[*] Binary protection state of dstack
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of dstack
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/dstack @ 0x1700 */
| #include <stdint.h>
|
; (fcn) sym.prog_init () | void prog_init () {
0x00001700 lui gp, 2 |
0x00001704 addiu gp, gp, -0x66f0 |
0x00001708 addu gp, gp, t9 | gp += t9;
0x0000170c addiu sp, sp, -0x280 |
0x00001710 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00001714 sw s7, 0x274(sp) | *(var_274h) = s7;
0x00001718 lw s7, -0x7ef8(gp) | s7 = *((gp - 8126));
0x0000171c lw t9, -0x7f1c(gp) | t9 = sym.imp.__asprintf_chk
0x00001720 move a3, a0 | a3 = a0;
0x00001724 lw v0, (s7) | v0 = *(s7);
0x00001728 sw ra, 0x27c(sp) | *(var_27ch) = ra;
0x0000172c sw gp, 0x20(sp) | *(var_20h) = gp;
0x00001730 addiu a2, a2, 0x26f0 | a2 += str._proc__lu_maps;
0x00001734 sw s3, 0x264(sp) | *(var_264h) = s3;
0x00001738 addiu a1, zero, 1 | a1 = 1;
0x0000173c addiu a0, sp, 0x30 | a0 = sp + 0x30;
0x00001740 sw fp, 0x278(sp) | *(var_278h) = fp;
0x00001744 sw s6, 0x270(sp) | *(var_270h) = s6;
0x00001748 sw s5, 0x26c(sp) | *(var_26ch) = s5;
0x0000174c sw s4, 0x268(sp) | *(var_268h) = s4;
0x00001750 sw s2, 0x260(sp) | *(var_260h) = s2;
0x00001754 sw s1, 0x25c(sp) | *(var_25ch) = s1;
0x00001758 sw s0, 0x258(sp) | *(var_258h) = s0;
0x0000175c sw v0, 0x254(sp) | *(var_254h) = v0;
0x00001760 sw zero, 0x30(sp) | *(var_30h) = 0;
0x00001764 jalr t9 | t9 ();
0x00001768 nop |
0x0000176c lw gp, 0x20(sp) | gp = *(var_20h);
0x00001770 lw a0, 0x30(sp) | a0 = *(var_30h);
0x00001774 lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00001778 lw t9, -0x7eec(gp) | t9 = sym.imp.fopen;
0x0000177c addiu a1, a1, 0x2700 | a1 += 0x2700;
0x00001780 jalr t9 | t9 ();
0x00001784 lw gp, 0x20(sp) | gp = *(var_20h);
0x00001788 lw a0, 0x30(sp) | a0 = *(var_30h);
0x0000178c lw t9, -0x7ef0(gp) | t9 = sym.imp.free;
0x00001790 move s3, v0 | s3 = v0;
0x00001794 jalr t9 | t9 ();
0x00001798 lw gp, 0x20(sp) | gp = *(var_20h);
| if (s3 == 0) {
0x0000179c beqz s3, 0x19b4 | goto label_6;
| }
0x000017a0 lw t9, -0x7f74(gp) | t9 = sym.imp.calloc;
0x000017a4 addiu a1, zero, 0x10 | a1 = 0x10;
0x000017a8 addiu a0, zero, 1 | a0 = 1;
0x000017ac jalr t9 | t9 ();
0x000017b0 move s5, v0 | s5 = v0;
0x000017b4 lw gp, 0x20(sp) | gp = *(var_20h);
| if (v0 == 0) {
0x000017b8 beqz v0, 0x18b0 | goto label_7;
| }
0x000017bc lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x000017c0 lw s4, -0x7fdc(gp) | s4 = *((gp - 8183));
0x000017c4 sw v0, 0x28(sp) | *(var_28h) = v0;
0x000017c8 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x000017cc lw s6, -0x7fdc(gp) | s6 = *((gp - 8183));
0x000017d0 addiu v0, v0, 0x2740 | v0 += str.r_xp;
0x000017d4 lw s2, -0x7fd0(gp) | s2 = *((gp - 8180));
0x000017d8 addiu fp, sp, 0x38 | fp = sp + 0x38;
0x000017dc addiu s4, s4, 0x271c | s4 += str._lx__lx__s__lx__s__d__s_n;
0x000017e0 addiu s6, s6, 0x2748 | s6 += 0x2748;
0x000017e4 sw v0, 0x2c(sp) | *(var_2ch) = v0;
