[*] Binary protection state of acapmanager
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function popen tear down of acapmanager
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/acapmanager @ 0x3ed0 */
| #include <stdint.h>
|
; (fcn) fcn.00003ed0 () | void fcn_00003ed0 () {
0x00003ed0 lui gp, 2 |
0x00003ed4 addiu gp, gp, 0x5170 |
0x00003ed8 addu gp, gp, t9 | gp += t9;
0x00003edc addiu sp, sp, -0x258 |
0x00003ee0 sw s3, 0x23c(sp) | *(var_23ch) = s3;
0x00003ee4 lw s3, -0x7c9c(gp) | s3 = *((gp - 7975));
0x00003ee8 sw gp, 0x20(sp) | *(var_20h) = gp;
0x00003eec sw a3, 0x264(sp) | *(arg_264h) = a3;
0x00003ef0 sw ra, 0x254(sp) | *(var_254h) = ra;
0x00003ef4 sw fp, 0x250(sp) | *(var_250h) = fp;
0x00003ef8 sw s7, 0x24c(sp) | *(var_24ch) = s7;
0x00003efc sw s6, 0x248(sp) | *(var_248h) = s6;
0x00003f00 sw s5, 0x244(sp) | *(var_244h) = s5;
0x00003f04 sw s4, 0x240(sp) | *(var_240h) = s4;
0x00003f08 sw s2, 0x238(sp) | *(var_238h) = s2;
0x00003f0c sw s1, 0x234(sp) | *(var_234h) = s1;
0x00003f10 sw s0, 0x230(sp) | *(var_230h) = s0;
0x00003f14 lw v1, (s3) | v1 = *(s3);
0x00003f18 lb v0, (a2) | v0 = *(a2);
0x00003f1c sw v1, 0x22c(sp) | *(var_22ch) = v1;
0x00003f20 lw t9, -0x7e7c(gp) | t9 = sym.imp.g_vsnprintf;
| if (v0 == 0) {
0x00003f24 beqz v0, 0x4044 | goto label_5;
| }
0x00003f28 addiu v0, sp, 0x264 | v0 = sp + 0x264;
0x00003f2c addiu s5, sp, 0x2c | s5 = sp + 0x2c;
0x00003f30 move a3, v0 | a3 = v0;
0x00003f34 move s7, a0 | s7 = a0;
0x00003f38 move s6, a1 | s6 = a1;
0x00003f3c move a0, s5 | a0 = s5;
0x00003f40 addiu a1, zero, 0x200 | a1 = 0x200;
0x00003f44 sw v0, 0x28(sp) | *(var_28h_2) = v0;
0x00003f48 jalr t9 | t9 ();
0x00003f4c lw gp, 0x20(sp) | gp = *(var_20h);
0x00003f50 move a0, s5 | a0 = s5;
0x00003f54 lw a1, -0x7fdc(gp) | a1 = *(gp);
0x00003f58 lw t9, -0x7e80(gp) | t9 = sym.imp.popen
0x00003f5c addiu a1, a1, -0xe4 | a1 += -0xe4;
0x00003f60 jalr t9 | t9 ();
0x00003f64 move s4, v0 | s4 = v0;
0x00003f68 lw gp, 0x20(sp) | gp = *(var_20h);
| if (v0 == 0) {
0x00003f6c beqz v0, 0x4170 | goto label_6;
| }
0x00003f70 move s2, zero | s2 = 0;
0x00003f74 move s0, zero | s0 = 0;
0x00003f78 move s1, zero | s1 = 0;
0x00003f7c addiu fp, zero, 0x2000 | fp = 0x2000;
| do {
0x00003f80 addiu s0, s0, 0x800 | s0 += 0x800;
| if (s1 == 0) {
