[*] Binary protection state of jpeg_snapshot
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of jpeg_snapshot
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/jpeg_snapshot @ 0xc70 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
| /* [13] -r-x section size 2000 named .text */
0x00000c70 lui gp, 2 |
0x00000c74 addiu gp, gp, -0x6c60 |
0x00000c78 addu gp, gp, t9 | gp += t9;
0x00000c7c addiu sp, sp, -0x150 |
0x00000c80 lw t9, -0x7f50(gp) | t9 = sym.imp.memset;
0x00000c84 sw s2, 0x134(sp) | *(var_134h) = s2;
0x00000c88 lw s2, -0x7f88(gp) | s2 = *((gp - 8162));
0x00000c8c sw s0, 0x12c(sp) | *(var_12ch) = s0;
0x00000c90 addiu s0, sp, 0x24 | s0 = sp + 0x24;
0x00000c94 lw v0, (s2) | v0 = *(s2);
0x00000c98 sw gp, 0x18(sp) | *(var_18h) = gp;
0x00000c9c sw s3, 0x138(sp) | *(var_138h) = s3;
0x00000ca0 sw s1, 0x130(sp) | *(var_130h) = s1;
0x00000ca4 sw ra, 0x14c(sp) | *(var_14ch) = ra;
0x00000ca8 sw s7, 0x148(sp) | *(var_148h) = s7;
0x00000cac sw s6, 0x144(sp) | *(var_144h) = s6;
0x00000cb0 sw s5, 0x140(sp) | *(var_140h) = s5;
0x00000cb4 sw s4, 0x13c(sp) | *(var_13ch) = s4;
0x00000cb8 move s1, a0 | s1 = a0;
0x00000cbc move s3, a1 | s3 = a1;
0x00000cc0 addiu a2, zero, 0x100 | a2 = 0x100;
0x00000cc4 move a1, zero | a1 = 0;
0x00000cc8 move a0, s0 | a0 = s0;
0x00000ccc sw v0, 0x124(sp) | *(var_124h) = v0;
0x00000cd0 jalr t9 | t9 ();
0x00000cd4 nop |
0x00000cd8 addiu v0, zero, 2 | v0 = 2;
0x00000cdc lw gp, 0x18(sp) | gp = *(var_18h);
| if (s1 == v0) {
0x00000ce0 beq s1, v0, 0xe30 | goto label_2;
| }
0x00000ce4 lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00000ce8 lw t9, -0x7f44(gp) | t9 = sym.imp.strncpy;
0x00000cec addiu a2, zero, 0x100 | a2 = 0x100;
0x00000cf0 addiu a1, a1, 0x172c | a1 += str._tmp_test.jpg;
0x00000cf4 move a0, s0 | a0 = s0;
0x00000cf8 jalr t9 | t9 ();
0x00000cfc lw gp, 0x18(sp) | gp = *(var_18h);
| do {
0x00000d00 lw t9, -0x7fd8(gp) | t9 = sym.get_sources;
0x00000d04 bal 0x11c0 | sym_get_sources ();
0x00000d08 nop |
0x00000d0c lw gp, 0x18(sp) | gp = *(var_18h);
0x00000d10 addiu v1, zero, 4 | v1 = 4;
0x00000d14 lw t9, -0x7f8c(gp) | t9 = sym.imp.capture_open_stream;
| if (v0 == v1) {
0x00000d18 beq v0, v1, 0xee8 | goto label_3;
| }
0x00000d1c lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00000d20 addiu a1, a1, 0x1764 | a1 += str.compression25;
| label_1:
0x00000d24 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00000d28 addiu a0, a0, 0x1758 | a0 += str.image_jpeg;
0x00000d2c jalr t9 | t9 ();
0x00000d30 move s3, v0 | s3 = v0;
0x00000d34 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00000d38 beqz v0, 0xf70 | goto label_4;
| }
0x00000d3c lw t9, -0x7f54(gp) | t9 = sym.imp.capture_get_frame;
0x00000d40 move a0, v0 | a0 = v0;
0x00000d44 jalr t9 | t9 ();
0x00000d48 move s1, v0 | s1 = v0;
0x00000d4c lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00000d50 beqz v0, 0xf9c | goto label_5;
| }
0x00000d54 lw t9, -0x7fac(gp) | t9 = sym.imp.capture_frame_data;
