[*] Binary protection state of param.cgi-transfer
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function system tear down of param.cgi-transfer
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/param.cgi-transfer @ 0x2788 */
| #include <stdint.h>
|
; (fcn) fcn.00002788 () | void fcn_00002788 () {
0x00002788 lui gp, 2 |
0x0000278c addiu gp, gp, 0x1a68 |
0x00002790 addu gp, gp, t9 | gp += t9;
0x00002794 addiu sp, sp, -0x40 |
0x00002798 sw s4, 0x30(sp) | *(var_30h) = s4;
0x0000279c lw s4, -0x7e70(gp) | s4 = *((gp - 8092));
0x000027a0 sw gp, 0x10(sp) | *(var_10h) = gp;
0x000027a4 sw s5, 0x34(sp) | *(var_34h) = s5;
0x000027a8 lw v0, (s4) | v0 = *(s4);
0x000027ac sw ra, 0x3c(sp) | *(var_3ch) = ra;
0x000027b0 sw s6, 0x38(sp) | *(var_38h) = s6;
0x000027b4 sw s3, 0x2c(sp) | *(var_2ch) = s3;
0x000027b8 sw s2, 0x28(sp) | *(var_28h) = s2;
0x000027bc sw s1, 0x24(sp) | *(var_24h) = s1;
0x000027c0 sw s0, 0x20(sp) | *(var_20h) = s0;
0x000027c4 move s5, a1 | s5 = a1;
0x000027c8 sb zero, 0x1b(sp) | *(var_1bh) = 0;
0x000027cc sw v0, 0x1c(sp) | *(var_1ch) = v0;
0x000027d0 addiu s6, sp, 0x1b | s6 = sp + 0x1b;
| if (a0 != 0) {
0x000027d4 beqz a0, 0x27dc |
0x000027d8 move s6, a0 | s6 = a0;
| }
| if (s5 != 0) {
0x000027dc beql s5, zero, 0x27e4 |
0x000027e0 addiu s5, sp, 0x1b | s5 = sp + 0x1b;
| }
0x000027e4 lw t9, -0x7e54(gp) | t9 = sym.imp.strlen;
0x000027e8 move a0, s6 | a0 = s6;
0x000027ec jalr t9 | t9 ();
0x000027f0 lw gp, 0x10(sp) | gp = *(var_10h);
0x000027f4 move a0, s5 | a0 = s5;
0x000027f8 lw s0, -0x7fd4(gp) | s0 = *(gp);
0x000027fc lw t9, -0x7e54(gp) | t9 = sym.imp.strlen;
0x00002800 addiu s3, v0, 1 | s3 = v0 + 1;
0x00002804 jalr t9 | t9 ();
0x00002808 addiu s2, v0, 1 | s2 = v0 + 1;
0x0000280c lw a0, 4(s0) | a0 = *((s0 + 1));
0x00002810 addu a1, s3, s2 | a1 = s3 + s2;
0x00002814 lw v1, 8(s0) | v1 = *((s0 + 2));
0x00002818 addu a1, a1, a0 | a1 += a0;
0x0000281c slt v1, v1, a1 | v1 = (v1 < a1) ? 1 : 0;
0x00002820 lw gp, 0x10(sp) | gp = *(var_10h);
0x00002824 lw v0, 0xc(s0) | v0 = *((s0 + 3));
| if (v1 != 0) {
0x00002828 beqz v1, 0x2854 |
0x0000282c lw t9, -0x7dc4(gp) | t9 = sym.imp.realloc;
0x00002830 addiu s1, a1, 0x400 | s1 = a1 + 0x400;
0x00002834 move a0, v0 | a0 = v0;
0x00002838 move a1, s1 | a1 = s1;
0x0000283c jalr t9 | t9 ();
0x00002840 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x00002844 beqz v0, 0x28cc | goto label_3;
| }
