[*] Binary protection state of ethtool
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of ethtool
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/ethtool @ 0x4670 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
| /* [13] -r-x section size 194672 named .text */
0x00004670 lui gp, 7 |
0x00004674 addiu gp, gp, -0x3320 |
0x00004678 addu gp, gp, t9 | gp += t9;
0x0000467c addiu sp, sp, -0x68 |
0x00004680 lw t9, -0x7ed0(gp) | t9 = sym.imp.memset;
0x00004684 sw s0, 0x50(sp) | *(var_50h) = s0;
0x00004688 lw s0, -0x7e68(gp) | s0 = *((gp - 8090));
0x0000468c sw s3, 0x5c(sp) | *(var_5ch) = s3;
0x00004690 lw s3, -0x7fc8(gp) | s3 = *((gp - 8178));
0x00004694 lw v0, (s0) | v0 = *(s0);
0x00004698 addiu s3, s3, -0x6788 | s3 += -0x6788;
0x0000469c sw gp, 0x10(sp) | *(var_10h) = gp;
0x000046a0 sw ra, 0x64(sp) | *(var_64h) = ra;
0x000046a4 sw s2, 0x58(sp) | *(var_58h) = s2;
0x000046a8 sw s1, 0x54(sp) | *(var_54h) = s1;
0x000046ac addiu a2, zero, 0x1fc | a2 = 0x1fc;
0x000046b0 sw s4, 0x60(sp) | *(var_60h) = s4;
0x000046b4 move s2, a0 | s2 = a0;
0x000046b8 move s1, a1 | s1 = a1;
0x000046bc move a0, s3 | a0 = s3;
0x000046c0 move a1, zero | a1 = 0;
0x000046c4 sw v0, 0x4c(sp) | *(var_4ch) = v0;
0x000046c8 jalr t9 | t9 ();
0x000046cc nop |
0x000046d0 lw gp, 0x10(sp) | gp = *(var_10h);
0x000046d4 move a1, zero | a1 = 0;
0x000046d8 addiu a2, zero, 0x1fc | a2 = 0x1fc;
0x000046dc lw a3, -0x7fc8(gp) | a3 = *((gp - 8178));
0x000046e0 lw t9, -0x7ed0(gp) | t9 = sym.imp.memset;
0x000046e4 addiu a3, a3, -0x6984 | a3 += -0x6984;
0x000046e8 move a0, a3 | a0 = a3;
0x000046ec jalr t9 | t9 ();
0x000046f0 lw gp, 0x10(sp) | gp = *(var_10h);
0x000046f4 move a3, v0 | a3 = v0;
0x000046f8 addiu t2, zero, 1 | t2 = 1;
0x000046fc lw a0, -0x7fd0(gp) | a0 = *(gp);
0x00004700 lw a1, -0x7fd0(gp) | a1 = *(gp);
0x00004704 addiu a0, a0, -0x74d8 | a0 += -0x74d8;
0x00004708 addiu a1, a1, -0x73f8 | a1 += -0x73f8;
0x0000470c move v0, zero | v0 = 0;
0x00004710 b 0x4718 |
| while (a1 == a0) {
0x00004714 addiu a0, a0, 4 | a0 += 4;
0x00004718 sltiu v1, v0, 0xfe0 | v1 = (v0 < 0xfe0) ? 1 : 0;
0x0000471c srl v1, v0, 5 | v1 = v0 >> 5;
| if (v1 != 0) {
0x00004720 beqz v1, 0x474c |
0x00004724 sll v1, v1, 2 | v1 <<= 2;
0x00004728 addu t1, s3, v1 | t1 = s3 + v1;
0x0000472c addu v1, a3, v1 | v1 = a3 + v1;
0x00004730 lw t0, (t1) | t0 = *(t1);
0x00004734 lw a2, (v1) | a2 = *(v1);
0x00004738 sllv v0, t2, v0 | v0 = t2 << v0;
0x0000473c or t0, t0, v0 | t0 |= v0;
0x00004740 or v0, a2, v0 | v0 = a2 | v0;
0x00004744 sw t0, (t1) | *(t1) = t0;
0x00004748 sw v0, (v1) | *(v1) = v0;
| }
0x0000474c lw v0, (a0) | v0 = *(a0);
0x00004750 bnel a1, a0, 0x4714 |
| }
0x00004754 lw v1, -0x7fd0(gp) | v1 = *(gp);