0x00000d58 move a0, v0 | a0 = v0;
0x00000d5c jalr t9 | t9 ();
0x00000d60 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000d64 move a0, s1 | a0 = s1;
0x00000d68 move s6, v0 | s6 = v0;
0x00000d6c lw t9, -0x7f7c(gp) | t9 = sym.imp.capture_frame_size;
0x00000d70 addiu s5, zero, -1 | s5 = -1;
0x00000d74 jalr t9 | t9 ();
0x00000d78 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000d7c addiu a2, zero, 0x1b6 | a2 = 0x1b6;
0x00000d80 addiu a1, zero, 0x101 | a1 = 0x101;
0x00000d84 lw t9, -0x7f30(gp) | t9 = sym.imp.open;
0x00000d88 move a0, s0 | a0 = s0;
0x00000d8c move s7, v0 | s7 = v0;
0x00000d90 jalr t9 | t9 ();
0x00000d94 move s4, v0 | s4 = v0;
0x00000d98 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == s5) {
0x00000d9c beq v0, s5, 0xff4 | goto label_6;
| }
0x00000da0 lw t9, -0x7f48(gp) | t9 = sym.imp.write;
0x00000da4 move a1, s6 | a1 = s6;
0x00000da8 move a2, s7 | a2 = s7;
0x00000dac move a0, v0 | a0 = v0;
0x00000db0 jalr t9 | t9 ();
0x00000db4 move s6, v0 | s6 = v0;
0x00000db8 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == s5) {
0x00000dbc beq v0, s5, 0xef4 | goto label_7;
| }
0x00000dc0 lw t9, -0x7f90(gp) | t9 = sym.imp.close;
0x00000dc4 move a0, s4 | a0 = s4;
0x00000dc8 jalr t9 | t9 ();
0x00000dcc lw gp, 0x18(sp) | gp = *(var_18h);
0x00000dd0 lw t9, -0x7f34(gp) | t9 = sym.imp.capture_frame_free;
0x00000dd4 move a0, s1 | a0 = s1;
0x00000dd8 jalr t9 | t9 ();
0x00000ddc lw gp, 0x18(sp) | gp = *(var_18h);
0x00000de0 lw t9, -0x7f4c(gp) | t9 = sym.imp.capture_close_stream;
0x00000de4 move a0, s3 | a0 = s3;
0x00000de8 jalr t9 | t9 ();
0x00000dec lw gp, 0x18(sp) | gp = *(var_18h);
| if (s6 == 0) {
0x00000df0 beqz s6, 0xfc8 | goto label_8;
| }
0x00000df4 move v0, zero | v0 = 0;
| label_0:
0x00000df8 lw a0, 0x124(sp) | a0 = *(var_124h);
0x00000dfc lw v1, (s2) | v1 = *(s2);
0x00000e00 lw ra, 0x14c(sp) | ra = *(var_14ch);
| if (a0 != v1) {
0x00000e04 bne a0, v1, 0x103c | goto label_9;
| }
0x00000e08 lw s7, 0x148(sp) | s7 = *(var_148h);
0x00000e0c lw s6, 0x144(sp) | s6 = *(var_144h);
0x00000e10 lw s5, 0x140(sp) | s5 = *(var_140h);
0x00000e14 lw s4, 0x13c(sp) | s4 = *(var_13ch);
0x00000e18 lw s3, 0x138(sp) | s3 = *(var_138h);
0x00000e1c lw s2, 0x134(sp) | s2 = *(var_134h);
0x00000e20 lw s1, 0x130(sp) | s1 = *(var_130h);
0x00000e24 lw s0, 0x12c(sp) | s0 = *(var_12ch);
0x00000e28 addiu sp, sp, 0x150 |
0x00000e2c jr ra | return v0;
| label_2:
0x00000e30 lw t9, -0x7f44(gp) | t9 = sym.imp.strncpy;
0x00000e34 lw a1, 4(s3) | a1 = *((s3 + 1));
0x00000e38 addiu a2, zero, 0x100 | a2 = 0x100;
0x00000e3c move a0, s0 | a0 = s0;
0x00000e40 jalr t9 | t9 ();
0x00000e44 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000e48 move a0, s0 | a0 = s0;
0x00000e4c lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00000e50 lw t9, -0x7fb0(gp) | t9 = sym.imp.strcmp;
0x00000e54 addiu a1, a1, 0x168c | a1 += 0x168c;
0x00000e58 jalr t9 | t9 ();
0x00000e5c lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00000e60 beqz v0, 0xe80 | goto label_10;
