[*] Binary protection state of image2d
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of image2d
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/image2d @ 0x15dde0 */
| #include <stdint.h>
|
; (fcn) sym.datacache_general_create_cache () | void datacache_general_create_cache () {
0x0015dde0 lui gp, 0xf |
0x0015dde4 addiu gp, gp, 0x14f0 |
0x0015dde8 addu gp, gp, t9 | gp += t9;
0x0015ddec addiu sp, sp, -0x50 |
0x0015ddf0 lw t9, -0x5f2c(gp) | t9 = sym.imp.__strcpy_chk
0x0015ddf4 sw s2, 0x48(sp) | *(var_48h_3) = s2;
0x0015ddf8 lw s2, -0x5f08(gp) | s2 = *((gp - 6082));
0x0015ddfc addiu v1, sp, 0x20 | v1 = sp + 0x20;
0x0015de00 sw gp, 0x10(sp) | *(var_10h_8) = gp;
0x0015de04 lw v0, (s2) | v0 = *(s2);
0x0015de08 sw s0, 0x40(sp) | *(var_40h_3) = s0;
0x0015de0c sw a2, 0x34(sp) | *(var_34h_6) = a2;
0x0015de10 move s0, a0 | s0 = a0;
0x0015de14 sw ra, 0x4c(sp) | *(var_4ch_3) = ra;
0x0015de18 move a0, v1 | a0 = v1;
0x0015de1c sw s1, 0x44(sp) | *(var_44h_4) = s1;
0x0015de20 sw zero, 0x20(sp) | *(var_20h_6) = 0;
0x0015de24 sw zero, 0x24(sp) | *(var_24h_7) = 0;
0x0015de28 sw zero, 0x28(sp) | *(var_28h_7) = 0;
0x0015de2c sw zero, 0x2c(sp) | *(var_2ch_6) = 0;
0x0015de30 sw zero, 0x30(sp) | *(var_30h_5) = 0;
0x0015de34 addiu a2, zero, 0x14 | a2 = 0x14;
0x0015de38 sw v0, 0x3c(sp) | *(var_3ch_3) = v0;
0x0015de3c sw a3, 0x38(sp) | *(var_38h_2) = a3;
0x0015de40 jalr t9 | t9 ();
0x0015de44 nop |
0x0015de48 move v1, v0 | v1 = v0;
0x0015de4c lw v0, 8(s0) | v0 = *((s0 + 2));
0x0015de50 lw gp, 0x10(sp) | gp = *(var_10h_8);
| if (v0 < 0) {
0x0015de54 bltz v0, 0x15df24 | goto label_1;
| }
0x0015de58 lw a0, 4(s0) | a0 = *((s0 + 1));
0x0015de5c lw t9, 0x14(a0) | t9 = *((a0 + 5));
0x0015de60 lui a2, 0x401c | a2 = 0x401c0000;
| if (t9 == 0) {
0x0015de64 beqz t9, 0x15dee0 | goto label_2;
| }
0x0015de68 move a3, v1 | a3 = v1;
0x0015de6c addiu a2, a2, 0x2b04 | a2 += 0x2b04;
0x0015de70 move a1, v0 | a1 = v0;
0x0015de74 jalr t9 | t9 ();
0x0015de78 lw gp, 0x10(sp) | gp = *(var_10h_8);
0x0015de7c move s1, v0 | s1 = v0;
| if (s1 >= 0) {
| do {
0x0015de80 bltzl s1, 0x15deb8 |
0x0015de84 addiu s1, zero, -4 | s1 = -4;
0x0015de88 lw a0, 4(s0) | a0 = *((s0 + 1));
0x0015de8c sw s1, 0x18(sp) | *(var_18h_4) = s1;
0x0015de90 sw zero, 0x1c(sp) | *(var_1ch_7) = 0;
0x0015de94 lw t9, 0x14(a0) | t9 = *((a0 + 5));
0x0015de98 lw v0, 8(s0) | v0 = *((s0 + 2));
| if (t9 == 0) {
0x0015de9c beqz t9, 0x15df04 | goto label_3;
| }
0x0015dea0 lui a2, 0x4008 | a2 = imp.g_str_equal;
0x0015dea4 addiu a3, sp, 0x18 | a3 = sp + 0x18;
