[*] Binary protection state of login.shadow
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of login.shadow
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/login.shadow @ 0x688c */
| #include <stdint.h>
|
; (fcn) fcn.0000688c () | void fcn_0000688c () {
0x0000688c lui gp, 2 |
0x00006890 addiu gp, gp, 0x1a94 |
0x00006894 addu gp, gp, t9 | gp += t9;
0x00006898 addiu sp, sp, -0x1460 |
0x0000689c lw t9, -0x7dc0(gp) | t9 = sym.imp.memset;
0x000068a0 sw s7, 0x1454(sp) | *(var_1454h) = s7;
0x000068a4 lw s7, -0x7cb8(gp) | s7 = *((gp - 7982));
0x000068a8 sw s0, 0x1438(sp) | *(var_1438h) = s0;
0x000068ac addiu s0, sp, 0x34 | s0 = sp + 0x34;
0x000068b0 lw v0, (s7) | v0 = *(s7);
0x000068b4 sw ra, 0x145c(sp) | *(var_145ch) = ra;
0x000068b8 sw gp, 0x18(sp) | *(var_18h_2) = gp;
0x000068bc sw fp, 0x1458(sp) | *(var_1458h) = fp;
0x000068c0 sw s6, 0x1450(sp) | *(var_1450h) = s6;
0x000068c4 sw s3, 0x1444(sp) | *(var_1444h) = s3;
0x000068c8 sw s2, 0x1440(sp) | *(var_1440h) = s2;
0x000068cc addiu a2, zero, 0x400 | a2 = 0x400;
0x000068d0 move a1, zero | a1 = 0;
0x000068d4 sw s5, 0x144c(sp) | *(var_144ch) = s5;
0x000068d8 sw s4, 0x1448(sp) | *(var_1448h) = s4;
0x000068dc sw s1, 0x143c(sp) | *(var_143ch) = s1;
0x000068e0 move s6, a0 | s6 = a0;
0x000068e4 sw v0, 0x1434(sp) | *(var_1434h) = v0;
0x000068e8 move a0, s0 | a0 = s0;
0x000068ec jalr t9 | t9 ();
0x000068f0 lw gp, 0x18(sp) | gp = *(var_18h_2);
0x000068f4 addiu s3, sp, 0x434 | s3 = sp + 0x434;
0x000068f8 addiu a2, zero, 0x400 | a2 = 0x400;
0x000068fc lw t9, -0x7dc0(gp) | t9 = sym.imp.memset;
0x00006900 move a1, zero | a1 = 0;
0x00006904 move a0, s3 | a0 = s3;
0x00006908 jalr t9 | t9 ();
0x0000690c lw gp, 0x18(sp) | gp = *(var_18h_2);
0x00006910 addiu fp, sp, 0x834 | fp = sp + 0x834;
0x00006914 addiu a2, zero, 0x400 | a2 = 0x400;
0x00006918 lw t9, -0x7dc0(gp) | t9 = sym.imp.memset;
0x0000691c move a1, zero | a1 = 0;
0x00006920 move a0, fp | a0 = fp;
0x00006924 jalr t9 | t9 ();
0x00006928 lw gp, 0x18(sp) | gp = *(var_18h_2);
0x0000692c addiu v0, sp, 0xc34 | v0 = sp + 0xc34;
0x00006930 addiu a2, zero, 0x400 | a2 = 0x400;
0x00006934 lw t9, -0x7dc0(gp) | t9 = sym.imp.memset;
0x00006938 move a1, zero | a1 = 0;
0x0000693c move a0, v0 | a0 = v0;
0x00006940 sw v0, 0x24(sp) | *(var_24h_2) = v0;
0x00006944 jalr t9 | t9 ();
0x00006948 lw gp, 0x18(sp) | gp = *(var_18h_2);
0x0000694c addiu s2, sp, 0x1034 | s2 = sp + 0x1034;
0x00006950 addiu a2, zero, 0x400 | a2 = 0x400;
0x00006954 lw t9, -0x7dc0(gp) | t9 = sym.imp.memset;
0x00006958 move a1, zero | a1 = 0;
0x0000695c move a0, s2 | a0 = s2;
0x00006960 jalr t9 | t9 ();
0x00006964 lw gp, 0x18(sp) | gp = *(var_18h_2);
0x00006968 lw a1, -0x7fd4(gp) | a1 = *((gp - 8181));
0x0000696c lw a0, -0x7fd4(gp) | a0 = *((gp - 8181));
0x00006970 lw t9, -0x7e30(gp) | t9 = sym.imp.fopen64;
0x00006974 addiu a1, a1, -0x2030 | a1 += -0x2030;
