[*] Binary protection state of scheduled
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of scheduled
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/scheduled @ 0x3760 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
| /* [13] -r-x section size 41776 named .text */
0x00003760 lui gp, 2 |
0x00003764 addiu gp, gp, 0x48b0 |
0x00003768 addu gp, gp, t9 | gp += t9;
0x0000376c addiu sp, sp, -0x38 |
0x00003770 slti a0, a0, 2 | a0 = (a0 < 2) ? 1 : 0;
0x00003774 sw gp, 0x18(sp) | *(var_18h) = gp;
0x00003778 sw ra, 0x34(sp) | *(var_34h) = ra;
0x0000377c sw s3, 0x30(sp) | *(var_30h) = s3;
0x00003780 sw s2, 0x2c(sp) | *(var_2ch) = s2;
0x00003784 sw s1, 0x28(sp) | *(var_28h) = s1;
0x00003788 sw s0, 0x24(sp) | *(var_24h) = s0;
0x0000378c lw t9, -0x7c60(gp) | t9 = sym.imp.g_strcmp0;
| if (a0 == 0) {
0x00003790 bnez a0, 0x37ac |
0x00003794 lw a0, 4(a1) | a0 = *((a1 + 1));
0x00003798 lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x0000379c addiu a1, a1, -0x1a78 | a1 += -0x1a78;
0x000037a0 jalr t9 | t9 ();
0x000037a4 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x000037a8 beqz v0, 0x39bc | goto label_4;
| }
| }
0x000037ac lw t9, -0x7e84(gp) | t9 = sym.imp.daemon_retval_init;
0x000037b0 jalr t9 | t9 ();
0x000037b4 nop |
0x000037b8 lw gp, 0x18(sp) | gp = *(var_18h);
0x000037bc lw t9, -0x7da8(gp) | t9 = sym.imp.daemon_fork;
0x000037c0 jalr t9 | t9 ();
0x000037c4 nop |
0x000037c8 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x000037cc bltz v0, 0x39e4 | goto label_5;
| }
0x000037d0 lw t9, -0x7d94(gp) | t9 = sym.imp.ax_log_syslog;
| if (v0 != 0) {
0x000037d4 bnez v0, 0x398c | goto label_6;
| }
0x000037d8 move s3, zero | s3 = 0;
0x000037dc jalr t9 | t9 ();
0x000037e0 lw gp, 0x18(sp) | gp = *(var_18h);
| label_0:
0x000037e4 lw t9, -0x7cbc(gp) | t9 = sym.imp.g_log_set_always_fatal;
0x000037e8 lw s0, -0x7fdc(gp) | s0 = *((gp - 8183));
0x000037ec addiu a0, zero, 4 | a0 = 4;
0x000037f0 jalr t9 | t9 ();
0x000037f4 lw gp, 0x18(sp) | gp = *(var_18h);
0x000037f8 lw t9, -0x7e94(gp) | t9 = sym.imp.getpwnam;
0x000037fc addiu a0, s0, -0x1a24 | a0 = s0 + -0x1a24;
0x00003800 jalr t9 | t9 ();
0x00003804 move s2, v0 | s2 = v0;
0x00003808 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x0000380c beqz v0, 0x3a1c | goto label_7;
| }
0x00003810 lw t9, -0x7c70(gp) | t9 = sym.imp.getgrnam;
0x00003814 addiu a0, s0, -0x1a24 | a0 = s0 + -0x1a24;
0x00003818 jalr t9 | t9 ();
0x0000381c move s1, v0 | s1 = v0;
0x00003820 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00003824 beqz v0, 0x3a90 | goto label_8;
| }
0x00003828 lw t9, -0x7e7c(gp) | t9 = sym.imp.setgid;
0x0000382c lw a0, 8(v0) | a0 = *((v0 + 2));
0x00003830 jalr t9 | t9 ();
0x00003834 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x00003838 bltz v0, 0x3a68 | goto label_9;
| }
0x0000383c lw t9, -0x7db4(gp) | t9 = sym.imp.initgroups;
0x00003840 lw a1, 8(s1) | a1 = *((s1 + 2));