0x00002848 lw a0, 4(s0) | a0 = *((s0 + 1));
0x0000284c sw v0, 0xc(s0) | *((s0 + 3)) = v0;
0x00002850 sw s1, 8(s0) | *((s0 + 2)) = s1;
| }
0x00002854 lw t9, -0x7e6c(gp) | t9 = sym.imp.strcpy;
0x00002858 move a1, s6 | a1 = s6;
0x0000285c addu a0, v0, a0 | a0 = v0 + a0;
0x00002860 jalr t9 | t9 ();
0x00002864 lw gp, 0x10(sp) | gp = *(var_10h);
0x00002868 lw v0, 4(s0) | v0 = *((s0 + 1));
0x0000286c lw a0, 0xc(s0) | a0 = *((s0 + 3));
0x00002870 addu s3, s3, v0 | s3 += v0;
0x00002874 lw t9, -0x7e6c(gp) | t9 = sym.imp.strcpy;
0x00002878 move a1, s5 | a1 = s5;
0x0000287c addu a0, a0, s3 | a0 += s3;
0x00002880 sw s3, 4(s0) | *((s0 + 1)) = s3;
0x00002884 jalr t9 | t9 ();
0x00002888 lw v0, 4(s0) | v0 = *((s0 + 1));
0x0000288c lw gp, 0x10(sp) | gp = *(var_10h);
0x00002890 addu v0, s2, v0 | v0 = s2 + v0;
0x00002894 sw v0, 4(s0) | *((s0 + 1)) = v0;
| do {
| label_0:
0x00002898 lw a0, 0x1c(sp) | a0 = *(var_1ch);
0x0000289c lw v1, (s4) | v1 = *(s4);
0x000028a0 lw ra, 0x3c(sp) | ra = *(var_3ch);
| if (a0 != v1) {
0x000028a4 bne a0, v1, 0x28f4 | goto label_4;
| }
0x000028a8 lw s6, 0x38(sp) | s6 = *(var_38h);
0x000028ac lw s5, 0x34(sp) | s5 = *(var_34h);
0x000028b0 lw s4, 0x30(sp) | s4 = *(var_30h);
0x000028b4 lw s3, 0x2c(sp) | s3 = *(var_2ch);
0x000028b8 lw s2, 0x28(sp) | s2 = *(var_28h);
0x000028bc lw s1, 0x24(sp) | s1 = *(var_24h);
0x000028c0 lw s0, 0x20(sp) | s0 = *(var_20h);
0x000028c4 addiu sp, sp, 0x40 |
0x000028c8 jr ra | return v0;
| label_3:
0x000028cc lw v0, 8(s0) | v0 = *((s0 + 2));
0x000028d0 lw t9, -0x7e20(gp) | t9 = sym.imp.free;
| if (v0 == 0) {
0x000028d4 bnel v0, zero, 0x28e0 | goto label_5;
| }
0x000028d8 addiu v0, zero, -1 | v0 = -1;
0x000028dc b 0x2898 |
| } while (1);
| label_5:
0x000028e0 lw a0, 0xc(s0) | a0 = *((s0 + 3));
0x000028e4 jalr t9 | t9 ();
0x000028e8 lw gp, 0x10(sp) | gp = *(var_10h);
0x000028ec addiu v0, zero, -1 | v0 = -1;
0x000028f0 b 0x2898 | goto label_0;
| label_4:
0x000028f4 lw t9, -0x7eb0(gp) | t9 = sym.imp.__stack_chk_fail;
0x000028f8 jalr t9 | t9 ();
0x000028fc nop |
0x00002900 lui gp, 2 |
0x00002904 addiu gp, gp, 0x18f0 |
0x00002908 addu gp, gp, t9 | gp += t9;
0x0000290c addiu sp, sp, -0x40 |
0x00002910 lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00002914 sw s1, 0x30(sp) | *(var_30h_2) = s1;
0x00002918 lw s1, -0x7e70(gp) | s1 = *((gp - 8092));
0x0000291c lw t9, -0x7dac(gp) | t9 = sym.imp.cli_getParamOption;
0x00002920 lw a2, -0x7fd0(gp) | a2 = *(gp);
