[*] Binary protection state of libc-2.27.so
Partial RELRO Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of libc-2.27.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/lib/libc-2.27.so @ 0xd9230 */
| #include <stdint.h>
|
; (fcn) fcn.000d9230 () | void fcn_000d9230 () {
0x000d9230 lui gp, 0xb |
0x000d9234 addiu gp, gp, -0x420 |
0x000d9238 addu gp, gp, t9 | gp += t9;
0x000d923c addiu sp, sp, -0x2c0 |
0x000d9240 move v0, zero | v0 = 0;
0x000d9244 sw s3, 0x2a4(sp) | *(var_2a4h) = s3;
0x000d9248 lw s3, 0x2d0(sp) | s3 = *(arg_2d0h);
0x000d924c sw s6, 0x2b0(sp) | *(var_2b0h) = s6;
0x000d9250 sw s5, 0x2ac(sp) | *(var_2ach) = s5;
0x000d9254 sw s4, 0x2a8(sp) | *(var_2a8h) = s4;
0x000d9258 sw s2, 0x2a0(sp) | *(var_2a0h) = s2;
0x000d925c sw gp, 0x18(sp) | *(var_18h) = gp;
0x000d9260 sw ra, 0x2bc(sp) | *(var_2bch) = ra;
0x000d9264 sw fp, 0x2b8(sp) | *(var_2b8h) = fp;
0x000d9268 sw s7, 0x2b4(sp) | *(var_2b4h) = s7;
0x000d926c sw s1, 0x29c(sp) | *(var_29ch) = s1;
0x000d9270 sw s0, 0x298(sp) | *(var_298h) = s0;
0x000d9274 move s5, a0 | s5 = a0;
0x000d9278 move s6, a1 | s6 = a1;
0x000d927c move s4, a2 | s4 = a2;
0x000d9280 move s2, a3 | s2 = a3;
0x000d9284 move v1, s3 | v1 = s3;
| do {
0x000d9288 addiu v1, v1, 4 | v1 += 4;
0x000d928c lw a0, -4(v1) | a0 = *((v1 - 1));
0x000d9290 addiu fp, v0, 1 | fp = v0 + 1;
0x000d9294 move a1, v0 | a1 = v0;
0x000d9298 move v0, fp | v0 = fp;
0x000d929c bnez a0, 0xd9288 |
| } while (a0 != 0);
0x000d92a0 lw v0, -0x6c08(gp) | v0 = *((gp - 6914));
0x000d92a4 lw v1, -0x6bc4(gp) | v1 = *((gp - 6897));
0x000d92a8 addiu s0, a1, 0x81 | s0 = a1 + 0x81;
0x000d92ac lw v0, 0x10(v0) | v0 = *((v0 + 4));
0x000d92b0 lw a2, 0x8dc(v1) | a2 = *(v1);
0x000d92b4 addiu a1, v0, 0x7fff | a1 = v0 + 0x7fff;
0x000d92b8 sll s0, s0, 2 | s0 <<= 2;
0x000d92bc addu s0, s0, a1 | s0 += a1;
0x000d92c0 negu v0, v0 | __asm ("negu v0, v0");
0x000d92c4 sll a2, a2, 2 | a2 <<= 2;
0x000d92c8 and s0, s0, v0 | s0 &= v0;
0x000d92cc lw t9, -0x7ec4(gp) | t9 = *(gp);
0x000d92d0 andi a2, a2, 4 | a2 &= 4;
0x000d92d4 addiu s7, zero, -1 | s7 = -1;
0x000d92d8 lui a3, 4 | a3 = 0x40000;
0x000d92dc sw zero, 0x14(sp) | *(var_14h) = 0;
0x000d92e0 sw s7, 0x10(sp) | *(var_10h) = s7;
0x000d92e4 addiu a3, a3, 0x802 | a3 += 0x802;
0x000d92e8 ori a2, a2, 3 | a2 |= 3;
0x000d92ec move a1, s0 | a1 = s0;
0x000d92f0 bal 0xeb830 | sym_mmap ()
0x000d92f4 move s1, v0 | s1 = v0;
