[*] Binary protection state of bootversion
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of bootversion
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/bootversion @ 0x7f0 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
| /* [13] -r-x section size 1312 named .text */
0x000007f0 lui gp, 2 |
0x000007f4 addiu gp, gp, -0x77e0 |
0x000007f8 addu gp, gp, t9 | gp += t9;
0x000007fc lw v0, -0x7f88(gp) | v0 = *((gp - 8162));
0x00000800 addiu sp, sp, -0x448 |
0x00000804 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00000808 lw v0, (v0) | v0 = *(v0);
0x0000080c lw t9, -0x7f98(gp) | t9 = sym.imp.open;
0x00000810 move a1, zero | a1 = 0;
0x00000814 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00000818 sw ra, 0x444(sp) | *(var_444h) = ra;
0x0000081c sw s7, 0x440(sp) | *(var_440h) = s7;
0x00000820 sw s6, 0x43c(sp) | *(var_43ch) = s6;
0x00000824 sw s5, 0x438(sp) | *(var_438h) = s5;
0x00000828 sw s4, 0x434(sp) | *(var_434h) = s4;
0x0000082c sw s3, 0x430(sp) | *(var_430h) = s3;
0x00000830 sw s2, 0x42c(sp) | *(var_42ch) = s2;
0x00000834 sw s1, 0x428(sp) | *(var_428h) = s1;
0x00000838 sw s0, 0x424(sp) | *(var_424h) = s0;
0x0000083c addiu a0, a0, 0xe00 | a0 += str._sys_firmware_devicetree_base_firmware_axisboot_version;
0x00000840 sw v0, 0x41c(sp) | *(var_41ch) = v0;
0x00000844 jalr t9 | t9 ();
0x00000848 nop |
0x0000084c lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 < 0) {
0x00000850 bltz v0, 0x900 | goto label_6;
| }
0x00000854 lw t9, -0x7f7c(gp) | t9 = sym.imp.read;
0x00000858 addiu s2, sp, 0x1c | s2 = sp + 0x1c;
0x0000085c addiu a2, zero, 0x80 | a2 = 0x80;
0x00000860 move a1, s2 | a1 = s2;
0x00000864 move a0, v0 | a0 = v0;
0x00000868 move s0, v0 | s0 = v0;
0x0000086c jalr t9 | t9 ();
0x00000870 move s1, v0 | s1 = v0;
0x00000874 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 > 0) {
0x00000878 bgtz v0, 0x8b8 | goto label_7;
| }
0x0000087c lw v0, -0x7f84(gp) | v0 = *((gp - 8161));
0x00000880 lw s0, (v0) | s0 = *(v0);
| if (s1 != 0) {
0x00000884 bnez s1, 0xa64 | goto label_8;
| }
0x00000888 lw a3, -0x7fdc(gp) | a3 = *((gp - 8183));
0x0000088c addiu a3, a3, 0xdf8 | a3 += str.No_data;
| label_3:
0x00000890 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00000894 lw t9, -0x7fac(gp) | t9 = sym.imp.__fprintf_chk
0x00000898 move a0, s0 | a0 = s0;
0x0000089c addiu a2, a2, 0xe38 | a2 += str.Failed_to_read_bootloader_version_from_device_tree:__s_n;
| do {
0x000008a0 addiu a1, zero, 1 | a1 = 1;
0x000008a4 jalr t9 | t9 ();
0x000008a8 lw gp, 0x10(sp) | gp = *(var_10h);
0x000008ac lw t9, -0x7f94(gp) | t9 = sym.imp.exit;
0x000008b0 addiu a0, zero, 1 | a0 = 1;
0x000008b4 jalr t9 | t9 ();
| label_7:
0x000008b8 lw t9, -0x7fb4(gp) | t9 = sym.imp.close;
0x000008bc move a0, s0 | a0 = s0;
0x000008c0 jalr t9 | t9 ();
0x000008c4 lw gp, 0x10(sp) | gp = *(var_10h);
0x000008c8 addiu v0, sp, 0x420 | v0 = sp + 0x420;
0x000008cc addu v0, v0, s1 | v0 += s1;
0x000008d0 addiu v1, zero, 0xa | v1 = 0xa;
0x000008d4 lw t9, -0x7fa4(gp) | t9 = sym.imp.write;
0x000008d8 addiu a0, zero, 1 | a0 = 1;
0x000008dc move a2, s1 | a2 = s1;
