[*] Binary protection state of respawnd
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of respawnd
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/sbin/respawnd @ 0xf70 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
| /* [13] -r-x section size 7984 named .text */
0x00000f70 lui gp, 2 |
0x00000f74 addiu gp, gp, -0x4f60 |
0x00000f78 addu gp, gp, t9 | gp += t9;
0x00000f7c lw v0, -0x7ed8(gp) | v0 = *((gp - 8118));
0x00000f80 addiu sp, sp, -0x170 |
0x00000f84 sw v0, 0x24(sp) | *(var_24h) = v0;
0x00000f88 lw v0, (v0) | v0 = *(v0);
0x00000f8c sw gp, 0x18(sp) | *(var_18h) = gp;
0x00000f90 sw ra, 0x16c(sp) | *(var_16ch) = ra;
0x00000f94 sw fp, 0x168(sp) | *(var_168h) = fp;
0x00000f98 sw s7, 0x164(sp) | *(var_164h) = s7;
0x00000f9c sw s6, 0x160(sp) | *(var_160h) = s6;
0x00000fa0 sw s5, 0x15c(sp) | *(var_15ch) = s5;
0x00000fa4 sw s4, 0x158(sp) | *(var_158h) = s4;
0x00000fa8 sw s3, 0x154(sp) | *(var_154h) = s3;
0x00000fac sw s2, 0x150(sp) | *(var_150h) = s2;
0x00000fb0 sw s1, 0x14c(sp) | *(var_14ch) = s1;
0x00000fb4 sw s0, 0x148(sp) | *(var_148h) = s0;
0x00000fb8 sw v0, 0x144(sp) | *(var_144h) = v0;
0x00000fbc lw t9, -0x7f64(gp) | t9 = sym.imp.strrchr;
| if (a0 <= 0) {
0x00000fc0 blez a0, 0x1250 | goto label_2;
| }
0x00000fc4 lw s7, (a1) | s7 = *(a1);
0x00000fc8 move s1, a0 | s1 = a0;
0x00000fcc move s2, a1 | s2 = a1;
0x00000fd0 move a0, s7 | a0 = s7;
0x00000fd4 addiu a1, zero, 0x2f | a1 = 0x2f;
0x00000fd8 jalr t9 | t9 ();
0x00000fdc lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != 0) {
0x00000fe0 beqz v0, 0xfe8 |
0x00000fe4 addiu s7, v0, 1 | s7 = v0 + 1;
| }
0x00000fe8 lw t9, -0x7fd8(gp) | t9 = sym.name2action;
0x00000fec addiu a1, sp, 0x2f | a1 = sp + 0x2f;
0x00000ff0 move a0, s7 | a0 = s7;
0x00000ff4 bal 0x16b4 | sym_name2action ();
0x00000ff8 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00000ffc beqz v0, 0x1068 | goto label_3;
| }
0x00001000 lbu v0, 0x2f(sp) | v0 = *(var_2fh);
0x00001004 lui v1, 0x2003 | v1 = 0x20030129;
0x00001008 addiu v1, v1, 0x129 |
0x0000100c addiu a0, zero, 1 | a0 = 1;
0x00001010 sw v1, 0x30(sp) | *(var_30h) = v1;
0x00001014 sb v0, 0x34(sp) | *(var_34h) = v0;
| if (s1 == a0) {
0x00001018 beq s1, a0, 0x114c | goto label_4;
| }
0x0000101c andi v0, v0, 0xfd | v0 &= 0xfd;
0x00001020 addiu s0, zero, 1 | s0 = 1;
0x00001024 beq v0, a0, 0x10bc |
| while (v0 == s4) {
0x00001028 lw t9, -0x7fd4(gp) | t9 = sym.argv2cmdline;
0x0000102c sll a1, s0, 2 | a1 = s0 << 2;
0x00001030 addiu a2, sp, 0x3c | a2 = sp + 0x3c;
0x00001034 addu a1, s2, a1 | a1 = s2 + a1;
0x00001038 subu a0, s1, s0 | __asm ("subu a0, s1, s0");
0x0000103c bal 0x1400 | sym_argv2cmdline ();
0x00001040 sw v0, 0x38(sp) | *(var_38h) = v0;
0x00001044 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00001048 beqz v0, 0x11a8 | goto label_5;
| }
0x0000104c lw t9, -0x7fd0(gp) | t9 = sym.send_respawnd;
0x00001050 addiu a0, sp, 0x30 | a0 = sp + 0x30;
0x00001054 bal 0x14f8 | sym_send_respawnd ();
0x00001058 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x0000105c beqz v0, 0x117c | goto label_6;
| }
0x00001060 move v0, zero | v0 = 0;
0x00001064 b 0x107c | goto label_1;
| label_3:
0x00001068 lw t9, -0x7fcc(gp) | t9 = sym.respawnd_main;
0x0000106c move a1, s2 | a1 = s2;