0x000d92f8 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == s7) {
0x000d92fc beq v0, s7, 0xd9520 | goto label_5;
| }
0x000d9300 lw s7, -0x7f28(gp) | s7 = *(gp);
0x000d9304 lw v0, (s7) | v0 = *(s7);
0x000d9308 lw v0, -0x7fb4(gp) | v0 = *((gp - 8173));
| if (v0 != 0) {
0x000d930c bnez v0, 0xd9458 | goto label_6;
| }
0x000d9310 lw v0, 0x2dc(sp) | v0 = *(arg_2dch);
0x000d9314 sw zero, 0x210(sp) | *(var_210h) = 0;
0x000d9318 sw s6, 0x1f0(sp) | *(var_1f0h) = s6;
0x000d931c sw v0, 0x1f4(sp) | *(var_1f4h) = v0;
0x000d9320 sw s4, 0x1f8(sp) | *(var_1f8h) = s4;
| if (s2 == 0) {
0x000d9324 beqz s2, 0xd9484 | goto label_7;
| }
| label_0:
0x000d9328 lw v1, 0x2d4(sp) | v1 = *(arg_2d4h);
0x000d932c lw v0, -0x7dec(gp) | v0 = *(gp);
0x000d9330 sw v1, 0x208(sp) | *(var_208h) = v1;
0x000d9334 lw v1, 0x2d8(sp) | v1 = *(arg_2d8h);
0x000d9338 addiu v0, v0, 0x6f10 | v0 += aav.0x00006f10;
0x000d933c sw v1, 0x20c(sp) | *(var_20ch) = v1;
0x000d9340 sw s2, 0x1fc(sp) | *(var_1fch) = s2;
0x000d9344 sw s3, 0x200(sp) | *(var_200h) = s3;
0x000d9348 sw fp, 0x204(sp) | *(var_204h) = fp;
0x000d934c addiu a0, zero, 1 | a0 = 1;
0x000d9350 addiu v1, sp, 0x214 | v1 = sp + aav.0x00000214;
0x000d9354 addiu t1, v0, 0x80 | t1 = v0 + 0x80;
| do {
0x000d9358 lw t0, (v0) | t0 = *(v0);
0x000d935c lw a3, 4(v0) | a3 = *((v0 + 1));
0x000d9360 lw a2, 8(v0) | a2 = *((v0 + 2));
0x000d9364 lw a1, 0xc(v0) | a1 = *((v0 + 3));
0x000d9368 addiu v0, v0, 0x10 | v0 += 0x10;
0x000d936c sw t0, (v1) | *(v1) = t0;
0x000d9370 sw a3, 4(v1) | *(var_4h) = a3;
0x000d9374 sw a2, 8(v1) | *(var_8h) = a2;
0x000d9378 sw a1, 0xc(v1) | *(var_ch) = a1;
0x000d937c addiu v1, v1, 0x10 | v1 += 0x10;
0x000d9380 bne v0, t1, 0xd9358 |
| } while (v0 != t1);
0x000d9384 addiu s2, sp, 0x170 | s2 = sp + aav.0x00000170;
0x000d9388 addiu a1, sp, 0x214 | a1 = sp + aav.0x00000214;
0x000d938c move a2, s2 | a2 = s2;
0x000d9390 addiu a3, zero, 0x10 | a3 = 0x10;
0x000d9394 addiu v0, zero, 0x1063 | v0 = 0x1063;
0x000d9398 syscall | __asm ("syscall");
0x000d939c lw a0, -0x7458(gp) | a0 = *((gp - 7446));
0x000d93a0 lw t9, -0x745c(gp) | t9 = *(gp);
0x000d93a4 move a3, s2 | a3 = s2;
0x000d93a8 addiu a2, zero, 0x4112 | a2 = 0x4112;
0x000d93ac addu a1, s1, s0 | a1 = s1 + s0;
0x000d93b0 addiu a0, a0, -0x6aa0 | a0 += -0x6aa0;
0x000d93b4 bal 0xf0220 | sym_clone ();
0x000d93b8 move s4, v0 | s4 = v0;
0x000d93bc lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 <= 0) {
