[*] Binary protection state of badblocks
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of badblocks
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/badblocks @ 0x2320 */
| #include <stdint.h>
|
; (fcn) fcn.00002320 () | void fcn_00002320 () {
0x00002320 lui gp, 2 |
0x00002324 addiu gp, gp, -0x32f0 |
0x00002328 addu gp, gp, t9 | gp += t9;
0x0000232c addiu sp, sp, -0x300 |
0x00002330 lw t9, -0x7ef4(gp) | t9 = sym.imp.gettimeofday;
0x00002334 sw s2, 0x2f0(sp) | *(var_2f0h) = s2;
0x00002338 lw s2, -0x7ee0(gp) | s2 = *((gp - 8120));
0x0000233c sw gp, 0x30(sp) | *(var_30h) = gp;
0x00002340 sw s0, 0x2e8(sp) | *(var_2e8h) = s0;
0x00002344 lw v0, (s2) | v0 = *(s2);
0x00002348 addiu a0, sp, 0x3c | a0 = sp + 0x3c;
0x0000234c sw ra, 0x2fc(sp) | *(var_2fch) = ra;
0x00002350 sw s4, 0x2f8(sp) | *(var_2f8h) = s4;
0x00002354 sw s3, 0x2f4(sp) | *(var_2f4h) = s3;
0x00002358 sw s1, 0x2ec(sp) | *(var_2ech) = s1;
0x0000235c move a1, zero | a1 = 0;
0x00002360 sw v0, 0x2e4(sp) | *(var_2e4h) = v0;
0x00002364 jalr t9 | t9 ();
0x00002368 nop |
0x0000236c lw gp, 0x30(sp) | gp = *(var_30h);
0x00002370 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00002374 lw s0, 0x71d0(v0) | s0 = *((v0 + 7284));
0x00002378 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x0000237c lw a0, 0x71d4(v0) | a0 = *((v0 + 7285));
| if (s0 == 0) {
0x00002380 beqz s0, 0x2658 | goto label_3;
| }
0x00002384 sltu v0, a0, s0 | v0 = (a0 < s0) ? 1 : 0;
0x00002388 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
| if (v0 == 0) {
0x0000238c beqz v0, 0x2608 | goto label_4;
| }
0x00002390 lw t9, -0x7fd4(gp) | t9 = *(gp);
0x00002394 bal 0x49a0 | fcn_000049a0 ();
0x00002398 nop |
0x0000239c lw gp, 0x30(sp) | gp = *(var_30h);
0x000023a0 lw t9, -0x7fd0(gp) | t9 = *(gp);
0x000023a4 move a0, v0 | a0 = v0;
0x000023a8 bal 0x5800 | fcn_00005800 ();
0x000023ac lw gp, 0x30(sp) | gp = *(var_30h);
0x000023b0 move a0, v0 | a0 = v0;
0x000023b4 move a1, v1 | a1 = v1;
0x000023b8 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x000023bc lw t9, -0x7fcc(gp) | t9 = *(gp);
0x000023c0 lw a2, 0x6970(v0) | a2 = *((v0 + 6748));
0x000023c4 lw a3, 0x6974(v0) | a3 = *((v0 + 6749));
0x000023c8 bal 0x5260 | fcn_00005260 ();
0x000023cc lw gp, 0x30(sp) | gp = *(var_30h);
0x000023d0 move a0, s0 | a0 = s0;
0x000023d4 move s1, v1 | s1 = v1;
0x000023d8 lw t9, -0x7fd4(gp) | t9 = *(gp);
0x000023dc move s0, v0 | s0 = v0;
0x000023e0 bal 0x49a0 | fcn_000049a0 ();
