[*] Binary protection state of editcgi.cgi
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of editcgi.cgi
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/editcgi.cgi @ 0x31cc */
| #include <stdint.h>
|
; (fcn) sym.ls () | void ls () {
0x000031cc lui gp, 2 |
0x000031d0 addiu gp, gp, -0x61bc |
0x000031d4 addu gp, gp, t9 | gp += t9;
0x000031d8 addiu sp, sp, -0x2f8 |
0x000031dc lw v0, -0x7ed8(gp) | v0 = *((gp - 8118));
0x000031e0 sw fp, 0x2f0(sp) | *(var_2f0h) = fp;
0x000031e4 sw s6, 0x2e8(sp) | *(var_2e8h) = s6;
0x000031e8 sw s5, 0x2e4(sp) | *(var_2e4h) = s5;
0x000031ec sw s4, 0x2e0(sp) | *(var_2e0h) = s4;
0x000031f0 sw gp, 0x18(sp) | *(var_18h) = gp;
0x000031f4 sw ra, 0x2f4(sp) | *(var_2f4h) = ra;
0x000031f8 sw s7, 0x2ec(sp) | *(var_2ech) = s7;
0x000031fc sw s3, 0x2dc(sp) | *(var_2dch) = s3;
0x00003200 sw s2, 0x2d8(sp) | *(var_2d8h) = s2;
0x00003204 sw s1, 0x2d4(sp) | *(var_2d4h) = s1;
0x00003208 sw s0, 0x2d0(sp) | *(var_2d0h) = s0;
0x0000320c lw v1, (v0) | v1 = *(v0);
0x00003210 sw v0, 0x34(sp) | *(var_34h) = v0;
0x00003214 lb v0, (a0) | v0 = *(a0);
0x00003218 move fp, a0 | fp = a0;
0x0000321c sw a1, 0x28(sp) | *(var_28h) = a1;
0x00003220 move s4, a2 | s4 = a2;
0x00003224 move s5, a3 | s5 = a3;
0x00003228 lw s6, 0x308(sp) | s6 = *(arg_308h);
0x0000322c sw v1, 0x2cc(sp) | *(var_2cch) = v1;
| if (v0 != 0) {
0x00003230 beql v0, zero, 0x325c |
0x00003234 sw zero, 0x24(sp) | *(var_24h) = 0;
0x00003238 lw t9, -0x7f18(gp) | t9 = sym.imp.strlen;
0x0000323c jalr t9 | t9 ();
0x00003240 nop |
0x00003244 addu v0, fp, v0 | v0 = fp + v0;
0x00003248 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000324c lb v0, -1(v0) | v0 = *((v0 - 1));
0x00003250 xori v0, v0, 0x2f | v0 ^= 0x2f;
0x00003254 sltiu v0, v0, 1 | v0 = (v0 < 1) ? 1 : 0;
0x00003258 sw v0, 0x24(sp) | *(var_24h) = v0;
| }
0x0000325c lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00003260 lw s2, -0x7fdc(gp) | s2 = *((gp - 8183));
0x00003264 addiu v0, v0, 0x3920 | v0 += 0x3920;
0x00003268 sw v0, 0x30(sp) | *(var_30h) = v0;
0x0000326c lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00003270 addiu s3, zero, 1 | s3 = 1;
0x00003274 sw v0, 0x2c(sp) | *(var_2ch) = v0;
0x00003278 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x0000327c addiu s2, s2, 0x4114 | s2 += 0x4114;
0x00003280 addiu v0, v0, 0x29e0 | v0 += 0x29e0;
0x00003284 sw v0, 0x20(sp) | *(var_20h) = v0;
0x00003288 b 0x330c |
| while (v0 != 0) {
| label_0:
0x0000328c lw t9, -0x7eb8(gp) | t9 = sym.imp.strcmp;
| if (s3 != 0) {
0x00003290 beqz s3, 0x32a8 |
0x00003294 move a1, s0 | a1 = s0;
0x00003298 move a0, s2 | a0 = s2;
0x0000329c jalr t9 | t9 ();
0x000032a0 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != 0) {
0x000032a4 bnez v0, 0x3370 | goto label_4;
| }
| }
| label_1:
0x000032a8 lw t9, -0x7eb0(gp) | t9 = sym.imp.__strcat_chk
