[*] Binary protection state of stclient.cgi
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of stclient.cgi
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/stclient.cgi @ 0x4494 */
| #include <stdint.h>
|
; (fcn) fcn.00004494 () | void fcn_00004494 () {
0x00004494 lui gp, 2 |
0x00004498 addiu gp, gp, -0x6484 |
0x0000449c addu gp, gp, t9 | gp += t9;
| if (a0 <= 0) {
0x000044a0 blez a0, 0x473c | goto label_2;
| }
0x000044a4 nop |
0x000044a8 addiu sp, sp, -0xa8 |
0x000044ac lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x000044b0 sw s7, 0x9c(sp) | *(var_9ch) = s7;
0x000044b4 sw s6, 0x98(sp) | *(var_98h) = s6;
0x000044b8 lw s7, -0x7fdc(gp) | s7 = *((gp - 8183));
0x000044bc lw s6, -0x7fdc(gp) | s6 = *((gp - 8183));
0x000044c0 sw gp, 0x70(sp) | *(var_70h) = gp;
0x000044c4 sw s5, 0x94(sp) | *(var_94h) = s5;
0x000044c8 sw s4, 0x90(sp) | *(var_90h) = s4;
0x000044cc sw s1, 0x84(sp) | *(var_84h) = s1;
0x000044d0 sw ra, 0xa4(sp) | *(var_a4h) = ra;
0x000044d4 sw fp, 0xa0(sp) | *(var_a0h) = fp;
0x000044d8 sw s3, 0x8c(sp) | *(var_8ch) = s3;
0x000044dc sw s2, 0x88(sp) | *(var_88h) = s2;
0x000044e0 sw s0, 0x80(sp) | *(var_80h) = s0;
0x000044e4 sw a2, 0x7c(sp) | *(var_7ch) = a2;
0x000044e8 move s5, a0 | s5 = a0;
0x000044ec sw v0, 0x78(sp) | *(var_78h) = v0;
0x000044f0 move s1, a1 | s1 = a1;
0x000044f4 move s4, zero | s4 = 0;
0x000044f8 addiu s6, s6, 0x514c | s6 += str.Axis_Dispatcher;
0x000044fc addiu s7, s7, 0x515c | s7 += 0x515c;
0x00004500 b 0x4598 |
| while (v0 == 0) {
| label_0:
0x00004504 lw v0, 4(s0) | v0 = *((s0 + 1));
0x00004508 lw t9, -0x7ec8(gp) | t9 = sym.imp.g_strdup;
| if (v0 == 0) {
0x0000450c beqz v0, 0x46f4 | goto label_3;
| }
0x00004510 lw v0, (s0) | v0 = *(s0);
0x00004514 lw a0, (v0) | a0 = *(v0);
0x00004518 jalr t9 | t9 ();
0x0000451c lw gp, 0x70(sp) | gp = *(var_70h);
0x00004520 move a0, s0 | a0 = s0;
0x00004524 move fp, v0 | fp = v0;
0x00004528 lw t9, -0x7f80(gp) | t9 = sym.imp.cert_util_ptr_array_destroy;
| if (v0 == 0) {
0x0000452c beqz v0, 0x46fc | goto label_4;
| }
0x00004530 addiu s4, s4, 1 | s4++;
0x00004534 jalr t9 | t9 ();
0x00004538 lw gp, 0x70(sp) | gp = *(var_70h);
0x0000453c move a0, s2 | a0 = s2;
0x00004540 lw t9, -0x7f80(gp) | t9 = sym.imp.cert_util_ptr_array_destroy;
0x00004544 addiu s1, s1, 4 | s1 += 4;
0x00004548 jalr t9 | t9 ();
0x0000454c lw gp, 0x70(sp) | gp = *(var_70h);
0x00004550 lw t9, -0x7f80(gp) | t9 = sym.imp.cert_util_ptr_array_destroy;
0x00004554 move a0, s3 | a0 = s3;
0x00004558 jalr t9 | t9 ();
0x0000455c lw v0, 0x7c(sp) | v0 = *(var_7ch);
0x00004560 lw gp, 0x70(sp) | gp = *(var_70h);
0x00004564 lw a2, -4(s1) | a2 = *((s1 - 1));
0x00004568 lw a0, (v0) | a0 = *(v0);