0x00006978 addiu a0, a0, -0x1888 | a0 += -0x1888;
0x0000697c jalr t9 | t9 ();
0x00006980 lw gp, 0x18(sp) | gp = *(var_18h_2);
| if (v0 == 0) {
0x00006984 beqz v0, 0x6adc | goto label_8;
| }
0x00006988 move s1, v0 | s1 = v0;
0x0000698c lw s4, -0x7fd4(gp) | s4 = *((gp - 8181));
0x00006990 lw s5, -0x7fd4(gp) | s5 = *((gp - 8181));
0x00006994 lw v0, -0x7fd4(gp) | v0 = *((gp - 8181));
0x00006998 addiu s4, s4, -0x187c | s4 += -0x187c;
0x0000699c addiu s5, s5, -0x1850 | s5 += -0x1850;
0x000069a0 sw v0, 0x28(sp) | *(var_28h_2) = v0;
| do {
| label_0:
0x000069a4 lw t9, -0x7cc0(gp) | t9 = sym.imp.fgets;
| label_1:
0x000069a8 move a2, s1 | a2 = s1;
0x000069ac addiu a1, zero, 0x400 | a1 = 0x400;
0x000069b0 move a0, s0 | a0 = s0;
0x000069b4 jalr t9 | t9 ();
0x000069b8 lw gp, 0x18(sp) | gp = *(var_18h_2);
| if (v0 == 0) {
0x000069bc beqz v0, 0x6ab8 | goto label_9;
| }
0x000069c0 lb v0, 0x34(sp) | v0 = *(var_34h_2);
0x000069c4 addiu v1, zero, 0x23 | v1 = 0x23;
0x000069c8 addiu v1, zero, 0xa | v1 = 0xa;
0x000069cc beq v0, v1, 0x69a4 |
| } while (v0 == v1);
0x000069d0 lw t9, -0x7dc0(gp) | t9 = sym.imp.memset;
| if (v0 == v1) {
0x000069d4 beq v0, v1, 0x69a4 | goto label_0;
| }
0x000069d8 addiu a2, zero, 0x400 | a2 = 0x400;
0x000069dc move a1, zero | a1 = 0;
0x000069e0 move a0, s2 | a0 = s2;
0x000069e4 jalr t9 | t9 ();
0x000069e8 lw gp, 0x18(sp) | gp = *(var_18h_2);
0x000069ec move a3, s2 | a3 = s2;
0x000069f0 move a2, s3 | a2 = s3;
0x000069f4 lw t9, -0x7e20(gp) | t9 = sym.imp.sscanf;
0x000069f8 move a1, s4 | a1 = s4;
0x000069fc move a0, s0 | a0 = s0;
0x00006a00 jalr t9 | t9 ();
0x00006a04 addiu v1, zero, 2 | v1 = 2;
0x00006a08 lw gp, 0x18(sp) | gp = *(var_18h_2);
| if (v0 != v1) {
0x00006a0c bne v0, v1, 0x69a4 | goto label_0;
| }
0x00006a10 lw t9, -0x7c80(gp) | t9 = sym.imp.strcmp;
0x00006a14 move a1, s6 | a1 = s6;
0x00006a18 move a0, s3 | a0 = s3;
0x00006a1c jalr t9 | t9 ();
0x00006a20 lw gp, 0x18(sp) | gp = *(var_18h_2);
| if (v0 == 0) {
0x00006a24 beqz v0, 0x6aa0 | goto label_10;
| }
0x00006a28 lw t9, -0x7c80(gp) | t9 = sym.imp.strcmp;
0x00006a2c move a1, s5 | a1 = s5;
0x00006a30 move a0, s3 | a0 = s3;
0x00006a34 jalr t9 | t9 ();
0x00006a38 lw gp, 0x18(sp) | gp = *(var_18h_2);
| if (v0 == 0) {
0x00006a3c beqz v0, 0x6b20 | goto label_11;
| }
0x00006a40 lb v1, 0x434(sp) | v1 = *(var_434h);
0x00006a44 addiu v0, zero, 0x40 | v0 = 0x40;
0x00006a48 lw t9, -0x7cc0(gp) | t9 = sym.imp.fgets;
| if (v1 != v0) {
0x00006a4c bne v1, v0, 0x69a8 | goto label_1;
| }
0x00006a50 lw t9, -0x7e74(gp) | t9 = sym.imp.getgrnam;
0x00006a54 addiu v0, sp, 0x435 | v0 = sp + 0x435;
0x00006a58 sw v0, 0x2c(sp) | *(var_2ch_3) = v0;
0x00006a5c move a0, v0 | a0 = v0;
0x00006a60 jalr t9 | t9 ();
0x00006a64 lw gp, 0x18(sp) | gp = *(var_18h_2);
| if (v0 == 0) {
0x00006a68 beqz v0, 0x6f48 | goto label_12;
| }
0x00006a6c lw t9, -0x7ef8(gp) | t9 = sym.is_on_list;
0x00006a70 lw a0, 0xc(v0) | a0 = *((v0 + 3));
