[*] Binary protection state of htdbm
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of htdbm
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/htdbm @ 0x2534 */
| #include <stdint.h>
|
; (fcn) sym.mkhash () | void mkhash () {
0x00002534 lui gp, 2 |
0x00002538 addiu gp, gp, -0x6524 |
0x0000253c addu gp, gp, t9 | gp += t9;
0x00002540 addiu sp, sp, -0x58 |
0x00002544 lw v0, 0x18(a0) | v0 = *((a0 + 6));
0x00002548 sw s3, 0x48(sp) | *(var_48h) = s3;
0x0000254c lw s3, -0x7ee8(gp) | s3 = *((gp - 8122));
0x00002550 sw gp, 0x18(sp) | *(var_18h) = gp;
0x00002554 sw s0, 0x3c(sp) | *(var_3ch) = s0;
0x00002558 lw v1, (s3) | v1 = *(s3);
0x0000255c sw ra, 0x54(sp) | *(var_54h) = ra;
0x00002560 sw s5, 0x50(sp) | *(var_50h) = s5;
0x00002564 sw s4, 0x4c(sp) | *(var_4ch) = s4;
0x00002568 sw s2, 0x44(sp) | *(var_44h) = s2;
0x0000256c sw s1, 0x40(sp) | *(var_40h) = s1;
0x00002570 move s0, a0 | s0 = a0;
0x00002574 sw v1, 0x34(sp) | *(var_34h) = v1;
| if (v0 != 0) {
0x00002578 beql v0, zero, 0x2638 |
0x0000257c lw s1, 0x10(s0) | s1 = *((s0 + 4));
0x00002580 lw v1, 0x14(a0) | v1 = *((a0 + 5));
0x00002584 addiu v0, zero, 4 | v0 = 4;
0x00002588 lw v0, -0x7fcc(gp) | v0 = *(gp);
| if (v1 == v0) {
0x0000258c bne v1, v0, 0x261c |
0x00002590 lw s1, 0x10(a0) | s1 = *((a0 + 4));
0x00002594 lw t9, -0x7fc4(gp) | t9 = sym.get_password;
| if (s1 == 0) {
0x00002598 beqz s1, 0x27c8 | goto label_2;
| }
0x0000259c lw t9, -0x7f84(gp) | t9 = sym.imp.apr_generate_random_bytes;
0x000025a0 addiu s2, sp, 0x24 | s2 = sp + 0x24;
0x000025a4 addiu a1, zero, 0x10 | a1 = 0x10;
0x000025a8 move a0, s2 | a0 = s2;
0x000025ac jalr t9 | t9 ();
0x000025b0 sw v0, 0x20(sp) | *(var_20h_2) = v0;
0x000025b4 lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != 0) {
0x000025b8 bnez v0, 0x27e4 | goto label_3;
| }
0x000025bc lw a1, 0x18(s0) | a1 = *((s0 + 6));
0x000025c0 lw v1, 0xc(s0) | v1 = *((s0 + 3));
| if (a1 != 0) {
0x000025c4 bnel a1, zero, 0x25d8 |
0x000025c8 addiu v0, zero, 5 | v0 = 5;
0x000025cc sw v0, 0x18(s0) | *((s0 + 6)) = v0;
0x000025d0 addiu a1, zero, 5 | a1 = 5;
0x000025d4 lw v1, 0xc(s0) | v1 = *((s0 + 3));
| }
0x000025d8 lw v0, 8(s0) | v0 = *((s0 + 2));
0x000025dc lw t9, -0x7f78(gp) | t9 = sym.imp.apr_bcrypt_encode;
0x000025e0 sw v1, 0x14(sp) | *(var_14h) = v1;
0x000025e4 sw v0, 0x10(sp) | *(var_10h_3) = v0;
0x000025e8 addiu a3, zero, 0x10 | a3 = 0x10;
0x000025ec move a2, s2 | a2 = s2;
0x000025f0 move a0, s1 | a0 = s1;
0x000025f4 jalr t9 | t9 ();
0x000025f8 sw v0, 0x20(sp) | *(var_20h_2) = v0;
0x000025fc lw gp, 0x18(sp) | gp = *(var_18h);
| if (v0 != 0) {
0x00002600 bnez v0, 0x292c | goto label_4;
| }
0x00002604 lw t9, -0x7f2c(gp) | t9 = sym.imp.strlen;
0x00002608 move a0, s1 | a0 = s1;
0x0000260c jalr t9 | t9 ();
0x00002610 move s2, zero | s2 = 0;
0x00002614 lw gp, 0x18(sp) | gp = *(var_18h);
0x00002618 b 0x2690 | goto label_1;
| }
0x0000261c lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x00002620 lw t9, -0x7f90(gp) | t9 = sym.imp.apr_file_printf
0x00002624 lw a0, (v0) | a0 = *(v0);
0x00002628 addiu a1, a1, 0x398c | a1 += str.Warning:_Ignoring__C_argument_for_this_algorithm._n;
