[*] Binary protection state of rtspwssession.cgi
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of rtspwssession.cgi
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/html/axis-cgi/rtspwssession.cgi @ 0xe60 */
| #include <stdint.h>
|
; (fcn) sym.remove_old_sessions () | void remove_old_sessions () {
0x00000e60 lui gp, 2 |
0x00000e64 addiu gp, gp, -0x6e50 |
0x00000e68 addu gp, gp, t9 | gp += t9;
0x00000e6c addiu sp, sp, -0x100 |
0x00000e70 lw t9, -0x7fac(gp) | t9 = sym.imp.opendir;
0x00000e74 sw s6, 0xf0(sp) | *(var_f0h) = s6;
0x00000e78 lw s6, -0x7f54(gp) | s6 = *((gp - 8149));
0x00000e7c sw fp, 0xf8(sp) | *(var_f8h) = fp;
0x00000e80 sw s4, 0xe8(sp) | *(var_e8h) = s4;
0x00000e84 move fp, sp | fp = sp;
0x00000e88 lw s4, -0x7fdc(gp) | s4 = *((gp - 8183));
0x00000e8c lw v0, (s6) | v0 = *(s6);
0x00000e90 sw gp, 0x20(sp) | *(var_20h) = gp;
0x00000e94 sw ra, 0xfc(sp) | *(var_fch) = ra;
0x00000e98 sw s7, 0xf4(sp) | *(var_f4h) = s7;
0x00000e9c sw s5, 0xec(sp) | *(var_ech) = s5;
0x00000ea0 sw s3, 0xe4(sp) | *(var_e4h) = s3;
0x00000ea4 sw s2, 0xe0(sp) | *(var_e0h) = s2;
0x00000ea8 sw s1, 0xdc(sp) | *(var_dch) = s1;
0x00000eac sw s0, 0xd8(sp) | *(var_d8h) = s0;
0x00000eb0 addiu a0, s4, 0x14ac | a0 = s4 + str._var_run_rtspwssession;
0x00000eb4 sw v0, 0xd4(fp) | *(arg_d4h) = v0;
0x00000eb8 jalr t9 | t9 ();
0x00000ebc nop |
0x00000ec0 lw gp, 0x20(fp) | gp = *(arg_20h);
| if (v0 == 0) {
0x00000ec4 beqz v0, 0x1080 | goto label_7;
| }
0x00000ec8 sw sp, 0x38(fp) |
0x00000ecc addiu sp, sp, -0x30 |
0x00000ed0 move s1, v0 | s1 = v0;
0x00000ed4 addiu v0, sp, 0x20 | v0 = sp + 0x20;
0x00000ed8 sw v0, 0x34(fp) | *(arg_34h) = v0;
0x00000edc lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00000ee0 lw s3, -0x7fdc(gp) | s3 = *((gp - 8183));
0x00000ee4 addiu v0, v0, 0x14cc | v0 += str._s__s;
0x00000ee8 sw v0, 0x3c(fp) | *(arg_3ch) = v0;
0x00000eec lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00000ef0 addiu sp, sp, -0x30 |
0x00000ef4 lw s2, -0x7fdc(gp) | s2 = *((gp - 8183));
0x00000ef8 lw v1, 0x1564(v0) | v1 = *((v0 + 1369));
0x00000efc lw v0, 0x1560(v0) | v0 = *((v0 + 1368));
0x00000f00 addiu s7, sp, 0x20 | s7 = sp + 0x20;
0x00000f04 sw zero, 0x30(fp) | *(arg_30h) = 0;
0x00000f08 move s5, zero | s5 = 0;
0x00000f0c addiu s3, s3, 0x14c8 | s3 += 0x14c8;
0x00000f10 addiu s4, s4, 0x14ac | s4 += str._var_run_rtspwssession;
0x00000f14 sw v0, 0x28(fp) | *(arg_28h) = v0;