0x00006a74 move a1, s6 | a1 = s6;
0x00006a78 bal 0x777c | sym_is_on_list ();
0x00006a7c lw gp, 0x18(sp) | gp = *(var_18h_2);
| if (v0 == 0) {
0x00006a80 beqz v0, 0x69a4 | goto label_0;
| }
0x00006a84 lw t9, -0x7dec(gp) | t9 = sym.imp.__strcpy_chk
0x00006a88 addiu a2, zero, 0x400 | a2 = 0x400;
0x00006a8c move a1, s2 | a1 = s2;
0x00006a90 move a0, fp | a0 = fp;
0x00006a94 jalr t9 | t9 ();
0x00006a98 lw gp, 0x18(sp) | gp = *(var_18h_2);
0x00006a9c b 0x69a4 | goto label_0;
| label_10:
0x00006aa0 lw t9, -0x7dec(gp) | t9 = sym.imp.__strcpy_chk
0x00006aa4 addiu a2, zero, 0x400 | a2 = 0x400;
0x00006aa8 move a1, s2 | a1 = s2;
0x00006aac move a0, fp | a0 = fp;
0x00006ab0 jalr t9 | t9 ();
0x00006ab4 lw gp, 0x18(sp) | gp = *(var_18h_2);
| label_9:
0x00006ab8 lw t9, -0x7e2c(gp) | t9 = sym.imp.fclose;
0x00006abc move a0, s1 | a0 = s1;
0x00006ac0 jalr t9 | t9 ();
0x00006ac4 lb s0, 0x834(sp) | s0 = *(var_834h);
0x00006ac8 lw gp, 0x18(sp) | gp = *(var_18h_2);
| if (s0 == 0) {
0x00006acc bnez s0, 0x6b54 |
0x00006ad0 lb v0, 0xc34(sp) | v0 = *(var_c34h);
0x00006ad4 lw t9, -0x7dec(gp) | t9 = sym.imp.__strcpy_chk
| if (v0 == 0) {
0x00006ad8 bnez v0, 0x6b3c |
| label_8:
0x00006adc move s1, zero | s1 = 0;
| label_2:
0x00006ae0 lw a0, 0x1434(sp) | a0 = *(var_1434h);
0x00006ae4 lw v1, (s7) | v1 = *(s7);
0x00006ae8 move v0, s1 | v0 = s1;
| if (a0 != v1) {
0x00006aec bne a0, v1, 0x6f94 | goto label_13;
| }
0x00006af0 lw ra, 0x145c(sp) | ra = *(var_145ch);
0x00006af4 lw fp, 0x1458(sp) | fp = *(var_1458h);
0x00006af8 lw s7, 0x1454(sp) | s7 = *(var_1454h);
0x00006afc lw s6, 0x1450(sp) | s6 = *(var_1450h);
0x00006b00 lw s5, 0x144c(sp) | s5 = *(var_144ch);
0x00006b04 lw s4, 0x1448(sp) | s4 = *(var_1448h);
0x00006b08 lw s3, 0x1444(sp) | s3 = *(var_1444h);
0x00006b0c lw s2, 0x1440(sp) | s2 = *(var_1440h);
0x00006b10 lw s1, 0x143c(sp) | s1 = *(var_143ch);
0x00006b14 lw s0, 0x1438(sp) | s0 = *(var_1438h);
0x00006b18 addiu sp, sp, 0x1460 |
0x00006b1c jr ra | return v0;
| label_11:
0x00006b20 lw t9, -0x7dec(gp) | t9 = sym.imp.__strcpy_chk
0x00006b24 lw a0, 0x24(sp) | a0 = *(var_24h_2);
0x00006b28 addiu a2, zero, 0x400 | a2 = 0x400;
0x00006b2c move a1, s2 | a1 = s2;
0x00006b30 jalr t9 | t9 ();
0x00006b34 lw gp, 0x18(sp) | gp = *(var_18h_2);
0x00006b38 b 0x69a4 | goto label_0;
| }
0x00006b3c lw a1, 0x24(sp) | a1 = *(var_24h_2);
0x00006b40 addiu a2, zero, 0x400 | a2 = 0x400;
0x00006b44 move a0, fp | a0 = fp;
0x00006b48 jalr t9 | t9 ();
0x00006b4c lw gp, 0x18(sp) | gp = *(var_18h_2);
0x00006b50 lb s0, 0x834(sp) | s0 = *(var_834h);
| }
0x00006b54 move s4, fp | s4 = fp;
0x00006b58 addiu v0, zero, 0x20 | v0 = 0x20;
0x00006b5c addiu v1, zero, 9 | v1 = 9;
| do {
| if (s0 != v0) {
0x00006b60 beql s0, v0, 0x6b74 |
0x00006b64 addiu s4, s4, 1 | s4++;
0x00006b68 lw a1, -0x7fd4(gp) | a1 = *((gp - 8181));
| if (s0 != v1) {
0x00006b6c bne s0, v1, 0x6b7c | goto label_14;