0x00003844 lw a0, (s2) | a0 = *(s2);
0x00003848 jalr t9 | t9 ();
0x0000384c lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x00003850 bltz v0, 0x3ab8 | goto label_10;
| }
0x00003854 lw t9, -0x7d3c(gp) | t9 = sym.imp.setuid;
0x00003858 lw a0, 8(s2) | a0 = *((s2 + 2));
0x0000385c jalr t9 | t9 ();
0x00003860 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x00003864 bltz v0, 0x3b10 | goto label_11;
| }
0x00003868 lw t9, -0x7fd8(gp) | t9 = sym.timerman_init;
0x0000386c bal 0x87b8 | sym_timerman_init ();
0x00003870 nop |
0x00003874 lw gp, 0x18(sp) | gp = *(var_18h);
0x00003878 lw t9, -0x7fd4(gp) | t9 = sym.scheduled_new;
0x0000387c bal 0x5284 | sym_scheduled_new ();
0x00003880 nop |
0x00003884 lw gp, 0x18(sp) | gp = *(var_18h);
0x00003888 addiu a0, zero, 0x1c | a0 = 0x1c;
0x0000388c lw t9, -0x7e10(gp) | t9 = sym.imp.g_malloc0;
0x00003890 move s2, v0 | s2 = v0;
0x00003894 jalr t9 | t9 ();
0x00003898 lw gp, 0x18(sp) | gp = *(var_18h);
0x0000389c move a0, v0 | a0 = v0;
0x000038a0 move s0, v0 | s0 = v0;
0x000038a4 lw t9, -0x7cdc(gp) | t9 = sym.imp.g_mutex_init;
0x000038a8 addiu s1, s0, 8 | s1 = s0 + 8;
0x000038ac jalr t9 | t9 ();
0x000038b0 lw gp, 0x18(sp) | gp = *(var_18h);
0x000038b4 lw t9, -0x7d88(gp) | t9 = sym.imp.g_cond_init;
0x000038b8 move a0, s1 | a0 = s1;
0x000038bc jalr t9 | t9 ();
0x000038c0 lw gp, 0x18(sp) | gp = *(var_18h);
0x000038c4 addiu v0, zero, 1 | v0 = 1;
0x000038c8 move a1, zero | a1 = 0;
0x000038cc lw t9, -0x7cc4(gp) | t9 = sym.imp.g_main_loop_new;
0x000038d0 move a0, zero | a0 = 0;
0x000038d4 sw v0, 0x14(s0) | *((s0 + 5)) = v0;
0x000038d8 jalr t9 | t9 ();
0x000038dc lw gp, 0x18(sp) | gp = *(var_18h);
0x000038e0 sw v0, 0x18(s0) | *((s0 + 6)) = v0;
0x000038e4 move a2, s0 | a2 = s0;
0x000038e8 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x000038ec lw t9, -0x7dd8(gp) | t9 = sym.imp.g_thread_new;
0x000038f0 lw a1, -0x7fd0(gp) | a1 = sym.main_loop_thread_func;
0x000038f4 addiu a0, a0, -0x1954 | a0 += -0x1954;
0x000038f8 jalr t9 | t9 ();
0x000038fc lw gp, 0x18(sp) | gp = *(var_18h);
| if (s3 == 0) {
0x00003900 beqz s3, 0x39d0 | goto label_12;
| }
| label_1:
0x00003904 lw t9, -0x7e1c(gp) | t9 = sym.imp.g_mutex_lock;
0x00003908 move a0, s0 | a0 = s0;
0x0000390c jalr t9 | t9 ();
0x00003910 lw v0, 0x14(s0) | v0 = *((s0 + 5));
0x00003914 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 == 0) {
0x00003918 beqz v0, 0x3938 | goto label_13;
| }
| do {
0x0000391c lw t9, -0x7d7c(gp) | t9 = sym.imp.g_cond_wait;
0x00003920 move a1, s0 | a1 = s0;
0x00003924 move a0, s1 | a0 = s1;
0x00003928 jalr t9 | t9 ();
0x0000392c lw v0, 0x14(s0) | v0 = *((s0 + 5));
0x00003930 lw gp, 0x18(sp) | gp = *(var_18h);
0x00003934 bnez v0, 0x391c |
| } while (v0 != 0);
| label_13:
0x00003938 lw t9, -0x7d38(gp) | t9 = sym.imp.g_mutex_unlock;
0x0000393c move a0, s0 | a0 = s0;
0x00003940 jalr t9 | t9 ();
