[*] Binary protection state of mklost+found
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of mklost+found
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/mklost+found @ 0x820 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
| /* [13] -r-x section size 1296 named .text */
0x00000820 lui gp, 2 |
0x00000824 addiu gp, gp, -0x7810 |
0x00000828 addu gp, gp, t9 | gp += t9;
0x0000082c addiu sp, sp, -0x300 |
0x00000830 lw v0, -0x7f78(gp) | v0 = *((gp - 8158));
0x00000834 sw s0, 0x2d8(sp) | *(var_2d8h) = s0;
0x00000838 lw s0, -0x7f74(gp) | s0 = *((gp - 8157));
0x0000083c lw v1, (v0) | v1 = *(v0);
0x00000840 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00000844 lw a3, -0x7fdc(gp) | a3 = *((gp - 8183));
0x00000848 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x0000084c lw t9, -0x7fa8(gp) | t9 = sym.imp.__fprintf_chk;
0x00000850 sw s1, 0x2dc(sp) | *(var_2dch) = s1;
0x00000854 addiu v0, v0, 0xe58 | v0 += str.14_Jul_2019;
0x00000858 move s1, a0 | s1 = a0;
0x0000085c lw a0, (s0) | a0 = *(s0);
0x00000860 sw gp, 0x18(sp) | *(var_18h) = gp;
0x00000864 sw ra, 0x2fc(sp) | *(var_2fch) = ra;
0x00000868 sw fp, 0x2f8(sp) | *(var_2f8h) = fp;
0x0000086c sw s7, 0x2f4(sp) | *(var_2f4h) = s7;
0x00000870 sw s6, 0x2f0(sp) | *(var_2f0h) = s6;
0x00000874 sw s5, 0x2ec(sp) | *(var_2ech) = s5;
0x00000878 sw s4, 0x2e8(sp) | *(var_2e8h) = s4;
0x0000087c sw s3, 0x2e4(sp) | *(var_2e4h) = s3;
0x00000880 sw s2, 0x2e0(sp) | *(var_2e0h) = s2;
0x00000884 sw v0, 0x10(sp) | *(var_10h) = v0;
0x00000888 addiu a3, a3, 0xe38 | a3 += str.1.45.3;
0x0000088c addiu a2, a2, 0xe40 | a2 += str.mklostfound__s___s__n;
0x00000890 addiu a1, zero, 1 | a1 = 1;
0x00000894 sw v1, 0x2d4(sp) | *(var_2d4h) = v1;
0x00000898 jalr t9 | t9 ();
0x0000089c nop |
0x000008a0 addiu v0, zero, 1 | v0 = 1;
0x000008a4 lw gp, 0x18(sp) | gp = *(var_18h);
| if (s1 != v0) {
0x000008a8 beq s1, v0, 0x8d8 |
0x000008ac lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x000008b0 lw t9, -0x7f88(gp) | t9 = sym.imp.fwrite;
0x000008b4 lw a3, (s0) | a3 = *(s0);
0x000008b8 addiu a0, a0, 0xe64 | a0 += str.Usage:_mklostfound_n;
0x000008bc addiu a2, zero, 0x14 | a2 = 0x14;
0x000008c0 addiu a1, zero, 1 | a1 = 1;
0x000008c4 jalr t9 | t9 ();
0x000008c8 lw gp, 0x18(sp) | gp = *(var_18h);
0x000008cc lw t9, -0x7f90(gp) | t9 = sym.imp.exit;
0x000008d0 addiu a0, zero, 1 | a0 = 1;
0x000008d4 jalr t9 | t9 ();
| }
0x000008d8 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x000008dc lw t9, -0x7fa0(gp) | t9 = sym.imp.mkdir;
0x000008e0 sw v0, 0x28(sp) | *(var_28h) = v0;
0x000008e4 addiu a1, zero, 0x1c0 | a1 = segment.REGINFO;
0x000008e8 addiu a0, v0, 0xe7c | a0 = v0 + str.lostfound;
0x000008ec jalr t9 | t9 ();
0x000008f0 addiu v1, zero, -1 | v1 = -1;
0x000008f4 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == v1) {
0x000008f8 beq v0, v1, 0xa40 | goto label_1;
| }
0x000008fc lw s2, -0x7fdc(gp) | s2 = *((gp - 8183));
0x00000900 lw t9, -0x7f9c(gp) | t9 = sym.imp.memset;