0x000032ac addiu a2, zero, 0x200 | a2 = 0x200;
0x000032b0 move a1, s0 | a1 = s0;
0x000032b4 move a0, s1 | a0 = s1;
0x000032b8 jalr t9 | t9 ();
0x000032bc lw gp, 0x18(sp) | gp = *(var_18h);
0x000032c0 addiu s3, sp, 0x3c | s3 = sp + 0x3c;
0x000032c4 move a2, s3 | a2 = s3;
0x000032c8 lw t9, -0x7f5c(gp) | t9 = sym.imp.__lxstat;
0x000032cc move a1, s1 | a1 = s1;
0x000032d0 addiu a0, zero, 3 | a0 = 3;
0x000032d4 jalr t9 | t9 ();
0x000032d8 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x000032dc bltz v0, 0x345c | goto label_5;
| }
0x000032e0 lw t9, 0x20(sp) | t9 = *(var_20h);
0x000032e4 move a2, s3 | a2 = s3;
0x000032e8 sw s6, 0x14(sp) | *(var_14h) = s6;
0x000032ec sw s5, 0x10(sp) | *(var_10h_2) = s5;
0x000032f0 move a3, s4 | a3 = s4;
0x000032f4 move a1, s0 | a1 = s0;
0x000032f8 move a0, s1 | a0 = s1;
0x000032fc jalr t9 | t9 ();
0x00003300 move s3, zero | s3 = 0;
0x00003304 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x00003308 bltz v0, 0x3484 | goto label_6;
| }
0x0000330c lw t9, -0x7f4c(gp) | t9 = sym.imp.readdir;
0x00003310 lw a0, 0x28(sp) | a0 = *(var_28h);
0x00003314 jalr t9 | t9 ();
0x00003318 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x0000331c beqz v0, 0x3408 | goto label_7;
| }
0x00003320 addiu s0, v0, 0xb | s0 = v0 + 0xb;
0x00003324 lw v0, 0x2c(sp) | v0 = *(var_2ch);
0x00003328 addiu s1, sp, 0xcc | s1 = sp + 0xcc;
0x0000332c addiu s7, v0, 0x4118 | s7 = v0 + 0x4118;
| label_2:
0x00003330 lw t9, -0x7f3c(gp) | t9 = sym.imp.strncpy;
0x00003334 addiu a2, zero, 0x1ff | a2 = 0x1ff;
0x00003338 move a1, fp | a1 = fp;
0x0000333c move a0, s1 | a0 = s1;
0x00003340 jalr t9 | t9 ();
0x00003344 lw v0, 0x24(sp) | v0 = *(var_24h);
0x00003348 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000334c sb zero, 0x2cb(sp) | *(var_2cbh) = 0;
0x00003350 bnez v0, 0x328c |
| }
0x00003354 lw t9, -0x7eb0(gp) | t9 = sym.imp.__strcat_chk
0x00003358 lw a1, 0x30(sp) | a1 = *(var_30h);
0x0000335c addiu a2, zero, 0x200 | a2 = 0x200;
0x00003360 move a0, s1 | a0 = s1;
0x00003364 jalr t9 | t9 ();
0x00003368 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000336c b 0x328c | goto label_0;
| label_4:
0x00003370 lw t9, -0x7eb8(gp) | t9 = sym.imp.strcmp;
0x00003374 move a1, s0 | a1 = s0;
0x00003378 move a0, s7 | a0 = s7;
0x0000337c jalr t9 | t9 ();
0x00003380 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00003384 beqz v0, 0x32a8 | goto label_1;
| }
0x00003388 lw t9, -0x7eb0(gp) | t9 = sym.imp.__strcat_chk
0x0000338c addiu a2, zero, 0x200 | a2 = 0x200;
0x00003390 move a1, s2 | a1 = s2;
0x00003394 move a0, s1 | a0 = s1;
0x00003398 jalr t9 | t9 ();
0x0000339c lw gp, 0x18(sp) | gp = *(var_18h);
0x000033a0 lw t9, 0x20(sp) | t9 = *(var_20h);
0x000033a4 move a3, s4 | a3 = s4;
0x000033a8 lw a2, -0x7fac(gp) | a2 = *(gp);
0x000033ac move a1, s2 | a1 = s2;
