[*] Binary protection state of removesession.cgi
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of removesession.cgi
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/html/axis-cgi/removesession.cgi @ 0xb80 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
0x00000b80 lui gp, 2 |
0x00000b84 addiu gp, gp, -0x6b70 |
0x00000b88 addu gp, gp, t9 | gp += t9;
0x00000b8c addiu sp, sp, -0x78 |
0x00000b90 sw ra, 0x74(sp) | *(var_74h) = ra;
0x00000b94 sw fp, 0x70(sp) | *(var_70h) = fp;
0x00000b98 sw s7, 0x6c(sp) | *(var_6ch) = s7;
0x00000b9c sw s6, 0x68(sp) | *(var_68h) = s6;
0x00000ba0 sw s5, 0x64(sp) | *(var_64h) = s5;
0x00000ba4 sw s4, 0x60(sp) | *(var_60h) = s4;
0x00000ba8 sw s3, 0x5c(sp) | *(var_5ch) = s3;
0x00000bac sw s2, 0x58(sp) | *(var_58h) = s2;
0x00000bb0 sw s1, 0x54(sp) | *(var_54h) = s1;
0x00000bb4 sw s0, 0x50(sp) | *(var_50h) = s0;
0x00000bb8 move fp, sp | fp = sp;
0x00000bbc sw gp, 0x10(sp) | *(var_10h) = gp;
0x00000bc0 sw a0, 0x78(fp) | *(arg_78h) = a0;
0x00000bc4 sw a1, 0x1c(fp) | *(arg_1ch) = a1;
0x00000bc8 lw v0, -0x7f6c(gp) | v0 = *((gp - 8155));
0x00000bcc lw v0, (v0) | v0 = *(v0);
0x00000bd0 sw v0, 0x4c(fp) | *(arg_4ch) = v0;
0x00000bd4 move v0, sp | v0 = sp;
0x00000bd8 sw v0, 0x18(fp) | *(arg_18h) = v0;
0x00000bdc sw zero, 0x2c(fp) | *(arg_2ch) = 0;
0x00000be0 sw zero, 0x28(fp) | *(arg_28h) = 0;
0x00000be4 sw zero, 0x24(fp) | *(arg_24h) = 0;
0x00000be8 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000bec addiu a0, v0, 0x1650 | a0 = v0 + 0x1650;
0x00000bf0 lw v0, -0x7f78(gp) | v0 = sym.imp.getenv;
0x00000bf4 move t9, v0 | t9 = v0;
0x00000bf8 jalr t9 | t9 ();
0x00000bfc nop |
0x00000c00 lw gp, 0x10(fp) | gp = *(arg_10h);
| if (v0 != 0) {
0x00000c04 beqz v0, 0xc30 |
0x00000c08 nop |
0x00000c0c lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000c10 addiu a0, v0, 0x1650 | a0 = v0 + 0x1650;
0x00000c14 lw v0, -0x7f78(gp) | v0 = sym.imp.getenv;
0x00000c18 move t9, v0 | t9 = v0;
0x00000c1c jalr t9 | t9 ();
0x00000c20 nop |
0x00000c24 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000c28 b 0xc38 | goto label_0;
0x00000c2c nop |
| }
0x00000c30 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000c34 addiu v0, v0, 0x165c | v0 += 0x165c;
| label_0:
0x00000c38 move a0, v0 | a0 = v0;
0x00000c3c lw v0, -0x7f90(gp) | v0 = sym.imp.strlen;
0x00000c40 move t9, v0 | t9 = v0;
0x00000c44 jalr t9 | t9 ();
0x00000c48 nop |
0x00000c4c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000c50 addiu v0, v0, 0x41 | v0 += 0x41;
0x00000c54 move v1, v0 | v1 = v0;
0x00000c58 addiu v1, v1, -1 | v1 += -1;
0x00000c5c sw v1, 0x34(fp) | *(arg_34h) = v1;
0x00000c60 move s6, v0 | s6 = v0;
0x00000c64 move s7, zero | s7 = 0;
0x00000c68 srl v1, s6, 0x1d | v1 = s6 >> 0x1d;
0x00000c6c sll s3, s7, 3 | s3 = s7 << 3;
0x00000c70 or s3, v1, s3 | s3 = v1 | s3;
0x00000c74 sll s2, s6, 3 | s2 = s6 << 3;
0x00000c78 move s4, v0 | s4 = v0;
0x00000c7c move s5, zero | s5 = 0;
