[*] Binary protection state of lsattr
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of lsattr
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/lsattr @ 0xb50 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
| /* [13] -r-x section size 2528 named .text */
0x00000b50 lui gp, 2 |
0x00000b54 addiu gp, gp, -0x6b30 |
0x00000b58 addu gp, gp, t9 | gp += t9;
0x00000b5c addiu sp, sp, -0x48 |
0x00000b60 sw gp, 0x18(sp) | *(var_18h) = gp;
0x00000b64 sw s1, 0x24(sp) | *(var_24h) = s1;
0x00000b68 sw s0, 0x20(sp) | *(var_20h) = s0;
0x00000b6c sw ra, 0x44(sp) | *(var_44h) = ra;
0x00000b70 sw fp, 0x40(sp) | *(var_40h) = fp;
0x00000b74 sw s7, 0x3c(sp) | *(var_3ch) = s7;
0x00000b78 sw s6, 0x38(sp) | *(var_38h) = s6;
0x00000b7c sw s5, 0x34(sp) | *(var_34h) = s5;
0x00000b80 sw s4, 0x30(sp) | *(var_30h) = s4;
0x00000b84 sw s3, 0x2c(sp) | *(var_2ch) = s3;
0x00000b88 sw s2, 0x28(sp) | *(var_28h) = s2;
0x00000b8c move s1, a0 | s1 = a0;
0x00000b90 move s0, a1 | s0 = a1;
| if (a0 != 0) {
0x00000b94 beqz a0, 0xba8 |
0x00000b98 lw v0, (a1) | v0 = *(a1);
0x00000b9c lw v1, -0x7fdc(gp) | v1 = *((gp - 8183));
| if (v0 == 0) {
0x00000ba0 beqz v0, 0xba8 | goto label_1;
| }
0x00000ba4 sw v0, 0x2010(v1) | *((v1 + 2052)) = v0;
| }
| label_1:
0x00000ba8 lw s2, -0x7fd8(gp) | s2 = *((gp - 8182));
0x00000bac lw s3, -0x7fd8(gp) | s3 = *((gp - 8182));
0x00000bb0 lw fp, -0x7fdc(gp) | fp = *((gp - 8183));
0x00000bb4 lw s7, -0x7fdc(gp) | s7 = *((gp - 8183));
0x00000bb8 lw s6, -0x7fdc(gp) | s6 = *((gp - 8183));
0x00000bbc lw s5, -0x7fdc(gp) | s5 = *((gp - 8183));
0x00000bc0 addiu s2, s2, 0x17e0 | s2 += 0x17e0;
0x00000bc4 addiu s4, zero, 1 | s4 = 1;
0x00000bc8 lw t9, -0x7f8c(gp) | t9 = sym.imp.getopt;
0x00000bcc addiu a2, s3, 0x17a4 | a2 = s3 + str.RVadlvp;
0x00000bd0 move a1, s0 | a1 = s0;
0x00000bd4 move a0, s1 | a0 = s1;
0x00000bd8 jalr t9 | t9 ();
0x00000bdc addiu v1, zero, -1 | v1 = -1;
0x00000be0 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != v1) {
0x00000be4 beq v0, v1, 0xc80 |
0x00000be8 addiu v0, v0, -0x52 | v0 += -0x52;
0x00000bec sltiu v1, v0, 0x25 | v1 = (v0 < 0x25) ? 1 : 0;
0x00000bf0 sll v0, v0, 2 | v0 <<= 2;
| if (v1 != 0) {
0x00000bf4 beqz v1, 0xc4c |
0x00000bf8 lwx v0, v0(s2) | __asm ("lwx v0, v0(s2)");
0x00000bfc addu v0, v0, gp | v0 += gp;
0x00000c00 jr v0 | v0 ();
0x00000c04 nop |
| }
0x00000c4c lw v0, -0x7f4c(gp) | v0 = *((gp - 8147));
0x00000c50 lw a2, -0x7fd8(gp) | a2 = *((gp - 8182));
0x00000c54 lw t9, -0x7fa8(gp) | t9 = sym.imp.__fprintf_chk
0x00000c58 lw a0, (v0) | a0 = *(v0);
0x00000c5c lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00000c60 addiu a2, a2, 0x1780 | a2 += str.Usage:__s___RVadlpv___files...__n;