0x0015dea8 addiu a2, a2, 0x2b09 | a2 += 0x2b09;
0x0015deac move a1, v0 | a1 = v0;
0x0015deb0 jalr t9 | t9 ();
0x0015deb4 lw gp, 0x10(sp) | gp = *(var_10h_8);
| }
| label_0:
0x0015deb8 lw a0, 0x3c(sp) | a0 = *(var_3ch_3);
0x0015debc lw v1, (s2) | v1 = *(s2);
0x0015dec0 move v0, s1 | v0 = s1;
| if (a0 != v1) {
0x0015dec4 bne a0, v1, 0x15df48 | goto label_4;
| }
0x0015dec8 lw ra, 0x4c(sp) | ra = *(var_4ch_3);
0x0015decc lw s2, 0x48(sp) | s2 = *(var_48h_3);
0x0015ded0 lw s1, 0x44(sp) | s1 = *(var_44h_4);
0x0015ded4 lw s0, 0x40(sp) | s0 = *(var_40h_3);
0x0015ded8 addiu sp, sp, 0x50 |
0x0015dedc jr ra | return v0;
| label_2:
0x0015dee0 lw t9, -0x5e00(gp) | t9 = sym.imp.ioctl;
0x0015dee4 lui a1, 0x401c | a1 = 0x401c0000;
0x0015dee8 move a2, v1 | a2 = v1;
0x0015deec addiu a1, a1, 0x2b04 | a1 += 0x2b04;
0x0015def0 move a0, v0 | a0 = v0;
0x0015def4 jalr t9 | t9 ();
0x0015def8 move s1, v0 | s1 = v0;
0x0015defc lw gp, 0x10(sp) | gp = *(var_10h_8);
0x0015df00 b 0x15de80 |
| } while (1);
| label_3:
0x0015df04 lw t9, -0x5e00(gp) | t9 = sym.imp.ioctl;
0x0015df08 lui a1, 0x4008 | a1 = imp.g_str_equal;
0x0015df0c addiu a2, sp, 0x18 | a2 = sp + 0x18;
0x0015df10 addiu a1, a1, 0x2b09 | a1 += 0x2b09;
0x0015df14 move a0, v0 | a0 = v0;
0x0015df18 jalr t9 | t9 ();
0x0015df1c lw gp, 0x10(sp) | gp = *(var_10h_8);
0x0015df20 b 0x15deb8 | goto label_0;
| label_1:
0x0015df24 lw a2, -0x7e54(gp) | a2 = *(gp);
0x0015df28 lw t9, -0x7f7c(gp) | t9 = sym.debug_output;
| /* str.invalid_fd__n */
0x0015df2c addiu a2, a2, 0x190 | a2 += aav.0x00000190;
0x0015df30 move a1, zero | a1 = 0;
0x0015df34 addiu a0, zero, 4 | a0 = 4;
0x0015df38 jalr t9 | t9 ();
0x0015df3c addiu s1, zero, -4 | s1 = -4;
0x0015df40 lw gp, 0x10(sp) | gp = *(var_10h_8);
0x0015df44 b 0x15deb8 | goto label_0;
| label_4:
0x0015df48 lw t9, -0x5fc0(gp) | t9 = sym.imp.__stack_chk_fail;
0x0015df4c jalr t9 | t9 ();
0x0015df50 nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/image2d @ 0x15dcdc */
| #include <stdint.h>
|
; (fcn) sym.datacache_general_register_cache () | void datacache_general_register_cache () {
0x0015dcdc lui gp, 0xf |
0x0015dce0 addiu gp, gp, 0x15f4 |
0x0015dce4 addu gp, gp, t9 | gp += t9;
0x0015dce8 addiu sp, sp, -0x48 |
0x0015dcec lw t9, -0x5f2c(gp) | t9 = sym.imp.__strcpy_chk
0x0015dcf0 sw s0, 0x3c(sp) | *(var_3ch_2) = s0;
0x0015dcf4 lw s0, -0x5f08(gp) | s0 = *((gp - 6082));
0x0015dcf8 addiu a3, sp, 0x18 | a3 = sp + 0x18;
0x0015dcfc sw gp, 0x10(sp) | *(var_10h_7) = gp;
0x0015dd00 lw v0, (s0) | v0 = *(s0);