0x00000f18 sw v1, 0x2c(fp) | *(arg_2ch) = v1;
| do {
| label_0:
0x00000f1c lw t9, -0x7f9c(gp) | t9 = sym.imp.readdir;
0x00000f20 move a0, s1 | a0 = s1;
0x00000f24 jalr t9 | t9 ();
0x00000f28 lw gp, 0x20(fp) | gp = *(arg_20h);
| if (v0 == 0) {
0x00000f2c beqz v0, 0x1064 | goto label_8;
| }
| label_1:
0x00000f30 lw t9, -0x7f48(gp) | t9 = sym.imp.strcmp;
0x00000f34 addiu s0, v0, 0xb | s0 = v0 + 0xb;
0x00000f38 addiu a1, s2, 0x14c4 | a1 = s2 + 0x14c4;
0x00000f3c move a0, s0 | a0 = s0;
0x00000f40 jalr t9 | t9 ();
0x00000f44 lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000f48 beqz v0, 0xf1c |
| } while (v0 == 0);
0x00000f4c lw t9, -0x7f48(gp) | t9 = sym.imp.strcmp;
0x00000f50 move a1, s3 | a1 = s3;
0x00000f54 move a0, s0 | a0 = s0;
0x00000f58 jalr t9 | t9 ();
0x00000f5c lw gp, 0x20(fp) | gp = *(arg_20h);
| if (v0 == 0) {
0x00000f60 beqz v0, 0xf1c | goto label_0;
| }
0x00000f64 sw s0, 0x18(sp) | *(var_18h) = s0;
0x00000f68 sw s4, 0x14(sp) | *(var_14h) = s4;
0x00000f6c lw v0, 0x3c(fp) | v0 = *(arg_3ch);
0x00000f70 lw t9, -0x7f44(gp) | t9 = sym.imp.__snprintf_chk;
0x00000f74 sw v0, 0x10(sp) | *(var_10h) = v0;
0x00000f78 addiu a3, zero, 0x30 | a3 = 0x30;
0x00000f7c addiu a2, zero, 1 | a2 = 1;
0x00000f80 addiu a1, zero, 0x30 | a1 = 0x30;
0x00000f84 move a0, s7 | a0 = s7;
0x00000f88 jalr t9 | t9 ();
0x00000f8c slti v0, v0, 0x30 | v0 = (v0 < 0x30) ? 1 : 0;
0x00000f90 lw gp, 0x20(fp) | gp = *(arg_20h);
| if (v0 == 0) {
0x00000f94 beqz v0, 0xf1c | goto label_0;
| }
0x00000f98 lw t9, -0x7f68(gp) | t9 = sym.imp.__xstat;
0x00000f9c addiu a2, fp, 0x44 | a2 = fp + 0x44;
0x00000fa0 move a1, s7 | a1 = s7;
0x00000fa4 addiu a0, zero, 3 | a0 = 3;
0x00000fa8 jalr t9 | t9 ();
0x00000fac lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000fb0 lw t9, -0x7f58(gp) | t9 = sym.imp.time;
0x00000fb4 move a0, zero | a0 = 0;
0x00000fb8 jalr t9 | t9 ();
0x00000fbc lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000fc0 lw s0, 0x84(fp) | s0 = *(arg_84h);
0x00000fc4 move a0, v0 | a0 = v0;
0x00000fc8 lw t9, -0x7f8c(gp) | t9 = sym.imp.difftime;
0x00000fcc move a1, s0 | a1 = s0;
0x00000fd0 jalr t9 | t9 ();
0x00000fd4 lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000fd8 lw a2, 0x28(fp) | a2 = *(arg_28h);
0x00000fdc lw a3, 0x2c(fp) | a3 = *(arg_2ch);
0x00000fe0 lw t9, -0x7fd8(gp) | t9 = *((gp - 8182));
0x00000fe4 move a0, v0 | a0 = v0;
0x00000fe8 move a1, v1 | a1 = v1;
