[*] Binary protection state of sulogin.util-linux
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of sulogin.util-linux
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/sulogin.util-linux @ 0x36fc */
| #include <stdint.h>
|
; (fcn) fcn.000036fc () | void fcn_000036fc () {
0x000036fc lui gp, 2 |
0x00003700 addiu gp, gp, 0x924 |
0x00003704 addu gp, gp, t9 | gp += t9;
0x00003708 addiu sp, sp, -0x40 |
0x0000370c lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00003710 sw s5, 0x38(sp) | *(var_38h) = s5;
0x00003714 lw s5, -0x7dcc(gp) | s5 = *((gp - 8051));
0x00003718 lw v0, 0x4650(v0) | v0 = *((v0 + 4500));
0x0000371c sw gp, 0x10(sp) | *(var_10h_2) = gp;
0x00003720 lw v1, (s5) | v1 = *(s5);
0x00003724 sw s3, 0x30(sp) | *(var_30h_2) = s3;
0x00003728 sw s1, 0x28(sp) | *(var_28h) = s1;
0x0000372c sw ra, 0x3c(sp) | *(var_3ch) = ra;
0x00003730 sw s4, 0x34(sp) | *(var_34h_2) = s4;
0x00003734 sw s2, 0x2c(sp) | *(var_2ch_2) = s2;
0x00003738 sw s0, 0x24(sp) | *(var_24h) = s0;
0x0000373c move s1, a0 | s1 = a0;
0x00003740 move s3, a1 | s3 = a1;
0x00003744 sw v1, 0x1c(sp) | *(var_1ch) = v1;
0x00003748 lw v0, -0x7db0(gp) | v0 = *((gp - 8044));
| if (v0 != 0) {
0x0000374c bnez v0, 0x388c | goto label_3;
| }
| label_1:
0x00003750 lw v0, (s1) | v0 = *(s1);
0x00003754 move s4, zero | s4 = 0;
| if (s1 != v0) {
0x00003758 bne s1, v0, 0x3878 | goto label_4;
| }
0x0000375c lw t9, -0x7e70(gp) | t9 = sym.imp.strlen;
| label_0:
0x00003760 move a0, s3 | a0 = s3;
0x00003764 jalr t9 | t9 ();
0x00003768 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x0000376c addiu a2, v0, 0x69 | a2 = v0 + 0x69;
0x00003770 addiu a1, zero, 4 | a1 = 4;
0x00003774 lw t9, -0x7e8c(gp) | t9 = sym.imp.posix_memalign;
0x00003778 addiu a0, sp, 0x18 | a0 = sp + 0x18;
0x0000377c jalr t9 | t9 ();
0x00003780 move s2, v0 | s2 = v0;
0x00003784 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x00003788 beqz v0, 0x37c4 | goto label_5;
| }
0x0000378c addiu s2, zero, -0xc | s2 = -0xc;
| do {
0x00003790 lw a0, 0x1c(sp) | a0 = *(var_1ch);
0x00003794 lw v1, (s5) | v1 = *(s5);
0x00003798 move v0, s2 | v0 = s2;
| if (a0 != v1) {
0x0000379c bne a0, v1, 0x38d4 | goto label_6;
| }
0x000037a0 lw ra, 0x3c(sp) | ra = *(var_3ch);
0x000037a4 lw s5, 0x38(sp) | s5 = *(var_38h);
0x000037a8 lw s4, 0x34(sp) | s4 = *(var_34h_2);
0x000037ac lw s3, 0x30(sp) | s3 = *(var_30h_2);
0x000037b0 lw s2, 0x2c(sp) | s2 = *(var_2ch_2);
0x000037b4 lw s1, 0x28(sp) | s1 = *(var_28h);
0x000037b8 lw s0, 0x24(sp) | s0 = *(var_24h);
0x000037bc addiu sp, sp, 0x40 |
0x000037c0 jr ra | return v1;
| label_5:
0x000037c4 lw s0, 0x18(sp) | s0 = *(var_18h_2);
0x000037c8 lw v1, 4(s1) | v1 = *((s1 + 1));
0x000037cc addiu a0, zero, 0x7f | a0 = 0x7f;
0x000037d0 sw a0, 0x20(s0) | *((s0 + 8)) = a0;
0x000037d4 addiu a0, zero, 0x15 | a0 = 0x15;
0x000037d8 addiu v0, s0, 0x68 | v0 = s0 + 0x68;
0x000037dc lw t9, -0x7e1c(gp) | t9 = sym.imp.strcpy
0x000037e0 sw a0, 0x24(s0) | *((s0 + 9)) = a0;
