[*] Binary protection state of busybox.nosuid
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of busybox.nosuid
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/busybox.nosuid @ 0xab34 */
| #include <stdint.h>
|
; (fcn) fcn.0000ab34 () | void fcn_0000ab34 () {
0x0000ab34 lui gp, 9 |
0x0000ab38 addiu gp, gp, -0xa04 |
0x0000ab3c addu gp, gp, t9 | gp += t9;
0x0000ab40 addiu sp, sp, -0x70 |
0x0000ab44 lw v0, -0x74a4(gp) | v0 = *((gp - 7465));
0x0000ab48 sw fp, 0x68(sp) | *(var_68h) = fp;
0x0000ab4c move fp, sp | fp = sp;
0x0000ab50 sw s6, 0x60(sp) | *(var_60h) = s6;
0x0000ab54 sw v0, 0x38(fp) | *(arg_38h) = v0;
0x0000ab58 lw v0, (v0) | v0 = *(v0);
0x0000ab5c sw s5, 0x5c(sp) | *(var_5ch) = s5;
0x0000ab60 sw s4, 0x58(sp) | *(var_58h) = s4;
0x0000ab64 sw ra, 0x6c(sp) | *(var_6ch) = ra;
0x0000ab68 sw s7, 0x64(sp) | *(var_64h) = s7;
0x0000ab6c sw s3, 0x54(sp) | *(var_54h) = s3;
0x0000ab70 sw s2, 0x50(sp) | *(var_50h) = s2;
0x0000ab74 sw s1, 0x4c(sp) | *(var_4ch) = s1;
0x0000ab78 sw s0, 0x48(sp) | *(var_48h) = s0;
0x0000ab7c sw gp, 0x20(sp) | *(var_20h) = gp;
0x0000ab80 move s5, a3 | s5 = a3;
0x0000ab84 sw a0, 0x70(fp) | *(arg_70h) = a0;
0x0000ab88 move s6, a1 | s6 = a1;
0x0000ab8c move s4, a2 | s4 = a2;
0x0000ab90 sw v0, 0x44(fp) | *(arg_44h) = v0;
0x0000ab94 lw v0, 0x70(fp) | v0 = *(arg_70h);
| if (a3 < 0) {
0x0000ab98 bltz a3, 0xabf8 | goto label_10;
| }
| if (v0 >= 0) {
0x0000ab9c bgezl v0, 0xae3c | goto label_11;
| }
0x0000aba0 or v0, a2, a3 | v0 = a2 | a3;
| do {
| label_4:
0x0000aba4 addiu s2, zero, -1 | s2 = -1;
0x0000aba8 addiu s0, zero, -1 | s0 = -1;
| label_2:
0x0000abac lw v0, 0x38(fp) | v0 = *(arg_38h);
0x0000abb0 lw a1, 0x44(fp) | a1 = *(arg_44h);
0x0000abb4 move v1, s0 | v1 = s0;
0x0000abb8 lw a0, (v0) | a0 = *(v0);
0x0000abbc move v0, s2 | v0 = s2;
| if (a1 != a0) {
0x0000abc0 bne a1, a0, 0xada8 | goto label_12;
| }
| label_3:
0x0000abc4 move sp, fp |
0x0000abc8 lw ra, 0x6c(sp) | ra = *(var_6ch);
0x0000abcc lw fp, 0x68(sp) | fp = *(var_68h);
0x0000abd0 lw s7, 0x64(sp) | s7 = *(var_64h);
0x0000abd4 lw s6, 0x60(sp) | s6 = *(var_60h);
0x0000abd8 lw s5, 0x5c(sp) | s5 = *(var_5ch);
0x0000abdc lw s4, 0x58(sp) | s4 = *(var_58h);
0x0000abe0 lw s3, 0x54(sp) | s3 = *(var_54h);
0x0000abe4 lw s2, 0x50(sp) | s2 = *(var_50h);
0x0000abe8 lw s1, 0x4c(sp) | s1 = *(var_4ch);
0x0000abec lw s0, 0x48(sp) | s0 = *(var_48h);
0x0000abf0 addiu sp, sp, 0x70 |
0x0000abf4 jr ra | return v0;
| label_10:
0x0000abf8 negu v1, a2 | __asm ("negu v1, a2");
0x0000abfc bltz a0, 0xaba4 |
| } while (a0 < 0);
0x0000ac00 sltu v0, zero, v1 | v0 = (0 < v1) ? 1 : 0;
0x0000ac04 negu t0, a3 | __asm ("negu t0, a3");
0x0000ac08 subu s5, t0, v0 | __asm ("subu s5, t0, v0");
0x0000ac0c addiu v0, zero, 1 | v0 = 1;
0x0000ac10 move s4, v1 | s4 = v1;
0x0000ac14 sw v0, 0x3c(fp) | *(arg_3ch) = v0;
0x0000ac18 addiu s3, zero, -1 | s3 = -1;
| label_9:
0x0000ac1c lw v0, -0x7ee0(gp) | v0 = *(gp);
0x0000ac20 move s7, zero | s7 = 0;
0x0000ac24 sw v0, 0x34(fp) | *(arg_34h) = v0;
0x0000ac28 lw v0, -0x7f64(gp) | v0 = *(gp);
0x0000ac2c move s2, zero | s2 = 0;
0x0000ac30 sw v0, 0x30(fp) | *(arg_30h) = v0;
0x0000ac34 move s0, zero | s0 = 0;
| label_5:
0x0000ac38 move v0, s7 | v0 = s7;
| if (s7 == 0) {
0x0000ac3c beqz s7, 0xadb4 | goto label_13;
| }
0x0000ac40 sra a0, s7, 0x1f | a0 = s7 >> 0x1f;
| label_7:
0x0000ac44 slt a1, a0, s5 | a1 = (a0 < s5) ? 1 : 0;
0x0000ac48 move a2, s4 | a2 = s4;
| if (a1 == 0) {
0x0000ac4c beqz a1, 0xac88 | goto label_14;
| }
0x0000ac50 move a2, v0 | a2 = v0;
| do {
| label_0:
0x0000ac54 lw a0, 0x70(fp) | a0 = *(arg_70h);
| label_1:
0x0000ac58 lw t9, 0x34(fp) | t9 = *(arg_34h);
0x0000ac5c move a1, s1 | a1 = s1;
0x0000ac60 jalr t9 | t9 ();
0x0000ac64 move a3, v0 | a3 = v0;
0x0000ac68 lw gp, 0x20(fp) | gp = *(arg_20h);
| if (v0 >= 0) {
0x0000ac6c bgez v0, 0xaca0 | goto label_15;
| }
0x0000ac70 lw a0, -0x7fcc(gp) | a0 = *(gp);
0x0000ac74 lw t9, -0x7efc(gp) | t9 = *(gp);
| /* str.read_error */
0x0000ac78 addiu a0, a0, 0x7698 | a0 += 0x7698;
0x0000ac7c bal 0xc088 | fcn_0000c088 ();
0x0000ac80 lw gp, 0x20(fp) | gp = *(arg_20h);
0x0000ac84 b 0xad2c | goto label_16;
| label_14:
0x0000ac88 sltu a0, v0, s4 | a0 = (v0 < s4) ? 1 : 0;
0x0000ac8c bne s5, a0, 0xac54 |
| } while (s5 != a0);
0x0000ac90 move a2, v0 | a2 = v0;
| if (a0 == 0) {
0x0000ac94 bnel a0, zero, 0xac54 | goto label_0;
| }
0x0000ac98 lw a0, 0x70(fp) | a0 = *(arg_70h);
0x0000ac9c b 0xac58 | goto label_1;
| if (v0 != 0) {
| label_15:
0x0000aca0 bnez v0, 0xace4 | goto label_17;
| }
0x0000aca4 nop |
0x0000aca8 slti v0, s7, 0x1001 | v0 = (s7 < 0x1001) ? 1 : 0;
0x0000acac lw t9, -0x7728(gp) | t9 = sym.imp.munmap;
| if (v0 != 0) {
0x0000acb0 bnez v0, 0xabac | goto label_2;
| }
0x0000acb4 move a1, s7 | a1 = s7;
| label_6:
0x0000acb8 move a0, s1 | a0 = s1;
0x0000acbc jalr t9 | t9 ();
0x0000acc0 lw v0, 0x38(fp) | v0 = *(arg_38h);
0x0000acc4 lw a1, 0x44(fp) | a1 = *(arg_44h);