0x000023e4 lw gp, 0x30(sp) | gp = *(var_30h);
0x000023e8 lw t9, -0x7fd0(gp) | t9 = *(gp);
0x000023ec move a0, v0 | a0 = v0;
0x000023f0 bal 0x5800 | fcn_00005800 ();
0x000023f4 lw gp, 0x30(sp) | gp = *(var_30h);
0x000023f8 move a2, v0 | a2 = v0;
0x000023fc move a3, v1 | a3 = v1;
0x00002400 lw t9, -0x7fc8(gp) | t9 = *(gp);
0x00002404 move a0, s0 | a0 = s0;
0x00002408 move a1, s1 | a1 = s1;
0x0000240c bal 0x4aa0 | fcn_00004aa0 ();
0x00002410 lw gp, 0x30(sp) | gp = *(var_30h);
0x00002414 move a0, v0 | a0 = v0;
0x00002418 lw t9, -0x7fc4(gp) | t9 = *(gp);
0x0000241c move a1, v1 | a1 = v1;
0x00002420 bal 0x5940 | fcn_00005940 ();
0x00002424 lw gp, 0x30(sp) | gp = *(var_30h);
0x00002428 lw t9, -0x7fd0(gp) | t9 = *(gp);
0x0000242c move a0, v0 | a0 = v0;
0x00002430 bal 0x5800 | fcn_00005800 ();
0x00002434 lw gp, 0x30(sp) | gp = *(var_30h);
0x00002438 move s0, v0 | s0 = v0;
0x0000243c move s1, v1 | s1 = v1;
| do {
| label_2:
0x00002440 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00002444 lw a0, 0x3c(sp) | a0 = *(var_3ch);
0x00002448 lw t9, -0x7fa0(gp) | t9 = sym.imp.__sprintf_chk
0x0000244c lw v1, 0x71d8(v0) | v1 = *((v0 + 7286));
0x00002450 lui v0, 0x8888 | v0 = 0x88880000;
0x00002454 subu a0, a0, v1 | __asm ("subu a0, a0, v1");
0x00002458 ori v0, v0, 0x8889 | v0 |= 0x8889;
0x0000245c mult a0, v0 | __asm ("mult a0, v0");
0x00002460 mfhi v1 | __asm ("mfhi v1");
0x00002464 sra a1, a0, 0x1f | a1 = a0 >> 0x1f;
0x00002468 addiu s4, sp, 0x244 | s4 = sp + 0x244;
0x0000246c addu v1, v1, a0 | v1 += a0;
0x00002470 sra v1, v1, 5 | v1 >>= 5;
0x00002474 subu t0, v1, a1 | __asm ("subu t0, v1, a1");
0x00002478 mult t0, v0 | __asm ("mult t0, v0");
0x0000247c mfhi v0 | __asm ("mfhi v0");
0x00002480 sra t1, t0, 0x1f | t1 = t0 >> 0x1f;
0x00002484 sll a2, t0, 4 | a2 = t0 << 4;
0x00002488 subu v1, a2, t0 | __asm ("subu v1, a2, t0");
0x0000248c sll v1, v1, 2 | v1 <<= 2;
0x00002490 addu v0, v0, t0 | v0 += t0;
0x00002494 sra v0, v0, 5 | v0 >>= 5;
0x00002498 subu a3, v0, t1 | __asm ("subu a3, v0, t1");
0x0000249c sll a1, a3, 4 | a1 = a3 << 4;
0x000024a0 subu a1, a1, a3 | __asm ("subu a1, a1, a3");
0x000024a4 sll a1, a1, 2 | a1 <<= 2;
0x000024a8 move v0, a3 | v0 = a3;
0x000024ac subu v1, a0, v1 | __asm ("subu v1, a0, v1");
0x000024b0 subu a3, t0, a1 | __asm ("subu a3, t0, a1");
| if (v0 == 0) {
0x000024b4 beqz v0, 0x2614 | goto label_5;
| }
0x000024b8 sw a3, 0x14(sp) | *(var_14h_2) = a3;
0x000024bc lw a3, -0x7fd8(gp) | a3 = *((gp - 8182));
