[*] Binary protection state of dbox
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of dbox
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/dbox @ 0xc4c4 */
| #include <stdint.h>
|
; (fcn) fcn.0000c4c4 () | void fcn_0000c4c4 () {
0x0000c4c4 lui gp, 2 |
0x0000c4c8 addiu gp, gp, 0x4bac |
0x0000c4cc addu gp, gp, t9 | gp += t9;
0x0000c4d0 addiu sp, sp, -0x48 |
0x0000c4d4 lw t9, -0x7d00(gp) | t9 = sym.imp.opendir;
0x0000c4d8 sw fp, 0x40(sp) | *(var_40h) = fp;
0x0000c4dc move fp, a0 | fp = a0;
0x0000c4e0 lw a0, -0x7fdc(gp) | a0 = *(gp);
0x0000c4e4 sw gp, 0x10(sp) | *(var_10h) = gp;
0x0000c4e8 sw s7, 0x3c(sp) | *(var_3ch) = s7;
0x0000c4ec sw s6, 0x38(sp) | *(var_38h) = s6;
0x0000c4f0 sw s5, 0x34(sp) | *(var_34h) = s5;
0x0000c4f4 sw s4, 0x30(sp) | *(var_30h) = s4;
0x0000c4f8 sw s2, 0x28(sp) | *(var_28h) = s2;
0x0000c4fc sw s1, 0x24(sp) | *(var_24h) = s1;
0x0000c500 sw ra, 0x44(sp) | *(var_44h) = ra;
0x0000c504 sw s3, 0x2c(sp) | *(var_2ch) = s3;
0x0000c508 sw s0, 0x20(sp) | *(var_20h) = s0;
| /* str._proc */
0x0000c50c addiu a0, a0, 0x5698 | a0 += 0x5698;
0x0000c510 move s7, a1 | s7 = a1;
0x0000c514 move s6, a2 | s6 = a2;
0x0000c518 jalr t9 | t9 ();
0x0000c51c lw gp, 0x10(sp) | gp = *(var_10h);
0x0000c520 move s1, v0 | s1 = v0;
0x0000c524 lui s5, 0x6f72 | s5 = 0x6f720000;
0x0000c528 lw s4, -0x7fdc(gp) | s4 = *(gp);
0x0000c52c addiu s2, zero, 4 | s2 = 4;
0x0000c530 addiu v0, s4, -0x3d64 | v0 = s4 + -0x3d64;
0x0000c534 addiu s5, s5, 0x702f | s5 += 0x702f;
0x0000c538 sw v0, 0x1c(sp) | *(var_1ch) = v0;
| label_0:
0x0000c53c lw t9, -0x7cc4(gp) | t9 = sym.imp.readdir;
| do {
0x0000c540 move a0, s1 | a0 = s1;
0x0000c544 jalr t9 | t9 ();
0x0000c548 move s4, v0 | s4 = v0;
0x0000c54c lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x0000c550 beqz v0, 0xc65c | goto label_4;
| }
| label_2:
0x0000c554 lbu v0, 0xa(s4) | v0 = *((s4 + 10));
0x0000c558 lw t9, -0x7cc4(gp) | t9 = sym.imp.readdir;
0x0000c55c bne v0, s2, 0xc540 |
| } while (v0 != s2);
0x0000c560 lb s0, 0xb(s4) | s0 = *((s4 + 11));
0x0000c564 addiu s3, s4, 0xb | s3 = s4 + 0xb;
| if (s0 == 0) {
0x0000c568 beqz s0, 0xc5a4 | goto label_5;
| }
0x0000c56c lw t9, -0x7d14(gp) | t9 = sym.imp.__ctype_b_loc;
0x0000c570 sll s0, s0, 1 | s0 <<= 1;
0x0000c574 jalr t9 | t9 ();
0x0000c578 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000c57c lw a0, (v0) | a0 = *(v0);
0x0000c580 addiu v0, s4, 0xc | v0 = s4 + 0xc;
| label_1:
0x0000c584 addu s0, a0, s0 | s0 = a0 + s0;
0x0000c588 lhu v1, (s0) | v1 = *(s0);
0x0000c58c andi v1, v1, 0x800 | v1 &= 0x800;
0x0000c590 addiu v0, v0, 1 | v0++;
| if (v1 == 0) {
0x0000c594 beqz v1, 0xc53c | goto label_0;
| }
0x0000c598 lb s0, -1(v0) | s0 = *((v0 - 1));
0x0000c59c sll s0, s0, 1 | s0 <<= 1;
| if (s0 != 0) {
0x0000c5a0 bnez s0, 0xc584 | goto label_1;
| }
| label_5:
0x0000c5a4 lw t9, -0x7da0(gp) | t9 = sym.imp.malloc;
0x0000c5a8 addiu a0, zero, 0xc8 | a0 = 0xc8;
