[*] Binary protection state of openssl
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of openssl
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/openssl @ 0x6d00c */
| #include <stdint.h>
|
; (fcn) sym.opt_help () | void opt_help () {
0x0006d00c lui gp, 4 |
0x0006d010 addiu gp, gp, 0x72a4 |
0x0006d014 addu gp, gp, t9 | gp += t9;
0x0006d018 lw v0, -0x7300(gp) | v0 = *(gp);
0x0006d01c addiu sp, sp, -0xa8 |
0x0006d020 sw s5, 0x94(sp) | *(var_94h) = s5;
0x0006d024 sw v0, 0x24(sp) | *(var_24h) = v0;
0x0006d028 lw s5, (a0) | s5 = *(a0);
0x0006d02c lw v0, (v0) | v0 = *(v0);
0x0006d030 sw gp, 0x10(sp) | *(var_10h) = gp;
0x0006d034 sw s0, 0x80(sp) | *(var_80h) = s0;
0x0006d038 sw ra, 0xa4(sp) | *(var_a4h) = ra;
0x0006d03c sw fp, 0xa0(sp) | *(var_a0h) = fp;
0x0006d040 sw s7, 0x9c(sp) | *(var_9ch) = s7;
0x0006d044 sw s6, 0x98(sp) | *(var_98h) = s6;
0x0006d048 sw s4, 0x90(sp) | *(var_90h) = s4;
0x0006d04c sw s3, 0x8c(sp) | *(var_8ch) = s3;
0x0006d050 sw s2, 0x88(sp) | *(var_88h) = s2;
0x0006d054 sw s1, 0x84(sp) | *(var_84h) = s1;
0x0006d058 move s0, a0 | s0 = a0;
0x0006d05c sw v0, 0x7c(sp) | *(var_7ch) = v0;
0x0006d060 lw s6, -0x7ca8(gp) | s6 = *(gp);
| if (s5 == 0) {
0x0006d064 beqz s5, 0x6d228 | goto label_6;
| }
0x0006d068 lw s2, -0x7fa4(gp) | s2 = *(gp);
0x0006d06c move s1, a0 | s1 = a0;
0x0006d070 addiu s3, zero, 5 | s3 = 5;
0x0006d074 move a0, s5 | a0 = s5;
0x0006d078 addiu s4, zero, 0x2d | s4 = 0x2d;
| /* fcn.0006b820 */
0x0006d07c addiu s6, s6, -0x47e0 | s6 += -0x47e0;
| do {
0x0006d080 lw t9, -0x716c(gp) | t9 = sym.imp.strlen;
| if (a0 != s2) {
0x0006d084 beq a0, s2, 0x6d0dc |
0x0006d088 jalr t9 | t9 ();
0x0006d08c nop |
0x0006d090 lw a0, 8(s1) | a0 = *((s1 + 2));
0x0006d094 move s7, v0 | s7 = v0;
0x0006d098 lw gp, 0x10(sp) | gp = *(var_10h);
0x0006d09c addiu v0, v0, 2 | v0 += 2;
| if (a0 != s4) {
0x0006d0a0 beq a0, s4, 0x6d0c8 |
0x0006d0a4 move t9, s6 | t9 = s6;
0x0006d0a8 addiu s7, s7, 3 | s7 += 3;
0x0006d0ac bal 0x6b820 | fcn_0006b820 ();
0x0006d0b0 lw gp, 0x10(sp) | gp = *(var_10h);
0x0006d0b4 lw t9, -0x716c(gp) | t9 = sym.imp.strlen;
0x0006d0b8 move a0, v0 | a0 = v0;
0x0006d0bc jalr t9 | t9 ();
0x0006d0c0 lw gp, 0x10(sp) | gp = *(var_10h);
0x0006d0c4 addu v0, s7, v0 | v0 = s7 + v0;
| }
0x0006d0c8 slti v1, v0, 0x1e | v1 = (v0 < 0x1e) ? 1 : 0;
| if (v1 == 0) {
0x0006d0cc beql v1, zero, 0x6d0e0 | goto label_7;
| }
0x0006d0d0 addiu s1, s1, 0x10 | s1 += 0x10;
0x0006d0d4 slt v1, s3, v0 | v1 = (s3 < v0) ? 1 : 0;
| if (v1 != 0) {
