[*] Binary protection state of dstack

  
  	Full RELRO     Canary found      NX disabled  PIE enabled  No RPATH     No RUNPATH   No Symbols


[*] Function sprintf tear down of dstack

    ; assembly                           | /* r2dec pseudo code output */
                                         | /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/dstack @ 0x1700 */
                                         | #include <stdint.h>
                                         |  
    ; (fcn) sym.prog_init ()             | void prog_init () {
    0x00001700 lui gp, 2                 |     
    0x00001704 addiu gp, gp, -0x66f0     |     
    0x00001708 addu gp, gp, t9           |     gp += t9;
    0x0000170c addiu sp, sp, -0x280      |     
    0x00001710 lw a2, -0x7fdc(gp)        |     a2 = *((gp - 8183));
    0x00001714 sw s7, 0x274(sp)          |     *(var_274h) = s7;
    0x00001718 lw s7, -0x7ef8(gp)        |     s7 = *((gp - 8126));
    0x0000171c lw t9, -0x7f1c(gp)        |     t9 = sym.imp.__asprintf_chk
    0x00001720 move a3, a0               |     a3 = a0;
    0x00001724 lw v0, (s7)               |     v0 = *(s7);
    0x00001728 sw ra, 0x27c(sp)          |     *(var_27ch) = ra;
    0x0000172c sw gp, 0x20(sp)           |     *(var_20h) = gp;
    0x00001730 addiu a2, a2, 0x26f0      |     a2 += str._proc__lu_maps;
    0x00001734 sw s3, 0x264(sp)          |     *(var_264h) = s3;
    0x00001738 addiu a1, zero, 1         |     a1 = 1;
    0x0000173c addiu a0, sp, 0x30        |     a0 = sp + 0x30;
    0x00001740 sw fp, 0x278(sp)          |     *(var_278h) = fp;
    0x00001744 sw s6, 0x270(sp)          |     *(var_270h) = s6;
    0x00001748 sw s5, 0x26c(sp)          |     *(var_26ch) = s5;
    0x0000174c sw s4, 0x268(sp)          |     *(var_268h) = s4;
    0x00001750 sw s2, 0x260(sp)          |     *(var_260h) = s2;
    0x00001754 sw s1, 0x25c(sp)          |     *(var_25ch) = s1;
    0x00001758 sw s0, 0x258(sp)          |     *(var_258h) = s0;
    0x0000175c sw v0, 0x254(sp)          |     *(var_254h) = v0;
    0x00001760 sw zero, 0x30(sp)         |     *(var_30h) = 0;
    0x00001764 jalr t9                   |     t9 ();
    0x00001768 nop                       |     
    0x0000176c lw gp, 0x20(sp)           |     gp = *(var_20h);
    0x00001770 lw a0, 0x30(sp)           |     a0 = *(var_30h);
    0x00001774 lw a1, -0x7fdc(gp)        |     a1 = *((gp - 8183));
    0x00001778 lw t9, -0x7eec(gp)        |     t9 = sym.imp.fopen;
    0x0000177c addiu a1, a1, 0x2700      |     a1 += 0x2700;
    0x00001780 jalr t9                   |     t9 ();
    0x00001784 lw gp, 0x20(sp)           |     gp = *(var_20h);
    0x00001788 lw a0, 0x30(sp)           |     a0 = *(var_30h);
    0x0000178c lw t9, -0x7ef0(gp)        |     t9 = sym.imp.free;
    0x00001790 move s3, v0               |     s3 = v0;
    0x00001794 jalr t9                   |     t9 ();
    0x00001798 lw gp, 0x20(sp)           |     gp = *(var_20h);
                                         |     if (s3 == 0) {
    0x0000179c beqz s3, 0x19b4           |         goto label_6;
                                         |     }
    0x000017a0 lw t9, -0x7f74(gp)        |     t9 = sym.imp.calloc;
    0x000017a4 addiu a1, zero, 0x10      |     a1 = 0x10;
    0x000017a8 addiu a0, zero, 1         |     a0 = 1;
    0x000017ac jalr t9                   |     t9 ();
    0x000017b0 move s5, v0               |     s5 = v0;
    0x000017b4 lw gp, 0x20(sp)           |     gp = *(var_20h);
                                         |     if (v0 == 0) {
    0x000017b8 beqz v0, 0x18b0           |         goto label_7;
