[*] Binary protection state of vdo
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of vdo
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/vdo @ 0x4cfe4 */
| #include <stdint.h>
|
; (fcn) fcn.0004cfe4 () | void fcn_0004cfe4 () {
0x0004cfe4 lui gp, 3 |
0x0004cfe8 addiu gp, gp, -0xef4 |
0x0004cfec addu gp, gp, t9 | gp += t9;
0x0004cff0 addiu sp, sp, -0x38 |
0x0004cff4 lw t9, -0x78f4(gp) | t9 = sym.imp.ioctl;
0x0004cff8 sw s3, 0x30(sp) | *(var_30h) = s3;
0x0004cffc sw s1, 0x28(sp) | *(var_28h) = s1;
0x0004d000 move s3, a1 | s3 = a1;
0x0004d004 move s1, a0 | s1 = a0;
0x0004d008 lui a1, 0x8040 | a1 = 0x80400000;
0x0004d00c lw a0, 0x2c(a0) | a0 = *((a0 + 11));
0x0004d010 sw gp, 0x18(sp) | *(var_18h) = gp;
0x0004d014 sw ra, 0x34(sp) | *(var_34h) = ra;
0x0004d018 sw s2, 0x2c(sp) | *(var_2ch) = s2;
0x0004d01c sw s0, 0x24(sp) | *(var_24h) = s0;
0x0004d020 addiu a1, a1, 0x2a51 | a1 += 0x2a51;
0x0004d024 jalr t9 | t9 ();
0x0004d028 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x0004d02c bltz v0, 0x4d0bc | goto label_0;
| }
0x0004d030 lw t9, -0x7860(gp) | t9 = sym.imp.g_malloc0;
0x0004d034 addiu a0, zero, 0x18 | a0 = 0x18;
0x0004d038 move s2, v0 | s2 = v0;
0x0004d03c jalr t9 | t9 ();
0x0004d040 lw gp, 0x18(sp) | gp = *(var_18h);
0x0004d044 move s0, v0 | s0 = v0;
0x0004d048 lw v0, 0x2c(s1) | v0 = *((s1 + 11));
0x0004d04c lw t9, -0x7904(gp) | t9 = sym.imp.mmap
0x0004d050 sw s2, (s0) | *(s0) = s2;
0x0004d054 sw s3, 0xc(s0) | *((s0 + 3)) = s3;
0x0004d058 sw s3, 0x10(s0) | *((s0 + 4)) = s3;
0x0004d05c addiu a3, zero, 1 | a3 = 1;
0x0004d060 sw s2, 0x14(sp) | *(var_14h) = s2;
0x0004d064 sw v0, 0x10(sp) | *(var_10h) = v0;
0x0004d068 addiu a2, zero, 3 | a2 = 3;
0x0004d06c addiu a1, zero, 0x40 | a1 = 0x40;
0x0004d070 move a0, zero | a0 = 0;
0x0004d074 jalr t9 | t9 ();
0x0004d078 addiu v1, zero, -1 | v1 = -1;
0x0004d07c lw gp, 0x18(sp) | gp = *(var_18h);
0x0004d080 sw v0, 4(s0) | *((s0 + 1)) = v0;
| if (v0 == v1) {
0x0004d084 beq v0, v1, 0x4d0f8 | goto label_1;
| }
0x0004d088 lw t9, -0x7528(gp) | t9 = sym.imp.g_list_append;
0x0004d08c lw a0, 0x4c(s1) | a0 = *((s1 + 19));
0x0004d090 move a1, s0 | a1 = s0;
0x0004d094 jalr t9 | t9 ();
0x0004d098 sw v0, 0x4c(s1) | *((s1 + 19)) = v0;
0x0004d09c lw ra, 0x34(sp) | ra = *(var_34h);
| do {
0x0004d0a0 move v0, s0 | v0 = s0;