0x0006d0d8 movn s3, v0, v1 | s3 = v0;
| goto label_8;
| }
| }
| label_8:
0x0006d0dc addiu s1, s1, 0x10 | s1 += 0x10;
| label_7:
0x0006d0e0 lw a0, (s1) | a0 = *(s1);
0x0006d0e4 bnez a0, 0x6d080 |
| } while (a0 != 0);
0x0006d0e8 nop |
0x0006d0ec lw s6, -0x7fa8(gp) | s6 = *(gp);
0x0006d0f0 lw s4, -0x7fcc(gp) | s4 = *(gp);
| if (s5 != s6) {
0x0006d0f4 bne s5, s6, 0x6d22c | goto label_9;
| }
0x0006d0f8 move v0, s6 | v0 = s6;
| label_2:
0x0006d0fc lw v1, -0x7f9c(gp) | v1 = *((gp - 8167));
0x0006d100 lw s5, -0x7fd0(gp) | s5 = *((gp - 8180));
0x0006d104 sw v1, 0x20(sp) | *(var_20h) = v1;
0x0006d108 lw v1, -0x7fd4(gp) | v1 = *(gp);
0x0006d10c lw s7, -0x7fd0(gp) | s7 = *((gp - 8180));
| /* esilref: '&s
' */
0x0006d110 addiu v1, v1, -0x7400 | v1 += -0x7400;
0x0006d114 sw v1, 0x1c(sp) | *(var_1ch) = v1;
0x0006d118 lw v1, -0x7ca8(gp) | v1 = *(gp);
| /* str._No_additional_info_ */
0x0006d11c addiu s5, s5, -0x22d8 | s5 += -0x22d8;
| /* fcn.0006b820 */
0x0006d120 addiu v1, v1, -0x47e0 | v1 += -0x47e0;
0x0006d124 sw v1, 0x18(sp) | *(var_18h) = v1;
0x0006d128 b 0x6d1c0 | goto label_10;
| label_0:
0x0006d12c addiu s1, sp, 0x2b | s1 = sp + 0x2b;
| label_3:
0x0006d130 addiu v1, zero, 0x20 | v1 = 0x20;
0x0006d134 sb v1, (s1) | *(s1) = v1;
0x0006d138 lw a0, 8(s0) | a0 = *((s0 + 2));
0x0006d13c lw t9, 0x18(sp) | t9 = *(var_18h);
0x0006d140 addiu s1, s1, 1 | s1++;
0x0006d144 jalr t9 | t9 ();
0x0006d148 lw gp, 0x10(sp) | gp = *(var_10h);
0x0006d14c move a0, s1 | a0 = s1;
0x0006d150 lw t9, -0x729c(gp) | t9 = sym.imp.strcpy
0x0006d154 move a1, v0 | a1 = v0;
0x0006d158 jalr t9 | t9 ();
0x0006d15c lw gp, 0x10(sp) | gp = *(var_10h);
0x0006d160 lw t9, -0x716c(gp) | t9 = sym.imp.strlen;
0x0006d164 move a0, s1 | a0 = s1;
0x0006d168 jalr t9 | t9 ();
0x0006d16c addu s1, s1, v0 | s1 += v0;
0x0006d170 subu v1, s1, s2 | __asm ("subu v1, s1, s2");
0x0006d174 slti v1, v1, 0x1e | v1 = (v1 < 0x1e) ? 1 : 0;
0x0006d178 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v1 == 0) {
0x0006d17c beqz v1, 0x6d2e8 | goto label_11;
| }
0x0006d180 addiu v1, zero, 0x20 | v1 = 0x20;
| label_4:
0x0006d184 sb v1, (s1) | *(s1) = v1;
| do {
| label_1:
0x0006d188 addiu v0, sp, 0x80 | v0 = sp + 0x80;
0x0006d18c addu v0, v0, s3 | v0 += s3;
0x0006d190 lw t9, -0x6834(gp) | t9 = sym.imp.BIO_printf;
0x0006d194 lw a0, (s4) | a0 = *(s4);
0x0006d198 move a3, fp | a3 = fp;
0x0006d19c move a2, s2 | a2 = s2;
| /* str._s___s_n */
0x0006d1a0 addiu a1, s7, -0x2298 | a1 = s7 + -0x2298;
0x0006d1a4 sb zero, -0x58(v0) | *((v0 - 88)) = 0;
