[*] Binary protection state of parhand
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of parhand
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/parhand @ 0xaa34 */
| #include <stdint.h>
|
; (fcn) fcn.0000aa34 () | void fcn_0000aa34 () {
0x0000aa34 lui gp, 4 |
0x0000aa38 addiu gp, gp, -0x76e4 |
0x0000aa3c addu gp, gp, t9 | gp += t9;
0x0000aa40 addiu sp, sp, -0xc8 |
0x0000aa44 lw t9, -0x7cf8(gp) | t9 = sym.imp.__fxstat;
0x0000aa48 sw s1, 0xbc(sp) | *(var_bch) = s1;
0x0000aa4c lw s1, -0x7c68(gp) | s1 = *((gp - 7962));
0x0000aa50 sw gp, 0x18(sp) | *(var_18h) = gp;
0x0000aa54 sw s2, 0xc0(sp) | *(var_c0h) = s2;
0x0000aa58 lw v0, (s1) | v0 = *(s1);
0x0000aa5c move a1, a0 | a1 = a0;
0x0000aa60 sw ra, 0xc4(sp) | *(var_c4h) = ra;
0x0000aa64 sw s0, 0xb8(sp) | *(var_b8h) = s0;
0x0000aa68 move s2, a0 | s2 = a0;
0x0000aa6c addiu a2, sp, 0x24 | a2 = sp + 0x24;
0x0000aa70 addiu a0, zero, 3 | a0 = 3;
0x0000aa74 sw v0, 0xb4(sp) | *(var_b4h) = v0;
0x0000aa78 jalr t9 | t9 ();
0x0000aa7c nop |
0x0000aa80 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x0000aa84 bltz v0, 0xab00 | goto label_1;
| }
0x0000aa88 lw t9, -0x7cac(gp) | t9 = sym.imp.malloc;
0x0000aa8c addiu a0, zero, 0xc | a0 = 0xc;
0x0000aa90 jalr t9 | t9 ();
0x0000aa94 move s0, v0 | s0 = v0;
0x0000aa98 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x0000aa9c beqz v0, 0xab24 | goto label_2;
| }
0x0000aaa0 lw a1, 0x54(sp) | a1 = *(var_54h);
0x0000aaa4 lw t9, -0x7b10(gp) | t9 = sym.imp.mmap
0x0000aaa8 sw a1, 4(v0) | *((v0 + 1)) = a1;
0x0000aaac sw zero, 8(v0) | *((v0 + 2)) = 0;
0x0000aab0 addiu a3, zero, 1 | a3 = 1;
0x0000aab4 sw zero, 0x14(sp) | *(var_14h) = 0;
0x0000aab8 sw s2, 0x10(sp) | *(var_10h_2) = s2;
0x0000aabc addiu a2, zero, 1 | a2 = 1;
0x0000aac0 move a0, zero | a0 = 0;
0x0000aac4 jalr t9 | t9 ();
0x0000aac8 addiu v1, zero, -1 | v1 = -1;
0x0000aacc lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == v1) {
0x0000aad0 beq v0, v1, 0xab4c | goto label_3;
| }
0x0000aad4 sw v0, (s0) | *(s0) = v0;
| do {
| label_0:
0x0000aad8 lw a0, 0xb4(sp) | a0 = *(var_b4h);
0x0000aadc lw v1, (s1) | v1 = *(s1);
0x0000aae0 move v0, s0 | v0 = s0;
| if (a0 != v1) {
0x0000aae4 bne a0, v1, 0xab64 | goto label_4;
| }
0x0000aae8 lw ra, 0xc4(sp) | ra = *(var_c4h);
0x0000aaec lw s2, 0xc0(sp) | s2 = *(var_c0h);
0x0000aaf0 lw s1, 0xbc(sp) | s1 = *(var_bch);
0x0000aaf4 lw s0, 0xb8(sp) | s0 = *(var_b8h);
0x0000aaf8 addiu sp, sp, 0xc8 |
0x0000aafc jr ra | return v0;
| label_1:
0x0000ab00 lw a1, -0x7fc4(gp) | a1 = *(gp);
0x0000ab04 lw a0, -0x7fc4(gp) | a0 = *(gp);
0x0000ab08 lw t9, -0x7fb0(gp) | t9 = sym.logerr;
| /* str.Couldnt_get_status_from_filedescriptor____m_ */
0x0000ab0c addiu a1, a1, 0x6cd0 | a1 += 0x6cd0;
| /* str.axisconfigparser.c */
0x0000ab10 addiu a0, a0, 0x6d00 | a0 += 0x6d00;
0x0000ab14 bal 0x19b80 | sym_logerr ();
0x0000ab18 move s0, zero | s0 = 0;
0x0000ab1c lw gp, 0x18(sp) | gp = *(var_18h);
0x0000ab20 b 0xaad8 |
| } while (1);
| label_2:
0x0000ab24 lw a2, -0x7fc4(gp) | a2 = *(gp);
0x0000ab28 lw a1, -0x7fc4(gp) | a1 = *(gp);
0x0000ab2c lw a0, -0x7fc4(gp) | a0 = *(gp);
0x0000ab30 lw t9, -0x7fc8(gp) | t9 = sym.fatald;
| /* str.mmap_fd */
0x0000ab34 addiu a2, a2, 0x7200 | a2 += 0x7200;
| /* str.Memory_allocation_failed__in_function__s_. */
0x0000ab38 addiu a1, a1, 0x6404 | a1 += 0x6404;
| /* str.axisconfigparser.c */
0x0000ab3c addiu a0, a0, 0x6d00 | a0 += 0x6d00;
0x0000ab40 bal 0x199c0 | sym_fatald ();
0x0000ab44 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000ab48 b 0xaad8 | goto label_0;
| label_3:
0x0000ab4c lw t9, -0x7bec(gp) | t9 = sym.imp.free;
0x0000ab50 move a0, s0 | a0 = s0;
0x0000ab54 jalr t9 | t9 ();
0x0000ab58 move s0, zero | s0 = 0;
0x0000ab5c lw gp, 0x18(sp) | gp = *(var_18h);
0x0000ab60 b 0xaad8 | goto label_0;
| label_4:
0x0000ab64 lw t9, -0x7cb4(gp) | t9 = sym.imp.__stack_chk_fail;
0x0000ab68 jalr t9 | t9 ();
0x0000ab6c nop |
| }
[*] Function mmap used 3 times parhand
