[*] Binary protection state of licensekey_cli
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of licensekey_cli
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/licensekey_cli @ 0x1850 */
| #include <stdint.h>
|
; (fcn) fcn.00001850 () | void fcn_00001850 () {
0x00001850 lui gp, 2 |
0x00001854 addiu gp, gp, -0x6840 |
0x00001858 addu gp, gp, t9 | gp += t9;
0x0000185c addiu sp, sp, -0xd8 |
0x00001860 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00001864 sw s2, 0xc0(sp) | *(var_c0h) = s2;
0x00001868 lw s2, -0x7f10(gp) | s2 = *((gp - 8132));
0x0000186c lw t9, -0x7f08(gp) | t9 = sym.imp.open;
0x00001870 sw gp, 0x18(sp) | *(var_18h) = gp;
0x00001874 lw v0, (s2) | v0 = *(s2);
0x00001878 sw s1, 0xbc(sp) | *(var_bch) = s1;
0x0000187c sw ra, 0xd4(sp) | *(var_d4h) = ra;
0x00001880 sw s6, 0xd0(sp) | *(var_d0h) = s6;
0x00001884 sw s5, 0xcc(sp) | *(var_cch) = s5;
0x00001888 sw s4, 0xc8(sp) | *(var_c8h) = s4;
0x0000188c sw s3, 0xc4(sp) | *(var_c4h) = s3;
0x00001890 sw s0, 0xb8(sp) | *(var_b8h) = s0;
0x00001894 move a2, zero | a2 = 0;
0x00001898 move a1, zero | a1 = 0;
0x0000189c addiu a0, a0, 0x22a8 | a0 += str._etc_ld.so.preload;
0x000018a0 sw v0, 0xb4(sp) | *(var_b4h) = v0;
0x000018a4 jalr t9 | t9 ();
0x000018a8 nop |
0x000018ac move s1, v0 | s1 = v0;
0x000018b0 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x000018b4 bltz v0, 0x19f4 | goto label_3;
| }
0x000018b8 lw t9, -0x7f20(gp) | t9 = sym.imp.__fxstat;
0x000018bc addiu a2, sp, 0x24 | a2 = sp + 0x24;
0x000018c0 move a1, v0 | a1 = v0;
0x000018c4 addiu a0, zero, 3 | a0 = 3;
0x000018c8 jalr t9 | t9 ();
0x000018cc lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x000018d0 bltz v0, 0x1a7c | goto label_4;
| }
0x000018d4 lw t9, -0x7fa8(gp) | t9 = sym.imp.mmap
0x000018d8 lw a1, 0x54(sp) | a1 = *(var_54h);
0x000018dc sw zero, 0x14(sp) | *(var_14h) = 0;
0x000018e0 sw s1, 0x10(sp) | *(var_10h_2) = s1;
0x000018e4 addiu a3, zero, 2 | a3 = 2;
0x000018e8 addiu a2, zero, 1 | a2 = 1;
0x000018ec move a0, zero | a0 = 0;
0x000018f0 jalr t9 | t9 ();
0x000018f4 move s3, v0 | s3 = v0;
0x000018f8 addiu v0, zero, -1 | v0 = -1;
0x000018fc lw gp, 0x18(sp) | gp = *(var_18h);
| if (s3 == v0) {
0x00001900 beq s3, v0, 0x1a94 | goto label_5;
| }
0x00001904 lw s0, 0x54(sp) | s0 = *(var_54h);
0x00001908 lw t9, -0x7f28(gp) | t9 = sym.imp.malloc;
0x0000190c addiu a0, s0, 1 | a0 = s0 + 1;
0x00001910 jalr t9 | t9 ();
0x00001914 move s6, v0 | s6 = v0;
0x00001918 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x0000191c beqz v0, 0x1a50 | goto label_6;
| }
0x00001920 lw t9, -0x7f24(gp) | t9 = sym.imp.memcpy;
0x00001924 move a2, s0 | a2 = s0;
0x00001928 move a1, s3 | a1 = s3;
0x0000192c move a0, v0 | a0 = v0;
0x00001930 jalr t9 | t9 ();
0x00001934 addu v0, s6, s0 | v0 = s6 + s0;
0x00001938 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000193c sb zero, (v0) | *(v0) = 0;
| if (s0 == 0) {
0x00001940 beqz s0, 0x19a4 | goto label_7;
| }
0x00001944 addiu s4, zero, 0x20 | s4 = 0x20;
0x00001948 addiu s5, zero, 0xa | s5 = 0xa;
0x0000194c lw t9, -0x7f4c(gp) | t9 = sym.imp.memchr;
| do {
0x00001950 move a2, s0 | a2 = s0;
0x00001954 addiu a1, zero, 0x23 | a1 = 0x23;
0x00001958 move a0, s6 | a0 = s6;
0x0000195c jalr t9 | t9 ();
0x00001960 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00001964 beqz v0, 0x19a4 | goto label_7;
| }
0x00001968 subu v1, v0, s6 | __asm ("subu v1, v0, s6");
0x0000196c subu s0, s0, v1 | __asm ("subu s0, s0, v1");
0x00001970 addiu a1, v0, -1 | a1 = v0 + -1;
0x00001974 addiu a0, s0, -1 | a0 = s0 + -1;