0x0006d1a8 jalr t9 | t9 ();
0x0006d1ac lw gp, 0x10(sp) | gp = *(var_10h);
| label_5:
0x0006d1b0 addiu s0, s0, 0x10 | s0 += 0x10;
0x0006d1b4 lw v0, (s0) | v0 = *(s0);
| if (v0 == 0) {
0x0006d1b8 beql v0, zero, 0x6d264 | goto label_12;
| }
0x0006d1bc lw v0, 0x24(sp) | v0 = *(var_24h);
| label_10:
0x0006d1c0 lw fp, 0xc(s0) | fp = *((s0 + 3));
| if (fp != 0) {
0x0006d1c4 movz fp, s5, fp | fp = s5;
| }
| if (v0 == s6) {
0x0006d1c8 beq v0, s6, 0x6d320 | goto label_13;
| }
0x0006d1cc lw t9, -0x6c50(gp) | t9 = sym.imp.memset;
0x0006d1d0 addiu s2, sp, 0x28 | s2 = sp + 0x28;
0x0006d1d4 addiu a1, zero, 0x20 | a1 = 0x20;
0x0006d1d8 addiu a2, zero, 0x50 | a2 = 0x50;
0x0006d1dc move a0, s2 | a0 = s2;
0x0006d1e0 jalr t9 | t9 ();
0x0006d1e4 lw gp, 0x10(sp) | gp = *(var_10h);
0x0006d1e8 lw a1, (s0) | a1 = *(s0);
0x0006d1ec lw v0, -0x7fa4(gp) | v0 = *(gp);
0x0006d1f0 sb zero, 0x78(sp) | *(var_78h) = 0;
0x0006d1f4 beq a1, v0, 0x6d188 |
| } while (a1 == v0);
0x0006d1f8 addiu v0, zero, 0x2d20 | v0 = 0x2d20;
0x0006d1fc sh v0, 0x28(sp) | *(var_28h) = v0;
0x0006d200 lb v0, (a1) | v0 = *(a1);
0x0006d204 addiu v0, zero, 0x2d | v0 = 0x2d;
| if (v0 != 0) {
0x0006d208 bnez v0, 0x6d2a0 | goto label_14;
| }
0x0006d20c lw v1, 8(s0) | v1 = *((s0 + 2));
0x0006d210 addiu a0, zero, 0x2a | a0 = 0x2a;
0x0006d214 sb a0, 0x2a(sp) | *(var_2ah) = a0;
| if (v1 != v0) {
0x0006d218 bne v1, v0, 0x6d12c | goto label_0;
| }
0x0006d21c addiu v0, zero, 0x20 | v0 = 0x20;
0x0006d220 sb v0, 0x2b(sp) | *(var_2bh) = v0;
0x0006d224 b 0x6d188 | goto label_1;
| label_6:
0x0006d228 addiu s3, zero, 5 | s3 = 5;
| label_9:
0x0006d22c lw s4, -0x7fcc(gp) | s4 = *(gp);
0x0006d230 lw a2, -0x7f9c(gp) | a2 = *((gp - 8167));
0x0006d234 lw a1, -0x7fd0(gp) | a1 = *((gp - 8180));
0x0006d238 lw t9, -0x6834(gp) | t9 = sym.imp.BIO_printf;
0x0006d23c lw a0, (s4) | a0 = *(s4);
0x0006d240 addiu a2, a2, -0x1000 | a2 += -aav.0x00001000;
| /* str.Usage:__s__options__nValid_options_are:_n */
0x0006d244 addiu a1, a1, -0x22c0 | a1 += -0x22c0;
0x0006d248 jalr t9 | t9 ();
0x0006d24c lw v0, (s0) | v0 = *(s0);
0x0006d250 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 != 0) {
0x0006d254 beqz v0, 0x6d260 |
0x0006d258 lw s6, -0x7fa8(gp) | s6 = *(gp);
0x0006d25c b 0x6d0fc | goto label_2;
| }
0x0006d260 lw v0, 0x24(sp) | v0 = *(var_24h);
| label_12:
0x0006d264 lw v1, 0x7c(sp) | v1 = *(var_7ch);
0x0006d268 lw v0, (v0) | v0 = *(v0);
0x0006d26c lw ra, 0xa4(sp) | ra = *(var_a4h);
| if (v1 != v0) {
