[*] Binary protection state of api-discovery
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of api-discovery
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/api-discovery @ 0x2bac */
| #include <stdint.h>
|
; (fcn) sym.ads_dbus_fini () | void ads_dbus_fini () {
0x00002bac lui gp, 2 |
0x00002bb0 addiu gp, gp, -0x5b9c |
0x00002bb4 addu gp, gp, t9 | gp += t9;
0x00002bb8 addiu sp, sp, -0x48 |
0x00002bbc lw v1, -0x7fd4(gp) | v1 = *((gp - 8181));
0x00002bc0 sw s4, 0x40(sp) | *(var_40h) = s4;
0x00002bc4 lw s4, -0x7e70(gp) | s4 = *((gp - 8092));
0x00002bc8 sw s0, 0x30(sp) | *(var_30h) = s0;
0x00002bcc lw s0, -0x7fd4(gp) | s0 = *((gp - 8181));
0x00002bd0 lw v0, (s4) | v0 = *(s4);
0x00002bd4 lw t9, -0x7f58(gp) | t9 = sym.imp.sd_bus_get_unique_name;
0x00002bd8 sw a0, 0x5210(v1) | *((v1 + 5252)) = a0;
0x00002bdc lw a0, 0x5214(s0) | a0 = *((s0 + 5253));
0x00002be0 sw gp, 0x18(sp) | *(var_18h_2) = gp;
0x00002be4 sw ra, 0x44(sp) | *(var_44h) = ra;
0x00002be8 sw s3, 0x3c(sp) | *(var_3ch_2) = s3;
0x00002bec sw s2, 0x38(sp) | *(var_38h) = s2;
0x00002bf0 sw s1, 0x34(sp) | *(var_34h) = s1;
0x00002bf4 addiu a1, sp, 0x28 | a1 = sp + 0x28;
0x00002bf8 sw v0, 0x2c(sp) | *(var_2ch) = v0;
0x00002bfc sw zero, 0x24(sp) | *(var_24h) = 0;
0x00002c00 jalr t9 | t9 ();
0x00002c04 nop |
0x00002c08 lw gp, 0x18(sp) | gp = *(var_18h_2);
| if (v0 < 0) {
0x00002c0c bltz v0, 0x2d28 | goto label_1;
| }
0x00002c10 lw s1, -0x7fcc(gp) | s1 = *((gp - 8179));
0x00002c14 lw a2, -0x7fcc(gp) | a2 = *((gp - 8179));
0x00002c18 lw v0, 0x28(sp) | v0 = *(var_28h);
0x00002c1c lw t9, -0x7eb0(gp) | t9 = sym.imp.__asprintf_chk
0x00002c20 sw v0, 0x10(sp) | *(var_10h_3) = v0;
0x00002c24 addiu a3, s1, 0x4438 | a3 = s1 + str.com.axis.ApiDiscovery1;
0x00002c28 addiu a2, a2, 0x4524 | a2 += str.senderorg.freedesktop.DBus_typesignal_interfaceorg.freedesktop.DBus_memberNameOwnerChanged_path_org_freedesktop_DBus_arg0_s_arg1_s_arg2;
0x00002c2c addiu a1, zero, 1 | a1 = 1;
0x00002c30 addiu a0, sp, 0x24 | a0 = sp + 0x24;
0x00002c34 jalr t9 | t9 ();
0x00002c38 lw gp, 0x18(sp) | gp = *(var_18h_2);
| if (v0 < 0) {
0x00002c3c bltz v0, 0x2da4 | goto label_2;
| }
0x00002c40 lw a3, -0x7fcc(gp) | a3 = *((gp - 8179));
0x00002c44 lw t9, -0x7efc(gp) | t9 = sym.imp.sd_bus_add_match;
0x00002c48 lw a2, 0x24(sp) | a2 = *(var_24h);
0x00002c4c lw a0, 0x5214(s0) | a0 = *((s0 + 5253));
0x00002c50 sw zero, 0x10(sp) | *(var_10h_3) = 0;
0x00002c54 addiu a3, a3, 0x20d0 | a3 += 0x20d0;
0x00002c58 move a1, zero | a1 = 0;
0x00002c5c jalr t9 | t9 ();
0x00002c60 move s3, v0 | s3 = v0;
0x00002c64 lw gp, 0x18(sp) | gp = *(var_18h_2);
| if (v0 < 0) {
