[*] Binary protection state of mpstat
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of mpstat
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/mpstat @ 0xabfc */
| #include <stdint.h>
|
; (fcn) sym.get_persistent_names () | void get_persistent_names () {
| label_2:
0x0000abfc lui gp, 2 |
0x0000ac00 addiu gp, gp, -0x3b4c |
0x0000ac04 addu gp, gp, t9 | gp += t9;
0x0000ac08 lw v0, -0x7d3c(gp) | v0 = *((gp - 8015));
0x0000ac0c addiu sp, sp, -0x58 |
0x0000ac10 lw a0, -0x7e7c(gp) | a0 = *(gp);
0x0000ac14 sw v0, 0x20(sp) | *(var_20h) = v0;
0x0000ac18 lw v0, (v0) | v0 = *(v0);
0x0000ac1c lw t9, -0x7e80(gp) | t9 = sym.get_persistent_type_dir;
0x0000ac20 sw gp, 0x10(sp) | *(var_10h) = gp;
0x0000ac24 sw ra, 0x54(sp) | *(var_54h) = ra;
0x0000ac28 sw fp, 0x50(sp) | *(var_50h) = fp;
0x0000ac2c sw s7, 0x4c(sp) | *(var_4ch) = s7;
0x0000ac30 sw s6, 0x48(sp) | *(var_48h) = s6;
0x0000ac34 sw s5, 0x44(sp) | *(var_44h) = s5;
0x0000ac38 sw s4, 0x40(sp) | *(var_40h) = s4;
0x0000ac3c sw s3, 0x3c(sp) | *(var_3ch) = s3;
0x0000ac40 sw s2, 0x38(sp) | *(var_38h) = s2;
0x0000ac44 sw s1, 0x34(sp) | *(var_34h) = s1;
0x0000ac48 sw s0, 0x30(sp) | *(var_30h) = s0;
0x0000ac4c sw v0, 0x2c(sp) | *(var_2ch) = v0;
0x0000ac50 bal 0xaac0 | sym_get_persistent_type_dir ();
0x0000ac54 nop |
0x0000ac58 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x0000ac5c beqz v0, 0xadf8 | goto label_4;
| }
0x0000ac60 lw t9, -0x7dc0(gp) | t9 = sym.imp.scandir;
0x0000ac64 lw a3, -0x7dec(gp) | a3 = *((gp - 8059));
0x0000ac68 move a2, zero | a2 = 0;
0x0000ac6c addiu a1, sp, 0x28 | a1 = sp + 0x28;
0x0000ac70 move a0, v0 | a0 = v0;
0x0000ac74 jalr t9 | t9 ();
0x0000ac78 move s1, v0 | s1 = v0;
0x0000ac7c lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 < 0) {
0x0000ac80 bltz v0, 0xadf8 | goto label_4;
| }
0x0000ac84 slti v0, v0, 3 | v0 = (v0 < 3) ? 1 : 0;
0x0000ac88 lw fp, 0x28(sp) | fp = *(var_28h_2);
| if (v0 == 0) {
0x0000ac8c beqz v0, 0xad14 | goto label_5;
| }
0x0000ac90 move s3, zero | s3 = 0;
| if (s1 == 0) {
0x0000ac94 beqz s1, 0xacc0 | goto label_6;
| }
| label_0:
0x0000ac98 move s0, zero | s0 = 0;
| do {
0x0000ac9c sll a0, s0, 2 | a0 = s0 << 2;
0x0000aca0 lw t9, -0x7d34(gp) | t9 = sym.imp.free;
0x0000aca4 lwx a0, a0(fp) | __asm ("lwx a0, a0(fp)");
0x0000aca8 addiu s0, s0, 1 | s0++;
0x0000acac jalr t9 | t9 ();
0x0000acb0 slt v0, s0, s1 | v0 = (s0 < s1) ? 1 : 0;
0x0000acb4 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000acb8 lw fp, 0x28(sp) | fp = *(var_28h_2);
0x0000acbc bnez v0, 0xac9c |
| } while (v0 != 0);
| label_6:
0x0000acc0 lw t9, -0x7d34(gp) | t9 = sym.imp.free;
0x0000acc4 move a0, fp | a0 = fp;
0x0000acc8 jalr t9 | t9 ();
0x0000accc lw gp, 0x10(sp) | gp = *(var_10h);
| label_1:
0x0000acd0 lw v0, 0x20(sp) | v0 = *(var_20h);
0x0000acd4 lw a0, 0x2c(sp) | a0 = *(var_2ch);
0x0000acd8 lw v1, (v0) | v1 = *(v0);
0x0000acdc move v0, s3 | v0 = s3;
| if (a0 != v1) {
0x0000ace0 bne a0, v1, 0xae00 | goto label_7;
| }
0x0000ace4 lw ra, 0x54(sp) | ra = *(var_54h);
0x0000ace8 lw fp, 0x50(sp) | fp = *(var_50h);
0x0000acec lw s7, 0x4c(sp) | s7 = *(var_4ch);
0x0000acf0 lw s6, 0x48(sp) | s6 = *(var_48h);
0x0000acf4 lw s5, 0x44(sp) | s5 = *(var_44h);
0x0000acf8 lw s4, 0x40(sp) | s4 = *(var_40h);
0x0000acfc lw s3, 0x3c(sp) | s3 = *(var_3ch);
0x0000ad00 lw s2, 0x38(sp) | s2 = *(var_38h);
0x0000ad04 lw s1, 0x34(sp) | s1 = *(var_34h);
0x0000ad08 lw s0, 0x30(sp) | s0 = *(var_30h);
0x0000ad0c addiu sp, sp, 0x58 |
0x0000ad10 jr ra | return v0;
| label_5:
0x0000ad14 lw t9, -0x7e1c(gp) | t9 = sym.imp.calloc;
0x0000ad18 addiu a1, zero, 4 | a1 = 4;
0x0000ad1c addiu a0, s1, -1 | a0 = s1 + -1;
0x0000ad20 jalr t9 | t9 ();
0x0000ad24 move s3, v0 | s3 = v0;
0x0000ad28 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x0000ad2c beqz v0, 0xac98 | goto label_0;
| }
0x0000ad30 lw v0, -0x7fd4(gp) | v0 = *((gp - 8181));
0x0000ad34 sll s5, s1, 2 | s5 = s1 << 2;
0x0000ad38 addiu v0, v0, -0x1d7c | v0 += -0x1d7c;
0x0000ad3c sw v0, 0x1c(sp) | *(var_1ch_3) = v0;
0x0000ad40 lw v0, -0x7fd4(gp) | v0 = *((gp - 8181));
0x0000ad44 move s7, fp | s7 = fp;
0x0000ad48 addiu v0, v0, -0x1d78 | v0 += -0x1d78;
0x0000ad4c addu s5, s5, fp | s5 += fp;
0x0000ad50 move s6, zero | s6 = 0;
0x0000ad54 sw v0, 0x24(sp) | *(var_24h_2) = v0;
0x0000ad58 lw s0, (s7) | s0 = *(s7);
| do {
0x0000ad5c lw t9, -0x7d18(gp) | t9 = sym.imp.strcmp;
0x0000ad60 addiu s0, s0, 0xb | s0 += 0xb;
0x0000ad64 lw a0, 0x1c(sp) | a0 = *(var_1ch_3);
0x0000ad68 move a1, s0 | a1 = s0;
0x0000ad6c jalr t9 | t9 ();
0x0000ad70 sll s2, s6, 2 | s2 = s6 << 2;
0x0000ad74 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000ad78 addu s4, s3, s2 | s4 = s3 + s2;
| if (v0 != 0) {
0x0000ad7c beqz v0, 0xade4 |
0x0000ad80 lw t9, -0x7d18(gp) | t9 = sym.imp.strcmp;
0x0000ad84 lw a0, 0x24(sp) | a0 = *(var_24h_2);
0x0000ad88 move a1, s0 | a1 = s0;
0x0000ad8c jalr t9 | t9 ();
0x0000ad90 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x0000ad94 beqz v0, 0xade4 | goto label_8;
| }
0x0000ad98 lw t9, -0x7da0(gp) | t9 = sym.imp.strlen;
0x0000ad9c move a0, s0 | a0 = s0;
0x0000ada0 jalr t9 | t9 ();
0x0000ada4 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000ada8 addiu a1, zero, 1 | a1 = 1;
0x0000adac lw t9, -0x7e1c(gp) | t9 = sym.imp.calloc;
0x0000adb0 addiu a0, v0, 1 | a0 = v0 + 1;
0x0000adb4 jalr t9 | t9 ();
0x0000adb8 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000adbc sw v0, (s4) | *(s4) = v0;
| if (v0 == 0) {
0x0000adc0 beqz v0, 0xade4 | goto label_8;