0x0015dd04 sw s1, 0x40(sp) | *(var_40h_2) = s1;
0x0015dd08 sw ra, 0x44(sp) | *(var_44h_3) = ra;
0x0015dd0c move s1, a0 | s1 = a0;
0x0015dd10 addiu a2, zero, 0x14 | a2 = 0x14;
0x0015dd14 move a0, a3 | a0 = a3;
0x0015dd18 sw v0, 0x34(sp) | *(var_34h_5) = v0;
0x0015dd1c sw zero, 0x18(sp) | *(var_18h_3) = 0;
0x0015dd20 sw zero, 0x1c(sp) | *(var_1ch_5) = 0;
0x0015dd24 sw zero, 0x20(sp) | *(var_20h_5) = 0;
0x0015dd28 sw zero, 0x24(sp) | *(var_24h_6) = 0;
0x0015dd2c sw zero, 0x28(sp) | *(var_28h_6) = 0;
0x0015dd30 sw zero, 0x2c(sp) | *(var_2ch_5) = 0;
0x0015dd34 sw zero, 0x30(sp) | *(var_30h_4) = 0;
0x0015dd38 jalr t9 | t9 ();
0x0015dd3c nop |
0x0015dd40 move a3, v0 | a3 = v0;
0x0015dd44 lw v0, 8(s1) | v0 = *((s1 + 2));
0x0015dd48 lw gp, 0x10(sp) | gp = *(var_10h_7);
| if (v0 < 0) {
0x0015dd4c bltz v0, 0x15ddb0 | goto label_1;
| }
0x0015dd50 lw a0, 4(s1) | a0 = *((s1 + 1));
0x0015dd54 lw t9, 0x14(a0) | t9 = *((a0 + 5));
0x0015dd58 lui a2, 0x401c | a2 = 0x401c0000;
| if (t9 == 0) {
0x0015dd5c beqz t9, 0x15dd90 | goto label_2;
| }
0x0015dd60 addiu a2, a2, 0x2b00 | a2 += 0x2b00;
0x0015dd64 move a1, v0 | a1 = v0;
0x0015dd68 jalr t9 | t9 ();
0x0015dd6c lw gp, 0x10(sp) | gp = *(var_10h_7);
| do {
| label_0:
0x0015dd70 lw a0, 0x34(sp) | a0 = *(var_34h_5);
0x0015dd74 lw v1, (s0) | v1 = *(s0);
0x0015dd78 lw ra, 0x44(sp) | ra = *(var_44h_3);
| if (a0 != v1) {
0x0015dd7c bne a0, v1, 0x15ddd4 | goto label_3;
| }
0x0015dd80 lw s1, 0x40(sp) | s1 = *(var_40h_2);
0x0015dd84 lw s0, 0x3c(sp) | s0 = *(var_3ch_2);
0x0015dd88 addiu sp, sp, 0x48 |
0x0015dd8c jr ra | return v0;
| label_2:
0x0015dd90 lw t9, -0x5e00(gp) | t9 = sym.imp.ioctl;
0x0015dd94 lui a1, 0x401c | a1 = 0x401c0000;
0x0015dd98 move a2, a3 | a2 = a3;
0x0015dd9c addiu a1, a1, 0x2b00 | a1 += 0x2b00;
0x0015dda0 move a0, v0 | a0 = v0;
0x0015dda4 jalr t9 | t9 ();
0x0015dda8 lw gp, 0x10(sp) | gp = *(var_10h_7);
0x0015ddac b 0x15dd70 |
| } while (1);
| label_1:
0x0015ddb0 lw a2, -0x7e54(gp) | a2 = *(gp);
0x0015ddb4 lw t9, -0x7f7c(gp) | t9 = sym.debug_output;
| /* str.invalid_fd__n */
0x0015ddb8 addiu a2, a2, 0x190 | a2 += aav.0x00000190;
0x0015ddbc move a1, zero | a1 = 0;
0x0015ddc0 addiu a0, zero, 4 | a0 = 4;
0x0015ddc4 jalr t9 | t9 ();
0x0015ddc8 lw gp, 0x10(sp) | gp = *(var_10h_7);
0x0015ddcc addiu v0, zero, -4 | v0 = -4;
0x0015ddd0 b 0x15dd70 | goto label_0;
| label_3:
0x0015ddd4 lw t9, -0x5fc0(gp) | t9 = sym.imp.__stack_chk_fail;
0x0015ddd8 jalr t9 | t9 ();
0x0015dddc nop |
| }
[*] Function strcpy used 3 times image2d