0x00002924 lw v0, (s1) | v0 = *(s1);
0x00002928 sw gp, 0x18(sp) | *(var_18h) = gp;
0x0000292c sw s3, 0x38(sp) | *(var_38h_2) = s3;
0x00002930 sw s2, 0x34(sp) | *(var_34h_2) = s2;
0x00002934 sw s0, 0x2c(sp) | *(var_2ch_2) = s0;
0x00002938 sw ra, 0x3c(sp) | *(var_3ch_2) = ra;
0x0000293c addiu a3, sp, 0x20 | a3 = sp + 0x20;
0x00002940 addiu a1, a1, -0x4bbc | a1 += -0x4bbc;
0x00002944 sw v0, 0x24(sp) | *(var_24h_2) = v0;
0x00002948 sw zero, 0x20(sp) | *(var_20h_2) = 0;
0x0000294c move s3, a0 | s3 = a0;
0x00002950 jalr t9 | t9 ();
0x00002954 lw s0, 0x20(sp) | s0 = *(var_20h_2);
0x00002958 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000295c move s2, v0 | s2 = v0;
| if (s0 == 0) {
0x00002960 beqz s0, 0x29c8 | goto label_6;
| }
0x00002964 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00002968 lw t9, -0x7e80(gp) | t9 = sym.imp.__syslog_chk;
0x0000296c move a3, s0 | a3 = s0;
0x00002970 sw s3, 0x10(sp) | *(var_10h_3) = s3;
0x00002974 addiu a2, a2, -0x6370 | a2 += -0x6370;
0x00002978 addiu a1, zero, 1 | a1 = 1;
0x0000297c addiu a0, zero, 3 | a0 = 3;
0x00002980 jalr t9 | t9 ();
0x00002984 lw gp, 0x18(sp) | gp = *(var_18h);
0x00002988 move s0, zero | s0 = 0;
| do {
| label_1:
0x0000298c lw t9, -0x7e20(gp) | t9 = sym.imp.free;
0x00002990 move a0, s2 | a0 = s2;
0x00002994 jalr t9 | t9 ();
0x00002998 lw a0, 0x24(sp) | a0 = *(var_24h_2);
0x0000299c lw v1, (s1) | v1 = *(s1);
0x000029a0 lw gp, 0x18(sp) | gp = *(var_18h);
0x000029a4 move v0, s0 | v0 = s0;
| if (a0 != v1) {
0x000029a8 bne a0, v1, 0x29f0 | goto label_7;
| }
0x000029ac lw ra, 0x3c(sp) | ra = *(var_3ch_2);
0x000029b0 lw s3, 0x38(sp) | s3 = *(var_38h_2);
0x000029b4 lw s2, 0x34(sp) | s2 = *(var_34h_2);
0x000029b8 lw s1, 0x30(sp) | s1 = *(var_30h_2);
0x000029bc lw s0, 0x2c(sp) | s0 = *(var_2ch_2);
0x000029c0 addiu sp, sp, 0x40 |
0x000029c4 jr ra | return v0;
| label_6:
0x000029c8 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x000029cc beqz v0, 0x298c |
| } while (v0 == 0);
0x000029d0 lw t9, -0x7e30(gp) | t9 = sym.imp.g_strstr_len;
0x000029d4 addiu a2, a2, -0x637c | a2 += -0x637c;
0x000029d8 addiu a1, zero, 8 | a1 = 8;
0x000029dc move a0, v0 | a0 = v0;
0x000029e0 jalr t9 | t9 ();
0x000029e4 sltu s0, zero, v0 | s0 = (0 < v0) ? 1 : 0;
0x000029e8 lw gp, 0x18(sp) | gp = *(var_18h);
0x000029ec b 0x298c | goto label_1;
| label_7:
0x000029f0 lw t9, -0x7eb0(gp) | t9 = sym.imp.__stack_chk_fail;