0x00001070 move a0, s1 | a0 = s1;
0x00001074 bal 0x1e3c | sym_respawnd_main ();
0x00001078 lw gp, 0x18(sp) | gp = *(var_18h);
| label_1:
0x0000107c lw v1, 0x24(sp) | v1 = *(var_24h);
0x00001080 lw a0, 0x144(sp) | a0 = *(var_144h);
0x00001084 lw v1, (v1) | v1 = *(v1);
0x00001088 lw ra, 0x16c(sp) | ra = *(var_16ch);
| if (a0 != v1) {
0x0000108c bne a0, v1, 0x1280 | goto label_7;
| }
0x00001090 lw fp, 0x168(sp) | fp = *(var_168h);
0x00001094 lw s7, 0x164(sp) | s7 = *(var_164h);
0x00001098 lw s6, 0x160(sp) | s6 = *(var_160h);
0x0000109c lw s5, 0x15c(sp) | s5 = *(var_15ch);
0x000010a0 lw s4, 0x158(sp) | s4 = *(var_158h);
0x000010a4 lw s3, 0x154(sp) | s3 = *(var_154h);
0x000010a8 lw s2, 0x150(sp) | s2 = *(var_150h);
0x000010ac lw s1, 0x14c(sp) | s1 = *(var_14ch);
0x000010b0 lw s0, 0x148(sp) | s0 = *(var_148h);
0x000010b4 addiu sp, sp, 0x170 |
0x000010b8 jr ra | return v0;
0x000010bc lw s3, -0x7fdc(gp) | s3 = *((gp - 8183));
0x000010c0 lw fp, -0x7f84(gp) | fp = *((gp - 8161));
0x000010c4 sw zero, 0x140(sp) | *(var_140h) = 0;
0x000010c8 sw zero, 0x13c(sp) | *(var_13ch) = 0;
0x000010cc addiu s3, s3, 0x3368 | s3 += str.c:g:;
0x000010d0 addiu s4, zero, -1 | s4 = -1;
0x000010d4 addiu s6, zero, 0x63 | s6 = 0x63;
0x000010d8 addiu s5, zero, 0x67 | s5 = 0x67;
| label_0:
0x000010dc lw t9, -0x7f34(gp) | t9 = sym.imp.getopt;
0x000010e0 move a2, s3 | a2 = s3;
0x000010e4 move a1, s2 | a1 = s2;
0x000010e8 move a0, s1 | a0 = s1;
0x000010ec jalr t9 | t9 ();
0x000010f0 lw gp, 0x18(sp) | gp = *(var_18h);
0x000010f4 beq v0, s4, 0x1028 |
| }
0x000010f8 lw t9, -0x7eb0(gp) | t9 = sym.imp.getpwnam;
| if (v0 == s6) {
0x000010fc beq v0, s6, 0x112c | goto label_8;
| }
0x00001100 addiu s0, s0, 2 | s0 += 2;
| if (v0 == s5) {
0x00001104 bnel v0, s5, 0x10dc | goto label_0;
| }
0x00001108 lw t9, -0x7f8c(gp) | t9 = sym.imp.getgrnam;
0x0000110c lw a0, (fp) | a0 = *(fp);
0x00001110 jalr t9 | t9 ();
0x00001114 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != 0) {
0x00001118 beqz v0, 0x1224 |
0x0000111c lw v0, 8(v0) | v0 = *((v0 + 2));
0x00001120 sw v0, 0x140(sp) | *(var_140h) = v0;
0x00001124 addiu s0, s0, 2 | s0 += 2;
0x00001128 b 0x10dc | goto label_0;
| label_8:
0x0000112c lw a0, (fp) | a0 = *(fp);
0x00001130 jalr t9 | t9 ();
0x00001134 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != 0) {
0x00001138 beqz v0, 0x11f8 |
0x0000113c lw v0, 8(v0) | v0 = *((v0 + 2));
0x00001140 addiu s0, s0, 2 | s0 += 2;
0x00001144 sw v0, 0x13c(sp) | *(var_13ch) = v0;
0x00001148 b 0x10dc | goto label_0;
| label_4:
0x0000114c lw v1, -0x7ec8(gp) | v1 = *((gp - 8114));
0x00001150 lw t9, -0x7f74(gp) | t9 = sym.imp.__fprintf_chk
0x00001154 move a3, s7 | a3 = s7;
0x00001158 lw a0, (v1) | a0 = *(v1);
| if (v0 != s1) {
0x0000115c beq v0, s1, 0x11dc |
0x00001160 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00001164 addiu a1, zero, 1 | a1 = 1;
0x00001168 addiu a2, a2, 0x3308 | a2 += str.Usage:__s_program__args__n;
0x0000116c jalr t9 | t9 ();
0x00001170 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001174 addiu v0, zero, 1 | v0 = 1;
0x00001178 b 0x107c | goto label_1;
| label_6:
0x0000117c lw v0, -0x7ec8(gp) | v0 = *((gp - 8114));
0x00001180 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00001184 lw t9, -0x7f74(gp) | t9 = sym.imp.__fprintf_chk