0x00003f84 beqz s1, 0x408c | goto label_7;
| }
0x00003f88 lw t9, -0x7e90(gp) | t9 = sym.imp.g_realloc;
0x00003f8c move a0, s1 | a0 = s1;
0x00003f90 move a1, s0 | a1 = s0;
0x00003f94 jalr t9 | t9 ();
0x00003f98 lw gp, 0x20(sp) | gp = *(var_20h);
0x00003f9c move s1, v0 | s1 = v0;
| label_0:
0x00003fa0 lw t9, -0x7c58(gp) | t9 = sym.imp.fread;
0x00003fa4 addu a0, s1, s2 | a0 = s1 + s2;
0x00003fa8 move a3, s4 | a3 = s4;
0x00003fac addiu a2, zero, 0x800 | a2 = 0x800;
0x00003fb0 addiu a1, zero, 1 | a1 = 1;
0x00003fb4 jalr t9 | t9 ();
0x00003fb8 slti v1, v0, 0x800 | v1 = (v0 < 0x800) ? 1 : 0;
0x00003fbc lw gp, 0x20(sp) | gp = *(var_20h);
0x00003fc0 addu s2, s2, v0 | s2 += v0;
| if (v1 != 0) {
0x00003fc4 bnez v1, 0x4100 | goto label_8;
| }
0x00003fc8 bne s0, fp, 0x3f80 |
| } while (s0 != fp);
0x00003fcc nop |
| label_2:
0x00003fd0 slt s0, s2, s0 | s0 = (s2 < s0) ? 1 : 0;
0x00003fd4 addu s2, s1, s2 | s2 = s1 + s2;
| if (s0 == 0) {
0x00003fd8 beqz s0, 0x40a4 | goto label_9;
| }
0x00003fdc lw t9, -0x7d34(gp) | t9 = sym.imp.pclose;
0x00003fe0 sb zero, (s2) | *(s2) = 0;
0x00003fe4 move a0, s4 | a0 = s4;
0x00003fe8 jalr t9 | t9 ();
0x00003fec addiu v1, zero, -1 | v1 = -1;
0x00003ff0 lw gp, 0x20(sp) | gp = *(var_20h);
| if (v0 == v1) {
0x00003ff4 beq v0, v1, 0x41a8 | goto label_10;
| }
0x00003ff8 ext v1, v0, 8, 8 | __asm ("ext v1, v0, 8, 8");
0x00003ffc sw s1, (s7) | *(s7) = s1;
0x00004000 addiu v0, zero, 1 | v0 = 1;
0x00004004 sw v1, (s6) | *(s6) = v1;
| do {
| label_1:
0x00004008 lw a0, 0x22c(sp) | a0 = *(var_22ch);
0x0000400c lw v1, (s3) | v1 = *(s3);
0x00004010 lw ra, 0x254(sp) | ra = *(var_254h);
| if (a0 != v1) {
0x00004014 bne a0, v1, 0x41e0 | goto label_11;
| }
0x00004018 lw fp, 0x250(sp) | fp = *(var_250h);
0x0000401c lw s7, 0x24c(sp) | s7 = *(var_24ch);
0x00004020 lw s6, 0x248(sp) | s6 = *(var_248h);
0x00004024 lw s5, 0x244(sp) | s5 = *(var_244h);
0x00004028 lw s4, 0x240(sp) | s4 = *(var_240h);
0x0000402c lw s3, 0x23c(sp) | s3 = *(var_23ch);
0x00004030 lw s2, 0x238(sp) | s2 = *(var_238h);
0x00004034 lw s1, 0x234(sp) | s1 = *(var_234h);
0x00004038 lw s0, 0x230(sp) | s0 = *(var_230h);
0x0000403c addiu sp, sp, 0x258 |
0x00004040 jr ra | return v0;
| label_5:
0x00004044 lw v0, -0x7fdc(gp) | v0 = *(gp);
0x00004048 lw a3, -0x7fdc(gp) | a3 = *(gp);