| }
0x00000e64 lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00000e68 lw t9, -0x7fb0(gp) | t9 = sym.imp.strcmp;
0x00000e6c addiu a1, a1, 0x1690 | a1 += str.__help;
0x00000e70 move a0, s0 | a0 = s0;
0x00000e74 jalr t9 | t9 ();
0x00000e78 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000e7c bnez v0, 0xd00 |
| } while (v0 != 0);
| label_10:
0x00000e80 lw s0, (s3) | s0 = *(s3);
0x00000e84 lw v0, -0x7fa0(gp) | v0 = *((gp - 8168));
0x00000e88 lw t9, -0x7f84(gp) | t9 = sym.imp.__xpg_basename;
0x00000e8c move a0, s0 | a0 = s0;
0x00000e90 lw s1, (v0) | s1 = *(v0);
0x00000e94 jalr t9 | t9 ();
0x00000e98 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000e9c move a0, s0 | a0 = s0;
0x00000ea0 lw t9, -0x7f84(gp) | t9 = sym.imp.__xpg_basename;
0x00000ea4 move s0, v0 | s0 = v0;
0x00000ea8 jalr t9 | t9 ();
0x00000eac lw gp, 0x18(sp) | gp = *(var_18h);
0x00000eb0 sw v0, 0x10(sp) | *(var_10h) = v0;
0x00000eb4 move a3, s0 | a3 = s0;
0x00000eb8 lw v1, -0x7fdc(gp) | v1 = *((gp - 8183));
0x00000ebc lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00000ec0 lw t9, -0x7f3c(gp) | t9 = sym.imp.__fprintf_chk
0x00000ec4 addiu v1, v1, 0x172c | v1 += str._tmp_test.jpg;
0x00000ec8 sw v1, 0x14(sp) | *(var_14h) = v1;
0x00000ecc addiu a2, a2, 0x1698 | a2 += str._n_s_:_Captures_and_writes_a_jpeg_frame_to_file_using_the_ACAP_capture_API_n_n____Usage:___s__filename__n____Filename_defaults_to__s_if_left_blank_n_n;
0x00000ed0 addiu a1, zero, 1 | a1 = 1;
0x00000ed4 move a0, s1 | a0 = s1;
0x00000ed8 jalr t9 | t9 ();
0x00000edc lw gp, 0x18(sp) | gp = *(var_18h);
0x00000ee0 move v0, zero | v0 = 0;
0x00000ee4 b 0xdf8 | goto label_0;
| label_3:
0x00000ee8 lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00000eec addiu a1, a1, 0x173c | a1 += str.compression25cameraquad;
0x00000ef0 b 0xd24 | goto label_1;
| label_7:
0x00000ef4 lw v0, -0x7f70(gp) | v0 = *((gp - 8156));
0x00000ef8 lw t9, -0x7f2c(gp) | t9 = sym.imp.__errno_location;
0x00000efc lw s0, (v0) | s0 = *(v0);
0x00000f00 jalr t9 | t9 ();
0x00000f04 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000f08 lw t9, -0x7f38(gp) | t9 = sym.imp.strerror;
0x00000f0c lw a0, (v0) | a0 = *(v0);
0x00000f10 jalr t9 | t9 ();
0x00000f14 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000f18 move a3, v0 | a3 = v0;
0x00000f1c addiu a1, zero, 1 | a1 = 1;
0x00000f20 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00000f24 lw t9, -0x7f3c(gp) | t9 = sym.imp.__fprintf_chk
0x00000f28 addiu a2, a2, 0x17b8 | a2 += str._s__n;
0x00000f2c move a0, s0 | a0 = s0;
0x00000f30 jalr t9 | t9 ();
0x00000f34 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000f38 lw t9, -0x7f90(gp) | t9 = sym.imp.close;
0x00000f3c move a0, s4 | a0 = s4;
0x00000f40 jalr t9 | t9 ();
0x00000f44 lw gp, 0x18(sp) | gp = *(var_18h);
| do {
0x00000f48 lw t9, -0x7f34(gp) | t9 = sym.imp.capture_frame_free;
0x00000f4c move a0, s1 | a0 = s1;
0x00000f50 jalr t9 | t9 ();
