[*] Binary protection state of tapestat
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of tapestat
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/tapestat @ 0x633c */
| #include <stdint.h>
|
; (fcn) sym.get_persistent_names () | void get_persistent_names () {
| label_2:
0x0000633c lui gp, 2 |
0x00006340 addiu gp, gp, -0x428c |
0x00006344 addu gp, gp, t9 | gp += t9;
0x00006348 lw v0, -0x7dc4(gp) | v0 = *((gp - 8049));
0x0000634c addiu sp, sp, -0x58 |
0x00006350 lw a0, -0x7f14(gp) | a0 = *(gp);
0x00006354 sw v0, 0x20(sp) | *(var_20h) = v0;
0x00006358 lw v0, (v0) | v0 = *(v0);
0x0000635c lw t9, -0x7f18(gp) | t9 = sym.get_persistent_type_dir;
0x00006360 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00006364 sw ra, 0x54(sp) | *(var_54h) = ra;
0x00006368 sw fp, 0x50(sp) | *(var_50h) = fp;
0x0000636c sw s7, 0x4c(sp) | *(var_4ch) = s7;
0x00006370 sw s6, 0x48(sp) | *(var_48h) = s6;
0x00006374 sw s5, 0x44(sp) | *(var_44h) = s5;
0x00006378 sw s4, 0x40(sp) | *(var_40h) = s4;
0x0000637c sw s3, 0x3c(sp) | *(var_3ch) = s3;
0x00006380 sw s2, 0x38(sp) | *(var_38h) = s2;
0x00006384 sw s1, 0x34(sp) | *(var_34h) = s1;
0x00006388 sw s0, 0x30(sp) | *(var_30h) = s0;
0x0000638c sw v0, 0x2c(sp) | *(var_2ch) = v0;
0x00006390 bal 0x6200 | sym_get_persistent_type_dir ();
0x00006394 nop |
0x00006398 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x0000639c beqz v0, 0x6538 | goto label_4;
| }
0x000063a0 lw t9, -0x7e54(gp) | t9 = sym.imp.scandir;
0x000063a4 lw a3, -0x7e80(gp) | a3 = *((gp - 8096));
0x000063a8 move a2, zero | a2 = 0;
0x000063ac addiu a1, sp, 0x28 | a1 = sp + 0x28;
0x000063b0 move a0, v0 | a0 = v0;
0x000063b4 jalr t9 | t9 ();
0x000063b8 move s1, v0 | s1 = v0;
0x000063bc lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 < 0) {
0x000063c0 bltz v0, 0x6538 | goto label_4;
| }
0x000063c4 slti v0, v0, 3 | v0 = (v0 < 3) ? 1 : 0;
0x000063c8 lw fp, 0x28(sp) | fp = *(var_28h_2);
| if (v0 == 0) {
0x000063cc beqz v0, 0x6454 | goto label_5;
| }
0x000063d0 move s3, zero | s3 = 0;
| if (s1 == 0) {
0x000063d4 beqz s1, 0x6400 | goto label_6;
| }
| label_0:
0x000063d8 move s0, zero | s0 = 0;
| do {
0x000063dc sll a0, s0, 2 | a0 = s0 << 2;
0x000063e0 lw t9, -0x7dc0(gp) | t9 = sym.imp.free;
0x000063e4 lwx a0, a0(fp) | __asm ("lwx a0, a0(fp)");
0x000063e8 addiu s0, s0, 1 | s0++;
0x000063ec jalr t9 | t9 ();
0x000063f0 slt v0, s0, s1 | v0 = (s0 < s1) ? 1 : 0;
0x000063f4 lw gp, 0x10(sp) | gp = *(var_10h);
0x000063f8 lw fp, 0x28(sp) | fp = *(var_28h_2);
0x000063fc bnez v0, 0x63dc |
| } while (v0 != 0);
| label_6:
0x00006400 lw t9, -0x7dc0(gp) | t9 = sym.imp.free;
0x00006404 move a0, fp | a0 = fp;
0x00006408 jalr t9 | t9 ();
0x0000640c lw gp, 0x10(sp) | gp = *(var_10h);
| label_1:
0x00006410 lw v0, 0x20(sp) | v0 = *(var_20h);
0x00006414 lw a0, 0x2c(sp) | a0 = *(var_2ch);
0x00006418 lw v1, (v0) | v1 = *(v0);
0x0000641c move v0, s3 | v0 = s3;
| if (a0 != v1) {
0x00006420 bne a0, v1, 0x6540 | goto label_7;
| }
0x00006424 lw ra, 0x54(sp) | ra = *(var_54h);
0x00006428 lw fp, 0x50(sp) | fp = *(var_50h);
0x0000642c lw s7, 0x4c(sp) | s7 = *(var_4ch);
0x00006430 lw s6, 0x48(sp) | s6 = *(var_48h);
0x00006434 lw s5, 0x44(sp) | s5 = *(var_44h);
0x00006438 lw s4, 0x40(sp) | s4 = *(var_40h);
0x0000643c lw s3, 0x3c(sp) | s3 = *(var_3ch);
0x00006440 lw s2, 0x38(sp) | s2 = *(var_38h);
0x00006444 lw s1, 0x34(sp) | s1 = *(var_34h);
0x00006448 lw s0, 0x30(sp) | s0 = *(var_30h);
0x0000644c addiu sp, sp, 0x58 |
0x00006450 jr ra | return v0;
| label_5:
0x00006454 lw t9, -0x7eb0(gp) | t9 = sym.imp.calloc;
0x00006458 addiu a1, zero, 4 | a1 = 4;
0x0000645c addiu a0, s1, -1 | a0 = s1 + -1;
0x00006460 jalr t9 | t9 ();
0x00006464 move s3, v0 | s3 = v0;
0x00006468 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x0000646c beqz v0, 0x63d8 | goto label_0;
| }
0x00006470 lw v0, -0x7fd4(gp) | v0 = *((gp - 8181));
0x00006474 sll s5, s1, 2 | s5 = s1 << 2;
0x00006478 addiu v0, v0, -0x6568 | v0 += -0x6568;
0x0000647c sw v0, 0x1c(sp) | *(var_1ch_3) = v0;
0x00006480 lw v0, -0x7fd4(gp) | v0 = *((gp - 8181));
0x00006484 move s7, fp | s7 = fp;
0x00006488 addiu v0, v0, -0x6564 | v0 += -0x6564;
0x0000648c addu s5, s5, fp | s5 += fp;
0x00006490 move s6, zero | s6 = 0;
0x00006494 sw v0, 0x24(sp) | *(var_24h_2) = v0;
0x00006498 lw s0, (s7) | s0 = *(s7);
| do {
0x0000649c lw t9, -0x7da0(gp) | t9 = sym.imp.strcmp;
0x000064a0 addiu s0, s0, 0xb | s0 += 0xb;
0x000064a4 lw a0, 0x1c(sp) | a0 = *(var_1ch_3);
0x000064a8 move a1, s0 | a1 = s0;
0x000064ac jalr t9 | t9 ();
0x000064b0 sll s2, s6, 2 | s2 = s6 << 2;
0x000064b4 lw gp, 0x10(sp) | gp = *(var_10h);
0x000064b8 addu s4, s3, s2 | s4 = s3 + s2;
| if (v0 != 0) {
0x000064bc beqz v0, 0x6524 |
0x000064c0 lw t9, -0x7da0(gp) | t9 = sym.imp.strcmp;
0x000064c4 lw a0, 0x24(sp) | a0 = *(var_24h_2);
0x000064c8 move a1, s0 | a1 = s0;
0x000064cc jalr t9 | t9 ();
0x000064d0 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x000064d4 beqz v0, 0x6524 | goto label_8;
| }
0x000064d8 lw t9, -0x7e30(gp) | t9 = sym.imp.strlen;
0x000064dc move a0, s0 | a0 = s0;
0x000064e0 jalr t9 | t9 ();
0x000064e4 lw gp, 0x10(sp) | gp = *(var_10h);
0x000064e8 addiu a1, zero, 1 | a1 = 1;
0x000064ec lw t9, -0x7eb0(gp) | t9 = sym.imp.calloc;
0x000064f0 addiu a0, v0, 1 | a0 = v0 + 1;
0x000064f4 jalr t9 | t9 ();
0x000064f8 lw gp, 0x10(sp) | gp = *(var_10h);
0x000064fc sw v0, (s4) | *(s4) = v0;
| if (v0 == 0) {
0x00006500 beqz v0, 0x6524 | goto label_8;
| }