                                         |     }
    0x000017bc lw v0, -0x7fdc(gp)        |     v0 = *((gp - 8183));
    0x000017c0 lw s4, -0x7fdc(gp)        |     s4 = *((gp - 8183));
    0x000017c4 sw v0, 0x28(sp)           |     *(var_28h) = v0;
    0x000017c8 lw v0, -0x7fdc(gp)        |     v0 = *((gp - 8183));
    0x000017cc lw s6, -0x7fdc(gp)        |     s6 = *((gp - 8183));
    0x000017d0 addiu v0, v0, 0x2740      |     v0 += str.r_xp;
    0x000017d4 lw s2, -0x7fd0(gp)        |     s2 = *((gp - 8180));
    0x000017d8 addiu fp, sp, 0x38        |     fp = sp + 0x38;
    0x000017dc addiu s4, s4, 0x271c      |     s4 += str._lx__lx__s__lx__s__d__s_n;
    0x000017e0 addiu s6, s6, 0x2748      |     s6 += 0x2748;
    0x000017e4 sw v0, 0x2c(sp)           |     *(var_2ch) = v0;
                                         |     do {
                                         | label_1:
    0x000017e8 lw t9, -0x7efc(gp)        |         t9 = sym.imp.fgets;
    0x000017ec move a2, s3               |         a2 = s3;
    0x000017f0 addiu a1, zero, 0x400     |         a1 = 0x400;
    0x000017f4 addiu a0, s2, 0x3160      |         a0 = s2 + 0x3160;
    0x000017f8 jalr t9                   |         t9 ();
    0x000017fc lw gp, 0x20(sp)           |         gp = *(var_20h);
                                         |         if (v0 == 0) {
    0x00001800 beqz v0, 0x18b0           |             goto label_7;
                                         |         }
                                         | label_0:
    0x00001804 addiu v0, sp, 0x40        |         v0 = sp + 0x40;
    0x00001808 lw t9, -0x7f5c(gp)        |         t9 = sym.imp.sscanf;
    0x0000180c sw v0, 0x18(sp)           |         *(var_18h_2) = v0;
    0x00001810 addiu s1, sp, 0x54        |         s1 = sp + 0x54;
    0x00001814 addiu v0, sp, 0x3c        |         v0 = sp + 0x3c;
    0x00001818 addiu s0, sp, 0x44        |         s0 = sp + 0x44;
    0x0000181c sw s1, 0x1c(sp)           |         *(var_1ch_2) = s1;
    0x00001820 sw v0, 0x14(sp)           |         *(var_14h) = v0;
    0x00001824 sw s0, 0x10(sp)           |         *(var_10h_2) = s0;
    0x00001828 move a3, fp               |         a3 = fp;
    0x0000182c addiu a2, sp, 0x34        |         a2 = sp + 0x34;
    0x00001830 move a1, s4               |         a1 = s4;
    0x00001834 addiu a0, s2, 0x3160      |         a0 = s2 + 0x3160;
    0x00001838 jalr t9                   |         t9 ();
    0x0000183c addiu v1, zero, 6         |         v1 = 6;
    0x00001840 lw gp, 0x20(sp)           |         gp = *(var_20h);
                                         |         if (v0 == v1) {
    0x00001844 beq v0, v1, 0x1914        |             goto label_8;
                                         |         }
                                         | label_2:
    0x00001848 lw t9, -0x7f68(gp)        |         t9 = sym.imp.strncmp;
                                         | label_3:
    0x0000184c addiu a2, zero, 2         |         a2 = 2;
    0x00001850 move a1, s0               |         a1 = s0;
    0x00001854 move a0, s6               |         a0 = s6;
    0x00001858 jalr t9                   |         t9 ();
    0x0000185c lw gp, 0x20(sp)           |         gp = *(var_20h);
    0x00001860 bnez v0, 0x17e8           |         
                                         |     } while (v0 != 0);
    0x00001864 lw t9, -0x7f9c(gp)        |     t9 = sym.vmap_new;
    0x00001868 lw a3, 0x3c(sp)           |     a3 = *(var_3ch);
    0x0000186c lw a2, 0x38(sp)           |     a2 = *(var_38h);