0x0000262c jalr t9 | t9 ();
0x00002630 lw gp, 0x18(sp) | gp = *(var_18h);
0x00002634 lw s1, 0x10(s0) | s1 = *((s0 + 4));
| }
0x00002638 lw t9, -0x7fc4(gp) | t9 = sym.get_password;
| if (s1 == 0) {
0x0000263c beqz s1, 0x27c8 | goto label_2;
| }
| label_0:
0x00002640 lw s2, 0x14(s0) | s2 = *((s0 + 5));
0x00002644 sltiu v0, s2, 5 | v0 = (s2 < 5) ? 1 : 0;
0x00002648 lw v1, -0x7fd8(gp) | v1 = *((gp - 8182));
| if (v0 == 0) {
0x0000264c beqz v0, 0x2984 | goto label_5;
| }
0x00002650 sll v0, s2, 2 | v0 = s2 << 2;
0x00002654 addiu v1, v1, 0x3b30 | v1 += 0x3b30;
0x00002658 lwx v0, v0(v1) | __asm ("lwx v0, v0(v1)");
0x0000265c addu v0, v0, gp | v0 += gp;
0x00002660 jr v0 | v0 ();
0x00002664 nop |
| label_1:
0x00002690 lw t9, -0x7f48(gp) | t9 = sym.imp.memset;
0x00002694 move a2, v0 | a2 = v0;
0x00002698 move a1, zero | a1 = 0;
0x0000269c move a0, s1 | a0 = s1;
0x000026a0 jalr t9 | t9 ();
0x000026a4 lw gp, 0x18(sp) | gp = *(var_18h);
| do {
0x000026a8 lw a0, 0x34(sp) | a0 = *(var_34h);
0x000026ac lw v1, (s3) | v1 = *(s3);
0x000026b0 move v0, s2 | v0 = s2;
| if (a0 != v1) {
0x000026b4 bne a0, v1, 0x29b0 | goto label_6;
| }
0x000026b8 lw ra, 0x54(sp) | ra = *(var_54h);
0x000026bc lw s5, 0x50(sp) | s5 = *(var_50h);
0x000026c0 lw s4, 0x4c(sp) | s4 = *(var_4ch);
0x000026c4 lw s3, 0x48(sp) | s3 = *(var_48h);
0x000026c8 lw s2, 0x44(sp) | s2 = *(var_44h);
0x000026cc lw s1, 0x40(sp) | s1 = *(var_40h);
0x000026d0 lw s0, 0x3c(sp) | s0 = *(var_3ch);
0x000026d4 addiu sp, sp, 0x58 |
0x000026d8 jr ra | return v0;
| label_2:
0x000027c8 move a0, s0 | a0 = s0;
0x000027cc bal 0x22a4 | sym_get_password ();
0x000027d0 move s2, v0 | s2 = v0;
0x000027d4 lw gp, 0x18(sp) | gp = *(var_18h);
0x000027d8 bnez v0, 0x26a8 |
| } while (v0 != 0);
0x000027dc lw s1, 0x10(s0) | s1 = *((s0 + 4));
0x000027e0 b 0x2640 | goto label_0;
| label_3:
0x000027e4 lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x000027e8 lw t9, -0x7f3c(gp) | t9 = sym.imp.apr_psprintf
0x000027ec lw a0, (s0) | a0 = *(s0);
0x000027f0 addiu a2, sp, 0x20 | a2 = sp + 0x20;
0x000027f4 addiu a1, a1, 0x38a0 | a1 += str.Unable_to_generate_random_bytes:__pm;
0x000027f8 jalr t9 | t9 ();
0x000027fc lw gp, 0x18(sp) | gp = *(var_18h);
0x00002800 sw v0, 4(s0) | *((s0 + 1)) = v0;
0x00002804 move a0, s1 | a0 = s1;
0x00002808 lw t9, -0x7f2c(gp) | t9 = sym.imp.strlen;
0x0000280c addiu s2, zero, 8 | s2 = 8;
0x00002810 jalr t9 | t9 ();
0x00002814 lw gp, 0x18(sp) | gp = *(var_18h);
0x00002818 b 0x2690 | goto label_1;
| label_4:
0x0000292c lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x00002930 lw t9, -0x7f3c(gp) | t9 = sym.imp.apr_psprintf
0x00002934 lw a0, (s0) | a0 = *(s0);
0x00002938 addiu a2, sp, 0x20 | a2 = sp + 0x20;
0x0000293c addiu a1, a1, 0x3a38 | a1 += str.Unable_to_encode_with_bcrypt:__pm;
0x00002940 jalr t9 | t9 ();
0x00002944 lw gp, 0x18(sp) | gp = *(var_18h);
0x00002948 sw v0, 4(s0) | *((s0 + 1)) = v0;
0x0000294c move a0, s1 | a0 = s1;
0x00002950 lw t9, -0x7f2c(gp) | t9 = sym.imp.strlen;
0x00002954 addiu s2, zero, 3 | s2 = 3;
0x00002958 jalr t9 | t9 ();
0x0000295c lw gp, 0x18(sp) | gp = *(var_18h);
