[*] Binary protection state of parhandclient
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of parhandclient
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/parhandclient @ 0x43c4 */
| #include <stdint.h>
|
; (fcn) fcn.000043c4 () | void fcn_000043c4 () {
0x000043c4 lui gp, 2 |
0x000043c8 addiu gp, gp, -0x42c4 |
0x000043cc addu gp, gp, t9 | gp += t9;
0x000043d0 addiu sp, sp, -0xf8 |
0x000043d4 sw s6, 0xe8(sp) | *(var_e8h) = s6;
0x000043d8 lw s6, -0x7ef0(gp) | s6 = *((gp - 8124));
0x000043dc sw gp, 0x18(sp) | *(var_18h) = gp;
0x000043e0 sw ra, 0xf4(sp) | *(var_f4h) = ra;
0x000043e4 lw v0, (s6) | v0 = *(s6);
0x000043e8 sw fp, 0xf0(sp) | *(var_f0h) = fp;
0x000043ec sw s7, 0xec(sp) | *(var_ech) = s7;
0x000043f0 sw s5, 0xe4(sp) | *(var_e4h) = s5;
0x000043f4 sw s4, 0xe0(sp) | *(var_e0h) = s4;
0x000043f8 sw s3, 0xdc(sp) | *(var_dch) = s3;
0x000043fc sw s2, 0xd8(sp) | *(var_d8h) = s2;
0x00004400 sw s1, 0xd4(sp) | *(var_d4h) = s1;
0x00004404 sw s0, 0xd0(sp) | *(var_d0h) = s0;
0x00004408 sw v0, 0xcc(sp) | *(var_cch) = v0;
0x0000440c lw t9, -0x7ebc(gp) | t9 = sym.imp.opendir;
| if (a0 == 0) {
0x00004410 beqz a0, 0x4634 | goto label_6;
| }
0x00004414 move s3, a0 | s3 = a0;
0x00004418 jalr t9 | t9 ();
0x0000441c move s5, v0 | s5 = v0;
0x00004420 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00004424 beqz v0, 0x45e8 | goto label_7;
| }
0x00004428 lb v0, (s3) | v0 = *(s3);
| if (v0 != 0) {
0x0000442c beql v0, zero, 0x4458 |
0x00004430 sw zero, 0x24(sp) | *(var_24h_2) = 0;
0x00004434 lw t9, -0x7ed8(gp) | t9 = sym.imp.strlen;
0x00004438 move a0, s3 | a0 = s3;
0x0000443c jalr t9 | t9 ();
0x00004440 addu v0, s3, v0 | v0 = s3 + v0;
0x00004444 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004448 lb v0, -1(v0) | v0 = *((v0 - 1));
0x0000444c xori v0, v0, 0x2f | v0 ^= 0x2f;
0x00004450 sltiu v0, v0, 1 | v0 = (v0 < 1) ? 1 : 0;
0x00004454 sw v0, 0x24(sp) | *(var_24h_2) = v0;
| }
0x00004458 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x0000445c lw s7, -0x7fd8(gp) | s7 = *((gp - 8182));
0x00004460 sw v0, 0x20(sp) | *(var_20h_2) = v0;
0x00004464 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x00004468 move fp, zero | fp = 0;
0x0000446c addiu v0, v0, 0x43c4 | v0 += fcn.000043c4;
0x00004470 sw v0, 0x30(sp) | *(var_30h) = v0;
0x00004474 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x00004478 move s0, zero | s0 = 0;
0x0000447c addiu v0, v0, 0x40e4 | v0 += fcn.000040e4;
0x00004480 sw v0, 0x2c(sp) | *(var_2ch) = v0;
0x00004484 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x00004488 move s4, zero | s4 = 0;
0x0000448c addiu v0, v0, 0x3aa0 | v0 += fcn.00003aa0;