| do {
| label_1:
0x000017e8 lw t9, -0x7efc(gp) | t9 = sym.imp.fgets;
0x000017ec move a2, s3 | a2 = s3;
0x000017f0 addiu a1, zero, 0x400 | a1 = 0x400;
0x000017f4 addiu a0, s2, 0x3160 | a0 = s2 + 0x3160;
0x000017f8 jalr t9 | t9 ();
0x000017fc lw gp, 0x20(sp) | gp = *(var_20h);
| if (v0 == 0) {
0x00001800 beqz v0, 0x18b0 | goto label_7;
| }
| label_0:
0x00001804 addiu v0, sp, 0x40 | v0 = sp + 0x40;
0x00001808 lw t9, -0x7f5c(gp) | t9 = sym.imp.sscanf;
0x0000180c sw v0, 0x18(sp) | *(var_18h_2) = v0;
0x00001810 addiu s1, sp, 0x54 | s1 = sp + 0x54;
0x00001814 addiu v0, sp, 0x3c | v0 = sp + 0x3c;
0x00001818 addiu s0, sp, 0x44 | s0 = sp + 0x44;
0x0000181c sw s1, 0x1c(sp) | *(var_1ch_2) = s1;
0x00001820 sw v0, 0x14(sp) | *(var_14h) = v0;
0x00001824 sw s0, 0x10(sp) | *(var_10h_2) = s0;
0x00001828 move a3, fp | a3 = fp;
0x0000182c addiu a2, sp, 0x34 | a2 = sp + 0x34;
0x00001830 move a1, s4 | a1 = s4;
0x00001834 addiu a0, s2, 0x3160 | a0 = s2 + 0x3160;
0x00001838 jalr t9 | t9 ();
0x0000183c addiu v1, zero, 6 | v1 = 6;
0x00001840 lw gp, 0x20(sp) | gp = *(var_20h);
| if (v0 == v1) {
0x00001844 beq v0, v1, 0x1914 | goto label_8;
| }
| label_2:
0x00001848 lw t9, -0x7f68(gp) | t9 = sym.imp.strncmp;
| label_3:
0x0000184c addiu a2, zero, 2 | a2 = 2;
0x00001850 move a1, s0 | a1 = s0;
0x00001854 move a0, s6 | a0 = s6;
0x00001858 jalr t9 | t9 ();
0x0000185c lw gp, 0x20(sp) | gp = *(var_20h);
0x00001860 bnez v0, 0x17e8 |
| } while (v0 != 0);
0x00001864 lw t9, -0x7f9c(gp) | t9 = sym.vmap_new;
0x00001868 lw a3, 0x3c(sp) | a3 = *(var_3ch);
0x0000186c lw a2, 0x38(sp) | a2 = *(var_38h);
0x00001870 lw a1, 0x34(sp) | a1 = *(var_34h);
0x00001874 move a0, s1 | a0 = s1;
0x00001878 lw s0, 0xc(s5) | s0 = *((s5 + 3));
0x0000187c bal 0x1660 | sym_vmap_new ();
0x00001880 addiu v1, zero, 3 | v1 = 3;
0x00001884 lw gp, 0x20(sp) | gp = *(var_20h);
0x00001888 sw v1, 0x10(v0) | *((v0 + 4)) = v1;
| if (s0 != 0) {
0x0000188c bnez s0, 0x1900 | goto label_9;
| }
0x00001890 sw v0, 0xc(s5) | *((s5 + 3)) = v0;
| label_4:
0x00001894 lw t9, -0x7efc(gp) | t9 = sym.imp.fgets;
0x00001898 move a2, s3 | a2 = s3;
0x0000189c addiu a1, zero, 0x400 | a1 = 0x400;
0x000018a0 addiu a0, s2, 0x3160 | a0 = s2 + 0x3160;
0x000018a4 jalr t9 | t9 ();
0x000018a8 lw gp, 0x20(sp) | gp = *(var_20h);
| if (v0 != 0) {
0x000018ac bnez v0, 0x1804 | goto label_0;
| }
| label_7:
0x000018b0 lw t9, -0x7f60(gp) | t9 = sym.imp.fclose;
0x000018b4 move a0, s3 | a0 = s3;
0x000018b8 jalr t9 | t9 ();
0x000018bc lw gp, 0x20(sp) | gp = *(var_20h);
| label_5:
0x000018c0 lw a0, 0x254(sp) | a0 = *(var_254h);
0x000018c4 lw v1, (s7) | v1 = *(s7);
0x000018c8 move v0, s5 | v0 = s5;
| if (a0 != v1) {
0x000018cc bne a0, v1, 0x19d0 | goto label_10;
| }
0x000018d0 lw ra, 0x27c(sp) | ra = *(var_27ch);
0x000018d4 lw fp, 0x278(sp) | fp = *(var_278h);
0x000018d8 lw s7, 0x274(sp) | s7 = *(var_274h);
0x000018dc lw s6, 0x270(sp) | s6 = *(var_270h);