0x0000404c lw a2, -0x7fdc(gp) | a2 = *(gp);
0x00004050 lw t9, -0x7cc4(gp) | t9 = sym.imp.g_log;
0x00004054 addiu v0, v0, -0xf30 | v0 += -0xf30;
0x00004058 addiu a3, a3, 0x6a8 | a3 += 0x6a8;
0x0000405c addiu a2, a2, -0x1bac | a2 += -0x1bac;
0x00004060 addiu a1, zero, 0x100 | a1 = 0x100;
0x00004064 move a0, zero | a0 = 0;
0x00004068 sw v0, 0x10(sp) | *(var_10h) = v0;
0x0000406c jalr t9 | t9 ();
0x00004070 lw gp, 0x20(sp) | gp = *(var_20h);
| label_4:
0x00004074 lw t9, -0x7de4(gp) | t9 = sym.imp.g_free;
0x00004078 move a0, zero | a0 = 0;
0x0000407c jalr t9 | t9 ();
0x00004080 lw gp, 0x20(sp) | gp = *(var_20h);
0x00004084 move v0, zero | v0 = 0;
0x00004088 b 0x4008 |
| } while (1);
| label_7:
0x0000408c lw t9, -0x7ea4(gp) | t9 = sym.imp.g_malloc0;
0x00004090 move a0, s0 | a0 = s0;
0x00004094 jalr t9 | t9 ();
0x00004098 move s1, v0 | s1 = v0;
0x0000409c lw gp, 0x20(sp) | gp = *(var_20h);
0x000040a0 b 0x3fa0 | goto label_0;
| label_9:
0x000040a4 lw v0, -0x7fdc(gp) | v0 = *(gp);
0x000040a8 lw a3, -0x7fdc(gp) | a3 = *(gp);
0x000040ac lw a2, -0x7fdc(gp) | a2 = *(gp);
0x000040b0 lw t9, -0x7cc4(gp) | t9 = sym.imp.g_log;
0x000040b4 addiu v0, v0, -0xf30 | v0 += -0xf30;
0x000040b8 sw s5, 0x14(sp) | *(var_14h) = s5;
0x000040bc sw v0, 0x10(sp) | *(var_10h) = v0;
0x000040c0 addiu a3, a3, 0x6a8 | a3 += 0x6a8;
0x000040c4 addiu a2, a2, -0x1b24 | a2 += -0x1b24;
0x000040c8 addiu a1, zero, 0x100 | a1 = 0x100;
0x000040cc move a0, zero | a0 = 0;
0x000040d0 jalr t9 | t9 ();
0x000040d4 lw gp, 0x20(sp) | gp = *(var_20h);
| label_3:
0x000040d8 lw t9, -0x7de4(gp) | t9 = sym.imp.g_free;
0x000040dc move a0, s1 | a0 = s1;
0x000040e0 jalr t9 | t9 ();
0x000040e4 lw gp, 0x20(sp) | gp = *(var_20h);
0x000040e8 lw t9, -0x7d34(gp) | t9 = sym.imp.pclose;
0x000040ec move a0, s4 | a0 = s4;
0x000040f0 jalr t9 | t9 ();
0x000040f4 lw gp, 0x20(sp) | gp = *(var_20h);
0x000040f8 move v0, zero | v0 = 0;
0x000040fc b 0x4008 | goto label_1;
| label_8:
0x00004100 lw t9, -0x7ccc(gp) | t9 = sym.imp.ferror;
0x00004104 move a0, s4 | a0 = s4;
0x00004108 jalr t9 | t9 ();
0x0000410c lw gp, 0x20(sp) | gp = *(var_20h);
| if (v0 == 0) {
0x00004110 beqz v0, 0x3fd0 | goto label_2;
| }
0x00004114 lw t9, -0x7d38(gp) | t9 = sym.imp.__errno_location;
0x00004118 jalr t9 | t9 ();
0x0000411c nop |