0x00000c80 srl v1, s4, 0x1d | v1 = s4 >> 0x1d;
0x00000c84 sll s1, s5, 3 | s1 = s5 << 3;
0x00000c88 or s1, v1, s1 | s1 = v1 | s1;
0x00000c8c sll s0, s4, 3 | s0 = s4 << 3;
0x00000c90 addiu v0, v0, 7 | v0 += 7;
0x00000c94 srl v0, v0, 3 | v0 >>= 3;
0x00000c98 sll v0, v0, 3 | v0 <<= 3;
0x00000c9c subu sp, sp, v0 |
0x00000ca0 addiu v0, sp, 0x10 | v0 = sp + 0x10;
0x00000ca4 addiu v0, v0, 0 | v0 += 0;
0x00000ca8 sw v0, 0x38(fp) | *(arg_38h) = v0;
0x00000cac sw zero, 0x30(fp) | *(arg_30h) = 0;
0x00000cb0 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000cb4 addiu a0, v0, 0x1670 | a0 = v0 + str.QUERY_STRING;
0x00000cb8 lw v0, -0x7f78(gp) | v0 = sym.imp.getenv;
0x00000cbc move t9, v0 | t9 = v0;
0x00000cc0 jalr t9 | t9 ();
0x00000cc4 nop |
0x00000cc8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000ccc sw v0, 0x3c(fp) | *(arg_3ch) = v0;
0x00000cd0 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000cd4 addiu a0, v0, 0x1680 | a0 = v0 + str.Content_Type:_text_plain_r_n_r;
0x00000cd8 lw v0, -0x7f7c(gp) | v0 = sym.imp.puts;
0x00000cdc move t9, v0 | t9 = v0;
0x00000ce0 jalr t9 | t9 ();
0x00000ce4 nop |
0x00000ce8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000cec lw v0, 0x3c(fp) | v0 = *(arg_3ch);
| if (v0 == 0) {
0x00000cf0 beqz v0, 0xeec | goto label_1;
| }
0x00000cf4 nop |
0x00000cf8 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000cfc addiu a1, v0, 0x169c | a1 = v0 + str.sessionid;
0x00000d00 lw a0, 0x3c(fp) | a0 = *(arg_3ch);
0x00000d04 lw v0, -0x7f58(gp) | v0 = sym.imp.strstr;
0x00000d08 move t9, v0 | t9 = v0;
0x00000d0c jalr t9 | t9 ();
0x00000d10 nop |
0x00000d14 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000d18 sw v0, 0x40(fp) | *(arg_40h) = v0;
0x00000d1c lw v0, 0x40(fp) | v0 = *(arg_40h);
| if (v0 == 0) {
0x00000d20 beqz v0, 0xeec | goto label_1;
| }
0x00000d24 nop |
0x00000d28 lw v0, 0x40(fp) | v0 = *(arg_40h);
0x00000d2c addiu v0, v0, 0xa | v0 += 0xa;
0x00000d30 sw v0, 0x40(fp) | *(arg_40h) = v0;
0x00000d34 addiu a1, zero, 0x26 | a1 = 0x26;
0x00000d38 lw a0, 0x40(fp) | a0 = *(arg_40h);
0x00000d3c lw v0, -0x7f8c(gp) | v0 = sym.imp.strchr;
0x00000d40 move t9, v0 | t9 = v0;
0x00000d44 jalr t9 | t9 ();
0x00000d48 nop |
0x00000d4c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000d50 sw v0, 0x44(fp) | *(arg_44h) = v0;
0x00000d54 lw v0, 0x44(fp) | v0 = *(arg_44h);
| if (v0 != 0) {
0x00000d58 beqz v0, 0xd68 |
0x00000d5c nop |
0x00000d60 lw v0, 0x44(fp) | v0 = *(arg_44h);
0x00000d64 sb zero, (v0) | *(v0) = 0;
| }
0x00000d68 addiu a2, zero, -1 | a2 = -1;
0x00000d6c lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000d70 addiu a1, v0, 0x16a8 | a1 = v0 + 0x16a8;
0x00000d74 lw a0, 0x40(fp) | a0 = *(arg_40h);
0x00000d78 lw v0, -0x7f68(gp) | v0 = sym.imp.g_strsplit;
0x00000d7c move t9, v0 | t9 = v0;
0x00000d80 jalr t9 | t9 ();
0x00000d84 nop |
0x00000d88 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000d8c sw v0, 0x30(fp) | *(arg_30h) = v0;