0x00002960 b 0x2690 | goto label_1;
| label_5:
0x00002984 lw v0, -0x7fcc(gp) | v0 = *(gp);
0x00002988 lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x0000298c lw t9, -0x7f90(gp) | t9 = sym.imp.apr_file_printf
0x00002990 lw a0, (v0) | a0 = *(v0);
0x00002994 move a2, s2 | a2 = s2;
0x00002998 addiu a1, a1, 0x3a5c | a1 += str.mkhash__:_BUG:_invalid_algorithm__d;
0x0000299c jalr t9 | t9 ();
0x000029a0 lw gp, 0x18(sp) | gp = *(var_18h);
0x000029a4 lw t9, -0x7f88(gp) | t9 = sym.imp.abort;
0x000029a8 jalr t9 | t9 ();
0x000029ac nop |
| label_6:
0x000029b0 lw t9, -0x7ef8(gp) | t9 = sym.imp.__stack_chk_fail;
0x000029b4 jalr t9 | t9 ();
0x000029b8 nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/htdbm @ 0x29bc */
| #include <stdint.h>
|
; (fcn) sym.parse_common_options () | void parse_common_options () {
0x000029bc lui gp, 2 |
0x000029c0 addiu gp, gp, -0x69ac |
0x000029c4 addu gp, gp, t9 | gp += t9;
0x000029c8 addiu sp, sp, -0x30 |
0x000029cc addiu v0, a1, -0x42 | v0 = a1 + -0x42;
0x000029d0 sw s0, 0x24(sp) | *(var_24h) = s0;
0x000029d4 lw s0, -0x7ee8(gp) | s0 = *((gp - 8122));
0x000029d8 andi v0, v0, 0xff | v0 &= 0xff;
0x000029dc sw gp, 0x10(sp) | *(var_10h) = gp;
0x000029e0 lw a3, (s0) | a3 = *(s0);
0x000029e4 sltiu v1, v0, 0x32 | v1 = (v0 < 0x32) ? 1 : 0;
0x000029e8 sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x000029ec sw s1, 0x28(sp) | *(var_28h) = s1;
0x000029f0 sw a3, 0x1c(sp) | *(var_1ch) = a3;
0x000029f4 sll v1, v0, 2 | v1 = v0 << 2;
| if (v1 == 0) {
0x000029f8 beqz v1, 0x2af0 | goto label_0;
| }
0x000029fc lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x00002a00 addiu v0, v0, 0x3b44 | v0 += 0x3b44;
0x00002a04 lwx v0, v1(v0) | __asm ("lwx v0, v1(v0)");
0x00002a08 addu v0, v0, gp | v0 += gp;
0x00002a0c move s1, a0 | s1 = a0;
0x00002a10 jr v0 | v0 ();
| do {
0x00002a20 lw a0, 0x1c(sp) | a0 = *(var_1ch);
0x00002a24 lw v1, (s0) | v1 = *(s0);
0x00002a28 lw ra, 0x2c(sp) | ra = *(var_2ch);
| if (a0 != v1) {
0x00002a2c bne a0, v1, 0x2b30 | goto label_1;
| }
0x00002a30 lw s1, 0x28(sp) | s1 = *(var_28h);
0x00002a34 lw s0, 0x24(sp) | s0 = *(var_24h);
0x00002a38 addiu sp, sp, 0x30 |
0x00002a3c jr ra | return v1;
| label_0:
0x00002af0 lw v0, -0x7fcc(gp) | v0 = *(gp);
0x00002af4 move a2, a1 | a2 = a1;
0x00002af8 lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x00002afc lw t9, -0x7f90(gp) | t9 = sym.imp.apr_file_printf
0x00002b00 lw a0, (v0) | a0 = *(v0);
0x00002b04 addiu a1, a1, 0x3afc | a1 += str.parse_common_options__:_BUG:_invalid_option__c;
0x00002b08 jalr t9 | t9 ();
0x00002b0c lw gp, 0x10(sp) | gp = *(var_10h);
0x00002b10 lw t9, -0x7f88(gp) | t9 = sym.imp.abort;
0x00002b14 jalr t9 | t9 ();
0x00002b18 nop |
0x00002b1c lw v1, -0x7fd8(gp) | v1 = *((gp - 8182));
0x00002b20 addiu v0, zero, 2 | v0 = 2;
0x00002b24 addiu v1, v1, 0x3ad0 | v1 += str.argument_to__C_must_be_a_positive_integer;
0x00002b28 sw v1, 4(s1) | *((s1 + 1)) = v1;
0x00002b2c b 0x2a20 |
| } while (1);
| label_1:
0x00002b30 lw t9, -0x7ef8(gp) | t9 = sym.imp.__stack_chk_fail;
0x00002b34 jalr t9 | t9 ();
0x00002b38 nop |
0x00002b3c nop |
| }
[*] Function printf used 6 times htdbm
