[*] Binary protection state of librtsaec.so
No RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of librtsaec.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/lib/librtsaec.so @ 0xfbc0 */
| #include <stdint.h>
|
; (fcn) sym.IPCam_033 () | void IPCam_033 () {
| if (a1 <= 0) {
0x0000fbc0 blez a1, 0xfd44 | goto label_4;
| }
0x0000fbc4 nop |
0x0000fbc8 addiu sp, sp, -0x20 |
0x0000fbcc sw s7, 0x1c(sp) | *(var_1ch) = s7;
0x0000fbd0 sw s6, 0x18(sp) | *(var_18h) = s6;
0x0000fbd4 sw s5, 0x14(sp) | *(var_14h) = s5;
0x0000fbd8 sw s4, 0x10(sp) | *(var_10h) = s4;
0x0000fbdc sw s3, 0xc(sp) | *(var_ch) = s3;
0x0000fbe0 sw s2, 8(sp) | *(var_8h) = s2;
0x0000fbe4 sw s1, 4(sp) | *(var_4h) = s1;
0x0000fbe8 sw s0, (sp) | *(sp) = s0;
0x0000fbec sll s4, a1, 2 | s4 = a1 << 2;
0x0000fbf0 lw t4, 4(a3) | t4 = *((a3 + 1));
0x0000fbf4 move s2, zero | s2 = 0;
0x0000fbf8 lw t7, 0x14(a3) | t7 = *((a3 + 5));
0x0000fbfc sll s1, t4, 2 | s1 = t4 << 2;
0x0000fc00 lw t6, 0x18(a3) | t6 = *((a3 + 6));
0x0000fc04 lw t5, 0x1c(a3) | t5 = *((a3 + 7));
0x0000fc08 addiu s1, s1, -4 | s1 += -4;
0x0000fc0c lw a1, 8(a3) | a1 = *((a3 + 2));
0x0000fc10 slti s3, t4, 2 | s3 = (t4 < 2) ? 1 : 0;
0x0000fc14 addiu s5, t4, -1 | s5 = t4 + -1;
| label_1:
0x0000fc18 addu t8, a0, s2 | t8 = a0 + s2;
0x0000fc1c sll s6, a1, 2 | s6 = a1 << 2;
0x0000fc20 lw t8, (t8) | t8 = *(t8);
0x0000fc24 addu v1, t6, s6 | v1 = t6 + s6;
0x0000fc28 lw v0, (t7) | v0 = *(t7);
0x0000fc2c addiu a1, a1, 1 | a1++;
0x0000fc30 sw t8, (v1) | *(v1) = t8;
0x0000fc34 mult t8, v0 | __asm ("mult t8, v0");
0x0000fc38 mflo t8 | __asm ("mflo t8");
0x0000fc3c mfhi t9 | __asm ("mfhi t9");
| if (a1 == t4) {
0x0000fc40 beq a1, t4, 0xfd4c | goto label_5;
| }
0x0000fc44 sw a1, 8(a3) | *((a3 + 2)) = a1;
0x0000fc48 addiu s6, s6, 4 | s6 += 4;
| label_2:
0x0000fc4c sll v0, t9, 8 | v0 = t9 << 8;
| if (s3 != 0) {
0x0000fc50 bnez s3, 0xfcf4 | goto label_6;
| }
0x0000fc54 lw s0, 0x10(a3) | s0 = *((a3 + 4));
0x0000fc58 move t2, zero | t2 = 0;
0x0000fc5c b 0xfc6c |
| while (t3 != 0) {
0x0000fc60 addiu t2, t2, 4 | t2 += 4;
0x0000fc64 sw a1, 8(a3) | *((a3 + 2)) = a1;
| if (t2 == s1) {
0x0000fc68 beq t2, s1, 0xfcf0 | goto label_7;
| }
| label_0:
0x0000fc6c sll t1, a1, 2 | t1 = a1 << 2;
0x0000fc70 addu v0, t7, t2 | v0 = t7 + t2;
0x0000fc74 addu v1, t6, t1 | v1 = t6 + t1;
0x0000fc78 addu t3, t5, t1 | t3 = t5 + t1;
0x0000fc7c lw v1, (v1) | v1 = *(v1);
0x0000fc80 addu t0, s0, t2 | t0 = s0 + t2;
0x0000fc84 lw v0, 4(v0) | v0 = *((v0 + 1));