0x0004d0a4 lw s3, 0x30(sp) | s3 = *(var_30h);
0x0004d0a8 lw s2, 0x2c(sp) | s2 = *(var_2ch);
0x0004d0ac lw s1, 0x28(sp) | s1 = *(var_28h);
0x0004d0b0 lw s0, 0x24(sp) | s0 = *(var_24h);
0x0004d0b4 addiu sp, sp, 0x38 |
0x0004d0b8 jr ra | return v0;
| label_0:
0x0004d0bc lw a2, -0x7fa0(gp) | a2 = *(gp);
0x0004d0c0 lw t9, -0x7504(gp) | t9 = sym.imp.g_log;
| /* str.VCA_ADD_failed:__m */
0x0004d0c4 addiu a2, a2, -0x33e8 | a2 += -0x33e8;
0x0004d0c8 addiu a1, zero, 0x10 | a1 = 0x10;
0x0004d0cc move a0, zero | a0 = 0;
0x0004d0d0 jalr t9 | t9 ();
0x0004d0d4 lw ra, 0x34(sp) | ra = *(var_34h);
0x0004d0d8 move s0, zero | s0 = 0;
0x0004d0dc move v0, s0 | v0 = s0;
0x0004d0e0 lw s3, 0x30(sp) | s3 = *(var_30h);
0x0004d0e4 lw s2, 0x2c(sp) | s2 = *(var_2ch);
0x0004d0e8 lw s1, 0x28(sp) | s1 = *(var_28h);
0x0004d0ec lw s0, 0x24(sp) | s0 = *(var_24h);
0x0004d0f0 addiu sp, sp, 0x38 |
0x0004d0f4 jr ra | return v0;
| label_1:
0x0004d0f8 lw a2, -0x7fa0(gp) | a2 = *(gp);
0x0004d0fc lw t9, -0x7504(gp) | t9 = sym.imp.g_log;
0x0004d100 lw a3, (s0) | a3 = *(s0);
| /* str.mmap_vca_handle:__08x_failed:__m */
0x0004d104 addiu a2, a2, -0x33d4 | a2 += -aav.0x000033d4;
0x0004d108 addiu a1, zero, 0x10 | a1 = 0x10;
0x0004d10c move a0, zero | a0 = 0;
0x0004d110 jalr t9 | t9 ();
0x0004d114 lw gp, 0x18(sp) | gp = *(var_18h);
0x0004d118 move a0, s0 | a0 = s0;
0x0004d11c lw t9, -0x772c(gp) | t9 = *((gp - 7627));
0x0004d120 move s0, zero | s0 = 0;
0x0004d124 jalr t9 | t9 ();
0x0004d128 lw ra, 0x34(sp) | ra = *(var_34h);
0x0004d12c b 0x4d0a0 |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/vdo @ 0x4d298 */
| #include <stdint.h>
|
; (fcn) fcn.0004d298 () | void fcn_0004d298 () {
0x0004d298 lui gp, 3 |
0x0004d29c addiu gp, gp, -0x11a8 |
0x0004d2a0 addu gp, gp, t9 | gp += t9;
0x0004d2a4 addiu sp, sp, -0x48 |
0x0004d2a8 lw t9, -0x78f4(gp) | t9 = sym.imp.ioctl;
0x0004d2ac sw s4, 0x34(sp) | *(var_34h) = s4;
0x0004d2b0 sw s3, 0x30(sp) | *(var_30h) = s3;
0x0004d2b4 sw s0, 0x24(sp) | *(var_24h) = s0;
0x0004d2b8 move s4, a2 | s4 = a2;
0x0004d2bc move s0, a0 | s0 = a0;
0x0004d2c0 lw a2, 0x54(a0) | a2 = *((a0 + 21));
0x0004d2c4 move s3, a1 | s3 = a1;
0x0004d2c8 lw a0, 0x2c(a0) | a0 = *((a0 + 11));
0x0004d2cc lui a1, 0x8004 | a1 = 0x80040000;
0x0004d2d0 sw gp, 0x18(sp) | *(var_18h) = gp;