0x00000904 addiu a0, sp, 0xc4 | a0 = sp + 0xc4;
0x00000908 sw s2, 0x2c(sp) | *(var_2ch) = s2;
0x0000090c sw a0, 0x24(sp) | *(var_24h) = a0;
0x00000910 addiu a2, zero, 0xf6 | a2 = 0xf6;
0x00000914 addiu a1, zero, 0x78 | a1 = 0x78;
0x00000918 jalr t9 | t9 ();
0x0000091c lw v0, 0x28(sp) | v0 = *(var_28h);
0x00000920 addiu v1, sp, 0x1d2 | v1 = sp + 0x1d2;
0x00000924 addiu s7, s2, 0xe90 | s7 = s2 + str._08d;
0x00000928 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000092c move s1, zero | s1 = 0;
0x00000930 addiu fp, sp, 0x1ba | fp = sp + 0x1ba;
0x00000934 addiu s4, sp, 0x1c8 | s4 = sp + 0x1c8;
0x00000938 addiu s0, v0, 0xe7c | s0 = v0 + str.lostfound;
0x0000093c sw v1, 0x20(sp) | *(var_20h) = v1;
0x00000940 addiu s3, sp, 0x1d3 | s3 = sp + 0x1d3;
0x00000944 lw s6, 0xe7c(v0) | s6 = *(v0);
0x00000948 addiu s2, zero, -1 | s2 = -1;
0x0000094c addiu s5, sp, 0x34 | s5 = sp + 0x34;
0x00000950 b 0x9ac |
| while (v0 != s2) {
0x00000954 lw t9, -0x7fb0(gp) | t9 = sym.imp.close;
0x00000958 move a0, v0 | a0 = v0;
0x0000095c jalr t9 | t9 ();
0x00000960 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000964 move a1, s0 | a1 = s0;
0x00000968 move a2, s5 | a2 = s5;
0x0000096c lw t9, -0x7f80(gp) | t9 = sym.imp.__xstat;
0x00000970 addiu a0, zero, 3 | a0 = 3;
0x00000974 jalr t9 | t9 ();
0x00000978 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000097c addiu a1, s1, 1 | a1 = s1 + 1;
| if (v0 == s2) {
0x00000980 beq v0, s2, 0xa50 | goto label_2;
| }
0x00000984 lw a0, 0x84(sp) | a0 = *(var_84h);
0x00000988 sll v0, a0, 1 | v0 = a0 << 1;
0x0000098c addu v0, v0, a0 | v0 += a0;
0x00000990 sll v0, v0, 2 | v0 <<= 2;
0x00000994 subu v0, v0, a0 | __asm ("subu v0, v0, a0");
0x00000998 lw a0, 0x64(sp) | a0 = *(var_64h);
0x0000099c slt v0, v0, a0 | v0 = (v0 < a0) ? 1 : 0;
0x000009a0 lw v0, 0x2c(sp) | v0 = *(var_2ch);
| if (v0 != 0) {
0x000009a4 bnez v0, 0xa60 | goto label_3;
| }
0x000009a8 move s1, a1 | s1 = a1;
0x000009ac lw t9, -0x7fb4(gp) | t9 = sym.imp.__sprintf_chk
0x000009b0 move a3, s7 | a3 = s7;
0x000009b4 addiu a2, zero, 0xb | a2 = 0xb;
0x000009b8 addiu a1, zero, 1 | a1 = 1;
0x000009bc move a0, fp | a0 = fp;
0x000009c0 sw s1, 0x10(sp) | *(var_10h) = s1;
0x000009c4 jalr t9 | t9 ();
0x000009c8 lhu v0, 8(s0) | v0 = *((s0 + 4));
0x000009cc lw gp, 0x18(sp) | gp = *(var_18h);
0x000009d0 sh v0, 8(s4) | *((s4 + 4)) = v0;
0x000009d4 lw v0, 0x20(sp) | v0 = *(var_20h);
0x000009d8 lw a3, 4(s0) | a3 = *((s0 + 1));
0x000009dc addiu v1, zero, 0x2f | v1 = 0x2f;
0x000009e0 lw t9, -0x7fa4(gp) | t9 = sym.imp.__strcpy_chk;
0x000009e4 lw a1, 0x24(sp) | a1 = *(var_24h);
0x000009e8 sw a3, 4(s4) | *((s4 + 1)) = a3;
0x000009ec addiu a2, zero, 0x10c | a2 = 0x10c;
0x000009f0 move a0, s3 | a0 = s3;
0x000009f4 sb v1, (v0) | *(v0) = v1;
0x000009f8 sw s6, (s4) | *(s4) = s6;
0x000009fc jalr t9 | t9 ();
0x00000a00 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000a04 addiu a1, zero, 0x1a4 | a1 = 0x1a4;
0x00000a08 lw t9, -0x7f98(gp) | t9 = sym.imp.creat;
