[*] Binary protection state of kmod
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of kmod
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/kmod @ 0x156e4 */
| #include <stdint.h>
|
; (fcn) fcn.000156e4 () | void fcn_000156e4 () {
0x000156e4 lui gp, 2 |
0x000156e8 addiu gp, gp, 0x798c |
0x000156ec addu gp, gp, t9 | gp += t9;
0x000156f0 addiu sp, sp, -0x58 |
0x000156f4 sw fp, 0x50(sp) | *(var_50h) = fp;
0x000156f8 lw fp, 0x68(sp) | fp = *(arg_68h);
0x000156fc sw gp, 0x18(sp) | *(var_18h) = gp;
0x00015700 sw ra, 0x54(sp) | *(var_54h) = ra;
0x00015704 sw s7, 0x4c(sp) | *(var_4ch) = s7;
0x00015708 sw s6, 0x48(sp) | *(var_48h) = s6;
0x0001570c sw s5, 0x44(sp) | *(var_44h) = s5;
0x00015710 sw s4, 0x40(sp) | *(var_40h) = s4;
0x00015714 sw s3, 0x3c(sp) | *(var_3ch) = s3;
0x00015718 sw s2, 0x38(sp) | *(var_38h) = s2;
0x0001571c sw s1, 0x34(sp) | *(var_34h) = s1;
0x00015720 sw s0, 0x30(sp) | *(var_30h) = s0;
0x00015724 lw t9, -0x7ed8(gp) | t9 = *(gp);
| if (fp == 0) {
0x00015728 beqz fp, 0x15898 | goto label_2;
| }
0x0001572c sll v0, fp, 1 | v0 = fp << 1;
0x00015730 addu v0, v0, fp | v0 += fp;
0x00015734 lui s1, 0xcccc | s1 = 0xcccc0000;
0x00015738 sw a0, 0x28(sp) | *(var_28h) = a0;
0x0001573c ori s1, s1, 0xcccd | s1 |= 0xcccd;
0x00015740 addiu a0, v0, 0x13 | a0 = v0 + 0x13;
0x00015744 multu a0, s1 | __asm ("multu a0, s1");
0x00015748 mfhi a0 | __asm ("mfhi a0");
0x0001574c lw t9, -0x7bf8(gp) | t9 = sym.imp.malloc;
0x00015750 addiu v0, v0, -3 | v0 += -3;
0x00015754 sw a1, 0x2c(sp) | *(var_2ch) = a1;
0x00015758 move s5, a2 | s5 = a2;
0x0001575c srl a0, a0, 4 | a0 >>= 4;
0x00015760 sll v1, a0, 1 | v1 = a0 << 1;
0x00015764 addu a0, v1, a0 | a0 = v1 + a0;
0x00015768 addu a0, a0, v0 | a0 += v0;
0x0001576c move s2, a3 | s2 = a3;
0x00015770 jalr t9 | t9 ();
0x00015774 move s3, v0 | s3 = v0;
0x00015778 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x0001577c beqz v0, 0x158e4 | goto label_3;
| }
0x00015780 addiu v0, fp, -1 | v0 = fp + -1;
| if (fp <= 0) {
0x00015784 blez fp, 0x15820 | goto label_4;
| }
0x00015788 sw v0, 0x24(sp) | *(var_24h) = v0;
0x0001578c lw v0, -0x7fdc(gp) | v0 = *(gp);
0x00015790 lw s6, -0x7fdc(gp) | s6 = *(gp);
0x00015794 move s0, zero | s0 = 0;
0x00015798 lw s7, 0x390c(v0) | s7 = *((v0 + 3651));
0x0001579c move s4, zero | s4 = 0;
| /* str._02X */
0x000157a0 addiu s6, s6, 0x3904 | s6 += 0x3904;
0x000157a4 b 0x157c4 |
| while (a3 != 0) {
0x000157a8 addiu a1, zero, 0x3a | a1 = 0x3a;
0x000157ac addiu v0, s4, 3 | v0 = s4 + 3;
0x000157b0 sb a1, (a2) | *(a2) = a1;
| if (s0 == a0) {
0x000157b4 beq s0, a0, 0x158d0 | goto label_5;
| }
0x000157b8 move s4, v0 | s4 = v0;
| label_1:
0x000157bc lw t9, -0x7c28(gp) | t9 = sym.imp.strlen;
| if (fp == s0) {
0x000157c0 beq fp, s0, 0x15824 | goto label_6;
| }
| label_0:
0x000157c4 lbux v0, s0(s2) | __asm ("lbux v0, s0(s2)");
0x000157c8 lw t9, -0x7cec(gp) | t9 = sym.imp.__sprintf_chk
0x000157cc addu a0, s3, s4 | a0 = s3 + s4;
0x000157d0 move a3, s6 | a3 = s6;
0x000157d4 addiu a2, zero, -1 | a2 = -1;
0x000157d8 addiu a1, zero, 1 | a1 = 1;