0x00004758 lw a1, -0x7fd0(gp) | a1 = *(gp);
| /* str._a_b_t_n_v_r */
0x0000475c addiu v1, v1, -0x7508 | v1 += -0x7508;
0x00004760 addiu a1, a1, -0x74dc | a1 += -0x74dc;
0x00004764 addiu v0, zero, 6 | v0 = 6;
0x00004768 addiu t0, zero, 1 | t0 = 1;
0x0000476c b 0x4774 |
| while (v1 == a1) {
0x00004770 addiu v1, v1, 4 | v1 += 4;
0x00004774 sltiu a0, v0, 0xfe0 | a0 = (v0 < 0xfe0) ? 1 : 0;
0x00004778 srl a0, v0, 5 | a0 = v0 >> 5;
| if (a0 != 0) {
0x0000477c beqz a0, 0x4798 |
0x00004780 sll a0, a0, 2 | a0 <<= 2;
0x00004784 addu a0, a3, a0 | a0 = a3 + a0;
0x00004788 sllv v0, t0, v0 | v0 = t0 << v0;
0x0000478c lw a2, (a0) | a2 = *(a0);
0x00004790 or v0, a2, v0 | v0 = a2 | v0;
0x00004794 sw v0, (a0) | *(a0) = v0;
| }
0x00004798 lw v0, (v1) | v0 = *(v1);
0x0000479c bnel v1, a1, 0x4770 |
| }
0x000047a0 addiu s4, s2, -1 | s4 = s2 + -1;
0x000047a4 addiu s3, s1, 4 | s3 = s1 + 4;
| if (s4 == 0) {
0x000047a8 beqz s4, 0x4910 | goto label_2;
| }
0x000047ac lw t9, -0x7fc4(gp) | t9 = *(gp);
0x000047b0 addiu t9, t9, -0x6f48 | t9 += -0x6f48;
0x000047b4 move a0, s3 | a0 = s3;
0x000047b8 bal 0x90b8 | fcn_000090b8 ();
0x000047bc lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 >= 0) {
0x000047c0 bgez v0, 0x48a0 | goto label_3;
| }
0x000047c4 lw v1, 4(s1) | v1 = *((s1 + 1));
0x000047c8 addiu v0, zero, 0x2d | v0 = 0x2d;
0x000047cc lb v1, (v1) | v1 = *(v1);
0x000047d0 lw s1, -0x7fc4(gp) | s1 = *(gp);
| if (v1 == v0) {
0x000047d4 beq v1, v0, 0x4910 | goto label_2;
| }
0x000047d8 addiu s1, s1, -0xc64 | s1 += -0xc64;
| do {
0x000047dc lw s2, (s3) | s2 = *(s3);
0x000047e0 addiu s4, s4, -1 | s4 += -1;
0x000047e4 addiu s3, s3, 4 | s3 += 4;
0x000047e8 sw s2, 0x1c(sp) | *(var_1ch) = s2;
| if (s2 == 0) {
0x000047ec beqz s2, 0x4910 | goto label_2;
| }
0x000047f0 lw t9, -0x7ebc(gp) | t9 = sym.imp.strlen;
0x000047f4 move a0, s2 | a0 = s2;
0x000047f8 jalr t9 | t9 ();
0x000047fc sltiu v0, v0, 0x10 | v0 = (v0 < 0x10) ? 1 : 0;
0x00004800 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x00004804 beqz v0, 0x4910 | goto label_2;
| }
0x00004808 lw t9, -0x7ed0(gp) | t9 = sym.imp.memset;
0x0000480c addiu v1, sp, 0x24 | v1 = sp + 0x24;
0x00004810 move a0, v1 | a0 = v1;
0x00004814 addiu a2, zero, 0x20 | a2 = 0x20;
0x00004818 move a1, zero | a1 = 0;
0x0000481c jalr t9 | t9 ();
0x00004820 lw gp, 0x10(sp) | gp = *(var_10h);
0x00004824 addiu a2, zero, 0x10 | a2 = 0x10;
0x00004828 move a1, s2 | a1 = s2;
0x0000482c lw t9, -0x7ef0(gp) | t9 = sym.imp.__strcpy_chk
0x00004830 move a0, v0 | a0 = v0;
0x00004834 jalr t9 | t9 ();
0x00004838 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000483c move a2, zero | a2 = 0;
0x00004840 addiu a1, zero, 1 | a1 = 1;
0x00004844 lw t9, -0x7f04(gp) | t9 = sym.imp.socket;
