[*] Binary protection state of busybox.nosuid
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of busybox.nosuid
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/busybox.nosuid @ 0x6da4c */
| #include <stdint.h>
|
; (fcn) fcn.0006da4c () | void fcn_0006da4c () {
0x0006da4c lui gp, 3 |
0x0006da50 addiu gp, gp, -0x391c |
0x0006da54 addu gp, gp, t9 | gp += t9;
0x0006da58 lw v0, -0x74a4(gp) | v0 = *((gp - 7465));
0x0006da5c addiu sp, sp, -0x70 |
0x0006da60 lw t9, -0x7eb8(gp) | t9 = *(gp);
0x0006da64 sw v0, 0x1c(sp) | *(var_1ch) = v0;
0x0006da68 lw v0, (v0) | v0 = *(v0);
0x0006da6c sw gp, 0x10(sp) | *(var_10h) = gp;
0x0006da70 sw fp, 0x68(sp) | *(var_68h) = fp;
0x0006da74 sw s7, 0x64(sp) | *(var_64h) = s7;
0x0006da78 sw s6, 0x60(sp) | *(var_60h) = s6;
0x0006da7c sw s5, 0x5c(sp) | *(var_5ch) = s5;
0x0006da80 sw s4, 0x58(sp) | *(var_58h) = s4;
0x0006da84 sw s3, 0x54(sp) | *(var_54h) = s3;
0x0006da88 sw s2, 0x50(sp) | *(var_50h) = s2;
0x0006da8c sw s0, 0x48(sp) | *(var_48h) = s0;
0x0006da90 sw a0, 0x2c(sp) | *(var_2ch) = a0;
0x0006da94 sw ra, 0x6c(sp) | *(var_6ch) = ra;
0x0006da98 sw s1, 0x4c(sp) | *(var_4ch) = s1;
0x0006da9c addiu a0, zero, 1 | a0 = 1;
0x0006daa0 sw v0, 0x44(sp) | *(var_44h) = v0;
0x0006daa4 addiu s5, zero, 0x5b | s5 = 0x5b;
0x0006daa8 jalr t9 | t9 ();
0x0006daac lw gp, 0x10(sp) | gp = *(var_10h);
0x0006dab0 move s4, v0 | s4 = v0;
0x0006dab4 lw v1, 0x2c(sp) | v1 = *(var_2ch);
0x0006dab8 lw v0, -0x78d0(gp) | v0 = *(gp);
0x0006dabc lw s6, -0x7f90(gp) | s6 = *(gp);
0x0006dac0 lw s7, -0x7f90(gp) | s7 = *(gp);
0x0006dac4 lw s2, (v0) | s2 = *(v0);
0x0006dac8 lw v0, -0x78cc(gp) | v0 = *(gp);
0x0006dacc sb zero, 0x35(sp) | *(var_35h) = 0;
0x0006dad0 sw v0, 0x18(sp) | *(var_18h) = v0;
0x0006dad4 addiu v0, s6, -0x4e44 | v0 = s6 + -0x4e44;
0x0006dad8 move s0, zero | s0 = 0;
0x0006dadc move s3, zero | s3 = 0;
0x0006dae0 addiu fp, sp, 0x34 | fp = sp + 0x34;
0x0006dae4 addiu s7, s7, -0x1144 | s7 += -0x1144;
0x0006dae8 sw v0, 0x20(sp) | *(var_20h) = v0;
| do {
0x0006daec lbu v0, (v1) | v0 = *(v1);
0x0006daf0 addiu v0, zero, 0x5c | v0 = 0x5c;
| if (v0 == 0) {
0x0006daf4 beqz v0, 0x6dbc8 | goto label_2;
| }
0x0006daf8 addiu s6, v1, 1 | s6 = v1 + 1;
0x0006dafc sw fp, 0x30(sp) | *(var_30h) = fp;
0x0006db00 sw s6, 0x2c(sp) | *(var_2ch) = s6;
0x0006db04 lbu s1, (v1) | s1 = *(v1);
0x0006db08 move a0, fp | a0 = fp;
| if (s1 == v0) {
