[*] Binary protection state of kmod
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of kmod
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/kmod @ 0x14d0c */
| #include <stdint.h>
|
; (fcn) fcn.00014d0c () | void fcn_00014d0c () {
0x00014d0c lui gp, 3 |
0x00014d10 addiu gp, gp, -0x7c9c |
0x00014d14 addu gp, gp, t9 | gp += t9;
0x00014d18 addiu sp, sp, -0xf0 |
0x00014d1c lw t9, -0x7bf8(gp) | t9 = sym.imp.malloc;
0x00014d20 sw s2, 0xdc(sp) | *(var_dch) = s2;
0x00014d24 lw s2, -0x7b94(gp) | s2 = *((gp - 7909));
0x00014d28 sw gp, 0x20(sp) | *(var_20h) = gp;
0x00014d2c sw s5, 0xe8(sp) | *(var_e8h) = s5;
0x00014d30 lw v0, (s2) | v0 = *(s2);
0x00014d34 sw s4, 0xe4(sp) | *(var_e4h) = s4;
0x00014d38 sw s1, 0xd8(sp) | *(var_d8h) = s1;
0x00014d3c sw s0, 0xd4(sp) | *(var_d4h) = s0;
0x00014d40 sw ra, 0xec(sp) | *(var_ech) = ra;
0x00014d44 sw s3, 0xe0(sp) | *(var_e0h) = s3;
0x00014d48 move s5, a0 | s5 = a0;
0x00014d4c sw v0, 0xcc(sp) | *(var_cch) = v0;
0x00014d50 addiu a0, zero, 0x10 | a0 = 0x10;
0x00014d54 move s1, a1 | s1 = a1;
0x00014d58 move s4, a2 | s4 = a2;
0x00014d5c jalr t9 | t9 ();
0x00014d60 move s0, v0 | s0 = v0;
0x00014d64 lw gp, 0x20(sp) | gp = *(var_20h);
| if (v0 != 0) {
0x00014d68 beqz v0, 0x14ea4 |
0x00014d6c lw t9, -0x7c3c(gp) | t9 = sym.imp.open64;
0x00014d70 move a0, s1 | a0 = s1;
0x00014d74 lui a1, 8 | a1 = 0x80000;
0x00014d78 jalr t9 | t9 ();
0x00014d7c move s1, v0 | s1 = v0;
0x00014d80 lw gp, 0x20(sp) | gp = *(var_20h);
| if (v0 >= 0) {
0x00014d84 bltz v0, 0x14e90 |
0x00014d88 lw t9, -0x7bd0(gp) | t9 = sym.imp.__fxstat64;
0x00014d8c addiu s3, sp, 0x28 | s3 = sp + 0x28;
0x00014d90 move a2, s3 | a2 = s3;
0x00014d94 move a1, v0 | a1 = v0;
0x00014d98 addiu a0, zero, 3 | a0 = 3;
0x00014d9c jalr t9 | t9 ();
0x00014da0 lw gp, 0x20(sp) | gp = *(var_20h);
| if (v0 >= 0) {
0x00014da4 bltz v0, 0x14e80 |
0x00014da8 lw a1, 0x60(sp) | a1 = *(var_60h_2);
0x00014dac sltiu v0, a1, 0xc | v0 = (a1 < 0xc) ? 1 : 0;
0x00014db0 lw t9, -0x7ba0(gp) | t9 = sym.imp.mmap64
| if (v0 != 0) {
0x00014db4 bnez v0, 0x14e80 | goto label_0;
| }
0x00014db8 move v1, zero | v1 = 0;
0x00014dbc move v0, zero | v0 = 0;
0x00014dc0 sw v1, 0x1c(sp) | *(var_1ch_2) = v1;
0x00014dc4 sw v0, 0x18(sp) | *(var_18h_3) = v0;