0x00000c64 addiu a1, zero, 1 | a1 = 1;
0x00000c68 lw a3, 0x2010(v0) | a3 = *((v0 + 2052));
0x00000c6c jalr t9 | t9 ();
0x00000c70 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000c74 lw t9, -0x7f80(gp) | t9 = sym.imp.exit;
0x00000c78 addiu a0, zero, 1 | a0 = 1;
0x00000c7c jalr t9 | t9 ();
| }
0x00000c80 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00000c84 lw v0, 0x2108(v0) | v0 = *((v0 + 2114));
0x00000c88 lw v0, -0x7f4c(gp) | v0 = *((gp - 8147));
| if (v0 != 0) {
0x00000c8c bnez v0, 0xce8 | goto label_2;
| }
| label_0:
0x00000c90 lw v0, -0x7f64(gp) | v0 = *((gp - 8153));
0x00000c94 lw s2, (v0) | s2 = *(v0);
0x00000c98 slt v0, s2, s1 | v0 = (s2 < s1) ? 1 : 0;
0x00000c9c sll s2, s2, 2 | s2 <<= 2;
| if (v0 == 0) {
0x00000ca0 beqz v0, 0xd1c | goto label_3;
| }
0x00000ca4 lw s3, -0x7fd8(gp) | s3 = *((gp - 8182));
0x00000ca8 sll s1, s1, 2 | s1 <<= 2;
0x00000cac addu s2, s0, s2 | s2 = s0 + s2;
0x00000cb0 addiu s3, s3, 0x134c | s3 += fcn.0000134c;
0x00000cb4 addu s0, s0, s1 | s0 += s1;
0x00000cb8 addiu s4, zero, 1 | s4 = 1;
0x00000cbc move s1, zero | s1 = 0;
| do {
0x00000cc0 move t9, s3 | t9 = s3;
0x00000cc4 lw a0, (s2) | a0 = *(s2);
0x00000cc8 bal 0x134c | fcn_0000134c ();
0x00000ccc addiu s2, s2, 4 | s2 += 4;
0x00000cd0 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00000cd4 movn s1, s4, v0 | s1 = s4;
| }
0x00000cd8 bne s0, s2, 0xcc0 |
| } while (s0 != s2);
| do {
0x00000cdc lw t9, -0x7f80(gp) | t9 = sym.imp.exit;
0x00000ce0 move a0, s1 | a0 = s1;
0x00000ce4 jalr t9 | t9 ();
| label_2:
0x00000ce8 lw a3, -0x7fd8(gp) | a3 = *((gp - 8182));
0x00000cec lw a2, -0x7fd8(gp) | a2 = *((gp - 8182));
0x00000cf0 lw a0, (v0) | a0 = *(v0);
0x00000cf4 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x00000cf8 lw t9, -0x7fa8(gp) | t9 = sym.imp.__fprintf_chk
0x00000cfc addiu v0, v0, 0x17c4 | v0 += str.14_Jul_2019;
0x00000d00 sw v0, 0x10(sp) | *(var_10h) = v0;
0x00000d04 addiu a3, a3, 0x17ac | a3 += str.1.45.3;
0x00000d08 addiu a2, a2, 0x17b4 | a2 += str.lsattr__s___s__n;
0x00000d0c addiu a1, zero, 1 | a1 = 1;
0x00000d10 jalr t9 | t9 ();
0x00000d14 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000d18 b 0xc90 | goto label_0;
| label_3:
0x00000d1c lw a0, -0x7fd8(gp) | a0 = *((gp - 8182));
0x00000d20 lw t9, -0x7fd8(gp) | t9 = *((gp - 8182));
0x00000d24 addiu t9, t9, 0x134c | t9 += fcn.0000134c;
0x00000d28 addiu a0, a0, 0x1758 | a0 += 0x1758;
0x00000d2c bal 0x134c | fcn_0000134c ();
0x00000d30 nor v0, zero, v0 | __asm ("nor v0, zero, v0");
0x00000d34 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000d38 sltiu s1, v0, 1 | s1 = (v0 < 1) ? 1 : 0;
0x00000d3c b 0xcdc |
| } while (1);
| }
[*] Function fprintf used 3 times lsattr
