[*] Binary protection state of pwdgrp.cgi
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of pwdgrp.cgi
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/html/axis-cgi/pwdgrp.cgi @ 0x4630 */
| #include <stdint.h>
|
; (fcn) sym.cgi_set_message_body () | void cgi_set_message_body () {
0x00004630 lui gp, 2 |
0x00004634 addiu gp, gp, -0x5620 |
0x00004638 addu gp, gp, t9 | gp += t9;
| if (a0 == 0) {
0x0000463c beqz a0, 0x4710 | goto label_0;
| }
0x00004640 nop |
| if (a1 == 0) {
0x00004644 beqz a1, 0x4710 | goto label_0;
| }
0x00004648 nop |
0x0000464c addiu sp, sp, -0x30 |
0x00004650 sw s2, 0x28(sp) | *(var_28h) = s2;
0x00004654 lw s2, 0xc(a0) | s2 = *((a0 + 3));
0x00004658 sw s0, 0x20(sp) | *(var_20h) = s0;
0x0000465c move s0, a0 | s0 = a0;
0x00004660 lw a0, 4(s2) | a0 = *((s2 + 1));
0x00004664 sw gp, 0x18(sp) | *(var_18h) = gp;
0x00004668 sw s1, 0x24(sp) | *(var_24h) = s1;
0x0000466c sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x00004670 move s1, a1 | s1 = a1;
| if (a0 != 0) {
0x00004674 beqz a0, 0x468c |
0x00004678 lw t9, -0x7ec4(gp) | t9 = sym.imp.free;
0x0000467c jalr t9 | t9 ();
0x00004680 nop |
0x00004684 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004688 lw s2, 0xc(s0) | s2 = *((s0 + 3));
| }
0x0000468c lw v0, 0xc(s2) | v0 = *((s2 + 3));
0x00004690 lw t9, -0x7f44(gp) | t9 = sym.imp.strdup;
| if (v0 != 0) {
0x00004694 bnez v0, 0x46ec | goto label_1;
| }
0x00004698 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x0000469c lw a3, -0x7fdc(gp) | a3 = *((gp - 8183));
0x000046a0 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x000046a4 lw t9, -0x7ed0(gp) | t9 = sym.imp.__asprintf_chk
0x000046a8 addiu v0, v0, 0x6060 | v0 += str.__body__r_n_r_n__html__r_n;
0x000046ac sw v0, 0x14(sp) | *(var_14h) = v0;
0x000046b0 sw s1, 0x10(sp) | *(var_10h) = s1;
0x000046b4 addiu a3, a3, 0x6010 | a3 += str._html__head__title_User_accounts__title___head__body_bgcolorffffff_;
0x000046b8 addiu a2, a2, 0x6058 | a2 += str._s_s_s;
0x000046bc addiu a1, zero, 1 | a1 = 1;
0x000046c0 addiu a0, s2, 4 | a0 = s2 + 4;
0x000046c4 jalr t9 | t9 ();
0x000046c8 addiu v1, zero, -1 | v1 = -1;
0x000046cc lw gp, 0x18(sp) | gp = *(var_18h);
0x000046d0 beq v0, v1, 0x4718 |
| while (1) {
0x000046d4 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x000046d8 lw s2, 0x28(sp) | s2 = *(var_28h);
0x000046dc lw s1, 0x24(sp) | s1 = *(var_24h);
0x000046e0 lw s0, 0x20(sp) | s0 = *(var_20h);
0x000046e4 addiu sp, sp, 0x30 |
0x000046e8 jr ra | return v0;
| label_1:
0x000046ec move a0, s1 | a0 = s1;
0x000046f0 jalr t9 | t9 ();
0x000046f4 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x000046f8 sw v0, 4(s2) | *((s2 + 1)) = v0;
0x000046fc lw s1, 0x24(sp) | s1 = *(var_24h);
0x00004700 lw s2, 0x28(sp) | s2 = *(var_28h);
0x00004704 lw s0, 0x20(sp) | s0 = *(var_20h);
0x00004708 addiu sp, sp, 0x30 |
0x0000470c jr ra | return v0;
| label_0:
0x00004710 jr ra | return v0;
0x00004714 nop |
0x00004718 lw s0, 0xc(s0) | s0 = *((s0 + 3));
0x0000471c lw t9, -0x7f44(gp) | t9 = sym.imp.strdup;
0x00004720 move a0, s1 | a0 = s1;
0x00004724 jalr t9 | t9 ();
0x00004728 sw v0, 4(s0) | *((s0 + 1)) = v0;
0x0000472c b 0x46d4 |
| }
| }
[*] Function sprintf used 2 times pwdgrp.cgi