0x00014dc8 sw s1, 0x10(sp) | *(var_10h_2) = s1;
0x00014dcc addiu a3, zero, 2 | a3 = 2;
0x00014dd0 addiu a2, zero, 1 | a2 = 1;
0x00014dd4 move a0, zero | a0 = 0;
0x00014dd8 jalr t9 | t9 ();
0x00014ddc addiu v1, zero, -1 | v1 = -1;
0x00014de0 lw gp, 0x20(sp) | gp = *(var_20h);
0x00014de4 sw v0, 4(s0) | *((s0 + 1)) = v0;
| if (v0 == v1) {
0x00014de8 beq v0, v1, 0x14e80 | goto label_0;
| }
0x00014dec lwl v1, 3(v0) | __asm ("lwl v1, 3(v0)");
0x00014df0 lui a0, 0xb007 | a0 = 0xb007f457;
0x00014df4 ori a0, a0, 0xf457 |
0x00014df8 lwr v1, (v0) | __asm ("lwr v1, (v0)");
0x00014dfc wsbh v1, v1 | __asm ("wsbh v1, v1");
0x00014e00 rotr v1, v1, 0x10 | __asm ("rotr v1, v1, 0x10");
0x00014e04 lw a1, 0x60(sp) | a1 = *(var_60h_2);
| if (v1 == a0) {
0x00014e08 bne v1, a0, 0x14e70 |
0x00014e0c lwl v1, 7(v0) | __asm ("lwl v1, 7(v0)");
0x00014e10 addiu a0, zero, 2 | a0 = 2;
0x00014e14 lwr v1, 4(v0) | __asm ("lwr v1, 4(v0)");
0x00014e18 wsbh v1, v1 | __asm ("wsbh v1, v1");
0x00014e1c rotr v1, v1, 0x10 | __asm ("rotr v1, v1, 0x10");
0x00014e20 srl v1, v1, 0x10 | v1 >>= 0x10;
0x00014e24 lw t9, -0x7cd4(gp) | t9 = sym.imp.close;
| if (v1 != a0) {
0x00014e28 bne v1, a0, 0x14e70 | goto label_1;
| }
0x00014e2c lwl v1, 0xb(v0) | __asm ("lwl v1, 0xb(v0)");
0x00014e30 move a0, s1 | a0 = s1;
0x00014e34 lwr v1, 8(v0) | __asm ("lwr v1, 8(v0)");
0x00014e38 sw a1, 0xc(s0) | *((s0 + 3)) = a1;
0x00014e3c wsbh v0, v1 | __asm ("wsbh v0, v1");
0x00014e40 rotr v0, v0, 0x10 | __asm ("rotr v0, v0, 0x10");
0x00014e44 sw v0, 8(s0) | *((s0 + 2)) = v0;
0x00014e48 sw s5, (s0) | *(s0) = s5;
0x00014e4c jalr t9 | t9 ();
0x00014e50 lw gp, 0x20(sp) | gp = *(var_20h);
0x00014e54 lw t9, -0x7dd8(gp) | t9 = *(gp);
0x00014e58 move a0, s3 | a0 = s3;
0x00014e5c bal 0xfb60 | fcn_0000fb60 ();
0x00014e60 lw gp, 0x20(sp) | gp = *(var_20h);
0x00014e64 sw v0, (s4) | *(s4) = v0;
0x00014e68 sw v1, 4(s4) | *((s4 + 1)) = v1;
0x00014e6c b 0x14ea4 | goto label_2;
| }
| label_1:
0x00014e70 lw t9, -0x7c74(gp) | t9 = sym.imp.munmap;
0x00014e74 move a0, v0 | a0 = v0;
0x00014e78 jalr t9 | t9 ();
0x00014e7c lw gp, 0x20(sp) | gp = *(var_20h);
| }
| label_0:
0x00014e80 lw t9, -0x7cd4(gp) | t9 = sym.imp.close;
0x00014e84 move a0, s1 | a0 = s1;
0x00014e88 jalr t9 | t9 ();
