[*] Binary protection state of flashaudit
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of flashaudit
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/flashaudit @ 0x2298 */
| #include <stdint.h>
|
; (fcn) fcn.00002298 () | void fcn_00002298 () {
0x00002298 lui gp, 2 |
0x0000229c addiu gp, gp, -0x6248 |
0x000022a0 addu gp, gp, t9 | gp += t9;
0x000022a4 addiu sp, sp, -0x2370 |
0x000022a8 lw t9, -0x7fd0(gp) | t9 = sym.audit_get_reply;
0x000022ac sw s0, 0x2358(sp) | *(arg_2358h) = s0;
0x000022b0 lw s0, -0x7f08(gp) | s0 = *((gp - 8130));
0x000022b4 sw gp, 0x18(sp) | *(var_18h) = gp;
0x000022b8 sw ra, 0x236c(sp) | *(arg_236ch) = ra;
0x000022bc lw v0, (s0) | v0 = *(s0);
0x000022c0 sw s4, 0x2368(sp) | *(arg_2368h) = s4;
0x000022c4 sw s3, 0x2364(sp) | *(arg_2364h) = s3;
0x000022c8 sw s2, 0x2360(sp) | *(arg_2360h) = s2;
0x000022cc sw s1, 0x235c(sp) | *(arg_235ch) = s1;
0x000022d0 move a2, zero | a2 = 0;
0x000022d4 addiu a1, sp, 0x28 | a1 = sp + 0x28;
0x000022d8 sw v0, 0x2354(sp) | *(arg_2354h) = v0;
0x000022dc bal 0x27f8 | sym_audit_get_reply ();
0x000022e0 nop |
0x000022e4 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x000022e8 bltz v0, 0x2550 | goto label_5;
| }
0x000022ec lw v0, 0x2c(sp) | v0 = *(var_2ch);
0x000022f0 sltiu v1, v0, 0x230a | v1 = (v0 < 0x230a) ? 1 : 0;
0x000022f4 addiu v1, sp, 0x2358 | v1 = sp + 0x2358;
| if (v1 == 0) {
0x000022f8 beqz v1, 0x231c | goto label_0;
| }
0x000022fc addu v0, v1, v0 | v0 = v1 + v0;
0x00002300 lw v1, 0x28(sp) | v1 = *(var_28h);
0x00002304 addiu a0, zero, 0x514 | a0 = 0x514;
0x00002308 sb zero, -0x2314(v0) | *((v0 - 8980)) = 0;
| if (v1 == a0) {
0x0000230c beq v1, a0, 0x2478 | goto label_6;
| }
0x00002310 addiu v0, zero, 0x516 | v0 = 0x516;
0x00002314 lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x00002318 beq v1, v0, 0x2348 |
| while (1) {
| label_0:
0x0000231c lw v1, 0x2354(sp) | v1 = *(arg_2354h);
0x00002320 lw v0, (s0) | v0 = *(s0);
0x00002324 invalid |
| if (v1 != v0) {
0x00002328 bne v1, v0, 0x2564 | goto label_7;
| }
0x0000232c lw s4, 0x2368(sp) | s4 = *(arg_2368h);
0x00002330 lw s3, 0x2364(sp) | s3 = *(arg_2364h);
0x00002334 lw s2, 0x2360(sp) | s2 = *(arg_2360h);
0x00002338 lw s1, 0x235c(sp) | s1 = *(arg_235ch);
0x0000233c lw s0, 0x2358(sp) | s0 = *(arg_2358h);
0x00002340 addiu sp, sp, 0x2370 |
0x00002344 jr ra | return v0;
0x00002348 lw t9, -0x7eec(gp) | t9 = sym.imp.strstr;
0x0000234c addiu s1, sp, 0x44 | s1 = sp + 0x44;
0x00002350 addiu a1, a1, 0x3124 | a1 += str.nametypePARENT;
0x00002354 move a0, s1 | a0 = s1;
0x00002358 jalr t9 | t9 ();
0x0000235c lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != 0) {
0x00002360 bnez v0, 0x24b0 | goto label_8;
| }
0x00002364 lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x00002368 lw t9, -0x7eec(gp) | t9 = sym.imp.strstr;
0x0000236c move a0, s1 | a0 = s1;
0x00002370 addiu a1, a1, 0x313c | a1 += str.nametypeCREATE;
0x00002374 jalr t9 | t9 ();
0x00002378 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000237c move a1, s1 | a1 = s1;
0x00002380 move s4, v0 | s4 = v0;