0x0004d2d4 sw ra, 0x44(sp) | *(var_44h) = ra;
0x0004d2d8 sw s7, 0x40(sp) | *(var_40h) = s7;
0x0004d2dc sw s6, 0x3c(sp) | *(var_3ch) = s6;
0x0004d2e0 sw s5, 0x38(sp) | *(var_38h) = s5;
0x0004d2e4 sw s2, 0x2c(sp) | *(var_2ch) = s2;
0x0004d2e8 sw s1, 0x28(sp) | *(var_28h) = s1;
0x0004d2ec addiu a1, a1, 0x2a11 | a1 += 0x2a11;
0x0004d2f0 jalr t9 | t9 ();
0x0004d2f4 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 < 0) {
0x0004d2f8 bltz v0, 0x4d4b4 | goto label_3;
| }
0x0004d2fc lw a1, -0x7fa0(gp) | a1 = *(gp);
0x0004d300 lw t9, -0x7ed0(gp) | t9 = sym.vdo_map_get_uint32;
0x0004d304 lw a0, 0x20(s0) | a0 = *((s0 + 8));
0x0004d308 move a2, zero | a2 = 0;
| /* str.width */
0x0004d30c addiu a1, a1, -0x59b0 | a1 += -0x59b0;
0x0004d310 move s2, v0 | s2 = v0;
0x0004d314 jalr t9 | t9 ();
0x0004d318 lw gp, 0x18(sp) | gp = *(var_18h);
0x0004d31c lw a0, 0x20(s0) | a0 = *((s0 + 8));
0x0004d320 move a2, zero | a2 = 0;
0x0004d324 lw a1, -0x7fa0(gp) | a1 = *(gp);
0x0004d328 lw t9, -0x7ed0(gp) | t9 = sym.vdo_map_get_uint32;
| /* str.height */
0x0004d32c addiu a1, a1, -0x59a8 | a1 += -0x59a8;
0x0004d330 move s1, v0 | s1 = v0;
0x0004d334 jalr t9 | t9 ();
0x0004d338 lw gp, 0x18(sp) | gp = *(var_18h);
0x0004d33c lw a0, 0x20(s0) | a0 = *((s0 + 8));
0x0004d340 move a2, s1 | a2 = s1;
0x0004d344 lw a1, -0x7fa0(gp) | a1 = *(gp);
0x0004d348 lw t9, -0x7ed0(gp) | t9 = sym.vdo_map_get_uint32;
| /* str.pitch */
0x0004d34c addiu a1, a1, -0x596c | a1 += -0x596c;
0x0004d350 move s5, v0 | s5 = v0;
0x0004d354 jalr t9 | t9 ();
0x0004d358 lw gp, 0x18(sp) | gp = *(var_18h);
0x0004d35c addiu a0, zero, 0x18 | a0 = 0x18;
0x0004d360 move s6, v0 | s6 = v0;
0x0004d364 lw t9, -0x7860(gp) | t9 = sym.imp.g_malloc0;
0x0004d368 addiu s7, zero, -1 | s7 = -1;
0x0004d36c jalr t9 | t9 ();
0x0004d370 lw gp, 0x18(sp) | gp = *(var_18h);
0x0004d374 move s1, v0 | s1 = v0;
0x0004d378 lw v0, 0x2c(s0) | v0 = *((s0 + 11));
0x0004d37c lw t9, -0x7904(gp) | t9 = sym.imp.mmap
0x0004d380 sw s2, (s1) | *(s1) = s2;
0x0004d384 addiu a3, zero, 1 | a3 = 1;
0x0004d388 sw s2, 0x14(sp) | *(var_14h) = s2;
0x0004d38c sw v0, 0x10(sp) | *(var_10h) = v0;
0x0004d390 addiu a2, zero, 3 | a2 = 3;
0x0004d394 addiu a1, zero, 0x264 | a1 = aav.0x00000264;
0x0004d398 move a0, zero | a0 = 0;
0x0004d39c jalr t9 | t9 ();
0x0004d3a0 lw gp, 0x18(sp) | gp = *(var_18h);