0x00014e8c lw gp, 0x20(sp) | gp = *(var_20h);
| }
0x00014e90 lw t9, -0x7b88(gp) | t9 = sym.imp.free;
0x00014e94 move a0, s0 | a0 = s0;
0x00014e98 jalr t9 | t9 ();
0x00014e9c lw gp, 0x20(sp) | gp = *(var_20h);
0x00014ea0 move s0, zero | s0 = 0;
| }
| label_2:
0x00014ea4 lw a0, 0xcc(sp) | a0 = *(var_cch);
0x00014ea8 lw v1, (s2) | v1 = *(s2);
0x00014eac move v0, s0 | v0 = s0;
| if (a0 == v1) {
0x00014eb0 bne a0, v1, 0x14ed8 |
0x00014eb4 lw ra, 0xec(sp) | ra = *(var_ech);
0x00014eb8 lw s5, 0xe8(sp) | s5 = *(var_e8h);
0x00014ebc lw s4, 0xe4(sp) | s4 = *(var_e4h);
0x00014ec0 lw s3, 0xe0(sp) | s3 = *(var_e0h);
0x00014ec4 lw s2, 0xdc(sp) | s2 = *(var_dch);
0x00014ec8 lw s1, 0xd8(sp) | s1 = *(var_d8h);
0x00014ecc lw s0, 0xd4(sp) | s0 = *(var_d4h);
0x00014ed0 addiu sp, sp, 0xf0 |
0x00014ed4 jr ra | return v0;
| }
0x00014ed8 lw t9, -0x7bb8(gp) | t9 = sym.imp.__stack_chk_fail;
0x00014edc jalr t9 | t9 ();
0x00014ee0 nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/kmod @ 0x19a70 */
| #include <stdint.h>
|
; (fcn) fcn.00019a70 () | void fcn_00019a70 () {
0x00019a70 lui gp, 2 |
0x00019a74 addiu gp, gp, 0x3600 |
0x00019a78 addu gp, gp, t9 | gp += t9;
0x00019a7c addiu sp, sp, -0xe0 |
0x00019a80 lw t9, -0x7bd0(gp) | t9 = sym.imp.__fxstat64;
0x00019a84 sw s1, 0xd8(sp) | *(var_d8h) = s1;
0x00019a88 lw s1, -0x7b94(gp) | s1 = *((gp - 7909));
0x00019a8c lw a1, 4(a0) | a1 = *((a0 + 1));
0x00019a90 sw gp, 0x20(sp) | *(var_20h) = gp;
0x00019a94 lw v0, (s1) | v0 = *(s1);
0x00019a98 sw s0, 0xd4(sp) | *(var_d4h) = s0;
0x00019a9c sw ra, 0xdc(sp) | *(var_dch) = ra;
0x00019aa0 move s0, a0 | s0 = a0;
0x00019aa4 addiu a2, sp, 0x28 | a2 = sp + 0x28;
0x00019aa8 addiu a0, zero, 3 | a0 = 3;
0x00019aac sw v0, 0xcc(sp) | *(var_cch) = v0;
0x00019ab0 jalr t9 | t9 ();
0x00019ab4 nop |
0x00019ab8 lw gp, 0x20(sp) | gp = *(var_20h);
| if (v0 >= 0) {
0x00019abc bltz v0, 0x19b1c |
0x00019ac0 lw v0, 4(s0) | v0 = *((s0 + 1));
0x00019ac4 lw v1, 0x64(sp) | v1 = *(var_64h);
0x00019ac8 lw a1, 0x60(sp) | a1 = *(var_60h);
0x00019acc lw t9, -0x7ba0(gp) | t9 = sym.imp.mmap64
0x00019ad0 move a2, zero | a2 = 0;
0x00019ad4 move a3, zero | a3 = 0;
0x00019ad8 sw v1, 0x14(s0) | *((s0 + 5)) = v1;
0x00019adc sw a1, 0x10(s0) | *((s0 + 4)) = a1;
0x00019ae0 move a0, zero | a0 = 0;