0x000018e0 lw s5, 0x26c(sp) | s5 = *(var_26ch);
0x000018e4 lw s4, 0x268(sp) | s4 = *(var_268h);
0x000018e8 lw s3, 0x264(sp) | s3 = *(var_264h);
0x000018ec lw s2, 0x260(sp) | s2 = *(var_260h);
0x000018f0 lw s1, 0x25c(sp) | s1 = *(var_25ch);
0x000018f4 lw s0, 0x258(sp) | s0 = *(var_258h);
0x000018f8 addiu sp, sp, 0x280 |
0x000018fc jr ra | return v0;
| do {
| label_9:
0x00001900 lw v1, 0x1c(s0) | v1 = *((s0 + 7));
0x00001904 move s0, v1 | s0 = v1;
0x00001908 bnel v1, zero, 0x1900 |
| } while (v1 == 0);
0x0000190c sw v0, 0x1c(s0) | *((s0 + 7)) = v0;
0x00001910 b 0x17e8 | goto label_1;
| label_8:
0x00001914 lw v0, 0x28(sp) | v0 = *(var_28h);
0x00001918 lw t9, -0x7ed8(gp) | t9 = sym.imp.strcmp;
0x0000191c move a1, s1 | a1 = s1;
0x00001920 addiu a0, v0, 0x2738 | a0 = v0 + str._stack_;
0x00001924 jalr t9 | t9 ();
0x00001928 lw gp, 0x20(sp) | gp = *(var_20h);
| if (v0 == 0) {
0x0000192c bnez v0, 0x1944 |
0x00001930 lw v0, 0x34(sp) | v0 = *(var_34h);
0x00001934 sw v0, 4(s5) | *((s5 + 1)) = v0;
0x00001938 lw v0, 0x38(sp) | v0 = *(var_38h);
0x0000193c sw v0, 8(s5) | *((s5 + 2)) = v0;
0x00001940 b 0x17e8 | goto label_1;
| }
0x00001944 lw t9, -0x7ed8(gp) | t9 = sym.imp.strcmp;
0x00001948 lw a0, 0x2c(sp) | a0 = *(var_2ch);
0x0000194c move a1, s0 | a1 = s0;
0x00001950 jalr t9 | t9 ();
0x00001954 lw gp, 0x20(sp) | gp = *(var_20h);
| if (v0 != 0) {
0x00001958 bnez v0, 0x1848 | goto label_2;
| }
0x0000195c lb v1, 0x54(sp) | v1 = *(var_54h);
0x00001960 addiu v0, zero, 0x5b | v0 = 0x5b;
0x00001964 lw t9, -0x7f68(gp) | t9 = sym.imp.strncmp;
| if (v1 == v0) {
0x00001968 beq v1, v0, 0x184c | goto label_3;
| }
0x0000196c lw t9, -0x7f9c(gp) | t9 = sym.vmap_new;
0x00001970 lw a3, 0x3c(sp) | a3 = *(var_3ch);
0x00001974 lw a2, 0x38(sp) | a2 = *(var_38h);
0x00001978 lw a1, 0x34(sp) | a1 = *(var_34h);
0x0000197c move a0, s1 | a0 = s1;
0x00001980 lw s0, 0xc(s5) | s0 = *((s5 + 3));
0x00001984 bal 0x1660 | sym_vmap_new ();
0x00001988 addiu v1, zero, 5 | v1 = 5;
0x0000198c lw gp, 0x20(sp) | gp = *(var_20h);
0x00001990 sw v1, 0x10(v0) | *((v0 + 4)) = v1;
| if (s0 != 0) {
0x00001994 bnez s0, 0x19a0 | goto label_11;
| }
0x00001998 sw v0, 0xc(s5) | *((s5 + 3)) = v0;
0x0000199c b 0x1894 | goto label_4;
| do {
| label_11:
0x000019a0 lw v1, 0x1c(s0) | v1 = *((s0 + 7));
0x000019a4 move s0, v1 | s0 = v1;
0x000019a8 bnel v1, zero, 0x19a0 |
| } while (v1 == 0);
0x000019ac sw v0, 0x1c(s0) | *((s0 + 7)) = v0;
0x000019b0 b 0x17e8 | goto label_1;
| label_6:
0x000019b4 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x000019b8 lw t9, -0x7f24(gp) | t9 = sym.imp.puts;
0x000019bc addiu a0, a0, 0x2704 | a0 += str.unable_to_open_proc_dir;
0x000019c0 jalr t9 | t9 ();
0x000019c4 move s5, zero | s5 = 0;
0x000019c8 lw gp, 0x20(sp) | gp = *(var_20h);
0x000019cc b 0x18c0 | goto label_5;
| label_10:
0x000019d0 lw t9, -0x7f04(gp) | t9 = sym.imp.__stack_chk_fail;
0x000019d4 jalr t9 | t9 ();
0x000019d8 nop |
| }
[*] Function sprintf used 2 times dstack