0x0000456c lw v0, 0x78(sp) | v0 = *(var_78h);
0x00004570 lw t9, -0x7fa0(gp) | t9 = sym.imp.g_string_append_printf
0x00004574 move a3, fp | a3 = fp;
0x00004578 addiu a1, v0, 0x5160 | a1 = v0 + str._Cert__n_ID__s__ID__n_Data__n_s_n__Data__n__Cert__n;
0x0000457c jalr t9 | t9 ();
0x00004580 lw gp, 0x70(sp) | gp = *(var_70h);
0x00004584 lw t9, -0x7f38(gp) | t9 = sym.imp.g_free;
0x00004588 move a0, fp | a0 = fp;
0x0000458c jalr t9 | t9 ();
0x00004590 lw gp, 0x70(sp) | gp = *(var_70h);
| if (s4 == s5) {
0x00004594 beq s4, s5, 0x46c0 | goto label_5;
| }
| label_1:
0x00004598 lw t9, -0x7f44(gp) | t9 = sym.imp.g_ptr_array_new;
0x0000459c lw fp, (s1) | fp = *(s1);
0x000045a0 jalr t9 | t9 ();
0x000045a4 lw gp, 0x70(sp) | gp = *(var_70h);
0x000045a8 lw t9, -0x7f44(gp) | t9 = sym.imp.g_ptr_array_new;
0x000045ac move s0, v0 | s0 = v0;
0x000045b0 jalr t9 | t9 ();
0x000045b4 lw gp, 0x70(sp) | gp = *(var_70h);
0x000045b8 lw t9, -0x7f44(gp) | t9 = sym.imp.g_ptr_array_new;
0x000045bc move s2, v0 | s2 = v0;
0x000045c0 jalr t9 | t9 ();
0x000045c4 lw gp, 0x70(sp) | gp = *(var_70h);
0x000045c8 move a3, zero | a3 = 0;
0x000045cc move a0, fp | a0 = fp;
0x000045d0 move a1, zero | a1 = 0;
0x000045d4 move s3, v0 | s3 = v0;
0x000045d8 move a2, v0 | a2 = v0;
0x000045dc lw t9, -0x7f6c(gp) | t9 = sym.imp.cert_util_get_properties;
| if (fp == 0) {
0x000045e0 beqz fp, 0x46f4 | goto label_3;
| }
0x000045e4 sw s0, 0x68(sp) | *(var_68h) = s0;
0x000045e8 sw zero, 0x64(sp) | *(var_64h) = 0;
0x000045ec sw zero, 0x60(sp) | *(var_60h) = 0;
0x000045f0 sw zero, 0x5c(sp) | *(var_5ch) = 0;
0x000045f4 sw zero, 0x58(sp) | *(var_58h) = 0;
0x000045f8 sw zero, 0x54(sp) | *(var_54h) = 0;
0x000045fc sw zero, 0x50(sp) | *(var_50h) = 0;
0x00004600 sw zero, 0x4c(sp) | *(var_4ch) = 0;
0x00004604 sw zero, 0x48(sp) | *(var_48h) = 0;
0x00004608 sw zero, 0x44(sp) | *(var_44h) = 0;
0x0000460c sw zero, 0x40(sp) | *(var_40h) = 0;
0x00004610 sw zero, 0x3c(sp) | *(var_3ch) = 0;
0x00004614 sw s2, 0x38(sp) | *(var_38h) = s2;
0x00004618 sw zero, 0x34(sp) | *(var_34h) = 0;
0x0000461c sw zero, 0x30(sp) | *(var_30h) = 0;
0x00004620 sw zero, 0x2c(sp) | *(var_2ch) = 0;
0x00004624 sw zero, 0x28(sp) | *(var_28h) = 0;
0x00004628 sw zero, 0x24(sp) | *(var_24h) = 0;
0x0000462c sw zero, 0x20(sp) | *(var_20h) = 0;
0x00004630 sw zero, 0x1c(sp) | *(var_1ch) = 0;
0x00004634 sw zero, 0x18(sp) | *(var_18h) = 0;
0x00004638 sw zero, 0x14(sp) | *(var_14h) = 0;
0x0000463c sw zero, 0x10(sp) | *(var_10h) = 0;
0x00004640 jalr t9 | t9 ();
0x00004644 lw gp, 0x70(sp) | gp = *(var_70h);
0x00004648 move a1, s6 | a1 = s6;
0x0000464c lw t9, -0x7f18(gp) | t9 = sym.imp.g_strrstr;
| if (v0 != 0) {
0x00004650 bnez v0, 0x46f4 | goto label_3;