| }
0x00006b70 addiu s4, s4, 1 | s4++;
| }
0x00006b74 lb s0, (s4) | s0 = *(s4);
0x00006b78 b 0x6b60 |
| } while (1);
| label_14:
0x00006b7c lw t9, -0x7c80(gp) | t9 = sym.imp.strcmp;
0x00006b80 addiu a1, a1, -0x188c | a1 += -0x188c;
0x00006b84 move a0, s4 | a0 = s4;
0x00006b88 jalr t9 | t9 ();
0x00006b8c lw gp, 0x18(sp) | gp = *(var_18h_2);
| if (v0 == 0) {
0x00006b90 beqz v0, 0x6f04 | goto label_15;
| }
| label_5:
0x00006b94 lw v0, -0x7fd4(gp) | v0 = *((gp - 8181));
0x00006b98 lw s2, -0x7fd4(gp) | s2 = *((gp - 8181));
0x00006b9c sw v0, 0x24(sp) | *(var_24h_2) = v0;
0x00006ba0 lw v0, -0x7fd4(gp) | v0 = *((gp - 8181));
0x00006ba4 lw s3, -0x7fc4(gp) | s3 = *((gp - 8177));
0x00006ba8 sw v0, 0x28(sp) | *(var_28h_2) = v0;
0x00006bac lw v0, -0x7fd4(gp) | v0 = *((gp - 8181));
0x00006bb0 move fp, zero | fp = 0;
0x00006bb4 addiu v0, v0, -0x1808 | v0 += -0x1808;
0x00006bb8 move s1, zero | s1 = 0;
0x00006bbc addiu s2, s2, -0x1710 | s2 += -0x1710;
0x00006bc0 addiu s3, s3, 0x6790 | s3 += fcn.00006790;
0x00006bc4 sw v0, 0x2c(sp) | *(var_2ch_3) = v0;
| if (s0 == 0) {
| label_4:
0x00006bc8 beqz s0, 0x6ae0 | goto label_2;
| }
0x00006bcc nop |
0x00006bd0 addiu s0, s0, -0x41 | s0 += -0x41;
0x00006bd4 andi v0, s0, 0xff | v0 = s0 & 0xff;
0x00006bd8 sltiu v1, v0, 0x35 | v1 = (v0 < 0x35) ? 1 : 0;
0x00006bdc addiu s0, s4, 1 | s0 = s4 + 1;
| if (v1 == 0) {
0x00006be0 beqz v1, 0x6f14 | goto label_16;
| }
0x00006be4 sll v0, v0, 2 | v0 <<= 2;
0x00006be8 lwx v0, v0(s2) | __asm ("lwx v0, v0(s2)");
0x00006bec addu v0, v0, gp | v0 += gp;
0x00006bf0 jr v0 | v0 ();
0x00006bf4 nop |
| label_7:
0x00006c14 lw t9, -0x7e88(gp) | t9 = sym.imp.__ctype_b_loc;
| label_6:
0x00006c18 move s4, s0 | s4 = s0;
0x00006c1c jalr t9 | t9 ();
0x00006c20 lw a2, (v0) | a2 = *(v0);
0x00006c24 lw gp, 0x18(sp) | gp = *(var_18h_2);
0x00006c28 addiu a1, zero, 0x2d | a1 = 0x2d;
0x00006c2c addiu a0, zero, 0x20 | a0 = 0x20;
0x00006c30 addiu v1, zero, 9 | v1 = 9;
| do {
| label_3:
0x00006c34 lb s0, (s4) | s0 = *(s4);
0x00006c38 sll v0, s0, 1 | v0 = s0 << 1;
0x00006c3c addu v0, a2, v0 | v0 = a2 + v0;
0x00006c40 lhu v0, (v0) | v0 = *(v0);
0x00006c44 andi v0, v0, 0x800 | v0 &= 0x800;
0x00006c48 addiu s4, s4, 1 | s4++;
0x00006c4c bnel v0, zero, 0x6c34 |
| } while (v0 == 0);
| if (s0 == a1) {
0x00006c50 beql s0, a1, 0x6c34 | goto label_3;
| }
0x00006c54 addiu s4, s4, 1 | s4++;
| if (s0 == a0) {
0x00006c58 beql s0, a0, 0x6c34 | goto label_3;
| }
0x00006c5c addiu s4, s4, 1 | s4++;
| if (s0 != v1) {
0x00006c60 bne s0, v1, 0x6bc8 | goto label_4;
| }
0x00006c64 nop |
0x00006c68 addiu s4, s4, 1 | s4++;
0x00006c6c b 0x6c34 | goto label_3;
| label_15:
0x00006f04 lw s4, -0x7fd4(gp) | s4 = *((gp - 8181));
0x00006f08 addiu s0, zero, 0x41 | s0 = 0x41;
0x00006f0c addiu s4, s4, -0x18b4 | s4 += -0x18b4;
0x00006f10 b 0x6b94 | goto label_5;
| label_16:
0x00006f14 lw t9, -0x7e88(gp) | t9 = sym.imp.__ctype_b_loc;