    0x00001870 lw a1, 0x34(sp)           |     a1 = *(var_34h);
    0x00001874 move a0, s1               |     a0 = s1;
    0x00001878 lw s0, 0xc(s5)            |     s0 = *((s5 + 3));
    0x0000187c bal 0x1660                |     sym_vmap_new ();
    0x00001880 addiu v1, zero, 3         |     v1 = 3;
    0x00001884 lw gp, 0x20(sp)           |     gp = *(var_20h);
    0x00001888 sw v1, 0x10(v0)           |     *((v0 + 4)) = v1;
                                         |     if (s0 != 0) {
    0x0000188c bnez s0, 0x1900           |         goto label_9;
                                         |     }
    0x00001890 sw v0, 0xc(s5)            |     *((s5 + 3)) = v0;
                                         | label_4:
    0x00001894 lw t9, -0x7efc(gp)        |     t9 = sym.imp.fgets;
    0x00001898 move a2, s3               |     a2 = s3;
    0x0000189c addiu a1, zero, 0x400     |     a1 = 0x400;
    0x000018a0 addiu a0, s2, 0x3160      |     a0 = s2 + 0x3160;
    0x000018a4 jalr t9                   |     t9 ();
    0x000018a8 lw gp, 0x20(sp)           |     gp = *(var_20h);
                                         |     if (v0 != 0) {
    0x000018ac bnez v0, 0x1804           |         goto label_0;
                                         |     }
                                         | label_7:
    0x000018b0 lw t9, -0x7f60(gp)        |     t9 = sym.imp.fclose;
    0x000018b4 move a0, s3               |     a0 = s3;
    0x000018b8 jalr t9                   |     t9 ();
    0x000018bc lw gp, 0x20(sp)           |     gp = *(var_20h);
                                         | label_5:
    0x000018c0 lw a0, 0x254(sp)          |     a0 = *(var_254h);
    0x000018c4 lw v1, (s7)               |     v1 = *(s7);
    0x000018c8 move v0, s5               |     v0 = s5;
                                         |     if (a0 != v1) {
    0x000018cc bne a0, v1, 0x19d0        |         goto label_10;
                                         |     }
    0x000018d0 lw ra, 0x27c(sp)          |     ra = *(var_27ch);
    0x000018d4 lw fp, 0x278(sp)          |     fp = *(var_278h);
    0x000018d8 lw s7, 0x274(sp)          |     s7 = *(var_274h);
    0x000018dc lw s6, 0x270(sp)          |     s6 = *(var_270h);
    0x000018e0 lw s5, 0x26c(sp)          |     s5 = *(var_26ch);
    0x000018e4 lw s4, 0x268(sp)          |     s4 = *(var_268h);
    0x000018e8 lw s3, 0x264(sp)          |     s3 = *(var_264h);
    0x000018ec lw s2, 0x260(sp)          |     s2 = *(var_260h);
    0x000018f0 lw s1, 0x25c(sp)          |     s1 = *(var_25ch);
    0x000018f4 lw s0, 0x258(sp)          |     s0 = *(var_258h);
    0x000018f8 addiu sp, sp, 0x280       |     
    0x000018fc jr ra                     |     return v0;
                                         |     do {
                                         | label_9:
    0x00001900 lw v1, 0x1c(s0)           |         v1 = *((s0 + 7));
    0x00001904 move s0, v1               |         s0 = v1;
    0x00001908 bnel v1, zero, 0x1900     |         
                                         |     } while (v1 == 0);
    0x0000190c sw v0, 0x1c(s0)           |     *((s0 + 7)) = v0;
    0x00001910 b 0x17e8                  |     goto label_1;
                                         | label_8:
    0x00001914 lw v0, 0x28(sp)           |     v0 = *(var_28h);
    0x00001918 lw t9, -0x7ed8(gp)        |     t9 = sym.imp.strcmp;
    0x0000191c move a1, s1               |     a1 = s1;
    0x00001920 addiu a0, v0, 0x2738      |     a0 = v0 + str._stack_;
    0x00001924 jalr t9                   |     t9 ();
    0x00001928 lw gp, 0x20(sp)           |     gp = *(var_20h);