0x0006db0c beq s1, v0, 0x6db8c | goto label_3;
| }
| label_1:
0x0006db10 lw t9, -0x7644(gp) | t9 = sym.imp.strlen;
0x0006db14 sb s1, 0x34(sp) | *(var_34h) = s1;
0x0006db18 jalr t9 | t9 ();
0x0006db1c addiu v1, zero, 0xa | v1 = 0xa;
0x0006db20 lw gp, 0x10(sp) | gp = *(var_10h);
0x0006db24 addu s3, s3, v0 | s3 += v0;
| if (s1 == v1) {
0x0006db28 beq s1, v1, 0x6dc6c | goto label_4;
| }
0x0006db2c move s6, zero | s6 = 0;
0x0006db30 addiu a0, zero, 0x5d | a0 = 0x5d;
0x0006db34 lw t9, -0x7de0(gp) | t9 = *(gp);
| if (s5 != a0) {
0x0006db38 beq s5, a0, 0x6db4c |
0x0006db3c lw a0, 0x10(s2) | a0 = *((s2 + 4));
0x0006db40 addu v0, a0, v0 | v0 = a0 + v0;
0x0006db44 sw v0, 0x10(s2) | *((s2 + 4)) = v0;
| label_0:
0x0006db48 lw t9, -0x7de0(gp) | t9 = *(gp);
| }
0x0006db4c move a0, s4 | a0 = s4;
0x0006db50 addiu a1, s3, 1 | a1 = s3 + 1;
0x0006db54 jalr t9 | t9 ();
0x0006db58 lw gp, 0x10(sp) | gp = *(var_10h);
0x0006db5c lw a1, 0x30(sp) | a1 = *(var_30h);
0x0006db60 lw t9, -0x7588(gp) | t9 = sym.imp.strcat
0x0006db64 move a0, v0 | a0 = v0;
0x0006db68 jalr t9 | t9 ();
0x0006db6c lw gp, 0x10(sp) | gp = *(var_10h);
0x0006db70 move a0, s6 | a0 = s6;
0x0006db74 lw t9, -0x7490(gp) | t9 = *((gp - 7460));
0x0006db78 move s4, v0 | s4 = v0;
0x0006db7c jalr t9 | t9 ();
0x0006db80 lw gp, 0x10(sp) | gp = *(var_10h);
0x0006db84 lw v1, 0x2c(sp) | v1 = *(var_2ch);
0x0006db88 b 0x6daec |
| } while (1);
| label_3:
0x0006db8c lbu a0, 1(v1) | a0 = *((v1 + 1));
0x0006db90 addiu v0, zero, 0x74 | v0 = 0x74;
0x0006db94 sw v1, 0x24(sp) | *(var_24h) = v1;
| if (a0 != v0) {
0x0006db98 beq a0, v0, 0x6dc78 |
0x0006db9c lw t9, -0x797c(gp) | t9 = *(gp);
0x0006dba0 addiu a0, sp, 0x2c | a0 = sp + 0x2c;
0x0006dba4 bal 0x71cf4 | fcn_00071cf4 ();
0x0006dba8 lw a0, 0x2c(sp) | a0 = *(var_2ch);
0x0006dbac lw gp, 0x10(sp) | gp = *(var_10h);
0x0006dbb0 move s1, v0 | s1 = v0;
0x0006dbb4 lw v1, 0x24(sp) | v1 = *(var_24h);
| if (s6 != a0) {
0x0006dbb8 bne s6, a0, 0x6dc98 | goto label_5;
| }
0x0006dbbc lbu v0, 1(v1) | v0 = *((v1 + 1));
0x0006dbc0 addiu v1, s6, 1 | v1 = s6 + 1;
| if (v0 != 0) {
0x0006dbc4 bnez v0, 0x6dc7c | goto label_6;
| }
| label_2:
0x0006dbc8 lw v0, 0x18(sp) | v0 = *(var_18h);
0x0006dbcc lw t9, -0x7490(gp) | t9 = *((gp - 7460));
| if (s0 != v0) {
0x0006dbd0 beq s0, v0, 0x6dbe0 |
0x0006dbd4 move a0, s0 | a0 = s0;
0x0006dbd8 jalr t9 | t9 ();
