[*] Binary protection state of scp.openssh
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of scp.openssh
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/scp.openssh @ 0x5394 */
| #include <stdint.h>
|
; (fcn) sym.run_err () | void run_err () {
0x00005394 lui gp, 4 |
0x00005398 addiu gp, gp, -0x7324 |
0x0000539c addu gp, gp, t9 | gp += t9;
0x000053a0 addiu sp, sp, -0x38 |
0x000053a4 lw t9, -0x7f7c(gp) | t9 = *(gp);
0x000053a8 sw s1, 0x28(sp) | *(var_28h) = s1;
0x000053ac lw s1, -0x7bfc(gp) | s1 = *((gp - 7935));
0x000053b0 sw s2, 0x2c(sp) | *(var_2ch) = s2;
0x000053b4 lw s2, -0x7f80(gp) | s2 = *(gp);
0x000053b8 sw gp, 0x10(sp) | *(var_10h) = gp;
0x000053bc sw s3, 0x30(sp) | *(var_30h) = s3;
0x000053c0 sw s0, 0x24(sp) | *(var_24h) = s0;
0x000053c4 sw ra, 0x34(sp) | *(var_34h) = ra;
0x000053c8 lw v0, (s1) | v0 = *(s1);
0x000053cc lw s0, -0x7f6c(gp) | s0 = *((gp - 8155));
0x000053d0 move s3, a0 | s3 = a0;
0x000053d4 lw a0, (s2) | a0 = *(s2);
0x000053d8 sw v0, 0x1c(sp) | *(var_1ch) = v0;
0x000053dc sw a1, 0x3c(sp) | *(arg_3ch) = a1;
0x000053e0 sw a2, 0x40(sp) | *(arg_40h) = a2;
0x000053e4 sw a3, 0x44(sp) | *(arg_44h) = a3;
0x000053e8 addiu a1, zero, 1 | a1 = 1;
0x000053ec bal 0x1d880 | fcn_0001d880 ();
0x000053f0 lw a1, 0x6624(s0) | a1 = *((s0 + 6537));
0x000053f4 lw gp, 0x10(sp) | gp = *(var_10h);
0x000053f8 sw v0, (s2) | *(s2) = v0;
| if (a1 == 0) {
0x000053fc beqz a1, 0x54b0 | goto label_3;
| }
| label_0:
0x00005400 lw t9, -0x7c34(gp) | t9 = sym.imp.fputc;
0x00005404 addiu a0, zero, 1 | a0 = 1;
0x00005408 jalr t9 | t9 ();
0x0000540c lw gp, 0x10(sp) | gp = *(var_10h);
0x00005410 lw a3, 0x6624(s0) | a3 = *((s0 + 6537));
0x00005414 addiu a2, zero, 5 | a2 = 5;
0x00005418 lw a0, -0x7fd4(gp) | a0 = *(gp);
0x0000541c lw t9, -0x7c20(gp) | t9 = sym.imp.fwrite;
0x00005420 addiu a1, zero, 1 | a1 = 1;
| /* str.scp:_ */
0x00005424 addiu a0, a0, 0x292c | a0 += 0x292c;
0x00005428 jalr t9 | t9 ();
0x0000542c lw gp, 0x10(sp) | gp = *(var_10h);
0x00005430 addiu v0, sp, 0x3c | v0 = sp + 0x3c;
0x00005434 lw a0, 0x6624(s0) | a0 = *((s0 + 6537));
0x00005438 lw t9, -0x7b84(gp) | t9 = sym.imp.__vfprintf_chk
0x0000543c move a3, v0 | a3 = v0;
0x00005440 move a2, s3 | a2 = s3;
0x00005444 addiu a1, zero, 1 | a1 = 1;
0x00005448 sw v0, 0x18(sp) | *(var_18h) = v0;
0x0000544c jalr t9 | t9 ();
0x00005450 lw gp, 0x10(sp) | gp = *(var_10h);
0x00005454 lw a1, 0x6624(s0) | a1 = *((s0 + 6537));
0x00005458 lw t9, -0x7c34(gp) | t9 = sym.imp.fputc;