0x00000d90 b 0xed0 | goto label_2;
0x00000d94 nop |
| do {
0x00000d98 lw v0, 0x24(fp) | v0 = *(arg_24h);
0x00000d9c sll v0, v0, 2 | v0 <<= 2;
0x00000da0 lw v1, 0x30(fp) | v1 = *(arg_30h);
0x00000da4 addu v0, v1, v0 | v0 = v1 + v0;
0x00000da8 lw v0, (v0) | v0 = *(v0);
0x00000dac sw v0, 0x48(fp) | *(arg_48h) = v0;
0x00000db0 lw a0, 0x48(fp) | a0 = *(arg_48h);
0x00000db4 lw v0, -0x7fcc(gp) | v0 = sym.valid_sessionid;
0x00000db8 move t9, v0 | t9 = v0;
0x00000dbc bal 0xfd0 | sym_valid_sessionid ();
0x00000dc0 nop |
0x00000dc4 lw gp, 0x10(fp) | gp = *(arg_10h);
| if (v0 != 0) {
0x00000dc8 beqz v0, 0xebc |
0x00000dcc nop |
0x00000dd0 lw s0, 0x38(fp) | s0 = *(arg_38h);
0x00000dd4 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000dd8 addiu a0, v0, 0x1650 | a0 = v0 + 0x1650;
0x00000ddc lw v0, -0x7f78(gp) | v0 = sym.imp.getenv;
0x00000de0 move t9, v0 | t9 = v0;
0x00000de4 jalr t9 | t9 ();
0x00000de8 nop |
0x00000dec lw gp, 0x10(fp) | gp = *(arg_10h);
| if (v0 != 0) {
0x00000df0 beqz v0, 0xe1c |
0x00000df4 nop |
0x00000df8 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000dfc addiu a0, v0, 0x1650 | a0 = v0 + 0x1650;
0x00000e00 lw v0, -0x7f78(gp) | v0 = sym.imp.getenv;
0x00000e04 move t9, v0 | t9 = v0;
0x00000e08 jalr t9 | t9 ();
0x00000e0c nop |
0x00000e10 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000e14 b 0xe24 | goto label_3;
0x00000e18 nop |
| }
0x00000e1c lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000e20 addiu v0, v0, 0x165c | v0 += 0x165c;
| label_3:
0x00000e24 lw a3, 0x48(fp) | a3 = *(arg_48h);
0x00000e28 move a2, v0 | a2 = v0;
0x00000e2c lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000e30 addiu a1, v0, 0x16ac | a1 = v0 + 0x16ac;
0x00000e34 move a0, s0 | a0 = s0;
0x00000e38 lw v0, -0x7fa8(gp) | v0 = sym.imp.sprintf
0x00000e3c move t9, v0 | t9 = v0;
0x00000e40 jalr t9 | t9 ();
0x00000e44 nop |
0x00000e48 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000e4c lw v0, 0x38(fp) | v0 = *(arg_38h);
0x00000e50 move a0, v0 | a0 = v0;
0x00000e54 lw v0, -0x7f74(gp) | v0 = sym.imp.unlink;
0x00000e58 move t9, v0 | t9 = v0;
0x00000e5c jalr t9 | t9 ();
0x00000e60 nop |
0x00000e64 lw gp, 0x10(fp) | gp = *(arg_10h);
| if (v0 < 0) {
0x00000e68 bgez v0, 0xea8 |
0x00000e6c nop |
0x00000e70 lw v0, -0x7fa0(gp) | v0 = sym.imp.__errno_location;
0x00000e74 move t9, v0 | t9 = v0;
0x00000e78 jalr t9 | t9 ();
0x00000e7c nop |
0x00000e80 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000e84 lw v1, (v0) | v1 = *(v0);
0x00000e88 addiu v0, zero, 2 | v0 = 2;
| if (v1 == v0) {
0x00000e8c beq v1, v0, 0xea8 | goto label_4;
| }
0x00000e90 nop |
0x00000e94 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000e98 addiu v0, v0, 0x16b4 | v0 += str.ERROR:_Failed_too_remove_session_id;
0x00000e9c sw v0, 0x2c(fp) | *(arg_2ch) = v0;
0x00000ea0 b 0xeec | goto label_1;
0x00000ea4 nop |
| }
| label_4:
0x00000ea8 lw v0, 0x24(fp) | v0 = *(arg_24h);
0x00000eac addiu v0, v0, 1 | v0++;