| }
0x0000adc4 lw t9, -0x7d74(gp) | t9 = sym.imp.strcpy
0x0000adc8 move a1, s0 | a1 = s0;
0x0000adcc move a0, v0 | a0 = v0;
0x0000add0 jalr t9 | t9 ();
0x0000add4 addiu s2, s2, 4 | s2 += 4;
0x0000add8 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000addc addiu s6, s6, 1 | s6++;
0x0000ade0 addu s4, s3, s2 | s4 = s3 + s2;
| }
| label_8:
0x0000ade4 addiu s7, s7, 4 | s7 += 4;
0x0000ade8 lw s0, (s7) | s0 = *(s7);
0x0000adec bnel s5, s7, 0xad5c |
| } while (s5 == s7);
0x0000adf0 sw zero, (s4) | *(s4) = 0;
0x0000adf4 b 0xac98 | goto label_0;
| label_4:
0x0000adf8 move s3, zero | s3 = 0;
0x0000adfc b 0xacd0 | goto label_1;
| label_7:
0x0000ae00 lw t9, -0x7d50(gp) | t9 = sym.imp.__stack_chk_fail;
0x0000ae04 jalr t9 | t9 ();
0x0000ae08 nop |
0x0000ae0c lui gp, 2 |
0x0000ae10 addiu gp, gp, -0x3d5c |
0x0000ae14 addu gp, gp, t9 | gp += t9;
0x0000ae18 addiu sp, sp, -0x1040 |
0x0000ae1c lw t9, -0x7e78(gp) | t9 = sym.get_persistent_names;
0x0000ae20 sw s5, 0x1034(sp) | *(var_1034h) = s5;
0x0000ae24 lw s5, -0x7d3c(gp) | s5 = *((gp - 8015));
0x0000ae28 sw s2, 0x1028(sp) | *(var_1028h) = s2;
0x0000ae2c lw s2, -0x7ea8(gp) | s2 = *((gp - 8106));
0x0000ae30 lw v0, (s5) | v0 = *(s5);
0x0000ae34 sw gp, 0x10(sp) | *(var_10h_2) = gp;
0x0000ae38 sw s4, 0x1030(sp) | *(var_1030h) = s4;
0x0000ae3c sw ra, 0x103c(sp) | *(var_103ch) = ra;
0x0000ae40 sw s6, 0x1038(sp) | *(var_1038h) = s6;
0x0000ae44 sw s3, 0x102c(sp) | *(var_102ch) = s3;
0x0000ae48 sw s1, 0x1024(sp) | *(var_1024h) = s1;
0x0000ae4c sw s0, 0x1020(sp) | *(var_1020h) = s0;
0x0000ae50 sw v0, 0x101c(sp) | *(var_101ch) = v0;
0x0000ae54 sb zero, -0xbe0(s2) | *((s2 - 3040)) = 0;
0x0000ae58 move s4, a0 | s4 = a0;
0x0000ae5c bal 0xabfc | sym_get_persistent_names ();
| goto label_2;
0x0000ae60 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x0000ae64 beqz v0, 0xaf80 | goto label_9;
| }
0x0000ae68 move s0, v0 | s0 = v0;
0x0000ae6c move s3, v0 | s3 = v0;
0x0000ae70 lw a0, (s0) | a0 = *(s0);
0x0000ae74 lw s1, -0x7e74(gp) | s1 = sym.get_persistent_name_path;
0x0000ae78 addiu s6, sp, 0x1c | s6 = sp + 0x1c;
| if (a0 == 0) {
0x0000ae7c beqz a0, 0xaf0c | goto label_3;
| }
0x0000ae80 move t9, s1 | t9 = s1;
| do {
0x0000ae84 bal 0xab50 | sym_get_persistent_name_path ();
0x0000ae88 nop |
0x0000ae8c lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 != 0) {
0x0000ae90 beqz v0, 0xaefc |
0x0000ae94 lw t9, -0x7d5c(gp) | t9 = sym.imp.readlink;
0x0000ae98 addiu a2, zero, 0x1000 | a2 = 0x1000;
0x0000ae9c move a1, s6 | a1 = s6;
0x0000aea0 move a0, v0 | a0 = v0;
0x0000aea4 jalr t9 | t9 ();
0x0000aea8 addiu v1, v0, -1 | v1 = v0 + -1;
0x0000aeac sltiu v1, v1, 0xfff | v1 = (v1 < 0xfff) ? 1 : 0;
0x0000aeb0 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v1 == 0) {
