[*] Binary protection state of param.cgi-transfer
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of param.cgi-transfer
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/param.cgi-transfer @ 0x2b10 */
| #include <stdint.h>
|
; (fcn) fcn.00002b10 () | void fcn_00002b10 () {
0x00002b10 lui gp, 2 |
0x00002b14 addiu gp, gp, 0x16e0 |
0x00002b18 addu gp, gp, t9 | gp += t9;
0x00002b1c addiu sp, sp, -0x30 |
0x00002b20 sw s0, 0x20(sp) | *(var_20h) = s0;
0x00002b24 lw s0, -0x7e70(gp) | s0 = *((gp - 8092));
0x00002b28 sw s1, 0x24(sp) | *(var_24h) = s1;
0x00002b2c lw s1, -0x7fd8(gp) | s1 = *((gp - 8182));
0x00002b30 lw v1, (s0) | v1 = *(s0);
0x00002b34 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00002b38 lw v0, -0x3a54(s1) | v0 = *((s1 - 3733));
0x00002b3c sw v1, 0x1c(sp) | *(var_1ch) = v1;
0x00002b40 addiu v1, sp, 0x34 | v1 = sp + 0x34;
0x00002b44 sw s2, 0x28(sp) | *(var_28h) = s2;
0x00002b48 sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x00002b4c move s2, a0 | s2 = a0;
0x00002b50 sw a1, 0x34(sp) | *(arg_34h) = a1;
0x00002b54 sw a2, 0x38(sp) | *(arg_38h) = a2;
0x00002b58 sw a3, 0x3c(sp) | *(arg_3ch) = a3;
0x00002b5c sw v1, 0x18(sp) | *(var_18h) = v1;
0x00002b60 beqz v0, 0x2bb8 |
| while (1) {
| label_0:
0x00002b64 lw s1, -0x7ee8(gp) | s1 = *((gp - 8122));
0x00002b68 lw t9, -0x7e34(gp) | t9 = sym.imp.__vfprintf_chk
0x00002b6c lw a3, 0x18(sp) | a3 = *(var_18h);
0x00002b70 lw a0, (s1) | a0 = *(s1);
0x00002b74 move a2, s2 | a2 = s2;
0x00002b78 addiu a1, zero, 1 | a1 = 1;
0x00002b7c jalr t9 | t9 ();
0x00002b80 lw gp, 0x10(sp) | gp = *(var_10h);
0x00002b84 lw t9, -0x7e2c(gp) | t9 = sym.imp.fflush;
0x00002b88 lw a0, (s1) | a0 = *(s1);
0x00002b8c jalr t9 | t9 ();
0x00002b90 lw v1, 0x1c(sp) | v1 = *(var_1ch);
0x00002b94 lw v0, (s0) | v0 = *(s0);
0x00002b98 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v1 != v0) {
0x00002b9c bne v1, v0, 0x2c58 | goto label_1;
| }
0x00002ba0 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x00002ba4 lw s2, 0x28(sp) | s2 = *(var_28h);
0x00002ba8 lw s1, 0x24(sp) | s1 = *(var_24h);
0x00002bac lw s0, 0x20(sp) | s0 = *(var_20h);
0x00002bb0 addiu sp, sp, 0x30 |
0x00002bb4 jr ra | return v0;
0x00002bb8 lw t9, -0x7fcc(gp) | t9 = *((gp - 8179));
0x00002bbc addiu t9, t9, 0x2ac8 | t9 += fcn.00002ac8;
0x00002bc0 bal 0x2ac8 | fcn_00002ac8 ();
0x00002bc4 nop |
0x00002bc8 lw gp, 0x10(sp) | gp = *(var_10h);
0x00002bcc lw t9, -0x7fcc(gp) | t9 = *((gp - 8179));
0x00002bd0 addiu t9, t9, 0x25b0 | t9 += fcn.000025b0;
0x00002bd4 bal 0x25b0 | fcn_000025b0 ();
0x00002bd8 nop |
0x00002bdc lw gp, 0x10(sp) | gp = *(var_10h);
0x00002be0 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x00002be4 lw a0, -0x3f64(v0) | a0 = *((v0 - 4057));
0x00002be8 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
| if (a0 == 0) {
0x00002bec beqz a0, 0x2c38 | goto label_2;
| }
0x00002bf0 lw v0, -0x3a58(v0) | v0 = *((v0 - 3734));
0x00002bf4 sll v0, v0, 2 | v0 <<= 2;
0x00002bf8 lwx a0, v0(a0) | __asm ("lwx a0, v0(a0)");
0x00002bfc lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
| if (a0 == 0) {
0x00002c00 beqz a0, 0x2c38 | goto label_2;
| }
0x00002c04 lw t9, -0x7f48(gp) | t9 = sym.imp.strcmp;
0x00002c08 addiu a1, a1, -0x62b8 | a1 += -0x62b8;
0x00002c0c jalr t9 | t9 ();
