[*] Binary protection state of mdhcp6
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of mdhcp6
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/mdhcp6 @ 0x1b90 */
| #include <stdint.h>
|
; (fcn) fcn.00001b90 () | void fcn_00001b90 () {
0x00001b90 lui gp, 2 |
0x00001b94 addiu gp, gp, -0x29c0 |
0x00001b98 addu gp, gp, t9 | gp += t9;
0x00001b9c addiu sp, sp, -0x28 |
0x00001ba0 lw t9, -0x7e00(gp) | t9 = sym.imp.fopen;
0x00001ba4 sw s1, 0x20(sp) | *(var_20h) = s1;
0x00001ba8 move s1, a1 | s1 = a1;
0x00001bac lw a1, -0x7fcc(gp) | a1 = *((gp - 8179));
0x00001bb0 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00001bb4 sw ra, 0x24(sp) | *(var_24h) = ra;
0x00001bb8 sw s0, 0x1c(sp) | *(var_1ch) = s0;
0x00001bbc addiu a1, a1, 0x69b4 | a1 += 0x69b4;
0x00001bc0 jalr t9 | t9 ();
0x00001bc4 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 != 0) {
0x00001bc8 beqz v0, 0x1c0c |
0x00001bcc lw a2, -0x7fcc(gp) | a2 = *((gp - 8179));
0x00001bd0 lw t9, -0x7eec(gp) | t9 = sym.imp.__fprintf_chk
0x00001bd4 move a3, s1 | a3 = s1;
0x00001bd8 move a0, v0 | a0 = v0;
0x00001bdc addiu a2, a2, 0x69b8 | a2 += 0x69b8;
0x00001be0 addiu a1, zero, 1 | a1 = 1;
0x00001be4 move s0, v0 | s0 = v0;
0x00001be8 jalr t9 | t9 ();
0x00001bec lw gp, 0x10(sp) | gp = *(var_10h);
0x00001bf0 lw ra, 0x24(sp) | ra = *(var_24h);
0x00001bf4 lw s1, 0x20(sp) | s1 = *(var_20h);
0x00001bf8 move a0, s0 | a0 = s0;
0x00001bfc lw t9, -0x7ed8(gp) | t9 = sym.imp.fclose;
0x00001c00 lw s0, 0x1c(sp) | s0 = *(var_1ch);
0x00001c04 addiu sp, sp, 0x28 |
0x00001c08 jr t9 | t9 ();
| }
0x00001c0c lw ra, 0x24(sp) | ra = *(var_24h);
0x00001c10 lw s1, 0x20(sp) | s1 = *(var_20h);
0x00001c14 lw s0, 0x1c(sp) | s0 = *(var_1ch);
0x00001c18 addiu sp, sp, 0x28 |
0x00001c1c jr ra | return v0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/mdhcp6 @ 0x4a30 */
| #include <stdint.h>
|
; (fcn) sym.lease_sync () | void lease_sync () {
0x00004a30 lui gp, 2 |
0x00004a34 addiu gp, gp, -0x5860 |
0x00004a38 addu gp, gp, t9 | gp += t9;
0x00004a3c addiu sp, sp, -0x88 |
0x00004a40 sw s3, 0x6c(sp) | *(var_6ch) = s3;
0x00004a44 lw s3, -0x7e14(gp) | s3 = *((gp - 8069));
0x00004a48 sw gp, 0x18(sp) | *(var_18h) = gp;
0x00004a4c sw ra, 0x84(sp) | *(var_84h) = ra;
0x00004a50 lw v0, (s3) | v0 = *(s3);
0x00004a54 sw fp, 0x80(sp) | *(var_80h) = fp;
0x00004a58 sw s7, 0x7c(sp) | *(var_7ch) = s7;
0x00004a5c sw s6, 0x78(sp) | *(var_78h) = s6;
0x00004a60 sw s5, 0x74(sp) | *(var_74h) = s5;
0x00004a64 sw s4, 0x70(sp) | *(var_70h) = s4;
0x00004a68 sw s2, 0x68(sp) | *(var_68h) = s2;
0x00004a6c sw s1, 0x64(sp) | *(var_64h) = s1;
0x00004a70 sw s0, 0x60(sp) | *(var_60h) = s0;
0x00004a74 sw v0, 0x5c(sp) | *(var_5ch) = v0;
| if (a0 == 0) {
0x00004a78 beqz a0, 0x4d78 | goto label_2;
| }
0x00004a7c nop |
0x00004a80 lw v0, 0x10(a1) | v0 = *((a1 + 4));
0x00004a84 move s0, a1 | s0 = a1;
| if (v0 == 0) {
0x00004a88 beqz v0, 0x4d78 | goto label_2;
| }
0x00004a8c lw v0, 0x14(a1) | v0 = *((a1 + 5));