0x00000f54 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000f58 lw t9, -0x7f4c(gp) | t9 = sym.imp.capture_close_stream;
0x00000f5c move a0, s3 | a0 = s3;
0x00000f60 jalr t9 | t9 ();
0x00000f64 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000f68 move v0, zero | v0 = 0;
0x00000f6c b 0xdf8 | goto label_0;
| label_4:
0x00000f70 lw v0, -0x7f70(gp) | v0 = *((gp - 8156));
0x00000f74 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00000f78 lw t9, -0x7f94(gp) | t9 = sym.imp.fwrite;
0x00000f7c lw a3, (v0) | a3 = *(v0);
0x00000f80 addiu a2, zero, 0x1e | a2 = 0x1e;
0x00000f84 addiu a1, zero, 1 | a1 = 1;
0x00000f88 addiu a0, a0, 0x1774 | a0 += str.Error:_Could_not_open_stream__n;
0x00000f8c jalr t9 | t9 ();
0x00000f90 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000f94 addiu v0, zero, 1 | v0 = 1;
0x00000f98 b 0xdf8 | goto label_0;
| label_5:
0x00000f9c lw v0, -0x7f70(gp) | v0 = *((gp - 8156));
0x00000fa0 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00000fa4 lw t9, -0x7f94(gp) | t9 = sym.imp.fwrite;
0x00000fa8 lw a3, (v0) | a3 = *(v0);
0x00000fac addiu a2, zero, 0x22 | a2 = 0x22;
0x00000fb0 addiu a1, zero, 1 | a1 = 1;
0x00000fb4 addiu a0, a0, 0x1794 | a0 += str.Error:_Could_not_read_frame_data__n;
0x00000fb8 jalr t9 | t9 ();
0x00000fbc lw gp, 0x18(sp) | gp = *(var_18h);
0x00000fc0 addiu v0, zero, 1 | v0 = 1;
0x00000fc4 b 0xdf8 | goto label_0;
| label_8:
0x00000fc8 lw v0, -0x7f70(gp) | v0 = *((gp - 8156));
0x00000fcc lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00000fd0 lw t9, -0x7f3c(gp) | t9 = sym.imp.__fprintf_chk
0x00000fd4 lw a0, (v0) | a0 = *(v0);
0x00000fd8 move a3, s0 | a3 = s0;
0x00000fdc addiu a2, a2, 0x17c0 | a2 += str.Error:_Could_not_create_file__s_n;
0x00000fe0 addiu a1, zero, 1 | a1 = 1;
0x00000fe4 jalr t9 | t9 ();
0x00000fe8 lw gp, 0x18(sp) | gp = *(var_18h);
0x00000fec addiu v0, zero, 1 | v0 = 1;
0x00000ff0 b 0xdf8 | goto label_0;
| label_6:
0x00000ff4 lw v0, -0x7f70(gp) | v0 = *((gp - 8156));
0x00000ff8 lw t9, -0x7f2c(gp) | t9 = sym.imp.__errno_location;
0x00000ffc lw s0, (v0) | s0 = *(v0);
0x00001000 jalr t9 | t9 ();
0x00001004 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001008 lw t9, -0x7f38(gp) | t9 = sym.imp.strerror;
0x0000100c lw a0, (v0) | a0 = *(v0);
0x00001010 jalr t9 | t9 ();
0x00001014 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001018 move a3, v0 | a3 = v0;
0x0000101c addiu a1, zero, 1 | a1 = 1;
0x00001020 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00001024 lw t9, -0x7f3c(gp) | t9 = sym.imp.__fprintf_chk
0x00001028 addiu a2, a2, 0x17b8 | a2 += str._s__n;
0x0000102c move a0, s0 | a0 = s0;
0x00001030 jalr t9 | t9 ();
0x00001034 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001038 b 0xf48 |
| } while (1);
| label_9:
0x0000103c lw t9, -0x7f98(gp) | t9 = sym.imp.__stack_chk_fail;
0x00001040 jalr t9 | t9 ();
0x00001044 nop |
0x00001048 nop |
0x0000104c nop |
| }
[*] Function printf used 5 times jpeg_snapshot