0x0000aeb4 beqz v1, 0xaefc | goto label_10;
| }
0x0000aeb8 addiu v1, sp, 0x1020 | v1 = sp + 0x1020;
0x0000aebc addu v0, v1, v0 | v0 = v1 + v0;
0x0000aec0 lw t9, -0x7dc4(gp) | t9 = sym.imp.__xpg_basename;
0x0000aec4 move a0, s6 | a0 = s6;
0x0000aec8 sb zero, -0x1004(v0) | *((v0 - 4100)) = 0;
0x0000aecc jalr t9 | t9 ();
0x0000aed0 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x0000aed4 beqz v0, 0xaefc | goto label_10;
| }
0x0000aed8 lb v1, (v0) | v1 = *(v0);
0x0000aedc lw t9, -0x7dfc(gp) | t9 = sym.imp.strncmp;
| if (v1 == 0) {
0x0000aee0 beqz v1, 0xaefc | goto label_10;
| }
0x0000aee4 addiu a2, zero, 0x1000 | a2 = 0x1000;
0x0000aee8 move a1, s4 | a1 = s4;
0x0000aeec move a0, v0 | a0 = v0;
0x0000aef0 jalr t9 | t9 ();
0x0000aef4 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x0000aef8 beqz v0, 0xaf88 | goto label_11;
| }
| }
| label_10:
0x0000aefc addiu s0, s0, 4 | s0 += 4;
0x0000af00 lw a0, (s0) | a0 = *(s0);
0x0000af04 move t9, s1 | t9 = s1;
0x0000af08 bnez a0, 0xae84 |
| } while (a0 != 0);
| label_3:
0x0000af0c lw a0, (s3) | a0 = *(s3);
0x0000af10 addiu s0, s3, 4 | s0 = s3 + 4;
| if (a0 == 0) {
0x0000af14 beqz a0, 0xaf30 | goto label_12;
| }
| do {
0x0000af18 lw t9, -0x7d34(gp) | t9 = sym.imp.free;
0x0000af1c addiu s0, s0, 4 | s0 += 4;
0x0000af20 jalr t9 | t9 ();
0x0000af24 lw a0, -4(s0) | a0 = *((s0 - 1));
0x0000af28 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x0000af2c bnez a0, 0xaf18 |
| } while (a0 != 0);
| label_12:
0x0000af30 lw t9, -0x7d34(gp) | t9 = sym.imp.free;
0x0000af34 move a0, s3 | a0 = s3;
0x0000af38 jalr t9 | t9 ();
0x0000af3c lb v0, -0xbe0(s2) | v0 = *((s2 - 3040));
0x0000af40 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x0000af44 beqz v0, 0xaf80 | goto label_9;
| }
0x0000af48 addiu v0, s2, -0xbe0 | v0 = s2 + -0xbe0;
| do {
0x0000af4c lw a0, 0x101c(sp) | a0 = *(var_101ch);
0x0000af50 lw v1, (s5) | v1 = *(s5);
0x0000af54 lw ra, 0x103c(sp) | ra = *(var_103ch);
| if (a0 != v1) {
0x0000af58 bne a0, v1, 0xafac | goto label_13;
| }
0x0000af5c lw s6, 0x1038(sp) | s6 = *(var_1038h);
0x0000af60 lw s5, 0x1034(sp) | s5 = *(var_1034h);
0x0000af64 lw s4, 0x1030(sp) | s4 = *(var_1030h);
0x0000af68 lw s3, 0x102c(sp) | s3 = *(var_102ch);
0x0000af6c lw s2, 0x1028(sp) | s2 = *(var_1028h);
0x0000af70 lw s1, 0x1024(sp) | s1 = *(var_1024h);
0x0000af74 lw s0, 0x1020(sp) | s0 = *(var_1020h);
0x0000af78 addiu sp, sp, 0x1040 |
0x0000af7c jr ra | return v0;
| label_9:
0x0000af80 move v0, zero | v0 = 0;
0x0000af84 b 0xaf4c |
| } while (1);
| label_11:
0x0000af88 lw t9, -0x7dbc(gp) | t9 = sym.imp.strncpy;
0x0000af8c lw a1, (s0) | a1 = *(s0);
0x0000af90 addiu a2, zero, 0x1000 | a2 = 0x1000;
0x0000af94 addiu a0, s2, -0xbe0 | a0 = s2 + -0xbe0;
