[*] Binary protection state of rtspwssession.cgi
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of rtspwssession.cgi
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/html/axis-cgi/rtspwssession.cgi @ 0x9b0 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
| /* [13] -r-x section size 2400 named .text */
0x000009b0 lui gp, 2 |
0x000009b4 addiu gp, gp, -0x69a0 |
0x000009b8 addu gp, gp, t9 | gp += t9;
0x000009bc addiu sp, sp, -0x80 |
0x000009c0 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x000009c4 sw s1, 0x5c(sp) | *(var_5ch) = s1;
0x000009c8 lw s1, -0x7f54(gp) | s1 = *((gp - 8149));
0x000009cc sw fp, 0x78(sp) | *(var_78h) = fp;
0x000009d0 move fp, sp | fp = sp;
0x000009d4 lw v0, (s1) | v0 = *(s1);
0x000009d8 lw t9, -0x7f70(gp) | t9 = sym.imp.puts;
0x000009dc sw ra, 0x7c(sp) | *(var_7ch) = ra;
0x000009e0 sw gp, 0x20(sp) | *(var_20h) = gp;
0x000009e4 sw s7, 0x74(sp) | *(var_74h) = s7;
0x000009e8 sw s6, 0x70(sp) | *(var_70h) = s6;
0x000009ec sw s5, 0x6c(sp) | *(var_6ch) = s5;
0x000009f0 sw s4, 0x68(sp) | *(var_68h) = s4;
0x000009f4 sw s3, 0x64(sp) | *(var_64h) = s3;
0x000009f8 sw s2, 0x60(sp) | *(var_60h) = s2;
0x000009fc sw s0, 0x58(sp) | *(var_58h) = s0;
0x00000a00 addiu a0, a0, 0x151c | a0 += str.Content_Type:_text_plain_r_n_r;
0x00000a04 sw v0, 0x54(fp) | *(arg_54h) = v0;
0x00000a08 jalr t9 | t9 ();
0x00000a0c nop |
0x00000a10 lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000a14 lw a0, -0x7fdc(gp) | a0 = *((gp - 8183));
0x00000a18 lw t9, -0x7f6c(gp) | t9 = sym.imp.getenv;
0x00000a1c addiu a0, a0, 0x1538 | a0 += str.REMOTE_USER;
0x00000a20 jalr t9 | t9 ();
0x00000a24 lw gp, 0x20(fp) | gp = *(arg_20h);
| if (v0 == 0) {
0x00000a28 beqz v0, 0xc5c | goto label_0;
| }
0x00000a2c lw t9, -0x7f58(gp) | t9 = sym.imp.time;
0x00000a30 move a0, zero | a0 = 0;
0x00000a34 move s6, v0 | s6 = v0;
0x00000a38 jalr t9 | t9 ();
0x00000a3c lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000a40 move a1, zero | a1 = 0;
0x00000a44 addiu a0, fp, 0x30 | a0 = fp + 0x30;
0x00000a48 lw t9, -0x7f5c(gp) | t9 = sym.imp.gettimeofday;
0x00000a4c move s3, v0 | s3 = v0;
0x00000a50 jalr t9 | t9 ();
0x00000a54 lw v0, 0x34(fp) | v0 = *(arg_34h);
0x00000a58 addiu v1, zero, 0x3e8 | v1 = 0x3e8;
0x00000a5c div zero, v0, v1 | __asm ("div zero, v0, v1");
0x00000a60 teq v1, zero, 7 | __asm ("teq v1, zero, 7");
0x00000a64 lw a0, 0x30(fp) | a0 = *(arg_30h);
0x00000a68 lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000a6c addiu s2, fp, 0x38 | s2 = fp + 0x38;
0x00000a70 move s4, sp | s4 = sp;
0x00000a74 lw t9, -0x7f7c(gp) | t9 = sym.imp.srand;
0x00000a78 move s5, sp | s5 = sp;
0x00000a7c mflo v0 | __asm ("mflo v0");
0x00000a80 mul a1, a0, v1 | __asm ("mul a1, a0, v1");
0x00000a84 addu a0, a1, v0 | a0 = a1 + v0;
0x00000a88 jalr t9 | t9 ();
0x00000a8c lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000a90 lw t9, -0x7f90(gp) | t9 = sym.imp.rand;
0x00000a94 jalr t9 | t9 ();
0x00000a98 nop |
0x00000a9c lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000aa0 sw v0, 0x14(sp) | *(var_14h_2) = v0;
0x00000aa4 addiu a3, zero, 0x19 | a3 = 0x19;
0x00000aa8 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00000aac lw t9, -0x7f44(gp) | t9 = sym.imp.__snprintf_chk