0x000033b0 move a0, s1 | a0 = s1;
0x000033b4 sw s6, 0x14(sp) | *(var_14h) = s6;
0x000033b8 sw s5, 0x10(sp) | *(var_10h_2) = s5;
0x000033bc jalr t9 | t9 ();
0x000033c0 lw gp, 0x18(sp) | gp = *(var_18h);
0x000033c4 addiu a2, zero, 0x200 | a2 = 0x200;
0x000033c8 move a1, s2 | a1 = s2;
0x000033cc lw t9, -0x7eb0(gp) | t9 = sym.imp.__strcat_chk
0x000033d0 move a0, s1 | a0 = s1;
0x000033d4 jalr t9 | t9 ();
0x000033d8 lw gp, 0x18(sp) | gp = *(var_18h);
0x000033dc lw t9, 0x20(sp) | t9 = *(var_20h);
0x000033e0 sw s6, 0x14(sp) | *(var_14h) = s6;
0x000033e4 lw a2, -0x7fac(gp) | a2 = *(gp);
0x000033e8 sw s5, 0x10(sp) | *(var_10h_2) = s5;
0x000033ec move a3, s4 | a3 = s4;
0x000033f0 move a1, s7 | a1 = s7;
0x000033f4 move a0, s1 | a0 = s1;
0x000033f8 move s3, zero | s3 = 0;
0x000033fc jalr t9 | t9 ();
0x00003400 lw gp, 0x18(sp) | gp = *(var_18h);
0x00003404 b 0x3330 | goto label_2;
| label_7:
0x00003408 lw t9, -0x7f7c(gp) | t9 = sym.imp.closedir;
0x0000340c lw a0, 0x28(sp) | a0 = *(var_28h);
0x00003410 jalr t9 | t9 ();
0x00003414 lw gp, 0x18(sp) | gp = *(var_18h);
0x00003418 move v0, zero | v0 = 0;
| do {
| label_3:
0x0000341c lw v1, 0x34(sp) | v1 = *(var_34h);
0x00003420 lw a0, 0x2cc(sp) | a0 = *(var_2cch);
0x00003424 lw v1, (v1) | v1 = *(v1);
0x00003428 lw ra, 0x2f4(sp) | ra = *(var_2f4h);
| if (a0 != v1) {
0x0000342c bne a0, v1, 0x349c | goto label_8;
| }
0x00003430 lw fp, 0x2f0(sp) | fp = *(var_2f0h);
0x00003434 lw s7, 0x2ec(sp) | s7 = *(var_2ech);
0x00003438 lw s6, 0x2e8(sp) | s6 = *(var_2e8h);
0x0000343c lw s5, 0x2e4(sp) | s5 = *(var_2e4h);
0x00003440 lw s4, 0x2e0(sp) | s4 = *(var_2e0h);
0x00003444 lw s3, 0x2dc(sp) | s3 = *(var_2dch);
0x00003448 lw s2, 0x2d8(sp) | s2 = *(var_2d8h);
0x0000344c lw s1, 0x2d4(sp) | s1 = *(var_2d4h);
0x00003450 lw s0, 0x2d0(sp) | s0 = *(var_2d0h);
0x00003454 addiu sp, sp, 0x2f8 |
0x00003458 jr ra | return v0;
| label_5:
0x0000345c lw t9, -0x7f7c(gp) | t9 = sym.imp.closedir;
0x00003460 lw a0, 0x28(sp) | a0 = *(var_28h);
0x00003464 jalr t9 | t9 ();
0x00003468 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000346c lw t9, -0x7ef4(gp) | t9 = sym.imp.perror;
0x00003470 move a0, s1 | a0 = s1;
0x00003474 jalr t9 | t9 ();
0x00003478 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000347c addiu v0, zero, -1 | v0 = -1;
0x00003480 b 0x341c |
| } while (1);
| label_6:
0x00003484 lw t9, -0x7f7c(gp) | t9 = sym.imp.closedir;
0x00003488 lw a0, 0x28(sp) | a0 = *(var_28h);
0x0000348c jalr t9 | t9 ();
0x00003490 lw gp, 0x18(sp) | gp = *(var_18h);
0x00003494 addiu v0, zero, -1 | v0 = -1;
0x00003498 b 0x341c | goto label_3;
| label_8:
0x0000349c lw t9, -0x7ee8(gp) | t9 = sym.imp.__stack_chk_fail;
0x000034a0 jalr t9 | t9 ();
0x000034a4 nop |
0x000034a8 nop |
0x000034ac nop |
| }
[*] Function strcat used 5 times editcgi.cgi