0x0000acc8 lw gp, 0x20(fp) | gp = *(arg_20h);
0x0000accc lw a0, (v0) | a0 = *(v0);
0x0000acd0 move v0, s2 | v0 = s2;
0x0000acd4 move v1, s0 | v1 = s0;
| if (a1 == a0) {
0x0000acd8 beq a1, a0, 0xabc4 | goto label_3;
| }
0x0000acdc lw t9, -0x750c(gp) | t9 = sym.imp.__stack_chk_fail;
0x0000ace0 b 0xadac | goto label_18;
| label_17:
0x0000ace4 lw t9, 0x30(fp) | t9 = *(arg_30h);
| if (s6 < 0) {
0x0000ace8 bltz s6, 0xad58 | goto label_19;
| }
0x0000acec move a2, v0 | a2 = v0;
0x0000acf0 sw v0, 0x2c(fp) | *(arg_2ch) = v0;
0x0000acf4 move a1, s1 | a1 = s1;
0x0000acf8 move a0, s6 | a0 = s6;
0x0000acfc jalr t9 | t9 ();
0x0000ad00 lw a3, 0x2c(fp) | a3 = *(arg_2ch);
0x0000ad04 slt v0, v0, a3 | v0 = (v0 < a3) ? 1 : 0;
0x0000ad08 lw gp, 0x20(fp) | gp = *(arg_20h);
| if (v0 == 0) {
0x0000ad0c beqz v0, 0xad58 | goto label_19;
| }
0x0000ad10 lw v0, 0x3c(fp) | v0 = *(arg_3ch);
0x0000ad14 lw a0, -0x7fcc(gp) | a0 = *(gp);
| if (v0 != 0) {
0x0000ad18 bnez v0, 0xad54 | goto label_20;
| }
0x0000ad1c lw t9, -0x7efc(gp) | t9 = *(gp);
| /* str.write_error */
0x0000ad20 addiu a0, a0, 0x75d0 | a0 += 0x75d0;
0x0000ad24 bal 0xc088 | fcn_0000c088 ();
0x0000ad28 lw gp, 0x20(fp) | gp = *(arg_20h);
| label_16:
0x0000ad2c slti v0, s7, 0x1001 | v0 = (s7 < 0x1001) ? 1 : 0;
0x0000ad30 lw t9, -0x7728(gp) | t9 = sym.imp.munmap;
| if (v0 != 0) {
0x0000ad34 bnez v0, 0xaba4 | goto label_4;
| }
0x0000ad38 move a1, s7 | a1 = s7;
0x0000ad3c move a0, s1 | a0 = s1;
0x0000ad40 jalr t9 | t9 ();
0x0000ad44 addiu s2, zero, -1 | s2 = -1;
0x0000ad48 lw gp, 0x20(fp) | gp = *(arg_20h);
0x0000ad4c addiu s0, zero, -1 | s0 = -1;
0x0000ad50 b 0xabac | goto label_2;
| label_20:
0x0000ad54 addiu s6, zero, -1 | s6 = -1;
| label_19:
0x0000ad58 addu a0, s2, a3 | a0 = s2 + a3;
0x0000ad5c sra v0, a3, 0x1f | v0 = a3 >> 0x1f;
0x0000ad60 sltu a1, a0, s2 | a1 = (a0 < s2) ? 1 : 0;
0x0000ad64 addu s0, s0, v0 | s0 += v0;
0x0000ad68 addiu v1, zero, -1 | v1 = -1;
0x0000ad6c move s2, a0 | s2 = a0;
0x0000ad70 addu s0, a1, s0 | s0 = a1 + s0;
| if (s3 != v1) {
0x0000ad74 bne s3, v1, 0xac38 | goto label_5;
| }
0x0000ad78 subu a3, s4, a3 | __asm ("subu a3, s4, a3");
0x0000ad7c sltu a0, s4, a3 | a0 = (s4 < a3) ? 1 : 0;
0x0000ad80 subu t0, s5, v0 | __asm ("subu t0, s5, v0");
0x0000ad84 subu s5, t0, a0 | __asm ("subu s5, t0, a0");
0x0000ad88 or v0, a3, s5 | v0 = a3 | s5;
0x0000ad8c move s4, a3 | s4 = a3;
| if (v0 != 0) {
0x0000ad90 bnez v0, 0xac38 | goto label_5;
| }