0x0000af98 jalr t9 | t9 ();
0x0000af9c addiu v0, s2, -0xbe0 | v0 = s2 + -0xbe0;
0x0000afa0 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x0000afa4 sb zero, 0xfff(v0) | *((v0 + 4095)) = 0;
0x0000afa8 b 0xaf0c | goto label_3;
| label_13:
0x0000afac lw t9, -0x7d50(gp) | t9 = sym.imp.__stack_chk_fail;
0x0000afb0 jalr t9 | t9 ();
0x0000afb4 nop |
0x0000afb8 lui gp, 2 |
0x0000afbc addiu gp, gp, -0x3f08 |
0x0000afc0 addu gp, gp, t9 | gp += t9;
0x0000afc4 addiu sp, sp, -0x1030 |
0x0000afc8 lw t9, -0x7e74(gp) | t9 = sym.get_persistent_name_path;
0x0000afcc sw s0, 0x1024(sp) | *(var_1024h_2) = s0;
0x0000afd0 lw s0, -0x7d3c(gp) | s0 = *((gp - 8015));
0x0000afd4 sw gp, 0x10(sp) | *(var_10h_3) = gp;
0x0000afd8 sw ra, 0x102c(sp) | *(var_102ch_2) = ra;
0x0000afdc lw v0, (s0) | v0 = *(s0);
0x0000afe0 sw s1, 0x1028(sp) | *(var_1028h_2) = s1;
0x0000afe4 sw v0, 0x101c(sp) | *(var_101ch_2) = v0;
0x0000afe8 bal 0xab50 | sym_get_persistent_name_path ();
0x0000afec nop |
0x0000aff0 lw gp, 0x10(sp) | gp = *(var_10h_3);
| if (v0 == 0) {
0x0000aff4 beqz v0, 0xb06c | goto label_14;
| }
0x0000aff8 lw t9, -0x7d5c(gp) | t9 = sym.imp.readlink;
0x0000affc addiu s1, sp, 0x1c | s1 = sp + 0x1c;
0x0000b000 addiu a2, zero, 0x1000 | a2 = 0x1000;
0x0000b004 move a1, s1 | a1 = s1;
0x0000b008 move a0, v0 | a0 = v0;
0x0000b00c jalr t9 | t9 ();
0x0000b010 addiu v1, v0, -1 | v1 = v0 + -1;
0x0000b014 sltiu v1, v1, 0xfff | v1 = (v1 < 0xfff) ? 1 : 0;
0x0000b018 lw gp, 0x10(sp) | gp = *(var_10h_3);
| if (v1 == 0) {
0x0000b01c beqz v1, 0xb06c | goto label_14;
| }
0x0000b020 addiu v1, sp, 0x1020 | v1 = sp + 0x1020;
0x0000b024 addu v0, v1, v0 | v0 = v1 + v0;
0x0000b028 lw t9, -0x7dc4(gp) | t9 = sym.imp.__xpg_basename;
0x0000b02c move a0, s1 | a0 = s1;
0x0000b030 sb zero, -0x1004(v0) | *((v0 - 4100)) = 0;
0x0000b034 jalr t9 | t9 ();
0x0000b038 lw gp, 0x10(sp) | gp = *(var_10h_3);
| if (v0 == 0) {
0x0000b03c beqz v0, 0xb06c | goto label_14;
| }
0x0000b040 lb v1, (v0) | v1 = *(v0);
| if (v1 == 0) {
0x0000b044 beql v1, zero, 0xb04c | goto label_15;
| }
0x0000b048 move v0, zero | v0 = 0;
| do {
| label_15:
0x0000b04c lw a0, 0x101c(sp) | a0 = *(var_101ch_2);
0x0000b050 lw v1, (s0) | v1 = *(s0);
0x0000b054 lw ra, 0x102c(sp) | ra = *(var_102ch_2);
| if (a0 != v1) {
0x0000b058 bne a0, v1, 0xb074 | goto label_16;
| }
0x0000b05c lw s1, 0x1028(sp) | s1 = *(var_1028h_2);
0x0000b060 lw s0, 0x1024(sp) | s0 = *(var_1024h_2);
0x0000b064 addiu sp, sp, 0x1030 |
0x0000b068 jr ra | return v0;
| label_14:
0x0000b06c move v0, zero | v0 = 0;
0x0000b070 b 0xb04c |
| } while (1);
| label_16:
0x0000b074 lw t9, -0x7d50(gp) | t9 = sym.imp.__stack_chk_fail;
0x0000b078 jalr t9 | t9 ();
0x0000b07c nop |
| }
[*] Function strcpy used 2 times mpstat