0x00000ab0 addiu v0, v0, 0x1544 | v0 += str._d_lu;
0x00000ab4 addiu a2, zero, 1 | a2 = 1;
0x00000ab8 addiu a1, zero, 0x19 | a1 = 0x19;
0x00000abc sw s3, 0x18(sp) | *(var_18h_2) = s3;
0x00000ac0 sw v0, 0x10(sp) | *(var_10h_2) = v0;
0x00000ac4 move a0, s2 | a0 = s2;
0x00000ac8 jalr t9 | t9 ();
0x00000acc lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000ad0 lw t9, -0x7f80(gp) | t9 = sym.imp.strlen;
0x00000ad4 move a0, s2 | a0 = s2;
0x00000ad8 jalr t9 | t9 ();
0x00000adc lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000ae0 addiu v1, v0, 0x1f | v1 = v0 + 0x1f;
0x00000ae4 srl v1, v1, 3 | v1 >>= 3;
0x00000ae8 sll v1, v1, 3 | v1 <<= 3;
0x00000aec lw t9, -0x7fd4(gp) | t9 = sym.remove_old_sessions;
0x00000af0 subu sp, sp, v1 |
0x00000af4 addiu s0, v0, 0x18 | s0 = v0 + 0x18;
0x00000af8 bal 0xe60 | sym_remove_old_sessions ();
0x00000afc lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000b00 addiu s7, sp, 0x20 | s7 = sp + 0x20;
0x00000b04 sw s2, 0x18(sp) | *(var_18h_2) = s2;
0x00000b08 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00000b0c lw t9, -0x7f44(gp) | t9 = sym.imp.__snprintf_chk
0x00000b10 addiu v0, v0, 0x14ac | v0 += str._var_run_rtspwssession;
0x00000b14 sw v0, 0x14(sp) | *(var_14h_2) = v0;
0x00000b18 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00000b1c addiu a3, zero, -1 | a3 = -1;
0x00000b20 addiu v0, v0, 0x14cc | v0 += str._s__s;
0x00000b24 sw v0, 0x10(sp) | *(var_10h_2) = v0;
0x00000b28 addiu a2, zero, 1 | a2 = 1;
0x00000b2c move a1, s0 | a1 = s0;
0x00000b30 move a0, s7 | a0 = s7;
0x00000b34 jalr t9 | t9 ();
0x00000b38 sltu v0, v0, s0 | v0 = (v0 < s0) ? 1 : 0;
0x00000b3c lw gp, 0x20(fp) | gp = *(arg_20h);
| if (v0 != 0) {
0x00000b40 beqz v0, 0xc34 |
0x00000b44 lw t9, -0x7f78(gp) | t9 = sym.imp.open;
0x00000b48 move a0, s7 | a0 = s7;
0x00000b4c addiu a2, zero, 0x1b0 | a2 = aav.0x000001b0;
0x00000b50 addiu a1, zero, 0x301 | a1 = 0x301;
0x00000b54 jalr t9 | t9 ();
0x00000b58 move s7, v0 | s7 = v0;
0x00000b5c addiu v0, zero, -1 | v0 = -1;
0x00000b60 lw gp, 0x20(fp) | gp = *(arg_20h);
| if (s7 == v0) {
0x00000b64 beq s7, v0, 0xc34 | goto label_1;
| }
0x00000b68 lw t9, -0x7f80(gp) | t9 = sym.imp.strlen;
0x00000b6c move a0, s6 | a0 = s6;
0x00000b70 jalr t9 | t9 ();
0x00000b74 addiu a0, v0, 0x1a | a0 = v0 + 0x1a;
0x00000b78 srl a0, a0, 3 | a0 >>= 3;
0x00000b7c lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000b80 sll a0, a0, 3 | a0 <<= 3;
0x00000b84 sw sp, 0x28(fp) |
0x00000b88 subu sp, sp, a0 |
0x00000b8c addiu s0, v0, 0x13 | s0 = v0 + 0x13;
0x00000b90 addiu v0, zero, 0xf | v0 = 0xf;
0x00000b94 sw v0, 0x1c(sp) | *(var_1ch) = v0;
0x00000b98 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
0x00000b9c addiu t0, sp, 0x20 | t0 = sp + 0x20;
0x00000ba0 lw t9, -0x7f44(gp) | t9 = sym.imp.__snprintf_chk
0x00000ba4 addiu v0, v0, 0x154c | v0 += str._ld:_s:_d;
0x00000ba8 sw s3, 0x14(sp) | *(var_14h_2) = s3;
0x00000bac sw s6, 0x18(sp) | *(var_18h_2) = s6;
0x00000bb0 sw v0, 0x10(sp) | *(var_10h_2) = v0;
0x00000bb4 move a1, s0 | a1 = s0;
0x00000bb8 addiu a3, zero, -1 | a3 = -1;
0x00000bbc addiu a2, zero, 1 | a2 = 1;
0x00000bc0 move a0, t0 | a0 = t0;
0x00000bc4 sw t0, 0x2c(fp) | *(arg_2ch) = t0;
0x00000bc8 jalr t9 | t9 ();
0x00000bcc slt s0, v0, s0 | s0 = (v0 < s0) ? 1 : 0;