0x0000c5ac jalr t9 | t9 ();
0x0000c5b0 move s0, v0 | s0 = v0;
0x0000c5b4 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x0000c5b8 beqz v0, 0xc6a0 | goto label_6;
| }
0x0000c5bc lw t9, -0x7bf8(gp) | t9 = sym.imp.__stpcpy_chk;
0x0000c5c0 addiu v0, zero, 0x2f63 | v0 = 0x2f63;
0x0000c5c4 move a1, s3 | a1 = s3;
0x0000c5c8 addiu a2, zero, 0xc8 | a2 = 0xc8;
0x0000c5cc addiu a0, s0, 6 | a0 = s0 + 6;
0x0000c5d0 sw s5, (s0) | *(s0) = s5;
0x0000c5d4 sh v0, 4(s0) | *((s0 + 2)) = v0;
0x0000c5d8 jalr t9 | t9 ();
0x0000c5dc lw gp, 0x10(sp) | gp = *(var_10h);
0x0000c5e0 addiu a2, zero, 0xc8 | a2 = 0xc8;
0x0000c5e4 move a1, s6 | a1 = s6;
0x0000c5e8 lw t9, -0x7d78(gp) | t9 = sym.imp.__strcpy_chk
0x0000c5ec move a0, v0 | a0 = v0;
0x0000c5f0 jalr t9 | t9 ();
0x0000c5f4 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000c5f8 move a0, s3 | a0 = s3;
0x0000c5fc addiu a2, zero, 0xa | a2 = 0xa;
0x0000c600 lw t9, -0x7ccc(gp) | t9 = sym.imp.strtol;
0x0000c604 move a1, zero | a1 = 0;
0x0000c608 jalr t9 | t9 ();
0x0000c60c lw t9, 0x1c(sp) | t9 = *(var_1ch);
0x0000c610 move a0, fp | a0 = fp;
0x0000c614 move a3, v0 | a3 = v0;
0x0000c618 move a2, s0 | a2 = s0;
0x0000c61c move a1, s7 | a1 = s7;
0x0000c620 jalr t9 | t9 ();
0x0000c624 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000c628 move s3, v0 | s3 = v0;
0x0000c62c move a0, s0 | a0 = s0;
0x0000c630 lw t9, -0x7cd0(gp) | t9 = sym.imp.free;
| if (v0 == 0) {
0x0000c634 beqz v0, 0xc6a8 | goto label_7;
| }
0x0000c638 jalr t9 | t9 ();
0x0000c63c nop |
0x0000c640 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000c644 lw t9, -0x7cc4(gp) | t9 = sym.imp.readdir;
0x0000c648 move a0, s1 | a0 = s1;
0x0000c64c jalr t9 | t9 ();
0x0000c650 move s4, v0 | s4 = v0;
0x0000c654 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 != 0) {
0x0000c658 bnez v0, 0xc554 | goto label_2;
| }
| label_4:
0x0000c65c addiu s3, zero, 1 | s3 = 1;
| do {
| label_3:
0x0000c660 lw t9, -0x7d8c(gp) | t9 = sym.imp.closedir;
0x0000c664 move a0, s1 | a0 = s1;
0x0000c668 jalr t9 | t9 ();
0x0000c66c lw ra, 0x44(sp) | ra = *(var_44h);
0x0000c670 move v0, s3 | v0 = s3;
0x0000c674 lw fp, 0x40(sp) | fp = *(var_40h);
0x0000c678 lw s7, 0x3c(sp) | s7 = *(var_3ch);
0x0000c67c lw s6, 0x38(sp) | s6 = *(var_38h);
0x0000c680 lw s5, 0x34(sp) | s5 = *(var_34h);
0x0000c684 lw s4, 0x30(sp) | s4 = *(var_30h);
0x0000c688 lw s3, 0x2c(sp) | s3 = *(var_2ch);
0x0000c68c lw s2, 0x28(sp) | s2 = *(var_28h);
0x0000c690 lw s1, 0x24(sp) | s1 = *(var_24h);
0x0000c694 lw s0, 0x20(sp) | s0 = *(var_20h);
0x0000c698 addiu sp, sp, 0x48 |
0x0000c69c jr ra | return v0;
| label_6:
0x0000c6a0 move s3, zero | s3 = 0;
0x0000c6a4 b 0xc660 |
| } while (1);
| label_7:
0x0000c6a8 jalr t9 | t9 ();
0x0000c6ac nop |
0x0000c6b0 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000c6b4 b 0xc660 | goto label_3;
| }
[*] Function strcpy used 2 times dbox
