[*] Binary protection state of tapestat
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of tapestat
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/tapestat @ 0x4224 */
| #include <stdint.h>
|
; (fcn) sym.tape_write_stats () | void tape_write_stats () {
0x00004224 lui gp, 2 |
0x00004228 addiu gp, gp, -0x2174 |
0x0000422c addu gp, gp, t9 | gp += t9;
0x00004230 addiu sp, sp, -0x78 |
0x00004234 move v1, a1 | v1 = a1;
0x00004238 sw s2, 0x64(sp) | *(var_64h) = s2;
0x0000423c lw s2, -0x7fb0(gp) | s2 = *(gp);
0x00004240 sw s3, 0x68(sp) | *(var_68h) = s3;
0x00004244 lw s3, -0x7dc4(gp) | s3 = *((gp - 8049));
0x00004248 lw v0, (s2) | v0 = *(s2);
0x0000424c sw s0, 0x5c(sp) | *(var_5ch) = s0;
0x00004250 move s0, a0 | s0 = a0;
0x00004254 lw a0, (s3) | a0 = *(s3);
0x00004258 sw gp, 0x28(sp) | *(var_28h) = gp;
0x0000425c andi v0, v0, 4 | v0 &= 4;
0x00004260 sw ra, 0x74(sp) | *(var_74h) = ra;
0x00004264 sw s5, 0x70(sp) | *(var_70h) = s5;
0x00004268 sw s4, 0x6c(sp) | *(var_6ch) = s4;
0x0000426c sw s1, 0x60(sp) | *(var_60h) = s1;
0x00004270 sw a0, 0x54(sp) | *(var_54h) = a0;
0x00004274 addiu s4, zero, 1 | s4 = 1;
| if (v0 == 0) {
0x00004278 beqz v0, 0x443c | goto label_1;
| }
0x0000427c addiu s4, zero, 0x400 | s4 = 0x400;
0x00004280 move s5, zero | s5 = 0;
| do {
0x00004284 lw a3, -0x7fd4(gp) | a3 = *((gp - 8181));
0x00004288 lw t9, -0x7eb4(gp) | t9 = sym.imp.__sprintf_chk
0x0000428c addiu s1, sp, 0x34 | s1 = sp + 0x34;
0x00004290 sw v1, 0x10(sp) | *(var_10h) = v1;
0x00004294 addiu a3, a3, -0x67b4 | a3 += -0x67b4;
0x00004298 addiu a2, zero, 0x20 | a2 = 0x20;
0x0000429c addiu a1, zero, 1 | a1 = 1;
0x000042a0 move a0, s1 | a0 = s1;
0x000042a4 jalr t9 | t9 ();
0x000042a8 lw gp, 0x28(sp) | gp = *(var_28h);
0x000042ac move a3, zero | a3 = 0;
0x000042b0 move a2, s1 | a2 = s1;
0x000042b4 lw a1, -0x7fd4(gp) | a1 = *((gp - 8181));
0x000042b8 lw t9, -0x7f9c(gp) | t9 = sym.cprintf_in;
0x000042bc addiu a1, a1, -0x67a4 | a1 += -0x67a4;
0x000042c0 addiu a0, zero, 1 | a0 = 1;
0x000042c4 sb zero, 0x39(sp) | *(var_39h) = 0;
0x000042c8 bal 0x7420 | sym_cprintf_in ();
0x000042cc lw gp, 0x28(sp) | gp = *(var_28h);
0x000042d0 lw v0, 8(s0) | v0 = *((s0 + 2));
0x000042d4 lw a0, (s0) | a0 = *(s0);
0x000042d8 lw a1, 4(s0) | a1 = *((s0 + 1));
0x000042dc lw v1, 0xc(s0) | v1 = *((s0 + 3));
0x000042e0 lw t9, -0x7f98(gp) | t9 = sym.cprintf_u64;
0x000042e4 sw v0, 0x18(sp) | *(var_18h) = v0;