0x0004d3a4 sw v0, 4(s1) | *((s1 + 1)) = v0;
| if (v0 == s7) {
0x0004d3a8 beq v0, s7, 0x4d500 | goto label_4;
| }
0x0004d3ac lw t9, -0x783c(gp) | t9 = sym.imp.memset;
0x0004d3b0 move a0, v0 | a0 = v0;
0x0004d3b4 addiu a2, zero, 0x264 | a2 = aav.0x00000264;
0x0004d3b8 move a1, zero | a1 = 0;
0x0004d3bc jalr t9 | t9 ();
0x0004d3c0 lw s2, 4(s1) | s2 = *((s1 + 1));
0x0004d3c4 lw a0, 0x54(s0) | a0 = *((s0 + 21));
0x0004d3c8 lw v1, 0x10(s0) | v1 = *((s0 + 4));
0x0004d3cc addiu v0, zero, 2 | v0 = 2;
0x0004d3d0 lw gp, 0x18(sp) | gp = *(var_18h);
0x0004d3d4 sw s7, 0x18(s2) | *((s2 + 6)) = s7;
0x0004d3d8 sw a0, (s2) | *(s2) = a0;
0x0004d3dc sw zero, 0x258(s2) | *(s2) = 0;
0x0004d3e0 sw s3, 8(s1) | *((s1 + 2)) = s3;
0x0004d3e4 sw s4, 0x234(s2) | *(s2) = s4;
| if (v1 == v0) {
0x0004d3e8 beq v1, v0, 0x4d478 | goto label_5;
| }
0x0004d3ec lw s4, 0xc(s0) | s4 = *((s0 + 3));
0x0004d3f0 addiu v0, zero, 3 | v0 = 3;
0x0004d3f4 lw t9, -0x75e8(gp) | t9 = sym.imp.aligned_alloc;
| if (s4 != v0) {
0x0004d3f8 bne s4, v0, 0x4d444 | goto label_6;
| }
0x0004d3fc sw s3, 0xc(s1) | *((s1 + 3)) = s3;
0x0004d400 lw t9, -0x7528(gp) | t9 = sym.imp.g_list_append;
| do {
| label_0:
0x0004d404 lw a0, 0x4c(s0) | a0 = *((s0 + 19));
0x0004d408 move a1, s1 | a1 = s1;
0x0004d40c jalr t9 | t9 ();
0x0004d410 sw v0, 0x4c(s0) | *((s0 + 19)) = v0;
0x0004d414 lw ra, 0x44(sp) | ra = *(var_44h);
| label_2:
0x0004d418 move v0, s1 | v0 = s1;
0x0004d41c lw s7, 0x40(sp) | s7 = *(var_40h);
0x0004d420 lw s6, 0x3c(sp) | s6 = *(var_3ch);
0x0004d424 lw s5, 0x38(sp) | s5 = *(var_38h);
0x0004d428 lw s4, 0x34(sp) | s4 = *(var_34h);
0x0004d42c lw s3, 0x30(sp) | s3 = *(var_30h);
0x0004d430 lw s2, 0x2c(sp) | s2 = *(var_2ch);
0x0004d434 lw s1, 0x28(sp) | s1 = *(var_28h);
0x0004d438 lw s0, 0x24(sp) | s0 = *(var_24h);
0x0004d43c addiu sp, sp, 0x48 |
0x0004d440 jr ra | return v0;
| label_6:
0x0004d444 move a1, s3 | a1 = s3;
0x0004d448 addiu a0, zero, 0x1000 | a0 = 0x1000;
0x0004d44c jalr t9 | t9 ();
0x0004d450 lw gp, 0x18(sp) | gp = *(var_18h);
0x0004d454 sw v0, 0x234(s2) | *(s2) = v0;
0x0004d458 sw s3, 0x238(s2) | *(s2) = s3;
| label_1:
0x0004d45c addiu v0, zero, 2 | v0 = 2;
0x0004d460 lw t9, -0x7528(gp) | t9 = sym.imp.g_list_append;
0x0004d464 bne s4, v0, 0x4d404 |
| } while (s4 != v0);
0x0004d468 lw v0, 4(s1) | v0 = *((s1 + 1));