0x00002c10 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 != 0) {
0x00002c14 bnez v0, 0x2c38 | goto label_2;
| }
0x00002c18 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00002c1c lw t9, -0x7e64(gp) | t9 = sym.imp.CGI_plain_setup_RFC;
0x00002c20 addiu a0, a0, -0x5248 | a0 += -0x5248;
0x00002c24 jalr t9 | t9 ();
0x00002c28 addiu v0, zero, 1 | v0 = 1;
0x00002c2c lw gp, 0x10(sp) | gp = *(var_10h);
0x00002c30 sw v0, -0x3a54(s1) | *((s1 - 3733)) = v0;
0x00002c34 b 0x2b64 |
| }
| label_2:
0x00002c38 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00002c3c lw t9, -0x7df0(gp) | t9 = sym.imp.CGI_plain_setup;
0x00002c40 addiu a0, a0, -0x5248 | a0 += -0x5248;
0x00002c44 jalr t9 | t9 ();
0x00002c48 addiu v0, zero, 1 | v0 = 1;
0x00002c4c lw gp, 0x10(sp) | gp = *(var_10h);
0x00002c50 sw v0, -0x3a54(s1) | *((s1 - 3733)) = v0;
0x00002c54 b 0x2b64 | goto label_0;
| label_1:
0x00002c58 lw t9, -0x7eb0(gp) | t9 = sym.imp.__stack_chk_fail;
0x00002c5c jalr t9 | t9 ();
0x00002c60 nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/param.cgi-transfer @ 0x7084 */
| #include <stdint.h>
|
; (fcn) fcn.00007084 () | void fcn_00007084 () {
0x00007084 lui gp, 2 |
0x00007088 addiu gp, gp, -0x2e94 |
0x0000708c addu gp, gp, t9 | gp += t9;
0x00007090 addiu sp, sp, -0x30 |
0x00007094 addiu v1, sp, 0x38 | v1 = sp + 0x38;
0x00007098 sw s1, 0x24(sp) | *(var_24h) = s1;
0x0000709c lw s1, -0x7e70(gp) | s1 = *((gp - 8092));
0x000070a0 sw s0, 0x20(sp) | *(var_20h) = s0;
0x000070a4 move s0, a0 | s0 = a0;
0x000070a8 lw v0, (s1) | v0 = *(s1);
0x000070ac sw a3, 0x3c(sp) | *(arg_3ch) = a3;
0x000070b0 move a3, a0 | a3 = a0;
0x000070b4 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x000070b8 lw t9, -0x7e90(gp) | t9 = sym.imp.fwrite;
0x000070bc sw v1, 0x18(sp) | *(var_18h) = v1;
0x000070c0 sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x000070c4 sw gp, 0x10(sp) | *(var_10h) = gp;
0x000070c8 sw s2, 0x28(sp) | *(var_28h) = s2;
0x000070cc sw a2, 0x38(sp) | *(arg_38h) = a2;
0x000070d0 move s2, a1 | s2 = a1;
0x000070d4 addiu a2, zero, 9 | a2 = 9;
0x000070d8 addiu a1, zero, 1 | a1 = 1;
0x000070dc addiu a0, a0, -0x4e18 | a0 += -0x4e18;
0x000070e0 sw v0, 0x1c(sp) | *(var_1ch) = v0;
0x000070e4 jalr t9 | t9 ();
0x000070e8 nop |
0x000070ec lw gp, 0x10(sp) | gp = *(var_10h);
0x000070f0 lw a3, 0x18(sp) | a3 = *(var_18h);
0x000070f4 move a2, s2 | a2 = s2;
0x000070f8 lw t9, -0x7e34(gp) | t9 = sym.imp.__vfprintf_chk
0x000070fc addiu a1, zero, 1 | a1 = 1;
0x00007100 move a0, s0 | a0 = s0;
0x00007104 jalr t9 | t9 ();
0x00007108 lw gp, 0x10(sp) | gp = *(var_10h);
0x0000710c lw t9, -0x7e2c(gp) | t9 = sym.imp.fflush;
0x00007110 move a0, s0 | a0 = s0;
0x00007114 jalr t9 | t9 ();
0x00007118 lw v1, 0x1c(sp) | v1 = *(var_1ch);
0x0000711c lw v0, (s1) | v0 = *(s1);
0x00007120 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v1 == v0) {
0x00007124 bne v1, v0, 0x7140 |
0x00007128 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x0000712c lw s2, 0x28(sp) | s2 = *(var_28h);
0x00007130 lw s1, 0x24(sp) | s1 = *(var_24h);
0x00007134 lw s0, 0x20(sp) | s0 = *(var_20h);
0x00007138 addiu sp, sp, 0x30 |
0x0000713c jr ra | return v1;
| }
0x00007140 lw t9, -0x7eb0(gp) | t9 = sym.imp.__stack_chk_fail;
0x00007144 jalr t9 | t9 ();
0x00007148 nop |
| }
[*] Function fprintf used 3 times param.cgi-transfer