0x00006504 lw t9, -0x7e04(gp) | t9 = sym.imp.strcpy
0x00006508 move a1, s0 | a1 = s0;
0x0000650c move a0, v0 | a0 = v0;
0x00006510 jalr t9 | t9 ();
0x00006514 addiu s2, s2, 4 | s2 += 4;
0x00006518 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000651c addiu s6, s6, 1 | s6++;
0x00006520 addu s4, s3, s2 | s4 = s3 + s2;
| }
| label_8:
0x00006524 addiu s7, s7, 4 | s7 += 4;
0x00006528 lw s0, (s7) | s0 = *(s7);
0x0000652c bnel s5, s7, 0x649c |
| } while (s5 == s7);
0x00006530 sw zero, (s4) | *(s4) = 0;
0x00006534 b 0x63d8 | goto label_0;
| label_4:
0x00006538 move s3, zero | s3 = 0;
0x0000653c b 0x6410 | goto label_1;
| label_7:
0x00006540 lw t9, -0x7ddc(gp) | t9 = sym.imp.__stack_chk_fail;
0x00006544 jalr t9 | t9 ();
0x00006548 nop |
0x0000654c lui gp, 2 |
0x00006550 addiu gp, gp, -0x449c |
0x00006554 addu gp, gp, t9 | gp += t9;
0x00006558 addiu sp, sp, -0x1040 |
0x0000655c lw t9, -0x7f10(gp) | t9 = sym.get_persistent_names;
0x00006560 sw s5, 0x1034(sp) | *(var_1034h) = s5;
0x00006564 lw s5, -0x7dc4(gp) | s5 = *((gp - 8049));
0x00006568 sw s2, 0x1028(sp) | *(var_1028h) = s2;
0x0000656c lw s2, -0x7f44(gp) | s2 = *((gp - 8145));
0x00006570 lw v0, (s5) | v0 = *(s5);
0x00006574 sw gp, 0x10(sp) | *(var_10h_2) = gp;
0x00006578 sw s4, 0x1030(sp) | *(var_1030h) = s4;
0x0000657c sw ra, 0x103c(sp) | *(var_103ch) = ra;
0x00006580 sw s6, 0x1038(sp) | *(var_1038h) = s6;
0x00006584 sw s3, 0x102c(sp) | *(var_102ch) = s3;
0x00006588 sw s1, 0x1024(sp) | *(var_1024h) = s1;
0x0000658c sw s0, 0x1020(sp) | *(var_1020h) = s0;
0x00006590 sw v0, 0x101c(sp) | *(var_101ch) = v0;
0x00006594 sb zero, -0x5ca0(s2) | *((s2 - 23712)) = 0;
0x00006598 move s4, a0 | s4 = a0;
0x0000659c bal 0x633c | sym_get_persistent_names ();
| goto label_2;
0x000065a0 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x000065a4 beqz v0, 0x66c0 | goto label_9;
| }
0x000065a8 move s0, v0 | s0 = v0;
0x000065ac move s3, v0 | s3 = v0;
0x000065b0 lw a0, (s0) | a0 = *(s0);
0x000065b4 lw s1, -0x7f0c(gp) | s1 = sym.get_persistent_name_path;
0x000065b8 addiu s6, sp, 0x1c | s6 = sp + 0x1c;
| if (a0 == 0) {
0x000065bc beqz a0, 0x664c | goto label_3;
| }
0x000065c0 move t9, s1 | t9 = s1;
| do {
0x000065c4 bal 0x6290 | sym_get_persistent_name_path ();
0x000065c8 nop |
0x000065cc lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 != 0) {
0x000065d0 beqz v0, 0x663c |
0x000065d4 lw t9, -0x7de8(gp) | t9 = sym.imp.readlink;
0x000065d8 addiu a2, zero, 0x1000 | a2 = 0x1000;
0x000065dc move a1, s6 | a1 = s6;
0x000065e0 move a0, v0 | a0 = v0;
0x000065e4 jalr t9 | t9 ();
0x000065e8 addiu v1, v0, -1 | v1 = v0 + -1;
0x000065ec sltiu v1, v1, 0xfff | v1 = (v1 < 0xfff) ? 1 : 0;
0x000065f0 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v1 == 0) {