| if (fp != 0) {
0x00006f18 bnez fp, 0x6c18 | goto label_6;
| }
0x00006f1c lw v0, 0x24(sp) | v0 = *(var_24h_2);
0x00006f20 lw t9, -0x7dfc(gp) | t9 = sym.imp.__syslog_chk;
0x00006f24 move a3, s4 | a3 = s4;
0x00006f28 addiu a2, v0, -0x17e4 | a2 = v0 + -0x17e4;
0x00006f2c addiu a1, zero, 1 | a1 = 1;
0x00006f30 addiu a0, zero, 4 | a0 = 4;
0x00006f34 jalr t9 | t9 ();
0x00006f38 ori s1, s1, 1 | s1 |= 1;
0x00006f3c lw gp, 0x18(sp) | gp = *(var_18h_2);
0x00006f40 addiu fp, zero, 1 | fp = 1;
0x00006f44 b 0x6c14 | goto label_7;
| label_12:
0x00006f48 lw v0, 0x28(sp) | v0 = *(var_28h_2);
0x00006f4c lw t9, -0x7dfc(gp) | t9 = sym.imp.__syslog_chk;
0x00006f50 lw a3, 0x2c(sp) | a3 = *(var_2ch_3);
0x00006f54 addiu a2, v0, -0x184c | a2 = v0 + -0x184c;
0x00006f58 addiu a1, zero, 1 | a1 = 1;
0x00006f5c addiu a0, zero, 4 | a0 = 4;
0x00006f60 jalr t9 | t9 ();
0x00006f64 lw gp, 0x18(sp) | gp = *(var_18h_2);
0x00006f68 b 0x69a4 | goto label_0;
| label_13:
0x00006f94 lw t9, -0x7cec(gp) | t9 = sym.imp.__stack_chk_fail;
0x00006f98 jalr t9 | t9 ();
0x00006f9c nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/login.shadow @ 0x5300 */
| #include <stdint.h>
|
; (fcn) sym.console () | void console () {
0x00005300 lui gp, 2 |
0x00005304 addiu gp, gp, 0x3020 |
0x00005308 addu gp, gp, t9 | gp += t9;
0x0000530c addiu sp, sp, -0x100 |
0x00005310 lw a1, -0x7fd4(gp) | a1 = *((gp - 8181));
0x00005314 sw s2, 0xf4(sp) | *(var_f4h) = s2;
0x00005318 lw s2, -0x7cb8(gp) | s2 = *((gp - 7982));
0x0000531c lw t9, -0x7e48(gp) | t9 = sym.imp.strncmp;
0x00005320 sw gp, 0x10(sp) | *(var_10h_2) = gp;
0x00005324 lw v0, (s2) | v0 = *(s2);
0x00005328 sw s0, 0xec(sp) | *(var_ech) = s0;
0x0000532c sw ra, 0xfc(sp) | *(var_fch) = ra;
0x00005330 sw s3, 0xf8(sp) | *(var_f8h) = s3;
0x00005334 sw s1, 0xf0(sp) | *(var_f0h) = s1;
0x00005338 addiu a2, zero, 5 | a2 = 5;
0x0000533c addiu a1, a1, -0x1b54 | a1 += -0x1b54;
0x00005340 sw v0, 0xe4(sp) | *(var_e4h) = v0;
0x00005344 move s0, a0 | s0 = a0;
0x00005348 jalr t9 | t9 ();
0x0000534c lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x00005350 bnez v0, 0x5358 |
0x00005354 addiu s0, s0, 5 | s0 += 5;
| }
0x00005358 lw a0, -0x7fd4(gp) | a0 = *((gp - 8181));
0x0000535c lw t9, -0x7f84(gp) | t9 = sym.getdef_str;
0x00005360 addiu a0, a0, -0x1b4c | a0 += -0x1b4c;
0x00005364 bal 0xaf88 | sym_getdef_str ();
0x00005368 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x0000536c beqz v0, 0x5410 | goto label_0;
| }
0x00005370 lb a0, (v0) | a0 = *(v0);
0x00005374 addiu v1, zero, 0x2f | v1 = 0x2f;
0x00005378 lw t9, -0x7dec(gp) | t9 = sym.imp.__strcpy_chk
| if (a0 == v1) {
0x0000537c beq a0, v1, 0x5418 | goto label_4;
| }
0x00005380 addiu v1, sp, 0x1c | v1 = sp + 0x1c;
0x00005384 move a0, v1 | a0 = v1;
0x00005388 addiu a2, zero, 0xc8 | a2 = 0xc8;
0x0000538c move a1, v0 | a1 = v0;
0x00005390 jalr t9 | t9 ();