0x00000fec bal 0x1110 | fcn_1110 ();
0x00000ff0 lw gp, 0x20(fp) | gp = *(arg_20h);
| if (v0 >= 0) {
0x00000ff4 bgez v0, 0x10e8 | goto label_9;
| }
0x00000ff8 lw t9, -0x7f8c(gp) | t9 = sym.imp.difftime;
| if (s5 == 0) {
0x00000ffc beqz s5, 0x1030 | goto label_10;
| }
0x00001000 lw a0, 0x30(fp) | a0 = *(arg_30h);
0x00001004 move a1, s0 | a1 = s0;
0x00001008 jalr t9 | t9 ();
0x0000100c lw gp, 0x20(fp) | gp = *(arg_20h);
0x00001010 move a2, zero | a2 = 0;
0x00001014 move a3, zero | a3 = 0;
0x00001018 lw t9, -0x7fd8(gp) | t9 = *((gp - 8182));
0x0000101c move a0, v0 | a0 = v0;
0x00001020 move a1, v1 | a1 = v1;
0x00001024 bal 0x1110 | fcn_1110 ();
0x00001028 lw gp, 0x20(fp) | gp = *(arg_20h);
| if (v0 < 0) {
0x0000102c bltz v0, 0xf1c | goto label_0;
| }
| label_10:
0x00001030 lw t9, -0x7f94(gp) | t9 = sym.imp.__strcpy_chk
0x00001034 lw a0, 0x34(fp) | a0 = *(arg_34h);
0x00001038 addiu a2, zero, 0x30 | a2 = 0x30;
0x0000103c move a1, s7 | a1 = s7;
0x00001040 sw s0, 0x30(fp) | *(arg_30h) = s0;
0x00001044 jalr t9 | t9 ();
0x00001048 lw gp, 0x20(fp) | gp = *(arg_20h);
0x0000104c move a0, s1 | a0 = s1;
0x00001050 lw t9, -0x7f9c(gp) | t9 = sym.imp.readdir;
0x00001054 addiu s5, s5, 1 | s5++;
0x00001058 jalr t9 | t9 ();
0x0000105c lw gp, 0x20(fp) | gp = *(arg_20h);
| if (v0 != 0) {
0x00001060 bnez v0, 0xf30 | goto label_1;
| }
| label_8:
0x00001064 slti s5, s5, 5 | s5 = (s5 < 5) ? 1 : 0;
0x00001068 lw t9, -0x7fa8(gp) | t9 = sym.imp.closedir;
| if (s5 == 0) {
0x0000106c beqz s5, 0x10c0 | goto label_11;
| }
0x00001070 move a0, s1 | a0 = s1;
0x00001074 jalr t9 | t9 ();
0x00001078 lw gp, 0x20(fp) | gp = *(arg_20h);
0x0000107c lw sp, 0x38(fp) |
| do {
| label_7:
0x00001080 lw v1, 0xd4(fp) | v1 = *(arg_d4h);
0x00001084 lw v0, (s6) | v0 = *(s6);
0x00001088 lw ra, 0xfc(fp) | ra = *(arg_fch);
| if (v1 != v0) {
0x0000108c bne v1, v0, 0x10fc | goto label_12;
| }
0x00001090 move sp, fp |
0x00001094 lw fp, 0xf8(sp) | fp = *(var_f8h);
0x00001098 lw s7, 0xf4(sp) | s7 = *(var_f4h);
0x0000109c lw s6, 0xf0(sp) | s6 = *(var_f0h);
0x000010a0 lw s5, 0xec(sp) | s5 = *(var_ech);
0x000010a4 lw s4, 0xe8(sp) | s4 = *(var_e8h);
0x000010a8 lw s3, 0xe4(sp) | s3 = *(var_e4h);
0x000010ac lw s2, 0xe0(sp) | s2 = *(var_e0h);
0x000010b0 lw s1, 0xdc(sp) | s1 = *(var_dch);
0x000010b4 lw s0, 0xd8(sp) | s0 = *(var_d8h);
0x000010b8 addiu sp, sp, 0x100 |
0x000010bc jr ra | return v0;
| label_11:
0x000010c0 lw t9, -0x7f64(gp) | t9 = sym.imp.unlink;
0x000010c4 lw a0, 0x34(fp) | a0 = *(arg_34h);
0x000010c8 jalr t9 | t9 ();
0x000010cc lw gp, 0x20(fp) | gp = *(arg_20h);
0x000010d0 lw t9, -0x7fa8(gp) | t9 = sym.imp.closedir;
0x000010d4 move a0, s1 | a0 = s1;
0x000010d8 jalr t9 | t9 ();
0x000010dc lw gp, 0x20(fp) | gp = *(arg_20h);
0x000010e0 lw sp, 0x38(fp) |
0x000010e4 b 0x1080 |
| } while (1);
| label_9:
0x000010e8 lw t9, -0x7f64(gp) | t9 = sym.imp.unlink;
0x000010ec move a0, s7 | a0 = s7;
0x000010f0 jalr t9 | t9 ();
0x000010f4 lw gp, 0x20(fp) | gp = *(arg_20h);
0x000010f8 b 0xf1c | goto label_0;
| label_12:
0x000010fc lw t9, -0x7f60(gp) | t9 = sym.imp.__stack_chk_fail;
0x00001100 jalr t9 | t9 ();
0x00001104 nop |
0x00001108 nop |
0x0000110c nop |
0x00001110 ext v1, a1, 0x14, 0xb | __asm ("ext v1, a1, 0x14, 0xb");
0x00001114 addiu t1, zero, 0x7ff | t1 = 0x7ff;
0x00001118 ext t2, a1, 0, 0x14 | __asm ("ext t2, a1, 0, 0x14");
0x0000111c ext t3, a3, 0, 0x14 | __asm ("ext t3, a3, 0, 0x14");
0x00001120 srl a1, a1, 0x1f | a1 >>= 0x1f;
0x00001124 ext t0, a3, 0x14, 0xb | __asm ("ext t0, a3, 0x14, 0xb");
0x00001128 srl v0, a3, 0x1f | v0 = a3 >> 0x1f;
| if (v1 == t1) {
0x0000112c beq v1, t1, 0x1174 | goto label_13;
| }
| if (t0 == t1) {
0x00001130 beql t0, t1, 0x1164 | goto label_14;
| }
0x00001134 or a3, t3, a2 | a3 = t3 | a2;
| do {
| if (v1 != 0) {
0x00001138 bnez v1, 0x1188 | goto label_15;
| }
0x0000113c nop |
0x00001140 or a3, t2, a0 | a3 = t2 | a0;
| if (t0 != 0) {
0x00001144 bnez t0, 0x11a4 | goto label_16;
| }
0x00001148 or t1, t3, a2 | t1 = t3 | a2;
| if (t1 != 0) {
0x0000114c bnez t1, 0x11a4 | goto label_16;
| }
0x00001150 nop |
0x00001154 addiu a3, zero, 1 | a3 = 1;
| if (a3 != 0) {
0x00001158 bnez a3, 0x1198 | goto label_4;
| }
| label_2:
0x0000115c move v0, zero | v0 = 0;
0x00001160 jr ra | return v0;
| label_14:
0x00001164 beqz a3, 0x1138 |
| } while (a3 == 0);
0x00001168 nop |
| do {
| label_3:
0x0000116c addiu v0, zero, -2 | v0 = -2;
0x00001170 jr ra | return v0;
| label_13:
0x00001174 or a3, t2, a0 | a3 = t2 | a0;
0x00001178 bnez a3, 0x116c |
| } while (a3 != 0);
0x0000117c nop |
0x00001180 or a3, t3, a2 | a3 = t3 | a2;
| if (t0 == v1) {
0x00001184 beq t0, v1, 0x11f8 | goto label_17;
| }
| label_15:
0x00001188 or a3, t3, a2 | a3 = t3 | a2;
| if (t0 != 0) {
0x0000118c bnez t0, 0x1200 | goto label_18;
| }
0x00001190 addiu a3, zero, 1 | a3 = 1;
