9, -0x7f5c(gp) | t9 = *((gp - 8151));
0x00001e74 addiu a2, a2, 0x2c98 | a2 += str.Credentials_does_not_match_uid:___d_;
| do {
| label_5:
0x00001e78 addiu a1, zero, 0x10 | a1 = 0x10;
0x00001e7c move a0, zero | a0 = 0;
0x00001e80 jalr t9 | t9 ();
0x00001e84 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001e88 move v0, zero | v0 = 0;
| label_0:
0x00001e8c ori v1, zero, 0x902c | v1 = 0x902c;
0x00001e90 addu v1, v1, sp | v1 += sp;
0x00001e94 lw a0, (v1) | a0 = *(v1);
0x00001e98 lw v1, (s2) | v1 = *(s2);
0x00001e9c lw t9, -0x7f08(gp) | t9 = *((gp - 8130));
| if (a0 != v1) {
0x00001ea0 bne a0, v1, 0x1fb8 | goto label_20;
| }
0x00001ea4 addiu sp, sp, 0x1060 |
0x00001ea8 lw ra, 0x7fec(sp) | ra = *(arg_7fech);
0x00001eac lw s5, 0x7fe8(sp) | s5 = *(arg_7fe8h);
0x00001eb0 lw s4, 0x7fe4(sp) | s4 = *(arg_7fe4h);
0x00001eb4 lw s3, 0x7fe0(sp) | s3 = *(arg_7fe0h);
0x00001eb8 lw s2, 0x7fdc(sp) | s2 = *(arg_7fdch);
0x00001ebc lw s1, 0x7fd8(sp) | s1 = *(arg_7fd8h);
0x00001ec0 lw s0, 0x7fd4(sp) | s0 = *(arg_7fd4h);
0x00001ec4 addiu sp, sp, 0x7ff0 |
0x00001ec8 jr ra | return v0;
| label_9:
0x00001ecc lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00001ed0 lw t9, -0x7f5c(gp) | t9 = *((gp - 8151));
0x00001ed4 move a3, v0 | a3 = v0;
0x00001ed8 addiu a2, a2, 0x2c5c | a2 += str.fdipc_recv_with_uid_failed___i_;
0x00001edc b 0x1e78 |
| } while (1);
| label_13:
0x00001ee0 move a2, zero | a2 = 0;
| label_19:
0x00001ee4 ori v0, zero, 0x9030 | v0 = 0x9030;
0x00001ee8 lui a0, 0xffff | a0 = 0xffff0000;
0x00001eec addu v0, v0, sp | v0 += sp;
0x00001ef0 addu v0, v0, a0 | v0 += a0;
0x00001ef4 lw v1, 0x1c(s3) | v1 = *((s3 + 7));
0x00001ef8 lw v0, 0x6ff4(v0) | v0 = *((v0 + 7165));
0x00001efc lw t9, 0x18(s3) | t9 = *((s3 + 6));
0x00001f00 sw v0, 0x10(sp) | *(var_10h_2) = v0;
0x00001f04 ori v0, zero, 0x9030 | v0 = 0x9030;
0x00001f08 addu v0, v0, sp | v0 += sp;
0x00001f0c addiu a0, a0, 0x6ffc | a0 += 0x6ffc;
0x00001f10 addu a0, v0, a0 | a0 = v0 + a0;
0x00001f14 sw v1, 0x14(sp) | *(var_14h) = v1;
0x00001f18 move a1, s0 | a1 = s0;
0x00001f1c jalr t9 | t9 ();
0x00001f20 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001f24 addiu v0, zero, 1 | v0 = 1;
0x00001f28 b 0x1e8c | goto label_0;
| label_18:
0x00001f2c move v0, a0 | v0 = a0;
| if (v1 == a1) {
0x00001f30 bnel v1, a1, 0x1e44 | goto label_1;
| }
0x00001f34 sb zero, (v0) | *(v0) = 0;
0x00001f38 b 0x1e50 | goto label_2;
| label_14:
0x00001f3c addiu v0, zero, 4 | v0 = 4;
0x00001f40 addiu s4, zero, 5 | s4 = 5;
0x00001f44 b 0x1e08 | goto label_3;
| label_15:
0x00001f48 sb zero, -1(s0) | *((s0 - 1)) = 0;
0x00001f4c move s1, s0 | s1 = s0;
0x00001f50 move s4, zero | s4 = 0;
| label_16:
0x00001f54 lw t9, -0x7f1c(gp) | t9 = *((gp - 8135));
0x00001f58 move a2, zero | a2 = 0;
0x00001f5c move a1, zero | a1 = 0;
0x00001f60 move a0, s1 | a0 = s1;
0x00001f64 jalr t9 | t9 ();
0x00001f68 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != 0) {
0x00001f6c beqz v0, 0x1fb0 |
0x00001f70 lw t9, -0x7f40(gp) | t9 = *((gp - 8144));
0x00001f74 move a0, s1 | a0 = s1;
0x00001f78 jalr t9 | t9 ();
0x00001f7c addiu s4, s4, 1 | s4++;
0x00001f80 addu s4, s4, v0 | s4 += v0;
0x00001f84 move s1, s0 | s1 = s0;
0x00001f88 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001f8c addu s0, s0, s4 | s0 += s4;
0x00001f90 b 0x1e18 | goto label_4;
| label_17:
0x00001f94 sb zero, (s0) | *(s0) = 0;
0x00001f98 b 0x1e50 | goto label_2;
| label_10:
0x00001f9c lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00001fa0 lw t9, -0x7f5c(gp) | t9 = *((gp - 8151));
0x00001fa4 addiu a3, s5, 0x2c7c | a3 = s5 + 0x2c7c;
0x00001fa8 addiu a2, a2, 0x2c80 | a2 += str.Failed_to_get_user__s;
0x00001fac b 0x1e78 | goto label_5;
| }
0x00001fb0 move s1, zero | s1 = 0;
0x00001fb4 b 0x1e18 | goto label_4;
| label_20:
0x00001fb8 jalr t9 | t9 ();
0x00001fbc nop |
| }
[*] Function sprintf used 1 times libaxhttp.so.1.0