0x000065f4 beqz v1, 0x663c | goto label_10;
| }
0x000065f8 addiu v1, sp, 0x1020 | v1 = sp + 0x1020;
0x000065fc addu v0, v1, v0 | v0 = v1 + v0;
0x00006600 lw t9, -0x7e58(gp) | t9 = sym.imp.__xpg_basename;
0x00006604 move a0, s6 | a0 = s6;
0x00006608 sb zero, -0x1004(v0) | *((v0 - 4100)) = 0;
0x0000660c jalr t9 | t9 ();
0x00006610 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x00006614 beqz v0, 0x663c | goto label_10;
| }
0x00006618 lb v1, (v0) | v1 = *(v0);
0x0000661c lw t9, -0x7e90(gp) | t9 = sym.imp.strncmp;
| if (v1 == 0) {
0x00006620 beqz v1, 0x663c | goto label_10;
| }
0x00006624 addiu a2, zero, 0x1000 | a2 = 0x1000;
0x00006628 move a1, s4 | a1 = s4;
0x0000662c move a0, v0 | a0 = v0;
0x00006630 jalr t9 | t9 ();
0x00006634 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x00006638 beqz v0, 0x66c8 | goto label_11;
| }
| }
| label_10:
0x0000663c addiu s0, s0, 4 | s0 += 4;
0x00006640 lw a0, (s0) | a0 = *(s0);
0x00006644 move t9, s1 | t9 = s1;
0x00006648 bnez a0, 0x65c4 |
| } while (a0 != 0);
| label_3:
0x0000664c lw a0, (s3) | a0 = *(s3);
0x00006650 addiu s0, s3, 4 | s0 = s3 + 4;
| if (a0 == 0) {
0x00006654 beqz a0, 0x6670 | goto label_12;
| }
| do {
0x00006658 lw t9, -0x7dc0(gp) | t9 = sym.imp.free;
0x0000665c addiu s0, s0, 4 | s0 += 4;
0x00006660 jalr t9 | t9 ();
0x00006664 lw a0, -4(s0) | a0 = *((s0 - 1));
0x00006668 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x0000666c bnez a0, 0x6658 |
| } while (a0 != 0);
| label_12:
0x00006670 lw t9, -0x7dc0(gp) | t9 = sym.imp.free;
0x00006674 move a0, s3 | a0 = s3;
0x00006678 jalr t9 | t9 ();
0x0000667c lb v0, -0x5ca0(s2) | v0 = *((s2 - 23712));
0x00006680 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x00006684 beqz v0, 0x66c0 | goto label_9;
| }
0x00006688 addiu v0, s2, -0x5ca0 | v0 = s2 + -0x5ca0;
| do {
0x0000668c lw a0, 0x101c(sp) | a0 = *(var_101ch);
0x00006690 lw v1, (s5) | v1 = *(s5);
0x00006694 lw ra, 0x103c(sp) | ra = *(var_103ch);
| if (a0 != v1) {
0x00006698 bne a0, v1, 0x66ec | goto label_13;
| }
0x0000669c lw s6, 0x1038(sp) | s6 = *(var_1038h);
0x000066a0 lw s5, 0x1034(sp) | s5 = *(var_1034h);
0x000066a4 lw s4, 0x1030(sp) | s4 = *(var_1030h);
0x000066a8 lw s3, 0x102c(sp) | s3 = *(var_102ch);
0x000066ac lw s2, 0x1028(sp) | s2 = *(var_1028h);
0x000066b0 lw s1, 0x1024(sp) | s1 = *(var_1024h);
0x000066b4 lw s0, 0x1020(sp) | s0 = *(var_1020h);
0x000066b8 addiu sp, sp, 0x1040 |
0x000066bc jr ra | return v0;
| label_9:
0x000066c0 move v0, zero | v0 = 0;
0x000066c4 b 0x668c |
| } while (1);
| label_11:
0x000066c8 lw t9, -0x7e4c(gp) | t9 = sym.imp.strncpy;
0x000066cc lw a1, (s0) | a1 = *(s0);
0x000066d0 addiu a2, zero, 0x1000 | a2 = 0x1000;
0x000066d4 addiu a0, s2, -0x5ca0 | a0 = s2 + -0x5ca0;
