[*] Binary protection state of streamprofile.cgi
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of streamprofile.cgi
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/html/axis-cgi/streamprofile.cgi @ 0x1d6c */
| #include <stdint.h>
|
; (fcn) sym.build_error_message () | void build_error_message () {
0x00001d6c lui gp, 2 |
0x00001d70 addiu gp, gp, -0x4d5c |
0x00001d74 addu gp, gp, t9 | gp += t9;
0x00001d78 addiu sp, sp, -0xc0 |
0x00001d7c lw t9, -0x7ec0(gp) | t9 = sym.imp.json_unpack;
0x00001d80 sw s2, 0xa8(sp) | *(var_a8h) = s2;
0x00001d84 lw s2, -0x7f34(gp) | s2 = *((gp - 8141));
0x00001d88 sw s3, 0xac(sp) | *(var_ach) = s3;
0x00001d8c move s3, a1 | s3 = a1;
0x00001d90 addiu a1, sp, 0x34 | a1 = sp + 0x34;
0x00001d94 lw v0, (s2) | v0 = *(s2);
0x00001d98 sw s4, 0xb0(sp) | *(var_b0h) = s4;
0x00001d9c sw s0, 0xa0(sp) | *(var_a0h) = s0;
0x00001da0 lw s4, -0x7fdc(gp) | s4 = *((gp - 8183));
0x00001da4 lw s0, -0x7fdc(gp) | s0 = *((gp - 8183));
0x00001da8 sw a1, 0x1c(sp) | *(var_1ch) = a1;
0x00001dac addiu a1, sp, 0x30 | a1 = sp + 0x30;
0x00001db0 sw s5, 0xb4(sp) | *(var_b4h) = s5;
0x00001db4 sw a1, 0x14(sp) | *(var_14h) = a1;
0x00001db8 lw s5, -0x7fdc(gp) | s5 = *((gp - 8183));
0x00001dbc lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00001dc0 addiu t0, s0, 0x4640 | t0 = s0 + str.apiVersion;
0x00001dc4 addiu v1, s4, 0x460c | v1 = s4 + str.context;
0x00001dc8 sw gp, 0x20(sp) | *(var_20h) = gp;
0x00001dcc sw s6, 0xb8(sp) | *(var_b8h) = s6;
0x00001dd0 sw s1, 0xa4(sp) | *(var_a4h) = s1;
0x00001dd4 sw ra, 0xbc(sp) | *(var_bch) = ra;
0x00001dd8 move s6, a2 | s6 = a2;
0x00001ddc move s1, a3 | s1 = a3;
0x00001de0 sw t0, 0x18(sp) | *(var_18h) = t0;
0x00001de4 sw v1, 0x10(sp) | *(var_10h) = v1;
0x00001de8 addiu a3, sp, 0x2c | a3 = sp + 0x2c;
0x00001dec addiu a2, s5, 0x45fc | a2 = s5 + str.method;
0x00001df0 addiu a1, a1, 0x4654 | a1 += str.s_ss_ss_s;
0x00001df4 sw v0, 0x9c(sp) | *(var_9ch) = v0;
0x00001df8 sw zero, 0x2c(sp) | *(var_2ch) = 0;
0x00001dfc sw zero, 0x30(sp) | *(var_30h) = 0;
0x00001e00 sw zero, 0x34(sp) | *(var_34h) = 0;
0x00001e04 jalr t9 | t9 ();
0x00001e08 nop |
0x00001e0c lw a0, 0x2c(sp) | a0 = *(var_2ch);
0x00001e10 lw gp, 0x20(sp) | gp = *(var_20h);
| if (a0 != 0) {
0x00001e14 beqz a0, 0x1e40 |
0x00001e18 lw t9, -0x7f0c(gp) | t9 = sym.imp.json_string;
0x00001e1c jalr t9 | t9 ();
0x00001e20 nop |
0x00001e24 lw gp, 0x20(sp) | gp = *(var_20h);
0x00001e28 move a2, v0 | a2 = v0;
0x00001e2c addiu a1, s5, 0x45fc | a1 = s5 + str.method;
0x00001e30 lw t9, -0x7f5c(gp) | t9 = sym.imp.json_object_set_new;
0x00001e34 move a0, s1 | a0 = s1;
0x00001e38 jalr t9 | t9 ();
0x00001e3c lw gp, 0x20(sp) | gp = *(var_20h);
| }
0x00001e40 lw a0, 0x30(sp) | a0 = *(var_30h);
0x00001e44 lw t9, -0x7f0c(gp) | t9 = sym.imp.json_string;
| if (a0 != 0) {
0x00001e48 beqz a0, 0x1e70 |
0x00001e4c jalr t9 | t9 ();
0x00001e50 nop |
0x00001e54 lw gp, 0x20(sp) | gp = *(var_20h);
0x00001e58 move a2, v0 | a2 = v0;
0x00001e5c addiu a1, s4, 0x460c | a1 = s4 + str.context;