0x0006dbdc lw gp, 0x10(sp) | gp = *(var_10h);
| }
0x0006dbe0 lw t9, -0x7758(gp) | t9 = sym.imp.strrchr;
0x0006dbe4 sw s4, 0x28(s2) | *((s2 + 10)) = s4;
0x0006dbe8 sw s4, 0x24(s2) | *((s2 + 9)) = s4;
0x0006dbec addiu a1, zero, 0xa | a1 = 0xa;
0x0006dbf0 move a0, s4 | a0 = s4;
0x0006dbf4 jalr t9 | t9 ();
0x0006dbf8 sw v0, 0x2c(sp) | *(var_2ch) = v0;
0x0006dbfc lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 != 0) {
0x0006dc00 beqz v0, 0x6dc0c |
0x0006dc04 addiu v0, v0, 1 | v0++;
0x0006dc08 sw v0, 0x28(s2) | *((s2 + 10)) = v0;
| }
0x0006dc0c lw t9, -0x7fcc(gp) | t9 = *(gp);
| /* fcn.0006d9d4 */
0x0006dc10 addiu t9, t9, -0x262c | t9 += -0x262c;
0x0006dc14 addiu a0, zero, 1 | a0 = 1;
0x0006dc18 bal 0x6d9d4 | fcn_0006d9d4 ();
0x0006dc1c lw v0, 0x1c(sp) | v0 = *(var_1ch);
0x0006dc20 lw v1, 0x44(sp) | v1 = *(var_44h);
0x0006dc24 lw gp, 0x10(sp) | gp = *(var_10h);
0x0006dc28 lw v0, (v0) | v0 = *(v0);
0x0006dc2c lw ra, 0x6c(sp) | ra = *(var_6ch);
| if (v1 == v0) {
0x0006dc30 bne v1, v0, 0x6dc60 |
0x0006dc34 lw fp, 0x68(sp) | fp = *(var_68h);
0x0006dc38 lw s7, 0x64(sp) | s7 = *(var_64h);
0x0006dc3c lw s6, 0x60(sp) | s6 = *(var_60h);
0x0006dc40 lw s5, 0x5c(sp) | s5 = *(var_5ch);
0x0006dc44 lw s4, 0x58(sp) | s4 = *(var_58h);
0x0006dc48 lw s3, 0x54(sp) | s3 = *(var_54h);
0x0006dc4c lw s2, 0x50(sp) | s2 = *(var_50h);
0x0006dc50 lw s1, 0x4c(sp) | s1 = *(var_4ch);
0x0006dc54 lw s0, 0x48(sp) | s0 = *(var_48h);
0x0006dc58 addiu sp, sp, 0x70 |
0x0006dc5c jr ra | return v0;
| }
0x0006dc60 lw t9, -0x750c(gp) | t9 = sym.imp.__stack_chk_fail;
0x0006dc64 jalr t9 | t9 ();
0x0006dc68 nop |
| label_4:
0x0006dc6c sw zero, 0x10(s2) | *((s2 + 4)) = 0;
0x0006dc70 move s6, zero | s6 = 0;
0x0006dc74 b 0x6db48 | goto label_0;
| }
0x0006dc78 addiu v1, s6, 1 | v1 = s6 + 1;
| label_6:
0x0006dc7c sw v1, 0x2c(sp) | *(var_2ch) = v1;
0x0006dc80 lbu s1, (s6) | s1 = *(s6);
0x0006dc84 addiu v0, s1, -0x24 | v0 = s1 + -0x24;
0x0006dc88 andi v0, v0, 0xff | v0 &= 0xff;
0x0006dc8c sltiu a0, v0, 0x55 | a0 = (v0 < 0x55) ? 1 : 0;
0x0006dc90 sll v0, v0, 2 | v0 <<= 2;
| if (a0 == 0) {
0x0006dc94 bnez a0, 0x6dca0 |
| label_5:
0x0006dc98 lw a0, 0x30(sp) | a0 = *(var_30h);
0x0006dc9c b 0x6db10 | goto label_1;
| }
0x0006dca0 lwx v0, v0(s7) | __asm ("lwx v0, v0(s7)");
0x0006dca4 addu v0, v0, gp | v0 += gp;
0x0006dca8 jr v0 | v0 ();
0x0006dcac nop |
| }
[*] Function strcat used 2 times busybox.nosuid