0x00004a90 lw t9, -0x7e84(gp) | t9 = sym.imp.strlen;
| if (v0 == 0) {
0x00004a94 beqz v0, 0x4d78 | goto label_2;
| }
0x00004a98 move s4, a0 | s4 = a0;
0x00004a9c jalr t9 | t9 ();
0x00004aa0 move s2, v0 | s2 = v0;
0x00004aa4 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00004aa8 beqz v0, 0x4d78 | goto label_2;
| }
0x00004aac lw t9, -0x7e20(gp) | t9 = sym.imp.memcmp;
0x00004ab0 addiu s6, s0, 0x18 | s6 = s0 + 0x18;
0x00004ab4 addiu s7, s0, 0x38 | s7 = s0 + 0x38;
0x00004ab8 addiu a2, zero, 0x10 | a2 = 0x10;
0x00004abc move a1, s6 | a1 = s6;
0x00004ac0 move a0, s7 | a0 = s7;
0x00004ac4 jalr t9 | t9 ();
0x00004ac8 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004acc addiu fp, sp, 0x2c | fp = sp + 0x2c;
0x00004ad0 move s1, v0 | s1 = v0;
0x00004ad4 lw t9, -0x7ee0(gp) | t9 = sym.imp.inet_ntop;
0x00004ad8 addiu a3, zero, 0x2e | a3 = 0x2e;
0x00004adc move a2, fp | a2 = fp;
0x00004ae0 move a1, s6 | a1 = s6;
0x00004ae4 addiu a0, zero, 0xa | a0 = 0xa;
0x00004ae8 jalr t9 | t9 ();
0x00004aec lw gp, 0x18(sp) | gp = *(var_18h);
| if (s1 == 0) {
0x00004af0 beqz s1, 0x4d78 | goto label_2;
| }
0x00004af4 lw t9, -0x7f08(gp) | t9 = sym.imp.calloc;
0x00004af8 addiu a1, s2, 1 | a1 = s2 + 1;
0x00004afc addiu a0, zero, 1 | a0 = 1;
0x00004b00 jalr t9 | t9 ();
0x00004b04 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004b08 move a2, s2 | a2 = s2;
0x00004b0c move a1, s4 | a1 = s4;
0x00004b10 lw t9, -0x7eb0(gp) | t9 = sym.imp.strncpy;
0x00004b14 move a0, v0 | a0 = v0;
0x00004b18 move s5, v0 | s5 = v0;
0x00004b1c jalr t9 | t9 ();
0x00004b20 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004b24 addiu s1, s2, 5 | s1 = s2 + 5;
0x00004b28 move a1, s1 | a1 = s1;
0x00004b2c lw t9, -0x7f08(gp) | t9 = sym.imp.calloc;
0x00004b30 addiu a0, zero, 1 | a0 = 1;
0x00004b34 jalr t9 | t9 ();
0x00004b38 move s2, v0 | s2 = v0;
0x00004b3c lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00004b40 beqz v0, 0x4d78 | goto label_2;
| }
0x00004b44 lw v0, -0x7fcc(gp) | v0 = *((gp - 8179));
0x00004b48 lw t9, -0x7df0(gp) | t9 = sym.imp.__snprintf_chk;
0x00004b4c addiu v0, v0, 0x6bc4 | v0 += str._s.tmp;
0x00004b50 sw s4, 0x14(sp) | *(var_14h) = s4;
0x00004b54 sw v0, 0x10(sp) | *(var_10h) = v0;
0x00004b58 addiu a3, zero, -1 | a3 = -1;
0x00004b5c addiu a2, zero, 1 | a2 = 1;
0x00004b60 move a1, s1 | a1 = s1;
0x00004b64 move a0, s2 | a0 = s2;
0x00004b68 jalr t9 | t9 ();
0x00004b6c lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x00004b70 bltz v0, 0x4bb4 | goto label_0;
| }
0x00004b74 lw t9, -0x7e3c(gp) | t9 = sym.imp.unlink;
0x00004b78 move a0, s2 | a0 = s2;
0x00004b7c jalr t9 | t9 ();
0x00004b80 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004b84 move a0, s2 | a0 = s2;
0x00004b88 lw a1, -0x7fcc(gp) | a1 = *((gp - 8179));
0x00004b8c lw t9, -0x7e00(gp) | t9 = sym.imp.fopen;
0x00004b90 addiu a1, a1, 0x69b4 | a1 += 0x69b4;
0x00004b94 jalr t9 | t9 ();
0x00004b98 move s1, v0 | s1 = v0;
0x00004b9c lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != 0) {
