[*] Binary protection state of stclient.cgi
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of stclient.cgi
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/sbin/stclient.cgi @ 0x2e34 */
| #include <stdint.h>
|
; (fcn) fcn.00002e34 () | void fcn_00002e34 (int16_t arg1) {
| r0 = arg1;
0x00002e34 push {r3, r4, r5, lr} |
0x00002e36 mov r4, r0 | r4 = r0;
0x00002e38 ldr r5, [pc, 0x28] |
0x00002e3a add r5, pc | r5 = 0x5ca2;
0x00002e3c blx 0x1530 | CGI_xml_setup ();
| if (r4 == 0) {
0x00002e40 cbz r4, 0x2e5a | goto label_0;
| }
0x00002e42 ldr r0, [pc, 0x24] |
0x00002e44 mov r1, r4 | r1 = r4;
0x00002e46 add r0, pc | r0 = 0x5cb4;
0x00002e48 blx 0x14d0 | g_printf ()
| do {
0x00002e4c ldr r3, [pc, 0x1c] | r3 = *(0x2e6c);
0x00002e4e ldr r3, [r5, r3] | r3 = *((r5 + r3));
0x00002e50 ldr r0, [r3] | r0 = *(0x2e6c);
0x00002e52 pop.w {r3, r4, r5, lr} |
0x00002e56 b.w 0x1740 | void (*0x1740)() ();
| label_0:
0x00002e5a ldr r0, [pc, 0x14] |
0x00002e5c add r0, pc | r0 = 0x5cd2;
0x00002e5e blx 0x14d0 | g_printf ()
0x00002e62 b 0x2e4c |
| } while (1);
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/rootfs.img_unblob_extracted/rootfs.img_extract/0-80367616.squashfs_v4_le_extract/usr/sbin/stclient.cgi @ 0x2e74 */
| #include <stdint.h>
|
; (fcn) fcn.00002e74 () | void fcn_00002e74 (int16_t arg1) {
| r0 = arg1;
0x00002e74 push {r3, r4, r5, lr} |
0x00002e76 mov r4, r0 | r4 = r0;
0x00002e78 blx 0x1530 | CGI_xml_setup ();
0x00002e7c rsbs r1, r4, 0 | r1 = r4 - ;
0x00002e7e ldr r3, [pc, 0x20] |
0x00002e80 ldr r0, [pc, 0x20] |
0x00002e82 ldr r5, [pc, 0x24] |
0x00002e84 add r3, pc | r3 = 0x5d2a;
0x00002e86 ldr.w r2, [r3, r1, lsl 2] | r2 = *(0x5d2a);
0x00002e8a add r0, pc | r0 = 0x5d32;
0x00002e8c blx 0x14d0 | g_printf ()
0x00002e90 ldr r3, [pc, 0x18] | r3 = *(0x2eac);
0x00002e92 add r5, pc | r5 = 0x5d40;
0x00002e94 ldr r3, [r5, r3] | r3 = *(0x5d40);
0x00002e96 ldr r0, [r3] | r0 = *(0x5d40);
0x00002e98 pop.w {r3, r4, r5, lr} |
0x00002e9c b.w 0x1740 | return void (*0x1740)() ();
| }
[*] Function printf used 4 times stclient.cgi