0x00000bd0 lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000bd4 move s3, v0 | s3 = v0;
| if (s0 != 0) {
0x00000bd8 beqz s0, 0xc20 |
0x00000bdc lw t0, 0x2c(fp) | t0 = *(arg_2ch);
| if (v0 < 0) {
0x00000be0 bltz v0, 0xc20 | goto label_2;
| }
0x00000be4 lw t9, -0x7f88(gp) | t9 = sym.imp.write;
0x00000be8 move a2, v0 | a2 = v0;
0x00000bec move a1, t0 | a1 = t0;
0x00000bf0 move a0, s7 | a0 = s7;
0x00000bf4 jalr t9 | t9 ();
0x00000bf8 lw gp, 0x20(fp) | gp = *(arg_20h);
| if (s3 == v0) {
0x00000bfc beq s3, v0, 0xca0 | goto label_3;
| }
0x00000c00 lw t9, -0x7fa4(gp) | t9 = sym.imp.close;
0x00000c04 move a0, s7 | a0 = s7;
0x00000c08 jalr t9 | t9 ();
0x00000c0c lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000c10 move sp, s4 |
0x00000c14 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00000c18 addiu a2, a2, 0x14d4 | a2 += str.ERROR:_Failed_to_write_the_session_info;
0x00000c1c b 0xc40 | goto label_4;
| }
| label_2:
0x00000c20 lw t9, -0x7fa4(gp) | t9 = sym.imp.close;
0x00000c24 move a0, s7 | a0 = s7;
0x00000c28 jalr t9 | t9 ();
0x00000c2c lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000c30 lw sp, 0x28(fp) |
| }
| label_1:
0x00000c34 lw a2, -0x7fdc(gp) | a2 = *((gp - 8183));
0x00000c38 move sp, s5 |
0x00000c3c addiu a2, a2, 0x14fc | a2 += str.ERROR:_Failed_to_create_session;
| label_4:
0x00000c40 lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00000c44 lw t9, -0x7f98(gp) | t9 = sym.imp.__printf_chk
0x00000c48 addiu a1, a1, 0x1558 | a1 += str._s_r_n;
0x00000c4c addiu a0, zero, 1 | a0 = 1;
0x00000c50 jalr t9 | t9 ();
0x00000c54 lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000c58 move sp, s4 |
| do {
| label_0:
0x00000c5c lw a0, 0x54(fp) | a0 = *(arg_54h);
0x00000c60 lw v1, (s1) | v1 = *(s1);
0x00000c64 move v0, zero | v0 = 0;
| if (a0 != v1) {
0x00000c68 bne a0, v1, 0xcd8 | goto label_5;
| }
0x00000c6c move sp, fp |
0x00000c70 lw ra, 0x7c(sp) | ra = *(var_7ch);
0x00000c74 lw fp, 0x78(sp) | fp = *(var_78h);
0x00000c78 lw s7, 0x74(sp) | s7 = *(var_74h);
0x00000c7c lw s6, 0x70(sp) | s6 = *(var_70h);
0x00000c80 lw s5, 0x6c(sp) | s5 = *(var_6ch);
0x00000c84 lw s4, 0x68(sp) | s4 = *(var_68h);
0x00000c88 lw s3, 0x64(sp) | s3 = *(var_64h);
0x00000c8c lw s2, 0x60(sp) | s2 = *(var_60h);
0x00000c90 lw s1, 0x5c(sp) | s1 = *(var_5ch);
0x00000c94 lw s0, 0x58(sp) | s0 = *(var_58h);
0x00000c98 addiu sp, sp, 0x80 |
0x00000c9c jr ra | return v0;
| label_3:
0x00000ca0 lw t9, -0x7fa4(gp) | t9 = sym.imp.close;
0x00000ca4 move a0, s7 | a0 = s7;
0x00000ca8 jalr t9 | t9 ();
0x00000cac lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000cb0 move a2, s2 | a2 = s2;
0x00000cb4 addiu a0, zero, 1 | a0 = 1;
0x00000cb8 lw a1, -0x7fdc(gp) | a1 = *((gp - 8183));
0x00000cbc lw t9, -0x7f98(gp) | t9 = sym.imp.__printf_chk
0x00000cc0 move sp, s4 |
0x00000cc4 addiu a1, a1, 0x1558 | a1 += str._s_r_n;
0x00000cc8 jalr t9 | t9 ();
0x00000ccc lw gp, 0x20(fp) | gp = *(arg_20h);
0x00000cd0 move sp, s4 |
0x00000cd4 b 0xc5c |
| } while (1);
| label_5:
0x00000cd8 lw t9, -0x7f60(gp) | t9 = sym.imp.__stack_chk_fail;
0x00000cdc jalr t9 | t9 ();
0x00000ce0 nop |
0x00000ce4 nop |
0x00000ce8 nop |
0x00000cec nop |
| }
[*] Function printf used 6 times rtspwssession.cgi