0x00004490 sw v0, 0x28(sp) | *(var_28h) = v0;
| do {
| label_0:
0x00004494 lw t9, -0x7e94(gp) | t9 = sym.imp.readdir;
| label_2:
0x00004498 move a0, s5 | a0 = s5;
0x0000449c jalr t9 | t9 ();
0x000044a0 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x000044a4 beqz v0, 0x4734 | goto label_8;
| }
0x000044a8 addiu a0, zero, 1 | a0 = 1;
0x000044ac lw t9, -0x7f88(gp) | t9 = sym.imp.strcmp;
| if (s4 == a0) {
0x000044b0 beq s4, a0, 0x4734 | goto label_8;
| }
0x000044b4 addiu s1, v0, 0xb | s1 = v0 + 0xb;
0x000044b8 addiu a1, s7, 0x6d1c | a1 = s7 + 0x6d1c;
0x000044bc move a0, s1 | a0 = s1;
0x000044c0 jalr t9 | t9 ();
0x000044c4 lw gp, 0x18(sp) | gp = *(var_18h);
0x000044c8 beqz v0, 0x4494 |
| } while (v0 == 0);
0x000044cc lw v0, 0x20(sp) | v0 = *(var_20h_2);
0x000044d0 lw t9, -0x7f88(gp) | t9 = sym.imp.strcmp;
0x000044d4 addiu a1, v0, 0x6d40 | a1 = v0 + 0x6d40;
0x000044d8 move a0, s1 | a0 = s1;
0x000044dc jalr t9 | t9 ();
0x000044e0 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x000044e4 beqz v0, 0x4494 | goto label_0;
| }
0x000044e8 lw t9, -0x7ed8(gp) | t9 = sym.imp.strlen;
0x000044ec move a0, s1 | a0 = s1;
0x000044f0 jalr t9 | t9 ();
0x000044f4 lb a1, (s3) | a1 = *(s3);
0x000044f8 addiu a0, zero, 0x2e | a0 = 0x2e;
0x000044fc lw gp, 0x18(sp) | gp = *(var_18h);
0x00004500 move s2, v0 | s2 = v0;
| if (a1 == a0) {
0x00004504 bne a1, a0, 0x4514 |
0x00004508 lb v0, 1(s3) | v0 = *((s3 + 1));
| if (v0 == 0) {
0x0000450c beql v0, zero, 0x46c8 | goto label_9;
| }
0x00004510 addiu s2, s2, 1 | s2++;
| }
0x00004514 lw t9, -0x7ed8(gp) | t9 = sym.imp.strlen;
0x00004518 move a0, s3 | a0 = s3;
0x0000451c jalr t9 | t9 ();
0x00004520 addiu s2, s2, 2 | s2 += 2;
0x00004524 addu s2, s2, v0 | s2 += v0;
0x00004528 slt v0, fp, s2 | v0 = (fp < s2) ? 1 : 0;
0x0000452c lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != 0) {
0x00004530 bnez v0, 0x4548 | goto label_10;
| }
0x00004534 move t0, s0 | t0 = s0;
0x00004538 b 0x463c | goto label_11;
| do {
0x0000453c slt v0, fp, s2 | v0 = (fp < s2) ? 1 : 0;
0x00004540 move s0, t0 | s0 = t0;
| if (v0 == 0) {
0x00004544 beqz v0, 0x463c | goto label_11;
| }
| label_10:
0x00004548 lw t9, -0x7e58(gp) | t9 = sym.imp.realloc;
0x0000454c addiu fp, fp, 0x20 | fp += 0x20;
0x00004550 move a1, fp | a1 = fp;
0x00004554 move a0, s0 | a0 = s0;
0x00004558 jalr t9 | t9 ();
0x0000455c move t0, v0 | t0 = v0;
0x00004560 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004564 bnez v0, 0x453c |
| } while (v0 != 0);
0x00004568 lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
| label_3:
0x0000456c lw t9, -0x7fd8(gp) | t9 = *((gp - 8182));