| }
0x00004654 lw v0, (s2) | v0 = *(s2);
0x00004658 lw a0, (v0) | a0 = *(v0);
0x0000465c jalr t9 | t9 ();
0x00004660 lw gp, 0x70(sp) | gp = *(var_70h);
0x00004664 move a0, s7 | a0 = s7;
0x00004668 lw t9, -0x7fb4(gp) | t9 = sym.imp.g_strcmp0;
0x0000466c beqz v0, 0x4504 |
| }
0x00004670 lw v0, (s3) | v0 = *(s3);
0x00004674 lw a1, (v0) | a1 = *(v0);
0x00004678 jalr t9 | t9 ();
0x0000467c lw gp, 0x70(sp) | gp = *(var_70h);
| if (v0 != 0) {
0x00004680 bnez v0, 0x4504 | goto label_0;
| }
0x00004684 lw t9, -0x7f80(gp) | t9 = sym.imp.cert_util_ptr_array_destroy;
0x00004688 move a0, s0 | a0 = s0;
0x0000468c jalr t9 | t9 ();
0x00004690 lw gp, 0x70(sp) | gp = *(var_70h);
0x00004694 move a0, s2 | a0 = s2;
0x00004698 addiu s4, s4, 1 | s4++;
0x0000469c lw t9, -0x7f80(gp) | t9 = sym.imp.cert_util_ptr_array_destroy;
0x000046a0 addiu s1, s1, 4 | s1 += 4;
0x000046a4 jalr t9 | t9 ();
0x000046a8 lw gp, 0x70(sp) | gp = *(var_70h);
0x000046ac lw t9, -0x7f80(gp) | t9 = sym.imp.cert_util_ptr_array_destroy;
0x000046b0 move a0, s3 | a0 = s3;
0x000046b4 jalr t9 | t9 ();
0x000046b8 lw gp, 0x70(sp) | gp = *(var_70h);
| if (s4 != s5) {
0x000046bc bne s4, s5, 0x4598 | goto label_1;
| }
| label_5:
0x000046c0 move v0, zero | v0 = 0;
| do {
0x000046c4 lw ra, 0xa4(sp) | ra = *(var_a4h);
0x000046c8 lw fp, 0xa0(sp) | fp = *(var_a0h);
0x000046cc lw s7, 0x9c(sp) | s7 = *(var_9ch);
0x000046d0 lw s6, 0x98(sp) | s6 = *(var_98h);
0x000046d4 lw s5, 0x94(sp) | s5 = *(var_94h);
0x000046d8 lw s4, 0x90(sp) | s4 = *(var_90h);
0x000046dc lw s3, 0x8c(sp) | s3 = *(var_8ch);
0x000046e0 lw s2, 0x88(sp) | s2 = *(var_88h);
0x000046e4 lw s1, 0x84(sp) | s1 = *(var_84h);
0x000046e8 lw s0, 0x80(sp) | s0 = *(var_80h);
0x000046ec addiu sp, sp, 0xa8 |
0x000046f0 jr ra | return v0;
| label_3:
0x000046f4 lw t9, -0x7f80(gp) | t9 = sym.imp.cert_util_ptr_array_destroy;
0x000046f8 move a0, s0 | a0 = s0;
| label_4:
0x000046fc jalr t9 | t9 ();
0x00004700 nop |
0x00004704 lw gp, 0x70(sp) | gp = *(var_70h);
0x00004708 lw t9, -0x7f80(gp) | t9 = sym.imp.cert_util_ptr_array_destroy;
0x0000470c move a0, s2 | a0 = s2;
0x00004710 jalr t9 | t9 ();
0x00004714 lw gp, 0x70(sp) | gp = *(var_70h);
0x00004718 lw t9, -0x7f80(gp) | t9 = sym.imp.cert_util_ptr_array_destroy;
0x0000471c move a0, s3 | a0 = s3;
0x00004720 jalr t9 | t9 ();
0x00004724 lw gp, 0x70(sp) | gp = *(var_70h);
0x00004728 lw t9, -0x7f38(gp) | t9 = sym.imp.g_free;
0x0000472c move a0, zero | a0 = 0;
0x00004730 jalr t9 | t9 ();
0x00004734 addiu v0, zero, -1 | v0 = -1;
0x00004738 b 0x46c4 |
| } while (1);
| label_2:
0x0000473c move v0, zero | v0 = 0;
0x00004740 jr ra | return v0;
| }
[*] Function printf used 2 times stclient.cgi