0x00002384 lw a0, -0x7fd8(gp) | a0 = *((gp - 8182));
0x00002388 lw t9, -0x7fd8(gp) | t9 = *((gp - 8182));
0x0000238c addiu t9, t9, 0x19f8 | t9 += fcn.000019f8;
0x00002390 addiu a0, a0, 0x3134 | a0 += str.name;
0x00002394 bal 0x19f8 | fcn_000019f8 ();
0x00002398 move s1, v0 | s1 = v0;
0x0000239c lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x000023a0 beqz v0, 0x2528 | goto label_9;
| }
0x000023a4 lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x000023a8 lw t9, -0x7ef0(gp) | t9 = sym.imp.strcmp;
0x000023ac addiu a1, a1, 0x314c | a1 += str._null_;
0x000023b0 move a0, v0 | a0 = v0;
0x000023b4 jalr t9 | t9 ();
0x000023b8 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x000023bc beqz v0, 0x251c | goto label_10;
| }
0x000023c0 lb v1, (s1) | v1 = *(s1);
0x000023c4 addiu v0, zero, 0x2f | v0 = 0x2f;
0x000023c8 sltu s4, zero, s4 | s4 = (0 < s4) ? 1 : 0;
| if (v1 == v0) {
0x000023cc beq v1, v0, 0x24e8 | goto label_11;
| }
0x000023d0 lw s2, -0x7fdc(gp) | s2 = *((gp - 8183));
0x000023d4 lw s3, 0x4180(s2) | s3 = *((s2 + 4192));
0x000023d8 lw a3, -0x7fd8(gp) | a3 = *((gp - 8182));
| if (s3 == 0) {
0x000023dc beqz s3, 0x2534 | goto label_12;
| }
0x000023e0 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x000023e4 move a3, s3 | a3 = s3;
0x000023e8 addiu v0, v0, 0x3108 | v0 += 0x3108;
| label_3:
0x000023ec lw a2, -0x7fd8(gp) | a2 = *((gp - 8182));
0x000023f0 lw t9, -0x7f30(gp) | t9 = sym.imp.__asprintf_chk
0x000023f4 sw s1, 0x14(sp) | *(var_14h) = s1;
0x000023f8 sw v0, 0x10(sp) | *(var_10h) = v0;
0x000023fc addiu a2, a2, 0x3154 | a2 += str._s_s_s;
0x00002400 addiu a1, zero, 1 | a1 = 1;
0x00002404 addiu a0, sp, 0x24 | a0 = sp + 0x24;
0x00002408 jalr t9 | t9 ();
0x0000240c lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 >= 0) {
0x00002410 bltz v0, 0x2450 |
0x00002414 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00002418 lw a0, 0x4184(v0) | a0 = *((v0 + 4193));
| if (a0 == 0) {
0x0000241c beql a0, zero, 0x2540 | goto label_13;
| }
0x00002420 lw a0, -0x7fd8(gp) | a0 = *((gp - 8182));
| label_4:
0x00002424 lw t9, -0x7fd8(gp) | t9 = *((gp - 8182));
0x00002428 lw a1, 0x24(sp) | a1 = *(var_24h);
0x0000242c addiu t9, t9, 0x1e6c | t9 += fcn.00001e6c;
0x00002430 move a2, s4 | a2 = s4;
0x00002434 bal 0x1e6c | fcn_00001e6c ();
0x00002438 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000243c lw t9, -0x7efc(gp) | t9 = sym.imp.free;
0x00002440 lw a0, 0x24(sp) | a0 = *(var_24h);
0x00002444 jalr t9 | t9 ();
0x00002448 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000244c lw s3, 0x4180(s2) | s3 = *((s2 + 4192));
| }
| label_1:
0x00002450 lw t9, -0x7efc(gp) | t9 = sym.imp.free;
0x00002454 move a0, s1 | a0 = s1;
0x00002458 jalr t9 | t9 ();
0x0000245c lw gp, 0x18(sp) | gp = *(var_18h);
| label_2:
0x00002460 lw t9, -0x7efc(gp) | t9 = sym.imp.free;
0x00002464 move a0, s3 | a0 = s3;
0x00002468 jalr t9 | t9 ();
0x0000246c lw gp, 0x18(sp) | gp = *(var_18h);
0x00002470 sw zero, 0x4180(s2) | *((s2 + 4192)) = 0;
0x00002474 b 0x231c |
| }
| label_6:
0x00002478 lw s1, -0x7fdc(gp) | s1 = *((gp - 8183));
