[*] Binary protection state of acapmanager
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of acapmanager
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/acapmanager @ 0xd430 */
| #include <stdint.h>
|
; (fcn) fcn.0000d430 () | void fcn_0000d430 () {
0x0000d430 lui gp, 2 |
0x0000d434 addiu gp, gp, -0x43f0 |
0x0000d438 addu gp, gp, t9 | gp += t9;
0x0000d43c addiu sp, sp, -0xd8 |
0x0000d440 lw a0, -0x7fdc(gp) | a0 = *(gp);
0x0000d444 sw s2, 0xc0(sp) | *(var_c0h) = s2;
0x0000d448 lw s2, -0x7c9c(gp) | s2 = *((gp - 7975));
0x0000d44c lw t9, -0x7c44(gp) | t9 = sym.imp.open;
0x0000d450 sw gp, 0x18(sp) | *(var_18h) = gp;
0x0000d454 lw v0, (s2) | v0 = *(s2);
0x0000d458 sw s1, 0xbc(sp) | *(var_bch) = s1;
0x0000d45c sw ra, 0xd4(sp) | *(var_d4h) = ra;
0x0000d460 sw s6, 0xd0(sp) | *(var_d0h) = s6;
0x0000d464 sw s5, 0xcc(sp) | *(var_cch) = s5;
0x0000d468 sw s4, 0xc8(sp) | *(var_c8h) = s4;
0x0000d46c sw s3, 0xc4(sp) | *(var_c4h) = s3;
0x0000d470 sw s0, 0xb8(sp) | *(var_b8h) = s0;
0x0000d474 move a2, zero | a2 = 0;
0x0000d478 move a1, zero | a1 = 0;
| /* str._etc_ld.so.preload */
0x0000d47c addiu a0, a0, 0x690 | a0 += 0x690;
0x0000d480 sw v0, 0xb4(sp) | *(var_b4h) = v0;
0x0000d484 jalr t9 | t9 ();
0x0000d488 nop |
0x0000d48c move s1, v0 | s1 = v0;
0x0000d490 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x0000d494 bltz v0, 0xd5d4 | goto label_3;
| }
0x0000d498 lw t9, -0x7cd8(gp) | t9 = sym.imp.__fxstat;
0x0000d49c addiu a2, sp, 0x24 | a2 = sp + 0x24;
0x0000d4a0 move a1, v0 | a1 = v0;
0x0000d4a4 addiu a0, zero, 3 | a0 = 3;
0x0000d4a8 jalr t9 | t9 ();
0x0000d4ac lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x0000d4b0 bltz v0, 0xd65c | goto label_4;
| }
0x0000d4b4 lw t9, -0x7f08(gp) | t9 = sym.imp.mmap
0x0000d4b8 lw a1, 0x54(sp) | a1 = *(var_54h);
0x0000d4bc sw zero, 0x14(sp) | *(var_14h) = 0;
0x0000d4c0 sw s1, 0x10(sp) | *(var_10h_2) = s1;
0x0000d4c4 addiu a3, zero, 2 | a3 = 2;
0x0000d4c8 addiu a2, zero, 1 | a2 = 1;
0x0000d4cc move a0, zero | a0 = 0;
0x0000d4d0 jalr t9 | t9 ();
0x0000d4d4 move s3, v0 | s3 = v0;
0x0000d4d8 addiu v0, zero, -1 | v0 = -1;
0x0000d4dc lw gp, 0x18(sp) | gp = *(var_18h);
| if (s3 == v0) {
0x0000d4e0 beq s3, v0, 0xd674 | goto label_5;
| }
0x0000d4e4 lw s0, 0x54(sp) | s0 = *(var_54h);
0x0000d4e8 lw t9, -0x7ce4(gp) | t9 = sym.imp.malloc;
0x0000d4ec addiu a0, s0, 1 | a0 = s0 + 1;