0x000024c0 sw v1, 0x18(sp) | *(var_18h_2) = v1;
0x000024c4 sw v0, 0x10(sp) | *(var_10h_3) = v0;
0x000024c8 addiu a3, a3, 0x6108 | a3 += str._d:_02d:_02d;
0x000024cc addiu a2, zero, 0x20 | a2 = 0x20;
0x000024d0 addiu a1, zero, 1 | a1 = 1;
0x000024d4 move a0, s4 | a0 = s4;
0x000024d8 jalr t9 | t9 ();
0x000024dc lw gp, 0x30(sp) | gp = *(var_30h);
| label_0:
0x000024e0 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x000024e4 lw t9, -0x7eb0(gp) | t9 = sym.imp.__snprintf_chk;
0x000024e8 addiu s3, sp, 0x264 | s3 = sp + 0x264;
0x000024ec lw t0, 0x71c4(v0) | t0 = *((v0 + 7281));
0x000024f0 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x000024f4 addiu a3, zero, 0x80 | a3 = 0x80;
0x000024f8 sw t0, 0x2c(sp) | *(var_2ch) = t0;
0x000024fc lw v1, 0x71c8(v0) | v1 = *((v0 + 7282));
0x00002500 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00002504 sw v1, 0x28(sp) | *(var_28h) = v1;
0x00002508 addiu a2, zero, 1 | a2 = 1;
0x0000250c lw v0, 0x71cc(v0) | v0 = *((v0 + 7283));
0x00002510 addiu a1, zero, 0x80 | a1 = 0x80;
0x00002514 sw v0, 0x24(sp) | *(var_24h_2) = v0;
0x00002518 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x0000251c move a0, s3 | a0 = s3;
0x00002520 addiu v0, v0, 0x6120 | v0 += str._6.2f___done___s_elapsed.___d__d__d_errors_;
0x00002524 sw s0, 0x18(sp) | *(var_18h_2) = s0;
0x00002528 sw s4, 0x20(sp) | *(var_20h_2) = s4;
0x0000252c sw s1, 0x1c(sp) | *(var_1ch_2) = s1;
0x00002530 sw v0, 0x10(sp) | *(var_10h_3) = v0;
0x00002534 jalr t9 | t9 ();
0x00002538 lw gp, 0x30(sp) | gp = *(var_30h);
0x0000253c addiu s0, sp, 0x44 | s0 = sp + 0x44;
0x00002540 move a0, s0 | a0 = s0;
0x00002544 lw t9, -0x7f68(gp) | t9 = sym.imp.mbstowcs;
0x00002548 addiu a2, zero, 0x80 | a2 = 0x80;
0x0000254c move a1, s3 | a1 = s3;
0x00002550 jalr t9 | t9 ();
0x00002554 lw gp, 0x30(sp) | gp = *(var_30h);
0x00002558 move a0, s0 | a0 = s0;
0x0000255c lw t9, -0x7f64(gp) | t9 = sym.imp.wcswidth;
0x00002560 addiu a1, zero, 0x80 | a1 = 0x80;
0x00002564 jalr t9 | t9 ();
0x00002568 move s0, v0 | s0 = v0;
0x0000256c lw gp, 0x30(sp) | gp = *(var_30h);
| if (v0 < 0) {
0x00002570 bltz v0, 0x263c | goto label_6;
| }
0x00002574 move s4, v0 | s4 = v0;
| label_1:
0x00002578 lw s1, -0x7ed0(gp) | s1 = *((gp - 8116));
0x0000257c lw t9, -0x7f90(gp) | t9 = sym.imp.fputs;
0x00002580 move a0, s3 | a0 = s3;
0x00002584 lw a1, (s1) | a1 = *(s1);
0x00002588 jalr t9 | t9 ();
0x0000258c lw gp, 0x30(sp) | gp = *(var_30h);