0x00004ba0 bnez v0, 0x4bdc | goto label_3;
| }
0x00004ba4 lw t9, -0x7e44(gp) | t9 = sym.imp.perror;
0x00004ba8 move a0, s4 | a0 = s4;
0x00004bac jalr t9 | t9 ();
0x00004bb0 lw gp, 0x18(sp) | gp = *(var_18h);
| do {
| label_0:
0x00004bb4 lw t9, -0x7e04(gp) | t9 = *((gp - 8065));
0x00004bb8 move a0, s2 | a0 = s2;
0x00004bbc jalr t9 | t9 ();
0x00004bc0 lw v1, 0x5c(sp) | v1 = *(var_5ch);
0x00004bc4 lw v0, (s3) | v0 = *(s3);
0x00004bc8 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v1 == v0) {
0x00004bcc beq v1, v0, 0x4d40 | goto label_4;
| }
| label_1:
0x00004bd0 lw t9, -0x7e30(gp) | t9 = sym.imp.__stack_chk_fail;
0x00004bd4 jalr t9 | t9 ();
0x00004bd8 nop |
| label_3:
0x00004bdc lw t9, -0x7eb4(gp) | t9 = sym.imp.fileno;
0x00004be0 move a0, v0 | a0 = v0;
0x00004be4 jalr t9 | t9 ();
0x00004be8 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004bec sw v0, 0x24(sp) | *(var_24h) = v0;
0x00004bf0 lw t9, -0x7e34(gp) | t9 = sym.imp.rewind;
0x00004bf4 move a0, s1 | a0 = s1;
0x00004bf8 jalr t9 | t9 ();
0x00004bfc lw gp, 0x18(sp) | gp = *(var_18h);
0x00004c00 move a3, fp | a3 = fp;
0x00004c04 addiu a1, zero, 1 | a1 = 1;
0x00004c08 lw a2, -0x7fcc(gp) | a2 = *((gp - 8179));
0x00004c0c lw t9, -0x7eec(gp) | t9 = sym.imp.__fprintf_chk
0x00004c10 addiu a2, a2, 0x6bcc | a2 += 0x6bcc;
0x00004c14 move a0, s1 | a0 = s1;
0x00004c18 jalr t9 | t9 ();
0x00004c1c lw gp, 0x18(sp) | gp = *(var_18h);
0x00004c20 lw v0, 0x14(s0) | v0 = *((s0 + 5));
0x00004c24 lw t9, -0x7f54(gp) | t9 = sym.msgbuf_new;
0x00004c28 lw a0, 8(v0) | a0 = *((v0 + 2));
0x00004c2c bal 0x537c | sym_msgbuf_new ();
0x00004c30 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004c34 lw a2, 0x14(s0) | a2 = *((s0 + 5));
0x00004c38 sw v0, 0x28(sp) | *(var_28h) = v0;
0x00004c3c lw t9, -0x7f4c(gp) | t9 = sym.dhcpv6_append_node_id_opt;
0x00004c40 addiu a1, zero, 2 | a1 = 2;
0x00004c44 addiu a0, sp, 0x28 | a0 = sp + 0x28;
0x00004c48 bal 0x2ccc | sym_dhcpv6_append_node_id_opt ();
0x00004c4c lw a0, 0x28(sp) | a0 = *(var_28h);
0x00004c50 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004c54 move a3, s1 | a3 = s1;
0x00004c58 lw a2, (a0) | a2 = *(a0);
0x00004c5c lw t9, -0x7e48(gp) | t9 = sym.imp.fwrite;
0x00004c60 addiu a2, a2, -4 | a2 += -4;
0x00004c64 addiu a1, zero, 1 | a1 = 1;
0x00004c68 addiu a0, a0, 0xc | a0 += 0xc;
0x00004c6c jalr t9 | t9 ();
0x00004c70 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004c74 lw t9, -0x7e04(gp) | t9 = *((gp - 8065));
0x00004c78 lw a0, 0x28(sp) | a0 = *(var_28h);
0x00004c7c jalr t9 | t9 ();
0x00004c80 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004c84 lw t9, -0x7dfc(gp) | t9 = sym.imp.fflush;
0x00004c88 move a0, s1 | a0 = s1;
0x00004c8c jalr t9 | t9 ();
0x00004c90 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004c94 lw v1, 0x24(sp) | v1 = *(var_24h);
0x00004c98 lw t9, -0x7e88(gp) | t9 = sym.imp.fsync;
0x00004c9c move a0, v1 | a0 = v1;
0x00004ca0 jalr t9 | t9 ();