0x00001e60 lw t9, -0x7f5c(gp) | t9 = sym.imp.json_object_set_new;
0x00001e64 move a0, s1 | a0 = s1;
0x00001e68 jalr t9 | t9 ();
0x00001e6c lw gp, 0x20(sp) | gp = *(var_20h);
| }
0x00001e70 lw v0, 0x34(sp) | v0 = *(var_34h);
0x00001e74 lw t9, -0x7f0c(gp) | t9 = sym.imp.json_string;
| if (v0 != 0) {
0x00001e78 beqz v0, 0x1ea0 |
0x00001e7c move a0, s6 | a0 = s6;
0x00001e80 jalr t9 | t9 ();
0x00001e84 lw gp, 0x20(sp) | gp = *(var_20h);
0x00001e88 move a2, v0 | a2 = v0;
0x00001e8c addiu a1, s0, 0x4640 | a1 = s0 + str.apiVersion;
0x00001e90 lw t9, -0x7f5c(gp) | t9 = sym.imp.json_object_set_new;
0x00001e94 move a0, s1 | a0 = s1;
0x00001e98 jalr t9 | t9 ();
0x00001e9c lw gp, 0x20(sp) | gp = *(var_20h);
| }
0x00001ea0 lw a3, -0x7fdc(gp) | a3 = *((gp - 8183));
0x00001ea4 lw t9, -0x7f60(gp) | t9 = sym.imp.__sprintf_chk
0x00001ea8 addiu s0, sp, 0x38 | s0 = sp + 0x38;
0x00001eac addiu a3, a3, 0x4660 | a3 += str.There_was_an__d_error;
0x00001eb0 addiu a2, zero, 0x64 | a2 = 0x64;
0x00001eb4 addiu a1, zero, 1 | a1 = 1;
0x00001eb8 move a0, s0 | a0 = s0;
0x00001ebc sw s3, 0x10(sp) | *(var_10h) = s3;
0x00001ec0 jalr t9 | t9 ();
0x00001ec4 lw gp, 0x20(sp) | gp = *(var_20h);
0x00001ec8 move a2, s3 | a2 = s3;
0x00001ecc sw s0, 0x10(sp) | *(var_10h) = s0;
0x00001ed0 lw a3, -0x7fdc(gp) | a3 = *((gp - 8183));
0x00001ed4 lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00001ed8 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00001edc lw t9, -0x7f6c(gp) | t9 = sym.imp.json_pack;
0x00001ee0 addiu a3, a3, 0x4678 | a3 += str.message;
0x00001ee4 addiu a1, a1, 0x4680 | a1 += str.code;
0x00001ee8 addiu a0, a0, 0x4688 | a0 += str.siss;
0x00001eec jalr t9 | t9 ();
0x00001ef0 lw gp, 0x20(sp) | gp = *(var_20h);
0x00001ef4 move a2, v0 | a2 = v0;
0x00001ef8 move a0, s1 | a0 = s1;
0x00001efc lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00001f00 lw t9, -0x7f5c(gp) | t9 = sym.imp.json_object_set_new;
0x00001f04 addiu a1, a1, 0x4670 | a1 += 0x4670;
0x00001f08 jalr t9 | t9 ();
0x00001f0c lw gp, 0x20(sp) | gp = *(var_20h);
0x00001f10 lw t9, -0x7f54(gp) | t9 = sym.imp.json_object_size;
0x00001f14 move a0, s1 | a0 = s1;
0x00001f18 jalr t9 | t9 ();
0x00001f1c lw a0, 0x9c(sp) | a0 = *(var_9ch);
0x00001f20 lw v1, (s2) | v1 = *(s2);
0x00001f24 sltiu v0, v0, 1 | v0 = (v0 < 1) ? 1 : 0;
0x00001f28 lw gp, 0x20(sp) | gp = *(var_20h);
0x00001f2c negu v0, v0 | __asm ("negu v0, v0");
| if (a0 == v1) {
0x00001f30 bne a0, v1, 0x1f5c |
0x00001f34 lw ra, 0xbc(sp) | ra = *(var_bch);
0x00001f38 lw s6, 0xb8(sp) | s6 = *(var_b8h);
0x00001f3c lw s5, 0xb4(sp) | s5 = *(var_b4h);
0x00001f40 lw s4, 0xb0(sp) | s4 = *(var_b0h);
0x00001f44 lw s3, 0xac(sp) | s3 = *(var_ach);
0x00001f48 lw s2, 0xa8(sp) | s2 = *(var_a8h);
0x00001f4c lw s1, 0xa4(sp) | s1 = *(var_a4h);
0x00001f50 lw s0, 0xa0(sp) | s0 = *(var_a0h);
0x00001f54 addiu sp, sp, 0xc0 |
0x00001f58 jr ra | return v0;
| }
0x00001f5c lw t9, -0x7f4c(gp) | t9 = sym.imp.__stack_chk_fail;
0x00001f60 jalr t9 | t9 ();
0x00001f64 nop |
| }
[*] Function sprintf used 2 times streamprofile.cgi
