[*] Binary protection state of urldecode
Full RELRO No Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of urldecode
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/urldecode @ 0x840 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
| /* [13] -r-x section size 832 named .text */
0x00000840 lui gp, 2 |
0x00000844 addiu gp, gp, -0x7830 |
0x00000848 addu gp, gp, t9 | gp += t9;
0x0000084c addiu sp, sp, -0x28 |
0x00000850 addiu v0, zero, 2 | v0 = 2;
0x00000854 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00000858 sw ra, 0x24(sp) | *(var_24h) = ra;
0x0000085c sw s1, 0x20(sp) | *(var_20h) = s1;
0x00000860 sw s0, 0x1c(sp) | *(var_1ch) = s0;
| if (a0 == v0) {
0x00000864 beql a0, v0, 0x92c | goto label_2;
| }
0x00000868 lw a0, 4(a1) | a0 = *((a1 + 1));
0x0000086c move s1, zero | s1 = 0;
| label_0:
0x00000870 lw t9, -0x7f98(gp) | t9 = sym.imp.malloc;
0x00000874 addiu a0, zero, 0x400 | a0 = 0x400;
0x00000878 jalr t9 | t9 ();
0x0000087c move s0, v0 | s0 = v0;
0x00000880 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x00000884 beqz v0, 0x948 | goto label_3;
| }
0x00000888 lw t9, -0x7f8c(gp) | t9 = sym.imp.read;
0x0000088c addiu a2, zero, 0x3ff | a2 = 0x3ff;
0x00000890 move a1, v0 | a1 = v0;
0x00000894 move a0, zero | a0 = 0;
0x00000898 jalr t9 | t9 ();
0x0000089c lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 <= 0) {
0x000008a0 blez v0, 0x8dc | goto label_4;
| }
0x000008a4 addu v0, s0, v0 | v0 = s0 + v0;
0x000008a8 sb zero, -1(v0) | *((v0 - 1)) = 0;
| if (s1 != 0) {
0x000008ac bnez s1, 0x900 | goto label_5;
| }
0x000008b0 lw t9, -0x7fa8(gp) | t9 = sym.imp.CGI_decode;
0x000008b4 move a0, s0 | a0 = s0;
0x000008b8 jalr t9 | t9 ();
0x000008bc lw gp, 0x10(sp) | gp = *(var_10h);
| do {
0x000008c0 lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x000008c4 lw t9, -0x7fac(gp) | t9 = sym.imp.__printf_chk
0x000008c8 move a2, s0 | a2 = s0;
0x000008cc addiu a1, a1, 0xc64 | a1 += 0xc64;
0x000008d0 addiu a0, zero, 1 | a0 = 1;
0x000008d4 jalr t9 | t9 ();
0x000008d8 lw gp, 0x10(sp) | gp = *(var_10h);
| label_4:
0x000008dc lw t9, -0x7f94(gp) | t9 = sym.imp.free;
0x000008e0 move a0, s0 | a0 = s0;
0x000008e4 jalr t9 | t9 ();
0x000008e8 move v0, zero | v0 = 0;
| label_1:
0x000008ec lw ra, 0x24(sp) | ra = *(var_24h);
0x000008f0 lw s1, 0x20(sp) | s1 = *(var_20h);
0x000008f4 lw s0, 0x1c(sp) | s0 = *(var_1ch);
0x000008f8 addiu sp, sp, 0x28 |
0x000008fc jr ra | return v0;
| label_5:
0x00000900 lw t9, -0x7fb0(gp) | t9 = sym.imp.CGI_encode;
0x00000904 move a0, s0 | a0 = s0;
0x00000908 jalr t9 | t9 ();
0x0000090c lw gp, 0x10(sp) | gp = *(var_10h);
0x00000910 move s1, v0 | s1 = v0;
0x00000914 move a0, s0 | a0 = s0;
0x00000918 lw t9, -0x7f94(gp) | t9 = sym.imp.free;
0x0000091c move s0, s1 | s0 = s1;
0x00000920 jalr t9 | t9 ();
0x00000924 lw gp, 0x10(sp) | gp = *(var_10h);
0x00000928 b 0x8c0 |
| } while (1);
| label_2:
0x0000092c lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00000930 lw t9, -0x7f84(gp) | t9 = sym.imp.strcmp;
0x00000934 addiu a1, a1, 0xc48 | a1 += 0xc48;
0x00000938 jalr t9 | t9 ();
0x0000093c sltiu s1, v0, 1 | s1 = (v0 < 1) ? 1 : 0;
0x00000940 lw gp, 0x10(sp) | gp = *(var_10h);
0x00000944 b 0x870 | goto label_0;
| label_3:
0x00000948 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x0000094c lw t9, -0x7f9c(gp) | t9 = sym.imp.puts;
0x00000950 addiu a0, a0, 0xc4c | a0 += str.Cant_allocate_buffer_;
0x00000954 jalr t9 | t9 ();
0x00000958 addiu v0, zero, -1 | v0 = -1;
0x0000095c b 0x8ec | goto label_1;
| }
[*] Function printf used 2 times urldecode