0x00001978 move v1, v0 | v1 = v0;
0x0000197c addu a1, a1, s0 | a1 += s0;
0x00001980 addu v0, v0, a0 | v0 += a0;
0x00001984 b 0x1998 | goto label_8;
| label_0:
0x00001988 addiu v1, v1, 1 | v1++;
0x0000198c lb a0, (v1) | a0 = *(v1);
0x00001990 lw t9, -0x7f4c(gp) | t9 = sym.imp.memchr;
0x00001994 beq a0, s5, 0x1950 |
| } while (a0 == s5);
| label_8:
0x00001998 sb s4, (v1) | *(v1) = s4;
0x0000199c subu s0, a1, v1 | __asm ("subu s0, a1, v1");
| if (v1 != v0) {
0x000019a0 bne v1, v0, 0x1988 | goto label_0;
| }
| label_7:
0x000019a4 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x000019a8 lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x000019ac lw t9, -0x7fdc(gp) | t9 = *((gp - 8183));
0x000019b0 addiu a2, a2, 0x12d0 | a2 += 0x12d0;
0x000019b4 addiu a1, a1, 0x22bc | a1 += str.:__t_n;
0x000019b8 addiu t9, t9, 0x1384 | t9 += fcn.00001384;
0x000019bc move a0, s6 | a0 = s6;
0x000019c0 bal 0x1384 | fcn_00001384 ();
0x000019c4 lw gp, 0x18(sp) | gp = *(var_18h);
0x000019c8 move a0, s6 | a0 = s6;
0x000019cc lw t9, -0x7f74(gp) | t9 = sym.imp.free;
0x000019d0 move s0, v0 | s0 = v0;
0x000019d4 jalr t9 | t9 ();
0x000019d8 lw gp, 0x18(sp) | gp = *(var_18h);
| do {
| label_2:
0x000019dc lw t9, -0x7f30(gp) | t9 = sym.imp.munmap;
0x000019e0 lw a1, 0x54(sp) | a1 = *(var_54h);
0x000019e4 move a0, s3 | a0 = s3;
0x000019e8 jalr t9 | t9 ();
0x000019ec lw gp, 0x18(sp) | gp = *(var_18h);
0x000019f0 b 0x1a80 | goto label_9;
| label_3:
0x000019f4 lw t9, -0x7f50(gp) | t9 = sym.imp.__errno_location;
0x000019f8 jalr t9 | t9 ();
0x000019fc nop |
0x00001a00 lw s0, (v0) | s0 = *(v0);
0x00001a04 addiu v0, zero, -1 | v0 = -1;
0x00001a08 xori s0, s0, 0xd | s0 ^= 0xd;
0x00001a0c lw gp, 0x18(sp) | gp = *(var_18h);
0x00001a10 sltiu s0, s0, 1 | s0 = (s0 < 1) ? 1 : 0;
| if (s1 != v0) {
0x00001a14 bne s1, v0, 0x1a80 | goto label_9;
| }
| label_1:
0x00001a18 lw a0, 0xb4(sp) | a0 = *(var_b4h);
0x00001a1c lw v1, (s2) | v1 = *(s2);
0x00001a20 move v0, s0 | v0 = s0;
| if (a0 != v1) {
0x00001a24 bne a0, v1, 0x1a9c | goto label_10;
| }
0x00001a28 lw ra, 0xd4(sp) | ra = *(var_d4h);
0x00001a2c lw s6, 0xd0(sp) | s6 = *(var_d0h);
0x00001a30 lw s5, 0xcc(sp) | s5 = *(var_cch);
0x00001a34 lw s4, 0xc8(sp) | s4 = *(var_c8h);
0x00001a38 lw s3, 0xc4(sp) | s3 = *(var_c4h);
0x00001a3c lw s2, 0xc0(sp) | s2 = *(var_c0h);
0x00001a40 lw s1, 0xbc(sp) | s1 = *(var_bch);
0x00001a44 lw s0, 0xb8(sp) | s0 = *(var_b8h);
0x00001a48 addiu sp, sp, 0xd8 |
0x00001a4c jr ra | return v0;
| label_6:
0x00001a50 lw a3, -0x7fdc(gp) | a3 = *((gp - 8183));
0x00001a54 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00001a58 lw t9, -0x7f68(gp) | t9 = sym.imp.__syslog_chk;
0x00001a5c addiu a3, a3, 0x2420 | a3 += str.test_ld_so_preload;
0x00001a60 addiu a2, a2, 0x2228 | a2 += str.Memory_allocation_failed_in__s_n;
0x00001a64 addiu a1, zero, 1 | a1 = 1;
0x00001a68 addiu a0, zero, 2 | a0 = 2;
0x00001a6c jalr t9 | t9 ();
0x00001a70 move s0, zero | s0 = 0;
0x00001a74 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001a78 bnez s3, 0x19dc |
| } while (s3 != 0);
| label_4:
0x00001a7c move s0, zero | s0 = 0;
| label_9:
0x00001a80 lw t9, -0x7f94(gp) | t9 = sym.imp.close;
0x00001a84 move a0, s1 | a0 = s1;
0x00001a88 jalr t9 | t9 ();
0x00001a8c lw gp, 0x18(sp) | gp = *(var_18h);
0x00001a90 b 0x1a18 | goto label_1;
| label_5:
0x00001a94 move s0, zero | s0 = 0;
0x00001a98 b 0x19dc | goto label_2;
| label_10:
0x00001a9c lw t9, -0x7f6c(gp) | t9 = sym.imp.__stack_chk_fail;
0x00001aa0 jalr t9 | t9 ();
0x00001aa4 nop |
| }
[*] Function mmap used 2 times licensekey_cli