0x00019ae4 sw a2, 0x18(sp) | *(var_18h_2) = a2;
0x00019ae8 sw a3, 0x1c(sp) | *(var_1ch_2) = a3;
0x00019aec sw v0, 0x10(sp) | *(var_10h_2) = v0;
0x00019af0 addiu a3, zero, 2 | a3 = 2;
0x00019af4 addiu a2, zero, 1 | a2 = 1;
0x00019af8 jalr t9 | t9 ();
0x00019afc addiu v1, zero, -1 | v1 = -1;
0x00019b00 lw gp, 0x20(sp) | gp = *(var_20h);
0x00019b04 sw v0, 0x18(s0) | *((s0 + 6)) = v0;
| if (v0 != v1) {
0x00019b08 beq v0, v1, 0x19b1c |
0x00019b0c addiu v0, zero, 1 | v0 = 1;
0x00019b10 sb v0, 8(s0) | *((s0 + 8)) = v0;
0x00019b14 move v0, zero | v0 = 0;
0x00019b18 b 0x19b34 |
| }
| } else {
0x00019b1c lw t9, -0x7c54(gp) | t9 = sym.imp.__errno_location;
0x00019b20 jalr t9 | t9 ();
0x00019b24 nop |
0x00019b28 lw v0, (v0) | v0 = *(v0);
0x00019b2c lw gp, 0x20(sp) | gp = *(var_20h);
0x00019b30 negu v0, v0 | __asm ("negu v0, v0");
| }
0x00019b34 lw a0, 0xcc(sp) | a0 = *(var_cch);
0x00019b38 lw v1, (s1) | v1 = *(s1);
0x00019b3c lw ra, 0xdc(sp) | ra = *(var_dch);
| if (a0 == v1) {
0x00019b40 bne a0, v1, 0x19b54 |
0x00019b44 lw s1, 0xd8(sp) | s1 = *(var_d8h);
0x00019b48 lw s0, 0xd4(sp) | s0 = *(var_d4h);
0x00019b4c addiu sp, sp, 0xe0 |
0x00019b50 jr ra | return v0;
| }
0x00019b54 lw t9, -0x7bb8(gp) | t9 = sym.imp.__stack_chk_fail;
0x00019b58 jalr t9 | t9 ();
0x00019b5c nop |
0x00019b60 lui gp, 2 |
0x00019b64 addiu gp, gp, 0x3510 |
0x00019b68 addu gp, gp, t9 | gp += t9;
0x00019b6c lw v0, (a0) | v0 = *(a0);
| if (v0 != 0) {
0x00019b70 beqz v0, 0x19bb8 |
0x00019b74 nop |
0x00019b78 addiu sp, sp, -0x20 |
0x00019b7c lw t9, -0x7b88(gp) | t9 = sym.imp.free;
0x00019b80 sw s0, 0x18(sp) | *(var_18h) = s0;
0x00019b84 move s0, a0 | s0 = a0;
0x00019b88 lw a0, 0x18(a0) | a0 = *((a0 + 6));
0x00019b8c sw ra, 0x1c(sp) | *(var_1ch) = ra;
0x00019b90 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00019b94 jalr t9 | t9 ();
0x00019b98 nop |
0x00019b9c lw gp, 0x10(sp) | gp = *(var_10h);
0x00019ba0 lw a0, (s0) | a0 = *(s0);
0x00019ba4 lw ra, 0x1c(sp) | ra = *(var_1ch);
0x00019ba8 lw s0, 0x18(sp) | s0 = *(var_18h);
0x00019bac lw t9, -0x7b40(gp) | t9 = sym.imp.gzclose;
0x00019bb0 addiu sp, sp, 0x20 |
0x00019bb4 jr t9 | t9 ();
| }
0x00019bb8 jr ra | return v0;
0x00019bbc nop |
| }
[*] Function mmap used 3 times kmod