0x00004848 addiu a0, zero, 2 | a0 = 2;
0x0000484c jalr t9 | t9 ();
0x00004850 sw v0, 0x20(sp) | *(var_20h) = v0;
0x00004854 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 < 0) {
0x00004858 bltz v0, 0x48d4 | goto label_4;
| }
| label_0:
0x0000485c sw s4, 0x44(sp) | *(var_44h) = s4;
0x00004860 sw s3, 0x48(sp) | *(var_48h) = s3;
0x00004864 move t9, s1 | t9 = s1;
0x00004868 addiu a0, sp, 0x1c | a0 = sp + 0x1c;
0x0000486c jalr t9 | t9 ();
0x00004870 lw gp, 0x10(sp) | gp = *(var_10h);
| label_1:
0x00004874 lw a0, 0x4c(sp) | a0 = *(var_4ch);
0x00004878 lw v1, (s0) | v1 = *(s0);
0x0000487c lw ra, 0x64(sp) | ra = *(var_64h);
| if (a0 != v1) {
0x00004880 bne a0, v1, 0x4920 | goto label_5;
| }
0x00004884 lw s4, 0x60(sp) | s4 = *(var_60h);
0x00004888 lw s3, 0x5c(sp) | s3 = *(var_5ch);
0x0000488c lw s2, 0x58(sp) | s2 = *(var_58h);
0x00004890 lw s1, 0x54(sp) | s1 = *(var_54h);
0x00004894 lw s0, 0x50(sp) | s0 = *(var_50h);
0x00004898 addiu sp, sp, 0x68 |
0x0000489c jr ra | return v0;
| label_3:
0x000048a0 addiu a0, zero, 0x14 | a0 = 0x14;
0x000048a4 mul a1, v0, a0 | __asm ("mul a1, v0, a0");
0x000048a8 lw v1, -0x7fd8(gp) | v1 = *((gp - 8182));
0x000048ac addiu s3, s1, 8 | s3 = s1 + 8;
| /* esilref: '-s|--change' */
0x000048b0 addiu v1, v1, 0x5ee0 | v1 += 0x5ee0;
0x000048b4 addiu s4, s2, -2 | s4 = s2 + -2;
0x000048b8 addu v0, a1, v1 | v0 = a1 + v1;
0x000048bc lw v1, 4(v0) | v1 = *((v0 + 1));
0x000048c0 lw s1, 8(v0) | s1 = *((v0 + 2));
0x000048c4 bnez v1, 0x47dc |
| } while (v1 != 0);
0x000048c8 addiu v0, zero, -1 | v0 = -1;
0x000048cc sw v0, 0x20(sp) | *(var_20h) = v0;
0x000048d0 b 0x485c | goto label_0;
| label_4:
0x000048d4 lw t9, -0x7f04(gp) | t9 = sym.imp.socket;
0x000048d8 addiu a2, zero, 0x10 | a2 = 0x10;
0x000048dc addiu a1, zero, 3 | a1 = 3;
0x000048e0 addiu a0, zero, 0x10 | a0 = 0x10;
0x000048e4 jalr t9 | t9 ();
0x000048e8 sw v0, 0x20(sp) | *(var_20h) = v0;
0x000048ec lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 >= 0) {
0x000048f0 bgez v0, 0x485c | goto label_0;
| }
0x000048f4 lw a0, -0x7fdc(gp) | a0 = *(gp);
0x000048f8 lw t9, -0x7e7c(gp) | t9 = sym.imp.perror;
| /* str.Cannot_get_control_socket */
0x000048fc addiu a0, a0, 0x6a5c | a0 += 0x6a5c;
0x00004900 jalr t9 | t9 ();
0x00004904 lw gp, 0x10(sp) | gp = *(var_10h);
0x00004908 addiu v0, zero, 0x46 | v0 = 0x46;
0x0000490c b 0x4874 | goto label_1;
| label_2:
0x00004910 lw t9, -0x7fd4(gp) | t9 = *((gp - 8181));
0x00004914 addiu t9, t9, 0x594c | t9 += fcn.0000594c;
0x00004918 bal 0x594c | fcn_0000594c ();
0x0000491c nop |
| label_5:
0x00004920 lw t9, -0x7e70(gp) | t9 = sym.imp.__stack_chk_fail;
0x00004924 jalr t9 | t9 ();
0x00004928 nop |
0x0000492c nop |
| }
[*] Function strcpy used 2 times ethtool