0x0000d4f0 jalr t9 | t9 ();
0x0000d4f4 move s6, v0 | s6 = v0;
0x0000d4f8 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x0000d4fc beqz v0, 0xd630 | goto label_6;
| }
0x0000d500 lw t9, -0x7ce0(gp) | t9 = sym.imp.memcpy;
0x0000d504 move a2, s0 | a2 = s0;
0x0000d508 move a1, s3 | a1 = s3;
0x0000d50c move a0, v0 | a0 = v0;
0x0000d510 jalr t9 | t9 ();
0x0000d514 addu v0, s6, s0 | v0 = s6 + s0;
0x0000d518 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000d51c sb zero, (v0) | *(v0) = 0;
| if (s0 == 0) {
0x0000d520 beqz s0, 0xd584 | goto label_7;
| }
0x0000d524 addiu s4, zero, 0x20 | s4 = 0x20;
0x0000d528 addiu s5, zero, 0xa | s5 = 0xa;
0x0000d52c lw t9, -0x7d24(gp) | t9 = sym.imp.memchr;
| do {
0x0000d530 move a2, s0 | a2 = s0;
0x0000d534 addiu a1, zero, 0x23 | a1 = 0x23;
0x0000d538 move a0, s6 | a0 = s6;
0x0000d53c jalr t9 | t9 ();
0x0000d540 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x0000d544 beqz v0, 0xd584 | goto label_7;
| }
0x0000d548 subu v1, v0, s6 | __asm ("subu v1, v0, s6");
0x0000d54c subu s0, s0, v1 | __asm ("subu s0, s0, v1");
0x0000d550 addiu a1, v0, -1 | a1 = v0 + -1;
0x0000d554 addiu a0, s0, -1 | a0 = s0 + -1;
0x0000d558 move v1, v0 | v1 = v0;
0x0000d55c addu a1, a1, s0 | a1 += s0;
0x0000d560 addu v0, v0, a0 | v0 += a0;
0x0000d564 b 0xd578 | goto label_8;
| label_0:
0x0000d568 addiu v1, v1, 1 | v1++;
0x0000d56c lb a0, (v1) | a0 = *(v1);
0x0000d570 lw t9, -0x7d24(gp) | t9 = sym.imp.memchr;
0x0000d574 beq a0, s5, 0xd530 |
| } while (a0 == s5);
| label_8:
0x0000d578 sb s4, (v1) | *(v1) = s4;
0x0000d57c subu s0, a1, v1 | __asm ("subu s0, a1, v1");
| if (v1 != v0) {
0x0000d580 bne v1, v0, 0xd568 | goto label_0;
| }
| label_7:
0x0000d584 lw a2, -0x7fdc(gp) | a2 = *(gp);
0x0000d588 lw a1, -0x7fdc(gp) | a1 = *(gp);
0x0000d58c lw t9, -0x7fdc(gp) | t9 = *(gp);
0x0000d590 addiu a2, a2, -0x3150 | a2 += -0x3150;
| /* str.:__t_n */
0x0000d594 addiu a1, a1, 0x6a4 | a1 += 0x6a4;
0x0000d598 addiu t9, t9, -0x309c | t9 += -0x309c;
0x0000d59c move a0, s6 | a0 = s6;
0x0000d5a0 bal 0xcf64 | fcn_0000cf64 ();
0x0000d5a4 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000d5a8 move a0, s6 | a0 = s6;
0x0000d5ac lw t9, -0x7dfc(gp) | t9 = sym.imp.free;
0x0000d5b0 move s0, v0 | s0 = v0;
0x0000d5b4 jalr t9 | t9 ();
0x0000d5b8 lw gp, 0x18(sp) | gp = *(var_18h);
| do {
| label_2:
0x0000d5bc lw t9, -0x7cec(gp) | t9 = sym.imp.munmap;
0x0000d5c0 lw a1, 0x54(sp) | a1 = *(var_54h);
0x0000d5c4 move a0, s3 | a0 = s3;
0x0000d5c8 jalr t9 | t9 ();
0x0000d5cc lw gp, 0x18(sp) | gp = *(var_18h);
0x0000d5d0 b 0xd660 | goto label_9;
| label_3:
0x0000d5d4 lw t9, -0x7d38(gp) | t9 = sym.imp.__errno_location;
0x0000d5d8 jalr t9 | t9 ();
0x0000d5dc nop |
0x0000d5e0 lw s0, (v0) | s0 = *(v0);
0x0000d5e4 addiu v0, zero, -1 | v0 = -1;
0x0000d5e8 xori s0, s0, 0xd | s0 ^= 0xd;
0x0000d5ec lw gp, 0x18(sp) | gp = *(var_18h);
0x0000d5f0 sltiu s0, s0, 1 | s0 = (s0 < 1) ? 1 : 0;
| if (s1 != v0) {
0x0000d5f4 bne s1, v0, 0xd660 | goto label_9;
| }
| label_1:
0x0000d5f8 lw a0, 0xb4(sp) | a0 = *(var_b4h);
0x0000d5fc lw v1, (s2) | v1 = *(s2);
0x0000d600 move v0, s0 | v0 = s0;
| if (a0 != v1) {
0x0000d604 bne a0, v1, 0xd67c | goto label_10;
| }
0x0000d608 lw ra, 0xd4(sp) | ra = *(var_d4h);
0x0000d60c lw s6, 0xd0(sp) | s6 = *(var_d0h);
0x0000d610 lw s5, 0xcc(sp) | s5 = *(var_cch);
0x0000d614 lw s4, 0xc8(sp) | s4 = *(var_c8h);
0x0000d618 lw s3, 0xc4(sp) | s3 = *(var_c4h);
0x0000d61c lw s2, 0xc0(sp) | s2 = *(var_c0h);
0x0000d620 lw s1, 0xbc(sp) | s1 = *(var_bch);
0x0000d624 lw s0, 0xb8(sp) | s0 = *(var_b8h);
0x0000d628 addiu sp, sp, 0xd8 |
0x0000d62c jr ra | return v0;
| label_6:
0x0000d630 lw a3, -0x7fdc(gp) | a3 = *(gp);
0x0000d634 lw a2, -0x7fdc(gp) | a2 = *(gp);
0x0000d638 lw t9, -0x7dcc(gp) | t9 = sym.imp.__syslog_chk;
| /* str.test_ld_so_preload */
0x0000d63c addiu a3, a3, 0x800 | a3 += 0x800;
| /* str.Memory_allocation_failed_in__s_n */
0x0000d640 addiu a2, a2, 0x610 | a2 += 0x610;
0x0000d644 addiu a1, zero, 1 | a1 = 1;
0x0000d648 addiu a0, zero, 2 | a0 = 2;
0x0000d64c jalr t9 | t9 ();
0x0000d650 move s0, zero | s0 = 0;
0x0000d654 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000d658 bnez s3, 0xd5bc |
| } while (s3 != 0);
| label_4:
0x0000d65c move s0, zero | s0 = 0;
| label_9:
0x0000d660 lw t9, -0x7eb0(gp) | t9 = sym.imp.close;
0x0000d664 move a0, s1 | a0 = s1;
0x0000d668 jalr t9 | t9 ();
0x0000d66c lw gp, 0x18(sp) | gp = *(var_18h);
0x0000d670 b 0xd5f8 | goto label_1;
| label_5:
0x0000d674 move s0, zero | s0 = 0;
0x0000d678 b 0xd5bc | goto label_2;
| label_10:
0x0000d67c lw t9, -0x7dd4(gp) | t9 = sym.imp.__stack_chk_fail;
0x0000d680 jalr t9 | t9 ();
0x0000d684 nop |
| }
[*] Function mmap used 2 times acapmanager