0x00004570 addiu a1, a1, 0x6d04 | a1 += str.Memory_allocation_failed.;
0x00004574 addiu t9, t9, 0x3aa0 | t9 += fcn.00003aa0;
0x00004578 addiu a0, zero, 3 | a0 = 3;
0x0000457c bal 0x3aa0 | fcn_00003aa0 ();
0x00004580 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004584 move a0, s0 | a0 = s0;
0x00004588 lw t9, -0x7e9c(gp) | t9 = sym.imp.free;
0x0000458c addiu s4, zero, 1 | s4 = 1;
0x00004590 jalr t9 | t9 ();
0x00004594 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004598 lw t9, -0x7f08(gp) | t9 = sym.imp.closedir;
0x0000459c move a0, s5 | a0 = s5;
0x000045a0 jalr t9 | t9 ();
0x000045a4 lw gp, 0x18(sp) | gp = *(var_18h);
| do {
| label_1:
0x000045a8 lw a0, 0xcc(sp) | a0 = *(var_cch);
0x000045ac lw v1, (s6) | v1 = *(s6);
0x000045b0 move v0, s4 | v0 = s4;
| if (a0 != v1) {
0x000045b4 bne a0, v1, 0x47b0 | goto label_12;
| }
0x000045b8 lw ra, 0xf4(sp) | ra = *(var_f4h);
0x000045bc lw fp, 0xf0(sp) | fp = *(var_f0h);
0x000045c0 lw s7, 0xec(sp) | s7 = *(var_ech);
0x000045c4 lw s6, 0xe8(sp) | s6 = *(var_e8h);
0x000045c8 lw s5, 0xe4(sp) | s5 = *(var_e4h);
0x000045cc lw s4, 0xe0(sp) | s4 = *(var_e0h);
0x000045d0 lw s3, 0xdc(sp) | s3 = *(var_dch);
0x000045d4 lw s2, 0xd8(sp) | s2 = *(var_d8h);
0x000045d8 lw s1, 0xd4(sp) | s1 = *(var_d4h);
0x000045dc lw s0, 0xd0(sp) | s0 = *(var_d0h);
0x000045e0 addiu sp, sp, 0xf8 |
0x000045e4 jr ra | return v0;
| label_7:
0x000045e8 lw t9, -0x7e30(gp) | t9 = sym.imp.__errno_location;
0x000045ec jalr t9 | t9 ();
0x000045f0 nop |
0x000045f4 lw v1, (v0) | v1 = *(v0);
0x000045f8 addiu v0, zero, 0x14 | v0 = 0x14;
0x000045fc lw gp, 0x18(sp) | gp = *(var_18h);
| if (v1 == v0) {
0x00004600 beq v1, v0, 0x4718 | goto label_13;
| }
0x00004604 lw a2, -0x7fd8(gp) | a2 = *((gp - 8182));
0x00004608 lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x0000460c lw t9, -0x7fd8(gp) | t9 = *((gp - 8182));
0x00004610 move a3, s3 | a3 = s3;
0x00004614 addiu a2, a2, 0x7b84 | a2 += str.handle_upgrade_dynamicfile;
0x00004618 addiu a1, a1, 0x6d20 | a1 += str._s:_Failed_to_opendir__s_:__m;
0x0000461c addiu t9, t9, 0x3aa0 | t9 += fcn.00003aa0;
0x00004620 addiu a0, zero, 3 | a0 = 3;
0x00004624 bal 0x3aa0 | fcn_00003aa0 ();
0x00004628 addiu s4, zero, 2 | s4 = 2;
0x0000462c lw gp, 0x18(sp) | gp = *(var_18h);
0x00004630 b 0x45a8 |
| } while (1);
| label_6:
0x00004634 addiu s4, zero, 2 | s4 = 2;
0x00004638 b 0x45a8 | goto label_1;
| label_11:
0x0000463c lw v0, 0x24(sp) | v0 = *(var_24h_2);
0x00004640 lw t9, -0x7f6c(gp) | t9 = sym.imp.__sprintf_chk;
0x00004644 sw s1, 0x14(sp) | *(var_14h) = s1;
0x00004648 sw s3, 0x10(sp) | *(var_10h_2) = s3;
