[*] Binary protection state of migrate_cert
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of migrate_cert
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/migrate_cert @ 0x6550 */
| #include <stdint.h>
|
; (fcn) sym.generate_cert () | void generate_cert () {
0x00006550 lui gp, 2 |
0x00006554 addiu gp, gp, -0x5540 |
0x00006558 addu gp, gp, t9 | gp += t9;
0x0000655c addiu sp, sp, -0x58 |
0x00006560 lw t9, -0x7db4(gp) | t9 = sym.imp.cert_init;
0x00006564 sw s2, 0x48(sp) | *(var_48h) = s2;
0x00006568 lw s2, -0x7dec(gp) | s2 = *((gp - 8059));
0x0000656c sw gp, 0x30(sp) | *(var_30h) = gp;
0x00006570 sw ra, 0x54(sp) | *(var_54h) = ra;
0x00006574 lw v0, (s2) | v0 = *(s2);
0x00006578 sw s4, 0x50(sp) | *(var_50h) = s4;
0x0000657c sw s3, 0x4c(sp) | *(var_4ch) = s3;
0x00006580 sw v0, 0x3c(sp) | *(var_3ch) = v0;
0x00006584 sw s1, 0x44(sp) | *(var_44h) = s1;
0x00006588 sw s0, 0x40(sp) | *(var_40h) = s0;
0x0000658c sw zero, 0x38(sp) | *(var_38h) = 0;
0x00006590 move s3, a0 | s3 = a0;
0x00006594 move s4, a1 | s4 = a1;
0x00006598 jalr t9 | t9 ();
0x0000659c lw gp, 0x30(sp) | gp = *(var_30h);
0x000065a0 lw t9, -0x7f94(gp) | t9 = sym.get_hostname;
0x000065a4 bal 0x6700 | sym_get_hostname ();
0x000065a8 nop |
0x000065ac lw gp, 0x30(sp) | gp = *(var_30h);
| if (v0 == 0) {
0x000065b0 beqz v0, 0x6698 | goto label_1;
| }
0x000065b4 move s1, v0 | s1 = v0;
| label_0:
0x000065b8 addiu v0, zero, 0x600 | v0 = 0x600;
0x000065bc sw v0, 0x2c(sp) | *(var_2ch) = v0;
0x000065c0 lw v0, -0x7fcc(gp) | v0 = *((gp - 8179));
0x000065c4 lw s0, -0x7fcc(gp) | s0 = *((gp - 8179));
0x000065c8 addiu v0, v0, -0x7d28 | v0 += -0x7d28;
0x000065cc sw v0, 0x28(sp) | *(var_28h) = v0;
0x000065d0 lw v0, -0x7fcc(gp) | v0 = *((gp - 8179));
0x000065d4 addiu s0, s0, -0x7dc0 | s0 += -0x7dc0;
0x000065d8 addiu v0, v0, -0x7d1c | v0 += -0x7d1c;
0x000065dc sw v0, 0x24(sp) | *(var_24h) = v0;
0x000065e0 lw v0, -0x7fcc(gp) | v0 = *((gp - 8179));
0x000065e4 lw t9, -0x7ee4(gp) | t9 = sym.imp.cert_create;
0x000065e8 addiu v0, v0, -0x7d10 | v0 += -0x7d10;
0x000065ec move a3, s0 | a3 = s0;
0x000065f0 move a2, s4 | a2 = s4;
0x000065f4 addiu a1, sp, 0x38 | a1 = sp + 0x38;
0x000065f8 move a0, s3 | a0 = s3;
0x000065fc sw s1, 0x20(sp) | *(var_20h) = s1;
0x00006600 sw s0, 0x1c(sp) | *(var_1ch) = s0;
0x00006604 sw v0, 0x18(sp) | *(var_18h) = v0;
0x00006608 sw s0, 0x14(sp) | *(var_14h) = s0;
0x0000660c sw s0, 0x10(sp) | *(var_10h) = s0;
0x00006610 jalr t9 | t9 ();
0x00006614 lw gp, 0x30(sp) | gp = *(var_30h);