0x00003944 lw gp, 0x18(sp) | gp = *(var_18h);
0x00003948 lw t9, -0x7e60(gp) | t9 = sym.imp.g_mutex_clear;
0x0000394c move a0, s0 | a0 = s0;
0x00003950 jalr t9 | t9 ();
0x00003954 lw gp, 0x18(sp) | gp = *(var_18h);
0x00003958 lw t9, -0x7bfc(gp) | t9 = sym.imp.g_cond_clear;
0x0000395c move a0, s1 | a0 = s1;
0x00003960 jalr t9 | t9 ();
0x00003964 lw gp, 0x18(sp) | gp = *(var_18h);
0x00003968 lw t9, -0x7bf0(gp) | t9 = *((gp - 7932));
0x0000396c move a0, s0 | a0 = s0;
0x00003970 jalr t9 | t9 ();
0x00003974 lw gp, 0x18(sp) | gp = *(var_18h);
0x00003978 lw t9, -0x7c58(gp) | t9 = *((gp - 7958));
0x0000397c move a0, s2 | a0 = s2;
0x00003980 jalr t9 | t9 ();
0x00003984 move v0, zero | v0 = 0;
0x00003988 b 0x39a0 | goto label_2;
| label_6:
0x0000398c lw t9, -0x7cec(gp) | t9 = sym.imp.daemon_retval_wait;
0x00003990 addiu a0, zero, 0x1e | a0 = 0x1e;
0x00003994 jalr t9 | t9 ();
0x00003998 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x0000399c bltz v0, 0x3ae8 | goto label_14;
| }
| do {
| label_2:
0x000039a0 lw ra, 0x34(sp) | ra = *(var_34h);
0x000039a4 lw s3, 0x30(sp) | s3 = *(var_30h);
0x000039a8 lw s2, 0x2c(sp) | s2 = *(var_2ch);
0x000039ac lw s1, 0x28(sp) | s1 = *(var_28h);
0x000039b0 lw s0, 0x24(sp) | s0 = *(var_24h);
0x000039b4 addiu sp, sp, 0x38 |
0x000039b8 jr ra | return v0;
| label_4:
0x000039bc lw t9, -0x7c38(gp) | t9 = sym.imp.ax_log_stdout;
0x000039c0 addiu s3, zero, 1 | s3 = 1;
0x000039c4 jalr t9 | t9 ();
0x000039c8 lw gp, 0x18(sp) | gp = *(var_18h);
0x000039cc b 0x37e4 | goto label_0;
| label_12:
0x000039d0 lw t9, -0x7c78(gp) | t9 = sym.imp.daemon_retval_send;
0x000039d4 move a0, zero | a0 = 0;
0x000039d8 jalr t9 | t9 ();
0x000039dc lw gp, 0x18(sp) | gp = *(var_18h);
0x000039e0 b 0x3904 | goto label_1;
| label_5:
0x000039e4 lw a3, -0x7fdc(gp) | a3 = *((gp - 8183));
0x000039e8 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x000039ec lw t9, -0x7ea0(gp) | t9 = sym.imp.g_log;
0x000039f0 addiu a3, a3, -0x19f8 | a3 += -0x19f8;
0x000039f4 addiu a2, a2, -0x1a74 | a2 += -0x1a74;
0x000039f8 addiu a1, zero, 0x100 | a1 = aav.0x00000100;
0x000039fc move a0, zero | a0 = 0;
0x00003a00 jalr t9 | t9 ();
0x00003a04 lw gp, 0x18(sp) | gp = *(var_18h);
0x00003a08 lw t9, -0x7e88(gp) | t9 = sym.imp.daemon_retval_done;
0x00003a0c jalr t9 | t9 ();
0x00003a10 nop |
0x00003a14 addiu v0, zero, 1 | v0 = 1;
0x00003a18 b 0x39a0 |
| } while (1);
| label_7:
0x00003a1c lw v0, -0x7d48(gp) | v0 = *((gp - 8018));
0x00003a20 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00003a24 lw t9, -0x7c4c(gp) | t9 = sym.imp.__fprintf_chk
0x00003a28 lw a0, (v0) | a0 = *(v0);
0x00003a2c addiu a3, s0, -0x1a24 | a3 = s0 + -0x1a24;
0x00003a30 addiu a2, a2, -0x1a18 | a2 += -0x1a18;
0x00003a34 addiu a1, zero, 1 | a1 = 1;
0x00003a38 jalr t9 | t9 ();
0x00003a3c lw gp, 0x18(sp) | gp = *(var_18h);
| do {
| label_3:
0x00003a40 lw a3, -0x7fdc(gp) | a3 = *((gp - 8183));