| if (v0 == 0) {
0x0000464c beqz v0, 0x470c | goto label_14;
| }
0x00004650 lw a3, -0x7fd8(gp) | a3 = *((gp - 8182));
0x00004654 addiu a3, a3, 0x6d4c | a3 += str._s_s;
| label_4:
0x00004658 move a0, t0 | a0 = t0;
0x0000465c sw t0, 0x34(sp) | *(var_34h) = t0;
0x00004660 addiu a2, zero, -1 | a2 = -1;
0x00004664 addiu a1, zero, 1 | a1 = 1;
0x00004668 jalr t9 | t9 ();
0x0000466c lw t0, 0x34(sp) | t0 = *(var_34h);
0x00004670 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004674 move s0, t0 | s0 = t0;
| label_5:
0x00004678 lw t9, -0x7e50(gp) | t9 = sym.imp.__lxstat;
0x0000467c addiu a2, sp, 0x3c | a2 = sp + 0x3c;
0x00004680 move a1, s0 | a1 = s0;
0x00004684 addiu a0, zero, 3 | a0 = 3;
0x00004688 jalr t9 | t9 ();
0x0000468c lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x00004690 bltz v0, 0x4774 | goto label_15;
| }
0x00004694 lw v0, 0x50(sp) | v0 = *(var_50h);
0x00004698 ori a0, zero, 0x8000 | a0 = 0x8000;
0x0000469c andi v0, v0, 0xf000 | v0 &= 0xf000;
0x000046a0 addiu a0, zero, 0x4000 | a0 = 0x4000;
| if (v0 == a0) {
0x000046a4 beq v0, a0, 0x4798 | goto label_16;
| }
0x000046a8 lw t9, -0x7e94(gp) | t9 = sym.imp.readdir;
| if (v0 != a0) {
0x000046ac bne v0, a0, 0x4498 | goto label_2;
| }
0x000046b0 lw t9, 0x30(sp) | t9 = *(var_30h);
0x000046b4 move a0, s0 | a0 = s0;
0x000046b8 jalr t9 | t9 ();
0x000046bc move s4, v0 | s4 = v0;
0x000046c0 lw gp, 0x18(sp) | gp = *(var_18h);
0x000046c4 b 0x4494 | goto label_0;
| label_9:
0x000046c8 slt v0, fp, s2 | v0 = (fp < s2) ? 1 : 0;
0x000046cc lw t9, -0x7e58(gp) | t9 = sym.imp.realloc;
| if (v0 != 0) {
0x000046d0 bnez v0, 0x46ec | goto label_17;
| }
0x000046d4 move v0, s0 | v0 = s0;
0x000046d8 b 0x4758 | goto label_18;
| do {
0x000046dc slt a1, fp, s2 | a1 = (fp < s2) ? 1 : 0;
0x000046e0 move s0, v0 | s0 = v0;
| if (a1 == 0) {
0x000046e4 beqz a1, 0x4758 | goto label_18;
| }
0x000046e8 lw t9, -0x7e58(gp) | t9 = sym.imp.realloc;
| label_17:
0x000046ec addiu fp, fp, 0x20 | fp += 0x20;
0x000046f0 move a1, fp | a1 = fp;
0x000046f4 move a0, s0 | a0 = s0;
0x000046f8 jalr t9 | t9 ();
0x000046fc lw gp, 0x18(sp) | gp = *(var_18h);
0x00004700 bnez v0, 0x46dc |
| } while (v0 != 0);
0x00004704 lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x00004708 b 0x456c | goto label_3;
| label_14:
0x0000470c lw a3, -0x7fd8(gp) | a3 = *((gp - 8182));
0x00004710 addiu a3, a3, 0x6d44 | a3 += str._s__s;
0x00004714 b 0x4658 | goto label_4;
| label_13:
0x00004718 lw t9, -0x7fd8(gp) | t9 = *((gp - 8182));
0x0000471c addiu t9, t9, 0x40e4 | t9 += fcn.000040e4;
0x00004720 move a0, s3 | a0 = s3;
0x00004724 bal 0x40e4 | fcn_000040e4 ();