0x00005394 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x00005398 move a0, v0 | a0 = v0;
0x0000539c lw s1, -0x7fd4(gp) | s1 = *((gp - 8181));
0x000053a0 addiu s1, s1, -0x1b44 | s1 += -0x1b44;
0x000053a4 b 0x53c4 |
| while (v0 != 0) {
0x000053a8 lw t9, -0x7c80(gp) | t9 = sym.imp.strcmp;
0x000053ac move a0, v0 | a0 = v0;
0x000053b0 move a1, s0 | a1 = s0;
0x000053b4 jalr t9 | t9 ();
0x000053b8 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x000053bc move a0, zero | a0 = 0;
| if (v0 == 0) {
0x000053c0 beqz v0, 0x5410 | goto label_0;
| }
0x000053c4 lw t9, -0x7df4(gp) | t9 = sym.imp.strtok;
0x000053c8 move a1, s1 | a1 = s1;
0x000053cc jalr t9 | t9 ();
0x000053d0 lw gp, 0x10(sp) | gp = *(var_10h_2);
0x000053d4 bnez v0, 0x53a8 |
| }
| do {
| label_3:
0x000053d8 lw a0, 0xe4(sp) | a0 = *(var_e4h);
0x000053dc lw v1, (s2) | v1 = *(s2);
0x000053e0 lw ra, 0xfc(sp) | ra = *(var_fch);
| if (a0 != v1) {
0x000053e4 bne a0, v1, 0x54a8 | goto label_5;
| }
0x000053e8 lw s3, 0xf8(sp) | s3 = *(var_f8h);
0x000053ec lw s2, 0xf4(sp) | s2 = *(var_f4h);
0x000053f0 lw s1, 0xf0(sp) | s1 = *(var_f0h);
0x000053f4 lw s0, 0xec(sp) | s0 = *(var_ech);
0x000053f8 addiu sp, sp, 0x100 |
0x000053fc jr ra | return v0;
| label_1:
0x00005400 lw t9, -0x7e2c(gp) | t9 = sym.imp.fclose;
0x00005404 move a0, s3 | a0 = s3;
0x00005408 jalr t9 | t9 ();
0x0000540c lw gp, 0x10(sp) | gp = *(var_10h_2);
| label_0:
0x00005410 addiu v0, zero, 1 | v0 = 1;
0x00005414 b 0x53d8 |
| } while (1);
| label_4:
0x00005418 lw a1, -0x7fd4(gp) | a1 = *((gp - 8181));
0x0000541c lw t9, -0x7e30(gp) | t9 = sym.imp.fopen64;
0x00005420 addiu a1, a1, -0x2030 | a1 += -0x2030;
0x00005424 move a0, v0 | a0 = v0;
0x00005428 jalr t9 | t9 ();
0x0000542c move s3, v0 | s3 = v0;
0x00005430 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x00005434 beqz v0, 0x5410 | goto label_0;
| }
0x00005438 addiu s1, sp, 0x1c | s1 = sp + 0x1c;
0x0000543c b 0x5474 | goto label_6;
| label_2:
0x00005440 lw t9, -0x7d88(gp) | t9 = sym.imp.strlen;
0x00005444 move a0, s1 | a0 = s1;
0x00005448 jalr t9 | t9 ();
0x0000544c lw gp, 0x10(sp) | gp = *(var_10h_2);
0x00005450 addiu v1, sp, 0xe8 | v1 = sp + 0xe8;
0x00005454 addu v0, v1, v0 | v0 = v1 + v0;
0x00005458 lw t9, -0x7c80(gp) | t9 = sym.imp.strcmp;
0x0000545c move a1, s0 | a1 = s0;
0x00005460 move a0, s1 | a0 = s1;
0x00005464 sb zero, -0xcd(v0) | *((v0 - 205)) = 0;
0x00005468 jalr t9 | t9 ();
0x0000546c lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 == 0) {
0x00005470 beqz v0, 0x5400 | goto label_1;
| }
| label_6:
0x00005474 lw t9, -0x7cc0(gp) | t9 = sym.imp.fgets;
0x00005478 move a2, s3 | a2 = s3;
0x0000547c addiu a1, zero, 0xc8 | a1 = 0xc8;
0x00005480 move a0, s1 | a0 = s1;
0x00005484 jalr t9 | t9 ();
0x00005488 lw gp, 0x10(sp) | gp = *(var_10h_2);
| if (v0 != 0) {
0x0000548c bnez v0, 0x5440 | goto label_2;
| }
0x00005490 lw t9, -0x7e2c(gp) | t9 = sym.imp.fclose;
0x00005494 move a0, s3 | a0 = s3;