0x00003a44 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00003a48 lw t9, -0x7ea0(gp) | t9 = sym.imp.g_log;
0x00003a4c addiu a3, a3, -0x19f8 | a3 += -0x19f8;
0x00003a50 addiu a2, a2, -0x193c | a2 += -0x193c;
0x00003a54 addiu a1, zero, 8 | a1 = 8;
0x00003a58 move a0, zero | a0 = 0;
0x00003a5c jalr t9 | t9 ();
0x00003a60 addiu v0, zero, 1 | v0 = 1;
0x00003a64 b 0x39a0 | goto label_2;
| label_9:
0x00003a68 lw v0, -0x7d48(gp) | v0 = *((gp - 8018));
0x00003a6c lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00003a70 lw t9, -0x7c4c(gp) | t9 = sym.imp.__fprintf_chk
0x00003a74 lw a3, 8(s1) | a3 = *((s1 + 2));
0x00003a78 lw a0, (v0) | a0 = *(v0);
0x00003a7c addiu a2, a2, -0x19d0 | a2 += -0x19d0;
0x00003a80 addiu a1, zero, 1 | a1 = 1;
0x00003a84 jalr t9 | t9 ();
0x00003a88 lw gp, 0x18(sp) | gp = *(var_18h);
0x00003a8c b 0x3a40 |
| } while (1);
| label_8:
0x00003a90 lw v0, -0x7d48(gp) | v0 = *((gp - 8018));
0x00003a94 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00003a98 lw t9, -0x7c4c(gp) | t9 = sym.imp.__fprintf_chk
0x00003a9c lw a0, (v0) | a0 = *(v0);
0x00003aa0 addiu a3, s0, -0x1a24 | a3 = s0 + -0x1a24;
0x00003aa4 addiu a2, a2, -0x19f4 | a2 += -0x19f4;
0x00003aa8 addiu a1, zero, 1 | a1 = 1;
0x00003aac jalr t9 | t9 ();
0x00003ab0 lw gp, 0x18(sp) | gp = *(var_18h);
0x00003ab4 b 0x3a40 | goto label_3;
| label_10:
0x00003ab8 lw v1, -0x7d48(gp) | v1 = *((gp - 8018));
0x00003abc lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00003ac0 lw v0, 8(s1) | v0 = *((s1 + 2));
0x00003ac4 lw t9, -0x7c4c(gp) | t9 = sym.imp.__fprintf_chk
0x00003ac8 lw a3, (s2) | a3 = *(s2);
0x00003acc lw a0, (v1) | a0 = *(v1);
0x00003ad0 addiu a2, a2, -0x19b0 | a2 += -0x19b0;
0x00003ad4 sw v0, 0x10(sp) | *(var_10h) = v0;
0x00003ad8 addiu a1, zero, 1 | a1 = 1;
0x00003adc jalr t9 | t9 ();
0x00003ae0 lw gp, 0x18(sp) | gp = *(var_18h);
0x00003ae4 b 0x3a40 | goto label_3;
| label_14:
0x00003ae8 lw a3, -0x7fdc(gp) | a3 = *((gp - 8183));
0x00003aec lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00003af0 lw t9, -0x7ea0(gp) | t9 = sym.imp.g_log;
0x00003af4 addiu a3, a3, -0x19f8 | a3 += -0x19f8;
0x00003af8 addiu a2, a2, -0x1a5c | a2 += -0x1a5c;
0x00003afc addiu a1, zero, 0x100 | a1 = aav.0x00000100;
0x00003b00 move a0, zero | a0 = 0;
0x00003b04 jalr t9 | t9 ();
0x00003b08 addiu v0, zero, 1 | v0 = 1;
0x00003b0c b 0x39a0 | goto label_2;
| label_11:
0x00003b10 lw v0, -0x7d48(gp) | v0 = *((gp - 8018));
0x00003b14 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00003b18 lw t9, -0x7c4c(gp) | t9 = sym.imp.__fprintf_chk
0x00003b1c lw a3, 8(s2) | a3 = *((s2 + 2));
0x00003b20 lw a0, (v0) | a0 = *(v0);
0x00003b24 addiu a2, a2, -0x1974 | a2 += -0x1974;
0x00003b28 addiu a1, zero, 1 | a1 = 1;
0x00003b2c jalr t9 | t9 ();
0x00003b30 lw gp, 0x18(sp) | gp = *(var_18h);
0x00003b34 b 0x3a40 | goto label_3;
| }
[*] Function fprintf used 6 times scheduled
