[*] Binary protection state of remoteservice.cgi
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of remoteservice.cgi
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/html/axis-cgi/remoteservice.cgi @ 0xec8 */
| #include <stdint.h>
|
; (fcn) fcn.00000ec8 () | void fcn_00000ec8 () {
0x00000ec8 lui gp, 2 |
0x00000ecc addiu gp, gp, -0x5eb8 |
0x00000ed0 addu gp, gp, t9 | gp += t9;
0x00000ed4 addiu sp, sp, -0x48 |
0x00000ed8 sw ra, 0x44(sp) | *(var_44h) = ra;
0x00000edc sw s3, 0x40(sp) | *(var_40h) = s3;
0x00000ee0 sw s2, 0x3c(sp) | *(var_3ch) = s2;
0x00000ee4 sw s1, 0x38(sp) | *(var_38h) = s1;
0x00000ee8 sw s0, 0x34(sp) | *(var_34h) = s0;
0x00000eec sw gp, 0x18(sp) | *(var_18h) = gp;
0x00000ef0 move s0, a0 | s0 = a0;
0x00000ef4 move s1, a1 | s1 = a1;
0x00000ef8 move s2, a2 | s2 = a2;
0x00000efc move s3, a3 | s3 = a3;
0x00000f00 lw v0, -0x7f84(gp) | v0 = *((gp - 8161));
0x00000f04 lw v0, (v0) | v0 = *(v0);
0x00000f08 sw v0, 0x2c(sp) | *(var_2ch) = v0;
0x00000f0c sw zero, 0x20(sp) | *(var_20h) = 0;
0x00000f10 sw zero, 0x24(sp) | *(var_24h) = 0;
0x00000f14 lw a0, -0x7fd0(gp) | a0 = *((gp - 8180));
0x00000f18 addiu a0, a0, 0x2698 | a0 += 0x2698;
0x00000f1c lw t9, -0x7f6c(gp) | t9 = sym.imp.json_string;
0x00000f20 jalr t9 | t9 ();
0x00000f24 nop |
0x00000f28 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000f2c move a2, v0 | a2 = v0;
0x00000f30 lw a1, -0x7fd0(gp) | a1 = *((gp - 8180));
0x00000f34 addiu a1, a1, 0x269c | a1 += str.apiVersion;
0x00000f38 move a0, s1 | a0 = s1;
0x00000f3c lw t9, -0x7fa0(gp) | t9 = sym.imp.json_object_set_new;
0x00000f40 jalr t9 | t9 ();
0x00000f44 nop |
0x00000f48 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000f4c addiu a3, sp, 0x24 | a3 = sp + 0x24;
0x00000f50 lw a2, -0x7fd0(gp) | a2 = *((gp - 8180));
0x00000f54 addiu a2, a2, 0x26a8 | a2 += str.context;
0x00000f58 lw a1, -0x7fd0(gp) | a1 = *((gp - 8180));
0x00000f5c addiu a1, a1, 0x26b0 | a1 += str.s_s;
0x00000f60 move a0, s0 | a0 = s0;
0x00000f64 lw t9, -0x7f38(gp) | t9 = sym.imp.json_unpack;
0x00000f68 jalr t9 | t9 ();
0x00000f6c nop |
0x00000f70 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000f74 addiu a3, sp, 0x20 | a3 = sp + 0x20;
| if (v0 == 0) {
0x00000f78 bnez v0, 0xfb8 |
0x00000f7c lw a0, 0x24(sp) | a0 = *(var_24h);
0x00000f80 lw t9, -0x7f6c(gp) | t9 = sym.imp.json_string;
| if (a0 == 0) {
0x00000f84 beqz a0, 0xfb8 | goto label_0;
| }
0x00000f88 jalr t9 | t9 ();
0x00000f8c nop |
0x00000f90 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000f94 move a2, v0 | a2 = v0;
0x00000f98 lw a1, -0x7fd0(gp) | a1 = *((gp - 8180));
0x00000f9c addiu a1, a1, 0x26a8 | a1 += str.context;
0x00000fa0 move a0, s1 | a0 = s1;
0x00000fa4 lw t9, -0x7fa0(gp) | t9 = sym.imp.json_object_set_new;
0x00000fa8 jalr t9 | t9 ();
0x00000fac nop |
0x00000fb0 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000fb4 addiu a3, sp, 0x20 | a3 = sp + 0x20;
| }
| label_0:
0x00000fb8 lw a2, -0x7fd0(gp) | a2 = *((gp - 8180));
0x00000fbc addiu a2, a2, 0x26b8 | a2 += str.method;
0x00000fc0 lw a1, -0x7fd0(gp) | a1 = *((gp - 8180));
0x00000fc4 addiu a1, a1, 0x26c0 | a1 += str.ss;
0x00000fc8 move a0, s0 | a0 = s0;
0x00000fcc lw t9, -0x7f38(gp) | t9 = sym.imp.json_unpack;
0x00000fd0 jalr t9 | t9 ();
0x00000fd4 nop |
0x00000fd8 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000fdc lw a0, 0x20(sp) | a0 = *(var_20h);
| if (v0 == 0) {
0x00000fe0 bnez v0, 0x1020 |
0x00000fe4 lw t9, -0x7f6c(gp) | t9 = sym.imp.json_string;
| if (a0 != 0) {
0x00000fe8 beqz a0, 0x1020 |