                                         |     if (v0 == 0) {
    0x0000192c bnez v0, 0x1944           |         
    0x00001930 lw v0, 0x34(sp)           |         v0 = *(var_34h);
    0x00001934 sw v0, 4(s5)              |         *((s5 + 1)) = v0;
    0x00001938 lw v0, 0x38(sp)           |         v0 = *(var_38h);
    0x0000193c sw v0, 8(s5)              |         *((s5 + 2)) = v0;
    0x00001940 b 0x17e8                  |         goto label_1;
                                         |     }
    0x00001944 lw t9, -0x7ed8(gp)        |     t9 = sym.imp.strcmp;
    0x00001948 lw a0, 0x2c(sp)           |     a0 = *(var_2ch);
    0x0000194c move a1, s0               |     a1 = s0;
    0x00001950 jalr t9                   |     t9 ();
    0x00001954 lw gp, 0x20(sp)           |     gp = *(var_20h);
                                         |     if (v0 != 0) {
    0x00001958 bnez v0, 0x1848           |         goto label_2;
                                         |     }
    0x0000195c lb v1, 0x54(sp)           |     v1 = *(var_54h);
    0x00001960 addiu v0, zero, 0x5b      |     v0 = 0x5b;
    0x00001964 lw t9, -0x7f68(gp)        |     t9 = sym.imp.strncmp;
                                         |     if (v1 == v0) {
    0x00001968 beq v1, v0, 0x184c        |         goto label_3;
                                         |     }
    0x0000196c lw t9, -0x7f9c(gp)        |     t9 = sym.vmap_new;
    0x00001970 lw a3, 0x3c(sp)           |     a3 = *(var_3ch);
    0x00001974 lw a2, 0x38(sp)           |     a2 = *(var_38h);
    0x00001978 lw a1, 0x34(sp)           |     a1 = *(var_34h);
    0x0000197c move a0, s1               |     a0 = s1;
    0x00001980 lw s0, 0xc(s5)            |     s0 = *((s5 + 3));
    0x00001984 bal 0x1660                |     sym_vmap_new ();
    0x00001988 addiu v1, zero, 5         |     v1 = 5;
    0x0000198c lw gp, 0x20(sp)           |     gp = *(var_20h);
    0x00001990 sw v1, 0x10(v0)           |     *((v0 + 4)) = v1;
                                         |     if (s0 != 0) {
    0x00001994 bnez s0, 0x19a0           |         goto label_11;
                                         |     }
    0x00001998 sw v0, 0xc(s5)            |     *((s5 + 3)) = v0;
    0x0000199c b 0x1894                  |     goto label_4;
                                         |     do {
                                         | label_11:
    0x000019a0 lw v1, 0x1c(s0)           |         v1 = *((s0 + 7));
    0x000019a4 move s0, v1               |         s0 = v1;
    0x000019a8 bnel v1, zero, 0x19a0     |         
                                         |     } while (v1 == 0);
    0x000019ac sw v0, 0x1c(s0)           |     *((s0 + 7)) = v0;
    0x000019b0 b 0x17e8                  |     goto label_1;
                                         | label_6:
    0x000019b4 lw a0, -0x7fdc(gp)        |     a0 = *((gp - 8183));
    0x000019b8 lw t9, -0x7f24(gp)        |     t9 = sym.imp.puts;
    0x000019bc addiu a0, a0, 0x2704      |     a0 += str.unable_to_open_proc_dir;
    0x000019c0 jalr t9                   |     t9 ();
    0x000019c4 move s5, zero             |     s5 = 0;
    0x000019c8 lw gp, 0x20(sp)           |     gp = *(var_20h);
    0x000019cc b 0x18c0                  |     goto label_5;
                                         | label_10:
    0x000019d0 lw t9, -0x7f04(gp)        |     t9 = sym.imp.__stack_chk_fail;
    0x000019d4 jalr t9                   |     t9 ();
    0x000019d8 nop                       |     
                                         | }

[*] Function sprintf used 2 times dstack