0x0000fc88 addiu a1, a1, 1 | a1++;
0x0000fc8c lw s7, (t3) | s7 = *(t3);
0x0000fc90 addiu s6, t1, 4 | s6 = t1 + 4;
0x0000fc94 mult v1, v0 | __asm ("mult v1, v0");
0x0000fc98 lw t0, 4(t0) | t0 = *((t0 + 1));
0x0000fc9c slt t3, a1, t4 | t3 = (a1 < t4) ? 1 : 0;
0x0000fca0 mflo v0 | __asm ("mflo v0");
0x0000fca4 mfhi v1 | __asm ("mfhi v1");
0x0000fca8 addu t8, v0, t8 | t8 = v0 + t8;
0x0000fcac mult s7, t0 | __asm ("mult s7, t0");
0x0000fcb0 addu t9, v1, t9 | t9 = v1 + t9;
0x0000fcb4 sltu v0, t8, v0 | v0 = (t8 < v0) ? 1 : 0;
0x0000fcb8 addu v0, v0, t9 | v0 += t9;
0x0000fcbc mflo t0 | __asm ("mflo t0");
0x0000fcc0 subu v1, t8, t0 | __asm ("subu v1, t8, t0");
0x0000fcc4 mfhi t1 | __asm ("mfhi t1");
0x0000fcc8 sltu t0, t8, v1 | t0 = (t8 < v1) ? 1 : 0;
0x0000fccc subu v0, v0, t1 | __asm ("subu v0, v0, t1");
0x0000fcd0 move t8, v1 | t8 = v1;
0x0000fcd4 subu t9, v0, t0 | __asm ("subu t9, v0, t0");
0x0000fcd8 bnez t3, 0xfc60 |
| }
0x0000fcdc addiu t2, t2, 4 | t2 += 4;
0x0000fce0 move s6, zero | s6 = 0;
0x0000fce4 sw zero, 8(a3) | *((a3 + 2)) = 0;
0x0000fce8 move a1, zero | a1 = 0;
| if (t2 != s1) {
0x0000fcec bne t2, s1, 0xfc6c | goto label_0;
| }
| label_7:
0x0000fcf0 sll v0, t9, 8 | v0 = t9 << 8;
| label_6:
0x0000fcf4 addu s6, t5, s6 | s6 = t5 + s6;
0x0000fcf8 srl t8, t8, 0x18 | t8 >>= 0x18;
0x0000fcfc addiu a1, a1, -1 | a1 += -1;
0x0000fd00 or t8, v0, t8 | t8 = v0 | t8;
0x0000fd04 sw t8, (s6) | *(s6) = t8;
| if (a1 < 0) {
0x0000fd08 bltz a1, 0xfd5c | goto label_8;
| }
0x0000fd0c sw a1, 8(a3) | *((a3 + 2)) = a1;
| label_3:
0x0000fd10 addu v0, a2, s2 | v0 = a2 + s2;
0x0000fd14 addiu s2, s2, 4 | s2 += 4;
0x0000fd18 sw t8, (v0) | *(v0) = t8;
| if (s2 != s4) {
0x0000fd1c bne s2, s4, 0xfc18 | goto label_1;
| }
0x0000fd20 lw s7, 0x1c(sp) | s7 = *(var_1ch);
0x0000fd24 lw s6, 0x18(sp) | s6 = *(var_18h);
0x0000fd28 lw s5, 0x14(sp) | s5 = *(var_14h);
0x0000fd2c lw s4, 0x10(sp) | s4 = *(var_10h);
0x0000fd30 lw s3, 0xc(sp) | s3 = *(var_ch);
0x0000fd34 lw s2, 8(sp) | s2 = *(var_8h);
0x0000fd38 lw s1, 4(sp) | s1 = *(var_4h);
0x0000fd3c lw s0, (sp) | s0 = *(sp);
0x0000fd40 addiu sp, sp, 0x20 |
| label_4:
0x0000fd44 jr ra | return v0;
0x0000fd48 nop |
| label_5:
0x0000fd4c sw zero, 8(a3) | *((a3 + 2)) = 0;
0x0000fd50 move s6, zero | s6 = 0;
0x0000fd54 move a1, zero | a1 = 0;
0x0000fd58 b 0xfc4c | goto label_2;
| label_8:
0x0000fd5c move a1, s5 | a1 = s5;
0x0000fd60 sw s5, 8(a3) | *((a3 + 2)) = s5;
0x0000fd64 b 0xfd10 | goto label_3;
| }
[*] Function strcpy used 1 times librtsaec.so