0x00004120 lw gp, 0x20(sp) | gp = *(var_20h);
0x00004124 lw t9, -0x7e5c(gp) | t9 = sym.imp.strerror;
0x00004128 lw a0, (v0) | a0 = *(v0);
0x0000412c jalr t9 | t9 ();
0x00004130 lw gp, 0x20(sp) | gp = *(var_20h);
0x00004134 sw v0, 0x18(sp) | *(var_18h_2) = v0;
0x00004138 sw s5, 0x14(sp) | *(var_14h) = s5;
0x0000413c lw v0, -0x7fdc(gp) | v0 = *(gp);
0x00004140 lw a3, -0x7fdc(gp) | a3 = *(gp);
0x00004144 lw a2, -0x7fdc(gp) | a2 = *(gp);
0x00004148 lw t9, -0x7cc4(gp) | t9 = sym.imp.g_log;
0x0000414c addiu v0, v0, -0xf30 | v0 += -0xf30;
0x00004150 sw v0, 0x10(sp) | *(var_10h) = v0;
0x00004154 addiu a3, a3, 0x6a8 | a3 += 0x6a8;
0x00004158 addiu a2, a2, -0x1b58 | a2 += -0x1b58;
0x0000415c addiu a1, zero, 0x100 | a1 = 0x100;
0x00004160 move a0, zero | a0 = 0;
0x00004164 jalr t9 | t9 ();
0x00004168 lw gp, 0x20(sp) | gp = *(var_20h);
0x0000416c b 0x40d8 | goto label_3;
| label_6:
0x00004170 lw v0, -0x7fdc(gp) | v0 = *(gp);
0x00004174 lw a3, -0x7fdc(gp) | a3 = *(gp);
0x00004178 lw a2, -0x7fdc(gp) | a2 = *(gp);
0x0000417c lw t9, -0x7cc4(gp) | t9 = sym.imp.g_log;
0x00004180 addiu v0, v0, -0xf30 | v0 += -0xf30;
0x00004184 addiu a3, a3, 0x6a8 | a3 += 0x6a8;
0x00004188 addiu a2, a2, -0x1b7c | a2 += -0x1b7c;
0x0000418c addiu a1, zero, 0x100 | a1 = 0x100;
0x00004190 move a0, zero | a0 = 0;
0x00004194 sw s5, 0x14(sp) | *(var_14h) = s5;
0x00004198 sw v0, 0x10(sp) | *(var_10h) = v0;
0x0000419c jalr t9 | t9 ();
0x000041a0 lw gp, 0x20(sp) | gp = *(var_20h);
0x000041a4 b 0x4074 | goto label_4;
| label_10:
0x000041a8 lw v0, -0x7fdc(gp) | v0 = *(gp);
0x000041ac lw a3, -0x7fdc(gp) | a3 = *(gp);
0x000041b0 lw a2, -0x7fdc(gp) | a2 = *(gp);
0x000041b4 lw t9, -0x7cc4(gp) | t9 = sym.imp.g_log;
0x000041b8 addiu v0, v0, -0xf30 | v0 += -0xf30;
0x000041bc sw s5, 0x14(sp) | *(var_14h) = s5;
0x000041c0 sw v0, 0x10(sp) | *(var_10h) = v0;
0x000041c4 addiu a3, a3, 0x6a8 | a3 += 0x6a8;
0x000041c8 addiu a2, a2, -0x1af8 | a2 += -0x1af8;
0x000041cc addiu a1, zero, 0x100 | a1 = 0x100;
0x000041d0 move a0, zero | a0 = 0;
0x000041d4 jalr t9 | t9 ();
0x000041d8 lw gp, 0x20(sp) | gp = *(var_20h);
0x000041dc b 0x40d8 | goto label_3;
| label_11:
0x000041e0 lw t9, -0x7dd4(gp) | t9 = sym.imp.__stack_chk_fail;
0x000041e4 jalr t9 | t9 ();
0x000041e8 nop |
| }
[*] Function popen used 2 times acapmanager