0x00000a0c move a0, s4 | a0 = s4;
0x00000a10 jalr t9 | t9 ();
0x00000a14 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000a18 bne v0, s2, 0x954 |
| }
0x00000a1c lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00000a20 lw t9, -0x7f84(gp) | t9 = sym.imp.perror;
0x00000a24 addiu a0, a0, 0xe98 | a0 += str.creat;
| do {
| label_0:
0x00000a28 jalr t9 | t9 ();
0x00000a2c nop |
0x00000a30 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000a34 lw t9, -0x7f90(gp) | t9 = sym.imp.exit;
0x00000a38 addiu a0, zero, 1 | a0 = 1;
0x00000a3c jalr t9 | t9 ();
| label_1:
0x00000a40 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00000a44 lw t9, -0x7f84(gp) | t9 = sym.imp.perror;
0x00000a48 addiu a0, a0, 0xe88 | a0 += str.mkdir;
0x00000a4c b 0xa28 |
| } while (1);
| label_2:
0x00000a50 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00000a54 lw t9, -0x7f84(gp) | t9 = sym.imp.perror;
0x00000a58 addiu a0, a0, 0xea0 | a0 += str.stat;
0x00000a5c b 0xa28 | goto label_0;
| label_3:
0x00000a60 move s2, zero | s2 = 0;
0x00000a64 addiu s6, v0, 0xe90 | s6 = v0 + str._08d;
0x00000a68 lw v0, 0x28(sp) | v0 = *(var_28h);
0x00000a6c addiu s5, zero, 0x2f | s5 = 0x2f;
0x00000a70 lw s7, 0xe7c(v0) | s7 = *(v0);
0x00000a74 b 0xa7c |
| while (v0 != 0) {
0x00000a78 move s2, t2 | s2 = t2;
0x00000a7c lw t9, -0x7fb4(gp) | t9 = sym.imp.__sprintf_chk
0x00000a80 move a3, s6 | a3 = s6;
0x00000a84 addiu a2, zero, 0xb | a2 = 0xb;
0x00000a88 addiu a1, zero, 1 | a1 = 1;
0x00000a8c move a0, fp | a0 = fp;
0x00000a90 sw s2, 0x10(sp) | *(var_10h) = s2;
0x00000a94 jalr t9 | t9 ();
0x00000a98 lhu v0, 8(s0) | v0 = *((s0 + 4));
0x00000a9c lw gp, 0x18(sp) | gp = *(var_18h);
0x00000aa0 sh v0, 8(s4) | *((s4 + 4)) = v0;
0x00000aa4 lw v0, 0x20(sp) | v0 = *(var_20h);
0x00000aa8 lw a3, 4(s0) | a3 = *((s0 + 1));
0x00000aac lw a1, 0x24(sp) | a1 = *(var_24h);
0x00000ab0 lw t9, -0x7fa4(gp) | t9 = sym.imp.__strcpy_chk;
0x00000ab4 sw a3, 4(s4) | *((s4 + 1)) = a3;
0x00000ab8 addiu a2, zero, 0x10c | a2 = 0x10c;
0x00000abc move a0, s3 | a0 = s3;
0x00000ac0 sw s7, (s4) | *(s4) = s7;
0x00000ac4 sb s5, (v0) | *(v0) = s5;
0x00000ac8 jalr t9 | t9 ();
0x00000acc lw gp, 0x18(sp) | gp = *(var_18h);
0x00000ad0 lw t9, -0x7f7c(gp) | t9 = sym.imp.unlink;
0x00000ad4 move a0, s4 | a0 = s4;
0x00000ad8 jalr t9 | t9 ();
0x00000adc addiu v1, zero, -1 | v1 = -1;
0x00000ae0 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == v1) {
0x00000ae4 beq v0, v1, 0xb00 | goto label_4;
| }
0x00000ae8 slt v0, s2, s1 | v0 = (s2 < s1) ? 1 : 0;
0x00000aec addiu t2, s2, 1 | t2 = s2 + 1;
0x00000af0 bnez v0, 0xa78 |
| }
0x00000af4 lw t9, -0x7f90(gp) | t9 = sym.imp.exit;
0x00000af8 move a0, zero | a0 = 0;
0x00000afc jalr t9 | t9 ();
| label_4:
0x00000b00 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00000b04 lw t9, -0x7f84(gp) | t9 = sym.imp.perror;
0x00000b08 addiu a0, a0, 0xea8 | a0 += str.unlink;
0x00000b0c b 0xa28 | goto label_0;
| }
[*] Function sprintf used 3 times mklost+found