0x00002c68 bltz v0, 0x2d7c | goto label_3;
| }
0x00002c6c lw t9, -0x7f54(gp) | t9 = sym.imp.sd_bus_release_name;
0x00002c70 lw a0, 0x5214(s0) | a0 = *((s0 + 5253));
0x00002c74 addiu a1, s1, 0x4438 | a1 = s1 + str.com.axis.ApiDiscovery1;
0x00002c78 jalr t9 | t9 ();
0x00002c7c move s3, v0 | s3 = v0;
0x00002c80 lw gp, 0x18(sp) | gp = *(var_18h_2);
| if (v0 < 0) {
0x00002c84 bltz v0, 0x2d54 | goto label_4;
| }
0x00002c88 move s3, zero | s3 = 0;
| label_0:
0x00002c8c lw s1, -0x7fa4(gp) | s1 = *(gp);
0x00002c90 lw s2, -0x7fa0(gp) | s2 = *(gp);
0x00002c94 lw v0, (s1) | v0 = *(s1);
0x00002c98 lw a0, (v0) | a0 = *(v0);
0x00002c9c move s0, zero | s0 = 0;
| if (a0 == 0) {
0x00002ca0 beqz a0, 0x2cd8 | goto label_5;
| }
| do {
0x00002ca4 lw t9, -0x7e58(gp) | t9 = *((gp - 8086));
0x00002ca8 jalr t9 | t9 ();
0x00002cac nop |
0x00002cb0 lw gp, 0x18(sp) | gp = *(var_18h_2);
0x00002cb4 lw a0, (s2) | a0 = *(s2);
0x00002cb8 lw t9, -0x7e58(gp) | t9 = *((gp - 8086));
0x00002cbc lwx a0, s0(a0) | __asm ("lwx a0, s0(a0)");
0x00002cc0 addiu s0, s0, 4 | s0 += 4;
0x00002cc4 jalr t9 | t9 ();
0x00002cc8 lw v0, (s1) | v0 = *(s1);
0x00002ccc lwx a0, s0(v0) | __asm ("lwx a0, s0(v0)");
0x00002cd0 lw gp, 0x18(sp) | gp = *(var_18h_2);
0x00002cd4 bnez a0, 0x2ca4 |
| } while (a0 != 0);
| label_5:
0x00002cd8 lw t9, -0x7e58(gp) | t9 = *((gp - 8086));
0x00002cdc move a0, v0 | a0 = v0;
0x00002ce0 jalr t9 | t9 ();
0x00002ce4 lw gp, 0x18(sp) | gp = *(var_18h_2);
0x00002ce8 lw t9, -0x7e58(gp) | t9 = *((gp - 8086));
0x00002cec lw a0, (s2) | a0 = *(s2);
0x00002cf0 jalr t9 | t9 ();
0x00002cf4 lw a0, 0x2c(sp) | a0 = *(var_2ch);
0x00002cf8 lw v1, (s4) | v1 = *(s4);
0x00002cfc lw gp, 0x18(sp) | gp = *(var_18h_2);
0x00002d00 move v0, s3 | v0 = s3;
| if (a0 == v1) {
0x00002d04 bne a0, v1, 0x2dd0 |
0x00002d08 lw ra, 0x44(sp) | ra = *(var_44h);
0x00002d0c lw s4, 0x40(sp) | s4 = *(var_40h);
0x00002d10 lw s3, 0x3c(sp) | s3 = *(var_3ch_2);
0x00002d14 lw s2, 0x38(sp) | s2 = *(var_38h);
0x00002d18 lw s1, 0x34(sp) | s1 = *(var_34h);
0x00002d1c lw s0, 0x30(sp) | s0 = *(var_30h);
0x00002d20 addiu sp, sp, 0x48 |
0x00002d24 jr ra | return v0;
| label_1:
0x00002d28 lw a3, -0x7fcc(gp) | a3 = *((gp - 8179));
0x00002d2c lw a2, -0x7fcc(gp) | a2 = *((gp - 8179));
0x00002d30 lw t9, -0x7ef8(gp) | t9 = sym.imp.g_log;
0x00002d34 addiu a3, a3, 0x4890 | a3 += 0x4890;
0x00002d38 addiu a2, a2, 0x4508 | a2 += str._sFailed_to_get_unique_name;
0x00002d3c addiu a1, zero, 0x100 | a1 = 0x100;
0x00002d40 move a0, zero | a0 = 0;
0x00002d44 move s3, v0 | s3 = v0;
0x00002d48 jalr t9 | t9 ();
0x00002d4c lw gp, 0x18(sp) | gp = *(var_18h_2);
0x00002d50 b 0x2c8c | goto label_0;
| label_4:
0x00002d54 lw a3, -0x7fcc(gp) | a3 = *((gp - 8179));
0x00002d58 lw a2, -0x7fcc(gp) | a2 = *((gp - 8179));
0x00002d5c lw t9, -0x7ef8(gp) | t9 = sym.imp.g_log;
0x00002d60 addiu a3, a3, 0x4890 | a3 += 0x4890;
0x00002d64 addiu a2, a2, 0x460c | a2 += str._sFailed_to_release_DBus_name;
0x00002d68 addiu a1, zero, 0x100 | a1 = 0x100;
0x00002d6c move a0, zero | a0 = 0;
0x00002d70 jalr t9 | t9 ();
0x00002d74 lw gp, 0x18(sp) | gp = *(var_18h_2);
0x00002d78 b 0x2c8c | goto label_0;
| label_3:
0x00002d7c lw a3, -0x7fcc(gp) | a3 = *((gp - 8179));
0x00002d80 lw a2, -0x7fcc(gp) | a2 = *((gp - 8179));
0x00002d84 lw t9, -0x7ef8(gp) | t9 = sym.imp.g_log;
0x00002d88 addiu a3, a3, 0x4890 | a3 += 0x4890;
0x00002d8c addiu a2, a2, 0x45ec | a2 += str._sFailed_to_add_match_callback;
0x00002d90 addiu a1, zero, 0x100 | a1 = 0x100;
0x00002d94 move a0, zero | a0 = 0;
0x00002d98 jalr t9 | t9 ();
0x00002d9c lw gp, 0x18(sp) | gp = *(var_18h_2);
0x00002da0 b 0x2c8c | goto label_0;
| label_2:
0x00002da4 lw a3, -0x7fcc(gp) | a3 = *((gp - 8179));
0x00002da8 lw a2, -0x7fcc(gp) | a2 = *((gp - 8179));
0x00002dac lw t9, -0x7ef8(gp) | t9 = sym.imp.g_log;
0x00002db0 addiu a3, a3, 0x4890 | a3 += 0x4890;
0x00002db4 addiu a2, a2, 0x45c4 | a2 += str._sFailed_to_create_dbus_match_string;
0x00002db8 addiu a1, zero, 0x100 | a1 = 0x100;
0x00002dbc move a0, zero | a0 = 0;
0x00002dc0 jalr t9 | t9 ();
0x00002dc4 addiu s3, zero, -0xc | s3 = -0xc;
0x00002dc8 lw gp, 0x18(sp) | gp = *(var_18h_2);
0x00002dcc b 0x2c8c | goto label_0;
| }
0x00002dd0 lw t9, -0x7e88(gp) | t9 = sym.imp.__stack_chk_fail;
0x00002dd4 jalr t9 | t9 ();
0x00002dd8 nop |
0x00002ddc nop |
0x00002de0 lui gp, 2 |
0x00002de4 addiu gp, gp, -0x5dd0 |
0x00002de8 addu gp, gp, t9 | gp += t9;
0x00002dec addiu sp, sp, -0x20 |
0x00002df0 lw t9, -0x7e58(gp) | t9 = *((gp - 8086));
0x00002df4 sw s0, 0x18(sp) | *(var_18h_3) = s0;
0x00002df8 move s0, a0 | s0 = a0;
0x00002dfc lw a0, (a0) | a0 = *(a0);
0x00002e00 sw ra, 0x1c(sp) | *(var_1ch) = ra;
0x00002e04 sw gp, 0x10(sp) | *(var_10h_2) = gp;
0x00002e08 jalr t9 | t9 ();
0x00002e0c nop |
0x00002e10 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x00002e14 lw t9, -0x7e58(gp) | t9 = *((gp - 8086));
0x00002e18 lw a0, 4(s0) | a0 = *((s0 + 1));
0x00002e1c jalr t9 | t9 ();
0x00002e20 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x00002e24 lw ra, 0x1c(sp) | ra = *(var_1ch);
0x00002e28 move a0, s0 | a0 = s0;
0x00002e2c lw t9, -0x7e58(gp) | t9 = *((gp - 8086));
0x00002e30 lw s0, 0x18(sp) | s0 = *(var_18h_3);
0x00002e34 addiu sp, sp, 0x20 |
0x00002e38 jr t9 | return t9 ();
| }
[*] Function sprintf used 2 times api-discovery