0x0004d46c lw v1, 0x40(s0) | v1 = *((s0 + 16));
0x0004d470 sw v1, 0x228(v0) | *(v0) = v1;
0x0004d474 b 0x4d404 | goto label_0;
| label_5:
0x0004d478 mul s5, s5, s6 | __asm ("mul s5, s5, s6");
0x0004d47c lw v0, 0x2c(s0) | v0 = *((s0 + 11));
0x0004d480 lw t9, -0x7904(gp) | t9 = sym.imp.mmap
0x0004d484 addiu a3, zero, 1 | a3 = 1;
0x0004d488 addiu a2, zero, 3 | a2 = 3;
0x0004d48c sw s5, 0xc(s1) | *((s1 + 3)) = s5;
0x0004d490 move a1, s3 | a1 = s3;
0x0004d494 sw s4, 0x14(sp) | *(var_14h) = s4;
0x0004d498 sw v0, 0x10(sp) | *(var_10h) = v0;
0x0004d49c move a0, zero | a0 = 0;
0x0004d4a0 jalr t9 | t9 ();
0x0004d4a4 lw gp, 0x18(sp) | gp = *(var_18h);
0x0004d4a8 sw v0, 0x14(s1) | *((s1 + 5)) = v0;
0x0004d4ac lw s4, 0xc(s0) | s4 = *((s0 + 3));
0x0004d4b0 b 0x4d45c | goto label_1;
| label_3:
0x0004d4b4 lw a2, -0x7fa0(gp) | a2 = *(gp);
0x0004d4b8 lw t9, -0x7504(gp) | t9 = sym.imp.g_log;
| /* str.ENCODE_ADD_failed:__m */
0x0004d4bc addiu a2, a2, -0x33b0 | a2 += -0x33b0;
0x0004d4c0 addiu a1, zero, 0x10 | a1 = 0x10;
0x0004d4c4 move a0, zero | a0 = 0;
0x0004d4c8 jalr t9 | t9 ();
0x0004d4cc lw ra, 0x44(sp) | ra = *(var_44h);
0x0004d4d0 move s1, zero | s1 = 0;
0x0004d4d4 move v0, s1 | v0 = s1;
0x0004d4d8 lw s7, 0x40(sp) | s7 = *(var_40h);
0x0004d4dc lw s6, 0x3c(sp) | s6 = *(var_3ch);
0x0004d4e0 lw s5, 0x38(sp) | s5 = *(var_38h);
0x0004d4e4 lw s4, 0x34(sp) | s4 = *(var_34h);
0x0004d4e8 lw s3, 0x30(sp) | s3 = *(var_30h);
0x0004d4ec lw s2, 0x2c(sp) | s2 = *(var_2ch);
0x0004d4f0 lw s1, 0x28(sp) | s1 = *(var_28h);
0x0004d4f4 lw s0, 0x24(sp) | s0 = *(var_24h);
0x0004d4f8 addiu sp, sp, 0x48 |
0x0004d4fc jr ra | return v0;
| label_4:
0x0004d500 lw a2, -0x7fa0(gp) | a2 = *(gp);
0x0004d504 lw t9, -0x7504(gp) | t9 = sym.imp.g_log;
0x0004d508 lw a3, (s1) | a3 = *(s1);
| /* str.mmap_enc_handle:__08x_failed:__m */
0x0004d50c addiu a2, a2, -0x3398 | a2 += -0x3398;
0x0004d510 addiu a1, zero, 0x10 | a1 = 0x10;
0x0004d514 move a0, zero | a0 = 0;
0x0004d518 jalr t9 | t9 ();
0x0004d51c lw gp, 0x18(sp) | gp = *(var_18h);
0x0004d520 move a0, s1 | a0 = s1;
0x0004d524 lw t9, -0x772c(gp) | t9 = *((gp - 7627));
0x0004d528 move s1, zero | s1 = 0;
0x0004d52c jalr t9 | t9 ();
0x0004d530 lw ra, 0x44(sp) | ra = *(var_44h);
0x0004d534 b 0x4d418 | goto label_2;
| }
[*] Function mmap used 6 times vdo