0x000008e0 move a1, s2 | a1 = s2;
0x000008e4 sb v1, -0x405(v0) | *((v0 - 1029)) = v1;
| label_2:
0x000008e8 jalr t9 | t9 ();
0x000008ec nop |
0x000008f0 lw gp, 0x10(sp) | gp = *(var_10h);
0x000008f4 lw t9, -0x7f94(gp) | t9 = sym.imp.exit;
0x000008f8 move a0, zero | a0 = 0;
0x000008fc jalr t9 | t9 ();
| label_6:
0x00000900 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00000904 lw t9, -0x7f98(gp) | t9 = sym.imp.open;
0x00000908 move a1, zero | a1 = 0;
0x0000090c addiu a0, a0, 0xe70 | a0 += str._proc_cmdline;
0x00000910 jalr t9 | t9 ();
0x00000914 move s0, v0 | s0 = v0;
0x00000918 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 < 0) {
0x0000091c bltz v0, 0xa38 | goto label_9;
| }
0x00000920 lw t9, -0x7f7c(gp) | t9 = sym.imp.read;
0x00000924 addiu s1, sp, 0x1c | s1 = sp + 0x1c;
0x00000928 addiu a2, zero, 0x400 | a2 = 0x400;
0x0000092c move a1, s1 | a1 = s1;
0x00000930 move a0, v0 | a0 = v0;
0x00000934 jalr t9 | t9 ();
0x00000938 move s2, v0 | s2 = v0;
0x0000093c lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 > 0) {
0x00000940 bgtz v0, 0x96c | goto label_10;
| }
0x00000944 lw v0, -0x7f84(gp) | v0 = *((gp - 8161));
0x00000948 lw s0, (v0) | s0 = *(v0);
| if (s2 != 0) {
0x0000094c bnez s2, 0xa8c | goto label_11;
| }
0x00000950 lw a3, -0x7fdc(gp) | a3 = *((gp - 8183));
0x00000954 addiu a3, a3, 0xdf8 | a3 += str.No_data;
| label_4:
0x00000958 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x0000095c lw t9, -0x7fac(gp) | t9 = sym.imp.__fprintf_chk
0x00000960 move a0, s0 | a0 = s0;
0x00000964 addiu a2, a2, 0xea4 | a2 += str.Failed_to_read_kernel_cmdline:__s_n;
0x00000968 b 0x8a0 |
| } while (1);
| label_10:
0x0000096c lw t9, -0x7fb4(gp) | t9 = sym.imp.close;
0x00000970 lw s3, -0x7fdc(gp) | s3 = *((gp - 8183));
0x00000974 move a0, s0 | a0 = s0;
0x00000978 jalr t9 | t9 ();
0x0000097c lw gp, 0x10(sp) | gp = *(var_10h);
0x00000980 addiu v0, sp, 0x420 | v0 = sp + 0x420;
0x00000984 addu v0, v0, s2 | v0 += s2;
0x00000988 lw t9, -0x7f74(gp) | t9 = sym.imp.strstr;
0x0000098c addiu a1, s3, 0xec8 | a1 = s3 + str.axisboot.version;
0x00000990 move a0, s1 | a0 = s1;
0x00000994 sb zero, -0x405(v0) | *((v0 - 1029)) = 0;
0x00000998 jalr t9 | t9 ();
0x0000099c lw gp, 0x10(sp) | gp = *(var_10h);
0x000009a0 move s0, v0 | s0 = v0;
0x000009a4 addiu s4, zero, 0x3d | s4 = 0x3d;
0x000009a8 addiu s6, zero, 0x22 | s6 = 0x22;
0x000009ac addiu s5, zero, 0x20 | s5 = 0x20;
0x000009b0 addiu s3, s3, 0xec8 | s3 += str.axisboot.version;
| do {
0x000009b4 sltu v0, s1, s0 | v0 = (s1 < s0) ? 1 : 0;
| if (s0 == 0) {
0x000009b8 beqz s0, 0xab4 | goto label_12;
| }
| if (v0 == 0) {
0x000009bc beql v0, zero, 0x9ec | goto label_13;
| }
0x000009c0 lb v0, 0x10(s0) | v0 = *((s0 + 16));
0x000009c4 lb v0, -1(s0) | v0 = *((s0 - 1));
| if (v0 == s5) {
0x000009c8 beql v0, s5, 0x9ec | goto label_13;
| }
0x000009cc lb v0, 0x10(s0) | v0 = *((s0 + 16));
| label_1:
0x000009d0 lw t9, -0x7f74(gp) | t9 = sym.imp.strstr;
| label_0:
0x000009d4 addiu a0, s0, 1 | a0 = s0 + 1;
0x000009d8 move a1, s3 | a1 = s3;
0x000009dc jalr t9 | t9 ();
0x000009e0 move s0, v0 | s0 = v0;
0x000009e4 lw gp, 0x10(sp) | gp = *(var_10h);