0x00006618 lw a0, 0x38(sp) | a0 = *(var_38h);
0x0000661c lw t9, -0x7eb0(gp) | t9 = sym.imp.g_free;
0x00006620 move s3, v0 | s3 = v0;
0x00006624 jalr t9 | t9 ();
0x00006628 lw gp, 0x30(sp) | gp = *(var_30h);
0x0000662c lw t9, -0x7eb0(gp) | t9 = sym.imp.g_free;
0x00006630 move a0, s1 | a0 = s1;
0x00006634 jalr t9 | t9 ();
0x00006638 lw gp, 0x30(sp) | gp = *(var_30h);
| if (s3 != 0) {
0x0000663c bnez s3, 0x6670 | goto label_2;
| }
0x00006640 addiu v0, zero, 1 | v0 = 1;
| do {
0x00006644 lw a0, 0x3c(sp) | a0 = *(var_3ch);
0x00006648 lw v1, (s2) | v1 = *(s2);
0x0000664c lw ra, 0x54(sp) | ra = *(var_54h);
| if (a0 != v1) {
0x00006650 bne a0, v1, 0x66ec | goto label_3;
| }
0x00006654 lw s4, 0x50(sp) | s4 = *(var_50h);
0x00006658 lw s3, 0x4c(sp) | s3 = *(var_4ch);
0x0000665c lw s2, 0x48(sp) | s2 = *(var_48h);
0x00006660 lw s1, 0x44(sp) | s1 = *(var_44h);
0x00006664 lw s0, 0x40(sp) | s0 = *(var_40h);
0x00006668 addiu sp, sp, 0x58 |
0x0000666c jr ra | return v0;
| label_2:
0x00006670 lw a2, -0x7fcc(gp) | a2 = *((gp - 8179));
0x00006674 lw t9, -0x7dfc(gp) | t9 = sym.imp.g_log;
0x00006678 move a3, s0 | a3 = s0;
0x0000667c addiu a2, a2, -0x7cf8 | a2 += -0x7cf8;
0x00006680 addiu a1, zero, 0x100 | a1 = 0x100;
0x00006684 move a0, zero | a0 = 0;
0x00006688 jalr t9 | t9 ();
0x0000668c lw gp, 0x30(sp) | gp = *(var_30h);
0x00006690 move v0, zero | v0 = 0;
0x00006694 b 0x6644 |
| } while (1);
| label_1:
0x00006698 lw t9, -0x7f90(gp) | t9 = sym.get_serial_number;
0x0000669c bal 0x692c | sym_get_serial_number ();
0x000066a0 nop |
0x000066a4 move s0, v0 | s0 = v0;
0x000066a8 lw gp, 0x30(sp) | gp = *(var_30h);
| if (v0 == 0) {
0x000066ac beqz v0, 0x66e0 | goto label_4;
| }
0x000066b0 move a1, v0 | a1 = v0;
| do {
0x000066b4 lw a0, -0x7fcc(gp) | a0 = *((gp - 8179));
0x000066b8 lw t9, -0x7e38(gp) | t9 = sym.imp.g_strdup_printf
0x000066bc addiu a0, a0, -0x7d30 | a0 += -str.path;
0x000066c0 jalr t9 | t9 ();
0x000066c4 lw gp, 0x30(sp) | gp = *(var_30h);
0x000066c8 move a0, s0 | a0 = s0;
0x000066cc lw t9, -0x7eb0(gp) | t9 = sym.imp.g_free;
0x000066d0 move s1, v0 | s1 = v0;
0x000066d4 jalr t9 | t9 ();
0x000066d8 lw gp, 0x30(sp) | gp = *(var_30h);
0x000066dc b 0x65b8 | goto label_0;
| label_4:
0x000066e0 lw a1, -0x7fcc(gp) | a1 = *((gp - 8179));
0x000066e4 addiu a1, a1, -0x7d3c | a1 += -0x7d3c;
0x000066e8 b 0x66b4 |
| } while (1);
| label_3:
0x000066ec lw t9, -0x7ea0(gp) | t9 = *(gp);
0x000066f0 jalr t9 | t9 ();
0x000066f4 nop |
0x000066f8 nop |
0x000066fc nop |
| }
[*] Function printf used 2 times migrate_cert