0x00005498 jalr t9 | t9 ();
0x0000549c lw gp, 0x10(sp) | gp = *(var_10h_2);
0x000054a0 move v0, zero | v0 = 0;
0x000054a4 b 0x53d8 | goto label_3;
| label_5:
0x000054a8 lw t9, -0x7cec(gp) | t9 = sym.imp.__stack_chk_fail;
0x000054ac jalr t9 | t9 ();
0x000054b0 nop |
0x000054b4 nop |
0x000054b8 nop |
0x000054bc nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/4325012-58052244.squashfs_v4_le_extract/usr/bin/login.shadow @ 0x9490 */
| #include <stdint.h>
|
; (fcn) sym.tz () | void tz () {
0x00009490 lui gp, 2 |
0x00009494 addiu gp, gp, -0x1170 |
0x00009498 addu gp, gp, t9 | gp += t9;
0x0000949c addiu sp, sp, -0x28 |
0x000094a0 lw a1, -0x7fd4(gp) | a1 = *((gp - 8181));
0x000094a4 lw t9, -0x7e30(gp) | t9 = sym.imp.fopen64;
0x000094a8 sw gp, 0x10(sp) | *(var_10h) = gp;
0x000094ac sw ra, 0x24(sp) | *(var_24h) = ra;
0x000094b0 sw s2, 0x20(sp) | *(var_20h) = s2;
0x000094b4 sw s1, 0x1c(sp) | *(var_1ch) = s1;
0x000094b8 sw s0, 0x18(sp) | *(var_18h) = s0;
0x000094bc addiu a1, a1, -0x2030 | a1 += -0x2030;
0x000094c0 jalr t9 | t9 ();
0x000094c4 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x000094c8 beqz v0, 0x9578 | goto label_1;
| }
0x000094cc lw s0, -0x7fdc(gp) | s0 = *((gp - 8183));
0x000094d0 lw t9, -0x7cc0(gp) | t9 = sym.imp.fgets;
0x000094d4 move a2, v0 | a2 = v0;
0x000094d8 addiu a1, zero, 0x2000 | a1 = 0x2000;
0x000094dc addiu a0, s0, 0xb40 | a0 = s0 + 0xb40;
0x000094e0 move s1, v0 | s1 = v0;
0x000094e4 jalr t9 | t9 ();
0x000094e8 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x000094ec beqz v0, 0x9534 | goto label_2;
| }
0x000094f0 lw t9, -0x7d88(gp) | t9 = sym.imp.strlen;
0x000094f4 addiu a0, s0, 0xb40 | a0 = s0 + 0xb40;
0x000094f8 jalr t9 | t9 ();
0x000094fc addiu s2, s0, 0xb40 | s2 = s0 + 0xb40;
0x00009500 addu v0, s2, v0 | v0 = s2 + v0;
0x00009504 lw gp, 0x10(sp) | gp = *(var_10h);
0x00009508 sb zero, -1(v0) | *((v0 - 1)) = 0;
| do {
| label_0:
0x0000950c lw t9, -0x7e2c(gp) | t9 = sym.imp.fclose;
0x00009510 move a0, s1 | a0 = s1;
0x00009514 jalr t9 | t9 ();
0x00009518 lw ra, 0x24(sp) | ra = *(var_24h);
0x0000951c move v0, s2 | v0 = s2;
0x00009520 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x00009524 lw s2, 0x20(sp) | s2 = *(var_20h);
0x00009528 lw s0, 0x18(sp) | s0 = *(var_18h);
0x0000952c addiu sp, sp, 0x28 |
0x00009530 jr ra | return v0;
| label_2:
0x00009534 lw a0, -0x7fd4(gp) | a0 = *((gp - 8181));
0x00009538 lw t9, -0x7f84(gp) | t9 = sym.getdef_str;
0x0000953c addiu a0, a0, -0x2218 | a0 += -0x2218;
0x00009540 bal 0xaf88 | sym_getdef_str ();
0x00009544 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x00009548 beqz v0, 0x9620 | goto label_3;
| }
0x0000954c lb a0, (v0) | a0 = *(v0);
0x00009550 addiu v1, zero, 0x2f | v1 = 0x2f;
0x00009554 lw t9, -0x7dec(gp) | t9 = sym.imp.__strcpy_chk
| if (a0 == v1) {
0x00009558 beq a0, v1, 0x9620 | goto label_3;
| }
0x0000955c addiu a2, zero, 0x2000 | a2 = 0x2000;