0x000009e8 b 0x9b4 |
| } while (1);
| label_13:
0x000009ec lw t9, -0x7f74(gp) | t9 = sym.imp.strstr;
| if (v0 == s4) {
0x000009f0 bnel v0, s4, 0x9d4 | goto label_0;
| }
0x000009f4 lb v0, 0x11(s0) | v0 = *((s0 + 17));
0x000009f8 lw t9, -0x7f9c(gp) | t9 = sym.imp.strchr;
| if (v0 != s6) {
0x000009fc bne v0, s6, 0xacc | goto label_14;
| }
0x00000a00 addiu s7, s0, 0x12 | s7 = s0 + 0x12;
0x00000a04 addiu a1, zero, 0x22 | a1 = 0x22;
0x00000a08 move a0, s7 | a0 = s7;
0x00000a0c jalr t9 | t9 ();
0x00000a10 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x00000a14 beqz v0, 0x9d0 | goto label_1;
| }
| label_5:
0x00000a18 subu a2, v0, s7 | __asm ("subu a2, v0, s7");
0x00000a1c addiu v1, zero, 0xa | v1 = 0xa;
0x00000a20 lw t9, -0x7fa4(gp) | t9 = sym.imp.write;
0x00000a24 addiu a0, zero, 1 | a0 = 1;
0x00000a28 sb v1, (v0) | *(v0) = v1;
0x00000a2c addiu a2, a2, 1 | a2++;
0x00000a30 move a1, s7 | a1 = s7;
0x00000a34 b 0x8e8 | goto label_2;
| label_9:
0x00000a38 lw v0, -0x7f84(gp) | v0 = *((gp - 8161));
0x00000a3c lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00000a40 lw t9, -0x7fac(gp) | t9 = sym.imp.__fprintf_chk
0x00000a44 lw a0, (v0) | a0 = *(v0);
0x00000a48 addiu a2, a2, 0xe80 | a2 += str.Failed_to_open_kernel_cmdline:__m_n;
| do {
0x00000a4c addiu a1, zero, 1 | a1 = 1;
0x00000a50 jalr t9 | t9 ();
0x00000a54 lw gp, 0x10(sp) | gp = *(var_10h);
0x00000a58 lw t9, -0x7f94(gp) | t9 = sym.imp.exit;
0x00000a5c addiu a0, zero, 1 | a0 = 1;
0x00000a60 jalr t9 | t9 ();
| label_8:
0x00000a64 lw t9, -0x7fa8(gp) | t9 = sym.imp.__errno_location;
0x00000a68 jalr t9 | t9 ();
0x00000a6c nop |
0x00000a70 lw gp, 0x10(sp) | gp = *(var_10h);
0x00000a74 lw t9, -0x7f8c(gp) | t9 = sym.imp.strerror;
0x00000a78 lw a0, (v0) | a0 = *(v0);
0x00000a7c jalr t9 | t9 ();
0x00000a80 move a3, v0 | a3 = v0;
0x00000a84 lw gp, 0x10(sp) | gp = *(var_10h);
0x00000a88 b 0x890 | goto label_3;
| label_11:
0x00000a8c lw t9, -0x7fa8(gp) | t9 = sym.imp.__errno_location;
0x00000a90 jalr t9 | t9 ();
0x00000a94 nop |
0x00000a98 lw gp, 0x10(sp) | gp = *(var_10h);
0x00000a9c lw t9, -0x7f8c(gp) | t9 = sym.imp.strerror;
0x00000aa0 lw a0, (v0) | a0 = *(v0);
0x00000aa4 jalr t9 | t9 ();
0x00000aa8 move a3, v0 | a3 = v0;
0x00000aac lw gp, 0x10(sp) | gp = *(var_10h);
0x00000ab0 b 0x958 | goto label_4;
| label_12:
0x00000ab4 lw v0, -0x7f84(gp) | v0 = *((gp - 8161));
0x00000ab8 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00000abc lw t9, -0x7fac(gp) | t9 = sym.imp.__fprintf_chk
0x00000ac0 lw a0, (v0) | a0 = *(v0);
0x00000ac4 addiu a2, a2, 0xedc | a2 += str.Unable_to_retrieve_bootloader_version._n;
0x00000ac8 b 0xa4c |
| } while (1);
| label_14:
0x00000acc addiu s7, s0, 0x11 | s7 = s0 + 0x11;
0x00000ad0 addiu a1, zero, 0x20 | a1 = 0x20;
0x00000ad4 move a0, s7 | a0 = s7;
0x00000ad8 jalr t9 | t9 ();
0x00000adc lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 != 0) {
0x00000ae0 bnez v0, 0xa18 | goto label_5;
| }
0x00000ae4 addiu s2, s2, -1 | s2 += -1;
0x00000ae8 addu v0, s1, s2 | v0 = s1 + s2;
0x00000aec b 0xa18 | goto label_5;
| }
[*] Function fprintf used 5 times bootversion