0x00002590 addiu a3, zero, 0x80 | a3 = 0x80;
0x00002594 move a2, s4 | a2 = s4;
0x00002598 lw t9, -0x7f74(gp) | t9 = sym.imp.__memset_chk;
0x0000259c addiu a1, zero, 8 | a1 = 8;
0x000025a0 move a0, s3 | a0 = s3;
0x000025a4 jalr t9 | t9 ();
0x000025a8 lw gp, 0x30(sp) | gp = *(var_30h);
0x000025ac addiu v0, sp, 0x2e8 | v0 = sp + 0x2e8;
0x000025b0 addu s0, v0, s0 | s0 = v0 + s0;
0x000025b4 lw a1, (s1) | a1 = *(s1);
0x000025b8 lw t9, -0x7f90(gp) | t9 = sym.imp.fputs;
0x000025bc move a0, s3 | a0 = s3;
0x000025c0 sb zero, -0x84(s0) | *((s0 - 132)) = 0;
0x000025c4 jalr t9 | t9 ();
0x000025c8 lw gp, 0x30(sp) | gp = *(var_30h);
0x000025cc lw t9, -0x7ec8(gp) | t9 = sym.imp.fflush;
0x000025d0 lw a0, (s1) | a0 = *(s1);
0x000025d4 jalr t9 | t9 ();
0x000025d8 lw v1, 0x2e4(sp) | v1 = *(var_2e4h);
0x000025dc lw v0, (s2) | v0 = *(s2);
0x000025e0 lw gp, 0x30(sp) | gp = *(var_30h);
| if (v1 != v0) {
0x000025e4 bne v1, v0, 0x2664 | goto label_7;
| }
0x000025e8 lw ra, 0x2fc(sp) | ra = *(var_2fch);
0x000025ec lw s4, 0x2f8(sp) | s4 = *(var_2f8h);
0x000025f0 lw s3, 0x2f4(sp) | s3 = *(var_2f4h);
0x000025f4 lw s2, 0x2f0(sp) | s2 = *(var_2f0h);
0x000025f8 lw s1, 0x2ec(sp) | s1 = *(var_2ech);
0x000025fc lw s0, 0x2e8(sp) | s0 = *(var_2e8h);
0x00002600 addiu sp, sp, 0x300 |
0x00002604 jr ra | return v1;
| label_4:
0x00002608 lw s0, 0x6970(v0) | s0 = *((v0 + 6748));
0x0000260c lw s1, 0x6974(v0) | s1 = *((v0 + 6749));
0x00002610 b 0x2440 |
| } while (1);
| label_5:
0x00002614 sw a3, 0x10(sp) | *(var_10h_3) = a3;
0x00002618 lw a3, -0x7fd8(gp) | a3 = *((gp - 8182));
0x0000261c sw v1, 0x14(sp) | *(var_14h_2) = v1;
0x00002620 addiu a3, a3, 0x6118 | a3 += str._d:_02d;
0x00002624 addiu a2, zero, 0x20 | a2 = 0x20;
0x00002628 addiu a1, zero, 1 | a1 = 1;
0x0000262c move a0, s4 | a0 = s4;
0x00002630 jalr t9 | t9 ();
0x00002634 lw gp, 0x30(sp) | gp = *(var_30h);
0x00002638 b 0x24e0 | goto label_0;
| label_6:
0x0000263c lw t9, -0x7f3c(gp) | t9 = sym.imp.strlen;
0x00002640 move a0, s3 | a0 = s3;
0x00002644 jalr t9 | t9 ();
0x00002648 move s4, v0 | s4 = v0;
0x0000264c lw gp, 0x30(sp) | gp = *(var_30h);
0x00002650 move s0, v0 | s0 = v0;
0x00002654 b 0x2578 | goto label_1;
| label_3:
0x00002658 move s0, zero | s0 = 0;
0x0000265c move s1, zero | s1 = 0;
0x00002660 b 0x2440 | goto label_2;
| label_7:
0x00002664 lw t9, -0x7f00(gp) | t9 = sym.imp.__stack_chk_fail;
0x00002668 jalr t9 | t9 ();
0x0000266c nop |
| }
[*] Function sprintf used 2 times badblocks