0x00000eb0 sw v0, 0x24(fp) | *(arg_24h) = v0;
0x00000eb4 b 0xed0 | goto label_2;
0x00000eb8 nop |
| }
0x00000ebc lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000ec0 addiu v0, v0, 0x16d8 | v0 += str.ERROR:_Invalid_session_id;
0x00000ec4 sw v0, 0x2c(fp) | *(arg_2ch) = v0;
0x00000ec8 b 0xeec | goto label_1;
0x00000ecc nop |
| label_2:
0x00000ed0 lw v0, 0x24(fp) | v0 = *(arg_24h);
0x00000ed4 sll v0, v0, 2 | v0 <<= 2;
0x00000ed8 lw v1, 0x30(fp) | v1 = *(arg_30h);
0x00000edc addu v0, v1, v0 | v0 = v1 + v0;
0x00000ee0 lw v0, (v0) | v0 = *(v0);
0x00000ee4 bnez v0, 0xd98 |
| } while (v0 != 0);
0x00000ee8 nop |
| label_1:
0x00000eec lw v0, 0x30(fp) | v0 = *(arg_30h);
| if (v0 != 0) {
0x00000ef0 beqz v0, 0xf10 |
0x00000ef4 nop |
0x00000ef8 lw a0, 0x30(fp) | a0 = *(arg_30h);
0x00000efc lw v0, -0x7fa4(gp) | v0 = sym.imp.g_strfreev;
0x00000f00 move t9, v0 | t9 = v0;
0x00000f04 jalr t9 | t9 ();
0x00000f08 nop |
0x00000f0c lw gp, 0x10(fp) | gp = *(arg_10h);
| }
0x00000f10 lw v0, 0x2c(fp) | v0 = *(arg_2ch);
| if (v0 != 0) {
0x00000f14 beqz v0, 0xf4c |
0x00000f18 nop |
0x00000f1c lw a1, 0x2c(fp) | a1 = *(arg_2ch);
0x00000f20 lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000f24 addiu a0, v0, 0x16f4 | a0 = v0 + str._s_r_n;
0x00000f28 lw v0, -0x7f64(gp) | v0 = sym.imp.printf;
0x00000f2c move t9, v0 | t9 = v0;
0x00000f30 jalr t9 | t9 ();
0x00000f34 nop |
0x00000f38 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00000f3c addiu v0, zero, 1 | v0 = 1;
0x00000f40 sw v0, 0x28(fp) | *(arg_28h) = v0;
0x00000f44 b 0xf68 | goto label_5;
0x00000f48 nop |
| }
0x00000f4c lw v0, -0x7fd0(gp) | v0 = *((gp - 8180));
0x00000f50 addiu a0, v0, 0x16fc | a0 = v0 + 0x16fc;
0x00000f54 lw v0, -0x7f7c(gp) | v0 = sym.imp.puts;
0x00000f58 move t9, v0 | t9 = v0;
0x00000f5c jalr t9 | t9 ();
0x00000f60 nop |
0x00000f64 lw gp, 0x10(fp) | gp = *(arg_10h);
| label_5:
0x00000f68 lw v0, 0x28(fp) | v0 = *(arg_28h);
0x00000f6c lw sp, 0x18(fp) |
0x00000f70 lw v1, -0x7f6c(gp) | v1 = *((gp - 8155));
0x00000f74 lw a0, 0x4c(fp) | a0 = *(arg_4ch);
0x00000f78 lw v1, (v1) | v1 = *(v1);
| if (a0 != v1) {
0x00000f7c beq a0, v1, 0xf94 |
0x00000f80 nop |
0x00000f84 lw v0, -0x7f70(gp) | v0 = sym.imp.__stack_chk_fail;
0x00000f88 move t9, v0 | t9 = v0;
0x00000f8c jalr t9 | t9 ();
0x00000f90 nop |
| }
0x00000f94 move sp, fp |
0x00000f98 lw ra, 0x74(sp) | ra = *(var_74h);
0x00000f9c lw fp, 0x70(sp) | fp = *(var_70h);
0x00000fa0 lw s7, 0x6c(sp) | s7 = *(var_6ch);
0x00000fa4 lw s6, 0x68(sp) | s6 = *(var_68h);
0x00000fa8 lw s5, 0x64(sp) | s5 = *(var_64h);
0x00000fac lw s4, 0x60(sp) | s4 = *(var_60h);
0x00000fb0 lw s3, 0x5c(sp) | s3 = *(var_5ch);
0x00000fb4 lw s2, 0x58(sp) | s2 = *(var_58h);
0x00000fb8 lw s1, 0x54(sp) | s1 = *(var_54h);
0x00000fbc lw s0, 0x50(sp) | s0 = *(var_50h);
0x00000fc0 addiu sp, sp, 0x78 |
0x00000fc4 jr ra | return v0;
0x00000fc8 nop |
| }
[*] Function sprintf used 2 times removesession.cgi