0x000d93c0 blez v0, 0xd94fc | goto label_8;
| }
0x000d93c4 lw s3, 0x210(sp) | s3 = *(var_210h);
0x000d93c8 lw t9, -0x7ebc(gp) | t9 = *((gp - 8111));
| if (s3 > 0) {
0x000d93cc bgtz s3, 0xd94a4 | goto label_9;
| }
0x000d93d0 move a1, s0 | a1 = s0;
0x000d93d4 move a0, s1 | a0 = s1;
0x000d93d8 bal 0xeb98c | sym_munmap ();
0x000d93dc lw gp, 0x18(sp) | gp = *(var_18h);
| if (s3 == 0) {
0x000d93e0 bnez s3, 0xd93ec |
| label_3:
0x000d93e4 sw s4, (s5) | *(s5) = s4;
| if (s5 == 0) {
0x000d93e8 bnel s5, zero, 0xd93ec | goto label_10;
| }
| }
| label_10:
0x000d93ec addiu a0, zero, 3 | a0 = 3;
| label_4:
0x000d93f0 move a1, s2 | a1 = s2;
0x000d93f4 move a2, zero | a2 = 0;
0x000d93f8 addiu a3, zero, 0x10 | a3 = 0x10;
0x000d93fc addiu v0, zero, 0x1063 | v0 = 0x1063;
0x000d9400 syscall | __asm ("syscall");
0x000d9404 lw v0, (s7) | v0 = *(s7);
0x000d9408 lw ra, 0x2bc(sp) | ra = *(var_2bch);
| if (v0 != 0) {
0x000d940c beqz v0, 0xd9428 |
0x000d9410 lw v0, -0x7fb4(gp) | v0 = *((gp - 8173));
| label_2:
0x000d9414 lw a0, 0x294(sp) | a0 = *(var_294h);
0x000d9418 lw t9, 0x8c(v0) | t9 = *((v0 + 35));
0x000d941c move a1, zero | a1 = 0;
0x000d9420 jalr t9 | t9 ();
0x000d9424 lw ra, 0x2bc(sp) | ra = *(var_2bch);
| }
| label_1:
0x000d9428 move v0, s3 | v0 = s3;
0x000d942c lw fp, 0x2b8(sp) | fp = *(var_2b8h);
0x000d9430 lw s7, 0x2b4(sp) | s7 = *(var_2b4h);
0x000d9434 lw s6, 0x2b0(sp) | s6 = *(var_2b0h);
0x000d9438 lw s5, 0x2ac(sp) | s5 = *(var_2ach);
0x000d943c lw s4, 0x2a8(sp) | s4 = *(var_2a8h);
0x000d9440 lw s3, 0x2a4(sp) | s3 = *(var_2a4h);
0x000d9444 lw s2, 0x2a0(sp) | s2 = *(var_2a0h);
0x000d9448 lw s1, 0x29c(sp) | s1 = *(var_29ch);
0x000d944c lw s0, 0x298(sp) | s0 = *(var_298h);
0x000d9450 addiu sp, sp, 0x2c0 |
0x000d9454 jr ra | return v0;
| label_6:
0x000d9458 addiu a1, sp, 0x294 | a1 = sp + aav.0x00000294;
0x000d945c lw t9, 0x8c(v0) | t9 = *((v0 + 35));
0x000d9460 addiu a0, zero, 1 | a0 = 1;
0x000d9464 jalr t9 | t9 ();
0x000d9468 lw v0, 0x2dc(sp) | v0 = *(arg_2dch);
0x000d946c lw gp, 0x18(sp) | gp = *(var_18h);
0x000d9470 sw zero, 0x210(sp) | *(var_210h) = 0;
0x000d9474 sw s6, 0x1f0(sp) | *(var_1f0h) = s6;
0x000d9478 sw v0, 0x1f4(sp) | *(var_1f4h) = v0;
0x000d947c sw s4, 0x1f8(sp) | *(var_1f8h) = s4;
| if (s2 != 0) {
0x000d9480 bnez s2, 0xd9328 | goto label_0;
| }
| label_7:
0x000d9484 lw t9, -0x7f68(gp) | t9 = *((gp - 8154));
0x000d9488 addiu a0, sp, 0x20 | a0 = sp + 0x20;