0x0000ad94 slti v0, s7, 0x1001 | v0 = (s7 < 0x1001) ? 1 : 0;
0x0000ad98 lw t9, -0x7728(gp) | t9 = sym.imp.munmap;
| if (v0 != 0) {
0x0000ad9c bnez v0, 0xabac | goto label_2;
| }
0x0000ada0 move a1, s7 | a1 = s7;
0x0000ada4 b 0xacb8 | goto label_6;
| label_12:
0x0000ada8 lw t9, -0x750c(gp) | t9 = sym.imp.__stack_chk_fail;
| label_18:
0x0000adac jalr t9 | t9 ();
0x0000adb0 nop |
| label_13:
0x0000adb4 addiu v0, s4, -1 | v0 = s4 + -1;
0x0000adb8 sltu a0, v0, s4 | a0 = (v0 < s4) ? 1 : 0;
0x0000adbc addiu a1, s5, -1 | a1 = s5 + -1;
0x0000adc0 addu a0, a0, a1 | a0 += a1;
0x0000adc4 sltiu v0, v0, 0x1000 | v0 = (v0 < aav.0x00001000) ? 1 : 0;
| if (a0 == 0) {
0x0000adc8 beqz a0, 0xae1c | goto label_21;
| }
0x0000adcc lw t9, -0x74b4(gp) | t9 = sym.imp.mmap64
| do {
0x0000add0 move v0, zero | v0 = 0;
0x0000add4 move v1, zero | v1 = 0;
0x0000add8 addiu s7, zero, -1 | s7 = -1;
0x0000addc sw v0, 0x18(sp) | *(var_18h) = v0;
0x0000ade0 sw v1, 0x1c(sp) | *(var_1ch) = v1;
0x0000ade4 sw s7, 0x10(sp) | *(var_10h) = s7;
0x0000ade8 addiu a3, zero, 0x802 | a3 = 0x802;
0x0000adec addiu a2, zero, 3 | a2 = 3;
0x0000adf0 addiu a1, zero, 0x2000 | a1 = aav.0x00002000;
0x0000adf4 move a0, zero | a0 = 0;
0x0000adf8 jalr t9 | t9 ();
0x0000adfc move s1, v0 | s1 = v0;
| if (v0 != s7) {
0x0000ae00 bne v0, s7, 0xae2c | goto label_22;
| }
0x0000ae04 addiu sp, sp, -0x1000 |
| label_8:
0x0000ae08 addiu s1, sp, 0x20 | s1 = sp + 0x20;
0x0000ae0c addiu v0, zero, 0x1000 | v0 = aav.0x00001000;
0x0000ae10 move a0, zero | a0 = 0;
0x0000ae14 addiu s7, zero, 0x1000 | s7 = aav.0x00001000;
0x0000ae18 b 0xac44 | goto label_7;
| label_21:
0x0000ae1c lw t9, -0x74b4(gp) | t9 = sym.imp.mmap64
0x0000ae20 beqz v0, 0xadd0 |
| } while (v0 == 0);
0x0000ae24 addiu sp, sp, -0x1000 |
0x0000ae28 b 0xae08 | goto label_8;
| label_22:
0x0000ae2c addiu v0, zero, 0x2000 | v0 = aav.0x00002000;
0x0000ae30 move a0, zero | a0 = 0;
0x0000ae34 addiu s7, zero, 0x2000 | s7 = aav.0x00002000;
0x0000ae38 b 0xac44 | goto label_7;
| label_11:
0x0000ae3c addiu a0, zero, 1 | a0 = 1;
0x0000ae40 addiu s3, zero, -1 | s3 = -1;
| if (v0 != 0) {
0x0000ae44 movz s3, a0, v0 | s3 = a0;
| }
0x0000ae48 lui a0, 0x100 | a0 = imp.__environ;
0x0000ae4c sw zero, 0x3c(fp) | *(arg_3ch) = 0;
| if (v0 != 0) {
0x0000ae50 movz s4, a0, v0 | s4 = a0;
| }
| if (v0 != 0) {
0x0000ae54 movz s5, zero, v0 | s5 = 0;
| }
0x0000ae58 b 0xac1c | goto label_9;
| }
[*] Function mmap used 3 times busybox.nosuid