0x0006d270 bne v1, v0, 0x6d340 | goto label_15;
| }
0x0006d274 lw fp, 0xa0(sp) | fp = *(var_a0h);
0x0006d278 lw s7, 0x9c(sp) | s7 = *(var_9ch);
0x0006d27c lw s6, 0x98(sp) | s6 = *(var_98h);
0x0006d280 lw s5, 0x94(sp) | s5 = *(var_94h);
0x0006d284 lw s4, 0x90(sp) | s4 = *(var_90h);
0x0006d288 lw s3, 0x8c(sp) | s3 = *(var_8ch);
0x0006d28c lw s2, 0x88(sp) | s2 = *(var_88h);
0x0006d290 lw s1, 0x84(sp) | s1 = *(var_84h);
0x0006d294 lw s0, 0x80(sp) | s0 = *(var_80h);
0x0006d298 addiu sp, sp, 0xa8 |
0x0006d29c jr ra | return v0;
| label_14:
0x0006d2a0 lw t9, -0x7398(gp) | t9 = sym.imp.__strcpy_chk
0x0006d2a4 addiu s1, sp, 0x2a | s1 = sp + 0x2a;
0x0006d2a8 move a0, s1 | a0 = s1;
0x0006d2ac addiu a2, zero, 0x4f | a2 = 0x4f;
0x0006d2b0 jalr t9 | t9 ();
0x0006d2b4 lw gp, 0x10(sp) | gp = *(var_10h);
0x0006d2b8 lw t9, -0x716c(gp) | t9 = sym.imp.strlen;
0x0006d2bc move a0, s1 | a0 = s1;
0x0006d2c0 jalr t9 | t9 ();
0x0006d2c4 lw a0, 8(s0) | a0 = *((s0 + 2));
0x0006d2c8 addiu v1, zero, 0x2d | v1 = 0x2d;
0x0006d2cc lw gp, 0x10(sp) | gp = *(var_10h);
0x0006d2d0 addu s1, s1, v0 | s1 += v0;
| if (a0 != v1) {
0x0006d2d4 bne a0, v1, 0x6d130 | goto label_3;
| }
0x0006d2d8 subu v1, s1, s2 | __asm ("subu v1, s1, s2");
0x0006d2dc slti v1, v1, 0x1e | v1 = (v1 < 0x1e) ? 1 : 0;
0x0006d2e0 addiu v1, zero, 0x20 | v1 = 0x20;
| if (v1 != 0) {
0x0006d2e4 bnez v1, 0x6d184 | goto label_4;
| }
| label_11:
0x0006d2e8 sb zero, (s1) | *(s1) = 0;
0x0006d2ec lw t9, -0x6834(gp) | t9 = sym.imp.BIO_printf;
0x0006d2f0 lw a0, (s4) | a0 = *(s4);
0x0006d2f4 lw a1, 0x1c(sp) | a1 = *(var_1ch);
0x0006d2f8 move a2, s2 | a2 = s2;
0x0006d2fc jalr t9 | t9 ();
0x0006d300 lw gp, 0x10(sp) | gp = *(var_10h);
0x0006d304 addiu a2, zero, 0x51 | a2 = 0x51;
0x0006d308 addiu a1, zero, 0x20 | a1 = 0x20;
0x0006d30c lw t9, -0x6c50(gp) | t9 = sym.imp.memset;
0x0006d310 move a0, s2 | a0 = s2;
0x0006d314 jalr t9 | t9 ();
0x0006d318 lw gp, 0x10(sp) | gp = *(var_10h);
0x0006d31c b 0x6d188 | goto label_1;
| label_13:
0x0006d320 lw v0, 0x20(sp) | v0 = *(var_20h);
0x0006d324 lw t9, -0x6834(gp) | t9 = sym.imp.BIO_printf;
0x0006d328 lw a0, (s4) | a0 = *(s4);
0x0006d32c addiu a2, v0, -0x1000 | a2 = v0 + -aav.0x00001000;
0x0006d330 move a1, fp | a1 = fp;
0x0006d334 jalr t9 | t9 ();
0x0006d338 lw gp, 0x10(sp) | gp = *(var_10h);
0x0006d33c b 0x6d1b0 | goto label_5;
| label_15:
0x0006d340 lw t9, -0x7590(gp) | t9 = sym.imp.__stack_chk_fail;
0x0006d344 jalr t9 | t9 ();
0x0006d348 nop |
0x0006d34c nop |
| }
[*] Function strcpy used 3 times openssl