0x000066d8 jalr t9 | t9 ();
0x000066dc addiu v0, s2, -0x5ca0 | v0 = s2 + -0x5ca0;
0x000066e0 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x000066e4 sb zero, 0xfff(v0) | *((v0 + 4095)) = 0;
0x000066e8 b 0x664c | goto label_3;
| label_13:
0x000066ec lw t9, -0x7ddc(gp) | t9 = sym.imp.__stack_chk_fail;
0x000066f0 jalr t9 | t9 ();
0x000066f4 nop |
0x000066f8 lui gp, 2 |
0x000066fc addiu gp, gp, -0x4648 |
0x00006700 addu gp, gp, t9 | gp += t9;
0x00006704 addiu sp, sp, -0x1030 |
0x00006708 lw t9, -0x7f0c(gp) | t9 = sym.get_persistent_name_path;
0x0000670c sw s0, 0x1024(sp) | *(var_1024h_2) = s0;
0x00006710 lw s0, -0x7dc4(gp) | s0 = *((gp - 8049));
0x00006714 sw gp, 0x10(sp) | *(var_10h_3) = gp;
0x00006718 sw ra, 0x102c(sp) | *(var_102ch_2) = ra;
0x0000671c lw v0, (s0) | v0 = *(s0);
0x00006720 sw s1, 0x1028(sp) | *(var_1028h_2) = s1;
0x00006724 sw v0, 0x101c(sp) | *(var_101ch_2) = v0;
0x00006728 bal 0x6290 | sym_get_persistent_name_path ();
0x0000672c nop |
0x00006730 lw gp, 0x10(sp) | gp = *(var_10h_3);
| if (v0 == 0) {
0x00006734 beqz v0, 0x67ac | goto label_14;
| }
0x00006738 lw t9, -0x7de8(gp) | t9 = sym.imp.readlink;
0x0000673c addiu s1, sp, 0x1c | s1 = sp + 0x1c;
0x00006740 addiu a2, zero, 0x1000 | a2 = 0x1000;
0x00006744 move a1, s1 | a1 = s1;
0x00006748 move a0, v0 | a0 = v0;
0x0000674c jalr t9 | t9 ();
0x00006750 addiu v1, v0, -1 | v1 = v0 + -1;
0x00006754 sltiu v1, v1, 0xfff | v1 = (v1 < 0xfff) ? 1 : 0;
0x00006758 lw gp, 0x10(sp) | gp = *(var_10h_3);
| if (v1 == 0) {
0x0000675c beqz v1, 0x67ac | goto label_14;
| }
0x00006760 addiu v1, sp, 0x1020 | v1 = sp + 0x1020;
0x00006764 addu v0, v1, v0 | v0 = v1 + v0;
0x00006768 lw t9, -0x7e58(gp) | t9 = sym.imp.__xpg_basename;
0x0000676c move a0, s1 | a0 = s1;
0x00006770 sb zero, -0x1004(v0) | *((v0 - 4100)) = 0;
0x00006774 jalr t9 | t9 ();
0x00006778 lw gp, 0x10(sp) | gp = *(var_10h_3);
| if (v0 == 0) {
0x0000677c beqz v0, 0x67ac | goto label_14;
| }
0x00006780 lb v1, (v0) | v1 = *(v0);
| if (v1 == 0) {
0x00006784 beql v1, zero, 0x678c | goto label_15;
| }
0x00006788 move v0, zero | v0 = 0;
| do {
| label_15:
0x0000678c lw a0, 0x101c(sp) | a0 = *(var_101ch_2);
0x00006790 lw v1, (s0) | v1 = *(s0);
0x00006794 lw ra, 0x102c(sp) | ra = *(var_102ch_2);
| if (a0 != v1) {
0x00006798 bne a0, v1, 0x67b4 | goto label_16;
| }
0x0000679c lw s1, 0x1028(sp) | s1 = *(var_1028h_2);
0x000067a0 lw s0, 0x1024(sp) | s0 = *(var_1024h_2);
0x000067a4 addiu sp, sp, 0x1030 |
0x000067a8 jr ra | return v0;
| label_14:
0x000067ac move v0, zero | v0 = 0;
0x000067b0 b 0x678c |
| } while (1);
| label_16:
0x000067b4 lw t9, -0x7ddc(gp) | t9 = sym.imp.__stack_chk_fail;
0x000067b8 jalr t9 | t9 ();
0x000067bc nop |
| }
[*] Function strcpy used 2 times tapestat
