[*] Binary protection state of vftpd
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of vftpd
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/vftpd @ 0x53cc */
| #include <stdint.h>
|
; (fcn) fcn.000053cc () | void fcn_000053cc () {
0x000053cc lui gp, 2 |
0x000053d0 addiu gp, gp, -0x42bc |
0x000053d4 addu gp, gp, t9 | gp += t9;
0x000053d8 addiu sp, sp, -0x50 |
0x000053dc lw t9, -0x7dc4(gp) | t9 = sym.imp.strchr;
0x000053e0 sw s1, 0x44(sp) | *(var_44h) = s1;
0x000053e4 lw s1, -0x7d3c(gp) | s1 = *((gp - 8015));
0x000053e8 sw s2, 0x48(sp) | *(var_48h) = s2;
0x000053ec addiu s2, a0, 0xd | s2 = a0 + 0xd;
0x000053f0 lw v0, (s1) | v0 = *(s1);
0x000053f4 sw gp, 0x10(sp) | *(var_10h) = gp;
0x000053f8 sw s0, 0x40(sp) | *(var_40h) = s0;
0x000053fc sw ra, 0x4c(sp) | *(var_4ch) = ra;
0x00005400 move s0, a0 | s0 = a0;
0x00005404 addiu a1, zero, 0x25 | a1 = 0x25;
0x00005408 move a0, s2 | a0 = s2;
0x0000540c sw v0, 0x3c(sp) | *(var_3ch) = v0;
0x00005410 jalr t9 | t9 ();
0x00005414 nop |
0x00005418 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 != 0) {
0x0000541c beqz v0, 0x5424 |
0x00005420 sb zero, (v0) | *(v0) = 0;
| }
0x00005424 lw v0, (s0) | v0 = *(s0);
0x00005428 addiu v1, zero, 2 | v1 = 2;
0x0000542c lhu v0, (v0) | v0 = *(v0);
0x00005430 addiu v1, zero, 0xa | v1 = 0xa;
| if (v0 == v1) {
0x00005434 beq v0, v1, 0x54a0 | goto label_1;
| }
0x00005438 addiu v0, zero, -1 | v0 = -1;
| if (v0 != v1) {
0x0000543c bne v0, v1, 0x547c | goto label_0;
| }
0x00005440 lw t9, -0x7d38(gp) | t9 = sym.imp.inet_pton;
0x00005444 addiu a2, sp, 0x1c | a2 = sp + 0x1c;
0x00005448 move a1, s2 | a1 = s2;
0x0000544c addiu a0, zero, 0xa | a0 = 0xa;
0x00005450 jalr t9 | t9 ();
0x00005454 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 > 0) {
0x00005458 blez v0, 0x5478 |
0x0000545c lw v0, 0x1c(sp) | v0 = *(var_1ch_2);
0x00005460 ori v1, zero, 0x80fe | v1 = 0x80fe;
0x00005464 andi v0, v0, 0xc0ff | v0 &= 0xc0ff;
| if (v0 == v1) {
0x00005468 beql v0, v1, 0x54cc | goto label_2;
| }
0x0000546c lw v0, (s0) | v0 = *(s0);
0x00005470 move v0, zero | v0 = 0;
0x00005474 b 0x547c |
| } else {
0x00005478 addiu v0, zero, -1 | v0 = -1;
| }
| do {
| label_0:
0x0000547c lw a0, 0x3c(sp) | a0 = *(var_3ch);
0x00005480 lw v1, (s1) | v1 = *(s1);
0x00005484 lw ra, 0x4c(sp) | ra = *(var_4ch);
| if (a0 != v1) {
0x00005488 bne a0, v1, 0x5520 | goto label_3;
| }
0x0000548c lw s2, 0x48(sp) | s2 = *(var_48h);
0x00005490 lw s1, 0x44(sp) | s1 = *(var_44h);
0x00005494 lw s0, 0x40(sp) | s0 = *(var_40h);
0x00005498 addiu sp, sp, 0x50 |
0x0000549c jr ra | return v0;
| label_1:
0x000054a0 lw t9, -0x7d38(gp) | t9 = sym.imp.inet_pton;
0x000054a4 addiu a2, sp, 0x18 | a2 = sp + 0x18;
0x000054a8 move a1, s2 | a1 = s2;
0x000054ac addiu a0, zero, 2 | a0 = 2;
0x000054b0 jalr t9 | t9 ();
0x000054b4 slti v0, v0, 1 | v0 = (v0 < 1) ? 1 : 0;
0x000054b8 addiu v1, zero, -1 | v1 = -1;
| if (v0 != 0) {
0x000054bc movz v1, zero, v0 | v1 = 0;
| }
0x000054c0 lw gp, 0x10(sp) | gp = *(var_10h);
0x000054c4 move v0, v1 | v0 = v1;
0x000054c8 b 0x547c |
| } while (1);
| label_2:
0x000054cc lw t9, -0x7dd0(gp) | t9 = *(gp);
0x000054d0 move a0, s2 | a0 = s2;
0x000054d4 lw s0, 0x18(v0) | s0 = *((v0 + 6));
0x000054d8 jalr t9 | t9 ();
0x000054dc lw gp, 0x10(sp) | gp = *(var_10h);
0x000054e0 addu v0, s2, v0 | v0 = s2 + v0;
0x000054e4 addiu v1, zero, 0x25 | v1 = 0x25;
0x000054e8 lw t9, -0x7d24(gp) | t9 = sym.imp.if_indextoname;
0x000054ec addiu a1, sp, 0x2c | a1 = sp + 0x2c;
0x000054f0 move a0, s0 | a0 = s0;
0x000054f4 sb v1, (v0) | *(v0) = v1;
0x000054f8 sb zero, 1(v0) | *((v0 + 1)) = 0;
0x000054fc jalr t9 | t9 ();
0x00005500 lw gp, 0x10(sp) | gp = *(var_10h);
0x00005504 move a1, v0 | a1 = v0;
0x00005508 lw t9, -0x7d94(gp) | t9 = sym.imp.strcat
0x0000550c move a0, s2 | a0 = s2;
0x00005510 jalr t9 | t9 ();
0x00005514 lw gp, 0x10(sp) | gp = *(var_10h);
0x00005518 move v0, zero | v0 = 0;
0x0000551c b 0x547c | goto label_0;
| label_3:
0x00005520 lw t9, -0x7d64(gp) | t9 = sym.imp.__stack_chk_fail;
0x00005524 jalr t9 | t9 ();
0x00005528 nop |
| }
[*] Function strcat used 2 times vftpd