0x00004ca4 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004ca8 lw t9, -0x7ed8(gp) | t9 = sym.imp.fclose;
0x00004cac move a0, s1 | a0 = s1;
0x00004cb0 jalr t9 | t9 ();
0x00004cb4 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004cb8 move a1, s4 | a1 = s4;
0x00004cbc lw t9, -0x7e7c(gp) | t9 = sym.imp.rename;
0x00004cc0 move a0, s2 | a0 = s2;
0x00004cc4 jalr t9 | t9 ();
0x00004cc8 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004ccc bnez v0, 0x4bb4 |
| } while (v0 != 0);
0x00004cd0 lw t9, -0x7e68(gp) | t9 = sym.imp.dirname;
0x00004cd4 move a0, s5 | a0 = s5;
0x00004cd8 jalr t9 | t9 ();
0x00004cdc lw gp, 0x18(sp) | gp = *(var_18h);
0x00004ce0 move a1, zero | a1 = 0;
0x00004ce4 lw t9, -0x7e78(gp) | t9 = sym.imp.open;
0x00004ce8 move a0, v0 | a0 = v0;
0x00004cec jalr t9 | t9 ();
0x00004cf0 move s1, v0 | s1 = v0;
0x00004cf4 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x00004cf8 bltz v0, 0x4bb4 | goto label_0;
| }
0x00004cfc lw t9, -0x7e88(gp) | t9 = sym.imp.fsync;
0x00004d00 move a0, v0 | a0 = v0;
0x00004d04 jalr t9 | t9 ();
0x00004d08 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004d0c lw t9, -0x7f04(gp) | t9 = sym.imp.close;
0x00004d10 move a0, s1 | a0 = s1;
0x00004d14 jalr t9 | t9 ();
0x00004d18 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004d1c addiu v0, zero, 1 | v0 = 1;
0x00004d20 sw v0, 4(s0) | *((s0 + 1)) = v0;
0x00004d24 lw t9, -0x7e10(gp) | t9 = sym.imp.memcpy;
0x00004d28 addiu a2, zero, 0x10 | a2 = 0x10;
0x00004d2c move a1, s6 | a1 = s6;
0x00004d30 move a0, s7 | a0 = s7;
0x00004d34 jalr t9 | t9 ();
0x00004d38 lw gp, 0x18(sp) | gp = *(var_18h);
0x00004d3c b 0x4bb4 | goto label_0;
| label_4:
0x00004d40 lw ra, 0x84(sp) | ra = *(var_84h);
0x00004d44 lw fp, 0x80(sp) | fp = *(var_80h);
0x00004d48 lw s7, 0x7c(sp) | s7 = *(var_7ch);
0x00004d4c lw s6, 0x78(sp) | s6 = *(var_78h);
0x00004d50 lw s4, 0x70(sp) | s4 = *(var_70h);
0x00004d54 lw s3, 0x6c(sp) | s3 = *(var_6ch);
0x00004d58 lw s2, 0x68(sp) | s2 = *(var_68h);
0x00004d5c lw s1, 0x64(sp) | s1 = *(var_64h);
0x00004d60 lw s0, 0x60(sp) | s0 = *(var_60h);
0x00004d64 move a0, s5 | a0 = s5;
0x00004d68 lw t9, -0x7e04(gp) | t9 = *((gp - 8065));
0x00004d6c lw s5, 0x74(sp) | s5 = *(var_74h);
0x00004d70 addiu sp, sp, 0x88 |
0x00004d74 jr t9 | t9 ();
| label_2:
0x00004d78 lw v1, 0x5c(sp) | v1 = *(var_5ch);
0x00004d7c lw v0, (s3) | v0 = *(s3);
0x00004d80 lw ra, 0x84(sp) | ra = *(var_84h);
| if (v1 != v0) {
0x00004d84 bne v1, v0, 0x4bd0 | goto label_1;
| }
0x00004d88 lw fp, 0x80(sp) | fp = *(var_80h);
0x00004d8c lw s7, 0x7c(sp) | s7 = *(var_7ch);
0x00004d90 lw s6, 0x78(sp) | s6 = *(var_78h);
0x00004d94 lw s5, 0x74(sp) | s5 = *(var_74h);
0x00004d98 lw s4, 0x70(sp) | s4 = *(var_70h);
0x00004d9c lw s3, 0x6c(sp) | s3 = *(var_6ch);
0x00004da0 lw s2, 0x68(sp) | s2 = *(var_68h);
0x00004da4 lw s1, 0x64(sp) | s1 = *(var_64h);
0x00004da8 lw s0, 0x60(sp) | s0 = *(var_60h);
0x00004dac addiu sp, sp, 0x88 |
0x00004db0 jr ra | return v1;
| }
[*] Function fprintf used 3 times mdhcp6