0x000157dc sw v0, 0x10(sp) | *(var_10h) = v0;
0x000157e0 jalr t9 | t9 ();
0x000157e4 lw v0, 0x24(sp) | v0 = *(var_24h);
0x000157e8 addiu a1, s4, 2 | a1 = s4 + 2;
0x000157ec slt a3, s0, v0 | a3 = (s0 < v0) ? 1 : 0;
0x000157f0 addiu s0, s0, 1 | s0++;
0x000157f4 multu s0, s1 | __asm ("multu s0, s1");
0x000157f8 mfhi a0 | __asm ("mfhi a0");
0x000157fc lw gp, 0x18(sp) | gp = *(var_18h);
0x00015800 addu a2, s3, a1 | a2 = s3 + a1;
0x00015804 srl v0, a0, 4 | v0 = a0 >> 4;
0x00015808 sll a0, v0, 2 | a0 = v0 << 2;
0x0001580c addu a0, a0, v0 | a0 += v0;
0x00015810 sll a0, a0, 2 | a0 <<= 2;
0x00015814 bnez a3, 0x157a8 |
| }
0x00015818 move s4, a1 | s4 = a1;
| if (fp != s0) {
0x0001581c bne fp, s0, 0x157c4 | goto label_0;
| }
| label_4:
0x00015820 lw t9, -0x7c28(gp) | t9 = sym.imp.strlen;
| label_6:
0x00015824 move a0, s3 | a0 = s3;
0x00015828 jalr t9 | t9 ();
0x0001582c lw gp, 0x18(sp) | gp = *(var_18h);
0x00015830 lw a1, 0x2c(sp) | a1 = *(var_2ch);
0x00015834 lw a0, 0x28(sp) | a0 = *(var_28h);
0x00015838 lw t9, -0x7ed8(gp) | t9 = *(gp);
0x0001583c move a3, s3 | a3 = s3;
0x00015840 move a2, s5 | a2 = s5;
| /* fcn.00015594 */
0x00015844 addiu t9, t9, 0x5594 | t9 += 0x5594;
0x00015848 sw v0, 0x10(sp) | *(var_10h) = v0;
0x0001584c bal 0x15594 | fcn_00015594 ();
0x00015850 lw gp, 0x18(sp) | gp = *(var_18h);
0x00015854 sw v0, 0x24(sp) | *(var_24h) = v0;
0x00015858 lw t9, -0x7b88(gp) | t9 = sym.imp.free;
0x0001585c move a0, s3 | a0 = s3;
0x00015860 jalr t9 | t9 ();
0x00015864 lw v0, 0x24(sp) | v0 = *(var_24h);
| do {
0x00015868 lw ra, 0x54(sp) | ra = *(var_54h);
0x0001586c lw fp, 0x50(sp) | fp = *(var_50h);
0x00015870 lw s7, 0x4c(sp) | s7 = *(var_4ch);
0x00015874 lw s6, 0x48(sp) | s6 = *(var_48h);
0x00015878 lw s5, 0x44(sp) | s5 = *(var_44h);
0x0001587c lw s4, 0x40(sp) | s4 = *(var_40h);
0x00015880 lw s3, 0x3c(sp) | s3 = *(var_3ch);
0x00015884 lw s2, 0x38(sp) | s2 = *(var_38h);
0x00015888 lw s1, 0x34(sp) | s1 = *(var_34h);
0x0001588c lw s0, 0x30(sp) | s0 = *(var_30h);
0x00015890 addiu sp, sp, 0x58 |
0x00015894 jr ra | return v0;
| label_2:
0x00015898 lw ra, 0x54(sp) | ra = *(var_54h);
0x0001589c lw fp, 0x50(sp) | fp = *(var_50h);
0x000158a0 lw s7, 0x4c(sp) | s7 = *(var_4ch);
0x000158a4 lw s6, 0x48(sp) | s6 = *(var_48h);
0x000158a8 lw s5, 0x44(sp) | s5 = *(var_44h);
0x000158ac lw s4, 0x40(sp) | s4 = *(var_40h);
0x000158b0 lw s3, 0x3c(sp) | s3 = *(var_3ch);
0x000158b4 lw s2, 0x38(sp) | s2 = *(var_38h);
0x000158b8 lw s1, 0x34(sp) | s1 = *(var_34h);
0x000158bc lw s0, 0x30(sp) | s0 = *(var_30h);
0x000158c0 move a3, zero | a3 = 0;
| /* fcn.00015594 */
0x000158c4 addiu t9, t9, 0x5594 | t9 += 0x5594;
0x000158c8 addiu sp, sp, 0x58 |
0x000158cc b 0x15594 | void (*0x15594)() ();
| label_5:
0x000158d0 addu v0, s3, v0 | v0 = s3 + v0;
0x000158d4 addiu s4, s4, 6 | s4 += 6;
0x000158d8 swl s7, 3(v0) | __asm ("swl s7, 3(v0)");
0x000158dc swr s7, (v0) | __asm ("swr s7, (v0)");
0x000158e0 b 0x157bc | goto label_1;
| label_3:
0x000158e4 move v0, zero | v0 = 0;
0x000158e8 b 0x15868 |
| } while (1);
| }
[*] Function sprintf used 2 times kmod