0x00004728 move s4, v0 | s4 = v0;
0x0000472c lw gp, 0x18(sp) | gp = *(var_18h);
0x00004730 b 0x45a8 | goto label_1;
| label_8:
0x00004734 lw t9, -0x7e9c(gp) | t9 = sym.imp.free;
0x00004738 move a0, s0 | a0 = s0;
0x0000473c jalr t9 | t9 ();
0x00004740 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004744 lw t9, -0x7f08(gp) | t9 = sym.imp.closedir;
0x00004748 move a0, s5 | a0 = s5;
0x0000474c jalr t9 | t9 ();
0x00004750 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004754 b 0x45a8 | goto label_1;
| label_18:
0x00004758 lw t9, -0x7eec(gp) | t9 = sym.imp.strcpy
0x0000475c move a1, s1 | a1 = s1;
0x00004760 move a0, v0 | a0 = v0;
0x00004764 move s0, v0 | s0 = v0;
0x00004768 jalr t9 | t9 ();
0x0000476c lw gp, 0x18(sp) | gp = *(var_18h);
0x00004770 b 0x4678 | goto label_5;
| label_15:
0x00004774 lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x00004778 lw t9, 0x28(sp) | t9 = *(var_28h);
0x0000477c move a2, s0 | a2 = s0;
0x00004780 addiu a1, a1, 0x6d54 | a1 += str.Failed_to_stat_lstat__s:__m;
0x00004784 addiu a0, zero, 3 | a0 = 3;
0x00004788 jalr t9 | t9 ();
0x0000478c addiu s4, zero, 2 | s4 = 2;
0x00004790 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004794 b 0x4494 | goto label_0;
| label_16:
0x00004798 lw t9, 0x2c(sp) | t9 = *(var_2ch);
0x0000479c move a0, s0 | a0 = s0;
0x000047a0 jalr t9 | t9 ();
0x000047a4 move s4, v0 | s4 = v0;
0x000047a8 lw gp, 0x18(sp) | gp = *(var_18h);
0x000047ac b 0x4494 | goto label_0;
| label_12:
0x000047b0 lw t9, -0x7f24(gp) | t9 = sym.imp.__stack_chk_fail;
0x000047b4 jalr t9 | t9 ();
0x000047b8 nop |
0x000047bc lui gp, 2 |
0x000047c0 addiu gp, gp, -0x46bc |
0x000047c4 addu gp, gp, t9 | gp += t9;
0x000047c8 addiu sp, sp, -0x28 |
0x000047cc sw gp, 0x10(sp) | *(var_10h) = gp;
0x000047d0 sw s1, 0x20(sp) | *(var_20h) = s1;
0x000047d4 sw s0, 0x1c(sp) | *(var_1ch) = s0;
0x000047d8 sw ra, 0x24(sp) | *(var_24h) = ra;
0x000047dc move s1, a0 | s1 = a0;
0x000047e0 addiu s0, zero, 0x5f | s0 = 0x5f;
0x000047e4 b 0x47f0 |
| while (v0 != 0) {
0x000047e8 addiu a0, v0, 1 | a0 = v0 + 1;
0x000047ec sb s0, (v0) | *(v0) = s0;
0x000047f0 lw t9, -0x7e64(gp) | t9 = sym.imp.strchr;
0x000047f4 addiu a1, zero, 0x2e | a1 = 0x2e;
0x000047f8 jalr t9 | t9 ();
0x000047fc lw gp, 0x10(sp) | gp = *(var_10h);
0x00004800 bnez v0, 0x47e8 |
| }
0x00004804 lw ra, 0x24(sp) | ra = *(var_24h);
0x00004808 move v0, s1 | v0 = s1;
0x0000480c lw s0, 0x1c(sp) | s0 = *(var_1ch);
0x00004810 lw s1, 0x20(sp) | s1 = *(var_20h);
0x00004814 addiu sp, sp, 0x28 |
0x00004818 jr ra | return v0;
| }
[*] Function strcpy used 2 times parhandclient