0x00009560 move a1, v0 | a1 = v0;
0x00009564 addiu a0, s0, 0xb40 | a0 = s0 + 0xb40;
0x00009568 jalr t9 | t9 ();
0x0000956c addiu s2, s0, 0xb40 | s2 = s0 + 0xb40;
0x00009570 lw gp, 0x10(sp) | gp = *(var_10h);
0x00009574 b 0x950c |
| } while (1);
| label_1:
0x00009578 lw a0, -0x7fd4(gp) | a0 = *((gp - 8181));
0x0000957c lw t9, -0x7f84(gp) | t9 = sym.getdef_str;
0x00009580 addiu a0, a0, -0x2218 | a0 += -0x2218;
0x00009584 bal 0xaf88 | sym_getdef_str ();
0x00009588 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 != 0) {
0x0000958c beqz v0, 0x95d4 |
0x00009590 lb a0, (v0) | a0 = *(v0);
0x00009594 addiu v1, zero, 0x2f | v1 = 0x2f;
0x00009598 lw s0, -0x7fdc(gp) | s0 = *((gp - 8183));
| if (a0 == v1) {
0x0000959c beq a0, v1, 0x95d4 | goto label_4;
| }
0x000095a0 lw t9, -0x7dec(gp) | t9 = sym.imp.__strcpy_chk
0x000095a4 addiu a0, s0, 0xb40 | a0 = s0 + 0xb40;
0x000095a8 addiu a2, zero, 0x2000 | a2 = 0x2000;
0x000095ac move a1, v0 | a1 = v0;
0x000095b0 jalr t9 | t9 ();
0x000095b4 lw ra, 0x24(sp) | ra = *(var_24h);
0x000095b8 addiu s2, s0, 0xb40 | s2 = s0 + 0xb40;
0x000095bc move v0, s2 | v0 = s2;
0x000095c0 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x000095c4 lw s2, 0x20(sp) | s2 = *(var_20h);
0x000095c8 lw s0, 0x18(sp) | s0 = *(var_18h);
0x000095cc addiu sp, sp, 0x28 |
0x000095d0 jr ra | return v0;
| }
| label_4:
0x000095d4 lw v1, -0x7fd4(gp) | v1 = *((gp - 8181));
0x000095d8 lw s0, -0x7fdc(gp) | s0 = *((gp - 8183));
0x000095dc addiu v0, v1, -0x10f8 | v0 = v1 + -0x10f8;
0x000095e0 addiu s2, s0, 0xb40 | s2 = s0 + 0xb40;
0x000095e4 lw a1, -0x10f8(v1) | a1 = *((v1 - 1086));
0x000095e8 lw a0, 4(v0) | a0 = *((v0 + 1));
0x000095ec lhu v1, 8(v0) | v1 = *((v0 + 4));
0x000095f0 lw ra, 0x24(sp) | ra = *(var_24h);
0x000095f4 lbu v0, 0xa(v0) | v0 = *((v0 + 10));
0x000095f8 sw a1, 0xb40(s0) | *((s0 + 720)) = a1;
0x000095fc lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x00009600 sb v0, 0xa(s2) | *((s2 + 10)) = v0;
0x00009604 lw s0, 0x18(sp) | s0 = *(var_18h);
0x00009608 move v0, s2 | v0 = s2;
0x0000960c sw a0, 4(s2) | *((s2 + 1)) = a0;
0x00009610 sh v1, 8(s2) | *((s2 + 4)) = v1;
0x00009614 lw s2, 0x20(sp) | s2 = *(var_20h);
0x00009618 addiu sp, sp, 0x28 |
0x0000961c jr ra | return v0;
| label_3:
0x00009620 lw v1, -0x7fd4(gp) | v1 = *((gp - 8181));
0x00009624 addiu s2, s0, 0xb40 | s2 = s0 + 0xb40;
0x00009628 addiu v0, v1, -0x10f8 | v0 = v1 + -0x10f8;
0x0000962c lw a1, -0x10f8(v1) | a1 = *((v1 - 1086));
0x00009630 lw a0, 4(v0) | a0 = *((v0 + 1));
0x00009634 lhu v1, 8(v0) | v1 = *((v0 + 4));
0x00009638 lbu v0, 0xa(v0) | v0 = *((v0 + 10));
0x0000963c sw a1, 0xb40(s0) | *((s0 + 720)) = a1;
0x00009640 sw a0, 4(s2) | *((s2 + 1)) = a0;
0x00009644 sh v1, 8(s2) | *((s2 + 4)) = v1;
0x00009648 sb v0, 0xa(s2) | *((s2 + 10)) = v0;
0x0000964c b 0x950c | goto label_0;
| }
[*] Function strcpy used 8 times login.shadow