0x000037e4 addiu a0, zero, 0x12 | a0 = 0x12;
0x000037e8 sw a0, 0x28(s0) | *((s0 + 10)) = a0;
0x000037ec sw zero, 0x2c(s0) | *((s0 + 11)) = 0;
0x000037f0 sw zero, 0x30(s0) | *((s0 + 12)) = 0;
0x000037f4 sw s0, 4(s1) | *((s1 + 1)) = s0;
0x000037f8 sw s1, (s0) | *(s0) = s1;
0x000037fc sw v1, 4(s0) | *((s0 + 1)) = v1;
0x00003800 move a1, s3 | a1 = s3;
0x00003804 sw s0, (v1) | *(v1) = s0;
0x00003808 move a0, v0 | a0 = v0;
0x0000380c sw v0, 8(s0) | *((s0 + 2)) = v0;
0x00003810 jalr t9 | t9 ();
0x00003814 addiu v0, zero, -1 | v0 = -1;
0x00003818 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x0000381c sw zero, 0xc(s0) | *((s0 + 3)) = 0;
0x00003820 sw zero, 0x10(s0) | *((s0 + 4)) = 0;
0x00003824 sw v0, 0x14(s0) | *((s0 + 5)) = v0;
| if (s4 == 0) {
0x00003828 beqz s4, 0x38cc | goto label_7;
| }
0x0000382c lw v1, 0x18(s4) | v1 = *((s4 + 6));
0x00003830 addiu v1, v1, 1 | v1++;
| label_2:
0x00003834 sw v1, 0x18(s0) | *((s0 + 6)) = v1;
0x00003838 addiu v1, zero, -1 | v1 = -1;
0x0000383c sw v1, 0x1c(s0) | *((s0 + 7)) = v1;
0x00003840 sw zero, 0x34(s0) | *((s0 + 13)) = 0;
0x00003844 sw zero, 0x38(s0) | *((s0 + 14)) = 0;
0x00003848 sw zero, 0x3c(s0) | *((s0 + 15)) = 0;
0x0000384c sw zero, 0x40(s0) | *((s0 + 16)) = 0;
0x00003850 sw zero, 0x44(s0) | *((s0 + 17)) = 0;
0x00003854 sw zero, 0x48(s0) | *((s0 + 18)) = 0;
0x00003858 sw zero, 0x4c(s0) | *((s0 + 19)) = 0;
0x0000385c sw zero, 0x50(s0) | *((s0 + 20)) = 0;
0x00003860 sw zero, 0x54(s0) | *((s0 + 21)) = 0;
0x00003864 sw zero, 0x58(s0) | *((s0 + 22)) = 0;
0x00003868 sw zero, 0x5c(s0) | *((s0 + 23)) = 0;
0x0000386c sw zero, 0x60(s0) | *((s0 + 24)) = 0;
0x00003870 sw zero, 0x64(s0) | *((s0 + 25)) = 0;
0x00003874 b 0x3790 |
| } while (1);
| label_4:
0x00003878 lw s4, 4(s1) | s4 = *((s1 + 1));
0x0000387c lw t9, -0x7e70(gp) | t9 = sym.imp.strlen;
| if (s4 != s1) {
0x00003880 bne s4, s1, 0x3760 | goto label_0;
| }
0x00003884 move s4, zero | s4 = 0;
0x00003888 b 0x3760 | goto label_0;
| label_3:
0x0000388c lw a0, -0x7fd4(gp) | a0 = *((gp - 8181));
0x00003890 lw t9, -0x7e14(gp) | t9 = sym.imp.fwrite;
0x00003894 lw a3, (v0) | a3 = *(v0);
0x00003898 addiu a2, zero, 0x10 | a2 = 0x10;
0x0000389c addiu a1, zero, 1 | a1 = 1;
0x000038a0 addiu a0, a0, -0x4620 | a0 += -0x4620;
0x000038a4 jalr t9 | t9 ();
0x000038a8 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x000038ac move a1, s3 | a1 = s3;
0x000038b0 lw a0, -0x7fd4(gp) | a0 = *((gp - 8181));
0x000038b4 lw t9, -0x7fcc(gp) | t9 = *((gp - 8179));
0x000038b8 addiu t9, t9, 0x45d0 | t9 += fcn.000045d0;
0x000038bc addiu a0, a0, -0x45b0 | a0 += -0x45b0;
0x000038c0 bal 0x45d0 | fcn_000045d0 ();
0x000038c4 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x000038c8 b 0x3750 | goto label_1;
| label_7:
0x000038cc move v1, zero | v1 = 0;
0x000038d0 b 0x3834 | goto label_2;
| label_6:
0x000038d4 lw t9, -0x7df4(gp) | t9 = sym.imp.__stack_chk_fail;
0x000038d8 jalr t9 | t9 ();
0x000038dc nop |
| }
[*] Function strcpy used 2 times sulogin.util-linux