0x000042e8 sw a0, 0x10(sp) | *(var_10h) = a0;
0x000042ec sw a1, 0x14(sp) | *(var_14h) = a1;
0x000042f0 sw v1, 0x1c(sp) | *(var_1ch) = v1;
0x000042f4 addiu a2, zero, 7 | a2 = 7;
0x000042f8 addiu a1, zero, 2 | a1 = 2;
0x000042fc addiu a0, zero, -1 | a0 = -1;
0x00004300 bal 0x6bd0 | sym_cprintf_u64 ();
0x00004304 lw v0, (s2) | v0 = *(s2);
0x00004308 andi v0, v0, 0x40 | v0 &= 0x40;
0x0000430c lw gp, 0x28(sp) | gp = *(var_28h);
| if (v0 == 0) {
0x00004310 beqz v0, 0x4444 | goto label_2;
| }
0x00004314 lw s4, 0x18(s0) | s4 = *((s0 + 6));
0x00004318 lw s5, 0x1c(s0) | s5 = *((s0 + 7));
0x0000431c lw v0, 0x20(s0) | v0 = *((s0 + 8));
0x00004320 lw v1, 0x24(s0) | v1 = *((s0 + 9));
0x00004324 addiu a0, zero, 2 | a0 = 2;
| label_0:
0x00004328 lw t9, -0x7f98(gp) | t9 = sym.cprintf_u64;
0x0000432c addiu a2, zero, 0xb | a2 = 0xb;
0x00004330 addiu a1, zero, 2 | a1 = 2;
0x00004334 sw v0, 0x18(sp) | *(var_18h) = v0;
0x00004338 sw v1, 0x1c(sp) | *(var_1ch) = v1;
0x0000433c sw s4, 0x10(sp) | *(var_10h) = s4;
0x00004340 sw s5, 0x14(sp) | *(var_14h) = s5;
0x00004344 bal 0x6bd0 | sym_cprintf_u64 ();
0x00004348 lw gp, 0x28(sp) | gp = *(var_28h);
0x0000434c lw a0, 0x38(s0) | a0 = *((s0 + 14));
0x00004350 lw a1, 0x3c(s0) | a1 = *((s0 + 15));
0x00004354 lw t9, -0x7fac(gp) | t9 = *(gp);
0x00004358 lw s1, (s2) | s1 = *(s2);
0x0000435c bal 0x8e80 | fcn_00008e80 ();
0x00004360 lw gp, 0x28(sp) | gp = *(var_28h);
0x00004364 lw a0, 0x30(s0) | a0 = *((s0 + 12));
0x00004368 lw a1, 0x34(s0) | a1 = *((s0 + 13));
0x0000436c lw t9, -0x7fac(gp) | t9 = *(gp);
0x00004370 sw v0, 0x20(sp) | *(var_20h) = v0;
0x00004374 sw v1, 0x24(sp) | *(var_24h) = v1;
0x00004378 bal 0x8e80 | fcn_00008e80 ();
0x0000437c lw gp, 0x28(sp) | gp = *(var_28h);
0x00004380 lw a0, 0x28(s0) | a0 = *((s0 + 10));
0x00004384 lw a1, 0x2c(s0) | a1 = *((s0 + 11));
0x00004388 lw t9, -0x7fac(gp) | t9 = *(gp);
0x0000438c sw v0, 0x18(sp) | *(var_18h) = v0;
0x00004390 sw v1, 0x1c(sp) | *(var_1ch) = v1;
0x00004394 bal 0x8e80 | fcn_00008e80 ();
0x00004398 lw gp, 0x28(sp) | gp = *(var_28h);
0x0000439c ext s1, s1, 6, 1 | __asm ("ext s1, s1, 6, 1");
0x000043a0 move a3, zero | a3 = 0;
0x000043a4 lw t9, -0x7f94(gp) | t9 = sym.cprintf_pc;
0x000043a8 sw v0, 0x10(sp) | *(var_10h) = v0;
0x000043ac sw v1, 0x14(sp) | *(var_14h) = v1;
0x000043b0 addiu a2, zero, 4 | a2 = 4;
0x000043b4 addiu a1, zero, 3 | a1 = 3;
0x000043b8 move a0, s1 | a0 = s1;