0x000d948c addiu a2, zero, 0x150 | a2 = aav.0x00000150;
0x000d9490 move a1, zero | a1 = 0;
0x000d9494 move s2, a0 | s2 = a0;
0x000d9498 jalr t9 | t9 ();
0x000d949c lw gp, 0x18(sp) | gp = *(var_18h);
0x000d94a0 b 0xd9328 | goto label_0;
| label_9:
0x000d94a4 lw t9, -0x7be4(gp) | t9 = *((gp - 7929));
0x000d94a8 move a2, zero | a2 = 0;
0x000d94ac move a1, zero | a1 = 0;
0x000d94b0 move a0, v0 | a0 = v0;
0x000d94b4 jalr t9 | t9 ();
0x000d94b8 lw gp, 0x18(sp) | gp = *(var_18h);
0x000d94bc move a1, s0 | a1 = s0;
0x000d94c0 lw t9, -0x7ebc(gp) | t9 = *((gp - 8111));
0x000d94c4 move a0, s1 | a0 = s1;
0x000d94c8 bal 0xeb98c | sym_munmap ();
0x000d94cc lw gp, 0x18(sp) | gp = *(var_18h);
0x000d94d0 addiu a0, zero, 3 | a0 = 3;
0x000d94d4 move a1, s2 | a1 = s2;
0x000d94d8 move a2, zero | a2 = 0;
0x000d94dc addiu a3, zero, 0x10 | a3 = 0x10;
0x000d94e0 addiu v0, zero, 0x1063 | v0 = 0x1063;
0x000d94e4 syscall | __asm ("syscall");
0x000d94e8 lw v0, (s7) | v0 = *(s7);
0x000d94ec lw ra, 0x2bc(sp) | ra = *(var_2bch);
| if (v0 == 0) {
0x000d94f0 beqz v0, 0xd9428 | goto label_1;
| }
0x000d94f4 lw v0, -0x7fb4(gp) | v0 = *((gp - 8173));
0x000d94f8 b 0xd9414 | goto label_2;
| label_8:
0x000d94fc lw t9, -0x7ebc(gp) | t9 = *((gp - 8111));
0x000d9500 negu s3, v0 | __asm ("negu s3, v0");
0x000d9504 move a1, s0 | a1 = s0;
0x000d9508 move a0, s1 | a0 = s1;
0x000d950c bal 0xeb98c | sym_munmap ();
0x000d9510 lw gp, 0x18(sp) | gp = *(var_18h);
| if (s3 == 0) {
0x000d9514 beqz s3, 0xd93e4 | goto label_3;
| }
0x000d9518 addiu a0, zero, 3 | a0 = 3;
0x000d951c b 0xd93f0 | goto label_4;
| label_5:
0x000d9520 lw s3, -0x6b78(gp) | s3 = *((gp - 6878));
0x000d9524 lw ra, 0x2bc(sp) | ra = *(var_2bch);
0x000d9528 rdhwr v1, 29 | __asm ("rdhwr v1, 29");
0x000d952c lwx s3, v1(s3) | __asm ("lwx s3, v1(s3)");
0x000d9530 lw fp, 0x2b8(sp) | fp = *(var_2b8h);
0x000d9534 move v0, s3 | v0 = s3;
0x000d9538 lw s7, 0x2b4(sp) | s7 = *(var_2b4h);
0x000d953c lw s6, 0x2b0(sp) | s6 = *(var_2b0h);
0x000d9540 lw s5, 0x2ac(sp) | s5 = *(var_2ach);
0x000d9544 lw s4, 0x2a8(sp) | s4 = *(var_2a8h);
0x000d9548 lw s3, 0x2a4(sp) | s3 = *(var_2a4h);
0x000d954c lw s2, 0x2a0(sp) | s2 = *(var_2a0h);
0x000d9550 lw s1, 0x29c(sp) | s1 = *(var_29ch);
0x000d9554 lw s0, 0x298(sp) | s0 = *(var_298h);
0x000d9558 addiu sp, sp, 0x2c0 |
0x000d955c jr ra | return v0;
| }
[*] Function mmap used 2 times libc-2.27.so