0x00001188 lw a0, (v0) | a0 = *(v0);
0x0000118c move a3, s7 | a3 = s7;
0x00001190 addiu a2, a2, 0x33a0 | a2 += str._s:_Could_not_send_message_to_respawnd__n;
0x00001194 addiu a1, zero, 1 | a1 = 1;
0x00001198 jalr t9 | t9 ();
0x0000119c lw gp, 0x18(sp) | gp = *(var_18h);
0x000011a0 addiu v0, zero, 1 | v0 = 1;
0x000011a4 b 0x107c | goto label_1;
| label_5:
0x000011a8 lw v0, -0x7ec8(gp) | v0 = *((gp - 8114));
0x000011ac lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x000011b0 lw t9, -0x7f74(gp) | t9 = sym.imp.__fprintf_chk
0x000011b4 lw a0, (v0) | a0 = *(v0);
0x000011b8 addiu v0, zero, 0xff | v0 = 0xff;
0x000011bc sw v0, 0x10(sp) | *(var_10h_2) = v0;
0x000011c0 move a3, s7 | a3 = s7;
0x000011c4 addiu a2, a2, 0x3370 | a2 += str._s:_Command_line_too_long__Max__d_characters._n;
0x000011c8 addiu a1, zero, 1 | a1 = 1;
0x000011cc jalr t9 | t9 ();
0x000011d0 lw gp, 0x18(sp) | gp = *(var_18h);
0x000011d4 addiu v0, zero, 1 | v0 = 1;
0x000011d8 b 0x107c | goto label_1;
| }
0x000011dc lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x000011e0 addiu a1, zero, 1 | a1 = 1;
0x000011e4 addiu a2, a2, 0x32d8 | a2 += str.Usage:__s___c_user____g_group__program__args__n;
0x000011e8 jalr t9 | t9 ();
0x000011ec lw gp, 0x18(sp) | gp = *(var_18h);
0x000011f0 addiu v0, zero, 1 | v0 = 1;
0x000011f4 b 0x107c | goto label_1;
| }
0x000011f8 lw v0, -0x7ec8(gp) | v0 = *((gp - 8114));
0x000011fc lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00001200 lw t9, -0x7f74(gp) | t9 = sym.imp.__fprintf_chk
0x00001204 lw a3, (fp) | a3 = *(fp);
0x00001208 lw a0, (v0) | a0 = *(v0);
0x0000120c addiu a2, a2, 0x3324 | a2 += str.Couldnt_get_uid_for_user___s_.;
0x00001210 addiu a1, zero, 1 | a1 = 1;
0x00001214 jalr t9 | t9 ();
0x00001218 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000121c addiu v0, zero, 1 | v0 = 1;
0x00001220 b 0x107c | goto label_1;
| }
0x00001224 lw v0, -0x7ec8(gp) | v0 = *((gp - 8114));
0x00001228 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x0000122c lw t9, -0x7f74(gp) | t9 = sym.imp.__fprintf_chk
0x00001230 lw a3, (fp) | a3 = *(fp);
0x00001234 lw a0, (v0) | a0 = *(v0);
0x00001238 addiu a2, a2, 0x3344 | a2 += str.Couldnt_get_gid_for_group___s_.;
0x0000123c addiu a1, zero, 1 | a1 = 1;
0x00001240 jalr t9 | t9 ();
0x00001244 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001248 addiu v0, zero, 1 | v0 = 1;
0x0000124c b 0x107c | goto label_1;
| label_2:
0x00001250 lw v0, -0x7ec8(gp) | v0 = *((gp - 8114));
0x00001254 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00001258 lw t9, -0x7efc(gp) | t9 = sym.imp.fwrite;
0x0000125c lw a3, (v0) | a3 = *(v0);
0x00001260 addiu a0, a0, 0x3294 | a0 += str.Need_at_least_one_argument:_respawnd__respawn_on_or_respawn_off__n;
0x00001264 addiu a2, zero, 0x41 | a2 = 0x41;
0x00001268 addiu a1, zero, 1 | a1 = 1;
0x0000126c jalr t9 | t9 ();
0x00001270 lw gp, 0x18(sp) | gp = *(var_18h);
0x00001274 lw t9, -0x7f1c(gp) | t9 = sym.imp.exit;
0x00001278 addiu a0, zero, 1 | a0 = 1;
0x0000127c jalr t9 | t9 ();
| label_7:
0x00001280 lw t9, -0x7ee8(gp) | t9 = sym.imp.__stack_chk_fail;
0x00001284 jalr t9 | t9 ();
0x00001288 nop |
0x0000128c nop |
| }
[*] Function fprintf used 6 times respawnd