0x0000545c addiu a0, zero, 0xa | a0 = 0xa;
0x00005460 jalr t9 | t9 ();
0x00005464 lw gp, 0x10(sp) | gp = *(var_10h);
0x00005468 lw t9, -0x7b80(gp) | t9 = sym.imp.fflush;
0x0000546c lw a0, 0x6624(s0) | a0 = *((s0 + 6537));
0x00005470 jalr t9 | t9 ();
0x00005474 lw gp, 0x10(sp) | gp = *(var_10h);
0x00005478 lw v0, -0x7fd8(gp) | v0 = *(gp);
| do {
| label_1:
0x0000547c lw v0, (v0) | v0 = *(v0);
| if (v0 == 0) {
0x00005480 beql v0, zero, 0x54ec | goto label_4;
| }
0x00005484 lw s0, -0x7bc0(gp) | s0 = *((gp - 7920));
| label_2:
0x00005488 lw v1, 0x1c(sp) | v1 = *(var_1ch);
0x0000548c lw v0, (s1) | v0 = *(s1);
0x00005490 lw ra, 0x34(sp) | ra = *(var_34h);
| if (v1 != v0) {
0x00005494 bne v1, v0, 0x5524 | goto label_5;
| }
0x00005498 lw s3, 0x30(sp) | s3 = *(var_30h);
0x0000549c lw s2, 0x2c(sp) | s2 = *(var_2ch);
0x000054a0 lw s1, 0x28(sp) | s1 = *(var_28h);
0x000054a4 lw s0, 0x24(sp) | s0 = *(var_24h);
0x000054a8 addiu sp, sp, 0x38 |
0x000054ac jr ra | return v0;
| label_3:
0x000054b0 lw v1, -0x7f68(gp) | v1 = *(gp);
0x000054b4 addiu v0, zero, -1 | v0 = -1;
0x000054b8 lw a0, (v1) | a0 = *(v1);
0x000054bc lw v0, -0x7fd8(gp) | v0 = *(gp);
0x000054c0 beq a0, v0, 0x547c |
| } while (a0 == v0);
0x000054c4 lw a1, -0x7fd4(gp) | a1 = *(gp);
0x000054c8 lw t9, -0x7af0(gp) | t9 = sym.imp.fdopen;
0x000054cc addiu a1, a1, 0x2928 | a1 += 0x2928;
0x000054d0 jalr t9 | t9 ();
0x000054d4 move a1, v0 | a1 = v0;
0x000054d8 lw gp, 0x10(sp) | gp = *(var_10h);
0x000054dc sw v0, 0x6624(s0) | *((s0 + 6537)) = v0;
| if (v0 != 0) {
0x000054e0 bnez v0, 0x5400 | goto label_0;
| }
0x000054e4 lw v0, -0x7fd8(gp) | v0 = *(gp);
0x000054e8 b 0x547c | goto label_1;
| label_4:
0x000054ec lw t9, -0x7f64(gp) | t9 = sym.vfmprintf;
0x000054f0 addiu v0, sp, 0x3c | v0 = sp + 0x3c;
0x000054f4 lw a0, (s0) | a0 = *(s0);
0x000054f8 move a2, v0 | a2 = v0;
0x000054fc move a1, s3 | a1 = s3;
0x00005500 sw v0, 0x18(sp) | *(var_18h) = v0;
0x00005504 bal 0x143c4 | sym_vfmprintf ();
0x00005508 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000550c lw a1, (s0) | a1 = *(s0);
0x00005510 lw t9, -0x7c34(gp) | t9 = sym.imp.fputc;
0x00005514 addiu a0, zero, 0xa | a0 = 0xa;
0x00005518 jalr t9 | t9 ();
0x0000551c lw gp, 0x10(sp) | gp = *(var_10h);
0x00005520 b 0x5488 | goto label_2;
| label_5:
0x00005524 lw t9, -0x7c30(gp) | t9 = sym.imp.__stack_chk_fail;
0x00005528 jalr t9 | t9 ();
0x0000552c nop |
| }
[*] Function fprintf used 2 times scp.openssh