0x00000fec jalr t9 | t9 ();
0x00000ff0 nop |
0x00000ff4 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000ff8 move a2, v0 | a2 = v0;
0x00000ffc lw a1, -0x7fd0(gp) | a1 = *((gp - 8180));
0x00001000 addiu a1, a1, 0x26b8 | a1 += str.method;
0x00001004 move a0, s1 | a0 = s1;
0x00001008 lw t9, -0x7fa0(gp) | t9 = sym.imp.json_object_set_new;
0x0000100c jalr t9 | t9 ();
0x00001010 nop |
0x00001014 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001018 addiu a1, sp, 0x58 | a1 = sp + 0x58;
0x0000101c b 0x104c |
| }
| } else {
0x00001020 lw a3, -0x7fd0(gp) | a3 = *((gp - 8180));
0x00001024 addiu a3, a3, 0x2768 | a3 += 0x2768;
0x00001028 lw a2, -0x7fd0(gp) | a2 = *((gp - 8180));
0x0000102c addiu a2, a2, 0x26c8 | a2 += str._sFailed_to_create_error_message;
0x00001030 addiu a1, zero, 0x100 | a1 = 0x100;
0x00001034 move a0, zero | a0 = 0;
0x00001038 lw t9, -0x7fb0(gp) | t9 = sym.imp.g_log;
0x0000103c jalr t9 | t9 ();
0x00001040 nop |
0x00001044 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001048 addiu a1, sp, 0x58 | a1 = sp + 0x58;
| }
0x0000104c sw a1, 0x28(sp) | *(var_28h) = a1;
0x00001050 move a0, s3 | a0 = s3;
0x00001054 lw t9, -0x7f7c(gp) | t9 = sym.imp.g_strdup_vprintf
0x00001058 jalr t9 | t9 ();
0x0000105c nop |
0x00001060 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001064 move s0, v0 | s0 = v0;
0x00001068 sw v0, 0x10(sp) | *(var_10h) = v0;
0x0000106c lw a3, -0x7fd0(gp) | a3 = *((gp - 8180));
0x00001070 addiu a3, a3, 0x26ec | a3 += str.message;
0x00001074 move a2, s2 | a2 = s2;
0x00001078 lw a1, -0x7fd0(gp) | a1 = *((gp - 8180));
0x0000107c addiu a1, a1, 0x26f4 | a1 += str.code;
0x00001080 lw a0, -0x7fd0(gp) | a0 = *((gp - 8180));
0x00001084 addiu a0, a0, 0x26fc | a0 += str.s:i__s:s;
0x00001088 lw t9, -0x7fa8(gp) | t9 = sym.imp.json_pack;
0x0000108c jalr t9 | t9 ();
0x00001090 nop |
0x00001094 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001098 move a2, v0 | a2 = v0;
0x0000109c lw a1, -0x7fd0(gp) | a1 = *((gp - 8180));
0x000010a0 addiu a1, a1, 0x2708 | a1 += str.error;
0x000010a4 move a0, s1 | a0 = s1;
0x000010a8 lw t9, -0x7fa0(gp) | t9 = sym.imp.json_object_set_new;
0x000010ac jalr t9 | t9 ();
0x000010b0 nop |
0x000010b4 lw gp, 0x18(sp) | gp = *(var_18h);
0x000010b8 sw s0, 0x10(sp) | *(var_10h) = s0;
0x000010bc lw a3, -0x7fd0(gp) | a3 = *((gp - 8180));
0x000010c0 addiu a3, a3, 0x2768 | a3 += 0x2768;
0x000010c4 lw a2, -0x7fd0(gp) | a2 = *((gp - 8180));
0x000010c8 addiu a2, a2, 0x2710 | a2 += str._s_s;
0x000010cc addiu a1, zero, 0x10 | a1 = 0x10;
0x000010d0 move a0, zero | a0 = 0;
0x000010d4 lw t9, -0x7fb0(gp) | t9 = sym.imp.g_log;
0x000010d8 jalr t9 | t9 ();
0x000010dc nop |
0x000010e0 lw gp, 0x18(sp) | gp = *(var_18h);
0x000010e4 move a0, s0 | a0 = s0;
0x000010e8 lw t9, -0x7f34(gp) | t9 = sym.imp.g_free;
0x000010ec jalr t9 | t9 ();
0x000010f0 nop |
0x000010f4 lw gp, 0x18(sp) | gp = *(var_18h);
0x000010f8 lw v1, 0x2c(sp) | v1 = *(var_2ch);
0x000010fc lw v0, -0x7f84(gp) | v0 = *((gp - 8161));
0x00001100 lw v0, (v0) | v0 = *(v0);
0x00001104 lw ra, 0x44(sp) | ra = *(var_44h);
| if (v1 == v0) {
0x00001108 bne v1, v0, 0x1124 |
0x0000110c lw s3, 0x40(sp) | s3 = *(var_40h);
0x00001110 lw s2, 0x3c(sp) | s2 = *(var_3ch);
0x00001114 lw s1, 0x38(sp) | s1 = *(var_38h);
0x00001118 lw s0, 0x34(sp) | s0 = *(var_34h);
0x0000111c addiu sp, sp, 0x48 |
0x00001120 jr ra | return v1;
| }
0x00001124 lw t9, -0x7f94(gp) | t9 = sym.imp.__stack_chk_fail;
0x00001128 jalr t9 | t9 ();
0x0000112c nop |
| }
[*] Function printf used 2 times remoteservice.cgi