0x0000247c lw t9, -0x7efc(gp) | t9 = sym.imp.free;
0x00002480 lw a0, 0x4184(s1) | a0 = *((s1 + 4193));
0x00002484 jalr t9 | t9 ();
0x00002488 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000248c addiu a1, sp, 0x44 | a1 = sp + 0x44;
0x00002490 lw a0, -0x7fd8(gp) | a0 = *((gp - 8182));
0x00002494 lw t9, -0x7fd8(gp) | t9 = *((gp - 8182));
0x00002498 addiu t9, t9, 0x19f8 | t9 += fcn.000019f8;
0x0000249c addiu a0, a0, 0x311c | a0 += str.comm;
0x000024a0 bal 0x19f8 | fcn_000019f8 ();
0x000024a4 sw v0, 0x4184(s1) | *((s1 + 4193)) = v0;
0x000024a8 lw gp, 0x18(sp) | gp = *(var_18h);
0x000024ac b 0x231c | goto label_0;
| label_8:
0x000024b0 lw s2, -0x7fdc(gp) | s2 = *((gp - 8183));
0x000024b4 lw t9, -0x7efc(gp) | t9 = sym.imp.free;
0x000024b8 lw a0, 0x4180(s2) | a0 = *((s2 + 4192));
0x000024bc jalr t9 | t9 ();
0x000024c0 lw gp, 0x18(sp) | gp = *(var_18h);
0x000024c4 move a1, s1 | a1 = s1;
0x000024c8 lw a0, -0x7fd8(gp) | a0 = *((gp - 8182));
0x000024cc lw t9, -0x7fd8(gp) | t9 = *((gp - 8182));
0x000024d0 addiu t9, t9, 0x19f8 | t9 += fcn.000019f8;
0x000024d4 addiu a0, a0, 0x3134 | a0 += str.name;
0x000024d8 bal 0x19f8 | fcn_000019f8 ();
0x000024dc sw v0, 0x4180(s2) | *((s2 + 4192)) = v0;
0x000024e0 lw gp, 0x18(sp) | gp = *(var_18h);
0x000024e4 b 0x231c | goto label_0;
| label_11:
0x000024e8 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x000024ec lw a0, 0x4184(v0) | a0 = *((v0 + 4193));
| if (a0 == 0) {
0x000024f0 beql a0, zero, 0x2548 | goto label_14;
| }
0x000024f4 lw a0, -0x7fd8(gp) | a0 = *((gp - 8182));
| do {
0x000024f8 lw s2, -0x7fdc(gp) | s2 = *((gp - 8183));
0x000024fc lw t9, -0x7fd8(gp) | t9 = *((gp - 8182));
0x00002500 move a2, s4 | a2 = s4;
0x00002504 addiu t9, t9, 0x1e6c | t9 += fcn.00001e6c;
0x00002508 move a1, s1 | a1 = s1;
0x0000250c bal 0x1e6c | fcn_00001e6c ();
0x00002510 lw gp, 0x18(sp) | gp = *(var_18h);
0x00002514 lw s3, 0x4180(s2) | s3 = *((s2 + 4192));
0x00002518 b 0x2450 | goto label_1;
| label_10:
0x0000251c lw s2, -0x7fdc(gp) | s2 = *((gp - 8183));
0x00002520 lw s3, 0x4180(s2) | s3 = *((s2 + 4192));
0x00002524 b 0x2450 | goto label_1;
| label_9:
0x00002528 lw s2, -0x7fdc(gp) | s2 = *((gp - 8183));
0x0000252c lw s3, 0x4180(s2) | s3 = *((s2 + 4192));
0x00002530 b 0x2460 | goto label_2;
| label_12:
0x00002534 addiu a3, a3, 0x322c | a3 += 0x322c;
0x00002538 move v0, a3 | v0 = a3;
0x0000253c b 0x23ec | goto label_3;
| label_13:
0x00002540 addiu a0, a0, 0x3100 | a0 += str.unknown;
0x00002544 b 0x2424 | goto label_4;
| label_14:
0x00002548 addiu a0, a0, 0x3100 | a0 += str.unknown;
0x0000254c b 0x24f8 |
| } while (1);
| label_5:
0x00002550 lw a0, -0x7fd8(gp) | a0 = *((gp - 8182));
0x00002554 lw t9, -0x7fd8(gp) | t9 = *((gp - 8182));
0x00002558 addiu t9, t9, 0x16d0 | t9 += fcn.000016d0;
0x0000255c addiu a0, a0, 0x310c | a0 += str.audit_get_reply;
0x00002560 bal 0x16d0 | fcn_000016d0 ();
| label_7:
0x00002564 lw t9, -0x7f18(gp) | t9 = sym.imp.__stack_chk_fail;
0x00002568 jalr t9 | t9 ();
0x0000256c nop |
| }
[*] Function sprintf used 2 times flashaudit