0x000029f4 jalr t9 | t9 ();
0x000029f8 nop |
0x000029fc lui gp, 2 |
0x00002a00 addiu gp, gp, 0x17f4 |
0x00002a04 addu gp, gp, t9 | gp += t9;
0x00002a08 addiu sp, sp, -0x20 |
0x00002a0c lw t9, -0x7e24(gp) | t9 = sym.imp.access;
0x00002a10 sw s0, 0x18(sp) | *(var_18h_2) = s0;
0x00002a14 lw s0, -0x7fdc(gp) | s0 = *((gp - 8183));
0x00002a18 sw gp, 0x10(sp) | *(var_10h_2) = gp;
0x00002a1c sw ra, 0x1c(sp) | *(var_1ch_2) = ra;
0x00002a20 move a1, zero | a1 = 0;
0x00002a24 addiu a0, s0, -0x633c | a0 = s0 + -0x633c;
0x00002a28 jalr t9 | t9 ();
0x00002a2c addiu v1, zero, -1 | v1 = -1;
0x00002a30 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == v1) {
0x00002a34 beq v0, v1, 0x2a4c | goto label_8;
| }
0x00002a38 addiu v0, zero, 1 | v0 = 1;
| do {
| label_2:
0x00002a3c lw ra, 0x1c(sp) | ra = *(var_1ch_2);
0x00002a40 lw s0, 0x18(sp) | s0 = *(var_18h_2);
0x00002a44 addiu sp, sp, 0x20 |
0x00002a48 jr ra | return v0;
| label_8:
0x00002a4c lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00002a50 lw t9, -0x7de4(gp) | t9 = sym.imp.system
0x00002a54 addiu a0, a0, -0x631c | a0 += -0x631c;
0x00002a58 jalr t9 | t9 ();
0x00002a5c lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 != 0) {
0x00002a60 beqz v0, 0x2a78 |
0x00002a64 lw ra, 0x1c(sp) | ra = *(var_1ch_2);
0x00002a68 lw s0, 0x18(sp) | s0 = *(var_18h_2);
0x00002a6c move v0, zero | v0 = 0;
0x00002a70 addiu sp, sp, 0x20 |
0x00002a74 jr ra | return v0;
| }
0x00002a78 lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00002a7c lw t9, -0x7ec4(gp) | t9 = sym.imp.fopen;
0x00002a80 addiu a1, a1, -0x5b10 | a1 += -0x5b10;
0x00002a84 addiu a0, s0, -0x633c | a0 = s0 + -0x633c;
0x00002a88 jalr t9 | t9 ();
0x00002a8c lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x00002a90 beqz v0, 0x2aa8 | goto label_9;
| }
0x00002a94 lw t9, -0x7e4c(gp) | t9 = sym.imp.fclose;
0x00002a98 move a0, v0 | a0 = v0;
0x00002a9c jalr t9 | t9 ();
0x00002aa0 addiu v0, zero, 1 | v0 = 1;
0x00002aa4 b 0x2a3c |
| } while (1);
| label_9:
0x00002aa8 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00002aac lw t9, -0x7e80(gp) | t9 = sym.imp.__syslog_chk;
0x00002ab0 addiu a2, a2, -0x62f0 | a2 += -0x62f0;
0x00002ab4 addiu a1, zero, 1 | a1 = 1;
0x00002ab8 addiu a0, zero, 4 | a0 = 4;
0x00002abc jalr t9 | t9 ();
0x00002ac0 addiu v0, zero, 1 | v0 = 1;
0x00002ac4 b 0x2a3c | goto label_2;
| }
[*] Function system used 2 times param.cgi-transfer