| if (a3 != 0) {
0x00001194 bnez a3, 0x1200 | goto label_18;
| }
| do {
| label_4:
0x00001198 addiu v0, zero, -1 | v0 = -1;
| if (a1 != 0) {
0x0000119c movz v0, a3, a1 | v0 = a3;
| }
0x000011a0 jr ra | return v0;
| if (a3 == 0) {
| label_16:
0x000011a4 beqz a3, 0x11e8 | goto label_19;
| }
0x000011a8 nop |
0x000011ac addiu a3, zero, 1 | a3 = 1;
0x000011b0 bne a1, v0, 0x1198 |
| } while (a1 != v0);
0x000011b4 slt v1, v1, t0 | v1 = (v1 < t0) ? 1 : 0;
| label_5:
0x000011b8 addiu v0, zero, -1 | v0 = -1;
| if (v1 != 0) {
0x000011bc bnez v1, 0x11e0 | goto label_6;
| }
0x000011c0 sltu v0, t3, t2 | v0 = (t3 < t2) ? 1 : 0;
0x000011c4 addiu a3, zero, -1 | a3 = -1;
| if (v0 != 0) {
0x000011c8 bnez v0, 0x1224 | goto label_20;
| }
0x000011cc sltu t2, t2, t3 | t2 = (t2 < t3) ? 1 : 0;
| if (t2 == t3) {
0x000011d0 beq t2, t3, 0x1238 | goto label_21;
| }
| if (t2 == 0) {
0x000011d4 beqz t2, 0x115c | goto label_2;
| }
0x000011d8 nop |
0x000011dc addiu v0, zero, -1 | v0 = -1;
| if (a1 == 0) {
| label_6:
0x000011e0 movn v0, a1, a1 | v0 = a1;
| }
0x000011e4 jr ra | return v0;
| if (v0 == 0) {
| label_19:
0x000011e8 beqz v0, 0x1230 | goto label_22;
| }
0x000011ec nop |
0x000011f0 jr ra | return v0;
0x000011f4 nop |
| if (a3 != 0) {
| label_17:
0x000011f8 bnez a3, 0x116c | goto label_3;
| }
0x000011fc nop |
| label_18:
0x00001200 addiu a3, zero, 1 | a3 = 1;
| if (a1 != v0) {
0x00001204 bne a1, v0, 0x1198 | goto label_4;
| }
0x00001208 slt a3, t0, v1 | a3 = (t0 < v1) ? 1 : 0;
| if (a3 == 0) {
0x0000120c beql a3, zero, 0x11b8 | goto label_5;
| }
0x00001210 slt v1, v1, t0 | v1 = (v1 < t0) ? 1 : 0;
| if (v0 != 0) {
0x00001214 bnez v0, 0x1230 | goto label_22;
| }
0x00001218 nop |
0x0000121c addiu v0, zero, 1 | v0 = 1;
0x00001220 jr ra | return v0;
| do {
| label_20:
0x00001224 addiu v0, zero, 1 | v0 = 1;
| if (a1 == 0) {
0x00001228 movn v0, a3, a1 | v0 = a3;
| }
0x0000122c jr ra | return v0;
| label_22:
0x00001230 addiu v0, zero, -1 | v0 = -1;
0x00001234 jr ra | return v0;
| label_21:
0x00001238 sltu v0, a2, a0 | v0 = (a2 < a0) ? 1 : 0;
0x0000123c addiu a3, zero, -1 | a3 = -1;
0x00001240 bnez v0, 0x1224 |
| } while (v0 != 0);
0x00001244 sltu a0, a0, a2 | a0 = (a0 < a2) ? 1 : 0;
| if (a0 == 0) {
0x00001248 beqz a0, 0x115c | goto label_2;
| }
0x0000124c nop |
0x00001250 addiu v0, zero, -1 | v0 = -1;
0x00001254 b 0x11e0 | goto label_6;
| }
[*] Function strcpy used 2 times rtspwssession.cgi