0x000043bc bal 0x7144 | sym_cprintf_pc ();
0x000043c0 lw gp, 0x28(sp) | gp = *(var_28h);
0x000043c4 lw v1, 0x44(s0) | v1 = *((s0 + 17));
0x000043c8 lw t0, 0x10(s0) | t0 = *((s0 + 4));
0x000043cc lw t1, 0x14(s0) | t1 = *((s0 + 5));
0x000043d0 lw v0, 0x40(s0) | v0 = *((s0 + 16));
0x000043d4 lw t9, -0x7f98(gp) | t9 = sym.cprintf_u64;
0x000043d8 sw v1, 0x14(sp) | *(var_14h) = v1;
0x000043dc addiu a2, zero, 7 | a2 = 7;
0x000043e0 addiu a1, zero, 2 | a1 = 2;
0x000043e4 addiu a0, zero, -1 | a0 = -1;
0x000043e8 sw t0, 0x18(sp) | *(var_18h) = t0;
0x000043ec sw t1, 0x1c(sp) | *(var_1ch) = t1;
0x000043f0 sw v0, 0x10(sp) | *(var_10h) = v0;
0x000043f4 bal 0x6bd0 | sym_cprintf_u64 ();
0x000043f8 lw gp, 0x28(sp) | gp = *(var_28h);
0x000043fc lw t9, -0x7e44(gp) | t9 = sym.imp.putchar;
0x00004400 addiu a0, zero, 0xa | a0 = 0xa;
0x00004404 jalr t9 | t9 ();
0x00004408 lw v1, 0x54(sp) | v1 = *(var_54h);
0x0000440c lw v0, (s3) | v0 = *(s3);
0x00004410 lw gp, 0x28(sp) | gp = *(var_28h);
| if (v1 != v0) {
0x00004414 bne v1, v0, 0x448c | goto label_3;
| }
0x00004418 lw ra, 0x74(sp) | ra = *(var_74h);
0x0000441c lw s5, 0x70(sp) | s5 = *(var_70h);
0x00004420 lw s4, 0x6c(sp) | s4 = *(var_6ch);
0x00004424 lw s3, 0x68(sp) | s3 = *(var_68h);
0x00004428 lw s2, 0x64(sp) | s2 = *(var_64h);
0x0000442c lw s1, 0x60(sp) | s1 = *(var_60h);
0x00004430 lw s0, 0x5c(sp) | s0 = *(var_5ch);
0x00004434 addiu sp, sp, 0x78 |
0x00004438 jr ra | return v1;
| label_1:
0x0000443c move s5, zero | s5 = 0;
0x00004440 b 0x4284 |
| } while (1);
| label_2:
0x00004444 lw t9, -0x7f90(gp) | t9 = *(gp);
0x00004448 lw a0, 0x18(s0) | a0 = *((s0 + 6));
0x0000444c lw a1, 0x1c(s0) | a1 = *((s0 + 7));
0x00004450 move a2, s4 | a2 = s4;
0x00004454 move a3, s5 | a3 = s5;
0x00004458 bal 0x7970 | fcn_00007970 ();
0x0000445c lw gp, 0x28(sp) | gp = *(var_28h);
0x00004460 lw a0, 0x20(s0) | a0 = *((s0 + 8));
0x00004464 lw a1, 0x24(s0) | a1 = *((s0 + 9));
0x00004468 lw t9, -0x7f90(gp) | t9 = *(gp);
0x0000446c move a2, s4 | a2 = s4;
0x00004470 move a3, s5 | a3 = s5;
0x00004474 move s4, v0 | s4 = v0;
0x00004478 move s5, v1 | s5 = v1;
0x0000447c bal 0x7970 | fcn_00007970 ();
0x00004480 lw gp, 0x28(sp) | gp = *(var_28h);
0x00004484 addiu a0, zero, -1 | a0 = -1;
0x00004488 b 0x4328 | goto label_0;
| label_3:
0x0000448c lw t9, -0x7ddc(gp) | t9 = sym.imp.__stack_chk_fail;
0x00004490 jalr t9 | t9 ();
0x00004494 nop |
| }
[*] Function sprintf used 2 times tapestat
